School Hacking: Vcasel/Win98

The joys of windows 98, and visual casel.

Background: Windows 98/SE was and is still a popular and stable operating system... wait, please, stop laughing. Thank you. As I was saying: Windows 98 is... well, more stable than ME, right? Moving on.

Visual Casel: Is a lazy windows sysadmin tool. Used mostly by public schools, by idiot sysadmins using 98.

Most of the people who operate in schools are very paranoid about 4 main things:

*Children accessing porn
*Children accessing illegal sites
*Children compromising secuirty/grades/records
*Children showing them up

Most sysadmins in this kind of enviornment will take several measures that will make them feel secure.

* Proxy (Bess, etc.) blocking innappropriate content.
* Disallow access to Control Panel, Display Properties, Network Neighboorhood, MS-Dos, and all *.exe programs that are not approved.
* Policy of only allowing you to take in floppy disks
* Having McAffee/other virus scanner running on said computers, that students cannot disaple
* Disabling alt key (control alt delete, telnet, etc.), while still allowing students to copy/paste (control key)
* Disable internet properties in IE, so students cannot remove/reset proxy settings

Obviously, if you can get past the *.exe restriction, the rest will fall. But how?

Visual Casel (and most windows9x tools like it) allow filenames, not /path/to/filename (well, \path\to\filename)

So, if winword.exe (Wordpad) is allowed, it doesn't care if it's C:\Windows\Winword.exe or C:\Windows\Desktop\Winword.exe

Take Poledit (policy editor) along with you on a floppy disk, or any other policy editor. Rename it to winword.exe, and run it.

Remove all restrictions you can (This will probally only allow you to enter internet options, control pannel, network neighboorhod, etc.).

Now to to IE, and disable proxy (Tools, Internet Tools/Options, Connections, Lan settings).

Right click on network neighboorhood (should now be on desktop, if not, it's in control pannel), and allow file/printer sharing. Now share the C:, and make sure there is a password for both read-only, and full write. Restart as it asks, and boot back into the machine, and log in with your user account.

What's this? All security restrictions are back on your account. Excellent. This is untraceble.

Next, you'll want to ENABLE something... and this will not be overwritten next restart. This will always be on the computer. Enable password caching, as well as .pwl storage in C:\Windows with your policy editor.

Now when someone logs in, they will be prompted again for their password (people will assume they mistyped their pass and it's promting them to retype it, and some will assume it's a new security measure). No one will suspect that their passwords are now stored (albeit encrypted) in username.pwl files in C:\Windows

Now grab a pwl cracker (Cain) and run it through a nice dictionary. 90% will be cracked. Those that arn't can usually be brute forced within a few days (even on a slow computer). This way, you can get teacher/admin accounts. "Teacher, I can't log on. Can you try?" Or, of course, do this to a teacher/classroom computer when no one is around (Field trip, lunch, etc.)

As you share C: drives, you'll want to get a few extra floppies to store the hundreds of PWL files, cracked passwords, and shortcuts to computers that you have (even if network neighboorhood is disabled, a shotcut to\C isn't). You might want to drop Mozilla onto a few computers, since they won't have any download/proxy restrictions on it.

This is also a way that, in a bind, you can do a one type act of mass destruction: If there's something to do (homework/test wise) on the computers, and most of the ones your class is going to use is under your control, you can bring them down. With no C:\Windows folder, the computer will not crash at once... but people won't be able to do anything. Make those sysadmins work for their pay for once.

Setting up a few linux installs on remote computers is also a good idea, especially if they are in an empty part of the school, or seldom used part of the school (in my school, there was a corner of the school with several computers used just for Health Eduction... no one ever used the computers. Suddenly, I had 4 bots used to flood the network whenever I wanted to cause some mischeif).

Armed with a floppy, you've taken control of the school. Rule as you have choosen.