Leaderboard

Eu am cumparat like-uri de la facebook si nu au adus nimic bine pentru afacerea respectiva, cum am inceput sa fac conturi multe de femei si sa fac singur publicitatii prin invite-uri , adaugari pe grupuri s.a.m.d , a inceput si afacerea sa miste. Tin sa adaug cate ceva aici. 1. Like-urile de la facebook sunt bune dar trebuie sa bagi o gramada de bani sa faci atatea aprecieri cat poti face din invite. 2. Like-uri din inainte se faceau foarte usor prin diferite scripturi sau addmefast sau prin alte mijloace indiene dar degeaba aparea pe site 100k likes daca la reach erai 1k. 3. Pretul pt 100. like-uri 1 euro, tin sa cred ca este un pret corect pentru ca peste tot se vand 1k likes - 10 euro. 4. Nu stiu cat a apus era like, a apus poate din motivul ca numai este atat de multa lume care sa faca cum faceau inainte ( acum e putin mai greu ca inainte cu stransu like-urilor ) In plus de asta fiecare e liber sa vanda ce vrea, atata timp cat indeplineste toti termeni aici pe RST.

"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via https://github.com/Disassembler0(different defaults) ########## # Win10 Initial Setup Script # Author: Disassembler <disassembler@dasm.cz> # Version: 1.7, 2016-08-15 # dasm's script: https://github.com/Disassembler0/Win10-Initial-Setup-Script/ # THIS IS A PERSONALIZED VERSION # This script leaves more MS defaults on, including MS security features. # Tweaked based on personal preferences for @alirobe 2016-11-16 - v1.7.1 # NOTE: READ THIS SCRIPT CAREFULLY BEFORE RUNNING IT. ADJUST COMMENTS AS APPROPRIATE. # This script will reboot your machine when completed. # Setting up a new machine? See http://ninite.com (for devs, http://chocolatey.org) ########## # Ask for elevated permissions if required If (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]"Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs Exit } ########## # Privacy Settings ########## # Disable Telemetry # Disable Telemetry Write-Host "Disabling Telemetry..." Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 0 # Enable Telemetry # Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3 # Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3 # Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" -Name "AllowTelemetry" -Type DWord -Value 3 # Disable Wi-Fi Sense Write-Host "Disabling Wi-Fi Sense..." If (!(Test-Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting")) { New-Item -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Force | Out-Null } Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 0 # Enable Wi-Fi Sense # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" -Name "Value" -Type DWord -Value 1 # Set-ItemProperty -Path "HKLM:\Software\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" -Name "Value" -Type DWord -Value 1 # Disable SmartScreen Filter # Write-Host "Disabling SmartScreen Filter..." # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "Off" # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" -Type DWord -Value 0 # Enable SmartScreen Filter # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "SmartScreenEnabled" -Type String -Value "RequireAdmin" # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AppHost" -Name "EnableWebContentEvaluation" # Disable Bing Search in Start Menu Write-Host "Disabling Bing Search in Start Menu..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" -Type DWord -Value 0 # Enable Bing Search in Start Menu # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "BingSearchEnabled" # Disable Start Menu suggestions Write-Host "Disabling Start Menu suggestions..." Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 0 # Enable Start Menu suggestions # Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" -Name "SystemPaneSuggestionsEnabled" -Type DWord -Value 1 # Disable Location Tracking Write-Host "Disabling Location Tracking..." Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 0 Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 0 # Enable Location Tracking # Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type DWord -Value 1 # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\lfsvc\Service\Configuration" -Name "Status" -Type DWord -Value 1 # Disable Feedback Write-Host "Disabling Feedback..." If (!(Test-Path "HKCU:\Software\Microsoft\Siuf\Rules")) { New-Item -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" -Type DWord -Value 0 # Enable Feedback # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Siuf\Rules" -Name "NumberOfSIUFInPeriod" # Disable Advertising ID Write-Host "Disabling Advertising ID..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" -Type DWord -Value 0 # Enable Advertising ID # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" -Name "Enabled" # Disable Cortana Write-Host "Disabling Cortana..." If (!(Test-Path "HKCU:\Software\Microsoft\Personalization\Settings")) { New-Item -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" -Type DWord -Value 0 If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization")) { New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 1 Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 1 If (!(Test-Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore")) { New-Item -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Force | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" -Type DWord -Value 0 # Enable Cortana # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Personalization\Settings" -Name "AcceptedPrivacyPolicy" # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitTextCollection" -Type DWord -Value 0 # Set-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization" -Name "RestrictImplicitInkCollection" -Type DWord -Value 0 # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\InputPersonalization\TrainedDataStore" -Name "HarvestContacts" # Restrict Windows Update P2P only to local network Write-Host "Restricting Windows Update P2P only to local network..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" -Type DWord -Value 1 If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" -Type DWord -Value 3 # Unrestrict Windows Update P2P # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config" -Name "DODownloadMode" # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" -Name "SystemSettingsDownloadMode" # Remove AutoLogger file and restrict directory Write-Host "Removing AutoLogger file and restricting directory..." $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" If (Test-Path "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl") { Remove-Item "$autoLoggerDir\AutoLogger-Diagtrack-Listener.etl" } icacls $autoLoggerDir /deny SYSTEM:`(OI`)`(CI`)F | Out-Null # Unrestrict AutoLogger directory # $autoLoggerDir = "$env:PROGRAMDATA\Microsoft\Diagnosis\ETLLogs\AutoLogger" # icacls $autoLoggerDir /grant:r SYSTEM:`(OI`)`(CI`)F | Out-Null # Stop and disable Diagnostics Tracking Service Write-Host "Stopping and disabling Diagnostics Tracking Service..." Stop-Service "DiagTrack" Set-Service "DiagTrack" -StartupType Disabled # Enable and start Diagnostics Tracking Service # Set-Service "DiagTrack" -StartupType Automatic # Start-Service "DiagTrack" # Stop and disable WAP Push Service Write-Host "Stopping and disabling WAP Push Service..." Stop-Service "dmwappushservice" Set-Service "dmwappushservice" -StartupType Disabled # Enable and start WAP Push Service # Set-Service "dmwappushservice" -StartupType Automatic # Start-Service "dmwappushservice" # Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\dmwappushservice" -Name "DelayedAutoStart" -Type DWord -Value 1 ########## # Service Tweaks ########## # Lower UAC level # Write-Host "Lowering UAC level..." # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 0 # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 0 # Raise UAC level # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Type DWord -Value 5 # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "PromptOnSecureDesktop" -Type DWord -Value 1 # Enable sharing mapped drives between users # Write-Host "Enabling sharing mapped drives between users..." # Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" -Type DWord -Value 1 # Disable sharing mapped drives between users # Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLinkedConnections" # Disable Firewall # Write-Host "Disabling Firewall..." # Set-NetFirewallProfile -Profile * -Enabled False # Enable Firewall # Set-NetFirewallProfile -Profile * -Enabled True # Disable Windows Defender # Write-Host "Disabling Windows Defender..." # Set-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Type DWord -Value 1 # Enable Windows Defender # Remove-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" # Disable Windows Update automatic restart Write-Host "Disabling Windows Update automatic restart..." Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 1 # Enable Windows Update automatic restart # Set-ItemProperty -Path "HKLM:\Software\Microsoft\WindowsUpdate\UX\Settings" -Name "UxOption" -Type DWord -Value 0 # Stop and disable Home Groups services Write-Host "Stopping and disabling Home Groups services..." Stop-Service "HomeGroupListener" Set-Service "HomeGroupListener" -StartupType Disabled Stop-Service "HomeGroupProvider" Set-Service "HomeGroupProvider" -StartupType Disabled # Enable and start Home Groups services # Set-Service "HomeGroupListener" -StartupType Manual # Set-Service "HomeGroupProvider" -StartupType Manual # Start-Service "HomeGroupProvider" # Disable Remote Assistance # Write-Host "Disabling Remote Assistance..." # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 0 # Enable Remote Assistance # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Remote Assistance" -Name "fAllowToGetHelp" -Type DWord -Value 1 # Enable Remote Desktop w/o Network Level Authentication # Write-Host "Enabling Remote Desktop w/o Network Level Authentication..." # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 0 # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 0 # Disable Remote Desktop # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Type DWord -Value 1 # Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "UserAuthentication" -Type DWord -Value 1 ########## # UI Tweaks ########## # Disable Action Center # Write-Host "Disabling Action Center..." # If (!(Test-Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer")) { # New-Item -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" | Out-Null # } # Set-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" -Type DWord -Value 1 # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" -Type DWord -Value 0 # Enable Action Center # Remove-ItemProperty -Path "HKCU:\Software\Policies\Microsoft\Windows\Explorer" -Name "DisableNotificationCenter" # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications" -Name "ToastEnabled" # Disable Lock screen Write-Host "Disabling Lock screen..." If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization")) { New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" | Out-Null } Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" -Type DWord -Value 1 # Enable Lock screen # Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" -Name "NoLockScreen" # Disable Lock screen (Anniversary Update workaround) #If ([System.Environment]::OSVersion.Version.Build -gt 14392) { # Apply only for Redstone 1 or newer # $service = New-Object -com Schedule.Service # $service.Connect() # $task = $service.NewTask(0) # $task.Settings.DisallowStartIfOnBatteries = $false # $trigger = $task.Triggers.Create(9) # $trigger = $task.Triggers.Create(11) # $trigger.StateChange = 8 # $action = $task.Actions.Create(0) # $action.Path = "reg.exe" # $action.Arguments = "add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f" # $service.GetFolder("\").RegisterTaskDefinition("Disable LockScreen", $task, 6, "NT AUTHORITY\SYSTEM", $null, 4) | Out-Null #} # Enable Lock screen (Anniversary Update workaround) #If ([System.Environment]::OSVersion.Version.Build -gt 14392) { # Apply only for Redstone 1 or newer # Unregister-ScheduledTask -TaskName "Disable LockScreen" -Confirm:$false -ErrorAction SilentlyContinue #} # Disable Autoplay Write-Host "Disabling Autoplay..." Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 1 # Enable Autoplay # Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" -Name "DisableAutoplay" -Type DWord -Value 0 # Disable Autorun for all drives Write-Host "Disabling Autorun for all drives..." If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")) { New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | Out-Null } Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Type DWord -Value 255 # Enable Autorun # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" #Disable Sticky keys prompt Write-Host "Disabling Sticky keys prompt..." Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "506" # Enable Sticky keys prompt # Set-ItemProperty -Path "HKCU:\Control Panel\Accessibility\StickyKeys" -Name "Flags" -Type String -Value "510" # Hide Search button / box Write-Host "Hiding Search Box / Button..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" -Type DWord -Value 0 # Show Search button / box # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Search" -Name "SearchboxTaskbarMode" # Hide Task View button # Write-Host "Hiding Task View button..." # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" -Type DWord -Value 0 # Show Task View button # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowTaskViewButton" # Show small icons in taskbar # Write-Host "Showing small icons in taskbar..." # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" -Type DWord -Value 1 # Show large icons in taskbar # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarSmallIcons" # Show titles in taskbar # Write-Host "Showing titles in taskbar..." # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" -Type DWord -Value 1 # Hide titles in taskbar # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "TaskbarGlomLevel" # Show all tray icons Write-Host "Showing all tray icons..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" -Type DWord -Value 0 # Hide tray icons as needed # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer" -Name "EnableAutoTray" # Show known file extensions Write-Host "Showing known file extensions..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 0 # Hide known file extensions # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Type DWord -Value 1 # Show hidden files Write-Host "Showing hidden files..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 1 # Hide hidden files # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Type DWord -Value 2 # Change default Explorer view to "Computer" Write-Host "Changing default Explorer view to `"Computer`"..." Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" -Type DWord -Value 1 # Change default Explorer view to "Quick Access" # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "LaunchTo" # Show Computer shortcut on desktop # Write-Host "Showing Computer shortcut on desktop..." # If (!(Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu")) { # New-Item -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" | Out-Null # } # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 # Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" -Type DWord -Value 0 # Hide Computer shortcut from desktop # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" # Remove-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" -Name "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" # Remove Desktop icon from computer namespace # Write-Host "Removing Desktop icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" -Recurse -ErrorAction SilentlyContinue # Add Desktop icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}" # Remove Documents icon from computer namespace # Write-Host "Removing Documents icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" -Recurse -ErrorAction SilentlyContinue # Add Documents icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{d3162b92-9365-467a-956b-92703aca08af}" # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}" # Remove Downloads icon from computer namespace # Write-Host "Removing Downloads icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" -Recurse -ErrorAction SilentlyContinue # Add Downloads icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{088e3905-0323-4b02-9826-5d99428e115f}" # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{374DE290-123F-4565-9164-39C4925E467B}" # Remove Music icon from computer namespace # Write-Host "Removing Music icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" -Recurse -ErrorAction SilentlyContinue # Add Music icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}" # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{1CF1260C-4DD0-4ebb-811F-33C572699FDE}" # Remove Pictures icon from computer namespace # Write-Host "Removing Pictures icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" -Recurse -ErrorAction SilentlyContinue # Add Pictures icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{24ad3ad4-a569-4530-98e1-ab02f9417aa8}" # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}" # Remove Videos icon from computer namespace # Write-Host "Removing Videos icon from computer namespace..." # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" -Recurse -ErrorAction SilentlyContinue # Add Videos icon to computer namespace # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}" # New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{A0953C92-50DC-43bf-BE83-3742FED03C9C}" ## Add secondary en-US keyboard #Write-Host "Adding secondary en-US keyboard..." #$langs = Get-WinUserLanguageList #$langs.Add("en-US") #Set-WinUserLanguageList $langs -Force # Remove secondary en-US keyboard # $langs = Get-WinUserLanguageList # Set-WinUserLanguageList ($langs | ? {$_.LanguageTag -ne "en-US"}) -Force ########## # Remove unwanted applications ########## # Disable OneDrive # Write-Host "Disabling OneDrive..." # If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive")) { # New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | Out-Null # } # Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" -Type DWord -Value 1 # Enable OneDrive # Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" -Name "DisableFileSyncNGSC" # Uninstall OneDrive # Write-Host "Uninstalling OneDrive..." # Stop-Process -Name OneDrive -ErrorAction SilentlyContinue # Start-Sleep -s 3 # $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe" # If (!(Test-Path $onedrive)) { # $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe" # } # Start-Process $onedrive "/uninstall" -NoNewWindow -Wait # Start-Sleep -s 3 # Stop-Process -Name explorer -ErrorAction SilentlyContinue # Start-Sleep -s 3 # Remove-Item "$env:USERPROFILE\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue # Remove-Item "$env:LOCALAPPDATA\Microsoft\OneDrive" -Force -Recurse -ErrorAction SilentlyContinue # Remove-Item "$env:PROGRAMDATA\Microsoft OneDrive" -Force -Recurse -ErrorAction SilentlyContinue # If (Test-Path "$env:SYSTEMDRIVE\OneDriveTemp") { # Remove-Item "$env:SYSTEMDRIVE\OneDriveTemp" -Force -Recurse -ErrorAction SilentlyContinue # } # If (!(Test-Path "HKCR:")) { # New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null # } # Remove-Item -Path "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue # Remove-Item -Path "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" -Recurse -ErrorAction SilentlyContinue # Install OneDrive # $onedrive = "$env:SYSTEMROOT\SysWOW64\OneDriveSetup.exe" # If (!(Test-Path $onedrive)) { # $onedrive = "$env:SYSTEMROOT\System32\OneDriveSetup.exe" # } # Start-Process $onedrive -NoNewWindow # Uninstall default bloatware Write-Host "Uninstalling default bloatware..." # Get-AppxPackage "Microsoft.3DBuilder" | Remove-AppxPackage # Get-AppxPackage "Microsoft.BingFinance" | Remove-AppxPackage # Get-AppxPackage "Microsoft.BingNews" | Remove-AppxPackage # Get-AppxPackage "Microsoft.BingSports" | Remove-AppxPackage # Get-AppxPackage "Microsoft.BingWeather" | Remove-AppxPackage # Get-AppxPackage "Microsoft.Getstarted" | Remove-AppxPackage # Get-AppxPackage "Microsoft.MicrosoftOfficeHub" | Remove-AppxPackage # Get-AppxPackage "Microsoft.MicrosoftSolitaireCollection" | Remove-AppxPackage # Get-AppxPackage "Microsoft.Office.OneNote" | Remove-AppxPackage # Get-AppxPackage "Microsoft.People" | Remove-AppxPackage # Get-AppxPackage "Microsoft.SkypeApp" | Remove-AppxPackage # Get-AppxPackage "Microsoft.Windows.Photos" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsAlarms" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsCamera" | Remove-AppxPackage # Get-AppxPackage "microsoft.windowscommunicationsapps" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsMaps" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsPhone" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsSoundRecorder" | Remove-AppxPackage # Get-AppxPackage "Microsoft.XboxApp" | Remove-AppxPackage # Get-AppxPackage "Microsoft.ZuneMusic" | Remove-AppxPackage # Get-AppxPackage "Microsoft.ZuneVideo" | Remove-AppxPackage # Get-AppxPackage "Microsoft.AppConnector" | Remove-AppxPackage # Get-AppxPackage "Microsoft.ConnectivityStore" | Remove-AppxPackage # Get-AppxPackage "Microsoft.Office.Sway" | Remove-AppxPackage # Get-AppxPackage "Microsoft.Messaging" | Remove-AppxPackage # Get-AppxPackage "Microsoft.CommsPhone" | Remove-AppxPackage Get-AppxPackage "9E2F88E3.Twitter" | Remove-AppxPackage Get-AppxPackage "king.com.CandyCrushSodaSaga" | Remove-AppxPackage Get-AppxPackage "4DF9E0F8.Netflix" | Remove-AppxPackage # Get-AppxPackage "Drawboard.DrawboardPDF" | Remove-AppxPackage # Get-AppxPackage "Microsoft.MicrosoftStickyNotes" | Remove-AppxPackage # Get-AppxPackage "Microsoft.OneConnect" | Remove-AppxPackage Get-AppxPackage "D52A8D61.FarmVille2CountryEscape" | Remove-AppxPackage Get-AppxPackage "GAMELOFTSA.Asphalt8Airborne" | Remove-AppxPackage # Get-AppxPackage "Microsoft.WindowsFeedbackHub" | Remove-AppxPackage # Install default Microsoft applications # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.3DBuilder").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingFinance").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingNews").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingSports").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.BingWeather").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Getstarted").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftOfficeHub").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftSolitaireCollection").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.OneNote").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.People").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.SkypeApp").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Windows.Photos").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsAlarms").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsCamera").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.windowscommunicationsapps").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsMaps").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsPhone").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsSoundRecorder").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.XboxApp").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneMusic").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ZuneVideo").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.AppConnector").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.ConnectivityStore").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Office.Sway").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.Messaging").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.CommsPhone").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "9E2F88E3.Twitter").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "king.com.CandyCrushSodaSaga").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "4DF9E0F8.Netflix").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Drawboard.DrawboardPDF").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.MicrosoftStickyNotes").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.OneConnect").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "D52A8D61.FarmVille2CountryEscape").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "GAMELOFTSA.Asphalt8Airborne").InstallLocation)\AppXManifest.xml" # Add-AppxPackage -DisableDevelopmentMode -Register "$($(Get-AppXPackage -AllUsers "Microsoft.WindowsFeedbackHub").InstallLocation)\AppXManifest.xml" # In case you have removed them for good, you can try to restore the files using installation medium as follows # New-Item C:\Mnt -Type Directory | Out-Null # dism /Mount-Image /ImageFile:D:\sources\install.wim /index:1 /ReadOnly /MountDir:C:\Mnt # robocopy /S /SEC /R:0 "C:\Mnt\Program Files\WindowsApps" "C:\Program Files\WindowsApps" # dism /Unmount-Image /Discard /MountDir:C:\Mnt # Remove-Item -Path C:\Mnt -Recurse # Disable Xbox DVR # If (!(Test-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR")) { # New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" | Out-Null # } # Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -Type DWord -Value 0 # Enable Xbox DVR # Remove-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\GameDVR" -Name "AllowGameDVR" -ErrorAction SilentlyContinue # Uninstall Windows Media Player # Write-Host "Uninstalling Windows Media Player..." # dism /online /Disable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart # Install Windows Media Player # dism /online /Enable-Feature /FeatureName:MediaPlayback /Quiet /NoRestart # Uninstall Work Folders Client # Write-Host "Uninstalling Work Folders Client..." # dism /online /Disable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart # Install Work Folders Client # dism /online /Enable-Feature /FeatureName:WorkFolders-Client /Quiet /NoRestart # Set Photo Viewer as default for bmp, gif, jpg and png Write-Host "Setting Photo Viewer as default for bmp, gif, jpg, png and tif..." If (!(Test-Path "HKCR:")) { New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null } ForEach ($type in @("Paint.Picture", "giffile", "jpegfile", "pngfile")) { New-Item -Path $("HKCR:\$type\shell\open") -Force | Out-Null New-Item -Path $("HKCR:\$type\shell\open\command") | Out-Null Set-ItemProperty -Path $("HKCR:\$type\shell\open") -Name "MuiVerb" -Type ExpandString -Value "@%ProgramFiles%\Windows Photo Viewer\photoviewer.dll,-3043" Set-ItemProperty -Path $("HKCR:\$type\shell\open\command") -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" } # Remove or reset default open action for bmp, gif, jpg and png # If (!(Test-Path "HKCR:")) { # New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null # } # Remove-Item -Path "HKCR:\Paint.Picture\shell\open" -Recurse # Remove-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "MuiVerb" # Set-ItemProperty -Path "HKCR:\giffile\shell\open" -Name "CommandId" -Type String -Value "IE.File" # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "(Default)" -Type String -Value "`"$env:SystemDrive\Program Files\Internet Explorer\iexplore.exe`" %1" # Set-ItemProperty -Path "HKCR:\giffile\shell\open\command" -Name "DelegateExecute" -Type String -Value "{17FE9752-0B5A-4665-84CD-569794602F5C}" # Remove-Item -Path "HKCR:\jpegfile\shell\open" -Recurse # Remove-Item -Path "HKCR:\pngfile\shell\open" -Recurse # Show Photo Viewer in "Open with..." Write-Host "Showing Photo Viewer in `"Open with...`"" If (!(Test-Path "HKCR:")) { New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null } New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Force | Out-Null New-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Force | Out-Null Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Name "MuiVerb" -Type String -Value "@photoviewer.dll,-3043" Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\command" -Name "(Default)" -Type ExpandString -Value "%SystemRoot%\System32\rundll32.exe `"%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll`", ImageView_Fullscreen %1" Set-ItemProperty -Path "HKCR:\Applications\photoviewer.dll\shell\open\DropTarget" -Name "Clsid" -Type String -Value "{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}" # Remove Photo Viewer from "Open with..." # If (!(Test-Path "HKCR:")) { # New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null # } # Remove-Item -Path "HKCR:\Applications\photoviewer.dll\shell\open" -Recurse # Enable F8 boot menu options # Write-Host "Enabling F8 boot menu options..." # bcdedit /set `{current`} bootmenupolicy Legacy | Out-Null # Disable F8 boot menu options # bcdedit /set `{current`} bootmenupolicy Standard | Out-Null ########## # Restart ########## Write-Host Write-Host "Press any key to restart your system..." -ForegroundColor Black -BackgroundColor White $key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") Write-Host "Restarting..." Restart-Computer Sursa: https://gist.github.com/alirobe/7f3b34ad89a159e6daa1

sunt lucruri pe care le inveti pe parcurs, fiecare om invata ceva cand vrea sa faca ceva maret. daca ramai sa faci lucruri simple, o sa simti ca n-ai facut nimic "important". targetul trebuie sa fie ceva mare, o sa te lovesti de probleme, o sa le rezolvi si o sa inveti.

Cred ca te referi la GHz nu MHz. Si nu, un dispozitiv WiFi ce comunica pe banda de 5GHz nu poate comunica cu un dispozitiv ce foloseste banda de 2.4 GHz. Sunt dispozitive dual-band care au 2 transceiver-e. Dar daca e single-band, nu. WiMax e cu totul alta mancare de peste. Ma indoiesc de posibilitatea de a conecta un dispozitiv WiMax la o retea WiFi.

Ar mai fi si http://www.hardkernel.com/main/products/prdt_info.php?g_code=G143452239825 pentru cei interesati.

Exclus conturi ce au friends, followers adusi cu followliker etc.. Este ok si worldwide, conturi minim 3000 de prieteni Instagram 3000 followers. Nu cereti preturi astronomice. PM cu cate aveti + link catre cont

Se numeste ASUS Tinker Board, iar la prima vedere specificatiile sunt peste orice dispozitiv Raspberry Pi. Specificatii mai jos: SoC – Rockchip 3288 Quad-core A17 1.8 GHz ARM Mali-T764 GPU supports Support OpenGL ES1.1/2.0/3.0, OpenVG1.1, OpenGL, DirectX11 System Memory – 2GB LPDDR3, dual channel Storage – micro SD slot Video output & Display I/F 1x HDMI up to 4K display 1x 15-pin MIPI DSI supporting up to 1080p Audio – 1x 3.5mm audio jack; Realtek HD codec with 192KHz/24-bit audio Connectivity – Gigabit Ethernet, 802.11 b/g/n, Bluetooth 4.0 + EDR USB – 4x USB 2.0 host ports, 1x micro USB port (for power) Expansion Headers 40-pin “somewhat Raspberry Pi extensions compatible” header with up to 28x GPIOs, 2x SPI, 2x I2C, 4x UART, 2x PWM, 1x PCM/I2S, 5V, 3.3V, and GND 2-pin contact point with 1x PWM signal, 1x S/PDIF signal Misc – Button, unpopulated fan header Power Supply – 5V/2A via micro USB port Dimensions – 3.37" x 2.125" Linux Based OS, Debian... Il asteptam cu interes si in Romania, este doar o chestiune de timp pana va fi disponibil si local. Ceva idei de proiecte? Cine are rog sa le impartaseasca. Mai multe detalii aici.

Nu stiu de ce te chinuesti cand deja exista CMS pe Python si Django. https://www.django-cms.org/en/ Poti sa faci o aplicatie simpla care sa o integrezi in CMS-ul deja existent. Nu vad pe nimeni din Romania pe lista desi sunt multi care stiu Python. Ii plin de elvetieni si germani, ai nostri sunt asa de buni ca nu au nevoie de publicitate. P.S. Amon.cx ii facut tot cu Python si Django

Deja sunt ARM-uri si ATOM-uri pe custom motherboard vandute ca VPS-uri.

Se gasesc module pentru orice https://www.sparkfun.com/products/9473

De asemenea poti incerca Latte Panda. Destule informatii aici: http://www.lattepanda.com/products/ O zi buna!

Practical JSONP Injection January 18, 2017 Petre Popescu JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of adoption of JSON, web APIs and the urging need for cross-domain communications. What is JSONP? Assuming everybody knows what JSON is, let’s talk a little about JSONP. JSONP comes from JSON with Padding and it was created in order to bypass common restrictions such as Same-origin Policy which is enforced for XMLHttpRequest (AJAX requests). Let’s take an example. Our online banking application, http://verysecurebank.ro, has implemented an API call that returns the current user’s transactions. An HTTP request to the http://verysecurebank.ro/getAccountTransactions endpoint presents us with the transactions, JSON formatted: If our reports application, accessible at http://reports.verysecurebank.ro wants to get the transaction details, an AJAX call to the page won’t be possible, due to Same-origin Policy being in effect (different host). To get around this problem, JSONP came into play. Since Cross-domain script inclusion (mostly used to externally load JavaScript libraries such as jQuery, AngularJS etc.) is allowed, but not recommended, a smart trick apparently solved the entire equation: prepending the response with a callback. Note: even if it might be obvious, it’s worth mentioning that when including a script cross-domain, it will run in the context of the including application, not in the source’s context. Adding a callback to the API response, wrapped around the JSON formatted data, allows us to load the API response between script tags and get its content by defining our own callback function to handle it. Articol: https://securitycafe.ro/2017/01/18/practical-jsonp-injection/

https://www.cia.gov/library/readingroom/collection/crest-25-year-program-archive The records include intelligence briefings, research papers, UFO sightings and psychic experiments. The full archive is made up of almost 800,000 files.

Impersonating Office 365 Users With Mimikatz January 15, 2017 | Michael Grafnetter Introduction Last month, Microsoft has introduced a new feature of Azure AD Connect called Single Sign On. It allows companies to configure SSO between AD and AAD without the need to deploy ADFS, which makes it an ideal solution for SMEs. Here is a high-level diagram of this functionality: As we can see from the diagram above, Azure AD exposes a publicly available endpoint that accepts Kerberos tickets and translates them into SAML and JWT tokens, which are understood and trusted by other cloud services like Office 365, Azure or Salesforce. And wherever you have Kerberos-based authentication, it can be attacked using Silver Tickets. In usual circumstances this attack can only be performed from the intranet. But what really caught my attention is the fact that with this new SSO feature, Silver Tickets could be used from the entire internet. Let’s give it a try then! The Nasty Stuff To test this technique, we need to retrieve some information from Active Directory first: NTLM password hash of the AZUREADSSOACC account, e.g. f9969e088b2c13d93833d0ce436c76dd. This value can be retrieved from AD using mimikatz: 1 mimikatz.exe "lsadump::dcsync /user:AZUREADSSOACC$" exit My own DSInternals PowerShell Module could do the same job: 1 2 Get-ADReplAccount -SamAccountName 'AZUREADSSOACC$' -Domain contoso ` -Server lon-dc1.contoso.local Both of these commands need Domain Admins permissions. Name of the AD domain, e.g. contoso.local. AAD logon name of the user we want to impersonate, e.g. elrond@contoso.com. This is typically either his userPrincipalName or mail attribute from the on-prem AD. SID of the user we want to impersonate, e.g. S-1-5-21-2121516926-2695913149-3163778339-1234. Having this information we can now create and use the Silver Ticket on any Windows computer connected to the internet. It does not even matter whether it is joined to a domain or a workgroup: Create the Silver Ticket and inject it into Kerberos cache: 1 2 3 4 mimikatz.exe "kerberos::golden /user:elrond /sid:S-1-5-21-2121516926-2695913149-3163778339 /id:1234 /domain:contoso.local /rc4:f9969e088b2c13d93833d0ce436c76dd /target:aadg.windows.net.nsatc.net /service:HTTP /ptt" exit Launch Mozilla Firefox. Go to about:config and set the network.negotiate-auth.trusted-uris preference to value “https://aadg.windows.net.nsatc.net,https://autologon.microsoftazuread-sso.com”. Navigate to any web application that is integrated with our AAD domain. We will use Office 365, which is the most commonly used one. Once at the logon screen, fill in the user name, while leaving the password field empty. Then press TAB or ENTER. That’s it, we’re in! To log in as another user, run the command below and repeat steps 1-6. 1 klist purge It is also worth noting that the password of the AZUREADSSOACC account never changes, so the stolen hash/key will work forever. It could therefore be misused by highly privileged employees to retain access to the IT environment after leaving the company. Dealing with such situations is a much broader problem, which is aptly depicted by the following old Narnian saying: Countermeasures First of all, I have to point out that this technique would not be very practical in real-world situations due to these reasons: The SSO feature is in Preview and has to be explicitly enabled by an AD admin. Just a handful of companies probably use it at the time of writing this article and enterprises will quite surely stick to their proven ADFS deployments even after this feature reaches GA. The hash/key of the AZUREADSSOACC account can only be retrieved by Domain Admins from DCs by default. But if an attacker had such highly privileged access to an Active Directory domain, he/she would be able to do some way nastier stuff than just replicating a single hash. The password of the AZUREADSSOACC account is randomly generated during the deployment of Azure AD Connect. It would therefore be impossible to guess this password. As you can see, there is simply no need to panic. But just to be safe, I would recommend these generic security measures: Only delegate administrative access to trusted individuals and keep the number of members of the Domain Admins group (and other privileged groups) as low as possible. Protect backups of Domain Controllers, so no-one could extract sensitive information from them. Enable and enforce Azure MFA for users authenticating from external IP addresses. It is very straightforward and effective against many kinds of attacks. Consider implementing Azure AD conditional access. Deploy Microsoft Advanced Threat Analytics to detect malicious replication and other threats to your AD infrastructure. Force a password change on the AZUREADSSOACC account by re-deploying Azure AD Connect SSO after a highly privileged employee leaves the company. This should be done together with resetting the password of krbtgt and other sensitive accounts. I am also quite sure that the Azure AD team at Microsoft is fully aware of this potential threat and there is chance that they could implement some kind of heuristics to detect forged Kerberos tickets in the future. It would also be nice if they implemented automatic password changes for AZUREADSSOACC (or it is already there and I just missed it). Again, we are talking about a feature that has not even reached the GA stage yet, so it is too soon to judge. Conclusion Although the Silver Ticket attack has been here for some years, it is now probably the first time it can be used over the internet against a cloud service, which theoretically makes it even more potent. On the other hand, it would be quite hard to perform this technique in a real-world environment due to impracticalities discussed in the previous section, so there is no need to worry. The new SSO feature of Azure AD Connect can therefore be considered safe and I would recommend using it. Sursa: https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/

ctf-tools This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. Installers for the following tools are included: Category Tool Description binary afl State-of-the-art fuzzer. binary angr Next-generation binary analysis engine from Shellphish. binary barf Binary Analysis and Reverse-engineering Framework. binary bindead A static analysis tool for binaries. binary checksec Check binary hardening settings. binary codereason Semantic Binary Code Analysis Framework. binary crosstool-ng Cross-compilers and cross-architecture tools. binary cross2 A set of cross-compilation tools from a Japanese book on C. binary elfkickers A set of utilities for working with ELF files. binary elfparser Quickly determine the capabilities of an ELF binary through static analysis. binary evilize Tool to create MD5 colliding binaries binary gdb Up-to-date gdb with python2 bindings. binary gef Enhanced environment for gdb. binary hongfuzz A general-purpose, easy-to-use fuzzer with interesting analysis options. binary libheap gdb python library for examining the glibc heap (ptmalloc) binary panda Platform for Architecture-Neutral Dynamic Analysis. binary pathgrind Path-based, symbolically-assisted fuzzer. binary peda Enhanced environment for gdb. binary preeny A collection of helpful preloads (compiled for many architectures!). binary pwndbg Enhanced environment for gdb. Especially for pwning. binary pwntools Useful CTF utilities. binary python-pin Python bindings for pin. binary qemu Latest version of qemu! binary qira Parallel, timeless debugger. binary radare2 Some crazy thing crowell likes. binary ropper Another gadget finder. binary rp++ Another gadget finder. binary shellnoob Shellcode writing helper. binary shellsploit Shellcode development kit. binary snowman Cross-architecture decompiler. binary taintgrind A valgrind taint analysis tool. binary villoc Visualization of heap operations. binary virtualsocket A nice library to interact with binaries. binary wcc The Witchcraft Compiler Collection is a collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms. binary xrop Gadget finder. forensics binwalk Firmware (and arbitrary file) analysis tool. forensics dislocker Tool for reading Bitlocker encrypted partitions. forensics exetractor Unpacker for packed Python executables. Supports PyInstaller and py2exe. forensics firmware-mod-kit Tools for firmware packing/unpacking. forensics pdf-parser Tool for digging in PDF files forensics peepdf Powerful Python tool to analyze PDF documents. forensics scrdec A decoder for encoded Windows Scripts. forensics testdisk Testdisk and photorec for file recovery. crypto cribdrag Interactive crib dragging tool (for crypto). crypto foresight A tool for predicting the output of random number generators. To run, launch "foresee". crypto featherduster An automated, modular cryptanalysis tool. crypto hashkill Hash cracker. crypto hashpump A tool for performing hash length extension attaacks. crypto hashpump-partialhash Hashpump, supporting partially-unknown hashes. crypto hash-identifier Simple hash algorithm identifier. crypto littleblackbox Database of private SSL/SSH keys for embedded devices. crypto msieve Msieve is a C library implementing a suite of algorithms to factor large integers. crypto pemcrack SSL PEM file cracker. crypto pkcrack PkZip encryption cracker. crypto python-paddingoracle Padding oracle attack automation. crypto reveng CRC finder. crypto ssh_decoder A tool for decoding ssh traffic. You will need ruby1.8 from https://launchpad.net/~brightbox/+archive/ubuntu/ruby-ng to run this. Run with ssh_decoder --help for help, as running it with no arguments causes it to crash. crypto sslsplit SSL/TLS MITM. crypto xortool XOR analysis tool. crypto yafu Automated integer factorization. web burpsuite Web proxy to do naughty web stuff. web commix Command injection and exploitation tool. web dirb Web path scanner. web dirsearch Web path scanner. web mitmproxy CLI Web proxy and python library. web sqlmap SQL injection automation engine. web subbrute A DNS meta-query spider that enumerates DNS records, and subdomains. stego sound-visualizer Audio file visualization. stego steganabara Another image steganography solver. stego stegdetect Steganography detection/breaking tool. stego stegsolve Image steganography solver. stego zsteg detect stegano-hidden data in PNG & BMP. android apktool Dissect, dis-assemble, and re-pack Android APKs android android-sdk The android SDK (adb, emulator, etc). misc z3 Theorem prover from Microsoft Research. misc jdgui Java decompiler. misc veles Binary data analysis and visulalization tool. Sursa: https://github.com/zardus/ctf-tools

Containers from Scratch Posted on January 7, 2017 This is write up for talk I gave at CAT BarCamp, an awesome unconference at Portland State University. The talk started with the self-imposed challenge “give an intro to containers without Docker or rkt.” Often thought of as cheap VMs, containers are just isolated groups of processes running on a single host. That isolation leverages several underlying technologies built into the Linux kernel: namespaces, cgroups, chroots and lots of terms you’ve probably heard before. So, let’s have a little fun and use those underlying technologies to build our own containers. On today’s agenda: setting up a file system chroot unshare nsenter bind mounts cgroups capabilities Container file systems Container images, the thing you download from the internet, are literally just tarballs (or tarballs in tarballs if you’re fancy). The least magic part of a container are the files you interact with. For this post I’ve build a simple tarball by stripping down a Docker image. The tarball holds something that looks like a Debian file system and will be our playground for isolating processes. $ wget https://github.com/ericchiang/containers-from-scratch/releases/download/v0.1.0/rootfs.tar.gz $ sha256sum rootfs.tar.gz c79bfb46b9cf842055761a49161831aee8f4e667ad9e84ab57ab324a49bc828c rootfs.tar.gz First, explode the tarball and poke around. $ # tar needs sudo to create /dev files and setup file ownership $ sudo tar -zxf rootfs.tar.gz $ ls rootfs bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr $ ls -al rootfs/bin/ls -rwxr-xr-x. 1 root root 118280 Mar 14 2015 rootfs/bin/ls The resulting directory looks an awful lot like a Linux system. There’s a bin directory with executables, an etc with system configuration, a lib with shared libraries, and so on. Actually building this tarball is an interesting topic, but one we’ll be glossing over here. For an overview, I’d strongly recommend the excellent talk “Minimal Containers” by my coworker Brian Redbeard. chroot The first tool we’ll be working with is chroot. A thin wrapper around the similarly named syscall, it allows us to restrict a process’ view of the file system. In this case, we’ll restrict our process to the “rootfs” directory then exec a shell. Once we’re in there we can poke around, run commands, and do typical shell things. $ sudo chroot rootfs /bin/bash root@localhost:/# ls / bin dev home lib64 mnt proc run srv tmp var boot etc lib media opt root sbin sys usr root@localhost:/# which python /usr/bin/python root@localhost:/# /usr/bin/python -c 'print "Hello, container world!"' Hello, container world! root@localhost:/# It’s worth noting that this works because of all the things baked into the tarball. When we execute the Python interpreter, we’re executing rootfs/usr/bin/python, not the host’s Python. That interpreter depends on shared libraries and device files that have been intentionally included in the archive. Speaking of applications, instead of shell we can run one in our chroot. $ sudo chroot rootfs python -m SimpleHTTPServer Serving HTTP on 0.0.0.0 port 8000 ... If you’re following along at home, you’ll be able to view everything the file server can see at http://localhost:8000/. Creating namespaces with unshare How isolated is this chrooted process? Let’s run a command on the host in another terminal. $ # outside of the chroot $ top Sure enough, we can see the top invocation from inside the chroot. $ sudo chroot rootfs /bin/bash root@localhost:/# mount -t proc proc /proc root@localhost:/# ps aux | grep top 1000 24753 0.1 0.0 156636 4404 ? S+ 22:28 0:00 top root 24764 0.0 0.0 11132 948 ? S+ 22:29 0:00 grep top Better yet, our chrooted shell is running as root, so it has no problem killing the topprocess. root@localhost:/# pkill top So much for containment. This is where we get to talk about namespaces. Namespaces allow us to create restricted views of systems like the process tree, network interfaces, and mounts. Creating namespace is super easy, just a single syscall with one argument, unshare. The unshare command line tool gives us a nice wrapper around this syscall and lets us setup namespaces manually. In this case, we’ll create a PID namespace for the shell, then execute the chroot like the last example. $ sudo unshare -p -f --mount-proc=$PWD/rootfs/proc \ chroot rootfs /bin/bash root@localhost:/# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 20268 3240 ? S 22:34 0:00 /bin/bash root 2 0.0 0.0 17504 2096 ? R+ 22:34 0:00 ps aux root@localhost:/# Having created a new process namespace, poking around our chroot we’ll notice something a bit funny. Our shell thinks its PID is 1?! What’s more, we can’t see the host’s process tree anymore. Entering namespaces with nsenter A powerful aspect of namespaces is their composability; processes may choose to separate some namespaces but share others. For instance it may be useful for two programs to have isolated PID namespaces, but share a network namespace (e.g. Kubernetes pods). This brings us to the setns syscall and the nsentercommand line tool. Let’s find the shell running in a chroot from our last example. $ # From the host, not the chroot. $ ps aux | grep /bin/bash | grep root ... root 29840 0.0 0.0 20272 3064 pts/5 S+ 17:25 0:00 /bin/bash The kernel exposes namespaces under /proc/(PID)/ns as files. In this case, /proc/29840/ns/pid is the process namespace we’re hoping to join. $ sudo ls -l /proc/29840/ns total 0 lrwxrwxrwx. 1 root root 0 Oct 15 17:31 ipc -> 'ipc:[4026531839]' lrwxrwxrwx. 1 root root 0 Oct 15 17:31 mnt -> 'mnt:[4026532434]' lrwxrwxrwx. 1 root root 0 Oct 15 17:31 net -> 'net:[4026531969]' lrwxrwxrwx. 1 root root 0 Oct 15 17:31 pid -> 'pid:[4026532446]' lrwxrwxrwx. 1 root root 0 Oct 15 17:31 user -> 'user:[4026531837]' lrwxrwxrwx. 1 root root 0 Oct 15 17:31 uts -> 'uts:[4026531838]' The nsenter command provides a wrapper around setns to enter a namespace. We’ll provide the namespace file, then run the unshare to remount /proc and chroot to setup a chroot. This time, instead of creating a new namespace, our shell will join the existing one. $ sudo nsenter --pid=/proc/29840/ns/pid \ unshare -f --mount-proc=$PWD/rootfs/proc \ chroot rootfs /bin/bash root@localhost:/# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 20272 3064 ? S+ 00:25 0:00 /bin/bash root 5 0.0 0.0 20276 3248 ? S 00:29 0:00 /bin/bash root 6 0.0 0.0 17504 1984 ? R+ 00:30 0:00 ps aux Having entered the namespace successfully, when we run ps in the second shell (PID 5) we see the first shell (PID 1). Getting around chroot with mounts When deploying an “immutable” container it often becomes important to inject files or directories into the chroot, either for storage or configuration. For this example, we’ll create some files on the host, then expose them read-only to the chrooted shell using mount. First, let’s make a new directory to mount into the chroot and create a file there. $ sudo mkdir readonlyfiles $ echo "hello" > readonlyfiles/hi.txt Next, we’ll create a target directory in our container and bind mount the directory providing the -o ro argument to make it read-only. If you’ve never seen a bind mount before, think of this like a symlink on steroids. $ sudo mkdir -p rootfs/var/readonlyfiles $ sudo mount --bind -o ro $PWD/readonlyfiles $PWD/rootfs/var/readonlyfiles The chrooted process can now see the mounted files. $ sudo chroot rootfs /bin/bash root@localhost:/# cat /var/readonlyfiles/hi.txt hello However, it can’t write them. root@localhost:/# echo "bye" > /var/readonlyfiles/hi.txt bash: /var/readonlyfiles/hi.txt: Read-only file system Though a pretty basic example, it can actually be expanded quickly for things like NFS, or in-memory file systems by switching the arguments to mount. Use umount to remove the bind mount (rm won’t work). $ sudo umount $PWD/rootfs/var/readonlyfiles cgroups cgroups, short for control groups, allow kernel imposed isolation on resources like memory and CPU. After all, what’s the point of isolating processes they can still kill neighbors by hogging RAM? The kernel exposes cgroups through the /sys/fs/cgroup directory. If your machine doesn’t have one you may have to mount the memory cgroup to follow along. $ ls /sys/fs/cgroup/ blkio cpuacct cpuset freezer memory net_cls,net_prio perf_event systemd cpu cpu,cpuacct devices hugetlb net_cls net_prio pids For this example we’ll create a cgroup to restrict the memory of a process. Creating a cgroup is easy, just create a directory. In this case we’ll create a memory group called “demo”. Once created, the kernel fills the directory with files that can be used to configure the cgroup. $ sudo su # mkdir /sys/fs/cgroup/memory/demo # ls /sys/fs/cgroup/memory/demo/ cgroup.clone_children memory.memsw.failcnt cgroup.event_control memory.memsw.limit_in_bytes cgroup.procs memory.memsw.max_usage_in_bytes memory.failcnt memory.memsw.usage_in_bytes memory.force_empty memory.move_charge_at_immigrate memory.kmem.failcnt memory.numa_stat memory.kmem.limit_in_bytes memory.oom_control memory.kmem.max_usage_in_bytes memory.pressure_level memory.kmem.slabinfo memory.soft_limit_in_bytes memory.kmem.tcp.failcnt memory.stat memory.kmem.tcp.limit_in_bytes memory.swappiness memory.kmem.tcp.max_usage_in_bytes memory.usage_in_bytes memory.kmem.tcp.usage_in_bytes memory.use_hierarchy memory.kmem.usage_in_bytes notify_on_release memory.limit_in_bytes tasks memory.max_usage_in_bytes To adjust a value we just have to write to the corresponding file. Let’s limit the cgroup to 100MB of memory and turn off swap. # echo "100000000" > /sys/fs/cgroup/memory/demo/memory.limit_in_bytes # echo "0" > /sys/fs/cgroup/memory/demo/memory.swappiness The tasks file is special, it contains the list of processes which are assigned to the cgroup. To join the cgroup we can write our own PID. # echo $$ > /sys/fs/cgroup/memory/demo/tasks Finally we need a memory hungry application. f = open("/dev/urandom", "r") data = "" i=0 while True: data += f.read(10000000) # 10mb i += 1 print "%dmb" % (i*10,) If you’ve setup the cgroup correctly, this program won’t crash your computer. # python hungry.py 10mb 20mb 30mb 40mb 50mb 60mb 70mb 80mb Killed If that didn’t crash your computer, congratulations! cgroups can’t be removed until every processes in the tasks file has exited or been reassigned to another group. Exit the shell and remove the directory with rmdir (don’t use rm -r). # exit exit $ sudo rmdir /sys/fs/cgroup/memory/demo Container security and capabilities Containers are extremely effective ways of running arbitrary code from the internet as root, and this is where the low overhead of containers hurts us. Containers are significantly easier to break out of than a VM. As a result many technologies used to improve the security of containers, such as SELinux, seccomp, and capabilities involve limiting the power of processes already running as root. In this section we’ll be exploring Linux capabilities. Consider the following Go program which attempts to listen on port 80. package main import ( "fmt" "net" "os" ) func main() { if _, err := net.Listen("tcp", ":80"); err != nil { fmt.Fprintln(os.Stdout, err) os.Exit(2) } fmt.Println("success") } What happens when we compile and run this? $ go build -o listen listen.go $ ./listen listen tcp :80: bind: permission denied Predictably this program fails; listing on port 80 requires permissions we don’t have. Of course we can just use sudo, but we’d like to give the binary just the one permission to listen on lower ports. Capabilities are a set of discrete powers that together make up everything root can do. This ranges from things like setting the system clock, to kill arbitrary processes. In this case, CAP_NET_BIND_SERVICE allows executables to listen on lower ports. We can grant the executable CAP_NET_BIND_SERVICE using the setcap command. $ sudo setcap cap_net_bind_service=+ep listen $ getcap listen listen = cap_net_bind_service+ep $ ./listen success For things already running as root, like most containerized apps, we’re more interested in taking capabilities away than granting them. First let’s see all powers our root shell has: $ sudo su # capsh --print Current: = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,37+ep Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,37 Securebits: 00/0x0/1'b0 secure-noroot: no (unlocked) secure-no-suid-fixup: no (unlocked) secure-keep-caps: no (unlocked) uid=0(root) gid=0(root) groups=0(root) Yeah, that’s a lot of capabilities. As an example, we’ll use capsh to drop a few capabilities including CAP_CHOWN. If things work as expected, our shell shouldn’t be able to modify file ownership despite being root. $ sudo capsh --drop=cap_chown,cap_setpcap,cap_setfcap,cap_sys_admin --chroot=$PWD/rootfs -- root@localhost:/# whoami root root@localhost:/# chown nobody /bin/ls chown: changing ownership of '/bin/ls': Operation not permitted Conventional wisdom still states that VMs isolation is mandatory when running untrusted code. But security features like capabilities are important to protect against hacked applications running in containers. Beyond more elaborate tools like seccomp, SELinux, and capabilities, applications running in containers generally benefit from the same kind of best practices as applications running outside of one. Know what your linking against, don’t run as root in your container, update for known security issues in a timely fashion. Conclusion Containers aren’t magic. Anyone with a Linux machine can play around with them and tools like Docker and rkt are just wrappers around things built into every modern kernel. No, you probably shouldn’t go and implement your own container runtime. But having a better understanding of these lower level technologies will help you work with these higher level tools (especially when debugging). There’s a ton of topics I wasn’t able to cover today, networking and copy-on-write file systems probably being the biggest two. However, I hope this acts as a good starting point for anyone wanting to get their hands dirty. Happy hacking! Sursa: https://ericchiang.github.io/post/containers-from-scratch//

Everything you need to know about HTTP security headers 13 JANUARY 2017 on Security, Programming, Web Some physicists 28 years ago needed a way to easily share experimental data and thus the web was born. This was generally considered to be a good move. Unfortunately, everything physicists touch — from trigonometry to the strong nuclear force — eventually becomes weaponized and so too has the Hypertext Transfer Protocol. What can be attacked must be defended, and since tradition requires all security features to be a bolted-on afterthought, things… got a little complicated. This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache. Please note that some headers may be best configured in on your HTTP servers, while others should be set on the application layer. Use your own discretion here. You can test how well you’re doing with Mozilla’s Observatory. Did we get anything wrong? Contact us at hello@appcanary.com. HTTP Security Headers X-XSS-Protection Why? Should I use it? How? I want to know more Content Security Policy Why? Should I use it? How? I want to know more HTTP Strict Transport Security (HSTS) Why? Should I use it? How? I want to know more HTTP Public Key Pinning (HPKP) Why? Should I use it? How? I want to know more X-Frame-Options Why? Should I use it? How? I want to know more X-Content-Type-Options Why? Should I use it? How? Referrer-Policy Why? Should I use it? How? I want to know more Cookie Options Why? Should I use it? How? X-XSS-Protection X-XSS-Protection: 0; X-XSS-Protection: 1; X-XSS-Protection: 1; mode=block Why? Cross Site Scripting, commonly abbreviated XSS, is an attack where the attacker causes a page to load some malicious javascript. X-XSS-Protection is a feature in Chrome and Internet Explorer that is designed to protect against “reflected” XSS attacks — where an attacker is sending the malicious payload as part of the request1. X-XSS-Protection: 0 turns it off. X-XSS-Protection: 1 will filter out scripts that came from the request - but will still render the page X-XSS-Protection: 1; mode=block when triggered, will block the whole page from being rendered. Should I use it? Yes. Set X-XSS-Protection: 1; mode=block. The “filter bad scripts” mechanism is problematic; see here for why. How? Platform What do I do? Rails 4 and 5 On by default Django SECURE_BROWSER_XSS_FILTER = True Express.js Use helmet Go Use unrolled/secure Nginx add_header X-XSS-Protection "1; mode=block"; Apache Header always set X-XSS-Protection "1; mode=block" I want to know more X-XSS-Protection - MDN Content Security Policy Content-Security-Policy: <policy> Why? Content Security Policy can be thought of as much more advanced version of the X-XSS-Protection header above. While X-XSS-Protection will block scripts that come from the request, it’s not going to stop an XSS attack that involves storing a malicious script on your server or loading an external resource with a malicious script in it. CSP gives you a language to define where the browser can load resources from. You can white list origins for scripts, images, fonts, stylesheets, etc in a very granular manner. You can also compare any loaded content against a hash or signature. Should I use it? Yes. It won’t prevent all XSS attacks, but it’s a significant mitigation against their impact, and an important aspect of defense-in-depth. That said, it can be hard to implement. If you’re an intrepid reader and went ahead and checked the headers appcanary.com returns2, you’ll see that we don’t have CSP implemented yet. There are some rails development plugins we’re using that are holding us back from a CSP implementation that will have an actually security impact. We’re working on it, and will write about it in the next instalment! How? Writing a CSP policy can be challenging. See here for a list of all the directives you can employ. A good place to start is here. Platform What do I do? Rails 4 and 5 Use secureheaders Django Use django-csp Express.js Use helmet/csp Go Use unrolled/secure Nginx add_header Content-Security-Policy "<policy>"; Apache Header always set Content-Security-Policy "<policy>" I want to know more Content-Security-Policy - MDN CSP Quick Reference Guide Google’s CSP Guide HTTP Strict Transport Security (HSTS) Strict-Transport-Security: max-age=<expire-time> Strict-Transport-Security: max-age=<expire-time>; includeSubDomains Strict-Transport-Security: max-age=<expire-time>; preload Why? When we want to securely communicate with someone, we face two problems. The first problem is privacy; we want to make sure the messages we send can only be read by the recipient, and no one else. The other problem is that of authentication: how do we know the recipient is who they say they are? HTTPS solves the first problem with encryption, though it has some major issues with authentication (more on this later, see Public Key Pinning). The HSTS header solves the meta-problem: how do you know if the person you’re talking to actually supports encryption? HSTS mitigates an attack called sslstrip. Suppose you’re using a hostile network, where a malicious attacker controls the wifi router. The attacker can disable encryption between you and the websites you’re browsing. Even if the site you’re accessing is only available over HTTPS, the attacker can man-in-the-middle the HTTP traffic and make it look like the site works over unencrypted HTTP. No need for SSL certs, just disable the encryption. Enter the HSTS. The Strict-Transport-Security header solves this by letting your browser know that it must always use encryption with your site. As long as your browser has seen an HSTS header — and it hasn’t expired — it will not access the site unencrypted, and will error out if it’s not available over HTTPS. Should I use it? Yes. Your app is only available over HTTPS, right? Trying to browse over regular old HTTP will redirect to the secure site, right? (Hint: Use letsencrypt if you want to avoid the racket that are commercial certificate authorities.) The one downside of the HSTS header is that it allows for a clever technique to create supercookies that can fingerprint your users. As a website operator, you probably already track your users somewhat - but try to only use HSTS for good and not for supercookies. How? The two options are includeSubDomains - HSTS applies to subdomains preload - Google maintains a service that hardcodes3 your site as being HTTPS only into browsers. This way, a user doesn’t even have to visit your site: their browser already knows it should reject unencrypted connections. Getting off that list is hard, by the way, so only turn it on if you know you can support HTTPS forever on all your subdomains. Platform What do I do? Rails 4 config.force_ssl = true Does not include subdomains by default. To set it: config.ssl_options = { hsts: { subdomains: true } } Rails 5 config.force_ssl = true Django SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True Express.js Use helmet Go Use unrolled/secure Nginx add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; "; Apache Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; I want to know more RFC 6797 Strict-Transport-Security - MDN HTTP Public Key Pinning (HPKP) Public-Key-Pins: pin-sha256=<base64==>; max-age=<expireTime>; Public-Key-Pins: pin-sha256=<base64==>; max-age=<expireTime>; includeSubDomains Public-Key-Pins: pin-sha256=<base64==>; max-age=<expireTime>; report-uri=<reportURI> Why? The HSTS header described above was designed to ensure that all connections to your website are encrypted. However, nowhere does it specify what key to use! Trust on the web is based on the certificate authority (CA) model. Your browser and operating system ship with the public keys of some trusted certificate authorities which are usually specialized companies and/or nation states. When a CA issues you a certificate for a given domain that means anyone who trusts that CA will automatically trust the SSL traffic you encrypt using that certificate. The CAs are responsible for verifying that you actually own a domain (this can be anything from sending an email, to asking you to host a file, to investigating your company). Two CAs can issue a certificate for the same domain to two different people, and browsers will trust both. This creates a problem, especially since CAs can be and arecompromised. This allows attackers to MiTM any domain they want, even if that domain uses SSL & HSTS! The HPKP header tries to mitigate this. This header lets you to “pin” a certificate. When a browser sees the header for the first time, it will save the certificate. For every request up to max-age, the browser will fail unless at least one certificate in the chain sent from the server has a fingerprint that was pinned. This means that you can pin to the CA or a intermediate certificate along with the leaf in order to not shoot yourself in the foot (more on this later). Much like HSTS above, the HPKP header also has some privacy implications. These were laid out in the RFC itself. Should I use it? Probably not. HPKP is a very very sharp knife. Consider this: if you pin to the wrong certificate, or you lose your keys, or something else goes wrong, you’ve locked your users out of your site. All you can do is wait for the pin to expire. This article lays out the case against it, and includes a fun way for attackers to use HPKP to hold their victims ransom. One alternative is using the Public-Key-Pins-Report-Only header, which will just report that something went wrong, but not lock anyone out. This allows you to at least know your users are being MiTMed with fake certificates. How? The two options are includeSubDomains - HPKP applies to subdomains report-uri - Inavlid attempts will be reported here You have to generate a base64 encoded fingerprint for the key you pin to, and you have to use a backup key. Check this guide for how to do it. Platform What do I do? Rails 4 and 5 Use secureheaders Django Write custom middleware Express.js Use helmet Go Use unrolled/secure Nginx add_header Public-Key-Pins 'pin-sha256="<primary>"; pin-sha256="<backup>"; max-age=5184000; includeSubDomains'; Apache Header always set Public-Key-Pins 'pin-sha256="<primary>"; pin-sha256="<backup>"; max-age=5184000; includeSubDomains'; I want to know more RFC 7469 HTTP Public Key Pinning (HPKP) - MDN X-Frame-Options X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN X-Frame-Options: ALLOW-FROM https://example.com/ Why? Before we started giving dumb names to vulnerabilities, we used to give dumb names to hacking techniques. “Clickjacking” is one of those dumb names. The idea goes like this: you create an invisible iframe, place it in focus and route user input into it. As an attacker, you can then trick people into playing a browser-based game while their clicks are being registered by a hidden iframe displaying twitter - forcing them to non-consensually retweet all of your tweets. It sounds dumb, but it’s an effective attack. Should I use it? Yes. Your app is a beautiful snowflake. Do you really want some genius shoving it into an iframe so they can vandalize it? How? X-Frame-Options has three modes, which are pretty self explanatory. DENY - No one can put this page in an iframe SAMEORIGIN - The page can only be displayed in an iframe by someone on the same origin. ALLOW-FROM - Specify a specific url that can put the page in an iframe One thing to remember is that you can stack iframes as deep as you want, and in that case, the behavior of SAMEORIGIN and ALLOW-FROM isn’t specified. That is, if we have a triple-decker iframe sandwich and the innermost iframe has SAMEORIGIN, do we care about the origin of the iframe around it, or the topmost one on the page? ¯\_(ツ)_/¯. Platform What do I do? Rails 4 and 5 SAMEORIGIN is set by default. To set DENY: config.action_dispatch.default_headers['X-Frame-Options'] = "DENY" Django MIDDLEWARE = [ ... 'django.middleware.clickjacking.XFrameOptionsMiddleware', ... ] This defaults to SAMORIGIN. To set DENY: X_FRAME_OPTIONS = 'DENY' Express.js Use helmet Go Use unrolled/secure Nginx add_header Referrer-Policy "deny"; Apache Header always set Referrer-Policy "deny" I want to know more RFC 7034 X-Frame-Options - MDN. X-Content-Type-Options X-Content-Type-Options: nosniff; Why? The problem this header solves is called “MIME sniffing”, which is actually a browser “feature”. In theory, every time your server responds to a request it is supposed to set a Content-Type header in order to tell the browser if it’s getting some HTML, a cat gif, or a Flash cartoon from 2008. Unfortunately, the web has always been broken and has never really followed a spec for anything; back in the day lots of people didn’t bother to set the content type header properly. As a result, browser vendors decided they should be really helpful and try to infer the content type by inspecting the content itself while completely ignore the content type header. If it looks like a gif, display a gif!, even though the content type is text/html. Likewise, if it looks like we got some HTML, we should render it as such even if the server said it’s a gif. This is great, except when you’re running a photo-sharing site, and users can upload photos that look like HTML with javascript included, and suddenly you have a stored XSS attack on your hand. The X-Content-Type-Options headers exist to tell the browser to shut up and set the damn content type to what I tell you, thank you. Should I use it? Yes, just make sure to set your content types correctly. How? Platform What do I do? Rails 4 and 5 On by default Django SECURE_CONTENT_TYPE_NOSNIFF = True Express.js Use helmet Go Use unrolled/secure Nginx add_header X-Content-Type-Options nosniff; Apache Header always set X-Content-Type-Options nosniff Referrer-Policy Referrer-Policy: "no-referrer" Referrer-Policy: "no-referrer-when-downgrade" Referrer-Policy: "origin" Referrer-Policy: "origin-when-cross-origin" Referrer-Policy: "same-origin" Referrer-Policy: "strict-origin" Referrer-Policy: "strict-origin-when-cross-origin" Referrer-Policy: "unsafe-url" Why? Ah, the Referer header. Great for analytics, bad for your users’ privacy. At some point the web got woke and decided that maybe it wasn’t a good idea to send it all the time. And while we’re at it, let’s spell “Referrer” correctly4. The Referrer-Policy header allows you to specify when the browser will set a Refererheader. Should I use it? It’s up to you, but it’s probably a good idea. If you don’t care about your users’ privacy, think of it as a way to keep your sweet sweet analytics to yourself and out of your competitors’ grubby hands. Set Referrer-Policy: "no-referrer" How? Platform What do I do? Rails 4 and 5 Use secureheaders Django Write custom middleware Express.js Use helmet Go Write custom middleware Nginx add_header Referrer-Policy "no-referrer"; Apache Header always set Referrer-Policy "no-referrer" I want to know more X-XSS-Protection - MDN Cookie Options Set-Cookie: <key>=<value>; Expires=<expiryDate>; Secure; HttpOnly; SameSite=strict Why? This isn’t a security header per se, but there are three different options for cookies that you should be aware of. Cookies marked as Secure will only be served over HTTPS. This prevents someone from reading the cookies in a MiTM attack where they can force the browser to visit a given page. HttpOnly is a misnomer, and has nothing to do with HTTPS (unlike Secure above). Cookies marked as HttpOnly can not be accessed from within javascript. So if there is an XSS flaw, the attacker can’t immediately steal the cookies. SameSite helps defend against Cross-Origin Resource Sharing (CSRF) attacks. This is an attack where a different website the user may be visiting inadvertently tricks them into making a request against your site, i.e. by including an image to make a GET request, or using javascript to submit a form for a POST request. Generally, people defend against this using CSRF tokens. A cookie marked as SameSite won’t be sent to a different site. It has two modes, lax and strict. Lax mode allows the cookie to be sent in a top-level context for GET requests (i.e. if you clicked a link). Strict doesn’t send any third-party cookies. Should I use it? You should absolutely set Secure and HttpOnly. Unfortunately, as of writing, SameSite cookies are available only in Chrome and Opera, so you may want to ignore them for now. How? Platform What do I do? Rails 4 and 5 Secure and HttpOnly enabled by default. For SameSite, use secureheaders Django Session cookies are HttpOnly by default. To set secure: SESSION_COOKIE_SECURE = True. Not sure about SameSite. Express.js cookie: { secure: true, httpOnly: true, sameSite: true } Go http.Cookie{Name: "foo", Value: "bar", HttpOnly: true, Secure: true} For SameSite, see this issue. Nginx You probably won’t set session cookies in Nginx Apache You probably won’t set session cookies in Apache Thanks to @wolever for python advice Sursa: https://blog.appcanary.com/2017/http-security-headers.html

Nu copia capodopera lu @QuoVadis

Stiu ca sunt tineri programatori ce isi doresc sa-si faca propriul joc si de aceea m-am gandit sa le ofer o sursa de inspiratie. #include <iostream> #include <windows.h> #include <ctime> using namespace std; char GameOver[50][50] = {"-------------------------", "- -", "- GAME OVER -", "- -", "-1)Apasati ESC(ExitGame)-", "-2)Apasati F1(Repetare) -", "-------------------------"}; char GameWinner[50][50] = {"@@@@@@@@@@@@@@@@@@@@@@@", "@ @", "@ @", "@ Win this Game @", "@ @", "@ F1 - Repeat @", "@@@@@@@@@@@@@@@@@@@@@@@"}; char map[50][50] = {"################", "# #", "# #", "# @ #", "# #", "#* #", "################"}; int game_speed = 90; bool pause = false; //----------PLAYER------------// int score = 0; bool IsDead = false; int playerCount = 0; int inc_score = 5; int HP = 100; int SP = 100; //----------OTHER-------------// int over = 0; int enemy = 0; int totalenemy = 0; //----------------------------// //---------DIRECTION----------// bool LimitUpDown = false; //----------------------------// void MyGame(); void WinGame() { while(pause==true) { system("cls"); for(int x = 0; x < 20; x++) { cout<<GameWinner[x]<<endl; } if(GetAsyncKeyState(VK_F1)!=0) { pause = false; if(enemy==0) { map[2][2] = '*'; map[2][3] = '@'; } MyGame(); } if(GetAsyncKeyState(VK_ESCAPE)!=0) { pause = false; } } } void MyGame() { while((pause==false)&&(IsDead == false)) { system("cls"); for(int x = 0; x < 7; x++) { cout<<map[x]<<endl; } for(int x = 0; x < 17; x ++ ) { for(int y = 0 ; y < 17 ; y ++ ) { switch(map[y][x]) { case '*': { if(LimitUpDown==false) { int y2 = y - 1; //up switch(map[y2][x]) { case ' ': { map[y][x] = ' '; y -= 1; map[y2][x] = '*'; }break; case '@': { map[y][x] = ' '; y -= 1; map[y2][x] = '*'; }break; case '#': { LimitUpDown = true; }break; } } else { //down int y2 = y + 1; switch(map[y2][x]) { case ' ': { map[y][x] = ' '; y += 1; map[y2][x] = '*'; }break; case '@': { map[y][x] = ' '; y += 1; map[y2][x] = '*'; }break; case '#': { LimitUpDown = false; }break; } } }break; case '@': { if(GetAsyncKeyState(VK_UP)!=0) { int y2 = y - 1; switch(map[y2][x]) { case ' ': { map[y][x] = ' '; y -= 1; map[y2][x] = '@'; }break; case '*': { score = score+inc_score; map[y][x] = ' '; y -= 1; map[y2][x] = '@'; }break; } } if(GetAsyncKeyState(VK_DOWN)!=0) { int y2 = y + 1; switch(map[y2][x]) { case ' ': { map[y][x] = ' '; y += 1; map[y2][x] = '@'; }break; case '*': { score = score+inc_score; map[y][x] = ' '; y += 1; map[y2][x] = '@'; }break; } } if(GetAsyncKeyState(VK_RIGHT)!=0) { int x2 = x + 1; switch(map[y][x2]) { case ' ': { map[y][x] = ' '; x += 1; map[y][x2] = '@'; }break; case '*': { score = score+inc_score; map[y][x] = ' '; x += 1; map[y][x2] = '@'; }break; } } if(GetAsyncKeyState(VK_LEFT)!=0) { int x2 = x - 1; switch(map[y][x2]) { case ' ': { map[y][x] = ' '; x -= 1; map[y][x2] = '@'; }break; case '*': { score = score+inc_score; map[y][x] = ' '; x -= 1; map[y][x2] = '@'; }break; } } }break; } if(GetAsyncKeyState(VK_ESCAPE)!=0) { pause = true; } } } for(int x = 0 ; x < 17; x ++ ) { for(int y = 0; y < 17; y ++ ) { if(map[y][x]=='@') { playerCount ++; } } } if(playerCount==0) { IsDead = true; over += 1; } for(int x = 0 ; x < 17; x ++ ) { for(int y = 0; y < 17 ; y++) { if(map[y][x]=='*') { enemy ++; } } } if(totalenemy<=enemy) { totalenemy = enemy; } if(enemy==0) { pause = true; WinGame(); } cout<<"----------------------------------"<<endl; cout<<"ENEMY: "<<enemy<<endl; cout<<"SCORE: "<<score<<endl; cout<<"GAME SPEED: "<<game_speed<<endl; cout<<"----------------------------------"<<endl; cout<<"Health: "<<HP<<endl; cout<<"----------------------------------"<<endl; Sleep(game_speed); enemy = 0; playerCount = 0; } while(IsDead == true) { system("cls"); for(int x = 0; x < 15; x ++ ) { cout<<GameOver[x]<<endl; } if(GetAsyncKeyState(VK_F1)!=0) { IsDead = false; pause = false; if(enemy == 0) { map[2][2] = '*'; } map[2][3] = '@'; MyGame(); } if(GetAsyncKeyState(VK_ESCAPE)!=0) { IsDead = false; } } } int main() { MyGame(); } Jocul este facut in CodeBlocks, nu l-am testat in Visual sau Dev, in orice caz sper ca nu apar erori.

Frumos da cam greu de jucat. Ar fi bine sa inveti o implementare mai buna. Poate un OOP. Intre timp postez si eu opera mea de acum cativa ani, neterminata. Console Game: #include <iostream> #include <string> #include <ctype.h> #include <stdio.h> using namespace std; class Item { public: string name, roomLoc, description; int use; }; class Room { public: int nr; string name; Room* vecini[4]; string description; Item* contain[5]; }; class User { public: Room* location; string name; Item* inventory[5]; }; int action(string w) { if(w=="analyze") return 0; if(w=="look") return 0; if(w=="go") return 1; if(w=="enter") return 1; if(w=="help") return 2; if(w=="location") return 3; if(w=="take") return 4; if(w=="steal") return 4; if(w=="inventory") return 5; return 666; } int object(string w) { if(w=="bathroom") return 0; if(w=="hall") return 1; if(w=="living room") return 2; if(w=="key") return 3; if(w=="biscuit") return 4; if(w=="letter") return 5; return 666; } string readt() { string input; getline(cin, input); for(int i=0;i<input.length();i++) { input[i]=tolower(input[i]); } return input; } void initial(); void decide(); void analyze(int c); void enter(int c); void help(int c); int checkNeigh(Room &loc); void take(int c); int takeItem(Item &tk); void inventory(); //Global declare space Room hall, bathroom, livingRoom; User User1; Item biscuit, key, letter; int inv; int main() { cout<<"--Begin--"<<'\n'; initial(); do{ cout<<"\nInsert command: "; decide(); }while(1); return 0; } void initial() { User1.location = &hall; cout<<"Insert your username:"; User1.name=readt(); cout<<'\n'<<"Welcome agent "<<User1.name<<"!\nYou just woke up with no memories. You find yourself in a big white hall.\nTry to gain more information about your location.\nHow? Try some help!\ntype: help\n"; //room instantiate hall.name = "Hall"; hall.description = "You in are in a big long hall with white walls. In front of you is a door leading to living room."; hall.vecini[0]=&livingRoom; livingRoom.name= "Living Room"; livingRoom.description = "You are in a big living room. On the walls you can see a bear head. In the center of the room is a big table which have around 4 chairs. On the table you find a letter and a biscuit. There is another door with a bathroom sign on it."; livingRoom.vecini[0]=&hall; livingRoom.vecini[1]=&bathroom; bathroom.name="Men's Bathroom"; bathroom.description = "It is a small bathroom. A small sink sits in the corner next to the shower cabin. The toilet seams to be broken."; bathroom.vecini[0]=&livingRoom; letter.name = "old letter"; letter.use = 0; key.name = "golden key"; key.roomLoc = "Under the sink a key shines."; letter.roomLoc = "A letter sits on the table."; biscuit.roomLoc = "You find a biscuit on the floor."; key.use = 1; biscuit.name = "biscuit"; biscuit.use = 2; bathroom.contain[0]=&key; livingRoom.contain[0]=&biscuit; livingRoom.contain[1]=&letter; hall.nr=0; livingRoom.nr=2; bathroom.nr=1; } void decide() { string input,w1,w2; int p1; input=readt(); p1=input.find(' '); w1=input.substr(0,p1); w2=input.substr(p1+1,input.size()); switch(action(w1)) { case 0: analyze(object(w2)); break; case 1: enter(object(w2)); break; case 2: help(0); break; case 3: help(1); break; case 4: take(object(w2)); break; case 5: inventory(); break; default: cout<<"Wrong action!"<<'\n'; break; } } void analyze(int c) { cout<<User1.location->description; for(int i=0;i<User1.location->nr;i++) cout<<" "<<User1.location->contain[i]->roomLoc; cout<<'\n'; } void enter(int c) { switch(c) { case 0: if(checkNeigh(bathroom)){ User1.location = &bathroom; cout<<"You went to bathroom."<<'\n';}else cout<<"No bathroom around.\n"; break; case 1: if(checkNeigh(hall)){User1.location = &hall; cout<<"You went to hall."<<'\n';}else cout<<"No hall around."; break; case 2: if(checkNeigh(livingRoom)){User1.location = &livingRoom; cout<<"You went to living room."<<'\n';}else cout<<"No living room around"; break; default: cout<<"Wrong action!"<<'\n'; break; } } void inventory() { cout<<"You have: "; for(int i=0;i<inv;i++) cout<<User1.inventory[i]->name<<", "; cout<<'\n'; } void help(int c) { if(c==0) cout<<"Type 2 words commands: action + object\nLike:analyze, look, go, enter, location, take, steal, help, inventory\nTry: analyze hall or simply: look\n"; else if(c==1) cout<<"You are in the: "<<User1.location->name<<'\n'; } void take(int c) { switch(c) { case 3: takeItem(key); break; case 4: takeItem(biscuit); break; case 5: takeItem(letter); break; default: cout<<"You can't take that!\n"; } } int takeItem(Item &tk) { for(int i=0;i<=5;i++) { if(&tk == (User1.location->contain[i])) { User1.inventory[inv]=&tk; User1.location->contain[i]=NULL; inv++; User1.location->nr--; cout<<"You took: "<<tk.name<<'\n'; return 1; } } cout<<"Can't find that!\n"; return 0; } int checkNeigh(Room &loc) { for(int i=0;i<=4;i++) { if(&loc == (User1.location->vecini[i])) return 1; } return 0; }

Am facut eu o singura carte pdf, din alea 240 de poze. Consider ca e mai pratic asa. Download: Carte C++ pt scoala.pdf

ionele cred ca ti-ai gresit menirea intrebi de scoala de soferi acum fara vreun motiv te plangi de diploma de bac tu ce cauti pe forumul asta mai exact?

o ajuns si donatiile alea utile, manca-mi-ai cucu nytro

Inainte de toate ma simt obligat sa raspund: 1: Atentie like cumparate sunt doar pentru portofoliu , reach lor fata de cele cumparate este de 200% diferenta 2: De-a lungul timpului am cumparat aprox 300.000 like-uri. in ultimi 2 ani nu au mai fost rentabile. 3: Puteti cumpara si 100.000 si de spuneti liturghia de duminica nu va avea un reach major 4: Era like a apus ! + Se mai pune ceva din buget si cumparati direct de la ei. Nu exista grad de comparatie intre cele cumparate si cele de la facebook. Faceti ce vreti cu banii vostri !

Nu mai merge nici un site pentru download :/

Doar ti-se pare. Ofer gratuit pentru test 2 pagini , una cu like cumparate de la fb si una cu like aduse fie prin scripturi etc.. sa vedeti chiar voi diferenta. Nu profita de naivitatea unora.