Dwijbhargav: 24 Sept 2011

Saturday, 24 September 2011

"Untold Windows Tips and Secrets"

Welcome to another Hacking Truths Manual. This time I have a collection of Tips and Tricks which no body normally knows, the secrets which Microsoft is afraid to tell the people, the information which you will seldom find all gathered up and arranged in a single file. To fully reap this Manual you need to have a basic understanding of the Windows Registry, as almost all the Tricks and Tips involve this file.

****************

Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system

****************

Exiting Windows the Cool and Quick Way

Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)

'C:\windows\rundll.exe user.exe,exitwindowsexec'

This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:

'c:\windows\rundll.exe user.exe,exitwindows'

This Shortcut on clicking will shut down Windows immediately without any Warning.

Ban Shutdowns : A trick to Play on Lamers

This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.

Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:

This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.

Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoClose"="1"

Disabling Display of Drives in My Computer

This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDrives"=dword:03ffffff

Take Over the Screen Saver

*(Not Check) To activate and deactivate the screen saver whenever you want, goto the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers

Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.

Pop a banner each time Windows Boots

To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon

Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]

"LegalNoticeCaption"="Caption here."

Delete the Tips of the Day to save 5KB

Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.

To save 5K go to the following key in Regedit:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips

Now simply delete these tricks by selecting and pressing the DEL key.

Change the Default Locations

To change the default drive or path where Windows will look for it's installation files, go to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath

Now you can edit as you wish.

Secure your Desktop Icons and Settings

You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.

CLSID Folders Explained

Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.

Before we go on, you need to u ;;;

Hacking into Linux (NEWBIE SERIES)

Till now almost all Hacking Truths manuals have been Windows centric. I have always kept the newbie Windows user in mind, while writing manuals. However, with the growing popularity of Linux and the fact that Linux is considered to be the Hacker’s OS, I decided to start a *nix series.

Getting Root on a Linux machine

As you read this manual, you will discover that our basic aim always remains the same, i.e. we want to get root. Now, root is nothing but sort of a sort user, who has maximum privileges, and can do whatever he wants to do on a system. ‘Root’ is to *nix what administrator is to Windows NT. If you get root then you can practically control each and every aspect of the system. You could, remove accounts, delete files, disable daemons, and even format the entire system.

******************

NEWBIE NOTE: Getting root is considered to be really really elite especially in schools. If you are able to get root in your school network, then you practically get transformed into a semi-god, but why? Well, the reasons are pretty obvious. Aren’t they?

******************

OK, I am really interested. How do I do it? Well, in this section, we are not going to run any C program nor are we going to do any kind of coding, but we will simply exploit a small vulnerability existing in a feature which comes with Linux. This will work almost 9 times out of 10, however, if you plan to use this technique to get ‘root’ on your ISP, then forget it pal. The technique explained below is quite common and the system administrator would probably be smart enough to cover up this security loophole.

Before we move on, there is one thing that you need to keep in mind. i.e. For this to work, you need to have physical access to the target system. Anyway, boot the target system and wait for the LInux LOader or LILO Prompt to come up.

At the LILO prompt type ‘linux single’ (without Quotes) or ‘linux 1’ to get the root shell where you can practically do anything.

Once Linux single is running, you get the root shell where you can type can any command which is accepted by the default shell on your system. Now, here, type ‘linuxconf’. This will bring up a blue screen, which is the Linux Configuration Utility. Then, click on Users > Root Password. This will allow you to change the root password!!! Yes, you read right, change the root password. Scroll down further, and you could also add new accounts with root privileges.

The linux config utility is certainly not a hole in Linux. It was actually designed to help, if the root password was forgotten.

Well, there is yet another way in which we can get root. In the first method, we typed ‘linuxconf’ in the bash shell prompt, however, we could type the following to create a new account with root privileges and without any password:

echo “dwij::0:0:::” >> /etc/passwd

This command will basically edit the /etc/passwd file which is the password file which stores the Passwords and Usernames of all accounts on the machine. One thing to remember here is that you can edit the /etc/passwd file only if you are logged in as root, however, in this case we are not logged in as root, but we have booted into linux single which gives us the root shell. Hence, we can still edit it.

Anyway, to understand how exactly the above command works and how it is able to create a new account without a password, we need to learn the /etc/passwd file is structured.

The following is a line from a password file:

dwij:my_password:2:3:dwij bhargav:/home/dwij:/bin/bash

The above can in turn be broken up into:

Username: dwij

Encrypted Password: my_password

User number: 2

Group Number: 3

Actual Name: Dwij bhargav (Optional)

Home Directory: /home/dwij (Optional)

Type of Shell: /bin/bash (Optional)

In our command, we have not included the optional fields and the password field of a typical password file line. Our command:

echo “dwij::0:0:::” >> /etc/passwd

can be rewritten as:

Username: dwij

Encrypted Password:

User number: 0

Group Number: 0

Actual Name:

Home Directory:

Type of Shell:

This basically creates a new account with root privileges, which can be used as a Backdoor into the system.

**********************

HACKING TRUTH: If you have enabled, shadow passwords, then the command will change to:

echo “dwij::0:0:::” >> /etc/shadow

A typical line from the password file on a system with Shadow Passwords enabled is as follows:

dwij:*:2:3:Dwij bhargav:/home/ankit:/bin/bash

In a shadowed password file what happens is that the password field is replaced by a ' * ' (The ' * ' is called a token.) such that the encrypted password does not show up in the password file and the list of encrypted passwords is stored in a different file which is not readable by normal users.

**********************

I have tired the above method on a number of systems, and have found that it works only about 80% of the times. So, after some more fooling around, I came about with yet another method, which till now seems to be foolproof.

Now, as you are in the root shell, launch your favorite editor (eg vi) and open /etc/passwd in it. Now, delete the encrypted text between the first two colons in the line, which contains the entry for root. This, will not create a new account with root privileges, but will change the password of the root, to null. So, basically this will get you a root account without any password. Once, you have removed the encrypted password, at the prompt, type ‘init 3’ to switch back to the normal start up or else for a graphical start up type: ‘ init 5’.

Now, say you do not want to create a new account, but want to change the root password so as to teach the system administrator a lesson. What do you do? Well, simply use the passwd command followed by the new password. As you are in the root shell, the root password will change to the new one that you supply.

OK, I get the point; Linux too is not 100% safe, so how can I make it safer? Well, you could password protect linux single. To do so, you have to launch your favorite editor like vi, and open /etc/LILO.conf. Now, add the following line, in a new line, after the first line:

Restricted password_goes_here

(The above is: Restricted followed by a space and following by the password that you choose.)

Now, save and close the editor. At the prompt then type: LILO, to execute the /etc/LILO.conf file, so as to make the changes. Now, the next time, you type linux single, at the LILO prompt, you will be asked the password that you typed in the above file. So this basically acts as another barrier for anyone trying to use the techniques described in this manual, to break into your Linux box. None, of the other functioning of the linux box will be affected.

********************

HACKING TRUTH: Well, Aragon (veljkop@ptt.yu ) suggested yet another method, which I would like to mention.

1.Go to directory /etc/rc.d

2.In it there should be several files if your lucky there are a bunch of files with similar names rc.1,rc.2...etc. these files are shell scripts which are run each time when the named runnlevel is started. These files are very much similar to autoexec.bat but even more complex you can mess with them to cause interesting results BUT be CAREFULL!). rc.1 is therefore the file for runlevel one

3.Backup it in a file named rc.x (or something else)

4.Copy some other runlevel (runlevel 3 is good) but make sure that the runlevel is multi-user.

5.Make a boot and root(for Slackware) disc (do not skip this) so if anything goes wrong you still have a

runlevel 1

*********************

Getting root Remotely

The following has been taken from Bugtraq, this exploit is supposed to get you root. However, it has not been tested or verified by me. So give me the feedback.

___________________________________________

Included below is an exploit for the recently exposed linux rpc.statd

format string vulnerability[0]. I have tailored it towards current Redhat

Linux 6.x installations. It can easily be incorporated into attacks against

the other vulnerable Linux distributions.

I am not a security expert, but I'll offer my two cents worth: this format

string issue, while drawing upon elements of straightforward buffer overflow

exploitation, is more insidious and will probably take some time to instill

itself in the minds of even security-conscious programmers. Programs like

ITS4[1], pscan[2], and grep (heh!) do offer valuable assistance when trying

to isolate weak portions of code in a phase one search. However, one thing

I've

learnt during my short time researching these things is that the complex

interaction between code and data introduces the need for a more extensive

line by line audit[3].

This "new" problem will (if it hasn't already) spark a new wave of code

reviews

of critical applications, especially those networking daemons and privileged

programs which were given the "all clear" in the first sweep (although

history

shows us that a lot of programs somehow slipped through the cracks.) Someone

else sent an excellent post about the possibility of "remote debugging" with

these format string vulnerabilities. Once again, I'm not speaking out of any

authority, but I can say that such an aid to otherwise blind exploitation

is indeed a godsend when a host is being probed by a skilled intruder.

You must understand that this particular vulnerability is much harder to

exploit than the buffer overflow vulnerabilities that you're probably

accustomed to. The problem which will bite you is that if the calculations

are not precise, statd crashes with a SIGSEGV. As you've realized by now,

brute forcing won't cut it. Also, a successful exploitation will render

subsequent attacks fruitless.

I have seen statd running on a great number of linux systems and if you can

simulate an attack against a remote system on one of your own boxes, it is

*trivial* to exploit that remote system. Despite the shortcoming with

the single attempt restriction, it was possible to reduce the exploitation

variables down to a SINGLE address for most attacks. The default values

for Redhat Linux 6.x work fine for me, so I'm probably fussing over nothing.

Anyway, enjoy the exploit.

_________________________________

Well, that is all for now, hope you enjoyed the first in the Linux Series. This was quite lame and was strictly meant for newbies only, so all your uberhackers, kindly hang on.

"dwijbhargav"

DWIJ BHARGAV

LPU BRAND AMBASSADOR "CLAUDIA CIESLA"

Born in Wodzisław Śląski, Poland, she grew up in Buków, part of Silesia, five miles from the Czech border. Her father is Polish, her mother is German and she has two older sisters.

MODELLING CAREER:---
Claudia Ciesla started modeling at the age of 15 working for shows involved in fashion and dancing.^[3] At the age of 17 she moved to Bamberg, Germany. She was in Germany discovered by the former German Chief Editor, Stefan Gessulat, and appeared in the August 2005 Matador issue as Miss Matador.^[4]She went on to do many glamorous bikini style and fashion modeling shoots.
In March 2006, Ciesla won a subscribers poll on the internet websites of Auto Bild, Bild, Sat.1, T-Online and Kabeleins to give her first place as Germany's Super Girl 2006.^[5] In May 2006 she was selected by Bild as the Football/Soccer Worldcup Girl 2006, and during the World Cup 2006 she was featured on the front page of a total of seven publications of that newspaper. In November 2007 she told in an interview, that she plans after her modelling career to become a tax consultant.^[3]
In 2008 Claudia Ciesla was in Austria chosen for the Snow Queen 2008. In the touristic season 2007-2008 she was representing the snowrichest tourist Ski-Village in the World, and was showing up on various events and promotional appearances, photo shoots for magazines, advertising and brochures, and did a cover shoot for the magazine “MOTOR-Freizeit and TRENDS“ in Austria.^[6]

BOLLYWOOD:---

Ciesla was invited by Sandeep Marwah the Chairman of Marwah Films & Video Studios and visited Noida Film City in India, where she was presented with a life membership of International Film and Television Club of Asian Academy Of Film & Television.^[23] According The Times of India, Claudia Ciesla made decision to convert to Hinduism. She said "I've discussed Indian philosophy and the Hindu religion and its gods, I love the aspects of tolerance, I love the thought of Karma and reincarnation."^[24]

Ciesla was invited by LPU and was awarded as the Brand Ambassador of the "Lovely Professional University". The LPU University also honoured her as "New promising foreign face in India".^[25]^[26] She was awarded with the prestigious Karmaveer Puraskaar Award for her involvement in social work on 26 November 2009. The Karmaveer Puraskaar, is iCONGO’s National People’s Award for Social Justice and Action that honours concerned citizens. In the past, Kajol, Ad guru and social activist Alyque Padamsee, Dr. Leo Rebello, Rahul Bose, Remo Fernandes, M S Swaminathan (Father of the Green Revolution in India) have been recipients of the Karmaveer Puraskar.^[27] As a part of her social endeavor she supports a Delhi based national NGO-KHUSHII, working holistically for the benefit of the underprivileged.

Ciesla was roped in as one of the inmates at the Bigg Boss house in the third season of the reality show Bigg Boss (Season 3). It began airing on 4 October 2009 on Colors and was telecast daily at 9 p.m. for 84 Days with Amitabh Bachchan as the host. This was her first brush with Indian reality TV.^[28] She was evicted on day 68, after spending 10 weeks on the show.

Since December 2010, Claudia was attending the TV show Zor Ka Jhatka: Total Wipeout shot in Buenos Aires, Argentina.^[29] It is the Indian celebrity version of Wipeout with Bollywood actor Shah Rukh Khan as the host. The show ended on February 25, 2011 with Kushal Punjabi as the winner taking home Rs 50,000,000, while Claudia Ciesla was the runner-up by 51 seconds, to come in second place.^[30]^[31]

HOW SHE BECAME "LPU BRAND AMBASSDOR":--

Claudia is a young German, model actresses and singer.

She played in Bollywod films like "KARMA, Crime, Passion, Reincarnation" and "10:10" and in a German sitcom"Beach House" and Italian Sitcom "OUTSIDERS IN PALERMO"
She was also a photo model for the German newspaper "BILD" and English newspaper "THE SUN". She also was the cover-girl of the Austrian magazine "MOTOR-Leisure and TRENDS"
She was named Brand Ambassador of LPU for Europe by Ashok Mittal, president of the Indian University LPU.

Name : Claudia Ciesla
Nickname : cclaudia
Age : 22
Height : 5ft 8.5in
Weight : 125lbs