Despite countless WikiLeaks copycats popping up since the secret-spilling site first dumped its cache of State Department cables last year, the new generation of leaking sites has produced few WikiLeaks-sized scoops. So instead of waiting for insider whistleblowers, the hacker movement Anonymous hopes that a few outside intruders might start the leaks flowing.
Earlier this week members of
Thursday 30 June 2011
Mobius Forensic Toolkit
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
Source: http://freshmeat.net/projects/mobiusft
Source: http://freshmeat.net/projects/mobiusft
The Android boot process from power on
Since mobile platforms and embedded systems has some differences compared to Desktop systems in how they initially start up and boot this post will discuss the initial boot stages of an Android phone in some detail. Since we have used the Beagle Board as reference in some previous examples any specifics here are related to a similar system.
1. Power on and boot ROM code execution
At power
1. Power on and boot ROM code execution
At power
Howto: Root Samsung Galaxy Tab 10.1 and Install Ubuntu on it. [Windows]
Actually I haven't tried it yet 'cause I will got my Galaxy Tab in the middle of July but I want post this for my note. ( If you want to see the picture in every steps or detail please go to the Source.)
1. Root the Tab
1.1 Get the Tab into Downloader Mode
- hold down the Power button to start the device
- while you are holding down the Power button, you should see the Samsung
1. Root the Tab
1.1 Get the Tab into Downloader Mode
- hold down the Power button to start the device
- while you are holding down the Power button, you should see the Samsung
Android app. for my site.
Now I create android app for feed my blog with AppYet. So if you have android device and want to feed my blog, try to install it.
Thank you
Download Link: http://www.wupload.com/file/39325441/com.rtsecblog.apk
Thank you
Download Link: http://www.wupload.com/file/39325441/com.rtsecblog.apk
Wednesday 29 June 2011
Sony PSN Breach Infographic
Infographic by Veracode Application Security
Source: http://www.veracode.com/resources/sony-psn-infographic
Source: http://www.veracode.com/resources/sony-psn-infographic
Tuesday 28 June 2011
Please donate me.
Now I create the donate button in the right side, if you want to donate me for help my volitation, please donate me.
My country is in the APAC countries group that make me can't create "Donation Button" from paypal.com directly. So I tried to create the donate button with "Buy Now Button" from paypal.com and edit the picture and price options with 3 options(1,2,3).
So if you like my blog and
My country is in the APAC countries group that make me can't create "Donation Button" from paypal.com directly. So I tried to create the donate button with "Buy Now Button" from paypal.com and edit the picture and price options with 3 options(1,2,3).
So if you like my blog and
Tip: Beginner tutorial for SQL Injection by p00l_b0y
I received this tutorial link from my twitter. And it's say p00l_b0y is writer. After I read it, I like it 'cause it's easy to read and easy to understand.
View: http://pastebin.com/FquhJkmA
Download: http://www.wupload.com/file/36436006/Beginners_tutorial_for_SQL_Injection_written_by_p00l.docx
View: http://pastebin.com/FquhJkmA
Download: http://www.wupload.com/file/36436006/Beginners_tutorial_for_SQL_Injection_written_by_p00l.docx
Sunday 26 June 2011
Did LulzSec expose your (friend) passwords?
After LulzSec released many many information of username,password, I found some post that interesting and share it here. So find with your username.
So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/
So then I began to wonder, If I was on that list, who else I knew may have been on it.
So I decided
So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/
So then I began to wonder, If I was on that list, who else I knew may have been on it.
So I decided
AnonOps Shell List Leaked
I don't want to explain anything about it, please take a look by yourself.
View: http://pastebin.com/ZDyb4UM5
Download: http://www.wupload.com/file/34529452/AnonOps_Shell_List_Leaked.docx
View: http://pastebin.com/ZDyb4UM5
Download: http://www.wupload.com/file/34529452/AnonOps_Shell_List_Leaked.docx
AES encryption on your gmail message with Encipher It
If you want to encrypt your Gmail, try Encipher It.
Source: https://encipher.it/
Source: https://encipher.it/
Saturday 25 June 2011
Proof-Of-Concept: Session Hijacking Facebook account with Wireshark and Tamper Data
This post is my video about PoC. session hijacking Facebook Account with Wireshark and Tamper data tool.
* c_user is user id.(I Think).
* xs is authentication token.
Now take a look in my video, how to session hijacking it.
* c_user is user id.(I Think).
* xs is authentication token.
Now take a look in my video, how to session hijacking it.
Howto: Output From Metasploit Console
HD Moore Blog:
the Metasploit Framework Console is a great interface for getting things done quickly, but so far, has been missing the capability to save command and module output to a file. We have a lot of small hacks that makes this possible for certain commands, such as the "-o" parameter to db_hosts and friends, but this didn't solve the issue of module output or general console logs.
the Metasploit Framework Console is a great interface for getting things done quickly, but so far, has been missing the capability to save command and module output to a file. We have a lot of small hacks that makes this possible for certain commands, such as the "-o" parameter to db_hosts and friends, but this didn't solve the issue of module output or general console logs.
CNET Hacker Chart
Chart of information security news from CNET. Try it with yourself.
Source: https://spreadsheets.google.com/spreadsheet/ccc?key=0Apf9SIxJ8Cm_dGxuNUJjbmM5LU40bVdWaFBVcTZPN3c&hl=en_US&single=true&gid=0&range=A2:J51&output=html
Source: https://spreadsheets.google.com/spreadsheet/ccc?key=0Apf9SIxJ8Cm_dGxuNUJjbmM5LU40bVdWaFBVcTZPN3c&hl=en_US&single=true&gid=0&range=A2:J51&output=html
Wednesday 22 June 2011
SSL Analyzer: Scan SSL Of Website.
Comodo announced the Beta release of its SSL Analyzer, a free web site scanning tool which provides an instant summary of web server security levels.
After typing a domain name into the search box, the SSL Analyzer will visit the specified domain and present fast, comprehensive information about the SSL Certificate and web server software.
This includes the validation level of the
After typing a domain name into the search box, the SSL Analyzer will visit the specified domain and present fast, comprehensive information about the SSL Certificate and web server software.
This includes the validation level of the
Do you want to be Anonymous? Try this
I have receive this tweet and I think it's so cool for who want to be anonymous. Try it, I think you will like it.!! (If you want to read all detail or for OSX or another technique for hidden your footstep, please go to the Source.)
Setting up Tor
Preface: Due to abuse in the past, users trying to connect to the AnonOps IRC servers using Tor will not be able to connect. This is nothing
Setting up Tor
Preface: Due to abuse in the past, users trying to connect to the AnonOps IRC servers using Tor will not be able to connect. This is nothing
Tuesday 21 June 2011
Acrylic DNS Proxy
Acrylic is a local DNS proxy which improves the performance of your computer by caching the responses coming from your DNS servers
When you go into some webpage a portion of the loading time is dedicated to name resolution (usually from a few milliseconds to 1 second) while the rest is dedicated to the transfer of the page contents to your browser
Acrylic is an open source project that helps
When you go into some webpage a portion of the loading time is dedicated to name resolution (usually from a few milliseconds to 1 second) while the rest is dedicated to the transfer of the page contents to your browser
Acrylic is an open source project that helps
Linux Boot Step.
The following are the 6 high level stages of a typical Linux boot process.
1. BIOS
BIOS stands for Basic Input/Output System
Performs some system integrity checks
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the
1. BIOS
BIOS stands for Basic Input/Output System
Performs some system integrity checks
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the
Monday 20 June 2011
Lulzsec + Anonymous = Operation Anti Security
Salutations Lulz Lizards, As we're aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it's acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching
Friday 17 June 2011
Find Malware Site.
I found the new great site to find malware website. Click the pic. if you want to try.
Thursday 16 June 2011
Sniffing using iptables
If you want to see full detail, please go to the Source.
Capture packets generated by user nobody to file nobody.pcap
# iptables -A OUTPUT -m owner --uid-owner nobody -j CONNMARK --set-mark 1
# iptables -A INPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
# iptables -A OUTPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
# dumpcap -i nflog:30 -w uid-1000.pcapCapture tcp packets from/to
Capture packets generated by user nobody to file nobody.pcap
# iptables -A OUTPUT -m owner --uid-owner nobody -j CONNMARK --set-mark 1
# iptables -A INPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
# iptables -A OUTPUT -m connmark --mark 1 -j NFLOG --nflog-group 30
# dumpcap -i nflog:30 -w uid-1000.pcapCapture tcp packets from/to
Monday 13 June 2011
Howto: Find free proxy with Google Search
Today, I want to use proxy to make me anonymous. And I want to use Google search to do find the list of proxy. This is keyword that I use to find the list.
”:8080? +”:3128? +”:80? filetype:txt
Now, try by yourself. What do you get from the search.
”:8080? +”:3128? +”:80? filetype:txt
Now, try by yourself. What do you get from the search.
Sunday 12 June 2011
Sony Breach All [2011-04 -> Now]
I cut some records from the Source. And take in this post with my form. If you want to see full detail of attack or another news. Please go to the Source.
Now the score : Hackers 20 - 0 Sony
1 2011-04-04 Site: Anonymous Engages in Sony DDoS Attacks Over GeoHot PS3 Lawsuit
The group Anonymous declares Sony an enemy and begins a DDoS attack against PSN over the 'GeoHot' lawsuit filed
Now the score : Hackers 20 - 0 Sony
1 2011-04-04 Site: Anonymous Engages in Sony DDoS Attacks Over GeoHot PS3 Lawsuit
The group Anonymous declares Sony an enemy and begins a DDoS attack against PSN over the 'GeoHot' lawsuit filed
Friday 10 June 2011
My blog in mobile version
Now you can visit my blog in your mobile. Try it.
http://r00tsec.blogspot.com/?m=1
http://r00tsec.blogspot.com/?m=1
Metasploit Unleashed in PDF Format
That's right now you can download it to view on your labtop or tablet with offline.
The link is here.
Download:
http://www.wupload.com/file/14691904/Metasploit+Unleashed.rar
http://www.mediafire.com/?bt4902x3h6mu8s5
The link is here.
Download:
http://www.wupload.com/file/14691904/Metasploit+Unleashed.rar
http://www.mediafire.com/?bt4902x3h6mu8s5
Thursday 9 June 2011
Detection shell backdoor on Web Server
1. Web Shell Detection Using NeoPI - A python Script
(https://github.com/Neohapsis/NeoPI)
2. PHP Shell Scanner - A perl Script
3. PHP script to find malicious code on a hacked server - A PHP Script
(http://25yearsofprogramming.com/blog/2010/20100315.htm)
Btw for a quick one, the following grep command can also be used:
Code:grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|
(https://github.com/Neohapsis/NeoPI)
2. PHP Shell Scanner - A perl Script
3. PHP script to find malicious code on a hacked server - A PHP Script
(http://25yearsofprogramming.com/blog/2010/20100315.htm)
Btw for a quick one, the following grep command can also be used:
Code:grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|
Wednesday 8 June 2011
Weevely create and manage PHP trojan designed to be hardly detectable
This software is a proof of concept of an unobtrusive PHP backdoor that simulate a complete telnet-like connection, hidden datas in HTTP referers and using a dynamic probe of system-like functions to bypass PHP security restrictions.
Download last version available of Weevely 0.3Source: https://code.google.com/p/weevely/
Download last version available of Weevely 0.3Source: https://code.google.com/p/weevely/
Ani-Shell: Mass Mailer, Web-Server Fuzzer, DDoser
Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , and a DDoser!
Features of Ani-Shell
Shell
Plateform Independent
Mass – Mailer
Small Web-Server Fuzzer
DDoser
Design
Source: http://www.pentestit.com/2011/06/08/anishell-mass-mailer-webserver-fuzzer-ddoser/
Features of Ani-Shell
Shell
Plateform Independent
Mass – Mailer
Small Web-Server Fuzzer
DDoser
Design
Source: http://www.pentestit.com/2011/06/08/anishell-mass-mailer-webserver-fuzzer-ddoser/
Monday 6 June 2011
Howto: Use sqlmap via Tor on Backtrack5
This test is just one of my lab not illegal or something like that.
1. Edit the repository to the list
- vim /etc/apt/sources.list
2. Add tor's repository to the list
- deb http://deb.torproject.org/torproject.org lucid main
3. Add gpg key and add into the key list.
- gpg --keyserver keys.gnupg.net --recv 886DDD89
- gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key
1. Edit the repository to the list
- vim /etc/apt/sources.list
2. Add tor's repository to the list
- deb http://deb.torproject.org/torproject.org lucid main
3. Add gpg key and add into the key list.
- gpg --keyserver keys.gnupg.net --recv 886DDD89
- gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key
Patching WordPress Username Disclosure
On May 26th Veronica Valero of Talsoft S.R.L. posted a security advisory on the Full Disclosure mailing list outlining a username disclosure vulnerability via a Direct Object Reference.
This is a problem in itself, however, what was more interesting to me was Zerial’s reply to the advisory;
“Also you can “enumerate” wordpress users using the wp-login.php. When you enter a non-existent user
This is a problem in itself, however, what was more interesting to me was Zerial’s reply to the advisory;
“Also you can “enumerate” wordpress users using the wp-login.php. When you enter a non-existent user
Wednesday 1 June 2011
Malware List In My Blog
You can download here, but please don't use in illegal. Phoenix exploit kit 2.5 impassioned Framework Blackhole Exploit Kit Unknown Exploit Kit Zeus 2.5 Source Code [password: zeus]
Subscribe to:
Posts (Atom)