you are not alone
::MS Windows Tips & Tutorials::MS Windows Drivers::Linux Tips & Tutorials::Virus, Malware, Trojan, Spyware Removal Tips::
Sunday, June 25, 2023
Sunday, November 17, 2019
W32/Sality.Y
General
Methods of propagation:
• Local network
• Mapped network drives
Aliases:
• Symantec: W32.Sality.AE
• Mcafee: W32/Sality.gen
• Kaspersky: Virus.Win32.Sality.aa
• TrendMicro: PE_SALITY.JER
• F-Secure: Virus.Win32.Sality.aa
• Sophos: W32/Sality-AM
• Panda: W32/Sality.AK
• VirusBuster: Sality.AQ.Gen
• Bitdefender: Win32.Sality.OG
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Lowers security settings
• Registry modification
File infection Method:
This memory-resistent infector remains active in memory.
70.000
• .EXE
Registry
The value of the following registry key is removed:–
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
It creates the following entry in order to bypass the Windows XP firewall:–
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
• "c:\\%filename%"="c:\\%filename%:*:Enabled:ipsec"
• "c:\windows\\system32\\ctfmon.exe"="c:\windows\\system32
Hack TM Unifi: In case you’ve lost your default password
There’s a lot of documentation online on how to hack your neighbours Wi-Fi, but sometimes you need to hack your own system. Usually its because you’ve change your router password and forgot it completely, leaving you in the cold desolate place we like to call “No router land”.
Don’t fear though, its actually pretty darn easy to hack your standard Dlink Dir-615 router (pictured above) that came stock with your Unifi subscription. Make no mistake, the router actually has some pretty sleek features, but Telekom Malaysia has a lackadaisical approach to security that makes hacking this router merely google searches away.
The default Unifi access credentials are:
Username : admin Password :
Where the password field is literally left blank, (as it is).
However, if you’re locked out of your Unifi router, here’s a couple of things you could do to get your connection back:
Option 1: Logging in with the Operator account
Most of the time, I recommend you use the admin account to change your Unifi settings, TM themselves admit that they don’t even set a password for this account on their user guide (page 9, 2nd bullet). However, if you’ve changed the password to this account and forgot it, there’s still a 2nd account that is left lurking in the system.
This is the ‘Operator’ account, and actually has more features than the standard ‘Admin’ account. TM have left this here, presumably for support purposes, but quite frankly, they shouldn’t. It’s like your house contractor, keeping a spare key to your home for ‘support’ purposes, it’s just not good security.
Fortunately though, if you’ve just changed the ‘Admin’ password, you’ve still got a chance to go back into your router and set things up correctly, just logon with the Operator account using one of the following credentials:
Username: Management Password: TestingR2
Username : operator Password : h566UniFi
Username : operator Password : telekom
Username : operator Password :
Needless to say, please change the operator password once you’ve logged on, and remember it wisely this time.
Option 2: Hack the Dlink Dir 615 router
This options isn’t as hard as it might seem. For those running a router with a firmware version of 7.09 and below, there is a well documented vulnerability on the Dlink Dir-615 router that enables you to access your router without even knowing the username or password. To do so, just enter the url below;
http:
//192.168.0.1/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0
For more info on the vulnerability check out this link here. The vulnerability is called an authentication bypass, and literally allows you to access the router with no credentials at all! You can visit any page from the router menu, by just adding the “?NO_NEED_AUTH=1&AUTH_GROUP=0” to the end of the link.
Option 3: The one that will always work
*Edited 5-Dec-2013*
I’m really scared of this one. As from my checks with a couple of Shodan searches ALL Unifi routers are susceptible to this attack. All you need to do this is visit this link:
http://192.168.0.1/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd
And you’ll see in plain-freaking-text, your unifi routers username and password, for both the admin and operator/management accounts.
Thanks to use_the_source_luke from this bugtraq post.
This is all public information at this point and you deserve to know that your unifi router is insecure. So get out there and buy a new router already.
*end edit*
Out of Options
There are other vulnerabilities on the Dlink router, including the famous config.bin password hack, however, from my checks, most Unifi routers are already patched with the fix for that. Leaving the above two options your only hope. If you really are out of options, you can always purchase a new router for your Unifi connection (I recommend the Asus RT-N12C1 or the Asus RT-N12HP)
However, you made need to call TM for your Unifi Password.
How to secure your Unifi router
It’s also important to learn how to secure your router, the first bit is easy. Change the passwords, TM have a really bad habit of setting the router password to blank, meaning there literally is NO PASSWORD!!
Needless to say, that’s bad security. What’s even worse is the average customer isn’t aware of the operator account which is left on the system with default passwords as well. From my quick checks, about 50% of people don’t change they’re router Admin passwords, and nearly 99% of people haven’t changed their operator password. You can’t really blame them, they didn’t know the operator account was there in the first place. So basically 99 times out of a 100, you’ll be able to ‘hack’ your unifi router using nothing but default passwords.
Securing the router, first and foremost requires that you change the passwords from their default values.
Secondly, if you’re using a firmware version of 7.09 and below, it’s time to upgrade your firmware. Upgrading your router firmware is actually pretty common stuff, there are entire websites that are dedicated to documenting router vulnerabilities, not for hackers, but security research–and this concept actually helps make our everyday appliances more secure.
Conclusion
A lot of people have locked themselves out of their home routers, so hopefully this post helps. However, because TM have such a bad stance against security, it also means that if you don’t take the necessary precautions, you could be on the wrong end of an attack.
Remember to stay safe and secure, securing your router is as important as securing your front door.
Wednesday, August 2, 2017
"Windows setup could not configure to run on this computer's hardware" error during Windows 7 or Windows 10 installation
Windows setup error during installation of Windows 7 or Windows 10
When performing a full install or re-install of Windows 7 or Windows 10, you may receive the error "Windows setup could not configure to run on this computer's hardware" right after or during the "Completing installation" stage of the process. The installation process will not continue past the error. If you restart the computer, the install process will arrive back at the same error with no further progress.
Manually run msoobe.exe to finish the install
A possible resolution to this issue is to manually run the msoobe.exe program to allow the install to complete. Follow the steps below to manually run the msoobe.exe program:
Windows 7:
- At the error screen, press Shift+F10 to open a command prompt.
- Type cd \ and press Enter.
- Type cd c:\windows\system32\oobe and press Enter.
- Type msoobe and press Enter. The installation process should now automatically continue.
- Remove the installation media and the system should finish the installation and boot into Windows.
Windows 10:
- While on the screen where the error appears, press Shift+F10 to bring up the command prompt.
- Type CD C:\windows\system32\oobe and hit Enter.
- Type msoobe and hit Enter.
- You may then be prompted to create an account name and password, and set the time and date. Click Finishwhen done.NOTE: If this is a retail version of Windows 10, you may also be prompted to enter a product key for Windows 10. Enter the product key and click Finish.
- The installation process should then complete and allow the computer to boot into Windows.
Subscribe to:
Posts (Atom)