New Method to inject php code into whmcs via whmcs control panel

how to upload shell in whmcs
hi , 

whmcs is a famous an all-in-one client management, billing & support solution for online businesses. 

many hacker's try to get access into webhosting  that run whmcs  , so they get root accounts , rdp's,client account's and more...

but first they need to upload a evil code to have the full access , the older method are already fixed and doesn't work  , so in this post i will show you a new method "how  to inject a php code into whmcs " ! 

READMORE
 

[Python] Make Your MD5/SHA1 DaTAbase [Generate&Cracking ]


rainbow tables generator
Hi I just make a program that work with rainbow tables ;
 there is two part's  the first is for generating the hash from a password list , and the second is for cracking hashes token from input file or URL and check if the hash is in the database ,  if yes it will be cracked  .
the program will show you :

   Number of hashes created

  time to create the Database 

   Number of hashes found 


   number of hashes cracked 


   Time to crack the hashes 


   type of hash used to crack 





 the input file can be a file or a url that contain passwords or hashes 

code : http://pastebin.com/sthakwtg 



            Simple usage : 
     

python hashlab.py --ops crack --t md5 --i hash.txt --o hashcracked.txt  

python hashlab.py --ops crack --t sha1 --i hash1.txt --o hash1cracked.txt  

python hashlab.py --ops generate --i passwords.txt  

python hashlab.py --ops generate --i http://ob-security.info/files/top.txt  

python hashlab.py --ops crack --t md5 --i http://ob-security.info/files/hashlist.txt --o hashcracked.txt  

READMORE
 

JSP Backdoor Reverse Shell

jsp backdoor reverse shell


Hi ,

Let's talk a litle about JSP . in this post i'm giving a jsp backdoor its coded witth JSP
to run it you need a webserver that support jps such a apache tomcat !
code :
 http://pastebin.com/HxVu8ZMn

READMORE
 

What method used to deface google & microsoft [israel,pakistan and more ]

Hi ,
google and microsoft hacked
at the last time we saw a good defaces for a big websites including google & microsoft and others  ;
but the question is how some one can deface all those website in short time ?

So the firt thing that you need to see is all defaced website are for a specific county and not .com

So Did them really find a vuln in those websites ? The Answer Is No  and actually they hadn't any kind of file access or database access or any kind of access to google

But how did them Deface it  ?

First let me make a domain whois record to skype.co.il for example : 
The rezult was like this : 



Queried whois.isoc.org.il with "skype.co.il"...
% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in 
% obtaining information about or related to a domain name 
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise 
% support the transmission of mass unsolicited, commercial 
% advertising or solicitations via e-mail (spam); 
% or  (2) enable high volume, automated, electronic processes that 
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.
 
query:        skype.co.il

reg-name:     skype
domain:       skype.co.il

descr:        Skype
descr:        70 Sir John Rogerson-s Quay
descr:        Dublin
descr:        OOOO2
descr:        Ireland
phone:        +353 1 2322000
fax-no:       +353 1 2323333
e-mail:       skypedomains AT skype.net
admin-c:      GC-BO1442-IL
tech-c:       GC-MH18079-IL
zone-c:       GC-CB11365-IL
nserver:      ns1.skype.net 
nserver:      ns2.skype.net 
nserver:      ns3.skype.net 
validity:     17-10-2013
status:       Transfer Allowed
changed:      domain-registrar AT isoc.org.il 20121017 (Assigned)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121018 (Changed)
changed:      domain-registrar AT isoc.org.il 20121019 (Changed)
changed:      domain-registrar AT isoc.org.il 20121024 (Changed)
changed:      domain-registrar AT isoc.org.il 20121118 (Changed)
changed:      domain-registrar AT isoc.org.il 20121118 (Changed)
changed:      domain-registrar AT isoc.org.il 20121119 (Changed)

person:       Benjamin Orndorff
address:      Microsoft Corporation
address:      One Microsoft Way
address:      Redmond
address:      98052
address:      USA
phone:        +1 4 258828080
fax-no:       +1 4 259367329
e-mail:       admin AT internationaladmin.com
nic-hdl:      GC-BO1442-IL
changed:      Managing Registrar 20121024

person:       MSN Hostmaster
address:      Microsoft Corporation
address:      One Microsoft Way
address:      Redmond WA
address:      98052
address:      USA
phone:        +1 4 258828080
fax-no:       +1 4 259367329
e-mail:       msnhst AT microsoft.com
nic-hdl:      GC-MH18079-IL
changed:      Managing Registrar 20121017

person:       ccTLD Billing
address:      CSC Corporate Domains, Inc.
address:      2711 Centerville Rd.
address:      Wilmington DE
address:      19808
address:      USA
phone:        +1 3 026365400
fax-no:       +1 3 026365454
e-mail:       cctld-billing AT cscinfo.com
nic-hdl:      GC-CB11365-IL
changed:      Managing Registrar 20121017

registrar name: Communigal Communication Ltd
registrar info: http://www.galcomm.co.il/



So we can see 

registrar info: http://www.galcomm.co.il/

thats mean skype in registred in galcomm.co.il  also if you check microsoft and msn  you will find the same thing ,  

So if we get access on www.galcomm.co.il we can change the originak dns to our server and upload the deface page . 

www.galcomm.co.il  was infected with an Mssql vuln ! 

This attack called Dns hijacking !  


And i think the same way used to deface google.Pk and The most of google,microsoft defaces ! 

Keywords : 
Google defaced 
how to deface 
dns hijacking
google israel hacked 
Zombie ksa 
google pakistan defaced 



READMORE
 

Google Pakistan defaced

google pakistan hackedTurkish  hacker named KriptekS   defaced the Pakistanis google . 

This attack come after the deface of mirosoft.co.il , so those days we saw a lot of important websites down  

The attack its a Dns hijacking attack , so KriptekS   get access to Pakistan domain register then he change dns values  to his deface page  ! 

Zone - h

http://www.zone-h.com/mirror/id/18638930



keywords : 
Zone-h  
 mirosoft.co.il hacked 
how to hack google 
dns hijacking 
dns attacks 
domain register
hacker house 
READMORE
 

Multi Anonymous Ftp Access Scanner


This Tool allow to you to scan an Ip list from Anonymous ftp access

How  it work :

you have two choses :
1- getting random ips list  from   and scan it
2- Scanning an ips list from your chose


anonymous ftp scanner


Keywords :
hacking tool
python hacking tools
python scanner's
anonymous ftp scanner
Anonymous ftp access
READMORE
 

EAZY Finder v2 . [Correcting some Problemes ]

Hi ,


After Posting EAZY Finder Tool Here http://h4ckhouse.blogspot.com/2012/10/eazy-web-scanner-get.html
I corrected some errors

This Is The Link for Donwloading The new version :
 http://www.mediafire.com/download.php?y39un6diq38h0ht
READMORE