Government Security
Network Security Resources

Jump to content


Tips :)

security windows
  • Please log in to reply
91 replies to this topic

#1 Travis



  • Sergeant Major
  • 2,101 posts

Posted 18 April 2003 - 06:04 PM

OS: Windows (Tested on 2000/XP)

If you place .LOG (case sensitive) in the beginning of the first line of a NOTEPAD document (any extension), the time and date will automatically be inserted as the last line whenever you open it, and the cursor will position to the next line.

You can place a shortcut to a .NPD file on your desktop and use it keep a diary of phone contacts.

If anybody has another handy tip please feel free to post it B)

#2 Travis



  • Sergeant Major
  • 2,101 posts

Posted 18 April 2003 - 11:34 PM

This tip (and a few to be followed) will be focusing on Google :) (Main Site) (Canada) (anything to do with linux is more propable to be searched and resulted here.) (anything to do with bsd is more propable to be searched and resulted here.) (anything to do with m$ is more propable to be searched and resulted here.) (gotta have the leet search for all those 1337 people :P )

Unless you're fond of long, detailed queries, you might never have noticed that Google has a hard limit of 10 words?that's keywords and special syntaxes combined?summarily ignoring anything beyond. While this has no real effect on casual Google users, search-hounds quickly find this limit rather cramps their style.

Whatever shall you do?
Favor Obscurity

By limiting your query to the more obscure of your keywords or phrase fragments, you'll hone results without squandering precious query words. Let's say you're interested in a phrase from Hamlet: "The lady doth protest too much, methinks." At first blush, you might simply paste the entire phrase into the query field. But that's seven of your 10 allotted words right there, leaving no room for additional query words or search syntax.

The first thing to do is ditch the first couple of words; "The lady" is just too common a phrase. This leaves the five word "doth protest too much, methinks." Neither "methinks" nor "doth" are words you might hear every day, providing a nice Shakespearean anchor for the phrase. That said, one or the other should suffice, leaving the query at an even four words with room to grow:

"protest too much methinks"


"doth protest too much"

Either of these will provide you, within the first five results, origins of the phrase and pointers to more information.

Unfortunately, this technique won't do you much good in the case of "Do as I say not as I do," which doesn't provide much in the way of obscurity. Attempt clarification by adding something like quote origin English usage and you're stepping beyond the ten-word limit.
Playing the Wildcard

Help comes in the form of Google's full-word wildcard (Hack #13). It turns out that Google doesn't count wildcards toward the limit.

So when you have more than 10 words, substitute a wildcard for common words like so:

"do as * say not as * do" quote origin English usage

Presto! Google runs the search without complaint and you're in for some well-honed results.

Common words such as "I," "a," "the," and "of" actually do no good in the first place. Called "stop words," they are ignored by Google entirely. To force Google to take a stop word into account, prepend it with a + (plus) character, as in: +the.


Consulting the Phonebook
Google makes an excellent phonebook, even to the extent of doing reverse lookups.
Comments on this hack: 0
[Discuss | Link to this hack]

Google combines residential and business phone number information and its own excellent interface to offer a phonebook lookup that provides listings for businesses and residences in the United States. However, the search offers three different syntaxes, different levels of information provide different results, the syntaxes are finicky, and Google doesn't provide any documentation.
The Three Syntaxes

Google offers three ways to search its phonebook:

Searches the entire Google phonebook

Searches residential listings only

Searches business listings only

The result page for phonebook: lookups lists only five results, residential and business combined. The more specific rphonebook: and bphonebook: searches provide up to 30 results per page. For more chance of finding what you're looking for, use the appropriate targetted lookup.
Using the Syntaxes

Using a standard phonebook requires knowing quite a bit of information about what you're looking for: first name, last name, city, and state. Google's phonebook requires no more than last name and state to get it started. Casting a wide net for all the Smiths in California is as simple as:

phonebook:smith ca

Try giving 411 a whirl with that request! shows the results of the query.
Posted Image
Notice that, while intuition might tell you there are thousands of Smiths in California, the Google phonebook says there are only 600. Just as Google's regular search engine maxes out at 1000 results, its phonebook maxes out at 600. Fair enough. Try narrowing down your search by adding a first name, city, or both:

phonebook:john smith los angeles ca

At the time of this writing, the Google phonebook found 3 business and 22 residential listings for John Smith in Los Angeles, California.

The phonebook syntaxes are powerful and useful, but they can be difficult to use if you don't remember a few things about how they work.

The syntaxes are case-sensitive. Searching for phonebook:john doe ca works, while Phonebook:john doe ca (notice the capital P) doesn't.

Wildcards don't work. Then again, they're not needed; the Google phonebook does all the wildcarding for you. For example, if you want to find shops in New York with "Coffee" in the title, don't bother trying to envision every permutation of "Coffee Shop," "Coffee House," and so on. Just search for bphonebook:coffee new york ny and you'll get a list of any business in New York whose name contains the word "coffee."

Exclusions don't work. Perhaps you want to find coffee shops that aren't Starbucks. You might think phonebook:coffee -starbucks new york ny would do the trick. After all, you're searching for coffee and not Starbucks, right? Unfortunately not; Google thinks you're looking for both the words "coffee" and "starbucks," yielding just the opposite of what you were hoping for: everything Starbucks in NYC.

OR doesn't always work. You might start wondering if Google's phonebook accepts OR lookups. You then might experiment, trying to find all the coffee shops in Rhode Island or Hawaii: bphonebook:coffee (ri | hi). Unfortunately that doesn't work; the only listings you'll get are for coffee shops in Hawaii. That's because Google doesn't appear to see the (ri | hi) as a state code, but rather as another element of the search. So if you reversed your search above, and searched for coffee (hi | ri), Google would find listings that contained the string "coffee" and either the strings "hi" or "ri." So you'll find Hi-Tide Coffee (in Massachusetts) and several coffee shops in Rhode Island. It's neater to use OR in the middle of your query, and then specify your state at the end. For example, if you want to find coffee shops that sell either donuts or bagels, this query works fine: bphonebook:coffee (donuts | bagels) ma. That finds stores that contain the word coffee and either the word donuts or the word bagels in Massachusetts. The bottom line: you can use an OR query on the store or resident name, but not on the location.
Reverse phonebook lookup

All three phonebook syntaxes support reverse lookup, though its probably best to use the general phonebook: syntax to avoid not finding what you're looking for due to its residential or business classification.

To do a reverse search, just enter the phone number with area code. Lookups without area code won't work.

phonebook:(707) 829-0515

Note that reverse lookups on Google are a hit-and-miss proposition and don't always produce results. If you're not having any luck, you may wish to use a more dedicated phonebook site like (
Finding phonebooks using Google

While Google's phonebook is a good starting point, its usefulness is limited. If you're looking for a phone number at a university or other large institution, while you won't find the number in Google, you certainly can find the appropriate phonebook, if it's online.

If you're looking for a university phonebook, try this simple search first: inurl:phone, replacing with the domain of the university you're looking for. For example, to find the online phonebook of the University of North Carolina at Chapel Hill, you'd search for:


If that doesn't work, there are several variations you can try, again substituting your preferred university's domain for

title:"phone book"
(phonebook | "phone book") lookup faculty staff
inurl:help (phonebook | "phone book")

If you're looking for several university phonebooks, try the same search with the more generic site:edu rather than a specific university's domain. There are also a couple of web sites that list university phonebooks:

Phonebook Gateway?Server Lookup ( (over 330 phonebooks)

Phone Book Servers ( (over 400 phonebooks)

#3 Travis



  • Sergeant Major
  • 2,101 posts

Posted 20 April 2003 - 08:10 AM

Need to run a test on a physically available computer? NMap, Strobe are available for your disposal at this site. :)

#4 Travis



  • Sergeant Major
  • 2,101 posts

Posted 20 April 2003 - 08:35 AM

How to gather More Information about an Error Message

Microsoft Knowledge Base article Q314084 contains:

For a Microsoft Windows 2000 version of this article, see Q192463 .


This article describes how to gather more information about an error message that appears on a blue screen. Note that these steps do not always provide conclusive answers and may only point you to another problem.


Handling Event Log Messages
Configure Windows to write an event log message with bugcheck information:

Click the Start button, and then click Control Panel .

Double-click the System icon, and then click the Advanced tab.

In the Startup and Recovery section, click Settings , and then click to select the Write an event to the system log check box.

An event log message is written to the system log.

The description and format of the event log differs from the format that is displayed when the computer is writing the Memory.dmp file, but the majority of the information is the same. The following is an example of the event log:

Event ID: 1001
Source: Save Dump
Description: The computer has rebooted from a bugcheck.
The bugcheck was: 0xc000021a (0xe1270188, 0x00000001, 0x00000000, 0x00000000). Microsoft Windows NT (v15.1381).
A dump was saved in: C:\WINNT\MEMORY.DMP.
This information contains the STOP code 0xc000021a and the four parameters. These can be very useful when you are troubleshooting certain types of STOP codes. The meaning of the parameters varies, depending on the type of STOP code.

For information about what the parameters mean, search the Microsoft Knowledge Base for the specific STOP code. (Not all STOP code parameters are covered in the Microsoft Knowledge Base.) To query the Microsoft Knowledge Base, visit the following Microsoft Web site:
Using Dumpchk.exe to Determine Memory Dump Information
If you use Dumpchk.exe, you can determine all of the above information as well as the address of the driver that generated the stop message. This information can often give you a direction to begin troubleshooting. Before you run Dumpchk.exe, be sure to adjust the properties of the command prompt so that the screen buffer size height is set to 999. This height will allow you to scroll back to see the output. Run Dumpchk.exe from the command prompt with the following syntax:
dumpchk.exe Memory.dmp
This is an example of the portions of the output that are most useful.

MachineImageType i386
NumberProcessors 1
BugCheckCode 0xc000021a
BugCheckParameter2 0x00000001
BugCheckParameter3 0x00000000
BugCheckParameter4 0x00000000
ExceptionCode 0x80000003
ExceptionFlags 0x00000001
ExceptionAddress 0x8014fb84
Note that not all sections give the same information. The information depends on the type of STOP code. The preceding information tells you the STOP code (0xc000021a) and the parameters (0xe1270188, 0x00000001, 0x00000000, 0x00000000), along with the address of the driver that called the exception (0x8014fb84). You can use this address to identify the driver name by using the output from running Pstat.exe, which can be found in the Resource Kit.

Dumpchk.exe will also verify that the dump is valid.

For additional information about how to use Dumpchk.exe, click the article number below to view the article in the Microsoft Knowledge Base:
Q156280 How to Use Dumpchk.exe to Check a Memory Dump File
Using Pstat.exe to Identify a Driver
Running Pstat.exe, a Resource Kit utility, gives you a picture of the processes and drivers that are currently running on your computer. For diagnostic purposes, the most useful information is the list of loaded drivers that appears at the end of the output.

Run Pstat.exe from the command line. You can pipe the information that you receive from Pstat.exe into a file by using the following command syntax:
pstat.exe > filename
This is an example of the driver list that appears at the end of the output.

ModuleName LoadAddr Code Data Paged LinkDate
Ntoskrnl.exe 80100000 270272 40064 434816 Sun May 11 00:10:39 1997
Hal.dll 80010000 20384 2720 9344 Mon Mar 10 16:39:20 1997
Aic78xx.sys 80001000 20512 2272 0 Sat Apr 05 21:16:21 1997
Scsiport.sys 801d7000 9824 32 15552 Mon Mar 10 16:42:27 1997
Disk.sys 80008000 3328 0 7072 Thu Apr 24 22:27:46 1997
Class2.sys 8000c000 7040 0 1632 Thu Apr 24 22:23:43 1997
Ino_flpy.sys 801df000 9152 1472 2080 Tue May 26 18:21:40 1998
Ntfs.sys 801e3000 68160 5408 269632 Thu Apr 17 22:02:31 1997
Floppy.sys f7290000 1088 672 7968 Wed Jul 17 00:31:09 1996
Cdrom.sys f72a0000 12608 32 3072 Wed Jul 17 00:31:29 1996
Cdaudio.sys f72b8000 960 0 14912 Mon Mar 17 18:21:15 1997
Null.sys f75c9000 0 0 288 Wed Jul 17 00:31:21 1996
KSecDD.sys f7464000 1280 224 3456 Wed Jul 17 20:34:19 1996
Beep.sys f75ca000 1184 0 0 Wed Apr 23 15:19:43 1997
Cs32ba11.sys fcd1a000 52384 45344 14592 Wed Mar 12 17:22:33 1997
Msi8042.sys f7000000 20192 1536 0 Mon Mar 23 22:46:22 1998
Mouclass.sys f7470000 1984 0 0 Mon Mar 10 16:43:11 1997
Kbdclass.sys f7478000 1952 0 0 Wed Jul 17 00:31:16 1996
Videoprt.sys f72d8000 2080 128 11296 Mon Mar 10 16:41:37 1997
Ati.sys f7010000 960 9824 48768 Fri Dec 12 15:20:37 1997
Vga.sys f7488000 128 32 10784 Wed Jul 17 00:30:37 1996
Msfs.sys f7308000 864 32 15328 Mon Mar 10 16:45:01 1997
Npfs.sys f7020000 6560 192 22624 Mon Mar 10 16:44:48 1997
Ndis.sys fccda000 11744 704 96768 Thu Apr 17 22:19:45 1997
Win32k.sys a0000000 1162624 40064 0 Fri Apr 25 21:17:32 1997
Ati.dll fccba000 106176 17024 0 Fri Dec 12 15:20:08 1997
Cdfs.sys f7050000 5088 608 45984 Mon Mar 10 16:57:04 1997
Ino_fltr.sys fc42f000 29120 38176 1888 Tue Jun 02 16:33:05 1998
Tdi.sys fc4a2000 4480 96 288 Wed Jul 17 00:39:08 1996
Tcpip.sys fc40b000 108128 7008 10176 Fri May 09 17:02:39 1997
Netbt.sys fc3ee000 79808 1216 23872 Sat Apr 26 21:00:42 1997
El90x.sys f7320000 24576 1536 0 Wed Jun 26 20:04:31 1996
Afd.sys f70d0000 1696 928 48672 Thu Apr 10 15:09:17 1997
Netbios.sys f7280000 13280 224 10720 Mon Mar 10 16:56:01 1997
Parport.sys f7460000 3424 32 0 Wed Jul 17 00:31:23 1996
Parallel.sys f746c000 7904 32 0 Wed Jul 17 00:31:23 1996
ParVdm.sys f7552000 1312 32 0 Wed Jul 17 00:31:25 1996
Serial.sys f7120000 2560 0 18784 Mon Mar 10 16:44:11 1997
Rdr.sys fc385000 13472 1984 219104 Wed Mar 26 14:22:36 1997
Mup.sys fc374000 2208 6752 48864 Mon Mar 10 16:57:09 1997
Srv.sys fc24a000 42848 7488 163680 Fri Apr 25 13:59:31 1997
Pscript.dll f9ec3000 0 0 0
Fastfat.sys f9e00000 6720 672 114368 Mon Apr 21 16:50:22 1997
NTdll.dll 77f60000 237568 20480 0 Fri Apr 11 16:38:50 1997
Total 2377632 255040 1696384
By using the starting address in the LoadAddr column, you can match the exception address to the driver name. Using 8014fb84 as an example, you can determine that Ntoskrnl.exe has the nearest load address below the exception address and is most likely to be the driver that called the exception. With this information, you can go to the Microsoft Knowledge Base to look for known issues that match your situation.
Additional Information
The following questions are used to gather additional information that may be requested by any Microsoft Support Professional. This information is needed so that we can properly analyze the blue screen you are experiencing.

Please answer as many questions as possible before you call a Microsoft Support Professional:
Software Configuration
What version of Microsoft Windows is installed on the computer?

Is this a localized version of Windows? If so, what language?

Are any service packs installed? If so, which?

Are any post-service pack hotfixes installed? If so, which?

If this is a Compaq server, what is the version of Support Software Diskettes (SSDs) installed?

Is Windows installed on an NTFS file system partition?

How are the hard disks partitioned?

What programs are installed?

What protocols are installed? (For example, TCP/IP or NetBEUI)

Are there any routers on your network?

What is the brand and model of your computer?

Is the computer listed in the Windows Hardware Compatibility List (HCL)?

What are the brands, types, and sizes of the hard disks?

What types of controllers are in the computer?

How many and what types of processors are in the computer?

How much memory (RAM) is in the computer?

What size is the paging file? On what partition is the paging file located?

What types and models of tape drives are in the computer?

What is the type and model of the CD-ROM drive?

What types and models of network adapters are installed in the computer?

Is this first occurrence of the problem?

After the dump has been successfully transferred, the Microsoft staff who requested the dump can collect the transferred dump from the following network location (make sure to remove the dump from this location because of limited disk space):

#5 Travis



  • Sergeant Major
  • 2,101 posts

Posted 21 April 2003 - 08:53 AM

OS: Linux

Extracted from Web submission
Tip provided by Isaac Tsalicoglou

It's not actually a tip, it's just a nice cool idea
that will make every login a bit special. Go to and search for the keyword
"fortune". Download the version that applies to your
system (tar.gz or rpm) and install it. Locate where the
ELF executable fortune has been placed (usually /usr/games)
and then load the file /etc/profile on your editor and add
the following last line to the file:
(or the path where fortune resides).
This will cause a random "fortune cookie" (a quote)
to appear every time a user logs in. Alternatively, you
can place that line in an independent user's ~/.profile
so only he will have this feature enabled.

#6 Blake


    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 22 April 2003 - 02:55 AM

Good tips, Here is a really simple one that save a lot of time.

OS:Linux WM:KDE2 or 3

While in the GUI file manager Konquerer (I hope I spelled that right) you can drag a folder into a shell window, and then you can select "cd" and the shell will automatically change to that directory.

Saves alot of time.

#7 Travis



  • Sergeant Major
  • 2,101 posts

Posted 25 April 2003 - 03:05 PM

I sugest using MultiProxy, as it will rotate the Proxy servers every 10 seconds or as u choose, so u will use either localhost or (as that is set to localhost in hosts.ini...)

Ok now start up mIRC. Click the Options button, and go to the "Connect > Firewall" section.. Fill in the information as follows:

-Check the "Server" & "Dcc"

-For protocol select "Proxy"

-Hostname: (if you use MultiProxy then:) (If you dont want to use multiproxy then just type the proxy servers ip here!)

-User ID:


-Port: (if you use MultiProxy then:) 8088 (If you dont want to use multiproxy then just type the server's port here.)

Click OK..

Now just connect, some proxy servers dont suport irc, and some will be denied by the server/chan, but on average they should work...

Use this along in your internet browser and you'll be anonymous :)
NOTE: You need special proxies for the IRC "mode" for more information on this issue


The only http proxies which are good for IRC (or other socket connections) are HTTP proxies which have Connect Method option Enabled.

For those of you who don't know what connect method is:

Quoting some document at :

The HTTP CONNECT method is used to tunnel non-HTTP protocols through an HTTP proxy. HTTP proxies typically use the CONNECT method to allow users to access HTTPS sites in explicit proxy mode.

Programmers can find additional technical information about connect method at following RFC`s :

I'll repeat myself one last time - You need to find http proxies which have Connect Method option enabled in their configuration.

Generally http proxies are quite easy to find on the web. At on main page u can find a list of most popular sites with free http proxies lists.

The only problem that newbies can encounter is that sometimes different sites use different format for the proxy lists. Most common format is IP:Port (example, but you'll also find IP<space>Port ( 8080),etc. Those problems and how to deal with it will be discussed in a different tutorial.

[ Verification of HTTP proxies for Connect Method = Enabled ]
There are several programs with help of which u could verify http proxies for Connect Method.
Links to all of 'em you can find at`s downloads section.

Such programs are IRC Proxy Checker(freeware) and AATools(shareware) (Advanced Administrative Tools). There are several other as well but i don't want to make this tutorial to long.

Verifying with IRC Proxy Checker -
This program is quite easy to configure. All you need to do is set the irc server you want to connect to (and it's port), and load up the class=SpellE>proxieslist. The disadvantage of the program is that it's single thread, meaning that it checks the proxies one by one, which is time consuming. IRC Proxy Checker does not verify socks proxies. All it does is verify http proxies for connect method.

Verifying with AATools -
AATools is well coded piece of software. It's probably one of the best (yet personally I still prefer proxy hunter ;). Make sure you've downloaded latest version before continue reading. The section in AATools that verifies proxies is called Proxy Analyzer.

In order to verify http proxies for Connect Method you should make following configuration in AATools:

Go to File -> Settings -> Proxy Analyzer -> FTP
Enable the Test proxy for FTP support.

This option tests http proxies for connect method by attempt connecting to ftp server(with help of connect method). In order for the verification process to be as fast as possible, choose some fast ftp server.

The downside of AATools is that u can?t simply test http proxies for FTP(connect method) support. This verification is being performed along with verification for proxy`s anonymity, which doubles the time to verify a list.

There are other programs that can verify connect method support as well, but I?ve covered some of the most popular ones.
Remember - the best software is the one that you code by yourself =)

P.S. DNA double helix discovered April 25 (Today), 1953 ( As noted on google :) )

#8 Blake


    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 25 April 2003 - 05:31 PM

Pinned it! :D Great Stuff!

#9 Travis



  • Sergeant Major
  • 2,101 posts

Posted 26 April 2003 - 09:52 AM

20 Tips for Windows XP

By:- mr.xp


1) Cracking Windows XP Login Password

download the nice and easy Nt/2k/xp password cracker from

or other way is

if u get acess to the computer then go to Start>Run and type

“control userpasswords2” without Quotes and a new pop up windows will open and u will reach

to user account properties.

Here u can Reset the Administrator and any Users password so anytime when u Want to use the

Computer start it in safemode pressing F8 at Booting get into the xp as u have Administrator password and go to Controlpanel>Useraccounts and create a New Account .Start Computer

Normally and get into WinXP with ur newely made account and do ur job.

(Don’t forget to Delete ur newely made account Otherwise u will be in trouble)

Delete ur account again starting the computer in Safemode as Administrator and Delete ur


2)Disable XP Boot Logo

It is possible to disable the XP splash screen, which will slightly speed up the overall boot process. Be aware that removing the splash screen will also cause you not to see any boot-up messages that might come up (chkdsk, convert ... ), but if your system runs without any problems then it should not matter.

Edit boot.ini.

Add " /noguiboot" right after "/fastdetect".

Upon restarting, the splash screen will be gone. It can be re-enabled by removing the new switch.

3)Turn Off Indexing to Speed Up XP

Windows XP keeps a record of all files on the hard disk so when you do a search on the hard drive it is faster. There is a downside to this and because the computer has to index all files, it will slow down normal file commands like open, close, etc. If you do not do a whole lot of searches on your hard drive then you may want to turn this feature off:

Open My Computer.

Right-click your hard drive icon and select Properties.

At the bottom of the window you'll see "Allow indexing service to index this disk for faster searches," uncheck this and click ok.

A new window will pop up and select Apply to all folders and subfolders.

It will take a minute or two for the changes to take affect but then you should enjoy slightly faster performance.

4)Clean Your Prefetch to Improve Performance

This is a unique technique for WinXP. We know that it is necessary to scrub registry and TEMP files for Win9X/ME/2000 periodically. Prefetch is a new and very useful technique in Windows XP. However, after using XP some time, the prefetch directory can get full of junk and obsolete links in the Prefetch catalog, which can slow down your computer noticeably.

Open C(system drive):/windows/prefetch, delete those junk and obsolete files, reboot. It is recommended that you do this every month.

5)Performance Increase Through My Computer

Easy enough tweak to usually find out about it on your own, but still, some of us still don't find it right away. So here it is:

Start > right-click on My Computer and select Properties.

Click on the "Advanced" tab.

See the "Performance" section? Click "Settings".

Disable the following:

Fade or slide menus into view

Fade or slide ToolTips into view

Fade out menu items after clicking

Show Shadows under menus

Slide open combo boxes

Slide taskbar buttons

Use a background image for each folder type

Use common tasks in folders

There, now Windows will still look nice and perform faster.

6)Reduce 10 Second Scandisk Wait Time

Start MS Dos Prompt (Start run CMD), and type: CHKNTFS /T:4

where 4 is the amount of wait time.


for more info.

7)DMA Mode on IDE Devices

Just like Windows 2000, Windows XP still fails to set the DMA mode correctly for the IDE device designated as the slaves on the primary IDE and secondary IDE channels. Most CD-ROMS are capable of supporting DMA mode, but the default in XP is still PIO. Setting it to DMA won't make your CD-ROM faster, but it will consume less CPU cycles. Here's how:

Open the Device Manager. One way to do that is to right-click on "My Computer", select the Hardware tab, and select Device Manager.

Expand "IDE ATA/ATAPI Controllers" and double-click on "Primary IDE Channel".

Under the "Advanced Settings" tab, check the "Device 1" setting. More than likely, your current transfer mode is set to PIO.

Set it to "DMA if available".

Repeat the step for the "Secondary IDE Channel" if you have devices attached to it. Reboot.

8)Load Internet Explorer the Fastest Way Possible

Edit your link to start Internet Explorer to have -nohome after it. For Example: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome

This will load internet explorer very fast because it does not load a web page while it is loading. If you want to go to your homepage after it is loaded, just click on the home button.

9)Easy Way to Adjust LargeSystemCache

Normally, the tweak I've seen asks you to go into HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management and change the value to either O or 1 to the adjustment the LargeSystemCache.

However, in Windows XP, all you have to do is:

Right-click My Computer.

Select Properties.

Click Advanced.

Choose Performance.

Click Advanced again.

Select either Programs or System Cache under Memory Usage.

Programs = 0 for the registry tweak equivalent

System Cache = 1 for the registry tweak equivalent

10)Shutdown XP Faster

Like previous versions of windows, it takes long time to restart or shutdown windows XP when the "Exit Windows" sound is enabled. To solve this problem you must disable this useless sound.

Click Start button.

Go to settings > Control Panel > Sound, Speech and Audio devices > Sounds and Audio Devices > Sounds.

Then under program events and windows menu click on "Exit Windows" sub-menu and highlight it. Now from sounds you can select, choose "none" and then click Apply and OK.

Now you should see some improvements when shutting down your system.

11)Easily Disable Messenger

Go into: C:/Program Files/Messenger. Rename the Messenger folder to "MessengerOFF".

This does not slow down Outlook Express or hinder system performance.

12)Turn Off Autoplay for Program CDs

How can you stop Windows XP from launching program CDs?

Click Start, click Run, type GPEDIT.MSC to open Group Policy in the Microsoft Management Console.

Double-click Computer Configuration, double-click Administrative templates, double-click System, and then click Turn off autoplay.

The instructions on your screen describe how to configure this setting. Click Properties to display the setting dialog.

Click Enabled, and choose CD-ROM drives, then click OK, to stop CD autoplay.

This setting does not prevent Autoplay for music CDs.

13)Synchronize Your Computer Clock with an Internet Time Server

Does your computer have the right time? If your computer is not part of a domain, you can synchronize your computer clock with an Internet time server. To do so:

Double–click the time on your task bar.

Click the Internet Time tab.

Select the time server you want to use and make sure to select the Automatically synchronize with an Internet time

server check box.

14)Win XP Won’t Completely Shutdown

Go to Control Panel, then go to Power Options.

Click on the APM tab, then check the "Enable Advanced Power Management support."

Shut down your PC.

It should now successfully complete the Shut Down process.

15)Adjust Various Visual Effects

Open up the Control Panel.

Go under System and click on the Advanced tab.

Click settings under Performance options.

You can now change various graphical effects (mainly animations and shadows).

16)Disable Error Reporting

Open Control Panel.

Click on Performance and Maintenance.

Click on System.

Then click on the Advanced tab.

Click on the error-reporting button on the bottom of the windows.

Select Disable error reporting.

Click OK. Click OK.

17)Increase Your Cable Modem or DSL Speed in XP

This tweak is for broad band cable connections on stand alone machines with WinXP professional version - might work on Home version also. It may also work with networked machines as well.

This tweak assumes that you have let WinXP create a connection on install for your cable modem/NIC combination and that your connection has tcp/ip - QoS - file and print sharing - and client for Microsoft networks , only, installed. It also assumes that WinXP will detect your NIC and has in-box drivers for it. If it doesn't do not try this.

In the "My Network Places" properties (right-click on the desktop icon and choose properties), highlight the connection

then at the menu bar choose "Advanced" then "Advanced Settings". Uncheck the two boxes in the lower half for the

bindings for File and Printer sharing and Client for MS networks. Click OK.

18)Stop Jerkey Graphics

If you are connected to a LAN and have problems with jerkey graphics, this might be the solution:

Right-click "MyComputer".

Select "Manage".

Click on "Device Manager".

Double-click on your NIC under "Network Adapters".

In the new window, select the "Advanced" tab.

Select "Connection Type" and manually set the value of your NIC. (Not "Auto Sense" which is default.).

You should reboot.

19)Speeding Up Your Old Shit Pentium by 50%

We all know that you really shouldn't try to run Windows XP on anything less that about a Pentium 3 of some sort if you are out for speedy operations and amazing reaction times, but for those of us with the good old Pentium 2's who want to see just how well we can run XP, we have to tweak as much as we can where-ever we can. A real killer to the system's performance is Windows Media Player. Although it may look desirable and fancy with it's rounded off edges and 3rd-Dimensional appearance, the truth is, it takes up a large amount of that precious processing power. All of these troubles however, lead to one thing in particular with this 'new-look' over-rated music and video player...the Visualizations. The look-great I'll admit but like a lot of software these days, it has no purpose. If you run the task manager, and click the Performance tab along the top, you'll see that when Windows Media Player is running and nothing else is active, it takes up around 50% of the processors power. Once these visualizations are turned off, it barely takes up 2-3% of the processors power, which leaves much more room for other applications to work efficiently.

Here's how to disable the feature:

Open Media Player.

Make sure the Now Playing tab on the left is selected.

Click the View menu along the top.

Go down to Now Playing Tools

20) Turn Off System Restore to Save Space

By default, Windows XP keeps a backup of system files in the System Volume Information folder. This can eat up valuable space on your hard drive. If you don't want Windows to back up your system files:

Open the Control Panel.

Double-click on System.

Click the System Restore tab.

Check "Turn off System Restore on all drives".

Hit Apply.

You may now delete the System Volume Information folder.

P.S. I wouldn't recommend using tip #20 System Restore has Been usefiul countless of times for me.

#10 Travis



  • Sergeant Major
  • 2,101 posts

Posted 28 May 2003 - 07:45 PM

It's been a bit of a wait since the last post hope to refrain from that again :)
Users if you have something worth while give it a post :D.

This isn't so much a tip than to a tutorial ?? But it's a good thing to learn :)

Contact Info:
Written by: TriÇker
(with some slight modifications by R a v e N)
Title: IP and port Info using Netstat
Table of Contents:
I.Use of Netstat
II.Detecting Open ports
IV.Using Netstat it for ICQ and AIM
V.Other Uses
VI.Tools and Utilities
VII.Two Quick Tips
Hello thanks for reading this text on learning more about using netstat
to help you. Please disregard any spelling or punction or any other
grammer errors. This text is written so the average reader can understand
it. Not to complicated. Please enjoy and feel free to email me.
I.Use of Netstat
- (To OPEN Netstat) - To open [Netstat] you must do the following: Click on the
- [Start] button-->Then click [Programs]--> Then look for [Ms-Dos Prompt].
Netstat is a very helpful tool that has many uses. I personally use Netstat
to get IP addresses from other users I'm talking with on ICQ or AIM. Also
you can use Netstat go moniter your port activity for attackers sending syn
requests (part of the TCP/IP 3 way handshake) or just to see what ports are
listening/Established. Look at the example below for the average layout of
a responce to typing Netstat at the C:\windows\ prompt.

Active Connections

Proto Local Address Foreign Address State
TCP pavilion:25872 WARLOCK:1045 ESTABLISHED
TCP pavilion:25872 ESTABLISHED
TCP pavilion:31580 WARLOCK:1046 ESTABLISHED
TCP pavilion:2980 ESTABLISHED
TCP pavilion:3039 ESTABLISHED
Now look above at the example. You will see [Proto] on the top left. This just
tells you if the protocal is TCP/UDP etc. Next to the right you will see
[Local Address] this just tells you the local IP/Hostname:Port open. Then to the
right once again you will see [Foreign Address] this will give you the persons
IP/Hostname and port in the format of IP:Port with ":" in between the port and IP.
And at last you will see [State] Which simply states the STATE of the connection.
This can be Established if it is connected or waiting connect if its listening.
Now with this knowledge we will dive into deeper on how to use this for monitering
and port activity and detecting open ports in use.
II.Detecting Open ports
Now so you are noticeing something funny is going on with your computer? Your cd-rom
tray is going crazy...Opening and closing when your doing nothing. And you say What the
phruck is going on..or you realize someones been messing with a trojan on your computer.
So now your goal is to locate what trojan it is so you can remove it right? Well your right.
So you goto your ms-dos prompt. Now there are many ways to use Netstat and below is a help
menu. Look through it.
C:\WINDOWS>netstat ?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
I personally like using (C:\Windows\Netstat -an) Which Displays all connections and
listening ports in the form of IP instead of Hostname. As you see how i did the command
Netstat(space)-a(Displays all connections and listening ports.)n(in numerical form)
Netstat -an -So doing that does TWO of the options at once no need for -a-n. So
now that you know how to use netstat to view all your connections and listening you
can search for common ports like 12345(old Netbus Trojan),1243(subseven) etc. This
Becomes very handy for everything you will soon find out. Take a break now and go chill
out on your couch and relax for about 5 minutes and let all this soak in then come back
ready to learn more. :)
When you here Syn and Ack(ACKnowledge) you do not think of the communication of packets on
your system. Well let me tell you what SYN and ACK do.
[SYN] - SYN in common words is a request for a connection used in the 3-way handshake
in TCP/IP. Once you send a SYN out for a connection, the target computer will reply with a SYN and ACK. So basically when you see in [State] catagory Syn that means you are sending
out a request to connect to something.
[ACK] - Now the ACK is a ACKnowledgement to the request made by a computer that is
trying to connect to you. Once a Syn is sent to you you need to ACK it, then Send back another syn to the computer requesting connection to confirm the packet sent was correct.
I sure hope that helped you understand a little more about SYN and ACK. If you have further
questions try looking for texts on TCP/IP (such as BSRF's TCP/IP text - Now onto the fun stuff.
IV.Using Netstat it for ICQ and AIM
Have you ever wanted to get someones IP address or hostname using [Aol Instant Messanger]
or [ICQ]? Well your in Luck.
[AIM] - With AIM you can not ussually find the exact IP address without some trial and error because most of the time it seems to open up all online users on Port
5190. So Less users online easier it is. So goto Ms-Dos Prompt and type netstat -n here you will see under [Foreign Addresses] a IP:With port 5190. Now one of those IP's connected
to you with 5190 is going to be your target aim user. Just use trial and error to find out
is ussually the easiest way.
[ICQ] - To get a IP using netstat of a ICQ user is easy before talking to the person on ICQ you must open ms-dos prompt and do netstat -n to list all IP's and ports.Write them
down or copy them somewhere you will remember to look back. Now it's time to find out his
IP. Message the user witha single message now quickly do Nestat -n. And you will have a new added line of a IP address, just search for the new one on the list under foreign and once you find it you now have your buddys ip without any patches or hacks. Pure skill :P.
V.Other Uses
Netstat can be used to get IPs of anything and anyone, as long as there's a direct connection between you and the target (i.e. direct messages, file transfers or ICQ chats in ICQ, DCC (Direct Client Connection) chat and file transfers in IRC etc' etc').
VI.Tools and Utilities:
Port scanning: To look for any open ports on a computer:
- [7th Sphere Port scanner] - (2 mirror sites so if one link doesnt work)
- http://members.xoom....ereportscan.exe
- http://members.xoom....ereportscan.exe
Firewall to moniter Ports and registry:
- [Lockdown 2000]
For Communicating better:
- [ICQ]
- [Aol Instant Messanger]
VII.Two Quick Tips
a.Sometimes Netstat can generate very long lists, which are especially confusing for newbies. If you're having difficulties, just run netstat, and then make a direct connection of some sort to your target, or make it connect to you (ICQ, IRC etc', you get the picture) and run netstat again. There should be a new line - this is what you're looking for.
b.If netstat's output is too long, type 'netstat -an > c:\some-directory\some-file.txt' (without the quotes, and you can replace the parameters -an and the filename and it's path with anything you'd like). This will dump the output to that file for easy viewing, and will also let you copy & paste.
I think there are better ways to understand the internet than with tools you find.
Learn how to do stuff manually so you fully understand whats going on. This will fuel your
power and kill your lameness :)


#11 Guest_Dr Dave_*

Guest_Dr Dave_*
  • Guests

Posted 19 June 2003 - 03:30 PM

hey... what if i can't find run? i go start but dont find run. Its Windows NT if u need to know..

i had to search for ms dos and stuff.. but id want 'run' for more things to do (*cough* regedit *cough*)

EDIT: this might be off topic but is foolproof sumthin where u click on display properties (or right click desktop, then go properties) and it says sumthin like 'The system administrator has disabled this function'? or is that sumthin else?

#12 Travis



  • Sergeant Major
  • 2,101 posts

Posted 19 June 2003 - 06:41 PM

Are you on a computer not administered by you (public computer or something?)?
If so it could be rules that the sys admin had set up.
Command prompt can run regedit just type regedit.exe in the command promp in c:\windows and you'll get regedit.

Foolproof could be used to do that yes.

#13 Guest_Dr Dave_*

Guest_Dr Dave_*
  • Guests

Posted 20 June 2003 - 05:02 AM

o thx.. i thought it was foolproof but i don't ever really see it much so i wasn't totally sure.

well thx for tips, they are great. :D keep up he good work

#14 beardednose


    Retired GSO First Lieutenant

  • Sergeant Major
  • 1,917 posts

Posted 23 June 2003 - 10:26 AM

Dr. Dave, as others have noted elsewhere on this site, if you can access Windows Help, you can generally search for what you want (such as Windows Explorer or Internet Explorer or Services.exe) and help provides a shortcut to the item that bypasses some of the local security.

One of my personal favorites is to press CTL-ALT-DEL, click Task Manager button, click File, New Task (Run). Most admins don't lock this function down. It helps if you know the exact executable, but you can click the Browse button if you don't.

By the way, this works at most libraries and stores that sell computersssssssssssssssssssssssss.
Don't post just a THANKS! Here's why...

Forum Rules you need to know...RuLeS

#15 Blake


    Former Commander In Chief

  • Retired Admin
  • 7,334 posts

Posted 23 June 2003 - 10:42 AM

By the way, this works at most libraries and stores that sell computersssssssssssssssssssssssss.

This is actually a huge problem on in store kiosks. Many of these kiosks are located on the actual LAN of the company. This provides you with the ability to see Intranet webpages which contain private company information.

Also a great way to gather information when preparing a social engineering attempt. There is no better way then to use a phone number that is not publicly know. People assume since you know the number you must be an employee.

Also tagged with one or more of these keywords: security, windows