This post is about cracking. Lolz, I was kidding. It’s about small tricks you can play with friend’s computer :)
My friends (kavin, David) and I have played many pranks over our friends when we were kids(school). One such was cracking their mail account passwords through forgot password attack. The most comical thing was we got the required information from the victim himself. We gave back their accounts after they requested us (Pleaded/threatened).
This is a small incident that happened in my XI std. Kavin and I sat up in front of the computer and opened up the forgot password page of yahoo. We typed in our friends id, started filling out the form. We knew all the details for he was my close friend. To our surprise, he had given all original info including his d.o.b. But here is the obstacle – the security question came up in front of us. “What is the name of your first school”. He was my school mate :D Anyways, to confirm if he had studied in that school from kindergarten, we called him up -
- ArunKumar C: Hi da. how are you?
- Victim: yup fine.
- ArunKumar C: Hey, I have got a seroius doubt. Are you studying in Alpha from kindergarten?
- Victim: yup, why are you asking?
- Arunkumar C: Thought you were from DAV and kavin said you were in Alpha from the beginning. Just wanted to check it up.
- Victim: lol ( ;))
- Arunkumar C: okay bye da.
Amazingly, he had set his school name to the real one and we had his password set comfortably :) We never looked into his inbox and after sending some teasing mails from this account to his other account, we mailed this password too ( ETHICS :) )
Moral of this incident: Never fill up all true details in your account and questions put to protect passwords should not ask for publicly known information :|
The latest prank I played on my friend is to change the windows account password. If you already don’t know how to do this, know how it can be done before your friend plays this prank on you.
To change the password of a windows account, just the username and net user command are more than sufficient. It’s likely that the victim is the administrator of the computer. This means that he isn’t a limited user. Usually all accounts in windows are admistrators except the guest user. A limited user executing a command to modify a user account will be prompted that he doesn’t have permissions.
The net user command is the provision given by microsoft to manage user accounts through command line. If I have a user account named “arunKumar”,
net user arunkumar fanofakc
would change the password of arunkumar to fanofakc.
This is how I changed my friend’s password. I opened up notepad, typed the command to change her password and saved it with .bat extension. I sent the file over to my friend and asked her to execute it. She clicked thinking it would do something interesting but finally got her password set to fanofAKC (ARun Kumar C).
You may not run any bat files sent by your friend. But beware, it might have been bundled along with a software and read me instructions. You wouldn’t run a file named “setup.bat” which would trigger the installer of the original software? What if this code was put after the code to trigger the original set up file. This just requires typing few lines using notepad and anyone can do this. The sofware would get installed and you would have no clue after your password had been changed. This isn’t a serious issue, but can be annoying.
I came to know about this when my friend Karthikeyan tried to play the prank on me. He sent me the bat file. I read the contents before I executed it. I googled up for the usage of net user command and didn’t use it. So to prevent all these kind of pranks and for more security – always have a single administrator account, one or more limited user accounts and before running a bat file, look into it.
