Komat-Kamit

Okay folks, lets get to the assignment straightaway.

If you happen to receive message from stranger repeatedly, or maybe if the content of message annoys you, how do you manage to identify the sender?

What pops first in my mind, not surprisingly, is social engineering. The simplest one is google about the sender, probably the message too, and see if you can find some infos about it. You may also want to check some other social networking sites e.g. friendster, myspace, orkut for the name of the sender. Nevertheless, these method are wasteful if the sender put a fake name or somebody else’s name. Try to find some useful data, like email address, in his/her profile page, then googling result will show you its owner. If the person who send you the message has a website, you can track the domain via Whois service.

Second method is a bit of techie thing: IP tracking. I presonally don’t think it can be found directly in the facebook message itself, since it’s a part of Facebook privacy policy. But you can trace it via notification email from Facebook that is sent to your email address. Look up the email header and you can find the sender’s IP encoded in Base64. Do a little searching about Base64 conversion and you can retrieve the IP address number in decimal.

As the title said, assignment for this episode is about doing packet sniffing or network wiretapping to some website. Two option we gotta choose is either 1). Measure total bandwidth usage in one user session in Gmail or Facebook, or 2.) Monitor attack patterns from port scanning using nmap program. I tried the first one. In order to do so, I use Wireshark, a popular network protocol analyzer. Getting Wireshark running on OS X Snow Leopard is a little bit troublesome, but follow the steps here will do it.

Ok. Let’s begin by open Wireshark. I use wired LAN internet sharing (ethernet) and my IP address is 192.168.1.3. To capture network activity, click Capture > Interfaces in the toolbar.

Choose the network interface to monitor, in this case my LAN connection is seen as en0. Click Options button to configure. Here, I’m gonna filter the sniffing process only between www.facebook.com and my computer, so I input “host www.facebook.com and host 192.168.1.3” in filter textbox then press Start to start monitoring.

Surf the web! Open www.facebook.com and do some activities in one session. I logged in, checked my profile, updated my status, viewed a photo and left a comment, finally I logged my account out. All of those actions will be captured in live mode.

To finish live monitoring process, you can wait until the process stops retrieving packets or you can directly stop it by clicking Capture > Stop menu. To view the statistic of the whole capturing, go to Statistics > Summary menu.

From my one facebook session, we found that there are 461 packets involved which totaled at 218.325 KBytes of size. We can also easily spot the bandwidth of my LAN connection is only around 528 bytes/sec or 0.52 Kbps.

Okay, that’s all for brief exploration of network packet sniffing using Wireshark.

What is it?  It’s a joke to call steganography, which is very cool, and it’s not a dinosaur. Steganography is not a cryptography. Whereas the goal of cryptography is to make data unreadable by a third party, the goal of steganography is to hide the data from a third party.

In this computing era, hiding information often uses multimedia e.g. image, audio, and video. Since it requires more complex steganography technique, here I provide a simple example of steganographed-text. Try to solve it.

KICK-ASS KUNGFU IS JACKIE CHAN’S TRADEMARK
I’M ABOUT TO WATCH KYLIE MINOGUE
WAKE UP EARLY IS REALLY HARD IN THIS RAINY SEASON
TRAILER OF 2010 ROBIN HOOD IS OUT IN YOUTUBE
STEVE JOBS HAS BRILLIANT IDEA TO CREATE THE IPHONE
RONALDINHO PAYS TRIBUTE TO HIS FATHER
DEADLY SLAM DUNK BY DWIGHT HOWARD
NEW GORILLAZ’S ALBUM IS DAMN GOOD
SANDRA DEWI PROBABLY BROKE HER BOYFRIEND TO ELOPE WITH ME
GEEK FRATERNITY VS BETA HOUSE
BARNEY STINSON IS THE MOST AWESOME GUY IN PLANET
INSPIRATIONAL LECTURE BY MR. BUDI RAHARDJO
GIRLS ARE ALWAYS HOOKED UP FOR TEACUP PIG
JEDI ANAKIN SKYWALKER TURNS INTO SITH DARTH VADER
INDIA IS ASIA’S LEADER IN ICT DEVELOPMENT
DAVID’S CRUSH FOR IRENE IS BIG THREAT TO DELON

P.S. WAYNE ROONEY SCORES AGAINST MILAN

I kind-heartedly have given a little hint there, so just give it a shot..
The key and the message will be posted next week. Stay tune!

One fundamental breakthrough happened in programming and hacking world back then is something called self-generating code, a program that can duplicate itself or generate a copy of its source code as the output. This so-called program has a jargon: quine (named after logician Willard van Orman Quine). Here is one classic quine (works in LISP):

((lambda (x)
(list x (list (quote quote) x)))
(quote
(lambda (x)
(list x (list (quote quote) x)))))

So, on this edition of Information Security assignment, I have to write a piece of quine, in any programming language. Since I’ve learned it lately, I decide to create a quine in objective-C/Cocoa framework, using Xcode. Here is the code:

Looks like an ordinary C, right? The NSString*a is basically the output of the program, which is a string of the whole program. The char b just provides the doublequote character; or you can replace it its ASCII number (34) to make the code simpler. Finally it’s printed with NSLog command and filled with proper sequence of characters. Here is the result when executed in terminal:

And you can see clearly, the output is the same with the code. Okay, that’s all about my simple quine program.

Email has a certain format defined by RFC 822: header, contains information of the email, and body for the email’s content. Moreover, for binary files, it will be converted into a text format first before delivered, e.g. uudecode/uuencode, base64, attachment, MIME standard. So, to be clearer about an email, let’s dig deeper.

Conducting a little test, I sent an email (Gmail) to myself with 2 attachments, a text file (.txt) and an image (.png). To show the original version of the email, just select “Show Original” option.

It will open up a new window full of plain text. There you can find the header, body, and the attachment in its original form.

As we can see, the header is all about the email information such as MIME version, subject, sender, recipient, mail date, mail ID, etc. In this section, there is also the definition of what is called boundary, which delimits each part of the email (It is “001636e1fcaa4f15cc048156b807″ in the example).

The body contains all the content (the “Dude, youre awesome!” string), additionally the signature of the email, including all of the attachment.

Basically, the structure of attachment comprises content-type, file name, transfer-encoding, and attachment-id, and the content of attachment itself (encoded). The length of attachment depends on the actual size of attached file. In above screenshots, we can conclude that Gmail uses base64 encoding to transform binary files into ASCII format, thus the attachment can be loaded in the email with no problem. Upon arrival, the attachment will be decoded then reconstructed to its original form.

And there you have it, a brief anatomy of an email.

Information Security assignment this time is related to Domain Name System (DNS). The first one is finding the domain owner of detik.com using whois, then check if the listed name servers are same with the one resulted from nslookup query. Searching detik.com whois in http://who.is easily brought the expected result.

Command nslookup is used to perform DNS query to look up IP address of a certain domain name and vice versa. Besides, it also enables lookup for name server (NS), mail server (MS), etc. of that domain. In terminal (UNIX-based), typing nslookup -type=NS detik.com will retrieve the NS of detik.com: ns1.detik.net.id and ns1.duniadetik.com (which match the result form whois).

The second task is making a list of 4th level domain of itb.ac.id using some network tool. Again, I used terminal. There are 2 commands that I can use: dig, and host, which I chose. Typing host -l itb.ac.id will list all the subdomain of itb.ac.id (the param -l is added to perform zone transfer for zone name itb.ac.id). With a simple parsing script, all 4th level domains (*.itb.ac.id) can be listed, which totalled of 487 unique names. Detail is below.

1. 8eh.itb.ac.id
2. aaei.itb.ac.id
3. academic.itb.ac.id
4. ae.itb.ac.id
5. ai3.itb.ac.id
6. ai3-indonesia-ether.itb.ac.id
7. akademik.itb.ac.id
8. alumni.itb.ac.id
9. antivirus.itb.ac.id
10. antivirus-ng.itb.ac.id
11. antivirus-slb.itb.ac.id
12. antivirus2.itb.ac.id
13. apache2006.itb.ac.id
14. apccas2002.itb.ac.id
15. ar.itb.ac.id
16. arc.itb.ac.id
17. arsip.itb.ac.id
18. art.itb.ac.id
19. as.itb.ac.id
20. astronomi.itb.ac.id
21. astronomy.itb.ac.id
22. aula-tmr.itb.ac.id
23. baak.itb.ac.id
24. backup-hosting.itb.ac.id
25. backup-mx.itb.ac.id
26. bangda.itb.ac.id
27. berkala.itb.ac.id
28. bi.itb.ac.id
29. billing.itb.ac.id
30. billing-ng.itb.ac.id
31. biomed.itb.ac.id
32. biostrat.itb.ac.id
33. biotech.itb.ac.id
34. blendedlearning.itb.ac.id
35. blogs.itb.ac.id
36. bmg.itb.ac.id
37. bosscha.itb.ac.id
38. builder.itb.ac.id
39. cache.itb.ac.id
40. cache1.itb.ac.id
41. cache2.itb.ac.id
42. cache3.itb.ac.id
43. cache4.itb.ac.id
44. cache6.itb.ac.id
45. calonadmin.itb.ac.id
46. cam.itb.ac.id
47. campuschannel.itb.ac.id
48. cas.itb.ac.id
49. cbsed.itb.ac.id
50. ccar.itb.ac.id
51. che.itb.ac.id
52. chem.itb.ac.id
53. cisco-dialin1.itb.ac.id
54. cisco-dialin10.itb.ac.id
55. cisco-dialin11.itb.ac.id
56. cisco-dialin12.itb.ac.id
57. cisco-dialin13.itb.ac.id
58. cisco-dialin14.itb.ac.id
59. cisco-dialin2.itb.ac.id
60. cisco-dialin3.itb.ac.id
61. cisco-dialin4.itb.ac.id
62. cisco-dialin5.itb.ac.id
63. cisco-dialin6.itb.ac.id
64. cisco-dialin7.itb.ac.id
65. cisco-dialin8.itb.ac.id
66. cisco-dialin9.itb.ac.id
67. cisco-en.itb.ac.id
68. cisco-en-en.itb.ac.id
69. cnrg.itb.ac.id
70. cnrg-lib.itb.ac.id
71. cnrg1.itb.ac.id
72. cnrglab.itb.ac.id
73. comlabs.itb.ac.id
74. commodo.itb.ac.id
75. compscience.itb.ac.id
76. course.itb.ac.id
77. cre.itb.ac.id
78. crep.itb.ac.id
79. crs.itb.ac.id
80. cvsup.itb.ac.id
81. cyberlib.itb.ac.id
82. da.itb.ac.id
83. datacenter.itb.ac.id
84. db.itb.ac.id
85. dcpusat.itb.ac.id
86. dev6.itb.ac.id
87. dews.itb.ac.id
88. dies50-challenge.itb.ac.id
89. diesemas.itb.ac.id
90. dimas.itb.ac.id
91. dipa.itb.ac.id
92. dirdikpp.itb.ac.id
93. distancE-courses.itb.ac.id
94. distantlearning.itb.ac.id
95. ditdik.itb.ac.id
96. ditkeu.itb.ac.id
97. dkv.itb.ac.id
98. dl.itb.ac.id
99. dlo.itb.ac.id
100. dlomail.itb.ac.id

101. dnsadm.itb.ac.id
102. dokodemo.itb.ac.id
103. dp.itb.ac.id
104. e-course.itb.ac.id
105. ebs.itb.ac.id
106. ee.itb.ac.id
107. eii.itb.ac.id
108. eis.itb.ac.id
109. ejournal.itb.ac.id
110. el92.itb.ac.id
111. endowmentfund.itb.ac.id
112. epsdl.itb.ac.id
113. ergo.itb.ac.id
114. ezmlm-web.itb.ac.id
115. fa.itb.ac.id
116. faraday.itb.ac.id
117. fi.itb.ac.id
118. fitb.itb.ac.id
119. fmb.itb.ac.id
120. fmipa.itb.ac.id
121. forum.itb.ac.id
122. fsrd.itb.ac.id
123. fti.itb.ac.id
124. ftmd.itb.ac.id
125. ftp.itb.ac.id
126. ftpsearch.itb.ac.id
127. ftsl.itb.ac.id
128. ftsp.itb.ac.id
129. fttm.itb.ac.id
130. gallery.itb.ac.id
131. gamais.itb.ac.id
132. ganeca2.itb.ac.id
133. ganechat.itb.ac.id
134. ganesha.itb.ac.id
135. ganeshatv.itb.ac.id
136. gate-vhf.itb.ac.id
137. gc.itb.ac.id
138. gcca.itb.ac.id
139. gd.itb.ac.id
140. gdl.itb.ac.id
141. geoaplika.itb.ac.id
142. geoph.itb.ac.id
143. geothermal.itb.ac.id
144. gerbang.itb.ac.id
145. gf.itb.ac.id
146. graphics.itb.ac.id
147. grid.itb.ac.id
148. groups.itb.ac.id
149. gw-hf.itb.ac.id
150. gw-paume.itb.ac.id
151. hayati.itb.ac.id
152. hitbox.itb.ac.id
153. hosting.itb.ac.id
154. humas.itb.ac.id
155. hydraulic.itb.ac.id
156. ic-design.itb.ac.id
157. icpco2007.itb.ac.id
158. ictmp.itb.ac.id
159. idln.itb.ac.id
160. ied.itb.ac.id
161. if.itb.ac.id
162. IIE.itb.ac.id
163. iiwas2002.itb.ac.id
164. im.itb.ac.id
165. imhere.itb.ac.id
166. ims.itb.ac.id
167. indonesia-itb-ether.itb.ac.id
168. inkubator.itb.ac.id
169. ins.itb.ac.id
170. instrument.itb.ac.id
171. interior.itb.ac.id
172. intermedia.itb.ac.id
173. iom.itb.ac.id
174. ipr.itb.ac.id
175. ipv6.itb.ac.id
176. isnet.itb.ac.id
177. isrg.itb.ac.id
178. ITB-bosscha.itb.ac.id
179. itb-inherent.itb.ac.id
180. itb1-v6-router.itb.ac.id
181. itb2-v6-router.itb.ac.id
182. itb3-v6-router.itb.ac.id
183. itb4-v6-router.itb.ac.id
184. itb5-v6-router.itb.ac.id
185. itbfair2010.itb.ac.id
186. itbgtw.itb.ac.id
187. itforum.itb.ac.id
188. ithelpdesk.itb.ac.id
189. jaktri.itb.ac.id
190. jica-project.itb.ac.id
191. jira.itb.ac.id
192. jomar.itb.ac.id
193. kabinet-km.itb.ac.id
194. kaderisasi-admin.itb.ac.id
195. kamus.itb.ac.id
196. kantorwrma.itb.ac.id
197. kealumnian.itb.ac.id
198. kemitraan.itb.ac.id
199. kepegawaian.itb.ac.id
200. kinerja.itb.ac.id

201. kkp.itb.ac.id
202. km.itb.ac.id
203. kmrg.itb.ac.id
204. kolaborasi.itb.ac.id
205. komunitasfisika.itb.ac.id
206. koperasi.itb.ac.id
207. kppwk.itb.ac.id
208. kria-sr.itb.ac.id
209. kuliah.itb.ac.id
210. labs.itb.ac.id
211. LabtekV-Cat6-GEC-1.itb.ac.id
212. LabtekV-Cat6-GEC-3.itb.ac.id
213. LabtekV-Cat6-Lo-0.itb.ac.id
214. LabtekV-Cat6-Mgmt.itb.ac.id
215. LabtekVIII-Cat6-GE3-4.itb.ac.id
216. LabtekVIII-Cat6-GEC-1.itb.ac.id
217. LabtekVIII-Cat6-Lo-0.itb.ac.id
218. LabtekVIII-Cat6-Mgmt.itb.ac.id
219. LabtekVIII-Cat6-NS3-FE4-2.itb.ac.id
220. langit.itb.ac.id
221. lapi.itb.ac.id
222. lb1-mx.itb.ac.id
223. lc.itb.ac.id
224. ldap.itb.ac.id
225. ldap-ng.itb.ac.id
226. lib.itb.ac.id
227. library.itb.ac.id
228. lms-inherent.itb.ac.id
229. localhost.itb.ac.id
230. loedroek.itb.ac.id
231. logger.itb.ac.id
232. logger-ng.itb.ac.id
233. logistics-center.itb.ac.id
234. logistik.itb.ac.id
235. lp.itb.ac.id
236. lpadrc.itb.ac.id
237. lpkm.itb.ac.id
238. lpm.itb.ac.id
239. lppm.itb.ac.id
240. lss.itb.ac.id
241. lumbung1.itb.ac.id
242. lumbung2.itb.ac.id
243. lumbung3.itb.ac.id
244. m.itb.ac.id
245. mailadm.itb.ac.id
246. mailadm-ng.itb.ac.id
247. maisy.itb.ac.id
248. maroon.itb.ac.id
249. material.itb.ac.id
250. math.itb.ac.id
251. maxwell.itb.ac.id
252. mba.itb.ac.id
253. mcp-books.itb.ac.id
254. mesin.itb.ac.id
255. metallurgy.itb.ac.id
256. mgb.itb.ac.id
257. Mgmt.itb.ac.id
258. mic.itb.ac.id
259. migrasi.itb.ac.id
260. mining.itb.ac.id
261. mirror.itb.ac.id
262. mirror-ng.itb.ac.id
263. mlearning.itb.ac.id
264. mm.itb.ac.id
265. monitoring.itb.ac.id
266. monitoringv2.itb.ac.id
267. ms.itb.ac.id
268. mti.itb.ac.id
269. multimedia.itb.ac.id
270. mx.itb.ac.id
271. mx-in.itb.ac.id
272. mx0.itb.ac.id
273. mx1.itb.ac.id
274. mx1-new.itb.ac.id
275. mx1a.itb.ac.id
276. mx2.itb.ac.id
277. mx3.itb.ac.id
278. mx3a.itb.ac.id
279. mx4.itb.ac.id
280. mx4a.itb.ac.id
281. mx5.itb.ac.id
282. mx6.itb.ac.id
283. mx7.itb.ac.id
284. newsadmin.itb.ac.id
285. nic.itb.ac.id
286. nic-ng.itb.ac.id
287. nicadm.itb.ac.id
288. nicadm1.itb.ac.id
289. nii.itb.ac.id
290. ninja-hattori.itb.ac.id
291. noc-ccar.itb.ac.id
292. noc-sps.itb.ac.id
293. ns-new.itb.ac.id
294. ns1.itb.ac.id
295. ns1b.itb.ac.id
296. ns2.itb.ac.id
297. ns3.itb.ac.id
298. ns4.itb.ac.id
299. nt.itb.ac.id
300. ntp.itb.ac.id

301. ocean.itb.ac.id
302. oceanography.itb.ac.id
303. oecd.itb.ac.id
304. ohu2007.itb.ac.id
305. old-ganesha.itb.ac.id
306. old-students.itb.ac.id
307. olimpiade2007.itb.ac.id
308. opencores.itb.ac.id
309. order.itb.ac.id
310. owb.itb.ac.id
311. p2p-fsrd-to-arsi.itb.ac.id
312. p2par.itb.ac.id
313. p2t.itb.ac.id
314. packetscanner.itb.ac.id
315. PAU-Cat6-FE4-1.itb.ac.id
316. PAU-Cat6-FE4-7.itb.ac.id
317. PAU-Cat6-GE2-6.itb.ac.id
318. PAU-Cat6-GE2-7.itb.ac.id
319. PAU-Cat6-GE2-8.itb.ac.id
320. PAU-Cat6-GE3-1.itb.ac.id
321. PAU-Cat6-GE3-2.itb.ac.id
322. PAU-Cat6-GE3-4.itb.ac.id
323. PAU-Cat6-GEC-1.itb.ac.id
324. PAU-Cat6-GEC-2.itb.ac.id
325. PAU-Cat6-Lo-0.itb.ac.id
326. PAU-Cat6-Mgmt.itb.ac.id
327. pau-cat6k-vlan6.itb.ac.id
328. paubt.itb.ac.id
329. pauir.itb.ac.id
330. paume.itb.ac.id
331. pcd.itb.ac.id
332. penerbit.itb.ac.id
333. pengungsian.itb.ac.id
334. perencanaan.itb.ac.id
335. petakampus.itb.ac.id
336. phys.itb.ac.id
337. pilrek2010.itb.ac.id
338. pinri.itb.ac.id
339. pinteraktif.itb.ac.id
340. pl.itb.ac.id
341. placeof.itb.ac.id
342. pmb.itb.ac.id
343. pmo.itb.ac.id
344. pn.itb.ac.id
345. portal.itb.ac.id
346. poss.itb.ac.id
347. power.itb.ac.id
348. powernoc.itb.ac.id
349. ppk.itb.ac.id
350. ppkpl.itb.ac.id
351. ppms.itb.ac.id
352. pps.itb.ac.id
353. ppt.itb.ac.id
354. pptik.itb.ac.id
355. premium.itb.ac.id
356. pringgapuk.itb.ac.id
357. profil-kaderisasi.itb.ac.id
358. prohil.itb.ac.id
359. proyek.itb.ac.id
360. psda.itb.ac.id
361. psdi.itb.ac.id
362. pusat.itb.ac.id
363. pusat-lama.itb.ac.id
364. pusat2.itb.ac.id
365. puslog.itb.ac.id
366. pwk.itb.ac.id
367. R11.itb.ac.id
368. ra01b.itb.ac.id
369. ra02.itb.ac.id
370. ra11.itb.ac.id
371. RA12.itb.ac.id
372. ra13.itb.ac.id
373. ra5.itb.ac.id
374. radio-net.itb.ac.id
375. radius.itb.ac.id
376. rapidshare.itb.ac.id
377. rbl.itb.ac.id
378. rbn.itb.ac.id
379. rbn1.itb.ac.id
380. rcmeae.itb.ac.id
381. register.itb.ac.id
382. rektorkita.itb.ac.id
383. relasialumni.itb.ac.id
384. rict.itb.ac.id
385. rusnas-cf.itb.ac.id
386. s.itb.ac.id
387. sa.itb.ac.id
388. sac-en.itb.ac.id
389. salman.itb.ac.id
390. samba.itb.ac.id
391. sampoernasbm.itb.ac.id
392. sappk.itb.ac.id
393. sastra.itb.ac.id
394. satpam.itb.ac.id
395. sbm.itb.ac.id
396. sbm-baru.itb.ac.id
397. scout.itb.ac.id
398. sdm.itb.ac.id
399. server3.itb.ac.id
400. si.itb.ac.id

401. sia.itb.ac.id
402. siaman.itb.ac.id
403. sibf2008.itb.ac.id
404. singalodra.itb.ac.id
405. sipx.itb.ac.id
406. sisfoperencanaan.itb.ac.id
407. siskeu.itb.ac.id
408. siskeu01.itb.ac.id
409. sismik.itb.ac.id
410. sispran.itb.ac.id
411. sispran2.itb.ac.id
412. sith.itb.ac.id
413. skd.itb.ac.id
414. snmptn.itb.ac.id
415. soemardja.itb.ac.id
416. soi.itb.ac.id
417. soi-proxy.itb.ac.id
418. soi-router.itb.ac.id
419. soi-server.itb.ac.id
420. sostek.itb.ac.id
421. sp.itb.ac.id
422. spe.itb.ac.id
423. spns.itb.ac.id
424. ssdk.itb.ac.id
425. staff.itb.ac.id
426. stat.itb.ac.id
427. stei.itb.ac.id
428. students.itb.ac.id
429. students-ng.itb.ac.id
430. suk.itb.ac.id
431. svnserver.itb.ac.id
432. sysapp.itb.ac.id
433. TeknologiInformasi.itb.ac.id
434. telecommunication.itb.ac.id
435. telekomunikasi.itb.ac.id
436. telematic.itb.ac.id
437. telepondigital.itb.ac.id
438. tf.itb.ac.id
439. thinclient.itb.ac.id
440. ti.itb.ac.id
441. tl.itb.ac.id
442. tm.itb.ac.id
443. tpb.itb.ac.id
444. transport.itb.ac.id
445. u2l.itb.ac.id
446. uka.itb.ac.id
447. ukp.itb.ac.id
448. unisispran.itb.ac.id
449. unit.itb.ac.id
450. upi.itb.ac.id
451. uptor.itb.ac.id
452. urpa.itb.ac.id
453. usdi.itb.ac.id
454. usdi-imhere.itb.ac.id
455. usdi-reps.itb.ac.id
456. usm.itb.ac.id
457. vclass.itb.ac.id
458. vic-rat.itb.ac.id
459. video.itb.ac.id
460. virtual-university.itb.ac.id
461. vlsi.itb.ac.id
462. vpn.itb.ac.id
463. vproject.itb.ac.id
464. waveLAN-disnak.itb.ac.id
465. WaveLAN-DisNak-ITB.itb.ac.id
466. wavelan-ikip.itb.ac.id
467. WaveLAN-ITB-Lapan.itb.ac.id
468. WaveLAN-ITB-midc.itb.ac.id
469. waveLAN-ITB-RadNet.itb.ac.id
470. WaveLAN-ITB-Unisba.itb.ac.id
471. waveLAN-RadNet-ITB.itb.ac.id
472. waveLAN-ypkp.itb.ac.id
473. web.itb.ac.id
474. webhosting.itb.ac.id
475. webkampus.itb.ac.id
476. webservices-sispran.itb.ac.id
477. whois.itb.ac.id
478. windowsupdate.itb.ac.id
479. wrks.itb.ac.id
480. wrm.itb.ac.id
481. www.itb.ac.id
482. www1.itb.ac.id
483. www2.itb.ac.id
484. www3.itb.ac.id
485. x.itb.ac.id
486. xxx.itb.ac.id
487. zimbra.itb.ac.id

Last week, our Security Information Course lecturer gave an assignment to find websites which have some blind spots regarding their security. Quite simple, right? So the trick is avoid websites that are built from a certain framework e.g. wordpress or joomla. Two methods as my option: SQL Injection or super-long string input.

I tried the latter method to our president’s personal site search bar. First try is normal query. I inserted “cikeas” and it shows the proper search result.

Second try is super-long query, which is 4050 ‘a‘ characters. There it is, I got an error page.

I don’t know whether it can be used as a way in to hack the website, but I’m sure the error shouldn’t emerge as other sites successfully handle it. I tried detik and KPK website search bar. All good.

Ok. That’s it for my assignment. Live long and prosper.