Monday, April 25, 2011

Old, Good and Funny Trick

This is a very small and simple program that just writes... something to an underused registry value (tested on Win2k, WinXP). Registry is used in Windows (from version 95 and later) to store information that will be used for several purposes by the operating system or by any other application.

There are entries that perform specific tasks...
Does anyone remember the autoexec.bat or config.sys in old good DOS times? Ok, ok... these files still exists in our disks…. but their modern counterparts located in registry, specifically in keys:
Anyway, I will not go too far with this, because my purpose is not to explain the use of the above, instead I would like to expose a less known and underused  (I suppose) registry value which is:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The above key has 2 special string values named
(1)LegalNoticeCaption and
You can go & see the above registry key using the registry editor. You can call it by Start|Run|Regedit. So, if you go in this key normally you will not see  the two special strings (1) and (2). Instead you will see other “important & useful keys” but again this is not our goal.
You can Add manually the above string by Right Click| New| StringValue.
Now,…. What is special with those string value…..  Hmmm, when the operating system starts & finds these string values it shows a message box with title the value of LegalNoticeCaption and Text the value of LegalNoticeText. …..

Do you get the message[box]  ?  ;-)

Now…. I am starting thinking positively…. If I write a little exe program that inserts automatically those strings, I can make a good…. but harmless surprise to any… victim’s PC I can run it.

I give you a simple Pascal (Delphi console application actually) program to do this.

 program FunnyHack2;  
  SysUtils, Registry, Windows;  
  KEY_Hack = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon';  
  Reg: TRegistry;  
  Reg := TRegistry.Create;  
   Reg.RootKey := HKEY_LOCAL_MACHINE;  
   if Reg.OpenKey(KEY_Hack, False) then  
    Reg.WriteString('LegalNoticeText','"The Greek Hackers R good Boys..."');  

Remember! Once you have inserted these string into registry, the operating system (Windows NT - that I ‘ve tested)  will always display this message box on every restart.
To STOP this happen you ‘ve got to go and delete (manually or… programmatically ;) ) the above registry values!

Happy tricking...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.