BackTrack 4 Beta Download

Posted on February 11, 2009 by kucing

Setelah posting saya yang sebelumnya tentang backtrack 4 akan dirilis dan hanya dapat didownlaod secara local , sekarang sudah bisa didapatkan secara online , langsung saja didownload di sini

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso

md5 checksum : 7d1eb7f4748759e9735fee1b8a17c1d8

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm

md5 checksum : 38acdcbaf6c73d7c55180dfea8641e5d

langsung download , mumpung koneksi ngacir

sumber : backtrack4.blogspot.com

BackTrack 4 Beta – Shmoo release

Posted on February 9, 2009 by kucing

Belum sempat install backtrack 3 di laptop versi 4 sudah mau release :( , laptop alim ga mau di install OS aneh2 :P . Backtrack salah satu distro security pentest yang paling dikenal akhirnya akan meluncurkan versi barunya , namun untuk saat ini masih belum dapat didownload dengan bebas , untuk mendapatkannya harus didownload langsung dari server local dalam ShmooCon 2009

We’ve closed our Shmoo edition BT4 image…and its ready to roll..
We will have a local download center in ShmooCon 2009 for people to freely download the image. Look for us at the Pico booth.

The image will be 850+ MB, so get them DVD’s, or even better, USB keys ready. We will also have a VMWare image handy.

Beberapa fitur dan perbaikan yang akan di sertakan dalam Backtrack 4 antara lain :

Default password to BackTrack 4 hasn’t changed, still root / toor.

KDE 3 is being used in BT4. We tried KDE 4, really, we did. It sucked.
Maybe 4.2 in BT4 final.

Most of the KDE “apt gettable” packages have “kde3″ appended to their names.
So “apt-get install kate-kde3″ is good, “apt-get install kate” is bad.
Use “apt-cache search ” to search for packages to install.

Kernel sources included in /usr/src/linux.

DHCP disabled by default on boot, you need to /etc/init.d/networking start

If you do an HD install and want to restore networking (DHCP) to be enabled
at boot, type “update-rc.d networking defaults”.

VMware users – to fix the KDE resolution, type “fixvmware” before starting X.

Vmware tools and kernel modules compile perfectly on VMWare 6.5.1

If you can’t get X to work, first try to autogenerate an xorg.conf by
typing “Xorg -configure” and try using the generated conf file. If that
bums out, you can revert to VESA by typing “fixvesa”.

Wireless networking in KDE can be started with KnetworkManager
(/etc/init.d/NetworkManager)

Various drivers can be found in /opt/drivers (various madwifi branches,
video drivers for Nvidia and HP 2133′s).

Installation of BT4 to HD is similar to BT3. (tip – dont forget to modify
/etc/fstab after the install. Change the first line from aufs / aufs ….
to the corresponding device and filesystem. For example, on my box it’s
/dev/sda3 / reiserfs defaults 0 0, as my root partition is on sda3 and
i used the resiserfs filesystem).

The warning message “W: GPG error: http://ppa.launchpad.net intrepid Release:
The following signatures couldn’t be verified because the public key is not
available: NO_PUBKEY CB2F6C86F77B1CA9″ when “apt-get update” occurs as the
Intrepid KDE 3 repos do not use a GPG key. We will eventually host these package
in our own repo.

Conky takes a while to load.

Sumber : http://securitydistro.com

Python Port Scanner

Posted on February 9, 2009 by kucing

Sebenarnya susah banyak seh port scanner yang beredar seperti nmap , dan beberapa tool berbasis GUI , cuman sekedar mau share aja mungkin berguna :) , source nya masih dasar bgt mungkin perlu banyak perbaikan

#!/usr/bin/env python
#######################
# Python Port Scanner #
# By : kuc3ng         #
# www.kucing.asia     #
#######################

import socket, sys

# set timeout , sesuaikan dengan koneksi dan server target
timeout = 3
hasil = 0

def scan_server(address, port):
    s = socket.socket()
    s.settimeout(timeout)
    try:
	global hasil
        s.connect((address, port))
   	print "Port %s is Open  <-- W00t " %(port)
	hasil = 1
        return True
    except socket.error, e:
	return False
    s.close()

try :
	host = sys.argv[1]
	awal = int(sys.argv[2])
	akhir = int(sys.argv[3])
	print "Scanning...."
	for nport in range(awal, akhir+1):
			scan_server(host,nport)
	if hasil == 0 :
		print "Nothing Found"
except:
	print "Usage portscan.py <host> <port_awal> <port_akhir>"
	sys.exit(1)

PHPBB.com was hacked

Posted on February 5, 2009 by kucing

phpbb.com , merupakan salah satu penyedia modul php untuk forum berbasis opensource beberapa hari lalu telah berhasil di hack , hingga saya menulis artikel ini masih dilakukan maintenance , dengan bug dari phplist http://www.milw0rm.com/exploits/7778 , dengan bug tersebut si hacker dengan leluasa menjelajahi isi dari phpbb.com tersebut

http://www.phpbb.com/lists/admin/index.php?_SERVER%5bConfigFile%5d=../../../../../../etc/passwd

dari url di atas didapatkan deh isi /etc/passwd , lol
parahnya si hacker menyebarkan isi dari database phpbb.com (email,user,password )

untuk lebih jelasnya langsung aja ke TKP gan :D