Pages

Securing your Wireless Network

For a long time now, wireless internet has become a much more popular way of surfing the internet or general networks for that matter. They have, essentially, allowed people to leave their homes with their laptop, palm pilot, tablet PC, or whatever it may be, and they are able to surf they are able to have the same possibilities they could have as if they were in their office or at home. In the beginning, wireless networking seemed like a pretty simple and basic idea,. Though, yes, it is a simple concept and is very convenient...it may be fairly convenient to someone who feels like “stealing" your signal. Or better yet, someone stealing your passwords because you figured, "O, I won't need 128-bit encryption, nobody will try to jack this shizzle." Well, my pitiful mistaken friend, the truth is that if you're computer is connected to a network of other computers...you are ultimately vulnerable to a number of dangerous things. Whether it be viruses, trojans, 'hackers', 'crackers', squirrels, or just nosy neighbors, you are VULNERABLE! Now you may be thinking, "Is there anything I can do to help protect myself on my wireless network?" As a matter-a-fact, yes, yes there is. There are several different methods of protecting yourself while you use a wireless LAN (Local Area Network). One of the most powerful being encryption. Whether it be WEP (Wired Equivalent Privacy), using 128-bit encryption, or even changing your SSID (Service Set Identifier). Any form of protection, is essentially keeping you one step closer from having your wireless signal stolen.

Changing your SSID
A Service Set Identifier (SSID) is a security measure that would allow someone to communicate with the 'base station'. It basically allows only someone with the same SSID to communicate with the station. Now figuring out this SSID is easy if it is left on default. All an attacker really has to do is just bruteforce the signal to figure out the password. Because most people will choose a password that is easy to remember, it doesn't always take an attacker too much time to gain access. And because of the fact that data packets are only encrypted, the SSID is broadcasted over in clear text. So basically, changing your SSID is a good idea though your new password should be much harder to guess than something like your name. Be sure to utilize the different characters on your keyboard.

WEP
Wired Equivalent Privacy, this is a widely used system that can be configured between none, 64-bit, and 128-bit. Though this may seem good, WEP has a huge security flaw. The fact that some with some patience can easily crack the WEP key with something like Airsnort is kind of discouraging. All one would have to do is collect millions of packets and eventually the WEP key can be cracked. You see, WEP uses what is called the RC4 algorithm to turn the information into infinite lengths of numbers. (RC4 is a.k.a. a stream cipher). Basically the sender and the receiver have the same key and when the receiver gets the encrypted packets the key is used to decipher it. All a passerby has to do is collect enough initialization vectors which are sent as 24-bit fields in the encrypted package and wait until a collision occurs between two IVs. Once someone get's enough IVs to figure out the plaintext, bam they can decipher the WEP key. To fix some of these flaws you can use WPA (WiFi Protected Access). Even this encryption method fixes the flaws in WEP, it is still semi-susceptible to DoS attacks. Though WEP isn't entirely secure, it is better than nothing and it is easy to activate on your wireless router. Just look in your corresponding manual.

Disable SSID Broadcasting
Most wireless routers will broadcast your SSID so someone 'authorized' to that service can access it via hotspot, etc.. Mainly you will find SSID broadcasts from larger businesses and not very likely to find it in homes. This is because of the fact that the SSID is not encrypted at all. So if someone really wanted to, it wouldn't be hard for them to intercept this message and get them one step closer to getting into your wireless network! So all-in-all, this feature is unnecessary to use in normal home use. This feature, although increasing your security, still allows your SSID to get by. This step is easy and is a good thing to disable on your router.

MAC Address Filtering
A network that does not have MAC address filtering turned on will allow anyone who knows the SSID to logon to the network. However, if one was to turn this filter on then when someone tries to get authenticated on the network they must first have their MAC address compared to the ones on the administrator's list. His/her list would consist of every MAC address of every client on the network. This feature is a convenient and easy way to increase your WLAN security risks. Though it is possible for an attacker to spoof a MAC address and gain access that way, MAC address filtering is a good feature to having running on any wireless network big or small.

Well...this essentially concludes this version of "Securing your Wireless Network" and this paper, by no means, completely secures your WLAN from attackers. Like I said in the beginning of the article, you are ultimately ALWAYS vulnerable. No matter how secure you think you are, you can always take one more step to making yourself even more secure. One must continue to stay up-to-date and secure on their WLAN and make all the proper updates and what have you in order to keep it even somewhat secure. Remember, you're never secure as you think you are.

www.iss.net
www.about.com
www.google.com!!!!
www.keyitsolutions.com

Sending Anonymous Emails

Sometimes it is necessary to send an email anonymously.

There are several web based utilities that allow this, but each one registers the ip info in the headers which allows tracing. They also will not allow you to use a proxy and utilize their service. This is for security reasons.

My definition of anonymous includes the email addresses appearing as if they have been sent from whatever address you specify as well as no accurate record of your IP in the headers of the mail that could be traced back to you.

The method that follows supports my definition of anonymous.

Amazingly, all you need to accomplish this is telnet and a SMTP server. Allow me to break it down.

Telnet is a software application that connects one machine to another, allowing you to log on to that other machine as a user.

If you don't have telnet, you can easily download it for free from the web - do a search on "telnet" or "download telnet” in any search engine.

...and just for the sake of being thorough...

What is SMTP?
SMTP stands for "Simple Mail Transfer Protocol"
Basically just a protocol for sending e-mail.

Where do you get a SMTP server?
Heres a few links, but as always be aware that these sites may not be here forever or their content may change. Searching for "SMTP servers" or "SMTP server list" should produce effective results.

http://www.gr0w.com/help/email_help_smtp_servers.htm
http://www.uic.edu/depts/accc/ecomm/smtpmove/isps.html
http://www.thebestfree.net/free/freesmtp.htm
http://www.registerdirect.co.nz/help/smtp_servers.html
http://www.bu.edu/pcsc/email/remote/smtplist.html

Once you've selected a server, open the command prompt, and type:
telnet xxxxxx.com 25

(Obviously replace the x's with the SMTP server you've selected) now type the following:

HELO targetsmailserver.com
MAIL FROM: whoever@whatever.com
RCPT TO: target@address.com
DATA
from: whoever@whatever.com
to: target@address.com
subject: whatever
received: xxx.xxx.xxx.xxx
x-header: xxx.xxx.xxx.xxx
The body of the message goes here
.

*Note 1: Remember to end with "." on a line by itself as directed.

*Note 2: Adding x-header and received allows you to alter the IP information found in the headers of the mail, making it untracable and totally anonymous**

*Note 3: There are ISPs that have port 25 (SMTP) blocked. Be sure your settings and ISP allow connections to port 25. If all else fails, get the SMTP sever address from your ISP

How to Exploit Compact Flash media on Enhanced CD

With the entitled information I've supplied, I ask that you not use this information directing to piracy. I wrote this information for you to store the extra content compacted on Digital Audio Disks, for personal use, and for backup reasons. Please respect the industry, and their content!

Hey it's me again; to tell you howto Rip out Enhanced CD Extras which are bundled inside of a single flash object on a Digital Audio Disk!

You maybe asking me, why do this? Well that's a good question, and it's simple to imply to. Did you know that Flash based extras on enhanced CDs aren't very widespread for others to take a look at? Or what about brothers on your network who are to poor to purchase these disks to even get a chance to look at behind the scenes, special footage, and bonus features? Or what about the people who can't access the Album itself, and have no resource to even look at it, and it maybe their favorite band? Or what about future CD Failure, and it snaps in half and then you permenantly lose the data in it's entrity? That would suck! - But I have good news! I'm here to teach you how it can be done, with just a few simple steps.

NOTE: enhanced CD's will display 2 signitures notifying you of that it's got more content on it, than just the Digital media tracks.these signitures are a Plus symbol, and also a Melody symbol.

What you need:

1: WinRAR (You can download the evaluation version @ www.rarlabs.com)
2: The CD Which contains the Flash object including the compacted features and extras
3: A CD-Rom Drive

Ok, Once winRAR has been downloaded and installed, please suceed to the following...

Alright so you've know got that Disk with the compact extras in a flash object, so You'll want to insert that into your CD Rom drive. Now let your computer see the disk. Now usually the Flash will deploy, but on some systems they don't catch the autorun.ini file. anyways, if the flash does deploy exit it. Now, goto Start>My Computer, Now here's where you'll see all of your drives and such. Locate the CD-Rom drive which your CD is in. now RIGHT CLICK on the drive and click winRARS feature "ADD TO ARCHIVE..." Now it'll bring you to a place to save it as, then a prompt will desplay from winRAR, Click browse, then designate the file to be saved to desktop. Then by default it'll be saved as "Archive" But you can rename it to whatever you want. Then once all is done, click Ok on the winRAR Console. Boom! Data has been successfully ripped, and all the movies, special features are yours to share with your friends who mosh to your music.

Essential Encryption Part I - PGP

-=[ About It ]=-

PGP is a popular public/private key encryption system used primarily in email. Its long key length and brilliant architecture make it perfect for hiding data you don't want read by third parties, and for establishing a secure mode of communication between two or more people.

PGP has a long and troubled history, which you can read about on its Wikipedia article [1]. Suffice it to say that it was the first consumer encryption program, and helped break down the absurd US encryption exportation laws in the mid-90s.

-=[ Getting It ]=-

The most popular implementation of PGP these days is GPG, the GNU Privacy Guard. It's free, so you can get it from their website [2]. It runs on every major platform, and also bsd :P I'm going to be covering Linux exclusively, as that's all I know, but just about everything is the same regardless of your OS.

It should either come with your distro or be available in the package repository. It's in Debian and Ubuntu apt, Portage, and comes with Slackware.

-=[Setting It Up ]=-

First thing after installing, you need to generate a public/private keypair:

$ gpg --gen-key

This should ask you some questions and then deposit a key in your private keystore (usually ~/.gpg/secring.gpg on nix). Make sure you generated a key correctly by listing your keys like this:

$ gpg --list-keys

You need to generate a revocation certificate now, in case your key is compromised or you (god forbid) lose it, or someone steals your usb key which you unwisely had your private key stored on (*cough**cough*) Really. You need to do this:

$ gpg --gen-revoke y3rk3y1d --output revocation-cert.asc

Replace 'y3rk3y1d' with your key ID, visible in --list-keys as follows:

pub 1024D/C1F5E7CE 2004-12-14
uid Someone
sub 1024g/07AACA92 2004-12-14

In this case, 'C1F5E7CE' is your public key ID. You probably want to export your ascii-armored public key so people can decrypt your messages and files, and also so you can email it to all your geek friends to show off:

$ gpg --armor --output PublicKey.asc --export y3rk3y1d

You should probably send it to a keyserver so anyone in the world can download it, should they need it. There is really no reason at all to not do this:

$ gpg --keyserver pgp.mit.edu --send-key y3rk3y1d

-=[ Using PGP for Local Encryption ]=-
-==[ Encryption ]==-

PGP uses public/private key cryptography, so things are usually encrypted in such a way that they can only be decrypted with a specific key. If you want to encrypt something so that only you can read it, simply encrypt it to yourself:

$ gpg --encrypt --recipient 'Kapitan' --output test.gpg test.txt

Of course replace 'Kapitan' with your name or your key ID. To encrypt a file to someone else, you first need to import their public key:

To download it from the MIT keyserver:
$ gpg --keyserver pgp.mit.edu --search-keys 'Their Name'

To import it from a file:
$ gpg --import theirkey.asc

Then encrypt it like before:

$ gpg --encrypt --recipient 'Their Name' --ouput test.gpg test.txt

You should end up with a file full of binary gibberish. To sign a file, use this command:

$ gpg --sign --clearsign test.txt

Signing is useful in that, theoretically, only the owner or the private key it is signed with can generate a valid signature for any one file, and changing that file in any way invalidates the signature.

-==[ Decryption ]==-

To decrypt a message, import their public key, and then use the --decrypt option:

$ gpg --decrypt ./test.gpg

If your friend encrypted their file correctly, you should now have the decrypted message in your working directory. To verify a signature, use the --verify option of gpg:

$ gpg --verify ./test.asc

It will either report a good signature or a bad signature. If it's a bad one, contact your friend over a secure medium.

-=[ Setting up your Email Client ]=-

Using PGP for local encryption is fine, but it was designed with the brilliant public/private key system it uses so that people could verify their identity one Usenet. Today, its most widespread use is in email signing and encryption.

-==[ mutt ]==-

One of the major reasons I use mutt is because of the excellent pgp support built into it. To get pgp to work on mutt, add this to your .muttrc:

set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"
set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"
set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor
--detach-sign --textmode %?a?-u %a? %f"
set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor
--textmode --clearsign %?a?-u %a? %f"
set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output -
--encrypt --textmode --armor --always-trust --encrypt-to 0xC1F5E7CE -- -r %r -- %f"
set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose
--textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to
0xC1F5E7CE -- -r %r -- %f"
set pgp_import_command="gpg --no-verbose --import -v %f"
set pgp_export_command="gpg --no-verbose --export --armor %r"
set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"
set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r"
set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r"
set pgp_autosign=yes
set pgp_sign_as=0xC1F5E7CE
set pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_good_sign="^gpg: Good signature from"

Be sure to replace all the '0xC1F5E7CE's with your key identifier. mutt should now be able to encrypt, sign, or encrypt and sign any message that you send, with 'sign' being the default.

-==[ Thunderbird ]==-

To set Mozilla Thunderbird up to sign your messages, you'll have to use the Enigmail extention. Download it from their website [5], and then use the extention manager in Thunderbird to install it. The wizard is very straightforward, and should recognize all the keys we have already generated with the gpg command line client. Set it to sign your mail by default, and you should be ready to go.

Essential Encryption Part II - Linux Loopback

-=[ About It ]=-
The most popular way to encrypt large amounts of data in Linux is to create an encrypted loopback device. These are very versitile, and can cypher anything from an mp3 file to a raid array. They're also very simple to use, once you know what you're doing.

-=[ How To Use Them ]=-
To use encrypted loopback devices, you need to have the correct options enabled in your kernel. Make sure you have the CONFIG_BLK_DEV_LOOP option enabled (in 'Device Drivers -> Block Devices' in menuconfig), and a cryptographic module installed, such as CONFIG_CRYPTO_AES_586 (In the Cryptographic API section). You'll also need the 'losetup' utility, but that should come with your distro.

Next, you need to have something to encrypt data into, called the cypher container. I'm going to use a 5MB file of random data:

$ dd if=/dev/urandom of=/tmp/vault bs=1M count=5

Use losetup to give your file a device node in '/dev'. Know that if you have an older version of losetup, I've found that the syntax for running the node through the cryptographic API may be different:

# losetup -e aes-128 /dev/loop0 /tmp/vault

Note that you can feed a drive device node to losetup instead of a file as a container to encrypt to an entire drive. losetup should then ask you for a password, and connect the device node. Next, you'll need a filesystem. Since this container is so small, not much else will fit, so we'll use ext2:

# mkfs.ext2 /dev/loop0

Then mount it:
# mkdir /mnt/vault

This creates a mountpoint at /mnt/vault

# mount /dev/loop0 /mnt/vault

This mounts the container. Anything you drop in /mnt/vault will be encrypted with 128-bit AES. Remember to umount it before you turn off your computer.

Utilizing search engines

So much information is on the web, its mind boggling. Thankfully we have search engines to sift through them and catagorize them for us. Unfortunatly, there is still so much info that even with these search engines, its often a painstakingly slow process (something comparable to death for a hacker) to find exactly what you're looking for.

Lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at http://babelfish.altavista.com and http://world.altavista.com to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"
A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR / Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this: "The following words are very common and were not included in your search:" Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included."
The answer is YES.
yes yes yes.
Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it/w your knowledge of other protocol.

Example: Want free music? Free games? Free software? Free movies? God bless FTP!
Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it.
Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you never heard them before, they're a Brazilian heavy metal band that kicks ass. I started with this:
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)

Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings or directory names. Simply using "intitle:index of" or a varient works as well.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

I hope you enjoyed this tutorial, and I saw that recently a book and an article was written on the very same topic. I havn't read them as of yet, but check em out, and get back to me if you feel I missed something important and should include anything else.

intitle:"index of" "google hacks" ebook
"intitle:index of" "google" hacks pdf

you get the idea.

Utilizing search engines in better way

So much information is on the web, its mind boggling. Thankfully we have search engines to sift through them and catagorize them for us. Unfortunatly, there is still so much info that even with these search engines, its often a painstakingly slow process (something comparable to death for a hacker) to find exactly what you're looking for.

Lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at http://babelfish.altavista.com and http://world.altavista.com to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"
A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR / Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this: "The following words are very common and were not included in your search:" Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included."
The answer is YES.
yes yes yes.
Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it/w your knowledge of other protocol.

Example: Want free music? Free games? Free software? Free movies? God bless FTP!
Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it.
Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you never heard them before, they're a Brazilian heavy metal band that kicks ass. I started with this:
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)

Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings or directory names. Simply using "intitle:index of" or a varient works as well.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

I hope you enjoyed this tutorial, and I saw that recently a book and an article was written on the very same topic. I havn't read them as of yet, but check em out, and get back to me if you feel I missed something important and should include anything else.

intitle:"index of" "google hacks" ebook
"intitle:index of" "google" hacks pdf

Defending your ID

How many times have you heard someone ask "how do I hack yahoo or hotmail?"
It’s become a type of joke among frequent visitors of hacker related chat rooms and websites. This article is being written for the sole purpose of defending yourself against such actions.

Lets start by going over a few terms I use so there is no confusion. If you think this is silly, you’d be surprised at the # of emails I get asking what is a...
I figure I’ll just spell it out.
UN = username
PW = password
SW = software
HW = hardware
DL = download
KL = keylogger
RAT = remote administration / access tool.

Dispelling a few rumors:
1. You can use a bruteforcer program to get a Yahoo or Hotmail password.
This simply is not the case. Both Yahoo and Hotmail have security in place specifically designed to stop this kind of attack. Yahoo requires that you enter a random code into an additional field provided as well as the UN and PW after 16 failed login attempts. Failure to enter the correct code will result in a failure to log into the account, even if the UN and PW are correct. Hotmail has a different security feature which sends the user to a ‘lockout’ page, which has NO fields to enter the UN or PW after just one failed attempt. These two methods are effective for eliminating bruteforcing to exploit their service.

2. There are programs that hack Yahoo and Hotmail.
Once again, that’s not entirely true. While there are programs that claim to be able to hack hotmail and yahoo, all they really seem to be are specialized keyloggers and trojans that send the info from a targets computer. The question is then, if you can get a target to download / run a program, then why would you only steal their email account information? Why not simply take control of the whole thing? A lot of people that use these programs are not well versed enough to know how to cover their tracks and can easily be caught when using such programs. Many of these programs are also specially designed to steal information from the computer that tries to run it, thus exploiting the would-be attacker.

3. You can email an automated pw recovery service and trick it to gain the pw of the account you choose.
Ever see something that goes something like this?:
Note: the following is bullshit. Ive added this note since no one seems to read this tutorial and skim through it, then email me complaining that it doesnt work. thus...
THE FOLLOWING IS AN EXAMPLE OF A SCAM.

: : : (([[OMG!11! ]])) : : : (1) send an E-mail to passwordrecoverybot@yahoo.com (2) In the subject box type the screen name of the person whose password you wish to steal (3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa (4) Send the e-mail with priority set to "high" (red in some mail programs) (5) Wait 2-3 minutes and check your mail (6) Read the message. Where YOUR password was typed before, NOW, the password of the screen name in the code string is there!!!
Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords. The aol backdoor account is a bot that reads your authentification from the message body and identifing you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recognizes you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.

Well, there’s my example of a scam designed to steal your information...simply by tricking you into sending your password to the attackers email (passwordrecoverybot@yahoo.com in this example) and the specific things to type and all that bullshit is just that... bullshit. Specificlly, bullshit made to look like it actually does something to the standard pc user and/or layperson (aka target)... but it doesnt.
This may also explain some of the people saying they were hacked. Obviously, don’t send your password to anyone for any reason, ever.

What it all comes down to is this:
If you're looking to get an email ID, you hack the targets PC, not hotmail or yahoo directly. If someone were to actually crack into the hotmail or yahoo servers, they would be logged, traced, and the security flaw patched I would say within 15-50 minutes... maybe 24-48 hours the latest.
These types of companies have a multi million or even billion dollar backing, a literal army of first class techs and security teams, and apply the newest and most sophisticated SW, HW and intrusion detection/protection/management methods the industry has to offer.
Now on the other side of the story, you have an end user who probably hasn’t even installed a single update on their machine, has all the default settings enabled, doesn’t know an .exe file from a .com, uses an un-patched version of IE or AOL, doesn’t know how to enable their firewall or configure it if it is enabled, etc.

In other words, why attack a well-trained, well-equip army guarding a document when you can attack a less able individual to get it?

These are some of the more common methods for "hacking yahoo PWs":

1. fake login page
2. email phishing campaign
3. RAT
4. keyloggers
5. cookie grabber
6. spyware
7. fake programs (rat/kl)
8. physical access to cached PWs
9. Social engineering

At this point I’d like to go over them briefly. You may be expecting me to do a step by step on how to use these methods to exploit someone, but this is not the case in this particular article. See www.informationleak.com for exploitation methods.

1. Fake login page:
This method is generally used on public terminals, and can be quite effective for gathering large numbers of Ids. The way it works is documented in another tutorial I have written, but basically its just a matter of someone making a replication of yahoo or hotmails site, by copying and making minor modifications to their source code and setting their page as the home page. They then set the input fields to send the information to an email address or database. I personally believe the level of success using this method depends on the system, and the amount of creativity involved in making the page look as authentic as possible. To avoid falling victim to this, type the address of the page you are logging into directly into the browser, including the prefix "http://"

2. Email phishing campaign:
Phishing has unfortunately become a household word, though some people associate it with SPAM. Phishing is really just spamming and using deception and trickery to gain information to exploit a service, system, etc. Phishers have posed as banks, email services, law enforcement agents, online contests, teachers, automated services, Nigerians in need of a way to transfer millions in cash, software firms, friends, acquaintances, even the targets themselves. Anyone and anything that you can impersonate, expect a phisher to try. Their emails generally come with an attachment that contains a program like a trojan, RAT or keylogger or virus that either exploits your system searches for PWs and banking info and sends it to the phisher or simply infects or destroys your PC. Some of these scams can be EXTREMELY well done, and almost indistinguishable from a real email (provided by for example, a company they are impersonating). It’s always best to contact the company by phone or mail to confirm anything suspicious.

3. RATs:
Remote administration tools or remote access tools. These programs allow an attacker varying degrees of control over the PC that has the SW installed. The level of access depends on the RAT. Control over the PC allows installation of other malicious software that can be used to track keystrokes, web sites visited, programs accessed, and even take screenshots of the infected computer and send them to an email address covertly. It is also capable of allowing the attacker to make any changes to the system they would like. Obviously, this isn’t good.
Most antivirus and spybot removal SW will detect and remove these types of programs. It’s also a good idea to not only use, but check the logs, settings, permissions and outgoing/incoming traffic of your firewall to prevent this type of thing from happening to you.

4. Keyloggers:
Keyloggers can track keystrokes, web sites visited, programs accessed, and even take screenshots of the infected computer and send them to an email address covertly. Again, most antivirus and spybot removal SW will detect these. If you fear your pc has been comprimised, you can take steps to ensure your PW isnt logged until you can scan for and remove it. Open a word document and write out a list of the UN’s you’ll be using and the a list of the PWs. then cut and paste them accordingly into the fields if you fear a KL or other monitoring device may be in use so that while the SW will pick up the keystrokes, it will not know what PWs match the UNs. If you'd like to take that a step farther, write several random letters and numbers around your PW in the word file and cut out the extra letters until you come out with the UN or PW desired.

5. Cookie grabber:
This method depends on whether or not the target has opted to save or have the computer remember their PW. The information is saved in the cookies and can be used to exploit some mail services. The information can be gained through a website or email containing a script that ‘grabs’ the information. Deleting or not allowing the use of cookies can stop this method.

6. Spyware:
Spyware / adware are small programs installed and executed on a target PC for use as tracking tools generally for advertising purposes. These programs generally rely on web browser vulnerabilities to install and run on your system. However, as previously mentioned, any program that is installed on your PC without your knowledge isn’t good. Some attackers have taken this technology and created spybots particularly designed to send sensitive information about your system to a predetermined mail address or database. This can generally be avoided by updating and patching your browser as often as possible. I personally suggest using Mozilla Firefox as a browser, as it is not as vulnerable as internet explorer and operates in much the same way, and has a similar interface. There are literally THOUSANDS of anti spyware programs available, two that I find work exceptionlly, especially in conjuction with each other is Spybot Search and Destroy and Adaware SE personal. Before you get a spyware removal program, research it and see what the general concensus is as some programs touted as spyware removers actually install spyware on your system.

7. Fake programs:
I mentioned this earlier in this article in the dispelling rumors section. There are programs like booters, hotmail and yahoo hackers, point and click trojans, keyloggers, audio and video SW, etc that contain RATs and other malicious programs. The obvious way to minimize the chances of becoming a victim of this method of exploitation is not to DL ‘shady’ programs (ie. programs that do illegal things). The general rule is "If something sounds too good to be true, it probably is." When DLing programs, make sure that you have researched them, and the company/website it came from. Keep a record of this as well, and check your system often for signs of exploitation.

8. Physical access to cached PWs:
This is in my opinion, the easiest way to snag a PW. Having access to a system where the PW has been "saved" or "remembered" means that the PW is located somewhere on the PC. Where depends on the SW, so the location varies depending on what you’re looking for. There is also a plethora of legitimate programs designed to find the cached PWs of various programs, and present them, even if they are encrypted. Best way to avoid this is to not cache or allow the PC to remember your PWs. You don’t give your PW to anyone, why give it to a machine that can’t decide on its own whether or not to give it out?

9. Social engineering:
This can, and often is combined with any of the above methods. Social engineering is really just exploiting people instead of SW. Social engineers use a variety of ways to trick someone into giving them the information they desire. These cons can be amazingly ingenious, professional and complex, or they can be ridiculously crude and almost laughable. Again, if you have doubts about the legitamacy of something or someone or something just seems strange don’t do it. Don’t give out sensitive information, period. You can always check up on a story or website later.

General Rules:
Think.
Update and scan often.
Look for potential problems, dont wait for them to find you.
Use case sensitive alphanumeric PWs at least 8 characters long and use symbols like @, #, $, _, -, ^, and even ascii characters like "£", etc whenever able.
Dont use the same password for everything.

Be aware that these methods are simply the most common. These are not the only way for someone to get your PW. Unfortunatly, if someone wants something bad enough, they’re probably going to get it. At least by familiarizing yourself with these methods, you can recognize scams and potential attempts to steal your information and avoid it.

It is my hope that this article helps stop you from becoming a victim, and screws a slew of lamers and script kiddies into looking for another hobby.

How to remove file protection from iTunes songs

Ok, if this tutorial is not complete it is because I took a break from my headache while you are reading this.

Disclaimer: I am not responsible for any action that you do using this information or whatver information you come across using this tutorial. This tutorial is for informational purposes only and to help transferr songs you already own to another computer.

Okay there are lots of ways to remove file protection using programs and what not, but what if you do not feel like downloading anything, or just don't have the priveldges on the computer to do so? What are you to do with all of those files that you can't play on any other computer that you paid for. What in the world are you supposed to do?

Basically it is the same meathodas using your iPod as a storage device, here is a quick tutorial on that.
1. Have your iPod disconnected.
2. Make a file with whatever program file you want to put on your iPod.
3. Now it is time for speed because approximately 10 seconds after you conenct your iPod it dissapears from the "my computer" section if it is innactive (if you are placing songs onto it, you can see it once again). So have my computer opened and the directory of whatever file you want to place on it. Connect your iPod and instantly place whatever file you want to be placed on it straight onto it (it will be a drive f:\).
4. And voila, you have now placed a file onto you iPod, now go to your other computer, and use the same technique, open up My computer, connect your iPod, and now drag the file outa there onto your new computer.

Ok, now that we understand how to use the iPod as a storage device we will get into how to use this feature to our andvantage to get rid of the file protection. I still do not understand how or why the shit works, but it does. Basically the main reason I even found out about this was because those sons-of-a-bitches at Macantosh made it so that if you place songs on your iPod through the iTunes software that you cannot transferr them to your other computers, this feature is useful for protecting songs from bieng brought to another computer illegally but as a saying goes "locks are for honest people because they will try the door and leave. But for unhonest people who we made the locks to keep them out, they can get past them". But the occasion comes where this is not the case and that is the reason for which I wrote this tutorial. Also because of what was written above, it is basically about 3 steps to take the file protection off.
1. Make a new folder on your desktop with whatever songs you want to take the file protection off of.
2. Open up my computer.
3. Connect your iPod and place the folder with all of your songs onto your iPod (make sure you will have enough space on your iPod to do so).
4. Disconnect your iPod and bring it to your other computer.
5. Open up My computer on your other computer.
6. Connect your iPod to the other computer and place the file onto the computer.
7. Voila for some odd reason the file is unprotected!

Now, I have only done this once, and only with a computer that did not have iTunes installed on it. I have not tried this to place the files on and then back onto your computer to take the protection off because it might not work, but I do now that you can just place the files onto another computer, delete the file off of your iPod, and then place the unprotected one back onto your desktop and vuala. I do not guarantee any results if the other computer has iTunes. And I would also appreciate if people could post their success and unsuccessful attempts at this and to post what version of the iPod they used, what version of iTunes, and if the other computer had iTunes installed or did not or had it installed in the past but then deleted.

Obfuscation by Compression and Binding

Table of Context
1: Disclaimer
2: Introduction
3: What you need
4: How to
5: End notes

NOTE: This tutorial may seem a little "Childesh" but when I wrote this, like right now, august 5th, 2006, at 7:34 PM, I had a hangover, and didn't feel to compelled to do it in a scientific, or professional/serious matter. This is just for the heads up. xyr0x

1: Disclaimer:
I hold zero responsibility for any illegal, Blah, I can't even right a disclaimer anymore. You know that this tutorial is bad news, and if you get caught breaking any copyright violations, or unfair treaties, that you'll go meet Mr. Bubba in big pen down town and have a new lifestyle, being gay, having a boyfriend, being a mans bitch, and all, so don't get caught, and I'm not responsible; This tutorial was made for education purposes only; Ok? Great!

2: Introduction:
I bet you get a prompt every so often about some runtime component being missing, or what not, for example, you go and download a "Booter" from some lame anti-yahoo website and it says, for example... "Kewlbuttons.OCX" is not registered, or cannot be found, and so therefor it makes the "Booter" not work, am I right? Good. Well, here this tutorial isn't about Booting kids off of yahoo, but about how to conserve yourself the risk of being "suspected" of compromising another machine using tricky tactics and well, the creative minded methods that we hackers tend to run upon. We're going to be using for example an "Detectable" virus. Or, one that you made. What that relies on certain components, such as Winsck32.ocx for example. Alot of people run into issues with this runtime, becuase it often doesn't register with 3rd party applications for "Security issues" besides this, since it has issues we're going to do something about it for our virus/trojan or whatever you want to do. Also, on the flip side of this rant, it may make your .EXE/.PIF/.SCR/.COM file a little bigger, there's nothing bad about that. I get kids saying to me, why's your file only 32kb's? LOL I'm not gonna download that from you, xyr0x. Well, why should they? They have every right to be "Suspicious" So enforce it with methods that are kind of fruity, and if you're on dialup? Don't complain about a file transfer taking to long. Get wireless, and leech off of a WIFI. That's what I've been doing for that last 2 months, and I've gotta say, that the Speed is pretty decent. Better than your run around, buy DSL for $26,99 a month rip-off.

3: What you need:
So in order to "Include" our runtimes into our project we're going to need a few things, and you're going to need to be aware of what OS you're using. This doesn't work so well with Linux, so use windows. I love windows, cause I'm to lazy to relax and learn the schematics and commands that linux offers for the moments that lay between me.

You'll need
1: A Binder, use => IEXPRESS. (It used to be some "SECRET" utility in the WinNT Platform, but how was it secret again? If you got Windows, just goto System32/ and look, there's nothing secret in there. It's already there, isn't it?)

For Non NT users Download: http://rapidshare.de/files/27498900/IEXPRESS.zip.html (I uploaded IEXPRESS.zip as I authored this tutorial at the prior link)

2: A Packer. A Good packer is, UPX, but it's often detected as a "Bloodhound" if there's something phishy with the payload. But there are others. But we'll focus on UPX in this article.

Download: http://upx.sourceforge.net/

3: You're components/Runtimes. Now, it's easy to know what components are needed "IF INCASE" you don't want to have any goofs upon execution with your victim. Now if you don't you can review the procedures within a Disassembler. It'll tell you what Runtimes are being used, for example, MSVB60.DLL --- ok, that's all for what you need, and what to be aware of.

If you're missing runtimes yourself, you can goto www.dll-files.com and get them.

4: How to do it:
First open IEXPRESS, by doing the following:
Start | Run | IEXPRESS
Click, Ok, or enter.
Now, you know what runtimes are needed, so we're going to do the following steps with the IEXPRESS utility...
1: Create new Self Extraction directive file, click Next
2: Extract files and run an installation command, click Next
3: Name your package, click Next
4: No Prompt, click Next
5: Do not display a license, click Next
6: Now, here is where you'll add ALL the runtimes, and that special application(s) once done, click next.
7: Install program > Method -> Your .EXE or Binary file. (The runtimes, just bind within don't worry) If you want to make sure it doesn't screwup, or you have a secondary applications, you can configure the "Post install command" with your other file. Never with the same, it'll screw up up the process... and if it's a trojan, you don't want this.
8: show windows: Default's ok, but hidden is a better idea, it's more stealthy, y'know?
9: Finished message: No, messages.
10: package name and options: Select hide file extracting progress animation from user, and keep the store files, unchecked. Click next, (Also if you want to name the path, do C:\ ) Click Next.
11: Config Restart: No restart, is best. But if it requires Registry modifications, Restart is needed.
12: Don't save... Click, Next
13: Create package, Click next
14: A Black DOS Screen will popup, showing you the progress, once it's done binding, it'll go away, click finish on IEXPRESS and it'll close.

DAAAMN That was exhuasting. You're lucky, I wouldn't never thought that I could've done that. What a mind that was.

Ok, on with "COMPRESSION" Yeah, making the file size a bit smaller, but not to small.

Once you've installed UPX, it'll be in Dir, C:\UPX\ and the UPX.EXE is, C:\UPX\upx.exe Remember this, or if it's not there right now do it. (in C:\upx\upx.exe) It'll make things a whole lot easier.

So we're going to compress for example. a virus in our C:\ directory, and it's called... xyr0x.pif yeah, pretty cool huh? A virus as my handle. My virus is located at C:\xyr0x.pif - now read the following:
Start | Run | CMD
Once the command prompts open, we're going to type in the below format:
Call C:\xyr0x pif C:\upx\upx.exe -9

Now, -9 is "BETTER COMPRESSION" with upx's latest release. But you can do other compression formats if you feel the need. Now what we did was we called our Archived IEXPRESS crap, and told UPX to compress it, in "Better compression format" thus makes it "un-extractable" which I'll elaborate for you below.

So, you maybe questioning yourself, What the hell? I don't understand. Well, duh. Let me re-elaborate what I did, and what I did, to make you think. Cause It's not easy being a Hacker. We collaborated our Runtimes which would run with our Virus/Malware/Worm/Trojan or whatever it was that you are wanting to abuse. We then took the runtimes which are needed incase of malfunctioning issues on the victims behalf, becuase one wasn't declared as being Registered. We made our Binded file, xyr0x.pif (We can't make it .PIF, in IEXPRESS) So use your head. We then took it to our UPX to compress the archive, and thus doing this means that it cannot be "EXTRACTED" it runs as a WHOLE, and therefor by doing this, it obfuscates the virus and confuses and therefor bypasses the A/V hueristics. You get the idea.

5: End Notes:
I wrote this becuase well, some folks on informationleak.net inspired me to define how something that seem's so hard, can be done so easy, if thought of properly. Security, insecurity, it's never what it seem's so take care of yourself, and I'll see you behind the bluescreen. Anyways, I'm going to finish with a few hello's and what's up for some of my friends and then give you some methods on how you can reach me, if you don't know any of them already.

Greets to sintakz, fab, ouwop, 3D, Josh Tha Ninja, infektid, 7sean, murder mouse, halla, infoleak, ignitus, aelphaeis_mangarae, alchemist, DanielG, Flowby, MeGa-ByTe, ZOD, SMiRL.com, trikk, dv0id, mbeers.geo, and to the rest of you, hi, and hello. I forgot you

Bypassing webfilters

There are several occasions where you will be at a public terminal, and require access to a particular website that is blocked for some reason or another. How to bypass these restrictions is a very common question, and will be covered here.

Lets pretend for a moment that the Internet is made up of 26 websites, A-Z. The web filter blocks your browser from accessing sites X-Z, but not sites A-W. Simply make the browser think you’re going to A-W. There are a variety of ways to do this:

Proxy Servers:
This is a list of http proxies. These sites may not be up forever, so you may need to search for “free http proxy” or “public proxy servers” or other similar terms.

Proxy server lists:
http://www.aliveproxy.com
http://www.multiproxy.org
http://www.publicproxyservers.com/index.html
http://www.tehbox.com/proxy
http://www.proxz.com
http://www.proxy4free.com/index.html
http://free-proxies.com

Now that you have a list of proxies, you would open IE (internet explorer) and click on Tools > Internet Options > Connections > LAN Settings > Advanced. Enter the address and port of one of the servers from the list in the proper area (http) and make sure the “use a proxy server for your LAN” option is selected. Remember to replace the proxy and port at your terminal to the original when you're done.

*Note: Some proxies listed may not work, and this method may decrease your surfing speed. By trying various entries, you’ll find one that works, or works faster.

The infamous translation trick:
Go to a web page translation site and use their services to “translate a page to English” thus accessing the blocked page through their trusted site.
You’ll notice that several translation sites are blocked, but by using less popular ones, this method can still be effective. Here is a list of some translation services. Again, these sites may not be up forever, so you may need to search for them.
http://babelfish.altavista.com
http://world.altavista.com
http://translation.langenberg.com
http://freetranslation.com/web.htm

Url Scripting:
Url scripting is the easiest method. It works on a select few web filters and is based on the same principal as the translation trick. By typing an address like “www.yahoo.com@www.restricted_site.com" the filter will not go into effect as it recognizes the trusted site (in this case yahoo.com)

Other tricks:
Simply open the command prompt and type:
Ping restricted.com
restricted.com obviously being the restricted site
At this point you can take down the IP address (ex. 216.109.124.73) and enter it into the browser. If access to the command prompt is also restricted, see “How to bypass restrictions to get to the command prompt.” If this article has been taken from information leak, then know that it involves anything from opening the browser, selecting view > source, then saving it as X.bat and opening it to opening a folder or browser and typing in the location of cmd.exe depending on the OS. I will not go into further, as this a completely different topic.

Use https://restrictedsite.com as referring to it as a secured site may confuse the filter.

Note: These are ancient methods that many new filters defend against, but still may be applicable in your situation. If not, a little history never hurt anyone.

Web based Proxies:
Another one of the easier, yet effective methods include web based proxies. These are simple in the fact that you just enter the restricted address and surf! Some of these have some restrictions, like daily usage limits, etc but you can also use another proxy (perhaps one that sucks, like a text only) to bypass their restrictions as well. Here is a list of some:
http://proxify.com
http://www.anonymizer.com/index.cgi
http://www.guardster.com/
http://anonymouse.ws/anonwww.html
http://www.the-cloak.com/login.html
https://www.megaproxy.com/freesurf
http://www.anonymizer.ru
https://nadaily.com/cgi-bin/nph-proxyb.cgi
http://www.userbeam.de/cgi-bin/nph-userbeam.cgi
http://www.free2.surffreedom.com/nph-free.cgi

Proxy Programs:
There are many proxy programs that allow you to surf anonymously that are more or less based on the same topics we’ve covered here. I’ve added them just to cover the topic thoroughly:
http://www.hotscripts.com/Detailed/28480.html
http://www.inetprivacy.com/a4proxy/anonymous-grc.htm
http://www.orangatango.com/home/index.ie.html
http://www.steganos.com
http://www.anonymization.net (toolbar that requires admin rights to install)

Making your own CGI proxy server:
Making your own proxy server may come in handy, but I personally find that simply uploading a txt file/w a list of proxies to a free host makes for a much easier and headache free solution. If you don’t know PERL, there is code out there to help you set it up. Check out these sites for more info:
http://httpbridge.sourceforge.net
http://www.jmarshall.com/tools/cgiproxy
http://www.manageability.org/blog/stuff/open-source-personal-proxy-servers-written-in-java/view

Admin Access:
When all else fails, you can simply take over the PC and alter or delete the damn filter. This method varies according to the OS (operating system) you are dealing with. Please see “Hacking Windows NT/2k/XP” on www.informationleak.com for more information. I will go as far as to say it can involve booting the PC in another OS, copying the SAM file and cracking it using a program like saminside or LC5 rather than start a whole new topic within this one.

There are obviously more ways to bypass filters than this, and I plan to update this article eventually. For the time being, Ive included quite a few methods for you to use either individually or in conjunction with each other.
Well, I hope that you enjoyed this tutorial and found it helpful. Carpe system.

Tracing IP address of anybody

Social Engineering always gets your further

NOTE: This tutorial is still in the works, but I felt that I wouldn't beable to contain myself if I didn't let the already completed information out -xyr0x

Table of context
1A: Disclaimer
1B: Introduction
2A: Tools of the trade
2B: What to look for
2C: To be continued...
3A: Last words

Using the tools Correctly

1A Disclaimer:
Tracing somebodies IP isn't illegal. However ISP(s) restrict to the best of their ability to allow their costumers private information from being obtain, i.e address, phone number, emails etc. For this information you'll be learning how to obtain, and therefor if you abuse this information and harrass, play pranks, etc... and get caught, I cannot, and will not be held responsible in any way.

1B: Introduction:
IP Tracing and identifying has been around for quite some time now, since the day of the earliest hackers -- criminal hackers that is, to identify their movement and to enable authorities apprehend them. I haven't seen, nor read a tutorial on how to teach, or publicate how simple this is, even though you watch the news, etc etc... and it's all bloated and looks technical, when it's not. I'm going to be giving you two methods, which really it seems to me, there are only two methods that you'll want to know. These are, how to Identify a Router. For example, let's say you have a wireless network card, and you want to identify the source of it, with an online Map. That'll be one, and the other one is stripping apart an IP Address. As for Remote IP, that you stole from somebody online while sending them a file, and doing a netstat -n manuever. Imagine all of the fun and possibilities you could have. Calling up their phone, billing stuff to their phone, knowing their name, and address, etc. Sounds fun doesn't it? I bet it does.

2A: Tools of the Trade:
In this chapter, I'm going to assert to you which tools we will be needing. We're going to need NeoTrace Pro, Understand what Lattitude and Longitude is for, Logic, Google Maps and, everything else is in your own discretion, as far as being Master detective, stalker enthused, etc.

2B: What to look for:
In this chapter, I'm going to assert to you for what you're going to be looking for, to help you determine and understand, so you don't mess up, and play guess who? with the Nodular display case. Now. I'm going to break this into two segments. One for Router identification, and how to locate using Lattitude, and Longitude mapping. For the newbies who don't know what that is, that's how the globe is mapped out, as for Location range. For each Lattitude, and each Longitude parameter, consists of a virtual box on any comprehensive mapping device, or map. It's also how the pirates of the early 19th century mapped their treasure and sunken ships so that they could find them for salvage, or simply just to explain. I'm not a pirate* nor a historian so I'm just using the best of my logic to guess. So if I'm wrong on the pirate crap, just shut up, and ignore that.

Alright. So if you're using a Wireless network card, e.g Linksys Wireless-G/N/B PCI adapter, you might just learn something new, and this also goes for the readers who're using a Router, and have fallen victimized to this breach. However I'm not going to disclose any security issues on how to prevent that, that's simply in your Configuration Manual. Don't use WEP/WEP2/WPA. They are weak.

Ok, so have we got NeoTrace Pro installed? If yes, than continue reading. Now, statistically speaking, for each Node, there is a base. i.e 191.168.*.* 10.*.*.* and so forth. Every router or DSL/Cable modem which supports WIFI (Wireless Connectivity) will be assigned to a Default Gateway -- they're usually assigned in this nature. Are you getting me here? You'll need to know this. The most widespread default gateway address on a specified router/modem will be like the following: 192.168.1.1 or, 192.168.0.1, why these gateway address' vary is simply depending on if it's being routed by more than one router to connect more than one modem, or simple for other objections. But those are the most usual gateway address'. Ok, so we're connected to a Gateway, and we want to determine where it's comming from now.

Boot up NeoTrace Pro, and then go to www.whatismyip.com This will return your Remote IP, since you're not Physically connected to the router source, you won't get an IP that looks like, 192.168.1.6 for say. Once you've obtaind your IP, put that into NeoTrace Pro. Now we're going to click, Trace. When it's done, click on " NODE VIEW Tab" and select "Node View" -- this will identify what all nodes it pinged to interpret where it's being connected at, with who and so forth. Now you're going to see like the ISP, other connected computers on the router, and the gateway. The gateway ignore the gateway, and look for a node, which is declaring your remote IP in a format such as the following example: 62-12-44-63.myisp.comcast.net. Once you've located that, click on it. Now transfer your attention to the right window pane in NeoTrace. Do you see your information? You'll want to focus on the "Location:" information. It'll have your City where the ISP subscriber is getting their internet from, along with your North and West, Lattitude and Longitude. That'll display like this. Location: My City ISP (11.111N, 11.111W) or it could be south, S, or east, E... Now write the Lattitde and Longitude down. Now remove all of the special characters, like your Hyphens, Coma's and just keep it like the following example: 11.111N 11.111W. Now goto maps.google.com and paste that into the search field, click go, and it'll bring up where you're connecting to. I know alot to read, but wasn't it fun to learn straight forward?

2C: Remote IP comprehensive indentification, is ...To be continued.

3A: Last words:
I'd like to dedicate this tutorial to all of the wardriving addicts and WEP/Network gurus, and it's crackers/security administrators. And for the people who learn't something from this, that it's fun to understand where you are, even if you're in cyberspace

Encrypting instant messaging conversations

Whenever you talk online with your instant messaging (IM) client of choice, your conversations can be, and in all probability are, recorded, monitored, and read. Any data which travels over a network can be viewed using programs known as packet sniffers, with some specially crafted programs, such as IM Sniffer or AIM Sniff, designed exclusively to capture IM communications. No matter how pathetically dull your treacherous life is, chances are someone is bored enough to fuck with it.

What will soon follow is a list of various programs and plugins which you can use with most standard IM clients to encrypt your conversations. The focus will be predominantly on Windows systems (though the tools discussed are often available for other platforms as well), and will also only cover free (as in beer) software, as there’s no need to pay when there are plenty of gratis alternatives (if, however, a time does come when the below mentioned tools stop being free, there’s a textfile on finding serial numbers here: www.dizzy.ws/serials.htm).

Nota Bene: Always encrypt your conversations (even the seemingly innocuous ones) and always keep regenerating (changing) your encryption keys. The reason for the former is that, unless you are intentionally spreading disinformation which you plan on the sniffers seeing, whatever data you consider to be unimportant can be used to compile a profile of you and your activities, which can in turn be used to gain insight into life habits, password choices or those fun password reminder questions, and so forth. The reason for the latter is that the longer you use the same key to encrypt your conversations, the more data and time the attacker has to spend on trying to crack your encryption. Change your key once every hour, every day, every week, or every chat session. The choice is yours, just remember that the longer you use the same key, the more vulnerable you become. Regenerating your key is also easier to do with some of the programs below than with others, while some even regenerate the key for you.

Now then, with no particular order in mind, on with the list!

Name: Gaim-Encryption (http://gaim-encryption.sourceforge.net/)
Key Strength: 512 to 4096 bit RSA keys.
Works With: Gaim (http://gaim.sourceforge.net/)
Operating Systems Supported: Windows/*nix
Protocols Supported: AIM, Jabber, ICQ, [unconfirmed], YIM [unconfirmed], MSN [unconfirmed], Gadu-Gadu [unconfirmed], GroupWise [unconfirmed], Napster [unconfirmed], SILC [unconfirmed], IRC [not supported (while Gaim does act as a primitive IRC client, the Gaim-Encryption plugin does not work with Gaim IRC, see below for IRC encryption options)]

Installation Example: Download and install Gaim. Download the Gaim-Encryption plugin and run the installer. Run Gaim. Click on Preferences and go down to Plugins on the left-hand side. Find ‘Gaim-Encryption’ listed on the right, and check the accompanying checkbox. Restart Gaim. Go back to Preferences, and this time you should see ‘Gaim-Encryption’ listed under Plugins on the left-hand side. Select ‘Gaim-Encryption’ and in the Config tab on the right make sure that ‘accept conflicting keys automatically’ is unchecked, and ‘automatically encrypt if buddy has plugin’, ‘broadcast encryption capability’ are both checked. Checking the remaining ‘accept key automatically if no key on file’ box is optional.

Next, click on the Local Keys tab and select your key. If you don’t see any keys listed there, you will first need to start an encrypted conversation with someone else who is using the Gaim-Encryption plugin. Once the conversation has been started, go back to the Local Keys tab and select your key. Click on Regenerate Key and in the Generate Keys pop-up type in 4096 (the maximum key strength the GE plugin supports at the time of this writing) instead of the 1024 value listed in the Key Size field, and hit OK. On slower machines it will appear as if Gaim has frozen on the ‘generating RSA key pair…’ screen. This is normal, and therefore you should not attempt to restart Gaim, just give it a few minutes. The person with whom you first initiated the conversation should also be regenerating zir key. Once your key has been successfully regenerated, click on the Trusted Buddy Keys and the Recent Buddy Keys tabs and delete the existing 1024 bit keys from your list.

Finally, restart Gaim and reinitiate your conversation. Both the Tx and Rx locks in the IM window should now be red (you may also see a confirmation dialogue pop up, which asks whether you want to accept the key once or accept it and save it, or reject it. Ideally, you should Accept Once). Now go back to the Recent/Trusted Buddy Keys tabs and make sure that the key now stored there for your chat partner is 4096 bits.

Assuming you possess a secure email account and/or secure phone line, you should contact each other and confirm the Key Fingerprint to help ascertain the identity of your chat partner, and then hit Close to exit out of the Preferences menu. You should now be ready to engage in secure conversations. Note: if when messaging your chat partner the locks in the IM window do not turn red, make sure you both have the ‘automatically encrypt if buddy has plugin’ and ‘broadcast encryption capability’ options checked in the Config tab, and try clicking on the lock icons.

Name: Off-the-Record (OTR) Messaging (http://www.cypherpunks.ca/otr/)
Key Strength: ???
(some sort of Diffe-Hellman protocol?)
[The description of the OTR protocol is available here: http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html.
It is complex and convoluted, so I was unable to figure out what the key strength is, if you do, however, then let me know!]
Works With: Gaim, Adium, Miranda IM [unconfirmed], iChat [unconfirmed], Trillian [unconfirmed], vanilla AIM client [unconfirmed] [note: with iChat, Trillian, and the vanilla AIM client, OTR works using the OTR proxy program which I couldn’t get to work, however, Gaim, Adium, and Miranda IM use an easier to implement OTR plugin which doesn’t require the proxy tool]
Operating Systems Supported: Windows/Mac (OS X)/*nix [unconfirmed]
Protocols Supported: AIM; in theory, most other protocols the aforementioned programs support should work as well (i.e. YIM, MSN, etc, though I haven’t tested them. Oh, and IRC which Gaim/Trillian/others support is also not encrypted, so, once again, see below for IRC encryption options).

Installation Example: Download the OTR plugin for Gaim and run the installer. Run Gaim. Click on Preferences and go down to Plugins on the left-hand side. Find ‘Off-the-Record messaging’ listed on the right, and check the accompanying checkbox. Restart Gaim. Go back to Preferences, and this time you should see ‘Off-the-Record messaging’ listed under Plugins on the left-hand side. Select ‘Off-the-Record messaging’ and click on the Config tab. Be sure that the ‘Enable private messaging’ and ‘Automatically initiate private messaging’ fields are checked.

You can now initiate the IM conversation with your chat partner. Once the conversation has been initiated, and assuming you possess a secure email account and/or secure phone line, you should contact each other and confirm the Key Fingerprint to help ascertain the identity of your chat partner. After the fingerprint is confirmed, go back to the Known fingerprints tab and, selecting the screenname of the chat partner whose fingerprint you have just confirmed, select Verify fingerprint and hit Close to exit out of the Preferences menu. You should now be ready to engage in secure conversations.

Name: SecureIM (http://www.ceruleanstudios.com/)
Key Strength: 128-bit Blowfish keys
Works With: Trillian
Operating Systems Supported: Windows
Protocols Supported: AIM/ICQ

Installation Example: Download and install Trillian. Run Trillian and, clicking on the globe on the bottom left (or right-clicking on the Trillian icon in the taskbar and then going to Options), click on Preferences. Go down to AIM and/or ICQ under Chatting Services on the left-hand side, then select Misc. In the SecureIM section, be sure to check both ‘Activate SecureIM Capabilities’ and ‘When possible, make a best effort to automatically maintain a SecureIM session with my contacts.’ You’ll need to do this for both AIM and ICQ if you plan on using both protocols. Hit Apply and then OK to exit out of the Preferences menu.

You can now initiate the IM conversation with your chat partner. The locks in your IM window should turn red. You should now be ready to engage in secure conversations.

Name: SSL Certificates (Available from syLIkc.NET: http://secure.sylikc.net:8080/self_signed/
and Thawte: http://www.thawte.com/secure-email/personal-email-certificates/index.html)

[IMPORTANT:: www.aimencrypt.com also offers certificates, or rather just one same certificate for everybody, which in turn means that anyone can decrypt your conversations. In other words: Do not use AimEncrypt!]

Key Strength: 128-bit keys
Works With: AIM; and possibly other IM clients which allow importation of SSL certificates [such as?—know of one? Then email me about it!]
Operating Systems Supported: Windows/Mac[unconfirmed]/*nix [unconfirmed]
Protocols Supported: AIM; (same as Works With)

Installation Example: pr0to has written a great tutorial on generating/installing a Thawte-issued certificate: http://www.rorta.net/index.php?page=aimcrypt, and the sylikc.net import instructions are here: http://secure.sylikc.net:8080/self_signed/aim.php. After generating/importing the certificate, you should now be ready to engage in secure conversations.

Name: SimpLite (http://www.secway.fr/us/products/all.php)
Key Strength: 1024 to 2048 bit RSA keys
Works With: Gaim, Trillian, and the following vanilla clients: AIM, ICQ, MSN, YIM, Jabber
Operating Systems Supported: Windows
Protocols Supported: AIM, ICQ, MSN, YIM, Jabber [unconfirmed]

Installation Example: Download and install SimpLite for your particular protocol (note that each protocol has a separate SimpLite program that you need to download). Run your particular flavour(s) of SimpLite and the Keys Generation Wizard should pop up. If it doesn’t, click on Keys in the menu and go down to Generate key pair. Follow the instructions and after a few steps you should have your key.

Run your supported chat program of choice, making sure that SimpLite is still running in the background. After sending a message to your chat partner, you should see your partner’s key show up in the SimpLite program, and your conversations should be under the Green authenticated/encrypted arrows.

Assuming you possess a secure email account and/or secure phone line, you should contact each other and confirm the Key ID to help ascertain the identity of your chat partner. You should now be ready to engage in secure conversations.

Name: FiSH (http://fish.sekure.us/)
Key Strength: 1080 bit Diffie-Hellman keys
Works With: mIRC, irssi, xchat
Operating Systems Supported: Windows/*nix/Mac (OS X) [unconfirmed]
Protocols Supported: IRC

Installation Example: Download the latest FiSH archive and extract the contents into your mIRC directory (wherever mirc.exe is located). Run mIRC and type ‘/load -rs1 FiSH.mrc’ (sans quotes). Close mIRC. Run the patch executable that matches your version of mIRC (click on Help, then About (or just click on that yellow icon on the far right of your toolbar) in mIRC to find out your version number).

When you extracted all of the files into your mIRC directory, you should have extracted a file called blow.ini-EXAMPLE. Open this file in Notepad and copy all of the contents. Close this file and open a blank Notepad window. Paste the contents and save the file as blow.ini (being sure to select ‘All Files’ from the Save As menu). You just did this so that you have a nice clean backup copy of the ini file in case you completely screw up this copy. For detailed information regarding setting up the blow.ini file, read the FiSH.txt file included in the FiSH archive you downloaded. However, a bare bones blow.ini file will look something like this:

[FiSH]

process_incoming=1
process_outgoing=1
plain_prefix="+p "

[#RORTA]
key=d8SfskY0riaqsfd19ks220dUtQZmKdeWrp8ksfdLjsoig49dp7G
encrypt_topic=1

The first two lines mean that FiSH will drecrypt all incoming messages and encrypt all outgoing messages, respectively. The plain_prefix line says that all messages you send that start with ‘+p ’ (note the trailing space) will be sent as plaintext (unencrypted). The next line is the name of the channel you want to encrypt (you can add more channels below, following the same format). The key value is the encryption key for your channel, be sure to make it difficult to guess by using a long string of mixed-case letters and numbers. The encrypt_topic line asks if you want to encrypt the topic in the channel (1 for yes, 0 for no).

As the FiSH.txt file rightly points out, exchanging channel key information in plaintext is a security risk. Thus, you should ideally tell other members of your channel the channel encryption key only through an IM window that has been encrypted using one of the aforementioned methods.

To encrypt private messages, either double-click on the user’s name to open up a private message window or message the user manually (/msg username moo!) and wait for a reply to get a PM window open (if you two aren’t in the same channel). Then right-click in the PM window and go to FiSH-->Auto-KeyXchange-->Enable, and then either close/reopen the PM window or/and click on DH 1080 KeyXchange (which is also in the PM right-click window under FiSH). You should now be ready to engage in secure conversations.

Nota Bene I: The FiSH encryption key is not the same thing as the channel key (mode +k). Naturally, your channel should also be set to modes +sk to further protect the conversation. First, type /mode #channelname +s (this prevents the channel from showing up in either /whois or /list), followed by /mode #channelname +k yourchannelkey. Your channel key should be different from your FiSH key, and merely means that no one can join the channel without knowing this key (to join the channel type /join #channelname yourchannelkey), whereas the FiSH key means that no one can read the conversation, irrespective of whether or not they can join the channel or not (network administrators can monitor all traffic on their server, even if they’re not in the channel with you).

Nota Bene II: You can further secure your IRC connection by using SSL (Secure Sockets Layer) (assuming both your client and the particular IRC network support it).

If you are using the latest version of mIRC (6.14+), instructions for setting up SSL are available here: http://www.mirc.co.uk/ssl.html (the needed DLLs can be downloaded here: http://remus.oru.se/tsub/mirc-ssl/mirc-ssl.zip, or extracted from the OpenSSL installer linked to on the abovementioned mIRC site). Once you install the necessary DLLs, type //echo $sslready and you should get a reply of ‘$true.’ To connect to an SSL server you can use the -e switch before the server address or/and a plus sign (+) before the port number, for instance: /server -e irc.rizon.net +9999.

Consult the readme files of other clients for information on their SSL implementation capabilities. For instance, if you are using xchat on *nix, install the OpenSSL libraries (www.openssl.org) and then when connecting to the particular IRC server with SSL support add a plus sign before the port, e.g. /server irc.rizon.net +9999.

Some networks also let you set certain modes for the channel (for example, +S on Rizon), which require SSL to be enabled in order to join the channel (ask in #help or browse the network’s website to find out if SSL servers and SSL-Only channel modes are supported).

Nota Bene III: The great thing about IRC encryption is that you can encrypt entire channels, and thus have secure conversations between groups of more than two partners (something which, as far as I know, is not possible with any of the other aforementioned encryption tools), so appreciate it and enjoy it! :)

Caveats & Miscellanea

As you have doubtless noticed, there’s a plethora of encryption plugins, with various levels of key strength. The Gaim-Encryption plugin provides by far the strongest key pair (at 4096 bits), however, it doesn’t fly well on Macs. Therefore a feasible scenario may have one user running Adium on a Mac, while another runs Gaim on Windows, with both using the OTR plugin. Keep your options open, and always use the strongest key pair possible (combine malleability with security!).

There is no such thing as ‘perfect security.’ When I have repeatedly stated that ‘you should now be ready to engage in secure conversations’ don’t come crying when your key is compromised due to poor key handling on your part (insecure storage of keys, infrequent regenerations, etc.). In other words: don’t get sloppy, you lazy sack of shit (this is a note to self as much as it is general advice ;)).

On the subject of log files: many IM clients have the option to store logfiles of your conversations (and in many clients this option is enabled by default!—so be sure to scan the preferences/settings areas of your clients to disable logging). Logs are often (read: almost always) stored in plaintext, even when you use the various encryption plugins! Therefore if you do decide to enable logging, be sure to encrypt the logfiles themselves (info on encrypting data will be presented in a future segment of this Underground Security Paper series).

You’ve probably noticed that various clients/protocols/OSes have the ‘[unconfirmed]’ label after them. This is simply due to the fact that I haven’t yet tested the particular encryption tool on those protocols/systems. If you have, please let me know so I can update the information in subsequent versions of this textfile!

Finally, note that the ‘installation examples’ are just that: examples. As stated at the outset of this textfile, the focus has been on Windows and therefore the examples lean towards Windows scenarios. (Don’t take them too literally).

Guide to customise win xp

Table of Contents

1. Desktop Customization
a.Wallpaper/Style
b.Files/Folders
2. Start Menu/Taskbar Customization
a.Styles and Options
3. Conclusion

Microsoft Windows is thought to be run on 90 to 95 percent of personal computers around the world. There are an estimated 300 million PCs being sold each and every single year, and with so many operating systems available, the most widely used, Windows has obtained the right for being the most largest operating system company ever. Alot of this is due in part to the domination of MS-DOS on the early day PC compatible computers such as IBM-PC clones for an example. Also because it is the one operating system where most primary types of software are supported. And then of course we have other OS's such as Macintosh, and of course the ever so popular Linux. It was predicted two years ago that the Linux market share would overpower Macintosh's market share sometime in 2005. It hasn't looked that way. While these other two operating systems are great, look cool, and are basically almost virus free, they are complicated to use, especially for the Window lovers alike. Now, every user of any operating system wants nothing but customization, customization, and more customization. And maybe you are a Windows user saying to yourself "Gee, I wish I could have my Windows XP look really cool! But I don't know how..". Well, no need to spend countless time searching over Google or Yahoo!, your guide to customizing the very basic features of Windows has finally arrived! The tutorial below will teach you step-by-step how to customize Windows so you'll never be looking at the same old colors ever again! There is a wide range of editing and modifcations out there, so lets go customize!

1. Desktop Customization
Here I am going to start out first with some Desktop modifications.
First we will begin with the very basic customization for the desktop EVERY Windows user should know how to do, change the wallpaper. And if you don't know, don't sweat it! I'll tech you in our first part of the tutorial below. Just keep reading, remember "Patience is the key to success" even though I'm the wrong person to be telling anyone that, it is true. Okay enough of my talking, lets get to customizing!

1a. Wallpaper/Style
Right click on your Desktop background and select "Properties". Once here you will see multiple options. First you will see multiple Tabs on the top, but we'll get to those in just a bit. First things first, what your looking at currently are the "Themes" for Windows XP. Depending on what you've done before, "My Current Theme" should be selected already... but if it is not, then "Windows XP" should be selected. Anyway, click the little black arrow next to it and you will see a drop down box. On this drop down box are multiple themes. The first one "My Current Theme" is for when you select a theme, but of course you wont be doing that until you are finished reading this tutorial! Okay and then you have the basic "Windows XP" theme, and then "Windows Classic" which will actually set it back to looking like Windows 95/98(oh, the horror!!). Then you have "More Themes online..." which just brings you to a part of Microsoft's website where they want you to buy a theme package, then there is "Browse..." this is for when you actually get around to making a theme, then decide to Save it(hence the "Save As..." button you see). Okay, lets move onto the next tab shall we? Click the "Desktop" tab to proceed.

Alright, here we are now at the "Desktop" tab. This is a very easy part of customizing and is where the main Wallpaper editing comes into play, everything just about speaks for itself here. But I'll guide you through anyway. First you should notice a clickable "Browse..." button, use this button to browse through you hard drive for your own custom pictures you wish to use as wallpaper. But first I recommend you choose a background that is already loaded so you can get the feel for everything. So lets choose an already loaded wallpaper, lets start with the picture named "Ascent" so scroll around on this same tab and click on "Ascent". The great part of all of this is you can preview how everything looks before you make a final decision! Okay so now click "Apply" and your whole computer screen will slowly fade into gray for about 10 seconds or so, then it will return with your new wallpaper! See, now that wasn't so difficult...was it? Take you time having fun and playing around with the other wallpapers you see. Now click the little black arrow you see under "Position", you should now see a drop down box with only a couple of options. These options being "Center", "Tile", and "Stretch". As an advanced notice I'll let you know now that most users choose "Stretch" just because it looks better, but this is your desktop... feel free to choose anything you want! Okay, so basically the "Center" option centers your wallpaper leaving space around it, "Tile" creates multiple wallpapers and makes them into a pattern like technique, hence the name "Tile". Now the last one option which is "Stretch" is pretty self-explanatory, it stretches the wallpaper out so it covers your entire screen. And now click the black arrow under "color" this is basically pointless unless you either have a blank desktop or are centering your wallpapers, if any case read on, if not skip this part. Once you click the arrow a drop down box with different colors will appear, click the one to your liking or create your own color by clicking "Other...". Okay we're finished with this tab, click "Screen Saver" on the top to continue on.

Here you will select your Screen Saver. First click the drop down box under where it says "Screen saver" you will see multiple options for different type of screen savers. Choose one and click "Preview" to see whether or not you like it. You also click the "Settings" button to change different features and modify the screen saver around a bit, I cannot cover this area because there are settings with almost every screen saver, the customization is totally up to you. Underneath you will see something that should have a number on it, it should say "10" but if it doesnt, it will have some sort of number. This number indicates how many minutes your computer will sit idle until the screen saver activates, select however many minutes you decide to. Next to that there is a little checkbox next to where it should say "One resume, password protect" this option speaks for itself. Mainly what this is for is if you check this box that means whenever you try to turn the screen saver off and return to your computer, it will ask you for a password, if you decide you don't want this, do NOT check the box, if you do, check the box and choose a password when you Apply. Click the "Appearance" tab to continue.

This is the most customization here, and if you decide to edit the window colors, it is time consuming for first timers, so be aware. You will see three different drop down menus. "Windows and buttons:" "Color scheme:" and "Font size:" should all be there. Lets begin with "Windows and buttons:" first. Click the black arrow and you can see there are two options, the first one is "Windows XP Style" this is the default style and if you want to change how everything looks in this style, leave it be. The second style is "Windows Classic style" this is to make only the windows look like the style from Windows 95/98, if you want to edit them with this style select it, if not then leave the "Windows XP style" selected.

=Read below if you selected "Windows XP style". If you chose "Windows Classic style" then skip this section and continue onto the next=

Under this should be "Color scheme:" click the drop down box and there should be a few options, first there will be "Default (blue)" this is the one you probably already have. Then there is "Olive Green" select this and it will show a mini preview in the tab of what it looks like, neat huh? The next one is "Silver" this one if one of my favorite, choose whichever one you want. next is "Font size:" click the drop down box and you will then see here "Normal" "Large Fonts" and "Extra Large Fonts". This is an especially good feature for the elderly or anyone who has trouble seeing small font.

=Below are the options for "Windows Classic style"=

Under the "Windows and buttons:" option. Under "Color Scheme:" you will find at least about twenty or so options, each one changes the color so go ahead, click each one and watch the preview change. Under "Font size:" you will see "Normal" "Extra Large" and "Large". I noticed when you change to certain color schemes only "Normal" is available under "Font size:".

Now this section is not only for Windows XP style or the Classic style, it is for all. Click the "Effects..." button. First you will see two check boxes, click the drop down box on the top that says "Use the following transition effect for menus and tooltips:" there should be "Scroll Effect" and "Fade Effect". "Scroll Effect" is for when you click boxes, for example click Start>All Programs and highlight items where boxes comes out, the "Scroll Effect" makes it roll out otherwise the "Fade Effect" just makes it fade and appear. The other checkbox saying "Use the following method to smooth edges of screen fonts:" is underneath, click the drop down box and you'll se the two options which are "Standard" and "Clear Type". "Clear Type" is what its already on, "Standard" makes the text look a little odd, almost how if you don't choose the "Anti-Alias" feature and most photo editing software. Below are four check boxes, I'll read them off to you "Use large icons" which is if you want your icons to be larger, "Show shadows under menus" this is if you want the shadow to show under the menus, "Show windows contents while dragging" this was the style for Windows 95/98 which is where when you drag a window it will not show the contents but only the out gray line of the window instead, "Hide underlined letters for keyboard navigation until I press the Alt key" this is where the underlined letters for the keyboard navigation will be totally hidden until you hit the Alt key. Or in other terms, for example, open up Notepad. Do you notice the options on top saying "File Edit Formation View Help"? One of the letters in each of those will be underlined if you check this, basically this doesnt really serve a purpose. Now click the "Advanced" button. Under here are an array of tons and tons of features. From editing the color of the windows, editing the type of style, the style color, the list goes on and on and on. I simply cannot tell you about EVERYTHING under here, because this tutorial would last forever. So this is the section I like to call -Do-it-yourself- where basically you figure it out, it gives you a chance to learn, figuring things out, and you'll get a sense of achievement knowing you've done it all by yourself. So, this is the time consuming part I was speaking of, edit some options, change some colors, and preview. You'll figure out sooner or later what changes what and you'll be able to do it all by yourself. Okay! Click the "Settings" tab and we'll be on our way for this part!

This is yet again another slef-explanatory section. You've basically have here a complete layout of Screen and graphic resolutions. If you are satisfied with your current resolution and such, skip this part otherwise keep on reading. Mainly first you have something that will say "Display:" and under it will be your type of monitor, mine says "Plug and Play Monitor on Intel(R) 82845G/GL/GE/PE/GV Graphics Controller" and that is what yours might possibly say too if you do not have a graphics card. Okay continue on below where we have the "Screen Resolution" and the little bar/arrow you can move from the left to the right to change your resolution. I have mine set to 1024 by 768 pixels which is a reasonably good resolution and is what most PC users have theirs on. But of course change it to you hearts content. To the right we have "Color quality" I recommend putting it on "Highest (32 bit)" but that is just me, feel free to change it to whatever you wish to have. The button below that says "Troubleshoot..." does nothing more than bring you to a Help and Support center to try and troubleshoot any issues or problems your having. Clicking on "Advanced" would not be a smart choice for first timers since this part is a bit too complex for the normal computer user. But it basically tells you your Monitor, Adapter and others functions, there is not too much customization to do in here though fortunately. You have finished this part of the section already? You're a faster learner than I thought! Okay, continue on down below for more.

1b. Files/Folders
I believe in a few things. Not only do I believe in how your computer, especially Windows, should always be organized to look nice, neat, and have a very comfortable feeling about it. Not only do I believe in that the fact of organization, usage and finding ability, but looking good while doing it! That is why this small sub-section will be all about customizing your folders and files so they stand out and laugh at the rest. So let's get started!

Okay first things first, if you do not know already then learn how to create a new folder by right clicking on your Desktop background and highlight "New" and then click "Folder" to create a new folder. When you make a new folder it will have the default picture which is that little yellow folder, but that is old school....lets get something that looks a bit better. Right click on your folder and select "Properties". Once here you will see a few things, first on top you will see all of the basic statistics such as the size of the folder, the name, where its located, how many files it contains, etc. Under all of this are a couple of options. You will see two options next to Attributes, these are "Read-Only" and "Hidden". The check box that reads "Read-Only" means that when you have the box next to it checked it causes all of the files under the folder to be "Read-Only" which means they cannot be deleted or changed, un checking this box turns off this feature. Now the next option "Hidden" causes this folder to be hidden. Great for hiding things temporarily if you do not want someone else to access it. Of course it will only actually become hidden once you go into Windows Explorer and click select to hide files and folders that are specified to be hidden. To do this click Start>All Programs>Accessories>Windows Explorer, now once Windows Explorer loads click "Tools" on the top next to Help. Under "Tools" click "Folder Options..." once under here click the "View" tab at the top, you should now see some settings in the middle. Look for something that says "Hidden files and folders" under this click "Do not show hidden files or folders" to hide everything that you selected to hide. Not, click "Show hidden files and folders" to show everything that you've select to hide. Once finished click OK and exit out of Windows Explorer. Now lets get back to the folder options. Now back to the two options, next to them is a button that says "Advanced..." click it, you should see a window pop-up now that has a few options which are "Folder is ready for archiving" which specifies whether or not the folder will be archived. Many programs use this feature which files and/or folders are backed up. My recommendation is that you make sure this is checked for every folder that contains any crucial or important data. Now the next option "For fast searching, allow Indexing Service to index this folder" and this option specifies whether the contents of the folder should be indexed for faster searching, once the folder is indexed you can search within the folder as well as search for properties, such as time and date, or attributes of the file or folder. Okay and the next option you see is "Compress contents to save disk space". Specifies whether the file or folder is compressed. The contents of compressed folders are not automatically compressed unless you elect to compress them when prompted. Also a side note for more advanced users, when you compress a file or folder they cannot be encrypted. Alright select whatever option you want and click OK to continue. Now on the top of the screen you may edit the name of your folder if you wish, otherwise we can do it an easier way later.

The next tab "Sharing" does not relate to customizing, so I am going to skip this. Besides, if you don't have a Router this tab is useless to you. Click the "Customize" tab to continue.

Alright here we are on the final tab of Desktop customizing. This is the fun part, nothing too hard here to relax. Now on the top we have a little drop down box(Remember those? You dealt with alot of them in the Wallpaper section) which should say "Documents (for any file type). now before you start clicking like crazy and having fun allow me to explain what this is for. This allow you to select a folder template, folder templates apply specific features to your folder, such as specialized task links and options for working with pictures or music. I recommend just putting it on "Documents (for any file type" and keeping it that way, unless you are 100% positive you will only have videos in this folder, or pictures or perhaps music, and if you are select the right type that fits you. "Also apply for this template to all sub folders" this applies the same template to all folders you make in this folder in the future. Now below is a section that you will probably be passing on this tutorial. Mainly because this feature you see here is only for sub folders and has nothing to do with a new folder you are creating on the desktop. But you might as well learn now anyway. This ONLY works for sub folders and ONLY works when you are in thumbnails view. To go into thumbnails view, go into a folder and click the little box next to where it says "Folders" it should have a small black arrow next to it, click the arrow and click "Thumbnails", or you can click "View" on the top of the windows and select "Tumbnails" instead, whatever is easier. Anyway back to the option. There are two buttons "Choose Picture..." and "Restore Default". The "Choose Picture..." button is for you to choose a picture which will be visible on a subfolder, this option is supposed to be for reminding you the contents of which the folder contains. For example, you have a subfolder that has pictures of guns in it, so you select the "Choose Picture..." button and find a picture of a gun which will display on the subfolder, so you'll see a picture of a gun and say to yourself "Oh, that folders has pictures of guns in it.". The "Restore Default" button is self-explanatory, it just resets whatever picture you put on the subfolder back to the default. Now below these two buttons is the fun part, click on the "Change Icon..." button and lets get cracking! :) You should now see a window pop-up with a whole bunch of different pictures in it. What you are looking at here is the section of pictures that you can change your folder to. It is actually one of my favorite features. So as you scroll from left to right go ahead and daze at the beautiful pictures and go "Oooo" and "Ahhhhhh". Alright but onto a more serious note, you have a button on top "Browse..." what this is is where you click to import your own personalized pictures to use for your folder. I have not used this before, so go ahead and see what types of formats it accepts. Then you have your basic "OK" and "Cancel" buttons and we all know what those do, and then you have "Restore Defaults" which does just that, restores your picture back to the default. Alright, we're finished with this sub-section! Find the pictures you want, click "OK" and read on.

Now, right click on a file and select "Properties" and lets continue. Here you see almost the same exact thing you saw when you clicked a folder and selected Properties. Here you have the same thing, size of file, when it was created, etc. etc. Click the "Summary" tab on the top, here you can edit the Title and Subject of certain files. If it is a Music file like an mp3 this might be needed. For example say you have the song "My Sacrifice" by Creed, you would put in the title "My Sacrifice" and "Creed" in the Author section. It isn't anything great, but just a small feature. When you've inputted what you want, click "OK". Here you are at your desktop...over looking your awesome looking folders and your cool looking desktop, but now what? Well you can simply move your files and folders around, yes, do that! Click and drag things around to get used to it. Okay, that is enough, if you right click on a File or Folder you have your usual options, "Rename", "Delete", "Properties" and so forth, not much explaining needs to be done here.

Okay open Windows Explorer once more and click "Tools" then "Folder Options..." once again. A tab "General" should open with three different options containing various check dots. The first named "Tasks" will be the first option you will notice, under it are two options: "Show common tasks in folder" and "Use Windows classic folders". If you select "Show common tasks in folders" this specifies that hyperlinks to common folder tasks and other places on your computer are displayed in folders. This will show on the left pane of the folder Window. "Use Windows classic folders" specifies that folder contents are shown like Window classic folders, which means that folder contents will not operate or look like Web Pages. The "Browse Folders" section should be right below which will show "Open each folder in the same window" and "Open each folder in its own window". These are self-explanatory if you know what you're doing, the first option is so that when you are browsing folders that each time you browse or open a new folder it will open up in a new window, that is if you select the first option. The second option is so new folders will open up in their own new window, the other windows from before browsed folders will still be visible. I suppose the second option is useful if you need to open up various windows with different content and do not want to close the others out. "Click items as follows" is next and if you select "Single-click to open an item (point to select)" then any type of file or folder will open on a single click without double clicking. Read on.

2. Start Menu/Taskbar Customization
So you've gotten this far already? Well now that you have, you should know that my tutorials are not BS in the fact that I can teach you the right way so that you will learn. Let that be a remembrance for all of my future tutorials. I'm glad you have the motivation to read all of this, it shows how us computer users today at whatever age, young or old, and whatever experience or knowledge, beginner or expert, we can all learn something new, and that we all have great motivation to succeed. Now lets carry on.

2a. Styles and Options
Right click on your start button and hit "Properties". Once here a window will pop-up called "Taskbar and Start Menu Properties" and from here you can do a variety of different modifications. You should already be looking at the "Start Menu" tab, below are two circles, one is dotted, next to each of them they have two options... "Start menu" and "Classic Start menu" click on the dot next to the corresponding feature and you will get a slight preview in the window above them, select whichever one you want and click the "Customize..." button next to it.

=The below instructions are for the "Start menu" feature. If you did not select this and you selected "Classic Start menu" instead then skip this section=

Alright you should see another window pop-up entitled "Customize Start Menu" under here the first thing you should see are two little pictures of a desktop computer. One will say "Large icons" and the other will say "Small icons", normally "Large icons" is already selected, if not, I recommend it... also of course differs depending on what type of resolution you have set. Under this you will see a small box with a number in it, this specifies the maximum amount of programs to display on the start menu. Under this is a button called "Clear List" I actually suggest clicking this every week or so, it basically clears the start menu cache of all stored programs that were recently used. Under this are two drop down boxes, and two check boxes. This is what it shows above the recently opened programs on the start menu for easy access to your internet browser and email client. If you want these, check the box next to "Internet" to display the easy access feature for your browser. Now next to this select the drop down box and click on the browser you want to display for easy accessibility. Check the box next to "E-mail" which is under "Internet" to enable the easy access feature for E-Mail. Now click the drop down box next to this and select the email client of your choice to be displayed for easy access, Outlook Express is selected by default. Click the "Advanced" tab to continue. Now as you take a look you will then notice at first a large scrollable box, but we will get to that a bit later. The two check boxes at the top read" Open submenus when I pause on them with my mouse" this is for when you click Start>All Programs and you see certain things with black arrows next to them that will open up with more features, this is for when you just highlight them(or pause over them) with your mouse, it opens a new box to display more. This is checked by default. "Highlight newly installed programs" will be the next thing available you should see. What this does is it highlights new programs you've installed. For a clearer example, say you just installed AOL Instant Messenger, or AIM for short, if you click Start>All Programs you will see "AOL Instant Messenger" and since you just installed it hypothetically speaking, it will be highlighted in yellow. This is checked by default but you may turn it off if you wish. Under this you see that big scrollable box again, lets get to this. What this is is it modifies part of the Start menu features. The first option should say "Control Panel" and under it should say "Display as a link", "Display as a menu" and "Don't display this item". Control Panel which is located when you click "Start" is already by default a link, you may edit it to change it to a menu if you want. Then there is "Enable dragging and dropping" I do not know why anyone would want to turn this off, but if you want to uncheck the box next to it. "Favorites menu" is next. This specifies whether to add the "Favorites menu" to the Start menu. "Help and Support" this specifies whether to add the "Help and Support" link under the Start menu, I recommend keeping this checked. Under all of these you will see different things like "My Computer" and "My Music" just to name a few. Checking options under them mean the same thing as I explained above about the Control Panel, except for whatever it enables the feature for the corresponding option(ex. My Computer, My Music, My Documents, etc.). Under this big scrollable windows is a button that says "Clear List" much like the one we saw on the "General" tab window. Clicking the button will delete the shortcuts to documents displayed in "My Recent Documents" folder, which sometimes will be located under the Start menu. Please note this DOES NOT delete the documents from the computer entirely, just the history of you opening them up. I recommend doing this every so often, at the end of this tutorial I will give you some links to programs that will do this for you. The check box next to this on the left says "List my most recently opened documents", select this box to have Windows display the "My Recent Documents" folder on the Start menu. When you're finished selecting all of your options click OK.

=The below instructions are for the "Classic Start menu" feature. If you did not select this and you selected "Start menu" instead then skip this section=

Select the dot next to "Classic Start menu" then click the "Customize..." button to the right of it and read on. You will see "Add...", "Remove...", "Advanced", "Sort" and "Clear". I will explain one-by-one what each of these represent. The "Add..." button is to add a shortcut to the start menu or the Programs menu. If you decide to Add something click the button and you will see a "Browse..." button where you may browse for folders. Click the "Remove..." button to remove a shortcut from the start menu or the Programs menu. When you click "Advanced" this will launch Windows explorer. You can use this to add items or remove items from the start menu. It should at first bring up a small folder named "Programs" that you can modify(it looks kind of like a cache of some sort once you open it). "Sort" is for that when you click it it rearranges the items on the Programs menu so they are displayed in the default order. "Clear" removes the list of recently accessed documents, programs, and Web sites from the Documents menu. You should also do this frequently. Now below you have a few things you can do. They are all self-explanatory, "Display Administrative Tools" will do just that, display administrative tools. That is the one great things about Windows(the only one I can think of:P), they make the customizing pretty easy to understand. Whatever you do, I recommend keeping "Enable dragging and dropping" checked. Without this, it makes every job you do that much harder. When you're done click OK to proceed.

Okay, you're back at the Start menu customizing screen, click the "Taskbar" tab. "Lock the taskbar" should appear first on the list. Checking the check box next to this option locks the taskbar at its current position on the desktop so that it cannot be moved to a new location and also locks the size and position of any toolbar displayed on the taskbar so that it cannot be changed. If you want this option check the box next to it, if not then uncheck it. "Auto-hide the taskbar" will basically just hide the taskbar. To redisplay the taskbar, point to the area of your screen where the taskbar is located. If you want to be sure that your taskbar will be visible whenever you decide to point to it, make sure the box next to "Keep the taskbar on top of other windows" below is checked, and that the box next to "Auto-hide the taskbar" is also checked. "Group similar taskbar buttons" will be below. If the taskbar becomes so crowded with buttons that the width of the buttons shrink beyond a certain width, then they will all be collapsed into a single button. For example, say you have 4 Internet explorers up, each with a different website, and you also have outlook express, notepad, paint, and maybe an anti virus running, then those 4 internet explorers will be collapsed to create only one button on the taskbar rather than 4. You would click this one button and it will bring up an option for you to select which out of the four you wish to choose. "Show Quick Launch" is just glaring at you, I'll explain what it is. Checking the box next to this will enable the "Quick Launch" feature that displays on the taskbar next to the "Start" button. The Quick Launch is a customizable toolbar with different icons representing different programs. Say if you had a toolbar with the little "e" on it(which stands for Internet Explorer), when you click it you would launch internet explorer. This is mainly for quick accessibility to your favorite programs. The option below "Show the clock" is obvious, un checking this will disable the clock on the lower right of your computer screen, keeping it checked keeps it enabled. "Hide inactive icons" below is an option that keeps the taskbar notification area from displaying unused items. I am speaking in particularly more of the area to the left of the clock. Click the "Customize..." button to the right if you selected this option. Otherwise, skip this part. This lets you specify the behavior of an icon in the taskbar notification area. You may choose what programs you want to hide, show, or hide when they are inactive. For example, look to the lower right next to the clock, perhaps if you have "AIM" running you'd see a little icon next to the clock showing it(if you don't see one, try click the arrow that points to the left), well if you look on the menu here you see multiple programs such as "Java(TM) 2 Platform" or "AIM". Click to the right of them and you will receive a drop down box with three options. One of those three options are "Hide when inactive" another one is "Always hide" and the final option is "Always show". Clicking "Hide when inactive" hides the specified program when it becomes inactive. "Always show" will always show the specified program even when it becomes inactive. The "Always hide" will hide the specified program at all times, whether or not it is active or inactive. The "Restore Defaults" button will restore all of the options to its default settings. Once you're finished click OK, hit Apply at the next screen and click OK.

Would you like to have your favorite programs within reach easily? No more searching around for your programs, Windows XP(All Versions) allows you to easily make them accessible right when you click the Start menu! To do this select your favorite file or program by right clicking on it and selecting "Pin to Start Menu". Now if you click the Start menu you will notice that not only will you have your favorite Internet Browser and Email Application available on the top but you will have whatever file/program you pinned. A very unique option indeed, and is worth playing around with. To take a pinned item off the Start menu just right click it again and select "Unpin from Start Menu" and that will remove it.

Conclusion
This guide is completely noobish. There are many many things in Windows to customizing that I have not listed or mentioned. I might in the future revise this and make a follow up tutorial to cover some of these things, but for now you have this, smile. On a serious note, use Google if you don't understand something. I cannot stress this enough, it has been said many times before but I'm willing to say it again, use Google and find things on your own otherwise you'll never get anywhere if you're always relying on others to give you hand outs. Of course asking is a great thing, just don't over use it. ;)

Now for those Windows programs I mentioned in the above articles. There are many Window cleaning/optimizing programs out there. I will list the two that I use, a paid one and a free one.

CCleaner(Crap Cleaner)
http://www.ccleaner.com/

Webroots Window Washer
http://www.webroot.com/consumer/products/windowwasher/

Also on another note, please keep in mind that when you are customizing Windows and want particular items in a certain location that dragging and dropping is your best friend. Use it, use it again and overuse it. It's a very key feature to fully customizing most things Windows. So until next time, I hope you enjoyed the article and hope you learned alot. Please look for possible follow ups to this and also on all of my future articles.