LifeDork

Another Friendster hacking post .. (I’m actually tired of this topic , but since most of the visitors of this blog have asked me a lot about Friendster hacking topics through email , I decided to keep posting on this topic )

Today I just want to share a python script that I found in the wild , It’s called Friendster.com BruteForce . And as You expected , it’s a script to automate the bruteforce attack against Friendster.com ’s login form . That’s How you would break into someone’s Friendster.com account.

The preview of the working script :
Read the rest

This tutorial will show you how to create your own local exploit database , and how how to search through it. The 2 sites that you will use to grab the exploits are milw0rm and packetstorm .

I won’t talk much , just follow the tutorial (brought to you by d3hydr8) :

Read the rest

Let’s face it; most of us will certainly get a hold on a computer a few hours every day. Why? Because almost every aspect in our life computers will also be involved, it’s something that we can’t let go. So don’t be surprised if there are people that spent so many hours sitting in front of a computer and he’s not even working in IT jobs like programmer or a software engineer. Even kids these days are rather spent most of their time in front of a computer, playing games. This kind of habit however could bring side effects to the body, like Carpal Tunnel Syndrome, a syndrome which affect the wrist and could lead to pain.

To minimize the occurrence of the syndrome you could minimize your daily computer usage, but if you can’t then try to create a comfortable environment around the wrist. You could place an adjustable keyboard tray , an easy to reach mouse placement, or any other method to ease the wrist’s hardworking environment, besides it’s nice to have a comfortable environment to work with. We should start caring for our wrist now, or else we can’t write or type anything well while suffering some pain as well which is something I really don’t want to have.

The internet is a huge market indeed; people around the world are connected through the internet, thus opening potential international sales to businesses. Businesses are opening up their mind to broaden their market through the internet, of course for the sake of sales and profits. An online store is mostly the weapon of choice for marketers, but hey.. it’s not just you who are opening up online stores but so do your competitors. In this case there will be so many options for potential customers to see, and most of them will use search engines like Google, Yahoo, or MSN. With the same kind of product you offer, there will be a relatively similar keywords between you and your competitors, but if your website is drowning at the search engine lists (ranked 30++) then you’ll lost a great deal of customers.

What to do then to increase your website rank, or even be the top of the search list? SEO, Search Engine Optimizer is the answer. How do you find those services around? Well, here’s one a San Diego Seo company, Bestrank.com. With their help you could get your website’s rank lifted and gain more traffic while increasing sales as well. So don’t get your business drowned, raise it up with a little help from a Seo specialist.

WireShark , a network protocol analysis tool has turned into its newest version , WireShark 1.0 ! it also includes an experimental Mac OS X package .

The excerpt from linuxhaxor.net :

Wireshark, the most popular network protocol analysis tool has finally turned to version 1.0. This released version is not much different than the previous version 99.8 released in Feb 27. Apart from some cosmetic improvement from the previous version this version includes an experimental Mac OS X package. You can download wire shard 1.0 from here: http://www.wireshark.org/download.html, and for a more complete list of information about this release, read the official release note:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html

This following security advisory was posted to Web App Sec ’s mailing list . It’s about the weaknesses discovered in kses - PHP HTML/XHTML filter , which affects some public cms such as Wordpress, Moodle , Drupal , DokeOS , GeekLog , etc

Here’s the short excerpt about it : (taken from webappsec.org mailing list)

During internal code review performed by Allegro.pl, some weaknesses
were discovered in kses - PHP HTML/XHTML filter. HTML filters using or
based on kses are part of many popular projects, including WordPress,
Moodle, Drupal, eGroupWare, Dokeos, PHP-Nuke, Geeklog and others. Issues
found range from cross-site scripting to code execution, depending on
implementation.

Read the rest

If you are Stuck in a LAN without Internet Connection , but with access to an Email System Only , you can use HosProxy to create  Http proxy over the SMTP Proxy which will allow you to browse to the internet ! In a simpler way , we are going to use the email system as http-proxy to navigate the web !

Here’s the full-summary from edge-security.com :

HoSProxy is made up of two parts:

• HosTunnel: You need an external server (outside LAN) which must be running HoSTunnel (with root privileges to listen on port 25) and which receives and sends emails with encoded and packaged http requests/responses.

• HoSProxy: An internal proxy connected to the web browser, that sends HTTP request trough emails via the company SMTP server, and polls for responses in the company POP/IMAP server.

The configuration file is hosproxy.cfg.

Once HoSProxy is configured, it listens in 8008 port and you only have to connect your web browser to that port and enjoy the web ;).

Download links : Windows version , Linux Version .
Other review on HosProxy : S21sec Blog ’s .

This tool was released in April 1st (hope it’s not an April Fool :p ) , it’s called ProxyStrike . If you’re familiar enough with WebScarab , then you must try ProxyStrike too ! ProxyStrike is designed to scan vulnerabilities while you browse a web application . What’s more about this tool is , it’s a light-weighted tool that doesn’t depend on heavily on JavaScript. Just like WebScarab , StrikeProxy has available Sql Injection and Xss Modules . If you have ever used the sql injection called ‘ Sqlibf ‘ , then you must be satisfied with StrikeProxy ! because it’s powered with the same engine of Sqlibf in its Sql injection module . For the tutorial about how to use ProxyStrike and WebScarab , I’m planning to release it soon on this blog .

Features :
Read the rest