|
Introduction to Hacking, Part II
Hacking into Windows 9x
by euDaemon
The
Liberation of Information Specialist Team
L_I_S_T@email.ro
Disclaimer (I have to do this so that I don't get into
trouble): We, whoever we are at the current time, are not responsible for your actions as the result of anything, especially
such things that pertain to this site. If your ignorance of local, state, and/or federal laws pertaining to anything mentioned
to or hinted at by us lands you in a position you don't like (i.e prison, jail, or the liable end of a lawsuit), remember
that it is not L.I.S.T., it's members, God's, Jesus's, Allah's, Jehovah's, or anybody else's responsibility but your own.
We didn't make you do anything, nor would we. It is also the intention of this disclaimer that we hold to, not it's exact
wording: if you think there's a legal loophole that you've found that holds us liable for you're actions, you're most likely
right. However it is the spirit of this disclaimer that should be followed.
I. Introduction
II. Hacking into Windows
III.
Fun stuff
IV. Conclusion
I. Introduction
You might think that hacking is extremely complicated and you
need to be a rocket scientist to figure any of it out. For some hacking, this is just about true. However, if you know much
about Windows at all, or MS-DOS for that matter (for those of you who have only been subjected to Windows 9x, MS-DOS (usually
just called DOS) is an ancient Microsoft operating system (OS) on which Windows originally ran on top of), then you've probably
hacked and not even known it. If you've ever edited a .ini file to cover your tracks on the web browser, that's a form of
hacking. If you've ever edited a shareware program so that it wouldn't stop working after ten days, that's a form of hacking.
If you've ever fooled with the Windows registry, that's a form of hacking. Okay, I hope that I've gotten my point across by
now. For those slow people out there, my point is that hacking can be extremely easy.
For this file, I'm going to
assume that you have no previous hacking experience. I'm also going to assume that you have physical access to the machine
you want to work on. Now, I'm going out on a limb for you guys, because I never like to assume (If you've ever read anything
by the great Dick Marcinko, you know it makes an ASS out of U and ME). Anyway, here are some very simple ways to get into
Windows 9x. There is nothing advanced in here; this file is just for newbies.
II. Hacking into Windows
Okay,
the very simplest way to hack into Windows 9x is this: If they don't have a CMOS password, and don't have any security programs
running, you could probably just press the "Cancel" button or press <Esc> at the login window. From here you could probably
do just about anything you could do if you had a username and password. Another option is to boot it up in Safe Mode. Safe
Mode looks really ugly, but you can probably do whatever you want, since it doesn't need a username and password. To do this,
However, if they have some kind of security program or are smart enough to figure out enough about Windows to configure
it so that you can't do anything from the default screen, you'll probably want to get your hands on a username and password.
The password files are located in the C:\windows directory, and end with .pwl. What you'll want to do is hold <Shift>
while the computer is booting. This is called a "bare boot." This will put you into MS-DOS. Get yourself into the C:\windows
directory (type "cd windows"), then type "dir *.pwl". This will list all files ending in .pwl. Now, the first part of some
of these files are usernames, and of some others the first part is a password. If you want to try matching up some usernames
and passwords, go ahead. You may be able to match some. Even if you can't, the best way to learn is to try out things.
Okay,
so you weren't able to match up any users and passwords. Now what? Well, you can just delete them. Before I tell you how to
do this, though, know that you should make backups of them if you don't want anyone to know you've been there. If someone
thinks someone else has been into their computer, the first place they'll check is the .pwl files if they know what they're
doing. So, instead of deleting them, we'll just rename them: type "ren *.pwl *.xxx" (xxx can be anything you want it to be;
just remember what it is). Now the computer thinks that there are no users, and you can type in any password you damn well
feel like. Nifty, eh?
Now, if you try to press the keys during startup and nothing happens, it's probably because of
the msdos.sys file. Probably the easiest way to break into a computer when the boot keys are disabled is to use a boot disk
(speaking of which, you should have one; if you don't make one. Just go to the Control Panel, click on Add/Remove Programs,
then Startup Disk. Follow the directions). Just put the disk into the floppy drive before you turn the computer on. It should
start up in DOS. Type "c:" to change to drive C:\ (normally the hard drive). Now you can do whatever you want. Oh, by the
way, for those of you with absolutely no experience in DOS, here's some commands ([dir] represents the name of the directory,
and [path/file] represents path and file names, like c:\windows\msdos.sys):
dir
Displays the contents of the current directory
cd [dir]
Change to sub directory [dir] ("cd.." moves up a directory)
copy [path\file] [path2\file2] Copy file
move
[path\file] [path2\file2] Move file
ren [path\file] [path2\file2] Rename, basically
the same as move
del [path\file] Delete file
type
[path\file] Displays file contents
edit [path\file]
Opens file in MS-DOS editor
md [dir] Make directory [dir]
There
are plenty more, but this should get you started. For help, type in "help" or "help [command]" where [command] is the command
you want help on.
Okay, now that you're a DOS genius, it's time for you to edit the msdos.sys file. Make sure you
made a backup just in case, make sure you're in the C:\windows directory, and type (you should know this now) "edit msdos.sys".
Now, if "BootKeys=0" or "BootDelay=0" is in there anywhere, then that's what you're problem was. "BootKeys=0" will disable
the boot keys, and "BootDelay=0" will give you absolutely no time to press them. Delete these from the file, then exit (press
Alt+F, X). Now, everything should be fine.
III. Fun Stuff
As you should have guessed by now, the real power
of Windows doesn't lie in Windows at all. Rather, it lies in DOS. Now, there are lots of fun things you can do from DOS. There
are three files that are absolutely critical to any Windows machine (Actually, there are quite a few more, but I won't tell
you about them yet). They are: config.sys, msdos.sys, and autoexec.bat. The config.sys, msdos.sys, and autoexec.bat files
basically tell the computer what to do during the boot process. These are easily edited with the MS-DOS editor (just type
"edit [filename]").
This section is for those of you who want your target to know that someone has broken into his
computer.
One thing that I like to do is write an infinite batch loop, and place it in the autoexec.bat file. To do
this, type "edit [whatever you want to call the damn thing].bat" at the DOS prompt. Make sure it ends in .bat. Now type in
the following:
@ECHO OFF This tells the computer not to display what it's doing
on the screen
:Loop You can call this whatever you want; it's
just a place identifier
ECHO You blow! This tells the computer to display "You blow!"
on the screen
GOTO Loop This tells the computer to go back to :Loop and run everything
below it
Now, in the autoexec.bat file, type in "CALL [whatever you called it].bat". You can put this anywhere you
want to in the file, as long as it's before "win" Now, whenever your target boots their computer, they'll see the screen repeatedly
display "You blow!" or whatever you told it to display until they press Ctrl-C or restart their computer. Pretty easy, huh?
For those of you that want to learn how to program, probably the easiest programs to write are batch files. You can find more
info on how to write them in DOS help.
Or, alternately, you could write a file that displays "Formatting C:" when the
computer boots up. Just be careful that they don't have a heartattack. Or, if you are really really mean, you could actually
format their hard drive. Or, you could write a line in the autoexec.bat file to format their hard drive (I forget the switch
you need to format without it prompting for verification, though, you'll have to look it up for yourself if you want to do
this).
Something else you could do is press F1 or Ctrl-Alt-S or whatever (it depends on the computer) during startup
to get into Setup. The computer will tell you what you have to press to get into it. From here, you can configure all kinds
of nifty things.
IV. Conclusion
If you see anything interesting, play around with it. After all, a hacker's
greatest asset is his curiosity. However, it is also his worst enemy, so be prepared for the worst. If you're working on your
own machine, as you should be doing, before you try to break into someone else's computer, make sure everything is backed
up and that you have a boot disk. If you're on someone else's computer, back up everything you mess with, just in case. And
know that if you get caught, you could end up with a trip for one to the brig for the summer.
Hope for the best, but
plan for the worst.
-eD
|
