Please let's drop this so we don't derail any further.

@centrex, do you have a lab in Lagos? Does it open on weekends? I'd like to visit

@just thinking, not anymore . .BTW you working on those vuln ISO images yet?

It is google map. .

An iframe was actually being embedded on that page.

The original url is http://www.population.gov.ng/images/npc_map2.html

Nice

centrex: @ Slyr0x we are ethical hacker at same time we are not seeking attention, if you are conversant with OPVAS, you see a whole lot of cyber security company reporting on the latest vulnerability with proof of concept, is a standard procedure, our hackers did not mention any way black hat could get access to the portal, and mind you before any site is been hacked today in Nigeria, we @ centrexlab notify the web-developer and system administrator via email or phone call for free, so if you spot out vulnerability i urge you to write to the authority at the end of the day if classified data are being leak it still you that will be the first to tweet these news.... as mention slyr0x we are only rounding off our cyber security campaign and all these relevant issue are being discussed by stake holders..... and better ways are being set aside for robust and secure system....

You've still not gotten my point.

My point is this : the moment you spot a vulnerable website/web app, the best next thing to do is to inform the company involved privately and explain to them (1) The Entry Point (2) For the less tech-savvy ones, you also need to highlight the implications of the existence of such vulnerabilities and why they should fix them ASAP. .

You crossed the "ethical line" the moment you came to post publicly that a certain vuln exist on son.gov.ng . .

Apart from attention seeking, what do you hope to achieve by publishing this hack publicly? How does this differentiate a supposed reputable company like yours from the Naijacyberhactivists?

I've had cases where it was possible to break into a bank. .at the database-level. .Do I now post publicly on a forum 'cos it's an high-profile attack? To what end? What would I achieve except attention-seeking as well as inviting other would-be hackers to the platform? With the kind of knowledge we have, sooooo much power has been placed in our hands. .We have to use responsibly.


BTW, do you have a lab in Lagos? Does it open on weekends? I'd like to visit

^^^

Are you guys really ethical hackers or Blackhats seeking attention?

If you are the former, you would realise a term such as "Responsible Disclosure" exist. .

Is it not ironic that the same "supposed researcher" who "declined to speak on the attack method due to public abuse" still came on a public fora like Nairaland to disclose that a certain vulnerability does exist on son.gov.ng ??

You unwittingly just made son.gov.ng a public target and whoever visits this thread with malicious intents would definitely want to have a go at it. .

Come on. .

How To Make A First Class Or Distinction In School

1.) For the serious guys/girls - Cram as hard as you can and pour everything on exam day. This technique is popularly known as La Cram La Pour

2.) For the Unserious guys - Settle your way through. .15k per course

3.) For the Unserious babes - Bleep your way through. .


Sadly, this is what our Universities have turned to

. .what is the issue?

When football agent Jorge Mendes earlier this week, insisted that his client Cristiano Ronaldo is better than Brazilian winger Neymar Jnr and more Complete than Argentine maestro Lionel Messi, both of Barcelona, many people raised their eyebrows; maintaining that his stance is biased.

However, before we make our conclusions, I want us to take an in depth look at the 28-year-old Portuguese. After this, you can draw whatever comparison u like, but I believe one thing cannot be argued; and that is FACT!!!

In 2003, Cristiano dos Santos Aviero Ronaldo arrived Old Trafford as a teenager, but at that young age, the winger had already racked up 31 appearances and five goals for his boyhood club; Sporting Lisbon. The boy actually became a man at Manchester United.

After six seasons at the theatre of dreams, Ronaldo endeared himself into the hearts of fans with his direct play, dribbles and goals making him a cult hero at the club. Ronaldo won 11 major honours with the Red Devils and scored a total of 118 goals in 292 games for the Premier League champions.

In 2008, he became the first player (and only, so far) from the EPL to be crowned the best player in the world by FIFA, after guiding the then Ferguson-led United to the Premier League and Champions League double.
On June 26 2009, CR7 swapped Old Trafford for Bernabeu; joining Spanish giants Real Madrid for a then world record fee of £80m.

In just his fifth season with the los blancos, Ronaldo has already gone on to break numerous records at the club. With the hat-trick he scored on Tuesday against Galatasaray in the Champions League, Ronaldo became Real Madrid's third all-time highest goalscorer (38 goals) in the competition, behind only Raul Gonzalez and Frenc Puskas and fifth in the overall list on 54 goals.

Ronaldo has also won one Spanish La-Liga, one Copa del Rey, and two Super Cup titles with the capital club.
The most outstanding stat of Ronaldo's time in Spain so far, is that the Madeira-born forward has scored more goals than games played for Real Madrid; 206 goals in 204 games played so far. In total, the former Sporting Lisbon forward has scored 329 goals in 527 club games so far, and all across three clubs in three different leagues; Portugal, England, and now Spain.

He has also managed to win 15 major club honours, to go with his 68 individual titles. It will be a debate that will drag on for decades; who is better between Cristiano Ronaldo and Lionel Messi, with four straight FIFA world best awards, since Ronaldo won it in 2008, the Argentine looks the clear favourite.

However, I want to state that being the best and being complete are two different things, take Ronaldo Da Lima for example, while he wowed all in the colors of Brazil, winning 3 world cups with his national side, he found it hard performing consistently in Europe, hence his club football was not as successful.

So if you consider what Cristiano Ronaldo has managed to achieve in all the leagues he has played in, and the fact that, he has managed to stand out in two major leagues, you look at things a little bit differently. It is not surprising that he is the only player to have won the European Golden Boot from two different Leagues.

It is hard to see Messi thriving in a team aside Barcelona. With 328 goals from 410 games for Barcelona so far, one cannot play down the greatness of the little magician.

While Messi fits in perfectly into Barcelona's set up and will continue to rule the round leather game for many more years with the Nou Camp outfit, Ronaldo looks like a player that can succeed in any team in Europe due to his style of play.
Like Sir Alex said last year; "Maturity brings many things. When I went to see them play against City, some of his decision-making in terms of passing was brilliant.

" Now you see the complete player. His decision-making, his maturity, his experience, plus all the great skills he has got, they make him the complete player."

So if I was to compare these two wonderful artists (because football is an art), I will say while Messi is the best player the world has ever seen; due to his skills and abundant wisdom and great understanding of the game, not to forget his personal and team success, CR7 is the most complete player on God's green earth.

~ Rahman

http://234sports.com/soccer/ronaldo-the-most-complete-player-in-the-planet.html

Warrapun?

just_thinking: Just downloaded level one.

Which one is that?

just_thinking: is it better than BT

Kali Linux is currently the most advanced and versatile penetration testing suite. .equally maintained and funded by Offensive Security (the creators of Backtrack). .

Just see Kali Linux as an advance backtrack. .

Also, you could try your hands on some "vulnerable by design OS". .

One of such is Kioptrix, a Pentest lab for security enthusiasts to legally try out their skills with the aim to completely compromise the machine.

I made a video sometime last year on it (find below)


https://www.youtube.com/watch?v=2_tfyF_7KWk

The full work-though is here

There are other fantastic vulnerable OS (they are all ISO Images) you could try your hands on here https://pentesterlab.com/exercises/

Lemme know what you think. .

Nice. .You should upgrade your Bt5 to Kali linux

^^^I believe people would appreciate it more if one of us could setup a virtual lab for practicals as against the theory here

It was learnt that EFCC initial investigation showed that Friday, who was carrying out computer system maintenance services for one of the Union Bank branches in Jos, Plateau State, on a part-time basis, paved the way for the fraudsters to penetrate the bank’s database.

The "insider attack" (i.e. any attack by a rogue employee) is a serious one as such attacks tend to cause more damage, especially when privileged users, who have access to a company's crown jewels, go rogue. .

In this scenario, the only thing that stood between the privileged user (in this case Friday) and being a billionaire, was a SQL Update command. .

The Economic and Financial Crimes Commission has arrested two young men who claimed to be undergraduates of the University of Jos, Isaiah Friday and Azzaior Samuel, for an alleged N2.05bn fraud.

Two bureau de change operators, Salihu Mahmoud and Dan Ibrahim, were also arrested in connection with the alleged crime.


The suspects were also accused of being members of a syndicate that specialised in breaking into the computer data base of financial institutions to carry out dry posting of funds.

The Head, Media and Publicity, EFCC, Wilson Uwujaren, said the suspects were arrested in Lagos and Jos.

He said, “Their arrest comes on the heels of a petition which the commission received from Union Bank of Nigeria Plc, Marina, Lagos, in January 2013, alleging that a criminal attack had been launched on its data base known as ‘Flexcube’, by yet-to-be-identified criminals who falsified the bank records and accounts and created unjustified huge opening balances in several accounts across the bank’s branches. They subsequently transferred funds from those accounts to several accounts in other banks.

“The petition, which was signed by one A.F Olufade, Head of Fraud Investigation at the bank, said cash withdrawals and electronic transfers totalling N2.05bn was involved in the scam.”

It was learnt that EFCC initial investigation showed that Friday, who was carrying out computer system maintenance services for one of the Union Bank branches in Jos, Plateau State, on a part-time basis, paved the way for the fraudsters to penetrate the bank’s database.

Uwujaren said, “Friday was traced and arrested. His arrest led to the arrest of Azaaior Samuel.

“Investigations further revealed that Samuel introduced Friday to Mahmoud, who is the mastermind of the fraud with others now at large.

“Mahmoud and other collaborators told Friday that they needed access to the bank’s database in order to carry out some postings. They promised to give Friday N.5m if the deal succeeded.”

PUNCH Metro gathered that Friday agreed. On the day the crime was committed, he told people at the bank that Samuel was his colleague who had accompanied him to work.

It was learnt that after the gang had succeeded in gaining access to the bank’s premises, it carried out the postings to six different company accounts domiciled in Union Bank’s Marina branch in Lagos.

Uwujaren said, “The accounts are Gona Bureau De Change Limited, Jaxmine Bureau De Change Limited, Dan Kawu Bureau De Change Limited, Godswill Great Communications, ZHG Services Limited and A and B Console Limited. The postings were carried out and the syndicate thereafter went to the bank to withdraw all the funds. Friday was paid as promised and other syndicate members now at large shared the remaining balance.”

The EFCC spokesman added that the commission had been able to recover $2,129,900 and another N134,542, from the fraudsters.

He said, “Other items recovered are furniture worth N10m from Salihu Liman’s one bedroom apartment in Yaba, Lagos; four vehicles, landed properties in Kano and Kaduna and a four-bedroom duplex worth N45m in Lagos.


http://www.stelladimokokorkus.com/2013/09/union-bank-loses-two-billion-naira-to.html

[size=14pt]GEJ's 40 computer-man squad at work[/size]

slicreports: http://www.umundugbadevelopmentassembly.com/ i have uploaded the site and its successful but when i search this name in browser it gives me this error jtablesession::Store Failed
DB function failed with error number 1146
Table 'umundugb_u.jos_session' doesn't exist SQL=INSERT INTO `jos_session` ( `session_id`,`time`,`username`,`gid`,`guest`,`client_id` ) VALUES ( '96615c959005664f4d82c65995b6cc13','1379183391','','0','1','0' )
Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 64 bytes) in /home/umundugb/public_html/libraries/joomla/error/exception.php on line 117

Hi,

Kindly post exception.php here

Preferably from line 80 - 130

Company Name: Skylight Technologies
About Us : At Skylight Technologies we believe that technology greatly enhances speed, productivity, efficiency of every business.
Company's Website: https://www.skylighttech.com/
Phone No (Optional): 07036379001

megatran: just thinking...cant havij or acunetix actually do the job of metasploit and although i got way confused by ur advance way of begining the topic am sure i can go around getting a newbie lecture. is metasploit used in windows or linux...nice tutorial by the way

Acunetix is a web vulnerability scanner. .basically, it tells you how vulnerable a web application/ web site is. .

Havij is a MySQL exploitation tool. .All you need do is feed it with a vulnerable url i.e. http://example.com/index.php?id=2 and it will automatically dump the database(s), tables, columns and the fields. Havij is a mini-version of SQLMap (a CLI database exploitation tool). .For full database 0wnage, you should use SQLMap (it supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Sybase, etc)

Metasploit is a framework developed for executing exploit codes against a target machine (be it local or remote)

jerome44: @ SlyroX : all user input are properly validated and for the upload it does require any submit button because I'm using Jquery and Ajax for the upload.

Noticed you've done it. .It now filters "bad characters"

1. Validate all user inputs . .

Check here http://www.demo.idigitgs.com/REGULAR/?iemj=forum&action=posts

2. Check here http://www.demo.idigitgs.com/REGULAR/?iemj=forum&action=upload_profile_pic , there's no submit button

elvis10ten: I HAVE THE HIGHEST FRIENDS LIST ON NAIRALAND. WHO CAN BEAT THAT ? https://www.nairaland.com/elvis10ten

I can. .In just 2mins