A Wetpaint Site

Welcome to Naveen Hacking World

How to hack the password of EVERYONE on a school/work network

Hello everyone

Today I present to you: The only network admin hacker ever posted on this site. (If i'm wrong just pm me)
I got a request to make this content, I will explain to you how you get the password of the local admin, network admin, and everyone else on the network.

Disclaimer: This instuctable is for educational purposes only, doing this at your own school may get you expelled or worse.
Note: GETTING THE NETWORK ADMIN does not work everywhere, you have to be lucky
Note: the files used do not contain viruses, no matter what the scan says, just press "don't do anything

Step 1:YOUR TOOLS

If the computer you're hacking has an AMP (webserver with apache and php) you need one thing

An usb drive with a special PHP file I made. it is down u can download

else, you need two things:

A bootable linux distro (I use knoppix, but feel free to use everything else)
A usb drive with the programs "Saminside" (http://www.insidepro.com/eng/saminside.shtml) and "Fgdump" (http://www.foofus.net/fizzgig/fgdump/)

and of course you need enough time and nothing to lose.

pwd.zip

380 KB

Step 2: GETTING THE LOCAL ADMIN part 1 version 1

Skip this if the target doesn't have a webserver

Boot the computer and insert your usb drive.
Copy the file called pwd.php in the htdocs folder on your webserver
surf with your browser to http://localhost/pwd.php
Don't type anything in the fields and click the submit button.

If the virus scanner gives you a warning try version 2 (you will need the program saminside and the linux distro)

You will be sent to the next page, download the file from the link to your usb drive and for the love of god REMOVE PWD.PHP AND THE JUST CREATED FILE FROM THE HARDDRIVE

Step 3: GETTING THE LOCAL ADMIN part 1 version 2

Skip this if version 1 worked

turn off the computer and boot into linux using your CD
once it's booted get into the harddrive and go to WINDOWS/System32/config/ and copy the sam and sytem files to your usb drive

boot back into windows, start Saminside and import the sam and system files, then export to pwdump

How to hack the password of EVERYONE on a school/work network - Hacking

step 4GETTING THE LOCAL ADMIN part 2

GETTING THE LOCAL ADMIN part 2

Now you've got the pwdump file open it in notepad
copy the line which contains the word admin or administrator onto your clipboard and go to http://plain-text.info
wait until lm has 0/2 or 1/2, click add hashes, paste what you copied into the messagebox, choose algorytm LM, enter the code and press send

you will be sent to a list of hashes, yours is probably on top (the first lm)
F5 until the value is cracked, the value will be the password.

step 5GETTING THE NETWORK ADMIN version 1

Skip this if the computer you're on doesn't have a webserver

Wait until you see the network admin get behind a computer, find out the name of that computer (it's usualy written on the monitor) and open pwd.php in your browser again.
as user, type the admin username (the one you got with "getting the local admin") and the matching password, as domain type the name of the targeted computer
press cache and press submit, download the cachedump file, open it with notepad and do as GETTING THE LOCAL ADMIN part 2 says.

pick the one with an @ symbol in it, it's probably a network admin or another network user
also, remmember the part behind the @, because it's the login domain

note: you may want to turn off the antivirus before doing this, just make a shortcut to taskmgr, run it as the local administrator (ya know the pass)

step 6GETTING THE NETWORK ADMIN version 2

skip this if version 1 worked

Wait until you see the network admin get behind a computer, find out the name of that computer (it's usualy written on the monitor)
Start CMD as an administrator by creating a shortcut to cmd and running it as the admin (use the username and password gotten at GETTING THE LOCAL ADMIN)
go to the folder where you've put Fgdump and type: fgdump -w -h (name of computer) -u (stolen username) -p (stolen pass)
If you're lucky a file will be created with an cachedump extention, open it with notepad and do as GETTING THE LOCAL ADMIN part 2 says.

note: you may want to turn off the antivirus before doing this, just make a shortcut to taskmgr, run it as the local administrator (ya know the pass)

step 7GETTING ALL PASWORDS ON THE NETWORK

Find out the domain of the login server (it's shown on the login screen and it's in the cachedump)
start the php file or cmd (depends on if you have used version 1 or 2 until now)
on the php script: as domain type the domain you just found, the username is the network admin and pass is his password. Select hash and the rest goes as in getting the local admin
if you use cmd: go to the right folder and type fgdump -c -h (login server) -u (stolen username) -p (stolen pass) in which the username and pass belong to the network admin

Open the pwdump files and do as you've done twice before.

naveen98859	Latest page update: made by naveen98859 , Aug 24 2008, 1:32 AM EDT (about this update About This Update Edited by naveen98859 16 words added 15 words deleted view changes - complete history)
	Keyword tags: how to hack net work how to hack network password how to hack work group More Info: links to this page

Threads for this page

Post a new thread

There are no threads for this page. Be the first to start a new thread.

JavaScript must be enabled in order for you to contribute to this site.
To start contributing, enable JavaScript by changing your browser options, then try again.

Home

	Subject:
	Message:
	Quote:
	Tags:
	Category:	General Discussion