To bring the support for official iOS4 on Iphone 3GS,3G and iPod touch , you have to Jailbreak using PwnageTool 4.01 which has been released by the iPhone Dev Team. This article whill show you how to use PwnageTool 4.01 to Jailbreak iOS4 iPhone 3GS, iPhone 3G and iPod touch. And please watch the video on how to jailbreak iOS4 iPhone in this article.

Brief review from iphoneappsplanet:

PwnageTool 4.01 has been released by the iPhone Dev Team, bringing support for the official iOS 4 on iPhone 3GS, iPhone 3G, and iPod Touch 2G. First check out whether your iPhone or iPod Touch is supported by PwnageTool 4.01 before you go ahead with the jailbreak.

By creating custom IPSW files, PwnageTool allows you to update to iOS 4 without updating the baseband. This Here are the steps to jailbreak iOS 4 iPhone 3GS, 3G, or iPod Touch 2G using PwnageTool 4.01:

1. Download the latest version of iTunes, iOS 4 IPSW file for your device, and PwnageTool 4.01 (all download links at bottom).

2. Launch PwnageTool and choose your device (iPhone 3GS/3G, or iPod Touch 2G), and click the next (arrow) button. Make sure you are using the simple mode, if you are not an advanced user.

pwnagetool-4.01-jailbreak-iphone-3gs-3g-ipod-touch-2g

3. In the next step, browse and select the correct IPSW file for your device. Click next to continue.

4. When asked whether you have an iPhone contract that would activate normally through iTunes, click No and continue. Click Yes, if you are do not want to unlock your iPhone.

5. PwnageTool will now build the custom IPSW firmware file that will be used to restore your iPhone.

building-ipsw-pwnagetool-4.01-jailbreak-ios-4

6. After the custom IPSW file has been created, you should see a ‘ihaz Success!’ message. Now you should restore your device to this firmware by clicking the ‘Restore’ button in iTunes while holding down the ALT button. Browse and select the custom IPSW cooked by PwnageTool and let iTunes restore your iPhone to this firmware.

That’s it. After the installation, your iPhone reboots, and you should now have a fully jailbroken iOS 4 on iPhone 3GS (3G).

Video:

To get the brief preview, just watch the video here :

Here’s the short excerpt from the inside of the whitepaper :

“Blind SQL injection: are your web applications vulnerable?”

Learn the techniques that can be used to take advantage of a Web application that is vulnerable to Blind SQL Injection, and to make clear the correct mechanisms that should be put in place to protect against Blind SQL Injection and similar input validation problems.

SQL injection occurs when an application does not properly validate user-supplied input and then includes that input as part of a SQL statement. SQL injection largely depends on an attacker discovering and verifying portions of the original SQL query, using information from error messages. However, web applications can still be vulnerable to blind SQL injection attacks even with no error messages or when they only reveal generic information.

Before you read the whitepaper , you’re required to do an easy subscription but I promise it won’t bother you at all. So what are you waiting for ? Get the Hewlett-Packard Blind SQL INJECTION Whitepaper for FREE by clicking this link ! lolz

OK I could not resist to post this.

I played around with PhpMyAdmin a moment ago, and I never gave it much thought since it bores me too quickly. But this is kind of interesting. I have two different instances of PhpMyAdmin running for testing purposes. it is interesting to see that almost nobody understand CSRF and it’s capabilities including those PhpMyAdmin developers. I mean this stuff is hilarious, first of when you sign-in to PhpMyAdmin it looks like it sets a token because it says:

foo.php?token=md5thingy

secure right?

Well, I am not sure what they are doing there, but removing the token doesn’t make any difference. it just continues to work. So I emptied the cookie, well to no avail I am still logged into it. This means it uses a plain PHP session, this way it’s vulnerable to CSRF and I can do anything at will if someone visits my special webpage and is still logged into PhpMyAdmin.

But of course, it gets worse.

How about truncating a table, or just drop a table through CSRF? it only requires the victim to be logged into his PhpMyadmin or still sits in the 24 minute PHP session timezone. We can craft a special page that submits itself in an Iframe. But the most shocking thing is that PhpMyAdmin sets the query to truncate a table inside a form field. This is done this way:

Ugh.

So this means I can add anything I like there? of course we can:

Since a standard PHP session usually last 24 minutes, attackers can hack anyone even after you close your PhpMyAdmin session. Much more is possible, and probably very fancy stuff. Yes, you need to know the table name in order to pull this off, but how about making 200 hidden Iframes in our victim page that guesses the table names? or just reload the Iframe with different table names for about 5 minutes if you do not know the table name? I am sure that one will be the right one! and I would not be surprised if you could use GET also

Now Leetupload.com has a ‘bigger’ thing to fulfill your thirsty mind of Security Tutorials , yes , Leetupload.com proudly presents the publication of a new book , which is written by Leetupload.com’s founder , entitled “No Root For You : A Series of Tutorials , Rants and Raves , and Other Random Nuances Therein” !

The book itself contains a lot of informations which cover network auditing method , and a step-by-step tutorial guide explaining how one would go about auditing , securing , and learning how certain exploits work , and many more. Below you will find a copy of the exact table of contents :

Spoon-fed Hacking Series

How to Crack WEP 21

Romancing the Victim 34

Gas Lighting is Always a Good Thrill 40

Wireless

Campus Warwalking 45

Applications

Useful Software 55

Operating System

Installing OSX Tiger and Ubuntu onto a PC 60

Installing OSX Leopard onto a PC 83

Art of Spoofing

Technical Practical Jokes are a Real Hoot 105

I Send Your E-mail 113

PHP Exploitation

Remote and Local File Inclusion Explained 120

Miscellaneous Exploitation Methods

Compilation of Exploitation Random ?Goodies 144

Windows Hacking

NetBIOS Hacking 175

Cracking

MD5 181

Live by Example

Real-Life Social Engineering 184

Hypothetical Scenario � Real-Life Exploitation 198

Code Injection

Cross-Site Scripting (XSS) 213

SQL Injection 226

XPATH Injection 239

CRLF Injection 244

Cross Site Request Forgery Injection 252

Two-Faced Programs

Honey Pots 259

Cracking: Part 2

Brute Forcing 264

WPA Cracking 268

Compiling

Compiling Exploits � Windows Style 272

Writing Exploits 276

Bluetooth

Bluetooth Hacking 288

Gotchya!

How Not to Get Caught 297

The book will be available between mid to late June . So keep yourself visiting Leetupload.com for updates!

I won’t talk much , just follow the tutorial (brought to you by d3hydr8) :

How to build a local exploit database.

by d3hydr8 > www.darkc0de.com

Date: 03/07/08

In this tutorial I will show you several tools to create
your own local exploit database and how to search through
it. The 2 sites we will be using to gather exploits are
milw0rm and packetstorm. Well, first lets discuss why you
would need a local exploit database. Any answers? Here’s mine,
because I can…

There are 3 scripts we will be using to create our database.
The first thing you need to deside is where you want your
exploits stored. Each script has a HOME_DIR option that needs
to be filled out according to your location (unless you like
/home/d3hydr8).

The first script will extract all exploits from packetstorm
from 2000-previous year. First, it will do a time check to
make sure the last year in the YEARS list is the previous year.

Years list:
YEARS = ["00","01","02","03","04","05","06","07"]

This is the first time I have used raw_input in one of my
scripts. It will show you the last year in the list and
the current year. Then ask you if this is correct. Like
shown below:

d3hydr8@linuxbox:~> python packext.py

[+] Checking Years

Last year: 07 Current Year: 08

Is this correct? Yes or No

Here is the c0de and a link:

http://www.darkc0de.com/misc/packext.py

#!/usr/bin/python
#This script will extract all exploits
#from packetstorm from 2000-previous year.

#http://darkc0de.com
#d3hydr8[at]gmail[dot]com

import urllib, tarfile, os, sys, time

HOME_DIR = “/home/d3hydr8/”
YEARS = ["00","01","02","03","04","05","06","07"]

#Time check
now = time.strftime(“%Y”, time.localtime())[2:]
print “\n[+] Checking Years\n”
if now == YEARS[-1]:
print “[!] The last year in YEARS cannot be the present year.\n”
sys.exit(1)
else:
print “Last year:”,YEARS[-1],”Current Year:”,now
resp = raw_input(“\nIs this correct? Yes or No “).lower()
if resp == “no”:
print “\n[!] Modify YEARS list correctly.\n”
sys.exit(1)
elif resp == “yes”:
print “\n[+] Starting extraction”
else:
print “\nHUH?\n”
sys.exit(1)

#Make sure HOME_DIR ends with a “/”
if HOME_DIR[-1] != “/”:
HOME_DIR = HOME_DIR+”/”
print “[+] Dir:”,HOME_DIR,”\n”

#Extraction process
for year in YEARS:
print “Start: 20″+year
try:
os.chdir(HOME_DIR+year+”-exploits”)
except(OSError):
os.mkdir(HOME_DIR+year+”-exploits”)
os.chdir(HOME_DIR+year+”-exploits”)
page = “http://packetstormsecurity.org/”+year+”12-exploits/20″+year+”-exploits.tgz”
urllib.urlretrieve(page, “20″+year+”-exploits.tgz”)

tar = tarfile.open(“20″+year+”-exploits.tgz”)
tar.extractall()
tar.close()

os.remove(“20″+year+”-exploits.tgz”)
print “Done: 20″+year

print “\n[++] Operation Complete\n”

Here is what you should see when your done:

d3hydr8@linuxbox:~> python packext.py

[+] Checking Years

Last year: 07 Current Year: 08

Is this correct? Yes or No Yes

[+] Starting extraction
[+] Dir: /home/d3hydr8/exploits/

Start: 2000
Done: 2000
Start: 2001
Done: 2001
Start: 2002
Done: 2002
Start: 2003
Done: 2003
Start: 2004
Done: 2004
Start: 2005
Done: 2005
Start: 2006
Done: 2006
Start: 2007
Done: 2007

[++] Operation Complete

Now that we have all of the exploits from packetstorm through the
previous year. Lets use milw0rm to get an archive of remote ports
and platforms.

http://www.darkc0de.com/misc/milarchive.py

#!/usr/bin/python
#Extracts exploit archive for remote
#ports and platforms from milw0rm.

import urllib, tarfile, os

HOME_DIR = “/home/d3hydr8/”

#Make sure HOME_DIR ends with a “/”
if HOME_DIR[-1] != “/”:
HOME_DIR = HOME_DIR+”/”
print “\n[+] Dir:”,HOME_DIR,”\n”

try:
os.chdir(HOME_DIR)
except(OSError):
os.mkdir(HOME_DIR)
os.chdir(HOME_DIR)
print “[!] Downloading file…”
page = “http://www.milw0rm.com/sploits/milw0rm.tar.bz2″
urllib.urlretrieve(page, “milw0rm.tar.bz2″)
print “[!] Extracting files…”
tar = tarfile.open(“milw0rm.tar.bz2″)
tar.extractall()
tar.close()
os.remove(“milw0rm.tar.bz2″)
print “\n[!] Operation Complete\n”

#Or
#wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
#tar -xjvf milw0rm.tar.bz2
#rm milw0rm.tar.bz2
#:)

Output:

What this does is create a milw0rm folder with the
directories platforms and rports.

d3hydr8@linuxbox:~> python milarchive.py

[+] Dir: /home/d3hydr8/exploits/

[!] Downloading file…
[!] Extracting files…

[!] Operation Complete

So, now we have packetstorm, remote port and platforms
but what about webapp exploits? The script below will
help you collect all the webapp exploits from milw0rm.
It will go page by page collecting 30 exploits at a
time and write them to your HOME_DIR+/milw0rm/. The script will
finish when it gets a xplt list length of zero 3x.

Becareful with this tool, set your times accordingly. Milw0rm
does have a DDOS protection with automatic ip blocking.

http://www.darkc0de.com/misc/milwebappext.py

#!/usr/bin/python
#Attempts to collect all webapp
#exploits from milw0rms DB.

import urllib2, time, os, re, urllib

HOME_DIR = “/home/d3hydr8/exploits”
site = “http://www.milw0rm.com/webapps.php?start=”
#Time to wait between page loads (in secs)
TIME = “3″

#Make sure HOME_DIR ends with a “/”
if HOME_DIR[-1] != “/”:
HOME_DIR = HOME_DIR+”/”
print “\n[+] Dir:”,HOME_DIR,”\n”
HOME_DIR = HOME_DIR+”milw0rm/”

try:
os.chdir(HOME_DIR)
except(OSError):
os.mkdir(HOME_DIR)
os.chdir(HOME_DIR)

start = 0
error = 0
while error != 3:
try:
time.sleep(int(TIME))
print “[+] Page:”,start
source = urllib2.urlopen(site+str(start), “80″).read()
xplts = re.findall(“href=\”/exploits/\d+”,source)
print “[+] Exploits Found:”,len(xplts)
except(urllib2.URLError):
xplt = []
pass
for xplt in xplts:
time.sleep(0.5)
xplt = xplt.replace(“href=\”",”")
urllib.urlretrieve(“http://www.milw0rm.com”+xplt, HOME_DIR+xplt.rsplit(“/”,1)[1])
if len(xplt) == 0:
error +=1
start +=30
print “\n[!] Operation Complete\n”

Looking more closely at that c0de I’m guessing
you might be able to just change some site info
like exploits >> papers and collect all papers
(or whatever else).

This next script is just a utility for searching
for exploits from the command line from milw0rm.

http://www.darkc0de.com/misc/milsearch.py

#!/usr/bin/python
#Milw0rm exploits search tool.

import urllib2, re, sys

if len(sys.argv) != 2:
print “\nUsage: ./milsearch.py [search]“
print “Ex: ./milsearch.py phpmyadmin\n”
sys.exit(1)

site = “http://www.milw0rm.com/search.php?dong=”

try:
source = urllib2.urlopen(site+sys.argv[1], “80″).read()
xplts = re.findall(“href=\”/exploits/\d+”,source)
print “\n[+] Results Found:”,len(xplts),”\n”
except(urllib2.URLError):
xplts = []
pass
if len(xplts) >=1:
for xplt in xplts:
xplt = xplt.replace(“href=\”",”")
print “http://milw0rm.com”+xplt
else:
print “\nNo Results Found\n”

Output:

Now your thinking, “Ok, I have a database of exploits
but how would I keep it up to date?”. The script
below will help with this task. It will check milw0rm
for new exploits and download them to your HOME_DIR
if found. The default time is set to check every 5
minutes.

http://www.darkc0de.com/misc/milupdate.py

#!/usr/bin/python
#Checks milw0rm.com for exploit updates.

import urllib2, time, os, re, urllib

HOME_DIR = “/home/d3hydr8/exploits”
site = “http://www.milw0rm.com/”
#Time to wait for update checks (in secs)
TIME = “300″

#Make sure HOME_DIR ends with a “/”
if HOME_DIR[-1] != “/”:
HOME_DIR = HOME_DIR+”/”
print “\n[+] Dir:”,HOME_DIR,”\n”
HOME_DIR = HOME_DIR+”milw0rm/”

try:
os.chdir(HOME_DIR)
except(OSError):
os.mkdir(HOME_DIR)
os.chdir(HOME_DIR)

done = []
while 1:
time.sleep(int(TIME))
try:
source = urllib2.urlopen(site, “80″).readlines()
for line in source:
if re.search(“class=\”style15″, line):
xplts = re.findall(“href=\”/exploits/\d+”, line)
except(urllib2.URLError):
xplts = []
pass
if len(xplts) >=1:
for xplt in xplts:
if xplt not in done:
done.append(xplt)
xplt = xplt.replace(“href=\”",”")
print “[+] Adding: http://www.milw0rm.com”+xplt
urllib.urlretrieve(“http://www.milw0rm.com”+xplt, HOME_DIR+xplt.rsplit(“/”,1)[1])
print “[+] Collected:”,len(done),”exploits\n”

If you haven’t found an online module to search
through your exploits and bought the domain “exploits4fun.com”
there are a couple ways to search them. The first is use your
GUI search utilty that comes with your os. If using KDE’s
Find Files/Folders just change your Name/Location to your
HOME_DIR and use the Contents tab to do the rest.

Or just use your find cmd. I hope this tutorial and tools
were fun. I realize this stuff is pretty much useless when
you could just visit the sites but I had fun writing it. And
remember, because I can…

Screenshot :

More reviews about xeeber.com , can be read on Mark’s blog , baghy’s , technotrail’s , and here.

ok here is the step :

what will you need in this tutorial: Firefox or Internet Explorer, Orbit Downloader, (optional) Rapidleech

1.Download and install Orbit Downloader, yes we’re gonna use this lightweight freeware download manager

2.Open Orbit, open “Grab++” under “tools” menu

3.Open Firefox or IE, Go to the MySpace site that you want to download the music from ex: http://www.myspace.com/djiwalangkadji (nice band anyway)

4.Let say you want to download “Engga Gaul” song from that myspace page, just click on that song and when it start playing you will notice something like this in Grab++

5.Dont stop the Myspace Player, Click the check button on the Grab++, and then click download

yes, you are downloading restricted mp3

additional tips: you can also use your own Rapidleech to make downloading faster

After clicking download on Step 5 Copy the Mp3 url from orbit and paste it to your rapidleech

thats it!

*This article is originally written by a geek named Iyok , the webmaster of Deadmediafm (Indonesian Online Independent Music Podcasting) .

All the things you need to solve this problem is , RapidLeech. Here are some example cases that ever happened to me :

1. I found Southpark (the movie) ’s rapidshare download links , which are separated by 7 parts of rar files.
2. I knew it’s impossible to do direct download to those 7 files in the same time.
3. Then i realized that all i have to do is to find 7 different servers(different ip addresses) that host RapidLeech script inside each of them. Those 7 RapidLeechers will be used to fetch the rapidhare files , before i download them to my real local box.
4. Schema : RAPIDSHARE LINKS <-> RAPIDLEECHERS <-> LOCAL MACHINE.

But , how the hell i could find those 7 rapidleechers in a fast way ? the answer is “Google Dork” man! This is a dork to find RapidLeech on google :

allintext: “Credits to Pramode & Checkmate”

examples results :

http://www.coiphimle.com/mrdie/zoom/index.php?act=files http://www.persianbyte.com/navidi/newdl/index.php

http://www.b0red.com/rapid/index.php?act=files

http://cfo.com.vn/RapidLeech/index.php

http://rs.allayth.com/rsdown/

http://f4vn.net/Forum/rapid/index.php

http://www.mastimag.com/files3/index.php

http://1dayofkami.org/canhac/rapid/

http://www.freebsd.sd/rapidleech/

http://samhee.com.vn/rap/index.php?act=files

http://samhee.com.vn/rap/

http://bemakhoe.com/rapid/index.php?act=files

http://www.dl4002.co.uk/test/

http://karname.4000webs.com/

http://rapiddown.org/

http://miaza20.com/

http://miaza20.com/index.php?act=files

http://www.thientan.net/minhkhue/index.php

http://alwa7dah.com/rapidleech/index.php

http://www.kafrawyhost.com/rl/index.php

http://f4vn.net/Forum/rapid/index.php

http://www.def.net.au/rsl/

http://rs.allayth.com/rsdown/

http://www.it-syria.com/rapid/

http://oxamj.com/rapidasv/index.php

http://canhac.cc/rapid/index.php

http://rapid.mms-community.com/index.php?act=files

http://www.thanhniensonla.com/rapidshare/index.php

http://omgwtfbbq.biz/rap/index.php

That’s all. But it’s only one of many google dorking tricks to find RapidLeechers , just be as creative as you can. Remember , that all the RapidLeech you’ll find on google are not Private (other people might have been using them) ,and it’ll require you to wait for minutes too. Just try hard to find the Private Ones!