Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Registry Editing

  1. #1

    Registry Editing

    Hope this is ok, this is not my tutorial, I have taken some parts of a Regsitry tutorial from the BSRF.

    Be careful when editing the registry!!

    Disclaimer: I am not responsible for anything that may go wrong with your computer due to the you misreading this tutorial.

    Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system



    Ban Shutdowns : A trick to Play on Lamers

    This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.

    Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:

    This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

    You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.

    Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]



    Pop a banner each time Windows Boots

    To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon

    Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]

    "LegalNoticeCaption"="Caption here."



    Making the Internet Explorer & the Explorer Toolbars Fancy

    The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Internet Explorer\Toolbar\.

    Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.



    Change Internet Explorer's Caption

    Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.

    In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place.



    Internet Explorer 5 Hidden Features


    Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions

    Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.

    NoBrowserClose : Disable the option of closing Internet Explorer.

    NoBrowserContextMenu : Disable right-click context menu.

    NoBrowserOptions : Disable the Tools / Internet Options menu.

    NoBrowserSaveAs : Disable the ability to Save As.

    NoFavorites : Disable the Favorites.

    NoFileNew : Disable the File / New command.

    NoFileOpen : Disable the File / Open command.

    NoFindFiles : Disable the Find Files command.

    NoSelectDownloadDir : Disable the option of selecting a download directory.

    NoTheaterMode : Disable the Full Screen view option.


    Hacking Secrets

    Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.

    Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.

    Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.

    The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.

    You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.

    Launch Regedit and go to the following Registry Key:

    HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies

    Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:

    NoDeletePrinter: Disables Deletion of already installed Printers

    NoAddPrinter: Disables Addition of new Printers

    NoRun : Disables or hides the Run Command

    NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)

    NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu

    NoFind: Removes the Find Tool (Start >Find)

    NoDrives: Hides and does not display any Drives in My Computer

    NoNetHood: Hides or removes the Network Neighborhood icon from the desktop

    NoDesktop: Hides all items including, file, folders and system folders from the Desktop

    NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.

    NoSaveSettings: Means to say, 'Don't save settings on exit'

    DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too

    will not work.)

    NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)

    ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.

    Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

    Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):

    NODispCPL: Hides Control Panel

    NoDispBackgroundPage: Hides Background page.

    NoDispScrsavPage: Hides Screen Saver Page

    NoDispAppearancePage: Hides Appearance Page

    NoDispSettingsPage: Hides Settings Page

    NoSecCPL: Disables Password Control Panel

    NoPwdPage: Hides Password Change Page

    NoAdminPaqe: Hides Remote Administration Page

    NoProfilePage: Hides User Profiles Page

    NoDevMgrPage: Hides Device Manager Page

    NoConfigPage: Hides Hardware Profiles Page

    NoFileSysPage: Hides File System Button

    NoVirtMemPage: Hides Virtual Memory Button

    Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

    NoNetSetupSecurityPage: Hides Network Security Page

    NoNelSetup: Hides or disables the Network option in the Control Panel

    NoNetSetupIDPage: Hides the Identification Page

    NoNetSetupSecurityPage: Hides the Access Control Page

    NoFileSharingControl: Disables File Sharing Controls

    NoPrintSharing: Disables Print Sharing Controls

    Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

    Disabled: Disable MS-DOS Prompt

    NoRealMode: Disable Single-Mode MS-DOS.

    So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.

    The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.

    Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)

    It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    310
    whoa..did you write this all?
    fine effort!
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

  3. #3
    Nope soz, I copied some good parts from the BSRF (Blacksun Research Facility) Good site.

    I have a piece of VB code that enables the registry and also activates the run menu. This can be used when the sysadmin has locked down all the features.

    To use it you can use the schools VB program or Microsoft Words macro editor and assign it to keys instead of a program. Heres the code:


    Code:
    Private Declare Function SHRunDialog Lib "Shell32" Alias "#61" (ByVal hOwner As Long, ByVal hIcon As Long, ByVal sDir As Long, ByVal szTitle As String, ByVal szPrompt As String, ByVal uFlags As Long) As Long
    Private mDialogPrompt As String
    Private mhOwner As Long
    
    Dim b As Object
    Dim s As String
    
    Private Sub cmdclose_Click()
    frmregistry.Hide
    End Sub
    
    Private Sub cmdRun_Click()
    SHRunDialog mhOwner, mhIcon, 0, mDialogTitle, mDialogPrompt, uFlag
    End Sub
    
    Private Sub Form_Load()
    Command1.Caption = "Disable RegEdit"
    Command2.Caption = "Enable RegEdit"
    End Sub
    
    Private Sub Command1_Click()
    Set b = CreateObject("wscript.shell")
    s = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
    b.regwrite s, 1, "REG_DWORD"
    End Sub
    
    Private Sub Command2_Click()
    Set b = CreateObject("wscript.shell")
    s = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
    b.regdelete s
    End Sub

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    This is why you shouldn't have win9x boxes availible to public... Use NT4 / w2k and set permissions on registry keys and NTFS partitions (this implies you should only use NTFS partitions if you want security). That would foil most (if not all) of what has been said here...

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Originally posted here by ammo
    This is why you shouldn't have win9x boxes availible to public... Use NT4 / w2k and set permissions on registry keys and NTFS partitions (this implies you should only use NTFS partitions if you want security). That would foil most (if not all) of what has been said here...

    Ammo
    Cant these be used in win2K, XP and that? Just that I have never had the chance to try them on those OS's

  6. #6
    nice post ive seen these before but who could remember all the reg hacks out there
    good job

    correct me if im wrong but I didnt see anything about backing two critical files first.
    you should backup the system.dat and the user.dat just to be sure you can get back to the way things were before you edit the registry.
    Integrity...loyalty.....and the willingness to make a better world for us all.

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    168
    theres another good registry tweaks/guide at www.winguides.com
    Thanks for this one aswell ;]

    pranKster
    \"Why is the bomb always gettin\' the last word?\" - Will Smith - Lost & Found (2005)

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by Pandabean


    Cant these be used in win2K, XP and that? Just that I have never had the chance to try them on those OS's

    You mean the policies (poledit) or the "hacks"?
    Policies work on both nt4 (old style with poledit) and w2k (with group policies, which I think is a fine tool for managment btw...)

    As for the "hacks", the thing is they all rely on modification of registry keys; so setting apropriate permissions on the keys (with regedt32.exe) so that only admins and system can modifiy those keys will pretty much defeat those tricks.

    Moreover, the real problem with relying on windows policies is that it doesn't offer *real* security; I'd call it "Security trough unavailability" meaning that the philosophy associated with it is "if the tools aren't availible to change the system, then it can't be changed" instead of what registry/ntfs permissions offer: "even if the tools are there, if you ain't the on my ACL, you can't change it"...

    So instead of hiding regedit.exe, cmd.exe... with policies, in nt/w2k you would set permissions that allow only administrators to run them..

    See what I mean?

    Ammo

  9. #9
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Great job because it is a good thing to learn just what the registry does. However now days it would be unsual to find even an open system open locally. All of this does not take into firewalls. Ok so telnet in not on your computer and you use poledit so you enable the service, if this service is not allwed at the firewall your screwed because I will see real time a telnet attempt from inside and by whom, if I am not watching live like going to the can I can look at the logs. Then if the services is not allowed at the firewall and the firewall will not open the port what good is all the editing going to do except expose what one is doing? Then throw in things like ghost and a few other little programs that watch the reg for byte changes and say oops re-boot and well see that you have to start again. Reg edits now are best left to solve program or crashing issues not how to get around Net Admin. Ammo has a good point I just leave those functions on the box for two reasons, people are at work they have to produce something to make a living, two so they can tweak and screw up their systems if they choose and not be able to charge their time to overhead the computer is down. Security is best managed at a firewall that keeps the bad guys out and the wanna be contained within your own system and exposed before they create a liability for the company. Never assume I say security is on your box step to far outside your box even on the inside can buy a ticket out the door. I take my Admin policies from CERT as may other places and the firewall is a box you cannot see, well maybe if your lucky depending on what I am troubleshooting you could, and it's policy is not changed with poledit. Which box/ software you deal with well many choices, to learn them all and their faults hummmm you spend all that time how do you do school work or make a living?
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well, a firewall does nothing to stop students in the school comp lab... This was the purpose of this post...

    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •