Windows 98: Networking, Free Internet, and Student Youth

    In connection with the appearance on Habré of many topics on the topic of hacking, I want to share my modest experience in this area.
    I must say right away - I did not hack into bank accounts, sites were not DDoS. Just had fun in the university network along with fellow students.

    Computer science lessons were very boring at my university. Of the 5 teachers who taught us various courses, only one was responsible (she read C / C ++). In the remaining pairs, we were waiting for boring lectures on topics that most of our guys already knew (and those who did not know - could not understand, the material was taught so poorly). Practical work was mainly given to us on the subject of "making one or two tablets in Excel." In 99% of cases, these tablets were made in 10-15 minutes, and students who were more advanced in Excel spent the same amount of time helping newcomers. As a result, at least an hour of time from the couple had to be wasted.

    In search of entertainment, open network resources in computer labs were first searched. Flash games and videos found there quickly got tired of us. There were no normal toys, moreover, playing in pairs was forbidden under threat of expulsion. Moreover, there were precedents. Internet access was, but strictly limited, through a WinGate proxy server and using passwords. Actually, of us students, no one has ever seen the Internet, except on the 1st floor at a local computer club and, of course, not for free. You could also visit several online libraries of scientific subjects in the multimedia library of the university. There I discovered that in fact access to the Internet from under the library account is unlimited. Only now the librarian also knew about it and limited access to sites manually, through the program known to many Remote Administrator (hereinafter - simply RAdmin). As soon as she saw that the student was opening a prohibited site, the browser was closed, and the student was expelled from the library. In addition to controlling students, RAdmin was also used to launch the WinGate client, enter the login / password for Internet access and open the site the student needed.

    One fine day, I brought a flash drive with a keylogger program to the multimedia library. As you know, the RAdmin server “transfers” the actions of the mouse and keyboard to the remote PC by generating corresponding events at the WinAPI level. Thus, for the keylogger there is no difference whether the password is entered directly from the keyboard by the computer user or is it entered remotely. The password was in my hands literally in 10-15 minutes. By the way, keylogger could not be used - I could just guess it. The login was libr, and the password ... library. Our network administrators were clearly unaware of the rules for inventing passwords. On the same day, we had computer science, and the password was successfully tested. True, our actions remained undetected for long - just a week later the password was changed. But nobody neutralized the keylogger,
    Having received free internet, we did not stop. The network at our university was very large - in almost all classrooms there was at least one computer. And in the computer classes of building “B” - 24-30 in each class. Windows 98 was installed everywhere. Only the servers were with Windows NT / 2000 (the license for it was still expensive at that time). And on virtually every machine on the network, network resources were open. Unfortunately, Windows 9x and “network security” are completely incompatible concepts. Mostly because this OS is single-user. The "Profiles" add-in built into Windows 98 does not count - this is just a miserable parody of the Windows NT user system and permissions. Distribution of access to network resources is supported exclusively at the resource level, and not at the user level, as in Windows NT / 2000. An open resource could be set only the type of access (read-only or full) and separately the access password (or two - for reading and full access separately). So, dear readers of Habr, do you know that in Win9x such passwords for network resources are selected "like in a movie" - by letters? There is a special program that selects first the first letter of the password, then the second, etc. The average hacking time is 5-10 seconds. As a result, we did a good job exploring all the closed resources of the university network. We read the dean’s reports on certification, lists for deductions, corrected already handed over laboratory laid out on the computer teachers with a discreetly open disk. And on April 1, the dean’s secretariat congratulated them on April 1, sending them a “greeting card” on their printer - access to printers is completely identical to access to network folders.
    Our "hacker games" reached their climax after the multimedia account at the proxy server level was denied access to all sites except online libraries. The goal was to crack the password of the WinGate-account of the computer club. The operation was carried out as follows. Due to the oversight of the club administrator, who firmly believed in the reliability of password protection of resources, local disks were opened for full access. Having cracked the password for the C drive resource, I copied keylogger and RAdmin into Program Files of the remote computer. Then they had to be run remotely. The registry editor came to the rescue. In Win9x, registry files are located directly in the Windows directory and are called system.dat and user.dat. I copied them to my computer, wrote a Reg file that added keylogger and RAdmin to the autorun. This file was imported by the registry editor. but not in his registry, but with a special key on the command line he indicated the path to the copied registry files of the victim computer. I copied the modified registry files back to the club computer. Now it remains only to wait for the reboot. But I am an impatient person, I do not like to wait. Therefore, I used the Win9x glitch. If there is a resource open for full access, then you can try to access the non-existent directory \\ computer \ resource \ con \ con, and on the remote Windows computer will show BSoD. Having provoked a blue screen of death, I forced the club administrator to restart the computer and literally after 5 minutes I was already connected by RAdmin. I watched the administrator launch WinGate and enter the password. He looked into the keylogger's log and rewrote the password for himself.
    Next was about 5 months of Internet mania. All free time after laboratory work and all lectures were held on the Web. How much I pumped up, I do not remember. But all good things come to an end sooner or later. Network administrators established the fact of illegal use of the Internet, and access to the club’s password was limited to IP addresses only to the club’s computers. I knocked out their computer a couple of times in BSoD, set my IP address for myself and cheated on the proxy server in this way, but then they closed this possibility. Also, according to rumors, the last bills from the provider almost sent the head of Building B faint. There was even an investigation into who hacked into a computer club. Fortunately, none of us was caught. And then the hype passed. Many have connected to home networks, the need for the Internet has become fully satisfied at home. and the problem of the Internet has become different.
    Occasionally, we still dabbled in the club’s computers with the help of RAdmin. Arranged small "surprises" for club visitors. For example, they wrote in Word, in the upper left corner with the green font “Knock-knock, NEO ... The Matrix has you!”. Once the administrator saw this and ... what do you think he did? No, he did not start looking for RAdmin and did not even press three buttons in the hope of finding a suspicious program in his memory. He simply turned off C drive sharing, believing that this would solve all the problems.

    Our entire hacking story ended with the computer club being closed. The rector was always against his existence and one fine day his patience ran out.

    Also popular now: