Pages

30 March 2013

Analisa tentang Tools Adwind ( Adwind Web Fake ) yang berbentuk *.jar


Saya kurang begitu tau tentang kapan dan dimana pertama kali software ini di Release.

pertama kali saya mendengar software ini dr teman yang namanya tidak bisa saya sebutkan. Teman saya bertanya

MyFriends : man, lo udah tau belum tentang soft "Adwind Web Fake"?


Me : wew, itu tools apa kk???


MyFriends : Tools itu semacam tools untuk membuat web Fake dimana Attacker dapat memalsukan alamat website dan attacker juga bisa menambahkan beberapa 

command/perintah tertentu untuk melakukan injeksi ke pc Target yg akan melakukan klik terhadap link yg telah kita palsukan.



Me : wah toolsnya keren yah ^_^

MyFriends : Iya sih keren tp pas gw scan di virustotal.com 

https://www.virustotal.com/en/file/10f09d04b8f1ffa17cf8e04c171589700de0f79b51a36c7c653c980d656e151e/analysis/1364582104/

hasilnya malah mengandung virus semua hakhakhakhak...99x


Me : wkwowkwowkwowkwwkwkw,...yg mana sih toolsnya coba liat. gw penasaran.

MyFriends : nih linknya http://uppit.com/15iuehf89idu/adwind_web_fake.zip 

coba lu bongkar kali ajah lo nemu harta karun di dalam hakhakhakhak...99x

Me : Ibih,...boro² harta karun yg ada gw malah kena marah sm Liena -_-"

MyFriends : hakhakhakhak...99x itulah gunanya elu,...siapa lg coba yg bisa tolongin gw :D


Me : ah,...taek lo. bahasa² kayak gini nih yg paling gw benci hahahhaha :p


MyFriends : hakhakhakhakhak...99x 


Me : Ok...nanti gw kasih kabar.


Singkat cerita setelah toolsnya sudah gw download gw langsung mulai lihat² toolsnya. ternyata filenya dalam bentuk *.jar -_-
ok gw lmulai dr klik kanan -> properties => truss gw liat² apa ajah keterangan² yag ada di situ....hmmm sepertinya tidak ada yang menarik di sini.

Kayaknya gw harus pake tools kesayangan gw buat liat filenya :D 
Nama Toolsnya "FileAnalyzer" (Kalau ga tau nanti gw kasih filenya ^_^ )
setelah gw buka,...tadaaaaaaaa !!!



Oke kayaknya sudah cukup untuk liat² filenya ^_^
sekarang kita coba bongkar, seperti apa sih Algoritma dari tools Gadungan ini :p
tapi pake yah???


Kasi tau ga yah?????
kasi tau ga yah????? 
wkwowkwowkwowkwowkwkw

kita coba pake tools seadanya saja :)
gimana kalo kita coba pake 7Zip ^_^ 
Jangan bilang lo kaget waktu baca tulisan 7Zip !!! ( Ga sah kaget biasa aja lageeee :D )





Dari beberapa gambar ini kita sudah bisa memperkirakan seperti apa cara kerja tools gadungan ini :)
apalagi ada file dengan tulisan "stub.dll"  wakakkakakkkk (kalian pasti tau itu file apa ^_^ )

untuk analisa selanjutnya saya serahkan kepada kalian yang membaca Tulisan ini ^_^

Oh iya untuk gambaran tentang Tools aslinya bisa berkunjung ke sini
http://www.adwind.com.mx/index.php/en/


Semoga tulisan ini bermanfaat dan berguna buat teman² yang suka "klik link" atau download file sembarangan di internet tanpa tau itu link atau file apa :)



Saran dan Kesimpulan :

  • Link atau file apapun yang ingin kita donwload di melalui media internet, sebaiknya di cek dulu melalu web scanner link/file seperti https://www.virustotal.com/
  • Sebaiknya ubah atau ganti ekstensi file² penting yang ada di PC/Laptop/Penyimpanan Eksternal Anda dengan ekstensi yang cukup mudah untuk anda ingat. sehingga ketika PC/Laptop anda terkena virus, file² tersebut tidak akan rusak. Contoh : file dengan extensi *.Docx => *.DDDDDD atau file *.rar => *.rrr ;  terserah kalian mau pake karakter apa yang terpenting selalu beri inisial awal dr ektensi tersebut ("*.D" untuk Docx / "*.r" untuk rar).
  • Segala bentuk kejahatan yang terjadi bukan karena ada niat pelakunya, tapi karena adanya kesempatan. WASPADALAH,....WASPADALAH wkwwkwowwkowwkwowkkk =)) =))



Sampai Ketemu di Tulisan saya berikutnya (Kalau ada niat buat nulis/ngetik ) ^_^

Salam


D4wFl1N
Baca Selengkapnya... Analisa tentang Tools Adwind ( Adwind Web Fake ) yang berbentuk *.jar

10 March 2013

SyRiAn Sh3ll V7

Source Lengkap bisa diambil di sini http://pastebin.com/vsnFhkyB
Baca Selengkapnya... SyRiAn Sh3ll V7

09 March 2013

Google Fusion Tables Cross Site Scripting

# Title: Google Fusion Tables XSS (HTML Injection) Vulnerability # Release Date: 07/03/2013 # Author: Junaid Hussain - [ illSecure Research Group ] # Contact: illSecResearchGroup@Gmail.com | Website: http://illSecure.com # Vulnerable Application: https://www.google.com/fusiontables/DataSource?dsrcid=implicit ------------------------------------------------------------------------------------- //##### Process: 1. go to https://www.google.com/fusiontables/DataSource?dsrcid=implicit 2. Click "Create empty table" and then click "Next" 3. Click the drop down menu on the Cards1 tab 4. Select "Change Card Layout" and then go to the Custom Tab 5. Remove the HTML code add the following code into the box:

Click here to continue

6. Click save & then Click the share button (top right) and make the link public 7. Click the drop down menu on the Cards1 tab and select the Publish Option 8. Send the Publish Link to victim. --------------------------------------------------------------------------------------- //##### Proof Of Concept: PoC: https://www.google.com/fusiontables/embedviz?viz=CARD&q=select+*+from+19VGTDJasS8NJlbbqnsiDFA_qH7Q95e2dTOKd5RU&tmplt=1&cpr=2 Video: http://www.youtube.com/watch?v=OMCJQ8Atkek&feature=youtu.be --------------------------------------------------------------------------------------- Contact: illSecResearchGroup@gmail.com - Junaid Hussain http://www.illsecure.com --------------------------------------------------------------------------------------- Original: http://www.illsecure.com/2013/03/exclusive-google-fusion-tables-xss-html.html ---------------------------------------------------------------------------------------
Baca Selengkapnya... Google Fusion Tables Cross Site Scripting

04 March 2013

Learning Whitehat Hacking and Penetration Testing 2012

Infinite Skills - Learning Whitehat Hacking and Penetration Testing 2012 | Size 1.35 GB 
SKU: 01724 | Duration: 10.5 hours - 103 lessons | Date Released: 2012-10-05
Works on: Windows PC or Mac | Format: DVD and Download | Instructor: Ric Messier


In this Ethical Hacking - Whitehat Hacking and Penetration testing training course, expert Ric Messier covers the essentials you will need to know to harden and protect your hardware and software to avoid downtime and loss of data. Protecting your networks and customer data are more important that ever, and understanding HOW you are vulnerable is the best way to learn how you can prevent attacks.

Some of the topics covered in this course are; researching and background information retrieval, networking fundamentals, a deeper look at TCP/IP and packets, as well as understanding cryptography. You will learn about scanning networks, penetration testing and the use of Metasploit, malware and viruses, DoS and DDoS attacks, web application hacking and securing wireless networks. Finally, you will learn about detection evasion and preventing programming attacks, and much more throughout this video based tutorial.

By the time you have completed this video tutorial for Whitehat Hacking and Penetration testing, you will have a deeper understanding of the areas you may be potentially be vulnerable to attack in, as well as the methods that hackers use to exploit your systems, allowing you to better understand how to secure your hardware and data from unethical hackers.


Download :

From Rapidgator

OR

From Uploaded
Part IV


SumberFHT

Baca Selengkapnya... Learning Whitehat Hacking and Penetration Testing 2012

Computer Hacking Forensic Investigator v8 (Slides)


Computer Hacking Forensic Investigator v8 (Slides) | 445 MB


File Computer Hacking Forensic Investigator v8 (Slides) :
Module 01 Computer Forensics in Todays World.pptx
Module 02 Computer Forensics Investigation Process.pptx
Module 03 Searching and Seizing Computers.pptx
Module 04 Digital Evidence.pptx
Module 05 First Responder Procedures.pptx
Module 06 Computer Forensics Lab.pptx
Module 07 Understanding Hard Disks and File Systems.pptx
Module 08 Windows Forensics.pptx
Module 09 Data Acquisition and Duplication.pptx
Module 10 Recovering Deleted Files and Deleted Partitions.pptx
Module 11 Forensics Investigation Using AccessData FTK.pptx
Module 12 Forensics Investigation Using EnCase.pptx
Module 13 Steganography and Image File Forensics.pptx
Module 14 Application Password Crackers.pptx
Module 15 Log Capturing and Event Correlation.pptx
Module 16 Network Forensics, Investigating Logs and Investigating Network Traffic.pptx
Module 17 Investigating Wireless Attacks.pptx
Module 18 Investigating Web Attacks.pptx
Module 19 Tracking Emails and Investigating Email Crimes.pptx
Module 20 Mobile Forensics.pptx
Module 21 Investigative Reports.pptx
Module 22 Becoming an Expert Witness.pptx

Donwload : 
Part I
Part II
Part III
Part IV
Part V

Sumber : Computer Hacking Forensic Investigator
Baca Selengkapnya... Computer Hacking Forensic Investigator v8 (Slides)