Arti dari akses fisik disini adalah bila anda memiliki ijin untuk dapat memakai komputer tersebut dan terutama anda dapat memasukkan disket ke dalam komputer korban.
Mungkin anda termasuk orang yang terlampau dibatasi pemakaian komputernya oleh admin di lab/kantor anda, sekaranglah saatnya anda malampaui batas anda ;) Pada artikel ini anda akan belajar bagaimana menghapus password Administrator dan kemudian bisa menggantinya sesuai dengan keinginan anda.
Baiklah kita mulai saja, tapi sebelumnya saya mau pesan bahwa artikel ini saya tulis untuk pengetahuan semata !! Bila terjadi hal yang tidak diinginkan, itu di luar tanggung jawab saya. Hal ini perlu saya sampaikan agar jangan ada yang menuntut saya karena satu dan lain hal.
Yang kita butuhkan adalah sebuah Bootdisk image yang dapat didownload di http://home.eunet.no/~pnordahl/ntpasswd/bd040116.zip .
Setelah didownload segera ekstrak dan jalankan file install.bat, tapi sebelumnya masukkan sebuah disket kosong ke dalam floppy disk drive anda. Ketika file install.bat dijalankan, maka sebuah floppy disk yang bootable akan dibuat. Nah, disket inilah yang akan kita gunakan untuk melakukan hack.
Setelah bootdisk selesai dibuat, restart komputer anda dengan membiarkan disket tadi tetap di floppy disk drive. Mungkin anda perlu mengatur boot sequence agar ketika booting yang pertama kali diboot adalah floppy disk drive.
Bila disket anda berhasil diboot, maka tinggal ikuti petunjuk saja. Berikut adalah cuplikan dari program tersebut : ( komentar saya akan diawali dengan tanda '-->')
[#] tampilan yang muncul pertama kali
*******************************************************
This utility will enable you to change the password of almost* any user (incl. administrator) on an Windows NT/2k/XP installation* WITHOUT knowing the old password.* * The program is now able to actually parse/follow the internal* registry structure completely.* There is now support for adding and deleting keys and values.* Tested on: NT3.51 & NT4: Workstation, Server, PDC.* Win2k Prof & Server to SP3. Cannot change AD.* XP Home & Prof: up to SP1* Now also works with syskey, read warnings if applicable.** You may either let the scripts try to figure out your configuration,* or you may do it manually from the shell prompts.* * Good luck!Press return/enter to continue[#]
tekan enter
* In /etc/main.rc....Calling scsi.rc to probe for SCSI controllersMounting floppy to fetch drivers from /scsi on itSCSI-drivers found on floppy:BusLogic.o.gz aic7xxx.o.gzDo you have your NT disks on a SCSI controller?y - this will autoprobe for the drivern - no, skip SCSI, I have IDE drivesor give the scsi-driver modules name (without the .o or .gz)+ optional parameters to go directly for a known driverProbe for SCSI-drivers: [n][#]
tekan enter
Calling part.rc to select partitionPartitions found on the disk(s):Device Boot Start End Blocks Id System/dev/hda1 * 1 1859 14932386 7 HPFS/NTFSProbable NT partitions:/dev/hda1 * 1 1859 14932386 7 HPFS/NTFSWnat partition contains your NT installation?[/dev/hda1] :[#] tekan Enter
FAT: Did not find valid FSINFO signature.Found signature1 0x66024a1e signature2 0xc88b6602 sector=4.VFS: Can't find a valid FAT filesystem on dev 03:01.mount: wrong fs type, bad option, bad superblock on /deb/hda1,or too many mounted fil systems/dev/hda1 is NTFS.Trying to mount as readwrite on /mntNTFS volume version 3.0.Success. Mounted NTFS /deb/hda1 on /mntCalling path.rc. to select pathWhat is the full path to the registry directory?[winnt/system32/config] : [#]
tekan enter-rw------- 1 0 0 65536 Jan 15 09:00 AppEvent.Evt-rw------- 1 0 0 65536 Jan 15 09:00 default-rw------- 1 0 0 65536 Jan 15 09:00 default.LOG-rw------- 1 0 0 65536 Jan 15 09:00 default.sav-rw------- 1 0 0 65536 Jan 15 09:00 netlogon.ftl-rw------- 1 0 0 65536 Jan 15 09:00 SAM-rw------- 1 0 0 65536 Jan 15 09:00 SAM.LOG-rw------- 1 0 0 65536 Jan 15 09:00 SecEvent.Evt-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY.LOG-rw------- 1 0 0 65536 Jan 15 09:00 software-rw------- 1 0 0 65536 Jan 15 09:00 software.LOG-rw------- 1 0 0 65536 Jan 15 09:00 software.sav-rw------- 1 0 0 65536 Jan 15 09:00 SysEvent.Evt-rw------- 1 0 0 65536 Jan 15 09:00 system.sav-rw------- 1 0 0 65536 Jan 15 09:00 TempLey.LOG-rw------- 1 0 0 65536 Jan 15 09:00 userdiff-rw------- 1 0 0 65536 Jan 15 09:00 userdiff.LOGWhich hives (files) do you want to edit (leave default forpassword setting, separate multiple names with spaces)[sam system security] : [#] tekan enter
Copying sam system security to /tmpNow running chntpwchntpw version 0.99.0 030112, (c) Petter N HagenHive's name (from header) (\SystemRoot\System32\Config\Sam)ROOT KEY at offset: 0x001020File size 32768 [8000] bytes, containing 7 pages (+ 1 headerpage)Used, for data: 319/26472 blocks/bytes, unused: 6/1976 blocks/bytes.Hive's name (from header): (SYSTEM)ROOT KEY at offset: 0x001020File size 2555904 [270000] bytes, containing 584 pages (+ 1 headerpage)Used, for data: 44209/2524072 blocks/bytes, unused: 19/9048 blocks/bytes.Hive's name (from header): (SYSTEM)ROOT KEY at offset: 0x001020File size 49152 [c000] bytes, containing 11 pages (+ 1 headerpage)Used, for data: 859/42568 blocks/bytes, unused: 5/2136 blocks/bytes.Hello, this is SAM!Failed logins before lockout is : 0Minimum password length :
0Password history count : 0
====== chntpw Main Interactive Menu =====
Loaded hives: (sam) (system) (security)1 - Edit user data and passwords2 - Syskey status & change- - -9 - Registry editor, now with full write support!q - Quit (you will be asked if there is something to save)
What to do? [1] [#]
Nah, karena kita akan mengganti password Administrator maka tekan saja enter
==== chntpw Edit User Info & Passwords ====
RID: 03f2, Username: (Administrator)RID: 03f2, Username: (gandhi)RID: 03f2, Username: (Guest), disabled or locked*Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)or simple enter the username to change: [Administrator][#]
tekan enter (user Administrator yang akan direset)
RID : 032fUsername: Administratorfullname:comment :homedir :Account bits: 0x0215 =[ ] Disabled [ ] Homedir req. [ ] passwd not req. [ ] Temp. duplicate [X] Normail account [ ] NMS account [ ] Domain trust ac [ ] Wks trust act. [ ] Srv trust act [X] Pwd don't expir [ ] Auto lockout [ ] (unknown 0x08) [ ] (unknown 0x10) [ ] (unknown 0x20) [ ] (unknown 0x40) Failed login count: 0, while max tries is : 0Total login.count : 7Account is disabledCrypted NT pw : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00Crypted LM pw : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00MD4 hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00LANMAN hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00* = blank the password (EXPERIMENTAL! but may fix problems)
Enter nothing to leave it unchangedPlease enter new password: *[#]
Anda akan diminta untuk memasukkan password untuk menggantikan password Administrator, lebih baik anda langsung enter saja, yang berarti passwordnya ditinggalkan kosong.Blanking password. This may actually fix things if previous password-presetdid not work. Or it may even make things worse. Happy joy!Do you really wish to change it? (y/n) [n] [#]
ketik y Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)or simple enter the username to change: [Administrator] [#]
ketik !===== chntpw Main Interactive Menu =====Loaded hives: (sam) (system) (security)1 - Edit user data and passwords2 - Syskey status & change- - -9 - Registry editor, now with full write support!q - Quit (you will be asked if there is something to save)
What to do? [1] [#]
ketik q
Hives that have changed:# Name0 (sam)Write hive files? (y/n) [n] : [#] ketik yCalling write.rc to select write back sam fileAbout to write file(s) back! Do it? [n] [#] ketik yWriting sam* end of scripts.. returning to the shell..*
Press CTRL-ALT-DELL
to reboot now (remove floppy first)* or do whatever you want from the shell..* However, if you mount something, remember to umount before reboot* You may also restart the script procedure with 'sh /scripts/main.rc'#
Nah, selamat ! Sekarang restart komputer anda dan anda dapat login dengan username Adminisrtator dengan mengosongkan password. Selanjutnya ? terserah anda ;)
No comments:
Post a Comment