Friday 18 February 2011
Torrent 2 Text for bypassing .torrent filter by ISPs
I have just completed this pretty simple script to let you download the torrent files as text files. I wrote it because ISA server was actually blocking me to download the .torrent files so I quickly wrote this and now I am putting it online.
To use this little script, all you have to do is copy the link location of the .torrent file and paste in the textbox.
Torrent to text tool
Have fun :)
Read more...
To use this little script, all you have to do is copy the link location of the .torrent file and paste in the textbox.
Torrent to text tool
Have fun :)
Read more...
Bookmark this post: | 
|
Art of hacking 1 - spyd3rm4n's guide to hacking
This series of articles can be very useful for many beginners out there but after the thedefaced and darkmindz went down, I haven't really seen these articles anywhere else. So I thought to share this article over here. Its NOT written by me and I would like to provide the full credit to the original author as well.
Art of hacking [ 1 ]
spyd3rm4n's guide to hacking
Part I
[0x01] Definition
[0x02] Method
[0x03] Side_Notes
[0x04] Credits
Sub Definition{
a : to write computer programs for enjoyment
b : to gain access to a computer illegally
}
Sub Method{
These are the boundaries that differentiate a hacker, from a cracker. A cracker will use the same methods of a hacker, but instead of leaving it at just that, they will take it one step beyond, and use the information gained to extort another person and/or cause damage.
Now that has been cleared up, I will just inform you of one of my most common method of hacking.
When I hack, it is a golden rule that I must know what I am hacking. If it's a website, I must know what language is it written in. If I do not, I will learn the language, or at least be able to read it and pick out human errors in the programming.
I usually start like this:
I will first search the website for vulnerable user-input fields. Something that interacts with the viewer. It should include fields that are POST and GET. I will test these fields for penetration. The most common fields vulnerable, are search forms. These can be vulnerable to almost any type of injection, HTML, JAVASCRIPT, or SQL. To test if a field is injectable with HTML, I will usually type "<h1>hello</h1>." If the page returns the word hello in big bold letters, I know it's vulnerable. I then will step it up to JAVASCRIPT. I will type "<script>alert(1)</script>", <script language="Javascript">alert(1)</script>m etc.." If the returned page contains an alert message printing the number 1, I know I can cross-site script it (XSS). SQL on the other hand has a number of pen-testing syntaxes. I usually type a single quote, if it returns SQL errors, I know its vulnerable to injection. If it doesn't, I will sometimes try different combinations of SQL attacks. I will try most commonly, and my favorite, a union injection. Syntax: '+union+select+1--
If that returns with any sort of SQL error, I then know I hit the jackpot. The most common error with union selections is "The UNION SELECT statement is missing the correct number of columns" or something of that sort. It means that you have to select more than one column. This can be the longest part of injecting. You then have to '+union+select+1,2-- each time, adding on another number separated by a comma until your UNION SELECT statement has no errors, and returns a value from that field. I will then look for the returned page for a number. If for example, lets say I did '+union+select+1,2,3,4,5,6--
and the page returns a series of pictures, and in the blue, there is just the number 6 on that page, I will then do '+union+select+1,2,3,4,5,table_name+from+information_schema.tables--
This will select the table name from the information schema, if its allowed. That's all I'm going to say about that for now. If you want to know more, you can learn up on your SQL.
Next, if I find the site is pretty secure, it is always important not to rule out other methods of intrusion. My 2nd and favorite method, is the capturing of the host. With a simple WHOIS lookup, I can find the host of their site. Now, if I pen-test their host and find a vulnerability, that is just as good as hacking their site because it allows for a way in. If all else fails, you can do a reverse IP lookup on the domain of the website. Take a look at all the other websites on that IP and pen-test their security. If you can get rights to upload on one of their sites, you can upload a PHP-Shell and work your way into their directory, viewing their files. If you want to take it further, you can go ahead and try to root the server. Rooting is pretty easy if you know what you're looking for/know any stack/buffer overflows for the OS. Most servers run linux, so it's best to look for overflows for that specific kernel version that contain "Local Root" in it. Other than that, there are so many ways of obtaining root. These include but are not limited to key-logging, phishing, and social engineering. That's pretty much the basis of one of my most common methods of hacking. If you would like to know more, well.. I'm sorry, but you're going to have to pick up the knowledge as you continue your career hacking.
}
Sub Side_Notes{
If you want to learn more, you can check out the mini-books on Hide My Ass, XSS Injection, SQL Injection, Navigating towards root in a PHP Shell, and Stack Overflows in a nuttshell.
}
Sub Credits{
I'm sure you're all wondering who I am going to credit in this. The thing is that over the years, I have encountered many talented hackers. Too many to name in fact. But, there is one person I have to give credit to for being probably one of the most talented hackers I have "read" from. This person is unknown, and I'm sure many of you have read some of their docs. This person is the author of the ZFO (Zero For Owned) series. If you haven't read them, I highly suggest you do a google dork for Zeroforowned. Not to sure on how many of them are still public/around. (You'll notice the style of documentation similarity that I have put in this document, with the ZFO).
}
- Credits : Kr3w of TheDefaced
Art of hacking [ 1 ]
spyd3rm4n's guide to hacking
Part I
[0x01] Definition
[0x02] Method
[0x03] Side_Notes
[0x04] Credits
Sub Definition{
a : to write computer programs for enjoyment
b : to gain access to a computer illegally
}
Sub Method{
These are the boundaries that differentiate a hacker, from a cracker. A cracker will use the same methods of a hacker, but instead of leaving it at just that, they will take it one step beyond, and use the information gained to extort another person and/or cause damage.
Now that has been cleared up, I will just inform you of one of my most common method of hacking.
When I hack, it is a golden rule that I must know what I am hacking. If it's a website, I must know what language is it written in. If I do not, I will learn the language, or at least be able to read it and pick out human errors in the programming.
I usually start like this:
I will first search the website for vulnerable user-input fields. Something that interacts with the viewer. It should include fields that are POST and GET. I will test these fields for penetration. The most common fields vulnerable, are search forms. These can be vulnerable to almost any type of injection, HTML, JAVASCRIPT, or SQL. To test if a field is injectable with HTML, I will usually type "<h1>hello</h1>." If the page returns the word hello in big bold letters, I know it's vulnerable. I then will step it up to JAVASCRIPT. I will type "<script>alert(1)</script>", <script language="Javascript">alert(1)</script>m etc.." If the returned page contains an alert message printing the number 1, I know I can cross-site script it (XSS). SQL on the other hand has a number of pen-testing syntaxes. I usually type a single quote, if it returns SQL errors, I know its vulnerable to injection. If it doesn't, I will sometimes try different combinations of SQL attacks. I will try most commonly, and my favorite, a union injection. Syntax: '+union+select+1--
If that returns with any sort of SQL error, I then know I hit the jackpot. The most common error with union selections is "The UNION SELECT statement is missing the correct number of columns" or something of that sort. It means that you have to select more than one column. This can be the longest part of injecting. You then have to '+union+select+1,2-- each time, adding on another number separated by a comma until your UNION SELECT statement has no errors, and returns a value from that field. I will then look for the returned page for a number. If for example, lets say I did '+union+select+1,2,3,4,5,6--
and the page returns a series of pictures, and in the blue, there is just the number 6 on that page, I will then do '+union+select+1,2,3,4,5,table_name+from+information_schema.tables--
This will select the table name from the information schema, if its allowed. That's all I'm going to say about that for now. If you want to know more, you can learn up on your SQL.
Next, if I find the site is pretty secure, it is always important not to rule out other methods of intrusion. My 2nd and favorite method, is the capturing of the host. With a simple WHOIS lookup, I can find the host of their site. Now, if I pen-test their host and find a vulnerability, that is just as good as hacking their site because it allows for a way in. If all else fails, you can do a reverse IP lookup on the domain of the website. Take a look at all the other websites on that IP and pen-test their security. If you can get rights to upload on one of their sites, you can upload a PHP-Shell and work your way into their directory, viewing their files. If you want to take it further, you can go ahead and try to root the server. Rooting is pretty easy if you know what you're looking for/know any stack/buffer overflows for the OS. Most servers run linux, so it's best to look for overflows for that specific kernel version that contain "Local Root" in it. Other than that, there are so many ways of obtaining root. These include but are not limited to key-logging, phishing, and social engineering. That's pretty much the basis of one of my most common methods of hacking. If you would like to know more, well.. I'm sorry, but you're going to have to pick up the knowledge as you continue your career hacking.
}
Sub Side_Notes{
If you want to learn more, you can check out the mini-books on Hide My Ass, XSS Injection, SQL Injection, Navigating towards root in a PHP Shell, and Stack Overflows in a nuttshell.
}
Sub Credits{
I'm sure you're all wondering who I am going to credit in this. The thing is that over the years, I have encountered many talented hackers. Too many to name in fact. But, there is one person I have to give credit to for being probably one of the most talented hackers I have "read" from. This person is unknown, and I'm sure many of you have read some of their docs. This person is the author of the ZFO (Zero For Owned) series. If you haven't read them, I highly suggest you do a google dork for Zeroforowned. Not to sure on how many of them are still public/around. (You'll notice the style of documentation similarity that I have put in this document, with the ZFO).
}
- Credits : Kr3w of TheDefaced
Read more...
Bookmark this post: |
|
Thursday 17 February 2011
Octave and QtOctave - Open source alternative to Matlab
Octave is a (mostly Matlab (R) compatible) high-level language, primarily intended for numerical computations. It provides a convenient interface for solving linear and nonlinear problems numerically.
Octave is quite similar with the Matlab language so most of the Octave codes are portable. It also provides extensive graphics capabilities for data visualization and manipulation. QtOctave is the graphical frontend to GNU octave and provides very easy to use graphical data entry, shortcuts and displays.
To install gnuplot, octave and qtoctave under ubuntu, type the following in terminal:
I hope you enjoy your time with this open source alternative of matlab. Also, scilab is another software for the same purpose i.e. numerical computations.
I hope it helped you. :-)
Read more...
Octave is quite similar with the Matlab language so most of the Octave codes are portable. It also provides extensive graphics capabilities for data visualization and manipulation. QtOctave is the graphical frontend to GNU octave and provides very easy to use graphical data entry, shortcuts and displays.
To install gnuplot, octave and qtoctave under ubuntu, type the following in terminal:
sudo apt-get install gnuplot octave qtoctave
I hope you enjoy your time with this open source alternative of matlab. Also, scilab is another software for the same purpose i.e. numerical computations.
I hope it helped you. :-)
Read more...
Bookmark this post: |
|
Download.com.np : A nepali download portal
I came across this nepali download portal Download.com.np which seems to be powered by MOS.
Mercantile communications, a leading Kathmandu based IT Company, developed a useful website download.com.np for most of the download users who frequently requires different kinds of freeware/shareware programs in their day to day professional life. Download.com.np aims to be a window for collection of the different Freeware and shareware programs with easier and faster downloading from the local network.
Visit the site
Happy downloadings, Nepali users :)
Read more...
Mercantile communications, a leading Kathmandu based IT Company, developed a useful website download.com.np for most of the download users who frequently requires different kinds of freeware/shareware programs in their day to day professional life. Download.com.np aims to be a window for collection of the different Freeware and shareware programs with easier and faster downloading from the local network.
Visit the site
Happy downloadings, Nepali users :)
Read more...
Bookmark this post: |
|
Supertux2 console scripting hacks/tricks
SuperTux is a classic 2D jump and run sidescroller game in a similar style like the original SuperMario games. It is similar to mario with its hero as the Tux, the official mascot of the linux kernel. Well there are few interesting tricks that can be used in the console mode of this game so enjoy this post.
For the cheats to work, you need to enable the console mode either by editing the config file situated at $HOME/.supertux2/ or by running the supertux2 with the --console argument. IInd way is easier.
So we first need to start the program by typing in the Run command[Alt+F2]
Now console mode can be toggled by using a specific keyboard input which is ^ by default and can be modified from the options menu. I prefer ` as the console key.
Now while playing the game, we will press the console key and then a new overlapping console will be seen. There we will be typing the commands which will be listed in this post.
There are different kinds of functions that can be enlisted by pressing Tab when console screen is on.
Following are few interesting global functions that can be called by typing as they are below:
play_music(string musicfile) Changes music to musicfile
play_sound(string soundfile) Plays a soundfile
grease() Speeds Tux's horizontal velocity by a factor of 3.
ghost() Makes Tux a ghost, letting him float around and through objects.
invincible() Make Tux invincible for 10000 units of game time.
mortal() Recall Tux's invincibility or ghost status. (Even when not given with above 2 commands)
restart() Reinitialize and respawn Tux at the beginning of the current level.
whereami() Print out Tux's coordinates to the console.
gotoend() Moves Tux horizontally 2 screens away from the end.
camera() Display the current camera's coordinates. (top-left corner)
quit() Exits the game. (Not recommended for use in levels!)
Apart from these global ones, we can access the other objects such as Tux(object of Player class), Camera, etc. In the following list of Player class's function, you can access each of them by typing sector.Tux.function_name(). For example, to call do_cheer(), you would type sector.Tux.do_cheer() in the console.
For more scripting reference, please visit this link.
Happy Supertuxing :-)
Read more...
For the cheats to work, you need to enable the console mode either by editing the config file situated at $HOME/.supertux2/ or by running the supertux2 with the --console argument. IInd way is easier.
So we first need to start the program by typing in the Run command[Alt+F2]
supertux2 --console
Now console mode can be toggled by using a specific keyboard input which is ^ by default and can be modified from the options menu. I prefer ` as the console key.
Now while playing the game, we will press the console key and then a new overlapping console will be seen. There we will be typing the commands which will be listed in this post.
There are different kinds of functions that can be enlisted by pressing Tab when console screen is on.
Following are few interesting global functions that can be called by typing as they are below:
play_music(string musicfile) Changes music to musicfile
play_sound(string soundfile) Plays a soundfile
grease() Speeds Tux's horizontal velocity by a factor of 3.
ghost() Makes Tux a ghost, letting him float around and through objects.
invincible() Make Tux invincible for 10000 units of game time.
mortal() Recall Tux's invincibility or ghost status. (Even when not given with above 2 commands)
restart() Reinitialize and respawn Tux at the beginning of the current level.
whereami() Print out Tux's coordinates to the console.
gotoend() Moves Tux horizontally 2 screens away from the end.
camera() Display the current camera's coordinates. (top-left corner)
quit() Exits the game. (Not recommended for use in levels!)
Apart from these global ones, we can access the other objects such as Tux(object of Player class), Camera, etc. In the following list of Player class's function, you can access each of them by typing sector.Tux.function_name(). For example, to call do_cheer(), you would type sector.Tux.do_cheer() in the console.
add_bonus(string bonusname) Gives Tux the specified bonus. Replace bonusname with either of "grow", "fireflower" or "iceflower".
add_coins(int number) Gives Tux number coins.
make_invincible() Makes the player invincible for either a predefined amount of time.
deactivate() Stops the player and blocks the movement controls.
activate() Reactivates the player's movement controls.
walk(float speed) Make Tux walk
set_visible(bool visible) Shows or hides Tux according to the value of visible. Note: Tux doesn't interact with objects or badguys while invisible.
get_visible() Returns: bool; is Tux visible?
kill(bool completely) Hurts a player, if completely=true then the player will be killed even if he had grow or fireflower bonus.
set_ghost_mode(bool enable) Switches ghost mode on/off.
Lets Tux float around and through solid objects.
get_ghost_mode() Returns whether ghost mode is currently enabled
do_cheer() Makes Tux cheer, if possible.
do_duck() Makes Tux duck, if possible.
do_standup() Makes Tux stand up, if possible.
do_backflip() Makes Tux backflip, if possible.
do_jump() Makes Tux jump, if possible.
add_coins(int number) Gives Tux number coins.
make_invincible() Makes the player invincible for either a predefined amount of time.
deactivate() Stops the player and blocks the movement controls.
activate() Reactivates the player's movement controls.
walk(float speed) Make Tux walk
set_visible(bool visible) Shows or hides Tux according to the value of visible. Note: Tux doesn't interact with objects or badguys while invisible.
get_visible() Returns: bool; is Tux visible?
kill(bool completely) Hurts a player, if completely=true then the player will be killed even if he had grow or fireflower bonus.
set_ghost_mode(bool enable) Switches ghost mode on/off.
Lets Tux float around and through solid objects.
get_ghost_mode() Returns whether ghost mode is currently enabled
do_cheer() Makes Tux cheer, if possible.
do_duck() Makes Tux duck, if possible.
do_standup() Makes Tux stand up, if possible.
do_backflip() Makes Tux backflip, if possible.
do_jump() Makes Tux jump, if possible.
For more scripting reference, please visit this link.
Happy Supertuxing :-)
Read more...
Bookmark this post: |
|
Saturday 12 February 2011
Convert UIF file to ISO with uif2iso under ubuntu
uif2iso is a command line tool to convert the compressed magicISO file format uif(Universal Image Format) to the uncompressed ISO file format and few other formats. The output format (iso, cue/bin, mds/mdf, ccd, nrg) and corresponding extension are automatically chosen by the tool, depending on what the original format of the input file was.
To install uif2iso, open the terminal and type:
To use this tool, type as following:
Thanks :)
Read more...
To install uif2iso, open the terminal and type:
sudo apt-get install uif2iso
To use this tool, type as following:
uif2iso <inputfile.uif> <output>
Thanks :)
Read more...
Bookmark this post: |
|
Friday 11 February 2011
Changing desktop background in windows 7 starter edition
Earlier, I was working on newly bought netbook of my friend and I was trying to change the desktop background which was not working. I tried to find the default wallpaper image and replace that image with the desired wallpaper image, but no luck. A quick google search revealed that it was actually the limitation of the windows 7 starter edition. With few more google search, I came across a win 7 starter edition's background changer tool by Oceanis. This tool was able to change the background easily.
You can get this tool from the link below:
Oceanis win 7 starter edition background changer
Edit: Alternative download link
Credits: Oceanis + www.sevenforums.com
Read more...
You can get this tool from the link below:
Oceanis win 7 starter edition background changer
Edit: Alternative download link
Credits: Oceanis + www.sevenforums.com
Read more...
Bookmark this post: |
|
Thursday 10 February 2011
Paros Proxy - A tool for security pentester
Paros proxy can be used as the security pentest tool for evaluating the security of the web application. Written in JAVA, this tool can be used to intercept and modify all HTTP and HTTPS data between server and client, including cookies and form fields. Moreover this tool comes with an inbuilt session ID analyzer and fuzzing tool too.
For more information and downloads, you can visit the Official Site.
Thanks. :)
Read more...
For more information and downloads, you can visit the Official Site.
Thanks. :)
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)