Saturday, February 24, 2007

Cmd Prompt From Here

You can create a text file named anything.reg, and insert this text into it:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt]
@=”Command Prompt:”
[HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt\Command]
@=”cmd.exe /k cd %1”

Double click on that file, and the text will be entered into the registry, and you’ll have the same right click command prompt.

Clear IE7 Browsing History

If you like to build batch files to automate cleanup on your computer, you’ll probably want to include at least one of these commands in your batch script. You can automate any one of the functions on the Internet Explorer 7 Delete Browsing History dialog.

And here’s the commands that correspond to the different buttons. The most important one from a cleanup perspective is the first, which will delete just the temporary internet files that are cluttering up your computer.

To use these commands, just run them from the command line, the start menu search box in vista, or a batch file.

Temporary Internet Files

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

Cookies

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2

History

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1

Form Data

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16

Passwords

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32

Delete All

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255

Delete All - “Also delete files and settings stored by add-ons”

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

These commands should work in Internet Explorer 7 on XP or on Windows Vista.

Delete System Files

Warning: Do not delete system files. Bad things will probably ensue.

If you need to delete or overwrite a system file in Windows Vista, you’ll quickly notice that you cannot delete system files, even as administrator. This is because Windows Vista’s system files are owned by the TrustedInstaller service by default, and Windows File Protection will keep them from being overwritten.

Thankfully, there’s a way that you can get around this. You need to take ownership of the files, and then assign yourself rights to delete or modify the file. For this, we’ll use the command line.

Open an administrator command prompt by typing cmd into the start menu search box, and hit the Ctrl+Shift+Enter key combination.

To take ownership of the file, you’ll need to use the takeown command. Here’s an example:

takeown /f C:\Windows\System32\en-US\winload.exe.mui

That will give you ownership of the file, but you still have no rights to delete it. Now you can run the cacls command to give yourself full control rights to the file:

cacls C:\Windows\System32\en-US\winload.exe.mui /G Administrator:F

Note that my username is Administrator, so you will substitute your username there.

At this point, you should be able to delete the file. If you still can’t do so, you may need to reboot into Safe Mode and try it again. For the filename in the example, I was able to overwrite it without safe mode, but your mileage may vary.

Monday, February 12, 2007

Start with Specific CPU

Windows Vista has an option that lets you start an application and set the CPU affinity, which assigns the application to run on a specific CPU in a dual-core system.

To start an application you have to pass the affinity flag to the start utility in the command prompt. For instance, if you wanted to start notepad assigned to CPU, you could use the following command:

c:\windows\system32\cmd.exe /C start /affinity 1 notepad.exe

You can see in task manager that the process is only assigned to CPU 0.


To start a process on CPU 0, use the following command switch:

/affinity 1

For CPU 1, use this switch:

/affinity 2

You can use a number up to the number of CPU cores or CPUs in your system. The affinity is essentially CPU core # + 1, so /affinity 5 would use CPU 4.

You can almost modify the shortcut for an item to make it run on the specific CPU, by just prepending the full “c:\windows\system32\cmd.exe /C start /affinity 1 ” onto the shortcut target. The only drawback to this approach is that the command prompt window will briefly flash on the screen.



Enable or Disable UAC

UAC stands for User Account Control. It's just similar to "sudo" in Linux; Microsoft copies the idea from UNIX world and create a GUI for it.

Here's the quick ways to enable or disable the UAC using command line or GUI.

Disable UAC (command line)
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f


Disable UAC (mouse)
  • Open up Control Panel, type in "user account" in the search box.
  • See the link for "Turn User Account Control (UAC) on or off" and click it.
  • Uncheck the box, and reboot your computer. You should be done with obnoxious prompts!
Enable UAC (command line)
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

Enable Ctrl+Alt+Del for Vista Logon Screen

You had to use the Ctrl+Alt+Del combination to login to the system in all the previous versions of Windows. This was supposed to provide a higher security login.

This "feature" has been disabled in Vista by default. You can turn it back on if you wish.
  • Open the Advanced User Accounts panel by typing in netplwiz into the start menu search box, and hitting enter.
  • Then click the Advanced tab, and you’ll see this:

  • Just check the box, and the next time you login, you’ll see the old familiar prompt.

Enable Run Command

The simplest way to do so inlcudes:
  • Hitting Win + R on keyboard
  • Otherwise, you can re-enable the run dialog by right-clicking on the Start Button, selecting Properties, and then clicking Customize on the ensuing dialog window. You’ll be taken to the Customize Start Menu screen. Check the “Run command” checkbox in the list, and you should now be in business.

0day in Solaris 10 and 11 Telnet

From SANS: Another good reason to stop using telnet

Published: 2007-02-11,
Last Updated: 2007-02-11 23:07:07 UTC
by donald smith (Version: 1)

There is a major zero day bug announced in solaris 10 and 11 with the telnet and login combination.
It has been verified. In my opinion NOBODY be should running telnet open to the internet.

The issue:
The telnet daemon passes switches directly to the login process which looks for a switch that allows root to login to any account without a password. If your telnet daemon is running as root it allows unauthenticated remote logins.

Telnet should be disabled. Since 1994 the cert.org team has recommended using something other then plain text authentication due to potential network monitoring attacks. http://www.cert.org/advisories/CA-1994-01.html
“We recognize that the only effective long-term solution to prevent these attacks is by not transmitting reusable clear-text passwords on the network.“

If remote shell access is required ssh is a better choice then telnet. We have done articles about securing ssh in the past. http://isc.sans.org/diary.html?storyid=1541

The FIX:
To disable telnet in solaris 10 or 11 this command should work.
svcadm disable telnet

The Mitigations:
Limit your exposure if you must run telnet on your solaris system it is recommend that you use firewall(s) to limit what IP can connect to your telnet services.

Another mitigation that works is this:
inetadm -m svc:/network/telnet:default exec="/usr/sbin/in.telnetd -a user"

I am not going to include the site with the exploit. No special tools are required to exploit this vulnerability.

Thanks to Chris and Thomas who notified us of this issue and all the fellow handlers that helped verify, mitigate and review this report.

From SecuriTeam: Solaris Telnet 0day or Embarrassment

Johannes Ullrich from the SANS ISC sent this to me and then I saw it on the DSHIELD list:

If you run Solaris, please check if you got telnet enabled NOW. If you
can, block port 23 at your perimeter. There is a fairly trivial Solaris
telnet 0-day.

telnet -l “-froot” [hostname]

will give you root on many Solaris systems with default installs
We are still testing. Please use our contact form at
https://isc.sans.org/contact.html
if you have any details about the use of this exploit.

You mean they still use telnet?!

Gadi Evron,
ge@linuxbox.org.



Hidden Boot Screen in Vista

from the How-To Geek

The Windows Vista BootScreen is pointless, but Microsoft decided to hide a more visually appealing boot screen that can easily be enabled with very little trouble. I’m not sure why they didn’t make the boot screen better.

All you have to do is type msconfig into the start menu search box, and hit enter.

Click the Boot tab, and then check the “No GUI boot” checkbox.

Hit OK and reboot the computer. You should see the new boot screen immediately.

Gmail's Philosophy

From Gmail's Philosophy Today

Google approach to mail, Gmail, was launched in April 1st 2004 as an invitation-only system. People initially thought Gmail was Google's Aprill Fools Day joke, but it turned out that Gmail was real.

What set Gmail apart?
  • Don't throw anything away
    Gmail had a storage size of 1 GB, 250 times bigger than Yahoo Mail's storage. Google thought people won't need to delete messages anymore, so Gmail didn't include a Delete button. But users really wanted to delete unnecessary messages, so Google had to add add the Delete button (January 2006).

  • Search, don't sort
    A such a big storage required a good search engine. Google indexed the full text of the messages, so you can search it throughly. There's also an advanced search that allows you to search for a certain sender or a time interval. But many users want a way to sort messages: for example, it would be nice to sort the messages by size or by sender.

  • Keep it all in context
    Google thought it would be nice to display all the replies to a message in a thread, like in a message board. Gmail does that by looking at the subject, so if someone changes the subject, the reply is not included in the thread. While many users agree it's a better way to handle an email exchange as a conversation, there are people who think each message should treated independently.

  • No pop-up ads. No untargeted banners
    Gmail shows text ads related to the current message. In 2004, when Gmail was launched, uninformed people spreaded the idea that Gmail breaks users' privacy by scanning the full text of messages to display ads. As Tim O'Reilly reported, "a number of organizations have asked Google to voluntarily suspend the service. One California legislator has gone so far as to say she plans to introduce a bill to ban it." As people got invitations to Gmail, they realized Google's system is better: mail scanning is automated and Gmail displays unobtrusive and sometimes even useful ads.

  • Labels, not folders
    Instead of storing message in separate folders, you can attach one or more labels that describe its content. Filters help you do that automatically. But there are many people that want folders: that's why Yahoo Mail and Windows Live (Hot)mail chose to stick with folders.

Gmail's philosophy was to remove as many constraints as possible and to have a flexible way to organize your mail. But when you try to be free of constraints, you impose a new rule and users should abide by it. People will always want to delete their messages, to see the first message received from aunt Lilly, to move it to a specific container like they do with their files (even if you can do this in Gmail by labeling a message and then archiving it). Messages from Gmail's Group confirm that:

"If I could sort by sender, then it would be much easier to find all of the emails from a certain group, individual, mailing list, company. Searching is great, it has tons of usefulness, but it does NOT replace sorting. It can be more cumbersome in many instances, no matter how well you refine it."

"I understand that some of the developers of Gmail feel that conversations are fundamental to the Gmail experience. But by not offering the option to disable it, you really are forcing many of your users to interact with their email in a way that they would prefer not to. Where is the choice? Of course I can set up my account to pop all of the mail to Outlook Express or some variant. But that removes me from the otherwise excellent Gmail experience, which I certainly do not want to do."