Black Hat Hacker memang sering berbuat iseng terhadap seuatu sistem jaringan, seperti yang telah dilakukan oleh "Q-R3ST". Tidak segan-segan Q-R3ST menggojlok website Panasonic China, deface+redirect. Sebenarnya, Q-R3ST hanya melakukan scan dan penjebolan sistem server, kemudian menyisipkan redirect code pada source pro2.panasonic.cn/autodoor bukan mengalihkan bagian utama website
(pro2.panasonic.cn).
Setiap Black Hat Hacker atau sering disebut Cracker melakukan aksinya—attack, mereka memiliki tujuan, baik secara kelompok/group ataupun secara individu. Tujuan mereka bermacam-macam, yaitu melampiaskan kekesalan pada suatu sistem yang terlihat lemah, just happy, meningkatkan pemahaman "How the system work?", dan lain-lain.
Berikut pesan dari Q-R3ST terhadap Website Panasonic China:
- Root@Q-R3ST Server : # QualityZ.iN Root'z
- Root@Q-R3ST Server : # Black Hat'z akar
- Root@Q-R3ST Server : # Vatan Team
- Root@Q-R3ST Server : # Mail : Q-R3ST@Qualityz.in
Berikut source code setelah address web dialihkan:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><script type="text/javascript">
//<![CDATA[
window.__CF=window.__CF||{};window.__CF.AJS={};
//]]>
</script>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><title>Hacked By Q-R3ST & Jet0N </title><LINK rel="SHORTCUT ICON" href=""> <style type="text/css">*,html,body,div,p,h2{padding: 0px;margin: 0px;}body{background-color: #000000;}#container{margin: 0 auto;width: 980px;padding-top: 40px;}#content-container{float: left;width: 980px;}#content{clear: left;float: left;width: 581px;padding: 20px 0 20px 0;margin: 0 0 0 30px;display: inline;color: #333;}#content h2 {font-family: Cambria;font-size: 180px;}#aside{float: right;width: 256px;padding: 0px;display: inline;background-image: url('');height: 200px;}.webmaster{float: right;font-family: Cambria;font-size: 30px;font-weight: bold;}.notes{padding-top: 90px;line-height: 1.3em;font-weight: bold;font-size: 16px;font-family: "Courier New";}.contact{padding-top: 30px;font-size: 18px;font-family: "Courier New", Courier, monospace;font-weight: bold;color: #800000;}#music{padding: 60px 80px 0px 0px;float: right;clear: right;}</style></head><script type="text/javascript">/*<![CDATA[*/ TypingText = function(element, interval, cursor, finishedCallback) { if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) { this.running = true; return; } this.element = element; this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; }); this.interval = (typeof interval == "undefined" ? 100 : interval); this.origText = this.element.innerHTML; this.unparsedOrigText = this.origText; this.cursor = (cursor ? cursor : ""); this.currentText = ""; this.currentChar = 0; this.element.typingText = this; if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++; TypingText.all.push(this); this.running = false; this.inTag = false; this.tagBuffer = ""; this.inHTMLEntity = false; this.HTMLEntityBuffer = "";}TypingText.all = new Array();TypingText.currentIndex = 0;TypingText.runAll = function() { for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();}TypingText.prototype.run = function() { if(this.running) return; if(typeof this.origText == "undefined") { setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); return; } if(this.currentText == "") this.element.innerHTML = ""; if(this.currentChar < this.origText.length) { if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) { this.tagBuffer = "<"; this.inTag = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) { this.tagBuffer += ">"; this.inTag = false; this.currentText += this.tagBuffer; this.currentChar++; this.run(); return; } else if(this.inTag) { this.tagBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) { this.HTMLEntityBuffer = "&"; this.inHTMLEntity = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) { this.HTMLEntityBuffer += ";"; this.inHTMLEntity = false; this.currentText += this.HTMLEntityBuffer; this.currentChar++; this.run(); return; } else if(this.inHTMLEntity) { this.HTMLEntityBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else { this.currentText += this.origText.charAt(this.currentChar); } this.element.innerHTML = this.currentText; this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : ""); this.currentChar++; setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); } else { this.currentText = ""; this.currentChar = 0; this.running = false; this.finishedCallback(); }}/*]]>*/</script> <body>
</p>
<!--hacked by Q-R3ST -->
<p class="notes" align="center"><img src="http://i.imgur.com/ZUn1K.jpg" width="1000" height="600" border="0" /></p>
<body topmargin=9 leftmargin=11 marginheight=9 marginwidth=11 bgcolor=black text=red scroll=auto onLoad="typeout(); window.defaultStatus=''; return true" background="/file/pic/animated_60.gif">
<h4 align="center"> <font face="Bradley Hand ITC" color="white" size="5"><font face="Bradley Hand ITC" color="#FF0000" size="5">Q</font><font face="Bradley Hand ITC" size="5">-</font><font face="Bradley Hand ITC" color="#FF0000" size="5">R3ST</font><font face="Bradley Hand ITC" color="#FF0000" size="5"> </font>| Ctrl </h4></font>
<!--<div id="404" align=center><font size=7 color="maroon">Siking you System></div>-->
<layer id="talkyNS4"><div id=talky style="width: 897; height: 229<p align="center"></div></layer>
<SCRIPT>
<!--an original script copyright (c) 2011 by Q-R3ST : www.QualityZ.in Arzu S <3
runon = new Array
(
" <center><font color='#FF7F00' > Root@Q-R3ST Server : # Database connection <br> </center><br /> ",
" <center>Root@Q-R3ST Server : # Loading Connecting ...</center> <br />",
" <center>Root@Q-R3ST Server : # HI <br></center><br />",
" <center>Root@Q-R3ST Server : # System is under the control of Q-R3ST <br></center>",
" <center>Root@Q-R3ST Server : # Ustad JeT0N ^^</center> <br />",
" <center><font color='#7FFF00' >Server:Root@Q-R3ST Server : # System Ownzer Q-R3ST<br> </center>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Hacked By Q-R3ST </center> ",
" <center><center><font color='#FF7F00' >Root@Q-R3ST Server : # Kurt Gibi Sessiz Ve Ansizin</center>",
" <center> <font color='#FF7F00' >Root@Suskun # No Secürity <br></center> ",
" <center> <font color='#FF7F00' >Root@Ctrl # Gördünüz ve sustunuz </center>",
"%<a href='javascript:void(0)' onMouseover='flagged(\"%\"); window.status=defaultStatus; return true' style='text-decoration:none' hideFocus><center><font color='#33CC00'>No Security , Yes Black Hat . . . </font> </center></a>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # QualityZ.iN Root'z </center> <br>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Black Hat'z akar. </center> <br>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Vatan Team </center> <br>",
" <center><font color=#336666>Root@Q-R3ST Server : # Mail : Q-R3ST@Qualityz.in<big><big></center><br>",
"&<big></big></big></font>"//kluge font
)
OP = (navigator.userAgent.indexOf("pera") != -1)
IE = document.all && !OP
NS4 = document.layers
gebi= (document.getElementById && !document.all)
ihtml= document.body && (typeof document.body.innerHTML != "undefined")
//preserve order!
ramble = (NS4)?document.talkyNS4.document :(!ihtml)?document :(IE)?document.all.talky :document.getElementById("talky")
fonttag = "<font face='fixedsys, terminal, system, liquidcrystal, led real, joystix, cosmic alien, westminster, glitch1, monospace' size=3 color=silver>"
preform = fonttag
//flag=false
if (NS4)
{
document.captureEvents(Event.MOUSEMOVE);
document.captureEvents(Event.KEYDOWN);//nograb ALT
}
//document.onmousemove = flagged
document.onkeydown = flagged
function flagged(hand)
{
if (flag)
{
base = 600
typeout()
}
if (hand && (hand == "%"))
{
preform = fonttag
base = 600
typeout()
}
}
line = 0
base = 1800
function typeout()
{
document.onmousemove = null//kill OP6 multitrigs
flag = false
stripline = runon[line].substring(1, runon[line].length)
if (ihtml) ramble.innerHTML = preform+stripline+ "<br></font>";
else{
if (!NS4) ramble.writeln("<body bgcolor=black>");
ramble.writeln(preform+stripline+ "<br></font>")
if (!NS4) ramble.writeln("</body>");
ramble.close()
}
preform = preform+stripline+ ((runon[line].charAt(0) == "&")?"" :"<br>")
if (line < runon.length-1)
{
if (runon[line].charAt(0) == "*"){ flag = true; document.onmousemove = flagged }
else if (runon[line].charAt(0) == "%") flag = false;
else{
wait = (runon[line].lastIndexOf("<br>") != -1)?base :50
base = base + 200
setTimeout("typeout()", wait)
}
line = line+1
}
}
//document.onload = typeout();
//-->
</SCRIPT></a></font><br /></strong><br /></p><script type="text/javascript" src=) != -1)?base :50
base = base + 200
setTimeout("typeout()", wait)
}
line = line+1
}
}
//document.onload = typeout();
//-->0">
</SCRIPT></script>
//<![CDATA[
window.__CF=window.__CF||{};window.__CF.AJS={};
//]]>
</script>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" /><title>Hacked By Q-R3ST & Jet0N </title><LINK rel="SHORTCUT ICON" href=""> <style type="text/css">*,html,body,div,p,h2{padding: 0px;margin: 0px;}body{background-color: #000000;}#container{margin: 0 auto;width: 980px;padding-top: 40px;}#content-container{float: left;width: 980px;}#content{clear: left;float: left;width: 581px;padding: 20px 0 20px 0;margin: 0 0 0 30px;display: inline;color: #333;}#content h2 {font-family: Cambria;font-size: 180px;}#aside{float: right;width: 256px;padding: 0px;display: inline;background-image: url('');height: 200px;}.webmaster{float: right;font-family: Cambria;font-size: 30px;font-weight: bold;}.notes{padding-top: 90px;line-height: 1.3em;font-weight: bold;font-size: 16px;font-family: "Courier New";}.contact{padding-top: 30px;font-size: 18px;font-family: "Courier New", Courier, monospace;font-weight: bold;color: #800000;}#music{padding: 60px 80px 0px 0px;float: right;clear: right;}</style></head><script type="text/javascript">/*<![CDATA[*/ TypingText = function(element, interval, cursor, finishedCallback) { if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) { this.running = true; return; } this.element = element; this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; }); this.interval = (typeof interval == "undefined" ? 100 : interval); this.origText = this.element.innerHTML; this.unparsedOrigText = this.origText; this.cursor = (cursor ? cursor : ""); this.currentText = ""; this.currentChar = 0; this.element.typingText = this; if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++; TypingText.all.push(this); this.running = false; this.inTag = false; this.tagBuffer = ""; this.inHTMLEntity = false; this.HTMLEntityBuffer = "";}TypingText.all = new Array();TypingText.currentIndex = 0;TypingText.runAll = function() { for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();}TypingText.prototype.run = function() { if(this.running) return; if(typeof this.origText == "undefined") { setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); return; } if(this.currentText == "") this.element.innerHTML = ""; if(this.currentChar < this.origText.length) { if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) { this.tagBuffer = "<"; this.inTag = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) { this.tagBuffer += ">"; this.inTag = false; this.currentText += this.tagBuffer; this.currentChar++; this.run(); return; } else if(this.inTag) { this.tagBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) { this.HTMLEntityBuffer = "&"; this.inHTMLEntity = true; this.currentChar++; this.run(); return; } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) { this.HTMLEntityBuffer += ";"; this.inHTMLEntity = false; this.currentText += this.HTMLEntityBuffer; this.currentChar++; this.run(); return; } else if(this.inHTMLEntity) { this.HTMLEntityBuffer += this.origText.charAt(this.currentChar); this.currentChar++; this.run(); return; } else { this.currentText += this.origText.charAt(this.currentChar); } this.element.innerHTML = this.currentText; this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : ""); this.currentChar++; setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); } else { this.currentText = ""; this.currentChar = 0; this.running = false; this.finishedCallback(); }}/*]]>*/</script> <body>
</p>
<!--hacked by Q-R3ST -->
<p class="notes" align="center"><img src="http://i.imgur.com/ZUn1K.jpg" width="1000" height="600" border="0" /></p>
<body topmargin=9 leftmargin=11 marginheight=9 marginwidth=11 bgcolor=black text=red scroll=auto onLoad="typeout(); window.defaultStatus=''; return true" background="/file/pic/animated_60.gif">
<h4 align="center"> <font face="Bradley Hand ITC" color="white" size="5"><font face="Bradley Hand ITC" color="#FF0000" size="5">Q</font><font face="Bradley Hand ITC" size="5">-</font><font face="Bradley Hand ITC" color="#FF0000" size="5">R3ST</font><font face="Bradley Hand ITC" color="#FF0000" size="5"> </font>| Ctrl </h4></font>
<!--<div id="404" align=center><font size=7 color="maroon">Siking you System></div>-->
<layer id="talkyNS4"><div id=talky style="width: 897; height: 229<p align="center"></div></layer>
<SCRIPT>
<!--an original script copyright (c) 2011 by Q-R3ST : www.QualityZ.in Arzu S <3
runon = new Array
(
" <center><font color='#FF7F00' > Root@Q-R3ST Server : # Database connection <br> </center><br /> ",
" <center>Root@Q-R3ST Server : # Loading Connecting ...</center> <br />",
" <center>Root@Q-R3ST Server : # HI <br></center><br />",
" <center>Root@Q-R3ST Server : # System is under the control of Q-R3ST <br></center>",
" <center>Root@Q-R3ST Server : # Ustad JeT0N ^^</center> <br />",
" <center><font color='#7FFF00' >Server:Root@Q-R3ST Server : # System Ownzer Q-R3ST<br> </center>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Hacked By Q-R3ST </center> ",
" <center><center><font color='#FF7F00' >Root@Q-R3ST Server : # Kurt Gibi Sessiz Ve Ansizin</center>",
" <center> <font color='#FF7F00' >Root@Suskun # No Secürity <br></center> ",
" <center> <font color='#FF7F00' >Root@Ctrl # Gördünüz ve sustunuz </center>",
"%<a href='javascript:void(0)' onMouseover='flagged(\"%\"); window.status=defaultStatus; return true' style='text-decoration:none' hideFocus><center><font color='#33CC00'>No Security , Yes Black Hat . . . </font> </center></a>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # QualityZ.iN Root'z </center> <br>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Black Hat'z akar. </center> <br>",
" <center><font color='#FF7F00' >Root@Q-R3ST Server : # Vatan Team </center> <br>",
" <center><font color=#336666>Root@Q-R3ST Server : # Mail : Q-R3ST@Qualityz.in<big><big></center><br>",
"&<big></big></big></font>"//kluge font
)
OP = (navigator.userAgent.indexOf("pera") != -1)
IE = document.all && !OP
NS4 = document.layers
gebi= (document.getElementById && !document.all)
ihtml= document.body && (typeof document.body.innerHTML != "undefined")
//preserve order!
ramble = (NS4)?document.talkyNS4.document :(!ihtml)?document :(IE)?document.all.talky :document.getElementById("talky")
fonttag = "<font face='fixedsys, terminal, system, liquidcrystal, led real, joystix, cosmic alien, westminster, glitch1, monospace' size=3 color=silver>"
preform = fonttag
//flag=false
if (NS4)
{
document.captureEvents(Event.MOUSEMOVE);
document.captureEvents(Event.KEYDOWN);//nograb ALT
}
//document.onmousemove = flagged
document.onkeydown = flagged
function flagged(hand)
{
if (flag)
{
base = 600
typeout()
}
if (hand && (hand == "%"))
{
preform = fonttag
base = 600
typeout()
}
}
line = 0
base = 1800
function typeout()
{
document.onmousemove = null//kill OP6 multitrigs
flag = false
stripline = runon[line].substring(1, runon[line].length)
if (ihtml) ramble.innerHTML = preform+stripline+ "<br></font>";
else{
if (!NS4) ramble.writeln("<body bgcolor=black>");
ramble.writeln(preform+stripline+ "<br></font>")
if (!NS4) ramble.writeln("</body>");
ramble.close()
}
preform = preform+stripline+ ((runon[line].charAt(0) == "&")?"" :"<br>")
if (line < runon.length-1)
{
if (runon[line].charAt(0) == "*"){ flag = true; document.onmousemove = flagged }
else if (runon[line].charAt(0) == "%") flag = false;
else{
wait = (runon[line].lastIndexOf("<br>") != -1)?base :50
base = base + 200
setTimeout("typeout()", wait)
}
line = line+1
}
}
//document.onload = typeout();
//-->
</SCRIPT></a></font><br /></strong><br /></p><script type="text/javascript" src=) != -1)?base :50
base = base + 200
setTimeout("typeout()", wait)
}
line = line+1
}
}
//document.onload = typeout();
//-->0">
</SCRIPT></script>
Di dalam source code di atas, terdapat komentar Q-R3ST, System is under the control of Q-R3ST.
Demikian informasi ini, semoga kita lebih waspada terhadap serangan Black Hat Hacker dan selalu mengawasi serta rutin melakukan maintenance pada database system.
Disadur dari THN Reporter (http://thehackernews.com/2012/01/panasonic-china-websites-hacked-and.html)
Posting Komentar
Mohon gunakan kalimat yang santun untuk memberikan komentar. Komentar yang dianggap propokator akan dihapus.