icmp

hari ini icmp kampret dibuka lagi, lengkap sudah, true unlimited :D

Langit musik, penguasa pelit

Daktau apo memang sensitif ato memang ado dendam pribadi samo aku, caknya dak galak nian dibagi itu langit, oke lah, yg pasti aku masih biso pake langit,

Agnes konser di langit

Berawal dari wp yg di tanam di langit, terus inget cfg luna WP yushadi, sepertinya engine wp yg dipake sama

php?u=http%3A%2F%2F

 bongkar bongkar cfg, awalnya langsung tembak url wp, dengan local proxy ip langit namun kena ERR 400.
ternyata tidak perlu local proxy lg, langsung tembak url tanpa local proxy, hufft, akhirnya backup buat snc udah ketemu, semoga forever :)
range ipc 39.20-39.21

so whats going on ?
gagap sebenarnya menggunakan method POST. targetnya ya fetch servernya google app engine. nah fungsi wp disini sebagai proxy antara client dan fetch server.

gagap --> post -->wp langit --> post --> fetch server

kenapa ga langsung ke fetch server ?
ya gabisa lah ga ada pulsa, wkwkwk
tapiiiiiiiii akses ke langit masih bisa meski tanpa pulsa :p

Bakri lagi bakri lagi

Nothing to do here, i will post another bakri bug. Last post i discovered a vuln on connect method. now i investigate more on VPN conneection especially on TCP.

Ok this is the result

Tsunami VPN

1. Connected on TCP port 443, on trial 5
2. a strange problem, i can ping, but cannot browsing, connection refused, so i use ssh, how confussing
3. and always disconnected after a while

Kebrum VPN

1. Connected on tcp 443
2. same problem with tsunami

VPNbook, as sugested by tomi.wanrok 

1. connected on tcp port 443
2. cannot browsing, using ssh for browsing -_-
3. BUT its not disconnected,

COnclusion :

• some vpn got disconnected if use TCP, so its not from bakri its from vpn server that doesnt fit the bakri bug

TODO :

• inspect more on UDP
• inspect more on another port

Kutu Bakri

So yesterday i take a look at my CDMA modem.
this modem use simcard from aburizal bakrie company (IYKWIM).
no subsciption. its redirect package.
the old bug is still alive. UDP port 53 use pinoy style.
so why it can connected ? why UDP ? why not TCP ?
then i take a shot to connecting onto tcp protocol.
this is what i try :
from my asumption if i use get method then i will be redirected onto max d site.
so why not use CONNECT method ?
then i recall what tunneling software use that method

• first i use ultrasurf, from the clue left by alec, i need proxy port 80. hunting proxy from spy.ru . then i use some local proxy tool to see whats going on, i use supper query tools. this is my setup :  ultrasurf listened onto sqt, then on the sqt i use proxy port 80 from spy.ru. i see from the log windows, when ultra tried to connect on the url its redirected on to maxd. but when connect directly to ip address BAM ! connection established 200/OK. fyuh.
• next how about use ultrasurf directly ? why ? because i tried to open https://google.com that page is opened altough is loading forever. https == 443. ultrasurf use 443 on their server. so i setup ultra to listened to sqt. tried to connect, BAM ! its connected. but the performance is very bad. better use proxy than directly connect to server.
• okay next step is use SSH on port 80, ssh use connect metod too. grab a free ssh from usassh and lovessh. its connected, performance not very bad
• found another clue from phreaking site, use anonymity tools called TOR, its working too, sometimes its fast (i got 1mbps). sometimes its slow
• last i tried pinoy style tcp 80, not bad

TODO list :

• more study on UDP
• use another tools that use CONNECT method
• Combine the trick with package, volbase maybe

Conclusion

• The bug is on the connect method
• usable port 80 tcp, and 53 udp
• tools : tor,pinoy,ssh

Welcome

1234567890
Test