Selasa, Ogos 27, 2013

Bagaimana serangan "SQL injection" dilakukan ?

Dicatat oleh Hirasawa Yui di 6:53 PTG 0 ulasan
Label: , , , , , , ,

Chromium (Linux) || UTHM Proxy 

wondergirl@k-pop : ~ chromium-browser --proxy-server=proxy.uthm.edu.my:8080
Dicatat oleh Hirasawa Yui di 6:04 PTG 0 ulasan
Label: , , ,

Selasa, Ogos 20, 2013

Linux & Ultrasurft

1. Muatturun Ultasurf dari https://ultrasurf.us
2. Muatturun fail DLL UltraSurf dari http://mir.cr/15NRVZBG
3. Extrak semua fail UltraSurf DLLs.zip dan salin / copy semua dll tersebut (mfc42.dll , msvcp60.dll) dan tampal / paste di 
~/.wine/drive_c/windows/system32

Jalankan ultrasurf melalui emulator wine. Buka peluncur / browser anda dan tetapkan proxy dengan tetapan 127.0.0.1 port 9666

"Ready to Surf and keep your breath of freedom"
Dicatat oleh Hirasawa Yui di 11:17 PG 0 ulasan
Label: , , , ,

Isnin, Ogos 19, 2013

PHP : Scan port 

<?php
$target = "72.14.207.99"; // your target
$ports = array(21, 25, 79, 80); // http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
$timeout = 1; // ...timeout

function portScan($host, $port, $timeout=30) {
$fp = @fsockopen($host, $port, $errno, $errstr, $timeout);
if ($fp) {
return True;
} else {
return False;
}
}

ob_start();
foreach($ports as $port) {
$scan=portScan($target, $port, $timeout);
if($scan[0]) {
echo "Success $target:$port<br />";
} else {
echo "Fail $target:$port<br />";
}
ob_flush(); // Used to send data right after instead of waiting for entire scan
flush(); // See last comment.
}
?>
Dicatat oleh Hirasawa Yui di 11:18 PTG 0 ulasan
Label: ,

PHP : Decryption - stripslashes(gzinflate(base64_decode()) 

<?php
//name  : stripslashes(gzinflate(base64_decode DECRYPTER

echo '<p align="center">eval(stripslashes(gzinflate(base64_decode DECRYPTER<br><hr>

<p align="center">coded by dika_xb ||
hacker-newbie.org  || hujan.asap@gmail.com<br>
<hr>
<p align="center"> how to use ? <p>
this script :<br> < ?php<br>
eval(stripslashes(gzinflate(base64_decode("<b>SCRIPT HERE</b>"))));
<BR>?>  <br>

put <b>SCRIPT HERE</b> to text box and decrypt <br>';
   set_time_limit(100);    
 
  $isi = $_POST['data'];
        if(isset($isi)){
  




  $isi = str_replace('?>',"",$isi);
$isi = str_replace('<?php eval(("',"",$isi);

$isi = str_replace('"',"",$isi);
$isi = str_replace(')))); ?><?',"",$isi);

$isi = str_replace(')',"",$isi);
$isi = str_replace(';',"",$isi);;
    

  
     

   

   function dec($isi)
   {
         $isi = stripslashes(gzinflate(base64_decode($isi)));

    $isi = str_replace('?><?php eval(stripslashes(gzinflate(base64_decode("',"",$isi);
$isi = str_replace('")))); ?><?',"",$isi);

$cari = ';';
$find = strpos($isi,$cari);

if($find === false) {dec($isi);}
else 
{
    $isi = str_replace("</textarea>","</textarea>",$isi);
   echo "<form action='' method='post'> <textarea rows='8' cols='150' name=data>$isi </textarea><br><br><input type='submit' value='decrtipt'>";
     
}




        
return($isi);
   }
   $i=0;

   $isi = dec($isi);
 


        }
        else
        {
            echo '<form action="" method="post"> 
<textarea name="data" rows="8" cols="150"></textarea> <br>
<input type="submit" value="decrtipt">';
        }
        
     
?>
Dicatat oleh Hirasawa Yui di 11:06 PTG 0 ulasan
Label: , ,

PHP : Muat-naik fail dari URL 

<?php 
$PHP_SELF = $_SERVER['PHP_SELF']; 

if ($_GET[xfer]) { 
if ($_POST[from] == "") { 
print "You forgot to enter a url."; 
} else { 
copy("$_POST[from]", "$_POST[to]"); 
$size = round((filesize($_POST[to])/1000000), 3); 
print "transfer complete.<br> 
<a><a href=\"$_POST[from]\">$_POST[from]</a><br> 
<a><a href=\"$_POST[to]\">$_POST[to]</a> : $size MB"; 
} 
} else { 
print "<form action=\"$PHP_SELF?xfer=true\" method=post> 
from(http://): <input name='from' value=''><br> 
to(filename): <input name='to'><br> 
<input type=submit value=\"transload\">"; 
} 
?>
Dicatat oleh Hirasawa Yui di 11:02 PTG 0 ulasan
Label: ,

Sakura @ UTHM

Dicatat oleh Hirasawa Yui di 6:32 PTG 0 ulasan
Label: ,

XSS : http://mobile.magnum4d.com.my

Dicatat oleh Hirasawa Yui di 3:52 PG 0 ulasan
Label: , ,

Kemalangan di Batu Pahat, Johor melibatkan treler dan kereta

BATU PAHAT – Seorang lelaki maut selepas kereta yang dipandunya merempuh bahagian tengah sebuah treler, dalam kejadian pagi semalam.

Kejadian kira-kira jam 7 pagi itu berlaku di Kilometer 11, Jalan Besar Tongkang Pechah apabila sebuah treler yang keluar dari sebuah simpang gagal dielak mangsa.

Saksi kejadian yang hanya mahu dikenali sebagai Zaki, 30, berkata, dia yang menunggang motosikal untuk ke tempat kerjanya terdengar bunyi dentuman kuat.

"Selepas itu, saya dapati sebuah kereta Perodua Kenari telah merempuh treler yang keluar dari simpang.

"Dalam keadaan kelam kabut itu saya dimaklumkan oleh orang ramai bahawa pemandu kereta itu telah meninggal dunia," katanya.

Sementara itu, Ketua Polis Daerah Batu Pahat, Asisten Komisioner Din Ahmad mengesahkan kejadian itu dan berkata mangsa Yeow Siang Boon, 25, disahkan meninggal akibat kecederaan yang serius.

Siasatan awal juga mendapati kereta berkenaan dipandu laju dan pada masa yang sama treler berkenaan keluar dari sebuah simpang, lalu gagal mengelaknya.

“Mayat dibawa ke Hospital Sultanah Nora Ismail (HSNI), Batu Pahat untuk dibedah siasat,” katanya.

Katanya, buat masa ini pihak polis masih lagi menjalankan siasatan terperinci berkaitan insiden berkenaan dan kes disiasat mengikut Seksyen 41(1) Akta Pengangkutan Jalan (APJ) 1987.

Artikel ini dipetik daripada Akhbar Sinar Harian.
Dicatat oleh Hirasawa Yui di 12:04 PG 0 ulasan
Label: ,

Ahad, Ogos 18, 2013

Kemalangan Batu Pahat, Johor (Berhampiran UTHM) - 16 Ogos 2013

BATU PAHAT - Seorang remaja maut, manakala rakannya cedera parah selepas motosikal dinaiki mereka terbabas berhampiran Jalan Besar Parit Jalil, Parit Sulong, dekat sini, kelmarin.

Dalam kejadian yang berlaku kira-kira jam 3.55 petang itu, mangsa yang juga pembonceng motosikal, Mohamad Azlisham Rahim, 14, meninggal dunia di lokasi kemalangan.

Ketua Polis Daerah Batu Pahat, Asisten Komisioner Din Ahmad berkata, nahas berlaku apabila moto- sikal Honda EX5 yang ditunggang seorang remaja bersama mangsa yang maut tiba-tiba hilang kawalan.

Menurutnya, selepas terbabas, motosikal itu terlanggar tiang elektrik di kawasan kemalangan.

“Penunggang motosikal yang masih belum dikenal pasti identitinya cedera parah sebelum dihantar ke Hospital Sultanah Nora Ismail (HSNI) Batu Pahat untuk rawatan lanjut.

“Manakala, mayat pembonceng yang maut juga dihantar ke HSNI untuk proses selanjutnya,” katanya kepada Sinar Harian, di sini, semalam.

Din berkata, siasatan lanjut akan diteruskan bagi mengenal pasti punca sebenar nahas dan orang ramai yang menyaksikan kejadian berkenaan diminta tampil ke balai polis berhampiran untuk membantu siasatan.

Beliau berkata, kes disiasat mengikut Seksyen 41(1) Akta Pengangkutan Jalan 1987.

“Pengguna jalan raya dinasihati lebih berwaspada ketika memandu bagi mengelakkan diri daripada menjadi mangsa kemalangan,” katanya.

Artikel ini dipetik daripada Akhbar Sinar Harian.
Dicatat oleh Hirasawa Yui di 11:57 PTG 0 ulasan
Label:

PHP : Switch Case 

<?php

$day = 'Saturday';

switch ($day) {
case 'Saturday':
case 'Sunday':
echo 'It\'s a weekend.';
break;

default:
echo 'Not a weekend.';
break;
}

?>
Dicatat oleh Hirasawa Yui di 10:36 PG 0 ulasan
Label: , ,

Peribadi : Andai kata ku dapat terbang membawa diriku

Dicatat oleh Hirasawa Yui di 10:31 PG 0 ulasan
Label: ,

SQL Injection Finder

Bash file :
#!/bin/bash
# NAME:SQLi finder
# AUTHOR: "XNOD_DIE" 
#don't  change author.. #
#warna
###############
green=$(printf "\033[32m")
red='\e[1;31m'
yellow='\e[1;33m'
################

echo "SQLi finder"
echo "Automated scan same hosting"
echo "collaboration : ritx with nmap-6.01"
echo -e $red" o   o o   o  o-o  o-o        o-o   o-O-o o--o
 \ /  |\  | o   o |  \       |  \    |   |   
  O   | \ | |   | |   O      |   O   |   O-o 
 / \  |  \| o   o |  /       |  /    |   |   
o   o o   o  o-o  o-o        o-o   o-O-o o--o
                        o---o"



echo "=============================================================="
echo ""
echo "exam: blabla.com"
    echo -ne $yellow "input your target: "
    read target
echo ""
if [ -d $target ]; then
    echo "Please Input your target"
else
    perl ritx.pl -t $target -o xnod.txt
fi
FILENAME=xnod.txt
count=1
cat $FILENAME | while read LINE
do
echo -e $yellow "Scanning Vuln SQLi $LINE"
echo -ne 'please wait...'
echo -ne '\n'
if nmap -Pn --script sql-injection $LINE|grep sqlspider 
then
echo  -e $red  "****************************************"
echo "$count $LINE SQLi Found"
echo "****************************************"
else
echo -e $green "***************************************"
echo -e $green"$count $LINE Not Found SQLi" 
echo "***************************************"
fi
      let count++
done
echo -e $red"do you want to exit?"
select yn in "Yes" ; do
    case $yn in
        Yes )exit;;
   
    esac
done

Perl file:
#!/usr/bin/env perl

# RitX - Reverse IP Tool v1.6
# Copyright (C) 2009-2013
# r0b10S-12 <r12xr00tu@gmail.com>

use LWP::Simple;
use Socket;
use Getopt::Long;


# check missing modules...
my @Modules = ("threads","LWP::ConnCache","HTTP::Cookies");

foreach my $module (@Modules)
{
 my $can = eval "use $module;1;";
    if ($can && $module =~ /threads/)
 {
  # Do processing using threads
  $thread_support = 1;
    }
 elsif(!$can && $module =~ /threads/)
 {
  # Do it without using threads
  $thread_support = 0;
    }
 # The module isn't there
 if ($@ =~ /Can't locate/) {
  die "\n[!!] it seems that some modules are missing...:\n".$@."\n";
 }
}

my $b = $0;
$b =~ s/.*\///;
sub usage {
    print <<HELP;
Usage: perl $b [OPTIONS]
Options:
   -t, --target            Server hostname or IP
   -c, --check             Check extracted domains that are in the same IP address to eleminate cached/old records
   -b, --bing              Save Bing search results to a file
       --bing-api          Bing API key (http://www.bing.com/developers/)
       --vd-api            ViewDNS API key (http://ViewDNS.info/api/)
       --list              List current supported Reverse Ip Lookup websites
       --max               maximum number of pages to fetch (default:10)              
       --print             Print results
       --timeout=SECONDS   Seconds to wait before timeout connection (default 30)
       --user-agent        Specify User-Agent value to send in HTTP requests
       --proxy             To use a Proxy
       --proxy-auth        Proxy authentication information (user:password).
   -o, --output=FILE       Save results to a file (default IP.txt)
   -h, --help              This shity message
   -v, --verbose           Print more informations

   Threads:
   --threads=THREADS       Maximum number of concurrent IP checks (default 1) require --check

HELP
    exit;
}

my %SERV = (
 Myipneighbors =>{
  SITE => "My-ip-neighbors.com",
  URL  => "http://www.my-ip-neighbors.com/?domain=%s",
  REGEX => '<td class="action"\starget="\_blank"><a\shref="http\:\/\/whois\.domaintools\.com\/(.*?)"\starget="\_blank"\sclass="external">Whois<\/a><\/td>',
 },
 Yougetsignal =>{
  SITE => "Yougetsignal.com",
  DATA => 'remoteAddress',
  URL  => "http://www.yougetsignal.com/tools/web-sites-on-web-server/php/get-web-sites-on-web-server-json-data.php",
  SP  => 'Yougetsignal()',
 },
 Pagesinventory =>{
  SITE => "Pagesinventory.com",
  URL  => "http://www.pagesinventory.com/ip/%s-%d.html",
  SP  => 'Pagesinventory()',
 },
 Myiptest =>{
  SITE => "Myiptest.com",
  URL  => "http://www.myiptest.com/staticpages/index.php/Reverse-IP/%s",
  REGEX => "<td style='width:200px;'><a href='http:\/\/www\.myiptest\.com\/staticpages\/index\.php\/Reverse-IP\/.*?'>(.*?)<\/a><\/td>",
 },
 WebHosting =>{
  SITE => "Whois.WebHosting.info",
  URL  => "http://whois.webhosting.info/%s?pi=%d&ob=SLD&oo=DESC",
  SP  => 'Whoiswebhosting()',
 },
 Domainsbyip =>{
  SITE => 'Domainsbyip.com',
  URL  => 'http://domainsbyip.com/%s/', 
  REGEX => '<li class="site.*?"><a href="http\:\/\/domainsbyip.com\/domaintoip\/(.*?)/">.*?<\/a>',
 },
 Ipadress =>{
  SITE => "Ip-adress.com",
  URL  => "http://www.ip-adress.com/reverse_ip/%s",
  REGEX => '<td style\=\"font\-size\:8pt\">.\n\[<a href="\/whois\/(.*?)">Whois<\/a>\]',
 },
 Bing =>{
  SITE => "Bing.com",
  URL  => 'https://api.datamarket.azure.com/Data.ashx/Bing/Search/v1/Web?Query=\'ip:%s\'&$top=50&$format=json&$skip=%d',
  SP  => 'BingAPI()',
 },
 ewhois =>{
  SITE => "Ewhois.com",
  URL  => "http://www.ewhois.com/",
  SP  => 'eWhois()',
 },
 Sameip =>{
  SITE => "Sameip.org",
  URL  => "http://sameip.org/ip/%s/",
  REGEX => '<a href="http:\/\/.*?" rel=\'nofollow\' title="visit .*?" target="_blank">(.*?)<\/a>',
 },
 Robtex =>{
  SITE => "Robtex.com",
  URL  => "http://www.robtex.com/ajax/dns/%s.html",
  REGEX => "<span id=\"dns.*?\"><a href=\"\/\/dns\.robtex\.com\/(.*?)\.html\"  >",
 },
 Webmax =>{
  SITE => "Tools.web-max.ca",
  URL  => "http://ip2web.web-max.ca/?byip=1&ip=%s",
  REGEX => '<a href="http:\/\/.*?" target="_blank">(.*?)<\/a>',
 },
 DNStrails =>{
  SITE => "DNStrails.com",
  URL  => "http://www.DNStrails.com/tools/lookup.htm?ip=%s&date=recent",
  REGEX => 'date=recent">(.*?)<\/a>\s\(as\sa\swebserver\)',
 },
 Viewdns =>{
  SITE => "Viewdns.info",
  URL  => "http://pro.viewdns.info/reverseip/?host=%s&apikey=%s&output=json",
  SP  => "ViewDNS()"
 }
);

my @useragents = ('Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
'Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1',
'Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.16) Gecko/20120427 Firefox/15.0a1',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1',
'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:15.0) Gecko/20120910144328 Firefox/15.0.2',
'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120405 Firefox/14.0a1',
'Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120405 Firefox/14.0a1',
'Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120405 Firefox/14.0a1',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.04 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/10.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Ubuntu/11.10 Chromium/17.0.963.65 Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_4) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.65 Safari/535.11');

# Process options.
my ($target,$timeout,$threadz,$check,$print,$bing,$proxy,$proxy_auth,$useragent,$filename,$verbose,$max);

if ( @ARGV > 0 )
{
 GetOptions( 't|target=s' => \$target,
    'timeout=i'  => \$timeout,
    'threads=i'  => \$threadz,
    'max=i'   => \$max,
    'c|check'  => \$check,
    'print'   => \$print,
    'list'    => \&list_serv,
    'bing-api=s' => \$bing_api,
    'vd-api=s'  => \$vd_api,
    'b|bing'  => \$bing,
    'proxy=s'  => \$proxy,
    'proxy-auth=s' => \$proxy_auth,
    'user-agent' => \$useragent,
    'o|output=s' => \$filename,
    'v|verbose'  => \$verbose,
    'h|help'  => \&usage) or exit;
}
else
{
 print "[*] Usage    : perl $b [OPTIONS]\n";
 print "    EXEMPLE  : perl $b -t www.target.com -o result.txt\n\n";
 print "[*] Try 'perl $b -h' for more options.\n";
 exit;
}


if($^O =~ /MSWin32|cygwin/ and ($threadz>10))
{
 print "\n[-] Sorry, maximum number of used threads is 10 for Windows to avoid some possible connection and performance issues\n\n";
 exit;
}

if ($target =~ /\d+.\d+.\d+.\d+/)
{
 # nice do nothing
}
elsif ($target =~ /([a-z][a-z0-9\-]+(\.|\-*\.))+[a-z]{2,6}$/)
{
 my $IP = getIP($target);
 if ($IP)
 {
  $target = $IP;
 }
 else
 {
  die "\n[!!] Unable to Resolve Host $target ! \n";
 }
}
else
{
 die "[-] Invalid Hostname or Ip address .\n";
}


my $DNSx = gethostbyaddr(inet_aton($target),AF_INET);
# Check if the target uses CloudFlare service
my $IPx = unpack("N",inet_aton($target));

#https://www.cloudflare.com/ips-v4
if(($IPx >= 3324641278 and $IPx <= 3324608512)
or ($IPx >= 3161612288 and $IPx <= 3161616382)
or ($IPx >= 3193827328 and $IPx <= 3193831422)
or ($IPx >= 1822605312 and $IPx <= 1822621694)
or ($IPx >= 2372222976 and $IPx <= 2372239358)
or ($IPx >= 1729546240 and $IPx <= 1729547262)
or ($IPx >= 2918526976 and $IPx <= 2918531070)
or ($IPx >= 3340468224 and $IPx <= 3340470270)
or ($IPx >= 3428692224 and $IPx <= 3428692478)
or ($IPx >= 3428708352 and $IPx <= 3428708606)
)
{
 print "[WARNING] The target uses CloudFlare's service!!\n\n";
 print "[!] do you wanna continue? [y/n]:";
 my $choice=<STDIN>;
 chop($choice);
 if($choice eq "n")
 {
  print "\n[*] You made the right choice!!\n\n";
  exit;
 }
 else
 {
  print  "[+] OK! as you like\n";
 }
}



# Global variables
$bingApiKey  = $bing_api || 'y+WsWbJTyl/93GXbvGXo7kXbB3nxrEz2kExRstXOI84=';#get your own code :p
$VERSION     = '1.6';
$TMPdir      = "tmp";
$useragent ||= $useragents[int(rand(scalar(@useragents)))]; #take a random user agent
$filename  ||= "$target.txt";
$timeout   ||= 30;
$max       ||= 10;
$SIG{INT}    = \&trapsig;

mkdir $TMPdir or die "[-] Cant create tmp directory!\n" if ! -d $TMPdir;

if(!$vd_api)
{
 delete $SERV{Viewdns};
}


my $ua = LWP::UserAgent->new(agent => $useragent);
$ua->timeout($timeout);
$ua->max_redirect(0);
$ua->conn_cache(LWP::ConnCache->new());
$ua->default_header('Referer' => "http://www.google.com/#q=a".int(rand(5)*rand(5)));#fake Referer


$|++;
if ($proxy)
{
 $proxy .= ":8080" if not $proxy =~ /:/;
 # connect to the proxy
 my $req = HTTP::Request->new(CONNECT => 'http://'.$proxy.'/' );
 if (defined $proxy_auth)
 {
  my ($user,$password)=split(":",$proxy_auth);
  $req->proxy_authorization_basic($user, $password);
 }
 my $res = $ua->request($req);
 # connection failed
 if ( not $res->is_success ){
  print "\n[-] failed to connect to the proxy... ignore it\n\n";
 }
 else
 {
  $ua->proxy(http => "http://$proxy/");
 }
}

print "\n[*] This process will take a little time so be patient...\n\n";
print "[*] Processing:\n";

### Functions

sub list_serv
{
 print "[*] List of available Reverse Ip Lookup services:\n\n";
 foreach $X (keys %SERV)
 {
  print "    -> $SERV{$X}->{SITE}\n";
 }
 print "\n";
 exit(0);
}

sub trapsig 
{
 print "\n\n[!!] Caught Interrupt (CTRL+C), Aborting\n";
 print "[!!] Saving results\n";
 save_report($filename);
 exit();
}
sub add
{
 my $x = lc($_[0]);
 ($x =~ /[\<\"]|freecellphonetracer|reversephonedetective|americanhvacparts|freephonetracer|phone\.addresses|reversephone\.theyellowpages|\.in-addr\.arpa|^\d+(\.|-)\d+(\.|-)/) ? return:0;
 push(@{$SERV{$X}->{DUMP}},$x) if($verbose);
 $x =~ s/http(.|s)\:\/\/|\*\.|^www\.|\///;#
 ++$SERV{$X}->{NB};
 push(@result,$x);
}
sub getIP
{
 my @ip = unpack('C4',(gethostbyname($_[0]))[4]) or return;
 return join('.',@ip);
}

sub getDNS
{
 return gethostbyaddr(inet_aton($_[0]),AF_INET);
}

sub Req
{
 my ($URL,$data)=@_;
 my $res;
 if(!$data)
 {
  $res = $ua->get($URL);
 }
 else
 {
  $res = $ua->post($URL, 
  {
   $data => $target,
  });
 }
 if(!$res->is_success)
 {
  print "[!] Error: ".$res->status_line."\n" if ($verbose);
 }
 return $res->content;
}

sub Yougetsignal
{
 my $resu = Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
 while ($resu =~ m/\["(.*?)\"\, \"(1|)\"\]/g)
 {
  add($1);
 }
 if ($resu =~ m/Daily reverse IP check limit reached for/i)
 {
  $ERROR = "E1";
  $SERV{$X}->{NB} = $ERROR;
 }
}

sub ViewDNS
{
 my %hash = ();
 $repjson = Req(sprintf($SERV{$X}->{URL},$target,$vd_api));
 return if($repjson =~ /"domain_count" : "0"/);
 $repjson =~ s/\" \:/\" =>/g;
 $hashs = eval($repjson);
 foreach $s (@{$hashs->{response}{domains}})#yeah it could be done in another way but whatever
 {
  add($s->{name});
 }
 #$hashs->{response}{domains}[0]{name};
}


sub eWhois
{
 sub callback 
 {
  while($_[0] =~ m/"(.*?)","","","(UA\-[0-9]+\-[0-9]+|)",""/g)
  {
   add($1);
  }
 }
 my $url = "http://www.ewhois.com/export/ip-address/$target/";
 my $cookie_jar = HTTP::Cookies->new(autosave => 1);
 my $browser = LWP::UserAgent->new(agent => $useragent);
 $browser->cookie_jar($cookie_jar);
 my $resu = $browser->post("http://www.ewhois.com/login/",
 {
  'data[User][email]'=>'r12xr00tu@gmail.com',
  'data[User][password]'=>'RitX:::R1tX',#I've made it for you, so don't be an ass
  'data[User][remember_me]'=>'0'
 });
 if(!$resu->header('Location'))
 {
  print "[-] Sorry, we cant login to eWhois!\n";
  return;
 }
 $browser->get($url, ':content_cb' => \&callback );
}

sub Pagesinventory
{
 for (my $i=0;$i<=$max;$i++)
 {
  my $resu = Req(sprintf($SERV{$X}->{URL},$target,$i));

  if ($resu =~ m/<td>\.\.\.<\/td><\/table><div class="ntb-div">/g)
  {
   while ($resu =~ m/<td><a href="\/domain\/(.*?)\.html">/g)
   {   
    add($1);
   }
  }
  else
  {
   while ($resu =~ m/<td><a href="\/domain\/(.*?)\.html">/g)
   {
    add($1);
   }
   return;
  }
 }

}


sub Whoiswebhosting
{
 for (my $i=1;$i<=$max;$i++)
 {
  my $resu = Req(sprintf($SERV{$X}->{URL},$target,$i));
  if ($resu =~ m/<a href=\"\/.*?\?pi\=\d+\&ob\=SLD\&oo\=DESC\">Next\&nbsp\;\&gt\;\&gt\;<\/a>/g)
  {
   while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
   {
    add($1);
   }
  }
  else
  {
   while ($resu =~ m/<td><a href="http:\/\/whois\.webhosting\.info\/.*?\.">(.*?)\.<\/a><\/td>/g)
   {
    add($1);
   }
   if ($resu =~ m/The security key helps us prevent automated searches/i)
   {
    $ERROR = "E2";
    $SERV{$X}->{NB} = $ERROR;
    return;
   }
  }
 }
}


sub BingAPI
{
 my $b;
 use MIME::Base64 qw(encode_base64);

 for(my $offset=50;$offset<=($max*50);$offset+=50)
 {
  $resu = $ua->get(sprintf($SERV{$X}->{URL},$target,$offset),"Authorization" => 'Basic '.encode_base64($bingApiKey.":".$bingApiKey))->content;
  if ($resu =~ /\_\_next\"\:/)
  {
   while ($resu =~ /\,\"Url\"\:\"(.*?)\"\}/g)
   {
    $b = $1;
    push(@bingtrash,$b) if $bing;
    $b =~ s/\/.*// if index($b,"/");
    add($b);
   }
  }
  else
  {
   return;
  }
 }
}

sub add2tmp
{
 syswrite(TMP,gethostbyaddr(inet_aton($_[0]),AF_INET).":$_[0];");
}


sub checkDomain
{
 if(getDNS('www.'.$_[0]) eq $DNSx)
 {
  $NEWNB++;
  print "    Found : $_[0]\n";
  push(@resx,'www.'.$_[0]);
 }
 elsif(getDNS($_[0]) eq $DNSx)
 {
  print "    Found : $_[0]\n";
  $NEWNB++;
  push(@resx,$_[0]);
 }
 else
 {
  print "    Try : $_[0]\n";
 }
}

sub save_report
{
 my $filen = $_[0];
 if($donecheck && $threadz && $thread_support)
 {
  open (IN,"./$TMPdir/RitX-tmp.txt") or print ("\n[!] Can't create the file ($filen)\n");
  open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
  while(<IN>)
  {
   chomp;
   if (index($_,$DNSx))
   {
    $NEWNB++;
    s/$DNSx://; 
    syswrite(OUT,"$_\n");
   }
  }
  close(IN);
  close(OUT);
 }
 elsif($donecheck && !$threadz)
 {
  open (OUT,">$target-checked.txt") or print ("\n[!] Can't create the file ($filen)\n");
  foreach (@resx)
  {
   syswrite(OUT,"$_\n") if ($_);
  }
  close(OUT);
 }
 open (F,">$filen") or print ("\n[!] Can't create the file ($filen)\n");
 foreach(@result)
 {
  syswrite(F,"$_\n") if ($_);
 }
 close(F);
}


#----------#
foreach $X (keys %SERV)
{
 my $match = $SERV{$X}->{REGEX};
 syswrite(STDOUT,"   -> $SERV{$X}->{SITE}\n");
 if(!$SERV{$X}->{SP})
 {
  $res=Req(sprintf($SERV{$X}->{URL},$target),$SERV{$X}->{DATA});
 }
 else
 {
  eval($SERV{$X}->{SP});
  next;
 }
 while($res =~ m/$match/g)
 {
  add($1);
 }
}

die "\n\n[-] Sorry, there is no data were retrieved!\n" if(scalar(@result)<1);

@result = sort(grep { ++$R12{$_} < 2 } @result);
undef(%R12);#useless

$TOTALNB = scalar(@result);

if($verbose)
{
 print "\n[+] DEBUG:\n\n";
 foreach $X (keys %SERV)
 {
  syswrite(STDOUT,"  + $SERV{$X}->{SITE}\n");
  foreach $DMP (@{$SERV{$X}->{DUMP}})
  {
   syswrite(STDOUT,"    - $DMP\n");
  }
 }
}

if($bing)
{
 if (scalar(@bingtrash)>0)
 {
  syswrite(STDOUT,"[+] saving Bing results...  ");
  my $file = "bingresults-$target.txt";
  open (BING,">$file") or print ("\n[!] Can't create bing results\n");
  print BING "# Genereted By RitX $VERSION\n# Those are all search results from Bing.com ($target).\n\n";
  foreach (@bingtrash)
  {
   print BING "$_\n";
  }
  close(BING);
  syswrite(STDOUT,"DONE\n");
  print "[+] bing results were saved into $file\n";
 }
 else
 {
  print "\n[-] no bing data!!\n\n"
 }
}

if ($check)
{
 my ($domain,$t);
 print "\n[x] Checking and removing old records from results\n";
 if ($threadz && $thread_support)
 {
  open(TMP,">./$TMPdir/RitX-tmp.txt");
  TMP->autoflush(1);
  foreach (@result)
  {
   threads->create(\&add2tmp,"www.$_")->detach;
   $t++;
   if($t==$threadz)
   {
    $s+=$t;
    print "\r passed $s";
    undef $t;
    sleep 1;
   }
  }
  close(TMP);
 }
 else
 {
  print "[-] Sorry your PERL installation doesn't support threads!\n\n" if !$thread_support;
  &checkDomain($_) foreach (@result);
 }
 $donecheck = 1;
 print "[+] Done\n";
}
&save_report($filename);


print "\n[x] Result of $target : \n\n";

print "                        +--------+\n                        |   NB   |\n+-----------------------+--------+\n";
foreach $X (keys %SERV)
{
 printf "| %-22s| %-7s|\n",$SERV{$X}->{SITE},(($SERV{$X}->{NB}) ? $SERV{$X}->{NB} : 0);
 print "+--------------------------------+\n";
}
printf "  %-14s| Total | %-7s|\n"," ",$TOTALNB;
print "                +----------------+\n";
print "[+] After removing old records : $NEWNB\n\n" if $donecheck;

if ($ERROR)
{

}
if ($TOTALNB != 0 and $print)
{
 print "[+] Results:\n";
 my $v = 0;
 foreach my $RD (@result)
 {
  $v++;
  print "  $RD\n";
  if($v==20){<STDIN>;undef $v};
 }
}
print "[+] All checked domains are saved to ($target-checked.txt)\n" if ($NEWNB>0);
Dicatat oleh Hirasawa Yui di 10:19 PG 0 ulasan
Label: , , ,

Kehendak pengguna

Dicatat oleh Hirasawa Yui di 10:10 PG 0 ulasan
Label: ,

Handling Exception & Catch (Throws Code)


Dicatat oleh Hirasawa Yui di 10:07 PG 0 ulasan
Label: , , , , , ,

Selasa, Ogos 13, 2013

Tutorial : Cara membaiki MPLAYER pada terminal tak mengeluarkan bunyi apabila memainkan fail audio

Pernah menghadapi masalah mplayer tidak mengeluarkan audio bila memainkan fail diterminal ? Ingin tahu cara membaikinya? Mudah sahaja, edit konfigurasi fail di :
~/.mplayer/config
ataupun di ( ada beza ke antara mplayer dan mplayer2 ??)
~/.mplayer2/config
Sila tambah setting seperti dibawah dan simpan. 
# use alsa for audio output
ao=alsa
Sekian
Dicatat oleh Hirasawa Yui di 5:19 PG 0 ulasan
Label: ,

Isnin, Ogos 12, 2013

Bash : Full Circle Magazine Downloader 



#!/bin/bash
echo -n "No. pertama edisi Majalah yang ingin Anda download? "
read firstissue

echo ""
echo -n "No. terakhir edisi yang ingin Anda download? ( > atau = No. pertama ) "
read lastissue

for a in `seq $firstissue $lastissue`
    do
        wget -U Mozilla "http://dl.fullcirclemagazine.org/issue"$a"_en.pdf"
    done

echo ""
echo "Selesai!"
Dicatat oleh Hirasawa Yui di 12:04 PTG 0 ulasan
Label: , ,

Ahad, Ogos 11, 2013

XSS : http://jere.my (Jeremy Malcolm)

Dicatat oleh Hirasawa Yui di 7:42 PG 0 ulasan
Label: ,

Sabtu, Ogos 10, 2013

SQLI : http://elearning.mercubuana-yogya.ac.id 

+------+-----------+---------------+
| grup | useradmin | passwordadmin |
+------+-----------+---------------+
| 4    | temon     | ftik2         |
| 4    | agus      | ftik2         |
| 5    | tiwi      | fkipk1        |
| 3    | kadi      | psik1         |
| 1    | udin      | dewa          |
| 1    | nuri      | agrok1        |
| 2    | ngatiyah  | ekk1          |
| 3    | muji      | psik2         |
| 3    | marsam    | psik1         |
| 6    | wardoyo   | fikomk2       |
| 2    | esti      | ekk2          |
| 2    | ari02     | ekk2          |
| 2    | david     | dnugroho      |
| 5    | erna      | fkiperna      |
| 2    | rusni     | ekk1          |
| 2    | ryan      | ekk1          |
| 5    | bejo      | bejo129       |
| 5    | handarini | handarini129  |
+------+-----------+---------------+
Dicatat oleh Hirasawa Yui di 9:27 PG 0 ulasan
Label: , ,

XSS : http://www.xcritic.com

Tak senonohnya ...
Dicatat oleh Hirasawa Yui di 8:52 PG 0 ulasan
Label:

XSS : http://www.redstream.org

Laman web black-metal pun wujud rupanya..haih
Dicatat oleh Hirasawa Yui di 8:36 PG 0 ulasan
Label: , , , ,

Khamis, Ogos 08, 2013

JavaScript : No right click 

============================================================
Script:    Basic No-Right-Click Script
Functions: Blocks right-click on mouse and shows alert box
Browsers:  NS & IE 4.0 & later; degrades gracefully
Author:    etLux
============================================================

Put the following script in the head of your page:

<script language="Javascript1.2">

// (C) 2003 CodeLifter.com
// Source: CodeLifter.com
// Do not remove this header

// Set the message for the alert box
am = "This function is disabled!";

// do not edit below this line
// ===========================
bV  = parseInt(navigator.appVersion)
bNS = navigator.appName=="Netscape"
bIE = navigator.appName=="Microsoft Internet Explorer"

function nrc(e) {
   if (bNS && e.which > 1){
      alert(am)
      return false
   } else if (bIE && (event.button >1)) {
     alert(am)
     return false;
   }
}

document.onmousedown = nrc;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
if (bNS && bV<5) window.onmousedown = nrc;

</script>
Dicatat oleh Hirasawa Yui di 2:45 PG 0 ulasan
Label: ,

JavaScript : No select text + No Right Click 

<script type="text/javascript">

/***********************************************
* Disable select-text script- © Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for full source code
* Modified here to exclude form tags properly, cross browser by jscheuer1
***********************************************/

//form tags to omit:
var omitformtags=["input", "textarea", "select"]

function disableselect(e){
for (i = 0; i < omitformtags.length; i++)
if (omitformtags[i]==(e.target.tagName.toLowerCase()))
return;
return false
}

function reEnable(){
return true
}

function noSelect(){
if (typeof document.onselectstart!="undefined"){
document.onselectstart=new Function ("return false")
if (document.getElementsByTagName){
tags=document.getElementsByTagName('*')
for (j = 0; j < tags.length; j++){
for (i = 0; i < omitformtags.length; i++)
if (tags[j].tagName.toLowerCase()==omitformtags[i]){
tags[j].onselectstart=function(){
document.onselectstart=new Function ('return true')
}
if (tags[j].onmouseup!==null){
var mUp=tags[j].onmouseup.toString()
mUp='document.onselectstart=new Function (\'return false\');\n'+mUp.substr(mUp.indexOf('{')+2,mUp.lastIndexOf('}')-mUp.indexOf('{')-3);
tags[j].onmouseup=new Function(mUp);
}
else{
tags[j].onmouseup=function(){
document.onselectstart=new Function ('return false')
}
}
}
}
}
}
else{
document.onmousedown=disableselect
document.onmouseup=reEnable
}
}

window.onload=noSelect;
</script>
Dicatat oleh Hirasawa Yui di 2:44 PG 0 ulasan
Label: , ,

Selasa, Ogos 06, 2013

C# : Semak .NET 

using Microsoft.Win32;
    using System.Globalization;

    private void button1_Click(object sender, EventArgs e)
            {
                RegistryKey installed_versions = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\NET Framework Setup\NDP");
                string[] version_names = installed_versions.GetSubKeyNames();
                double Framework = Convert.ToDouble(version_names[version_names.Length - 1].Remove(0, 1), CultureInfo.InvariantCulture);
                int ServicePack = Convert.ToInt32(installed_versions.OpenSubKey(version_names[version_names.Length - 1]).GetValue("SP", 0));
                MessageBox.Show(".NET " + Framework + "." + ServicePack);
            }
Dicatat oleh Hirasawa Yui di 11:52 PTG 0 ulasan
Label: ,

PHP : Bing! Domain Scanner (CLI dan UI) 

<?php
/*
name: bing subdomain scanner
author: RieqyNS13
using: php bing.php domain.com
*/
$args = $_SERVER['argv'];
$url = $args[1];
scan($url);
function curl($url){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    $exec = curl_exec($ch);
    curl_close($ch);
    return $exec;
}
function scan($url){
    $i=1;
    $jum=0;
    $reg = '@^(https?\://)?(www\.)?([a-z0-9]([a-z0-9]|(\-[a-z0-9]))*\.)+[a-z]+$@i';
    if(preg_match($reg, $url)){
        while(1){
            $curl = curl("http://www.bing.com/search?q=domain:".$url."&first=".$i);
            $data = preg_match_all('#\<div class\="sb_meta"\>\<cite\>(.*?)\</cite\>#is', $curl, $m) ? $m[1] : null;
            if($data==null){
                $count=0;
                goto a;
            }
            foreach($data as $dat){
                $dat_ = preg_match("|/|i", $dat) ? strstr($dat, "/", 1) : $dat ;
                $urls[$i][] = $dat_;
            }
            $count = count($urls[$i]);
            $urls_ = array_unique($urls[$i]);
            sort($urls_);
            foreach($urls_ as $url_){
                echo $url_."\n";
                $jum++;
            }
            $i=$i+10;
            a:
            if($count<10 || $data==null){
                echo "\nJumlah subdomain terdeteksi: ".$jum;
                exit;
            }    
        }
    }else{
        echo "URL tidak valid";
        exit;
    }
}
?>



<?php
//bacoked by rieqy
ini_set("output_buffering", "Off");
set_time_limit(0);
//:dead
if(isset($_POST['submit'])){
    if(!empty($_POST['domain'])){
        $domain = trim($_POST['domain']);
    }else $domain = null;
    
}else $domain = null;
?>
<html>
<head>
<title>Bing Subdomain Scanner by RieqyNS13</title>
<meta name="author" content="RieqyNS13">
<meta name="description" content="Bing Subdomain Scanner by RieqyNS13">
</head>
<body>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method=POST>
<label for="subdomain">Masukkan domain</label>&nbsp<input type="text" value="<?php echo $domain; ?>" name="domain" style="width:200px" placeholder="e.g. http://gay.com or gay.com"><input type="submit" name="submit" value="Scan"><br>
<textarea placeholder="subdomain akan ditampilkan di sini" rows="20" cols="35" readonly>
<?php
if(isset($domain) && !empty($domain)){
    scan($domain);
}
function curl($url){
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    $exec = curl_exec($ch);
    curl_close($ch);
    return $exec;
}
function scan($url){
    $i=1;
    $jum=0;
    $reg = '@^(https?\://)?(www\.)?([a-z0-9]([a-z0-9]|(\-[a-z0-9]))*\.)+[a-z]+$@i';
    if(preg_match($reg, $url)){
        while(1){
            $curl = curl("http://www.bing.com/search?q=domain:".$url."&first=".$i);
            $data = preg_match_all('#\<div class\="sb_meta"\>\<cite\>(.*?)\</cite\>#is', $curl, $m) ? $m[1] : null;
            if($data==null){
                $count=0;
                goto a;
            }
            foreach($data as $dat){
                $dat_ = preg_match("|/|i", $dat) ? strstr($dat, "/", 1) : $dat ;
                $urls[$i][] = $dat_;
            }
            $count = count($urls[$i]);
            $urls_ = array_unique($urls[$i]);
            sort($urls_);
            foreach($urls_ as $url_){
                echo $url_."\n";
                ob_flush();flush();
                $jum++;
            }
            $i=$i+10;
            a:
            if($count<10 || $data==null){
                echo "\nJumlah subdomain terdeteksi: ".$jum;
                ob_flush();flush();
                exit;
            }    
        }
    }else{
        echo "URL tidak valid";
        ob_flush();flush();
        exit;
    }
}
?>
</textarea>
</form>
</body>
</html>

Dicatat oleh Hirasawa Yui di 11:43 PTG 0 ulasan
Label: , , , ,
Langgan: Catatan (Atom)