Made Your Debian 8.0 Such As Operating System for Hacking

Hey, I want to post about Operating System for Hacking. Generally you can use like as Linux Times, Backbox, DracOs, Parrot, etc. But in case, I want my debian OS such as kali linux even though this is standard. You can refer into "https://tools.kali.org/tools-listing", to choose tool which one you want. Basically I need Nmap, Metasploit, DnsEnum, SQLMap, Hydra, Nikto, etc. In this, I want install Nmap, Nikto, SQLMap and Metasploit, so check this command: The first: # apt-get update The second (SQLMap): # sudo apt-get install git # git clone...

Read More

CSRF / Privilege Escalation (Manipulation of Role Agent to Admin) on Faveo version Community 1.9.3

Exploit Title: CSRF / Privilege Escalation (Manipulation of Role Agent to Admin) on Faveo version Community 1.9.3 Date: 05-April-2017 Exploit Author: @rungga_reksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link: https://codeload.github.com/ladybirdweb/faveo-helpdesk/zip/v1.9.3 Version: Community 1.9.3 Tested on: Windows Server 2012 Datacenter Evaluation CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L...

Read More

Multiple CSRF / Code Execution Vulnerability on HelpDEZK 1.1.1

# Exploit Title: Multiple CSRF / Code Execution Vulnerability on HelpDEZK 1.1.1# Date: 05-April-2017# Exploit Author: @rungga_reksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy# Vendor Homepage: http://www.helpdezk.org/# Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1.1# Version: 1.1.1# Tested on: Windows Server 2012 Datacenter Evaluation# CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 - CRITICAL)I. Background:HelpDEZk...

Read More

Remote File Upload Vulnerability in File Manager Pixie 1.0.4 With Low Privilege

# Exploit Title: Remote File Upload Vulnerability in File Manager Pixie 1.0.4 With Low Privilege# Google Dork: no# Date: 02-April-2017# Exploit Author: @rungga_reksya, @dvnrcy, @dickysofficial# Vendor Homepage: http://www.getpixie.co.uk# Software Link: https://us.softpedia-secure-download.com/dl/44791fdde14260bc7a8d08df65bcd048/58db4b5c/700044699/webscripts/php/pixie_v1.04.zip# Version: 1.0.4# CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (7.5 - HIGH) #...

Read More

Multiple XSS Vulnerability on Pixie 1.0.4

# Exploit Title: Multiple XSS Vulnerability on Pixie 1.0.4# Google Dork: no# Date: 29-03-2017# Exploit Author: @rungga_reksya, @dickysofficial# Vendor Homepage: http://www.getpixie.co.uk# Software Link: https://us.softpedia-secure-download.com/dl/44791fdde14260bc7a8d08df65bcd048/58db4b5c/700044699/webscripts/php/pixie_v1.04.zip# Version: 1.0.4# Tested on: Windows Server 2012 Datacenter EvaluationI. Background:Pixie is a free, open source web application that will help quickly create your own website. Many people refer to this type of software as...

Read More

Remote File Upload Vulnerability in b2evolution 6.8.8

# Exploit Title: Remote File Upload Vulnerability in b2evolution 6.8.8# Google Dork: no# Date: 14-03-2017# Exploit Author: @rungga_reksya, @dvnrcy, @yokoacc# Vendor Homepage: http://b2evolution.net# Software Link: http://b2evolution.net/downloads/6-8-8?download=6883# Version: 6.8.8 Stable# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : noI. Background:b2evolution is a tool that allows you to build your own website. This ranges from just...

Read More

XSS Vulnerability on Agora-Project 3.2.2

# Exploit Title: XSS Vulnerability on Agora-Project 3.2.2# Google Dork: no# Date: 23-02-2017# Exploit Author: @rungga_reksya, @AdyWikradinata, @yokoacc# Vendor Homepage: https://www.agora-project.net# Software Link: https://www.agora-project.net/?ctrl=offline&action=download# Software Link Mirror: https://jaist.dl.sourceforge.net/project/agora-project/agora_project_3.2.2.zip # Version: 3.2.2# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : CVE-2017-6559, CVE-2017-6560, CVE-2017-6561, CVE-2017-6562I. Background:Agora-Project is a...

Read More

Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1

# Exploit Title: Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1# Google Dork: no# Date: 11-03-2017# Exploit Author: @rungga_reksya, @dvnrcy# Vendor Homepage: http://www.fiyo.org# Software Link: https://sourceforge.net/projects/fiyo-cms# Version: 2.0.6.1# Tested on: Windows Server 2012 Datacenter Evaluation# CVE : CVE-2017-6823I. Background:Fiyo CMS dikembangkan dan dibuat pertama kali oleh mantan seorang pelajar...

Read More

Information Security Look Like Football

Information security inside an organization look like a football game. Each person has different role and responsibility but having a common goal. The goal is to securing data and information of organization from technical level to strategic level. We can map the roles exists in football to each member of IT security team, such as: - The goal keeper and defender, they are the sysadmin and infrastructure network team. Protecting the assets...

Read More