Obtaining windows admin.

[david522]

my friends computer recently got a program put on it called "salfied child control 2009" The program basically limits him to web browsing. Installations are not possible nor is task manager or even cmd... We do not know the admins password so we tried accessing safe mode to go into the default admin account but for some reason his computer auto shut down at the safe mode start up screen. Is there any solutions to obtain the windows admin rights apart from the cmd hack which is not viable because cmd is disabled... Or a keylogger which requieres no install? thanks.

[arch]

I am going to assume that your friend is the rightful owner of the computer.
Note: I am using Windows XP. This process may vary slightly for Windows Vista.

All you need to do is download a live CD version of Linux and burn it. You will be able to use the live CD to boot in to Linux which will give you unrestricted access over the hard drive. Locate where the Windows file system has been mounted. (tip: Look in the /mnt directory).

If you can not find it, try issuing this command:

Code: Select all

mount /mnt/hda1

Navigate to the following directory:

C:/windows/system32/config/
It might look something like this:

Code: Select all

cd /mnt/hda1/WINDOWS/system32/config

Look for a file called SAM. This file contains the hashed passwords for all accounts on the system. If you delete this file, all of your passwords will be reset to blank.

Code: Select all

rm /mnt/hda1/WINDOWS/system32/config/SAM

When you are finished, restart the computer and take the CD out of the drive. You will boot back in to Windows and everything is exactly as it was. ...except the password file.

I hope this information helps.

Arch

[Aiden]

If you can boot to a CD, it might be worth looking into just booting to Linux just for general use, too. You can mount a USB drive if you need to keep data persistent between sessions as well. Just a thought

[mikefo]

You could also check out Kon-boot.

[Thor]

All the post above are good advice. One thing about resetting a password to blank, is of course the person who originally set it will eventually find out, especially if this is at home or something like that.

For purposes of just getting the password fairly quickly, I would say use something like backtrack, I know it has everything you need to dump the SAM fule and decrypt it.

For purposes of anonymity, I recommend using Druspth's idea of using any other linux live cd, and saving files to a usb while booted into the live distro. You'll find backtrack to be sort of a live distro. You'll also find a few more ways to get that coveted XP pass. Backtrack is easy though. I am gonna imagine that you don't have the required priveledges to install keyloggers and anything at all probably.

[SLaX]

The hard way is to get a hold of the SAM and crack it. But this is good if you don't want to be noticed. What I do for work is use WinKey. It basically does what Arch said, but in a matter of seconds. Its 180 dollars if you want to buy it, but I don't condone warez on public forums. :D

[rundata]

REMOVED

[Cool_Fire]

You can also use konboot and bypass the login alltogether.

[9c5]

Would it not be possible to visit websites based off ip instead of the url? I guess it would depend on the program blocking the websites.

[horze]

Salfeld child control 2009 really gives parents some power. A very good program in family's whit small children but surely a pain in the ass if your above 12 and your parents uses the program to the limit. I have no advise of how to go round it other than already given. Only wanted to add things to think about. The program makes is possible for parents to get an email each time that the PC starts up or shuts down, something to think about if there are some time limits added. Be sure of that the parents do not have an agreement whit the company that delivers the Internet connection that gives them a specified bill like a phone bill, if that is possible in your country.

[dimcode]

I am going to assume that your friend is the rightful owner of the computer.
Note: I am using Windows XP. This process may vary slightly for Windows Vista.

All you need to do is download a live CD version of Linux and burn it. You will be able to use the live CD to boot in to Linux which will give you unrestricted access over the hard drive. Locate where the Windows file system has been mounted. (tip: Look in the /mnt directory).

If you can not find it, try issuing this command:

Code: Select all

mount /mnt/hda1

Navigate to the following directory:

C:/windows/system32/config/
It might look something like this:

Code: Select all

cd /mnt/hda1/WINDOWS/system32/config

Look for a file called SAM. This file contains the hashed passwords for all accounts on the system. If you delete this file, all of your passwords will be reset to blank.

Code: Select all

rm /mnt/hda1/WINDOWS/system32/config/SAM

When you are finished, restart the computer and take the CD out of the drive. You will boot back in to Windows and everything is exactly as it was. ...except the password file.

I hope this information helps.

Arch

okay, this is good advice but I think that you could change a bit the command right after you've located and mounted the windows hard drive:

Code: Select all

mount /mnt/hda1

. After this, you could do

Code: Select all

cd /mnt/hda1/Windows/System32/

press enter and run this:

Code: Select all

cp sethc.exe sethc.bak

, press enter and enter a last line:

Code: Select all

cp cmd.exe sethc.exe

.

You're done, reboot, then before you log in, press shift 5 times, a command prompt will appear with System privilleges. You can then create another acount that gives admin rights: first type:

Code: Select all

net user yourusername yourpassword /add 

then type:

Code: Select all

net localgroup Administrators yourusername /add

.
Reboot and then login with your new account. You might want to add a pa