E-currency exchangers list
2. Exploiternya,, udah ane tanem nih (Crot Disini)
3. Dork : inurl:/siswa.php intext:Tim Balitbang site:.id
2. Cari targetnya yang mane aje serah lu pade tong.. asal jgn bini orang aje
3. Buka Exploiternya, lalu masukan site targetnya. Username ama Pass nya serah mau diganti apa kaga, defaultnya fayid 123456
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMhEYGRVzDEh9s_EGbPkW_OXo9b7NreF4kaUrM1kSc0pjuJUDBtizZwuYU1SV3Ww43Oh7QmkA-VAmQYR_BEu1gUmpmgqO3udwWZ93hNIoTEuMq9CPi_WHv6957LUNR3-OUIRPDoelVXGWm/s640/Screenshot+%25284%2529.png "Deface Website CMS Balitbang [With Exploiter]")
4. Setelah klik next, ntaran akal muncul captcha yang harus lu isi dengan bner
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwdLObrBC_fMsIyzZ5UBT6GaOrDRONfMlin4Or8LL51AnM9a3bdlSfxMlmU5R-VchYx7qkI55gSTFDOCWa-9b-qnrq94nQ9dDKfcQvR42fvl0DeoVPJ40POJxfrnwZM4SVVUq39LhxgXqq/s640/Screenshot+%25286%2529.png "Deface Website CMS Balitbang [With Exploiter]")
5. Kalo udeh tinggal klik go aje,, ntar muncul beginian ↓
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnKH6oayCwh3kdA6e09XMbZQOM8lZexNKwfiHZinxSoGEz6K_fXDBQPToo3rQw4blezpdXznGfXjtLyBLVDL2uZNX2UiKjwABwjQDZyF51Dox8nTxaaaDTE6LuQVcOPLo3sDOoJ7qE2S4v/s640/Screenshot+%25287%2529.png "Deface Website CMS Balitbang [With Exploiter]")
6. Kalo udeh muncul noh yang gambar sebelah captcha (lupa di tandain) klik dah tuh yg di kotak merah ⇑
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA9SJ1anFIIzqAi5bByKqbf39m4fMLrXBfOJHNCXQlK7THJBfp6-UuBpkcP1X-XJzb9h9MuG7AiOyrraIzhnn4Qctd3ejJjbaeZ6mqVfCNa1lXd9TOUA0lqegrSsKW-yWzdJhFOfsoja5J/s640/Screenshot+%25288%2529.png "Deface Website CMS Balitbang [With Exploiter]")
7. Kalo udeh muncul begituan (kotak merah pertama) itu dah pasti vuln (tapi kaga tau juga :v),, nah klik "Lewat sini" ↑↑↑↑↑
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisraIDa-jTq3_X9eifFDHfuDqi3zMchrYIN1YOsEQ3PorEsYnmRxFWqRJiR9Fwo3rE6T9hIMTeJhFII4Q57aLdSz5J_jaYKwsZwMFNP0E7AEUL2wEQdr5TG2vHv_a8z5pMD3YWkTT-6OU_/s640/Screenshot+%25289%2529.png "Deface Website CMS Balitbang [With Exploiter]")
8. Ikutin gambar aje yehh, ↑↑ dah pegel ngetik dari tadi... untung kuota gratis :v
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjCaMaljh6sq0dmMO9tS7loP2tbF1PRHf0YgleM_2D-oYnq7G_vHN2WqRoJnJLOYDuaOKsoXNaJ5X9Q1aV7Vlh9WIwvm71CxghU7rJ052wbxB2sfu2Vf2BsvmahF21H15TghsZemJ5uAeF/s640/Screenshot+%252810%2529.png "Deface Website CMS Balitbang [With Exploiter]")
9. Noh kan udah muncul tulisan "yes,, ahhh ahhh, oh yess,,," ↑↑↑
Lu pencet "Telusuri" buat upload shell lu,, inget yg udh di ganti formatnya jadi .php5 / .phtml
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgcsIIfHKIzyMKeVQf01EHXV-jPqZX7wE-5fx7tWtghcnp1iNcnbW6KB_2_tGJ_Wp_hypZhXM3NT9ukHt0lzOuFvCTii3C9_btvTUzlc16DQqehaizE5qJWiiQ3bybX24t_2Ct1X_SQAoN/s640/Screenshot+%252811%2529.png "Deface Website CMS Balitbang [With Exploiter]")
10. Ngapain lagi ?? tinggal klik simpan aje dah ahh..
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDncvpEp8yQO9ZjSnOlSNyf3zgwnizZUpui4Jl3imZeHs5cA2fHDShfEaFjQ6oW7eGuK9AmdsuzHpK4cfpfNIQjuqBK-4fNHaJmaAiULIdrjwzswNIu09t49dVRtX7YhPGPTzkkMBHwPio/s640/Screenshot+%252812%2529.png "Deface Website CMS Balitbang [With Exploiter]")
11. Gambar yang ane kotakin itu kaga tau penanda vuln atau bukan,, tp buat ngecek nya langsung akses aja,, nohh liat gambar udeh gw tandain..
12. Kalo "Not Found" atau apalah itu silahkan cari target lagi yoo :v
Hai ketemu lagi sma Mrcr4cker
Kali ini saya akan membahas tentang deface metode CMS BALITBANGππππ
Bahan-Bahan :
1. Shell Backdoor yang udh di ubh formatnya, bukan php lagi, tapi .phtml atau .php52. Exploiternya,, udah ane tanem nih (Crot Disini)
3. Dork : inurl:/siswa.php intext:Tim Balitbang site:.id
Step by Step :
1. Dorking dlu dah di gugell..2. Cari targetnya yang mane aje serah lu pade tong.. asal jgn bini orang aje
3. Buka Exploiternya, lalu masukan site targetnya. Username ama Pass nya serah mau diganti apa kaga, defaultnya fayid 123456
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMhEYGRVzDEh9s_EGbPkW_OXo9b7NreF4kaUrM1kSc0pjuJUDBtizZwuYU1SV3Ww43Oh7QmkA-VAmQYR_BEu1gUmpmgqO3udwWZ93hNIoTEuMq9CPi_WHv6957LUNR3-OUIRPDoelVXGWm/s1600/Screenshot+%25284%2529.png "Deface Website CMS Balitbang [With Exploiter]")
4. Setelah klik next, ntaran akal muncul captcha yang harus lu isi dengan bner
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwdLObrBC_fMsIyzZ5UBT6GaOrDRONfMlin4Or8LL51AnM9a3bdlSfxMlmU5R-VchYx7qkI55gSTFDOCWa-9b-qnrq94nQ9dDKfcQvR42fvl0DeoVPJ40POJxfrnwZM4SVVUq39LhxgXqq/s1600/Screenshot+%25286%2529.png "Deface Website CMS Balitbang [With Exploiter]")
5. Kalo udeh tinggal klik go aje,, ntar muncul beginian ↓
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnKH6oayCwh3kdA6e09XMbZQOM8lZexNKwfiHZinxSoGEz6K_fXDBQPToo3rQw4blezpdXznGfXjtLyBLVDL2uZNX2UiKjwABwjQDZyF51Dox8nTxaaaDTE6LuQVcOPLo3sDOoJ7qE2S4v/s1600/Screenshot+%25287%2529.png "Deface Website CMS Balitbang [With Exploiter]")
6. Kalo udeh muncul noh yang gambar sebelah captcha (lupa di tandain) klik dah tuh yg di kotak merah ⇑
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA9SJ1anFIIzqAi5bByKqbf39m4fMLrXBfOJHNCXQlK7THJBfp6-UuBpkcP1X-XJzb9h9MuG7AiOyrraIzhnn4Qctd3ejJjbaeZ6mqVfCNa1lXd9TOUA0lqegrSsKW-yWzdJhFOfsoja5J/s1600/Screenshot+%25288%2529.png "Deface Website CMS Balitbang [With Exploiter]")
7. Kalo udeh muncul begituan (kotak merah pertama) itu dah pasti vuln (tapi kaga tau juga :v),, nah klik "Lewat sini" ↑↑↑↑↑
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisraIDa-jTq3_X9eifFDHfuDqi3zMchrYIN1YOsEQ3PorEsYnmRxFWqRJiR9Fwo3rE6T9hIMTeJhFII4Q57aLdSz5J_jaYKwsZwMFNP0E7AEUL2wEQdr5TG2vHv_a8z5pMD3YWkTT-6OU_/s1600/Screenshot+%25289%2529.png "Deface Website CMS Balitbang [With Exploiter]")
8. Ikutin gambar aje yehh, ↑↑ dah pegel ngetik dari tadi... untung kuota gratis :v
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjCaMaljh6sq0dmMO9tS7loP2tbF1PRHf0YgleM_2D-oYnq7G_vHN2WqRoJnJLOYDuaOKsoXNaJ5X9Q1aV7Vlh9WIwvm71CxghU7rJ052wbxB2sfu2Vf2BsvmahF21H15TghsZemJ5uAeF/s1600/Screenshot+%252810%2529.png "Deface Website CMS Balitbang [With Exploiter]")
9. Noh kan udah muncul tulisan "yes,, ahhh ahhh, oh yess,,," ↑↑↑
Lu pencet "Telusuri" buat upload shell lu,, inget yg udh di ganti formatnya jadi .php5 / .phtml
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgcsIIfHKIzyMKeVQf01EHXV-jPqZX7wE-5fx7tWtghcnp1iNcnbW6KB_2_tGJ_Wp_hypZhXM3NT9ukHt0lzOuFvCTii3C9_btvTUzlc16DQqehaizE5qJWiiQ3bybX24t_2Ct1X_SQAoN/s1600/Screenshot+%252811%2529.png "Deface Website CMS Balitbang [With Exploiter]")
10. Ngapain lagi ?? tinggal klik simpan aje dah ahh..
![Deface Website CMS Balitbang [With Exploiter]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDncvpEp8yQO9ZjSnOlSNyf3zgwnizZUpui4Jl3imZeHs5cA2fHDShfEaFjQ6oW7eGuK9AmdsuzHpK4cfpfNIQjuqBK-4fNHaJmaAiULIdrjwzswNIu09t49dVRtX7YhPGPTzkkMBHwPio/s1600/Screenshot+%252812%2529.png "Deface Website CMS Balitbang [With Exploiter]")
11. Gambar yang ane kotakin itu kaga tau penanda vuln atau bukan,, tp buat ngecek nya langsung akses aja,, nohh liat gambar udeh gw tandain..
12. Kalo "Not Found" atau apalah itu silahkan cari target lagi yoo :v
Comments
Post a Comment