?? standsec.html
字號:
<html>
<head>
<title>STANDSEC</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
<tr>
<td width="693">
<pre>
::::::::: :::::::: ::::::::: ::::::::::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+
+#++:++#+ +#++:++#++ +#++:++#: :#::+::#
+#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+# #+# #+# #+#
######### ######## ### ### ### </pre>
<p><br>
<br>
</p>
<pre> <a href="http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
_____________________________
______________________I <b> Topic:</b> I_____________________
\ I I /
\ HTML by: I <b>The PC Hacking FAQ</b> I Written by: /
> I I <
/ <a href="mailto:black_mesa@gmx.de">Martin L.</a> I_____________________________I <a href="mailto:olcay@libtech.com">Olcay Cirit</a> \
/___________________________> <_________________________\</pre>
</td>
</tr>
</table>
<p>Version 1.5 3/17/96<br>
Appendix by <a href="mailto:Njan@anrki.com">Njan</a> 18/09/9</p>
<hr width="50%" align="left">
Written By <a href="mailto:olcay@libtech.com">Olcay Cirit</a>
<hr width="50%" align="left">
<br>
<p><br>
<font size="4"><b>Table of Contents</b></font></p>
<ul>
<li><a href="#1">X. Introduction</a></li>
<li><a href="#2">1. Hardware and Firmware </a>
<ul>
<li><a href="#3">a. The BIOS </a>
<ul>
<li><a href="#4">Passwords</a></li>
<li><a href="#5">Resetting the CMOS</a></li>
</ul>
</li>
<li><a href="#6">b. Floppy Locks </a>
<ul>
<li><a href="#7">Picking Them</a></li>
<li><a href="#8">Buying them</a></li>
</ul>
</li>
<li><a href="#9">c. Last Resorts </a>
<ul>
<li><a href="#10">Hard Disk Extraction</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#11">2. DOS, Windows, and Netware </a>
<ul>
<li><a href="#12">a. Getting access to DOS </a>
<ul>
<li><a href="#13">Boot from a floppy disk</a></li>
<li><a href="#14">Bypass startup files</a></li>
<li><a href="#15">Bypass DriveSpace</a></li>
<li><a href="#16">Break out of Autoexec.bat</a></li>
</ul>
</li>
<li><a href="#17">b. Getting to DOS from Windows </a>
<ul>
<li><a href="#18">Password Protection </a>
<ul>
<li><a href="#19">Windows Login</a></li>
<li><a href="#20">Third-Party Passwords</a></li>
<li><a href="#21">Screensavers</a></li>
</ul>
</li>
<li><a href="#22">Windows-Based Security </a>
<ul>
<li><a href="#23">DOS Through OLE</a></li>
<li><a href="#24">DOS Using Write</a></li>
<li><a href="#25">DOS Using Word</a></li>
<li><a href="#26">DOS through MODE</a></li>
<li><a href="#27">DOS through Windows Login</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#28">c. Getting Past Netware </a>
<ul>
<li><a href="#29">Common Account Names</a></li>
<li><a href="#30">Resetting Netware</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="#31">3. Building a SECURE system </a>
<ul>
<li><a href="#32">a. Understanding the Issues </a>
<ul>
<li><a href="#33">Potential "Hackers"</a></li>
<li><a href="#34">Physical Security</a></li>
<li><a href="#35">Software Security</a> <a href="#37">(+ link to appendix)</a></li>
<li><a href="#36">Passwords</a></li>
</ul>
</li>
</ul>
<li><a href="#37">4. Appendix. <Njan></a></li>
</ul>
<hr align="left" width="400">
<p><b><font size="4"><a name="1"></a>X. Introduction</font></b></p>
<p>This FAQ describes how to break-in to a PC (IBM-Compatible) from the outside
in, and how to bypass some common software-based security measures. The last
section details how to secure your PC against most of such attacks.</p>
<p>Many of these solutions assume you have physical access to the PC. For example,
you can't extract the hard disk or reset the CMOS over a network, but you can
do it if you have access to the computer.</p>
<p><b><font size="4"><a name="2"></a>1. Hardware and Firmware</font></b></p>
<p><font size="4"><b><a name="3"></a>1a. The BIOS</b></font></p>
<p><font size="4"><b><a name="4"></a>Passwords</b></font><br>
<br>
The BIOS, short for Basic Input/Output Services, is the control program of the
PC. It is responsible for starting up your computer, transferring control of
the system to the operating system, and for handling other low-level functions,
such as disk access.</p>
<p>NOTE that the BIOS is not a software program, insofar as it is not purged from
memory when you turn off the computer. It's firmware, meaning it is permanently
and unchangeably stored in the machine. FLASH BIOS Systems, such as those from
Phoenix and AMI, allow you update the BIOS through software, but that's another
FAQ.</p>
<p>A convenient little feature that most BIOS manufacturers include is a startup
password. This prevents access to the system until you enter the correct password.
</p>
<p>If you can get access to the system after the password has been entered, then
there is a software-based BIOS password extractor available from:</p>
<p><a href="ftp://oak.oakland.edu/simtel/msdos/sysutil/amis2990.zip">ftp://oak.oakland.edu/simtel/msdos/sysutil/amis2990.zip</a></p>
<p><br>
<font size="4"><b><a name="5"></a>Resetting the CMOS</b></font><br>
<br>
There is only one other way to get past the BIOS password. It involves discharging
the static memory (CMOS) used to store the password and other system information.
Once it is discharged, however, you have to reset all the system settings by
hand.</p>
<p>****Follow these steps:</p>
<ol>
<li>Start up the computer a. If the system allows it, enter the Setup Screen
(Usually by pressing F1, DEL or INS during the memory check)</li>
<li>Record all the Setup Information. Double Check.</li>
<li>Turn off the computer</li>
<li>Remove the casing, and put the computer on the ground in such a way that
you can see and access the side of the motherboard with the processor on it.</li>
<li> Look at the motherboard</li>
<li>If you can see a round, disc-like battery, then remove it, and let the computer
sit without the battery for 15-30 minutes. Put the battery back in.</li>
<li>If you have access to the circuit diagrams for the motherboard, look in
there for the password or CMOS jumper. Flip it on and off.</li>
<li>Look for a blue, soldered-in battery with a jumper running off of it. This
jumper is for connecting an external battery. Pull it out for 15-30 min. to
reset the CMOS.</li>
<li>Replace the computer casing.</li>
<li> Enter the Setup Screen, and set the Setup Information back to the original
values that you (hopefully) recorded. </li>
</ol>
<p>If you were unable to record the setup info, then you'll just have to set it
up manually. Some newer Plug & Play BIOSes have an autodetect feature that
automatically sets-up the hard disk and other items.</p>
<p>Again, I would like to mention that there are numerous password extractors
available for free off the internet and on BBSes. Try those first: they are
much cleaner and easier-to-use.</p>
<hr>
<p><font size="4"><b><a name="6"></a>1b. Floppy Locks</b></font></p>
<p>Floppy Locks are generally cheap plastic inserts that hook on to the inside
of the drive and lock it, thereby preventing you from using the floppy drive.
The locks used are usually those little swivel locks used in computer casings
to lock the keyboard.</p>
<p>There ARE some very secure locks, with *unique* keys. Such locks are not sold
at your local computer store, and must be obtained directly from a factory in
Nice, France (didn't get the name, though.). There is a distributor in Canada
by the name of "Kappa Micro".</p>
<p>If the lock is of the swivel type, you can either pick it, or buy a key (they're
all the same).</p>
<p><a name="7"></a>To pick it, you'll need a *thin* flathead screwdriver or a
paperclip. To pick the lock, take the paperclip and insert it into the little
notch on the inside of the swivel lock. Now, pull to the opposite side of the
lock until the swivel is in the unlocked position.</p>
<p><a name="8"></a>If you choose to buy a key, you can:</p>
<p> A. Go to your local computer service center, and buy one of these keys. (Very
cheap. Often less than<br>
$0.75) B. Buy the same brand of floppy lock, and use the key that comes with
it.</p>
<hr>
<p><font size="4"><b><a name="9"></a>1c. Last Resorts</b></font></p>
<p>If you are *REALLY* desperate to access this PC, then the following *might*
work:</p>
<ol>
<li><a name="10"></a>Remove the PC Casing</li>
<li>Extract the hard disk (By unscrewing and disconnecting)</li>
<li>Transfer it to another computer. (Make sure that it is NOT set as the boot
drive.)</li>
<li>Start up this computer, and access the hard disk from there.</li>
</ol>
<p>This will probably not work if an encrypted file system is in use. The only
way to access such disks is to enter the password, or figure out a way to decrypt
it, so if you forget your password, you're hosed. :(</p>
<hr>
<p><font size="4"><b><a name="11"></a>2. DOS, Windows, and Netware</b></font></p>
<p><font size="4"><b><a name="12"></a>2a. Getting access to DOS</b></font></p>
<p>Some systems, are set up to boot directly to some sort of shell/security program,
like Windows, or Windows 95. If you want to get access to a DOS prompt, you
have some choices:</p>
<ol>
<li>Boot from a floppy disk</li>
<li>Bypass startup files</li>
<li>Bypassing DriveSpace</li>
<li> Break out of Autoexec.bat</li>
</ol>
<p> <a name="13"></a>***Booting from a floppy requires you to create a system
disk. You can do this using the DOS command FORMAT A: /S which will format a
disk and place system files on it. Also, the Windows format (In File Manager
or Explorer) has an option allowing you to create a system floppy.</p>
<p>Before you create a system disk, you must determine which floppy drive is used
to boot. If the system has both a 1.2MB (5.25") Floppy Drive and a 1.44MB
(3.5") Drive, it is likely that the boot drive is the 1.2 MB floppy drive.
If the computer has only one floppy drive, it is quite safe to assume that it
is the boot drive.</p>
<p>However, if you are unsure as to which drive is the boot drive, you can either
find out by entering System Setup (as described in section 1) or by observing
which floppy drive is read right before the operating system loads.</p>
<p>If the system is set to boot only from the hard disk, then you can refer to
Section 1 on how to reset the CMOS.</p>
<p>Once you have a system disk, you place it in the floppy drive, and turn on
or reset the computer. If you have done everything right, the computer will
boot from the floppy drive and you will have access to a DOS prompt.</p>
<p>This technique, of course, can be prevented through the use of a floppy lock,
and by setting the BIOS to boot only from the hard disk.</p>
<p><a name="14"></a>***Bypassing startup files is quite simple, but only works
on versions of DOS 6.0 or better and Windows 95. When you turn on the computer
and you see the text:</p>
<p> Starting MS-DOS ...</p>
<p>or<br>
Starting PC-DOS ...</p>
<p>or <br>
Starting Windows 95 ...</p>
<p>Press and hold the SHIFT or F5 key IMMEDIATELY. This will bypass the startup
files (CONFIG.SYS and AUTOEXEC.BAT) as long as the system administrator has
not disabled this feature.</p>
<p>Additionally, you can press and hold F8 when the startup text shows to enter
the Boot menu. This lets you selectively disable certain commands, or bypass
the startup files totally, among other things.</p>
<p><a name="15"></a>***Bypassing DriveSpace works if compression software such
as DriveSpace or DoubleSpace has been installed. If so, when the startup text
displays, press and hold Ctrl+F5 or Ctrl+F8. This will load the system without
loading the compression driver, which means you can't access the files on disk.
</p>
<p>HOWEVER, you *can* decompress the disk (DriveSpace only), as long as you have
sufficient disk space or enough floppies. </p>
<p>If all else fails, you can format it or take it to a Specialized Data Recovery
service. They can probably recover the files by moving them to a larger hard
disk and decompressing. </p>
<p><a name="16"></a>***Breaking out of AUTOEXEC.BAT is rather simple also. When
the computer starts up and the operating system starts loading, press Ctrl+Break
(Or Ctrl+C) repeatedly. When the AUTOEXEC.BAT executes, this will terminate
it and drop you to DOS. This will work unless the keyboard has been disabled,
or is inactive during initialization (Drivers can be loaded in CONFIG.SYS which
temporarily disable the keyboard, and then re-enable it with a command at the
end of AUTOEXEC.BAT)</p>
<hr>
<p><font size="4"><b><a name="17"></a>2b. Getting to DOS from Windows</b></font></p>
<p>If the above tactics fail, and the machine automatically loads Windows, then
you still have a very good chance of getting to DOS. Since Windows by default
gives you free access to DOS, there are special security programs made specifically
to prevent the user from accessing it, among other things. Most of these programs
can be bypassed.</p>
<p><font size="4"><b><a name="18"></a>Password Protection</b></font><br>
<br>
If when Windows starts up you are presented with yet another password dialog
box, analyze the situation:</p>
<p><font size="3"><b><a name="19"></a>Windows Login</b></font><br>
<br>
If this is the Primary Windows Login or a Network login, then you can get past
it by pressing the Cancel button (No Joke!) to log on as the Default user. This
is because the Login information is used primarily for desktop preferences and
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -