Training accounts in Windows

The company has a machine dedicated for our department staff to access the Internet, send and receive emails, and download information uploaded via the Internet. Of course, sometimes at noon, some people chat and send and receive mails. Each of us has our own account on this machine, and each person keeps his password. Of course, there is a long-cherished MM account here. One day, when I was surfing the Internet, I was wondering if I could go to the MM account to check it out? Collect some useful information for me? Hey, of course there are still some content that can be viewed under my account, but it's better to go in and see it!

The first thought was to use SAMInside for brute-force cracking (of course LC5 or LC4). After two minutes of operation, I found it unwise to use this mental retardation method. I had to deal with simple passwords, besides, this machine is public, so I can't master the running password, right? Later I thought about a Trojan and thought it was inappropriate. In the middle school, I went to the top of all users and expanded the attack surface. Besides, other colleagues were not waiting for me! Is there no way? I finally thought of a solution after a long time. (If you use this method to soak up mm, you must pay the royalties )!

We know that on the control panel-> Administrative Tools-> Computer Management-> Users can change others' passwords, as shown in 1:

Figure 1

Changing the password of other accounts does not require the original password (How does Microsoft do this ?), However, the disadvantage of changing the password here is that after I modify the MM password, I will not change it back to the original password. It must be discovered by MM.

Windows account information is stored in two places: one is stored in the SAM file, and the other is stored in the HKEY_MACHINESAMSAM folder of the Registry. After walking through the registry, SAM found that, the account information can be exported and imported (the Administrator must have operation permissions on SAM ). Here, you will surely find a solution. The method is as follows:
C:> regedit
Open HKEY_MACHINESAMSAM and we will see that there is no information in it. In fact, there is information, mainly because our permissions are insufficient. Generally, we are Administrator, and the SAM folder can only be accessed with SYSTEM permissions, how can I open the account information under SAM? Disable Regedit first, and then execute:
C:> regedt32
Find the HKEY_LOCAL_MACHINE window, select SAMSAM, and click permission settings in the menu. At this time, we can see that the Administrator group only has special permissions, and the SYSTEM account does have all control permissions! Now we can change the Administrator permission to full control, so that we can access information under SAM.
Run c:> regedit again. Then we can see HKEY_LOCAL_MACHINESAMSAMDomainsAccountUsers000040D and Xiaoming (note that zqy is the MM account), where 0000040D and zqy correspond one to one. 2.

 
Figure 2

Click zqy. We can see the zqy attribute, whose type is 0x40D. In this case, the corresponding value under Users is 0000040D. Click zqy, right-click the export function, save it as zqy. reg, and right-click 0000040D to export it as zqy2.reg, OK. Then go to computer management and clear the MM password. Then, of course, the login will be successful. Haha!

Next, of course, let's take a look at the websites frequently visited by MM, document records, and then use the tool (Cain2.5 I used to directly click the "+" number above, after reading this, you must clear the trace.) You can view the MM email password, Forum password, and so on ...... When you see the phrase "I really want someone to take my hand to have a barbecue" left by MM on the Tianya forum, you certainly know what I will do next, haha.
After checking all required information, clear the log and exit. Of course it's not finished yet. You have to export the MM password back. It's easy to go back to your account and import zqy. reg and zqy2.reg (permission required!

In this way, I have become a Windows user without a trace. It is not difficult to go to the unique door without shadows, right? I wrote the first article with many shortcomings. I hope you can read it again!