HiR 6
Tools of the trade: The disk o' death
by Axon
A disk of death? No, we are not speaking of cheapo cardboard-crust pizza.
I have always carried one or more disks of death on me since I came up with
the idea. So what's ON a disk of death? How'd it come to earn such a name?
Soon you will know.
Creating your disk(s)of death:
------------------------------
A disk of death contains software tools and possibly text files that will
help you in a given situation. Basically it's a 3.5" x 3.75" x .2" tool-
box, filled to maximum capacity with toys, programs, and othet stuff.
The disk of death acquired its name when I formatted a diskette that
contained the ANTICMOS Virus. Someone wrote on the disk: "DEATH TO HE
THAT PUTS THIS IN A COMPUTER!" After formatting it, I threw a hex editor
and saber onto it. It eventually got more and more toys. It eventually
bit the dust (started getting errors and stuff, totally corrupted),
so I put the same toys on a fresh disk, and wrote on it: "Axon's Evil
Disk o' Death".
What toys should you include? That's entirely up to you. The disk of
death that I use most often contains lots of fun stuff to mess with
windows 95 (specifically the machines at my old high school and others
where where people have tried to secure the system). This is what my
Win95 disk o' death contains:
o The disk is a Windows 95 Formatted Bootable disk
o A self-extracting pre-configured version of WinTD (See HiR 3, also, WinTD
is available not on the HiR Links and Files page)
o A copy of Regedit.exe (Registry Editor)
o A hand-made registry patch file that unlocks most security settings that
are stored in the registry (restrict on command.com, printers,
configuration, network stuff, etc. Read the Windows article later this
issue. It will help you create one of these)
o Saber, a great tool to directly read what's in memory
o Hacker View (hiew.exe. My favorite dos-based hex/text editor, available
on the HiR Links and files page)
o An OLE-Enriched wordpad document (See Windows Holes in this issue)
o A batch file that renames all files on my disk to strange names with
.dat extensions, then deletes them (and itself)
o Password Thief (Passthie.exe, as well as a usage tutorial are available
on the files/links page at the HiR site), a program that can find out
what those silly asterisks (saved passwords, etc) in a text box REALLY
mean...
o Hide-It, a simple program that uses the Windows API to cloak a running
program. Also available on the HiR page. Drawback: it sets up a system
tray icon. sigh.
o Windows PS and KILL. Gives you a nice "UNIX" feel, lets you kill off
specific threads, not just a program. MUCH better than Windows' little
Control-Alt-Delete menu. Also on the site.
o ClearURL, a program I wrote that clears the URL list in the Location bar
in Netscape Communicator. (Still being updated. New updates will be
available on the page.)
The registry patch probably will work anywhere that someone had fun
with the registry to make things more secure. My wordpad document
has a OLE link to the registry file. This is because often times I
cannot open the disk from the desktop, but i can open the document
with wordpad or Word 97 (the computers allowed people to save and
open documents to type and print them). I just used OLE to create
links to executables and other data files. If you aren't quite fam-
iliar with OLE or the registry read the Article on windows that
appears later in this issue.
For the old machines still running DOS I have a DOS Disk o' Death:
o Formatted with DOS 6.22 as a bootable diskette.
o Hacker View (for text/hex editing)
o Central Point's KILL utility
o A TSR keystroke logger
o TSR Basic (For creating a dirty, memory hungry TSR on the fly)
o The DOS Intersvr programs (fast file transfers between 2 systems,
laptop, other desktop, etc)
o BC.EXE, LINK.EXE, and some of the other files that are necessary
for compiling QuickBasic source code in a pinch.
I'm always coming up with new toys for different environments. The
ability to scrub the really incriminating stuff is somewhat import-
ant, but not a necesity. Come up with lots of fun stuff to use.
To get some of the programs mentioned here, as well as some other fun
toys, visit the HiR Links and files page at:
http://hir.home.ml.org/hirlinks.html