Nopey - system setting tool: Difference between revisions

Links

Nopey.zip (54 KB)

Description

I got a nifty little tool called "Nopey" which has been done in my "naughty years" in the internet. Quite versatile and easy to use. It's basically an executable file which can be used to control the users' computer in many ways. You can also gather a lot of info from the users' system. nsExec should be used to call it. I also included a little demo which shows you some very basic functions. Here is the command list:

Commands

info, zip, list, kill, char, color, mode, sysreboot, sysdown, sysabort, 
net, logoff, poweroff, reboot, shutdown, cd, winamp, monitor, vol[ume], 
regdump, child, ser[vice], err[code], dump, copy, sync, pause, resume, 
sleep, show, hide, nc, runas, tweak 
" <commad>/? " to get help about options and details 

info: system information 
info system - basic system information 
info os - OS information 
info cpu - processor type, features, speed and other characteritics, 
plus Intel and AMD cpu specific information, if available 
info memory - memory usage 
info snd - show basic mixer controls (left and right volume settings) 
info sndtree - show mixer controls tree and current controls settings 
(includes name, ID, current value and acceptable range) 
info video - list video modes (win9x does not show display freqs) 
for windows 9x, don't use it in text fullscreen mode 
info ddraw - list DirectDraw video modes 
info ide [caps] - list IDE ATA/ATAPI devices [show capabilities & timings] 
note: when in 9x mode, program hacks GDT, so disable 
AV-monitors and other GDT-protecting software 
info cd - identify all installed CD-ROMs (9x: GDT is also used) 
info part[itions]- list partition tables on fixed drives (nt only) 
info disk [X:]* - info about disk(s) 

zip: control ZipMagic state. this does not require ZMCMDLN.EXE 
zip 0 - disable ZipMagic 
zip0 - disable ZipMagic 
zip 1 - enable ZipMagic 
zip1 - enable ZipMagic 
before enabling ZipMagic programs tries to load ZM32 or ZM32NT if they are 
not loaded. on windows nt program starts ZMNTMON service and handles 'ShutDown' 
key in registry for skipping message 'ZipMagic was not shutdown correctly' 

list: list system objects 
list - show processes 
list threads [<procname>] - show threads 
list dlls [<procname>] - show loaded DLLs [in specified process] 
note: relocated DLLs bases displayed with '*' 
list map [<procname>] - process memory map (nt: show mapped files) 
list vars [<procname>] - show process variables and environment (nt) 
list res [<procname>] - show used resources for process (nt) 
list drivers - show loaded drivers (nt) 
list objects [-r] [<root>] - list nt kernel objects [recurse] 
list files [<procname>] - show opened files (9x) 
list handles [-n] [-f] [-t:<obj>] [<procname>] - show used handles (nt) 
list pipes - list pipes (nt) 
list mailslots - show mailslots (nt) 


kill: terminate process 
kill <processname> - terminate process by name 
(may specify only some first chars of name) 
note: all instances of process.exe will be killed 
kill 0x78 - terminate process by ID (hex) 
kill 120 - terminate process ID (dec) 
it's possible to terminate several processes in one time, ex: kill proc1.exe proc2.exe 
shortcuts: 
ke - kill explorer.exe 
kd - kill ntvdm.exe 


char: print OEM/ANSI code tables 

color: print color map 

mode: show/change display mode 
mode - show current display mode 
mode [-test] [-permanent] xx [yy [c [fq]]] 
mode xx - set horizontal resolution to xx, 
autodetect vertical resolution 
mode xx yy - set resolution to xx*yy 
mode xx yy c - set resolution to xx*yy and color depth to c bits 
mode xx yy fq - set resolution, color depth and monitor frequency 
examples: 
mode 800 - set 800x600, leave same color depth 
mode 1024 768 16 - set 1024x768, high color 
mode 640 480 8 75 - set 640x480, 256 colors, 75 herz 
mode -test 1280 - try 1280x1024 
mode -permanent 1024 - set 1024x768 as default video mode for current user 
note: see 'ws info video' to get list of supported modes 
note for windows 9x: don't use it in text fullscreen mode 

sysreboot: remote shutdown (NT only) 
sysreboot n - reboot local machine after n seconds 
sysreboot n <computer> - reboot computer after nn seconds 
sysreboot n <computer> <msg> - reboot computer and display message 
sysdown n - shutdown local machine after nn seconds 
sysdown n <computer> - shutdown computer after nn seconds 
sysdown n <computer> <msg> - shutdown computer and display message 
sysabort - stop shutdown or reboot on local machine 
sysabort <computer> - stop shutdown or reboot on computer 
examples: 
sysdown 0 - shutdown windows now 
sysreboot 300 \\SERVER "you have 5 minutes, user!" 
- reboot \\SERVER after 300 seconds 
note: you must have enough access rights to computers in network 
hint1: NOBODY can start new shutdown, if there is active one 
hint2: almost all users have privileges to start/stop local shutdowns 

net: network commands 
net view - view network resources 
note: this command is under development for now 

exit windows: 
logoff | reboot | shutdown | poweroff [-force] 
logoff - end windows session 
reboot - reboot the computer 
shutdown - shutdown the computer 
poweroff - shutdown and turn power off 
use flag -force to terminate programs without notifications 

cd: control CD-ROM 
cd - show disk info and tracklist (uses cdplayer.ini) 
cd driveinfo - show drive low-level info 
cd speed <n> [-k[h]] - set maximum spindle speed (and keep [hide console]) 
cd play - play audio CD 
cd play <nn> - play audio CD from track nn 
cd play <nn:mm:ss> - play audio CD from track nn and time mm:ss 
cd pause - pause CD-Audio 
cd resume - resume CD-Audio from pause (win2k only) 
cd stop - stop playing, stop disk in drive 
cd eject | open - open drive door and eject disk 
cd load | close - load disk and close drive door 
cd grab - grab cd audio (nt) 'ws cd grab /?' for more help 
note: you can append CD-ROM drive letter after command 'cd', ex: 
cd D: - show info about disk in drive D: 
cd E: eject - eject disk from CD-ROM drive E: 

winamp: console interface for winamp 
winamp - show winamp version, status and song information 
winamp clear - clear winamp playlist 
winamp list - show playlist. current song is highlighted 
winamp play - play current song 
winamp play NN - play song number NN 
winamp stop - stop playing 
winamp pause - pause/unpause winamp 
winamp next - play next song 
winamp prev - play previous song 
winamp restart - restart from first song 
winamp fadeout - smooth stop 
winamp last - stop after finishing current song 
winamp close - unload winamp, save settings and playlist 
winamp volume - set sound volume (in percents) 
winamp file <file|dir>+ - add files or directories to playlist 
winamp playfile<file|dir>+ - add files to playlist and play them 

monitor: switch monitor to low power consuming mode 
monitor suspend - suspend mode 
monitor doze | standby - standby mode 
monitor on - normal mode 
monitor poweroff - switch power off (not supported by most monitors) 

volume: change sound volume and mixer controls settings 
volume - display master volume 
volume master=<nn> - set master output volume (in percents) 
volume midi=<nn> - set midi output volume 
volume wave=<nn> - set wave output volume 
volume <control_ID>=nn - set volume control state (see 'ws info sndtree' 
for acceptable IDs and values) 
examples: 
vol master=100 - set full master volume 
volume midi=50 - set volume for midi0 device to 50% 
volume midi2=0 - mute second midi device 
volume 0001=1 - mute all sounds 

regdump: dump registry to files, use it to defragment registry 
note. if you can't access some hives, try this: 
ws child -u winlogon.exe ws regdump 
D:\haxor>nopey child /? 
child: make child process from a given process (nt only) 
(new process inherits security context of old process) 
child [-u] [-d:Desktop] <hostprocess> <newprocess> [parameters] 
switches: 
-u - use alternative method (undocumented functions) 
-d:<Desktop> - run process on specified desktop (inherited from hostprocess 
by default, use -d to set 'WinSta0\Default') 
example: 
child -d winlogon cmd.exe - start shell with system privileges 
note: you need SeDebugPrivilege, so it's not an exploit 
note: you may use PID for hostprocess like as in 'kill' command 


service: control windows nt services 
service list [<options>*] - list services 
service start <service><args> - start service 
service stop <service> - stop service 
service pause <service> - pause running service 
service cont[inue] <service> - resume paused service 
service remove <service> - remove service 
service install [<service>] <fullpath> - install service 
options for list: 
-k - include kernel drivers 
-fs - include filesystem drivers 
-w32 - include win32 services 
-r - list running services 
-s - list stopped services 
-p - list paused services 
-n - disable color output 
<name> - show details about service 
* - details about all services 
note: you can add computer name, username and password before subcommand: 
service \\test Administrator * start ntice - query password 
service \\ws12 Test 123 list - use account of 'Test' 

errcode: display error message corresponding to win32 error code 
errcode <errcode> - message corresonding win32 error code 
errcode nt:<errcode> - message corresonding NTSTATUS code 
examples: 
errcode 0x20 - hex error code 
errcode 32 - decimal error code 
errcode 4D5 - hex error code 
errcode nt:0x8000002 - NTSTATUS code 

dump: save process memory to disk (rip decrunched data) 
dump [<options>*] <process_name> - save process data 
options: 
-r - save readonly data too (default: only read/write) 
-s - save to single file (for automatic rippers) 
-i - save data belongs to images too (default: private and mapped only) 
(this flag is always set in 9x) 

copy: copy file or object (nt only) 
copy [switches] <source-names> <destination> 
switches: 
-block=nnnn - buffer size 
-max=nnnn - copy not more then nnnn bytes from each file 
-so=nnnn - read source from specified offset (<4Gb) 
-do=nnnn - write to destination from specified offset (<4Gb) 
-a - append source to destination 
-r - no read caching 
-w - no write caching 
-k - any key stops copy 
-t - truncate destination at end of data 
special names for source and destination: 
hd0, hd1, ... - physical drives 
pt0, pt1, ... - partition table of physical drive 
a: b: ... - logical drives 
bta, btb, ... - boot sector of drive 
cd0, cd1, ... - cd-roms 
zero - /dev/zero (source) 
rnd - pseudo-random data (source) 

sync: flush disk write cache 
sync - flush all fixed disks 
sync [drive:]* - flush specified drives 

pause: pause process or thread (nt) 
pause [processname|pid]* - pause all threads of process 
pause -t:<tid>* - pause thread 

resume: resume process or thread (nt) 
resume [processname|pid]* - resume all threads of process 
resume -t:<tid>* - resume thread 

sleep: do pause 
sleep <nn> - pause for <nn> msec 

show: show top-level windows 
show -p <processname> - show all process windows 
show <windowtitle_substring> - show windows with certain title 

hide: hide top-level windows 
hide -p <processname> - hide all process windows 
hide <windowtitle_substring> - hide windows with certain title 

nc: netcat utility 
nc [<switches>] [host][:port] [<switches>] 
switches: 
-r - reconnect/relisten after closing connection 
-hi - hide input stream 
-ho - hide output stream 
-l:<file> - log to file 
-c<nnnn> - use codepage nnnn 
when no hostname given, program goes to listen mode 

runas: create process in another security context (nt only) 
runas [-a] [domain\]user[:password] process [params]* 
switch -a means 'use alternative (NT4 style for 2k, 2k style for NT4) method' 
when no password specified, it's queried 
for windows NT4, you need a SeDebugPrivilege 

tweak: change various hidden configuration settings 
tweak cpu [wa:0|1] [dp:0|1] [ewbe:0|1|2|3] - set cpu mode for K6,K6-2,K6-3 
wa: write allocation, dp: data prefetch, 
ewbe: write ordering (0-compatible, ..., 3-fastest) 
default is max performance (wa:1 dp:1 ewbe:3) 
tweak vdm [<low> <hi>] - allow DOS VDM to access ports range (win 2000 only) 
default is 0x388 0x38F (adlib ports) - dos progs can play adlib music 

As this App can also do a lot of damage the a system I would like to add, that I am in no way responsible for anything you do with it. Some functions might reboot your computer or even worse, if used in the wrong way, so be warned. Aside of this,if you do use its' potential in a non-harming way, it saves you a lot of headaches and script fumbling :)

have fun,

doberlec

P.s. The cmd-list given here is all you get from me documentation-wise.

Page author: doberlec