Kamis, 27 November 2008

Kick the AV!!

Whadda mean?? Kick my AV??
no, what just i mention here actually is

Kicking the fake AV!!

(Bahasa Mode On) Sangat menyebalkan diganggu dengan AV gadungan, apalagi bila AV ini 'berulah' saat akan dihapus dari komputer. berikut ini informasi yang saya dapatkan dari detik i-net mengenai cara penanggulanganya. Might help you bro n sis

Story begins..

Saat ini ada 304 antivirus gadungan yang terdeteksi beredar dan menginfeksi ribuan komputer di Indonesia. Selain lewat flashdisk, virus ini dapat menyebar melalui e-mail dengan mengirim pesan palsu berisi attachment.

Virus beraksi dengan memberikan sebuah pesan palsu yang menyerupai program Windows, yang seolah-olah memberitahu bahwa di komputer Anda terdapat spyware/virus, lalu menginstal program antispyware palsu yaitu 'XP AntiSpyware 2009'.

Untuk membersihkannya, ada beberapa langkah yang perlu dilakukan. Ini dia caranya:

1. Putuskan hubungan komputer yang akan dibersihkan dari jaringan.
2. Scan komputer Anda dengan menggunakan removal tool. Anda dapat menggunakan removal tool dari Norman untuk membersihkannya (dapat anda download di sini http://download.norman.no/public/Norman_Malware_Cleaner.exe

3. Hapus string registry yang telah dibuat oleh virus. Untuk mempermudah dapat menggunakan script registry dibawah ini.

[Version]
Signature="$Chicago$"
Provider=Vaksincom Oyee

[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Internet Explorer\Main, Search Bar, 0
HKCU, Software\Microsoft\Internet Explorer\Main, Search Page, 0
HKCU, Software\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Default_Search_URL, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Search Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Main, Start Page, 0
HKLM, SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant, 0
HKLM, SOFTWARE\Microsoft\Security Center, AntiVirusDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Security Center, FirewallDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Security Center, UpdateDisableNotify, 0
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs, 0
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe"

[del]
HKCU, Software\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax
HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk
HKCU, Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2, {706ab86c-937e-11dd-a04c-000c290bc510}
HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Executions Options, Explorer.exe

Gunakan notepad, kemudian simpan dengan nama "Repair.inf" (gunakan pilihan Save As Type menjadi All Files agar tidak terjadi kesalahan). Jalankan repair.inf dengan klik kanan, kemudian pilih install. Sebaiknya membuat file repair.inf di komputer yang clean, agar virus tidak aktif kembali.

4. Untuk pembersihan yang optimal dan mencegah infeksi ulang, sebaiknya gunakan antivirus yang terupdate dan mengenali seluruh file instalasi virus ini dengan baik.

End of Story :D

Java Text Reader

Some weeks ago i got assignment from my lecturer to create this program. Actually i dont have any idea how to make it. Blank in my head --"
since i just learn Java a week before the assignment came, so I'm totally newbie about Java. And what? He gives me this project..

(image will be loaded soon, i'm having little time to write this entry ^^')

And finally H-1 before the assignment deadline, my friend gave me this code, I dunno where do he got it. (Finally i knwo It is Justian the man behind this code, thx dude!) Here is the code:

import javax.swing.*;
import java.awt.*;
import java.awt.event.*;

class MyApp extends JFrame{
private JPanel pnlAtas = new JPanel(new FlowLayout(FlowLayout.CENTER)),
pnlTgh = new JPanel(new BorderLayout()),
pnlBawah= new JPanel(new FlowLayout(FlowLayout.CENTER));

private JLabel lblLogo = new JLabel(new ImageIcon("bee.jpg"));

private JButton btnSimpan = new JButton("Simpan"),
btnBaca = new JButton("Baca"),
btnKeluar = new JButton("Keluar");

private JTextArea txt = new JTextArea();
private JScrollPane spTxt = new JScrollPane(txt);

public MyApp(){
super("Aplikasi Input Output");
setSize(400,300);
setLocationRelativeTo(null);
setDefaultCloseOperation(EXIT_ON_CLOSE);

init();
setLayout();
}

public String getTxt(){
return txt.getText();
}
public void setTxt(String s){
txt.setText(s);
}

private void init(){
btnSimpan.setMnemonic('S');
btnSimpan.addActionListener(new ButtonHandler(this));
btnBaca.setMnemonic('B');
btnBaca.addActionListener(new ButtonHandler(this));
btnKeluar.setMnemonic('e');
btnKeluar.addActionListener(new ButtonHandler(this));
}

private void setLayout(){
pnlAtas.add(lblLogo);
pnlTgh.add(spTxt,"Center");
pnlBawah.add(btnSimpan);
pnlBawah.add(btnBaca);
pnlBawah.add(btnKeluar);

getContentPane().add(pnlAtas,"North");
getContentPane().add(pnlTgh,"Center");
getContentPane().add(pnlBawah,"South");
}

public static void main(String[] args){
new MyApp().setVisible(true);
}
}

Function are written in Bahasa, not difficult to understand i think.
May help you guys understand Java

Pengenalan Bluetooth Hacking

Here the info o get from security-hacks.com
it's about bluetooth hacking (fundamnetal)
not much info, but I think quite worth FYI

thx to security-hacks.com :D

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

Google Hack

Google hack..
tehnik hacking dengan memanfaatkan mesin pencari Google
Dengan menggunakan beberapa ketword 'advanced'
maka kita bisa memperoleh sejumlah Username dan Password, Nice trick!
(Credit to ardi85[http://blog.ardi85.web.id/])

so check these words

TABEL KATA KATA KUNCI MENDAPATKAN USERNAMES
---------------------------------------------------------
KATA KUNCI | KETERANGAN
---------------------------------------------------------
inurl:admin inurl: |userlist Generic userlist files
---------------------------------------------------------
inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
---------------------------------------------------------
inurl:php inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
---------------------------------------------------------
filetype:ctl |
inurl:haccess. |Microsoft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
---------------------------------------------------------
filetype:reg |
reg intext: |Microsoft Internet Account Manager can
---------------------------------------------------------
”internet account manager” |reveal usernames and more
filetype:wab wab |Microsoft Outlook Express Mail address
|books
---------------------------------------------------------
filetype:mdb inurl:profiles |Microsoft Access databases containing
|profiles.
---------------------------------------------------------
index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
---------------------------------------------------------
inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
---------------------------------------------------------
filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
conf –sample |reveals
|username and server information
---------------------------------------------------------
filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
---------------------------------------------------------
filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
---------------------------------------------------------
intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
---------------------------------------------------------
intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
---------------------------------------------------------
“index of ” lck |Various lock files list the user currently using
|a file
---------------------------------------------------------
+intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
”Usage Statistics for”
---------------------------------------------------------
filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
---------------------------------------------------------



TABEL KATA-KATA KUNCI MENDAPATKAN PASSWORD

---------------------------------------------------------
KATA KUNCI | KETERANGAN
---------------------------------------------------------
inurl:/db/main.mdb |ASP-Nuke passwords
---------------------------------------------------------
filetype:cfm “cfapplication |ColdFusion source with potential passwords
name” password
---------------------------------------------------------
filetype:pass |dbman credentials
pass intext:userid
---------------------------------------------------------
allinurl:auth_user_file.txt |DCForum user passwords
---------------------------------------------------------
eggdrop filetype:user user |Eggdrop IRC user credentials
---------------------------------------------------------
filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
---------------------------------------------------------
filetype:url +inurl:”ftp://” |FTP bookmarks cleartext passwords
+inurl:”@”
---------------------------------------------------------
inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
---------------------------------------------------------
filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
---------------------------------------------------------
intitle:”Index of” “.htpasswd” |HTTP htpasswd Web user credentials
“htgroup” -intitle:”dist”
-apache -htpasswd.c
---------------------------------------------------------
intitle:”Index of” “.htpasswd” |HTTP htpasswd Web user credentials
htpasswd.bak
---------------------------------------------------------
“http://*:*@www” bob:bob |HTTP passwords (bob is a sample username)
---------------------------------------------------------
“sets mode: +k” |IRC channel keys (passwords)
---------------------------------------------------------
“Your password is * |Remember IRC NickServ registration passwords
this for later use”
---------------------------------------------------------
signin filetype:url |JavaScript authentication credentials
---------------------------------------------------------
LeapFTP intitle:”index.of./” |LeapFTP client login credentials
sites.ini modified
---------------------------------------------------------
inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
---------------------------------------------------------
filetype:config config intext: |Microsoft .NET application credentials
appSettings “User ID”
---------------------------------------------------------
filetype:pwd service |Microsoft FrontPage Service Web passwords
---------------------------------------------------------
intitle:index.of |Microsoft FrontPage Web credentials
administrators.pwd
---------------------------------------------------------
“# -FrontPage-” |Microsoft FrontPage Web passwords
inurl:service.pwd
ext:pwd inurl:_vti_pvt inurl: |Microsoft FrontPage Web passwords
(Service | authors | administrators)
---------------------------------------------------------
inurl:perform filetype:ini |mIRC nickserv credentials
---------------------------------------------------------
intitle:”index of” intext: |mySQL database credentials
connect.inc
---------------------------------------------------------
intitle:”index of” intext: |mySQL database credentials
globals.inc
---------------------------------------------------------
filetype:conf oekakibbs |Oekakibss user passwords
---------------------------------------------------------
filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
---------------------------------------------------------
inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download
---------------------------------------------------------
index.of passlist |Passlist user credentials
---------------------------------------------------------
inurl:passlist.txt |passlist.txt file user credentials
---------------------------------------------------------
filetype:dat “password.dat” |password.dat files
---------------------------------------------------------
inurl:password.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
---------------------------------------------------------
filetype:log inurl:”password.log” |password.log files cleartext
|passwords
---------------------------------------------------------
inurl:people.lst filetype:lst |People.lst generic password file
---------------------------------------------------------
intitle:index.of config.php |PHP Configuration File database
|credentials
---------------------------------------------------------
inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
---------------------------------------------------------
inurl:nuke filetype:sql |PHP-Nuke credentials
---------------------------------------------------------
filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
“USER.PASS=”
---------------------------------------------------------
filetype:ini ServUDaemon |servU FTP Daemon credentials
---------------------------------------------------------
filetype:conf slapd.conf |slapd configuration files root password
---------------------------------------------------------
inurl:”slapd.conf” intext: |slapd LDAP credentials
”credentials” -manpage
-”Manual Page” -man: -sample
---------------------------------------------------------
inurl:”slapd.conf” intext: |slapd LDAP root password
”rootpw” -manpage
-”Manual Page” -man: -sample
---------------------------------------------------------
filetype:sql “IDENTIFIED BY” –cvs |SQL passwords
---------------------------------------------------------
filetype:sql password |SQL passwords
---------------------------------------------------------
filetype:ini wcx_ftp |Total Commander FTP passwords
---------------------------------------------------------
filetype:netrc password |UNIX .netrc user credentials
---------------------------------------------------------
index.of.etc |UNIX /etc directories contain
|various credential files
---------------------------------------------------------
intitle:”Index of..etc” passwd |UNIX /etc/passwd user credentials
---------------------------------------------------------
intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
---------------------------------------------------------
intitle:”Index of” pwd.db |UNIX /etc/pwd.db credentials
---------------------------------------------------------
intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
---------------------------------------------------------
intitle:index.of master.passwd |UNIX master.passwd user credentials
---------------------------------------------------------
intitle:”Index of” spwd.db |UNIX spwd.db credentials
passwd -pam.conf
---------------------------------------------------------
filetype:bak inurl:”htaccess| |UNIX various password file backups
passwd|shadow|htusers
---------------------------------------------------------
filetype:inc dbconn |Various database credentials
---------------------------------------------------------
filetype:inc intext:mysql_ |Various database credentials, server names
connect
---------------------------------------------------------
filetype:properties inurl:db |Various database credentials, server names
intext:password
---------------------------------------------------------
inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
---------------------------------------------------------
inurl:”wvdial.conf” intext: |wdial dialup user credentials
”password”
---------------------------------------------------------
filetype:mdb wwforum |Web Wiz Forums Web credentials
---------------------------------------------------------
“AutoCreate=TRUE password=*” |Website Access Analyzer user passwords
---------------------------------------------------------
filetype:pwl pwl |Windows Password List user credentials
---------------------------------------------------------
filetype:reg reg +intext: |Windows Registry Keys containing user
”defaultusername” intext: |credentials
”defaultpassword”
---------------------------------------------------------
filetype:reg reg +intext: |Windows Registry Keys containing user
”internet account manager” |credentials
---------------------------------------------------------
“index of/” “ws_ftp.ini” |WS_FTP FTP credentials
“parent directory”
---------------------------------------------------------
filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
---------------------------------------------------------
inurl:/wwwboard |wwwboard user credentials
---------------------------------------------------------

mungkin temen2 ada yang ingin melihat password dari website jerman?
mungkin sebaiknya kita juga mengganti kata "password" dengan memakai bahasa jerman tentunya dibawah ini adalah tabel 5 negara beserta terjemahan password dalam bahasa masing2 negara.

-----------------------------------------------------
BAHASA |KATA-KATA| TRANSLATE
-----------------------------------------------------
German |password | Kennwort
Spanish |password | contraseña
French |password | mot de passe
Italian |password | parola d’accesso
Portuguese |password | senha
Dutch |password | Paswoord
-----------------------------------------------------