How to Gain Access to All Accounts on a School/work Network.

518,803

133

163

Introduction: How to Gain Access to All Accounts on a School/work Network.

About: Yo, d4m4$74 in da house!!! Sorry, I just had to say that. I'm d4m4$74 (or damasta, your choice) but you can call me Dick (but if you do, I'll burn down your house) I'm your average nerd and I'm still in th...

Hello everyone

I got a request to make this instructable.
I will explain to you how you get the password of the local admin, network admin, and everyone else on the network.

Disclaimer: This instuctable is for educational purposes only, doing this at your own school may get you expelled or worse.
Only do this when you have permission from the system admin.
Note: GETTING THE NETWORK ADMIN does not work everywhere, you have to be lucky.
Note: the files used do not contain viruses, no matter what the scan says, just press "don't do anything".

Step 1: YOUR TOOLS

If the computer you're hacking has an AMP (webserver with apache and php) you need one thing
  • An usb drive with a special PHP file I made. I'll give it to you during this instructable
else, you need two things:
  • A bootable linux distro (I use knoppix, but feel free to use everything else)
  • A usb drive with the programs "Saminside" (check insidepro.com) and "Fgdump" (on foofus.net/fizzgig)

and of course you need enough time and nothing to lose.

Step 2: GETTING THE LOCAL ADMIN Part 1 Version 1

Skip this if the target doesn't have a webserver

Boot the computer and insert your usb drive.
Copy the file called pwd.php in the htdocs folder on your webserver
surf with your browser to http://localhost/pwd.php
Don't type anything in the fields and click the submit button.

If the virus scanner gives you a warning try version 2 (you will need the program saminside and the linux distro)

You will be sent to the next page, download the file from the link to your usb drive and for the love of god REMOVE PWD.PHP AND THE JUST CREATED FILE FROM THE HARDDRIVE

you can skip version 2 and go to GETTING THE LOCAL ADMIN part 2

Step 3: GETTING THE LOCAL ADMIN Part 1 Version 2

Skip this if version 1 worked

turn off the computer and boot into linux using your CD
once it's booted get into the harddrive and go to WINDOWS/System32/config/. Then copy the sam and sytem files to your usb drive

boot back into windows, start Saminside and import the sam and system files, then export to pwdump

Step 4: GETTING THE LOCAL ADMIN Part 2

GETTING THE LOCAL ADMIN part 2

Now you've got the pwdump file open it in notepad
copy the line which contains the word admin or administrator onto your clipboard and go to http://plain-text.info.
Wait until lm has 0/2 or 1/2, click add hashes, paste what you copied into the messagebox, choose algorytm LM, enter the code and press send.

You will be sent to a list of hashes, yours is probably on top (the first lm)
F5 until the value is cracked, the value will be the password.

Step 5: GETTING THE NETWORK ADMIN Version 1

Skip this if the computer you're on doesn't have a webserver.

Wait until you see the network admin get behind a computer, find out the name of that computer (it's usualy written on the monitor) and open pwd.php in your browser again.
As user, type the admin username (the one you got with "getting the local admin") and the matching password. As domain you type the name of the targeted computer.
Press cache and press submit, download the cachedump file, open it with notepad and do as GETTING THE LOCAL ADMIN part 2 says.

Pick the one with an @ symbol in it, it's probably a network admin or another network user.
Also, remember the part behind the @, because it's the login domain

note: you may want to turn off the antivirus before doing this, just make a shortcut to taskmgr, run it as the local administrator (ya know the pass) and turn it off.

Step 6: GETTING THE NETWORK ADMIN Version 2

skip this if version 1 worked

Wait until you see the network admin get behind a computer, find out the name of that computer (it's usualy written on the monitor)
Start CMD as an administrator by creating a shortcut to cmd and running it as the admin (use the username and password gotten at GETTING THE LOCAL ADMIN)
go to the folder where you've put Fgdump and type:
*fgdump -w -h (name of computer) -u (stolen username) -p (stolen pass)
If you're lucky a file will be created with an cachedump extention, open it with notepad and do as GETTING THE LOCAL ADMIN part 2 says.

note: you may want to turn off the antivirus before doing this, just make a shortcut to taskmgr, run it as the local administrator (ya know the pass) and turn off the virus scan from there.

Step 7: GETTING ALL PASWORDS ON THE NETWORK

Find out the domain of the login server (it's shown on the login screen and it's in the cachedump).
Start the php file or cmd (depends on if you have used version 1 or 2 until now).
On the php script: as domain type the domain you just found, the username is the network admin's name and pass is his password. Select hash and the rest goes as in getting the local admin.
If you use cmd: go to the right folder and type
*fgdump -c -h (login server) -u (stolen username) -p (stolen pass)
in which the username and pass belong to the network admin.

Open the pwdump files and do as you've done twice before with the names of your choice.

Share

Recommendations

  • Tiny Home Contest

    Tiny Home Contest
  • Fix It! Contest

    Fix It! Contest
  • Creative Misuse Contest

    Creative Misuse Contest

163 Discussions

Reply if youd like more information

If I where you I would also not do this, because I don't know about you, I would not want to get a fine for my curiosity. I did something similar to this and I got in so much trouble, because my own ignorance got in control of me. I DO NOT RECOMMEND DOING THIS... DO THIS AT YOUR OWN RISK!!!!!!!!!!!

OMG! $5000 fine? You must have done a little bit more than just logging in on other peoples accounts...!

Ummm one year of ISS.... that would be stupid..... and you're making it up because it is NOWHERE NEAR reasonable.... ty for reading

0
None
yu3

1 year ago

To get access isn't hard but to dodge that "tracking back to your computer" is annoying, ofc ull be found out, the teacher can still see who intruded when from which pc.

Also isnt there an other way to get access? I mean when I could put usb/live boot smth just like that where ever I am i wouldnt be hard.

thank you anyway

Okay, I've been looking for a mentor, and this looks like a good place to start. If you are willing to teach or know of anyone willing to, shoot an email to this adress; hackandslash5.3@gmail.com

2 replies

Yes me tho .? my email : ggg123.ghls@gmail.com

0
None
AssadS3

Reply 1 year ago

bro, are u nl or be? I'm interested in doing this. Zou leuk zijn als je ff pm stuurt

uut0834opyg24gg35ogp ouuy6 v2otutuhyi6yiiyiyhh2lqgo2ituiigtygtu5t245utyy4rgurutgi2tutrtytytughhyn youutbeho4guggu4g2ogo2ouhhtpghpjhhjniithoyhohohihgugugywiu2uoo8tuh24gjm45uy5tu42ggb5tutu4ytuutyu2iueyreyeyrr

Get into any record through this amazing guy. my name is Rolan, i actually had a problem with my school when i was in 9th grade, i was unable to write some papers because i had got arrested for neighborhood domestic violence where i had to appear in court and therefore i missed my papers. but thanks to this wonderful guy actually he got introduced to me by a friend in russia and he was able to help me work on my school record and i was able to graduate successfully. call me a criminal but you dont know what i have been through surviving on my own but here i am today i own my business and i am making a decent living and enjoying a clean clear life. spiralhulkspy@gmail.com is wonderful when it comes to public and other kinds of records as he as helped my friends work on their DMV and other stuffs like that. he didnt ask me to make any sort of adverts for him i was just browsing through and i saw all the commnets so i thought i should just share him incase there is someone who is troubled by one thing or the other, we arent any saints after all.

1 reply

Rolen, when did you create your gmail account as it can verey if it works or not.. im actually an expert at this.

you should say how to prevent it as well otherwise there could be legal issues.

i tried this and never got caught, one reason is probably because I'm not doing anything that make the account i hacked a bad person i just revealed all their secrets and used it against them you may think I'm a horrible person but if you want to survive school you gotta have something to protect you like in the hunger games you can try to allies or kill them all and i decided allies is the only way to go so thanks

0
None
Cw11

2 years ago

Based on the comments I'm just gonna slow step away from this habit of trying to crack the admin password, just so I can add more virtual memory. Pretty ridiculous.

0
None
GameP1

2 years ago

Yeah don't do this guys, I did it in school and got passwords to just about every student in the school, I used a proxy a VPN everything, but they caught me, my computer privileges were revoked, I was given rest of the year OSS and 3 months ISS, DO NOT DO THIS, and chances are, if you're having to look this up on instructables, you shouldn't be doing this much of a risk.

hi guys theres some amzing things ive hacked unblocked text for the info

0
None
AmyW89

2 years ago

RSN saved my life, i was in a custody battle situation with my three year old daughter and my alcoholic ex-husband. He continues to defy safety restrictions and court orders, and I never able to catch him in the act. I was referred to remoteServersNework@Gmail.com. She totally understand my situation and guided me every step of the way to put a tracker on my ex-husband phone where i could track him from his phone, knew exaxtly what he was up to directly from my phone. Tell her from amy, she can hack anything

Well, thats one way, another would be to actually study some code, or if you are already on a computer on the local network.. find a vulnerability and make back-doors on multiple PC's (especially if you are assigned a PC). Have patience and wait to actually use a port that is open from a PC not on the local networks (if possible, the network has to be connected to the internet to do this). If you can get through to the modem, port forwarding would make it a breeze. "hacking" should be planned, but there should always be a moral code when you do it... changing grades hardly seems worth it, unless you have a teacher that doesn't grade fairly. (which can be dealt with in multiple ways)

1 reply

how long before they caught you