tag:blogger.com,1999:blog-49496550477175024152024-11-01T12:03:37.976+01:00FlashcRew is a Pentester Group and this blog is all about Pentesting and inner peace,This site mainly concentrates on Ethical hacking and Programming languages ,Exploits , VAPT, Vulnerability,Black Box, White box Testing and Malware analysis.FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.comBlogger101125tag:blogger.com,1999:blog-4949655047717502415.post-4917438170156436422015-02-21T13:18:00.002+01:002015-02-21T13:18:11.776+01:00

A simple automated perl script for MiTM ( man-in-the-middle ) attacks. Works on linux as a root user , combinied with sslstrip and arpspoof. Idea of the script it's simply to spy traffic over your network connected devices. The can be found on github  Juli And this is the offical blog post of Juli Script

Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-87146766708857280262012-10-28T18:58:00.001+01:002013-02-26T17:03:00.592+01:00

By a frend, 0x0 -=-=-=-=-=-=-=-= Some skids leaked download link so why dont i share myself Author: 0x0 I would like to give credits to: DevilzCode (perl symlink script) Syrian Shell (ddos & zone-h) x-h4ck (Cloudflare ip finder) Features 3 login attemps ready commands execute command create file chmod file file manager view file download rename delete upload (choose dir) turn off

Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-4949655047717502415.post-54904532760036426752012-10-02T03:14:00.000+02:002012-10-02T04:00:36.916+02:00

SQLi Dumper - Advanced SQL Injection\Scanner Tool Designed to be automated to find and exploit  web security vulnerabilities in mass.It is robust,  works in the background threads and is super faster. Uses an advanced search engine with seven  different online search services (Google, Yandex, Bing, Yahoo, Sapo, Altavista and Terravista). SQLi Dumper Features: -Suports Multi

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com6tag:blogger.com,1999:blog-4949655047717502415.post-57060735801134672772012-08-13T23:59:00.000+02:002012-08-22T09:44:41.497+02:00

MySQLi Dumper is an advanced automated SQL Injection tool dedicated to SQL injection attacks on MySQL and MS SQL. It is designed to be automated to find and exploit web security vulnerabilities in mass. It Is robust, works in the background threads and is super faster. The power of MySQLi Dumper that makes it different from similar tools: -Suports Multi. Online search engine (to find the

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com1tag:blogger.com,1999:blog-4949655047717502415.post-29598724062657625752012-05-22T14:46:00.000+02:002012-05-22T14:46:16.753+02:00

Let's go with next method of symlink server bypassing , like u see and into before post now i will explain a new trick with an other tool. http://www.flashcrew.in/2012/05/server-bypass-via-symlink-jumping-in.html ------------------------- Here we will talk about an other tool who use python permission to read other folders/ files in same server. Tool called xplor.py and here it's the source &

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com1tag:blogger.com,1999:blog-4949655047717502415.post-1967074521343662842012-05-22T14:25:00.000+02:002012-05-22T14:32:15.659+02:00

As we all know, symlinking it's on of greates methods for bypassing server security, mean to read files of other site in same shared host. For getting success with this tutorial are required the following things: Python Installed on Server b374k.php shell And some scripts u will see below. This idea have start from devilzc0de geeks and let me explain how it work. here we are in folder /var/

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com4tag:blogger.com,1999:blog-4949655047717502415.post-90309277282446064222012-05-21T15:00:00.002+02:002012-05-21T15:01:07.833+02:00

Tell me who like trance music? Songs like this one can be used in replacment of drugs :p Enjoy it with listening with MAX Volume

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-77082648736783210832012-05-21T14:33:00.000+02:002012-05-21T14:33:22.434+02:00

Carbylamine PHP Encoder is a PHP Encoder to 'Obfuscate/Encode' PHP File, Faster way to encode your malwares offline. How to use: carbylamine.php Download carbylamine Home project it's here  

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com2tag:blogger.com,1999:blog-4949655047717502415.post-29652514732311041842012-05-20T14:00:00.000+02:002012-05-20T14:09:28.077+02:00

sqliChecker it's a mass list sqli vulnerabilty checker who detect vuln sites from a text file in multiple database types like Mysql, Mssql, Msaccess, Oracle. Automaticly remove duplicated sites. Simple script and easy to use. python sqliChecker.py vulnlistfile.txt        #!/usr/bin/python # This was written for educational purpose and pentest only. Use it at your own risk

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com3tag:blogger.com,1999:blog-4949655047717502415.post-9366474008799366192012-05-08T06:01:00.000+02:002012-05-08T06:01:37.073+02:00

This is a detailed discussion of the generic PHP-CGI remote code execution bug we found while playing Nullcon CTF. We found that giving the query string ‘?-s’ somehow resulted in the “-s” command line argument being passed to php, resulting in source code disclosure. We explored this bug further and managed to improve our exploit to remote code execution, and trace the bug to a PHP commit in

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-32338997865339888822012-04-25T23:52:00.000+02:002012-04-25T23:52:03.649+02:00

    Metasploit Templates Metasploit creates executable files by encoding a payload and then inserting the payload into a template executable file. The templates are in the data/templates folder. Metasploit includes templates for Windows, Mac, and Linux, templates for x86, x86_64, and ARM, and a template for Windows services. If you look in the data/templates/src folder you

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-54601225985151594902012-04-25T15:42:00.002+02:002012-04-25T15:42:41.949+02:00

Russian cybercrime investigation and computer forensics company and LETA Group subsidiary Group-IB released a 28-page report prepared by analysts from its computer forensics lab and its CERT-GIB unit on the Russian cybercrime market in 2011. The report outlines the main risks associated with various types of hacker activities, analyzes the main trends in the development of the Russian

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-68125055075334938072012-04-20T14:40:00.002+02:002012-04-20T14:46:17.302+02:00

This posts focuses on analyzing entropy and inline password resets, two major problems with forgot/reset password functionality. To do this, we have to automate both requesting a forgot password hundreds of times and parsing thru all of the e-mails we receive. Thanks to the recently added macro support now available in Burp (thanks PortSwigger), less effort is required on our part when an

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-87458418037229345582012-04-16T15:37:00.003+02:002012-04-16T15:41:53.108+02:00

The aim of this tool is to find viral signature for your legal programs like other programs that do this job you have to scan produced file and find the smallest range features: start/end offset (hex/decimal) : Header/Sections+EOF/ALL/User values Random and Not filling Unknown size method (beta) : (sign begin/sign end/ud byte) scan with a command line AV show undetected range(s) (double click

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com1tag:blogger.com,1999:blog-4949655047717502415.post-16876320361111838542012-04-13T00:20:00.001+02:002012-04-13T00:27:32.055+02:00

This is a simple script that leverages nmap to scan for RDP-Server. #!/bin/bash # # rdpScan - scan a network segment for RDP-Server # author: silverstoneblue@gmx.net # requires: fgrep awk nmap scriptname="rdpScan" version="1.0" rdpips="/tmp/tmprdp.$$" declare -i rdpfound=0 function is_installed { which $1 > /dev/null 2>&1 if [ $? -ne 0 ] then printf "\nERROR:

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-21419360141575352732012-04-13T00:09:00.000+02:002012-04-13T00:12:59.870+02:00

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. #!/usr/bin/python # This was written for educational purpose and pentest only. Use it at your own risk. # Author will be not responsible for any damage! # !!! Special greetz for my friend sinner_01 !!! # Toolname : darkd0rk3r.py # Coder : baltazar a.k.a

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com7tag:blogger.com,1999:blog-4949655047717502415.post-57653213710696585022012-04-02T19:29:00.000+02:002012-04-02T19:29:16.714+02:00

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line.  GooDork offers powerful use of Google’s search directives, by analyzing results from searches using regular expressions that you supply. So basically the purpose of GooDork is to combined Dorking with Regular Expressions. GooDork allows you

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-75089599633589173462012-03-16T18:34:00.003+01:002012-03-17T00:35:36.282+01:00

Here u will learn a nice tric to shutdown your Windows PC with a text message. With an add-on and a few tweaks, it is possible configure this, with a portable copy of Mozilla Thunderbird. This should take < 10 minutes to set up and configure. Step 1 - Get thunderbird portable Download a copy of portable thunderbird: http://portableapps.com/apps/internet/thunderbird_portable and extract

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-69751911330170493352012-03-09T19:47:00.000+01:002012-05-26T21:23:53.154+02:00

Here it's the last cracked app from Exidous, Havij 1.52 Pro . Now will work with more and more sites .. Register it on name: Cracked@By.Exidous Links Updatet, Now Work 100% :) Download http://www.sendspace.com/file/m4hqia Lic file http://www.sendspace.com/file/r5ifpoOCX Files http://www.sendspace.com/file/gwl2cd Thanks to Exidous :)

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com16tag:blogger.com,1999:blog-4949655047717502415.post-85834614161943552632012-02-16T20:27:00.000+01:002012-02-16T20:27:51.760+01:00

mywisdom blog: bypass disable php function, disable cgi python, c...: bypass disable function, disable cgi python, cgi perl di target dg cgi bin by: ev1lut10n yup kali ini akan kita mainkan salah satu dari ...

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com1tag:blogger.com,1999:blog-4949655047717502415.post-20462991820979224772012-02-16T20:25:00.000+01:002012-02-16T20:25:46.611+01:00

Armin Van Buuren - Mirage

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-73119013390844936772011-12-22T15:34:00.001+01:002011-12-25T03:46:16.163+01:00

Com and get easy our news in the biggiest social communtys Follow us on Facebook and Google+ http://www.facebook.com/TheFlashcRew https://plus.google.com/b/115907849457010508518/

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-72853919152809002732011-12-21T18:40:00.003+01:002011-12-21T18:49:45.434+01:00

Phone Verify / Social Engineering via Phone to get Admin. ---------------------------------------------- Ok.. Simple tutorial..its hardly a tutorial. This is just to people that don't understand what a Phone Verify is. When you card a shop they sometimes call to verify the order and ask some details about the order and maybe some card details. How do we do this.. Well there are 2 ways..1

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-84917996431291127712011-12-21T18:39:00.001+01:002011-12-21T18:50:03.397+01:00

What Is Spoofing Caller ID? Caller ID spoofing is the practice of causing the phone network to display a number on the recipient's caller ID display/phone display which is not that of the actual originating station. Just like email spoofing you can set a spoofed email that will be sent to a victim ; example: billgates@microsoft.com. But instead of email this is the Phone Network caller ID

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0tag:blogger.com,1999:blog-4949655047717502415.post-84205318616823917952011-12-20T22:19:00.000+01:002011-12-20T22:19:57.650+01:00

DISCLAIMER All information provided are for educational purposes only. It is not an endorsement to undertake hacking activity in any form (unless such activity is authorized). Tools and techniques demonstrated may be potential damaging if used inappropriately. All characters and data written on this post are fictitious. The Remote Desktop Protocol is often underestimated as a possible way

FlashcRewhttp://www.blogger.com/profile/04773187724752257936noreply@blogger.com0