Archive for April 2014

Automatic Windows Installation, No keypress required!

By : Harshit Chaturvedi
 An unattended Windows XP/2003 install can install all your software and settings along with Windows, and without you having to click a button or press a key,completely automated. Learn how over here:

CODE

http://unattended.msfn.org


Make your unattended setup now!

23 Ways To Speed WinXP, Not only Defrag

By : Harshit Chaturvedi
Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.
1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.


Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Computer hacking. Where did it begin and how did it grow

By : Harshit Chaturvedi

Computer hacking. Where did it begin and how did it grow



If you wonder what it was like in days of yore, ten, twenty, thirty years ago, how about letting and old lady tell you the way it used to be.
Where shall we start? Seventeen years ago and the World Science Fiction Convention in Boston, Massachusetts? Back then the World Cons were the closest thing we had to hacker conventions.
Picture 1980. Ted Nelson is running around with his Xanadu  guys: Roger Gregory, H. Keith Henson (now waging war against the Scientologists) and  K. Eric Drexler, later to build the Foresight Institute. They dream of creating what is to become the World Wide Web. Nowadays guys at hacker cons might dress like vampires. In 1980 they wear identical black baseball caps with silver wings and the slogan: "Xanadu: wings of the mind."  Others at World Con are a bit more underground: doing dope, selling massages, blue boxing the phone lines. The hotel staff has to close the swimming pool in order to halt the sex orgies.
Oh, but this is hardly the dawn of hacking. Let's look at the Boston area yet another seventeen years further back, the early 60s.  MIT students are warring for control of the school's mainframe computers. They use machine language programs that each strive to delete all other programs and seize control of the central processing unit. Back then there were no personal computers.
In 1965, Ted Nelson, later to become leader of the silver wing-headed Xanadu gang at the 1980 Worldcon, first coins the word "hypertext" to describe what will someday become the World Wide Web. Nelson later spreads the gospel in his book Literacy Online.
But in 1965 the computer is widely feared as a source of Orwellian powers. Yes, as in George Orwell's ominous novel , "1984," that predicted a future in which technology would squash all human freedom. Few are listening to Nelson. Few see the wave of free-spirited anarchy the hacker culture is already unleashing. But LSD guru Timothy Leary's daughter Susan begins to study computer programming.
Around 1966, Robert Morris Sr., the future NSA chief scientist, decides to mutate these early hacker wars into the first "safe hacking" environment. He and the two friends who code it call their game "Darwin." Later "Darwin" becomes "Core War," a free-form computer game played to this day by some of the uberest of uberhackers.
Let's jump to 1968 and the scent of tear gas. Wow, look at those rocks hurling through the windows of the computer science building at the University of Illinois at Urbana-Champaign! Outside are 60s antiwar protesters. Their enemy, they believe, are the campus' ARPA-funded computers. Inside are nerdz high on caffeine and nitrous oxide. Under the direction of the young Roger Johnson, they gang together four CDC 6400s and link them to 1024 dumb vector graphics terminals. This becomes the first realization of cyberspace: Plato.
1969 turns out to be the most portent-filled year yet for hacking.
In that year the Defense Department's Advanced Research Projects Agency funds a second project to hook up four mainframe computers so researchers can share their resources. This system doesn't boast the vector graphics of the Plato system. Its terminals just show ASCII characters: letters and numbers. Boring, huh?
But this ARPAnet is eminently hackable. Within a year, its users  hack together a new way to ship text files around. They call their unauthorized, unplanned invention "email." ARPAnet has developed a life independent of its creators. It's a story that will later repeat itself in many forms. No one can control cyberspace. They can't even control it when it is just four computers big.
Also in 1969 John Goltz teams up with a money man to found Compuserve using the new packet switched technology being pioneered by ARPAnet. Also in 1969 we see a remarkable birth at Bell Labs as Ken Thompson invents a new operating system: Unix. It is to become the gold standard of hacking and the Internet, the operating system with the power to form miracles of computer
legerdemain.
In 1971, Abbie Hoffman and the Yippies found the first hacker/phreaker magazine, YIPL/TAP (Youth International Party -- Technical Assistance Program).  YIPL/TAP essentially invents phreaking -- the sport of playing with phone systems in ways the owners never intended. They are motivated by the Bell Telephone monopoly with its high long distance rates, and a hefty tax that Hoffman and many others refuse to pay as their protest against the Vietnam War. What better way to pay no phone taxes than to pay no phone bill at all?
Blue boxes burst onto the scene. Their oscillators automate the whistling sounds that had already enabled people like Captain Crunch (John Draper) to become the pirate captains of the Bell Telephone megamonopoly. Suddenly phreakers are able to actually make money at their hobby. Hans and Gribble peddle blue boxes on the Stanford campus.
In June 1972, the radical left magazine Ramparts, in the article "Regulating the Phone Company In Your Home"  publishes the schematics for a variant on the blue box known as the "mute box." This article violates Californian State Penal Code section 502.7, which outlaws the selling of "plans or instructions for any instrument, apparatus, or device intended to avoid telephone toll charges." California police, aided by Pacific Bell officials, seize copies of the magazine from newsstands and the magazine's offices. The financial stress leads quickly to bankruptcy.
As the Vietnam War winds down, the first flight simulator programs in history unfold on the Plato network. Computer graphics, almost unheard of in that day, are displayed by touch-sensitive vector graphics terminals. Cyberpilots all over the US pick out their crafts: Phantoms, MIGs, F-104s, the X-15, Sopwith Camels. Virtual pilots fly out of digital airports and try to shoot each other down and bomb each others' airports. While flying a Phantom, I see a chat message on the bottom of my screen. "I'm about to shoot you down." Oh, no, a MIG on my tail. I dive and turn hoping to get my tormentor into my sights. The screen goes black. My terminal displays the message "You just pulled 37 Gs. You now look more like a pizza than a human being as you slowly flutter to Earth."
One day the Starship Enterprise barges in on our simulator, shoots everyone down and vanishes back into cyberspace. Plato has been hacked! Even in 1973 multiuser game players have to worry about getting "smurfed"! (When a hacker breaks into a multiuser game on the Internet and kills players with techniques that are not rules of the game, this is called "smurfing.")
1975. Oh blessed year! Under a Air Force contract, in the city of Albuquerque, New Mexico, the Altair is born. Altair. The first microcomputer. Bill Gates writes the operating system. Then Bill's mom persuades him to move to Redmond, CA where she has some money men who want to see what this operating system business is all about.
Remember Hans and Gribble? They join the Home Brew Computer club and choose Motorola microprocessors to build their own. They begin selling their computers, which they brand name the Apple, under their real names of Steve Wozniak and Steve Jobs. A computer religion is born.
The great Apple/Microsoft battle is joined. Us hackers suddenly have boxes that beat the heck out of Tektronix terminals.
In 1978, Ward Christenson and Randy Suess create the first personal computer bulletin board system. Soon, linked by nothing more than the long distance telephone network and these bulletin board nodes, hackers create a new, private cyberspace. Phreaking becomes more important than ever to connect to distant BBSs.
Also in 1978, The Source and Compuserve computer networks both begin to cater to individual users. "Naked Lady" runs rampant on Compuserve. The first cybercafe, Planet Earth, opens in Washington, DC. X.25 networks reign supreme.
Then there is the great ARPAnet mutation of 1980. In a giant leap it moves from Network Control Protocol to Transmission Control Protocol/Internet Protocol (TCP/IP). Now ARPAnet is no longer limited to 256 computers -- it can span tens of millions of hosts! Thus the Internet is conceived within the womb of the DoD's ARPAnet. The framework that would someday unite hackers around the world was now, ever so quietly, growing. Plato fades, forever limited to 1024 terminals.
Famed science fiction author Jerry Pournelle discovers ARPAnet. Soon his fans are swarming to find excuses -- or whatever -- to get onto ARPAnet. ARPAnet's administrators are surprisingly easygoing about granting accounts, especially to people in the academic world.
ARPAnet is a pain in the rear to use, and doesn't transmit visuals of fighter planes mixing it up. But unlike the glitzy Plato, ARPAnet is really hackable and now has what it takes to grow. Unlike the network of hacker bulletin boards, people don't need to choose between expensive long distance phone calls or phreaking to make their connections. It's all local and it's all free.
That same year, 1980, the  "414 Gang" is raided. Phreaking is more hazardous than ever.
In the early 80s hackers love to pull pranks. Joe College sits down at his dumb terminal to the University DEC 10 and decides to poke around the campus network.  Here's Star Trek! Here's Adventure! Zork! Hmm, what's this program called Sex? He runs it. A message pops up: "Warning: playing with sex is hazardous. Are you sure you want to play? Y/N" Who can resist? With that "Y" the screen bursts into a display of ASCII characters, then up comes the message: "Proceeding to delete all files in this account." Joe is weeping, cursing, jumping up and down. He gives the list files command. Nothing! Zilch! Nada! He runs to the sysadmin. They log back into his account but his files are all still there. A prank.
In 1983 hackers are almost all harmless pranksters, folks who keep their distance from the guys who break the law. MITs "Jargon file" defines hacker as merely "a person who enjoys learning about computer systems and how to stretch their capabilities; a person who programs enthusiastically and enjoys dedicating a great deal of time with computers."
1983 the IBM Personal Computer enters the stage powered by Bill Gates' MS-DOS operating system. The empire of the CP/M operating system falls. Within the next two years essentially all microcomputer operating systems except MS-DOS and those offered by Apple will be dead, and a thousand Silicon Valley fortunes shipwrecked. The Amiga hangs on by a thread. Prices plunge, and soon all self-respecting hackers own their own computers. Sneaking around college labs at night fades from the scene.
In 1984 Emmanuel Goldstein launches 2600: The Hacker Quarterly and the Legion of Doom hacker gang forms. Congress passes the Comprehensive Crime Control Act giving the US Secret Service jurisdiction over computer fraud. Fred Cohen, at Carnegie Melon University writes his PhD thesis on the brand new, never heard of thing called computer viruses.
1984. It was to be the year, thought millions of Orwell fans, that the government would finally get its hands on enough high technology to become Big Brother. Instead, science fiction author William Gibson, writing Neuromancer on a manual typewriter, coins the term and paints the picture of "cyberspace." "Case was the best... who ever ran in Earth's computer matrix. Then he doublecrossed the wrong people..."
In 1984 the first US police "sting" bulletin board systems appear.
The 80s are the war dialer era. Despite ARPAnet and the X.25 networks, the vast majority of computers can only be accessed by discovering their individual phone lines. Thus one of the most treasured prizes of the 80s hacker is a phone number to some mystery computer.
Computers of this era might be running any of dozens of arcane operating systems and using many communications protocols. Manuals for these systems are often secret. The hacker scene operates on the mentor principle. Unless you can find someone who will induct you into the inner circle of a hacker gang that has accumulated documents salvaged from dumpsters or stolen in burglaries, you are way behind the pack. Kevin Poulson makes a name for himself through many daring burglaries of Pacific Bell.
Despite these barriers, by 1988 hacking has entered the big time. According to a list of hacker groups compiled by the editors of  Phrack on August 8, 1988, the US hosts hundreds of them.
The Secret Service covertly videotapes the 1988 SummerCon convention.
In 1988 Robert Tappan Morris, son of NSA chief scientist Robert Morris Sr., writes an exploit that will forever be known as the Morris Worm. It uses a combination of finger and sendmail exploits to break into a computer, copy itself and then send copy after copy on to other computers. Morris, with little comprehension of the power of this exponential replication, releases it onto the Internet. Soon vulnerable computers are filled to their digital gills with worms and clogging communications links as they send copies of the worms out to hunt other computers. The young Internet, then only a few thousand computers strong, crashes. Morris is arrested, but gets off with probation.
1990 is the next pivotal year for the Internet, as significant as 1980 and the launch of TCP/IP.  Inspired by Nelson's Xanadu, Tim Berners-Lee of the European Laboratory for Particle Physics (CERN) conceives of a new way to implement hypertext. He calls it the World Wide Web. In 1991 he quietly unleashes it on the world. Cyberspace will never be the same. Nelson's Xanadu, like Plato, like CP/M, fades.
1990 is also a year of unprecedented numbers of hacker raids and arrests. The US Secret Service and New York State Police raid Phiber Optik, Acid Phreak, and Scorpion in New York City, and arrest Terminus, Prophet, Leftist, and Urvile.
The Chicago Task Force arrests Knight Lightning and raids Robert Izenberg, Mentor, and Erik Bloodaxe. It raids both Richard Andrews' home and business. The US Secret Service and Arizona Organized Crime and Racketeering Bureau conduct Operation Sundevil raids in Cincinnatti, Detroit, Los Angeles, Miami, Newark, Phoenix, Pittsburgh, Richmond, Tucson, San Diego, San Jose, and San Francisco. A famous unreasonable raid that year was the Chicago Task Force invasion of Steve Jackson Games, Inc.
June 1990 Mitch Kapor and John Perry Barlow react to the excesses of all these raids to found the Electronic Frontier Foundation. Its initial purpose is to protect hackers. They succeed in getting law enforcement to back off the hacker community.
In 1993, Marc Andreesson and Eric Bina of the National Center for Supercomputing Applications release Mosaic, the first WWW browser that can show graphics. Finally, after the fade out of the Plato of twenty years past, we have decent graphics! This time, however, these graphics are here to stay. Soon the Web becomes the number one way that hackers boast and spread the codes for their exploits. Bulletin boards, with their tightly held secrets, fade from the scene.
In 1993, the first Def Con invades Las Vegas. The era of hacker cons moves into full swing with the Beyond Hope series, HoHocon and more.
1996 Aleph One takes over the Bugtaq email list and turns it into the first public "full disclosure" computer security list. For the first time in history, security flaws that can be used to break into computers are being discussed openly and with the complete exploit codes. Bugtraq archives are placed on the Web.
In August 1996 I start mailing out Guides to (mostly) Harmless Hacking. They are full of  simple instructions designed to help novices understand hacking. A number of hackers come forward to help run what becomes the Happy Hacker Digest.
1996 is also the year when documentation for routers, operating systems, TCP/IP protocols and much, much more begins to proliferate on the Web. The era of daring burglaries of technical manuals fades.
In early 1997 the readers of Bugtraq begin to tear the Windows NT operating system to shreds. A new mail list, NT Bugtraq, is launched just to handle the high volume of NT security flaws discovered by its readers. Self-proclaimed hackers Mudge and Weld of The L0pht, in a tour de force of research, write and release a password cracker for WinNT that rocks the Internet. Many in the computer security community have come far enough along by now to realize that Mudge and Weld are doing the owners of NT networks a great service.
Thanks to the willingness of hackers to share their knowledge on the Web, and mail lists such as Bugtraq, NT Bugtraq and Happy Hacker, the days of people having to beg to be inducted into hacker gangs in order to learn hacking secrets are now fading.
Where next will the hacker world evolve? You hold the answer to that in your hands. Want to see back issues of Guide to (mostly) Harmless Hacking? See:
http://www.geocities.com/TimesSquare/Arcade/4594
http://base.kinetik.org
http://www.anet-chi.com/~dsweir
http://www.tacd.com/zines/gtmhh/
http://ra.nilenet.com/~mjl/hacks/codez.htm
http://www.ilf.net/brotherhood/index2.html
http://www.magnum44.com/orion/entry.htm
http://www.geocities.com/NapaValley/1613/main.html

Hacking from Windows 3.x, 95 and NT

By : Harshit Chaturvedi


Hacking from Windows 3.x, 95 and NT


This lesson will tell you how, armed with even the lamest of on-line services such as America Online and the Windows 95 operating system, you can do some fairly serious Internet hacking -- today!
In this lesson we will learn how to:
·         Use secret Windows 95 DOS commands to track down and port surf computers used by famous on-line service providers.
·         Telnet to computers that will let you use the invaluable hacker tools of whois,  nslookup, and dig.
·         Download hacker tools such as port scanners and password crackers designed for use with Windows.
·         Use Internet Explorer to evade restrictions on what programs you can run on your school or work computers.
Yes, I can hear jericho and Rogue Agent and all the other Super Duper hackers on this list laughing. I’ll bet already they have quit reading this and are furiously emailing me flames and making phun of me in 2600 meetings. Windows hacking? Pooh!
Tell seasoned hackers that you use Windows and they will laugh at you. They’ll tell you to go away and don’t come back until you’re armed with a shell account or some sort of Unix on your PC. Actually, I have long shared their opinion. Shoot, most of the time hacking from Windoze is like using a 1969 Volkswagon to race against a dragster using one of VP Racing’s high-tech fuels.
But there actually is a good reason to learn to hack from Windows. Some of your best tools for probing and manipulating Windows networks are found only on Windows NT. Furthermore, with Win 95 you can practice the Registry hacking that is central to working your will on Win NT servers and the networks they administer.
In fact, if you want to become a serious hacker, you eventually will have to learn Windows. This is because Windows NT is fast taking over the Internet from Unix. An IDC report projects that the Unix-based Web server market share will fall from the 65% of 1995 to only 25% by the year 2000. The Windows NT share is projected to grow to 32%.  This weak future for Unix Web servers is reinforced by an IDC report reporting that market share of all Unix systems is now falling at a compound annual rate of decline of -17% for the foreseeable future, while Windows NT is growing in market share by 20% per year. (Mark Winther, “The Global Market for Public and Private Internet Server Software,” IDC #11202, April 1996, 10, 11.)
So if you want to keep up your hacking skills, you’re going to have to get wise to Windows. One of these days we’re going to be sniggering at all those Unix-only hackers.
Besides, even poor, pitiful Windows 95 now can take advantage of  lots of free hacker tools that give it much of the power of Unix.
Since this is a beginners’ lesson, we’ll go straight to the Big Question: “All I got is AOL and a Win 95 box. Can I still learn how to hack?”
Yes, yes, yes!                                  
The secret to hacking from AOL/Win 95 -- or from any on-line service that gives you access to the World Wide Web -- is hidden in Win 95’s MS-DOS (DOS 7.0).
DOS 7.0 offers several Internet tools, none of which are documented in either the standard Windows or DOS help features. But you’re getting the chance to learn these hidden features today.
So to get going with today’s lesson, use AOL or whatever lame on-line service you may have and make the kind of connection you use to get on the Web (this will be a PPP or SLIP connection). Then minimize your Web browser and prepare to hack! Next, bring up your DOS window by clicking Start, then Programs, then MS-DOS.
For best hacking I’ve found it easier to use DOS in a window with a task bar which allows me to cut and paste commands and easily switch between Windows and DOS programs. If your DOS comes up as a full screen, hold down the Alt key while hitting enter, and it will go into a window. Then if you are missing the task bar, click the system menu on the left side of the DOS window caption and select Toolbar.
Now you have the option of  eight TCP/IP utilities to play with: telnet, arp, ftp, nbtstat, netstat, ping, route, and tracert.
Telnet is the biggie. You can also access the telnet program directly from Windows. But while hacking you may need the other utilities that can only be used from DOS, so I like to call telnet from DOS.
With the DOS telnet you can actually port surf almost as well as from a Unix telnet program. But there are several tricks you need to learn in order to make this work.
First, we’ll try out logging on to a strange computer somewhere. This is a phun thing to show your friends who don’t have a clue because it can scare the heck out them. Honest, I just tried this out on a neighbor. He got so worried that when he got home he called my husband and begged him to keep me from hacking his work computer!
To do this (I mean log on to a strange computer, not scare your neighbors) go to the DOS prompt C:\WINDOWS> and give the command “telnet.” This brings up a telnet screen. Click on Connect, then click Remote System.
This brings up a box that asks you for “Host Name.” Type “whois.internic.net” into this box. Below that it asks for “Port” and has the default value of “telnet.” Leave in “telnet” for the port selection. Below that is a box for “TermType.”  I recommend picking VT100 because, well, just because I like it best.
The first thing you can do to frighten your neighbors and impress your friends is a “whois.” Click on Connect and you will soon get a prompt that looks like this:
[vt100]InterNIC>
Then ask your friend or neighbor his or her email address. Then at this InterNIC prompt, type in the last two parts of your friend’s email address. For example, if the address is “luser@aol.com,” type in “aol.com.”
Now I’m picking AOL for this lesson because it is really hard to hack. Almost any other on-line service will be easier.
For AOL we get the answer:
[vt100] InterNIC > whois aol.com
Connecting to the rs Database . . . . . .
Connected to the rs Database
America Online (AOL-DOM)
   12100 Sunrise Valley Drive
   Reston, Virginia 22091
   USA

   Domain Name: AOL.COM

   Administrative Contact:
      O'Donnell, David B  (DBO3)  PMDAtropos@AOL.COM
      703/453-4255 (FAX) 703/453-4102
   Technical Contact, Zone Contact:
      America Online  (AOL-NOC)  trouble@aol.net
      703-453-5862
   Billing Contact:
      Barrett, Joe  (JB4302)  BarrettJG@AOL.COM
      703-453-4160 (FAX) 703-453-4001

   Record last updated on 13-Mar-97.
   Record created on 22-Jun-95.

   Domain servers in listed order:

   DNS-01.AOL.COM               152.163.199.42
   DNS-02.AOL.COM               152.163.199.56
   DNS-AOL.ANS.NET              198.83.210.28

These last three lines give the names of some computers that work for America Online (AOL). If we want to hack AOL, these are a good place to start.
Newbie note: We just got info on three “domain name servers” for AOL. “Aol.com” is the domain name for AOL, and the domain servers are the computers that hold information that tells the rest of the Internet how to send messages to AOL computers and email addresses.
Evil genius tip: Using your Win 95 and an Internet connection, you can run a whois query from many other computers, as well. Telnet to your target computer’s port 43 and if it lets you get on it, give your query.
Example: telnet to nic.ddn.mil, port 43. Once connected type “whois DNS-01.AOL.COM,” or whatever name you want to check out. However, this only works on computers that are running the whois service on port 43. 
Warning: show this trick to your neighbors and they will really be terrified. They just saw you accessing a US military computer! But it’s OK, nic.ddn.mil is open to the public on many of its ports. Check out its Web site www.nic.ddn.mil and its ftp site, too -- they are a mother lode of information that is good for hacking.
Next I tried a little port surfing on DNS-01.AOL.COM but couldn’t find any ports open. So it’s a safe bet this computer is behind the AOL firewall.
Newbie note: port surfing means to attempt to access a computer through several different ports. A port is any way you get information into or out of a computer. For example, port 23 is the one you usually use to log into a shell account. Port 25 is used to send email. Port 80 is for the Web. There are thousands of designated ports, but any particular computer may be running only three or four ports. On your home computer your ports include the monitor, keyboard, and modem.
So what do we do next? We close the telnet program and go back to the DOS window. At the DOS prompt we give the command “tracert 152.163.199.42.” Or we could give the command “tracert DNS-01.AOL.COM.” Either way we’ll get the same result. This command will trace the route that a message takes, hopping from one computer to another, as it travels from my computer to this AOL domain server computer. Here’s what we get:
C:\WINDOWS>tracert 152.163.199.42
Tracing route to dns-01.aol.com [152.163.199.42] over a maximum of 30 hops:
  1     *        *        *     Request timed out.
  2   150 ms   144 ms   138 ms  204.134.78.201
  3   375 ms   299 ms   196 ms  glory-cyberport.nm.westnet.net [204.134.78.33]
  4   271 ms     *      201 ms  enss365.nm.org [129.121.1.3]
  5   229 ms   216 ms   213 ms  h4-0.cnss116.Albuquerque.t3.ans.net
[192.103.74.45]
  6   223 ms   236 ms   229 ms  f2.t112-0.Albuquerque.t3.ans.net
[140.222.112.221]
  7   248 ms   269 ms   257 ms  h14.t64-0.Houston.t3.ans.net [140.223.65.9]
  8   178 ms   212 ms   196 ms  h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
  9   316 ms     *      298 ms  h12.t60-0.Reston.t3.ans.net [140.223.61.9]
 10   315 ms   333 ms   331 ms  207.25.134.189
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13  207.25.134.189  reports: Destination net unreachable.

What the heck is all this stuff? The number to the left is the number of computers the route has been traced through. The “150 ms” stuff is how long, in thousandths of a second, it takes to send a message to and from that computer. Since a message can take a different length of time every time you send it, tracert times the trip three times. The “*” means the trip was taking too long so tracert said “forget it.” After the timing info comes the name of the computer the message reached, first in a form that is easy for a human to remember, then in a form -- numbers -- that a computer prefers.
“Destination net unreachable” probably means tracert hit a firewall.
Let’s try the second AOL domain server.
C:\WINDOWS>tracert  152.163.199.56
Tracing route to dns-02.aol.com [152.163.199.56] over a maximum of 30 hops:
  1     *        *        *     Request timed out.
  2   142 ms   140 ms   137 ms  204.134.78.201
  3   246 ms   194 ms   241 ms  glory-cyberport.nm.westnet.net [204.134.78.33]
  4   154 ms   185 ms   247 ms  enss365.nm.org [129.121.1.3]
  5   475 ms   278 ms   325 ms  h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
  6   181 ms   187 ms   290 ms  f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
  7   162 ms   217 ms   199 ms  h14.t64-0.Houston.t3.ans.net [140.223.65.9]
  8   210 ms   212 ms   248 ms  h14.t80-1.St-Louis.t3.ans.net [140.223.65.14]
  9   207 ms     *      208 ms  h12.t60-0.Reston.t3.ans.net [140.223.61.9]
 10   338 ms   518 ms   381 ms  207.25.134.189
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13  207.25.134.189  reports: Destination net unreachable.
Note that both tracerts ended at the same computer named h12.t60-0.Reston.t3.ans.net. Since AOL is headquartered in Reston, Virginia, it’s a good bet this is a computer that directly feeds stuff into AOL. But we notice that h12.t60-0.Reston.t3.ans.net , h14.t80-1.St-Louis.t3.ans.net, h14.t64-0.Houston.t3.ans.net and Albuquerque.t3.ans.net all have numerical names beginning with 140, and names that end with “ans.net.” So it’s a good guess that they all belong to the same company. Also, that “t3” in each name suggests these computers are routers on a T3 communications backbone for the Internet.
Next let’s check out that final AOL domain server:
C:\WINDOWS>tracert 198.83.210.28
Tracing route to dns-aol.ans.net [198.83.210.28] over a maximum of 30 hops:
  1     *        *        *     Request timed out.
  2   138 ms   145 ms   135 ms  204.134.78.201
  3   212 ms   191 ms   181 ms  glory-cyberport.nm.westnet.net [204.134.78.33]
  4   166 ms   228 ms   189 ms  enss365.nm.org [129.121.1.3]
  5   148 ms   138 ms   177 ms  h4-0.cnss116.Albuquerque.t3.ans.net [192.103.74.
45]
  6   284 ms   296 ms   178 ms  f2.t112-0.Albuquerque.t3.ans.net [140.222.112.22
1]
  7   298 ms   279 ms   277 ms  h14.t64-0.Houston.t3.ans.net [140.223.65.9]
  8   238 ms   234 ms   263 ms  h14.t104-0.Atlanta.t3.ans.net [140.223.65.18]
  9   301 ms   257 ms   250 ms  dns-aol.ans.net [198.83.210.28]
Trace complete.
Hey, we finally got all the way through to something we can be pretty certain is an AOL box, and it looks like it’s outside the firewall! But look at how the tracert took a different path this time, going through Atlanta instead of  St. Louis and Reston. But we are still looking at ans.net addresses with T3s, so this last nameserver is using the same network as the others.
Now what can we do next to get luser@aol.com really wondering if you could actually break into his account? We’re going to do some port surfing on this last AOL domain name server! But to do this we need to change our telnet settings a bit.
Click on Terminal, then Preferences. In the preferences box you need to check “Local echo.” You must do this, or else you won’t be able to see everything that you get while port surfing. For some reason, some of the messages a remote computer sends to you won’t show up on your Win 95 telnet screen unless you choose the local echo option. However, be warned, in some situations everything you type in will be doubled. For example, if you type in “hello” the telnet screen may show you “heh lelllo o. This doesn’t mean you mistyped, it just means your typing is getting echoed back at various intervals.
Now click on Connect, then Remote System. Then enter the name of that last AOL domain server, dns-aol.ans.net. Below it, for Port choose Daytime. It will send back to you the day of the week, date and time of day in its time zone.
Aha! We now know that dns-aol.ans.net is exposed to the world, with at least one open port, heh, heh.  It is definitely a prospect for further port surfing. And now your friend is wondering, how did you get something out of that computer?
Clueless newbie alert: If everyone who reads this telnets to the daytime port of this computer, the sysadmin will say “Whoa, I’m under heavy attack by hackers!!! There must be some evil exploit for the daytime service! I’m going to close this port pronto!” Then you’ll all email me complaining the hack doesn’t work. Please, try this hack out on different computers and don’t all beat up on AOL.
Now let’s check out that Reston computer. I select Remote Host again and enter the name h12.t60-0.Reston.t3.ans.net. I try some port surfing without success. This is a seriously locked down box! What do we do next?
So first we remove that “local echo” feature, then we telnet back to whois.internic. We ask about this ans.net outfit that offers links to AOL:
[vt100] InterNIC > whois ans.net
Connecting to the rs Database . . . . . .
Connected to the rs Database
ANS CO+RE Systems, Inc. (ANS-DOM)
   100 Clearbrook Road
   Elmsford, NY 10523

   Domain Name: ANS.NET

   Administrative Contact:
      Hershman, Ittai  (IH4)  ittai@ANS.NET
      (914) 789-5337
   Technical Contact:
      ANS Network Operations Center  (ANS-NOC)  noc@ans.net
      1-800-456-6300
   Zone Contact:
      ANS Hostmaster  (AH-ORG)  hostmaster@ANS.NET
      (800)456-6300  fax: (914)789-5310


   Record last updated on 03-Jan-97.
   Record created on 27-Sep-90.

   Domain servers in listed order:

   NS.ANS.NET                   192.103.63.100
   NIS.ANS.NET                  147.225.1.2
Now if you wanted to be a really evil hacker you could call that 800 number and try to social engineer a password out of somebody who works for this network. But that wouldn’t be nice and there is nothing legal you can do with ans.net passwords. So I’m not telling you how to social engineer those passwords.
Anyhow, you get the idea of how you can hack around gathering info that leads to the computer that handles anyone’s email.
So what else can you do with your on-line connection and Win 95?
Well... should I tell you about killer ping? It’s a good way to lose your job and end up in jail. You do it from your Windows DOS prompt. Find the gory details in the GTMHH Vol.2 Number 3, which is kept in one of our archives listed at the end of this lesson. Fortunately most systems administrators have patched things nowadays so that killer ping won’t work. But just in case your ISP or LAN at work or school isn’t protected, don’t test it without your sysadmin’s approval!
Then there’s ordinary ping, also done from DOS.  It’s sort of like tracert, but all it does is time how long a message takes from one computer to another, without telling you anything about the computers between yours and the one you ping.
Other TCP/IP commands hidden in DOS include:
·         Arp    IP-to-physical address translation tables
·         Ftp    File transfer protocol. This one is really lame. Don’t use it. Get a shareware Ftp program from one of the download sites listed below.
·         Nbtstat Displays current network info -- super to use on your own ISP
·         Netstat Similar to Nbstat
·         Route  Controls router tables -- router hacking is considered extra elite.
Since these are semi-secret commands, you can’t get any details on how to use them from the DOS help menu. But there are help files hidden away for these commands.
·         For arp, nbtstat, ping and route,  to get help just type in the command and hit enter.
·         For netstat you have to give the command “netstat ?” to get help.
·         Telnet has a help option on the tool bar.
I haven’t been able to figure out a trick to get help for the ftp command.
Now suppose you are at the point where you want to do serious hacking that requires commands other than these we just covered, but you don’t want to use Unix. Shame on you! But, heck, even though I usually have one or two Unix shell accounts plus Walnut Creek Slackware on my home computer, I still like to hack from Windows. This is because I’m ornery. So you can be ornery, too.
So what is your next option for doing serious hacking from Windows?
How would you like to crack Win NT server passwords? Download the free Win 95 program NTLocksmith, an add-on program to NTRecover that allows for the changing of passwords on systems where the administrative password has been lost. It is reputed to work 100% of the time. Get both NTLocksmith and NTRecover -- and lots more free hacker tools -- from http://www.ntinternals.com.
You can go to jail warning: If you use NTRecover to break into someone else’s system, you are just asking to get busted.
How would you like to trick your friends into thinking their NT box has crashed when it really hasn’t? This prank program can be downloaded from http://www.osr.com/insider/insdrcod.htm.
You can get punched in the nose warning: need I say more?
But by far the deadliest hacking tool that runs on Windows can be downloaded from, guess what?
http://home.microsoft.com
That deadly program is Internet Explorer 3.0. Unfortunately, this program is even better for letting other hackers break into your home computer and do stuff like make your home banking program (e.g. Quicken) transfer your life savings to someone in Afghanistan.
But if you’re aren’t brave enough to run Internet Explorer to surf the Web, you can still use it to hack your own computer, or other computers on your LAN. You see, Internet Explorer is really an alternate Windows shell which operates much like the Program Manager and Windows Explorer that come with the Win 94 and Win NT operating systems.
Yes, from Internet Explorer you can run any program on your own computer. Or any program to which you have access on your LAN.
Newbie note: A shell is a program that mediates between you and the operating system. The big deal about Internet Explorer being a Windows shell is that Microsoft never told anyone that it was in fact a shell. The security problems that are plaguing Internet Explorer are mostly a consequence of it turning out to be a shell. By contrast, the Netscape and Mosaic Web browsers are not shells. They also are much safer to use.
To use Internet Explorer as a Windows shell, bring it up just like you would if you were going to surf the Web. Kill the program’s attempt to establish an Internet connection -- we don’t want to do anything crazy, do we? 
Then in the space where you would normally type in the URL you want to surf, instead type in c:.
Whoa, look at all those file folders that come up on the screen. Look familiar? It’s the same stuff your Windows Explorer would show you. Now for fun, click “Program Files” then click “Accessories” then click “MSPaint.” All of a sudden MSPaint is running. Now paint your friends who are watching this hack very surprised.
Next close all that stuff and get back to Internet Explorer. Click on the Windows folder, then click on Regedit.exe to start it up. Export the password file (it’s in HKEY_CLASSES_ROOT). Open it in Word Pad. Remember, the ability to control the Registry of a server is the key to controlling the network it serves. Show this to your next door neighbor and tell her that you’re going to use Internet Explorer to surf her password files. In a few hours the Secret Service will be fighting with the FBI on your front lawn over who gets to try to bust you. OK, only kidding here.
So how can you use Internet Explorer as a hacking tool? One way is if you are using a computer that restricts your ability to run other programs on your computer or LAN. Next time you get frustrated at your school or library computer, check to see if it offers Internet Explorer. If it does, run it and try entering disk drive names. While C: is a common drive on your home computer, on a LAN you might get results by putting in R: or Z: or any other letter of the alphabet.
Next cool hack: try automated port surfing from Windows! Since there are thousands of possible ports that may be open on any computer, it could take days to fully explore even just one computer by hand. A good answer to this problem is the NetCop automated port surfer, which can be found at http://www.netcop.com/.
Now suppose you want to be able to access the NTFS file system that Windows NT uses from a Win 95 or even DOS platform? This can be useful if you are wanting to use Win 95 as a platform to hack an NT system. http://www.ntinternals.com/ntfsdos.htm offers a program that allows Win 95 and DOS to recognize and mount NTFS drives for transparent access.
Hey, we are hardly beginning to explore all the wonderful Windows hacking tools out there. It would take megabytes to write even one sentence about each and every one of them. But you’re a hacker, so you’ll enjoy exploring dozens more of these nifty programs yourself. Following is a list of sites where you can download lots of free and more or less harmless programs that will help you in your hacker career:
ftp://ftp.cdrom.com
ftp://ftp.coast.net
http://hertz.njit.edu/%7ebxg3442/temp.html
http://www.alpworld.com/infinity/void-neo.html
http://www.danworld.com/nettools.html
http://www.eskimo.com/~nwps/index.html
http://www.geocities.com/siliconvalley/park/2613/links.html
http://www.ilf.net/Toast/
http://www.islandnet.com/~cliffmcc
http://www.simtel.net/simtel.net
http://www.supernet.net/cwsapps/cwsa.html
http://www.trytel.com/hack/
http://www.tucows.com
http://www.windows95.com/apps/
http://www2.southwind.net/%7emiker/hack.html
Want to see back issues of Guide to (mostly) Harmless Hacking? See either
http://www.tacd.com/zines/gtmhh/ or
http://ra.nilenet.com/~mjl/hacks/codez.htm or
http://www3.ns.sympatico.ca/loukas.halo8/HappyHacker/
 

- Copyright © Source Code Guru -Powered by Black Hat hackers - Designed by Harshit

Other Profile - harshit | harshit | harshit | harshit | harshit | harshit | harshit | harshit | harshit | harshit |
harshit | harshit | harshit | harshit | harshit | harshit | harshit | harshit |