The TECHINFORMATION ENCYCLOPEDIA

The following are a few basic linux commands u need to know to actually use linux

8 October 2006

The following is a non-comprehensive list of commands that I use regularly and had some difficulty finding when I first started with Linux. These commands are the fundamentals -- absolute basics.

execute a program
./

Change directory
cd

Go to home dir
cd

Change permissions
chmod

Change ownership
chown

Create a new user
adduser

Change password
passwd

Make an ssh connection
ssh -l

Use text browser
lynx

Switch users
su -u

Remote root login
su -u root (after regular connection is made)

Create multiple screens
screen

Check connections
netstat

Access a cd
mount /mnt/cdrom

Eject a cd
umount /mnt/cdrom eject

Access irc channel
irc (assuming it is in a directory that is included in your env path)

Access your ipchains or iptables
./ipchains or ipchains (may have to be in directory depending on env path)

Check your location
pwd

Send network message
talk

Check network config
linuxconf

Find a file
find / -name -print (wildcards * can be used)

Get info on a program : man

Make a new directory : mkdir

Remove a directory : rmdir

List all files in a directory : ls

Display file content : cat

Copy files : cp

Move files : mv

Search for a keyword : grep

Create a new text doc : pico or vi (if you are a newbie, use pico)

Start X client : startx

Stop a process : kill

_____________________________________

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 10:35 pm | Permalink 2 comments

registry hacks

What is the Registry?

The Registry is the central core registrar for Windows NT. Each NT workstation for server has its own Registry, and each one contains info on the hardware and software of the computer it resides on. For example, com port definitions, Ethernet card settings, desktop setting and profiles, and what a particular user can and cannot do are stored in the Registry. Remember those ugly system INI files in Windows 3.1? Well, they are all included with even more fun stuff into one big database called the Registry in NT.
One of the main disadvantages to the older .INI files is that those files are flat text files, which are unable to support nested headings or contain data other than pure text. Registry keys can contain nested headings in the form of subkeys. These subkeys provide finer details and a greater range to the possible configuration information for a particular operating system. Registry values can also consist of executable code, as well as provide individual preferences for multiple users of the same computer. The ability to store executable code within the Registry extends its usage to operating system and application developers. The ability to store user-specific profile information allows one to tailor the environment for specific individual users.
Always make sure that you know what you are doing when changing the registry or else just one little mistake can crash the whole system. That's why it's always good to back it up!

To view the registry of an NT server (or to back it up), you need to use the Registry Editor tool. There are two versions of Registry Editor:

.:Regedt32.exe has the most menu items and more choices for the menu items. You can search for keys and subkeys in the registry.

.:Regedit.exe enables you to search for strings, values, keys, and subkeys. This feature is useful if you want to find specific data.

Some Info on NT:

32 bit GUI Windows networking (client server model) Operating System. 1st version: 3.1 (circa 1994), then 3.5, then 3.51, then 4.0 (most used and this version was the 1st to adopt the same GUI as Windows 95). NT stands for New Techology. NT's main competitor is Novel Netware which is more established and has been around longer as a network operating system. Despite that, it is losing market share to NT and Linux. That's why NT is becoming a little bit more important. Windows 2000 which is supposedly the next version is supposed to be out sometime in October 1999. This version formerly called Cairo has been delayed 3 times over the last 2-3 years. Everything in this tutorial directory relates to Windows NT v. 4.0 . Some of this might also be useful for Windows 95 and Windows 98 but please note that despite the similar GUI environments all of them have major differences between each other and each are distinct. The major difference is security, with NT there is a decent degree of security and robustness. With Windows 95, and 98 there is hardly any security at all. For example with NT you cannot log in without a password and a username that is correct. With Windows 98/95, just hit the cancel button on the log on menu (which is not usually enabled anyways) and you will get into the system. With NT, you can have a network from anywhere from 20-20,000 users or so on the same domain. Each Domain will have a Primary Domain Controller (PDC) and a few Backup Domain Controllers (BDC's). There is only one PDC in a domain, it is the main server that holds all the log in info and does most of the work. BDC's are backups in case the PDC gets to busy such as multiple users logging in at the same time. PDC has all the official settings for the entire domain (in most cases an entire network) on it. BDC's usually have partial and not right up-to-date settings and information on it. Backing up the Registry of your PDC (Primary Domain Controller) is an important part of disaster prevention, because it contains all of your user accounts. If you ever have to rebuild a PDC from scratch, then you can restore your user accounts by restoring the Registry.

Backup and Restore:

Even with Windows 98, and Windows 95 you can not just backup the registry when you back up files. What you would need to do is run either: regedit32.exe (for NT) or regedit.exe and then click the registry menu, then click export registry. The next step is to click all, then pick the drive to back up onto (usually a removable drive like tape, floppy, cd, zip drive, jazz drive etc.) and then hit "ok". To restore a registry from a backed up version, enter the registry program the same way, click import registry and click the drive and path where the backup is and hit "ok". It will restore it back to the previous backed up settings and may require a reboot.
Note: registry backups are saved as .reg files, and they are associated with regedit as default. This means that once you double-click a .reg file, it's contents will be inserted into your own registry.

What is SAM?
SAM is short for Security Accounts Manager, which is located on the PDC and has information on all user accounts and passwords. Most of the time while the PDC is running, it is being accessed or used.

What do I do with a copy of SAM?
You get passwords. First use a copy of SAMDUMP.EXE to extract the user info out of it. You do not need to import this data into the Registry of your home machine to play with it. You can simply load it up into one of the many applications for cracking passwords, such as L0phtCrack, which is available from: http://www.L0phtCrack.com

Of interest to hackers is the fact that all access control and assorted parameters are located in the Registry. The Registry contains thousands of individual items of data, and is grouped together into "keys" or some type of optional value. These keys are grouped together into subtrees -- placing like keys together and making copies of others into separate trees for more convenient system access.

The Registry is divided into four separate subtrees. These subtrees are called HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS. We'll go through them from most important to the hacker to least important to the hacker.
First and foremost is the HKEY_LOCAL_MACHINE subtree. It contains five different keys. These keys are as follows:
· SAM and SECURITY - These keys contain the info such as user rights, user and group info for the domain (or workgroup if there is no domain), and passwords. In the NT hacker game of capture the flag, this is the flag. Bag this and all bets are off.

The keys are binary data only (for security reasons) and are typically not accessible unless you are an Administrator or in the Administrators group. It is easier to copy the data and play with it offline than to work on directly. This is discussed in a little more detail in section 09-4.
· HARDWARE - this is a storage database of throw-away data that describes the hardware components of the computer. Device drivers and applications build this database during boot and update it during runtime (although most of the database is updated during the boot process). When the computer is rebooted, the data is built again from scratch. It is not recommended to directly edit this particular database unless you can read hex easily.

There are three subkeys under HARDWARE, these are the Description key, the DeviceMap key, and the ResourceMap key. The Description key has describes each hardware resource, the DeviceMap key has data in it specific to individual groups of drivers, and the ResourceMap key tells which driver goes with which resource.
· SYSTEM - This key contains basic operating stuff like what happens at startup, what device drivers are loaded, what services are in use, etc. These are split into ControlSets which have unique system configurations (some bootable, some not), with each ControlSet containing service data and OS components for that ControlSet. Ever had to boot from the "Last Known Good" configuration because something got hosed? That is a ControlSet stored here.
· SOFTWARE - This key has info on software loaded locally. File associations, OLE info, and some miscellaneous configuration data is located here.
The second most important main key is HKEY_USERS. It contains a subkey for each local user who accesses the system, either locally or remotely. If the server is a part of a domain and logs in across the network, their subkey is not stored here, but on a Domain Controller. Things such as Desktop settings and user profiles are stored here.
The third and fourth main keys, HKEY_CURRENT_USER and HKEY_CLASSES_ROOT, contain copies of portions of HKEY_USERS and HKEY_LOCAL_MACHINE respectively. HKEY_CURRENT_USER contains exactly would you would expect a copy of the subkey from HKEY_USERS of the currently logged in user. HKEY_CLASSES_ROOT contains a part of HKEY_LOCAL_MACHINE, specifically from the SOFTWARE subkey. File associations, OLE configuration and dependency information.
What are hives?
Hives are the major subdivisions of all of these subtrees, keys, subkeys, and values that make up the Registry. They contain "related" data. Look, I know what you might be thinking, but this is just how Microsoft divided things up -- I'm just relaying the info, even I don't know exactly what all the advantages to this setup are.
All hives are stored in %systemroot%\SYSTEM32\CONFIG. The major hives and their files are as follows:
Hive File Backup File
--------------------------- ------ ------------
HKEY_LOCAL_MACHINE\SOFTWARE SOFTWARE SOFTWARE.LOG
HKEY_LOCAL_MACHINE\SECURITY SECURITY SECURITY.LOG
HKEY_LOCAL_MACHINE\SYSTEM SYSTEM SYSTEM.LOG
HKEY_LOCAL_MACHINE\SAM SAM SAM.LOG
HKEY_CURRENT_USER USERxxx USERxxx.LOG
ADMINxxx ADMINxxx.LOG
HKEY_USERS\.DEFAULT DEFAULT DEFAULT.LOG
Hackers should look for the SAM file, with the SAM.LOG file as a secondary target. This contains the password info.

For ease of use, the Registry is divided into five separate structures that represent the Registry database in its entirety. These five groups are known as Keys, and are discussed below:

HKEY_CURRENT_USER
This registry key contains the configuration information for the user that is currently logged in. The users folders, screen colors, and control panel settings are stored here. This information is known as a User Profile.

HKEY_USERS
In windowsNT 3.5x, user profiles were stored locally (by default) in the systemroot\system32\config directory. In NT4.0, they are stored in the systemroot\profiles directory. User-Specific information is kept there, as well as common, system wide user information.

This change in storage location has been brought about to parallel the way in which Windows95 handles its user profiles. In earlier releases of NT, the user profile was stored as a single file - either locally in the \config directory or centrally on a server. In windowsNT 4, the single user profile has been broken up into a number of subdirectories located below the \profiles directory. The reason for this is mainly due to the way in which the Win95 and WinNT4 operating systems use the underlying directory structure to form part of their new user interface.

A user profile is now contained within the NtUser.dat (and NtUser.dat.log) files, as well as the following subdirectories:

· Application Data: This is a place to store application data specific to this particular user.
· Desktop: Placing an icon or a shortcut into this folder causes the that icon or shortcut to appear on the desktop of the user.
· Favorites: Provides a user with a personalized storage place for files, shortcuts and other information.
· NetHood: Maintains a list of personlized network connections.
· Personal: Keeps track of personal documents for a particular user.
· PrintHood: Similar to NetHood folder, PrintHood keeps track of printers rather than network connections.
· Recent: Contains information of recently used data.
· SendTo: Provides a centralized store of shortcuts and output devices.
· Start Menu: Contains configuration information for the users menu items.
· Templates: Storage location for document templates.

HKEY_LOCAL_MACHINE
This key contains configuration information particular to the computer. This information is stored in the systemroot\system32\config directory as persistent operating system files, with the exception of the volatile hardware key.

The information gleaned from this configuration data is used by applications, device drivers, and the WindowsNT 4 operating system. The latter usage determines what system configuration data to use, without respect to the user currently logged on. For this reason the HKEY_LOCAL_MACHINE regsitry key is of specific importance to administrators who want to support and troubleshoot NT 4.

HKEY_LOCAL_MACHINE is probably the most important key in the registry and it contains five subkeys:

· Hardware: Database that describes the physical hardware in the computer, the way device drivers use that hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. All data in this sub-tree is re-created everytime the system is started.
· SAM: The security accounts manager. Security information for user and group accounts and for the domains in NT 4 server.
· Security: Database that contains the local security policy, such as specific user rights. This key is used only by the NT 4 security subsystem.
· Software: Pre-computer software database. This key contains data about software installed on the local computer, as well as configuration information.
· System: Database that controls system start-up, device driver loading, NT 4 services and OS behavior.

Information about the HKEY_LOCAL_MACHINE\SAM Key

This subtree contains the user and group accounts in the SAM database for the local computer. For a computer that is running NT 4, this subtree also contains security information for the domain. The information contained within the SAM registry key is what appears in the user interface of the User Manager utility, as well as in the lists of users and groups that appear when you make use of the Security menu commands in NT4 explorer.

Information about the HKEY_LOCAL_MACHINE\Security key

This subtree contains security information for the local computer. This includes aspects such as assigning user rights, establishing password policies, and the membership of local groups, which are configurable in User Manager.

HKEY_CLASSES_ROOT

The information stored here is used to open the correct application when a file is opened by using Explorer and for Object Linking and Embedding. It is actually a window that reflects information from the HKEY_LOCAL_MACHINE\Software subkey.

HKEY_CURRENT_CONFIG

The information contained in this key is to configure settings such as the software and device drivers to load or the display resolution to use. This key has a software and system subkeys, which keep track of configuration information.

Understanding Hives

The registry is divided into parts called hives. These hives are mapped to a single file and a .LOG file. These files are in the systemroot\system32\config directory.

Registry Hive File Name
=================================================================
HKEY_LOCAL_MACHINE\SAM SAM and SAM.LOG
HKEY_LOCAL_MACHINE\SECURITY Security and Security.LOG
HKEY_LOCAL_MACHINE\SOFTWARE Software and Software.LOG
HKEY_LOCAL_MACHINE\SYSTEM System and System.ALT
=================================================================

QuickNotes

Ownership = The ownership menu item presents a dialog box that identifies the user who owns the selected registry key. The owner of a key can permit another user to take ownership of a key. In addition, a system administrator can assign a user the right to take ownership, or outright take ownership himself.

REGINI.EXE = This utility is a character based console application that you can use to add keys to the NT registry by specifying a Registry script.

========================================================================
The Following table lists the major Registry hives and some subkeys and the DEFAULT access permissions assigned:

\\ denotes a major hive \denotes a subkey of the prior major hive

\\HKEY_LOCAL_MACHINE

Admin-Full Control
Everyone-Read Access
System-Full Control

\HARDWARE

Admin-Full Control
Everyone-Read Access
System-Full Control

\SAM

Admin-Full Control
Everyone-Read Access
System-Full Control

\SECURITY

Admin-Special (Write DAC, Read Control)
System-Full Control

\SOFTWARE

Admin-Full Control
Creator Owner-Full Control
Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
System-Full Control

\SYSTEM

Admin-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
Everyone-Read Access
System-Full Control

\\HKEY_CURRENT_USER

Admin-Full Control
Current User-Full Control
System-Full Control

\\HKEY_USERS

Admin-Full Control
Current User-Full Control
System-Full Control

\\HKET_CLASSES_ROOT

Admin-Full Control
Creator Owner-Full Control
Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read)
System-Full Control

\\HKEY_CURRENT CONFIG

Admin-Full Control
Creator Owner-Full Control
Everyone-Read Access
System-Full Control

Checkout these sites for more info:

NT registry Hacks: http://www.jsiinc.com/default.htm?/reghack.htm
Unofficial NT Hack: http://www.nmrc.org/faqs/nt/index.html
Rhino9: The Windows NT Security Research Team: http://www.xtreme.abyss.com/techvoodoo/rhino9
Regedit.com - cool registry tricks: http://www.regedit.com

Labels: Windows tricks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 1:31 pm | Permalink 0 comments

this is for windows admin password

If there are no other accounts in the administrator group, and the machine is not part of a domain where the Domains Administrator account could be used to logon and change the local Administrator password (the domain's Administrator group is automatically made a member of the machines Administrator group when the machine joins the domain) then the only way is to reinstall NT into a new directory (not the same, as it will upgrade and see the old password) and it will let you enter a new Admin password. Also if you have an old ERD that you knew the password at time of making, you could use this and restore the SAM and security portions of the registry.

There is also a piece of software from http://www.winternals.com that can break into an NT system (LockSmith) that will change any password. The software is not free, and will cost around US$100. Their new product, ERD Professional can also change passwords and is available from the same site.

A similar piece of software is also available from http://www.mirider.com that allows you to boot off of a set of disks and change the Administrator password. You can also use l0pht Crack for free.

Labels: Windows tricks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 1:29 pm | Permalink 0 comments

Tips and tricks for Internet Explorer

Most people use Internet Explorer to browse the net. It loads up fast because parts of it is loaded by Windows as the latter boots up. Using the feedback from its huge user base, Microsoft has made numerous improvements, which you can use to your advantage.

Disable the Links toolbar and save space. Remove the Explorer view for the same reason.

Customize the toolbar via View » Toolbars » Customize.

Blank home page: Set your home page to a blank one so that it loads up faster. This is done via Tools » Internet Options » General » Use Blank.

Offline browsing:You do not have to connect to the Internet to revisit a page. You can access it from the cache. This is done via Tools » Internet Options » Temporary Internet Folders » Settings » Check newer versions of stored pages: » Never. After setting up IE like this, you can browse offline by, click on the History button. This will open up the History folder in a left pane. Browse through this to access the pages that you have visited earlier. You check the latest version on the net however by clicking on the Refresh button.

Computer Security: Some websites have ads that tell you that your computer could be transmitting vital/private information about you, which could be targeted by hackers and viruses. They will tell you to download a security software. Considering the fact that they are using wrong tactics to sell their product, it is quite possible that their software could be doing more harm than good. No matter which software you use, it is not possible to completely hide your computer on the net. People who have always-on Internet connections like broadband or cable should instead use firewalls like the trusty ZoneAlarm or Tiny.

There are other websites that will ask visitors to install ActiveX controls like Gator or Bonzi. These are spyware and Internet users should avoid them.
Neither should you install programs like MP3 Dancer. These are spyware. Even if you uninstall them, they will still remain on your computer without your knowledge.

Tip 1: IE's autocomplete feature may throw up some web addresses at the address bar, which you may not want others to see. So, clear the history. This is done by Internet Options » Clear History. If otherwise you want to selectively remove history items, then delete the appropriate folders inside the History folder. In Windows 9x/Me, the History folder is inside the Windows folder. In Windows 2000/XP, it will be inside the Documents and Settings\«User name»\Local Settings\ folder.

Tip 2: Deleting the files in the Temporary Internet Files folder can remove only part of your tracks. Cookies stored by websites usually remain in this folder with their full web address. So, that is a security violation. To remove them, choose Internet Options » Temporary Internet Folder » Delete Cookies.

Tip 3: All evidence is still not removed. There is a file inside the Temporary Internet Files folder called index.dat, which has some evidence of your browsing history. Delete this file too. IE will regenerate another index.dat later.

Paranoia 4: When the Autocomplete feature is enabled, all your personal information including passwords are stored on the computer, which is available for others to misuse. So, when you are done with browsing at your office or an Internet cafe, follow the above three steps and clear the saved data by choosing Internet Options » Content » AutoComplete » Clear Forms and Clear Passwords. Sometimes, the Internet Options menu option might be disabled in your office or web cafe. So, delete the HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms key from the registry. If you want to steal or backup passwords, export this key and import it on a different machine or installation. You will also have to copy the {username}.pwl file and cookies to the new machine/installation. Sometimes, there are ActiveX programs that sit silently recording everything. You can check them out at Internet Options » Temporary Internet Files » Settings » View Objects. This will open the Downloaded Program Files folder in the windows folder. By right-clicking the contents, you can either remove them or check out their properties.

Tip 5: In certain Internet cafes, silent keyboard loggers are installed by certain people to collect userids and passwords, and send them to their email addresses. Remove these programs from memory and only then browse. Also disable form fillers such as Gator in Internet cafes.

Downloading recalcitrant files: Most people use a downloaded manager to download huge files. But, sometimes they run into problems when the download manager is not able to catch the correct url of the file. In such cases, open the source of the page via View » Source and do a search for the download file. Usually, the full url of the file will be found here. Copy this and paste it in the download manager. If some website prevents you from right-clicking to save an image on it, just look inside the Temporary Internet Files folder for it.

IE Toolbars : Add the Google toolbar to IE. With this toolbar, you will get to the results without having to visit Google's home page first.

ESCAPE: Many people do not know this. If a page is being downloaded and you want to stop it, then pressing the Escape key will do that. Also, pressing Backspace key will take you to the previous page.

Saving web pages: Beginning with Version 5, IE allows saving a web page in a single file including its images and other embedded content. To do this, choose Save As from the File menu. Here in the Save as type, choose Web Archive, single file (*.mht). Sometimes, MHT files may not show anything even though its thumbnail does show something. If you disable Javascript, you will be able to see the whatever something you saw in the thumbnail.

Labels: Windows tricks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 1:26 pm | Permalink 0 comments

TOP SECRET- How to Hide the drives(c:,d:,e:,a:...etc) in My Computer

This is a great trick you can play on your friends. To disable the display of local or networked drives when you click My Computer.

1.Go to start->run.Type regedit.Now go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Now in the right pane create a new DWORD item and name it NoDrives(it is case sensitive). Now modify it's value and set it to 3FFFFFF (Hexadecimal) .Now restart your computer. So, now when you click on My Computer, no drives will be shown(all gone...). To enable display of drives in My Computer, simply delete this DWORD item that you created.Again restart your computer.You can now see all the drives again. Magic........lol....

Labels: Windows tricks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 1:22 pm | Permalink 0 comments

windows tricks

.Go to start->run.Type regedit.Now go to:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies

Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:

NoDeletePrinter: Disables Deletion of already installed Printers

NoAddPrinter: Disables Addition of new Printers

NoRun : Disables or hides the Run Command

NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)

NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu

NoFind: Removes the Find Tool (Start >Find)

NoDrives: Hides and does not display any Drives in My Computer

NoNetHood: Hides or removes the Network Neighborhood icon from the desktop

NoDesktop: Hides all items including, file, folders and system folders from the Desktop

NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.

NoSaveSettings: Means to say, 'Don't save settings on exit'

DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too will not work.)

NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)

ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.

Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

Labels: Windows tricks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

posted by VaTsAl at 1:17 pm | Permalink 0 comments