Halo Broo kali ini saya akan membagikan bagaimana Cara Deface Poc Bypass Admin Login..
Oke langsung saja ngedork dulu.. Kamu bisa gunakan dork di bawah ini _<
Dork :
- inurl:admin.php
- inurl:admin/login.php
- inurl:adminlogin.php
- inurl:adminhome.php
- inurl:admin_login.php
- inurl:administratorlogin.php
- inurl:/Manager/index.php
- inurl:login/administrator.php
- inurl:administrator_login.php
- inurl:admin/addproduct.asp
- inurl:admin/user.asp
- inurl:admin/ addpage.php
- inurl:admin/ gallery.asp
- inurl:admin/image.asp
- inurl:admin/adminuser.asp
- inurl:admin/productadd.asp
- inurl:admin/addadmin.asp
- inurl:admin/add_admin.asp
- inurl:admin/add_admin.php
- inurl:admin/addnews.asp
- inurl:admin/addpost
- inurl:admin/addforum.???
- inurl:admin/addgame.???
- inurl:admin/addblog.????
- inurl:admin/admin_detail.php
- inurl:admin/admin_area.php
- inurl:admin/product_add.php
- inurl:admin/additem.php
- inurl:admin/addstore.php
- inurl:admin/add_Products.???
- inurl:admin/showbook.???
- inurl:admin/selectitem.???
- allinurl:admin/addfile.???
- inurl:admin/addarticle.asp
- inurl:admin/addfile.asp
- inurl:admin/upload.php
- inurl:admin/upload.asp
- inurl:admin/addstory.php
- inurl:admin/addshow.php
- inurl:admin/addmember.asp
- inurl:admin/addinfo.asp
- inurl:admin/addcat.asp
- inurl:admin/cp.asp
- inurl:admin/productshow.asp
- inurl:admin/addjob.asp
- inurl:admin/addjob.???
- inurl:admin/addpic.???
- inurl:admin/viewproduct.???
- inurl:admin/addaccount.php
- inurl:admin/manage.php
- inurl:admin/addcontact.???
- inurl:admin/viewmanager.???
- inurl:admin/addschool.???
- inurl:admin/addproject.???
- inurl:admin/addsale.???
- inurl:admin/addcompany.???
- inurl:admin/payment.???
- inurl:user/emp.???
- inurl:admin/addmovie.???
- inurl:admin/addpassword.???
- inurl:admin/addemployee.???
- inurl:admin/addcat.???
- inurl:admin/admin.???
- inurl:admin/admincp.???
- inurl:admin/settings.???
- inurl:admin/addstate.???
- inurl:admin/addcountry.???
- inurl:admin/addmedia.???
- inurl:admin/addcode.???
- inurl:admin/addlinks.???
- inurl:admin/addcity.???
- inurl:admin/login.asp
- inurl:adminlogin.asp
- inurl:adminhome.asp
- inurl:admin_login.asp
- inurl:administratorlogin.asp
- inurl:login/administrator.asp
- inurl:administrator_login.asp
- intext:"please login" site:in
- intext:"login succesfuly" site:in
- intext:"login succesfuly" site:id
- intext:"login succesfuly" site:za
- intext:"login succesfuly" site:in
- intext:"login succesfuly" site:pl
- inurl:/admin/index.htm site:in
- intitle:"dashboard"
- inurl:/dashboard.php
- intitle:"dashboard"
- inurl:/daintitle:"dashboard"
- inurl:/dash.php
- inurl:/admin/index.php?id=?
- inurl:/admin/index.php?r=site/login
- Inurl:login[4"admin"] site:
- Inurl:admin ["Userlogin"]**site:
- inurl:/admin.php
- intext:login intext:adminsitrator
- inurl:/admin/index.php intext:username
- inurl :/admin/Admin.php intext:login
- inurl:/administrator/login.php
- intext:username site:.com
- inurl:/login.php
- intext:administrator intext:login
- inurl:/admin/upoload/
- inurl:/admin/login.php/ intitle:Administrator
- inurl:/admin/login.php intitle: Panel Admin
- inurl:/admin/login.php site:in
- inurl/mnux=login kampus
- inurl/mnux=login akademik
- inurl/mnux=login powered by sisfo
- inurl/?mnux=login "powered by sisfo kampus"
- inurl/mnux=login sisfo kampus
- inurl/mnux=login admin
- inurl/mnux= akademik
- inurl/mnux=login powered by sisfo
- inurl:/?mnux login
- inurl/mnux=login id /?mnux=login=frm siakad
- inurl/mnux=login akademik administrasi akademik - universitas sisfokampus
Baca Juga : Cara Deface Bypass Admin Aspx Upload Shell
Nah Jika sudah dapet target langsung saja bypass
Contoh :
User : admin
Pass : admin
User : admin
Pass : admin123
User : superadmin
Pass : superadmin
User : administrator
Pass : administrator
User : admin(bisa ganti dg email dari web nya target)
Pass : admin(terserah kamu kasih payload juga gpp)
View Payload Bypass
Kalau vuln password nya maka kamu akan otomatis masuk ke dashboard admin,,
Jika sudah masuk kamu bisa tanem shell kamu atau add artikel deface kamu..
Dan boom udah terdeface
Live Target + Hasil Bypass :
https://polisipati.com
https://bagsumda.polrespati.com
https://polisipati.com/node/19759
https://frontergroup.com/1337.php
Sekian dari saya semoga bermanfaat..
Dan Jangan Lupa Share.. Trimaksih