New Method to inject php code into whmcs via whmcs control panel

how to upload shell in whmcs
hi , 

whmcs is a famous an all-in-one client management, billing & support solution for online businesses. 

many hacker's try to get access into webhosting  that run whmcs  , so they get root accounts , rdp's,client account's and more...

but first they need to upload a evil code to have the full access , the older method are already fixed and doesn't work  , so in this post i will show you a new method "how  to inject a php code into whmcs " ! 

READMORE
Read more »
at 11:48 AM 0 comments

 

[Python] Make Your MD5/SHA1 DaTAbase [Generate&Cracking ]


rainbow tables generator
Hi I just make a program that work with rainbow tables ;
 there is two part's  the first is for generating the hash from a password list , and the second is for cracking hashes token from input file or URL and check if the hash is in the database ,  if yes it will be cracked  .
the program will show you :

   Number of hashes created

  time to create the Database 

   Number of hashes found 


   number of hashes cracked 


   Time to crack the hashes 


   type of hash used to crack 





 the input file can be a file or a url that contain passwords or hashes 

code : http://pastebin.com/sthakwtg 



            Simple usage : 
     

python hashlab.py --ops crack --t md5 --i hash.txt --o hashcracked.txt  

python hashlab.py --ops crack --t sha1 --i hash1.txt --o hash1cracked.txt  

python hashlab.py --ops generate --i passwords.txt  

python hashlab.py --ops generate --i http://ob-security.info/files/top.txt  

python hashlab.py --ops crack --t md5 --i http://ob-security.info/files/hashlist.txt --o hashcracked.txt  

READMORE
at 12:07 PM 0 comments

 

JSP Backdoor Reverse Shell

jsp backdoor reverse shell


Hi ,

Let's talk a litle about JSP . in this post i'm giving a jsp backdoor its coded witth JSP
to run it you need a webserver that support jps such a apache tomcat !
code :
 http://pastebin.com/HxVu8ZMn

READMORE
at 2:48 PM 0 comments

 

What method used to deface google & microsoft [israel,pakistan and more ]

Hi ,
google and microsoft hacked
at the last time we saw a good defaces for a big websites including google & microsoft and others  ;
but the question is how some one can deface all those website in short time ?

So the firt thing that you need to see is all defaced website are for a specific county and not .com

So Did them really find a vuln in those websites ? The Answer Is No  and actually they hadn't any kind of file access or database access or any kind of access to google

But how did them Deface it  ?

First let me make a domain whois record to skype.co.il for example : 
The rezult was like this : 

Queried whois.isoc.org.il with "skype.co.il"...
% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in 
% obtaining information about or related to a domain name 
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise 
% support the transmission of mass unsolicited, commercial 
% advertising or solicitations via e-mail (spam); 
% or  (2) enable high volume, automated, electronic processes that 
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.
 
query:        skype.co.il

reg-name:     skype
domain:       skype.co.il

descr:        Skype
descr:        70 Sir John Rogerson-s Quay
descr:        Dublin
descr:        OOOO2
descr:        Ireland
phone:        +353 1 2322000
fax-no:       +353 1 2323333
e-mail:       skypedomains AT skype.net
admin-c:      GC-BO1442-IL
tech-c:       GC-MH18079-IL
zone-c:       GC-CB11365-IL
nserver:      ns1.skype.net 
nserver:      ns2.skype.net 
nserver:      ns3.skype.net 
validity:     17-10-2013
status:       Transfer Allowed
changed:      domain-registrar AT isoc.org.il 20121017 (Assigned)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121017 (Changed)
changed:      domain-registrar AT isoc.org.il 20121018 (Changed)
changed:      domain-registrar AT isoc.org.il 20121019 (Changed)
changed:      domain-registrar AT isoc.org.il 20121024 (Changed)
changed:      domain-registrar AT isoc.org.il 20121118 (Changed)
changed:      domain-registrar AT isoc.org.il 20121118 (Changed)
changed:      domain-registrar AT isoc.org.il 20121119 (Changed)

person:       Benjamin Orndorff
address:      Microsoft Corporation
address:      One Microsoft Way
address:      Redmond
address:      98052
address:      USA
phone:        +1 4 258828080
fax-no:       +1 4 259367329
e-mail:       admin AT internationaladmin.com
nic-hdl:      GC-BO1442-IL
changed:      Managing Registrar 20121024

person:       MSN Hostmaster
address:      Microsoft Corporation
address:      One Microsoft Way
address:      Redmond WA
address:      98052
address:      USA
phone:        +1 4 258828080
fax-no:       +1 4 259367329
e-mail:       msnhst AT microsoft.com
nic-hdl:      GC-MH18079-IL
changed:      Managing Registrar 20121017

person:       ccTLD Billing
address:      CSC Corporate Domains, Inc.
address:      2711 Centerville Rd.
address:      Wilmington DE
address:      19808
address:      USA
phone:        +1 3 026365400
fax-no:       +1 3 026365454
e-mail:       cctld-billing AT cscinfo.com
nic-hdl:      GC-CB11365-IL
changed:      Managing Registrar 20121017

registrar name: Communigal Communication Ltd
registrar info: http://www.galcomm.co.il/






So we can see 






registrar info: http://www.galcomm.co.il/




thats mean skype in registred in galcomm.co.il  also if you check microsoft and msn  you will find the same thing ,  




So if we get access on www.galcomm.co.il we can change the originak dns to our server and upload the deface page . 






www.galcomm.co.il  was infected with an Mssql vuln ! 






This attack called Dns hijacking !  










And i think the same way used to deface google.Pk and The most of google,microsoft defaces ! 




Keywords : 


Google defaced 


how to deface 


dns hijacking


google israel hacked 


Zombie ksa 


google pakistan defaced 



















READMORE











at
2:06 PM




0
comments























 
















Google Pakistan defaced 








google pakistan hackedTurkish  hacker named KriptekS   defaced the Pakistanis google . 


This attack come after the deface of mirosoft.co.il , so those days we saw a lot of important websites down  


The attack its a Dns hijacking attack , so KriptekS   get access to Pakistan domain register then he change dns values  to his deface page  ! 


Zone - h


http://www.zone-h.com/mirror/id/18638930







keywords : 

Zone-h  

 mirosoft.co.il hacked 

how to hack google 

dns hijacking 

dns attacks 

domain register

hacker house 





READMORE











at
12:37 PM




0
comments























 
















Multi Anonymous Ftp Access Scanner
















This Tool allow to you to scan an Ip list from Anonymous ftp access





How  it work :







you have two choses :





1- getting random ips list  from   and scan it




2- Scanning an ips list from your chose








anonymous ftp scanner





Keywords :

hacking tool

python hacking tools

python scanner's

anonymous ftp scanner

Anonymous ftp access





READMORE











at
1:37 PM




0
comments























 
















EAZY Finder v2 .  [Correcting some Problemes ]








Hi ,





After Posting EAZY Finder Tool Here http://h4ckhouse.blogspot.com/2012/10/eazy-web-scanner-get.html

I corrected some errors 



This Is The Link for Donwloading The new version : 

 http://www.mediafire.com/download.php?y39un6diq38h0ht





READMORE











at
10:39 AM




0
comments























 



















Subscribe to:
Posts (Atom)