Professional Documents
Culture Documents
The evil scum bags have nicked the 'Run' command! Now what?!?
Okay, I've found the files..only I can't delete them! Windows says that are
protected!
Right, I've sabotaged the files. What next?
How can I get back all those nice programs that they removed from my start
menu?
How do I change this cursed background without using the display properties?
The 'Net Plug' trick
I still need DOS access to run the programs. How can I get it?
I've done that but I get "This has been disabled by your system
Administrator
What if they Admin has placed some really horrible backdrop on your machine.
You have a great replacement only the display properties aren't available.
How do you get round that? Well, that's what this tutorial is all about :
Removing restrictions on the local machine so that you can get a shot at the
servers or so you can run programs that you otherwise wouldn't be able to.
Control Panel
Run command
Find command
Missing start menu programs
Fixed backdrop
No DOS access
Removed CDROM and floppy access
All of the above are a real pain in the ass. I'll go through removing these
restrictions one by one.
The user.dat file contains user settings. All the different parts of a users
settings make up a user profile. It is these profiles that contain the
information regarding what restrictions should be enforced. Every user is
stored here along with all their access rights. I'll show you how to fool
the system into giving you full access the easy way later.
The system.dat file strangely enough contains information about the system.
This includes settings for Internet Explorer and other pieces of software
such as DirectX, MS Office etc etc.
NOTE : If you remove the system.dat file ( which you usually have to ) some
programs may have problems finding their default settings or refuse to load.
The evil scum bags have nicked the 'Run' command! Now what?!?
Now you panic........only joking! Most Admins do take out the run command as
standard. It stops normal people from going where they shouldn't be.
However, we can out smart them here by using the shortcut trick. This trick
will get us whatever we need and is just as powerful as the run command,
except it is slightly more inconvenient.
Okay, I've found the files.....only I can't delete them! Windows says that
are protected!
When windows says protected, it means write protected. This is when you
can't write or alter a file. This is done for safety reasons. No one wants
to accidentally delete the registry. However because we're evil we want to
and Windows is stopping us. Don't worry, the protection is lame. Right click
on the file and hit properties. Once in, untick the little box next to write
protected and click apply then okay. Now try deleting the file. You should
find that it goes without any hassle. This works with both registry files.
The network is on the Internet but Cyber patrol won't let me access any
hacking sites!
Cyber patrol is a royal pain in the ass! However, it is very easy to remove.
Press ctrl+alt+del to bring up the task list. Select Cyber Patrol and press
enter. Cyber Patrol will now bring up a window asking for a password. Damn,
we've been beaten! Not so, press ctrl+alt+del again. This time because Cyber
Patrol has ALREADY answered windows, it won't access again. Thus Windows
thoughtfully lets us close the program. Bye bye stupid restrictions!
I can't access the disk drive or the CDROM yet I see the Admins doing it!
How can I ?
This can be quite annoying. You have lots of stuff on disk or CD but you
just can't access them. Why? Because some sod has removed their icons from
'My Computer'. *Sigh* I guess its no go then right? Wrong! Although you
can't see the drives, they are still there. Load up ole faithful Internet
Explorer and type "D:\" without the quotes and press Enter. It should
display a list of the files on the CD. If it comes up with "Access Denied"
or " Permission Denied" then simply make a shortcut to it. That way, you
will see all the files.
How can I get back all those nice programs that they removed from my start
menu?
This is also quite easy. There is a program called groupconv.exe . By
running this, you'll restore the default star menu along with all the usual
programs and accessories. Useful if the Admin has removed some program that
you prefer or want to use like Paint brush. You'll need paint to pull off
the next trick.
How do I change this cursed background without using the display properties?
Not so useful perhaps but nice to have none the less. No one likes the
default backgrounds but Admins tend to remove the ability to change them
which is rather upsetting. To pull this off, you need access to paint.
Normally this isn't removed. Open your bitmap of choice into paint. From the
'File' menu, select "Set as background". This will set your bitmap as the
background. Normally this won't stay the same and will change back next time
you login. Still, you get a decent background for the duration of your
session.
This is an attack that I worked out myself before I was given Admin status.
It always works and I've yet to see it fail. Make sure you are at a windows
95 or 98 machine. I doubt NT would be fooled by this trick but I don't have
any NT machines so I can't test it for you.
Note : Most Admins, believe that they are the most knowledgeable about their
system. Many also believe that no one else knows much about computers. In
other words, for whatever reasons, they are not too concerned about us i.e.
the idiots attacking their servers. Why? Because we aren't good enough. So
why waste valuable time configuring security that won't be needed eh? I
think I've made my point. They don't see us as a threat. You don't consider
a house spider a threat so you don't go round putting up netting to keep
them out. Why? You can't be bothered. The same rule applies here. Even if
you are a computer genius, play it dumb. Admins like to lecture the
uninitiated and would love to appear smarter than you. This is the way you
want it. The Admins will think you're a nice guy or gal, totally harmless.
This sometimes gives you more leverage because they like you, they'll be
willing to help you. They also won't expect you to launch a huge assault on
their servers either However sometimes there are some smart people out there
who will notice your talents and pull you over to their side. This isn't a
bad place to be and can be advantageous later.
First of all, login as yourself. Crash your computer and reset it . Walk
over to your favourite admin (the one that hates you most is the best
choice ) and apologise for being an idiot but the computer won't let you
login and could s/he please come and take a look for you. Mumbling and
grumbling they'll come over. The best way to test if it is the machine is
for them to login. Of course, they'll log in as an admin or equivalent.
They'll check your account and see that your account is fine. They'll tell
you to log onto another machine and your account will be okay. They'll now
log off and walk off in disgust thinking you are a computer moron. Not so my
friend, we've just done them good and proper!
Turn off the computer and pull out the network lead. Turn it back on again.
The computer will detect that you aren't on a network and will dump you at a
desktop with restrictions of the last user. If this user is the admin then
chances are that he or she will have full access to everything including DOS
and drive access. Perfect for installing all those really kewl programs you
have on a disk in your pocket......
But you aren't on the network now. That's no fun is it? Shove the lead back
in and try to access a network drive. This is the bit where you hope the
Admins are sloppy or not computer geniuses. Windows by default caches ALL
passwords so unless the Admins have told it not to ( a key deep in the
registry) then windows will have a nice copy of their password. Go into 'My
Computer' and click on a drive. Whoop with glee as Netware logs you in as an
Admin. Why does this happen? Well windows still holds the username and
password last used to access the drive. You are logged into windows as Admin
and windows knows what credentials you last gave to the server. So it
supplies them for you. Likewise because you are now authenticated you know
have full access to the NDS tree. Not only can you read but you can no
write, modify delete etc etc. Much more fun!
Now, this is the bit where you have to be sneaky. You have to make a new
account for yourself or upgrade your old one. There are pros and cons to
each of your choices. If you alter your existing account and they check it
for some reason ( maybe you got locked out? ) they'll notice you have admin
rights and shoot you. If you make a new user, it might get found quicker but
there is no way to point to you ( it was created by user admin after all tee
hee ). The choice is yours. You can always do both.
I still need DOS access to run the programs. How can I get it?
Not all Admins actually remove the ability to run DOS programs, simply
because they are needed. It is likely though that the shortcuts and the run
command will have been removed. Also I doubt you will be able to shutdown
into MS-DOS mode. So how do you call up the window?
Well, we can use our usual shortcut trick. The program that opens the DOS
windows is called "command.exe" . To run the program, simply make a shortcut
to "command" without the quotes. Double clicking on the shortcut will pull
up the MS-DOS prompt.
I've done that but I get "This has been disabled by your system
Administrator
If you get this, your Admin has locked out the ability for your user to run
DOS programs. Windows is suprisingly tight on DOS access. There is only ONE
way that I currently know of ( I'm always searching for new ones though) to
bypass this whilst logged in as yourself. To do this, you need a program
called "poledit.exe".
Poledit controls ALL the access rights such as control panel access, display
properties, find and run commands, DOS access, shutting down to MSDOS mode
etc etc. This tool can give them all back to you!
Okay, I've managed to get poledit onto the network. now what?
Right, run the program. It will bring up a list of users and their policies.
There will probably be two policies stored there ( at least). One will be
called Admin or similar and the other default. You will be user default.
Now, alter the settings to whatever you want and save them. Quit the program
and you should find that your access has been increased!
I think it worked but when I logged back onto the network, the old settings
kicked in.
This is a pain because it means your settings are stored on the server too.
When it logs in, it activates the settings you updated and then overlays the
new ones from the server. Annoying huh? Well there isn't all that much you
can do about it apart from use the Net Plug trick.
How does it help us here? Well, turn off the computer, unplug the network
lead and turn it back on. It will automatically log you in as the last user,
i.e yourself. However because there is no server, it will pull its
restrictions from the local file ( which we edited of course). Plug the
network lead back into the computer and try to access the drives. Even if it
asks you to login again ( to access the network ), Windows isn't clever
enough to pull off the updated policy files. You're home free!!
Credits
Everyone with a PC