BlackHat security

Partizan watches the Windows boot process.

Reanimator detects and remove Trojans/Spyware/Adware using signature database (Greatis Application Database).

Each rootkit needs a way to automatically start after computer reboot.
We can detect it and remove a rootkit from auto start.

1. Detecting kernel rootkits without a lot of BSOD.
2. Partizan checks the computer automatically during every Windows boot.
3. Partizan uses small number of computer resources.
4. Partizan takes only a couple seconds for checking. Compare it with full disk scan.
5. Partizan is a powerful. It can detect a remove any kernel/usermode rootkit, Trojan/Spyware/Adware components.
6. You can use other anti-rootkit software in addition to Partizan as well.

Partizan activates several agents for monitoring the Windows boot process.

* Anti-Bootkit. Used against Bootkit rootkits located in the boot sectors (in development).
* Partizan boot driver. Used against Rustock clone rootkits. It can trace registry services and delete a service. Partizan driver starts on the early stage of the Windows boot process. Partizan driver has additional "safe" mode allows to skip processing of the Winlogon and similar registry keys by Windows operation system to avoid infection and for easy removing infection.
* Partizan Native application. It is started from the BootExecute registry key. Partizan deletes files/streams and service keys.
* Secure Start. It starts before Windows shell starts using RunOnceEx key.
Secure Start executes UnHackMe application for rootkits testing using information from the Partizan boot driver. Secure Start can remove Trojans/usermode rootkits/spyware/adware using RegRun Reanimator with Application Database.

Compatible with all known antiviral software!!!.

Download:

http://rapidshare.com/files/264158643/UnHackMe_v5.0.5.300.rar

really that is possible !

u know why is it a “user” account because it lacks come service layer than that in “administrator” account

Using simple command line tools on a machine running Windows XP we will obtain system level privileges, and run the entire explorer process (Desktop), and all processes that run from it have system privileges. The system run level is higher than administrator, and has full control of the operating system and it’s kernel. On many machines this can be exploited even with the guest account. At the time I’m publishing this, I have been unable to find any other mention of people running an entire desktop as system, although I have seen some articles regarding the SYSTEM command prompt.

Local privilege escalation is useful on any system that a hacker may compromise; the system account allows for several other things that aren’t normally possible (like resetting the administrator password).

The Local System account is used by the Windows OS to control various aspects of the system (kernel, services, etc); the account shows up as SYSTEM in the Task Manager

Local System differs from an Administrator account in that it has full control of the operating system, similar to root on a *nix machine. Most System processes are required by the operating system, and cannot be closed, even by an Administrator account; attempting to close them will result in a error message. The following quote from Wikipedia explains this in a easy to understand way:

You can trick the system into running a program, script, or batch file with system level privileges.

One sample

One trick is to use a vulnerability in Windows long filename support.
Try placing an executable named Program.*, in the root directory of the “Windows” drive. Then reboot. The system may run the Program.*, with system level privileges. So long as one of the applications in the “Program Files” directory is a startup app. The call to “Program Files”, will be intercepted by Program.*.

Microsoft eventually caught on to that trick. Now days, more and more, of the startup applications are being coded to use limited privileges.

Quote:

In Windows NT and later systems derived from it (Windows 2000, Windows XP, Windows Server 2003 and Windows Vista), there may or may not be a superuser. By default, there is a superuser named Administrator, although it is not an exact analogue of the Unix root superuser account. Administrator does not have all the privileges of root because some superuser privileges are assigned to the Local System account in Windows NT.

Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:
Code:
at

If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:

Code:
at 15:25 /interactive “cmd.exe”

Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:

When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:

You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:

Code:
explorer.exe

A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM. The easiest way to get back into your own desktop, is to log out and then log back in.

System user name on start menu

explorer.exe running under SYSTEM

What to do now
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc. You also have the ability to reset the administrators password, and kill other processes owned by SYSTEM. You can do anything on the machine, the equivalent of root; You are now God of the Windows machine. I’ll leave the rest up to your imagination.

ADMINISTRATOR IN WELCOME SCREEN.

When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the “Welcome Screen” does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the “Win2000 Logon Screen Tweak” ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.

EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!

Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon SpecialAccounts UserList
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it’s Value data. Close the registry editor and restart.

dont hack others buddy be ethical !!!  ... lolz ;)

Set Processes Priority

Follow this tip to increase the priority of active processes, this will result in prioritisation of processes using the CPU.

CTRL-SHIFT-ESC
1.Go to the second tab called Processes, right click on one of the active processes, you will see the Set Priority option

2.For example, your Run your CDwriter program , set the priority higher, and guess what, no crashed CD’s
Shutdown Trick !

Imidiate rapid shut down window
while shutting down window. open task manager(Ctr+Alt+Del),
Select shut down tab. and press ‘ Ctrl ‘ key while select Turn Off from dis tab.
Count 5 4 3 2 1 Voila!!! U r window will rapidly shut down.

Speed Up Ur Shut down !!

Start Regedit.
Navigate to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control.
Click on the “Control” Folder.
Select “WaitToKillServiceTimeout”
Right click on it and select Modify.
Set it a value lower than 2000 (Mine is set to 200).

and !

Like previous versions of windows, it takes long time to restart or shutdown windows xp when the “Exit Windows” sound is enabled. to solve this problem you
must disable this useless sound. click start button then go to settings -> control panel -> Sound,Speech and Audio devices -> Sounds and Audio Devices -> Sounds, then under program events and windows menu click on “Exit Windows” sub-menu and highlight it.now from sounds you can select,choose “none” and then click apply and ok. now you can see some improvements when shutting down your system.

**New Trick**
Crazy also !!
Hide ur folders.. never known trick !!!!!!!!!! Disguise them to “Recycle Bin”

Rename any folder with extension {645FF040-5081-101B-9F08-00AA002F954E}
eg,
if u’ve a folder games
press F2,
then type, “games.{645FF040-5081-101B-9F08-00AA002F954E}”
c the magic….
then 2 get to original form,
remove the extension using
“ren games.{645FF040-5081-101B-9F08-00AA002F954E} games” in dos or as a bat file

n u are done..

~cheers~

System information:-

system up time only for xp professional edition
It boasts how long it can stay up. Whereas previous
versions of Windows were coy about how long they went
between boots, XP is positively proud of its stamina.
Go to the Command Prompt in the Accessories menu from
the All Programs start button option, and then type
’systeminfo’. The computer will produce a lot of
useful info, including the uptime. If you want to keep
these, type ’systeminfo > info.txt’. This creates a
file called info.txt you can look at later with
Notepad. (Professional Edition only).

lock pc just by double clicking mouse

You can lock your XP workstation with two clicks of
the mouse. Create a new shortcut on your desktop using
a right mouse click, and enter ‘rundll32.exe
user32.dll,LockWorkStation’ in the location field.
Give the shortcut a name you like. That’s it — just
double click on it and your computer will be locked.
And if that’s not easy enough, Windows key + L will do
the same.

SPEED UP UR ACROBAT READER (ALMOST LIKE NOTEPAD)

Do u get irritated when acrobat reader takes 5/10 seconds to load when you want to open a pdf document. There is a way to speed up the loading.

1. Go to the installation folder of acrobat reader
(C:program filesadobeacrobatreader.. whatever)

2. Move all the files and folders from the “plugins” directory to the “Optional” directory. (I repeat.. cut and paste the files NOT copy & paste).

Also make sure that acrobat reader is not open else it will lock the files and not allow you to move the files).

Now your acrobat reader will load very fast
and almost as good as notepad..

Remove Stored username and Passwords !

To remove the Stored User Names and Passwords from your system, try this:
Click Start, Run and type Control keymgr.dll
Remove the entries from the list.
The other ways to access this dialog are:
Type Control Userpasswords2 in RUN box, click Advanced, Manage Passwords
-or-
From Control Panel, select your User Account, click Manage your network passwords

It Works

~ Cheers ~

*

Remove the Username and picture from Windows XP New Start Menu

The User account picture can be removed by turning off the Welcome Screen. Or, by switching to Windows Classic theme. Follow the method described in this article if you want to remove the username and picture from the Start Menu, without disabling the Welcome Screen and Windows XP Theme.

For those who want to remove the user name and user account picture from Start Menu, in order to have a blank blue panel at the top, try this:
Start Windows Explorer and go to this folder:

C:Documents and SettingsAll UsersApplication DataMicrosoftUser Account Pictures

From that folder, rename the BMP file which corresponds to your user account.
( For example, if your username is Robert, rename Robert.bmp to old_Robert.bmp )
Next, rename the following folder:

C:Documents and SettingsAll UsersApplication DataMicrosoftUser Account PicturesDefault Pictures

to something else, say…

C:Documents and SettingsAll UsersApplication DataMicrosoftUser Account PicturesNo_Default Pictures
To remove the user name, follow these steps

Start regedit.exe and navigate to the this key:

HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer
In the right-pane, set NoUserNameInStartMenu value-data to 1

Close Regedit.exe and restart Windows.

You’ll end up with a blue space at the top of the Start Menu.

To get back the username and the picture, reverse the above procedure.

For the New Start Menu, Windows XP looks for the .bmp file in the folder

C:Documents and SettingsAll UsersApplication DataMicrosoftUser Account Pictures

If the file is not found, it takes a picture from the “Default Pictures” sub-folder. By renaming the .bmp and the “Default Pictures” folder, you’re giving no chance for Windows to fetch an image for the Start Menu

~ Cheers ~.

Notepad Trick ! for complete list move to NOTEPAD TRICKS page !!

Well quite old but here is d complete collection

Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.

Voilla!!

or

1> Open Notepad
2> Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
3> DON’T hit enter at the end of the line.
4> Save the file.
5> Close Notepad.
6> Reopen Notepad.
7> Open the file you just saved.

or

Open a note pad
type Bush hid the facts
save that file,
close it
again open and see…

NOTEPAD “world trade centre trick”.. :SuV

Did you know that the flight number of the plane that had hit WTC …on
9/11 was Q33N ….Open your Notepad in ur computer and type the flight
number i.e Q33N… Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.

log trick !! make ur Notepad a diary !!

Sometimes we want to insert current data and time, whenever we open the file in the notepad. If you are a lazy person like me, who don’t like to press F5 whenever you open a notepad. Then here is a trick to avoid this. Just add a .LOG in the first line of your text file and close it.
Whenever you open the file with that text in the first line in the notepad, it will insert the current date and time at the end of the file. You can start entering your text after that.

WHY?

The reason this happens:

In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a “Byte-Order Mark” (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.

1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters

~ cheers ~

SPEED UP MENU DISPLAY.!!

When using the start menu the you will notice a delay between different tiers of the menu hierarchy. For the fastest computer experience possible I recommend changing this value to zero. This will allow the different tiers to appear instantly.

Start Regedit. If you are unfamiliar with regedit please refer to our FAQ on how to get started.

Navigate to HKEY_CURRENT_USERControl PanelDesktop
Select MenuShowDelay from the list on the right.

Right on it and select Modify.
Change the value to 0.
Reboot your computer.

CLICKING * .AVI FILES ON EXPLORER CAUSING 100% CPU USAGE.!!

Well windows seem to have a REALLY big problem when it comes to reading AVI files. It seems that when you click on an AVI file in explorer, it’ll try to read the entire AVI file to determine the width,height, etc. of the AVI file (this is displayed in the Properties window). Now the problem with Windows is that if you have a broken/not fully downloaded AVI file that doesnt contain this info, Windows will scan the entire AVI file trying to figure out all these properties which in the process will probably cause 100% CPU usage and heavy memory usage. To solve this problem all you have to do is the following:
1. Open up regedit
2. Goto HKEY_CLASSES_ROOTSystemFileAssociations.avishellexPropertyHandler
3. Delete the “Default” value which should be “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”
Voila! Please not that this will no longer provide you with the windows properties displaying the AVI file information such as width, height, bitrate etc. But its a small price to pay for saving you resources.
NOTE: Please use caution when using regedit. Improper usage may cause windows to behave imcorrectly. Also, I cannot be held resposible. Backup your registry first.

CD ROM STOPS AUTOPLAYING/AUTORUN.!!

And the AutoPlay Tab has disappeared in My Computer, Devices With Removable Storage, Right Click on CDROM, Properties.
Solution: The service: “Shell Hardware Detection” has been set to Manual or Disabled. Go to Control Panel, Administrative Tools, Services. Return this service to “Automatic”.

How to make your Desktop Icons Transparent

Go to Control Panel > System, > Advanced > Performance area > Settings button Visual Effects tab “Use drop shadows for icon labels on the Desktop”

DISPLAY MESSAGE ON STARTUP.

Start regedit, if you are unfamiliar with regedit please see our FAQ.
Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Modify the key legalnoticecaption with what you want to name the window.
Modify the key legalnoticetext with what you want the window to say. Restart

AUTO DELETE TEMPORARY FOLDER.!!

ll what i prefer is ” without quotes.. at Start -> Run..
this opens ur temp folder n den u cal erase it neatly// still try dis one too..

First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click “Do Not Delete Temp Folder Upon Exit”
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.

make ur pdf files to speak
here r the shortcuts for hearing pdf files in abobe reader 6.0 or higher

ctrl+shift+b —->to hear the whole topic
ctrl+shift+v —->to hear the page