File Thingie Shell Upload Exploit Vulnerablity

This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Follow the Steps=>

1). Go to google and search this dork. :)

Google Dork : inurl:ft2.php intext:upload

2). After the searching the above dork, you will get websites vulnerable to this. 

3). Select any website, upload your deface or shell there.

4). To view your deface or shell, just click on your file name after its uploaded.

Happy Hacking .ONly for Educational Purposes ..!!!!!

File Thingie Shell Upload Exploit Vulnerablity
File Thingie Shell Upload
File Thingie Exploit

Read more

Cara Export & Import Konfigurasi/Setingan Mikrotik

Export & Import Konfigurasi/Setingan Mikrotik hampir sama dengan melakukan backup & restore seperti yang sudah pernah saya bahas disini :  

Cara Backup dan Restore Konfigurasi Router Mikrotik

Bedanya Export - Import dengan Backup - Restore :

1. File hasil backup tidak bisa dibuka di notepad PC, sedangkan file hasil export bisa.

2. File hasil export berisi script konfigurasi/setingan Mikrotik yang dapat langsung di copy-paste dan dieksekusi di terminal Mikrotik.

Jadi, fitur Export ini dapat digunakan untuk melihat konfigurasi Mikrotik dalam bentuk script (command line). File ini juga bisa digunakan untuk import konfigurasi Mikrotik, sama halnya dengan fungsi Backup - Restore Mikrotik.

Cara Export & Import Konfigurasi/Setingan Mikrotik sebagai berikut :

1. Buka terminal  masukkan command berikut :

export file=namafile

Ganti namafile sesuai keinginan anda.

Selain itu kita juga bisa melakukan export untuk konfigurasi spesifik, misal mau export konfigurasi firewall saja jadi command nya gini :

ip firewall export file=namafile

2. Hasil file export nya tersimpan di file, coba lihat dengan command 

file print

3. Untuk meng-copy file konfigurasi tersebut, buka menu file --> pilih file konfigurasi mana saja yang mau di-copy --> klik tombol copy di toolbar --> masuk ke folder Windows Explorer --> Paste di folder mana terserah anda.

4. Extensi file export ini adalah .rsc. Kita bisa membuka file ini dengan notepad.

5. Jika ingin meng-import file konfigurasi ini buka terminal --> ketikkan command :

import file-name=namafile

Oke, demikianlah tutorial mikrotik tentang Cara Export & Import Konfigurasi/Setingan Mikrotik.
Semoga bermanfaat :)

Read more

Cara Memblokir Penggunaan Web Proxy External di Mikrotik

Web Proxy external dapat digunakan untuk mem-bypass firewall dan membuka situs yang tadinya diblokir. Hal ini tentunya bisa bikin kita gigit jari, ketika sudah susah payah bikin sistem dengan firewall untuk memblokir situs macam-macam, ternyata client menggunakan proxy untuk mem-bypass firewall nya. Cape deh.. 

Nah, supaya client tidak bisa menggunakan proxy external untuk mem-bypass firewall, kita perlu memblokir penggunaan web proxy external dengan menggunakan Mikrotik. Caranya dengan membuat rule firewall mikrotik yang memblokir penggunaan port proxy. Hal ini dapat mencegah user/client untuk menggunakan proxy.

Ok, langsung saja ya ikuti Cara Memblokir Penggunaan Web Proxy External di Mikrotik berikut ini :

1. Jika anda menggunakan web proxy internal di Mikrotik, pastikan port nya diganti ke port yang tidak biasa dipake proxy, misalnya port 88

2. Jika anda menggunakan mode transparent proxy, pastikan port redirect nya juga sudah diganti ke port baru, misalnya port 88

3. Buat rule firewall baru dengan melakukan "drop" semua port yang digunakan oleh proxy. Anda bisa copy - paste script berikut ini di terminal :

/ip firewall filter
add action=drop chain=forward comment="Blokir Proxy Port #1" dst-port=\
    3128,54321,6515,6666,8000,8001,8008,808,8080,8081,8088 protocol=tcp \
    src-address=0.0.0.0/0
add action=drop chain=forward comment="Blokir Proxy Port #2" dst-port=\
    8090,81,8118,8181,82,83,84,85,86,8888,8909,9000,9090 protocol=tcp \
    src-address=0.0.0.0/0

4. Jika anda menemukan port lain yang digunakan proxy, silakan ditambahkan sendiri ya.

5. Berikut contoh penggunaannya ketika saya mencoba membuka sebuah web yang diblokir :

=> Sebelum menggunakan proxy

=> Menggunakan proxy

=> Setelah port proxy di "drop"

Nah, jadi dengan trik ini kita bisa mencegah user/client untuk menggunakan proxy selama port proxy yang mereka gunakan sudah masuk ke daftar blokir. 

Oke, demikianlah tutorial mikrotik tentang Cara Memblokir Penggunaan Web Proxy External di Mikrotik. Silakan dicoba dan semoga bermanfaat :)

Read more

How To Tag All Friends In A Click In Facebook 2014

Facebook is one of the great platform to promote your business and if you have lot of friends in your account then you can promote it very fastly. Facebook tagging process is forced other friends to visit our status or pictures that's why most of friends are disliking this feature but here we are going to show you a magic of amazing script which will tag your all friends in a single click within a minute.

Facebook tagging is one of the main weapon to increase visitor in our status or pictures, but tagging one by one manually is not a easy deal so here in this tutorial I am going to show you one simple script which will tag all friends in a single click.

Steps To Follow For tagging All Friends In A single Click :

• Login Facebook in Google Chrome Bowser.

• Post Your Status.

• Now click on time of your status so that it will open in new tab along with your status link.

• Now press CTRL+SHIFT+J , now you can see a new window, just move onto CONSOLE tab.

• Now copy below given script and paste it in CONSOLE tab .

Click here to get Code

&

Password

• After pasting script, now finally press ENTER and enjoy.

You're  Done !! Now just wait and watch the magic of this script.  It will automatically Tag your all friends in a click.

Hope you loved this amazing script, please like this post for our appreciation. Thanks for visiting Hackers Store

Read more

Justin Beiber Twitter account hacked, Targeted 50 Million users

Popular Pop Singer Justin Bieber official twitter account got hacked today. The twitter account have the 50.3 million of the followers, which is the second most twitter follower account. Hacker have hacked into the accounts and tweeted with a link which directed to the malicious app named as "ShotingStarPro".

Hacker tweeted in Indonesian language reading “Justin Bieber Cemberut?”, means - "Justin Bieber sullen?". It can also be says that twitter account was hacked by any Indonesian hacker. Spammed tweet contains the link that was redirected to the website rumahfollowers[dot]tk , that host "ShotingStarPro" app. 

Soon after the hack Justin team have recovered the accounts. Team had deleted the spam tweets and made respons tweet, saying "All good now. We handled it.". He also warned his followers, "That link from earlier. Don’t click it. Virus. Going to erase this now. Spread the word. Thanks."

 As account have been recovered after 15 minutes of the hack, but the spam link that have posted by hacker should have compromised thousand of Justin's followers accounts. 

We like to tell all you people that , if you are one among them then immediately change your password and set new, unique and strong password. We also recommend that do review all the apps that you have associated with your accounts. and revoke all the malicious apps from your account, specially this recent one.

Read more

File upload vulnerability

1). Go to Google.com and type given below dork..

 allinurl: /cgi-bin/filechucker.cgi

2). Choose a site having title like “Upload a file”,

3). Fill all the fields and upload your deface page or shell..! 

4). Its Uploded :D You just hacked a site !!
As said above now we just have to upload our Deface page here the file uploaded url is given in example if not given you can found your uploaded file at.

example.com/upload/files     or

example.com/upload/userfiles

Here we have uploded our deface page...

Only for Educational purposes..!!

Read more

Tutorial on Defacing with KindEditor Vulnerability

Note==>Tutorial is only for Educational purpose and Hackers Store claims no responsibility on how you use it...

Follow The Steps==>

STEP 1: Go to http://www.google.com/

STEP 2: Copy and Paste this dork

inurl:examples/uploadbutton.html

STEP 3: Choose any site target, then put this exploit behind the site url and enter

/kindeditor/examples/uploadbutton.html

Examples: www.sitetarget.com/kindeditor/examples/uploadbutton.html

STEP 4: After put the exploit, you will see 'upload button'. Click the 'upload button' and choose your Deface Page

STEP 5: If your Deface Page file successfully uploaded, copy the link given beside the 'uplaod button' and paste it behind the url site..

Examples: www.sitetarget.com/(url given)

its just for Educational purpose....!!!

Read more

Congo NIC and Official Domain Registry hacked by Leet

Once a popular hacker "Leet" from Pakistani hacker team "Madleet" have back into the cyber world with its hack. This time also hacker have hacked and deface the some of the high profiled site. Today hacker LEET have hacked the Domain Registry of Democratic Republic of the Congo (nic.cd).



Domain Registry of Democratic Republic of the Congo (nic.cd) is responsible for providing all the high profiles local countries domain for the firms as like Amazon, Microsoft, Godaddy and so on.

Hacker have hacked into the system of the domain registrar and able to change DNS of all the site hosted on the server to its own DNS. 

Earlier also hacker have hacked numerous high profiled site which includes, domains of Google, Microsoft, and many of NIC domains with the same method called DNS poisoning. 

At the time of writing all the sites are still showing the deface page. You all can check the list of the site deface and its mirror on the Zone-H. 

Read more