Getting into your relatives computer
So just recently my father passed away, he died of cancer at the age of 57. He was a computer freak just like me. He was always interested in hacking and doing cool shit with electronics.
Anyways, so he left behind his laptop, no living will or any real information on his financial situation or what he wanted to happen at his funeral which is understandable, the cancer was very fast. So my first thought was to to start guessing passwords and after 5 minutes realized that this sucked and I needed to try something else.
So Backtrack is a hackers wet dream wrapped up in a live cd. All the security and hacking tools that you would ever need. It’s also what lets you read all the windows files. So I plugged in a usb stick and started searching through all files/folders grabbing what I could and placing them on the usb stick.
The hack that gets you admin
So after awhile of not being able to login into his account, I thought well shit, I got all his files and folders lets start playing around. After a little bit of searching on how to crack his SAM file with backtrack I stumbled upon this link that showed a cool way to spawn a command prompt.
I can’t find the article anymore but the steps where like this:
- Boot into backtrack using the live cd.
- Mount the windows drive just by clicking on in it the file manager.
- Go to the Windows/System32 folder
- Copy sethc.exe to a backup like sethc.exe.bak
- Copy cmd.exe over the original sethc.exe
- Reboot the computer into windows
- At the login screen where you enter the password hold down the shift key
- A command prompt opens up with admin access
So now an admin console window is open, now you just have to add a new user account
- net user /add username password
- net localgroup administrators username /add
- reboot the computer into windows
Once the user has been added to the admin group, you should see the user in the login screen. All you have to do now is login with your username and password. Go to the control panel and change the OTHER users password, then logout and login as the user.
So all this took about 10 minutes to do, not so bad to get admin access and get what you need.