Monday, December 19, 2011

Use any sim in modem whithout unlocking

You Can't use any other SIM in any modem without unlocking the modem. Now you can do that It's very simple.
Step by step instruction:
1. Insert SIM in Modem(for wireless modems that connect internet using sim)(eg idea net setter,vodafone usb stick,etc)
2. Modem software will show invalid SIM, just ignore it and close modem software.
3. Start NOKIA PC suite.
4. Goto nokia pc suite connect to internet option.
5. Goto Configure. Select your data card modem,and make all operator apn settingas like when we use nokia mobile connection.
6. Finish set up.
7. Now connect to internet through PC suite
8. Now see your net is connected without unlocking the modem enjoy for Any problems ask in comments

Saturday, December 17, 2011

Best hacking books and other materials

Today i am gonna give you my another collection of hacking Ebooks so that you can learn it
1)Its pretty popular book may be you have read it, it was released it 2008 yes its pretty old but best for newbies  still its nice book i think ankit fadia learnd form it lolx . good thing is it has COUNTERMEASURES that will help you to increase security
BOOK info


The Hackers Underground Handbook | 2.5 MB 116 pages | PDF

The Hackers Underground Handbook will guide you through password hacking, windows hacking, malware, phising, web hacking, network hacking and Linux (intro, installation, etc). All this material fully packed with images, thus being a top step-by-step guide, on the course of which you cannot fail. The HackerΓΓé¼Γäós Underground Handbook which contains information unknown to 99.9% of the world will teach you the hackers ways.
A great starting book which will guide you in the right direction, helping you understand the basic concepts of computer security and matters that you should take in consideration.

How will the skills uncovered in this handbook affect me?

- You will learn all the hackers underground tricks and learn to apply them in real world situations.
- You will be put into a hackers mindset and learn to think like one.
- By Learning how a hacker thinks and acts, you will be able to protect yourself from future hack attacks.
- You will aquire knowledge nonexistant to 99.9% of the people in the world!
- This Underground handbook may get you interested in pursuing a career as an Ethical Hacker.

CONTENTS
A. Introduction
1. How can I use this eBook?
2. What is a hacker
3. Hacker Hierarchy
4. What does it take to become a hacker?
5. Disclaimer

B. Programming
1. Do I really need it?
2. Where should I start?
3. Best way to learn

C. Linux
1. What is it?
2. Choosing a distribution
3. Running Linux
4. Learning Linux

D. Passwords
1. Password Cracking
2. Phishing
3. Countermeasures
4. More Programs

E. Network Hacking
1. Foot printing
2. Port Scanning
3. Banner Grabbing
4. Searching for Vulnerabilities
5. Penetrating
6. Countermeasures

F. Wireless Hacking
1. Scanning for Wireless Networks
2. Cracking WEP
3. Packet Sniffing
4. Countermeasures

G. Windows Hacking
1. NetBIOS
2. Cracking Windows Passwords
3. Countermeasures

H. Malware
1. Definitions
2. ProRat
3. Countermeasures

I. Web Hacking
1. Cross Site Scripting
2. Remote File Inclusion
3. Local File Inclusion

J. Conclusion
Download NOW



2)CEH the worlds best ethical hacking training company, its sildes
go here for CEH ver7 =>> DOWNLOAD 
go here for Certified Ethical Hacker V6 training-dvds(CEH v6 CBT) =>>download

3)CBT Nuggets [CEH] Certified Ethical Hacker [2010]
Go here =>> DOWNLOAD 

just now in hurry i will bring update

Create your own facebook App for pages

hi guys today there are lots of good things going on we have 10,000 pageviews and we have a new friend blackbox. and today is my birthday. :))
So how to get that coool apps that we see on big companies pages for FREE here is the solution

1st Goto iwipa app page =>>from here 

2nd select click here to install it at the bottom of page then when page reloads click on same type of button I.E. click here to install it for free.

3rd then it will take to a page where you can select your page after selection of page let it reload and then click.
Add Iwipa Website:HTML+Iframe+FBML  
4th then follow screen shots and now get your own app for your own page play around with it, its a good utility for those who dont know coding and other things.
here is my page app check it out =>>go here
and YOU have members, comments,etc lots of other features

screenshots




















Any problems ask in comments

NSS Labs claims Chrome-Firefox security report to be bogus

A report by Accuvant, according to which Chrome was the most secure browser ,ahead of Internet Explorer and Firefox. NSS Labs , another securityresearching and testing firm has put out a report that states that the Accuvant report was paid for by Google and the tests were completed back in July 2011.The report comes out soon after Google’scontract with Mozilla for the search bar in Firefox expired in November. NSS says that the report was biased because there is a possibility that Google influenced the kind of tests that were used to test the three products - Chrome, Internet Explorer and Firefox. Tests for features in Firefox were not highlighted - frame poisoning is one suchexample stated.
NSS Labs monitored an 11-day period, starting from the 22nd of November and went on till the 2nd of December. It noticed that there was an increase in protection against malware from 8 percent to 40 percent. Firefox and Safari saw a drop of 2 percent, in comparison during the same period. NSSLabs has made it clear that their testing and research, which is in progress is independent. There were some key points that NSS Labs emphasised on - the number of updates brought out, means there are issues with the browser. The malware lists and sampleswere from the public domain and are not the ideal ones to use. So use firefox

Friday, December 16, 2011

Windows Firewall!


******************** How To Use Windows Firewall? ************************


1. Make sure Windows Firewall is [Enable] on your Computer


2. Install Windows Firewall Control (Outbound)


3. Drag and Drop Sound files into path: C:\Program Files\WindowsFirewallControl


4. Network.wfw file is a Router Network firewall Policy for Windows Firewall, you need to Import Policy


Control Panel\Windows Firewall\Advanced Settings


5. Find Inbound Rules and edit the Network blocking rule


6. Change Scope 192.168.1.4 - 192.168.1.24


Note: This will block all Computers on Router from range!!!!!!



Done!




------------------ If you use the Public WIFI's including Coffee Shops? ------------------------


1. Windows Firewall

2. Click reset defaults

3. Click Allow a program or feature through Windows Firewall

4. Disable File Sharing and other stuff


DONE!




Home User Public Network:

1. Disable File Sharing *
2. Blocking Any Programs use Windows Firewall *
3. Install Windows Firewall Control (Sealed Outbound) *




Home User Private Network:

1. Enable File Sharing * (Network.wfw)
2. Allow Or Block Any Programs use Windows Firewall *
3. Install Windows Firewall Control (Sealed Outbound) *




Network Monitoring Or Spying:

1. Enable File Sharing *
2. Allowing Any Programs use Windows Firewall *
3. Install Windows Firewall Control (Sealed Outbound) *


Full Windows Firewall Pack:
Download:http://www.mediafire.com/?93kr2mg8m9ne37n

Remote Firewall Scanner


Uploaded by on Dec 2, 2011

Remote Firewall Scanner is a Program that can test firewalls for leaks remotely on any Network, It also has a built in Telnet Scanner for Monitoring and controlling PC's. Compatible with Windows 7 and any older versions of Windows.

Program Features:

1. Telnet Scanner *
2. IP Scanner *
3. Remote Firewall Leak Tester *
4. Remote Telnet Monitoring *
5. Easy To Use *
6. Very Fast
7. Test Any Firewall (Scan rubbish Firewalls) *
8. Helps Seal All Network Computers Behind Router *
9. Better Screen Designs *
10. 100% FREWARE
11. Very Small Security Audit Program *
12. Remote Admin Tool Client *
13. Network Logs (Network Auditing) *
14. Beep Sound (Firewall Leak Warning) *


Windows 7 Version

Download Source: http://www.mediafire.com/?ece1qipmi9b4mnx

Windows XP Version RFS (1.0)

Download Source: https://sites.google.com/site/adefhg/home/script-cabinet/RemoteFirewallScanner.zip

Wednesday, December 14, 2011

Hacking wave in wrong direction

Bros today every body is proving themselves in some or the other way. on one side pakistani hackers hack indian and other US sites and on other side indian hackers like lucky and indishell hack pakistani sites. people love to see hacked site they just love it like anything. thats why thehackernews type of websites are getting more attention and they are doing good by providing information and alerting peoples. but that also creates some negative thinking in peoples mind due to different nationalities.and there is a wild uproar of script kiddys today they think that they can hack sites by just SCANNING AND LEARNING from other websites/blogs its not that fucking easy (sorry for language). so a good request to them that they should study now and then make use of their study to learn hacking by themselves. do you know what is hacking its not like a guy sitting with a big screen pc eating pizzas and defacing FBI websites lol thats pretty old.hacking is curiosity to do something new its the attitude that i want to do some thing . so now i think some or might all script kiddys will study that how computers work and how programs work. and some times exploit writers put some unwanted codes in their script to keep it unusable to script kiddys. so now do HAPPY HACKING.

Top 5 hot SeCuRiTy JObs in 2012

Top 5 Hot Security Jobs in 2012 for Hackers

Information security is one of those rare fields - it has more job openings than people to fill them. Dice.com, the largest IT job site, confirms this job growth and indicates a 79 percent increase in the total number of information security jobs posted on the site from September 2009 to September 2011.


Based on a review of job postings, here are the five hottest jobs for information security pros in 2012:

Security Analyst


Employers have posted 42 percent more security analyst jobs on Dice in September 2011 than in 2010. This is no surprise, especially when employment among information security analysts soared by 16 percent this year during the second quarter, with the Bureau of Labor reporting no unemployment during the first two quarters of 2011. (see Infosec Joblessness Remains Steady, at 0%).
John Reed, executive director at Robert Half Technology, an IT staffing firm, attributes the high growth to organizations becoming more security aware in light of cyber crimes, and needing hands-on IT security folks to uncover new vulnerabilities in order to keep their environment secure.

"These are individuals on the front lines of security, fighting the fight everyday, and as such are critical for organizations to have," he says.

BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure, as well as respond to computer security breaches and viruses.

Average Salary: $84,000 for a security analyst position.


Who's Hiring: Demand is high with federal government, state agencies, defense contractors and healthcare organizations.


Security Architect

Forty percent more jobs are posted on Dice this year. The move to mobile, wireless and cloud services by organizations has created a huge demand for this position, says Mano Paul, (ISC)2 software assurance adviser. These services are pushing the need for a "new breed of architects and business- savvy leaders who understand business requirements, and can translate them into functional specifications without compromising on the assurance aspects," he says.
Dice.com defines a security architect as a professional who designs systems, databases, infrastructure and networks to be secure. They provide information security solutions to the architecture of an enterprise ensuring the security of business information at every point.


Average Salary: $120,000 for a security architect position.

Who's Hiring: Large financial institutions, healthcare organizations, technology companies and cloud providers.

Application Security

Thirty-three percent more jobs are posted on Dice in application security this year. The increased focus on customer-facing technologies, use of mobile applications, need for secure software and products within organizations and transitions to electronic health records have led to the demand for these jobs.

"High incidences of application attacks, data breaches and applications that are conduits to the data, combined with surge in tech businesses, is pushing growth for qualified professionals," Paul says.

The Open Web Application Security Project, a not-for-profit organization focused on improving the security of application software, defines application security professionals as those that use software and security methods to protect applications from external threats and vulnerabilities. They are largely involved in building security measures into an application's life cycle including design, development, deployment, upgrade or maintenance.

Average Salary: $93,000 for an application security position.


Who's Hiring: Online companies, technology firms, cloud providers and security vendors.
Security Engineer

Employers have posted 27 percent more security engineer jobs on Dice this year. This field is hot because the role is broad and covers areas from penetration testing, vulnerability assessments, programming, designing systems to testing software. "It's not like a painting on the wall that you hang up and it's done. Organizations need constant assessment of their risk and vulnerabilities, and therefore require such breadth of expertise," Reed says.

BLS defines security engineers as those who securely design, develop, test and evaluate computer applications and system software. Although programmers write and support programs in new languages, much of the design, security and development are the responsibility of security engineers. They also focus in developing algorithms, and analyzing and solving programming problems for specific network systems.

Average Salary: $94,000 for a security engineer position.


Who's Hiring: This position is in demand in all sectors, including government, healthcare, finance, in addition to online and technology companies.


Network Security

Twenty-five percent more jobs are posted on Dice within network security this year. Of the 100 jobs that make Money magazine's and Payscale.com's list, network security was ranked number eight last year as one of the most desirable job positions, carrying an annualized 10-year forecast growth of 27 percent.

"Network security continues to be a pain point for companies," says Alice Hill, managing director of Dice.com. She finds that organizations continue to prioritize investing in these professionals to protect critical infrastructure and keep their technology platforms safe from ongoing cyber threats like malware and hacking. Further, she says that the growing use of sophisticated computer networks, including Internet and intranet sites, and the need for faster, more efficient networking products, are increasing the demand for these professionals.

BLS defines network security as those who design and evaluate network systems, such as local area networks, wide area networks and Internet systems. They perform network modeling, analysis, and planning, that deals with the interfacing of computer and communications equipment. Their primary focus is in protecting the computer systems in the network from unwanted intrusions, misuse, access or modifications.


Average Salary: $93,000 for a network security engineer position.

Who's Hiring: An increased demand is coming from government agencies, healthcare organizations, consulting companies and defense contractors.

Editors Note: Salaries cited in the story came from salary tracking websites Indeed.com and Payscale.com.


Any problems ask in comments

Saturday, December 10, 2011

Best Hacking and penetration testing E-books

HI guys wassup guess what i have a super awesome book on web applications hacking and attacking here is the info of the book its the second editon and released just now before 1 months i found it from torrent and reading just now its no doubt the  best of all.

BOOK INFO
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

Publisher: Wiley; 2 Edition
Dafydd Stuttard in 2011
ENGLISH
ISBN: 1118026470
PDF
912 pages
13.5 MB

>>Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.
Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition
Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more
Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks
Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws.now all you have to do is download it and start researching and hacking it 

WAIT WAIT 
first see the contents of the boook
Chapter 1 Web Application (In)security 
Chapter 2 Core Defense Mechanisms 
Chapter 3 Web Application Technologies 
Chapter 4 Mapping the Application
Chapter 5 Bypassing Client-Side Controls 
Chapter 6 Attacking Authentication 
Chapter 7 Attacking Session Management 
Chapter 8 Attacking Access Controls 
Chapter 9 Attacking Data Stores 
Chapter 10 Attacking Back-End Components 
Chapter 11 Attacking Application Logic 
Chapter 12 Attacking Users: Cross-Site Scripting 
Chapter 13 Attacking Users: Other Techniques 
Chapter 14 Automating Customized Attacks 
Chapter 15 Exploiting Information Disclosure 
Chapter 16 Attacking Native Compiled Applications 
Chapter 17 Attacking Application Architecture 
Chapter 18 Attacking the Application Server 
Chapter 19 Finding Vulnerabilities in Source Code 
Chapter 20 A Web Application Hacker’s Toolkit 
Chapter 21 A Web Application Hacker’s Methodology 

THE cover is also good looking 

DOWNLOAD FROM HERE

UPDATE
again new books now i will update all books here only

2) EC council computer forensics- Investigationg network
this book is damn serious as the name suggests FORENSICS lol but a must read good book by EC council and it has almost all topics covered about network and lots lots lots of tooools are mentioned in it so you can do a google search and get them.

BOOK INFO

Computer Forensics: Investigating Network Intrusions and Cyber Crime By EC-Council
Publisher: Course Technology 2010 | 394 Pages | ISBN: 1435483529 | PDF + EPUB | 30.0 MB

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law. Network Intrusions and Cybercrime includes a discussion of tools used in investigations as well as information on investigating network traffic, web attacks, DOS attacks, Corporate Espionage and much more!                
 and a goood cover too, DOWNLOAD

picture



3) Next is Basics of penetration testing and hacking a good book for beginners it also teaches meaning of penetration testing. and small in size, easy to understand and if you want to learn penetration testing and hacking basics in linux then this book is must read..... it also teaches backtrack linux and its basics 

BOOK INFO 
The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. No prior hacking experience is needed. You learn how to properly utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, Hacker Defender rootkit, and more. A simple and clean explanation of how to effectively utilize these tools as well as the introduction to a four-step methodology for conducting a penetration test or hack, will provide you with know-how required to jump start your career or gain a better understanding of offensive security. The book serves as an introduction to penetration testing and hacking and will provide you with a solid foundation of knowledge. After completing the book readers will be prepared to take on in-depth and advanced topics in hacking and penetration testing. The book walks through each of the steps and tools in a structured, orderly manner allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases relate.

Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases
Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University
Utilizes the Backtrack Linux distribution and focuses on the seminal tools required to complete a penetration test
Review
Have you heard of penetration testing but have no idea what it entails?  This is the perfect book to get you started,  easy to read, does not assume prior knowledge, and is up-to-date.  I strongly recommend this latest work.-Jared DeMott, Principle Security Researcher, Crucial Security, Inc.

Book Details
Paperback: 180 pages
Publisher: Syngress (August 2011)
Language: English
ISBN-10: 1597496553
ISBN-13: 978-1597496551  what are you waiting for DOWNLOAD

4) whos next ok its NINJA hacking lol you heard right ninja hacking the author claims that the book shows how modern day hackers are like older ninjas but still the comparison and techniques discussed in it are really good and useful 

BOOK INFO 
Ever thought of using the time-tested tactics and techniques of the ancient ninja to understand the mind of today's ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company's assets. Get in before the hacker does with these unorthodox techniques. Use all of the tools that the ninja has: disguise, espionage, stealth, and concealment. Learn how to benefit from these tools by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don't you want to be a ninja for a day just because they're cool? Let this book be your excuse!
 * Discusses techniques used by malicious attackers in real-world situations
 * Details unorthodox penetration testing techniques by getting inside the mind of a ninja
 * Expands upon current penetration testing methodologies including new tactics for hardware and physical


# Paperback: 376 pages
# Publisher: Syngress (September 24, 2010)
# Language: English
# ISBN-10: 1597495883
# ISBN-13: 978-1597495882     
       
 Cover is also good  DOWNLOAD 



















5)now we have everybodys favourite BACKTRACK 5 penetration testing.nice book no comments just simply awesome 

BOOK INFO 
Written in Packt's Beginner's Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

Product Details
    Paperback: 220 pages
    Publisher: Packt Publishing (September 9, 2011)
    Language: English
    ISBN-10: 1849515581
    ISBN-13: 978-1849515580
    Product Dimensions: 9.1 x 7.4 x 0.9 inches
    Shipping Weight: 1 pounds (View shipping rates and policies)
    Average Customer Review: 5.0 out of 5 stars  See all reviews (6 customer reviews)
    Amazon Best Sellers Rank: #7,283 in Books (See Top 100 in Books)           

but i didnt like the cover means WTF like you put a dry twigs in a backtrack penetration testing book really sad that they are not getting good covers lol 

dont click on the book go here to DOWNLOAD 

now wait for sometime i will post new ones till you get bored with these ones 



Tuesday, December 6, 2011

Best security extensions for chrome

hi guys today i will give you some security extensions which will help you a lot
1)Hide My ass
its the best elite proxy and with its extension you can just proxy your site in a second and be anoynymous download from here
2)Disconnect
If you are tired of facebook tracking and other websites tracking you then this is for you.
here is discription

Stop third parties and search engines from tracking the webpages you go to and searches you do.
If you’re a typical web user, you’re unintentionally sending your browsing and search history with your name and other personal information to third parties and search engines whenever you’re online.

Take control of the data you share with Disconnect!

From the developer of the top-10-rated Facebook Disconnect extension, Disconnect lets you:

• Disable tracking by third parties like Digg, Facebook, Google, Twitter, and Yahoo, without requiring any setup or significantly degrading the usability of the web.

• Truly depersonalize searches on search engines like Google and Yahoo (by blocking identifying cookies not just changing the appearance of results pages), while staying logged into other services — e.g., so you can search anonymously on Google and access iGoogle at once.

• See how many resource and cookie requests are blocked, in real time.

• Easily unblock services, by clicking the toolbar button then services (and reloading current pages) — e.g., so you can play games on Facebook.
get it from here

3)Edit this cookie
Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies!
Inspired by the lack of a good cookie manager in google chrome i developed this small simple and extremely useful extension, that let's you perform anything you might actually need to do with cookies

This extension lets you:
   Delete all cookies in a page
   Delete only the chosen cookie on a page
   Edit any cookie
   Add a new cookie
   Search a cookie
   Protect a cookie (read-only)
   Block cookies (cookie filter)

4)tamper mokey 
love grease monkey on firefox then tempermonkey is its chrome version.
Greasemonkey compatible script manager for Chrome.
Tampermonkey is a userscript manager for Google Chrome and Chromium Browser. 

Beneath of other tags, functions and features the following ones are supported:
- full unsafeWindow access
- iframe support
- all GM_* functions including:
  * GM_registerMenuCommand
  * GM_xmlhttpRequest with cross domain support
  * GM_getResourceText
  * GM_getResourceURL
  * GM_notification
- the tags:
  * @resource and
  * @require
  * ...
- search scripts from userscripts.org by URL with TamperFire (GreaseFire clone)
download from here
5)HTTP headers  


 its cool extension for watching http response headers download from here


Any problems ask in comments

Saturday, December 3, 2011

Rooting your Android phone-2(almost all phones included)

today i found in xda-developers that they have new version of Superoneclick short fuse
 SuperOneClick updated to v2.2



The program requires Microsoft .NET Framework 2.0+ or Mono v1.2.6+
Operations systems with native support:
Windows Vista
Windows 7
Ubuntu Hardy (8.04 LTS)
Ubuntu Jaunty (9.04)
Ubuntu Karmic (9.10)
Ubuntu Lucid (10.04 LTS)
Ubuntu Maverick (10.10)
Debian Lenny (5.0)
Debian Squeeze (testing)
Debian Sid (unstable)
Debian Experimental

If you run Microsoft Windows XP, install .NET Framework v2.0 or above
If you run Mac or another Linux flavor, make sure you install Mono:
http://www.go-mono.com/mono-downloads/download.html

You NEED to put your phone on USB Debugging mode
You NEED to install make sure the Android drivers for your phone are installed
Make sure you DO NOT mount your SD card. 
If you still can't get something to run, try doing it in recovery mode.
every problem of last version are fixed so just connect phone root enjoy 


Compatibility list 
Please note that if you device is not listed here, it doesn't automatically make it incompatible. The list is definitely incomplete.
Acer Liquid Metal
Dell Streak
HTC Magic (Sapphire) 32B
HTC Bee
LG Ally
Motorola Atrix4G
Motorola Charm
Motorola Cliq
Motorola Droid
Motorola Flipside
Motorola Flipout
Motorola Milestone
Nexus One
Samsung Captivate
Samsung Galaxy 551 (GT-I5510)
Samsung Galaxy Portal/Spica I5700
Samsung Galaxy S 4G
Samsung Galaxy S I9000
Samsung Galaxy S SCH-I500
Samsung Galaxy Tab
Samsung Transform M920
Samsung Vibrant
Sony Ericsson Xperia E51i X8
Sony Ericsson Xperia X10
Sprint Hero
Telus Fascinate
Toshiba Folio 100

Incompatibility list

Saturday, November 19, 2011

Acunetix WVS Enterprise Version 7 CRACKED


New Security Check

>Added a security check for the latest OpenX OFC file upload vulnerability
>Added a ASP.NET security check for the ASP.NET padding Oracle vulnerability
Improvements:
>Reduced the number of false positives for Blind SQL injections security checks
>Improved Blind SQL injection tests by adding a number of new tests to detect blind SQL injections in UPDATE/INSERT/…

Which Vulnerabilities does Acunetix WVS Check for?
Acunetix WVS automatically checks for the following vulnerabilities among others:
Version Check
Vulnerable Web Servers
Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.
Web Server Configuration Checks
Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
Verify Web Server Technologies
Parameter Manipulation

Cross-Site Scripting (XSS) – over 40 different XSS variations are tested.
Path Disclosure (Unix and Windows)
Cookie Manipulation
Arbitrary File creation (AcuSensor Technology)
Arbitrary File deletion (AcuSensor Technology)
Email Injection (AcuSensor Technology)
File Tampering (AcuSensor Technology)
MultiRequest Parameter Manipulation
Blind SQL/XPath Injection
File Checks
Cross Site Scripting in URI
Checks for Script Errors
File Uploads
Directory Checks
Looks for Common Files (such as logs, traces, CVS)
Discover Sensitive Files/Directories
Discovers Directories with Weak Permissions
Cross Site Scripting in Path and PHPSESSID Session Fixation.
Web Applications
HTTP Verb Tampering
Text Search
Directory Listings
Source Code Disclosure
Check for Common Files
Check for Email Addresses
Microsoft Office Possible Sensitive Information
Local Path Disclosure
Error Messages
Trojan shell scripts (such as popular PHP shell scripts like r57shell, c99shell etc)
Weak Passwords
Over 1200 GHDB Search Entries in the Database
Port scans the web server and obtains a list of open ports with banners
Performs complex network level vulnerability checks on open ports such as:
DNS Server vulnerabilities (Open zone transfer, Open recursion, cache poisoning)
FTP server checks (list of writable FTP directories, weak FTP passwords, anonymous access allowed)
Security and configuration checks for badly configured proxy servers
Checks for weak SNMP community strings and weak SSL cyphers
and many other network level vulnerability checks!
Other web vulnerability checks
Cross-site request forgery (CSRF)
Other vulnerability tests may also be peformed using the advanced penertation testing tools provided, including:
Input Validation (also performed automatically)
Authentication attacks (also performed automatically)
Buffer overflows
Blind SQL injection (also performed automatically)
Sub domain scanning
 ENJOY vulnerablities scanning 

Download it from here http://www.mediafire.com/?6no8ss9951v6y78 direct link and resume support

Tuesday, November 15, 2011

Uniscan vulnerablity scanner download and installing

Installing uniscan web scanner and vulnerability system
Installing uniscan web scanner and vulnerability system
BACKGROUND
The uniscan tool is a web server vulnerability scanner tool that was developed using the Perl language. More information about the uniscan tool can be found at http://www.uniscan.com.br/index.html/ . The Administrator or pen tester can use this tool the test the following vulnerabilities:
- Remote File Include (RF)
- Local File Include (LFI)
- Remote Command Execution (RCE)
- Cross-Site Scripting (XSS)
- SQL Injections
- Blind SQL Injections
The tool require the installation of some Perl modules.
The tool was created by:
Name: Douglas Poerschke Rocha
Uniscan Dev.
E-mail: team@uniscan.com.br
Name: Roberlei Martins Vieira
Webmaster
E-mail: roberlei@uniscan.com.br
OPERATING SYSTEM
The tool was installed and tested in the following Operating System (OS):
Distributor ID: Ubuntu
Description: Ubuntu 11.04
Release: 11.04
Codename: natty
INSTRUCTIONS
Before downloading and installing uniscan, i have downloadedthe following Perl modules from you command line:
root@rjcrystal$ sudo perl -MCPAN -e 'install Moose'
root@rjcrystal$ sudo perl -MCPAN -e 'install threads'
root@rjcrystal$ sudo perl -MCPAN -e 'install threads::shared'
root@rjcrystal$ sudo perl -MCPAN -e 'install thread::Queue'
root@rjcrystal$ sudo perl -MCPAN -e 'install HTTP::Response'
root@rjcrystal$ sudo perl -MCPAN -e 'install HTTP::Request'
root@rjcrystal$ sudo perl -MCPAN -e 'install LWP::UserAgent'
root@rjcrystal$ sudo perl -MCPAN -e 'install Net::SSLeay'
root@rjcrystal$ sudo perl -MCPAN -e 'install Getopt::Std'
root@rjcrystal$ sudo perl -MCPAN -e 'install YAML'
Press ENTER
OR you can use the Perlmod to download these modules all at once by typing:
root@rjcrystal$ sudo perlmod –i Moosethreads threads::shared thread::Queue HTTP::Response HTTP::Request LWP::UserAgent Net::SSLeay Getopt::Std YAML
If some modules already installed by default, you can press [n] for not installing them.

You will also need the ssleay-perl libnet module installed in your Ubuntu. If you try to download the module from CPAN it will generate anerror. For that purpose download the library using the following command:
root@rjcrystal$ sudo apt-get install libnet-ssleay-perl
Download the current version of uniscan tool:
http://sourceforge.net/projects/uniscan/files/4.3/uniscan-code.tar.gz/download/

Then extract the downloaded file:
root@rjcrystal$ sudo tar -xvzf uniscan-code.tar.gz
root@rjcrystal$ cd uniscan-code/
root@rjcrystal$ sudo./uniscan.pl
###############################
# Uniscan project #
# http://www.uniscan.com.br/#
###############################
V. 4.3
OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url's
-b Uniscan go to background
-q Disable Directory checks
-w Disable File checks
-e Disable Backup file checks
-r Disable RFI checks by Crawler
-t Disable LFI checks by Crawler
-y Disable RCE checks by Crawler
-i Disable SQL checks by Crawler
-o Disable XSS checks by Crawler
-p Disable static RFI checks
-a Disable static LFI checks
-s Disable static RCE checks
-d Disable /robots.txt check
-g Disable PUT method check
-j Not show e-mails found by Crawler
Option -u or -f is required, all others no.
usage:
[1] perl ./uniscan.pl -u http://www.example.com/
[2] perl ./uniscan.pl -f /home/user/file.txt -b
[3] perl ./uniscan.pl -u https://www.example.com

Monday, November 14, 2011

Post animated pictures on facebook

today many people are asking how to make this animated pic ans is simple lol goto notes www.facebook.com/notes  then write a new note with some head and body then we will insert an imge tag to it which has our image link. we cant upload gif images(this is not true you can if you are facebook app developer like facebook art) yes one can do it but its hard.so we will find a ready made facebook uploaded image go here  right click image and seclect view source or inspect element for chrome then post that image link like this here are some links use them to post and impress your friends actually thing is facebook art is an app that has ability to upload .jpg animations 
here are some more examples

<img src="http://photos-e.ak.fbcdn.net/photos-ak-snc1/v33382/1394/113/01AweCZo9oxVwA79IOAAD3T3Uf4UY:.mp3">






Saturday, November 12, 2011

Cookie-based SQL Injection


Did you say a “Cookie” ?

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.

Where can I find my cookies?

Here is one way to get your stored cookies using your browser. This method is applied for Mozilla FireFox:
From the Tools menu, select Options.
>If the menu bar is hidden, press Alt to make it visible.
At the top of the window that appears, click Privacy.
>To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:
>To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
>To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
>To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
>To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.
Click OK until you return to the Firefox window.
To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.

Are you talking about a Cookie Poisoning-like attack?

Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.
Cookie variables as a vector of SQL Injections:
SQL injection overview
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.
Injecting malicious code in cookie:
Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.
function is_user($user) {
global $prefix, $db, $user_prefix;
if(!is_array($user)) {
        $user = base64_decode($user);
        $user = explode(“:”, $user);
$uid = “$user[0]“;
$pwd = “$user[2]“;
} else {
$uid = “$user[0]“;
$pwd = “$user[2]“;
}
if ($uid != “” AND $pwd != “”) {
    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$pass = $row[user_password];
if($pass == $pwd && $pass != “”) {
return 1;
}
}
return 0;
}
The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:
 SELECT user_password FROM nk_users WHERE user_id=’12345 UNION SELECT ‘mypass’
This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?
There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. For
example, ‘;‘ and ‘,‘ are typically treated as delimiters, so they end the injection if they aren’t URL-encoded.

Limitations of  Web Application Vulnerability Scanners:
Web application vulnerability scanners are not always capable of detecting all of the vulnerabilities and attack vectors that exist.  In consequence, they may assert numerous false-negatives and false-positives. These were some of the results of a study named: “Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners” hold during the OWASP APPSEC DC 2010. The tests were based on many professional scanners:  Burp suite professional, Acunetix, Wapiti, Grendel-Scan, W3af, N-Stalker, CENZIC, netsparker.

As far as cookie variable’s injection is concerned, only 6,3% of the web application Vulnerability scanners had detected the implemented SQL injection vulnerabilities.
This rate looks like emphasize that the cookie vector is neglected when testing against SQL injections. Also, it’s very low comparing to percentage of the detection of SQL injection in Form Inputs (59,7%).

Conclusion
Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.try it and hack the system 

Twitter Delicious Facebook Digg Stumbleupon Favorites More