I have a question about using a public computer. There is a computer lab I frequent that has the nasty habit of completely deleting any installed software after it is rebooted. Is there any way to hack these computers so they either don’t do this, or you can make your software part of the files it keeps?

I would like to be able to install archiving software and remote operation software so I can control the computer from home. Since it gets shut down each night, and everything gets wiped, this is not feasible.

Do they really delete all new files or do they replace the content of the entire partition? They may have created an image of the partition after they installed all software and restore it every night. You can find out if that's the case by changig some nonrelevant settings of a program you're allowed to use on that PC. If the settings are reset the next day my theory is correct, otherwise you may find a way to install your program permamently.

Mega,

It depends on the operating system and the software they are using to delete the files. The most popular one currently is deepfreeze at www.faronics.com

If you can get the information, I could tell you yes or no if it is possible.

I know for my school they have a similar program, called "Clean Slate" which deletes files on the harddrive except for the ones they have on their list, so all you would need to do is log in as the Administrator and add your installed files to the "keep" list. Clean slate does not affect the setting on programs, so if thats what they are using, it should help you

Is there a shared network drive system? At one place, we set up Descent as a networked game via the mapped drive, and it stayed there for a while, until it was wiped each weekend.

A good way might be to leave a CD in the drive, so it fires up when rebooted. Using something like Knoppix, you can get around all the security and perhaps change the image, such that it rewrites your settings onto the drive every time.

If it is a network image, you will have more trouble, unless you can find a way to hack into the server, but that is less likely, due to the time it takes to transfer everything across.

If the machine is protected by Windows security, and the floppy drive works, you can do the same with a special Linux disk, which will let you replace the password files, letting you in to the machine. But that will be risky, since, unless they *are* wiping everything nightly, it will be obvious it was tampered with.

Get as much info as you can. Is the machine always on, or is it turned off nightly? Some files in Windows cannot be deleted or overwritten without reboot. There are other ways than copying the whole partition, such as resetting the registry file, which wrecks anything that needs a proper install, or re-copying the windows folder (Win95/98) which may allow a way in.

You might also want to fire up something like a keystroke logger. You can get the machine codes, etc, that way. Of course, you might want to do the reverse, too, since they just might be watching what you are typing!

These are some things to check:
Does the internet cache get wiped each time? Does auto-complete remember anything? Are all the cookies gone? Do you have to log in, or is it an open machine? How long does a restart take? How are the archive bits set? Do they change back if you change them? What does a search for large files return? (There might be a large passworded zip file, set to overwrite everything with the archive bit set (which means it has been changed))

Search for .bat files, too, especially those in the start-up folder. See if you can run winipcfg and change the IP address (is it DHCP?) Try releasing it, and getting a new one, then restarting. tracert will let you see the route for various things to the internet, including the IP of the proxy/router. Use msconfig, and see if there are any "special" files in there that do something interesting, like deleting everything!

I'm quite good at this stuff, so just ask if you have questions.

You would most definitely need administrator privileges. Hang out behind an admin using a computer and steal his password, or find someone that knows how to hack the network from and outside source.

Admin privileges are the easiest thing to get on a Windows XP box, Go to http://prdownloads.sourceforge.net/austrumi/
Grab the latest .iso and burn it on a CD. Then boot from it. NT_Pass at the boot screen and it'll walk you through from there. My favorite little program. :D

Silentnite, there is a floppy based version too, called rawrite2, I think.
http://www.thomasmathiesen.com/itak/html/software.html has it, you make a floppy from it I've not done it in a while, but it lets you reset the password to blank, then you restart and, since you know the password is blank you can get in & enter a new one. Entering a new password, although an option, has never worked for me.

The final solution is probably http://www.lostpassword.com/windows-xp-2000-nt.htm but you will want to "shop around" to get a copy a bit cheaper ;)

Someone also suggested "Or you could just reboot into safe mode. Then just log in under administrator account (in safe mode it will not require a pw) and got to user accounts and change the pw!" on one site. This only works if the admin password hasn't been set, but it is the fastest and easiest to check.

EDIT: http://home.eunet.no/~pnordahl/ntpasswd/ has two floppies that will do what both the above tools will do, and it is free. I can up it to the FTP if wanted.

Edit2: http://xpcracker.mine.nu/xpcracker/ also has another tool for doing much the same, but will actually recover the password, using a brute force attack, so you wouldn't then have the problem with a reset password. Once the image was restored, you could then simply log in as Admin and try again, without messing around.

I do know the computers get shut down each night. If I physicially turn the machine off and start it again, all files added to the machine are wiped including anything installed, anything in my documents. Everything except files in the recycle bin that is.

The machine does require a log in to access the machine. I did notice that on a few machines some of those annoying nav bars have been added to Internet Explorer (the spammer kind that install without your permission). Those are not removed fter a reboot.

I think getting admin privleges would be the way to go to install anything on a permanent basis. I'll try some of your suggestions.

You could ask them what they have on their network, under the guise that you are setting up a network at your house and you don't want your kids installing their games on your computer. Or a similar BS story, then when they tell you what program they have just find a program that gets around it.

Thanks Jack. I should have mentioned the floppy one, but the only one I use it the CD version. Familiarity breeds fondness.

Anyways, I have this page from back when I was searching for how to reset the windows Admin password. http://www.petri.co.il/forgot_administrator_password.htm Has Astrumi, and 3 other good ones. Along with details on how to use them.

Edit: I also only change the password to blank. If you change the password it can corrupt some of the hashes on password protected files. By leaving it blank for some reason its not as dangerous.

Simple. They're almost definately using Deep freeze. Hit Ctrl + Alt + Shit + F6 (might be diff for older versions) to see if a password box comes up. And no, theres no default password. :(

Also, they'll probably have the actual comp chassis locked so you can't get inside to clear the CMOS, and ofcourse booting from floppy/cdrom will be dissabled.

So basically your scewed unless you can hmmm lets see:

1.)Go in the morning, install a software keylogger, go back at night and retrieve the log files hoping that a staff member has logged in, and that the computer hasnt been restarted since he/she used it.

2.)install a keylogger, and find a way to set up windows so that it will call a script as/before windows is restarted that will upload the log files somewhere on the interent before the comp reboots. Im sure you could easily find a way to do that. Theres gotta be some reg hack or third party program that allows tasks to be run right before shutdown. Uploading the files wouldn't be hard. I've seen VB scripts (puke) that are designed just for this purpose.

3.)Install a hardware keylogger and hope nobody finds it.

4.)Guess the deepfreeze password till you get it right.

5.)Install your keylogger into the thawspace, which is a 50 mb (i think) partition that deepfreeze uses to store logs in.

6.)Hope they dont have a switched network and try to sniff some passwords.

Anyhow, goodluck!

A hardware keylogger would be the coolest thing. Pop it on, see eactly what everyone was using. "Break" the computer, and see what happens when they log back on. It would grab a whole lot of passwords for sites, too.

I remember when I sat at the proxy for a web cafe, and took a peek at what everyone was surfing to. Had to throw one guy out for surfing hardcore in a webcafe full of kids! You could grab all the data traffic, no problem.

If you want to try a sniffing attack, use nmap to work out what the network looks like first. Run it, then leave, and come back when you are sure you haven't been sussed out! It will tell you if there is a firewall on each machine or not. If you just have a dos prompt, you can use ping, ipconfig and tracert to good effect:
tracert www.google.com
will tell you the local network IP, the IP of the proxy server, and some other stuff if you are lucky. Then you can ping other machines that should be on the same range.