SheLLniX

            พอดีวันนี้เพิ่งเห็นว่ามันออกมาใหม่แล้วสำหรับเวอร์ชั่น 11.0 ใครที่เป็นแฟน Hiren's BootCD ก็ลองโหลดเอาไปทดสอบกันดู นะครับ

New added softwares:

• Autologon 3.0: Enables you to easily configure Windows' built-in autologon mechanism, so you don't have to wait on the login screen (Windows Freeware).
  
• BellaVista 1.1.0.47: Formerly BCD Editor with lots of options to configure Windows for a developer (Windows Freeware).
  
• DiskDigger 0.8.3.176: Undelete and recover lost photos, videos, music, documents and other formats from your hard drive, memory cards and USB flash drives (Windows Freeware).
  
• DiskView 2.4: to view graphical map of your disk, allowing you to check where a file is located or, by clicking on a cluster, seeing which file occupies it (Dos Freeware).
  
• grub4dos 2010-08-04: an universal boot loader based on GNU GRUB, can boot off DOS/LINUX or via Windows boot manager/syslinux/lilo or from MBR/CD, builtin BIOS disk emulation (Linux Freeware).
  
• HBCD Customizer 1.3: HBCDCustomizer.exe is a GUI tool to create custom iso images of Hiren's BootCD (Windows Freeware).
  
• IE PassView 1.20: It allows you to view username and passwords saved by Internet Explorer (Windows Freeware).
  
• isolinux 4.02: a boot loader for Linux/i386 that operates off ISO 9660/El Torito CD-ROMs in 'no emulation' mode (Linux Freeware).
  
• MemDisk 4.02: to allow booting legacy operating systems, floppy images, hard disk images and some ISO images (Linux Freeware).
  
• PasswordFox 1.20: Allows you to view the user names and passwords stored by Mozilla Firefox Web browser (Windows Freeware).
  
• PLoP Boot Manager 5.0.10: a small program to boot different operating systems harddisk, floppy, CD/DVD or from USB, it can boot from an USB/CD/DVD even without BIOS support (Linux Freeware).
  
• PuTTY 0.60: a free and open source terminal emulator application which can act as a client for the SSH and Telnet (Windows Freeware).
  
• Remove Fake Antivirus 1.66: a tool to remove virus/malwares which disguises itself to be an antivirus and produces fake alert/warnings and urge you to purchase a useless copy of the fake antivirus (Windows Freeware).
  
• ShadowCopy 1.00: Copy all your files and entire system: even if they are locked by Windows (Windows Freeware).
  
• SmartSniff 1.63: Network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter (Windows Freeware).
  
• SniffPass 1.11: A password monitoring tool that listens to your network, capture the passwords that pass through your network adapter, it works on POP3, IMAP4, SMTP, FTP, and HTTP protocols and recovers lost Web/FTP/Email passwords (Windows Freeware).
  
• Victoria 4.46: Universal program for testing storage devices (Windows Freeware).
  
• Western Digital Data Lifeguard Tools 1.21: to perform drive identification, diagnostics, and repairs on most WD drives (Windows Freeware).
  
• XXClone 0.58.0: The simple way to clone a Windows disk to another disk, it makes a self-bootable clone of Windows system disk (Windows Freeware).

Download
http://hotfile.com/dl/61108995/b367824/Hirens_BootCD_11.0.rar.html
หรือ
http://depositfiles.com/files/bh1ggbk5m

           เมื่อเราทำการติดตั้งเจ้า freebsd แล้ว ส่วนใหญ่เราจะเปิด ssh ไว้ด้วย เพื่อทำการ remote เข้าไปคอนฟิกผ่านเครื่องลูกข่าย  ซึ่งยังสามารถที่จะทำการ upload ไฟล์ต่างๆไปยัง server  ของเราได้ด้วย แต่การที่จะใช้ root ทำการ login เข้าไปนั้นมันยังไม่ยอม แต่มีวิธีสามารถให้ root ทำการ login ง่ายๆ ดังนี้

1. เข้าไปแก้ที่ไฟล์ sshd_config ใช้คำสั่งดังนี้
# ee /etc/ssh/sshd_config

2. ประมาณบรรทัดที่ 48 ให้เราเอาเครื่องหมาย # ข้างหน้าออก และเปลี่ยนจาก no เป็น yes
#PermitRootLogin no >> ค่าเดิม
PermitRootLogin yes >> ใส่ค่านี้ลงไปใหม่

3. ทำการ reboot ซักรอบนะ

4. จากนั้นก็ลองใช้ winscp ที่เครื่องลูกทำการ login เข้ามาดูนะ


แค่นี้แหละ

ปล. เรื่องของความไม่ปลอดภัย ไม่ควรใช้สิทธิ์ของ root login มาจากเครื่องอื่นๆ นะจ๊ะ

This is a list of handy MySQL commands that I use time and time again. At the bottom are statements, clauses, and functions you can use in MySQL. Below that are PHP and Perl API functions you can use to interface with MySQL. To use those you will need to build PHP with MySQL functionality. To use MySQL with Perl you will need to use the Perl modules DBI and DBD::mysql.

Below when you see # it means from the unix shell. When you see mysql> it means from a MySQL prompt after logging into MySQL.

To login (from unix shell) use -h only if needed.

# [mysql dir]/bin/mysql -h hostname -u root -p

Create a database on the sql server.

mysql> create database [databasename];

List all databases on the sql server.

mysql> show databases;

Switch to a database.

mysql> use [db name];

To see all the tables in the db.

mysql> show tables;

To see database's field formats.

mysql> describe [table name];

To delete a db.

mysql> drop database [database name];

To delete a table.

mysql> drop table [table name];

Show all data in a table.

mysql> SELECT * FROM [table name];

Returns the columns and column information pertaining to the designated table.

mysql> show columns from [table name];

Show certain selected rows with the value "whatever".

mysql> SELECT * FROM [table name] WHERE [field name] = "whatever";

Show all records containing the name "Bob" AND the phone number '3444444'.

mysql> SELECT * FROM [table name] WHERE name = "Bob" AND phone_number = '3444444';

Show all records not containing the name "Bob" AND the phone number '3444444' order by the phone_number field.

mysql> SELECT * FROM [table name] WHERE name != "Bob" AND phone_number = '3444444' order by phone_number;

Show all records starting with the letters 'bob' AND the phone number '3444444'.

mysql> SELECT * FROM [table name] WHERE name like "Bob%" AND phone_number = '3444444';

Show all records starting with the letters 'bob' AND the phone number '3444444' limit to records 1 through 5.

mysql> SELECT * FROM [table name] WHERE name like "Bob%" AND phone_number = '3444444' limit 1,5;

Use a regular expression to find records. Use "REGEXP BINARY" to force case-sensitivity. This finds any record beginning with a.

mysql> SELECT * FROM [table name] WHERE rec RLIKE "^a";

Show unique records.

mysql> SELECT DISTINCT [column name] FROM [table name];

Show selected records sorted in an ascending (asc) or descending (desc).

mysql> SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC;

Return number of rows.

mysql> SELECT COUNT(*) FROM [table name];

Sum column.

mysql> SELECT SUM(*) FROM [table name];

Join tables on common columns.

mysql> select lookup.illustrationid, lookup.personid,person.birthday from lookup left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;

Creating a new user. Login as root. Switch to the MySQL db. Make the user. Update privs.

# mysql -u root -p
mysql> use mysql;
mysql> INSERT INTO user (Host,User,Password) VALUES('%','username',PASSWORD('password'));
mysql> flush privileges;

Change a users password from unix shell.

# [mysql dir]/bin/mysqladmin -u username -h hostname.blah.org -p password 'new-password'

Change a users password from MySQL prompt. Login as root. Set the password. Update privs.

# mysql -u root -p
mysql> SET PASSWORD FOR 'user'@'hostname' = PASSWORD('passwordhere');
mysql> flush privileges;

Recover a MySQL root password. Stop the MySQL server process. Start again with no grant tables. Login to MySQL as root. Set new password. Exit MySQL and restart MySQL server.

# /etc/init.d/mysql stop
# mysqld_safe --skip-grant-tables &
# mysql -u root
mysql> use mysql;
mysql> update user set password=PASSWORD("newrootpassword") where User='root';
mysql> flush privileges;
mysql> quit
# /etc/init.d/mysql stop
# /etc/init.d/mysql start

Set a root password if there is on root password.

# mysqladmin -u root password newpassword

Update a root password.

# mysqladmin -u root -p oldpassword newpassword

Allow the user "bob" to connect to the server from localhost using the password "passwd". Login as root. Switch to the MySQL db. Give privs. Update privs.

# mysql -u root -p
mysql> use mysql;
mysql> grant usage on *.* to bob@localhost identified by 'passwd';
mysql> flush privileges;

Give user privilages for a db. Login as root. Switch to the MySQL db. Grant privs. Update privs.

# mysql -u root -p
mysql> use mysql;
mysql> INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('%','databasename','username','Y','Y','Y','Y','Y','N');
mysql> flush privileges;

or

mysql> grant all privileges on databasename.* to username@localhost;
mysql> flush privileges;

To update info already in a table.

mysql> UPDATE [table name] SET Select_priv = 'Y',Insert_priv = 'Y',Update_priv = 'Y' where [field name] = 'user';

Delete a row(s) from a table.

mysql> DELETE from [table name] where [field name] = 'whatever';

Update database permissions/privilages.

mysql> flush privileges;

Delete a column.

mysql> alter table [table name] drop column [column name];

Add a new column to db.

mysql> alter table [table name] add column [new column name] varchar (20);

Change column name.

mysql> alter table [table name] change [old column name] [new column name] varchar (50);

Make a unique column so you get no dupes.

mysql> alter table [table name] add unique ([column name]);

Make a column bigger.

mysql> alter table [table name] modify [column name] VARCHAR(3);

Delete unique from table.

mysql> alter table [table name] drop index [colmn name];

Load a CSV file into a table.

mysql> LOAD DATA INFILE '/tmp/filename.csv' replace INTO TABLE [table name] FIELDS TERMINATED BY ',' LINES TERMINATED BY '\n' (field1,field2,field3);

Dump all databases for backup. Backup file is sql commands to recreate all db's.

# [mysql dir]/bin/mysqldump -u root -ppassword --opt >/tmp/alldatabases.sql

Dump one database for backup.

# [mysql dir]/bin/mysqldump -u username -ppassword --databases databasename >/tmp/databasename.sql

Dump a table from a database.

# [mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql

Restore database (or database table) from backup.

# [mysql dir]/bin/mysql -u username -ppassword databasename < /tmp/databasename.sql

Create Table Example 1.

mysql> CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));

Create Table Example 2.

mysql> create table [table name] (personid int(50) not null auto_increment primary key,firstname varchar(35),middlename varchar(50),lastnamevarchar(50) default 'bato');

Ref.
http://www.pantz.org/software/mysql/mysqlcommands.html

            ไม่มีอะไรพอดีช่วงนี้กำลังทำอะไรวุ่นๆอยู่กับ freebsd ทำการคอนฟิกโน้นนี่ไปเรื่อย และมีเรื่องที่จะคอนฟิก ntp server (ทำให้เวลามันตรงกับเค้าอะนะ แบบว่าถ้ามีการตรวจสอบจะได้ไม่โดน)
แบบว่ากันลืม มาเริ่มกันเลย

1. ทำการปรับค่าใน /etc/rc.conf กันก่อน
- # ee /etc/rc.conf
- ใส่บรรทัดนี้ต่อท้ายลงไป ntpd_enable="YES"
- จากนั้นก็ทำการ save ไฟล์ด้วย นะ

2. ทำการแก้ไขโฮสที่ใช้อ้างอิงเวลานะ โดยเข้าไปแก้ที่ไฟล์ etc/ntp.conf
- # ee /etc/ntp.conf
- ใส่ # หน้า3 บรรทัดที่บอกว่า server 0.freebsd.pool.ntp.org iburst maxpoll 9
server 2.freebsd.pool.ntp.org iburst maxpoll 9
server 3.freebsd.pool.ntp.org iburst maxpoll 9

- ทำการเพิ่มคำสั่งนี้ลงไปในบรรทัดก่อนหน้าที่เราใส่ # ไว้ นะ
server clock.nectec.or.th prefer
server clock2.nectec.or.th

3. จากนั้นลองทำการ rebooะ ซักครั้ง หรือจะทำการ start เลย ด้วยคำสั่งนี้นะ
# /etc/rc.dntpd start

แค่นี้แหละเอาไว้กันลืม

            เริ่มงัยดีแบบว่าวันนี้มาทำงานแล้วพบว่ามีผู้ใช้งานโทรมาแจ้งว่าเข้า hotmail ไม่ได้ (แต่เว็บอื่นเข้าได้นะ) อ้าวทำไม hotmail เข้าไม่ได้อะเนี่ย เป็นอะไรหว่า จากนั้นลองทำการเช็คดูปรากฎว่าเข้าไม่ได้จริงๆ ซึ่งการใช้ internet ที่นี่มันต้องวิ่งผ่าน proxy ที่ทำไว้ด้วย ในใจเราสงสัยต้องเป็นที่เจ้าตัว proxy ของเราแน่เลยไป block อะไรไว้หรือเปล่าหว่า ก็เข้าตามไปดู config ต่างๆใน squid.conf อย่างละเอียดลองปรับโน้นนี่ ก็ยังไม่ได้แหะ สมองก็เลยเริ่มแล่นไปอีกเอางัยดีซึ่ง internet ที่ใช้อยู่มันมีอยู่ 2 เส้นอะ แบบว่าแบ่งการใช้งานอินเตอร์เน็ตกับเมล์ เลยลองย้ายให้ไปวิ่งผ่านเส้นที่ 2 (เมล์) และลองทำการทดสอบดู ปรากฎว่าสามารถใช้งาน hotmail ได้  เหอๆ แปลกๆอยู่ในใจว่ามันเป็นที่ ISP หรือเปล่าวะเนี่ย :p
             ต่อมาอีกช่วงบ่ายไฟตกทำให้เครื่องเจ้า proxy เนี่ย ดับไปด้วย (ไม่มี ups ส่งไปเคลมอยู่ 55) พอลองทำการเปิดเครื่องขึ้นมาปรากฎว่าเครื่องลูกข่ายไม่สามารถเข้า internet ได้เนื่องจากไม่มีหน้าในการ authen ขึ้นมาให้ใส่ user และ password  (โทรศัพท์ดังมาเป็นระลอกชุดใหญ่ แบบว่ารู้แล้วไม่ได้ใช้แปบเดี๋ยวจะตายหรืองัยวะ internet) ลองทำการเช็คอยู่ตั้งนานเป็นไรหว่าทุกอย่างก็ปกติดี จากนั้นลองเข้าไปดูที่ cache.log ว่ามีอะไรที่พอสังเกตได้บ้าง และแล้วก็เจอเลย ตามรูป











ปัญหาก็น่าจะคงเกิดจากเจ้าตัว squid มันเช็ค dns ไม่ได้ นะแหละ


ไม่รอช้าลองทำการเปลี่ยน rule ใน firewall ให้มันกลับไปวิ่งที่เส้น 1 อีกทีซิ 555+ เสร็จฉาน
ทุกอย่างก็เข้าสู่ภาวะดังเดิมที่ต้องนั่งหน้าคอมกันต่อไป เหอๆๆๆๆๆๆ

สรุปแล้วปัญหามันเกิดจากที่เราไปปรับโน้นนี่ แต่ของยังนี้มันต้องลอง เพราะถือว่าเนี่ยแหละประสบการณ์ชีวิตนะคร้าบๆๆๆๆ

Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the CD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders.

The CD comes in two forms. A full Linux desktop including a graphical user interface (GNOME) and applications like Firefox along with tools and utilities for DNS enumeration, reconnaissance, foot-printing, password cracking and network sniffing. For greater accessibility there is a Live Hacking menu to help you quick find and launch the tools.

The second variation is the Live Hacking Mini CD, which is command line only. However this doesn't detract from the power of the tools and utilities included as most of the penetration testing and ethical hacking tools are command line tools. The included /lh directory has symbolic links to the different tools included.







Here is a list of the hacking tools you can find on the Live Hacking CD:

 Reconnaissance (and DNS)

• Dig - DNS lookup utility
• DNSMap - DNS mapping is a mechanism which allows hosts on a private LAN to use DNS Services even if the address of an actual DNS Server is unknown.
• DNSTracer - Trace DNS queries to the source
• DNSWalk - Checks DNS zone information using nameserver lookups
• Netmask - Helps determine network masks
• Relay Scanner - This program is used to test SMTP servers for Relaying problems
• TCPTraceroute - Traceroute implementation using TCP packets
• Firewalk - Firewalk is a network auditing tool that attempts to determine what transport protocols a given gateway will pass.

 Foot-printing

• Amap - Performs fast and reliable application protocol detection, independent of the TCP/UDP port they are being bound to.
• Curl - Get a file from an HTTP, HTTPS or FTP server
• Fping - Sends ICMP ECHO_REQUEST packets to network hosts
• Hping3 - Active Network Smashing Tool
• HTTprint - A web server fingerprinting tool
• Ike-Scan - IPsec VPN scanning, fingerprinting and testing tool
• MetoScan - HTTP method scanner
• Namp - The Network Mapper
• Netcat - TCP/IP swiss army knife
• P0f - Passive OS fingerprinting and masquerade detection utility
• Zenmap - The Network Mapper Front End

 Password Cracking

• Chntpw - NT SAM password recovery utility
• Rainbowcrack – Crack LM, MD5 and SHA1 hashes
• THC PPTP Bruter - A brute forcing program against PPTP VPN endpoints (TCP port 1723)
• VNCrack – Crack VNC passwords
• John the ripper - A fast password cracker

 Network Sniffing

• DHCP Dump – DHCP packet dumper
• Dsniff – Password sniffer
• SSLDump – Dump SSL traffic on a network
• Ntop – Displays top network users
• Wireshark – Interactively dump and analyze network traffic

 Spoofing (or Masquerading)

• File2cable - Sends a file as a raw ethernet frame
• Netsed – Network packet streaming editor
• Sing – Send ICMP Nasty Garbage packets to network hosts
• TCPreplay – Replay network traffic stored in pcap files

 Wireless Networking Utilities

• Aircrack-ng - Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
• Kismet – Wireless sniffing and monitoring
• THC Leap Cracker - The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication.
• WEPCrack - WEPCrack is an open source tool for breaking 802.11 WEP secret keys.
• WIDZ - Wireless Intrusion Detection System
• Cowpatty - Brute-force dictionary attack against WPA-PSK

Miscellaneous

• GDB – The GNU Debugger.
• Hexdump – ASCII, decimal, hexadecimal and octal dump tool.
• Hexedit – View and edit file in hexadecimal or in ASCII
• Wipe – Securely erase files
• Madedit -Text/Hex Editor

Download
http://www.livehacking.com/cd-dvd/download.htm

Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.

• Base features
  • Resize-friendly window structure
  • Window position is preserved across sessions
  • Built-in zoom
  • Detailed log window
  • Links to online information about the attacks and fixes
  
  

You can use our Lens tool to test your site against the following attacks

Session state
Eavesdropping
Session fixation (available in v.1.0.0.1)
Forms authentication
Eavesdropping
ViewState
Eavesdropping (available in v.1.0.0.1)
Information disclosure (available in v.1.0.0.1)
Event handler bypass
Event handling
Postback to disabled controls
Postback to invisible controls
One-click attack

Download
http://ethicalhackingaspnet.codeplex.com/releases/view/45324

Do you need to keep up with the latest hacks, attacks, and exploits effecting Unified Communications technology? Then you need Seven Deadliest Unified Communication Attacks. This book pinpoints the most dangerous hacks and exploits specific to Unified Communications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

Attacks featured in this book include:

1. UC Ecosystem Attacks


2. Insecure Endpoints


3. Eavesdropping and Modification


4. Control Channel Attacks: Fuzzing, DoS, SPIT and Toll Fraud


5. SIP Trunking and PSTN Interconnection


6. Identity, Spoofing and Vishing


7. Attacks Against Distributed Systems

• Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally


• Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how


• Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable

Product Details

• Paperback: 200 pages
• Publisher: Syngress (April 28, 2010)
• Language: English
• ISBN-10: 1597495476
• ISBN-13: 978-1597495479
• Product Dimensions: 9.3 x 7.4 x 0.7 inches
• Shipping Weight: 1 pounds

Download
http://hotfile.com/dl/42604749/8bf2767/Seven_Deadliest_Unified_Communications_Attacks.pdf.rar.html

Do you need to keep up with the latest hacks, attacks, and exploits effecting networks? Then you need Seven Deadliest Network Attacks. This book pinpoints the most dangerous hacks and exploits specific to networks, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

Attacks detailed in this book include:

1. Denial of Service


2. War Dialing


3. Penetration "Testing"


4. Protocol Tunneling


5. Spanning Tree Attacks


6. Man-in-the-Middle


7. Password Replay

• Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally


• Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how


• Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable

Product Details

• Paperback: 176 pages
• Publisher: Syngress (April 29, 2010)
• Language: English
• ISBN-10: 1597495492
• ISBN-13: 978-1597495493
• Product Dimensions: 9.1 x 7.4 x 0.6 inches
• Shipping Weight: 14.4 ounces

Download
http://hotfile.com/dl/42605305/c8877d8/Seven_Deadliest_Network_Attacks.rar.html

Do you need to keep up with the latest hacks, attacks, and exploits effecting web applications? Then you need Seven Deadliest Web Application Attacks. This book pinpoints the most dangerous hacks and exploits specific to web applications, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable.

Attacks detailed in this book include:

1. Cross-Site Scripting (XSS)


2. Cross-Site Request Forgery (CSRF)


3. SQL Injection


4. Server Misconfiguration and Predictable Pages


5. Breaking Authentication Schemes


6. Logic Attacks


7. Malware and Browser Attacks

• Knowledge is power, find out about the most dominant attacks currently waging war on computers and networks globally


• Discover the best ways to defend against these vicious attacks; step-by-step instruction shows you how


• Institute countermeasures, don't be caught defenseless again, learn techniques to make your computer and network impenetrable

Product Details

• Paperback: 192 pages
• Publisher: Syngress (March 31, 2010)
• Language: English
• ISBN-10: 1597495433
• ISBN-13: 978-1597495431
• Product Dimensions: 9.1 x 7.4 x 0.6 inches
• Shipping Weight: 14.4 ounces

Download
http://hotfile.com/dl/42606010/75472ad/Seven_Deadliest_Web_Application_Attacks.pdf.rar.html

            พอดีต้องการใช้เจ้า Thunderbird มาเป็นเมล์ไคลเอ็นต์ จากที่ได้ทำการอับเกรดตัว OS ใหม่
จาก Ubuntu 9.10 >> Ubuntu 10.04 (ทำการ upgrade) ซึ่งโชคร้ายอย่างแรงเจ้าตัว Ubuntu 10.04 ใหม่ นั้นพอเวลาบูตเครื่องเข้ามาแล้วจะค้าง ช้าๆ สุดท้ายต้องลงใหม่เศร้าอย่างแรง T T
           ทำให้ต้องมาเริ่มติดตั้งโปรแกรมกันใหม่ ก็เลยเป็นที่มาสำหรับติดตั้งเจ้า Thunderbird เนี่ยแหละ ที่จริงในเวอร์เก่ามันจะมีมาให้ด้วย แต่สำหรับเจ้า 10.04 เนี่ย มันไม่ได้ถูกรวมเข้ามาด้วย เหอๆ

ขั้นตอนก็ไม่มีไรมาก
1. sudo apt-get update
2. sudo apt-get install thunderbird



 









3. เมื่อติดตั้งเสร็จแล้วเราสามารถเข้าไปเรียกโปรแกรมได้จาก Applications > Internet
    > Mozilla Thunderbird Mail

























ลองดูกันนะครับ

Free Netsparker® Community Edition. It's a free edition of our False Positive free scanner Netsparker for the community so you can start securing your website now. It's user friendly, fast, smart and as always False Positive Free.

The MalaRIA proxy is a RIA proxy that allows a hacker to surf sites with unrestricted cross domain policies through a victims browser exploiting the user's logged in session:
http://erlend.oftedal.no/blog/?blogid...

เอาหนังสือของ Python มาฝาก ครับ

1. A Byte of Python, Version 1.2.0
2. Beginning Python
3. Beginning Python From Novice to Professional (Beginning From Nov
4. Beginning Python (Programmer to Programmer)
5. Dive into Python, Version 5.4
6. Foundations of Python Network Programming
7. Game Programming with Python, Lua, and Ruby
8. How to Think Like a Computer Scientist Learning with Python
9. Jython for Java Programmers
10. Learning Python, Second Edition
11. Making Use of Python
12. Programming Python
13. Programming Python, Third Edition
14. Python 2.1 Bible
15. Python Cookbook, Second Edition
16. Python Developer's Handbook
17. Python How to Program
18. Python in a Nutshell
19. Python in a Nutshell, Second Edition
20. Python Phrasebook
21. Python Programming for the Absolute Beginner
22. Python Programming On Win32 Help for Windows Programmers
23. Python Programming with the Java™ Class Libraries: A Tutorial for Building Web and Enterprise Applications with Jython
24. Python Scripting for Computational Science
25. Python Standard Library
26. Python Tutorial Learning to Program, Version 22 January 2006
27. Python & XML
28. Text Processing in Python

Download

http://hotfile.com/dl/34842518/f4a53b6/python.rar.html

รายชื่อหนังสือ

1. Advanced Perl Programming
2. Building Tag Clouds in Perl and PHP
3. CGI Programming with Perl
4. Learning Perl, Fourth Edition
5. Learning Perl Objects, References, and Modules
6. Mastering Perl
7. Minimal Perl For UNIX and Linux People
8. Perl 6 and Parrot Essentials, Second Edition
9. Perl 6 Essentials
10. Perl by Example (4th Edition) (By Example)
11. Perl Cookbook
12. Perl for Oracle DBAs
13. Perl Hacks Tips & Tools for Programming, Debugging, and Survivin
14. Perl Power! The Comprehensive Guide (Power!)
15. Perl Scripting for IT Security
16. Perl Testing A Developer's Notebook (Developers Notebook)
17. Perl The Complete Reference, Second Edition
18. Practical mod_perl
19. Professional Perl Programming
20. Pro Perl
21. Pro Perl Debugging
22. Sams Teach Yourself Perl in 24 Hours (3rd Edition)
23. Teach Yourself Perl in 21 Days (Sams Teach Yourself)

Download

http://hotfile.com/dl/34648940/5b8cabe/Perl.rar.html

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This second volume adds over 300 new pentesting applications included with BackTrack 2 to the pen tester's toolkit. It includes the latest information on Snort, Nessus, Wireshark, Metasploit, Kismet and all of the other major Open Source platforms.

. Perform Network Reconnaissance
Master the objectives, methodology, and tools of the least understood aspect of a penetration test.
. Demystify Enumeration and Scanning
Identify the purpose and type of the target systems, obtain specific information about the versions of the services that are running on the systems, and list the targets and services.
. Hack Database Services
Understand and identify common database service vulnerabilities, discover database services, attack database authentication mechanisms, analyze the contents of the database, and use the database to obtain access to the host operating system.
. Test Web Servers and Applications
Compromise the Web server due to vulnerabilities on the server daemon itself, its unhardened state, or vulnerabilities within the Web applications.
. Test Wireless Networks and Devices
Understand WLAN vulnerabilities, attack WLAN encryption, master information gathering tools, and deploy exploitation tools.
. Examine Vulnerabilities on Network Routers and Switches
Use Traceroute, Nmap, ike-scan, Cisco Torch, Finger, Nessus, onesixtyone, Hydra, Ettercap, and more to attack your network devices.
. Customize BackTrack 2
Torque BackTrack 2 for your specialized needs through module management, unique hard drive installations, and USB installations.
. Perform Forensic Discovery and Analysis with BackTrack 2
Use BackTrack in the field for forensic analysis, image acquisition, and file carving.
. Build Your Own PenTesting Lab
Everything you need to build your own fully functional attack lab.

Product Details

• Paperback: 592 pages
• Publisher: Syngress (November 30, 2007)
• Language: English
• ISBN-10: 1597492132
• ISBN-13: 978-1597492133
• Product Dimensions: 9 x 7.5 x 1.6 inches
• Shipping Weight: 2.2 pounds

Download
http://hotfile.com/dl/33685442/861c606/Syngress.Penetration.Testers.Open.Source.Toolkit.Volume.2.pdf.html

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader "inside their heads" to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.

* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers

* The book is authored by many of the tool developers themselves

* This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Product Details

• Paperback: 750 pages
• Publisher: Syngress; 1 edition (June 1, 2005)
• Language: English
• ISBN-10: 1597490210
• ISBN-13: 978-1597490214
• Product Dimensions: 8.9 x 7 x 2.1 inches
• Shipping Weight: 2.2 pounds

Download
http://hotfile.com/dl/33668124/1818b39/penetration_tester_s_open_source_toolkit.zip.html

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

Product Details

• Paperback: 350 pages
• Publisher: Syngress (October 2, 2007)
• Language: English
• ISBN-10: 1597490741
• ISBN-13: 978-1597490740
• Product Dimensions: 9.2 x 7.5 x 0.8 inches
• Shipping Weight: 1.2 pounds

Download
http://hotfile.com/dl/33665832/bc6dbf2/metasploit_toolkit_for_penetration_testing_exploit_.zip.html

"This book covers not just the glamorous aspects such as the intrusion act itself, but all of the pitfalls, contracts, clauses, and other gotchas that can occur. The authors have taken their years of trial and error, as well as experience, and documented a previously unknown black art."
--From the Foreword by Simple Nomad, Senior Security Analyst, BindView RAZOR Team

Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information.

Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included.

Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack.

Specific topics covered in this book include:

• Hacking myths
• Potential drawbacks of penetration testing
• Announced versus unannounced testing
• Application-level holes and defenses
• Penetration through the Internet, including zone transfer, sniffing, and port scanning
• War dialing
• Enumerating NT systems to expose security holes
• Social engineering methods
• Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
• The Windows NT Resource kit
• Port scanners and discovery tools
• Sniffers and password crackers
• Web testing tools
• Remote control tools
• Firewalls and intrusion detection systems
• Numerous DoS attacks and tools

Product Details

• Paperback: 544 pages
• Publisher: Addison-Wesley Professional (February 2002)
• Language: English
• ISBN-10: 0201719568
• ISBN-13: 978-0201719567
• Product Dimensions: 9.2 x 7.3 x 1.4 inches
• Shipping Weight: 2.4 pounds

Download
http://hotfile.com/dl/33665711/75094c8/hack_i_t_security_through_penetration_testing.zip.html

A self-respecting Google hacker spends hours trolling the Internet for juicy stuff. Firing off search after search, they thrive on the thrill of finding clean, mean, streamlined queries and get a real rush from sharing those queries and trading screenshots of their findings. I know because I've seen it with my own eyes. As the founder of the Google Hacking Database (GHDB) and the Search engine hacking forums at http://johnny.ihackstuff.com, I am constantly amazed at what the Google hacking community comes up with. It turns out the rumors are true-creative Google searches can reveal medical, financial, proprietary and even classified information. Despite government edicts, regulation and protection acts like HIPPA and the constant barking of security watchdogs, this problem still persists. Stuff still makes it out onto the web, and Google hackers snatch it right up. Protect yourself from Google hackers with this new volume of information.-Johnny Long. Learn Google Searching BasicsExplore Google's Web-based Interface, build Google queries, and work with Google URLs.. Use Advanced Operators to Perform Advanced QueriesCombine advanced operators and learn about colliding operators and bad search-fu.. Learn the Ways of the Google HackerSee how to use caches for anonymity and review directory listings and traversal techniques.. Review Document Grinding and Database DiggingSee the ways to use Google to locate documents and then search within the documents to locate information.. Understand Google's Part in an Information Collection FrameworkLearn the principles of automating searches and the applications of data mining.. Locate Exploits and Finding TargetsLocate exploit code and then vulnerable targets.. See Ten Simple Security SearchesLearn a few searches that give good results just about every time and are good for a security assessment.. Track Down Web ServersLocate and profile web servers, login portals, network hardware and utilities.. See How Bad Guys Troll for DataFind ways to search for usernames, passwords, credit card numbers, social security numbers, and other juicy information.. Hack Google ServicesLearn more about the AJAX Search API, Calendar, Blogger, Blog Search, and more.

Product Details

• Format: Kindle Edition
• File Size: 21253 KB
• Print Length: 448 pages
• Publisher: Syngress; 1 edition (November 2, 2007)
• Sold by: Amazon Digital Services
• Language: English

Download
http://hotfile.com/dl/33665512/f69e12f/google_hacking_for_penetration_testers_volume_2.zip.html