|
Download Link:
|
XfinalfantasyX
Yesterday, 12:50 PM EDT
Just found this on the net, so I gave it a try.
Lo and behold, it actually works.
Very handy if you are an Ebayer.
Enjoy
When you look at an item and click on bid history all the bid amount are replaced with "-" until the end of the auction.
To view these amounts before the auction ends when viewing the item change
http://cgi.ebay.co.uk/ws/eBayISAPI.dll
in the address bar to
http://cgi.ebay.com/ws/eBayISAPI.dll
And then click on the bid history. The bid amounts will be shown.
|
XfinalfantasyX
Yesterday, 12:51 PM EDT
Yes, firefox is already pretty damn fast but did you know that you can tweak it and improve the speed even more?
That's the beauty of this program being open source.
Here's what you do:
In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.
Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.
Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.
Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300
One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.
Now you should notice you’re loading pages MUCH faster now!
Yesterday, 12:51 PM EDT
Yes, firefox is already pretty damn fast but did you know that you can tweak it and improve the speed even more?
That's the beauty of this program being open source.
Here's what you do:
In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.
Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.
Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.
Code:
browser.tabs.showSingleWindowModePrefs – true
network.http.max-connections – 48
network.http.max-connections-per-server – 16
network.http.max-persistent-connections-per-proxy – 8
network.http.max-persistent-connections-per-server – 4
network.http.pipelining – true
network.http.pipelining.maxrequests – 100
network.http.proxy.pipelining – true
network.http.request.timeout – 300
One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.
Now you should notice you’re loading pages MUCH faster now!
|
One of the most common techniques used by hackers to penetrate your network, is just plain-old password guessing. This goes for external hacking attempts as well as internal hacking attempts. In this article I will discuss how hackers can use tools to perform brute force password hacking in your Terminal Server environments and what you can to prevent these kinds of attacks. !+”. Although the latter would be far more difficult to hack than the first password, there’s a good chance that no user would ever get the latter password memorized. This is what hackers take advantage of. The only thing a hacker needs is a logon “vehicle”. This could be a command prompt, a web page or… the Microsoft Remote Desktop Connection conveniently included in every recent version of Windows or readily available from Microsoft’s download site. 
Introduction
Guessing passwords is one of the oldest, yet one of the most effective techniques to gain access to a system. The reason that it is one of the most effective hacking techniques is because there’s aweak link in the whole process: humans. This is because humans like “samantha1” better for a password than “Tr15%^<Hacking Slang
For clarity’s sake, I’ll briefly discuss some of the terms used in relation to password hacking. Basically, there are two kinds of password hacking attacks:- Brute force hacking a.k.a. dictionary hacking attacks
- Password cracking a.k.a hash hacking attacks.
Impact Of Password Guessing in Terminal Server environments
As in other fields of security, Terminal Server environments take up a special place. This is because Terminal Servers, by their very nature, allow interactive access. Interactive access in this context means that you’re logged on to the server itself. This is the same effect as if you were walking up to the console in the datacenter and logging on there. This basically allows you to execute any program you can get your hands on and run it in the memory space of that server. Another significant issue that arises from the fact that Terminal Servers are in the business of allowing interactive access, is an issue with the admin lockout. As you probably know, by default, the local administrator account cannot be locked out. Even if you use the passprop utility, you can only lock out the administrator account for remote logons, not interactive (Terminal Server logons). Only using passprop on Windows Server 2003 allows you to lock out the local administrator account. Because this could effectively completely lock you out of your own network, this isn’t a configuration that is used a lot. Hackers know this and use this knowledge to perform brute force hacking attempts on administrator accounts.Terminal Server Brute Force Hacking tool: TSGrinder
There are a couple of tools out there which allow you to perform brute-force password guessing in your Terminal Server environment. The most well-known however is a free tool called TSGrinder. TSGrinder is a command line tool which very basically allows automating password guessing via RDP connections. TSGrinder is a "dictionary" based attack tool, supports multiple attack windows from a single dictionary file (you can specify this on the program command line). A very interesting option in the program is the “leet” function. This leet function enables the program to cope with a popular development in password-land. What I mean is that, from the knowledgeable user up, people tend to secure their passwords by replacing letterswith well-known symbols. For example, password becomes p@ssw0rd (replacing a’s with @’s and o’s with 0’s). This is a very well thought thorough option because as we will see trying these passwords does not require you to change your dictionary file. Another very interesting option is the “banner” option. What this option does, is acknowledge any messages prior to log on. These are the kind of messages that you have to acknowledge before you can log on to a server, usually a legal disclaimer of some sort. This logon message can be set in Group Policy in Computer Policies > Security Settings > Local Policies > Security Settings > Interactive Logon. This was an issue in earlier versions of TSGrinder but that has been fixed now. This option basically renders the banner message useless as a countermeasure to these kinds of attacks. TSGrinder also supports multiple password attempts in the same connection, and allows you to specify how many times to try a username/password combination within a particular connection (the default is 5) . This is used by hackers to help avoiding detection, because by default after 5 unsuccessful logon attempts, the Terminal Server ends the connection and an event is logged to the Terminal Server event log. The event looks like this:
So in the default config of TSGrinder you could have someone trying about 1,000,000 passwords and there would not be a single event in the event log (auditing excluded, we’ll get to that). Let’s take a look at TSGrinder. The program comes with a very limited dictionary and leet file. You can be sure that hackers have far more advanced dictionaries. Running TSGrinder from the command line yields the help:
As you can see usage is pretty straight-forward. You can try it on your own test server, just like I did.
Usage: tsgrinder.exe [options] server Options: -w dictionary file (default 'dict') -l 'leet' translation file -d domain name -u username (default 'administrator' -b banner flag -n number of simultaneous threads -D debug level (default 9, lower number is more output) Example: tsgrinder.exe -w words -l leet -d workgroup -u administrator -b -n 2 10.1.1.1
In this very simple example we will assume that:
Disclaimer: Use extreme caution when using this tool. Using TSGrinder could result in legal actions taken against you because your actions could be considered a real hacking attempt.
- we have a dictionary file called “testdict”
- we have a leetfile called “testleet”
- the username we are attacking is the default, administrator
- we want to acknowledge any logon banner messages
- we want to have 1 simultaneous thread
- the server we are attacking has the following IP address: 192.168.62.53
tsgrinder.exe -w testdict -l testleet -b -n 1 -D 8 192.168.62.53As you can see in the screenshot below, after a while, tsgrinder neatly finds that I’ve been using P@55w0rd! as my administrator password. It’s that easy.
Countermeasures
OK, now that you’ve seen how easy it is to attack your Terminal Server environment, it’s time to take countermeasures. Here are some concrete suggestions that can help prevent these kinds of attacks. Rename administrator account You should know that renaming the administrator account is considered a best practice. If you were not aware of that earlier, I sure hope you are now. When you rename the (local) administrator account, the hacker cannot use the administrator account to attack and must know the exact name of the renamed administrator account. This also has the added advantage that you can create a dummy administrator account that can be locked out (you do have account lock outs configured, right?) Connection Security Ideally you would want to make sure that users are already somehow checked before they attempt to logon to a Terminal Server. This used to be a huge hassle but now there’s a free tool available that does just that and more! The tool is called 2X SecureRDP. 2X SecureRDP works by accepting or denying incoming RDP connections by IP, Mac address, computer name, client version or based on time of day, before the logon screen is even displayed. This significantly enhances the control you have over your Terminal Servers. As an added bonus you can limit users to one concurrent session. This doesn’t really prevent brute force attacks from happening but it’s a very nice feature that I know many administrators are looking for. Another great feature of this program is that you can log information for every allowed or denied connection and save it to a log file. Below is a screenshot of 2X SecureRDP. Of course, this tool is not just for Terminal Servers,. It greatly suits every server you access via RDP. In fact, I recommend using this tool on every RDP enabled server. Auditing Enable extensive auditing. OK, so this doesn’t prevent brute force attacks from happening but at the very least it allows you too log these kinds of attacks. You should audit successful and failed logons events. Because these audit logs tend to get cluttered very soon on a busy server, you should consider an automated audit tool. These kinds of tools monitor and filter the security event logs for you so that you can see what you need to see and be alerted when anything goes bad. An example and my personal favorite of such a program is SELM (Security Event Log Monitor) from GFI. See a list of well-known similar programs here. Logon Message You should configure all of your servers to display a message at logon that must beacknowledged before you can proceed to log on to a server. This really isn’t a technical countermeasure but more of a legal one. Once you’ve acknowledged the logon message, there’s no way the perp can say: “I had no idea I wasn’t supposed to log on to that server”……..
Conclusion
Terminal Server environments are juicy targets for hackers. In this article I showedsome techniques hackers can use to perform brute force attacks against local administrator accounts. I also showed you what you can do to prevent these attacks. Please keep in mind that these are just pointers and only make up a small part of thesteps you should take to secure your Terminal Server environment.
|
magine the security nightmare if general users are able to bypass your operating system security and logon as Administrator or root account having all privileges by simply inserting an floppy or CD, now this scary situation is possible using a prototype software KON-BOOT which hacks into Windows and linux kernel on the fly while booting, the novice friendly softwares allows users to bypass logon passwords completely by simply booting via the KON-BOOT CD or Floppy disk, in its current incarnation the software has been tested to bypass logon passwords on Windows 7, Windows Vista, Windows XP, Windows Server 2003/2008, Gentoo, Ubuntu, Debian and Fedora.
Just follow the simple steps ahead to create KON-BOOT bootable CD or Floppy and bypass logon passwords easily.
Here is an video demonstration of the whole process using Windows XP SP3:
|
If you own a 32-Bit computer with more then 3 GB of RAM you must be knowing that your operating-system can only make use of roughly 3 GB RAM and rest remains unused because of memory addressing space limitation on 32 Bit systems, today I will be showing how you can make use of this wasted memory improving your computer speed significantly. The best way to utilize this wasted memory and speed-up your computer is to use it as an RAMDISK, storing frequently accessed temporary files like system pagefile, temp-files and web-browser cache, since I/O operations to RAM is significantly faster then disk you will greatly benefit from using RAMDISK as a temporary file storage.
Follow the simple guide next to create a RAMDISK and use it to store temporary files.
You can now click OK and exit the application, the new RAMDISK will be now visible in My Computer.
- Download and install free Gavotte Ramdisk Utility.
- Extract the archive and launch ramdisk.exe.
- Click Install Ramdisk button.
- The RamDisk can now be used as a regular disk-drive but keep in mind its temporary and any data on it will get lost on power-off, so better use it for temporary storage like pagefile, browser cache and temp file storage.
- To use RAMDISK as pagefile right-click My Computer and navigate to Properties -> Advanced -> Performance - Settings -> Advanced -> Virtual Memory - Change, now select the RAMDISK and set the pagefile.
- NOTE : If the utility fails to recognize full installed RAM capacity, simply enable the PAE mode in BOOT.INI and merge ram4g.reg registry file found in archive followed by an system reboot.
|
|
Microsoft reserves 20% of your available bandwidth for their own purposes like Windows Updates and interrogating your PC etc. Don't you want to get it back for your self? Here is the trick how to get 100% of your available bandwidth.
Increase internet speed :ugeek:
To get it back:
Click Start then Run and type "gpedit.msc" without quotes.
This opens the "group policy editor" and go to: "Local Computer Policy"
Then "Computer Configuration" Then "Administrative Templates"
Then select "Network" then "QOS Packet Scheduler"
After that select "Limit Reservable Bandwidth".
Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab i.e." By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20
|
How would you like to be able to download software intended to be used on a free trial basis and use it indefinitely without cost never to expire? Well, there is a way you can take any free trial download and use it free for as long as you please. 
System Mechanic 6 Pro 30 day free trial then 69.95
Get it Free forever Kaspersky Anti-Hacker
Get it Free with System Mechanic Pro
Smart Protector Pro 15 day free trial then 39.90
Get It Free forever All you have to do is set your clock to some date in the distant future using adjust/date/time in Windows, download your free trial software, run the program once and rollback your time setting to the current date. After you’ve run the program for the first time, the Windows registry will be loaded with a Free Trial Key reflecting an expiration date that you’ve predetermined, and your good to go. Another roundabout way to do this after a trial has already expired would be to bring up the Registry Editor in Windows, find the trial key and delete it. Then download the program again and start the free trial period over. This is pretty easy to do, but if you’re using alot of free trials you may find it to be a hassle editing registers and downloading programs over again everytime one expires. Its much easier to simply adjust your date/time to 2009 or something, download your free trials, rollback to the current date and enjoy them for the next 3 years or so hassle free. By the way I’ve found that when doing this I’m still able to get the notifications when updated versions come along, and download them with no problem. The above screenshots are just 3 examples of the many programs that I’ve been doing this with for an extended time. If your the geek type, manipulating the dates in the registers will also work. Do some experimenting and see what you can find, there are tons of possibilities, and this is something you can have alot of fun with.
Get it Free forever
Get it Free with System Mechanic Pro
Get It Free forever All you have to do is set your clock to some date in the distant future using adjust/date/time in Windows, download your free trial software, run the program once and rollback your time setting to the current date. After you’ve run the program for the first time, the Windows registry will be loaded with a Free Trial Key reflecting an expiration date that you’ve predetermined, and your good to go. Another roundabout way to do this after a trial has already expired would be to bring up the Registry Editor in Windows, find the trial key and delete it. Then download the program again and start the free trial period over. This is pretty easy to do, but if you’re using alot of free trials you may find it to be a hassle editing registers and downloading programs over again everytime one expires. Its much easier to simply adjust your date/time to 2009 or something, download your free trials, rollback to the current date and enjoy them for the next 3 years or so hassle free. By the way I’ve found that when doing this I’m still able to get the notifications when updated versions come along, and download them with no problem. The above screenshots are just 3 examples of the many programs that I’ve been doing this with for an extended time. If your the geek type, manipulating the dates in the registers will also work. Do some experimenting and see what you can find, there are tons of possibilities, and this is something you can have alot of fun with.
|
Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn't know that all that you needed, was already set up on your current system? Well, it is... and if you follow this tut, you shouldn't have much of a problem.
Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.
First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.
Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.
Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.
Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".
Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:
Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:
"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.
If you receive an error message, then remove the space from between XCOPY and C:\
Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.
This tut has worked and has been tested on all systems except for Windows 2000, so you really shouldn't have any problems. If, by any chance, you should come across a snag, message me and I'll walk you through it.
~cheers~
Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.
First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.
Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.
Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.
Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".
Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:
Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:
"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.
If you receive an error message, then remove the space from between XCOPY and C:\
Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master (change your jumpers), then check your new Master out.
This tut has worked and has been tested on all systems except for Windows 2000, so you really shouldn't have any problems. If, by any chance, you should come across a snag, message me and I'll walk you through it.
~cheers~
Subscribe to:
Comments (Atom)