Today we will show you one of the Windows hack tricks. This one is kind of dangerous and kind of scary at the same time. We are going to tell you how to get full administrative rights to your domain or local machine. So, let’s get to it.
We are running Windows Server 2012 environment and we have Hyper-V installed inside our Active Directory. This machine is a part of the Active Directory and we are actually going to use it.
We have user that’s logged in. This user is not an Admin account, it’s only a domain user. That means, if this user want to do some damage to network he must run Command prompt as Administrator at first. And it is going to say “No” because this account hasn’t Administrative rights. But there is a way to do this!
All you need is your Windows 7, Windows 8, Windows 8.1 or Windows 10 DVD. Just put it inside your machine and boot from it.
When you get to the point, what you need to do is hold the SHIFT + F10 at the same time. You will get a nice little Command prompt. Now you need to locate where is your Windows folder. To do that just use C:. After that type in dir.
If it says that File Not Found, try the same thing with the D: drive.
Now we need to type in cd windows\system32, because this where all the magic happens.
Then we need to copy sethc.exe file that Windows uses to authentication. We can do that using the command below (we need to do that because you never know what is going to happen next):
copy sethc.exe ..
After that you need copy file:
copy cmd.exe sethc.exe
Once it is done, close Command prompt and reboot your machine.
Now, when you are in Login section, you just need to press SHIFT key 5 times. It’s going to open up Command prompt.
Normally you would see CMD.exe, but now it is sethc.exe. That’s exactly what we want.
From here we are going to run whoami command. This will help us to log in as a network authority system that has full control to your machine.
If you want to check it, just type in net user. You will see that your account has all the access right here.
Remember guys, we are hackers, so we can do another thing to damage the network — we can create a new user with full rights.
Just enter the following command:
net user tnhacker p@55w0rd /add
We just added tnhacker user. You can check it out by using net user command again. Account is there now. It’s a guest, but we can easily change this role.
Type in command:
net localgroup administrators tnhacker /add
Close it out and log into Account that we’ve just created.
Let’s see if we can run a Command prompt as an Administrator. This time we are not getting a dialog box asking for a username and password. Now we have full Administrative rights.
Hopefully you enjoyed this article and you learned something new. If you have any comments or concerns or questions, just leave them in the section below.