guys is there any tool to make me get any user access i want on a pc which i already have SYSTEM access on (like su on linux) , im having much problems with runas and psexec AVs say its a malicous tool , and also using these , u must know the password of the user , so any tool to solve this problem ?



im having two different probs one which is to login with a password protected user already on the machine , and the second thing which is easier is using an account i made to runas and run the reverse remote desktop if it was even possible (never worked for me , gives me error connection closed).

So basically you want to impersonate that user without him knowing and without knowing his password? I don't think that will happen. But why do you want to be that specific user, if you are the system then you should be able to access all of his files. And otherwise try to get his password so you can login using that account...

I'm of course assuming this is all legal what you are doing

If that user has encrypted some files, you can't access them without that user's permission, even if you are system. I tested it with two administrator accounts, and WinXP Service Pack 1, it gave that result.
And if you become administrator or system, you can freely delete a normal user's passsword. At least it is so in WinXP. Even if it's not known, it makes sense. Then logout and login as the user with new password. The disadvantage is that you have to tell the user his/her new password.
Have fun...

i know i could change the password and do what i want but then i still have to change it , i was asking if it was possible just like *nix su , as root u can impersonate any user without knowing the pass , here in windows i want to reach this ..

that's not possible. You would have to figure out his password one way or the other to use his account, but simply impersonating it isn't possible....

ok something i would like to ask to the people who tried it before maybe i will test this myself , could u keylog the password at the windows logon screen if u run a keylogger as NT AUTHORITY\SYSTEM ? If someone has an answer to this question please reply ..

services are started before you login (don't know if this only concerns SYSTEM services), so yes, it's possible, also vanquish (rootkit) uses this (mentioned in the readme).

If you have access to this test pc(i hope)
you could get the password hashes pwdump or somwthing like that

and then just crack the bugger

cracking is not easy and takes time and not reliable , but the keylogging is a very successful tool to data compromise and getting useful info .. anyway if someone have experienced the password logging from the windows logon please inform me ..

take a look at msgina.dll, it contains the actual function for logging into windows. You can set your own msgina.dll so that it will use your functions to login instead of the original one. This way you can write a dll, redirect all the functions and with the function actually working with the username and password you can redirect it after first have written the contents to a file.
This way you have a perfect keylogger for the loginscreen.

I'm 99,99% sure a keylogger won't work if run under a service, unless, you are writing a KMD which functions as keylogger, but this will be pretty hard, it is easier to use the custom gina...

Using pwdump or something similiar is your simplest option. And the cracking is simple and doesnt take much time.
We have our own sister (well maybe 2nd cousin twiced removed) community dedicated to password cracking using rainbow tables. You should check them out on irc.governmentsecurity.org #rainbowcrack or hxxp://plain-text.info