Author Archives: 2201807993ikhsan

Google Dorks

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using Google Dorks we can utilize Google’s searching tools in order to find information or misconfigured servers. Some keywords that we can use to utilize Google’s searching tools are:

Finding misconfigured Laravel Applications: index of “.env”

Finding misconfigured servers that have “ktp” files: index of of “ktp

Finding misconfigured servers that have “kk” files: index of “kk”

Finding sensitive XML file stored in the admin folder for a website: index of “admin/xml”

More exploits can be found at: https://exploit-db.com


WPScan: Scanning Vulnerabilities

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using WPScan we are able to scan vulnerabilities that the wordpress site has. Even better, if we use the API token by registering on https://wpvulndb.com/users/sign_up we can obtain even more vulnerabilities as shown below where we try to scan the vulnerabilities of https://pentest.id:

$ wpscan –url https://pentest.id –api-token token

CeWL: Creating Password List

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

Another method of creating a password list that is to be used for brute force is by using CeWL. This tool will take the words used in a site and append them into a list.

To start, type:

$ cewl -w passwords.txt -d1 -m5 target_url

w passwords.txt will create the passwords.txt file that will consists of the list of words obtained from the site

d1 defines the depth in which CeWL will crawl the website. 1 indicates that it will stay on this exact site and not open any links on it.

m5 defines the minimum length of the word that will be put in the list. In this case the minimum length is 5.

Below is the passwords.txt generated

CUPP: Creating Password List

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

As mentioned before on a previous post, to brute force an access to an account, we must gain the username and a password list. By using Common User Passwords Profiler we could create a password list by entering information we have on the target, such as their first name, last name, birthday, spouse, children, pets, etc. Using the information that we get, this tool will generate a password list out of them.

Firstly, we need to clone the repository first from github by typing:

$ git clone https://github.com/Mebus/cupp.git

After the repository is cloned, change your current directory into the cloned repository by typing:

$ cd cupp

Then, we can finally run the tool by typing:

$ python3 cupp.py -i

CUPP will then ask us to input information about the target. It will ask for first name, surname, nickname, birthdate, partner, children, pets, and company. If we do not have any knowledge about a particular information we can press “enter” to skip it.

Below shows the password list generated by CUPP

After using this tool, we should realize that the security of our password is important as easy and common passwords that includes our name and or birthday are easy to crack if we just obtain some personal information about the user.

WPScan: Enumerate User

Leave a reply

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using WPScan is one of the methods of gaining access to an account by brute force usernames and password. But in order for us to initiate the brute force method, we have to first obtain a valid username, and then brute force it with a password list. But in this post, we will focus on the enumeration of usernames.

To enumerate the users, type:

$ wpscan –url target –enumerate u

In this case, our target is https://pentest.id

After the scan is done, we could see a list of usernames that the wpscan obtained. From the result above, a valid username seems to be apietz.

Week 4 – Intelligent Systems

Leave a reply

This week we learned about Adversarial Search that is used in games to considers the opponent’s move when deciding the best possible move. We studied about the minimax algorithm which maximizes our chances of winning by taking account enemy’s best move. The algorithm works on deterministic and non-deterministic games.

On top of that, we also discussed about alpha and beta pruning which eliminates the branches based on the information we have on the other branch. The pruning is centered around the idea that the enemy could cut unnecessary steps that the player wouldn’t take. This is implemented using DFS to try the finding the best path towards the solution.

Week 3 – Intelligent Systems

Leave a reply

This week we studied the informed searches. In the informed searches, the functions possesses heuristic value alongside its path cost. In this session we learned and practiced on multiple algorithms such as A*, greedy, and genetic, which means that we continued learning into further detail of the A* algorithm after we have implemented the coding aspect of it in the second week during the lab class session.

The A* algorithm takes into consideration not only the heuristic value, but also its path cost unlike the greedy algorithm, which only considers the heuristic value. We also studied local search that includes hill climbing, which searches neighbors and check the most optimal value from the results. The genetic algorithm that we also practiced during this session is a trial and error method that occurs until the best solution is found.

Week 2 – Intelligent Systems

Leave a reply

In this week’s session we studied about uninformed search. Some aspect of the uninformed search strategy is familiar to us as the uninformed search consists of Breadth First Search and Depth First Search. However we didn’t only recall on BFS and DFS in this session as we also learned more on the uninformed search strategies which are (BFS and DFS) FLS, UCS, and IDS.

These uninformed search strategies are used in order to search for results. A state graph has vertices and edges, as each state has its own path cost where these uninformed search strategies try to come up with an optimal result to reach its goal. And in order to practice and test our understandings, we were given an exercise to implement the uninformed search strategies that we learned in class.

Week 1 – Intelligent Systems

Leave a reply

During this first week of the Intelligent Systems, we were introduced to what an AI and Machine Learning really is. The video that was presented in class helped me further understand what AI and Machine Learning really is and on what they actually do. The video explained that Machine Learning is a part of AI and that it is, like what the name itself implied, to make machine learn just like a human brain does.

The way Machine Learning is approached is that it is similar to the way how kids learn things, and also how humans learn which is by experience or a trial and error. The goal for Machine Learning is that so a machine can think rationally and make decisions by itself just like what a human does, which then results in an Artificial Intelligence (AI). The video also mentioned that if Machine Learning and AI is to advance to another level it could very well not be “Artificial” anymore rather, it is now “Intelligence” itself.

After the video, we learned more about AI and also its Intelligent Agent Design through the presentation presented during class by Ms. Nurul. It was mentioned that AI has many definitions and that it has 4 components which includes thinking like humans, thinking rationally, acting like humans, and acting rationally. The nature of AI isn’t only made through Computer Science, but there are also other aspects needed in order for them to fulfill the components of AI such as philosophy, psychology, etc.

Intelligent Agent consist of a sensor to help the AI to perceive the environment, which then allows them to take a certain action. There are plenty of Environmental Factors for the agent design, and also various Agent Types such as goal-based agent, utility-based agent, etc.

Database Project Contribution

Leave a reply

Group Members:

  1. Adriel Soengadi (2201807980)
  2. Robert Reden (2201816612)
  3. Imanuel Febie (2201835800)
  4. Ikhsan Maulana (2201807993)

Throughout this group project, I have tried my best to help and has participated in things from the creation of the ERD, normalization of the tables and relations, web interface, and queries to access and update the database from the web. I have also helped in creating and resolving issues regarding both the database and web interface (pages in the web interface such as add category, address update, add product, and the cart page).