Time to go.

So much to do, so little time – to those who give a fuck.

People come and go but they’re all useful, that took me a while to realize, that I should always be thankful because knowledge is worth it and everyone has something to teach.

I thank everyone I met since dotcppfile showed up, usually my memory doesn’t fail me, so I truly mean it when I say all those I’ve discussed with, mentioned, talked to, worked with, fought, loved and even hated.

I’ll keep the promises I made, too bad I can’t talk to you all again individually because that would take a lot of time, something my brothers and I are running out of, no need to make assumptions or even worry because we stand strong and things can’t get any better, it’s simply time to go.

That’s enough,

DAws – New Release – 5/11/2015


Here comes the new release of DAws after few days of hard work, I added some extra and useful features to it, took in consideration a lot of suggestions and most of them are part of DAws now, increased Windows support and fixed a lot of bugs.

DAws is getting better with time and I hope that you’re all enjoying its usage.

I appreciate all the support and that’s keeping the project alive.

Enough with the sensitive and dramatic speech, lets get to them updates already:
Continue reading “DAws – New Release – 5/11/2015”

DAws – New Big Release – 22/5/2015

There’s multiple things that makes DAws better than every Web Shell out there:

  1. Bypasses Security Systems using various methods.
  2. Drops CGI Shells and communicate with them to bypass Security Systems.
  3. Uses the SSH Authorized Keys method to bypass Security Systems.
  4. Uses Shellshock to bypass Security Systems.
  5. Is completely Post Based and uses a XOR Encryption based on a random key that gets generated with every new session + private base64 functions to bypass Security Systems.
  6. Supports Windows and Linux.
  7. Find a writeable and readable directory and moves there if it’s a web directory.
  8. Drops a php.ini and a .htaccess file that clears all disablers incase “suphp” was installed.
  9. Has an advanced File Manager
  10. Mostly everything is done automatically (when it comes to command or script execution)
  11. Open Source
  12. and much more (check the source for more information; everything is well commented)


How does Xpath Injection Work + Modifications – Explained

Hello everyone,

Well it’s been a while since I’ve posted something so here we go.

I’ve been in a lot of different hacking communities for a long time and as usual most of them are filled with skids that would only memorize the queries shared by others, so if you’re one of these ones looking for a “new l337 query to hax0r everybody” then get out of here.
Continue reading “How does Xpath Injection Work + Modifications – Explained”

INSERT Statement Sql Injection – Advanced – Tutorial

Hello everyone,

My friend Cyde and I have been looking at a project it’s been few days and we found a lot of Sql Injection vulnerabilities where most of the statements where INSERT Statements and not the usual SELECT. Now I know that most people think that these kinds of injections are difficult and hard to deal with and that’s why in this Tutorial I’ll explain how to handle 4 different techniques of injection.

The information

  • Database/Table

Screenshot from 2015-02-24 17:12:56 Continue reading “INSERT Statement Sql Injection – Advanced – Tutorial”

Serbot – Advanced Controller/Server/Client Reverse Shell/Bot – Windows/Linux – Python

Hello everyone,


Serbot is hot, keep reading Lol.

So, lets just get to the point, I’ve showed you Awrs and what it’s capable of, considered as one of the best Reverse Shells I’ve decided to Update Awrs and create Serbot and no, it’s not what you think Lol.

Continue reading “Serbot – Advanced Controller/Server/Client Reverse Shell/Bot – Windows/Linux – Python”