Thursday, June 19, 2008

Closing Open Holes (Port) By Trojan

With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked.

This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system.

Open Ports: A Threat to Security?

In the Netstat Tutorial we had discussed how the netstat -a command showed the list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap the important part. So here goes, straight from the netstat tutorial:

Now, the ??a? option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system.

For Example,

C:\windows>netstat -a

Active Connections


Proto Local Address Foreign Address State
TCP Tadpole:1031 dwarf.box.sk:ftp ESTABLISHED
TCP Tadpole:1036 dwarf.box.sk:ftp-data TIME_WAIT
TCP Tadpole:1043 banners.egroups.com:80 FIN_WAIT_2
TCP Tadpole:1045 mail2.mtnl.net.in:pop3 TIME_WAIT
TCP Tadpole:1052 zztop.boxnetwork.net:80 ESTABLISHED
TCP Tadpole:1053 mail2.mtnl.net.in:pop3 TIME_WAIT
UDP Tadpole:1025 *:*
UDP Tadpole:nbdatagram *:*


Now, let us take a single line from the above output and see what it stands for:

Proto Local Address Foreign Address State
TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED

Now, the above can be arranged as below:

Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.)

Local System Name: ankit (This is the name of the local system that you set during the Windows setup.)

Local Port opened and being used by this connection: 1031

Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.)

Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.)

State of Connection: ESTABLISHED

?Netstat? with the ??a? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it.

The following is a list of Trojans and the port numbers which they use, if you Netstat yourself and find any of the following open, then you can be pretty sure, that you are infected.



Port 12345(TCP) Netbus
Port 31337(UDP) Back Orifice

For complete list, refer to the Tutorial on Trojans at: hackingtruths.box.sk/trojans.txt
----

Now, the above tutorial resulted in a number of people raising questions like: If the 'netstat -a' command shows open ports on my system, does this mean that anyone can connect to them? Or, How can I close these open ports? How do I know if an open port is a threat to my system's security of not? Well, the answer to all these question would be clear, once you read the below paragraph:

Now, the thing to understand here is that, Port numbers are divided into three ranges:

The Well Known Ports are those from 0 through 1023. This range or ports is bound to the services running on them. By this what I mean is that each port usually has a specific service running on it. You see there is an internationally accepted Port Numbers to Services rule, (refer RFC 1700 Here) which specifies as to on what port number a particular service runs. For Example, By Default or normally FTP runs on Port 21. So if you find that Port 21 is open on a particular system, then it usually means that that particular system uses the FTP Protocol to transfer files. However, please note that some smart system administrators delibrately i.e. to fool lamers run fake services on popular ports. For Example, a system might be running a fake FTP daemon on Port 21. Although you get the same interface like the FTP daemon banner, response numbers etc, however, it actually might be a software logging your prescence and sometimes even tracing you!!!

The Registered Ports are those from 1024 through 49151. This range of port numbers is not bound to any specific service. Actually, Networking utlites like your Browser, Email Client, FTP software opens a random port within this range and starts a communication with the remote server. A port number within this range is the reason why you are able to surf the net or check your email etc.

If you find that when you give the netstat -a command, then a number of ports within this range are open, then you should probably not worry. These ports are simply opened so that you can get your software applications to do what you want them to do. These ports are opened temporarily by various applications to perform tasks. They act as a buffer transfering packets (data) received to the application and vis-a-versa. Once you close the application, then you find that these ports are closed automatically. For Example, when you type www.hotmail.com in your browser, then your browser randomly chooses a Registered Port and uses it as a buffer to communicate with the various remote servers involved.

The Dynamic and/or Private Ports are those from 49152 through 65535. This range is rarely used, and is mostly used by trojans, however some application do tend to use such high range port numbers. For Example,Sun starts their RPC ports at 32768.
So this basically brings us to what to do if you find that Netstat gives you a couple of open ports on your system:

1. Check the Trojan Port List and check if the open port matches with any of the popular ones. If it does then get a trojan Removal and remove the trojan.

2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the open port lies in the registered Ports range. If yes, then you have nothing to worry, so forget about it.

***********************
HACKING TRUTH: A common technique employed by a number of system administrators, is remapping ports. For example, normally the default port for HTTP is 80. However, the system administrator could also remap it to Port 8080. Now, if that is the case, then the homepage hosted at that server would be at:

http://domain.com:8080 instead of
http://domain.com:80

The idea behind Port Remapping is that instead of running a service on a well known port, where it can easily be exploited, it would be better to run it on a not so well known port, as the hacker, would find it more difficult to find that service. He would have to port scan high range of numbers to discover port remapping.

The ports used for remapping are usually pretty easy to remember. They are choosen keeping in mind the default port number at which the service being remapped should be running. For Example, POP by default runs on Port 110. However, if you were to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc

Some sysadmins also like to choose Port numbers in the following manner: 1234,2345,3456,4567 and so on... Yet another reason as to why Port Remapping is done, is that on a Unix System to be able to listen to a port under 1024, you must have root previledges.
************************


Firewalls

Use of Firewalls is no longer confined to servers or websites or commerical companies. Even if you simply dial up into your ISP or use PPP (Point to Point Protocol) to surf the net, you simply cannot do without a firewall. So what exactly is a firewall?

Well, in non-geek language, a firewall is basically a shield which protects your system from the untrusted non-reliable systems connected to the Internet. It is a software which listens to all ports on your system for any attempts to open a connection and when it detects such an attempt, then it reacts according to the predefined set of rules. So basically, a firewall is something that protects the network(or systen) from the Internet. It is derived from the concept of firewalls used in vehicles which is a barrier made of fire resistant material protecting the vehicle in case of fire.

Now, for a better 'according to the bible' defination of a firewall: A firewall is best described as a software or hardware or both Hardware and Software packet filter that allows only selected packets to pass through from the Internet to your private internal network. A firewall is a system or a group of systems which guard a trusted network( The Internal Private Network from the untrusted network (The Internet.)

NOTE: This was a very brief desciption of what a firewall is, I would not be going into the details of their working in this manual.

Anyway,the term 'Firewalls', (which were generally used by companies for commerical purposes) has evolved into a new term called 'Personal Firewalls'. Now this term is basically used to refer to firewalls installed on a standalone system which may or may not be networked i.e. It usually connects to an ISP. Or in other words a personal firewall is a firewall used for personal use.

Now that you have a basic desciption as to what a firewall is, let us move on to why exactly you need to install a Firewall? Or, how can not installing a firewall pose a threat to the security of your system?

You see, when you are connected to the Internet, then you have millions of other untrusted systems connected to it as well. If somehow someone found out your IP address, then they could do probably anything to your system. They could exploit any vulnerability existing in your system, damage your data, and even use your system to hack into other computers.

Finding out someone'e IP Address is not very difficult. Anybody can find out your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), through a common ISP and numerous other ways. Infact finding out the IP Address of a specific person is not always the priority of some hackers.

What I mean to say by that is that there are a number of Scripts and utilities available which scan all IP addresses between a certain range for predefined common vulnerabilities. For Example, Systems with File Sharing Enabled or a system running an OS which is vulnerable to the Ping of Death attack etc etc As soon as a vulnerable system is found, then they use the IP to carry out the attacks.

The most common scanners look for systems with RAT's or Remote Administration Tools installed. They send a packet to common Trojan ports and display whether the victim's system has that Trojan installed or not. The 'Scan Range of IP Addresses' that these programs accept are quite wide and one can easily find a vulnerable system in the matter of minutes or even seconds.

Trojan Horses like Back Orifice provide remote access to your system and can set up a password sniffer. The combination of a back door and a sniffer is a dangerous one: The back door provides future remote access, while the sniffer may reveal important information about you like your other Passwords, Bank Details, Credit Card Numbers, Social Security Number etc If your home system is connected to a local LAN and the attacker manages to install a backdoor on it, then you probably have given the attacker the same access level to your internal network, as you have. This wouls also mean that you will have created a back door into your network that bypasses any firewall that may be guarding the front door.

You may argue with me that as you are using a dial up link to your ISP via PPP, the attacker would be able to access your machine only when you are online. Well, yes that is true, however, not completely true. Yes, it does make access to your system when you reconnect, difficult, as you have a dynamic Internet Protocol Address. But, although this provides a faint hope of protection, routine scanning of the range of IP's in which your IP lies, will more often than not reveal your current Dynamic IP and the back door will provide access to your system.

*******************
HACKING TRUTH: Microsoft Says: War Dialer programs automatically scan for modems by trying every phone number within an exchange. If the modem can only be used for dial-out connections, a War Dialer won't discover it. However, PPP changes the equation, as it provides bidirectional transportmaking any connected system visible to scanners?and attackers.
*******************

So how do I protect myself from such Scans and unsolicitated attacks? Well, this is where Personal Firewalls come in. They just like their name suggests, protect you from unsolicitated connection probes, scans, attacks.

They listen to all ports for any connection requests received (from both legitimate and fake hosts) and sent (by applications like Browser, Email Client etc.) As soon as such an instance is recorded, it pops up a warning asking you what to do or whether to allow the connection to initiate or not. This warning message also contains the IP which is trying to initiate the connection and also the Port Number to which it is trying to connect i.e. the Port to which the packet was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability attacks etc. So basically it acts as a shield or a buffer which does not allow your system to communicate with the untrusted systems directly.

Most Personal Firewalls have extensive logging facilities which allows you to track down the attackers. Some popular firewalls are:

1.BlackICE Defender : An IDS for PC's. It's available at http://www.networkice.com.

2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at: www.zonelabs.com

Once you have installed a firewall on your system, you will often get a number of Warnings which might seem to be as if someone is trying to break into your system, however, they are actually bogus messages, which are caused by either your OS itself or due to the process called Allocation of Dynamic IP's. For a details description of these two, read on.

Many people complain that as soon as they dial into their ISP, their firewall says that such and such IP is probing Port X. What causes them?
Well, this is quite common. The cause is that somebody hung up just before you dialed in and your ISP assigned you the same IP address. You are now seeing the remains of communication with the previous person. This is most common when the person to which the IP was assigned earlier was using ICQ or chat programs, was connected to a Game Server or simply turned off his modem before his communication with remote servers was complete.

You might even get a message like: Such and Such IP is trying to initaite a Netbios Session on Port X. This again is extrememly common. The following is an explanation as to why it happens, which I picked up a couple of days ago: NetBIOS requests to UDP port 137 are the most common item you will see in your firewall reject logs. This comes about from a feature in Microsoft's Windows: when a program resolves an IP address into a name, it may send a NetBIOS query to IP address. This is part of the background radiation of the Internet, and is nothing to be concerned about.

What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs call the function 'gethostbyaddr()' with the desired address. This function will then do the appropriate lookup, and return the name. This function is part of the sockets API. The key thing to remember about gethostbyaddr() is that it is virtual. It doesn't specify how it resolves an address into a name. In practice, it will use all available mechanisms. If we look at UNIX, Windows, and Macintosh systems, we see the following techniques:

DNS in-addr.arpa PTR queries sent to the DNS server
NetBIOS NodeStatus queries sent to the IP address
lookups in the /etc/hosts file
AppleTalk over IP name query sent to the IP address
RPC query sent to the UNIX NIS server
NetBIOS lookup sent to the WINS server

Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In more excruciating detail, Microsoft has a generic system component called a naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can perform. Some RPC products will likewise register an NIS naming service. When a program requests to resolve an address, this address gets passed onto the generic naming service. Windows will try each registered name resolution subsystem sequentially until it gets an answer.

(Side note: User's sometimes complained that accessing Windows servers is slow. This is caused by installing unneeded protocol stacks that must timeout first before the real protocol stack is queried for the server name.).

The order in which it performs these resolution steps for IP addresses can be configured under the Windows registry key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider.

Breaking Through Firewalls

Although Firewalls are meant to provide your complete protection from Port Scan probes etc there are several holes existing in popular firewalls, waiting to be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10 to 2.0.26, which allows the attacker to port scan the target system (Although normally it should stop such scans.)

If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means, that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.

Exploit:
UDP Scan:
You can use NMap to port scan the host with the following command line:

nmap -g67 -P0 -p130-140 -sU 192.168.128.88

(Notice the -g67 which specifies source port).

TCP Scan:
You can use NMap to port scan the host with the following command line:

nmap -g67 -P0 -p130-140 -sS 192.168.128.88

(Notice the -g67 which specifies source port).

Port List Opened By Trojan Horse

2 Death
21 Blade Runner;Back Construction;Doly Trojan;Fore;FTP Bmail;
FTP Trojan;WebEx;Senna Spy FTP Server;Larva;MBT;Invisible FTP;WinCrash
23 Tiny Telnet Server;Truva Atl
25 Aji;Antigen;Email Password Sender;Gip;Kuang2;Magic Horse;
Moscow email;Terminator;Stealth
31 Master Paradise;Hackers Paradise;Agent31
41 Deep Throat
48 DRAT
79 Firehotcker
80 Back End;Executor;Hooker;Intruzzo;RingZero
99 Hidden Port
110 ProMail Trojan
113 Invisible Ident Deamon;Kazimas
121 BO jammerkillahV
123 Net Controller
146 Infector
456 Hackers Paradise
500 Socket23
531 Rasmin
555 Phase0;ini-killer;NetAdmin;Stealth Spy
606 Secret Service
666 Attack FTP;Back Construction;NokNok;Satanz Backdoor;ServeU;Cain&Abel
667 SniperNet
777 Aim Spy;Legio
789 iCkiller
808 WinHole
911 Dark Shadow
999 Deep Throat;WinSatan
1000 Der Spaeher 3
1001 Der Spaeher 3;Silencer;Le Guardien;WebEx
1010 Doly trojan v1.30 y v1.35
1011 Doly trojan 1.1 y 1.2
1012 Doly Trojan
1015 Doly trojan v1.5
1016 Doly trojan
1020 Vampire
1024 NetSpy
1025 Ptakks;Optix
1033 NetSpy
1042 Bla 1.1
1044 Ptakks
1045 Raspin
1080 Wingate (RAT);WinHole
1081 WinHole
1082 WinHole
1083 WinHole
1090 Xtreme
1170 Streaming Audio Trojan
1207 SoftWar
1208 Infector
1212 Kaos
1218 Sazo
1225 Scarab
1234 Ultors trojan
1243 Sub7;Sub7 apocalypse;Tiles;Backdoor-G
1245 Vodoo Doll
1255 Scarab
1269 Maverick`s Matrix
1313 NETrojan
1492 FTP99 CMP
1509 Psyber Streaming Server
1524 Trinoo
1600 Shiva Burka
1777 Scarab
1807 Spy Sender
1850 Black Angel
1966 Fake TFP
1981 Shock Rave
1999 Backdoor;Transcout v1.1 y v1.2
2000 Der Spaeher 3;Insane Network;Transcout
2001 Der Spaeher 3;Trojan Cow;Transcout
2002 Transcout
2003 Transcout
2004 Transcout
2005 Transcout
2023 Pass Ripper
2080 WinHole
2140 The Invasor;Deep Throat
2283 HVL Rat5
2300 Xplorer
2565 Striker
2583 Wincrash2
2600 Digital RootBeer
2773 Sub7
2801 Phineas Phucker
3024 WinCrash
3128 RingZero
3129 Master´s Paradise
3150 Deep Throat;The Invasor
3410 Optix
3456 Teror Trojan
3700 Portal of Doom
3791 Total Eclypse 1.0
3801 Eclypse
4000 SkyDance
4092 WinCrash
4128 RCServ
4242 Virtual hacking Machine
4321 BoBo
4444 Prosiak;Swift remote
4567 File Nail
4590 ICQ Trojan;ICQ Trojen
5000 Socket23;Bubbel;Back door Setup
5001 Socket23;Back door Setup
5010 Solo
5011 OOTLT y OOTLT Cart
5031 NetMetro 1.0;NetMetropolitan 1.04
5032 NetMetropolitan 1.04
5135 FTP Bmail
5321 Firehotcker
5400 Back Construction 1.2;Blade Runner
5401 Blade Runner
5402 Blade Runner
5512 Illusion Mailer
5550 Xtcp
5555 ServeMe
5556 BO facil
5557 BO facil
5569 RoboHack
5637 PC crasher
5638 PC crasher
5695 Assasin
5742 Wincrash
5888 Y3K RAT
6000 The Thing 1.6
6272 Secret Service
6400 The Thing
6667 Net-Devil 1.0
6668 Net-Devil 1.0
6669 Net Devil 1.0;Vampire
6670 Deep Throat 1,2,3.x
6711 Sub7
6712 Sub7;Funny trojan
6713 Sub7
6771 Deep Throat
6776 Sub7;Backdoor-G
6883 Delta Source
6912 Shitheep
6939 Indoctrination
6969 Gatecrasher;IRC3;NetController;Priotrity
6970 Gate Crasher
7000 Remote Grab;Kazimas;Sub7
7215 Sub7
7300 Kuang2 the Virus;Net Monitor
7301 Net Monitor
7306 Net Monitor
7307 Net Monitor
7308 Net Monitor
7789 ICQKiller
8012 Ptakks
8080 RingZero
8787 Back Orifice 2000
8897 HackOrifice
9000 Netministrator
9400 InCommand 1.0
9580 Theef
9872 Portal of Doom
9873 Portal of Doom
9874 Portal of Doom
9875 Portal of Doom
9989 InlKiller;iNi-Killer
9999 The Player
10067 Portal of Doom
10085 Syphillis
10086 Syphillis
10167 Portal of Doom
10607 Coma
10666 Ambush
11000 Senna Spy Trojan
11050 Host Control
11051 Host Control
11223 Progenic Trojan
11831 Latinus
12076 Gjamer
12223 Hack´99 1.x Key Logger
12345 NetBus;GabanBus;Ultor´s Telnet Trojan
12346 NetBus 1.x (NetBuster)
12348 BioNet
12349 BioNet
12361 Whack-a-mole
12362 Whack-a-mole
12456 NetBus
12624 Buttman
12701 Eclipse 2000
13000 Senna Spy
13010 Hacker Brazil
14000 Infector
14194 CyberSpy
15092 Host Control
16660 Stacheldracht
16772 ICQ Revenge
16969 Priotrity
17300 Kuang2 the Virus
17569 Infector
19864 ICQ Revenge
20000 Millenium
20001 Millenium
20002 AcidkoR
20034 NetBus Pro;NetRex;Whack Job
20203 Chupacabra;Logged!
20331 Bla
20432 Shaft
21554 GirlFriend;Kidterror;WinSp00fer;Schwindler 1.82
22222 Prosiak 0.47
22784 Intruzzo
23432 Asylum
23456 Ugly FTP;WhackJob;Evil FTP
23476 Donald Dick
24000 Infector
27374 Sub7 v2.1
27573 Sub7
27665 Trinoo
29104 Host Control
29559 Latinus
29891 The Unexplained
30000 Infector
30001 Terr0r32
30029 AOL Trojan 1.1
30100 NetSphere
30101 NetSphere
30102 NetSphere
30133 NetSphere
30303 Socket23
30947 Intruse
30999 Kuang
31337 Back Oriffice;Baron Night;BackFire;DeepBO;NetPatch
31338 NetSpy DK;ButtFunnel;Back Orifice;Deep BO
31339 Net Spy DK
31415 Lithium
31416 Lithium
31666 BOWhack
31745 Buschtrommel
31785 Hack´attack
31787 Hack´attack
31789 Hack´attack
31791 Hack´attack
32100 Peanut Brittle;Project nEXT
32418 Acid Battery
33333 Prosiak
33577 PsychWard
33777 PsychWard
33911 Trojan Spirit 2001a
34324 Big Gluck, aka TN;Tiny Telnet Server
35000 Infector
40412 The Spy
40421 Master Paradise;Agent 40421
40422 Master Paradise
40423 Master Paradise
40425 Master Paradise
44444 Prosiak
50000 Infector
50505 Socket23
50766 Fore; Schwindler
51996 Cafeini
52317 Acid Battery 2000
53001 Remote Windows Shutdown
54283 Sub7
54320 Back Orifice;Back Orifice 2000
54321 Schoolbus 1.6;Schoolbus 2.0;Back Orifice 2000
57341 NetRaider
58339 ButtFunnel
60000 Deep Throat
61348 Bunker-Hill
61466 Telecommando
61603 Bunker-Hill
63485 Bunker-Hill
65000 Devil 1.03;Stacheldracht
65123 Shit Heep
65432 The Traitor
65535 RC

Wednesday, June 18, 2008

Control User Logins by Hacking the Registry

Make better use of the XP login screen.

If there is more than one user account on your system, or if you've set up XP to require logins, you'll have to log in to XP before you can begin to use it. But you needn't stay with the default XP login rules; you can use a single Registry key to customize how you log in. For example, you can display custom text before login, and you can remind anyone with an account on the PC to change their password a certain number of days prior to the password's expiration.

To control logon options, run the Registry Editor and go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon subkey, which contains a variety of logon settings (as well as some settings not having to do directly with logons). Following are the most important values you can edit to customize logons.

DontDisplayLastUserName
This setting lets you control how the system logon dialog box is used. If this String value is present and set to 1, all users will have to enter both their username and password in order to log on. If the value is 0, the name of the last user to log on will be displayed in the system logon dialog box.

DefaultUserName
This String value contains the name of the last user who logged on. It will be displayed only if the DontDisplayLastUserName value is not present or is set to 0.

LegalNoticeCaption

This String value, used in concert with LegalNoticeCaption, contains the text that you want to be displayed inside a dialog box displayed prior to logon.

PasswordExpiryWarning
This DWORD value lets you display a warning message to users a certain number of days before their passwords are set to expire. It lets you determine how many days ahead of time the warning should be issued. To edit the value, click on the decimal button and enter the number of days.

ShutdownWithoutLogon
This String value enables or disables a button on the XP logon dialog box that lets the system be shutdown. A value of 1 enables the button (so that it is shown); a value of 0 disables the button (so that it is not shown).

Shell
This String value really doesn't have to do with logons, but it's one you should know about. It determines the shell—the user interface—that will be used by XP. The default is Explorer.exe, but it can be another shell as well—for example, the Program Manager from older Windows versions. Type in the name of the program—for example, Progman.exe for Program Manager, or Taskman.exe for the Task Manager.

AutoRestartShell
This DWORD value doesn't have to do with logons either, but it's another good one to know. It sets whether to automatically restart the Windows shell if the shell crashes. A value of 1 automatically restarts the shell. A value of 0 tells XP not to restart the shell, forcing you to log off and then back on again to restart it.

Now that the Startup and Shutdown are under control

Panduan Merawat Komputer

Langkah I: Kenali sistem Anda
Langkah pencegahan pertama yang perlu Anda lakukan adalah membuat inventori sistem komputer. Informasi tersebut diperlukan saat Anda hendak memperbaiki atau menyervis komputer.

Mulailah dengan mencatat nomor seri dan nomor model. Catatan ini berguna bagi manufaktur untuk menentukan jenis komponen yang ada dalam sistem Anda. Bila Anda telah menambahkan suatu komponen, sebutkan model dan nomor versinya.

Anda juga mesti mengenal konfigurasi sistem secara detail. Pada komputer-komputer berbasis Windows, hal ini berarti mengopi dan mencetak beberapa file sistem penting yang akan berguna ketika timbul masalah dan Anda memerlukan bantuan seorang teknisi.

Cara yang paling sederhana untuk mengamankan file konfigurasi sistem adalah dengan menjalankan program Sysedit. Kalau memakai Windows 95, jalankan Windows Explorer dan kliklah subdirektori System pada direktori Windows di dalam hard disk. Klik dua kali file Sysedit, maka akan muncul semua file sistem -- mulai dari AUTOEXEC.BAT sampai SYSTEM.INI -- di jendela Wordpad. Semua itu bisa Anda simpan dalam disket atau dicetak. Jika menggunakan Windows 3.1, temukan ikon Sysedit dalam grup Main.

Anda pun bisa melakukan dengan cara lain, memakai peranti lunak baru yang tak hanya melaporkan konfigurasi sistem, melainkan juga secara otomatis mengatasi beberapa konflik konfigurasi.

Seandainya menggunakan Macintosh, Anda tak perlu mengopi file sistem, tapi cukup membuat daftar semua file INIT dan CDEV -- biasa disebut sebagai system extensions -- yang berisi program pembuka (start-up).

Konflik-konflik yang terjadi di antara file-file tersebut merupakan sumber malapetaka yang biasa terjadi pada mesin-mesin Mac.

Anda bisa melihat daftar file tadi dengan Extensions Manager Control Panel, yang juga bisa Anda gunakan untuk menghilangkan satu atau lebih extension, sehingga lewat proses eliminasi tadi, Anda dapat mengidentifikasi file mana yang mengakibatkan masalah. Hanya saja, Extensions Manager tak memungkinkan Anda untuk mencetak daftar itu. Bila diinginkan, Anda bisa mencetak seluruh layar (print screen).

Utiliti yang direkomendasikan untuk inventori sistem a.l.: Sysedit (aksesori Windows 3.1 dan Windows 95), Norton Utilities (Mac AUS$179, Windows 95 AUS$129).

Langkah II: Buat disket 'boot' darurat
Kalau komputer mengalami masalah sehingga Anda tak bisa mengakses hard disk, Anda mesti menggunakan cara lain agar bisa mem-boot sistem. Gunakan disket boot darurat.

Mesin-mesin Macintosh biasanya sudah dilengkapi dengan bootable CD-ROM dan bootable disket, seperti halnya Norton Utilities untuk Macintosh -- sesuatu yang harus dimiliki pengguna Mac. Untuk PC berbasis Windows, Anda harus membuat sendiri disket boot itu, menggunakan Add/Remove Programs di control panel.

Pilih Startup Disk tab, dan lalui seluruh proses yang berjalan di bawah Windows 3.1 ini, Anda harus membuat disket sendiri. Keluarlah ke DOS prompt dan ikuti perintah di bawah ini. Siapkan satu disket kosong saat Anda menjalankan perintah (jangan lupa untuk memberi nama label), lalu ketik: - Format /S A: - Copy C:\AUTOEXEC.BAT A: - Copy C:\CONFIG.SYS A: - Copy C:\WINDOWS\SYSTEM.INI A: - Copy C:\WINDOWS\WIN.INI A: Langkah III: Setel 'hard disk' secara teratur
Karena merupakan tempat penyimpan aplikasi, dan yang lebih penting, file data yang Anda buat dengan aplikasi tadi, hard disk membutuhkan perhatian khusus agar dapat tetap bekerja optimal. Setiap hari Anda membuat file baru, menghapus yang tak dibutuhkan lagi, dan meng-update file-file yang ada.

Karena cara Windows dan Mac OS menyediakan tempat untuk file, hard disk dapat terpecah-pecah (fragmented). File ditempatkan dalam ruang-ruang kecil di seluruh hard disk, karena tak ada tempat yang cukup besar untuk menyimpannya. Hard disk yang telah ter-fragmented akan membuat akses menjadi lambat dan membuatnya sulit diperbaiki jika terjadi kesalahan (error).

Untuk menyatukan kembali (defragment) hard disk berbasis Windows 95, gunakan program Disk Defragmenter di dalam Programs/Accessories/System Tools. Pada Mac, gunakan program bantu semacam Speed Disk yang ada pada Norton Utilities khusus Mac. Anda mesti men-defrag hard disk tiap enam bulan sekali. Anda juga harus men-defrag-nya setiap kali membuat atau menghapus sejumlah besar file dalam satu jangka waktu pendek.

Kadang-kadang areal penyimpan yang disebut "sektor" (sector) rusak (bad). Suatu utiliti yang disebut disk scanner dapat mendeteksi kerusakan yang digolongkan berat (hard) dan membuatkan semacam "pelindung" sektor sehingga sistem operasi yang berjalan tak menggunakannya untuk menyimpan file. Sebaliknya, disk scanner hanya akan mendeteksi adanya kerusakan ringan (soft jika kehilangan jejak satu atau beberapa file.

ScanDisk (dapat ditemukan dalam tool Program/Accessories/System) merupakan disk scanner yang sudah terpasang dalam Windows 95 dan dapat mendeteksi kesalahan (error) baik yang berat (hard) maupun gampang (soft).

Pada Mac, Anda bisa menggunakan program Disk First Aid yang biasa ada pada Disk Doctor Utility di dalam Norton Utilities untuk Macintosh.

Seyogyanya Anda menjalankan hard disk scan tersebut setidaknya tiap bulan. Jika komputer Anda mengalami masalah (crash atau hang) dan tiba-tiba mati tanpa melalui prosedur yang seharusnya, jalankan segera disk scan begitu reboot.

Langkah IV: Menyimpan dengan perencanaan
Anda punya segudang alasan mengapa mesti mengatur simpanan file di dalam hard disk. Pertama, itu memudahkan proses "cuci gudang" -- penghapusan file-file yang sudah tak berguna lagi. Kedua, menyimpan data secara teratur dan terkategori sesuai folder masing-masing akan mengurangi risiko Anda menghapus program atau data penting. Dan yang lebih penting, hard drive yang tertata baik lebih mudah dan lebih cepat di-back-up.

Buatlah folder bagi tiap program dan isilah hanya dengan data yang sesuai. Atau, buatlah folder untuk setiap anggota keluarga. Dengan memberinya nama file dan folder akan membantu Anda untuk mengingatnya -- bahkan jika suatu saat Anda telah lupa mengapa membuatnya -- dan menghapus data yang sudah tak dipakai.

Langkah V: Buatlah 'back up' data
Membuat back up juga berarti mengopi, sehingga jika suatu saat data aslinya rusak atau hilang, Anda masih bisa memakai duplikatnya. Anda dapat mem-back up hard disk ke dalam disket atau hard drive tambahan (removable).

Seberapa sering Anda perlu membuat back up tergantung pada sepenting apa waktu Anda. Kalau Anda sedang mengerjakan file-file penting, simpanlah ke dalam disket dan hard disk. Jika Anda menjalankan bisnis rumah tangga, Anda mesti menginvestasikan tape back up drive dan lakukan back up setiap hari.

Back up-lah data ke dalam folder data seminggu sekali dan buatlah secara lengkap enam bulan sekali.

Langkah VI: Jauhkan virus
Serangan virus selalu mengintip setiap saat, terutama bila Anda sering bermain Internet. Untuk mencegah menularnya virus, gunakan program-program antivirus yang banyak beredar. Lakukan pemeriksaan virus sesering mungkin guna mencegah meluasnya infeksi.

Langkah VII: Jangan ubah program
Sekali Anda memasukkan satu program ke dalam sistem Windows, jangan ubah nama (rename) direktori programnya atau memindahkan file-nya ke tempat lain. Kalau tidak, komputer Anda akan kehilangan jejak untuk menelusurinya.

Anda dapat menempatkan data -- yang Anda buat dengan aplikasi -- di mana saja. Jika Anda harus mengubah tempat suatu aplikasi, gunakah Add/Remove Programs di Control Panel Windows 95.

Langkah VIII: Jaga kebersihan komputer

Debu dapat merusak komponen di dalam komputer. Bersihkan selalu komputer setiap saat. Bila perlu, gunakan tutup pelindung bila sedang tak digunakan.

Langkah IX: Matikan komputer sesuai prosedur

Windows 95, Windows 3.1 dan Mac OS menyediakan metode standar untuk mematikan komputer: disebut shut down menu. Gunakan metode tersebut untuk menghindarkan komputer dari konflik listrik.

Wednesday, June 4, 2008

How To Install Program in Backtrack

Backtrack base is Slackware's

Slackware packaging system uses ordinary compressed tar files. The system allows you to keep track of the packages you install, making it easy to upgrade or remove them down the road.

Slackware provides an interactive program for managing your packages. You can use pkgtool to handle adding and removing packages from your system.

You can also use these command line utilities to work with packages. Below is a brief overview of the commands, however, you should always consult the man pages before using them.

installpkg

By typing installpkg [packagename].tgz you can install packages on your system. There are a few command line options as well:

-warn Generates a report of what would happen if you installed the package and sends the report to standard out.
-m Make the contents of the current directory and subdirectories into a package with the name you specify.
-r Install the contents of the current directory and subdirectories as a package with the name you specify.

Example : bt#~ installpkg openoffice.org-2.2.1-i586-1kjz.tgz

Wait for second...... and now cant use the open office on backtrack

the command : bt#~ openoffice

Download Open office here


removepkg

In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename. There are a few command line options that you can specify:

-warn Generates a report of what would happen if you removed the package and sends the report to standard out. It does not remove the package.
-preserve This option will reconstruct the package subtree under /tmp/preserved_packages/packagename, where packagename is the name is you specify.
-copy Construct a copy of the package under /tmp/preserved_packages/packagename, but do not remove it (same effect as -warn -preserve).
-keep Save the temporary files created by removepkg. Useful for debugging purposes.


upgradepkg

Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:

upgradepkg oldpackagename%newpackagename

Do not add any extra whitespace between pairs of old/new package names.


makepkg

Creates a new Slackware compatible package. The program uses the contents of the current directory to create the package. Be sure to take a look at the manpage for makepkg for information about the embedded scripts that you can put in a Slackware package.


explodepkg

Extracts the contents of a Slackware compatible package to the current directory. It does not execute the embedded scripts in the package. This utility is most useful for maintenance purposes (exploding a package, updating it, then rebuilding with makepkg).


rpm2targz

Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:

rpm2targz [filename].rpm

NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).

 

Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

 
Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Powered by TadPole
FOG FLAMES