Friday, December 30, 2011

Mempersiapkan Migrasi Laptop ke Open Source

Sejak ditetapkannya batas sampai akhir 2011, semua instansi pemerintah tidak boleh lagi menggunakan perangkat lunak (software) ilegal. Banyak instansi pemerintah terutama akhir-akhir ini memigrasikan sistem operasi nya ke open source. Latar belakangnya yaitu deklarasi bersama 5 menteri menuju Indonesia Go Open Source (IGOS) pada tahun 2004 oleh Menteri Riset dan Teknologi, Menteri Komunikasi dan Informasi, Menteri Pendayagunaan Aparatur Negara, Menteri Kehakiman dan HAM, serta Menteri Pendidikan Nasional.

Hal ini ditegaskan kembali dengan surat edaran Kementerian Pendayagunaan Aparatur Negara nomor SE/01/03/M.PAN/2009 tentang pemanfaatan perangkat lunak legal dan OSS. Intinya adalah, pertama seluruh instansi pemerintah diwajibkan menggunakan perangkat lunak open source atau legal. Kedua, melakukan monitoring penggunaan perangkat lunak open source atau legal. Ketiga, batas waktu migrasi pada akhir 2011.

Saturday, October 29, 2011

Sharing Internet Modem via Lan on Backtrack (Linux)



To get internet form other computer, first we set our ip, gateway and DNS in our computer.

The text which blue color is our computer (computer A). And the red color is the other computer which connect to the internet (computer I).

1. First, in computer I we look for network information about ppp0.

# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.77.221.111 P-t-P:192.168.11.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:21275 errors:4 dropped:0 overruns:0 frame:0
TX packets:21823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:24204058 (24.2 MB) TX bytes:2716284 (2.7 MB)


The conclusion, ip ppp0 computer I is 10.77.221.111.

Thursday, August 25, 2011

The Power of Chroot



First step, we check about partition harddisk,

# fdisk -l

And then,

# mkdir /mnt/mount-path
# mount /dev/sdax /mnt/mount-path
# mount -t proc /proc /mnt/mount-path/proc
# mount -t sysfs /sys /mnt/mount-path/sys
# mount -o bind /dev /mnt/mount-path/dev
# chroot /mnt/mount-path /bin/bash


Now, chroot finished on /mnt/mount-path. For example, to install grub,

# grub-install /dev/sda
# grub-install /dev/sdax


or

# grub-install --root-directory=/mnt/mount-path /dev/sda

For install lilo,
# liloconfig

or just type

# lilo


Friday, July 29, 2011

Conky: Tool for Help Monitoring System (Update 02-17-12)



This is my conky, that help me very much to know about informations from the system. To get it, just install with:

$ sudo apt-get install conky feh

Now, create a file .conkyrc in ~/.conkyrc and fill in with codes which you like. By the way, we can save the code in other place and call it with "conky -c your-file-conky".

For documentations about conky, check this first, http://conky.sourceforge.net/screenshots.html and you won't be disappointed to use it. Hopefully..

Monday, July 25, 2011

Gaining Backdoor Through Sql



1. We go to see DVWA sql injection blind, and the link is:
http://192.168.56.101/dvwa/vulnerabilities/sqli_blind/


Tuesday, July 19, 2011

Test The Net and Gain The Root



Scan for Check The Website

PING xxxxxx (xxxxxx) 56(84) bytes of data.
64 bytes from xxxxxx: icmp_seq=1 ttl=64 time=38.8 ms
64 bytes from xxxxxx: icmp_seq=2 ttl=64 time=39.9 ms
64 bytes from xxxxxx: icmp_seq=3 ttl=64 time=42.1 ms
64 bytes from xxxxxx: icmp_seq=4 ttl=64 time=41.9 ms
^C
--- xxxxxx ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 38.899/40.739/42.113/1.361 ms

Thursday, July 14, 2011

Htaccess



Htaccess can be used to manage multiple usernames/passwords, thereby enhancing information protection on the web server by controlling access through HTTP protocols. When used in conjunction with a browser encryption method such as SSL, it is possible to make htaccess authentication a robust method of protecting directories. However, out of the box, htaccess is prone to several problems, namely: packet-sniffing, IP hijacking, replay attacks, and brute force. Cryptography, (SSL and one-time pads) can solve all but one of these problems - brute forcing.

Brute forcing takes a number of forms, and is a well-known and well-used attack against htaccess. Brute force is usually a minimal knowledge attack, requiring only the URL for the password-protected directory to work. In their most malevolent form, brute force attacks simply check the headers returned by the server. If the program sees that its request was favorable (the server returned a 200 OK response), it will mark the password as being valid. This can wreak havoc on a server. It can even cause denial of service when the brute force program disconnects after viewing the headers (as the server is not allowed to print out the rest of the content and the daemon cannot kill its children efficiently.)

Monday, July 11, 2011

PHP with The Suhosin Patch



On BackTrack 5, the suhosin already exist when we install with apt-get install phpmyadmin - mysql-server - php5-cgi. To check that, we can create file php at localhost, and the simple codes are:

<?
phpinfo();
?>


Now, we call the localhost (http://127.0.0.1/1.php) to get information about suhosin in phpinfo.



Thursday, June 30, 2011

Subnetting



The netmask is a bitmask that can be used to separate the bits of the network identifier from the bits of the host identifier. It is often written in the same notation used to denote IP addresses.

Not all sizes of prefix announcement may be routable on the public Internet: see routing, peering.

Class Leading bits Start End Default Subnet Mask in dotted decimal CIDR notation
A 0 0.0.0.0 127.255.255.255 255.0.0.0 /8
B 10 128.0.0.0 191.255.255.255 255.255.0.0 /16
C 110 192.0.0.0 223.255.255.255 255.255.255.0 /24
D 1110 224.0.0.0 239.255.255.255 not defined not defined
E 1111 240.0.0.0 255.255.255.254 not defined not defined

WebGoat Part 2: Session Management Flaws (Hijack a Session)



Concept / Topic To Teach:
Many applications will automatically log a user into their site if the right authentication cookie is specified. Some times the cookie values can be guessed if the algorithm for generating the cookie can be obtained. Some times the cookies are left on the client machine and can be stolen by exploiting another system vulnerability. Some times the cookies maybe intercepted using Cross site scripting. This lesson tries to make the student aware of authentication cookies and presents the student with a way to defeat the cookie authentication method in this lesson.

General Goal(s):
The user should be able to bypass the authentication check. Login using the webgoat/webgoat account to see what happens. You may also try aspect/aspect. When you understand the authentication cookie, try changing your identity to alice.

Sunday, June 26, 2011

WebGoat for Practice (Part 1 - Installation)



In my new article, i just add notes and some pictures for the installation. Hope you will easier to install it. WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. First download webgoat from WebGoat Google code downloads and visit the OWASP WebGoat pages for more info about WebGoat.

Next you have to install p7zip to extract the archive, you can do this with the apt package manager from console running

apt-get install p7zip

and then extract the archive using

p7zip -d WebGoat-OWASP_Standard-5.3_RC1.7z

Monday, June 20, 2011

Standard SQL Injection and Blind SQL Injection



An SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file existing on the DBMS file system and, in some cases, issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.

Standard SQL Injection
Consider the following SQL query:

SELECT * FROM Users WHERE Username='$username' AND Password='$password'

Stored and Reflected XSS Attacks



Cross-Site Scripting (XSS) attacks occur when:
1. Data enters a Web application through an untrusted source, most frequently a web request.
2. The data is included in dynamic content that is sent to a web user without being validated for malicious code.

The malicious content sent to the web browser often takes the form of a segment of JavaScript, but may also include HTML, Flash or any other type of code that the browser may execute. The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user's machine under the guise of the vulnerable site.

Damn Vulnerable Web App (DVWA) and The Top 10 Risks



Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

The Top 10 Risks list compiled by the Open Web Application Security Project (OWASP) are:

1. Injection
2. Cross-Site Scripting (XSS)
3. Broken Authentication and Session Management
4. Insecure Direct Object References
5. Cross-Site Request Forgery (CSRF)
6. Security Misconfiguration
7. Insecure Cryptographic Storage
8. Failure to Restrict URL Access
9. Insufficient Transport Layer Protection
10. Unvalidated Redirects and Forwards


Saturday, June 11, 2011

Data Validation Testing, Denial of Service Testing, Web Services Testing, and AJAX Testing (from OWASP)



1. Data Validation Testing
The most common web application security weakness is the failure to properly validate input coming from the client or environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.

1.1 Testing for Reflected Cross Site Scripting (OWASP-DV-001)

We gonna tried <script>alert("hello world")</script>: http://www.akakom.ac.id/index.php?user=<script>alert("hello world")</script>, so the link directed to http://www.akakom.ac.id/index.php?user=%20script%3EALERT%20%20hello%20world%20%20%20%2Fscript%3E#31610346594256744308. The page seems not changed anything.

1.2 Testing for Stored Cross Site Scripting (OWASP-DV-002)
Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the user’s browser under the privileges of the web application.

Wednesday, June 8, 2011

Cookies and Session (on Web Browser)



What are session cookies used for?

Webpages have no memories. A user going from page to page will be treated by the website as a completely new visitor. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit.

Session cookies allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page. The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalog and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click CHECKOUT, the new page does not recognize your past activities on prior pages and your shopping cart will always be empty.

Tuesday, June 7, 2011

Session Management Testing, Authorization Testing, and Business Logic Testing (from OWASP)



1. SESSION MANAGEMENT TESTING
At the core of any web-based application is the way in which it maintains state and thereby controls user-interaction with the site. Session Management broadly covers all controls on a user from authentication to leaving the application. HTTP is a stateless protocol, meaning that web servers respond to client requests without linking them to each other. Even simple application logic requires a user's multiple requests to be associated with each other across a "session”. This necessitates third party solutions – through either Off-The-Shelf (OTS) middleware and web server solutions, or bespoke developer implementations. Most popular web application environments, such as ASP and PHP, provide developers with built-in session handling routines. Some kind of identification token will typically be issued, which will be referred to as a “Session ID” or Cookie.

Sunday, June 5, 2011

Configuration Management Testing and Authentication Testing (from OWASP)



1. Configuration Management Testing
Often analysis of the infrastructure and topology architecture can reveal a great deal about a web application. Information such as source code, HTTP methods permitted, administrative functionality, authentication methods, and infrastructural configurations can be obtained.

2. Authentication Testing
Authentication is the act of estabilishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. In computer security, authentication is the process of attempting to verify the digital of the sender of a communication.

Saturday, June 4, 2011

Securing Communication Data (Part 1 - GnuPG)



GPG is the main program for the GnuPG system. From The GNU Privacy Handbook: "GnuPG uses public-key cryptography so that users may communicate securely. In a public-key system, each user has a pair of keys consisting of a private key and a public key. A user's private key is kept secret; it need never be revealed. The public key may be given to anyone with whom the user wants to communicate."

With Backtrack 5, gpg already installed when we used it. Maybe gpg just used with konsole/terminal, for GUI (Graphical User Interface) -one of the tools- we can used kleopatra.

Friday, June 3, 2011

Information Gathering



Information Gathering (target : www.akakom.ac.id)

Information Gathering is the first phase in a web penetration, that is seeking as much information from the application target. From this information would then be determined what kind of penetration we need.

  • Testing : spiders, robot, and crawlers

    Find robots.txt file form web target www.akakom.ac.id the purpose of identifying robots file is to look at the structure of web content.

    Information from www.akakom.ac.id/robots.txt, it’s about web content structure directory.Result and snapshot:


Tuesday, May 31, 2011

Get Into The Admin Page, Database, and Password Lectures (1st study)



Bismillah...

I'm sorry if my english still poor..

A. First, we visited http://172.17.51.105/akakom/ to analyzed and how we could into the admin page

By the way, the odds thing are:

1. From the page source, there are have words "Jogjakarta" and "3133t" which are colored white
2. In the page, if we select all, then the words "Jogjakarta" and "3133t" will appear visible

B. Then we fill in the user with "Jogjakarta" and for password "3133t" (which the quote ain't included)

C. After successfully logged in, we are directed to http://172.17.51.105/akakom/main/index.php

So in the admin page, we have an image akakom logo, sms akakom server, and table of list the students' scores (we get NIM, names, scores, and lecturers).

Friday, April 22, 2011

Mengidentifikasi File-file di Linux (Bag. 1)



Awalnya dapat file download .rar dari sebuah web. Namun ketika dibuka di rar, ternyata error. Kemungkinan dari awal, sepertinya file rarnya corrupt. Mana filenya besar dan untuk downloadpun sudah menunggu lama..

Iseng-iseng menggunakan command line "file" di konsole terminal, ternyata itu bukan file rar namun avi..

root@elha:~# file a.rar
a.rar: RIFF (little-endian) data, AVI, 704 x 396, 29.97 fps, video: XviD, audio: MPEG-1 Layer 3 (stereo, 48000 Hz)

Selanjutnya file "a.rar" tinggal dirubah menjadi "a.avi" dan akhirnya bisa membuka file tersebut (syukurlah belum dihapus).

Kita dapat mengetahui tipe dari suatu file dengan menggunakan perintah command "file". Contoh lainnya seperti di bawah ini:

root@elha:~# file sl1337.bmp
sl1337.bmp: PC bitmap data, Windows 3.x format, 640 x 480 x 8

Wednesday, April 20, 2011

Shaikh Ibn Uthaimeen on Committing Suicide Attacking The Enemy by Blowing Oneself Up In a Car



Question: What is the ruling regarding acts of jihaad by means of suicide, such as attaching explosives to a car and storming the enemy, whereby he knows without a doubt that he shall die as a result of this action?

Response: Indeed, my opinion is that he is regarded as one who has killed himself (committed suicide), and as a result he shall be punished in Hell, for that which is authenticated on the authority of the Prophet (sal-Allaahu `alayhe wa sallam).

[((Indeed, whoever (intentionally) kills himself, then certainly he will be punished in the Fire of Hell, wherein he shall dwell forever)), [Bukhaaree (5778) and Muslim (109 and 110)]].

Sunday, April 10, 2011

Koleksi Gambar Stroberi



Refreshing sejenak, untuk menghilangkan mengurangi kejenuhan..


     

Wednesday, March 16, 2011

Setting Linux BackTrack 4 (Update 12-04)



Berhubung Backtrack 5 rencananya mau rilis, postingan kali ini berkenaan catatan kecil dokumentasi konfigurasi dan menginstal program-program di Backtrack 4..

1. Mouse
- Double Click

2. prozilla
      edit di src/download_win.h line 55:
      void DL_Window::print_status(download_t * download, int quiet_mode);
      menjadi:
      void print_status(download_t * download, int quiet_mode);


3. new folder mnt/a b c d e

4. fstab

5. Transparant

6. glxinfo | grep "render" --> direct rendering: Yes
apt-get install mesa-utils

7. cdrecord, xfburn, brasero

8. Compiz
apt-get install compiz compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported simple-ccsm fusion-icon

Monday, March 14, 2011

Koleksi Suara (Terutama untuk Ringtone di HP)



File-filenya sudah dalam bentuk direct link, silakan untuk dapat langsung di download:

¤   anak-ayam.mp3
¤   anak-kucing.mp3
¤   angin.wav
¤   angin-suara-burung.mp3
¤   audio-tape-cuing.wav
¤   ayam-pagi.mp3

Saturday, February 26, 2011

Koleksi Desktop Wallps




     

     

Friday, February 18, 2011

Tips & Trik untuk Menghindari Iklan di Internet



Bismillahirrahmanirrahim..

Inti dari menghindari iklan ini ialah merubah isi dari hosts untuk mengalihkan situs iklan ke komputer lokal, sehingga iklan tidak akan muncul (juga sekaligus menghemat bandwith kita, *smile_smile).

Biasanya file hosts ada di direktori:

C:\[Windows]\System32\Drivers\Etc\Hosts

Bisa jadi di direktori lain, silakan ketik di menu Star-Run (atau Win + R)

%windir%\system32\drivers\etc\hosts

Adapun untuk windows 95/98, temukan di C:\Windows\hosts

Untuk Linux di /etc/hosts

**** Gunakan program Vim atau Nano atau Notepad (versi Wind) ataupun yang lainnya untuk mengeditnya.:

127.0.0.1 alamat_situs_iklan

Thursday, January 27, 2011

Koleksi Gambar-gambar Hujan



Berawal dari suka mengoleksi gambar-gambar moving picture, di bawah ini terdapat beberapa gambar hujan yang dikoleksi. Masih ada beberapa yang belum diunggah, Insya Allah di-update jika ada tambahan yang baru..

Hujan yang memang harus selalu kita syukuri, membawa banyak hikmah dari Allah ta'ala. Tuntunan doa ketika turun hujan sebagai berikut, --sebelumnya jazahullahu khairan kepada al akh Muhammad Aris Ibn Shalih atas gambar doa-doanya: