Thursday, 27 February 2014

Dot Net Nuke [DNN] : File Upload Vulnerability

Finding Vulnerable Target

Dork:  inurl:/tabid/36/language/en-US/Default.aspx

Exploit : /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx

1- Copy any of those dork and paste in Google

2-Choose any site

3- Paste the exploit at the end of the site URL


If you see something like this, that's Good :D

Exploiting Target

1- Copy the codes below and paste in your address bar / browser console.


2- After you enter the javascript, you will see the browse option like in the picture below.

3- To upload shell, you only can upload ASP filetype shell.

Example: Umer.asp;.jpg 


4- To view your file, add /portals/0/FILENAME.jpg at the end of the site




Kurumsal Script Multiple Vulnerability


intext:Kurumsal Firma Scripti. Tüm hakları saklıdır. Powered by : Php Scriptlerim

intext:Bize ulaşmak için aşağıda ki iletişim formunu veya sağ sütunda ki iletişim bilgilerimizi kullanabilirsiniz.

Exploit: /upload/upload.php


Filetype Allowed: php, html, txt

File Uploaded:


Joomla! Exploit Scanner V1 [Released!]

Hello everyone, this is the Joomla! Exploit Scanner that i made, hope this scanner could help you to find bug in the site that you want to hack :)

Demostration Video :


Tuesday, 25 February 2014

ANSI Color Codes

There are 16 ANSI Colors, which are actually 8 colors, each having "normal" and "bright" intensity variants. The colors are black, red, green, yellow, blue, magenta, cyan, and white. In certain circumstances bright intensity could be actually brighter, or, in the case of an xterm, it could be bold.

Sunday, 23 February 2014

Exploit Joomla! : com_maianmedia


Dork: inurl:option=com_maianmedia


This exploit is exactly like the previous one that i posted a few days ago. So just refer the tutorial. I'm so lazy to write anything :P

Please refer :

Saturday, 22 February 2014

Facebook Autolike 100% Work

1- Go to

2- Click on Get Token

3-  There will be a new tab opened or a popup that from Facebook Application, Skype asking for permission.

4- Simply click on "Allow" or "Okay"

5- Then you will be automatically redirect to a website.

6- In the address bar, copy the access token which started from access_token= until &expires. So you will get something like this


7- Copy the access token and paste in the text box at 

8- Click submit and enjoy the likes ^_^

*Please SHARE This to your friends. MORE USER MORE LIKES

CREEDIT TO: Penggodam Jahat 

Remote File Inclusion [RFI] Dorks







Friday, 21 February 2014

Exploit Joomla: com_maian15

In this tutorial, i'm going to show you how to upload shell using Live Http Header through Joomla component , com_maian15.

Finding Vulnerable Target

Dork : "inurl:option=com_maian15"


Browser: Mozilla Firefox

1- Firstly, copy the dork and paste in google

2- Choose any site

Exploiting Target
1-  Paste the exploit at the end of the site URL.



2-   If it says,   
      saving your images to ../tmp-upload-images/
      or something similar, it means the site is vulnerable.

3-  Now, add name=yourshellname.php at the end of the site URL


4- Hit enter and you will get something like  
     saving your images to ../tmp-upload-images/bcc.php

5- Now, open up your Firefox extension, Live HTTP Header , and refresh the page.

6-  As you can see, in your Live HTTP Header, there is the url of the site. Highlight it and click on replay.

   7- Once you clicked replay, a popup will appear, tick on Send POST Content and paste your shell script in the column. 

8- Click replay , the page will automatically refresh  and your shell is successfully uploaded at

That's all the tutorial for today :P Feels free to leave a comment below :D

Thursday, 20 February 2014

404 Not Found Private Shell

Sometimes, people are trying to steal your site by accessing trough your shell, but they will no longer do that if you're using this shell. :D

Once you have uploaded your shell into the site, you will see the Not Found  like this, 

But when you moved your mouse to the center, you will see the text box to enter the password for the shell. 

Default Password : sayahensem

You can change the password as you like as long as it already encrypted in MD5 hash.

Once you have entered the password, you will get the shell :D

   Simply download the shell HERE 


Wednesday, 12 February 2014

Exploit eggBlog 414 Arbitrary File Upload

Finding Vulnerable Target

Dork: "powered by"

Exploit : /_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

1- Copy the dork and paste on Google

2- Choose any site

Exploiting Target

1- Paste the exploit at the end of the URL.



and you will see something like this

2- Choose your file and click Upload.

3- To view your file, simply click on your file name in the upper right box.

Live Demo:

Sunday, 9 February 2014

Exploit Joomla! : com_collector


Dork :  inurl:index.php?option=com_collector

Exploit :  /index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

Thursday, 6 February 2014

How To Hack Random Facebook Account Using Method : Email Guessing [Yahoo!]

Here is the demostration of hacking random Facebook account using method Email Guessing at Yahoo!

Tuesday, 4 February 2014

10 Notorious Female Hacker

10- Raven Adler

Often recognized as one of the most gifted and intelligent hackers in the world, Raven Adler graduated high school at just 14 and got her college degree at 18. As a frequent speaker at hacking and software conferences, Adler was also the first female to ever give a presentation at DefCon, one of the world’s most prestigious gathering of hackers. When asked about her appearance at DefCon, she often replies that she would like to be known for her work, not for being a female in the field. Currently, Adler specializes in securing data from end-to-end, and this has made her invaluable to both private and public organizations looking to protect sensitive information. She now works as a senior security consultant for a number of companies and continues to give lectures and regularly publish her work in industry magazines. She also works closely alongside a number of federal firms in an effort to secure their online databases.

9- Adeanne Cooke

Most of the world recognizes Adeanna Cooke as an international model regularly featured in Playboy, but her fans are often surprised to hear that she is also a well-established hacker and amateur computer programmer. With very little in the way of training, Cooke taught herself the basics of hacking and often uses it to further her modeling career. When her images were illegally used to make money by her long-time partner, Cooke took on the project of protecting her images and hacked the website to remove all of the stolen property. After this event Cooke was named “Hacker Fairy” and found her calling within the hacking industry. She now helps professional models and other women from being taken advantage of online.

8- Gigabyte

While many of the top female hackers are known for their legal work within the security sector, Gigabyte is on the opposite end of the spectrum. Her real name is Kim Vanvaeck and she was born and raised in Belgium. She is believed to have been the sole creator or primary creator of a number of high-end viruses including Coconut-A, Sahay-A, and Sharp-A meant to target hardware with sensitive information. Unlike many other viruses that were meant to steal private information in order to make money, these viruses were used to destroy the information itself. Law enforcement agencies have tried to paint her as a woman that is seeking notoriety in a field that is dominated by men, and Gigabyte’s name was traced to hundreds of viruses throughout the years. Recently, Vanvaeck was arrested just outside of her hometown of Mechelon near Brussels but was released within 24 hours on bail. She is currently accused of stealing and destroying private data and is facing 3 years in prison and over 100,000 Euros in fines.

7- Xiao Tian

After feeling female hackers had little outlet for their interest in technology, Xiao Tian created the renowned hacking group China Girl Security Team. Still a teenager, Tian quickly expanded the group to just over 2,200 members, all of which were female girls looking for a community in which they would feel welcome. This female hacking organization now has ties to some of the most infamous hacking groups throughout the world and has become one of the largest Chinese-based hacking groups. As with most well-known and outspoken groups of this nature, Xiao Tian and the rest of China Girl Security Team continue to receive attention from national and international police organizations due to their activities.

6- Kristina Vladimirovna Svechinskaya

Without question, Krisina Svechinskaya remains one of the most well-known names in hacking. This Russian hacker is also a top-notch New York University student, but most will recognize her from a string of high-end hacking jobs that have potentially resulted in millions of dollars lost. Specializing in the use of Trojan horses, Svechinskaya attacked thousands of bank accounts, most within the United States, and then created a series of fake accounts through both Bank of America and Wachovia. She then utilized nine other people to create fake passports, but was finally caught and is now under threat of multiple charges. Overall, some authorities estimate that she stole $3 million in as little as a few months.

5- Jude Milhon

Before passing away in 2003, Jude Milhon was a hacker and author best known under the pseudonym St. Jude. She began her career as a computer programmer in 1967 working with some of the earliest incarnations of the internet. As time went on, she began her slow transition into the life of a hacker and eventually started the hacking group Cypherpunks, not to be confused with cyberpunks. Milhon was one of the primary activists that stated hacking was nothing more than bringing out the potential of software and continued to lobby against all those that believed hacking was nothing more than a criminal act. Throughout her life she wrote book after book as well as contributed to a number of magazines within both the hacking industry and the computer programming industry.

4- Ying Cracker

When it comes to the world of female hackers, Ying Cracker can be seen as the professor that gives students their first taste of this unique field. Often referring to herself as an educator, Ying Cracker is a resident of Shanghai and believes that hacking is a useful skill that can be learned by anyone. This is why she has released multiple publications that teach introductory skills for hacking. Generally aimed at a younger crowd, Cracker helps students with information such as how to change one’s IP address or even scramble their personal passwords. Originally noticed on a message board for her looks, Ying Cracker has set out to convince the world that female hackers can add quite a bit to this field. As her primary form of income, she now offers free courses as well as tailor-made software to private and public organizations that would like to protect their sensitive data. She also offers paid courses for those that would like to move beyond the basics of hacking and get into high-end software development.

3- Joanna Rutkowska

Joanna Rutkowska is further proof that not all hackers are bad, and few specialists have done more for operating system security than this notorious hacker. Most widely regarded for her work with Windows Vista, Rutkowska shocked the world in the August 2006 Black Hat Briefing Convention in Las Vegas. In front of a crowd, Rutkowska demonstrated two simple methods for hacking into the Windows Vista beta. She also revealed a Blue Pill technique that allowed her to transfer a running operating system onto a virtual machine well before the worldwide use of virtual machines and virtual servers within the private sector. Named as one of the ‘Five Hackers who Put a Mark on 2006,’ this Polish hacker now helps customers with her international security firm. She continues to give lectures at conferences and works closely with some of the biggest software and hardware designers in the industry including Windows.

2- Natasha Grigori

Known simply as Natasha Grigori, a name partially taken from Bullwinkle’s nemesis in the classic children’s cartoon, very little information has been revealed to the world about this famous hacker. Her career as a hacker begun in the 1980s but she did not receive fame until the early 1990s with a bulletin-board website for amateur programmers and hackers. With this site, she helped others share, release, and hack various forms of software, but she found another calling in the late 1990s when she founded, also known as ACPO and Anti-Child Porn Organization. This website has become one of the largest crusaders against online child pornography and countless hackers utilize techniques learned from Grigori to help law enforcement agencies find and prosecute distributors. One of Grigori’s largest projects was centered on software that will automatically glean information from tens of thousands of suspected URLs and track those that are sending and receiving data with those websites. She has stated that once completed, the fully-developed software will then be shared with the authorities for finding and prosecuting criminals. Unfortunately, Natasha Grigori lost her battle with a severe illness on November 11, 2005, but ACPO has been left behind as a viable and effective organization that continues to operate today.

1- Susan Headly

With her career stretching back decades, Susan Headley has undergone her fair share of nicknames including both Susy Thunder and Susan Thunder. Going all the way back to 1970s, Headley was one of the first females to join one of the most renowned hacking groups in history, Cyberpunks. Throughout the 1970s and 80s, this organization continued to advance the field of hacking and created some of the most common tactics that are still used today. Over time, Headley created her own offshoot organization known as the Roscoe Gang, but she eventually gave up her hacking career to move to Las Vegas and become a professional poker player. In a twist that very few professional hackers undergo, Headley decided that she was ready for public office, even in a minor position, and was elected as the City Clerk in California City in 1994.


Sunday, 2 February 2014

Admin Login Reset


Dork : inurl:/admin/login-form.php

Exploit: admin/register-form.php

Live Demo :