Wordpress version finder

If you request domain.com/wp-login.php you will get this in the HTML response:


DOMAIN/wp-admin/css/colors-fresh.css?ver= $VERSION ‘ type=’text/css’
media=’all’ />
(or in older versions)



Each $VERSION relates to a

IOSEC - HTTP Anti Flood Security Gateway Module

Description


-What does this module do?
This module provides security enhancements against (HTTP) Flood

Revelo: The Javascript Deobfuscator!

Analysing highly obfuscated the likes of exploit packs, obfuscated scriptwares et al. can be very difficult some times. In times like these, the aptly named Revelo can help. Revelo is Latin for “reveal”. The purpose of this tool is to assist the user in analyzing obfuscated JavaScript code, particularly those that redirect the browser to malicious URLs.Revelo is not as full fledged as MalZilla.

Interesting Public Vulnerabilities (2012-05-04)

Drupal Core 7.x Denial Of Service / Access Bypass 
http://packetstormsecurity.org/files/112437
Tor Proxy Bypass Via Firefox 
http://packetstormsecurity.org/files/112439
Joomla 2.5.4 Cross Site Scripting 
http://packetstormsecurity.org/files/112451
PHP Vulnerability Source Code Leak And Remote Code Execution
http://www.php.net/archive/2012.php#id2012-05-03-1https://bugs.php.net/bug.php?id=61910

Howto: How to downgrade 5.0.1 to 4.3.3 / 4.3.5 - iPhone 4, 3GS, iPod Touch 4G, 3G, iPad:

Step 1: Make sure that you have downloaded the version of iOS
which you gonna downgrade to (4.3.5, 4.3.3 or any iOS version), you can
download any iOS firmware from our library - Click Here.

Step 2: Navigate to :
Windows Users: Windows > System 32 > drivers > etc
Mac Users : etc

Open hosts file with the text editor then add the following code to the end of the file :

74.208.105.171

Creating executable of Shell Script

By
Nikesh Jauhari










Many times it happen that shell scripts that we write contains sensitive
information like password or some sort of keys or path to some
sensitive files and if you running such script it become very easy for
the normal user to have a look inside the script and get the sensitive
information from the code.
There is a program called "shc" which can provide the

Decoding Mysql Char() to Ascii With Shell Script

When I forensic some logs of websites, I found that many many attack use char() for evasion detection or hard to find malicious code. So I created this simple script for decoding all char() in the log file into ascii character for human reading.

./decoding_char_sql.sh logfiles.log

Example logfiles.log:

target.com/testing.php?vulnparam=1000'+update+tablenames+set+value=cast(value+as+varchar(

iScanner - Tool to detect and remove malicious codes and web page

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files. Download: http://iscanner.isecur1ty.org/download/iscanner.tar.gz
 Current Features:

Java Deobfuscate Trick And Tools

Tricks
     Normal Trick:
      1. Assign eval to a variable
        From: eval(code…);
        To: var x = eval(code…); document.write(x);

      2. Replace document.write() with alert()
        From: document.write(code…);
        To: alert(code…);

      3. Replace eval() with document.write()
        From: eval(code…);
        To: document.write(code…);

      4. Wrap code with alert()

How to undo send in gmail

1-go to google labs and then Gmail labs  or
 click on the green flask in your Gmail as in image to go directly to the gmail labs

2-and then scroll down page to the feature 
3-Now enable this feature.After doing all this, You enabled this feature to your gmail account.send an email and now you will get undo option after sending any email.

Source: http://tricksndtricks.blogspot.com/2011/03/

List of Rogue Certificate That Was Create In Diginotar Incident.

 After hacker hack Diginotar CA, they create many rogue certificate for Man-In-The-Middle, create phishing website or whatever.


This post will paste the link that list of rogue certificate that was create in this incident.

Please revoke the key or certificate if you added it in the past.

Download Link: https://svn.torproject.org/svn/projects/misc/diginotar/rogue-certs-2011-09-04.csv



If

BackTrack 5 r1 patch Wireless Driver rt2800usb

BackTrack 5 R1 contains patched stock kernel 2.6.39.4 wireless drivers with several injection patches applied. Depending on card and setup, these drivers might not suit you. rt2800usb In some cases we've seen cards using the rt2800usb drivers (such as the AWUS036NH and AWUS036NEH ALFAs) act strange with the BT5R1 kernel. If this happens to you, you can try installing a recent

Patching WordPress Username Disclosure

On May 26th Veronica Valero of Talsoft S.R.L. posted a security advisory on the Full Disclosure mailing list outlining a username disclosure vulnerability via a Direct Object Reference.
This is a problem in itself, however, what was more interesting to me was Zerial’s reply to the advisory;
“Also you can “enumerate” wordpress users using the wp-login.php. When you enter a non-existent user

Javascript Password Strength Meter

What makes a strong password? This quick and dirty password strength meter is meant to help users learn how to create stronger passwords. Because it's written in Javascript the password is never sent over the network. Feel free to audit the code and recommend some better regular expressions, weightings, or bug fixes by submitting a comment.


Tips for strong passwords:

Make your password 8

WordPress User IDs and User Names Disclosure

I. Advisory information
Title: WordPress User IDs and User Names Disclosure
Advisory Id: TALSOFT-2011-0526
Advisory URL:
http://www.talsoft.com.ar/index.php/research/security-advisories/wordpress-user-id-and-user-name-disclosure
Date published: 2011-05-26
Vendors contacted: WordPress
Author: Verónica Valeros

II. Vulnerability information
Class: Insecure Direct Object References (CWE-715)
Impact:

Howto: Create Registry to Write Protect a USB Flash Drive

If you want to write protect your USB drive, you can do it with the given registry trick or batch script. Protecting USB drive depends on Registry, and you can do it manually or by the script. Read below. Mannual way is also given along with batch script


Manually:
1- Start > Run > type “regedit” to open regisry editor
2- Navigate to this: HKey_LOCAL_MACHINESystemCurrentControlSetControl

Hardening Linux Ebook

I got this book from twitter(@kenjisam) and thanks for that. After I read this book, I think it's very helpful for improving security in Linux server. Try by yourselves.

If you want to donate me, please click this link to complete the survey



Or just click this to view.




Languagesen>th GoogleDicCEthis

Facebook worm again [OMG.. Look What THIS Kid Did to His School After Being Expelled!]

Again, again and again. Facebook worm has spread with "

This is really insane.. you have to see this
OMG.. Look What THIS Kid Did to His School After Being Expelled!
j.mp
WARNING: Graphic Content!

"
I recommended you shouldn't click the link like this or something similar this and tell your friend that he's infected.

If you want to see detail and how it work step by step, please go to the

Android found vulnerable to sidejacking!

Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable.

Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool

Monitoring file system changes with PowerShell

Create a new System.IO.FileSystemWatcher object, and set appropriate settings:  $watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = $searchPath
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true .Path is the path that will be monitored, .IncludeSubdirectories tells the FileSystemWatcher to monitor all subdirectories of .Path
Now we need to define some