Hacking is illegal. I take no responsibility what you do with this information. For educational purposes only.
A portable <.php> website hacking tool box packed with some useful tools and shells to help you hack more websites.
>Just upload it like you would any php shell.
►Featured Tools & Shells:
- • Login Page:
Just in case someone comes across this through a public directory.
- • Admin Page Finder:
This tool is used to scan for administration panels.
- • BING Dork Scanner:
This tool is used to scan dorks on BING search engine for any SQLi vulnerabilities.
- • CMS Sacnner:
This tool scans a target for installed plugins and gives you a exploit-db link for that vulnerable plugin.
- • LFI Scanner:
This tool scans a target for any LFI vulnerabilities then let’s you inject different payloads.
- • myBB Scanner:
This tool let’s you scan a mybb target for 21 known vulnerabilities.
- • Prestashop Exploiter:
Add Testimonial Exploit.
- • Revslider Scanner:
This tool let’s you scan multiple WordPress sites at once for the vulnerable revslider plugin, then helps you exploit it.
- • Vuln Scan:
This tool let’s you somewhat scan multiple websites/IP for vulnerabilities, then displays results to go through manually.
- • Vuln Inject:
This tool has several features but the one that stands out the most is the Error based & Union SQLi injector.
- • Host Scan:
This tool let’s you scan any host, then displays the results.
- • Reverse IP:
This tool let’s you scan a server/IP for any other websites that are being hosted on the same server.
- • Ddoss3r:
This tool uses multiple ddosing methods to kill target.
- • Inbox Mailer -Gmail:
This tool let’s you bomb/spam any Gmail ‘inbox’.
- • Spoof Mailer:
This tool let’s you spoof your outging email address. ex:<[email protected]>
- • 404 Shell:
This shell has a hidden login feature for better stealth.
- • Mini Shell:
This shell is small in size making it easier to upload when other shells won’t load.
- • Obfuscated Shell:
Some servers will detect the malicious code within your shell preventing a successful upload. Sometimes you can bypass this by obfuscating the souce code.
- • Symlink Shell:
This shell will automatically symlink to any other websites being hosted on the server if /var/named or etc/named.conf is accessible.
- • CGI Shell:
If .php extensions are blocked/disabled, you can try to use a cgi shell.
- • IndoXploit Shell:
This shell has many unique features, but the ones that stands out the most are…
• Configuration Grabber:
Will check a compromised server for any other sites being hosted then exploit them if /var/named or etc/named.conf is accessible.
• cPanel Crack:
Will attempt to crack any cPanels being hosted on a compromised server.
• SMTP Grabber:
Will attempt to crack any smtp account hosted on a compromised server.• RDP Shell:
Will attempt to create an RPD account on a Windows server.
- • Adminer -MySQL Manager:
Ghostbin Password: legends4lyfe
Legends Shell = opensaysme
404 shell = playtime2
IndoXploit Shell = IndoXploit