Ok i search around on board and nothin helped me.

Ok I wanted to gain admin locally on a computer that only has a Limited account. I can get into the Limited account but i was wondering is there anytools to give me admin rights or install a Admin account that I would be able to login with? Gui or Cmd Toolz would be good.

by local do you mean physical access to the computer? or are we talking more like you have network access to a limited account?

It's called a shatter attack. Do a Google search for "shatter attack" in quotes.

see any windows local SYSTEM exploit , u should find some if the windows isnt updated frequently

if u have physical access use one of the rescue boot cds that mount NTFS and give u the capability to change or remove the password of a given user ..

also try to press ctrl alt del twice at logon screen and try to login with Administrator with null password may work ..

You could give this a go:
http://www.governmentsecurity.org/forum/lo...php/t13845.html

Sometime in the near future I'll give it a whirl at school and see what happens.

I Have succesfully worked out using the above methos, and i Shatter attacks do rule if you have physical access. ( wounder why it isnt so popular )

well my question is, We have a Win2K Advances server, for which the Admin account is not known ( emp left ) and we dont have any other accounts on that system. CHNTPW or Other boots disks doesnt have support for Advanced Server.

Can anyone throw some light

could give the psexec method a try

dl psexec (pstools) from sysinternals and run psexec -s cmd.exe
dunno if it will work on advanced server, and you might need admin priveleges to run it anyway

@bonarez: idd you need admin rights as it will create an service with psexec which will run under SYSTEM as services run under the SYSTEM account at default..
and that service will give you the SYSTEM priviledges needed..

Serhat

besides all the ways described above u can also simply add a new admin user. in cmd.exe run these commands:

if u dont have axx to cmd.exe make a bat file...

I dont have even a single account on that system

It is NTFS,
With only the Admin account. ( for which i dont know the password )

i need to login to the system some how.

well i got physical axx but Im trying to figure out a way with out messing with the BIOS or running anything at boot up. Im tryin to make it nice quick and slick.

Well if you got physical access to the pc i hear that you can press F12 on reboot and it will reset the administrator password. But i have never tested it but if i do i'll let you guys know of the results.

use a linux live cd and mount the partition. then get the admin hash out of the register and start cracking it

don't think that's what he's searching for Gelu

for the live cd he has to boot the pc, he wants to do it in windows

if you run a local xploit just as boshcash said, it will work

F12 is the boot menu...

i think he means F8 and hopes that the admin password isn't set (XP home issue).

bootup with another OS and rename the C:\WINNT\system32\config\SAM file.
then restart and the admin account will be blanked out again.
Now you have admin access, but if you want to have access while the old accounts are still available then copy C:\WINNT\system32\cmd.exe to C:\WINNT\system32\logon.scr
and startup the system.
Once you are at the login screen let it wait until it hits the screensaver. Instead of the screensaver a commandprompt will popup with system access. It is now a piece of cake to add another admin to the system using the following command:


then to add the user to the admin group:


i hope this helps

start -> run -> "cmd"

at <one minute from now, 21:26 for me>21:26 /interactive cmd

Close the cmd window.

One minute from now, a new cmd window will pop up.

In that new window:
net user <new username> <new password> /add

net localgroup administrators <your username> /add

Close the window.

All done

like i said i need a way with out messing with the BOT and that net user stuff

dont work if your account is already limited.