HITZ - Online Class #1 Chat Logs

[K-159]

dear all,

berikut adalah chat logs online class di channel #e-c-h-o [at]irc.dal.net pada sabtu, 23 April 2011 kemarin :

===================

(12:58:07 PM) The topic for #e-c-h-o is: Hack In The Zoo - Online Class #1 Siang ini Pukul 13.00 Wib dipandu oleh the_hydra http://e-rdc.org/v1/news.php?readmore=173
(12:58:52 PM) the_hydra: yak, udah rame ya?
(12:59:06 PM) spid3y: iya om
(12:59:10 PM) spid3y: ane angkat jemuran dlu om
(12:59:11 PM) the_hydra: gmn pak moderator, apa ditunggu dulu 2 menit lagi?
(12:59:13 PM) spid3y: dah mo ujan
(12:59:14 PM) spid3y: =))
(12:59:14 PM) nyubee [~nyubee@fm-ip-118.137.236.140.fast.net.id] entered the room.
(12:59:34 PM) the_hydra: yang bot tunjuk jari
(12:59:39 PM) azis: saiya
(01:01:11 PM) mode (+vvv azis NazgvL nyubee) by Cyberheb
(01:01:52 PM) ***Bithedz is away (Connection reset by pler)
(01:01:52 PM) Cyberheb: azis !nmap echo.or.id
(01:01:54 PM) Cyberheb: :p
(01:01:55 PM) Bithedz is now known as Bithed[z]
(01:02:09 PM) ***bot_tol ngelegngeleg
(01:02:12 PM) azis: hahaha
(01:02:36 PM) azis: ayo ayo dimulai
(01:03:36 PM) X-ace: Mau Mandi males banget...
(01:03:38 PM) X-ace: T_T
(01:03:50 PM) X-ace: baru makan gado" sisa...
(01:03:52 PM) X-ace: mayan...
(01:04:15 PM) Cyberheb: X-ace plok. gak di fb gak di irc curhat nya sama dah
(01:04:26 PM) dudulz [b6060a77@ircip3.mibbit.com] entered the room.
(01:04:30 PM) ***X-ace hahahhaa
(01:04:38 PM) ***the_hydra gggrrrrrrrrrrrrr koneksi rada ngaco....dc bentar
(01:04:40 PM) the_hydra left the room (quit: Quit: using sirc version 2.211+KSIRC/1.3.12).
(01:04:52 PM) ***X-ace sambil nonton dinda kirana.... Unyu banget.... bikin gemes...
(01:05:49 PM) kandacong: Assalamu alaikum
(01:06:10 PM) X-ace: walaikum salam
(01:06:14 PM) X-ace: ahli kubur
(01:06:16 PM) X-ace: .....
(01:06:28 PM) the_hydra [~mulyadi@110.138.145.185] entered the room.
(01:06:29 PM) kandacong: blum dimulai neh om Budi?
(01:06:32 PM) the_hydra: ok dimulai
(01:06:38 PM) NazgvL: ssstt... pak guru dateng
(01:06:40 PM) nyubee: ya.. ayo mulai
(01:06:47 PM) areeff: (duduk manis)
(01:06:52 PM) nyubee: hadir..
(01:07:08 PM) ***X-ace bentar liat dinda kirana... silahkan dilanjutkan OM
(01:07:20 PM) ***X-ace aku tak perlu hujan..
(01:07:22 PM) dudulz: asek dimulai
(01:07:44 PM) ***X-ace SCTV... dinda...
(01:07:58 PM) the_hydra: mohon maaf sebelumnya jika yang saya sampaikan kurang berkenan dan terkesan level l4m3rs
(01:08:00 PM) stanmarshx [~stnmrshx@118.96.157.95] entered the room.
(01:08:05 PM) stanmarshx left the room (Leaving).
(01:08:19 PM) the_hydra: sambil mengikuti, bisa dibaca http://ezine.echo.or.id/ezine15/06_Strace.txt
(01:08:49 PM) kandacong: << sy dibawahx lamers malah Pakde Mul
(01:09:05 PM) nyubee: ga apa2 kok kk, bwt nyubee yg msh newbie itu malah bagus
(01:09:47 PM) the_hydra: ok, saya perkirakan diskusi ini total ~60 menit, penyampaian kira2x ~30-40 menit ajah ....
(01:10:14 PM) areeff: (lanjutkan!!)
(01:10:24 PM) the_hydra: strace dan ltrace pada dasarnya adalah tools untuk tracing, yang sifatnya mengamati jalannya suatu program
(01:10:31 PM) the_hydra: strace: system call trace
(01:10:38 PM) the_hydra: ltrace: library call trace
(01:11:11 PM) the_hydra: strace mengandalkan pada ptrace, yaitu fungsi C untuk mengamati (dan kadang jg intercept) process lain
(01:11:51 PM) the_hydra: sementara ltrace setahu saya selain mengandalkan ptrace, jg mengoverload link ke ld.so
(01:12:05 PM) the_hydra: (blom confirm lagi, tp kira2x begitulah )
(01:12:14 PM) the_hydra: man ptrace....
(01:12:31 PM) the_hydra: akan terbaca disana suatu argumen untuk intercept system call
(01:12:49 PM) the_hydra: nah skrg, kita step back dulu bahas, apa sih system call
(01:12:53 PM) the_hydra: ada yg tau?
(01:13:22 PM) nyubee: gak... masih di bawah lamers
(01:13:29 PM) kandacong: blank pak, monggo dijelaskan
(01:13:37 PM) azis: ndak tau kk, tolong dijelaskan
(01:13:41 PM) dendenk [~sendhenk@114.79.59.65] entered the room.
(01:14:03 PM) Bithed[z] is now known as Bithedz
(01:14:41 PM) the_hydra: ini perlu sedikit pengetahuan assembly, kira2x begini: jika kita menggunakan fungsi C printf() untuk mencetak ke layar, atau perintah "echo", gmn sih karakter itu tercetak ke layar?
(01:14:45 PM) X-ace is now known as Dinda_Kirana
(01:15:16 PM) NazgvL: kalo ndak salah itu kan semacam fungsi buat manggil service tertentu dari OS
(01:15:22 PM) the_hydra: dulu jaman coding assembly, setahu saya ada dua cara:
(01:15:38 PM) the_hydra: 1. mencari alamat buffer video card, lalu menulis langsung ke sana
(01:15:46 PM) the_hydra: pros: cepat....
(01:16:08 PM) the_hydra: cons: OS modern biasanya tidak mengijinkan kita menulis langsung ke sana, karena adanya sistem proteksi
(01:16:31 PM) the_hydra: 2. pake fungsi yang disediakan OS...kita kdang mengenalnya dengan nama interrupt kalau di DOS
(01:16:42 PM) the_hydra: mungkin pada inget interupt 21h ?
(01:16:53 PM) the_hydra: pros: sedikit ribet
(01:17:13 PM) the_hydra: eh salah, cons: ribet
(01:17:32 PM) the_hydra: pros: portable.... gak perlu mikir alamat buffer video etc
(01:18:21 PM) Dinda_Kirana: maksudnya PROS sama CONS apa om?
(01:18:21 PM) the_hydra: dengan interrupt atawa syscall ini (system call), kita memanggil fungsi2x OS yang kita perlukan, karena pada hal2x tertentu, hal tersebut tidak bisa kita lakukan langsung
(01:18:28 PM) the_hydra: pros: keuntungan
(01:18:33 PM) the_hydra: cons: kerugian
(01:18:45 PM) Dinda_Kirana: seep
(01:18:58 PM) the_hydra: contoh syscall: menulis ke hard disk, kirim packet ke network
(01:19:28 PM) the_hydra: kalau cuma "100x100" gak perlu syscall, karena CPU tidak perlu beralih ke mode yang privilegenya lebih besar
(01:19:49 PM) azis: 100x100 itu perhitungan maksudnya ?
(01:19:52 PM) the_hydra: tp mengakses resource misal disk, perlu peralihan ke privilege yang lebih besar...
(01:19:55 PM) the_hydra: yep
(01:19:59 PM) the_hydra: segala macem itungan
(01:20:06 PM) the_hydra: kali, bagi, tambah, kurang etc
(01:20:15 PM) the_hydra: yang disupport secara opcode assembly
(01:20:22 PM) azizah [~tenrodoan@118.96.75.241] entered the room.
(01:20:48 PM) the_hydra: nah jika di DOS kita pake interrupt 21h
(01:21:04 PM) the_hydra: di Linux, interrupt nya beda nomer, kali ini pake 80 h (h: hexa)
(01:21:40 PM) the_hydra: kadang juga untuk akselerasi, dipakai perintah low level sysenter (Intel) atau syscall (assembly)
(01:21:48 PM) the_hydra: eh salah, syscall (AMD)
(01:21:59 PM) the_hydra: so far so gud?
(01:22:26 PM) the_hydra: moga2x pada inget interrupt itu jajanan yang kayak gmn
(01:22:36 PM) ***Dinda_Kirana break..
(01:22:38 PM) azis: gud , fokus ama topik dulu aja kk
(01:23:17 PM) the_hydra: jadi, dengan strace, nantinya kita mengamati aktivitas suatu program
(01:23:20 PM) ***dendenk menyimak sambil nonton bokep
(01:23:26 PM) the_hydra: lewat system call yang dieksekusinya
(01:23:32 PM) stanmarshx [~stnmrshx@118.96.157.95] entered the room.
(01:24:06 PM) the_hydra: pada bbrp distro linux, kadang secara default strace belum terinstall
(01:24:16 PM) Dinda_Kirana: lewat tools debugging gitu Om?'
(01:24:32 PM) the_hydra: jadi monggo "apt-get install strace" atau "yum install strace" atau "slapt-get strace"
(01:24:49 PM) Dinda_Kirana: seep
(01:24:52 PM) Dinda_Kirana: Om
(01:24:54 PM) the_hydra: Dinda_Kirana: bukan, strace lah tool debugging nya
(01:25:16 PM) Dinda_Kirana: gak baca ezine Om... ribet...
(01:25:23 PM) the_hydra: ok, skrg kita coba contoh mudah
(01:25:29 PM) Bithedz: ya sll ada di c dan pascal
(01:26:58 PM) ***Dinda_Kirana Om tambahin praktek yah om, ane dah booting backtrack di virtual machine
(01:27:03 PM) the_hydra: silahkan amati sebentar http://pastebin.com/6fPaPx0A
(01:27:18 PM) the_hydra: itu adalah hasil dari "strace -f echo a"
(01:27:48 PM) the_hydra: parameter -f untuk menganalisa program yang mungkin di jalankan lagi di dalam "echo"
(01:28:36 PM) the_hydra: jadi bisa dilihat, untuk sekedar menjalankan program 'echo" lalu nulis 'a" ada tahapan2x nya
(01:28:59 PM) azizah left the room (quit: Read error: Operation timed out).
(01:29:11 PM) the_hydra: coba lihat baris nomer 4 dari bawah "23236 write(1, "a\n", 2) = 2"
(01:29:18 PM) the_hydra: cara membaca nya:
(01:29:25 PM) the_hydra: kolom pertama : PID program
(01:29:35 PM) the_hydra: kolom kedua: fungsi syscall yang dipanggil
(01:29:45 PM) the_hydra: di dalamnya adalah parameter2x
(01:29:56 PM) the_hydra: parameter pertama adalah nomer file descriptor
(01:30:06 PM) the_hydra: angka "1" berarti standart output
(01:30:11 PM) the_hydra: alias............ layar kita
(01:30:22 PM) Dinda_Kirana: Om
(01:30:26 PM) Dinda_Kirana: maap menyela
(01:30:30 PM) the_hydra: yes?
(01:30:30 PM) Dinda_Kirana: ane coba di backtrack
(01:30:33 PM) idonthavenickname [~allesio_@203.201.160.66] entered the room.
(01:30:37 PM) blink_shincan [~blink@61.247.44.123] entered the room.
(01:30:38 PM) Dinda_Kirana: koq nomor pid programnya gak muncul
(01:30:43 PM) the_hydra: strace -f
(01:30:45 PM) the_hydra: pake -f
(01:30:51 PM) the_hydra: kalo cuma strace aja gak pake PID
(01:30:58 PM) azizah [~tenrodoan@118.96.75.241] entered the room.
(01:30:58 PM) Dinda_Kirana: udah Om
(01:31:02 PM) Dinda_Kirana: tetep gak bisa
(01:31:10 PM) blink_shincan: Assalamualaikum
(01:31:11 PM) Dinda_Kirana: ada yang coba pake backtrack ndak kayak ane? nich temen"
(01:31:13 PM) blink_shincan: waduh ketinggalan nih
(01:31:32 PM) Dinda_Kirana: root@bt:~# strace -f echo a
(01:31:33 PM) Dinda_Kirana: execve("/bin/echo", ["echo", "a"], [/* 40 vars */]) = 0
(01:31:33 PM) Dinda_Kirana: brk(0) = 0x9742000
(01:31:44 PM) the_hydra: Dinda_Kirana: ok maaf, mungkin karena ane pake opsi logging ( -o)
(01:31:53 PM) ***dudulz pake naty sukses
(01:32:00 PM) the_hydra: Dinda_Kirana: coba begini strace -o test.txt -f echo a
(01:32:15 PM) the_hydra: nanti akan ada file namanya test.txt di direktori saat ini
(01:32:19 PM) the_hydra: nah tinggal buka tuh file
(01:32:49 PM) spid3y: bisa om
(01:32:56 PM) the_hydra: blink_shincan: langsung aja ambil posisi
(01:33:03 PM) ***dendenk bingung
(01:33:11 PM) azis: tenang aja, ini di log .. nanti bisa dibaca2
(01:33:13 PM) the_hydra: dendenk: bingung dmn nya?
(01:33:34 PM) dendenk: ga ngerti om... menyimak aje dah
(01:33:41 PM) Dinda_Kirana: seep oM it's works
(01:33:42 PM) azizah left the room (quit: Read error: Connection reset by peer).
(01:33:46 PM) the_hydra: dendenk: nanti aja kita diskusi lagi
(01:34:05 PM) the_hydra: ok, jadi kita tahu ada pemanggilan "write"
(01:34:45 PM) ***Bithedz is away (Connection reset by pler)
(01:34:48 PM) Bithedz is now known as Bithed[z]
(01:35:05 PM) Sword^Fish [~SwordFish@125.166.213.53] entered the room.
(01:35:22 PM) the_hydra: nah disini strace melacak semua syscall, yang nulis ke layar, buka file, kirim data etc
(01:35:34 PM) the_hydra: sekarang coba begini: "strace -e open echo a"
(01:36:05 PM) Guest67789 [~botnet@180.246.59.216] entered the room.
(01:36:42 PM) spid3y: open("/etc/ld.so.cache", O_RDONLY) = 3
(01:36:43 PM) spid3y: ,dst...
(01:37:00 PM) the_hydra: http://pastebin.com/hm2uZMPF
(01:37:21 PM) spid3y: cuma 3 baris om?
(01:37:27 PM) the_hydra: yes, jadi skrg kita bisa spesifik tahu, saat kita mau jalanin "echo", apa saja sih file yang dibuka
(01:37:37 PM) the_hydra: yup, karena pas aplikasi nya sederhana
(01:37:40 PM) spid3y: yg ane kok banyak ya om
(01:38:01 PM) the_hydra: coba paste di pastebin
(01:38:10 PM) ***Dinda_Kirana Unyu banget dinda
(01:38:29 PM) spid3y: http://pastebin.com/psZHbh4w
(01:38:51 PM) areeff: -e itu apa om
(01:38:58 PM) Dinda_Kirana: ane juga beda Om
(01:39:13 PM) spid3y: -e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
(01:39:13 PM) spid3y: options: trace, abbrev, verbose, raw, signal, read, or write
(01:39:19 PM) the_hydra: mungkin ada efek dari locale translation
(01:39:30 PM) the_hydra: setahuku itu semacam konversi karakter
(01:39:32 PM) areeff: i c
(01:39:55 PM) the_hydra: "-e" artinya kita hanya konsen pada suatu jenis syscall
(01:40:11 PM) the_hydra: "open()" adalah fungsi untuk membuka file
(01:40:31 PM) the_hydra: gmn,kira2x mulai tercetus ide dasar, kegunaan strace?
(01:40:46 PM) stanmarshx: iya
(01:40:56 PM) Dinda_Kirana: http://pastebin.com/4BLRYp2T
(01:41:22 PM) the_hydra: kalau kita gak tau nama fungsi nya, kita bisa jg membuat generalisasi
(01:41:44 PM) the_hydra: contoh "strace -e trace=file echo a"
(01:41:59 PM) kandacong: open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
(01:42:01 PM) kandacong: koq gtu yah?
(01:42:07 PM) the_hydra: berarti kita amati semua operasi yang berkaitan ama file: buka file, tutup file, tulis, baca, merubah metadata
(01:42:25 PM) the_hydra: ok, skrg soal angka disamping "="
(01:42:33 PM) the_hydra: itu adalah hasil atau return value dr fungsi
(01:42:48 PM) the_hydra: di C, -1 berarti gagal alias error alias benjut
(01:43:15 PM) the_hydra: ENOENT berarti file tidak ditemukan
(01:43:23 PM) the_hydra: ini mirip dengan fungsi perror()
(01:43:25 PM) the_hydra: man perror
(01:43:34 PM) the_hydra: jadi -1 itu nilai genericnya
(01:43:47 PM) the_hydra: tp ada penjelasan lanjutnya
(01:43:53 PM) the_hydra: ENOENT itu contohnya
(01:44:17 PM) the_hydra: coba aja dicek, apa file local-archieve itu ada?
(01:44:28 PM) the_hydra: bisa tidak ada, bisa jg permissionnya tidak diijinkan dibaca
(01:44:40 PM) the_hydra: eh, uhm..kalau permission. EPERM kayaknya
(01:44:49 PM) the_hydra: sori lupa, saking banyaknya error message di Linux
(01:44:51 PM) the_hydra: hehehehehheheheh
(01:44:52 PM) idonthavenickname: hehe, baru mo dikoreksi
(01:45:21 PM) kandacong: mmg gak ada pak
(01:45:34 PM) the_hydra: kandacong: berarti tracing memang benar
(01:45:42 PM) spid3y: klo angka 3, angka 0 itu apa om
(01:45:51 PM) the_hydra: tergantung fungsinya
(01:45:53 PM) spid3y: trus juga ada =?
(01:46:16 PM) the_hydra: untuk fungsi terkait file, angka diatas nol berarti nilai file descriptor
(01:46:21 PM) ***dendenk ngajakin stanmarshx maen gaple aja.. sambil ngelog nich room
(01:46:37 PM) the_hydra: perlu diinget, kita di programming buka file dulu, dapet handle
(01:46:40 PM) the_hydra: baru nulis ke handle
(01:46:49 PM) the_hydra: jadi bukan tiba2x nulis ke "nama file"
(01:47:19 PM) the_hydra: tp strace gak cuma tracing program yang baru jalan
(01:47:27 PM) the_hydra: bisa jg tracing program yang sedang jalan
(01:47:35 PM) the_hydra: syaratnya: kita menjadi root
(01:47:54 PM) the_hydra: atau lebih persisnya, semua UID yang bisa memiliki kemampuan CAP_SYS_ROOT
(01:48:06 PM) the_hydra: (moga2x ane bener nyebutin namanya)
(01:48:23 PM) the_hydra: contoh.... pada jalanin firefox kan?
(01:48:29 PM) the_hydra: atau browser lain?
(01:48:47 PM) Dinda_Kirana: wah ane lom install cap
(01:48:50 PM) Dinda_Kirana: gpp nich om?
(01:48:53 PM) nyubee: opera kk
(01:48:56 PM) the_hydra: coba deh browsing ke web yang ada flashnya
(01:49:01 PM) the_hydra: eh salah, kurang satu lagi
(01:49:02 PM) NazgvL: IE
(01:49:03 PM) stanmarshx: IE6 kakag
(01:49:11 PM) the_hydra: atau program yang kita jalankan sendiri
(01:49:16 PM) the_hydra: maaf kurang info
(01:49:28 PM) nyubee: oke dah pake ff
(01:49:32 PM) the_hydra: jadi root itu perlu kalau kita tracing program yang diown ama user selain kita sendiri
(01:51:02 PM) K-15[9] is now known as K-159
(01:51:17 PM) mode (+vvvvvv blink_shincan dendenk dudulz Guest67789 idonthavenickname stanmarshx) by K-159
(01:51:20 PM) the_hydra: nah gue coba tracing flashnya..
(01:51:20 PM) mode (+vv Sword^Fish the_hydra) by K-159
(01:51:26 PM) pplpwr2 [sj@ppp08.dialup.blackberry.st] entered the room.
(01:51:31 PM) the_hydra: ini kebetulan ane coba ke speedtest.net
(01:51:37 PM) blink_shincan: thx kang
(01:51:41 PM) Dinda_Kirana: samain sama om ajah dech
(01:51:44 PM) Dinda_Kirana: biar sama ...
(01:51:51 PM) mode (+v pplpwr2) by K-159
(01:53:07 PM) the_hydra: ini contoh outputnya http://pastebin.com/2TNzVQr1
(01:53:20 PM) pplpwr2: selamat siang
(01:53:23 PM) pplpwr2: ijin gabung ya
(01:53:31 PM) the_hydra: itu caranya, gw cari PID plugin flash : "ps -eF | grep - flash"
(01:53:41 PM) the_hydra: cari baris yang ngeload libflash
(01:53:54 PM) the_hydra: lalu jalanin strace -f -p <pid yang didapat diatas>
(01:54:14 PM) the_hydra: semua udah ke tekape?
(01:54:44 PM) K-159: cak dosen
(01:54:48 PM) K-159: ane telat
(01:54:51 PM) K-159: sorry ;0
(01:54:56 PM) ***K-159 ngisi absen
(01:54:59 PM) Dinda_Kirana: root@bt:~# ps -eF | grep flash
(01:54:59 PM) Dinda_Kirana: root 6381 5889 0 514 520 0 13:53 pts/1 00:00:00 grep flash
(01:55:38 PM) idonthavenickname: flashnya ga/blom jalan
(01:55:59 PM) the_hydra: atau ini http://pastebin.com/GTuCwPhT
(01:56:13 PM) the_hydra: itu versi yang pake "strace -f -tt"
(01:56:28 PM) the_hydra: "-tt" menambahkan time stamp alias jam menit detik
(01:56:40 PM) the_hydra: lihat aja dulu log nya ya gan
(01:56:40 PM) K-159 is now known as K-15[9]
(01:57:03 PM) the_hydra: coba agan2x cek log, perhatikan time stamp nya antar baris
(01:57:11 PM) the_hydra: apa kesimpulan juragan2x?
(01:57:30 PM) azis: kesimpulannya bingung gan
(01:57:36 PM) the_hydra: itu bacanya jam:menit:detik:microsecond
(01:57:43 PM) Dinda_Kirana: root@bt:~# strace -f -p 6410
(01:57:43 PM) Dinda_Kirana: attach: ptrace(PTRACE_ATTACH, ...): No such process
(01:57:48 PM) Dinda_Kirana: koq ane gak bisa yah Om?
(01:57:56 PM) the_hydra: menurut saya: terjadi pemanggilan gettimeofday() yang sangat cepat
(01:58:01 PM) azis: mau tanya gan
(01:58:10 PM) the_hydra: gettimeofday adalah fungsi meminta tanggal dan jam saat ini
(01:58:23 PM) azis: di browser itu kan ada banyak yg jalan tuh flashnya
(01:58:31 PM) the_hydra: itulah gan kenapa kalo agan jalanin flash, CPU nya jadi panas dan idlenya turun
(01:58:48 PM) azis: caranya kita tau klo itu flash yg ada di tab A, bukan di tab B
(01:58:53 PM) azis: gmn tuh gan
(01:59:09 PM) azis: atau semua flash itu menampilkan hal yg sama /
(01:59:10 PM) azis: ?
(01:59:23 PM) the_hydra: azis: bentar, checking
(01:59:24 PM) pplpwr2 left the room (quit: Ping timeout).
(02:00:24 PM) ***Dinda_Kirana ane koq gak jalan yah? gak sama kayak ente oM hydra? T_T
(02:00:39 PM) azis: nah, bisa jadi kan di 1 tab itu ada 2 flash yg jalan ? :d, atau ini kayaknya strace ke aplikasi strace nya aja yah, total gitu
(02:00:41 PM) dendenk: FF kayak na om Dinda_Kirana
(02:00:43 PM) the_hydra: ok, hasil check, kali ini dgn "ps -eF -L | grep flash" menunjukkan ada banyak thread yang menjalankan flash
(02:01:00 PM) kaiten [~kaiten@gigantic.r00t.la] entered the room.
(02:01:04 PM) Dinda_Kirana: @dendenk , ane bukan Om tapi Sist
(02:01:08 PM) the_hydra: azis: begini, setahuku firefox menggunakan system thread ala NPTL
(02:01:09 PM) azis: oooh, ngerti sekarang om :p
(02:01:18 PM) the_hydra: artinya mereka itu share memory space
(02:01:32 PM) the_hydra: itulah kenapa, di ff, jebot satu tab jebot semua
(02:01:38 PM) the_hydra: di chrome, agak beda
(02:01:44 PM) the_hydra: tiap tab itu satu process
(02:01:56 PM) the_hydra: makanya di chrome, jebot satu tab, kemungkinan tab lain masih selamet
(02:02:05 PM) Sword^Fish left the room (quit: Read error: Operation timed out).
(02:02:20 PM) the_hydra: jadi ini saya sekalian tunjukkin tadi salah satu kegunaan strace
(02:02:25 PM) the_hydra: untuk analisa perfomance
(02:02:30 PM) Sword^Fish [~SwordFish@125.166.213.53] entered the room.
(02:02:34 PM) kaiten is now known as Guest27229
(02:02:48 PM) Guest27229 is now known as K-159
(02:02:57 PM) the_hydra: tentunya ini baru sekilas2x, jadi break dulu.... saya perlu makan jg
(02:03:10 PM) Dinda_Kirana: T_T ane gak jalan...
(02:03:19 PM) K-159: silahkan minum dulu cak ;]
(02:03:26 PM) kandacong: sabar om x-ace
(02:03:33 PM) ***stanmarshx usap-usap Dinda_Kirana biar ndak sedih
(02:03:39 PM) dendenk: kayak #FF berlaku dimata kuliah ini
(02:03:39 PM) Dinda_Kirana: Ane Bukan X-ace, ane Sist
(02:03:41 PM) Dinda_Kirana: ...
(02:03:50 PM) dendenk: *kayaknya
(02:03:52 PM) azis: @K-159, nanti log nya di publish ya gan
(02:03:57 PM) Dinda_Kirana: FF itu apa?
(02:04:05 PM) dendenk: face factor
(02:04:10 PM) K-159: azis, saya gk ngelog neh
(02:04:16 PM) azis: dari saya gan
(02:04:17 PM) ***dendenk kaboer doeloe ach
(02:04:20 PM) Dinda_Kirana: Nonton Tipi Dah Di Sctv
(02:04:24 PM) Dinda_Kirana: Dinda_Kirana
(02:04:33 PM) kandacong: msh blom paham maksud dan tujuanx, baru separoh
(02:04:33 PM) the_hydra: yang perlu diinget, strace menyebabkan jalannya aplikasi jadi bbrp kali,kadang berpuluh kali jadi lambat
(02:04:38 PM) K-159: MBPnya di take over zizau
(02:04:53 PM) the_hydra: ini disebabkan intercept syscall itu sangat memakan waktu
(02:05:10 PM) the_hydra: ada semacam ping pong dari tracer ke yang di trace
(02:05:31 PM) Dinda_Kirana: Kesimpulan ane... sich yang ane dapet
(02:05:48 PM) Dinda_Kirana: Pertama : melihat syscall yang dilakukan suatu aplikasi
(02:06:04 PM) idonthavenickname: nah2, intercept syscall, gimana klo pembahasanya kesitu aja om
(02:06:09 PM) Dinda_Kirana: kedua : liat tahapan" proses dalam menjalan suatau aplikasi
(02:06:18 PM) Dinda_Kirana: udah itu ajah
(02:06:50 PM) the_hydra: ok, ini test caseuntuk dipikirkan
(02:07:05 PM) the_hydra: suatu aplikasi dimanipulasi untuk menjalankan suatu dll atau .so "asing"
(02:07:15 PM) the_hydra: dgn strace, gmn kira2x caranya taunya?
(02:07:18 PM) the_hydra: hayoooooooooooooo
(02:07:42 PM) ***Dinda_Kirana bingung!
(02:07:44 PM) idonthavenickname: yeap, seperti tulisan om dulu di salah satu ezine
(02:07:59 PM) the_hydra: intercept open
(02:08:06 PM) the_hydra: lebih baik lagi di log
(02:08:09 PM) idonthavenickname: ho oh
(02:08:14 PM) the_hydra: lalu grep semua nama file
(02:08:25 PM) the_hydra: kenapa ini kdang perlu strace
(02:08:26 PM) the_hydra: ?
(02:08:36 PM) the_hydra: karena tidak semua library di link langsung
(02:08:47 PM) the_hydra: itu lho yang langsung keliatan pake command "ldd"
(02:08:59 PM) the_hydra: ada yang di runtime pake dlopen()
(02:09:02 PM) the_hydra: man dlopen
(02:09:05 PM) JeJeN [~awaw@118.96.156.75] entered the room.
(02:09:25 PM) Dinda_Kirana left the room (quit: Read error: Connection reset by peer).
(02:09:51 PM) pplpwr2 [sj@ppp08.dialup.blackberry.st] entered the room.
(02:09:54 PM) the_hydra: ini jg asumsinya kernel anda belum digenjot ama cracker via rootkit
(02:10:07 PM) the_hydra: kalau di rootkit, boleh jadi ptrace nya udah dimanipulasi
(02:10:52 PM) Dinda_Kirana [~x-ace@114.6.11.34] entered the room.
(02:10:54 PM) the_hydra: untuk ltrace, fungsinya mirip, tp ini lebih high level : yg ditrace pemanggilan fungsi2x C
(02:11:04 PM) kandacong left the room (quit: Quit: Leaving).
(02:11:14 PM) ***Dinda_Kirana T_T inet putus ... ketinggalan dech
(02:11:58 PM) idonthavenickname: ptrace dimanipulasi? semacam anti debugging gitu om?
(02:12:09 PM) the_hydra: idonthavenickname: yoi
(02:12:34 PM) idonthavenickname: menarik
(02:12:36 PM) the_hydra: ya kira2x sama kalau dulu kita kenal teknik anti debugging
(02:12:43 PM) the_hydra: eh salah, anti disassemble
(02:13:41 PM) ***Dinda_Kirana slaps Celcius with a large smelly trout
(02:14:04 PM) the_hydra: strace biasanya dilibatkan pada proses yang disebut black box analysis
(02:14:14 PM) the_hydra: gitu kira2x kata experc
(02:14:16 PM) the_hydra: expert
(02:14:26 PM) ***the_hydra tunjuk kyai K-159
(02:14:51 PM) ***the_hydra lupa sungkem ke K-159
(02:14:59 PM) idonthavenickname: setahu saya salah satu konsep anti debugging adalah dengan memanipulasi ptrace agar mentrace diri sendiri, sehingga kalau dia ditrace lagi jadinya ga bisa
(02:15:05 PM) idonthavenickname: benar ga seh om?
(02:15:18 PM) the_hydra: idonthavenickname: seingat saya begitu
(02:16:19 PM) idonthavenickname: karena program hanya bisa di trace sekali dalam sekali waktu CMIIW
(02:16:43 PM) the_hydra: trik lain yg mungkin jarang dipake tp mirip strace, adalah pake Qemu yang mode user mode... ada parameter strace disana
(02:17:09 PM) the_hydra: nah kalau pake Qemu beda lagi, karena bukan ptrace yg dipake, tp langsung opcode decoding
(02:18:01 PM) ***Dinda_Kirana Gagal terus.... capek juga... nonton ajah dech... gak pake praktek T_T
(02:18:45 PM) the_hydra: Dinda_Kirana: sabar...
(02:18:51 PM) IRmanto [de7c9cf2@ircip1.mibbit.com] entered the room.
(02:18:54 PM) Sword^Fish left the room (quit: Quit: ).
(02:19:24 PM) ***Dinda_Kirana Iya Om, bikin Video TUtorial nya yah... biar ane bisa ulang"...
(02:19:33 PM) ***Dinda_Kirana thank's yah om
(02:19:58 PM) the_hydra: Dinda_Kirana: wah gak bisa janji, minimal log nya ini aja dulu dibaca ama artikel di ezine
(02:20:02 PM) the_hydra: Dinda_Kirana: gagal dmn nya?
(02:20:13 PM) Dinda_Kirana: kayak yang om kasih di paste bin
(02:20:16 PM) Guest67789 left the room (quit: Quit: Leaving).
(02:20:22 PM) Dinda_Kirana: strace -F -P PID
(02:20:29 PM) the_hydra: Dinda_Kirana: strace -f -p
(02:20:36 PM) the_hydra: huruf kecil
(02:20:36 PM) Dinda_Kirana: munculnya 1 baris beda sama yang punya om
(02:20:39 PM) Dinda_Kirana: iya
(02:20:40 PM) Dinda_Kirana: strace -f -p
(02:20:46 PM) the_hydra: kalau cuma beda 1 baris ya gpp
(02:20:55 PM) the_hydra: karena pasti akan ada beda
(02:21:08 PM) Dinda_Kirana: root@bt:~# ps -eF -L | grep flash
(02:21:08 PM) Dinda_Kirana: root 6743 5889 6743 0 1 514 516 0 14:20 pts/1 00:00:00 grep flash
(02:21:08 PM) Dinda_Kirana: root@bt:~# strace -f -p 6743
(02:21:08 PM) Dinda_Kirana: attach: ptrace(PTRACE_ATTACH, ...): No such process
(02:21:08 PM) Dinda_Kirana: root@bt:~#
(02:21:11 PM) Dinda_Kirana: ----
(02:21:19 PM) Dinda_Kirana: begitu bentuknya Om T_T
(02:21:21 PM) the_hydra: lho itu mah bukan flash
(02:21:25 PM) the_hydra: itu si grep nya
(02:21:26 PM) idonthavenickname: itu flashnya ga ada om
(02:21:32 PM) Dinda_Kirana: Owh Iya
(02:21:42 PM) Dinda_Kirana: 00:00:00 grep flash
(02:21:47 PM) Dinda_Kirana: terus gimana dunkz Om
(02:21:48 PM) the_hydra: nah kan ane dah bilang, coba browse ke yang ada flashnya dulu
(02:21:55 PM) the_hydra: nah ente browse kemana?
(02:21:57 PM) Dinda_Kirana: ane buka speedtest.net
(02:22:01 PM) Dinda_Kirana: ikutin ente Om
(02:22:02 PM) ami [~ami@110.137.139.136] entered the room.
(02:22:05 PM) thij3e [~syufii@202.152.243.184] entered the room.
(02:22:22 PM) pplpwr2: ps: illegal option -- F
(02:22:22 PM) pplpwr2: usage: ps [-AaCcEefhjlMmrSTvwXx] [-O fmt | -o fmt] [-G gid[,gid...]]
(02:22:22 PM) pplpwr2: [-g grp[,grp...]] [-u [uid,uid...]]
(02:22:22 PM) pplpwr2: [-p pid[,pid...]] [-t tty[,tty...]] [-U user[,user...]]
(02:22:23 PM) pplpwr2: ps [-L]
(02:22:25 PM) the_hydra: Dinda_Kirana: nah ente dah install flash plugin blom sebelumnya?
(02:22:26 PM) pplpwr2: sh-3.2#
(02:22:31 PM) gogo [~nnscript@118.96.157.95] entered the room.
(02:22:31 PM) pplpwr2: sh-3.2# ps -eF -L | grep flash
(02:22:34 PM) the_hydra: pplpwr2: ps auxww bisa jg
(02:22:39 PM) pplpwr2: ok
(02:22:49 PM) the_hydra: Dinda_Kirana: atau ente pake gnash?
(02:22:53 PM) Dinda_Kirana: cara ngecek dah di install flash pluginnya gimana?
(02:23:02 PM) the_hydra: Dinda_Kirana: soalnya sama2x flash plugin jg
(02:23:10 PM) Dinda_Kirana: soalnya ane pake browser bawaan backtrack firefox
(02:23:13 PM) ami: izin nyimak ya
(02:23:16 PM) ami is now known as Guest83296
(02:23:18 PM) Dinda_Kirana: buka speedtest.net bisa
(02:23:21 PM) the_hydra: Dinda_Kirana: dpkg -l | grep -i flash
(02:23:27 PM) the_hydra: lupa gw, -l atau -L
(02:23:30 PM) the_hydra: coba dua duanya
(02:23:38 PM) Guest83296: kq berubah id saya
(02:24:05 PM) Dinda_Kirana: root@bt:~# dpkg -l | grep -i flash
(02:24:05 PM) Dinda_Kirana: ii flashplugin-nonfree 10.0.22.87ubuntu1~intrepid1 Adobe Flash Player plugin installer
(02:24:05 PM) Dinda_Kirana: ii flasm 1.62-bt0 assembler & disassembler of Flash ActionScript bytecode
(02:24:19 PM) the_hydra: nah tuh ada
(02:24:24 PM) Dinda_Kirana: iya
(02:24:24 PM) Guest83296 is now known as amii
(02:24:31 PM) Dinda_Kirana: koq gak ada di PS yah?
(02:24:59 PM) the_hydra: Dinda_Kirana: atau mungkin dia bukan jalan sebagai program terpisah
(02:25:21 PM) Dinda_Kirana: solusinya gimana nich Om? apa yang mesti aku lakuin?
(02:25:24 PM) the_hydra: Dinda_Kirana: coba cari dulu PID firefox
(02:25:35 PM) the_hydra: Dinda_Kirana: contoh: pgrep firefox
(02:26:02 PM) Dinda_Kirana: root@bt:~# pgrep firefox
(02:26:02 PM) Dinda_Kirana: 6122
(02:26:04 PM) the_hydra: Dinda_Kirana: lalu angka yang didapat, digunakan buat cek ke /proc
(02:26:14 PM) the_hydra: Dinda_Kirana: persisnya : cat /proc/6122/maps
(02:26:15 PM) Dinda_Kirana: gimana caranya om?
(02:26:38 PM) Dinda_Kirana: udah Om
(02:26:39 PM) the_hydra: ente lihat library apa aja disana?
(02:26:40 PM) Dinda_Kirana: terus?
(02:26:56 PM) Dinda_Kirana: banyak OM
(02:27:14 PM) amii: guna hydra tu ap om?
(02:27:23 PM) Dinda_Kirana: aeef2000-af85f000 r-xp 00000000 08:01 187313 /usr/lib/flashplugin-nonfree/libflashplayer.so
(02:27:23 PM) Dinda_Kirana: af85f000-af892000 rw-p 0096c000 08:01 187313 /usr/lib/flashplugin-nonfree/libflashplayer.so
(02:27:31 PM) Dinda_Kirana: itu yang salah satu ane temuin!
(02:28:01 PM) thij3e: om klo tny tntng resolusi bisa???
(02:28:30 PM) the_hydra: Dinda_Kirana: ok, berarti mungkin di setting ente, flash langsung dijalankan dalam firefox
(02:28:42 PM) ***Dinda_Kirana T_T tolong jangan disela, tanyanya antri sama expert...
(02:28:42 PM) the_hydra: Dinda_Kirana: kalau gitu, strace aja langsung si firefox
(02:28:54 PM) Dinda_Kirana: okay
(02:28:57 PM) amii: umh
(02:29:01 PM) the_hydra: amii: anu nak, itu semacam hidran air ya?
(02:29:08 PM) amii: hahaha
(02:29:11 PM) amii: om bisa aja
(02:29:16 PM) Dinda_Kirana: gak berhenti Om
(02:29:23 PM) the_hydra: thij3e: resolusi nopo? resolusi kawin?
(02:29:24 PM) ***stanmarshx cubit cubit pipi amii
(02:29:55 PM) the_hydra: Dinda_Kirana: pencet ctrl-c dong
(02:30:06 PM) Dinda_Kirana: iya Om udah baru ajah
(02:30:08 PM) Dinda_Kirana: thank's Om
(02:30:15 PM) amii: wah pipi saya dicubit2
(02:30:33 PM) azis: http://www.afternet.org/help/irc/modes
(02:30:34 PM) pplpwr2: ih amii cewe ya
(02:30:35 PM) thij3e: bkn om...
(02:30:35 PM) thij3e: resolusi ubuntu ane gde banget...
(02:30:35 PM) thij3e: pdhal driver'a dh d instal dgn byk..
(02:30:35 PM) thij3e: terbkti dgn smw efect compiz bisa di jlnkan dgn byk..
(02:31:03 PM) thij3e: ane pke ubuntu lucid lynx
(02:31:05 PM) ***Dinda_Kirana OOT?
(02:31:08 PM) the_hydra: thij3e: maaf, biar gak OOT, tolong setelah sesi ini aja atau bisa ke channel lain...
(02:31:09 PM) amii: saya cow kk
(02:31:38 PM) the_hydra: thij3e: hint "man xrandr"
(02:31:58 PM) stanmarshx: om lanjut om strace ptracenya
(02:32:10 PM) the_hydra: stanmarshx: sik cak, nguntal iwak disik
(02:32:36 PM) ***the_hydra seret aku mangan iwak karo ditakoni sak ndayak
(02:32:36 PM) IRmanto left the room (quit: Quit: http://www.mibbit.com ajax IRC Client).
(02:33:10 PM) amii: tes
(02:33:18 PM) ***Dinda_Kirana minum jus sirsak... sisa nyokap
(02:33:29 PM) ***Dinda_Kirana hari ini gw makan minuman sisa.. males beli makan...
(02:33:53 PM) pplpwr2: mas mul ini udah sesi tanya jawab belum
(02:34:09 PM) the_hydra: pplpwr2: wis langsung wae Q&A
(02:34:13 PM) Dinda_Kirana: Om lanjut Strace dan Ptrace
(02:34:23 PM) nyubee left the room.
(02:34:25 PM) Dinda_Kirana: gimana mengetahui program yang meload library asing
(02:34:44 PM) the_hydra: Dinda_Kirana: coba perhatikan soal "-e open" diatas
(02:35:05 PM) the_hydra: Dinda_Kirana: kuncinya adalah mengawasi open() ke file yang tidak lumrah
(02:35:52 PM) Dinda_Kirana: open("/etc/ld.so.cache", O_RDONLY) = 3
(02:35:52 PM) Dinda_Kirana: open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = 3
(02:35:54 PM) Dinda_Kirana: seep
(02:36:15 PM) Dinda_Kirana: tadikan udah dijalasin kalo -1 berarti false
(02:36:19 PM) Dinda_Kirana: kalo 3 apa Om?
(02:36:40 PM) the_hydra: nilai diatas nol berarti file sukses ditemukan
(02:36:41 PM) the_hydra: dan dibuka
(02:36:51 PM) the_hydra: angka nya adalah nomer file descriptor
(02:36:52 PM) Dinda_Kirana: seep
(02:37:04 PM) Dinda_Kirana: maksudnya nomor file descriptor apa om?
(02:37:05 PM) the_hydra: 0 udah di paten ama stdin, 1 stdout, 2 stderr
(02:37:33 PM) ***the_hydra buat juragan2x yang paranoid pas browsing: http://theinvisiblethings.blogspot.com/ ... eased.html
(02:37:59 PM) ***the_hydra kerja di dalam virtual machine ala domU Xen
(02:38:47 PM) Dinda_Kirana: Seep Om
(02:39:04 PM) Dinda_Kirana: thank's banget buat sharing ilmunya
(02:39:10 PM) the_hydra: ok ok
(02:39:15 PM) Dinda_Kirana: terakhir
(02:39:18 PM) Dinda_Kirana: ane mau tanya
(02:39:35 PM) Dinda_Kirana: apa sich kegunaan strace ltrace apa reallife or realworld!
(02:39:38 PM) Dinda_Kirana: dalam kerjaan
(02:39:42 PM) Dinda_Kirana: atau dalam kehidupan sehari"
(02:39:49 PM) Dinda_Kirana: ?
(02:39:58 PM) the_hydra: salah satunya trouble shooting
(02:40:07 PM) Dinda_Kirana: troubleshooting seperti apa?
(02:40:13 PM) the_hydra: dulu ana pernah bantu bug fixing suatu program
(02:40:22 PM) the_hydra: yang tanpa sengaja melakukan busy looping
(02:40:29 PM) the_hydra: itu awalnya gak ketahuan
(02:40:32 PM) the_hydra: jadi urutannya
(02:40:35 PM) the_hydra: pake top
(02:40:37 PM) the_hydra: sorting CPU
(02:40:44 PM) the_hydra: ketemu cpu hogger
(02:40:48 PM) the_hydra: lalu strace-ing
(02:40:58 PM) the_hydra: pake opsi -C biar langsung dapet statistiknya
(02:41:14 PM) the_hydra: langsung menunjuk ke syscall read(0...)
(02:41:59 PM) the_hydra: tp karena ana ingin bagi2x kerjaan, anabiarkan si programmer debugging sendiri
(02:42:01 PM) the_hydra: whhahahahahahah
(02:42:13 PM) Dinda_Kirana left the room (quit: Client closed connection).
(02:42:24 PM) pplpwr2: sing takon malah dc
(02:42:35 PM) the_hydra: pplpwr2: dicantoli ptrace
(02:42:42 PM) K-159: hahaha
(02:43:15 PM) the_hydra: pplpwr2: irc client-e buffer overflow
(02:43:25 PM) the_hydra: pplpwr2: kakehan nge log, gak nampung buffer-e
(02:43:28 PM) the_hydra: EIP kelindes
(02:43:45 PM) the_hydra: ret2doom
(02:43:46 PM) the_hydra: whhahahahahahha
(02:43:52 PM) Dinda_Kirana [~x-ace@114.6.11.34] entered the room.
(02:43:54 PM) Dinda_Kirana left the room (quit: Quit: HydraIRC -> http://www.hydrairc.com <- *I* use it, so it must be good!).
(02:44:02 PM) pplpwr2: wah ini saya musti ke mojokerto masuk pesantren biar belajar ilmu laduni
(02:44:13 PM) pplpwr2: nanati saya disana minta belajar bahasa assembler
(02:44:18 PM) pplpwr2: hahaha
(02:44:28 PM) Dinda_Kirana [~x-ace@114.6.11.34] entered the room.
(02:44:49 PM) the_hydra: Dinda_Kirana: gmn gan, dapet msg terakhir saya?
(02:44:59 PM) the_hydra: Dinda_Kirana: ana udah kuatir ente di buf overflow
(02:45:08 PM) Dinda_Kirana: hehehe
(02:45:15 PM) Dinda_Kirana: kena ROP
(02:45:21 PM) stanmarshx:
(02:45:25 PM) the_hydra: coba gan nyalain tcpdump
(02:45:26 PM) ***Dinda_Kirana Lirik *CyberHeb*
(02:45:34 PM) the_hydra: siapa tau ana dikirimin FIN packet seabreg
(02:45:42 PM) Dinda_Kirana: Hihih
(02:45:52 PM) Dinda_Kirana: bentar
(02:45:57 PM) Dinda_Kirana: ane masih belum kebayang
(02:45:59 PM) ^rumput_kering^ [~adi@125.163.174.116] entered the room.
(02:46:01 PM) Dinda_Kirana: Pake Top
(02:46:02 PM) ^rumput_kering^: assalamualaikum
(02:46:04 PM) ^rumput_kering^:
(02:46:05 PM) Dinda_Kirana: sorting CPU
(02:46:10 PM) ^rumput_kering^: ijin nyimak
(02:46:10 PM) Dinda_Kirana: ketemu CPU hogger
(02:46:13 PM) Dinda_Kirana: lalu Strace-ing
(02:46:20 PM) Dinda_Kirana: pake opsi -C
(02:46:27 PM) Dinda_Kirana: langsung menunjuk ke syscall read
(02:46:46 PM) Dinda_Kirana: maksudnya TOP apa om?
(02:47:13 PM) pplpwr2: ketik aja top coba mas budi
(02:47:23 PM) pplpwr2: liat apa yang terjadi
(02:47:26 PM) pplpwr2: ada animasi gerak2
(02:47:53 PM) Dinda_Kirana: ane Sist gan
(02:47:59 PM) Dinda_Kirana: udah
(02:48:32 PM) the_hydra: Dinda_Kirana: tool "top" gan
(02:48:46 PM) Dinda_Kirana: iya
(02:48:47 PM) Dinda_Kirana: udah
(02:48:50 PM) the_hydra: Dinda_Kirana: biasanya ente pake apa kalo monitoring? zabbix?
(02:48:50 PM) Dinda_Kirana: kayak ps X
(02:48:59 PM) Dinda_Kirana: task manager
(02:49:04 PM) the_hydra: Dinda_Kirana: iya, tp ini kontinyu
(02:49:06 PM) ***Dinda_Kirana Windows Users...
(02:49:16 PM) ***Dinda_Kirana maklum kantor mewajibkan pake windows
(02:49:16 PM) the_hydra: Dinda_Kirana: bisa jg kalau mau rada bagusan, pake htop
(02:49:20 PM) the_hydra: Dinda_Kirana: atau dstat
(02:49:28 PM) Dinda_Kirana: okay
(02:49:33 PM) Dinda_Kirana: ada Om TOP di backtrack
(02:49:47 PM) Dinda_Kirana: terus?
(02:49:48 PM) the_hydra: Dinda_Kirana: kayaknya semua distro pasti ada
(02:50:00 PM) the_hydra: Dinda_Kirana: lha ya udah, silahkan itu ente simak statistik nya
(02:50:11 PM) the_hydra: Dinda_Kirana: by default udah sort by CPU utilization
(02:50:25 PM) the_hydra: secara descending
(02:50:25 PM) Dinda_Kirana: ya
(02:50:26 PM) Dinda_Kirana: yap
(02:50:30 PM) Dinda_Kirana: bener Om
(02:50:36 PM) the_hydra: gitu gan
(02:50:45 PM) Dinda_Kirana: CPU Hooger
(02:50:48 PM) Dinda_Kirana: maksudnya itu apa?
(02:50:58 PM) the_hydra: anu gan, artinya rakus CPU
(02:51:17 PM) Dinda_Kirana: koq bisa langsung menunjuk syscal read
(02:51:21 PM) Dinda_Kirana: padahal kan yang keluar banyak
(02:51:22 PM) Dinda_Kirana: om
(02:51:28 PM) the_hydra: pake -strace C
(02:51:48 PM) the_hydra: coba dah ente coba, misal "strace -C -p <pid nya firefox tadi>
(02:51:57 PM) the_hydra: nanti akan kayak diem
(02:52:03 PM) the_hydra: itu lagi itung statistik
(02:52:06 PM) the_hydra: terus Ctrl-C:D
(02:52:10 PM) the_hydra: Ctrl-C
(02:52:24 PM) the_hydra: nah akan keluar persentase dri tiap2x syscall yang dijalanin
(02:52:27 PM) ret [~user@118.97.162.11] entered the room.
(02:52:51 PM) Dinda_Kirana: strace: invalid option -- 'C'
(02:52:51 PM) Dinda_Kirana: usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file]
(02:52:51 PM) Dinda_Kirana: [-p pid] ... [-s strsize] [-u username] [-E var=val] ...
(02:52:54 PM) the_hydra: eh salah, -c
(02:52:55 PM) the_hydra: whhahahahah
(02:53:31 PM) stanmarshx: om ane nanya dong, agak OOT dikit. soal yang tadi fixing busy looping
(02:53:43 PM) ret left the room.
(02:54:07 PM) the_hydra: stanmarshx: ?
(02:54:12 PM) stanmarshx: khan kalo busy looping itu misalnya pake visualisasi jadi gini yak
(02:54:28 PM) Dinda_Kirana: root@bt:~# strace -c -p 6122
(02:54:28 PM) Dinda_Kirana: Process 6122 attached - interrupt to quit
(02:54:28 PM) Dinda_Kirana: ^CProcess 6122 detached
(02:54:29 PM) Dinda_Kirana: % time seconds usecs/call calls errors syscall
(02:54:29 PM) Dinda_Kirana: ------ ----------- ----------- --------- --------- ----------------
(02:54:29 PM) Dinda_Kirana: 99.23 0.003333 1 3137 poll
(02:54:29 PM) stanmarshx: | type | len | data | type | len | data | type | len | data |
(02:54:38 PM) Dinda_Kirana: Wowow
(02:54:54 PM) the_hydra: Dinda_Kirana: man poll
(02:54:58 PM) stanmarshx: eaaaa satu2 dulu aja dah
(02:55:46 PM) Dinda_Kirana: wait event
(02:55:47 PM) the_hydra: Dinda_Kirana: itulah gan kerjaan firefox anda kalauidle, nge poll()
(02:55:49 PM) Dinda_Kirana: on I/O
(02:56:02 PM) the_hydra: Dinda_Kirana: persisnya sih, flash anda
(02:56:14 PM) Dinda_Kirana: kenapa dengan flash saya om?
(02:56:36 PM) the_hydra: flash melakukan polling input, yg lebih parah lagi ngecek time setiap saat
(02:56:57 PM) the_hydra: Dinda_Kirana: juragan sering mrogram kan?
(02:57:16 PM) the_hydra: Dinda_Kirana: kalau agan nunggu input keyboard,itu gmn biasanya?
(02:57:19 PM) the_hydra: looping?
(02:57:29 PM) the_hydra: apa pake getchar()?
(02:57:38 PM) _4G_ [6e88eda6@ircip2.mibbit.com] entered the room.
(02:57:42 PM) Dinda_Kirana: nunggu input...
(02:57:54 PM) ***the_hydra nape gue jadi nyasarkuliah OS ya?
(02:57:58 PM) Dinda_Kirana: nunggu neken apa
(02:58:06 PM) _4G_ left the room.
(02:58:11 PM) Dinda_Kirana: misal nya kayak "enter" = 13
(02:58:16 PM) _4G_ [6e88eda6@ircip2.mibbit.com] entered the room.
(02:58:23 PM) the_hydra: Dinda_Kirana: nah selama nunggu, kira2x CPU ngapain gan?
(02:58:33 PM) the_hydra: Dinda_Kirana: idle?
(02:58:34 PM) Dinda_Kirana: Idle...
(02:58:36 PM) the_hydra: apa ngecek terus?
(02:58:40 PM) Dinda_Kirana: Idle
(02:58:44 PM) the_hydra: ok
(02:58:52 PM) the_hydra: skrg skenario laen gan
(02:59:00 PM) the_hydra: agan pake gigabit ethernet skrg?
(02:59:02 PM) Dinda_Kirana: siap Om?
(02:59:10 PM) Dinda_Kirana: On windows IA om
(02:59:12 PM) the_hydra: atau sukur2x 10 Gigabit ethernet?
(02:59:40 PM) the_hydra: agan tau kan, bisa memperkirakanlah, rate 1 gigabit itu secepet apa kan?
(03:00:00 PM) the_hydra: itu kira2x sama kayak orang ngetik keyboard kayak The Flash
(03:00:25 PM) the_hydra: kira2x gan, kalau pake getchar(), program ente bisa nyamain kecepatan tuh orang ngetik gak?
(03:00:33 PM) amii: weh udah jauj
(03:00:38 PM) amii: weh udah jauh
(03:00:41 PM) the_hydra: jauh kan?
(03:00:45 PM) Dinda_Kirana: iyap
(03:00:49 PM) Dinda_Kirana: kayak pesbuk
(03:00:53 PM) Dinda_Kirana: mau input search
(03:00:55 PM) the_hydra: nah, kadang di saat begitu, satu satunya cara di poll
(03:00:59 PM) the_hydra: jadi dipantengin terus
(03:01:01 PM) Dinda_Kirana: anek dah ketik pake the flash
(03:01:05 PM) Dinda_Kirana: terus responnya lama
(03:01:17 PM) the_hydra: cuma kadang ada programmer salah kaprah
(03:01:18 PM) Dinda_Kirana: baru muncul..
(03:01:25 PM) the_hydra: mestinya poll jadi select()
(03:01:31 PM) the_hydra: mestinya select() jadi poll()
(03:01:48 PM) Dinda_Kirana: select() maksudnya select disini apa om?
(03:01:58 PM) the_hydra: select()itu adalah fondasi getchar()
(03:02:01 PM) the_hydra: man select
(03:02:23 PM) the_hydra: bahasa teknisnya: blocking operation
(03:02:30 PM) the_hydra: lawannya namanya non blocking
(03:02:42 PM) Dinda_Kirana: seep
(03:02:53 PM) the_hydra: kira2x kalo di filesystem, kayak sync versus async gan
(03:02:57 PM) Dinda_Kirana: jadi Poolnya di block gitu
(03:02:58 PM) the_hydra: pernah pake kan gan?
(03:03:05 PM) Dinda_Kirana: sync ?
(03:03:09 PM) Dinda_Kirana: ane pernah coba
(03:03:09 PM) the_hydra: man mount
(03:03:15 PM) K-159: Dinda_Kirana> ane Sist gan <--- nggak nyangka si budi transgender juga
(03:03:19 PM) the_hydra: bukan command
(03:03:23 PM) _4G_: ga jauh kook cuma di depan monitor..
(03:03:25 PM) drubicza [~dru@114.58.45.239] entered the room.
(03:03:29 PM) the_hydra: itu mount option gan
(03:03:57 PM) the_hydra: gpp gak langsung ngerti, biar gak OOT kemana2x
(03:04:01 PM) ***Dinda_Kirana Hehhee... kan nicknya dinda_kirana
(03:04:06 PM) _4G_ left the room.
(03:04:09 PM) Dinda_Kirana: awh
(03:04:24 PM) Dinda_Kirana: mount
(03:04:30 PM) Dinda_Kirana: yang biasanya
(03:04:38 PM) Dinda_Kirana: pasang kayak gini yah om
(03:04:46 PM) Dinda_Kirana: mount /dev/sda1 /mnt/bk
(03:04:49 PM) Dinda_Kirana: begitu?
(03:04:51 PM) the_hydra: iyegan
(03:05:02 PM) amii: nyimak terus
(03:05:10 PM) the_hydra: lagian ente jg biasanya nge "mount" kan gan?
(03:05:22 PM) the_hydra: biasnaya di mount
(03:05:27 PM) the_hydra: apa me mounting?
(03:05:28 PM) Dinda_Kirana: iya
(03:05:29 PM) the_hydra: whhahahahahahhahahaha
(03:05:33 PM) Dinda_Kirana: ane biasanya mount
(03:05:38 PM) Dinda_Kirana: buat masukin flashdisk
(03:05:39 PM) the_hydra: oh gitu ya gan
(03:05:49 PM) Dinda_Kirana: mount /dev/sdb1 /mnt/fd
(03:05:51 PM) Dinda_Kirana: begitu
(03:05:53 PM) wiwiecks [~wiwiecks@114.79.21.82] entered the room.
(03:05:55 PM) the_hydra: coba gan sekali2x ganti yang di mount, enak lho gan
(03:05:58 PM) the_hydra: whhahahahahhahahahahhahahahahhahahahahhaha
(03:06:03 PM) Dinda_Kirana: gimana?
(03:06:08 PM) Dinda_Kirana: ini kan di linux
(03:06:09 PM) Dinda_Kirana: ...
(03:06:13 PM) the_hydra: Dinda_Kirana: wah ra nyambung berarti iki
(03:06:19 PM) stanmarshx: behahahahahahaha =))
(03:06:25 PM) NazgvL: XD
(03:06:33 PM) AddictedChatter [~AddictedC@114.79.17.82] entered the room.
(03:06:37 PM) the_hydra: ok lawakan gagal, next
(03:06:38 PM) the_hydra: whhahahahha
(03:06:46 PM) Dinda_Kirana: nah
(03:06:52 PM) Dinda_Kirana: ane
(03:06:55 PM) AddictedChatter left the room (quit: Client closed connection).
(03:06:56 PM) Dinda_Kirana: pernah denger
(03:07:03 PM) Dinda_Kirana: exploit kernel ptrace
(03:07:08 PM) wiwiecks left the room (quit: Quit: ).
(03:07:14 PM) Dinda_Kirana: apa ada hubungannya sama yang kita bahas ini Om?
(03:07:49 PM) the_hydra: Dinda_Kirana: gak terlalu berhubungan sih
(03:07:51 PM) pplpwr2: nah
(03:08:00 PM) wiwiecks [~wiwiecks@114.79.17.82] entered the room.
(03:08:19 PM) Dinda_Kirana: kan tadi bilangnya gak terlalu berhubungan, pasti ada hubungannya sedikit... apa sech om.. ?
(03:08:25 PM) amii: cara exploit web orang gmn ya?
(03:08:29 PM) amii: pngen tau ni
(03:08:30 PM) amii: hhehe
(03:08:59 PM) ***Dinda_Kirana Okay sambil nunggu jawaban OM Hydra Ane mau buang ayam Mati dulu ke kali!
(03:09:13 PM) amii: *wew
(03:09:17 PM) the_hydra: Dinda_Kirana: kalaugak salah, tuh exploit memanfaatkan suatu kelemahan di ptrace
(03:09:36 PM) the_hydra: Dinda_Kirana: jadi secara gak langsung jg menunjukkan, bahwa ptrace itu jg bisa diakali
(03:09:48 PM) wiwiecks left the room (quit: Client closed connection).
(03:09:50 PM) the_hydra: Dinda_Kirana: artinya, strace pun bisa jadi gak reliable outputnya
(03:10:01 PM) the_hydra: Dinda_Kirana: perhatikan jg, gdb itu jg make ptrace
(03:10:24 PM) the_hydra: Dinda_Kirana: tapi dia digabung ama bbrp teknis assembly analysis
(03:10:37 PM) wiwiecks [~wiwiecks@114.79.21.82] entered the room.
(03:11:40 PM) amii: om hydra
(03:11:44 PM) amii: saya mau tnya ni
(03:12:07 PM) amii: kq laptop saya gx bisa diinstall BT4
(03:12:10 PM) amii: ??
(03:13:08 PM) wiwiecks: amii--> kalo boleh tau g bisanya kayak gimana ?
(03:13:11 PM) the_hydra: amii: wah lah itu message nya gmn ?
(03:14:21 PM) amii: pas udah startx
(03:15:23 PM) amii: lngsung ad tlisan fatal screen found klo dag slah
(03:15:23 PM) amii: lptop saya acer aop532h
(03:15:23 PM) amii: gmn solusinya?
(03:15:41 PM) the_hydra: xorgconf
(03:15:51 PM) gogo left the room (quit: Read error: Connection reset by peer).
(03:15:53 PM) the_hydra: ada kok hint nya
(03:16:46 PM) bot_tol: coba fixvesa
(03:18:57 PM) catapost left the room (quit: Read error: Connection reset by peer).
(03:18:58 PM) gogo [~nnscript@118.96.157.95] entered the room.
(03:19:00 PM) Xadpritox [~xadpritox@118.96.14.148] entered the room.
(03:19:02 PM) gogo left the room (quit: K-banned: AUTO Hosts listed in mbl.cymru.com are not allowed to use this server. (2011/04/23 08.19)).
(03:19:15 PM) Xadpritox: halo ..........
(03:19:28 PM) Xadpritox: Assalamu'alaikum ... Rame aja pada kumpul disini
(03:19:40 PM) wiwiecks: wa'alaikumsalam..
(03:20:34 PM) Dinda_Kirana: maap om baru bales, soalnya abis buang ayam jago mati.. ke kali
(03:20:36 PM) stanmarshx left the room (quit: K-banned: [exp/comp] Compromised host on this IP. See http://kline.dal.net/proxy/proxyinfo.ph ... .96.157.95 for more information. (2011/04/23 08.20)).
(03:20:38 PM) Dinda_Kirana: seep
(03:20:39 PM) Dinda_Kirana: keren
(03:20:48 PM) ^rumput_kering^ left the room (quit: Quit: Leaving).
(03:21:08 PM) Xadpritox: wah seru nih rame
(03:21:27 PM) NazgvL: Timeout nih
(03:21:49 PM) Dinda_Kirana: OM
(03:21:52 PM) Dinda_Kirana: Hydra
(03:22:16 PM) ***Dinda_Kirana Temen" koq pada OOT yah? ada lagi ndak nich nanya soal ptrace dan strace
(03:22:49 PM) ***Dinda_Kirana breaks out the slapping rod and looks sternly at the_hydra
(03:23:04 PM) dudulz left the room (quit: Quit: byee.. ).
(03:23:30 PM) bot_tol left the room (quit: Quit: menanti log aja deh byee... ).
(03:23:47 PM) the_hydra: ok saya rasa sekian dulu presentasi saya, mohon maaf atas segala kekurangan dalam penyampaian, semoga bermanfaat
(03:23:54 PM) stanmarshx [76609d5f@ircip2.mibbit.com] entered the room.
(03:24:26 PM) amii left the room (quit: Read error: Operation timed out).
(03:24:29 PM) wiwiecks: Telat masuk sebenernya saya...tapi gpp lah...
(03:24:31 PM) Dinda_Kirana: seep
(03:24:32 PM) Dinda_Kirana: om
(03:24:39 PM) Dinda_Kirana: thank's yah Om
(03:24:42 PM) Dinda_Kirana: berhubung
(03:24:44 PM) Dinda_Kirana: udah selesai
(03:24:45 PM) the_hydra: oke
(03:24:52 PM) Dinda_Kirana: ane minta wajengan nich
(03:24:58 PM) Dinda_Kirana: boleh ndak?
(03:25:05 PM) the_hydra: ok
(03:25:07 PM) wiwiecks: wajengan apaan yak?
(03:25:52 PM) stanmarshx: wejangan jarjit
(03:25:58 PM) Dinda_Kirana left the room (quit: Client closed connection).
(03:26:02 PM) meriang [~hampa@119.110.83.10] entered the room.
(03:26:18 PM) pplpwr2: si budi ngaco gini, adiknya K-159
(03:26:33 PM) pplpwr2 left the room (quit: Quit: This computer has gone to sleep).
(03:27:02 PM) wiwiecks left the room (quit: Quit: ).
(03:27:32 PM) drubicza left the room.
(03:27:45 PM) ***the_hydra presentasi tadi disponsori oleh teh botol sosro...apapun hackingnya, minumnya tetap teh botol sosro
(03:27:51 PM) stanmarshx: =))
(03:28:59 PM) areeff: bisa aja.. thx om hydra tutornya
(03:29:15 PM) the_hydra: sama2x
(03:29:16 PM) Xadpritox: btw tutor apa tadi ? terlambat masuk nih. Kasih tau judulnya aja
(03:29:28 PM) the_hydra: Xadpritox: soal strace dan ltrace
(03:29:34 PM) the_hydra: Xadpritox: untuk tracing program
(03:30:09 PM) dendenk left the room (quit: Ping timeout).
(03:30:31 PM) Dinda_Kirana [~x-ace@114.6.11.34] entered the room.
(03:30:38 PM) Dinda_Kirana: wah
(03:30:39 PM) adiliciouz[aFk] left the room (quit: Read error: Operation timed out).
(03:30:40 PM) Dinda_Kirana: putus lagi
(03:30:49 PM) Dinda_Kirana: Om hydra masih ada ndak? yah?
(03:30:57 PM) Dinda_Kirana: OM?
(03:31:00 PM) Xadpritox: the_hydra : bahasan tracing programnya tadi bahas sampe mana ? ane mau tanya dong ...
(03:31:15 PM) ***Dinda_Kirana gives the_hydra a hearty slap
(03:31:40 PM) thij3e left the room (quit: Ping timeout).
(03:31:44 PM) JeJeN left the room (quit: Quit: This computer has gone to sleep).
(03:31:58 PM) areeff: exit
(03:32:08 PM) areeff left the room (quit: Quit: ).
(03:32:10 PM) Dinda_Kirana: wogh
(03:33:07 PM) Dinda_Kirana: he is pass away
(03:33:13 PM) Dinda_Kirana: yaw dech gw off
(03:33:17 PM) Dinda_Kirana: nanti nyambung lagi dech Om
(03:33:24 PM) Xadpritox: wah .. pada kabur
(03:33:30 PM) the_hydra left the room (quit: Read error: Operation timed out).
(03:34:27 PM) stanmarshx left the room (quit: Quit: http://www.mibbit.com ajax IRC Client).
(03:34:35 PM) Dinda_Kirana left the room (quit: Quit: HydraIRC -> http://www.hydrairc.com <- Nine out of ten l33t h4x0rz prefer it).
(03:35:06 PM) adiliciouz[aFk] [admin@speeduponline.com] entered the room.
(03:36:15 PM) Xadpritox: Mulyadi Santosa Was Quit
(03:36:28 PM) the_hydra [~mulyadi@110.138.145.185] entered the room.
(03:36:29 PM) dendenk [~sendhenk@114.79.62.65] entered the room.
(03:36:47 PM) Xadpritox: Mulyadi Santosa Was Joined #e-c-h-o
(03:40:29 PM) Xadpritox: the_hydra : ane mau tanya, gini ... ane mau mengamankan linux dari serangan buffer overflow. nah kebetulan ada distro yang ane coba tapi belum tembus. Errornya begini "Program received signal SIGSEGV, Segmentation fault. 0x0804840d in main (argc=Cannot access memory at address 0x41414149" nah ... aye udah merubah kernel randomize_va_space menjadi 0 tetep aja ngga bisa.
(03:40:29 PM) Xadpritox: Kernel exec-shield nya sudah disable
(03:40:29 PM) Xadpritox: Kernel exec-shield-randomize nya sudah disable
(03:40:52 PM) Xadpritox: pertanyaanya : itu sudah kuat apa belum ? kalo sudah kuat, ya syukur
(03:41:09 PM) Xadpritox: apa ada metode lain untuk block bof ?
(03:44:00 PM) Xadpritox left the room.
(03:44:59 PM) uhuy: alo2
(03:45:01 PM) uhuy: dah bais ya
(03:45:16 PM) Cyberheb: basi lo uhuy
(03:45:18 PM) Cyberheb: )
(03:45:28 PM) ***Cyberheb juga ketiduran
(03:45:44 PM) K-159: hahaha
(03:45:51 PM) ***K-159 td hbs jalan2
(03:45:51 PM) uhuy: beuh

[16KH]

kapan lagi ni ada class online echo lagi?....

[wh1t3]

waow...biar ane kelewatan, didokumentasikan juga ternyata

[amigame]

ty