|
KNOW ABOUT WINDOWS
Windows: Display the Start menu
Windows + D: Minimize or restore all windows
Windows + E: Display Windows
Explorer
Windows + F: Display Search for files
Windows + Ctrl + F: Display Search for computer
Windows
+ F1: Display Help and Support Center
Windows + R: Display Run dialog box
Windows + break: Display System
Properties dialog box
Windows + shift + M: Undo minimize all windows
Windows + tab: move through taskbar buttons
Windows + L: Lock the workstation (or switch to the Logon screen w/Fast
User Switching enabled)
Windows
+ U: Open Utility Manager
Over 1000+ individual tweaks accessed through over 700 tweak plugins! Below is a list of plugins!!!
HOW TO DELETE A UNDELETABLE FILE
|
Open a Command Prompt window and leave it open. Close all open programs. Click Start, Run and enter TASKMGR.EXE Go to the
Processes tab and End Process on Explorer.exe. Leave Task Manager open. Go back to the Command Prompt window and change to
the directory the AVI (or other undeletable file) is located in. At the command prompt type DEL <filename> where <filename>
is the file you wish to delete. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell.
Close Task Manager.
WINDOWS XP HIDDEN APPS:
=========================================
Access these applications by clicking 'Start'
> 'Run' > and type in the filename followed by the '.exe' !
=========================================
1)
Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3)
Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)
4) Dr Watson = drwtsn32.exe (Troubleshooting
tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private
character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe
(Create self-extracting / self-installing package)
8 ) Microsoft Synchronization Manager = mobsync.exe (appears to
allow synchronization of files on the network for when working offline. Apparently undocumented).
9) Windows Media
Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe
(connecting to databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files,
appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool,
tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program
Manager = progman.exe (Legacy Windows 3.x desktop shell).
14) Remote Access phone book = rasphone.exe (documentation
is virtually non-existant).
15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File signature verification
tool = sigverif.exe
18 ) Volume Control = sndvol32.exe (I've included this for those people that lose it from the
System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like
in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but
it appears to encrypt all passwords, I'm not sure of the full implications).
21) Microsoft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be
useful for people having driver problems. Undocumented).
23) Windows for Workgroups Chat = winchat.exe (appears to
be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe
(can use to control startup programs)
25) gpedit.msc used to manage group policies, and permissions |
|
HACKING GOOGLE
You all must understand that alot of research has gone into obtaining this information and that you are all getting this
the easy way. Damn I wish I was you guys.
I'll include a tutorial below along with a few example.
NOTE: Some of
the links will not work anymore because I have notified the sites to fix their flaws.
Theory
The theory behind
this is actually quite simple. Either you think of certain data you would like to acquire and try and imagine in what files
this kind of data could be stored and you search for these files directly. (Search for *.xls files for example) Or you take
the more interesting approach and you try to think of a certain software that allows you to perform certain tasks or to access
certain things and you search for critical files of this software. An example could be a content management system. You read
up on this particular content management system, check out of what files it exists and search for those. A great example is
that of the databases mentioned above, where you know the string “view database” is used on pages that shouldn’t
be accessible to you and you then search for pages containing that string, or you check the software and notice that the option
to view a database is linked on a webpage within this software called “viewdbase.htm” and you search for “viewdbase.htm”
The most important thing is to have a clear goal, to know what it is you want to find. Then search for these specific
files or trademarks that these files have.
Google Search Options
Specific file types: *.xls, *.doc, *.pdf
*.ps *.ppt *.rtf
Google allows you to search for specific file types, so instead of getting html-files as a result
(websites) you get Microsoft excel files for example. The search string you would use would be this:
Filetype:xls
(for excel files) or filetype:doc for word files.
But maybe more interesting would be searching for *.db files and
*.mdb files. Google by the way doesn’t tell you you can search for *.db and *mdb files. I wonder what other file types
one can search for. Things that come to mind are *.cfg files or *.pwd files, *.dat files, stuff like that. Try and think of
something that might get you some interesting results.
Inurl
Another useful search option is the inurl: option
which allows one to search for a certain word one would want to be in the url. This gives you the opportunity to search for
specific directories/folders, especially in combination with the “index of” option, about which I will talk later
on.
An example would be inurl:admin which would give you results of website urls that have the word “admin”
in the url.
Index of
The index of option is another option that isn’t especially thought of by the
creators of google, but comes in very handy. If you use the “index of” string you will find directory listings
of specific folders on servers. An example could be:
‘index of” admin or index.of.admin
which
would get you many directory listings of admin folders. (don’t forget to use the quotes in this case since you are looking
for the entire “index of” string, not just for “index” and “of”)
Site
The
site option allows you to come up with results that only belong to a certain domain name extension or to a specific site.
For example one could search for .com sites or .box.sk sites or .nl sites, but also for results from just one site, but more
interesting might be to search for specific military or government websites. An example of a search string would be:
Site:mil
or site:gov
Site:neworder.box.sk “board”
Intitle
Intitle is another nice option. It
allows you to search for html files that have a certain word or words in the title. The format would be intitle:wordhere.
You could check out what words appear in the title of some online control panel or content management system and then search
google for this word with the intitle option, to find these control panel pages.
Link
The Link option
allows you to check which sites link to a specific site. As described in Hacking Exposed Third Edition, this could be useful:
These search engines provide a handy facility that allows you to search for all sites that have links back to the
target organization’s domain. This may not seem significant at first but let’s explore the implications. Suppose
someone in an organization decides to put up a rogue website at home or on the target network’s site.“”[4]
Combining Search Options
The above mentioned search options might or might not be known to you, but even
though they can amount to some interesting results, it’s a fact that when you start combining them, that’s when
google’s magic starts to show. For example, one could try this search string:
inurl:nasa.gov filetype:xls "restricted"
or this one: site:mil filetype:xls "password" or maybe
site:mil “index of” admin
(I’m just
producing these from the top of my head, I don’t know whether they’d result in anything interesting, that’s
where you come in. You got to find a search string that gets the results you want.)
Examples; The Good Stuff
Specific
file types: *.xls, *.doc, *.pdf *.ps *.ppt *.rtf
To start out simple, you can try and search directly for files that
you believe might hold interesting information. The obvious choices for me were things like:
Password, passwords,
pwd, account, accounts, userid, uid, login, logins, secret, secrets, all followed by either *.doc or *.xls or *.db
This
led me to quite some interesting results, especially with the *.db option but I actually also found some passwords.doc files,
containing working passwords.
http://www.doc.state.ok.us/Spreadsh...20for%20web.xls
http://www.bmo.com/investorrelation...new/private.xls
http://www.nescaum.org/Greenhouse/P...cipant_List.xls
http://www.dscr.dla.mil/aviationinv...ance_5Apr01.xls
http://web.nps.navy.mil/~drdolk/is3301/PART_IS3301.XLS
Admin.cfg
Admin.cfg is, most of the times, an admin configuration file of some sort. Many different software
obviously use names like “config” or “admin” or “setup”, etc. And most of the times these
files contain sensitive information and thus, shouldn’t be accessible for people browsing the web. I tried a search
for admin.cfg, using the following search string on google:
inurl:admin.cfg “index of”
This led
me to many results of which many were useless. But some paid out. I found for example: http://www.alternetwebdesign.com/cg...ctimi/admin.cfg Which contained a password. This was the admin password for a database located at http://www.alternetwebdesign.com/cg...e.cgi?admin.cfg This database contained sensitive client data of this particular company. I then proceeded to e-mail the company and tell
them about the flaw. They replied to me in a very friendly manner and told me they appreciated my help and that they would
take the necessary steps to solve the problem.
Webadmin
A short while back, while working on this article,
I ran into this website:
http://wacker-welt.de/webadmin/
The website explains that “webadmin” is a small piece of software that allows one to remotely edit parts
of a website, upload files, etc. The main page for the webadmin control centre is called
‘webeditor.php”.
So obviously, my next step was to visit google and use the inurl tag to find webeditor.php pages that I could reach. I used
the following search string:
inurl:webeditor.php
and I found the following results:
http://orbyonline.com/php/webeditor.php
http://www-user.tu-chemnitz.de/~hkr...r/webeditor.php
http://artematrix.org/webeditor/webeditor.php
http://www.directinfo.hu/kapu/webeditor.php
All these webeditor.php files were reachable by anyone, merely because the owners failed to (correctly) protect these
pages by using .htacces. This mistake allows whomever to change the webpages on the server and thus defacing the site, uploading
files and thus possible gaining full access to the server.
In browsing through these sites I noticed that the file
that allows one to upload files is called
“file_upload.php”, which I could then search for at google and find
more examples.
http://www.hvcc.edu/~kantopet/ciss_...file_upload.php
A good example:
http://www.pelicandecals.com/admin/webeditor.php
The script allows you to change files, like in the above examples, including the index.php.
In theory one could
write or download whatever malicious script one wants, paste this code into an existing file or just upload it and well, the
consequences are obvious.
there was also a link “Return Administration” and clicking on it took me to:
http://www.pelicandecals.com/admin/administration.html
Where there were customer addresses, where one could change pricing, etc.
Content Management Systems
Content Management Systems are software programs that allow a webmaster to edit, alter and control the content of
his website. But the same goes for online control panels of websites. The idea is to find out what files are for example the
main files of these software programs. “cms.html” could be one or “panel.html” or “control.cfg”
You find out what filenames a certain package uses, you then think of a good search string and hope you strike gold.
Frontpage
Server Extensions HTML Administration Forms
“You can remotely administer the FrontPage Server Extensions from
any computer connected to the Internet by using the FrontPage Server Extensions HTML Administration Forms, a set of Web pages
that allow you to administer the FrontPage Server Extensions remotely.[3]
Well, that’s what Microsoft’s
manual has to say about it. This means, users with access to these forms are able to perform a number of administrative functions,
remotely. And that means, these forms should be well protected from non-authorized people. Now how would one go about finding
non-protected forms over the internet? The first thing we do is try to find out what files these scripts consist of. A short
visit to the Microsoft website or a peek into the frontpage manual tells us that the main page for these administration forms
is a file called “fpadmin.htm”. So that’s what we need to search for.
Now to find a correct search string
that will get us the results we want. When a default install is performed, the files get installed in a directory called “admin”.
Putting to use what we have learned about google search options and the theory behind this technique, a good search string
might be:
inurl:fpadmin.htm “index of” admin or maybe inurl:admin/fpadmin.htm
Well, these were
the results I got:
http://www.lehigh.edu/~ineduc/degre...ams/tbte/admin/
http://blackadder.eng.monash.edu.au/frontpage/admin/
http://www.lehigh.edu/collegeofeduc...ams/tbte/admin/
http://www.vsl.gifu-u.ac.jp/freeman/frontpage4/admin/
http://www.tech-geeks.org/contrib/l...033/fpadmin.htm
http://fp.nsk.fio.ru/admin/1033/fpadmin.htm
But the frontpage manual says more:
“Because of the security implications of making remote FrontPage
administration possible from Web browsers, the HTML Administration Forms are not active when they are first installed.”[3]
This means that some of these could be active and thus useful to us and some might not. There is of course, only one
way to find out and that is to perform one of the possible administrative functions and see if you get results. I for one
decided not to go that far, because it would mean breaking the law. But I’m not here to teach ethics, or at least not
today.
|
|
|
|
|
 |
|
|
|
|
Using CRACKS and KEYGENS
It's
important to read the *.NFO that comes with any of these, to get the right infomation for applying them to unlock the application.
*.NFO files can be opened with NotePad.
___________________________________________________________
Keygens
These provide the registration
info that is needed to access the application.
Sometimes this is required before, during or after installation to
unlock unlimited full access. Some applications require only a serial to unlock, other are more comprehensive in the details
required to finally unlock the application.
Some Keygens will need:
* Name: this can be fictitious
* E-mail:
this can be fictitious
* Business name: this can be fictitious
Some programs need a serial to install then generate
their own code which needs to put into the Keygen which then generates a final activation code which inturn unlocks the application.
Other programs may require a serial number which is derived from the MAC code, this is more specific to the computer that
application is installed on. Most keygens will automatically find your computers MAC code and generate the appropriate serial
to unlock the application, but in some cases you will have to find and input the MAC code into the keygen manually before
it can generate a serial.
MAC is short for Media Access Control. The MAC address is also sometimes called: the ethernet
address.
To find your MAC address for any of these O/S's:
Windows XP, 2000, and NT
Windows ME, 98, and 95
MacOS X
MacOS 9.2 running TCP/IP (Open Transport)
Linux
Solaris
SunOS
Go here:
http://www.its.caltech.edu/net/mac.html
_________________________________________________________
Patches/Cracks
These alter the *.exe file of the application concerned and sometimes
alter the information in the registry.
They are run after installation and in the installation directory where you
installed the application concerned. Sometimes they can be run from anywhere because they have the facility to allow you to
tell them where the installation directory is located.
_________________________________________________________
Loaders
These replace the applications
*.exe with the one supplied.
You need to copy the crack to the application installed directory and use it to start
the application. Usually you DO NOT remove the applications own *.exe although the loader might rename it. Loaders are less
common when cracking applications, but are still used.
__________________________________________________________
Serials
These
are the supplied registration information needed to unlock the application.
They might include info such as Name,
Company, Register number etc. and must be entered EXACTLY as supplied in the proscribed place. Often cut and paste is the
best method but occasionally you need to type in the info given. This may be during or after the applications installation.
(Just like Keygens).
Serials are commonly used – especially with new versions. The crack writers have not had
time to design and release a new crack, and software authors learn what is being posted so they “Blacklist” that
serial to prevent it working in the next version of the application.
Serials are commonly supplied with applications
posted for download.
_________________________________________________________
Registry Cracks
These can be run from anywhere after
you install the application.
They alter the information the application wrote to the registry. Registry cracks alone
are not as common but are still used. Quite often you may have to use a combination, i.e.: Registry Crack and a serial or
loader.
The supplied *.NFO file will have these details.
----------------------------------------------------------------------------------------------------------
For some reason, Hibernate isn't available from the default Shut Down dialog. But you can enable it simply enough, by holding
down the SHIFT key, then hit ENTER while the dialog is visible. Now you see it, now you don't!
Other shortcuts:
- just hit 'H'
- or make your power button do hibernate through the Power Options dialog
 |
|
----------------------------------------------------------------------------------------------
In order to speed up the Start Menu display in Windows XP, there’s a simple registry setting you can change.
Run ‘regedit’ from your command line and look for the following key:
HKEY_CURRENT_USER\Control
Panel\Desktop\MenuShowDelay
You’ll see a value here for 400, by default. Try changing this to something
smaller, like 100 or less. For maximum speed, change it to Zero.
Next, to make things even more efficient, you can
turn off the menu shadowing, by going into your Display Properties, click the Appearance tab, click Effects, and then uncheck
the option “Show menu shadow”. |
|
----------------------------------------------------------------------------------------------
TIPS TO KEEP YOUR
PC SAFE
1. Run Windows Update for Windows XP and 2000. Make sure Internet Explorer and other browsers are updated to the latest
versions.
2. Connect your computer to a hardware firewall, or run a free firewall program such as Zonealarm. This
will ensure that hackers do not intrude your computer using newly discovered Windows vulnerabilities. If you use a hardware
based firewall, make sure that only ports of services you need are enabled (such as web browsing - HTTP is port 80). Many
of the firewalls for home use allow all ports to be open by default - you turn off services by entering ranges of ports to
be blocked. (See the instruction manual of your firewall).
3. Install adware detection programs, such as Adware or
Spybot: Search and Destroy, which are free for download. Run these at least every other day if you are an active web surfer,
constantly doing research or shopping online.
4. Run anti-virus software and make sure virus definitions are set to
automatically update or you should check for updates, manually. If your anti-virus subscription has run out, uninstall it,
and install AVG Anti-Virus by www.Grisoft.com for a free personal edition (Do not run this on your work computer without paying for it!).
5. If you have an older
computer, investigate any suspicious "whirring" noises. A harddrive that is making a very loud "whirring" noise may be aging
and damaged by heat - consider replacing it soon. Also, make sure that all fans are running properly, inside, and that there
are no large collections of dust on the motherboard, PCI cards, or the fans. If so, be very careful in removing it. All power
should be turned off, including removal of the power cord, as some motherboards maintain a small charge from the power supply
even after the computer is actually turned off.
6. Run the Windows XP / 2000 disk defragmentor once per month. This
allows for data files to be stored with each segment next to each other in order, on the disk. Without defragmenting, Windows
will store data whereever it finds space, but many times it will store pieces of a data file in many different areas on a
hard drive. This is how it was designed. It is faster for Windows to store data in just anyplace it can, without having to
think about storing everything close together - that apparently would be too much logic to be used at one time and slow down
the immediate saving of files (this is *only* my guess).
7. Make sure programs and drivers are updated. If everything
seems to be working, check for driver updates once per year.
8. This is not necessarily related to your computer's
health, but before if it ever does get sick, it is good to make sure that you are getting regular backups. Try backing up
your My Documents folders and files to a CD every month and carefully label and store it away. If it seems to be too much
hassle to burn a CD, try getting a USB memory device and backup your files to this once in awhile, though these are not as
reliable as a CD backup (they are prone to problems with static electricity and breakage), they are better than no backup
at all.
9. Use a UPS (Uninteruptible Power Supply) to ensure that your computer gets good voltage and is not turned
off when the power hiccups. Also, make sure you do not turn off your computer abruptly - always go through the Start button
and shutdown or control-alt-delete, click shutdown sequence to ensure that your computer is shut down as graceful as possible. |
---------------------------------------------------------------------------------------------------------------------
|
|
|
|
