if you get error REP-3000: Internal error starting Oracle Toolkit.

if you get this error, first check your host with oracle user, if you can open xclock. If you can't, run this under root privilledge,
xhost +

but if you can, but still having the same error, follow these instruction.

To manually add the DISPLAY value:

1. Change directory to $ORACLE_HOME/opmn/conf.

2. Back up the opmn.xml file.

3. Add a new line of type in the opmn.xml file configuration section for the new Reports server. Use the following example as a guide, where reportserver_name is the name of the Reports server, and display_value is that value of the DISPLAY

        
   ..process-type id="ReportsServer" module-id="ReportsServices"..
     ..process-set id="reportserver_name" restart-on-death="true" numprocs="1"..
        ..environment..
           ..variable id="DISPLAY" value="display_value"/..
           ..variable id="PATH" value="/project1/AS10g/FR_STANDALONE_M23_MAR08/ohome/bin:/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java130/jre/bin:/usr/java130/bin:/usr/bin:/bin"/..
   
   
   

4. Reload the opmn.xml file, as follows:

   $ $ORACLE_HOME/opmn/bin/opmnctl reload
   
   

5. Stop and then restart the Reports server:

   $ $ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=reportserver_name
   $ $ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=reportserver_name
   
   

6. Verify that you can run a test report. For example:

   http://mydomain.com:7782/reports/rwservlet?destype=cache&desformat=html&server=reportserver_name&report=test.rdf&userid=scott/tiger@twotask

source : http://download.oracle.com/docs/cd/B13597_05/bf.904/b13667/toc.htm

How to Using Vinetto

How to Using Vinetto 0.06 (r56)

This is part of the Digital Forensics section of BT2 and 3
Note: If using BT3 and this tool doesn't work then please see the thread here: [url=http://forums.remote-exploit.org/showthread.php?t=10744]Possible bug[/url]

Some Background: Vinetto is a forensics tool to examine Thumbs.db files.It is a command line python script that works on Linux, Mac OS X and Cygwin(win32).
Source: [url=http://vinetto.sourceforge.net/]Vinetto[/url]

Disclaimer: This information is for educational purposes only and not to commit a crime.
If you do something that causes you to hose your box don't come kicking and screaming on the forums!

OK you may be asking your self "why would I need this tool?" This tool and the whole "forensics section" of BT is one that the average person is not going to use. Now on the other hand if you conduct forensics investigation as either some type of "police official" or as a pen tester, then this tool can come in very handy for you.
Now there are other tools that can do the same basic thing however if you need it it's included.

NOTE: When doing any type of forensic work it is imperative that we do not damage the target computer in any way. Having said that we should boot our BT disk over our target computer using the "bt nohd" boot option. If you don't know what this means then stop here and go read about it here: [url=http://backtrack.offensive-security.com/index.php/Cheats]Cheats[/url]

Ok in order to get this to work we need to go to the command line or alternatively through K>Backtrack>Digital Forensics>All>Vinetto
Now lets have a look at the options that are presented when we do a --help
[code] bt ~ # vinetto --help
usage: vinetto [OPTIONS] [-o DIR] file

options:
--version show program's version number and exit
-h, --help show this help message and exit
-o DIR write thumbnails to DIR
-H write html report to DIR [/code]

Now the output shows us only two useful switches -o will write our thumbnail to a given directory and the -H creates a html report to a directory
and these two can be combined like so -Ho this will give us both the thumbs and and report in html format. This is useful if we have a lot of thumbs to go through.
So far so good right? OK now for my example usage.

I booted BT over my laptop that has Windblows XP next I opened a shell and did a:

[code]# find / -name Thumbs.db
/mnt/hda1/Program Files/Windows NT/Thumbs.db
/mnt/hda1/RECYCLER/Thumbs.db
/mnt/hda1/WINDOWS/Thumbs.db
/mnt/hda1/Program Files/Microsoft Office Old/Office/Bitmaps/Dbwiz/Thumbs.db
bt ~ #
[/code]

The above is a truncated version of the output, yours will be different. Our target file will be the last one, the "/Dbwiz/Thumbs.db"
So now you need to setup a storage device of some sort I used a usb stick seems to be the easiest. now go ahead and mount it and make a directory in it.
I used "thumbs" for mine. Ok now we have both a target directory and a "save location" we can go ahead and extract our thumbs to it.
so in a shell again give:

[code vinetto -Ho /mnt/sda1_removable/thumbs "/mnt/hda1/Program Files/Microsoft Office Old/Office/Bitmaps/Dbwiz/Thumbs.db"

** Warning: Cannot find "Image" module.
Vinetto will only extract Type 2 thumbnails.


Root Entry modify timestamp : Tue Apr 4 02:15:03 2006

------------------------------------------------------

0001 Mon Mar 22 01:00:00 1999 ORDPROC.GIF
0002 Mon Mar 22 01:00:00 1999 ASSETS.GIF
0003 Mon Mar 22 01:00:00 1999 CONTACTS.GIF
0004 Mon Mar 22 01:00:00 1999 EVTMGMT.GIF
0005 Mon Mar 22 01:00:00 1999 EXPENSES.GIF
0006 Mon Mar 22 01:00:00 1999 INVENTRY.GIF
0007 Mon Mar 22 01:00:00 1999 LEDGER.GIF

------------------------------------------------------

7 Type 2 thumbnails extracted to /mnt/sda1_removable/thumbs/
[/code]

hit enter and you should see the same basic output as above.
This show use the thumbs that we have recovered and the time they were created on our target and as well as their respective names.
Now we can go to our "save location" to verify our files are there. Also check out the .html output file as this is easier to manage then all of the other files.
I have posted some photos of the output if you need look at them [url=http://picasaweb.google.com/Archangel.Amael/VinettoTutorial]VinettoOutput[/url]

And that's it, a simple program that can help if you need it.
Please leave some feedback if this helped or hindered you, Thanks :)

NOTE: Credit to the author of this tool and to the authors of the [url=http://www.amazon.com/Penetration-Testers-Open-Source-Toolkit/dp/1597492132/ref=sr_1_1?ie=UTF8&s=books&qid=1198971560&sr=1-1]THE BOOK[/url]
This is where I got most of the information from as well as the vinetto website.
I did find in my experiments that you need to use the flags as "-Ho" and not "-oH" doing so I got a "vinetto: error: incorrect number of arguments" error each time.

Adding 'Command Prompt Here' to explorer

Open regedit, and navigate to HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell. Make a new key called 'Command Prompt' and set the default key to whatever you want listed in the menu. Inside that key make another key named 'command' and set the default string to
cmd.exe /k pushd %L Close regedit, right click on a folder and you should now have a new right click menu with a shortcut used to open a command prompt window to that folder. resource - http://r00tsecurity.org/forums/lofiversion/index.php/t4917.html

Configuration for Oracle Form 10g, so you can build a page

#This is added for /oracle/product/10.1.2/midr2/forms/server/formsweb.cfg
#
# main config# URL like "http://serverip:8889/forms/frmservlet?config=xxx".
[xxx]
separateFrame=True
lookandfeel=Generic
width=800
height=650
form=LOGINDC.fmx
userid=user/passwd@dcdb
workingDirectory=/oracle/product/10.1.2/midr2/forms

Removing SSO from Oracle Report 10g

11.3.1 Enabling and Disabling OracleAS Single Sign-On
To take advantage of OracleAS Single Sign-On out-of-the-box, the SINGLESIGNON parameter in the Reports Servlet configuration file (rwservlet.properties) is set to YES, which indicates that you will use OracleAS Single Sign-On to authenticate users. You may change this parameter to NO, if you choose not to use OracleAS Single Sign-On. If you choose NO, the Reports Server authenticates users by itself. The rwservlet configuration file is usually found in:
ORACLE_HOME\reports\conf

The SINGLESIGNON value is usually commented out after installation, but the default value is YES.

Note:
OracleAS Reports Services is configured for OracleAS Single Sign-On out-of-the-box. Oracle considers this to be the normal security deployment model and you should only turn it off if you plan to run in a completely custom security configuration.

11.3.2 Enabling and Disabling Reports Server Security
Reports Server security is turned on and off in the Reports Server configuration file. By default, the Reports Server configuration file, ORACLE_HOME/reports/conf/servername.conf, contains a security element like the following:






Note:
In releases prior to Oracle Reports 10g, the securityUserid property was specified differently. In Oracle Reports 10g and later releases, the old property specification is still provided but commented out.

This security element is referenced by default from the two default job elements in the configuration file to indicate that Reports Server security should be enforced:




To disable Reports Server security, you must remove or comment the security element as well as the securityId attributes from the job element specifications.

TCP/IP stack repair options for use with Windows XP with SP2.

For these commands, Start, Run, CMD to open a command prompt.

Reset WINSOCK entries to installation defaults: netsh winsock reset catalog
Reset TCP/IP stack to installation defaults. netsh int ip reset reset.log

Reboot the machine.

Have a nice try.

"Follow The Sun" infrastructure

One of the interesting models that has arisen is the support model operating on a follow the sun model. So when I finish work at 6pm, New York take over, when New York finishes, Sydney takes over and so on.

Is the next step follow the sun infrastructure? I have my infrastructure come online with my support teams, so between London business hours I use New York servers, in New York business hours I use Sydney servers?

The idea that I use the servers out of core hours when the electricity is cheapest, that they follow the support teams, that the infrastructure is on demand/switchable between time zones. Ultimately with a fast enough connection or even the internet, the user should be location/system independent.

In a virutal infrastructure, I can do this, I can have my virtual sessions move from ESX to ESX following the sun, moving with the business needs, whether the session disks reside in London and the session moves to a New York ESX host, it still allows me to power down the London ESX servers, to have a floating infrastructure.

Sumber : http://www.bladewatch.com/2007/02/19/follow-the-sun-supportinfrastructure/

CVS installation

CVS installation

Install CVS on the development server

Download the CVS tar ball

(http://www.club.cc.cmu.edu/pub/gnu/non-gnu/cvs/cvs-1.12.13.tar.gz)

Extract the CVS tar ball.

Change directory into the installer directory

Issues the command ‘./configure –prefix=/usr’

Issue the command ‘make’

Become root (su - )

Issues the command ‘make install’

Add user ‘cvs’

Become user ‘cvs’ (su – cvs)

Issues ‘mkdir ~cvs/cvshome’

Issues ‘cd ~cvs/cvshome’

Issues ‘cvs –d /home/cvs/cvshome init’

Become root (su -)

Create file /etc/xinetd.d/cvspserver (for red hat)

Add user to the cvs

become the user ‘cvs’ (su – cvs)

issues ‘~/bin’

create a file ‘crypt.pl with the content, to /home/cvs/bin

chmod the crypt.pl file to 755 ( chmod 755 crypt.pl)

to create a user, issues a command “echo username:`crypt.pl password`:cvs >> /home/cvs/cvshome/CVSROOT/passwd

Assalamualaikum..

Welcome
Have a nice journey of learning