• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Bypass Grab Config Pada Server Rumahweb

June 5, 2014 by Jack Wilder 7 Comments

Jadi ceritanya ane lagi iseng iseng tuh deface.  Nemu dah target vuln SQLi. Scan pake SQLMap gak tembus, eh pas tak coba Bypass SQL Login malah masuk . Sialan . Wkwkwkwkwk . Dah, berhasil upload backdoor, tamper data. Eh ternyata server rumahweb. Nih server indo lumayan bagus. Symlink gak bisa, config pake shell biasa juga gak bisa.


Ini penampakan pas ane coba pake shell k2ll33d buat nge config :

Padahal ini shell biasanya jadi alternatif terakhir kalo shell ane gak bisa nge config :v
Indishell pun cuma bisa bilang #akurapopo

Akhir nya iseng iseng ane coba cara yang ane dapet kalo gak salah dari tutor nya bang war0k . Entah lah , ane lupa. Ini file lama . Wakakakaka.
Berikut cara bypass nya .
Buat folder baru. Sebagai contoh ane buat folder fvcker .
buat file .htaccess di folder tersebut . Berikut isinya :
Options FollowSymLinks MultiViews Indexes ExecCGI

AddType application/x-httpd-cgi .cc

AddHandler cgi-script .cc
AddHandler cgi-script .cc

Lalu buat file dengan ekstensi .cc . Terserah namanya.
Script nta bisa ambil disini
pwnz.cc
chmod pwnz.cc  ke 755 .
Sekarang, jalankan fungsi eval di shell kalian untuk mendapatkan file etc/passwd nya .

Buka file pwnz.cc , masukkan isi dari etc/passwd yang kalian dapatkan tadi ke dalamnya . Klik get config !

Jika sudah… Buka folder /fvcker/ atau folder yang kalian buat di awal tadi .

you got it !!!!
Rumahweb Bypassed !!!
Mungkin cara ini bisa diterapkan untuk server server lain yang mirip dengan rumahweb .

Sekian dan semoga bermanfaat.

Shares

Filed Under: Uncategorized Tagged With: Hacking, How To, Tips Dan Trik

Reader Interactions

Comments

  1. Anonim says

    June 6, 2014 at 9:19 pm

    A well written article, I just passed this to a workfellow who was doing somewhat analysis on this.
    And he in fact bought me dinner simply because I discovered it for him.

    Also visit my web blog vigrx plus vs

    Reply
  2. cak oni says

    June 9, 2014 at 1:00 am

    keren nih kang , sundul gan

    Reply
  3. Anonim says

    June 9, 2014 at 4:19 am

    Hello there, just became aware of your site through Google, and discovered that it’s truly informative.
    I’ll be thankful if you continue this in future.

    Here is my web page – how to get rid of acne scars

    Reply
  4. Anonim says

    June 11, 2014 at 1:00 pm

    I was suggested this site by my cousin. I am uncertain whether this post is
    published by him or anybody else but this such detailed post and i love reading.

    My blog post – treatment for acne scars; ,

    Reply
  5. Anonim says

    June 11, 2014 at 5:29 pm

    Look forward to checking out your web page again.

    my web-site :: acne cream – –

    Reply
  6. Anonim says

    June 12, 2014 at 1:09 am

    For the White House, it was a toich of well-deserved sarcasm; Obama's absence at the start of the Libyan hostilities, aalong
    with his haphazard conversations with members of
    Congress and his nonexistent effort to prepare the
    American public for war, left more than a few Washington insiders shaking their
    heads over how the president could have mishandled things so badly.
    Life Tap-A unique feature of Warlocks iis that they can tap into their HP
    pool. When fighting one-on-one, you will want to keep the enemy fearerd foor as long.

    my web blog – minion rush hack

    Reply
  7. Febru4ry-ID says

    January 24, 2017 at 1:53 am

    kok kalo di klik not found confignya?
    bisa bantu mas

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

MIME Type Sniffing pada Form Upload Gambar

FCKeditor Bypass Shell Upload With Burp Suite Intercept

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Zendesk Custom Domain or Subdomain Takeover

Surge.sh Custom Domain or Subdomain Takeover

GitHub Custom Domain or Subdomain Takeover

Reverse Shell From Local File Inclusion Exploit

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

Uptimerobot.com Custom Domain or Subdomain Takeover

LinuxSec / 65 queries in 0.08 seconds