Difference between revisions of "Beberapa Tip Hacking"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
|||
(60 intermediate revisions by 6 users not shown) | |||
Line 10: | Line 10: | ||
* [[TuxCut]] | * [[TuxCut]] | ||
* [[Mengirimkan e-mail menggunakan telnet, tanpa bantuan software apapun]] | * [[Mengirimkan e-mail menggunakan telnet, tanpa bantuan software apapun]] | ||
+ | * [[Damn Vulnerable Web App DVWA]] | ||
==Pengetahuan Umum== | ==Pengetahuan Umum== | ||
Line 15: | Line 16: | ||
* [[Dunia Bawah Tanah di Internet]] | * [[Dunia Bawah Tanah di Internet]] | ||
* [[Gerandongteam]] | * [[Gerandongteam]] | ||
+ | * http://tz.ucweb.com/3_2qxI8 - Workflow Pengintaian Serangan dari Hacker | ||
+ | * http://tz.ucweb.com/3_2qxI9 - Perencanaan Pengujian Penetrasi Sasaran Jaringan | ||
+ | * http://tz.ucweb.com/3_2qxIa - Teknik Scan Sasaran Serangan menggunakan Unicornscan | ||
==Tools== | ==Tools== | ||
Line 29: | Line 33: | ||
* [[3 Tahap Membuka Password Windows dengan Ubuntu]] | * [[3 Tahap Membuka Password Windows dengan Ubuntu]] | ||
* http://www.ilmuhacking.com/web-security/menjaring-password-dengan-firefox-sniffer/ | * http://www.ilmuhacking.com/web-security/menjaring-password-dengan-firefox-sniffer/ | ||
+ | * http://blog.cyber4rt.com/software/download-keylogger-terkecil-di-dunia - MRHPx Key Logger v1.8 (PUBLIC VERSION) | ||
+ | * [[Meng-Hack Password Komputer XP/VISTA/WIN7]] | ||
− | == | + | ==Yahoo== |
+ | |||
+ | * [[hacking: password yahoo]] | ||
+ | * [[hacking: password yahoo via email]] | ||
+ | |||
+ | ==VoIP== | ||
+ | |||
+ | * [[VoIP: Wireshark Menyadap Pembicaraan VoIP]] | ||
+ | |||
+ | ==Scanner== | ||
* [[nmap]] | * [[nmap]] | ||
+ | * [[nmap: serang SQL]] | ||
+ | * [[nmap: cek SQL Injection]] | ||
+ | * [[nmap: cek username password network neighbourhood windows]] | ||
+ | * [[Vega Vulnerability Scanner]] | ||
==XSS Scanner== | ==XSS Scanner== | ||
Line 40: | Line 59: | ||
==Web Security== | ==Web Security== | ||
+ | * [[hacking: web deface]] | ||
+ | * [[hacking: 13 langkah deface web]] | ||
+ | * [[hacking: openvas]] | ||
+ | * [[w3af : audit web application security]] | ||
+ | * [[Menangkal Serangan XSS]] | ||
+ | * [http://blog.cyber4rt.com/security/menangkal-tekhnik-serangan-xss-pada-website-anda/ TEKHNIK MENANGKAL SERANGAN XSS] | ||
* [[MITM Attack on Mandiri Internet Banking using SSLStrip]] | * [[MITM Attack on Mandiri Internet Banking using SSLStrip]] | ||
* http://www.ilmuhacking.com/web-security/memahami-cara-kerja-token-internet-banking/ | * http://www.ilmuhacking.com/web-security/memahami-cara-kerja-token-internet-banking/ | ||
Line 47: | Line 72: | ||
* [[Sniffing SSL Traffic using oSpy]] | * [[Sniffing SSL Traffic using oSpy]] | ||
* [http://www.ilmuhacking.com/cryptography/sniffing-ssl-traffic-using-ospy/ Sniffing SSL Traffic using oSpy] | * [http://www.ilmuhacking.com/cryptography/sniffing-ssl-traffic-using-ospy/ Sniffing SSL Traffic using oSpy] | ||
+ | |||
+ | * http://blog.cyber4rt.com/security/tekhnik-menangkal-serangan-sql-injection-pada-website-anda | ||
+ | |||
+ | ===DDOS Apache=== | ||
+ | |||
+ | * http://tanyarezaervani.wordpress.com/2011/09/02/artikel-khusus-menyerang-server-dengan-apache-killer/ | ||
+ | * http://tanyarezaervani.wordpress.com/2011/09/02/berita-185-apache-http-server-2-2-20-perbaiki-dos-vulnerability/ | ||
+ | * http://tanyarezaervani.wordpress.com/2011/09/02/koleksi-exploit-apache-killer/ | ||
+ | * http://tanyarezaervani.wordpress.com/2011/09/02/koleksi-exploit-2-alternatif-apache-killer/ | ||
+ | |||
+ | ===Web Attack=== | ||
+ | |||
+ | * [[sqlmap: intro]] | ||
==Sniffing== | ==Sniffing== | ||
Line 55: | Line 93: | ||
* http://www.alexonlinux.com/tcpdump-for-dummies | * http://www.alexonlinux.com/tcpdump-for-dummies | ||
* http://acs.lbl.gov/~jason/tcpdump_advanced_filters.txt | * http://acs.lbl.gov/~jason/tcpdump_advanced_filters.txt | ||
+ | * http://blog.cyber4rt.com/video/facebook-sniffer-on-android/ | ||
+ | * [[Script untuk sniffing password dan data di lan/wlan menggunakan ettercap, sslstrip, urlsnarf]] | ||
+ | |||
+ | ===Sniffing / Pentest VoIP=== | ||
+ | |||
+ | * http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP | ||
+ | |||
+ | ==Spoofing== | ||
+ | |||
+ | * [[DNS Spoofing Dengan Scapy]] | ||
==SQL Injection== | ==SQL Injection== | ||
Line 65: | Line 113: | ||
* http://fairuz.web.id/kumpulan-google-dork-untuk-sql-injection-deface-website-lewat-google.html | * http://fairuz.web.id/kumpulan-google-dork-untuk-sql-injection-deface-website-lewat-google.html | ||
* http://blog.cyber4rt.com/hacking/tutorial-sql-injection-step-by-step-for-dummies | * http://blog.cyber4rt.com/hacking/tutorial-sql-injection-step-by-step-for-dummies | ||
+ | * [[sqlmap: memperoleh password database sql]] | ||
+ | * [[sqlmap: tutorial]] | ||
+ | * [[sqlmap: contoh vurneable php code]] | ||
+ | * https://www.owasp.org/index.php/Code_Injection | ||
+ | * http://www.breakthesecurity.com/2010/12/hacking-website-using-sql-injection.html | ||
+ | * http://pentestlab.org/setting-up-mutillidae-in-ubuntu-backtrack-backbox-etc-manual-sql-injection/ | ||
===SQL Injection Software=== | ===SQL Injection Software=== | ||
Line 79: | Line 133: | ||
* http://sourceforge.net/projects/hexjector/ | * http://sourceforge.net/projects/hexjector/ | ||
* http://sourceforge.net/projects/joomscan/ | * http://sourceforge.net/projects/joomscan/ | ||
+ | * [[SQLMap : Instalasi]] | ||
+ | |||
+ | ===Belajar Menangani SQL Injection=== | ||
+ | |||
+ | * Vulnerable Apps | ||
+ | ** [[Metasploitable]] | ||
+ | ** [[DVWA]] | ||
+ | ** [[BWaPP]] | ||
+ | ** [[Mutillidae]] | ||
+ | ** [[WebGOAT]] | ||
+ | ** [[UltimateLAMP]] | ||
+ | |||
+ | * http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/ | ||
+ | * http://dasunhegoda.com/php-security-fail-vulnerable/466/ | ||
+ | * http://dasunhegoda.com/php-security-fail-vulnerable-2/490/ | ||
+ | * http://www.breakthesecurity.com/2011/12/set-up-your-own-lab-for-practacing-sql.html | ||
+ | * http://www.dvwa.co.uk/ | ||
+ | * [[SQLMap: Instalasi DVWA]] | ||
+ | |||
+ | ** http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson7/ | ||
+ | ** https://pentestlab.wordpress.com/2012/11/24/owning-the-database-with-sqlmap/ | ||
+ | ** http://www.betterhacker.com/2011/10/owning-dvwa-sqli-with-sqlmap.html | ||
+ | ** http://www.latesthackingnews.com/2014/09/03/blind-sql-injection-dvwa-using-sqlmap/ | ||
+ | ** http://www.null-reference.com/linux/sqlmap-with-dvwa-damn-vunerable-web-app/ | ||
+ | ** http://blog.spiderlabs.com/2013/12/sqlmap-tricks-for-advanced-sql-injection.html | ||
+ | ** [[SQLMap: Contoh SQL Injection ke DVWA]] | ||
+ | ** [[SQLMap: Contoh cara remote hack database]] | ||
+ | |||
+ | ==Cellular / Mobile Hacking== | ||
+ | |||
+ | * http://www.neopwn.com | ||
+ | * http://www.neopwn.com/software.php | ||
+ | |||
+ | |||
+ | ==Penyadapan== | ||
+ | |||
+ | * [[Penyadapan VoIP]] | ||
+ | * [[xplico]] | ||
+ | |||
+ | ==Wordlist== | ||
+ | |||
+ | * http://indobacktrack.or.id/content.php?302-Membuat-Wordlist-Dengan-TWOFI-di-Backtrack | ||
+ | |||
+ | ==SQLmap== | ||
+ | |||
+ | * http://c-i-a-m-i-s.net/exploit/sql-map-os-shell.asp | ||
+ | * https://github.com/sqlmapproject/sqlmap/wiki/Presentations | ||
+ | * https://github.com/sqlmapproject/sqlmap/wiki/Introduction | ||
+ | * https://delicious.com/inquis/sqlinjection | ||
+ | * http://egodox.blogspot.com/2013/04/hack-website-using-sqlmap-sql-injection.html | ||
+ | * http://www.binarytides.com/sqlmap-hacking-tutorial/ | ||
+ | * http://hackonadime.blogspot.com/2011/07/sqlmap-introduction-sql-injection.html | ||
+ | |||
+ | ==Stealth== | ||
+ | |||
+ | * [[Stealth: Teknik Siluman]] | ||
+ | * [[Stealth: Penyiapan Infrastruktur untuk Latihan Serangan]] | ||
==Forum== | ==Forum== | ||
* http://indobacktrack.or.id/forum/ | * http://indobacktrack.or.id/forum/ | ||
+ | * http://forum.binushacker.net/ | ||
+ | * http://forum.hacker-cisadane.org/ | ||
==Buku & Tutorial== | ==Buku & Tutorial== | ||
Line 88: | Line 201: | ||
* [http://www.jasakom.com/index.php?categoryid=15 Buku Jasakom] | * [http://www.jasakom.com/index.php?categoryid=15 Buku Jasakom] | ||
* http://www.offensive-security.com/backtrack-tutorials.php | * http://www.offensive-security.com/backtrack-tutorials.php | ||
+ | * http://pustaka.xcode.or.id | ||
==Echo ezine== | ==Echo ezine== | ||
Line 128: | Line 242: | ||
* http://www.jasakom.com | * http://www.jasakom.com | ||
* http://www.remote-exploit.org | * http://www.remote-exploit.org | ||
+ | * http://blog.cyber4rt.com - It's all about 4rt, not how smart you are | ||
* http://www.xnuxer.or.id | * http://www.xnuxer.or.id | ||
+ | * http://www.hacker-cisadane.org | ||
* http://www.ilmuhacking.com | * http://www.ilmuhacking.com | ||
* http://indobacktrack.or.id/forum/ - forum [[backtrack]] | * http://indobacktrack.or.id/forum/ - forum [[backtrack]] | ||
Line 137: | Line 253: | ||
* http://www.hackforums.net | * http://www.hackforums.net | ||
* http://www.exploit-db.com | * http://www.exploit-db.com | ||
− | * http:// | + | * http://devilzc0de.org/forum/ |
* http://sumatrahacker.or.id | * http://sumatrahacker.or.id | ||
* http://www.exploit-id.com/ | * http://www.exploit-id.com/ | ||
− | * http:// | + | * http://balicoder.org/ |
==Repository== | ==Repository== | ||
Line 153: | Line 269: | ||
* [[Samurai Pentest]] | * [[Samurai Pentest]] | ||
* [[BackBox]] | * [[BackBox]] | ||
+ | * [[Kali Linux]] | ||
==Pranala Menarik== | ==Pranala Menarik== | ||
* [[Linux Howto]] | * [[Linux Howto]] | ||
+ | * [[Hacking: Komunitas Underground]] | ||
+ | * [[Hacking: Orek-Orekan Demo Hacking]] | ||
+ | * [[Hacking: Catatan Hack HP Android]] | ||
+ | |||
[[Category: hacking]] | [[Category: hacking]] |
Latest revision as of 11:28, 27 May 2018
- Metoda serangan jaringan komputer secara umum
- Menjalankan Exploit Source Code untuk Pemula dari LiveCD Backtrack
- Membuat Script Indonesia Jaya Tembus Password
- Wireless Hacking
- Mengenal Serangan Man-in-The-Middle MITM
- Buffer Overflow
- Copy Pentest Backtrack
- http://hendrasiahaan.wordpress.com/2010/03/24/11-kelemahan-yang-kerap-tidak-disadari-admin-jaringan/
- http://artikel.xcode.or.id/mengirim-ratusan-wall-facebook-dengan-cepat/
- TuxCut
- Mengirimkan e-mail menggunakan telnet, tanpa bantuan software apapun
- Damn Vulnerable Web App DVWA
Pengetahuan Umum
- Dunia Bawah Tanah di Internet
- Gerandongteam
- http://tz.ucweb.com/3_2qxI8 - Workflow Pengintaian Serangan dari Hacker
- http://tz.ucweb.com/3_2qxI9 - Perencanaan Pengujian Penetrasi Sasaran Jaringan
- http://tz.ucweb.com/3_2qxIa - Teknik Scan Sasaran Serangan menggunakan Unicornscan
Tools
- http://backtrack.offensive-security.com/index.php/Tools - daftar tool hacking
- http://exploit-id.com/ - Tempat Kumpulan Exploit Indonesia ..
- Instalasi Aplikasi Backtrack di Ubuntu
Serangan Ke Windows
- Remote Desktop Tanpa Menyentuh Komputer yg Di remote
- Keylogger canggih: Merekam ketukan keyboard target tanpa menyentuh komputernya
- Masuk ke DOS di Windows melalui Jaringan
- 3 Tahap Membuka Password Windows dengan Ubuntu
- http://www.ilmuhacking.com/web-security/menjaring-password-dengan-firefox-sniffer/
- http://blog.cyber4rt.com/software/download-keylogger-terkecil-di-dunia - MRHPx Key Logger v1.8 (PUBLIC VERSION)
- Meng-Hack Password Komputer XP/VISTA/WIN7
Yahoo
VoIP
Scanner
- nmap
- nmap: serang SQL
- nmap: cek SQL Injection
- nmap: cek username password network neighbourhood windows
- Vega Vulnerability Scanner
XSS Scanner
Web Security
- hacking: web deface
- hacking: 13 langkah deface web
- hacking: openvas
- w3af : audit web application security
- Menangkal Serangan XSS
- TEKHNIK MENANGKAL SERANGAN XSS
- MITM Attack on Mandiri Internet Banking using SSLStrip
- http://www.ilmuhacking.com/web-security/memahami-cara-kerja-token-internet-banking/
- http://www.ilmuhacking.com/cryptography/memecahkan-kriptografi-dengan-chosen-plaintext-attack/
- http://www.ilmuhacking.com/web-security/membuat-web-dengan-otentikasi-berbasis-token/
- http://www.ilmuhacking.com/web-security/berburu-direktori-dan-file-sensitif-dengan-dirbuster/
- Sniffing SSL Traffic using oSpy
- Sniffing SSL Traffic using oSpy
DDOS Apache
- http://tanyarezaervani.wordpress.com/2011/09/02/artikel-khusus-menyerang-server-dengan-apache-killer/
- http://tanyarezaervani.wordpress.com/2011/09/02/berita-185-apache-http-server-2-2-20-perbaiki-dos-vulnerability/
- http://tanyarezaervani.wordpress.com/2011/09/02/koleksi-exploit-apache-killer/
- http://tanyarezaervani.wordpress.com/2011/09/02/koleksi-exploit-2-alternatif-apache-killer/
Web Attack
Sniffing
- Instalasi Wireshark
- http://awarmanf.wordpress.com/2010/04/29/tcpdump-dan-wireshark-untuk-sniffing-network/
- http://workaround.org/using-tcpdump-and-wireshark
- http://www.alexonlinux.com/tcpdump-for-dummies
- http://acs.lbl.gov/~jason/tcpdump_advanced_filters.txt
- http://blog.cyber4rt.com/video/facebook-sniffer-on-android/
- Script untuk sniffing password dan data di lan/wlan menggunakan ettercap, sslstrip, urlsnarf
Sniffing / Pentest VoIP
Spoofing
SQL Injection
SQL Injection Tutorial
- http://www.stmik-im.ac.id/userfiles/TEHNIK%20SQL%20INJECTION.pdf
- http://www.sekuritionline.net/plugins/p2_news/printarticle.php?p2_articleid=7
- http://www.binushacker.net/simple-sql-injection-tutorial.html
- http://fairuz.web.id/kumpulan-google-dork-untuk-sql-injection-deface-website-lewat-google.html
- http://blog.cyber4rt.com/hacking/tutorial-sql-injection-step-by-step-for-dummies
- sqlmap: memperoleh password database sql
- sqlmap: tutorial
- sqlmap: contoh vurneable php code
- https://www.owasp.org/index.php/Code_Injection
- http://www.breakthesecurity.com/2010/12/hacking-website-using-sql-injection.html
- http://pentestlab.org/setting-up-mutillidae-in-ubuntu-backtrack-backbox-etc-manual-sql-injection/
SQL Injection Software
- http://www.itsecteam.com/en/projects/project1.htm - Havij
- http://www.itsecteam.com/en/projects/project1_page2.htm - Havij Download
- http://linuxpoison.blogspot.com/2008/04/sql-injection-tool-sqlninja.html
- http://sourceforge.net/projects/sqlninja/files/
- http://sourceforge.net/projects/wapiti/
- http://sourceforge.net/projects/spinj/
- http://sourceforge.net/projects/paros/
- http://sourceforge.net/projects/w3af/
- http://sourceforge.net/projects/sqlmap/
- http://sourceforge.net/projects/hexjector/
- http://sourceforge.net/projects/joomscan/
- SQLMap : Instalasi
Belajar Menangani SQL Injection
- Vulnerable Apps
- http://pentestlab.org/10-vulnerable-web-applications-you-can-play-with/
- http://dasunhegoda.com/php-security-fail-vulnerable/466/
- http://dasunhegoda.com/php-security-fail-vulnerable-2/490/
- http://www.breakthesecurity.com/2011/12/set-up-your-own-lab-for-practacing-sql.html
- http://www.dvwa.co.uk/
- SQLMap: Instalasi DVWA
- http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson7/
- https://pentestlab.wordpress.com/2012/11/24/owning-the-database-with-sqlmap/
- http://www.betterhacker.com/2011/10/owning-dvwa-sqli-with-sqlmap.html
- http://www.latesthackingnews.com/2014/09/03/blind-sql-injection-dvwa-using-sqlmap/
- http://www.null-reference.com/linux/sqlmap-with-dvwa-damn-vunerable-web-app/
- http://blog.spiderlabs.com/2013/12/sqlmap-tricks-for-advanced-sql-injection.html
- SQLMap: Contoh SQL Injection ke DVWA
- SQLMap: Contoh cara remote hack database
Cellular / Mobile Hacking
Penyadapan
Wordlist
SQLmap
- http://c-i-a-m-i-s.net/exploit/sql-map-os-shell.asp
- https://github.com/sqlmapproject/sqlmap/wiki/Presentations
- https://github.com/sqlmapproject/sqlmap/wiki/Introduction
- https://delicious.com/inquis/sqlinjection
- http://egodox.blogspot.com/2013/04/hack-website-using-sqlmap-sql-injection.html
- http://www.binarytides.com/sqlmap-hacking-tutorial/
- http://hackonadime.blogspot.com/2011/07/sqlmap-introduction-sql-injection.html
Stealth
Forum
Buku & Tutorial
Echo ezine
echo|zine issue #20 ( Pebruari 2009 )
- Introduction .................................................. y3dips
- Pseudo-random .............................................. anonymous
- Interview with Onno W Purbo......................................az001
- What`s goin on echo forum ............................anonymous-co-ed
- Intercepting Library Call ............................ mulyadi santosa
- Caesar Shift Cipher............................................... Rey
- ARPWall; Konsep dan Pembuktian ............................... y3dips
- Encryption: Algoritma Combo .................................... jackD
- Prophile on Jck.mrshl ................-----................. echostaff
- Enkripsi dan Dekripsi dengan Fungsi Mcrypt di PHP............ monqichi
- Salty Py; Password Salt Bruteforcer .. sheran gunasekera & selwin ong
- Anti-Forensic; Seek and Destroy .............................jck.mrshl
- Hacker LogBook....................................lirva 32; x-diamond1
echo|zine issue #19 ( Agustus 2008 )
- Introduction .................................................. y3dips
- Pseudo-random .............................................. anonymous
- idsecconf ................................................. echo|staff
- Digital Signature secara gampangnya ......................... mamasexy
- cryptography : Simple a-symetric algorithm................. x-diamond1
- Prophile on CyberTank .................................... echo|staff
- Prophile on lirva32 ...................................... echo|staff
- Whats Goin On Echo Forum ....................................... az001
- Bailiwicked DNS Attack (Cache Poisoning) .................... Cyberheb
- Scapy: obrak-abrik paket data ................................. y3dips
- Hacker LogBook ........................................ various artist
Referensi Menarik
- http://www.echo.or.id
- http://ezine.echo.or.id/ezine-index.html
- http://www.jasakom.com
- http://www.remote-exploit.org
- http://blog.cyber4rt.com - It's all about 4rt, not how smart you are
- http://www.xnuxer.or.id
- http://www.hacker-cisadane.org
- http://www.ilmuhacking.com
- http://indobacktrack.or.id/forum/ - forum backtrack
- http://www.backtrack-linux.org
- http://indobacktrack.or.id/
- http://id-backtrack.com/
- http://www.chinapage.com/sunzi-e.html - SunTsu the Art of War
- http://www.hackforums.net
- http://www.exploit-db.com
- http://devilzc0de.org/forum/
- http://sumatrahacker.or.id
- http://www.exploit-id.com/
- http://balicoder.org/