Archive for the ‘Tutorial’ Category

  1. wifite
    Link Project:
    Wifite is for Linux only.Wifite is an automated wireless attack tool.Wifite was designed for use with pentesting distributions of Linux, such as Kali LinuxPentooBackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.Wifite must be run as root. This is required by the suite of programs it uses. Running downloaded scripts as root is a bad idea. I recommend using the Kali Linux bootable Live CD, a bootable USB stick (for persistent), or a virtual machine. Note that Virtual Machines cannot directly access hardware so a wireless USB dongle would be required.Wifite assumes that you have a wireless card and the appropriate drivers that are patched for injection and promiscuous/monitor mode.
  2. wifiphisher
    Link Project:
    Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. It is a rogue Access Point framework that can be used to mount automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It can work a social engineering attack tool that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.Wifiphisher works on Kali Linux and is licensed under the GPL license.
  3. wifi-pumpkin
    Link Project:
    Very friendly graphic user interface, good handling, my favorite one is the establishment of phishing wifi attack tools, rich functional interface, ease of use is excellent. Compatibility is also very good. Researcher  is actively update them, we can continue to focus on this fun project
  4. fruitywifi
    Link Project:
    FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.
    Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system
  5. mama toolkit
    Link Project:
    A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.
    More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you’ve managed to get a victim to connect.
  6. 3vilTwinAttacker
    Link Project:
    Much like wifi-pumpkin interface. Has a good graphical interface, the overall experience is very good, good ease of use. Good compatibility. Researcher has hardly been updated.
  7. ghost-phisher
    Link Project:
    It has a good graphical interface, but almost no fault tolerance, many options easily confusing, but the overall feeling is still very good use. It can be a key to establish rogue ap, and protect dhcp, dns services interface, easy to launch a variety of middle attack, ease of use is good. Compatible good. Kali has been made official team updated original repo.
  8. fluxion
    Link Project:
    Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.

Happy Hunting



Nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.

nmap can be used for good and for evil, today we will cover some common situations where nmap makes life easier for sysadmins which is generally good. Even if some Sysadmins are evil…

Discover IP’s in a subnet (no root)

 $ nmap -sP
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.0013s latency).
 Nmap scan report for
 Host is up (0.0032s latency).
 Nmap scan report for
 Host is up (0.0011s latency).

This is one of the simplest uses of nmap. This command is commonly refereed to as a “ping scan”, and tells nmap to send an icmp echo request, TCP SYN to port 443, TCP ACK to port 80 and icmp timestamp request to all hosts in the specified subnet. nmap will simply return a list of ip’s that responded. Unlike many nmap commands this particular one does not require root privileges, however when executed by root nmap will also by default send arp requests to the subnet.

Scan for open ports (no root)

 $ nmap
 Starting Nmap 7.30 ( ) at 2016-10-12 21:20 GMT
Nmap scan report for Host is up (0.0043s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 

This scan is the default scan for nmap and can take some time to generate. With this scan nmap will attempt a TCP SYN connection to 1000 of the most common ports as well as an icmp echo request to determine if a host is up. nmap will also perform a DNS reverse lookup on the identified ip’s as this can sometimes be useful information.

Identify the Operating System of a host (requires root)

 # nmap -O
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Host is up (0.00032s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 MAC Address: 00:00:00:00:00:00 (Unknown)
 Device type: general purpose
 Running: Apple Mac OS X 10.5.X
 OS details: Apple Mac OS X 10.5 - 10.6 (Leopard - Snow Leopard) (Darwin 9.0.0b5 - 10.0.0)
 Network Distance: 1 hop

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.

Identify Hostnames (no root)

 $ nmap -sL
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Nmap scan report for router.local (
 Nmap scan report for fake.local (
 Nmap scan report for another.fake.local (

This is one of the most subtle commands of nmap, the -sL flag tells nmap to do a simple DNS query for the specified ip. This allows you to find hostnames for all of the ip’s in a subnet without having send a packet to the individual hosts themselves.

Hostname information can tell you a lot more about a network than you would think, for instance if you labeled your Active Directory Servers with you shouldn’t be surprised if someone guesses its use.

TCP Syn and UDP Scan (requires root)

 # nmap -sS -sU -PN
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.00029s latency).
 Not shown: 1494 closed ports, 496 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf

The TCP SYN and UDP scan will take a while to generate but is fairly unobtrusive and stealthy. This command will check about 2000 common tcp and udp ports to see if they are responding. When you use the -Pn flag this tells nmap to skip the ping scan and assume the host is up. This can be useful when there is a firewall that might be preventing icmp replies.

TCP SYN and UDP scan for all ports (requires root)

 # nmap -sS -sU -PN -p 1-65535
 Starting Nmap 7.30 ( ) at 2016-10-12 21:36 GMT
 Nmap scan report for
 Host is up (0.00021s latency).
 Not shown: 131051 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 17500/tcp open unknown
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf
 17500/udp open|filtered unknown
 51657/udp open|filtered unknown
 54658/udp open|filtered unknown
 57798/udp open|filtered unknown
 58488/udp open|filtered unknown
 60027/udp open|filtered unknown

This command is the same as above however by specifying the full port range from 1 to 65535 nmap will scan to see if the host is listening on all available ports. You can use the port range specification on any scan that performs a port scan.

TCP Connect Scan (no root)

 $ nmap -sT
 Starting Nmap 7.30 ( ) at 2016-10-12 21:40 GMT
 Nmap scan report for
 Host is up (0.0015s latency).
 Not shown: 964 closed ports, 32 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

Aggressively Scan Hosts (no root)

 $ nmap -T4 -A
 Nmap scan report for
 Host is up (0.00060s latency).
 Not shown: 996 closed ports
 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1 (protocol 2.0)
 | ssh-hostkey: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (DSA)
 |_2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (RSA)
 80/tcp open http nginx 1.1.19
 |_http-title: 403 Forbidden
 |_http-methods: No Allow or Public header in OPTIONS response (status code 405)
 111/tcp open rpcbind
 | rpcinfo:
 | program version port/proto service
 | 100000 2,3,4 111/tcp rpcbind
 | 100000 2,3,4 111/udp rpcbind
 | 100003 2,3,4 2049/tcp nfs
 | 100003 2,3,4 2049/udp nfs
 | 100005 1,2,3 46448/tcp mountd
 | 100005 1,2,3 52408/udp mountd
 | 100021 1,3,4 35394/udp nlockmgr
 | 100021 1,3,4 57150/tcp nlockmgr
 | 100024 1 49363/tcp status
 | 100024 1 51515/udp status
 | 100227 2,3 2049/tcp nfs_acl
 |_ 100227 2,3 2049/udp nfs_acl
 2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003)
 Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Unlike some of the earlier commands this command is very aggressive and very obtrusive. The -A simply tells nmap to perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells nmap how quickly to perform the scan. The speed template ranges from 0 for slow and stealthy to 5 for fast and obvious.

Fast Scan (no root)

 $ nmap -T4 -F
 Starting Nmap 7.30 ( ) at 2016-10-12 21:48 GMT
 Nmap scan report for
 Host is up (0.00047s latency).
 Not shown: 96 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This scan limits the scan to the most common 100 ports, if you simply want to know some potential hosts with ports open that shouldn’t be this is a quick and dirty command to use.


 $ nmap -T4 -A -v
 Starting Nmap 7.30 ( ) at 2016-10-12 21:50 GMT
 NSE: Loaded 93 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating Ping Scan at 21:50
 Scanning [2 ports]
 Completed Ping Scan at 21:50, 0.00s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 21:50
 Completed Parallel DNS resolution of 1 host. at 21:50, 0.01s elapsed
 Initiating Connect Scan at 21:50
 Scanning [1000 ports]
 Discovered open port 139/tcp on
 Discovered open port 445/tcp on
 Discovered open port 88/tcp on
 Discovered open port 631/tcp on
 Completed Connect Scan at 21:50, 5.22s elapsed (1000 total ports)
 Initiating Service scan at 21:50
 Scanning 4 services on
 Completed Service scan at 21:51, 11.00s elapsed (4 services on 1 host)
 NSE: Script scanning
 Initiating NSE at 21:51
 Completed NSE at 21:51, 12.11s elapsed
 Nmap scan report for
 Host is up (0.00026s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec Mac OS X kerberos-sec
 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 631/tcp open ipp CUPS 1.4
 | http-methods: GET HEAD OPTIONS POST PUT
 | Potentially risky methods: PUT
 | http-robots.txt: 1 disallowed entry
 Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x

By adding verbose to a majority of the commands above you get a better insight into what nmap is doing; for some scans verbosity will provide additional details that the report does not provide.
While these are 10 very useful nmap commands I am sure there are some more handy nmap examples out there. If you have one to add to this list feel free to drop it into a comment.

Performing a nMap Scan

tv crime2Internet trolls are using Tor nowadays to avoid bans by IP. However, banning Tor exit nodes is just slightly more complex. The Tor Project provides a regularly updated list of exit nodes that can access your IP here. As there may be many hundreds or even thousands of nodes, adding them to iptables can hurt your server’s network performance. Enter ipset, a user-space hash table for iptables:

# create a new set for individual IP addresses
ipset -N tor iphash
# get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
wget -q$YOUR_IP -O -|sed '/^#/d' |while read IP
  # add each IP address to the new set, silencing the warnings for IPs that have already been added
  ipset -q -A tor $IP
# filter our new set in iptables
iptables -A INPUT -m set --match-set tor src -j DROP

tv crime2

Before I start this guide, I would like to make one thing clear SIM CLONING is illegal. This tutorial should be used for educational purposes only.

First off a little introduction about SIM CARD:

Our SIM cards contain two secret codes or keys called (imsi value and ki value) which enables the operator to know the mobile number and authenticate the customer, these codes are related to our mobile numbers which the operators store in their vast database, it is based on these secret keys that enables the billing to be made to that customer.

SIM cloning extracting these two secret codes from the SIM and programme it into a new blank smart card (often known as wafer) since the operator authentication on SIM is based on these values, it enables us to fool the operators in thinking that it’s the original SIM, this authentication is a flaw with the GSM technology

Now which SIM cards can be cloned?

SIM cards are manufactured based on three algorithms COMP128v1, COMP128v2 and COMP128v3. It is important note currently only COMP128v1 version SIM cards can be cloned, since this is the only algorithm, which has been cracked, bear in mind that 70% of all the SIM cards we use are COMP128v1.

Cloning a card:

1. Buy a SIM card Reader

2. Need a Blank SIM card or super SIM card

3. Download and install MagicSIM

4. Download and install USB SIM Card Reader Software3.0.1.5

6. Go in phone tools, select SIM card, then select unlock SIM, it will prompt for a code.

7 Call network provider, they will ask for your phone number, your account info, name and security code, then they will ask why you want to unlock your SIM card, just tell them you need to unlock your SIM to get it to work with your overseas phone or something.

8. Once they give you the SIM unlock code, enter it, and it will say SIM unlocked.

9. Remove the SIM from your phone, place it in the card reader, click read from card in magic SIM the application.

10. When it displays ‘connected’, select crack SIM in the toolbar. Click strong ki and select all of the other find options and then click start.

11. Once your ki is found and the crack is finished, click file, save as and save your cracked SIM info to a file.

12. IMPORTANT!!! You must click disconnect from the file menu or you will ruin your SIM card.

Once it says disconnected, remove the SIM. Put the SIM in your phone and see if it still works, it should. (If not, either you did not unlock your SIM, or you tried to copy it instead of crack and save.)

13. Insert blank 3g card USB SIM Card Reader Software3.0.1.5, not magic SIM at this point.

14. Click connect

15. It should say ‘No Info Found’ if it is truly blank.

16. Select write to SIM, it will prompt you to select a dat file, select the one you saved earlier. Now click start, it will take about 10 minutes to write it, once it is complete, it will ask for a security code, enter the security code the network provider gave you, then click finish.

17. Your card is now cloned.

It should be noted that if you try to make two calls at the same time, one will connect; the other will say call failed, both phones will get the same messages, text and voice, and both will receive the same calls, but only one can talk at a time.




The de-facto standard in network scanning for many years has been Nmap. Nmap is universally supported by Linux and Windows alike and is free to download > Download Nmap

The only thing I have found is that there are so many commands it makes it difficult to remember what to enter, so here is a quick guide for fast scanning, Also I have created it in a PDF for easy reference > Nmap Cheat

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

Discovery Options

Perform a ping scan only —> nmap -sP [target]

Don’t ping —> nmap -PN [target]

TCP SYN Ping —> nmap -PS [target]

TCP ACK ping —-> nmap -PA [target]

UDP ping —-> nmap -PU [target]

SCTP Init Ping —> nmap -PY [target]

ICMP echo ping —-> nmap -PE [target]

ICMP Timestamp ping —> nmap -PP [target]

ICMP address mask ping —> nmap -PM [target]

IP protocol ping —-> nmap -PO [target]

ARP ping —> nmap -PR [target]

Traceroute —> nmap –traceroute [target]

Force reverse DNS resolution —> nmap -R [target]

Disable reverse DNS resolution —> nmap -n [target]

Alternative DNS lookup —> nmap –system-dns [target]

Manually specify DNS servers —> nmap –dns-servers [servers] [target]

Create a host list —-> nmap -sL [targets]

Advanced Scanning Options

TCP SYN Scan —> nmap -sS [target]

TCP connect scan —-> nmap -sT [target]

UDP scan —-> nmap -sU [target]

TCP Null scan —-> nmap -sN [target]

TCP Fin scan —> nmap -sF [target]

Xmas scan —-> nmap -sX [target]

TCP ACK scan —> nmap -sA [target]

Custom TCP scan —-> nmap –scanflags [flags] [target]

IP protocol scan —-> nmap -sO [target]

Send Raw Ethernet packets —-> nmap –send-eth [target]

Send IP packets —-> nmap –send-ip [target]

Port Scanning Options

Perform a fast scan —> nmap -F [target]

Scan specific ports —-> nmap -p [ports] [target]

Scan ports by name —-> nmap -p [port name] [target]

Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]

Scan all ports —-> nmap -p “*” [target]

Scan top ports —–> nmap –top-ports [number] [target]

Perform a sequential port scan —-> nmap -r [target]

Version Detection

Operating system detection —-> nmap -O [target]

Submit TCP/IP Fingerprints —->

Attempt to guess an unknown —-> nmap -O –osscan-guess [target]

Service version detection —-> nmap -sV [target]

Troubleshooting version scans —-> nmap -sV –version-trace [target]

Perform a RPC scan —-> nmap -sR [target]

Timing Options

Timing Templates —-> nmap -T [0-5] [target]

Set the packet TTL —-> nmap –ttl [time] [target]

Minimum of parallel connections —-> nmap –min-parallelism [number] [target]

Maximum of parallel connection —-> nmap –max-parallelism [number] [target]

Minimum host group size —–> nmap –min-hostgroup [number] [targets]

Maximum host group size —-> nmap –max-hostgroup [number] [targets]

Maximum RTT timeout —–> nmap –initial-rtt-timeout [time] [target]

Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]

Maximum retries —-> nmap –max-retries [number] [target]

Host timeout —-> nmap –host-timeout [time] [target]

Minimum Scan delay —-> nmap –scan-delay [time] [target]

Maximum scan delay —-> nmap –max-scan-delay [time] [target]

Minimum packet rate —-> nmap –min-rate [number] [target]

Maximum packet rate —-> nmap –max-rate [number] [target]

Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]

Firewall Evasion Techniques

Fragment packets —-> nmap -f [target]

Specify a specific MTU —-> nmap –mtu [MTU] [target]

Use a decoy —-> nmap -D RND: [number] [target]

Idle zombie scan —> nmap -sI [zombie] [target]

Manually specify a source port —-> nmap –source-port [port] [target]

Append random data —-> nmap –data-length [size] [target]

Randomize target scan order —-> nmap –randomize-hosts [target]

Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]

Send bad checksums —-> nmap –badsum [target]

Output Options

Save output to a text file —-> nmap -oN [scan.txt] [target]

Save output to a xml file —> nmap -oX [scan.xml] [target]

Grepable output —-> nmap -oG [scan.txt] [target]

Output all supported file types —-> nmap -oA [path/filename] [target]

Periodically display statistics —-> nmap –stats-every [time] [target]

133t output —-> nmap -oS [scan.txt] [target]

Troubleshooting and debugging

Help —> nmap -h

Display Nmap version —-> nmap -V

Verbose output —-> nmap -v [target]

Debugging —-> nmap -d [target]

Display port state reason —-> nmap –reason [target]

Only display open ports —-> nmap –open [target]

Trace packets —> nmap –packet-trace [target]

Display host networking —> nmap –iflist

Specify a network interface —> nmap -e [interface] [target]

Nmap Scripting Engine

Execute individual scripts —> nmap –script [script.nse] [target]

Execute multiple scripts —-> nmap –script [expression] [target]

Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute scripts by category —-> nmap –script [category] [target]

Execute multiple scripts categories —-> nmap –script [category1,category2, etc]

Troubleshoot scripts —-> nmap –script [script] –script-trace [target]

Update the script database —-> nmap –script-updatedb


Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]

Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]

XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]

For more excellent FREE security training visit >



tv-backtrackThis tutorial is for demonstration purposes only – Please use this knowledge responsibly

This video will show you how to create a reverse SSH connection to a server/workstation

This exploit is taking advantage of vulnerability MS08-067 using Metasploit on Kali.
This is a Kali VM attacking a Microsoft 2008 server (this will also work on any machine without the patch)

The moral of this is to update your system – Here comes Kali

Affected Software

Operating System

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2

Windows XP Service Pack 3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 1

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista and Windows Vista Service Pack 1

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems Please Note: Please ensure that you Back-up your Registry before attempting to modify it in anyway just in case you make a mistake. Here’s how:

  1. Depending on your version of Windows, do one of the following:
    • For Windows XP: Click Start > Run.
    • For Windows 7 or Vista: Click the Start button, and then click All Programs > Accessories > Run.
  2. In the Run dialog box, type the following text:


  3. Click OK.

    If the User Account Control window appears, click Continue.

  4. On the File menu, click Export.
  5. In the File name box, type a name that you will remember, such as Registry Backup.
  6. Select a location where you want to save the Registration Entries (.reg) file, I suggest your desktop.
  7. Click Save.

Ok now that has been done lets get into the real technical stuff.

Changing the Default Installation Path in Windows 7 isn’t all that difficult, we all know that our Default Installation Path is C:\Program Files but if you want to change this to another Drive so that will become the Default Path for all new program Installations you can with a few clicks in the registry editor.

Ok for X64 Version User’s this simply Copy and Paste the following into the Run Box


For X32 Version User’s Go to Start and in the Search Box type in Regedit and Hit Enter to Open the Registry Editor

Now the Registry Editor will open

  • Ok now locate the following:- HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion

Now you will see that I have marked out the ProgramFilesDir for the X32 Version and ProgramW6432Dir the X64 Version and the reason for this you will need to change both if you are running a X64 Version.

So, If you have the X32 Version of Windows then choose the ProgramFileDir x86 path by Right Clicking and then Selecting Modify.

Then simply change the Drive Letter and Path to where you want to Install your Programs then Click OK

  • For X32 Version user’s, that it for you all done!

So, If you have the X64 Version of Windows then choose and Modify both ProgramFileDir x86 and ProgramW6432Dir path by Right Clicking and then Selecting Modify.

Then simply change the Drive Letter and Path to where you want to Install your Programs then Click OK

Now if you have messed it up and when you reboot your machine you get errors, a simple way to revert back to the previous version of the registry is to:

Reboot the machine  keep tapping F8 this will take you into ‘Safe Mode’

When the desktop boots double click on the .reg file you made earlier in this tutorial and when prompted with a warnig (as below) press ‘Yes’

Reboot and now you are back to how your registry was before you started (now print this tutorial out and try again)