How to Hack webisites using IIS exploit

How to Hack webisites using IIS exploit

Website RaviTeja   11:12:00 AM

Yes, Now you can actually hack some websites using IIS.

1. Open My computer and right click any where and select add network location.
2. Press NEXT
3. Click on "Choose a custom network location" and hit next.
4. A window will open in which you need to add website which is vulnerable to IIS. For Example : www.globalsoftbay.tk
5. Now press NEXT after that again press next .
6. After that open that web folder [it will be somewhere like Network --> Website Name] and add your Deface page :)
7. Enjoy ! :P

Some websites vulnerable to this exploit now are :

• http://ayatolahkhamenae.parniansis.com
• http://bahadori1.parniansis.com
• http://beheshti.parniansis.com
• http://beheshti1.parniansis.com
• http://bentolhoda1.parniansis.com
• http://bitaraf.parniansis.com
• http://derakhshan.parniansis.com
• http://derakhshan1.parniansis.com
• http://derakhshan2.parniansis.com
• http://derakhshan3.parniansis.com
• http://ebnesina.parniansis.com
• http://emamali.parniansis.com
• http://emkhaleghiyeyzd.parniansis.com 
• http://365tg.net
• http://8090gogo.com
• http://99zs.net
• http://bbs.365tg.net
• http://bbs.ttroad.com
• http://fyuser.fy768.com
• http://shop.365tg.net
• http://sys.lubooil.com
• http://tg.feitengcar.com
• http://www.365tg.net
• http://www.99zs.net
• http://www.fy768.com
• http://www.shop574.com
• http://www.ttroad.com
• http://hellen.9s6.com
• http://hanhua.9s6.com
• http://auditeur.lexbase.fr
• http://axoneservices.com
• http://armor.icor.fr
• http://perros-guirec.icor.fr

If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged

WordPress Security Vulnerability Scanner v.1.1

WordPress Security Vulnerability Scanner v.1.1

WordPress RaviTeja   11:02:00 AM

 WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Official Changelog For WPScan v.1.1 :-

•     Detection for 750 more plugins.
•     Detection for 107 new plugin vulnerabilities.
•     Detection for 447 possible timthumb file locations.
•     Advanced version fingerprinting implemented.
•     Full Path Disclosure (FPD) checks.
•     Auto updates.
•     Progress indicators.
•     Improved custom 404 checking.
•     Improved plugin detection.
•     Improved error_log checking.
•     Lots of bugs fixed. Lots of small tweaks.

If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged

Facebook and Amazon are storing variant passwords

Facebook and Amazon are storing variant passwords

Vulnerability RaviTeja   9:26:00 PM

Yes. I mean it. The support for the title is as below.

Facebook is storing the users' passwords in 3 forms.I've tried this too. You can use any of these to login to your Facebook account. The forms are :

1. Original password. (say "passWord123")
2. First letter capitalized. ("PassWord123")
3. Reverse of capitalization i.e changing the case for all the letters. ("PASSwORD123")

The second type is for Mobile devices. Third type is also used in order to facilitate the user taking the caps-lock key into consideration i.e even if your caps-lock is on, you can enter your Facebook account by entering your password normally. The question here is "Is this a bug?" My answer is "It doesn't matter" why beacuse, this is purely to facilitate the users. But coming to bruteforce attacks, this raises the vulnerability level to 3 times.

Now, coming to Amazon it uses similar concept but not completely like Facebook. 

This is the link for the article about this. I didn't try this yet. Please let me know through your valuable comments if anything is wrong.

If you enjoyed this post, make sure you subscribe to my RSS feed!