Wordpress all Version full Path Disclosure Vulnerability By KinG Of PiraTeS

================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \

================================================================================
##

Howto: Use openvpn config files on Mac OS X

This post will tell you how to use openvpn and openvpn config file on Mac OSX

1. Download the Tunnelblick from http://code.google.com/p/tunnelblick/

2. Open the downloaded disk image file (which mounts the disk image).
3. Double click on Tunnelblick icon to install program, after that take the step of Tunnelblick installer

4. After Install completed, copy your openvpn config files to ~/Library

DNS Changer ทำงานยังไงกันแน่

เป็นประเด็นค่อนข้างมากกับเรื่อง Malware ที่ชือว่า DNS Changer วันนี้ขอหยิบยกมาพูดหน่อยละกันครับ

ก่อนที่จะรู้ว่า DNS Changer ทำงานยังไง เรามาดูก่อนดีกว่าว่า DNS คืออะไรครับ

DNS คืออะไร
โดยปกติแล้วการเข้าไปใช้งานเว็บไซด์ต่างๆ จะไม่ได้ติดต่อกันด้วยชื่อของเว็บไซด์อย่าง www.facebook.com, www.google.com หรอกนะ เพราะการเชื่อมต่อเน็ตเวิร์คต่างๆทำด้วย IP Address ส่วนชื่อเว็บไซด์(domain name)

DNSCrypt - encrypts DNS traffic between your computer and OpenDNS

DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.

Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though

Webhoneypot - Web Application Honeypot

DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP. 


Source: https://code.google.com/p/webhoneypot/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

WordPress Application Firewall. Protects against current and future attacks.

WordPress Application Firewall. Protects against current and future attacks. Email notification is disabled by default, notification can be activated and configured in Settings > WP WAF. Go to your WP WAF configuration page.


Source: https://wordpress.org/extend/plugins/wp-waf/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

BoNeSi - the DDoS Botnet Simulator

If you want to see demo video of this tool, please go to the Source.

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly

Browsers Anti-XSS methods in ASP (classic) have been defeated!

If you want to see full article,please go to the Source.

Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on

LinkedIn Leaked hashes password statistics

LinkedIn Leaked hashes password statistics (@StefanVenken)         Based on the leaked 6.5 Million hashes,    1.354.946 were recovered within a few hours time with HashCat / Jtr and publicly found wordlists on a customer grade laptop.         This report was created with pipal from @Digininja         Total entries = 1354946    Total unique entries = 1354946         Top 10 base words    link =

Which processes are using the Internet[Linux, Mac OSX]

Try this command in your console.

lsof -P -i -n | cut -f 1 -d " " | uniq







Source: https://www.macworld.com/article/1143351/netprocesses.html

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Your LinkedIn password is in the news or not?

Last night, the password(SHA1) of LinkedIn was leaked and if you want to know your password is in the list or not, try this script(from Phobos Technology) for check it. 

if you want to see full details of this news, please go to the Source.

1. Download Password from
http://wordpress.phobostechnology.com/wp-content/uploads/2012/06/combo_not.zip

2. Run this python script.

"""
Save this file as

Wordpress version finder

If you request domain.com/wp-login.php you will get this in the HTML response:


DOMAIN/wp-admin/css/colors-fresh.css?ver= $VERSION ‘ type=’text/css’
media=’all’ />
(or in older versions)



Each $VERSION relates to a

PDF Examiner

View PDF objects as hex/text, PDF dissector and inspector, scan for known exploits (CVE-2007-5659, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-3954, CVE-2009-3953, CVE-2009-3959, CVE-2009-1493, CVE-2010-0188, CVE-2010-1297, CVE-2010-2883, CVE-2010-3654, CVE-2010-4091, CVE-2011-0609, CVE-2011-0611, CVE-2011-2462, CVE-2011-4369 and embedded /Action commands), process PDF compression (

ป้องกันเด็กเข้าเว็บไม่เหมาะสมด้วย Open DNS

บทความนี้เป็นบทความที่ผมเคยเขียนมาเมื่อนานนนนนมากแล้ว จำไม่ได้เหมือนกันว่าเอาไปทำอะไรต่อหรือเปล่า ว่างๆก็เลยเอามาลง Blog เล่นครับ (หากต้องการเห็นภาพประกอบก็ไปดูใน PDF ละกันครับ) 


ป้องกันเด็กเข้าเว็บไม่เหมาะสมด้วย Open DNS
โดยนายสุเมธ จิตภักดีบดินทร์
    ในปัจจุบันในบ้านแต่ละบ้านคงมีคอมพิวเตอร์และอินเตอร์เน็ตเพื่อใช้งานในด้านต่างๆ

IOSEC - HTTP Anti Flood Security Gateway Module

Description


-What does this module do?
This module provides security enhancements against (HTTP) Flood

Revelo: The Javascript Deobfuscator!

Analysing highly obfuscated the likes of exploit packs, obfuscated scriptwares et al. can be very difficult some times. In times like these, the aptly named Revelo can help. Revelo is Latin for “reveal”. The purpose of this tool is to assist the user in analyzing obfuscated JavaScript code, particularly those that redirect the browser to malicious URLs.Revelo is not as full fledged as MalZilla.

Tor Browser on iOS

Enhance your web privacy
Onion Browser is a minimal web browser that encrypts and tunnels web traffic through the Tor onion router network and provides other tools to help browse the internet while maintaining privacy.

you can get the full detail and download it from http://v3.mike.tig.as/onionbrowser/


If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three

WordPress Vulnerabilities and How to Fix Them

If you want to see all the top attack and how to defend, please go to the Source.

Vulnerability # 1: SQL Injection & URL Hacking.
The problem: WordPress is a database-backed platform
that executes server-side scripts in PHP. Both of these characteristic
can make WordPress vulnerable to malicious URL insertion attacks.
Commands are sent to WordPress via URL parameters, which can be abused

ระวัง Phishing Site ของธนาคารไทยพาณิชย์

เมื่อเช้าผมได้รับเมล์แปลกๆจากผู้ส่งที่ไม่คุ้นเคย อีกทั้งหัวข้อของเมล์นั้นก็ยังสะดุดตาอีก ก็เลยเกิดความสนใจขึ้นมา ซึ่งเนื้อหาของอีเมล์เป็นดังนี้ครับ





จากภาพจะเห็นว่าเป็นเมล์ที่อ้างตัวว่าเป็นตัวแทนจากธนาคารไทยพาณิชย์(Siam Commercial Bank:SCB) บอกว่า 
"ถึงคุณลูกค้า เนื่องด้วยปัญหาทางด้านความปลอยภัยในปัจจุบันที่เพิ่มขึ้น, ทางเราจึงได้ทำการเพิ่มระดับการเข้าใช้งานแบบออนไลน์.  Account

Check the addons of Chrome by kkotowicz

Webpages can sometimes interact with Chrome addons and that might be dangerous, more on that later. Meanwhile, a warmup - trick to detect addons you have installed.While all of us are used to http / https URI Schemes, current web applications sometimes use other schemes including:    javascript: URIs bypassing XSS filters for years    data: URIs that is a common source of new XSS vulnerabilities