hello Huys!
here i came again with most wanted trick
So, a lot of people here should want to hack his school's network.
It can be really easy, and it can be quite difficult if your scholl have actives network administrators.
Anyway, you can do it following my tutorial, there are a lot of possibilities but I will explain the most efficients methods here...
So, Let's started !
#### Gain local admin privileges ####
It's very easy to gain admin privileges.
1st method :
(cmd not blocked)
How to open CMD?
-Press Windows+R ==> type "cmd.exe" in the box
or
-create a new text file, just write it inside :
Code:
@echo off
command
pause
just click on it.
In cmd, type :
Code:
net user *nameyouwantfortheaccounthere* /add
(dont write the stars)
and now type :
Code:
net localgroup Administrators *nameoftheaccount* /add
note :
For non-english computers, the group "Administrators" could not be the same, on french computers, it's called "Administrateurs", so for check what is the name of the group, just type "net localgroup" for see the list of groups on the computer
Now you can connect yourself on the local machine with an admin account
2nd method :
Just burn ophcrack on a dvd
ophcrack can be found here :
http://ophcrack.sourceforge.net/download...ype=livecd
If the BIOS of the computer is password-protected, go here and look for the software solution
Now boot the computer, and when you got the motherboard message, press a key for enter in the BIOS or in the boot-order menu (the key you have to press is different on a lot of motherboards, but it's generally DEL or F2, it's will be displayed on the screen)
Change the boot order and move the DVD to the first position.
Now normally boot the computer and ophcrack will started, in 95% of case, it will find the admin password of the computer.
If not, go to the 3rd method
3rd method :
Ophcrack didn't find the admin password? It's not a problem
Just boot on a linux live CD (i highly suggest Backtrack 4 for the following of the tutorial)
the live CD can be found HERE
Just start on the CD, and wait for the command prompt appears
now type in :
Code:
fdisk -l
We will say that the partition is called "dev/sda2" (It can be different on your computer!!!)
now type :
Code:
mkdir /mnt/xp
mount /dev/sda2 /mnt/xp
cd /mnt/xp
Now you are in the root of your windows partition, without any restrictions
just type :
Code:
cd WINDOWS/system32
Code:
rm sethc.exe
Code:
cp cmd.exe sethc.exe
and you're done.
Just reboot the computer and on the winlogon screen, just hit SHIFT key five times and the cmd prompt will appears.
Now just follow the 1st method and you can access to an admin account.
#### Gain Network Admin Privileges ####
Ok this must be the hardest part, but you can do it
So you need to know how is built your school network,it's not a problem, just go, with local admin account, to start>network or go to the control pannel and look at all the computers in the network.
You'll certainly find a lot of computers, search for a computer called "server" or with a name different to others
In my school, the server is called "server1"
try to click on it, it will certainly ask you for username and pass, you can give the pass of your limited account, and you'll certainly access only to the "normal" files that you can acces in normal time when you connect to the network.
So, you need admin passwords, you can succesfuly do it easily
1st method :
If you can access to a computer that is used by admins or teachers, just unistall the AV on the computer (easily done in control panel) and install this great tool, fakegina
downloadable here
Just move fakegina.dll into C:\WINDOWS\system32
and now press windows + R
type in : "regedit"
go to : "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
and create "GinaDLL" in "REG_SZ" with value "fakegina.dll"
OK you're done, just wait for someone connect to the computer, and the usernames and passwords of the users will be stored in "C:\WINDOWS\system32\passlist.txt"
wait for an admin connect to the machine, and voila, you got his pass.
passlist exemple :
Spoiler (Click to View)
2nd method :
No privilegiated users are connecting on the computer, it's not a problem, just intercept the packets send by the users to connect to the server.
Just download and install Cain & Abel
Now just google for ARP Poisonning and snif SMB packets, it contains the login informations of the user connecting, just decrypt it with cain and you're done.
You just have to wait an admin to connect on the network
3rd method :
Ok it's not really a skilled method, but it works well.
Just try to watch an admin or a teacher connecting to the network, try to see what is the password typed.
If it's only numbers, it can be a birthday date or something else
Social Engineering is also a good way to go.
#### Gain Full Access To The Main Server ####
Okay, once you've got an admin password, you'll want to have a fully access to the main server.
1st method :
Normally, the administrators are using remote desktop for having access to the main server.
Just try to connect to it : Start > accesories > remote desktop connection
And then,type in the box the name of the main server, in my school, it's "server1"
If you got access to an windows login screen, it's good!
Just try type the admin username and pass.
If it works, you're done, welcome to the main server of your school, you can do what you want
2nd method :
If it doesn't work, the server only got one account that can access to the server interactivly, generaly called "administrator"
So just try to find the password, maybe the same as the admin user.
if you don't find the password, use Cain & Abel and snif for RDP packets.
This packets are used when someone use the remote desktop for connect to the server, and they contains the username and the pass of the admin user that can access to the main server with remote desktop.
If you successfuly find packets, great, just open it and search for the password
And when you got it, just connect to the main server, and you're done
3rd method :
If you don't find any packet while sniffing, you can pentest the server.
Just use a backtrack live CD, use metasploit and autopwn the server (there are a lot of tutorials on hackforums and all over the internet), there are a lot of chances that the server isn't updated, so enjoy and try to find any vulns to the server
If metasploit succesfully find a vuln, you're done, and you'll access to a shell, ENJOY
#### What To Do With The Main Server ####
A lot of things...
But the first thing to do is to dump the hash of the server, google for fgdump and use it to dump the hashes of the server.
Now crack them with Ophcrack and you'll gain the password of all the accounts of your school, enjoy
Now you got all the powers, I recommend you to not do "funny" things and don't let any tracks, don't touch at the accounts, just access to the teacher's files (some of them store theirs test in their account folder) just enjoy and increase your grades
Do it silently and all will be fine
tested and approuved by me..
Thanks for reading
0 comments:
Post a Comment