This is not a mailing list where we tell you how to hack. If you want to hang out with hackers, go play with IRC.
Notwithstanding, Windows NT does not support USB devices, so unless the BIOS supports booting from USB and that is switched on in the BIOS, you are stuck there. If the admin has done his job properly and you cannot introduce an external device, then you are left with the old physical attack of popping the top and introducing a second internal harddrive with your own OS on it. Windows NT suffered from hundreds of attach vectors, but you don't provide enough information to suggest a good one. If you can boot from USB then a bootable USB/CD/floppy drive is all you need to introduce anything you like in the way of rootkits or straight password reset/hack tools. However, if the admin is any good, he will have locked down the BIOS properly (as you suggest), will detect your attempts to add yourself to the local admins group or create local users and will have a way of automatically resetting group memberships and changing the local admins account password often enough that you can't keep up in your attempts to hack it. Given time, skills and physical access to a machine, it is only possible to truly keep out a would-be hacker with total drive encryption and intelligent network quarantining. A technique I once used years ago involved an early version of L0phtcrack with a built-in hash sniffer. The sniffer was run on a laptop (configured in a workgroup of the same name as the domain) and waited for the SMS server to try and install the client app, whereupon the password hash of the SMSAdmin account was captured and cracked offline. That provided a domain admin account that allowed me to elevate to localsystem with the AT job hack and from there clear the policies out of the registry and do what I liked locally or anywhere on the domain. It's an old technique and unlikely to work these days, but it's enough to get you thinking on the right lines. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 22 November 2007 13:32 To: [email protected] Subject: Windows NT Desktop Hi All, I was wandering if anyone could help me with the following Background There are couple of PC's (Windows NT) which are part of a domain (say XYZ). For the users of this domain the USB, CD drive etc. are disabled. The commond prompt , RUN option, Regestiry and BIOS is also disabled. Also the admin has done the hardening at desktop level and not at domain level The PC's have access to an application on remote server via html login. All the processing is done online and nothing is stored locally Objective and ethical test that needs to be done I want to get local admin rights or somehow change the privilge levels to enable USB or Floppy drive. The other option is if I could access other domains thru this one. It would be nice if someone could suggest a methodology or approach
