ownage

[root-ftw]

hey guys and girls

i was stuffing around with reshacker ( http://www.angusj.com/resourcehacker/ ) making a new boot screen and thought

if you were to make a script that uses reshacker to change someones boot screen the next time they boot their computer they will wonder why it changed.

maybe a hak.5 logo will scare them or my personal favorite

ideas anyone?

[renegadecanuck]

Intresting idea, but would you be able to do it silently?

[root-ftw]

thats what i'm trying to figure out.

basicly the way it works is you hack ntoskrnl in win/system32 and change certain bitmap files, only problem is that microsoft has file protection on this file and wont let you overwrite it unless your in safe mode.

so you have to save a copy of ntoskrnl elsewhere and overwrite it later.

here in detail:

http://www.thetechguide.com/howto/xpbootlogo/

why can style xp ( http://www.tgtsoft.com/prod_sxp.php ) edit it without safe mode?

[Sparda]

It's easy, just add the options

/noguiboot /bootlogo

to the end of the OS boot string (so it would look some thing like

multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Windows XP Media Center Edition" /fastdetect /noguiboot /bootlogo /NoExecute=OptOut

) in boot.ini then put the desired image that is to be displayed (as a 640x480 with a 16 custom colour pallet bitmap) in the windows directory and call it Boot.bmp (only XP don't know about vista).

Correction: Only XP

[Sparda]

Double correction: it dose work on 2k, but MS's page about this boot option only specifies XP and 2003, which discerned me from saying 2k.

[Spartain X]

i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing it

[Sparda]

Third correction: *sigh*

This dosn't work in 2k, I got it confused with some thing else I saw here: http://littleblackdog.com/viewtopic.php?t=...1c38abe8644b3c8

Sorry for that confusion ^^

Full details here: http://www.littlewhitedog.com/content-9.html

[root-ftw]

i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing it

The antidote is easy enough to make, all you have to do is get the batch scirpt to save a backup copy of ntoskrnl somewhere on the computer when changing the bootscreen, so when you stick the another key in with the antidote a batch script tells it to overwrite the your version with the backup

[Spartain X]

i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing it

The antidote is easy enough to make, all you have to do is get the batch scirpt to save a backup copy of ntoskrnl somewhere on the computer when changing the bootscreen, so when you stick the another key in with the antidote a batch script tells it to overwrite the your version with the backup

i really don't care if a solution to turn back the affect is easy to make or not it is still malicious and it's just stupid make such a payload,

moderators could you lock this thread

[majk]

i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing it

The antidote is easy enough to make, all you have to do is get the batch scirpt to save a backup copy of ntoskrnl somewhere on the computer when changing the bootscreen, so when you stick the another key in with the antidote a batch script tells it to overwrite the your version with the backup

i really don't care if a solution to turn back the affect is easy to make or not it is still malicious and it's just stupid make such a payload,

moderators could you lock this thread

Why? This is hardly more malicious than dumping all the password hashes from the computer or copying all documents from inserted USB-sticks.

[renegadecanuck]

Yes, and now Hak5 is trying to move past that. Look at their last show, nothing on the switchblade at all.

[majk]

Yes, and now Hak5 is trying to move past that. Look at their last show, nothing on the switchblade at all.

Episode 2x02 was the episode about the switchblade and 2x03 was the one about the USB hacksaw. 2x04 is the latest. And that's a sign they're "moving past" this?

[renegadecanuck]

Compare the ammount of script kiddy stuff on their show to the non-skiddy stuff overall. A segment in 2x02, 2x03 and a coiple in season one. They show isn't generally a script kiddy show. Hoenstly, if you want Script Kiddy stuff, watch The Broken, they openly act script kiddyish and embrace it (sure there are only 4 episodes, but meh)

[majk]

Compare the ammount of script kiddy stuff on their show to the non-skiddy stuff overall. A segment in 2x02, 2x03 and a coiple in season one. They show isn't generally a script kiddy show. Hoenstly, if you want Script Kiddy stuff, watch The Broken, they openly act script kiddyish and embrace it (sure there are only 4 episodes, but meh)

I just think it's odd to complain in a thread about how to change the boot screen in a sub-forum that's exclusively focused on creating an USB-stick for various actions that are much more malicious.

Personally I think that changing the boot screen is hardly more than a practical joke. While dumping the password hashes and stealing files is much worse and definitely will get you more legal trouble.

[renegadecanuck]

I agree that other uses are more malisious, but there are also legit solutions for this. I just don't see the point in pranking someones computer like this. Whatever happened to the good ole pranks like lowing monitor brightness to zero.

[Spartain X]

i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer

[majk]

i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer

Personally I have no interest in doing something like that. But what is described here looks reversable and only affects Windows XP. So it shouldn't cause many problems, the odds of breaking a computer with that seems low.

[Spartain X]

i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer

Personally I have no interest in doing something like that. But what is described here looks reversable and only affects Windows XP. So it shouldn't cause many problems, the odds of breaking a computer with that seems low.

but have you taken into consideration of people dual booting a solution such as that could screw up the dual booting config and as a batch file i would be practically impossible to create as it does not handle text editing well i.e. take left or right functions or strip characters or text away etc any way i think it's just a bad idea any way whatever like i said he's the programmer and hope the pro's outweigh the cons and the whole process can be reverable and the the danger issue people dual booting etc

[majk]

i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer

Personally I have no interest in doing something like that. But what is described here looks reversable and only affects Windows XP. So it shouldn't cause many problems, the odds of breaking a computer with that seems low.

but have you taken into consideration of people dual booting a solution such as that could screw up the dual booting config and as a batch file i would be practically impossible to create as it does not handle text editing well i.e. take left or right functions or strip characters or text away etc any way i think it's just a bad idea any way whatever like i said he's the programmer and hope the pro's outweigh the cons and the whole process can be reverable and the the danger issue people dual booting etc

As far as I understood it will only affect Windows XP. Or possibly if you're using the Windows XP boot loader to select operating systems it could affect that too. But does anyone do that with Linux (or at all)? Either way it should only affect the boot screen.

Editing files with command line utilites could be solved easily by just having some grep/awk/sed-like tool on your USB.

[root-ftw]

i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer

The "payload" will only work on windowsXP and it has no effect on grub or lilo, it also saves a copy of ntoskrnl localy to reverse the damage.

i have no intention on making this malicious in any way infact its probably going to be the most harmless peice of code in this forum.

why point the finger at this project as being extremely dangerous when nearly all of the other projects here are 100 times worst?

[therealdonquixote]

i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing it

What would be AWESOME would be a if you could use a gif instead of a bmp. Then you could sub in the goatse marathon gif for the boot screen. ;)

I realize that you are really against this project, but you must realize that its all fun and games as long as peeps are doing this to their friends at home and not at work. That's how hacks started the brains over at MIT started pulling pranks, then called hacks, and it was all in good fun. Of course they moved on to prank codeing and "viri", but it was still all in fun. While at CMU a friend of mine hacked my Mac!!! It was a powermac a really really old one, so that I could only save to the desktop. He also pasted a huge porn poster on my bathroom window the night of a big date. But it was all for sh!ts and giggles no one got hurt, I had my data backed up, I didn't let the girl into the bathroom. Its called fun. I realize that there are some bad people in the world but you have to realize that we are talking about a hypothetical joke, not an undetected baegle variant. I mean who didn't love leaving a floppy full of porn in your friends system when their parents were over??

Movin on up. The only way I know how to alter those types of files without an admin pass is with the win2k boot cd and recovery console. However, if the PC is on and your friend left it unlocked you could insert the USB stick and run a batch file that swithces out your moded boot loader and boot.bmp really fast. You could even alter the autorun file for the USB stick that would run the batch file as soon as it loaded. At least i think that would work....

Sorry its late and I'm knackered.