Windows RUN command – Hack it Fast

Accessibility Controls

access.cpl

Add Hardware Wizard

hdwwiz.cpl

Add/Remove Programs

appwiz.cpl

Administrative Tools

control admintools

Automatic Updates

wuaucpl.cpl

Bluetooth Transfer Wizard

fsquirt

Calculator

calc

Certificate Manager

certmgr.msc

Character Map

charmap

Check Disk Utility

chkdsk

Clipboard Viewer

clipbrd

Command Prompt

cmd

Component Services

dcomcnfg

Computer Management

compmgmt.msc

Date and Time Properties

timedate.cpl

DDE Shares

ddeshare

Device Manager

devmgmt.msc

Direct X Control Panel (If Installed)*

directx.cpl

Direct X Troubleshooter

dxdiag

Disk Cleanup Utility

cleanmgr

Disk Defragment

dfrg.msc

Disk Management

diskmgmt.msc

Disk Partition Manager

diskpart

Display Properties

control desktop

Display Properties

desk.cpl

Display Properties (w/Appearance Tab Preselected)

control color

Dr. Watson System Troubleshooting Utility

drwtsn32

Driver Verifier Utility

verifier

Event Viewer

eventvwr.msc

File Signature Verification Tool

sigverif

Findfast

findfast.cpl

Folders Properties

control folders

Fonts

control fonts

Fonts Folder

fonts

Free Cell Card Game

freecell

Game Controllers

joy.cpl

Group Policy Editor (XP Prof)

gpedit.msc

Hearts Card Game

mshearts

Iexpress Wizard

iexpress

Indexing Service

ciadv.msc

Internet Properties

inetcpl.cpl

IP Configuration (Display Connection Configuration)

ipconfig /all

IP Configuration (Display DNS Cache Contents)

ipconfig /displaydns

IP Configuration (Delete DNS Cache Contents)

ipconfig /flushdns

IP Configuration (Release All Connections)

ipconfig /release

IP Configuration (Renew All Connections)

ipconfig /renew

IP Configuration (Refreshes DHCP & Re-Registers DNS)

ipconfig /registerdns

IP Configuration (Display DHCP Class ID)

ipconfig /showclassid

IP Configuration (Modifies DHCP Class ID)

ipconfig /setclassid

Java Control Panel (If Installed)

jpicpl32.cpl

Java Control Panel (If Installed)

javaws

Keyboard Properties

control keyboard

Local Security Settings

secpol.msc

Local Users and Groups

lusrmgr.msc

Logs You Out Of Windows

logoff

Microsoft Chat

winchat

Minesweeper Game

winmine

Mouse Properties

control mouse

Mouse Properties

main.cpl

Network Connections

control netconnections

Network Connections

ncpa.cpl

Network Setup Wizard

netsetup.cpl

Notepad

notepad

Nview Desktop Manager (If Installed)

nvtuicpl.cpl

Object Packager

packager

ODBC Data Source Administrator

odbccp32.cpl

On Screen Keyboard

osk

Opens AC3 Filter (If Installed)

ac3filter.cpl

Password Properties

password.cpl

Performance Monitor

perfmon.msc

Performance Monitor

perfmon

Phone and Modem Options

telephon.cpl

Power Configuration

powercfg.cpl

Printers and Faxes

control printers

Printers Folder

printers

Private Character Editor

eudcedit

Quicktime (If Installed)

QuickTime.cpl

Regional Settings

intl.cpl

Registry Editor

regedit

Registry Editor

regedit32

Remote Desktop

mstsc

Removable Storage

ntmsmgr.msc

Removable Storage Operator Requests

ntmsoprq.msc

Resultant Set of Policy (XP Prof)

rsop.msc

Scanners and Cameras

sticpl.cpl

Scheduled Tasks

control schedtasks

Security Center

wscui.cpl

Services

services.msc

Shared Folders

fsmgmt.msc

Shuts Down Windows

shutdown

Sounds and Audio

mmsys.cpl

Spider Solitare Card Game

spider

SQL Client Configuration

cliconfg

System Configuration Editor

sysedit

System Configuration Utility

msconfig

System File Checker Utility (Scan Immediately)

sfc /scannow

System File Checker Utility (Scan Once At Next Boot)

sfc /scanonce

System File Checker Utility (Scan On Every Boot)

sfc /scanboot

System File Checker Utility (Return to Default Setting)

sfc /revert

System File Checker Utility (Purge File Cache)

sfc /purgecache

Passwork Cracking using HASH Technique

Normally in the Password cracking we have to spend a lot of time. The Better way of smart hacking is “Hash Technique”.During the logon process, the password entered by the user is hashed using the same algorithm and then compared to the hashed passwords stored in the file. A hacker can attempt to gain access to the hashing algorithm stored on the server instead of trying to guess or otherwise identify the password. If the hacker is successful, they can decrypt the passwords stored on the server.Passwords are stored in the Security Accounts Manager (SAM) file on a
Windows system and in a password shadow file on a Linux system.

Understanding the LanManager Hash

Windows 2000 uses NT Lan Manager (NTLM) hashing to secure passwords in transit on the
network. Depending on the password, NTLM hashing can be weak and easy to break. For
example, let’s say that the password is
123456abcdef
. When this password is encrypted with
the NTLM algorithm, it’s first converted to all uppercase:
123456ABCDEF
. The password is
padded with null (blank) characters to make it 14 characters long:
123456ABCDEF__
. Before
the password is encrypted, the 14-character string is split in half:
123456A and BCDEF__.
Each string is individually encrypted, and the results are concatenated:
123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is
6BF11E04AFAB197FF1E9FFDCC75575B15

Hacking Tools

Legion automates the password guessing in NetBIOS sessions. Legion scans multiple
IP address ranges for Windows shares and also offers a manual dictionary attack tool.
NTInfoScan is a security scanner for NT 4.0. This vulnerability scanner produces an HTMLbased
report of security issues found on the target system and other information.
L0phtCrack is a password auditing and recovery package distributed by @stake software,
which is now owned by Symantec. It performs Server Message Block (SMB) packet captures
on the local network segment and captures individual login sessions. L0phtCrack contains
dictionary, brute-force, and hybrid attack capabilities.
John the Ripper is a command-line tool designed to crack both Unix and NT passwords. The
cracked passwords are case insensitive and may not represent the real mixed-case password.
KerbCrack consists of two programs: kerbsniff and kerbcrack. The sniffer listens on the network
and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the
passwords from the capture file using a brute force attack or a dictionary attack.

Cracking Windows 2000 Passwords

The SAM file in Windows contains the usernames and hashed passwords. It’s located in the
Windows\system32\config
directory. The file is locked when the operating system is running
so a hacker can’t attempt to copy the file while the machine is booted to Windows.
One option for copying the SAM file is to boot to an alternate operating system such as
DOS or Linux with a boot CD. Alternately, the file can be copied from the
repair
directory.
If a systems administrator uses the RDISK feature of Windows to back up the system, then a
compressed copy of the SAM file called
SAM._
is created in
C:\windows\repair
. To expand
this file, use the following command at the command prompt:
C:\>expand sam._ sam
After the file is uncompressed, a dictionary, hybrid, or brute-force attack can be run against
the SAM file using a tool like L0phtCrack.

Redirecting the SMB Logon to the Attacker

Another way to discover passwords on a network is to redirect the Server Message Block
(SMB) logon to an attacker’s computer so that the passwords are sent to the hacker. In order
to do this, the hacker must sniff the NTLM responses from the authentication server and trick
the victim into attempting Windows authentication with the attacker’s computer. A common
technique is to send the victim an e-mail message with an embedded hyperlink to a fraudulent

Hacking Tools

Win32CreateLocalAdminUser is a program that creates a new user with the username and
passwordX and adds the user to the local administrator’s group. This action is part of the
Metasploit Project and can be launched with the Metasploit framework on Windows.
Offline NT Password Resetter is a method of resetting the password to the administrator’s
account when the system isn’t booted to Windows. The most common method is to boot to
a Linux boot CD and then access the NTFS partition, which is no longer protected, and change
the password.SMB server. When the hyperlink is clicked, the user unwittingly sends their credentials over the network.

NetBIOS DoS Attacks

A NetBIOS Denial of Service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS
Name Service on a target Windows systems and forces the system to place its name in conflict
so that the name can no longer be used. This essentially blocks the client from participating in the
NetBIOS network and creates a network DoS for that system.

Password-Cracking Countermeasures

The strongest passwords possible should be implemented to protect against password cracking.
Systems should enforce 8–12 character alphanumeric passwords. The length of time the same
password should be used is discussed in the next section.
To protect against cracking of the hashing algorithm for passwords stored on the server,
you must take care to physically isolate and protect the server. The systems administrator can
use the SYSKEY utility in Windows to further protect hashes stored on the server hard disk.
The server logs should also be monitored for brute-force attacks on user accounts.
A systems administrator can implement the following security precautions to decrease the
effectiveness of a brute-force password-cracking attempt:
1.Never leave a default password.
2.Never use a password that can be found in a dictionary.

Hacking Tools

SMBGrind increases the speed of L0phtCrack sessions on sniffer dumps by removing duplication
and providing a way to target specific users without having to edit the dump files manually.
The SMBDie tool crashes computers running Windows 2000/XP/NT by sending specially
crafted SMB requests.NBTdeputy can register a NetBIOS computer name on a network and respond to NetBIOSover TCP/IP (NetBT) name-query requests. It simplifies the use of SMBRelay. The relay can be
referred to by computer name instead of IP address.

Hacking Tools

1.NBName can disable entire LANs and prevent machines from rejoining them.
2. Nodes on a Net-BIOS network infected by the tool think that their names are already in use by other machines.
3.Never use a password related to the host name, domain name, or anything else that can
be found with whois.
4.Never use a password related to your hobbies, pets, relatives, or date of birth.
5.Use a word that has more than 21 characters from a dictionary as a password.
This subject is discussed further in the section “Monitoring Event Viewer Logs.”
In the following sections, we’ll look at two measures you can take to strengthen passwords
and prevent password-cracking.

Password Change Interval

Passwords should expire after a certain amount of time so that users are forced to change
their passwords. If the password interval is set too low, then users will forget their current
passwords; as a result, a systems administrator will have to reset users’ passwords frequently.
On the other hand, if passwords are allowed to be used for too long, then security
may be compromised. The recommended password-change interval is every 30 days. In
addition, it’s recommended that users not be allowed to reuse the last three passwords.
You cannot completely block brute-force password attacks if the hacker
switches the proxy server where the source packet is generated. A systems
administrator can only add security features to decrease the likelihood that
brute-force password attacks will be useful.

Monitoring Event Viewer Logs

Administrators should monitor Event Viewer logs to recognize any intrusion attempts either
before they take place or while they’re occurring. Generally, several failed attempts are logged
in the system logs before a successful intrusion or password attack. The security logs are only
as good as the systems administrators who monitor them.
Tools such as VisualLast aid a network administrator in deciphering and analyzing the
security log files. VisualLast provides greater insight into the NT event logs so the administrator
can assess the activity of the network more accurately and efficiently. The program is
designed to allow network administrators to view and report individual users’ logon and
logoff times; these events may be searched according to time frame, which is invaluable to
security analysts who are looking for intrusion details.
The event log located at
c:\\windows\system32\config\Sec.Event.Evt
contains the trace of an attacker’s brute-force attempts

Fun With GOOGLE

Some Hack Tips:

Finding Directory Listings Most directory listings begin with the phrase Index of, which also shows in the title. An obvious query to find this type of page might be

intitle:index.of,

intitle:index.of “parent directory”

intitle:index.of name size

Most of the web server in bottom contains he word called “server at”. This type of attacks sometimes may work against the server like,

intitle:index.of server.at

intitle:index.of server.at site:annauniv.edu

Inurl and allinurl it is used to find a text in url.

inurl:admin backup

intitle:index.of inurl:admin

Getting some e-mail address to send spam

@gmail.com -www.gmail.com

View some persons information via their resume

“phone * * *”“address *”“e-mail” intitle:”curriculum vitae”

“phone * * *”“address *”“e-mail” intitle:”resume””

Getting some user and Password information

site:tn.gov.in username userid employee.ID “your username is”

site:tn.gov.in password passcode “your password is”

site:annauniv.edu adminadministrator

“admin login”

Getting Microsoft remote RDP files

Filetype:rdp “password”

Getting Webbased VNC remote desktops

“VNC Desktop” inurl:5800

View the Live web cameras

Axis Video Server (CAM) : inurl:indexFrame.shtml Axis

AXIS Video Live Camera: intitle:”Live View / – AXIS”

AXIS Video Live View : intitle:”Live View / – AXIS”

inurl:view/view.sht

AXIS 200 Network Camera: intitle:”The AXIS 200 Home Page”

Canon Network Camera: intitle:liveapplet inurl:LvAppl

Mobotix Network Camera: intext:”MOBOTIX M1” intext:”Open Menu”

Panasonic Network Camera: intitle:”WJ-NT104 Main Page”

Panasonic Network Camera: inurl:”ViewerFrame?Mode=”

Sony Network Camera: SNC-RZ30 HOME

Seyeon FlexWATCH Camera: intitle:flexwatch intext:”Home page ver”

Sony Network Camera: intitle:snc-z20 inurl:home/

webcamXP: “powered by webcamXP” “ProBroadcast”

Canon ImageReady intitle:”remote ui:top page”

Searching for movie and Music

Music: -inurl:htm -inurl:html intitle:”index of” mp3 “Artist Name”

Movies: -inurl:htm -inurl:html -inurl:php intitle:”index of” (mpgmovaviwmv) “Movie Name”

Fedore – Apache2 SSL Enable : Hints

1) check the pkg : openssl and modssl
# cd /etc/pki/tls/cert -> It contains default SSL Certificate Key

# make server.key -> then Enter the password

#make server.crt

# cp server.key /etc/pki/tls/private

# vi /etc/httpd/conf.d/ssl.conf

here change the Parameters
SSL Certificate File & SSL Certificate Key

# service httpd restart

Testing the SSL: https://systimanx.com -> It ask the certificate Key to verify.

How to setup NIS for a Linux network

Introduction

The NIS system works by designating one (or more) machine in the network as a NIS server, and the rest as NIS clients. The server acts as the central repository for all user names, passwords, and groups. The data is replicated from the regular /etc/passwd file to NIS databases that are normally DBM format.

When a client needs to check the password of someone who is trying to log in, it sends the request to the server, and the server comes back with the result (correct password or not).

Setting up the Server

Installing the software

On the server, you need to install a package called ypserv. This can be done by urpmi on Mandrake, or apt-get on Debian.

Setting the NIS Domain Name

After installing the above package, you have to select and set a NIS Domain Name that will be used by both the server and the client. On some systems you can do so by running the domainname command. On others, you can just add it to a configuration file.

On Mandrake, you need to edit the file: /etc/sysconfig/network and add the following line to it:

NISDOMAIN=somename

Where somename is a name that you choose for the NIS Domain Name for your network.

Initializing NIS files

Then you have to convert the existing passwd, group and shadow files that contain user information and password to the NIS DBM format. You can do this using the following command:

/usr/lib/yp/ypinit -m

Updating the NIS files

From now on, every time you add a user, delete a user, you have to update the NIS database. You can do this using the command:

make -C /var/yp

If you want, you can setup a cron job to run every hour or every day and update the database for you automatically if it detects a change.

Starting the NIS server

Now you have to start the NIS server by entering the following command:

/etc/init.d/ypserv start

The server is now ready to handle authentication requests from the clients.

Setting up the Client machines

Installing the software

On the client, you need the yp-tools package, which depends on the ypbind package.

Configuring the software

First you must setup the NIS Domain Name. See above for how this is done.

Then, you must edit the /etc/yp.conf file, and point it to the appropriate server and domain name. Remember that the domain name must be the same that you set for the server. For example, add the following line:

domain somedomain server somehost

Modifying nsswitch.conf

The /etc/nsswitch.conf file lists the order for how lookups for various things are done, such as DNS lookup, user authentication, and the like. In order to make lookups for user authentication faster, change the following section in this file from:

passwd:     files nisplus nis
shadow:     files nisplus nis
group:      files nisplus nis

To the following:

passwd:     nis files nisplus
shadow:     nis files nisplus
group:      nis files nisplus

Deleting the existing users

If this system had local users before you install NIS, then it is a good idea to delete those users from the local machine before proceeding, provided that they have been added to the server. You can use the administration GUI that comes with your distribution to do this, or the userdel command.

Starting the NIS service

Start the NIS client service by entering:

/etc/init.d/ypbind start

Conclusion

Assuming you have done the above steps correctly, you can now handle all client authentication by using NIS.

Booting process in Solaris

Booting process in Solaris can be divided in to different phases for ease of study . First phase starts at the time of switching on the machine and is boot prom level , it displays a identification banner mentioning machine host id serial no , architecture type memory and Ethernet address This is followed by the self test of various systems in the machine.

This process ultimately looks for the default boot device and reads the boot program from the boot block which is located on the 1-15 blocks of boot device. The boot block contains the ufs file system reader which is required by the next boot processes.

The ufs file system reader opens the boot device and loads the secondary boot program from /usr/platform/`uname –i`/ufsboot ( uname –i expands to system architecture type)

The boot program above loads a platform specific kernel along with a generic solaris kernel. The kernel initialize itself and load modules which are required to mount the root partition for continuing the booting process.

The booting process undergoes the following phases afterwards :
1) init phase
2) inittab file
3) rc scripts & Run Level

INIT phase : Init phase is started by the execution of /sbin/init program and starts other processes after reading the /etc/inittab file as per the directives in the /etc/inittab file .
Two most important functions of init are
a) It runs the processes to bring the system to the default run level state ( Run level 3 in Solaris , defined by initdefault parameter in /etc/inittab )
b) It controls the transition between different run levels by executing appropriate rc scripts to start and the stop the processes for that run level.
/etc/inittab file

This file states the default run level and some actions to be performed while the system reaches up to that level. The fields and their explanation are as follows

:S3:3:wait:/sbin/rc3 > /dev/console 2>&1 < /dev/console

S3 denotes a identification if the line
3 is run level
wait is action to be performed
/sbin/rc3 is the command to be run.
So the fields in the inittab are Identification : run level : action : process.The complete line thus means run the command /sbin/rc3 at run level 3 and wait until the rc3 process is complete.The action field can have any of the following keywords:
Initdefault : default run level of the system
Respawn : start and restart the process if it stops.
Powerfail : stop on powerfail
Sysinit : start and wait till console in accessible .
Wait : wait till the process ends before going on to the next line.

RC scripts & Run Levels
Rc scripts performs the following functions :
a) They check and mount the file systems
b) Start and stop the various processes like network , nfs etc
c) Perform some of the house keeping jobs.
System goes in to one of the following run level after booting depending on default run level and the commands issued for changing the run level to some other one.
0 Boot prom level ok> or > prompt in Sun.
1 Administrative run level . Single user mode
2 Multiuser mode with no resource sharing .
3 Multiuser level with nfs resource sharing
4 Not used
5 Shutdown & power off (Sun 4m and 4u architecture )
6 Reboot to default run levelS s Single user mode user logins are disabled.

Broadly speaking the running system can be in any of the folloing state
Single user – Minimum processes running , user logins disabled and root password is required to gain access to the shell .
Multiuser – All system processes are running and user logins are permitted

Run level of a desired state is achieved by a number of scripts executed by the rc program the rc scripts are located in /etc/rc0.d , /etc/rc1.d , /etc/rc2.d , /etc/rc3.d & /etc/rcS.d directories .

All the files of a particular run level are executed in the alphanumeric order .Those files beginning with letter
S starts the processes and those beginning with
K stops the processes.

How To Install Tomcat on Solaris

Requirements:
The Java SDK must be install and configured.

Installation

Obtain Jakarta Tomcat from http://jakarta.apache.org/. Tomcat is all in Java, download the binary version containing the class files. The lastest supported version of Jakarta Tomcat is 4.1.x.
Move or copy the file into the /usr/local directory:
jakarta-tomcat-4.1.31.tar.gz /usr/local
-or-
mv jakarta-tomcat-4.1.31.tar.gz /usr/local
Change user to root user using the su command.
Change directory to the /usr/local where you moved or copied the jakarta-tomcat compressed file to cd /usr/local/.
Use the tar command to untar the file for the compressed file:
-zxvf jakarta-tomcat-4.1.31.tar.gz
(If the tar command does not support gunzip for a .gz file, issue a gunzip command before the tar command.)
gunzip jakarta-tomcat-4.1.31.tar.gz
tar -xvf jakarta-tomcat-4.1.31.tar
For simplicity, create a symbolic link as follows:
-s /usr/local/ jakarta-tomcat-4.1.31 /usr/local/tomcat
Create a JAVA_HOME variable that points to the Java SDK installation and export it:

JAVA_HOME=
export JAVA_HOME

Starting and Stopping the Tomcat Daemon

The Tomcat daemon is started and stopped by running a shell script as follows:

To start the Tomcat daemon, use bash-2.03# /usr/local/tomcat/bin/startup.sh.
To stop the Tomcat daemon, use bash-2.03# /usr/local/tomcat/bin/shutdown.sh.

Troubleshooting Jakarta Tomcat Service

Check the log files in /usr/local/tomcat/logs and see if there is any useful information there.
Check the /var/adm/messages.

Below are some common error messages that can occur:

“ERROR: java.net.BindException: Address already in use:8080”

Ensure that nothing else is listening on port 8080:

netstat -na grep 8080

If no other program is using it then you should not get any results.

“ERROR: The JAVA_HOME environment variable is not defined correctly.
This environment variable is needed to run this program.
NB: JAVA_HOME should point to a JDK not a JRE”

Ensure the JAVA_HOME variable is pointing to the correct location. It must point to the JAVA SDK installation package such as j2sdk1.4.2x.

Use the echo $JAVA_HOME command to check its value.

The result should be /usr/java/j2sdk1.4.2_05.

Verifying and Testing Installation

verify that the daemon is running, type bash-2.03# ps –ef grep tomcat.
result is similar to the following:

/usr/java/j2sdk1.4.2_05/bin/java – … =/usr/local/jakarta-tomcat

a Web browser on the local server and go to the following URL:

http://localhost:8080

This should direct one to the Tomcat main page.