Tag Archives: pwn

SQLI – buyamotor[dot]com[dot]my

Almost a decade ago I left this things..

Target:              http://www.buyamotor.com.my/motor.php?cat=53
Host IP:  
Current DB:     buyamoto_buym
Data Bases:      information_schema

Data Found:
admin_email | admin_id | admin_user | admin_pwd
[email protected] | 1 | admin | adminpassword

But luckily I didn’t manage to find the admin page.. 🙁 

Honeypot after 1 week hosted..

So, I spend my holiday installing & configuring honeypot at my new vps.
I managed to installed Dionaea, Kippo, p0f (still has error permission denied T__T) & thug.
And for the interfaces, I install DionaeaFR and Kippo-Graph on my honeypot.

Currently I still on research for smtp honeypot. If you have 1, please do suggest to me. 🙂

 Dionaea. 4 unique URL for malware download. 9 malware binaries captured.

Kippo. Total login attempts : 7478. Distinct source IP addresses : 19

ESET Nod32 Taiwan pwn! :)

Today, another Nod32 website has been pwnd/hacked..

Here is the screenshot :

ESET NOD32 Taiwan

So, in this peaceful day, i have something give for you all.. 🙂

new_key=J112-mgf7f4r8u   org_key=J102-e4rdefyr5
new_key=J112-r6w87jwy2   org_key=J102-e5xzgsrfw
new_key=J112-spgbw2j5w   org_key=J102-e7tj8p3ww
new_key=J112-p94sfm3yt   org_key=J102-e83dteggq
new_key=J112-tm6v4yttt   org_key=J102-e9wwn8h4f
new_key=J112-uwwqk7vjy   org_key=J102-eax58prwg
new_key=J112-syw3wr7wp   org_key=J102-eb5c58mkj
new_key=J112-e4u6emunx   org_key=J102-ebcekvqed
new_key=J112-tsaudq3cy   org_key=J102-ecnf7u3ue
new_key=J112-ycbmr376x   org_key=J102-ecnhq856w

Brand new NOD32 key.. ahaha..

This thing really annoying me..


Because their website security is really low..

They dont manage their db very well..

I just wondering why they put important files like serial key, password, username, and others important files in their database without encrypting it..

Like some of the db that i found, mostly they dont encrypt their password..

Sound bad to me.. 🙂

Anyway, see you next time!

Assalamualaikum.. 🙂

Heraldonline.com & Mahkamah.gov.my pwnd!

1st topic.

This website has been hacked on 4th of January 2010, two days after a High Court decision allowing Catholics to use “Allah” to describe the Christian God in the national language. WTF!?

For more stories about what is happening, just go to Herald Malaysia and read out the stories inside.. 🙂

2nd topic.

This is another website that have been hacked on 7th of January 2010, just 3 days after the Herald Malaysia been pawned.

Just my opinion, I think this action is because court’s decision that allow The Herald to use the word ‘Allah’ in its publication.

More news in here and here.

Huh! What a long journey for the 1st week of 2010..

Baru masuk tahun baru, dah macam-macam kes berlaku..

Macam-macam hal la..

p/s : Kepada pembaca sekalian, saya harap anda dapat nilai apa isi tersirat yang sebenarnya saya ingin sampaikan dalam artikel ini..

darkMSSQL tutorial

Hari ini aku nak tunjukkan macam mana cara menggunakan darkMSSQL.py…

benda ni digunakan untuk MSSQL database yang ade error..
Aku jarang jumpa database MSSQL yang ada error..
Kalau jumpa pun, nasib2 je..

Tu agaknya pemalas sangat la tu Web Admin dia..
Server GMi pun pakai server jenis MSSQL jgk..
Oppss! Sori! :p

Apa2 pun, jom kita tengok macam mana aku gunakan darkMSSQL.py ni..

darkMSSQL.py journey… begin…

korang paham x bnd ni?

klu x paham, bole tny aku..

bukannya susah sgt pn.. 😀

p/s : thanks to rsauron from darkc0de for this script.. nice one mate ! 🙂