Pages

Wednesday, 31 October 2012

EDIT YOUR SYSTEM REGISTRY


Steps

  1. 1
    Go to the start menu to open run application launching window and then type regedit (then enter) to start the registry editing program. The registry editor should start.

Edit Background Information

How the Registry is stored

  1. 1
    In Windows 95, 98, and Me, the Registry is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT.
  2. 2
    In Windows 2000 and Windows XP, the Registry is stored in several Hives, located in the \windows\system32\config and \Documents and Settings\ {username} folders.

Structure of the Registry

  1. 1
    The Registry has a hierarchal structure, like the directories on your hard disk. Each branch (denoted by a folder icon in the Registry Editor, see below) is called a Key. Each key can contain other keys, as well as Values. Each value contains the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.
  2. 2
    There are six main branches (five in Windows 2000 and Windows XP), each containing a specific portion of the information stored in the Registry. They are as follows:
    • HKEY_CLASSES_ROOT - this branch contains all of your file types as well as OLE information for all your OLE-aware applications.
    • HKEY_CURRENT_USER - this branch points to the part of HKEY_USERS appropriate for the current user.
    • HKEY_LOCAL_MACHINE - this branch contains information about all of the hardware and software installed on your computer. Since you can specify multiple hardware configurations, the current hardware configuration is specified in HKEY_CURRENT_CONFIG.
    • HKEY_USERS - this branch contains certain preferences (such as colors and control panel settings) for each of the users of the computer. In Windows 95/98/Me, the default branch here contains the currently-logged in user. In Windows 2000/XP, the default branch here contains a template to be used for newly-added users.
    • HKEY_CURRENT_CONFIG - this branch points to the part of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
    • HKEY_DYN_DATA (Windows 95/98/Me only) - this branch points to the part of HKEY_LOCAL_MACHINE, for use with Windows' Plug-&-Play subsystem.

Using the Registry Editor

  1. 1
    The Registry Editor (regedit.exe) is included with Windows to enable you to view and edit the contents of the Registry. When you open the Registry Editor, you'll see a window divided into two panes. The left side shows a tree with folders (see Structure of the Registry above), and the right side shows the contents (values) of the currently selected folder (key).
    • To expand a certain branch, click on the little plus sign [+] to the left of any folder, or just double-click on the folder.
    • To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu. You can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.

Edit Possible Edits

Uninstall Programs Manually

  1. 1
    Just because Windows XP has the Add/Remove Programs feature it doesn't mean your application will appear in the list. Furthermore, even if it does appear, it's no guarantee that the uninstall feature will work. When you run across one of these situations the items listed below will help in getting rid of the application. Be aware that these steps may not remove everything associated with the application and can impact other applications on the computer. Have a backup or restore point and use caution.
  2. 2
    Find the directory for the application and delete all the files in the directory. Delete the directory.
  3. 3
    Open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE and find the folder for the application. Delete the folder.
  4. 4
    Open regedit and navigate to HKEY_CURRENT_USER\SOFTWARE and find the folder for the application. Delete the folder.
    • To remove the application entry from Add/Remove Programs (if present), open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and find the folder for the application. Delete the folder.
    • Some applications have Services attached to them. If this is the case, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services, locate and delete the service.
  5. 5
    In Windows Explorer, navigate to the individual user settings and delete program references. Common places to check would be:
    • C:\Documents and Settings\All Users\Start Menu\Programs and delete relevant entries.
    • C:\Documents and Settings\All Users\Start Menu\Programs\Startup and delete relevant entries.
    • C:\Documents and Settings\%YourUserID%\Start Menu\Programs and delete relevant entries. [Do this for each User ID listed]
    • C:\Documents and Settings\%YourUserID%\Start Menu\Programs\Startup and delete relevant entries.[Do this for each User ID listed]
  6. 6
    If no entries were found in the previous step and the application launches automatically, navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows and delete the entry.

Move Location of History Folder

By default, History files (the URL to sites that you have visited, organized by day) are stored at in the folder %USERPROFILE%\Local Settings\History. You can redirect these files to any folder using the following Registry changes:
  • Hive: HKEY_CURRENT_USER
  • Key: Software\Microsoft\Windows\CurrentVersion\Explorer\UserShellFolders
  • Name: History
  • Data Type: REG_SZ
  • Value: path to new folder

Clear Pagefile on Shutdown

When Windows shuts down, it leaves the pagefile intact on the hard drive. Some programs may store sensitive information in clear text format in memory (which in turn may be paged out to disk). You may wish to empty this file for security reasons, or to help speed a boot time defrag, or because you dual boot, and you don't want to share the file, or just as part of troubleshooting a problem. Making the following registry change (or create the following entry) will clear your page file when rebooting.
  • Hive: HKEY_LOCAL_MACHINE
  • Key: SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
  • Name: ClearPageFileAtShutdown
  • Data Type: REG_DWORD
  • Value: 1

Disable Changing Passwords

If, for some reason, you decided that you didn't want users of a Windows 2000 computer to be able to change their password unless prompted to, you can make this Registry change to implement that:
  • Hive: HKEY_CURRENT_USER
  • Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
  • Name: DisableChangePassword
  • Data Type: REG_DWORD
  • Value: 1
A value of 0 means they can change their password whenever they want to. A value of 1 means that users will not be able to change their password unless prompted (by the password expiring, or by the box next to "User Must Change Password at Next Logon" being checked). Please use caution and frequent backups when working with the Registry.

Get Rid of Shared Documents

New to Windows XP is a "Shared Documents" folder that appears in My Computer. This is really just a pointer to another area on disk. You can keep this from appearing by deleting the following Subkey from the Registry:
  • Hive: HKEY_LOCAL_MACHINE
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\My
  • Computer\NameSpace\DelegateFolders
  • Subkey: {59031a47-3f72- 44a7-89c5-5595fe6b30ee}
  • Delete the whole Subkey and all that it contains.
You may wish to right-click this Subkey and export it before deleting it, just to be safe. This also will prevent the current users "My Documents" from showing up in the same area of My Computer. Use caution and frequent backups when editing the Registry.

Model your explorer toolbars

This helps you add an image to the background of your explorer toolbar. To do this go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\toolbar and add a new string value named? BackBitmapShell? (Without quotes) to it and set its value to the path of the image file. Tip #595: Add a background bitmap to the Internet Explorer toolbar One can easily add a bitmap to the Internet Explorer toolbar. Go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar and create a new string value named? BackBitmapIE5? (For Internet Explorer 5) and set the path of the bitmap as it value.

Show a Recycle Bin in your My Computer

  • Hive: HKEY_LOCAL_MACHINE
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\My
  • Computer\NameSpace
  • In NameSpace create a New Key & named it as {645FF040-5081-101B-9F08-
  • 00AA002F954E}
  • Now in Right pane make a value Default to “Recycle Bin” without Quotes.
  • Refresh a comp or Restart a comp to effect a change that u have made  
    1. Attributes
  • 70 01 00 20? Adds both rename and delete to the menu
  • 50 01 00 20? Adds only rename option to the menu
  • 60 01 00 20? Adds only delete to the menu
  • 47 01 00 20? Adds cut, copy, paste to the menu
  • 40 01 00 20? Changes the menu to its default condition

Shutdown XP Faster

When a user shuts down Windows XP, first the system has to kill all services currently running. Every once in a while the service does not shut down instantly and windows give it a change to shut down on its own before it kills it. This amount of time that windows wait is stored in the system registry. If you modify this setting, then windows will kill the service earlier. To modify the setting, follow the directions below:
  • Start Regedit.
  • Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
  • Click on the "Control" Folder.
  • Select "WaitToKillServiceTimeout"
  • Right click on it and select Modify.
  • Set it a value lower than 2000 (Mine is set to 200).
  • Or
  • Like previous versions of windows, it takes long time to restart or shutdown windows
xp when the "Exit Windows" sound is enabled. To solve this problem you must disable this useless sound. Click start button then go to settings -> control panel -> Sound, Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on "Exit Windows" sub-menu and highlight it. Now from sounds you can select, choose "none" and then click apply and ok. Now you can see some improvements when shutting down your system.

Display message on startup XP

If you would like to display a legal message or any other message in a pop-up window when windows starts read below:
  • Start Regedit; if you are unfamiliar with Regedit please see our FAQ.
  • Navigate to HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows
  • NT/CurrentVersion/Winlogon.
  • Modify the key “legalnoticecaption” with what you want to name the window.
  • Modify the key “legalnoticetext” with what you want the window to say.
  • Restart.

Change a name of Microsoft Internet Explorer

  • Hive: HKEY_CURRENT_USER
  • Key: Software\Microsoft\Internet Explorer\Main
  • Name: Window Title
  • Data Type: REG_SZ
  • Value: Text
  • Whatever text you enter in for the value will appear in the title of the IE Window.
  • Note: I have only checked this in IE 5.x and 6.x.

Edit Warnings

  • Editing the registry can be very dangerous, and can cause permanent damage to your system!
  • Write down the your changes and initial values. You may need to restore the registry as it was.
  • Registry editing may not be possible in some Windows versions.
  • A few words about clearing the pagefile on shutdown. Doing this has no performance benefits whatsoever. This does not delete the file but overwrites every byte with zero's. A boot time defrag will not be sped up by doing this. Clearing the pagefile is sometimes done as a security measure. But unless it is a part of a well thought out security policy it will avail you little. There are many other ways to obtain access to sensitive data and most of them require less effort. It should also be noted that this will considerably lengthen shutdown times.

Friday, 19 October 2012

Clean Your RAM Using Notepad



How To Clean Your RAM Using Notepad

without using any software





>First open notepad

>Type FreeMem=Space(10240000000)

>Save it as CLEANER.VBS in any location you like.

>You can edit the code and write 512 instead of 1024 if you own a 512mb RAM or change to anything you like.

>Then run it !

Retrieve Windows admin password



Offline NT Password & Registry Editor

This is a utility to reset the password of any user that has a valid local account on your Windows system.
Supports all Windows from NT3.5 to Win7, also 64 bit and also the Server versions (like 2003 and 2008)
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a CD or USB disk to do the password reset.


Will detect and offer to unlock locked or disabled out user accounts!
There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing. 


Bootable CD imagehttp://www.4shared.com/zip/ByD-7EPE/cd110511.html

Files for USB installhttp://www.4shared.com/zip/jIC9QozA/usb110511.html

How to Use? Detailed Instructions found here 
http://pogostick.net/~pnh/ntpasswd/



How to make an bootable USB drive


  • Copy all the files that is inside the usbXXXXXX.zip or on the CD onto an usb drive, directly on the drive, not inside any directory/folder.
  • It is OK if there are other files on the USB drive from before, they will not be removed.
  • Install bootloader on the USB drive, from command prompt in windows (start the command line with "run as administrator" if possible)
    • X:syslinux.exe -ma X:
  • Replace X: with the drive letter the USB drive shows up as (DO NOT USE C:)
  • If it seems like nothing happened, it is usually done.
  • However, a file named ldlinux.sys may appear on the USB drive, that is normal.
  • It should now in theory be bootable.
  • Please know that getting some computers to boot from USB is worse than from CD, you may have to change settings, or some will not simply work at all.
  • Sunday, 14 October 2012

    md5 hashes cracking sites








    * www.tmto.org
    * md5.noisette.ch
    * md5decryption.com
    * www.c0llision.net
    * www.netmd5crack.com
    * www.md5decrypter.com
    * md5hashcracker.appspot.com
    * www.hashhack.com
    * isc.sans.edu
    * www.md5crack.com
    * passcracking.com
    * authsecu.com
    * md5.rednoize.com
    * md5.web-max.ca
    * www.cmd5.com
    * md5.thekaine.de
    * www.shell-storm.org
    * www.md5this.com
    * www.hashchecker.com
    * hashcrack.com
    * md5pass.com
    * md5pass.info
    * cmd5.org

    Use Firefox as Hack tool - 2


    Use Firefox as Hack tool - 2



    Source & Credit

    Enjoy reading and testing.

    Tamper Data tutorial


    Tamper Data is a Firefox Extension which gives you the power to view, record and even modify outgoing HTTP requests. This is extremely useful when trying to answer questions like: 
    • What cookies are being sent to the browser, and what is the browser returning?
    • Are the Cookies marked "secure"?
    • When a redirect happens, is it an HTTP 302?
    • What kind of HTTP Authentication is happening?
    Tamper Data can help answer each of these and other puzzling website behavior questions. 

    CONTENTS


    GETTING STARTED

    Since it's a Firefox extension, you'll first need to download and install Firefox (if you haven't already). Then visit the Tamper Data project page and click the link that reads "Install Now". 
    Finally, restart Firefox and open Tools → Tamper Data. This will bring up the "Tamper Data - Ongoing Requests" window. 

    Enlarge

    RECORDING TRANSACTIONS

    As soon as the Ongoing Requests window is up, Tamper Data will start recording HTTP requests. Here's what the window looks like after requesting blogger.com's main page. 

    Enlarge
    The columns in the main window pane are: 
    • Time - When the request happened.
    • Duration - How long it took to be retrieved.
    • Total Duration - How long it took to render (includes response download time of item and all sub-items)
    • Size - Size of received content (-1 indicates the item was loaded from the cache)
    • Method - The HTTP method issued (GET or POST)
    • Status - HTTP Status code received or "Loaded from cache"
    • Content Type - Type of data received (aka Mime-Type)
    • URL - Fully qualified URL of request.
    • Load Flags - Additional HTTP information used in retrieving or rendering content.
    Selecting an item brings its HTTP Request and Response information to the lower two left and right panes respectively. 

    Enlarge
    This gives you a more detailed view into what the request is doing. If the request you selected happened to contain Cookie information, you'll see a Cookie line in the left-hand pane or a Set-Cooke line in the right hand pane or both. 
    Double-clicking an entry will bring up the "Tamper Details" window, which provides easy access to that request element's data. Here, I've opened the Tamper Details for the Cookie header of the initial blogger.com home page request. 

    Enlarge
    Using the process outlined above, it's easy to inspect what's going on during a browsing session. 
    Though the data is pretty to look at inside the Tamper Data shell, it's often convenient to move that data into an external file for viewing. To do this, return to the Ongoing requests window, right-click and choose "Copy all". 
    This will place all the request information into your clipboard so you can paste it into your favorite text editor. 

    GRAPHING RESULTS

    To graph the recorded results, in the Ongoing Requests window, select the desired results, right-click and choose "Graph selected" or "Graph all". 

    Enlarge
    The columns of the graph are: 
    • URL - Fully qualified URL for the Item
    • Status - HTTP Stats Code
    • Duration - How long it took to download
    • Time - A Gantt chart of requests.
    In the Time chart, you'll notice dark-blue and light-blue bars. The darker blue bars represent the Duration, while the lighter blue signifies the duration of all included components. For example, an HTML page would have a light-blue bar spanning all of its CSS, JavaScript and Image inclusions. 
    Mousing over a URL reveals more information about that component. 

    Enlarge
    Clicking the URL link opens a tab with that item's contents. 

    Enlarge

    TAMPERING

    "Tampering" is the act of modifying request parameters before request submission. To begin Tampering, in the Ongoing Requests window, click the "Start Tamper" button in the upper-left corner. 
    From here on out, whenever a top-level request is issued, you'll be prompted to tamper with the request. Selecting the Tamper button will launch the Tamper Popup. 

    Enlarge
    Traditional HTTP header fields are to the left, while any POST data is to the right. If the request uses the GET method, then the right-hand side of the dialog will be empty. 
    After changing any request parameters, clicking OK will execute the request. In the Tamper Popup window, right-clicking a field reveals shortcut methods for a number of neat tricks such as URL encoding/decoding, Base64 encoding/decoding and HTML character removal. 

    SUMMARY

    Tamper Data is an excellent Firefox extension that matches IBM Page Detailer in features and utility. When Firefox is a permissible browser, Tamper Data is the clear choice between the two. However, there are cases when a non-Mozilla based browser is required (read: IE). In those rare instances, IBM Page Detailer is the way to go. 

    Find Admin Pages on website -- Perl Script( tool)




    1) Download Active Perl  and Install ( assuming C:\ drive).
    2) Download Admin Finder
    3)Copy Admin Finder to C:\Perl\bin( assuming that you have installed Acitve Perl on C:\drive)
    4) open command prompt , Navigate to C:\perl\bin
    5) Run C:\Perl\bin>admin_CP_finder.pl 
        Hit Enter.



    6)Enter the website name. ( In example I used test website local website address)
    7)Enter your option based on the website design ( In example , I know its PHP , so I used one)
    8)Here is the result ;)


    Hack Websites Using Drupal IMCE mkdir Remote Exploit Easily




    “Drupal IMCE Remote File Upload Vulnerability Mkdir”

    Mkdir IMCE is a vulnerability that allows file uploads remotely (remote file upload) and is in the platform durpal.
    generally you can upload files *. txt on websites, but some sites let you upload the files* . html . If you try to upload a shell try to upload files *. phtml .
    Google Dork:
    inurl: "/ IMCE? dir =" intitle: "File Browser"
    -------------------- -------------------------------------------------- -------------
    Domain : IMCE? dir =. 
    Mkdir IMCE is a vulnerability that allows file uploads remotely (remote file upload) and is in the platform durpal.
    generally you can upload files *. txt on websites, but some sites let you upload the files* . html . If you try to upload a shell try to upload files *. phtml .
    Google Dork:
    inurl: "/ IMCE? dir =" intitle: "File Browser"
    -------------------- -------------------------------------------------- -------------
    Domain : IMCE? dir =.

    STEPS

    [+] The first thing to do is find a vulnerable site for uploading files using Google Dork
    [V]> = http://www.anfaco.es/webs/Museo2.0/imce?dir. 
    [X]> = http://www.civic-forum.org/de/imce?dir.
    ————————————————————————————————————————————————————————–
    [+] After finding the site with an upload, see if you can upload a file *. html or *. phtml
    ———— [Example:] ———— Click on image to enlarge
    __ [+ +] First click on Upload ___ [+ +] then click on Select File ___ [+ +] select our file ___ [+ +] click to open then ___ [+ +] Upload And finally click again to file upload to our website.
    [+] Once we got the file and we can go to him

    Click on image to enlarge
    ————————————————————————————————————————————————————————–
    Logically the file is uploaded in the folder that comes after the exploit. Example:
    If you found a site that is vulnerable: www.ejemplo.com/hola/chau/ IMCE? dir =.
    And in the lindex could see something like this: It means that your file will be uploaded from: www.ejemplo.com / hi / bye / sites / default / files / Here it is again: If you find yourself on page www.ejemplo.com/hola/chau/ IMCE? dir =. and upload a file called wasa.html , your file rise to www.ejemplo.com / hi / bye / sites / default / files / wasa.html But if you rather than upload it in “ / sites / default / files / ”you go and subis in the” languages ”, your file appear in www.ejemplo.com / hi / bye / sites / default / files / languages / wasa.html. , because languages / is inside the folder “ / sites / default / files / ”.

    This can serve to:
    [+] Save Image
    [+] Save information
    [+] Delete Data (Above all the delete option usually appears)
    [+] Upload shell
    [+] Get Data
    Defacements made using this vulnerability:-
    [1]= Domain
    [2] = Domain + Exploit
    ————————————————————–
    http://www.climateinvestmentfunds.org
    …/cifnet/imce?dir=fivestar
    http://www.climateinvestmentfunds.org/cifnet/sites/default/files/fivestar/basic/THC.html
    —————————————————————
    http://cycleandwalking.org/
    …/imce?dir=gallery_assist/1/gallery_assist293
    http://cycleandwalking.org/sites/default/files/gallery_assist/1/gallery_assist293/THC.html
    ————————————————————–
    http://www.la-gerbille.net
    http://www.la-gerbille.net/imce?dir=artykul
    http://www.la-gerbille.net/sites/default/files/artykul/THC.html
    ————————————————————–
    http://www.arcireal.com
    …/imce?dir=imagecache/604
    http://www.arcireal.com/sites/real.sitetest.it/files/imagecache/604/THC.html
    ————————————————————–
    http://www.anfaco.es
    …/webs/Museo2.0/imce?dir=.
    http://www.anfaco.es/webs/Museo2.0/sites/default/files/THC.html
    ————————————————————–
    http://www.travelagentcentral.com
    …/imce?dir=.
    http://www.travelagentcentral.com/files/travelagent/THC.html
    ————————————————————–
    https://stp.abes.fr
    …/imce?dir=.
    https://stp.abes.fr/sites/stp.abes.fr/files/THC.html
    ————————————————————–
    http://priora-wtcc.ru
    …/imce?dir=u3
    http://priora-wtcc.ru/sites/default/files/upload/u3/THC.html
    ————————————————————–
    http://labourlakesandfurness.co.uk
    …/imce?dir=.
    http://labourlakesandfurness.co.uk/sites/labourlakesandfurness.co.uk/files/THC.html