vBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28 - SQL Injection

# Exploit Title: vBulletin 5 Beta XX SQLi 0day

# Google Dork: "Powered by vBulletin™ Version 5.0.0 Beta"

# Date: 24/03/2013

# Exploit Author: Orestis Kourides

# Vendor Homepage: www.vbulletin.com

# Software Link:

# Version: 5.0.0 Beta 11 - 5.0.0 Beta 28

# Tested on: Linux

# CVE : None

READ MORE »

Exploit Facebook Via External Plugins and Modules

#############################################################
# Title: Exploit Facebook Via External Plugins and Modules  
# Exploitation: Manually (use your brain ^_^)
# Date:  28/03/2013 
# Greetz: Virusa Worm - Man Sykez - BL4ckc0d1n6 and all AnonGhost Memberz
# Author: Mauritania Attacker
#############################################################

READ MORE »

DNS Hijacking

Trong một bài viết trước Juno_okyo's Blog đã giới thiệu về DNS Spoofing. Và giờ tiếp tục với DNS Hijacking:

Here is a beautiful Tut From my dear friend H4x4rwOw on DNS HIJACKING
Recommended to download and watch
Download Here
Note:- Only for Educational purpose

List Of Top 5 Pentration Testing Operating System’s Based On Linux

If you are in search of good Pentration Testing operating system then you are at right place because in this post I am going to introduce you with Top 5 penetration testing Operating System’s Based On Linux. First of all i want to tell you something about Penetration Testing :

” It is that process in which an individual/professional can evaluate the security of a computer system or network by applying the attacks. These professionals have legal rights to do this task as their purpose is only to examine the network security instead of doing any harm.”
READ MORE »

WEP Cracking using Fern Wifi Cracker

So lets begin ...

Go to backtrack --> exploitation tools --> wireless exploitation tools --> 

WLAN exploitation --> fern-wifi-cracker

Now select the wireless interface you have ( it can be wlan0, wlan1 etc..)

READ MORE »

[SQLMAP] SQL Injection utilizando método POST

En esta entrada breve y simple, se detallaran los pasos que realizaremos cuando necesitemos explotar una vulnerabilidad de Sql Injection, que mayormente se encuentran en algunos servidores basados en SQL Server y Oracle. Estas vulnerabilidades son típicas en los LOGIN'S Administrativos, ya que como debemos de saber,  que cuando ingresamos el usuario y password estos datos se envían a través del método POST, por lo tanto puede existir la posibilidad de que al ingresar datos falsos o algunos bypasses, esta nos pueda mostrar algún error que nos permita identificar la vulnerabilidad, por tanto se puede explotar automatizadamente utilizando SQLMAP ejecutando comandos para enviar la petición en POST y no en GET como se "acostumbra".

READ MORE »

1337day Inj3ct0r Exploit Database Hacked by Z0mbi3_Ma and SQL_Master

A Well Known Exploit Database Website 1337day (www.1337day.com) hacked and defaced by hackers with the handle  SQL_Master and Z0mbi3_Ma. Website is restored. Original website was not defaced (http://1337day.com) but www Subdomain of the website.

READ MORE »