Friday, July 12, 2013

Unprotecting XP Adminstrator

If you have access to a windows XP administrator system, you might want to find the default screen saver file that loads when the users are logged off. What I did was, rename logon.scr to a temporary name, and place a renamed copy of cmd.exe to logon.scr in the position.

Now when the windows tried to load the screen saver while the administrator was logged off, an unprotected command prompt opened. All you've to do to reset the password is:

net user administrator password

Now if you're thinking how will you get it to a system where you do not have access to a logged in administrator account? Create a .bat trojen and social engineer the original admin into running the file. The .bat file will do it all for you. Once completed, you can just wait at his terminal for the screen saver to load.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.