Tampilkan postingan dengan label joomla. Tampilkan semua postingan
Tampilkan postingan dengan label joomla. Tampilkan semua postingan

Sabtu, 03 September 2016

Full Bot Deface Website



Hai semuanya, udah lama banget ngk buat tutor. Gw udh mulai bosen dgn semua ini. Makanya gw pengen share Tools yang menurut gw manteb untuk maen bot - botan..

Cara kerja tools ini ialah dengan mengambil nama domain dari web mirror zone-deface.com, abis itu dapetin ip-nya. nah ipnya kita scan deh di bing. Abis itu kita grab lagi dan kita scan cms apa yg dipakai, terus di save sesuai cmsnya dan di eksploitasi sesuai cms-nya.

Tapi disini gw cuma ada exploit com_media, jce, jdownloads..
untuk yg laen lu cari sendiri ya.

Download Tools disini.
https://drive.google.com/file/d/0B4_2Vn34hkX1V1JYcDFXSlZ2VzQ/view?usp=sharing

command:
php ambil.php attacker_Tu5b0l3d 72 && perl setan.pl ip.htm 31 && php detek.php target_setan.htm && php exploit.php 1-Joomla.htm

catatan:
72 itu ialah page akhir dari attacker_Tu5b0l3d
sesuain sama attacker/team yg mau di grab di http://zone-deface.com/

31 itu page paling akhir pas scan di bing.
klo mau scan sampe 50 page, ubah jadi 51

exploit.php itu isinya ada exploit com_media, jce, jdownloads.
ganti di k.txt dan k.png,
pkoknya harus ada kata - kata hacked.
ganti juga nick di zone-h

1-Joomla.htm itu list joomla site.

Video:
https://www.youtube.com/watch?v=GTocBpZ8eXM

##.
Thx buat bang fyelix yang udah ngasih VPS.

https://www.facebook.com/groups/indoxploitpublic/

Read more

Kamis, 04 Agustus 2016

Joomla Component com_jwallpapers Arbitrary File Upload

==================================================================
Title: Joomla Component com_jwallpapers Arbitrary File Upload
Author: Mr. Error 404 - IndoXploit
Google Dork: inurl:/index.php?option=com_jwallpapers
vuln: /index.php?option=com_jwallpapers&task=upload
output vuln: {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
Thanks to: ./Mister-Y404 & All Member IndoXploit
Greetz: Sanjungan Jiwa - Defacer Tersakiti Team
==================================================================

CSRF Xploit Code:
-> http://pastebin.com/2YenMhz3


NB: Ubah bagian shell_kalian.php dengan nama shell yang kalian ingin kan ( ex: shell.php ), dan juga shell yang kalian upload harus ber-extensi .jpg (ex: shell.jpg). Tanpa haarus menggunakan tamper data dan sebagainyaa.

Setelah Kalian Xploit, maka hasilnya akan tetap sama seperti ini:


tidak ada tulisan error sama sekali.
Shell akses: http://target.com/jwallpapers_files/plupload/shell_kalian.php

Read more

Senin, 27 Juni 2016

How To found uploader in website.


*nb: Diperuntukan buat yang udah ada shell

ini cocok banget buat yg pengen menemukan bug baru di plugins atau themes wordpress atau joomla.
bukan menemukan bug baru sih, tapi menemukan file yang ada kata - kata uploadnya melalui shell.

ya daripada kita buka satu - satu dir untuk nyari file upload.
mending pakai tool ini.

ada 2 file yang dipakai disini.

search.php
http://pastebin.com/G1vnLbUt

index.php
http://pastebin.com/nenExAFA

file search.php langsung diupload aja ke websitenya.

file index.php dibuka dan diedit bagian dirnya.

usage:
php index.php http://victim/search.php


video:
https://youtu.be/lniKnyGLxoo

keep share.
join yukk.
Read more

Senin, 20 Juni 2016

Top 5 Joomla Security Extensions 2016

Top 5 Joomla Security Extensions: So today we will discuss about Top 5 Joomla Security Extensions. I am gonna tell you about top best 5 Joomla Security Extensions so that you can work smoothly without any risks :)Top 5 Joomla Security Extensions 2016

Top 5 Joomla Security Extensions

Apart from WordPress and Drupal content management systems, Joomla is the most famous CMS used everywhere. Much the same as whatever other open-source CMS, Joomla powered sites to deal with hacking attacks. Top 5 Joomla Security Extensions 2016Indeed, consistently Joomla fueled webpage experience unfeeling programmers who mangle site pages, transfer secondary passages and take or erase touchy data. What's more, unfortunately, a large portion of the assaults cost site proprietors significant measure of time and cash in getting the harm altered. Thus it gets to be needful for site proprietors consider all the conceivable measures that reinforces security of their Joomla site. Top 5 Joomla Security Extensions 2016

In this post we have come up with a list of remarkably useful Joomla extensions that helps to secure your Joomla website.Top 5 Joomla Security Extensions 2016

1# jHackGuard


jHackGuard is an expansion planned by Siteground that shields the sites of Joomla clients from being hacked. The expansion is made freely accessible to Joomla site proprietors, regardless of whether they're utilizing Siteground facilitating administrations or not. Top 5 Joomla Security Extensions 2016This expansion is a mix of a security plugin (that does the framework work) and part (that handles designs) – that ensures a Joomla site by sifting the client's information and incorporating more PHP security settings. In any case, the plugin is incapacitated with the goal that channels don't keep validated managers from performing their authoritative errands. Top 5 Joomla Security Extensions 2016

jHackGuard is good with Joomla adaptation 3 and higher. Thus in the event that you need to ensure your webpage security running on a more established Joomla rendition, you can decide to download the fitting forms of jHackGuard for the more seasoned Joomla forms, for example, jHackGuard for Joomla 1.5 or other.Top 5 Joomla Security Extensions 2016

2# Akeeba Backup



Akeeba Backup in the past known as JoomlaPack is an open-source and free reinforcement part that aides in making a full site reinforcement – that can be utilized to restore your site on any server running Joomla fueled locales. It gives you a chance to make a reinforcement of your site in only a solitary chronicle, including every one of the documents, a "database preview" and an "installer". Top 5 Joomla Security Extensions 2016

The best angle about this expansion is that it runs an AJAX-controlled reinforcement and restore process that avoids server timeouts – notwithstanding when you're running a vast site. In addition, you can decide to make a reinforcement of just your site records or database. It is good with Joomla form 2.5 or 3.x j

3# JomDefender



As programmer assaults on Joomla sites is expanding, proprietors may need to spend a lump of cash to settle the harm done by the programmer assaults. You would need to maintain a strategic distance from your site from being harmed because of vulnerabilities. JomDefender is an incredible expansion that keeps your site secure from wreckful programmer assaults. This security plugin is implicit 'corePHP'. Top 5 Joomla Security Extensions 2016

This plugin settles probably the most well-known vulnerabilities inside Joomla, and actualizes extra defensive layers to the site to shield it from any sort of security assault. It can be introduced and designed effortlessly, and is accessible for a small amount of the expense.

#4 RSFirewall



This is a progressed Joomla security augmentation that keeps your site shielded from interruptions and also programmer assaults. RSFirewall is maintained by a group of prepared specialists that dependably stay up with the latest to manage the most recent vulnerabilities. What's more, the group runs most recent security redesigns to keep the Joomla site safe. RSFirewall accompanies an extensive arrangement of instruments, utilizing which you can keep your site secure from being hacked. Top 5 Joomla Security Extensions 2016

This expansion even gives you a chance to perform a sweep on your whole webpage, in order to make you mindful about the frail focuses in your website and offer guidelines to enhance your site security. RSFirewll is good with both Joomla 2.5 and 3.x adaptations.

#5 Akeeba Admin Tools


Keep going on our rundown is Akeeba Admin Tools, Joomla expansion that aides in making the site organization turn into a breeze, and enhances your site's security. Its an included layer of security. This augmentation advises Joomla clients about new redesigns that they ought to keep running for their Joomla site. Furthermore, it performs Joomla site support ensure it against programmer assaults and improve the site. It additionally settles your document and catalog authorizations, oversee custom URL redirections, improves security by making a safe .htaccess record etc. Top 5 Joomla Security Extensions 2016

This augmentation gloats a propelled "Web Application Firewall" that keep your website safe from a portion of the regular assaults.


Read more

How To Upload Shell in Joomla Via Admin Panel

Hello Guys! Successfully Hacked into Joomla Admin Panel? Not sure how to upload shell in jooma via admin panel? well your are at right place because today we are talking about How To Upload Shell in Joomla Via Admin Panel. Today I'm going t teach you How To Upload Shell in Joomla Via Admin Panel. Its pretty simple! just follow the following steps given below  :) :-

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

How To Upload Shell in Joomla Via Admin Panel:

Suppose we have an access to joomla admin. Now just login into it..



Once you Login you see the below screen.



Then look for Extensions and in that Template Manager.



Once you click on that you will see all the templates installed on that site.



See the marking in red it has the star. It means its the default template used by the sites currently. Select any of the template like it did beez in green.



Once you click on beez you will see the following screen. now just click on edit html



Once you click on edit html you will see the following screen



see the red part /templates/beez/index.php that is the path of your shell

Now just paste your shell code over their and save it




Once you click on save. it will take you to page were it will show you Template source saved. you work is done..

Once that is done you can access your shell. Path of the shell would be

www.site.com/templates/beez/index.php

Read more

Minggu, 01 Mei 2016

Auto exploiter com_media.

kali ini ane pengen share auto exploiter com_media.
yaudah langsung aja.

script:
http://pastebin.com/v23UTCeu

usage: php xploit.php target.htm

edit $file, preg_match, explode

poto:



*nb: kalo udh muncul yang base64, tapi masih NO. coba manual aja.

keep sharing :)
Read more

Jumat, 01 Januari 2016

Simple Tools For Deface


kali ini ane ingin share gabungan dari tools ane.
tinggal klik - klik doang.

Tools:

  1. Jumping (Cuma liat Dir yg readable)
  2. Config grabber Wordpress dan Joomla.
  3. Auto deface site cms joomla. (jadi setelah dapat config yang joomla, mungkin bisa gunain tool ini, dan liat nama domainnya di fitur yang Jumping).
  4. Auto deface site cms Wordpress (sama kayak yang Joomla diatas, tapi ini tidak perlu masukin nama sitenya.)
  5. Auto deface site cms Wordpress 2. (mirip sama yang pertama, tapi ini cuma masukin link confignya aja, jadi setelah pakai Fitur Config, dan dapat Config yang Wordpress. tinggal ditaro aja linknya di form).
  6. Bypass Disabled Functions.
  7. CGI Telnet.


ambil scriptnya disini.
http://pastebin.com/BY5SZjm6

mungkin bisa ditambahin lagi fitur - fiturnya.
keep share.

#.


Read more

Selasa, 08 Desember 2015

Auto Deface cms Joomla if you get config





Auto Deface cms Joomla if you get config.


yg versi wordpress ada disini
cocok buat yg maenan symlink atau config..
jadi kita tinggal masukin user db, passwd db, dbprefix, dll
ada auto defacenya juga...



tool ini merupakan pengembangan dari yg sebelumnya.
yg ini lebih dinamis dan powerfull..

http://pastebin.com/50NQdet2

video: https://youtu.be/clvLy5pDA2I

#.




Read more