Jump to content
xisto Community
BooZker

Need To Hack An Admin Account On Xp... No Problem! Its so easy to hack an account youll be amazed

Recommended Posts

Actually, you're probably right. I remember back when i had a Toshiba craptop it wouldn't use regular keys to get into bios or safe mode.

I can confirm that keys to get into the BIOS can vary. I have a Gateway, Dell and a unbranded computer and not all of them share the same keys to get to the BIOS. Guess they are using different BIOS chip, or they custom their BIOS chip.

Ok, I need some help now with securing my Windows XP. Something was wrong and I need to go into safe mode and there it is. An admin account that did not need a password. There is actually 2 admin account listed. One was my account with my login and the other just have the name "Administrator". After reading through this topic, it seems like there are tonnes of way to access Windows XP if you have physical access to the computer. My question now is, any suggestions to better secure Windows XP? And how to I delete the default "Administrator" account in safe mode?

Share this post


Link to post
Share on other sites

I tried the F11 trick on a Dell computer with XP pro.0. The system was running perfectly.1. I powered down.2. Powered up.3. Pressed F11 keys several times.4. Received "No system disk".5. Powered down again.6. Powered up without touching anything.7. "No system disk" again.So, I simply had to re-install Windows again. So, for me, trying this was a bad experience.

Share this post


Link to post
Share on other sites

I can confirm that keys to get into the BIOS can vary. I have a Gateway, Dell and a unbranded computer and not all of them share the same keys to get to the BIOS. Guess they are using different BIOS chip, or they custom their BIOS chip.
Ok, I need some help now with securing my Windows XP. Something was wrong and I need to go into safe mode and there it is. An admin account that did not need a password. There is actually 2 admin account listed. One was my account with my login and the other just have the name "Administrator". After reading through this topic, it seems like there are tonnes of way to access Windows XP if you have physical access to the computer. My question now is, any suggestions to better secure Windows XP? And how to I delete the default "Administrator" account in safe mode?

Of course, in the long run the only way to prevent someone determined enough from breaking into your account is to remove physical access to it.
Now, to better secure XP, padlock your computer case, password the BIOS, set it NOT to boot off a floppy, cdrom, or usb, disable the guest account, remote access, remote desktop, etc. Disable fast user switching and use the classic logon, enable syskey for double protection. To delete the default administrator account, go to Windows>Run>Compmgmt.msc
then
Local Users and Groups>Users>
and it will display a list of all accounts. you can right-click and delete it, as long as you've made another administrator account. A safer thing to do is rename Administrator to something uncommon, so that someone trying to bruteforce the admin account will come up against a blank wall, which to discover his error will cost time for a serious hacker, and probably defeat a novice script kiddie. Or just disable the account.
From this compmgmt window you can assign rights to all the various user accounts on the computer. You can change any password for any account, or disable/delete them. This isn't the most technical way to do things, but for starters it's good. Others here with more knowledge of registry editing and other modes can expound on that.

A separate layer of protection can be found with PGP version 9.0 or higher. Whole Disk Encryption PGPs the full hard drive, and requires a password on boot. or a program like PC security can provide similar features.
Edited by Grafitti (see edit history)

Share this post


Link to post
Share on other sites

Just for fun, I tried hitting the F8 key in order to try hacking an admin password. It allowed me to choose failsafe mode, and then asked me the admin password.It accepted my own user password, but refused entering the administrator account without giving the administrator password.I think enterin failsafe mode helps hacking only if there is no password on the administrator account. Which arrives sometimes, but a lot of computers have a password on the admin user account.

Share this post


Link to post
Share on other sites

When i was at school, i found it impossible to get an admin account without, using an expensive "hacking" program which i refused to use. It was an xp (i finished last year), but it was different you had to type your user name and password, instead of just clicking on your username picture. Of course i did not try [f11] because it was last year, but if anybody knows if it is the same or if it is different. I will try and get some friends to try it, from last year but i doubt it will work. ANY IDEAS? :):)

Share this post


Link to post
Share on other sites

@Jimmster : 1) The topic of this post was not on the way of giving you an admin account, but how to erase a possword if you happened to forget your own password. Then, you erase the password and set a password you remember. You cannot do this on another computer, because the real owner of the computer will not be able to connect, then he will know he has been hacked, and he will re-install correctly the PC, and you will have no admin rights again.2) Security people have rather high salaries. When they sell programs, or when they sell their services, they ask for a lot of money. I think this is rather normal. A standard guy has to permanently take backups of his files, in order to be able to re-install his computer from scratch everytime a problem occurs (including password loss). If this guy prefers to pay something else to to the job, he will have to spend money for that.3) Is it normal that a guy asks you money for something which you could do for free using a Linux knoppix CD ? I say "why not ?" It's the same problem as washing my car. If I want to wash my car, it will cost me almost nothing (except water, spoon and time). If I want something else to do the job, he will ask me some money for that. Such is life.

Share this post


Link to post
Share on other sites

It seems funny that all are talking about various versions of Windows, when the Topic Title clearly mentions '...on XP' :) But anyway, I tried out what was mentioned in the first post, and here's what I concluded-

Yes! The trick works, on Windows XP Home Edition without SP 2. I got that at my friend's place, and he was bewildered at what his brother could do to his PC as an Admin if he knew this!!! ;)

No! I does not work with Windows XP Professional Edition with SP 2! That's my PC, and boy I was glad it didn't! :)

This concludes that Microsoft was made aware of the vulnerability and it corrected itself in the Service Packs, like so many other bugs! So, its a tradition of Microsoft of leave bugs unnoticed in the first place and then correct them using heavy-loaded Service Packs! :D

Share this post


Link to post
Share on other sites

It seems funny that all are talking about various versions of Windows, when the Topic Title clearly mentions '...on XP' But anyway, I tried out what was mentioned in the first post, and here's what I concluded-Yes! The trick works, on Windows XP Home Edition without SP 2. I got that at my friend's place, and he was bewildered at what his brother could do to his PC as an Admin if he knew this!!!
No! I does not work with Windows XP Professional Edition with SP 2! That's my PC, and boy I was glad it didn't!
This concludes that Microsoft was made aware of the vulnerability and it corrected itself in the Service Packs, like so many other bugs! So, its a tradition of Microsoft of leave bugs unnoticed in the first place and then correct them using heavy-loaded Service Packs!


OK, thanks. finally someone figured out how this works. So Home without SP2 works and this doesn not work on professional with SP2. Does this work on Professional without SP2 or Home with SP2? That is what i would like to know. Post if anyone trys those two alternative ways.

Share this post


Link to post
Share on other sites

the point of this post was how easy XP is hacked. Why is it this easy? Is there software to prevent this? I'm not worried about my PC, but what about others?

This is NOT a hack... this is a delibrate design in the software.
Windows was delibratly programmed to do this.

ALL multi-user OS's have this design built in.

All Computer Security assumes that the machine is being acessed via a network,

Once a person with malicous intent is in the same roomas the computer, then all security is worthless.

you could remove the hard disk, and user a differant computer use Md5 Injection to alter passwords..

you could install a hardware keyloger to get encryption keys.. anything.

Share this post


Link to post
Share on other sites

What's the plot with all of this?You can't access a NT-based windows "even in safe mode" without knowing the Administrator's password, unless it's blank. (Don't you realize that normal people when find a password box, they think that there is a password that is protecting the access to the system, and this is not mandatory...?).If you intend to boot from safe mode because once then there reapears the "administrator login" from the menu, why don't log in as administrator without safe mode restrictions?, just press <ctrl>+<alt>+<del> twice, and you get the old fashoned login box of NT/2000 systems, then you change the current username to "Administrator" and leave the password empty. If the person that installed the XP is really naive, it left the Administrator password blank, thinking that you cannot access this computer if you cannot find the "administrator icon" at the login screen.My ex-boss parted some months ago from the company i work for, and he didn't tell anybody the password of the computer he used at office. One of the assistants needed to get some reports that were inside that PC, so she tried to log in for 5 days. Once i was felt ashamed of myself for not helping her, i tried the trick mentioned above. so after 1 minute, i was logged in as administrator and changed the passwords for all users. I told here to bear my child, but she told me she's a daughter with her husband though.

Share this post


Link to post
Share on other sites

It also requires that you already haven't set a password for the default admin account. Also, you can get to the admin account by manually typing the name in at the "welcome" screen by doing [ctrl]+[alt]+[del]The bet is, this person didn't even try it in his/her own computer.

Share this post


Link to post
Share on other sites

This is not really any kind of hack. If the original user that installed Windows did not set a password for the Administrator account, then it will be left blank. Anyone can gain access as long as they just hit Enter for the login.

 

The workaround mentioned by JeremyShaw can be done in normal mode. If you get the Welcome Screen with only the icons to choose from, you can actually force the old login dialog box to show up by hitting ctrl+alt+del twice. If you already see the login box, you can just type in Administrator for the username and leave the password blank.

 

For those that don't have a password for the Administrator, it's recommended that you create one.

Share this post


Link to post
Share on other sites

net user Administrator *

when I type this, it asks me the Administrator password. So, if I don't know this password, it's useless. And, if I know administrator's password, I don't need to hack the system...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.