HiR 6 Tools of the trade: The disk o' death by Axon A disk of death? No, we are not speaking of cheapo cardboard-crust pizza. I have always carried one or more disks of death on me since I came up with the idea. So what's ON a disk of death? How'd it come to earn such a name? Soon you will know. Creating your disk(s)of death: ------------------------------ A disk of death contains software tools and possibly text files that will help you in a given situation. Basically it's a 3.5" x 3.75" x .2" tool- box, filled to maximum capacity with toys, programs, and othet stuff. The disk of death acquired its name when I formatted a diskette that contained the ANTICMOS Virus. Someone wrote on the disk: "DEATH TO HE THAT PUTS THIS IN A COMPUTER!" After formatting it, I threw a hex editor and saber onto it. It eventually got more and more toys. It eventually bit the dust (started getting errors and stuff, totally corrupted), so I put the same toys on a fresh disk, and wrote on it: "Axon's Evil Disk o' Death". What toys should you include? That's entirely up to you. The disk of death that I use most often contains lots of fun stuff to mess with windows 95 (specifically the machines at my old high school and others where where people have tried to secure the system). This is what my Win95 disk o' death contains: o The disk is a Windows 95 Formatted Bootable disk o A self-extracting pre-configured version of WinTD (See HiR 3, also, WinTD is available not on the HiR Links and Files page) o A copy of Regedit.exe (Registry Editor) o A hand-made registry patch file that unlocks most security settings that are stored in the registry (restrict on command.com, printers, configuration, network stuff, etc. Read the Windows article later this issue. It will help you create one of these) o Saber, a great tool to directly read what's in memory o Hacker View (hiew.exe. My favorite dos-based hex/text editor, available on the HiR Links and files page) o An OLE-Enriched wordpad document (See Windows Holes in this issue) o A batch file that renames all files on my disk to strange names with .dat extensions, then deletes them (and itself) o Password Thief (Passthie.exe, as well as a usage tutorial are available on the files/links page at the HiR site), a program that can find out what those silly asterisks (saved passwords, etc) in a text box REALLY mean... o Hide-It, a simple program that uses the Windows API to cloak a running program. Also available on the HiR page. Drawback: it sets up a system tray icon. sigh. o Windows PS and KILL. Gives you a nice "UNIX" feel, lets you kill off specific threads, not just a program. MUCH better than Windows' little Control-Alt-Delete menu. Also on the site. o ClearURL, a program I wrote that clears the URL list in the Location bar in Netscape Communicator. (Still being updated. New updates will be available on the page.) The registry patch probably will work anywhere that someone had fun with the registry to make things more secure. My wordpad document has a OLE link to the registry file. This is because often times I cannot open the disk from the desktop, but i can open the document with wordpad or Word 97 (the computers allowed people to save and open documents to type and print them). I just used OLE to create links to executables and other data files. If you aren't quite fam- iliar with OLE or the registry read the Article on windows that appears later in this issue. For the old machines still running DOS I have a DOS Disk o' Death: o Formatted with DOS 6.22 as a bootable diskette. o Hacker View (for text/hex editing) o Central Point's KILL utility o A TSR keystroke logger o TSR Basic (For creating a dirty, memory hungry TSR on the fly) o The DOS Intersvr programs (fast file transfers between 2 systems, laptop, other desktop, etc) o BC.EXE, LINK.EXE, and some of the other files that are necessary for compiling QuickBasic source code in a pinch. I'm always coming up with new toys for different environments. The ability to scrub the really incriminating stuff is somewhat import- ant, but not a necesity. Come up with lots of fun stuff to use. To get some of the programs mentioned here, as well as some other fun toys, visit the HiR Links and files page at: http://hir.home.ml.org/hirlinks.html