Administrators are keen to patch their web applications when new exploits are fully disclosed.  Not all do this of course, but a good administrator keeps up with closing as many vulnerabilities that can be found in their installed software.  Using web-shells on a target machine is a great way to operate and manipulate the things you need to do.  However, there are some advancements in finding these vulnerabilities.  On a well updated system, the life of a web based shell can be short.

You cannot always rely on the applications vulnerability to keep uploading or including your shell.  If it is patched, you’ve lost your access to that system most of the time.  How can you keep your attack persistence on machine?  How can you try to ensure you will be able to gain access again, if in fact the vulnerability is closed, and your shell, deleted?
Read the rest of this entry »

Hey all you loyal Flyninja readers! As you can see some changes have been made to Flyninja, one is a new theme…which I have a tendency to change from time to time.

I just want to let you know that we will be launching a new forum soon. This will be a free to join forum, no worry about being invited as the last one. Here members will be able to discuss all things hackery, geek, and gaming. Members will also be invited to discuss and get involved in some of the Flyninja projects such as foamy, scatterchat, and a new one that is yet to be announced.

Along with the regular discussion boards, I am planning to implement a VIP section. You all know what kinds of things can be shared in VIP, so I am not going to get into explaining it all. VIP membership will cost a small fee, this fee will be used for all things Flyninja, including cooperative projects with our affiliates.

To prepare for the new forum, I just want to specify some ground rules in the beginning. Let me get to the point.

1. All links to anything (sites, files etc…) other than affiliate sites have to be coded, and not linked.  This will keep us off referral lists…
2. Hot flames will not be tolerated in the main discussion forums, we want to provide a resourceful and helpful community.  Trolls stay out please.  VIP boards flaming will be fine.
3. Be aware that you should search for your questions before asking them.
4. Post to the correct board, and use descriptive thread subjects for readability…We don’t want to see any lame ass 13375p34k on the board…really, your best English is encouraged.
5. Your encouraged to participate in the board, if you do not think you will, don’t sign up.  Inactive accounts will be flushed out after a yet undecided amount of time, unless its a VIP account.

These rules are just a few that come to mind off the bat.  Some may come and go based on their effectiveness and need.

So I recently entered a contest through Envato for a chance to win $3500!!  Thats right!  I am lucky to have become a finalist in the competition!  However, for me to win, which means Flyninja will win, I need all of you to vote for me at the Poll!  It takes 2 seconds, and you would be contributing tons to Flyninja!

So follow this link:http://blog.flashden.net/general/who-should-win-us3500-vote-now/

Vote for the #5 entry name The Final Frontier!!!

Voting for Circuitbomb, meanings getting more from Flyninja in the future! So cast your votes and cross your fingers!

For this How-To, I’m going to show you how to change the top level menu name “Applications” in Ubuntu Jaunty. No-third party installation manager software is going to be used here.  Just some good old CLI hacking.

After doing some research I found that most of the answers to this question were complete bullshit.  From what I found a lot of these resources showed you how to change/add items and menus using the menu editor.

If what I want to achieve could be done with the menu editor, I would have done it with the menu editor.

This tutorial is for those running Ubuntu with GNOME…if your using KDE or any others your out of luck here.  In the default Ubuntu desktop installation the “Applications” menu name is hard coded into the GNOME-Panel.  So basically what we need to do is download the source for GNOME-Panel, hunt down the file that names the top level menu “Applications”, change it, compile the source, and reinstall GNOME-Panel.  Sound Tricky?  It’s not that hard actually.
Read the rest of this entry »

Well after doing some major research the last few days, and successfully changing my Ubuntu 9 (Jaunty) usplash, I thought I would be a kind soul and provide you all with this little tutorial.  First letme explain that this may not work for you, however it is simply a modification of the current usplash.  This will aim to show you how to get started on creating your own usplash customizations.

Usplash works by reading a compiled library much like a .dll in Windows.  These are denoted by the extension .so (shared object).   Usplash has a default theme manager you can interact with called usplash-artwork.so, you will see how to use this later on in the how-to.  It is simple, and no-nonsense.

Here are a couple of resources you may find useful in your learning experience.

http://ubuntuforums.org/showthread.php?t=771410

http://ubuntusatanic.org/forum/comments.php?DiscussionID=21&page=1

http://ubuntuforums.org/showthread.php?t=622018 (note: that I only partially used this as a reference.)

This how-to is going to walk you through building your own custom usplash theme.  It does not use startup manager or any kind of 3rd party usplash manager crap.  I am going to assume you know what your doing at command line a little bit. Read the rest of this entry »

All is fair in love and war – as it would seem.

The so called ‘Security Expert’ or ‘Hacker’ known as Glafkos Charalambous AKA nowayout / nowayin was targeted by the anti-sec group who orchestrated the Astalavista takedown recently.  Want to see it?

http://pastebin.com/m592e1f1c

The anti-sec movement ‘in relation’ to these attacks is spurred by the notions that full disclosure is not good, and that the ligaments holding the real undergound for the last 10 years are being sliced.  The so called whitehats are only motivated by monetary gain as well as notariety by disclosing exploit.

I think I’ll root for the home team.

Keep em coming anti-sec

So during my regular spree of surfing through sites that make my stomach boil, you know the regular speechless shite you can only find within the depths of cyberspace…I came back around the surface to find some very spectacular ASCII and text…

Astalavista(http://www.astalavista.com) has been hacked…

I was mystified after trudging through the page of lovely commands, the black text amongst the white background…

No tears shed here…

heres the full monty =Astalavista.com hacked pastebin

ok i know that that doesnt include the whole file, if you want it, i can send it to you, just until i figure out wtf why i cant add a .txt to my friggin / stoopid technology sometimes….

heres a full tastey pastey – http://pastebin.me/4a28bd2e05340