1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best SCRIPT resource ever.

Discussion in 'BlackHat Lounge' started by Axelian, Feb 28, 2009.

  1. Axelian

    Axelian Regular Member

    Joined:
    Jul 16, 2008
    Messages:
    404
    Likes Received:
    93
    Occupation:
    Web & Graphics
    Location:
    New York
    Home Page:
    Many of you probably already know about this place.

    Get scripts for your projects. Piece shit together ya know?

    But this is the best place to get nulled scripts from.

    Code:
    hxxp://scriptmafia.org/
     
    • Thanks Thanks x 6
  2. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    its a great site, just be sure to check your scripts thoroughly before using them, ive found some backdoors in there scripts before.
     
  3. manudevil20

    manudevil20 Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    695
    Likes Received:
    278
    Location:
    Idaho
    I have only gotten 1 script from them before and it didnt work properly. The script works fine but whoever nulled it wanted to advertise their own site and i dont know how to fix it.
     
  4. Axelian

    Axelian Regular Member

    Joined:
    Jul 16, 2008
    Messages:
    404
    Likes Received:
    93
    Occupation:
    Web & Graphics
    Location:
    New York
    Home Page:
    Yes some of the scripts need some doctoring on.
     
  5. bagging

    bagging Newbie

    Joined:
    Jan 15, 2009
    Messages:
    39
    Likes Received:
    29
    Location:
    Denmark
    Yes SM is a very nice site when looking for new scripts to test... Then if you happy with the script you can go on and get the real one. So you will get the future updates and security fixes... It has saved me so many bucks not buying all those bad junk scripts :D
     
  6. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    let's not share individual sites...

    just search "nulled scripts" and get whatever you want.

    @bagging: PLEASE. If people were planning on paying for the scripts they wouldn't be getting them for free or searching for them nulled in the first place. As for updates most people just get the updated nulled script. THINKING is POWER.
     
  7. foxler

    foxler Regular Member

    Joined:
    Mar 7, 2008
    Messages:
    279
    Likes Received:
    159
    marcuskona, or anyone else. What tools do you use to search for backdoors? What I do is I usually open all the files in notepad++ and do a manual quick lookover if i see anything bad. This doesn't work to well with scripts that have over 100 files and I know its pretty easy to look over something that is not supposed to be there. I used to have a php script that would search all files in a directory for a term I could put in the form box and would search for 'base64,include,www,http,com' and it would like to the file but I don't have this anymore, so any suggestions would help' :)
     
  8. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:

    there are many methods to use, including what you currently do, I do the same. There are a few steps I will take though that can save time when looking for backdoors,

    firstly, I look over the install file if included and see if there are any elements that need backtracing and 90% of the time, if there are backdoors you will find it.

    secondly, I look at the index file and backtrace any included files
    (eg: include_once('whatever.php'); or include "includes/whatever.php";)
    associated and see if there are any elements that need backtracing.

    in my experience, once I have completed these tasks, if everything checks out then most times the script is ok

    There are many other methods I use but these 2 mentioned above is always my first procedures.

    another more technical procedure I will look for involves using a find and replace program (i use phpdesigner 2008 because it allows searching of directories and is very fast)

    2 searches i will use are

    1.) mail($to,$subject,$message,$headers); (with variations because we dont want ANYTHING be mailed to anyone without our knowledge)

    2.) $_SESSION['whoami'] (not a common search, we dont want anyone to have the ability to execute a shell command, )


    anyway thats about it. :)



    hope this helps.
     
    • Thanks Thanks x 3
  9. foxler

    foxler Regular Member

    Joined:
    Mar 7, 2008
    Messages:
    279
    Likes Received:
    159
    Thank you, exactly what I was looking for, phpdesigner. For the searching the files.

    I also suggest any one that download scripts from sites like scriptmafia.org or any nulled script site to do some research making sure there is nothing that looks out of line. This is how you get your web account exploited and then people start uploading bad stuff and defacing your sites.

    marcuskona, does this seem like good enough list of terms to search for to you, am I missing any?
    base64,rot13,www,http,com,require,include,fopen,curl,mail,exec,system,shell,cmd,passthru
     
  10. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:

    i would not use include,fopen,curl,require you will probably get thousands of results if searching on big scripts, but rather id use
    searches on keywords like (mail, $key, $ip, $doc_root, $to, $subject, $email, $domain, base64, $from, cmd, whoami)

    of course i would do this after i did my initial investigation of install.php or any include of the index.* files.


    Regards,

    Marcus
     
  11. bagging

    bagging Newbie

    Joined:
    Jan 15, 2009
    Messages:
    39
    Likes Received:
    29
    Location:
    Denmark
    You are sadly mistaken if you think you can get all the latest scripts nulled and up to date! If you can then please share the url to that source!
     
  12. blackpackets

    blackpackets Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 27, 2008
    Messages:
    309
    Likes Received:
    60
    Location:
    Skype
    Home Page:
    mafiascript plant some coding to promote their stuff..

    go through every single file and you will found something..