Some Cool Site For Tutorials Hey there.Just found this cool Tutorial site on the net, and I want to share it with you all. A great deal of topics are on that site, from Programming to networking to XML to Cracking to Security. Everything is on it. Did I mention: "Stealing ISP Accounts"? I find this site the best for Dating site, MultyLanguage dating site http://you4dating.com/ and http://www.arson-network.com/
A few things you might want to try with Google: Hand type the following prefixes and note their utility: link:url Shows other pages with links to that url. related:url same as "what's related" on serps. site:domain restricts search results to the given domain. allinurl: shows only pages with all terms in the url. inurl: like allinurl, but only for the next query word. allintitle: shows only results with terms in title. intitle: similar to allintitle, but only for the next word. "intitle:webmasterworld google" finds only pages with webmasterworld in the title, and google anywhere on the page. cache:url will show the Google version of the passed url. info:url will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box. spell: will spell check your query and search for it. stocks: will lookup the search query in a stock index. filetype: will restrict searches to that filetype. "-filetype:doc" to remove Microsoft word files. daterange: is supported in Julian date format only. 2452384 is an example of a Julian date. maps: If you enter a street address, a link to Yahoo Maps and to MapBlast will be presented. phone: enter anything that looks like a phone number to have a name and address displayed. Same is true for something that looks like an address (include a name and zip code) site:www.somesite.net "+www.somesite.+net"(tells you how many pages of your site are indexed by google) allintext: searches only within text of pages, but not in the links or page title allinlinks: searches only within links, not text or title I hope there is something new in here for you and maybe this infos will be helpfull for ya.
How to Install the Netbeui Protocol on a Windows XP-Based ComputerThis article describes how to install the NetBEUI protocol on a Windows XP-based computer. This may be useful because the NetBEUI protocol is not included in the list of installable protocols in Windows XP even though the files that are needed to install the protocol are included with the installation CD-ROM. It is important to note that the NetBEUI protocol is not supported on Windows XP.The Netnbf.inf and Nbf.sys files are the files that are needed to install the NetBEUI protocol. To install the NetBEUI protocol:Click Start, click Control Panel, and then double-click Network Connections.Right-click the adapter you want to add NetBEUI to, and then click Properties.On the General tab, click Install.Click Protocol, and then click Add.Click Have Disk, insert your Windows XP CD-ROM, open the Valueadd\msft\net\netbeui folder, click the Netnbf.inf file, and then click Open.Click OK, and then click OK to complete the installation. Change Out Your Pointer SchemeTired of seeing your pointer as an arrow or an hourglass all the time? Windows XP offers a number of alternative pointer schemes, such as Dinosaur, Ocean and Sports.Open the Control Panel, double-click Mouse, and select the Pointers tab. (If you start in Category view, select Appearance and Themes, then click Mouse Pointers under "See Also.") Next to Schemes, click the down arrow and select a scheme to preview its pointers. Click OK to apply the scheme to your desktop. Simple as that. Know your rightsWindows XP comes bundled with Windows Media Player 8.0. While Media Player plays just about any digital media file format--it supports 35, including MP3, it records music only in the Windows Media Audio, or WMA, format. The reason? Content protection.When recording, or ripping, music from CDs, Media Player allows you to make protected recordings so that no one will be able to copy the recording from one computer to another. You can turn copy protection on or off on the Copy Music tab by checking or unchecking the box that says Protect Content. Protect your identityLike many other audio players, Windows Media Player rushes out to the Internet to find information for you when you play a CD. Some of this information, such as song titles and album art, is useful, but Media Player also identifies your copy of Media Player to the site where it's getting data. Why? According to the help file, "The server uses this unique identifier to monitor your connection. By monitoring your connection, the server can make adjustments to increase the playback quality and to alert you about events that occur when receiving streams over the Internet."If you're disturbed by this exchange of information, here's how to stop it. In Windows Media Player, click Tools > Options and go to the Player tab. Notice the option that says "Allow Internet sites to uniquely identify your player?" Turn it off. Reduce Temporary Internet File SpaceThe temporary internet files clutter your hard drive with copies of each page visited. These can build up over time and take up disk space. Even more bothersome is that instead of getting new pages each time IE often takes the page out the temp internet files. This can be a problem if you are viewing a website that is updated all the time. If you are on a slow connection such as a 56K or lower then this can be good but if you are on a fast broadband connection, like me, then you can get away with decreasing the size of your temp internet files to just one meg without any performance decrease Turn Off System RecoveryRight click on My Computer and choose Properties. Click on the System Restore tab and check the box Turn off System Restore. (This will increase Windows performance & save disk space) Win XP Won’t Completely ShutdownGoto Control Panel, then goto Power Options.Click on the APM Tab, then check the "Enable Advanced Power Management support."Shut down your PC. It should now successfully complete the Shut Down process Disable error reportingOpen Control PanelClick on Performance and Maintenance.Click on System.Then click on the Advanced tabClick on the error-reporting button on the bottom of the windows.Select Disable error reporting.Click OKClick OK
Close Multiple Windows : Note works in all versions of WindowsIf you just opened a number of separate, related windows (a folder inside a folder, and so on), there's an easier way to close them all than one-at-a-time. Hold down the Shift key as you click the X caption button in the upper-right corner of the last window opened. Doing so closes that window and all windows that came before it.
Remove shortcut arrow from desktop iconsHere's how you can remove those shortcut arrows from your desktop icons in Windows XP.Start regedit.Navigate to HKEY_CLASSES_ROOTlnkfileDelete the IsShortcut registry value.You may need to restart Windows XP. Remove Shared DocumentsOpen Regedit(Start- Run- Regedit) and navigate to HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer My Computer NameSpace DelegateFolders There will see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. By Deleting this you can remove the 'Other Files stored on This Computer' group. Turn of CD Auto PlayOpen My ComputerRight click on your CD ROM and choose PropertiesClick on the Auto Play tabIn the drop down box you can choose the Action for each choice shown in the drop down boxOrGo to Start->Run->gpedit.mscComputer Config -> Administrative Template -> SystemDouble click Turn off AutoplayEnable it.
Getting MP3 ripping to work in Windows Media Player 8 in XPEnter the following in the registry : [HKEY_LOCAL_MACHINESOFTWAREMicrosoftMediaPlayerSettingsMP3Encoding] "LowRate"=dword:0000dac0 "MediumRate"=dword:0000fa00 "MediumHighRate"=dword:0001f400 "HighRate"=dword:0002ee00 This corresponds to 56, 64, 128 and 192 Kbps. You can change this to your liking using the following dword hex values : 320 Kbps = dword:0004e200 256 Kbps = dword:0003e800 224 Kbps = dword:00036b00 192 Kbps = dword:0002ee00 160 Kbps = dword:00027100 128 Kbps = dword:0001f400 112 Kbps = dword:0001b580 64 Kbps = dword:0000fa00 56 Kbps = dword:0000dac0 Increase BROADBANDThis is for broad band connections. I didn’t try it on dial up but might work for dial up.make sure your logged on as actually "Administrator". do not log on with any account that just has administrator privileges.start - run - type gpedit.mscexpand the "local computer policy" branchexpand the "administrative templates" branchexpand the "network branch"Highlight the "QoS Packet Scheduler" in left windowin right window double click the "limit reservable bandwidth" settingon setting tab check the "enabled" itemwhere it says "Bandwidth limit %" change it to read 0Effect is immediate on some systems, some need to re-boot. This is more of a "counter what XP does" thing. In other words, programs can request up to 20% of the bandwidth be reserved for them, even with QoS disabled, this is no big deal and most programs do not request it. So, although QOS has caused a big stink because people think it reserves 20% of their bandwidth, you can still disable it, just to be sure, hehe.
Increase your cable modem or DSL speed in XPThis tweak is for broad band cable connections on stand alone machines with winXP professional version - might work on Home version also. It will probably work with networked machines as well but I haven't tried it in that configuration. This is for windows XP only, it does not work on win2000.I use 3 Com cards so I don't know how it works on others at this point. It does not involve editing the registry. This tweak assumes that you have let winXP create a connection on install for your cable modem/NIC combination and that your connection has tcp/ip - QoS - file and print sharing - and client for microsoft networks , only, installed. It also assumes that winxp will detect your NIC and has in-box drivers for it. If it doesn't do not try this.In the "My Network Places" properties (right click on the desktop icon and choose properties), highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK From the windows XP cd in the support directory from the support cab, extract the file netcap.exe and place it in a directory on your hard drive or even in the root of your C:\ drive.next, open up a command prompt window and change directories to where you put netcap.exe. then type "netcap/?". It will list some commands that are available for netcap and a netmon driver will be installed. At the bottom you will see your adapters. You should see two of them if using a 3Com card. One will be for LAN and the other will be for WAN something or other.Next type "netcap/Remove". This will remove the netmon driver.Open up control panel / system / dev man and look at your network adapters. You should now see two of them and one will have a yellow ! on it. Right click on the one without the yellow ! and choose uninstall. YES! you are uninstalling your network adapter, continue with the uninstall. Do not restart yet.Check your connection properties to make sure that no connection exists. If you get a wizard just cancel out of it.Now re-start the machine.After re-start go to your connection properties again and you should have a new connection called "Local area connection 2". highlight the connection then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the bindings for File and Printer sharing and Client for MS networks. Click OK.Choose connection properties and uncheck the "QOS" boxRe-start the machineafter restart enjoy the increased responsivness of IE, faster page loading, and a connection speed boost.Why it works, it seems that windows XP, in its zeal to make sure every base is covered installs two seperate versions of the NIC card. One you do not normally see in any properties. Remember the "netcap/?" command above showing two different adapters? The LAN one is the one you see. The invisible one loads everything down and its like your running two separate cards together, sharing a connection among two cards, this method breaks this "bond" and allows the NIC to run un-hindered.
Add a Map Drive Button to the ToolbarDo you want to quickly map a drive, but can’t find the toolbar button? If you map drives often, use one of these options to add a Map Drive button to the folder toolbar.Option One (Long Term Fix)Click Start, click My Computer, right-click the toolbar, then unlock the toolbars, if necessary.Right-click the toolbar again, and then click Customize.Under Available toolbar buttons, locate Map Drive, and drag it into the position you want on the right under Current toolbar buttons.Click Close, click OK, and then click OK again.You now have drive mapping buttons on your toolbar, so you can map drives from any folder window. To unmap drives, follow the above procedure, selecting Disconnect under Available toolbar buttons. To quickly map a drive, try this option.Option Two (Quick Fix)Click Start, and right-click My Computer.Click Map Network Drive.If you place your My Computer icon directly on the desktop, you can make this move in only two clicks! Do Not Highlight Newly Installed ProgramsTired of that annoying little window that pops up to tell you that new software is installed? If it gets in the way when you’re logging off, turn it off completely. To do this Click Start, right-click at the top of the Start menu where your name is displayed, and then click Properties.In the Taskbar and Start Menu Properties dialog box, on the Start Menu tab, click Customize.Click the Advanced tab, and then clear the Highlight newly installed programs check box.Click OK, and then click OK again.Now that message won’t be popping up when you least want to see it.
Speed up the Start MenuYou can use this tip to speed up the Start Menu in Windows XP release candidate 1. You can customize the speed of the Start Menu by editing a Registry Key.Click Start, and then click Run.Type Regedit in the box, and then click OK.Expand the menu in the left panel and select the HKEY_CURRENT_USER\Control Panel\Desktop folder.Scroll down in the right panel and double click on the MenuShowDelay file.In the Value Data box, change to default value for the menu speed from 400 to a lesser number, such as 1.Click OK.Caution: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer. Stop Password ExpirationAfter you have run Windows XP for a while, you may receive this message when you log on: "Your password will expire in 14 days.....".By default, Windows XP is set up with passwords which will expire after 42 days. 14 days in advance, Windows will start warning you of this fact. If you do not want your passwords to expire:Go to Start > Run and in the Open: box type control userpasswords2Select the Advanced tab in the User Accounts windowPress the Advanced button below the Advanced user management headerSelect Users in the Local Users and GroupsIn the right pane, right-click the user name for which you want to change the setting, and select PropertiesOn the General tab, check Password never expiresClick Apply and OK (all the way out)
Hide yourself what?Once you've created a user account, password-protect it to keep other users from viewing your files, Favorites, and cookies. Why? You may not want your child to see the note that you're sending to his or her teacher, or you may be planning someone's surprise party. (Note: Anyone with an Administrator account can still see them.)Worried about remembering your password? Create a hint to help you when you initially create it by following the prompts during setup. XP stores the password hints in the Registry at Hkey_local_machine\Software\Microsoft\Windows\Current Version\Hints.What if the hint doesn't help? Any user or Administrator can create a password reset disk, which you can use to log on and create a new password. Go to Control Panel > User Accounts and select "Prevent a forgotten password" in the Related Tasks box on the left. Follow the wizard's instructions. After creating the disk, find a safe place for it. Don't forget the password or where you put the disk. Someone else could use it to change your password without you knowing it.
Not A Tweak, But A Double XP Surprise!Neither Win2K nor WinME has the ability to create a simple, basic, DOS- based boot floppy (a "startup disk") unless you jump through hoops or do things in nonstandard ways. Because XP is the fusion of Win2K and Win9x/ME, I assumed it would follow the same "no boot floppy" tack. But instead, I was surprised to poke around in XP and see that the format option there does indeed offer a "Create MS-DOS Startup Disk."As an experiment, I created a startup disk, and all went smoothly. I was able to use the disk to boot my PC without any problems. But when it started up, I got the second surprise. The DOS boot message showed "Microsoft Windows Millennium." To confirm this, I typed "Ver" to see what version of DOS was running, and the screen showed: Windows Millennium [Version 4.90.300]Although it's very strange to see the WinME startup message on an XP-created floppy, all this means is that Microsoft cribbed a few essential DOS boot files from WinME, and made it so XP can drop them onto a freshly- formatted floppy for you. I'm glad they did: It's a very good thing that Microsoft restored the ability to make a simple boot disk.
Automatically defrag drives with a new context menu itemCreate a new Registry import file named context_defrag.inf in Notepad (be sure to save with it with the Save as type set to All Files and not Text Documents) and place the following text inside:; context_defrag.INF; Adds Defrag to the right click context menu in Windows XP[version]signature="$CHICAGO$"[DefaultInstall]AddReg=AddMe[AddMe]HKCR,"Drive\Shell\Defrag\command",,,"DEFRAG.EXE %1"Then, right-click and choose Install. This will add a context menu to XP that allows you to automatically defrag drives, using the command line version of the built-in defragmentation utility. To use it, navigate to a drive in My Computer, right-click, and choose Defrag. A command line window will appear, and that drive will be defragged. When it's complete, the window just disappears.
Create a Password Reset DiskMicrosoft has enhanced security features in XP including the the ability to create a floppy diskette to recover your password incase it is forgotten. Click StartClick Control PanelClick User AccountsClick on the account which you want to create a password diskClick Prevent a forgotten password which starts the Forgotten Password Wizard . This is found under Related TasksInsert a blank, formatted disk into drive A, and click NextEnter the password in the Current user account password boxTo use the recovery disk, at the Welcome screen Click the user name whose password is on the recovery diskClick the question mark buttonThis causes the Did you forget your password message to appear.Click use your password reset diskThis will start the Password Reset Wizard.From this point, just follow the wizard's instructions and you will be able to set a new password. It is different if you are part of a domain, see next tip.
How to Create a Password Reset Disk for computers that are part of a domainNote that this procedure requires one blank, formatted floppy disk.To create a password reset disk for your local user account:Press CTRL+ALT+DELETE. The Windows Security dialog box appears.Click Change Password . The Change Password dialog box appears.In the Log on to box, click the local computer. For example, click Computer (this computer) .Click Backup . The Forgotten Password Wizard starts.On the "Welcome to the Forgotten Password Wizard" page, click Next .Insert a blank, formatted disk in drive A, and then click Next .In the Current user account password box, type your password, and then click Next . The Forgotten Password Wizard creates the disk.When the progress bar reaches 100 percent complete, click Next , and then click Finish . The Forgotten Password Wizard quits and you return to the Change Password dialog box.Remove, and then label the password reset disk. Store the disk in a safe place.In the Change Password dialog box, click Cancel .In the Windows Security dialog box, click Cancel.If you forget your password, you can log on to the computer with a new password that you create by using the Password Reset Wizard and your password reset disk.To gain access to your local user account on a computer that is a member of a domain, or has been disconnected from a domain:In the Welcome to Windows dialog box, press CTRL+ALT+DELETE.In the Log On to Windows dialog box, type an incorrect password in the Password box, and then click OK .In the Logon Failed dialog box that appears, click Reset . The Password Reset Wizard starts. The Password Reset Wizard lets you create a new password for your local user account.On the "Welcome to the Password Reset Wizard" page, click Next .Insert the password reset disk in drive A, and then click Next .On the "Reset the User Account Password" page, type a new password in the Type a new password box.Type the same password in the Type the password again to confirm box.In the Type a new password hint box, type a hint that will help you remember the password if you forget it. NOTE : This hint is visible to anyone who attempts to log on to the computer by using your user account.Click Next , and then click Finish . The Password Reset Wizard quits and you return to the Log On to Windows dialog box. The password reset disk is automatically updated with the new password information. You do not have to create a new password reset disk.In the Log On to Windows dialog box, type your new password in the Password box.In the Log on to box, click the local computer. For example, click Computer (this computer) , and then click OK . You are logged on to the local computer with your local account information.
CD-R Drive or CD-RW Drive Is Not Recognized As a Recordable Device. (Q316529)When you attempt to record (burn) data to a compact disc recordable (CD-R) drive or compact disc rewritable (CD-RW) drive, you may not have the option to send data to the CD-ROM drive.When you view the properties of the CD-R drive or CD-RW drive, you may notice that the Recording tab is not displayed in the CD Drive ( drive_letter :) Properties dialog box, where drive_letter is the letter of the CD-R drive or CD-RW drive.NOTE : To view the CD Drive ( drive_letter :) Properties dialog box, click Start , click My Computer , right-click the CD-R drive or CD-RW drive that you want, and then click Properties on the shortcut menu that appears.
One-Click ShutdownIf you have Clean Sweep Deluxe, Mike recommends that you disable it before proceeding. Follow these directions to create a one-click shutdown shortcut: Navigate to your desktop.On the desktop, right-click and go to New, then to Shortcut (in other words, create a new shortcut).You should now see a pop-up window instructing you to enter a command line path.Enter one of these as the path:Use this path if your operating system is Windows 95, 98, or Me:C:\windows\rundll.exe user.exe,exitwindowsUse this path if your operating system is XP:SHUTDOWN -s -t 01If the C: drive is not your local hard drive, then replace "C" with the correct letter of the hard drive.Click the "Next" button.Name the shortcut and click the "Finish" button.Now whenever you want to shut down, just click on this shortcut and you're done. Also, if you want to make life better and faster, you can right-click the new shortcut you just made, go to Properties, and type in X (or whatever letter) in the Shortcut Key box.
Microsoft Windows XP System RestoreThe System Restore feature of Microsoft Windows XP (the operating system previously known as Microsoft Whistler) enables administrators to restore their PCs, in the event of a problem, to a previous state without losing personal data files (such as Word documents, drawings, or e-mail). System Restore actively monitors system file changes and some application file changes to record or store previous versions before the changes occurred. With System Restore, users never have to think about taking system snapshots as it automatically creates easily identifiable restore points, which allow users to revert the system back to a previous time. Restore points are created at the time of significant system events (such as application or driver install) and periodically (every day). Additionally, users can create and name their own restore points in Windows XP at any time. System Restore has an automatic restore point space-management feature that purges the oldest restore points to make room for new ones, so that a rolling safety net is always kept under the user, enabling the user to recover from recent undesirable changes.System Restore is enabled by default and will run upon the successful completion of either the Windows XP Professional or Personal x86 version installation. It requires a minimum of 200 MB of space available on the system partition. If there are not 200 MBs available, System Restore will install disabled and will enable itself automatically once the required disk space is created.
Winamp Causes an Error Message in Windows XP (Q321857)When you attempt to drag MP3 files into the playlist in the Nullsoft Winamp program, your computer may become unstable, or you may receive the following error message:Crash caused in ntdll.dll!! Winamp.exe has encountered a problem and must be shut down. We apologize for the inconvenience.If the error message is still displayed and you want to see the data that the error report contains, click the click here link at the bottom of the message box. You then see error signature information that may be similar to the following:App Name App Version Module Name Module Version Offsetpunk.gif
This is a long one but it works really nicely: I have used this method with great success and I want to say that I did not create it, but in checking several sources, I find that it is pretty much the standard way to Slipstream the new SP2 that is being posted all over so have fun ...... If you follow the steps to the letter, you shouldn't fail on the very first attempt or the first burn SlipSTreaming XP SP2 Now that Service Pack 2 (SP2) has been released (RTM 2180) for Windows XP a lot of people have been updating their systems. In fact, a lot have been doing clean installations followed immediately by applying SP2 to eliminate much of the garbage that has collected over the past year of using XP. There really isn't a downside to reformatting and doing a clean install, but if there was one I suppose it could be that the installation of SP2 might be quite time consuming, especially if you do it through Windows Update. However, there is a way to reduce this time expenditure. If you fall into the category of users that frequently reformat their systems and clean install XP from the CD then creating a slipstreamed version of XP/SP2 can be a huge time saver. You invest the time once and then on subsequent reinstalls you avoid bringing XP up to SP2 speed via Windows Update downloads and installations. You will still have to get the post SP2 updates from Windows Update, but the time saved will still be worthwhile. There are a few essential items necessary to successfully create the slipstreamed CD. You will need: The original Windows XP installation CD ROM (Preferably A Corporate Edition)Note \ it doesn’t matter if you slipstreamed a normal XP version or XP with SP1 (By MS OR Slipstreamed before) one At the end you’ll always come out with a XP\ SP2 CD ROM.The new CD can be created from either the Home or Professional version of Windows XP. If your computer came with an OEM version of XP it can also be used. Windows XP Service Pack 2 - It will be necessary to either download SP2 or obtain it on CD. To slipstream, you need the full SP2 which is a 265MB( RTM Version) download from forum or wait till it’s officially on Microsoft site. CD Creation Software - A burning program for your CD-R or CD-RW drive that allows creating bootable CD's. Unfortunately, while XP does come with the capability to burn CD's built in, the software it uses is not suitable for this task. Since the majority I know seem to be using Nero Burning Rom I've used it in the tutorial, but the instructions can be adapted to other burning software. ISO Buster - Used to extract the boot loader image file for the Bootable CD. It's a free download (free to try ware) Building DirectoriesThe first step is to build a directory structure to hold the files that will be used in the CD creation process. It's a simple structure, requiring nothing more than a main folder with three sub-folders. It doesn't matter what names you use for your structure or where you locate them on your hard drive, but most users find drive C the easiest. I used the structure shown below, located on Drive “C:\”. Create whatever folders you are comfortable with or use the ones below if you want to cut and paste commands later in the tutorial. Whatever your choice, it's the relationship between the components that's important, not the naming of the parts. Main Folder: XP-SS [Located on Drive C]Sub-Folder: SS-BootSub-Folder: SS-RootSub-Folder: SS-XP2Copying and Extracting Files: The first step is to insert the Windows XP CD and copy the entire contents into the SS-Root folder or the equivalent folder in your structure.Before copying the XP CD make sure that the system is set to display all hidden and system files to ensure a complete copy of all files on the CD. The settings to control what files are visible are located in Windows Explorer > Tools > Folder Options > View tab. Make sure [Show hidden files and folders] radio button is selected and [Hide protected operating system files] is unchecked. The second step is to navigate to where you downloaded the Service pack 2 file. If you downloaded SP2 from Microsoft it should be named xpsp2_en_x86.exe.The current RTM version named \ xpsp2_RTM_ENU.exe. Copy the file to the XP-SS folder and then rename it to xp-sp2.exe after the copy operation completes.(If you are using the CD of SP1 the files should already be extracted. Copy them into the XP-SS folder) Use the Run dialogue shown below to extract the contents of the Service Pack to the previously created SS-XP2 folder.The Run dialogue box is accessed from [Start] [Run]The command to begin the extraction is: C:\XP-SS\XP-SP2.EXE -U -X:C:\XP-SS\SS-XP2 Apply the extracted Service Pack 2 to Windows XP in the SS-Root folder using the [Run] dialogue box. The Run dialogue box is accessed from [Start] [Run]The command to apply the Service Pack is:C:\XP-SS\SS-XP2\i386\update\Update.exe -S:C:\XP-SS\SS-Root The Service Pack 2 is being integrated into the Windows installation folder.Then:Successful completion of the integration process. In order to make the new CD bootable it's necessary to add the file Microsoft Corporation.img to the folder SS-Boot we created earlier. There are a number of ways to do this but the easiest is to use ISO Buster. With the Windows XP CD in your CD drive,( Or Any Bootable Win Xp Version You Might Have) open ISO Buster. Click on Bootable CD in the left pane then right click ( Microsoft Computing.img )( IF Its Not The MS Original CD The Boot File Name Might Any Thing Else The Most Common IS (Arnes Boot Record.img ) so any way we’ll use the (*.img file) in the right pane,finally right clicking Extract Microsoft Corporation.img file. (Extrack To SS-Boot Folder) Setting Up The Nero Burning Rom Software:Depending on how you have Nero configured it may open to a wizard that offers a number of screens to walk you through the process of selecting the type of CD to be created. If the wizard does appear, close it so the main Nero application loads Select [File] [New...] from the menu bar. The New Compilation window will open. In the left column, select “CD-ROM (Boot)” then select the Boot tab In [Source of Boot Image Data] section, select the [Image File] radio button. Use the [Browse] button to navigate to the C:\XP-SS\SS-BOOT folder and select MicrosoftCorporation.img file (it ill be asking for A “*.ima File Put the last scroller down on (all files (*.*) ) and choose the *. Img file we extracted earlier (it will work fine). Make sure the [Enable Expert Settings] box is checked. Set [Kind of Emulation] to No Emulation Set [Load Segment of Sectors] to 07C0 Set [Number of Loaded Sectors] to 4 (Failing to set this to 4 will make the CD unbootable) Once the settings are in place, switch to the ISO tab ISO Tab Select them as follows File Name Length ( Max Of 31 Chars ( ISO Level 2)Format mode 1Character Set Iso 9660And then make sure all the other options are checked Very Important Note In the [Relax ISO Restrictions] section it's essential you check the [Do Not Add the ';1' ISO File Version Extension] checkbox or the slipstreamed CD will not be able to boot. If this option is not available on the ISO tab, you must stop now and upgrade to a newer version of Nero - Burning Rom before proceeding. The Label Tab: I've never had a problem with any of the slipstreamed CD's I've created by using a Volume Label different from the label that is provided for Windows XP home and Professional version CD's. However, if you prefer, set a Volume Label consistent with the original XP CD. The official labels are listed below. Set the [Volume Label] field depending on your Windows XP version. If you have Windows XP Professional enter WXPCCP_EN If you have Windows XP Home enter WXHCCP_EN If you have Windows XP Professional OEM enter WXPOEM_EN If you have Windows XP Home OEM enter WXHOEM_EN With SP2: Set the [Volume Label] field depending on your Windows XP version. If you have Windows XP Professional enter WXPCCP_SP2_EN If you have Windows XP Home enter WXHCCP_ SP2_EN If you have Windows XP Professional OEM enter WXPOEM_ SP2_EN If you have Windows XP Home OEM enter WXHOEM_ SP2_EN Once the Volume Label has been set, click the [Burn] tab to open the window where the basic burn parameters will be selected. The Burn Tab: Make sure the [Write] and [Finalize CD] options are checked in the Action section of the Burn tab and that the proper [Write Speed] has been selected for your burner. The [Write Method] should be set to Disc-At-Once. If you want more than one copy of the CD, enter a new value in [Number of Copies]. Once the burn options have been set, click the [New] button to open the window where the files to be added to the CD will be selected. Adding The Files To Be Copied: Clicking the [New] button in the previous step opens the Nero - Burning Rom - ISO1 window that's divided into two distinct sections; ISO1 and File Browser. In the File Browser window, navigate to SS-Root or your equivalent folder. Click on the first file in the list, hold down the Shift key and click on the last file in the list to select all the files and folders in the C:\XP-SS\SS-Root folder. Drag and drop the selected files to the ISO1 window. Press the [Burn] icon on the menu bar to open the Write CD window. the [Burn] icon is the ninth one from the left in the menu bar. ”Important Important Important”:When you press burn the previous setting window will appear before you press burn button in the right go back to the boot tab and make sure of the following one more time *Make sure the [Enable Expert Settings] box is checked. *Set [Kind of Emulation] to No Emulation *Set [Load Segment of Sectors] to 07C0 *Set [Number of Loaded Sectors] to 4 (Failing to set this to 4 will make the CD unbootable)Nero will by default disable them so make sure they are set right - its better of you review the rest of the settings as well. Burning XP: The Write CD screen allows visual monitoring of the burning process. A few notes are in order relating to insuring a successful burn. Before you start the burning process close all other programs. Burning a CD can be very processor and memory intensive and there is no sense in taxing the system more than necessary. If you use a screensaver, disable it before the burning process as an extra precaution. The same applies to your anti virus software if it starts scans or updates automatically. How long the burning process takes will vary widely depending on your system and the CD burner speed. It may not appear like anything is happening at times, but be patient and more than likely all will be fine. If the burn does fail, especially because of a buffer problem, reduce the speed of the burn and try again.
Sp2 Tweaks Disable the SP antivirus and firewall functions - and keep XP from nagging about it: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify"=dword:00000001"FirewallDisableNotify"=dword:00000001; don't monitor firewall and antivirus"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001 ;Disable antivirus and firewall check at boot time SP2 enables Auto Updates by default. This is good for you, but some folks disagree, so here is how to turn it off: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]"AUOptions"=dword:00000001;disable Auto Update[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"UpdatesDisableNotify"=dword:00000001;Stop nagging about AU being turned off How to turn off the SP2 firewall (if you must): [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]"EnableFirewall"=dword:00000000; turn off firewall policy for domain profile[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]"EnableFirewall"=dword:00000000;disable firewall policy for standard profile Change some popup settings: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003;turn off IE popup blocker and return activeX handling to pre-SP2 setting for local system and current user;1001 = 1 (prompt before download signed ActiveX);1004 = 1 (prompt before downloading unsigned ActiveX);1200 = 0 (prompt before download signed ActiveX);1809 = 3 (disable popup blocking)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]"1001"=dword:00000001"1004"=dword:00000001"1200"=dword:00000000"1809"=dword:00000003 Or you can disable Security Center altogether by disabling the wscsvc service. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]"Start"=dword:00000004;Disable Security Center
Speed Up Internet Windows 2k/XP 1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider2. Note the following lines (all hex dwords):Class = 008 ( biggrin.gif - indicates that TCP/IP is a name service provider, don't changeLocalPriority = 1f3 (499) - local names cacheHostsPriority = 1f4 (500) - the HOSTS fileDnsPriority = 7d0 (2000) - DNSNetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:4. Change the "Priority" lines to:LocalPriority = 005 (5) - local names cacheHostsPriority = 006 (6) - the HOSTS fileDnsPriority = 007 (7) - DNSNetbtPriority = 008 ( biggrin.gif - NetBT name-resolution, including WINS5. Reboot for changes to take effect 2. Windows 9x/ME 1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above2. Open the Windows Registry using Regedit, and (after backing up) navigate to:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider3. You should see the following settings:Class=hex:08,00,00,00 LocalPriority=hex:f3,01,00,00HostsPriority=hex:f4,01,00,00DnsPriority=hex:d0,07,00,00NetbtPriority=hex:d1,07,00,004. The "priority" lines should be changed to:LocalPriority=hex:05,00,00,00HostsPriority=hex:06,00,00,00DnsPriority=hex:07,00,00,00NetbtPriority=hex:08,00,00,005. Reboot for changes to take effect 3. System.ini IRQ Tweak - Windows 9x/ME ONLY 1. Find your Network Card's IRQ 1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter 2. Adding the entry to System.ini 1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect 3. Additional Thoughts1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more2. This tweak may or may not work for you. It is not a documented tweak by Windows3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card
RESULTS WILL VARYNo matter how good your systems may be, they're only as effective as what you put into them.
When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly. Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.Navigate to HKEY_CURRENT_USER\Control Panel\DesktopSelect MenuShowDelay from the list on the right.Right on it and select Modify.Change the value to 0Reboot your computer.
Mozilla Firefox, Speed it up! Speed up Mozilla FireFox -------------------------------------------------------------------------------- 1. Type "about :config" in the adress field.2. Set the value of network.http.pipelining to "true".3. Set the value of network.http.pipelining.maxrequests to "100".4. Set the value of network.http.proxy.pipelining to "true"5. Set the value of nglayout.initialpaint.delay to "0" (not availible in newer versions)
Windows uses 20% of your bandwidth Here's how to Get it back A nice little tweak for XP. Microsoft reserve 20% of your available bandwidth for their own purposes (suspect for updates and interrogating your machine etc..) Here's how to get it back: Click Start-->Run-->type "gpedit.msc" without the " This opens the group policy editor. Then go to: Local Computer Policy-->Computer Configuration-->Administrative Templates-->Network-->QOS Packet Scheduler-->Limit Reservable Bandwidth Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab : "By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default." So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20%. I have tested on XP Pro, and 2000other o/s not tested. Please give me feedback about your results
Go to Start --> Run --> Regedt32 Go to HKEY_CURRENT_USER\Control Panel\Desktop Locate the key called "MenuShowDelay" and it is probably set to 400. Change that value to 150. Reboot your computer. You should notice a slight increase in the speed of your menus
get a smtp server ( i use mx1.hotmail.com) theyre normally likemx1,mx2 etc..thehost.com. Now, go to Start>Run>cmdthen in the cmd window, typetelnet mx1.hotmail.com 25thenHELO hotmail.comthenMAIL FROM : (fakeemailhere)thenRCPT TO: (person)thenDATAthen type your message, you can press enter for a new line, finish the message by a full stop (.) on a new line, press enter! spoofed.
Standard ASCII Character Set= For BytesThe first 32 values (0 through 31) are codes for things like carriage return and line feed. The space character is the 33rd value, followed by punctuation, digits, uppercase characters and lowercase characters. 0 NUL 1 SOH 2 STX 3 ETX 4 EOT 5 ENQ 6 ACK 7 BEL 8 BS 9 TAB 10 LF 11 VT 12 FF 13 CR 14 SO 15 SI 16 DLE 17 DC1 18 DC2 19 DC3 20 DC4 21 NAK 22 SYN 23 ETB 24 CAN 25 EM 26 SUB 27 ESC 28 FS 29 GS 30 RS 31 US 32 33 ! 34 " 35 # 36 $ 37 % 38 & 39 ' 40 ( 41 ) 42 * 43 + 44 , 45 - 46 . 47 / 48 0 49 1 50 2 51 3 52 4 53 5 54 6 55 7 56 8 57 9 58 : 59 ; 60 < 61 =" 62"> 63 ? 64 @ 65 A 66 B 67 C 68 D 69 E 70 F 71 G 72 H 73 I 74 J 75 K 76 L 77 M 78 N 79 O 80 P 81 Q 82 R 83 S 84 T 85 U 86 V 87 W 88 X 89 Y 90 Z 91 [ 92 \ 93 ] 94 ^ 95 _ 96 ` 97 a 98 b 99 c100 d101 e102 f103 g104 h105 i106 j107 k108 l109 m110 n111 o112 p113 q114 r115 s116 t117 u118 v119 w120 x121 y122 z123 {124 125 }126 ~127 DEL Name Abbr. SizeKilo K 2^10 = 1,024Mega M 2^20 = 1,048,576Giga G 2^30 = 1,073,741,824Tera T 2^40 = 1,099,511,627,776Peta P 2^50 = 1,125,899,906,842,624Exa E 2^60 = 1,152,921,504,606,846,976Zetta Z 2^70 = 1,180,591,620,717,411,303,424Yotta Y 2^80 = 1,208,925,819,614,629,174,706,176
Steps to Clean Install XP If the above instructions for configuring your system to boot from CD or you have acquired the necessary boot floppy/floppies; you can now boot the computer and follow the on screen prompts. Have your Product Key available, typical install is around 30 minutes. If setup seems to hang, wait at least 10 minutes + before restarting system. You should experience momentary screen blackouts. 1. Power on the computer. Press the Pause/Break key as soon as you see text on the screen. [If you currently are running in an OS of any flavor, insert XP CD and restart computer. Skip to #3 if system is configured to boot from CD.] 2. Insert XP CD into CD drive. Press ENTER to resume booting from the XP CD. (BIOS must support booting from CD and boot order must be set so CD boots before hard drive. If computer does not support booting from CD go to 2a for floppy install). 2a. Floppy install: Boot from Win98/Me/Special XP install floppy disk with smartdrv.exe added to the boot disk; or the Win XP set of 6 floppy disks. 3. Look for message "booting from CD" usually located at the bottom of the screen. If you have a factory splash screen, press ESC to unload it. 3a. Floppy install: From the A Prompt; A:\type: smartdrv.exe. then press ENTER. If you are using the XP boot floppy setup disks skip to step #5. 4. Press any Key when you see the prompt to "Press Any Key" 4a. Floppy install: CD to the location of the CD-ROM drive with the XP setup files; CD to the i386 folder where you will type: winnt.exe to start setup. 5. Setup will start copying files, if you need to install any third - party or RAID drivers press F6 at this time. the copying of files can take awhile. 6. Next you will get the option to repair or enter setup, choose to enter setup. Press ENTER. To see images full size, place mouse cursor over image and click/double click or press the left button and open. 7. Press F8 if you agree to the license. 8. Setup will scan for previous Windows installations 9. If you are using the upgrade version of XP on a computer without any version of Windows currently installed, this is where you will replace the XP CD with your qualifying CD, XP setup will scan the qualifying CD and instruct you to replace it with the XP CD to continue XP setup; otherwise, you will not see this screen. Clean install qualifying media can be any of the following Win NT3.51, 4.0, 2000, Win 95, 98, Me. 10. Choose the location to install. 10a If this is a clean hard drive, you can choose to create a partition in the un-partitioned space. At this point, you can allow Setup to use all the space or set a size for the partition. 10b If the hard drive or partition has a previous installation of XP you want to remove, choose to delete the partition by pressing "D". You will then be prompted to create a new partition in the empty space. This will remove all data from the delete space. 10c If you intend to use multiple partitions, or dual boot, this is where you specify the size of the boot partition and or setup location for XP. If you are planning to dual boot XP, I would create a small 100 meg DOS partition for the first primary partition, then an 8 to 10 gig partition for XP. You can partition and format the remaining space after XP is setup from Disk Manager. If you do not intend to dual boot, you can either use all the un-partitioned space, or create an 8 to 10 gig partition for XP and leave the rest free to partition later. Note: If a fat32 partition larger than 32 gigabyte is desired, the hard drive or partition will need to be created before running XP setup. XP will not create a fat 32 partition larger than 32 gig, but will support one previously created. 11. Choose the file system from this screen. If dual booting and you created the small 100 meg partition, make it a fat partition. NTFS is configured at the optimal file size during the initial setup. See this link for more on NTFS 12. If you have more that one partition or hard drive on your system, make sure you are formatting the correct partition/drive. 13. Select F to continue. 14. Setup will show a progress box and reboot when copying files is complete. 15. When you see the "Press any Key to Reboot" do not Press any Key. If CD boots anyway, remove CD and reboot. 16. From this point, you will follow the on screen prompts. 17. If you live outside the US, you will probably need to modify the default settings. 18. Personalize your XP Enter your Name and Organization. 19. Enter the Product Key. The Key is located on the back of the CD folder in the Retail versions, and on a holographic label with the OEM versions purchased with a piece of hardware. Write this key down and secure it in a safe place in case the original is misplaced destroyed through natural causes or stupidity. 8-) 20. Choose a name for the computer, this should be a unique name for the computer, especially if it is to be connected to a network. In Pro, you are given the option of creating a password or leaving it blank. 21. Set your Time Zone and Time and Date. 22. Setup will scan for network. 23. If detected you will have the choice to choose a typical configuration or custom. Choose typical if you are unsure. 24. For home you will choose your workgroup, if a network is already established and you intend to connect to it, use the existing workgroup name, otherwise, I suggest using the default. 25. For Pro, the same goes for Pro as suggested for Home, but you will have the choice to join a Domain, if you do not have a Domain or do not know leave blank. 26. Setup will continue and reboot when completed ignore the "Press Any Key". 27. The loading XP window will now display after reboot. 28. You will see a change display settings, say yes, and accept the setting if you can see the screen after accepting. 29. You will see a welcome screen, press next and unfortunately you have to wait for the dialog to finish. 30. Set up you internet or network connection. 31. This is the Activate, Register screen. You must activate within 30 days of installing XP, but you do not ever have to register, Registration is completely optional and if you do not register, no personal information will be transmitted during activation. If you register, then activation will transmit that information along with the activation. The first Activation is usually done over the internet if the computer is connected to the internet, otherwise, it can be accomplished by copying the alphanumeric string from the activation screen and make a phone call to the on screen supplied phone number. The activation center will then give you a slightly longer number to input into for activation. I suggest you do not activate immediately in case you need to make hard ware changes, or install to a different system within the thirty days, and you will be reminded on boot up until you do. Blaster worm warning: Do not immediately activate over the internet when asked, enable the XP firewall before connecting to the internet. You can activate after the firewall is enabled. Control Panel - Network Connections. Right click the connection you use, Properties, and there is a check box on the Advanced page. 32. Setup users screen. Set at least one user for yourself or the person that will be using the computer. 33. Thank You 34. Logon to XP and apply Service Pack and Critical updates from Windows Update before installing any software or hardware. 35. Install your anti-virus software. 36. Install all applications and setup your email. 37. Restore from Files and Settings transfer after reinstalling all applications. Last updated 2/23/04 Michael Stevens MS-MVP
Stop A Restart Process In 3steps Some times we need to stop some restart process quickly. In windows XP some times it gives auto restart warning and here is good solution for it. 1. Go to Start menu2. Click on RUN3. Enter the following command excluding hashcodes "shutdown -a" its Done.
Did you ever go to warez/cracks sites (which we all know is BAD!) only to be bombarded with 10 windows opening up at a time, with porn, spam etc? I've discovered a VERY easy way to block about 90-95% of this sh!t, without using any pop-up stopping programs (I hate installing that garbage!). This is for Internet Explorer 6.0, but I'm sure that it can work with other browsers if you take the time to fiddle around. Here's how you do it... 1) Go to TOOLS and then INTERNET OPTIONS. 2) Click the SECURITY tab, move the slider up to HIGH and click APPLY. This applies the highest security settings to IE, which blocks EVERYTHING, including JavaScript, Applets, and so on that pop-ups are based upon. The catch is this... Some places like online banks and other web sites need these functions to work properly... So you'll need to re-enable one important thing... 1) Go to TOOLS and then INTERNET OPTIONS. 2) Click the SECURITY tab, CUSTOM LEVEL, scroll down to SCRIPTING, and under ACTIVE SCRIPTING, select the ENABLE radio button. 3) Click APPLY and you're pretty much done! Note: This does NOT completely remove pop-ups and other annoyances, but it sure helps ALOT, without having to trash your computer with pop-up blockers
Hackers and Browser Hijacking is one area of the Net that affects everyone at some stage. In addition to having third party utilities such as SpyBot, Anti Virus scanners and firewalls installed there are some changes that can be made to Windows 2000/XP. Below are some details to make your system safer from hackers and hijackers. Some of these tips require editing of the Registry so it is wise to either backup the registry and/or create a Restore Point. 1. Clearing the Page File at Shutdown Windows 2000/XP paging file (Sometimes called the Swap File) can contain sensitive information such as plaintext passwords. Someone capable of accessing your system could scan that file and find its information. You can force windows to clear out this file. In the registry navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management and add or edit the DWORD ClearPageFileAtShutdown. Set it to 1. Note that when you do this, the system will take much longer to shut down: a system with a really big Page File (! Gig or more) may take a minute or two longer. 2. Disable the POSIX and OS/2 Subsystem. Windows 2000 and XP come with little-documented subsystems it at allow compatibility with UNIX and OS/2 systems These rues systems are enabled by default but so rarely used that they are best off bring disabled completely to prevent possible service hijackings. To disable these subsystems, open the registry and navigate to HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems. Delete the subkeys Os2 and Posix. then reboot. 3. Never leave default passwords blank. On installation, Windows 2000 sets up an Administrator account with total system access and prompts for a password. Guess what: by default, it allows that password to be blank. If a user doesn't want to type a password, he can simply click Next and the system will be an open door for anyone who wants to log on. Always opt for a password of some kind when setting up the default account on a machine. 4. Install Windows In a different directory. Windows usually installs itself in the WINDOWS directory. Windows NT 4 0 and 2000 Will opt for WINNT. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. To defeat this install Windows to another directory when you're setting it up - you can specify the name of the directory during setup. WINDIR is okay; so some people use WNDWS - A few (not that many) programs may not install properly if you install Windows to another folder but t hey are very few and they are far between 5. Fake out hackers with a dummy Administrator account Since the default account in Windows 2000 is always named Administrator, an enterprising hacker can try to break into your system by attempting to guess the password on that account. It you never bothered to put a password on that account, say your prayers. Rather than be a sucker to a hacker, put a password on the Administrator account it you haven't done so already. Then change the name of the Administrator account. You'll still be able to use the account under its new name, since Windows identifies user accounts by a back-end ID number rather than the name. Finally, create a new account named Administrator and disable it. This should frustrate any would -be break-ins. You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. Right-click on My Computer, select Manager, open the Local Users and Groups subtree, look in the Users folder and right-click on any name to rename it. To add a new user, right-click on the containing folder and select New User. Finally, to disable an account, double-click it, check the Account is disabled box and click OK. Don't ever delete the original Administrator account. Some programs refuse to install without it and you might have to log in under that account at some point to setup such software. The original Administrator account is configured with a security ID that must continue to be present in the system. 6. Disable the Guest account Windows XP comes with a Guest account that's used for limited access, but it's still possible to do some damage with it. Disable it completely if you are not using it. Under Control Panel, select User Accounts, click on Guest Account and then select Turn Off the Guest Account. 7. Set the Hosts file to read-only to prevent name hijacking. This one's from (and to a degree, for) the experts. The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. When a network name and address is placed in HOSTS, the computer uses the address listed there for that network name rather than performing a lookup (which can take time). Experts edit this file to place their most commonly-visited sites into it, speeding things up considerably. Unfortunately hijackers and hackers also love to put their own information into it - redirecting people from their favorite sites to places they don't want to go. One of the most common entries in HOSTS is local host which is set 1770.0.1. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably. To prevent HOSTS from being hijacked, set it to read-only. Go to the folder %Systemroot%system32driversetc, right-click on HOSTS, select Properties check the Read-Only box and click OK. If you want to add your own entries to HOSTS, you can unprotect it before doing so, but always remember to set it to read-only after you're done. 8. Disallow changes to IE settings through IE This is another anti hijacker tip. IE can be set so that any changes to its settings must be performed through the Internet icon in the Control Panel, rather than through IE's own interface. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools, Options menu in IE. You can disable this and still make changes to IE's settings through the Control Panel. Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting). Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting. You can also keep IE from having other programs rename its default startup page, another particularly annoying form of hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD, Homepage and set it to 1. 9. Turn off unneeded Services Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter, Messenger, Server (If you're running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting), Remote Registry, Routing and Remote Access (if you're not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host. A good resource and instruction on which of these services can be disabled go to /http://www.blkviper.com/WinXP/ 10. Disable simple File Shares. In Windows XP Professional, the Simple File Sharing mode is easily exploited, since it’s a little too easy to share out a file across your LAN (or the NET at large). To turn it off, go m My Computer, click Tools, Folder Option and the View tab, and uncheck Use Simple file sharing (Recommended). Click OK. When you do this you can access the Security tab in the Properties window for all folders; set permissions for folders; and take ownership of objects (but not in XP Home)
Scans and verifies the versions of all protected system files after you restart your computer. Syntax sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x] Parameters /scannowScans all protected system files immediately./scanonceScans all protected system files once./scanbootScans all protected system files every time the computer is restarted./revertReturns the scan to its default operation./purgecachePurges the Windows File Protection file cache and scans all protected system files immediately./cachesize=xSets the size, in MB, of the Windows File Protection file cache./?Displays help at the command prompt. Remarks * You must be logged on as a member of the Administrators group to run sfc.* If sfc discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.* If the %systemroot%\system32\dllcache folder becomes corrupt or unusable, use sfc /scannow, sfc /scanonce, or sfc /scanboot to repair the contents of the Dllcache directory. Formatting legend Format MeaningItalic Information that the user must supplyBold Elements that the user must type exactly as shownEllipsis (...) Parameter that can be repeated several times in a command lineBetween brackets ([]) Optional itemsBetween braces ({}); choices separated by pipe (). Example: {evenodd} Set of choices from which the user must choose only oneCourier font Code or program output Windows File Protection Using File Signature Verification Driver Signing for Windows Command-line reference A-Z Please note that this Command Line reference is to varify the integrity of the WindowsXP DLL's that were shipped with Windows XP. It will try to repair damaged DLL's by prompting for the Windows CD. The Windows XP System File Protection which remains active in the background monitors these DLL's and if it detects an altered DLL will alert a user with a popup message asking for the Windows XP CD. This is so that it can revert the corrupt DLL back to its original state. SFC checker in Windows XP can only be ran by an Administrator and is not ran in the same way as its previous incarnation from the Windows 98 OS.
::::TCP\IP: A Mammoth Description By Ankit Fadia ankit@bol.net.in:::: TCP\IP or Transmission Control Protocol \ Internet Protocol is a stack or collection of various protocols. Aprotocol is basically the commands or instructions using which two computers within a local network or theInternet can exchange data or information and resources. Transmission Control Protocol \ Internet Protocol or the TCP\IP was developed around the time of theARPAnet. It is also known as the Protocol Suite. It consists of various protocols but as the TCP(Transmission Control Protocol) and the IP (Internet Protocol) are the most, well known of the suite ofprotocols, the entire family or suite is called the TCP\IP suite. The TCP\ IP Suite is a stacked suite with various layers stacked on each other, each layer looking after oneaspect of the data transfer. Data is transferred from one layer to the other. The Entire TCP\ IP suite can bebroken down into the below layers-: Layer Name Protocol Link Layer (Hardware, Ethernet) ARP, RARP, PPP, EtherNetwork Layer(The Invisible Layer) IP, ICMPTransport Layer UDP, TCPApplication Layer(The Visible Layer) The Actual running Applications like-: FTP client, BrowserPhysical Layer (Not part of TCP \IP) Physical Data Cables, Telephone wires Data travels from the Link Layer down to the Physical Layer at the source and at the destination it travelsfrom the Physical Layer to the Link Layer. We will later discuss what each layer and each protocol does. The TCP\IP suite not only helps to transfer data but also has to correct various problems that might occurduring the data transfer. There are basically two types of most common errors that might occur during theprocess of data transfer. They are-: Data Corruption -: In this kind of error, the data reaches the destination after getting corrupted.Data Loss -: In this kind of error, the entire collection of packets which constitute the data to be transferreddoes not reach the destination. TCP\IP expects such errors to take place and has certain features which prevent, such error which mightoccur. Checksums-: A checksum is a value (Normally, a 16 Bit Value) that is formed by summing up the BinaryData in the used program for a given data block. The program being used is responsible for the calculationof the Checksum value. The data being sent by the program sends this calculated checksum value, alongwith the data packets to the destination. When the program running at the destination receives the datapackets, it re-calculates the Checksum value. If the Checksum value calculated by the Destination programmatches with the Checksum Value attached to the Data Packets by the Source Program match, then the datatransfer is said to be valid and error free. Checksum is calculated by adding up all the octets in a datagram. Packet Sequencing-: All data being transferred on the net is broken down into packets at the source andjoined together at the destination. The data is broken down into packets in a particular sequence at thesource. This means that, for example, the first byte has the first sequence number and the second byte thesecond sequence number and so on. These packets are free to travel independently on the net, sosometimes, when the data packets reach the destination they arrive, out of sequence, which means that thepacket which had the first sequence number attached to it does not reach the destination first. Sequencingdefines the order in which the hosts receive the data packets or messages. The application or the layerrunning at the destination automatically builds up the data from the sequence number in each packet.The source system breaks the data to be transferred into smaller packets and assigns each packet a uniquesequence number. When the destination gets the packets, it's starts rearranging the packets by reading thesequence numbers of each packet to make the data received usable. For example, say you want to transfer a 18000 octet file. Not all networks can handle the entire 18000octet packets at a time. So the huge file is broken down into smaller say 300 octet packets. Each packet hasbeen assigned a unique sequence number. Now when the packets reach the destination the packets are putback together to get the usable data. Now during the transportation process, as the packets can moveindependently on the net, it is possible that the packet 5 will arrive at the destination before packet 4arrives. In such a situation, the sequence numbers are used by the destination to rearrange the data packetsin such a way that even if Data packet 5 arrived earlier, Packet 4 will always precede Packet 5. A data can easily be corrupted while it is being transferred from the source to the destination. Now if aerror control service is running then if it detects data corruption, then it asks the source to re-send thepackets of data. Thus only non corrupted data reaches the destination. An error control service detects andcontrols the same two types of errors-: 1.) Data Loss2.) Data Corruption The Checksum values are used to detect if the data has been modified or corrupted during the transfer fromsource to destination or any corruption in the communication channel which may have caused data loss.Data Corruption is detected by the Checksum Values and by performing Cyclic Redundancy Checks(CRC 's). CRC 's too like the Checksums are integer values but require intensely advanced calculation andhence are rarely used. There is yet another way of detecting data corruption-: Handshaking. This feature ensures demands that both the source and destination must transmit and receiveacknowledgement messages, that confirm transfer of uncorrupted data. Such acknowledgement messagesare known as ACK messages. Let's take an example of a typical scenario of data transfer between two systems.Source Sends MSG1 to Destination. It will not send MSG2 to Destination unless and until it gets the MSGACK and destination will not send more requests for data or the next request message (MSG2) unless itgets the ACK from Source confirming that the MSG1 ACK was received by it. If the source does not get aACK message from the destination, then something which is called a timed-out occurs and the source willre send the data to destination. So this means that if A sends a data packet to B and B checksums the data packet and finds the datacorrupted, then it can simply delete for a time out to take place. Once the time out takes place, A will resend the data packet to B. But this kind of system of deleting corrupt data is not used as it is inefficient andtime consuming. Instead of deleting the corrupt data and waiting for a time out to take place, the destination (B) sends a notacknowledged or NACK message to source(A). When A gets the NACK message, instead of waiting for atime out to take place, it straightaway resends the data packet. An ACK message of 1000 would mean that all data up to 1000 octets has been received till now. TCP/ IP is a layered suite of protocols. All layers are equally important and with the absence of even asingle layer, data transfer would not have been possible. Each TCP/ IP layer contributes to the entireprocess of data transfer. An excellent example, is when you send an email. For sending mail there is aseparate protocol, the SMTP protocol which belongs to the Application layer. The SMTP Applicationprotocol like all other application layer protocols assumes that there is a reliable connection existingbetween the two computers. For the SMTP application protocol to do what it is designed for, i.e. to sendmail, it requires the existence of all other Layers as well. The Physical Layer i.e. cables and wires isrequired to transport the data physically. The Transmission Control Protocol or the TCP protocol whichbelongs to the Transport Layer is needed to keep track of the number of packets sent and for errorcorrection. It is this protocol that makes sure that the data reaches the other end. The TCP protocol is calledby the Application Protocol to ensure error free communication between the source and destination. For theTCP layer to do its work properly i.e. to ensure that the data packets reach the destination, it requires theexistence of the Internet Protocol or IP. The IP protocol contains the Checksum and Source andDestination IP address. You may wonder why do we need different protocols like TCP and IP and why not bundle them into thesame Application protocol.? The TCP protocol contains commands or functions which are needed byvarious application protocols like FTP, SMTP and also HTTP. The TCP protocol also calls on the IPprotocol, which in turn contains commands or functions which some application protocols require whileothers don?t. So rather than bundling the entire TCP and IP protocol set into specific application protocols,it is better to have different protocols which are called whenever required. The Link Layer which is the Hardware or Ethernet layer is also needed for transportation of the datapackets. The PPP or the Point to Point Protocol belongs to this layer. Before we go on let's get accustomedwith certain TCP\IP terms. Most people get confused between datagrams and packets and think that theyare one and the same thing . You see, a datagram is a unit of data which is used by various protocols and apacket is a physical object or thing which moves on a physical medium like a wire. There is a remarkabledifference between a Packet and a Datagram, but it is beyond the scope of this book. To make things easierI will use only the term datagram (Actually this is the official term.)while discussing various protocols. Two different main protocols are involved in transporting packets from source to destination. 1.) The Transmission Control Protocol or the TCP Protocol2.) The Internet Protocol or the IP protocol. Besides these two main protocols, the Physical Layer and the Ethernet Layer are also indispensable to datatransfer. THE TRANSPORT LAYER The TCP protocol The Transmission Control Protocol is responsible for breaking up the data into smaller datagrams andputting the datagrams back to form usable data at the destination. It also resends the lost datagrams todestination where the received datagrams are reassembled in the right order. The TCP protocol does thebulk of work but without the IP protocol, it cannot transfer data. Let's take an example to make things more clearer. Let's say your Internet Protocol Address or IP address isxxx.xxx.xxx.xxx or simply x and the destination's IP is yyy.yyy.yyy.yyy or simply y. Now As soon as thethree-way connection is established between x and y, x knows the destination IP address and also the Portto which it is connected to. Both x and y are in different networks which can handle different sized packets.So in order to send datagrams which are in receivable size, x must know what is the maximum datagramsize which y can handle. This too is determined by both x and y during connection time. So once x knows the maximum size of the datagram which y can handle, it breaks down the data intosmaller chunks or datagrams. Each datagram has it's own TCP header which too is put by TCP.A TCP Header contains a lot of information, but the most important of it is the Source and Destination IPand Port numbers and yes also the sequence number. **************HACKING TRUTH: Learn more about Ports, IP's, Sockets in the Net Tools Manual**************The source which is your computer(x) now knows what the IP Addresses and Port Numbers of theDestination and Source computers are. It now calculates the Checksum value by adding up all the octets ofthe datagram and puts the final checksum value to the TCP Header. The different octets and not thedatagrams are then numbered. An octet would be a smaller broken down form of the entire data. TCP thenputs all this information into the TCP header of each datagram. A TCP Header of a datagram would finallylook like -: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Port Destination Port +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sequence Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Acknowledgment Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Data UAPRSF Offset Reserved RCSSYI Window GKHTNN +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Checksum Urgent Pointer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Actual Data form the next 500 octets There are certain new fields in the TCP header which you may not know off. Let's see what these newfields signify. The Windows field specifies the octets of new data which is ready to be processed. You seenot all computers connected to the Internet run at the same speed and to ensure that a faster system does notsend datagrams to a slow system at a rate which is faster than it can handle, we use the Window field. Asthe computer receives data , the space in the Window field gets decreased indicating that the receiver hasreceived the data. When it reaches zero the sender stops sending further packets. Once the receiver finishesprocessing the received data, it increases the Window field, which in turn indicates that the receiver hasprocessed the earlier sent data and is ready to receive more chunks of data. The Urgent Field tells the remote computer to stop processing the last octet and instead receive the newoctet. This is normally not commonly used. The TCP protocol is a reliable protocol, which means that we have a guarantee that the data will arrive atthe destination properly and without any errors. It ensures that the data being received by the receiving endis arranged in the same correct order in which it was sent. The TCP Protocol relies on a virtual circuit between the client and the host. The circuit is opened via a 3part process known as the three part handshake. It supports full duplex transportation of data which meansthat it provides a path for two way data transfer. Hence using the TCP protocol, a computer can send andreceive datagrams at the same time. Some common flags of TCP are-: RST [RESET]- Resets the connection.PSH [PUSH] - Tells receiver to pass all queued data to the application running.FIN [FINISH] - Closes connection following the 4 step process.SYN Flag - means that the machine sending this flag wants to establish a three way handshake i.e. a TCP connection. The receiver of a SYN flag usually responds with an ACK message. So now we are in a position to represent a three way TCP Handshake: A <---SYN---> BA <---SYN/ACK? BA <---ACK---> B A sends a SYN flag to B saying " I want to establish a TCP connection", B responds to the SYN with theACK to the SYN flag. A again responds to the ACK sent by B with another ACK. Read RFC 793 for further in depth details about the TCP protocol. The User Datagram Protocol or the UDP Protocol The User Data protocol or the UDP is yet another protocol which is a member of the Transport Layer. TCPis the standard protocol used by all systems for communications. TCP is used to break down the data to betransported into smaller datagrams, before they (the datagrams) are sent across a network. Thus we can saythat TCP is used where more than a single or multiple datagrams are involved. Sometimes, the data to be transported is able to fit into a single datagram. We do not need to break the datainto smaller datagrams as the size of the data is pretty small. The perfect example of such data is the DNSsystem. To send out the query for a particular domain name, a single datagram is more than enough. Alsothe IP that is returned by the Domain Name Server does not require more than one datagram fortransportation. So in such cases instead of making use of the complex TCP protocol, applications fall backto the UDP protocol. The UDP protocol works almost the way TCP works. But the only differences being that TCP breaks thedata to be transferred into smaller chunks, does sequencing by inserting a sequence number in the headerand no error control. Thus we can conclude by saying that the UDP protocol is an unreliable protocol withno way to confirm that the data has reached the destination. The UDP protocol does insert a USP header to the single datagram it is transporting. The UDP headercontains the Source and Destination IP Addresses and Port Numbers and also the Checksum value. TheUDP header is comparatively smaller than the TCP Header. It is used by those applications where small chunks of data are involved. It offers services to the User'sNetwork Applications like NFS(Network File Sharing) and SNMP. Read RFC 768 for further in depth details about the UDP protocol. THE NETWORK LAYER The IP Protocol Both the TCP and the UDP protocols, after inserting the headers to the datagram(s) given to them passthem to the Internet Protocol or the IP Protocol. The main job of the IP protocol is to find a way oftransporting the datagrams to the destination receiver. It does not do any kind of error checking. The IP protocol too adds it's own IP Header to each datagram. The IP header contains the source anddestination IP addresses, the protocol number and yet another checksum. The IP header of a particulardatagram looks like-: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version IHL Type of Service Total Length +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Identification Flags Fragment Offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Time to Live Protocol Header Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP header info followed by the actual data being transferred The Source and destination IP addresses and needed so that?well it is obvious isn't it? The Protocolnumber is added so that the IP protocol knows to which Transport Protocol the datagram has to be passed.You see various Transport Protocols are used like for example TCP or UDP. So this protocol number isinserted to tell IP the protocol to which the datagram has to be passed. It too inserts it's own Checksum value which is different from the Checksum Value inserted by theTransport Protocols. This Checksum has to be inserted as without it the Internet Protocol will not be able toverify if the Header has been damaged in the transfer process and hence the datagram might reach a wrongdestination. The Time to Live field specifies a value which is decreased each time the datagram passesthrough a network. Remember Tracert? The Internet Protocol Header contains other fields as well, but they are quite advanced and cannot beincluded in a manual which gives an introduction to the TCP\IP protocol. To learn more about the IPprotocol read RFC 791. The Internet Control Message Protocol or the ICMP The ICMP protocol allows hosts to transfer information on errors that might have occurred during the datatransfer between two hosts. It is basically used to display error messages about errors that might occurduring the data transfer. The ICMP is a very simple protocol without any headers. It is most commonlyused to diagnose Network Problems. The famous utility PING is a part of the ICMP protocol. ICMPrequests do not require the user or application to mention any port number as all ICMP requests areanswered by the Network Software itself. The ICMP protocol too handles only a single datagram. That'swhy we say in PING only a single datagram is sent to the remote computer. This protocol can remote manynetwork problems like Host Down, Congested Network etc Read RFC 792 for further in depth details about the ICMP protocol. The Link Layer Almost all networks use Ethernet. Each machine in a network has it's own IP address and it's EtherAddress. The Ether Address of a computer is different than it's IP address. An Ether Address is a 42 bitaddress while the IP address is only a 32 bit address. A Network must know which computer to deliver thedatagram to. Right? For this the Ether Header is used. The Ether Header is a 14 octet header that contains the Source and Destination Ethernet address, and a typecode. Ether too calculates it's own Checksum value. The Type code relates to the protocol families to beused within the Network. The Ether Layer passes the datagram to the protocol specified by this field afterinserting the Ether Header. There is simply no connection between the Ethernet Address and the IP addressof a machine. Each machine needs to have a Ethernet to IP address translation table on its hard disk. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet destination address (first 32 bits) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet dest (last 16 bits) Ethernet source (first 16 bits) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet source address (last 32 bits) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type code +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IP header, then TCP header, then your data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ethernet Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address Resolution Protocol or ARP Data before being transmitted across the Internet or across a local network is broken down into smallerPackets which are suitable for transfer over the net. These packets have the Source and Destination IP's butfor the transfer to take place the suitable Hardware Addresses or the MAC addresses must also be known.That is where ARP comes in. To get the Hardware MAC addresses, ARP or Address Resolution Protocol sends a request message. TheRouter replies with the Hardware Address. It is similar to the DNS and it too has a cache. This cache can bea bit vulnerable as a Hacker could forge a connection from a remote machine claiming to be one of thecached locations. So we can conclude that ARP translates IP's into Ethernet Addresses. One thing toremember about ARP is that it only translates outgoing packets. There is also something called the RARP which is an abbreviation for Reverse Address Resolution Protocol, which like the name says does exactly reverse of what ARP does. There is simply no algorithm to get the Ethernet Address from the IP Address. To carry out suchtranslations, each computer has a file which has a table with rows for each computer and two columns fortheir corresponding IP address and Ethernet Address. The File is somewhat like the following-: Internet Protocol Address Ethernet AddressComputer Name xxx.xy.yy.yx 08-00-39-00-2F-C3 Say there are a system in a Network (A) and an unidentified system (B) contacts it. Now A only knows theIP address of B. Now A will first try to identify whether B is the same network so that it can directlycommunicate via Ethernet. So it will first check the IP to MAC address translation table which it has. If itfinds the IP in the table then well and good and A will establish a connection with B via Ethernet. On the Other hand if A does not find any match for the specific IP, it will send out a request in the form ofa 'Broadcast'. All computers within the Network will receive this broadcast and will search their own IP toMAC translation table and will reply with the necessary MAC address. A basic difference between an Ipaddress and MAC address is that an IP is the form xxx.xxx.xxx.xxx and a MAC address is in the formxx:xx:xx:xx:xx:xx and one is 32 bit while the other is 40 bit. Read RFC 826 for further in depth details about the ARP protocol. Application Layer Till now you have learnt how data is broken down into smaller chunks, and transferred to the destination,where the chunks are rearranged. But there is yet another aspect to a successful data transfer process, whichwe have not discussed yet: The Application Protocols and the Application Layer itself. A host whichreceives datagrams has many applications or services (daemons) running which are ready to establish aTCP connection and accept a message. Datagrams travelling on the Internet must know which applicationthey have to establish connection with, which application they have to send the message to. A typical webserver will have the FTP daemon, the HTTP daemon, the POP daemon, and the SMTP daemon running.Wouldn't the datagrams get confused as to which daemon to send the message to. For the datagrams to know which computer to send the message to, we have IP addresses. The datagramknows what daemon or application to send the message to by the Port Number attached to the IP address ofthe Destination. A TCP address is actually fully described by 4 numbers; The IP address of the Source andDestination and the TCP Port Numbers of each end to which data is to be sent. These numbers are found inthe TCP Header. To make it simpler to understand I have included an excerpt from the Net Tools Chapter: What is all the hype about socket programming? What exactly are sockets? TCP\IP or Transmission Control Protocol\ Internet Protocol is the language or the protocol used bycomputers to communicate with each other over the Internet. Say a computer whose IP address is99.99.99.99 wants to communicate with another machine whose IP address is 98.98.98.98 then would willhappen? The machine whose IP is 99.99.99.99 sends a packet addressed to another machine whose IP is98.98.98.98. When 98.98.98.98 receives the packet then it verifies that it got the message by sending asignal back to 99.99.99.99.But say the person who is using 99.99.99.99 wants to have simultaneously morethan one connections to 98.98.98.98.....then what will happen? Say 99.99.99.99 wants to connect tothe FTP daemon and download a file by FTP and at the same time it wants to connect to 98.98.98.98'swebsite i.e. The HTTP daemon. Then 98.98.98.98. will have 2 connects with 99.99.99.99 simultaneously.Now how can 98.98.98.98.distinguish between the two connections...how does 98.98.98.98. know whichis for the FTP daemon and which for the HTTP daemon? If there was no way to distinguish between thetwo connections then they would both get mixed up and there would be a lot of chaos with the messagemeant for the HTTP daemon going to the FTP daemon. To avoid such confusion we have ports. At eachport a particular service or daemon is running by default. So now that the 99.99.99.99 computers knowswhich port to connect to, to download a FTP file and which port to connect to, to download the web page,it will communicate with the 98.98.98.98 machine using what is known as the socket pair which is acombination of an IP address and a Port. So in the above case the message which is meant for the FTPdaemon will be addressed to 98.98.98.98 : 21 (Notice the colon and the default FTP port suceeding it.).So that the receiving machine i.e. 98.98.98.98 will know for which service this message is meant for and towhich port it should be directed to. In TCP\IP or over the Internet all communication is done using the Socket pair i.e. the combination of theIP address and the port. *****************HACKING TRUTH: Learn More about Ports, IP addresses and Sockets by reading the Net Tools Chapter.*****************The Application Layers basically consists of the Applications running on your computer and theApplications running on the host to which you are connected. Say you are viewing the Hotmail Site, thenthe application layer comprises of the Web Browser running on your computer and the HTTP daemonrunning at Hotmail's server and the Application Protocol being used to communicate is HyperText TransferProtocol. As soon as a TCP connection is established the Applications running on Each end decide the language orprotocol to be used to communicate and send datagrams. IP Spoofing Torn Apart IP spoofing is the most exciting topic you will hear wannabe hackers talking about. It is also a subjectabout which no one knows much. Before we continue I would like to tell you that IP Spoofing is quitedifficult to understand and a lot of people have trouble understanding how it is done. The other downside ithas is the fact that it can almost not be done using a Windows system and a system administrator can easilyprotect his system from IP spoofing So what is IP Spoofing? IP Spoofing is a trick played on servers to fool the target computer into thinkingthat it is receiving data from a source other than you. This in turn basically means to send data to a remotehost so that it believes that the data is coming from a computer whose IP address is something other thanyours. Let's take an example to make it clear: Your IP is : 203.45.98.01 (REAL)IP of Victim computer is: 202.14.12.1 (VICTIM)IP you want data to be sent from: 173.23.45.89 (FAKE) Normally sitting on the computer whose IP is REAL, the datagrams you send to VICTIM will appear tohave come from REAL. Now consider a situation in which you want to send a datagram to VICTIM andmake him believe that it came from a computer whose IP is FAKE. This is when you perform IP Spoofing. The Main problem with IP Spoofing is that even if you are able to send a spoofed datagram to the remotehost, the remote host will reply not to your real IP but to the Fake IP you made your datagram seem to havecome from. Getting confused? Read the following example to clear up your mind. Taking the same IP's as in the last example, consider the following scenario. Now, if REAL connects toVICTIM, after the standard three way handshake has taken place, and VICTIM sends an ACK message toREAL. Now if you spoof you IP, to say FAKE, then VICTIM will try to establish a TCP connection andwill send an ACK message to FAKE. Now lets assume that FAKE is alive, then as it had not requested theACK message (sent by VICTIM to FAKE) it will reply with a NACK message which would basically endthe connection and no further communication between FAKE and VICTIM would take place. Now ifFAKE doesn't exist then the ACK message sent by VICTIM will not get any reply and in the end theconnection times out. Due to this FAKE and REAL IP reasons, when a person is trying to perform an IP Spoof, he does not getany response from the remote host and has no clue whether he has been successful or not. If he has madeany progress or not. You are as good as blind, with no medium through which you could get feedback. IP Spoofing can be successful only if the computer with the FAKE IP does not reply to the victim and notinterrupt the spoofed connection. Take the example of a telephone conversation, you can call up a person' x ' and pretend to be ' y ' as long as ' y ' does not interrupt the conversation and give the game away. So why would you need to perform IP Spoofing-: 1.) To Pretend that you are some other computer whose IP address is amongst the trusted list of computerson the victim's disk. This way you are exploit the 'r' services and gain access to the network as you arethen believed to be from a trusted source.2.) To Disguise or Mask your IP address so that the victim does not know who you really are and wherethe data is coming from. If you ever read the alt.2600 or the alt.hacking newsgroup, you would probably find many postings like "Ihave Win98, how do I Spoof my IP" or even " I do not know TCP/IP. tell me how to perform IP spoofing".You see the very fact that they are posting such questions and expect to learn how to spoof their IP withouteven knowing a bit about TCP\IP, confirms the fact that they would not be able to perform IP Spoofing. NoI am not saying that asking questions is bad, but you see not knowing something is not so bad, but notknowing something and showing ignorance towards learning it is really, really bad. You see IP spoofing is a very complex and difficult to perform subject. You need to hog entire TCP/IP andNetworking Protocols manuals and need to be able to write C programs which will help you in theSpoofing process. It is amazing how people even think that they can spoof their IP without even knowingwhat TCP/IP stands for. You see all packets travelling across the Internet have headers which contain the source and destination IPaddresses and port numbers, so that the packet knows where to go and the destination knows where thepacket has come from and where to respond. Now the process of Spoofing means to change the source IPaddress contains by the Header of the packet, in turn fooling the receiver of the Packets into believing thatthe packet came from somewhere else, which is a fake IP. Now let's again look at the IP Header of adatagram. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version IHL Type of Service Total Length +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Identification Flags Fragment Offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Time to Live Protocol Header Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP header info followed by the actual data being transferred Now basically to perform IP spoofing we need to be able to change the value of the field, Source Address.Now to this you need to be able to guess sequence numbers which is quite a sophisticated process and I willtry to explain it as clearly as possible. Before we go on, you need to understand the fact the IP spoofing isnot the entire process, it is just a stepping stop in the entire process of fooling the remote host andestablishing a trust relationship with the remote host. So how do these trust relationships take place? Well all of you are encountered with some form ofauthentication process or the other. Now the Username-Password pair is the most commonly used form ofauthentication, with which we are very much familiar. Now what happens in the Username-Password formof authentication is that the remote host to which the client is connected to challenges the client by askingthe User to type in the Username and Password. So in this form of authentication, the User needs tointervened and the remote host challenges the user to enter the Username and Password which act as a fromof authentication. Now other than the Password-Username form of authentication there is yet another form of authenticationmost users do not know of. This is the Client IP. In this form of authentication, what happens is that theremote host gets or find out the IP address of the client and compares it with a predefined list of IP's. If theIP of the client who is trying to establish a connection with the remote host is found in the list of IP'smaintained by the host, then it allows the client access to the shell 'without a password' as the identity ofthe client has already been authenticated. Such kind of rust relationships are common in Unix Systems which have certain 'R services' like rsh ,rlogin , rcp which have certain security problems and should be avoided. Despite the threat involved mostISP's in India still keep the ports of the R services open to be exploited by Hackers. You normally establisha Rlogin trust relationship by using the Unix command, $>rlogin IP address **************HACKING TRUTH: Well there is definitely a cooler way of establishing a trust relationship with a remotehost, using Telnet. The default port numbers at which the R services run are 512, 513,514************** So how do I spoof my IP? Well in short, to spoof your IP, you need to be able to predict sequence numbers,this will clearer after reading then next few paragraphs. To understand Sequence Numbers you need to go back to, how the TCP protocol works. You alreadyknow that TCP is a reliable protocol and has certain in-built features which have the ability to rearrange, re-send lost, duplicated or out of sequence data. To make sure that the destination is able to rearrange thedatagrams in the correct order, TCP inserts two sequence numbers into each TCP datagram. One Sequencenumber tells the receiving computer where a particular datagram belongs while the second sequencenumber says how much data has been received by the sender. Anyway, let's move on, TCP also relies onACK and NACK messages to ensure that all datagrams have reached the destination error free.Now we need to reanalyze the TCP Header to understand certain other aspects of sequence numbers andthe ACK Number. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Port Destination Port +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sequence Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Acknowledgment Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Data UAPRSF Offset Reserved RCSSYI Window GKHTNN +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Checksum Urgent Pointer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The Actual Data form the next 500 octets You see the TCP Header contains a Sequence Number which actually represents the sequence number ofthe first byte of that particular TCP segment. A sequence number is a 32 Bit number which is attached toall bytes (data) being exchanged across a Network. The ACK Number Field in the TCP header, actuallycontains the value of the sequence number which it expects to be the next. Not only that, it also does whatit was meant to do, acknowledge data received. Confused? Read it again till you get the hang of it. When a connection is established, the initial sequence number or ISN is initialized to 1. This ISN numberis then incremented by 128,000 every second. There is a certain patter according to which the sequencenumbers increment or change which makes then easy to predict. To successfully perform IP spoofing or in order to predict Sequence Numbers, you need to be running aform of UNIX, as Windows does not provide the users with access to really advanced system stuff.Without a form of Unix IP Spoofing is almost impossible to do. This text is not the ultimate guide to IP Spoofing and was aimed at only giving you a general outline of thewhole process. Sequence number Prediction is really, really sophisticated and difficult to understand, butnot impossible to do. However a system administrator can easily save his systems from IP spoofing and thisactually makes it quite useless, nonetheless truly exciting. If You really want to learn IP Spoofing I suggestyou read IP Spoofing Demystified by daemon9/route/infinity which was a part of Issue 48 of PHRACKmagazine, File 14 of 18. Go to the Archive Section of their site, http://www.phrack.com and click on Issue48. This brings me to the other purpose people use IP Spoofing, IP Masking. Now to something as simple asmask or hide your IP you do not need to go through the complex procedure of guessing sequence numbersand performing IP Spoofing. There are proxy servers to do that for you. Read the Net Tools chapter forfurther details. Port Scanning in Networking Terms Earlier we learnt what a Port scan is why it is considered to be such a important tool of getting informationabout the remote host, which in turn can be used to exploit any vulnerabilities and break into the system.We all know how a manual Port Scan works. You launch Telnet and manually Telnet to each Port jottingdown information that you think is important. In a manual Port Scan, when you telnet to a port of a remotehost, a full three way handshake takes place, which means that a complete TCP connection opens. The earliest and the oldest version of Port Scanners used the same technique. They connected to each portand established a full three way handshake for a complete TCP connection. The downside of such portscanners was the fact that as a full TCP connection was being established, the system administrator couldeasily detect that someone is trying to port scan his systems to find a vulnerability. However such portscanning methods also had a bright side, as an actual TCP connection was being established, the portscanning software did not have to build a Fake Internet Protocol Packet. (This IP Packet is used to scan theremote systems.) Such TCP scanners too relied on the three-way TCP handshake to detect if a port is openor not. The Basic process of detecting whether a port is open or not has been described below: 1.) You send a TCP Packet containing the SYN flag to remote host.2.) Now the remote host checks whether the port is open or not. If the port is open then it replies with aTCP packet containing both an ACK message confirming that the port is open and a SYN flag. On theother hand if the port is closed then the remote host sends the RST flag which resets the connection, inshort closes the connection.3.) This third phase is optional and involves the sending of an ACK message by the client. As TCP Scanners were detectable, programmers around the world developed a new kind of port scanner,the SYN Scanner, which did not establish a complete TCP connection. These kinds of port scanners remainundetectable by only sending the first single TCP Packet containing the SYN flag and establishing a halfTCP Connection. T understand the working of a SYN or Half SYN Port Scanner simply read its 4 stepworking-: 1. SYN Port Scanner sends the first TCP packet containing the SYN flag to the remote host.2. The remote system replies with, either a SYN plus ACK or a RST.3. When the SYN Port scanner receives one of the above responses, it knows whether the respective portis open or not and whether a daemon is ready listening for connections. The SYN Port Scanners were undetectable by most normal system port scan detectors, however newer postscan detectors like netstat and also some firewalls can filter out such scans. Another downside to suchscanning is that the method in which the scanner makes the IP packet varies from system to system. UDP Scanning It is yet another port scanning technique which can be used to scan a UDP port to see if it is listening. Todetect an open UDP port, simply send a single UDP Packet to the port. If it is listening, you will get theresponse, if it is not, then ICMP takes over and displays the error message, " Destination PortUnreachable". FIN Port Scanners FIN Port Scanners are my favorite type of port scanners. They send a single packet containg the FIN flag. Ifthe remote host returns a RST flag then the port is closed, if no RST flag is returned, then it is open andlistening. Some port scanners also use the technique of sending a ACK packet and if the Time To Live or ttl of thereturning packets is lower than the RST packets received (earlier), or if the windows size is greater thanzero, then the port is probably open and listening. The Following is the code of a supposedly Stealth Port Scanner which appeared in the Phrack Magazine. /** scantcp.c** version 1.32* * Scans for listening TCP ports by sending packets to them and waiting for* replies. Relys upon the TCP specs and some TCP implementation bugs found* when viewing tcpdump logs.** As always, portions recycled (eventually, with some stops) from n00k.c* (Wow, that little piece of code I wrote long ago still serves as the base* interface for newer tools)** Technique:* 1. Active scanning: not supported - why bother.** 2. Half-open scanning:* a. send SYN* b. if reply is SYNACK send RST, port is listening* c. if reply is RST, port is not listening** 3. Stealth scanning: (works on nearly all systems tested)* a. sends FIN* b. if RST is returned, not listening.* c. otherwise, port is probably listening.** (This bug in many TCP implementations is not limited to FIN only; in fact* many other flag combinations will have similar effects. FIN alone was* selected because always returns a plain RST when not listening, and the* code here was fit to handle RSTs already so it took me like 2 minutes* to add this scanning method)** 4. Stealth scanning: (may not work on all systems)* a. sends ACK* b. waits for RST* c. if TTL is low or window is not 0, port is probably listening.** (stealth scanning was created after I watched some tcpdump logs with* these symptoms. The low-TTL implementation bug is currently believed* to appear on Linux only, the non-zero window on ACK seems to exists on* all BSDs.)** CHANGES:* --------* 0. (v1.0)* - First code, worked but was put aside since I didn't have time nor* need to continue developing it.* 1. (v1.1)* - BASE CODE MOSTLY REWRITTEN (the old code wasn't that maintainable)* - Added code to actually enforce the usecond-delay without usleep()* (replies might be lost if usleep()ing)* 2. (v1.2)* - Added another stealth scanning method (FIN).* Tested and passed on:* AIX 3* AIX 4* IRIX 5.3* SunOS 4.1.3 * System V 4.0* Linux* FreeBSD * Solaris* * Tested and failed on:* Cisco router with services on ( IOS 11.0)** 3. (v1.21)* - Code commented since I intend on abandoning this for a while.** 4. (v1.3)* - Resending for ports that weren't replied for.* (took some modifications in the internal structures. this also* makes it possible to use non-linear port ranges* (say 1-1024 and 6000))** 5. (v1.31)* - Flood detection - will slow up the sending rate if not replies are* recieved for STCP_THRESHOLD consecutive sends. Saves alot of resends* on easily-flooded networks.** 6. (v1.32)* - Multiple port ranges support.* The format is: [,,...]** Examples: 20-26,113* 20-100,113-150,6000,6660-6669* * PLANNED: (when I have time for this)* ------------------------------------* (v2.x) - Multiple flag combination selections, smart algorithm to point* out uncommon replies and cross-check them with another flag* */ #define RESOLVE_QUIET #include #include #include #include #include #include #include #include #include #include #include #include #include "resolve.c"#include "tcppkt03.c" #define STCP_VERSION "1.32"#define STCP_PORT 1234 /* Our local port. */#define STCP_SENDS 3 #define STCP_THRESHOLD 8#define STCP_SLOWFACTOR 10 /* GENERAL ROUTINES ------------------------------------------- */ void banner(void) {printf("\nscantcp\n");printf("version %s\n",STCP_VERSION); }void usage(const char *progname) {printf("\nusage: \n");printf("%s [sf]\n\n",progname); printf("\t : 0: half-open scanning (type 0, SYN)\n");printf("\t 1: stealth scanning (type 1, FIN)\n");printf("\t 2: stealth scanning (type 2, ACK)\n");printf("\t : source address (this host)\n");printf("\t : target to scan\n");printf("\t : ports/and or ranges to scan - eg: 21-30,113,6000\n");printf("\t : microseconds to wait between TCP sends\n");printf("\t : seconds to wait for TCP replies\n");printf("\t[sf] : slow-factor in case sends are dectected to be too fast\n\n"); }/* OPTION PARSING etc ---------------------------------------- */unsigned char *dest_name;unsigned char *spoof_name;struct sockaddr_in destaddr;unsigned long dest_addr;unsigned long spoof_addr;unsigned long usecdelay;unsigned waitdelay; int slowfactor = STCP_SLOWFACTOR; struct portrec /* the port-data structure */{ unsigned n; int state; unsigned char ttl; unsigned short int window; unsigned long int seq; char sends; } *ports; char *portstr; unsigned char scanflags; int done; int rawsock; /* socket descriptors */int tcpsock; int lastidx = 0; /* last sent index */int maxports; /* total number of ports */ void timeout(int signum) /* timeout handler */ { &
Posts
