Why would I want to hack windows?

Well, okay stupid question but why would you want to hack windows when there are all those lovely servers to take on? The answer is so simple, it often eludes people altogether. How exactly are you going to take out the server if your workstation is so crippled, you can't even use the run command? Most hacking programs are DOS based. If your friendly Admin has removed MS-DOS access, you're in trouble. You won't be able to run all those nice programs you've collected.
What if they Admin has placed some really horrible backdrop on your machine. You have a great replacement only the display properties aren't available. How do you get round that? Well, that's what this tutorial is all about : Removing restrictions on the local machine so that you can get a shot at the servers or so you can run programs that you otherwise wouldn't be able to.

Are there many restrictions that can be placed on me?


There are a surprising amount of things Admins can do to your computer to make it more restricted. To compromise of course, there are many ways to remove these annoying restrictions, one of which I worked out and removes all the restrictions although it temporarily screws up Internet Explorer's settings. Here is a small list :
Control Panel
Run command
Find command
Missing start menu programs
Fixed backdrop
No DOS access
Removed CDROM and floppy access
All of the above are a real pain in the ass. I'll go through removing these restrictions one by one.

Where do these restrictions come from?

Good question. There are two types of restriction, local and remote. The local restrictions are usually stored in the registry and are fairly easy to get round compared to the remote restrictions. These are restrictions placed on servers and are usually downloaded each time you login. They are VERY hard to get around and most are beyond the scope of this tutorial. However if I do show some of them, I'll point out that they are remote. Sometimes, the remote restrictions are enforced as local ones. This is handy to say the least.

What is the registry?

The registry is a database that Windows uses to store all its information. You can consider it as a directory. Most programs and files are registered here, along with user and system settings. Driver versions and start up programs are also found in here. Without the registry, Windows would be in trouble.

The registry consists of two files, user.dat and system.dat . Both are stored in the windows directory. There are backups of both files called user.da0 and system.da0 . If the main two are destroyed, the system copies the new versions over to replace them.
The user.dat file contains user settings. All the different parts of a users settings make up a user profile. It is these profiles that contain the information regarding what restrictions should be enforced. Every user is stored here along with all their access rights. I'll show you how to fool the system into giving you full access the easy way later.
The system.dat file strangely enough contains information about the system. This includes settings for Internet Explorer and other pieces of software such as DirectX, MS Office etc etc.

Can I edit it myself?

Yes you can, using a program called regedit. It is automatically installed and unless your friendly Admin has removed your ability to edit it, you can use this program to set anything in the registry that you want.

NOTE : If you remove the system.dat file ( which you usually have to ) some programs may have problems finding their default settings or refuse to load.

Well the easiest way is to simply remove user.dat and system.dat . When you reset the computer and login, it will come up and tell you that it needs to reset to repair the registry. Ignore this message and use ctrl+alt+del to get it to close without selecting 'ok'. You will see that all the restrictions have been removed. Quickly go to 'Run' and type 'command' without the quotes. This will open a DOS window and for some reason stabilises the system. Windows had a nasty tendency to crash if I didn't open a DOS window for some reason. When you reset the computer, the old registry will kick in and the restrictions will be active again. This isn't so bad because it means you can get a machine back to normal with the minimum of fuss.

Don't panic yet! I'll show you two ways of getting to the files. Normally if the 'Run' command is missing, you're going to have trouble getting to the C:\windows directory which holds those files. Second, you'll find that they are write protected. In the next few sections I'll show you how to get round this.

Type "c:\windows\" without the quotes. This will take you to the directory that contains the registry. You will most likely get a message saying that altering the files could be dangerous and could stop windows or other programs from working. Ignore that and select continue or click the hyper link. It will now show you the files.

Now you panic........only joking! Most Admins do take out the run command as standard. It stops normal people from going where they shouldn't be. However, we can out smart them here by using the shortcut trick. This trick will get us whatever we need and is just as powerful as the run command, except it is slightly more inconvenient.

This trick is essential to a hackers toolkit. In Windows, you can create a shortcut to just about anything from a folder to a program or even a website! We can use this to our advantage. It also gets round the annoying "Access Denied" messages that explorer likes to give. Right click on the desktop, select new -> shortcut. When it asks what you want to make the shortcut to, type in "c:\windows\" without the quotes and press enter. Hit enter twice more and you will find a nice shortcut on your desktop. Click this twice and it will dump you in the Windows directory. Nice eh?

When I type in the directory in explorer, it returns "Access Denied". Why?

This means that the Admin has told explorer not to accept any requests to that folder, program or website. However for some reason explorer will let you straight through if you make a shortcut to that folder. Security is tight eh?

When windows says protected, it means write protected. This is when you can't write or alter a file. This is done for safety reasons. No one wants to accidentally delete the registry. However because we're evil we want to and Windows is stopping us. Don't worry, the protection is lame. Right click on the file and hit properties. Once in, untick the little box next to write protected and click apply then okay. Now try deleting the file. You should find that it goes without any hassle. This works with both registry files.

To prevent Windows catching on, just turn off the computer and switch it on again. If it starts up and the registry fixing program starts, you'll have to repeat the procedure. Sometimes it gets you, some times it doesn't. If it keeps coming up, see the next section.

This nasty little program kept catching me out. It is called regcheck and is usually found in the windows or windows\system directory. It is called from an ini file called regcheck.ini or regchck.ini . The name seems to vary from system to system though I can't see any reason why it should. You can alter the .ini file and remove the checking program. The script will complete and still the registry won't have been restored!! Tee hee!

Cyber patrol is a royal pain in the ass! However, it is very easy to remove. Press ctrl+alt+del to bring up the task list. Select Cyber Patrol and press enter. Cyber Patrol will now bring up a window asking for a password. Damn, we've been beaten! Not so, press ctrl+alt+del again. This time because Cyber Patrol has ALREADY answered windows, it won't access again. Thus Windows thoughtfully lets us close the program. Bye bye stupid restrictions!

This can be quite annoying. You have lots of stuff on disk or CD but you just can't access them. Why? Because some sod has removed their icons from 'My Computer'. *Sigh* I guess its no go then right? Wrong! Although you can't see the drives, they are still there. Load up ole faithful Internet Explorer and type "D:\" without the quotes and press Enter. It should display a list of the files on the CD. If it comes up with "Access Denied" or " Permission Denied" then simply make a shortcut to it. That way, you will see all the files.

This happens when the floppy drive has been disabled in the BIOS ( Basic Input Output System). When you try to access it, Windows will hang and force you to reboot. There is a nice easy way of testing if the drive is open before you crash your machine. When you log in or out, check the light on the drive. If it flashes, the drive is available even if you can't see it in the drive list. If it doesn't flash, the drive has been disabled.

The only way to get disk access is to enable the floppy drive in BIOS. This is almost ALWAYS passworded ( if not you're really lucky ). You will need a BIOS cracker and there are loads on the Internet. Check what BIOS the machine has when it boots up ( Award, AmiBIOS etc etc). Get a program for that. Obviously you will somehow need to get it on the Network and there is a cunning way to do that to!

Unwatermarked Wallpapers || Nude Celebrities ||Mobile-Zone || SMS-Zone