28 May 2013

PHPJackal on Action

Maybe, this is your Server?? Check your security about your Server.
Webshelling with PHPJackal
I have been entered into this Server, i use PHPJackal for webshelling this Server. Contacting the Administrator of this Server? Maybe, if there's an agreement between me and he/she about the Server. Don't think about how secure we are, but thinking how un-secure we are?
"I am for aiming!"

27 May 2013

Indonesian Dark Wordlist

Indonesian Dark Wordlist adalah proyek baru dari Unlisted Developer yang menghasilkan kumpulan kata (wordlist) berbasiskan pada Kamus Besar Bahasa Indonesia (KBBI) untuk berbagai keperluan, misalnya teknik bruteforce atau aircracking. Kami masih melihat proyek-proyek sebelumnya masih tidak jelas kelanjutan proyeknya dalam membuat Wordlist, maka dari itulah kami membuat proyek ini sebagai jembatan kepada teman-teman lain yang membutuhkan wordlist yang lengkap tanpa harus bersusah-susah meng-generate.
Mengingat proyek ini masih dalam tahap awal, maka banyak sekali kelemahan-kelamahan yang ada, sehingga kami mengharapkan kritik dan saran yang membangun, supaya kami bisa berbenah dalam setiap tambahan waktu. Selain itu, kami juga masih membuka peluang kepada teman-teman yang ingin bergabung dalam proyek ini, silahkan menghubungi saya via email atau tinggalkan komentar pada tulisan ini. Tidak ada syarat ketentuan khusus, hanya syarat umum yaitu bisa mengoperasikan komputer (mengerti linux lebih diutamakan) dan memiliki koneksi internet.
Harapan besar kami dari proyek ini adalah bisa menghasilkan wordlist dari kosa kata yang ada dalam Kamus Besar Bahasa Indonesia, sehingga akan memberikan peluang yang lebih besar kepada user kami, untuk menggunakan wordlist ini dengan kata akhir "sukses". Kecenderungan pemakaian bahasa regional atau nasional membuat peluang wordlist pada proyek ini nantinya memiliki nilai yang besar. Sehingga bisa dijadikan acuan dalam pengembangan wordlist-wordlist lain dengan memanfaatkan sumber daya kami.
Untuk sementara kami menggunakan GitHub untuk melakukan pengembangan sekaligus dokumentasi proyek. Beranda GitHub proyek ini ada di https://github.com/h3rucutu/indonesian-dark-wordlist.
Bagaimana untuk mengkloning proyek ini pada komputer lokal? Gunakan perintah di bawah ini.
root@kali:~# git clone https://github.com/h3rucutu/indonesian-dark-wordlist indonesian-dark-wordlist
Selamat menikmati dan mari berkontribusi.
"i am for aiming!"

26 May 2013

Share Connection eth0 on Kali

When i was still using Backtrack as pentest Operating System on my netbook, i need to configure everything about networking, include sharing connection over eth0 interface. I must type on the terminal to set up the interface, then set the IP and netmask, etc. After setting the interface connection, i also must to configure  iptables to forwarding the internet connection from the other interface into eth0, and the last step i must turn on forwarding rule. It's really fun, although need several step to do it. But, when i am using Kali Linux, i realize that the step which can i do on backtrack doesn't running on Kali Linux. After learn several option about networking on Kali, finally i can share connection over eth0 on Kali Linux.
Okay, the first assume that we must have connected internet (not using eth0). Next, when your connection are ready, you can right click on the networking icon, select Edit Connection.
Edit Connection
When the window "Networking Connection" appear, click Wired tab, and select Wired Connection, then click Edit.
Network Connection
Configure Wired Connection on IPv4 tab, set the method is "Shared to the other computers", don't forget to checklist Connect automatically, see figure below. Save the configuration within click Save.
Wired Connection
Now, your computer are ready for sharing connection over eth0 interface on Kali Linux. You can share with plug-in the UTP cable on your computer and the other computer, and DHCP Server will give the IP Address automatically for the other computer which you have shared internet connection. Let's share!
"i am for aiming!"

25 May 2013

Why Unlisted Developer Repo?

Unlisted Developer is the first of my project on Kali Linux development, we focused on Kali Linux Repository on Indonesia. We offer several advantages about Kali Linux Repository, we don't just mirroring the main Repository of Kali Linux, but we have different management for this Repository. Okay, i'll write down several advantages, why we are better than the other Mirror Repository of Kali Linux.

1. All In One
As we know, the default repository of Kali Linux is divided into three section, this is main, contrib and non-free. Main is the main repository which contain the core repository. Contrib is the repository for contribution. And Non-Free is the non-free repository. On the upper level, there are more kind of repository, for example security.
It's too complicated, because we must add every repository source which provide each feature. On our repository, you just add one repository source and you will get all of the repository feature, include security, update original tools, extra tools. You won't get the disadvantages of the experimental update, because we will testing all of the update before we packaging and add into our repository.

2. Easy Inspection
When you're ready to be a part of developer, maybe you interest about how we manage the package in our repository. We are open for newbie developer. So, we have commit to make our system of managing package easy to inspection.
We make this repository different with Debian structure, but not totally different. We believe that our structure easier to learn than Debian structure.

3. Small Space
We are still focus on i386 architecture, but on the future we will accommodate all of the architecture, include armhf (raspberry pi). By doing that, we need smaller space than mirroring method. Because we are packaging, not only mirroring. So we can save upto 90% space of the mirroring method space.

4. Reduce Bandwidth
Because we have using small space, we reduce bandwidth too. It's make our bandwidth on the server saving.

5. Open Project
This Project is open, you can contribute and join with us as developer. As unlisted developer, we learn together and develop for the better repository for Indonesian Network.
For more information, click http://herupranoto.web.ugm.ac.id.

"i am for aiming!"

05 May 2013

Fixing Flash Plugin Chrome

Installing Google Chrome is the best way to benefit from surfing on internet. Yes, Google Chrome is the most lightweight browser. As a linux user, we know that there're two type of that browser, Google Chrome and Chromium. Chromium is the opensource version of Chrome, and Google Chrome is the proprietary version. When you installed Chromium, you can't installed plugins where available on the Chrome Store, but on Google Chrome it can be. But, there's a problem on Kali Linux, when you installed the latest version of Google Chrome. It's because the newest version of Plugins Flash Player which included on the Google Chrome was not compatible or not stable yet. That version is 11.7 r700.
Okay, here i will tell you to fix it. Maybe you want to install Google Chrome at first (read Installing Google Chrome). Before it, you must be installing Hexedit, because on Kali Linux, Hexedit wasn't installed by default (read Installing Hexedit on Kali Linux). After that, on Google Chrome open the new tab and type "chrome://plugins".
You'll see several plugins which installed on Google Chrome. When you have installed Flash Player Plugin for Iceweasel like this post, you will found that Google Chrome was listed two Plugin of Flash Player, the first is the default from Google Chrome (11.7 r700), the second is Flash Player Plugin for Iceweasel (11.2 r202).
On my PC which installed Kali Linux, the 11.2 r202 version is more stable than 11.7 r700. I don't know about it, when i use the 11.7 r700 version to open video from Youtube, Google Chrome lacking everytime. But when i use the 11.2 r202, Google Chrome was playing the video normally. So, based on my experiment i choose 11.2 r202 version.
To activating just one Flash Player Plugin for Google Chrome, open the plugins of Google Chrome at "chrome://plugins".
You can click details on the right side in the window.
After that, you will see two Flash Player Plugin listed, disable the 11.7 r700 version.
Flash Plugins Google Chrome
Now, your Google Chrome just use one Flash Player Plugin.
"i am for aiming!"

03 May 2013

Installing Privoxy beside Tor

Privoxy is tools for configuring proxy on your system. It's needed for anonymous concepts. So, your identity when you using internet keeping from the other person who want to determine what your activity. Usually, i using Privoxy with Tor. Tor is providing the bouncing method with international network, and privoxy will forward it into your local machine with HTTP method. So, if you just use Tor, you can't connect to your local network. Then after you installed Privoxy beside Tor, you will be connected into your local network.
Let's begin. The first assume, you running on Kali Linux and you have an installed Tor in your system (see how to install Tor). If you have the default repository of Kali Linux, you need to add the Debian or Kali Main repository (in this tutorial i will use Debian Main repository), open the sources.list.
root@h3:~# vim /etc/apt/sources.list
Add the new source of the repository below, save and exit.
deb http://kambing.ui.ac.id/debian wheezy main
Running update and install Privoxy.
root@h3:~# apt-get update && apt-get install privoxy
After Privoxy installed, remove the Debian Main repository from your sources.list (it's to keep your system for damage condition).
Before configuring Privoxy, backup the default configuration Privoxy fist.
root@h3:~# cp /etc/privoxy/config /etc/privoxy/config.bak
Open the configuration file of Privoxy.
root@h3:~# vim /etc/privoxy/config
Find listen-address on the Access Control and Security Section. Change
listen-address localhost:8118
Next, find forward socks4 and socks5 on the Forwarding Section. Un-comment the row below.
forward-socks5 /
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .
forward localhost/
See the forward socks5, the port must be same with the port of Tor you're setup, here i running Tor on port 9150 (see how to running Tor on static port). Alternatively, if you confusing about it, you can download the config file here. Then replace the old config with the config file which you have downloaded.
For collaborating Privoxy with Tor, open the directory of Tor. Edit start-tor-browser with your favourite text editor.
root@h3:~# vim start-tor-browser
Add the command on the first and second row of this file with command to running Privoxy, so Privoxy will automatically running when you're running Tor.
/etc/init.d/privoxy stop
/etc/init.d/privoxy start
Go to the end of that file, add the command to stopping Privoxy, it will stopping Privoxy when you're stopping Tor.
/etc/init.d/privoxy stop
Save and exit. Now, go to the Network Configuration, i'm using Iceweasel. Set up the proxies of Iceweasel below.
Configuring Proxy of Iceweasel
Now, go to the address bar. Type http://check.torproject.org, when the color of image is green, your Tor is worked.
Tor Worked
Then go to http://config.privoxy.org, when the Privoxy Information opened, your Privoxy is worked too.
Privoxy Worked
Finally Privoxy and Tor is working together perfectly.
"i am for aiming!"

02 May 2013

Modifying Kali Linux Interface

GNOME is still running on Kali Linux, but the interface of GNOME on Kali Linux is different with GNOME on Backtrack. On Backtrack we can modify it very easy as adding panel, changing the button layout of window manager, etc. As a Backtrack user, i always remember what the desktop environment on Backtrack, and maybe need more time to adapt with the new desktop environment on Kali Linux.
But, to still keeping you so that you don't need time to adapt, you can modify the interface of Kali Linux. So you can enjoy the new environment of Kali Linux without afraid about your habit before using Kali Linux. One of more the differences between Backtrack and Kali Linux is the button layout at window manager. At Backtrack, you will found that the button layout located at the left, but at Kali Linux, it will be send back to right. Don't be afraid, let we send back (again) the button layout of window manager to the left.
You can use dconf (looks like gconf-editor) to modify it. Run dconf from Applications >> System Tools >> dconf Editor.
Running dconf
Open the org >> gnome >> desktop >> wm >> preferences.
dconf Editor
On the button-layout, change the configuration value with.
modify button layout
When you change the configuration value, the button layout will move to left immediately. Now, you don't need to adapt about the button layout of window manager on Kali Linux.
"i am for aiming!"

01 May 2013

Installing Hexedit on Kali Linux

Hexedit, is tool to edit the hex file. Hex file may contain a binary package which can be execute, after it has been compiled from the source code. Remembering on the last Backtrack, this tool still packaged with about over 300 another tools which ready to doing pentest action. But when i have installed Kali Linux, i did not see that tool again. Although there is another tool like GVim, but i more like Hexedit than another tool. Because Hexedit is lightweight. So we don't need a big resource to using that tool.
Okay, because i did not found Hexedit on Kali Linux, i will installed it from the Kali or Debian repository. It the best way to installed Hexedit on Kali Linux.
First, you need to open the source of your repository at /etc/apt directory.
root@h3:~# leafpad /etc/apt/sources.list
Second, add the new source of Kali repository (see recommended repository for Kali Linux), save and exit.
deb http://mirror.nus.edu.sg/kali/kali kali main
Third, you can running update of apt and install hexedit package.
root@h3:~# apt-get update && apt-get install hexedit
After that you can remove the new source which have you added into list of repository source. Do update again, and now you can using Hexedit on your Kali Linux.
Maybe it helpful when you want to installing Google Chrome (see Installing Google Chrome), to changing the code in order to Google Chrome can running at root permission level.
"i am for aiming!"

30 April 2013

Cleaning History on Google

When we are connected with Google account and we open new tab for searching with Google, your activity will be remember. It is so disturb me about saving my tracking activity for searching the victim who have any miss configuration or whatever about vulnerability (e.q. a sql injection method). As we know that all of our tracking can be offered by the someone who have a problem with us such as our hacking activity into their system. It can be a fact which have jailed us. Although as we know, maybe there're a hacker group who care with us, but it's never do the better, and not help us to free from the jail.
Google History
Okay, don't be panic we can delete that tracking to prevent us and stay anonymous. When we are signed in into our Google account, we can open the new tab addresses to history.google.com/history. The Google History will be opened immediately, then you will be asked about your password, type it and log-in. Now, the Google History will show us about our tracking activity, contain information the pass-phrase which have we searching using Google. If you use Google account for long time, maybe you have too many tracking record. For deleting this tracking, you can select the recently information about your tracking and choose remove items. Deleting all of your tracking is the best choice, but you may need a lot of time to delete it. Be patient.
Incognito Tab
Next, how to prevent our tracking will not be recorded? We can use incognito feature which include beside the popular web browser (e.q. Google Chrome, Mozilla Firefox) for searching activity without logging in into Google account. But, it still can be tracked with your IP Address. If you want to anonymously over the internet, i recommended you to using Tor (see how to installing Tor) and keeping your track anonymous. Keep anonymous!
"i am for aiming!"

29 April 2013

Iceweasel Flash Plugin on Kali

Iceweasel is the default web browser on Kali Linux, not longer Mozilla Firefox. But it's still based on Firefox Engine. When you first running your Kali Linux, there's not a flash player plugins which installed on Iceweasel. You can open Youtube to verify that. If you can playing any video there, maybe your Iceweasel has been installed flash player plugins. But, when you can't playing any video, you will need to install flash player plugins first.
Okay, now go to the http://get.adobe.com/flashplayer for downloading the flash player plugins from Adobe with Iceweasel. When the page loaded, select tar.gz for the other Linux, then click Download.
Downloading Flash Plugins
Lets get into your terminal and go to the directory where the file has been downloaded. You can extract the tar.gz file with command below.
root@h3:~# tar xvf install_flash_player_11_linux.i386.tar.gz
Next, move the plugins (*.so) into the plugins lib of Icewasel.
root@h3:~# mv libflashplayer.so /usr/lib/mozilla/plugins
After that, you must be copy the file inside the usr directory into your usr directory of your system.
root@h3:~# cp -r usr/* /usr
Now, the flash player plugins was installed for Iceweasel on Kali Linux. You can open the Iceweasel and type about:plugins in the address bar.
Plugins Listed
You see that the flash player plugins was listed on the Plugins Iceweasel on your Kali Linux.
"i am for aiming!"

28 April 2013

Repository for Kali Linux

Kali Linux, still have an experimental issue on any configuration. One of them is their repository. Beside supporting of the Debian Repository, but i prefer using the original Repository which maintenance by Kali Developer. Because it's optimize for Kali, although it's not the complete Repository like Debian have.
On the end of March, Kali Developer has been written on their blog (http://www.kali.org/blog) which make a bleeding edge repository contain update from several tools. But remember that this repository is still very experimental, so i don't add that repository into my source. Then, what's the repository would we use?? Okay, below i have list of the Kali Linux Repository which i used too. You can choose one of them, but don't use it together.
sources.list (default)
#Kali Security
deb http://security.kali.org kali/updates main contrib non-free
sources.list (Kali Server)
#Kali Security
deb http://security.kali.org kali/updates main contrib non-free
#Kali Bleeding-Edge
deb http://archive-5.kali.org/kali kali-bleeding-edge main
#Kali Main
deb http://archive-5.kali.org/kali kali main contrib non-free
sources.list (NUS Mirror)
#Kali Security
deb http://mirror.nus.edu.sg/kali/kali-security kali/updates main contrib non-free
#Kali Bleeding-Edge
deb http://mirror.nus.edu.sg/kali/kali kali-bleeding-edge main
#Kali Main
deb http://mirror.nus.edu.sg/kali/kali kali main contrib non-free
sources.list (External)
#Kali Security
deb http://ftp.halifax.rwth-aachen.de/kali-security kali/updates main contrib non-free
#Kali Bleeding Edge
deb http://ftp.halifax.rwth-aachen.de/kali kali-bleeding-edge main
#Kali Main
deb http://ftp.halifax.rwth-aachen.de/kali kali main contrib non-free
For my country (Indonesia), i recommended to you the Indonesian Repository of Debian for Kali Linux at Kambing UI of Repo UGM. For better syncing, i prefer to use Kambing UI, because it's always getting syncing with the Debian Repository often than Repo UGM.
sources.list (kambing ui)
#Kali Security (using NUS Mirror)
deb http://mirror.nus.edu.sg/kali/kali-security kali/updates main contrib non-free
#Kali Bleeding Edge (using NUS Mirror)
deb http://mirror.nus.edu.sg/kali/kali kali-bleeding-edge main
#Debian Main
deb http://kambing.ui.ac.id/debian wheezy main contrib non-free
sources.list (repo ugm)
#Kali Security (using NUS Mirror)
deb http://mirror.nus.edu.sg/kali/kali-security kali/updates main contrib non-free
#Kali Bleeding Edge (using NUS Mirror)
deb http://mirror.nus.edu.sg/kali/kali kali-bleeding-edge main
#Debian Main
deb http://repo.ugm.ac.id/debian wheezy main contrib non-free
sources.list (experimental my project)
#Experimental Mirroring Repository Kali Linux
deb http://herupranoto.web.ugm.ac.id/kali/debs i386/
Now, you can update and install everything you needed (e.q. GIMP, Inkscape, GEdit, etc), but i remember you to disable all of the source except Kali Security if you plan to running upgrade. Because, the pentest tools in your system maube can be damaged effect after you running upgrade with another source except Kali Security. If you want more, i was starting packaging Repository of Kali Linux for my self, future i will make it connected into internet for Indonesia Network Repository. See here for my Repository Kali Linux Project.
"i am for aiming!"

27 April 2013

Fixing Ralink Driver on Kali Linux

Okay, now i'm going to make Kali Linux as primary OS on my laptop, not longer Backtrack. Yes, i have decided to migrate from Backtack into the new version of Backtrack, named Kali Linux. This is my first tutorial of Kali Linux on my blog. So let's begin to fixing an error about Ralink wireless driver when we installing Kali Linux.
Kali Linux Desktop
When we are on the network configuration page from installation Kali Linux, the PC which used Ralink wireless will be notice that the driver need external source to be installed at installation of Kali Linux, in order to the wireless work normally. To satisfy that condition, we need the external source which contain anything about Ralink driver. As we know, Kali Linux is based on Debian Wheezy, so i was searching all about Ralink wireless driver.
Ahaaa, when i had read from one of them, i found the package (see http://wiki.debian.org/WiFi). Let's try to identify where our file which we needed. On this tutorial, we will fixing Ralink driver, so we will download the package about Ralink driver (the other vendor manufacture of your wireless module, may be work with this tutorial, just choose the package of your wireless manufacture). Because my wireless module is on-board so we just seen on the PCI Devices. My wireless module is RT 3090 which package in rt2080pci, so i open the page to download the packages. If you don't know about the type of your wireless module, you can download all package which the same vendor manufacture, for example Ralink.
After that, i found the page contain firmware-ralink. Because the Kali Linux is based on Debian Wheezy, i opened the Wheezy Package Page. Hmm, we can see that the firmware-ralink package include the non-free category of the Debian Wheezy repository. For downloading that package, we don't need to open the repository of Debian, but just click on the link which included on the Download section. Then, we can choose one of the repository which appear. The package (*.deb) will be instantly downloaded, because the size of that package is very small.
firmware-ralink package
Okay, after found that package, we can copy it into other USB-Storage (e.q. UFD), then insert it when you still on the installation process of Kali Linux, or you can copy it into the firmware directory of your media installation from Kali Linux (assume that your media installation was created using Universal USB Installer). So, you can instantly boot it and install Kali Linux without need time to configure network with external source, because the firmware will be loaded automatically on your media installation. Good luck!
I'm using eeepc 1015PEM with 2GB RAM, installed Kali-Linux 1.0.2 and Windows 8.
"i am for aiming!"

Upgrading w3af into GitHub

Mengingat kedatangan Kali atau yang disebut-sebut reinkarnasi Backtrack 6, telah mendorong semua tools yang biasa dipaketkan dalam backtrack berbondong-bondong menggunakan GitHub sebagai repository mereka. Salah satu software audit web yang terkenal ialah w3af. Meski merupakan open-project, w3af bisa disejajarkan dengan perangkat pentest web lainnya semacam acunetix. Bahkan acunetix sendiri merupakan perangkat berbayar.
Disini saya akan menguraikan bagaimana menggunakan repository GitHub dari w3af, setelah sebelumnya menggunakan svn. Pertama-tama kita bisa memindahkan atau menghapus file w3af yang lama (dalam contoh ini saya menghapusnya).
root@h3:~# rm -rf /pentest/web/w3af
Kemudian kita clone git dari repository GitHub w3af (sebelumnya masuk ke direktori /pentest/web terlebih dahulu).
root@h3:~/pentest/web# git clone https://github.com/andresriancho/w3af w3af
Untuk menunjang instalasi w3af, kita butuh python-pip, instalasikan.
root@h3:~/pentest/web# apt-get install python-pip
Lalu gunakan pip untuk melakukan konfigurasi pada direktori w3af.
root@h3:~/pentest/web/w3af# pip install PyGithub GitPython esmre pdfminer futures guess-language cluster msgpack-python python-ntlm && pip install -e git+git://github.com/ramen/phply.git#egg=phply
Sekali lagi gunakan pip untuk melakukan konfigurasi pada direktori w3af.
root@h3:~/pentest/web/w3af# pip install PyGithub GitPython esmre pdfminer futures guess-language cluster msgpack-python python-ntlm
Setelah selesai semua, kini w3af siap digunakan.
Running w3af console
Ini adalah tulisan terakhir saya yang membahas tutorial apapun tentang pentest, karena saya mempertimbangkan untuk segera bermigrasi ke Kali Linux, sebagai bagian dari memperbaharui kemampuan dan lingkungan baru yang nantinya harus saya adaptasi, karena Kali Linux mengambil basis Debian, bukan lagi Ubuntu. Meski sering dianggap sama, namun saya berpikir akan berbeda, sebab Window Managernya pun akan terdapat 2, yakni GNOME 3 dan GNOME 2. "i'm not a pentester, but just a beginner".
Happy Analyst!

Updating BeEF using Github

BeEF (The Browser Exploitation Framework Project) adalah salah satu tools yang sering saya gunakan di backtrack dengan teknik Social Engineering. Tools ini kaya akan fitur untuk membantu kita memanfaatkan korban yang sudah menjadi zombie kita. Dengan hanya menyisipkan script pada sebuah file yang sedang diakses korban, maka korban pun akan segera masuk dalam daftar zombie kita, untuk selanjutnya kita eksplorasi lebih dalam. Berbagai metode siap dilancarkan, bahkan boleh jadi anda memanfaatkan BeEF ini sebagai batu loncatan untuk menuju alat eksploitasi lainnya, semisal metasploit.
Secara default, versi dari BeEF yang terinstalasi secara default pada backtrack sudah bisa menjalankan berbagai serangan kepada zombie kita, namun alangkah baiknya jika kita senantiasa meng-update BeEF dengan versi terbaru. Apalagi, BeEF ini menggunakan repository Github, yang sangat memudahkan kita dalam meng-update. Kini saya akan menjelaskan bagaimana kita akan meng-update BeEF menggunakan perintah Github.
Pertama-tama, kita masuk ke direktori dimana BeEF berada, yaitu di /pentest/web/beef.
root@h3:~# cd /pentest/web/beef
Selanjutnya kita memulai untuk menambahkan repository Github pada direktori BeEF ini.
root@h3:/pentest/web/beef# git init
Kemudian kita tambahkan remote url pada repository BeEF di https://github.com/beefproject/beef.git.
root@h3:/pentest/web/beef# git remote add origin https://github.com/beefproject/beef.git
Sekarang kita bisa langsung memulai meng-update, dengan cara mensinkronisasi file yang ada di repository Github dari BeEF, dengan repository lokal yang ada di sistem kita. Cara ini lebih menghemat waktu daripada mendownload dalam jumlah besar.
root@h3:/pentest/web/beef# git pull
Gunakan perintah pull untuk melakukan update.
Kini, BeEF kita sudah dalam performa terbaik untuk memulai merencanakan mendapatkan zombie-zombie. Yang akan kita manfaatkan sesuai dengan kemauan kita. "i'm not a pentester, but just a beginner".
Happy Analyst!

21 April 2013

Running Another Port of Apache

Dalam keadaan default, apache2 akan berjalan pada port 80, yaitu port dimana protokol http biasanya diakses. Namun bagaimanakah kita bisa memanfaatkan port lain agar apache2 ini bisa berjalan pada port selain port defaultnya?? Saya akan membahas di sini bagaimana agar apache2 bisa berjalan pada port selain 80.
Pertanyaan mendasarnya adalah, mengapa kita harus mengubah port default dari apache2 ini?? Untuk kebutuhan-kebutuhan khusus, mungkin anda akan sangat membutuhkan untuk menjalankan apache2 pada port lain. Semisal suatu kasus, saya telah berhasil mendapatkan hak akses administrator router dari sebuah jaringan lokal (LAN), selain melakukan aktivitas hacking di dalam jaringan lokal tersebut, saya juga ingin melakukan aktivitas hacking yang berinteraksi dengan internet, misalkan suatu server yang juga terhubung ke jaringan internet. Sehingga saya butuh port forwarding pada router tersebut untuk menggunakan IP Publiknya, sementara port 80 telah dipakai oleh komputer lain, sehingga saya membuka port lain untuk dilanjutkan (forward) pada port yang sama pada komputer saya (sebenarnya diarahkan untuk port yang berbeda juga bisa saja). Yang port ini nantinya akan kita aktifkan apache2 dan mungkin aplikasi lain.
Baik, karena kita menggunakan backtrack 5r3 dengan update terakhir (belum kali linux tapi ya, hehe), maka secara default apache2 akan aktif, oleh karena itu kita stop dulu apache2.
root@h3:~# /etc/init.d/apache2 stop
Setelah itu, kita masuk ke direktori apache2.
root@h3:~# cd /etc/apache2
Edit dua file dalam konfigurasi apache2, yakni ports.conf dan defaults (file defaults berada pada direktori sites-available).
Pada file ports.conf, ubah nilai port default apache (80) pada NameVirtualHost dan Listen, misalkan menjadi 8080 (ingat, nilai port pada kedua konfigurasi ini harus sama, tidak boleh berbeda).
Port Configuration
Untuk file defaults, ubah nilai port pada VirtualHost menjadi sama dengan sebelumnya (8080).
Default Configuration
Setelah itu kita jalankan kembali apache2 dengan perintah berikut.
root@h3:~# /etc/init.d/apache2 start
Kemudian kita coba mengakses lewat browser, dengan port default apache2 (80).
Firefox Opening Port 80
Terlihat, bahwa port 80 tidak bisa diakses, kita ganti dengan port 8080.
Apache2 on Port 8080
Taraa, apache2 berjalan dengan baik. Untuk memastikan port yang berjalan kita bisa gunakan nmap.
Scanning Port using Nmap
Lihatlah, bahwa port yang berjalan adalah 8080 dengan aplikasi apache2. Kini kita bisa memanfaatkan komputer kita sebagai server sementara untuk mengirimkan file umpan semisal backdoor atau file umpan lainnya kepada korban kita via internet, untuk menuju tahap eksploitasi lebih dalam. Tetap ingat untuk membersihkan log kita, jika tidak maka administrator akan melacak siapa anda. "i'm not a pentester, but just a beginner".
Happy Analyst!

16 April 2013

Setting Static Port of Tor

Pada tulisan saya sebelumnya tentang langkah-langkah menginstalasikan Tor pada backtrack di http://h3rucutu.blogspot.com/2013/02/installing-tor-on-backtrack-5-r3_12.html, saya menyadari bahwa secara default Tor mengatur portnya secara dinamik, alias berganti-ganti saat. Ini tentu akan merepotkan kita dalam menggunakan Tor, karena tiap kali kita menjalankan Tor, kita harus mengatur ulang port, agar sesuai dengan port Tor saat dijalankan. Untuk mengatasi masalah ini, kita bisa mengatur port Tor secara statik.
Baik langsung saja kita mulai. Untuk langkah-langkah instalasi, silahkan membaca tulisan saya pada link yang telah saya cantumkan di atas, karena di sini saya hanya akan membahas bagaimana mengatur port statik pada Tor.
Pertama, kita jalankan Tor.
Vidalia Control Panel
Pada Vidalia Control Panel, klik Settings, lalu klik Advanced.
Setting ControlPort Tor
Di Tor Control, uncheck pada opsi Configure ControlPort automatically, kemudian isi pada kolom Address yang tersedia dengan (ini akan membuat static port pada Tor di 9150), OK.
Atur ulang Network Proxy Preferences seperti berikut.
Network Proxy
Kini Anda tak perlu lagi mengatur port pada Network Proxy Preferences tiap kali ingin berstatus "Anonymous". "i'm not a pentester, but just a beginner".
Happy Analyst!

15 April 2013

Install Ruby 2.0.0 on Backtrack

Ruby adalah salah satu bahasa pemrograman yang sering dipakai untuk membangun beberapa tools hacking. Di backtrack, bahasa pemrograman ini secara default sudah terinstall dengan baik. Mengingat banyak tools yang dibenamkan pada OS pentest ini berbasiskan ruby. Salah satu yang terkenal adalah Metasploit, framework untuk membantu mengeksploitasi sistem ini dibangun menggunakan ruby.
Versi yang telah dipaketkan dalam OS backtrack terakhir yaitu 5r3 adalah ruby versi 1.8.7. Versi 1.8.7 juga ditambahi dengan versi 1.9.2 untuk mendukung program lain yang membutuhkan versi lebih tinggi. Ini mengingat beberapa tools masih menggunakan versi 1.8.7 sementara yang lain sudah ke versi 1.9.2. Namun ada kalanya versi 1.9.2 ini mengalami masalah, terutama karena rumitnya sistem yang mengadaptasi tiap tools, sehingga kadang error menyertai pengguna backtrack saat ingin menggunakan tools yang membutuhkan versi 1.9 atau lebih tinggi. Alternatifnya kita bisa memeriksa ulang instalasi ruby versi yang lebih tinggi atau menambahkan versi yang tinggi ke sistem atau lazim disebut upgrade.
Salah satu alternatif untuk meng-upgrade ruby adalah melalui RVM (Ruby Version Manager). RVM membantu kita memanajemen versi ruby yang telah terinstall di dalam sistem kita. Baik, mari kita memulai menginstalasikan ruby versi yang lebih tinggi dari 1.9, saya akan menggunakan versi 2.0.0.
Pertama-tama kita instalasikan dependensi dari RVM itu sendiri, gunakan perintah di bawah ini, sebelumnya lakukan update terlebih dahulu.
root@h3:~# apt-get update && apt-get install libreadline6-dev libyaml-dev libgdbm-dev libffi-dev
Setelah itu kita mulai menginstall RVM dengan bantuan curl.
root@h3:~# \curl -L https://get.rvm.io | bash -s stable --ruby
Kemudian kita tambahkan RVM agar bisa dieksekusi dalam perintah terminal.
root@h3:~# source /usr/local/rvm/scripts/rvm
Kini RVM sudah terinstall dengan baik pada backtrack, kita bisa melihat versi terbaru RVM dengan perintah.
root@h3:~# rvm -v
Saya memilih menggunakan Ruby 2.0.0 yang barusan kita install sebagai default, gunakan perintah berikut.
root@h3:~# rvm use 2.0.0
Kini saya bisa menjalankan WPScan yang sebelumnya tidak bisa saya jalankan menggunakan Ruby 1.8.7. Untuk manual instalasi RVM silahkan menuju ke https://rvm.io/rvm/install. "i'm not a pentester, but just a beginner".
Happy Analyst!

Upgrade Github on Backtrack

Github, merupakan salah satu social media di dalam bidang programming. Sebuah developer kini bisa berinteraksi langsung dengan pengguna atau developer yang ingin berkontribusi di dalam Github, sehingga koreksi program dapat dilakukan secara cepat dengan sistem berbagi sumber daya dari program. Tak pelak, kini semua developer berbondong-bondong untuk memindah semua sumber daya dari program yang mereka kembangkan menuju Github.
Sayangnya secara default dalam Backtrack 5r3, Github yang terinstall adalah versi lama yaitu Pada repository default Backtrack, Github disertakan seadanya, mengingat kebutuhan Github dalam OS ini hanya untuk mengunduh berbagai tools yang digunakan dalam aktivitas hacking. Sehingga dengan versi adalah cukup untuk urusan mengunduh beragam tools yang dikembangkan tersebut. Lalu bagaimana jika kita ingin memulai sebuah proyek, atau sekedar berbagi tools yang telah kita modifikasi sendiri? Jawabannya tentu kita harus meng-upgrade Github yang terinstall pada Backtrack. Sebab saya sudah mencoba melakukan perintah git push, namun dalam versi terdapat error yang tidak bisa saya atasi. Sehingga solusinya adalah meng-upgrade Github.
Git Push
Untuk memulai upgrade Github, perlu diketahui kita akan memakai repository PPA dari Github. Gunakan perintah di bawah untuk menambahkan PPA stabil dari Github.
root@h3:~# add-apt-repository ppa:git-core/ppa
Setelah itu kita lakukan update pada sistem, kemudian mulai upgrade Github dengan perintah di bawah.
root@h3:~# apt-get update && apt-get install git-core
Kini Github dalam sistem Backtrack Anda telah ter-upgrade. "i'm not a pentester, but just a beginner".
Happy Analyst!

13 April 2013

Fixing Metasploit Update

When I trying to running msfupdate 2 weeks ago, I'm getting trouble about updating gems, the Installing pg (0.15.0) can't installed because something wrong in configuration about ruby. After 2 weeks, I can solve this.
Ok, I will started from Metasploit update, when I'm running msfupdate, I'm getting error below:
root@bt:~# msfupdate
[*] Attempting to update the Metasploit Framework...
HEAD is now at 522642a Updating mailmap
Already on 'master'
Your branch is ahead of 'origin/master' by 835 commits.
remote: Counting objects: 565, done.
Already Up to date
[*] Updating gems...
[/opt/metasploit/ruby/lib/ruby/gems/1.9.1/specifications/pg-0.15.0.gemspec] isn't a Gem::Specification (NilClass instead).
[/opt/metasploit/ruby/lib/ruby/gems/1.9.1/specifications/pg-0.15.0.gemspec] isn't a Gem::Specification (NilClass instead).
[/opt/metasploit/ruby/lib/ruby/gems/1.9.1/specifications/pg-0.15.0.gemspec] isn't a Gem::Specification (NilClass instead).
Fetching gem metadata from http://rubygems.org/.........
Fetching gem metadata from http://rubygems.org/..
Using rake (10.0.4)
Using i18n (0.6.1)
Using multi_json (1.0.4)
Using activesupport (3.2.13)
Using builder (3.0.4)
Using activemodel (3.2.13)
Using arel (3.0.2)
Using tzinfo (0.3.37)
Using activerecord (3.2.13)
Using database_cleaner (0.9.1)
Using diff-lcs (1.2.2)
Using factory_girl (4.2.0)
Using json (1.7.7)
Installing pg (0.15.0) with native extensions
Gem::Installer::ExtensionBuildError: ERROR: Failed to build gem native extension.
        /opt/metasploit/ruby/bin/ruby extconf.rb
checking for pg_config... yes
Using config values from /opt/metasploit/postgresql/bin/pg_config
checking for libpq-fe.h... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of
necessary libraries and/or headers.  Check the mkmf.log file for more
details.  You may need configuration options.
Provided configuration options:
/opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:381:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:506:in `try_cpp'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:970:in `block in find_header'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:790:in `block in checking_for'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:284:in `block (2 levels) in postpone'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:254:in `open'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:284:in `block in postpone'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:254:in `open'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:280:in `postpone'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:789:in `checking_for'
 from /opt/metasploit/ruby/lib/ruby/1.9.1/mkmf.rb:969:in `find_header'
 from extconf.rb:43:in `<main>'
Gem files will remain installed in /opt/metasploit/ruby/lib/ruby/gems/1.9.1/gems/pg-0.15.0 for inspection.
Results logged to /opt/metasploit/ruby/lib/ruby/gems/1.9.1/gems/pg-0.15.0/ext/gem_make.out
An error occured while installing pg (0.15.0), and Bundler cannot continue.
Make sure that `gem install pg -v '0.15.0'` succeeds before bundling.
Then while you running gem install pg -v '0.15.0', you will getting error too. So modify the file rbconfig in  /opt/metasploit/ruby/lib/ruby/1.9.1/i686-linux/. Edit via vim or whatever your favourite editing text tool.
root@bt:~# vim /opt/metasploit/ruby/lib/ruby/1.9.1/i686-linux/rbconfig.rb
 Change the configuration below:
CONFIG["LIBRUBYARG_STATIC"] = "-Wl,-R -Wl,$(libdir) -L$(libdir) -l$(RUBY_SO_NAME)-static"
CONFIG["LIBRUBYARG_STATIC"] = "-Wl,-R -Wl,$(libdir) -L$(libdir) "
Save and exit. Now, you can running msfupdate, after that, you can start msfconsole again. Ok, lets go to using metasploit for making payload and exploiting the victim. "i'm not a pentester, but just a beginner".
Happy Analyst!

12 February 2013

Installing Tor on Backtrack 5 R3

Sebagai seorang yang suka melakukan pentest, menjaga indentitas adalah wajib, apalagi kalau uji penetrasi yang kita lakukan tidak diketahui oleh pemilik sistem, dalam bahasa kasarnya ilegal. Karena kita memang dalam posisi tidak ditugaskan untuk menguji sistem yang dimaksud, sehingga menjaga identitas mutlak diperlukan. Ini demi menjaga kita dari sesuatu yang tidak kita inginkan, misalnya apabila kita berhasil meretas sebuah sistem yang dimiliki oleh suatu negara, bahkan dalam undang-undang negara tersebut memiliki hukum pidana untuk aksi yang kita perbuat, mungkin kepolisian atau divisi khusus negara tersebut akan melakukan tindakan forensik, yang mengakibatkan aksi itu terlacak dan kita ditangkap untuk dijebloskan ke penjara. Itulah mengapa kita harus menjadi anonymous saat melakukan pentest, salah satunya menggunakan Tor (lihat website Tor).
Tor merupakan salah satu metode dimana kita bisa menjadi anonymous saat melakukan aksi pentest. Selain itu ada beberapa alternatif seperti Virtual Private Network (VPN), Virtual Private Server (VPS) atau Proxy. Dari beberapa itu, Tor lebih dipilih karena kemudahannya dan sifatnya yang memang dikenal luas oleh banyak pentester.
Baik, sekarang saya akan memulai menjadi anonymous dengan menginstalasikan Tor di Backtrack 5 r3. Pertama saya mengecek, apakah saya sudah anonymous apa belum melalui check.torproject.org. Tentu saja, saya belum anonymous karena saya belum melakukan atau menjalankan aplikasi apapun yang bisa membuat saya menjadi anonymous.
Sorry, You are not using Tor
Saya akan men-download file Tor di website Tor.
Homepage Tor
Pilih sesuai kategori sistem yang digunakan, karena saya memakai Backtrack 5 r3 32-bit, maka saya mengunduh yang 32-bit.
Tor Download Page
Tunggu hingga proses download selesai. Setelah itu kita ekstrak file Tor yang barusan kita download.
Extract Tor File
Setelah itu, kita masuk ke direktori hasil ekstrak, akan kita dapati file bernama start-tor-browser. Klik dua kali, lalu pilih Run untuk menjalankan Tor.
Run Tor
Ups, ternyata ada error, dimana Tor tidak bisa dieksekusi oleh root.
Error run as root
Kita edit file start-tor-browser, supaya root bisa menjalankan Tor, pertama buka file start-tor-browser dengan teks editor, saya menggunakan gedit. Carilah kode berikut kemudian ganti nilai nol (0) dengan nilai 1, simpan lalu keluar.
Editing Code
Jalankan kembali file start-tor-browser seperti sebelumnya, klik dua kali lalu pilih Run. Beberapa saat, Control Panel Vidalia akan tampil yang melakukan koneksi ke jaringan Tor.
Vidalia Control Panel
Tunggu hingga Vidalia berhasil mengkoneksikan ke jaringan Tor. Setelah terkoneksi ke jaringan Tor, maka Control Panel Vidalia akan tampil seperti berikut.
Connected to the Tor Network
Tak lama setelah terkoneksi ke jaringan Tor, sebuah browser akan terbuka dan menampilkan status anonymous kita, jika sudah berjalan baik maka status kita akan seperti di bawah ini.
Tor Browser configured to use Tor
Sejauh ini status anonymous kita sudah sempurna, dengan menggunakan browser bawaan Tor, namun bagaimana jika kita ingin menjadi anonymous untuk semua browser yang kita miliki, seperti Google Chrome misalnya?! Karena kita tahu Google Chrome itu ringan.
Still not using Tor
Baik, kita buka browser bawaan Tor, pilih menu Edit >> Preferences >> Advanced >> Network >> Settings. Akan tampil kotak dialog seperti dibawah ini, kita salin port yang digunakan pada SOCKS Host.
Socks configuration on Tor Browser
Buka Network Proxy dari menu System >> Preferences >> Network Proxy.
Network Proxy
Pilih manual proxy configuration, lalu pada kotak Socks Host isikan persis apa yang ditampilkan dari browser Tor tadi. Jangan lupa setelah mengisikan pengaturan, klik Apply System-Wide.
Manual proxy configuration
Buka kembali Google Chrome lalu arahkan ke check.torproject.org. Voila, kini saya sudah anonymous untuk segala browser yang saya miliki, termasuk Google Chrome.
Tor is configured for all Browser
Perlu diingat, kita hanya akan menjadi anonymous dengan menggunakan browser saja, untuk tool-tool lain yang kita pakai untuk pentest, kita tidak akan menjadi anonymous. Namun banyak tool yang menawarkan untuk dijalankan melalui jaringan Tor, sehingga kita tetap bisa anonymous. Baca pula bagaimana cara mengatur supaya Tor bisa berjalan dengan port yang statik (tidak berubah) di siniKeep your anonymity or you'll caught. "i'm not a pentester, but just a beginner".
Happy Analyst!