Close Panel

24

Nov

2009

Web Backdooring & Keylogging

By IPSECS Admin. Posted in Exploitation, Presentation | 1 Comment »

Thinking how to backdoor & keylog website in unusual way is something that fun to be implemented. Kiddies usually use public backdoor to come back to compromised server or website, dumping the database, and cracking hash of confidential information likes password and CC number. Public backdoor is somewhat easy to be detected by administrator while hash cracking sometimes gives no result.

Modifying source code of website to be a backdoor and keylogger is not kind of new technique, but just few kiddies know about this. By modifying the source code, we can make more invisible backdoor than using public ones. We also can record confidential information likes password and CC number in plaintext, so we don’t have to crack it. I have implemented this technique in phpbb3, modifying its source code become backdoor & keylogger. This concept can be used to modify ecommerce application so just try to imagine when your CC number being stolen.

Download my paper, presentation, and phpbb3 patch which has been presented in STIMIK Palcomtech Palembang.

 

12

Jun

2009

Web & Wireless Hacking

By IPSECS Admin. Posted in Exploitation, Presentation | No Comments »

This is my presentation in STIMIK Dipanegara Makasar. I try to describe Web and Wireless exploitation conceptually & technically. This presentation consist of:

  • Web Hacking; I try to describe top 3 web exploitation, SQL Injection, File Inclussion, and Cross Site Scripting (XSS). My explanation are including SQL injection in login form, SQL injection in URI parameter, Local File Inclussion, Remote File Inclussion, DOM based XSS, Non-persistent XSS, and persistent XSS.
  • Wireless hacking; I try to describe how to do war driving and how to exploit wireless network. Exploiting wireless network includes how to spoof MAC address, creating Rogue AP, Cracking WEP, Cracking WPA-PSK, and Denial of Service (DoS).

This presentation is not including how to defend that kind of attacking, but i’m sure this presentation is cool enough to start learning Web & Wireless Hacking. Download my presentation here.