Hacking Secrets

Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.

Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.

Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.

The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.

You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.

Launch Regedit and go to the following Registry Key:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies

Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:

NoDeletePrinter: Disables Deletion of already installed Printers

NoAddPrinter: Disables Addition of new Printers

NoRun : Disables or hides the Run Command

NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)

NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu

NoFind: Removes the Find Tool (Start >Find)

NoDrives: Hides and does not display any Drives in My Computer

NoNetHood: Hides or removes the Network Neighborhood icon from the desktop

NoDesktop: Hides all items including, file, folders and system folders from the Desktop

NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.

NoSaveSettings: Means to say, 'Don't save settings on exit'

DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too

will not work.)

NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)

ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.

Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):

NODispCPL: Hides Control Panel

NoDispBackgroundPage: Hides Background page.

NoDispScrsavPage: Hides Screen Saver Page

NoDispAppearancePage: Hides Appearance Page

NoDispSettingsPage: Hides Settings Page

NoSecCPL: Disables Password Control Panel

NoPwdPage: Hides Password Change Page

NoAdminPaqe: Hides Remote Administration Page

NoProfilePage: Hides User Profiles Page

NoDevMgrPage: Hides Device Manager Page

NoConfigPage: Hides Hardware Profiles Page

NoFileSysPage: Hides File System Button

NoVirtMemPage: Hides Virtual Memory Button

Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

NoNetSetupSecurityPage: Hides Network Security Page

NoNelSetup: Hides or disables the Network option in the Control Panel

NoNetSetupIDPage: Hides the Identification Page

NoNetSetupSecurityPage: Hides the Access Control Page

NoFileSharingControl: Disables File Sharing Controls

NoPrintSharing: Disables Print Sharing Controls

Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

Disabled: Disable MS-DOS Prompt

NoRealMode: Disable Single-Mode MS-DOS.

So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.

The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.

Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)

It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.