loading...

Hi, it's been a while since my last post.. :)



21 Cineplex is one of the largest group of cinema in Indonesia (Cinema 21, Cinema XXI and The Premiere). In this post i wanna show you guys how i buy ticket using other people account on 21 Cineplex website. Well this is an old vulnerability but they never fix it so let's have some fun. :p

Start with find user cookies and referer link.



I will use this cookies and referer link. Open the referer link in browser.



As we can see on the left side, i don't have access to this account. Now use the user cookies.
I'm using Cookie Injector to write cookies.




Copy and paste user cookies to Cookie Injector than click OK and we'll have this screen below. This means user cookies is written successfully.



Now reopen the referer link. I will automatically login to the user page.



Let's buy a ticket with this account. The account balance is Rp. 165.000.
I wanna watch Inferno :)



Select city, cinema, date, time and how many ticket that we want to buy. Click CONTINUE, select seat and click BUY NOW.




Transaction process.



And i have my free ticket.. :)
I also have the transaction code 11636 to pick up the ticket.



As we can see now the user balance is Rp. 104.000.




Thats it for today. I have movie to watch. :p



Stay safe! Stay cool! :)

 

Hi all..

I'm using HP ProBook with Kubuntu 14.04 but my WiFi keep dropping connection.
I have to reboot laptop to connect WiFi again.

I use this command to fix my WiFi problem and it's working fine.


echo "options rtl8723be fwlps=N ips=N" | sudo tee /etc/modprobe.d/rtl8723be.conf
Anyway my chipset is Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter.

This setting can be different depens on your chipset.
To see your chipset, you can use this command.

lspci

I hope this can usefull for you to!



./NoGe


Here is some Indonesian Bank that still vulnerable to Poodle attack.
I'm using SSL/TLS Security Test by High-Tech Bridge and manual scan using nmap.

>> https://iperson.bankjatim.co.id

SSL/TLS Security Test


Script scan nmap



>> https://netbank.jtrustbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://cib.qnb.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.tunaiku.amarbank.co.id

SSL/TLS Security Test


Script scan nmap



>> https://www.nobuwwwbanking.com

SSL/TLS Security Test


Script scan nmap


Happy hunting guys!

Updated.
Some bank has been notified about this vulnerability.


./NoGe

Based on thatchrisecker. exploit at Exploit-DB.
I run this exploit on Cisco UCS Manager version 2.1(3e) and it's successfully reverse a bash shell.


Run the netcut on my machine


Run the Cisco UCS Manager Shellshock Exploit


Bash shell on Cisco UCS Manager Machine





Happy hunting guys! :)



./NoGe

This bug found by Michael "Artsploit" Stepankin. It's been reported and fixed by PayPal.







Full Proof of Concept go here.





./NoGe

First of all connect to access point that you want to sniff.

Open ettercap.


Click "Sniff => Unified Sniffing"


Choose your interface. In this case i use "en0"


Now we scan all hosts in the network with shortcut "ctrl+s" or click "Hosts => Scan fot hosts"


Look at the box below, it will show you alive hosts.


Now show the hosts list by click "Hosts => Hosts list" or just press "H".


Add the gateway into Target 1. In this case the gateway is 192.168.0.1.
Select gateway IP address and click "Add to Target 1".
As you can see below 192.168.0.1 has been added to TARGET1


Add the rest of the clients to Target 2.
Block all clients and click "Add to Target 2"


Now start the MITM attack (ARP Poisoning).


Thick the option "Sniff remote connections" and click OK.


Start the sniffing by clicking "Start => Start sniffing".


Open wireshark to capture packet.


Click "Interface List" to choose your interface.
My interface is "en0" and click "Start".


Let wireshark capture packet a while.
Filter packet with "http.cookie" to see clients cookies.


I have clients who open instagram app using iPhone.
I can see the username igfl=blablabla (the one that i blured).
As we can see, we got instagram cookie now.


In order to paste this cookie into browser, you need to install Greasemonkey plugin + Cookie injector in firefox (right corner).


Right on the "Request URI", choose "Copy => Value" and paste it into firefox.


The page will be like this coz you not logged in ({"status":"fail","message":"login_required"}).


When i open the target instagram on my phone, the user is private.



Now copy the instagram cookie on wireshark.
Right click on "Cookie:", choose "Copy => Bytes => Printable Text Only".


Paste "Wireshark Cookie Dump" on firefox by press "alt+c".


Refresh the page and you will see like a line of code but it's not. It's the instagram users.
We are now logged in to instagram.


Here is the profile page. As you can see on the right profile, i now have access to her instagram.


Happy sniffing guys.. :))