• +
Privilege Escalation from Guest to Administrator (Windows 7/ Windows 2008)

Privilege Escalation from Guest to Administrator (Windows 7/ Windows 2008)

Bookmark

Type : Tips and Tricks

Level : Easy

day(Zeroday)

For some people like me, I think we will have a lot of password, from Facebook, yahoo, google, twitter, foursquare, digg, etc…etc. When we're remembering all of that password, we also must remember our PC/Laptop password. In the facts there's a few people accidentally forget their Windows Password(I try in Windows 7). Below is the tips how to get your computer back with the simple way.

Requirement :

1. The Script for Local Exploit. Because actually we do the Local Exploitation to our computer.

Download from mediafire.com :

Mediafire.com

Step By Step :

1. Download the script. This script actually is an exploit for Windows(but only for local system).

2. Open your command prompt(read here how to open command prompt). I put my script inside the "Local Exploit" Folder.

Privilege Escalation from Guest to Administrator (Windows 7/ Windows 2008)

3. Execute the script using cscript v4l.wsf.

Privilege Escalation from Guest to Administrator (Windows 7/ Windows 2008)

4. Now you already have new user test123 with administrator rights (username : test123; password : test123).

Have a try ๐Ÿ™‚

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • mrplus

    i'v tried to run the script on guest user right and this is the error msg:
     
    line: 202
    error: the handle is invaild
    code: 80070006
     
    for your easy work this is the 202 line: output.writeline " Task Scheduler 0 day – Privilege Escalation "
     

    • v4L

      #mrplus
      I think that’s already obsolete and maybe Windows already patched it(year 2010)
      so i’m wrong too ๐Ÿ˜› lol

  • mrplus

    sorry my bad
    i test it without cscript and on winxp
    sorry 
    and great day

  • mrplus

    lol 
    keep with your good work
    have a great day (:

  • Inquiry

    So how do I access the account? Please help I did everything now I want to use it

    • v4L

      #inquiry
      I can’t understand your question…you just need to download the script then run it…

  • Mark

    Where is the link man?

  • wurst

    i don´t get it, how to download the file. is it possible to send via mail or maybe so hint more, what to do?

  • wurst

    Hey, thank you. But, no Admin created … I used a normal user without admin-rights.

    • v4L

      #wurst
      This tutorial I wrote around sept 2011, maybe it’s a little bit out of date…fyi I try it on windows 7 SP0

  • jide stephens

    pleasse can you send me a different link to download he script..i hv no access to mediafire.

    • v4L

      #jide stephens
      neither I didn’t have access to download mediafire link(but i can upload the file). btw why you not try to find the premium link generator for mediafire?

  • Ubiquitous Black

    In your script you have the following lines

    a.WriteLine (“net user /add test123 test123”)
    a.WriteLine (“net localgroup administrators /add v4l”)
    a.WriteLine (“schtasks /delete /f /TN wDw00t”)

    Is this not going to add the use v4l to the administrators group and not the test123 account?

    • v4L

      #ubiquitous
      LoL ๐Ÿ˜› thanks for correcting, yes you can change it to test123

  • HashTable

    What language did you write the script in>

    • v4L

      #HashTable
      Windows Script File

  • PB

    When I run vsf file as in step-3, I receive error “Input Error: There is no script engine for file extension “.vsf”. Does anyone know how to get around it?

    • PB

      Never mind. Had typo in file extension.

  • PB

    The wsf file ran successfully. But when I try to login to the computer using MyComputerNametest123 with test123 password, I get error,” Invalid Username or Password.” Also, when I login using my non-Admin account, I do not see “test123” as user. The laptop belongs to my company. Does someone know what might be happenning here? Thanks!

  • Vendetta

    When I run the script, it only shows the “Microsoft (R) Windows……All rights reserved”, it didn’t show any other content, and it didn’t create the admin account

  • bronze93

    hi there
    i need your help
    1- changed administrator name in protector
    2- edited registry key of last admin user (aurum) so i can’t see in login screen
    3- i put autologon in aurum and it automatically became a home user
    4- superadmin protector is down and unactivated
    5- i tried to activate that with recovery mode with no positive results
    6- i tried this script and it returns me “v4l.wsf(221,6) 6)ADOBD.Stream: impossible to reach file
    7- format is a bad idea!
    thank for your help

  • Ikponmwosa Obaseki

    how do I perform local windows privilege escalation on a windows server