Windows 98: Network, Free Internet and Student Youth
In connection with the appearance on Habré of many topics on hacking, I want to share my modest experience in this field.
I’ll say right away that I didn’t break into bank accounts, the sites were not DDoS'il. Just having fun in the university network with fellow students.
In my university, computer science lessons were very boring. Of the 5 teachers who taught us various courses, only one was sane (she read C / C ++). On the remaining pairs, boring lectures awaited us, on topics that most of our children already knew (and those who did not know could not understand, the material was so poorly taught). Practical work was given to us mainly on the topic “to make one or two tables in Excel”. In 99% of cases, these tablets were made in 10-15 minutes, and the same amount of time the more advanced students in Excel spent on helping newcomers. As a result, at least an hour of time from the pair had to be wasted.
In search of entertainment, first of all, open network resources were searched in computer labs. Flash games and videos found there are quickly bored with us. There were no normal toys, moreover, it was forbidden to play with couples under threat of expulsion. Moreover, there were precedents. Internet access was, but strictly limited, via the WinGate proxy server and by passwords. Actually, no one of us, students, has ever seen the Internet, except on the 1st floor of the local computer club and, of course, not for free. You could still visit several online libraries of scientific subjects in the multimedia library of the university. There I discovered that in fact access to the Internet from under the library account is not limited. Only here the librarian also knew about this and limited access to the sites manually, through the Remote Administrator program known to many (hereinafter - simply RAdmin). As soon as she saw that the student opens the forbidden website, the browser was closed, and the student was driven out of the library. In addition to controlling students, RAdmin was also used to launch a WinGate client, enter a username / password to access the Internet, and open a site for a student.
One day I brought a flash drive with a keylogger program to the multimedia library. As you know, the RAdmin server “transfers” mouse and keyboard actions to a remote PC by generating corresponding events at the WinAPI level. Thus, for a keylogger, there is no difference whether the password is entered from the keyboard directly by the computer user, or it is entered remotely. The password was in my hands literally in 10-15 minutes. By the way, the keylogger could not be used - I could just guess. The login was libr, and the password ... library. The rules for inventing passwords to our network administrators were clearly unknown. On the same day we had computer science, and the password was successfully tested. True, our actions were not found undetected for long - literally a week later the password was changed. But no one disarmed the keylogger, so we got the new passwords instantly.
Having received free internet, we did not stop. The network at our university was very large - in almost all classrooms there was at least one computer. And in the computer classes of building "B" - 24-30 in each class. Everywhere Windows 98 was installed. Only servers were with Windows NT / 2000 (then the license for it was still expensive). And almost every machine on the network has opened network resources. Unfortunately, Windows 9x and “network security” are absolutely incompatible concepts. Mostly because this OS is single-user. The Profiles add-in built into Windows 98 does not count - this is just a pathetic parody of the Windows NT user and authority system. The distribution of access to network resources is maintained solely at the resource level, and not at the user level, as in Windows NT / 2000. It was possible to specify an open resource only the type of access (read-only or full) and a separate access password (or two - for reading and for full access separately). So, dear Habr readers, and you know that in Win9x such passwords to network resources are selected “like in the movies” - by letter? There is a special program that first selects the first letter of the password and then the second, and so on. The average break time is 5-10 seconds. As a result, we studied all the closed resources of the university network well. They read the reports of the dean's office on certification, lists for expulsion, corrected the laboratory tests already laid out on teachers' computers with an inadvertently open disc. On April 1, the secretariat of the dean's office was congratulated on April 1, sending a “greeting card” to the printer - access to printers is completely identical to access to network folders.
Our “hacker games” reached their climax after the proxy server-level multimedia library account was denied access to all sites except online libraries. The goal was to crack the password of the WinGate-account computer club. The operation was carried out as follows. By an oversight of the club administrator, who firmly believed in the reliability of password protection for resources, local disks were opened for full access. Having cracked the password on the C disk resource, I copied keylogger and RAdmin into the Program Files of the remote computer. Then they needed to be run remotely. The registry editor came to the rescue. In Win9x, the registry files are directly in the Windows directory and called system.dat and user.dat. I copied them to my computer, wrote a Reg-file which I added keylogger and RAdmin to autorun. This file was imported by the registry editor, but not into its registry, and the special key on the command line indicated the path to the copied registry files of the victim computer. I copied the changed registry files back to the club's computer. Now we just have to wait for the reboot. But I am an impatient person, I do not like to wait. Therefore, I used the Win9x glitch. If there is a resource open to full access, then you can try to access the nonexistent \\ computer \ resource \ con \ con directory, and on the remote computer, Windows will display BSoD. Having provoked the blue screen of death, I forced the club administrator to restart the computer and literally in 5 minutes I was already connected by RAdmin. I watched the administrator launch WinGate and enter the password. I looked into the keylogger's log and rewrote the password myself. In terms of training, the administrator was not much higher than a librarian - the password on the Internet coincided with the password on network resources, and moreover, it was his girl's name.
Then there were about 5 months of Internet mania. All free time after laboratory work and all lectures were held on the web. How much I pumped, I do not remember. But all good things end sooner or later. The network administrators established the fact of illegal use of the Internet, and access by the club password was restricted by IP addresses only to club computers. I hit their computer in BSoD a couple of times, set its IP address to myself and thus deceived the proxy server, but then closed this opportunity. Also according to rumors, the last bills from the provider almost sent the head of the B building to faint. There was even an investigation of who hacked into the computer club. Fortunately, none of us were caught. And then the hype passed. Many have connected to home networks, the need for the Internet has become completely satisfied at home. and the problem of the Internet has become different.
Occasionally we still indulged with the club's computers with the help of RAdmin. They arranged small "surprises" for the club visitors. For example, they wrote in Word, in the upper left corner in green font “Knock-knock, NEO ... The Matrix has you!”. Once the administrator saw it and ... what do you think he did? No, he did not start searching for RAdmin and did not even press the three buttons in the hope of finding a suspicious program in memory. He simply turned off C disk sharing, considering that this would solve all problems.
')
All our hacker history ended with the fact that the computer club was closed. The rector was always against his existence, and one day his patience ran out.
I’ll say right away that I didn’t break into bank accounts, the sites were not DDoS'il. Just having fun in the university network with fellow students.
In my university, computer science lessons were very boring. Of the 5 teachers who taught us various courses, only one was sane (she read C / C ++). On the remaining pairs, boring lectures awaited us, on topics that most of our children already knew (and those who did not know could not understand, the material was so poorly taught). Practical work was given to us mainly on the topic “to make one or two tables in Excel”. In 99% of cases, these tablets were made in 10-15 minutes, and the same amount of time the more advanced students in Excel spent on helping newcomers. As a result, at least an hour of time from the pair had to be wasted.
In search of entertainment, first of all, open network resources were searched in computer labs. Flash games and videos found there are quickly bored with us. There were no normal toys, moreover, it was forbidden to play with couples under threat of expulsion. Moreover, there were precedents. Internet access was, but strictly limited, via the WinGate proxy server and by passwords. Actually, no one of us, students, has ever seen the Internet, except on the 1st floor of the local computer club and, of course, not for free. You could still visit several online libraries of scientific subjects in the multimedia library of the university. There I discovered that in fact access to the Internet from under the library account is not limited. Only here the librarian also knew about this and limited access to the sites manually, through the Remote Administrator program known to many (hereinafter - simply RAdmin). As soon as she saw that the student opens the forbidden website, the browser was closed, and the student was driven out of the library. In addition to controlling students, RAdmin was also used to launch a WinGate client, enter a username / password to access the Internet, and open a site for a student.
One day I brought a flash drive with a keylogger program to the multimedia library. As you know, the RAdmin server “transfers” mouse and keyboard actions to a remote PC by generating corresponding events at the WinAPI level. Thus, for a keylogger, there is no difference whether the password is entered from the keyboard directly by the computer user, or it is entered remotely. The password was in my hands literally in 10-15 minutes. By the way, the keylogger could not be used - I could just guess. The login was libr, and the password ... library. The rules for inventing passwords to our network administrators were clearly unknown. On the same day we had computer science, and the password was successfully tested. True, our actions were not found undetected for long - literally a week later the password was changed. But no one disarmed the keylogger, so we got the new passwords instantly.
Having received free internet, we did not stop. The network at our university was very large - in almost all classrooms there was at least one computer. And in the computer classes of building "B" - 24-30 in each class. Everywhere Windows 98 was installed. Only servers were with Windows NT / 2000 (then the license for it was still expensive). And almost every machine on the network has opened network resources. Unfortunately, Windows 9x and “network security” are absolutely incompatible concepts. Mostly because this OS is single-user. The Profiles add-in built into Windows 98 does not count - this is just a pathetic parody of the Windows NT user and authority system. The distribution of access to network resources is maintained solely at the resource level, and not at the user level, as in Windows NT / 2000. It was possible to specify an open resource only the type of access (read-only or full) and a separate access password (or two - for reading and for full access separately). So, dear Habr readers, and you know that in Win9x such passwords to network resources are selected “like in the movies” - by letter? There is a special program that first selects the first letter of the password and then the second, and so on. The average break time is 5-10 seconds. As a result, we studied all the closed resources of the university network well. They read the reports of the dean's office on certification, lists for expulsion, corrected the laboratory tests already laid out on teachers' computers with an inadvertently open disc. On April 1, the secretariat of the dean's office was congratulated on April 1, sending a “greeting card” to the printer - access to printers is completely identical to access to network folders.
Our “hacker games” reached their climax after the proxy server-level multimedia library account was denied access to all sites except online libraries. The goal was to crack the password of the WinGate-account computer club. The operation was carried out as follows. By an oversight of the club administrator, who firmly believed in the reliability of password protection for resources, local disks were opened for full access. Having cracked the password on the C disk resource, I copied keylogger and RAdmin into the Program Files of the remote computer. Then they needed to be run remotely. The registry editor came to the rescue. In Win9x, the registry files are directly in the Windows directory and called system.dat and user.dat. I copied them to my computer, wrote a Reg-file which I added keylogger and RAdmin to autorun. This file was imported by the registry editor, but not into its registry, and the special key on the command line indicated the path to the copied registry files of the victim computer. I copied the changed registry files back to the club's computer. Now we just have to wait for the reboot. But I am an impatient person, I do not like to wait. Therefore, I used the Win9x glitch. If there is a resource open to full access, then you can try to access the nonexistent \\ computer \ resource \ con \ con directory, and on the remote computer, Windows will display BSoD. Having provoked the blue screen of death, I forced the club administrator to restart the computer and literally in 5 minutes I was already connected by RAdmin. I watched the administrator launch WinGate and enter the password. I looked into the keylogger's log and rewrote the password myself. In terms of training, the administrator was not much higher than a librarian - the password on the Internet coincided with the password on network resources, and moreover, it was his girl's name.
Then there were about 5 months of Internet mania. All free time after laboratory work and all lectures were held on the web. How much I pumped, I do not remember. But all good things end sooner or later. The network administrators established the fact of illegal use of the Internet, and access by the club password was restricted by IP addresses only to club computers. I hit their computer in BSoD a couple of times, set its IP address to myself and thus deceived the proxy server, but then closed this opportunity. Also according to rumors, the last bills from the provider almost sent the head of the B building to faint. There was even an investigation of who hacked into the computer club. Fortunately, none of us were caught. And then the hype passed. Many have connected to home networks, the need for the Internet has become completely satisfied at home. and the problem of the Internet has become different.
Occasionally we still indulged with the club's computers with the help of RAdmin. They arranged small "surprises" for the club visitors. For example, they wrote in Word, in the upper left corner in green font “Knock-knock, NEO ... The Matrix has you!”. Once the administrator saw it and ... what do you think he did? No, he did not start searching for RAdmin and did not even press the three buttons in the hope of finding a suspicious program in memory. He simply turned off C disk sharing, considering that this would solve all problems.
')
All our hacker history ended with the fact that the computer club was closed. The rector was always against his existence, and one day his patience ran out.
Source: https://habr.com/ru/post/88214/
All Articles