night^man
Sep 2 2004, 11:44 AM
thx for help
sh4d0w`
Sep 2 2004, 11:55 AM
del cmd.exe
del net.exe
???? oO whats your problem...please describe your problem the next time
nackas
Sep 2 2004, 11:58 AM
You won't need to delete cmd.exe and net.exe if you properly secure the machine.
touk
Sep 2 2004, 12:28 PM
It's a very bad idea to del anything on a computer you have compromised. In fact it completely sux because you are destroying datas that dont belong to u and more the system can be totally (filtered) up. Nasty, too bad. NEVER DO THAT !
Anyway and for educationnal purpose only : ms windows has a copy of each important files in %SYSTEMROOT%/system32/dllcache and will copy from this dir a file which has been deleted from system32 for example. Using the | between 2 del command will defeat this protection.
andydis
Sep 2 2004, 01:09 PM
| QUOTE |
It's a very bad idea to del anything on a computer you have compromised. In fact it completely sux because you are destroying datas that dont belong to u and more the system can be totally (filtered) up. Nasty, too bad. NEVER DO THAT !
|
and that is the fundamental difference between the dark and light side of the force.
lol
mrBob
Sep 2 2004, 01:23 PM
| QUOTE (touk @ Sep 2 2004, 02:28 PM) |
| Anyway and for educationnal purpose only : ms windows has a copy of each important files in %SYSTEMROOT%/system32/dllcache and will copy from this dir a file which has been deleted from system32 for example. Using the | between 2 del command will defeat this protection. |
i believe you get a warning on your desktop if you do that
that warning asks the user for the windows cd
and deleting cmd.exe... wtf
THoRaX
Sep 2 2004, 05:18 PM
won't net.exe and cmd.exe be restored by windows if you delete them?
well, i suppose you are asking this in a hacker case.
I'm aspecting that you are wanna know this because you don't wanna be hacked yourself, and won't use it to secure you hacked servers.
well, no need to delete them..
Just block the for users with SYSTEM rights, since almost all exploits will spawn a shell with SYSTEM rights
tibbar
Sep 2 2004, 05:37 PM
omg deleting windows system files...how lame.
im guessing this is a kiddie netbios scanner who is worried the owner might type net stop servu
manu
Sep 2 2004, 06:06 PM
Guys, I have the habit of RENAMING those files.. You dont need to delete it m8..!! Just rename it to "What a stupid file.exe" ...!!
Manu
Vort3x
Sep 2 2004, 06:22 PM
To delete them its a long process, here is how:
http://www.winguides.com/registry/display.php/790/You have to disable windows file protection then you may do it(on Windows XP). But renaming them, hmm that might work never tried it. I wish there was a quick script to disable windows file protection. But I have not come accross one. And it would be quite hard for me to code one because I do not have a lot of programming experience.
CereBrums
Sep 2 2004, 06:55 PM
I could think of no other reason than the one's that had allreaby been brought here.
but still...
I think booting in safe mode would allow you to delete those files.
altought I'm not sure
Vort3x
Sep 2 2004, 07:16 PM
| QUOTE (touk @ Sep 2 2004, 09:28 AM) |
Anyway and for educationnal purpose only : ms windows has a copy of each important files in %SYSTEMROOT%/system32/dllcache and will copy from this dir a file which has been deleted from system32 for example. Using the | between 2 del command will defeat this protection. |
CereBrums.
Booting in safe mode will not allow deletion of windows file protected files. Windows file protection has a copy of these files in that directory and will back them up when deleted, unless you disable windows file protection.
NoRRiS
Sep 2 2004, 08:44 PM
dont delete the files
juste remplace
del c:\winnt\system32\ftp.exe <= No !!
copy c:\winnt\system32\cmd.exe ftp.exe <= Yeah
and for secure a serveur u don't need to del cmd.exe :s
blahplok
Sep 3 2004, 01:39 AM
try this:
del c:\winnt\system32\dllcache\cmd.exe
del c:\winnt\system32\cmd.exe
del c:\winnt\system32\dllcache\net.exe
del c:\winnt\system32\net.exe
note:
1. You must logged on as administrator
2. first you del on c:\winnt\system32\dllcache\
3. second del on c:\winnt\system32\
4. if you del cmd.exe, you must del from explorer, if you del from command prompt it's will not work, access denied (i think you know why)
i'v try on windows 2000 maybe work on win XP
Good Luck
Alex Trust
Sep 3 2004, 06:04 AM
| QUOTE (CereBrums @ Sep 2 2004, 06:55 PM) |
I could think of no other reason than the one's that had allreaby been brought here.
but still...
I think booting in safe mode would allow you to delete those files.
altought I'm not sure |
if i'm correct there is
also deleting files are lame and u'll get caught nyway
good luck 2 u
touk
Sep 3 2004, 11:25 AM
| QUOTE |
| i believe you get a warning on your desktop if you do that that warning asks the user for the windows cd |
Yes of course you have this message but this is not a problem to kill those windows. On the other hand if you replace a protected file by another one with the same name but not the same size you will have two windows. That is what I had when I have replaced the taskmgr.exe by processexplorer from sysinternal on my own machine.
| QUOTE |
| and that is the fundamental difference between the dark and light side of the force. |
I'm not totally white
But to protect by destroying...
This is insulting !
withdraw
Sep 3 2004, 03:43 PM
| QUOTE |
| Anyway and for educationnal purpose only : ms windows has a copy of each important files in %SYSTEMROOT%/system32/dllcache and will copy from this dir a file which has been deleted from system32 for example. Using the | between 2 del command will defeat this protection. |
will windows just look to see if there is just a file named cmd.exe?
touk
Sep 4 2004, 03:53 PM
| QUOTE (withdraw @ Sep 3 2004, 03:43 PM) |
| QUOTE | | Anyway and for educationnal purpose only : ms windows has a copy of each important files in %SYSTEMROOT%/system32/dllcache and will copy from this dir a file which has been deleted from system32 for example. Using the | between 2 del command will defeat this protection. |
will windows just look to see if there is just a file named cmd.exe?
|
ye through SFC.DLL on 2k/xp & through SFC_OS.DLL onr 2ksp1
dijk
Sep 7 2004, 06:23 AM
only thing i do is disabling echo in cmd.exe ....... install some backdoors and then you hold most of the re-hackers out.....
tuby
Sep 7 2004, 08:11 AM
| QUOTE (dijk @ Sep 7 2004, 06:23 AM) |
| only thing i do is disabling echo in cmd.exe ....... |
it's a malicious idea
But how u do that ?? i know that we can disable command extensions with the witch /E:OFF but echo isn't a extension .. :s
touk
Sep 7 2004, 09:37 AM
| QUOTE (tuby @ Sep 7 2004, 08:11 AM) |
| QUOTE (dijk @ Sep 7 2004, 06:23 AM) | | only thing i do is disabling echo in cmd.exe ....... |
it's a malicious idea But how u do that ?? i know that we can disable command extensions with the witch /E:OFF but echo isn't a extension .. :s |
Hexedit cmd.exe, find E.C.H.O, replace by spaces
JoePub
Sep 7 2004, 04:33 PM
Like someone has already stated that if done properly you wont need to delete anything, just close the hole that you originally got onto the machine with.
Unless you are using lame techniques like looking for weak passwords, etc...
animorph840
Sep 7 2004, 04:45 PM
May I ask, why mess with cmd.exe? I mean couldn't someone just restore it after uttering only a couple wtf's? Besides, I reiterate, why?
ninar12
Sep 8 2004, 03:35 AM
first way is 2 close the hole u get in :
*change password
*patch the hole
then bring the pc 2 an updated version (patches)
then restrict some SYSTEM privileges --> access denied on ftp.exe & ....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
