All Things Microsoft > Microsoft Software
Win2k Logon Hacks
morpheus:
Want to now even more? Get "Hacking Windows2000 Exposed", great piece of reading worth a ton of how-tos.
robzilla:
quote: On another note, if you need to recover your Administrator password and don't have this boot disk there is another way to do it if you know any normal user logon using CMD.EXE and LOGON.SCR. I posted that one in an earlier thread.
--- End quote ---
what do u mean logon using cmd.exe and logon.scr? im a bit of a noob at this...
[ May 02, 2002: Message edited by: robzilla ]
voidmain:
quote:Originally posted by robzilla:
what do u mean logon using cmd.exe and logon.scr? im a bit of a noob at this...
--- End quote ---
You know how on NT4 and NT2K when no one is logged on after 15 minutes the screen goes black and a "Press CTRL+ALT+DEL to logon" box bounces around the screen? Well that is the default users's screen saver. Screen saver files have a *.SCR extension. Well, when the screen goes black after 15 minutes the system has really executed the "LOGON.SCR" screen saver that can be found in the C:\WINNT\SYSTEM32 directory. In that same directory you will also find CMD.EXE which is the command shell for NT (command prompt). If you are logged on as a normal user (no Administrator access) you have the ability to make a backup copy of the LOGON.SCR file, then copy over LOGON.SCR with CMD.EXE "copy cmd.exe logon.scr". Now if you log off and wait 15 minutes guess what happens? Yep, a CMD prompt pops up with Administrator level authority. Now you can run any command you want as Administrator. Type "usrmgr" or "musrmgr" and change Administrator's password to anything you want. EXIT out of the CMD prompt and log in as Administrator. Bingo.... Copy the backup copy of LOGON.SCR back over the trojan version if you so choose, but then what's the point?
Calum:
useful for anybody to know, if they get physical access to an NT box... (like i may if i get this new job i applied for...)
Scorcher2005:
quote:Type "usrmgr" or "musrmgr" and change Administrator's password to anything you want.
--- End quote ---
how do i change the pw like that?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version