Tuesday, November 20, 2007
Change Drive Icon..!!!
Changing drives icon First of all copy a icon file to the root of the drive.example: c:\icon.ico Then create a file called: autorun.inf in c:\autorun.infthen open that file and type the following:[autorun]icon=icon.ico save and close the file. Now open my computer and refresh.. and woh! icon changed....you can apply to other drives too.be careful:"autorun.inf" and "ico.ico" must be in the root of the drive.example: c:\autorun.inf and c:\icon.ico.same on the root.
Deleting Recycle Bin
Deleting recycle bin
Start] [Run] [Regedit]Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucketModify/Create the Value Data Type(s) and Value Name(s) as detailed below.Data Type: DWORD // Value Name: NukeOnDeleteSetting for Value Data: [0 = Use Recycle Bin / 1 = Permanently Delete]Exit Registry and Reboot
Another Method:
start->run->gpedit.msc-> user configuration ->desktop->remove recycle bin from desktop->double click->change it not configured to enable->apply and ok.
Now come to start->run->gpupdate.exe and press enter.
Your recycle bin icon is gone from desktop nad you will need to revert your settings for get that back.
After reverting setting make sure to run gpupdate.exe command .
Removing Multiple Boot Screens
If you are getting unwanted multiple boot screen
Then Follow these Steps.
1> Right Click on My Computer
2>Select Properties
3>Select Advanced Tab
4>Select Settings In the Startup & Recovery Section(3rd grp)
5>Select the operating system which u want.
6>And Click OK.
7>Further again press the setting and click on Edit.
8>It will open boot.ini File.
9>Now u can delete those o/s which you don't want to be displayed.
Note: For deleting operating systems from boot.ini file, keep it mind that you can'tdelete that o/s which is selected by default there. Beforemaking any changes make a copy of boot.ini file.
How to infect a Computer with a Virus or Trojan
Bind 2 exes (infect a game or any other .exe with your virus/trojan)
A simple thing to do is bind a game with the virus or trojan , lets say you have game.exe and server.exe , there are some programs that will add server.exe into game.exe , so when the program connects those two files it gives you a file.exe that will have both game and server in it , send it to your friends and say its just a game , binder is the program you need to connect these file.
Send them a downloaderA downloader will automaticaly download AND execute any file from the internet on the victims computer as soon as they open the downloader,here it goes:a downloader is 2-4 Kb only! it can be added in a game.exe with the way above,you have to upload your trojan/virus on a server lets say geocities then you set up the downloader to download and run this file,you send the 4Kb file to the victim and as soon his computer runs the file it starts downloading the trojan/virus from geocities,the victim will see nothin, the VIR SCANNERS CANT SEE IT BUT they will detect the trojan/virus that it will download.
Infected webpage (.EML Bug)Another way is to build a webpage that contains a virus and infects the visitors with explorer 5.01-5.5 versions with any virus , i havent test it yet and i am not sure if and how it works but i have seen programs around that promt you to choose a trojan/virus then it decodes it and the it gives you the html that contains the virus the problem is that it takes long time to decode it and its better if your virus is 1-30Kb other ways it ll take days to decode , as i said i havent test it yet and i wont be able to write more or reply to any emails askin for it.
Best way (if you have access on the victims pc)
Get a floppy disc and do the job
To Convert a FAT partition into NTFS
To convert a FAT partition to NTFS:
Click Start, click Programs, and then click Command Prompt.
In Windows XP, click Start, click Run, type cmd and then click OK.
At the command prompt, type CONVERT [driveletter]: /FS:NTFS.
Convert.exe will attempt to convert the partition to NTFS.
NOTE: Although the chance of corruption or data loss during the conversion from FAT to NTFS is minimal, it is best to perform a full backup of the data on the drive that it is to be converted prior to executing the convert command. It is also recommended to verify the integrity of the backup before proceeding, as well as to run RDISK and update the emergency repair disk (ERD).
Tips to create a Strong Password easily..!!!
How to create a Strong Password.
This lead me to explain the method I follow to set a password - A Strong Password indeed by all standards.
You must follow the following criteria while creating a Strong Password:
* The password must be a minimum of 8+ characters.
* The password must have 1 number , 1 special character, 1 Upper Case character.
A very simple example that I use to explain my friends and colleages is : P@ssw0rd. It fullfills all the criteria's. The 'a' is replaced by a special character @. The 'P' is of upper case. The 'o' is replaced by the numeral 0.
Well, you can now convert your regular password into a Strong Password by following a few changes like the example I have mentioned above for the simple password - P@ssw0rd.
* Make the first character Upper Case.
* Change all 'a' in the password to the special character @.
* Change all 's' in the password to the special character $.* Change all 'l' in the password to the special character !.
* Change all 'o' in the password to the numerical 0.
* Change all 'i' in the password to the numerical 1.
How to bypass CD DRM Encryption??
DRM is an encryption manifest file which dissallows an individual who's purchased a CD which contains the DRM directly written into the actual Audio Disk. DRM stands for Digital Rights Management.
What's the cause for DRM Encryption?
DRM(Digital Rights Management) is to control the internets piracy of Audio files, mp3s for example.. on P2P (Peer To Peer) Clients, (A famous one is KaZaA) for non-3rd party use. Which this means that You can rip the audio to your computer, and listen to them only at your computer and nowhere else. Now there usually is an internal ripper provided by the CD itself, for you to burn the audio to another CD-R or whatever, but if you follow my howto it'll make things a lot simpler.
-What you need-
1: 6-ft. (182m)* Shielded Audio Cable, 1/8/11th's stereo miniplug, to 1/8/11th's stereo miniplug. Radio shack item # (42-2387A)
2: A CD Player.
3: The CD which has the DRM encryption.
4: A Computer with working Microphone input, and soundcard output.
5: An Audio editor such as Sonic Foundry Sound forge 6.0 or something like it.
Now, take the Audio chord and plug it into your CD player where you'd put your headphones, then take the other end and plug it directly into your CPU's microphone input.
Once that's done, open up your Audio Editor... click on File>New> Once the new layout has opened, click "Record" now once it has started to record, click Play on your CD Diskman. (Make sure you have your Sound on the Diskman to MAX output)
Now thats pretty much it... once the disk has been fully played and upstreamed to your audio editor... you can disect the Tracks and the name them on New Sound layouts, name the track... and save it as mp3. Becuase by default all audio editors save upstreamed tracks as .WAV format, and wav format is a relativelly enormus size as far as bytes are concerned. Remember, it's our right to do what we want with what we buy.
Improve XP Start up time..!!!
Aight so u wanna know how to turn the pc on in 10 seconds (may vary)Aight heres what u have to do to turn ur pc on in 10 seconds.
Aite Click on the start button then press R it will take u to Run well go to run
n type Regedit
press enter
this will open Registery Editor
now look for the key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex
now there find the Key Called
"Startup Delay"
Double Click On It
Now where its Base
Click Decimal
Now its Default Value Is 4800000 (75300:hexadecimal)
Change The Value To 40000
here u go u have done it
now close the Registery Editor
and Restart Your Computer
You'll See The Result
How to fasten up Windows XP..??
1. DISABLE INDEXING SERVICES:-
Indexing Services is a small little program that uses large amounts of RAM and can often make a computer endlessly loud and noisy. This system process indexes and updates lists of all the files that are on your computer. It does this so that when you do a search for something on your computer, it will search faster by scanning the index lists. If you don’t search your computer often, or even if you do search often, this system service is completely unnecessary. To disable do the following:
1. Go to Start
2. Click Settings
3. Click Control Panel
4. Double-click Add/Remove Programs
5. Click the Add/Remove Window Components
6. Uncheck the Indexing services
7. Click Next
2. OPTIMISE DISPLAY SETTINGS
Windows XP can look sexy but displaying all the visual items can waste system resources. To optimise:
1.Go to Start
2. Click Settings
3. Click Control Panel
4. Click System
5. Click Advanced tab
6. In the Performance tab click Settings
7. Leave only the following ticked:
- Show shadows under menus
- Show shadows under mouse pointer
- Show translucent selection rectangle
- Use drop shadows for icons labels on the desktop
- Use visual styles on windows and buttons
3. SPEEDUP FOLDER BROWSING:-
You may have noticed that everytime you open my computer to browse folders that there is a slight delay. This is because Windows XP automatically searches for network files and printers everytime you open Windows Explorer. To fix this and to increase browsing significantly:
1. Open My Computer
2. Click on Tools menu
3. Click on Folder Options
4. Click on the View tab.
5. Uncheck the Automatically search for network folders and printers check box
6. Click Apply
7. Click Ok
8. Reboot your computer
4. IMPROVE MEMORY USAGE:-
Cacheman Improves the performance of your computer by optimizing the disk cache, memory and a number of other settings.
NOTE: This program is shareware and some features require activation.
Once Installed:
1.Go to Show Wizard and select All
2.Run all the wizards by selecting Next or Finished until you are back to the main menu. Use the defaults unless you know exactly what you are doing.
3.Exit and Save Cacheman
4.Restart Windows
5. OPTIMISE YOUR INTERNET CONNECTION:-
There are lots of ways to do this but by far the easiest is to run TCP/IP Optimizer.
1. Download and install
2. Click the General Settings tab and select your Connection Speed (Kbps)
3. Click Network Adapter and choose the interface you use to connect to the Internet
4. Check Optimal Settings then Apply
5. Reboot
6. OPTIMISE YOUR PAGEFILE:-
If you give your pagefile a fixed size it saves the operating system from needing to resize the page file.
1. Right click on My Computer and select Properties
2. Select the Advanced tab
3. Under Performance choose the Settings button
4. Select the Advanced tab again and under Virtual Memory select Change
5. Highlight the drive containing your page file and make the initial Size of the file the same as the Maximum Size of the file.
Windows XP sizes the page file to about 1.5X the amount of actual physical memory by default. While this is good for systems with smaller amounts of memory (under 512MB) it is unlikely that a typical XP desktop system will ever need 1.5 X 512MB or more of virtual memory. If you have less than 512MB of memory, leave the page file at its default size. If you have 512MB or more, change the ratio to 1:1 page file size to physical memory size.
7. SPEEDUP FOLDER ACCESS - DISABLE LAST ACCESS UPDATE:-
If you have a lot of folders and subdirectories on your computer, when you access a directory XP wastes a lot of time updating the time stamp showing the last access time for that directory and for ALL sub directories. To stop XP doing this you need to edit the registry. If you are uncomfortable doing this then please do not attempt.
1. Go to Start and then Run and type “regedit”
2. Click through the file system until you get to “HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Control\FileSys
tem”
3. Right-click in a blank area of the window on the right and select ‘DWORD Value’
4. Create a new DWORD Value called ‘NtfsDisableLastAccessUpdate’
5. Then Right click on the new value and select ‘Modify’
6. Change the Value Data to ‘1′
7. Click ‘OK’
8. MAKE YOUR MENUS LOAD FASTER:-
This is one of my favourite tweaks as it makes a huge difference to how fast your machine will ‘feel’. What this tweak does is remove the slight delay between clicking on a menu and XP displaying the menu.
1. Go to Start then Run
2. Type ‘Regedit’ then click ‘Ok’
3. Find “HKEY_CURRENT_USER\Control Panel\Desktop\”
4. Select “MenuShowDelay”
5. Right click and select “Modify’
6. Reduce the number to around “100″
7. This is the delay time before a menu is opened. You can set it to “0″ but it can make windows really hard to use as menus will open if you just look at them - well move your mouse over them anyway. I tend to go for anywhere between 50-150 depending on my mood.
9. IMPROVE XP SHUTDOWN SPEED:-
This tweak reduces the time XP waits before automatically closing any running programs when you give it the command to shutdown.
1. Go to Start then select Run
2. Type ‘Regedit’ and click ok
3. Find ‘HKEY_CURRENT_USER\ Control Panel\Desktop\’
4. Select ‘WaitToKillAppTimeout’
5. Right click and select ‘Modify’
6. Change the value to ‘1000′
7. Click ‘OK’
8. Now select ‘HungAppTimeout’
9. Right click and select ‘Modify’
10. Change the value to ‘1000′
11. Click ‘OK’
12. Now find ‘HKEY_USERS\ .DEFAULT\Control Panel\Desktop’
13. Select ‘WaitToKillAppTimeout’
14. Right click and select ‘Modify’
15. Change the value to ‘1000′
16. Click ‘OK’
17. Now find ‘HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Control\’
18. Select ‘WaitToKillServiceTimeout’
19. Right click and select ‘Modify’
20. Change the value to ‘1000′
21. Click ‘OK’
10. IMPROVE SWAPFILE PERFORMANCE:-
If you have more than 256MB of RAM this tweak will considerably improve your performance. It basically makes sure that your PC uses every last drop of memory (faster than swap file) before it starts using the swap file.
1. Go to Start then Run
2. Type “msconfig.exe” then ok
3. Click on the System.ini tab
4. Expand the 386enh tab by clicking on the plus sign
5. Click on new then in the blank box type”ConservativeSwapfileUsage=1″
6. Click OK
7. Restart PC
11. ENSURE XP IS USING DMA MODE:-
XP enables DMA for Hard-Drives and CD-Roms by default on most ATA or ATAPI (IDE) devices. However, sometimes computers switch to PIO mode which is slower for data transfer - a typical reason is because of a virus. To ensure that your machine is using DMA:
1. Open ‘Device Manager’
2. Double-click ‘IDE ATA/ATAPI Controllers’
3. Right-click ‘Primary Channel’ and select ‘Properties’ and then ‘Advanced Settings’
4. In the ‘Current Transfer Mode’ drop-down box, select ‘DMA if Available’ if the current setting is ‘PIO Only’
Registry Hacking
Display legal notice on startup:
Wanna tell your friends about the do's and dont's in your computer when they login in your absence. Well you can do it pretty easily by displaying a legal notice at system start up.
REGEDIT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"legalnoticecaption"="enter your notice caption"
"legalnoticetext"="enter your legal notice text"
Automatic Administrator Login:
Well here's the trick which you can use to prove that Windows XP is not at all secure as multi-user operating system. Hacking the system registry from any account having access to system registry puts you in to the administrator account.
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
No Shutdown:
Wanna play with your friends by removing the shutdown option from start menu in their computer.
Just hack it down !!!
Regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
"NoClose"="DWORD:1"
Menu Delays:
Another minor and easy tweak to remove any delay from menus sliding out. For this you will need to use regedit (open regedit by going to Start -> Run..., then typing 'regedit' and pressing enter). The key you need to change is located in HKEY_CURRENT_USERControl PanelDesktop. The actual key is called MenuShowDelay - all you have to do is change the value to 0. Remember, you will have to re-boot your computer for this tweak to take effect.
GPEDIT.MSC And Autoplay
A great tweaking file that comes with XP is gpedit.msc.
Go to Start -> Run... and then type in 'gpedit.msc' and press enter.
This is effectively the Policies Editor, and it comes in handy often.
For example, if you hate CD autoplay like I do and want to permanently disable it, you can use this tool to do so.
Just run gpedit.msc, then go to Computer Configuration -> Administrative Templates -> System. In here you can see the value 'Turn Off Autoplay'. Right-click on it and then click 'Properties'.
Increasing options in add/remove programs:
Not a fan of MSN Messenger? don't want Windows Media Player on your system? Fair enough, but if you go to Add/Remove Programs in the Control Panel, by default none of Windows XP's 'built in' programs are visible. it's fairly easy to change, though... just open the file X:\Windows\inf\sysoc.inf (where X: is the drive letter where Windows XP is installed) in Notepad. You should see a section of the file something like this:
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7
This is a list of all components installed at the moment. I've taken the example of MSN Messenger - the program entry called 'msmsgs', third-last line. You can see the word 'hide' highlighted - this is the string which tells Windows not to display the component in the Add/Remove Programs list. Fix this up by simply deleting the word 'hide' like so:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
To this:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7
Now, after restarting, you should be able to see MSN Messenger in the Add/Remove Programs list. If you want to be able to quickly view and remove all components, simply open the sysoc.inf file and do a global find and replace for the word ",hide" and replace it with a single comma ",".
Automatically Kill Programs At Shutdown:
don't you hate it when, while trying to shut down, you get message boxes telling you that a program is still running? Making it so that Windows automatically kills applications running is a snap. Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then alter the key AutoEndTasks to the value 1.
Speeding Up Share Viewing:
This is a great tweak. Before I found it, I was always smashing my head against the table waiting to view shares on other computers. Basically, when you connect to another computer with Windows XP, it checks for any Scheduled tasks on that computer - a fairly useless task, but one that can add up to 30 seconds of waiting on the other end - not good! Fortunately, it's fairly easy to disable this process. First, navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace in the Registry. Below that, there should be a key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Just delete this, and after a restart, Windows will no longer check for scheduled tasks - mucho performance improvement!
Create a Shortcut to Lock Your Computer
Leaving your computer in a hurry but you don’t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver. To create a shortcut on your desktop to lock your computer: Right-click the desktop. Point to New, and then click Shortcut. The Create Shortcut Wizard opens. In the text box, type the following: rundll32.exe user32.dll,LockWorkStation Click Next. Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like. Click Finish. You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll). To change the icon: Right click the shortcut and then select Properties. Click the Shortcut tab, and then click the Change Icon button. In the Look for icons in this file text box, type: Shell32.dll. Click OK. Select one of the icons from the list and then click OK You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient.
How to Stop Hackers (How To Catch A Hacker)
Some one wrote this great Post at orkut about Catching Hackers
I don't know who exactly the writer of this great post is...
Here is what he had to write :
"just wrote this guide to give you some tips of which you may not have heard yet. Hopefully, it won't come to a hacker getting in, but if it does...
Tip 1: Hackers cover their tracks. Experienced hackers cover them more thorougly, but amateur hackers sometimes leave things behind. Don't expect them to leave any really big evidence behind; expect more of little things here and there you might find surprising. For example, if you're writing a term paper and a black hat hacker accidently saved it when he took a paragraph out- that's suspicious. Where did that paragraph go? Well, for one thing, now you know he was in that area. Check the folders surrounding the file- you might find something.
Tip 2: Decipher between the type of hackers that are attacking you. Experienced hackers will have a more in depth look around when they penetrate your system. They won't touch much because they know that that won't add too much to their knowledge. But if you know a hacker's been in, and some files are messed with, and you have a log of someone guessing passwords to a file or something of that sort, its probably some newbie who's just starting out. These are the easiest hackers to catch. They usually get so caught up in thoughts like "I'm in!" that they forget the basics, such as work behind a proxy.
Tip to protect yourself
My friend was setting up a webserver once. His first time too, and he wasn't to anxious to set up some good software to protect against hackers and viruses. He didn't put up one IDS, and before you know it, the obvious happened. But this time, a newbie had struck. The nice log files showed, bluntly across the screen, multiple instances of a foreign IP address that stood out. Some stupid newbie had tried to login as "uucp" on my friend's XP computer, with a password of "uucp." Well, that's great, but he also had tried the same user/pass combination three times, enough to get himself logged nicely. Even a semi-brainless user with some form of neurological system knows that uucp isn't a default XP account. Again, excitement toiled this hacker's brain, and maybe if he hadn't done that, along with a few other stupid things, he wouldn't have gotten caught. What other things did he do? Well, lets see. He openned 35 instances of MS-DOS. He tried to clean the printer's heads, and he edited a .gif in notepad. Then he uninstalled a few programs and installed some html editor, and replaced four files with the words "14P." he might as well have posted his phone number. In a few days, we had tracked him down to a
suburban town in Ohio. We let him go, not pressing any charges, because he had done nothing really damaging and had provided me with an example of a moron for this guide.
Tip 3: Don't go crazy if you lose data. Chances are, if it was that important, you would have backed it up anyway. Most hackers nowadays wish they were back in 1989 when they could use a Black Box and having a Rainbow Book actually meant something. Most hackers aren't blackhat, they are whitehat, and some even greyhat. But in the end, most hackers that are in systems aren't satisfied by looking around. From past experiences, I have concluded that many hackers like to remember where've they been. So, what do they do? They either press delete here and there, or copy some files onto their systems. Stupid hackers (yes, there are plenty of stupid hackers) send files to e-mail addresses. Some free email companies will give you the IP of a certain e-mail address's user if you can prove that user has been notoriously hacking you. But most of the time, by the time you get the e-mail addy it's been unused for weeks if not months or years, and services like hotmail have already deleted it.
Tip 4: Save information! Any information that you get from a log file (proxy server IP, things like "14P", e-mail addresses that things were sent to, etc.) should be saved to a floppy disk (they're not floppy anymore, I wish I could get out of the habit of calling them that) incase there's a next time. If you get another attack, from the same proxy, or with similar e-mail addresses (e.g: one says Blackjack 123@something.whatever and the other says Black_jack_45@something.znn.com) you can make an assumption that these hackers are the same people. In that case, it would probably be worth the effort to resolve the IP using the proxy and do a traceroute. Pressing charges is recommended if this is a repeat offender.
Tip 5: Don't be stupid. If you've been hacked, take security to the next level. Hackers do talk about people they've hacked and they do post IPs and e-mail addresses. Proof? Take a look at Defcon Conventions. I've never gone to one, but I've seen the photos. The "Wall of Shame"-type of boards I've seen have IPs and e-mail addresses written all over them in fat red, dry-erase ink. Don't be the one to go searching the Defcon website and find your e-mail address posted on the Wall of Shame board!
Tip 6: Don't rely on luck. Chances are, sometime or another, you're going to be targeted for an attack. Here you can rely on luck. Maybe they'll forget? Maybe they don't know how to do it? If you think this way, a surprise is going to hit your face very hard. Another way you could stupidly rely on luck is by saying this: It's probably just a whitehat. On the contrary, my friend, it's probably just a blackhat. A blackhat with knowledge stored in his head, ready to be used as an ax. It's your data. You take the chance.
How Internet Cookies Work
Internet cookies are incredibly simple, but they are one of those things that have taken on a life of their own. Cookies started receiving tremendous media attention starting in February 2000 because of Internet privacy concerns, and the debate still rages.
On the other hand, cookies provide capabilities that make the Web much easier to navigate. The designers of almost every major site use them because they provide a better user experience and make it much easier to gather accurate information about the site's visitors.
We will take a look at the basic technology behind cookies, as well as some of the features they enable. You will also have the opportunity to see a real-world example of what cookies can and cannot do using a sample page.
Cookie Basics
In April of 2000 I read an in-depth article on Internet privacy in a large, respected newspaper, and that article contained a definition of cookies. Paraphrasing, the definition went like this:
Cookies are programs that web sites put on your hard disk. They sit on your computer gathering information about you and everything you do on the Internet, and whenever the web site wants to it can download all of the information the cookie has collected.
Definitions like that are fairly common in the press. The problem is, none of that information is correct. Cookies are not programs, and they cannot run like a program does. Therefore they cannot gather any information on their own. Nor can they collect any personal information about you from your machine.
Here is a valid definition of a cookie:
A cookie is a piece of text that a web server can store on a user's hard disk. Cookies allow a web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.
For example, a web site might generate a unique ID number for each visitor and store the ID number on each user's machine using a cookie file.
If you use Microsoft's Internet Explorer to browse the web, you can see all of the cookies that are stored on your machine. The most common place for them to reside is in a directory called c:\windows\cookies. When I look in that directory on my machine, I find 165 files. Each file is a text file that contains name-value pairs, and there is one file for each web site that has placed cookies on my machine.
You can see in the directory that each of these files is a simple, normal text file. You can see which web site placed the file on your machine by looking at the file name (the information is also stored inside the file). You can open each file up by clicking on it.
For example, I have visited goto.com, and the site has placed a cookie on my machine. The cookie file for goto.com contains the following information:
UserID A9A3BECE0563982D www.goto.com/
What goto.com has done is stored on my machine a single name-value pair. The name of the pair is UserID,and the value is A9A3BECE0563982D. The first time I visited goto.com, the site assigned me a unique ID value and stored it on my machine.
[Note that there probably are several other values stored in the file after the three shown above. That is housekeeping information for the browser.]
The vast majority of sites store just one piece of information -- a user ID -- on your machine. But there really is no limit -- a site can store as many name-value pairs as it likes.
A name-value pair is simply a named piece of data. It is not a program, and it cannot "do" anything. A web site can retrieve only the information that it has placed on your machine. It cannot retrieve information from other cookie files, nor any other information from your machine.
How Does Cookie Data Move?
As you saw in the previous section, cookie data is simply name-value pairs stored on your hard disk by a web site. That is all that cookie data is. The web site can store the data, and later it receives it back. A web site can only receive the data it has stored on your machine. It cannot look at any other cookie, nor can it look at anything else on your machine.
The data moves in the following manner:
If you type the URL of a web site into your browser, your browser sends a request to the web site for the page. For example, if you type the URL http://www.netcrackers.blogspot.com into your browser, your browser will contact Blogger's server and request its home page.
When the browser does this, it will look on your machine for a cookie file that Blogger has set. If it finds a Blogger cookie file, your browser will send all of the name-value pairs in the file to Blogger's server along with the URL. If it finds no cookie file, it will send no cookie data.
Blogger's web server receives the cookie data and the request for a page. If name-value pairs are received, Blogger can use them.
If no name-value pairs are received, Blogger knows that you have not visited before. The server creates a new ID for you in Blogger's database and then sends name-value pairs to your machine in the header for the web page it sends. Your machine stores the name-value pairs on your hard disk.
The web server can change name-value pairs or add new pairs whenever you visit the site and request a page.
There are other pieces of information that the server can send with the name-value pair. One of these is an expiration date. Another is a path (so that the site can associate different cookie values with different parts of the site). You have control over this process. You can set an option in your browser so that the browser informs you every time a site sends name-value pairs to you. You can then accept or deny the values.
How Do Web Sites Use Cookies?
Cookies evolved because they solve a big problem for the people who implement web sites. In the broadest sense, a cookie allows a site to store state information on your machine. This information lets a web site remember what state your browser is in. An ID is one simple piece of state information -- if an ID exists on your machine, the site knows that you have visited before. The state is, "Your browser has visited the site at least one time", and the site knows your ID from that visit.
Web sites use cookies in many different ways. Here are some of the most common examples:
Sites can accurately determine how many readers actually visit the site. It turns out that because of proxy servers, caching, concentrators and so on, the only way for a site to accurately count visitors is to set a cookie with a unique ID for each visitor. Using cookies, sites can:
->Determine how many visitors arrive
->Determine how many are new vs. repeat visitors
->Determine how often a visitor has visited
The way the site does this is by using a database. The first time a visitor arrives, the site creates a new ID in the database and sends the ID as a cookie. The next time the user comes back, the site can increment a counter associated with that ID in the database and know how many times that visitor returns.
Sites can store user preferences so that the site can look different for each visitor (often referred to as customization). For example, some sites offer you the ability to change content/layout/color. It or allows you to enter your zip code and get customized weather information.
Most sites seem to store preferences like this in the site's database and store nothing but an ID as a cookie, but storing the actual values in name-value pairs is another way to do it.
Ecommerce sites can implement things like shopping carts and "quick checkout" options. The cookie contains an ID and lets the site keep track of you as you add different things to your cart. Each item you add to your shopping cart is stored in the site's database along with your ID value. When you check out, the site knows what is in your cart by retrieving all of your selections from the database. It would be impossible to implement a convenient shopping mechanism without cookies or something like it.
In all of these examples, note that what the database is able to store is things you have selected from the site, pages you have viewed from the site, information you give to the site in online forms, etc. All of the information is stored in the site's database, and a cookie containing your unique ID is all that is stored on your computer in most cases.
An Example
To give you a simple example of what cookies and a database can do, We can take the example of Verizon.com They have created a simple history and statistics system for there articles. There system runs on the Verizon servers and lets you view your activity on the Verizon site. Here's how it works:
When you visit Verizon for the first time, the server creates a unique ID number for you and stores a cookie on your machine containing that ID. For example, on the machine I am using now, this is what I see in the Verizon cookie file:
user 35005 www.verizon.com/
There is nothing magic about the number 35,005 -- it is simply an integer that they increment each time a new visitor arrives. I was user number 35,005 to come to the Verizon site since this cookie system was installed. We could make the ID value as elaborate as we desire -- many sites use IDs containing 20 digits or more.
Now, whenever you visit any page on Verizon, your browser sends your cookie containing the ID value back to the server. The server then saves a record in the database that contains the time that you downloaded the page and the URL, along with your ID.
To see the history of your activity on Verizon, you can go to this URL on the site:
http://www.verizon.com/history.php
Your browser sends your ID value from the cookie file to the server along with the URL. The history.php page runs a piece of code that queries the database and retrieves your history on the site. It also calculates a couple of interesting statistics. Then it creates a page and sends it to your browser.
Try the URL for the history page now:
http://www.verizon.com/history.php
Then go view a couple of other pages on Verizon and try it again. You will see that the statistics change and so does the list of files.
Problems with Cookies
Cookies are not a perfect state mechanism, but they certainly make a lot of things possible that would be impossible otherwise. Here are several of the things that make cookies imperfect.
People often share machines -- Any machine that is used in a public area, and many machines used in an office environment or at home, are shared by multiple people. Let's say that you use a public machine (in a library, for example) to purchase something from an on-line store. The store will leave a cookie on the machine, and someone could later try to purchase something from the store using your account. Stores usually post large warnings about this problem, and that is why. Even so, mistakes can happen.
On something like a Windows NT machine or a UNIX machine that uses accounts properly, this is not a problem. The accounts separate all of the users' cookies. Accounts are much more relaxed in other operating systems, and it is a problem.
If you try the example above on a public machine (in a library or school, for example), and if other people using the machine have visited Verizon, then the history URL may show a very long list of files.
Cookies get erased -- If you have a problem with your browser and call tech support, probably the first thing that tech support will ask you to do is to erase all of the temporary Internet files on your machine. When you do that you lose all of your cookie files. Now when you visit a site again, that site will think you are a new user and assign you a new cookie. This tends to skew the site's record of new versus return visitors, and it also can make it hard for you to recover previously stored preferences. This is why sites ask you to register in some cases -- if you register with a user name and a password, you can re-login even if you lose your cookie file and restore your preferences. If preference values are stored directly on the machine then recovery is impossible. That is why many sites now store all user information in a central database and store only an ID value on the user's machine.
If you erase your cookie file for Verizon and then revisit the history URL in the previous section, you will find that Verizon has no history for you. The site has to create a new ID and cookie file for you, and that new ID has no data stored against it in the database.
Multiple machines -- People often use more than one machine during the day. For example a machine in the office, a machine at home and a laptop for the road. Unless the site is specifically engineered to solve the problem, the result will be three unique cookie files on all three machines. Any site that I visit from all three machines will track me as three separate users. It can be annoying to set preferences three times. Again, a site that allows registration and stores preferences centrally may make it easy for me to have the same account on three machines, but the site developers must plan for this when designing the site.If you visit the history URL demonstrated in the previous section from one machine and then try it again from another, you will find that your history lists are different. This is because the server created two IDs for you on the two machines.
There are probably not any easy solutions to these problems, short of asking users to register and storing everything in a central database.
Why the Fury around Cookies?
If you have read the article to this point, you may be wondering why there has been such an uproar in the media about cookies and Internet privacy. You have seen in this article that cookies are benign text files, and you have also seen that they provide lots of useful capabilities on the web.
There are two things that have caused the strong reaction around cookies:
The first is something that has plagued consumers for decades but is now getting out of hand. Let's say that you purchase something from a traditional mail order catalog. The catalog company has your name, address and phone number from your order, and it also knows what items you have purchased. It can sell your information to others who might want to sell similar products to you. That is the fuel that makes telemarketing and junk mail possible.
On a web site, the site can track not only your purchases, but also the pages that you read, the ads that you click on, etc. If you then purchase something and enter your name and address, the site potentially knows much more about you than a traditional mail order company does. This makes targeting much more precise, and that makes a lot of people uncomfortable.
Different sites have different policies. Many companies have strict privacy policies and do not sell or share any personal information about customers with any third party except in cases where you specifically allow them to do so. Other companies aggregate information together and distribute it.
The second is new. There are certain infrastructure providers that can actually create cookies that are visible on multiple sites. Many firms use these companies to serve ad banners on their sites. These companies place small (1x1 pixels) GIF files on the site that allow them to load cookies on your machine. The companies can then track your movements across multiple sites. It can potentially see the search strings that you type into search engines (due more to the way some search engines implement their systems, not because anything sinister is intended). Because it can gather so much information about you from multiple sites, the companies can form very rich profiles. These are still anonymous, but they are rich.
One company then went one step further by acquiring another firm, it threatened to link these rich anonymous profiles back to name and address information -- it threatened to personalize them, and then sell the data. That began to look very much like spying to most people, and that is what caused the uproar. Some companies are in a unique position to do this sort of thing, because they serve ads on so many sites. Cross-site profiling is not a capability available to individual sites, because cookies are site specific.
Things you didn't know about Windows XP.....
You've read the reviews and digested the key feature enhancements and operational changes.
Now it's time to delve a bit deeper and uncover some of Windows XP's secrets.
1. It boasts how long it can stay up. Whereas previous versions of Windows were coy
about how long they went between boots, XP is positively proud of its stamina.
Go to the Command Prompt in the Accessories menu from the All Programs start button option,
and then type 'systeminfo'. The computer will produce a lot of useful info, including the
uptime. If you want to keep these, type 'systeminfo > info.txt'. This creates a file
called info.txt you can look at later with Notepad. (Professional Edition only).
2. You can delete files immediately, without having them move to the Recycle Bin first.
Go to the Start menu, select Run... and type 'gpedit.msc'; then select User Configuration,
Administrative Templates, Windows Components, Windows Explorer and find the Do not move
deleted files to the Recycle Bin setting. Set it. Poking around in gpedit will reveal
a great many interface and system options, but take care -- some may stop your computer
behaving as you wish. (Professional Edition only).
3. You can lock your XP workstation with two clicks of the mouse. Create a new shortcut
on your desktop using a right mouse click, and enter 'rundll32.exe user32.dll,
LockWorkStation' in the location field. Give the shortcut a name you like.
That's it -- just double click on it and your computer will be locked. And
if that's not easy enough, Windows key + L will do the same.
4. XP hides some system software you might want to remove, such as Windows Messenger,
but you can tickle it and make it disgorge everything. Using Notepad or Edit, edit the
text file /windows/inf/sysoc.inf, search for the word 'hide' and remove it. You can
then go to the Add or Remove Programs in the Control Panel, select Add/Remove Windows
Components and there will be your prey, exposed and vulne
MAKING WINDOWS XP GENUINE THE EASY WAY
download jellybean keyfinder from this website
http://www.magicaljellybean.com/keyfinder.shtml
Now open keyfinder.exe
Click on options and click "change windows key"
Now enter this key and you're done.
*****************************
V2C47-MK7JD-3R89F-D2KXW-VPK3J
*****************************
P.S: this works on windows xp sp2 only......
ppl u can try this out...
this might sound silly but it works perfectly...
TRY INSTALLING IE7 OR MEDIA PLAYER11.
Keyboard Shortcuts
When speed counts, the keyboard is still king. Almost all the actions and commands you can perform with a mouse you can perform faster using combinations of keys on your keyboard. These simple keyboard shortcuts can get you where you want to go faster than several clicks of a mouse. You'll work faster on spreadsheets and similar documents, too, because you won't lose your place switching back and forth between mouse and keys.
Here are some of the most useful keyboard shortcuts:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:
Display or hide the Start menu.
Display the System Properties dialog box. +BREAK
Show the desktop. +D
Minimize all windows. +M
Restores minimized windows. +Shift+M
Open My Computer. +E
Search for a file or folder. +F
Search for computers. CTRL+ +F
Display Windows Help. +F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. + L
Open the Run dialog box. +R
Display the shortcut menu for the selected item.
Open Utility Manager. +U
Helpful accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT +left SHIFT +PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. +U
Keyboard shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW
Renaming The Recycle Bin icon
To change the name of the Recycle Bin desktop icon, click Start then goto Run, write Regedit and press Enter. It opens Registry Editor. Now in Registry Editor go to:
HKEY_CLASSES_ROOT/CLSID/{645FF040-5081-1
01B-9F08-00AA002F954E}
and change the name "Recycle Bin" to whatever you want (don't type any quotes).
Everything You wanted to know about FIREWALLS..!!
A firewall is basically something that protects the network from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire. Anyway a firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (the Internet.) To understand how a firewall works, firstly we need to understand how exactly data is transferred on the Internet.
The TCP\IP suite is responsible for successful transfer of data across a network both the Internet and the Intranet. The TCP\IP suite is a collection of protocols which are inter-related and interdependent and act as a set of rules according to which data is transferred across the network. A protocol can be defined as a language or a standard which is followed while transfer of data takes place.
A firewall relies on the source and destination IP and also the ports to control the packet transfer between the untrusted network and the trusted network. Firewalls can be classified into 3 types:
1. Packet Filter Firewalls
2. Application proxy Firewalls
3. Packet Inspection Firewalls
Packet Filter Firewalls
They are the earliest and the most criticized firewalls, which nowadays are not easily found. They are usually Hardware based i.e. Router Based (a router is a piece of device which connects two
networks together.) Whenever a Packet Filter Firewall receives a packet for permission to pass through, it compares the header information i.e. the source and destination IP address, and port number with a table of predefined access control rules If the header information matches, then the packet is allowed to pass else the packet is direct contact between the untrusted system and the trusted private system.
Such Firewalls can be fooled by using techniques like IP Spoofing in which we can change the source IP such that the firewall thinks that the packet has come from a trusted system which is among the list of systems which have access through the firewall.
Application proxy Firewalls
The shortcomings of the packet filter firewalls are addressed by the new type of firewalls developed by the DARPA. It was widely believed that the earlier type of firewalls were not secure enough as they allowed the untrusted systems to have a direct connection with the trusted systems. This problem was solved with the use of Proxy servers as firewalls. A proxy server which is used as a firewall are called application proxy servers. This kind of a proxy firewall examines what application or service (running on ports) a packet is meant for and if that particular service is available only then is the packet allowed to pass through and if the service is unavailable then the packet is discarded or dropped by the firewall.
Packet Inspection Firewalls
It can be also known as an extension of the Packet Filter Firewall. It not only verifies the source and
destination IP's and ports, it also takes into consideration or verifies that content of the data before passing it through. There are two ways in which this kind of a firewall verifies the data to
be passed:
State and Session.
In case of state inspection, an incoming packet is allowed to pass through only if there is a matching outward bound request for this packet. This means that the incoming packet is allowed to pass through only if the trusted server had requested for it or had sent an invitation for it.
In case of session filtering, the data of the incoming is not verified, but instead the network activity is traced and once a trusted system ends the session, no further packets from that system pertaining to that session are allowed to pass through.
All along you will come across many Firewalls on various systems, basically a
firewall can be established
or setup in two ways:
1. Dual-homed gateway
2. Demilitarized zone (DMZ)
In a dual homed gateway firewall, there is a single firewall with 2 connections, one for the trusted network and the other for the untrusted network.
In the case of a Demilitarized Firewall or a DMZ there are two firewalls, each with two connections, but there is a slight difference in the case of a DMZ setup.
In the case of a DMZ setup, there are two firewalls, the first having two connections, one leading to the untrusted network and the other leading to the host systems like the email server or the FTP server etc.
In the case of a Dual Homed Gateway the untrusted network is connected to the host systems (email and FTP servers etc) through a firewall and these host systems are connected to the internal private network. There is no second firewall between the host systems and the internal
private trusted network.
The basic structure of the DMZ setup declares it to be a more secure system as even if an attacker gets through the first firewall, he just reaches the host systems, while the internal network is protected by another firewall.
World of Registry
What is the Registry?
The Registry is the central core registrar for Windows NT. Each NT workstation for server has its own Registry, and each one contains info on the hardware and software of the computer it resides on. For example, com port definitions, Ethernet card settings, desktop setting and profiles, and what a particular user can and cannot do are stored in the Registry. Remember those ugly system INI files in Windows 3.1? Well, they are all included with even more fun stuff into one big database called the Registry in NT.
Always make sure that you know what you are doing when changing the registry or else just one little mistake can crash the whole system. That's why it's always good to back it up!
Backup and Restore:
Even with Windows 98, and Windows 95 you can not just backup the registry when you back up files. What you would need to do is run either: regedit32.exe (for NT) or regedit.exe and then click the registry menu, then click export registry. The next step is to click all, then pick the drive to back up onto (usually a removable drive like tape, floppy, cd, zip drive, jazz drive etc.) and then hit "ok". To restore a registry from a backed up version, enter the registry program the same way, click import registry and click the drive and path where the backup is and hit "ok". It will restore it back to the previous backed up settings and may require a reboot.
Note: registry backups are saved as .reg files, and they are associated with regedit as default. This means that once you double-click a .reg file, it's contents will be inserted into your own registry.
What is SAM?
SAM is short for Security Accounts Manager, which is located on the PDC and has information on all user accounts and passwords. Most of the time while the PDC is running, it is being accessed or used.
What do I do with a copy of SAM?
You get passwords. First use a copy of SAMDUMP.EXE to extract the user info out of it. You do not need to import this data into the Registry of your home machine to play with it. You can simply load it up into one of the many applications for cracking passwords, such as L0phtCrack, which is available from: http://www.L0phtCrack.com
Of interest to hackers is the fact that all access control and assorted parameters are located in the Registry. The Registry contains thousands of individual items of data, and is grouped together into "keys" or some type of optional value. These keys are grouped together into subtrees -- placing like keys together and making copies of others into separate trees for more convenient system access.
The Registry is divided into four separate subtrees. These subtrees are called
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
We'll go through them from most important to the hacker to least important to the hacker.
First and foremost is the HKEY_LOCAL_MACHINE subtree. It contains five different keys. These keys are as follows:
SAM and SECURITY - These keys contain the info such as user rights, user and group info for the domain (or workgroup if there is no domain), and passwords. In the NT hacker game of capture the flag, this is the flag. Bag this and all bets are off.
The keys are binary data only (for security reasons) and are typically not accessible unless you are an Administrator or in the Administrators group. It is easier to copy the data and play with it offline than to work on directly.
HARDWARE - this is a storage database of throw-away data that describes the hardware components of the computer. Device drivers and applications build this database during boot and update it during runtime (although most of the database is updated during the boot process). When the computer is rebooted, the data is built again from scratch. It is not recommended to directly edit this particular database unless you can read hex easily.
There are three subkeys under HARDWARE, these are the Description key, the DeviceMap key, and the ResourceMap key. The Description key has describes each hardware resource, the DeviceMap key has data in it specific to individual groups of drivers, and the ResourceMap key tells which driver goes with which resource.
SYSTEM - This key contains basic operating stuff like what happens at startup, what device drivers are loaded, what services are in use, etc. These are split into ControlSets which have unique system configurations (some bootable, some not), with each ControlSet containing service data and OS components for that ControlSet. Ever had to boot from the "Last Known Good" configuration because something got hosed? That is a ControlSet stored here.
SOFTWARE - This key has info on software loaded locally. File associations, OLE info, and some miscellaneous configuration data is located here.
The second most important main key is HKEY_USERS. It contains a subkey for each local user who accesses the system, either locally or remotely. If the server is a part of a domain and logs in across the network, their subkey is not stored here, but on a Domain Controller. Things such as Desktop settings and user profiles are stored here.
The third and fourth main keys, HKEY_CURRENT_USER and HKEY_CLASSES_ROOT, contain copies of portions of HKEY_USERS and HKEY_LOCAL_MACHINE respectively. HKEY_CURRENT_USER contains exactly would you would expect a copy of the subkey from HKEY_USERS of the currently logged in user. HKEY_CLASSES_ROOT contains a part of HKEY_LOCAL_MACHINE, specifically from the SOFTWARE subkey. File associations, OLE configuration and dependency information.
What are hives?
Hives are the major subdivisions of all of these subtrees, keys, subkeys, and values that make up the Registry. They contain "related" data.
All hives are stored in %systemroot%\SYSTEM32\CONFIG. The major hives and their files are as follows:
Hive File Backup File
HKEY_LOCAL_MACHINE\SOFTWARE SOFTWARE SOFTWARE.LOG
HKEY_LOCAL_MACHINE\SECURITY SECURITY SECURITY.LOG
HKEY_LOCAL_MACHINE\SYSTEM SYSTEM SYSTEM.LOG
HKEY_LOCAL_MACHINE\SAM SAM SAM.LOG
HKEY_CURRENT_USER USERxxx
ADMINxxx USERxxx.LOG
ADMINxxx.LOG
HKEY_USERS\.DEFAULT DEFAULT DEFAULT.LOG
Hackers should look for the SAM file, with the SAM.LOG file as a secondary target. This contains the password info.Hive File Backup File
HKEY_LOCAL_MACHINE\SOFTWARE SOFTWARE SOFTWARE.LOG
HKEY_LOCAL_MACHINE\SECURITY SECURITY SECURITY.LOG
HKEY_LOCAL_MACHINE\SYSTEM SYSTEM SYSTEM.LOG
HKEY_LOCAL_MACHINE\SAM SAM SAM.LOG
HKEY_CURRENT_USER USERxxx
ADMINxxx USERxxx.LOG
ADMINxxx.LOG
HKEY_USERS\.DEFAULT DEFAULT DEFAULT.LOG
Hackers should look for the SAM file, with the SAM.LOG file as a secondary target. This contains the password info.
For ease of use, the Registry is divided into five separate structures that represent the Registry database in its entirety. These five groups are known as Keys, and are discussed below:
HKEY_CURRENT_USER
This registry key contains the configuration information for the user that is currently logged in. The users folders, screen colors, and control panel settings are stored here. This information is known as a User Profile.
HKEY_USERS
In windowsNT 3.5x, user profiles were stored locally (by default) in the systemroot\system32\config directory. In NT4.0, they are stored in the systemroot\profiles directory. User-Specific information is kept there, as well as common, system wide user information.
This change in storage location has been brought about to parallel the way in which Windows95 handles its user profiles. In earlier releases of NT, the user profile was stored as a single file - either locally in the \config directory or centrally on a server. In windowsNT 4, the single user profile has been broken up into a number of subdirectories located below the \profiles directory. The reason for this is mainly due to the way in which the Win95 and WinNT4 operating systems use the underlying directory structure to form part of their new user interface.
HKEY_LOCAL_MACHINE
This key contains configuration information particular to the computer. This information is stored in the systemroot\system32\config directory as persistent operating system files, with the exception of the volatile hardware key.
The information gleaned from this configuration data is used by applications, device drivers, and the WindowsNT 4 operating system. The latter usage determines what system configuration data to use, without respect to the user currently logged on. For this reason the HKEY_LOCAL_MACHINE regsitry key is of specific importance to administrators who want to support and troubleshoot NT 4.
HKEY_LOCAL_MACHINE is probably the most important key in the registry and it contains five subkeys:
Hardware: Database that describes the physical hardware in the computer, the way device drivers use that hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. All data in this sub-tree is re-created everytime the system is started.
SAM: The security accounts manager. Security information for user and group accounts and for the domains in NT 4 server.
Security: Database that contains the local security policy, such as specific user rights. This key is used only by the NT 4 security subsystem.
Software: Pre-computer software database. This key contains data about software installed on the local computer, as well as configuration information.
System: Database that controls system start-up, device driver loading, NT 4 services and OS behavior.
Information about the HKEY_LOCAL_MACHINE\SAM Key
This subtree contains the user and group accounts in the SAM database for the local computer. For a computer that is running NT 4, this subtree also contains security information for the domain. The information contained within the SAM registry key is what appears in the user interface of the User Manager utility, as well as in the lists of users and groups that appear when you make use of the Security menu commands in NT4 explorer.
Information about the HKEY_LOCAL_MACHINE\Security key
This subtree contains security information for the local computer. This includes aspects such as assigning user rights, establishing password policies, and the membership of local groups, which are configurable in User Manager.
HKEY_CLASSES_ROOT
The information stored here is used to open the correct application when a file is opened by using Explorer and for Object Linking and Embedding. It is actually a window that reflects information from the HKEY_LOCAL_MACHINE\Software subkey.
HKEY_CURRENT_CONFIG
The information contained in this key is to configure settings such as the software and device drivers to load or the display resolution to use. This key has a software and system subkeys, which keep track of configuration information.
Understanding Hives
The registry is divided into parts called hives. These hives are mapped to a single file and a .LOG file. These files are in the systemroot\system32\config directory.Registry Hive File Name
HKEY_LOCAL_MACHINE\SAM SAM and SAM.LOG
HKEY_LOCAL_MACHINE\SECURITY Security and Security.LOG
HKEY_LOCAL_MACHINE\SOFTWARE Software and Software.LOG
HKEY_LOCAL_MACHINE\SYSTEM System and System.ALT
Checkout these sites for more info:
NT registry Hacks: http://www.jsiinc.com/default.htm?/reghack.htm
Unofficial NT Hack: http://www.nmrc.org/faqs/nt/index.html
Rhino9: The Windows NT Security Research Team: http://www.xtreme.abyss.com/techvoodoo/rhino9
Regedit.com - cool registry tricks: http://www.regedit.com
Also please checkout: www.windows2000test.com and give it your best shot because Microsoft wants you to test their operating system's security flaws for them. They are challenging all hackers to hack that site.
Simple Computer Tricks
1) How to change someones/your password without knowing their/your current one or being on their/your user.
2) How to do a shutdown prank
3) How to make a fake virus
Posts
