# ray16

*—–h—————|—–7———–g—–>*

# ray16 RSS Feed
 

Archive for web

awstats di backtrack 4

root@bt:~# apt-get install awstats

edit konfigurasi awstats (gw edit yang simple aja, so lo bisa terserah edit deh kalo banyak waktu)

root@bt:~# nano /etc/awstats/awstats.conf

edit jadi:

LogFile="/var/log/apache2/access.log"
SiteDomain="gxrg.org"

jalanin script perl update

root@bt:~# perl /usr/lib/cgi-bin/awstats.pl -update -config=gxrg.org
Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 6.7 (build 1.892)
From data in log file "/var/log/apache2/access.log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 241950)
Jumped lines in file: 241950
 Found 241950 already parsed records.
Parsed lines in file: 2822
 Found 0 dropped records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 2822 new qualified records.

buat dan edit file awstats untuk aliases apache2

root@bt:~# nano /etc/apache2/conf.d/awstats

copy paste text ini

Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon/ "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch

<Directory "/usr/share/awstats/">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

sip tinggal lo jalanin pake cron setiap 1 jam sekali biar awstats update stats apache

root@bt:~# crontabe -e

tambahin baris

@hourly /usr/lib/cgi-bin/awstats.pl -update -config=gxrg.org >/dev/null

akses awstats di http://domain/awstats/awstats.pl

Good Luck! ;p


## E O F
/* Wanna Share? */
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • PDF
  • Slashdot
  • StumbleUpon
  • Technorati
  • BarraPunto
  • Bitacoras.com
  • HackerNews
  • Ping.fm
  • Reddit
  • RSS
  • Twitter
  • Yahoo! Bookmarks
  • Yahoo! Buzz
  • BlinkList
  • blogmarks
  • Blogosphere News
  • blogtercimlap
  • connotea
  • Current
  • Design Float
  • Diigo
  • DotNetKicks
  • DZone
  • eKudos
  • Fark
  • Faves
  • Fleck
  • FriendFeed
  • FSDaily
  • Global Grind
  • Gwar
  • Haohao
  • HealthRanker
  • HelloTxt
  • Hemidemi
  • Hyves
  • Identi.ca
  • IndianPad
  • Internetmedia
  • Sphinn
  • Suggest to Techmeme via Twitter
  • ThisNext
  • Tipd
  • Tumblr
  • Upnews
  • Webnews.de
  • Webride
  • Wikio
  • Wikio FR
  • Wikio IT
  • Wists
  • Wykop
  • Xerpi
  • Yigg
  • Kirtsy
  • laaik.it
  • LinkaGoGo
  • LinkArena
  • LinkedIn
  • Linkter
  • Live
  • Meneame
  • MisterWong
  • MisterWong.DE
  • Mixx
  • MSN Reporter
  • muti
  • MyShare
  • MySpace
  • N4G
  • Netvibes
  • Netvouz
  • NewsVine
  • NuJIJ
  • Posterous
  • Propeller
  • Ratimarks
  • Rec6
  • Scoopeo
  • Segnalo
  • Simpy
  • Socialogs
  • SphereIt
  • Add to favorites
  • Blogplay
  • Diggita
  • LaTafanera
  • MOB
  • QQ书签
  • SheToldMe
  • viadeo FR
  • 豆瓣
  • 豆瓣九点

September 3rd, 2010 | Tags: , , , | Category: Computer, backtrack, linux, web | Leave a comment

scan XSS ?

gimana sih cari kelemahan xss dengan cara gampang? ini sih pertanyaan yang harus di tanyakan kalo mau jadi HEKER .. azzz

buat penemu XSS di web gundar ke 1,2,3,4,5 great and thx!

kita pake w3af ..

w3aff>>> plugins audit xss
w3aff>>> plugins audit
|--------------------------------------------------------------------------------------------|
| Plugin name                 | Status      | Conf   | Description                                                                                                             |
|--------------------------------------------------------------------------------------------|
| xpath                       |             |        | Find XPATH injection vulnerabilities.                                                                                   |
| xsrf                        |             |        | Find the easiest to exploit xsrf vulnerabilities.                                                                       |
| xss                         | Enabled     | Yes    | Find cross site scripting vulnerabilities.                                                                              |
| xst                         |             |        | Find Cross Site Tracing vulnerabilities.                                                                                |
|--------------------------------------------------------------------------------------------|
w3aff>>> target set target http://gunadarma.ac.id/
w3aff>>> start
Found 2 URLs and 2 different points of injection.
The list of URLs is:
- http://gunadarma.ac.id/
- http://www.gunadarma.ac.id/en/search.html
The list of fuzzable requests is:
- http://gunadarma.ac.id/ | Method: GET
- http://www.gunadarma.ac.id/en/search.html | Method: POST | Parameters: (txtsearch="")
Starting xss plugin execution.
Cross Site Scripting was found at: "http://www.gunadarma.ac.id/en/search.html", using HTTP method POST. The sent post-data was: "txtsearch=". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 4.
Finished scanning process.

oh jadi di search.html … oh parameter Method nya POST, terus kunci nya di txtsearch yasudah coba kita masukin

<h1>abcdefghijklmnopqrstuvwxyz. </h1><br><br><br><br><br><br><br>.<h1>zyxwvutsrqponmlkjihgfedcba. </h1><br><br><br><br> <h1>xss xss xss ditemukan ditemukan</h1>

cara pake w3af buat scan lain banyak kk, belajar aja dari sini:
http://w3af.sourceforge.net/documentation/user/w3afUsersGuide.pdf

Good Luck!


## E O F
/* Wanna Share? */
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • email
  • PDF
  • Slashdot
  • StumbleUpon
  • Technorati
  • BarraPunto
  • Bitacoras.com
  • HackerNews
  • Ping.fm
  • Reddit
  • RSS
  • Twitter
  • Yahoo! Bookmarks
  • Yahoo! Buzz
  • BlinkList
  • blogmarks
  • Blogosphere News
  • blogtercimlap
  • connotea
  • Current
  • Design Float
  • Diigo
  • DotNetKicks
  • DZone
  • eKudos
  • Fark
  • Faves
  • Fleck
  • FriendFeed
  • FSDaily
  • Global Grind
  • Gwar
  • Haohao
  • HealthRanker
  • HelloTxt
  • Hemidemi
  • Hyves
  • Identi.ca
  • IndianPad
  • Internetmedia
  • Sphinn
  • Suggest to Techmeme via Twitter
  • ThisNext
  • Tipd
  • Tumblr
  • Upnews
  • Webnews.de
  • Webride
  • Wikio
  • Wikio FR
  • Wikio IT
  • Wists
  • Wykop
  • Xerpi
  • Yigg
  • Kirtsy
  • laaik.it
  • LinkaGoGo
  • LinkArena
  • LinkedIn
  • Linkter
  • Live
  • Meneame
  • MisterWong
  • MisterWong.DE
  • Mixx
  • MSN Reporter
  • muti
  • MyShare
  • MySpace
  • N4G
  • Netvibes
  • Netvouz
  • NewsVine
  • NuJIJ
  • Posterous
  • Propeller
  • Ratimarks
  • Rec6
  • Scoopeo
  • Segnalo
  • Simpy
  • Socialogs
  • SphereIt
  • Add to favorites
  • Blogplay
  • Diggita
  • LaTafanera
  • MOB
  • QQ书签
  • SheToldMe
  • viadeo FR
  • 豆瓣
  • 豆瓣九点

May 30th, 2010 | Tags: , , , , | Category: Computer, backtrack, linux, web | Leave a comment

« Older Entries