More How to be a Hero
in School Computer Lab...
Let's now show your teacher something that is a little bit
scary. Did you know that Internet Explorer (IE) can be used to
break some Windows babysitter programs? Your school might be
running one of them. If you play this right, you can win points
by trashing that babysitter program.
Yes, you could just get to work on those babysitter programs
using the tips of othe Guides. But we will look at a new way
to get around them in this Guide, using IE. The advantage of
using IE when your teacher is anxiously looking over your shoulder
is that you could just "accidentally" stumble on some
cool stuff, instead of looking like a dangerous hacker. Then
you could show that you know how to take advantage of that security
flaw -- but only if you already are confident
that your teacher trusts you to not do mailcious hacking.
Besides, if it turns out the security program you try to override
is well enough written to keep IE from breaking it, you don't
look like a dummy.
Evil Genius tip: People are less afraid
of you if you type sloowwwlllllyyyyyyyyyy.
The dirty little secret is that IE actually is a Windows shell
program. That means it is an alternative to the Win95 desktop,
and the same program that you use for WIndows 98 and ME's Windows
Explorer, and totally integrated into the desktop. From IE you
may launch any program.
Yes, from the IE shell you can run any program on your computer
-- unless the security program you are trying to break has anticipated
this attack. With a little ingenuity you may be able to even
gain control of your school's LAN. But don't try that just yet,
and never unless you have permission!
Newbie note: A shell is a program that
mediates between you and the operating system. The big deal about
IE being a Windows shell is that Microsoft never told anyone
that it was in fact a shell. The security problems that are plaguing
IE are mostly a consequence of it turning out to be a shell.
By contrast, the Netscape and Mosaic Web browsers are not quite
such full-featured shells. This makes them safer to use. But
you can still do some interesting things with them to break into
a Windows box. Experiment and have fun!
Evil Genius tip: Is your school network
run from an NT server? None of the hacks in this Guide may work
if it is running Policy Editor. But as we saw above, you can
get around Policy Editor.
To use IE to launch programs, bring it up just like you would
if you were going to surf the Web. If your computer is set to
automatically initiate an Internet connection, you can kill it.
You don't need to be online for this to work.
Now here are a few fun suggestions. In the space where you
would normally type in the URL you want to surf, instead type
Whoa, look at all those file folders that come up on the screen.
Now for fun, click "Program Files" then click "Accessories"
then click "Paint." All of a sudden Paint is running.
Now paint your teacher who is watching this hack surprised.
Next close all that stuff and get back to the URL window in
IE. Click on the Windows folder, then click on Regedit.exe to
start it up. Export the password file (it's in HKEY_CLASSES_ROOT).
Open it in Word Pad. Remember, the ability to control the Registry
of a server is the key to controlling the network it serves.
Show this to your teacher and tell her that you're going to use
IE to change all the school's password files. In a few hours
the Secret Service will be fighting with the FBI on your front
lawn over who gets to try to bust you. OK, only kidding here,
but remember, don't even joke about breaking into anything unless
your teacher really trusts you.
No, maybe it would be a bit better to tell your teacher that
if you can edit the registry, you can get total control over
that computer. And maybe much more. Suggest that the school delete
IE from all its Windows 95 computers. (It's a lot harder to do
on 98 and ME and hard to get along without.) You are on the road
to being a hero.
If you actually do edit the Registry, you had better know
how to revert to its backup, or else undo your changes. Otherwise
you will be making more work for the computer lab teacher instead
of less work. Remember, the objective is to prove to your teachers
you can cut how much work they have to do!
What if the school babysitter program won't let you run regedit.exe?
Try typing c:\command.com. This brings up the DOS window -- if
the babysitter program hasn't figured out how to prevent it.
Then command it "regedit.exe" and see if the babysitter
program anticipated that attack.
More how to be a hero in computer