Ini adalah trik dimana ketika symlink , user 'dennyganteng' /public_html/ nya Forbidden..
Pada kasus saya kali ini,
User 'k7804599' (ditunjuk tanda panah hitam) ketika saya jumping/symlink
menampakkan hasil Forbidden
Raimu tidak punya ijin utk mengakses /sym/root/home/k7804599/public_html/ nang kene.
Nah, saya coba utk mengakali nya gimana caranya biar bisa mengakses
database dari User 'k7804599' .
Dengan menggunakan Shell SBH saya melakukan bypass config .
Load PHP.INI (seperti yg ditunjuk pada panah putih)
Kemudian klik 'Cracker'
Setelah itu buka dir config nya . ( /SBH/ )
dari Forbidden word tadi 'copy' nama user tsb.
lalu pencet 'CTRL + F' ( find/search )
'paste' .
Hasil Pencarian tadi menunjukkan bahwa :
Config.php dari User 'k7804599' found.
Dan ternyata ia memakai engine Wordpress saudara..
sekarang kita lihat, apa wp-config.php nya juga Forbidden ???
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\/
Juebbrreeettt...
Sumber:http://www.surabayablackhat.org/forum/thread-2006.html
Rabu, 29 Januari 2014
Bypass Symlink forbidden di /public_html/
![[Image: Screenshot_1.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tkWb0f-ZmYJGQfxAXpPVfSjx6ZmbfLTr71V9pBYyHw6-xTLKDNp44JswhCokSQ-B624nSgecz2KGZDsP9BkOIXdRTPq3NJFsGg7OQodejQqQYteyerKo3Ofg=s0-d)
![[Image: Screenshot_2.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_saidOpEluYBCOTWfoL1vgcfm-kIH2bS8c_Mo_5I6iwsJLTsmf5Hfz2aftbNYT_bUftMcgna1emhwjjJbzk48egSdJ69v-0Ja9XkTxJZpjnOlCQtUTZyoEEvQQ=s0-d)
![[Image: Screenshot_3.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t7Y8T5Y-7IiIgbfG3s0jkd1njV1GeGprpZg5KUyCJtoYDTRHziGObyFNCKANCBDvVqmTBcRrqMZZSUJ09L42tyVu1EvoooC6GnEjrgPgToQ48NK6mcjK2HHHs=s0-d)
![[Image: Screenshot_4.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vELLT1uEgNsaPWM4LS0fe15lsXXTvumuWsQuckdgWqw6BnPl_xdY-z9c_pAOl3vRQewoGpZ6GHnTDZFZodafHLqdCY7i4SDZ0brs7j9OmRv36O6ArJI0a2zG4=s0-d)
![[Image: Screenshot_5.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uR7qaNYTvIOU70MfI_GjDatb8kzBYJ9bkiox3zkR7nuDP8U-wski9pnb3Y4doK4FPFzTQPz_wqZYKkPvayOR9oJTAS8ixZAu74xIf6y1BpTdXh_f2Q7zUMdP8=s0-d)
![[Image: Screenshot_6.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tJcG6MEwg7_655p7gyYSH7ENkeHpyvhwcrRL75y5H23atKfOHCCZJkQUVSw5atzkossKi4pP8Zg6aiADnlVWTllDBX42S02V5Q7PB6GWuQ5jElXWQY3rq7Mw=s0-d)
![[Image: Screenshot_7.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sGhzt5Crk1739cok8K--BkNLT_C8_Ppc7NfwAmfZWGD_XdfeBlRv-cmzhfoQPbCTOwEBryZwMEpq3q6HrGziMUVgIbf7PI33tgofJFMKLGoHdXNZSFBf1xZpU=s0-d)
![[Image: Screenshot_8.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tGozhEZx3JbmDcMH3dQedTeUTj2dPttepVlujHSsKLpMl5OWMGIbAv_uLgGdpFXy8WaQZllcYfTGCgkN2IVQkufqPFckd56lD5WKurumUvHHAdSuzi5WYC9Vc=s0-d)
0 komentar:
Posting Komentar