Author | Post | ||
Element |
Well, I hit a weakness finally in my school's network. By running control userpasswords2 from dos, I managed to change the local machine's admin account to a blank password. From there, I just logged in as the admin, dumped the password hashes from the lsass process and got passwords to the computer's local login. The only problem is, I still can't log in as the admin over the network under a domain. I can only do this on the local machine. So, by asking around in the tbs chatroom, I got the idea to use a keylogger to try and get some passwords and other useful information. But here is my problem now. The keylogger (I'm using a program called Perfect Keylogger that is made by Blazing Tools) is only running after the user has logged into the machine. So, in essence, I'm not really gaining anything but the knowledge that the kids in my school look at porn 24/7. So by doing a little more asking in the tbs chatroom, I was told that the only way that I could make the keylogger run from windows startup was if I added a service to do so. But when I googled this, I couldn't seem to get anything. So I was wondering if any of you happy hackers out there had any advice or me on this subject and could tell me how to create a new service. Any help would be greatly appreciated. Thanks |
||
16.09.2007 13:10:01 |
|
||
unknown user |
seriously, don't mess with your school's systems. you should be able to crack the hashes. Installing spyware/rootkit technologies on any system that is not under your control is risky. If you have to ask for our help. Trust me you shouldn't be taking these risks. It's simply not worth it. circumventing content filtering, which is usually pretty poorly implemented, is not really in the same league of things to do. |
||
16.09.2007 14:15:33 |
|
||
nosslived [none yet] |
cmd /k sc create cmd /k sc config Set Novell, or whatever is used for network logins, to depend on your service. |
||
Edited by nosslived on 16.09.2007 16:01:06 | |||
16.09.2007 15:58:51 |
|
||
occasus |
Perhaps a dumb question, but have you got phisical access in some way to the domain controller of your school? If that's the case, then there are several methods to get the right hashes (and even plaintext)... Regards |
||
Edited by occasus on 15.11.2007 18:16:47 | |||
15.11.2007 18:16:22 |
|
||
Element |
No, at the moment, I don't have any type of physical access to the domain controlller. |
||
22.11.2007 17:49:03 |
|
||
Degenerate |
Hmm, when a person goes afk, lock the pc, with the logger running. Requires right timing etc but should get you the password you need. But as Rhican said. Hacking school = bad idea. People tend to overreact at things they either a) Don't understand or b) Have spent time implementing for someone to come and abuse/break. or c) Put there to give themselves some legal safety Their argument for a content filter no doubt would be that they want you to be safe etc etc,but also that they dont want to get sued for some guy torrenting on their pipe etc. |
||
19.12.2007 10:52:45 |
|