Computer Hacking

Configuring your Bulletproof FTP Server Tutorial

2009-01-15T06:37:00.001-08:00

Configuring your Bulletproof FTP Server Tutorial

I am not sure where I found this tutorial, It’s been a while…It might even have been here... ..So if it is one of yours, my hat goes off to you once again....

After reading the excellent tutorial on "Creating an FTP" that Norway posted…

(I would suggest reading and following his tutorial first, then following up with this one)

I thought that perhaps this tutorial might be pretty helpful for those interested in knowing how to configure their Bulletproof FTP Server that don't already know how... Here's how to get started…

This is for the BulletProof FTP Server 2.10. However, It should work fine on most following versions as well.

I'm assuming you have it installed and cracked.

Basics
1. Start the program.
2. Click on Setup > Main > General from the pull-down menu.
3. Enter your server name into the 'Server Name' box. Under Connection set the “Max number of users" to any number. This is the limit as to how many users can be on your sever at any time.
4. Click on the 'options' tab of that same panel (on the side)
5. Look at the bottom, under IP Options. Put a check in the box “Refuse Multiple Connections from the same IP”. This will prevent one person from blocking your FTP to others.
6. Also put a check in the 'Blocked Banned IP (instead of notifying client). VERY IMPORTANT! If somebody decides to 'Hammer' (attempt to login numerous times VERY quickly) your server/computer may CRASH if you don't enable this.
7. Click on the 'advanced' tab
8. At the bottom again look at the 'hammering area'
9. Enable 'anti-hammer' and 'do not reply to people hammering' Set it for the following: Block IP 120 min if 5 connections in 60 sec. You can set this at whatever you want to but that is pretty much a standard Click 'OK'

Adding Users
11. Setup > User accounts form pull-down.
12. Right click in the empty 'User Accounts' area on the right: choose 'Add'
13. Enter account name. (ie: logon name)
14. In the 'Access rights' box right click: choose ‘Add’.
15. Browse until you find the directory (folder) you want to share. In the right column you will see a bunch of checkboxes. Put a check in the following ones: Read, Write, Append, Make, List, and +Subdirs. Press 'select'.
16. Enter a password for your new FTP account.
17. Click on 'Miscellaneous' in the left column. Make sure 'Enable Account' is selected. Enable 'Max Number of Users' set it at a number other than zero. 1 for a personal account and more that one for a group account. Enable 'Max. no. of connects per IP' set it at 1

18. Under 'Files' enable 'show relative path' this is a security issue. A FTP client will now not be able to see the ENTIRE path of the FTP. It will only see the path from the main directory. Hide hidden flies as well.
Put a tick in both of these.

Advanced:
You don't need to do any of this stuff, but It will help tweak your server and help you maintain order on it. All of the following will be broken down into small little areas that will tell you how to do one thing at a time.

Changing the Port
The default port is always 21, but you can change this. Many ISPs will routinely do a scan of its own users to find a ftp server, also when people scan for pubs they may scan your IP, thus finding your ftp server. If you do decide to change it many suggest that you make the port over 10,000.
1. Setup > Main > General
2. In the 'Connection' Area is a setting labeled 'Listen on Port Number:'
3. Make it any number you want. That will be your port number.
4. Click 'OK'

Making an 'Upload Only' or 'Download Only' ftp server.
This is for the entire SERVER, not just a user.
1. Setup > Main > Advanced
2. In the advanced window you will have the following options: uploads and downloads, downloads only, and uploads only. By default upload and download will be checked. Change it to whatever you want.
3. Click 'OK’

While you are running your server, usually you will end up spending more time at your computer than you normally do. Don't be afraid to ban IP's. Remember, on your FTP you do as you want.

When you are online you must also select the open server button next to the on-line button which is the on-line Button

You also have to use the actual Numbered ip Address ie: 66.250.216.67

Or even Better yet, get a no-ip.com address

Windows Hacks: Boot Winxp Fast

2009-01-15T06:35:00.001-08:00

Windows Hacks: Boot Winxp Fast

Follow the following steps

1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.

BIOS Update Procedure

2009-01-15T06:33:00.001-08:00

BIOS Update Procedure

All latest Motherboards today, 486/ Pentium / Pentium Pro etc.,ensure that upgrades are easily obtained by incorporating the system BIOS in a FLASH Memory component. With FLASH BIOS, there is no need to replace an EPROM component. Once downloaded, the upgrade utility fits on a floppy disc allowing the user to save, verify and update the system BIOS. A hard drive or a network drive can also be used to run the newer upgrade utilities. However, memory managers can not be installed while upgrading.

Most pre-Pentium motherboards do not have a Flash BIOS. The following instructions therefore do not apply to these boards. If your motherboard does not have a Flash BIOS (EEPROM) you will need to use an EPROM programmer to re-program the BIOS chip. See your dealer for more information about this.

Please read the following instructions in full before starting a Flash BIOS upgrade:
A. Create a Bootable Floppy (in DOS)

•With a non-formatted disk, type the following:

format a:/s

•If using a formatted disk, type:

sys a:

This procedure will ensure a clean boot when you are flashing the new BIOS.

B. Download the BIOS file

•Download the correct BIOS file by clicking on the file name of the BIOS file you wish to download.

•Save the BIOS file and the Flash Utility file in the boot disk you have created. Unzip the BIOS file and the flash utility file. If you don't have an "unzip" utility, download the WinZip for Windows 95 shareware/ evaluation copy for that one time use from _www.winzip.com or _www.pkware.com. Most CD ROMs found in computer magazines, have a shareware version of WinZip on them.

•You should have extracted two files:

Flash BIOS utility eg: flash7265.exe (for example)

BIOS eg: 6152J900.bin (example)

Use the latest flash utility available unless otherwise specified (either on the BIOS update page or in the archive file). This information is usually provided.

C. Upgrade the System BIOS

During boot up, write down the old BIOS version because you will need to use it for the BIOS backup file name.

Place the bootable floppy disk containing the BIOS file and the Flash Utility in drive a, and reboot the system in MS-DOS, preferably Version 6.22

•At the A:> prompt, type the corresponding Flash BIOS utility and the BIOS file with its extension.

For example:

flash625 615j900.bin

•From the Flash Memory Writer menu, select "Y" to "Do you want to save BIOS?" if you want to save (back up) your current BIOS (strongly recommended), then type the name of your current BIOS and its extension after FILE NAME TO SAVE: eg: a:\613J900.bin

Alternatively select "N" if you don't want to save your current BIOS. Beware, though, that you won't be able to recover from a possible failure.

•Select "Y" to "Are you sure to program?"

•Wait until it displays "Message: Power Off or Reset the system"

Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system. If you write to BIOS but cannot complete the procedure, do not switch off, because the computer will not be able to boo, and you will not be given another chance to flash. In this case leave your system on until you resolve the problem (flashing BIOS with old file is a possible solution, provided you've made a backup before)

Make sure the new BIOS version has been loaded properly by taking note of the BIOS identifier as the system is rebooting.

For AMI BIOS
Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system holding the "END" key prior to power on until you enter CMOS setup. If you do not do this the first time booting up after upgrading the BIOS, the system will hang.

BIOS Update Tips
note:
1.Make sure never to turn off or reset your computer during the flash process. This will corrupt the BIOS data. We also recommend that you make a copy of your current BIOS on the bootable floppy so you can reflash it if you need to. (This option is not available when flashing an AMI BIOS).

2. If you have problems installing your new BIOS please check the following:

Have you done a clean boot?
In other words, did you follow the above procedure for making a bootable floppy? This ensures that when booting from "A" there are no device drivers on the diskette. Failing to do a clean boot is the most common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS.

If you have not used a bootable floppy, insure a clean boot either by

a) pressing F5 during bootup

b) by removing all device drivers on the CONFIG.SYS including the HIMEM.SYS. Do this by using the EDIT command.

Have you booted up under DOS?
Booting in Windows is another common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS. Make sure to boot up to DOS with a minimum set of drivers. Important: Booting in DOS does not mean selecting "Restart computer in MS-DOS Mode" from Windows98/95 shutdown menu or going to Prompt mode in WindowsNT, but rather following the above procedure (format a: /s and rebooting from a:\).

Have you entered the full file name of the flash utility and the BIOS plus its extension?
Do not forget that often you will need to add a drive letter (a:\) before flashing the BIOS. Example: when asked for file name of new BIOS file which is on your floppy disk, in case you're working from c:\ your will need to type a:\615j900.bin, rather than 615j900.bin only.

Backtracking EMAIL Messages

2009-01-15T06:31:00.001-08:00

Backtracking EMAIL Messages

Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: "Maricela Paulson" <s359dyxtt@yahoo.com>

Reply-To: "Maricela Paulson" <s359dyxtt@yahoo.com>

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.

Windows Hacks: Auto End Tasks to Enable a Proper Shutdown

2009-01-15T06:30:00.001-08:00

Windows Hacks: Auto End Tasks to Enable a Proper Shutdown

This reg file automatically ends tasks and timeouts that prevent programs from shutting down and clears the Paging File on Exit.

1. Copy the following (everything in the box) into notepad.

QUOTE
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"AutoEndTasks"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="1000"

2. Save the file as shutdown.reg
3. Double click the file to import into your registry.

NOTE: If your anti-virus software warns you of a "malicious" script, this is normal if you have "Script Safe" or similar technology enabled.

ALL About Spyware

2009-01-15T06:28:00.001-08:00

There are a lot of PC users that know little about "Spyware", "Mal-ware", "hijackers", "Dialers" & many more. This will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?
Spy-ware is Internet jargon for Advertising Supported software (Ad-ware). It is a way for shareware authors to make money from a product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid. If you find the banners annoying, there is usually an option to remove them, by paying the regular licensing fee.

Known spywares
There are thousands out there, new ones are added to the list everyday. But here are a few:
Alexa, Aureate/Radiate, BargainBuddy, ClickTillUWin, Conducent Timesink, Cydoor, Comet Cursor, eZula/KaZaa Toptext, Flashpoint/Flashtrack, Flyswat, Gator, GoHip, Hotbar, ISTbar, Lions Pride Enterprises/Blazing Logic/Trek Blue, Lop (C2Media), Mattel Brodcast, Morpheus, NewDotNet, Realplayer, Songspy, Xupiter, Web3000, WebHancer, Windows Messenger Service.

How to check if a program has spyware?
The is this Little site that keeps a database of programs that are known to install spyware.

Check Here: http://www.spywareguide.com/product_search.php

If you would like to block pop-ups (IE Pop-ups).
There tons of different types out there, but these are the 2 best, i think.

Try: Google Toolbar (http://toolbar.google.com/) This program is Free
Try: AdMuncher (http://www.admuncher.com) This program is Shareware

If you want to remove the "spyware" try these.
Try: Lavasoft Ad-Aware (http://www.lavasoftusa.com/) This program is Free
Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D (http://www.safer-networking.org/) This program is Free
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: BPS Spyware and Adware Remover (http://www.bulletproofsoft.com/spyware-remover.html) This program is Shareware
Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you'd like to remove.

Try: Spy Sweeper v2.2 (http://www.webroot.com/wb/products/spysweeper/index.php) This program is Shareware
Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.
The best scanner out there, and updated all the time.

Try: HijackThis 1.97.7 (http://www.spywareinfo.com/~merijn/downloads.html) This program is Freeware
Info: HijackThis is a tool, that lists all installed browser add-on, buttons, startup items and allows you to inspect them, and optionally remove selected items.

If you would like to prevent "spyware" being install.
Try: SpywareBlaster 2.6.1 (http://www.wilderssecurity.net/spywareblaster.html) This program is Free
Info: SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: SpywareGuard 2.2 (http://www.wilderssecurity.net/spywareguard.html) This program is Free
Info: SpywareGuard provides a real-time protection solution against so-called spyware. It works similar to an anti-virus program, by scanning EXE and CAB files on access and alerting you if known spyware is detected.

Try: XP-AntiSpy (http://www.xp-antispy.org/) This program is Free
Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people.

Try: SpySites (http://camtech2000.net/Pages/SpySites_Prog...ml#SpySitesFree) This program is Free
Info: SpySites allows you to manage the Internet Explorer Restricted Zone settings and easily add entries from a database of 1500+ sites that are known to use advertising tracking methods or attempt to install third party software.

If you would like more Information about "spyware".

Setting Up A Ftp

2009-01-15T06:27:00.001-08:00

Setting Up A Ftp:

Well, since many of us have always wondered this, here it is. Long and drawn out. Also, before attempting this, realize one thing; You will have to give up your time, effort, bandwidth, and security to have a quality ftp server.
That being said, here it goes. First of all, find out if your IP (Internet Protocol) is static (not changing) or dynamic (changes everytime you log on). To do this, first consider the fact if you have a dial up modem. If you do, chances are about 999 999 out of 1 000 000 that your IP is dynamic. To make it static, just go to a place like h*tp://www.myftp.org/ to register for a static ip address.

You'll then need to get your IP. This can be done by doing this:
Going to Start -> Run -> winipcfg or www.ask.com and asking 'What is my IP?'

After doing so, you'll need to download an FTP server client. Personally, I'd recommend G6 FTP Server, Serv-U FTPor Bullitproof v2.15 all three of which are extremely reliable, and the norm of the ftp world.
You can download them on this site: h*tp://www.liaokai.com/softw_en/d_index.htm

First, you'll have to set up your ftp. For this guide, I will use step-by-step instructions for G6. First, you'll have to go into 'Setup -> General'. From here, type in your port # (default is 21). I recommend something unique, or something a bit larger (ex: 3069). If you want to, check the number of max users (this sets the amount of simultaneous maximum users on your server at once performing actions - The more on at once, the slower the connection and vice versa).

The below options are then chooseable:
-Launch with windows
-Activate FTP Server on Start-up
-Put into tray on startup
-Allow multiple instances
-Show "Loading..." status at startup
-Scan drive(s) at startup
-Confirm exit

You can do what you want with these, as they are pretty self explanatory. The scan drive feature is nice, as is the 2nd and the last option. From here, click the 'options' text on the left column.

To protect your server, you should check 'login check' and 'password check', 'Show relative path (a must!)', and any other options you feel you'll need. After doing so, click the 'advanced' text in the left column. You should then leave the buffer size on the default (unless of course you know what you're doing ), and then allow the type of ftp you want.

Uploading and downloading is usually good, but it's up to you if you want to allow uploads and/or downloads. For the server priority, that will determine how much conventional memory will be used and how much 'effort' will go into making your server run smoothly.

Anti-hammering is also good, as it prevents people from slowing down your speed. From here, click 'Log Options' from the left column. If you would like to see and record every single command and clutter up your screen, leave the defaults.

But, if you would like to see what is going on with the lowest possible space taken, click 'Screen' in the top column. You should then check off 'Log successful logins', and all of the options in the client directry, except 'Log directory changes'. After doing so, click 'Ok' in the bottom left corner.

You will then have to go into 'Setup -> User Accounts' (or ctrl & u). From here, you should click on the right most column, and right click. Choose 'Add', and choose the username(s) you would like people to have access to.

After giving a name (ex: themoonlanding), you will have to give them a set password in the bottom column (ex: wasfaked). For the 'Home IP' directory, (if you registered with a static server, check 'All IP Homes'. If your IP is static by default, choose your IP from the list. You will then have to right click in the very center column, and choose 'Add'.

From here, you will have to set the directory you want the people to have access to. After choosing the directory, I suggest you choose the options 'Read', 'List', and 'Subdirs', unless of course you know what you're doing . After doing so, make an 'upload' folder in the directory, and choose to 'add' this folder seperately to the center column. Choose 'write', 'append', 'make', 'list', and 'subdirs'. This will allow them to upload only to specific folders (your upload folder).

Now click on 'Miscellaneous' from the left column. Choose 'enable account', your time-out (how long it takes for people to remain idle before you automatically kick them off), the maximum number of users for this name, the maximum number of connections allowed simultaneously for one ip address, show relative path (a must!), and any other things at the bottom you'd like to have. Now click 'Ok'.
**Requested**

From this main menu, click the little boxing glove icon in the top corner, and right click and unchoose the hit-o-meter for both uploads and downloads (with this you can monitor IP activity). Now click the lightning bolt, and your server is now up and running.

Post your ftp info, like this:

213.10.93.141 (or something else, such as: 'f*p://example.getmyip.com')

User: *** (The username of the client)

Pass: *** (The password)

Port: *** (The port number you chose)

So make a FTP and join the FTP section

Listing The Contents Of A Ftp:

Listing the content of a FTP is very simple.
You will need FTP Content Maker, which can be downloaded from here:
ht*p://www.etplanet.com/download/application/FTP%20Content%20Maker%201.02.zip

1. Put in the IP of the server. Do not put "ftp://" or a "/" because it will not work if you do so.
2. Put in the port. If the port is the default number, 21, you do not have to enter it.
3. Put in the username and password in the appropriate fields. If the login is anonymous, you do not have to enter it.
4. If you want to list a specific directory of the FTP, place it in the directory field. Otherwise, do not enter anything in the directory field.
5. Click "Take the List!"
6. After the list has been taken, click the UBB output tab, and copy and paste to wherever you want it.

If FTP Content Maker is not working, it is probably because the server does not utilize Serv-U Software.

If you get this error message:
StatusCode = 550
LastResponse was : 'Unable to open local file test-ftp'
Error = 550 (Unable to open local file test-ftp)
Error = Unable to open local file test-ftp = 550
Close and restart FTP Content Maker, then try again.

error messages:

110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.

Active FTP vs. Passive FTP, a Definitive Explanation

Introduction
One of the most commonly seen questions when dealing with firewalls and other Internet connectivity issues is the difference between active and passive FTP and how best to support either or both of them. Hopefully the following text will help to clear up some of the confusion over how to support FTP in a firewalled environment.

This may not be the definitive explanation, as the title claims, however, I've heard enough good feedback and seen this document linked in enough places to know that quite a few people have found it to be useful. I am always looking for ways to improve things though, and if you find something that is not quite clear or needs more explanation, please let me know! Recent additions to this document include the examples of both active and passive command line FTP sessions. These session examples should help make things a bit clearer. They also provide a nice picture into what goes on behind the scenes during an FTP session. Now, on to the information...

The Basics
FTP is a TCP based service exclusively. There is no UDP component to FTP. FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

Active FTP
In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

From the server-side firewall's standpoint, to support active mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data port)

In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4.

The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client--something that is usually blocked.

Active FTP Example
Below is an actual example of an active FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

There are a few interesting things to consider about this dialog. Notice that when the PORT command is issued, it specifies a port on the client (192.168.150.80) system, rather than the server. We will see the opposite behavior when we use passive FTP. While we are on the subject, a quick note about the format of the PORT command. As you can see in the example below it is formatted as a series of six numbers separated by commas. The first four octets are the IP address while the second two octets comprise the port that will be used for the data connection. To find the actual port multiply the fifth octet by 256 and then add the sixth octet to the total. Thus in the example below the port number is ( (14*256) + 178), or 3762. A quick check with netstat should confirm this information.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,150,80,14,178
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for file list.
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Passive FTP
In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode.

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1024 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.

From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's ports > 1024 from anywhere (Client initiates data connection to random port specified by server)
FTP server's ports > 1024 to remote ports > 1024 (Server sends ACKs (and data) to client's data port)

In step 1, the client contacts the server on the command port and issues the PASV command. The server then replies in step 2 with PORT 2024, telling the client which port it is listening to for the data connection. In step 3 the client then initiates the data connection from its data port to the specified server data port. Finally, the server sends back an ACK in step 4 to the client's data port.

While passive mode FTP solves many of the problems from the client side, it opens up a whole range of problems on the server side. The biggest issue is the need to allow any remote connection to high numbered ports on the server. Fortunately, many FTP daemons, including the popular WU-FTPD allow the administrator to specify a range of ports which the FTP server will use. See Appendix 1 for more information.

The second issue involves supporting and troubleshooting clients which do (or do not) support passive mode. As an example, the command line FTP utility provided with Solaris does not support passive mode, necessitating a third-party FTP client, such as ncftp.

With the massive popularity of the World Wide Web, many people prefer to use their web browser as an FTP client. Most browsers only support passive mode when accessing ftp:// URLs. This can either be good or bad depending on what the servers and firewalls are configured to support.

Passive FTP Example
Below is an actual example of a passive FTP session. The only things that have been changed are the server names, IP addresses, and user names. In this example an FTP session is initiated from testbox1.slacksite.com (192.168.150.80), a linux box running the standard FTP command line client, to testbox2.slacksite.com (192.168.150.90), a linux box running ProFTPd 1.2.2RC2. The debugging (-d) flag is used with the FTP client to show what is going on behind the scenes. Everything in red is the debugging output which shows the actual FTP commands being sent to the server and the responses generated from those commands. Normal server output is shown in black, and user input is in bold.

Notice the difference in the PORT command in this example as opposed to the active FTP example. Here, we see a port being opened on the server (192.168.150.90) system, rather than the client. See the discussion about the format of the PORT command above, in the Active FTP Example section.

testbox1: {/home/p-t/slacker/public_html} % ftp -d testbox2
Connected to testbox2.slacksite.com.
220 testbox2.slacksite.com FTP server ready.
Name (testbox2:slacker): slacker
---> USER slacker
331 Password required for slacker.
Password: TmpPass
---> PASS XXXX
230 User slacker logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (192,168,150,90,195,149).
---> LIST
150 Opening ASCII mode data connection for file list
drwx------ 3 slacker users 104 Jul 27 01:45 public_html
226 Transfer complete.
ftp> quit
---> QUIT
221 Goodbye.

Summary
The following chart should help admins remember how each FTP mode works:

Active FTP :
command : client >1024 -> server 21
data : client >1024 <- server 20

Passive FTP :
command : client >1024 -> server 21
data : client >1024 -> server >1024

A quick summary of the pros and cons of active vs. passive FTP is also in order:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.

Advanced Shellcoding Techniques

2009-01-15T06:25:00.001-08:00

This paper assumes a working knowledge of basic shellcoding techniques, and x86 assembly, I will not rehash these in this paper. I hope to teach you some of the lesser known shellcoding techniques that I have picked up, which will allow you to write smaller and better shellcodes. I do not claim to have invented any of these techniques, except for the one that uses the div instruction.

The multiplicity of mul

This technique was originally developed by Sorbo of darkircop.net. The mul instruction may, on the surface, seem mundane, and it's purpose obvious. However, when faced with the difficult challenge of shrinking your shellcode, it proves to be quite useful. First some background information on the mul instruction itself.

mul performs an unsigned multiply of two integers. It takes only one operand, the other is implicitly specified by the %eax register. So, a common mul instruction might look something like this:

movl $0x0a,%eax
mul $0x0a

This would multiply the value stored in %eax by the operand of mul, which in this case would be 10*10. The result is then implicitly stored in EDX:EAX. The result is stored over a span of two registers because it has the potential to be considerably larger than the previous value, possibly exceeding the capacity of a single register(this is also how floating points are stored in some cases, as an interesting sidenote).

So, now comes the ever-important question. How can we use these attributes to our advantage when writing shellcode? Well, let's think for a second, the instruction takes only one operand, therefore, since it is a very common instruction, it will generate only two bytes in our final shellcode. It multiplies whatever is passed to it by the value stored in %eax, and stores the value in both %edx and %eax, completely overwriting the contents of both registers, regardless of whether it is necessary to do so, in order to store the result of the multiplication. Let's put on our mathematician hats for a second, and consider this, what is the only possible result of a multiplication by 0? The answer, as you may have guessed, is 0. I think it's about time for some example code, so here it is:

xorl %ecx,%ecx
mul %ecx

What is this shellcode doing? Well, it 0's out the %ecx register using the xor instruction, so we now know that %ecx is 0. Then it does a mul %ecx, which as we just learned, multiplies it's operand by the value in %eax, and then proceeds to store the result of this multiplication in EDX:EAX. So, regardless of %eax's previous contents, %eax must now be 0. However that's not all, %edx is 0'd now too, because, even though no overflow occurs, it still overwrites the %edx register with the sign bit(left-most bit) of %eax. Using this technique we can zero out three registers in only three bytes, whereas by any other method(that I know of) it would have taken at least six.

The div instruction

Div is very similar to mul, in that it takes only one operand and implicitly divides the operand by the value in %eax. Also like, mul it stores the result of the divide in %eax. Again, we will require the mathematical side of our brains to figure out how we can take advantage of this instruction. But first, let's think about what is normally stored in the %eax register. The %eax register holds the return value of functions and/or syscalls. Most syscalls that are used in shellcoding will return -1(on failure) or a positive value of some kind, only rarely will they return 0(though it does occur). So, if we know that after a syscall is performed, %eax will have a non-zero value, and that the instruction divl %eax will divide %eax by itself, and then store the result in %eax, we can say that executing the divl %eax instruction after a syscall will put the value 1 into %eax. So...how is this applicable to shellcoding? Well, their is another important thing that %eax is used for, and that is to pass the specific syscall that you would like to call to int $0x80. It just so happens that the syscall that corresponds to the value 1 is exit(). Now for an example:

xorl %ebx,%ebx
mul %ebx
push %edx
pushl   $0x3268732f
pushl   $0x6e69622f
mov %esp, %ebx
push %edx
push %ebx
mov %esp,%ecx
movb $0xb, %al #execve() syscall, doesn't return at all unless it fails, in which case it returns -1
int $0x80

divl %eax # -1 / -1 = 1
int $0x80

Now, we have a 3 byte exit function, where as before it was 5 bytes. However, there is a catch, what if a syscall does return 0? Well in the odd situation in which that could happen, you could do many different things, like inc %eax, dec %eax, not %eax anything that will make %eax non-zero. Some people say that exit's are not important in shellcode, because your code gets executed regardless of whether or not it exits cleanly. They are right too, if you really need to save 3 bytes to fit your shellcode in somewhere, the exit() isn't worth keeping. However, when your code does finish, it will try to execute whatever was after your last instruction, which will most likely produce a SIG ILL(illegal instruction) which is a rather odd error, and will be logged by the system. So, an exit() simply adds an extra layer of stealth to your exploit, so that even if it fails or you can't wipe all the logs, at least this part of your presence will be clear.

Unlocking the power of leal

The leal instruction is an often neglected instruction in shellcode, even though it is quite useful. Consider this short piece of shellcode.

xorl %ecx,%ecx
leal 0x10(%ecx),%eax

This will load the value 17 into eax, and clear all of the extraneous bits of eax. This occurs because the leal instruction loads a variable of the type long into it's desitination operand. In it's normal usage, this would load the address of a variable into a register, thus creating a pointer of sorts. However, since ecx is 0'd and 0+17=17, we load the value 17 into eax instead of any kind of actual address. In a normal shellcode we would do something like this, to accomplish the same thing:

xorl %eax,%eax
movb $0x10,%eax

I can hear you saying, but that shellcode is a byte shorter than the leal one, and you're quite right. However, in a real shellcode you may already have to 0 out a register like ecx(or any other register), so the xorl instruction in the leal shellcode isn't counted. Here's an example:

xorl    %eax,%eax
xorl    %ebx,%ebx
movb    $0x17,%al
int    $0x80

xorl %ebx,%ebx
leal 0x17(%ebx),%al
int $0x80

Both of these shellcodes call setuid(0), but one does it in 7 bytes while the other does it in 8. Again, I hear you saying but that's only one byte it doesn't make that much of a difference, and you're right, here it doesn't make much of a difference(except for in shellcode-size pissing contests =p), but when applied to much larger shellcodes, which have many function calls and need to do things like this frequently, it can save quite a bit of space.

Conclusion

I hope you all learned something, and will go out and apply your knowledge to create smaller and better shellcodes. If you know who invented the leal technique, please tell me and I will credit him/her.

20 Great Google Secrets

2009-01-15T06:23:00.001-08:00

Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google's index, it's still a struggle to pare results to a manageable number.

But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Google's search options go beyond simple keywords, the Web, and even its own programmers. Let's look at some of Google's lesser-known options.

Syntax Search Tricks

Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages. Google has a fairly complete list of its syntax elements at

www.google.com/help/operators.html

. Here are some advanced operators that can help narrow down your search results.

Intitle: at the beginning of a query word or phrase (intitle:"Three Blind Mice") restricts your search results to just the titles of Web pages.

Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you're searching for might commonly appear in URLs. If you're looking for the term HTML, for example, and you don't want to get results such as

www.mysite.com/index.html

, you can enter intext:html.

Link: lets you see which pages are linking to your Web page or to another page you're interested in. For example, try typing in

link:http://www.pcmag.com

Try using site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:"Mark Twain"site:edu. Experiment with mixing various elements; you'll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.

Swiss Army Google

Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

lets you do both math and a variety of conversions from the search box. For extra fun, try the query "Answer to life the universe and everything."

Let Google help you figure out whether you've got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try "thre blund mise") and Google may suggest a proper spelling. This doesn't always succeed; it works best when the word you're searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you're searching for "three blind mice," underneath the search window will appear a statement such as Searched the web for "three blind mice.") You'll discover that you can click on each word in your search phrase and get a definition from a dictionary.

Suppose you want to contact someone and don't have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you'll see it at the top of the search results along with a map link to the address. If you'd rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you'd rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Extended Googling

Google offers several services that give you a head start in focusing your search. Google Groups

(http://groups.google.com)

indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: Froogle
CODE
(http://froogle.google.com),

which indexes products from online stores, and Google Catalogs
CODE
(http://catalogs.google.com),

which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google's tools and services at

www.google.com/options/index.html

You're probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(www.googlealert.com)

monitors your search terms and e-mails you information about new additions to Google's Web index. (Google Alert is not affiliated with Google; it uses Google's Web services API to perform its searches.) If you're more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).

This service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com),

a place for experimental Google ideas and features (which may come and go, so what's there at this writing might not be there when you decide to check it out). With Google Voice Search

(http://labs1.google.com/gvs.html),

you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don't expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google's search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you'll need an API key, which is available free from
CODE
www.google.com/apis

. See the figures for two more examples, and visit

www.pcmag.com/solutions

for more.

Thanks to its many different search properties, Google goes far beyond a regular search engine. Give the tricks in this article a try. You'll be amazed at how many different ways Google can improve your Internet searching.

Online Extra: More Google Tips

Here are a few more clever ways to tweak your Google searches.

Search Within a Timeframe

Daterange: (start date–end date). You can restrict your searches to pages that were indexed within a certain time period. Daterange: searches by when Google indexed a page, not when the page itself was created. This operator can help you ensure that results will have fresh content (by using recent dates), or you can use it to avoid a topic's current-news blizzard and concentrate only on older results. Daterange: is actually more useful if you go elsewhere to take advantage of it, because daterange: requires Julian dates, not standard Gregorian dates. You can find converters on the Web (such as

CODE
http://aa.usno.navy.mil/data/docs/JulianDate.html

excl.gif No Active Links, Read the Rules - Edit by Ninja excl.gif

), but an easier way is to do a Google daterange: search by filling in a form at

www.researchbuzz.com/toolbox/goofresh.shtml or www.faganfinder.com/engines/google.shtml

. If one special syntax element is good, two must be better, right? Sometimes. Though some operators can't be mixed (you can't use the link: operator with anything else) many can be, quickly narrowing your results to a less overwhelming number.

More Google API Applications

Staggernation.com offers three tools based on the Google API. The Google API Web Search by Host (GAWSH) lists the Web hosts of the results for a given query

(www.staggernation.com/gawsh/).

When you click on the triangle next to each host, you get a list of results for that host. The Google API Relation Browsing Outliner (GARBO) is a little more complicated: You enter a URL and choose whether you want pages that related to the URL or linked to the URL

(www.staggernation.com/garbo/).

Click on the triangle next to an URL to get a list of pages linked or related to that particular URL. CapeMail is an e-mail search application that allows you to send an e-mail to google@capeclear.com with the text of your query in the subject line and get the first ten results for that query back. Maybe it's not something you'd do every day, but if your cell phone does e-mail and doesn't do Web browsing, this is a very handy address to know.

Linking Your Xbox To Your Computer

2009-01-12T23:13:00.001-08:00

Linking Your Xbox To Your Computer

I. Introduction

Some basics and assumptions (the more you know, the more you UNDERSTAND):

Crossover cable: A crossover cable is needed to directly connect your computer and Xbox. You would plug one end of the cable to your computer and the other end into the Xbox, there are no devices in between. If you have a hub, switch, or router you will not need a crossover cable though some still will work with one. With connecting to hubs, switches, or routers you should use a straight-through cable. The image below shows the difference between the two:

To easily tell if you have a crossover or not, simply look at the two ends side by side. If all the pins, 1 through 8 on both ends are all the same color in the same order, you have a straight-through cable. If pins 1, 3 and 2, 6 are swapped you have a crossover cable. Notice the TX, RX as well. This shows why in pc to pc connections a crossover is required. Otherwise one pc will be transmitting over the same wire the other pc is trying to transmit on.

This guide currently gives configuration examples for setting up an FTP connection with Evox, Avalaunch, MXM, or UnleashX as your dash. It is also recommended to use FlashFXP as your FTP client though many others will work just fine.
You do not NEED an internet connection to FTP to your Xbox. When you ftp to your Xbox from a computer in your house to the Xbox in your house, no packets (data) need to go out to the internet and they shouldn't even try. The tricky part is when you want to be able to access the internet and ftp to your Xbox at the same time. How this is done and how difficult it is depends on the devices you have.
I will not list every baby step involved for how to set things, like every mouse click required. If you're not sure how to do something I've said to configure, see number 5 below.
If something is said in this guide that you don't understand or don't know how to accomplish it, try google. It is a search engine at http://www.google.com
For example, if I say "Run a command prompt" but don't mention how; don't go immediately posting in the forums asking how you run a command prompt. First, try searching in google, "how to run command prompt windows xp". I'm willing to bet you'll get your answer faster. Another example, just so we're clear, if I say "turn off your winxp firewall", you may search in google, "how to turn off windows xp firewall". Again, I'm betting your answer will come faster.
This guide now has configuration diagrams to help anyone having difficulty understanding the configuration examples I discuss. Some people simply do better with visuals. The key for the diagrams is provided below:

II. Configuration Examples
Find the configuration that best matches what you have. Reading them all anyway could help your understanding.

1. Computer Direct Connection to Xbox
In this configuration you have your computer and Xbox directly connected. This direct connection can either be with the crossover cable, or with a straight-through cable to a hub/switch and then another straight-through cable from the hub/switch to your Xbox. Both are 'direct' connections.

2. Computer with two NICs
In this configuration you have two NICs. One possibly going to a router or a cable or DSL modem, the other you wish to make a direct connection to your Xbox with. You also have the option of configuring your Xbox for live, xbconnect, or xlink by enabling it to get out to the internet through your computer.

3. Computer with one NIC and a router
In this configuration you should have your computer and Xbox connected to the router. The router's WAN port goes to your cable, DSL modem, or otherwise out to the internet.

PRE SETUP: Before you begin setting up your configurations you should cable everything up properly. Make sure your Xbox is booted up with the dash loaded as well so you can test the settings you will put in. If you are loading your dash from a CD or DVD, any changes you need to make to the evox.ini, avalaunch.xml, config.xml or mxm.xml you will need to re-burn onto the disk then reboot your Xbox with your new boot disk. When making changes to the evox network settings when booting evox from the hard drive, make sure you scroll all the way down when you are finished and select save and exit.
Setting up Configuration 1
This is the simplest setup. Even if you have one of the other configurations, if you are experiencing problems you can always try this to help troubleshoot. This configuration can be setup in two different ways as showed in the Configuration 1a and Configuration 1b diagrams.

Evolution X Dashboard
Basically you can setup the [Network] Section of your evox.ini to look like this:

[Network]
SetupNetwork = Yes
StaticIP = Yes
Ip = 192.168.0.3
Subnetmask = 255.255.255.0
Defaultgateway =
DNS1 = 0.0.0.0
DNS2 = 0.0.0.0

You may also have SkipifNoLink and you can set that to No. Also verify your [FTP] Section looks like this:

[FTP]
Enable = Yes
Password = xbox
IGR = No

MXM Dashboard

If you use MXM as your dash in your MXM.xml file you would want the <network> section to look something like this:

<Network>
<UseDHCP>false</UseDHCP>
<IP>192.168.0.3</IP>
<DNS1>0.0.0.0</DNS1>
<DefaultGateway>0.0.0.0</DefaultGateway>
<SubnetMask>255.255.255.0</SubnetMask>
</Network>

Also just verify there should be an FTPServer section that looks like this:

<FTPServer>
<ServerPort>21</ServerPort>
<AllowAnon>False</AllowAnon>
<AnonRoot>F:</AnonRoot>
<User>
<Name>xbox</Name>
<Password>xbox</Password>
<Root></Root>
</User>
</FTPServer>

Avalaunch Dashboard
<network setup="1" type="static">
<ip>192.168.0.3</ip>
<subnet>255.255.255.0</subnet>
<gateway>0.0.0.0</gateway>
<dns1>0.0.0.0</dns1>
<dns2>0.0.0.0</dns2>
<proxy enabled="0">
<server>10.0.0.1</server>
<port>8080</port>
</proxy>
</network>

Also for Avalaunch make sure you set the username to this:
<user name="xbox" password="xbox">

UnleashX Dashboard

For UnleashX, edit the config.xml file to look like this:
<Network Enable="Yes" Type="Static">
<ip>192.168.0.3</ip>
<subnet>255.255.255.0</subnet>
<gateway>0.0.0.0</gateway>
<dns1>0.0.0.0</dns1>
<dns2>0.0.0.0</dns2>
<AutoDetect>Yes</AutoDetect>
</Network>

Also make sure the FTP section in UnleashX is all enabled (which is by default) so it should look like this:
<FTP Enable="Yes">
<User>xbox</User>
<Password>xbox</Password>
<Port>21</Port>
<MaxUsers>2</MaxUsers>
<AllowAnon>No</AllowAnon>
<Greeting>Welcome to XBOX FTP Server</Greeting>
</FTP>

If you boot evox with these settings you can verify your Xbox has the correct IP either by looking on a skin that displays it or in settings it will display it in blue text up top. You can also look in the other dashes if you have an IP, if not right on the front screen (via whatever skin you have) then under a settings sub menu. If you see No Link or No IP! Then either one of these settings is wrong, you don’t have it connected to your computer with the correct settings yet, or your crossover cable is bad.

Now on your computer go to the properties of the NIC that has a crossover cable connected to the Xbox. Click on the Internet Protocol (TCP/IP) and then properties. Enter the following:

IP Address: 192.168.0.2
Subnet Mask: 255.255.255.0
Gateway: <leave blank>
DNS: <leave blank>
That's it. Simple huh? Now set up your FTP Client. For FlashFXP, install the program and run it. Click on "Site Manager" then click to create a new site. Name it Xbox or whatever and for the IP enter 192.168.0.3, verify the port is 21. The username and password are both "xbox", all lower-case and without the quotes. Go to options and uncheck any check marks on PASV or passive mode if you are using Evox. If you are using one of the other dashes you can leave PASV checked. Apply the settings and connect.

If you have your one NIC connection to the internet and just want to unplug that connection and plug in a crossover to your Xbox when you want to FTP there is an awesome way to automate changing your NIC settings from how they need to be set for the internet and how they need to be set for the crossover to the Xbox. Luckily someone has a perfect tutorial for that and its here: http://www.xbox-scene.com/articles/switch-network.php

If you use Windows XP you shouldn’t even need to bother with making those scripts. If your one NIC is set to use dhcp for the internet and when you connect it to your Xbox you always change it to a static address you can enter that address in the Alternate Configuration tab of your NIC. So if you go to your NIC properties then select TCP/IP and hit properties you should see two tabs, a General tab and an Alternate Configuration tab. The General tab you would leave set for dhcp so when you plug into the internet it would work. The alternate tab you would enter settings needed to be connected to your Xbox. Now when you switch your internet connection to the crossover cable of the Xbox windows should detect your dhcp network is down and try using the configuration in the alternate tab automatically. In this way you never have to change your NIC settings even though you are changing from a dhcp internet connection to a static direct to Xbox connection.

If you are having problems connecting still please read the Troubleshooting Section.

Setting up Configuration 2

The configuration 2 diagram above shows the most common setup you would have with 2 NICs in your PC. The only difference between this and configuration 1 is that the second NIC would have a connection to the internet for you. Chances are this NIC to the internet is getting a public DHCP address like 64.238.121.12, or any such number. If this NIC goes to a router, you may wish to read configuration 3 and you may not need your second NIC at all. So when the NIC gets DHCP like this it is automatically assigned an ip, subnet, gateway, dns, etc. so you don't need to do anything else to it. The only "gotcha" with this configuration is that when you configure your second NIC that goes direct to the Xbox you may configure it in such a way that your computer tries to access the internet through that NIC instead of the correct one with the public DHCP. This is a routing issue and one way to ensure this doesn't happen is to configure the NIC with the connection to your Xbox exactly as in configuration 1, specifically making note that you DO NOT enter a gateway address. Your Xbox itself can also be setup just as in configuration 1. Refer to the Troubleshooting section if you are having problems and yet are set up as I described.

So if you connect one of your NICs to a router in this configuration you may be getting an internal IP like 192.168.x.x instead of an external IP address. If this is the case make sure the NIC that goes out to the Xbox is not given an IP address on the same subnet as the NIC going to your router. For example, when the NIC going to your router and out to the internet is getting an IP of 192.168.1.x and has a subnet mask of 255.255.255.0 and the gateway on this NIC is the IP address of the router, then set the IP address of the NIC going to your Xbox to 192.168.0.x with a subnet of 255.255.255.0 and don't enter a gateway. Then make your Xbox have an IP address on the 192.168.0.x range, and again a gateway would not be needed.

**Advanced Option** If for some reason you would like both your NICs on the same subnet then you can still force the one going internet to be used by default for everything and the one going to the Xbox to only be used when connecting to the static IP of your Xbox. Open up a command prompt and type 'route print'. With route print you can see what route your data packets will take to try to access the internet or your Xbox. What you can do is manually add a route that tells your computer that anytime it tries sending anything to 192.168.0.3 it should use the NIC with the direct connection the Xbox, not the one that goes out to the internet. To do this run the route print command. The first thing you'll see is an interface list. It'll say something like:

Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 06 5b b8 e3 33 ...... 3Com 3C920 Integrated Fast Ethernet Controller 0x3 ...00 02 2d 26 2c 74 ...... Dell TrueMobile 1150 Series Wireless LAN Mini PCI Card
So in this case the NIC going to the Xbox is 0x2, which would be IF 2 in the command. To add the static route follow this pattern:

route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^Interface

So in our example you would type:

route -p add 192.168.0.3 mask 255.255.255.255 192.168.0.2 METRIC 1 IF 2
to remove this at any time you would just type:

route delete 192.168.0.3
The other option you have if you want your Xbox to get out to the internet through your computer’s internet connection is to set up Internet Connection Sharing (ICS) on your computer. How to set this is up a good thing to google search. You can also try this page: http://www.xbox.com/en-US/live/connect/windowsics.htm for good details. Once set up the only thing to change is to put a gateway address in your evox.ini, avalaunch.xml, or mxm.xml file which should be your computer’s IP address, so the gateway you would use is 192.168.1.1 since that is probably what ICS will set your NICs IP address to.

Setting up Configuration 3

This is sort of like configuration 2 but instead of your NIC getting a public DHCP address it should be getting an internal private DHCP address. This address can be anything within this range: The blocks are 10.0.0.0. to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.

There are very high chances your router is giving out addresses somewhere in 192.168.0.x or 192.168.1.x If this is the case your computer should be successfully getting its DHCP address from your router and if you can plug your Xbox into that router as well then just change your evox.ini to have StaticIP = No. So in our first configuration example you would just have to change the files to be this:

Evolution X Dashboard
[Network]
SetupNetwork = Yes
StaticIP = No
Ip = 192.168.0.3
Subnetmask = 255.255.255.0
Defaultgateway =
DNS1 = 0.0.0.0
DNS2 = 0.0.0.0

Once you set StaticIP to be No, the ip, subnet, gateway, and dns values are no longer used. You can boot your Xbox and see what IP it is getting from DHCP and simply FTP to that address.

You can also still have your Xbox use a static ip so that you always no its IP address, even with a router that gives out DHCP. Just make sure the static IP you give it is on the same subnet as the DHCP addresses it is giving out. To do that, make your evox.ini like this:

[Network]
SetupNetwork = Yes
StaticIP = Yes
Ip = 192.168.0.3
Subnetmask = 255.255.255.0
Defaultgateway = 192.168.0.1
DNS1 = 0.0.0.0
DNS2 = 0.0.0.0

Here you've changed static ip back to yes and your gateway address should be the address of your router now. If your router is on a different subnet and by that I mean its ip is 192.168.1.1 and it is giving out dhcp address's of 192.168.1.x then you would make your evox.ini reflect those differences like this:

[Network]
SetupNetwork = Yes
StaticIP = Yes
Ip = 192.168.1.3
Subnetmask = 255.255.255.0
Defaultgateway = 192.168.1.1
DNS1 = 0.0.0.0
DNS2 = 0.0.0.0

MXM Dashboard

If you run MXM as your dash and want to use DHCP then the MXM.xml file's <network> section should look like this:

Avalaunch Dashboard

If you run Avalaunch as your dash and want to use DHCP then make the <network> section of the avalaunch.xml look like this.

UnleashX Dashboard

For UnleashX, edit the config.xml file to look like this:
<Network Enable="Yes" Type="DHCP">
<ip>192.168.0.100</ip>
<subnet>255.255.255.0</subnet>
<gateway>192.168.0.1</gateway>
<dns1>192.168.0.1</dns1>
<dns2>192.168.0.7</dns2>
<AutoDetect>Yes</AutoDetect>
</Network>

For all of the dash's configuration files, whenever you have them set to use DHCP, none of the other values you have defined below that are used. So if you have enabled DHCP then the IP address you see in the configuration file is NOT the one your Xbox will likely get. Also be careful if your router is giving out DHCP, and you want to give your Xbox a static IP so you know the IP address all the time then make sure whatever static IP you pick for your Xbox is not already an IP used by something else on your network given out by the router's DHCP range.

Xbox on the Internet

Do you want to…?

Access RSS news feeds on your Xbox
Successfully browse the internet with Linksboxs
Use a chat client from a dashboard
Anything else that requires the Xbox to get out to the internet
If these things aren’t working for you after setting up FTP to your Xbox following one of the above configurations then there could be a few reasons why. I’ll go over each configuration and describe what you MAY need to modify to get these working.

Configuration 1

With configuration 1a, you can NOT get out to the internet. You would need to either buy a router or another NIC for your PC. Once you’ve purchased one of those, your configuration will follow one of the others. With configuration 1b, you generally can NOT get out to the internet either. If you have this configuration and your PC can get out to the internet then it is probably getting a public IP address from your ISP. This assumes you have a hub or a switch and not a router. You can buy a router and then follow configuration 3, but if you don’t want any new hardware then you can probably only get your Xbox or computer on the internet one at a time. In other words when your computer has the IP from your service provider you can get on the internet. Then maybe you switch it to a private IP in order to FTP to the Xbox. Well to get your Xbox on the internet you’d have to get your Xbox that public IP from your service provider. Set your Xbox to use the same settings as your computer does to get that IP. If you aren’t using DHCP make sure you don’t forget to enter the DNS values otherwise addresses won’t resolve. Remember your computer should either have the private IP values or be turned off in order for your Xbox to successfully get the public IP from your service provider. Some ISPs will give you more than one public IP to use. If that is the case then your computer and Xbox can be on at the same time through the hub or switch.

Configuration 2

The last paragraph in configuration 2 from above describes using ICS to get your Xbox out to the internet. So this is the first step you would need to take. If you are using ICS and you have your Xbox set to use DHCP then it should be done. If, however, you have set your Xbox to a static IP and aren’t able to use linksboks or get the news feeds then chances are you are simply missing the DNS values. Go to a command prompt on your PC that can access the internet and run ‘ipconfig /all’ without the quotes. Look for the NIC that has the connection to the internet and look at the DNS values it has. Whatever they are, use those values in the static configuration of your dashboards network settings. So if you look at the examples I’ve given, most of the DNS values are either blank or set to 0.0.0.0. Just take the DNS IP’s from the ipconfig /all and replace the 0.0.0.0 in the Xbox configuration file with those new values. Save, reboot, and you should be all set.

Configuration 3

This configuration is very easy to get working as well. Again, if you are using DHCP on your Xbox then you shouldn’t be having any problems. If you are using a static IP in this configuration then, just like configuration 2, you are probably only missing the correct DNS values. Follow the same procedure as in configuration 2 to get the DNS values filled into your dash configuration file.

Other ways to Connect

There are a few other ways to connect to your Xbox without using an ftp client. I'd like to mention them here just to cover the 'networking' your Xbox topic but I'll link to the guides/tutorials that I think cover the connection the best. Also, all these other connections still use the ftp protocol, I'll cover telnet later.

You can map a network place on your computer to your Xbox so instead of needing to fire up an ftp app you could just go to windows explorer or a shortcut on your desktop to double-click and there is all your Xbox. Two tutorials have already been written that explain how to do this in Windows XP and Windows 2000.
For winxp: http://www.xbox-scene.com/articles/map-xp.php
For win2000: http://www.xbox-scene.com/articles/evoguide6.php - This guide uses webdrive to accomplish this on Windows 2000. Some other software I think would work as well is Internet Neighborhood Pro and FTP Desktop but I've tried none of them so can't recommend one over the other. If you find any freeware app that will provide this functionality let me know and I will try it out and add it here.

You can ftp to your Xbox direct from your web browser. Basically in your web browser instead of putting in http://www.website.com you would put in something like ftp://xbox:xbox@<xbox_ip> and it should open right up to the contents of your Xbox folder structure. Nice and simple, no third party ftp client needed. A good guide for this can be found here: FTP using Internet Explorer and be sure to read the rest of the thread for some tips and answers to questions. There is also a tutorial on the tutorials page here: http://www.xbox-scene.com/articles/ftp-ie.php. Please keep in mind this functionality is not limited to Internet Explorer only. Most browsers support typing in ftp:// instead of http:// if you want to ftp. I use the Opera browser and can connect the same way. If you ever forget the format to use to send the username and password in the address bar you can also (at least with IE and Opera) connect just by typing ftp://<xbox_ip> and then you should get a pop up box prompting you for the username and password.
Xbox to Xbox Transfers

If you have two Xbox's and want to transfer directly between them there are a few ways to do it. For any way your Xbox's still need network connectivity between each other. You could set them up just like configuration 1 from above or even hook them up to a router and use DHCP.

If you use Avalaunch as your dashboard then the easiest way for you would be to use the File Manager that is built in. When you launch the file manager click start and select switch to remote. Move over to the right side now (which is the remote side) and hit start again. Now select add FTP Server. Enter the IP address info of your other Xbox. Once this is setup you should then be able to switch back and forth between local and remote sides and transfer your files.

If you don't have Avalaunch as your dash you can run a program called XB-FTP. This program you would launch as an app from one Xbox and it your FTP Client. The other Xbox you would leave booted into whatever dash you run and it would be the FTP Server. There is another application you can run on your Xbox called xToolbox. You can use this app to transfer between two Xbox's as well just go into its file manager once it loads and it should be self explanatory for you. Just make sure you edit the host.ini file with the applicable IP address's for your local and remote Xbox. If you have a PC you can also use the FXP method that is detailed here: http://forum.psxcare.com/support/showthrea...p?threadid=7239

You don't have to use XBMP, you can use any dash that supports PASV for this method.

Troubleshooting

First is to verify you are communicating with your Xbox. Run a command prompt and ping your Xbox IP address. In our example that would be 'ping 192.168.0.3'. Also, If you seem to have a connection that gets dropped every so often try to ping like this: 'ping -l 1024 -t 192.168.0.3', this will continuously ping your Xbox with 1024 bytes. Hit ctrl-c to end it. If you get any timed out then maybe you need a new Ethernet cable somewhere. If you can ping try a. and b. below, if you can't ping read that and the rest.

If you can ping but still have problems with FTP, make sure PASV is disabled in your FTP client if evox is your dash. Go to the help for your ftp client to figure out how to do it if you don't know how.

Make sure any firewall programs you run are turned off. Especially if you run Windows XP there is a default firewall that may be on. Its in the advanced properties of your NIC where you can uncheck the box for it to verify it isn't on. Also even if you think you disabled a firewall it could still be blocking ports. Crap Software firewall can behave this way. It does this to ensure no virus or rogue program can disable it. Instead of disabling Crap Software just add the IP address of your Xbox or even the entire subnet as Trusted. Then it will allow packets through.

If you can't ping make sure you check 1b, but also make sure you are using the correct Ethernet cables for your setup. Refer to the basics above about the crossover cable. Try pinging your local computer with these commands: 'ping 127.0.0.1' and 'ping localhost'. If you can ping these it's a good sign your TCP stack and driver for your NIC are loaded properly. If these do not ping correctly the first thing to try is to reload the driver for your NIC or search the manufacturer's website for an updated driver.

Try different ftp clients or make sure you are using the latest version of the client you have, especially if you are using the EvolutionX dashboard make sure you try FlashFXP if you are experiencing any problems.

Make sure you have the video cable plugged into the back of your Xbox (problem experienced by ndiguy). Note: the video cable doesn't have to be connected to your TV but does need to be connected to the back of the Xbox.

Run a sanity check if all else fails... make sure the settings you think are in your evox.ini are actually there. Run a command prompt on your pc and type 'ipconfig /all'. This will list all the settings all the NICs on your computer have. Verify they are all what you think they should be. When posting in the forums for more help try to include these two things in your post, it's a good first step.

If you get No Link! when you boot your Xbox make sure it is set to static ip. Verify the computer or whatever you have it connected to is booted up first and set up correctly. Then boot or reboot the Xbox. Make sure the cable and other hardware you are using is good. As a last resort, maybe your Xbox NIC is bad and needs replacing.

“I have two Xbox’s at home and two separate Xbox live accounts, but when they both try to play live at the same time one always gets booted or disconnected, what’s going on?” There could be a number of things but if you’ve checked everything else and think your network is all good, etc then whatever router you have these connected to could be handling PAT (port address translation) incorrectly. I know for a fact the current Linksys products will not handle this configuration properly. I also know that the Dlink DI-614 does handle this correctly and so would work with this configuration. If you have a different brand router and have this configuration let me know if it works or not for you so I can make a good list of who handles PAT correctly and who doesn’t.

Nothing seems to work for you? Post your problem on the Xbox-scene forums. In your post try giving as much info as needed. Describe how you have things physically connected. Post the network section of your dash’s configuration. Post an ipconfig /all from your computer (or just all IP information). Post any specific error messages you get, especially an FTP log if you can ping your Xbox but just can’t seem to login. Post what software you use on the Xbox and your PC. Finally, make a new thread for your problem, don’t post as a reply to someone else’s problem and don’t just PM someone you think will help.
FTP Speed Issues

Once people start using FTP the next problem they may have is the speed being too slow. The key to addressing this issue is to try everything! Change your configuration, change software, use every combination of my suggestions below. The more you do the better chance something will reveal itself as the culprit to your slow speeds. Here is a common list of things to check to help improve your speed:

Try the extended ping from number 1 in the troubleshooting section. If you get some replies and some timed outs during that ping this could slow down your speed. Replace your cable(s), update driver(s), try different NIC, etc.

In the advanced properties of your NIC you should be able to find the settings for the speed and duplex of your card. Change these settings and see if some combination gives you better speed than others. Start with speed of 100 and full duplex and cycle through 100/half, 10/full, 10/half.

Check how much free space you have on the PARTITION you are ftp'ing to. If you have an 80GB hard drive and it says you have 20GB left, that doesn't mean you have 20GB of free space left on that partition. That partition could have very little space left while another partition has 18GB left. There are some reports that with <2GB of space FTP speed drops. This is probably one of the most common issues with speed and ftp in general.

If you are using a wireless or usb NIC setup try going wired with standard Ethernet to see if that narrows down the problem for you. And if you were using DHCP try assigning a static IP to your Xbox instead. Also try changing the channel that your wireless is currently communicating on. There could be more interference slowing down your speeds on a certain channel. At least try channels 1, 6, and 11.

Try different software on both ends... experiment. All configurations will be different. Try different FTP clients, updating FTP clients and even try using a different ftp server on the Xbox. One post on the forums suggested that switches from Evox to nexgen increased ftp speeds to the F: drive. The Avalaunch dash seems to be a pretty stable and fast FTP Server as well.

Try different hardware... don't overlook this! For example, if you have a hub, try a new one or better yet get a switch.

If you are using FlashFXP (or maybe try this with any client), some forum posts have suggested that by changing the transfer packet size from 4096 to 2048 you could see a speed increase. Some people run fine at 4096 but I know of at least one instance where changing this value to 2048 has helped tremendously.

Suggestions from ILLusionsOfGrander member on xbox-scene:
Make sure the NIC on your PC is not just a 10 mbit NIC but a 10/100 mbit NIC. Using a 10/100 NIC as opposed to just a 10 can definitely increase transfer rates
If you go to the advanced settings of the NIC in your PC, some cards have a "Early TX Threshold" value. Upping this value from its default can also increase speeds. The example given was with a Dlink card and its default value was 8 and changed to 38. This increased the speed from 6500 kBps to 11000 kBps.
Wireless Xbox

I've noticed a few posts about how to get the Xbox on a wireless network so figured I'd touch on the subject here and give my thoughts on hardware to accomplish such a thing. First thing to consider is whether you want to use 802.11b or 802.11g. Discounting any other deciding factor you may have, and focusing solely on Xbox functionality, if you want to use your Xbox for ftp transfers and to play Xbox live then you'll be fine with 802.11b. If you think you'll want to stream movies or music to it and will want to do a lot of large (over 100mb) ftp transfers you'll want to go with 802.11g. With that...

There are two setups you can use to communicate with your Xbox wirelessly. The first and least common way would be in an ad-hoc fashion. This would be the exact same as using a crossover cable from the Xbox to your pc just without the actual cable. Basically your computer would have some sort of a wireless card whether USB, PCI, or if it's a laptop then a PCMCIA or mini-PCI. For your Xbox you would get a wireless to Ethernet bridge (I'll mention brands in the next paragraph) and basically just RTFM for how to set it up in ad-hoc mode to communicate to the wireless card in your computer. Again, this would be like using a crossover cable, only your computer and Xbox would communicate with each other.

The most popular way which most people would want to implement is with a wireless access point/router. From Linksys if you decided to go with 802.11b you could get model BEFW11S4, if you want 802.11g the WRT54G. From Dlink for 802.11b the DI-614+ is a good one and for 802.11g the DI-624. Now to get your Xbox to communicate wirelessly with one of these access point/routers you would need a wireless to Ethernet Bridge for it. From Linksys for 802.11b you could get a WET11 and for 802.11g the WET54G. From Dlink for 802.11b the DWL-810+ and for 802.11g the DWL-G810. From here it's really just a matter of reading the manual's (if you even need to) to get these bridges to associate to the SSID of your access point.

Now I'd like to say don't think these are the only products that work. There are many other companies with products that do the exact same thing. I just listed the most common of the ones I'd recommend using and if you look up the product you'll get an idea of what to look for from other companies. I'm also not a fan of the MS wireless Ethernet bridge devices. Currently, from what I've seen you need to configure it from the MS dash and with a modified Xbox this isn't always a good thing. However, obviously they will work just fine so feel free to check them out too.

Little help for anonymous mailer

2009-01-12T23:11:00.001-08:00

Little help for anonymous mailer

An anonymous remailer is a computer which has been configured to run remailer software. This software is a specialized kind of email server software. Unlike average email server which goes to great lengths to log all incoming/outgoing traffic and add identifying and traceable info to its outgoing mail (in the form of headers) remailer software ensures that outgoing mail has been STRIPPED CLEAN of any identifying information! Thus the name 'anonymous' remailer.

The remailer performs certain automated tasks which include retrieving mail, decrypting/processing that mail (only mail that is properly encrypted and formatted), obeying the directives within the message and, finally, delivering - remailing - the finished product to a second party in anonymized form. When received by that second party it will reveal only that it was sent from an anonymous source (usually the remailer's name and email address). The IP address shown will be the IP address of the remailer machine.
Using a chain of remailers you can send messages totally anonymous, but you can receive too with a nym, download web pages, send files in FTP, talk in newsgroups, etc...

Remailers protect the privacy and the free speech on-line, because many surveillance systems exist, from marketing to military purpose. The European Parliament scientific unit (STOA) has written up an appraisal of the technologies of political control, beyond the creation of the temporary committee on the ECHELON interception system.

How? Use this tool: https://riot.eu.org/anon/remailer.html.en

Manage Saved IE Passwords

2009-01-12T23:09:00.001-08:00

Manage Saved IE Passwords

When you enter a user name and password, Internet Explorer may ask if you want it to remember the password. Click on Yes and it will automatically fill in the password next time you enter that user name. But if you check Don't offer to remember any more passwords, then whether you click on Yes or No, you won't be prompted again. To recover this feature, launch Internet Options from IE's Tools menu, select the Content tab, click on the AutoComplete button, and check Prompt me to save passwords.

To delete an individual saved password entry, go to the log-on box on a Web page and double-click. Your saved AutoComplete entries will drop down. Use the arrow keys to scroll to the one you want to delete, and press the Del key.

Making A .txt Executable Server

2009-01-12T23:03:00.001-08:00

As you know a file name .EXE is a Executable file and can run a code.
this guide will teach you how to make a .TXT Executable that can run
any code you want..

STEP1

download TXT Icon pack: http://planet.nana.co.il/progroup/icon_txt.zip -
The pack comes with a 32bit & 16bit icons.

STEP2

Open a new file, Right click - New - Shortcut
Type the location of the item: "X:\WINDOWS\system32\cmd.exe /c file.txt" ("X"=Driver)
img
/http://planet.nana.co.il/progroup/pictures/step1_g2.JPG
and name it "readme.txt"
img
/http://planet.nana.co.il/progroup/pictures/step2_g2.JPG
STEP3

after creating the readme.txt file right click on it and choose - Properties
in the - "Start in" fill - "%currentdir%" , in the - "Run" choose - "Minimized".
img
/http://planet.nana.co.il/progroup/pictures/step3_g2.JPG

then change the icon with one of the TXT icons from the pack by right clicking the readme.txt file then - Properties - Change Icon...

STEP4: In order to execute a file you need one..
just change your Server/Virus extantion to .TXT and name it - "file.txt"

Now you have a .TXT Shortcut and .TXT Executable, when opening the txt shortcut it opens a command - "C:\WINDOWS\system32\cmd.exe /c test.txt" that executes the file you want.

STEP5: Now the readme.txt executes a command window, in order to hide it Right click on the "readme.txt" and choose - Properties - Layout and reduced the size on the window to height=1 and width=1.
Now change the window position to height=999 and width=999.
Now you got a .TXT Executable! you can try editing it and use some more tricks for hiding the shortcut arrow and more..

making a .cue file, in notepad

2009-01-12T23:02:00.001-08:00

open up notepad n type (or copy n paste) this:

FILE "NAME.BIN" BINARY
TRACK 01 MODE1/2352
INDEX 01 00:00:00

change the word NAME.BIN inside the quotation marks to whatever the name of your BIN file is.......

when you go to 'save as'

in the 'files of type' ..click on the arrow n change from text document (*.txt) to 'all files'

n name it the same as the bin file

for instance..if the bin file is anything.bin

save your cue file as anything.cue

after ya save it copy n paste the file ta the folder with your bin file

Make Windows XP Faster

2009-01-12T23:00:00.001-08:00

Make Windows XP Faster

Services You Can Disable

There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.

Some possibilities are:
Alerter
Application Management
Clipbook
Fast UserSwitching
Human Interface Devices
Indexing Service
Messenger
Net Logon
NetMeeting
QOS RSVP
Remote Desktop Help Session Manager
Remote Registry
Routing & Remote Access
SSDP Discovery Service
Universal Plug and Play Device Host
Web Client

--------------------------------------------------------------------------------

Cleaning the Prefetch Directory

WindowsXP has a new feature called Prefetch. This keeps a shortcut to recently used programs.
However it can fill up with old and obsolete programs.

To clean this periodically go to:

Star / Run / Prefetch
Press Ctrl-A to highlight all the shorcuts
Delete them

--------------------------------------------------------------------------------

Not Displaying Logon, Logoff, Startup and Shutdown Status Messages

To turn these off:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
If it is not already there, create a DWORD value named DisableStatusMessages
Give it a value of 1

--------------------------------------------------------------------------------
Clearing the Page File on Shutdown

Click on the Start button
Go to the Control Panel
Administrative Tools
Local Security Policy
Local Policies
Click on Security Options
Right hand menu - right click on "Shutdown: Clear Virtual Memory Pagefile"
Select "Enable"
Reboot

For regedit users.....
If you want to clear the page file on each shutdown:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
Set the value to 1

--------------------------------------------------------------------------------

No GUI Boot

If you don't need to see the XP boot logo,

Run MSCONFIG
Click on the BOOT.INI tab
Check the box for /NOGUIBOOT

---------------------------------------------------------------------------------
Speeding the Startup of Some CD Burner Programs

If you use program other than the native WindowsXP CD Burner software,
you might be able to increase the speed that it loads.

Go to Control Panel / Administrative Tools / Services
Double-click on IMAPI CD-Burning COM Service
For the Startup Type, select Disabled
Click on the OK button and then close the Services window
If you dont You should notice

--------------------------------------------------------------------------------

Getting Rid of Unread Email Messages

To remove the Unread Email message by user's login names:

Start Regedit
For a single user: Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail
For all users: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UnreadMail
Create a DWORD key called MessageExpiryDays
Give it a value of 0

------------------------------------------------------------------------------

Decreasing Boot Time

Microsoft has made available a program to analyze and decrease the time it takes to boot to WindowsXP
The program is called BootVis

Uncompress the file.
Run BOOTVIS.EXE
For a starting point, run Trace / Next Boot + Driver Delays
This will reboot your computer and provide a benchmark
After the reboot, BootVis will take a minute or two to show graphs of your system startup.
Note how much time it takes for your system to load (click on the red vertical line)
Then run Trace / Optimize System
Re-Run the Next Boot + Drive Delays
Note how much the time has decreased
Mine went from approximately 33 to 25 seconds.

--------------------------------------------------------------------------------
Increasing Graphics Performance

By default, WindowsXP turns on a lot of shadows, fades, slides etc to menu items.
Most simply slow down their display.

To turn these off selectively:

Right click on the My Computer icon
Select Properties
Click on the Advanced tab
Under Performance, click on the Settings button
To turn them all of, select Adjust for best performance
My preference is to leave them all off except for Show shadows under mouse pointer and Show window contents while dragging

---------------------------------------------------------------------------

Increasing System Performance

If you have 512 megs or more of memory, you can increase system performance
by having the core system kept in memory.

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\DisablePagingExecutive
Set the value to be 1
Reboot the computer

---------------------------------------------------------------------------

Increasing File System Caching

To increase the amount of memory Windows will locked for I/O operations:

Start Regedit
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Edit the key IoPageLockLimit

-----------------------------------------------------------------------------

Resolving Inability to Add or Remove Programs

If a particular user cannot add or remove programs, there might be a simple registry edit neeed.

Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
Change the DWORD NoAddRemovePrograms to 0 disable it

4096 - 32megs of memory or less
8192 - 32+ megs of memory
16384 - 64+ megs of memory
32768 - 128+ megs of memory
65536 - 256+ megs of memory

Make Your Pc Faster, Guaranteed

2009-01-12T22:58:00.001-08:00

1. First, run a scandisk or checkdisk. Let Windows fix any errors.

2. Run a disk cleanup utility...this will flush your temporary internet folder, trash can, temp system files, etc.

3. Delete any garbage files or data...if possible, run a Duplicate File Finder program.

4. Run Defrag on all partitions (NOTE: run this after you have deleted all trash and excess files!)

5. Run a registry cleaner utility and delete or get rid of any orphaned entries in that registry.

6. Check your exisiting swap file for it's size and location (*will explain location later in the post). If you have alot of ram (i.e. 1 gig and over) set this swap file to something small, like 250 mb. The reason is that this will force Windows to load more into memory, resulting in faster performance (note: some games and applications actually require a certain sized swap file so check your applications performance after making a size adjustment for any error messages.)

7. Under XP, you can tell Windows to use Classic Style on your desktop, - this will remove the neat single click and internet-style desktop but for lower end systems this will improve performance in other areas, such as gaming and multi-tasking.

8. Run msconfig and under startup and only keep the programs that are essential to load in the tray icon (and hence stay resident in memory). Uncheck anything else non-essential, like an ATI or Nvidia control panel, Quicktime utility, Real Audio, etc.

9. Upgrade drivers! Check for the latest BIOS, video, motherboard, sound, etc drivers from the manufacturers. Alot of my friends had chipsets on their motherboard that had advanced disk management capabilities or AGP port settings but the drivers weren't loaded for them so they were never being used. A simple upgrade realized a noticeable difference. For instance, they didn't have the latest driver for their AGP port so it was set to 1x, instead of being used at 4x!

10. (OK, so this won't speed up your PC but it could save you alot of time and trouble later on!) After making all these improvements, make a working backup! I use Ghost, but for XP users you can also use System Restore...

-FOR ADVANCED USERS-

1. Take a look under the hood (for IDE owners). How are your IDE devices configured? If you have more than 1 hard drive, put the master hard drive on the primary IDE channel and the secondary hard drive on the secondary IDE channel (most motherboards have two IDE channels).

2. Place all CDROM drives, DVD readers etc. on the secondary IDE channel (or SCSI bus, etc). This will reduce I/O contention with your master hard drive which should have your OS and apps installed...

3. Remember when I mentioned the location of the swap file? OK, if you have 2 hard drives and you have one on the primary IDE channel and the other on the secondary IDE channel, move the swap file to a partition ON THE SECOND hard drive (on the secondary IDE channel). This will greatly improve system performance as the PC can write to the swap file while loading and running OS and system commands without I/O contention on the primary IDE channel!

4. Take a look under the hood (for SCSI owners) What kind of SCSI do you have? If it's the newer Ultra 160/320 etc cards then guess what? Any devices placed on the same bus will automatically default to the slowest drive on the chain...this means that if you have say, an Ultra 160 SCSI card, and it has an Ultra 160 drive (capable of transferring 160 mb/sec) on the same chain as a SCSI cdrom drive (capable of only 40 mb/sec) then the whole bus slows down to the 40 mb/sec speed...use different chains for the slower devices and maximize those hard drives!

5. Run a utility like WCPUID and check the settings...is your CPU/front speed bus/AGP port running as fast as they should be? If not, check your drivers and BIOS configuration options. Also, are all of your chipset features enabled? If not, then enable them! (usually done in your BIOS!)

6. Dig in to the BIOS...check settings like boot order, for example...is it checking the floppy first? Change this! Select your order to reflect the hard drive first, then CD, then floppy for a noticeable boot time improvement. Also disable any non-used on board peripherals...for instance, - does your motherboard come with an on-board NIC card? Guess what, if you don't use that NIC card and it is enabled it will eat up valuable CPU cycles and can be detrimental to your systems' performance. DISABLE THAT MUTHA! Also, see if you can play with memory timing and CPU clock frequencies (NOTE! This is for expert users only!) Set these timings to "Aggressive" and see what happens in your games and apps...Also, check to see what your video aperature is set to. If you have a video card with 128 megs of on-baord memory, your aperature should be set to this amount too. Read the BIOS owner manual for further non-general performance tricks or improvements! Do you have the latest BIOS firmware version?

7. Under hardware properties, check to see that everything is working properly, and fix any hardware contention issues. You'll see the dreaded yellow exclamation point (!) beside any hardware componenet that is not working correctly.

8. Evaluate the potential for system/hardware upgrades...usually, the best bang for the buck is adding memory so buy all that you can afford (don't go much above 512 megs for Win 98 or ME). If you have a motherboard with an 8x - capable AGP port but you are using an older 4x video card, consider upgrading to an 8x card. You get the idea here...

9. Quit using software pigs like Norton system utilities, etc. These place files everywhere and can be a real system resource hog on lower end PCs.

10. Did I mention to make a good backup? Do it now! Also, while you're at it, run a good virus program with the latest definitions.

There are more options to make your system faster, such as overclocking, etc. but (just about) everything I've mentioned in this tech post costs you nothing and will result in faster system performance! Good luck and if you have any questions on how to do anything mentioned here, ask a knowledgeable friend or consult a book, - don't mess up something trying to do something you are not sure of!

Good luck and I'd like to dedicate this post to all of WorldWarez which has given me so much! You're all great, peeps!

Make Acrobat Reader 6 load faster

2009-01-12T22:57:00.001-08:00

Here's how to do it:

1. Go to C:\Program Files\Adobe\Acrobat 6.0\Reader (replace the C if you installed on another drive, like I did).

2. Create a new folder called plug_ins_disabled.

3. Move all files from the plug_ins folder to the plug_ins_disabled folder except EWH32.api, printme.api, and search.api. There should only be these 3 files in the plug_ins folder.

4. You're done.

Make A Roughly 16 Hour Video Dvd

2009-01-12T22:56:00.001-08:00

Make A Roughly 16 Hour Video Dvd

3 things are needed

1. Proper Codecs

2. TMPGEnc 3 Express (Best for this job IMO)

3. TMPGEnc DVD Author (Dual Layer Edition)

simply start a new project in TMPGEnc 3 Express, Set the output for said file as an NTSC MPEG1 (VIDEO CD)

Make sure you set at NTSC (TMPGENC WILL ONLY ACCEPT IF FRAMERATE IS 29.97 FPS)

once you have made roughly 8 hours / 16 hours depending... of video files open TMPGEnc DVD Author..

Simply press "SOURCE SETUP" you will notice you can set up multiple 'tracks'

if you add more than one file to 1 track, the program automatically sets up 'chapters'

just add your video files (and follow the steps in the program).. it will take roughly an hour or 2 to do an 8 hour disc, maybe 3 or 4 for a 16 hour disc (i don't have a dual layer burner but i am sure that it works)..

THESE WORK IN PLAYSTATION 2's!!! I KNOW BECAUSE ITS HOW I MAKE MINE AT TIMES...

only way i know to get this much footage (And have it still work in something as simple as a ps2)

Make A Autorun File For Ur Cd

2009-01-12T22:52:00.001-08:00

If you wanna make a autorun file for that CD you are ready to burn just read this...

1) You open notepad

2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE

Now save it but not as a .txt file but as a .inf file.

But remember! The "Setup_filename.EXE" MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called '.exe but some are called '.msi

3) Now burn your CD with the autorun .inf file included.

4) Now set the CD in you CD drive and wait for the autorun to begin or if nothing happens just double-click on the CD drive in "This Computer"

Misc Linux Tips & Tricks

2009-01-12T22:50:00.001-08:00

Tips

Speeding up your hard drive (#1)
Get faster file transfer by using 32-bit transfers on your hard drive

Just add the line:

hdparm -c3 /dev/hdX

to a bootup script.

If you use SuSE or other distros based on SYS V,

/sbin/init.d/boot.local
should work for you.

This enables 32-bit transfer on your hard drive. On some systems it can improve transfer performance by 75%.

To test your performance gain, type:

hdparm -t -T /dev/hdX

Protecting yourself from being a spam base(#2)
Sendmail allows for someone to telnet to port 25 and do an expn (expand) to see what users and aliases are on your machine. Also, vrfy (verify) means someone can get legal e-mail addresses from your box and send spam through your machine.

Don't want that, so look in your /etc/sendmail.cf file for a line that looks like this:

###############
# Options #
###############

Now cut and paste these next few lines below that:

# turning off the expand option and requiring a helo from
# a remote computer
Opnoexpn,novrfy,needmailhelo

Now there is no expansion, no verify, and sendmail requires a helo with a legitimate DNS in order to use the mailer.

Then look in your /etc/mail/aliases file and ensure you have only your own boxen and/or subnet in there as OK or RELAY. That will help cut down on spammers' ability to find relay machines to do their dirty work for them.

Cleaning up Netscape crashes(#3)
You have a tip about Netscape leaving copies of itself running below, but you can make a general shell script to clean up a Netscape crash like this:

#!/bin/sh
#kill.netscape
killall -9 netscape
rm ~/.netscape/lock

Then all your users can use it and clean up the dreaded hundred instances of Netscape running when it crashed. Change netscape to netscape-communicator or netscape-navigator as appropriate

More DOS-like commands(#4)
Many people are moving to Linux because they miss the stability of good old DOS. In that light, many users are typing DOS commands (which originated from UNIX in the first place) that look fine but cause errors. The command "cd.." in DOS is perfectly valid, but Linux balks. This is because "cd" is a command, and any parameter for that command must be separated from the command by a space. The same goes for "cd/" and "cd~". A quick fix is here.

Use your favorite text editor in your home directory to edit the file ".bashrc". The period is there on purpose, this hides the file from normal ls display.

Add the lines:

alias cd/="cd /"
alias cd~="cd ~"
alias cd..="cd .."

And I usually add these...

alias md="mkdir"
alias rd="rmdir -i"
alias rm="rm -i"

and my first and still favorite alias...

alias ls="ls --color"

alias is a powerful tool, and can be used in the .bashrc script as well as from the command line. You can, if you want to spend the time, create your own group of shell commands to suit how you work. As long as you put them in your .bashrc file, they'll be there everytime you log in. Note that if you frequently log in as root, you might want to copy /home/username/.bashrc to /root/.bashrc to keep yourself sane.

Resurrecting corrupted floppies(#5)
Here's how to make a floppy disk with "track-0 bad" reusable again:

If the track zero of a floppy disk is found to be bad, no DOS or Windows utility is going to do anything about it--you just have to throw it in your unrecycle bin.

This tip cannot recover the data, but can make the disk carry things again, at least for the time being (moments of desperation).

How to:

(A) Format the disk with Linux. Build a Linux file system (don't use mformat). I did this some time before by invoking the makebootdisk command (in Slakware) and stopped after the formatting was over. There should be better ways to do it in RedHat 5.2 or other recent versions.

( Reformat the disk with Windows. Use the DOS window and the /u option while formatting.

Using DOS-like commands(#6)
There's a package called mtools which is included with most of the distributions out there.

There are several commands for basic DOS stuff. For example, to directory the floppy drive, type mdir a:. This is rather handy--you don't need to mount the floppy drive to use it.

Other commands are: mattrib , mcd, mcopy, mdel, mformat, mlabel, mren (rename), mmd, mrd, and mtype.

This doesn't work for reading from hard disks. In that case, you would add entries to /etc/fstab, drive type msdos for fat16 partitions, and vfat for fat32.

Copying files from Linux to Windows 98 or 95B (FAT32)(#7)
It's as easy as installing the program explore2fs. It uses a Windows Explorer interface and supports drag-and-drop. I have found it reliable and useful for migrating files from my RedHat 6.1 partition to my Win95B partition quickly and with a minimum of fuss.

It's available free--as all software should be--from this URL:
CODE
http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm

Installing in partitions(#8)
I am using SuSE Linux, which has some interesting options (I don't know if RedHat or other distributions offer you this, too).

1. You can install Linux on a single file in your Windows Partition. Nice to try it out, but I guess it is not that fast then. You can load it then with a DOS program, loadlin.

2. Use Fips or Partition Magic. Defragment your hard drive (you should do this for Point 1, too) and split it up. I guess most users just have one partition, which you should split up into at least three: one for the Linux files, and a smaller swap partition (take about 32 to 64 MB, depending on your RAM--less RAM needs bigger swap partitions). If you decide later to deinstall Linux you can always delete both partitions and create one big one for Windows again.

Fips is a stupid command line program, but if you're too lazy to read at least a little bit, then you should stop thinking about Linux anyway...

Command Pipelines(#9)
Pipes are easy. The Unix shells provide mechanisms which you can use them to allow you to generate remarkably sophisticated `programs' out of simple components. We call that a pipeline. A pipeline is composed of a data generator, a series of filters, and a data consumer. Often that final stage is as simple as displaying the final output on stdout, and sometimes the first stage is as simple as reading from stdin. I think all shells use the "|" character to separate each stage of a pipeline. So:

data-generator | filter | ... | filter | data-consumer

Each stage of the pipeline runs in parallel, within the limits which the system permits. Hey, look closely, because that last phrase is important. Are you on a uni-processor system because if you are, then obviously only one process runs at a time, although that point is simply nitpicking. But pipes are buffers capable of holding only finite data. A process can write into a pipe until that pipe is full. When the pipe is full the process writing into it blocks until some of the data already in the pipe has been read. Similarly, a process can read from a pipe until that pipe is empty. When it's empty the reading process is blocked until some more data has been written into the pipe.

What is IP masquerading and when is it of use?(#10)
IP masquerading is a process where one computer acts as an IP gateway for a network. All computers on the network send their IP packets through the gateway, which replaces the source IP address with its own address and then forwards it to the internet. Perhaps the source IP port number is also replaced with another port number, although that is less interesting. All hosts on the internet see the packet as originating from the gateway.

Any host on the Internet which wishes to send a packet back, ie in reply, must necessarily address that packet to the gateway. Remember that the gateway is the only host seen on the internet. The gateway rewrites the destination address, replacing its own address with the IP address of the machine which is being masqueraded, and forwards that packet on to the local network for delivery.

This procedure sounds simple, and it is. It provides an effective means by which you can provide second class internet connections for a complete LAN using only one (internet) IP address.

Setting UTC or local time(#11)
When Linux boots, one of the initialisation scripts will run the /sbin/hwclock program to copy the current hardware clock time to the system clock. hwclock will assume the hardware clock is set to local time unless it is run with the --utc switch. Rather than editing the startup script, under Red Hat Linux you should edit the /etc/sysconfig/clock file and change the ``UTC'' line to either ``UTC=true'' or ``UTC=false'' as appropriate.
Setting the system clock(#12)
To set the system clock under Linux, use the date command. As an example, to set the current time and date to July 31, 11:16pm, type ``date 07312316'' (note that the time is given in 24 hour notation). If you wanted to change the year as well, you could type ``date 073123161998''. To set the seconds as well, type ``date 07312316.30'' or ``date 073123161998.30''. To see what Linux thinks the current local time is, run date with no arguments.

Setting the hardware clock(#13)
To set the hardware clock, my favourite way is to set the system clock first, and then set the hardware clock to the current system clock by typing ``/sbin/hwclock --systohc'' (or ``/sbin/hwclock --systohc --utc'' if you are keeping the hardware clock in UTC). To see what the hardware clock is currently set to, run hwclock with no arguments. If the hardware clock is in UTC and you want to see the local equivalent, type ``/sbin/hwclock --utc''

Setting your timezone(#14)
The timezone under Linux is set by a symbolic link from /etc/localtime[1] to a file in the /usr/share/zoneinfo[2] directory that corresponds with what timezone you are in. For example, since I'm in South Australia, /etc/localtime is a symlink to /usr/share/zoneinfo/Australia/South. To set this link, type:

ln -sf ../usr/share/zoneinfo/your/zone /etc/localtime

Replace your/zone with something like Australia/NSW or Australia/Perth. Have a look in the directories under /usr/share/zoneinfo to see what timezones are available.

[1] This assumes that /usr/share/zoneinfo is linked to /etc/localtime as it is under Red Hat Linux.

[2] On older systems, you'll find that /usr/lib/zoneinfo is used instead of /usr/share/zoneinfo. See also the later section ``The time in some applications is wrong''.

Zombies(#15)
What are these zombie processes that show up in ps? I kill them but they don't go away!

Zombies are dead processes. You cannot kill the dead. All processes eventually die, and when they do they become zombies. They consume almost no resources, which is to be expected because they are dead! The reason for zombies is so the zombie's parent (process) can retrieve the zombie's exit status and resource usage statistics. The parent signals the operating system that it no longer needs the zombie by using one of the wait() system calls.

When a process dies, its child processes all become children of process number 1, which is the init process. Init is ``always'' waiting for children to die, so that they don't remain as zombies.

If you have zombie processes it means those zombies have not been waited for by their parent (look at PPID displayed by ps -l). You have three choices: Fix the parent process (make it wait); kill the parent; or live with it. Remember that living with it is not so hard because zombies take up little more than one extra line in the output of ps.

How do i give users an ftp only account (no telnet, etc).(#16)

give them shell which doesn't work, but is listed in /etc/shells
for example /bin/false...

How to do backup with tar?(#17)
You can mantain a list of files that you with to backup into a file and tar
it when you wish.

tar czvf tarfile.tar.gz -T list_file

where list_file is a simple list of what you want to include into the tar

i.e:

/etc/smb.conf
/root/myfile
/etc/ppp (all files into the /etc/ppp directory)
/opt/gnome/html/gnome-dev-info.html

How to keep a computer from answering to ping?(#18)

a simple "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all" will do the
trick... to turn it back on, simply
"echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all"

Customizing your directory colors.(#19)
I know a lot of you know the command ls --color. Which displays your directory with colors. But, a lot of people may not know that those colors are customizable. All you need to do is add the following line to your /etc/bashrc file.

eval `dircolors /etc/DIR_COLORS`

And then all of the color configuration can be found in the file /etc/DIR_COLORS

Frozen Xwindow(#20)
If your Xwindow freezes sometimes, here are two ways that you may try to kill your server. The first is the simple simple way of killing your X server the key combination: Ctrl+Alt+Backspace

The second way is a little more complicated, but it works most of the time. Hit Ctrl+Alt+F2 to startup a virtual console, then log in with your user name and password and run:

# ps -ax | grep startx

This will give you the PID of your Xserver. Then just kill it with:

# kill -9 PID_Number

To go back to your first console, just hit Alt-F1

Converting all files in a directory to lowercase.(#21)
#!/bin/sh
# lowerit
# convert all file names in the current directory to lower case
# only operates on plain files--does not change the name of directories
# will ask for verification before overwriting an existing file
for x in `ls`
do
if [ ! -f $x ]; then
continue
fi
lc=`echo $x | tr '[A-Z]' '[a-z]'`
if [ $lc != $x ]; then
mv -i $x $lc
fi
done

Wow. That's a long script. I wouldn't write a script to do that; instead, I would use this command:

for i in * ; do [ -f $i ] && mv -i $i `echo $i | tr '[A-Z]' '[a-z]'`;
done;

on the command line.

Script to view those compressed HOWTOs.(#22)
From a newbie to another, here is a short script that eases looking for and viewing howto documents. My howto's are in /usr/doc/faq/howto/ and are gzipped. The file names are XXX-HOWTO.gz, XXX being the subject. I created the following script called "howto" in the /usr/local/sbin directory:

#!/bin/sh
if [ "$1" = "" ]; then
ls /usr/doc/faq/howto | less
else
gunzip -c /usr/doc/faq/howto/$1-HOWTO.gz | less
fi

When called without argument, it displays a directory of the available howto's. Then when entered with the first part of the file name (before the hyphen) as an argument, it unzips (keeping the original intact) then displays the document.
For instance, to view the Serial-HOWTO.gz document, enter:

$ howto Serial

Util to clean up your logfiles.(#23)
If you're like me, you have a list with 430 subscribers, plus 100+ messages per day coming in over UUCP. Well, what's a hacker to do with these huge logs? Install chklogs, that's what. Chklogs is written by Emilio Grimaldo, grimaldo@panama.iaehv.nl, and the current version 1.8 available from ftp.iaehv.nl:/pub/users/grimaldo/chklogs-1.8.tar.gz. It's pretty self explanatory to install(you will, of course, check out the info in the doc subdirectory). Once you've got it installed, add a crontab entry like this:

# Run chklogs at 9:00PM daily.
00 21 * * * /usr/local/sbin/chklogs -m

Handy Script to Clean Up Corefiles.(#24)
Create a file called rmcores(the author calls it handle-cores) with the following in it:

#!/bin/sh
USAGE="$0 "

if [ $# != 2 ] ; then
echo $USAGE
exit
fi

echo Deleting...
find $1 -name core -atime 7 -print -type f -exec rm {} \;

echo e-mailing
for name in `find $1 -name core -exec ls -l {} \; | cut -c16-24`
do
echo $name
cat $2 | mail $name
done

And have a cron job run it every so often.

Moving directories between filesystems.Quick way to move an entire tree of files from one disk to another (#25)
(cd /source/directory && tar cf - . ) | (cd /dest/directory && tar xvfp -)

[ Change from cd /source/directory; tar....etc. to prevent possibility of trashing directory in case of disaster.]

Finding out which directories are the largest.Ever wondered which directories are the biggest on your computer? Here's how to find out.(#26)
du -S | sort -n

How do I stop my system from fscking on each reboot?(#27)
When you rebuild the kernel, the filesystem is marked as 'dirty' and so your disk will be checked with each boot. The fix is to run:

rdev -R /zImage 1

This fixes the kernel so that it is no longer convinced that the filesystem is dirty.

Note: If using lilo, then add read-only to your linux setup in your lilo config file (Usually /etc/lilo.conf)

How to avoid fscks caused by "device busy" at reboot time.(#28)
If you often get device busy errors on shutdown that leave the filesystem in need of an fsck upon reboot, here is a simple fix:
To /etc/rc.d/init.d/halt or /etc/rc.d/rc.0, add the line

mount -o remount,ro /mount.dir

for all your mounted filesystems except /, before the call to umount -a. This means if, for some reason, shutdown fails to kill all processes and umount the disks they will still be clean on reboot. Saves a lot of time at reboot for me.

How to find the biggest files on your hard-drive.(#29)

ls -l | sort +4n

Or, for those of you really scrunched for space this takes awhile but works great:

cd /
ls -lR | sort +4n

A script for cleaning up after programs that create autosave and backup files.(#30)
Here is a simple two-liner which recursively descends a directory hierarchy removing emacs auto-save (#) and backup (~) files, .o files, and TeX .log files. It also compresses .tex files and README files. I call it 'squeeze' on my system.

#!/bin/sh
#SQUEEZE removes unnecessary files and compresses .tex and README files
#By Barry tolnas, tolnas@sun1.engr.utk.edu
#
echo squeezing $PWD
find $PWD $ -name \*~ -or -name \*.o -or -name \*.log -or -name \*\#$ -exec
rm -f {} \;
find $PWD $ -name \*.tex -or -name \*README\* -or -name \*readme\* $ -exec gzip -9 {} \;

How to find out what process is eating the most memory.(#31)
ps -aux | sort +4n

-OR-
ps -aux | sort +5n

How do I find which library in /usr/lib holds a certain function?(#32)
What if you're compiling and you've missed a library that needed linking in? All gcc reports are function names... Here's a simple command that'll find what you're looking for:

for i in *; do echo $i:;nm $i|grep tgetnum 2>/dev/null;done

Where tgetnum is the name of the function you're looking for.

I compiled a small test program in C, but when I run it, I get no output!(#32)
You probably compiled the program into a binary named test, didn't you? Linux has a program called test, which tests if a certain condition is true, it never produces any output on the screen. Instead of just typing test, try: ./test

Mobile Secret Codes:

2009-01-12T22:47:00.001-08:00

Siemens Mobile Secret Codes:

C25:

SP unlock *#0003*(secret code 8 digits)#

*#0606# shows you Secret Code, but only without SIM Card.

*#06# for checking the IMEI (International Mobile Equipment Identity)

Resets language to automatic selection : * # 0000 # then Green button

Pin Out (electrical connections)

1- GND
2- SB
3- POWER
4- NC
5- TX
6- RX
7- CLOCK
8- DATA
9- GND MIC
10- HF MIC
11- AUDIO
12- GND AUDIO

Languages:

*#0000#+green phone - choose automaticaly
*#0001#+green phone - English
*#0030#+green phone - Greek
*#0031#+green phone - Netherlands
*#0032#+green phone - French
*#0034#+green phone - Spanish
*#0039#+green phone - Italian
*#0049#+green phone - German
*#0090#+green phone - Turkish

How to change PIN:

**04*old PIN*new PIN*new PIN#

How to check simlock status

*#0606# and then press left soft-key, you will see strange characters, then text ("brak blokad"). If you see for example 260-02, it means the phone is locked to Era GSM. In older models you can use *#06# and see the same information after clicking on left key (you will see IMEI and software version).

S4:

Monitor Mode - how to activate:

Press left soft-key, then 9 (SET UP) 8 (Phone Status). You will see IMEI number, then press left soft-key and in order 7684666 and red phone at the end (monitor mode has been activated). To read information from Monitor Mode - press left soft-key, then 5 (GSM SERVICE) and 6 (Monitor). Monitor mode turns off when you switch off the phone. You must activate it again if you want.

How to see date of software:

Press left soft-key, then 9 (SET UP) 8 (Phone status). You will see IMEI number, then press twice left soft-key, 98, left soft-key, 7684666, red phone (activates Monitor Mode), left soft-key, 56 (turns on Monitor Mode), left soft-key, 98, left soft-key, 7684666, hang up (red phone) >abck to "normal" and then left soft-key, 56.

S6, S8:

If you add to phonebook under 'own phone number' +12022243121 with namez (for example MMI), then you will see something smile.gif

S10, E10:

In phonebook enter +12022243121 as your own phone no. You will see a picture with sun, two palms and greetings.

S15e:

Monitor Mode:

Code: *#7436267*8378# (*#SIEMENS*TEST#)
Hold red phone button until it code disapears.
Menu 3.3.4 Choose frequency.
Menu 3.3.4.1 Automaticaly.
Menu 3.3.4.2 Choose GSM-900
Menu 3.3.4.3 Choose GSM-1800

Menu 10.1 MS info
Menu 10.2 Soft date
Menu 10.2.1 Software version.
Menu 10.2.2 EEProm version.
Menu 10.3 Tst and product info.
Menu 10.3.1 Handware data.
Menu 10.3.2 Date of manufacture
Menu 10.3.3 Service date
Menu 10.3.4 Date of repair.

S25:

Enhanced Full Rate
*#3370# turns on
#3370# turns off

Haft Rate Mode
*#4720# turns on
#4720# turns off.

Languages:

How to change PIN2?

**04*old PIN2*new PIN2*new PIN2#

What is my software version?

Menu 8-8-2 press left-softkey when you see IMEI number, or *#06# and then green phone button and then press left soft-key.

How to extend battery life:

IrDA - turn on only when you need.
Turn off automatic network search (6-3)Turn off Vibration alarm.

SP unlock *#0003*(secret code 8 digits)#

*#0606# shows you Secret Code, but only without SIM Card.

*#06# for checking the IMEI (International Mobile Equipment Identity)

Resets language to automatic selection : * # 0000 # then Green button

S25, M35, S35, C35

SP unlock *#0003*(secret code 8 digits)#

*#0606# shows you Secret Code, but only without SIM Card.

*#06# for checking the IMEI (International Mobile Equipment Identity)

Resets language to automatic selection : * # 0000 # then Green button

Secret Codes Of Nokia Mobiles:

Below we present secret codes of nokia mobile phones which are very useful for people who unlock phones and for amateurs of this topic. These special key sequences entered fromkeyboard of phone allow you to get some important information like IMEI number, release date, software version and much more. You can also choose default language, activatenetmonitor ect.

1610/1630

*#170602112302# (software version)

1610/1611

IMEI number: -*# 0 6 #
Software version: -* # 1 7 0 6 0 2 1 1 2 3 9 2 #
Simlock status: - # 9 2 7 0 2 6 8 9 #

2110

*#9999# (software version)

2110i/2110e

*#170602112302# or (depends on model)*#682371158412125# (software version)

NOKIA3110

*#06# -IMEI

*#3110# -Software version

##002# - allows to turn off voice mail.

*#7780# - restore factory settings

*#746025625#(or *#sim0clock#) - to check if clock of sim (SIM-Clock) can be stopped (SIM-Clock-stop is akind of standby mode which saces battery)

*#92702689# (or *#war0anty#) -"warranty code:"- you have to enter one of the following codes:

6232 (OK)displays month and year of production date (ie "0198")

7332 (OK) - displays date of last repair - if there is (ie. "DATE NOT SAVED")

7832 (OK) - displays date of purchase - if there is (ie. "DATE NOT SAVED")

9268 (OK) -displays serial number

37832 (OK) -sets purchase date in format MMYY (MM - month, YY - year)- attention: you can set it only once, so beware !

87267 (OK)-displays message "Confirm Transfer?" - meaning is unknown (?)

* # 9 2 7 0 2 6 8 9 # -Simlock info

*#31# (call) -sets if your phone no. will be hidden or not (works only in some networks)

*#76# (call) -sets if target phone number when you call should be displayed (works only in some networks)

*#77# (call) -(work s only in some networks)

*#33/35# (call -displays message "Service not active".

**31# (call) -your no. will not be showed to others when you make a call

3210

*#06# -IMEI

*#0000# -software version

*#92702689# (or *#war0anty#)- enters service mode.

*3370# -Turns on sound encoding system - Enhanced Full Rate.

#3370# -Turns off sound encoding system Enhanced Full Rate .

*4720# -Turns on battery save mode - saves about 30 % of energy.

#4720# -Turns off battery save mode.

xx# -Replace xx with desired phonebook entry - press # and you will see it on display.

51XX

*#06# -IMEI

*#0000# - Software version

*#92702689#( or *#war0anty#) Enter service mode.

*3370# -Turns on sound encoding system - Enhanced Full Rate.

#3370# -Turns off sound encoding system - Enhanced Full Rate.

*4720# -Turns on battery save mode - saves about 30 % of energy.

#4720# -Turns off battery save mode.

#pw+1234567890+1 -provider lock status

#pw+1234567890+2 -Network lock status

#pw+1234567890+3 -Provider lock status

#pw+1234567890+4 - SimCard lock status

NOKIA 61XX

*#06# -IMEI

*#0000# ;-*#99 99# (Nokia 6130)

*#92702689# (or *#war0anty#) Software versionEnter service mode.

*3370# -Turns on sound encoding system - Enhanced Full Rate.

#3370# -Turns off sound encoding system - Enhanced Full Rate.

*4720# -Turns on battery save mode - saves about 30 % of energy.

#4720# -Turns off battery save mode.

NOKIA8810

*#06# - IMEI

*#0000# -Software version

*#92702689# (or *#war0anty#) Enter service mode.

*3370# -Turns on sound encoding system - Enhanced Full Rate.

#3370# -Turns off sound encoding system - Enhanced Full Rate.

*4720# -Turns on battery save mode - saves about 30 % of energy

#4720# -Turns off battery save mode - saves about 30 % of energy

NOKIA99OO

*#06# -IMEI

*#682371158412125# -Software version

*#3283# -Displays week and year of manufacture, ie. 1497 means 14th week of 1997.

NOKIA 911O

*#06# IMEI

*#0000# SOFTWARE VERSION

*3370# Turns on sound encoding system - Enhanced Full Rate.

#3370# Turns off sound encoding system - Enhanced Full Rate.

*4720# Turns on battery save mode - saves about 30 % of energy.

#4720# Turns off battery save mode.

NOKIA 81XX

*#06# IMEI
*#8110# Software version
xx# Replace xx with desired phonebook entry - press # and you will see it on display

*#92702689# (or *#warOanty#)

"Warranty code:" - you have to enter one of the following codes:

9268 (OK) displays IMEI (International Mobile Equipment Identification)

6232 (OK) displays date of manufacture in format MMYY (MM - month, RR - year)

7832 (OK) displays date of purchase

7332 (OK) displays date of repair or upgrade

37832 (OK) sets date of purchase in format MMYY (MM - month, RR - year) - attention: you can set it only once, so beware !!!

87267 (OK) transmits user data/move data do service PC

Motorola Codes:

Motorola 920
---------------

Press menu and type one of these numbers and press OK:

11 = Status Review
13 = Available Networks
14 = Preferred Networks
22 = Select Keypad Tones
25 = Require SIM Card PIN
26 = Language Selection
32 = Repetitive Timer
33 = Single Alert Timer
34 = Set IN-Call Display
35 = Show Call Timers
36 = Show Call Charges
37 = Call Charge Settings
38 = Reset All Timers
43 = Reset All Timers
45 = Show Last Call
46 = Total For All Calls
47 = Lifetime Timer
51 = Change Unlock Code
52 = Master Reset
53 = Master Clear (Warning!! May result in deleting the Message Editor!!!)
54 = New Security Code
55 = Automatic Lock
63 = Battery Saving Mode

Free call tip

1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.

You should now be able to talk without being billed.

The 54# Tip:

Type 1#, 2#........54# on the keypad (when you're not in the menu) to get the phone number used for with this key when speed dialing.

Motorola 930
--------------

Press menu and type one of these numbers and press OK:

Free call tip

1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.

You should now be able to talk without being billed.

Motorola 930

The 54# Tip:

Type 1#, 2#........54# on the keypad (when you're not in the menu) to get the phone number used for with this key when speed dialing.

Motorola 6200
--------------

(Note: pause means the * key held in until box appears)
To activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 1 [pause] [ok]
You now have to press the [MENU] and scroll to the 'Eng
Field Options' function with the keys, and enable it.

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

These countries has been reported working:

UK (Orange)
AU

What's the use of RBS:

Get Distance From Base Station - Place a call, when it
is answered, press [MENU] until 'Eng Field Option' is
displayed, press [OK], select 'Active Cell', press [OK],
press [MENU] until 'Time Adv xxx' appears, where xxx is
a number. Multiply this number by 550, and the result is
the distance from the RBS (Radio Base Station), in
meters.

Get Signal Quality - press [MENU] until 'Eng Field
Option' is displayed, press [OK], select 'Active Cell',
press [OK], press [MENU] until 'C1' appears. This is the
signal quality. If it becomes negative for longer than 5
seconds, a new cell is selected.

Pin Outs

Numbered left to right, keypad up, battery down

1. Audio Ground
2. V+
3. True data (TD) (input)
4. Downlink - Complimentary data (CD) (input)
5. Uplink - Return data (RD) (output)
6. GND
7. Audio Out - on/off
8. Audio In
9. Manual Test - ???
10. Battery Feedback
11. Antenna connector

Motorola 7500
-------------

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

These countries has been reported working:

IT (model: F16 HW: 5.2 SW: 2.1)

What's the use of RBS:

Pin Outs
Numbered right to left, keypad up, battery down looking

1. Gnd
2. Pos
3. True data (TD) (input)
4. Complimentary data (CD) (input)
5. Return data (RD) (output)
6. Audio gnd
7. Audio out
8. Audioin

Motorola 8200
--------------

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

These countries has been reported working:

ES, AU, NL, BE

What's the use of RBS:

Pin Outs

Numbered right to left, keypad up, battery down looking

Motorola 8400
-------------

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

These countries has been reported working:

ES, AU, NL, BE

What's the use of RBS:

Pin Outs

Numbered right to left, keypad up, battery down looking

Motorola 8700
--------------

*#06# for checking the IMEI (International Mobile Equipment Identity)

Activate RBS

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

These countries has been reported working:

AU, IT, SG, DE, ES, ZA

What's the use of RBS:

Motorola CD 160
---------------

Press menu and type one of these numbers and press OK:

Free call tip

1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.

You should now be able to talk without being billed.

Motorola CD 520
----------------

Press menu and type one of these numbers and press OK:

Free call tip

1 Enter the phone number
2 Enter OK
3 Type *#06#
4 Press Button C
5 And finally press the button for power off.

You should now be able to talk without being billed.

Motorola d460
--------------

#06# for checking the IMEI (International Mobile Equipment Identity)

Activate RBS

De-activate RBS

To de-activate RBS type: [pause] [pause] [pause] 1 1 3
[pause] 0 [pause] [ok]
This only works with some versions of software.

What's the use of RBS:

Motorola V3688
---------------

#06# for checking the IMEI (International Mobile Equipment Identity)

Enhanced Full Rate Codec (EFR):

To Enable EFR press [][][] 119 [] 1 [] OK.
To Disable EFR press [][][] 119 [] 0 [] OK

NOTE: Nothing appears on Screen.

Ericsson Mobile Secret Codes:

T10

*#06# for checking the IMEI (International Mobile Equipment Identity)

>*<<*<* for checking the firmware revision information (software release)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.

Shortcut for Last Dialed call menu

If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.

Access menu without Sim card

To access to the menu in your phone without having a card inside do the following: type **04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?, Mail, Phone book. NOTE if you try this on your phone may stop at Keylock On? menu and you´ll have to take your battery out to turn the phone on again. And this will not care about Phone lock!

A way to (un)lock your cell phone on to the network(subset):
1. Press <**<
2. Then on the display appear and give you two choices: Lock to Network ? and Lock to Network subset? (Use arrow keys to select)
3. Enter the NCK number (code is provided by the SP)
4. You have 5 attemps to do this
5. Then your cell phone will work 'only' with the network

Warning: The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator. To activate/deactivate this lock one needs a special secret code that is not available to the end user. Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times, the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.

Message Report

When you writing a message, place at the start of it the code *0# and continue with your message. It's job is like nokias report. It gives you information about the sended message.

T18

*#06# for checking the IMEI (International Mobile Equipment Identity) Information you get from the IMEI:

XXXXXX XX XXXXXX X

TAC FAC SNR SP

TAC = Type approval code
FAC = Final assembly code
SNR = Serial number
SP = Spare

To access SIM-Locking menu of your phone, press: < * [CLR] <
Be careful or you may lock your phone.

Message Report

When you writing a message, place at the start of it the code *0# and continue with your message. It's job is like nokias report. It gives you information about the sended message.

T28

*#06# for checking the IMEI (International Mobile Equipment Identity)

>*<<*<* for checking the firmware revision information (software release)

>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.

The Service Provider (SP) Lock

The Service Provider (SP) Lock menu is used to lock the cell phone to the SP's SIM card. Once the cell phone is locked to a specific operator, if one inserts a SIM card from a different operator the phone will refuse to accept it! The cell phone will however accept another SIM card from the same operator.

To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:

<**< Lock to Network? if pressing yes you have 5 attempts to enter NCK.

<**<< Lock to Network subset? if pressing yes you have 5 attempts to enter NSCK.

Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times, the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.

Shortcut for Last Dialed call menu

If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.

Message Report

When you are writing a message, place at the start of it the code *0# and continue with your message. It's job is like nokias report. It gives you information about the sended message.

388

*#06# for checking the IMEI (International Mobile Equipment Identity)

*#0000# to reset the phones menu-language to English.

>*<<*<* for checking the firmware revision information (software release)

>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)

To activate/deactivate this lock one needs a special secret code that is not available to the end user. (not even to you... or is it ? in case please let me know!)

<**< Lock to Network? if pressing yes you have 5 attempts to enter NCK.

<**<< Lock to Network subset? if pressing yes you have 5 attempts to enter NSCK.

Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times,the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.

Shortcut for Last Dialed call menu...

If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.

Access menu without Sim card ...

To access to the menu in your phone without having a card inside do the following: type **04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?,Mail, Phone book. NOTE if you try this on the GH688 your phone may stop at Keylock On? menu and you´ll have to take your battery out to turn the phone on again.

GA628

*#06# for checking the IMEI (International Mobile Equipment Identity)

*#0000# to reset the phones menu-language to English.

*#103# then YES Time and date will be shown.

>*<<*<* for checking the firmware revision information (software release)

>*<<*<*> 1-row text strings. if pressing yes you can check the phones text programming in currently selected language.(298 entries)

>*<<*<*>> n-row text strings. if pressing yes you can check the phones text programming in currently selected language.(160 entries?)

The Service Provider (SP) Lock

To activate/deactivate this lock one needs a special secret code that is not available to the end user.

Here is how to activate the menu:

<**< Lock to Network? if pressing yes you have 5 attempts to enter NCK.

<**<< Lock to Network subset? if pressing yes you have 5 attempts to enter NSCK.

Warning: Your phone can be locked to a service provider FOREVER by doing this! If an invalid code is entered all five times,the menu will exit and be deactivated! Any further attempt to activate the NCK/NSCK lock Menu will result in the response "Not allowed"! However the NCK/NSCK lock can be recover through a direct clearing in the EEPROM.

Shortcut for Last Dialed call menu

If you for some reason don't want to enter the 'Last Dialed calls menu' by using the 'YES' key you can use the following key
stroke instead: First '0' then '#'.

Bat. level indicator when turned OFF

When the phone is turned off and the phone is not changing - the bat. level can be seen for a short period of time by pressing the 'NO' key quick once (it has to be quick!) and then wait for about 2 sec. The bat. level will now be shown in the display at its normal position.

Access menu without Sim card

To access to the menu in your phone without having a card inside do the following: type **04*0000*0000*0000# When display say "Wrong Pin" press NO and you have access to the all menus: Info, Access, Settings, Calculator, Clock, Keylock On?,Mail, Phone book. NOTE if you try this on your phone may stop at Keylock On? menu and you´ll have to take your battery out to turn the phone on again.

Alarm Clock Menu

Go to MissedCall Empty the list Press the -> key for a second or two The option Menu size turns up Choose 'yes' and go from there.

An alarm clock turned up too but it never rang. I think this was because there is no clock in the phone.

Free phone calls using the GA628

This trick has only been reported working on PREPAID GSM CARDS and in some countries and with some sw versions.
The prepaid GSM SIM CARD is a kind of "SIM card" which only has a sertant amount of credit on it (like a normal phonebox telecard)... if it can be traced? - we don't know...

Well..here's the trick you dial the no. normally and press YES. While "connecting" is shown on the screen, the following procedure should be carried out: Press CLR then 0 then # and then NO (twice) so as to switch OFF the phone. You can then still speak on the phone while it is switched off but the SIM card does not record your calls which will lead to FREE phone calls in some countries.. we hope!!

Another variant of the code

Make a Call, while the phone says Connecting type 083# (the position 83 must be empty! ), when phone says Pos Emtpy, press the NO key and turn off the phone.

If you can make the call with the phone turned off you will face a problem when you need to hang up the phone...the only way for you to do that is remove the battery...???

How can I generate safe passwords?

2009-01-12T00:11:00.001-08:00

You can't. The key word here is GENERATE. Once an algorithm for

creating passwords is specified using upon some systematic method, it

merely becomes a matter of analysing your algorithm in order to find

every password on your system.

Unless the algorithm is very subtle, it will probably suffer from a very

low period (ie: it will soon start to repeat itself) so that either:

a) a cracker can try out every possible output of the password

generator on every user of the system, or

b) the cracker can analyse the output of the password program,

determine the algorithm being used, and apply the algorithm to other

users to determine their passwords.

A beautiful example of this (where it was disastrously assumed that a

random number generator could generate an infinite number of random

passwords) is detailed in [Morris & Thompson].

The only way to get a reasonable amount of variety in your passwords

(I'm afraid) is to make them up. Work out some flexible method of your

own which is NOT based upon:

1) modifying any part of your name or name+initials

2) modifying a dictionary word

3) acronyms

4) any systematic, well-adhered-to algorithm whatsoever

For instance, NEVER use passwords like:

alec7 - it's based on the users name (& it's too short anyway)

tteffum - based on the users name again

gillian - girlfiends name (in a dictionary)

naillig - ditto, backwards

PORSCHE911 - it's in a dictionary

12345678 - it's in a dictionary (& people can watch you type it easily)

qwertyui - ...ditto...

abcxyz - ...ditto...

0ooooooo - ...ditto...

Computer - just because it's capitalised doesn't make it safe

wombat6 - ditto for appending some random character

6wombat - ditto for prepending some random character

merde3 - even for french words...

mr.spock - it's in a sci-fi dictionary

zeolite - it's in a geological dictionary

ze0lite - corrupted version of a word in a geological dictionary

ze0l1te - ...ditto...

Z30L1T3 - ...ditto...

I hope that these examples emphasise that ANY password derived from ANY

dictionary word (or personal information), modified in ANY way,

constitutes a potentially guessable password.

Why and how do systems get broken into?

2009-01-12T00:09:00.001-08:00

This is hard to answer definitively. Many systems which crackers break

into are only used as a means of entry into yet more systems; by hopping

between many machines before breaking into a new one, the cracker hopes

to confuse any possible pursuers and put them off the scent. There is

an advantage to be gained in breaking into as many different sites as

possible, in order to "launder" your connections.

Another reason may be psychological: some people love to play with

computers and stretch them to the limits of their capabilities.

Some crackers might think that it's "really neat" to hop over 6 Internet

machines, 2 gateways and an X.25 network just to knock on the doors of

some really famous company or institution (eg: NASA, CERN, AT+T, UCB).

Think of it as inter-network sightseeing.

This view is certainly appealing to some crackers, and certainly leads

to both the addiction and self-perpetuation of cracking.

As to the "How" of the question, this is again a very sketchy area. In

universities, it is extremely common for computer account to be passed

back and forth between undergraduates:

"Mary gives her account password to her boyfriend Bert at another

site, who has a friend Joe who "plays around on the networks". Joe

finds other crackable accounts at Marys site, and passes them around

amongst his friends..." pretty soon, a whole society of crackers is

playing around on the machines that Mary uses.

This sort of thing happens all the time, and not just in universities.

One solution is in education. Do not let your users develop attitudes

like this one:

"It doesn't matter what password I use on _MY_ account,

after all, I only use it for laserprinting..."

- an Aberystwyth Law student, 1991

Teach them that use of the computer is a group responsibility. Make

sure that they understand that a chain is only as strong as it's weak

link.

Finally, when you're certain that they understand your problems as a

systems manager and that they totally sympathise with you, configure

your system in such a way that they can't possibly get it wrong.

Believe in user education, but don't trust to it alone.

What makes a system insecure?

2009-01-12T00:08:00.001-08:00

"The only system which is truly secure is one which is switched off

and unplugged, locked in a titanium lined safe, buried in a concrete

bunker, and is surrounded by nerve gas and very highly paid armed

guards. Even then, I wouldn't stake my life on it."

A system is only as secure as the people who can get at it. It can be

"totally" secure without any protection at all, so long as its continued

good operation is important to everyone who can get at it, assuming all

those people are responsible, and regular backups are made in case of

hardware problems. Many laboratory PC's quite merrily tick away the

hours like this.

The problems arise when a need (such as confidentiality) has to be

fulfilled. Once you start putting the locks on a system, it is fairly

likely that you will never stop.

Security holes manifest themselves in (broadly) four ways:

1) Physical Security Holes.

- Where the potential problem is caused by giving unauthorised persons

physical access to the machine, where this might allow them to perform

things that they shouldn't be able to do.

A good example of this would be a public workstation room where it would

be trivial for a user to reboot a machine into single-user mode and muck

around with the workstation filestore, if precautions are not taken.

Another example of this is the need to restrict access to confidential

backup tapes, which may (otherwise) be read by any user with access to

the tapes and a tape drive, whether they are meant to have permission or

not.

2) Software Security Holes

- Where the problem is caused by badly written items of "privledged"

software (daemons, cronjobs) which can be compromised into doing things

which they shouldn't oughta.

The most famous example of this is the "sendmail debug" hole (see

bibliography) which would enable a cracker to bootstrap a "root" shell.

This could be used to delete your filestore, create a new account, copy

your password file, anything.

(Contrary to popular opinion, crack attacks via sendmail were not just

restricted to the infamous "Internet Worm" - any cracker could do this

by using "telnet" to port 25 on the target machine. The story behind a

similar hole (this time in EMACS) is described in [Stoll].)

New holes like this appear all the time, and your best hopes are to:

a: try to structure your system so that as little software as possible

runs with root/daemon/bin privileges, and that which does is known to

be robust.

b: subscribe to a mailing list which can get details of problems

and/or fixes out to you as quickly as possible, and then ACT when you

receive information.

3) Incompatible Usage Security Holes

- Where, through lack of experience, or no fault of his/her own, the

System Manager assembles a combination of hardware and software which

when used as a system is seriously flawed from a security point of view.

It is the incompatibility of trying to do two unconnected but useful

things which creates the security hole.

Problems like this are a pain to find once a system is set up and

running, so it is better to build your system with them in mind. It's

never too late to have a rethink, though.

Some examples are detailed below; let's not go into them here, it would

only spoil the surprise.

4) Choosing a suitable security philosophy and maintaining it.

What is "security through obscurity

2009-01-12T00:07:00.001-08:00

Security Through Obscurity (STO) is the belief that a system of any sort

can be secure so long as nobody outside of its implementation group is

allowed to find out anything about its internal mechanisms. Hiding

account passwords in binary files or scripts with the presumption that

"nobody will ever find it" is a prime case of STO.

STO is a philosophy favoured by many bureaucratic agencies (military,

governmental, and industrial), and it used to be a major method of

providing "pseudosecurity" in computing systems.

Its usefulness has declined in the computing world with the rise of open

systems, networking, greater understanding of programming techniques, as

well as the increase in computing power available to the average person.

The basis of STO has always been to run your system on a "need to know"

basis. If a person doesn't know how to do something which could impact

system security, then s/he isn't dangerous.

Admittedly, this is sound in theory, but it can tie you into trusting a

small group of people for as long as they live. If your employees get

an offer of better pay from somewhere else, the knowledge goes with

them, whether the knowledge is replaceable or not. Once the secret gets

out, that is the end of your security.

Nowadays there is also a greater need for the ordinary user to know

details of how your system works than ever before, and STO falls down a

as a result. Many users today have advanced knowledge of how their

operating system works, and because of their experience will be able to

guess at the bits of knowledge that they didn't "need to know". This

bypasses the whole basis of STO, and makes your security useless.

Hence there is now a need is to to create systems which attempt to be

algorithmically secure (Kerberos, Secure RPC), rather than just

philosophically secure. So long as your starting criteria can be met,

your system is LOGICALLY secure.

"Shadow Passwords" (below) are sometimes dismissed as STO, but this is

incorrect, since (strictly) STO depends on restricting access to an

algorithm or technique, whereas shadow passwords provide security by

restricting access to vital data.

What are alt.security and comp.security.misc for?

2009-01-12T00:06:00.001-08:00

Comp.security.misc is a forum for the discussion of computer security,

especially those relating to Unix (and Unix like) operating systems.

Alt.security used to be the main newsgroup covering this topic, as well

as other issues such as car locks and alarm systems, but with the

creation of comp.security.misc, this may change.

The discussions posted range from the likes of "What's such-and-such

system like?" and "What is the best software I can use to do so-and-so"

to "How shall we fix this particular bug?", although there is often a

low signal to noise ratio in the newsgroup (a problem which this FAQ

hopes to address).

The most common flamewars start when an apparent security novice posts a

message saying "Can someone explain how the such-and-such security hole

works?" and s/he is immediately leapt upon by a group of self appointed

people who crucify the person for asking such an "unsound" question in a

public place, and flame him/her for "obviously" being a cr/hacker.

Please remember that grilling someone over a high flame on the grounds

that they are "a possible cr/hacker" does nothing more than generate a

lot of bad feeling. If computer security issues are to be dealt with in

an effective manner, the campaigns must be brought (to a large extent)

into the open.

Implementing computer security can turn ordinary people into rampaging

paranoiacs, unable to act reasonably when faced with a new situation.

Such people take an adversarial attitude to the rest of the human race,

and if someone like this is in charge of a system, users will rapidly

find their machine becoming more restrictive and less friendly (fun?) to

use.

This can lead to embarrasing situations, eg: (in one university) banning

a head of department from the college mainframe for using a network

utility that he wasn't expected to. This apparently required a lot of

explaining to an unsympathetic committee to get sorted out.

A more sensible approach is to secure a system according to its needs,

and if its needs are great enough, isolate it completely. Please, don't

lose your sanity to the cause of computer security; it's not worth it.

A Small Guide to Hacking HOTMAIL

2009-01-12T00:02:00.001-08:00

HOTMAIL HACKING INFO.

I_1_I - Brute force hacking

a. Use telnet to connect to port 110 (Hotmail´s pop-server)

b. Type USER and then the victim´s username

c. Type PASS and then the guess a password

d. Repeat that until U have found the correct password.

!. This is called brute force hacking and requires patience.

It´s better than trying to guess the victims password on

hotmail homepage only because it´s faster.

____

I_2_I - The Best way

a. Get the username of the victim (It usually stands in the adress-field

)

b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "

c. U´re in!

!. This hack only work if U are on the same network or computer as the

victim and if he don´t log out.

____

I_3_I - The old way

a. Go to http://www.hotmail/proxy.html

b. Now type the victims username. (press login)

c. Look at the source code.

d. On the fifth row U should find "action=someadress"

e. Copy that adress and paste it into the adress-field

f. You are in...

!. As you can see it´s a long procedure and the victim have

plenty of time to log out.

____

I_4_I - Another...

a. Go to hotmail´s homepage

b. Copy the source code.

c. Make a new html file with the same code but change method=post to

method=enter

d. "view" the page

e. Change the adress to www.hotmail.com/ (don´t press enter!)

f. Make the victim type in his username and password

g. Look in the adress-field. There you´ll see ...&password:something...

!. This is the way I use, because it lets you know the password.

(If he exits the browser U can see the password in the History folder!)

READ!

Hotmail´s sysops have changed the "system" so that the victim may log

out even

if U are inside his/her account. So don´t waste U´r time!

---

So you want to get some hotmail passwords?

This is pretty easy to do once you have got the hang of it.

If you are a beginner, I wouldn't make this your first attempt at

hacking. When you need to do is use a port surfer and surf over to

port 80. While there, you have to try and mail the user that you

want the password from. It is best to mail them using the words

"We" and "Here at Hotmail..." Most suckers fall for this and end

up giving out their password. There is another way to also, you can

get an anon mailer, and forge the addres as staff@hotmail.com. But

you have to change the reply address to go to a different addres

like user@host.com. The person that you are trying to get the pass

from MUST respond to that letter for the mail to be forwarded to you.

Have text like "Please reply to this letter with the subject "PASSWORD"

and underneith please include your user name and password.

If you have trouble Loging in withing the next few days, this is

only because we are updating our mail servers but no need to worry,

your mail will still be there. Even though the server may be down

for an hour. From the staff at Hotmail, Thank You."

A Guide to the Easiest Hacking

2009-01-11T23:46:00.001-08:00

OK, this is my mini guide to the easiest 'hacking' there is ( I think ) if any

one knows different then mail me and tell me :) .

Most FTP servers have the directory /pub which stores all the 'public' information

for you to download. But along side /pub you will probably find other directorys

such as /bin and /etc its the /etc directory which is important. In this directory

there is normally a file called passwd. . This looks something like this :-

root:7GHgfHgfhG:1127:20:Superuser

jgibson:7fOsTXF2pA1W2:1128:20:Jim Gibson,,,,,,,:/usr/people/jgibson:/bin/csh

tvr:EUyd5XAAtv2dA:1129:20:Tovar:/usr/people/tvr:/bin/csh

mcn:t3e.QVzvUC1T.:1130:20:Greatbear,,,,,,,:/usr/people/mcn:/bin/csh

mouse:EUyd5XAAtv2dA:1131:20:Melissa P.:/usr/people/mouse:/bin/csh

This is where all the user names and passwords are kept. For example, root is

the superuser and the rest are normal users on the site. The bit after the word

root or mcn such as in this example (EUyd5XAAtv2dA) is the password BUT it is

encrypted. So you use a password cracker....which you can d/l from numerous sites

which I will give some URL's to at the end of this document. With these password

crackers you will be asked to supply a passwd. file which you download from the

\etc directory of the FTP server and a dictionary file which the crackers progam

will go through and try to see if it can make any match. And as many people use

simple passwords you can use a 'normal' dictionary file. But when ppl REALLY don't

want you to break their machines they set their passwords to things such as GHTiCk45

which Random Word Generator will create (eventually ). Which is where programs such

as Random Word Generator come in. ( Sorry just pluging my software )

BTW the bad news is that new sites NORMALLY have password files which look like this :-

root:x:0:1:0000-Admin(0000):/:/sbin/sh

The x signifies shadowed - you can't use a cracker to crack it because there's nothing

there to crack, its hidden somewhere else that you can't get to. x is also represented

as a * or sometimes a . Ones like the top example are known as un-shadowed password

files normally found at places with .org domain or .net and prehaps even .edu sites.

(Also cough .nasa.gov cough sites).

If you want a normal dictionary file i recommend you go to

http://www.globalkos.org and download kOS Krack which

has a 3 MEG dictionary file. Then run a .passwd cracking program

such as jack the ripper or hades or killer crack ( I recommend ) against the

.passwd file and dictionary file. Depending upon the amount of passwords in

the .passwd file, the size of the dictionary file and the speed of the processor

it could be a lengthy process.

Eventually once you have cracked a password you need a basic knowledge of unix.

I have included the necassary commands to upload a different index.html file to

a server :-

Connect to a server through ftp prefably going through a few shells to hide your

host and login using the hacked account at the Login: Password: part.

Then once connected type

dir or list

If there's a directory called public_html@ or something similar change directory

using the Simple dos cd command ( cd public_html )

Then type binary to set the mode to binary transfer ( so you can send images if

necassary )

Then type put index.html or whatever the index file is called.

It will then ask which transfer you wish to use, Z-Modem is the best.

Select the file at your end you wish to upload and send it.

Thats it !

If you have root delete any log files too.

Please note that this process varys machine to machine.

To change the password file for the account ( very mean ) login in through telnet

and simply type passwd at the prompt and set the password for the account to anything

you wish.

Thats it....if ya don't understand it read it about 10x if ya still don't ask someone

else i am too busy with errrr stuff..

A Guide to Internet Security: Becoming an Uebercracker

2009-01-11T23:42:00.001-08:00

This is a paper will be broken into two parts, one showing 15 easy steps

to becoming a uebercracker and the next part showing how to become a

ueberadmin and how to stop a uebercracker. A uebercracker is a term phrased

by Dan Farmer to refer to some elite (cr/h)acker that is practically

impossible to keep out of the networks.

Here's the steps to becoming a uebercracker.

Step 1. Relax and remain calm. Remember YOU are a Uebercracker.

Step 2. If you know a little Unix, you are way ahead of the crowd and skip

past step 3.

Step 3. You may want to buy Unix manual or book to let you know what

ls,cd,cat does.

Step 4. Read Usenet for the following groups: alt.irc, alt.security,

comp.security.unix. Subscribe to Phrack@well.sf.ca.us to get a background

in uebercracker culture.

Step 5. Ask on alt.irc how to get and compile the latest IRC client and

connect to IRC.

Step 6. Once on IRC, join the #hack channel. (Whew, you are half-way

there!)

Step 7. Now, sit on #hack and send messages to everyone in the channel

saying "Hi, Whats up?". Be obnoxious to anyone else that joins and asks

questions like "Why cant I join #warez?"

Step 8. (Important Step) Send private messages to everyone asking for new

bugs or holes. Here's a good pointer, look around your system for binary

programs suid root (look in Unix manual from step 3 if confused). After

finding a suid root binary, (ie. su, chfn, syslog), tell people you have a

new bug in that program and you wrote a script for it. If they ask how it

works, tell them they are "layme". Remember, YOU are a UeberCracker. Ask

them to trade for their get-root scripts.

Step 9. Make them send you some scripts before you send some garbage file

(ie. a big core file). Tell them it is encrypted or it was messed up and

you need to upload your script again.

Step 10. Spend a week grabbing all the scripts you can. (Dont forget to be

obnoxious on #hack otherwise people will look down on you and not give you

anything.)

Step 11. Hopefully you will now have atleast one or two scripts that get

you root on most Unixes. Grab root on your local machines, read your

admin's mail, or even other user's mail, even rm log files and whatever

temps you. (look in Unix manual from step 3 if confused).

Step 12. A good test for true uebercrackerness is to be able to fake mail.

Ask other uebercrackers how to fake mail (because they have had to pass the

same test). Email your admin how "layme" he is and how you got root and how

you erased his files, and have it appear coming from satan@evil.com.

Step 13. Now, to pass into supreme eliteness of uebercrackerness, you brag

about your exploits on #hack to everyone. (Make up stuff, Remember, YOU are

a uebercracker.)

Step 14. Wait a few months and have all your notes, etc ready in your room

for when the FBI, Secret Service, and other law enforcement agencies

confinscate your equipment. Call eff.org to complain how you were innocent

and how you accidently gotten someone else's account and only looked

because you were curious. (Whatever else that may help, throw at them.)

Step 15. Now for the true final supreme eliteness of all uebercrackers, you

go back to #hack and brag about how you were busted. YOU are finally a

true Uebercracker.

Now the next part of the paper is top secret. Please only pass to trusted

administrators and friends and even some trusted mailing lists, Usenet

groups, etc. (Make sure no one who is NOT in the inner circle of security

gets this.)

This is broken down on How to Become an UeberAdmin (otherwise know as a

security expert) and How to stop Uebercrackers.

Step 1. Read Unix manual ( a good idea for admins ).

Step 2. Very Important. chmod 700 rdist; chmod 644 /etc/utmp. Install

sendmail 8.6.4. You have probably stopped 60 percent of all Uebercrackers

now. Rdist scripts is among the favorites for getting root by

uebercrackers.

Step 3. Okay, maybe you want to actually secure your machine from the

elite Uebercrackers who can break into any site on Internet.

Step 4. Set up your firewall to block rpc/nfs/ip-forwarding/src routing

packets. (This only applies to advanced admins who have control of the

router, but this will stop 90% of all uebercrackers from attempting your

site.)

Step 5. Apply all CERT and vendor patches to all of your machines. You have

just now killed 95% of all uebercrackers.

Step 6. Run a good password cracker to find open accounts and close them.

Run tripwire after making sure your binaries are untouched. Run tcp_wrapper

to find if a uebercracker is knocking on your machines. Run ISS to make

sure that all your machines are reasonably secure as far as remote

configuration (ie. your NFS exports and anon FTP site.)

Step 7. If you have done all of the following, you will have stopped 99%

of all uebercrackers. Congrads! (Remember, You are the admin.)

Step 8. Now there is one percent of uebercrackers that have gained

knowledge from reading some security expert's mail (probably gained access

to his mail via NFS exports or the guest account. You know how it is, like

the mechanic that always has a broken car, or the plumber that has the

broken sink, the security expert usually has an open machine.)

Step 9. Here is the hard part is to try to convince these security experts

that they are not so above the average citizen and that by now giving out

their unknown (except for the uebercrackers) security bugs, it would be a

service to Internet. They do not have to post it on Usenet, but share

among many other trusted people and hopefully fixes will come about and

new pressure will be applied to vendors to come out with patches.

Step 10. If you have gained the confidence of enough security experts,

you will know be a looked upto as an elite security administrator that is

able to stop most uebercrackers. The final true test for being a ueberadmin

is to compile a IRC client, go onto #hack and log all the bragging and

help catch the uebercrackers. If a uebercracker does get into your system,

and he has used a new method you have never seen, you can probably tell

your other security admins and get half of the replies like - "That bug

been known for years, there just isn't any patches for it yet. Here's my

fix." and the other half of the replies will be like - "Wow. That is very

impressive. You have just moved up a big notch in my security circle."

VERY IMPORTANT HERE: If you see anyone in Usenet's security newsgroups

mention anything about that security hole, Flame him for discussing it

since it could bring down Internet and all Uebercrackers will now have it

and the million other reasons to keep everything secret about security.

Well, this paper has shown the finer details of security on Internet. It has

shown both sides of the coin. Three points I would like to make that would

probably clean up most of the security problems on Internet are as the

following:

1. Vendors need to make security a little higher than zero in priority.

If most vendors shipped their Unixes already secure with most known bugs

that have been floating around since the Internet Worm (6 years ago) fixed

and patched, then most uebercrackers would be stuck as new machines get

added to Internet. (I believe Uebercracker is german for "lame copy-cat

that can get root with 3 year old bugs.") An interesting note is that

if you probably check the mail alias for "security@vendor.com", you will

find it points to /dev/null. Maybe with enough mail, it will overfill

/dev/null. (Look in manual if confused.)

2. Security experts giving up the attitude that they are above the normal

Internet user and try to give out information that could lead to pressure

by other admins to vendors to come out with fixes and patches. Most

security experts probably don't realize how far their information has

already spread.

3. And probably one of the more important points is just following the

steps I have outlined for Stopping a Uebercracker.

Disabling the Right-Click on the Start Button:

2008-12-23T19:45:00.001-08:00

Normally, when you right button click on the Start button, it allows you to open your programs folder, the Explorer and run Find. In situations where you don't want to allow users to be able to do this in order to secure your computer.
Start Regedit
Search for Desktop
This should bring you to HKEY_Classes_Root\Directory
Expand this section
Under Shell is Find
Delete Find
Move down a little in the Registry to Folder
Expand this section and remove Explore and Open

Now when you right click on the Start button, nothing should happen. You can delete only those items that you need.
Note: - On Microsoft keyboards, this also disables the Window-E (for Explorer) and Window-F (for Find) keys.
See the section on Installation to see how to do this automatically during an install.

Disabling My Computer:

2008-12-23T19:43:00.001-08:00

In areas where you are trying to restrict what users can do on the computer, it might be beneficial to disable the ability to click on My Computer and have access to the drives, control panel etc.

To disable this:
Start Regedit
Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D
This should bring you to the HKEY_Classes_Root\CLSID section
Delete the entire section

Now when you click on My Computer, nothing will happen. You might want to export this section to a registry file before deleting it just in case you want to enable it again.

See the section on Installation to see how to do this automatically during an install.

Boot keys - Locking out

2008-12-23T19:42:00.001-08:00

Open a command prompt (from start menu select RUN, then type COMMAND), switch to the root directory and issue the following command:

ATTRIB -H -R -S MSDOS.SYS

This will remove the hidden, read only and system attributes so you may edit it.

BootKeys=1 Enables the special startup option keys (F5, F6, and F8). Setting this value to 0 prevents any startup keys from functioning. If you're a systems administrator, this setting lets you configure a more secure system.

BE SURE TO RE-ENABLE THE HIDDEN, READ ONLY, and SYSTEM PROPERTIES after you edit the MSDOS.SYS by typing:

ATTRIB +H +R +S MSDOS.SYS

Hiding Any Combination of Drives

2008-12-23T19:40:00.001-08:00

If you want to stop a drive or any combination of drives appearing in Explorer/My Computer, add the Binary Value of 'NoDrives' in the registry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Give it a value from a combination of the table below:
Drive Letter
Value

A:
01 00 00 00

B:
02 00 00 00

C:
04 00 00 00

D:
08 00 00 00

E:
10 00 00 00

F:
20 00 00 00

G:
40 00 00 00

H:
80 00 00 00

I:
00 01 00 00

J:
00 02 00 00

K:
00 04 00 00

L:
00 08 00 00

M:
00 10 00 00

N:
00 20 00 00

O:
00 40 00 00

P:
00 80 00 00

Q:
00 00 01 00

R:
00 00 02 00

S:
00 00 04 00

T:
00 00 08 00

U:
00 00 10 00

V:
00 00 20 00

W:
00 00 40 00

X:
00 00 80 00

Y:
00 00 00 01

Z:
00 00 00 02

Where (for eg) you want to hide Drives {C,E,J,O,R,U,Y,Z} you would give 'NoDrives' the value 14 42 12 03

Where C+E = 14, J+O = 42, R+U=12 and Y+Z = 03
Please NOTE: The Numbers are to be added in HEXadecimal ie: ABCD = 0F, not 15 All Drives Visible is 00 00 00 00 All Drives Hidden is FF FF FF 03

8. Hmmm? =)

I won't get into the fact that your boss "probably" has the legal right to do whatever he/she wants. Its his/her computer and his/her salary.... That being said: TweakUI will automatically clear out things like the Doc, Run, Find etc. In fact in tweakui its under the tab Paranoia.(which is kind of fitting) You might also del everything in the \\windows\temp internet file folder. Disable file sharing so he can't sit at his desk and look at your hard drive. Last but not least, go to find and look for *.pwl . This will tell you if anyone is logging onto your pc with their password.

An overview on Microsoft Windows 2000 family

2008-12-23T19:38:00.001-08:00

This tutorial will make your Windows 2000 installation easy, smooth, and almost effortless. First thing – decide what distribution of Windows 2000 are you going to install: Microsoft has released (for now) 3 different Windows 2000 releases:
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Datacenter Server

The Microsoft Windows 2000 caries the "Built on NT Technology logo" to symbolize its belonging to the NT technology. It also features a true multi-lingual support making it easy to switch between different language packs. It is meant to:
== Keep the stability and performance of the NT technology ==

Windows 2000 keeps the traditional values of all NT systems: Stability, Performance, and Information Security. It features the new NTFS 5.0, which allows high information security values by giving the user the ability to encrypt the file system (EFS), assigning closed and secured space to use VPN, unleashing the Kerberos security system, user quotas, and much more.
== To lower the Total Cost of Ownership (TCO) ==

Windows 2000 has many built-in capabilities, such as IntelliMirror and the Active Directories. These features allow more efficient business solutions and management.
[== Different Releases ==]
The Professional edition is targeting the home and the small business markets, or as Microsoft says, “desktop operating system for the Business Internet”.
The Server edition is for the average organization network. It includes much more server, network management, and administration tools. Featuring Active Directories, Kerberos and PKI systems, Windows Terminal Services, and more. The Windows 2000 Server supports up to 4GB of RAM and 4 processors.
The Advanced Server edition was released for major networks and corporations. It features support up to 8 processors, excellent load management, and surprising stability. The Advanced Server release features the Enterprise Memory Architecture - EMA, improved Symmetric Multiprocessing - SMP, imporoved databases performance.

I’ll mostly focus on the professional release, because it’s meant for home and small business users, while the other two mostly useful for large organization with major networks.
I assume you already have the installation disk so I’m not going to explain where to get it and how much does it cost. I’ll just note that one can get it free with an MSDN subscription or to buy it in a local computing store.
=====> "Let the games begin" or Installing Windows 2000 <=====
[=== Clean or Upgrade ===]

I’ve been asked this question many times and answer is quite simple – it depends on your needs. Lets reviewthe pros and the cons of a clean installation and an upgrade
The biggest advantage of a clean setup is that you’re relatively safe from various drivers and applications incompatibilities. If you install Windows 2000 on an existing Windows installation, Win2k might use the old driver already on your system, which may lead to system instabilities.
On the other hand, it is obvious that when you perform an upgrade all your already-installed programs will function under the new OS.

So it’s up to you to decide, to upgrade or to perform a clean installation.

To be on the safe side – do a clean installation, but if you’re unable to reinstall your entire software – upgrade.
-> The Setup <-

(Note: Choose the most convenient way to run setup. The first one is both for upgrading and clean installations)

Running Setup 1: Now, after making that important decision, insert the Win2k installation CD into the CD drive, while in Windows, and start the setup program (it’ll autorun if the feature is enabled on your system, else run the “setup.exe” file at the CD root directory).
On the first screen, choose whether to Upgrade or to perform a Clean Installation.

Running Setup 2: (for clean installation only)
In case you don’t have previous version of Windows installed, you can boot directly into the setup. First, enable CD-ROM boot in your BIOS (be careful, don’t change anything unless you’re completely sure what you’re doing. Consult the vendor manual), then insert the CD and boot your computer. If your BIOS cannot boot from a CD-ROM drive, you can make boot diskettes with the Boot-Maker program, included on the installation CD (\bootdisk\makeboot.exe).
Installation (basic configuration and copying files)
Follow the setup wizard to perform pre-installation basic configuration.

After a few system diagnostics the setup will begin copying the files.
After the file copying has finished setup will restart the computer and boot to Windows 2000 core for the next stage of the installation. This phase of the installation is in MS-DOS like environment, but it is Windows 2000 Core which performs it.
[== NTFS or FAT? ==]

NTFS is much faster, reliable, and high-performance file system then FAT32 or FAT. I highly recommend choosing to upgrade the drive to NTFS. But, note that in case you have a dual boot system, other operating systems won’t see the NTFS partition, i.e. you won’t be able to access that partition from DOS or from Windows 9x.
[== Components to install ==]

This is your personal decision, according to your needs. I can only describe the main components and their purpose.
IIS – Internet Information Services:

In case you plan to run your own web, ftp, and/or mail server – install the pack. Another usage to IIS is for local testing of ASP files, which also require you to install the IIS web server. Anyhow, you can always install or remove it later, through the control panel.
IIS allows creating multiple sites on one IP address, making it easy creating Intranet sites.
IIS features support for dynamic content, such as ASP, CGI and ISAPI, allowing web developers to include ActiveX components into their web sites. IIS has the Secure Socket Layer (SSL) providing safe data transfer between the client and the server.
Another major feature of IIS 5.0 is its ability to be administared over the web, using the Administration Web Site snap-in.
Indexing Service

The indexing service is useful on large hard disks with a good performance. It indexes the files on the system for faster searching capabilities. It allows searching within files on the hard disk for specific words.
You can control and manage the Indexing Service through its snap-in console in the MMC. You can check the indexing proccess, choose the directories to be indexed, and configure the service for optimal performance.

The other components are mainly network-related, and unnecessary unless you’re a part of a LAN (Local Area Network).
[== Troubleshooting ==]

Like most Microsoft products, Windows 2000 has a user-friendly and simple setup interface. But, some errors might still surface.

-> STOP Errors
In case you get a one-time STOP error (aka BSoD – Blue Screen of Death) just reboot, and setup will resume the installation. But if you keep getting STOP errors, you might have a hardware that is incompatible with Windows 2000. In that case you should consult the HCL - Windows 2000 Hardware Compatibility List (included on installation CD, \support\hcl.txt), and/or download the Microsoft Windows 2000 compatibility check program (on Microsoft’s web site).

Here are some of the most common STOP errors in Windows 2000 and their explanation:

- IRQL_NOT_LESS_OR_EQUAL -
Meaning that the core tried to gain access to a certain memory segment which is at a higher level of an Interupt Request Level (IRL) then allowed. While the proccess only allowed to have access to and IRL level no higher then their own.

Recommendation: This error is probably caused by a faulty driver or a system service. Try using the "Last Good Known Configuration" option in the safe boot menu (F8 on boot).

Note: If the error surfaces while installing Windows, check that all of your drivers are compatible with Windows 2000 (consult the HCL).

- KMODE_EXCEPTION_NOT_HANDLED -
This error is generated when the core can't handle a certain directive.

Recommendation: The error might show you the name of the faulty driver. Try disabling it while booting into Safe Mode.

Note: The situation can sometimes resolved using the Recovery Console.

- NTFS_FILE_SYSTEM -
This error is generated when there is a problem with the Ntfs.sys driver, which is meant to access information on NTFS drives.

Recommendation: Check your IDE/SCSI HD drivers for compatibility, and execute the chkdsk command to verify data consistency.

There are more STOP errors in Windows 2000 then I could review in this article. Consult the Microsoft Knowledge Base on www.microsoft.com.

What is the Registry?

2008-12-23T19:37:00.001-08:00

What is the Registry?

The Registry is the central core registrar for Windows NT. Each NT workstation for server has its own Registry, and each one contains info on the hardware and software of the computer it resides on. For example, com port definitions, Ethernet card settings, desktop setting and profiles, and what a particular user can and cannot do are stored in the Registry. Remember those ugly system INI files in Windows 3.1? Well, they are all included with even more fun stuff into one big database called the Registry in NT.

One of the main disadvantages to the older .INI files is that those files are flat text files, which are unable to support nested headings or contain data other than pure text. Registry keys can contain nested headings in the form of subkeys. These subkeys provide finer details and a greater range to the possible configuration information for a particular operating system. Registry values can also consist of executable code, as well as provide individual preferences for multiple users of the same computer. The ability to store executable code within the Registry extends its usage to operating system and application developers. The ability to store user-specific profile information allows one to tailor the environment for specific individual users.

Always make sure that you know what you are doing when changing the registry or else just one little mistake can crash the whole system. That's why it's always good to back it up!

To view the registry of an NT server (or to back it up), you need to use the Registry Editor tool. There are two versions of Registry Editor:
:Regedt32.exe has the most menu items and more choices for the menu items. You can search for keys and subkeys in the registry.
:Regedit.exe enables you to search for strings, values, keys, and subkeys. This feature is useful if you want to find specific data.
Some Info on NT:

32 bit GUI Windows networking (client server model) Operating System. 1st version: 3.1 (circa 1994), then 3.5, then 3.51, then 4.0 (most used and this version was the 1st to adopt the same GUI as Windows 95). NT stands for New Techology. NT's main competitor is Novel Netware which is more established and has been around longer as a network operating system. Despite that, it is losing market share to NT and Linux. That's why NT is becoming a little bit more important. Windows 2000 which is supposedly the next version is supposed to be out sometime in October 1999. This version formerly called Cairo has been delayed 3 times over the last 2-3 years. Everything in this tutorial directory relates to Windows NT v. 4.0 . Some of this might also be useful for Windows 95 and Windows 98 but please note that despite the similar GUI environments all of them have major differences between each other and each are distinct. The major difference is security, with NT there is a decent degree of security and robustness. With Windows 95, and 98 there is hardly any security at all. For example with NT you cannot log in without a password and a username that is correct. With Windows 98/95, just hit the cancel button on the log on menu (which is not usually enabled anyways) and you will get into the system. With NT, you can have a network from anywhere from 20-20,000 users or so on the same domain. Each Domain will have a Primary Domain Controller (PDC) and a few Backup Domain Controllers (BDC's). There is only one PDC in a domain, it is the main server that holds all the log in info and does most of the work. BDC's are backups in case the PDC gets to busy such as multiple users logging in at the same time. PDC has all the official settings for the entire domain (in most cases an entire network) on it. BDC's usually have partial and not right up-to-date settings and information on it. Backing up the Registry of your PDC (Primary Domain Controller) is an important part of disaster prevention, because it contains all of your user accounts. If you ever have to rebuild a PDC from scratch, then you can restore your user accounts by restoring the Registry.
Backup and Restore:

Even with Windows 98, and Windows 95 you can not just backup the registry when you back up files. What you would need to do is run either: regedit32.exe (for NT) or regedit.exe and then click the registry menu, then click export registry. The next step is to click all, then pick the drive to back up onto (usually a removable drive like tape, floppy, cd, zip drive, jazz drive etc.) and then hit "ok". To restore a registry from a backed up version, enter the registry program the same way, click import registry and click the drive and path where the backup is and hit "ok". It will restore it back to the previous backed up settings and may require a reboot.

Note: registry backups are saved as .reg files, and they are associated with regedit as default. This means that once you double-click a .reg file, it's contents will be inserted into your own registry.
What is SAM?

SAM is short for Security Accounts Manager, which is located on the PDC and has information on all user accounts and passwords. Most of the time while the PDC is running, it is being accessed or used.
What do I do with a copy of SAM?

You get passwords. First use a copy of SAMDUMP.EXE to extract the user info out of it. You do not need to import this data into the Registry of your home machine to play with it. You can simply load it up into one of the many applications for cracking passwords, such as L0phtCrack, which is available from: http://www.L0phtCrack.com

Of interest to hackers is the fact that all access control and assorted parameters are located in the Registry. The Registry contains thousands of individual items of data, and is grouped together into "keys" or some type of optional value. These keys are grouped together into subtrees -- placing like keys together and making copies of others into separate trees for more convenient system access.

The Registry is divided into four separate subtrees. These subtrees are called
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
We'll go through them from most important to the hacker to least important to the hacker.

First and foremost is the HKEY_LOCAL_MACHINE subtree. It contains five different keys. These keys are as follows:
SAM and SECURITY - These keys contain the info such as user rights, user and group info for the domain (or workgroup if there is no domain), and passwords. In the NT hacker game of capture the flag, this is the flag. Bag this and all bets are off.

The keys are binary data only (for security reasons) and are typically not accessible unless you are an Administrator or in the Administrators group. It is easier to copy the data and play with it offline than to work on directly. This is discussed in a little more detail in section 09-4.
HARDWARE - this is a storage database of throw-away data that describes the hardware components of the computer. Device drivers and applications build this database during boot and update it during runtime (although most of the database is updated during the boot process). When the computer is rebooted, the data is built again from scratch. It is not recommended to directly edit this particular database unless you can read hex easily.

There are three subkeys under HARDWARE, these are the Description key, the DeviceMap key, and the ResourceMap key. The Description key has describes each hardware resource, the DeviceMap key has data in it specific to individual groups of drivers, and the ResourceMap key tells which driver goes with which resource.
SYSTEM - This key contains basic operating stuff like what happens at startup, what device drivers are loaded, what services are in use, etc. These are split into ControlSets which have unique system configurations (some bootable, some not), with each ControlSet containing service data and OS components for that ControlSet. Ever had to boot from the "Last Known Good" configuration because something got hosed? That is a ControlSet stored here.
SOFTWARE - This key has info on software loaded locally. File associations, OLE info, and some miscellaneous configuration data is located here.

The second most important main key is HKEY_USERS. It contains a subkey for each local user who accesses the system, either locally or remotely. If the server is a part of a domain and logs in across the network, their subkey is not stored here, but on a Domain Controller. Things such as Desktop settings and user profiles are stored here.

The third and fourth main keys, HKEY_CURRENT_USER and HKEY_CLASSES_ROOT, contain copies of portions of HKEY_USERS and HKEY_LOCAL_MACHINE respectively. HKEY_CURRENT_USER contains exactly would you would expect a copy of the subkey from HKEY_USERS of the currently logged in user. HKEY_CLASSES_ROOT contains a part of HKEY_LOCAL_MACHINE, specifically from the SOFTWARE subkey. File associations, OLE configuration and dependency information.
What are hives?

Hives are the major subdivisions of all of these subtrees, keys, subkeys, and values that make up the Registry. They contain "related" data. Look, I know what you might be thinking, but this is just how Microsoft divided things up -- I'm just relaying the info, even I don't know exactly what all the advantages to this setup are. ;-)

All hives are stored in %systemroot%\SYSTEM32\CONFIG. The major hives and their files are as follows:Hive File Backup File
HKEY_LOCAL_MACHINE\SOFTWARE SOFTWARE SOFTWARE.LOG
HKEY_LOCAL_MACHINE\SECURITY SECURITY SECURITY.LOG
HKEY_LOCAL_MACHINE\SYSTEM SYSTEM SYSTEM.LOG
HKEY_LOCAL_MACHINE\SAM SAM SAM.LOG
HKEY_CURRENT_USER USERxxx
ADMINxxx USERxxx.LOG
ADMINxxx.LOG
HKEY_USERS\.DEFAULT DEFAULT DEFAULT.LOG

Hackers should look for the SAM file, with the SAM.LOG file as a secondary target. This contains the password info.

For ease of use, the Registry is divided into five separate structures that represent the Registry database in its entirety. These five groups are known as Keys, and are discussed below:
HKEY_CURRENT_USER

This registry key contains the configuration information for the user that is currently logged in. The users folders, screen colors, and control panel settings are stored here. This information is known as a User Profile.
HKEY_USERS

In windowsNT 3.5x, user profiles were stored locally (by default) in the systemroot\system32\config directory. In NT4.0, they are stored in the systemroot\profiles directory. User-Specific information is kept there, as well as common, system wide user information.

This change in storage location has been brought about to parallel the way in which Windows95 handles its user profiles. In earlier releases of NT, the user profile was stored as a single file - either locally in the \config directory or centrally on a server. In windowsNT 4, the single user profile has been broken up into a number of subdirectories located below the \profiles directory. The reason for this is mainly due to the way in which the Win95 and WinNT4 operating systems use the underlying directory structure to form part of their new user interface.

A user profile is now contained within the NtUser.dat (and NtUser.dat.log) files, as well as the following subdirectories:
Application Data: This is a place to store application data specific to this particular user.
Desktop: Placing an icon or a shortcut into this folder causes the that icon or shortcut to appear on the desktop of the user.
Favorites: Provides a user with a personalized storage place for files, shortcuts and other information.
NetHood: Maintains a list of personlized network connections.
Personal: Keeps track of personal documents for a particular user.
PrintHood: Similar to NetHood folder, PrintHood keeps track of printers rather than network connections.
Recent: Contains information of recently used data.
SendTo: Provides a centralized store of shortcuts and output devices.
Start Menu: Contains configuration information for the users menu items.
Templates: Storage location for document templates.
HKEY_LOCAL_MACHINE

This key contains configuration information particular to the computer. This information is stored in the systemroot\system32\config directory as persistent operating system files, with the exception of the volatile hardware key.

The information gleaned from this configuration data is used by applications, device drivers, and the WindowsNT 4 operating system. The latter usage determines what system configuration data to use, without respect to the user currently logged on. For this reason the HKEY_LOCAL_MACHINE regsitry key is of specific importance to administrators who want to support and troubleshoot NT 4.

HKEY_LOCAL_MACHINE is probably the most important key in the registry and it contains five subkeys:
Hardware: Database that describes the physical hardware in the computer, the way device drivers use that hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. All data in this sub-tree is re-created everytime the system is started.
SAM: The security accounts manager. Security information for user and group accounts and for the domains in NT 4 server.
Security: Database that contains the local security policy, such as specific user rights. This key is used only by the NT 4 security subsystem.
Software: Pre-computer software database. This key contains data about software installed on the local computer, as well as configuration information.
System: Database that controls system start-up, device driver loading, NT 4 services and OS behavior.
Information about the HKEY_LOCAL_MACHINE\SAM Key

This subtree contains the user and group accounts in the SAM database for the local computer. For a computer that is running NT 4, this subtree also contains security information for the domain. The information contained within the SAM registry key is what appears in the user interface of the User Manager utility, as well as in the lists of users and groups that appear when you make use of the Security menu commands in NT4 explorer.
Information about the HKEY_LOCAL_MACHINE\Security key

This subtree contains security information for the local computer. This includes aspects such as assigning user rights, establishing password policies, and the membership of local groups, which are configurable in User Manager.
HKEY_CLASSES_ROOT

The information stored here is used to open the correct application when a file is opened by using Explorer and for Object Linking and Embedding. It is actually a window that reflects information from the HKEY_LOCAL_MACHINE\Software subkey.
HKEY_CURRENT_CONFIG

The information contained in this key is to configure settings such as the software and device drivers to load or the display resolution to use. This key has a software and system subkeys, which keep track of configuration information.
Understanding Hives

The registry is divided into parts called hives. These hives are mapped to a single file and a .LOG file. These files are in the systemroot\system32\config directory.Registry Hive File Name
HKEY_LOCAL_MACHINE\SAM SAM and SAM.LOG
HKEY_LOCAL_MACHINE\SECURITY Security and Security.LOG
HKEY_LOCAL_MACHINE\SOFTWARE Software and Software.LOG
HKEY_LOCAL_MACHINE\SYSTEM System and System.ALT

QuickNotes

Ownership = The ownership menu item presents a dialog box that identifies the user who owns the selected registry key. The owner of a key can permit another user to take ownership of a key. In addition, a system administrator can assign a user the right to take ownership, or outright take ownership himself.

REGINI.EXE = This utility is a character based console application that you can use to add keys to the NT registry by specifying a Registry script.

The Following table lists the major Registry hives and some subkeys and the DEFAULT access permissions assigned:\\ denotes a major hive
\denotes a subkey of the prior major hive
\\HKEY_LOCAL_MACHINE Admin-Full Control
Everyone-Read Access
System-Full Control
\HARDWARE Admin-Full Control
Everyone-Read Access
System-Full Control
\SAM Admin-Full Control
Everyone-Read Access
System-Full Control
\SECURITY Admin-Special (Write DAC, Read Control)
System-Full Control
\SOFTWARE Admin-Full Control
Creator Owner-Full Control
Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
System-Full Control
\SYSTEM Admin-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
Everyone-Read Access
System-Full Control
\\HKEY_CURRENT_USER Admin-Full Control
Current User-Full Control
System-Full Control
\\HKEY_USERS Admin-Full Control
Current User-Full Control
System-Full Control
\\HKET_CLASSES_ROOT Admin-Full Control
Creator Owner-Full Control
Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
System-Full Control
\\HKEY_CURRENT CONFIG Admin-Full Control
Creator Owner-Full Control
Everyone-Read Access
System-Full Control

The Registry Editor

2008-12-23T19:35:00.001-08:00

The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files. In this section I would be examing the Win95\98 registry only although NT is quite similar.
The Registry Editor

The Registry Editor is a utility by the filename regedit.exe that allows you to see, search, modify and save the registry database of Windows. The Registry Editor doesn't validate the values you are writing: it allows any operation. So you have to pay close attention, because no error message will be shown if you make a wrong operation.
To launch the Registry Editor simply run RegEdit.exe ( under WinNT run RegEdt32.exe with administer privileges). The registry editor is divided into two sectios in the left one there is a hierarchical structure of the database (the screen looks like Windows Explorer) in the right one there are the values.

The registry is organized into keys and subkeys. Each key contains a value entry , each one has a name, a type or a class and the value itself. The name is a string that identifies the value to the key. The length and the format of the value is dependent on the data type.

As you can see with the Registry Editor, the registry is divided into five principal keys: there is no way to add or delete keys at this level. Only two of these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE and HKEY_USERS. The others are jusr branches of the main keys or are dynamically created by Windows.
HKEY_LOCAL_MACHINE

This key contains any hardware, applications and services information. Several hardware information is updated automatically while the computer is booting. The data stored in this key is shared with any user. This handle has many subkeys:

Config
Contains configuration data for different hardware configurations.

Enum
This is the device data. For each device in your computer, you can find information such as the device type, the hardware manufacturer, device drivers and the configuration.

Hardware
This key contains a list of serial ports, processors and floating point processors.

Network
Contains network information.

Security
Shows you network security information.

Software
This key contains data about installed software.

System
It contains data that checks which device drivers are used by Windows and how they are configured.
HKEY_CLASSES_ROOT

This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and contains OLE, drag'n'drop, shortcut and file association information.
HKEY_CURRENT_CONFIG

This key is also an alias. It contains a copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer configuration.
HKEY_DYN_DATA

Some information stored in the registry changes frequently, so Windows maintains part of the registry in memory instead of on the hard disk. For example it stores PnP information and computer performance. This key has two sub keys

Config Manager
This key contains all hardware information problem codes, with their status. There is also the sub key HKEY_LOCAL_MACHINE\Enum, but written in a different way.

PerfStats
It contains performance data about system and network
HKEY_USERS

This important key contains the sub key .Default and another key for each user that has access to the computer. If there is just one user, only .Default key exists. . Each sub key maintains the preferences of each user, like the desktop colors, the fonts used, and also the settings of many programs. If you open a user subkey you will find five important subkeys:

AppEvent
It contains the path of audio files that Windows plays when some events happen.

Control Panel
Here are the settings defined in the Control Panel. They used to be stored in win.ini and control.ini.

Keyboard Layouts
It contains a voice that identify the actual keyboard disposition how it is set into the Control Panel.

Network
This key stores subkeys that describe current and recent network shortcuts.

RemoteAccess
The settings of Remote Access are stored here.

Software
Contains all software settings. This data was stored in win.ini and private .ini files.
HKEY_CURRENT_USER

It is an alias to current user of HKEY_USERS. If your computer is not configured for multi-users usage, it points to the subkey .Default of HKEY_USERS.
Description of .reg file

Here I am assuming that you already have a .reg file on your hard disk and want to know more about how it is structured.Now do not double click the .reg file or it's content will be added to the registry, of course there will be warning message that pops up. Now to view the properties of the .reg file open it in notepad.

To do so first launch notepad by going to Start > Programs > Accessories > Notepad.
Then through the open menu open the .reg file.
Now the thing that differentiates .reg files from other files is the word REGEDIT4. It is found to be the first word in all .reg files. If this word is not there then the registry editor cannot recognize the file to be a .reg file.

Then follows the key declaration which has to be done within square brackets and with the full path.If the key does not exist then it will be created.

After the key declaration you will see a list of values that have to be set in the particular key in the registry. The values look like this:
"value name"=type:value

Value name is in double commas. Type can be absent for string values, dword: for dword values and hex: for binary values and for all other values you have to use the code hex(#): , where # indicate the API code of the type.

Why would I want to hack windows?

2008-12-23T19:32:00.001-08:00

Well, okay stupid question but why would you want to hack windows when there are all those lovely servers to take on? The answer is so simple, it often eludes people altogether. How exactly are you going to take out the server if your workstation is so crippled, you can't even use the run command? Most hacking programs are DOS based. If your friendly Admin has removed MS-DOS access, you're in trouble. You won't be able to run all those nice programs you've collected.

What if they Admin has placed some really horrible backdrop on your machine. You have a great replacement only the display properties aren't available. How do you get round that? Well, that's what this tutorial is all about : Removing restrictions on the local machine so that you can get a shot at the servers or so you can run programs that you otherwise wouldn't be able to.

What is the registry?

2008-12-23T19:31:00.001-08:00

The registry is a database that Windows uses to store all its information. You can consider it as a directory. Most programs and files are registered here, along with user and system settings. Driver versions and start up programs are also found in here. Without the registry, Windows would be in trouble.
Where is the registry?

The registry consists of two files, user.dat and system.dat . Both are stored in the windows directory. There are backups of both files called user.da0 and system.da0 . If the main two are destroyed, the system copies the new versions over to replace them.

The user.dat file contains user settings. All the different parts of a users settings make up a user profile. It is these profiles that contain the information regarding what restrictions should be enforced. Every user is stored here along with all their access rights. I'll show you how to fool the system into giving you full access the easy way later.

The system.dat file strangely enough contains information about the system. This includes settings for Internet Explorer and other pieces of software such as DirectX, MS Office etc etc.
Can I edit it myself?

Yes you can, using a program called regedit. It is automatically installed and unless your friendly Admin has removed your ability to edit it, you can use this program to set anything in the registry that you want.

NOTE : If you remove the system.dat file ( which you usually have to ) some programs may have problems finding their default settings or refuse to load.
I can't edit the registry. How do I get around this ?

Well the easiest way is to simply remove user.dat and system.dat . When you reset the computer and login, it will come up and tell you that it needs to reset to repair the registry. Ignore this message and use ctrl+alt+del to get it to close without selecting 'ok'. You will see that all the restrictions have been removed. Quickly go to 'Run' and type 'command' without the quotes. This will open a DOS window and for some reason stabilises the system. Windows had a nasty tendency to crash if I didn't open a DOS window for some reason. When you reset the computer, the old registry will kick in and the restrictions will be active again. This isn't so bad because it means you can get a machine back to normal with the minimum of fuss.

I can't edit the registry. How do I get around this ?

2008-12-23T19:30:00.001-08:00

Okay, I've found the files.....only I can't delete them! Windows says that are protected!

2008-12-23T19:29:00.001-08:00

When windows says protected, it means write protected. This is when you can't write or alter a file. This is done for safety reasons. No one wants to accidentally delete the registry. However because we're evil we want to and Windows is stopping us. Don't worry, the protection is lame. Right click on the file and hit properties. Once in, untick the little box next to write protected and click apply then okay. Now try deleting the file. You should find that it goes without any hassle. This works with both registry files.

The network is on the Internet but Cyber patrol won't let me access any hacking sites!

2008-12-23T19:27:00.001-08:00

Cyber patrol is a royal pain in the ass! However, it is very easy to remove. Press ctrl+alt+del to bring up the task list. Select Cyber Patrol and press enter. Cyber Patrol will now bring up a window asking for a password. Damn, we've been beaten! Not so, press ctrl+alt+del again. This time because Cyber Patrol has ALREADY answered windows, it won't access again. Thus Windows thoughtfully lets us close the program. Bye bye stupid restrictions!
I can't access the disk drive or the CDROM yet I see the Admins doing it! How can I ?

This can be quite annoying. You have lots of stuff on disk or CD but you just can't access them. Why? Because some sod has removed their icons from 'My Computer'. *Sigh* I guess its no go then right? Wrong! Although you can't see the drives, they are still there. Load up ole faithful Internet Explorer and type "D:\" without the quotes and press Enter. It should display a list of the files on the CD. If it comes up with "Access Denied" or " Permission Denied" then simply make a shortcut to it. That way, you will see all the files.
When I try to access A: , the whole machine crashes on me! Why?

This happens when the floppy drive has been disabled in the BIOS ( Basic Input Output System). When you try to access it, Windows will hang and force you to reboot. There is a nice easy way of testing if the drive is open before you crash your machine. When you log in or out, check the light on the drive. If it flashes, the drive is available even if you can't see it in the drive list. If it doesn't flash, the drive has been disabled.
I MUST have floppy access! How do I get it?

The only way to get disk access is to enable the floppy drive in BIOS. This is almost ALWAYS passworded ( if not you're really lucky ). You will need a BIOS cracker and there are loads on the Internet. Check what BIOS the machine has when it boots up ( Award, AmiBIOS etc etc). Get a program for that. Obviously you will somehow need to get it on the Network and there is a cunning way to do that to!

Sneaking files onto a Network

2008-12-23T19:26:00.001-08:00

This trick is so simple and yet so effective. Create a document that you could pass off as school work or something. Make sure it has an image file in it. Drag and drop the program file into your document and then place the Image file over it. Save as a .doc file and put it on a disk. Ask your friendly Admin to copy the file for you. Most will just copy it and those that check will just see a document with a piccy. They won't see your program. To get the program back, you need to open the document on your workstation. Drag the program back out and put it on your desktop. This trick works with any file of any type.

Right, I've got the program. What now ?

Run the program. It should give you a password. Write this down and reset the machine. As the machine checks its memory press the 'Del' button. It will then take you into the BIOS where it will prompt for the password. Enter the password that you got from the program. It should let you in. Go into the Basic options and look for floppy drive. Go to the first one. It probably says "Not Installed". Change it so it says "3 1/2 inch floppy". Quit the BIOS and save changes. When it boots up, the floppy drive will be active. Do the reverse to disable it again to stop Admins finding you and changing the password.

How can I get back all those nice programs that they removed from my start menu?

2008-12-23T19:24:00.001-08:00

This is also quite easy. There is a program called groupconv.exe . By running this, you'll restore the default star menu along with all the usual programs and accessories. Useful if the Admin has removed some program that you prefer or want to use like Paint brush. You'll need paint to pull off the next trick.

How do I change this cursed background without using the display properties?

2008-12-23T19:23:00.001-08:00

Not so useful perhaps but nice to have none the less. No one likes the default backgrounds but Admins tend to remove the ability to change them which is rather upsetting. To pull this off, you need access to paint. Normally this isn't removed. Open your bitmap of choice into paint. From the 'File' menu, select "Set as background". This will set your bitmap as the background. Normally this won't stay the same and will change back next time you login. Still, you get a decent background for the duration of your session.

The 'Net Plug' trick

2008-12-23T19:22:00.001-08:00

This is a nice easy way of getting Admin rights. I've taken this from my other tutorial and pasted it here because I don't want to have to type it out again. It is a very useful technique which is why I'm duplicating it here.

This is an attack that I worked out myself before I was given Admin status. It always works and I've yet to see it fail. Make sure you are at a windows 95 or 98 machine. I doubt NT would be fooled by this trick but I don't have any NT machines so I can't test it for you.

Note : Most Admins, believe that they are the most knowledgeable about their system. Many also believe that no one else knows much about computers. In other words, for whatever reasons, they are not too concerned about us i.e. the idiots attacking their servers. Why? Because we aren't good enough. So why waste valuable time configuring security that won't be needed eh? I think I've made my point. They don't see us as a threat. You don't consider a house spider a threat so you don't go round putting up netting to keep them out. Why? You can't be bothered. The same rule applies here. Even if you are a computer genius, play it dumb. Admins like to lecture the uninitiated and would love to appear smarter than you. This is the way you want it. The Admins will think you're a nice guy or gal, totally harmless. This sometimes gives you more leverage because they like you, they'll be willing to help you. They also won't expect you to launch a huge assault on their servers either However sometimes there are some smart people out there who will notice your talents and pull you over to their side. This isn't a bad place to be and can be advantageous later.

First of all, login as yourself. Crash your computer and reset it . Walk over to your favourite admin (the one that hates you most is the best choice ) and apologise for being an idiot but the computer won't let you login and could s/he please come and take a look for you. Mumbling and grumbling they'll come over. The best way to test if it is the machine is for them to login. Of course, they'll log in as an admin or equivalent. They'll check your account and see that your account is fine. They'll tell you to log onto another machine and your account will be okay. They'll now log off and walk off in disgust thinking you are a computer moron. Not so my friend, we've just done them good and proper!

Turn off the computer and pull out the network lead. Turn it back on again. The computer will detect that you aren't on a network and will dump you at a desktop with restrictions of the last user. If this user is the admin then chances are that he or she will have full access to everything including DOS and drive access. Perfect for installing all those really kewl programs you have on a disk in your pocket......

But you aren't on the network now. That's no fun is it? Shove the lead back in and try to access a network drive. This is the bit where you hope the Admins are sloppy or not computer geniuses. Windows by default caches ALL passwords so unless the Admins have told it not to ( a key deep in the registry) then windows will have a nice copy of their password. Go into 'My Computer' and click on a drive. Whoop with glee as Netware logs you in as an Admin. Why does this happen? Well windows still holds the username and password last used to access the drive. You are logged into windows as Admin and windows knows what credentials you last gave to the server. So it supplies them for you. Likewise because you are now authenticated you know have full access to the NDS tree. Not only can you read but you can no write, modify delete etc etc. Much more fun!

Now, this is the bit where you have to be sneaky. You have to make a new account for yourself or upgrade your old one. There are pros and cons to each of your choices. If you alter your existing account and they check it for some reason ( maybe you got locked out? ) they'll notice you have admin rights and shoot you. If you make a new user, it might get found quicker but there is no way to point to you ( it was created by user admin after all tee hee ). The choice is yours. You can always do both.

Windows Hacks: I still need DOS access to run the programs. How can I get it?

2008-12-23T19:21:00.001-08:00

Windows Hacks:

Not all Admins actually remove the ability to run DOS programs, simply because they are needed. It is likely though that the shortcuts and the run command will have been removed. Also I doubt you will be able to shutdown into MS-DOS mode. So how do you call up the window?

Well, we can use our usual shortcut trick. The program that opens the DOS windows is called "command.exe" . To run the program, simply make a shortcut to "command" without the quotes. Double clicking on the shortcut will pull up the MS-DOS prompt.

I think it worked but when I logged back onto the network, the old settings kicked in.

2008-12-23T19:17:00.001-08:00

If you get this, your Admin has locked out the ability for your user to run DOS programs. Windows is suprisingly tight on DOS access. There is only ONE way that I currently know of ( I'm always searching for new ones though) to bypass this whilst logged in as yourself. To do this, you need a program called "poledit.exe".

What the hell is poledit?

2008-12-23T19:15:00.001-08:00

Poledit ( short for policy editor ) is the program used to alter user settings on any given computer. This program edits the user.dat file that we saw earlier. It might have occured to some Admins to block access but I have yet to see it done. Normally registry editing is barred but that seems to be only when using regedit.

Poledit is NOT installed by default. You will find it on the Windows 98 CD in the resource kit folder. The file itself isn't very big and it doesn't need any support files. You can sneak it onto the network by hiding it in a Word file. If you have CDROM access, you could just load it in, or burn the program to CD.

Poledit controls ALL the access rights such as control panel access, display properties, find and run commands, DOS access, shutting down to MSDOS mode etc etc. This tool can give them all back to you!

Okay, I've managed to get poledit onto the network. now what?

2008-12-23T19:14:00.001-08:00

Right, run the program. It will bring up a list of users and their policies. There will probably be two policies stored there ( at least). One will be called Admin or similar and the other default. You will be user default. Now, alter the settings to whatever you want and save them. Quit the program and you should find that your access has been increased!

I think it worked but when I logged back onto the network, the old settings kicked in.

2008-12-23T19:12:00.001-08:00

This is a pain because it means your settings are stored on the server too. When it logs in, it activates the settings you updated and then overlays the new ones from the server. Annoying huh? Well there isn't all that much you can do about it apart from use the Net Plug trick.

How does it help us here? Well, turn off the computer, unplug the network lead and turn it back on. It will automatically log you in as the last user, i.e yourself. However because there is no server, it will pull its restrictions from the local file ( which we edited of course). Plug the network lead back into the computer and try to access the drives. Even if it asks you to login again ( to access the network ), Windows isn't clever enough to pull off the updated policy files. You're home free!!

Hacking password protected site

2008-12-19T18:26:00.001-08:00

There are many ways to defeat java-script protected web

sites. S ome are very simplistic, such as hitting ctl-alt-del

when the password box is displayed, to simply turning off

java capability, which will dump you into t he default page.

You can try manually searching for other directories, by

typing the directory name into the url address box of your

browser, ie: you w ant access to www.target.com . Try typing

www.target.com/images .(almost ever y web site has an images

directory) This will put you into the images directo ry,

and give you a text list of all the images located there.

Often, the t itle of an image will give you a clue to the

name of another directory. ie: in www.target.com/images,

there is a .gif named gamestitle.gif . There is a g ood

chance then, that there is a 'games' directory on the site,

so you wou ld then type in www.target.com/games, and if it is

a valid directory, you aga in get a text listing of all thefiles available there.

For a more automated a pproach, use a program like WEB SNAKE

from anawave, or Web Wacker. These pro grams will create a

mirror image of an entire web site, showing all director ies,

or even mirror a complete server. They are indispensable for

locating hidden files and directories.

What do you do if you can't get past an openin g "Password

Required" box? First do an WHOIS Lookup for the site. In our

example, www.target.com . We find it's hosted by www.host.com

at 100.100.100. 1. We then go to 100.100.100.1, and then launch \

Web Snake, and mirror the e ntire server. Set Web Snake to NOT

download anything over about 20K. (not ma ny HTML pages are

bigger than this) This speeds things up some, and keeps yo u

from getting a lot of files and images you don't care about.

This can take a long time, so consider running it right before bed time.

Once you have an image of the entire server, you look through

the directories listed, and find /target. When we open that

directory, we find its contents, and all of i ts sub-directories listed.

Let's say we find /target/games/zip/zipindex.html . This would be the index

page that would be displayed had you gone through the

password procedure, and allowed it to redirect you here.

By simply typ ing in the url

www.target.com/games/zip/zipindex.html you will be on

the index page and ready to follow the links for downloading.

What are some newsgroups of interest to hackers

2008-11-28T04:24:00.000-08:00

N alt.2600hz

N alt.2600.codez

N alt.2600.debate

N alt.2600.moderated

alt.cellular

alt.cellular-phone-tech Brilliant telephony mind blow netnews naming

alt.comp.virus An unmoderated forum for discussing viruses

alt.comp.virus.source.code

alt.cracks Heavy toolbelt wearers of the world, unite

alt.cyberpunk High-tech low-life.

alt.cyberspace Cyberspace and how it should work.

alt.dcom.telecom Discussion of telecommunications technology

alt.engr.explosives [no description available]

alt.fan.kevin-mitnick

alt.fan.lewiz Lewis De Payne fan club

alt.hackers Descriptions of projects currently under development

alt.hackintosh

alt.locksmithing You locked your keys in *where*?

alt.hackers.malicious The really bad guys - don't take candy from them

alt.ph.uk United Kingdom version of alt.2600

alt.privacy.anon-server Tech. & policy matters of anonymous contact servers

alt.radio.pirate Hide the gear, here comes the magic station-wagons.

alt.radio.scanner Discussion of scanning radio receivers.

alt.satellite.tv.europe All about European satellite tv

alt.security Security issues on computer systems

alt.security.index Pointers to good stuff in misc.security (Moderated)

alt.security.keydist Exchange of keys for public key encryption systems

alt.security.pgp The Pretty Good Privacy package

alt.security.ripem A secure email system illegal to export from the US

comp.dcom.cellular [no description available]

comp.dcom.telecom Telecommunications digest (Moderated)

comp.dcom.telecom.tech [no description available]

comp.org.cpsr.announce Computer Professionals for Social Responsibility

comp.org.cpsr.talk Issues of computing and social responsibility

comp.org.eff.news News from the Electronic Frontiers Foundation

comp.org.eff.talk Discussion of EFF goals, strategies, etc.

N comp.os.netware.security Netware Security issues

comp.protocols.kerberos The Kerberos authentification server

comp.protocols.tcp-ip TCP and IP network protocols

comp.risks Risks to the public from computers & users

comp.security.announce Announcements from the CERT about security

N comp.security.firewalls Anything pertaining to network firewall security

comp.security.misc Security issues of computers and networks

comp.security.unix Discussion of Unix security

comp.virus Computer viruses & security (Moderated)

de.org.ccc Mitteilungen des CCC e.V.

misc.security Security in general, not just computers (Moderated)

rec.pyrotechnics Fireworks, rocketry, safety, & other topics

rec.radio.scanner [no description available]

rec.video.cable-tv Technical and regulatory issues of cable television

sci.crypt Different methods of data en/decryption

What is a SIDH

2008-11-28T04:19:00.000-08:00

SIDH stands for System Identification for Home System. The SIDH in your

cellular telephone tells the cellular system what area your cellular

service originates from. This is used in roaming (making cellular calls

when in an area not served by your cellular provider).

Every geographical region has two SIDH codes, one for the wireline

carrier and one for the nonwireline carrier. These are the two

companies that are legally allowed to provide cellular telephone service

in that region. The wireline carrier is usually your local telephone

company, while the nonwireline carrier will be another company. The

SIDH for the wireline carrier is always an even number, while the SIDH

for the nonwireline carrier is always an odd number. The wireline

carrier is also known as the Side-B carrier and the non-wireline carrier

is also known as the Side-A carrier.

What is a SCM

2008-11-28T04:17:00.000-08:00

SCM stands for Station Class Mark. The SCM is a 4 bit number which

holds three different pieces of information. Your cellular telephone

transmits this information (and more) to the cell tower. Bit 1 of the

SCM tells the cell tower whether your cellphone uses the older 666

channel cellular system, or the newer 832 channel cellular system. The

expansion to 832 channels occured in 1988. Bit 2 tells the cellular

system whether your cellular telephone is a mobile unit or a voice

activated cellular telephone. Bit's 3 and 4 tell the cell tower what

power your cellular telephone should be transmitting on.

What is an MIN

2008-11-28T04:15:00.000-08:00

MIN stands for Mobile Identification Number. This is the phone number

of the cellular telephone.

What is an ESN

2008-11-28T04:14:00.000-08:00

ESN stands for Electronic Serial Number. The is the serial number of

your cellular telephone.

What is a NAM

2008-11-28T04:12:00.000-08:00

NAM stands for Number Assignment Module. The NAM is the EPROM that

holds information such as the MIN and SIDH. Cellular fraud is committed

by modifying the information stored in this component.

What is an MTSO

2008-11-28T04:11:00.000-08:00

MTSO stands for Mobile Telephone Switching Office. The MTSO is the

switching office that connects all of the individual cell towers to the

Central Office (CO).

The MTSO is responsible for monitoring the relative signal strength of

your cellular phone as reported by each of the cell towers, and

switching your conversation to the cell tower which will give you the

best possible reception.

What is a VMB

2008-11-28T04:05:00.000-08:00

A VMB is a Voice Mail Box. A VMB is a computer that acts as an

answering machine for hundreds or thousands of users. Each user will

have their own Voice Mail Box on the system. Each mail box will have

a box number and a pass code.

Without a passcode, you will usually be able to leave messages to

users on the VMB system. With a passcode, you can read messages and

administer a mailbox. Often, mailboxes will exist that were created

by default or are no longer used. These mailboxes may be taken over

by guessing their passcode. Often the passcode will be the mailbox

number or a common number such as 1234.

What is a PBX

2008-11-28T04:03:00.000-08:00

A PBX is a Private Branch Exchange. A PBX is a small telephone switch

owned by a company or organization. Let's say your company has a

thousand employees. Without a PBX, you would need a thousand phone

lines. However, only 10% of your employees are talking on the phone

at one time. What if you had a computer that automatically found an

outside line every time one of your employees picked up the telephone.

With this type of system, you could get by with only paying for one

hundred phone lines. This is a PBX.

What frequencies do cordless phones operate on

2008-11-28T04:01:00.000-08:00

Here are the frequencies for the first generation 46/49mhz phones.

Channel Handset Transmit Base Transmit

------- ---------------- -------------

1 49.670mhz 46.610mhz

2 49.845 46.630

3 49.860 46.670

4 49.770 46.710

5 49.875 46.730

6 49.830 46.770

7 49.890 46.830

8 49.930 46.870

9 49.990 46.930

10 49.970 46.970

The new "900mhz" cordless phones have been allocated the frequencies

between 902-228MHz, with channel spacing between 30-100KHz.

Following are some examples of the frequencies used by phones

currently on the market.

----------------------------------------------------------------

Panasonic KX-T9000 (60 Channels)

base 902.100 - 903.870 Base frequencies (30Khz spacing)

handset 926.100 - 927.870 Handset frequencies

CH BASE HANDSET CH BASE HANDSET CH BASE HANDSET

-- ------- ------- -- ------- ------- -- ------- -------

01 902.100 926.100 11 902.400 926.400 21 902.700 926.700

02 902.130 926.130 12 902.430 926.430 22 902.730 926.730

03 902.160 926.160 13 902.460 926.460 23 902.760 926.760

04 902.190 926.190 14 902.490 926.490 24 902.790 926.790

05 902.220 926.220 15 902.520 926.520 25 902.820 926.820

06 902.250 926.250 16 902.550 926.550 26 902.850 926.850

07 902.280 926.280 17 902.580 926.580 27 902.880 926.880

08 902.310 926.310 18 902.610 926.610 28 902.910 926.910

09 902.340 926.340 19 902.640 926.640 29 902.940 926.940

10 902.370 926.370 20 902.670 926.670 30 902.970 926.970

31 903.000 927.000 41 903.300 927.300 51 903.600 927.600

32 903.030 927.030 42 903.330 927.330 52 903.630 927.630

33 903.060 927.060 43 903.360 927.360 53 903.660 927.660

34 903.090 927.090 44 903.390 927.390 54 903.690 927.690

35 903.120 927.120 45 903.420 927.420 55 903.720 927.720

36 903.150 927.150 46 903.450 927.450 56 903.750 927.750

37 903.180 927.180 47 903.480 927.480 57 903.780 927.780

38 903.210 927.210 48 903.510 927.510 58 903.810 927.810

39 903.240 927.240 49 903.540 927.540 59 903.840 927.840

40 903.270 927.270 50 903.570 927.570 60 903.870 927.870

------------------------------------------------------------

V-TECH TROPEZ DX900 (20 CHANNELS)

905.6 - 907.5 TRANSPONDER (BASE) FREQUENCIES (100 KHZ SPACING)

925.5 - 927.4 HANDSET FREQUENCIES

CH BASE HANDSET CH BASE HANDSET CH BASE HANDSET

-- ------- ------- -- ------- ------- -- ------- -------

01 905.600 925.500 08 906.300 926.200 15 907.000 926.900

02 905.700 925.600 09 906.400 926.300 16 907.100 927.000

03 905.800 925.700 10 906.500 926.400 17 907.200 927.100

04 905.900 925.800 11 906.600 926.500 18 907.300 927.200

05 906.000 925.900 12 906.700 926.600 19 907.400 927.300

06 906.100 926.000 13 906.800 926.700 20 907.500 927.400

07 906.200 926.100 14 906.900 926.800

------------------------------------------------------------

Other 900mhz cordless phones

AT&T #9120 - - - - - 902.0 - 905.0 & 925.0 - 928.0 MHZ

OTRON CORP. #CP-1000 902.1 - 903.9 & 926.1 - 927.9 MHZ

SAMSUNG #SP-R912- - - 903.0 & 927.0 MHZ

------------------------------------------------------------

What are the DTMF frequencies

2008-11-28T03:59:00.000-08:00

DTMF stands for Dual Tone Multi Frequency. These are the tones you get

when you press a key on your telephone touch pad. The tone of the

button is the sum of the column and row tones. The ABCD keys do not

exist on standard telephones.

1209 1336 1477 1633

697 1 2 3 A

770 4 5 6 B

852 7 8 9 C

941 * 0 # D

Is there any hope of a decompiler that would convert an executable

2008-11-28T03:56:00.000-08:00

Don't hold your breath. Think about it... For a decompiler to work

properly, either 1) every compiler would have to generate substantially

identical code, even with full optimization turned on, or 2) it would

have to recognize the individual output of every compiler's code

generator.

If the first case were to be correct, there would be no more need for

compiler benchmarks since every one would work the same. For the second

case to be true would require in immensely complex program that had to

change with every new compiler release.

OK, so what about specific decompilers for specific compilers - say a

decompiler designed to only work on code generated by, say, BC++ 4.5?

This gets us right back to the optimization issue. Code written for

clarity and understandability is often inefficient. Code written for

maximum performance (speed or size) is often cryptic (at best!) Add to

this the fact that all modern compilers have a multitude of optimization

switches to control which optimization techniques to enable and which to

avoid. The bottom line is that, for a reasonably large, complex source

module, you can get the compiler to produce a number of different object

modules simply by changing your optimization switches, so your

decompiler will also have to be a deoptimizer which can automagically

recognize which optimization strategies were enabled at compile time.

OK, let's simplify further and specify that you only want to support one

specific compiler and you want to decompile to the most logical source

code without trying to interpret the optimization. What then? A good

optimizer can and will substantially rewrite the internals of your code,

so what you get out of your decompiler will be, not only cryptic, but in

many cases, riddled with goto statements and other no-no's of good

coding practice. At this point, you have decompiled source, but what

good is it?

Also note carefully my reference to source modules. One characteristic

of C is that it becomes largely unreadable unless broken into easily

maintainable source modules (.C files). How will the decompiler deal

with that? It could either try to decompile the whole program into some

mammoth main() function, losing all modularity, or it could try to place

each called function into its own file. The first way would generate

unusable chaos and the second would run into problems where the original

source hade files with multiple functions using static data and/or one

or more functions calling one or more static functions. A decompiler

could make static data and/or functions global but only at the expense

or readability (which would already be unacceptable).

Finally, remember that commercial applications often code the most

difficult or time-critical functions in assembler which could prove

almost impossible to decompile into a C equivalent.

Like I said, don't hold your breath. As technology improves to where

decompilers may become more feasible, optimizers and languages (C++, for

example, would be a significantly tougher language to decompile than C)

also conspire to make them less likely.

For years Unix applications have been distributed in shrouded source

form (machine but not human readable -- all comments and whitespace

removed, variables names all in the form OOIIOIOI, etc.), which has been

a quite adequate means of protecting the author's rights. It's very

unlikely that decompiler output would even be as readable as shrouded

source.

How do I defeat a BIOS password

2008-11-28T03:54:00.000-08:00

This depends on what BIOS the machine has. Common BIOS's include AMI,

Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are

the most common.

Some BIOS's allow you to require a password be entered before the system

will boot. Some BIOS's allow you to require a password to be entered

before the BIOS setup may be accessed.

Every BIOS must store this password information somewhere. If you are

able to access the machine after it has been booted successfully, you

may be able to view the password. You must know the memory address

where the password is stored, and the format in which the password is

stored. Or, you must have a program that knows these things.

The most common BIOS password attack programs are for Ami BIOS. Some

password attack programs will return the AMI BIOS password in plain

text, some will return it in ASCII codes, some will return it in scan

codes. This appears to be dependent not just on the password attacker,

but also on the version of Ami BIOS.

To obtain Ami BIOS password attackers, ftp to oak.oakland.edu

/simtel/msdos/sysutil/.

If you cannot access the machine after if has been powered up, it is

still possible to get past the password. The password is stored in CMOS

memory that is maintained while the PC is powered off by a small

battery, which is attached to the motherboard. If you remove this

battery, all CMOS information will be lost. You will need to re-enter

the correct CMOS setup information to use the machine. The machines

owner or user will most likely be alarmed when it is discovered that the

BIOS password has been deleted.

On some motherboards, the battery is soldered to the motherboard, making

it difficult to remove. If this is the case, you have another

alternative. Somewhere on the motherboard you should find a jumper that

will clear the BIOS password. If you have the motherboard

documentation, you will know where that jumper is. If not, the jumper

may be labeled on the motherboard. If you are not fortunate enough for

either of these to be the case, you may be able to guess which jumper is

the correct jumper. This jumper is usually standing alone near the

battery.