windows.html

黑客培训教程

<html>
<head>
<title>Local Windows hacking for newbies</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#000000" text="#ffffff" link="#ffffff" vlink="#ffffff">
<div align="center">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
  <tr>
    <td width="693">
      <pre>
                        :::::::::   ::::::::  :::::::::  ::::::::::
                        :+:    :+: :+:    :+: :+:    :+: :+:
                        +:+    +:+ +:+        +:+    +:+ +:+
                        +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#
                        +#+    +#+        +#+ +#+    +#+ +#+
                        #+#    #+# #+#    #+# #+#    #+# #+#
                        #########   ########  ###    ### ###

              	             <a href="http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
                           _____________________________
    ______________________I       <b>   Topic:</b>             I_____________________
   \                      I                             I                    /
    \     HTML by:        I   <b>Local Windows hacking</b>     I   Written by:     /
    >                     I        <b>for newbies</b>          I                  <
   /      <a href="mailto:black_mesa@hacktik.org">Martin L.</a>       I_____________________________I   <a href="mailto:miggyx@amicoders.demon.co.uk">MiggyX</a>          \
  /___________________________>                    <_________________________\</pre>
    </td>
  </tr>
</table>
</div>
<h3>[Contents]</h3>
<ol>
  <li><a href="#1">Why would I want to hack windows?</a></li>
  <li><a href="#2">Are there many restrictions that can be placed on me?</a></li>
  <li><a href="#3">Where do these restrictions come from?</a></li>
  <li><a href="#4">What is the registry?</a></li>
  <li><a href="#5">Where is the registry?</a></li>
  <li><a href="#6">Can I edit it myself?</a></li>
  <li><a href="#7">I can't edit the registry. How do I get around this ?</a></li>
  <li><a href="#8">I can't get to the registry files to delete them! What now?</a></li>
  <li><a href="#9">I have the 'Run' command. What next?</a></li>
  <li><a href="#10">The evil scum bags have nicked the 'Run' command! Now what?!?</a></li>
  <li><a href="#11">So what's this magic shortcut trick then?</a></li>
  <li><a href="#12">When I type in the directory in explorer, it returns "Access Denied". Why?</a></li>
  <li><a href="#13">Okay, I've found the files..only I can't delete them! Windows says that are protected!</a></li>
  <li><a href="#14">Right, I've sabotaged the files. What next?</a></li>
  <li><a href="#15">My plans are being thwarted by this stupid registry checker! HELP!</a></li>
  <li><a href="#16">The network is on the Internet but Cyber patrol won't let me access any hacking sites!</a></li>
  <li><a href="#17">I can't access the disk drive or the CDROM yet I see the Admins doing it! How can I ?</a></li>
  <li><a href="#18">When I try to access A: , the whole machine crashes on me! Why?</a></li>
  <li><a href="#19">I MUST have floppy access! How do I get it?</a></li>
  <li><a href="#20">Sneaking files onto a Network</a></li>
  <li><a href="#21">Right, I've got the program. What now ?</a></li>
  <li><a href="#22">How can I get back all those nice programs that they removed from my start menu?</a></li>
  <li><a href="#23">How do I change this cursed background without using the display properties?</a></li>
  <li><a href="#24">The 'Net Plug' trick</a></li>
  <li><a href="#25">I still need DOS access to run the programs. How can I get it?</a></li>
  <li><a href="#26">I've done that but I get "This has been disabled by your system Administrator</a></li>
  <li><a href="#27">What the hell is poledit?</a></li>
  <li><a href="#28">Okay, I've managed to get poledit onto the network. now what?</a></li>
  <li><a href="#29">I think it worked but when I logged back onto the network, the old settings kicked in.</a></li>
</ol>
<a name="1"><h4><u>Why would I want to hack windows?</u></h4>
<blockquote>
<p>Well, okay stupid question but why would you want to hack windows when there are all those lovely servers to take on? The
answer is so simple, it often eludes people altogether. How exactly are you going to take out the server if your workstation
is so crippled, you can't even use the run command? Most hacking programs are DOS based. If your friendly Admin has removed
MS-DOS access, you're in trouble. You won't be able to run all those nice programs you've collected.</p>
<p>What if they Admin has placed some really horrible backdrop on your machine. You have a great replacement
only the display properties aren't available. How do you get round that? Well, that's what this tutorial is
all about : Removing restrictions on the local machine so that you can get a shot at the servers or so you
can run programs that you otherwise wouldn't be able to.</p>
</blockquote>
<a name="2"><h4><u>Are there many restrictions that can be placed on me?</u></h4>
<blockquote>
<p>There are a surprising amount of things Admins can do to your computer to make it more restricted. To
compromise of course, there are many ways to remove these annoying restrictions, one of which I worked out
and removes all the restrictions although it temporarily screws up Internet Explorer's settings. Here is a
small list :</p>
<blockquote>
<p>Control Panel<br>
Run command<br>
Find command<br>
Missing start menu programs<br>
Fixed backdrop<br>
No DOS access<br>
Removed CDROM and floppy access</p>
</blockquote>
<p>All of the above are a real pain in the ass. I'll go through removing these restrictions one by one.</p>
</blockquote>
<a name="3"><h4><u>Where do these restrictions come from?</u></h4>
<blockquote>
<p>Good question. There are two types of restriction, local and remote. The local restrictions are
usually stored in the registry and are fairly easy to get round compared to the remote restrictions.
These are restrictions placed on servers and are usually downloaded each time you login. They are VERY hard to
get around and most are beyond the scope of this tutorial. However if I do show some of them, I'll point out that
they are remote. Sometimes, the remote restrictions are enforced as local ones. This is handy to say the least.</p>
</blockquote>
<a name="4"><h4><u>What is the registry?</u></h4>
<blockquote>
<p>The registry is a database that Windows uses to store all its information. You can consider it as a directory.
Most programs and files are registered here, along with user and system settings. Driver versions and start up
programs are also found in here. Without the registry, Windows would be in trouble.</p>
</blockquote>
<a name="5"><h4><u>Where is the registry?</u></h4>
<blockquote>
<p>The registry consists of two files, user.dat and system.dat . Both are stored in the windows directory.
There are backups of both files called user.da0 and system.da0 . If the main two are destroyed, the system
copies the new versions over to replace them.</p>
<p>The user.dat file contains user settings. All the different parts of a users settings make up a user
profile. It is these profiles that contain the information regarding what restrictions should be enforced.
Every user is stored here along with all their access rights. I'll show you how to fool the system into giving
you full access the easy way later.</p>
<p>The system.dat file strangely enough contains information about the system. This includes settings for
Internet Explorer and other pieces of software such as DirectX, MS Office etc etc.</p>
</blockquote>
<a name="6"><h4><u>Can I edit it myself?</u></h4>
<blockquote>
<p>Yes you can, using a program called regedit. It is automatically installed and unless your friendly Admin
has removed your ability to edit it, you can use this program to set anything in the registry that you want.</p>
<p><b>NOTE :</b> If you remove the system.dat file ( which you usually have to ) some programs may have problems
finding their default settings or refuse to load.</p>
</blockquote>
<a name="7"><h4><u>I can't edit the registry. How do I get around this ?</u></h4>
<blockquote>
<p>Well the easiest way is to simply remove user.dat and system.dat . When you reset the computer and login,
it will come up and tell you that it needs to reset to repair the registry. Ignore this message and use ctrl+alt+del
to get it to close without selecting 'ok'. You will see that all the restrictions have been removed. Quickly go to
'Run' and type 'command' without the quotes. This will open a DOS window and for some reason stabilises the system.
Windows had a nasty tendency to crash if I didn't open a DOS window for some reason. When you reset the computer,
the old registry will kick in and the restrictions will be active again. This isn't so bad because it means you can
get a machine back to normal with the minimum of fuss.</p>
</blockquote>
<a name="8"><h4><u>I can't get to the registry files to delete them! What now?</u></h4>
<blockquote>
<p>Don't panic yet! I'll show you two ways of getting to the files. Normally if the 'Run' command is missing,
you're going to have trouble getting to the C:\windows directory which holds those files. Second,
you'll find that they are write protected. In the next few sections I'll show you how to get round this.</p>
</blockquote>
<a name="9"><h4><u>I have the 'Run' command. What next?</u></h4>
<blockquote>
<p>Type "c:\windows\" without the quotes. This will take you to the directory that contains the registry.
You will most likely get a message saying that altering the files could be dangerous and could stop windows
or other programs from working. Ignore that and select continue or click the hyper link. It will now show you
the files.</p>
</blockquote>
<a name="10"><h4><u>The evil scum bags have nicked the 'Run' command! Now what?!?</u></h4>
<blockquote>
<p>Now you panic........only joking! Most Admins do take out the run command as standard. It stops normal
people from going where they shouldn't be. However, we can out smart them here by using the shortcut trick. This
trick will get us whatever we need and is just as powerful as the run command, except it is slightly more
inconvenient.</p>
</blockquote>
<a name="11"><h4><u>So what's this magic shortcut trick then?</u></h4>
<blockquote>
<p>This trick is essential to a hackers toolkit. In Windows, you can create a shortcut to just about anything from a
folder to a program or even a website! We can use this to our advantage. It also gets round the annoying "Access Denied"
messages that explorer likes to give. Right click on the desktop, select new -> shortcut. When it asks what you want to
make the shortcut to, type in "c:\windows\" without the quotes and press enter. Hit enter twice more and you will find a
nice shortcut on your desktop. Click this twice and it will dump you in the Windows directory. Nice eh?</p>
</blockquote>
<a name="12"><h4><u>When I type in the directory in explorer, it returns "Access Denied". Why?</u></h4>
<blockquote>
<p>This means that the Admin has told explorer not to accept any requests to that folder, program or website.
However for some reason explorer will let you straight through if you make a shortcut to that folder. Security
is tight eh?</p>
</blockquote>
<a name="13"><h4><u>Okay, I've found the files.....only I can't delete them! Windows says that are protected!</u></h4>
<blockquote>
<p>When windows says protected, it means write protected. This is when you can't write or alter a file. This
is done for safety reasons. No one wants to accidentally delete the registry. However because we're evil we
want to and Windows is stopping us. Don't worry, the protection is lame. Right click on the file and hit