Jump to content

nepali_dude

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About nepali_dude

  • Rank
    Newbie

Previous Fields

  • First Name:
    anonymous
  • Surname:
    a
  • High School:
    a
  • Village/Town:
    a
  • District:
    a
  • Current University/College:
    a
  • Subject:
    a
  • Town/City:
    a
  • Place of Birth:
    a
  • Gender:
    Male
  1. Cross Site Scripting('XSS') By Example Table of Contents 1.Why this was written. 2.The objective. 3.The hack. 4.The dangers of the results. 5.The solution. 6.Resources 1. Why this was written To me cross site scripting is, apart from perhaps social engineering, the biggest threat to online communities these days. Many sites, including the undisclosed site that is used here, are vulnerable to cross site scripting. The undisclosed site shall hereby be known as victim.com. I have also, as a second goal, written this paper to alert victim.com about their security holes and how they can fix them. As I look now, the site has 109,000,000+ users and it amazes me that this flaw has not been found before. I will also be looking to create a mock up, with no resemblance to the original site, of course, that I will be releasing to the security community hackthissite.org if they want it or on my own site if they do not. By the time you are reading this, victim.com will probably have already fixed the security holes I highlight in this paper. I will be submitting this to victim.com with a week to go before I release this paper to the Internet and all of its occupants. I will only release the name of victim.com with their permission and it would be nice to have a small section, or even just a comment in the source code, stating that the site has benefited from my help 2. The objective In this example, our victim site allows you to create 'mini' communities that have their own rules, ranks, chat boards, and can have competitions and such. These communities get a small place that they can place HTML to make their community look better, and more fit the theme. For example, a community that loves dogs might use HTML to put pictures of dogs everywhere. I would also like to note at this time that this is most likely a multibug, as there are other places that you can put HTML for others to view and I suspect the site has a single security function or class. We will attempt to exploit their letting you use HTML so that we can inject javascript. If we can inject javascript, we can in fact take control of user accounts and either use javascript to automatically manipulate the user accounts, such as forcing the user to join the community whether they want to or not if they so much as look at the front page, or stealing the 'points' of the user by making them buy an expensive item from the user. This could also be used to redirect users to porn websites or websites that places virii, spyware, adware, or other malicious content on the user's computer. 3. The hack Ok so we know we can use HTML, but they say that they don't allow javascript so let's see how true that is. We start with the simple stuff first, so that means we start with the script tag. <script>alert('0wned') The resulting HTML -blocked-alert('XSS')-blocked- Hmm so they actually do block script tags! What a surprise! Ok so next what if we can put a link that will link to some javascript? Click Here The resulting HTML -blocked-Click Here Ahh k so they filter that too. I see that they erased the entire tag though so what if we put the javascript in an image? But wait... An error message! src tags are limited to ending in certain values! (Note: this error message has been modified to protect the identity of the original site. Sorry! src embedded files may only end in: .mp3 .jpeg .gif .bmp .midi .wav .jpg .mid .png You may not use any form of the tag to embed files that end in ”javascript:alert(0wned from the url: ”javascript:alert(0wned Even if you didn't use 'img src', this still applies to all tags that have 'src' in them. For example, 'background src'. What about if we used a comment to bypass this filter? The resulting HTML -blocked- Ok, so now is where we begin the REAL filter evasion. What if we use CaPs to try and bypass filters that look only for same case strings? The resulting HTML -blocked- Ok, what if we injected hex? You need a tool to do this. I recommend burp proxy, a proxy that runs on localhost:8080 that will let you view, block, and alter requests. The resulting HTML -blocked- Uh oh they still got us... Let's change tacks. Let's use a DIV The resulting HTML -blocked- Hmm so far it seems that it looks for any tag with 'javascript' in it. What if we break it up? Don't ask me why but this IS valid javascript/HTML in IE. I am using firefox so I have to switch to IE to test this. The resulting HTML immediately upon seeing this I switched to IE and guess what? A message box entitled '0wned' popped up! So next step: simple, obvious cookie grabber The resulting HTML Let's try using eval to get past this. The resulting HTML: Ok so they change document AND eval so that it renders javascript useless while at the same time not affecting the look of a valid document.. Ok, what if we converted this to HTML hex, since it is in a CSS statement? The resulting HTML Guess what? We have the cookie! I have tried and it works. Now you can simply use your knowledge of javascript to do anything you want. Since I have also found another way to do this, I will go ahead and disclose it. The resulting HTML 4. The dangers of the results Here you can see that once injected, javascript can steal a user's cookies which means that the attacker can 'log in' as the user by masquerading those cookies as the attacker's own. Especially if an admin got their cookies stolen, this is a huge danger to the site. It cannot compromise the server, but it can compromise any user account that can be lured into viewing that page. Also functions such as document.forms[x].submit() can force the user to change settings or perform actions they do not want to. An attacker that really wanted full control could even use AJAX to mimick ANY action that the user could perform. 5. The solution Simple. Simply alter the filter to convert such HTML hex back into ascii, and continue applying normal filters. Also put extra filters on CSS so that CSS can't be a source of problems in the future, EX make sure only certain CSS tags are used. Better yet, create your own style markup language to disallow unwanted tags. Another, GREAT solution is to force you users to use a web browser other than Internet Explorer. Please notice that these XSS exploits work ONLY in IE. 6. Resources http://centricle.com/tools/ascii-hex/ http://ha.ckers.org/xss.html
  2. This Tutorial for Newbies was created by Mixfever. Content and Info from Xrak, Mixfever, PhreakerD7 , ------------------------- **Contents** - Tips to becoming a hacker or Wanting to work with computers and Security - Stuff you may want to think about and learn - Before learning anything else - Should also think about getting some of these on your box (for learning ) - A few good books to check out - computer and Internet Terms (Small list) - Links, Links & more Links / Other places to Hang out - Tips from the Pro's --------------------------------------------------------------------- -=-Tips to becoming a hacker or wanting to work with computers and security-=- First thing most people will tell you is to use google ( www.google.com ). All ways use google before asking a question, Most the time google will answer your question within a few minutes. Also useing google will save you and me some time & also save space on This site or any site for other people to post questions they did not find on google. Also Read as many books as you can. Run to your local bookstore pick up a book look at it and see if you like the info it gives you. Make sertain it's a book you can read and understand. A book for a newbie is perfect if your first starting out. There is always going to be something to learn about computers & Technology Since every day something new comes out and also there is the past to learn about. --------------------------------------------------------------------- -=-Stuff you may want to think about and learn-=- - A programming Languge (C, C++, Perl) - TCP/IP - Networking - Unix based computers (linux, BSD, Solaris,) - Learn as much as you can about windows also - It might help to learn Social Engineering - Just learn how a computer works and runs and the parts inside that make it work here is a link to the above stuff I told you to learn. This link may help you learn about the above info http://www.jinx.com/forum/topic.asp?TOPIC_ID=5359 , http://www.comms.scitech.susx.ac.uk/fft/ Always learn new things and test what you learn with computers it's trial and error. Don't ever give up if you don't get something working the first time. -------------------------------------------------------------------- -=-Before learning anything else:-=- 1. Learn about hardware - basicly how your computer works. 2. Learn about different types of software. 3. Learn your command line. 4. Learn how to make a few batch files. - http://www.tnd.com/camosun/elex130/dosbatchtutor1.html - http://www.tnd.com/camosun/elex130/dosbatchtutor2.html 5. Port scanning. ( download blues port scanner if it's your first time) - http://www.securityconfig.com/software/spe...rt_scanner.html 6. Learn a few programming/markup languages HTML,C/C++,Perl.... (i'd recommend learning Qbasic as your first lang) 7. How to secure yourself (proxy etc) 8. FTP and telnet 9. Your protocols TCP/IP , UDP , SMTP etc 10. Get your hands dirty with networking --------------------------------------------------------------------- -=-Should also think about getting some of these on your box (for learning )-=- An FTP client. - http://www.download.com/Fastream-NetFile-F...tml?tag=lst-0-3 - http://www.download.com/SmartFTP/3000-2160...tml?tag=lst-0-1 - http://www.download.com/AceFTP/3000-2160_4...tml?tag=lst-0-5 A ping utility. - http://www.download.com/vPing/3000-2155_4-...tml?tag=lst-0-3 - http://www.download.com/Inspyder-Sonar/300...tml?tag=lst-0-9 An IP scanner (also known as subnet scanner) - http://www.download.com/NetworkActiv-Scann...tml?tag=lst-0-2 A port scanner. - http://www.download.com/Advanced-Port-Scan...tml?tag=lst-0-1 - http://www.securityconfig.com/software/spe...rt_scanner.html A whois and nslookup utility. - http://www.itoolpad.com - A traceroute utility. - http://www.oxid.it/cain.html - A password cracker. - http://www.oxid.it/cain.html - A CGI vulnerability scanner - - A Net BIOS share scanner. - - A finger client. - - Compilers. - http://www.programmersheaven.com/zone24/cat351/ - Cache rippers. - - A brute force program of some sort. - http://www.hoobie.net/brutus/brutus-download.html - Trojans, rootkits, and RAT's. (just for learning though) - - Sniffers. - http://www.oxid.it/cain.html - * Note * I'll add more links when I have time. * --------------------------------------------------------------------- -=- A few good books to check out -=- We tell you to check out books but we don't give any hints or ideas of what kind of books. Well I'll name a few books thatmay be of help to you. - Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition ISBN: 0072227427 - Google Hacks ISBN: 0596008570 - Hacking: The Art of Exploitation ISBN: 1593270070 - The Art of Deception: Controlling the Human Element of Security ISBN: 076454280X - Dictionary of computer and Internet Terms (Eighth Edition) ISBN: 0764121669 - Gray Hat Hacking: The Ethical Hacker's Handbook ISBN: 0072257091 - Computer Security: Art and Science ISBN: 0201440997 - Networking in Easy Steps (In Easy Steps Series) ISBN: 0760753628 --------------------------------------------------------------------- -=-computer and Internet Terms (Small list)-=- boot disk - A disk, diskette, or CD that can be used to BOOT (start up) a computer IP address - A computers unique "address" Every computer has one. This address is the way people that aren't on your computer see you as. Without an IP, websites wouldn't be able to "Remember" you so you don't have to log in everytime. Everyones local ip address is 127.0.0.1. This is how your computer looks at you. But it's not the same as your "Real" IP address which is how everybody else sees you. Quick example of an IP address: 198.3.45.236 There are 4 "subnets" and none of these "subnets" can be over 255. MAC address - This address is also for your computer. HOWEVER, this address was given to you by your hardware manufacturer. This is NOT the same as your IP address Skiddie (Script-Kiddie) - Someone that uses others programs with no intent to use or even try to make his own. Real hackers try and make their own programs and use others for examples or for when theres no point in writing a new one Cracker - Someone that cracks computers for malicious reasons. Whether it be black mailing, carding obtained card numbers, or just ****ing someone over. sniffer - A hardware device or computer program for intercepting data packets as they pass throught a network either to test the network or to intercept other people's confidential data. Trojan horse (Trojan) - a computer program with a hidden destructive function, such as erasing the disks on a specified date. Trojan horses are often distributed as conterfeit "new" versions of shareware products. password cracker - is an application program that is used to identify an unknown or forgotten password to a computer or network resources. It can also be used to help a human cracker obtain unauthorized access to resources. Compilers - Special programs that take instructions written in a high level language (e.g., Pascal, Fortran) and convert it into machine language or code the computer can understand. Also called: Optimizing Compilers FTP - ( File Transfer protocol ) a standard way of trasferring files from one computer to another on the Internet and on other TCP/IP networks.. google - a widely used search engine for the world wide web, accessible at www.google.com and throught links on many other web sites. --------------------------------------------------------------------- -=Links, Links & more Links=- Other Places to Hang out - http://www.hackthissite.org Hack this site is a very good War game site and training ground that is legal for hackers today. - http://www.binrev.com Binrev has a very nice Radio station with computer info and hacking tips, They also have a nice forum with nice members who love to help and show what they know. And also they have a hacking magazine - http://www.2600.com A great Hacking magazine that comes out Quarterly (Price= $5.99) - http://www.blacklisted411.com Another Hacking Magazine - http://www.astalavista.com/ A great computer Security Area with lots of info - http://www.hackerthreads.org There a hacking forum with lots of members and lots of info - http://www.hackaday.com A kind of hacking Blog were they give you links and share info on what they find that day. Updated Daily! - http://www.i-hacked.com A good site with forums, Downloads, News, and much much more. - http://www.phreaksandgeeks.com The name says it for ya - http://www.hnc3k.com/ Hacking Programs to download, Guides and Tips, and much more. - http://www.informationleak.net - http://www.digzine.com/ - http://www.blackhat.info/live/index.php?na...7&theme=Printer - http://www.jinx.com - http://www.irongeek.com I don't have all day to add every single site there is ( I probly would not be able to find all of them ). But I do have one great link that goes to a sticky that a member from jinx who made a great list of sites that will help you and anyone out. http://www.jinx.com/forum/topic.asp?TOPIC_ID=5363 --------------------------------------------------------------------- -=- Tips from the Pro's -=- From: XraK Learn from my mistakes. Before beginning your programming journey you need to have have a basic understanding of programming... 1. Pseudocode. 2. Algorithms. 3. Flow charts. 3. Constants, Variables, operators. 4. Expressions. 5. Statements, Statement blocks, Modules etc... 6. Binary, Hex 7. The fundamentals of a compiler. 8. What an interpreted language is. 9. What OOP is. 10. What an array is. 11. What an object is. 12. Data structure. 13. ASCII (for character codes I use - http://www.lookuptables.com/) 14. What ANSI is all about. I advise you to go to - http://en.wikipedia.org/wiki/Main_Page - use this site for definitions and whatever. Or do what I often do for definitions - http://www.google.co.uk/search?hl=en&q=define%3A&meta=
  3. This Tutorial for Newbies was created by Mixfever. Content and Info from Xrak, Mixfever, PhreakerD7 , ------------------------- **Contents** - Tips to becoming a hacker or Wanting to work with computers and Security - Stuff you may want to think about and learn - Before learning anything else - Should also think about getting some of these on your box (for learning ) - A few good books to check out - computer and Internet Terms (Small list) - Links, Links & more Links / Other places to Hang out - Tips from the Pro's --------------------------------------------------------------------- -=-Tips to becoming a hacker or wanting to work with computers and security-=- First thing most people will tell you is to use google ( www.google.com ). All ways use google before asking a question, Most the time google will answer your question within a few minutes. Also useing google will save you and me some time & also save space on This site or any site for other people to post questions they did not find on google. Also Read as many books as you can. Run to your local bookstore pick up a book look at it and see if you like the info it gives you. Make sertain it's a book you can read and understand. A book for a newbie is perfect if your first starting out. There is always going to be something to learn about computers & Technology Since every day something new comes out and also there is the past to learn about. --------------------------------------------------------------------- -=-Stuff you may want to think about and learn-=- - A programming Languge (C, C++, Perl) - TCP/IP - Networking - Unix based computers (linux, BSD, Solaris,) - Learn as much as you can about windows also - It might help to learn Social Engineering - Just learn how a computer works and runs and the parts inside that make it work here is a link to the above stuff I told you to learn. This link may help you learn about the above info http://www.jinx.com/forum/topic.asp?TOPIC_ID=5359 , http://www.comms.scitech.susx.ac.uk/fft/ Always learn new things and test what you learn with computers it's trial and error. Don't ever give up if you don't get something working the first time. -------------------------------------------------------------------- -=-Before learning anything else:-=- 1. Learn about hardware - basicly how your computer works. 2. Learn about different types of software. 3. Learn your command line. 4. Learn how to make a few batch files. - http://www.tnd.com/camosun/elex130/dosbatchtutor1.html - http://www.tnd.com/camosun/elex130/dosbatchtutor2.html 5. Port scanning. ( download blues port scanner if it's your first time) - http://www.securityconfig.com/software/spe...rt_scanner.html 6. Learn a few programming/markup languages HTML,C/C++,Perl.... (i'd recommend learning Qbasic as your first lang) 7. How to secure yourself (proxy etc) 8. FTP and telnet 9. Your protocols TCP/IP , UDP , SMTP etc 10. Get your hands dirty with networking --------------------------------------------------------------------- -=-Should also think about getting some of these on your box (for learning )-=- An FTP client. - http://www.download.com/Fastream-NetFile-F...tml?tag=lst-0-3 - http://www.download.com/SmartFTP/3000-2160...tml?tag=lst-0-1 - http://www.download.com/AceFTP/3000-2160_4...tml?tag=lst-0-5 A ping utility. - http://www.download.com/vPing/3000-2155_4-...tml?tag=lst-0-3 - http://www.download.com/Inspyder-Sonar/300...tml?tag=lst-0-9 An IP scanner (also known as subnet scanner) - http://www.download.com/NetworkActiv-Scann...tml?tag=lst-0-2 A port scanner. - http://www.download.com/Advanced-Port-Scan...tml?tag=lst-0-1 - http://www.securityconfig.com/software/spe...rt_scanner.html A whois and nslookup utility. - http://www.itoolpad.com - A traceroute utility. - http://www.oxid.it/cain.html - A password cracker. - http://www.oxid.it/cain.html - A CGI vulnerability scanner - - A Net BIOS share scanner. - - A finger client. - - Compilers. - http://www.programmersheaven.com/zone24/cat351/ - Cache rippers. - - A brute force program of some sort. - http://www.hoobie.net/brutus/brutus-download.html - Trojans, rootkits, and RAT's. (just for learning though) - - Sniffers. - http://www.oxid.it/cain.html - * Note * I'll add more links when I have time. * --------------------------------------------------------------------- -=- A few good books to check out -=- We tell you to check out books but we don't give any hints or ideas of what kind of books. Well I'll name a few books thatmay be of help to you. - Hacking Exposed: Network Security Secrets and Solutions, Fourth Edition ISBN: 0072227427 - Google Hacks ISBN: 0596008570 - Hacking: The Art of Exploitation ISBN: 1593270070 - The Art of Deception: Controlling the Human Element of Security ISBN: 076454280X - Dictionary of computer and Internet Terms (Eighth Edition) ISBN: 0764121669 - Gray Hat Hacking: The Ethical Hacker's Handbook ISBN: 0072257091 - Computer Security: Art and Science ISBN: 0201440997 - Networking in Easy Steps (In Easy Steps Series) ISBN: 0760753628 --------------------------------------------------------------------- -=-computer and Internet Terms (Small list)-=- boot disk - A disk, diskette, or CD that can be used to BOOT (start up) a computer IP address - A computers unique "address" Every computer has one. This address is the way people that aren't on your computer see you as. Without an IP, websites wouldn't be able to "Remember" you so you don't have to log in everytime. Everyones local ip address is 127.0.0.1. This is how your computer looks at you. But it's not the same as your "Real" IP address which is how everybody else sees you. Quick example of an IP address: 198.3.45.236 There are 4 "subnets" and none of these "subnets" can be over 255. MAC address - This address is also for your computer. HOWEVER, this address was given to you by your hardware manufacturer. This is NOT the same as your IP address Skiddie (Script-Kiddie) - Someone that uses others programs with no intent to use or even try to make his own. Real hackers try and make their own programs and use others for examples or for when theres no point in writing a new one Cracker - Someone that cracks computers for malicious reasons. Whether it be black mailing, carding obtained card numbers, or just ****ing someone over. sniffer - A hardware device or computer program for intercepting data packets as they pass throught a network either to test the network or to intercept other people's confidential data. Trojan horse (Trojan) - a computer program with a hidden destructive function, such as erasing the disks on a specified date. Trojan horses are often distributed as conterfeit "new" versions of shareware products. password cracker - is an application program that is used to identify an unknown or forgotten password to a computer or network resources. It can also be used to help a human cracker obtain unauthorized access to resources. Compilers - Special programs that take instructions written in a high level language (e.g., Pascal, Fortran) and convert it into machine language or code the computer can understand. Also called: Optimizing Compilers FTP - ( File Transfer protocol ) a standard way of trasferring files from one computer to another on the Internet and on other TCP/IP networks.. google - a widely used search engine for the world wide web, accessible at www.google.com and throught links on many other web sites. --------------------------------------------------------------------- -=Links, Links & more Links=- Other Places to Hang out - http://www.hackthissite.org Hack this site is a very good War game site and training ground that is legal for hackers today. - http://www.binrev.com Binrev has a very nice Radio station with computer info and hacking tips, They also have a nice forum with nice members who love to help and show what they know. And also they have a hacking magazine - http://www.2600.com A great Hacking magazine that comes out Quarterly (Price= $5.99) - http://www.blacklisted411.com Another Hacking Magazine - http://www.astalavista.com/ A great computer Security Area with lots of info - http://www.hackerthreads.org There a hacking forum with lots of members and lots of info - http://www.hackaday.com A kind of hacking Blog were they give you links and share info on what they find that day. Updated Daily! - http://www.i-hacked.com A good site with forums, Downloads, News, and much much more. - http://www.phreaksandgeeks.com The name says it for ya - http://www.hnc3k.com/ Hacking Programs to download, Guides and Tips, and much more. - http://www.informationleak.net - http://www.digzine.com/ - http://www.blackhat.info/live/index.php?na...7&theme=Printer - http://www.jinx.com - http://www.irongeek.com I don't have all day to add every single site there is ( I probly would not be able to find all of them ). But I do have one great link that goes to a sticky that a member from jinx who made a great list of sites that will help you and anyone out. http://www.jinx.com/forum/topic.asp?TOPIC_ID=5363 --------------------------------------------------------------------- -=- Tips from the Pro's -=- From: XraK Learn from my mistakes. Before beginning your programming journey you need to have have a basic understanding of programming... 1. Pseudocode. 2. Algorithms. 3. Flow charts. 3. Constants, Variables, operators. 4. Expressions. 5. Statements, Statement blocks, Modules etc... 6. Binary, Hex 7. The fundamentals of a compiler. 8. What an interpreted language is. 9. What OOP is. 10. What an array is. 11. What an object is. 12. Data structure. 13. ASCII (for character codes I use - http://www.lookuptables.com/) 14. What ANSI is all about.
  4. Stopping Unneeded Startup Services Caution: Exercise caution when stopping services. If you do not know what a service does or are unsure of the ramifications of stopping the service, leave it alone. Some services are critical to Windows XP's operations, so make sure you understand what the service is before you disable it. To reduce the number of services that start on bootup, you can access two different areas of Windows XP. The first is the System Configuration Utility. The Services tab shows you the services that start when the computer boots. You can stop a service from starting by simply clearing the check box next to the service and clicking OK. However, before you do so, there is another way to disable services that you may prefer because the interface gives you more information about the service in question. Open Control Panel/Administrative ToolsServices or else select Start/Run, type services.msc, and click OK. Either way, you see the Services console. I prefer to use the Services console instead of the System Configuration Utility because it describes what the service does. Additionally, you can double-click a service and examine its properties. This information lists whether the service is automatic or manual. Manual services are only started in Windows XP when you start a process that requires the service. Some other process may require the service that has a "dependency" relationship with it; in this case, the dependency service will start, as well. Because these services do not start automatically when you boot Windows XP, you do not need to do anything with manual services. However, all services listed as automatic start when Windows XP boots. These are the services that increase boot time. As I have mentioned, many of them are necessary and important, so you should not stop automatic services from booting unless you are sure of the ramifications. You can get this information by looking at the Description column. Here's a quick look at common services you may want to live without: Automatic Updates: This service enables Windows XP to check the Web automatically for updates. If you don't want to use Automatic Updates, you can disable the service. You can always check for updates manually at the Windows Update Web site. Computer Browser: If your computer is not on a network, you don't need this service. If you are on a network, leave it alone. DHCP Client: If you are not on a network, you do not need this service. If you are on a small workgroup, you can still increase boot time by configuring manual IP addresses. DNS Client: If you are not on a network, you do not need this service. If you are, leave it alone. Error Reporting and Event Log: You don't have to use these services but they can be very helpful, so I would leave them configured as automatic. Fax: If you don't use your computer for fax services, you can disable this one. Help and Support: If you never use the Windows XP Help and Support Center (found on the Start menu), you can disable this service. IMAPI CD-Burning COM: This service enables you to burn CDs on your computer. If you never burn CDs, you can disable the service. Indexing Service: Your computer keeps an index of files but if you rarely search for files, the service is just a resource hog. You can stop it and turn the service to manual. Windows Firewall/Internet Connection Sharing: If you do not use these features, you can disable them. Infrared Monitor: If you do not use infrared devices, you can disable this service. Messenger: This service sends alert messages on a local area network (it is not the same as Windows Messenger). If you are not on a network, you can disable this service. Print Spooler: If you do not do any printing from the computer, you can disable this service. If you print, make sure you leave it as automatic. Remote Registry: This service allows remote users to modify the Registry on your computer. If you are not on a network, you can disable this service. System Restore Service: This service allows you to use System Restore. If you have turned off System Restore anyway, you do not need to turn off the service. If you do, you turn off System Restore. Themes: If you do not use themes, you can disable this service. Windows Image Acquisition: If you do not use scanners or digital cameras, you can disable this service. Wireless Zero Configuration: If do not use wireless networking devices, you can disable this service. You may have a number of other automatic services, depending on software and other configurations on your computer. So it's a good idea to look through the services and learn more about them. If you double-click a service, a Properties dialog box appears Notice that on the General tab, you see a Startup Type drop-down menu. If you want to change an automatic service to manual, select Manual here and click OK. As a general rule, don't disable a service unless you are sure you will never use it. However, manual configuration allows the service to be started when you find it necessary, thus speeding up your boot time. Keep in mind that services are necessary for the vast functionality you get with Windows XP. Change only those services that you understand and do not use. How you use your Windows XP computer should be the best guide in terms of optional startup services. The Indexing service and the System Restore service take up a lot of disk space and system resources across the board. You can live without the Indexing service but I suggest that you keep using System Restore. It works great when you are in a bind and this is one case where the loss of speed may not be worth the ramifications of not using System Restore. Speed Tips and Tricks for Windows XP Startup Aside from startup programs, services, and the Prefetch folder, there are a number of other startup procedures and issues you can modify to help Windows XP start faster. The following sections explore those tips and tricks. spend time solving this problem.
  5. hey barsa at first xss is not a tool and by the way nmap is only used for scanning the open ports, checking os and others. please understand XSS is a technique not a tool. And by the way a hacker never uses a tool to hack. They use techniques..
  6. well xss means cross site scripting which can be done from client computer to server computr. you can find about some information about xss attack herewhitepaper. It is just a basic concept. Try to google more for information.
  7. Hey guys heard lots about hackers and crackers but i think hackers are better than cracker. We people think that hacker are bad guys but they are not. Originally, a hacker is a term of respect, used among computer programmers, designers, and engineers. The hacker was one who created original and ingenious programs. Unfortunately, the current popular meaning of the term is used to describe those who break into systems, destroy data, steal copyrighted software, and perform other destructive or illegal acts with computers and networks. Hackers check where the webservers are vulnerable to attack or not. If they are vulnerable they inform to the webserver administrator but it is the administrator who does not care about it. They should take the suggestion of a hacker. Like here in nepal we have various webserver most of them are vulnerable. I have checked some sites and they too are vulnerable to attack. Most of them are vulnerable to XSS. I also know some hackers who downs the server for their personal Pleasure.Thats the bad side but we all know every coin has head and tail. Thats all Thanks
  8. hey guys so hows your daily life. I just want to give a link where you can test your hacking skills. Sounds great isn't its Hackthissite . Its very good for newbie to check out. i'll be posting even some more sites to learn............. Ok thats all for today
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.