mind backtrack box center

a great disclosure from burmese hackers community for finding a backdoor scrips at your server. this isn’t so complicated since we use to search the php function that used by a backdoor / rooting script like c99 , r57 or erne shell. if you have use this scripts that mentioned. i think you should read this folowing sintax at that scripts:

• exec — Execute an external program
• passthru — Execute an external program and display raw output
• shell_exec — Execute command via shell and return the complete output as a string
• system — Execute an external program and display the output

(more…)

something stupid behavior happen yesterday, i and my friend get stuck on a hacked server. this server have a good iptables configuration.it has a restrict configuration for request connection from outsider.it only open several port and put a restrict source request.since my access is only using r57 shell that i put there :P. i have to manage this one to become on of my proxy server.if you get bore why i always hack a box and use it as my proxy server. it because my campus connection is sucks. and i think it won’t getting better. if i use normal bandwidth, i bet i wont write like this every day. since it very slow.

ok. this the aim. i want to make this one as my proxy server. but i dunno his routing table. (damn i did’nt get a root one). so i dunno the gateway. or this box proxy destination but since he has a public IP , (i thing you understand what the hell is public and private IP).so i just guessing that i can make this one as my socks server.

(more…)

just want to share one of my technique how to manipulate my campus bandwidth,i just use this technique a month ago since i never tough that squid can use as a round-robin proxy server :P.the ideas is simple how we can manage our hacked box as our proxy server.so we can browsing and download without any limitation. and of course do this at our campus :P. for case managing our hacked box as a proxy server you can read my articles here first.i’ve write it as pre-post .and this is my reason why i do this, at my campus, it has bandwidth shapper for each major,even it has limitation for a single ip to browsing, one single ip only can brows 7 web simultanously. so what we have to do is hack several box and use it as the same time to break this limitation. and of course if one box gave 20kbps and us use 10 different ip we will get 20×10 kbps as our downstream speed.sound complicated? actually it pretty easy.please read the my explanation above carefully.so you can understand the way i’m thinking.

(more…)

actually i not really want to write this one, but since i want to write how to boost our campus bandwidth so i have to write this, cause this is the first step how to manipulate our campus bandwidth. ok, now we will make a proxy server from a hacked box so we will brows and surfing as your hacked box. and of course our bandwidth speed we’ll count from your hacked server. oek this is the step :

• we need a hacked box. it up to you. you can read my articles how to hack a local area network or a server using metasploit framework, get the step here and here
• we need a bouncer. a bouncer is the tools that will work as our mechine at the hacked box. it work like a starting engine,this tools we’ll make our hacked box as our proxy server.go get it, since wordpress 2.5 uploading prosess is sucks so i can’t upload it now

(more…)

may be this is hack think i first learn, cracking password using pwDump and john the ripper. actually we get the password using pwDump and cracking it using John The Ripper. i don’t know if it will work with vista but since vista and XP is made by microsoft i bet they will works as well. and this tools not always works together as long as you have the encryption from a password you can use john the ripper to descrypt it. and actually john the ripper can descrypt linux password as long as have the root access and can read the /etc/passwd.

1 getting Password

1.1 for XP2 and Vista

first get the target. assuming you want to cracking your friends password that use XP2 or vista.so what you have to do is get the access to your computer password. you can borrow it or you can hack it as well. but since we will do it softly so you only need to borrow it.you need to borrow the box when it longged by your friend priveledge.and ensure that your get the administrator priveledge.and you know i think it will administrator one.why? coz i say so!!

(more…)

aswering my friend ask at my last post about how to using c99 shell and r57 shell. he asked if there are other script to rooting server. so i look up about it . so i found something good! another shell script for bypass linux server.made by erne,super moderator at underg0und.net that he wrote some bypass script for rooting linux.i don’t know a lot for hacking website but i’ve try to use this script[i try it locally]. for how to use it . it work like c99 and r57 shell. you must find a hole for RFI exploit at a website. you can get it at security-related forum or site like milw0rm.

(more…)

this one is different like other people tutorial if the other wrote how to make Http Socks Client through DD-WRT, DynDNS or Putty,i’ll write how to make Http Socks Server through Putty.i actually not do this at mine because i dont have direct internet connection,but i know how to make your computer a proxy server espesially for linux user, you can make your computer as a proxy server just by added this two application,first is squid. squid is proxy managemen application and the second is you only need to install ssh server aplication. it for your client can remote your computer throgh ssh or known as putty.

the scenario is like this :

you were an administrator at your office and you have the proxy server from the provider with IP 222.222.222.22 and you want to share it with other you didn’t have internet connection.so what you only need to do is installing two application that what i have mention above. :

• apt-get install squid
• apt -get install ssh

(more…)

may be when i hack some computer y’ll make backdoor at that computer, there are some variative way to make a backdoor like somebody usually make a new user or activated the guest user and upgrade it to has an administrator priviledge.so he can execute a tools remotely the vinctim computer,but i prefer use radmin server to installed at the victim. i’ll show u how to use radmin server and client of course.

radmin server :

i’ll assume that u already download a radmin server.this tools can installed silently or run as backgroud proses. so when u inside the computer victim u have installed this tools (i assume u already have a way to transfer file from your computer to the victim) the step is very easy,when u inside the victim computer,i assume u use exploit that you will spawn a promt.what u have to to is copy the radmin to the victim computer and type this script :

/install /silent

and for addition we can add password to our radmin server,to make it secure that only u can access this server
the script is :

/pass xxxx -> your password

the radmin server will be installed as a background proses.and you do not need to scare that the radmin will be terminated because this tools will aouto run again when the computer restart.so it’s will run again.

radmin viewer :

i advise u to use radmin viewer 3.0 because this tools is not detected by our antivirus.it’s really easy to use this tools.u just need to enter the ip of your target computer.and wallaa..you in.
i fact you can control all the computer device such mouse and keyboard or you can chose to control the monitor only or you can chose to control the promt. i prefer use the last one.