IDCA Blog's

Knowledge is Free | We Share To Everywhere

Thursday, February 21, 2013

Deface Dengan CSRF (Cross Site Request Forgery)

8:10 AM Defacing , 58 Comments
Assalamualaikum :)
Pada kesempatan kali ini aku mau kasih tutorial deface dengan tekhnik CSRF, oke tanpa basa basi kita mulai yah :D

Bahan-Bahan:

1. Download Script CSRF
===============================================================
DOWNLOAD DISINI  Password: Lihat
===============================================================
Note: Aktifkan Java Script untuk download!!

2. Download MadspotShell Disini Extract dulu dari file Rar!

3. Cari target dengan DORK :
  • inurl:/wp-content/themes/shepard
  • inurl:/wp-content/themes/money
  • inurl:/wp-content/themes/clockstone
  • inurl:/wp-content/themes/ambleside
  • inurl:/wp-content/themes/pacifico
#Dork dikembangkan sendiri ya :)

4. Untuk coba2 gunakan Live Target & Live Target 2

5. Great Thanks To om Edo aka Mr. Goodday aka 007 Yg udh ngajarin :D

6. Titip Nama :: Indonesian Cyber Army ( IDCA ) | Stealth Defacer Hacking Team (SDHT)

#Persiapan sudah selesai, sekarang tinggal kita eksekusi :)

7. Download Video Tutorial | Pass : onixidca


Note: "Tidak semua website bisa dengan teknik ini, harap selalu mencari dan mencoba! karena dalam dunia Hacking tidak ada yg instants dan bisa berhasil dengan mudah! Mereka yg berhasil adalah mereka yg selalu sabar berusaha dan terus mencoba!"

Langkah- Langkah:

1. Masukan Dork ke dalam google (kurang jelas lihat gambar)


2. Pilih salah satu target yang kita dapat tadi (Kurang jelas lihat gambar)


Contoh :
http://www.robertcarpentry.com/wp-content/themes/pacifico/images/ ganti menjadi http://www.robertcarpentry.com/wp-content/themes/pacifico/theme

3. Klik folder "Function" lalu klik file "Upload-bg.php" / "uploadbg.php" / "upload.php"

Note: Jika muncul "You Must Login....."atau blank? cari target lain!! :p  "Jika muncul "error" berarti Web target Vulnerable" ;p

4. Buka file CSRF.html yang tadi sudah di download dengan notepad, ganti URLTARGET  dengan link yang berada di addres bar target kamu tadi. Lihat Gambar! lalu save!
Contoh: "http://www.robertcarpentry.com/wp-content/themes/pacifico/theme/functions/upload-bg.php"



5. Buka file CSRF.html, akan muncul upload file. lalu Pilih Madspotshell.php lalu klik upload .


Jika berhasil maka akan muncul seperti ini (lihat gambar)


6. Udah diganti ? dan jika berhasil maka tampilannya akan jadi seperti ini



#itu tandanya shell backdoor kamu sudah terpasang :D sekarang terserah mau kamu apain website itu :)

#Saya menggunakan SHELL dari teman saya om X Inject :D (tampilan shell akan berbeda beda loh setiap jenisnya)

Tampilan madspotshell::

7. Untuk eksekusi Index, silahkan lihat Cara Tebas Index Website Wordpress

Sekian tutor yang dapat saya berikan :)

kalo kurang jelas, boleh tanya kan pada ORANG CAKEP INI XD

Sekian :)

Keyword : Cara deface dengan CSRF , Deface Website Mudah , Cara deface website , Cara ampuh deface website
By di
Label:

58 comments:

  1. UnknownFebruary 21, 2013 at 9:22 AM

    you must login to access this script...

    dapetnya kayak gitu mulu om... :(

    ReplyDelete
  2. BimoFebruary 21, 2013 at 9:33 AM

    wkwkwkwkkw kebanyakan udah pada di patch :D

    jadi tinggal kreatif nya kamu buat nyari dork yang fresh :D

    ReplyDelete
  3. taraFebruary 21, 2013 at 11:29 AM

    bisa jelaskan maksud tutorial ini

    4. Lalu buka folder yang tadi sudah di download, lalu ganti link yang berwarna hijau "diatas tadi" dengan link yang berada di addres bar target kamu tadi.

    5. Pilih file.php lalu klik upload .

    gk ngerti ini pak,

    ReplyDelete
    Replies
    1. BimoFebruary 21, 2013 at 4:01 PM

      Gini pak :D

      kan tadi kita udah masuk ke situs target sampek /upload-bg.php

      nah addres bar itu di copas semua .

      Lalu buka file yang kamu download tadi, disana ada url kan? Nah ganti dengn url yang kamu copy tadi :)

      Delete
  4. CL03SFebruary 21, 2013 at 2:58 PM

    Dewo Nihhh

    Ajalin akuuuuuuuuuuu !!

    ReplyDelete
  5. AnonymousFebruary 22, 2013 at 12:24 AM

    kok tulisannya gini ya

    You must be logged in to access this script.

    ReplyDelete
  6. AnonymousFebruary 22, 2013 at 3:43 AM

    ane udah upload, tpi tampilan masih "eror"

    ReplyDelete
  7. AnonymousFebruary 24, 2013 at 10:45 PM

    minta dork ato ajalin cara cari dork boleh ??

    ReplyDelete
  8. AnonymousFebruary 25, 2013 at 3:08 AM

    password ee opo om???

    ReplyDelete
  9. BimoFebruary 25, 2013 at 7:19 AM

    pass : idca

    ReplyDelete
  10. DaffaMarch 1, 2013 at 9:00 PM

    banyak yg gk bissa -_-

    ReplyDelete
  11. eps[YL]onMarch 4, 2013 at 6:42 PM

    ya ampun cetar menggelora duar
    susahnya mencari dork yang fresh XD
    adakah yang mau berbagi>>?????

    ReplyDelete
    Replies
    1. BimoMarch 19, 2013 at 7:46 PM

      kwokwokwokwokow, semangat gan ^_^

      nih :

      inurl:/wp-content/themes/qreator
      inurl:/wp-content/themes/cleanple

      Delete
  12. AnonymousMarch 5, 2013 at 12:01 AM

    belum bisa nih gan... pusing

    ReplyDelete
  13. AnonymousMarch 6, 2013 at 4:23 PM

    bagi shell yang in73ction V3,1 donk om :v

    ReplyDelete
  14. HN-CommunityMarch 14, 2013 at 9:35 PM

    IJIN BOOOKKKMARRKKKKK GAANNNN!!!

    SAAMAMAA IJIN SEEEDOOTTTT ILLLMUUUUNYAAA GANNNN !!!!

    ReplyDelete
  15. UnknownMarch 19, 2013 at 10:46 PM

    om bagi link shell inject nya

    ReplyDelete
  16. AnonymousMarch 21, 2013 at 3:29 AM

    Ane mau tnya bang __
    5. Buka file CSRF.html, akan muncul upload file. lalu Pilih Madspotshell.php lalu klik upload .



    Jika berhasil maka akan muncul seperti ini (lihat gambar)

    mksd'a apa ya bang ??
    ane udah upload file madspotshell'a tpi pas ane upload malah ''EROR'' knpa ya ?

    ReplyDelete
  17. Onix AQuaMarch 21, 2013 at 4:08 AM

    web udah dipatch (y)

    ReplyDelete
  18. DaffaMarch 28, 2013 at 3:35 AM

    Susahnya -_-

    ReplyDelete
  19. AnonymousApril 1, 2013 at 9:38 AM

    gx mudeng sya kang mz, alnya baca kyak gnian baru kali ini,, pngen blajar dulu yang dari dasarnya ada tutorialnya gx, kalo ada tlng bagi2 ke imel ya.. Hehe
    Nama. Geger
    Imel. geger_ian@yahoo.com

    ReplyDelete
  20. AnonymousApril 10, 2013 at 5:30 AM

    Mnta Dork'a lagi donk om :)

    ReplyDelete
  21. UnknownApril 30, 2013 at 1:30 AM

    Page Not Found om :(

    ReplyDelete
  22. AnonymousApril 30, 2013 at 6:11 AM

    em ane saat di buka 404 not found
    gmn itu gan?


    #maaf pakai anonynim

    ReplyDelete
  23. UnknownMay 1, 2013 at 1:30 AM

    muuuaaah

    ReplyDelete
  24. ,/HA69May 8, 2013 at 12:11 PM

    ini pake apache apa engga ?

    ReplyDelete
  25. UnknownMay 9, 2013 at 11:58 AM

    mintak dork

    ReplyDelete
  26. jaelyMay 11, 2013 at 10:42 PM

    Warning: move_uploaded_file(./f16028751f8b7c27aaf383468ffb03b7.php) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/flashpho/public_html/wp-content/themes/pacifico/theme/functions/upload-bg.php on line 24 kalau begini artinya g bisa ya bank [-(

    ReplyDelete
  27. AnonymousMay 13, 2013 at 6:05 AM

    ko udah di upload tulisannya masih"error"

    ReplyDelete
  28. AnonymousMay 18, 2013 at 4:28 PM

    mas bagi dork yg fresh donk plz

    ReplyDelete
  29. ElNeuVendettaJune 17, 2013 at 6:19 AM

    numpang tanyak mas, kalo misal tak buat jadi inurl:/wordpress/wp-content/themes/goldenway/theme/functions/upload-bg.php intext:error isok ta?

    ReplyDelete
  30. ElNeuVendettaJune 17, 2013 at 6:29 AM

    masbro cobak pake dork ini:inurl:/wp-content/themes/qreator/theme/ intext:upload

    ReplyDelete
  31. ElNeuVendettaJune 17, 2013 at 6:50 AM

    aku mek metu tulisan ngene mas. 5437c4a860336813197025652d331d50.php

    ReplyDelete
  32. ADMINJune 17, 2013 at 7:34 AM

    susah bnar gan ya,,oa cara uplod shell nya gmn ya gan maklum masih newbi ne

    ReplyDelete
  33. UnknownJune 18, 2013 at 2:13 AM

    Warning: move_uploaded_file(SANDI.PHPff89b59fd39d3a7b86bffcc4a7dc5331.php): failed to open stream: Permission denied in /var/www/html/newsitedev/wp-content/themes/shepard/theme/functions/upload.php on line 22 Warning: move_uploaded_file(): Unable to move '/tmp/phpDqHWsk' to 'SANDI.PHPff89b59fd39d3a7b86bffcc4a7dc5331.php' in /var/www/html/newsitedev/wp-content/themes/shepard/theme/functions/upload.php on line 22 error

    ITU GAGAL APA KAGA MASTAH SOALNYA DI UPLOAD.PHP :http://skysoft.co.id/wp-content/themes/shepard/theme/functions/upload.php TULISANNYA ERROR BERARTI VULN TERUS ANE COBA BUKA CSRF SETELAH ITU MASUKKAN MADSPOTSHELL SETELAH Q KLIK UPLOAD HASILNYA KOK BEGINI??
    Warning: move_uploaded_file(SANDI.PHPff89b59fd39d3a7b86bffcc4a7dc5331.php): failed to open stream: Permission denied in /var/www/html/newsitedev/wp-content/themes/shepard/theme/functions/upload.php on line 22 Warning: move_uploaded_file(): Unable to move '/tmp/phpDqHWsk' to 'SANDI.PHPff89b59fd39d3a7b86bffcc4a7dc5331.php' in /var/www/html/newsitedev/wp-content/themes/shepard/theme/functions/upload.php on line 22 error

    ReplyDelete
  34. UnknownJune 22, 2013 at 8:41 PM

    Warning: imagecreatefromjpeg(/home/yesung/public_html/wp-content/themes/Crevision/images/bgs/ff89b59fd39d3a7b86bffcc4a7dc5331.php) [function.imagecreatefromjpeg]: failed to open stream: No such file or directory in /home/yesung/public_html/wp-content/themes/cleanple/theme/functions/uploadbg.php on line 28

    Warning: getimagesize(/home/yesung/public_html/wp-content/themes/Crevision/images/bgs/ff89b59fd39d3a7b86bffcc4a7dc5331.php) [function.getimagesize]: failed to open stream: No such file or directory in /home/yesung/public_html/wp-content/themes/cleanple/theme/functions/uploadbg.php on line 31

    Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/yesung/public_html/wp-content/themes/cleanple/theme/functions/uploadbg.php on line 33
    ff89b59fd39d3a7b86bffcc4a7dc5331.php,ff89b59fd39d3a7b86bffcc4a7dc5331_thumb.jpg

    Gak bisa ya? ;-(

    ReplyDelete
  35. ADMINJune 24, 2013 at 8:51 PM

    kalau keluar kayak gini gak bisa oma ya



    Warning: move_uploaded_file(./ff89b59fd39d3a7b86bffcc4a7dc5331.php) [function.move-uploaded-file]: failed to open stream: Permission denied in /usr/home/rana/public_html/news/wp-content/themes/qreator/theme/functions/upload.php on line 18

    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpnviny2' to './ff89b59fd39d3a7b86bffcc4a7dc5331.php' in /usr/home/rana/public_html/news/wp-content/themes/qreator/theme/functions/upload.php on line 18
    error

    ReplyDelete
  36. Ø··ĝŘΔĉİŐ··ØJuly 6, 2013 at 9:30 PM

    Dicoba.... :)

    ReplyDelete
  37. luthfir arqamJuly 21, 2013 at 1:14 AM

    om onix knpa ya pas abis pencet upload trus eror??

    knpa ya?? baaallaaasss =))



    ReplyDelete
  38. Galih JinchurikiAugust 5, 2013 at 7:31 AM

    Sukses Gan !!

    http://ayentertainment.com/Acybert.html (Kasian klo ditebas Index)

    Bagi-bagi Shell :

    http://ayentertainment.com/wp-content/themes/cleanple/theme/functions/idca.php

    ReplyDelete
  39. UnknownOctober 11, 2013 at 1:17 AM

    http://prntscr.com/1wl7f8 terus gmna om ;((

    ReplyDelete
  40. VatavuMarch 29, 2014 at 10:08 PM

    kok ane error yah ? :o
    malah 404 not found ..

    ReplyDelete
  41. UnknownMarch 10, 2016 at 6:57 AM

    ijin donlottt

    ReplyDelete
  42. UnknownJuly 4, 2016 at 3:25 AM

    Mau nanya, kalo web sch.id tp dia vuln sama CSRF bisa gak pake cara ini?

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)