Computer Forensic

first of all I dowload the file that will be the material for the exercises that have been uploaded to the mailing list, in this case its a file named practical.floppy.dd
sekarang lakukan perintah dibawah ini

STRUCTURE FILE TAR

STRUCTURE FILE TAR

The Unix TAR program is an archiver program which stores files in a single

archive without compression.

OFFSET Count TYPE Description

@section The Standard Format

A @dfn{tar tape} or file contains a series of records. Each record contains @code{RECORDSIZE} bytes. Although this format may be thought of as being on magnetic tape, other media are often used.

What this it Slack Space, Unallocated Space & Magic Number

SLACK SPACE

Slack space is a form of internal fragmentation, i.e. wasted space, on a hard disk. When a file is written to disk it’s stored at the “beginning” of the cluster. A cluster is defined as a collection of logically contiguous sectors and the smallest amount of disk space that can be allocated to hold a file. Rarely will there be an even match between the space available in a cluster (or collection of clusters for longer files) and the number of bytes in the file. Left over bytes in the cluster are unused, hence the name slack space.

Struktur File System

FAT16 is a file system that uses the allocation unit that has a limit of up to 16-bit, so it can store up to 216 units of allocation (65536 pieces). This file system has a capacity limit of up to 4 Gigabyte sizes only. Allocation unit size used by the FAT16 partition depends on the capacity that was about to be formatted

MBR

Master Boot Record (MBR) will be created when you create the first partition on the hard disk. It is very important data structure on the disk. The Master Boot Record contains the Partition Table for the disk and a small amount of executable code for the boot start. The location is always the first sector on the disk.

The first 446 (0x1BE) bytes are MBR itself, the next 64 bytes are the Partition Table, the last two bytes in the sector are a signature word for the sector and are always 0x55AA.

For our disk layout we have MBR:

Local root exploit

In this tutorial backtrack OS as ubuntu 10.4 As the victim and the attacker
DVWA first open on the address ubuntu http://192.168.56.1/dvwa after that change the security to medium.

This time I used a command execution as the entrance to gain root access to the victim

then enter the following command

the above statements are intended to backtrack as the victim in the listening position so that the linux attacker could log in as root,
after it entered the terminal and enter the following command ubuntu

commands is intended to connect the victim with port 4444, but we just go to the directory dvwa, not to gain root access   
it is time to execute payload

to be continue
  

Attack Vector Metasploit & Beef

 Attack Vector Metasploit & Beef

In the scenario this time I will try to exploit the web browser using the beef combined with metasploit.
First I create a web page that I put java.script that would make victims who access this web page will hook into the beef.

As for its use as below ..
we will exploit windows through warftp application, first of all looking at msfconsole warftp module

after that use the module as shown below warftp
 

Then enter the address of the HOST (IP Address of victims)

Web Browser Exploitasi & Metasploit Using MSF

browser Exploit
First of all open-ng beef

then open the beef on your Mozilla browser and enter the User and Password: beef / beef

msfpayload and msfencode and examples of its use

msfpayload is a command-line instance of Metasploit that is used to generate and output all of the various types of shellcode that are available in Metasploit. The most common use of this tool is for the generation of shellcode for an exploit that is not currently in the Metasploit Framework or for testing different types of shellcode and options before finalizing a module.

msfencode is a tool to obfuscate a "payload that contains backdoor" meterpreter executable shellcode from the Anti-virus

Social Engineering & SET

Social engineering

Social engineering is the acquisition of information, or edicts, secret / sensitive by cheating the owner of such information. Social engineering is typically done via telephone or Internet. Social engineering is one of the methods used by hackers to gain information about the target, by requesting the information directly to the victim or others who have that information.

example of using the metasploit auxeleri

First of all I look for auxiliary modules that I would use

Exploitasi Linux

script program

/ / I am a vulnerable thing.
# include <stdio.h>
# include <string.h>
int main (int argc, char ** argv)
{
char buffer [500];
strcpy (buffer, argv [1]) / / Vulnerable function!
return 0;
}

Eksploitasi File Sharing Wizard

At this time fuzzer, which will try to fuzzing is the File Sharing Wizard
First run the File Shareing Wisard Then, run well and then attach OllyDbg File Sharing Wizard into OllyDbg.
After successfully attach to the File Sharing in OllyDbg, run the following application fuzzer

Buffer OverFlow Big-Ant Server

At this time fuzzer, fuzzing will try to command USV is owned by Big-AntServer.
First of all Big-AntServer then run, run well and then attach antserver.exe into OllyDbgOllyDbg.
After successfully attach a process antserver into OllyDbg, run the following applicationfuzzer

STACK OVERVLOW VUPlayer

First of all open applications VUPlayer, then open the application also Ollydbg for monitoring application that will diexploit
then go to backtrack, open the console and create a fuzzer that will be used to exploit the application VUPlayer, As for the script:

Stack Overvlow RM.MP3 Converter

First of all open applications RM-MP3_Converter, then open the application also Ollydbg for monitoring application that will diexploit
then go to backtrack, open the console and create a fuzzer that will be used to exploit application-MP3_converter RM. As for the script:

Step by step Buffer OverFlow WarFtp

Run windows on virtualbox
open war-ftpd file, after the open click go online
ollydebugger open, click the menu, select the war file attach-ftp is running, click the play button
Log in backtrak console, create a fuzzer as fuzzer.py
Write the script below on the fuzzer

How about OllyDbg

OllyDbg is a debugger application to analyze. For each module (executable or DLL file) it attempts to separate code from data, identify the procedure, look for strings that are embedded and switch tables, determining the loop and the switch, find the function call and decode their arguments, and even predict the value of the register during the execution. To try it you can download here or this one.

How About Fazzer and Fuzzing

Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.
Fuzzing techniques can basically be divided in four different categories:

What this it Register Memori

Registers are memory size is very small with very high-speed access. Registers used to store data and instructions are being processed, while that data and other instructions waiting to be processed are stored in
main memory. Registers in the CPU consists of: 

d3tik

!!!

What this it Shodanhq

Shodanhq is a computer program designed to help someone find the files that are stored in a computer, for example, in a public server on the web (WWW) or the computer itself. The search engine allows us to ask for media content with specific criteria (typically those containing a word or phrase that you specify) and obtain a list of files that meet these criteria. Search engines usually use the index (which was made before and updated on a regular basis) to locate the file after the user enters search criteria. (Http://id.wikipedia.org / wiki

By pass FBIP

As my previous post, way to look at FBIP almost the same database by looking at the data base on DVWA. At the moment I want to see me go through the database FBIP dbs DVWA I can continue to enter into FBIP.

SQL Injection & SQL Bind DVWA

basically sql injection and blind sql injection, while the difference is:
Sql injection showing erorr message while sql injection blind does not display a message eroor

What is it mkfifo linux

mkfifo() makes a FIFO special file with name pathname. mode specifies the FIFO's permissions. It is modified by the process's umask in the usual way: the permissions of the created file are (mode & ~umask).
A FIFO special file is similar to a pipe, except that it is created in a different way. Instead of being an anonymous communications channel, a FIFO special file is entered into the file system by calling mkfifo().

Once you have created a FIFO special file in this way, any process can open it for reading or writing, in the same way as an ordinary file. However, it has to be open at both ends simultaneously before you can proceed to do any input or output operations on it. Opening a FIFO for reading normally blocks until some other process opens the same FIFO for writing, and vice versa. See fifo(7) for nonblocking handling of FIFO special files.

The mkfifo() function shall create a new FIFO special file named by the pathname pointed to by path. The file permission bits of the new FIFO shall be initialized from mode. The file permission bits of the mode argument shall be modified by the process' file creation mask.

When bits in mode other than the file permission bits are set, the effect is implementation-defined.

If path names a symbolic link, mkfifo() shall fail and set errno to [EEXIST].

How About Maltego

Maltego using the method of 'linkage' between multiple objects. The object is composed of the Domain, IP Address, DNS Name, Website, e-mail, Location, Person, etc.. What do maltego is to describe the corresponding relationships between objects to be searched. Depiction of the relationship process is carried out by a method (plugin) called transform. Transform will find another object that has a relationship with the object sought and describe these relationships in a graphical form.

By looking at the ability maltego, then the process of information gathering will be more easily done even by a layman though. And we can find a weak point which can be used to stab into a target.

Transform (plugin changed from DNS -> IP Address, DNS -> MX Record, E-Mail -> Social Network (Friendster)) can also be developed by user. Maltego present the draft specification that can be used to develop a particular type of transform according to our wishes, and even we can also restrict who can use the transform ours with an API key.

NC

On the Server (Backtrack)
First I connect the server to the client using the NC, while the configuration can be seen below

Cymotoa

Ubuntu will upload backdoor  cymotoa

The appearance of the backtrack

                          _  | |               
  ____ _   _ ____   ___ _| |_| |__   ___  _____
 / ___) | | |    \ / _ (_   _)  _ \ / _ \(____ |
( (___| |_| | | | | |_| || |_| | | | |_| / ___ |
 \____)\__  |_|_|_|\___/  \__)_| |_|\___/\_____|
      (____/ 
Ver.1 (alpha) - Runtime shellcode injection, for stealthy backdoors...

By codwizard (codwizard@gmail.com) and crossbower (crossbower@gmail.com)
from ES-Malaria by ElectronicSouls (http://www.0x4553.org).

Usage:
        cymothoa -p <pid> -s <shellcode_number> [options]

Main options:
        -p      process pid
        -s      shellcode number
        -l      memory region name for shellcode injection (default /lib/ld)
                see /proc/pid/maps...
        -h      print this help screen
        -S      list available shellcodes

Payload personalization options:
        -x      set the IP
        -y      set the port number
        -r      set the port number 2
        -z      set the username (3 bytes)
        -o      set the password (8 bytes)
        -i      set the interpreter (def /bin/bash)
        -c      set the script code (from cmd line)
        -F      do not fork parent process
root@bt:/pentest/backdoors/cymothoa# ls
cymothoa  cymothoa.c  cymothoa.h  fork_shellcode.o  fork_shellcode.s  Makefile  payloads.h  personalization.h  script.pl
root@bt:/pentest/backdoors/cymothoa# cp cymothoa.c /var/www/
root@bt:/pentest/backdoors/cymothoa# service apache2 start
 * Starting web server apache2                                                                                                                                                           [ OK ]
root@bt:/pentest/backdoors/cymothoa# cd /var/www/
root@bt:/var/www# la
beef  cymothoa.c  .directory  dvwa  DVWA-1.0.7.zip  fbip  index.html  wstool
root@bt:/var/www# ls                                                                                                                                                                           
beef  cymothoa.c  dvwa  DVWA-1.0.7.zip  fbip  index.html  wstool                                                                                                                               
root@bt:/var/www# mkdir cy
root@bt:/var/www# mc cymothoa.c cy                                                                                                                                                             
cy/         cymothoa.c 
root@bt:/var/www# mc cymothoa.c cy
cy/         cymothoa.c 
root@bt:/var/www# mc cymothoa.c cy/
The program 'mc' is currently not installed.  You can install it by typing:
apt-get install mc
You will have to enable the component called 'universe'
root@bt:/var/www# mv cymothoa.c cy/
 

NB: 

1. NC was unable to execute bash comman
2.  Cymotoa work I downloaded through the browser but the error and can not be compiled into the ubuntu that
3. I use For the sequel I will continue using ubuntu that has been upgraded

Crack shadow jhon the ripper

Crack shadow jhon the ripper 

 to see what commands are on Jhon The ripper
root@bt:/pentest/passwords/john# ./john
John the Ripper password cracker, ver: 1.7.8-jumbo-8 [linux-x86-sse2]
Copyright (c) 1996-2011 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Privilege escalation

Privilege escalation

In practice Privilage Escalation, we first scan the IP addresses which we will exploit, in this case I use tools and Zenmap nessusd.

Exploit DB and Windows Exploitasion

 Exploit DB and Windows Exploitasion

exploit DB
The first-tam to know vurnerabilitie I use my application using the application Nessusd, which is a browser application that is able to see the gap in a system, as for some way to run this application is,
open your web browser, then enter the IP address vulnerabilitie will we know, in this Promised 127.0.0.1:8834, as for 8834 it is the port address for nessusd,

Information Gathering with website

Information Gathering www.1s2c-dojo.net

Instalation Nessus

how to install Nessus tools:
first of all I download these tools at the address http://www.tenable.com/products/nessus/nessus-download-agreement
After that we will start the install program o

Information Gathering for localhost

Information Gathering for localhost

HOW TO INSTALL WINDOWS XP & LINUX ON VIRTUALBOX

WINDOWS

Open Virtual Box

Click New, then it will pop up a dialog box, click next,
Enter the host name on the column name, then click next