How can I get admin in my school's computer?
More info here:
I am attempting to access the local administrator account on the computers at my school in the Madrid area to explore the limits of system security, as I am curious to test my scripting skills. The scenario consists of two distinct zones: a technology classroom with legacy HP Compaq 8100 Elite SFF units (Intel i5-650, 8GB RAM, 298GB HDD) running Windows 10 without encryption, and a library with modern HP units running Windows 11 Pro Education with HP Wolf Security, all managed under an educational domain with BitLocker enabled. My strategy is to boot the unprotected machines using a Hiren’s BootCD live USB to access system files, with the goal of checking if I can use the same administrative credentials on the encrypted library machines to bypass restrictions. I would like to consult the community on a few key points to improve my understanding of these systems. First, is there any way to access an administrator account and view its actual password in plaintext without modifying, changing, or resetting it using commands or Hiren’s tools? My goal is to identify the default password used on the technology machines to attempt to use it on the library computers, where BitLocker encryption prevents any password modification. Additionally, is there a way to detect if LAPS is deployed in a domain without triggering alerts in the EDR or the central server? I am also curious if there is any hardware attack scenario, such as LPC bus sniffing, that is viable for accessing the BitLocker key in a professional environment. Finally, I would appreciate recommendations on how to execute Python audit scripts legitimately without modern defense systems like Windows Defender or HP Wolf Security blocking them immediately. Any technical advice to better understand these systems would be appreciated.