Search This Blog

Friday, October 18, 2013

Install Chrome Offline


Ever had a problem trying to install Chrome on a new PC which does not have Internet set up yet? Or trapped in a client site with limited access?

The first question most people asked is : Is there even such a thing as a Offline Installer for Chrome.
Well, apparantly there is:
https://support.google.com/installer/answer/126299?hl=en

You will need to choose the one which suits you. I think the main differences is where Chrome is installed. So for most users, you would want to choose to install only for yourself, while Integrators will want to install for everyone using that PC or laptop.

Grab your Offline Chrome today!

Friday, July 19, 2013

VMWare Failed to lock the file...


Although I had switched to Virtual Box for a while, I still have no choice but to open up some older VMs in VMWare to migrate or retrieve information from them. One such VM gave a similar error as above and in fact, it is not even a persistence VM. The very thought that I have to rebuild this VM strike horror in my heart, but luckily the good news is that I did not need to do that to resolve this issue.

It turns out that this usually happens after you had not power up the VM for a while and over a few version of VMWare upgrade. Somehow the lock file just get corrupted. Go into your VM Machine's directory and you will see some directories with *lck* and maybe 1 or 2 tiny files inside. Well those are are source of the issues.

Simply delete all those directories with the tiny files with the lck extension or keyword in them. That fixed my problem and the VM is back booting up happily. If you want to be safe, you can always make a copy of the VM or a copy of those directories before you go ahead with the deletion.

It is a simple problem, but VMWare seems to make it into such a big issue that your VM no longer starts. But luckily the fix is just as simple.

Wednesday, July 17, 2013

Windows Update Unlocked and Manual Trigger


Ever seen this before? Well, this is an old version of Windows, but it would look somewhat similar when you have policies that preset and prevents you from doing a Windows Update. Usually there is nothing you can do about it and hope that you will eventually get the patch, thanks to your company, but if you are the owner of this machine and has admin rights, then read on.

Usually this is caused by GPO or similar policies preventing you from updating. Or you are not in the administrator group. To solve the GPO, you will need to fire up regedit.


  1. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU. 
  2. Delete the keys AUOptions and NoAutoUpdate.
  3. Go to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate.
  4. Delete the key DisableWindowsUpdateAccess.
Alternatively, you can also use the Group Policy Editor. 
  1. Fire up GP Editor by running "gpedit.msc" in command prompt.
  2. Go to Computer Configuration\Administrative Templates\Windows Components\Windows Update.
  3. Set "Configure Automatic Updates" to "Not Configured".
  4. Got to User Configuration\Administrative Templates\Windows Components\Windows Update.
  5. Set "Remove Access" to All  and "Windows Update features" to Not Configured.
On server, you may be able to run "gpupdate /force" to restart the policies, but a reboot is one sure way to get it done.

Next, we sometimes wants to fire up Windows Update and do a on demand update. But in a company wide deployment, often you will get a no access page at Microsoft because the Windows Update Server is set to local. So, here is the way to get it done, via script of in command prompt.

You can skip this steps sometimes, but I find that the sure way to trigger the update is sometimes to shutdown and restart the Windows Update Service like this:

net stop wuauserv
net start wuauserv

After this, you can start the actual trigger to Windows Update:

wuauclt /detectnow

This should make the yellow shield at the tray pops up. You may want to see a update status by:

wuauclt /r /ReportNow

This will communicate with the update server and takes a few minutes. 

And when something does crap out, there is always a very detail log in %systemroot%/WindowsUpdate.log. You will find all your problems inside be it wrong server, connection timeout etc.

Now, the above can definitely be put into a script to be run by schedule and you have your own "Automatic Update" so to speak. Have fun updating Windows (and other Microsoft Products)




Friday, July 12, 2013

Patch Tuesday July 2013


Usually I do not talk much about Patch Tuesday from Microsoft, but this time round, it totals to about 30 or so updates on most system with Windows and Office. I think that is would the mention. Not only that, there are 6 rated CRITICAL and many which does not have full details on what and how it is exploited as Microsoft got the vulnerability in private. Doesn't that worry you? It should. For all you know some of these vulnerabilities had already been used in the wild, so I suggest you roll in these patches as soon as possible. (How about NOW??)

So, what are fixed in this round? Here is a summary of it:

  • Kernel driver bug due to TTF (yes, I know your WTF look, why would a TTF font be injected into kernel...?) This allow escalation and there is full source code available.
  • Several .Net Framework and Silver patches 
  • Vulnerability in GDI+. Seriously, I think they will never get this fix since it comes back every time.
  • IE. For once, IE 10 is badly hit. Usually most vulnerability would not affect IE 10 (on Win8 especially). Well, this is really the patch you need to install ASAP since IE will be your first point of contact.
  • Directshow with GIF files. Makes you think how a simple file format thing like PDF, PNG (oh yes, last month we just had one), DOCX or sort. It does seems to have a trend of attacking file formats nowadays.
  • Windows Media Format. WMF. There we have it, just to prove my previous point.
  • Windows Defender. It's a path transversal. Well, even the big giants has faults sometimes. But the scary part is Microsoft does patch it... Do you see other AV vendors patching their main program much (I know you get updates, but those are AV signatures, they are different things)?
And other patches involving SD card removal, new camera models, language pack and fonts. 

So, you can see its going to be a busy busy week. And whoever is using those exploits will probably be sweating or trying their last strike to make good use of it before you patch your computer. 

Friday, June 28, 2013

DVDFab and BD-RE

I had just recently gotten a Blu-ray write finally. Now, say goodbye to my DVD writable, or so I thought. While Data and other files has absolutely no problem with a BD-R or BD-RE (Yes, I do not know why, but they decided BD-RW doesn't sound good), it becomes a complication when it comes to the media like music and movies.

Lets leave the AudioCD part out of these, since its still in the legacy CD format. Take a look at DVD. I had always used DVDFab to "squeeze" DVD9 into DVD5 and it works like a charm. Lose some sound quality, but the video is usually 100% well kept. (Yes, don't we all hate the FBI notice delay and ads and to be honest, I think DVDFab should sell this as their prime point. Not sure if the FBIs are so happy about it though.

OK, this is where I am finally going to talk about why we can't do without DVDFab for Blu-ray. I had check out many (Yes, about 10 or so) who claim they can squeeze a Blu-ray without (much) loses. WEll, before that, let me stress that most Blu-ray out there simply are dual layers. Well, not that you get great quality or something, there are usually about 29GB (Single layer only houses 25GB) and I can't help thinking, they had done it on purpose so that people cannot copy it 1-1. And for me. BACKUP is a must. Especially when you own a Blu-ray, you would share with friends (and god knows, maybe even their dogs) all over. I do not want to have to pay almost USD40 and then, well own a very expensive coaster. So I insist on backing up my Blu-ray.

Well, why not buy a BD-RE DL? Yes, why not? It's just about 8X the price of the single layer! This is where DVDFab comes in. In most of my "test" (I own the Blu-ray by the way!), most of the "Extra" bytes comes from the previews or additional language tracks. And in Blu-ray, audio track is crazily large, especially when they are in 7.1 Digital or something. It's crazy! And I don't really care about the Russian language, for example. So these goes and all done nicely by DVDFab. In fact, I do not really even need to give up on quality on most of the movies. So its like 1080p, without some audio and definitely without FBI warnings and previews (by the time I watch these preview, the show is probably out anyway). And all this via DVDFab.


The current DVDFab comes with 2 major version, version 9 comes with the newer interface, but I prefer the old interface more like the above. There is a trial version which you can try for 30 days and decide for yourself if you want to buy it.

Check it out at:

Last, but not least, DVDFab does not require AnyDVD or other decrypter to decrypt the content of the DVD or Blu-ray! So, that's a bonus!

Well, I do not work for DVDFab in case you are wondering and there is no referral bonus or anything from my link. 

Sunday, April 28, 2013

SDXC exFat Problem

After you had finally gotten your very first 64GB SD card, you will eventually hit this problem sooner or later. Yes, everyone, unless you are the type who is not concern that your tablet just doesn't work with your card or simple could stand how slow the card is somehow.

The major problem with exFat is that its a more Windows format and it's teh default format for formatting SDXC card anyway, even from the official SDCard.org:

https://www.sdcard.org/downloads/formatter_4/

But most tablets are Android based and as such more towards *nix and somehow exFat just doesn't play well there.The problem will start anytime from not detecting the SDCard at all to very slow performance especially when many files are involved. In some extreme case, its even because there are 2 partition created and it start to seriously confuse the OS. Just search "SDXC exFat Problem" and you will know what I mean.

I know its probably not right, but I recommend to keep your 64GB SDXC on Fat32. And Microsoft definitely does not agree with me because they had disable such a feature on their default format utility. You can only format it to exFat or NTFS, which neither works well on Android. But of course there is a easier way here:

http://www.ridgecrop.demon.co.uk/index.htm?fat32format.htm

Make sure you read through and decide on whether you want to use the DOS utility or the GUI one. Just format it to Fat32 and suddenly many of your problem is gone.

Remove the Hidden Partition


Don't you always hate it when your laptop or PC comes with a recovery partition which you may not actually need anymore because you had upgrade your OS or not? Well, you will also find that inside Windows (normally) you will not be able to remove this partition safely. Well, the worry is over because under the administrator command prompt there is a way to do so.


  1. Open a command prompt as administrator.
  2. Run Diskpart application by typing Diskpart in the command prompt.
  3. In the “Diskpart” prompt, enter rescan command and press Enter key to re-scan all partitions, volumes and drives available.
  4. Then type in list disk and press Enter key to show all hard disk drive available.
  5. Select the disk that contains the partition you want to remove. Normally, with just 1 hard disk, it will be disk 0. So the command will be:
    select disk 0
    Finish by Enter key.
  6. Type list partition and press Enter key to show all available and created partition in the disk selected.
  7. Select the partition that wanted to be deleted by using the following command, followed by Enter key:
    select partition x
    where x is the number of the EISA based recovery partition to be removed and unlocked its space. Be careful with the number of this partition, as wrong number may get data wipes off.
  8. Finally, type in delete partition override and press Enter key.
Once the partition has been deleted, exit from Diskpart, and now users can use the much familiar and much easier Disk Management tool in Windows (diskmgmt.msc) to manipulate the freed unallocated partition. Users can create a new volume (partition) with this space, or simply merge it to existing partition by extending the size of the existing partition.

Monday, March 25, 2013

Evernote v4.6.4 Upgrade Issues

Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere. Use Evernote to jot notes, create to-do lists, clip entire Web pages, manage passwords, and record audio. Everything added to Evernote is automatically synchronized across platforms and devices and made searchable. Evernote will even recognize printed or handwritten text in photos and images.


Due to a recent bleached, all users are advised to change password and upgrade to the latest version, but however to some specific users of v4.6.3 (maybe more, but I won't know first hand), the upgrade process seems to failed in every way possible giving MSI error codes.

I tried upgrade inside the application or even downloading the standalone version, but no success. In the end, I figured that they probably omitted a certain version in the upgrade path, so I uninstall v4.6.3 completely. And I reinstalled. And it works!

Well, I guess this is a typical example of a upgrade management issues in software, but at least it didn't need a formatting or Windows Refresh to save the day. If you are having problem with Evernote, try this and hopefully you will still be a happy user of Evernote like me.

Tuesday, March 19, 2013

Adobe Photoshop Flickers in Windows 8

Did you encounter flickering or basically image not staying put inside Adobe Photoshop CS6? Well, I guess that's the reason you are here in the first place. But fundamentally, the problem neither lies with Adobe nor Microsoft. I can bet you are almost 100% using a AMD graphics card!

Basically its the AMD graphics driver for now. As of today, its still not fixed and to temporary fix this, Adobe actually recommend to disable graphics acceleration inside Adobe Photoshop for now.


Change the GPU Drawing Mode to Basic:
  1. In Photoshop, choose Edit > Preferences > Performance.
  2. Select Advanced Settings.
  3. Choose Basic from the Drawing Mode pop-up menu.
  4. Click OK to close the dialog boxes.


While its not the best way to do it, I guess everyone will have to live with it until AMD fixes this or get a Nvidia card to replace it.


Who Reset My Password

Today I am going to talk about yet another simple and effective hack. This time, we are going to go into the scenario of grabbing password from forums, portals etc. Imagine this scenario. You are user A and you want to get into user B's account. We can safely assume that User B's email is inaccessible, otherwise, we all know we do not have a problem then.

Suppose as A, I decide I wanted to go reset my password instead. More often than not, it will be sent to A's email address, a link that enable user A to reset my password. In other times, they may even allow other means as well such as mobile phone or messenger, but the concept is still pretty much the same, except it just complicate the trace hiding part sometimes.

Now, after A check the email and a link will appear. If the link is embedded in HTML, uncode it and look for something like this:


uid=12314800&uname=xxxxxxxx&mail=yyyyyyyy


Now. isn't that cute. But what we are interested is the UID most of the time. And I don't need to point finger at what sort of program usually have this type of parameters. Now comes the interesting part. I have a link for A to reset A's password, but what if I CAN reset B's password instead? OK, this is where the complication may or may not help. Basically what you are interested is to obtain B's UID. To my surprise, it's something more easy than you think. Some portal, you will even be able to get that from the "reset password" page, while others, its just a matter of keying in the password incorrectly once on the login page.

Now, lets UID replace. Note that if the site uses some sort of hash check on the URL, this is probably not going to work. But then again the hash is usually going to be a combination of the parameters plus some unique identifier, with some luck, you might even be able to break the hash. In one case I encounter, the hash is basically the whole URL excluding the hash=ZZZZ parameter right at the end.

Assuming its not, replace B's uid with A's uid and you are sent to the password reset page. Go ahead and don't be shy about it. After which, go back to the login page and log into B's account successfully. And B may or may not even know the password had been changed.

You may laugh and think the hack is silly. 10 sites I saw and 10 I entered within last 3 days is not so laughable. If you maintain a portal, I think you should re-look at your password reset workflow seriously.




Monday, March 18, 2013

Adobe Flash Player Download Woe

At version 11.6 now, still full of bugs, yet Adobe Flash player is still plagued with a fundamental fatal error in their update. People all over are still getting the XX % failed to download and to make it worse, Adobe fail to check if the update was even successful at all before deleting the install. In short, when you need to retry, you can't just retry. You will need to download the installer again. Well, of course you can make a copy of it, but if the download problem doesn't get solve, you will still be stucked.

To make things worse, Flash is plagued with critical vulnerability and perhaps one of the biggest issue is that user is not able to update their player thus helping in the exposure of the threat. While Adobe may not see this in this light, it is definitely something I feel they should fix since it had been there since a long time ago.

The most direct solution is to download directly from the source, but instead the full installation package instead of the minimum internet download installer.

Download the full package from:
http://www.adobe.com/products/flashplayer/distribution3.html

OR simply stop using Flash altogether.

Wednesday, March 13, 2013

Windows 8 BSOD DPC WATCHDOG VILOLATION

One fine day at work, one fine Windows 8 which was shutdown properly last night, but it did not boot up like it always had in the morning. Instead, what greeted me was a BSOD, well the new BSOD anyway saying something about a "DPC_WATCHDOG Violation". Now, isn't that puzzling. First, its about a watchdog, which I obviously did not bought one and then there was a violation. Did a bad dog run into Windows 8?

After some 30 minutes of read up (using another OS on another partition), I finally found the root of the problem. Well, at least for most other users. It comes down to 3 software.


  1. AVG Antivirus or similar suites
  2. Kaspersky Antivirus or similar suites
  3. ATI Radeon Catalyst 

Well , there are not in order, but for me, I had AVG. And luckily I had this OS (Windows 7) on another partition and simply out of my mind, I rename c:\program files (x86)\AVG to AVG1 and restarted Windows 8.

TADA. OMG, it was really AVG! I had seen success stories from other users for KAV, KIS as well. Seems like these AV companies tried to compete on who gets their product Windows 8 compatible and they made some pretty fatal mistakes along the way. For ATI, it may be a bit more involved to skip start it, but since I did not encounter that I would let other users who had to tell their stories.

Guess, what is the first thing I did after I recovered my Windows 8?
UNINSTALL AVG 2013!

From that day onwards, AVG and Kaspersky is banned from all my Windows 8 machines.

Monday, March 04, 2013

My Letter to my Hacker

A while ago, I found a readme.txt sitting right on top of my D**-NET Honeypot and this was the beginning of a whole turn of event that is, let's say, funny at the very least. I opened the readme.txt in a text editor and this is what I saw:

FUCKING PIG
Don't you have anything else beside than porn on your PC?
For the past 2 month all the fuck shit you have given me is nothing but porn!
600GB of fucking porn you shit head.
You did not even download The Avengers 2012 1080p BRrip X264 2 2GB YIFY even though you search it! All you did was downloaded another fuck show!
Fuck! Are you a seller in the night market or what?
And you had even given me the fuck shit trojan you gotten from the porn site!
I am so fucking pissed that I want to fucking delete all your donwloaded porn for you now!
Eat shit and die you pig!

Some part of the swearing I did not appreciated and obvious I deleted it here. Well, angry? Actually not... I had him / her monitored for the past 2 months and I guess since he had left me a note, I should be a polite guest and write him one. but he / she was actually so frustrated that he / she actually delete my files and removed the RAT from the honeypot.

Well, lucky Whisperer 4 was on the Honeynet and it got his / her email when he / she updated the RAT config via email SMTP. That's why you should NEVER use unencrypted SMTP. :P So naturally, I send he / her an email, POLITELY.

Thanks for staying on my PC for the past 2 months.
Firstly I must thank you for being a nice hacker by uploading your RAT msi with both your client and server inside. It was a well written piece of code, but I am pretty sure you did not wrote that anyway.
Secondly, I thank you for actually screening through those files on D: and confirmed that they were ALL porn. I did not really have a look through all of them myself.
In order to evade me, you must had packed your files several times when you perform a remote upgrade, but that was why my AV had flagged you on the second week you were in on XX XX 2012. I had to even put in an exception rule in my AV for your RAT, but I guess you did not found out.
Your random changing of ports was good, perhaps a function build in to your RAT, but it gave me lots of trouble to put in firewall rules so that your RAT can connect properly outside.
You other tools wasn't impressive but I guess its your fault for not testing it against a W2K8 server.
I guess you should at least had thank me for the 600GB of porn which you so patiently downloaded. I thought you would had realized by the first 50GB or so...
Lastly, I would like you to know I actually downloaded The Avengers 2012 1080p BRrip X264 2 2GB YIFY, but its on M: drive. Why did you not look there, but kept staying on my C: and D: ? Was it for the porn?
Thank you for participating on the malware collection exercise on my honeynet. 

How many of you laughed? I don't know. I sure did the hell laughed my head off.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.