More How to Break into Windows



____________________________________________________________

GUIDE TO (mostly) HARMLESS HACKING

Microsoft-only version Number 4

How to Break into Windows 95 from the Internet, continued.
____________________________________________________________

by keydet89@yahoo.com

Hacking from Win95
Accessing shares via the Internet
Alpha Edition:  Oct, 1998

[Protecting Yourself]
[What can they do]
[Getting set up]
[Connecting to shares]
[Final Words]

The purpose of this Guide is to show the reader how to set up
their Win95 computer to use sharing via the Internet.

Readers are encouraged to explore the information provided here,
but only after obtaining permission to do so on the remote
computer.  Get with your friends and try these techniques!

The information in this Guide is meant for use by Win95 users,
as the steps that are outlined are specifically for Win95.  This
same subject for NT has been dealt with in a previous Guide.

Before we start, I should point out that I made extensive use of
a free source of information...the Microsoft KnowledgeBase.  I
searched for a lot of information, and found a lot of good
references, by going to http://support.microsoft.com and
registering my email address.  I will be referencing several
KnowledgeBase throughout this Guide, and you can easily go to
the Support site and print out copies of the articles...just
choose to search for a particular article, rather than by
keyword.

[Protecting yourself]

First, the method of protecting yourself needs to be made
perfectly clear.  DON'T SHARE!!  I can't stress that enough.
If you are a home user, and you are connecting a Win95 computer
to the Internet via some dial-up method, DISABLE SHARING!

If you must share, use a strong password...8 characters minimum,
a mix of upper and lower case letters and numbers, change the
password every now and again.  If you need to transmit the
password to someone, do so over the phone or by written letter.
Another method for exchanging the information is to use PGP, or
'Pretty Good Privacy' (obtaining and installing PGP was covered
in a previous Guide).  Using PGP will not only allow you to
encrypt the information so that only your friend(s) can
decrypt it, but you can also digitally sign the file so that
your friends know that only you could have sent it.

To disable sharing, click on My Computer -> Control Panel ->
Network -> File and Print Sharing.  In the dialogue box that
appears, uncheck both boxes.  It's that easy.  If you are
using
NT, disable the Server service to disable sharing...click on
My Computer -> Control Panel -> Services, and disable the
Server service.

[What can they do]

If someone can access you hard drive via the Internet, there are
many things they can do...it all depends upon their knowledge and
their intent.  Given correct access permissions, they could
erase your hard drive...or leave a 'hidden bomb' behind so that
your hard drive is erased the next time you boot up.  Or they
could simply modify your system.ini file so that the next time
your computer boots up, it opens into the old Program Manager
shell from Windows 3.1, instead of the nice friendly Explorer
shell that you are used to.  Or they could just copy your
email mailboxes, some data, and be merrily on their way.

Of course, there are all sorts of pathological uses for DOS
commands like deltree and ctty, and toys like BO...

[Getting set up]

First of all, you need to make sure that your system is set up
correctly to access another win95 machine via the Internet.  The
assumptions made in the following steps are that:

(a) you have your win95 disks or CD, and
(b) you have a modem in your computer.

By assuming that the reader has a modem, we can keep the
Guide simple, but users who are on a LAN should have no trouble
following the Guide.

1.  The first thing you need to do is make sure that you have
the latest version of DUN (Dial-Up Networking) for Win95.  The
current version is DUN v1.3, and can be obtained by going to:

http://www.microsoft.com/msdownload

Choose "Windows95 Shareware and Utilities" from the "Support
Drivers, Patches and Service Packs" section, and then choose
the update from the "Networking & Communications" section.

NOTE:  Feel free to gather any other updates that you may be
interested in, such as TweakUI.  Another useful tool that you
will find here under "Resource Kits" is the Windows95 Resource
Kit Help File and Utilities.

Once you have obtained and installed the DUN update, you should
be ready to begin.

************************************************************
NEWBIE NOTE:  Before you go on, you might want to look at
or print out the following Microsoft KnowledgeBase articles:

Q178729:  How to configure Win95 to dial into a RAS/RRAS
server
http://support.microsoft.com/support/kb/articles/q178/7/29.asp

Q145843:  How to connect to a remote server
http://support.microsoft.com/support/kb/articles/q145/8/43.asp

Q183368:  Requirements to browse network with dial-up
networking
http://support.microsoft.com/support/kb/articles/q183/3/68.asp
************************************************************

Let's get started...

2.  Click on Control Panel -> Network, and open the applet
to the Configuration tab.  You should see the following entries
at a minimum:  Client for Microsoft Networks, DialUp Adapter,
and TCP/IP.

If one or more of these entries aren't there, choose Add, and
select the appropriate choice.  Make sure that you have your
disks or CD-ROM available...just in case.

**If you don't already have it, add NetBEUI to your system by
choosing Control Panel -> Network -> Add, and choose Protocol.
Select the NetBEUI protocol and install it.

3.  Select TCP/IP, and open the Properties for it.  In the
IP
Address tab, you will most likely have the 'Obtain an IP address
automatically' choice selected.

4.  Now double click on My Computer, choose DialUp Networking,
and  double click on icon for the connection to your ISP. 
Under
the Server Type tab, you should have the following selections:

Type of Dial-Up Server:  PPP: Windows 95, Windows NT 3.5, Internet

Advanced Options:  'Log on to network' and 'Enable software
compression'

Allowed network protocols:  TCP/IP

5.  Now, click the 'TCP/IP Settings...' button, and you should
see
the 'Server assigned IP address' and 'Server assigned name server
addresses' radio buttons selected.  Both 'Use IP header
compression' and 'Use default gateway on remote network' should
be checked.

[Connecting to shares]

6.  Before connecting to shares via the Internet, you need to
make sure that you machine is configured to use the 'lmhosts'
file on your computer to resolve NetBIOS names to IP addresses.
To do this, click Start -> Settings -> Control Panel ->
Network.

On the Configuration tab, click 'TCP/IP', and click 'Properties'.

On the WINS Configuration tab, click 'Disable WINS Resolution'.

Click Ok, then Ok, again.

Reboot your machine.

7.  Now we need to configure lmhosts file entries.  You might
want to start by opening the lmhosts.sam file:

***********************************************************
NEWBIE NOTE:  The lmhosts file is similar to the hosts file
in that it is used to resolve names to IP addresses.  WINS
and lmhosts files are the Microsoft versions of the DNS and
hosts files systems.  DNS/hosts files are used to resolve
Internet names like "www.example.com" to IP addresses.
WINS/lmhosts files are used to resolve NetBIOS names of
machines to their IP addresses.
***********************************************************

c:\windows\lmhosts.sam

..in Notepad and reading through it.  Then from the command
prompt, type:

c:\windows>edit lmhosts

or

c:\windows>notepad lmhosts

The entries in the file should look like:

[IP address] [NetBIOS name]  #PRE

Each entry in the lmhosts file needs to look like this
if you are going to access shares on the machines.

***********************************************************
NEWBIE NOTE:  If you don't have the NetBIOS name of your
friend's computer, you can get it using the nbtstat command.
You have to have the IP address...type:

c:\>nbtstat -A [ip_addr]
**NOTE:  The letter "A" MUST be capitalized!

You should see something similar to:

       NetBIOS Remote Machine Name Table
 
 

   Name              
Type         Status

---------------------------------------------

Registered Registered Registered Registered Registered

MAC Address = 00-00-00-00-00-00
 

95_Box        <00>  UNIQUE
95_Box        <20>  UNIQUE
domain        <00>  GROUP
domain        <1C>  GROUP
domain        <1E>  GROUP
95_Box        <03>  UNIQUE

What you are looking for is the line with "<00>
UNIQUE"...the name at the beginning of the line is
the NetBIOS name of the computer.  This is what gets
entered in the lmhosts file.

If you get the error message "Host not found", it may
mean one of several things...your friend is not logged
on, there is a firewall between the two of you, etc.
***********************************************************

8.  Now we need to refresh the NetBIOS cache for your
machine...

In the DOS command window, type:

c:\>nbtstat -R

This command reloads the cache from the lmhosts file you just
created.

Now, click on Start -> Find -> Computer, and type in the NetBIOS
name of the computer...the same one you added to the lmhosts file.
If your attempt to connect to the machine is successful, you should
be presented with a window containing an icon representing your
friend's machine.

You may be presented with a password prompt window; your friend
should have given you the password, but if he didn't just try
guessing it.

[Final words]

Please remember that this file is for instructional purposes only
and is meant to educate the sysadmin and user alike.  Accessing
computers via the Internet that you do not have permission to access
is a violation of federal law in the US.  It is best to use the
information in this Guide and others to pursue the one and only
guaranteed method of gaining root on a system...become the sysadmin!!
________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check
out
the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking
of the
kind that led to the creation of the Internet and a new era of freedom
of
information. But we hate computer crime.  So don't email us about
any crimes
you have committed!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1998 keydet89.  You may forward, print out or post this
GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you
leave
this notice at the end.
_________________________________________________________