Cara Deface Website Target (Web Yang Kita Inginkan) Written By CaFc Versace on Selasa, 02 Juli 2013 | 07.23

Assalamualaikum wr.wb.Kemaren ada orang tanya ke aku, mas gimana cara hack website yg uda kita target , maksud

website yg uda kita target itu misalnya aku pengen hack www.cafc-commnity.org , gitu. jadi tanpa gunain dork..

Sekarang disini aq akan menunjukkan bagaimana cara hack website target .Thread ini adalah penyempurnaan dari thread Mas Katon yang bertajuk Metode search target

menggunakan IP serverHal ini tidak mudah -_- tapi aq coba utk menjelaskan sebanyak yg aku bisa...

--o--o-o--o--Bahan & Alat :1) Target Website2) Shell (aq gawe' WSO shell)3) script symlink (tak jelasno nang mburi ae)4) MySQL manager

--o--o-o--o--

Langkah 1Sekarang, kita periksa situsnya apa ada yg vuln utk dihajar :v

Ada satu hal yang tersisa, kita dapat hack situs tsb pada server yang sama ( 1 server ) #aneh

yoo? maksute opo ? tapi tungguen baca dulu sampe rampungg...

Jadi kita udah punya target toh, langkah selanjutnya, kita harus cari tau IP servernya target

Yuk pergi ke CMD ( Start->RUN->CMD )ping www.target.com

Sekarang kita dah memiliki(mengetahui) IP Server nya, skrg waktunya untuk cari celah ( vuln ) nya.

Pergi ke SINI dan masukan kode dibawah ini :IP:IPYANGUDAHKITADAPETDARIPINGTADI ".php?*="

Selanjutnya,dari hasil scan IP tadi cari sebuah situs yang rentan terhadap SQLi. (Bisa di inject menggunakan tools seperti havij dll)

Kalo sukses, segera tanem shell

Langkah IIHal pertama yang perlu dilakukan adalah menemukan path lengkap dari situs tsb.

yakni seperti begino:/home/username/public_html/

Sekarang pergi ke shell dan jalankan perintah ini:cat /etc/passwd

Sekarang copy semua teks yg tertera di situh dan tempel ke notepad.

Itu file berisi semua pengguna yg menggunakan server yg jadi target muw

Langkah IIITarget ku adalah Joomla dan aq tau di mana file yg berisi informasi MySQL. (config.php)/home/targetsaya/public_html/configuration.php ( Ini config nya joomla )

"Kalau wordpress mas ?"Kalo targetmu wordpress , config nya ada disini /home/targetmu/public_html/wp-config.php

Nah, sekarang upload symlink mu dan mySQL Manager nya ,Buka symlink nya dan masukin path config web targetmu

dalam kasus ku iku :/home/softcube/public_html/configuration.php

Terus,,Sekarang klik "Symlink" dan skrg kita dapet mysql info nya

Salin semua ke Notepad + +( Notepad++ lebih baik karena kita dapat dgn mudah menemukan password dan username)

Cari username dan password web targetmu yg da tercantum di mysql info nya,,dan buka mysql.php ,

Masukkan dan sekarang kita dpat mengedit database.

Sekarang klik "Tabel" dan klik table "admin".disini kita bisa membuat user, staff, dan membuat pssword

(Ingatlah untuk mencatat hash asli sehingga cara hackmu tetep gak terdeteksi jika ingin akses lgi)

Sekarang, aq sudah mengganti hash(password admin) dan login

Itu saja untuk saat ini.

That's all for now.I know i did bad on explanation but if you want you can PM me or post here and i will answer all of your questions.

Symlink script -> RE MA S S AY AA  MySQL Script -> J I L A T T E R U U S S M A S  SO shell -> M A S U K IN U D A H G A K T A H A N Y A N K (password 123)

How to Protect Your PHP Website from SQL Injection Hacks

Written By CaFc Versace on Rabu, 06 November 2013 | 09.51

As a web developer, I often read articles about hackers (from the lowly to the knowledgeable) infiltrating websites via the dreaded 'SQL Injection' method and completely taking control, changing, gaining access, or destroying the owner's data. As a fellow web developer, I'm sure you want to know how to protect against it. Well, here it is! In this article, you will find out what SQL Injection is, what you can do to protect against it, and additional recommendations that are easy to do and only makes your data more secure.Please note: I am not an 'absolute' expert, but none of my projects have ever been hacked (yet), are SQL Injection proof (as far as I know), and I love to learn. I guarantee nothing.

What Is SQL Injection and How Is It Used?Basically, SQL Injection is a method used against websites and applications to gain access to the website's or application's data, stored in a SQL database. SQL Injection is used to gain access to a database's information (or an entire company), to destroy a database's information, or to manipulate a database's information. It is a method used to exploit the security vulnerability of an application or website. There are different types of SQL Injection, but in this article we will only cover the basics.Let's see how it is used, to further understand what it is. I am going to use PHP as my scripting language in these examples. You can use substitute any language(s) you use. The focus should be on the SQL commands.

ExampleSuppose you are a professional with your own business. You have created an SQL database with a table that contains all of your clients' information, that you use to send out important notifications, billing, etc. It took you an entire year to gain 50,000 very important clients. You manage your database by logging in online, as you travel, and doing whatever you need to do, directly from your

website. Your SQL query in your PHP log-in script, on your website:

<?$q = "SELECT `id` FROM `users` WHERE `username`= ' " .$_GET['username']. " ' AND `password`= ' " .$_GET['password']. " ' ";?>

One day a self-proclaimed hacker stumbles upon your website. He clicks the 'Log In' button.

He enters the following in the 'username' field:' ; SHOW TABLES;

The hacker now has been shown every table you have in your database.Since he knows your table's name, he enters :'; DROP TABLE [your table's name];

All of your information is gone.

Note: There are attempts that are much more complicated than this, and someone can spend a lot of time to get into your database, or they can even use a program to try to exploit the vulnerability of your website, database, application, etc.

Step 1 Use mysql_real_escape_string() This PHP function escapes special characters for use in SQL queries and protects you from attack.The query would now look like this:

<?$q = "SELECT `id` FROM `users` WHERE `username`= ' " .mysql_real_escape_string( $_GET['username'] ). " ' AND `password`= ' " .mysql_real_escape_string( $_GET['password'] ). " ' "; ?>

Step 2 Use mysql_query()Using 'mysql_query()' has additional protection against SQL Injection. A query not wrapped in 'mysql_query()' could allow a hacker to use multiple SQL commands from your 'username' field, instead of just one, which is another vulnerability. 'mysql_query()' only allows one command at a time.So, our query would now look like this:

<?//connection$database = mysql_connect("localhost", "username","password");

//db selectionmysql_select_db("database", $database);$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .mysql_real_escape_string( $_GET['username'] ). " ' AND `password`= ' " .mysql_real_escape_string( $_GET['password'] ). " ' ", $database); ?>

Recommendation: Centralize Your ConnectionsIn your script, you should centralize your connections to one page.On each page that needs it, just use the 'include()' function to include the page that hosts your SQL database connection information. This would force you to create queries with the same format on every page you create, and reduces the chances of a mistake leaving a vulnerability open.So, let's say we make a page called 'connections.php' and put in the following:

<?//connection$database = mysql_connect("localhost", "username","password");//db selectionmysql_select_db("database", $database);?>We could modify our query using the new setup. Our log-in page would have:<?include("connections.php");$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .mysql_real_escape_string( $_GET['username'] ). " ' AND `password`= ' " .mysql_real_escape_string( $_GET['password'] ). " ' ", $database); ?>

Recommendation: Clean Data at the Beginning of the PageMany programming languages force you to declare variables before you can use them throughout the script. PHP does not force you to do this, however, it's a good habit to clean out your variables at the beginning of the page anyway!Sure someone can ask, "If I'm cleaning each variable throughout the page, why should I clean the variables at the top? Aren't I doing the same thing with your recommendation?".It is easier on you to clean variables at the beginning of the page for a few different reasons, beyond formatting.

1. It reduces the amount of code you have to write. 2. Once the variable is clean, you can use it freely throughout the page, without the fear of

vulnerabilities.

3. It is cleaner and more organized, allows you to work easier, and avoids mistakes.

If we cleaned variables at the beginning of the page, our script would look like this:<?include("connections.php");$username = mysql_real_escape_string( $_GET['username'] );

$password = mysql_real_escape_string( $_GET['password'] );$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .$username. " ' AND `password`= ' " .$password. " ' ", $database); ?>You could even go as far as creating a function to do all cleaning for you, reducing the amount you have to type further. Look at the following example.<?function cleaner($input){//clean variable, including mysql_real_escape_string()}include("connections.php");$username = cleaner( $_GET['username'] );$password = cleaner( $_GET['password'] );$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .$username. " ' AND `password`= ' " .$password. " ' ", $database); ?>

Recommendation: Check Even After It Is CleanedYou can have additional checks in place to guard against unnecessary processing on your server. This is achieved by adding checks to your script before you ever get to the point of running the query; only running the query when you find the data acceptable.

<?function cleaner($input){//clean variable, including mysql_real_escape_string()}include("connections.php");$username = cleaner( $_GET['username'] );$password = cleaner( $_GET['password'] );//Check if the input is blank.if( ($password == '') || ($username == '')){//dont let them pass} //Check if they are putting in way too many characters than should be allowed. else if( (strlen($username) > 20) || (strlen($password)> 20) ){//dont let them pass}//Passed all of our checks! Run query.else {$q = mysql_query("SELECT `id` FROM `users` WHERE `username`= ' " .$username. " ' AND `password`= ' " .$password. " ' ", $database); }?>

That's pretty much it.