Cara Deface Website Target (Web Yang Kita Inginkan)

Written By CaFc Versace on Selasa, 0 !"li 0#$ % 0&' $

(ssala)"alaik") *r'*b' Kemaren ada orang tanya ke aku, mas gimana cara hack website yg uda kita target , maksud website yg uda kita target itu misalnya aku pengen hack www.cafc-commnity.org , gitu. jadi tanpa gunain dork.. Sekarang disini aq akan menunjukkan bagaimana cara hack website target . Thread ini adalah penyempurnaan dari thread Mas Katon yang bertajuk Metode search target menggunakan ! ser"er #al ini tidak mudah -$- tapi aq coba utk menjelaskan sebanyak yg aku bisa... --o--o-o--o-%ahan & 'lat ( )* Target +ebsite ,* Shell -aq gawe' WSO shell* .* script symlink -tak jelasno nang mburi ae* /* MyS01 manager --o--o-o--o-+angka, # Sekarang, kita periksa situsnya apa ada yg "uln utk dihajar (" 'da satu hal yang tersisa, kita dapat hack situs tsb pada ser"er yang sama - ) ser"er * 2aneh yoo3 maksute opo 3 tapi tungguen baca dulu sampe rampungg...

4adi kita udah punya target toh, langkah selanjutnya, kita harus cari tau ! ser"ernya target Y"k -ergi ke C.D ( Start/0123/0C.D )
ping www.target.com

Sekarang kita dah memiliki-mengetahui* ! Ser"er nya, skrg waktunya untuk cari celah ( vuln ) nya. !ergi ke S 5 dan masukan kode dibawah ini (
IP:IPYANGUDAHKITADAPETDARIPINGTADI ".php? !"

Selanjutnya,dari hasil scan ! tadi cari sebuah situs yang rentan terhadap S01i. -%isa di inject menggunakan tools seperti ha"ij dll* Kalo sukses, segera tanem shell +angka, II #al pertama yang perlu dilakukan adalah menemukan path lengkap dari situs tsb. yakni seperti begino(
"home"#$ername"p#%&ic'htm&"

Sekarang pergi ke shell dan jalankan perintah ini(

cat "etc"pa$$w(

Sekarang copy semua teks yg tertera di situh dan tempel ke notepad. tu file berisi semua pengguna yg menggunakan ser"er yg jadi target muw +angka, III Target ku adalah 4oomla dan aq tau di mana file yg berisi informasi MyS01. -config.php*
"home"target$a)a"p#%&ic'htm&"con*ig#ration.php + Ini con*ig n)a ,oom&a -

"home"targetm#"p#%&ic'htm&"wp.con*ig.php

"Kalau wordpress mas ?" Kalo targetmu wordpress , config nya ada disini

5ah, sekarang upload symlink mu dan myS01 Manager nya , %uka symlink nya dan masukin path config web targetmu dalam kasus ku iku (
"home"$o*tc#%e"p#%&ic'htm&"con*ig#ration.php

Terus,, Sekarang klik 6Symlink6 dan skrg kita dapet mysql info nya Salin semua ke 5otepad 7 7 ( otepad!! lebih baik karena kita dapat dgn mudah menemukan password dan username) 8ari username dan password web targetmu yg da tercantum di mysql info nya,,dan buka mysql.php , Masukkan dan sekarang kita dpat mengedit database. Sekarang klik 6Tabel6 dan klik table 6admin6. disini kita bisa membuat user, staff, dan membuat pssword - ngatlah untuk mencatat hash asli sehingga cara hackmu tetep gak terdeteksi jika ingin akses lgi* Sekarang, aq sudah mengganti hash-password admin* dan login tu saja untuk saat ini.
T,at4s all for no*' I kno* i 5i5 ba5 on e6-lanation b"t if yo" *ant yo" can 7. )e or -ost ,ere an5 i *ill ans*er all of yo"r 8"estions'

Symlink script -9 :;M'S S'<'' MySQL Script -9 4 1'T T;:==SS M'S SO shell -9 M'S=K 5 =>'# ?'K T'#'5 <'5K -password ),.*

9o* to 7rotect Yo"r 797 Website fro) S:+ In;ection 9acks

Written By CaFc Versace on 1ab", 0< 3o=e)ber 0#$ % 0>'?#

As a web developer, I often read articles about hackers (from the lowly to the knowledgeable) infiltrating websites via the dreaded 'SQ In!ection' method and completely taking control, changing, gaining access, or destroying the owner's data" As a fellow web developer, I'm sure you want to know how to protect against it" #ell, here it is$ In this article, you will find out what SQ In!ection is, what you can do to protect against it, and additional recommendations that are easy to do and only makes your data more secure" Please note: I am not an 'absolute' expert, but none of my projects have ever been hacked (yet), are SQ Inject!on proof (as far as I kno"), and I love to learn# I $uarantee noth!n$#

What Is SQL Injection and How Is It Used?

%asically, SQ In!ection is a method used against websites and applications to gain access to the website's or application's data, stored in a SQ database" SQ In!ection is used to gain access to a database's information (or an entire company), to destroy a database's information, or to manipulate a database's information" It is a method used to e&ploit the security vulnerability of an application or website" 'here are different types of SQ In!ection, but in this article we will only cover the basics" et's see how it is used, to further understand what it is" I am going to use ()( as my scripting language in these e&amples" *ou can use substitute any language(s) you use" 'he focus should be on the SQ commands" Example Suppose you are a professional with your own business" *ou have created an SQ database with a table that contains all of your clients' information, that you use to send out important notifications, billing, etc" It took you an entire year to

gain +,,,,, very important clients" *ou manage your database by logging in online, as you travel, and doing whatever you need to do, directly from your website" *our SQ -uery in your ()( log.in script, on your website/ <? $q = "SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " ' $()ET*&#se$na%e&+' " & ,-. `/asswo$d`= & " '$()ET*&/asswo$d&+' " & "0 ?1 0ne day a self.proclaimed hacker stumbles upon your website" )e clicks the ' og In' button" )e enters the following in the 'username' field/ & 0 SH!W T,2LES0 'he hacker now has been shown every table you have in your database" Since he knows your table's name, he enters / &0 . !3 T,2LE *4o#$ ta56e&s na%e+0 All of your information is gone" 1ote/ 'here are attempts that are much more complicated than this, and someone can spend a lot of time to get into your database, or they can even use a program to try to e&ploit the vulnerability of your website, database, application, etc"

Ste/ 7 Use %4sq6($ea6(esca/e(st$in89:

'his ()( function escapes special characters for use in SQ -ueries and protects you from attack" 'he -uery would now look like this/ <? $q = "SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&#se$na%e&+ :' " & ,-. `/asswo$d`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&/asswo$d&+ :' " & "0 ?1

Ste/ ; Use %4sq6(q#e$49:

2sing 'mys-l3-uery()' has additional protection against SQ In!ection" A -uery not wrapped in 'mys-l3-uery()' could allow a hacker to use multiple SQ commands from your 'username' field, instead of !ust one, which is another vulnerability" 'mys-l3-uery()' only allows one command at a time" So, our -uery would now look like this/

<? <<connection $data5ase = %4sq6(connect9"6oca6host"= "#se$na%e"="/asswo$d":0 <<d5 se6ection %4sq6(se6ect(d59"data5ase"= $data5ase:0 $q = %4sq6(q#e$49"SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&#se$na%e&+ :' " & ,-. `/asswo$d`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&/asswo$d&+ :' " & "= $data5ase:0 ?1 Recommendation: Centralize Your Connections In your script, you should centrali4e your connections to one page" 0n each page that needs it, !ust use the 'include()' function to include the page that hosts your SQ database connection information" 'his would force you to create -ueries with the same format on every page you create, and reduces the chances of a mistake leaving a vulnerability open" So, let's say we make a page called 'connections"php' and put in the following/ <? <<connection $data5ase = %4sq6(connect9"6oca6host"= "#se$na%e"="/asswo$d":0 <<d5 se6ection %4sq6(se6ect(d59"data5ase"= $data5ase:0 ?1 #e could modify our -uery using the new setup" 0ur log.in page would have/ <? inc6#de9"connections'/h/":0 $q = %4sq6(q#e$49"SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&#se$na%e&+ :' " & ,-. `/asswo$d`= & " '%4sq6($ea6(esca/e(st$in89 $()ET*&/asswo$d&+ :' " & "= $data5ase:0 ?1 Recommendation: Clean Data at the Beginning of the Page 5any programming languages force you to declare variables before you can use them throughout the script" ()( does not force you to do this, however, it's a good habit to clean out your variables at the beginning of the page anyway$ Sure someone can ask, 6If I'm cleaning each variable throughout the page, why should I clean the variables at the top7 Aren't I doing the same thing with your recommendation76" It is easier on you to clean variables at the beginning of the page for a few different reasons, beyond formatting" 8" It reduces the amount of code you have to write" 9" 0nce the variable is clean, you can use it freely throughout the page, without the fear of vulnerabilities" :" It is cleaner and more organi4ed, allows you to work easier, and avoids mistakes"

If we cleaned variables at the beginning of the page, our script would look like this/ <? inc6#de9"connections'/h/":0 $#se$na%e = %4sq6($ea6(esca/e(st$in89 $()ET*&#se$na%e&+ :0 $/asswo$d = %4sq6($ea6(esca/e(st$in89 $()ET*&/asswo$d&+ :0 $q = %4sq6(q#e$49"SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " ' $#se$na%e' " & ,-. `/asswo$d`= & " '$/asswo$d' " & "= $data5ase:0 ?1 *ou could even go as far as creating a function to do all cleaning for you, reducing the amount you have to type further" ook at the following e&ample" <? >#nction c6eane$9$in/#t:? <<c6ean @a$ia56e= inc6#din8 %4sq6($ea6(esca/e(st$in89: A inc6#de9"connections'/h/":0 $#se$na%e = c6eane$9 $()ET*&#se$na%e&+ :0 $/asswo$d = c6eane$9 $()ET*&/asswo$d&+ :0 $q = %4sq6(q#e$49"SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " ' $#se$na%e' " & ,-. `/asswo$d`= & " '$/asswo$d' " & "= $data5ase:0 ?1

Recommendation: Check Even After t s Cleaned *ou can have additional checks in place to guard against unnecessary processing on your server" 'his is achieved by adding checks to your script before you ever get to the point of running the -uery; only running the -uery when you find the data acceptable" <? >#nction c6eane$9$in/#t:? <<c6ean @a$ia56e= inc6#din8 %4sq6($ea6(esca/e(st$in89: A inc6#de9"connections'/h/":0 $#se$na%e = c6eane$9 $()ET*&#se$na%e&+ :0 $/asswo$d = c6eane$9 $()ET*&/asswo$d&+ :0 <<ChecB i> the in/#t is 56anB' i>9 9$/asswo$d == &&: CC 9$#se$na%e == &&::? <<dont 6et the% /ass A <<ChecB i> the4 a$e /#ttin8 in wa4 too %an4 cha$acte$s than sho#6d 5e a66owed' e6se i>9 9st$6en9$#se$na%e: 1 ;D: CC 9st$6en9$/asswo$d:1 ;D: :? <<dont 6et the% /ass A <<3assed a66 o> o#$ checBsE #n q#e$4' e6se ?

$q = %4sq6(q#e$49"SELECT `id` F !" `#se$s` WHE E `#se$na%e`= & " ' $#se$na%e' " & ,-. `/asswo$d`= & " '$/asswo$d' " & "= $data5ase:0 A ?1 'hat's pretty much it"