dslogo1.gif
Home
Tutorials
Password Crackers
Dictionary/Word Lists
Unix
Encryption
Port Scanners
Privacy/Anonymity
Trojans
Contact/About Me
The Lighter Side
Proxy Servers
Password Managers
Anti-Trojan/Virus
Personal Firewalls
Anti-Spyware
Secure File Deletion
Internet Cleanup Tools
PC Access Control
System Utilities
Email Security
Instant Messengers
Virus Creation Software
IRC
Web Development
Digital Soldier M.A.M.E
Digital Soldier Wallpaper
Digital Soldier Emulation
Digital Soldier Javascripts
Digital Soldier Games Spot

Introduction to Hacking, Part VI

Introduction to Hacking, Part VI
The Windows Registry
by euDaemon
euDaemon@email.ro
The Liberation of Information Specialist Team
L_I_S_T@email.ro

Disclaimer (I have to do this so that I don't get into trouble): "We, whoever we are at the current time, are not responsible for your actions as the result of anything, especially such things that pertain to this site. If your ignorance of local, state, and/or federal laws pertaining to anything mentioned to or hinted at by us lands you in a position you don't like (i.e prison, jail, or the liable end of a lawsuit), remember that it is not L.I.S.T., it's members, God's, Jesus's, Allah's, Jehovah's, or anybody else's responsibility but your own. We didn't make you do anything, nor would we. It is also the intention of this disclaimer that we hold to, not it's exact wording: if you think there's a legal loophole that you've found that holds us liable for you're actions, you're most likely right. However it is the spirit of this disclaimer that should be followed.

This time, we're going to be looking at the Windows registry, a very important tool for Windows 9x (and NT, for that matter). I have also included some more ways to break into Windows 9x, so that you can get to the registry in the first place.

Okay, the Windows registry is probably the most powerful tool on a Windows computer. Whoever controls the registry basically controls the computer.
However, the registry is really hard to find if you don't know where to look. Good old Microsoft comes through again. I guess Microsoft didn't want stupid people to stumble across it and screw up their computer. Anyway, to find the registry, go to the Start menu, click on Run, then type "regedit". This will open the Registry Editor. Note: you can also run regedit.exe from DOS. This can be very useful, especially with a boot disk.

The registry contains everything in Windows 9x (and NT). It has passwords, links, startup processes, and everything else. Before doing any of the following procedures, I strongly recommend that you have everything backed up.

Okay, now, once you're in the Registry Editor, you should see something like this:

    HKEY_CLASSES_ROOT
    HKEY_CURRENT_USER
    HKEY_LOCAL_MACHINE
    HKEY_USERS
    HKEY_CURRENT_CONFIG
    HKEY_DYN_DATA

I think that these are the same on all Windows 9x machines. If you've messed with the registry before, then you know that it's a real pain to try to figure out what the hell you're doing. Microsoft made regedit so that it barely shows you any information about the keys (that's what they're called).

Luckily, us hackers have a way around this. I don't know of any hackers (of the few that deal with Windows 9x) that use regedit to edit the registry. Okay, now click on HKEY_CLASSES_ROOT. Now click on Registry, then on Export Registry file. You can name it whatever, just make sure that it ends with .reg and you remember what you named it. Now, make a backup copy of it just in case you do something drastic (on purpose or accident, it doesn't matter). Open it with notepad (if it's too big, use Wordpad). Don't double-click on it; this'll just import it back into the registry. You should see something like this:

    REGEDIT4

    [HKEY_CLASSES_ROOT]

    [HKEY_CLASSES_ROOT\CLSID]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B323F8E0-2E68-11D0-90EA-00AA0060F86C}]
    @="StillImage"
    [HKEY_CLASSES_ROOT\CLSID\{B323F8E0-2E68-11D0-90EA-00AA0060F86C}\InProcServer32]
    @="C:\\WINDOWS\\SYSTEM\\sti.dll"
    "ThreadingModel"="Both"

    [HKEY_CLASSES_ROOT\CLSID\{BDC67890-4FC0-11D0-A805-00AA006D2EA4}]

The stuff is {} braces on three of these lines are encrypted passwords (For those of you that are wondering, yes, this is from my computer, but don't worry, I changed them around a bit in case anyone thought they were smart). Now, it is not easy to tell what password goes to what, so you might as well delete them all. This will take a while, so make sure you have plenty of time (of course you could always just search for the braces, and make life a lot easier). Also make sure that you have backed it up so that you can replace it when you're done. When you're done editing, double-click on the file to import it into the registry.

After you're done, you'll have to reboot for the changes to take effect. Now, you shouldn't have to enter passwords for anything. Life just got a lot easier. When you're done, import the originals back into the registry. If your victim doesn't know a whole lot about computers, then you can leave your edited registry files there for future use. If he doesn't know what the hell they are, then he probably won't mess with them.


Okay, some more ways to break into Windows. One thing I found is that on a machine with Windows 98, you will need to hold Ctrl instead of F8 to get to the boot menu.

Theoretically, if there is a security program of some kind running on Windows 95, like at a school or workplace or something, you could press Ctrl+Esc after you login, but before the start menu and desktop icons have loaded. This would open taskman.exe, the task manager, before explorer.exe loads, which would enable a user to run programs before explorer loads.

One problem, not really common, but still a problem, is CMOS. Some people think that they're smart and use a CMOS password, which the system requires before it goes through any of the boot process, making life a real pain. The best way I know of (unless you can guess the password) is to get a CMOS cracking program. A couple examples are XCMOS and debug. You can generally find these at any good hacking website. Try searching with Hotbot, and you're bound to find something.

One thing that I neglected to mention in Part II under fun stuff (I can't believe I didn't put this in there) is the ever-versatile Back Orifice. This is available at http://www.cultdeadcow.com/. Back Orifice basically lets you do all kinds of nifty stuff with someone else's computer, all remotely. You can shut it down, get passwords, and all sorts of crap. One problem is that any halfway recently updated virus-scan program will catch it.

Well, that's all for this time. I don't know what I'll write about in the next part. I'll probably go back into Unix for the next part. Well, till then, don't get too cocky with your newfound hacking skills.

The most incriminating weakness of a hacker is his ego.

-eD