Howto change Windows 7 Logon Screen

having your windows7 logon screen as you like is really amazing. here, i write an article “howto change windows 7 logon screen”. it is quite simple. i write two methods for this, 1st method is time consuming and 2nd is so simple.

1st method:

click on start menu and then select Run…, or simple press Win+R.

type regedit in the box and hit enter.

navigate to this HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background

here is step by step image guide.

Now you have to make a new dword value (if not already created). right click, then select new then dword value

name it to OEMBackground

now double click on it and change the value data from 0 to 1

close the registry editor.

now open my computer, go to this folder, c drive>windows>system32>oobe (c is your windows drive, if you installed your windows in another drive, then open that drive instead of c drive)

or just type %windir%\system32\oobe in address bar in my computer like this

here you have to create 2 folders, the “info” folder, and “backgrounds” folder inside info folder

in “oobe” folder, press right click select new and then folder,

name it “info“

now open folder” info”, and inside “info”, make new folder and name it “backgrounds“

ok, now copy a “jpg” image less then 256kb, no meter what resolution it have, copy a jpg picture and paste it in newly created “backgrounds” folder

if you see any confirmation message, click on continue

set the picture name as backgroundDefault

now just logoff or restart your computer and see the effects.

hide Hard Drive using CMD

There are many softwares that can Hide/Lock your hard disk but the problem is, they are not free, you have to purchase a licence to use them, and all people can’t afford this. so here, i am going to tell you a simple trick, with the help of this trick, you can easily hide any of your hard drive and without any additional software. we will done this process using CMD (Command Shell).

1. Go to Start Menu and select “Run” or Simple press “win+r“

2. type cmd and press ok button or press Enter key. a black window will display.

3. type diskpart and press enter key

4. now type list volume and press enter key

5. to hide “Drive D:” , you can see that volume number of D: is “2″ , type select volume 2

6. Now type remove letter d

Go to “My Computer” you can see that there is no “Drive D:”

to unhide the drive D:

do all process from step 1 to step 6

this time type assign letter d instead of remove letter d

after that Go to “My Computer again and your Drive D: will be there 

Note:

the data in drive D : will not delete when you hide drive D:

if you want to hide another drive then follow these steps, but instead of “2″ you have to type the drive number, and instead of “d” you have to type the drive letter, for example if you want to hide “drive F:” then “select volume 4″ for volume select and remove letter f to hide the drive.

How to disable or enable USB port or device

USB Devices are portable enough to carry the data from one computer to another , It is always risky to enable USB ports of computers in large organizations , data center and cyber cafes since it can be the gateway for virus and malwares. You candisable or enable USB port or device in three ways

Enable / Disable USB port and device in BIOS

It can be enabled or disabled in BIOS where the peripheral device setting is configured. While booting the system you will be getting an option to configure BIOS settings. But only problem is you will not be able to use those USB ports for any purpose like connecting USB keyboards or mouse or any devices.

Enable / Disable USB port and device using registry hack in windows

Another effective way to enable or disable USB port or device is to hack registry entry in windows , it will allow you to use your USB port for other functions like connecting keyboard or mouse but you can restrict the data storage through USB port

A. Click on Start –> Run –> regedit [enter]

B. Search for the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor”

C. Select the key UsbStor, double clicks on Start value.

D. In “Value data” enter 4 to disable USB storage, or enter 3 to enable USB storage on windows system

Freeware to enable or disable USB port or device in Windows 7 and XP

There is a nice tool to enable or disable USB PORT in registry. It exactly does the above mentioned steps. If you are not an experienced users then I would prefer you to use below mentioned software for this task. Please remember that it is always risky to edit windows registry.

Popular Indian hacker, Ankit Fadia's site hacked

Ankit Fadia has been in the news for being one of India’s first ethical hackers. He has been recognized by a number of software companies. Reportedly, just a few days back, Ankit Fadia’s official site got hacked by a group called Team Grey Hat. The hackers seem to have gotten access to the files on his server. A Pastebin dump has been setup that shows screenshots of the files. 

Access to files on the serer

The note by the hacker group rubbishes Ankit Fadia as a hacker and his courses. The pastebin dump also mentions the database details, including the username and password used. The Hacker News claims that the site was also hacked by another hacker - Himanshu Sharma, who’s said to be well known in the circles at the age of 17. 

Ankit Fadia was seen on several TV shows, recently as a host offering tech and security advice to his viewers. At the same time, there have been a bunch of other activities, such as writing security books, that have been published in the market. He’s also known to give talks and speak in seminars on security related topics. There have also been reports that books written by Ankit Fadia contain plagiarised content.

BSNL router hacking and possibility of running custom code over it

BSNL router on closer inspection is manufactured by SemIndia and distributed by ITI. It follows the tracks of using firmware of different routers (Broadcom to be specific, BCM6338 stands for Broadcom router firmware version 96338, deployed in US robotics ones and some other popular routers). mine is DNA-A211-1 , one of most popular ones in India.

and then its just configured accordingly wrt ISP. This time, I left the network part, as i do it all the time in my office with Cisco, focused more on the router and firmware itself.

Warning : 

I am not responsible for getting your router trashed, getting wings and trying to kill you. try on your own risk, I am not responsible for your stupidity.

I didn't had a PC (trashed due to burnt ram), so I have to do everything on my android, so pardon for small screen area, understand my plight. T-netted into Router

(PS : screencaps of android may be a bit distorted as shootme app was not working properly over nightly #120)

the first step was to know what was into it, so typed the usual help.

lots of commands :) ran swversion to get the version and see what was this upto. 

With some hunting , i came to know that "sh" command runs over my router , ran it and voila, familiar interface of busybox snaps in.

great..now thats worth something. My android has it too :)) seeing the version made me tick , it was running an older version of busybox. For those who don't know hat busybox is, its a multicall binary. Tried ls, but it didnt worked, hence tried echo *, listed everything :)

bingo..tried cat /etc/passwd and there we go again.

after that, i thought why not to check what other directories have. got into CVS and got information regarding CVS and pserver, noteworthy one is the credentials of pserver

pserver:sunila@192.168.128.19:/home/cvsroot

not much of an interest as they are of a private LAN, googled to find it was configured by Sunil A, employee at SIEMIndia. Again,opened Repository

SemIndia/Engineering/Products/ADSL2Plus/Integ_Source/targets/fs.src

maybe a private repo at SIEM. neverthless..

moved on to /etc

lots of directories here..as a rule of thumb I opened default.cfg

Generic stuff, but what caught my eye was this 

<ppp_conId1 userName="multiplay" password="bXVsdGlwbGF5"

This might come in handy (use your creativity :)) ) . But then I thought that why not to access the router from web interface. I did it.

Went to management and downloaded the backupsettings.conf file, 

opened it and there we go,

I was not able to find the above credentials in it, hence I came to a conclusion that they must be somewhat of higher privilege level.

Moving on..I thought why not to try to create an arbitrary file . Tried

echo ‘rishrockz’ >> rdx

on every directory (I was not able to determine the file permissions as the version of busybox doesn’t has ls or stat ) Finally came to know that /var is writable. Tried creating a file there

echo ‘rishrockz’ >> rdx

file was created : )))))

and then

cat /var/rdx

: ))))

Congrats, you have run/done it :) )

Now I thought why not to upgrade busybox/upgrade firmware/upload scripts over the router, tried tftp

didn’t worked. Then I checked if the tftp daemon was running as a service, it was. yet somehow I was not able to run it. :(

Strange. I thought forget it (small screen keyboard and android research limitation -> frustration) . Well.. next time I will be thinking of going to compile programs (http://people.debian.org/~debacle/cross/)  and copying over them using echo (once I get a PC) , I have got some nice ideas and will be deploying them .

In the mean time, for those who are wondering what this machine has, here is the bootup log.

1. Observation 1 #  - code can be run over the router , but files must be copied using echo (-ne with append option)  or tftp.  Since busybox is there, we can easily insert a kernel module to be run.
2. Observation 2# -  the webs directory has a lot of html files, maybe manipulated for xss attacks (i didnt covered it as its not my domain, some better guys can do it)
3. Observation 3# - private CVS credentials of Siemindia pserver. insider attack ? :D kidding. pserver is already much insecure, but since i have seen a lot of organisations using stock/easily guessable passwords for their outer router/firewalls/vpn servers, its not a tough nut to crack.
4. Observation 4# (most important) - BSNL SUCKS !

Till then .. Stay Gold