SlideShare a Scribd company logo

Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI

Ismail Fahmi
Ismail Fahmi

Seminar Perpustakaan Kemendikbud. 26 April 2016

Education
1 of 49
Download to read offline
Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI Ismail Fahmi Seminar Perpustakaan Kemdikbud - 26 April 2016
Case Study
https://offshoreleaks.icij.org/search?country=&q=indonesia
Analisa Teknis
Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.
Non-authoritative user bisa menjalankan Ajax call, yg harusnya hanya untuk previliged user saja!!! Dan bisa menerima file yang diupload oleh hacker. Bugs Program
Cross Site Scripting
SQL Injection http://www.ibtimes.co.uk/panama-papers-hacker-claims-sql-injection-vulnerability-found-mossack-fonseca-server-1554559
Pemasangan Firewall
Struktur Jaringan Lama Web Server Mail Server 200.46.144.0 Dalam blok yang sama
Bagaimana anda tahu kelemahan yang ada dalam implementasi IT di perpustakaan anda? ?
Case Study 2
Menggunakan…
23 vulnerabilities!!
[!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing Reference: https://wpvulndb.com/vulnerabilities/7528 Reference: https://core.trac.wordpress.org/changeset/29384 Reference: https://core.trac.wordpress.org/changeset/29408 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite Reference: https://wpvulndb.com/vulnerabilities/7529 Reference: https://core.trac.wordpress.org/changeset/29398 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library Reference: https://wpvulndb.com/vulnerabilities/7530 Reference: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc Reference: http://getid3.sourceforge.net/ Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/ Reference: http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html Reference: https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout Reference: https://wpvulndb.com/vulnerabilities/7531 Reference: http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout Reference: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868 [i] Fixed in: 4.0 [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/7680 Reference: http://klikki.fi/adv/wordpress.html Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/ Reference: http://klikki.fi/adv/wordpress_update.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031 [i] Fixed in: 4.0
[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS) Reference: https://wpvulndb.com/vulnerabilities/7681 Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034 Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos Reference: https://www.exploit-db.com/exploits/35413/ Reference: https://www.exploit-db.com/exploits/35414/ [i] Fixed in: 4.0.1 [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF) Reference: https://wpvulndb.com/vulnerabilities/7696 Reference: http://www.securityfocus.com/bid/71234/ Reference: https://core.trac.wordpress.org/changeset/30444 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038 [i] Fixed in: 4.0.1 [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection Reference: https://wpvulndb.com/vulnerabilities/8126 Reference: https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213 [i] Fixed in: 3.9.8 [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack Reference: https://wpvulndb.com/vulnerabilities/8130 Reference: https://core.trac.wordpress.org/changeset/33536 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730 [i] Fixed in: 3.9.8
[!] Title: Catablog <= 1.6 - Cross Site Scripting Reference: https://wpvulndb.com/vulnerabilities/6286 Reference: http://packetstormsecurity.com/files/112619/ [+] Name: grand-media - v1.0.0 | Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/ | Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/readme.txt [!] The version is out of date, the latest version is 1.8.20 [!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/ plugins/grand-media/ [!] Title: Gmedia Gallery 1.2.1 - Shell Upload Reference: https://wpvulndb.com/vulnerabilities/7544 Reference: http://packetstormsecurity.com/files/127725/ [i] Fixed in: 1.2.2 [+] Name: page-layout-builder - v1.9.3 | Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/ | Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/readme.txt [!] The version is out of date, the latest version is 2.0.3 [!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/ plugins/page-layout-builder/
[!] Upload directory has directory listing enabled: http:// perpustakaan.kemdikbud.go.id/perpus/wp-content/uploads/
Information Gathering List informasi dalam DNS Informasi singkat tentang Name Server, Mail Server
DNS Zone Transfer List semua informasi dalam DNS Dapat digunakan untuk menyusun peta jaringan target
[*] A @.kemdikbud.go.id 118.98.166.162 [*] A noc2.kemdikbud.go.id 118.98.166.80 [*] A unnesonline.kemdikbud.go.id 118.98.221.174 [*] A mailbox-zimbra2.kemdikbud.go.id 118.98.222.92 [*] A www.atdik-berlin.kemdikbud.go.id 118.98.232.123 [*] A anugerahkihajar.kemdikbud.go.id 118.98.221.14 [*] A awanpustekkom.kemdikbud.go.id 118.98.236.161 [*] A p4tkbispar.kemdikbud.go.id 118.98.236.244 [*] A asem-education-secretariat.kemdikbud.go.id 118.98.236.197 [*] A mailbox10.kemdikbud.go.id 118.98.222.30 [*] A nuptk.kemdikbud.go.id 118.98.221.43 [*] A buku.kemdikbud.go.id 118.98.166.55 [*] A www.saibpsdm.kemdikbud.go.id 118.98.221.90 [*] A sip.kemdikbud.go.id 118.98.234.47 [*] A rtf.kemdikbud.go.id 118.98.221.14 [*] A vod-tve.kemdikbud.go.id 118.98.222.63 [*] A ijso2016.kemdikbud.go.id 118.98.232.227 [*] A sms.kemdikbud.go.id 118.98.221.14 [*] A pengaduanpip.kemdikbud.go.id 118.98.234.85 [*] A www.bse.kemdikbud.go.id 118.98.221.236 [*] A emonitoring.kemdikbud.go.id 118.98.232.125 [*] A sso.kemdikbud.go.id 118.98.221.58 [*] A buonline.kemdikbud.go.id 118.98.223.51 [*] A rept.kemdikbud.go.id 118.98.221.175 [*] A studihasilukg.kemdikbud.go.id 118.98.166.114 [*] A ldaprpc.kemdikbud.go.id 118.98.222.89 [*] A www.buonline.kemdikbud.go.id 118.98.223.51 [*] A video.kemdikbud.go.id 118.98.221.143 [*] A jurnalkwangsan.kemdikbud.go.id 118.98.226.30 [*] A monevrbi.kemdikbud.go.id 118.98.232.123 [*] A bimbel.kemdikbud.go.id 118.98.221.19 [*] A registrasi.cpns.kemdikbud.go.id 118.98.223.101 … [*] A www.atdik-portmoresby.kemdikbud.go.id 118.98.232.123 [*] A pslb.kemdikbud.go.id 118.98.177.180 [*] A warisanbudaya.kemdikbud.go.id 118.98.234.40 [*] A pip.kemdikbud.go.id 118.98.234.85 [*] A psmk.kemdikbud.go.id 118.98.234.110 [*] A pjj.kemdikbud.go.id 118.98.223.45 [*] A kniu.kemdikbud.go.id 118.98.236.117 [*] A owa.kemdikbud.go.id 118.98.234.49 [*] A beasiswa.kemdikbud.go.id 118.98.235.57 [*] A jurnaldikbud.kemdikbud.go.id 118.98.221.14 [*] A padatiweb.kemdikbud.go.id 118.98.233.140 [*] A psb.kemdikbud.go.id 118.98.223.56 [*] A ptkdikdasmen.kemdikbud.go.id 118.98.236.72 [*] A saibpsdm.kemdikbud.go.id 118.98.221.90 [*] A rbi.kemdikbud.go.id 118.98.166.80 [*] A sso2.kemdikbud.go.id 118.98.221.59 [*] CNAME lpmpjogja.kemdikbud.go.id www.lpmpjogja.org. 104.28.10.84 [*] CNAME lpmpjogja.kemdikbud.go.id www.lpmpjogja.org. 104.28.11.84 [*] CNAME lpmpkalbar.kemdikbud.go.id www.lpmp-kalbar.net. 49.50.8.86 [*] CNAME lpdpdiknas.kemdikbud.go.id www.lpdp.depkeu.go.id. 202.137.230.221 [*] CNAME bsnp-indonesia.kemdikbud.go.id www.bsnp-indonesia.org. 103.11.74.20 [*] CNAME lpmpjateng.kemdikbud.go.id www.lpmpjateng.go.id. 116.213.48.171 [*] CNAME p4tkpenjasbk.kemdikbud.go.id www.p4tkpenjasbk.or.id. 103.3.59.74 [*] CNAME p4tkbmti.kemdikbud.go.id www.tedcbandung.com. 180.235.151.11 [*] CNAME lpdp.kemdikbud.go.id www.lpdp.depkeu.go.id. 202.137.230.221 [*] CNAME lpmpsulteng.kemdikbud.go.id www.lpmpsulteng.net. 202.150.213.148 [*] CNAME lpmpaceh.kemdikbud.go.id www.lpmp-aceh.com. 198.23.80.60 [*] CNAME lpmpaceh.kemdikbud.go.id www.lpmp-aceh.com. 2607:f0d0:2102:55::2 [*] CNAME p4tkboe.kemdikbud.go.id www.vedcmalang.com. 184.107.26.76 [*] CNAME p4tkmatematika.kemdikbud.go.id p4tkmatematika.org. 216.185.109.195 [*] CNAME lpmpriau.kemdikbud.go.id www.lpmpriau.go.id. 202.78.195.34 [*] CNAME lpmppapua.kemdikbud.go.id www.lpmp-papua.web.id. 104.168.172.179 [*] CNAME p4tkbahasa.kemdikbud.go.id www.pppptkbahasa.net. 202.53.229.122 [*] CNAME lpmpdki.kemdikbud.go.id www.lpmpdki.web.id. 101.50.1.116 [*] SRV _sip._tls.kemdikbud.go.id sip 443 0 no_ip [*] SRV _sipfederationtls._tcp.kemdikbud.go.id sip 5061 0 no_ip Dapat digunakan untuk memilih target yang akan diserang.
Analisa Aplikasi Web
Scanning
Alerts High priority!
SQL Injections
Meet Kali Linux, a distro built to hammer your security
Daftar Perangkat Uji Keamanan Kali Linux http://tools.kali.org/tools-listing
SQL Mapper
Network Mapper
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.
root@kali:~# nmap -v -A -sV perpustakaan.kemdikbud.go.id Starting Nmap 7.01 ( https://nmap.org ) at 2016-04-24 11:24 EDT NSE: Loaded 132 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 11:24 Completed NSE at 11:24, 0.00s elapsed Initiating NSE at 11:24 Completed NSE at 11:24, 0.00s elapsed Initiating Ping Scan at 11:24 Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [4 ports] Completed Ping Scan at 11:24, 0.05s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:24 Completed Parallel DNS resolution of 1 host. at 11:24, 7.39s elapsed Initiating SYN Stealth Scan at 11:24 Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [1000 ports] Discovered open port 80/tcp on 118.98.232.10 Discovered open port 8080/tcp on 118.98.232.10 Discovered open port 443/tcp on 118.98.232.10 Discovered open port 53/tcp on 118.98.232.10 Discovered open port 25/tcp on 118.98.232.10 Discovered open port 21/tcp on 118.98.232.10 Discovered open port 143/tcp on 118.98.232.10 Discovered open port 110/tcp on 118.98.232.10 ... Discovered open port 3011/tcp on 118.98.232.10 Discovered open port 1100/tcp on 118.98.232.10 Discovered open port 19780/tcp on 118.98.232.10 Completed SYN Stealth Scan at 11:24, 1.68s elapsed (1000 total ports) Initiating Service scan at 11:24 Scanning 602 services on perpustakaan.kemdikbud.go.id (118.98.232.10) Completed Service scan at 11:26, 119.80s elapsed (604 services on 1 host) Initiating OS detection (try #1) against perpustakaan.kemdikbud.go.id (118.98.232.10) Retrying OS detection (try #2) against perpustakaan.kemdikbud.go.id (118.98.232.10) Initiating Traceroute at 11:26 Completed Traceroute at 11:26, 0.10s elapsed Initiating Parallel DNS resolution of 15 hosts. at 11:26 Completed Parallel DNS resolution of 15 hosts. at 11:26, 13.00s elapsed NSE: Script scanning 118.98.232.10.
Nmap scan report for perpustakaan.kemdikbud.go.id (118.98.232.10) Host is up (0.016s latency). rDNS record for 118.98.232.10: 232-10.sny.kemdiknas.go.id Not shown: 396 closed ports PORT STATE SERVICE VERSION 1/tcp open tcpwrapped 3/tcp open tcpwrapped 6/tcp open tcpwrapped 9/tcp open tcpwrapped 19/tcp open tcpwrapped 21/tcp open tcpwrapped 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.6 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 1024 1e:dc:af:54:2c:99:e3:4c:be:72:14:b2:83:2c:5e:d5 (DSA) | 2048 10:73:0b:fb:32:f8:a5:ad:b5:fa:92:c8:23:6e:3a:e5 (RSA) |_ 256 4f:b1:2d:27:0a:8e:94:f5:b4:16:8f:e7:e1:5e:e4:33 (ECDSA) 25/tcp open tcpwrapped |_smtp-commands: Couldn't establish connection on port 25 32/tcp open tcpwrapped 33/tcp open tcpwrapped 37/tcp open tcpwrapped 42/tcp open tcpwrapped 43/tcp open tcpwrapped 49/tcp open tcpwrapped 53/tcp open domain | dns-nsid: |_ bind.version: 9.9.5-3ubuntu0.8-Ubuntu 70/tcp open tcpwrapped 79/tcp open tcpwrapped |_finger: ERROR: Script execution failed (use -d to debug) 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) |_http-favicon: Unknown favicon MD5: 324F774689F580B14976BECE7F5D5DDC |_http-generator: WPSSO 3.29.5-1/G | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS | http-robots.txt: 1 disallowed entry |_/sftwrs/ |_http-server-header: Apache/2.4.7 (Ubuntu) | http-title: Site doesn't have a title (text/html; charset=UTF-8). |_Requested resource was perpus/
443/tcp open ssl/http Apache httpd 2.4.7 |_http-generator: WPSSO 3.29.5-1/G | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS | http-robots.txt: 1 disallowed entry |_/sftwrs/ |_http-server-header: Apache/2.4.7 (Ubuntu) | http-title: Site doesn't have a title (text/html; charset=UTF-8). |_Requested resource was perpus/ | ssl-cert: Subject: commonName=perpustakaan.kemdikbud.go.id | Issuer: commonName=StartCom Class 1 DV Server CA/organizationName=StartCom Ltd./countryName=IL | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-04-21T04:32:00 | Not valid after: 2017-04-21T04:32:00 | MD5: 7d2b bdd1 e9f0 82aa 82df b396 6a8f 8843 |_SHA-1: 6263 4932 9c34 bd6a ed9b caf4 9abe b85d 7835 2eb0 |_ssl-date: TLS randomness does not represent time ... 8008/tcp open http | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Did not follow redirect to https://perpustakaan.kemdikbud.go.id:8010/ 8009/tcp open tcpwrapped 8010/tcp open ssl/http-proxy FortiGate Web Filtering Service |_hadoop-datanode-info: |_hadoop-tasktracker-info: |_hbase-master-info: | http-methods: |_ Supported Methods: GET POST |_http-title: Web Filter Block Override | ssl-cert: Subject: commonName=FortiGate/organizationName=Fortinet/stateOrProvinceName=California/countryName=US | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2011-02-21T21:13:04 | Not valid after: 2038-01-19T03:14:07 | MD5: f829 467c f6b5 eb98 f4d5 d8e8 575d ea12 |_SHA-1: 0bc4 90af d22b f753 2042 557f 4591 dd88 7fa2 b3ed |_ssl-date: TLS randomness does not represent time |_sstp-discover: SSTP is supported.
TRACEROUTE (using port 995/tcp) HOP RTT ADDRESS 1 13.97 ms 192.168.100.1 2 14.20 ms 1.subnet125-161-160.speedy.telkom.net.id (125.161.160.1) 3 8.73 ms 225.subnet125-160-14.speedy.telkom.net.id (125.160.14.225) 4 11.82 ms 61.94.171.97 5 12.03 ms 209.subnet118-98-51.astinet.telkom.net.id (118.98.51.209) 6 21.95 ms 109.subnet118-98-58.astinet.telkom.net.id (118.98.58.109) 7 15.55 ms 122.subnet125-160-9.speedy.telkom.net.id (125.160.9.122) 8 92.86 ms 218.100.36.2 9 20.51 ms jardiknas.openixp.net (218.100.27.84) 10 34.53 ms 118.98.132.202 11 37.32 ms 118.98.132.206 12 23.47 ms 118.98.132.113 13 23.68 ms 118.98.159.2 14 13.56 ms 118.98.159.6 15 24.25 ms 232-10.sny.kemdiknas.go.id (118.98.232.10) NSE: Script Post-scanning. Initiating NSE at 11:29 Completed NSE at 11:29, 0.00s elapsed Initiating NSE at 11:29 Completed NSE at 11:29, 0.00s elapsed Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https:// nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 271.02 seconds Raw packets sent: 1223 (55.792KB) | Rcvd: 1038 (43.316KB)
Dan masih banyak lagi tool untuk uji keamanan jaringan menggunakan Kali Linux. Silahkan coba sendiri…
Cara instalasi Kali Linux https://www.kali.org/
https://www.offensive-security.com/kali-linux-vmware- virtualbox-image-download/ Download image untuk virtualbox atau vmware
https://www.virtualbox.org/ Download VirtualBox
Kali Linux dalam VirtualBox Mac OSX
Start up… Login: root Password: toor
Kali Linux - https://www.kali.org Download Kali Linux - https://www.offensive-security.com/kali-linux-vmware-virtualbox- image-download/ Silabus training Kali Linux - https://www.offensive-security.com/documentation/penetration- testing-with-kali.pdf Slide dan Buku - http://www.slideshare.net/search/slideshow?searchfrom=header&q=kali +linux Sample of Penetration Test Report - https://www.offensive-security.com/reports/sample- penetration-testing-report.pdf Referensi
Ismail Fahmi, PhD Email: ismail.fahmi@gmail.com Hp: 0812 8908 3894 Founder of: A media monitoring and analytics company Technical Consultant of: Terimakasih

Recommended

Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)
Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)
Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)Mark Thalib
 
ACL in CodeIgniter
ACL in CodeIgniterACL in CodeIgniter
ACL in CodeIgnitermirahman
 
Java Foundations: Basic Syntax, Conditions, Loops
Java Foundations: Basic Syntax, Conditions, LoopsJava Foundations: Basic Syntax, Conditions, Loops
Java Foundations: Basic Syntax, Conditions, LoopsSvetlin Nakov
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Java string , string buffer and wrapper class
Java string , string buffer and wrapper classJava string , string buffer and wrapper class
Java string , string buffer and wrapper classSimoniShah6
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageNetsparker
 
ASP.NET - Life cycle of asp
ASP.NET - Life cycle of aspASP.NET - Life cycle of asp
ASP.NET - Life cycle of asppriya Nithya
 

Recommended

Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)
Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)
Bagaimana Belajar Menjadi Seorang Penetration Tester (PenTest)Mark Thalib
 
ACL in CodeIgniter
ACL in CodeIgniterACL in CodeIgniter
ACL in CodeIgnitermirahman
 
Java Foundations: Basic Syntax, Conditions, Loops
Java Foundations: Basic Syntax, Conditions, LoopsJava Foundations: Basic Syntax, Conditions, Loops
Java Foundations: Basic Syntax, Conditions, LoopsSvetlin Nakov
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Java string , string buffer and wrapper class
Java string , string buffer and wrapper classJava string , string buffer and wrapper class
Java string , string buffer and wrapper classSimoniShah6
 
Web Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageWeb Application Penetration Tests - Information Gathering Stage
Web Application Penetration Tests - Information Gathering StageNetsparker
 
ASP.NET - Life cycle of asp
ASP.NET - Life cycle of aspASP.NET - Life cycle of asp
ASP.NET - Life cycle of asppriya Nithya
 
JS1.pdf
JS1.pdfJS1.pdf
JS1.pdfFajar Baskoro
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
DNS Rebinding Attack
DNS Rebinding AttackDNS Rebinding Attack
DNS Rebinding AttackFelipe Japm
 
Locators in selenium - BNT 09
Locators in selenium - BNT 09Locators in selenium - BNT 09
Locators in selenium - BNT 09weekendtesting
 
Keamanan pada Sistem Terdistribusi
Keamanan pada Sistem TerdistribusiKeamanan pada Sistem Terdistribusi
Keamanan pada Sistem TerdistribusiYoshua Hanz
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Build RESTful API Using Express JS
Build RESTful API Using Express JSBuild RESTful API Using Express JS
Build RESTful API Using Express JSCakra Danu Sedayu
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
MSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message QueueingMSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message QueueingPeter R. Egli
 
jQuery PPT
jQuery PPTjQuery PPT
jQuery PPTDominic Arrojado
 
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)Mark Thalib
 
Makalah Web Programming 1
Makalah Web Programming 1Makalah Web Programming 1
Makalah Web Programming 1Dwi Mardianti
 
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)Jurnal metasploit(revisi)
Jurnal metasploit(revisi)Setia Juli Irzal Ismail
 
Php functions
Php functionsPhp functions
Php functionsJIGAR MAKHIJA
 
PHP Security
PHP SecurityPHP Security
PHP SecurityMindfire Solutions
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions WebStackAcademy
 
Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)Ankit Gupta
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basicsn|u - The Open Security Community
 
Indonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric AnalysisIndonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric AnalysisIsmail Fahmi
 
4 lexical
4 lexical4 lexical
4 lexicalu10co093
 

More Related Content

What's hot

Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 formsEyal Vardi
 
DNS Rebinding Attack
DNS Rebinding AttackDNS Rebinding Attack
DNS Rebinding AttackFelipe Japm
 
Locators in selenium - BNT 09
Locators in selenium - BNT 09Locators in selenium - BNT 09
Locators in selenium - BNT 09weekendtesting
 
Keamanan pada Sistem Terdistribusi
Keamanan pada Sistem TerdistribusiKeamanan pada Sistem Terdistribusi
Keamanan pada Sistem TerdistribusiYoshua Hanz
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Build RESTful API Using Express JS
Build RESTful API Using Express JSBuild RESTful API Using Express JS
Build RESTful API Using Express JSCakra Danu Sedayu
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
MSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message QueueingMSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message QueueingPeter R. Egli
 
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)Mark Thalib
 
Makalah Web Programming 1
Makalah Web Programming 1Makalah Web Programming 1
Makalah Web Programming 1Dwi Mardianti
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions WebStackAcademy
 
Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)Ankit Gupta
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 

What's hot (20)

JS1.pdf
JS1.pdfJS1.pdf
JS1.pdf
 
Angular 2.0 forms
Angular 2.0 formsAngular 2.0 forms
Angular 2.0 forms
 
DNS Rebinding Attack
DNS Rebinding AttackDNS Rebinding Attack
DNS Rebinding Attack
 
Locators in selenium - BNT 09
Locators in selenium - BNT 09Locators in selenium - BNT 09
Locators in selenium - BNT 09
 
Keamanan pada Sistem Terdistribusi
Keamanan pada Sistem TerdistribusiKeamanan pada Sistem Terdistribusi
Keamanan pada Sistem Terdistribusi
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
Build RESTful API Using Express JS
Build RESTful API Using Express JSBuild RESTful API Using Express JS
Build RESTful API Using Express JS
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
MSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message QueueingMSMQ - Microsoft Message Queueing
MSMQ - Microsoft Message Queueing
 
jQuery PPT
jQuery PPTjQuery PPT
jQuery PPT
 
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
Bypass web security dengan menggunakan teknik XST (Cross Sites Tracing)
 
Makalah Web Programming 1
Makalah Web Programming 1Makalah Web Programming 1
Makalah Web Programming 1
 
Jurnal metasploit(revisi)
Jurnal metasploit(revisi)Jurnal metasploit(revisi)
Jurnal metasploit(revisi)
 
Php functions
Php functionsPhp functions
Php functions
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions JavaScript - Chapter 9 - TypeConversion and Regular Expressions
JavaScript - Chapter 9 - TypeConversion and Regular Expressions
 
Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)Windows form application_in_vb(vb.net --3 year)
Windows form application_in_vb(vb.net --3 year)
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 

Viewers also liked

Indonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric AnalysisIndonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric AnalysisIsmail Fahmi
 
Workshop IOS - KPDI 9 Makassar
Workshop IOS - KPDI 9 MakassarWorkshop IOS - KPDI 9 Makassar
Workshop IOS - KPDI 9 MakassarIsmail Fahmi
 
Data Science: Memahami Perilaku Sosial Masyarakat Melalui Medsos
Data Science: Memahami Perilaku Sosial Masyarakat Melalui MedsosData Science: Memahami Perilaku Sosial Masyarakat Melalui Medsos
Data Science: Memahami Perilaku Sosial Masyarakat Melalui MedsosIsmail Fahmi
 
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi Hoax
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi HoaxSNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi Hoax
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi HoaxIsmail Fahmi
 
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU Ali Osman Öncel
 
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİ
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİ
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİAli Osman Öncel
 
Ozgur web teknolojileri'13
Ozgur web teknolojileri'13Ozgur web teknolojileri'13
Ozgur web teknolojileri'13Mehmet Ince
 
Oylg2013 web uygulamalari sizmatesti
Oylg2013 web uygulamalari sizmatestiOylg2013 web uygulamalari sizmatesti
Oylg2013 web uygulamalari sizmatestiMehmet Ince
 
Membaca Indonesia Melalui SNA
Membaca Indonesia Melalui SNAMembaca Indonesia Melalui SNA
Membaca Indonesia Melalui SNAIsmail Fahmi
 
ÖNCEL AKADEMİ: DEPREM TATBİKATI
ÖNCEL AKADEMİ: DEPREM TATBİKATIÖNCEL AKADEMİ: DEPREM TATBİKATI
ÖNCEL AKADEMİ: DEPREM TATBİKATIAli Osman Öncel
 
Siber güvenlik konferansı' 14 client-side security & csp (1)
Siber güvenlik konferansı' 14 client-side security & csp (1)Siber güvenlik konferansı' 14 client-side security & csp (1)
Siber güvenlik konferansı' 14 client-side security & csp (1)Mehmet Ince
 
Devfest istanbul'14 web app security and framework
Devfest istanbul'14 web app security and framework Devfest istanbul'14 web app security and framework
Devfest istanbul'14 web app security and framework Mehmet Ince
 
Devfest istanbul'14 - Web Application Attacks and Trusting Frameworks
Devfest istanbul'14 - Web Application Attacks and Trusting FrameworksDevfest istanbul'14 - Web Application Attacks and Trusting Frameworks
Devfest istanbul'14 - Web Application Attacks and Trusting FrameworksMehmet Ince
 
WebGL games with Minko - Next Game Frontier 2014
WebGL games with Minko - Next Game Frontier 2014WebGL games with Minko - Next Game Frontier 2014
WebGL games with Minko - Next Game Frontier 2014Minko3D
 
Dusseldeals de proposal
Dusseldeals de proposalDusseldeals de proposal
Dusseldeals de proposalGirard Brewer
 
MiniCRM Bemutató
MiniCRM BemutatóMiniCRM Bemutató
MiniCRM BemutatóMiniCRM
 
Textbook of-digital-photography-samples
Textbook of-digital-photography-samplesTextbook of-digital-photography-samples
Textbook of-digital-photography-sampleskiruba kiruba
 

Viewers also liked (20)

Indonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric AnalysisIndonesia OneSearch dan Biblio Metric Analysis
Indonesia OneSearch dan Biblio Metric Analysis
 
4 lexical
4 lexical4 lexical
4 lexical
 
Workshop IOS - KPDI 9 Makassar
Workshop IOS - KPDI 9 MakassarWorkshop IOS - KPDI 9 Makassar
Workshop IOS - KPDI 9 Makassar
 
Data Science: Memahami Perilaku Sosial Masyarakat Melalui Medsos
Data Science: Memahami Perilaku Sosial Masyarakat Melalui MedsosData Science: Memahami Perilaku Sosial Masyarakat Melalui Medsos
Data Science: Memahami Perilaku Sosial Masyarakat Melalui Medsos
 
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi Hoax
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi HoaxSNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi Hoax
SNA: Jurnalisme, (Salah satu) Kunci Dalam Memerangi Hoax
 
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU
ÖNCEL AKADEMİ: KUZEY ANADOLU FAY TURU
 
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİ
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİ
ÖNCEL AKADEMİ: ÖZEL AKADEMİK İNGİLİZCE DERSİ
 
Ozgur web teknolojileri'13
Ozgur web teknolojileri'13Ozgur web teknolojileri'13
Ozgur web teknolojileri'13
 
Oylg2013 web uygulamalari sizmatesti
Oylg2013 web uygulamalari sizmatestiOylg2013 web uygulamalari sizmatesti
Oylg2013 web uygulamalari sizmatesti
 
Membaca Indonesia Melalui SNA
Membaca Indonesia Melalui SNAMembaca Indonesia Melalui SNA
Membaca Indonesia Melalui SNA
 
Shellshock
ShellshockShellshock
Shellshock
 
ÖNCEL AKADEMİ: DEPREM TATBİKATI
ÖNCEL AKADEMİ: DEPREM TATBİKATIÖNCEL AKADEMİ: DEPREM TATBİKATI
ÖNCEL AKADEMİ: DEPREM TATBİKATI
 
Siber güvenlik konferansı' 14 client-side security & csp (1)
Siber güvenlik konferansı' 14 client-side security & csp (1)Siber güvenlik konferansı' 14 client-side security & csp (1)
Siber güvenlik konferansı' 14 client-side security & csp (1)
 
Devfest istanbul'14 web app security and framework
Devfest istanbul'14 web app security and framework Devfest istanbul'14 web app security and framework
Devfest istanbul'14 web app security and framework
 
Devfest istanbul'14 - Web Application Attacks and Trusting Frameworks
Devfest istanbul'14 - Web Application Attacks and Trusting FrameworksDevfest istanbul'14 - Web Application Attacks and Trusting Frameworks
Devfest istanbul'14 - Web Application Attacks and Trusting Frameworks
 
WebGL games with Minko - Next Game Frontier 2014
WebGL games with Minko - Next Game Frontier 2014WebGL games with Minko - Next Game Frontier 2014
WebGL games with Minko - Next Game Frontier 2014
 
Dusseldeals de proposal
Dusseldeals de proposalDusseldeals de proposal
Dusseldeals de proposal
 
Sustentación
SustentaciónSustentación
Sustentación
 
MiniCRM Bemutató
MiniCRM BemutatóMiniCRM Bemutató
MiniCRM Bemutató
 
Textbook of-digital-photography-samples
Textbook of-digital-photography-samplesTextbook of-digital-photography-samples
Textbook of-digital-photography-samples
 

Similar to Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI

They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 
Web Insecurity And Browser Exploitation
Web Insecurity And Browser ExploitationWeb Insecurity And Browser Exploitation
Web Insecurity And Browser ExploitationMichele Orru'
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Barry Dorrans
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMagno Logan
 
Sql Injections With Real Life Scenarious
Sql Injections With Real Life ScenariousSql Injections With Real Life Scenarious
Sql Injections With Real Life ScenariousFrancis Alexander
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...OWASP Russia
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
 
Embedding custom ActiveX controls into SAP GUI
Embedding custom ActiveX controls into SAP GUIEmbedding custom ActiveX controls into SAP GUI
Embedding custom ActiveX controls into SAP GUIDr. Kerem Koseoglu
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingColdFusionConference
 
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...MichaelOLeary82
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013testslidesha12
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 

Similar to Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI (20)

They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 
Web Insecurity And Browser Exploitation
Web Insecurity And Browser ExploitationWeb Insecurity And Browser Exploitation
Web Insecurity And Browser Exploitation
 
Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10Don't get stung - an introduction to the OWASP Top 10
Don't get stung - an introduction to the OWASP Top 10
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
 
Cross Site Attacks
Cross Site AttacksCross Site Attacks
Cross Site Attacks
 
Sql Injections With Real Life Scenarious
Sql Injections With Real Life ScenariousSql Injections With Real Life Scenarious
Sql Injections With Real Life Scenarious
 
URL Design
URL DesignURL Design
URL Design
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
 
Jump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & GithubJump into Squeak - Integrate Squeak projects with Docker & Github
Jump into Squeak - Integrate Squeak projects with Docker & Github
 
Embedding custom ActiveX controls into SAP GUI
Embedding custom ActiveX controls into SAP GUIEmbedding custom ActiveX controls into SAP GUI
Embedding custom ActiveX controls into SAP GUI
 
Hack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security TrainingHack & Fix, Hands on ColdFusion Security Training
Hack & Fix, Hands on ColdFusion Security Training
 
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
Operationalizing Multi Cluster Istio_ Lessons Learned and Developing Ambient ...
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 

More from Ismail Fahmi

HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...Ismail Fahmi
 
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024Ismail Fahmi
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Ismail Fahmi
 
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINE
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINEANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINE
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINEIsmail Fahmi
 
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024Ismail Fahmi
 
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024Ismail Fahmi
 
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024Ismail Fahmi
 
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024Ismail Fahmi
 
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024Ismail Fahmi
 
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024Ismail Fahmi
 
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024Ismail Fahmi
 
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024Ismail Fahmi
 
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024Ismail Fahmi
 
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024Ismail Fahmi
 
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024Ismail Fahmi
 
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024Ismail Fahmi
 
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024Ismail Fahmi
 
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024Ismail Fahmi
 
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAM
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAMMUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAM
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAMIsmail Fahmi
 
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02Ismail Fahmi
 

More from Ismail Fahmi (20)

HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
 
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024
RESPONSE NETIZEN ATAS SIDANG PUTUSAN PHPU MK 2024
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024
 
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINE
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINEANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINE
ANALISIS ISU KECURANGAN PEMILU DI MEDIA SOSIAL & ONLINE
 
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024
ANALISIS SIREKAP DI MEDIA SOSIAL TWITTER, TIKTOK, YOUTUBE 14-15 FEBRUARI 2024
 
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024
SUARA NETIZEN HARI PENCOBLOSAN PEMILU 2024
 
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024
TIGA CAPRES DI DALAM PLATFORM SNACK VIDEO 5-12 FEBRUARI 2024
 
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024
DIRTY VOTE TWITTER, NEWS, TIKTOK 10-12 Februari 2024
 
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
UPDATE JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
 
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
JIS VS GBK DALAM KAMPANYE TERAKHIR PILPRES 2024
 
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON PASCA DEBAT DI YOUTUBE 4 - 6 FEBRUARI 2024
 
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024
TREN JUMLAH VIDEO PER JAM DI TIKTOK 1 – 5 FEBRUARI 2024
 
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024
ANALISIS DEBAT KELIMA CAPRES PEMILU 2024 - 4 FEBRUARI 2024
 
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024
ANALISIS PRA DEBAT KELIMA CAPRES PEMILU 2024 NEWS - TWITTER 3 – 4 Februari 2024
 
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI YOUTUBE - 25 JANUARI - 3 FEBRUARI 2024
 
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024
ANALISIS KONTEN DAN INTERAKSI KETIGA PASLON DI TIKTOK 1-3 FEBRUARI 2024
 
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024
PERBANDINGAN KETIGA PASLON DI TIKTOK - 21 JANUARI - 3 FEBRUARI 2024
 
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024
PERBANDINGAN KETIGA PASLON DI INSTAGRAM DARI 21 JAN-3 FEB 2024
 
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAM
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAMMUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAM
MUNDURNYA MAHFUD MD SEBAGAI MENKOPOLHUKAM
 
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02
ANALISIS TRENDING TOPIC HARIAN INDONESIA DAN CAPRES 02
 

Recently uploaded

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 

Recently uploaded (20)

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 

Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI

  • 1. Menggunakan Kali Linux Untuk Mengetahui Kelemahan Implementasi TI Ismail Fahmi Seminar Perpustakaan Kemdikbud - 26 April 2016
  • 2.
  • 6.
  • 7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.
  • 8. Non-authoritative user bisa menjalankan Ajax call, yg harusnya hanya untuk previliged user saja!!! Dan bisa menerima file yang diupload oleh hacker. Bugs Program
  • 12. Struktur Jaringan Lama Web Server Mail Server 200.46.144.0 Dalam blok yang sama
  • 13. Bagaimana anda tahu kelemahan yang ada dalam implementasi IT di perpustakaan anda? ?
  • 17. [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing Reference: https://wpvulndb.com/vulnerabilities/7528 Reference: https://core.trac.wordpress.org/changeset/29384 Reference: https://core.trac.wordpress.org/changeset/29408 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite Reference: https://wpvulndb.com/vulnerabilities/7529 Reference: https://core.trac.wordpress.org/changeset/29398 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.6 - 3.9.1 XXE in GetID3 Library Reference: https://wpvulndb.com/vulnerabilities/7530 Reference: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc Reference: http://getid3.sourceforge.net/ Reference: http://wordpress.org/news/2014/08/wordpress-3-9-2/ Reference: http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html Reference: https://github.com/ONsec-Lab/scripts/blob/master/getid3-xxe.wav Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2053 [i] Fixed in: 3.9.2 [!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout Reference: https://wpvulndb.com/vulnerabilities/7531 Reference: http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout Reference: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868 [i] Fixed in: 4.0 [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS) Reference: https://wpvulndb.com/vulnerabilities/7680 Reference: http://klikki.fi/adv/wordpress.html Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/ Reference: http://klikki.fi/adv/wordpress_update.html Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031 [i] Fixed in: 4.0
  • 18. [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS) Reference: https://wpvulndb.com/vulnerabilities/7681 Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/ Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034 Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos Reference: https://www.exploit-db.com/exploits/35413/ Reference: https://www.exploit-db.com/exploits/35414/ [i] Fixed in: 4.0.1 [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF) Reference: https://wpvulndb.com/vulnerabilities/7696 Reference: http://www.securityfocus.com/bid/71234/ Reference: https://core.trac.wordpress.org/changeset/30444 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038 [i] Fixed in: 4.0.1 [!] Title: WordPress <= 4.2.3 - wp_untrash_post_comments SQL Injection Reference: https://wpvulndb.com/vulnerabilities/8126 Reference: https://github.com/WordPress/WordPress/commit/70128fe7605cb963a46815cf91b0a5934f70eff5 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2213 [i] Fixed in: 3.9.8 [!] Title: WordPress <= 4.2.3 - Timing Side Channel Attack Reference: https://wpvulndb.com/vulnerabilities/8130 Reference: https://core.trac.wordpress.org/changeset/33536 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5730 [i] Fixed in: 3.9.8
  • 19. [!] Title: Catablog <= 1.6 - Cross Site Scripting Reference: https://wpvulndb.com/vulnerabilities/6286 Reference: http://packetstormsecurity.com/files/112619/ [+] Name: grand-media - v1.0.0 | Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/ | Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/readme.txt [!] The version is out of date, the latest version is 1.8.20 [!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/ plugins/grand-media/ [!] Title: Gmedia Gallery 1.2.1 - Shell Upload Reference: https://wpvulndb.com/vulnerabilities/7544 Reference: http://packetstormsecurity.com/files/127725/ [i] Fixed in: 1.2.2 [+] Name: page-layout-builder - v1.9.3 | Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/ | Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/readme.txt [!] The version is out of date, the latest version is 2.0.3 [!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/ plugins/page-layout-builder/
  • 20. [!] Upload directory has directory listing enabled: http:// perpustakaan.kemdikbud.go.id/perpus/wp-content/uploads/
  • 21. Information Gathering List informasi dalam DNS Informasi singkat tentang Name Server, Mail Server
  • 22. DNS Zone Transfer List semua informasi dalam DNS Dapat digunakan untuk menyusun peta jaringan target
  • 23. [*] A @.kemdikbud.go.id 118.98.166.162 [*] A noc2.kemdikbud.go.id 118.98.166.80 [*] A unnesonline.kemdikbud.go.id 118.98.221.174 [*] A mailbox-zimbra2.kemdikbud.go.id 118.98.222.92 [*] A www.atdik-berlin.kemdikbud.go.id 118.98.232.123 [*] A anugerahkihajar.kemdikbud.go.id 118.98.221.14 [*] A awanpustekkom.kemdikbud.go.id 118.98.236.161 [*] A p4tkbispar.kemdikbud.go.id 118.98.236.244 [*] A asem-education-secretariat.kemdikbud.go.id 118.98.236.197 [*] A mailbox10.kemdikbud.go.id 118.98.222.30 [*] A nuptk.kemdikbud.go.id 118.98.221.43 [*] A buku.kemdikbud.go.id 118.98.166.55 [*] A www.saibpsdm.kemdikbud.go.id 118.98.221.90 [*] A sip.kemdikbud.go.id 118.98.234.47 [*] A rtf.kemdikbud.go.id 118.98.221.14 [*] A vod-tve.kemdikbud.go.id 118.98.222.63 [*] A ijso2016.kemdikbud.go.id 118.98.232.227 [*] A sms.kemdikbud.go.id 118.98.221.14 [*] A pengaduanpip.kemdikbud.go.id 118.98.234.85 [*] A www.bse.kemdikbud.go.id 118.98.221.236 [*] A emonitoring.kemdikbud.go.id 118.98.232.125 [*] A sso.kemdikbud.go.id 118.98.221.58 [*] A buonline.kemdikbud.go.id 118.98.223.51 [*] A rept.kemdikbud.go.id 118.98.221.175 [*] A studihasilukg.kemdikbud.go.id 118.98.166.114 [*] A ldaprpc.kemdikbud.go.id 118.98.222.89 [*] A www.buonline.kemdikbud.go.id 118.98.223.51 [*] A video.kemdikbud.go.id 118.98.221.143 [*] A jurnalkwangsan.kemdikbud.go.id 118.98.226.30 [*] A monevrbi.kemdikbud.go.id 118.98.232.123 [*] A bimbel.kemdikbud.go.id 118.98.221.19 [*] A registrasi.cpns.kemdikbud.go.id 118.98.223.101 … [*] A www.atdik-portmoresby.kemdikbud.go.id 118.98.232.123 [*] A pslb.kemdikbud.go.id 118.98.177.180 [*] A warisanbudaya.kemdikbud.go.id 118.98.234.40 [*] A pip.kemdikbud.go.id 118.98.234.85 [*] A psmk.kemdikbud.go.id 118.98.234.110 [*] A pjj.kemdikbud.go.id 118.98.223.45 [*] A kniu.kemdikbud.go.id 118.98.236.117 [*] A owa.kemdikbud.go.id 118.98.234.49 [*] A beasiswa.kemdikbud.go.id 118.98.235.57 [*] A jurnaldikbud.kemdikbud.go.id 118.98.221.14 [*] A padatiweb.kemdikbud.go.id 118.98.233.140 [*] A psb.kemdikbud.go.id 118.98.223.56 [*] A ptkdikdasmen.kemdikbud.go.id 118.98.236.72 [*] A saibpsdm.kemdikbud.go.id 118.98.221.90 [*] A rbi.kemdikbud.go.id 118.98.166.80 [*] A sso2.kemdikbud.go.id 118.98.221.59 [*] CNAME lpmpjogja.kemdikbud.go.id www.lpmpjogja.org. 104.28.10.84 [*] CNAME lpmpjogja.kemdikbud.go.id www.lpmpjogja.org. 104.28.11.84 [*] CNAME lpmpkalbar.kemdikbud.go.id www.lpmp-kalbar.net. 49.50.8.86 [*] CNAME lpdpdiknas.kemdikbud.go.id www.lpdp.depkeu.go.id. 202.137.230.221 [*] CNAME bsnp-indonesia.kemdikbud.go.id www.bsnp-indonesia.org. 103.11.74.20 [*] CNAME lpmpjateng.kemdikbud.go.id www.lpmpjateng.go.id. 116.213.48.171 [*] CNAME p4tkpenjasbk.kemdikbud.go.id www.p4tkpenjasbk.or.id. 103.3.59.74 [*] CNAME p4tkbmti.kemdikbud.go.id www.tedcbandung.com. 180.235.151.11 [*] CNAME lpdp.kemdikbud.go.id www.lpdp.depkeu.go.id. 202.137.230.221 [*] CNAME lpmpsulteng.kemdikbud.go.id www.lpmpsulteng.net. 202.150.213.148 [*] CNAME lpmpaceh.kemdikbud.go.id www.lpmp-aceh.com. 198.23.80.60 [*] CNAME lpmpaceh.kemdikbud.go.id www.lpmp-aceh.com. 2607:f0d0:2102:55::2 [*] CNAME p4tkboe.kemdikbud.go.id www.vedcmalang.com. 184.107.26.76 [*] CNAME p4tkmatematika.kemdikbud.go.id p4tkmatematika.org. 216.185.109.195 [*] CNAME lpmpriau.kemdikbud.go.id www.lpmpriau.go.id. 202.78.195.34 [*] CNAME lpmppapua.kemdikbud.go.id www.lpmp-papua.web.id. 104.168.172.179 [*] CNAME p4tkbahasa.kemdikbud.go.id www.pppptkbahasa.net. 202.53.229.122 [*] CNAME lpmpdki.kemdikbud.go.id www.lpmpdki.web.id. 101.50.1.116 [*] SRV _sip._tls.kemdikbud.go.id sip 443 0 no_ip [*] SRV _sipfederationtls._tcp.kemdikbud.go.id sip 5061 0 no_ip Dapat digunakan untuk memilih target yang akan diserang.
  • 25.
  • 29. Meet Kali Linux, a distro built to hammer your security
  • 30. Daftar Perangkat Uji Keamanan Kali Linux http://tools.kali.org/tools-listing
  • 31.
  • 32.
  • 34.
  • 35.
  • 37. Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing.
  • 38. root@kali:~# nmap -v -A -sV perpustakaan.kemdikbud.go.id Starting Nmap 7.01 ( https://nmap.org ) at 2016-04-24 11:24 EDT NSE: Loaded 132 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 11:24 Completed NSE at 11:24, 0.00s elapsed Initiating NSE at 11:24 Completed NSE at 11:24, 0.00s elapsed Initiating Ping Scan at 11:24 Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [4 ports] Completed Ping Scan at 11:24, 0.05s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:24 Completed Parallel DNS resolution of 1 host. at 11:24, 7.39s elapsed Initiating SYN Stealth Scan at 11:24 Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [1000 ports] Discovered open port 80/tcp on 118.98.232.10 Discovered open port 8080/tcp on 118.98.232.10 Discovered open port 443/tcp on 118.98.232.10 Discovered open port 53/tcp on 118.98.232.10 Discovered open port 25/tcp on 118.98.232.10 Discovered open port 21/tcp on 118.98.232.10 Discovered open port 143/tcp on 118.98.232.10 Discovered open port 110/tcp on 118.98.232.10 ... Discovered open port 3011/tcp on 118.98.232.10 Discovered open port 1100/tcp on 118.98.232.10 Discovered open port 19780/tcp on 118.98.232.10 Completed SYN Stealth Scan at 11:24, 1.68s elapsed (1000 total ports) Initiating Service scan at 11:24 Scanning 602 services on perpustakaan.kemdikbud.go.id (118.98.232.10) Completed Service scan at 11:26, 119.80s elapsed (604 services on 1 host) Initiating OS detection (try #1) against perpustakaan.kemdikbud.go.id (118.98.232.10) Retrying OS detection (try #2) against perpustakaan.kemdikbud.go.id (118.98.232.10) Initiating Traceroute at 11:26 Completed Traceroute at 11:26, 0.10s elapsed Initiating Parallel DNS resolution of 15 hosts. at 11:26 Completed Parallel DNS resolution of 15 hosts. at 11:26, 13.00s elapsed NSE: Script scanning 118.98.232.10.
  • 39. Nmap scan report for perpustakaan.kemdikbud.go.id (118.98.232.10) Host is up (0.016s latency). rDNS record for 118.98.232.10: 232-10.sny.kemdiknas.go.id Not shown: 396 closed ports PORT STATE SERVICE VERSION 1/tcp open tcpwrapped 3/tcp open tcpwrapped 6/tcp open tcpwrapped 9/tcp open tcpwrapped 19/tcp open tcpwrapped 21/tcp open tcpwrapped 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.6 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 1024 1e:dc:af:54:2c:99:e3:4c:be:72:14:b2:83:2c:5e:d5 (DSA) | 2048 10:73:0b:fb:32:f8:a5:ad:b5:fa:92:c8:23:6e:3a:e5 (RSA) |_ 256 4f:b1:2d:27:0a:8e:94:f5:b4:16:8f:e7:e1:5e:e4:33 (ECDSA) 25/tcp open tcpwrapped |_smtp-commands: Couldn't establish connection on port 25 32/tcp open tcpwrapped 33/tcp open tcpwrapped 37/tcp open tcpwrapped 42/tcp open tcpwrapped 43/tcp open tcpwrapped 49/tcp open tcpwrapped 53/tcp open domain | dns-nsid: |_ bind.version: 9.9.5-3ubuntu0.8-Ubuntu 70/tcp open tcpwrapped 79/tcp open tcpwrapped |_finger: ERROR: Script execution failed (use -d to debug) 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) |_http-favicon: Unknown favicon MD5: 324F774689F580B14976BECE7F5D5DDC |_http-generator: WPSSO 3.29.5-1/G | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS | http-robots.txt: 1 disallowed entry |_/sftwrs/ |_http-server-header: Apache/2.4.7 (Ubuntu) | http-title: Site doesn't have a title (text/html; charset=UTF-8). |_Requested resource was perpus/
  • 40. 443/tcp open ssl/http Apache httpd 2.4.7 |_http-generator: WPSSO 3.29.5-1/G | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS | http-robots.txt: 1 disallowed entry |_/sftwrs/ |_http-server-header: Apache/2.4.7 (Ubuntu) | http-title: Site doesn't have a title (text/html; charset=UTF-8). |_Requested resource was perpus/ | ssl-cert: Subject: commonName=perpustakaan.kemdikbud.go.id | Issuer: commonName=StartCom Class 1 DV Server CA/organizationName=StartCom Ltd./countryName=IL | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2016-04-21T04:32:00 | Not valid after: 2017-04-21T04:32:00 | MD5: 7d2b bdd1 e9f0 82aa 82df b396 6a8f 8843 |_SHA-1: 6263 4932 9c34 bd6a ed9b caf4 9abe b85d 7835 2eb0 |_ssl-date: TLS randomness does not represent time ... 8008/tcp open http | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Did not follow redirect to https://perpustakaan.kemdikbud.go.id:8010/ 8009/tcp open tcpwrapped 8010/tcp open ssl/http-proxy FortiGate Web Filtering Service |_hadoop-datanode-info: |_hadoop-tasktracker-info: |_hbase-master-info: | http-methods: |_ Supported Methods: GET POST |_http-title: Web Filter Block Override | ssl-cert: Subject: commonName=FortiGate/organizationName=Fortinet/stateOrProvinceName=California/countryName=US | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha1WithRSAEncryption | Not valid before: 2011-02-21T21:13:04 | Not valid after: 2038-01-19T03:14:07 | MD5: f829 467c f6b5 eb98 f4d5 d8e8 575d ea12 |_SHA-1: 0bc4 90af d22b f753 2042 557f 4591 dd88 7fa2 b3ed |_ssl-date: TLS randomness does not represent time |_sstp-discover: SSTP is supported.
  • 41. TRACEROUTE (using port 995/tcp) HOP RTT ADDRESS 1 13.97 ms 192.168.100.1 2 14.20 ms 1.subnet125-161-160.speedy.telkom.net.id (125.161.160.1) 3 8.73 ms 225.subnet125-160-14.speedy.telkom.net.id (125.160.14.225) 4 11.82 ms 61.94.171.97 5 12.03 ms 209.subnet118-98-51.astinet.telkom.net.id (118.98.51.209) 6 21.95 ms 109.subnet118-98-58.astinet.telkom.net.id (118.98.58.109) 7 15.55 ms 122.subnet125-160-9.speedy.telkom.net.id (125.160.9.122) 8 92.86 ms 218.100.36.2 9 20.51 ms jardiknas.openixp.net (218.100.27.84) 10 34.53 ms 118.98.132.202 11 37.32 ms 118.98.132.206 12 23.47 ms 118.98.132.113 13 23.68 ms 118.98.159.2 14 13.56 ms 118.98.159.6 15 24.25 ms 232-10.sny.kemdiknas.go.id (118.98.232.10) NSE: Script Post-scanning. Initiating NSE at 11:29 Completed NSE at 11:29, 0.00s elapsed Initiating NSE at 11:29 Completed NSE at 11:29, 0.00s elapsed Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https:// nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 271.02 seconds Raw packets sent: 1223 (55.792KB) | Rcvd: 1038 (43.316KB)
  • 42. Dan masih banyak lagi tool untuk uji keamanan jaringan menggunakan Kali Linux. Silahkan coba sendiri…
  • 43. Cara instalasi Kali Linux https://www.kali.org/
  • 46. Kali Linux dalam VirtualBox Mac OSX
  • 48. Kali Linux - https://www.kali.org Download Kali Linux - https://www.offensive-security.com/kali-linux-vmware-virtualbox- image-download/ Silabus training Kali Linux - https://www.offensive-security.com/documentation/penetration- testing-with-kali.pdf Slide dan Buku - http://www.slideshare.net/search/slideshow?searchfrom=header&q=kali +linux Sample of Penetration Test Report - https://www.offensive-security.com/reports/sample- penetration-testing-report.pdf Referensi