Sistem operasinya heker

Masih edisi hacking, tulisan ini dibuat untuk manteman yang akan berlaga di gemastik.

A good workman is known by his tools. (Proverb)

Supaya kelihatan keren, sistem operasinya harus berbau dan berciri khas “heker” banget. Tapi mau pakai yang mana adalah sebuah pilihan citarasa setiap orang. Terkadang distro backtrak itu keren, tapi bagi orang lain biasa aja lebih keren BackBox. Nah karena pilihannya banyak bisa dicoba semua :D

  1. faviconBackTrack
    • Linux security distribution,
    • Ini sangat populer bahkan ada backtrack-id
  2. faviconMatriux
    • Debian based security distro
    • Seperti nafasnya debian, disini tersedia tool yang open dan free
  3. faviconnUbuntu
    • penetration and security testing
  4. faviconSamurai
    • Web Testing Framework
  5. faviconOWASP Live CD project
    • Web application security distro
  6. faviconPentoo
    • Security-focused livecd based on Gentoo
  7. faviconKatana
    • Portable multi-boot security suite
  8. faviconKON-BOOT
    • Change contents of a linux/windows kernel while booting
  9. faviconLinux from scratch!
    • Building your own custom Linux system
  10. faviconSUMO Linux
    • Security Utilizing Multiple Options
  11. faviconPentesting packages for ubuntu
    • A script to configure Ubuntu box for pentesting
  12. faviconBackBox Linux
    • Flexible penetration testing distribution
    • manteman malang suka pakai ini :D

Happy hacking

Ngetes owasp mantra, websecurify

Happy Hacking :D

Setelah install owasp matra, coba testing. Sekilas tools yang ada cukup lengkap untuk hacking dan main-main. 

Kali ini coba salah satu extensi yang ada, websucurify dengan target website PTIIK.

Kita lihat hasilnya selain memberikan informasi yang bisa digunakan attacker, extensi ini juga memberikan clue untuk mengatasi celah yang didapat.

Email Disclosure

The server or application disclosed emails. This information could be used by attackers to make an educated guess about who developed the application, what contact entry points are available or what the internal email format looks like, which could also correspond to the format of the application usernames.

solution: Ensure that contact emails do not disclose any information and are adequately protected against external attacks.

email: himawat@ub.ac.id

request:

GET http://ptiik.ub.ac.id/ HTTP/1.1
email: budidarma@ub.ac.id

request:

GET http://ptiik.ub.ac.id/ HTTP/1.1

Banner Disclosure

The server or application disclosed its type and version. This information could be used by attackers to make an educated guess about the application environment and any inherited weaknesses that may come with it.

solution: It is recommended to prevent the application from disclosing its type and version.

banner:

Server: Apache/2.2.15 (CentOS)

request:

GET http://ptiik.ub.ac.id/ HTTP/1.1

Cross-site Request Forgery

Cross-site Request Forgery (CSRF) is a type of attack whereby unauthorized commands are transmitted from a user that the application trusts. Unlike Cross-site Scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

solution: Url and Forms that perform important operations must be protected by random tokens (hidden nonce values). These tokens must be checked for validity at the server before the request is processed.

url:

http://ptiik.ub.ac.id/teknik-komputer/

form:

<form method=”POST” action=”http://ptiik.ub.ac.id/wp-comments-post.php” enctype=”application/x-www-form-urlencoded” autocomplete=”on”> … </form>

Path Disclosure

Various system paths were disclosed within the application client source code or other files. This information could be used by attackers to make an educated guess about the application environment and any inherited weaknesses that may come with it.

solution: It is recommended to re-examine the system path disclosures and remove their reference from the application’s source code.

path:

/mnt/seminarHasil …

request:

GET http://ptiik.ub.ac.id/kalender-akademik/ HTTP/1.1

path:

/mnt/sidangTA …

Error Disclosure

Various web errors were disclosed within the application source code or other files. This information could be used by attackers to make an educated guess about the application environment type, version and current configuration. In some situations these errors may indicate a weakness which could be exploited.

solution: It is strongly recommended to ensure that any unhandled application errors are trapped and never displayed to the user. The user should only see a generic message which contains enough information to track the error within the application logs.

error:

Internal Server Error

request:

POST http://ptiik.ub.ac.id/wp-comments-post.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded author&email&url&comment_post_ID=153&comment_parent=0&akismet_comment_nonce=56d884d15f&comment&submit=Submit%20Comment

error:

Internal Server Error

Autocomplete Enabled

Autocomplete should be disabled (

autocomplete=”off”

), especially in forms which process sensitive data, such as forms with password fields, since an attacker, if able to access the browser cache, could easily obtain the cached information in cleartext.

solution: Disable the autocomplete feature (

autocomplete=”off”

) on forms which may hold sensitive data.

url:

http://ptiik.ub.ac.id/wp-login.php?action=lostpassword

form:

<form method=”POST” action=”http://ptiik.ub.ac.id/wp-login.php?action=lostpassword” enctype=”application/x-www-form-urlencoded” autocomplete=”on”> … </form>

 

Keren, ini memang browsernya heker... hehehehe

OWASP Mantra-Browsernya heker

” A sword never kills anybody; it is a tool in the killer’s hand.” - Lucius Annaeus Seneca

Open web aplication security project, sekumpulan framework yang mempermudah pekerjaan seorang attacker. semua di-’web’kan, tidak perlu menginstall backtrak ataupun sistem operasi untuk penetrasi lainnya. Kalau ingin mudah coba OWASP ini, bisa diintegrasikan ke firefox atau chrome.

mau coba? langsung unduh dari sourceforge.!!! mari share pengalaman memakai framework ini.
nah bisa juga tuh yang akan hacking di gemastik memakai framework ini. Happy Hacking!!!