There are mainly three different types of exploits that are used on the internet. PHP, Perl and Web Based attacks.
PHP and Perl attacks are run on the persons computer through an interpreter - a program that reads the code and runs the output. These are usually powered by an underlying SQL or XSS attack.
The other type of attack is a plain web based attack, usually a SQL injection or an XSS exploit with no PHP or Perl powered frontend. These are the easiest to do, but the hardest to figure out how to use as there is not a definitive way of executing them.
General Information
Operating Systems
The most widely used OS is Windows and to be honest I hate it. But I use it. But it is very hard to hack with as tools are not really created for it in mind. Because of that I recommend Linux as a hacking OS because everything just works. .
Oh, yeah, did I mention its free?
PHP
PHP (PHP: Hypertext Preprocessor) is a computer scripting language, originally designed for producing dynamic web pages. It is mainly used in server-side scripting, but can be used from a command line interface or in standalone graphical applications.
Yes, that's from Wikipedia. But its helpful and might be interesting.
But PHP is a very useful and powerful programming language which is used for diverse projects. Because its powerful yet simplistic its used for hacking. And, of course, its free.
How To Spot a PHP Exploit
A PHP exploit is always encased in tags.
Perl
Perl is a dynamic programming language created by Larry Wall and first released in 1987. Perl borrows features from a variety of other languages including C, shell scripting (sh), AWK, sed and Lisp. Perl was widely adopted for its strengths in text processing and lack of the arbitrary limitations of many scripting languages at the time.
Yes, thats from Wikipedia too. But Perl too is a powerful yet simplistic language, like PHP. And its free as well
How To Spot a Perl Exploit
They always start with
#!/usr/bin/perl
Executing Exploits:
Web Based:
These attacks differ hugely so the easiest thing to do is to read the NFO when using this kind of attack.
They usually come in the format
http://www.xxx.org/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*
The example is a SQL injection but XSS attacks looks very similar. All text after the view.php? is the sploit. The exploit occurs in the way that the PHP handles the information being sent by the HTML.
To use these you just paste everything from http://www.xxx.org/ into the browser address bar while on the vulnerable page of the website.
For example: I am on the forums of a website at www.somewebsite.org/forums/. I know the exploit is in the format above. But, I know that the venerable part of the site is in the /forums/ sub directory so I paste the exploit there:
www.somewebsite.org/forums/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*
You can take this principle and apply it to XSS exploits as well.
To be a script you do not need to know SQL, but if you want to develop your own exploits it helps a great deal. Look here for more information: http://www.w3schools.com/sql/default.asp
PHP on Windows:
To run PHP on Windows, you need the PHP software. The is open source so free to download.
http://www.php.net/downloads.php
Download the latest version of the Windows binary installer and the zipped folder.
Run the installer, install it into C:PHP, choose not to configure a web server. Next, open the zip, extract everything into the same folder. Rename php.exe to php2.exe or php.exe.bak. Now copy the php.exe from the C:PHPCLI folder to C:PHP.
Right-click My Computer and pick properties. Click the Advanced tab, then the Environment Variables at the bottom. In the second list-box youâ??ll see a line for PATH. Double-click it and add to the end of the existing line â??;C:PHPâ?? This should give you something like:
Code:
C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;
C:Program FilesCommand;C:PHP
Click OK.
Now open a Command Prompt and type the following lines:
ASSOC .php=PHPScript
FTYPE PHPScript="C:PHPPHP.EXE" "%1" %*
You can now just type a PHP script name to run it like an EXE in Command Prompt. No need to type PHP first. For example:
Code:
C:>phpscript.php
Now you have got PHP environment set up save the exploit to your computer as a .php file. The easiest way to do this is to paste everything from the into notepad. Then File -> Save as and save as type All Files. then in the file name type exploit.php.
Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file
The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the '....' to the information relevant to the site that you are exploiting.
Finally you can run it on the command prompt but navigating to the directory that you saved the exploit.php file in.
C:> cd C:/your/dir/goes/here
and then run the exploit
C:/your/dir/goes/here> exploit.php
The output of your exploit, such as passwords, will be shown in the command prompt.
Your done
PHP on Linux (Debian/Ubuntu):
Firstly, become root. Then install PHP.
apt-get install php5
Then save the exploit as exploit.php to your home directory. The exploit is everything within .
Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file
The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the '....' to the information relevant to the site that you are exploiting.
Finally, run the php file.
php exploit.php
The output of your exploit, such as passwords, will be shown in the command prompt.
Your done
Perl on Windows:
Perl is very similar to PHP in the way that its run, but thanks to good software, it is a lot easier to execute.
Download Strawberry Perl from: http://strawberryperl.com/
Just install and you are able to run perl files by executing on the command line
perl exploit.pl
Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file
The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the "...." to the information relevant to the site that you are exploiting.
Finally run the exploit by typing into the command line:
perl exploit.pl
The output of your exploit, such as passwords, will be shown in the command prompt below.
Your done
Perl on Linux (Debian/Ubuntu):
Become root and install perl:
apt-get install perl
You are then able to run perl files by executing:
perl exploit.pl
Save the perl exploit to your home directory as exploit.pl.
Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
Code:
$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file
The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the "...." to the information relevant to the site that you are exploiting.
Finally run the exploit by typing:
perl exploit.pl
The output of your exploit, such as passwords, will be shown in the command prompt below.
PHP and Perl attacks are run on the persons computer through an interpreter - a program that reads the code and runs the output. These are usually powered by an underlying SQL or XSS attack.
The other type of attack is a plain web based attack, usually a SQL injection or an XSS exploit with no PHP or Perl powered frontend. These are the easiest to do, but the hardest to figure out how to use as there is not a definitive way of executing them.
General Information
Operating Systems
The most widely used OS is Windows and to be honest I hate it. But I use it. But it is very hard to hack with as tools are not really created for it in mind. Because of that I recommend Linux as a hacking OS because everything just works. .
Oh, yeah, did I mention its free?
PHP
PHP (PHP: Hypertext Preprocessor) is a computer scripting language, originally designed for producing dynamic web pages. It is mainly used in server-side scripting, but can be used from a command line interface or in standalone graphical applications.
Yes, that's from Wikipedia. But its helpful and might be interesting.
But PHP is a very useful and powerful programming language which is used for diverse projects. Because its powerful yet simplistic its used for hacking. And, of course, its free.
How To Spot a PHP Exploit
A PHP exploit is always encased in tags.
Perl
Perl is a dynamic programming language created by Larry Wall and first released in 1987. Perl borrows features from a variety of other languages including C, shell scripting (sh), AWK, sed and Lisp. Perl was widely adopted for its strengths in text processing and lack of the arbitrary limitations of many scripting languages at the time.
Yes, thats from Wikipedia too. But Perl too is a powerful yet simplistic language, like PHP. And its free as well
How To Spot a Perl Exploit
They always start with
#!/usr/bin/perl
Executing Exploits:
Web Based:
These attacks differ hugely so the easiest thing to do is to read the NFO when using this kind of attack.
They usually come in the format
http://www.xxx.org/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*
The example is a SQL injection but XSS attacks looks very similar. All text after the view.php? is the sploit. The exploit occurs in the way that the PHP handles the information being sent by the HTML.
To use these you just paste everything from http://www.xxx.org/ into the browser address bar while on the vulnerable page of the website.
For example: I am on the forums of a website at www.somewebsite.org/forums/. I know the exploit is in the format above. But, I know that the venerable part of the site is in the /forums/ sub directory so I paste the exploit there:
www.somewebsite.org/forums/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*
You can take this principle and apply it to XSS exploits as well.
To be a script you do not need to know SQL, but if you want to develop your own exploits it helps a great deal. Look here for more information: http://www.w3schools.com/sql/default.asp
PHP on Windows:
To run PHP on Windows, you need the PHP software. The is open source so free to download.
http://www.php.net/downloads.php
Download the latest version of the Windows binary installer and the zipped folder.
Run the installer, install it into C:PHP, choose not to configure a web server. Next, open the zip, extract everything into the same folder. Rename php.exe to php2.exe or php.exe.bak. Now copy the php.exe from the C:PHPCLI folder to C:PHP.
Right-click My Computer and pick properties. Click the Advanced tab, then the Environment Variables at the bottom. In the second list-box youâ??ll see a line for PATH. Double-click it and add to the end of the existing line â??;C:PHPâ?? This should give you something like:
Code:
C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;
C:Program FilesCommand;C:PHP
Click OK.
Now open a Command Prompt and type the following lines:
ASSOC .php=PHPScript
FTYPE PHPScript="C:PHPPHP.EXE" "%1" %*
You can now just type a PHP script name to run it like an EXE in Command Prompt. No need to type PHP first. For example:
Code:
C:>phpscript.php
Now you have got PHP environment set up save the exploit to your computer as a .php file. The easiest way to do this is to paste everything from the into notepad. Then File -> Save as and save as type All Files. then in the file name type exploit.php.
Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file
The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the '....' to the information relevant to the site that you are exploiting.
Finally you can run it on the command prompt but navigating to the directory that you saved the exploit.php file in.
C:> cd C:/your/dir/goes/here
and then run the exploit
C:/your/dir/goes/here> exploit.php
The output of your exploit, such as passwords, will be shown in the command prompt.
Your done
PHP on Linux (Debian/Ubuntu):
Firstly, become root. Then install PHP.
apt-get install php5
Then save the exploit as exploit.php to your home directory. The exploit is everything within .
Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file
The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the '....' to the information relevant to the site that you are exploiting.
Finally, run the php file.
php exploit.php
The output of your exploit, such as passwords, will be shown in the command prompt.
Your done
Perl on Windows:
Perl is very similar to PHP in the way that its run, but thanks to good software, it is a lot easier to execute.
Download Strawberry Perl from: http://strawberryperl.com/
Just install and you are able to run perl files by executing on the command line
perl exploit.pl
Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file
The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the "...." to the information relevant to the site that you are exploiting.
Finally run the exploit by typing into the command line:
perl exploit.pl
The output of your exploit, such as passwords, will be shown in the command prompt below.
Your done
Perl on Linux (Debian/Ubuntu):
Become root and install perl:
apt-get install perl
You are then able to run perl files by executing:
perl exploit.pl
Save the perl exploit to your home directory as exploit.pl.
Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
Code:
$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file
The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.
Change the text within the "...." to the information relevant to the site that you are exploiting.
Finally run the exploit by typing:
perl exploit.pl
The output of your exploit, such as passwords, will be shown in the command prompt below.
1 Comment
Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
**PRICE FOR ONE LEAD/FULLZ 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Minimum buy 25 to 30 leads/fullz
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Posted on October 14, 2020 at 8:16 PM