Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Xp Admin Hack

Xp Admin Hack

Ratings: (0)|Views: 543 |Likes:
Published by api-3730049

More info:

Published by: api-3730049 on Oct 15, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less





exploit process
1. create a bootable floppy disk. a bootable floppy disk can be created by going
to windows explorer or my computer . from there, an ms-dos startup disk can be

recreated. after the bootable floppy disk is created, the following files can be
safely deleted to save space for later use:
\ufffd2. copy into the bootable floppy disk the ntfs file system recognition program.
one such example is sysinternal s ntfsdos v3.02r+. the file ntfsdos.exe is only
52kb and can be easily fitted into one disk.

3. copy compression program into the bootable floppy disk. there are a few
compression programs in the market, but the one i use is rar version 3.30 for dos.
after extracting all the files from the distribution file, only two files are

\ufffd4. boot target machine using the bootable floppy disk. if the target machine is

set up to boot from the floppy disk drive, then this step will just be putting
your disk into the drive, reboot the system, and have a sip of your favourite
drink while the boot up process is under way. otherwise, you will need to go to
cmos to change the bootable sequence. if cmos is password protected, a cmos
password cracker or physically resetting it might be required. but cracking cmos
password is outside the scope

scope of this document.
5. load the ntfs file system recognition program. if sysinternal s ntfsdos has
been put on the floppy disk, all you need to type at the dos prompt is: ntfsdos.
6. compress and copy the system and sam files into the bootable floppy disk. if
rar is used, all you need to do is to type the following two commands:
rar32 a m5 v system.rar location of system file\system
rar32 a m5 v sam.rar location of sam file\sam
location of the system and sam files are in the same location, which is:
d:\windows\ system32\ config

7. extract system and sam files from the bootable floppy disk. after the system
and sam files are compressed and stored into the floppy disk, they can be
extracted from the disk by using the following rar commands:

rar32 e system.rar
rar32 e sam.rar
\ufffd8. remove syskey protection in the system and sam files. this step may not be
necessary since i ve heard that some password crackers (used in step 9) can crack
password that is syskey protected, but it will take a longer time to crack. to
minimise the time used, two tools can be used to remove the syskey before cracking

Activity (7)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
seenuvasan1985 liked this
seenuvasan1985 liked this
Balwinder Singh liked this
emilibrahimov liked this
Krishnadasdesign liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->