How to bypass authentication on Windows Server 2008 R2



In this article we will take a gander at the fact that it is so natural to sidestep validation and reset the head secret key on a Windows Server 2008 R2 establishment. This procedure expects us to have physical access to the machine that is running the Windows server or approach the administration interface of the hypervisor when Windows Server 2008 R2 is running virtualized. This isn't an incredible 'hacking' procedure that can be utilized to pwn all Windows establishments yet it is progressively a sysadmins final resort trap when nothing else takes a shot at an overlooked secret key. What's more, in some different circumstances it is unquestionably helpful and proves to be useful when you require it. Particularly exactly when you've bargained the organization board of the hypervisor programming. This sort of access enables you to control the virtual machines as though you had physical access to it, including the capacity to utilize boot plate and change framework documents. On the other hand you can apply this strategy when have some sort of physical access to a host.rs.

A few months back I was leading an infiltration test on an arranged Windows condition that was running on a VMware hypervisor. The earth contained an area controller and 3 application servers that were running Windows Server 2008 R2. Other then the Windows machines I additionally experienced a couple of Linux based system and go down gadgets. As it was not hard to trade off the machines on this system I could get to the VMware vSphere organization board as overseer in a beginning time of the infiltration test. This entrance level enabled me to reset the chairman watchword utilizing a boot CD lastly login to the Windows Server with director benefits. In the take after areas I will clarify how I did this and how you can secure your Windows establishments from applying this procedure.

Resetting the administrator password on Windows Server 2008 R2

The beginning stage of this instructional exercise is a machine with Windows Server 2008 R2 Enterprise that has been booted with a boot CD. In this illustration we've utilized the Hiren boot CD (HBCD) however you can utilize any option boot CD too, including a Windows establishment circle. In the wake of booting the framework from the boot CD explore to the accompanying catalog of the drive that contains the Windows Server 2008 R2 establishment:
In this index you will locate an executable record named 'Utilman.exe'. Utilman is a little utility that is utilized to design openness alternatives, for example, the magnifier and the on-screen console. What's so uncommon about Utilman.exe is that we can execute this program before signing in the framework. We can do this by tapping the little 'openness' catch in the base left corner of the Windows logon menu:

The ‘accessibility’ button to launch Utilman.exe displayed at the left.

Since we approach the/Windows/System32 registry we can swap out the Utilman.exe program with the cmd.exe program. When we swap out these applications we can begin cmd.exe with framework benefits rather than Utilman.exe when squeezing the availability catch in the logon screen. Starting here we can reset the director secret word and utilize it to login. 

To start with we will rename the Utilman.exe program to Utilman.exe.old as following:

Rename Utilman.exe to Utilman.exe.old
The next step is to rename cmd.exe to Utilman.exe as following:
Rename cmd.exe to Utilman.exe. You can also copy cmd.exe and rename it so you can still use cmd.exe after logging in to Windows
Since we've swapped Utilman.exe with cmd.exe we just need to reboot the machine into Windows and tap the availability catch on the login screen. Not surprisingly this will dispatch a charge line rather than the openness alternatives:
Utilman.exe as cmd.exe
The next step is to change the administrator password as following:
Change the administrator password.
At long last we can logon Windows with the new director certifications
Windows Server 2008 R2 Enterprise signing in with the new administrator credentials.

Comments

Post a Comment

Popular posts from this blog

Fake WAP

Image
Fake WAP There are a horde of things out there that goes under the general name 'hacking.' But what precisely are these demonstrations and what is the completely most effortless one for programmers to finish? This is a stealth assault, similar to a lethal ninja, known as a phony remote access point (Fake WAP). You may likewise know it as a 'man in the center' assault. Programmers can do this effectively enough, taking your information covertly with the goal that you're unaware. More regrettable yet, you'll HELP them do it! A VPN is your vital component to ensuring this doesn't transpire, regardless of the possibility that you do fall into their trap. As a reward, I get the chance to add pictures of ninjas to this post and it absolutely bodes well. What is a fake wireless access point This is the point at which a programmer utilizes a basic bit of programming and a remote system get to card. They will utilize these and go out into the general
Read more

The Secure Socket Tunneling Protocol

Image
The Secure Socket Tunneling Protocol This segment depends on a prerelease adaptation of Windows Server 2008. All data in this is liable to change. Virtual private system (VPN) bolster in Windows XP and Windows Server 2003 enables you to interface with your private intranet over the Internet, similarly as though your PC was connected to a neighborhood Ethernet port. Nonetheless, the VPN conventions in Windows XP and Windows Server 2003 don't work for some firewall arrangements what's more, for some circuitous arrangements, for example, when your PC is behind a Network Address Translator (NAT) or Web intermediary server—in which the movement for VPN associations is being blocked. To determine these challenges, Windows Server® 2008 and Windows Vista Service Pack 1 incorporate help for the new Secure Socket Tunneling Protocol (SSTP). VPN Access Problems In Windows® XP and Windows Server 2003, the VPN conventions that empower remote access associations with an intranet
Read more

Shift cipher

Image
Shift cipher Modular Math and the Shift Cipher The Caesar Cipher is a type of  shift cipher . Shift Ciphers work by using the modulo operator to encrypt and decrypt messages. The Shift Cipher has a  key K , which is an  integer from 0 to 25 . We will only share this key with people that we want to see our message. How to Encrypt: For every letter in the message  M  : 1.  Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number  X . ( A=0, B=1, C=2, ...,Y=24, Z=25) 2.  Calculate:  Y  =  (X + K)  mod  26 3.  Convert the number  Y  into a letter that matches its order in the alphabet starting from 0. (A=0, B=1, C=2, ...,Y=24, Z=25) For Example:  We agree with our friend to use the Shift Cipher with  key K=19 for our message.  We encrypt the message  "KHAN",  as follows:​ So, after applying the Shift Cipher with key K=19 our message t
Read more