How to: SQLMap (dump and destroy)
SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of kiddies knew about this tool to gather information and retrieves the tables information, i try to share this information about the powerful of SQLMap rather than just as “a database dumper tool”.
I will separate this in 3 section, as a fingerprinter (we already knew this), as an enumerator (of course), and as a destroyer (hmm..?!). Check it out. Read more
Backtrack 4 R1 is released to Public
Backtrack 4 R1 is now released to Public.
Find out here.
*This version seems larger than the previous.
Nessus access from Android 2.2
While Android 2.2 (code name Froyo – frozen yogurt, released last week on Google I/O May 19-20, 2010) is now support Flash, we can now grab remote Nessus server (which is using flash since version 4.2) while on mobile.
This also make the mobile pentesting is more powerful. TheAluc on his twitter is researching how to make a possible Android Mobile Hacking. Well, in the near future, pentesters won’t bring their laptop to the cafe or office, they just bring the Android phone 
*TheAluc also make the “impossible Ruby – Metasploit porting” on Android – Nexus One.
The Redmine Interface Project on Metasploit is also working on jRuby to make Metasploit portable more stable.
Penetration testing Real world mode by Offsec
A video about Penetration testing in the real world, enjoy the video from Offensive Security.
It cannot be embedded, so better view on their website.
The video is here:
http://www.offensive-security.com/videos/penetration-testing-in-the-real-world/
Enjoy!
Tehnik Tunneling dalam Hacking
Tunneling biasanya dipakai sebagai tehnik untuk meloloskan paket dari jaringan yang terisolasi oleh firewall atau oleh jaringan itu sendiri (NAT). Para administrator jaringan biasanya membuat sebuah tunnel untuk dapat mengakses bagian yang tidak dapat diakses tersebut. Bayangkan jika Anda seorang administrator jaringan hendak melakukan remote connection ke jaringan Anda sendiri namun komputer yang hendak Anda remote berada di balik NAT / jaringan yang tidak di routing ke internet, bagaimana melakukannya? Tentu saja dengan tehnik tunneling.
Tehnik tunneling juga dipakai oleh pentester untuk mendukung pekerjaan penetration test. Mari kita lihat tehnik ini berjalan.
Sebagai seorang pentester, saya ditugaskan untuk menjebol sistem sampe tuntas, termasuk jaringan internal target. Singkat cerita, saya telah mendapatkan remote shell dari sebuah komputer yang hanya dapat diakses dari satu subnet jaringan. Setelah ditelusuri, komputer target membuka port 3389 yang artinya service Remote Desktop sedang berjalan dan siap diakses. Namun karena komputer target berada pada jaringan NAT, maka koneksi langsung ke port 3389 akan segera diblok oleh Gateway/Firewall. Saya mencoba koneksi reverse connect dengan netcat, namun yang menjadi penghalang, ternyata OUTBOUND rule pada firewall hanya memperbolehkan koneksi ke port 80 dan 443, selain itu di blok. Untuk itulah saya terpikir untuk menggunakan SSH Tunneling, sebuah server SSH saya siapkan untuk listening di port 80. OIya, saya menggunakan Backtrack untuk melakukan ini semua 
How-to: Backtrack 4 USB Persistent Changes
Here is my dirty way to make BT4 running on USB disk instead of run from DVD.
- Boot Live DVD Backtrack 4
- Split your pendrive into 2 partitions, the 1st is for your BT4 files, and the 2nd is for your changes. I have 4 GB pendrive, so i made 2 partitions with 1500MB for BT4 files (with FAT32 FS) and the rest of disk space went to another partition with Ext3 FS. You can use fdisk of cfdisk to make those things.
- Format it using mkfs:
- mkfs.vfat -F 32 -n BT4 /dev/sdb1
- mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
- Mount them:
- mkdir /mnt/BT4
- mount /dev/sdb1 /mnt/BT4
- Copy all BT4 files from mounted DVD to our new mounted partition (/mnt/BT4)
- rsync -avh /media/cdrom/ /mnt/BT4/
- Instal GRUB boot loader
- grub-install –no-floppy –root-directory=/mnt/BT4 /dev/sdb
- Edit the menu.lst file
- nano /mnt/BT4/boot/grub/menu.lst
- umount /mnt/BT4
- reboot
Start Persistent Live CD <———- find this line
bla bla bla quiet vga=0×317 <———- add vga=0×317 like this
That’s it. Can’t wait for the official release ^^
reference: Offensive-Security
SQL injection and XSS support for Metasploit
Today, i updated the metasploit via svn to the last revision. After it finished, i ran the metasploit console and got something new, the Blind SQL injection and XSS auxiliary support for penetration test !!
Now, testing up ^^
How-to: Backtrack 3 USB save changes
In Backtrack 3 new release, the developer of Backtrack 3 includes USB version to make an easy mobility pentesting. I really enjoy this version because it’s so mobile, you don’t need to resize your PC/laptop hard drive, just download the USB version of Backtrack 3 here, and extract them to your pendrive or flash drive or usb drive or whatever.
This version gives us some options in boot screen, whether we want to boot into a standard Backtrack or a Compiz version of Backtrack (*shocked*) with your own risk. I prefer choose the default and standard Backtrack configuration than Compiz, because it’s still experimental.
Audit website dengan w3af
Overview
w3af (Web Application Attack and Audit Framework) hampir mirip dengan metasploit, bedanya hanya pada objek yang dikerjakan. w3af fokus pada bagian aplikasi web, sedangkan metasploit lebih ke sistem operasi secara keseluruhan. w3af gratis dan opensource, terdiri dari beberapa bagian plugin untuk serangan yaitu mangle, grep, discovery, audit, evasion, dan bruteforce.
Nessus on Backtrack 3
For those who want Nessus on Backtrack 3 (Nessus is not included by default), for completing the rest of pentest distro, you should do step-by-step installation and configuration like this:
1. Just download Nessus and NessusClient (Fedora’s rpm) from nessus.org
2. Convert the RPMs to TGZ format
rpm2tgz Nessus-3.2.x-fc9.i386.rpm
rpm2tgz NessusClient-3.2.x-fc8.i386.rpm
