viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, October 1, 2008

[Cpanel] http://www.unwar.ac.id

11:07 PM Posted by viperfx07 No comments
This time i try to hack Cpanel of http://www.unwar.ac.id. Because of this site using Joomla 1.5.x and there's an exploit from milw0rm, it's an easy job.

Steps:
1. Using the exploit, change the password to whatever you want.
2. To upload a php shell, you should do several things.
a. Go to Global Configuration
b. Go to System Tab
c. Add php into "Legal Extensions (File Types)" and Legal Image Extensions (File Types")
d. Choose "No" for "Restrict Uploads" and "Check MIME Types"
e. Save it.
3. Go to Media Manager and upload the shell.

After you upload the shell, you can view the configuration.php to see the password used in that site.
Then go to http://site.com:2082/ to log into the cpanel. Fill the username with the user in shell and password with what you found.

Here is the screenshot:

0 comments:

Post a Comment