Information Security

The Blog is moved

2009-11-02T17:39:00.005+05:30

Blogging is stopped.............................

For future updates please visit the below URL

www.ravigopal.com

Gmail hacking through Cookie replay by using GX cookie value

2009-09-06T11:58:00.019+05:30

Steps to view one's Gmail Inbox

ARP poisoning
Sniff the network
Get the valid cookie
Replay the cookie
You are in victims Gmail session

1. ARP poisoning: ARP poisoning is necessary to make the network traffic between Victim machine and Gateway to pass through your system. The ARP poisoning can be done either through Manual or Automated approach. Automated ARP poisoning can performed with tools like Ettercap, cain and abel (available only for windows) etc.

Steps to do ARP poisioning with Cain and Abel

1.a) Scan for MAC address in the network:

1.b) Choose your Victim through IP address:

1.c) Start ARP poisioining: One can see the traffic of victim's machine

2. Sniff the network: Sniffing is necessary to get the valid cookie. My favorite tool for sniffing is Wireshark (earlier called as Ethereal) which is a packet capturing tool.

2.a) Start Wireshark and capturing the traffic and the Cookie can be easily find out using "http.cookie" filter. As shown in screenshot one can see the mail traffic from the corresponding system.

3. Get the valid cookie: Gmail uses "GX" as a cookie value to authenticate. After capturing the traffic through Wireshark filter out GX cookie value.

3.a) Right click on the "GET" request and click on "Follow TCP stream" to get GX cookie.

Copy the GX value alone without semicolon to use it to replay.

4. Replay the cookie: Create a new cookie in your browser with same GX value (Replay).

4.a) For constructing the cookie, the firefox plugin "Add N Edit Cookies" is required. The plugin will look like this.

4.b) Click add to create a new cookie and place the corresponding values as follows and save it:

Name: GX
Content: GX (paste here the copied GX value)
Host: .mail.google.com
Path: /mail

5. You are in victims Gmail session: Successful replay of GX should take you to the victim's Gmail Session.

After saving the cookie, type mail.google.com/mail in address bar of the browser and press enter the you should be able to view the victim's Inbox.

The procedure can be found in the form of video blow as well as at http://www.youtube.com/watch?v=vjDLxmsET6g:

Enojy !!!!!!!!!!!!!!!!!!!!

Happy Replay.........

Thanx for viewing it and let me know the comments or clarifications if any.

hakin9 Magazine

2009-07-28T07:15:00.010+05:30

Haking9 is a magazine which gives u an exact brief of all latest information security related news.
The url: hakin9

Please click on below image to checkout more about the current issue.

Below is the html Articles posted in their website about The Top Threats to Online Gamers

The Top Threats to Online Gamers
Rogue servers offering low or no cost games
Social engineering scams and phishing to gain log-in details
Malware specifically targeting online games
Exploiting vulnerabilities in game servers and browsers

For more information click on the above mentioned url.

SNMP Enumeration

2009-07-14T11:46:00.006+05:30

For SNMP enumeration two easy tools like "snmpenum" & "snmpwalk"

snmpenum:
In backtrack, you can find "snmpenum" in -- > /pentest/enumeration/snmpenum

How to use: ./snmpenum.pl [IP] [community] [configfile]

Example: ./snmpenum.pl 10.0.0.5 public windows.txt

Usually by default, the SNMP strings will be public and private.

snmpenum: Just follow the below syntax directly.
snmpwalk -v 1 -c public [ip_address]

How to install ie6 in Linux

2009-06-26T17:24:00.002+05:30

#sudo apt-get update
#sudo apt-get install wine cabextract

http://www.howtoforge.com/ubuntu_internet_explorer

Check for Null Sessions

2009-06-26T09:42:00.000+05:30

c:\>net use \\host\IPC$ "" /u:administrator -> To check for Null Password for Username administrator

c:\>net use \\host\IPC$ "" /u:dummy -> To check for Null Password for Username dummy

c:\>net use \\host\IPC$ "" /u:"" -> To check for Null Session

Upgraded KDE in Bt4 and startx is not working??

2009-06-25T20:24:00.002+05:30

I have the solution, I hope it'll work for you !!

@bt:~# cd /etc/alternatives/
@bt:/etc/alternatives# mv x-session-manager x-session-manager-broke
@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
@bt:/etc/alternatives# startx

Verifying the default administrator password 'sa' in MS SQL Server

2009-02-13T00:16:00.002+05:30

On the computer that is hosting the instance of MSDE to which you are connecting, open a command prompt window.
At the command prompt, type the following command, and then press ENTER:

osql -U sa

This connects you to the local, default instance of MSDE by using the sa account. To connect to a named instance installed on your computer type:

osql -U sa -S servername\instancename

You are now at the following prompt:

Password:
Press ENTER again. This will pass a NULL (blank) password for sa.

If you are now at the following prompt, after you press ENTER, then you do not have a password for the sa account:

1>

Cross Site Printing

2008-12-26T15:59:00.001+05:30

Cross Site Printing is an attack, when a victim visits a malicious website, the site sends specially created javascript program that print messages to the victim’s internal printers. These could be simple text messages, or more complex (and better formatted) postscript messages. The attack works only if the browser allows the running of javascript from the malicious site. For Firefox users, the “noscript ” plugin is a powerful defense against this attack. IE does not allow selectively blocking javascripts yet, so a simple solution is not available for IE.

Ubuntu Linux root Password - Default Password

2008-12-22T14:09:00.003+05:30

After installing Ubuntu Linux one can only login as normal user but not as root user WHY?

Reason: The fact is root account is locked by default under Ubuntu Linux. Therefore, you cannot login as root or use su - command to become superuser.

Solution: Do the following:
# sudo passwd root

(This will ask for the sudo user password and then the new UNIX password, which will be your new root password)
Now one should be able to login as root by typing su -

Word List

2008-12-17T16:24:00.000+05:30

U can find few word list files here at

http://theargon.com/achilles/wordlists/places

Interface List

2008-12-17T14:28:00.001+05:30

To know the Network Interface list:

Nmap -iflist

The above command will give you the list of interfaces like eth0,eth1 etc.,

WPA2 Personal Vs WPA2 enterprise

2008-11-20T20:38:00.002+05:30

WPA Enterprise utilizes 802.1x authentication by means of a RADIUS server.
This provides for user account certificate based authentication, and is the recommended security for businesses, and other large wireless networks. If you are talking about a home wireless network, and are using WPA or WPA2 with a sufficiently complex and random PSK , that is sufficient protection for most people.

Nessus-Configuration

2008-11-02T10:53:00.002+05:30

Starting the nessus Service: /opt/nessus/sbin/nessusd -D
Updating plugins: /opt/nessus/sbin/nessus-update-plugins

Scanning Format:

nessus -T [output format:nbe/ncr/html] localhost 1241 username password ip_file op_file

Avoid security warning while doing ARP poisining

2008-09-27T10:29:00.001+05:30

To avoid security warning while doing ARP poisining with ( Ettercap) add the following rule in IP tables.

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT iptables -A FORWARD -j ACCEPT

Windows workstation service is missing

2008-09-27T09:38:00.003+05:30

If Windows workstation service is disappeared from services then do the following to get it back !!

Network Connections -> Right click: Your Connection -> Properties -> General tab -> Install button -> Highlight: Client -> Add button -> Highlight: Client for Microsoft Networks -> OK -> Close

Now your service is back !!!!!

Thunderbird backup

2008-09-26T21:16:00.002+05:30

Do u wanna backup your thunderbird mail client, !!! A very good tool is Here :

http://www.filecart.com/download/33327/540/Thunderbird_Backup_download.php

SAPWD setup error: Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Release A

2008-09-26T10:33:00.003+05:30

Hi !!

R u getting the following eRrOr !! while installing MSDE---> "

A strong SA password is required for security reasons. Please use SAPWD switch to supply the same. Refer to readme for more details. Setup will now exit."

Then here is the solution:

Just run this command in the MSDE directory:

setup sapwd="myPWD" DISABLENETWORKPROTOCOLS=0 securitymode=sql

Disabling Administrative Shares

2008-09-23T10:00:00.003+05:30

How can I disable the Administrative Share creation in Windows NT/2000/XP/2003?

Every Windows NT/W2K/XP/2003 machine automatically creates a share for each drive on the system. These shares are hidden, but available with full control to domain administrators. The drive letter, followed by the $ sign is the name, and it is shared from the root. When trying to attain a highly secure network, you may wish to address this potential security issue by disabling these shares, or at least restricting their permissions to specific users or services.

The default-hidden shares are:

C$ D$ E$ - Root of each partition. For a Windows NT workstation/W2K/2003/XP Professional computer only members of the Administrators or Backup Operators group can connect to these shared folders. For a Windows NT Server/W2K Server computer, members of the Server Operators group can also connect to these shared folders.
ADMIN$ - %SYSTEMROOT% This share is used by the system during any remote administration of a computer. The path of this resource is always the path to the W2K/NT system root (the directory in which W2K/NT is installed usually C:\Winnt and in XP it's C:\Windows).
FAX$ - On W2K Server, this used by fax clients in the process of sending a fax. The shared folder temporarily caches files and accesses cover pages stored on the server.
IPC$ - Temporary connections between servers using named pipes essential for communication between programs. It is used during remote administration of a computer and when viewing a computer's shared resources. This share can be very dangerous and can be used to extract large amounts of information about your network, even by an anonymous account.
NetLogon - This share is used by the Net Logon service of a W2K, 2003 and NT Server computer while processing domain logon requests, and by Pre-W2K computers when running logon scripts.
PRINT$ - %SYSTEMROOT%\SYSTEM32\SPOOL\DRIVERS Used during remote administration of printers.

It is possible to simply remove the share from Server Manager (in NT) or Shared Folders (in W2K/XP/2003) but the problem with this method is that the shares will automatically be recreated when the machine reboots.

You can disable the automatic administrative share creation via Group Policy, but this is a much simpler way:

In order to disable these shares permanently, a registry edit will be necessary.

Servers

For NT 4.0/W2K/Windows Server 2003s, the change is:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer
Data Type: REG_DWORD
Value: 0

Idiot proof note: If you can't find the value in the registry under the exact location (i.e. it does not exist) - please right click in the right pane of the window and create it.

Note: A reboot is necessary for this to take effect.

Workstations

For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0

A double idiot proof note: If you can't find the value in the registry under the exact location (i.e. it does not exist) - please right click in the right pane of the window and create it.

Note: Again, a reboot is necessary for this to take effect.

If you want the administrative shares to be re-created, you can change the value back to 1.

Note: Some applications depend on the presence of these shares. If things stop working you'll know to re-enable the shares.

Security note: Unfortunately this registry hack does NOT stop the IPC$ share and this is a share that is often used by hackers to enumerate systems before attack since it can yield a wealth of information about your system names, your user names, and more. If your ACL permissions are not correct or you haven't disabled anonymous user access or you haven't disabled the guest account then this port can lead to total system compromise within minutes!

Courtesy: http://www.petri.co.il/disable_administrative_shares.htm

Do u need E-Books...

2008-09-23T09:56:00.001+05:30

Here is a list of websites that offers free e-book downloads, feel free to peruse them for your research/previewing purpose :

http://www.ebooklobby.com/
http://www.computer-books.us
http://www.textbookrevolution.org/
http://www.freetechbooks.com/
http://www.giuciao.com/
http://ebookshare.net
http://pdfchm.com
http://www.mininova.org/cat/2

To check null sesisons on windows from Linux

2008-09-16T16:37:00.001+05:30

Check it with null Username and Password

mount -t cifs //192.168.0.150/Essentials /mnt/ -o username=" ",password=""

What is a Socket

2008-09-08T12:39:00.000+05:30

Sockets is a method for communication between a client program and a server program in a network. A socket is defined as "the endpoint in a connection." Sockets are created and used with a set of programming requests or "function calls" sometimes called the sockets application programming interface (API). The most common sockets API is the Berkeley Unix C interface for sockets. Sockets can also be used for communication between processes within the same computer.

This is the typical sequence of sockets requests from a server application in the "connectionless" context of the Internet in which a server handles many client requests and does not maintain a connection longer than the serving of the immediate request:

socket()
|
bind()
|
recvfrom()
|
(wait for a sendto request from some client)
|
(process the sendto request)
|
sendto (in reply to the request from the client...for example, send an HTML file)

A corresponding client sequence of sockets requests would be:

socket()
|
bind()
|
sendto()
|
recvfrom()

Sockets can also be used for "connection-oriented" transactions with a somewhat different sequence of C language system calls or functions.

Web based proxies list

2008-09-04T19:10:00.001+05:30

Click on the below link:

http://www.freeproxies.org/list.htm

Enjoy the anonymous Browsing....

List of few InfoSec related feeds

2008-09-04T17:08:00.000+05:30

Here is list of InfoSec related feeds...

Anton Chuvakin Personal Blog - feed
Computerworld Breaking News - feed
Dancho Danchev - feed
Dark Reading - feed
del.icio.us/tag/hacking - feed
del.icio.us/tag/pentest - feed
del.icio.us/tag/security - feed
eEye Research - feed
GNUCITIZEN - feed
Hack In The Box - feed
hackers @ microsoft - feed
honeyblog - feed
InfoWorld: Top News - feed
Jeremiah Grossman - feed
MSDN Architecture Center - feed
Mal-Aware.org - feed
Metasploit - feed
Michael Howard's Web Log - feed
Michael Sutton's Blog - feed
Malware Advisor - feed
Malware Help.Org - feed
Metasploit - feed
milw0rm.com - feed
Mal-Aware.org - feed
NYT > Technology - feed
PC World: Latest Technology News - feed
PandaLabs Blog - feed
Rootsecure.net - secnews -- feed
Slashdot - feed
SearchSecurity : Security Wire Daily News - feed
Security Adviser - feed
securosis.com - feed
Spyware Sucks - feed
Security Fix - feed
SecurityFocus News - feed
SANS Reading Room - feed
SANS Internet Storm Center - feed
SunbeltBLOG - feed
Tenable Network Security - feed
TrendLabs | Malware Blog - feed
Infosec Writers Latest Security Papers - feed
The Register - feed
washingtonpost.com - Technology - feed
Wired::Security - feed
Websense Security Labs - feed

Google Chrome Automatic File Download--A design issue

2008-09-04T12:24:00.003+05:30

Google's Chrome (BETA) allows files (e.g. executable files) to be automatically downloaded to the user's computer without any user prompt.

To check the flaw, open a URL that points to an executable file.

To "fix" this "problem":

In Google chrome

Tools -> Options -> Minor Tweaks (tab) in download location: check the "ask where to save each file before downloading"

Google web browser-CHROME- Has a Vulnerability

2008-09-03T16:59:00.001+05:30

Software:
Google Chrome Browser 0.2.149.27

Tested:
Windows XP Professional SP3 & SP2

Result:
Google Chrome Crashes with All Tabs

Problem:
An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27. A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special' character, the chrome crashes with a Google Chrome message window "Whoa! Google Chrome has crashed. Restart now?". It crashes on "int 3" at 0x01002FF3 as an exception/trap, followed by "POP EBP" instruction when pointed out by the EIP register at 0x01002FF4.

PoC Working/Exploit:
Click for a demo HERE

Fuzzer- Penetration Testing

2008-08-25T12:39:00.000+05:30

A Security fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.

If the program contains a vulnerability that can leads to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered. Fuzzers are often termed Fault Injectors for this reason, they generate faults and send them to an application. Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, XSS, and Format String bugs. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws and any other vulnerability that does not cause the program to crash.

Hows that? A prerequisite for building a fuzzers, is that you have to give it a cool name. There was one called stabface (yes, stabface), that would use the Google API to do SQL Injection against .govs and .mils. The author found a lot of neat holes, but never released the tool. Ok, here is the list:

(L)ibrary (E)xploit API - lxapi - A collection of python scripts for fuzzing.

Mangle - A fuzzer for generating odd HTML tags, it will also autolaunch a browser. Mangle found the infamous IFRAME IE bug.

SPIKE - A collection of many fuzzers from Immunity. Used to find the recent remote RDP kernel DoS against a firewalled XP SP2, and many others.

PROTOS WAP - A fuzzer from the PROTOS project for fuzzing WAP.

PROTOS HTTP-reply - Another fuzzer from the PROTOS dudes for attack HTTP responses, useful for broswer vulns.

PROTOS LDAP - For fuzzing LDAP, not as successful as the others from the PROTOS project

PROTOS SNMP - Classic SNMP fuzzer, found a vuln in almost every networking gear available at the time (2002).

PROTOS SIP - For fuzzing all those new VOIP SIP devices you see everywhere.

PROTOS ISAKMP - For attacking IPSec implementations

RIOT & faultmon - For attacking plain text protocols (Telnet, HTTP, SMTP). Used by Riley Hassell when he worked at eEye to discover the IIS .printer overflow and included in The Shellcoder's Handbook.

SPIKE Proxy - A semi-functional web fuzzer from the guys at Immunity that brought you the original SPIKE

Tag Brute Forcer - Awesome fuzzer from Drew Copley at eEye for attacking all of those custom ActiveX applications. Used to find a bunch of nasty IE bugs, including some really hard to reach heap overflows.

FileFuzz - A file format fuzzer for PE (Windows) binaries from iDefense. Has a pretty GUI. I've
recently used it to find bugs in Word.

SPIKEFile - Another file format fuzzer for attacking ELF (Linux) binaries from iDefense. Based off of SPIKE listed above.

notSPIKFile - A ELF fuzzer closely related to FileFuzz, instead of using SPIKE as a starting point.

Screaming Cobra - Name makes the fuzzer sound better than it really is, but is good for finding CGI bugs. Also, its a perl scrpt so easy to modify or extend.

WebFuzzer - A fuzzer for (guess what?) web app vulns. Just as good as some of the cheap commercial web fuzzers.

eFuzz - A generic TCP/IP protocol fuzzer. Easy to use, but maybe not as full featured as some others on this list.

Peach Fuzzer - A great fuzzer written by Michael Eddington. Peach Fuzzer is more of a framework for building fuzzers.

Fuzz - The ORIGINAL fuzzer developed by Dr. Barton Miller at my Alma Matter, the University of Wisconsin-Madison in 1990. Go badgers!

Penetration Testing VS Vulnerability Assessment

2008-06-16T18:19:00.001+05:30

There seems to be a certain amount of confusion within the security industry about the difference between Penetration Testing and Vulnerability Assessment, they are often classified as the same thing when in fact they are not.

I know Penetration Testing sounds a lot more exciting, but most people actually want a VA not a pentest, many projects are labelled as pen tests when in fact they are 100% VA.

A Penetration Test mainly consists of a VA, but it goes one step further..

A penetration test is a method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

A vulnerability assesment is what most companies generally do, as the systems they are testing are live production systems and can’t afford to be disrupted by active exploits which might crash the system.

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region).

Vulnerability assessment has many things in common with risk assessment. Assessments are
typically performed according to the following steps:

1. Cataloging assets and capabilities (resources) in a system
2. Assigning quantifiable value and importance to the resources
3. Identifying the vulnerabilities or potential threats to each resource
4. Mitigating or eliminating the most serious vulnerabilities for the most valuable resources

This is generally what a security company is contracted to do, from a technical perspective, not to actually penetrate the systems, but to assess and document the possible vulnerabilities and recommend mitigation measures and improvements.

Read regional language sites in Firefox !!!!

2008-06-04T10:12:00.001+05:30

Not able to read the regional language content in Firefox???
The news papers like http://eenadu.net/ or http://www.mathrubhumi.com/ etc.,

For example open http://eenadu.net/ in Firefox.......are you able to read those contents.. absolutely NO.
To view that you need to open it in IE.......... This is an old technique/story.

Follow the new trend:
Now no need to open them in IE.

There is a plugin called IE Tab for firefox. (click here: https://addons.mozilla.org/en-US/firefox/addon/1419
After installing, restart the firefox.
Add the site address(s) to the IE Tab filter.
After that you will find mozilla icon on the statusbar.
To view the page in IE just Left click on the Icon.

Hein na....kamaal ki baath.

Enjoy !!!!!!!!!!!!!!!

Three ways to reset a Windows Vista admin password

2008-06-04T09:34:00.000+05:30

Of course, you can always reset a password if you have another admin account for this machine. However, if this isn’t the case, things can get a bit tricky. As a sys admin you are usually confronted with this problem if users have laptops where you don’t have an admin account. Even if you don’t have to reset a password now, you should get acquainted with this issue. Rest assured that sooner or later a user will bug you with this problem. I must admit that I managed to forget my own password more than once.

Option 1: Create a password reset disk
Vista allows you to create a password reset disk which enables you to reset your password without much hassle. The problem with this option is that you have to create the reset disk before the password is lost. If you have many Windows machines where users logon locally, this might be a daunting task. You can find a description of how to create a password reset disk here.

Option 2: Get Petter Nordhal-Hagen’s NT Password & Registry Editor
With this option you have to boot from a CD and then manipulate the SAM database. Manipulating the SAM database is always a bit risky. But if you have no password reset disk, this is the only way. Note that this tool comes without any warranty. I’ve been using it quite a few times on Windows 2000 and had never any problem with it, though. The latest version also supports Windows Vista. The download link of the tool is a bit hidden. Search for “download” on this page, if you can’t find it.

Option 3: Get the commercial Password Changer
Password Changer essentially works like the NT Password & Registy Editor. An advantage of this tool is that you’ll get support if any problem arises. Based on Joseph Fiber’s description of the tool it might be a bit easier to use than Petter Nordhal-Hagen’s solution. This especially applies if you are not familiar with Linux. Prices start at $39.99.

Forgot Windows password

2008-05-26T12:37:00.000+05:30

---->>>Can't Log On to Windows XP?

If that’s your only problem, then you probably have nothing to worry about. As long as you have your Windows XP CD, you can get back into your system using a simple but effective method made possible by a little known access hole in Windows XP.

This method is easy enough for newbies to follow – it doesn’t require using the Recovery Console or any complicated commands. And it’s free - I mention that because you can pay two hundred dollars for an emergency download of Winternals ERD with Locksmith which is a utility for unlocking lost Windows passwords. See here http://www.winternals.com/products/repairandrecovery/locksmith.asp

ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next - Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

I tested the above on Windows XP Pro with and without SP1 and also used this method in a real situation where someone could not remember their password and it worked like a charm to fix the problem. This security hole allows access to more than just user accounts. You can also access the Registry and Policy Editor, for example. And its gui access with mouse control. Of course, a Product Key will be needed to continue with the Repair after making the changes, but for anyone intent on gaining access to your system, this would be no problem.

And in case you are wondering, NO, you cannot cancel install after making the changes and expect to logon with your new password.

Cancelling will just result in Setup resuming at bootup and your changes will be lost.

Ok, now that your logon problem is fixed, you should make a point to prevent it from ever happening again by creating a Password Reset Disk. This is a floppy disk you can use in the event you ever forget your log on password. It allows you to set a new password.

Here's how to create one if your computer is NOT on a domain:

Go to the Control Panel and open up User Accounts.
Choose your account (under Pick An Account to Change) and under Related Tasks, click "Prevent a forgotten password".
This will initiate a wizard.
Click Next and then insert a blank formatted floppy disk into your A: drive.
Click Next and enter your logon password in the password box.
Click Next to begin the creation of your Password disk.
Once completed, label and save the disk to a safe place

How to Log on to your PC Using Your Password Reset Disk

Start your computer and at the logon screen, click your user name and leave the password box blank or just type in anything. This will bring up a Logon Failure box and you will then see the option to use your Password Reset disk to create a new password. Click it which will initiate the Password Reset wizard. Insert your password reset disk into your floppy drive and follow the wizard which will let you choose a new password to use for your account.

Note: If your computer is part of a domain, the procedure for creating a password disk is different.

See here for step by step instructions: http://support.microsoft.com/default.aspx?scid=KB;en-us;306214&

Source: http://pubs.logicalexpressions.com/Pub0009/LPMArticle.asp?ID=305

System Maintenance

2008-05-12T10:25:00.001+05:30

Windows XP restarts unexpectedly or restarts when you shut down the computer

SYMPTOMS

If you shut down your Windows XP-based computer, your computer may restart instead of shutting down. The computer may also restart unexpectedly while you are using the computer to perform certain tasks. An error message may appear on a blue screen when the computer restarts.

CAUSE

This behavior may occur if Windows stops responding during a typical operation or during the shutdown process. By default, the computer is configured to automatically restart when Windows stops responding. To view this setting, follow these steps:

1.	Click the Start button, right-click My Computer, click Properties, click the Advanced tab, and then click Settings under Startup and Recovery.
2.	Under System Failure, view the Automatically restart check box. If the Automatically restart check box is selected, Windows automatically restarts if the computer stops unexpectedly.

RESOLUTION

If your computer constantly restarts while you are using it, or if you are trying to shut down the computer after it has stopped unexpectedly, click to clear the Automatically restart check box. If you clear this check box, you receive an error message when the computer stops responding. This error message may describe the cause of the problem. You can also review the system log in Event Viewer to view the critical stop error that occurs when the computer restarts. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

308427 (http://support.microsoft.com/kb/308427/) HOW TO: View and manage event logs in Event Viewer in Windows XP

To configure the way that Windows responds when the computer stops unexpectedly, follow these steps.

Note: You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.

Log on to the host computer as either an administrator or the owner.

Click Start, and then click Control Panel.

Under Pick a category, click Performance and Maintenance.

Under the or pick a Control Panel icon section, click System.

Click the Advanced tab, and then click Settings under Startup and Recovery.

Click to select any one of the following check boxes under System Failure:

•	Write an event to the system log
•	Send an administrative alert
•	Automatically restart

STATUS

This behavior is by design.

MORE INFORMATION

By default, the Automatically restart check box is selected so that you can continue to use the computer if a critical stop error occurs. Microsoft Services starts during the startup process before you log on. Therefore, the computer is functional after it restarts. If the computer stops because of a critical stop error, you lose all functionality, including the remote access functionality. After the computer restarts, you can investigate the reason for the stop error.

The stop error message only displays information about the possible cause of the critical stop error. In most situations, the error is logged in the system log.

Configure Windows to perform the following actions if a severe error such as a stop error or fatal system error occurs:

•	Write an event to the system log.
•	Notify administrators.
•	Automatically restart the computer.
•	Dump system memory to a file that advanced users can use for debugging.

You must have at least a 2-megabyte (MB) paging file on the computer's boot volume if you want to configure the computer to either write an event to the system log or notify an administrator. If you configure Windows to create a dump file that contains the system memory data, you can use the dump file to debug the cause of the stop error.

To configure Windows to create a dump file, follow these steps:

Log on to the host computer as either an administrator or the owner.

Click Start, and then click Control Panel.

Under Pick a category, click Performance and Maintenance.

Under the or pick a Control Panel icon section, click System.

Click the Advanced tab, and then click Settings under Startup and Recovery.

Under Write Debugging Information, click one of the following entries:

•	Small Memory Dump: If you click this setting, the smallest amount of information that helps you identify the problem is recorded. This setting requires that you have at least 2 MB available for a paging file on the boot volume of your computer. If you click this setting, Windows creates a new file every time that the computer stops unexpectedly. A history of these files is stored in the folder that is listed in the Dump File box.
•	Kernel Memory Dump: If you click this setting, only kernel memory is recorded. This speeds up the process of recording information in a log when the computer stops unexpectedly. Depending on the random-access memory (RAM) in your computer, you must have 50 MB to 800 MB available for the paging file on the boot volume. The file is stored in the folder that is listed in the Dump File box.
•	Complete Memory Dump: If you click this setting, the contents of the system memory are recorded when the computer stops unexpectedly. If you use this setting, you must have a paging file on the boot volume that is sufficient to hold all of the physical RAM plus one MB. The file is stored in the folder that is listed in the Dump File box.

Windows always writes to the same file name. To save individual dump files, click to clear the Overwrite any existing file check box, and change the file name after each stop error.

To save memory, click to clear both the Write an event to the system log check box and the Send an administrative alert check box. The memory that is saved depends on the computer. Typically, these debugging features require about 60 kilobytes (KB) to 70 KB of RAM.

Courtesy: http://support.microsoft.com/kb/320299

Application Security

2008-05-09T17:49:00.001+05:30

Do u think that ur webmail (gmail/yahoo/msn/....) is secure ???????

Absolutely NO..............

Please refer: http://www.apps3c.blogspot.com/

My Thoughts

2008-04-29T14:51:00.000+05:30