Thursday, March 31, 2016

intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army

Find uploaded cPanel Finder/Cracker script and find cracked cpanel :



cPanel Found = 0 : Search again...


intitle:Automatic cPanel Finder/Cracker | 3xp1r3 Cyber Army


About cPanel :


cPanel is a Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides capabilities for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.

filetype:asp intitle:" Microsoft Outlook Web Access"

Get access to "Microsoft Outlook Web Access" Panels :





filetype:asp intitle:" Microsoft Outlook Web Access"


About Microsoft Outlook Web Access :


Outlook on the web, previously called Exchange Web Connect, Outlook Web Access, and Outlook Web App in Office 365 and Exchange Server 2013) is a suite of Outlook web apps from Microsoft. It spans across Office 365, Outlook.com, Exchange Server, and Exchange Online. It includes a web-based email client, a calendaring tool, a contact manager, and a task manager. As of November 2015, Microsoft is in process of upgrading Outlook.com to Outlook on the web and the Office 365 infrastructure through the Outlook.com Preview It also includes add-in integrations, Skype on the web, and alerts as well as new themes that span across all the web apps. Ootw is navigated using the App Launcher icon which brings down a list of web apps for the user to choose from.

Friday, March 11, 2016

intitle:Mass Revslider Exl0it1ng

Find websites exploiting the Revslider plugin vulnerability :





intitle:Mass Revslider Exl0it1ng
intext:Mass Revslider Plugin Exl0it1ng
intext:IP Scanner Exploiter Find DB Panel Exploit Dorks Domains 2 IP

Find wordpress websites with the revslider plugin installed :

inurl:wp-content/plugins/revslider/
inurl:revslider
inurl:revslider_admin.php
inurl:revslider_front.php
inurl:plugins/revslider/
intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"

About the Revslider vulnerabilities :

CVE-2015-5151 : Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.

CVE-2014-9735 : The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to upload and execute arbitrary files via an update_plugin action; delete arbitrary sliders via a delete_slider action; and create, update, import, or export arbitrary sliders via unspecified vectors.

CVE-2014-9734 : Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a leak in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

Friday, March 4, 2016

Google Diggity Project

In the previous article, i observed one project, Google Diggity Project


Searching Google Diggity Project...



Leads to Google Hacking Diggity Project :


The Google Hacking Diggity Project is a research and development initiative dedicated to investigating Google Hacking, i.e. the latest techniques that leverage search engines, such as Google, Bing, and Shodan, to quickly identify vulnerable systems and sensitive data in corporate networks.


Sometimes, the best defense is a good offense. Bishop Fox’s attack tools for Google Hacking level the playing field by allowing our clients to find information disclosures and exposed vulnerabilities before others do. Arm yourself with our arsenal of attack tools that leverage Google, Bing, and other popular search engines.


Links :

  • http://www.bishopfox.com/resources/tools/google-hacking-diggity/
  • http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/
  • http://www.bishopfox.com/download/405/
  • http://www.aldeid.com/wiki/Google-hacking-diggity-project

Authors :

- Stach & Liu.
- Bishopfox.com

Google Dorking from Webopedia view

Google Dorking From webopedia view


Google Dorking is a term that refers to the practice of applying advanced search techniques and specialized search engine parameters to discover confidential information from companies and individuals that wouldn't typically show up during a normal web search.


Hackers can use Google Dorking tactics to reveal information that companies and individuals likely intended not to be discoverable through a Web search. This information can include account usernames and passwords, customer and partner lists and details, sensitive and private documents, account details, website vulnerabilities for potential cyber attacks and more. Hackers also have an array of freely available online tools they can use to run automated scans that execute multiple Google Dorking queries, enabling them to more efficiently conduct their dorking efforts.

Feds Warn Businesses About Google Dorking



In July 2014 the U.S. Feds issued a warning to companies in the United States to increase vigilance for Google Dorking activity by hackers, or "malicious cyber actors" as the bulletin refers to them.

The bulletin also recommended utilizing sites and tools like the Google Hacking Database, the Google Diggity Project and Google Webmaster Tools to help identify and prevent the potential for Google Dorking attacks.

inurl:webopedia & google dorking & googledorking