bila kita pindhin dir ke /home/
semua perm dwrx-x-x
Spoiler: hide
![[Image: home.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u2ORHrTM84aSKLuPLjVxy5Uc6SCd6X8J2RnbJUz6jS590yL4aEUpd6B7pw1g4gQGmuw_nSheTccl1oH1TJwUzkaKs8egVpAZ0ZF-THN-AO3XM0-mm0I26VsQ9vEJSyOE9HI7sjtA=s0-d)
coba pake tools jumping finder dan ternyata ada yang bisa di baca file nya
Spoiler: hide
![[Image: 1.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t0X-Ea38yLOPIiH2EG1TG9ucaF4v-scwio7ej17CE4P0HAR2krYg1UKvf-x19xU8YFy9CzfXztUBfgmEoCptf_UtCgd7n_s6Cd0CJPMiXokmO1uxPr-2z0-Tb81lxIonWkGQ=s0-d)
trz kita test satu persatu
di sini saya ambil
Spoiler: hide
![[Image: 2.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vUup069UciPoTS2zggvpIEUpkom1ZeM-_9HkUByOMcLsu9k-bQxTm6oyHaA4LY0l9wHnOaAzTF-GnJOH854ZXZ_HgCZ9BG0TG7FiNwIwRbyJj7oREsTGJ2Y2ClVKebvqM1BA=s0-d)
langsung cari file yang berupa config
kebetulan ini joomla
jd config nya g jauh2.. :)
OK lanjut
Sekarang buka mysql
masukin informasi yang tadi di config
user, pass, database
kalo dh masuk silahkan cari yang berupa user, admin
nah.. ada keliatan user pass and email kan?
:D
kebtulan kan kita password joomla nya tidak bisa di crack pake tools yang saya punya
editlah data base tersebut
Spoiler: hide
![[Image: 3.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ure1medbj_7Nzhn4A7w8JmRCCGVbDuJD9sfc0bG__vL_j61c9sUYrG2_mXo-s9LW5OjX7GWE78Ht9__nwx4kEJluzTl4FrtL0o7Z7pu4pvsj3i6zxLx6ME4cH_hTkVbihh6A=s0-d)
setelah itu klik update
trz akan muncul lagi berupa konfirmasi ke kita
Spoiler: hide
![[Image: 4.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v89_ovjNZK3ssgPNL3NuTNAlWxCQGT1r2YC96zH-U2esKYfUt4TQ-ojNb91WR3H2uOa0_TcpLqWsVUsjZ7xvqfgGZjycBqLNxCuwo4m8If_OQlny6bmTNoST5t6BuokoK9ew=s0-d)
mah di sini samakan semua data2 nya
seperti email user and pass
ingat: email nya ganti jadi email kita
lalu klik yes..
kalo udah
buka site korban
reset password nya
kalo wp bisa dr wp-login.php mereset
kebetulan ini joomla jadi nya
"/index.php?option=com_user&view=reset"
contoh
http://target.com//index.php?option=com_...view=reset
Spoiler: hide
![[Image: 5.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uCTq_yOQ2fNro_yfpwpxlqy941zT_PLcL_eh4YO4gZ0y_IIciKK0oK36FQgbYQs0uXgCllBBA5F58nMDFCA0TI__JRI2q0Qf5HMTqqNyrFvBL_RQNOsAX6VOvXdujhjN7QRg=s0-d)
isi kan email yang udah kita ganti tadi
nanti akan di kirim ke email kita token nya / aktivasi nya
sekarang masuk ke email kita
cek
Spoiler: hide
![[Image: 6.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_upVHnLzbOdvpVAJRUxnXenHQYyilt0nWHnIqmcwKsMg_GNxtRBJ9HfeB4gyX38vpGem1qstZ0WUMJiYW19JyYBNMs2izYXXw6URc1uy9eaHMX-c9ycyL_vO1b9SMC2g-097A=s0-d)
nah..
kalo udh
copas code activation itu..
lalu pastekan di site tadi
seperti gambar berikut
Spoiler: hide
![[Image: 7.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vnPR3OwaaDrYAl_W2T-_TXB2jImZxY0vPF2fyx9dIq44XjLO47UUcximeBVG8r_me5f-TXBcCMVfqhwxHPmjNqNzHC2-nRXdjs6k-ROcasnw-h414D_LnfNZfJ41g9srBc4g=s0-d)
reset password nya
Spoiler: hide
![[Image: 8.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uIt4hizJV--6uRhHh9uSR_SDCSPnvliUqEElqtiYYuMe8nIMKul3xtAcNWlTaVhTbJzJ-OiXG_mQi9d306KrQ4IaJJWvyWLd7Fdzs4t6o62z1l_jXlDl-SAOvogTIQ2RAZzw=s0-d)
sekarang login ke admin panel site target
berhasil bukan?
^_^
sekarangg tahap upload backdoor kita
di sini banyak cara
kalo joomla edit template nya
kalo wp edit aja template nya
methode nya sama aja
cari file php yang bisa di edit
ato tempat2 upload file
Spoiler: hide
![[Image: 9.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tx-rm_pmzc8W6Wvc-3DfqRs3f_66m1KJteL1dXRxrPHn_46bdtgLJp919c41hrkAy0XghzqiBaSzW0xZCz2yYa9IfQGBdkbpXiGUTLtBePk8c5tZn0_aSG7SjExqKhxKUdFA=s0-d)
cari template yang aktif
Spoiler: hide
![[Image: 10.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v_FbFbEJJu7FmeGnAnr1xK-auZ0B7VnGsI2ISUfkwdhk8812WPvZwi5eYIA0WKPTcLS_hhEfHw6aYhTAo0um68rV6ezpjLPLx2ig54dvYJ9kAV1AAxtMDiIAP7rGm4FOwTpA=s0-d)
cari edit html
Spoiler: hide
![[Image: 11.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tcJfCc4ydhYOll5GmyM7VOkGmyoX6q82mab_q0yvkW6KZ1aspO1a6Zg1H8TvqOUR9d-9tE1XiPOHrJtol0fstiSkeWeQ02e5mCi8BQvuYnVwccr-ohgZ6q-xl8WeIvbOl1J8U=s0-d)
pastekan script php uploader
klo g ada shell juga bisa kok
Spoiler: hide
![[Image: 12.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_txe32-dXlgH3AxjQ1lV2xwX5QHa8uPmCjBeM8Bb1SKnjcDkqQi8Lg0pHsQWz9tqfM9HcJnkmQD6V072_0SsEIYrGv-OGE8CnfhjVRRxpZvfu7vtpk6qKBTfqyQNdHZw6HKaII=s0-d)
jangn lupa di simpan
Spoiler: hide
![[Image: 13.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sJv7CE8KKeTFmVelHPOFwiJz81S_vDjhMEJkD3oKxeAPeApSTQo00BFwbGZwmSkhdGFXqv_DEwTEYK0LM4ZdDlJUwud6XTuv3ZCO7iKJjyJ8-zTY6gK6GkJLyfZ8WUco6HzLg=s0-d)
sekarang coba buka web target
apa yang terjadi?
:D
Spoiler: hide
![[Image: 14.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t4QZ05zYpd_t-2oDkUbbX9lIuN7KfWcaDgyacXpPpA4EWklxrSyDYWsztIynfiSqoG1o8zfe5FwPKtb2F0C0usek2VBkidwDIZYOrKKHhAzloU2QJeM95KDDAlTOLNHUaTfA=s0-d)
kita bisa upload file
^_^
sekarang upload lah shell alias backdor kita
dan shell akan ter seimpan dini
http://target.com/namafile.php
Spoiler: hide
![[Image: 15.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vhWRAHWPL5QP24IucmAfGvuQnapVYfw6azee4CyU6s1Zu2wF1h4XuEgKj_qBurBTaFyDp4AToSmbYhBwcRekI4detDdTUg7ohfjPy7jgvL1i-J6OGiyx1bBjGKdhVBtigQ79U=s0-d)
sekarang terserah ente aja mau di apain tuh
0 komentar:
Post a Comment