Follow us on Twitter!
Don't judge the unknown - Grindordie
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 23
Members Online: 0

Registered Members: 82832
Newest Member: SerMSYS
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Xpl0it3r 1.4.8A + SQL Brute Forcer!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-08 06:22
Welcome to the tutorial

(A) Main Configuration

-This panel is for the basics of the attack
----------------------------------------------------------------------------------
Exploit: This field is what will be added to the end of the URL. Lets say I put

the value at "l3vel".

http://target.com/vuln.php?var=
becomes
http://target.com/vuln.php?var=l3vel
----------------------------------------------------------------------------------
Scan Code(Code Snippet)

Basically if the URL source code doesnt contain this snippet it is ignored. So I

would goto your shell and click "View Page Source" and get a piece of html from

there. For LFI's or other exploits you can also put error messages or anything

that means it is exploitable.

----------------------------------------------------------------------------------

Google D0rk: The string that will be searched in google
Results Per Page: Sets how many results on google to show per page
__________________________________________________________________________________

(B) Regular Expressions

Target Parse RegEx:
Basically I use regular expressions on each of the results to remove the crap

after the = sign. You can use this to get any part of the URL you want. I used a

weak one you can make your own using RegEx Buddy (warez-bb ftw?) Any URLS that

don't match the regex in anyway are removed from the target list.

With mine (not perfect only works on some URLS)

http://somesite.com/somepage.php?somevar=omg&somthingelse=watever

Becomes:
http://somesite.com/somepage.php?somevar=
__________________________________________________________________________________

(C)Attack Manager(Where The Magic Happens)

-This allows you to begin the attack after all the fields in (A) and (B) are

filled in.

----------------------------------------------------------------------------------

Browse: Simply navigates the webbrowser (G) to the search page with the dork you

typed in

----------------------------------------------------------------------------------

Harvest Links: A rather important part. It will grab all the links from the page

(minus google links) and add them to the results tab(F). You should do this for

many different pages if you are targeting a single website or just a lot of pages

on the the search engine.

----------------------------------------------------------------------------------

Make Target List: Using the regular expression it will parse through the results

tab and add good clean and ready to use ones to the target list.

----------------------------------------------------------------------------------

Exploit Scan(RFI Search): Gets every url and adds whatever you put as Exploit(A)

to the end and tests the page if it contains the text from Scan Code(A).

----------------------------------------------------------------------------------
__________________________________________________________________________________
Sections (D) and (E) are not done yet. Just remember targets always have to be

cleaned urls for example:

http://somesite.com/hax.php?somthing=
or
http://somesite.com/hax.php?somthing=1&another=

jsut make sure its ready so the it can get w/e u put as a Exploit(A) added to the

end and load up.

__________________________________________________________________________________

(F)

Very simple section where all URLS are stored. You can right click on the

listboxes and get options.

Google Results: Results from google

Target URLS: Cleaned urls to be tested

Found Exploits: Links to found exploits

__________________________________________________________________________________
(G)
The webbrowser


__________________________________________________________________________________


Enjoy,

{Petros}
www.l3vel-69.net


(C)2007 Petros

For Source Code PM Petros


Download link: http://www.sendspace.com/file/235jfz

www.imgpig.com/uploads/55609_pic1.png

www.imgpig.com/uploads/2770_pic2.png

www.imgpig.com/uploads/23010_pic3.png

Regards, L3vEL-69