Category: Tutorial

EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada layanan Server Message Block (SMB) menggunakan EternalBlue dan DoublePulsar. Percobaan ini dilakukan dengan membuat malicious […]

Iseng nge-lab lagi, fill the free time! Download here Hackfest 2016 Orcus Nmap Scanning the web with nikto OK first I’m interested with admin directory, let’s check it out! Hmm.. just like that, try to check backups directory I try to download this file “SimplePHPQuiz-Backupz.tar.gz” for find some information.. Yupp I found user and password […]

This is my experience when I was dealing with some applications which have a Directory Traversal vulnerability. I was using DotDotPwn by nitr0us when finding vulnerability on Quickshare File Server 1.2.1 (on the FTP protocol). I also used DotDotPwn when I was doing a pentest on my client. So, let the experience tell you the […]

Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit tersebut semakin reliable dan bisa menggunakan macam-macam payload, fitur-fitur canggih yang ada di Metasploit. Kita akan meng-konversi exploit yang pertama, yaitu Free CD to MP3 […]

If you read this post then I bet you have the same problem with me. When I tried to run the msfconsole on my BT5 I have this buggy information. Seems that the MSF could not connect to Postgres database server. I tried to install the Postgres server inside my BT5 and still have no […]

OK, today I’m trying to playin’ around with HolyNix V.1 while waiting for fasting break time. You may refer to my previous post, on where to get the HolyNix. You may also find a bunch of walk-through / help / cheat or whatever you name it, on how to solve the challenge on Google. But […]