Finally - Blogger now have added share buttons as standard - Hooray!
Take a look at
this post from Blogger Buzz for all the details. It's really easy to do, go to your dashboard, open up 'design' and go to page layout. You then need to click on edit at the bottom of the section titled blog posts. Scroll down and turn on the sharing option! Easy peasy - thank you blogger!
Please do share this post! Are they working for you?
After a hard day's conferencing, security folks will typically end up in the hotel bar and, with odds often appearing to be in excess of 3:1, the conversation will inevitably encompass a discussion of which internal corporate systems are the most hacked/vulnerable/indefensible.
If the migratory cluster of bar stools and hotel chairs encircling the obligatory way-too-small table contains more than a pair of reformed hackers or pentesters, by listening in you'll end up gaining quite a bit of insight in to why the better hackers are so often successful (and you'll probably also pick up a few tell's for future reference).
While there's much literature and many tutorials to be found that explain the technical aspects of how to successfully compromise corporate defenses, exploit systems and ultimately extract data, there's actually very little "guidance" on which systems should be targeted and why, once you've breached the network. Sure, there's plenty of discussions covering the technical aspects of how to raise privileges (e.g. locating and exploiting the Active Directory server in order to acquire corporate user/admin credentials etc.), but which systems really provide the treasure trove?
Quite a few folks I've been speaking with will initially (and specifically) target the systems used by the corporate security teams. These systems are important for a couple of reasons; 1) internal security folks often have good access to a wide range of other systems that may be valuable and 2) By keeping an eye on the "watchers" you'll know when you're close to being caught and can stay a couple steps ahead. Personally, I think it's a ballsy move if you can pull it off - but it's not something I'd throw in as a priority. There are a lot of inherent risks in trying to tackle systems maintained and watched by the professionally paranoid - so it may be more prudent to gather better intel first.
Another primary target for some folks is to go after the obvious corporate data repositories - the backend databases, business intelligence systems and storage facilities. This mode of attack I'd associate much more with the quick "get in and get out of dodge as fast as you can" - maximizing the potential reward by sacrificing (IMHO) a fair degree of stealthiness and persistence. If typically works very well - and is an ideal tactic for "compelling result" penetration testing or hackers looking for rapidly monetizable data.
A tactic that I've always preferred (dependent upon the specific objectives of the pentest of course) is to initially locate and target the QA systems. For the folks that target the corporate secuity systems or go after the official data repositories, going after the QA systems sounds not only unexciting but also like a complete and utter waste of time. But hear me out first. QA systems really are a veritable treasure trove of corporate data. Consider the following:
- Like a smelly hobo camped outside a high-street McDonalds, both security analysts and helpdesk alike tend to keep their distance from (what are typically) "unmanaged" QA systems.
- QA systems often contain complete copies of the high-value corporate data so that development teams and QA/Testing personnel can actually test the applications correctly. You'll often also note that the more "valuable" a particular suite of data, application or business process is, the higher the probability that the QA copies of the data will in fact be real-time mirror images of live data.
- Nobody ever "owns" the QA systems. They're always the last systems to get patched (if ever) and access controls typically hover between poor and non-existent.
- When was the last time anyone bothered to look at the audit logs? With so many ad-hoc system use, trials and testing, it's a nightmare from both a detection and forensics perspective. QA systems are an ideal place to recon an enterprise network from and retain a persistent toe-hold within the organization.
- QA systems typically have "temporary" access to to all the core business systems and data repositories within a corporate network. By "temporary" I mean in theory if you listen to the server administrators - in practice they can be considered permanent gateways.
- Testing systems are typically littered with copies of entire development source code trees - making it a piece of cake to acquire the latest business logic, intellectual property or hard-coded/embedded passwords to other critical systems within the corporate entity.
Sure, there's plenty of other opportunistic systems to go after within a target's organization once they've been breached, but with all other factors being equal, there are certain tactical tell's that can be readily associated with the types of hackers and pentesters out there (the previous three just being examples I heard/discussed repeatedly over the last couple of weeks).
The primary objectives and "styles" of the hackers/pentesters reminds me a little of those old Western gold-rush films. Rounding up the Sheriff and his deputies and locking them up in their own jail before robbing the bank is a little analogous to going after the security folks/systems. Meanwhile the priority targeting of the corporate data repositories reminds me of a stagecoach robbery - the pounding of hooves and guns blazing. Yet going after the QA systems reminds me of a movie in which the villains dig up the ground under the saloon and casino - hoovering up all the gold dust that patrons had lost over the years through the cracks in the floorboards.
Grab a beer with a friendly hacker or pentester and ask them how they'd earn their gold.
TuxCut, sebuah aplikasi yang dapat digunakan untuk memotong akses internet pada hotspot, atau sebuah PC LAN workgroup dari client ke server atau sebaliknya dengan memanfaatkan protokol ARP. Program ini dipergunakan oleh pengguna jaringan yang jail dan ingin mengambil jatah bandwith untuk dipakai sendiri. Tuxcut di buat dari bahasa PyQt, untuk lebih jelasnya bisa langsung mengunjungi situs resminya di http://bitbucket.org/a_atalla/tuxcut/src/
Di dalam Tuxcut sudah di bundel fitur buat memproteksi kita agar koneksi internet kita tidak bisa dicut atau di potong oleh user lain. Selain itu, ada fitur buat mac scanning dan mac changer-nya juga. Sebaliknya untuk Netcut, agar kita terproteksi dari user jail yang memakai Netcut, kita harus menginstall program lagi yakni AntiNetcut (meski netcut selalu lebih maju dari anti netcut).
Untuk cara penginstalannya, disini saya menggunakan sistem operasi berbasis Ubuntu linux.
1. Download TuxCut, karena kita mau menginstall di kubuntu, kita download debian package di http://bitbucket.org/a_atalla/tuxcut/downloads/TuxCut-3.2_all.deb
2. Sebelum menginstall TuxCut, kita perlu menginstall arp-scan arp-tables dan dsniff (membutuhkan koneksi internet agar kebih mudah dalam proses installnya)
a. Install arp-scan dengan perintah
$ sudo apt-get arp-scan
b. Install dsniff dengan perintah
$ sudo apt-get install dsniff
c. Install arptables, download versi arptables terbaru di http://sourceforge.net/projects/ebtables/files/arptables/
tar zxf arptables-v0.0.3-3.tar.gz
cd arptables-v0.0.3-3
make && make install
3.Install TuxCut dengan perintah
$ sudo dpkg -i TuxCut-3.2_all.deb
*jika masih terdapat error karena library yang masih kurang, bisa dicoba command berikut: apt-get install -f
Berikut ini screenshoot dari TuxCut yang berhasil di install di Ubuntu 9.10 :
Sudah pada punya web shell blm??? Pasti udah :D
sekedar berbagi beberapa command yang bisa dijalankan pada web shell
cat ./../mainfile.php = Config file.
ls -la = Lists directory's.
ifconfig {eth0 etc} = Ipconfig equiv.
ps aux - Show running proccess's.
gcc in_file -o out_file - Compile c file.
cat /etc/passwd - List's accounts.
sudo - Superuser Do run a command as root provided you have perms
in /etc/sudoers.
id - Tells you what user your logged in as.
which wget curl w3m lynx - Check's to see what downloaders are
present.
uname -r - Shows all release info (or) cat /etc/release.
uname -a - Shows all kernal info (or) cat /etc/issue
last -30 - Last logged 30 ip's can change to desired number.
useradd - Create new user account.
usermod - Modify user account.
w - See who is currently logged on.
locate password.txt - Locates password.txt in current dur can use *.
rm -rf / - Please be carefull with this command, i cannot stress this
enough.
arp -a - Lists other machines are on the same subnet.
lsattr -va - ls file attributes on linux second extended file system
find / -type f -perm -04000 -ls - Finds suid files.
find . -type f -perm -04000 -ls - Finds suid files in current dir.
find / -type f -perm -02000 -ls - Finds all sgid files.
find / -perm -2 -ls - Finds all writable files and folders.
find . -perm -2 -ls - Finds all writable files and folders in current dir.
find / -type f -name .bash_history - Finds bash history.
netstat -an | grep -i listen - shows open ports.
cut -d: -f1,2,3 /etc/passwd | grep :: - From memory creates a user
with no pass.
find /etc/ -type f -perm -o+w 2> /dev/null - Write in /etc/passwd?.
cat /proc/version /proc/cpuinfo - Cpu info.
locate gcc- Finds gcc if installed.
set - Display system variables.
echo $path- Echo current path.
lsmod- Dumps kernal modules.
mount/df- Check mounted file system.
rpm -qa- Check patch level for RedHat 7.0.
dmesg- Check hardware ino.
cat /etc/syslog.conf - Log file.
uptime - Uptime check.
cat /proc/meminfo - Memory check.
find / -type f -perm -4 -print 2> /dev/null- Find readble files.
find / -type f -perm -2 -print 2> /dev/null - Find writable files.
chmod ### $folder - Chmod folder.
ls -l -b - Verbosly list directory's
Silahkan ditambahkan sendiri ^:)^
Use facebook tagging to promote your blog
On one of my missions to promote the
Folksy blog and
facebook page I realised that people weren't using the @ symbol enough to promote their online shops with facebook. I posted about it in the Folksy forums but I thought I'd share it here too as it can equally be used for promoting blog posts aswell! If you're already wondering what I'm talking about do read on, this is such a simple tool for spreading the word about your online shops and also your blog!
The update you can see from 'Hilary Haptree' was written on my profile page but by adding an @ tag I was able to post it directly to craft blog uk's facebook fan page wall. Click the image if you want to see it more closely - you will also see a little tag symbol which shows readers you have used a facebook tag to post on this wall.
This is so useful for sharing your blogs and online shops - there are so many places on facebook that welcome links that are relevant to their page.
How to Tag on facebook!
All you do is type the @symbol and wait for a box to appear, type the first few letters of the page you want to tag and then click on it. You now have a hypertext link to the page as well as having automatically posted to the wall of that page, profile or even event. So with one symbol you have reached potentially hundreds of new people!
Try to remember to use the @craftbloguk tag when posting your blog links on facebook, so they automatically zap onto the CBuk facebook wall - I'd love the visitors to CBuk to see all of your brand new blog posts! All updates posted on the CBuk wall are also seen by my blog visitors as I have a large facebook stream below my posts.
If you have found this post useful please share it! Click the twitter bird to send out a tweet now!
Extra pages or welcome pages are a great way of adding more interest to your facebook fan page - it's really simple to do and you can use it to bring more visitors to your blog or online shop.
I'm going to take you through the pages I have added to my
Craft Blog UK fan page and then after that I'll show you how easily you can add your own, step by step!
Welcome Page
This is my 'landing' page - you can change your landing page in 'wall settings'. - just click 'edit page' right beneath the profile picture to find it.
A landing page should tell the viewer everything they need to know very quickly - masses of text is a turn off to most facebook users. Think about what a visitor will want to know when they visit - "what is this site about?" and "where do I click?". Ideally you want the visitor to become a fan before clicking away, you need to give them a great looking landing page full of interest to encourage them to explore and ultimately 'like' your page.
(There was talk of the option of having a landing page for businesses under 10K fans being removed - read this article it appears facebook have changed their mind after an uproar from small businesses)Next I added a page from my blog - for me this was my ''blogging tips' page. Not only will all of the links take readers directly to my blog, but they should feel pleased to have discovered this mine of information and hopefully remember to 'like' my page. Obviously not everyone has tutorials on there craft blog, you could create a page with your top 10 blog posts, a gallery page or a more in depth about me page.
Contact Finally I added a 'contact' page. I have called mine 'your blog' purely becuase the purpose of my facebook page is to encourage bloggers to submit their blogs in order for me to build up this site. But you may want to call it 'contact' or 'get in touch'. You can add your twitter, email address and any other ways that a reader may want to interact with you.
How to add pages to your facebook fan page:
- First you will need to visit the Static FBML application page and click 'add to my page' and follow the instructions they give. You can add pages as boxes or tabs.
"Add advanced functionality to your Page using the Facebook Static FBML application. This application will add a box to your Page in which you can render HTML or FBML (Facebook Markup Language) for enhanced Page customisation."- To actually edit the pages you need to click 'Edit my page' found just beneath your pages profile image. Then scan down the list until you find all of the applications - the new static fbml will be located in there. Open it up by clicking on 'Edit'
- You will see a box at the top where you can change the name of the page and a large blank space to add your code and at the bottom the options for adding more boxes.
- You're probably thinking that's great but I don't know how to write in code! You may not but your blog does. Open up a new post in your blog and write a simple page, click on 'Edit html' and then copy and paste the code into the facebook page.
- Blogger uses slightly different code to facebook pages which are in 'fbml' not 'html' so you may find it's not exactly the same. But for basic text and images it works well. Let me know if you have problems and I'll see if I can help you sort it out.
- Once you have saved your new page you need to add it as a tab - head to your page and click on the plus symbol to add a new tab. When you have clicked on the new page (which should be there now) you can position the tabs by dragging them. Only 5 or so will show up - you can use the arrow keys tab to find the rest which can also be dragged into your required position. Wall and Info tabs are fixed in position.
I hope this post has been useful - if I find any updates, for example FBML 'wysiwyg' editors I'll add an update! (tell me if you find one first!!!) I'd love to know if you have had success with adding pages to your facebook fan page - I think it's a great way of connecting your page with your blog or online craft business!
Don't forget to become a
fan of my page if you have enjoyed my tutorial!
After a hard day's conferencing, security folks will typically end up in the hotel bar and, with odds often appearing to be in excess of 3:1, the conversation will inevitably encompass a discussion of which internal corporate systems are the most hacked/vulnerable/indefensible.
TuxCut, sebuah aplikasi yang dapat digunakan untuk memotong akses internet pada hotspot, atau sebuah PC LAN workgroup dari client ke server atau sebaliknya dengan memanfaatkan protokol ARP. Program ini dipergunakan oleh pengguna jaringan yang jail dan ingin mengambil jatah bandwith untuk dipakai sendiri. Tuxcut di buat dari bahasa PyQt, untuk lebih jelasnya bisa langsung mengunjungi situs resminya di http://bitbucket.org/a_atalla/tuxcut/src/
Akhirnya semua terjadi juga
