Monday, April 28, 2008
G- MAIL SEARCH SYNTEX
Gmail Search Syntax
Gmail offers a rich search syntax for routing through your email message
travel through the headers of your email message archive in search of mail sent by someone matching the keyword you provide:
from:arbabusmani@gmail.com
finds all messages sent to someone matching a provided keyword. (Don’t forget plus-addressing)
to:usmani.arbab@yahoo.com
to:hacking+books@gmail.com
Match messages with a particular subject:
subject:"hackers library"
Looks for messages with a particular label applied:
label:THL
The has: syntax has only one possible value (at least at the time of this writing): attachment. has:attachment in a query returns only messages having one or more attachments:
has:attachment
Finds messages with an attachment filename that matches a provided pattern. Used with just a file extension (e.g., pdf or txt), filename: turns up all messages with attachments of a particular type:
filename:meeting_notes.txt
filename:pdf
Returns a list of messages in a particular collection (read: folder). Acceptable values for in: are inbox, trash, spam, and anywhere (trash and spam are not included in searches unless they are explicitly included using in:trash, in:spam, or in:anywhere).
in:inbox
in:anywhere
Acceptable values for is: are starred, unread, and read, which return starred, unread, and read messages, respectively:
is:read
Finds messages carbon copied to particular recipients:
cc:arbab@gmail.com
Finds outgoing messages blind carbon copied to particular recipients.
Note that bcc: doesn’t work on any incoming mail because there’s no way to tell who’s on the bcc line:
bcc:arbab@gmail.com
Match messages sent or received before a particular date, specified in yyyy / mm / dd format. Unfortunately, partial datesyear only or year and monthdon’t find anything at all:
before:2008/10/02
Match messages sent or received on or after a particular date, specified in yyyy / mm / dd format:
after:2008/11/21
Phrase Searches
Enclose phrases in double-quotes (“) to have the Gmail search treat them as a unit to be matched exactly (case isn’t taken into account). The following query finds only accounting department reports:
Subject:"THL report"
Basic Boolean
The only Boolean operator supported by Gmail search is OR (uppercase is required). In the absence of the OR operator, AND is implicit.
The Boolean OR operator works in Gmail searches just as it does in Google Web Search: specify that any one word or phrase is acceptable by putting an OR between each, such as in this query, which finds all messages from the boss or messages with subjects marked as urgent:
from:arbabusmani@gmail.com OR subject:pictures
Negation
The negation operator ( ) also works as it does in Google Web Search, excluding messages matching the negated keyword or operator : keyword pair. So the following query turns up all messages to Example
to:@gmail.com -from:alert@
Grouping
Parentheses are used a little strangely in Gmail queries. When enclosing a set of words, they specify that each word must be found to be considered a match. So the following matches messages sent to both dev and THL:
to:(dev THL)
Throwing in an OR allows optional matches while being explicit about groups of options; while we humans tend to be able to parse precedence without the need of parentheses, search engines require a little more help. The following query finds all messages sent to arbab about posts or THL:
to:arbab subject:(posts OR THL)
mix search query for more fun
ALL DOS COMMANDS
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the dateDcomcnfg
DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Conditionally perform a command several times
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP Online Help
HFNETCHK Network Security Hotfix Checker
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure
IPKILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by
PUSHDPORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Begin localisation of environment changes in a batch file
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnosticsII
WMICWMI Commands
XCACLS Change file permissions
XCOPY Copy files and foldersi recommend
for all dos commands visithttp://www.ss64.com/nt/
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the dateDcomcnfg
DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Conditionally perform a command several times
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP Online Help
HFNETCHK Network Security Hotfix Checker
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure
IPKILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by
PUSHDPORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Begin localisation of environment changes in a batch file
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnosticsII
WMICWMI Commands
XCACLS Change file permissions
XCOPY Copy files and foldersi recommend
for all dos commands visithttp://www.ss64.com/nt/
HACKING MOBILE PHONE ADDRESS BOOK
Hacking Mobile Phone's Address Book (Only for Blue tooth enabled sets.)
You can replace or modify the victim mobile phone's address book by using the following steps:- (a) Create a new address book entry. Try to keep the list of contact names same as in victim's address book. If you have no idea about victim mobile phone's address book then try some common words like Work or Office or Mobile or Home etc...(Whatever in your mind....) (b) Sent this newly created address book to the victim mobile phone via Blue tooth. (c) As soon as the victim accepts the blue tooth message, it shall replace the existing entry with the new information. This is also know as "Blue Jacking" or simply a "Blue Jack Attack"
Related Software : Free Jack. Source : click here
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
You can replace or modify the victim mobile phone's address book by using the following steps:- (a) Create a new address book entry. Try to keep the list of contact names same as in victim's address book. If you have no idea about victim mobile phone's address book then try some common words like Work or Office or Mobile or Home etc...(Whatever in your mind....) (b) Sent this newly created address book to the victim mobile phone via Blue tooth. (c) As soon as the victim accepts the blue tooth message, it shall replace the existing entry with the new information. This is also know as "Blue Jacking" or simply a "Blue Jack Attack"
Related Software : Free Jack. Source : click here
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
HACKING C++ FROM C
For a long time, LiveDictionary used deeply unwholesome methods to do its work. Version 1.2.5, just released, now uses nothing but public methods. This means vastly improved stability, but it also means that LiveDictionary's evil WebKit text grabber, once considered the app's crown jewels, is no longer useful. I'm going to use it as an object lesson on how to do evil things with C++ applications from pure C.
Motivation
This code was initially developed over the course of about one week, and then took approximately two months of debugging before it became stable. Since then Apple has broken it several times with Safari updates, with the changes required being anything from a simple change of offsets to a large re-engineering of the function.
The prototype of the function is thus: void LiveDict_1_3_WebViewGetTextAtPoint(id webHTMLView, NSPoint point, NSString **text, int *offset) Given an instance of a WebHTMLView (the thing inside a WebView that does all the work) and a point, the function is to return the text at that point, and the offset into that text which represents where that point is located inside it. This is then used to look up the appropriate word in LiveDictionary. (The 1_3 thing is a version numbering scheme so it doesn't conflict with nearly identical functions made for other versions of Safari.)
You would think that this would be easy, but at the time I originally wrote this function, there was no public way to obtain this information. Obviously there is some way to do it, since WebKit itself does it, for example when you drag to select some text. So I dove into WebCore to see how it was done.
]
After much digging, I found the KHTMLPart class which has a method called isPointInsideSelection that does basically the same thing. I ripped out the bits I didn't need and came up with the following C++ code:
id bridge = [webHTMLView _bridge];
KWQKHTMLPart *part = [bridge part];
DocumentImpl *impl = part->xmlDocImpl();
khtml::RenderObject *r = impl->renderer();
khtml::RenderObject::NodeInfo nodeInfo(true, true);
r->layer()->hitTest(nodeInfo, (int)location.x, (int)location.y);
NodeImpl *nodeImpl = nodeInfo.innerNonSharedNode();
if(!nodeImpl || !nodeImpl->renderer() || !nodeImpl->renderer()->isText())
return;
Position position = innerNode->positionForCoordinates(absXPos - renderXPos, absYPos - renderYPos);
Not too bad, right? Most of the code is just drilling down to the object I need to interrogate, and then asking it. (There's a little bit at the end to get the actual text of the node that I left off.)
But... I can't just write that code. All of these classes are private and buried in WebCore so I can't link against them. I can't just copy the headers because that still requires linking against them. So I decided to replicate the entire thing in C.
The only thing is, it's a bit complicated to do from C. The entire file, which contains nothing but the above function, its support functions, and comments, is 340 lines long. Over 10kB of source code just to replicate that straightforward C++. I'm going to show you exactly how it's done.
Virtual Reality
As you probably know, C++ has two types of methods (C++-ites like to call them "member functions", but that's not the sort of foolishness you'll see me spouting), virtual methods and the regular kind. Virtual methods are like the methods in other OO languages, in that the implementation is looked up at runtime. The regular kind is this weird abomination where the implementation is looked up entirely at compile time based on the declared type of the object. Since these two types of methods act so differently, we have to invoke them differently when we're hacking from C.
Static Hiss
Regular C++ methods are pretty easy to call from C, as long as you can get a pointer to them. They're actually just regular C functions with funny names and a single implicit parameter (this). So, for example, the xmlDocImpl method is non-virtual. Declared as a function pointer, it looks like: void * (*KHTMLPart_xmlDocImplP)(void *); You'll see a lot of void * in this article. This is because I completely don't care about types; if I'm slinging pointers around, I'll just use void * for convenience. So here we see that it returns a pointer, and takes a single parameter, the implicit this pointer. If I've assigned the function pointer to the right value, then I can perform the equivalent call from C as:
void *xmlDocImpl = KHTMLPart_xmlDocImplP(part);
The only remaining piece is to get the right pointer. Here, I use the APEFindSymbol function from Unsanity's APELite. (Note that this function requires having the mach_header of WebCore; getting this is left as an exercise for the reader.) All you have to know is the symbol name, which is easy to find by just dumping the symbols in WebCore using nm and looking for one that seems to fit. The code is:
KHTMLPart_xmlDocImplP = APEFindSymbol(header, "__ZNK9KHTMLPart10xmlDocImplEv");
And that's all there is to it. The C++ code contains two other references to non-virtual methods, the renderer method, and the hitTest method. They are used similarly.
Static Interference
Unlike certain other dynamic languages, C++ allows for stack-allocated objects. The NodeInfo instance is an example of this. Creating a stack object translates to C fairly directly. First you need to allocate space, which is done by creating a struct with the right memory layout. Then you need to construct the object by calling its constructor. However, in this case, I noticed that the constructor does nothing but set everything to zero. I don't know exactly what is in a NodeInfo but I know that it's five pointers. So my NodeInfo declaration in C looks like this:
struct NodeInfoStruct {
void *dummy1, *dummy2, *dummy3, *dummy4, *dummy5;
} nodeInfo = {0};
Of course if WebCore's NodeInfo definition ever changes significantly I'll be in a world of hurt. Oddly enough this never happened, though....
Inline Fun
C++ also likes inline methods that are declared in the header. I, however, hate them because they don't actually get a symbol in the built library. This means that their implementation is something I can't invoke. However, I can see what they do and copy them. The renderer method is one of these. All it does is return an instance variable of the object. So I just figured out the offset of that instance variable and ripped it out. It turns out that it's 22 pointer-sizes into the object, so my replacement function is just:
static void *Function_DocumentImpl_renderer(void *obj)
{
void **objLayoutPtr = obj;
return objLayoutPtr[22];
}
Ugly but effective. Again, if the internal layout of the object ever changes then I'm screwed, but this never happened.
Virtually Impossible
Unfortunately calling virtual methods is ever so slightly harder. I'll cover the theory first, then get into how to call them.
A C++ object that contains virtual methods has as its first four bytes a pointer to its class's vtable. A vtable is a big array of function pointers which exists on a per-class basis. Each virtual method is assigned an index in this table. A virtual method is invoked by indexing into the vtable, getting the function pointer, and then calling it.
Once you have a pointer to it, a virtual method works just like a non-virtual method, in that it looks like a C function with an extra parameter stuck on the front. So a function that does all this work to invoke the correct implementation looks like this:
static void *RenderObject_layer(void *obj)
{
const int layerVtableOffset = 7;
typedef void *(*LayerFptr)(void *);
LayerFptr **fakeObj = obj;
LayerFptr fptr = fakeObj[0][layerVtableOffset];
return fptr(obj);
}
There is a constant for the vtable offset, and a typedef for the function pointer that will be invoked. Next I treat the object as if it were just a vtable, since I don't care about the other parts of it. Then I just index into the object to get the vtable, index into the vtable to get the function pointer, and finally invoke it.
Debugger? What's That?
Now if you've been paying close attention, right about now you're thinking, "Where did he get that 7 from?" And a very good question that is!
The answer is basically trial and error. From looking at the headers you can count the virtual methods and make a guess, but this is unreliable. Virtual methods get laid out in the order that the compiler encounters them, so you can just count them off starting from the very first method in the highest superclass, working your way down, and find the offset.
The trouble with that approach is two-fold. First, people suck at counting, especially when you're counting stuff in mountains of evil C++. Second, if you get it wrong, you'll crash in horrible and weird ways. You'll be invoking a completely different function which probably takes completely different arguments and returns a completely different values. Debugging that error will not be fun; this is already difficult enough as it is, without adding another layer of undebuggability. So ideally we'd want to come up with a guess, and then check it. We can use our friend the debugger to tell us what the offset is.
I set a breakpoint in a location where I had a pointer to the object I wanted to investigate. In this case it's obj, which is a RenderObject (or an instance of a subclass). I'll find the offset of the layer function that I used in the previous example.
(gdb) p obj
$1 = (void *) 0x55127c0 Here we can see the object as a plain old void *. We'll have to do some creative casting to dig into it. (gdb) p *(void **)obj
$2 = (void *) 0xa5ca0e38 There's the vtable. (gdb) p **(void ***)obj
$3 = (void *) 0x95e5deb0 And that's the first entry in the vtable. But it's just another address, not very informative. (gdb) p /a 0x95e5deb0
$5 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Ah hah! If we tell gdb to format it as an address (the /a thing) then it looks up the symbol. And so now we know that the function at offset 0 is "_ZN5khtml12RenderCanvasD1Ev". That's probably a constructor or something of that nature. (gdb) p /a (*(void ***)obj)[0]
$6 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Here's a nicer way to look into the vtable. Instead of chasing pointers and manually printing addresses, I'll grab the vtable and then treat it like an array. I don't want to manually print off vtable entries until I find the right one, so I'm going to see if I can get gdb to print a bunch of them for me.
(gdb) set $i = 0
(gdb) p /a (*(void ***)obj)[$i]
$7 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Better, it will print the entry at the index in $i. Now I just need a loop. (gdb) while $i < 10
>print $i
>p /a (*(void ***)obj)[$i]
>set $i = $i + 1
>end
$29 = 0
$30 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev>
$31 = 1
$32 = 0x95d5e130 <_ZN5khtml12RenderCanvasD0Ev>
$33 = 2
$34 = 0x95cef53c <_ZN5khtml12RenderObject9setPixmapERK7QPixmapRK5QRectPNS_11CachedImageE>
$35 = 3
$36 = 0x95e31ea8 <_ZN5khtml18CachedObjectClient13setStyleSheetERKN3DOM9DOMStringES4_>
$37 = 4
$38 = 0x95cef538 <_ZN5khtml18CachedObjectClient14notifyFinishedEPNS_12CachedObjectE>
$39 = 5
$40 = 0x95f1e24c <_ZNK5khtml15RenderContainer10firstChildEv>
$41 = 6
$42 = 0x95f1e254 <_ZNK5khtml15RenderContainer9lastChildEv>
$43 = 7
$44 = 0x95f1dd80 <_ZNK5khtml9RenderBox5layerEv>
$45 = 8
$46 = 0x95f1d7a0 <_ZN5khtml12RenderObject19positionChildLayersEv>
$47 = 9
$48 = 0x95c9d7b8 <_ZN5khtml12RenderObject13requiresLayerEv>
The number 10 was arbitrary, somewhat informed by my guessing from reading the headers. You can keep going higher if you don't find it. But in this case we hit the jackpot; we see a function called layer at offset 7. And that is the story of the 7 in the vtable example above.
Insects and Other Horrors
This isn't exactly a technique to use, but it's a cautionary tale. One of the C++ lines reads:
Position position = innerNode->positionForCoordinates(absXPos - renderXPos, absYPos - renderYPos); This gets translated into C as: struct DOMPosition position = RenderObject_positionForCoordinatesP(parentRenderer, absXPos /*- renderXPos*/, absYPos /*- renderYPos*/); The original definition of struct DOMPosition was: struct DOMPosition {
void *m_node;
long m_offset;
};
This worked fine for a long time, but this past winter it came time to make a Universal binary of LiveDictionary. I groveled through the source code, checked it over with a fine-toothed comb, made sure all of my endians were swapped, and then sent off a build to somebody with an actual Intel Mac. And of course, it crashed almost instantly. And as I'm sure you've guessed, it crashed on that very line.
I spent a while not finding very much, just verifying that the PPC and Intel versions were doing the same thing. This line was suspicious because it's the only hacked C++ method that returns a struct.
On PPC, struct returns are done by using an implicit parameter and returning by reference. If you write this:
struct Point p = Function(x);
It gets translated internally to something like this:
struct Point p;
Function(&p, x);
With the return being done by having Function write to the struct via this implicit first parameter.
I thought that Intel might be different, and it is just a little bit. It turns out that on Intel, this convention is only used for structs that are longer than 8 bytes. Small structs are returned just like primitives. But still, there was no difference in calling convention between C functions and C++ methods, so things should still work even if this struct was only 8 bytes.
After some more digging I discovered the problem. At some point, DOMPosition had gained a third member. Doh! My struct was 4 bytes too short. It had continued to work on PPC through sheer luck; either the new member wasn't used, or the four bytes following the struct on the stack were something that could be harmlessly overwritten. But on Intel, those extra 4 bytes were enough to push the function over the edge; WebCore was returning the struct using the implicit parameter, but LiveDictionary was expecting a normal return, and so wasn't passing an implicit parameter. The result was a nasty crash.
The latest definition of the struct looks like:
struct DOMPosition {
void *m_node;
long m_offset;
int m_affinity;
};
With that fix, the Intel build worked fine.
Conclusions
Hacking on private C++ classes is harrowing and dangerous but doable. With the proper care, it can form the backbone of a whole application, so long as frequent updates are part of the plan, and the application is suitably paranoid. LiveDictionary would put up a very dire warning and disable itself by default if it detected a version of Safari that was newer than what it knew about. While I recommend this as the absolute last resort, and all other avenues should be explored first, it can be done if it's necessary.
Motivation
This code was initially developed over the course of about one week, and then took approximately two months of debugging before it became stable. Since then Apple has broken it several times with Safari updates, with the changes required being anything from a simple change of offsets to a large re-engineering of the function.
The prototype of the function is thus: void LiveDict_1_3_WebViewGetTextAtPoint(id webHTMLView, NSPoint point, NSString **text, int *offset) Given an instance of a WebHTMLView (the thing inside a WebView that does all the work) and a point, the function is to return the text at that point, and the offset into that text which represents where that point is located inside it. This is then used to look up the appropriate word in LiveDictionary. (The 1_3 thing is a version numbering scheme so it doesn't conflict with nearly identical functions made for other versions of Safari.)
You would think that this would be easy, but at the time I originally wrote this function, there was no public way to obtain this information. Obviously there is some way to do it, since WebKit itself does it, for example when you drag to select some text. So I dove into WebCore to see how it was done.
]
After much digging, I found the KHTMLPart class which has a method called isPointInsideSelection that does basically the same thing. I ripped out the bits I didn't need and came up with the following C++ code:
id bridge = [webHTMLView _bridge];
KWQKHTMLPart *part = [bridge part];
DocumentImpl *impl = part->xmlDocImpl();
khtml::RenderObject *r = impl->renderer();
khtml::RenderObject::NodeInfo nodeInfo(true, true);
r->layer()->hitTest(nodeInfo, (int)location.x, (int)location.y);
NodeImpl *nodeImpl = nodeInfo.innerNonSharedNode();
if(!nodeImpl || !nodeImpl->renderer() || !nodeImpl->renderer()->isText())
return;
Position position = innerNode->positionForCoordinates(absXPos - renderXPos, absYPos - renderYPos);
Not too bad, right? Most of the code is just drilling down to the object I need to interrogate, and then asking it. (There's a little bit at the end to get the actual text of the node that I left off.)
But... I can't just write that code. All of these classes are private and buried in WebCore so I can't link against them. I can't just copy the headers because that still requires linking against them. So I decided to replicate the entire thing in C.
The only thing is, it's a bit complicated to do from C. The entire file, which contains nothing but the above function, its support functions, and comments, is 340 lines long. Over 10kB of source code just to replicate that straightforward C++. I'm going to show you exactly how it's done.
Virtual Reality
As you probably know, C++ has two types of methods (C++-ites like to call them "member functions", but that's not the sort of foolishness you'll see me spouting), virtual methods and the regular kind. Virtual methods are like the methods in other OO languages, in that the implementation is looked up at runtime. The regular kind is this weird abomination where the implementation is looked up entirely at compile time based on the declared type of the object. Since these two types of methods act so differently, we have to invoke them differently when we're hacking from C.
Static Hiss
Regular C++ methods are pretty easy to call from C, as long as you can get a pointer to them. They're actually just regular C functions with funny names and a single implicit parameter (this). So, for example, the xmlDocImpl method is non-virtual. Declared as a function pointer, it looks like: void * (*KHTMLPart_xmlDocImplP)(void *); You'll see a lot of void * in this article. This is because I completely don't care about types; if I'm slinging pointers around, I'll just use void * for convenience. So here we see that it returns a pointer, and takes a single parameter, the implicit this pointer. If I've assigned the function pointer to the right value, then I can perform the equivalent call from C as:
void *xmlDocImpl = KHTMLPart_xmlDocImplP(part);
The only remaining piece is to get the right pointer. Here, I use the APEFindSymbol function from Unsanity's APELite. (Note that this function requires having the mach_header of WebCore; getting this is left as an exercise for the reader.) All you have to know is the symbol name, which is easy to find by just dumping the symbols in WebCore using nm and looking for one that seems to fit. The code is:
KHTMLPart_xmlDocImplP = APEFindSymbol(header, "__ZNK9KHTMLPart10xmlDocImplEv");
And that's all there is to it. The C++ code contains two other references to non-virtual methods, the renderer method, and the hitTest method. They are used similarly.
Static Interference
Unlike certain other dynamic languages, C++ allows for stack-allocated objects. The NodeInfo instance is an example of this. Creating a stack object translates to C fairly directly. First you need to allocate space, which is done by creating a struct with the right memory layout. Then you need to construct the object by calling its constructor. However, in this case, I noticed that the constructor does nothing but set everything to zero. I don't know exactly what is in a NodeInfo but I know that it's five pointers. So my NodeInfo declaration in C looks like this:
struct NodeInfoStruct {
void *dummy1, *dummy2, *dummy3, *dummy4, *dummy5;
} nodeInfo = {0};
Of course if WebCore's NodeInfo definition ever changes significantly I'll be in a world of hurt. Oddly enough this never happened, though....
Inline Fun
C++ also likes inline methods that are declared in the header. I, however, hate them because they don't actually get a symbol in the built library. This means that their implementation is something I can't invoke. However, I can see what they do and copy them. The renderer method is one of these. All it does is return an instance variable of the object. So I just figured out the offset of that instance variable and ripped it out. It turns out that it's 22 pointer-sizes into the object, so my replacement function is just:
static void *Function_DocumentImpl_renderer(void *obj)
{
void **objLayoutPtr = obj;
return objLayoutPtr[22];
}
Ugly but effective. Again, if the internal layout of the object ever changes then I'm screwed, but this never happened.
Virtually Impossible
Unfortunately calling virtual methods is ever so slightly harder. I'll cover the theory first, then get into how to call them.
A C++ object that contains virtual methods has as its first four bytes a pointer to its class's vtable. A vtable is a big array of function pointers which exists on a per-class basis. Each virtual method is assigned an index in this table. A virtual method is invoked by indexing into the vtable, getting the function pointer, and then calling it.
Once you have a pointer to it, a virtual method works just like a non-virtual method, in that it looks like a C function with an extra parameter stuck on the front. So a function that does all this work to invoke the correct implementation looks like this:
static void *RenderObject_layer(void *obj)
{
const int layerVtableOffset = 7;
typedef void *(*LayerFptr)(void *);
LayerFptr **fakeObj = obj;
LayerFptr fptr = fakeObj[0][layerVtableOffset];
return fptr(obj);
}
There is a constant for the vtable offset, and a typedef for the function pointer that will be invoked. Next I treat the object as if it were just a vtable, since I don't care about the other parts of it. Then I just index into the object to get the vtable, index into the vtable to get the function pointer, and finally invoke it.
Debugger? What's That?
Now if you've been paying close attention, right about now you're thinking, "Where did he get that 7 from?" And a very good question that is!
The answer is basically trial and error. From looking at the headers you can count the virtual methods and make a guess, but this is unreliable. Virtual methods get laid out in the order that the compiler encounters them, so you can just count them off starting from the very first method in the highest superclass, working your way down, and find the offset.
The trouble with that approach is two-fold. First, people suck at counting, especially when you're counting stuff in mountains of evil C++. Second, if you get it wrong, you'll crash in horrible and weird ways. You'll be invoking a completely different function which probably takes completely different arguments and returns a completely different values. Debugging that error will not be fun; this is already difficult enough as it is, without adding another layer of undebuggability. So ideally we'd want to come up with a guess, and then check it. We can use our friend the debugger to tell us what the offset is.
I set a breakpoint in a location where I had a pointer to the object I wanted to investigate. In this case it's obj, which is a RenderObject (or an instance of a subclass). I'll find the offset of the layer function that I used in the previous example.
(gdb) p obj
$1 = (void *) 0x55127c0 Here we can see the object as a plain old void *. We'll have to do some creative casting to dig into it. (gdb) p *(void **)obj
$2 = (void *) 0xa5ca0e38 There's the vtable. (gdb) p **(void ***)obj
$3 = (void *) 0x95e5deb0 And that's the first entry in the vtable. But it's just another address, not very informative. (gdb) p /a 0x95e5deb0
$5 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Ah hah! If we tell gdb to format it as an address (the /a thing) then it looks up the symbol. And so now we know that the function at offset 0 is "_ZN5khtml12RenderCanvasD1Ev". That's probably a constructor or something of that nature. (gdb) p /a (*(void ***)obj)[0]
$6 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Here's a nicer way to look into the vtable. Instead of chasing pointers and manually printing addresses, I'll grab the vtable and then treat it like an array. I don't want to manually print off vtable entries until I find the right one, so I'm going to see if I can get gdb to print a bunch of them for me.
(gdb) set $i = 0
(gdb) p /a (*(void ***)obj)[$i]
$7 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev> Better, it will print the entry at the index in $i. Now I just need a loop. (gdb) while $i < 10
>print $i
>p /a (*(void ***)obj)[$i]
>set $i = $i + 1
>end
$29 = 0
$30 = 0x95e5deb0 <_ZN5khtml12RenderCanvasD1Ev>
$31 = 1
$32 = 0x95d5e130 <_ZN5khtml12RenderCanvasD0Ev>
$33 = 2
$34 = 0x95cef53c <_ZN5khtml12RenderObject9setPixmapERK7QPixmapRK5QRectPNS_11CachedImageE>
$35 = 3
$36 = 0x95e31ea8 <_ZN5khtml18CachedObjectClient13setStyleSheetERKN3DOM9DOMStringES4_>
$37 = 4
$38 = 0x95cef538 <_ZN5khtml18CachedObjectClient14notifyFinishedEPNS_12CachedObjectE>
$39 = 5
$40 = 0x95f1e24c <_ZNK5khtml15RenderContainer10firstChildEv>
$41 = 6
$42 = 0x95f1e254 <_ZNK5khtml15RenderContainer9lastChildEv>
$43 = 7
$44 = 0x95f1dd80 <_ZNK5khtml9RenderBox5layerEv>
$45 = 8
$46 = 0x95f1d7a0 <_ZN5khtml12RenderObject19positionChildLayersEv>
$47 = 9
$48 = 0x95c9d7b8 <_ZN5khtml12RenderObject13requiresLayerEv>
The number 10 was arbitrary, somewhat informed by my guessing from reading the headers. You can keep going higher if you don't find it. But in this case we hit the jackpot; we see a function called layer at offset 7. And that is the story of the 7 in the vtable example above.
Insects and Other Horrors
This isn't exactly a technique to use, but it's a cautionary tale. One of the C++ lines reads:
Position position = innerNode->positionForCoordinates(absXPos - renderXPos, absYPos - renderYPos); This gets translated into C as: struct DOMPosition position = RenderObject_positionForCoordinatesP(parentRenderer, absXPos /*- renderXPos*/, absYPos /*- renderYPos*/); The original definition of struct DOMPosition was: struct DOMPosition {
void *m_node;
long m_offset;
};
This worked fine for a long time, but this past winter it came time to make a Universal binary of LiveDictionary. I groveled through the source code, checked it over with a fine-toothed comb, made sure all of my endians were swapped, and then sent off a build to somebody with an actual Intel Mac. And of course, it crashed almost instantly. And as I'm sure you've guessed, it crashed on that very line.
I spent a while not finding very much, just verifying that the PPC and Intel versions were doing the same thing. This line was suspicious because it's the only hacked C++ method that returns a struct.
On PPC, struct returns are done by using an implicit parameter and returning by reference. If you write this:
struct Point p = Function(x);
It gets translated internally to something like this:
struct Point p;
Function(&p, x);
With the return being done by having Function write to the struct via this implicit first parameter.
I thought that Intel might be different, and it is just a little bit. It turns out that on Intel, this convention is only used for structs that are longer than 8 bytes. Small structs are returned just like primitives. But still, there was no difference in calling convention between C functions and C++ methods, so things should still work even if this struct was only 8 bytes.
After some more digging I discovered the problem. At some point, DOMPosition had gained a third member. Doh! My struct was 4 bytes too short. It had continued to work on PPC through sheer luck; either the new member wasn't used, or the four bytes following the struct on the stack were something that could be harmlessly overwritten. But on Intel, those extra 4 bytes were enough to push the function over the edge; WebCore was returning the struct using the implicit parameter, but LiveDictionary was expecting a normal return, and so wasn't passing an implicit parameter. The result was a nasty crash.
The latest definition of the struct looks like:
struct DOMPosition {
void *m_node;
long m_offset;
int m_affinity;
};
With that fix, the Intel build worked fine.
Conclusions
Hacking on private C++ classes is harrowing and dangerous but doable. With the proper care, it can form the backbone of a whole application, so long as frequent updates are part of the plan, and the application is suitably paranoid. LiveDictionary would put up a very dire warning and disable itself by default if it detected a version of Safari that was newer than what it knew about. While I recommend this as the absolute last resort, and all other avenues should be explored first, it can be done if it's necessary.
GOOGLE SEARCH HACKING
Well if u ask me this is the best Part " how to Search ",Anyone anywhere needs something out of the great "www", now if u know how to grab hold to "something" in one click that is the skill, this article henceforth is one of my best my best, n especially crafted to meet all your needs !!
Google Operators:
Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators:
+, -, ~ , ., *, “”, |,
OR
Advanced Operators:
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators !!
(+) force inclusion of something common
Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple –red
(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators
(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard
Advanced Operators: “Site:”
Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
Examples:
site:http://shaswat.bravehost.com
Advanced Operators: “Filetype:”
Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.
Example: Budget filetype: xls
Advanced Operators “Intitle:”
Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists
Example:
Find directory list:
Intitle: Index.of “parent directory”
Advanced Operators “Inurl:”
Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
Advanced Operators “Intext;”
Intext: search_term
Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.
Examples:
Intext: Administrator login
Allintext: Administrator login
Advanced Operators: “Cache:”
Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the old information might be found in cache
Examples:
Cache: http://shaswat.bravehost.com
Advanced Operators
..
Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
Advanced Operators: “Daterange:”
Daterange:-
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122
Examples:
2004.07.10=2453196
2004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
Advanced Operators “Link:”
Link: URL
Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL
Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various online sources
Examples:
Link: shaswat.bravehost.com
Related: shaswat.bravehost.com
Info: shaswat.bravehost.com
Define: Network security
Advanced Operators “phonebook:”
Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only
Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A
But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy
So how but if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.
http://shaswat.bravehost.com
Salary
Salary filetype: xls site: edu
Security social insurance number
Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls
Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)
Financial Information
Intitle: “Index of” finances.xls (9)
Personal Mailbox
Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files
“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page
OS Detection-Windows
“Microsoft-IIS/5.0 server at”
OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0
OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead
OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords
Search the well known password filenames in URL
Search the database connection files or configuration files to find a password and username
Search specific username file for a specific product
Search Passwords
Inurl: etc inurl: passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Inurl: admin.pwd filetype: pwd
Search Passwords
Filetype: inc dbconn
Search Passwords
Filetype: inc intext: mysql_connect
Search Passwords
Filetype: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords
Filetype: log inurl: “password.log”
Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”
License Key
Filetype: lic lic intext: key (33) (license key)
Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names
Sensitive Directories Listing
“index of cgi-bin” (3590)
Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)
Sensitive Directories Listing
Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)
1) Go to Google.
2) Use Keyword as "Product name" 94FBR
3) Where, "Product Name" is the name of the item you want to find the serial number for.
4) And voila - there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.
See these example searches:
Code:
"Photoshop 7"+94FBR
"Age of Mythology"+94FBR
"Nero Burning Rom 5.5"+94FBR
Google Operators:
Operators are used to refine the results and to maximize the search value. They are your tools as well as ethical hackers’ weapons
Basic Operators:
+, -, ~ , ., *, “”, |,
OR
Advanced Operators:
allintext:, allintitle:, allinurl:, bphonebook:, cache:, define:, filetype:, info:, intext:, intitle:, inurl:, link:, phonebook:, related:, rphonebook:, site:, numrange:, daterange
Basic Operators !!
(+) force inclusion of something common
Google ignores common words (where, how, digit, single letters) by default:
Example: StarStar Wars Episode +I
(-) exclude a search term
Example: apple –red
(“) use quotes around a search term to search exact phrases:
Example: “Robert Masse”
Robert masse without “” has the 309,000 results, but “robert masse” only has 927 results. Reduce the 99% irrelevant results
Basic Operators
(~) search synonym:
Example: ~food
Return the results about food as well as recipe, nutrition and cooking information
( . ) a single-character wildcard:
Example: m.trix
Return the results of M@trix, matrix, metrix…….
( * ) any word wildcard
Advanced Operators: “Site:”
Site: Domain_name
Find Web pages only on the specified domain. If we search a specific site, usually we get the Web structure of the domain
Examples:
site:http://shaswat.bravehost.com
Advanced Operators: “Filetype:”
Filetype: extension_type
Find documents with specified extensions
The supported extensions are:
- HyperText Markup Language (html) - Microsoft PowerPoint (ppt)
- Adobe Portable Document Format (pdf) - Microsoft Word (doc)
- Adobe PostScript (ps) - Microsoft Works (wks, wps, wdb)
- Lotus 1-2-3 - Microsoft Excel (xls)
(wk1, wk2, wk3, wk4, wk5, wki, wks, wku) - Microsoft Write (wri)
- Lotus WordPro (lwp) - Rich Text Format (rtf)
- MacWrite (mw) - Shockwave Flash (swf)
- Text (ans, txt)
Note: We actually can search asp, php and cgi, pl files as long as it is text-compatible.
Example: Budget filetype: xls
Advanced Operators “Intitle:”
Intitle: search_term
Find search term within the title of a Webpage
Allintitle: search_term1 search_term2 search_term3
Find multiple search terms in the Web pages with the title that includes all these words
These operators are specifically useful to find the directory lists
Example:
Find directory list:
Intitle: Index.of “parent directory”
Advanced Operators “Inurl:”
Inurl: search_term
Find search term in a Web address
Allinurl: search_term1 search_term2 search_term3
Find multiple search terms in a Web address
Examples:
Inurl: cgi-bin
Allinurl: cgi-bin password
Advanced Operators “Intext;”
Intext: search_term
Find search term in the text body of a document.
Allintext: search_term1 search_term2 search_term3
Find multiple search terms in the text body of a document.
Examples:
Intext: Administrator login
Allintext: Administrator login
Advanced Operators: “Cache:”
Cache: URL
Find the old version of Website in Google cache
Sometimes, even the site has already been updated, the old information might be found in cache
Examples:
Cache: http://shaswat.bravehost.com
Advanced Operators
Conduct a number range search by specifying two numbers, separated by two periods, with no spaces. Be sure to specify a unit of measure or some other indicator of what the number range represents
Examples:
Computer $500..1000
DVD player $250..350
Advanced Operators: “Daterange:”
Daterange:
Find the Web pages between start date and end date
Note: start_date and end date use the Julian date
The Julian date is calculated by the number of days since January 1, 4713 BC. For example, the Julian date for August 1, 2001 is 2452122
Examples:
2004.07.10=2453196
2004.08.10=2453258
Vulnerabilities date range: 2453196-2453258
Advanced Operators “Link:”
Link: URL
Find the Web pages having a link to the specified URL
Related: URL
Find the Web pages that are “similar” to the specified Web page
info: URL
Present some information that Google has about that Web page
Define: search_term
Provide a definition of the words gathered from various online sources
Examples:
Link: shaswat.bravehost.com
Related: shaswat.bravehost.com
Info: shaswat.bravehost.com
Define: Network security
Advanced Operators “phonebook:”
Phonebook
Search the entire Google phonebook
rphonebook
Search residential listings only
bphonebook
Search business listings only
Examples:
Phonebook: robert las vegas (robert in Las Vegas)
Phonebook: (702) 944-2001 (reverse search, not always work)
The phonebook is quite limited to U.S.A
But the Question rises What can Google can do for an Ethical Hacker?
Search sensitive information like payroll, SIN, even the personal email box
Vulnerabilities scanner
Transparent proxy
So how but if i tell u a different way to search
k lets do this type in the following statements n c d results
we can only provide u the guidelines, now u need to implement your Creativity to Keep it rolling.
http://shaswat.bravehost.com
Salary
Salary filetype: xls site: edu
Security social insurance number
Intitle: Payroll intext: ssn filetype: xls site: edu
Security Social Insurance Number
Payroll intext: Employee intext: ssn Filetype: xls
Filetype: xls “checking account” “credit card” - intext: Application -intext:
Form (only 39 results)
Financial Information
Intitle: “Index of” finances.xls (9)
Personal Mailbox
Intitle: Index.of inurl: Inbox (inurl: User OR inurl: Mail) (220)
Confidential Files
“not for distribution” confidential (1,760)
Confidential Files
“not for distribution” confidential filetype: pdf (marketing info) (456)
OS Detection
Use the keywords of the default installation page of a Web server to search.
Use the title to search
Use the footer in a directory index page
OS Detection-Windows
“Microsoft-IIS/5.0 server at”
OS Detection - Windows
Default web page?
Intitle: “Welcome to Windows 2000 Internet Services” IIS 5.0
OS Detection –Apache 1.3.11-1.3.26
Intitle: Test.Page.for.Apache seeing.this.instead
OS Detection-Apache SSL enable
Intitle: Test.page “SSL/TLS-aware” (127)
Search Passwords
Search the well known password filenames in URL
Search the database connection files or configuration files to find a password and username
Search specific username file for a specific product
Search Passwords
Inurl: etc inurl: passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Intitle: “Index of..etc” passwd
Search Passwords
Inurl: admin.pwd filetype: pwd
Search Passwords
Filetype: inc dbconn
Search Passwords
Filetype: inc intext: mysql_connect
Search Passwords
Filetype: ini +ws_ftp +pwd (get the encrypted passwords)
Search Passwords
Filetype: log inurl: “password.log”
Search Username
+intext: "webalizer" +intext: “Total Usernames” +intext: “Usage Statistics for”
License Key
Filetype: lic lic intext: key (33) (license key)
Sensitive Directories Listing
Powerful buzz word: Index of
Search the well known vulnerable directories names
Sensitive Directories Listing
“index of cgi-bin” (3590)
Sensitive Directories Listing
Intitle: “Index of” cfide (coldfusion directory)
Sensitive Directories Listing
Intitle: index.of.winnt
Get the serial number you need ! (For Certain Things)
1) Go to Google.
2) Use Keyword as "Product name" 94FBR
3) Where, "Product Name" is the name of the item you want to find the serial number for.
4) And voila - there you go - the serial number you needed.
HOW DOES THIS WORK?
Quite simple really. 94FBR is part of a Office 2000 Pro cd key that is widely distributed as it bypasses the activation requirements of Office 2K Pro. By searching for the product name and 94fbr, you guarantee two things. 1) The pages that are returned are pages dealing specifically with the product you're wanting a serial for. 2) Because 94FBR is part of a serial number, and only part of a serial number, you guarantee that any page being returned is a serial number list page.
See these example searches:
Code:
"Photoshop 7"+94FBR
"Age of Mythology"+94FBR
"Nero Burning Rom 5.5"+94FBR
DESKTOP HACKING
1] Your Pc Must have 256MB RAM , 512 MB Cache , Intel Pentium 4 Processor, 40 GB HDD. These are the minimum requirements. 2] If you see a 'virtual memory low' message then increase its virtual memory. To increase virtual memory,
Go to My Computer->Properties->Advanced->Performance Settings->Advanced->Virtual Memory->Change->Select the appropriate drive->Custom size->set appropriate level(our it is 600(min.) & 700(max.)->Ok. 3] Increase 'Visual Performance'. Go to My Computer->Properties->Advanced->Performance Settings->Visual Settings->Custom->Select only the following options.
a)Slide taskbar buttons.
b)Smooth edges of screen fonts.
c)Smooth-scroll list boxes.
d)Use a background image for each folder type.
e)Use visual style on windows and buttons.
4] Don't keep unwanted/extra fonts. To remove extra fonts, Go to Start->Settings-
>Control Panel->Fonts.
5] Your Desktop Wallpaper & Screensaver consume a large amount of disk space. Select the 'None' option for both wallpapers & Screensavers.
6] Avoid keeping DEMO Games.
7] Uninstall the unwanted Softwares.
8] Use Registry Cleaner to keep your registry clean(without errors).
9] Try to keep Music and pictures files in the folder specified by windows itself. 10]Use Hybernating Option for Quick windows start. To active Hybernating follow the following steps.
Desktop->Properties->Screensaver->Power->Hybernating->Enable Hybernating->Ok.
11] Keep your Dektop clean with unwanted icons.
12] Use Intel Application Accelerator to speed up your disk access,
13] Memory management (at least 512MB RAM Required). This allow XP to keep data in Memory instead of paging section of RAM.
Go to->Start->Run->regedit->HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Session Manager->Memory Management->Double click it->DisablePageingExecutive->Double Clik it->Set value to 1.
14] Disable Yahoo Messenger, Google Talk, and other unwanted programs from startup. (You can use registry editior to do this.). Because they do not appear in normal Startup Option.
15] Disable indexing files service (only if you do not use search option regularly). To do this follow the following steps.
Go to My Computer->Select the drive for which you want to disable the indexing service->Properties->Unselect 'Allow Indexing Service'->Ok.
16] For Windows XP, You must use NTFS partition. FAT partition is less supportive for Windows XP.
17] In BIOS, Select first booting device as your HDD.
18] Setting Priority High for a particular program.
Open Task Manager->Processes->Select the desired Program->Right Click->Set Priority->High->Ok.
This Priority set if for current session. Once you restart your system then its priority will again be Normal.
19] Keep deleting your Temporary Internet Files in regular intervals.
Go to Windows Drive (c: or d:)->Select the User->Local Settings->Temporary Internet Files
20] Empty your browser's cache in regular intervals. 21] Avoid keeping Movies in your PC
Go to My Computer->Properties->Advanced->Performance Settings->Advanced->Virtual Memory->Change->Select the appropriate drive->Custom size->set appropriate level(our it is 600(min.) & 700(max.)->Ok. 3] Increase 'Visual Performance'. Go to My Computer->Properties->Advanced->Performance Settings->Visual Settings->Custom->Select only the following options.
a)Slide taskbar buttons.
b)Smooth edges of screen fonts.
c)Smooth-scroll list boxes.
d)Use a background image for each folder type.
e)Use visual style on windows and buttons.
4] Don't keep unwanted/extra fonts. To remove extra fonts, Go to Start->Settings-
>Control Panel->Fonts.
5] Your Desktop Wallpaper & Screensaver consume a large amount of disk space. Select the 'None' option for both wallpapers & Screensavers.
6] Avoid keeping DEMO Games.
7] Uninstall the unwanted Softwares.
8] Use Registry Cleaner to keep your registry clean(without errors).
9] Try to keep Music and pictures files in the folder specified by windows itself. 10]Use Hybernating Option for Quick windows start. To active Hybernating follow the following steps.
Desktop->Properties->Screensaver->Power->Hybernating->Enable Hybernating->Ok.
11] Keep your Dektop clean with unwanted icons.
12] Use Intel Application Accelerator to speed up your disk access,
13] Memory management (at least 512MB RAM Required). This allow XP to keep data in Memory instead of paging section of RAM.
Go to->Start->Run->regedit->HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Control->Session Manager->Memory Management->Double click it->DisablePageingExecutive->Double Clik it->Set value to 1.
14] Disable Yahoo Messenger, Google Talk, and other unwanted programs from startup. (You can use registry editior to do this.). Because they do not appear in normal Startup Option.
15] Disable indexing files service (only if you do not use search option regularly). To do this follow the following steps.
Go to My Computer->Select the drive for which you want to disable the indexing service->Properties->Unselect 'Allow Indexing Service'->Ok.
16] For Windows XP, You must use NTFS partition. FAT partition is less supportive for Windows XP.
17] In BIOS, Select first booting device as your HDD.
18] Setting Priority High for a particular program.
Open Task Manager->Processes->Select the desired Program->Right Click->Set Priority->High->Ok.
This Priority set if for current session. Once you restart your system then its priority will again be Normal.
19] Keep deleting your Temporary Internet Files in regular intervals.
Go to Windows Drive (c: or d:)->Select the User->Local Settings->Temporary Internet Files
20] Empty your browser's cache in regular intervals. 21] Avoid keeping Movies in your PC
CRAKING UNIX PASSWORD BY VIRTUAL CIRCUIT
Cracking Unix passwords:
Contrary to popular belief, UNIX passwords cannot be decrypted. UNIX
passwords are encrypted with a one way function. The login program encrypts
the text you enter at the "Password:" prompt and compares that encrypted
string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist is
encrypted and the results are compared to the encrypted form of the target
password.
The best cracking program for UNIX passwords is currently Crack by Alec
Muffett. For PC-DOS, the best package to use is currently CrackerJack.
Password Shadowing:
Password shadowing is a security system where the encrypted password field
of /etc/passwd is replaced with a special token and the encrypted password
is stored in a separate file which is not readable by normal system users.
To defeat password shadowing on many (but not all) systems, write a program
that uses successive calls to getpwent() to obtain the password file.
Finding the shadowed password:
UNIX Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
/tcb/auth/files/[first letter #
of username]/[username]
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO UNIX #.2.x /tcb/auth/files/[first letter *
of username]/[username]
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
[optional NIS+ private secure maps/tables/whatever]
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
Contrary to popular belief, UNIX passwords cannot be decrypted. UNIX
passwords are encrypted with a one way function. The login program encrypts
the text you enter at the "Password:" prompt and compares that encrypted
string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist is
encrypted and the results are compared to the encrypted form of the target
password.
The best cracking program for UNIX passwords is currently Crack by Alec
Muffett. For PC-DOS, the best package to use is currently CrackerJack.
Password Shadowing:
Password shadowing is a security system where the encrypted password field
of /etc/passwd is replaced with a special token and the encrypted password
is stored in a separate file which is not readable by normal system users.
To defeat password shadowing on many (but not all) systems, write a program
that uses successive calls to getpwent() to obtain the password file.
Finding the shadowed password:
UNIX Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
/tcb/auth/files/[first letter #
of username]/[username]
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO UNIX #.2.x /tcb/auth/files/[first letter *
of username]/[username]
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
[optional NIS+ private secure maps/tables/whatever]
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
FIND YOUR WINDOWS CD KEYS
Do you remember your windows product key(cd key) that you used to install windows. Well many people would have kept it safe for future reference, but there would be many more who would have no clue about it.
Whatever be the case , here is a small free software (only 260 kb) that retrieves your Product Key (cd key) used to install windows from your registry.It also allows to copy the key to clipboard, save it to a text file, or even print it .It can also retrieve the Microsoft office product key.
It works on Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Windows Vista, Office 97, Office XP, and Office 2003.
Download link: Winkey_finder
Whatever be the case , here is a small free software (only 260 kb) that retrieves your Product Key (cd key) used to install windows from your registry.It also allows to copy the key to clipboard, save it to a text file, or even print it .It can also retrieve the Microsoft office product key.
It works on Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Windows Vista, Office 97, Office XP, and Office 2003.
Download link: Winkey_finder
HOW TO CLONE A HARD DRIVE
How to Clone a Hard Drive
Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn't know that all that you needed, was already set up on your current system? Well, it is... and if you follow this tut, you shouldn't have much of a problem.
Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.
First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.
Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.
Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.
Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".
Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:
Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:
"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.
If you receive an error message, then remove the space from between XCOPY and C:\
Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.
This tut has worked and has been tested on all systems except for Windows 2000, so you really shouldn't have any problems. If, by any chance, you should come across a snag, message me and I'll walk you through it.
~cheers~
Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn't know that all that you needed, was already set up on your current system? Well, it is... and if you follow this tut, you shouldn't have much of a problem.
Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.
First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.
Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.
Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.
Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".
Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:
Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:
"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.
If you receive an error message, then remove the space from between XCOPY and C:\
Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.
This tut has worked and has been tested on all systems except for Windows 2000, so you really shouldn't have any problems. If, by any chance, you should come across a snag, message me and I'll walk you through it.
~cheers~
Sunday, April 27, 2008
XP TRICKS CONTINUED
Make your folders invicible...:)
1)Right Click on the desktop.Make a new folder
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
3)Now u have a folder with out a name.
4)Right click on the folder>properties>customize. Click on change icon.
5)Scroll a bit, u should find some empty spaces, Click on any one of them.
click ok
Easily Disable Messenger
Go into: C:/Program Files/Messenger. Rename the Messenger folder to "MessengerOFF".
Remove Messenger
• Go to Start/Run, and type: "rundll32 setupapi,InstallHinfSection BLC.Remove 128
%SystemRoot%\INF\msmsgs.inf"
Turn Off Autoplay for Program CDs
How can you stop Windows XP from launching program CDs?
• Click Start, click Run, type GPEDIT.MSC to open Group Policy in the Microsoft
Management Console.
• Double-click Computer Configuration, double-click Administrative templates,
double-click System, and then click Turn off autoplay.
• The instructions on your screen describe how to configure this setting. Click
Properties to display the setting dialog.
• Click Enabled, and choose CD-ROM drives, then click OK, to stop CD autoplay.
This setting does not prevent Autoplay for music CDs.
Change Drive Letters in Windows XP
When you add drives to your computer, such as an extra hard drive, a CD drive, or a
storage device that corresponds to a drive, Windows automatically assigns letters to the
drives. However, this assignment might not suit your system; for example, you might have
mapped a network drive to the same letter that Windows assigns to a new drive. When you
want to change drive letters, follow these steps:
• Right-click My Computer, and then click Manage.
• Under Computer Management, click Disk Management. In the right pane, you'll see
your drives listed. CD-ROM drives are listed at the bottom of the pane.
• Right-click the drive or device you want to change, and then click Change Drive
Letter and Paths.
• Click Change, click Assign the following drive letter, click the drive letter you
want to assign, and then click OK.
Do Not Highlight Newly Installed Programs
Tired of that annoying little window that pops up to tell you that new software is
installed? If it gets in the way when you're logging off, turn it off completely. To do
this:
• Click Start, right-click at the top of the Start menu where your name is displayed,
and then click Properties.
• In the Taskbar and Start Menu Properties dialog box, on the Start Menu tab, click
Customize.
• Click the Advanced tab, and then clear the Highlight newly installed programs check
box.
• Click OK, and then click OK again
Change the Default Opening Folder in Windows Explorer
By default, Windows Explorer opens showing the My Documents folder. To change the
default setting so that all top-level drives and folders are shown, follow these steps:
• Click Start > Programs > Accessories, then right-click Windows Explorer, and click
Properties.
• Under Target field, which reads %SystemRoot%\explorer.exe, add to make the line
read:
%SystemRoot%\explorer.exe /n, /e, /select, C:\
Close Multiple Windows
If you just opened a number of separate, related windows (a folder inside a folder,
and so on), there's an easier way to close them all than one-at-a-time:
• Hold down the shift-key as you click the X caption button in the upper-right corner
of the last window opened. Doing so closes that window and all windows that came before it
change fat -> ntfs
To change ur File system from command prompt
type: convert c:/fs:ntfs(ex:'c' is the drive letter)
.
1)Right Click on the desktop.Make a new folder
2)Now rename the folder with a space(U have to hold ALT key and type 0160).
3)Now u have a folder with out a name.
4)Right click on the folder>properties>customize. Click on change icon.
5)Scroll a bit, u should find some empty spaces, Click on any one of them.
click ok
Easily Disable Messenger
Go into: C:/Program Files/Messenger. Rename the Messenger folder to "MessengerOFF".
Remove Messenger
• Go to Start/Run, and type: "rundll32 setupapi,InstallHinfSection BLC.Remove 128
%SystemRoot%\INF\msmsgs.inf"
Turn Off Autoplay for Program CDs
How can you stop Windows XP from launching program CDs?
• Click Start, click Run, type GPEDIT.MSC to open Group Policy in the Microsoft
Management Console.
• Double-click Computer Configuration, double-click Administrative templates,
double-click System, and then click Turn off autoplay.
• The instructions on your screen describe how to configure this setting. Click
Properties to display the setting dialog.
• Click Enabled, and choose CD-ROM drives, then click OK, to stop CD autoplay.
This setting does not prevent Autoplay for music CDs.
Change Drive Letters in Windows XP
When you add drives to your computer, such as an extra hard drive, a CD drive, or a
storage device that corresponds to a drive, Windows automatically assigns letters to the
drives. However, this assignment might not suit your system; for example, you might have
mapped a network drive to the same letter that Windows assigns to a new drive. When you
want to change drive letters, follow these steps:
• Right-click My Computer, and then click Manage.
• Under Computer Management, click Disk Management. In the right pane, you'll see
your drives listed. CD-ROM drives are listed at the bottom of the pane.
• Right-click the drive or device you want to change, and then click Change Drive
Letter and Paths.
• Click Change, click Assign the following drive letter, click the drive letter you
want to assign, and then click OK.
Do Not Highlight Newly Installed Programs
Tired of that annoying little window that pops up to tell you that new software is
installed? If it gets in the way when you're logging off, turn it off completely. To do
this:
• Click Start, right-click at the top of the Start menu where your name is displayed,
and then click Properties.
• In the Taskbar and Start Menu Properties dialog box, on the Start Menu tab, click
Customize.
• Click the Advanced tab, and then clear the Highlight newly installed programs check
box.
• Click OK, and then click OK again
Change the Default Opening Folder in Windows Explorer
By default, Windows Explorer opens showing the My Documents folder. To change the
default setting so that all top-level drives and folders are shown, follow these steps:
• Click Start > Programs > Accessories, then right-click Windows Explorer, and click
Properties.
• Under Target field, which reads %SystemRoot%\explorer.exe, add to make the line
read:
%SystemRoot%\explorer.exe /n, /e, /select, C:\
Close Multiple Windows
If you just opened a number of separate, related windows (a folder inside a folder,
and so on), there's an easier way to close them all than one-at-a-time:
• Hold down the shift-key as you click the X caption button in the upper-right corner
of the last window opened. Doing so closes that window and all windows that came before it
change fat -> ntfs
To change ur File system from command prompt
type: convert c:/fs:ntfs(ex:'c' is the drive letter)
.
HACKING A WINDOWS 2000 SYSTEM THROUGH IPC
By Link
1: Scanning for open Win2k systems
2: Connecting to the IPC$
3: Connecting and using Computer Management.
4. Disable NTLM
5: Starting the Telnet service
6: Creating user accounts and adding them to a group
7: Covering your tracks
8: How to protect your Win2k system from this attack
You need to be running a Win2k system:
Superscan version 3.00 by Foundstone (246kb). Homepage
NetBrute Scanner 1.0.0.7 (247KB). Homepage
PQWak V1.0 (24KB)
1: Scanning for open Win2k systems
A. Open SuperScan 2.05 (Port scanner)
B. Select a IP range
C. Check "Only scan responsive pings" and "All selected ports in list"
D. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
E. When a system with both Netbios and BlackJack is found, open NetBrute, and scan that IP to see if there is an IPC$
2: Connecting to the IPC$
A. Open a DOS window
B. Type in " net use \\ipaddress\ipc$ "" /user:administrator "
C. If you connect to the system, it will say, " The command was completed successfully "
D. If it says, “bad username or password”, Try running PQWak.exe to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
E. Users usually have only one password for everything. So try the c$ share pass as the administrator password to connect to the IPC$
3: Connecting using Computer Management
A. Open Computer Management.
B. Click “Action”, then “Connect to Another Computer”
C. Type in the IP address.
4. Disable NTLM
A. Open “regedit”
B. Connect to the following registry key:
HKEY_LOCAL_MACHINE--Software--Microsoft--Telnet Server--1.0—->NTLM
C. Set the value data from (2) to (1)
D. That will enable login to the telnet server without being connected to the IPC$ or a trusted domain.
5. Starting the Telnet service
A. In Computer Management, click “Services and Applications”
B. Click Services
C. Right click on the Telnet Service and open Properties.
D. Set the service to Automatic, and start the service.
6: Creating user accounts and adding them to a group
A. Open a dos window, and type the following: telnet IPaddress
B. If prompted to type a username and password, type Administrator with no password.
C. To create a user account, type the following: Net user username password /add
D. Replace “Username” and “password” with whatever you like.
E. To add a user account to a domain, type the following: Net localgroup administrators username /add Or Net group administrators username /add
7: Covering your tracks
A. Open a dos window, and type the following: Net use \\ipaddress\ipc$ /delete
B. While logged on to Computer Management. Check if the Security Logs are being audited in Event Viewer. If they are, clear them. :-)
8: How to protect your Win2k system from this attack
A. Open Regedit
B. Connect to the following:
C. HKEY_LOCAL_MACHINE--System--CurrentControlSet--Control--Lsa-->restrictanonymous
D. Change the "Value Data" from 0 to 1. It should say 0x00000001(1)
E. That will disable remote logon to a null IPC$
F. Always have a complicated administrator password with Windows2000 or any other OS
G. Install a firewall. www.zonealarm.com
Credits
LLNK #Hackerz on Dalnet
interdire le null session
1: Scanning for open Win2k systems
2: Connecting to the IPC$
3: Connecting and using Computer Management.
4. Disable NTLM
5: Starting the Telnet service
6: Creating user accounts and adding them to a group
7: Covering your tracks
8: How to protect your Win2k system from this attack
You need to be running a Win2k system:
Superscan version 3.00 by Foundstone (246kb). Homepage
NetBrute Scanner 1.0.0.7 (247KB). Homepage
PQWak V1.0 (24KB)
1: Scanning for open Win2k systems
A. Open SuperScan 2.05 (Port scanner)
B. Select a IP range
C. Check "Only scan responsive pings" and "All selected ports in list"
D. Only scan ports 139 (NetBIOS), and 1025 (Network Blackjack)
E. When a system with both Netbios and BlackJack is found, open NetBrute, and scan that IP to see if there is an IPC$
2: Connecting to the IPC$
A. Open a DOS window
B. Type in " net use \\ipaddress\ipc$ "" /user:administrator "
C. If you connect to the system, it will say, " The command was completed successfully "
D. If it says, “bad username or password”, Try running PQWak.exe to crack the share name password. Then insert the password like so:
net use \\ipaddress\ipc$ "password" /user:administrator
E. Users usually have only one password for everything. So try the c$ share pass as the administrator password to connect to the IPC$
3: Connecting using Computer Management
A. Open Computer Management.
B. Click “Action”, then “Connect to Another Computer”
C. Type in the IP address.
4. Disable NTLM
A. Open “regedit”
B. Connect to the following registry key:
HKEY_LOCAL_MACHINE--Software--Microsoft--Telnet Server--1.0—->NTLM
C. Set the value data from (2) to (1)
D. That will enable login to the telnet server without being connected to the IPC$ or a trusted domain.
5. Starting the Telnet service
A. In Computer Management, click “Services and Applications”
B. Click Services
C. Right click on the Telnet Service and open Properties.
D. Set the service to Automatic, and start the service.
6: Creating user accounts and adding them to a group
A. Open a dos window, and type the following: telnet IPaddress
B. If prompted to type a username and password, type Administrator with no password.
C. To create a user account, type the following: Net user username password /add
D. Replace “Username” and “password” with whatever you like.
E. To add a user account to a domain, type the following: Net localgroup administrators username /add Or Net group administrators username /add
7: Covering your tracks
A. Open a dos window, and type the following: Net use \\ipaddress\ipc$ /delete
B. While logged on to Computer Management. Check if the Security Logs are being audited in Event Viewer. If they are, clear them. :-)
8: How to protect your Win2k system from this attack
A. Open Regedit
B. Connect to the following:
C. HKEY_LOCAL_MACHINE--System--CurrentControlSet--Control--Lsa-->restrictanonymous
D. Change the "Value Data" from 0 to 1. It should say 0x00000001(1)
E. That will disable remote logon to a null IPC$
F. Always have a complicated administrator password with Windows2000 or any other OS
G. Install a firewall. www.zonealarm.com
Credits
LLNK #Hackerz on Dalnet
interdire le null session
XP REGISTRY TRICKS
Its a mixed bag.. a compilation of all the tricks..
many tricks are what i discovered..
many are shared ..
keep posting if u know more
Display Your Quick Launch ToolbarTip:
Is your Quick Launch toolbar missing from the taskbar?
To display your familiar Quick Launch toolbar:
Right-click an empty area on the taskbar, click Toolbars, and then click Quick Launch.
Easy as that your Quick Launch bar appears. To add items to your Quick Launch toolbar, click the icon for the program you want to add, and drag it to the Quick Launch portion of the taskbar.
--------------------------------------------------------------------------------
How to remove recycle bin from your desktop Tip:
Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.
--------------------------------------------------------------------------------
How to stop new programs installed balloon from coming up tip:
Right click on START button and select properties. Click on Customize and go to Advanced tab and deselect check box saying "Highlight newly installed programs". This would help you stop this annoying feature from popping up every now and then.
--------------------------------------------------------------------------------
Unlock Toolbars to Customize Them Tip:
The new Windows XP now features locking toolbars, and you can adjust them. You may customize a lot of the Windows XP features such as the Taskbar, Start Menu, and even toolbar icons in Internet Explorer and Outlook Express. Remember your right-click:
* Right-click on a toolbar, and then click Lock the Toolbars to remove the check mark.
* Right-click on the toolbar again, and then click Customize.
You may add or remove toolbar buttons, change text options and icon options. When you've got the toolbar customized, click Close. Now right-click on the toolbar and then click Lock the Toolbars to lock them in place. com
--------------------------------------------------------------------------------
Want to remove shared documents folder from My Computer window tip:
Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
How to improve on shutdown time ? Close apps automatically & quickly at shutdown tip:
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)
--------------------------------------------------------------------------------
Are you missing icons Tip:
Are you missing icons? You may be wondering where all the icons from your desktop are in Windows XP? Well if you're like me, you like to have at least My Computer, My Network Places, and My Documents on the your desktop.
You need to:
* Right-click on the desktop, and then click Properties.
* Click the Desktop tab and then click on Customize Desktop.
* Put a check mark in the box next to My Document, My Computer, My Network Places, or Internet Explorer, to add those familiar icons to your desktop. Easy yes!
--------------------------------------------------------------------------------
How to login as administrator if you don't see it available tip:
Unless and until you have run into issues and fixing XP (underwhich case you have to go to Safe Mode to login as Administrator), you can get to administrator screen by simply pressing CTRL+ALT+DELETE twice at the main screen.
--------------------------------------------------------------------------------
Speedup boot up sequence by defragmenting all key boot files tip:
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction. In right hand panel look for Enable. Right click on it and set it 'Y' for enable. This is the way I have it set on my computer. This will help speedup boot time.
Use a Shortcut to Local Area Network Connection Information:
--------------------------------------------------------------------------------
Use a Shortcut to Local Area Network Connection Information Tip:
Here's something new in Windows XP, instead of using the command line program and typing ipconfig to get local area network information, you can try using the following shortcut:
* Click on Start, point to Connect to, and then click Show All Connections.
* Right–click the connection you want information about, and then click Status.
* In the connection Properties dialog box, click the Support tab.
* For more information, click on the Advanced tab.
To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box.
--------------------------------------------------------------------------------
Do you know you can have Virtual Desktops (like in Linux) with PowerToys ?
If you have powertoys installed on Windows XP Its available for free at Microsoft download webpage. It is very easy to enable Microsoft Virtual Desktop Feature. Simply right click on the Start Panel Bar also called TaskBar, Click on Tool Bar and select Desktop manager.
You would see a set of 5 icons placed on the right portion of the TAskBar. Click on number 1 to 4 to go to any of the desktops. Now you have have four different Active Desktops.
IMPORTANT NOTE: You may see a little degradation in performance.
--------------------------------------------------------------------------------
Customize Internet. Explorer Title bar tip:
This tip won't make your computer any faster but may help personalize your computer experience. Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet. Explorer\Main. In right hand panel look for string "Window Title" and change its value to whatever custom text you want to see.
--------------------------------------------------------------------------------
adding content to Right click credit : ashwin C1
Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path.
First we will add the copy and move options to the right click menu of all FILES.
CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers
Right click the ContextMenuHandlers key and choose New>Key.
Name the new key “Copy To” (without the quotes).
Repeat the above and create another new key named Move To.
You should now have two new subkeys under the ContextMenuHandlers key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Copy To
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Move To
Select the Copy To key and in the right hand pane, double click “Default”
Enter this clsid value as the value data:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
Next , select the Move To key and in the right hand pane set the default value to:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
This now takes care of the Copy and Move options for the right click context menu of all your files.
Now all that is left is to add the same options to the right click menu of all your folders.
The procedure will be the same as for files but at a different key:
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
Right click ContextMenuHandlers and create a new key named Copy To.
Right click it again and create another new key named Move To.
left click on the right hand pane, add the same default values as you did for Files:
For Copy To:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
For the Move To:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
Exit the registry and you are done.
Now when you right click on a file or folder, you should see two new options: Copy to Folder and Move to Folder
many tricks are what i discovered..
many are shared ..
keep posting if u know more
Display Your Quick Launch ToolbarTip:
Is your Quick Launch toolbar missing from the taskbar?
To display your familiar Quick Launch toolbar:
Right-click an empty area on the taskbar, click Toolbars, and then click Quick Launch.
Easy as that your Quick Launch bar appears. To add items to your Quick Launch toolbar, click the icon for the program you want to add, and drag it to the Quick Launch portion of the taskbar.
--------------------------------------------------------------------------------
How to remove recycle bin from your desktop Tip:
Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.
--------------------------------------------------------------------------------
How to stop new programs installed balloon from coming up tip:
Right click on START button and select properties. Click on Customize and go to Advanced tab and deselect check box saying "Highlight newly installed programs". This would help you stop this annoying feature from popping up every now and then.
--------------------------------------------------------------------------------
Unlock Toolbars to Customize Them Tip:
The new Windows XP now features locking toolbars, and you can adjust them. You may customize a lot of the Windows XP features such as the Taskbar, Start Menu, and even toolbar icons in Internet Explorer and Outlook Express. Remember your right-click:
* Right-click on a toolbar, and then click Lock the Toolbars to remove the check mark.
* Right-click on the toolbar again, and then click Customize.
You may add or remove toolbar buttons, change text options and icon options. When you've got the toolbar customized, click Close. Now right-click on the toolbar and then click Lock the Toolbars to lock them in place. com
--------------------------------------------------------------------------------
Want to remove shared documents folder from My Computer window tip:
Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
How to improve on shutdown time ? Close apps automatically & quickly at shutdown tip:
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)
--------------------------------------------------------------------------------
Are you missing icons Tip:
Are you missing icons? You may be wondering where all the icons from your desktop are in Windows XP? Well if you're like me, you like to have at least My Computer, My Network Places, and My Documents on the your desktop.
You need to:
* Right-click on the desktop, and then click Properties.
* Click the Desktop tab and then click on Customize Desktop.
* Put a check mark in the box next to My Document, My Computer, My Network Places, or Internet Explorer, to add those familiar icons to your desktop. Easy yes!
--------------------------------------------------------------------------------
How to login as administrator if you don't see it available tip:
Unless and until you have run into issues and fixing XP (underwhich case you have to go to Safe Mode to login as Administrator), you can get to administrator screen by simply pressing CTRL+ALT+DELETE twice at the main screen.
--------------------------------------------------------------------------------
Speedup boot up sequence by defragmenting all key boot files tip:
Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction. In right hand panel look for Enable. Right click on it and set it 'Y' for enable. This is the way I have it set on my computer. This will help speedup boot time.
Use a Shortcut to Local Area Network Connection Information:
--------------------------------------------------------------------------------
Use a Shortcut to Local Area Network Connection Information Tip:
Here's something new in Windows XP, instead of using the command line program and typing ipconfig to get local area network information, you can try using the following shortcut:
* Click on Start, point to Connect to, and then click Show All Connections.
* Right–click the connection you want information about, and then click Status.
* In the connection Properties dialog box, click the Support tab.
* For more information, click on the Advanced tab.
To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box.
--------------------------------------------------------------------------------
Do you know you can have Virtual Desktops (like in Linux) with PowerToys ?
If you have powertoys installed on Windows XP Its available for free at Microsoft download webpage. It is very easy to enable Microsoft Virtual Desktop Feature. Simply right click on the Start Panel Bar also called TaskBar, Click on Tool Bar and select Desktop manager.
You would see a set of 5 icons placed on the right portion of the TAskBar. Click on number 1 to 4 to go to any of the desktops. Now you have have four different Active Desktops.
IMPORTANT NOTE: You may see a little degradation in performance.
--------------------------------------------------------------------------------
Customize Internet. Explorer Title bar tip:
This tip won't make your computer any faster but may help personalize your computer experience. Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet. Explorer\Main. In right hand panel look for string "Window Title" and change its value to whatever custom text you want to see.
--------------------------------------------------------------------------------
adding content to Right click credit : ashwin C1
Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path.
First we will add the copy and move options to the right click menu of all FILES.
CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers
Right click the ContextMenuHandlers key and choose New>Key.
Name the new key “Copy To” (without the quotes).
Repeat the above and create another new key named Move To.
You should now have two new subkeys under the ContextMenuHandlers key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Copy To
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Move To
Select the Copy To key and in the right hand pane, double click “Default”
Enter this clsid value as the value data:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
Next , select the Move To key and in the right hand pane set the default value to:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
This now takes care of the Copy and Move options for the right click context menu of all your files.
Now all that is left is to add the same options to the right click menu of all your folders.
The procedure will be the same as for files but at a different key:
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
Right click ContextMenuHandlers and create a new key named Copy To.
Right click it again and create another new key named Move To.
left click on the right hand pane, add the same default values as you did for Files:
For Copy To:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
For the Move To:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
Exit the registry and you are done.
Now when you right click on a file or folder, you should see two new options: Copy to Folder and Move to Folder
HACKING PASSWORD PROTECTED WEBSITES
warning : For educational purpose only
i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol
rahul
here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
i know dis is lame but just would like to share wid u.
have nothing for next half an hour so typing it.. lol
rahul
here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting
[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .
Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.
HACKING NETWORK PRINTERS
How to hack network printers
Hacking Networks what I know
In this step by step guide you will learn about: How to hack network printers using the command prompt
Things to remember
• CP = Command Prompt
• HDs = Hard Drives
Step by Step:
1. Open command prompt if it's block and you don't know how to get to it go to Using the command prompt under a limited account and then continue to step #2.
2. In command prompt type
c:\windows>nbtstat -a 203.195.136.156
(instead of the I.P. address type the real I.P. address or the name of the computer your trying to get to) and if you don't know how to get the name of the computer then go to what to do after hacking the C:\ drive and then continue to step #3.
3. Let say that it gives you this
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
The number <20> shows that the victim has enabled the File And Printer Sharing.
-------------------------------------
NOTE - If you do not get this number there are two possible answers
A. You do not get the number <20>. This shows that the victim has not enabled the File and Printer Sharing. (SO STOP READING HERE BECAUSE IF DONT GET IT THAT MEANS THAT IT'S ALMOST IMPOSSIBLE TO GET TO THE PRINTER).
B. You get "Host Not found". This shows that the port 139 is closed or the ip address or computer name doesn't exist or the computer you are trying to get to is turned off.
4. Now in command prompt type
c:\windows>net view \\203.195.136.156
Let's suppose we get the following output
Shared resources at \\203.195.136.156
The computer's name will be here
Share name Type Used as Comment
-------------------------------------------
CDISK Disk
Hello Printer
The command completed successfully.
5. The name Hello is one of the printers that being shared on command prompt (the word Printer at the side its just saying what the thing being shared is a printer, disk or a file) now type
c:\windows>net use \\203.195.136.156\Hello
If the command is successful we will get the confirmation - The command was completed successfully
Now when you want to print anything the printer should be listed there so you can use it. Just select the printer named hello and click print.
Back to Hacking Hard Drives with command prompt
End of command prompt step by step guides
happy learning!!!
Back to Top
Hacking Tutorials
Home !
Command Prompt
Command Prompt CP on limited account Hack Network HDs Hack Network Printers
Hacking C:\ Drives & Servers
Security and Programs
Erasing Your Tracks
Hacking Tricks
Ethical & Unethical Hackers
My Space
Hacking The Xbox
Backing up your DVD's
Help
Link To Us
Working Projects & New Stuff
Wonderful Images
About Me / Contact Me
Disclaimer
Links
________________________________________
© 2006 Master Juan. All rights reserved.
Contact Me| Rate My Site | Forum | SiteMap | Disclaimer
Hacking Networks what I know
In this step by step guide you will learn about: How to hack network printers using the command prompt
Things to remember
• CP = Command Prompt
• HDs = Hard Drives
Step by Step:
1. Open command prompt if it's block and you don't know how to get to it go to Using the command prompt under a limited account and then continue to step #2.
2. In command prompt type
c:\windows>nbtstat -a 203.195.136.156
(instead of the I.P. address type the real I.P. address or the name of the computer your trying to get to) and if you don't know how to get the name of the computer then go to what to do after hacking the C:\ drive and then continue to step #3.
3. Let say that it gives you this
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
user <00> UNIQUE Registered
workgroup <00> GROUP Registered
user <03> UNIQUE Registered
user <20> UNIQUE Registered
MAC Address = 00-02-44-14-23-E6
The number <20> shows that the victim has enabled the File And Printer Sharing.
-------------------------------------
NOTE - If you do not get this number there are two possible answers
A. You do not get the number <20>. This shows that the victim has not enabled the File and Printer Sharing. (SO STOP READING HERE BECAUSE IF DONT GET IT THAT MEANS THAT IT'S ALMOST IMPOSSIBLE TO GET TO THE PRINTER).
B. You get "Host Not found". This shows that the port 139 is closed or the ip address or computer name doesn't exist or the computer you are trying to get to is turned off.
4. Now in command prompt type
c:\windows>net view \\203.195.136.156
Let's suppose we get the following output
Shared resources at \\203.195.136.156
The computer's name will be here
Share name Type Used as Comment
-------------------------------------------
CDISK Disk
Hello Printer
The command completed successfully.
5. The name Hello is one of the printers that being shared on command prompt (the word Printer at the side its just saying what the thing being shared is a printer, disk or a file) now type
c:\windows>net use \\203.195.136.156\Hello
If the command is successful we will get the confirmation - The command was completed successfully
Now when you want to print anything the printer should be listed there so you can use it. Just select the printer named hello and click print.
Back to Hacking Hard Drives with command prompt
End of command prompt step by step guides
happy learning!!!
Back to Top
Hacking Tutorials
Home !
Command Prompt
Command Prompt CP on limited account Hack Network HDs Hack Network Printers
Hacking C:\ Drives & Servers
Security and Programs
Erasing Your Tracks
Hacking Tricks
Ethical & Unethical Hackers
My Space
Hacking The Xbox
Backing up your DVD's
Help
Link To Us
Working Projects & New Stuff
Wonderful Images
About Me / Contact Me
Disclaimer
Links
________________________________________
© 2006 Master Juan. All rights reserved.
Contact Me| Rate My Site | Forum | SiteMap | Disclaimer
HAKING TRUTH MNUAL
Welcome to another Hacking Truths Manual. This time I have a collection of Tips and Tricks which no body normally knows, the secrets which Microsoft is afraid to tell the people, the information which you will seldom find all gathered up and arranged in a single file. To fully reap this Manual you need to have a basic understanding of the Windows Registry, as almost all the Tricks and Tips involve this file.
****************
Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system
****************
Exiting Windows the Cool and Quick Way
Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)
'C:\windows\rundll.exe user.exe,exitwindowsexec'
This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:
'c:\windows\rundll.exe user.exe,exitwindows'
This Shortcut on clicking will shut down Windows immediately without any Warning.
Ban Shutdowns : A trick to Play on Lamers
This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.
Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"="1"
Disabling Display of Drives in My Computer
This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:03ffffff
Take Over the Screen Saver
To activate and deactivate the screen saver whenever you want, goto the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers
Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.
Pop a banner each time Windows Boots
To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]
"LegalNoticeCaption"="Caption here."
Delete the Tips of the Day to save 5KB
Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.
To save 5K go to the following key in Regedit:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips
Now simply delete these tricks by selecting and pressing the DEL key.
Change the Default Locations
To change the default drive or path where Windows will look for it's installation files, go to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath
Now you can edit as you wish.
Secure your Desktop Icons and Settings
You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.
CLSID Folders Explained
Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.
Before we go on, you need to understand what CLSID values are. These folders, like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are system folders. Each system folder has a unique CLSID key or the Class ID which is a 16-byte value which identifies an individual object that points to a corresponding key in the registry.
To delete these system Folders from the desktop simply go to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The following are the CLSID values of the most commonly used icons:
My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}
Desktop: {00021400-0000-0000-C000-0000000000046}
Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}
Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}
Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}
Inbox :{00020D76-0000-0000-C000-000000000046}
My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}
Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}
Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}
The Microsoft Network:{00028B00-0000-0000-C000-000000000046}
History: {FF393560-C2A7-11CF-BFF4-444553540000}
Winzip :{E0D79300-84BE-11CE-9641-444553540000}
For example, to delete the Recycle Bin, first note down it's CLSID value, which is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the registry and delete the corresponding key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
Similarly to delete the History folder, delete the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Sometimes, you may need to play a trick on your brother or friend, well this one teaches you how to hide all icons from the Desktop. Go to the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD value by the name: NoDesktop and set its value to: 1. Reboot and you will find no icons on the desktop.
Till now you simply learnt how to delete the special system folders by deleting a registry key, but the hack would have been better if there was a way of adding the DELETE and RENAME option to the right click context menus of these special folders. You can actually change the right click context menu of any system folder and add any of the following options: RENAME, DELETE, CUT, COPY, PASTE and lots more.
This hack too requires you to know the CLSID value of the system folder whose menu you want to customize. In this section, I have taken up Recycle Bin as the folder whose context menu I am going to edit.
Firstly launch the registry editor and open the following registry key:
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder.
In Case you want to edit some other folder like say the FONTS folder, then you will open the following key:
HKEY_CLASSES_ROOT\CLSID\{CLSID VALUE HERE}\ShellFolder.
In the right pane there will be a DWORD value names attributes. Now consider the following options:
1. To add the Rename option to the menu, change the value of Attributes to
50 01 00 20
2. To add the Delete option to the menu, change the value of Attributes to
60 01 00 20
3. To add both the Rename & Delete options to the menu, change the value of Attributes to 70,01,00,20
4. Add Copy to the menu, change Attributes to 41 01 00 20
5. Add Cut to the menu, change Attributes to 42 01 00 20
6. Add Copy & Cut to the menu, change Attributes to 43 01 00 20
7. Add Paste to the menu, change Attributes to 44 01 00 20
8. Add Copy & Paste to the menu, change Attributes to 45 01 00 20
9. Add Cut & Paste to the menu, change Attributes to 46 01 00 20
10.Add all Cut, Copy & Paste to the menu, change Attributes to 47 01 00 20
We want to add only the Rename option to the right click context menu of the Recycle Bin, so change the value of attributes to: 50 01 00 20. Press F5 to refresh and then after rebooting you will find that when you right click on the Recycle Bin a RENAME option pops up too.
To reset the default Windows options change the value of Attributes back to
40 01 00 20
The Registry File which one can create for the above process would be something like the below:
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell-Folder]
"Attributes"=hex:50,01,00,20
To access say the Modem Properties in the Control Panel Folder, the normal procedure is: Click on Start, Click on Settings> Control Panel and then wait for the Control Panel window to pop up and then ultimately click on the Modems icon.
Wouldn't it be lovely if you could shorten the process to: Click on Start> Control Panel>Modems. Yes you can add the Control Panel and also all other Special System Folders directly to the first level Start Menu. Firstly collect the CLSID value of the folder you want to add to the start menu. I want to add Control Panel hence the CLSID value is: 21EC2020-3AEA-1069-A2DD-08002B30309D
Now right click on the Start Button and select Open. Now create a new folder and name it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
NOTE: Do not forget the period after the 'l' in Panel. Similarly all system folders can be added to the Start Menu.(accept My Briefcase, I think)
Deleting System Options from the Start menu
You can actually remove the Find and Run options from the start menu by performing a simple registry hack. Again like always Launch the registry editor and scroll down to the below key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Right-click on the right pane and select New, DWORD Value. Name it NoFind.(To remove the RUN option name it NoRun). Double-click the newly create DWORD to edit it's value and enter 1 as its value. This will disable the FIND option of the Start Menu and will also disable the default Shortcut key(F3 for Find.)
To restore the Run or find command modify the value of the DWORD to 0 or simply Delete the DWORD value.
Fed Up of the boring Old Yellow Folder Icons?[Drive Icons Included]
NOTE: This trick hasn't been tried on Win98.
You can easily change the boring yellow folder icons to your own personalized icons. Simply create a text file and copy the following lines into it:
[.ShellClassInfo]
ICONFILE=Drive:\Path\Icon_name.extension
Save this text file by the name, desktop.ini in the folder, whose icon you want to change. Now to prevent this file from getting deleted change it's attributes to Hidden and Read Only by using the ATTRIB command.
To change the icon of a drive, create a text file containing the following lines:
[Autorun]
ICON=Drive:\Path\Icon_name.extension
Save this file in the root of the drive whose icon you want to change and name it autorun.inf For Example, if you want to change the icon of a floppy, SAVE THE icon in a:\icon_name.ico One can also create a kewl icon for the Hard Disk and create a text file [autorun.inf] and store it in "c:\".
Securing NT
By default, NT 4.0 displays the last person who logged onto the system. This can be considered to be a security threat, especially in the case of those who choose their password to be same as their Username. To disable this bug which actually is a feature, go to the following key in the registry editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
Click and select the ReportBookOK item and create a new string value called DontDisplayLastUserName. Modify it and set it's value to 1.
As a system administrator, you can ensure that the passwords chosen by the users are not too lame or too easy to guess. NT has this lovely utility called the User Manager which allows the administrator to set the age limit of the password which forces the users to change the password after a certain number of days. You can also set the minimum length of passwords and prevent users to use passwords which already have been used earlier and also enable account lockouts which will deactivate an account after a specified number of failed login attempts.
When you log on to Win NT, you should disable Password Caching, this ensures Single NT Domain login and also prevents secondary Windows Logon screen.
Simply copy the following lines to a plain text ASCII editor like: Notepad and save it with an extension, .reg
----------------DISABLE.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001
----------------DISABLE.reg-----------------
To Enable Password Caching use the following .reg file:
--------------Enable.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000000
--------------Enable.reg-----------------
Cleaning Recent Docs Menu and the RUN MRU
The Recent Docs menu can be easily disabled by editing the Registry. To do this go to the following Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu and set it's value to 1. Restart Explorer to save the changes.
You can also clear the RUN MRU history. All the listings are stored in the key:
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
You can delete individual listings or the entire listing. To delete History of Find listings go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
and delete.
Customizing the Right Click Context Menu of the Start Menu
When you right click on the start menu, only 3 options pop up: Open, Explore, and Find. You can add your own programs to this pop up menu( which comes up when we right click on it.) Open Regedit and go to the following registry key:
HKEY_CLASSES_ROOT\Directory\Shell
Right click on the shell and create a new Sub Key (You can create a new SubKey by right clicking on the Shell Key and selecting New > Key.). Type in the name of the application you want to add to the start menu. I want to add Notepad to the Start Menu and hence I name this new sub key, Notepad. Now right click on the new registry key that you just created and create yet another new key named Command. Enter the full path of the application, in this case Notepad in the default value of Command in the right
pane. So I Modify the value of the default string value and enter the full pathname of Notepad:
c:\wndows\notepad.exe.
Now press F5 to refresh. Now if you right click on the Start Button you will find a new addition to the Pop Up Menu called Notepad. Clicking on it will launch Notepad.
We can not only add but also remove the existing options in this pop up box.
To delete the Find option, go to the following registry key:
HKEY_CLASSES_ROOT\Directory\Shell\Find
Delete Find. DO NOT delete Open else you will not be able to open any folders in the Start Menu like Programs, Accessories etc.
BMP Thumbnail As Icon
You can actually change the default BMP icon to a thumbnail version of the actual BMP file. To do this simply go to HKCU\Paint.Picture\Default. In the right pane change the value of default to %1. Please note however that this will slow down the display rate in explorer if there are too many BMP thumbnails to display. You can use other icons too, simply enter the pathname.To restore back to the normal change the vale of default back to: C:\Progra~1\Access~1\MSPAINT.EXE,1.
Customizing The Shortcut Arrow
All shortcuts have a tiny black arrow attached to it's icon to distinguish from normal files. This arrow can sometimes be pretty annoying and as a Hacker should know how to change each and everything, here goes another trick. Launch the Registry Editor and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell Icons.
Now, on the right pane is a list of icons ( we found out that on some systems, Windows 98 especially, the right pane is blank. Don't worry, just add the value as required ). Find the value 29. If it isn't there, just add it. The value of this string should be C:\Windows\system\shell32.dll, 29 ( which means the 30th icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to do this. Just create one with white as the whole icon. Go here to learn how to create an icon. Once done just change the value to C:\xxx.ico, 0 where "xxx" is the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will find that under shell32.dll there is a gear icon, a shared folder ( the hand ) and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT system
--------------script.pl-----------------
#!c:\per\bin\perl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',\%services);
foreach $key (sort keys %services) {
print "Print Name\t: $key, $services{$key}\n";
Win32::Service::GetStatus( ' ',$services{$key};
\%status);
foreach $part (keys %status) {
print "\t$part : $status{$part}\n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------
Internet Explorer Tricks and Tips
Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more enjoyable but sometimes we need the Toolbar but also need to have extra viewing area. Now this hack teaches you how to change the size of the Internet Explorer toolbar. This registry hack is a bit complicated as it involves Binary values, so to make it simple, I have included the following registry file which will enable the resizable option of the Internet Explorer toolbar which was present in the beta version of IE.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,\
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,\
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,\
00,03,00,00,00,08,00,00,00,00,00,00,00
*******************
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors like NOT FOUND etc . They are aimed at making things easier for newbies. If you would rather prefer to see the proper error pages for the web server you're using, go to Tools, Internet Options and select the Advanced tab. Then scroll down and uncheck the Show friendly http errors box.
*******************
Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Internet Explorer\Toolbar\.
Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.
Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.
In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place.
Now let's move on to some Outlook Express Tricks.
Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch the Windows Registry Editor and scroll down to the
HKEY_CURRENT_USER\Software\Microsoft\Internet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now change the value to 1. Close and restart. Now, launch Outlook Express and whenever you open up a New Message, hold down ctrl-shift and tap the z key to scroll to change the background color. Repeat the keystroke to cycle through the colors.
Internet Explorer 5 Hidden Features
Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.
Hacking Secrets
Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.
Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.
Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.
The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.
You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.
Launch Regedit and go to the following Registry Key:
HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:
NoDeletePrinter: Disables Deletion of already installed Printers
NoAddPrinter: Disables Addition of new Printers
NoRun : Disables or hides the Run Command
NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)
NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu
NoFind: Removes the Find Tool (Start >Find)
NoDrives: Hides and does not display any Drives in My Computer
NoNetHood: Hides or removes the Network Neighborhood icon from the desktop
NoDesktop: Hides all items including, file, folders and system folders from the Desktop
NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.
NoSaveSettings: Means to say, 'Don't save settings on exit'
DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too
will not work.)
NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)
ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.
Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop
Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):
NODispCPL: Hides Control Panel
NoDispBackgroundPage: Hides Background page.
NoDispScrsavPage: Hides Screen Saver Page
NoDispAppearancePage: Hides Appearance Page
NoDispSettingsPage: Hides Settings Page
NoSecCPL: Disables Password Control Panel
NoPwdPage: Hides Password Change Page
NoAdminPaqe: Hides Remote Administration Page
NoProfilePage: Hides User Profiles Page
NoDevMgrPage: Hides Device Manager Page
NoConfigPage: Hides Hardware Profiles Page
NoFileSysPage: Hides File System Button
NoVirtMemPage: Hides Virtual Memory Button
Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
NoNetSetupSecurityPage: Hides Network Security Page
NoNelSetup: Hides or disables the Network option in the Control Panel
NoNetSetupIDPage: Hides the Identification Page
NoNetSetupSecurityPage: Hides the Access Control Page
NoFileSharingControl: Disables File Sharing Controls
NoPrintSharing: Disables Print Sharing Controls
Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
Disabled: Disable MS-DOS Prompt
NoRealMode: Disable Single-Mode MS-DOS.
So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.
The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.
Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)
It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.
****************
HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows displays an error message saying that the file is protected. This simply means that the file is write protected, or in other words the R option is +. Get it? Anyway, you can stop Windows from displaying this error message and straightaway delete this file by changing its attributes to Non Read Only. This can be done by Right Clicking on the file, selecting Properties and then
unselecting the Read Only Option.
***************
There is yet another way of accessing restricted folders. Use see, DOS has a lovely command known as START. Its general syntax is:
START application_path
It does do what it seems to do, start applications. So in you have access to DOS then you can type in the START command to get access to the restricted folder. Now mostly access to DOS too would be blocked. So again you can use the shortcut trick to launch, c:\command.com or c:\windows\command.com. (Command.com is the file which launches MS DOS).
Accessing Restricted Drives.
The problem with most system administrators is that they think that the users or Hackers too are stupid. Almost all system administrators use the Registry Trick (Explained Earlier) to hide all drives in My Computer. So in order to unhide or display all drives, simply delete that particular key.(Refer to beginning of Untold Secrets Section.)
Some systems have the floppy disk disabled through the BIOS. On those systems if the BIOS is protected, you may need to crack the BIOS password. (For that Refer to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +) and then creating Shortcuts to them also helps us to get access to them.
Further Changing your Operating System's Looks by editing .htt files
If you have installed Windows Desktop Update and have the view as Web Page option enabled, you can customise the way the folder looks by selecting View > Customise this folder. Here you can change the background and other things about that particular folder. Well that is pretty lame, right? We hackers already know things as lame as that. Read on for some kewl stuff.
Well, you could also change the default that is stored in a Hidden HTML Template file (I think so..) which is nothing but a HTML document with a .htt extension. This .htt file is found at: %systemroot%\web\folder.htt.
The %systemroot% stands for the drive in which Windows is Installed, which is normally C:
You can edit these .htt files almost just like you edit normal .HTM or .HTML files. Simply open them in an ASCII editor like Notepad. The following is a list of .htt files on your system which control various folders and which can be edited to customise the way various folders look.
controlp.htt Control Panel
printers.htt Printers
mycomp.htt My Computer
safemode.htt Safe Mode
All these files are found in the web folder in %systemfolder%. The folder.htt file has a line:
'Here's a good place to add a few lines of your own"
which is the place where you can add your own A HREF links. These links would then appear in the folder whose folder.htt file you edited. All this might sound really easy and simple, but you see these .htt files do not contain normal HTML code, instead they contain a mixture of HTML and web bots. Hence they can be difficult for newbies to understand.
Well that's it for now, more tricks later, till then goodbye.
Ankit Fadia
ankit@bol.net.in
Get the Archive of Manuals [EVERYTHING YOU DREAMT OFF] written by Ankit Fadia
At his mailing list.
To get the manuals in your Inbox join his mailing list by sending an email to:
programmingforhackers-subscribe@egroups.com
Untold Windows Tips and Secrets By Ankit Fadia ankit@bol.net.in
****************
Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system
****************
Exiting Windows the Cool and Quick Way
Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)
'C:\windows\rundll.exe user.exe,exitwindowsexec'
This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:
'c:\windows\rundll.exe user.exe,exitwindows'
This Shortcut on clicking will shut down Windows immediately without any Warning.
Ban Shutdowns : A trick to Play on Lamers
This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.
Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.
You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"="1"
Disabling Display of Drives in My Computer
This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:03ffffff
Take Over the Screen Saver
To activate and deactivate the screen saver whenever you want, goto the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers
Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.
Pop a banner each time Windows Boots
To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]
"LegalNoticeCaption"="Caption here."
Delete the Tips of the Day to save 5KB
Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.
To save 5K go to the following key in Regedit:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips
Now simply delete these tricks by selecting and pressing the DEL key.
Change the Default Locations
To change the default drive or path where Windows will look for it's installation files, go to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath
Now you can edit as you wish.
Secure your Desktop Icons and Settings
You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.
CLSID Folders Explained
Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.
Before we go on, you need to understand what CLSID values are. These folders, like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are system folders. Each system folder has a unique CLSID key or the Class ID which is a 16-byte value which identifies an individual object that points to a corresponding key in the registry.
To delete these system Folders from the desktop simply go to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The following are the CLSID values of the most commonly used icons:
My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}
Desktop: {00021400-0000-0000-C000-0000000000046}
Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}
Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}
Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}
Inbox :{00020D76-0000-0000-C000-000000000046}
My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}
Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}
Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}
The Microsoft Network:{00028B00-0000-0000-C000-000000000046}
History: {FF393560-C2A7-11CF-BFF4-444553540000}
Winzip :{E0D79300-84BE-11CE-9641-444553540000}
For example, to delete the Recycle Bin, first note down it's CLSID value, which is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the registry and delete the corresponding key.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
Similarly to delete the History folder, delete the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{FBF23B42-E3F0-101B-8488-00AA003E56F8}
Sometimes, you may need to play a trick on your brother or friend, well this one teaches you how to hide all icons from the Desktop. Go to the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane create a new DWORD value by the name: NoDesktop and set its value to: 1. Reboot and you will find no icons on the desktop.
Till now you simply learnt how to delete the special system folders by deleting a registry key, but the hack would have been better if there was a way of adding the DELETE and RENAME option to the right click context menus of these special folders. You can actually change the right click context menu of any system folder and add any of the following options: RENAME, DELETE, CUT, COPY, PASTE and lots more.
This hack too requires you to know the CLSID value of the system folder whose menu you want to customize. In this section, I have taken up Recycle Bin as the folder whose context menu I am going to edit.
Firstly launch the registry editor and open the following registry key:
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder.
In Case you want to edit some other folder like say the FONTS folder, then you will open the following key:
HKEY_CLASSES_ROOT\CLSID\{CLSID VALUE HERE}\ShellFolder.
In the right pane there will be a DWORD value names attributes. Now consider the following options:
1. To add the Rename option to the menu, change the value of Attributes to
50 01 00 20
2. To add the Delete option to the menu, change the value of Attributes to
60 01 00 20
3. To add both the Rename & Delete options to the menu, change the value of Attributes to 70,01,00,20
4. Add Copy to the menu, change Attributes to 41 01 00 20
5. Add Cut to the menu, change Attributes to 42 01 00 20
6. Add Copy & Cut to the menu, change Attributes to 43 01 00 20
7. Add Paste to the menu, change Attributes to 44 01 00 20
8. Add Copy & Paste to the menu, change Attributes to 45 01 00 20
9. Add Cut & Paste to the menu, change Attributes to 46 01 00 20
10.Add all Cut, Copy & Paste to the menu, change Attributes to 47 01 00 20
We want to add only the Rename option to the right click context menu of the Recycle Bin, so change the value of attributes to: 50 01 00 20. Press F5 to refresh and then after rebooting you will find that when you right click on the Recycle Bin a RENAME option pops up too.
To reset the default Windows options change the value of Attributes back to
40 01 00 20
The Registry File which one can create for the above process would be something like the below:
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell-Folder]
"Attributes"=hex:50,01,00,20
To access say the Modem Properties in the Control Panel Folder, the normal procedure is: Click on Start, Click on Settings> Control Panel and then wait for the Control Panel window to pop up and then ultimately click on the Modems icon.
Wouldn't it be lovely if you could shorten the process to: Click on Start> Control Panel>Modems. Yes you can add the Control Panel and also all other Special System Folders directly to the first level Start Menu. Firstly collect the CLSID value of the folder you want to add to the start menu. I want to add Control Panel hence the CLSID value is: 21EC2020-3AEA-1069-A2DD-08002B30309D
Now right click on the Start Button and select Open. Now create a new folder and name it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}
NOTE: Do not forget the period after the 'l' in Panel. Similarly all system folders can be added to the Start Menu.(accept My Briefcase, I think)
Deleting System Options from the Start menu
You can actually remove the Find and Run options from the start menu by performing a simple registry hack. Again like always Launch the registry editor and scroll down to the below key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Right-click on the right pane and select New, DWORD Value. Name it NoFind.(To remove the RUN option name it NoRun). Double-click the newly create DWORD to edit it's value and enter 1 as its value. This will disable the FIND option of the Start Menu and will also disable the default Shortcut key(F3 for Find.)
To restore the Run or find command modify the value of the DWORD to 0 or simply Delete the DWORD value.
Fed Up of the boring Old Yellow Folder Icons?[Drive Icons Included]
NOTE: This trick hasn't been tried on Win98.
You can easily change the boring yellow folder icons to your own personalized icons. Simply create a text file and copy the following lines into it:
[.ShellClassInfo]
ICONFILE=Drive:\Path\Icon_name.extension
Save this text file by the name, desktop.ini in the folder, whose icon you want to change. Now to prevent this file from getting deleted change it's attributes to Hidden and Read Only by using the ATTRIB command.
To change the icon of a drive, create a text file containing the following lines:
[Autorun]
ICON=Drive:\Path\Icon_name.extension
Save this file in the root of the drive whose icon you want to change and name it autorun.inf For Example, if you want to change the icon of a floppy, SAVE THE icon in a:\icon_name.ico One can also create a kewl icon for the Hard Disk and create a text file [autorun.inf] and store it in "c:\".
Securing NT
By default, NT 4.0 displays the last person who logged onto the system. This can be considered to be a security threat, especially in the case of those who choose their password to be same as their Username. To disable this bug which actually is a feature, go to the following key in the registry editor:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
Click and select the ReportBookOK item and create a new string value called DontDisplayLastUserName. Modify it and set it's value to 1.
As a system administrator, you can ensure that the passwords chosen by the users are not too lame or too easy to guess. NT has this lovely utility called the User Manager which allows the administrator to set the age limit of the password which forces the users to change the password after a certain number of days. You can also set the minimum length of passwords and prevent users to use passwords which already have been used earlier and also enable account lockouts which will deactivate an account after a specified number of failed login attempts.
When you log on to Win NT, you should disable Password Caching, this ensures Single NT Domain login and also prevents secondary Windows Logon screen.
Simply copy the following lines to a plain text ASCII editor like: Notepad and save it with an extension, .reg
----------------DISABLE.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001
----------------DISABLE.reg-----------------
To Enable Password Caching use the following .reg file:
--------------Enable.reg-----------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000000
--------------Enable.reg-----------------
Cleaning Recent Docs Menu and the RUN MRU
The Recent Docs menu can be easily disabled by editing the Registry. To do this go to the following Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now in the right pane, create a new DWORD value by the name: NoRecentDocsMenu and set it's value to 1. Restart Explorer to save the changes.
You can also clear the RUN MRU history. All the listings are stored in the key:
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
You can delete individual listings or the entire listing. To delete History of Find listings go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
and delete.
Customizing the Right Click Context Menu of the Start Menu
When you right click on the start menu, only 3 options pop up: Open, Explore, and Find. You can add your own programs to this pop up menu( which comes up when we right click on it.) Open Regedit and go to the following registry key:
HKEY_CLASSES_ROOT\Directory\Shell
Right click on the shell and create a new Sub Key (You can create a new SubKey by right clicking on the Shell Key and selecting New > Key.). Type in the name of the application you want to add to the start menu. I want to add Notepad to the Start Menu and hence I name this new sub key, Notepad. Now right click on the new registry key that you just created and create yet another new key named Command. Enter the full path of the application, in this case Notepad in the default value of Command in the right
pane. So I Modify the value of the default string value and enter the full pathname of Notepad:
c:\wndows\notepad.exe.
Now press F5 to refresh. Now if you right click on the Start Button you will find a new addition to the Pop Up Menu called Notepad. Clicking on it will launch Notepad.
We can not only add but also remove the existing options in this pop up box.
To delete the Find option, go to the following registry key:
HKEY_CLASSES_ROOT\Directory\Shell\Find
Delete Find. DO NOT delete Open else you will not be able to open any folders in the Start Menu like Programs, Accessories etc.
BMP Thumbnail As Icon
You can actually change the default BMP icon to a thumbnail version of the actual BMP file. To do this simply go to HKCU\Paint.Picture\Default. In the right pane change the value of default to %1. Please note however that this will slow down the display rate in explorer if there are too many BMP thumbnails to display. You can use other icons too, simply enter the pathname.To restore back to the normal change the vale of default back to: C:\Progra~1\Access~1\MSPAINT.EXE,1.
Customizing The Shortcut Arrow
All shortcuts have a tiny black arrow attached to it's icon to distinguish from normal files. This arrow can sometimes be pretty annoying and as a Hacker should know how to change each and everything, here goes another trick. Launch the Registry Editor and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell Icons.
Now, on the right pane is a list of icons ( we found out that on some systems, Windows 98 especially, the right pane is blank. Don't worry, just add the value as required ). Find the value 29. If it isn't there, just add it. The value of this string should be C:\Windows\system\shell32.dll, 29 ( which means the 30th icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to do this. Just create one with white as the whole icon. Go here to learn how to create an icon. Once done just change the value to C:\xxx.ico, 0 where "xxx" is the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will find that under shell32.dll there is a gear icon, a shared folder ( the hand ) and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT system
--------------script.pl-----------------
#!c:\per\bin\perl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',\%services);
foreach $key (sort keys %services) {
print "Print Name\t: $key, $services{$key}\n";
Win32::Service::GetStatus( ' ',$services{$key};
\%status);
foreach $part (keys %status) {
print "\t$part : $status{$part}\n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------
Internet Explorer Tricks and Tips
Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more enjoyable but sometimes we need the Toolbar but also need to have extra viewing area. Now this hack teaches you how to change the size of the Internet Explorer toolbar. This registry hack is a bit complicated as it involves Binary values, so to make it simple, I have included the following registry file which will enable the resizable option of the Internet Explorer toolbar which was present in the beta version of IE.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,\
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,\
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,\
00,03,00,00,00,08,00,00,00,00,00,00,00
*******************
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors like NOT FOUND etc . They are aimed at making things easier for newbies. If you would rather prefer to see the proper error pages for the web server you're using, go to Tools, Internet Options and select the Advanced tab. Then scroll down and uncheck the Show friendly http errors box.
*******************
Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Internet Explorer\Toolbar\.
Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.
Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.
In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place.
Now let's move on to some Outlook Express Tricks.
Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch the Windows Registry Editor and scroll down to the
HKEY_CURRENT_USER\Software\Microsoft\Internet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now change the value to 1. Close and restart. Now, launch Outlook Express and whenever you open up a New Message, hold down ctrl-shift and tap the z key to scroll to change the background color. Repeat the keystroke to cycle through the colors.
Internet Explorer 5 Hidden Features
Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.
Hacking Secrets
Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.
Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.
Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.
The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.
You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.
Launch Regedit and go to the following Registry Key:
HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies
Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:
NoDeletePrinter: Disables Deletion of already installed Printers
NoAddPrinter: Disables Addition of new Printers
NoRun : Disables or hides the Run Command
NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)
NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu
NoFind: Removes the Find Tool (Start >Find)
NoDrives: Hides and does not display any Drives in My Computer
NoNetHood: Hides or removes the Network Neighborhood icon from the desktop
NoDesktop: Hides all items including, file, folders and system folders from the Desktop
NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.
NoSaveSettings: Means to say, 'Don't save settings on exit'
DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too
will not work.)
NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)
ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.
Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop
Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):
NODispCPL: Hides Control Panel
NoDispBackgroundPage: Hides Background page.
NoDispScrsavPage: Hides Screen Saver Page
NoDispAppearancePage: Hides Appearance Page
NoDispSettingsPage: Hides Settings Page
NoSecCPL: Disables Password Control Panel
NoPwdPage: Hides Password Change Page
NoAdminPaqe: Hides Remote Administration Page
NoProfilePage: Hides User Profiles Page
NoDevMgrPage: Hides Device Manager Page
NoConfigPage: Hides Hardware Profiles Page
NoFileSysPage: Hides File System Button
NoVirtMemPage: Hides Virtual Memory Button
Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
NoNetSetupSecurityPage: Hides Network Security Page
NoNelSetup: Hides or disables the Network option in the Control Panel
NoNetSetupIDPage: Hides the Identification Page
NoNetSetupSecurityPage: Hides the Access Control Page
NoFileSharingControl: Disables File Sharing Controls
NoPrintSharing: Disables Print Sharing Controls
Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):
Disabled: Disable MS-DOS Prompt
NoRealMode: Disable Single-Mode MS-DOS.
So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.
The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.
Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)
It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.
****************
HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows displays an error message saying that the file is protected. This simply means that the file is write protected, or in other words the R option is +. Get it? Anyway, you can stop Windows from displaying this error message and straightaway delete this file by changing its attributes to Non Read Only. This can be done by Right Clicking on the file, selecting Properties and then
unselecting the Read Only Option.
***************
There is yet another way of accessing restricted folders. Use see, DOS has a lovely command known as START. Its general syntax is:
START application_path
It does do what it seems to do, start applications. So in you have access to DOS then you can type in the START command to get access to the restricted folder. Now mostly access to DOS too would be blocked. So again you can use the shortcut trick to launch, c:\command.com or c:\windows\command.com. (Command.com is the file which launches MS DOS).
Accessing Restricted Drives.
The problem with most system administrators is that they think that the users or Hackers too are stupid. Almost all system administrators use the Registry Trick (Explained Earlier) to hide all drives in My Computer. So in order to unhide or display all drives, simply delete that particular key.(Refer to beginning of Untold Secrets Section.)
Some systems have the floppy disk disabled through the BIOS. On those systems if the BIOS is protected, you may need to crack the BIOS password. (For that Refer to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +) and then creating Shortcuts to them also helps us to get access to them.
Further Changing your Operating System's Looks by editing .htt files
If you have installed Windows Desktop Update and have the view as Web Page option enabled, you can customise the way the folder looks by selecting View > Customise this folder. Here you can change the background and other things about that particular folder. Well that is pretty lame, right? We hackers already know things as lame as that. Read on for some kewl stuff.
Well, you could also change the default that is stored in a Hidden HTML Template file (I think so..) which is nothing but a HTML document with a .htt extension. This .htt file is found at: %systemroot%\web\folder.htt.
The %systemroot% stands for the drive in which Windows is Installed, which is normally C:
You can edit these .htt files almost just like you edit normal .HTM or .HTML files. Simply open them in an ASCII editor like Notepad. The following is a list of .htt files on your system which control various folders and which can be edited to customise the way various folders look.
controlp.htt Control Panel
printers.htt Printers
mycomp.htt My Computer
safemode.htt Safe Mode
All these files are found in the web folder in %systemfolder%. The folder.htt file has a line:
'Here's a good place to add a few lines of your own"
which is the place where you can add your own A HREF links. These links would then appear in the folder whose folder.htt file you edited. All this might sound really easy and simple, but you see these .htt files do not contain normal HTML code, instead they contain a mixture of HTML and web bots. Hence they can be difficult for newbies to understand.
Well that's it for now, more tricks later, till then goodbye.
Ankit Fadia
ankit@bol.net.in
Get the Archive of Manuals [EVERYTHING YOU DREAMT OFF] written by Ankit Fadia
At his mailing list.
To get the manuals in your Inbox join his mailing list by sending an email to:
programmingforhackers-subscribe@egroups.com
Untold Windows Tips and Secrets By Ankit Fadia ankit@bol.net.in
Subscribe to:
Posts (Atom)