Time to go.

So much to do, so little time – to those who give a fuck.

People come and go but they’re all useful, that took me a while to realize, that I should always be thankful because knowledge is worth it and everyone has something to teach.

I thank everyone I met since dotcppfile showed up, usually my memory doesn’t fail me, so I truly mean it when I say all those I’ve discussed with, mentioned, talked to, worked with, fought, loved and even hated.

I’ll keep the promises I made, too bad I can’t talk to you all again individually because that would take a lot of time, something my brothers and I are running out of, no need to make assumptions or even worry because we stand strong and things can’t get any better, it’s simply time to go.

That’s enough,
dotcppfile.

DAws – New Release – 5/11/2015

Hello,

Here comes the new release of DAws after few days of hard work, I added some extra and useful features to it, took in consideration a lot of suggestions and most of them are part of DAws now, increased Windows support and fixed a lot of bugs.

DAws is getting better with time and I hope that you’re all enjoying its usage.

I appreciate all the support and that’s keeping the project alive.

Enough with the sensitive and dramatic speech, lets get to them updates already:
Continue reading “DAws – New Release – 5/11/2015”

DAws – New Big Release – 22/5/2015

About
There’s multiple things that makes DAws better than every Web Shell out there:

  1. Bypasses Security Systems using various methods.
  2. Drops CGI Shells and communicate with them to bypass Security Systems.
  3. Uses the SSH Authorized Keys method to bypass Security Systems.
  4. Uses Shellshock to bypass Security Systems.
  5. Is completely Post Based and uses a XOR Encryption based on a random key that gets generated with every new session + private base64 functions to bypass Security Systems.
  6. Supports Windows and Linux.
  7. Find a writeable and readable directory and moves there if it’s a web directory.
  8. Drops a php.ini and a .htaccess file that clears all disablers incase “suphp” was installed.
  9. Has an advanced File Manager
  10. Mostly everything is done automatically (when it comes to command or script execution)
  11. Open Source
  12. and much more (check the source for more information; everything is well commented)

Github:
https://github.com/dotcppfile/DAws/

How does Xpath Injection Work + Modifications – Explained

Hello everyone,

Well it’s been a while since I’ve posted something so here we go.

I’ve been in a lot of different hacking communities for a long time and as usual most of them are filled with skids that would only memorize the queries shared by others, so if you’re one of these ones looking for a “new l337 query to hax0r everybody” then get out of here.
Continue reading “How does Xpath Injection Work + Modifications – Explained”

INSERT Statement Sql Injection – Advanced – Tutorial

Hello everyone,

My friend Cyde and I have been looking at a project it’s been few days and we found a lot of Sql Injection vulnerabilities where most of the statements where INSERT Statements and not the usual SELECT. Now I know that most people think that these kinds of injections are difficult and hard to deal with and that’s why in this Tutorial I’ll explain how to handle 4 different techniques of injection.

The information

  • Database/Table

Screenshot from 2015-02-24 17:12:56 Continue reading “INSERT Statement Sql Injection – Advanced – Tutorial”

Serbot – Advanced Controller/Server/Client Reverse Shell/Bot – Windows/Linux – Python

Hello everyone,

rsz_1rsz_serbot

Serbot is hot, keep reading Lol.

So, lets just get to the point, I’ve showed you Awrs and what it’s capable of, considered as one of the best Reverse Shells I’ve decided to Update Awrs and create Serbot and no, it’s not what you think Lol.

Continue reading “Serbot – Advanced Controller/Server/Client Reverse Shell/Bot – Windows/Linux – Python”

Awrs – Advanced Client/Server Windows/Linux Python Reverse Shell

Hello everyone,

Well, it’s been a while and I’ve decided to create this. I had bigger plans but sadly I have no time to get more into it so I’ll just leave it here.

So we’ve seen Reverse Shells out there, some created with msfpayload or done threw netcat etc, and problems were just flowing out of these because dealing with reverse shells wasn’t that simple at all, many different problems were just flowing out of nowhere:

Continue reading “Awrs – Advanced Client/Server Windows/Linux Python Reverse Shell”

CppSqlInjector vs Sqlmap – Speed Test

Hello everyone,

If there’s something that matters when doing a Blind Sql Injection, that would be time, and that is why I’ve been working on CppSqlInjector it’s been a while.

CppSqlInjector is a Sql Injection tool programmed C++. It uses the Blind Boolean Based Sql Injection Method.
It’s available on Windows, Linux and it’s completely free.

Here’s a video showing how fast CppSqlInjector compared to Sqlmap:
Continue reading “CppSqlInjector vs Sqlmap – Speed Test”

Sql Injection in a Download PHP Script leading to LFI – Tutorial

Hello everyone,

The title says it, we’re going to sql inject a vulnerable Download PHP Script which will allow us later on to read files on the server.
This whole thing started with a Challenge posted on HF by SirRootALot and was only solved by 2 members including me which is kind of awkward and since a lot of people asked for an explanation I decided to make a tutorial.
Continue reading “Sql Injection in a Download PHP Script leading to LFI – Tutorial”