Monday 5 August 2013

PHP Web Shell

Labels: , , ,
This shell has a very good reputation due to its huge use in various ways. It claims to be Fully UnDetectable from various web search engine robots and now you can use it for many attacks once uploaded on a web server.
The below Page Not Found condition is automatically displayed like This
Almost people who are surfing over the Internet will think Oh! shit... I' m requesting the page that is no longer or not there. so this is why I'm getting 404 not found Error. That's okay let me get out from here
However most people will think that this is an error from a web server, the impression is very much deceiving! this a 404 web shell. The owner have to click somewhere in the center of the page and get this awesome input field and you are required to input your password. on this Shell use '$h4!!' without those single quotes  





Wow! now this is what you will get after entering the password.
So now, everything is in front of the attacker, from where he can lodge loads of malicious attacks without even getting noticed.
This has been released by M0z@r and can be used for various way of  studying or web server pentesting.
Download it from here!: 404 WebShell

Disclaimer: This is for educational purpose and to make you aware of the scenarios of various different security breaches. The administrator  of whitehatrwanda blog  will not be responsible for any misuse of this content.
Posted by at No comments:

Tuesday 19 March 2013

11 Steps to enhance Social Networking Sites (SNS) Security

1. Make your password complex using numbers, upper case, Lower case, special character for ex. F@c3b00k$3cur!tY

2. Your password shouldn't be same with other SNS's

3. Your E-mail id password must be different from SNS's.

4. Avoid Using Facebook Apps & if you find something like watch this video Obama died never click on the link better google about that video it must be scam to trick you.

5. Never ever reveal your password to anyone including spouse, girlfriend, best friend, parents etc. this is your privacy don't compromise it.

6. Facebook, Twitter, etc. SNS even bank Websites never ask for password through mail so just be careful with these kind of mails its just social engineering attack.

7. Completely avoid using SNS's at public place like cafe, Airport, CCD's there security is often very poor.

8. For Girls you can call it orthodox thinking but be careful while adding any stranger in your friend list avoid adding any stranger change your privacy settings don't let anyone post on your timeline, tag you etc.

9. Do check URL in address bar while signing up is it fake or original even then the URL is correct and you failed singing in or it takes you to other page change the password immediately. Its called as Advance Phishing attack.

10. Worse case URL is correct you are logged in as well and you are hacked as well. Big Problem!! This is called double redirection Phishing attack to verify this either check source code of webpage or carefully check the processing in left bottom corner (in Chrome) of page on which websites it is linking up you will come to know that its fake one if it is.

11. Normally Facebook identifies and block the URL over chat if it is vulnerable like session hijacking etc. but if fb or other SNS's are not blocking then don't open any strange link or if you are willing to open then open it in other browser & an updated version of Antivirus total security must be on your system.

Source RMAR Team
Posted by at No comments:
Subscribe to: Posts (Atom)