Thursday, February 28, 2008

Firewall

Merupakan suatu aplikasi @ perisian yang mengawal in & out bound (apa saja yg masuk dr network card) network traffic
  • menapis in / out dlm network
  • pengawal traffic (allow & block)
  • bukan antivirus
  • cth firewall (COMODO -> rules allow + block)
Keperluan pada pc :
  • utk kawal in & out bound yg berlaku dlm network card
  • control sebarang komunikasi atr pc dgn pc yg lain / host lain drpd network card.
  • hanya menggunakan rules
    • 1. allow + deny
    • 2. accept + firewall
    • 3. allow + block

* Setiap komunikasi yang berlaku menggunakan IP + Port
Port
80 - http
8080 - proxy
21 - ftp
53 - DNS
110 - POPS
22 - ssh (hacker selalu guna)
20 - telnet

* Reason guna firewall Staff & student :
  • tidak benarkan mana-mana pihak boleh control server
  • Kalau student & staf boleh control server maka tiada fungsi Chief Network Server
* PC standalone tidak boleh control PC lain untuk block kerana ia bukan server (iaitu PC yg lain2 tidak connect pada PC tersebut)


A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

Reference - http://en.wikipedia.org/wiki/Firewall

Monday, February 25, 2008

Latihan hacked di www.hackthissite.org

Di website ini disediakan cara2 utk hack website berdasarkan kepada Basic Level, Mission level dan seterusnya. Untuk Basic Level didalamnya terdapat 10 stage...
kusut kepala utk lepas setiap stage nih....aduhai... (kak murni kata utk menjadi hackers yg sebenaqnya kena fikior secara kritis / analitics thinking....)...
Tapi bagi diA,sebenarnya klu takde basic belajaq html coding, script (javascript & vbscript) tu tak leh gak... jadi blur2..gitu ;-p
Lama dah ngaji coding2 tuh....mcm siput jer nk buat ujian kt www.hackthissite.org ...hmmm
Sehingga tarikh hari ini 25/2/08 dari 22/2/08 baru lepas stage 7 @ nk masuk stage 8.

Hacked Website menggunakan SQL Injection (magic code)

SQL Injection - Magic Code

Berikut adalah antara website yg berjaya nadia masuki dan ketika ini mungkin website-website tersebut telah kemaskini (update) :
1. http://www.inneresteem.com
2. http://myeshop4u.com
3. pgcs.upm.edu.my/pli
4. www.diginex.com.my
5. http://www.alhidayah-tamesna.com
6. www.agriplaza.com.my
7. www.lamwood.net
8. http://www.iccweb.com
9. www.mcmweb.org
10. http://www.bima.net
11. www.melrosepyro.com
12. http://bcahosting.com
13. http://www.mathcounts.org
14. www.malangkab.go.id
15. www.nyscatholicconference.org

Wednesday, February 20, 2008

Remote File Inclusion (RFI)

Remote File Inclusion (RFI)

  • 1 teknik yang digunakan untuk ceroboh website internet drpd komputer kawalan jauh (remote computer)
  • is a technique used to attack Internet websites from a remote computer.
  • berlaku dlm programming yg tidak mempertimbangkan security khususnya dlm php
  • berlaku dalam url
  • include


Tuesday, February 19, 2008

Cross Site Scripting @ XSS

XSS
  • curi cookies
  • 1 teknik yg digunakan oleh attacker utk hantar sebrg script pd web user.
  • berlaku pd aplikasi web
  • script yg biasa digunakan oleh XSS Javascript@VBscript utk mdptkn cookies

  • cth :
  • masukkan script (vbscript) utk buatkan (dokumen.cookies) & dptkn cookies tsbt copy & paste pd website / pc.
  • website rujukan http://www.milw0rm.com

Definisi umum:

Mana2 attacker akan hantar script pd website user yg ada vulnerability, x kira mana2 script php,html script atau lain2 yg digunakan dihantar pd website user / aplikasi web utk bypass @ masuk website tsbt.
* cara utk hack komputer : (ada byk cara )
  1. SQL Injection
  2. Remote Injection
* masukkan
  • guestbook
  • upload file



"What is Cross Site Scripting?"

Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it, then it may be possible for "joe" to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below.


Reference : http://www.cgisecurity.com/articles/xss-faq.shtml#whatis

Tuesday, February 12, 2008

SQL Injection

Apa itu SQL Injection ?
  • Vulnerable system / internet website

  • Magic code

  • code string -> 'a or 'a' = a'

  • a' or 't'='t
    Pada username masukkan = admin
    Password “ = `1 or `1`=`1

    Atau

    Pada username masukkan = `1 or `1`=`1
    Password “ = `1 or `1`=`1

    Sistem tidak dapat detect ( ` `@ ` ` ) krn x ada username / password (user/pengguna) yg letak spt itu melainkan string shj spt 1 or 1 = 1, tidak `1 or `1`=`1.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.


Reference: Wikipedia, the free encyclopedia



Tujuan SQL injection :
  • DOS ( Denial of services)

  • Access / akses

  • Modify


HOW TO PROTECT FROM SQL INJECTION

  • protect di application level

  • server level

  1. if...else statement ( di bhg login )

  2. escape ' 1 ' single code

  3. parameter statement

4. Username -> email


password -> password

(Berikut adalah contoh coding SQL utk paparan interface di atas )


$ SQL = " SELECT nama_penyelia, tahap_penyelia, id_penyelia

FROM penyelia WHERE username = '$name' and

password = '$pass';



* Letakkan coding dibawah utk prevent SQL Injection : ataupun syarat dimana jika ada Hackers yg letakkan Magic Code x' or '1' = '1 maka website telah detect & akses tidak dibenarkan.

* variable name dihantar / dibaca dari belakang ke depan iaitu :

Tujuan if...else statement = utk - > (jika website sendiri)

  1. check $name contain
  2. reject- jika ada single code / reject jika true

* Server + mod security + Apache ( utk prevent injection di server jika melibatkan byk website)

* Setkn single code + SQL code (Magic string) di server utk reject sebarang cubaan hack.


Sniffer

Sniff = hidu @ menghidu data yang dihantar antara pc.

Sniffer = tools untuk hidu.

Network sniffer & Packet Sniffer.

Free useful sniffer software from internet :
  1. Cain

  2. Ethercap
Dimana kedua-duanya menggunakan konsep MITM.

Objektif :
  • untuk sniff apa yang pc orang lain buat (aktiviti)

  • alat / tools untuk hack password, poison network, email
Sniffer
  • plain -> hidu

  • MITM ( Men in the middle)


Skill set : (untuk mahir menggunakan sniffer)
  1. Ip Addressing

  2. Indentify - (target (tahu pc mana yg dikehendaki) & source

  3. Ptotokol - Tcp/Ip

  4. Filtering

htttps = guna port 443

http = port 80

Ms Outlook / email sistem = 25 & 110

Utk sniff ke google, tindakan yg perlu dilakukan :
  • Sniff ke pc D & sniff ke router shj krn laluan yang sama akan dilalui utk sniff & google menghantar semula penghantaran (jwpn)
  • Tetapi apabila aktiviti sniff dilakukan pc A @ lain2 pc tidak dapat sniff / lakukan aktiviti lain kerana kekacauan (sniff) menyebabkan network menjadi slow.

Monday, February 11, 2008

Tools yg telah dipraktikkan cara pengggunaannya.

UTP backbone cable


Serial Cable

Router back


Router back



Console Cable
Cisco router2600





Monday, February 04, 2008

Friday, February 01, 2008

4 UTP Cable


NETWORK CABLING

4 UTP CABLE :

  1. Unshielded Twisted Pair

  2. Shielded Twisted Pair

  3. Coaxial Cable

  4. Fiber Optic Cable

* kabel-kabel UTP boleh ditarik / digunakan sepjg max 100 meter.
1. Unshielded Twisted Pair

Telekomunikasi - ( Telefon, Internet, pc 2 pc, point 2 point, node 2 node)


DEFINITION: This definition closely duplicates the definition for twisted pair.

Unshielded twisted pair is the most common kind of copper telephone wiring. Twisted pair is the ordinary copper wire that connects home and many business computers to the telephone company. To reduce crosstalk or electromagnetic induction between pairs of wires, two insulated copper wires are twisted.


Reference : http://www.bitpipe.com/tlist/Unshielded-Twisted-Pair-Cable.html




2. Shielded Twisted Pair
Pengalir - ( tahan gangguan elektrik / elektronik, distance )




3. Coaxial Cable

Tv, CCTV

Coaxial Cable - Orginally used for the cable television industry coaxial cable is now widely used for computer networks. Although it is more expensive than standard telephone wires it is less susceptible to interference and can transmit more data.


Reference - http://www.24by7.ca/glossary.htm



4. Fiber Optic Cable
Terdapat gentian kaca di dalamnya. – (Mahal, Rapuh, Tahan haba & kelembapan, cahaya, noise (bunyi bising), Server, Penghantaran data (laju)

Defination :
Optical fiber (or "fiber optic") refers to the medium and the technology associated with the transmission of information as light pulses along a glass or plastic wire or fiber. Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company long-distance lines are now of optical fiber.
Transmission on optical fiber wire requires repeaters at distance intervals. The glass fiber requires more protection within an outer cable than copper. For these reasons and because the installation of any new wiring is labor-intensive, few communities yet have optical fiber wires or cables from the phone company's branch office to local customers (known as local loops).
A type of fiber known as single mode fiber is used for longer distances; multimode fiber fiber is used for shorter distances.