Pages

Selasa, 05 Maret 2013

SEMINAR HACKING


Dalam seminar hacking dan pengamanan jaringan yang dilaksanakan pada tanggal 2 Maret kemarin di Gedung lantai 4 Fakultas Sains dan Teknologi UIN Maulana Malik Ibrahim malang, pemateri memberikan beberapa penjelasan tentang apa dan bagaimana hacking dan pengamananya bekerja “dalam hacking website”.

1.      HACKING


  • Pengertian
Hacking adalah Seorang Hacker yang seharusnya tidak mempunyai hak atas suatu sistem menjadi mempunyai hak penuh dari sistem tersebut. Pada intinya Hacking itu kegiatan yang menjebol atau masuk ke dalam sebuah sistem tanpa diketahui oleh si Admin.
 
 Hacker adalah sebutan untuk orang atau sekelompok orang yang memberikan sumbangan bermanfaat untuk dunia jaringan dan sistem operasi, membuat program bantuan untuk dunia jaringan dan komputer.Hacker juga bisa di kategorikan perkerjaan yang dilakukan untuk mencari kelemahan suatu system dan memberikan ide atau pendapat yang bisa memperbaiki kelemahan system yang di temukannya.
2. ETIKA
Terdapat Etika dalam dunia Hacking, mengapa keamanan bisa menjadi suatu hal yang sangat penting:
  • Perkembangan komputer
  • Ketergantungan manusia
  • Tuntutan kompleksitas semakin tinggi
  • Keamanan menjadi anak tiri
  • Kemampuan orang disebut hacker menjadi menurun
  • Kemampuan rendah bisa menjadi ancaman tinggi untuk kepentingan umum

3. Manifesto Hacker:
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker  Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. http://www.mithral.com/~beberg/manifesto.html

Tiga Segitiga Keamanan 


v  Pengelompokkan hacker


u  Black Hat Hacker
u  White Hat Hacker
u  Grey Hat Hacker
u  Suicide Hacker



v  Tahapan aktifitas Hacking
u  Reconnaissance
u  Scanning
u  Gaining Acces
u  Maintaining acces
u  Covering Tracks
v  Reconnaissance
§  Reconnaissance Passive
o   Pencarian data target di googleo   Pencarian data target di berbagai jejaring sosial
§  Reconnaissance Active
o   HTTP Fingerprint 
v  Pencarian exploit berdasarkan scanning
  • Google.com
  • Archive Milw0rm
  • Archive Exploit DB
  • Metasploit Framework
  • Darkc0de
v  Gaining Acces
  • Exploitasi Remote Execution pada celah keamanan OS
  • Exploitasi Remote Execution pada celah keamanan aplikasi
  • Exploitasi Remote Execution pada celah keamanan web
v  Maintaining Acces
PHP Backdoor
Contoh :
o   Simple php shell
o   R57
o   C99 / C100
o   ASP Backdoor
o   B374K

v  Covering tracks
  • Pembersihan berbagai exploit atau software yang diupload
  • Pembersihan jejak disesuaikan dengan penggunaan aplikasi di target dan ke target
KEAMANAN
  1. Update CMS, plugin
  2. Menggunakan mysql_real_escape_string()
  3. Memberikan validasi pada tiap inputan
  4. Berikan length limit pada inputan
  5. Config database error report
  6. Setting php.ini
  7. dll





0 komentar:

Posting Komentar