hacking | Math, science, history, unraveling the mysteries, That all started with the big bang!

Masih edisi hacking, tulisan ini dibuat untuk manteman yang akan berlaga di gemastik.

A good workman is known by his tools. (Proverb)

Supaya kelihatan keren, sistem operasinya harus berbau dan berciri khas “heker” banget. Tapi mau pakai yang mana adalah sebuah pilihan citarasa setiap orang. Terkadang distro backtrak itu keren, tapi bagi orang lain biasa aja lebih keren BackBox. Nah karena pilihannya banyak bisa dicoba semua 😀

BackTrack
- Linux security distribution,
- Ini sangat populer bahkan ada backtrack-id
Matriux
- Debian based security distro
- Seperti nafasnya debian, disini tersedia tool yang open dan free
nUbuntu
- penetration and security testing
Samurai
- Web Testing Framework
OWASP Live CD project
- Web application security distro
Pentoo
- Security-focused livecd based on Gentoo
Katana
- Portable multi-boot security suite
KON-BOOT
- Change contents of a linux/windows kernel while booting
Linux from scratch!
- Building your own custom Linux system
SUMO Linux
- Security Utilizing Multiple Options
Pentesting packages for ubuntu
- A script to configure Ubuntu box for pentesting
BackBox Linux
- Flexible penetration testing distribution
- manteman malang suka pakai ini 😀

Happy hacking

Happy Hacking 😀

Setelah install owasp matra, coba testing. Sekilas tools yang ada cukup lengkap untuk hacking dan main-main.

Kali ini coba salah satu extensi yang ada, websucurify dengan target website PTIIK.

Kita lihat hasilnya selain memberikan informasi yang bisa digunakan attacker, extensi ini juga memberikan clue untuk mengatasi celah yang didapat.

Email Disclosure

The server or application disclosed emails. This information could be used by attackers to make an educated guess about who developed the application, what contact entry points are available or what the internal email format looks like, which could also correspond to the format of the application usernames.

solution: Ensure that contact emails do not disclose any information and are adequately protected against external attacks.

email: himawat@ub.ac.id

request:

GET http://ptiik.ub.ac.id/ HTTP/1.1
email: budidarma@ub.ac.id

request:

GET http://ptiik.ub.ac.id/ HTTP/1.1

Banner Disclosure

The server or application disclosed its type and version. This information could be used by attackers to make an educated guess about the application environment and any inherited weaknesses that may come with it.

solution: It is recommended to prevent the application from disclosing its type and version.
banner:Server: Apache/2.2.15 (CentOS)

request:
GET http://ptiik.ub.ac.id/ HTTP/1.1 

Cross-site Request Forgery

Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

solution: Url and Forms that perform important operations must be protected by random tokens (hidden nonce values). These tokens must be checked for validity at the server before the request is processed.

url:http://ptiik.ub.ac.id/teknik-komputer/

form:<form method="POST" action="http://ptiik.ub.ac.id/wp-comments-post.php" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>

Path Disclosure

Various system paths were disclosed within the application client source code or other files. This information could be used by attackers to make an educated guess about the application environment and any inherited weaknesses that may come with it.

solution: It is recommended to re-examine the system path disclosures and remove their reference from the application’s source code.
path:/mnt/seminarHasil ...

request:
GET http://ptiik.ub.ac.id/kalender-akademik/ HTTP/1.1 
path:/mnt/sidangTA ...

Error Disclosure

Various web errors were disclosed within the application source code or other files. This information could be used by attackers to make an educated guess about the application environment type, version and current configuration. In some situations these errors may indicate a weakness which could be exploited.

solution: It is strongly recommended to ensure that any unhandled application errors are trapped and never displayed to the user. The user should only see a generic message which contains enough information to track the error within the application logs.
error:Internal Server Error

request:
POST http://ptiik.ub.ac.id/wp-comments-post.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded author&email&url&comment_post_ID=153&comment_parent=0&akismet_comment_nonce=56d884d15f&comment&submit=Submit%20Comment
error:Internal Server Error

Autocomplete Enabled

Autocomplete should be disabled (autocomplete="off"), especially in forms which process sensitive data, such as forms with password fields, since an attacker, if able to access the browser cache, could easily obtain the cached information in cleartext.

solution: Disable the autocomplete feature (autocomplete="off") on forms which may hold sensitive data.

url:http://ptiik.ub.ac.id/wp-login.php?action=lostpassword

form:<form method="POST" action="http://ptiik.ub.ac.id/wp-login.php?action=lostpassword" enctype="application/x-www-form-urlencoded" autocomplete="on"> ... </form>

Keren, ini memang browsernya heker... hehehehe

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Math, science, history, unraveling the mysteries, That all started with the big bang!

Iseng nulis dan dokumentasi gueh!!

Archives